From cfb8f3c07ffd86ae3cbba1ee2d2da6a60899bbb2 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 21 Jul 2023 08:54:38 +0200 Subject: [PATCH 01/32] chore: linting in console (#6243) chore: linting in console --- console/src/app/app.module.ts | 2 +- console/src/assets/i18n/de.json | 2 +- console/src/assets/i18n/en.json | 2 +- console/src/assets/i18n/es.json | 2 +- console/src/assets/i18n/fr.json | 2 +- console/src/assets/i18n/it.json | 2 +- console/src/assets/i18n/ja.json | 2 +- console/src/assets/i18n/pl.json | 2 +- console/src/assets/i18n/pt.json | 4378 +++++++++++++++---------------- console/src/assets/i18n/zh.json | 2 +- 10 files changed, 2198 insertions(+), 2198 deletions(-) diff --git a/console/src/app/app.module.ts b/console/src/app/app.module.ts index 793dfbc224..3781c33576 100644 --- a/console/src/app/app.module.ts +++ b/console/src/app/app.module.ts @@ -1,6 +1,5 @@ import { CommonModule, registerLocaleData } from '@angular/common'; import { HttpClientModule, HTTP_INTERCEPTORS } from '@angular/common/http'; -import localePt from '@angular/common/locales/pt'; import localeBg from '@angular/common/locales/bg'; import localeDe from '@angular/common/locales/de'; import localeEn from '@angular/common/locales/en'; @@ -10,6 +9,7 @@ import localeIt from '@angular/common/locales/it'; import localeJa from '@angular/common/locales/ja'; import localeMk from '@angular/common/locales/mk'; import localePl from '@angular/common/locales/pl'; +import localePt from '@angular/common/locales/pt'; import localeZh from '@angular/common/locales/zh'; import { APP_INITIALIZER, NgModule } from '@angular/core'; import { MatNativeDateModule } from '@angular/material/core'; diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 18d83c3a42..87b6e83fd0 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -1041,7 +1041,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index 8ee10db36b..c858d5acbb 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -1042,7 +1042,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json index 9f4fe349f4..3a0df8980f 100644 --- a/console/src/assets/i18n/es.json +++ b/console/src/assets/i18n/es.json @@ -1042,7 +1042,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json index 8abce8f331..a81c6eae5d 100644 --- a/console/src/assets/i18n/fr.json +++ b/console/src/assets/i18n/fr.json @@ -1041,7 +1041,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json index 22e4df93c4..387bc187d7 100644 --- a/console/src/assets/i18n/it.json +++ b/console/src/assets/i18n/it.json @@ -1041,7 +1041,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json index 498d2b8052..8ac4692d38 100644 --- a/console/src/assets/i18n/ja.json +++ b/console/src/assets/i18n/ja.json @@ -1042,7 +1042,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json index 33d4fa7413..774038f7ce 100644 --- a/console/src/assets/i18n/pl.json +++ b/console/src/assets/i18n/pl.json @@ -1041,7 +1041,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json index 261061422e..00607c1596 100644 --- a/console/src/assets/i18n/pt.json +++ b/console/src/assets/i18n/pt.json @@ -1,2190 +1,2190 @@ { - "APP_NAME": "ZITADEL", - "PAGINATOR": { - "PREVIOUS": "Anterior", - "NEXT": "Próximo", - "COUNT": "Total de Resultados", - "MORE": "Mais" - }, - "FOOTER": { - "LINKS": { - "CONTACT": "Contato", - "TOS": "Termos de Serviço", - "PP": "Política de Privacidade" - }, - "THEME": { - "DARK": "Escuro", - "LIGHT": "Claro" - } - }, - "HOME": { - "WELCOME": "Comece com ZITADEL", - "DISCLAIMER": "A ZITADEL trata seus dados confidencialmente e com segurança.", - "DISCLAIMERLINK": "Mais informações", - "DOCUMENTATION": { - "TITLE": "Documentação", - "DESCRIPTION": "Comece rapidamente com ZITADEL." - }, - "GETSTARTED": { - "TITLE": "Comece com ZITADEL", - "DESCRIPTION": "Comece rapidamente com ZITADEL." - }, - "QUICKSTARTS": { - "LABEL": "Primeiros Passos", - "TITLE": "Início Rápido", - "DESCRIPTION": "Comece rapidamente com ZITADEL." - }, - "SHORTCUTS": { - "SHORTCUTS": "Atalhos", - "SETTINGS": "Atalhos disponíveis", - "PROJECTS": "Projetos", - "REORDER": "Mantenha e arraste o bloco para movê-lo", - "ADD": "Mantenha e arraste um bloco para adicionar" - } - }, - "ONBOARDING": { - "DESCRIPTION": "Seu processo de integração", - "MOREDESCRIPTION": "mais atalhos", - "COMPLETED": "concluído", - "DISMISS": "Não, obrigado, sou um profissional.", - "CARD": { - "TITLE": "Inicie o ZITADEL", - "DESCRIPTION": "Esta lista de verificação ajuda a configurar sua instância e orienta você nas etapas mais essenciais" - }, - "EVENTS": { - "instance.policy.label.added": { - "title": "Configure sua marca", - "description": "Defina cores e forma para o seu login e faça o upload do seu logotipo e ícones.", - "action": "Configurar marca" - }, - "instance.smtp.config.added": { - "title": "Configure as configurações SMTP", - "description": "Configure as configurações do seu próprio servidor de e-mail.", - "action": "Configurar SMTP" - }, - "project.added": { - "title": "Crie um projeto", - "description": "Adicione um projeto e defina suas funções e autorizações.", - "action": "Criar projeto" - }, - "project.application.added": { - "title": "Crie um aplicativo", - "description": "Crie um aplicativo da web, nativo, API ou SAML e configure o fluxo de autenticação.", - "action": "Criar aplicativo" - }, - "user.human.added": { - "title": "Adicione usuários", - "description": "Adicione usuários do seu aplicativo", - "action": "Adicionar usuário" - }, - "user.grant.added": { - "title": "Conceda permissões aos usuários", - "description": "Permita que os usuários acessem seu aplicativo e configure suas funções.", - "action": "Conceder permissões" - } - } - }, - "MENU": { - "INSTANCE": "Instância", - "DASHBOARD": "Início", - "PERSONAL_INFO": "Informações Pessoais", - "DOCUMENTATION": "Documentação", - "INSTANCEOVERVIEW": "Instância", - "ORGS": "Organizações", - "VIEWS": "Visualizações", - "EVENTS": "Eventos", - "FAILEDEVENTS": "Eventos com Falha", - "ORGANIZATION": "Organização", - "DOMAINS": "Domínios", - "PROJECT": "Projetos", - "PROJECTOVERVIEW": "Visão Geral", - "PROJECTGRANTS": "Autorizações", - "ROLES": "Funções", - "GRANTEDPROJECT": "Projetos Concedidos", - "HUMANUSERS": "Usuários", - "MACHINEUSERS": "Usuários de Serviço", - "LOGOUT": "Encerrar Sessão de Todos os Usuários", - "NEWORG": "Nova Organização", - "IAMADMIN": "Você é um Administrador IAM. Observe que você possui permissões estendidas.", - "SHOWORGS": "Mostrar Todas as Organizações", - "GRANTS": "Autorizações", - "ACTIONS": "Ações", - "PRIVACY": "Privacidade", - "TOS": "Termos de Serviço", - "OPENSHORTCUTSTOOLTIP": "Digite ? para mostrar os atalhos do teclado", - "SETTINGS": "Configurações", - "CUSTOMERPORTAL": "Portal do Cliente" - }, - "ACTIONS": { - "ACTIONS": "Ações", - "FILTER": "Filtrar", - "RENAME": "Renomear", - "SET": "Definir", - "COPY": "Copiar para a Área de Transferência", - "COPIED": "Copiado para a área de transferência.", - "RESET": "Redefinir", - "RESETDEFAULT": "Redefinir para o Padrão", - "RESETTO": "Redefinir para: ", - "RESETCURRENT": "Redefinir para o atual", - "SHOW": "Mostrar", - "HIDE": "Ocultar", - "SAVE": "Salvar", - "SAVENOW": "Salvar agora", - "NEW": "Novo", - "ADD": "Adicionar", - "CREATE": "Criar", - "CONTINUE": "Continuar", - "BACK": "Voltar", - "CLOSE": "Fechar", - "CLEAR": "Limpar", - "CANCEL": "Cancelar", - "INFO": "Informações", - "OK": "OK", - "SELECT": "Selecionar", - "VIEW": "Mostrar", - "SELECTIONDELETE": "Excluir seleção", - "DELETE": "Excluir", - "REMOVE": "Remover", - "VERIFY": "Verificar", - "FINISH": "Concluir", - "FINISHED": "Fechar", - "CHANGE": "Alterar", - "REACTIVATE": "Reativar", - "ACTIVATE": "Ativar", - "DEACTIVATE": "Desativar", - "REFRESH": "Atualizar", - "LOGIN": "Entrar", - "EDIT": "Editar", - "PIN": "Fixar / Desafixar", - "CONFIGURE": "Configurar", - "SEND": "Enviar", - "NEWVALUE": "Novo Valor", - "RESTORE": "Restaurar", - "CONTINUEWITHOUTSAVE": "Continuar sem salvar", - "OF": "de", - "PREVIOUS": "Anterior", - "NEXT": "Próximo", - "MORE": "mais", - "STEP": "Passo", - "SETUP": "Configuração", - "UNSAVEDCHANGES": "Alterações não salvas", - "UNSAVED": { - "DIALOG": { - "DESCRIPTION": "Tem certeza de que deseja descartar esta nova ação? Sua ação será perdida", - "CANCEL": "Cancelar", - "DISCARD": "Descartar" - } - }, - "TABLE": { - "SHOWUSER": "Mostrar usuário {{value}}" - } - }, - "MEMBERROLES": { - "IAM_OWNER": "Tem controle sobre toda a instância, incluindo todas as organizações", - "IAM_OWNER_VIEWER": "Tem permissão para revisar toda a instância, incluindo todas as organizações", - "IAM_ORG_MANAGER": "Tem permissão para criar e gerenciar organizações", - "IAM_USER_MANAGER": "Tem permissão para criar e gerenciar usuários", - "ORG_OWNER": "Tem permissão sobre toda a organização", - "ORG_USER_MANAGER": "Tem permissão para criar e gerenciar usuários da organização", - "ORG_OWNER_VIEWER": "Tem permissão para revisar toda a organização", - "ORG_USER_PERMISSION_EDITOR": "Tem permissão para gerenciar concessões de usuários", - "ORG_PROJECT_PERMISSION_EDITOR": "Tem permissão para gerenciar concessões de projetos", - "ORG_PROJECT_CREATOR": "Tem permissão para criar seus próprios projetos e configurações subjacentes", - "PROJECT_OWNER": "Tem permissão sobre todo o projeto", - "PROJECT_OWNER_VIEWER": "Tem permissão para revisar todo o projeto", - "PROJECT_OWNER_GLOBAL": "Tem permissão sobre todo o projeto", - "PROJECT_OWNER_VIEWER_GLOBAL": "Tem permissão para revisar todo o projeto", - "PROJECT_GRANT_OWNER": "Tem permissão para gerenciar a concessão do projeto", - "PROJECT_GRANT_OWNER_VIEWER": "Tem permissão para revisar a concessão do projeto" - }, - "OVERLAYS": { - "ORGSWITCHER": { - "TEXT": "Todas as configurações e tabelas de organização no console são baseadas em uma organização selecionada. Clique neste botão para trocar de organização ou criar uma nova." - }, - "INSTANCE": { - "TEXT": "Clique aqui para acessar as configurações da instância. Observe que você só tem acesso a este botão se tiver permissões avançadas." - }, - "PROFILE": { - "TEXT": "Aqui você pode alternar entre suas contas de usuário e gerenciar suas sessões e perfil." - }, - "NAV": { - "TEXT": "Esta navegação muda com base na organização selecionada acima ou na sua instância" - }, - "CONTEXTCHANGED": { - "TEXT": "O contexto da organização foi alterado." - }, - "SWITCHEDTOINSTANCE": { - "TEXT": "A visualização mudou para a instância!" - } - }, - "FILTER": { - "TITLE": "Filtro", - "STATE": "Status", - "DISPLAYNAME": "Nome de Exibição do Usuário", - "EMAIL": "E-mail", - "USERNAME": "Nome de Usuário", - "ORGNAME": "Nome da Organização", - "PROJECTNAME": "Nome do Projeto", - "RESOURCEOWNER": "Proprietário do Recurso", - "METHODS": { - "5": "contém", - "7": "termina com", - "1": "igual a" - } - }, - "KEYBOARDSHORTCUTS": { - "TITLE": "Atalhos de Teclado", - "UNDERORGCONTEXT": "Dentro das páginas da organização", - "SIDEWIDE": "Atalhos em todo o site", - "SHORTCUTS": { - "HOME": "Ir para Início", - "INSTANCE": "Ir para Instância", - "ORG": "Ir para Organização", - "ORGSETTINGS": "Ir para Configurações da Organização", - "ORGSWITCHER": "Trocar de Organização", - "ME": "Ir para meu perfil", - "PROJECTS": "Ir para Projetos", - "USERS": "Ir para Usuários", - "USERGRANTS": "Ir para Autorizações", - "ACTIONS": "Ir para Ações e Fluxos", - "DOMAINS": "Ir para Domínios" - } - }, - "RESOURCEID": "ID do Recurso", - "NAME": "Nome", - "VERSION": "Versão", - "TABLE": { - "NOROWS": "Sem dados" - }, - "ERRORS": { - "REQUIRED": "Por favor, preencha este campo.", - "ATLEASTONE": "Forneça pelo menos um valor.", - "TOKENINVALID": { - "TITLE": "Seu token de autorização expirou.", - "DESCRIPTION": "Clique no botão abaixo para fazer login novamente." - }, - "EXHAUSTED": { - "TITLE": "Sua cota para solicitações autenticadas está esgotada.", - "DESCRIPTION": "Remova ou aumente o limite de cota para esta instância ZITADEL." - }, - "INVALID_FORMAT": "O formato é inválido.", - "NOTANEMAIL": "O valor fornecido não é um endereço de e-mail.", - "MINLENGTH": "Deve ter pelo menos {{requiredLength}} caracteres.", - "UPPERCASEMISSING": "Deve incluir uma letra maiúscula.", - "LOWERCASEMISSING": "Deve incluir uma letra minúscula.", - "SYMBOLERROR": "Deve incluir um símbolo ou caractere de pontuação.", - "NUMBERERROR": "Deve incluir um dígito.", - "PWNOTEQUAL": "As senhas fornecidas não correspondem.", - "PHONE": "O número de telefone deve começar com 00 ou +." - }, - "USER": { - "SETTINGS": { - "TITLE": "Configurações", - "GENERAL": "Geral", - "IDP": "Provedores de Identidade", - "SECURITY": "Senha e Segurança", - "KEYS": "Chaves", - "PAT": "Tokens de Acesso Pessoal", - "USERGRANTS": "Autorizações", - "MEMBERSHIPS": "Associações", - "METADATA": "Metadados" - }, - "TITLE": "Informações Pessoais", - "DESCRIPTION": "Gerencie suas informações e configurações de segurança.", - "PAGES": { - "LIST": "Usuários", - "TITLE": "Usuário", - "DESCRIPTION": "Crie novos usuários em sua organização e gerencie os existentes.", - "LISTMACHINE": "Usuários de Serviço", - "DESCRIPTIONMACHINE": "Crie e gerencie Usuários de Serviço de sua organização", - "DETAIL": "Detalhes", - "CREATE": "Criar", - "MY": "Minhas Informações", - "LOGINNAMES": "Nomes de Login", - "LOGINMETHODS": "Métodos de Login", - "LOGINNAMESDESC": "Estes são os seus nomes de login:", - "NOUSER": "Nenhum usuário associado.", - "REACTIVATE": "Reativar", - "DEACTIVATE": "Desativar", - "FILTER": "Filtro", - "STATE": "Status", - "DELETE": "Excluir Usuário", - "UNLOCK": "Desbloquear Usuário", - "GENERATESECRET": "Gerar Segredo do Cliente", - "REMOVESECRET": "Remover Segredo do Cliente", - "LOCKEDDESCRIPTION": "Este usuário foi bloqueado devido a exceder o número máximo de tentativas de login e deve ser desbloqueado para ser usado novamente.", - "DELETEACCOUNT": "Excluir Conta", - "DELETEACCOUNT_DESC": "Se você realizar esta ação, será desconectado e não terá mais acesso à sua conta. Essa ação não pode ser desfeita, portanto, prossiga com cautela.", - "DELETEACCOUNT_BTN": "Excluir Conta", - "DELETEACCOUNT_SUCCESS": "Conta excluída com sucesso!" - }, - "DETAILS": { - "DATECREATED": "Criado", - "DATECHANGED": "Alterado" - }, - "DIALOG": { - "DELETE_TITLE": "Excluir Usuário", - "DELETE_SELF_TITLE": "Excluir Conta", - "DELETE_DESCRIPTION": "Você está prestes a excluir permanentemente um usuário. Tem certeza?", - "DELETE_SELF_DESCRIPTION": "Você está prestes a excluir permanentemente sua conta pessoal. Isso irá desconectá-lo e excluir seu usuário. Essa ação não pode ser desfeita!", - "DELETE_AUTH_DESCRIPTION": "Você está prestes a excluir permanentemente sua conta pessoal. Tem certeza?", - "TYPEUSERNAME": "Digite '{{value}}' para confirmar e excluir o usuário.", - "USERNAME": "Nome de usuário", - "DELETE_BTN": "Excluir permanentemente" - }, - "SENDEMAILDIALOG": { - "TITLE": "Enviar Notificação por E-mail", - "DESCRIPTION": "Clique no botão abaixo para enviar uma notificação para o endereço de e-mail atual ou altere o endereço de e-mail no campo.", - "NEWEMAIL": "Novo endereço de e-mail" - }, - "SECRETDIALOG": { - "CLIENTSECRET": "Segredo do Cliente", - "CLIENTSECRET_DESCRIPTION": "Mantenha seu segredo do cliente em um local seguro, pois ele desaparecerá assim que o diálogo for fechado." - }, - "TABLE": { - "DEACTIVATE": "Desativar", - "ACTIVATE": "Ativar", - "CHANGEDATE": "Última Modificação", - "CREATIONDATE": "Criado Em", - "TYPES": { - "HUMAN": "Usuários", - "MACHINE": "Usuários de Serviço" - }, - "FILTER": { - "0": "Filtrar por Nome de Exibição", - "1": "Filtrar por Nome de Usuário", - "2": "filtrar por Nome de Exibição", - "3": "filtrar por Nome de Usuário", - "4": "filtrar por E-mail", - "5": "filtrar por Nome de Exibição", - "10": "filtrar por nome de organização", - "12": "filtrar por nome de projeto" - }, - "EMPTY": "Nenhum registro" - }, - "PASSWORDLESS": { - "SEND": "Enviar link de registro", - "TABLETYPE": "Tipo", - "TABLESTATE": "Status", - "NAME": "Nome", - "EMPTY": "Nenhum dispositivo configurado", - "TITLE": "Autenticação sem Senha", - "DESCRIPTION": "Adicione Métodos de Autenticação baseados em WebAuthn para fazerlogin no ZITADEL sem senha.", - "MANAGE_DESCRIPTION": "Gerencie os métodos de segundo fator dos seus usuários.", - "U2F": "Adicionar método", - "U2F_DIALOG_TITLE": "Verificar autenticador", - "U2F_DIALOG_DESCRIPTION": "Digite um nome para seu login sem senha usado", - "U2F_SUCCESS": "Autenticação sem senha criada com sucesso!", - "U2F_ERROR": "Ocorreu um erro durante a configuração!", - "U2F_NAME": "Nome do Autenticador", - "TYPE": { - "0": "Nenhum MFA definido", - "1": "One Time Password (OTP)", - "2": "Impressão digital, Chaves de Segurança, Face ID e outros" - }, - "STATE": { - "0": "Nenhum Estado", - "1": "Não Pronto", - "2": "Pronto", - "3": "Excluído" - }, - "DIALOG": { - "DELETE_TITLE": "Remover Método de Autenticação sem Senha", - "DELETE_DESCRIPTION": "Você está prestes a excluir um método de autenticação sem senha. Tem certeza?", - "ADD_TITLE": "Autenticação sem senha", - "ADD_DESCRIPTION": "Selecione uma das opções disponíveis para criar um método de autenticação sem senha.", - "SEND_DESCRIPTION": "Envie a si mesmo um link de registro para o seu endereço de e-mail.", - "SEND": "Enviar link de registro", - "SENT": "O e-mail foi entregue com sucesso. Verifique sua caixa de correio para continuar com a configuração.", - "QRCODE_DESCRIPTION": "Gerar um código QR para escanear com outro dispositivo.", - "QRCODE": "Gerar código QR", - "QRCODE_SCAN": "Escanear este código QR para continuar com a configuração no seu dispositivo.", - "NEW_DESCRIPTION": "Use este dispositivo para configurar a autenticação sem senha.", - "NEW": "Adicionar novo" - } - }, - "MFA": { - "TABLETYPE": "Tipo", - "TABLESTATE": "Status", - "NAME": "Nome", - "EMPTY": "Nenhum fator adicional", - "TITLE": "Autenticação Multifator", - "DESCRIPTION": "Adicione um segundo fator para garantir a segurança ideal da sua conta.", - "MANAGE_DESCRIPTION": "Gerencie os métodos de segundo fator dos seus usuários.", - "ADD": "Adicionar Fator", - "OTP": "Aplicativo de Autenticação para OTP (One-Time Password)", - "OTP_DIALOG_TITLE": "Adicionar OTP", - "OTP_DIALOG_DESCRIPTION": "Digitalize o código QR com um aplicativo autenticador e insira o código abaixo para verificar e ativar o método OTP.", - "U2F": "Impressão digital, Chaves de Segurança, Face ID e outros", - "U2F_DIALOG_TITLE": "Verificar Fator", - "U2F_DIALOG_DESCRIPTION": "Digite um nome para o seu fator de multifator universal usado.", - "U2F_SUCCESS": "Fator adicionado com sucesso!", - "U2F_ERROR": "Ocorreu um erro durante a configuração!", - "U2F_NAME": "Nome do Autenticador", - "TYPE": { - "0": "Nenhum MFA definido", - "1": "One Time Password (OTP)", - "2": "Impressão digital, Chaves de Segurança, Face ID e outros" - }, - "STATE": { - "0": "Nenhum Estado", - "1": "Não Pronto", - "2": "Pronto", - "3": "Excluído" - }, - "DIALOG": { - "MFA_DELETE_TITLE": "Remover Segundo Fator", - "MFA_DELETE_DESCRIPTION": "Você está prestes a excluir um segundo fator. Tem certeza?", - "ADD_MFA_TITLE": "Adicionar Segundo Fator", - "ADD_MFA_DESCRIPTION": "Selecione uma das opções disponíveis para criar um método de autenticação de segundo fator." - } - }, - "EXTERNALIDP": { - "TITLE": "Provedores de Identidade Externos", - "DESC": "", - "IDPCONFIGID": "ID da Configuração do Provedor de Identidade", - "IDPNAME": "Nome do Provedor de Identidade", - "USERDISPLAYNAME": "Nome Externo", - "EXTERNALUSERID": "ID do Usuário Externo", - "EMPTY": "Nenhum IDP externo encontrado", - "DIALOG": { - "DELETE_TITLE": "Remover IDP", - "DELETE_DESCRIPTION": "Você está prestes a excluir um Provedor de Identidade de um usuário. Deseja continuar?" - } - }, - "CREATE": { - "TITLE": "Criar um Novo Usuário", - "DESCRIPTION": "Forneça as informações necessárias.", - "NAMEANDEMAILSECTION": "Nome e E-mail", - "GENDERLANGSECTION": "Gênero e Idioma", - "PHONESECTION": "Números de Telefone", - "PASSWORDSECTION": "Senha Inicial", - "ADDRESSANDPHONESECTION": "Número de telefone", - "INITMAILDESCRIPTION": "Se ambas as opções forem selecionadas, nenhum e-mail de inicialização será enviado. Se apenas uma das opções for selecionada, um e-mail para fornecer/verificar os dados será enviado." - }, - "CODEDIALOG": { - "TITLE": "Verificar Número de Telefone", - "DESCRIPTION": "Digite o código que você recebeu por mensagem de texto para verificar seu número de telefone.", - "CODE": "Código" - }, - "DATA": { - "STATE": "Status", - "STATE0": "Desconhecido", - "STATE1": "Ativo", - "STATE2": "Inativo", - "STATE3": "Excluído", - "STATE4": "Bloqueado", - "STATE5": "Suspenso", - "STATE6": "Inicial" - }, - "PROFILE": { - "TITLE": "Perfil", - "EMAIL": "E-mail", - "PHONE": "Número de Telefone", - "PHONE_HINT": "Use 00 ou o símbolo + seguido do código de chamada do país, ou selecione o país na lista suspensa e, em seguida, insira o número de telefone", - "USERNAME": "Nome de Usuário", - "CHANGEUSERNAME": "modificar", - "CHANGEUSERNAME_TITLE": "Alterar nome de usuário", - "CHANGEUSERNAME_DESC": "Digite o novo nome no campo abaixo.", - "FIRSTNAME": "Nome Próprio", - "LASTNAME": "Sobrenome", - "NICKNAME": "Apelido", - "DISPLAYNAME": "Nome de Exibição", - "PREFERRED_LANGUAGE": "Idioma", - "GENDER": "Gênero", - "SENHA": "Senha", - "AVATAR": { - "UPLOADTITLE": "Carregar sua Foto de Perfil", - "UPLOADBTN": "Escolher arquivo", - "UPLOAD": "Carregar", - "CURRENT": "Foto Atual", - "PREVIEW": "Visualização", - "DELETESUCCESS": "Excluído com sucesso!", - "CROPPERERROR": "Ocorreu um erro ao carregar seu arquivo. Tente um formato e tamanho diferentes, se necessário." - }, - "COUNTRY": "País" - }, - "MACHINE": { - "TITLE": "Detalhes do Usuário de Serviço", - "USERNAME": "Nome de Usuário", - "NAME": "Nome", - "DESCRIPTION": "Descrição", - "KEYSTITLE": "Chaves", - "KEYSDESC": "Defina suas chaves e adicione uma data de expiração opcional.", - "TOKENSTITLE": "Tokens de Acesso Pessoal", - "TOKENSDESC": "Os tokens de acesso pessoal funcionam como tokens de acesso OAuth comuns.", - "ID": "ID da Chave", - "TYPE": "Tipo", - "EXPIRATIONDATE": "Data de Expiração", - "CHOOSEDATEAFTER": "Insira uma data de expiração válida após", - "CHOOSEEXPIRY": "Selecione uma data de expiração", - "CREATIONDATE": "Data de Criação", - "KEYDETAILS": "Detalhes da Chave", - "ACCESSTOKENTYPE": "Tipo de Token de Acesso", - "ACCESSTOKENTYPES": { - "0": "Bearer", - "1": "JWT" - }, - "ADD": { - "TITLE": "Adicionar Chave", - "DESCRIPTION": "Selecione o tipo de chave e escolha uma data de expiração opcional." - }, - "ADDED": { - "TITLE": "A chave foi criada", - "DESCRIPTION": "Baixe a chave, pois ela não será mais visível após o fechamento deste diálogo!" - }, - "KEYTYPES": { - "1": "JSON" - }, - "DIALOG": { - "DELETE_KEY": { - "TITLE": "Excluir Chave", - "DESCRIPTION": "Deseja excluir a chave selecionada? Essa ação não pode ser desfeita." - } - } - }, - "PASSWORD": { - "TITLE": "Senha", - "LABEL": "Uma senha segura ajuda a proteger a conta", - "DESCRIPTION": "Digite a nova senha de acordo com a política abaixo.", - "OLD": "Senha Atual", - "NEW": "Nova Senha", - "CONFIRM": "Confirmar Nova Senha", - "NEWINITIAL": "Senha", - "CONFIRMINITIAL": "Confirmar Senha", - "RESET": "Redefinir Senha Atual", - "SET": "Definir Nova Senha", - "RESENDNOTIFICATION": "Enviar Link de Redefinição de Senha", - "REQUIRED": "Algumas informações obrigatórias estão faltando.", - "MINLENGTHERROR": "Deve ter pelo menos {{value}} caracteres." - }, - "ID": "ID", - "EMAIL": "E-mail", - "PHONE": "Número de Telefone", - "PHONEEMPTY": "Nenhum número de telefone definido", - "PHONEVERIFIED": "Número de telefone verificado.", - "EMAILVERIFIED": "E-mail verificado", - "NOTVERIFIED": "não verificado", - "PREFERRED_LOGINNAME": "Nome de Usuário Preferencial", - "ISINITIAL": "O usuário ainda não está ativo.", - "LOGINMETHODS": { - "TITLE": "Informações de Contato", - "DESCRIPTION": "As informações fornecidas serão usadas para enviar informações importantes, como e-mails de redefinição de senha.", - "EMAIL": { - "TITLE": "E-mail", - "VALID": "validado", - "ISVERIFIED": "E-mail Verificado", - "ISVERIFIEDDESC": "Se o e-mail estiver verificado, nenhuma solicitação de verificação será feita.", - "RESEND": "Reenviar E-mail de Verificação", - "EDITTITLE": "Alterar E-mail", - "EDITDESC": "Digite o novo e-mail no campo abaixo." - }, - "PHONE": { - "TITLE": "Telefone", - "VALID": "validado", - "RESEND": "Reenviar Mensagem de Texto de Verificação", - "EDITTITLE": "Alterar Número", - "EDITVALUE": "Número de Telefone", - "EDITDESC": "Digite o novo número de telefone no campo abaixo.", - "DELETETITLE": "Excluir número de telefone", - "DELETEDESC": "Você realmente deseja excluir o número de telefone?" - }, - "RESENDCODE": "Reenviar Código", - "ENTERCODE": "Verificar", - "ENTERCODE_DESC": "Digite o código de verificação" - }, - "GRANTS": { - "TITLE": "Permissões de Usuário", - "DESCRIPTION": "Conceda a este usuário acesso a determinados projetos.", - "CREATE": { - "TITLE": "Criar Permissão de Usuário", - "DESCRIPTION": "Pesquise a organização, o projeto e as funções do projeto correspondentes." - }, - "PROJECTNAME": "Nome do Projeto", - "PROJECT-OWNED": "Projeto", - "PROJECT-GRANTED": "Projeto Concedido", - "FILTER": { - "0": "filtro por usuário", - "1": "filtro por domínio", - "2": "filtro por nome do projeto", - "3": "filtro por nome da função" - } - }, - "STATE": { - "0": "Desconhecido", - "1": "Ativo", - "2": "Inativo", - "3": "Excluído", - "4": "Bloqueado", - "5": "Suspenso", - "6": "Inicial" - }, - "SEARCH": { - "ADDITIONAL": "Nome de usuário (organização atual)", - "ADDITIONAL-EXTERNAL": "Nome de usuário (organização externa)" - }, - "TARGET": { - "SELF": "Se você deseja conceder acesso a um usuário de outra organização", - "EXTERNAL": "Para conceder acesso a um usuário de sua organização", - "CLICKHERE": "clique aqui" - }, - "SIGNEDOUT": "Você saiu. Clique no botão \"Entrar\" para fazer login novamente.", - "SIGNEDOUT_BTN": "Entrar", - "EDITACCOUNT": "Editar Conta", - "ADDACCOUNT": "Entrar Com Outra Conta", - "RESENDINITIALEMAIL": "Reenviar e-mail de ativação", - "RESENDEMAILNOTIFICATION": "Reenviar notificação por e-mail", - "TOAST": { - "CREATED": "Usuário criado com sucesso.", - "SAVED": "Perfil salvo com sucesso.", - "USERNAMECHANGED": "Nome de usuário alterado.", - "EMAILSAVED": "E-mail salvo com sucesso.", - "INITEMAILSENT": "E-mail de ativação enviado.", - "PHONESAVED": "Telefone salvo com sucesso.", - "PHONEREMOVED": "O número de telefone foi removido.", - "PHONEVERIFIED": "Número de telefone verificado com sucesso.", - "PHONEVERIFICATIONSENT": "Código de verificação de telefone enviado.", - "EMAILVERIFICATIONSENT": "Código de verificação de e-mail enviado.", - "OTPREMOVED": "OTP removido.", - "U2FREMOVED": "Fator removido.", - "PASSWORDLESSREMOVED": "Autenticação sem senha removida.", - "INITIALPASSWORDSET": "Senha inicial definida.", - "PASSWORDNOTIFICATIONSENT": "Notificação de alteração de senha enviada.", - "PASSWORDCHANGED": "Senha alterada com sucesso.", - "REACTIVATED": "Usuário reativado.", - "DEACTIVATED": "Usuário desativado.", - "SELECTEDREACTIVATED": "Usuários selecionados reativados.", - "SELECTEDDEACTIVATED": "Usuários selecionados desativados.", - "SELECTEDKEYSDELETED": "Chaves selecionadas excluídas.", - "KEYADDED": "Chave adicionada!", - "MACHINEADDED": "Usuário de serviço criado!", - "DELETED": "Usuário excluído com sucesso!", - "UNLOCKED": "Usuário desbloqueado com sucesso!", - "PASSWORDLESSREGISTRATIONSENT": "Link de registro enviado com sucesso.", - "SECRETGENERATED": "Segredo gerado com sucesso!", - "SECRETREMOVED": "Segredo removido com sucesso!" - }, - "MEMBERSHIPS": { - "TITLE": "Funções de Gerente do ZITADEL", - "DESCRIPTION": "Essas são todas as permissões de membros do usuário. Você também pode modificá-las nas páginas de detalhes da organização, projeto ou IAM.", - "ORGCONTEXT": "Você vê todas as organizações e projetos relacionados à organização atualmente selecionada.", - "USERCONTEXT": "Você vê todas as organizações e projetos para os quais está autorizado. Incluindo outras organizações.", - "CREATIONDATE": "Data de Criação", - "CHANGEDATE": "Última Modificação", - "DISPLAYNAME": "Nome de Exibição", - "REMOVE": "Remover", - "TYPE": "Tipo", - "ORGID": "ID da Organização", - "UPDATED": "A permissão de membro foi atualizada.", - "NOPERMISSIONTOEDIT": "Você não possui as permissões necessárias para editar funções!", - "TYPES": { - "UNKNOWN": "Desconhecido", - "ORG": "Organização", - "PROJECT": "Projeto", - "GRANTEDPROJECT": "Projeto Concedido" - } - }, - "PERSONALACCESSTOKEN": { - "ID": "ID", - "TOKEN": "Token", - "ADD": { - "TITLE": "Gerar Novo Token de Acesso Pessoal", - "DESCRIPTION": "Defina um tempo de expiração personalizado para o token.", - "CHOOSEEXPIRY": "Selecione uma data de expiração", - "CHOOSEDATEAFTER": "Insira uma data de expiração válida após" - }, - "ADDED": { - "TITLE": "Token de Acesso Pessoal", - "DESCRIPTION": "Certifique-se de copiar o seu token de acesso pessoal. Você não poderá vê-lo novamente!" - }, - "DELETE": { - "TITLE": "Excluir Token", - "DESCRIPTION": "Você está prestes a excluir o token de acesso pessoal. Tem certeza?" - }, - "DELETED": "Token excluído com sucesso." - } - }, - "METADATA": { - "TITLE": "Metadados", - "DESCRIPTION": "", - "KEY": "Chave", - "VALUE": "Valor", - "ADD": "Nova Entrada", - "SAVE": "Salvar", - "EMPTY": "Nenhum metadado", - "SETSUCCESS": "Elemento salvo com sucesso", - "REMOVESUCCESS": "Elemento excluído com sucesso" - }, - "FLOWS": { - "TITLE": "Ações e Fluxos", - "DESCRIPTION": "Defina scripts para executar em determinado evento.", - "ACTIONSTITLE": "Ações", - "ACTIONSDESCRIPTION": "Esses são seus scripts que você pode executar nos fluxos.", - "FLOWSTITLE": "Fluxos", - "FLOWSDESCRIPTION": "Fluxos de um determinado tipo executam ações no momento de um gatilho.", - "ID": "ID", - "NAME": "Nome", - "STATE": "Estado", - "STATES": { - "0": "sem status", - "1": "inativo", - "2": "ativo" - }, - "ADDTRIGGER": "Adicionar gatilho", - "FLOWCHANGED": "O fluxo foi alterado com sucesso", - "FLOWCLEARED": "O fluxo foi redefinido com sucesso", - "TIMEOUT": "Tempo Limite", - "TIMEOUTINSEC": "Tempo Limite em segundos", - "ALLOWEDTOFAIL": "Permitido Falhar", - "SCRIPT": "Script", - "FLOWTYPE": "Tipo de Fluxo", - "TRIGGERTYPE": "Tipo de Gatilho", - "ACTIONS": "Ações", - "ACTIONSMAX": "Com base no seu Nível, você tem um número limitado de Ações disponíveis ({{value}}). Certifique-se de desativar as que você não precisa ou considere fazer upgrade do seu nível.", - "DIALOG": { - "ADD": { - "TITLE": "Criar uma Ação" - }, - "UPDATE": { - "TITLE": "Atualizar Ação" - }, - "DELETEACTION": { - "TITLE": "Excluir Ação?", - "DESCRIPTION": "Você está prestes a excluir uma ação. Isso não pode ser desfeito. Tem certeza?", - "DELETE_SUCCESS": "Ação excluída com sucesso." - }, - "CLEAR": { - "TITLE": "Limpar fluxo?", - "DESCRIPTION": "Você está prestes a redefinir o fluxo juntamente com seus gatilhos e ações. Essa alteração não pode ser desfeita. Tem certeza?" - }, - "REMOVEACTIONSLIST": { - "TITLE": "Excluir Ações Selecionadas?", - "DESCRIPTION": "Tem certeza de que deseja excluir as ações selecionadas do fluxo?" - } - }, - "TOAST": { - "ACTIONSSET": "Ações definidas", - "ACTIONREACTIVATED": "Ações reativadas com sucesso", - "ACTIONDEACTIVATED": "Ações desativadas com sucesso" - } - }, - "IAM": { - "TITLE": "Instância", - "DESCRIPTION": "Gerencie as configurações da sua instância e organizações", - "POLICIES": { - "TITLE": "Políticas do sistema e configurações de acesso", - "DESCRIPTION": "Gerencie as políticas globais e configurações de acesso à gerência." - }, - "EVENTSTORE": { - "TITLE": "Administração de armazenamento IAM", - "DESCRIPTION": "Gerencie as visualizações do ZITADEL e eventos falhados." - }, - "MEMBER": { - "TITLE": "Gerentes", - "DESCRIPTION": "Esses gerentes têm permissão para fazer alterações na sua instância." - }, - "PAGES": { - "STATE": "Status", - "DOMAINLIST": "Domínios" - }, - "STATE": { - "0": "Não especificado", - "1": "Criando", - "2": "Executando", - "3": "Parando", - "4": "Parado" - }, - "VIEWS": { - "TITLE": "Visualizações", - "DESCRIPTION": "Este cartão mostra as visualizações do ZITADEL.", - "VIEWNAME": "Nome", - "DATABASE": "Banco de Dados", - "SEQUENCE": "Sequência", - "EVENTTIMESTAMP": "Carimbo de Data/Hora do Evento", - "LASTSPOOL": "Spool bem-sucedido", - "ACTIONS": "Ações", - "CLEAR": "Limpar", - "CLEARED": "Visualização limpa com sucesso!", - "DIALOG": { - "VIEW_CLEAR_TITLE": "Limpar Visualização", - "VIEW_CLEAR_DESCRIPTION": "Você está prestes a limpar uma visualização. A limpeza de uma visualização cria um processo durante o qual os dados possivelmente não estarão disponíveis para os usuários finais. Você tem certeza?" - } - }, - "FAILEDEVENTS": { - "TITLE": "Eventos com falha", - "DESCRIPTION": "Este cartão mostra os eventos com falha.", - "VIEWNAME": "Nome", - "DATABASE": "Banco de Dados", - "FAILEDSEQUENCE": "Sequência com falha", - "FAILURECOUNT": "Contagem de falhas", - "LASTFAILED": "Última falha em", - "ERRORMESSAGE": "Mensagem de erro", - "ACTIONS": "Ações", - "DELETE": "Remover", - "DELETESUCCESS": "Eventos com falha removidos." - }, - "EVENTS": { - "TITLE": "Eventos", - "DESCRIPTION": "Esta visualização mostra todos os eventos ocorridos.", - "EDITOR": "Editor", - "EDITORID": "ID do Editor", - "AGGREGATE": "Agregado", - "AGGREGATEID": "ID do Agregado", - "AGGREGATETYPE": "Tipo do Agregado", - "RESOURCEOWNER": "Proprietário do Recurso", - "SEQUENCE": "Sequência", - "CREATIONDATE": "Criado em", - "TYPE": "Tipo", - "PAYLOAD": "Carga", - "FILTERS": { - "BTN": "Filtrar", - "USER": { - "IDLABEL": "ID", - "CHECKBOX": "Filtrar por Editor" - }, - "AGGREGATE": { - "TYPELABEL": "Tipo de Agregado", - "IDLABEL": "ID", - "CHECKBOX": "Filtrar por Agregado" - }, - "TYPE": { - "TYPELABEL": "Tipo", - "CHECKBOX": "Filtrar por Tipo" - }, - "RESOURCEOWNER": { - "LABEL": "ID", - "CHECKBOX": "Filtrar por Proprietário do Recurso" - }, - "SEQUENCE": { - "LABEL": "Sequência", - "CHECKBOX": "Filtrar por Sequência", - "SORT": "Ordenação", - "ASC": "Crescente", - "DESC": "Decrescente" - }, - "CREATIONDATE": { - "LABEL": "Data de Criação", - "CHECKBOX": "Filtrar por Data de Criação" - }, - "OTHER": "outro", - "OTHERS": "outros" - }, - "DIALOG": { - "TITLE": "Detalhes do Evento" - } - }, - "TOAST": { - "MEMBERREMOVED": "Gerente removido.", - "MEMBERSADDED": "Gerentes adicionados.", - "MEMBERADDED": "Gerente adicionado.", - "MEMBERCHANGED": "Gerente alterado.", - "ROLEREMOVED": "Função removida.", - "ROLECHANGED": "Função alterada.", - "REACTIVATED": "Reativado", - "DEACTIVATED": "Desativado" - } - }, - "ORG": { - "PAGES": { - "NAME": "Nome", - "ID": "ID", - "CREATIONDATE": "Data de Criação", - "DATECHANGED": "Alterado", - "FILTER": "Filtro", - "FILTERPLACEHOLDER": "Filtrar pelo nome", - "LIST": "Organizações", - "LISTDESCRIPTION": "Escolha uma organização.", - "ACTIVE": "Ativa", - "CREATE": "Criar Organização", - "DEACTIVATE": "Desativar Organização", - "REACTIVATE": "Reativar Organização", - "NOPERMISSION": "Você não tem permissão para acessar as configurações da organização.", - "USERSELFACCOUNT": "Use sua conta pessoal como proprietário da organização", - "ORGDETAIL_TITLE": "Digite o nome e domínio da sua nova organização.", - "ORGDETAIL_TITLE_WITHOUT_DOMAIN": "Digite o nome da sua nova organização.", - "ORGDETAILUSER_TITLE": "Configurar Proprietário da Organização", - "DELETE": "Excluir organização", - "DEFAULTLABEL": "Padrão", - "SETASDEFAULT": "Definir como organização padrão", - "DEFAULTORGSET": "Organização padrão alterada com sucesso", - "RENAME": { - "ACTION": "Renomear", - "TITLE": "Renomear Organização", - "DESCRIPTION": "Digite o novo nome para sua organização", - "BTN": "Renomear" - }, - "ORGDOMAIN": { - "TITLE": "Verificação de Propriedade do Domínio da Organização", - "VERIFICATION": "Para verificar a propriedade do seu domínio, você precisa baixar um arquivo de verificação e enviá-lo para a URL fornecida abaixo, ou criar um registro DNS TXT para a URL fornecida. Para concluir, clique no botão para verificar.", - "VERIFICATION_SKIP": "Você pode pular a verificação por enquanto e continuar a criar sua organização, mas para usar sua organização, esta etapa deve ser concluída!", - "VERIFICATION_VALIDATION_DESC": "Os tokens são verificados regularmente para garantir que você ainda seja o proprietário do domínio.", - "VERIFICATION_NEWTOKEN_TITLE": "Solicitar Novo Token", - "VERIFICATION_NEWTOKEN_DESC": "Se você deseja solicitar um novo token, selecione seu método preferido. Se você deseja validar um token persistente, clique no botão acima.", - "VERIFICATION_VALIDATION_ONGOING": "Um token de verificação já foi solicitado. Clique no botão para iniciar uma verificação.", - "VERIFICATION_VALIDATION_ONGOING_TYPE": "Tipo do token:", - "VERIFICATION_SUCCESSFUL": "Domínio verificado com sucesso!", - "REQUESTNEWTOKEN": "Solicitar novo token", - "TYPES": { - "1": "HTTP", - "2": "DNS" - } - }, - "DOWNLOAD_FILE": "Baixar Arquivo", - "SELECTORGTOOLTIP": "Selecionar esta organização.", - "PRIMARYDOMAIN": "Domínio Principal", - "STATE": "Estado", - "USEPASSWORD": "Definir Senha Inicial", - "USEPASSWORDDESC": "O usuário não precisa definir a senha durante a inicialização." - }, - "LIST": { - "TITLE": "Organizações", - "DESCRIPTION": "Estas são as organizações na sua instância" - }, - "DOMAINS": { - "NEW": "Adicionar Domínio", - "TITLE": "Domínios", - "DESCRIPTION": "Configure seus domínios. Este domínio pode ser usado para o login dos seus usuários.", - "SETPRIMARY": "Definir como Principal", - "DELETE": { - "TITLE": "Excluir Domínio", - "DESCRIPTION": "Você está prestes a excluir um dos seus domínios. Observe que seus usuários não poderão mais usar este domínio para fazer login." - }, - "ADD": { - "TITLE": "Adicionar Domínio", - "DESCRIPTION": "Você está prestes a adicionar um domínio para sua organização. Após o processo bem-sucedido, seus usuários poderão usar o domínio para fazer login." - } - }, - "STATE": { - "0": "Não definido", - "1": "Ativa", - "2": "Desativada", - "3": "Removida" - }, - "MEMBER": { - "TITLE": "Gerentes da Organização", - "DESCRIPTION": "Defina os usuários que podem alterar as preferências da sua organização." - }, - "TOAST": { - "UPDATED": "Organização atualizada com sucesso.", - "DEACTIVATED": "Organização desativada.", - "REACTIVATED": "Organização reativada.", - "DOMAINADDED": "Domínio adicionado.", - "DOMAINREMOVED": "Domínio removido.", - "MEMBERADDED": "Gerente adicionado.", - "MEMBERREMOVED": "Gerente removido.", - "MEMBERCHANGED": "Gerente alterado.", - "SETPRIMARY": "Domínio principal definido.", - "DELETED": "Organização excluída com sucesso", - "ORG_WAS_DELETED": "Organização foi excluída." - }, - "DIALOG": { - "DEACTIVATE": { - "TITLE": "Desativar organização", - "DESCRIPTION": "Você está prestes a desativar sua organização. Os usuários não poderão fazer login posteriormente. Tem certeza de que deseja continuar?" - }, - "REACTIVATE": { - "TITLE": "Reativar organização", - "DESCRIPTION": "Você está prestes a reativar sua organização. Os usuários poderão fazer login novamente. Tem certeza de que deseja continuar?" - }, - "DELETE": { - "TITLE": "Excluir organização", - "DESCRIPTION": "Você está prestes a excluir sua organização. Isso inicia um processo no qual todos os dados relacionados à organização serão excluídos. Não será possível reverter esta ação por enquanto.", - "TYPENAME": "Digite '{{value}}' para excluir sua organização.", - "ORGNAME": "Nome", - "BTN": "Excluir" - } - } - }, - "SETTINGS": { - "INSTANCE": { - "TITLE": "Configurações da Instância", - "DESCRIPTION": "Essas configurações serão aplicadas a todas as suas organizações, a menos que tenham sido substituídas." - }, - "ORG": { - "TITLE": "Configurações da Organização", - "DESCRIPTION": "Essas configurações estendem e sobrescrevem as configurações da sua instância." - }, - "LIST": { - "GENERAL": "Geral", - "LOGIN": "Comportamento de Login e Segurança", - "LOCKOUT": "Bloqueio", - "COMPLEXITY": "Complexidade de Senha", - "NOTIFICATIONS": "Configurações de Notificação", - "NOTIFICATIONS_DESC": "Configurações de SMTP e SMS", - "MESSAGETEXTS": "Textos de Mensagem", - "IDP": "Provedores de Identidade", - "DOMAIN": "Configurações de Domínio", - "LOGINTEXTS": "Textos da Interface de Login", - "BRANDING": "Marca", - "PRIVACYPOLICY": "Política de Privacidade", - "OIDC": "Tempo de Vida e Expiração do Token OIDC", - "SECRETS": "Aparência de Segredo", - "SECURITY": "Configurações de Segurança" - }, - "GROUPS": { - "NOTIFICATIONS": "Notificações", - "LOGIN": "Login e Acesso", - "DOMAIN": "Domínio", - "TEXTS": "Textos e Idiomas", - "APPEARANCE": "Aparência", - "OTHER": "Outro" - } - }, - "SETTING": { - "DEFAULTLANGUAGE": "Idioma padrão", - "LANGUAGE": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски" - }, - "SMTP": { - "TITLE": "Configurações SMTP", - "SENDERADDRESS": "Endereço de e-mail do remetente", - "SENDERNAME": "Nome do remetente", - "HOSTANDPORT": "Host e porta", - "USER": "Usuário", - "PASSWORD": "Senha", - "SETPASSWORD": "Definir senha do SMTP", - "PASSWORDSET": "Senha do SMTP definida com sucesso.", - "TLS": "Transport Layer Security (TLS)", - "SAVED": "Salvo com sucesso!", - "REQUIREDWARN": "Para enviar notificações do seu domínio, você precisa inserir seus dados SMTP." - }, - "SMS": { - "TITLE": "Configurações de SMS", - "PROVIDERS": "Provedores", - "PROVIDER": "Provedor de SMS", - "ADDPROVIDER": "Adicionar provedor de SMS", - "ADDPROVIDERDESCRIPTION": "Escolha um dos provedores disponíveis e insira os dados necessários.", - "REMOVEPROVIDER": "Remover provedor", - "REMOVEPROVIDER_DESC": "Você está prestes a excluir uma configuração de provedor. Deseja continuar?", - "SMSPROVIDERSTATE": { - "0": "Não especificado", - "1": "Ativo", - "2": "Inativo" - }, - "ACTIVATED": "Provedor ativado.", - "DEACTIVATED": "Provedor desativado.", - "TWILIO": { - "SID": "SID", - "TOKEN": "Token", - "SENDERNUMBER": "Número do remetente", - "ADDED": "Twilio adicionado com sucesso.", - "REMOVED": "Twilio removido", - "CHANGETOKEN": "Alterar token", - "SETTOKEN": "Definir token", - "TOKENSET": "Token definido com sucesso." - } - }, - "OIDC": { - "TITLE": "Configurações OIDC", - "ACCESSTOKENLIFETIME": "Tempo de vida do token de acesso", - "IDTOKENLIFETIME": "Tempo de vida do token de ID", - "REFRESHTOKENEXPIRATION": "Expiração do token de atualização", - "REFRESHTOKENIDLEEXPIRATION": "Expiração inativa do token de atualização", - "INHOURS": "horas", - "INDAYS": "dias" - }, - "SECRETS": { - "TITLE": "Aparência de segredos", - "TYPES": "Tipos de segredos", - "TYPE": { - "1": "Email de inicialização", - "2": "Verificação de email", - "3": "Verificação de telefone", - "4": "Redefinição de senha", - "5": "Inicialização sem senha", - "6": "Segredo do aplicativo" - }, - "ADDGENERATOR": "Definir aparência de segredo", - "GENERATORTYPE": "Tipo", - "EXPIRY": "Expiração (em horas)", - "INCLUDEDIGITS": "Incluir números", - "INCLUDESYMBOLS": "Incluir símbolos", - "INCLUDELOWERLETTERS": "Incluir letras minúsculas", - "INCLUDEUPPERLETTERS": "Incluir letras maiúsculas", - "LENGTH": "Comprimento", - "UPDATED": "Configurações atualizadas." - }, - "SECURITY": { - "DESCRIPTION": "Essa configuração define o CSP para permitir o enquadramento de um conjunto de domínios permitidos. Observe que, ao permitir o uso de iFrames, você corre o risco de permitir ataques de clickjacking.", - "IFRAMEENABLED": "Permitir iFrame", - "ALLOWEDORIGINS": "URLs permitidos" - }, - "DIALOG": { - "RESET": { - "DEFAULTTITLE": "Redefinir configuração", - "DEFAULTDESCRIPTION": "Você está prestes a redefinir suas configurações para a configuração padrão da sua instância. Tem certeza de que deseja continuar?", - "LOGINPOLICY_DESCRIPTION": "Aviso: Se você continuar, as configurações do provedor de identidade também serão redefinidas para as configurações da instância." - } - } - }, - "POLICY": { - "TITLE": "Explorar configurações", - "DESCRIPTION": "Configurações pré-embaladas que melhoram sua segurança.", - "APPLIEDTO": "Aplicado a", - "PWD_COMPLEXITY": { - "TITLE": "Complexidade da senha", - "DESCRIPTION": "Garante que todas as senhas definidas correspondam a um padrão específico", - "SYMBOLANDNUMBERERROR": "Deve conter um dígito e um símbolo/ponto de pontuação.", - "SYMBOLERROR": "Deve incluir um símbolo/ponto de pontuação.", - "NUMBERERROR": "Deve incluir um dígito.", - "PATTERNERROR": "A senha não atende ao padrão exigido." - }, - "NOTIFICATION": { - "TITLE": "Notificação", - "DESCRIPTION": "Determina em quais alterações as notificações serão enviadas.", - "PASSWORDCHANGE": "Mudança de senha" - }, - "PRIVATELABELING": { - "TITLE": "Marca", - "DESCRIPTION": "Dê ao login o seu estilo personalizado e modifique seu comportamento.", - "PREVIEW_DESCRIPTION": "As alterações da política serão automaticamente aplicadas ao ambiente de visualização.", - "BTN": "Selecionar arquivo", - "ACTIVATEPREVIEW": "Aplicar configuração", - "DARK": "Modo escuro", - "LIGHT": "Modo claro", - "CHANGEVIEW": "Alterar visualização", - "ACTIVATED": "As alterações de política estão agora ATIVAS", - "THEME": "Tema", - "COLORS": "Cores", - "FONT": "Fonte", - "ADVANCEDBEHAVIOR": "Comportamento avançado", - "DROP": "Solte a imagem aqui ou", - "RELEASE": "Liberar", - "DROPFONT": "Solte o arquivo de fonte aqui", - "RELEASEFONT": "Liberar", - "USEOFLOGO": "Seu logotipo será usado no login e nos emails, enquanto o ícone é usado para elementos de IU menores, como o seletor de organização no console", - "MAXSIZE": "O tamanho máximo é limitado a 524kB", - "EMAILNOSVG": "O formato de arquivo SVG não é suportado em emails. Portanto, faça o upload do seu logotipo em PNG ou em outro formato suportado.", - "MAXSIZEEXCEEDED": "Tamanho máximo de 524kB excedido.", - "NOSVGSUPPORTED": "SVG não é suportado!", - "FONTINLOGINONLY": "A fonte está atualmente sendo exibida apenas na interface de login.", - "BACKGROUNDCOLOR": "Cor de fundo", - "PRIMARYCOLOR": "Cor primária", - "WARNCOLOR": "Cor de aviso", - "FONTCOLOR": "Cor da fonte", - "VIEWS": { - "PREVIEW": "Visualização", - "CURRENT": "Configuração atual" - }, - "PREVIEW": { - "TITLE": "Login", - "SECOND": "faça login com sua conta ZITADEL.", - "ERROR": "Usuário não encontrado!", - "PRIMARYBUTTON": "próximo", - "SECONDARYBUTTON": "registrar" - } - }, - "PWD_AGE": { - "TITLE": "Envelhecimento de senha", - "DESCRIPTION": "Você pode definir uma política para o envelhecimento de senhas. Essa política emite um aviso após o tempo de envelhecimento específico ter passado." - }, - "PWD_LOCKOUT": { - "TITLE": "Política de bloqueio", - "DESCRIPTION": "Defina um número máximo de tentativas de senha, após as quais as contas serão bloqueadas." - }, - "DOMAIN_POLICY": { - "TITLE": "Configurações de domínio" - }, - "PRIVATELABELING_POLICY": { - "TITLE": "Marca", - "BTN": "Selecionar arquivo", - "DESCRIPTION": "Personalize a aparência do login", - "ACTIVATEPREVIEW": "Ativar configuração" - }, - "LOGIN_POLICY": { - "TITLE": "Configurações de login", - "DESCRIPTION": "Defina como os usuários podem ser autenticados e configure provedores de identidade", - "DESCRIPTIONCREATEADMIN": "Os usuários podem escolher entre os provedores de identidade disponíveis abaixo.", - "DESCRIPTIONCREATEMGMT": "Os usuários podem escolher entre os provedores de identidade disponíveis abaixo. Observação: você também pode usar provedores definidos pelo sistema e provedores definidos apenas para sua organização.", - "ADVANCED": "Avançado", - "LIFETIMEDURATIONS": "Duração do login", - "SAVED": "Salvo com sucesso!" - }, - "PRIVACY_POLICY": { - "TITLE": "Política de privacidade e TOS", - "DESCRIPTION": "Defina os links para a sua Política de Privacidade e Termos de Serviço", - "TOSLINK": "Link para os Termos de Serviço", - "POLICYLINK": "Link para a Política de Privacidade", - "HELPLINK": "Link para Ajuda", - "SUPPORTEMAIL": "E-mail de suporte", - "SAVED": "Salvo com sucesso!", - "RESET_TITLE": "Restaurar valores padrão", - "RESET_DESCRIPTION": "Você está prestes a restaurar os Links padrão para TOS e Política de Privacidade. Deseja realmente continuar?" - }, - "LOGIN_TEXTS": { - "TITLE": "Textos da interface de login", - "DESCRIPTION": "Defina seus textos para as interfaces de login. Se os textos estiverem vazios, o valor padrão mostrado como marcador de posição será usado.", - "DESCRIPTION_SHORT": "Defina seus textos para as interfaces de login.", - "NEWERVERSIONEXISTS": "Existe uma versão mais recente", - "CURRENTDATE": "Configuração atual", - "CHANGEDATE": "Nova versão a partir de", - "KEYNAME": "Tela/Interface de login", - "RESET_TITLE": "Restaurar valores padrão", - "RESET_DESCRIPTION": "Você está prestes a restaurar todos os valores padrão. Todas as alterações que você fez serão excluídas permanentemente. Deseja realmente continuar?", - "UNSAVED_TITLE": "Continuar sem salvar?", - "UNSAVED_DESCRIPTION": "Você fez alterações sem salvar. Deseja salvar agora?", - "LOCALE": "Código de localidade", - "LOCALES": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски" - }, - "KEYS": { - "emailVerificationDoneText": "Verificação de email concluída", - "emailVerificationText": "Verificação de email", - "externalUserNotFoundText": "Usuário externo não encontrado", - "footerText": "Rodapé", - "initMfaDoneText": "Inicialização de MFA concluída", - "initMfaOtpText": "Inicialização de MFA", - "initMfaPromptText": "Prompt de inicialização de MFA", - "initMfaU2fText": "Inicialização de Fator de Segundo Universal", - "initPasswordDoneText": "Inicialização de senha concluída", - "initPasswordText": "Inicialização de senha", - "initializeDoneText": "Inicialização de usuário concluída", - "initializeUserText": "Inicializaçãode usuário", - "linkingUserDoneText": "Vinculação de usuário concluída", - "loginText": "Login", - "logoutText": "Logout", - "mfaProvidersText": "Provedores de MFA", - "passwordChangeDoneText": "Alteração de senha concluída", - "passwordChangeText": "Alteração de senha", - "passwordResetDoneText": "Redefinição de senha concluída", - "passwordText": "Senha", - "registrationOptionText": "Opções de registro", - "registrationOrgText": "Registrar organização", - "registrationUserText": "Registrar usuário", - "selectAccountText": "Selecionar conta", - "successLoginText": "Login com sucesso", - "usernameChangeDoneText": "Alteração de nome de usuário concluída", - "usernameChangeText": "Alteração de nome de usuário", - "verifyMfaOtpText": "Verificar OTP", - "verifyMfaU2fText": "Verificar Fator de Segundo Universal", - "passwordlessPromptText": "Prompt de autenticação sem senha", - "passwordlessRegistrationDoneText": "Registro sem senha concluído", - "passwordlessRegistrationText": "Registro sem senha", - "passwordlessText": "Sem senha", - "externalRegistrationUserOverviewText": "Visão geral do usuário de registro externo" - } - }, - "MESSAGE_TEXTS": { - "TITLE": "Textos de mensagem", - "DESCRIPTION": "Defina seus textos para os emails de notificação.", - "TYPE": "Notificação", - "TYPES": { - "INIT": "Inicialização", - "VE": "Verificar Email", - "VP": "Verificar Telefone", - "PR": "Redefinição de Senha", - "DC": "Reivindicação de Domínio", - "PL": "Sem senha", - "PC": "Alteração de Senha" - }, - "CHIPS": { - "firstname": "Nome próprio", - "lastname": "Sobrenome", - "code": "Código", - "preferredLoginName": "Nome de login preferido", - "displayName": "Nome de exibição", - "nickName": "Apelido", - "loginnames": "Nomes de login", - "domain": "Domínio", - "lastEmail": "Último email", - "lastPhone": "Último telefone", - "verifiedEmail": "Email verificado", - "verifiedPhone": "Telefone verificado", - "changedate": "Data de alteração", - "username": "Nome de usuário", - "tempUsername": "Nome de usuário temporário" - }, - "TOAST": { - "UPDATED": "Textos personalizados salvos." - } - }, - "DEFAULTLABEL": "As configurações atuais correspondem ao padrão de sua Instância.", - "BTN_INSTALL": "Configurar", - "BTN_EDIT": "Modificar", - "DATA": { - "DESCRIPTION": "Descrição", - "MINLENGTH": "comprimento mínimo", - "HASNUMBER": "tem número", - "HASSYMBOL": "tem símbolo", - "HASLOWERCASE": "tem letra minúscula", - "HASUPPERCASE": "tem letra maiúscula", - "SHOWLOCKOUTFAILURES": "mostrar falhas de bloqueio", - "MAXATTEMPTS": "Máximo de tentativas de senha", - "EXPIREWARNDAYS": "Aviso de expiração após dias", - "MAXAGEDAYS": "Idade máxima em dias", - "USERLOGINMUSTBEDOMAIN": "Adicionar domínio da organização como sufixo aos nomes de login", - "USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se você habilitar essa configuração, todos os nomes de login serão sufixados com o domínio da organização. Se essa configuração estiver desabilitada, você deve garantir que os nomes de usuário sejam exclusivos em todas as organizações.", - "VALIDATEORGDOMAINS": "Validar domínios da organização", - "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "O endereço do remetente do SMTP corresponde ao domínio da Instância", - "ALLOWUSERNAMEPASSWORD": "Permitir usuário e senha", - "ALLOWEXTERNALIDP": "Permitir provedor de ID externo", - "ALLOWREGISTER": "Permitir registro", - "ALLOWUSERNAMEPASSWORD_DESC": "O login convencional com nome de usuário e senha é permitido.", - "ALLOWEXTERNALIDP_DESC": "O login é permitido para os provedores de identidade subjacentes", - "ALLOWREGISTER_DESC": "Se a opção estiver selecionada, uma etapa adicional para registrar um usuário aparecerá no login.", - "FORCEMFA": "Forçar MFA", - "FORCEMFA_DESC": "Se a opção estiver selecionada, os usuários deverão configurar um segundo fator para o login.", - "HIDEPASSWORDRESET": "Ocultar redefinição de senha", - "HIDEPASSWORDRESET_DESC": "Se a opção estiver selecionada, o usuário não poderá redefinir sua senha no processo de login.", - "HIDELOGINNAMESUFFIX": "Ocultar sufixo do nome de login", - "HIDELOGINNAMESUFFIX_DESC": "Oculta o sufixo do nome de login na interface de login", - "IGNOREUNKNOWNUSERNAMES": "Ignorar nomes de usuário desconhecidos", - "IGNOREUNKNOWNUSERNAMES_DESC": "Se a opção estiver selecionada, a tela de senha será exibida no processo de login, mesmo se o usuário não for encontrado. O erro na verificação de senha não revelará se o nome de usuário ou a senha estavam incorretos.", - "ALLOWDOMAINDISCOVERY": "Permitir descoberta de domínio", - "ALLOWDOMAINDISCOVERY_DESC": "Se a opção estiver selecionada, o sufixo (@domain.com) de um nome de usuário desconhecido inserido na tela de login será comparado com os domínios da organização e será redirecionado para o registro dessa organização em caso de sucesso.", - "DISABLELOGINWITHEMAIL": "Desativar login com endereço de email", - "DISABLELOGINWITHPHONE": "Desativar login com número de telefone", - "DEFAULTREDIRECTURI": "URI de redirecionamento padrão", - "DEFAULTREDIRECTURI_DESC": "Define para onde o usuário será redirecionado se o login for iniciado sem um contexto de aplicativo (por exemplo, a partir do e-mail)", - "ERRORMSGPOPUP": "Mostrar Erro em Diálogo", - "DISABLEWATERMARK": "Ocultar Marca d'água", - "DISABLEWATERMARK_DESC": "Ocultar a marca d'água Powered by ZITADEL na interface de login", - "PASSWORDCHECKLIFETIME": "Vida Útil da Verificação de Senha", - "EXTERNALLOGINCHECKLIFETIME": "Vida Útil da Verificação de Login Externo", - "MFAINITSKIPLIFETIME": "Vida Útil da Inicialização de Multifator", - "SECONDFACTORCHECKLIFETIME": "Vida Útil da Verificação de Segundo Fator", - "MULTIFACTORCHECKLIFETIME": "Vida Útil da Verificação de Multifator", - "INHOURS": "horas" - }, - "RESET": "Redefinir para o padrão da instância", - "CREATECUSTOM": "Criar Política Personalizada", - "TOAST": { - "SET": "Política definida com sucesso!", - "RESETSUCCESS": "Política redefinida com sucesso!", - "UPLOADSUCCESS": "Enviado com sucesso!", - "DELETESUCCESS": "Excluído com sucesso!", - "UPLOADFAILED": "Falha no envio!" - } - }, - "ORG_DETAIL": { - "TITLE": "Organização", - "DESCRIPTION": "Aqui você pode editar a configuração da sua organização e gerenciar os membros.", - "DETAIL": { - "TITLE": "Detalhes", - "NAME": "Nome", - "DOMAIN": "Domínio", - "STATE": { - "0": "Não definido", - "1": "Ativo", - "2": "Inativo" - } - }, - "MEMBER": { - "TITLE": "Membros", - "USERNAME": "Nome de Usuário", - "DISPLAYNAME": "Nome de Exibição", - "LOGINNAME": "Nome de Login", - "EMAIL": "E-mail", - "ROLES": "Funções", - "ADD": "Adicionar Membro", - "ADDDESCRIPTION": "Insira os nomes dos usuários a serem adicionados." - }, - "TABLE": { - "TOTAL": "Total de Entradas", - "SELECTION": "Elementos Selecionados", - "DEACTIVATE": "Desativar Usuário", - "ACTIVATE": "Ativar Usuário", - "DELETE": "Excluir Usuário", - "CLEAR": "Limpar seleção" - } - }, - "PROJECT": { - "PAGES": { - "TITLE": "Projeto", - "DESCRIPTION": "Aqui você pode definir aplicativos, gerenciar funções e conceder acesso a outras organizações para usar o seu projeto.", - "DELETE": "Excluir Projeto", - "LIST": "Projetos", - "LISTDESCRIPTION": "Se você não consegue encontrar um projeto, entre em contato com o proprietário do projeto ou alguém com os direitos correspondentes para obter acesso ao projeto.", - "DETAIL": "Detalhes", - "CREATE": "Criar Projeto", - "CREATE_DESC": "Insira o nome do seu projeto.", - "ROLE": "Função", - "NOITEMS": "Nenhum projeto", - "ZITADELPROJECT": "Isto pertence ao projeto ZITADEL. Atenção: Se você fizer alterações, o ZITADEL pode não funcionar como o esperado.", - "TYPE": { - "OWNED": "Projetos Próprios", - "GRANTED": "Projetos Concedidos", - "OWNED_SINGULAR": "Projeto Próprio", - "GRANTED_SINGULAR": "Projeto Concedido" - }, - "PRIVATELABEL": { - "TITLE": "Configuração de Marca", - "0": { - "TITLE": "Não Especificado", - "DESC": "Assim que o usuário for identificado, a marca da organização do usuário identificado será exibida antes da marca padrão do sistema." - }, - "1": { - "TITLE": "Usar configuração do projeto", - "DESC": "Será exibida a marca da organização que possui o projeto" - }, - "2": { - "TITLE": "Usar configuração da organização do usuário", - "DESC": "Será exibida a marca da organização do projeto, mas assim que o usuário for identificado, será exibida a configuração da organização do usuário identificado." - }, - "DIALOG": { - "TITLE": "Configuração de Marca", - "DESCRIPTION": "Selecione o comportamento do login ao usar o projeto." - } - }, - "PINNED": "Fixado", - "ALL": "Todos", - "CREATEDON": "Criado em", - "LASTMODIFIED": "Última modificação em", - "ADDNEW": "Criar Novo Projeto", - "DIALOG": { - "REACTIVATE": { - "TITLE": "Reativar Projeto", - "DESCRIPTION": "Tem certeza de que deseja reativar o seu projeto?" - }, - "DEACTIVATE": { - "TITLE": "Desativar Projeto", - "DESCRIPTION": "Tem certeza de que deseja desativar o seu projeto?" - }, - "DELETE": { - "TITLE": "Excluir Projeto", - "DESCRIPTION": "Tem certeza de que deseja excluir o seu projeto?", - "TYPENAME": "Digite o nome do projeto para excluí-lo permanentemente." - } - } - }, - "SETTINGS": { - "TITLE": "Configurações", - "DESCRIPTION": "" - }, - "STATE": { - "TITLE": "Status", - "0": "Não definido", - "1": "Ativo", - "2": "Inativo" - }, - "TYPE": { - "TITLE": "Tipo", - "0": "Tipo desconhecido", - "1": "Próprio", - "2": "Concedido" - }, - "NAME": "Nome", - "NAMEDIALOG": { - "TITLE": "Renomear Projeto", - "DESCRIPTION": "Digite o novo nome para o seu projeto", - "NAME": "Novo Nome" - }, - "MEMBER": { - "TITLE": "Gerentes", - "TITLEDESC": "Os gerentes podem fazer alterações neste projeto com base em sua função.", - "DESCRIPTION": "Esses gerentes podem ter permissão para editar o seu projeto.", - "USERNAME": "Nome de Usuário", - "DISPLAYNAME": "Nome de Exibição", - "LOGINNAME": "Nome de Login", - "EMAIL": "E-mail", - "ROLES": "Funções", - "USERID": "ID do Usuário" - }, - "GRANT": { - "EMPTY": "Nenhuma organização concedida.", - "TITLE": "Concessões de Projeto", - "DESCRIPTION": "Permite que outra organização use o seu projeto.", - "EDITTITLE": "Editar funções", - "CREATE": { - "TITLE": "Criar Concessão de Organização", - "SEL_USERS": "Selecione os usuários aos quais deseja conceder acesso", - "SEL_PROJECT": "Buscar um projeto", - "SEL_ROLES": "Selecione as funções que deseja adicionar à concessão", - "SEL_USER": "Selecione usuários", - "SEL_ORG": "Definir o domínio", - "SEL_ORG_DESC": "Insira o domínio completo para especificar a organização a ser concedida.", - "ORG_TITLE": "Organização", - "ORG_DESCRIPTION": "Você está prestes a conceder um usuário para a organização {{name}}.", - "ORG_DESCRIPTION_DESC": "Altere o contexto no cabeçalho acima para conceder um usuário para outra organização.", - "SEL_ORG_FORMFIELD": "Domínio Completo", - "SEL_ORG_BUTTON": "Buscar Organização", - "FOR_ORG": "A concessão é criada para:" - }, - "DETAIL": { - "TITLE": "Concessão de Projeto", - "DESC": "Você pode selecionar quais funções podem ser usadas pela organização especificada e eleger gerentes", - "MEMBERTITLE": "Gerentes", - "MEMBERDESC": "Estes são os gerentes da organização concedida. Adicione usuários aqui que devem ter acesso para editar os dados do projeto.", - "PROJECTNAME": "Nome do Projeto", - "GRANTEDORG": "Organização Concedida", - "RESOURCEOWNER": "Proprietário do Recurso" - }, - "STATE": "Status", - "STATES": { - "1": "Ativo", - "2": "Inativo" - }, - "ALL": "Todos", - "SHOWDETAIL": "Mostrar Detalhes", - "USER": "Usuário", - "MEMBERS": "Gerentes", - "ORG": "Organização", - "PROJECTNAME": "Nome do Projeto", - "GRANTEDORG": "Organização Concedida", - "GRANTEDORGDOMAIN": "Domínio", - "RESOURCEOWNER": "Proprietário do Recurso", - "GRANTEDORGNAME": "Nome da Organização", - "GRANTID": "ID da Concessão", - "CREATIONDATE": "Data de Criação", - "CHANGEDATE": "Última modificação", - "DATES": "Datas", - "ROLENAMESLIST": "Funções", - "NOROLES": "Nenhuma função", - "TYPE": "Tipo", - "TOAST": { - "PROJECTGRANTUSERGRANTADDED": "Concessão de projeto criada.", - "PROJECTGRANTADDED": "Concessão de projeto criada.", - "PROJECTGRANTCHANGED": "Concessão de projeto alterada.", - "PROJECTGRANTMEMBERADDED": "Gerente da concessão adicionado.", - "PROJECTGRANTMEMBERCHANGED": "Gerente da concessão alterado.", - "PROJECTGRANTMEMBERREMOVED": "Gerente da concessão removido.", - "PROJECTGRANTUPDATED": "Concessão de Projeto atualizada" - }, - "DIALOG": { - "DELETE_TITLE": "Excluir concessão de projeto", - "DELETE_DESCRIPTION": "Você está prestes a excluir uma concessão de projeto. Tem certeza?" - }, - "ROLES": "Funções do Projeto" - }, - "APP": { - "TITLE": "Aplicativos", - "NAME": "Nome", - "NAMEREQUIRED": "É necessário um nome." - }, - "ROLE": { - "EMPTY": "Nenhuma função foi criada ainda.", - "ADDNEWLINE": "Adicionar função adicional", - "KEY": "Chave", - "TITLE": "Funções", - "DESCRIPTION": "Defina algumas funções que podem ser usadas para criar concessões de projeto.", - "NAME": "Nome", - "DISPLAY_NAME": "Nome de Exibição", - "GROUP": "Grupo", - "ACTIONS": "Ações", - "ADDTITLE": "Criar Função", - "ADDDESCRIPTION": "Insira os dados para a nova função.", - "EDITTITLE": "Editar Função", - "EDITDESCRIPTION": "Insira os novos dados para a função.", - "DELETE": "Excluir Função", - "CREATIONDATE": "Criada em", - "CHANGEDATE": "Última modificação", - "SELECTGROUPTOOLTIP": "Selecione todas as funções do grupo {{group}}.", - "OPTIONS": "Opções", - "ASSERTION": "Afirma Funções na Autenticação", - "ASSERTION_DESCRIPTION": "As informações de função são enviadas pelo ponto de extremidade Userinfo e dependendo das configurações do seu aplicativo em tokens e outros tipos.", - "CHECK": "Verificar autorização na Autenticação", - "CHECK_DESCRIPTION": "Se definido, os usuários só podem fazer login se alguma função for atribuída à sua conta.", - "DIALOG": { - "DELETE_TITLE": "Excluir função", - "DELETE_DESCRIPTION": "Você está prestes a excluir uma função de projeto. Tem certeza?" - } - }, - "HAS_PROJECT": "Verificar Projeto na Autenticação", - "HAS_PROJECT_DESCRIPTION": "Verifica se a organização dousuário possui este projeto. Se não possuir, o usuário não poderá ser autenticado.", - "TABLE": { - "TOTAL": "Total de Entradas:", - "SELECTION": "Elementos Selecionados", - "DEACTIVATE": "Desativar Projeto", - "ACTIVATE": "Ativar Projeto", - "DELETE": "Excluir Projeto", - "ORGNAME": "Nome da Organização", - "ORGDOMAIN": "Domínio da Organização", - "STATE": "Status", - "TYPE": "Tipo", - "CREATIONDATE": "Criado em", - "CHANGEDATE": "Última modificação", - "RESOURCEOWNER": "Proprietário do Recurso", - "SHOWTABLE": "Mostrar tabela", - "SHOWGRID": "Mostrar grade", - "EMPTY": "Nenhum projeto encontrado" - }, - "TOAST": { - "MEMBERREMOVED": "Gerente removido.", - "MEMBERSADDED": "Gerentes adicionados.", - "MEMBERADDED": "Gerente adicionado.", - "MEMBERCHANGED": "Gerente alterado.", - "ROLESCREATED": "Funções criadas.", - "ROLEREMOVED": "Função removida.", - "ROLECHANGED": "Função alterada.", - "REACTIVATED": "Reativado.", - "DEACTIVATED": "Desativado.", - "CREATED": "Projeto criado.", - "UPDATED": "Projeto alterado.", - "GRANTUPDATED": "Concessão alterada.", - "DELETED": "Projeto excluído." - } - }, - "ROLES": { - "DIALOG": { - "DELETE_TITLE": "Excluir função", - "DELETE_DESCRIPTION": "Você está prestes a excluir uma função. Tem certeza?" - } - }, - "NEXTSTEPS": { - "TITLE": "Próximos Passos" - }, - "IDP": { - "LIST": { - "TITLE": "Provedores de Identidade", - "DESCRIPTION": "Gerencie a configuração do seu Provedor de Identidade, que pode ser ativado nas suas Configurações de Login.", - "ACTIVETITLE": "Provedores de Identidade Ativos" - }, - "CREATE": { - "TITLE": "Adicionar provedor", - "DESCRIPTION": "Selecione um ou mais dos seguintes provedores.", - "STEPPERTITLE": "Criar Provedor", - "OIDC": { - "TITLE": "Provedor OIDC", - "DESCRIPTION": "Insira os dados necessários para o seu provedor OIDC." - }, - "OAUTH": { - "TITLE": "Provedor OAuth", - "DESCRIPTION": "Insira os dados necessários para o seu provedor OAuth." - }, - "JWT": { - "TITLE": "Provedor JWT", - "DESCRIPTION": "Insira os dados necessários para o seu provedor JWT." - }, - "GOOGLE": { - "TITLE": "Provedor Google", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Google" - }, - "GITLAB": { - "TITLE": "Provedor Gitlab", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Gitlab" - }, - "GITLABSELFHOSTED": { - "TITLE": "Provedor Gitlab Self Hosted", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Gitlab Self Hosted" - }, - "GITHUBES": { - "TITLE": "Provedor GitHub Enterprise Server", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do GitHub Enterprise Server" - }, - "GITHUB": { - "TITLE": "Provedor Github", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Github" - }, - "AZUREAD": { - "TITLE": "Provedor Microsoft", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade da Microsoft" - }, - "LDAP": { - "TITLE": "Active Directory / LDAP", - "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade LDAP" - } - }, - "DETAIL": { - "TITLE": "Provedor de Identidade", - "DESCRIPTION": "Atualize a configuração do seu provedor", - "DATECREATED": "Criado em", - "DATECHANGED": "Última modificação" - }, - "OPTIONS": { - "ISAUTOCREATION": "Criação Automática", - "ISAUTOCREATION_DESC": "Se selecionado, uma conta será criada se ainda não existir.", - "ISAUTOUPDATE": "Atualização Automática", - "ISAUTOUPDATE_DESC": "Se selecionado, as contas são atualizadas ao serem reautenticadas.", - "ISCREATIONALLOWED": "Criação de Conta Permitida", - "ISCREATIONALLOWED_DESC": "Determina se as contas podem ser criadas.", - "ISLINKINGALLOWED": "Vinculação de Conta Permitida", - "ISLINKINGALLOWED_DESC": "Determina se uma identidade pode ser vinculada a uma conta existente." - }, - "OWNERTYPES": { - "0": "desconhecido", - "1": "Instância", - "2": "Organização" - }, - "STATES": { - "1": "ativo", - "2": "inativo" - }, - "AZUREADTENANTTYPES": { - "3": "ID do Locatário", - "0": "Comum", - "1": "Organizações", - "2": "Consumidores" - }, - "AZUREADTENANTTYPE": "Tipo de Locatário", - "AZUREADTENANTID": "ID do Locatário", - "EMAILVERIFIED": "E-mail Verificado", - "NAMEHINT": "Se especificado, será mostrado na interface de login.", - "OPTIONAL": "opcional", - "LDAPATTRIBUTES": "Atributos LDAP", - "UPDATEBINDPASSWORD": "atualizar Senha de Vinculação", - "UPDATECLIENTSECRET": "atualizar segredo do cliente", - "ADD": "Adicionar Provedor de Identidade", - "TYPE": "Tipo", - "OWNER": "Proprietário", - "ID": "ID", - "NAME": "Nome", - "AUTHORIZATIONENDPOINT": "Ponto de Autorização", - "TOKENENDPOINT": "Ponto de Token", - "USERENDPOINT": "Ponto de Usuário", - "IDATTRIBUTE": "Atributo ID", - "AVAILABILITY": "Disponibilidade", - "AVAILABLE": "disponível", - "AVAILABLEBUTINACTIVE": "disponível, mas inativo", - "SETAVAILABLE": "definir como disponível", - "SETUNAVAILABLE": "definir como indisponível", - "CONFIG": "Configuração", - "STATE": "Status", - "ISSUER": "Eu emissor", - "SCOPESLIST": "Lista de Escopos", - "CLIENTID": "ID do Cliente", - "CLIENTSECRET": "Segredo do Cliente", - "LDAPCONNECTION": "Conexão", - "LDAPUSERBINDING": "Vínculo de Usuário", - "BASEDN": "BaseDn", - "BINDDN": "BindDn", - "BINDPASSWORD": "Senha de Vinculação", - "SERVERS": "Servidores", - "STARTTLS": "Iniciar TLS", - "TIMEOUT": "Tempo limite em segundos", - "USERBASE": "Base de Usuários", - "USERFILTERS": "Filtros de Usuário", - "USEROBJECTCLASSES": "Classes de Objeto de Usuário", - "REQUIRED": "obrigatório", - "LDAPIDATTRIBUTE": "atributo ID", - "AVATARURLATTRIBUTE": "atributo URL de Avatar", - "DISPLAYNAMEATTRIBUTE": "atributo de Nome Exibido", - "EMAILATTRIBUTEATTRIBUTE": "atributo de E-mail", - "EMAILVERIFIEDATTRIBUTE": "atributo de E-mail Verificado", - "FIRSTNAMEATTRIBUTE": "atributo de Nome Próprio", - "LASTNAMEATTRIBUTE": "atributo de Sobrenome", - "NICKNAMEATTRIBUTE": "atributo de Apelido", - "PHONEATTRIBUTE": "atributo de Telefone", - "PHONEVERIFIEDATTRIBUTE": "atributo de Telefone Verificado", - "PREFERREDLANGUAGEATTRIBUTE": "atributo de Idioma Preferido", - "PREFERREDUSERNAMEATTRIBUTE": "atributo de Nome de Usuário Preferido", - "PROFILEATTRIBUTE": "atributo de Perfil", - "IDPDISPLAYNAMMAPPING": "Mapeamento de Nome de Exibição do IDP", - "USERNAMEMAPPING": "Mapeamento de Nome de Usuário", - "DATES": "Datas", - "CREATIONDATE": "Criado em", - "CHANGEDATE": "Última Modificação", - "DEACTIVATE": "Desativar", - "ACTIVATE": "Ativar", - "DELETE": "Excluir", - "DELETE_TITLE": "Excluir Provedor de Identidade", - "DELETE_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?", - "DELETE_SELECTION_TITLE": "Excluir Provedor de Identidade", - "DELETE_SELECTION_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?", - "EMPTY": "Nenhum provedor de identidade disponível", - "OIDC": { - "GENERAL": "Informações Gerais", - "TITLE": "Configuração OIDC", - "DESCRIPTION": "Insira os dados para o Provedor de Identidade OIDC." - }, - "JWT": { - "TITLE": "Configuração JWT", - "DESCRIPTION": "Insira os dados para o Provedor de Identidade JWT.", - "HEADERNAME": "Nome do Cabeçalho", - "JWTENDPOINT": "Endpoint JWT", - "JWTKEYSENDPOINT": "Endpoint de Chaves JWT" - }, - "TOAST": { - "SAVED": "Salvo com sucesso.", - "REACTIVATED": "Provedor de identidade reativado.", - "DEACTIVATED": "Provedor de identidade desativado.", - "SELECTEDREACTIVATED": "Provedores de identidade selecionados reativados.", - "SELECTEDDEACTIVATED": "Provedores de identidade selecionados desativados.", - "SELECTEDKEYSDELETED": "Provedores de identidade selecionados excluídos.", - "DELETED": "Provedor de identidade removido com sucesso!", - "ADDED": "Adicionado com sucesso.", - "REMOVED": "Removido com sucesso." - } - }, - "MFA": { - "LIST": { - "MULTIFACTORTITLE": "Sem Senha", - "MULTIFACTORDESCRIPTION": "Defina seus Multifactores para autenticação sem senha aqui.", - "SECONDFACTORTITLE": "Autenticação Multifator", - "SECONDFACTORDESCRIPTION": "Defina outros fatores possíveis com os quais você pode proteger a autenticação por senha." - }, - "CREATE": { - "TITLE": "Novo Fator", - "DESCRIPTION": "Selecione o tipo do novo fator." - }, - "DELETE": { - "TITLE": "Excluir Fator", - "DESCRIPTION": "Você está prestes a excluir um fator das Configurações de Login. Tem certeza?" - }, - "TOAST": { - "ADDED": "Adicionado com sucesso.", - "SAVED": "Salvo com sucesso.", - "DELETED": "Removido com sucesso" - }, - "TYPE": "Tipo", - "MULTIFACTORTYPES": { - "0": "Desconhecido", - "1": "Impressão Digital, Chaves de Segurança, Face ID e outros" - }, - "SECONDFACTORTYPES": { - "0": "Desconhecido", - "1": "Senha de Uso Único (OTP)", - "2": "Impressão Digital, Chaves de Segurança, Face ID e outros" - } - }, - "LOGINPOLICY": { - "CREATE": { - "TITLE": "Configurações de Login", - "DESCRIPTION": "Defina como seus usuários podem ser autenticados na sua organização." - }, - "IDPS": "Provedores de Identidade", - "ADDIDP": { - "TITLE": "Adicionar Provedor de Identidade", - "DESCRIPTION": "Você pode selecionar provedores pré-definidos ou criados por você para autenticação.", - "SELECTIDPS": "Provedores de identidade" - }, - "PASSWORDLESS": "Login sem Senha", - "PASSWORDLESSTYPE": { - "0": "Não permitido", - "1": "Permitido" - } - }, - "APP": { - "LIST": "Aplicações", - "COMPLIANCE": "Conformidade OIDC", - "URLS": "URLs", - "CONFIGURATION": "Configuração", - "TOKEN": "Configurações de Token", - "PAGES": { - "TITLE": "Aplicativo", - "ID": "ID", - "DESCRIPTION": "Aqui você pode editar os dados do seu aplicativo e sua configuração.", - "CREATE": "Criar aplicativo", - "CREATE_SELECT_PROJECT": "Selecione o seu projeto primeiro", - "CREATE_NEW_PROJECT": "ou crie um novo aqui.", - "CREATE_DESC_TITLE": "Insira os Detalhes do seu Aplicativo Passo a Passo", - "CREATE_DESC_SUB": "Uma configuração recomendada será gerada automaticamente.", - "STATE": "Status", - "DATECREATED": "Criado", - "DATECHANGED": "Alterado", - "URLS": "URLs", - "DELETE": "Excluir App", - "DETAIL": { - "TITLE": "Detalhe", - "STATE": { - "0": "Não definido", - "1": "Ativo", - "2": "Inativo" - } - }, - "DIALOG": { - "CONFIG": { - "TITLE": "Alterar Configuração OIDC" - }, - "DELETE": { - "TITLE": "Excluir App", - "DESCRIPTION": "Você realmente deseja excluir este aplicativo?" - } - }, - "NEXTSTEPS": { - "TITLE": "Próximos Passos", - "0": { - "TITLE": "Adicionar funções", - "DESC": "Insira as funções do seu projeto" - }, - "1": { - "TITLE": "Adicionar usuários", - "DESC": "Adicione novos usuários da sua organização" - }, - "2": { - "TITLE": "Ajuda e Suporte", - "DESC": "Leia nossa documentação sobre como criar aplicativos ou entre em contato com nosso suporte" - } - } - }, - "NAMEDIALOG": { - "TITLE": "Renomear Aplicativo", - "DESCRIPTION": "Digite o novo nome para o seu aplicativo", - "NAME": "Novo Nome" - }, - "NAME": "Nome", - "TYPE": "Tipo de Aplicativo", - "AUTHMETHOD": "Método de Autenticação", - "AUTHMETHODSECTION": "Método de Autenticação", - "GRANT": "Tipos de Concessão", - "ADDITIONALORIGINS": "Origens Adicionais", - "ADDITIONALORIGINSDESC": "Se você deseja adicionar origens adicionais ao seu aplicativo que não são usadas como redirecionamento, você pode fazer isso aqui.", - "ORIGINS": "Origens", - "NOTANORIGIN": "O valor inserido não é uma origem", - "PROSWITCH": "Sou um profissional. Pular este assistente.", - "NAMEANDTYPESECTION": "Nome e Tipo", - "TITLEFIRST": "Nome do aplicativo", - "TYPETITLE": "Tipo de aplicativo", - "OIDC": { - "WELLKNOWN": "Links adicionais podem ser obtidos a partir do endpoint de descoberta.", - "INFO": { - "ISSUER": "Emissor", - "CLIENTID": "ID do Cliente" - }, - "CURRENT": "Configuração Atual", - "TOKENSECTIONTITLE": "Opções de Token de Autenticação", - "REDIRECTSECTIONTITLE": "Configurações de Redirecionamento", - "REDIRECTTITLE": "Especifique as URIs para onde o login será redirecionado.", - "POSTREDIRECTTITLE": "Esta é a URI de redirecionamento após o logout.", - "REDIRECTDESCRIPTIONWEB": "URIs de redirecionamento devem começar com https://. http:// é válido apenas com o modo de desenvolvimento habilitado.", - "REDIRECTDESCRIPTIONNATIVE": "URIs de redirecionamento devem começar com seu próprio protocolo, http://127.0.0.1, http://[::1] ou http://localhost.", - "REDIRECTNOTVALID": "Esta URI de redirecionamento não é válida.", - "COMMAORENTERSEPERATION": "separar com ↵", - "TYPEREQUIRED": "O tipo é obrigatório.", - "TITLE": "Configuração OIDC", - "CLIENTID": "ID do Cliente", - "CLIENTSECRET": "Segredo do Cliente", - "CLIENTSECRET_NOSECRET": "Com o fluxo de autenticação escolhido, nenhum segredo é necessário e, portanto, não está disponível.", - "CLIENTSECRET_DESCRIPTION": "Mantenha o segredo do cliente em um local seguro, pois ele desaparecerá assim que o diálogo for fechado.", - "REGENERATESECRET": "Regenerar Segredo do Cliente", - "DEVMODE": "Modo de Desenvolvimento", - "DEVMODEDESC": "Atenção: Com o modo de desenvolvimento habilitado, as URIs de redirecionamento não serão validadas.", - "SKIPNATIVEAPPSUCCESSPAGE": "Pular Página de Sucesso de Login", - "SKIPNATIVEAPPSUCCESSPAGE_DESCRIPTION": "Pule a página de sucesso após o login para este aplicativo nativo.", - "REDIRECT": "URIs de Redirecionamento", - "REDIRECTSECTION": "URIs de Redirecionamento", - "POSTLOGOUTREDIRECT": "URIs de Pós-Logout", - "RESPONSESECTION": "Tipos de Resposta", - "GRANTSECTION": "Tipos de Concessão", - "GRANTTITLE": "Selecione os tipos de concessão. Observação: O tipo Implícito está disponível apenas para aplicativos baseados em navegador.", - "APPTYPE": { - "0": "Web", - "1": "Agente de Usuário", - "2": "Nativo" - }, - "RESPONSETYPE": "Tipos de Resposta", - "RESPONSE": { - "0": "Código", - "1": "ID Token", - "2": "Token-ID Token" - }, - "REFRESHTOKEN": "Token de Atualização", - "GRANTTYPE": "Tipos de Concessão", - "GRANT": { - "0": "Código de Autorização", - "1": "Implícito", - "2": "Token de Atualização", - "3": "Código do Dispositivo" - }, - "AUTHMETHOD": { - "0": "Básico", - "1": "Post", - "2": "Nenhum", - "3": "JWT de Chave Privada" - }, - "TOKENTYPE": "Tipo de Token de Autenticação", - "TOKENTYPE0": "Token de Portador", - "TOKENTYPE1": "JWT", - "UNSECUREREDIRECT": "Espero que você saiba o que está fazendo.", - "OVERVIEWSECTION": "Visão Geral", - "OVERVIEWTITLE": "Agora você terminou. Revise sua configuração.", - "ACCESSTOKENROLEASSERTION": "Adicionar funções do usuário ao token de acesso", - "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Se selecionado, as funções solicitadas do usuário autenticado serão adicionadas ao token de acesso.", - "IDTOKENROLEASSERTION": "Funções do usuário no ID Token", - "IDTOKENROLEASSERTION_DESCRIPTION": "Se selecionado, as funções solicitadas do usuário autenticado serão adicionadas ao ID token.", - "IDTOKENUSERINFOASSERTION": "Informações do usuário no ID Token", - "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Permite que os clientes obtenham claims de perfil, e-mail, telefone e endereço do ID token.", - "CLOCKSKEW": "Permite que os clientes lidem com a discrepância de tempo do OP e do cliente. A duração (0-5s) será adicionada ao claim exp e subtraída de iat, auth_time e nbf.", - "RECOMMENDED": "recomendado", - "NOTRECOMMENDED": "não recomendado", - "SELECTION": { - "APPTYPE": { - "WEB": { - "TITLE": "Web", - "DESCRIPTION": "Aplicações da Web regulares como .net, PHP, Node.js, Java, etc." - }, - "NATIVE": { - "TITLE": "Nativo", - "DESCRIPTION": "Aplicativos móveis, desktop, dispositivos inteligentes, etc." - }, - "USERAGENT": { - "TITLE": "Agente de Usuário", - "DESCRIPTION": "Aplicativos de página única (SPA) e, em geral, todos os frameworks JS executados em navegadores" - } - } - } - }, - "API": { - "INFO": { - "CLIENTID": "ID do Cliente" - }, - "REGENERATESECRET": "Regenerar Segredo do Cliente", - "SELECTION": { - "TITLE": "API", - "DESCRIPTION": "APIs em geral" - }, - "AUTHMETHOD": { - "0": "Básico", - "1": "JWT de Chave Privada" - } - }, - "SAML": { - "SELECTION": { - "TITLE": "SAML", - "DESCRIPTION": "Aplicativos SAML" - }, - "CONFIGSECTION": "Configuração SAML", - "URL": "URL onde o arquivo de Metadados está localizado", - "OR": "ou", - "XML": "Carregar XML de Metadados", - "METADATA": "Metadados", - "METADATAFROMFILE": "Metadados do Arquivo" - }, - "AUTHMETHODS": { - "CODE": { - "TITLE": "Código", - "DESCRIPTION": "Trocar o código de autorização pelos tokens" - }, - "PKCE": { - "TITLE": "PKCE", - "DESCRIPTION": "Usar um hash aleatório em vez de um segredo de cliente estático para maior segurança" - }, - "POST": { - "TITLE": "POST", - "DESCRIPTION": "Enviar client_id e client_secret como parte do formulário" - }, - "PK_JWT": { - "TITLE": "JWT de Chave Privada", - "DESCRIPTION": "Usar uma chave privada para autorizar seu aplicativo" - }, - "BASIC": { - "TITLE": "Básico", - "DESCRIPTION": "Autenticação com Nome de Usuário e Senha" - }, - "IMPLICIT": { - "TITLE": "Implícito", - "DESCRIPTION": "Obter os tokens diretamente do ponto de extremidade de autorização" - }, - "DEVICECODE": { - "TITLE": "Código do Dispositivo", - "DESCRIPTION": "Autorizar o dispositivo em um computador ou smartphone." - }, - "CUSTOM": { - "TITLE": "Personalizado", - "DESCRIPTION": "Sua configuração não corresponde a nenhuma outra opção." - } - }, - "TOAST": { - "REACTIVATED": "Aplicativo reativado.", - "DEACTIVATED": "Aplicativo desativado.", - "OIDCUPDATED": "Aplicativo atualizado.", - "APIUPDATED": "Aplicativo atualizado.", - "UPDATED": "Aplicativo atualizado.", - "CREATED": "Aplicativo criado.", - "CLIENTSECRETREGENERATED": "segredo do cliente gerado.", - "DELETED": "Aplicativo excluído.", - "CONFIGCHANGED": "Alterações detectadas!" - } - }, - "GENDERS": { - "0": "Desconhecido", - "1": "Feminino", - "2": "Masculino", - "3": "Outro" - }, - "LANGUAGES": { - "de": "Deutsch", - "en": "English", - "es": "Español", - "fr": "Français", - "it": "Italiano", - "ja": "日本語", - "pl": "Polski", - "zh": "简体中文", - "bg": "Български", - "pt": "Portuguese", - "mk": "Македонски" - }, - "MEMBER": { - "ADD": "Adicionar um Gerente", - "CREATIONTYPE": "Tipo de Criação", - "CREATIONTYPES": { - "3": "IAM", - "2": "Organização", - "0": "Projeto Próprio", - "1": "Projeto Concedido", - "4": "Projeto" - }, - "EDITROLE": "Editar funções", - "EDITFOR": "Editar as funções para o usuário: {{value}}", - "DIALOG": { - "DELETE_TITLE": "Remover Gerente", - "DELETE_DESCRIPTION": "Você está prestes a remover um gerente. Tem certeza?" - } - }, - "ROLESLABEL": "Funções", - "GRANTS": { - "TITLE": "Autorizações", - "DESC": "Estas são todas as autorizações na sua organização.", - "DELETE": "Excluir Autorização", - "EMPTY": "Nenhuma autorização encontrada", - "ADD": "Criar Autorização", - "ADD_BTN": "Novo", - "PROJECT": { - "TITLE": "Autorização", - "DESCRIPTION": "Defina as autorizações para o projeto especificado. Observe que você só pode ver entradas de projetos e usuários para os quais você tem permissão." - }, - "USER": { - "TITLE": "Autorização", - "DESCRIPTION": "Defina as autorizações para o usuário especificado. Observe que você só pode ver entradas de projetos e usuários para os quais você tem permissão." - }, - "CREATE": { - "TITLE": "Criar autorização", - "DESCRIPTION": "Pesquise a organização, o projeto e as funções correspondentes." - }, - "EDIT": { - "TITLE": "Alterar autorização" - }, - "DETAIL": { - "TITLE": "Detalhes da Autorização", - "DESCRIPTION": "Aqui você pode ver todos os detalhes da autorização." - }, - "TOAST": { - "UPDATED": "Autorização atualizada.", - "REMOVED": "Autorização removida", - "BULKREMOVED": "Autorizações removidas." - }, - "DIALOG": { - "DELETE_TITLE": "Excluir autorização", - "DELETE_DESCRIPTION": "Você está prestesa excluir uma autorização. Deseja continuar?", - "BULK_DELETE_TITLE": "Excluir autorizações", - "BULK_DELETE_DESCRIPTION": "Você está prestes a excluir várias autorizações. Deseja continuar?" - } - }, - "CHANGES": { - "LISTTITLE": "Últimas Alterações", - "BOTTOM": "Você chegou ao final da lista.", - "LOADMORE": "Carregar mais", - "ORG": { - "TITLE": "Atividade", - "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração na organização." - }, - "PROJECT": { - "TITLE": "Atividade", - "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração no projeto." - }, - "USER": { - "TITLE": "Atividade", - "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração no usuário." - } - } -} \ No newline at end of file + "APP_NAME": "ZITADEL", + "PAGINATOR": { + "PREVIOUS": "Anterior", + "NEXT": "Próximo", + "COUNT": "Total de Resultados", + "MORE": "Mais" + }, + "FOOTER": { + "LINKS": { + "CONTACT": "Contato", + "TOS": "Termos de Serviço", + "PP": "Política de Privacidade" + }, + "THEME": { + "DARK": "Escuro", + "LIGHT": "Claro" + } + }, + "HOME": { + "WELCOME": "Comece com ZITADEL", + "DISCLAIMER": "A ZITADEL trata seus dados confidencialmente e com segurança.", + "DISCLAIMERLINK": "Mais informações", + "DOCUMENTATION": { + "TITLE": "Documentação", + "DESCRIPTION": "Comece rapidamente com ZITADEL." + }, + "GETSTARTED": { + "TITLE": "Comece com ZITADEL", + "DESCRIPTION": "Comece rapidamente com ZITADEL." + }, + "QUICKSTARTS": { + "LABEL": "Primeiros Passos", + "TITLE": "Início Rápido", + "DESCRIPTION": "Comece rapidamente com ZITADEL." + }, + "SHORTCUTS": { + "SHORTCUTS": "Atalhos", + "SETTINGS": "Atalhos disponíveis", + "PROJECTS": "Projetos", + "REORDER": "Mantenha e arraste o bloco para movê-lo", + "ADD": "Mantenha e arraste um bloco para adicionar" + } + }, + "ONBOARDING": { + "DESCRIPTION": "Seu processo de integração", + "MOREDESCRIPTION": "mais atalhos", + "COMPLETED": "concluído", + "DISMISS": "Não, obrigado, sou um profissional.", + "CARD": { + "TITLE": "Inicie o ZITADEL", + "DESCRIPTION": "Esta lista de verificação ajuda a configurar sua instância e orienta você nas etapas mais essenciais" + }, + "EVENTS": { + "instance.policy.label.added": { + "title": "Configure sua marca", + "description": "Defina cores e forma para o seu login e faça o upload do seu logotipo e ícones.", + "action": "Configurar marca" + }, + "instance.smtp.config.added": { + "title": "Configure as configurações SMTP", + "description": "Configure as configurações do seu próprio servidor de e-mail.", + "action": "Configurar SMTP" + }, + "project.added": { + "title": "Crie um projeto", + "description": "Adicione um projeto e defina suas funções e autorizações.", + "action": "Criar projeto" + }, + "project.application.added": { + "title": "Crie um aplicativo", + "description": "Crie um aplicativo da web, nativo, API ou SAML e configure o fluxo de autenticação.", + "action": "Criar aplicativo" + }, + "user.human.added": { + "title": "Adicione usuários", + "description": "Adicione usuários do seu aplicativo", + "action": "Adicionar usuário" + }, + "user.grant.added": { + "title": "Conceda permissões aos usuários", + "description": "Permita que os usuários acessem seu aplicativo e configure suas funções.", + "action": "Conceder permissões" + } + } + }, + "MENU": { + "INSTANCE": "Instância", + "DASHBOARD": "Início", + "PERSONAL_INFO": "Informações Pessoais", + "DOCUMENTATION": "Documentação", + "INSTANCEOVERVIEW": "Instância", + "ORGS": "Organizações", + "VIEWS": "Visualizações", + "EVENTS": "Eventos", + "FAILEDEVENTS": "Eventos com Falha", + "ORGANIZATION": "Organização", + "DOMAINS": "Domínios", + "PROJECT": "Projetos", + "PROJECTOVERVIEW": "Visão Geral", + "PROJECTGRANTS": "Autorizações", + "ROLES": "Funções", + "GRANTEDPROJECT": "Projetos Concedidos", + "HUMANUSERS": "Usuários", + "MACHINEUSERS": "Usuários de Serviço", + "LOGOUT": "Encerrar Sessão de Todos os Usuários", + "NEWORG": "Nova Organização", + "IAMADMIN": "Você é um Administrador IAM. Observe que você possui permissões estendidas.", + "SHOWORGS": "Mostrar Todas as Organizações", + "GRANTS": "Autorizações", + "ACTIONS": "Ações", + "PRIVACY": "Privacidade", + "TOS": "Termos de Serviço", + "OPENSHORTCUTSTOOLTIP": "Digite ? para mostrar os atalhos do teclado", + "SETTINGS": "Configurações", + "CUSTOMERPORTAL": "Portal do Cliente" + }, + "ACTIONS": { + "ACTIONS": "Ações", + "FILTER": "Filtrar", + "RENAME": "Renomear", + "SET": "Definir", + "COPY": "Copiar para a Área de Transferência", + "COPIED": "Copiado para a área de transferência.", + "RESET": "Redefinir", + "RESETDEFAULT": "Redefinir para o Padrão", + "RESETTO": "Redefinir para: ", + "RESETCURRENT": "Redefinir para o atual", + "SHOW": "Mostrar", + "HIDE": "Ocultar", + "SAVE": "Salvar", + "SAVENOW": "Salvar agora", + "NEW": "Novo", + "ADD": "Adicionar", + "CREATE": "Criar", + "CONTINUE": "Continuar", + "BACK": "Voltar", + "CLOSE": "Fechar", + "CLEAR": "Limpar", + "CANCEL": "Cancelar", + "INFO": "Informações", + "OK": "OK", + "SELECT": "Selecionar", + "VIEW": "Mostrar", + "SELECTIONDELETE": "Excluir seleção", + "DELETE": "Excluir", + "REMOVE": "Remover", + "VERIFY": "Verificar", + "FINISH": "Concluir", + "FINISHED": "Fechar", + "CHANGE": "Alterar", + "REACTIVATE": "Reativar", + "ACTIVATE": "Ativar", + "DEACTIVATE": "Desativar", + "REFRESH": "Atualizar", + "LOGIN": "Entrar", + "EDIT": "Editar", + "PIN": "Fixar / Desafixar", + "CONFIGURE": "Configurar", + "SEND": "Enviar", + "NEWVALUE": "Novo Valor", + "RESTORE": "Restaurar", + "CONTINUEWITHOUTSAVE": "Continuar sem salvar", + "OF": "de", + "PREVIOUS": "Anterior", + "NEXT": "Próximo", + "MORE": "mais", + "STEP": "Passo", + "SETUP": "Configuração", + "UNSAVEDCHANGES": "Alterações não salvas", + "UNSAVED": { + "DIALOG": { + "DESCRIPTION": "Tem certeza de que deseja descartar esta nova ação? Sua ação será perdida", + "CANCEL": "Cancelar", + "DISCARD": "Descartar" + } + }, + "TABLE": { + "SHOWUSER": "Mostrar usuário {{value}}" + } + }, + "MEMBERROLES": { + "IAM_OWNER": "Tem controle sobre toda a instância, incluindo todas as organizações", + "IAM_OWNER_VIEWER": "Tem permissão para revisar toda a instância, incluindo todas as organizações", + "IAM_ORG_MANAGER": "Tem permissão para criar e gerenciar organizações", + "IAM_USER_MANAGER": "Tem permissão para criar e gerenciar usuários", + "ORG_OWNER": "Tem permissão sobre toda a organização", + "ORG_USER_MANAGER": "Tem permissão para criar e gerenciar usuários da organização", + "ORG_OWNER_VIEWER": "Tem permissão para revisar toda a organização", + "ORG_USER_PERMISSION_EDITOR": "Tem permissão para gerenciar concessões de usuários", + "ORG_PROJECT_PERMISSION_EDITOR": "Tem permissão para gerenciar concessões de projetos", + "ORG_PROJECT_CREATOR": "Tem permissão para criar seus próprios projetos e configurações subjacentes", + "PROJECT_OWNER": "Tem permissão sobre todo o projeto", + "PROJECT_OWNER_VIEWER": "Tem permissão para revisar todo o projeto", + "PROJECT_OWNER_GLOBAL": "Tem permissão sobre todo o projeto", + "PROJECT_OWNER_VIEWER_GLOBAL": "Tem permissão para revisar todo o projeto", + "PROJECT_GRANT_OWNER": "Tem permissão para gerenciar a concessão do projeto", + "PROJECT_GRANT_OWNER_VIEWER": "Tem permissão para revisar a concessão do projeto" + }, + "OVERLAYS": { + "ORGSWITCHER": { + "TEXT": "Todas as configurações e tabelas de organização no console são baseadas em uma organização selecionada. Clique neste botão para trocar de organização ou criar uma nova." + }, + "INSTANCE": { + "TEXT": "Clique aqui para acessar as configurações da instância. Observe que você só tem acesso a este botão se tiver permissões avançadas." + }, + "PROFILE": { + "TEXT": "Aqui você pode alternar entre suas contas de usuário e gerenciar suas sessões e perfil." + }, + "NAV": { + "TEXT": "Esta navegação muda com base na organização selecionada acima ou na sua instância" + }, + "CONTEXTCHANGED": { + "TEXT": "O contexto da organização foi alterado." + }, + "SWITCHEDTOINSTANCE": { + "TEXT": "A visualização mudou para a instância!" + } + }, + "FILTER": { + "TITLE": "Filtro", + "STATE": "Status", + "DISPLAYNAME": "Nome de Exibição do Usuário", + "EMAIL": "E-mail", + "USERNAME": "Nome de Usuário", + "ORGNAME": "Nome da Organização", + "PROJECTNAME": "Nome do Projeto", + "RESOURCEOWNER": "Proprietário do Recurso", + "METHODS": { + "5": "contém", + "7": "termina com", + "1": "igual a" + } + }, + "KEYBOARDSHORTCUTS": { + "TITLE": "Atalhos de Teclado", + "UNDERORGCONTEXT": "Dentro das páginas da organização", + "SIDEWIDE": "Atalhos em todo o site", + "SHORTCUTS": { + "HOME": "Ir para Início", + "INSTANCE": "Ir para Instância", + "ORG": "Ir para Organização", + "ORGSETTINGS": "Ir para Configurações da Organização", + "ORGSWITCHER": "Trocar de Organização", + "ME": "Ir para meu perfil", + "PROJECTS": "Ir para Projetos", + "USERS": "Ir para Usuários", + "USERGRANTS": "Ir para Autorizações", + "ACTIONS": "Ir para Ações e Fluxos", + "DOMAINS": "Ir para Domínios" + } + }, + "RESOURCEID": "ID do Recurso", + "NAME": "Nome", + "VERSION": "Versão", + "TABLE": { + "NOROWS": "Sem dados" + }, + "ERRORS": { + "REQUIRED": "Por favor, preencha este campo.", + "ATLEASTONE": "Forneça pelo menos um valor.", + "TOKENINVALID": { + "TITLE": "Seu token de autorização expirou.", + "DESCRIPTION": "Clique no botão abaixo para fazer login novamente." + }, + "EXHAUSTED": { + "TITLE": "Sua cota para solicitações autenticadas está esgotada.", + "DESCRIPTION": "Remova ou aumente o limite de cota para esta instância ZITADEL." + }, + "INVALID_FORMAT": "O formato é inválido.", + "NOTANEMAIL": "O valor fornecido não é um endereço de e-mail.", + "MINLENGTH": "Deve ter pelo menos {{requiredLength}} caracteres.", + "UPPERCASEMISSING": "Deve incluir uma letra maiúscula.", + "LOWERCASEMISSING": "Deve incluir uma letra minúscula.", + "SYMBOLERROR": "Deve incluir um símbolo ou caractere de pontuação.", + "NUMBERERROR": "Deve incluir um dígito.", + "PWNOTEQUAL": "As senhas fornecidas não correspondem.", + "PHONE": "O número de telefone deve começar com 00 ou +." + }, + "USER": { + "SETTINGS": { + "TITLE": "Configurações", + "GENERAL": "Geral", + "IDP": "Provedores de Identidade", + "SECURITY": "Senha e Segurança", + "KEYS": "Chaves", + "PAT": "Tokens de Acesso Pessoal", + "USERGRANTS": "Autorizações", + "MEMBERSHIPS": "Associações", + "METADATA": "Metadados" + }, + "TITLE": "Informações Pessoais", + "DESCRIPTION": "Gerencie suas informações e configurações de segurança.", + "PAGES": { + "LIST": "Usuários", + "TITLE": "Usuário", + "DESCRIPTION": "Crie novos usuários em sua organização e gerencie os existentes.", + "LISTMACHINE": "Usuários de Serviço", + "DESCRIPTIONMACHINE": "Crie e gerencie Usuários de Serviço de sua organização", + "DETAIL": "Detalhes", + "CREATE": "Criar", + "MY": "Minhas Informações", + "LOGINNAMES": "Nomes de Login", + "LOGINMETHODS": "Métodos de Login", + "LOGINNAMESDESC": "Estes são os seus nomes de login:", + "NOUSER": "Nenhum usuário associado.", + "REACTIVATE": "Reativar", + "DEACTIVATE": "Desativar", + "FILTER": "Filtro", + "STATE": "Status", + "DELETE": "Excluir Usuário", + "UNLOCK": "Desbloquear Usuário", + "GENERATESECRET": "Gerar Segredo do Cliente", + "REMOVESECRET": "Remover Segredo do Cliente", + "LOCKEDDESCRIPTION": "Este usuário foi bloqueado devido a exceder o número máximo de tentativas de login e deve ser desbloqueado para ser usado novamente.", + "DELETEACCOUNT": "Excluir Conta", + "DELETEACCOUNT_DESC": "Se você realizar esta ação, será desconectado e não terá mais acesso à sua conta. Essa ação não pode ser desfeita, portanto, prossiga com cautela.", + "DELETEACCOUNT_BTN": "Excluir Conta", + "DELETEACCOUNT_SUCCESS": "Conta excluída com sucesso!" + }, + "DETAILS": { + "DATECREATED": "Criado", + "DATECHANGED": "Alterado" + }, + "DIALOG": { + "DELETE_TITLE": "Excluir Usuário", + "DELETE_SELF_TITLE": "Excluir Conta", + "DELETE_DESCRIPTION": "Você está prestes a excluir permanentemente um usuário. Tem certeza?", + "DELETE_SELF_DESCRIPTION": "Você está prestes a excluir permanentemente sua conta pessoal. Isso irá desconectá-lo e excluir seu usuário. Essa ação não pode ser desfeita!", + "DELETE_AUTH_DESCRIPTION": "Você está prestes a excluir permanentemente sua conta pessoal. Tem certeza?", + "TYPEUSERNAME": "Digite '{{value}}' para confirmar e excluir o usuário.", + "USERNAME": "Nome de usuário", + "DELETE_BTN": "Excluir permanentemente" + }, + "SENDEMAILDIALOG": { + "TITLE": "Enviar Notificação por E-mail", + "DESCRIPTION": "Clique no botão abaixo para enviar uma notificação para o endereço de e-mail atual ou altere o endereço de e-mail no campo.", + "NEWEMAIL": "Novo endereço de e-mail" + }, + "SECRETDIALOG": { + "CLIENTSECRET": "Segredo do Cliente", + "CLIENTSECRET_DESCRIPTION": "Mantenha seu segredo do cliente em um local seguro, pois ele desaparecerá assim que o diálogo for fechado." + }, + "TABLE": { + "DEACTIVATE": "Desativar", + "ACTIVATE": "Ativar", + "CHANGEDATE": "Última Modificação", + "CREATIONDATE": "Criado Em", + "TYPES": { + "HUMAN": "Usuários", + "MACHINE": "Usuários de Serviço" + }, + "FILTER": { + "0": "Filtrar por Nome de Exibição", + "1": "Filtrar por Nome de Usuário", + "2": "filtrar por Nome de Exibição", + "3": "filtrar por Nome de Usuário", + "4": "filtrar por E-mail", + "5": "filtrar por Nome de Exibição", + "10": "filtrar por nome de organização", + "12": "filtrar por nome de projeto" + }, + "EMPTY": "Nenhum registro" + }, + "PASSWORDLESS": { + "SEND": "Enviar link de registro", + "TABLETYPE": "Tipo", + "TABLESTATE": "Status", + "NAME": "Nome", + "EMPTY": "Nenhum dispositivo configurado", + "TITLE": "Autenticação sem Senha", + "DESCRIPTION": "Adicione Métodos de Autenticação baseados em WebAuthn para fazerlogin no ZITADEL sem senha.", + "MANAGE_DESCRIPTION": "Gerencie os métodos de segundo fator dos seus usuários.", + "U2F": "Adicionar método", + "U2F_DIALOG_TITLE": "Verificar autenticador", + "U2F_DIALOG_DESCRIPTION": "Digite um nome para seu login sem senha usado", + "U2F_SUCCESS": "Autenticação sem senha criada com sucesso!", + "U2F_ERROR": "Ocorreu um erro durante a configuração!", + "U2F_NAME": "Nome do Autenticador", + "TYPE": { + "0": "Nenhum MFA definido", + "1": "One Time Password (OTP)", + "2": "Impressão digital, Chaves de Segurança, Face ID e outros" + }, + "STATE": { + "0": "Nenhum Estado", + "1": "Não Pronto", + "2": "Pronto", + "3": "Excluído" + }, + "DIALOG": { + "DELETE_TITLE": "Remover Método de Autenticação sem Senha", + "DELETE_DESCRIPTION": "Você está prestes a excluir um método de autenticação sem senha. Tem certeza?", + "ADD_TITLE": "Autenticação sem senha", + "ADD_DESCRIPTION": "Selecione uma das opções disponíveis para criar um método de autenticação sem senha.", + "SEND_DESCRIPTION": "Envie a si mesmo um link de registro para o seu endereço de e-mail.", + "SEND": "Enviar link de registro", + "SENT": "O e-mail foi entregue com sucesso. Verifique sua caixa de correio para continuar com a configuração.", + "QRCODE_DESCRIPTION": "Gerar um código QR para escanear com outro dispositivo.", + "QRCODE": "Gerar código QR", + "QRCODE_SCAN": "Escanear este código QR para continuar com a configuração no seu dispositivo.", + "NEW_DESCRIPTION": "Use este dispositivo para configurar a autenticação sem senha.", + "NEW": "Adicionar novo" + } + }, + "MFA": { + "TABLETYPE": "Tipo", + "TABLESTATE": "Status", + "NAME": "Nome", + "EMPTY": "Nenhum fator adicional", + "TITLE": "Autenticação Multifator", + "DESCRIPTION": "Adicione um segundo fator para garantir a segurança ideal da sua conta.", + "MANAGE_DESCRIPTION": "Gerencie os métodos de segundo fator dos seus usuários.", + "ADD": "Adicionar Fator", + "OTP": "Aplicativo de Autenticação para OTP (One-Time Password)", + "OTP_DIALOG_TITLE": "Adicionar OTP", + "OTP_DIALOG_DESCRIPTION": "Digitalize o código QR com um aplicativo autenticador e insira o código abaixo para verificar e ativar o método OTP.", + "U2F": "Impressão digital, Chaves de Segurança, Face ID e outros", + "U2F_DIALOG_TITLE": "Verificar Fator", + "U2F_DIALOG_DESCRIPTION": "Digite um nome para o seu fator de multifator universal usado.", + "U2F_SUCCESS": "Fator adicionado com sucesso!", + "U2F_ERROR": "Ocorreu um erro durante a configuração!", + "U2F_NAME": "Nome do Autenticador", + "TYPE": { + "0": "Nenhum MFA definido", + "1": "One Time Password (OTP)", + "2": "Impressão digital, Chaves de Segurança, Face ID e outros" + }, + "STATE": { + "0": "Nenhum Estado", + "1": "Não Pronto", + "2": "Pronto", + "3": "Excluído" + }, + "DIALOG": { + "MFA_DELETE_TITLE": "Remover Segundo Fator", + "MFA_DELETE_DESCRIPTION": "Você está prestes a excluir um segundo fator. Tem certeza?", + "ADD_MFA_TITLE": "Adicionar Segundo Fator", + "ADD_MFA_DESCRIPTION": "Selecione uma das opções disponíveis para criar um método de autenticação de segundo fator." + } + }, + "EXTERNALIDP": { + "TITLE": "Provedores de Identidade Externos", + "DESC": "", + "IDPCONFIGID": "ID da Configuração do Provedor de Identidade", + "IDPNAME": "Nome do Provedor de Identidade", + "USERDISPLAYNAME": "Nome Externo", + "EXTERNALUSERID": "ID do Usuário Externo", + "EMPTY": "Nenhum IDP externo encontrado", + "DIALOG": { + "DELETE_TITLE": "Remover IDP", + "DELETE_DESCRIPTION": "Você está prestes a excluir um Provedor de Identidade de um usuário. Deseja continuar?" + } + }, + "CREATE": { + "TITLE": "Criar um Novo Usuário", + "DESCRIPTION": "Forneça as informações necessárias.", + "NAMEANDEMAILSECTION": "Nome e E-mail", + "GENDERLANGSECTION": "Gênero e Idioma", + "PHONESECTION": "Números de Telefone", + "PASSWORDSECTION": "Senha Inicial", + "ADDRESSANDPHONESECTION": "Número de telefone", + "INITMAILDESCRIPTION": "Se ambas as opções forem selecionadas, nenhum e-mail de inicialização será enviado. Se apenas uma das opções for selecionada, um e-mail para fornecer/verificar os dados será enviado." + }, + "CODEDIALOG": { + "TITLE": "Verificar Número de Telefone", + "DESCRIPTION": "Digite o código que você recebeu por mensagem de texto para verificar seu número de telefone.", + "CODE": "Código" + }, + "DATA": { + "STATE": "Status", + "STATE0": "Desconhecido", + "STATE1": "Ativo", + "STATE2": "Inativo", + "STATE3": "Excluído", + "STATE4": "Bloqueado", + "STATE5": "Suspenso", + "STATE6": "Inicial" + }, + "PROFILE": { + "TITLE": "Perfil", + "EMAIL": "E-mail", + "PHONE": "Número de Telefone", + "PHONE_HINT": "Use 00 ou o símbolo + seguido do código de chamada do país, ou selecione o país na lista suspensa e, em seguida, insira o número de telefone", + "USERNAME": "Nome de Usuário", + "CHANGEUSERNAME": "modificar", + "CHANGEUSERNAME_TITLE": "Alterar nome de usuário", + "CHANGEUSERNAME_DESC": "Digite o novo nome no campo abaixo.", + "FIRSTNAME": "Nome Próprio", + "LASTNAME": "Sobrenome", + "NICKNAME": "Apelido", + "DISPLAYNAME": "Nome de Exibição", + "PREFERRED_LANGUAGE": "Idioma", + "GENDER": "Gênero", + "SENHA": "Senha", + "AVATAR": { + "UPLOADTITLE": "Carregar sua Foto de Perfil", + "UPLOADBTN": "Escolher arquivo", + "UPLOAD": "Carregar", + "CURRENT": "Foto Atual", + "PREVIEW": "Visualização", + "DELETESUCCESS": "Excluído com sucesso!", + "CROPPERERROR": "Ocorreu um erro ao carregar seu arquivo. Tente um formato e tamanho diferentes, se necessário." + }, + "COUNTRY": "País" + }, + "MACHINE": { + "TITLE": "Detalhes do Usuário de Serviço", + "USERNAME": "Nome de Usuário", + "NAME": "Nome", + "DESCRIPTION": "Descrição", + "KEYSTITLE": "Chaves", + "KEYSDESC": "Defina suas chaves e adicione uma data de expiração opcional.", + "TOKENSTITLE": "Tokens de Acesso Pessoal", + "TOKENSDESC": "Os tokens de acesso pessoal funcionam como tokens de acesso OAuth comuns.", + "ID": "ID da Chave", + "TYPE": "Tipo", + "EXPIRATIONDATE": "Data de Expiração", + "CHOOSEDATEAFTER": "Insira uma data de expiração válida após", + "CHOOSEEXPIRY": "Selecione uma data de expiração", + "CREATIONDATE": "Data de Criação", + "KEYDETAILS": "Detalhes da Chave", + "ACCESSTOKENTYPE": "Tipo de Token de Acesso", + "ACCESSTOKENTYPES": { + "0": "Bearer", + "1": "JWT" + }, + "ADD": { + "TITLE": "Adicionar Chave", + "DESCRIPTION": "Selecione o tipo de chave e escolha uma data de expiração opcional." + }, + "ADDED": { + "TITLE": "A chave foi criada", + "DESCRIPTION": "Baixe a chave, pois ela não será mais visível após o fechamento deste diálogo!" + }, + "KEYTYPES": { + "1": "JSON" + }, + "DIALOG": { + "DELETE_KEY": { + "TITLE": "Excluir Chave", + "DESCRIPTION": "Deseja excluir a chave selecionada? Essa ação não pode ser desfeita." + } + } + }, + "PASSWORD": { + "TITLE": "Senha", + "LABEL": "Uma senha segura ajuda a proteger a conta", + "DESCRIPTION": "Digite a nova senha de acordo com a política abaixo.", + "OLD": "Senha Atual", + "NEW": "Nova Senha", + "CONFIRM": "Confirmar Nova Senha", + "NEWINITIAL": "Senha", + "CONFIRMINITIAL": "Confirmar Senha", + "RESET": "Redefinir Senha Atual", + "SET": "Definir Nova Senha", + "RESENDNOTIFICATION": "Enviar Link de Redefinição de Senha", + "REQUIRED": "Algumas informações obrigatórias estão faltando.", + "MINLENGTHERROR": "Deve ter pelo menos {{value}} caracteres." + }, + "ID": "ID", + "EMAIL": "E-mail", + "PHONE": "Número de Telefone", + "PHONEEMPTY": "Nenhum número de telefone definido", + "PHONEVERIFIED": "Número de telefone verificado.", + "EMAILVERIFIED": "E-mail verificado", + "NOTVERIFIED": "não verificado", + "PREFERRED_LOGINNAME": "Nome de Usuário Preferencial", + "ISINITIAL": "O usuário ainda não está ativo.", + "LOGINMETHODS": { + "TITLE": "Informações de Contato", + "DESCRIPTION": "As informações fornecidas serão usadas para enviar informações importantes, como e-mails de redefinição de senha.", + "EMAIL": { + "TITLE": "E-mail", + "VALID": "validado", + "ISVERIFIED": "E-mail Verificado", + "ISVERIFIEDDESC": "Se o e-mail estiver verificado, nenhuma solicitação de verificação será feita.", + "RESEND": "Reenviar E-mail de Verificação", + "EDITTITLE": "Alterar E-mail", + "EDITDESC": "Digite o novo e-mail no campo abaixo." + }, + "PHONE": { + "TITLE": "Telefone", + "VALID": "validado", + "RESEND": "Reenviar Mensagem de Texto de Verificação", + "EDITTITLE": "Alterar Número", + "EDITVALUE": "Número de Telefone", + "EDITDESC": "Digite o novo número de telefone no campo abaixo.", + "DELETETITLE": "Excluir número de telefone", + "DELETEDESC": "Você realmente deseja excluir o número de telefone?" + }, + "RESENDCODE": "Reenviar Código", + "ENTERCODE": "Verificar", + "ENTERCODE_DESC": "Digite o código de verificação" + }, + "GRANTS": { + "TITLE": "Permissões de Usuário", + "DESCRIPTION": "Conceda a este usuário acesso a determinados projetos.", + "CREATE": { + "TITLE": "Criar Permissão de Usuário", + "DESCRIPTION": "Pesquise a organização, o projeto e as funções do projeto correspondentes." + }, + "PROJECTNAME": "Nome do Projeto", + "PROJECT-OWNED": "Projeto", + "PROJECT-GRANTED": "Projeto Concedido", + "FILTER": { + "0": "filtro por usuário", + "1": "filtro por domínio", + "2": "filtro por nome do projeto", + "3": "filtro por nome da função" + } + }, + "STATE": { + "0": "Desconhecido", + "1": "Ativo", + "2": "Inativo", + "3": "Excluído", + "4": "Bloqueado", + "5": "Suspenso", + "6": "Inicial" + }, + "SEARCH": { + "ADDITIONAL": "Nome de usuário (organização atual)", + "ADDITIONAL-EXTERNAL": "Nome de usuário (organização externa)" + }, + "TARGET": { + "SELF": "Se você deseja conceder acesso a um usuário de outra organização", + "EXTERNAL": "Para conceder acesso a um usuário de sua organização", + "CLICKHERE": "clique aqui" + }, + "SIGNEDOUT": "Você saiu. Clique no botão \"Entrar\" para fazer login novamente.", + "SIGNEDOUT_BTN": "Entrar", + "EDITACCOUNT": "Editar Conta", + "ADDACCOUNT": "Entrar Com Outra Conta", + "RESENDINITIALEMAIL": "Reenviar e-mail de ativação", + "RESENDEMAILNOTIFICATION": "Reenviar notificação por e-mail", + "TOAST": { + "CREATED": "Usuário criado com sucesso.", + "SAVED": "Perfil salvo com sucesso.", + "USERNAMECHANGED": "Nome de usuário alterado.", + "EMAILSAVED": "E-mail salvo com sucesso.", + "INITEMAILSENT": "E-mail de ativação enviado.", + "PHONESAVED": "Telefone salvo com sucesso.", + "PHONEREMOVED": "O número de telefone foi removido.", + "PHONEVERIFIED": "Número de telefone verificado com sucesso.", + "PHONEVERIFICATIONSENT": "Código de verificação de telefone enviado.", + "EMAILVERIFICATIONSENT": "Código de verificação de e-mail enviado.", + "OTPREMOVED": "OTP removido.", + "U2FREMOVED": "Fator removido.", + "PASSWORDLESSREMOVED": "Autenticação sem senha removida.", + "INITIALPASSWORDSET": "Senha inicial definida.", + "PASSWORDNOTIFICATIONSENT": "Notificação de alteração de senha enviada.", + "PASSWORDCHANGED": "Senha alterada com sucesso.", + "REACTIVATED": "Usuário reativado.", + "DEACTIVATED": "Usuário desativado.", + "SELECTEDREACTIVATED": "Usuários selecionados reativados.", + "SELECTEDDEACTIVATED": "Usuários selecionados desativados.", + "SELECTEDKEYSDELETED": "Chaves selecionadas excluídas.", + "KEYADDED": "Chave adicionada!", + "MACHINEADDED": "Usuário de serviço criado!", + "DELETED": "Usuário excluído com sucesso!", + "UNLOCKED": "Usuário desbloqueado com sucesso!", + "PASSWORDLESSREGISTRATIONSENT": "Link de registro enviado com sucesso.", + "SECRETGENERATED": "Segredo gerado com sucesso!", + "SECRETREMOVED": "Segredo removido com sucesso!" + }, + "MEMBERSHIPS": { + "TITLE": "Funções de Gerente do ZITADEL", + "DESCRIPTION": "Essas são todas as permissões de membros do usuário. Você também pode modificá-las nas páginas de detalhes da organização, projeto ou IAM.", + "ORGCONTEXT": "Você vê todas as organizações e projetos relacionados à organização atualmente selecionada.", + "USERCONTEXT": "Você vê todas as organizações e projetos para os quais está autorizado. Incluindo outras organizações.", + "CREATIONDATE": "Data de Criação", + "CHANGEDATE": "Última Modificação", + "DISPLAYNAME": "Nome de Exibição", + "REMOVE": "Remover", + "TYPE": "Tipo", + "ORGID": "ID da Organização", + "UPDATED": "A permissão de membro foi atualizada.", + "NOPERMISSIONTOEDIT": "Você não possui as permissões necessárias para editar funções!", + "TYPES": { + "UNKNOWN": "Desconhecido", + "ORG": "Organização", + "PROJECT": "Projeto", + "GRANTEDPROJECT": "Projeto Concedido" + } + }, + "PERSONALACCESSTOKEN": { + "ID": "ID", + "TOKEN": "Token", + "ADD": { + "TITLE": "Gerar Novo Token de Acesso Pessoal", + "DESCRIPTION": "Defina um tempo de expiração personalizado para o token.", + "CHOOSEEXPIRY": "Selecione uma data de expiração", + "CHOOSEDATEAFTER": "Insira uma data de expiração válida após" + }, + "ADDED": { + "TITLE": "Token de Acesso Pessoal", + "DESCRIPTION": "Certifique-se de copiar o seu token de acesso pessoal. Você não poderá vê-lo novamente!" + }, + "DELETE": { + "TITLE": "Excluir Token", + "DESCRIPTION": "Você está prestes a excluir o token de acesso pessoal. Tem certeza?" + }, + "DELETED": "Token excluído com sucesso." + } + }, + "METADATA": { + "TITLE": "Metadados", + "DESCRIPTION": "", + "KEY": "Chave", + "VALUE": "Valor", + "ADD": "Nova Entrada", + "SAVE": "Salvar", + "EMPTY": "Nenhum metadado", + "SETSUCCESS": "Elemento salvo com sucesso", + "REMOVESUCCESS": "Elemento excluído com sucesso" + }, + "FLOWS": { + "TITLE": "Ações e Fluxos", + "DESCRIPTION": "Defina scripts para executar em determinado evento.", + "ACTIONSTITLE": "Ações", + "ACTIONSDESCRIPTION": "Esses são seus scripts que você pode executar nos fluxos.", + "FLOWSTITLE": "Fluxos", + "FLOWSDESCRIPTION": "Fluxos de um determinado tipo executam ações no momento de um gatilho.", + "ID": "ID", + "NAME": "Nome", + "STATE": "Estado", + "STATES": { + "0": "sem status", + "1": "inativo", + "2": "ativo" + }, + "ADDTRIGGER": "Adicionar gatilho", + "FLOWCHANGED": "O fluxo foi alterado com sucesso", + "FLOWCLEARED": "O fluxo foi redefinido com sucesso", + "TIMEOUT": "Tempo Limite", + "TIMEOUTINSEC": "Tempo Limite em segundos", + "ALLOWEDTOFAIL": "Permitido Falhar", + "SCRIPT": "Script", + "FLOWTYPE": "Tipo de Fluxo", + "TRIGGERTYPE": "Tipo de Gatilho", + "ACTIONS": "Ações", + "ACTIONSMAX": "Com base no seu Nível, você tem um número limitado de Ações disponíveis ({{value}}). Certifique-se de desativar as que você não precisa ou considere fazer upgrade do seu nível.", + "DIALOG": { + "ADD": { + "TITLE": "Criar uma Ação" + }, + "UPDATE": { + "TITLE": "Atualizar Ação" + }, + "DELETEACTION": { + "TITLE": "Excluir Ação?", + "DESCRIPTION": "Você está prestes a excluir uma ação. Isso não pode ser desfeito. Tem certeza?", + "DELETE_SUCCESS": "Ação excluída com sucesso." + }, + "CLEAR": { + "TITLE": "Limpar fluxo?", + "DESCRIPTION": "Você está prestes a redefinir o fluxo juntamente com seus gatilhos e ações. Essa alteração não pode ser desfeita. Tem certeza?" + }, + "REMOVEACTIONSLIST": { + "TITLE": "Excluir Ações Selecionadas?", + "DESCRIPTION": "Tem certeza de que deseja excluir as ações selecionadas do fluxo?" + } + }, + "TOAST": { + "ACTIONSSET": "Ações definidas", + "ACTIONREACTIVATED": "Ações reativadas com sucesso", + "ACTIONDEACTIVATED": "Ações desativadas com sucesso" + } + }, + "IAM": { + "TITLE": "Instância", + "DESCRIPTION": "Gerencie as configurações da sua instância e organizações", + "POLICIES": { + "TITLE": "Políticas do sistema e configurações de acesso", + "DESCRIPTION": "Gerencie as políticas globais e configurações de acesso à gerência." + }, + "EVENTSTORE": { + "TITLE": "Administração de armazenamento IAM", + "DESCRIPTION": "Gerencie as visualizações do ZITADEL e eventos falhados." + }, + "MEMBER": { + "TITLE": "Gerentes", + "DESCRIPTION": "Esses gerentes têm permissão para fazer alterações na sua instância." + }, + "PAGES": { + "STATE": "Status", + "DOMAINLIST": "Domínios" + }, + "STATE": { + "0": "Não especificado", + "1": "Criando", + "2": "Executando", + "3": "Parando", + "4": "Parado" + }, + "VIEWS": { + "TITLE": "Visualizações", + "DESCRIPTION": "Este cartão mostra as visualizações do ZITADEL.", + "VIEWNAME": "Nome", + "DATABASE": "Banco de Dados", + "SEQUENCE": "Sequência", + "EVENTTIMESTAMP": "Carimbo de Data/Hora do Evento", + "LASTSPOOL": "Spool bem-sucedido", + "ACTIONS": "Ações", + "CLEAR": "Limpar", + "CLEARED": "Visualização limpa com sucesso!", + "DIALOG": { + "VIEW_CLEAR_TITLE": "Limpar Visualização", + "VIEW_CLEAR_DESCRIPTION": "Você está prestes a limpar uma visualização. A limpeza de uma visualização cria um processo durante o qual os dados possivelmente não estarão disponíveis para os usuários finais. Você tem certeza?" + } + }, + "FAILEDEVENTS": { + "TITLE": "Eventos com falha", + "DESCRIPTION": "Este cartão mostra os eventos com falha.", + "VIEWNAME": "Nome", + "DATABASE": "Banco de Dados", + "FAILEDSEQUENCE": "Sequência com falha", + "FAILURECOUNT": "Contagem de falhas", + "LASTFAILED": "Última falha em", + "ERRORMESSAGE": "Mensagem de erro", + "ACTIONS": "Ações", + "DELETE": "Remover", + "DELETESUCCESS": "Eventos com falha removidos." + }, + "EVENTS": { + "TITLE": "Eventos", + "DESCRIPTION": "Esta visualização mostra todos os eventos ocorridos.", + "EDITOR": "Editor", + "EDITORID": "ID do Editor", + "AGGREGATE": "Agregado", + "AGGREGATEID": "ID do Agregado", + "AGGREGATETYPE": "Tipo do Agregado", + "RESOURCEOWNER": "Proprietário do Recurso", + "SEQUENCE": "Sequência", + "CREATIONDATE": "Criado em", + "TYPE": "Tipo", + "PAYLOAD": "Carga", + "FILTERS": { + "BTN": "Filtrar", + "USER": { + "IDLABEL": "ID", + "CHECKBOX": "Filtrar por Editor" + }, + "AGGREGATE": { + "TYPELABEL": "Tipo de Agregado", + "IDLABEL": "ID", + "CHECKBOX": "Filtrar por Agregado" + }, + "TYPE": { + "TYPELABEL": "Tipo", + "CHECKBOX": "Filtrar por Tipo" + }, + "RESOURCEOWNER": { + "LABEL": "ID", + "CHECKBOX": "Filtrar por Proprietário do Recurso" + }, + "SEQUENCE": { + "LABEL": "Sequência", + "CHECKBOX": "Filtrar por Sequência", + "SORT": "Ordenação", + "ASC": "Crescente", + "DESC": "Decrescente" + }, + "CREATIONDATE": { + "LABEL": "Data de Criação", + "CHECKBOX": "Filtrar por Data de Criação" + }, + "OTHER": "outro", + "OTHERS": "outros" + }, + "DIALOG": { + "TITLE": "Detalhes do Evento" + } + }, + "TOAST": { + "MEMBERREMOVED": "Gerente removido.", + "MEMBERSADDED": "Gerentes adicionados.", + "MEMBERADDED": "Gerente adicionado.", + "MEMBERCHANGED": "Gerente alterado.", + "ROLEREMOVED": "Função removida.", + "ROLECHANGED": "Função alterada.", + "REACTIVATED": "Reativado", + "DEACTIVATED": "Desativado" + } + }, + "ORG": { + "PAGES": { + "NAME": "Nome", + "ID": "ID", + "CREATIONDATE": "Data de Criação", + "DATECHANGED": "Alterado", + "FILTER": "Filtro", + "FILTERPLACEHOLDER": "Filtrar pelo nome", + "LIST": "Organizações", + "LISTDESCRIPTION": "Escolha uma organização.", + "ACTIVE": "Ativa", + "CREATE": "Criar Organização", + "DEACTIVATE": "Desativar Organização", + "REACTIVATE": "Reativar Organização", + "NOPERMISSION": "Você não tem permissão para acessar as configurações da organização.", + "USERSELFACCOUNT": "Use sua conta pessoal como proprietário da organização", + "ORGDETAIL_TITLE": "Digite o nome e domínio da sua nova organização.", + "ORGDETAIL_TITLE_WITHOUT_DOMAIN": "Digite o nome da sua nova organização.", + "ORGDETAILUSER_TITLE": "Configurar Proprietário da Organização", + "DELETE": "Excluir organização", + "DEFAULTLABEL": "Padrão", + "SETASDEFAULT": "Definir como organização padrão", + "DEFAULTORGSET": "Organização padrão alterada com sucesso", + "RENAME": { + "ACTION": "Renomear", + "TITLE": "Renomear Organização", + "DESCRIPTION": "Digite o novo nome para sua organização", + "BTN": "Renomear" + }, + "ORGDOMAIN": { + "TITLE": "Verificação de Propriedade do Domínio da Organização", + "VERIFICATION": "Para verificar a propriedade do seu domínio, você precisa baixar um arquivo de verificação e enviá-lo para a URL fornecida abaixo, ou criar um registro DNS TXT para a URL fornecida. Para concluir, clique no botão para verificar.", + "VERIFICATION_SKIP": "Você pode pular a verificação por enquanto e continuar a criar sua organização, mas para usar sua organização, esta etapa deve ser concluída!", + "VERIFICATION_VALIDATION_DESC": "Os tokens são verificados regularmente para garantir que você ainda seja o proprietário do domínio.", + "VERIFICATION_NEWTOKEN_TITLE": "Solicitar Novo Token", + "VERIFICATION_NEWTOKEN_DESC": "Se você deseja solicitar um novo token, selecione seu método preferido. Se você deseja validar um token persistente, clique no botão acima.", + "VERIFICATION_VALIDATION_ONGOING": "Um token de verificação já foi solicitado. Clique no botão para iniciar uma verificação.", + "VERIFICATION_VALIDATION_ONGOING_TYPE": "Tipo do token:", + "VERIFICATION_SUCCESSFUL": "Domínio verificado com sucesso!", + "REQUESTNEWTOKEN": "Solicitar novo token", + "TYPES": { + "1": "HTTP", + "2": "DNS" + } + }, + "DOWNLOAD_FILE": "Baixar Arquivo", + "SELECTORGTOOLTIP": "Selecionar esta organização.", + "PRIMARYDOMAIN": "Domínio Principal", + "STATE": "Estado", + "USEPASSWORD": "Definir Senha Inicial", + "USEPASSWORDDESC": "O usuário não precisa definir a senha durante a inicialização." + }, + "LIST": { + "TITLE": "Organizações", + "DESCRIPTION": "Estas são as organizações na sua instância" + }, + "DOMAINS": { + "NEW": "Adicionar Domínio", + "TITLE": "Domínios", + "DESCRIPTION": "Configure seus domínios. Este domínio pode ser usado para o login dos seus usuários.", + "SETPRIMARY": "Definir como Principal", + "DELETE": { + "TITLE": "Excluir Domínio", + "DESCRIPTION": "Você está prestes a excluir um dos seus domínios. Observe que seus usuários não poderão mais usar este domínio para fazer login." + }, + "ADD": { + "TITLE": "Adicionar Domínio", + "DESCRIPTION": "Você está prestes a adicionar um domínio para sua organização. Após o processo bem-sucedido, seus usuários poderão usar o domínio para fazer login." + } + }, + "STATE": { + "0": "Não definido", + "1": "Ativa", + "2": "Desativada", + "3": "Removida" + }, + "MEMBER": { + "TITLE": "Gerentes da Organização", + "DESCRIPTION": "Defina os usuários que podem alterar as preferências da sua organização." + }, + "TOAST": { + "UPDATED": "Organização atualizada com sucesso.", + "DEACTIVATED": "Organização desativada.", + "REACTIVATED": "Organização reativada.", + "DOMAINADDED": "Domínio adicionado.", + "DOMAINREMOVED": "Domínio removido.", + "MEMBERADDED": "Gerente adicionado.", + "MEMBERREMOVED": "Gerente removido.", + "MEMBERCHANGED": "Gerente alterado.", + "SETPRIMARY": "Domínio principal definido.", + "DELETED": "Organização excluída com sucesso", + "ORG_WAS_DELETED": "Organização foi excluída." + }, + "DIALOG": { + "DEACTIVATE": { + "TITLE": "Desativar organização", + "DESCRIPTION": "Você está prestes a desativar sua organização. Os usuários não poderão fazer login posteriormente. Tem certeza de que deseja continuar?" + }, + "REACTIVATE": { + "TITLE": "Reativar organização", + "DESCRIPTION": "Você está prestes a reativar sua organização. Os usuários poderão fazer login novamente. Tem certeza de que deseja continuar?" + }, + "DELETE": { + "TITLE": "Excluir organização", + "DESCRIPTION": "Você está prestes a excluir sua organização. Isso inicia um processo no qual todos os dados relacionados à organização serão excluídos. Não será possível reverter esta ação por enquanto.", + "TYPENAME": "Digite '{{value}}' para excluir sua organização.", + "ORGNAME": "Nome", + "BTN": "Excluir" + } + } + }, + "SETTINGS": { + "INSTANCE": { + "TITLE": "Configurações da Instância", + "DESCRIPTION": "Essas configurações serão aplicadas a todas as suas organizações, a menos que tenham sido substituídas." + }, + "ORG": { + "TITLE": "Configurações da Organização", + "DESCRIPTION": "Essas configurações estendem e sobrescrevem as configurações da sua instância." + }, + "LIST": { + "GENERAL": "Geral", + "LOGIN": "Comportamento de Login e Segurança", + "LOCKOUT": "Bloqueio", + "COMPLEXITY": "Complexidade de Senha", + "NOTIFICATIONS": "Configurações de Notificação", + "NOTIFICATIONS_DESC": "Configurações de SMTP e SMS", + "MESSAGETEXTS": "Textos de Mensagem", + "IDP": "Provedores de Identidade", + "DOMAIN": "Configurações de Domínio", + "LOGINTEXTS": "Textos da Interface de Login", + "BRANDING": "Marca", + "PRIVACYPOLICY": "Política de Privacidade", + "OIDC": "Tempo de Vida e Expiração do Token OIDC", + "SECRETS": "Aparência de Segredo", + "SECURITY": "Configurações de Segurança" + }, + "GROUPS": { + "NOTIFICATIONS": "Notificações", + "LOGIN": "Login e Acesso", + "DOMAIN": "Domínio", + "TEXTS": "Textos e Idiomas", + "APPEARANCE": "Aparência", + "OTHER": "Outro" + } + }, + "SETTING": { + "DEFAULTLANGUAGE": "Idioma padrão", + "LANGUAGE": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски" + }, + "SMTP": { + "TITLE": "Configurações SMTP", + "SENDERADDRESS": "Endereço de e-mail do remetente", + "SENDERNAME": "Nome do remetente", + "HOSTANDPORT": "Host e porta", + "USER": "Usuário", + "PASSWORD": "Senha", + "SETPASSWORD": "Definir senha do SMTP", + "PASSWORDSET": "Senha do SMTP definida com sucesso.", + "TLS": "Transport Layer Security (TLS)", + "SAVED": "Salvo com sucesso!", + "REQUIREDWARN": "Para enviar notificações do seu domínio, você precisa inserir seus dados SMTP." + }, + "SMS": { + "TITLE": "Configurações de SMS", + "PROVIDERS": "Provedores", + "PROVIDER": "Provedor de SMS", + "ADDPROVIDER": "Adicionar provedor de SMS", + "ADDPROVIDERDESCRIPTION": "Escolha um dos provedores disponíveis e insira os dados necessários.", + "REMOVEPROVIDER": "Remover provedor", + "REMOVEPROVIDER_DESC": "Você está prestes a excluir uma configuração de provedor. Deseja continuar?", + "SMSPROVIDERSTATE": { + "0": "Não especificado", + "1": "Ativo", + "2": "Inativo" + }, + "ACTIVATED": "Provedor ativado.", + "DEACTIVATED": "Provedor desativado.", + "TWILIO": { + "SID": "SID", + "TOKEN": "Token", + "SENDERNUMBER": "Número do remetente", + "ADDED": "Twilio adicionado com sucesso.", + "REMOVED": "Twilio removido", + "CHANGETOKEN": "Alterar token", + "SETTOKEN": "Definir token", + "TOKENSET": "Token definido com sucesso." + } + }, + "OIDC": { + "TITLE": "Configurações OIDC", + "ACCESSTOKENLIFETIME": "Tempo de vida do token de acesso", + "IDTOKENLIFETIME": "Tempo de vida do token de ID", + "REFRESHTOKENEXPIRATION": "Expiração do token de atualização", + "REFRESHTOKENIDLEEXPIRATION": "Expiração inativa do token de atualização", + "INHOURS": "horas", + "INDAYS": "dias" + }, + "SECRETS": { + "TITLE": "Aparência de segredos", + "TYPES": "Tipos de segredos", + "TYPE": { + "1": "Email de inicialização", + "2": "Verificação de email", + "3": "Verificação de telefone", + "4": "Redefinição de senha", + "5": "Inicialização sem senha", + "6": "Segredo do aplicativo" + }, + "ADDGENERATOR": "Definir aparência de segredo", + "GENERATORTYPE": "Tipo", + "EXPIRY": "Expiração (em horas)", + "INCLUDEDIGITS": "Incluir números", + "INCLUDESYMBOLS": "Incluir símbolos", + "INCLUDELOWERLETTERS": "Incluir letras minúsculas", + "INCLUDEUPPERLETTERS": "Incluir letras maiúsculas", + "LENGTH": "Comprimento", + "UPDATED": "Configurações atualizadas." + }, + "SECURITY": { + "DESCRIPTION": "Essa configuração define o CSP para permitir o enquadramento de um conjunto de domínios permitidos. Observe que, ao permitir o uso de iFrames, você corre o risco de permitir ataques de clickjacking.", + "IFRAMEENABLED": "Permitir iFrame", + "ALLOWEDORIGINS": "URLs permitidos" + }, + "DIALOG": { + "RESET": { + "DEFAULTTITLE": "Redefinir configuração", + "DEFAULTDESCRIPTION": "Você está prestes a redefinir suas configurações para a configuração padrão da sua instância. Tem certeza de que deseja continuar?", + "LOGINPOLICY_DESCRIPTION": "Aviso: Se você continuar, as configurações do provedor de identidade também serão redefinidas para as configurações da instância." + } + } + }, + "POLICY": { + "TITLE": "Explorar configurações", + "DESCRIPTION": "Configurações pré-embaladas que melhoram sua segurança.", + "APPLIEDTO": "Aplicado a", + "PWD_COMPLEXITY": { + "TITLE": "Complexidade da senha", + "DESCRIPTION": "Garante que todas as senhas definidas correspondam a um padrão específico", + "SYMBOLANDNUMBERERROR": "Deve conter um dígito e um símbolo/ponto de pontuação.", + "SYMBOLERROR": "Deve incluir um símbolo/ponto de pontuação.", + "NUMBERERROR": "Deve incluir um dígito.", + "PATTERNERROR": "A senha não atende ao padrão exigido." + }, + "NOTIFICATION": { + "TITLE": "Notificação", + "DESCRIPTION": "Determina em quais alterações as notificações serão enviadas.", + "PASSWORDCHANGE": "Mudança de senha" + }, + "PRIVATELABELING": { + "TITLE": "Marca", + "DESCRIPTION": "Dê ao login o seu estilo personalizado e modifique seu comportamento.", + "PREVIEW_DESCRIPTION": "As alterações da política serão automaticamente aplicadas ao ambiente de visualização.", + "BTN": "Selecionar arquivo", + "ACTIVATEPREVIEW": "Aplicar configuração", + "DARK": "Modo escuro", + "LIGHT": "Modo claro", + "CHANGEVIEW": "Alterar visualização", + "ACTIVATED": "As alterações de política estão agora ATIVAS", + "THEME": "Tema", + "COLORS": "Cores", + "FONT": "Fonte", + "ADVANCEDBEHAVIOR": "Comportamento avançado", + "DROP": "Solte a imagem aqui ou", + "RELEASE": "Liberar", + "DROPFONT": "Solte o arquivo de fonte aqui", + "RELEASEFONT": "Liberar", + "USEOFLOGO": "Seu logotipo será usado no login e nos emails, enquanto o ícone é usado para elementos de IU menores, como o seletor de organização no console", + "MAXSIZE": "O tamanho máximo é limitado a 524kB", + "EMAILNOSVG": "O formato de arquivo SVG não é suportado em emails. Portanto, faça o upload do seu logotipo em PNG ou em outro formato suportado.", + "MAXSIZEEXCEEDED": "Tamanho máximo de 524kB excedido.", + "NOSVGSUPPORTED": "SVG não é suportado!", + "FONTINLOGINONLY": "A fonte está atualmente sendo exibida apenas na interface de login.", + "BACKGROUNDCOLOR": "Cor de fundo", + "PRIMARYCOLOR": "Cor primária", + "WARNCOLOR": "Cor de aviso", + "FONTCOLOR": "Cor da fonte", + "VIEWS": { + "PREVIEW": "Visualização", + "CURRENT": "Configuração atual" + }, + "PREVIEW": { + "TITLE": "Login", + "SECOND": "faça login com sua conta ZITADEL.", + "ERROR": "Usuário não encontrado!", + "PRIMARYBUTTON": "próximo", + "SECONDARYBUTTON": "registrar" + } + }, + "PWD_AGE": { + "TITLE": "Envelhecimento de senha", + "DESCRIPTION": "Você pode definir uma política para o envelhecimento de senhas. Essa política emite um aviso após o tempo de envelhecimento específico ter passado." + }, + "PWD_LOCKOUT": { + "TITLE": "Política de bloqueio", + "DESCRIPTION": "Defina um número máximo de tentativas de senha, após as quais as contas serão bloqueadas." + }, + "DOMAIN_POLICY": { + "TITLE": "Configurações de domínio" + }, + "PRIVATELABELING_POLICY": { + "TITLE": "Marca", + "BTN": "Selecionar arquivo", + "DESCRIPTION": "Personalize a aparência do login", + "ACTIVATEPREVIEW": "Ativar configuração" + }, + "LOGIN_POLICY": { + "TITLE": "Configurações de login", + "DESCRIPTION": "Defina como os usuários podem ser autenticados e configure provedores de identidade", + "DESCRIPTIONCREATEADMIN": "Os usuários podem escolher entre os provedores de identidade disponíveis abaixo.", + "DESCRIPTIONCREATEMGMT": "Os usuários podem escolher entre os provedores de identidade disponíveis abaixo. Observação: você também pode usar provedores definidos pelo sistema e provedores definidos apenas para sua organização.", + "ADVANCED": "Avançado", + "LIFETIMEDURATIONS": "Duração do login", + "SAVED": "Salvo com sucesso!" + }, + "PRIVACY_POLICY": { + "TITLE": "Política de privacidade e TOS", + "DESCRIPTION": "Defina os links para a sua Política de Privacidade e Termos de Serviço", + "TOSLINK": "Link para os Termos de Serviço", + "POLICYLINK": "Link para a Política de Privacidade", + "HELPLINK": "Link para Ajuda", + "SUPPORTEMAIL": "E-mail de suporte", + "SAVED": "Salvo com sucesso!", + "RESET_TITLE": "Restaurar valores padrão", + "RESET_DESCRIPTION": "Você está prestes a restaurar os Links padrão para TOS e Política de Privacidade. Deseja realmente continuar?" + }, + "LOGIN_TEXTS": { + "TITLE": "Textos da interface de login", + "DESCRIPTION": "Defina seus textos para as interfaces de login. Se os textos estiverem vazios, o valor padrão mostrado como marcador de posição será usado.", + "DESCRIPTION_SHORT": "Defina seus textos para as interfaces de login.", + "NEWERVERSIONEXISTS": "Existe uma versão mais recente", + "CURRENTDATE": "Configuração atual", + "CHANGEDATE": "Nova versão a partir de", + "KEYNAME": "Tela/Interface de login", + "RESET_TITLE": "Restaurar valores padrão", + "RESET_DESCRIPTION": "Você está prestes a restaurar todos os valores padrão. Todas as alterações que você fez serão excluídas permanentemente. Deseja realmente continuar?", + "UNSAVED_TITLE": "Continuar sem salvar?", + "UNSAVED_DESCRIPTION": "Você fez alterações sem salvar. Deseja salvar agora?", + "LOCALE": "Código de localidade", + "LOCALES": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски" + }, + "KEYS": { + "emailVerificationDoneText": "Verificação de email concluída", + "emailVerificationText": "Verificação de email", + "externalUserNotFoundText": "Usuário externo não encontrado", + "footerText": "Rodapé", + "initMfaDoneText": "Inicialização de MFA concluída", + "initMfaOtpText": "Inicialização de MFA", + "initMfaPromptText": "Prompt de inicialização de MFA", + "initMfaU2fText": "Inicialização de Fator de Segundo Universal", + "initPasswordDoneText": "Inicialização de senha concluída", + "initPasswordText": "Inicialização de senha", + "initializeDoneText": "Inicialização de usuário concluída", + "initializeUserText": "Inicializaçãode usuário", + "linkingUserDoneText": "Vinculação de usuário concluída", + "loginText": "Login", + "logoutText": "Logout", + "mfaProvidersText": "Provedores de MFA", + "passwordChangeDoneText": "Alteração de senha concluída", + "passwordChangeText": "Alteração de senha", + "passwordResetDoneText": "Redefinição de senha concluída", + "passwordText": "Senha", + "registrationOptionText": "Opções de registro", + "registrationOrgText": "Registrar organização", + "registrationUserText": "Registrar usuário", + "selectAccountText": "Selecionar conta", + "successLoginText": "Login com sucesso", + "usernameChangeDoneText": "Alteração de nome de usuário concluída", + "usernameChangeText": "Alteração de nome de usuário", + "verifyMfaOtpText": "Verificar OTP", + "verifyMfaU2fText": "Verificar Fator de Segundo Universal", + "passwordlessPromptText": "Prompt de autenticação sem senha", + "passwordlessRegistrationDoneText": "Registro sem senha concluído", + "passwordlessRegistrationText": "Registro sem senha", + "passwordlessText": "Sem senha", + "externalRegistrationUserOverviewText": "Visão geral do usuário de registro externo" + } + }, + "MESSAGE_TEXTS": { + "TITLE": "Textos de mensagem", + "DESCRIPTION": "Defina seus textos para os emails de notificação.", + "TYPE": "Notificação", + "TYPES": { + "INIT": "Inicialização", + "VE": "Verificar Email", + "VP": "Verificar Telefone", + "PR": "Redefinição de Senha", + "DC": "Reivindicação de Domínio", + "PL": "Sem senha", + "PC": "Alteração de Senha" + }, + "CHIPS": { + "firstname": "Nome próprio", + "lastname": "Sobrenome", + "code": "Código", + "preferredLoginName": "Nome de login preferido", + "displayName": "Nome de exibição", + "nickName": "Apelido", + "loginnames": "Nomes de login", + "domain": "Domínio", + "lastEmail": "Último email", + "lastPhone": "Último telefone", + "verifiedEmail": "Email verificado", + "verifiedPhone": "Telefone verificado", + "changedate": "Data de alteração", + "username": "Nome de usuário", + "tempUsername": "Nome de usuário temporário" + }, + "TOAST": { + "UPDATED": "Textos personalizados salvos." + } + }, + "DEFAULTLABEL": "As configurações atuais correspondem ao padrão de sua Instância.", + "BTN_INSTALL": "Configurar", + "BTN_EDIT": "Modificar", + "DATA": { + "DESCRIPTION": "Descrição", + "MINLENGTH": "comprimento mínimo", + "HASNUMBER": "tem número", + "HASSYMBOL": "tem símbolo", + "HASLOWERCASE": "tem letra minúscula", + "HASUPPERCASE": "tem letra maiúscula", + "SHOWLOCKOUTFAILURES": "mostrar falhas de bloqueio", + "MAXATTEMPTS": "Máximo de tentativas de senha", + "EXPIREWARNDAYS": "Aviso de expiração após dias", + "MAXAGEDAYS": "Idade máxima em dias", + "USERLOGINMUSTBEDOMAIN": "Adicionar domínio da organização como sufixo aos nomes de login", + "USERLOGINMUSTBEDOMAIN_DESCRIPTION": "Se você habilitar essa configuração, todos os nomes de login serão sufixados com o domínio da organização. Se essa configuração estiver desabilitada, você deve garantir que os nomes de usuário sejam exclusivos em todas as organizações.", + "VALIDATEORGDOMAINS": "Validar domínios da organização", + "SMTPSENDERADDRESSMATCHESINSTANCEDOMAIN": "O endereço do remetente do SMTP corresponde ao domínio da Instância", + "ALLOWUSERNAMEPASSWORD": "Permitir usuário e senha", + "ALLOWEXTERNALIDP": "Permitir provedor de ID externo", + "ALLOWREGISTER": "Permitir registro", + "ALLOWUSERNAMEPASSWORD_DESC": "O login convencional com nome de usuário e senha é permitido.", + "ALLOWEXTERNALIDP_DESC": "O login é permitido para os provedores de identidade subjacentes", + "ALLOWREGISTER_DESC": "Se a opção estiver selecionada, uma etapa adicional para registrar um usuário aparecerá no login.", + "FORCEMFA": "Forçar MFA", + "FORCEMFA_DESC": "Se a opção estiver selecionada, os usuários deverão configurar um segundo fator para o login.", + "HIDEPASSWORDRESET": "Ocultar redefinição de senha", + "HIDEPASSWORDRESET_DESC": "Se a opção estiver selecionada, o usuário não poderá redefinir sua senha no processo de login.", + "HIDELOGINNAMESUFFIX": "Ocultar sufixo do nome de login", + "HIDELOGINNAMESUFFIX_DESC": "Oculta o sufixo do nome de login na interface de login", + "IGNOREUNKNOWNUSERNAMES": "Ignorar nomes de usuário desconhecidos", + "IGNOREUNKNOWNUSERNAMES_DESC": "Se a opção estiver selecionada, a tela de senha será exibida no processo de login, mesmo se o usuário não for encontrado. O erro na verificação de senha não revelará se o nome de usuário ou a senha estavam incorretos.", + "ALLOWDOMAINDISCOVERY": "Permitir descoberta de domínio", + "ALLOWDOMAINDISCOVERY_DESC": "Se a opção estiver selecionada, o sufixo (@domain.com) de um nome de usuário desconhecido inserido na tela de login será comparado com os domínios da organização e será redirecionado para o registro dessa organização em caso de sucesso.", + "DISABLELOGINWITHEMAIL": "Desativar login com endereço de email", + "DISABLELOGINWITHPHONE": "Desativar login com número de telefone", + "DEFAULTREDIRECTURI": "URI de redirecionamento padrão", + "DEFAULTREDIRECTURI_DESC": "Define para onde o usuário será redirecionado se o login for iniciado sem um contexto de aplicativo (por exemplo, a partir do e-mail)", + "ERRORMSGPOPUP": "Mostrar Erro em Diálogo", + "DISABLEWATERMARK": "Ocultar Marca d'água", + "DISABLEWATERMARK_DESC": "Ocultar a marca d'água Powered by ZITADEL na interface de login", + "PASSWORDCHECKLIFETIME": "Vida Útil da Verificação de Senha", + "EXTERNALLOGINCHECKLIFETIME": "Vida Útil da Verificação de Login Externo", + "MFAINITSKIPLIFETIME": "Vida Útil da Inicialização de Multifator", + "SECONDFACTORCHECKLIFETIME": "Vida Útil da Verificação de Segundo Fator", + "MULTIFACTORCHECKLIFETIME": "Vida Útil da Verificação de Multifator", + "INHOURS": "horas" + }, + "RESET": "Redefinir para o padrão da instância", + "CREATECUSTOM": "Criar Política Personalizada", + "TOAST": { + "SET": "Política definida com sucesso!", + "RESETSUCCESS": "Política redefinida com sucesso!", + "UPLOADSUCCESS": "Enviado com sucesso!", + "DELETESUCCESS": "Excluído com sucesso!", + "UPLOADFAILED": "Falha no envio!" + } + }, + "ORG_DETAIL": { + "TITLE": "Organização", + "DESCRIPTION": "Aqui você pode editar a configuração da sua organização e gerenciar os membros.", + "DETAIL": { + "TITLE": "Detalhes", + "NAME": "Nome", + "DOMAIN": "Domínio", + "STATE": { + "0": "Não definido", + "1": "Ativo", + "2": "Inativo" + } + }, + "MEMBER": { + "TITLE": "Membros", + "USERNAME": "Nome de Usuário", + "DISPLAYNAME": "Nome de Exibição", + "LOGINNAME": "Nome de Login", + "EMAIL": "E-mail", + "ROLES": "Funções", + "ADD": "Adicionar Membro", + "ADDDESCRIPTION": "Insira os nomes dos usuários a serem adicionados." + }, + "TABLE": { + "TOTAL": "Total de Entradas", + "SELECTION": "Elementos Selecionados", + "DEACTIVATE": "Desativar Usuário", + "ACTIVATE": "Ativar Usuário", + "DELETE": "Excluir Usuário", + "CLEAR": "Limpar seleção" + } + }, + "PROJECT": { + "PAGES": { + "TITLE": "Projeto", + "DESCRIPTION": "Aqui você pode definir aplicativos, gerenciar funções e conceder acesso a outras organizações para usar o seu projeto.", + "DELETE": "Excluir Projeto", + "LIST": "Projetos", + "LISTDESCRIPTION": "Se você não consegue encontrar um projeto, entre em contato com o proprietário do projeto ou alguém com os direitos correspondentes para obter acesso ao projeto.", + "DETAIL": "Detalhes", + "CREATE": "Criar Projeto", + "CREATE_DESC": "Insira o nome do seu projeto.", + "ROLE": "Função", + "NOITEMS": "Nenhum projeto", + "ZITADELPROJECT": "Isto pertence ao projeto ZITADEL. Atenção: Se você fizer alterações, o ZITADEL pode não funcionar como o esperado.", + "TYPE": { + "OWNED": "Projetos Próprios", + "GRANTED": "Projetos Concedidos", + "OWNED_SINGULAR": "Projeto Próprio", + "GRANTED_SINGULAR": "Projeto Concedido" + }, + "PRIVATELABEL": { + "TITLE": "Configuração de Marca", + "0": { + "TITLE": "Não Especificado", + "DESC": "Assim que o usuário for identificado, a marca da organização do usuário identificado será exibida antes da marca padrão do sistema." + }, + "1": { + "TITLE": "Usar configuração do projeto", + "DESC": "Será exibida a marca da organização que possui o projeto" + }, + "2": { + "TITLE": "Usar configuração da organização do usuário", + "DESC": "Será exibida a marca da organização do projeto, mas assim que o usuário for identificado, será exibida a configuração da organização do usuário identificado." + }, + "DIALOG": { + "TITLE": "Configuração de Marca", + "DESCRIPTION": "Selecione o comportamento do login ao usar o projeto." + } + }, + "PINNED": "Fixado", + "ALL": "Todos", + "CREATEDON": "Criado em", + "LASTMODIFIED": "Última modificação em", + "ADDNEW": "Criar Novo Projeto", + "DIALOG": { + "REACTIVATE": { + "TITLE": "Reativar Projeto", + "DESCRIPTION": "Tem certeza de que deseja reativar o seu projeto?" + }, + "DEACTIVATE": { + "TITLE": "Desativar Projeto", + "DESCRIPTION": "Tem certeza de que deseja desativar o seu projeto?" + }, + "DELETE": { + "TITLE": "Excluir Projeto", + "DESCRIPTION": "Tem certeza de que deseja excluir o seu projeto?", + "TYPENAME": "Digite o nome do projeto para excluí-lo permanentemente." + } + } + }, + "SETTINGS": { + "TITLE": "Configurações", + "DESCRIPTION": "" + }, + "STATE": { + "TITLE": "Status", + "0": "Não definido", + "1": "Ativo", + "2": "Inativo" + }, + "TYPE": { + "TITLE": "Tipo", + "0": "Tipo desconhecido", + "1": "Próprio", + "2": "Concedido" + }, + "NAME": "Nome", + "NAMEDIALOG": { + "TITLE": "Renomear Projeto", + "DESCRIPTION": "Digite o novo nome para o seu projeto", + "NAME": "Novo Nome" + }, + "MEMBER": { + "TITLE": "Gerentes", + "TITLEDESC": "Os gerentes podem fazer alterações neste projeto com base em sua função.", + "DESCRIPTION": "Esses gerentes podem ter permissão para editar o seu projeto.", + "USERNAME": "Nome de Usuário", + "DISPLAYNAME": "Nome de Exibição", + "LOGINNAME": "Nome de Login", + "EMAIL": "E-mail", + "ROLES": "Funções", + "USERID": "ID do Usuário" + }, + "GRANT": { + "EMPTY": "Nenhuma organização concedida.", + "TITLE": "Concessões de Projeto", + "DESCRIPTION": "Permite que outra organização use o seu projeto.", + "EDITTITLE": "Editar funções", + "CREATE": { + "TITLE": "Criar Concessão de Organização", + "SEL_USERS": "Selecione os usuários aos quais deseja conceder acesso", + "SEL_PROJECT": "Buscar um projeto", + "SEL_ROLES": "Selecione as funções que deseja adicionar à concessão", + "SEL_USER": "Selecione usuários", + "SEL_ORG": "Definir o domínio", + "SEL_ORG_DESC": "Insira o domínio completo para especificar a organização a ser concedida.", + "ORG_TITLE": "Organização", + "ORG_DESCRIPTION": "Você está prestes a conceder um usuário para a organização {{name}}.", + "ORG_DESCRIPTION_DESC": "Altere o contexto no cabeçalho acima para conceder um usuário para outra organização.", + "SEL_ORG_FORMFIELD": "Domínio Completo", + "SEL_ORG_BUTTON": "Buscar Organização", + "FOR_ORG": "A concessão é criada para:" + }, + "DETAIL": { + "TITLE": "Concessão de Projeto", + "DESC": "Você pode selecionar quais funções podem ser usadas pela organização especificada e eleger gerentes", + "MEMBERTITLE": "Gerentes", + "MEMBERDESC": "Estes são os gerentes da organização concedida. Adicione usuários aqui que devem ter acesso para editar os dados do projeto.", + "PROJECTNAME": "Nome do Projeto", + "GRANTEDORG": "Organização Concedida", + "RESOURCEOWNER": "Proprietário do Recurso" + }, + "STATE": "Status", + "STATES": { + "1": "Ativo", + "2": "Inativo" + }, + "ALL": "Todos", + "SHOWDETAIL": "Mostrar Detalhes", + "USER": "Usuário", + "MEMBERS": "Gerentes", + "ORG": "Organização", + "PROJECTNAME": "Nome do Projeto", + "GRANTEDORG": "Organização Concedida", + "GRANTEDORGDOMAIN": "Domínio", + "RESOURCEOWNER": "Proprietário do Recurso", + "GRANTEDORGNAME": "Nome da Organização", + "GRANTID": "ID da Concessão", + "CREATIONDATE": "Data de Criação", + "CHANGEDATE": "Última modificação", + "DATES": "Datas", + "ROLENAMESLIST": "Funções", + "NOROLES": "Nenhuma função", + "TYPE": "Tipo", + "TOAST": { + "PROJECTGRANTUSERGRANTADDED": "Concessão de projeto criada.", + "PROJECTGRANTADDED": "Concessão de projeto criada.", + "PROJECTGRANTCHANGED": "Concessão de projeto alterada.", + "PROJECTGRANTMEMBERADDED": "Gerente da concessão adicionado.", + "PROJECTGRANTMEMBERCHANGED": "Gerente da concessão alterado.", + "PROJECTGRANTMEMBERREMOVED": "Gerente da concessão removido.", + "PROJECTGRANTUPDATED": "Concessão de Projeto atualizada" + }, + "DIALOG": { + "DELETE_TITLE": "Excluir concessão de projeto", + "DELETE_DESCRIPTION": "Você está prestes a excluir uma concessão de projeto. Tem certeza?" + }, + "ROLES": "Funções do Projeto" + }, + "APP": { + "TITLE": "Aplicativos", + "NAME": "Nome", + "NAMEREQUIRED": "É necessário um nome." + }, + "ROLE": { + "EMPTY": "Nenhuma função foi criada ainda.", + "ADDNEWLINE": "Adicionar função adicional", + "KEY": "Chave", + "TITLE": "Funções", + "DESCRIPTION": "Defina algumas funções que podem ser usadas para criar concessões de projeto.", + "NAME": "Nome", + "DISPLAY_NAME": "Nome de Exibição", + "GROUP": "Grupo", + "ACTIONS": "Ações", + "ADDTITLE": "Criar Função", + "ADDDESCRIPTION": "Insira os dados para a nova função.", + "EDITTITLE": "Editar Função", + "EDITDESCRIPTION": "Insira os novos dados para a função.", + "DELETE": "Excluir Função", + "CREATIONDATE": "Criada em", + "CHANGEDATE": "Última modificação", + "SELECTGROUPTOOLTIP": "Selecione todas as funções do grupo {{group}}.", + "OPTIONS": "Opções", + "ASSERTION": "Afirma Funções na Autenticação", + "ASSERTION_DESCRIPTION": "As informações de função são enviadas pelo ponto de extremidade Userinfo e dependendo das configurações do seu aplicativo em tokens e outros tipos.", + "CHECK": "Verificar autorização na Autenticação", + "CHECK_DESCRIPTION": "Se definido, os usuários só podem fazer login se alguma função for atribuída à sua conta.", + "DIALOG": { + "DELETE_TITLE": "Excluir função", + "DELETE_DESCRIPTION": "Você está prestes a excluir uma função de projeto. Tem certeza?" + } + }, + "HAS_PROJECT": "Verificar Projeto na Autenticação", + "HAS_PROJECT_DESCRIPTION": "Verifica se a organização dousuário possui este projeto. Se não possuir, o usuário não poderá ser autenticado.", + "TABLE": { + "TOTAL": "Total de Entradas:", + "SELECTION": "Elementos Selecionados", + "DEACTIVATE": "Desativar Projeto", + "ACTIVATE": "Ativar Projeto", + "DELETE": "Excluir Projeto", + "ORGNAME": "Nome da Organização", + "ORGDOMAIN": "Domínio da Organização", + "STATE": "Status", + "TYPE": "Tipo", + "CREATIONDATE": "Criado em", + "CHANGEDATE": "Última modificação", + "RESOURCEOWNER": "Proprietário do Recurso", + "SHOWTABLE": "Mostrar tabela", + "SHOWGRID": "Mostrar grade", + "EMPTY": "Nenhum projeto encontrado" + }, + "TOAST": { + "MEMBERREMOVED": "Gerente removido.", + "MEMBERSADDED": "Gerentes adicionados.", + "MEMBERADDED": "Gerente adicionado.", + "MEMBERCHANGED": "Gerente alterado.", + "ROLESCREATED": "Funções criadas.", + "ROLEREMOVED": "Função removida.", + "ROLECHANGED": "Função alterada.", + "REACTIVATED": "Reativado.", + "DEACTIVATED": "Desativado.", + "CREATED": "Projeto criado.", + "UPDATED": "Projeto alterado.", + "GRANTUPDATED": "Concessão alterada.", + "DELETED": "Projeto excluído." + } + }, + "ROLES": { + "DIALOG": { + "DELETE_TITLE": "Excluir função", + "DELETE_DESCRIPTION": "Você está prestes a excluir uma função. Tem certeza?" + } + }, + "NEXTSTEPS": { + "TITLE": "Próximos Passos" + }, + "IDP": { + "LIST": { + "TITLE": "Provedores de Identidade", + "DESCRIPTION": "Gerencie a configuração do seu Provedor de Identidade, que pode ser ativado nas suas Configurações de Login.", + "ACTIVETITLE": "Provedores de Identidade Ativos" + }, + "CREATE": { + "TITLE": "Adicionar provedor", + "DESCRIPTION": "Selecione um ou mais dos seguintes provedores.", + "STEPPERTITLE": "Criar Provedor", + "OIDC": { + "TITLE": "Provedor OIDC", + "DESCRIPTION": "Insira os dados necessários para o seu provedor OIDC." + }, + "OAUTH": { + "TITLE": "Provedor OAuth", + "DESCRIPTION": "Insira os dados necessários para o seu provedor OAuth." + }, + "JWT": { + "TITLE": "Provedor JWT", + "DESCRIPTION": "Insira os dados necessários para o seu provedor JWT." + }, + "GOOGLE": { + "TITLE": "Provedor Google", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Google" + }, + "GITLAB": { + "TITLE": "Provedor Gitlab", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Gitlab" + }, + "GITLABSELFHOSTED": { + "TITLE": "Provedor Gitlab Self Hosted", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Gitlab Self Hosted" + }, + "GITHUBES": { + "TITLE": "Provedor GitHub Enterprise Server", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do GitHub Enterprise Server" + }, + "GITHUB": { + "TITLE": "Provedor Github", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade do Github" + }, + "AZUREAD": { + "TITLE": "Provedor Microsoft", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade da Microsoft" + }, + "LDAP": { + "TITLE": "Active Directory / LDAP", + "DESCRIPTION": "Insira as credenciais para o seu Provedor de Identidade LDAP" + } + }, + "DETAIL": { + "TITLE": "Provedor de Identidade", + "DESCRIPTION": "Atualize a configuração do seu provedor", + "DATECREATED": "Criado em", + "DATECHANGED": "Última modificação" + }, + "OPTIONS": { + "ISAUTOCREATION": "Criação Automática", + "ISAUTOCREATION_DESC": "Se selecionado, uma conta será criada se ainda não existir.", + "ISAUTOUPDATE": "Atualização Automática", + "ISAUTOUPDATE_DESC": "Se selecionado, as contas são atualizadas ao serem reautenticadas.", + "ISCREATIONALLOWED": "Criação de Conta Permitida", + "ISCREATIONALLOWED_DESC": "Determina se as contas podem ser criadas.", + "ISLINKINGALLOWED": "Vinculação de Conta Permitida", + "ISLINKINGALLOWED_DESC": "Determina se uma identidade pode ser vinculada a uma conta existente." + }, + "OWNERTYPES": { + "0": "desconhecido", + "1": "Instância", + "2": "Organização" + }, + "STATES": { + "1": "ativo", + "2": "inativo" + }, + "AZUREADTENANTTYPES": { + "3": "ID do Locatário", + "0": "Comum", + "1": "Organizações", + "2": "Consumidores" + }, + "AZUREADTENANTTYPE": "Tipo de Locatário", + "AZUREADTENANTID": "ID do Locatário", + "EMAILVERIFIED": "E-mail Verificado", + "NAMEHINT": "Se especificado, será mostrado na interface de login.", + "OPTIONAL": "opcional", + "LDAPATTRIBUTES": "Atributos LDAP", + "UPDATEBINDPASSWORD": "atualizar Senha de Vinculação", + "UPDATECLIENTSECRET": "atualizar segredo do cliente", + "ADD": "Adicionar Provedor de Identidade", + "TYPE": "Tipo", + "OWNER": "Proprietário", + "ID": "ID", + "NAME": "Nome", + "AUTHORIZATIONENDPOINT": "Ponto de Autorização", + "TOKENENDPOINT": "Ponto de Token", + "USERENDPOINT": "Ponto de Usuário", + "IDATTRIBUTE": "Atributo ID", + "AVAILABILITY": "Disponibilidade", + "AVAILABLE": "disponível", + "AVAILABLEBUTINACTIVE": "disponível, mas inativo", + "SETAVAILABLE": "definir como disponível", + "SETUNAVAILABLE": "definir como indisponível", + "CONFIG": "Configuração", + "STATE": "Status", + "ISSUER": "Eu emissor", + "SCOPESLIST": "Lista de Escopos", + "CLIENTID": "ID do Cliente", + "CLIENTSECRET": "Segredo do Cliente", + "LDAPCONNECTION": "Conexão", + "LDAPUSERBINDING": "Vínculo de Usuário", + "BASEDN": "BaseDn", + "BINDDN": "BindDn", + "BINDPASSWORD": "Senha de Vinculação", + "SERVERS": "Servidores", + "STARTTLS": "Iniciar TLS", + "TIMEOUT": "Tempo limite em segundos", + "USERBASE": "Base de Usuários", + "USERFILTERS": "Filtros de Usuário", + "USEROBJECTCLASSES": "Classes de Objeto de Usuário", + "REQUIRED": "obrigatório", + "LDAPIDATTRIBUTE": "atributo ID", + "AVATARURLATTRIBUTE": "atributo URL de Avatar", + "DISPLAYNAMEATTRIBUTE": "atributo de Nome Exibido", + "EMAILATTRIBUTEATTRIBUTE": "atributo de E-mail", + "EMAILVERIFIEDATTRIBUTE": "atributo de E-mail Verificado", + "FIRSTNAMEATTRIBUTE": "atributo de Nome Próprio", + "LASTNAMEATTRIBUTE": "atributo de Sobrenome", + "NICKNAMEATTRIBUTE": "atributo de Apelido", + "PHONEATTRIBUTE": "atributo de Telefone", + "PHONEVERIFIEDATTRIBUTE": "atributo de Telefone Verificado", + "PREFERREDLANGUAGEATTRIBUTE": "atributo de Idioma Preferido", + "PREFERREDUSERNAMEATTRIBUTE": "atributo de Nome de Usuário Preferido", + "PROFILEATTRIBUTE": "atributo de Perfil", + "IDPDISPLAYNAMMAPPING": "Mapeamento de Nome de Exibição do IDP", + "USERNAMEMAPPING": "Mapeamento de Nome de Usuário", + "DATES": "Datas", + "CREATIONDATE": "Criado em", + "CHANGEDATE": "Última Modificação", + "DEACTIVATE": "Desativar", + "ACTIVATE": "Ativar", + "DELETE": "Excluir", + "DELETE_TITLE": "Excluir Provedor de Identidade", + "DELETE_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?", + "DELETE_SELECTION_TITLE": "Excluir Provedor de Identidade", + "DELETE_SELECTION_DESCRIPTION": "Você está prestes a excluir um provedor de identidade. As alterações resultantes são irreversíveis. Você realmente deseja fazer isso?", + "EMPTY": "Nenhum provedor de identidade disponível", + "OIDC": { + "GENERAL": "Informações Gerais", + "TITLE": "Configuração OIDC", + "DESCRIPTION": "Insira os dados para o Provedor de Identidade OIDC." + }, + "JWT": { + "TITLE": "Configuração JWT", + "DESCRIPTION": "Insira os dados para o Provedor de Identidade JWT.", + "HEADERNAME": "Nome do Cabeçalho", + "JWTENDPOINT": "Endpoint JWT", + "JWTKEYSENDPOINT": "Endpoint de Chaves JWT" + }, + "TOAST": { + "SAVED": "Salvo com sucesso.", + "REACTIVATED": "Provedor de identidade reativado.", + "DEACTIVATED": "Provedor de identidade desativado.", + "SELECTEDREACTIVATED": "Provedores de identidade selecionados reativados.", + "SELECTEDDEACTIVATED": "Provedores de identidade selecionados desativados.", + "SELECTEDKEYSDELETED": "Provedores de identidade selecionados excluídos.", + "DELETED": "Provedor de identidade removido com sucesso!", + "ADDED": "Adicionado com sucesso.", + "REMOVED": "Removido com sucesso." + } + }, + "MFA": { + "LIST": { + "MULTIFACTORTITLE": "Sem Senha", + "MULTIFACTORDESCRIPTION": "Defina seus Multifactores para autenticação sem senha aqui.", + "SECONDFACTORTITLE": "Autenticação Multifator", + "SECONDFACTORDESCRIPTION": "Defina outros fatores possíveis com os quais você pode proteger a autenticação por senha." + }, + "CREATE": { + "TITLE": "Novo Fator", + "DESCRIPTION": "Selecione o tipo do novo fator." + }, + "DELETE": { + "TITLE": "Excluir Fator", + "DESCRIPTION": "Você está prestes a excluir um fator das Configurações de Login. Tem certeza?" + }, + "TOAST": { + "ADDED": "Adicionado com sucesso.", + "SAVED": "Salvo com sucesso.", + "DELETED": "Removido com sucesso" + }, + "TYPE": "Tipo", + "MULTIFACTORTYPES": { + "0": "Desconhecido", + "1": "Impressão Digital, Chaves de Segurança, Face ID e outros" + }, + "SECONDFACTORTYPES": { + "0": "Desconhecido", + "1": "Senha de Uso Único (OTP)", + "2": "Impressão Digital, Chaves de Segurança, Face ID e outros" + } + }, + "LOGINPOLICY": { + "CREATE": { + "TITLE": "Configurações de Login", + "DESCRIPTION": "Defina como seus usuários podem ser autenticados na sua organização." + }, + "IDPS": "Provedores de Identidade", + "ADDIDP": { + "TITLE": "Adicionar Provedor de Identidade", + "DESCRIPTION": "Você pode selecionar provedores pré-definidos ou criados por você para autenticação.", + "SELECTIDPS": "Provedores de identidade" + }, + "PASSWORDLESS": "Login sem Senha", + "PASSWORDLESSTYPE": { + "0": "Não permitido", + "1": "Permitido" + } + }, + "APP": { + "LIST": "Aplicações", + "COMPLIANCE": "Conformidade OIDC", + "URLS": "URLs", + "CONFIGURATION": "Configuração", + "TOKEN": "Configurações de Token", + "PAGES": { + "TITLE": "Aplicativo", + "ID": "ID", + "DESCRIPTION": "Aqui você pode editar os dados do seu aplicativo e sua configuração.", + "CREATE": "Criar aplicativo", + "CREATE_SELECT_PROJECT": "Selecione o seu projeto primeiro", + "CREATE_NEW_PROJECT": "ou crie um novo aqui.", + "CREATE_DESC_TITLE": "Insira os Detalhes do seu Aplicativo Passo a Passo", + "CREATE_DESC_SUB": "Uma configuração recomendada será gerada automaticamente.", + "STATE": "Status", + "DATECREATED": "Criado", + "DATECHANGED": "Alterado", + "URLS": "URLs", + "DELETE": "Excluir App", + "DETAIL": { + "TITLE": "Detalhe", + "STATE": { + "0": "Não definido", + "1": "Ativo", + "2": "Inativo" + } + }, + "DIALOG": { + "CONFIG": { + "TITLE": "Alterar Configuração OIDC" + }, + "DELETE": { + "TITLE": "Excluir App", + "DESCRIPTION": "Você realmente deseja excluir este aplicativo?" + } + }, + "NEXTSTEPS": { + "TITLE": "Próximos Passos", + "0": { + "TITLE": "Adicionar funções", + "DESC": "Insira as funções do seu projeto" + }, + "1": { + "TITLE": "Adicionar usuários", + "DESC": "Adicione novos usuários da sua organização" + }, + "2": { + "TITLE": "Ajuda e Suporte", + "DESC": "Leia nossa documentação sobre como criar aplicativos ou entre em contato com nosso suporte" + } + } + }, + "NAMEDIALOG": { + "TITLE": "Renomear Aplicativo", + "DESCRIPTION": "Digite o novo nome para o seu aplicativo", + "NAME": "Novo Nome" + }, + "NAME": "Nome", + "TYPE": "Tipo de Aplicativo", + "AUTHMETHOD": "Método de Autenticação", + "AUTHMETHODSECTION": "Método de Autenticação", + "GRANT": "Tipos de Concessão", + "ADDITIONALORIGINS": "Origens Adicionais", + "ADDITIONALORIGINSDESC": "Se você deseja adicionar origens adicionais ao seu aplicativo que não são usadas como redirecionamento, você pode fazer isso aqui.", + "ORIGINS": "Origens", + "NOTANORIGIN": "O valor inserido não é uma origem", + "PROSWITCH": "Sou um profissional. Pular este assistente.", + "NAMEANDTYPESECTION": "Nome e Tipo", + "TITLEFIRST": "Nome do aplicativo", + "TYPETITLE": "Tipo de aplicativo", + "OIDC": { + "WELLKNOWN": "Links adicionais podem ser obtidos a partir do endpoint de descoberta.", + "INFO": { + "ISSUER": "Emissor", + "CLIENTID": "ID do Cliente" + }, + "CURRENT": "Configuração Atual", + "TOKENSECTIONTITLE": "Opções de Token de Autenticação", + "REDIRECTSECTIONTITLE": "Configurações de Redirecionamento", + "REDIRECTTITLE": "Especifique as URIs para onde o login será redirecionado.", + "POSTREDIRECTTITLE": "Esta é a URI de redirecionamento após o logout.", + "REDIRECTDESCRIPTIONWEB": "URIs de redirecionamento devem começar com https://. http:// é válido apenas com o modo de desenvolvimento habilitado.", + "REDIRECTDESCRIPTIONNATIVE": "URIs de redirecionamento devem começar com seu próprio protocolo, http://127.0.0.1, http://[::1] ou http://localhost.", + "REDIRECTNOTVALID": "Esta URI de redirecionamento não é válida.", + "COMMAORENTERSEPERATION": "separar com ↵", + "TYPEREQUIRED": "O tipo é obrigatório.", + "TITLE": "Configuração OIDC", + "CLIENTID": "ID do Cliente", + "CLIENTSECRET": "Segredo do Cliente", + "CLIENTSECRET_NOSECRET": "Com o fluxo de autenticação escolhido, nenhum segredo é necessário e, portanto, não está disponível.", + "CLIENTSECRET_DESCRIPTION": "Mantenha o segredo do cliente em um local seguro, pois ele desaparecerá assim que o diálogo for fechado.", + "REGENERATESECRET": "Regenerar Segredo do Cliente", + "DEVMODE": "Modo de Desenvolvimento", + "DEVMODEDESC": "Atenção: Com o modo de desenvolvimento habilitado, as URIs de redirecionamento não serão validadas.", + "SKIPNATIVEAPPSUCCESSPAGE": "Pular Página de Sucesso de Login", + "SKIPNATIVEAPPSUCCESSPAGE_DESCRIPTION": "Pule a página de sucesso após o login para este aplicativo nativo.", + "REDIRECT": "URIs de Redirecionamento", + "REDIRECTSECTION": "URIs de Redirecionamento", + "POSTLOGOUTREDIRECT": "URIs de Pós-Logout", + "RESPONSESECTION": "Tipos de Resposta", + "GRANTSECTION": "Tipos de Concessão", + "GRANTTITLE": "Selecione os tipos de concessão. Observação: O tipo Implícito está disponível apenas para aplicativos baseados em navegador.", + "APPTYPE": { + "0": "Web", + "1": "Agente de Usuário", + "2": "Nativo" + }, + "RESPONSETYPE": "Tipos de Resposta", + "RESPONSE": { + "0": "Código", + "1": "ID Token", + "2": "Token-ID Token" + }, + "REFRESHTOKEN": "Token de Atualização", + "GRANTTYPE": "Tipos de Concessão", + "GRANT": { + "0": "Código de Autorização", + "1": "Implícito", + "2": "Token de Atualização", + "3": "Código do Dispositivo" + }, + "AUTHMETHOD": { + "0": "Básico", + "1": "Post", + "2": "Nenhum", + "3": "JWT de Chave Privada" + }, + "TOKENTYPE": "Tipo de Token de Autenticação", + "TOKENTYPE0": "Token de Portador", + "TOKENTYPE1": "JWT", + "UNSECUREREDIRECT": "Espero que você saiba o que está fazendo.", + "OVERVIEWSECTION": "Visão Geral", + "OVERVIEWTITLE": "Agora você terminou. Revise sua configuração.", + "ACCESSTOKENROLEASSERTION": "Adicionar funções do usuário ao token de acesso", + "ACCESSTOKENROLEASSERTION_DESCRIPTION": "Se selecionado, as funções solicitadas do usuário autenticado serão adicionadas ao token de acesso.", + "IDTOKENROLEASSERTION": "Funções do usuário no ID Token", + "IDTOKENROLEASSERTION_DESCRIPTION": "Se selecionado, as funções solicitadas do usuário autenticado serão adicionadas ao ID token.", + "IDTOKENUSERINFOASSERTION": "Informações do usuário no ID Token", + "IDTOKENUSERINFOASSERTION_DESCRIPTION": "Permite que os clientes obtenham claims de perfil, e-mail, telefone e endereço do ID token.", + "CLOCKSKEW": "Permite que os clientes lidem com a discrepância de tempo do OP e do cliente. A duração (0-5s) será adicionada ao claim exp e subtraída de iat, auth_time e nbf.", + "RECOMMENDED": "recomendado", + "NOTRECOMMENDED": "não recomendado", + "SELECTION": { + "APPTYPE": { + "WEB": { + "TITLE": "Web", + "DESCRIPTION": "Aplicações da Web regulares como .net, PHP, Node.js, Java, etc." + }, + "NATIVE": { + "TITLE": "Nativo", + "DESCRIPTION": "Aplicativos móveis, desktop, dispositivos inteligentes, etc." + }, + "USERAGENT": { + "TITLE": "Agente de Usuário", + "DESCRIPTION": "Aplicativos de página única (SPA) e, em geral, todos os frameworks JS executados em navegadores" + } + } + } + }, + "API": { + "INFO": { + "CLIENTID": "ID do Cliente" + }, + "REGENERATESECRET": "Regenerar Segredo do Cliente", + "SELECTION": { + "TITLE": "API", + "DESCRIPTION": "APIs em geral" + }, + "AUTHMETHOD": { + "0": "Básico", + "1": "JWT de Chave Privada" + } + }, + "SAML": { + "SELECTION": { + "TITLE": "SAML", + "DESCRIPTION": "Aplicativos SAML" + }, + "CONFIGSECTION": "Configuração SAML", + "URL": "URL onde o arquivo de Metadados está localizado", + "OR": "ou", + "XML": "Carregar XML de Metadados", + "METADATA": "Metadados", + "METADATAFROMFILE": "Metadados do Arquivo" + }, + "AUTHMETHODS": { + "CODE": { + "TITLE": "Código", + "DESCRIPTION": "Trocar o código de autorização pelos tokens" + }, + "PKCE": { + "TITLE": "PKCE", + "DESCRIPTION": "Usar um hash aleatório em vez de um segredo de cliente estático para maior segurança" + }, + "POST": { + "TITLE": "POST", + "DESCRIPTION": "Enviar client_id e client_secret como parte do formulário" + }, + "PK_JWT": { + "TITLE": "JWT de Chave Privada", + "DESCRIPTION": "Usar uma chave privada para autorizar seu aplicativo" + }, + "BASIC": { + "TITLE": "Básico", + "DESCRIPTION": "Autenticação com Nome de Usuário e Senha" + }, + "IMPLICIT": { + "TITLE": "Implícito", + "DESCRIPTION": "Obter os tokens diretamente do ponto de extremidade de autorização" + }, + "DEVICECODE": { + "TITLE": "Código do Dispositivo", + "DESCRIPTION": "Autorizar o dispositivo em um computador ou smartphone." + }, + "CUSTOM": { + "TITLE": "Personalizado", + "DESCRIPTION": "Sua configuração não corresponde a nenhuma outra opção." + } + }, + "TOAST": { + "REACTIVATED": "Aplicativo reativado.", + "DEACTIVATED": "Aplicativo desativado.", + "OIDCUPDATED": "Aplicativo atualizado.", + "APIUPDATED": "Aplicativo atualizado.", + "UPDATED": "Aplicativo atualizado.", + "CREATED": "Aplicativo criado.", + "CLIENTSECRETREGENERATED": "segredo do cliente gerado.", + "DELETED": "Aplicativo excluído.", + "CONFIGCHANGED": "Alterações detectadas!" + } + }, + "GENDERS": { + "0": "Desconhecido", + "1": "Feminino", + "2": "Masculino", + "3": "Outro" + }, + "LANGUAGES": { + "de": "Deutsch", + "en": "English", + "es": "Español", + "fr": "Français", + "it": "Italiano", + "ja": "日本語", + "pl": "Polski", + "zh": "简体中文", + "bg": "Български", + "pt": "Portuguese", + "mk": "Македонски" + }, + "MEMBER": { + "ADD": "Adicionar um Gerente", + "CREATIONTYPE": "Tipo de Criação", + "CREATIONTYPES": { + "3": "IAM", + "2": "Organização", + "0": "Projeto Próprio", + "1": "Projeto Concedido", + "4": "Projeto" + }, + "EDITROLE": "Editar funções", + "EDITFOR": "Editar as funções para o usuário: {{value}}", + "DIALOG": { + "DELETE_TITLE": "Remover Gerente", + "DELETE_DESCRIPTION": "Você está prestes a remover um gerente. Tem certeza?" + } + }, + "ROLESLABEL": "Funções", + "GRANTS": { + "TITLE": "Autorizações", + "DESC": "Estas são todas as autorizações na sua organização.", + "DELETE": "Excluir Autorização", + "EMPTY": "Nenhuma autorização encontrada", + "ADD": "Criar Autorização", + "ADD_BTN": "Novo", + "PROJECT": { + "TITLE": "Autorização", + "DESCRIPTION": "Defina as autorizações para o projeto especificado. Observe que você só pode ver entradas de projetos e usuários para os quais você tem permissão." + }, + "USER": { + "TITLE": "Autorização", + "DESCRIPTION": "Defina as autorizações para o usuário especificado. Observe que você só pode ver entradas de projetos e usuários para os quais você tem permissão." + }, + "CREATE": { + "TITLE": "Criar autorização", + "DESCRIPTION": "Pesquise a organização, o projeto e as funções correspondentes." + }, + "EDIT": { + "TITLE": "Alterar autorização" + }, + "DETAIL": { + "TITLE": "Detalhes da Autorização", + "DESCRIPTION": "Aqui você pode ver todos os detalhes da autorização." + }, + "TOAST": { + "UPDATED": "Autorização atualizada.", + "REMOVED": "Autorização removida", + "BULKREMOVED": "Autorizações removidas." + }, + "DIALOG": { + "DELETE_TITLE": "Excluir autorização", + "DELETE_DESCRIPTION": "Você está prestesa excluir uma autorização. Deseja continuar?", + "BULK_DELETE_TITLE": "Excluir autorizações", + "BULK_DELETE_DESCRIPTION": "Você está prestes a excluir várias autorizações. Deseja continuar?" + } + }, + "CHANGES": { + "LISTTITLE": "Últimas Alterações", + "BOTTOM": "Você chegou ao final da lista.", + "LOADMORE": "Carregar mais", + "ORG": { + "TITLE": "Atividade", + "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração na organização." + }, + "PROJECT": { + "TITLE": "Atividade", + "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração no projeto." + }, + "USER": { + "TITLE": "Atividade", + "DESCRIPTION": "Aqui você pode ver os eventos mais recentes que geraram uma alteração no usuário." + } + } +} diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json index a9527fb16d..423fbf027a 100644 --- a/console/src/assets/i18n/zh.json +++ b/console/src/assets/i18n/zh.json @@ -1041,7 +1041,7 @@ "pl": "Polski", "zh": "简体中文", "bg": "Български", - "pt": "Portuguese", + "pt": "Portuguese", "mk": "Македонски" }, "SMTP": { From cd5e176e3022b469a1759d78ef1267da3a283ab9 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 21 Jul 2023 13:04:55 +0200 Subject: [PATCH 02/32] fix: user grant by id (#6242) --- internal/api/grpc/management/user_grant.go | 2 +- internal/query/user_grant.go | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/internal/api/grpc/management/user_grant.go b/internal/api/grpc/management/user_grant.go index a9beb328c9..7dc4a1e58a 100644 --- a/internal/api/grpc/management/user_grant.go +++ b/internal/api/grpc/management/user_grant.go @@ -11,7 +11,7 @@ import ( ) func (s *Server) GetUserGrantByID(ctx context.Context, req *mgmt_pb.GetUserGrantByIDRequest) (*mgmt_pb.GetUserGrantByIDResponse, error) { - idQuery, err := query.NewUserGrantGrantIDSearchQuery(req.GrantId) + idQuery, err := query.NewUserGrantIDSearchQuery(req.GrantId) if err != nil { return nil, err } diff --git a/internal/query/user_grant.go b/internal/query/user_grant.go index 6d0eaa95bc..f78cd99d86 100644 --- a/internal/query/user_grant.go +++ b/internal/query/user_grant.go @@ -93,6 +93,10 @@ func NewUserGrantGrantIDSearchQuery(id string) (SearchQuery, error) { return NewTextQuery(UserGrantGrantID, id, TextEquals) } +func NewUserGrantIDSearchQuery(id string) (SearchQuery, error) { + return NewTextQuery(UserGrantID, id, TextEquals) +} + func NewUserGrantUserTypeQuery(typ domain.UserType) (SearchQuery, error) { return NewNumberQuery(UserTypeCol, typ, NumberEquals) } From 01dce17b142ffe86383cbba58f5d15e1fd0da476 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 21 Jul 2023 14:37:07 +0200 Subject: [PATCH 03/32] chore: remove on push and merge_group from pipeline execution (#6254) --- .github/workflows/build.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2646f52580..192beb3d64 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -1,13 +1,7 @@ name: ZITADEL CI/CD on: - push: - tags-ignore: - - "*" - branches: - - "**" pull_request: - merge_group: workflow_dispatch: permissions: From cedf4dda5b2ed7d8e5ebfbeeed4fd2cc7aa277a1 Mon Sep 17 00:00:00 2001 From: Dakshitha Ratnayake Date: Fri, 21 Jul 2023 18:40:16 +0530 Subject: [PATCH 04/32] docs: add guide on retrieving user roles (#6248) * Added documenation for retrieving user roles. * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi * Update retrieve-user-roles.md * Update retrieve-user-roles.md * Update docs/docs/guides/integrate/retrieve-user-roles.md Co-authored-by: Fabi --------- Co-authored-by: Fabi Co-authored-by: Livio Spring --- .../guides/integrate/retrieve-user-roles.md | 474 ++++++++++++++++++ docs/sidebars.js | 8 + .../integrate/retrieve-user-roles-1.png | Bin 0 -> 151260 bytes .../integrate/retrieve-user-roles-2.png | Bin 0 -> 206633 bytes 4 files changed, 482 insertions(+) create mode 100644 docs/docs/guides/integrate/retrieve-user-roles.md create mode 100644 docs/static/img/guides/integrate/retrieve-user-roles-1.png create mode 100644 docs/static/img/guides/integrate/retrieve-user-roles-2.png diff --git a/docs/docs/guides/integrate/retrieve-user-roles.md b/docs/docs/guides/integrate/retrieve-user-roles.md new file mode 100644 index 0000000000..64f5d9ebbc --- /dev/null +++ b/docs/docs/guides/integrate/retrieve-user-roles.md @@ -0,0 +1,474 @@ +--- +title: Retrieve user roles +--- + +This guide explains all the possible ways of retrieving user roles across different organizations and projects using ZITADEL's APIs. + +## What are roles/authorizations/grants in ZITADEL? +User roles, user grants, or authorizations refer to the roles that are assigned to a user. These terms are used interchangeably to mean the roles assigned to the user, e.g., the ZITADEL Console refers to the pairing of roles and users as authorizations, whereas the APIs refer to them as grants. This guide will use the term roles for application-specific roles (e.g., `admin`, `accountant`, `employee`, `hr`, etc.) and ZITADEL-specific manager roles (e.g., `IAM_OWNER`, `ORG_OWNER`, `PROJECT_OWNER`, etc.). + +Roles are critical to managing permissions in a single-tenant or multi-tenant application. It can, however, be tricky to retrieve them, especially when spanning multiple organizations and projects. + +## Assign roles and memberships + +Human or service users can be assigned roles. You can do this via the ZITADEL Console or the ZITADEL APIs. As mentioned earlier, there are two types of roles in ZITADEL. You can have your own application-specific roles, and alternatively, ZITADEL also has manager roles, such as `ORG_OWNER` and `IAM_OWNER`. + +Follow the links below to assign roles to your users. + +- [Add application roles via the ZITADEL Console](/docs/guides/manage/console/roles) +- [Add manager roles via the ZITADEL Console](/docs/guides/manage/console/managers) +- [Add application roles via the ZITADEL Management API](/docs/category/apis/resources/mgmt/project-roles) +- [Add manager roles to users via the ZITADEL Management API](/category/apis/resources/mgmt/members) + +## Retrieve roles + +Roles can be requested via our auth and management APIs, from userinfo endpoint or ID token. Currently, manager roles cannot be directly included in the token. You will need to use the ZITADEL APIs to retrieve them. + +### Generate a token + +You must first of all generate a token for the user. If it’s a human user, he would be using a front-end application and logging in via the browser or device. An access token will be returned after they log in successfully. A machine user will use a script or other program to generate a token using the JWT profile or client credentials grant types. + +How to generate a token: + +- [Generate tokens for human users](/docs/guides/integrate/login-users) +- [Generate tokens for service users](/docs/guides/integrate/serviceusers) + +In order to access role information via the token you must include the right audience and the necessary role claims in the scope and/or select the required role settings in the ZITADEL console before requesting the token. + +### Determine the audience + +An important concept in OpenID Connect (OIDC) is the 'audience' (`aud`) claim, which is part of the token payload. The `aud` claim identifies who or what this token is intended for. If the recipient (e.g., a resource server) does not identify itself with a value in the `aud` claim when this claim is present, then the token must be rejected. + +The audience is essential in multi-tier systems, where you may authenticate with one client (in one project) but access resources from another client (in a different project) or when you are accessing ZITADEL’s management APIs. Without the correct audience in your token, you will run into errors, such as the ‘Invalid audience’ error in ZITADEL. + +You can determine the audience in two ways: + +**1. Use the explicit scope for ZITADEL to access only ZITADEL APIs:** + +If your application needs to access ZITADEL's APIs (for example, to pull a list of all users), follow this steps: + +- Add the scope `urn:zitadel:iam:org:project:id:zitadel:aud` to the authentication request when authenticating the user. Now, the application can make calls to ZITADEL's API without running into an ‘Invalid audience’ error. + +**2. Include the project id of the ZITADEL project in the scope for accessing the ZITADEL APIs or anything else:** + +Let's assume you have a frontend application and a backend application under different projects. Here's how to add the correct audience: + +- Authenticate the end-users to an application in your front-end project. +- In the authentication request sent from the front-end application, add the scope `urn:zitadel:iam:org:project:id:{projectId}:aud`, replacing `{projectId}` with the project ID of your backend application. +- Now, the front end can send requests to the backend. The backend will validate the token with ZITADEL's introspection endpoint and will not return an ‘Invalid audience’ error. + +And you can also use the same to access the ZITADEL APIs. + +### Role settings in the ZITADEL Console + +If you need user roles returned from the userinfo endpoint, you must select the **’Assert Roles on Authentication’** checkbox in your project under general settings. + +Assert Roles on Authentication + +If you need them included in your ID Token, select **’User Roles Inside ID Token’** in application settings. This has to be set in your applications as this is dependent on your application type. Navigate to your application and select this setting. + +Assert Roles on Authentication + + +Alternatively, you can include the claims `urn:iam:org:project:roles` or/and `urn:zitadel:iam:org:projects:roles` in your scope to achieve the same as above. + +### Retrieve roles from the userinfo endpoint + +The user info endpoint is **ZITADEL_DOMAIN/oidc/v1/userinfo**. + +This endpoint will return information about the authenticated user. +Send the access token of the user as `Bearer Token` in the `Authorization` header: + +**cURL Request:** +```bash +curl --request GET \ + --url $ZITADEL_DOMAIN/oidc/v1/userinfo + --header 'Authorization: Bearer ' +``` + +If the access token is valid, the information about the user (depending on the granted scopes) is returned. Check the [Claims page](/docs/apis/openidoauth/claims) for more details. + +**Sample responses:** + +**1. Scope used:** `openid email profile urn:zitadel:iam:org:project:id:zitadel:aud` + +**Sample response**: + +```bash +{ + "email": "david.wallace@dundermifflin.com", + "email_verified": true, + "family_name": "Wallace", + "gender": "male", + "given_name": "David", + "locale": "en", + "name": "David Wallace", + "nickname": "David", + "preferred_username": "david.wallace", + "sub": "223427827918176513", + "updated_at": 1689669364, + "urn:zitadel:iam:org:project:223281986649719041:roles": { + "cfo": { + "223281939119866113": "corporate.user-authorizations-io8epz.zitadel.cloud" + }, + "corporate member": { + "223279178798072065": "org-a.user-authorizations-io8epz.zitadel.cloud", + "223279223391912193": "org-b.user-authorizations-io8epz.zitadel.cloud" + } + }, + "urn:zitadel:iam:org:project:roles": { + "cfo": { + "223281939119866113": "corporate.user-authorizations-io8epz.zitadel.cloud" + }, + "corporate member": { + "223279178798072065": "org-a.user-authorizations-io8epz.zitadel.cloud", + "223279223391912193": "org-b.user-authorizations-io8epz.zitadel.cloud" + } + } +} +``` + +This request can be tested out in the following way: +1. Select the **‘Assert Roles on Authentication’** checkbox. +2. Do not include the roles claims in the scope. +3. When you run the command, you will see that the roles were returned. +4. If you unselect the **‘Assert Roles on Authentication’** checkbox, you will not see the roles. + + +**2. Scope used:** `openid email profile urn:zitadel:iam:org:project:id:{projectId}:aud urn:iam:org:project:roles urn:zitadel:iam:org:projects:roles` + +:::note +In order to stay up-to-date with the latest ZITADEL standards, we recommend that you use the roles from the identifier `urn:zitadel:iam:org:project:{projectId}:roles` rather than `urn:zitadel:iam:org:project:roles`. While both identifiers are maintained for backwards compatibility, the format which includes the specific ID represents our more recent model. +::: + +**Sample response:** + +```bash +{ + "email": "david.wallace@dundermifflin.com", + "email_verified": true, + "family_name": "Wallace", + "gender": "male", + "given_name": "David", + "locale": "en", + "name": "David Wallace", + "nickname": "David", + "preferred_username": "david.wallace", + "sub": "223427827918176513", + "updated_at": 1689669364, + "urn:zitadel:iam:org:project:223281986649719041:roles": { + "cfo": { + "223281939119866113": "corporate.user-authorizations-io8epz.zitadel.cloud" + }, + "corporate member": { + "223279178798072065": "org-a.user-authorizations-io8epz.zitadel.cloud", + "223279223391912193": "org-b.user-authorizations-io8epz.zitadel.cloud" + } + }, + "urn:zitadel:iam:org:project:roles": { + "cfo": { + "223281939119866113": "corporate.user-authorizations-io8epz.zitadel.cloud" + }, + "corporate member": { + "223279178798072065": "org-a.user-authorizations-io8epz.zitadel.cloud", + "223279223391912193": "org-b.user-authorizations-io8epz.zitadel.cloud" + } + } +} +``` + +This request can be tested out in the following way: +1. Do not select the **‘Assert Roles on Authentication’** checkbox +2. Include the role claims in the scope as given. +3. When you run the command, you will see the roles in the response. +4. If you remove the role claims in the scope and run the command, you will not receive the roles. + +### Retrieve roles using the auth API + +Now we will use the auth API to retrieve roles from a logged in user using the user’s token +The base URL is: **https://$ZITADEL_DOMAIN/auth/v1** + +Let’s start with a user who has multiple roles in different organizations in a multi-tenanted set up. You can use the logged in user’s token or the machine user’s token to retrieve the authorizations using the [APIs listed under user authorizations/grants in the auth API](/docs/category/apis/resources/auth/user-authorizations-grants). + +**Scope used:** `openid urn:zitadel:iam:org:project:id:zitadel:aud` + + +#### **1. [List my project roles](/docs/apis/resources/auth/auth-service-list-my-project-permissions)** + +Returns a list of roles for the authenticated user and for the requesting project (based on the token). + +**URL: https://$ZITADEL_DOMAIN/auth/v1/permissions/me/_search** + +**cURL request:** +```bash +curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/permissions/me/_search' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' +``` + +**Sample response:** + +```bash +{ + "result": [ + "cfo" + ] +} +``` + +#### **2.[List my ZITADEL permissions](/docs/apis/resources/auth/auth-service-list-my-zitadel-permissions)​** + +Returns a list of permissions the authenticated user has in ZITADEL based on the manager roles the user has. (e.g: `ORG_OWNER` = `org.read`, `org.write`, ...). + +This request can be used if you are building a management UI. For instance, if the UI is managing users, you can show the management functionality based on the permissions the user has. Here’s an example: if the user has `user.read` and `user.write` permission you can show the edit buttons, if the user only has `user.read` permission, you can hide the edit buttons. + +**URL: https://ZITADEL_DOMAIN/auth/v1/permissions/zitadel/me/_search** + +**cURL Request:** + +```bash +curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/permissions/zitadel/me/_search' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' +``` + +**Sample result:** + +```bash +{ + "result": [ + "org.read", + "user.read", + "user.global.read", + "user.write", + "user.delete", + "user.grant.read", + "user.grant.write", + "user.grant.delete", + "user.membership.read", + "policy.read", + "project.read", + "project.role.read", + "org.member.read", + "org.idp.read", + "org.action.read", + "org.flow.read", + "project.member.read", + "project.app.read", + "project.grant.read", + "project.grant.member.read", + "project.grant.user.grant.read", + "project.read:self", + "project.create" + ] +} +``` + +#### **[3. List my authorizations/grants​](/docs/apis/resources/auth/auth-service-list-my-user-grants)** + +Returns a list of user grants the authenticated user has. User grants consist of an organization, a project and roles. + +**URL: https://$ZITADEL_DOMAIN/auth/v1/usergrants/me/_search** + +**cURL request:** + +```bash +curl -L -X POST 'https://$ZITADEL_DOMAIN/auth/v1/usergrants/me/_search' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +--data-raw '{ + "query": { + "offset": "0", + "limit": 100, + "asc": true + } +}' +``` + +**Sample result:** +```bash +{ + "details": { + "totalResult": "3", + "processedSequence": "339", + "viewTimestamp": "2023-07-19T09:20:34.371331Z" + }, + "result": [ + { + "orgId": "223279178798072065", + "projectId": "223281986649719041", + "userId": "223427827918176513", + "roles": [ + "corporate member" + ], + "orgName": "Org A", + "grantId": "223428842084106497", + "details": { + "sequence": "296", + "creationDate": "2023-07-18T08:46:07.692435Z", + "changeDate": "2023-07-18T08:46:07.692435Z", + "resourceOwner": "223279178798072065" + }, + "orgDomain": "org-a.user-authorizations-io8epz.zitadel.cloud", + "projectName": "HR", + "projectGrantId": "223282340514758913", + "roleKeys": [ + "corporate member" + ], + "userType": "TYPE_HUMAN" + }, + { + "orgId": "223279223391912193", + "projectId": "223281986649719041", + "userId": "223427827918176513", + "roles": [ + "corporate member" + ], + "orgName": "Org B", + "grantId": "223428980244480257", + "details": { + "sequence": "298", + "creationDate": "2023-07-18T08:47:30.015324Z", + "changeDate": "2023-07-18T08:47:30.015324Z", + "resourceOwner": "223279223391912193" + }, + "orgDomain": "org-b.user-authorizations-io8epz.zitadel.cloud", + "projectName": "HR", + "projectGrantId": "223282930787549441", + "roleKeys": [ + "corporate member" + ], + "userType": "TYPE_HUMAN" + }, + { + "orgId": "223281939119866113", + "projectId": "223281986649719041", + "userId": "223427827918176513", + "roles": [ + "cfo" + ], + "orgName": "Corporate", + "grantId": "223428420858544385", + "details": { + "sequence": "293", + "creationDate": "2023-07-18T08:41:56.649257Z", + "changeDate": "2023-07-18T08:44:33.094117Z", + "resourceOwner": "223281939119866113" + }, + "orgDomain": "corporate.user-authorizations-io8epz.zitadel.cloud", + "projectName": "HR", + "roleKeys": [ + "cfo" + ], + "userType": "TYPE_HUMAN" + } + ] +} +``` + +### Retrieve roles using the management API +Now we will use the management API to retrieve user roles under an admin user. + +The base URL is: **https://$ZITADEL_DOMAIN/management/v1** + +In [APIs listed under user grants in the management API](/docs/category/apis/resources/mgmt/user-grants), you will see that you can use the management API to retrieve and modify user grants. The two API paths that we are interested in to fetch user roles are given below. + +**Scope used:** `openid urn:zitadel:iam:org:project:id:zitadel:aud` + +#### **1. [Search user grants](/docs/apis/resources/mgmt/management-service-list-user-grants)​** + +Returns a list of user roles that match the search queries. A user with manager permissions will call this API and will also have to reside in the same organization as the user. + +**URL: https://$ZITADEL_DOMAIN/management/v1/users/grants/_search** + +**cURL request:** + +```bash +curl -L -X POST 'https://$ZITADEL_DOMAIN/management/v1/users/grants/_search' \ +-H 'Content-Type: application/json' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' \ +--data '{ + "query": { + "offset": "0", + "limit": 100, + "asc": true + }, + "queries": [ + { + "user_id_query": { + "user_id": "223427827918176513" + } + } + ] +}' +``` + +**Sample result:** + +```bash +{ + "details": { + "totalResult": "1", + "processedSequence": "342", + "viewTimestamp": "2023-07-19T11:24:58.769023Z" + }, + "result": [ + { + "id": "223428420858544385", + "details": { + "sequence": "293", + "creationDate": "2023-07-18T08:41:56.649257Z", + "changeDate": "2023-07-18T08:44:33.094117Z", + "resourceOwner": "223281939119866113" + }, + "roleKeys": [ + "cfo" + ], + "state": "USER_GRANT_STATE_ACTIVE", + "userId": "223427827918176513", + "userName": "david.wallace", + "firstName": "David", + "lastName": "Wallace", + "email": "david.wallace@dundermifflin.com", + "displayName": "David Wallace", + "orgId": "223281939119866113", + "orgName": "Corporate", + "orgDomain": "corporate.user-authorizations-io8epz.zitadel.cloud", + "projectId": "223281986649719041", + "projectName": "HR", + "preferredLoginName": "david.wallace", + "userType": "TYPE_HUMAN" + } + ] +} +``` + +#### **2. [User grant by ID](/docs/apis/resources/mgmt/management-service-get-user-grant-by-id)​** + +Returns a user grant per ID. A user grant is a role a user has for a specific project and organization. + +**URL: https://$ZITADEL_DOMAIN//management/v1/users/:userId/grants/:grantId** + +**cURL request:** + +```bash +curl -L -X GET 'https://$ZITADEL_DOMAIN/management/v1/users/:userId/grants/:grantId' \ +-H 'Accept: application/json' \ +-H 'Authorization: Bearer ' +``` + + +## Summary + +The process of retrieving a user's roles involves understanding the audience scope, getting a token, and accessing the correct API endpoints based on your requirement. Following these steps will help efficiently manage roles in single and multi-tenant applications. + diff --git a/docs/sidebars.js b/docs/sidebars.js index a90e7a0ada..6c66b5f8e0 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -183,6 +183,14 @@ module.exports = { "guides/integrate/pat", ], }, + { + type: "category", + label: "Role management", + collapsed: true, + items: [ + "guides/integrate/retrieve-user-roles" + ], + }, { type: "category", label: "Build your own login UI", diff --git a/docs/static/img/guides/integrate/retrieve-user-roles-1.png b/docs/static/img/guides/integrate/retrieve-user-roles-1.png new file mode 100644 index 0000000000000000000000000000000000000000..f8bda5860bcb1ea77667166a252502dcb72002d4 GIT binary patch literal 151260 zcmeEuXIN9))-H;OWh)kn(xM_FAOxh>s3?dCNRi$I0jUXu7OIGdfPkog(vc=zdJ93M zL_tD{^ePA;1c)I(fIxCr_Bs1}=R0`rzx&)jo9BsHCTqLqe7)U@lf$C%!{cL?9C}OAN24xt za<)%$9Tn+pF!?A7)xS0rG#5Y)g5#R$sarko;EpRz%#TM8$KHMuQONufe1#nyexMhf zm(#DQyYKkD%%fjy4n&xrv+ZcR$z<|uv^mLlXx|05GWpxpv=O>>^uajmPb^H4q4HtI zpSmM9PcZp$7+(}W@c8mvcRqVm&KaXj!Dst!Aa6%i{;azbCH2!Unze${AAX78C>9x+>6OQ)KA3c$*Ey18%kiB0^sHXr z36~o?*FU`;QG20ZA($2E8Swq3`KKoe%!((JNb;dSPVn5|z49$O>fW!j@1EGmw!y+P z4OqgL4m@8!XVnHi6lFZ@%BdS=uz7}*Up`wiKL&Gu5xUbRc^V4tLB-d zroH?_lEpUq!gYQ2w!#xioIg7vL|r@B9V_2Ib8UMi@3g~t0!<1(zt1zM__6^nZ~jMc zH~364xJJSJQ>^|pbNI;NtkoSGH;dRS!SY;7r>wu+^3gcZnTr`p8!y0j zUl=b0p5Qpx_7y$Du4nb)Gr!y{F8nq^>bd37s2L7BQqGOKb938%c^@P$UFR3FN^LzH z9ghwJvz~m+vVR}nZJTbU*Vm4p@Y;}BYf(bzN=!3Je%T*5ooVw-{bHB@(_h?dQ7suK zNY`6_)iIfZLG0IQ1PRe*#m9F|q4BOa#r^hss2*ZP{Ia^hBgngvcz|C`{TCaN*Q8!z zQrRSTm!1x?ZI-(G<>uuxUtel8jJ_0Wu(WIwd5fQ-!J;tPEW-CITaE$DASh~l%YTMox4 zJ4+esY8!};$LJ%c%%AeLjh4S2R#>_`$h2T`bnv;i4LZlq&s!z2r1U)0qr%TKD|Q-0 zdzM}-{hCFmTBk|J`e#u1PC>t~w2k&D?bAmqDvsjsZr+;4j@&4nz1>jxy7DMfKQVe| zef^Tr#>6!*MHHM&XZnm(zlZvn=ipOM zZ=UnGedJZ_!}B+8KKXWSUcmm#ot*t6Prjd{#$Wn*(epU|hWmN8msUSzRu8w|<1job zbEBkJ?=rLf`yY??EAn^W5Xx>}*zYCWaJ)p_H+y|Sb8Wx>v1N7ZOy)D6-bnI&V~2k_ zbLMDthkp6pyDz#w-zoPj<}PYY{sBil@wN*Z)<}Jhg(4o6KlX)lZ9GZK&{IvBc76x8FF?llbCf|FRKIWBn zcH83~iXMkOm_5Lx1Le`1&*iUOh+os(xCqjhj#Lx5nDBD&wa;s_+ew-#Ic#@2?_9cr zxzlo|;LeR)#GSc2jc;N_EsgvO*WMND)LaaR&;F{sD!qDjRn}8#>q33R&b#;5%kwtx zow}^>rv8oh8^uniPRmXndwY8+d)+w``_NV1Iqy#Dn;sF!J=%x&1-AL0^)(IRKU}## zlI3}0F0qqGB*FRCdVZe%(E_aknePVQso&WOrSEIpuMyGpu5r$FZd$Y-NOFECqa~9! zdZ602+Os;$nQLJC``1OI#Vg*i+gH}_tY2E^S!Cvxj_Kp>*#roxG_E+`) z(f`v)ym!11aff{JSoS-tiL|(zsvFO;bcsgv2m6xt!OlJr>}d8t!9ZC_!E#|*j>`Q; zed=4E+T(e4xvhg=v8H+OYq$oCkfnfSp18GdxqI4*{RG8dU~Ol8(?8cgV7(L{)Spja z#p4#sdZE3|j*oeU&$e;jl^lKq8_k419Xv!lIes!%;P{I=x98lWXFJa7$c;M>KajV1 z=*n(;@v0frtMfyT33_-+9_?36@|d+cog7&f`RQS`X7pEhgKU~+Pj*>$Z68(pn6{d> zV4nG1C2dHGX^LQSx73)6Pfw~XMxsaB+HKN#68gaQq?2Up`@xwS!I4)F-nrEeR!pom zB~;(97`Rb%u*h-Hf6$d+OE4oe${O-OQohO#$Qrvv*8DMMF?OsbY3ZJlT%&8_oyO>m z4^53tpMt}JhHihp-4p*gen0>!|3O}YFN)Whk6(UKUR@pocZCHiblMs&e&EO+)d+%n z!aL!k^Incs^9vvQ$m()&!OO0=Z{DR|sKp!Jhkf2H_b;q=4ooHx8~WDsc)G><-LlM! z#*BU0e9HsU0?H!7H5xP$(8r!}3Op-+>M{6w`s}pA82JNE1MFLNqm0=q1fk@I^Czwb z%Xawx5%R4@GA{62puDPiU_%fdg-4|XHSXTsl@A^WX4~!FMbO4}Gp@S5Q}{OVEoq<5 zzM03Z`-rAi#qWwwhnm>jwsEp?eCcq{_TH`DU7O13;_1<8+KJki`13+H4rl$y61@Ta z7&C0)bF2~aO~BQ`#Jui~U!dQu&DKMWhdge=FLIydtQT2ze`EhfqVPQT&B|=!TT{{H zvF~`{7ZcC$oHjp8z3A>W{-SQf&uph{(~?9ywf|J2;J9X$=9`N(mkI=P1qUuR=^npp z^=@3n=lk$GJ8;gKoJ0ED2ATz$1!D%R9V{{CQl&!OVkH-sxBUnt19V1;jl_BA=kiGB z(+a2A@=o`^#`@-l{J04(RA4^4^rG-Zuy}N1BJ~Nb$Gn>`NBw2In&Ghhu=HDC;@sHF+H)9N#iC9O)%_*z<3)yoNZD&fh$CGE+HKZ7ZC+hE1ov~ z+$qZrv7`{D`@iL;b&V&vS?E}ZTLcG%PerAP${2B$1y+f8-rsfJUhE%$4&AkYmyTBl zV$C|uzK*VVpCoV(nHO85Xj->?+N(PscQ)OBc0amk5<2ZxhwKZno4Ay%ZJ(m*#_5Wx z7ksD{RDIuj%V=iseTi<3pqmRlhGgFD6SizW*1U3JWnuDcZDmPEcAi7hk5c>UM_yz*>dD+}f5I-fgVM2IhS7nUF3xO*!u zIwnaOEaMx4R}3B@u6`8_HO5%jTQ|YP7R`p%+X!;doQVb0*T$_SqsbEE+GzI>loU?< zhdW+nJz$P!Z~UL zgav?AKole{e4!nOdIgc875h7pS9`5#A>M0o%S41=u*|0aSDsxtrO5`A8{hM@b#!t1 z1dfsmT7xX@eAyhP32$MsJqD{|gU$0wUxQd0Z;nwXiK zk1$F5sb;@;ok4%d5}#pee`rVO3PhkYN{Pw)7hR=>jW#jPWHTk}xASD%*@>y`-oD$v z4t$92g7GO9eZ?g7-*}39+^uIVwJP>)=<=h;oc`7k$8i**O z>`gQsw6&Q;fa^m{2ljC@u>e>5fS2k%o_}4d@4L*z{O9NUnV2G+m=65&9v$GF@%IvV zF`oIyJM*h&Osv5FP602!%>94e&4S5f{_FaHC-5E9bptg`P2k3>G^KsyRDi8 z6RgwL%AqGN)~R_=RugZ8&V*lRFR5#6Y-GQ@(k>{^?pr&vB7Xknxr+yG_z};}ANQ4O zOo>^VXiRZb%~(k#N%bhK#Sv8$un#H_VPoxqK{6~R*Rgrn)8q6v*>-KNzWZZH9xBb_h|9QuU6DLxQZ7!es zeVzMS>Q#T&5k_euK(QQWqW(*ZuE9##{#!qf>}x@=JiD;RJpX7T&`sw5Qt02^{QoqX zncXZnJ|&+Qhc7Liod~#l!m`mj4wKe+6Rne0b@BJ(_&xK}bL-&9AFUy=8P9glK#udB zQVTxAE1>@3LrXHvDp&S&s_*isn7{T_r?n-Suf%HO3%{Ldp|U~}n~kBQiBJ1TSlw3V ziWRpD@)@qH!dh8d4_T&rAiKP+&vw}%bY*3#{e@jc5}~Y_6V37a6_~lsqUg17!ih6} zty$bsQKQz~GFxj%{8l@PXBe_gA(*=k-O0)eBTIJ%t`_8d&3hQBFRtpf5JzfdQ*#bJ z6H+2w>i^qWojG_w|GDaep2P1oC@UxVE~I?Uof@(p{Jua=K89(eESxmZQ3;X_+4}XP zxh*qvsvVqL5Bo1}qIZKuF#%<%@bzNTdjp(K{QPwyb-*!Kp*Lc%EqdS~EL}ZWS7qXb z=_A!8bjD005hcf=rR~L)@Y@yqsqXY`gZi~(zxS?3lGxKj*0+RYBv+A_!pKgJZxvF~ z=koiN=b5zxy2XCKyk6*(o5*g8El-{?kyK_d2q-fY3-h?ne=M{-R4cv zAAav%%#6;(C}+4oGzE6(^$%ukedPxEn>AC9 zH|LV9%~)F1{!0M^qnS8CwEpSJHBm_c@i6j)fn+}{GneSvm;i+yr+k~=`CqJ_O z%Q!Ub=Tr20E}XZNc7G$TyvP04gqgCyW`$5XgmKAMD`fet!!k3!21~Df3>4D%9{1as z@OL45=l0(=`P(M@5B$A$_PVCOZSw!yCRMm;q(Odc`NC&1TAyC~=n8TgIl|Mtw#q~L zDFtpLgOS{=5p2*3xzgH=!oEgIj&?e>x21M+>l}aZ8h)nNfv1e`v`%mKFhBNliSIbb zI(R^i)7mSvKcHJKuU5E}x)WVCyP*WSTw{=BURzo|=Rn}3@`tQ$`7OuzMlElLm&jU! z8+?{e=|ZUb$hA(MbvC(rmDxYA9nPZQlr$-uXR*Io|X?e?`x zkg2__v$d8c6tz0cj*+MK%g?=to_R&qiQ-7Ic6N17uvBs#)|DLF=^CilJ(8K>zwpd< zDq(2y6f3`vXSt=RiETN{Y)4VgS0BNib-A%>_RMAz#GTi3CG`4WUXNcZBMNHIXlLN! zn?sj+%9QJ{J}Dh5O3<^XrTbBHaDzv*&st?@6e}Ny81%~n;hRnH=!0@M)&DLQbhZHY zYPov>e_(nPc0b(S_XwWY0{J5n7$it~;C6Vt4p*v%w4A)IpPJSW%1l==N7%t2$SZp_ zrH+g8y4l~$8h%#2Mdaam8th+FOY!i4CEs6%W74Hcx3#m`VE-4hLR+>9MRx_o^?1XY$O6k<#m3I%Do;bXZNA z`WIcL?l<%GgAvS=aH}kCNn^gZXqm|A)<+HC(;^tB=X3rUo)FDTH`g?_uCwxXP zY>Wh@92CO_1aGa&nLdJiZ9Cm=XrSFU{b)_AtnU1ArR}QtMHz8w_iee_u)W~@8qdiS zskmbUlTXM)8O=ie>x=K2ER*x>8ZD2<2CRfs>C~nMu6~^v@BgqSm}DZ4qPoMrH4b-r z$0o@EJvO!uQ8F?QC|b?(s6pYA;gt$q*kf2PAt}rjuDpTr@U;#v7y@_nh*OoD;s{s{ zxm&JM`1!5QfIebMFJ?(RLrJk^>&DS ztLPP1oQ5s;qGcpn%k_`1tS5PlKo_URWcPx*(3%V9XSlwMUg6 zCI90)nXyjsd1)dC6IJhQwZ6<+XR{xBLhef`%su5nwPcG`A|mQMhi=dH9mZJu&D6Yo zzeeg=UHzJG-F7gA$O(*^J;FGfz}}D_znEm{Z8uJt{zC4KBLrg~-QxXCIB{EbMm72lje+rL~jx}Q+QHA$SF*D zt8B9_{i@A$rio4Dz~ZFqm6{Ik=Cjd-b#Hz%fJH|RVc@h4_SCYf&;1@Gh31eQ(qlE< zsG`zF?-xqR)5xtBM6$y?ij_a^`@y+60&3Sb(tZ$=cUzcPWFaRcPaLm@Bk7}R@$>Fr zaEg1AvGVG$)LeJD70@@SK@Lym|KzrqLOD+kBdFaK)Vy~hSB?RG2%ZE~uPc8&&X15w zjpo!PCzY*Hx_MHu4e|w%Po@Lco{-<+tS+SotI#7kiB0tKVgG#QsO8QZ@F(Qz zK@(w&^7^lt3NGtlyBxM;PFD0siBf9!8KYMFy^)64<(D_e%o~&E18yWwn)*#j)J!Y; zI_b6`{Bzk;^UqZwcXr4<9^LD;Xi_fy%t1C<7P8UQrDbb@1&43V!`@Y~SKhM8xGm7$ z)pb20gV)#su7#*H0Zh^S6ZzVF_JE{Jb|)j$Ed<7A&up1+Oh61+OKR~w8Pkv%4%5hFxD!Jyw=G!5#;?% zmTKj-ic(Q%LsLi-8# zz^Smw`CVD&<=V~bOHta(Y2A|veRhLPY^J-3;36+2f7DTVife`g%O!e)J2fdqQQNYD zu{BN^nX2YxxG%1**rv^2v-TVbxd~tav5kbI2`vakBDSYl1mp}0>RP6BI5}GNPnUQ2 z)ZnHAXCj57aQsbz{%Z?XNLm3Mby){O=yz>YXxRdGofA@bA=)0hu4FJ5(1E-}uJk&w zytnUt!}0@3_EVd))`RZ9Oy)4%NOK( zEJp)iRwFz3)`SR9m3fXrooK!XVinJ28`kYxqAVk7d=OWLqWKipY#0foN!2Kg!eQyI zi59j$>S$3?M~Tv0+Ys4F;dJVhXm|4LPAm^NiUpU^Xfp{TPs~K-(~Vu_3^%QXg)%)oW8 zd>#j2Rr`LeVk1?HViw#grp73JP-5j*HbK>3{UB}%i<1M#R&8H~_xq5He(+!ub$WT%C?7u?6a$YVG3KR}!YhTCC+Qv-$k6inT(Op|y2F^$OC>|rC!()NLm%u+ zQb7qfw#+rorh+A=EJ#x+;^L*$VrfeZU5pZE+o%xU1y+W8x$_{Un#QPY`4GuKNR%f`zKz z2ch>;NF61g-aeh5<37~Wb*j091y_&WMjL+@TRpJ$AF&wA+{j{IH(o`d|TVV z+v7K`VEo7n?MGInk-v~vPM(+V5d${e^!cvI?F<5%07dceK+6NxKoScS&a%s54Zi|C zy1a2*0fD?#na}_7rMBq0x3kDP(}IufdGzPmY-2^9#zsJUbcJ%_WUi2Lf>8whN2p~T z)($&eRpTX>Vu`}(KnqGr$KnIX9vt$ij!WJqgU=SXEGz21vrB=r0SoEu99t+StGeE! z%gPYy6VaKc1{j|9gk{3VX=P~7#wmcLYpo(}?hbK*c6b3;U=h6D?J@op*Y@!Ngrmuq zS|S&_OBodh2)Bg4^19`&jmF z_JxPuw2~!{b$2Bc|Ivd+_bMv@fyZR8)f2L*WBPgO^M^g@rxU4&avcC>Oxius-!uzJ zewn9k2>1fL1CRu`yfR|=1K9p!fk+{@z#z&_&JymP^H@$SCMc&$zW!|ZzjnEA|ArE8 zXvN9v_7J}p*eO#M#3b91uMVPDqN`rA(f8c;~cj8x^}+E*;+Gm=VI!xD0=Y zAIg{OY~-VSvf2{bCi)=nLN9smkd)=`*! zzc5r55{66gjV%f`KxN46Sp!U=HJ2DzyjbNRZVvNyzBS#h#?&^kUs~J=*f8krwY#i| zZ05D6LksegFEC=Nx9+0_S_Z3sfP>h5Yy!9LPx(=r;yMW?G%}A`(D~bxZl*I33#6LCtg2OU*MDD&6ObvLRDMEEUdb2H z_-#`Q4+F@-xdkz>oyz+ATJnIbGJ*_H-whdsyuWSg-v;>)r1Q5y{x-dLmie5G@Mwitc zwShG8`mt4E9K2J2vzry$_(0y)x>944>bDl$SM4$+PkdiA6XoJw07sU%-BlT2FJH^x zj27fHzwD6g(Xjaw+cR6wWyMG}$f9-%q2>W;?@`MoX;EATds)nXfFE~&4JTNIy@hm3alM=7Y$EW5qc4gQBX}Z^XyYE8V~uDIqZXD9Hrb4wTZwCA6eA+~IhbA{!Dd1Z?iOit@c>#eP*H~~ig8Ly5v z631Bwdh^0(MiLr3qCE|O5ZIqy9q}G6Tqg!DDyh7W+#Vg9>y|AK-u{td+u)QhvZxri z`OEeD4g=d8Xe%JT$>2cmaZgXPqgm+^7w4_~+HC_YIQltT(1yD9tii1h;sw2MS*PKHW8<`IiO%)rWgB0NB)-m<%HeCRqxp(q{e{zHUe0>r_{qn*qIAF5R5SBg}@KumAb~bKYsKJ}SiOW;Kl%eXi zJq(}q6wC;(SwpdDvk~Xj2uSoZLJ2>bx5gK*(x|Q#Q>dF5RH`f*;0{DWr|-bKpcO62 zBU{=45Bs!cQfEYKTWwF{dJ7rj91?g82z-cx1n~1)oXNGwvo3BQgLa7RLs845EFktq zmhe~v;qm2b`q7SMl8j_k&wJ5!fJz*ncJW^PE(t_R&-{pCaXiYZHA=M;o?-G!pC&5C zqydhX7F9Vzr`5rHXdj-C%S%!SdwGmQK!mF*fnvp_xK$bP`u;?b$xDGP2$$;Q zy=s*X5CifL&IZ6xi+4gIk75){7q&DqU`7_OuQKf$3>gw#fu7?^O{en5NcA)-_kZ{q zwlN_*Xl9rD_Th{b3EKlfr$C#z%-x%<|KMH=@>tG!eV5nVbtBFsFrLMBW5gjA2(2%o zsKKy6ARZn;%Mj}bEi>btpJ@Ta6Iyhq^3ByER5>|4!ZAA=muffoClS^YVy4_5agLRZ zc775;Y_0qC%4N1iBfStAnB$q8=l~EAQMrj0((~!?nuXD7tw6m7if9>%LxbN}-2(B| zNpeaV{&1*?LenT8FHHGfkLFCF2@F~W47g4Kj5i-6ftWT+ub=+;7AXzg0mu}PP`baB zkL!qi;tPN%4L9*5g;yxdQP&9>XZaB0&9m4ZR53hgHwGeBe|rgqO_apGz_z!Y)_nt< zz=7RUUR#jzSasrRd#sP}N_6C}SIA3q=$u-ST4;P5LYkVi_gc|Itn84xO`W5g+dm)0 zoW{?lF(gXT#@jAs&8LM@{oMnBT-zMp6j7lm6uX5>DU#;+W@SpvP5b&|{AgJ*d?kb! ze0iJg%$x8za*vW@Dq``ZX+ZAlepW3|@DhGzCnK0YJ;n0)j;+g9stEll6{0vi+B5fz5+k z$+ePn8;Hy;d|Ua-d#<^9};mTT;S35uM#Mz=+joM7=ti|h*x*qbopFHOaBDlu1Ici29G`rs1?i9U({q8hU{!?N$HAEc4b6+W@ zD0o1B*%0}BZ;*ejh!GTTlN98wGo|-$0)%p>`X55E(x(F7CCC`{}!xUlk# zDdR%8&ggBl!#f;!gl1l<1mU#wLn-2NUP|qj*`Z^-H!{3w9PO8vS3^4=OHIhJB+TXV za_8$|61v0#_)gYNdRWhuy53yV9!lp*Q}QmXgme=p>ft~(@Rbht*t9YW$+E#qI6XR@yeWP*?~&T2O~5c)7A3v6a}hBT6w&#Ks+G zCDy{{O8uy5Y%?EDV_pDza}9=;C%Z_uc{OU=>)X70G%PYe+b};k0mNnL6rMXf1J`-9 zI0$5lQ}g4ugO^`SEc@IgQdVlFf^R~WJq@GH`_^NkmV zCs%LLDaXT1B>$i$Md{~GhoX(8(ASwa;BZk=OJqpzi}qL6F#TcyJ; zbi2-!k?(@^Cj888>{O0m^^hiA5yBrdGs0k$DuT3k3tV4!lKbDtITfa0G02>+Y)@7y zsj`A(v1l!WY1D)`>#c3$Lr(7=y-)AMbyh}&2)_)zW-=WY(zUIjh+^c~4xCB>Y8l*GpwJ{^^^H=^{csh zXCKL}ftfpQH9O;dM6A?9_hvWl0}4ikfB-gtXK(D+;I5t6`V_BzE#HOb2*x^SdD+A* zt%SSDJDGp(C9_WqBS(+n{XTbeG49%=U$n~Nfy{Mg4Ex)Rmpyz|C=Ig=__khohjWOS zPq!@H^A=OajYUy$#cFvUN>JRJNm8b5qs8s(Yp>Zh&N>=Y=YaOtjNm`{P5%(;in~16 zqvE5*0FWa-+dr~AOG(U>5lNp>ckGf$GnBRMGo3QVDjglI6)qhGiJ8~cI+Ev@<~ve6 zo(jS0%4z3Jt8~ju4zF%;S);Qw(vo-2=_7QK9d~o{S1zm5nE{g^3qkfB~!c|v|( zM%{=8lo*QQ$hC%ef4f~^LDo2llRM)c$9m~W`2=pxXScJ92qmccApmT{VSN7}&Pm#v zTV|^FmFgOTxZG@Ai&0lnKVpY{m6vG>qt#b>CSx9k_CH$dSPUEzOOoC4=+$GXNPwqW z2ac?Jw3RzP>?xt+Uheve2j#5Q){kN>aFyS7smhba*8cuin!eAB2m)##+u~Zh_&T_! z1`>pew52OYm-0>}sn#eecAaD;^7ACjXMp22p$ntZS3|NxR;+kOy(7Bqnwx5RYOrgU z@%2tQ{%Tz{=I#J@TW9XGP%SqZd4Fg-=#BrVsc6gA+l?aUY6G>JjlFbW6%yEO*!O7fqLR!~Ya-(9yCZ$dNhbbs*tZU(|(r@pXG0M-)!a z$eSLfewvLMGXxAJzQSQNRV;60x&ZL;fot=2?WMbH3X-KLT8%5Uz5fvYYk+QYf;Et` zSZazoP2lLThouJx$}et)3pog(S`nuvE!rMX85L6l)xpE0NCrF+Sf4tNf^ z%Na(+Sau<>Dk7l965z%#+{zGL@(O_!2RnF6KaQ{YHu~b+{6=319P+E zQnBKN66A5MqpvF&q0>!99g2T4hgj6y1CULS0QI;# z5ICK_4y0;2j_Qtcs;tI&4`wI@+zlhg@+oy3A9Lk(dgFbhvkP?I?L*ff{lxt6L7Ziy zPo#9v9fT(KQx4vS+uZrQysmc<=w3csbY6TPL$=l|PRVCL(RNYShIOlUR^#Y2JH6Z4 z6e4n~|E*)`NL1rez%P=ATZYnm&$VF1w|OWh%&Xv!Ti8{?ph9&CD-LgOR++YFGrBkO zJcDC|0bYS@nA2)=hP+OVo-0d|hcWpnK81C-!LAEIh846|H->@{dFs!G7R5^evnb66;>XW+1Ioo^#IQIIqY2}$Z0ZL4_tXa{5Hr_53 zKO5k;id=VJGDtp( zDlhQm_OI=mppeYtZfy_kcdDOROqtCT(20cWKtu*jmdi#^H0FctPjcBxV)6a_PsnDE z@+H@O`SxT4u3;H7Lj%U|K|RLR0qC$^N9KHz4XUa@zHo;Hf9|8UU*ai#XQ>JVr6!Kq ze6zqNetD|Yq}B_TuKNC+YTmoV4%Hgd(z}4M%aj8g?<#(6Gp#l%r z2cZi59wO4$rROj$)aBG=UC7fNr>*rFV2)qG@TA=cID|28OjAdX)$d)a*+RftZR(&* z?|`-FlBLK^>s!RF`4p&Kd@jw(HO?Job@qiSprR{pnQ!Ez6kb7Y%>?zqKOe5J6qB6U z`73nv`{`Na%F9q1mRpKnL4Dcpv76w?2|5)-+>NuXzb_{Y!VC^s20QFHeZ5t&`WFUP zM2l+FTKnO>J-(CZrEny&?>qWBmX}OK?oiR!dYU&ET@@17g^ zxNxijX{qk#>J;Rf8U0xT1?E$J;986DO}qaW*xMRMZeCt(94 zl7L)>i)wBgOK#_~Jm(GwkY>*AZm-AP*Mh@C*4O3QQ3*ySisH(II$P&gUYXTT$ZJb% zRw42!d4dUDTHMu;V(F&tkNwDBYR~?N1UGMAvhu@M*G<22$%f)JV)exS+6>#B@VgsI zKim9PLdw{w{kO?SdsJ2DGkh_&Q-Ip<6v4I5uG~_=Qfm|e3`@IDBR_ldjy^>#3vc%k z*!o=V_GW7o*VBARqdY`*%I)w@n%>s=(X}$>yyW-3NZNd(H>OM)K}e(6wGYVk#O5mu zH7`RlW3S5q?fuoMm>{ZDvuucp+nc5Y4%`3%1bu@)HD93}yT&~y7{k5Np9@d>hzu+a zHc8$9rde>O2W!VcLa7zXUU>tM{Y)IAi?I|pw?%c)>!po1Rt3Ua#ZIQ?A5kV<%TNT3 z@>&(PYUD~lJaX6`B;p=`Ma)I29ALq1Esf|wxf>%DBz!jTmjY zogmuw>Q|>b=`CRqH!1xZW{p0}`jcrT2ANIMuZqx=DK_y9p&~$_nIAg>93Va3v zV${5M{+(|FN=NR5A}BM-(gSysJ@Y&j=-=$@fQ+%2Pj3C#6#dt069COrsBR54yP16} z%h2)v5jkcXrJreKrApl?+WZl5UJ}P!*)iSkk7_p(|4eme!HMY+Bc0Z3E~5`F`QAP8#9oRk>AKIGcG-r@0uro=V2eiT2Oix1V9A?!rce@BYXr_93Zy6 zzER%Y313X&vVx_{6Q|G}3^g0>9ye+Ci(OA!X#nV~RFAaf4y7Zyl4(6zwH6)BnsG1H zT!Cx-!+Z;kA;%^hSKRqoHROJ7XW+UI4~Pt7kdUkUm}0^suN z3MadjI?{XBbg~``?pV;HD$iJQ-u#bJ2pX|{$c1|=EwPhLClB$34Klyx8nUGe2yE;^ zx8|d|<*bw#bj$@m9f57R$r(y!ePHmecXA4~>NH!VeUjW+~E6;-}go7_7Kl=QhAAiqtH}9uE$$ki}z-2KqJXb!V?$WLov10m7G(+d^ zae5Q=$FN;vdgI9q_g#9#_iDUDyFMULwLVT~kusq!JV2uWUH zC9M|O4T=kY(={m0aWd;?7l9_NB+T1FG5rMw=zca%c-tCQJ576F6_DIWBTSFbxXk@% z3zF9yejppOE+qW#;;U&I@aIQMbU<(bOkY%xsV{W&&%xu!@cArhDr{*UGR!Lt7 z?%9otL`?;np0{Pur5|8F~-=M9oDaABpDeckJIGX~? zq&9XMnb?TmG^l0hX4Z|<&qjkQK3%p}><$Ya?#oAu)lMmO!qX(&S*oyg>t1sI8PZ)V z0T>-J=gHI|vmxGQ!fVy>`l_HlSOr@>uS)4S4oJ!b$JE$RMLFo`6Tfd(MlsiBQ} zyB+ny(Aps#nchQ%|Khp-x_Gp2UyHl7xAtGZ1%QYZk%xv(&L!@}9Ka`!!T?l+>^p#S z`$#Fgx@RyMkkITJ(9`TA81qcudcoh`F`CJ+s&os2XQ`?1?jDjGXjv#HL%;%1(3}gF z?t3|U#vQVkf&HCF8#Z|`piE@1TLK0klZC+*0CYHuf0Fs{&qE#qHaN2S>D1bm$)e8R zcNj3w-zNEA6Ol1v{x-?~W0Qm$aV`v(+r2m=`98tr2Wjuzbkk-yl(#^#$J=sUu=nF9 zFRTtnBN1tTrJ@%pIaVyy&VcL2Rso{obw88+e&i1EpuSlBuU7xV-EjabnpX{G)hEh+ zxJoZ{eaKWSR{3Gv!U+6x{3LL29Rj3GXLGQaIO|}^BS9C>DecADj9;?QIWG_1e!4$Y zR`?@%Bc**`0P)`UUB+=MARZ9OOLvZ10FF|W(~HSv&rj>Blnop0akeMU-D6;h=tCHS z@3FB1qp{a^dv`*>D9*-}pof9mBU~d3WI%i>I%w&VuoSMJi5eH-K~q7&{XSOrwD;zz z{t*C-nZr;F)#}PbL;J^!;HWMjH77084$fXO5#9C1zxAF!TS5Ml|C}wMs3T%dUof(I zfFFi6$;?E6p0yp$jsM0tlN5F(P0>4wA#rEm^0&ZQe#S2xj6{e|1<3 z?AY&2!O-5FS{9RUo@*dyt3@0i8C$Lx`jH!7Yn?cT>{|zp%@_?M$sC41;Fc@bu0=I9i?aq&FZoclB1vos-h(c7=+%yt6SMkU2JwH{#6{$7>ibYD=1$nTR z>0U=KeG%9P?jOKCAwQ!rJ7G`;v5?CQI%=eVUccH=w^b9cXyLP?M{QSzcPB0rC~ov& z?=k_~FTEf_D%On0O-8;9lnmKj(()J!Ax7K94ht#H)BE2C`=NSP#uz8_;`OXO5gGEp znHTfu3HaW5_K#C|FQ+YFsZy2bfi3!@|n97KHE2VLu#m?h<>mnAsdW81S}L%B}_ zGvn9=d9KvjwvZIz4^3O6Vt;c z{Al8m(oMRB* zjB}oIx!#>!VwDdWhgJcC(J^XeqOk)|4)B$sHhjimU6$Gh^YObzW)JZFN>>zK{ zv#o)&viG8KeY|S#)}{fyYyMid;IA(gS5K|oAiPO16e)CY#)QV#;Nl{ zZIThomdU|6gxh@1!yg}b^q$Ob3m}GA;D*mriTY2wypO+;?MGiNYx)seN9&+-Msx~f zQG>By@ur<;!_czjY&BJ1Zx8(f2^&BsLVj#l;XOwazLaq#7UDVe);4M~p)q>Hn zb>yWc5tLS2>-vwso{-x@sY~Cdskv~JsAa%U4@Y+5W*HFVK)zkI^VtH9((tlDHtynC zpCs5tYt!{m_LW0`@Z#1u^^=`929)BfnMDJr_uMiJVsU$bDJOYnvZG;}p=Z zc}aYG2#`Xz87VDUyF#lbxyv8mL+0jysP;K6_fx=PLEhyU{tV@@wEe%tYNl!f@4N{k z+iDcNOn;p|)MQ@U|9pL=J!`F{yTn&Hb66)E3s$CXx?c1i-6Hq2&bG#>#(=c4Xji1P zL8rC9ODXwo{`yh=)hJ-_?D^)U{*V_cTGVB&FYktaN=>(^EekRfnSi>FjbuQb=+29aj`daSnac zf69<39rW!@E{J_`sK_XcEP1%w*pvkJSUIb43x{de?ztchZV3HNDp!gDWncYyT=4>R zD!Q!waDFNeWOoOCsqV`Sa>ozW<#ZQyUXLX_X{HPMa4gBv@6O$;9%aRW-y$8`0Vzzb zJT$o=|AqIEm5e)bZbcE)T?|UKMl6f<;qsKC3H{$C8TzI2ARu+~CY|D66SP{++QD1d z^C|&yS(^p^>4DI#WNRdHslLl7*U2IAn=C;8RrfEDLLBGVZLG-|Qc?F*wd*T-LeT?T z)3{NWV#DOC^SU0N3vlhgv`MfWx(BlgHu5K~(VR4aR9byC0W8E<8S+g54XT&`(kqfd zN$gS9zFY6wk&{jjgFJ6%Q?dO`0k!hGIcfr1`GULG?nSrM_bR*ahwOzPg;#(rpoIn3 z&4wX1;C{#xXNoiy3ym#y$`%sh=27L+5q`;PN@8;-l*21spml0t*`R=x^jpq;GW=Z?OvtpP8gg&kDq>sjhE^Rl-BW!?%GWG8!jWj3=iHwREG?PwTvm z`AkE1DA`B!f7p~(R29RI0>2b%K+bm*N~Bc*f-70#tGq}}Y;@l_XPGNU-ie>+! zRa1xb^F{7+ac9;EQ@ptCAwxU!M^?w|d-lSWM|XjycLBdN5Lnw3_X1$wkmaiPmLLGl z!*1X^?lHvd0pL##bSH>aTZ#K9MilowxIkLF>qjo$tiPgFmIqxZDwdMa71FN(0U?$~ z>hOb&cDJ2wdhO;agt{k#cAr$nc8O~Xv<*!>#C`aqjWAVNzPws>6_5b^eCyReHSY{r z+?3M7_8~`y1-&8CoHjM+|6OGaoljM?TEmUjGT(S_=IVur*+;gTRu=R;E zG=@B7s`;A|Gr-yA6LFBOK)ayKVQYn}JDo0f;89b6$Z5vzbZR~;ZxvC8gl^{&Nxv_i zb8;?DmFAiXWKq2HU`{%jDS2n=0oYb)o}iJJ;j#Ka5{_rioD*DzI%^t~FV*zKj|9%i zS$OM63T?_N@kw;*k>;p1|7i4vmiKsIN)tocm{er$XsKGZWQ?;Bbv@K=zHdTcFZxhF z1)zb844k+*e%f|*^0htG7XUJG(cs45oQ|^Q|HIyUMm5=P?V>hBKm@TMB4DA2G^K_v zDxlItdY2Y@4ZTVerK(5?geKCPNC`dC6-elW&;ydtTY%8nPyE)q)?Tk4-x=q}-ea6` z);|V3JZ0YVzUG|QEccy|Zq5khj+3D&mmTU444vA6+|`^Mkb`!$Ejyer?FqqgNqyJx zdpIL6)>n@^Qyt4PPU^7wQq@j_@sI!Aa64k?H=yKXYW2h$5^uvReusUw=Z?7VL{L<; z`}p2ho%sKHbLS=vi+H~?vmXcifrjz0;`(LuWQ|~3RRfjYtL*MtvKM0?{}B4C2okL6 zc~haHfi@r#6m&^LHG5ndWEi&}&mxD6Ft z&Qgh4QofVIC4FNU_R#%92rjaTW>~VOUZQQMm2qEEc)M*LQxB9-Nhymh1(I^_7O8G# zs;Q(F`sMnS4>I?pLy-$(Kt_xvQER zF`@t-cnXIo#L)jD*RyWk8LI8D;$WsLMe&|8V|G{mr`*)ymHy z<*l#(H_@6diHZ_=2uQupM#FDWfGh)GB-4AzrHc#uW_o=ly&AhG}!5KJamxBr~x^EbSWOLZt(+!eg%Tc_mCDW#a` z_e49*rJz>AFmZXNq_<5W^!&kt!;LoCZ+N%)e$KP;^Cag5oLz3_2nguo;gyC>EtrPS zqG0(R(3bbYdhaADoz?c4s*8TC+La3d-Z~_ejg}Zh26oq8Z%>i=gNM7%PV&nNfgZKF z0UT$@m(WExL=l8Nld;G`s{e&~E}P4~)%R>j0E!?|Ht*12GR{?Tt?2M(_n>N4AnHE* zbNCs9mNuDirpU`@sdss|q*g0QGdsjAY^yNUCAfJm;hj+znd_=4a&htTmuFM`ded7% zH9GdV(7E;KF-Lj*KKz!gy8`h1lcu}8`GvLmw(x;Bk=K3JX3&@o2`ku3;tqSn@3 z^FPBRT~e6D(`yK{v3pr z1HIuBM-`8354tu>I}E*cB0>8@eWlJT<1wuP-Yf5sRmpNTTD(9Luq}YGh zgHlWL270{BGWxtfWzlo;S$)~Iaj3mSDpk#ZBpewJLQRh9D)>SsW8`KaeUg2GT%@oR z7)B^qw)irU#SbcdR3dn<#>NSxDeZa%F4$J!oY;Un^KXLDjg)xT?szU#ieza z3(G%%Q5C%fs+tPc9W|Nz+;xD?VUtwJib%jI(H?YLhuND2 z+cHxpWreH3IG)^v@jr>AX<%q-3K!5cU;8Zs7~FD;6g&f^^6}fV(_JQxoKFgI{BvI} zwdq4Tbt#Jw?>0`NE}Mvy0hKQ^oKIf9l|AM$dOqa!6 z$Q_M6;0jekRp#^v>zKD7ngOQc3Q$jhDpELbJ3zYe;1Y@<0{>0*%9+*xfPav`VH8Mk z>bA&p4u2C!$ded)tgC+0_v@BJKDS7(K#CWxWyp6TLyod31b0Uj^QY3kAOiqCiW^k? z$bm5uU^3)S=Tj%|{t6O#vTJFl+gm20rrcALa{vI_C9cA?E)ug*p<-#+efJN>|C~Ar zXM?Cv`J)86HBiIO-PgmD*moQ$cMZLlmkV&Dah+5=JMbY0y3izvMaX1s8Fh9qDBq>T3GzL;{NH%eJb)+NLWUn$_DT_{r&z39 zVt4AU7dJ2V1yaXAy&3E!EzGSqy<}N8|MJL8AWc9VTfv_`NggL~mvZ1Pi*6}GQj{?7 z)}9hz%!@^F{YnEzbGfg5S9=UGMUdpxf~J2peSR!ut{`?(u*+lr)?ZnPf4Z2Kzt@8o zun0=+OiPmD7D@OIpTFy=8+ z4xbu8k4J?v``)VuqWwdwia%v=PMyThssXD%h?lUGxIAPI)UE+Y5Pj?Mn^piJ)F^*W z@D@&>8rK1ahE)#Wd71M({yP}ELV_`%2X}xs&u~fR6_yMidFyc~Y2p$qs{;-7JkuYm zxb%B0)Yr+{WTH#)pCwPE!~j(l$`!AFdtAn*8TQ{tgQNk;wlYiL4$iCX-iQ7GjjUGxVKzYg~LQtS&q- z@U!;CmO!!>Pfp4_IrHVt-7qFuS?+UTVW&)1>O{W21};HR9(v;K-zQ4xq0H`xrZlC(Y`+M&mW&YJ%N=Vqr^%WziVLp=WqYF3x59?a9tU= zEVkhsUa0m9#QT50!M|ThNB0n<67UG5qHVHz_K%1Cb#2<4OTcC3_ZvN_`Q}EMkAH0N z8Ct+Up+#MayH+dn?=Sw>y@225U`dxTL^v8YDTu+zkA3XTTPK4Fm+uA>g4xbG9RCg0 zAmB3fvv*+V)sLv9;~)DU(fzR^{}J84cGh1C`u_#3%j0a^(X}axyT7pZKkQnGGhkoQ z8i|WqFAL7$IlIr{W7VfB&mXsYUrbZngwe;hgcno}vmafdm$iC?zKpFE6nsneZwU04 zoJh*_aEa}E1VMcq*n8v8zb8NbL&5$+uvOsR*_Jn9do6)>e}}Yx-LO3VM5E`um5V4F z2ewJntv}K4AD3>E@I#OmbzssUeB9@p2pCo%VIc7wz8p^Hh(8`bd`nSsJJfnwRq^U-!MtCFg*`J#Bj2ang6KUzbWW{)a~!P|Nj8GMJBSs94confXfRRlQ58ZsQ=+XSJ%o%2fm8g z+u(99NarG)`9a@=Z~3paOSg^%w}5tb06}gWss%&d;lR^(I(QT0sq)Ua5Y|A=guB!8iv6-cNy*Tm1e|i?$8JyJ+0!;}PV!EC~a@Wu3z_3NNV5 zl_Cv{`wIwj(=}BFe#brVFRRC3Lm>0pSLWie4q!s)SO2 zMV_Wn;n@?iSs;s&tj^W(t1=fDKOC((N-VbUw=neBp(X&s=fE3kML~ShlH&!{?ayU4 zOjo>r=zFYPnW?_KmUYf{%u%4vlHP{$-VD1U%$9JZ2iIfsm-aCY%hf8LqJmvSPuTC$ zFzc}O=@dOFEb9%!Rb%UrfFod^CAnEU=lt`vvq9eC+8|ISdwy;LxmZEi!u54oB$f^v znfUGQ#D6o2r}|qwK{Db0Fl@c*fzDL;y`{ROs?9et#wJI5E7GM%-q2fV!B3voto!edqKmXD!+;e%f3WvcP3DLW*Sk&*&C)pY*I4>WdnFSR1>eOk`2Q(7kVfX3+)-}3k z5&^)l%dUc|R_pXo&S+^HWh-yhN~0?xSqMTflbIg()8WXB*2Iq83&mkSx%CpWBm{?T ztJlsN?>EUs@CUsaqg~d@j#S{YcTlz&<5yfCS@E;HVCQFD*>(00#Y*cZS*|A+Q3`5h z?L07*+7-D{r6yz_o%cxcv?4qus4uF-w3E=cER8YbS_$=j*e3uo{ri zd#AP`az!-rOfn|SarvzlYNeI2(1O{2JE|=FU~dHh&UmwzSOvjnGVu{nVm8Ib?9v`d zIxao3NCv#2ZI;xU{vw-Ao?}Xxz5K#TDPOI1l-+<-9J&$IGrx_?l1FdJ%~;jQDIsB^ z{^p9UcZd@v6~oRktE0t;1N(|m?4)BV^&fu4!(5VWe|sCo!Kdr*x2HN;b$E{;d!D`; z*0|%`!DBk^H+Ql0$L;XS4l>fH;cSd;&FQ|Vfh{IvYg{EaaXsGwdM8>u|0ZkwsxZFz z2#PlJuer^fL{6=#KVH!Pifpf@@sy{tOuQ6s*@=eU1<4vfi;8)1FF7@-XvyNjuzwfX z?M2rXM@SQoDLu##b((*`MTbZTRM=o}jAZaMtxj7ps$r+Z@ANNOMUPqu4?B+0{?tH^ zTc15&CpB73$>=^NJi1tK6GD+@=O)^}zpVx)aJ55b>L9=fl@Fp{Fr4=BMt^?vPtr%f z2R@ohj}D1Q5My1fMIACJsY~!>J2GEU-oFf&nrerTPZG<}5V!Kb)@ozqM_aL45$39Ee`a0d_0Kg4lJ)vi;|!GBUY zegn-%H3Z`0945PM16hBNWdXl{T_ayIsa2vGlOCN|>Auw2mg;kLIo^AExkoE$%nid^ zsc3f@rJw=tNLG0^eKfiG6P%klPd;8sfqypL#Pa7hQYURA){Cf8`drq}RVH`i9hnU- ztB3C|ee0{hy+6$b7V4;QYf5HJ0`i7Ddy)MgOM`aZgn0A>DV8g~1rvfU4E2q=C?Vdj zKD41TsT87Cy%6eXcp(ouy+KcQ0AOIJvbT`PO5LudWlHupdJ5m=HE-mwO(8RDg)k*P zGj9Y6sacQqJH!fPDYx%mZS+ zx6RL*H5G0>U@Sl=4+n;1*dx01d-EG36!*sxUS;iO(!)iP?5fjs>|$d(5yJI4rS-xq z^+zQPZpgcYmd;}Sv*`20M~$4{Vl{PpV9ryj;5McT;iRFEtMo=bPJ{y*X(&LUHV?n8 z@2K6~6=x{M>;zVTyX3?Z5l4q@FgLgO?}sac)FJ{0UIu2u+75Q5Lnh(SRR0|z+8l>+ zB4UcN1NuhK4(vsoy_P7QV70O|%xJF?ew6;K&%};mkJ*J7BTqZ z4|M3+#{5&|vYt&J1d<(T>bcI`9L-Ke@&l890;)QAEq8%z=o=?lk@brxMwT+T=+K3) zwxt6&@Jy_h;L#zWcxQv4gA=WJF*S)5fqD|A=;7S#T^UweM7`9Z#>E~>^3u6h#xrhH zM`cvE{rIOL1Yj;{5-@&zWPf$KtDfknM|4I(Iml+Pwc)%p?RmCH7H=1|j0Uz?tFdU% zz3AeaIn;gITZ}!jG7c;P<1TeBX`b7MNlHyTBGjK1zdg+Xze5)z%qEXM8a_q>Ltv90 zh?28>jkj{w%%2>MP_andO6H|HD6AX2zLl7ikbjm~wrNo^xoxVJDy$;0`DhmJkObE~ zkFHV_MhSiID_c7Rw=Kc>xpepTC;X2xJdc`GI?a8H`2{S@i}rY>poO9{UouWZZt2<9 zf6%eVn0EpQYiu#A5LjCbxgsyY~+2Im=B8f&S(U{qDkwU<}F{7SXW;ZbNm}Z>AW2?ZFTxh<((561+ z!0vt57%!9A;Wk7$(cfv*EQ2~wV%8fIf~^`qkWY|4+7}p2-I-au?{A)GKAK?jC`N|f zaFp){yc=ScQQcqi^cyDRZ{bnEy(c73hv6I^s$ecf+KQp1t+^d0I&u#@}2Ie<3?mqq2=KHjU+46PDz@?@M>gg z!}8v<+c3V;&R%e54i{3GT7(#sWoOeZ!!5`qJsP$*qp``V&=7>if6T1*E-%Yt{9u-iL;xq?;)59OQm2#s@rG7b;wN3m6^_SC~#ML9O#Mw5W{mKw&$lYEPhsJn#%0etRTD(-y)zayva#ucq@((c(<) zSp;H#H|ay#7idQKmrk9XlG*hI7+tq4F%de{NJG=RyVrDPQDPoR`d3&D|jfAzB z%X7Zs`V(AWRC7p;W|nCTyR^Bobap=BLyzk-SpNLsO|6BnE8r#D4`o1TDp%eF~DE9^w zc0ZR~f4!P&vtCdsJhJ>S;~Ot=Du$ROq-n%9gxcaW!q!#~l-LqcqJQ@cw10D1o`4H( zc#Y~JV8}#+3GRiGGv-T+##Jl@o-uZXUuR&!$*-#weHSk& zOEECp2;9onshJFApopY5l}c2A~oH*%<$a8rQWD2dk6 zCrmr;+=NJE6fwTKE~tHL0}@*vBlUe)foQ;s9Tj1_ZHU%Z6FN8>c|K#Po!7(*ZPyfZ z@)A?ON$K7VAAOJdZV8$@Z*89j`>hPL1=c!co3(?xzcQYR5jFAHHr^vY%~SuD+2GXx z{VM|rI)PB_7y+U*Nc4vqMIzc@fa8W>_W@uWu~eObZrEu*6+73mp0rp<4|J-XaCOUu z690{dPPf3ZXgBv8&qZPdyCKp-Hcg?5o z1S)cn_ejcnnXdJL>u_n-CX_y8uRWS*=-qjtlKbL~zVq`J27^0+`8y1|A97)Sb-d@v zOp*30gAhlL`rp}&}>2vQc$H6E3;5X(I@_7S&EBkPOl@#&O2NQP4%3k#7Klr2zny@G~ zI9w2e%C7J#8{I(=K`hLxFt=**TZR63~=|)4cv!jbYOU3j}*u4Ui!lnBh(y=M2 zZpAt_$bq1{Y%fL1N?(jcC>)7pI9#WrbfoNt>`-kPSkA;VMd(@-K#^t za=Q}Ly5?^z*HBZ$n&1^zpMDx?O+2?o?}ucEDS((=4<6Ddztem8va~lf)y+toUAMy8 zVkrf2HJD4Vt0`Pgc-O#B_2$FsCe@3>OhzMd@!8oC)MP`m5qmi&@@pk=U)-oZabc3; zJeKw8lN{V5k|*6R9qfh&wzt*~URh1vu3K%cTz#SM*Z#Pq(bMB%4VI6cAs&uG@WJwz zlil331UBE{N9R`2B0FDX%HN11S!l2I7AJ}B{&;*Ek>^j&GA@>3w=^9sI=Zo9pqj$= zuy_F)!D(JUqXvgi;G?B|LO(Ehi;j(?BUOZe{sz^rEC<3Foi&R%n?f>4dLMdUb~C*jg7J=qObZEJe^Tl>UcWiqmoXs_j^N@_e|a_kSfy`q zkML;EkNzPF^Urx;d*Ol4hcG6gLG%fnW0vS8JWy#ue9C_E&Zd>xkM_0!2@cOrU3i~g^z|t(kwa8QKx-NeE zLmyf(@o`@(H&Ky&&5rb;eg~L>VHSyfImpZa+)}_16HHh$EiOf4?yb@vJi2v7V!!8e zY|YX)gRlOZt{F;44OdEgseTgf_nv30*SSOyAwI+~>0}=)gm>OHCJ)YL)KL=>DExU{ z)aZ3A?V|1L(3HAJh7~D>#GX})JugEO5s~3n1_E}y$=DrWqI@F^Q>0h9BAk*UA*>&) zIfu!?)>945#ZTnjgxU0H6dJt$>AK=mBwDJ}LQj4@N5_G%v(Mx&m;#9^^?6AEqrm;4lH^4SZ+We6IY>zjW*^zV2Qzx66yWe0} zzmK^j9rS(X%yeAFtGVWwTHPE9_`|(>Msn|Xgfu|WlvqqNA!ouz7Lv}L`P<1u!Y4$O zqQrPiW!I5a%{+9wTOHA7w%!_?;lI>db2I=9kso&nu#!zS?SjFRZdC9JIenNaowY0=2w$Ttg8Y~}l;B!Wsy7lReSnsJhdgL>^k2J4k z>8CejCvP_PBL+Dt?#B~B(h`^9Pc1cQQRN=Fz41SpOf5dqR0wn=>$#Uoo@SikKU%}= z5eUlR+q+qxVE#mJ9r%TGN58eq)5zHe(?M#Pop7IdH({)V7|8WSUyK0ii#t*CN3oIA z=hD?HM!CU+dF?hz?6YfsH@i9dq@>R{AbIqX?*rGjAMP&ev#-@&{_N>k_-<^>JnS%% zmvR`l$croCB*=0fojUB4W0Kz4P{si*O~kruMo-pNEZM(2QNtv;Q3dYesVLCdc(N=Y zZrJT%9k(A`@9e%D&Ij|~UOP|fWnc^AU~%Hn3$Ax8l2zhR@@(e@E9KhS*V9K(3tI>q|j}3;@B;UpJhWKw3_|&>1b<6qY z9hLQk5m7$YuIZwS<*uoPH)=rp3@eB9mv_#6-JOy#lKQa|bZYs!6N2tmHbQ`>lgmG# z)$$re$Gtl!-kQbjm1>oi^QIFH8uX|n!SODAk}Lmn!LHuo{)sPq^c!T4Z=v82!*-vJ zZ2P?#ZKK74m=>ST;iN^wA9h(GA9%cYXt^&bGdffjVSLd{opElGC#z;RT?^D3Jzeun ztKDz>omEixB{8THc|RMg>>ng~7~boVs8ps1f%snqX6#UefH+FJFnsZ;m9me-T|r}I z;(NawAM{xIB!-OdMkqG~MjlrAG>!2)zZQLk*m?8`tjF$jq`NmMzU&mdGlw@iwW9G1 zgkD_oW$dCa=7>bFU2gd_WShlY_BMY}Nj%=FLB$<)p!^R$FlcPnb`MZ+zTW2r3UcEK z6q=n54)ne*yb}`c*w2WI|63nAwJ!uR24-IyWl}LdXPbsM?Hdh& zATs#}=nO9Rx1?@p-BtqZITtqq*7Mm-UR%7E`g+0Fho2ISYewqj$+E8R$Ls_zxb=u; zEm>W;U3#@YW(ogDU*jq&-q0)e`~LGfw)k@nJR`S19dgh2xQ{#VE{onhA8$2HVPoq3 z*v3XrnJRL*%%ZegPZ&E2Uy|HUR0U7QiUecV$9`~hO;1JfYI^-Dv4F-Kd2^w>9Y<4z zj%bb2rv91*@cpq`rzqa&`VGF!6O8dE{8dLl(wHa~rqFbt;#NziN(K8x?S}{kM=!;fx z%RYck{Z18B%(n+jmGpeIK2j*0^nqXW(gxJh&@Aodz;q{NQtg8z{talx-+Azy!Bg5Dtmt9 z4M#vSyI59##%;~kZSMi7`jP_Q#saCFo2Y>#blSN~c9Mu7tY1-NfSbV^Q-JELJJ{~y z15e#ii&UiY-T!IPuokyftA|L30SJ(1dh5RMU#b7Ua+PWAzl(@e?JlBRYoN`9mv3=0 zqinPQk5IeU{-t}PJ)#SoSVto!9IJ-$_qjyx6dnu?GY;BB3-_@{QYckM)VY72b6L9r zt<7Qzr^=RPCW8cV?EQt(HMs?{ zP|}Hvr2|o++u3~;=1F_87VN?1-{JH;(SSGNWLhL7zVy|V)~LT(VOW-O^j!zRwr6K+ ztQ1toHTY1eMrl%@~2fyLC!w3xZL+F@pY6ND`Rk68oI5}Z` zoV2Lk+m{>!Gz11cn{x4cehb!y@pec5*jk`@^283dhusg6aNU;?*E_Nmx0!J7@mX>- z<^x!;edtjA#6r=$=>xF<*J?_Xp_K) zNPHtM6y?=XiTHFSZo=Q!8Pt8zfOX@vw>^o!Hcs_lbA@z1!}HQc7ae_!I>mc@}ol-_S%V&4Uzcc;;_sCo$< zq9{=BTe8z7jZaX5OWy1`Sj1RzK=3&`U2TPKV$J*O9S&5%lGFXuoooj8*2VfZGmHur z0jte`&{S={XUZ}pa~`j3H-b_0+h>5=2O z^2mDF?hhvH`R7KCe1iHe4Kh%^p7Vy7g{`p)JqP1A)bqxlw#E;N_(ewfr4K?V@i83Z zVBrz7rb+(8Mt|KO4jSS~dt*fDtr*&xWOYzH!zE0s8&2#pR)>kVB#V)mX1YiZ9wnr+ zt_||mYP1~LicgTwmbkLpBj>X9Ej1KnDvZ_l^MUa2v-J6|K7|0MJJw7#6f1sqS@DUo za^3%+*?fq3S{7qPSM`V>aSnz}1rMwE&ThTXjRE%xj7gu>5)$`iIPAKFZm0N+54Afk&|@^iEv5A zI5J1#tCLz2#(_|N%C2l-t0JQI%7yDQbf|nlKLScl{#)e&ke3|@B$YoUS!XyJMv=&g zdSXgV!iYm2?M7_3PnWti@qKibMW5xNL!FKc!|}=Mv1P!5U4bQ z-=`ewKzWOZ03^Jr$KqRd^2Gemjq}9vbj;6G-!*eb?)Jx?nIXCeAVXYs9}p>1#YlSu zi?@Mp0*l}FPalZ`NCvdurntPCNqgv~(kzSTbaGbL>x;5@&tciRg73nwHy(JPZSurk&Wy|?yfJSNm#vb0Ibr3g^>Wh2_bv8Fi(74 zbl~IvibQy^`tJy6y6!_jB$v(?`0nl~mM#z5T%%sBI{6?L<0>-tc)SzOB6aBkd*{xA ze?Z#d4t=TZnC=~I7nclbuB%(r5+nZi)E2%pR-5j&PZDTS+-d?+Ny!I*K!Ye94xgB*IUw)HB?63y|7y zR@{H*9G+5O_=4A>DY-OkZ;_w_?mDekJq8eiN#1TYEMZPo9Cb|Z(y~(qFcQQ@oAI77 zq<&+S&$BNqCLul+d8PqRYfqC7rCb$yeO4h13E>+qQ+gMyb)k|~`>pWOlQ+q8Zm(vB zV#K*uT_16hX&-%4^+vDgHV|pK_Hhe7G2HjMc6Fa9&U|(izYd=te|-xL<)ts9RtDD4 zqC!+^`{m8+<4f)fqCZC6@COa{xqz_TfP8f)Cr7#V!%27aroX(t^za6wAisqA@8E{x zB5E_U!`I#L(zyZSKmpqvsg!=)DZ;wV6@iYutwl3sv3k$5sRWui(F}&|MAwvOpm-Gn zZ#)wm%5wKxX2Tuo+iVw6`OZw?qgQMGo}+w0eGW)t^HTstl$qt)*wNIM?cJmmC@=^> zawYiZnYR2csaIx)GRxxP)1G^BN~e2#5`;3pu8h}YA{S#>-iZOhPlYd0P>n{6qonS= zBjo}NT;^W4YTK9AK#Ap6a#t>GU`gKpG-qs=XCtFF0hlsg?^ZvMU8)OkXzRj9LKAdD zjNNG+`>ZcwG28}h#f#^QNI4>>RW>%Q3isFF*H@d{_Zv|!!Jx(n(By9;#uh2g01mh<9NN6t3P zZ7c=dRWE;4P5u037HINfB0TaM$a`u%djlAoTI`mFPti_V1jzeRe!8q_*!*koQoH14 zrvffm4WDHE?hV5bJYTdzHfHi`Z_oM{H!IQw&U)3};z0$|NEd|`z{4?D> zwoOyh)>R@t8e^fYsEgw+U=yXU_DGTGKpo zQgNfyz-6pY6WF&?`sfh;;`xM0IIl@obgDz1X*%m|tgH}~r%27@#CivhjiLASn4n%C z=JQ=a7z_UFLa|-Nu+JqzdATd^gWYVvJ5q^v(Q_*`r!*}T(kz|&MUQ)Ib2dG%%4<;K zC$G32<2je&x;16cPw52}0BYTpx0;XQp5FWOnD{f0mA^;2*owQ&|Cm z5{5k63Xw?;bu6Raw}^$#rPFTIN_D#mXN}%IL0`Dbit=f!tc{U$^u0wZ#PLZ*KV+Ln zYfMw}H$T9KI0OrNKy7>}sN;mnY~*cCkjlQMN-IAkA{|mV=jz^NpRL5{_KENz*1?I% zn_ryF*757P6$2%T+@L=SoOdn)whnU`)4%r{Sm3^to?Q3?cX(Qt+qa9nO$ONTL@5gCU7vOMeqCpxBmB?{I5#nusgti zPiX-)YhzK(gnkz6 zzjs9eHN5;XnD8;4=XUVlD9eAjEH8LSH9Fs@v9-E!Ms)u}sq-%qE%6j6$}+5YOMC3H zJS_j6ln@RkSnK#bJ63up0zQ(W$Xl`?K2OZ;NBd(83$t8 zL`faHo2kzI`qWIn`t^H&^)m{9MzRx<2N78vYjm=gO~55B^H8yHUi*hq0#fXpvnO^Fe)Fo@50R8 zQ?O%ick{)K0RO`j)5F6BblB5JNQu$Ayz3#f*MZKlx?L*#+~=K-n_Bl>m$)H+@U(xy z)QN!hoA=QusiTFi)O);FtZ`U5bJlb-G_d*73&tCFe0uct6z=!cnq3Kg`%i5B8(0MV zIwMHf_jkj2-i!}T^sM|K@i}Di5+J0L1BM`YSk)6k^HNq-nAU2VfxoPAZLil82?{to}6se%c`Fp@eOj=+i9@{mce)1IJNNgnQ^P{_|d?|Ne9LVd6<*aP6 zJw_qcDT(g(zBgeO&CN2$DConqmjLL}hcaSoU-@xXNx+;8OS&QmfdO>K0_)w20hCz% z4?J`aoD3zw$)HNbM3vq>LkTL4=*Nriv@+*JS_=$LZv;W<22 z6}yw?v2WK(`w+y(%k^O3<$Y=Y)}4J%e1bLSwYw*el_%ZB1U?woqX~VgEZvVclW-NzPBs6;i@UkSCFO5 z!{fjI)BA_&Agz9^ZaVjc#2CRwPvs|22|)WkH$FIaeXW15FAFX3B%q>`R`}Gh&6cr` zPGD<6o#*gmYmY&E=NJQy#fay(UOO7z00$ESw{OAdgCidvr;HCXNl(8Z0ElfLc!Nf{ zo5#NAOTfjV4`l$v<_Eli@g3S@;hPh1PQsgjPE=ZH;0?ZBJa-&;Adqi%INB>^(0(fRm(fA#vXBBfzMzfhjp>yh%+-x*i-_UxM->@T?O4)B1$X8D-`ns z^pdL_kdM>%DUn4&vzf1)ul>>7-}+OePPA9we&zZ33@=paIO*qe8JM&Kl((QxNT_^ z28u1-Y%N#A?c{mz$KK5*wzckGDBN}DCCeIm>rP^Dk?9Q{B6vHYQo4NdxReWHiusnSJBdeu}^oVVF2?JPZ-_o(g-Ly?f_;FEvleBt1 z9Ifwb&Na?$B?WyTa3|E4INYCzPo&OF;eKBwVpaIbycF2p#2L+f#oaA``SLWycphbp^Y zms0)D{z5(Uz6HnWMO|FLydt{GrGUR(rpR46%SB_;bmm8gbF_=!m%?k!!=lHnx z!^|5R!fPQANdV0&|B2>ol%Jk}+~arg6aGr2(_&Ddq!7b&@27(~1s+JvMnDCZ^X?<1 z_qW4E%Va|x5krw;n(zHx_6NYg$&8erd$lNapKjq({e{q@9u7ar(oOnmzBbx8Vt27) zfgLMu-*XudU`y9gV;l@P&Ms!VS)e!(C5giuczh1Cl~{WZcH(8ok~31idt_4z2@I_7 z?D;M)wVcyL6rfK=-#fn!q+S@HoxKk`W=`8vMx*;9hi}6cMAPsAkTE_)#TO%+{w?QU zmAi-{Lrpep?dZ(SpWIM}ZAL3`;mR7HFvnD&$=IJqJz4zuge+H;o&?vmX>Pe$s zE~r&b7Z;qaQ0gt*x_PpFjKh6S`x@d?Mu<$^dht8J4gl^H0CtktT4AX5S_lEcJIj(_ z(c`lyw3JO?EJDPIuCMwc#cT?%;tHDc??lzy9OY|~1BCW`fd_49T`}Zxa1+Cy>$Eo{ z|J;d6=7tjEiq(cy+^Esf-iV-deN4~!^ZH@|m-K{%mr%A0HzF>f;!A>PXd)PF=g~&J ziI)>>hG8Qk!2Hl_pY5HP zS&ZRRbOYq|46$Am3CPRlpYr0lFi(X?7TQ%8^AGjL{>Y8bgz&4zG~lgJ=kw2^258R zyk$XelXorjBBh9f^gNF8#kmnX{2N@m-<8w0A?NU2dY4|d9}Sx%vL)Usmj$7HZ46FG z#z>dr%%3k=dyBR=3n4&tVC|7%}`c^Bq6nN4eq4d2&@eK40- zP12L+t{Qo#pG}0REIuFFNbR`9LHU<5 zYi*~P#}-eNw%L!I`FYKf`~(<-=|m+voAf>0_M69`k-jt%_Aba)av^^2?y$ z@q<@y7^IwSzd9CBW%J+ufGg9K|MI{KFyJtHLi@r>5>U*rQpmCmC>Vl;HUSwW87@)vK-w&GsZXfLi+k0Sv-vDf@#1sh4E zJR4-jr3fmi-G{*icz^SiobHs-Tb#^besk!hN|>(e9x2NBIxMn4cM8jUyd z62F_V(@*BkgS3{c#vIB>PIODjo5fkTS{Nn5$9INC#j#F=P#%OTJrCdRnevcG(_*<1 z=u;`bL69z>u)-; zZ-fLa%H8UsllIB7s}s<0Fr#-#F4v;!?D5%N!@Es-TFdpRMH$quq|KJ2joc$&r4KDt zjQ3X<#L=W+bzL;N2-(b4QqxmuJC9d7 z=l=C8H$vV)tWRs!+6eP66xU?ss#$!PJXrnSq+;$fZZW0v!#nGJZA1;Zd+iV?oCn>$ z@_13)YC_WeKI2Hm=af4uwIY(1B0%>@G%u8DALl(5l1%Pom+&anPW7hE5T9#5^U(LW zwkwM!qt^buQjm%&?BE(hDqqhkbc@O^9=8WWx!5r=_SXdI*p|o!2|q&I%2=G-30%2G zzxA}{+Sa(YI`_@-qxO;B;k*!uu02DqC|@wQRsF#-N1sJEa+%)>k)1r+sl1<)@M4B| zOFxC(E;U>BI!0AI&ojms=~jU#U3+6gZuc3W@r5n-atyA!E)V-L18ut1SwC-iCnm!u z8oBFS4$_hZJcq;Oy7F_vD~KBfHr7pf#b5Zdq+ajdzvI9Rf2gP7%5U%V!hoab!nRe; z?8K7YM*YWkFLF=y*&RK$>#tebWAF2l87Ns%%_G)yDUaOavw%69br%^lRY)Ig6N=M( zH-qiyCAYSzR9CQmQg$_8R(gE^qc|HADq<u@}6&*5ho z89Y~?=h2WI+5p_2_9=Y4Em>r<$g&Jm)}FN`^jOTI76(HdTA;)bMnezQET;F+>+sO% z+Ky2t;+M%6=>?zcGmVs|7J(`#=$2hH_12g)MI<@1lk(TSMN<(n>O7!}++n*W$np?+mGg}+UPYAh)R2FOl!E@YBEoL*;ryJY*-!PW zzl@0eBfKsP;isf(e8y!CHwP}(rHxTA6z3Cz^lHVdr$_nl$<+o{$_`@^K3cnLHhW@w zwt%*he-5Q8`d@5)c|4SF7k9f#sBGEWPzjZt(5hrhLY6V9?E5-dhO#6Hzmk2+zK?9f zkeLv&jjUrEV;>AAh8eTJx8L(T@B1w8KR*8Oxn1{lpX*%be9t-G@5}L@$#;5gpCe`* zcE99z7E?osOvWjTsq+|eZji2SYnnLP6iQyKHgU~pPa@(BVZP9f{ z+=I0I(|(cG5L^6hYmvg=H`Wyfp63f_#|0saLo|xsMq7j36LUdn{XP=~va}$!*ujHU zW}Vq};UqD6ap9fQYlO0y%RJV+Q>cxdnWgox7SqhD+X1Y(`Mj_OQ*Mgta_w^s8Zm2< z7D>=5L6>dxPy^EPq2jTabz%c{$$n;0td*6du@NFk%bX$)*6xp7u2VX8KjH2TwUG*L zIBEd}VUVY zm7<~XPrl>CR48S)sj~;=KQ0y>Q^)%WxeoIHExT}#7ICoY0qB&KKX!+ybxV!5u%Vt- z?CXRX>H|urtK0=lTK~h$v9e8}7GVv2#{df36z|2J3D1_WHWTnR4$zZK`|8 zS*7zae0|)SP;Ymyzl_9K>QCpJ!-taZshU6N>DxCFQ@CloJ|yfWGm$FC6DKD8zV^j= z?b8b(^mU_}>da#m;YA>9`IbB!)1ntW)9APU>!?c)p6-j9mxC!ITLGlWY*nLG6sc8UCL z?`qUf(UsI>+y=B#2Oq!eMtoqf+TOXGT#BA^A1Kv33;WPF%u&hJ{T_FgB0~H?@N823 znx2|nVO^|W>$|iYv!XLW~ng429b{`}P0&#kIOLicXO7YKp<2%~;cL+Y=!CxpmR zVo)1PX(e6I}axeo;DAKGG0@De?4&-I;S{4B;N=|f zow~O^RQUQq^SilS=CI5%=)aLZ zDKA4>ccE_XPI}p)#_*_6F1VoFo{!o6cL2yh)%>MFtSXdyMg7l>n%@Nukxbj<2tpKu zv+oAO-XJ(*8U{&==1i4!wA0u|X9l7dofNF+ZRGq`hp)#QeOGqnb6g@MVm^8e98!4T zfnrt994-lW7kIgRu1#k!xi(CTGHCTS`efg|M3SJ!0MZ^ohi`Z^lr|{|Rev%(JoijW z<4^my?(J&R@Fxl?cBQxMA8#LPrVo#MoFIq~dwsUxLD)yFyEWQe11k)uOdV_oWpshDbEJ)RP>lue~jWIUD9|naT)n;q;rdAZ+KI9lVrP`Nd(P>aqE4i<% z>XM4r;Lwt{hJs>x3@>`bB7im^68`mcRhk&)vKu_Ed)TJQL!y@kS-d*rcVydHBINVc zng`7sXrp-h$Jqgod`L7aiNa$RD)9{$`D7Ed9cqaQ_UGG)&$}7X_64f=WU*te80-x> zx1`;6_?oC~&tDnp8chKQGUBLy=fEQP)t`WtjpzNB+c(u_{?vrKvB5y-(f_H$-#(4N zDB)fflDz)d(2hKj18Qq53x0giGSd)IyqnAYFn;<%I9(v9FNMr8GCZI;jlPO`{&`AL zFwPUr~rwyf~MH0_I z=fvqUUT?J59~gQJK(jSrlr0_NDMaugld2(oM@p|Laz*W19RJoL16@Z>_>%V`Te8t` zxa-T9n2Oo^r==Q#6H3NeA*|Tn>97*YUs>|%^0$BV9f_&#!HZoK9};hr<9n#+c5d&?>8jmR&)ehv3EG0%~JY)F+~dB)-`Cj%P#6Rvm&qZ@eS*NK#g zGx3I*?3Ex)T*X0NhvU3Zv-{a1)b9=-`g)c%9Z_SddKNI#DEVrz9m3(8{Wv!Pcllx7 z;3{hV17f2U9p0d_^rFIo90E}823%wzxy8Yp}t%==}{w3?e znMdPteH0t(MkbiuqXf-dO8?`{3f3;l!pfX%{{YQOexwR<>K)aBgfPI#Av+&Brxd!Z zp-fHN>8`ckey= zc&1RxL~`^gs1rUzdq``t#)>t+`erb{OA!VtB;R*Qk58MLpE}m5s0?6=LMJ}BT)P8P zr)Yi%Kxs&^DskK}^n5?H-DS=;aaf{^9<} z`%ima`r|?37V7hcIx>0d-XB+XVkq~??2Hl6V>E> zLZB(*ym?DTRUul{oP#PMV_3{v-j5)RSe@sSPOPiemD%4exO;KbISJ`=djIgVkLsbL zqrDcmvD9Cgcjdk0lgVyY!b%wnxpPIFS3miD&oq^>1;gu%ZbFf_RvEh}UGU&Q>KnPZ z2Sn5rzE^oKs&S8h)xL4AD$kXl9LF)9$Ej`{NUl8`!tC&@nb(M%`$$rCn)>7E|2bmB z%)w^W@GvT*$RryAZ}NOT5zyD*Gxs&L)u`y+y}pxV(BM0BYXl&X+7m7`^ua`V!cJLw z_2SmAdl4dk2G&IT20xLAGS{-boa<{l3K=Ihe6s3@4He4aE$?&z7RwNvr2QvsEHk zhg+h>g1XzC!tFvp#V2NOT7mv>Y-E%OCcCpS*6RKgEtdV z#P7(6PzB-ImsNe!#lHAT^#=P>k>L}W<2SCE$2st#+bzE5^`8L$ z9QK={BgfRu(B5BtrJ(p<9#Vo7Sj^};i0mSEgaRBy;3n_uxprz=r^+j-)S6&1lYYZT z_lxFuLcGW6wN+{{KHvH}1~e9M67%jdd7R7`whB|f`pMP9g7u1CaBcmlU>q^k)7saj z?1yy%S~7L!LTG#KI-k}`lcJNv4|#L1B@;hvZ~!*Qiv8QST>E!k!-CGUp=$TDE2lM1 zb&PBD*H@aJvRYz$+2Q1i3Igrz4fj9j0cOCytG4ddtIKGu2>b1B#Q1$+I+Vx#Mw_-@ zD=}MD_8Ff-;DiUmQOY6XNAY3%S51!%xiplPGGl@eyGw_2<(~?gp$vP`!#~JOCyf<7 zb(&CP%me>so~gk6m;z`|}Biq1Jf%XGr^zL%IrLHbq)*0NmX z3{}mgA1eRJG?_Om6!Jb+ghtWDM%iIMME@e2qBX`X%EtwkO``5C8f>iKZFm?Q8lOVb zTJlr%y=fOMYpyJMCyG%wwJ9G*jZku5tN?98L3d=~gKyso21Uiz2Cw5^3GS3D^VgIP zuRI<9++%7}tvP8urB$Y|es#t*py*lwADSc^&SEmQNtIP_FD2e`dL)0p7u$s&$hkQnnt<*lVop<|#)yG~w{EFT&7zkafh|B(2yJ-$fi z9#rQ~cda%2>!a%;1JR{&SfL`97-_vYg~i>aSPP|bd1k*6wCe1(;Qq3aPZWj3QyH|I zmhcVXtF-bzy01H$_pD!kMP3>0o$N9aT_lD5b_*o8v=_KCYU%xjFS6Y>n4*}a9S#uy z$0=}47TC%_KQ)uwD8(+=N9b^XnfQEmfm2n#55_&#@Zz7LWlk65Sv=kerW`E+)|!L{ zX1H;WIpEL!s_?gk$da$(!5VTr3&i6ZV>6@2Hc{gKi6R^rU$EK}nHP7ItR|J0 zyhUw}?v?z*W@x2BF%?p1}`w!eM>c@UP3{KL!5v22i+#v#cISTgRx?lq62IYod{2=4hCS!tl{PGS( zGFb-2G_3Ks(V;Caok7n{N6k2U&YoZcLp=dI8kQ60joR>V{rR=r4}k2;@PQiaqV#I6 zeVDJ!%3#`lm9f;jNPudDbl7WM+KZ)6wzhk)NnO;u66c_iEF-H$FQy(8RL*Xk3ALCF z4VanpMulXs{CpAx6NCK57U%3~(@+=G@8D1RbH5Y~mGPW-ubQO1Su9<*Q>m@a?$ItL zM9c2C;7@+#Xp)15nblkrRH$WKip@5H<(H}$5V4Pfv|NT)ZG2F|@`D@ftq z!X*QgEM6;@%v32H)^)dv1&+(YqGIGBA{mak9N@TZ5k+pJxor{IS*~M2AI=nIq z-kK^4o$`6Cpu(~5Pp6E{^)nKUVTm^E%+O)o%y2)wjFOsV=FfHdj*~6^ZKyU(BF9&d z?n;W>T&CZf8-v#K9JSByJVwxJ>UK_Evf`-o|EqVb%OLxDk7%gneXFO;1ddMbV{vq_ z)R(z{jeC0oA+E%-v$Fv#ldM&j?9omMfixURI{c!n5i8<2TW09ux+d6nJm0TCb`I8YNL)Rs^JQ=;7 zjQ5oMyS3-Wzgm0Da&M)&W)KR_=iKKyuNIwsXCudwwmU82qvm%y*s3X&kxY=RaG`QV>H~Lf`Ddgn7K(R1At;m4V>l&L zBUV-<(mi1v<6P!`oNm|Y zUd5k+c6J~leqr8fsj}+$ZGqXVS8*uy+k2?lsPXtSvj;s0>m58QfOMc~3LW){6gd()p+zgrXxx1=RzM#CGS4ro}KDPS#x$a2K{m9{?441UaIv8YBIUaan4C- z+d%zN7+}#MI%7Akz6Hza;;;R2WZMyZrJ>X9esaOagAzx*FmmlRKid~W>i!gM;1Czr zZ0ZQNGA5mFoxFIgNp<$7lbZaV87{seTGiBjw$Xs?8RAh_YauV{7lJtvo-}IXI&_z; zNPyJ@I>u-S!+@dvCs|$rLI%m?nCO}t-GI(w3_b1J=At=Hz%<)iv&qkZtv1VJ!`G&_ z+1*~}76XM-W5S(ZL>&2zt3Rl0NxW^ZfAM?|mqbZqgG^RW%i9y|D`lWG53ylOCE;8C z=v0wy6m1(*f4QCXz4R!acKpx1$?3@#B(By<88Hru)qBqk&LU*Ai23Ne)cA5*;F0co ze`OHmflwd>2nCM(+}8R_V{VMIcg-X8C_I5t27|`Gm?nBzztS>u5#CL}W`LoxWlF_U zf^qHebv}>5z>JE}nZY8Q_fA)xVY2TD%E$-WLrWKjRJ&E6TsWy@J*JU>=ntk@vYPMJ z&v%DZ^|P1##=x)lyyi=Q_Zsk;k{L}_f3)9vE8L&@h)i=XZ6BB6Kj8bFE5UGvkOQJyPYuBAY%f&E=CtehAiPHT zlGHi9DdUwwN2~)T58VFz5j3z=aCv*0TAf4Rx;$nR{D-jZpKeFZ5{@s ziE};#x)dTN>`&l3}S=s$bi+=6b$JBpu0r=N+FPgUwu-D49h}FRq4{YbLS~Xo#!qwwD;IX zdnlZbb`w0-iuk$m3Fs8CO#TUJlt>JX&V#K#1FRLL!LVTHP6UN$>eALmHGhumulST# z=e;mB2Wv5m3mriajeF^uA_CC;1<`k8l{d z5XlJ`=bET@DtcMHBNr5g^a($vPX0%`4{U4iHg}=c@GqR(Sj@fupw9DC2I{1t=hq*h zi^00||K}aW(yU`=??n16Mhj&5#-5UGRHMP7hI)+}+RFf=*! zINM??d$xd<5Z`0!&zB6I&f}VQ#d{aD5x?45BN{ zh0;}zl5G>02z_U!Q;E`5jnzRlQa?z}uVO)gPJZ#-7&u+X$y+ zBld984eyGGM&(>M2zz;{5s`&$jALi~i6p%Uxa_XI4ur;%s)lD2E~O}yw4_(shYALp z=C}An-&UDc*Q%|n^nK+67@}-GxAUfx>>b%6c)oz87CU1;oQawK#@PnZ2cJQX;Sn;S zfp}$gPnNoV%V86CaE*hPGMY&amr%yQ1wKP^5xu{cIc-w6=_`0#*w+vn{_`0wr+k_z zi(7SG8|mLJMaKHD^`ac<*B?HA7dq1Xw{0Gb`xsTL^`k^u+}%(sM|Vuz7yOQY5WLeb*=&YSj-A9trTK7W`u?6sK{(AMFJnYq?oD65eM^u}IyGl;yi`b@3o?dkN|8j0y=&UclQfH2a1 zG#Phh92?i@4fK32*(t_O{3G8zb^kk1h8(d(U`fa^|rdo99y zsM6_629yy=eL{_#0?>Ep^bPb21%!|tSUs2`0DJydX@UUCjzsQ$QwzUh|y^_kkh9V4;0~q3xsGRCqqmY0uYa zHZ7{bxVMQTa@Rsb1{woSCf{4xt8DEKn{s?u(T|Fbaou$qyn3XM;cqAwlO4)ZDp%NOu)l6tQzK-G z^Z}-UXX@Yplu{#R3~4XGr!dPwCTc1NpH9ZdqSO`T|12m}rp5&J8YQ56biZo$ReyHk zQG#Uxu6Chco@hMFP}dl`3m04r*2r&pE6NT&m&ezN@Ss0UCS%M!bqDS=RPW!&QevIY z{YO+#pvSo;?lm?o7rj&g(Y|i^!!+AfqbN1XoU8FSAf$O@V-E-gbdJ zUtNH75gr#^1U}t+V29~wC1xetP}r`Nsn-gC8rtg%_Bt`Bu9e0CKi#Kh9dWB7!vWMT zsf-@w)$0{aa@TgfYXF{(#JYcUB9|_w2>cBS_*UxT)V2ssHAXJBhFVBnPseUv`NM_h z86?ZIzS~^QcSy%rXH8)Ecfgr1mY)zvPYw~r`u~lTIS3#62tUPy==>Wxwj{q?lG+7` zI@>%?TZxhg;YR8Ymit6^t0(uEnl&kIsAbAPJL^ZG zB2PJ&8GTQeq?l%3kIDjR*sc}Jgkkm9Z}(k9Qs6B65mU1hj9sWKdm>FXG?0#5!cvNw zio?O7wvU@76jSdo)zmQ4Lu8=SPwv}N9POF&ke#yxP+FEjHmHB4yq}gv+pX#?Q(qS{ z1HEfO+V>A8|HHv!y*{w65VhfM5Uwj!H2cLASh^?$o;hbklQWp$_(Q7w(uzQq|6b5g zs|uJ*6U*2fPhM&oR`3R#%8{DiJBe|`<0~%IS>}2}H4%ex1sCzrdbfvu_y_!rNeljK zvO>oAD=^(JmxrFsRG}Pm2n@dQvhWjA7te_N;JcPdDdadn+3WSv)|mP!3fXSS`34(b zqFXgZkk(#A00PCVDO75NkL+%KWcC6dD``^VTI~9dD1iZ2r*>g{bs}e|{ile{rcML6-F*11 z_o@qTbY`KKVa2gT;11b?=umA-oOt)qaA9{IgTRiD->Jx37tK>g)(#(Y@J>~CVkudN zTS;Ct@9J>QfD*T3p#SriHnw*CmYh23Md-pK71QiL3PIS! zHS>c_hco!h#EP3mvQH@^fhfIwC7Dv}8PavX=rEaY(I}Hb@Ic^PzfB7R)Z&we6&7mk z?_`kL^YF# zELa_RoNhr3#N?3=MQKGX#4)(t4Vn! zOkDksq1R$j9HRbdSvrzkTE%~vO55<27CVZdYdgnC@<@B(abB&)fbkIW5k1zDjjcpM z2zVq|-6AhRIr5R6cH?}=G(XMjl!NwQU;*{&wM+YmVgO2AtVR;JD*?D3)CoWIlsrPW=RAa^os6gl_HnP9gV!ujYw=>fs7Gd z2N&PbeREJ%v-o?jw{rPxB9U$ROjpjzh(D7mxI8473(gF~zbi%zjsBzz-pL+95I)l_ zJCk9bH$z<%Lw=@|^=kSEEEulZ6j5(V_}i<{o9!Ux@mdmo2OL@w`qPuF+?>f+0?|Hv zXSCPS{&KjFsVGa_q&{U;+=K|8#BZCZ-{&$^bjz8sp5NA-HEaUdop-{Tf&7OalIQLb zj95emEPal~(31x|4r|YJIk49o^9DD+6*aHwP#9ad_~|NXJ9TmGF(b{y#e zm-!(*ehXxMc}T(<_Qccc6*oNItkMi%6qw9aM&E6pb%x8j)#}6}fPs*qd}XOVsZxeg z^&6Q@CTT;|zO&{J9Yqg~^JYkIT~IapX_lMXD(_6S1mwe(<%XJrzTn*NH+T z;pT9LAHTo;82jvI-$bLK&B3*ruE`j%W#HHSt% zLdrP~ioP5X%jjgLC(uLu<{US~cxzbbh){weQ;_U@KJ;|{(-y?4L5-|ZDDpEL{bUV8 z9qr*6!u{Ca){!oqO|6$$5KoY+FYR|X6=yYX?#~3jwyeB^vz-e`mf=$-ydt(=FoI3~$6w%CWXn zDt~!bxxJY&I-8`fntjv%E0y4%{vZa;EH~Ek#rEGTsGhl5dbU47aE(8!D8tLvY+jNL zmG57$2;a8A)OC8+?9TV+&L%?rU2^YqzUf$b#EacGTAz#gHg!I{4A$IZ?bO!S$eO&c zj-yzo3z2P1tR_UBo0$!d>6<@(C%FRA7&%4paGJvH8`(*>j;+}i(>EU}T^{2y@@{(D zqOC3jVSg_=%^p2o`XNhTf-)4sdcZl;B_VeUP?!g#!=<;%KrI2U?>=JtGYp{KR@yGX zyLY>cz{%oJ@USKRZrqwlPEX9A=4Jbsy|!|C7))NlEp8QWSwnRi4y3NtG^X44rM+Ul z9Tf815h@pnqUjxE-VD6D-6@%&BP$n}IozUX;}lsgag>%*aMrLw!8gF!RB~NnCC^nm zgSB*THg>#r>Ko6GPl84&5FF)M%ZTm^eoA}=xR`yT+^w#rIojU+SUBlAFRaXSFo)Vf zK)kUg$p*783?cOb*s#Wxr5{L8o&Z;xPLJ_xm0#2EtNU&TrOazcI1dN9)-!wLl7|$p z(6(-Lk&}y)z9AiL0=UIP0{DKI)`2e#tK#6Lzua_7}afq)6pUS*nXk#|=%_HA-(z;e5hoCOS9SJR2ZGiQz}oiesd)5ri$Lda7<-XDK=P znkq*3FX$xspM*wf#CRJFO4GXK62-RHmIMnPoFbH@+O ztv#@FF&q(N>1B=nHU3Ry)~8WzFVl9LO#-{3+W|!`)4X zTcaJT`di*e`s*<5aq=BH@j61~2Pee`yKH5?&+Vnr8!FSFGaBaGF!Nc+{%u9sV_ol$ zrudMrJ0IyP(zu`}&lEPoko>J;hd*8D(1(CtF58b^X*_LYzEBd86>0eU9o-R$QqZk0 zuzGud{UsNzNUt;eCuy!WWg?S3YE1p_ zo?|xuCO36Vx9OPkuV{2~)%R9`s{4FL7UZlzKBCib(^{s|C)SbT!^}mpxGF-DfmHcv zlk=6AKUP@jz0?p<8S1d2vM_j@>*f{un%UvVxVOdL^n0B<`^ohM)5-EQxB4-gx^f(^ ztxA|5wf@0n7BWbJT@3r^yJO;h;XJ6yhuKTdEgNTSv#xhRH2SQ1af7O;{iX9N2rW*D zbd8a9cBA*kf>vHG^dZh=)FQ|aqMc{BPJ!TjwvoOC!Sy!yCK=JstkEZ$wwG&(c=5^# zjf_)h0Zk)Ps*q`Gf;0bFRijQl&#YhZGdE9J$!6m1P;RIf$I*Hge1}#!iteDg z8-p(`-YBbqt=5*Jcg(P>-mm7lFxRs~Sc%li=7{DLw+gq06)D2Fz&-6$bAX&xCRoP5 znSb^2f^kd+WZLTK+M1Gb^Y`sGJ#0Zlh5rYO{X4NpV5kED9$>4^~q@7Dp-TNfchvv5yNL~lsRRfK9B%}UY_Jtk7h>!HN@98`kAM-J2 z5?%;MxWw~9S&~=|zwhn{st)`?6}_5Q}I2N{04 z3bA)m*6W>S}=&$RYh%K0YkhZ#L-{M z+mom$**~uz{7Ce_ zi}hZ#v0X?Wn2)$%J%6~_tX|Cd;bZ+0S)3k!SXmv-dxy}}pZ!gvQI#mYf=48kb%?Dh zFWAvF%cNpp)8m0X22)+mJ3ZyUk=0Kwy?3eZeq;|sj}7#rrey5R6KLoKk;pNcVFmA7 zbz4i``zkUR%6%x(tWG~9=#|H*$adNFW6At$$KsP+kBZ_wkd^1UAWaRSdVY+NZI3q> zCTedukXPoWr|&1*5H@BPa4x&Ws1?d|V2KFdbWOWa!d_q%-dSJ;D5qn|lBz}v<{IHX zAoLP(qda8k>9EoAJLO$VmsnE+%u8;+w$;EGABxm2$NobnZ|&QEh*f(aGK{1xd(`9m zs{_<9(q~hablIgfBJH|whu-S#^{p8<*;#X^Ja7jvQ%+14g3@{eW$L{ zBWLF3Mi}WZ-V1N1e#klf4eYt2i^m`=S1x2YDgb#p1U}_Q%(MT}oE8^$>-vF1_;yFr zjHH?Gxw;?E)oH8tLwOJ35$C__080VZ^S1HIEl(Tsdh2ztM;K|)Esxc#k$z!vop9wT zM8F5H>9mo}uBHC4d0X3kB^GorJ8t!Or+;5zZrKe#c5b7kcoy{ju-n5i{wE-)_DI$A zA^b?rqf9^3=T?)yyjFL&M8>q}Q$4Ws-1_wqkyV&?%@Sd<|2K4s-zYG?(V6ld?O^Yx zX=RSnAb@IsrLKHGhUTS?pn*5E%4rX z8>Pg1#7_d2MP4eApMWi2I?5*lJiPoFdHWE4T>LutR7PjSiyQy=S|@LPT{zIV-;FXq z(HQ8*s}?$s_$>eaINSHY%LkdZ^ceTqX$b1vJV3ekomQl9X-C9N8wpYudtp{D+rwW- z&ox_a^r~r;PO)o}DDJWQ(p*A?g?c!7++ddp1+rd24pJK#A*C)@KZ)a^;d3f$TrZ8* zlyZyj_aW^vjM;PE)AId&eKDmUqfZq}9?)>Dk6iKd=BOE$A~dCk&_)KEEs=F9J((KB z%L*Y|2K?@?2}Sd#-j)Jke%a~L;F~Q0i&}>}MqxAGe>}Qz=AZWWw-KH!RyxpV3!mhZ~nVX*^fIn5Xzw?ie_aFZlFgf8ttSUv>79n(O~cYC81)e+xT$_VIPa6j-q+1uJitX-}C73`+Y3|>h{21gaCg!w)$It{sBcn zW4)oyYM!$b^wPdBB%iy2IaptcZLC$o#=GFBQ{a(sUAIdvl_R}VUd;RMrdrmF5;aE3 z{yN*bXB_{#njgT+PaXpn@%MUVX7veUKdNopjsWBK0!iOSw@T$Cf|ABpBnD}`9hBm z?Ctvdf9-mrV)$q(xy)WIF#f4tAU=#?rxb>Ix%AzuGJDCt9|sD z=6~sb;SJV$5%2~tttXwC7s5!YbPEs< z8bS@y^I3^xPAy5PR=Ndg62kv$18%ABt#9vB|7{h(`ka!vlw|8&H=Hl1%AazUtz3#f zik@F{@Y7T!2KMGGeQ|%#P+{b0)5CMXjORb?b>G|bhmWFT4)vsF%-rO-IIR~(dTm&c z=^UxU)wh)H<|wCHUu1#U`~ce`=@`Y(RN2$hV}AxZ*`~HRt7U;GGmTVPE7w<}&!DCN z+blTEoK1(PQhwDeW%r{jZ3DU94|P&YujTHE~VFKkz7yw&Y z5~*|up)LxNIsg*n03K}@@!;K5M|JkAI#cuOZRj=okljsbh1EHsrLszt5^&c?tG#A} z`r^n^1zf^cJ*ERG2Yu?3YG%~5twvu0EZn`iof7VF7euN>P~S)|Ko;_Ry0$0yry&~{ z8g($R8i{F!;9Axihv4X@aX`!h(822d4lwK5GZxZ&>v6Ir*XVy*q|;5!YzFk3mgGo- zG9D>)Yg<;6We0|HEtY^%N>#uXAatRmg0-@p_I%^MuaRIldFJpSApI6Y#R1Hplf=MZ zYjzmvmA>0CSXTR*12xQtDp8Arxoi9!cV{tOvNGADgQ+UDlXPrkOfTT6?P1McaDers zx?fbg0tZ%nHo344(e@oJ@^$er^BDcf0CHA$c9yDLVYVc}nErv>gKUnwzGaM{usZv+ zSv!vuGs*Z35Kqle1tBT4kE^DSQ=Ta=oK3&Cbq>$Iy0gDC->l00T%92@DcH4nizfn(mLQ)kg(4~>eqSKm| zMlDF#Dp7+JQhr}cPzsYg-BsR1UbPo$vLSx2|8XX|an_=-f`oE0!$CC?t zNwCT3f5JUUFQg7H^7J;AcMDrWRNI1qO?6j~3>VB88d}>74V6{R4kLwxcOrhMXB3yt z1T&UHmJm4d?f5nR4EO}e zBgA(!?*RK89+ah||8_3o`oZIJCU0%C-zKNrkJ0W+lc%(=_NApo!?UV4lAm)&f z_GDnk#4QziL>n)UwcSDm&7*NW#7Cz;5A- z7&H`WR$a4WJg-?2E?depk~T)4QAB?SIFtu=JrP^437HfFqWFXR^E(TGlA;2=Zar10 z7xnrzng3IfL=ydV`}X8I`59I;@b`xMmpdB=xiw@V)yq53`dF1RWzcxD7A3629vyC! zCQ>PE3n1iliekK~h$lKyXhdDU(2E`wkC*L8f^p4J0SQXmmi z*IF&=9Csw^CEe5Gpm{S4Sh~DdPJXu8EJ0d%%5@^&%j|Ws{K@jGs^)~%gA{DLY1xlT zQgoZOo*CEUvRNOF%mu*}%Q)2L=$*VBkE)e-OY%Jj~Me zWdx)3=rQrUa8IMV5p_1|1VP3^$f}5t(B9j5c$( zKPBga)Pn>-TBX{48k;cX8!{sZ4sokIvD*zd^KcfPe5`rZE1Yx@$UvCo)$8O`EXJ(P z{PeCHjB?UlrP6}(#g43f67CM&wp z@CiowiaMI?j&0MVv>zZ!nSFRjiK#M80PidpRH+{xJ z#?jWQ3`N18E@=ce43}-a007zgxeaXoVJgOOvKn`UPxr zLWPxGpTn}%rw%6tLR-el`pU=SmrDp~3zn0@7{SBE%qVN&$S=;C(4p;5_JGu#Z^ETp zH`h}3Z&3Hs*IdyePXwNZJddicmkny;J^nzf3Po65Tou{a9Kl1MzNZ1$t@W=8&+WBO zCb?#t&iobMOk1kE$9mkaDG*;@E0sQh=Ko=s>J^ph1*L8sp=eCkYQ8d3X&!Y;hQ`G& zX|6BC75a3BPq{>v99L+QgG`K5kC4}eBlEq&NVSt-8D0l%&V#OfCcXYc+e6Y^KA^2- z1niz_3FTLLnS}3Y9qE@(ht)03xr!I$%-d>>97CU&Ypo7G#FjoCWkxR{yyqU*^qJXF zI4=!%QWv}qx+ULDck!-|0~u;{YVxp+V*>oTa!+qiY&~IK6P0LD<#U1Y8t$k_A??Oc zU(sm=hqpr4m#!GBHhvz67Uf?zIruJ4g)=L#rFm3aeIW0p4n4nv@cK7DkGgTy469n^ zv~Oz;sE7p%lG4s=BIIwi$M(X*+<%KmRNoecDc}Ynt^6wK zBJQbHwkxab*ALmeQ=W(6P3xgA_*C(nXrtw+j*Q^eS@*z5R5K0qWyDUGC@$7_U99`S z^ST?_9q@bovd6zVj0-kkDd-~ph}UJ-Hb0#Mu=ILV67T`_YOwHc z&<(Jgl}?#sI&o-e`1|dRo0+}eDmM5JxJZ~DOD@C2Xw!OY*N2UaVy*yRe#%bF`&D*1 z)MV11rJ39Wwd`!4=ExR3Ja6mC8slZ(IOyt_Wo4*Y)vUI$JnH_TTqTcuUSEuamDI43r?)*tpR9vwasUVEyD0-ggbQv&W>gdE)=uD>E$i5)n72 z{}&{in7%D^*HBi{+8W~sUa)}mP+~)uceu~tbY>95e}1@e=jx>Cqp>TN z7g{&Y1xxh1zsm?6-id6C+3oN*uktA5S-qC=RAPO#OtZdtggQ@-ctgy3QDg?fUTi$J za(42()qUxG9R`hE(~4eML7?u?VF)D>Pxdw~_46Iu8sorMkE=Nvh|7hNW#_Fi7loIg z!_K=)LU~iKCd`7w$28RgPNCDG-e0%0(0WzOx;0PSC11O{Y3qd{O-8lsva7GR0)}w# zVzhZjoO&Arhn{RS4iXz|^TV8$GhbS7I-$6#jT}2It!kbLnZDLhp1BelvhlsBSB-p} z8{Eo!#fUvG=|i)ytC&;LI)U!L8FVM|rOwduA;D|mSj2bC@s8aZ}3_mq@aC2%l(k2R&6mi=TsO#-41QDHM zZ{o?D#$|2>MJH*Ip=^w`&-~i)3X~EuCHJpT0J%uVx>A&p>1p*i=I`Q>26@2Lg3q~) zeXzmyie{~ZbYKV)F~|Pi!>QoW5Gdni+Pc7zIV7@F94ayIm271SrNVWQ0j)^-$QCsI zV7HOy@}mQF>gLBPFa9R{*}VcF@r~CmVm4`2%>yu^`~CU(FTjp8@^4{>TR`6D@z(@nHwama1(P_c3N z@fao}rn2v=kGv1m#{5jG!yC)D5Mp2obrM|f%gl_D=3*=q97ngg?GOPrcdU`ftl+1e zXZoJvqp7}hm)XejHh$nB4~IfXv6z_BGUse6vmVzwfPL2}GSC5Xe;V*s+AG|rkM(Cw zCYRX*39ZGuhbjTQX_F(YX?jfGC-`E}v$-SqSzT#A{8mepMAL69#xyauFld8nZcxb* zL|FJ%>832akg|HpNgeGFB0yb$C~>XQ3aI48*cg~WqZ%`31EG@LmYZ@a6#&FETciOTM>d^I(5vv#z3|8xNHZeH1$r%6|- zEyXcu7wzzkj**2bC5Ug*sg-@(0cK4f1^fgtAN_j@W&SCqzA`i=o>vmg| zRiEPUNNb;VggvQG*;n3gULSi)!97|e!fa=nxizd(d*IJ}oReEpoyvJrL?~-$Y3FPC=Ni&28l8H>e=qqdLiNsB7q@HRs^x84^5AOjs%u_SLJ+$Jn zC_!;@J%64@1sf-;q5CPQ#+2hpmo{+nbot$%UT;B=FYk!iRN82&R08K5zwO(PqK8B~ zjWoJyyzBWWlA)~`s^gpMAUOE|X}BGMt>3k^#kOmi3u-Y9HKbO}mh$4YRe<84m8+6| z{C_#4TbX;9R(;9;#cKxiO%JEdaviMu6$j!lbrgfmmZ`WnZ=|Z38G(%JFN2}Xil8ic zRda1LWm+AL4SvkqyoIap+blW(86rsRl)*d=B`Hg(?$0IJKe_Id1riZ4s@q?&eL$IZ zYNpf@hl7%y)pV>HU~4t$v9RANfoC2jUs1(GAI<#hvGKFgKc=!DeR}p1>%B1l|FHL# zVNrHn*suahiJ+8-fPjEV35awm(jnc5lynR=q#y{=ih#htNOyO)^w7UVE*z*E-L&_a@M|K&_iMC^NV3Yr-A!0IkwLpB>V3 zHxfN~>V#poJtiEgbI`$j>7w-8u@E_O@RBSKGEy539~H(roz}44Q(`8*ZMU}b47>hR z_`RAEqr!JeF8!@hI_tR?0Bskb&g9;(fJe}G>cLnG9@RXtJ%N77qW%y3?<@Nyq&F@5 zx3HzCa5+km#?-)b&4<*o!KK?i)&AvjU*#-sqKzwCM%rb2u^D>R!ioG z9899^Z0)oCK z)}q!0^&9)}&PTWo>u7~jl-IUQ zlcRtflzExEcI_tSI}Z^EmwN`})FR6ioG{u7?Eu_uYk$1tvdbzGVvCcb_5WA+^X@-Iwtiw>kBXg zYMiRJkV^4c*W6g9W2)_m$rFn6}MP7@NIK7C?WB5Ta+ zU2}F%*$r738aZ6QzwXbHF^4=h8F%1y8KGb|8NWd|wdlAS)Rkco_00^nwammCy!Et$ z4dU~6to#z@&I-5$4}eGgh2=BEXS+tE_Ht6)?A1;1V|NY0Uw(h10vq8Dh?(m0@ALn`OK|Mjf3EG2qaq*qoXt zsNtReuo4^cODhTZo0Y6Hnhs5r>h-7?rniimpC8e1yB#jS;C-|!X|%~efAS@aSEqwj zv$26@6QeW$fVPe&V@hb2EYt<(Q_jsYsVZHDPZHj};5JW^Z#=aw9bKWU)vV^NP|Mvl zU~+yOrl~{ALZq&oDTeYZ)--n(yv2*-)#<{W+%TrzLYbP=4(6Rs?2u)7>bQ6+YFY0A z@Z%*l#XlBN!Z-QOv_NhN8ZR}U#J|`$?Og1So3Fsfciu{lG=R_D^I90l3TC3N>V9}- z+@*88FNE=i(u*uPBIlm@5Jf&QvX8Y1V1TKS>q`uDuE zU9Z~S^Jg9ATdCgj0_;wnS#{{yl+{Osq9UF*-l1_dXRHM#kji642V_5(jLX8Dd0s%p zjo}|M?Pq@+y_z=dIS1%+B**uTY|&FGYjR$4r7HGZT{3+J2Urs_L%Wnw`=mtiv+(&6 zxV5PsS;~jXRqqLV;JipY>>- z3B7J*r@lHT=;{#fjZb-eez51-3t&-Ef;CeHEF_~Pq;FR?j#ED4Yv4>c=B_-|vwLOW zzO0ZMQ{GN??K?oe47j)skL(@gv71_!WXXlSsNh(S-FnJqDpPY70`DIxC_Ua7Q&1H> zJ_M2LA@=*A73ZGlT)UHefMlpy8C0+v^{Z8`27k-Ss!jGq$UhGh$iIFmYqs6`+*BM@Fm!QhxB??g1vgWTI{GNH>e3l2K zN5$}OzjDbDI_rq(?^%yKavxBe>G?#|?wFa{1%0pMqWbnb<)>VK>6JYHPS0hPV&vx6 z1jl*x@QsUB*T_z8e2)q{9w^Ksf@o&60y7kTjq7tXfyXCu{PK8>??0X$JgxU|D&uA4 zF&ovvbZ8b)>V z5m(N{S=3&dS_lhRIJdAkJ{O(HYrq1AJ3M;87m=!Fbk`4!_u$5_D*kUV`s)0P*|{ul zye#DX|BmyY(gT$>k@t&#uD=cJCjt%$hL??Q_WYFLQ<`Vn0h{$cxe^@}g{AJTuvM*n5T zO;CeZU6s%{L!T3VdmLQ|F$DYZHRzDKoOpcB3x75kPrjY=d98NCe0P~ZVQ|FGe=}Ji z4R-V`8Cx+lbskO$7+9#|v-CqR)cIxOV=6e7EI%7-`aYZY5-^B0V|VTo=kwYkk&RyL|QE zFY}u!Ni+TILqi)DG}K4uwfET`0wrA+UimZ@hz!ld?+!WR}Uq*Y7qy`CV_ruJs2>sP0s|`G?R< zhhJA~vyjyPTXOO1i_!Vk#kmrNTD4@QS9{Ex^}%}38Veb@HWx$?^9pJB4Ols9IU5YV zZgAckh=^n6-hS$dlRQ9%lSJA3Mau+S zxz_(G@A^$DzUd10Wxu8Jk`ZJdK8VjK5TfPlx6V$d=NnJJ_1igB+URcRa{uoJCB{Y` z#04y0I8R=Fs;{Oe?1v8R8X|_AgxyP9x%(MCq_j+vduNMj@z!sT{Oj=iIfk~jTf>3A zkslr=s!x3*@D{}U>EIAKB=Cf~*e$CW^j}8_qKD~CL$_iA>97zKVd;W=guK;0ieHcn zZqNU#{`gj5$Qeo}Z6^{#%+=04o52lmU!(utqkt^25OH2_zeC>rlZ}XpU7m6VoPvq* z-&;lWzuYNOI4@PMT)Da@^ITl*f4|oK-xmGqP5<&iVi-P7_U9K@u3Wje2!|$z{d+Np z%|z@v5+3sQLj9sw+d*_HSkIrod`a^0CWgv2@ijk^TWbpL977(rl(DXf7Y#gbGbp#oYWr*noe&W12Zmeg!ITwz9OcQltudbP6@`wHHrL5g?!Q zMthNU5|oNzJov-MJ_`rpuwrpM0!1Ewk2INojE4yH7gUn{<3-<}y=?(w-C%=xS>o_U zUBQj~r;ivrz1X~v%6AeNNV^ZQ{OO<01Ac!?coh$E>oLjyz2_f<^nc~~f3`01%kXii z6}^38t1QP}yL+4ecr}%)O!ngJKom75xZPDEHQrqShnlWdf8qOQqr8G^a{bcQy7?vf z0^f)@O84I&?}bMbW4J?ojUOh}Hrpp+Nx%Jv&;99JU+t-xOCWTRgN@0T-3Bk$Bh}h8 z4SjUqN5r{E!}_BBWaMHwILdqxk-flf$MkX;rZwf&*`Y-Ob`yE2+RGe&d}BEb5*U4Z zjH*9+w8vaZy-gr&N-{swouRZp@RXccPkDV-PZB1GVC7#7RbB4)^693uYhcke^wggP zA7Jv^e}B7eiuANfUFrhm&5GLW-=+}u&aj)wt4Vz^ipK>)J!bMikXOUBVfpx3f$4Jk zDI6E@1Ch^nE6ciF9!{0LVa>O-d+4({%_MvrJ_N!xsSOD-xsz(}f^aKcaK{YhrA)@5 zAFa>9po=&eQC0l(e$P^1{Kq$7q2;LxSIAyoRU|QT*`$iv`*5Di$Vs$1V{;kRW$uyo zEcPmDxWDm1)Do@mQ>JpOK#~Vaiod#Ed+AG&y~?zwE;u*Mu%F$5tqd&}kbUB%^YmCg zY`i#+0=B4mDKHCyUKZ7@rFfnqOT#74X99Xmegt)`Etu>PC{T{Z47R%SPxcxf>X`Fa zvJ2I_CzEiv6gQkE(rm@Z@+6qEkeJHGMymIi@q^FjF3w{l80?(JN{2E08}+AodtORW zt(ny7B$AaZo<%^M*-dWxen>r$d#9Tt$aFFv2wf_%vgF^;cA%}D>*?aEFSH}~ov?1% zrxGkRmAa3DMosakQlBzhy?y_0pH6+OhY+dmgcfjBFcjDh_8in7!+_5y+l-H5`rO4d zE}VO9*XQDFoIkv!`W>AvYg0*sWBbN#TB*9#+MX!3G78H^f#==LGke*OuD?RAyck%MJJ}`DN-pF4h)O9o`*2* zPlyTQ6h*b|v73Qy>!;~`5#1D-P{tl=eHJh5u#oPk`cLp}(-WP|<*zoAsu66Fx7+ar z1J84&-Y(>@b;{1~XH<4JiRfeXj}0x`#sIakJ=`9X$@=JCKHlFALCpV302&7e4>6DY z5K0C!0`q=VGUq=nY8^7QhaPKPpnB|mx>~f1F?NRFuv}psb6C8qY^5+g z?>(PW2h@4R-Z2TVrF!^?)ll<+)8v`Ker?fL8ww=nj1}XiazSR!sEvh2Y1?*d2xCvV zX6zuC*;$?7Xoty8lM4_)&uy_d++RBUzAvjB5H_T}c?b#2O{HLlw8rwY>JgScM`L!A z_M}=QfVB{ud`iK+d-sV?Vd;+_Afo~tU!a|6rY9zKqN0} zH5AfJ(Z{G0nv*p1#zEA|v|x!EMcCabRa+}PDFkzjeK?M0EE^j=_QAjbE!Msyp>Rxk z0Ryjz8CsQ4COHHztyZlpIe;VoOTn2uIcET+G7YshmwM(G-2gPu)Ffl#j@?*CO?~!S zQ8@jU;6cBm2#hlYi(ZcCH7;TTIy%j>^wIZsM|t|w#Ur$^-Is6MzgUjLrVLd zxPAakiFB)3;u2ceP++=_?C}wz$QSNZCo@d`LNeK&I)GlTaH+@DukK`OSRkTWoUeZ< zAepPub4RUuC1*$=VaFex=gr11>;u%)zpp!k1${>@}645Of+f$SOu+`8A9`kE=XW4 zq+jUKQNN(BT`JHH#-98trfc;jp88-^@sZ=PMdoUq+5Us%#TUCDzYz>EGW3PDfaz?s zV{+xGDY(Ya6O!{Ym_)oEe~o;W?p*qONtt;ey+jz!{Am#Vclsl3{)HfVhQVdI5FYv74Ex=V0#Q;r8|n!#gSYkHQ|tx|Q^WYze$0t?L}j z8q%mlH^0;4X&TgEfs)DI6alK!SgE~l9WeVxmAv^(nxC1O1Mu~;*p3>`_C1cix57~) z$L6VeefNtq!Yq4Mjp`vzX!3?JZD19AHf^=zgUttEG<7a-zkZdTM!pQ1+qwg-^S<`& ziX{eL75+nwvPg*Y%36t`0@mebj-AKmNwK(52rv~R{dH$@2)WT{JOP)h(e8tfD_>QW z_+_ZSL_HP1e+r(Pt*HG9!n#U-U6zD}HDC9MW1h(^^MM~vZo$)vxALhjUGZ*Ctl`q_ zSdtjVFx!|C&Cj3EXlU-RRCRCCMUhbHGDB48_O=3Pw@m&z>E3g%DsO)!5je}VtLJ^f zT-=++N1FzG9(ntvBwJgipa#Xouiobs*?DF?w0BIPOQWdzdap&>Vw{j%wTfE4XzF{+ zy2@S#%27M}wIxQsv1vcKVb{j=Z1l-{1(J~i6F*_*hcjL?%F7yS-mbdUwZ`~NlQm)6 zPU}gfgF4df^`6~bM`

Qrxj39kzTuUVnoyjKw{Fb<6J5#JsIuufCf=r5v@VlJlIC z|7=%v$xz);^vJrf4w#t7Wl(NvKvk0cu=24D#nf!HT&5rhYj;&pRx~2zt)#|nFP906 zuOj1FI^wbYM>)?n?f2@=);H|RL$bUN!lFb+>TbI})AVBl@8ohi4SA3J7Qe7nQObLE=FWJ9L;?Q0yp9J*t|o13}XjpcQv zXPEU3h*omQRxug1hiARhnuwN^Lx_!TMMH|$#xYf+JnkI)Bz$)!?86Q6eyTz&x@~u( zn>xpxclAYkYtF33OM40mnCp=?913@5t)&Kg=sWr%*Gh+?Al z?fV2eL=UlPP~jGgbZUOj(Ri#;P%}?v4y}J|(j+{TqU|*&M2noBo*O?H;AlKGqsfW2 zffeN>@q^#2p7850d?e@^3k<>6zuzx(^i`37p6StOjs94{mkke}v*YRQp|2KFhQ%Ws zP_tSOm4SwXu;_L<&9$4^iFP(lT8)R@Pc3HZO8Hsgb|nXn@PynfSj=uB@0w!T(=y9B zxu;n-`Tf;qdzi951jOdNWLf>ZgAc5$nJXg7I=>Ye?1(=cLlw&#;rX?@3o9XP^8MW7 z{+st)Q8Gs+J9Rspai>S)7ir~>q5uPX|IEn^oz9cP{n)0>Z*paCqhZdt+-l`;(1jlOBgY=bsKu0DJXWkrWnVCY)!aWOx|6~yW8=o`E)Gk1fz}n>RMCD zcoGSzMss?h46(r?E`lhXw?LmxiYl7%TdVtCMtt9rs;LnL$L`v!xIkGw+xiUO^+cR~ zoGaGo^#N%O>t{94TwL)jtB$9IuR?k%CRW1nUy?T`nq}I)+s(QnD8kA&|EW!$-D*FX z`rgXNZw96eo_%2i@=p-s1?H;J(GHn{34$k^0ST04(Ur4cCA(mT#|)1ksZr^@<>k&b zMKOj4hnQ>rI*nE(f}F2R4GvbiU1Ee|TX7J&W1_6rqDO0~B5&sTz?})4t0YDlryfm* z+kwudv~MK{MDTr>>350WcYL(|j;)Dq%V)Hcpfm>_8e*F+C=k0o28g!a8O2AXpNHnnZcG|(lbdp&9OaF2ZKq}mw3?9 z4c2crKHwoHcc?>f-wMk7njSim0Quy{g)|^XF);VHzxi?d_A+%FmTo8abj$gaM1qWQ z`+BD7`~s;?lYb|d<_BTYZbMU-o{T;Y=@3Ce9mQw6?n>I&2>$&$RM=x+SC$_0>GZbz z?i#m|Nb2w_I2-%k@4g9Iv&+uU+iIydSlq)&~v-coenbDi$h~*XdIs|negrxMeG86YF&Y6p*`0gfHt=D zm#!@%oBU1MpQd5D(wQfLX{FZdldIXk4$PY(oA%vk5|Q87!=c$IktXDw?-1$OO?M>|&-eQpKyH|C5R z86A(YDDfpq^s`hlo?VZKfA}Aa8+~-lHx{6YDRh$< z6WR+Eq4wFos1@xN;7Mu+$KG_6j_{b`@3;U~v>#e2m_-4j$%f5QzpyT2D3U`nw!Zhn z;^@o8cK*SWNq*lB2|(?1-?m%aM=2$iOV?H&E%exZ-aZ5^4Ps|X;zrpoF7i&b)91Pq zBQM4)3LIT(rM#NL2wtduA+q{3pf=N!B?ykbw%0azcF$^Af4zY!Zw6y>e$Qr_N>d@b zCU$X#R9wQj~L(~o4u&W$|8u6i9OU{vIylun-|DmNk>AY$2ufw4}eCljqw;JSGv zCE!B!u<^x=HSH{+=sC&qw?`Va?++)psGlWK{03||UZRd4OELh>9Rf5LSz*nhTvkWV z{=R3qIn_FuK!VXT)6RXr{oO4(IU?wNlKV{(#Y@qn^d8R{L)V!IHqvnmh)i&^!>K}SU43Pr>1PZt-33>%1-0u& zU)S^(T*O}u?Ho&HUMV1KuT0E{=WBz(50s*|OdDRrmY$QsL`awe=$Uj8?L_S#ZZG#;lJI}>cI=dz5T zcQ*)P73|?A5+N?aDM-x((8S4P+Sa*(x|cnE(P~k)gPff2D_iWD#_hV}&mg;IxN_+j zeDk40EIi6jqxvY^$z~WEsQt{#H&(bE-|aD(r1kV;m$*Z-5zCUZ78Bj)*YkTKbO~2u0~u;91(yV0rB}AZjoKfdC|gWniw||* zBpft3^2{$ih|o%5trzS{%uiVLB6`8`&}E<>4XfnkCxhFDD7wC`kajjM&nU4vFrPC0 zHeD#R_8flPVl`A|s%b7f>lbT(v*%UNN+wILJyy^TTXb}tW~Nx(?&6lu{#xKtir+P- zC-MW@nS91AA%Grq8~9<jxvl+8tA*n-hzE6o7#?d6rjQv`pF{2%z0yl)ia!8~ zm{S+9w3+pDs!*xk1D4e1E%5UnstgcUHCrop7U(wPE7VAN%wEl8xM9$y;H(xRsO!#E z~9Z$A-8AkV0@tXSq_X(H0%E4xf#m)--A^oY)E&qelASJz2@Z zdvD01!si|&XV=BH0x`k%vi7={IU4(&IAw{>%g9vC$&* z{=lZUy7w7^$z8bAw7jY=vPHhD-m*@%LAIE3xjirIxdIA*(VgO1S5o)1S*zZd?<8~E zjwfO7L3l;(ZF4CTBm2f$strYM8K|z)UJ0Iarg33y09v*@z6Z0r1~mhMIi@%_xEAH< zl+J1^Ew{81%73ydtd?L}tB{sYpNI*XFu_NBkuO(Ku!AljQ5&N^WkO}A4qj~226~H5 zLQUIzrx6`^71Gt-!x|Rw9y?_SE|Z6@rF?aZf1;NH}8%nTf(xn zl1cL+|2Dk7-pSfkd4i`v!!Ki*3{{F;rlITKLEH@RIYet)*76Ru!X9LO zeL?btNNs>;XD1=cUc~O(!)!-YFw=+UNMfh^BxBVMAV6Ez>p+v9*-fR~7>j(B+OXmD*&!u0{YA5G=!z~>zzFdV-&E_kXBy4@)do5%R*o1*eQD|N$)Xs!yrxSyfQn0LEfnA-rnaX+OBN7ff z21+sWPgTcV$Ntp;3@i|1l)?xBaUJ97lat=pQzJjKh0oYYb z+FSENL53hf8`jo9mu=gvblG$iM((0kb5FTEAmqc&e%A%u<6Q${?;7-IzMNHaS^?t( zz4E7es6sq)PHiku4X+648Si|M_H`m$@p|Jcy^}9z22uVQC?(B8?ChuilS)cUumpNO~Kr`@VoGAin^z(T#BOtP|=hTP5;9;W(R|)ZRTNxa`=8uo(x(aKmUtpy(VyBw z(xwCJ&H*N;`_TzbM?7~X4x(zJ-&JH={&v-2a!1kXR<)}iCdL> z^Ml|*JN@M#D3Q=QZ+%bPA=jG)0Lza8Fnz@HjwR0@(dXYwMir^aANj2Fsz1zJY;znf zu|VSwNhm0zwLg>2vt(#C7H#afQ(mn#x;e_L=fmm9clOp%)`Wt6!%X z3L~o)AM_V@@CnXD`A-3ce&A@P3u(-llF*u`Z|klF?NHa)7Zz;`mG(1_iIcJ>%1O*Z?yU?WMr{o@)8hX>MCHP#kjV83Xl z9BARLR!jBP!O7Ovwp{+P4Pw(;By7x8Yy zzdC>WO&S`{s9Z=~EOcy*jGMOPStV8CHxmZ$xMO?1R1TTmU>_kkgcb zo_uqc44Ybk#d-kw%4|;@8>CQA;8_7HD7(R+k}~}v4yVS9=WB)ayZyXgIlyR_M78R4 z^8CnKRA|UdICtgon}QWC`@mijSZR;&idmcUZw_PTvNj?u@6uuHQZPX1d4DGS9G%-H zHze#kJdjb&lu%Fwn9ZrKw0d{lCG$4yKrTALE>_=i;RW%fL6DV7S9bTgcAf~j#;IZ* zmorIDS8gjYr!b=M@1FXD?%9P16l}=_va6tpZTk4xIfU6Huk^J?aw`sl2tH`hPRC3lWh7L= z9MdgF0H2utjSbstthSJu^ngpiOxc?;^si_)@A|QVY4v0axUPaVrk$UQdVlieUmQiE z6^DZ0*t|$ez8C3d6DGZJkgz9GmE)&Q8MHA=k)?V z(-6L*u|T;SK|(Hf_|r0<)Ru>rc5N-r>`R4751Vnsyj(OB*fHAUvpas6t+u0MPDxhh z4-ym&Qq5PypWHc@>h3uHC<|#+Gw=jcKHZ4KD<(LH&v_WvbH`t~G381TS&;e-*j`NKH=c=S-*PN@IDrkfj~5{bNXPc{&3T*p`#B zATBPG5I;tri?yuFtzmTW%RJHpvyG2S*9$3zFV)b1rRZ*&+V}Hr3l{fmc zS{LZTi!O#7ZtUgP5a6O2I0h!ba%OXtc33Z``kZ$V79K70W*#7?VL zI+(0M8rqRWL}9ZOXSsVFX+^B!z(LREn%T6v!#&)0^0p$)r!d^nW7yr&1lEsnYoZMN zFGmZ|ViV@r$l*OJ>c?Nw4We$Y>4A-QThbgb6U`H1?U9Nd4X!=F4C1=uW5JgPZ}ME& z1ZRwIK4$-|@@Yx-XPJT`Kv|su)ZaaRKiy!9Zqd@Xyxv5)pvO2;RL*H0u}waX@1_O1 zVT7)NCn^kO)d571D`Vp{UZ-(Mdimc25Iq4gh4!1SgnN}!3Rn9;e3=(Emlc(_8>{BW5T%mgbzh4iv6bPc7TPBK5`P9_lQ0+ z1Yr2lu~jDM=M}Ejv_&8gp);>7(Gvl9GI<; zgo+?GTEI}c`R+BYe4#a1ULgzop7_j|CwPH_;lW7&kCHI`uvxmoYb)Iox<;aYsLz@+ zzk$Maor{=t$FTJ;ob2ZE?glMK73AZcYqG0PuIhPfigdi}e_ZqRkW}6D;vCc6RcQX6 z-x?){5E93UZ#5I@Lplh%spiyy))fV6XO>d85)vH`&jV@FcX@a>R)O>sPXFY)$nqi_Dwi!6f(xO7 ztChwr8Vjl)IK~YzsA2czWyy6s$a<5yV=abl^^#|@6i(d-If;x{GL9Evj9!kBzC^90 zR$4>^HwT$kgCxv1&7s@stgu014f2{SF%k}r`Fn{_s8`YGhd@4>EOSt_Ir!|e)>VBW`x0)`^fM1^@Q>U-fk2DcBaZ3%9+O8GV9s< ziL0y8GL_3b3u4dT3t|Nk6k|N^T3OdInBET$CwtBpc!*(y;$sM>6PtO!qL~P%uT!QvaqUSJj|o)TkoGtSd{ zx9P@hClqHrJpx78)epGtxP?)3#g%SYJ=!)6Dp}PN!xpdm@hxF`534Z)&GfI%d(KCA zvU!IytM-YVyPQ19L;TQBejH9fr(sXqde+@$0csq~Z3!A(`b5}S=8RoLs^xzz*NHs& z2|(~)0uZ9y{-CH*V7Z=;F5S^MtkrO`k|0dqtyFzzr}gr_(UGiO@*vsN>mv&ne4A^* zG2<~yj2tWE#Ey#4Cu%6Dhl@b2D~@&{3ui`u6KBaul<-QVQzMbf{pSg|QowSF*Ze0n z4LszKYPK4oCs#I013;oim^;A_t-67P!nw^tYu7-hLcrzddQchKEHs9NU3B#Y=0}I5 z%aR{O_;m|>Z*K8*AX$k9l9o(4Lch^FJk?gSLLCAp$|8o$Ec-7P&AW1VHrkU+M&$T9 ze2Z!f)1Dhvrk|X2b5%Q^7?en9AJI>|))k`Z-hc4LYxF^INc6P|K{2r;ZX5sCZXa9w z+k7uvtCp*CH^hWxo2)B+-i>je+|hmIZa-Ys+WGDP1teLKwffd1$~Tm0r%WB0wdnWap;HxxIMrV~$5PII4yVAo9XD zs32EtTB5q6Nmhu(ge9c+>O;dd<#R$R+H522*&#laC7v__mcc@)GZvGyqswGvY#@9D z@`!j-i1B!{srXGSXKX;+gORiYIFRIhH9F{7RISw$rRWQ#@AH(u+<-cqM-k!m%g z;-*{6dNLoo-+~WQy+E^w^Fa5F&*L1^i_N!V!*heOFu5$QJsaiZWIX-c8vTCSORCPg ziHe}@v6f0BV2nu;UUg4Y$}ij)UQ6)tZ-fpnfq0r9p1NIRKOcLJi4{Xxz{X<85@L2^ zo{;jD5pL}LSLi89J9A5Z#LI;Xbxnf|L9UAWJ==^VK~|2&MLbg0uW;j65;{))ZR-O& za+pE|%I96^C1H)($#dU^i_-PR zYIzgoI(MSnpxFXWx!Nz}gtIAXFJ_>+<&lG&oN)m8@_&TY{g!tL{3|W`!mZgCF8{^NUvKe&9aJfL{n*130&-hSwUPx-p&Vb}s-0s&?AIJlFBo;*g+JECF;ol1`kr`e?jtE_>r`JsY)*V`>WfO~ZaY zj1zy=SR!&^HK$~e>G%X>PRm^qSpov|`fKlO%aQotJ-Lp7At6&<9O6Hi0*>O97{rBY z3_^$9_3|EW5`lb-K+jw?@tD_RULop>P!{P!-*fGzEzl4W{%1QCvt{^!pb_o%UPhmO zbp!Ig!5aGsW^>Z;FLF%oZ!8zh4d;bYzOdZ8B4dRf8N<(b@z3&!yyN>Y7j(~ESzL)V z`PrQWGQ_RJNkBNe{P#v+4BI=I-SdGoV4PeMr9TKcG6DA<-;cu0lQZnF`#RkHA~6WS zHSzFG;~`?++)O|(DhaXh&PCO^{IlcrWfl8=VA!ZpElu1_7z|wgj*LLR9E)L@flH8IehJBncVkbvT zwyr}8bm&NFPpU0tRD0=B)irp4<49Q|{O4yj(K5cmM|8@%fW{?&LCg0cgl0kTL*}0> zg%cQwfND>t(cAG*8wc+JB=ArP%w^wyv`8@wW;%OiJ}JM7TCy5TT)!_ZU?SNh2O)n@ z`P!kUIr!Vki+^q)fXA|8G+v;b+eGnU((^(uk$}f!$XJwO?Hw)ymAB_zWcs5^pQU%c z`{Pifj^%x^%#t2Ux#6hG*Fn*{ua?NRw>HoL_P5waIoSF;(#It@;~}yeCBM-9v$Vug zF5524Dj>oJO9f-;aZ3OR%iE?qVSn%k#K4H4bn|HdTKN><$6LPr={>mu05`YvSe1{k zJ)#Bt&{`wi?GA5;)+?O{V@<(6L9alR{&{<+KVG~^YjQxkGBQ5f+E}zs8OfMO7 z?+LpF9>U=kSn{hqQZiur4=@p^j@`PFG9(!C`V=YGi>P0JSf~?)jrzZwkth)<&|CG?7V-#ch@ZsQ==Ni< zT59sSkU2-gMyBUmOqb*PxZD>olMDD*s79*1N%;-+$y?|nY(6WAUUYMNNYOZ_%}nMr zAm!gq#{-jeWI*7f@~xzu>W@Ik7~iyuTfc--k=*-6Z8_3C7CRdp9(ird)=EuZU~Wn;E< zE)HL#ufKVZ@BZ?mN=5A&ZHDBO0FFqbGr`V5DH;Y4$kKX9S7Ny>UbbnA<#m5(1%Yr4P)2<-+Gtc`>=JYh00 z8{t_VLA*Ab<$gLaqZPQhf#ACAY!h`LwvA$;0KER8sqlQ=Q9e(aYV8XY0_r0Z_Fms~ zuAvdavH`M_%hp9-KU&D$cJ#O3T}q8w8c{{9Z6xscr1u)4szCW>$!Z@$Og}m5zPpJj z$f{c{&M5CSFzX~8tHgiwoPT-Av&LH4<;H_Z08xqO(F)en6En9M=$u52yeBVJ*>^HP zTB|GR@Z{#lLOqNUcJDl%>{|ImYJ#&M~gh1x{psNgnrs zCGLn7Ph};}Z7t3{XC8C=lPqbs0HO|!yoDOuCrsRfR7FxjL&T@H16K&5LfD0r$hG@@ zqfC3y(_HC?j>c5oBt>y%Z_+U&f6PBAI>Kcfz=dr<@)VTSu8HqJRA==FwRHe z(-VCqcHCd`K7KH+W|^L!`wq%^^6kdZQ*-lq&m+v#G_mv2-5Dl*_i!|8mO1oGwxE13 z%t{S$B`GuT5f*cl8iI}b-EldKY=1$eVCLCT>>O4BYM|?hQ?HP@Ao(Zy$hiI#H`An< zXp^nf!Lign-sFn`3V!c285d9X>lTfK(e_D{8d#IvdbFT53$8){ngY%iYd1hs<&+iPthRaZFZ9 z9~#6VmN2T0gWy!$8AJUw8aLK`TW4w@Tuz$ZEOtRV&hFMAr@KKeSXU zyzkKt5HkxVH7bm20oywoVfp#iPf7RXjITv4kb5|x+mHU} zGB-4vl_8vuD_I0_N}qUT`GZJIZF8Rm79D4tj#Td?0vp-K-N!X~`P1g_{AKg^Vtr-0 z8Ce=W#gfdLh%cF*ox!Hau1M z#_t?5h1}}2E~e{U27(4fwotLhu8$Z=*wU0f{nb6Bu=&b+-jG`hxCj9ivP0rBc`okU zBSj&DF_ubu98qRX`_c7fBtHq)CodN_GSj6!?yXSzNO)3+`1JNOW{A0-1?O@oV)gdso(J1VfkVAo!_FiAZ3uUnmK{=F8!4F~wqpgF2DM*(#XQ%X^M*R_O4 z+RFhKfUg{W@_Y?P0~MGD5Vr)VhyHgn#=*x64dIS@v&NT`EI!RIu6R(-u7uaf;>d02 zQ3!%RY@RJ7WVuznpT4Uei-CaV54WV12$Hr25a#bWgF$+;LMoLS*Q)E(Zh6^UoSzhK z9-9;bg~>UYKD}0j>U&lQV7(L2zqF zi@wd>)m={hO`y1zjs|(GN3Gg0@9J4J{ej%>>Zx6}bLwXeaQ$J*X-+G1VLW6{7rZvQ z#br0R?i9FKhv{CSL3|}xKE7B@*Qoip_}RvF$8T#)Js0N(5!Rmj>Tz6F+9SmuxIPF> z7+)h3BG{Ns6AWNi*+V=gH9yES>=fMgeh^XM{o;J$z`Q2)20}O|v?IIZMb+ASmgR3K zO=(

~mlyQTq>WFSx;&sljW>z3$~SopdWF9bH3rIcjz18IJGXo745__dI$Bb3#Qv z0wepeq;my1i(|4{{hDQU+8gn%LS(MjdX31jTSTwA=^_um=_7y8$Wb?G;U~F~>VBa` zwWISu=$==Iqhx{+Hs~yikT7?@-O5j4gi}7!xn&1zI$T=V72E+Wjf{30v}v zP3I7Ufhao+qBFFi!X_{eY?*6V zVQkx2>`Aew$C8c)9a}K1d0YsqL+wS+&!wE|JB~c&K!J*c2T!^?S-yG>Ool$qI{5lz zhkLMMk`2--TN)l8bP_z&?j$?~1Wzb{(CfjJgZ}9DD`gujv7OvBgWnW7Xi2ECP0q{F zWM*0}td>{09@r%^$f%eEe7%E&NV9!CwNkHDM846Hv-{?C@z!!$!A-ZE$uQ?BP4egU zx3=l9fTI01gz*2v-g`zxwRCHvf+$g~r>af8BA%xa0ic54~!wnl)>Nr=B@$)?uep+}}0Y zsIbLgRHRyP)^%rer+LeY5d_XL4Y;7sE4(~00{3j@ze*kWv;`c_8U_JPrI@T%>~#dU z^qc%p)z#>4u{xSdI>HwRoyWZEhb-BM-!$KMxY)tbPR&K(P`oU-@t*#DUTyI`+tNkf zE0y>`6ph%BU}+!z-u|W|?Z~cJG>4-Wk1%pNcWt1oHF?<>KG3_R+eR2(UArz+W*#?V zex1Xq=WY6WUSrAov`SpRkIK%QK0=L#Xe)cMXmHojKzPtINAzAX%Xw2LPaO-arZ|7r z&r!`Y)B$tVytakp1R7Mwj5WlSHIaMQRb#&;C!2~FUdH`esMU>fbG$SzfmK7L*73S9 zJP?506_TW<8TH&eb<>lbjSJy32PkSmM@6elCts zn8@(Nn9(2t((`!eqhS}qf*N*SQQc6QSBVJA)*3)kvvkf>fE-WxDf2Vx3??=Z4OR58t4qOscNH+E zPe=XX8714dK3=*c>}1K^hj+N{xs8Zz555;i$)xP$%j%(e!PZa4Yt@bT=GNTqgspUr zKQ>&?1tDOmpFf1pR$xkKP_S!}v3-KKe8|!&sJ+e&+TJd#K8z$AXfV4tD0Rpr)o<$X zIk69l$vS&W8v~1q86S}m*-l<7pot@QqHhZ=<@mD1)bcv8P^4$Rxra@%f&aJ{;w^^t zdPl}@xH)=D=AO(-bB80B&6w$J1|bcUsEw z7N~sBZ*S4sxk|T3@*Fawp%89`j6iV;`haNFNQO7=cOsu{O43Bgfz8arq=lp9;(X?&ppWc3wr(fkb4EDVHlm~uCY{Q zt&CQUTJ7~_Q2nR)bdfDwpGlzh(73{?&2wum!Ti@K{N;;<7P8D}c2B}Pl5Ar=Cq=Jn zqZOS$`fyTnKf9Z2OiVvMWizeL#iVQ;I?u7zuU9xV?;E=i^n=Lb(;@LpzVgnlJJ-sU zI!?_-0H3{`d-&Bfc3ivWsL?#vxRsN#n*8J9099Ha)Kd{a_jsS_nrG^t6SL+=?lMpo zD2bK%c`VkTu%1NH?954BKIAWmkG?wGYaXpu^evO=R^SWwaIQ%^CS?H32?caNyG1P` zUT+w~NlC!kRbPZe)JBU+8q3{o-ZDiY``19#;Pu6}@2K>lKxQqk+I(BDZ}9<8Fj2%8 zy2VOABH7U4IwgCD*gk!iq6Ubu>vh>JnV8b%-hmH=W0(vh7cU;`R=8D5Ocq_JO73ls zX+(=0y`t&8#0Gt)DJ@%2LcbCOJvpj59&vVv@sKc+(++R?od7q=*{!XYY`?WgRx41D z6IE1hi;Z&ZSV-PL-HVP=58ZJcrQg4D(c4+$2C+oPpax%3JAI6%Zf!d=!}nCk*-sJ@ zeDQqI9*M$h5g&2aRDC$$cIQFJQaT00j%fCWhB*LxjCKAaWwrregq7r)AOyA<;pilP z1?SrBiFhA*v~)#|NxHXB$Jz8(-D7NC2~x$jw@sIiByC5Hl-qF+DF^G6wKI$!zF0x` z8xb`lDRtelc+aMIwe{j9lI~DQa33-lVzQqYfUqMhsLdq^Xmy)ka~y*%zZ_5Q z;r;qkOyTo_>X@Qoq!&lj-UcYg(!UQVU5#~aq$%xXo5HvoJ0)>aGdM%TH9mi?MK&F2G38+eg)RhCtPe42Vy`2JOJ z;!dDrsE84rra=O3*HKkMO->)>mP7YP%NKN`ujGW3t3d)rv6-%&Gy#dap#Y2a)81U= zY6yq5HZcZeC&dZzw%b*T-;p#nHs<%GUOk?6Q9~BT$-OLK2%aZ72R2q&p(oOO?O^}P01qhKa#s9R`2_tB3n_i*#b`R_|}ZdnUXj@a`p)P<1eEaH@8pw?Y9*_z>tCU{Ud z=JGZHbp` z?{pAic73Alj}g=PkaBAoo6ggXq20%;;1L^rR|O*V86CW@2|QzDf$~Ag>*DJLX%~FG zj7S*pA4d6nMS*wbk%mNlu@eU5S8b2s>s(>xmlw_KjtZfg!koNMjQ)>OUzfqVy8ngLxm@Y ziHFP;c2>t-#}$Do40sBfYmV2d_R6Td^h=}-dOEHeRHJN{_|?iO2-nA`8x&P2tbr0T zcQ*xX5Q0%--@J{RA9nsshwSY~lhzOxX%QTT{v4IBhqk@CgQc@7g9zCs#4ql|q|T|p z{nzFP-y5$0$z&3AHA^#@^))DRrJK~u;uB~I(vT6yMv7*2SB1V>egWUE+lvwFlGip0 z(v=MuU}us`BeT&IS5%7BG@k^)bZhUG?^#W)P|&Q^E}~xJPdqekd>4S9&Tu(etT|HQ z7fnd^i{h)|i#7>rYaLqys_4!`=4rYRv-GL`DrKm{p1mX;e0|}0N8g(@30zPb?t`RO z6=ww?3&d*1&9ttqd1&C`c@?ne(T%ghdjTe*mKbF?!~yEP85NO>w-Ublyn|GZmeTe`;Mze*|EEugd)2XPC!}$1y{LNhFcfEUpC& zz8~`TdXMaBw-+kmq|(?3-TumXm(<|6r*+qK9wwP>NB7#t$(p2}jNV zb>E_~akFJy@+nb6b2d}|CK8Drk?2e$$%=BB9n06o-#s5>n=dzw@g%09Vg4fS(x_6g zx+K1FZnc|Xo+k{wa)#f@{ix@)M#BLCFgz*OFKxTjFP`smM58<@3>PmfZ)ZSV#ROr_ z5BJ2FDi-&~JHwtn1{H*FDH&;go4j|dF!T*WtI2I(R`!zuil zR(fG~zg}khUX27aiDq5KVYHT}k8faNp&~Y>7BA?X)8@7%bjnydyV#_08r^W^!}yOE zA$ozsu82{fDqby$-eR;+zrmqq9wC)tw_y7vo?Nm5GiRN`RMD3GLywYP26PCYnT{{% zVlVmu9INz>=G_;^&e)9vbGft^vV?gg+qVf1vD3+J>IXO*buG%y%sqH6dc;JfbxWTI*dC89Fp9UD$IT-*qm3ur z{qkeX44E_g$;Y%gltv_*u3~?z5w2sld%^i5YVHb3J?hXCd?i!#p{4mWABGnxQS zbfcb!pX|k4`n2yagipBGx?4ebj|dSS3fbra{Ua#y4+a1BMo3;XOeDtDOw=Gc9-}bu z7Dk7NT+oa^0DuM#JdUlpIWa61``5uwu;c3cQB6(&LDl_rni5K+LUy2vIrXf9c_WAl z&-jOD;L+*^`4r^T-nZZ`38sQiz!fv1!&JMi!>TC%9Ovp|{l^1*WbB$WlX?DjHBawD z3~XD$XD=`OX1RtBi1gI8ps=L(>zWrzkG#uV+5=7VMs&51x$&$M?Jk*yt!lG$73J^j z8}TX-aRg+dG*x20=Tf`bWZSlf16}Q0UT3=tLiVAU$W z2UOUe$L7IR3yDFW9(vN&oXL-7 z!rUwUm9*00tK=OdjWtQ5n5Zq9l-lD=5mF&pe|1MZoO<-;FhQv~IL1qJm#HnAnfWLf zV96(xM;SzHdIX;IA}ee~*bT%ZV=S>;;i1k2w7Lc&Uz>u6L`$_GWsAcrb60iM-G=cY zXPHGhoQX}3L43r_wpm}~4ubAMq@s~{D;xpM;;M9TW-jSjGp4&=b-8^;6(6lnx%3*r z`b_#CZNdV=lBwtc?x%@@Tf|b9K7GN#imRRByPwFCQ5aP%6{mMctnUTP;4x*M!n^sa zl_np8axSf9YRl6*jjI**5fYe!hB$o*&Ek@GU>tQq0o|ej9710urYyj&B9v+(IVZi) zx5aVzeUMtAZ;MqwU3h9wx&=?r{)sQmNtpV%D+#{77(zmUYdVVWv_2<7WLZ2(|CKX^ zfbJ!{l;7*Je4EQ|HqU|+uit9UJSu1YP-KX>X~BIry2!uNTrMg{=ssYay*cmRL|wci zaM|aJf)!h_mr9TJ=k-5S6Z@_dP(x6~F?Q#4gMk{D40a<*=CHlC(50)$n>8|`$gRp2M!0DKw@SS6<&DQk4Xj{Ra zves)^e$=J#!Xo4=6Ya%#XXfjaTdi}H`c5r6ZtcRDwUk1X5+0?%`o4xL|CYjPC8|qP zFN^nY9xb+6!u#ff&{Oi*yMtaGbHO!2V+u?Ib>ILrI$-mcQ^ z0pg!SO&D_btM1r$;gUv9d=!r3a24BliHdmIWLX3W%` ztb$HBkI7bQ+F#8^o<_8;d*ampyCRv4?kM@rRO$^z4FeXrh5&lo2s4yzy<~G zTlRP;R}Vil5nezLQXrH|QhrCuN~LX_dcUnNlrfitsky%5YxNmc$g_4mE!7~qidG?G zP4kOR&L2mAvhNL6dN?R)_=0$OZkty5d&%IB;qEWHuCeGbwi1)pKWr%t{X%2w4^e5K z)tXGCj&y}w6bz2%sPGKdVA8U>V}~KROg;5ryP0!RBAqB1Adgnwlw$*?qa=Dad!lg~Gu9E?se8qLfkTgbTj`WTv++*^tB5>p9E$5kWFH&8z_U!W?GV z39Hs#4Brf4g4yqwYG(4k-_*^yC}?C+;5+O9z6dA-g!m5iGDGUULtuwHL^KI68ENiA zPUFMC(TL%cU)r3l#Rbq$_9GZQ4XfL$M- z)7)mLC^ruTIE_L3Gzu>hQIumqojs zE1WE_yG-r$!vkuytwLpgXdINgLm2k6=S_J_{YUqw;Hw#^7v8H`!XNjcQN9LwcCg3n zvrJ4oBRtb^%7Aeh>hw>@NoAldh32ZxA#CWHkop$_^Z?(7dX=!EUn~wK>)Nn)!aXcn zrh3b=tj0y+5F`;L#~uAdS~g5g3_ugDsW zhLCbdcqU7gjkZshgFgoCgRD;mMEe9c29A^*x|{6eMQrTQlr&@|ipk9!vRxwaI}odm zBt__m7M@GpD}{BoJ$!9Bz)z6=@>MX{whSHE_{H@O+i9!`w-#js(`#+2{6KF>-iBZ6E_=ZrRW#|+r;zy9{&C(iO*spsL` z!t~s(Fj3RdClJKXbmhxMI~4|5D5HtsvRGV;P zEyv#n`@C`6d$I%4{)+P_;`zib7j(P#7J3K5tGZ0x+i`M7ZZE}8;MljHivw#HsBmw8 zI28Y8ncCD~Sb4;EgFt*)5JnsXlvuxPwB&LBbV8L!yW)m!A(~x)fimpfgQ`JAMuQB2 z0wOcSMT3ek=>;-HowCL9VbQ!h+aH}?2o$_mb*-Du40kgVP!OELJdRf6 z4JE6f4N`a)vD8#sPhED|2j~<@C+92$08T z!JS%f;aQ1WhRamLqkWk^#0+iT3QZ?BXW(>v#C!cuTL<(QNDc`Yd38*5h!3s9iO>#l z;WANN<{6z?3S-+Dd!W7+v26SEr=z;}OhbKb$&3^gLWEK-Cc@SaXy$o;fqeB zJtZU>f0(P0RPd!10Png81`PGkgt2|n<8Yn$2E)6@h8%Dph60AG05DuLWJ*Sug@uB; zt2k-Sw#|ayv%RQeRH_f|csRU8@I=36TBgOJ;b(5j+Y*q?R>OfOCqH|}%Z!|S-AndK zgNugCJkz}}dfO$!Fqz29Mn=Vtf1z>To4rKzn-(AWJ6k^k^6;Buw3^w6r+)I~Eb2l0 zbefEHEK(Cx#uqoZJaRXRwL-`IvBQ4)*i5FNj|5b4W+_Dz^mRU**e(TfiSfzBeCWOQ znj!xRd{r5_RXk(5!II(Ig0i-B^ZY2BzRlBW_S__I7pY8J4I*T_`{e!PPhU;xE}h0? zO(Wz?s}E)lNS$(^wkDGzsT0yJB=9OVui>)W{qli9_Ph%-V@57bX92ZS3qzZ8TT^$@ zn&ld@2PfKP_A{V~@Xny#l+y4tXKF}xC&WkfbVf;88> zQ~@ZCINv6RthbwB@mRe>UXeHz{d3#pn)~5;hw<(U^<$l0R3&QWCp5Ja4ssTTPV{nO zXTh2`rjD_BhFd~KW8ZDD+lwwgD?`~CdBFj2)0m19&=jqGhD0y5Q^~R;SOfp%Q@Kk1 z$WOk~@8{LYwGu;itL1y@7acF5#=O5>McfDjnqa#WK|msp8zaJZad)JNtQ9Q=(IzPoj-@ zr|(Qb&*+jFePlBVxlD&mwwbk_)v$E>AACGXQUV&OBKoN=ix-tQC0z^0iB@ z-sBrx*kxCynHnRJ*fAWH7Mfj&K?imy7lW0GDY!8WUbXU}s83URLhrpG25uo!y=*^x zh26d@s&1#|8!42Iw>;+p3OtU=ws+)2L=dL&4=|^w?^-)M+0)`7rw3K_Nox-J@ zFm9)=$^F>G^TA|v96KZ(t4o@jPC*mW{k*sr&$Y&q-j%Q9TkbRs%bqc^FTrUv34bqjEs;5YvY&frpK+FIL-nnm7o z4Pj#4cz`DD3$>zT%TD{m_M1jK1!gJT#EN{nPy=@CBV)FXBd;Y~MvWemvj&kvtF_mr|D>azKi%}W3;Ve85vUis zXKa^ilwx=ZpI14{7>g{RAyE8nbA^cbcI120iBWrK>^y@NV;9S$_`Zaiw)<3pLy1Ca z&7fiW&jDUNSwyyLlCh;#c3V~+p$rs&s=EPo>%1JS3}!lM&<$b6EQZkP^1(>RJ3nRs zXwC2Ls~Qfy@@B`F3QS*^3#G?>VwbpdrfNr?PhN&|f(H7gLI4av8 zUN+`b%vYyWhuqtsPqFAHM4EgxLwBjpS4TW9mbqo;CQr93_j9M03+pFPXGzLlW~dc* zOL7T}Hh2Lb%>w|n@_Es@>)b)<`4k$d_i_t}~VjQIN zRK)0fY>JhbWV@sX@e(S@5#VW03fVmmz=`h7Akl>h_T>0{Kh;{BU9)Pml1`6=npCIb z=;c!X@}HD;-e}5QCzjGx__zn`GPp&0PyWZufhA~D_^;S&4wk%prlC>(iD#!hoc6SMbS<*|GvzSas^ z%x`F5Q^J$?v2)n^!;7_#LJonMaFuX(Q|GLp)|JjjE*q*`oE5G?j#@M5a#wwQfJfH_FEtrwfDKU<2m;{EPpePBU}UWbwfmmv-!S&a5c7SYCx z96b(WoAb||J29`@@u6`?Yj5605C)$7c1Pl?#ilM{AKR3SvX_m?`q2Nh^FCC3s&!%X zL+xwv{hz)`3+7i34hb@EpPmNMV;b6AjAPf33ronMQ5H|ikEFobRWJ?MG!Z2gK#_e( zG}|4aPBT$|D+C9k?!m}4yuL(HaDn^Ows5Izd)Tod4rTgkLa5nx|au}!pXd5i9t zWI>!7YjZ?pl&ffzcx!0O8~;3?r%98=Z8Z#b%n)EFi(%hZgtUb`pRYSppE>Ff;5h2A zd#ZOF6+u>Ow?m%+I%FvZ+bZV-DXezZZ*gQ^az34RnSFQvg!%=^sNdU&Jy${3E)(h$ z0D9!8Y!AM5!Qa}7AbYBIAZDpq`#HmV(o&>sX`!prj@_lyN3-5RHS-m-o1)mADRx96 z6{VV#~m)Q5BTdn@=ejjS1F#0#pugY;25tH!?a4O#&|+q{(%V0;D=oR$eGa4tG*uv z@M^wvcUvX)_mO{#NG%}kqO1TNhD0Z{ywQ>El>-<+ulH?TWffO!@Zmyz#{FwimQ{wq zBJTm-!}(cq+HIKhV6p+GW<5}-VwrC5_1sA1xhV)H`@4Of#}9<#6M%#KI-kOKuE&m7 zO2-KXZe1hdS2Z{thu=XvB zSi0BB6o9|Bu)r*hg?A88vEf6Vlw9UDZ>I_7%SgWg5zUJ9K4{bfI_8_rnin(j-poM- z<(%r=BtPhFkmv(k9UNL%GH5yc@}PPf=0onZpVmF^(P& znG8jNeq&OT|KjiiUF$#50ipTyJ0}&O&o7YhC(NdgN2Yczj`vFOpBP$dvo77Sk3Pzb zBHGZzSW%qi>^$kM2*>uFJviGUk32PN6bKVMq#gCYv&6hc*sh7$Fc#8wQFC6vm-Crq zxIgJBXMB%S%(k)g$e< zFfv86kFA0QGK)>U11Xouid>4kbUWjXk7j1d2sI551BgaX3ydkB@(60Q#a>Uo@vA6l z4gf>Cv&%b#w`Qx92c0AeMh>eD!fP7|%dG1*IuO-#;6|~XBkAVLY*Ks`A^;FzqAM>9 zm{4G6xCPHDlzV$xPwv0Q$=;^m*Uii>IFI2KsceixM{L*B5jCa%b>5(kh1sPyIBdS! z**Cum=f#6A_tsSd+^esog3H+y?Q`for}=GN*kWO6S(;~+UN7q-CmcotCjy=+@<>> z_{pkw^KAcSem3<9k6%n6JaGc~CC-sLu0NBQ`B(9~!)Njjc+uAv2rhSxdo;9y?iH)w zyLLLc*q!Y@B)KEsQe*wvyJWHC`FZ8nsWSb{S#&1UlT+rRyDJpVhGJ%J^TuMo@*qqp z4jqh9i^pBbfK0Gm2**5{d;RJDvn9=@v{eR$6ID*WgKctyn)x5POdvxGeSBFZC(O2v zSqXu-Wb-E0PFQ&k>HT>cOyY3)AJu|(-kogPsKMv#mZL7*(9LhtJ z8rnphzHhYk7?ples>WxXDJFyqL-%V_E6eS^UTD(!dg+h@uvg67rI!#$7W$?r*g&;$Lc#}~eyN3lxr0BKIfP(Wr(A4^& z5{-2JJXAOP>7m2tgqG@Zw|TUlJNK;0_c66}JRTTU0zTGAOJKfyO?cgh&}Rd^*5f8M zF6NZ5U)etA>T*wA)mU@Cd<}gBQc>oq>VBAjKQ~7}%P-%!?-v`i{7Z56IOYw-?%4)I zW^UK(@-`ie`E!K?PZ5E{hMH%m=h87#0;?wLt0ZD`D~)}Tmtp~;oROH7GAWgWjA3&h zTR*kPWeiwjDn~LtD%HW60X-AB&%N^~o}IC)q1FlO1e-~3Pb23Ws5|E9>SfK)dvmUs zEm^$TyXlU1o|2IXs_)vd-*uUNczkAagnj6=^3yijle>y0w_z#i-X@3Ii>H_(#jd*x zxykQUks=Hyy%2Vrd=Vs%(bG8M$6R~I9gtd}gdhVu(-piJ;!eE-Rhi4S7|0*|NLz3j zuD;&a!~$dQkl0V-D=3tIQYXsFpvR$wG#M|D%itQh0Qhzz3@3AARhehPdpjZ>_U?fr z@^0%o?q^R%^Q6heAK}6wqQ->k+TmWmtKp2LPhZ`nM3JbBwtCXbmct^MS8PC9w9<_S zFjL~07dCqVqK0{aONUQw8-hsV;8f2(l)E=hDwJ&B8g3dyzwd?g zjLP;bt{y)H8p_kN0as0B=~&)u;yjfF+7lBZd2(0fp$G-NR!M@cuN3sPH>juS5GBeZ#{ zAs0a`0lMtU0&$=|-woF!ZM-V)D0GC!@|Ebp1T^h9&=qGTXTQ$hB@ut-+gMc(2#`=) zlP?zuWOsRTWog)5TM~ii%}zmO(mp@BkX|<+nSb}bm53S(S@SrgJQ5C?6MB%q`rX!Q zOQKPeq%w+p>;7+Zy{q-HyC=>3>7_O;wWaUPG*Ndd{Ypx{xUf}t^q}cjwi;_xITJ0L zohQqAaeZp{$5(8H~RqL6)ZE7vW3Dwr1kv%vmL zfeqnFquuY5G|+eJK=t0eyYD{ry$#r7rh?!E^%`Z%2WJg+CosL9<8#h@yr^S8u9P+- zqHERH?Rd@%O%(9ZIjL41Sa-pg)33byI`^5BmBL!X1lEM``H+> z2(@$T15fF@H}$1v;ZY3@M&(bp0!k9RB3^694{Hw2O74Nd_5!LCZn8qy0*o#fLe!9*!OV>A! zbNQyh;wZ5M;AB?E9_} z_R;?Ao8oLP5l-}kYXoA6`O!~F5BvJzk5y3fm*F}RNmMv^wp9wa8>@re;h>&{_3 zujOP*`==CG^tb%)Dz|0-5Hk4b=7J#ISq;6pn`}yHg=w?|^{!;%%AXq=iC`C_)Q4+;tbZ};vK&hWf zTbFtM6AFvhramK;ES|7+L3VwVrXIRGp3}DIgECGDxrg(|D7Ub-qHlG$TkeoR-ygCm zFN6_Q;$!xc9C)~p1!J>sk)N-258?t8j?2*gSjbr^W1gkP; zAUYESSuhIx0{(bg&bpnLUM0+LGQ-0Amu+y)o$XksYWxI>ZQfRc9$CLX=Sa<-V=YeiT%@G$CCH1!v(=h5w;F|HG*M9~u0>dXLP2;Vy`w z?+uy$HpBmTfeITIG4yR`Bsl96U5EQKo5unFp1@yk{ZmVxd@uvx@m;SRl)2lr57k0ejsq#TX z&-q-HhTuQIc6%;tnVHERKOVh}i9ry+z7I{}LRv1@(T@Ukn;&W)HmzI>%)Vjp_GgYr zJzLi=@ZfrB`%k;z78WV#DY{H+-M7kj=p#Y3gZ(cRape^4d082uVQ@BEkfSG86xEP< z8hfSFd^K|^-hbO2e_BdDH_R&E>-Gy#xLr)3oqaTT&%dueyeKKd0x$D`14=%nm3eJW zVNofh0S`W~r~Svh=7LE+x!!70Z#nX^T!@R1zr)?WscE`C*zx5@@bb68CIshFw>jBA zJ?Db|5tezsKH&2)RqXiZN~7h-L?;=)dV*CSB^~@>mWE+DeM6cP`uWupe&w0#eqLuIMERL za8~j_??>nd+qL_{mjdfAQAAaLd6@q`B>iLJB6rV@I>wNs^>(FLK5ed;p~qn#Y_I7v z%&qc#@Zit9zFF!0@c&>dd?-f7>sWggLpdcmDDY1*yyYJ&r9L9M{fcu$XR~So!QJby zASEEpU!NtFBt+|3D*wSETZ}wu!Y(IJr){-W3ocCu4##ICQyXO-5Bn|s;~EyYU?z6B)u}t@!pc6zKV-}> z-ajtImhQh5O9PP@pW!|4}v6Sp4f{*iqqtB3KO0 zchu{z*;4V$$1PF*lbXMJW3Wfox4H*JiZb7papCqu{>J~jCiH&bEX&(CaHqR}MSA~( zCJ+N5g@UM*P`=DR8f+la1R@l37)FOM4dy?68Xy(fTgzf&gv8KI;{VGx(E~0&)x{62 z6#92L{)d&gg+T%+boK2ZM-i-lS~NiQ!hnF}I}Lrt7{mWCufIl@0^%Fq-CN5Ugc$$% z1%HzWa}7idzsDJ~XK_Uv1gkI^))PGI)U){*cRYS=M?b09+diNd@* zA_W4H$zhc&?I6eS^<@3=nw~odi`4|bh2{^wT?p0($ba<89`b-YdT;6&0baB6E0Ho({Z+x58P4gK~TdKGTVj__y?@1r${c+@p+7-pn6kiG9^jLA_D4tpUT9QDO z`H(Wx2UGDZ|u$h zSE~R@;^0+<*0|LLXXb1wuV@yr4r2KF(lpJk&bmaem73G#-K>Dz39`3XYkdxZzPs&| zAX7h@Ak8~?t~a%)c^b9 zllcy#QkYjGxUoS%z+$E&l1lg&d-L&U^~&P#ZT0$B{kMxsD?hssU1gKsqsur7 zBL9Zg!T`DC@YRr8Ze6Y_MAS?Xa0$9iN13%P#Vt!vtw|e9WkPt2sf{Q2EOZlWC24UsNJDj`gj^pxTtg+Vz06>5iPRr{iDhLiLO2V|FuAUXNW6~(?|mvnj_mi7 z$W5lLkv^&juDv@{-^9Szt4<6avkRV0nD zl{LLcbffb+{xRcT#?)Dj184Y@LG=N-Ye*<+vUqU86eDijpfA+sb#hX>T;VVuh6mU8 zMPvfEek(uwWIg-KVSpX<`>tu<6N(}S{7{;)r!Gk^62of1OBL950z;D@#hXTdS@)z| z1y;^;2eWKj$dq!P>wwL`CvVY2Tt)t&FsaJZm54M;E(weEaIy5OQ)7)x0!~F=(@HIy zk(UAOB@|TqS!C^V&oUN8T*78-w}%4I3l>G*Lot%w+Lv|}Ga+Ux98*DF)dIaAIa~=* z1BOhNi=VsCuGQj^YKBhkghf9@*)r#1%@uB zkOQ^_Uw#J~I+l&&y-wJ0e%Em=cH4M0akV|Kqn-`THautj_+8_#y=uf@!Vl$oT^|H- z9cXUCEWJbk*N9Jc`6BZ}e#%P)4;9830;NfdKQrO8D*kr4U!-ZWSsEm&sYEIW(^9^qlk)In;H*-kR4|?VIG* zd4qwC?)Y$3%z~kYu4(tu=siWD7*4#xmm#$|5`YTCBD+Iz-6XKS?|f27es z<~!!RjJpRv0beT`;fYbU-{CH^r(H8@ScmgpouGfv%}0JAhLS;2UR9?NL#YIl7AJcZ zS9_v5i!z-)y7Ibj#V`B7qJ);chUZ5+&UH8MQ5b_)eqFB` zMrhX-6|+!#rp&k$DGqsT3-Cs8K?=@*re%X@UdiXEIaGQ5Whpj3g*wGB;LO5iysGXg zAk3_>G~yS1(9Q0sW}>0M_q4+f{JDeCA{SC)`=4zMTZ#l0Ip>gq0&@m5j?z;~W?zFT z2nb^u4h0-hc~5;3z@G6@lY$&m+M?5~gGy*u!;DNM7X{}95?wqk_FF^VRKgICl=NRqghhclJy0q zr)&bNh8xG5j$qpAqiAekRceR}VL|v@Ef*oe#|2{n^WMn0KBpaUaU70Ew>r~MymG5W z(nkk--h(4rvnoYF?g-88NlCMz=kattqZwqYZ(eG&vDAt)T6`Fqw6dbmD+mWz>H0&B zyb|2Q&8LO+K7+f$*a2#;$tMyltf4xj_0Q`a&RdUWd^&hSVaTelAW6j`AgZ!!xn5>L zKpT07evZ^qn0#+?YMv}X@=)2;WtFt54>m#ey^-Bh>m1g?-eWe=7GN0sE8op($E9pmo=_T3XT9l_(#a;dSB(@NJOvX0Al0$$5r zJ40kc=i8+qfmxHlY4#^!&buR1a{`C{(}*{o11Ss@_=*i!cG`zW8)U zB<2h5@Dn0)(6HOJjHB8t?@;aHB{8)!W5(OxsZQvh-~(y=AA8ks65*Fw+Pwqh*JC39V*j?v;H-1dT}2A6wX@Q~jAhu=Od@a>kIT;j(l6LcFTvqC#i zUoKJHf#O zUpZVXOfNh2GaB@J6Ne=!bnmO(er7d`$0hDutHr=OovZbH+qNM;o6i~@Vtt+}?ow1R zMYki>+cUe9?Yyvfhz{GYUCgFg>5Z{1x>s;@|H7r@$_tj-Ja|yV**_DqP;pxvyLQt6 zJKRjZ>K@YDcg~)~DJlZ3M-$dPg1GYj_M>(xE8PTpKIxO0w&^wCxcIeqoxpB$u2rj5 zxJ=Xc>X++5b1I^*#ycc4YD!v3NH_W4cN2NY>BG=F84Bd6!+bsNUdT2nGZp`ZL;QC; z#d6c}wvrde5}kv)a^73UKJ_yp{}p=vn?mJc2FNCp2+n;j^@~$$Q6UpHtv;||N`2!g z-78QNpfPS#If3Ds#&FxiG`zc#;A(AZaga2EE9pt;)^v#Wo_2S`DIQx2-AF^B=65fX zzHR)G#p{FI854k%Qy&X%S$|ZN_5&3KRA6X**@GJhq5~nC9uI@`Nj#{^ zZ<@5KcXV41e_ETyUlLqT_c*QpTePIH6g<%d-W*+>G^l?zay!D#yxyxu_qZm$=IH;h z_n%QscU$`?d|MC|DT08~RS=~sRS*yqkuFG)5)hQ$yL4%SARy9vlis9$-}hEg73Px+!LsUiY>9$D2d4U(_-uojpx(Tq9#_c*V^$c_CWk57h(?I@dP6zMP$RzoVe<^#j2Wv0&*i?eSi4Tif%C!mD4;b%pp zVCkNI4e2aZ>tOB08v>Ql(reZ;Lx_oKKM0N@Dgm}63ghV*>8k1j#T z1EL^b`b^?uYWujQ9KltHUT0 zG5!(WVFWb^E1}kkr?^GHzi7w{a=8rzWUDbxKEzp9FPzucSGu1ijD(gQ=3ge=83Qs5 z7}a!bzcRPL>D1j}sG#?J<1O0Mw%7tkuIn(AA$wm?H`PC0bV*Jimko>o!Vdb05GNV@ z{6mXY_ta3bY0Qwv+JH6Y6CvO3NIt3$3G-olBp%%?Ok>W)5Y03X-)ia5-LCaosj^g^ zp#pXIea>>62|brl^oTHcnj%~#T8N2$?r`(i*v;X-ac@(rA|}w3E%lM?0mOL`(pl1X zOf4=R4efX-q4yOPN73YdjgMW*eS;P3KfLSP-dG0W`o{NO!I$-?cir1|A)# z8H6%zt6;Z=s~>Xz)x@8g@*wUPc*z)~QZNH@|u*0sj(2es6vumwCMJA-Bgv;qsrDAd5$}yO%7Y zB`RvX*6@0>)^s4nr-@irNfR3I_gJg)z#s>ZdZ1eDI}@^9{l` z)1Rg~#tv=Lz{ckjP5f`U_9`i+pzG)P?#E@ab1OXGrruhJX8sXj3uj6mz4Oyk&3m#( z%fBI`fzpBz+(tKkS}?R&q5+xj>iY$F9OF>AGS+HcuUrn_saLu+KpN$w%3q zBe))_-*=qvA=eHy>H?ElEnocA*5M#>;Zls7Qpw3N1Grj!Zn&u%49V*S!xTWUrqa?x5W{TZV&YXJ_V_G5{^t4 z-^ONAH!@r)r&^o^jb{1LASHXcMjdNGD7@2ARiU1>tY(rv@?eYo_&mI3&0T7J#p2cd zm}k*X#-XZU;#ws2r|q&8K@&W90Y}u@wC_eYh=}XUO^3=y2CvbgK zow|Dqm3D&lO-CAr0`d zrX=-iPQcwqXt>k+3^a4`)gH03WLG@6-|*tWa)I)2r90`i!~NJYK^Ml_BFkAbPf5Yu z7rITbtGGJxc`A^&hl->@x<$L#e-wsem5k3UF?%p)1 zz(v$QXL`@0!_gL!#;V_fds6xOW}PDDoJASva((ivFJQ(bN42_~TB2mdm*ID$+-w_R zlzqKk!nsWQhWRnon^GdGskX60fWDPN+C(;;^jre`h?Ll@hNGywyp7s_9W4w(+g%Jb zVhM^n%!<>ndgtwqVcB|NnXcW9eRE3>P=&J|eHF#)nFKJ$Lz_tWqYUnjsh4`!m`pzz zy?(5s0KZ@0xJq|+g-Zo~tz7u;`dhZ-SyA!+SyrzudOKbA1KeuVg}7!KnCe)YmSWG? zP!_#FA!;yGK4|{TtVVj)AfCE5aaBN~)Keefe*$~G{Ua9h7C}__aHnRtTVMyg(@sI= zgESnrPN&bx^{>M{SvYzVd0=JiAj^{ubn36N=nv=Z@8vCD$W0y{+9?nDaMHLIXncJnH=Q@CMx+CmY5?yXuNl+`r<76kT;Mp_p=e$lTZ^{ z?6{e*S(c1BVs%+d#D*bYFvk_Xt8>=z$@+jWW%2p z_#2{hpbvuEl6s)wQ5Nr^`L^OBvValE&wb+FWj7a%D(u*P=q|d%(uxZ$!(ZR-GfK#7 zVC9TmDCfxW6CD)Qa1z=ZtdO#Q_v?-9q5#W>H$K1=y3yb{-*$X{>!8>fPN1SY=2$Am zT88@E(EkiKd-FImF)c%_q5RE<`sDtI>$s)8@<_4xQXtM3^yX{2ZzY8q4Co!}l@pOA zb+tBKge=Zg0nusqljBZT2l1nF>h?y9S5}{bgM5=w`ei#uD~8pxEM(+#Cvo){#*&83 z8!#er_(B}JIIDUk%TqO{$STbhI=?yhv|E&SdZgnoL1)j`Yl^G&W+y`uG$bk=0V*&X z`9G=>W4F(6JKrJ(5hL4u(+)<3J$;EaS{o|+x`xJ* zfWaRZX-(onPPfb=t9gJ1Kw)15lk=+%`8m^VZ#TW0c309Wo0L!r!8REC-`~$?bBEF- zStr5J{rVZ|*EAmYS+c$~;5J=)!mPP?(h(yoT>0Lp?*0_e-P?}wim$j6LaT=;U)7Eu z$g6xLW!IqaN)o}ZT(M*`{JIhD+{V7s!<`;e51H~rxJxDR?U=J~uS^|v8zcfP{JT&0 zv4VjCoB2t`kHRx1O6qSq3s$^wAO7TWfCBF+#Nc(?CAqIl=nb{kVBf%>3Uu<*ZpxD9 zMt*5>+lFKAihpUHvqGPf{eIwVZ1wbhl9RycS_QF)MJX%T#CNw2^uFHxjoT??^Vn_!X)! zWEQ#S2U1-J63w-q4jw+=xHtC{vC&tNd!que7NM(2lzGN73rxbkokvd4WJ(i>-a3hO z3Jp~e-g2<-*YeJdjIBG#04F(+xfS`{{hMHbrvOiS_vbGH4mk+3P;A=;@04d$v%EcG zHu}t-qXO7m&)Sa@Iy~X@uo=PfZMT+tcwf9;<5o zDB5Y=ogk1U4k?ZBsEf23wOXBnC1o{9?H3B?>h znYk%tlRahLT^@Wl;N)RnS

@#i{S^wD)>yG?UsJ1wBf`ZR=*IdiI{^NwiaC8kv%7 z8cqHW#!jT&I`&c^XF8m6aZbUBW~au}9Dxvri1DsLvd=CcL>_pC0y) zbe{1H9~wKuhoGsnu)N${qg1IPixL5#@pTUh(yuE>~}c(eoZAuRd18P&2!>FT&Tq zT}EmK%o}ch_<;vtX%}NNpxTtm#ZXCeUG`}Gbq&^7@so4hgiV~ zXK$L=TFH~E#1ZrW^!Lkf*Sqk`2iCe*gWT!1RWGhM3aq5kFTlEq9#VuGqs1Lni^U+E z^mL0XcG*ex_lt*1#zy{t4;cyf_D)o7sQ8@T9K|WjH%o-2AHKPt`-1Vx0g=R*`gj2s z3j`|~k2kDF^HA1p_R1^*wN4ew*NF$1Qlk)T*p{#x@qmY+Fw>kd-@%lzP@U=6cy^p+ zZY`Um=~4~Vlk0k~tJnz9FrM)_W5z2#?RxKCtp z;IZ8@if5h-i=TU5DDqzRK#jCrMV_WgQ%k`5Pj=#jUbtTth0td`n#X=z9*`2Y_ym7h zy*oUkk?e)c5Dzyf>v9xWG)k!his84M^l?8fXZewI5;Ycgo@YjJw&NMn9IWomd#fe) z#Vck$LaUe8W>RTPMqMa3-xRXV*=(2Ky_e;vV9xk$;&Wscra=Ix{fH*M+GHTc>FnK` z=@e{g{JSJIQ7xKuGYu%X5TV%3__v9H^<3NK4I69|$U_$Ny{nqy4=Y>5fXF*;wpy2Q z7jQ=ZlXa-N*)tXkOuu3RGAVYQL#$v+`4%w`O_!+{I5>NFGB=>k!cFBBR4GvpST#lDS*#^m|^)a`FpXIbMECdj$+(! zOsCJInbksuxYd{5wL>_=?;f53b-!A7PGD=_>+Rc#kPDTf9TlZ+gY=o%&e@;4NIddS-!^#uFarV=qm0k3jQHcQRDMy{lW%{P>QZ3`h5neS{J3# zF43POD*UF#b&<=D`y8$$aeJ)Wy!YD)hQ{AO}Nkv@-*$U zJnf>}B4HAL(8T6{vwnDuS!IDSieSZ|A)UtxnLdPHgnFT(rHS z8e^LQ%am~8z1DfR1D$>@zp&KUJnj&9vRn7dJgmU13xRXAPSK=+`NYPfQ_W*|bTtvw zTl*M*E&#GbJC=d)0ba+?sOl|`3w+8qxzkOC%HuYMDqI-4 z=gI3tM-g7K>z)7tlH+xV*8^Qwb-#@4<&(Uh-Bxp$0jq3(P4WJ4%fCs#NQusMXc1jA z?KJ{1DViT!D^O*ko6kGtoAyAd**E(Mqf+7k6>$p;u8M1pciBFhe8IA!{A<# zAC56UEgM6;2kw73f>c>#tl5$cFIn8{$)8{qr=+kTZ){oeO=tW&*=%~@xBf1g?4RY= z-l(%k;>B4cF_3x#rjy(1ff&BVJjU(jNyDEX!bfJgipomTfKMoTiU`jWgq|3IiUJ0dLn!z1z_f}pNAS-a05cE7z8eZTR9^O`lz%fI9pXdQJO ztNea|0Oag@F)l`!f5KQeyfQ!lysj*4agwp<4~YU`giDv+$8KJtiAMs1$!z8`b_30K zD)sHh6KXC!bR!w@_Rrgp8OU;$)5)q;pqm(AIsyn~Jwo+g{*G&k6M}~t9&+QWUplSy zDkV<=27m=+$@&`rcy#uSRVTRM_JCRkxiB9C$j#L7)b{;n>?W^m1vD=Al3e6X8Qf%s zes0;O#(AJo#HpEx)9Ul5Ttj!j2G`)BdRZCo6YK1Mh5{9_=@SPcyman&3=w!lbQGSu zJI^`VH{{5lFXK%jB=E8}jyaod<_#v(sc&q0&=F-$k1{M)6Lc>x^_G8zzAOq*zwS>& zdtx_HqrstE@Ty2ho9n-=!s%dnHImx!(SkuCRK+M?&oWTO>34@CSl;V^fIZD;T|NFUq^bPT}^`1`}mvP zgckAwxflVUA%f2D*Jg4i##_dg=3Pf3>OKE2U!ZDs#*!hg@e@IHhZbh}0h6Y?{p1j{ z?;6kp=LlQ6tByM9PR6PT9?tY6A9mNWqkk56qR$@hx*!0A^_l=)EUn+&J8I(B9;Ml7 zTeBJ#)eb(vRX;A6o6^_)r2HBrAGNpX+Lp2w^3KrmN{l2M+r%?M3{fy@e1LnZVoH`|-Q#_s)9Sj$m^P4fd zi_)rT_jET$nxxqmef!G- zC`$jj!EJSkB&U=5x^Est={S)SU_=o@wQm4Nby%t*p=ZHllp^F|HSw47hvA-24A&F5 zS}@V~tPvVoj^2q5jrbR_rMlb4kr)PASV9TmabfCf4Vk6|tl!9mm}GU3H~EDE6@eFn*#C1;PG45eP%>N;@|IJa!Haf!@Z2-|Ah_0M+ zaW+9UvZAhG`||tW=w<;YBo_?g$nT?Q6cE{HZ??MhdAr5mFXvtsX0qs2&9S7^`^HyJ zUN&;D#b80P(ux){dKG#7uTVQbMNiB)!uM#{Qa~vI!Hae~B_7Um898ZR=Zsep3RujC ztC6ED6mFV&3NTDU>Ip;8DH&6k~BxnT|3w3~A1{tus3FquAoyS8XR~r$Z%ThckHh zQ50W7PhNDd=9Asfs6x9d@qQq{?hAi=@rm@SQ|FFhCbGbd+ zpE3EFAv!|`X@k2E_T|x8olu3=r>uVZ)rdd(>IT7C1J!LFMaueB56i8hK#Sj8JPeEO*Ew4n zr1A|XPa~}1q^&EBJ(9>Saz*`^6+adhPzn2oLR`U z|ErU!hTc#1E!7wp()hi$KcnyBtbSy(E2%Qs=B<*j!ioN!%?=lZG3=6@Memrhif4WT zMW!uKkpI4m9r^OLJIlK*-QR;9C24K$dYSi3H8$z7eGU%5~phkpblNa^> z00rWi&uA@C{rv5C^m3T_XOp_A1UKE1I?J!O;y$wcy zQ~@nBYczaq9^R*y_^bLueAXWIR?v47U%Z-8ZF=|0@!RHdap7vJgqKNUF)pxcsD%(d z6H(!}yIl;F&jS#aKCCwi?F1g+_y)>R@ku5bi9NUm2JW#tp;z&j6m!MFXJx!Zl$f}Q zK7v$Do79(J7Bs!1YiMUTXXN|U^GEk!&F2HM*2V*O#QPkwfwa;2@+Hf;n6&rJIrX!{0SNWDQF_H@W%y(`MSv0i< z6Wwv?#GM9aJI%>1^<&;|wEso;`L_arLm8-3JbUkO9q3?8J2+E2FPmJkP2h{x^>^P= z5egs46_kqrN)_>9Y`LzLLBYv^EPo}+V6?h1pp56HW2!H-grh8}i ztMzWWct6!o(6j$89sK)nfPW3A1$L1}P9jE(@{erdbC*R_&uR_ciV}{=tRI{IQEUH? zXM=_d*w))YPC#P4_2=)jNQdcHLr(Ytw!In|M@#R&g##_o*~#zQ|G|8e?EN8vnzM!GIF?}P3F(v`TwTDi9A_6 zfm#{<|6A<2^Vk~_vYzQLfDK%p?q4__o?LR+0eN3B7=yU_DR4R=Sf(?Je zHWlSjdA=}j7?@f7hdp5WD=_HWhlI;IRAVa2f78uY@H>5=|4O*_HRerV>!JHIm z=KVUTj@7dI({^W{T<%Z7R;FMFP1Z0_%e2R*Bzx6Fi_E&${-J`e?f~bS-3aJZ!`D)> z@Qg+PgE=7XyxPanKVLTGyE{0OngNpll0mFeQA!wdzPT}Z@pYK+5DMy)$)73+9{N^L zRriSd&nmMb%JZiND6Fg{QQNurl`yrqP2S~k4@%(w(tFIGt{1U3ZSa>0)&|A#{*MBA zPHv7q?5Tbq_Nf51DAwt&*9&(RI>14l1LTYi5slBWza|R3;zE;3mMywg|Kwi+KPkUG zWS311C?CWs@3JhmOx6nxYVnE;CaW-})p{?(O%|WzB^$Dw|6J#FP*36V?=BAiafSZp zW5nIB=I#~W6RvtY-x@cyH`eo?@Os+1}l)qP(>8m8+_XDpX+iN2!!<7&pAX9Fn8CrC4cQ5~lo zKowNn=ud(fbZR0g*DAG!raL`Tbe3#iTH)(Cmpr^cnMGW#<>1DnRc%O z&+9J#drShHN(At>81q$a9lc4n#J&V0LtH|zAwR<}{nruv#|0a^19<3>xBn0Ii!cdw zBAL99^`tWVBK>nIyZGa`KR0@KaUS5A>xbEfR!dmPja){OUGGwODiM>{{_u~+@C3kO zlXR*7zy2BjxB6#P`i5ffQ3$-PpR;*ZGrq<@P~FF8ZR~5_P{fG{LU zxAN@B60)3R2A^P)HJ=Fz@xx1L2B4%hax5@CJas_KxO+Xl6Z;yrXN4-bbLtzGPD`pwmd+F)DI4Ca9Z$%!zqPE7Ar;o6DuJ~KvR}&uz z&!2YA5`M<5YS%VG_{t9vQ|Z3Gyx18`O}`f-Rrv%oPLvE2uhB(2TrlV&JJ0W%35n#liMj*#_{pHxht&9$%Oku?tlP;cMUbNP1 zIlt=O6BOYJc`6NrZpH@rKzE)cJz#=lmExAIWS#76eF?+(P4n{#9pKl} zh+7CQc{ELO0K{t`jymd^McPILpaZLWyamSEAeSCjXccK}S1+#>IAYXIH(l7*vzRmE zl;-0cASBwF38vDE2P1WG8f@oiW9ZP2y+_Okl`x{q``GWKNb?~~?&tt)#*u+@ z^ctK_%GijDf~a;=cJEH!IXhY3lix`N16PoQuwEOf--Oqx=edi+w2n3e?Nn)|L*luTJRj81!^zHY^#ej*f&;>&xbfU^fy|v*c!0crk&|CTnyZR&0&DEj|Ys$(AQ59p9@>U z(s_nyV5JCokFA}~yjl~H71y4;B3*o=tpYM`ttM9fuWk7DT!P)ZtI?uwV1l|P(N>AFLcIzz zO}Cv+%O=to_kp6{40eGh#4m=0({Qtkn?INIfv zU2M7CXamr(Wc^R;0=tSCp7XzuK-gdt*Gl{?nWIuqPx>6!K8k_PpY9Z=Dv91J`9Et9 zZ$qXf_EWEc%?q zr$8S&fHb{u9-GF^#&X@l=eSWX`K)Evb`ti*H(a5}s)iPI{(gsu`5nrOBQ!5(6nhVv zA5vZzd77R6w~Lkfw?q8OK&}R?__SyJZK`)wdt+(`pa)?DaLyieX8xpCSu!Ji2V}rx zie#TMp}O`xmBI0LuSy5*6yo8u%zD#hq&wjvuu?;kOUz#B0poF6hN)K4ZKW)2yvWShAoydKtOeQzYZ}JqblY)86tS8rxcou?I*uxVn=WdX$2iX-taX6IwxpNY-sqr^o2*-x)E8@>r2i=SJboWr`RqO~ z{NKF*(gtN>OfCzJqv6iE00$bF#}t4;59}(U+2gfzm)|)+1o?KE9a|kCwUOV~uBN`2 zZW!E{FqoUPUSdzPbp+QaYvXOl`=ETw4E3YEb?cj7a57@z)2JIYG{ukREo1D1n+zJf zMt|0Q;X@awWm!Aa`LnI^{0arfxaH58&ZzYtqsnga9Ujg1YxEzy!#u?Etsc0H*qmkz z6foBb0b1>Gg9G9_3;+Gbl;g=rGQY;k>b<>*Z=TIR$y+2&k5TMvt<*B2G13Pv6G5g* z#vdoDa6Ti>AJ08%}hco+ND{%Apg6C+|#KUGxwYihy@sFd;G)(aE5D{-wO*@s* z#c0@B>riL7Ap6?V|zHQrQI zcCKwu@eE8D+P&@6B9h_;A&)9sNENqiXBJuL=PAsJ#5}sVEH4T_v^d4fjyet{3;jZx z_}UhanZB`xwc}()H zH%mGro@wZ9R4#c=E0qWPmv_aj!jD^1vQnGxNm~>^38o1rvw>zanh)JYO!v(THa2-v z#L>d&l~FHlWPQZ@UI`s9ZSd6s}BlZkTl> z9TT!%{^s#Kz`emWFCGu{GnH1_0f{QN)iNO0dY{mwU2+zdu=ww62Ob=JyuBR!#bd^r zqNa~3joe-V-izx8nhkDS5bVXSj(|)@o4Y>3>$VNmAMbu$_>dEj>E~=fpVgrZg*zCg z9c&?3rDrUr>W@j}St*)_Q!Jn_4aqXa)#;uSyB1yai4Oxvn96k0!04EJG2gO;4&1f+ zW@ZJ;F=3Px@+{~O@@@4X3=~4RK=3?qCWyZSLb_(F#{rRE8WC4L1fj>#epKiiCusdq z0g-a#mrTKD6&W;q>g=snIg)CGSr_={(iztJsmZM>)Wih;)btwk@hO==z&%x836C6{ z4AN6bg%1+m7_cXNPO25@CWV#A^Ld@TOX6N@nb*^Eo@yu@Fu_a@zzqiY>L=UVqz(-| z9`-9y%h2=vLiHj~8O(CP`7L=Ht=8}iG3w*By*>eR2>y^98|^3F+6~cIcMPQH8iT6D z?TaTlRX_)9C!u6gQ^)9OmA2h#+n{+SznUFB@8`?B0zd>ADh0hm%)3z7cAiPfK^rE`) z8gRzX^sd!8KBNmC-;#Xgou$isHmv3RB>`iIiL;)e?gtntYRJdMXh^F1T9d^f$z&)j z*LmcGC|G~O&EooWCq3PC=5!~vf!S~QH#N?JxzZNVfD||JC$={3M=%E=Eo*&;i4l;- zxT*IY3~fQbz57T%1)f&owr94mT*vd}`&}{!kXM%PTHQjkJbcztgHUdnWo__XACcUc z*|44QB0yG*|%RfAL(wxyPQ zbt`6VQgd-0KhRV&y4cWKL=1j!h2`QJ!`}%F=UGBSpR1iOmT|$2EcwYu%bvZT&nsL5B-r(J_8i zUwcYom|7)%k+nYQWA{xL@>_aHK23cPe8HJl06lY;|bkI~3QO~PvF z4!w^cuYLo!xB+z0#buw~j3LkYWdZF9e;K>bF?eZ8rEJ|9_L-FL;-Eq!yS9?q<|Qp9*tjs3KFB*qs1sKe5uX=%5N=|Z zrJY;I#&ip;JbI|xTtBX%`_d4eU)|61+@gC>cmT0t=GFA*<#VWJ$gXqXc;??tQ}P`Wz)495`(?f6VN%sqa@B?ug&4eFY8oaZsp4!8;yHS3ClA z!4h`3VK98^@Rpyfk3}yaBMtoEju!3wQbl|rpmXwLR0bW~#=<(*s-pnES|aegs`uoAnzo8_ln8Ll#( z2Xk&~UV5Jfp|yja&=v#aJ21M^dGHvFEI(DxYl@c}sPOn9EwFM7DJqqrB|41xbQVw0 za8{JtIH`TQNg|YOR}HxeA#m?l?ncYKb@)4_E&n@UGj7Kx+xn0vCgL3w0<5BC^F1N= z57vwTo}L-fe`4CGa+t(!h`742s)rCW_;Ozlpyr}Nv7Ce~it6at%iOj~pLwpTbGSP% z`I~!vzztlGzpm%JKXTAP4NV59Vs~y>Xm7I~N7I{sk z5B-U0=__2GB3APS@3$BEFKmLYK>)9h4Xd*-nVQhp?-I^(nlIA4i~Zua=!wg3i(6L> z+Py0%W?NZT!mGa1hAvB)lhdEsf?yNdw$Yv%qSZ_XCU&4F#7(jta^CNP_Fb>_7$yDZ zL!Z^~4UT(kH<~|{SkHFD%%ohZIX&UMA47Mbt?0ut_Tb1VKEJy6QB13#r$+A#h7me_ z_ygWnh;o|XP;=tIYN$1cW<_;ojhBnYmul!yQ4Xa$*|0Y-lS)`+A8n*&YpgaYD##28 z95U0xI#jn_s7(Y1WUPBUXm2!f1v$=*O6YoD`aNwRpfzFOnvf0CffFXrafshfEMP6} zx88ht;XF?q`$;ITPQ7PYS4r9T_nLK`OOcl}+5MKdMq3AkWc3s5^-E1guwy&my<-?` zd#L6ad^{|kg0`BNa=U9bGV@BwU47{X7YFb49R=vdI}Y2`{g7?4EoR}KiZP}%rrez2 zvgLTi-m;0>EG3bjWSfdx>Tj?5t(^i>Ec;di){wL?E~bNR|7u>F1QWlXO&nEf!sa(b zgjO>Jr{M@1yt)aDYNgRK5nL;?-SV@kbyBAI3HC~4{#o#&Q*YIiW*G$i-L*G%(51b> z8GgTrztx_gzT??4wYiube93^#e=C$jeLu?#5tsgzZa^`BP6v@Xw-l6F&Xm6YtU^)^ zJG+N`fSx=OF%=#_@_>vn)M<@KMi0{W9-^(M`;EA9kKY;_p?^dP6-ShoruFYct4V-sV&3 zaV2THNpkqwN8U>@uES;lD)g|?6QYKp|0zBn+O4Tq(A4%UT1GtiF^f;l;oDlrl7S6J zuti_*@%(|$L+Q!2{I6^H3O9eR17GKZZ!2CX=;(bx#(iT#tDl(QJ1F}s!X_iq-(>v_ z=-@iQ{(fxqb+ViU4oA;K*T7o$j-}RW1?XQm2slh*6q7PdE{k0JJLY)w@4m-6uXBys z8~aE{cX7gn8NP3R7?#Cg0Ub-QC)JfuI(;$egIUz}x4@6H6HQ^aYzxDIsWbj?&(EasyPi0yT&Xqd> z=|oCo`D%F3bM`A!+wTk$CG{wwToQ!=?~5P%KhGLU9d3YF*~|^k+RX8TlNuDulHDQP z78~BxJoF8(VJ%ObDi@%CH9qiciVi80DiekBc1KpK4l;Fq6;<-FMKk$yXU__STa5!OOC-n(hR()no}sz|OgHtatt9EmY9O zy9dQn6FOfr%j4L+<})76HP=$kVb)U`2!Vy6NC4aFo|hrH0jZlsjk3G*ji1J#!V_WeLOx~88C1S7<3cT z%P8=22xZ(A%RS(LKYTJ!auO0eUQ$F#L-Xy$7F$>j8qx%DSIhm{XVH!F-z>@8J5b`5IT&}%FRoS^oy*t3c_25Soj}8%M;$6M=$Rjx*pQ60-_IzR z#7#GC-6eVENfgB#HmyvToqKyqc!A#k_~rJOrKCM#(f-BDA~*i_3nKq2uBd3cj8@Ir zD?N{UIYYw-o0I1DyY9YAL;!$Lnn#iB`V89NY=XQrOA%t&sIK1b)!#V@e`besRapRiFLf(Jp42!Xn!yNc(l} zbavm`-mq+=`{3*(e-jbUZti(E1*l3u`+SbPcS`cKu`sBvJ^b0Mbo`xkLgf4l zg;KC>!br5QL$8z?tI~&Wf92EAR|N%MIo(y@!KHsz*);V3jcBHe0j?y{MQ1+ zV)qHMYgq%T)g{}&S7)BWMCtAEJ>NdxjYxsEB~9T)b(Z;TSt+NV7QBaxFVO&q^WAWmQ(eW(uDyN_xb|a-?Ihj}kH2r%Z}TWgd_~Tp z>UDh5;oPIul2NlP!^Z8tO7c2sqFNLQv>z(Ix(vO0WL8$jys9-Y(7#(*9B4RTRfrMBzL)f~b0mJu4B-|Hx#%Ikmyl`5+OW8T%FZ%*($$sAT ztYg=R&CP!ew8(&pS;~EK$}G#pUO__0s-CY@9FlF>HXms{l%s&AyDa6%eUoUo-?+CY zOSN2(&6824Zr+u@K(NFWDjY)`g2U%!w?m(gVmxJw-Z}kZe6r&Glb>UQtF(Fp`j^ts zG~7SD*RdsSgq8cGZ+rlxJE^-9x@NToIo;*`^o7E=(bgkSM&`!JxnL`U(`NwiF3^|8 zjV3R?L>mc&^Hrd$9FtFM&+=FYi6@fuM+ZUx$0(?!?9XM8~?pW`j zAZjz)Id4G9vSW3T*I`Mu+kD$~0{7E@+;F#zTQLUu>iptJm7PS6aBajzq^Z2&tE*5k z-`MUrE&u$4c(VNAIJlnn@DgP+S6|blhKZF_)LTY(*QJWZX4km;T+Y3rM(ze%u6?VF zL^UmHpeX_4YP?r4W~;liHZ=$bDw6aw~U8fVo1l4eVt1 zXEHFA2*Co!D{SJyBQb{mcGo)Wc^3bU}W>i@hX3PCebq$ zFi%ud%yTGnorIOq4zzqW)tn^UFp22~+d5r4?<)MaaWejGoPfI5(Af-Vx@g!Ilq8ep zI|B%H5Yv6DIU8T7)%*nBTx5zr%M@xZ?3-nAa^fZW56mzZcRAsjELXZx zmw0S@kZiYDIs0%qv;**fb1wJ?f@Jz3za!qTd-?B>IiG%j*jw5!7)}%JxQp07Y;PP< z{~>%Kb^6x%tJ3KBwg)jX?BG^s(jcOi!pC^lQG4NzqO-5cYs&M$EL+IU#FZ|w9#kMo zK1odd8e=9MSy#CRb zq*o!yf7qCSf_xhb9ywmBWw<;ppL11RLU2F&uAZ6;GRG+fR7-r+JY-R^us4PW0ZF##O>x=JdWTyYr{Vuz1U@XR1WPYlD{BncYX z+&;cS$4;fr?H90zRj$scWjk?MrPW^E+aufMT-8jM7j9F&4oe7l7;vh>A3*EC^SWXI znwBw6?EN{QQUMN)X7q;e`hDB`HC{7v&#&+^!N&;h*LmvDFCILE6Bq2L3yzkMa*E3n zy%2F_n^2W3(i!@5_UYMR41?$Y8jMkIqpYnb1Jm(E2o?rN9j|}GOv~tA9^^hgg48I! z(L^0r;f|(OX4UtclTlssS?!6HcH2wU1_{(Ai1IIGa^}U~IFAIM4j<9NsDDI;DfBse zhl#Bvi_vetkH6teT&@CIUVnZ~IqB zhkHRjQ=@%V#;RO*@DqgIns`P-L`?G@Pv<)Hv1`93THrGO8`nDO)zz>jE88Z2Eir%n z<@#lrtGT=1jClnrwNSSW7|;ZEOQ3y|vY?(StA+!}JXSelbn7O+Rw1PDl`=lgg+d@6 z$EL|P!g0~M}A?v-cbYW8W8~Qtrt{B`}J&i6!bdkEUkY$T`ZSbKAC6m5hNj4 z@tT=7j3#4C*?Zlj)5GlxKR-VrE+0L^w3ZaTm3w}DP|8P|;?RX*YxRb-kKPSU4F!e# z`;%=h9#1IhUu$lGP7i~^KL$nY&+C&g*n5tLb6f8{AJsHJ@I|UWO6iwc6^^sp>r1oT zH=vQU5`tzmCjVdTy?0cT+tw~_LC}qeZdA4+1Ph=dMCsBI5tXKZB7Gyhmrx7=BBCH5 zpdz97DqULW5m7p!6IuvL2_b|CX|#~v%RcAabI#VYf8QPB8{^(F?)Q%)43qa=Ypyw; zIp;IyTC02|L}igTY{HuPG0+!5>uoHJE>($%#-Ed8bob|Ar1fykc{-;%9a)NozLSJ9 z`s0@?ocH0)O9#=j0z|no$DQVl*#{qbE~c6IyDvuZ<~glwPUfJbhBhfDnBPA4re6y1 zjA@vZQ;QZqZ}6x%#+Fi_OX1+MiVmrv0E9ooX_H~f;pg_?WXcvWn`-w*`ez^bS0hstqC&~&F#LZl}f|@)$dx&+Kq1kL5EE^hK^pe+xv|2L^FOy z@vUXh0lXXUcKT}lvR`yra zPA{&(_Idyqm0Cy{98W zGq?{BC}HMC{T1H?!l~h^H60=mSfl3#RF`#8;v_N99f<u(A>laG|+-2LOW=B!J^yE@eh$Ta1GH?JREw+C~{8u~PMP_zp9m07N zI%w$b^i5>P-<-3=Z;73YAmxqW4l)t`5@%aTm{HU=hah|X2bMBrE$%IJpW?DYh#T9% zhMmR_@;}>oxZZwws7$rWHShNUchLN!cBsw}>6g>r#3iHicOHK&5Als}<(|d{9h*gi zu)0dZ?Fr5q>%1k0Cw8>IYHc=pK09OnFwc5vl!p$Sc9b5(w;<=hhZ0%K)@#1fx*}l9 zdqPIe5584>Un4h@x~h$L7LF_+4^SVM^Cn2>%jZ}|e$g$SNiT0lJ=0)Qeh28EWoc2C zghIXgjwjtYFf5RD{H1=&=koTmOO$)4oDql_N0Vwbf*h&vnG22GY~5zYG%&5Ers!iEh7ya4ui30Lg?CW%KBbEcJ<-TD zc{Z_##BK8U7!9iLf5U&d)}w$`5+p;Te+rQ6p|(wr%#D)Be!ct>bdp|(uaHO5*1h-K zD~)~c=f&$!3}0O2>OV5+W(Di4+n}iz1wHX;mCtLdvuHHnVAypiJsc-}gr|#b-m(ab z=)&3Xr4ZMuWE#?V;R@NKyIUpvw;&~f)vWd)r&rkeLD|#Av zZX-AAnfN^d7#Y|w>he&eV}5S-$Xj@7K!N#-Q1C>u_WmB+PJ$b}xrEnT3sj|96ZCx) z{MEbP>lcR7c1q*pF7G-E!cNezjYpaVW-3nlHjbmIjQ7?s=hcR%54*o9ZhvOoL|ya^ zLC^-7CDAievJqazvyFLmOf6JYWlwF|PR$}sjyk2dI<~(UrM$o>pyO%nt<8E7Jadbi z5-+~&)YPs zZ3g(GvQR9*>|dGo(`y}fz&e*V`3MV`Nx2^Y^O>^jW}e#=>Q>CwnUi=*wy8MsVDY7W zZ1~k^sTSx3m1mUOE)Rw;rayxqwSr~M+`*^+c8-4nSrgm(&S~HjQ`XTb-(B0sgEzIpuSccSD1yG= zK3e>Nq{KJud=AZLiV|M-8ZvzVPUBga@|;W{YE`<1j-<_Qy34U(k;7hx^oUW>tSWUMGB+T0YS7)(^+wcl#3ucO(+ima$(yek#G z+tXjwx>p%GV3T5A@R8GQAn*4sO%MFG`tg=gv6AAyIkZ<|d3g`pL+;y)&3bkF;3sId zg(bwWPdh}56ntiBKTAk=lNhI*rejWVE|bIVyj7dDEhH}o6rPuhffdi1ECuCrdm>I@ zBm+&U&G6LMUH&6W+lile1A9Q<*sj-~QK5RFo>SvNQY#>LM*Rt?bX`u!8TlIb^Lopk7>M@*O%Z*Zb0vidjV@M+d5$46g=H=ENuA_Z#pa`_3e&;V64V4!(sCaHmnSn zZqk5o8h9&a6+%5vuE+L>43HcvRCrm z36#aaKuA{0Yx=K4XA8or=o1R9&s!{$?`>eYQB{-|f78++hcnFe3`6%8=iUQimi{!Q z1~V3jq=d38gQ>IM5Mh)P9>k0UWhyomfU;}-8u zH0@o}8gal4#mqOVQ`HptxJ3Q9aF>-jOx{-s4hH|Uvv?iZ+aQTM2;rx0j5 zhzuDJxK9W{XfHxOwX9Xu^=GkPbo%jby1IoA`3S{Sh>?g_rP;TX0Uu#c_7LE$>-|#64KHqQtS;dX0l`4U%`^n zRk#3rrNq`(mZAJbIc`eI@BzDDPW~+-we=lt;IU8iRHQYIa1!zur)l8h8=)Hy#^>X< z&s|#H%8^sk)o7RMA|l$;Pt#&Tf;_QXIo+gc4SmUkH(R~nFH>b72XQ>1TxeRg5w3wC zt?k|KeD&}(GIU#w)uy~PCidR4SCKaLsBXR{%%IXn9yQyj3A6d^v#_s;IN`HM>^ml6 z@o7bg@|21Y5O z+iw+vxUE>%^Y<=#=9>!%Ey!Qp@nG>AB~@7QP23?^z77p!<%~A5KEyY@q>d~kX-;%z zW}W>5&lPQ0=JQ^Z?nnGo+D5HG+2JemIg_Ql)qcF_-YP7?a%^3RQXQpi1b7DM(zz0X zDrU@x3s~PF4PV#IcG@AzUi+PGjfHP6u;=Vz8s(``=B^-o<%1r_RWfn2ya8n)&^gg?!B> z-+$obkbVTB^*FD+AP7y2tvf4CH)+QNDzVG2)7Y8ZF-v*XU!=z-GP>m}D0I_^B9t>< z68sZ8ULHj^9OABVJGgl@VQ0Yv&-IJzZ1V?NpR0LTPT&8?y<19~!%WRW?U%w3l} zF`Ee*qdqGQ`uL5}wZ1syezTP^+q02pIp|Pk$iFT4O&StS1-)L}>jKi=G2q9WJmP~Z zJZsZbk-0s(G&ZW7lY33zYHkW$+VUWQ*K%S=JFJ}8McsRT#j~96D|42y57U{R7zt6@ zSazm24ta^fv0eu5Za{~PAE>ITs&i%%^u|wRU4Loxy;yrvBxxz^dZ63V^>Tc${e;PI zeMZ3~XtboKEf4Fda%j}mzw@0;{nk!CDGU_I97xOCY%veh#;2j=SgmiB$-u1@JkTv> zpQ~WjR)N}6&fcN2)YqhDMd!PB>Rc(v77%7l)LKV%B~5F`a|A3Xsyzsk~`kZ=5x-eBzXx zF{9W6(VqmMf%ZYJU4F$msZ=HKWo1u6np^57((`#;?YcpBdqk555_pD1wD>UBFV2HV z9Gt6Q5!iwjI6x=tO*FO36VwFtd23_6Dxp{}BE>y5JUNeiU4TgzUE7GCy$QbZRm>bCmy2)PWDcQi_C*KPbT2$vy7EPVUAfxp}Ih;lmiT0d!QHbb)ed1c}i@8J8m zYy#vvLDNmQ2~D8rcV7&o_3GvA1ZqMCXiR-FX`6WK`SqPmP7!8qEZ;WR5?e)`4B$c! zp;G$aiutEzf`U?Px=231GIO88a2b7J+51a*?u~DWup%ve1|aGRg@#hkuOFG1Re@j!IzGL{!8buF5E402C?r=+7i)~weBuH=0Ftkj%&Y};Noa{P*Kwj zY1LH@)PKgBN*Wq%t{&NOHRiEFo=j-qW7$zobQ=Hae5r;~o4ZYN5wz5!1>!-I1KQk|@!arnUFSnMEnxgb%XO`#46o`ogo zZ^u)@pt?))qJU#QL#!=xM7QqdLcHL#`n{}R^(3o z7r41+w+|9HL+34Utl%}8ka5B+*)mo$-e6qgzE2upG(MA6_zDZroGgr6pjZQTdr5*x z&aEk1bgycLCtZV-icRKImX7Ax=qJo(bVqC{4)@7yBK1{745b!f8wPz%(?Kn!0|DZD z`lR}@zG&qjHqtG$O<50XXB3xkEC2!9#D2@`5dUtwiBasJ*zOjB(8mVm!5)!l9w z<7aM>Kq@H(+>s@=?@cFaC$s31?0Pz%C=8yP{-JvIT@ZRL3~-rD+pE#4A2^Suv@3i9 zg4XRdQ8@337A6{=HAIV= zq9La&zkazUc>q6Qu^$(VNfAqSsR}AIs?x=%!Rz65hc3}%mNS~p_DP<#lpJc9;@Zp$ zOgrS~hGKL|d@W{uy=vgG!g@DM3-AEsIbprDJmfzqK-vkr!lh6pLW@!tI6TEsqV%MQ z@CD_F5x1qA<7}K`_?gD3qU0>4(&?b<1F-8CJ@PR|@rzbAS2^&|S4 zeuoLpFqt~&umlG4&Q zUqmAgTz9~k&!xBXJ81cnhKpj9Q%-+U6!BSzc&33Yzt}Ecnrn)L^Z6y-SBe1|Y6mPu zYb}H8TnE8ppi?x|U06i@22G}CE9a^j`hFPgEhk#OO?-m6)>9%fbS;WfKaVIu?s)dE zIc#=kiD{2tSHgRHlx4~u2?CBMk_}V@2+qmHvii~`(;b>t$eE_-8@QrS4#Z-IO=h>Z z`fm0)0ijgm@4_f)AAw_w3~-Dk*sVbKcx6N1?P~Q;@RhnYalO_nO$T#!?v`g+slp9v z+!!~<>&sBdg86BZ89mE8b#DoQ`ibn*saM;(0P;BA$un|*5x%*j506^(tLkT{ZB7%; zQ7mMJltZB`@3KSr)ytVj{8#5FV9}Bia?M$0O~q^mr9Duf-iIzJWa^(dJ1hQ(lt+Y3 zB749`Ik;eQG>d5^1mPhon#e1(Kk6K9_GIJUR+2}@-iGir1%LvSgR?5JJ6GKj z>EOWnQW#kY38u*2>q~ZA;1$`F?FUEwM%&GGH~Y@A0K0`HbxmU)G9VYQ56D~Td^97V zH$2&<55$@p?2DZkQdz9-5tCfPYhuz&*&@t$DZ*pI|DXs%`3PZQQQD;T(GrufX`UeW z*4pH(7He)Eg!YDOy|xrCC_k)r{EDTD>QY~TeP1H)ZzlGY#V!jY{o1X*%<|V3$;hnv z#lDSEQ)IRn`OQugT!WOQm^X=OGUYYZd<46kgHhx*$rE4*B)i<JrMrIX+x^FQ3rY zuTX|WEb2|uB9k-jsRZJv`!i|=C`Pc^hm4~%v&c$w{}l%kMo25Zn|oHc%|AMHJo;k$ z*&(lyq6gh}!pki2;Z^VM0q)k#18;&pu1_ylhB{h>6;ADx6NfjdZbqg>nz-GDX|$c9 z)}g{b6gm5c5P5?=E#k4hi=O=!v+@CJaNM}b(#i+wq@N|fBWihw=9a$gSf8xPvU8~+ zuvZMH#LV`_Lm>+YdXOLG_@@$qGA{YD^O8F6LqIy?i7q?rhVzgL`Dh>U?QH)gUe`^( z(s07SMlVApzKF>0YgtGM)E{$w3FtHjJ}7@*ppK)}4XV5LsfxlU{2f(blgk>YVvLu4 zoD%O8F+{xE$E~x3PKZ9iL}lj1mWDYxB@Z}Q$&{3WzdaV%kK!^- zKtXUxD9=ry-(^DFU^VHWN@HcpxqC1FVDL@@*&Ay6Fq&qc>Hpyl|1H!yqG?2eFSVBg zTPKBudl5nAU{f{G8`l!y`W^R1M zTYG@VKC1kK(Sh$WIvb#reDcW_X#GLPG1cAwEHIl1!K`S--Ar-`8p-4p8$BBMhA@t5 z-k?PxjQZ0joy*ktHxtucV*GG4BouGLZ zVJZC1D94oaeWhn&5a0k-cG()_{P^WRCMK=FYgSewfLX<-w?N0tGuxq$E-k44F~Fe% zzF0@mIzkdepEe{3bx@iIZhX8Y5I}vQU3ry%FI(X~;FT0c+p8-ETBd%19sDt!1^MlU znfoHUc=w78t*s?+&!Ms{`{H#TD*#dird7Txe_ghJkXR1S_v||;_*8Z8FAiMmls-9= z8mvD>f|p~cJb*B0yB7D}GXUGm7?-!nmmKNRyqsX5Bta6fX3-@JQ2rHvEWK z&)VPY{$J)VxSKZ~uO5_P!{?qfeswIxKKOxD?1H$OvvT0- zj>oTN6gi8t5@~hq99r#1Tq9)UP=)TGaX2}3dG{T}5E>D~BSw%Q#N!}AF0E%`m!@w& zqb!}Y+xS6!k7@wG5@F)V_l%++d8O?jy7J@YBxBqrPHC{fDkO^wtvOxFTQ}7qP!{ow z5+I*p6@ACY9oz!-;j9e!K@DE+D!4{T6;})Ny~asvHoWog54wv<6E$ylxrv%Fm-B>* z9eMo*U$M#kn;Wbqo=1?a(4xM#!clx()KieTO*ICGn?X7c_qCSQQ2GbcP^Gu^dmMl` z+;*rmbsn)7e@Dz9%LX{1(QBxmm4moOLlV|{89d8O>S;W13UtUBuaBh_*ij{${Sd1G z<4Sy|->h&~d4p!>TOloj?%N>8!P+;D$Yhrh2+z1fh>z`jSDb{^pdpmmtGAEg-cItr zONK9BGU(CJ;z)GGSnXCpQRHpe@u}sZwG*PY+s`fMn#0mWF$QLsk=|uo6iZplM9ST1 z(gHTrVHidEVyA%B(B+dU0Piom-Y)lY`}?d--7Y7!O<;MOs2Mk;=NP;4(Snrqxg*Rx-kv74CHPQxfOo6}uz}lWG6#Ui+ZWtpblj zzUi%Z6|8@yvXkP-P&colYUin$A5pR49$zR+9_I{3Co14-_%`|-P670U*%>LGGebY> ztNkvfE&c=3in4B*L~a!W`Ih{oTI4oB^UXCjhjc4aSNXUnwnVk}G#QjB+X_JZp7|dE zO~OFe8Px2lE5XRqIpi7~YS}u-W9Q>}aL4^HMn%)`5T8@>ZaL`_<_>{-{53Prx$hX) z`;bszW32|d$@^Yn24hwm7KGs&+jo*6|zER@w1(AUp(b3HZ9zLG_eZ1h13QS>=`z?_mAfKzK&kSXl2# zM)fOCHJdx13hEXbgf>+_vqMS`_n}-~ZsX!r#@Z{DgeMBzu=4cC7+|;RIS+nOqtdr$ zkt&w~GW=FuyR;1ovS=IJZaq@?;PGwJT6Jccpa0Iap8$T{$z68^nB?EwLeaBZ>Kqmq zgVx{gr4}1QT=fWcy-7KvSEHsKPy@&#G*x8MIxET|z^h=f?6`Nok9G<*xhFwdb5y$NYqdoK zAG&@~cw;&8rfS)c%=nYQjXo?(H}Ft~_>g@MLL-l3TizK7=FQ_tQMlvwqi$mU2>bv* z{d?)Q|2FJ_^X+0=UAHr98IAJv>|uQ{>iY%LzJowm%uO{7x)ZO@>+%Jrx zpJA<6x|5g_!YT0CFAe%i!yx$5gE|_z-GCzFG<;8>j*(=j=Y?erfSYYWdfaGMin8fu zisZ-8MtSviy6a8YF!6s_$OvpkwlDN7{pyz|fS<7522$tSFM6zT zJBFL)kTBCmbA~N%iUSh3|HHj1_jjq=Aj%Z~V6me$(PM&nk28J-eItz`&Ic2*muxPdU>%T%ocvJM4hxnAD=?NuZ)yvKuk z(syE-iw&>)%=8D4?x_BQ=LC@YA3W#a+PTu6Fw|`>D;(74IY2Wm#x;>vL~;et8Xh~t z5bJrwq=2q#2p^O-{&lcI1GwQyB?fiDFM7Rr?_~@ntjQXqrJM-cv zg~d)})4F}+meQFn{OdZhgmc`}59+yDa`d+nnRTWek}=b7m#TF=Rt#%3{uHw82{!wK z@d7mN%{E}lA4XKO<9A?1O^ey3OC7P|@c>_Dg-ME>*&YOLEwDH^1h!v8Z>4t&843GW zsQi9oVnw)kt?Rxtp&rWkU&SnP1qx5m8b^U6~#zfxX?n>dYQ8n;lU0>$B za|O|wW2K>zikdsl9|!nD7w3=Z(4}Ku-v+iO9n~zQ#yEOZ)T&pp)>G$xj7#f&1z<`< z?;i^-Ej=jEZ6XTG=92H!z@M=vrV(D@%9=Ov_6V+R z;`s(5-EU?Ju&N-ThtQ&&Nz56ANqw=2NmlCz?lISa)88hAkfNX6*w9%@YYlEyX{598 zxlGtNR5&q>I>9%^6-NS&0p|EtYHo`xeHDdMX8}I{JcheorTkJ0RFISBNBeKzwf`gk zwEyAT>J#U=i9#GJm6gTrOHP=Q<`Lb{oJ@CGdhHH$JD8Fi5!c%Y>hET@Q{eoU+W8YN!n3o(TxX0O@Aa9HJ2T7nqEm~jL75N z`UTLt(e9VX_`5}jUVYyDD^)X7WY1=@6+QxCa7bZJUJhvf2yb)~Uwhx$6<1`_ZV_G~ zVpYSk6aifp0r}laH1;{Ag%GbCqJGMhzj+AFJ!UUbw>GF;!!*L}T*yy_HSu#(`qUX_ z=aXF;n^S4cK${H=^hCJ))PGH!*Z3UuD6$rfTBoI*9O9)&ea2q6*1k^Byp!udd_$_r z2Q}Z3FBxiy-fG#<%zO2c{@9}0DQ>yk$fLmY{+`o$S6-Gy!=WAYz zAfvP={;#$b9Sc)yfY`CGI1_$#kp%I0Lc*Vt-cx7am+XO36f zz(8d?;&HFQn3}9TRl?6GMVs_DOvZGlo6+WrtKF_H6VC$Ve}HxetUE8*xiiC)-D2QL;ExpFD$dtQgo3$pW%!n(j?A$4Pkt*=i$uZ$twmY)Yxr~kZbv8sl*RHh5F{hEb1asptKq|@N9?^-_*@sc~@2;3tebz0DnAz^-B_rCR zc$zl!BrU}QPJEw#Mqj{yMZEjEue1$ zVI)E1^lAb#?qfq)^t(;k(%n4Hh-nX+aYcKn>0}K-3Ee6X3tZ>+4hX(JiL3Abe!j<7 z%($Ye$Ja4+dq_LVheX&}8jAr!N~~|H2heWPwVRygVKaz*@u^6hgmkZpJM~*$d>Z`O zMx1)M8N8dhMjUp0zwz7OX@q}GNefK@3r)NFk3ixYpDRj-yUu4u!}rqZ9{P3I(^q^d z#z|6c7k0htnZVD}S@UL7GaPs$3;&2Szl#eOhJ;r2HGa=)+-l(+w62V@?Zei*pe`z_6-sOp3flWee=9&7sAezC!6N(Mx7nM@lf@4 z>;Fe#-**}!*z4ujn+A){$$^+-g2qMGrVTD)A(W5j`;uS7G#$sY63;*f=Y9P(TI$f> zfhK{8NZ3;C=p`T&_zep1LAj1Yx4gawHFWJZNTPmQ2jZ6bDJ_mpNDMb3ntx((d2K-< z{f-L7_V%4S;oCmlI`b8rdhclRaRTvFfZBe3UD!WpFn? z$@G%##X6NMZeUa%kH}$cM@r32SNKQus_cC=LRJ_VUt>Ce^7_Ph;W;@VKFOW~;uE$~ zdfHa{n=PH!7RDaUwlSp=+XyWQdE%#PIuutF*3AKeyJGT*G!9mRI1o!F$vE1?c;536 zSV&l`sD8NN!_?Dbo^G*BS1Gmp4Jf|CjjQAaVl7d{wJdazM9mOqLNtrOOK_x{a{0E7JF0}aIDEamgTqU^6OVHQ`1iFOodSDi4xHjcCHUTd|T#_e6HPA!|GIa zEOOfWjmt!}R$)9+7xQsD3?$O|f*G23w`Y;6g;uaQqU6AkK%MMo1`wNAvCiz#uVHRP z5ugNnPDL-}ayyk!rlYT(VExU`&CVarEtC5|M!I`&?dnd3Wv${W)p@Po8jKKa$!_W* z%kW+_wW7V5cUD{x%vpQoYvV3)2mxbSxq`hSM5{9iQipG5M10h9VaL)#72|97bI@ENln z9f=!yS8QocjuVedZfoWI2R>c!-h+LF7O0qcIWxcK_JfkruK1y5b<>8PPM)?08x^fr zUe74L(yxOaM0dZry7yn*{y&N7wOhLtlT083`ort|_nAy$2&Jue;tpxT=e$_lf2bQg zRW%EK`!=rPNy}k_p{WznWpNkXS5^=w6=E6+ot*WeC>LDuQT5{=2yk?<%yOZ5`Jp}@ zmTaUL*C3yilQ?Zjwshjb2dN)@#~&%IV9v*g`AFOGw;Q(N>?Z!6{f7PmUXFE%Q8S7J zi{mYIt}u3iwC4-bF-kVmrz5LZ%!itavqawI4Q@(jW)JbN+ML}Jj8{uDQB zhWBYg8)=2y5?l1KI0cG1|7Se<17%g?I4}4o_lX+hX&Bvzp)401LRV7O7SLx>h}vAq zRfu{Yz9$sPh#wI7Z?xz|<_p z=|RdAKFL9xkDl7?XE&+y)>+!_qU#?iUHSs3B=O}bGD72{?meZ3sX%Pj%evg2q zIzO?<*Htp8$$c|?t*Or$Q<^+w>h@1%`L|EOPxc83iQ2{yY?~i%{Ayh7q~UnMVy3D0 z!HXG1sN3-e9;I7V@&o&oR)HSEv7y03;al60|6!6gqOX_a(tf+tlzduJiz-l=y<jbpP~yP_fbbiuIF~bnEHm9h0@8^At??%E8qGL64u7*Ic>x09MQv1RDkgrfL^xX8O>~!N_K5wJHq34};W?c<9 zIV~TN(085<-|8*rQWF_{V?f<2&}*_aD~I zKWH9ZG81fp>Lb4ca(Pqn9_nExpja)hCxM9i`AU5eetoyiKmn1YA9O)lFZ0#W6pye;b65j0bMrR~sADjV|W-#+>qr;75lStdIG%9DBFr^f9vV_(-VSkoVfb+iKAQERQTuT{yGzPW~*gm*h0DTC=NwVf}XUEDfXYE>EV0o@bYkSt1 zi&ZuYh;hOe858wLDrREc@JNr2ONQ zr?t(rp1TmnWc}-PU{3dbO~HJZ3?KPfThH-C)rzZH=M-eO5VbgOrJr|Oll5ye<96=3Oiek(ulvw+~m<$KCh(b$0?A7j@d=2aUw7VnD#Tua<4=1&!QbwfkQbj7VNqoCQFF%*QjWmuAaOYQxmK6 z{!*}zq;N+%XxhH8`oi66hfc%|&b~_{Zxu}!JuM9M_(ns1^0<3u`y5;94)xOD#1*XG zl9YpmSwq+K^IsoTyEJPPKZ6Y2MnMY^^`OWmlP9#snSxv_jHWoT9rTHin0cq?7D`0$^AVE50Ai){Oz zLAd&K-Xp}rrp%7RI&^RHBuH)Q116+Zef;-S2mpVcKsO+rE#t&bVC-Yk6;+RBVGuKd zo;uTbF0~7kZKySWtLNvdng%emctUXJhTSn>2LKz8)^9ufG)`7M0>plhm+6=ypmEOc z2|#0R44nSS@b?6t`GxHOUI^H?Unh4_8Vz}3=7n0i>ER}R&}k_p8Q#P0>DliR{Ywi} z#-!(`xs$5JAz(}+Upum+&H}Hx`j@W)zIjxo%m~=IL;eoXWRz^_pNM47zU#*?@})S3 zpEL%fdPd-Nqj5DS`pY|~_ZsgJ#W9>M&`}$ypV^(Npe4}hL7BfjH|e{(Ljnl8|2yRK zUmmoeT;JIsi!#6lroRHRz-v1H1UrGg$BXxBTcG$OIyUhFuC^3fvex8DE}O1bLTj`f z=-O(nv4qdU+cQZg+Y1i?`;#?+6Geim{^)Q0^PC04_PyXu!4#RAmR@geSf0o>zlGFm z??ZHh)*m9Sn8tYu2oyYeI@9<#y-Pqyu1x!7`_Js?XoqR=Cr-2`ZBkdh+STy=Vnm!! z1%95~(e=O%bgBYqpy^90*53b&B5`KwXZ~9?<2BnaqH-#>WO1*x=~RP{BY4G`RKyU2vamup)(xm&R8D9J?_|q?F zP0OZ`DoI+8&y($vOI}+Po~}F2?o(M0S{=ZXk4)=0Is17@F8gicJI3Fn=)Va194K`7VJw_@_h*FKZ7Z|gXXI`mLt z@A9XUFVE&(x!oJ@4&?i*(FgzkhRE{6>JDbzQ6lDMZiI&@$K`e#y;v(U%}1C)w(Tk= zPm=cGEnP3J1VXbEZJhFm-yLwSxsb3n-)(rhZY&YRYKhKg4GljhmYJa{xu`y;U^JK} zBH^k<7@WRz#Ux&7{El+d`$iW8td(ar=O*96I6&8vfym{r%(!@Fd%?iJBRaWS2U_yT z_#8NJE$r13+qb07RDZ$WKXYSgU!jo?JDv%N=BjtI>zBE?PTrspv)#0*HW&+n5eS3T z#drk8bWeYnC9qQbI@$(d@w&ciMm+egL?qm*y-ZqZlrdHj=;Yh3r-v`u%ebQTp_@&(xlX@4wozqJ z&;p`jJ4X3X4)maGkEYZ>~Ui^)lz$306zN^`BYttQ<{Y&#s4NIBOz z zH+cy9og3I08UiS0U(D#wLEv77M+gL@qg9^rfyMs*s3~aZ*Nd!L`u@ag?ujbSiJoGu zS+)XDG6h}R8Oas$+C^E3$Al!d$M?=jhuDC|JU)r0oe|7lA zL^VgRs}zpZnkTLGFj{g+D?abC{vslQrZQ8X#7{`j+VtCdi+6@$U%DT5TEvTp|LVWe!q@qxq0~7azBcPpHqqAXbaT2*~hc|!xjII=`){uHnm9?wJkN#RFU^$SB_-I{fokRW+ zy=KV=ZhXvGm%;amQ+_QteWd}F^sAZz(!6uq4pYnTm<=I*l}h~~&nT25K4urC{ z5+zn+G*0#I{2f@g)@>Q^^W-1}gHq+v28UC;{1)qr+^5#(V*{Qe%$mbK*;TY7NTdr*zuT7uk(2bV6n#d0#Gl{}5_Jz$ zYIPUha>d>+mGd`H5G!b}Q}$rgncj&(hnG)Dk3w0~4A)E7h-+aXHKwMU^y$yKgHYWw z)c4vul>uY$k2TJnCMA4bFXKfvdMS^AOk>&#D9-$aZOgT6P%z6EU6V%ii~*E?OpIX3 zTYso>GO?5)PboeKGqbNJeo3D{W)Q6rwj+EThj~6Lubo_Js4K9R*kf9CW7KWvwz#~v z^|;%R4E-8Y#K2=Gp3Ah0WX}|mPLFP6_8ulMJ|b=N>J+j!T}4tSWGeis<2Sq0bz)<* zUA;^4n{$m3p$qj`dBydKxkk>uLugWF_%;9qHu9%`(!g_2@U?UBr$cBy>4Nj>+DtE_ zbGhfPa}|Ikcvrn!*`1}|go#fJKbSSkcTO-Dg{IysQELv+2$w3h6tVUwb={V@>d)%n zQ-1qiGJesaPEDQCfF8eV0<(hGCH6d@U*LQ?6c#A1qHBJX>VeJ!);Al7{{K>Vb?So> z7d6Q>rQT9Px=WZ6lJKNp0R7XvgvYSl#>|%SdxD!yI?Csr))BH(tEa3^D`gcWc2o@K zm0`RR4l4zVK8)*di*F>^U4l&7r;D%kS)`JrxO$}J%3NxT{ba`}V3I}%9R8@nC9ctW zsf-)y-*`o;sh{Gy+Z%oJF9Y`D79K0s1P#^d<<2?B$hmkzBr{AR+Ha-*rp)5lO*^!u z-3`i%8g~D-#G>!P{=##Z(*zS36Zo3V%BK?#YN>^m#{pY2_-oh84`c+fsVB!s}%nc06vZYiuIr2 z17O0>e8bcJh}{MLa^7tC>!16G4}cjfDE=ifcCq6t{Hr(M;T!JN-q+_A&baXwp{t*A zqMb(y#q^61<0&Q!aC#dvo3ZBWfXghw)&SMlc^ke%Xvin@-JimK!7so#3-4WNv)u*e z!oPg||4t$q?j`olsq?E2;8VHlI?azrgiW>= zLeBmk1QCqYWJvS(5A(~6R971 zmUokFLB>A+Yxl6fa1B)74%@K26JE8v>E}2Sh?{a3Fugas57G=bUWkSpIE~2Un)I;r zc{!xB7j&cC_1>MRA@`5UBr95(y<7M&39ON@&EB8KGx{HC@&E^daUOgqPx5gTmwn}f zzy14?vut;ShGaJzK75b4>`UO36RWdw+}WRh(y;>YJ#!_1GWqPUWQ^^Y?fpV({=QC{mtB@OaNv@^AbsJ@fLjYJ;GKA#%reB@>`2-W6 z(xosugZ*ahG}O%})5R2-!4+^51vm{TW$9?b>X+Dx-`7NBq%bp6p$p=2V3L;we^Ke0 zt^Tayoe5~Ro3G1ex@6Ir!~;KF+j~>H%$C^reG0R3uG)1&l%Th5h zEYZr^vJ`la(bH&6S zcj>;T9tBmm?C@^JSNih&qBopDjC?btjPGK)%%ht)R*T26_U%D&vA&5c(GOSmb;o1z`t;^1}JwF;0 zNFCnVK;l&IG#lUcAlowfG49t)ct;1#(2|gdH{IPI;-X+3=G&c47MeRR%^oHaJQ?Cq z*NMbhoeZOb3RTHHe7S?)1`-t3ng%+^o?v@W<}Sweo9joS5-t>)*uItzVj?wTb79Tg zPse@Qx2E%M6z9jfkG;EN1WFzEv-=uJemm<7zp}v@7Zj<9UVZJey+OWKi>^x>B}Fzj zbEw5bN%83XFk*S~w(gGlkwCWPrL>;$b$-!`GBU!_5Io-lz|of$ZAnmw$iOx1a$}nX z&A9t$SIOh1+N=>xdV`h*( z2nK*Io}oNv1n#*|S&YU}~=Mrvap@<%kyvPup$Z@YlHZ zw~)K5Hc-3sV3OG(C5HO#*E9CK z%$CfN8lao5hVU8TcYbq{3Kqx>_cLTh zs#3lAktNwf4plA!u5;E=dHY45+%g>a?}O|?B8lxJRW=fjapSx6Y|Dgs$WY5HJrsjZ zr#Ck3TA`L8N4Gqpp$<)uhUnYHn{UCzCo|3-p3XtI2xP1Q3h6cGF^GS%$ePp))HBY` zdtL_T+jV6v&<<9W8JH&@d=`v0*U@k?-dMcRz6l34 zy-`4flPgNb_`&S(9XJj$f)k==vn_vO@H*VuK~(&^fT7O2X)XB;I7-`Pf#WbW0>v70 vz!mDi0&wH+B>rWf-`V*^)BY!3G<}{+1Y50`^QL#s0xwTDUsv{q?bJU34arLE literal 0 HcmV?d00001 diff --git a/docs/static/img/guides/integrate/retrieve-user-roles-2.png b/docs/static/img/guides/integrate/retrieve-user-roles-2.png new file mode 100644 index 0000000000000000000000000000000000000000..15c05408a38f16978041569f3e59ba7d827f5241 GIT binary patch literal 206633 zcmeFZcT`i`yDkg}f>;m~QMyzC=}kI<(t9rnAXRz^y+uI;r6W~DL^^>WJ#-P3BE5y) zix5H&J@75mea`Rh{c-la|K4#KBgx8IYtFgm+n(or=M1kj)a0)cQxfCg;9ONyc%+4c zLkP#gA&?}x2%KrNrF?~hb4AKlR#rn%R+e7F&Dq-4!3qaQ;Z=e@p@DYWt@p-pG15;n zlrPm^Vi0^5f8FRO%|jg-GWz)27ao2yxkV1D&3kqgOs=^qaQXGUTerSVQe0+luQB+< z;jAT%3|R2n4uC8*p1wQiPJ!60)n9lvdMQdFKD6LM4EOz;Eg|?lEjd|zit4!6G(KEz zHNy`zrZ@lo^%0K2%hARpFC;F5WAOupij$F3)9{PYrk@FLUOj&htpB+)bpJYzH@Q9& z7yh$*3!S+)UuWIc`@sAXSEf$kb=f>Z={5hncX|iQ-6#TADjX$t>Zk{oaR!xRaw%NP zKD@M(`l=@LUYh6`C5`#i@v)+KSpVJ1=Ryo&*@qDkbnc}mIVrq_Z8MfvEe=4IkJ&Ud z=-cO1j->iG8dA_hiy(QH?msoILF4#U0Jw>-I9o4?n*dk&VzQ zWzKlz<~I;y{5eSEg6MUz%?HnCu2acS-|q;2t+8<@CCE(Zt4qiSZGw?7$&JGRNp$TFez*0`qW&hgvtk z7F-v*HUB-7!{Pf)o3f8D9lpjrusyzYy=61xF0NZZ;XQ3?>fBGoZZoBe?M85`MCkwYzfOMfYg^0g zO-+-CFSNpQOCbtA{9)kBuV=|EHnU_9^b3dHIe9!R4{2FV-Zftek8KI&CM11EfQL(? zVAhHAM*7-y_g%rACNUp%o@pH3Ry_ad4`wgrn11-a*q|hN-IRWP^I_8l0>_Y>?&iZ2 z6c0zE=ra{V=U9hFT;6!Dl0<|)8zu}?%+$My__VTe8zk%02Gu;1;s)8+)Aw}djr=OD zkM7-Wi;=GxjbY{uyRC4A`Qi;n*9+qmd*2zS2kG=|-aYrb);U)zF>@&+d?UssvPTsm zsL7*#tQ{Zwfog@2!!35xg3E;?Z}}zRw4??N`Vs@DETk=Eo zQD|xtiMs3)c~6E+OK_>w$l_9LfoFkJGkYKCG?~t)@J{oA_0_%O)pU&PuFt2drz2#> zFKE7wmb@7jS-m%e^V8t+P?(2VOP05{heTo#{I0WWskd83)HL16%lCx>ZwS;X)aunt z=L15H^ZUF6%v8x#Z(J@dy}Ycl|9HB8L@rT@diXI0!=kr4A?+^O0NFmp z`J8Lz;6?$G|#yWiA+Ovx;H{apg zd?s+Y1iIigy|RqUEiL6uD9K19Ba=sTwO3x{y7E_ASGn6^++;5v(Yq=T$3Vf9M4PBaTD_S_U+5z-?d6qR3bXRD3!Ps zQo@?w&OjQ1JS+l+<==(%yNIsg=)2r|9|qZM+rRIB$>jO^SJbA^G4Tn`dP^f|9=>dl zL{s=@mI!7`(wyr`L<=v_FPdNUyKrN!Pm;cRMDtOw_rlt@o95SCMO`nsUU22!#4ico z4|^cZ5WAze%S5Lo@Jg1QDIsR)jprL9g(O9ZEE1)5B^ISFr6#3(C7Em=r3Izh_$Usr zo^QcUN}*aMlV5CRoA{Q%7T=bT8~*`Ab?9-*$A=|3`x<2TMB=OCJ>o^%ZQH@^R9042 z{8s7<23F6vs24oikK()8r8G|RKIWU}e$i6Yj?KHTJCflhvyj+M#hzgI7?Yc$bva)- zUvNNs;AnuPKtNYsw~}4mqtY(hu71U8Fv-qRP+2f%6u-i}!mT3Mj$-g|plwBO<-SMM z;eCt}h6O{la)DAHvX`=#@_%qnU&GgT+Pp=z_E?3Ef()qh!yjYdIF#%|mVdhB*-FrJ62Q zFe5mJ%hapHDQ(SaV$YXx=NPl^o9*j|fiDO2<)R3emsW~E=o>2|o`AVt6JN(pT z^n>$@A)zv7rx37v{eYUJn3~z(f2&E}@XBKBx^&Y8SRh3m`&M{UIQF(_)N#^o()o!wsV#5w$D!Fu=8?E3DUQ`cr4w8A2^G4fgEFv-Fq$_P~} zq(dc@+9ot8r0@8u^2!)!>}qAws)m?wtwXI+ZTN0peQo{cz~BI+!WV_^*e|hzjLr}8 z9`Mk-rnaM@eX#OC?m-vC!Np&s-CSoSk34f!J^BZzwb#nGOW*Ec9^u0*DO8nCNibF%>YvdDJuD-m* z__E}M>(HC&JJTX#+j&d!++M{p#TQJVK4RWWzUy0oLf?I_KszdVqy0PlA4nSe*90s# zEH|VE)M8bz4*~}RNwA$*pOZ0cI-g^TNXJA+60REV?6YRvbwiWFl)@X&4a^kGY|U(9 ztToIv9`|6)%BBmaN2gD&SH&#fWtF*wWq2%rF{dm8b zsFuj}5rm2I&aGG zx)0u5C&MF4WFA*6SBz(>WXWgFW*%g!SHGrWk}@vgIWU}J!JTzGi%5%7TQOfTe@vV3 zJ3*u|Kb*Cbvxo_O=#ARcZb?ryf7B zm|=y$Sn+#XoCWs}d6;e6oAN2OL$t+mMpTW((YCHGo6h~4%j3&M{3iFtv2sC|3z>|f6Ari-;ZT> z?e)4Zb;Dtk&eM*Fx?ZTo1WTr>RjQ=pEr*6`W=rLO3SEx_z1g9UMe3Ezj`pXKo5r1< z!Dy?o#BPEy}9&@)})J_QTr~7!nz99D$WpInWKWj_mnE z4^L2pUr5SnEvXB|EPe7;c+f7k5?WG44UKneGirIWOJHn;`4uCz2OFdIA1kz6*lnm!hg8Xh{D>s68dCbEIsSgH09so z|J=y7#lJ-2dOD7mU%;_njis<_^j9QH%$No;iq}>Kiq@*CIPAbN5e_~sB@O{_gbTbR zajE|6SPu6d&V^s+@o;cLZE^7b+@l73p8drDud_D4KQF|+#32N}kpVC74|spwO$h&R z;jd!?N#GjJLv2|_Mc`B0!p+Lc3G&q0{fgvg4dBEj7X?EI4$dv+vlp(S7SjgM|FEr& zfxCgKil~LNBi9p4XLBnqZ%3E2esILSMS(*{EB7b#-i{7V5K(UlhF^Dx0>@{kxf$qx z-QsR9!C;`OK`-m8*W|^5fN@4K5jlfPT&qsh>w%|6K_r@2;=Wg{_5wE6~w~L*2Ue{*@^zF-zVnI z9_|th3}*xV*Wd5wwDPw7?~$A!f2IXYko)WkH!l|t_kZ;bG!;KPE2?4ZZRKG2$kq{% z88C(AB=nz6|Krl%o9aTW++>{{fkE9R|65^y8vp0T zKMlpX&*uIgviL3NUuOYHOA?E7|CiPziOsTaH35pGwtb|o1AGEzcJ_yt4!qs_{Rtf7 z7K(dL-b}^8k;YMc^ianecXfg={^qyI&>5-PM{Od_LC^3>adAo8g77}#v4@d8lK%GM z9)lqt(Y=e0RKnzaVLAvM_-MW+!;7;^MKTm5f>yfmPja`wX`~vv3ZTEGFDKDtD z?xj8}HW&Tj>(V&5`2X@o6eEongu-cq82;OxKxf*|rr%QF{%fDo^dIo>k+=&>vqbdI zaPa=;H+*E>h5z}EUsrL-=@HlNNm0oE`;_Pri!}c`Gta|m@{m5Le(*03cs6{K;QGJK z1Gr6Ent%v?p}qSX>Aw$81ot8Q7uB3~g2yiHLZcDL74`4KOS^Q6{j0Qz=&x(w2BDs9 zL0tbg^c`eB`R~fcdH#&}I*2enJ)H61hrbTmzV`1nL4>dKY+CfgF^Kx#hX+j3>)&nS z|C!|fGs$yY=>J}mr1vDkCm?8(ZPQlhvm{ZRWm05*^5qfPO=@Z}r}wpw&heVrl+S5n zRSQE!8r42?HK0aMUARg0eXq6gSG~meNZ!Lu7s&5;jju=VI?EKtu4<$h%dTqX`~r4v z01%J)yb!*$Fna)T+g^+$6jgVpQE{OGm%gL;<>1c^xMH|uSs2UJavLB2?9`}soy&Rg za*_|4k{g)jwYLVYPsckiN=r`@kTEIH+uc&dq(6E^rWD8Yidl2^(cyQl_fi}->gfZR zWG#9`6q|a`(Qg-^e@T?5Idq55Mlctjf-$MV6I}zUb`$)r&Uiz1A93}Zut@*?Qr>kj zpVy&GhJ9HKm%hG}Io^47YCiDOJ_vPtZ`4Khk4)6)ZA&fV*p#n9uq(z@PCr7nDHbYA zZV^+R`~0gEMAxn*3fO8Xx_mLyM46?F2YxlUaAXv*Zw`oime=LRpRP@$Bg?zuB$DnJ zO(6ocxlHQ5>P$a}-XF(3r|aw4cy{cYI{DgfwZmW=hx@&hE}d-TS%w z9X`bZf#pZ4B!O$IK5|BcC$TPszaRb|F<-izI4>5t+?UOpd$rN~r0|_Y0H0AYMQ__B zI3t<4)bA;|f}~YR-*f8I#?~^}biK1sMLjsFJMcZH%V*3nJq9RI@L{<%W;o*lZW`aa z=}}*He}-SMbX}c*&$69?O)ERrUcdN9wsO*3KAtJnIRF!uj+d{M9h21-*M4TWJ8g5g zvH$_OEkPmo%Wdd4@E$&V7{}p^TkW?5e{Dxsii+)N#X`y2_ps=&2aU--_qli{rr~YxbNE!H}ohb*;RX-;2cAF_RN$Z?v8dy zu0YNel6m(Td}Lt2Jm|`A*Gy)P;j{^3Qj62+N~@>O$jIPDEh4DS@e&-|Mj|Gqc!jG9VIK^FrCwazi4kIm2)|$ZDh)+QHBc*?7eiuEq`7?D}_gu*mtM?sJe};xe`7PhHc|Vp52z3$&1bFT zY=WAeObe{eK|LmdgCFPp4qn%z@e8L9=U?@2{xtp{o(e?3XVqmUL<*{H*Z4z8pFgDl z;*6&`*Lf`HD>1;l3^tPyioc~dn*$Kgaeuf!$2rpctdARHZ~E;tsFyJuu7~yx$0Q3d;MDR?dxa~jg`K%l0K=O_2c@}q_6(G2C z^A-!rcYpho7|`CL1v1NZj{2VeyamX_=}FgLQ=kPpkm&n#;k+5>0}rsd;<|11yTdR; z;5#qM$3^%YpO^jsJi!I#ZjV0?APw;9OXu?H_%kB^SGdGi0XU}F4(RrI&!TxY_KK?u z{~u{`1Jc~b)E!iw^DNI;0d=YKmH$CO>GI3hLGog}6z4H7^AJG)h2ARTOn;&skY0&8 zN$NL{pW~;~Fr21}V)LE94DQ|yK)8HLYA?>w*H^nUgTwA4e17ZSyb2g_H85~o;+z4l z>jG2OWN!2MBf-x$z>Lz{9-PAzu7|w=?swfP*~=V-N?We{^sk_@0arKQ{o;Yn;u1DV@uavMru1^PPyFnp&DD z&10LZ9ky>y6Bz>=DGJ>z^}Mz`Ax~rGX)JmGcpW&G_=0= zQpEM^U&r6qREc9&Uis+`kdsUGci5?f91~u>$@$UQqtSAbYygZMECAiUs+h!8gipZS zQ-ugV|SA(lqu<2wiMri)t)6 zY)I588xkrMH*`CoxYD-Y=Ere}GR;x`uSoF#@ZvPufph%q`96@eqUYY6Zq(l*Ba7>I zji-F&j~?}?_Qkxtb5hVd4A0n2Ze(pM7(~&ue2Z@nuSnCN{DIxi6j{8CO*mjLGUt-_{)MYDr?OXy2xOoLhblJ%dZlx4HW(;YS z^F-p~?+Pm^ryXy`s+>`tg6vgY$`x7e`Li{uAx%^MdvB;k{dKCo#eWgwOjUS(Op;m! znfb!JJZb+-gcIQbz*XF&^#G2^?*aocY)@Kfrq?HKYLCMs$?@yyeW@Tf!j#TQyB+uShT!>*5eO;m#9?q^ z9Ebk3iDLQU=QA%S+Txhsgl;b;e!zcN>bD+P9f+-w97>W|8OUdXHq^Q8w`z*G&gvjS zN7r2!+AH`xkK$^&(gnO1t(g zmZ93sI%$ZmfwL-NxkCM&IHyI6D&LoRiztiW;NXRYnu>*2WZ#&EiTKf}Z=?KMx+eJi z=M7ri=k?N00&0{rTw*{EpqjqBSR*4LXC@z6H{~ynE){Vt-kg$;K4F!*f}J3JvA5i- zNXDv|)tKb*jCgUd(&4}^g~ztWf220t$F!h&n<5|*Q&(&V?o=l~6e={;Cnjf~et=99 z^IF)LVdVRYaEj)Z6kb;>BACp#rwcfyx@wv@8%-gIvLAAaZ~U${aI_kd6G^Gi`!S>= zCjmCpHdX0TkF}vw1bAk|I$K}v6#c<|rdJ33sOZUf_4d}n=O(wg?^nx~H_f9d8E5Pj z+T+d^iEFc+!Z&HHHkBxAJSG_j}`E_dV90#9{j?CXKa9-ehb&Ap6%B7bmnGx63!TR*wF9vM@sl>(<-SL%ZAskG zBjv9Bdi(~JyI!cRlshu8!vqd}W}mIlLhxcP_AMQi6oUqCx$xM4ZJAZm$82kT@+g~* zyYSUq33uJ42lgsb4aj7;QAm={_PpndY`X!^7I;1Lz<#-qU!Frn z{>JW9>zXDEO|J> zr{2oJ-T1)^T<@z|N%^F@W@#W_tG$_I$<-T1cfo)$AEw8}?Gv%2`AJ$5@}gF>EnnMa zeqfn@k;t8V1IAf5eOQ!pHCrJz$XW^$eaQP|P2y<&IOOtTtG{4&okZBl?os-}bYrLo z)X&9HuwZXKj5p}?OGtR!g!ho%Q}`|{fTnh5b3gMEiuzXq`TQo3{$)ubf2V){jH%{P z0O(M3&o=KFDJUqYmF3!RtbCiHtsQ_KJZ96*$(oe%>yk+k^lN~_WU^l`WO){?i1w5d z0wK=cMZ#;6A%)le{iv1GD}bMHrAZEI+tk*ch7BPqO`9cWYh(^exB4y%7Am*JWph}~ z&flql519n!KE5HLWrTLA4|K;zwnV4Ln}%Z9^drn_RF=sWf9`ANswpF*(v?;O@;i>S z0~)CJ>l^f8AMjR;1Yw4{2TmK@Zqw6u!O>46?bVw+o>)*~7CR?n-AREIPW+M*uNpv< zzDtlfotL5zg`J6Mm1eX;2&th5<^~~{CVY4IX7j>ohjUjZZ6Zo(kLR47NZe@hk9NzMRcUIf1={En|zXJGSz4Fuo7#6uvr` zR?Rs}?90v}u2&8&Sf4QxX6>9Si#`JisNJ;nqE|)g$EPxi7HQi^Q&?`QJXY}G5PaC@e3P#$ zVvLJTiz#UhJhmJl;d^z!ULE!QlmbZ01NT;UtFM7WuVBHus}s&^6@!x5)0ouQ}uKiZh&CD1K1sFUrU$7p4YI_O0~Pwlw7fh8h76!XA~lj2(D}9bUGtFbu!i7 z_GV4q4~A+OE6tzpPDj>-$bL6k2yQrPyFV6eug*BGD}VHM^=R*uV~XTpQ2hP>$&?{} z*Yj$iy_t=mI`6h{MhUNcFv>6=l>cs|DOGcPS95CD1CD-P9)Pt)a*Q24e(VC?h&}Er z^<3>P6KVXqQ_3m@SD8kk`RS zj+9!*s*jcT<$9zQfYcUvVLqQ$l^W+nzsH0{eY5P$9LZFo zPQF&#^Wf9=Epqz~k5}j>43KC%3hA10+{I*}Ghd^hyN7nwHy5HE()uU4*@NuKaT@nd zH3wEG9Y;M&xX2g#B{_X9gHd~vwk#x4)aLKUPO!Sc0d{EDx!m@x1pAIa_-Q!G0YDi4YogeyRthiS|`|h365dR2KaZ0G~kuD z#F?B(&+*EQ;4`mmeMQC`-%u}#!n{KkO)){EXx9P0n6I512M2<4fYZS&7qOpS6LF(1KxAh|D;ad@O0BHMcgBCq?1~Re86{x@KoY{ zmGhKPv7>49;kv7~<+p;0!}knj-z(lGf{F;89P1DLIc>V$mlZsbL~Do8Nd;=1h5M1v zY0)d>SAjJ@LZC`A_gQwH&K5xqnEU`9rxBoG(+JxSi57GmG$4YTx3V+QLInp!thzI2(4SJ zl#i5}^=g%^9!3Y?m)N^Z)QwPSAvAEeW9t1#T1jL>t7)Bv(3u5{H$YNALakG**Cw9i z8z>7sX}(ef=FS<)r0rS1>?rYM*4?niKVj`w%Cr%ULlv>J4q|1jLfd$bkc3TFb9Z%w zTQ=};;{Mnavm7Xu={Oh%&-F~j*Tf$+oVR3fo!~4ZV7SGeY-&{J;jC)o(F$+}%g@MQ z=7HOsXj=}$kI8i>MiTX79-Q`mKkEXHxDKp_(`$JT6lf#J0`WS0is^!a4H|!vDTmY1}JopG<>4yPa3}W z<(P{`GFHG=I~6?xHVxTl@2C2g^s&iFtw=sE)(O5kCEOQi7_!s6FE|=COmVxriJr(2J++ z)*UyaBJQcav?}bVn@kwJ!OQ(b$SfcX}gzmD5BbK%FdhH*bPqX^vxc ztcGRQLrbF2wIBzcz*d(oqMq%=PR{5%Qd&gBHS5_!y!xmVW2&YK<|bAkyJiNmYs8Mg z0oQpTFb{x0K)Lc;f&6Nrii(S_k3wNCkii0vsEz)>h_{r7o!^T^zStiH!V0^#k;96m z)aTE zgRc&+Ra}a$Ih>Bj$MIVDZd1QM(QK-rRCJCc)8CtHzMbaiDEPjJVeoyvr7mVE=|ZD0 zRO7mdOPY|X-GN4=^y%s0;Gvmth%OA7%D929C4!?V<4L9I;Xrwhmpt#uOQI+|gNs-LfwlKYD$jp-_qp%AykR0SU zpV!!_IT3Xs^0frQX(~Ty9O2qr5pGzu2LWFmYdG01U4U5~f3=N*3`e5}DxyL4zRm%T ze!02t?=xFPo?0rTcfDINBKW)%(c2oH1m_7h6XdKJ9Vl6$h8rK`rpHs*Nl>wT)_=G+ z_1%5k?$E=Ya@_+Z+?JlXu3mQU=;kWnW z(+pHGYSnO|-Ya#P%dW;ruwZm_(r#3Pm?H4&W?^AP9$NcVZB%k)RPm7(r>4nJ&6Hm4 zp-$$fL03Bg1j^bJ<=_1t%Qv4p1+GoTAXkurITFzE`|A^a(t)={I~=7bfm;0YWB^cT zZoJ3a`)ASXw<+P9JexkmO@CNw+19a~US{288O1IMSuCX9--{8Ms34XNm;f#@5o}4_ zwhwa8J{DFP%weYfqO zQSjs#>Q5cK;2k`EXyNOQ^r#AuWFtJo&5|=?NR;4l`n_oV&-f9>0(i^Qph%KjU2SKZ z))+OXNuq?5vZc0JW{&YdG(2r|Wx3=I?&>doB~3pGY@2BrlkYxvPZKo|$gf>vZy*u? z_WOz-KE1mgW1LadQ2|>A77rhM+ZKc=C$y`hD*vz|_q1P#Cw+Xj<}%ft?)=xH%in$1 z0O&UnKV9+-JP}PxD%P}G9y2Zb}P@ z1x&M5(*DHoRKdWV4>LJD*S^=rOh-#hNT-*?*Pv z=A_+L0k9<5vsw|bWMWw7UNILYcNL|u6&fcp%AlPh?g&5jI<`cF<|xF1R**1eg3IFf z4f$+hvJ~I60=iq+f2GZ5-(_xC?JJ9DsU1s^G7Zxy+KHdUEG4tKE%#Z0_jD8z@8{R; zAM?ktc(9lK0L-ZkzzXV#8!RgKI#U}~o^DspE@Mk4XA)q-?cY1c>Lt=fxb?dnw6;f- ztPjQy!uhPn1=6GTav=F+(QS}H4u#6X6lU4Oa-deHx_z)ZT4wrPE%`157ieoypeEYQ zY0DQ3_TtQ2YV<*=Z9DgR4BbUGWGhLsFo#R6jIKf^CZJwSig5;$4m+ii$i4-8E7a~p z&6?xg0_=bX7TbkSNO-5~aW-fqPOHv!QA7JPm@l=??4l?d1a z=Yi8RH_Duzul2A%4^FQb$8v3ZaNsno-gyf5j-*=z5W_e-0xADXx0m2Bo%_ZfnN`6SqtaQ=V>z!r}Xn#FO)p`;f>LKy*O9oh(`C$;gb(IHI zWxFzF%9Gms)CAa{p!a24XJ*S;_E1q_je6$2pn!nR_lR^ZbnOmFReFF;D#>JAwA9m_ zRJ*}|A6H~Nf>UK`%JZ$--j&3$>k`-RwV28&7IPD#YS`lgKPE@eVS+O|$J(be7_-(t z)6qY=!z#GW#FrKU)W;)rBr;5GX*+a~O@d zDga^H>RZs!p2$|QqGWw&@50i$mmC(y#w`8XcM|_NQUAi%zRs*_DV&ay>$V*@3!ur? zm1Y39|3>ri^#Gs!bmF?QVmF{3MLoh~@$!lrW>i6ur*7L;R}<}7m*9F!KC0* z+L8&w{cqBQ$aLsdRJq;3%WK`ujbna(>S>~k#q}dbp6E%sCtjw(_T(LK5RVC;wMucf zgnbtSV+8sGO0S8Q(#UZ#P!8ZI+j-1pO1j={D9w&uQqa=XHnz-AsC~qzu6eZn4RVu$ z*weIHDESO;13q%7Z6Iti(DW)f#scr?){S7)&s|6WVdi$)!4nOyVw)(0|3X0>#!1Yu z!L1%ks`-!7-SgXLAa#Kjuj)5QN&AzBku-U%46s@KSV?*EMV=+H2^4xbAAUULw(N?Z zOtuz}b<)dplyJlnVwrBRoMw8#G&}phpR%(f+$VH+d;k_u{ZwT+Z6Z0&DAM1vo{&5$ zP}mZ&L$_0gnu)3@Zo<5?g(hn!7_*L)dL#`L`a!=|4#FkDvd#TAU2T`<N!dIvH7c1x4kQ>BF^O3_1~f=3=MMS&VU@Xj%^n>TMR#sSHHB4bOGazT6>GbHCq z)ZXWn!uxiO;|$|$v*2KRLC(6vE<5dRaqX8oad%~n6oHzVhY|LmooZc7E(>OhHm>lN zU9X}T@cIi=&QwyR1{51j zCL}fi;``c2{lQ00(O^^*tP9Ilo!uabY^+MGXxWf(cs@ulT>HTqqhcI$eWtXB}&2Q@7-K%)$ozCwi@m5f_n- z*v%?;v`FjZxBDW2;Q}(4h-`Cp-Sj*+vkAcG)^RI0FTD1Mo zm>}J89pDIex}Vqn*%N0%{55pix8-moj^VM}_Q9H%i$bY&8xsi@dUa?+u4B}cD9E1F z%N{fq3HlKWWGeE`1)7UAk<#u1!))**mw`ck+5?onR_T6b4R*EqvbA?U6^MB9BC@_F zkRj5v7#7{&fABgUZlKR~C$mAq5uWkHodCIV=nU=Av_3BD=`Tt~Yu*7B8wvFC%J=|q z)%VF3MTCqfKAJ7#`{3o*LbR$bwiC-cms4Hup)yNj>3m$+-dq2rU$eE*D(azK3KSp$*( z;dED?BWOYT`38C~PsOFBP)_xY34GbF0cd7_>uAU1(%UD<0Afv^9+hhH`10bC6>8Mb z_eHg@!g}CzZVv5kf8y<{@2=7toXeF8wuc^8Hw1e=%k#B)U#$7~ zrGLL{x{)f_S#=3c#rB_O@N1P#x{wsG1;OaoRKK?w(63$kikbFZL8LEiwydd&6v?eE z`jy9(Oxkg!NX@BZd7yM6CZb-aO2`RvA~^O2s8$U{+pE*J_I@xkfs8|#U;B(^D)JoL0A3NgZOF-i=IuMZH>l8?7o0ysu-2vCg z&}i=cbP9hxZKV36!5M|8DaG@t5-7cJ*bg~Y7MKKdC2yqO4A>!^@H);i>^m$wn#rwb zMoyot41dRRmR}RjeWl<3O}_kq1F>6`j-`o!d&$)YH=eja3l7hq77F|pkW}OdNKyV5 z{!SG3+0R*+uNY>1#R9?&)WRl1^!|{bjbLfeH8`-E!e*@3J&-Xsn+;pQSkt8z*e9yQ z0eXIGC5VP(kPS8uvLJTVUFzLt@FDC^P*3tO(YoGf)Gm^4N~xMvd8K*4_nX~>ITBc! zGLnE`nhD8;j8cXBIgA6)85wrrE7PJ`8U%**-X8(jXsXE);jDa1J2r8PyvbuwNxf}d z3WLnu^8kKxC|$v_vvmMPHFg33ptxDuZCs1VEpDnXn)6>zBsknBhY7X9A}5g^>I6^% z3j8Cy&_XEHsrh8&hVuPxxfFK14!IH$e_BVd|K)f8ZJO@ zezD(E51AgVzg+Z(R7?{-M^J-mqb7^6ZkI<82a^gTB$JK|=>g+fmxUci^cFcma1@*% z2=$W$t}E^D(qc|yZPMVTOH5w8czCa_K-eEcu#7BATdOtORI(jEz5%WRYB}~5*Vbo8 zEFMKpR|pACAl`b8k9E>g7Fc`~MRZ|W`xkxD>^POt&(?Y>8Y6B?uyr`fJ$8}UM>%cD z6xr-l4+@OiiLSLer0RFal-p{dWG_pes3dzt2V8}x2jm1DZ^_aHbcGEWSBf6~F$KqnT}W?4^I(=N;@xlDYrwHMh~Cyk!!_XrKp zDJ;&kXN{m`02sUV`#$1MP`7h2OcTLzE23Z3E)7&+;$&HQd>}*J-?TpArNNH$mgvX_ z1*6gfsW^pYofX4#FpncAD}>1LVba4%XF{4=>@a0nIeuR`_FZRpMzz{eDt)4Cu`Hou zxua;iApc9cPlIN1?20BSXe@V9AL%!faLYtB)oCIX3mKZ9%2voYuF2P%sIuH1N~?hr z1HiWuNzxQkz(4l*17<}+T&?hk(j8kX*@naTF$lH zys@zBxYs`%DiU+?@7cpgjnCkxj%n{VM&l5tiY@_DL1ceP(2yQ}5ea}S8vwR>f)kN- z$A0sBTL5@j(~*C=$qAO_0wJ=ZODJZQTpUl;8WJUgWPFR!>pPD5g6~r6{h$No zlQUK`J@9Pbo!vHVn=H#}iZ9g5l%UXMGl7n`WeP@h$fgOn%h+nh69kQ;n3UZZm__BJ zWyr1ZsZ_cILQmpwcVES%`1Ipi;p80If}Pk9ChGOHZ`(UwvN*BO2DSHJ$bsGP#x-lo zO&&X&wR9edw){(CYBP>5X~Imo$3i>GKEno$lcQZ}jr7q{2X!rijYWYg{iaP7jo9OZ zE_d703<2lEf|Jy;qk>Xjb?Z*U`v6^MM#8~f6RI?Sx3;IGMBL?-TngTfisMI22v1*) zzqav65q}+=9+fQB4Dk<9mZY+7H$r~c*^8aahU^uOuiOC1pX$uO8AIhy1QkcUHXY;3 zurt_N$SYb+Xgd*H`4JyNub)=x$h@D2F&T|?)2|GDxwcztZ;#ARkDwI$Ho;Yr-YtmG zBfOt1sI;}vSriQ}3oILO+Gd`5eY2O#B;)IR_N{f6KS^m>ldA@(EYDq6$Y0R^42O%L6_jVF<#h1)vBppu*If% zhzGlL1797*>wKK@Zrp=&WyZ4tnvah6guL znW(5qvFA?8H)xp)1DKrNr_h%LhLJ&%khQuZ`C)TH#yrzXH}EixTsYQ$Eyx}-S!^iY z<~ntu5&QUJfK-RLDX>5XpFtcxYz20qPfR*LifoP`?d#Uz%B`(7wwV+}45c-*<;B*g z)dVn~;guTq64x*9yF4J4DQ;ZhFKZ{E|83v(;VsrmO>L=*KBZa`n*4V^{oa)O-vzhp zG9b6=Gkyn`@JnB`;GH$IEp}^6uVgO1HSRje*3_7%jGi#AFK=wJX2 z4n8EQq3eJNnF<{pi~~#(WVdou!r0I+HL8JK5p=MEr_qo%Rq*Ln4lORPe;cKnT>3Zy zef4&BY_wp&U!o(=(=^Cl5YPXxFl0;7Zz}iWuD%P}xiNX8%d#_0vBq;>V<3X~5*gDc z+N$bZZ%b(MM|GLMBPFgd-b~04u%oySq7eB1N~dims1D->70VU=O>3A`zh8$}CqQ44V&5&}v<2j#MKFv=Ml|4VT4 z7nICJa>_7ORknAPWf}e}3=eEBlKS#nDw><0Vg`vJ_5YMzZjB#X~q+(PLh#;4doV4X4vj466de z*C30lJ|lG=xrKtGCt`tGRYyiH*rOA_SryxUcrG$mQ#-NPfJbd_PoT5D5xctnA(u`p zFEy&m>$^<8UiQ0V(X8~7b>oVQ2Nv1(Mzsfj-^)p_gkN{5sOU1Oi7{E1dXRlCq2OP1 zEK?eE8P1{WttEHN$I}~w4UENz(34H;su+w}}r zZ^EqRH)r=S9tcF%dPHNoT!=X$di!?SUJtga31SeaTflnkVZpTXczUqMaL(w<6Hz7K zU8=&@Gfulb8Xi0PE=6!bpH+3O*-eImr%rx*H1V-e)xha#qav`l*C-LHeAX82GSMXa zFeLe`jx!0f#?>gpML5A3;n1Tw=jBmIjC~a${OAw;xWbLld)ABT8m8;|Q)ubP30rFk zq_+AycGi(@Fqc<$$)CZ&DHEc>`QfEMh;e-XIuhVba-{*_#s1uGxqFoFcntb-6pN0o zQt_(Q?CcvMi@v;Ne#4}^7-6kjlnEQ!)6Fzw933c^C4bLVRGVLsIQaI*q|+uF!t?3@ zw`n!|<103TSIeu$P#Dwr1_{aji9r#7wdJ68WgazEtQ;w&QEurrs_iz<#Dl`@=B8?mPyq#Xr!OM#`)l2pCU>*PB|sl=PQ$?HEV zeK1#Arrza3zE(^d-8ty*KDj1$^QQcgm_7Oi0Y|wfJ%HX6btM*8Pc;OG{=A)2w57hR-Qyroh7Oz z{&yxMJ-&29Tod&nsz`ZbMy`$w@a_Lg@{&uGoP z8DIsE61m5G?++?Gnnw5` z%{*Z8tL!NCKY2idUqG)A*>Msu?=3F{`zTXoI|ucMP{aBR-(H?vGKPigr*Cp1^z4naUR|+0s@TwxLyn19|P`UqO zn770?cc27aYT0!g%LHUdce|1HaG>N#Y%68-!R@dA1yERXs5A4EL@F}=+Yh}|?NAD~ zcvF)CFxW`Q{)4R3;5x7&e9K_@ZNbm}TT?;yA^k8EYu~=d(mfFQ&FI?_nu+&KIXLu+ zlBk58-fEk|JUZ9K68o2A#Gd68>;CIx8IB9*< zd2ch6S5{{IL@F7YK2+v^RP?eBuBwb}$n(qBt1Vd_t)E)?@(+V1VKNIr#$GKd3Lk4m z?cX-yAPllcIZogBD-3d7*9WjXr0Q+^*yvd%)Hzw**i|w}JGu0lV2)XS_r5g+c_ENW zG^2M~V7FA`0YVz$RlsvJFwj?gCzEvWo~&ur{%sIPrc;{HkJLyL&xpFpF*a?lelwV) z-9Rp7Mm@01a&-4ed&5N}dzkLJVot;|rg{iI#o$3%m-$!i8a^m7ooYH?dv`B4S-)kh zdr6t-4mCBC{Vnylh)Tb}o@t{A^%MWQTgVM(np*`EqhI_aS58_YQn}EgdzbfGm|X$t zEqAgJzUIZ^te}=6Iis)nunv_IXz(#mdM9Snf&kgr4?s@bF8HvPR^}gB10mV|ez0|^ z%O-oeyiu)*P6&`x#m5#m9(8)?*X7*+wS>2HB>e_idTZjZ3Dctuo&|AmliF7;%b^ky zuM#^=-gKom7JHFU@pio<1_>WGevnB%sh3RBM-Bde?7e3|Q)$#SIyx$fBiK+u0TmGe z0Y!>*6{U!PNRuuiC?JFuS_lylu>sPR7LeXT4ZR2|y+a5sfYK8}XbF%IxK9-C_l~3A z{qCRp>;9RUOh|IhK2OSIo#k!A391de*6;Davn2veg z(+e>_xyvsqka zj|AYKnsO>q0U&%DblDQOcUtt`6=!;kgmYB|pkL)|$eRQu|JN>|6M#CL^g838S)A-{ z5CrN-tlDx~6+on#_vRGN&j-j!X8vV`%jfr0$7`pysqC@Hu-1$=EI>no+Rx~>%?9q* zChKcY#>qQt)M-Ysoqe+GBCkmV3>engyXW_S_N0+frE6%9ZC_Kj-E(W?1>+6ehsIa2 zeLZJ~F$jpzB}9U8zbil?%u*0Lw=ARbRsbX6Ivt~KT#cv&@HTbKmV6YqK5Z+WJxp)R}|Dyga92?({!of8icOo_BuEkbqir45ax zW6i=P8vz-c@;VBmYxCXqbveU48#Pb&vVIp<{j0Q{PXujY?!3~&Tc!WyouH;CuIp{& z@Pb}tQw0Ah_U_d1WWnA>&_Jbbp8ZzCh6&mW7@Ke38utSt{W!p@9Hs8Pd7uENK9*gj zeQbwly#ZAp+9rXXz+3*t#to?km4Wc>Hb8(da+m@`#Sl(W48arAcJy6 zTU#Xlc>N2w2wp-MT*>ec+*@CGy%e-l!$O^|{hID=eg32#gB#FPU#GsMN|j^~`0AX; zjs64QZe>WUKyyWpe|q9)&p((!0ubY5`jhg=@g}2MCOkC>#6;( zJ9!}t$PLpW6BS#z*!~1?3(u~*{I9?G_kVq3s2eNXTfDZ^uJ;*g*A_3~p+Bk{A%J*= zcnrRrkb}RbQfISN2>GBNBHlH*?;9^3WMtt##aO1dW5Wu z&wo{%65Nt&{*r0_wcQ?s92ej5lg7LOP;yGpCH?<&thVBHzYN^pEyT5z~Ls)P_ylaH2*)Bv-`6ixWhi`cnRc3fW9$W@+aJ1 zc;(v297yk_M zuUEE%!R7pG+W4n1b8ZiC>p1&sB>!*318Bi)hyUKX%H8ikd_GQ>UijlA2H~*i85_0Q zn#5*cz%39wmhAp;`P($XAH+R)^izKO|LeVfon(Lgf2a56zIzhr4@3CQM4kX_X9);y z1V1IWrK)l&MuVhTSyKKDO>fw4n#qCAJD5_{BEsY7rbcT~hAr1nc3OLb@@ zj4z0$cr)T$3XGdZDhU%_$wJjnT&t9BS8FcjP#cylJ)<5acJOf66$D_lkea@zMOp&B z7CZ3v1qPG3A!TY1Z!9wGeh?5R>`{8;hh!BgTkk{wV6mFkKy zV~K9oj3oVO#=A47lTSGFE2Oag*{7yoNmX!K(Ss(f%j+7ZbGTfaxbdcN#g!_jiHz|k zePisH&DW_@W~#VI8xJy>!HI%X5jphT7 z6gos&_a=P36G$}kLfD|+31s^t87t#r_eA-xc;e4_Hp~!l-@DotD0$t|h;YB>`x6tpz1;&h4l%Y%pk4`m`g3=l}S|LFa47mCgzp z;21U*n~_~%;n9+irfj2PULeT}Iax!u{*>KjgHYKBar(6Srpa!u#qrMi!Ut*?XeU8v z2aIiRf-vv@KV0YgqVp|VPkSs)7D>LJ;Clm2k#Sr7+*t)=+twqcsfp^k!e&*ck4xI^ z>*jj@d{shsHDpaY*&$&&OGbDmR<$64yYc0r)D{XuN1emPIni2Yj`g!&>}3+Qt9x9( zz-qW4@s?7AWS(-Ks8FEO+Du>%fQ*aPGy406{i`#?f3k>^1K^qPsAlz6>Lun82Z0J~ zB3VDGFS=G}s_DH6m(ZQtT%OaX4Duf*v)unAb50s4D%K-l8HHyw7htKZSzRExl_t*qay2Wsa_AqNHC5FuP;8yH~J8=R= zO&L+h#QIxrSB#3?3QP5zj@v$ugy)An9;s3TlWwj|<`!=7%D|wvx$vlkV%;0|q?=!y zCM!vOrS++aicV8uqRBTK^4V<18#*oIIc=eOq@XB?%G)*TPV~Bc{fJSs{&G@0U>Ual zDEvmjhBCmjPv$=X_%U~V+4f#*{V%YHIdmE4H-13{6#Q)@wWPja1ovi$TFx1rp%IoT&RSdY#aR z-WOFaGx-+C3^8jRvt7%?ltB@bs`DP)9@pfpaW@SsaXMW|s@W^JN|=5i-R+vG2T`aW z4a>1#Day5NW^R0YDmJk^RjY@=byx7F4gZ5yR8(x`uYK4O#fK~+;4ho%>h#IjFN-Mk z8Gg)V?xkVqaWZb8k51r21jMEd>VA#(sZ28W^#nv6S3@VZv`jlv6+Pdxbyp5GJo|RH ztkqc5&JZ~xy@IR_Egn>}etI?m!NPqSgG|pNWMWZ~1JL0M)wW+2HQ5!sR8m&bX?M%L z6Dx+|-ve_a-QvN$0*^M9g1D0_7Eotyxo^q=^+H+8`op-w3&RTHaF3?L{LALC<>X*) z1P6+cF>l|T(uE>21$t9h_%z}|fX?kKL+~_wiyfpp4j`41xt#W=ZFqsfHVX-o7p;MU z<+UkjWX0{7-<)txZMPOe{cSJOHAKd3?sD0)qsCM1k@{e9}QgM^m>uF)Wl1 zp>j5mZgP{OJJ!EA{bWIBG^z3F4K+@j{3DEU)%1{Far#F%wWW0NK5@z=+V<+s46+$S zcsgJgc}fDjjl3}G0u^5+qmzMI8#2L?)MFC zqvK4ROv}s#kq9s)3mVT_FZBV*Wt_Z6n5;orQdOIeum73L=Tw~7dA`Wm>F1b+p8nG8 z&n}mvq|_cmjZD%A@9Itfa6XIka-m$$hSTUu7v!TG_1(?_z9x$sdkLQIelwS*RK~1G z{#ZXaSc-xe3+uwCssGj=TbY;y$X|{>7r9~POUSp3dutuKu{?25)S}n;(&ZxVasCnw zq;U4*yK*D%=4hv2Zc=b+R+xK!hQ)Gr>V-bX(M>^t>mmk0bi322b#2r%;O|Gy#22H#_CB{-y`Y)3TW7DW-COR4@I| z9a)eX6yV@e0YfoAO-yPvN?!xD>&Y%+W<&fswUq)Q#gN1 z&sRN%oD^M1Z&E^kJG5*b00r-+bZj4F9>5MS!_el=OUKNVjg2I805u1S(d1ANaG&wx zFi-K)Z&x_8Ne>=~^WKr`iaQIq$fZ(tRA)?P$v!f%1|2mZ`!MivuU!KJsaA|MopeT2 z+|}|RVx%XdX3BiEZu4|zADE=LHZhW%|D7S_6GqxT4jWZ-pu4_4+f`ofJf6v{i^9RMK)8nZJun2#2gy+aE0oHv;>uz=5u1yV3| zkH-9$o?jlo_ad~92$`Y=d&Iu6HAP~eY>yR8GhUsL@@#p$1bCY#U5B6YT5*%%MG#|~ zEZ$gCq%xav&P3l#LI~J&3}hkszDN?5Z1fU~M=TPX|R}6}C6n-8x?7 z`o*}OI*3|9TXc&uTvw_fy2ma*da*nwsZyLiGq(9&;_NMVJ64qDiQ&n2R&c=lzmsmr zSfar>(oyYbpOfK##O zk(_5;;MGtVyPVb2F}%R6E>D4WlFHm8R{q;}giXpG7nSb91_o~Cq=}~@QO1KOt`f^O zR}->B&S{;-&2kK7aDuHj1TKS}me1%wDY^lrS!H?~ZYNeCw@7Kf5fg=gF^H0ceFEEX ztD*Oq(9|}kLJuP?TkRDB?n{LNB(T(BAw#)ESh(YbbMEgnM$yWt6OGcTc*S4lFZiTBctY-jtCu7~jJ`X+xr6u%?wwsFw2TKAa3q-45I&D!70 zFo#Mvnt*DwL;wc2u5)S)g@XljuBo-GcmkzxApJXg|KFw1e;|Wzks!rBgDeI_;ymAI z0Pvil-n1!%7QL-^!I?T7rAXLN;#%HGVP_`+LchIHHc0jqFc{234pcBfMJVdoK9!HZ z*uX*!yz?l|fkozEEl))v%!^9*qRL$ee7=bFR>zidq3E0K_QY5_QgL|RSnA~guk6FH ztQUnBwl4^TH>;(*VXu9|QiOzjsuNng6%g5aR{TR{hT|K!wsumvbU44sHGs$`mE)@5 zMxqnvvIxVwx`rvQf%?_HiOfHy{OtXQL1q+2jO45hUdp=_Bm2qmtedSs_3@oGX!>bjLn487^DeMf33$VVWD^FLvl3!?u}qc zBd_V{9D$&tFrCR(4$`AyCM^3K^haz?)Re2bYyH*DoW~=1gC_!VhG7z*6#u9TQaasd z(toPL6~517E#lZDb&XM?6T3s%XwN_Jjto*Cni>dpWwCA2hzU`C=*Ne1j?^=wkmpVAq-b(Y^hquuJrHxxYT3*tTa#~j4r(EaNEVot$mQ&|JA{)dlZ}uya|8pwk0;FT` zf)_vapfPuUwJMMyW@zT5Xtk|5^mW!`D3U;pL7WVLn(5A4Wz6GX6jk6_Bok;<;{LuT zbL3X>L_?gqM7BvhA;SR(7uO!53R*kAZiZ(o%^x4;z(NVt{I8FQxSgQJ*N`C!a2}L) zMCMEbrf@v2=*vRM6wZqOQr0@5P1eT@VoD!kpp>>t} zk}8Q)fP>l_+V&1tJUW2W`8w!28^Ww>x_c>H0c6e6g|vpwISykZnWgbYq3jU|ziwuj zWU4*`0Y?kAOf~NtzCSR3K|t*Pct@*rY~9XKMvmPK7=Fxq$*R@4Fuf_xPLS86tT2%B zb~`Wh5#Byy-V|OPadm`#hRHQM{4jrrOkg(ESgyasI@8{nlTH+_&^a}=B%aX-#5l|6 zEa2M{N9{jDfok05GkN-eA~7<;7K>8*T91qXE+$d~y1c+T02E0={MtzlvzfQaJNt{^ zk?YH!t~l=~hEH{eBO^IwR{El^2WV)7o<)~ZRsgMslcw|KdttNzT552lY(7rxjwL!h zc<_dr&S5Nn#R~DRo%bfJa*j^mFwXpFD8(jdcz2f<-4}RC>K)|0c@7j3V%P>fBv7K~ zBd=9m9PXT}WRf2Eo^}6kJ+m3WZV1Uoqy{?0VwXf_g2l!nbBs#`N*CEASIVQU*55jAe6!5JkGa{K3bS8I!9sP@ObNPx z^$}`Mb6(vKawxU}RBh{CC6yuIFjO5>!otiPa>&2f|2@@69X*`8Ad}y?yEj`1bWB9? zK?!%#?s;dbj#L{WsX&Rl$VkUs=KreSup4yaX#aWxmy*J(ulby$Z$yX;|?N-^}$ov7oEY}-PNu3>!T4o$LQW85L7+Nuwb%7szz# zzUX8pG}TIrzUDYa6^(~T`aA!C)uOvf%Druk5_(-$rr$<*?2myfolmlR%yd1?o8$)Q+3*?vZQ zzLUEyIe6bYW8TaUZxiNm?Nc9yQXd7qGe)oL<<(Doxx#(euZ^N!Z{|iut%s8d3(S>QO+T*wCx%I_DW*l+`z@-^`C%u z7EnR3oS5T&cBVuR?cJAK^bhB10FCv+&5bg=X1dAdA%9rhQRAZ`dMe%<)Y}D-l zWth1MGif93io0YJ^s4Iz|W22@QZ>tNM;?XyqzKvTG$}&fX%ck!u z`<3~rReZf5>g}+})wTMmO!(&Op=yNLorf)%Ii*Iz6;Ew3X_l`MZ|~oT3+!-P+kQ1h z3~(1b7J@D%=`?=08s-8w3;Zc0RD)FBe@n@S|}hF8v~1N!EfM^P>rhc~juA&oA;iCq4SQon=KmcEh*O zdc*{&&GQjqByW~~jBr>1qD@e!rqq?|O=maxKXk~BOI2FSpkzQ(aX1!ksk0Eh3|{>l z6IPdIWu;$`$&jWt2X0#D+(JSD|oNNkHtLzNCaRH)tc>V#v09D z{qH0yte1*dx_t))hYIbJ6-T|sCe<6mDswAeB&kK$y%Y5cSG9Wqh1ub9 zvnrcGj5!ekgSSS*&&ZV(vAX1NIK~ROIcnJkWwypTwRJ}#0WpX9FdXMO^kJ<#*(LoU zAttlxR$Q-RwvDd)z<6hwLiX{1*raq5|K{wfRh@!mN4};%bw7@?>V1YGi;>yXf z%S!QDwAeCo_`;#;;taj7%(P_<3dh)WOKX5JcP=bh*h0%hwR z)U2R%F0NqZ2}(IzW}`x#oWLCRnnN4HecAo4w`A{WH}Tp*oKri@^lnZhqVi4JTLUsF z;ghoOI!ZU=u4#%UJ7K=0-LNopv(;?ep-omLR60D3`@uP7GS3S*jkU4Oq?|KFU$S|T z!3ety@MoFV4sZUoxc;xT_PPdGW*hoR70@$>`&O~cjerD4o@C{cefvdCzljftE^14U zU2{IG*00Z*dQe2CLiTE*??GVQJjxFysHW8}&IeZ@QwlQKi!M?c0-VCW@1;U#w4`!W1r8i%vL~1Ti{NAGI0HqmU%7Ul)Zf zsPkhn$b;eKn~&tS+wV=A8AZfg`a)c^sr5AHoV2n+WSFzxtn1cs`BOBpLVI$R4|$l6hVmJ zmABi&1tKE3Oa^7L+=#}jldVQwnIpH~i+Ma>;tl+Nc|GbUJ(nMa@H(Gu43^7$(DGIT zaKr>;+=#()zz-%-IjB}o%8juj*n?Xv-*e;QpW@UG;zY0T_1J0?R~UfuA{ypj^ryl9 zl@F}S-o3IvX_GNv6^gxb`A^NE)88#siSDLb&fpLrl%qU1jR!6||K7~EUS9dkXoh%k zgF^57LphxdqMJnYH2u@j6%ODFT}MZMHlu18roXaik0bvxQTQJ}HChSA&G4XP;SW3R zZPkqC7EO3^=O5s;ZN=dJaQ8p_q%KtK29x1v!p+z}T>ldiC^TrM$j8GUnP)wuePF*`2><`|M7%JHY!Td|*U z!L>J&w=Q^;VXP-}Gwe^-v(B&++oZjd{P9FT+Jf;>S!Da@*dGGA9|Z#XwW;;f&xt2| z#la4HkNaog^-E9lMFsft;9`=8^Vah<2G6Uu{K>BW@r?d8Fie4&Fp&*+h3CijzldRc zzF@?|_D=(vF@O!8S!}(%TN2#9L*nGsKRqvfFy3I$m5$3>&&vpWyqXqS{8J_J>(2~< zCBaqymDA5~I)eBIh2A;!hwzLtES=^1?Zh~K1Z0yj{)4>7g|@==bKL%X>5~iQtH18s zpNhJZJ>c^RDPzDv?3YOXc=<60j8A%ojK`K=s~6y%3=~se_x_2fA_D3e>W#)bB3l*B@hE4P2^Qts2hn2hf|quqWmG(I-(SO?HNt}uO!E;$>WFHG_)Zos#wVLU1b{;hr~y+&vEzUEL7b0L2c$) z`ToO6Hi=)ViCrC8);f5}>XwxEw?eP}qK6JQcxDG;tP{`ZWxYG)xe>~znPf;zIaTIg z``ajAXBeY2^bA%A{&N!3- z7b2#5+8=wHXFzupRpigg-Gl?aYbXWx`P&@gc2f?4KiMI_3?Fx3txs=x`jdOK`{6bO z3yOe22>^=`*Zq~tBuneXek{wBtmB0=O=Yl!E$!Wl^0gUTImD#);n|++0cUfxRtn-@ z`At`d0CA7$G+O_aDnUe{H!?za6Ufcth#AMGem^5lGFIr5_bvx)WgH@=ACbNUYo)a4 zj@?j<${c79hgpb| zr5ZjSwp?QEgUXyKQwu+LMiMd{@lxBn1B-DPHxNyYl$RU0S@@`Pd^90Z)U8Got{(7o zxPm<6iKV31!j{=jO_&N=@0eLT7O}i%*F8EHNI1G+{mPLbQvQWEI)r4}6*8|sD(Ug@c+pNEmw(DbVFib*}s{32k6JqBbix)KnCDtlA`4s<@D_{`}@sqr<+oCb?qg$Lfj`I%{bZM#_q``u*OKoAclSDvBv6bsM=mG6GK%>)_Y^U zkJM^-vO*Y6~K5+@dwi7wF4`x5J_oA)T z@r{F!aE$HkoOQbZ9r)BfLR9GzX+m((pc&;v8ip_RI4k(>Mezm9@HK|=VW3_;S(WRs zHJf;9%gnHDG(p^kA5;Z--s>IhcZ(}<`p8{)Tk_a5Z{KR*%(0tx@_Eop@hv8k}u$bW`K z-2s=Z=&Twm;0MY=Lu_UWuL9!hhv8}{EwGR@WJZdvLCas*NOR?sce>`pLAake(}GF4 z*0GBl&Ra|x!qm^Ldzd=dX_%w%Wlj@O>jhI!t_N|c`%@hQZX4Nc&JK&j!dNNzb*HN~_=5UcW1j7S|R@52O4RYnjCU6yMWt-Cx{=MySyvZP|qLT|#oTUKX2 zT(d#H|8WKR{y}jaUp<5^3XAZPXnK)n?3)uZx}@?YzLHVuJ{}$YL=>iIGDlt1{quEy zfwB4^!EU~NnD*gP+Z-37_^sJQimo}^BP8G)gI*Oca8=J8R!48rpPNl@Xir?jC(N1u z+`0a><$gR4HrmRBqmTanvE~NreB|~ec%n0J5~ISQL2d6UJEB~r!TP=UX@v)R*<)s; zxof;2Rr_VM33t@!K!w}an1!-oK#f*2vv5HzSpo9MW57jjuC47lSE=NdK9r_XEgF z04lOT2Hj>v0M>`G#E6X~K40!2c~gdVT2m&vXZl)QS&1Y4yFD&(@T8Jv9Q0#Bj{zT7 z#7S!cPSRwdixzcnrMi`7sB^=Wd}xK$+AMr263lVD)l#KShjHfBz5ZI0NJQ6_;f(nV z@484k&n8EU2Ngi-YYv~{QhY$#NL9+XS6_rweR+Q;S#Igg%-7U*(~}7c9c=Tz-}glr zSZtJ>N;sR+|Du>r6Z*Ps*>vLrC^1!K7|_Qn;wI z72hwFZy9kFE`zs9>ugd~hCh^;`F^z{@IkW>UiA;k+p%k-YNe1{B)bt&%UgUryP(~v zMWi7f9E=r9v-$`F4l!#3y9@aO=L8qNeZeF^+pBmU3SiBmc%H{U`m>Cf$Y#nBds z;@Xyu=>qQocFJF%49P7mhC zve6lpLx(C~+-${uE!ZL)(;lwI zqe7%CJmGWSz92YJ>AvT*5~t^li7Q+e40CpZR__R;?{tTBugy(}IJ$U12Q(NTyA^>u zr*sbKqfA4UkVV~?0n%}+^+)&63uD{R{nctVVe285nadtDgIKZ3`)JE@DO zny4LGe#lspqgykCPt)cN9uZ%y1_pP)*WUvhrVQ`bov~LA{n*f6WNqI#Y+V0>%Va~+ zqA;$kAGZ;+PTw3)O|Hg&1Mg%W6;*a5DLC96aAO}0c|dhjatBvk8R&-v?ZAuMPb{*x@$rb3Xn@uG&81#~UbJB< zZ2rYd(VBP6;PB)(q#C!nm71ZUJ*d`r>SVUjo$3YsgB+|&9^aj{|CQn}lBWHgj9mox zx9pE1&PV0^sAdfm*UsC+WSo=nwr$%E#%cStM~NDL;~-ox z1D+Nfl6Kr_>OgoKyjD<$cjc6Gy<>O%)Ww9dZa=rR#a(##yJu$VICf2&YDte=>TS)QJxRE!SHxdFg> z?Sr}|7>H}K-!Y(nt@4a=?8PI-K%Cna_XE+na^}c<>ga$m$w1uzH$T?vG^R9aUE7M1 zNcGpN7cz8<1RR2!t!{!%Ok~^X)6R%>1FQAij`Ju5rWL}O{sOBm+SQ%d=;FB$Q@XO$ zP%6vm(Z-hz#2VX%;TvV z)x%GQ($0~YCrpEnw90o(A&e?DlmcTjR(xrPI)NZM*0~@S)q4ai>fKfw=avwL_D8Tt zOlB2t07p*`4dix;Rk4?~uZ?}Z%@0tye^u98b1fd!cssr=J^B%g)8$X9cVH=R7y1^o zyYg|8HLlrm_r#PBJZufodQKr_k+caGK^!ZUStGfv@0exKg|_5$fI#(TbW4@QU9t=N z{EAIm^F6)uA?F$Ay5*2Fs@K+R=||w2*LPqA9_ekX_yLdRqK8EH3GQ;}|6HJx% zB~fLS6j=BKt_kvjqkjYBS7lz;nXnlLCJ)b)U9IC@s^2@AM=eC80%E43l14tY;PLx! zT^V1L2Q*DGZCBqXq80Jxh_kfcM*yR@w zmcGJPxI^UsuAk;_Zl&0bopOziW0|cX^fj)UmD36mCSXJ zHS?P5@8Y-r#XYcK?4J9JYiq%HaAZDmbf6o4Z2$iF)Lqqp4+*mSj6ux9TS&ccb+377 z0oH{W6?@1aNKaCIR|}?uD{@nK)uZkn{2aumzpos)g;(ZIJxjjt9I!O#Hm8DPH7d($ z;xg70OHnY(e;mGHe(kJ9)2gq3P&ux;YV_;DC!xO^z`+{expqONM1DYnPgVf32-7s{ z2$?@{TRV>Rc*hNe#~|4h1@&4at1Fvv`T2(5S7Phe0feI|9fJKacs?FwKvY*Z^WlJwU+Hcsqgvi!g~5Om`@L8tcSOxrXma^sa7LFRpizcb#r;U zuKkrtD{Z8P~zm0Ze+Irtz1$y40yNQ;LgwAf5tdD?b*GN*S-UbACH2f1)dQ3i02RA zKmQF}fLX;w&3SX5>CQyex_@RSn!+;|LA5HsepZaZrkMxrA6wGwQA5A~-p=>U>y&kbfvOkyMPxFL$?Jaj92zX zk#qE{dP~r{kcSN1?&5uwYIzeExWHXVcU8G=G4l-t>#p0}Bh_wZRdZc~Ws_<$ zjGm8EPBnvw5wRyU#V=!qK~WTmM$Eb@WO{R6^!y;}xqMEi9X6~EPAmxp4(w`+z)6HYKLc9@ZN?yJ0V z{I_cq@ZEX=S{<$hth0avwm(+%y27-k07H87Y0N-~t)an@=<*4+SGYt2I1Kk>nkY)n zbX7-M_OdR0D)%t=HcfmEJ!4iiR2J8<3rmsKxxvKB6)fd^w8_%K&X%T^?|#6e_~s3N zt^P|7+araH-1=U7JU~pxL$W-LcVa>RIufu@W<*g>2^rynHyNsSa&ohG@F(R!1Hjq@ zlgIt_6NOz^a9UAhO#da1y%&kU*^C(vPl2ruG5;=WaC+^Hz=smhehPDwEGg30FI2gj zZd6_dwON^iFXDO(dL7*vFoD1Rano_<*#zfDzJzVyB(>#ZozP3H-128F>eN~C8&w0e z+BgHm+gm%ak-{bsRewKcGLSDkS_=%lD5XP;GvA)2GHOmpgdo4Qc525nCRWa1i+W9t zYVV43;FJs&O})53OnvWj`x$-ji28BQ(fi;Wy5-|>^02FVC_~aw2zWeJlFz{b9J-8y zExvtznT>QBUS-7sb`LYhKvzxLwdoKEYl73-;eGm zPt;F>6VmQfJ+@}B0#=(FY@ga1F)$G)1ylK(8`OPRx!ctk&z zNVyGJ=vStOa5T!ht{;Y7)RMV;f?c}O}&pQ*_eHxg~x88YF6a@@Xc$GY-I;H-d7 zfld^gVmJ#rR#))goS^m8Q1?T>&8PRz-}G^*d-AzS36)aBE4Z<|CZ4kgg!X6>>o2a< zPkOeYZS=xJcwg-(vyVF_WB&@A%Go3P4@KLr!fG|++64De*}a~=l^0*U)=E?gS5nHg zqwdtY#iihRUg4OnHDov+Cvcy&GdpyXm}cFm%Y9Zeu4gSozGwx4)yU=r2BFk-Ae^(r z;L)CDeqRCts&u0{TH`*SJ0#>O2A{>Ze|f!mv)YGeyU8807&Sgn@yVRA3LMhP&eRqo z#pmlEfPOXZ&F?Q}ZLH8o(={ji`uX@OH`AF|vta$8IlXy+kwl-ct9&@JZOxfDveA9D zV$bih7C z$0~u5a`Uxa@}{LS7nD<`b2RVe+J^kMUc zTnMju?dqL@5)q5%E_!L+Q*9=;ua?31X%v@C&GM$B^^0b24dv z6D;bMNq9P-5uGc2gV=Lp-;0dbX%1`Ok`d&dMX+IErx@@L6_c7VR&nv#1t9sX3!7}r zrli|;Tdivrkye$7cprJ~E-V5Ko=JV)7q< z5imJxUb~|!+xa*lD(Z+=UxVXf$GepNp_spWasejc#kq-dk@8+o8gGxR-(62?24@@c zW|0zV+kN2W2B%V(r!gvXh=Aat$&_9b`;insk8?n&97;-Q>#C2tJ7%b>Gx)Bn+rGgnne>S75_D zpHL?=Se%P;B-%S<58Kry&E#)>JVjUl@95R3crS5+ie>5oCv{5wxLVQU_fQY$X5q|c zC}+8=(Ml%CiV)G7Wxa^m3Hb4~Fx~2b9y(>z6e+ghLh91kynL0@tlU-6lfw1D^cyI; z)>XhlMo=PW9NTPrBQSDY%@&+&Tp#55;!h?FkRvaS^971!t;7Wv%SNOZ9DzA&BL^j( z5~dEy3Eg8w;VQler1W0k5~s+NK6vv24YA>Hbmp*RvuEKJukr35$k8HldL+9z!n1l= z?6G;N!y-#J_oQ#w^H%26Rtw{3!U7+7 z0!nW(gU2Q%sDq78;|&*=I;c7X(acV)jW&;qjLTf|iX7<5HT5(Qnn*gi+l}ad9YyH8 zsHV0<^SvgzxexTc7Nd_VTHJh|O4OMsTb`cUZy0TfNt+Rohur6CdQy|PyxV!{y8BKn zB75-MQb2lVY_T*+zqt2uaS%%1oHDvi?tJ3Dz#sjqb{eVL)Hp0f#?Pm$gc z;zdxcPl6?LJ?NaFN*MNW2syp?xIQ5exGzQz=h;FkA!a;AaHO>B9C3c5tOJ4QNh7$_ zP1~XSeF@iXivF_DDJxA!=;?73?0GD9Z5{@u0bpgmkYx}>Qgb}Cf4}LvUj*;RIR=EB z(GBE_OUHldy$=kNOFS3HyUBuozY%|K@#R%ARw$5*rwp?jEwNO5D21b2Z6vp?-z_G! zN^e4U_pzRors!y?#r`T(VWxFm>mp@TrmzNjTU#9VO|B=+SR7h3Kp`qTxMjqd-)R%a zf>M`U(iVDTmV3n%c;*Dep3}N!o0R8alD!WH8Qr~fd)8JmQ@q&M=;2^h#B!bb;5f)e za`B*nGq6UxCpXmBxZ-4Qy==}22hff_AZ-p`@V*i+LGysu&IG|TJi(NHl`ftS8kkcq z{?q*Z7}kp$qP@QQwpInFo;*PSmJQ8qbJ6wp!|8inFK00uT0=(K_BPkvXx_d@EXz!d zDQ0pf8=icjcS1KYF}675%WIYFl?-X5D`9oYvbrfJb0Z9t5UY+Jee%b%}cKsaW3!hEBOq&s}=_)J|K>|kMBbkkHzh@_2Sq0=fSlvL* zQ`;LKdTsPddfy*SZ;)Hyq68P)ZVrq(*^oa%mS=C>1!p_pJONk| z(Al%c<%(y^?ipmUC9pb;LQsNrA5XQ(i9)HYo~=&e^x{%}(!E_>(O;IQ@+|lsEEkU$ zOx5y~6ft%6`fd*H5h(Glw$kO-`tU-S40=+=2576*Zc-@-fxzvnn}d+bQ#R7HXM4sr zSH?ebm%9?f`Ma%{sy;I63=e?IAW7Fuzau^W{l{s*A0N2HIqFt}zCSaNjy|Ii({NB! zQJwHC&w^Dx_R|Ac=_rLp#-F}u@ulO29=%F0V!fiv(vc?J)7I|f_8EG+2F*7-mMIc_ zle%mT9b5rt1A>E6UDmkp4*(()@OCrr6FCFxr1{R73>cUbwg7>$ zG^sKZ&UZX{z8O3vOT!$-kpfye!yvJ9$O@ z6TN44qmoI~z3&+3gXiKU_B6~CI96MLUZTv(ty&%^7t2jt?BfCpFa)-LqvF80jZT4~ zBn_PP>omD+Q0lf>MLrMNhw4t!;I%VC*rP9%Tb%9HdHb%W;%&Wn9ko)I_z+I2vMGRm69-|uuq+Q~B`Gw|D!%iKqf|v?}gskMG zlm~NNiAVrGHAqV~+}+!MLf3|soV6XK`|0(V!{d_@=3OrR#hdXusO6L}7@ZAnxU&l! zr5nO9Mf{T0E+W5qSM*`qy>Q#^jed?6b56%>fqev6ANHyqIURJ&``V&8N;8$_Gl&a` z^<5MKm*?iE=jd$lRMr!+=f}?Oi0d*w`p>r@XR~zfZEuibLLCkEG$JUeBP7h=R^`~v)z`nP6lUge&r2HO`0aCqsa#c&_h_#5lIwf9Ddo&};Al9= zvl-Ta+qkNJ-zDy&=flwii9QjTH|u8kF3DMjm3n6Fv_&z&ah~me;Fa z>`$TW0*3<{$U}Pjq%AiC2N5og{l{+L29K!|Z3;AbNH&w(^;aBNw(a0Zg-A7WlWuce>OxgmIr4Jrln>UF~tA`Bm6npc4iSDl&Wl;DGkbV8!D-4#3kg|MWhA{ z^|a-xV%_C8@_~R1;?I}p2(YIb00{%4=89M zz~B94CK)x7F<-W!^_1BGlX6Q2SZIKT5~lwBCCj%WQHZP+405b4sz0$hc6L5-Clume zWX3pvKFbL(%^Au*qk0N|y>h_&Gs*$txkRJLKr_{Y7B1BTz2KzRC2!-$)$6suwEHdd zgjr~@U_^0TvH6(Z`%7*K&=?+=-dc$x{H0aP`Fr-1Q7TS=Z33;2gs-%6TfDQxJiKpl z#&aq#J7DH3Qd*|n@SaGs{Px|eC;&H;D4arnz`#iiZpkf$Rj5NOIC;t%TUN?;UNGOB zr_P}JbmsgWbwN%U*Yj%HJ9A`Qi4ib2lIk{#>=7~RJJLg&W7jMm5Y5_^dV8}>4Q@sX zSmAP>5(A=(03wb(19UpPFv@wr3|Tr2WDOO{jo)r0^}=+si-rN%TXgK|CNM;~9$>GB zZS9=FbMD&5$pao|$Ha(7`O`2F{kk&!0O{(7Lka}{HDTX}neldfh$`6+O7=1kya8}q z>E-D^!~qVqhgFo{S}sjEK-1yHQpGjo&TU|dOyC* zP;p2;#3bNCwI?wuE&W^St>|o|Id^~dfCpyUnVjh7{kQTofr9RpllnH`r9}&y#>W_v z4B@06l|}c3Z(t5s)nriV(a?5+3dwQeu+5%yvK;_Uezopw&19NffM_(0(H{{=+Qnl`VjU@NugFqv5`$9pE^OOhwrE$cwl)$jtO+2)GXdl^J9J#07#Kxl=J7hZmP zfxqInA(Nog#Ck&1a5L?rX$m?|*hAU^?nJXP^Q94sn^gTIn+8M(aNS5|vY890z4FvE zt$NcSQ_s^#1Hhg8jQ!AMfDd`d-(T+5TEstt7O@=%w zEnsge9+I|cX^S%zdw@ih+Dx{=y0DL%m3x|0AurZXoU=h|6h(Ot$a8p(Y$%G>+|86e z6V1VIoTH)M7$ub`E>yZiZ@TT*DsV-?`&-zOrT^GsPGlz`HahVO@hFChMPwO3Zn17g zHRy;r=9^)hfr&|ed#}CrTI*WZwbc8@#l(hAxHR1%d<=+=o{oL?~D@ zz91`8%4@wYS;AvIi?#j! zg4}6?7&Mq2xf=$~=gAhk{fpn6PgeZ-bOUR0M~(FK4A)KfyQ(J9$g9^j4QP(m-1wx; zh2GS7#kmd-Vo0fZqaYy{7i~ap@!SAJk%%VXcYg_z{e^#4*Z5D5#*m;XzB~D)PK@dg zc%@0fRbHKEqRVNu4YBMU$WSm#*#HS)*VkFCQvgM0Rs$fde5V~c^OwC~cR%{$v$-a= zs_nO|70iHRvW@E-@*kr8CLfj-?oSwYRXw&X>h#_w?Z8AEa@1w_`z;zlyHZ#;a8%4s zz*{F#{<^gZAWH9nDkE7+(xw3cs+WbHb^6R{(20bv4OtJu9F!YeaWz|XckZu4+$o^9 z5Z9jHWdnqd&tA-`+o#0W7Y()jj6%vrk*!un$cYvVq>csGL)e&q$se z*B_Lcfe1j{_whUHWIX8e5ZI>ri(j{6fW>hE5C7iTxgq#ZCX4q&X2s|mV3L>set;aC zV*Fje^}24+mlEfU=G*<2^aTpiV|>^9>qqE>U+>fOPl1tT<-fN7=ZmE9$yC&YT>5Xe zAQ=B(12p)oI)m!ZL*}gptbwC8MD90hLH#rO5d{Bl?g8(g-((kb(Nw6q(uMqET;QMO zKYpODv;EKlpSMNm{Rv%uR{+biQ^RW+$)<)rvbsm*gWWBG0(iL6X5!ibIU`vqJ+%aD zIG-&oz~fqPYG>`+uD;AQMxe)kqyVb_WdqfL#Wk~;Su*K?=8+9n=Rz8B4> zw{Hsw9Htc76XNihd5BiiVxd?Em_J%z^2fke?)No>dQ+2YQ-9j;y-rM5GhKCN)on@1GPzA5sn8}jUqXeS->Qv@SMl# zdg!5E(9M-8ztKd7zC)CBw--#pT--6afXN+)fYK+heW60Fl^uZiFQ zB95h@(q%2LF<){Vf6?nW4Z$DMWu;$#l>o&$&TN%5Vi)JtZzX1T)A-cd;yXvj2M1?z z1sCGlK6`fB%&qstW&pF+(INGMO?xxdl``G{A>`^s7_4^CRl zoYbG@eF!KAqxCB1EgdFujBRPYA@emoPVS|fF17y{z9r5NblCP=_tk#YtMMGK#+)wy zEQ|;t&D{pX$?(wit{?cLSIX7?>3z_?&>l_PQqbwOMayHt@vtIvO&s`!`MI!_4(`l1 zKrlfR-~=z7=JtV#AJARi9q1FVSXbSi<=f$o_EqN6&SM7mVeEODeud{Hz1v`rt{J8> zrN2R)zZ!Pn`tBf-L+QF;cIYtL*RVwKRaoMaacbrXF=Q<5&}77?Aj)}gz zssR9bxqYYf{K}Lvevsj<5Aspm07bdUx|DW!WD{sn<3*7O22g0h(aIebSF?nNxwOYX z+m>k?VnP5Dcy?bf2VEHcE(hgtXQhDZTfCxaf)>!XOYKPRR^qoqECP7}80*tswU z6)jVm*a0&YilW2269n2rl92Ns{aR}5eGG8fEzY99z|2|n-rbwn$?!>`WwiYKc4X6R zk$h89Ev_~Om zdx)y?B|y9)@wF0(D@)EhsYh6!qb#`_-ke{AU{lG1{4^~X_sBVRKYR-<9exH=|!qV3{0a!l~+~%araZ@-KTL1nidhFmDF=DPQ zn4>J)m%H`tA5vAyM@*^1YqhmJSTOsp5Ls_I;iM3IJE*~^(CgUmD+jlaf$b1lVZc=3 zlG3JmNMTKi8yJ$sTsSI~bn)Y!*x&S}pWPLI{&QD`$epDw^z|1#-HTAKMLOwU`zWie z?{C=4*uiB~<0NE-{FEPaS~4f=R-VUd`>~d&=JaI!!RPixjAyy?c@u)NY6HREh3=g< zc!G`uyVc9@gF!8T!nZUmTCutGm6e!?$l*@*N>6frJie7t%$^)Ew3kLz6rMOVRf0$o zU(rkKKHDu#b1MVM*kPS=)75UWh8L(>MXs@m-Eo1x@K3!>umq=#PGZ(i8u}Wn)7{CU{_|d<$ickFx{5J8Rsk(Z z^SU8G<7mgw-zDPEW3!zf(pT~(O$;t)g|fd+NX}H!dx2?OX=Mmu$ABsrkQqL#XcDUo zs}fetbATPa;`P+1A!#f#?Y*HK@&o`jQRWd8@ESTO|AA#JD2?^yd0{FIup@B{1;<<( z%thVtVxMU_3rWZXvotnD95P^GqoC{=YV~mB7+pll7C7_FE~R!SE-1<(KJfF_I{#;l z`mXj{Q7%SO5gh$lW`dRnLl(nso7jc?NbVDEE%9%^pf1~@{?gPEph&4m-+aO47U>t>w+ZmRdehy7znY*q+x)pA6Afk|b zrv$eb^I5Fz0xgnA6Ba$wMeKGk3nT#%aVE7!$)aHp0HTZ&$iNKwdIzTEL->i zV95T2sGCvc3@Ojeo3(08r^ylI; z6(TQ(J45j%#r$iN0%hf!!>|Uk33?$#jmO5er5Qm0^WGiys3_Y^tH&;iR}|uM&wM!7 zJ~Ag>Ah1cz1B+K2tNA{qvXN?}-vm2QsW)BOvQUSK$HAoR`g2mZFhdGyu8bvX^iXkC z<27iUUev+Z<1+;VwjsrPGcEGNC7Zq9oBFcY`{L7c4A1Dtln|m&MN{E69*Sa9w2LNg zFEGB9h}g>=QOg##V+~4^dDz?2xo5rXk3ww5*UDPZQwRZ^Cdg@ z_VK&WO-p1bx2E+I<+FC=2!B%DiM%_n?*mJ*2(_aYx==Oh1Fh0XgnzyEdNeh4a(_or zA#Qv5_A=<$h*2}k*I591p)hP?ijcL)gPt1YWL3=E>zfrwp$y1Nhds*VUof`}i=XFz zA5FS%joSw?@E+x_@)tG$p5F4QbN?W>^%-!kAOIvt5mvfaZAAF{zyom z;a*so0O{VT8Kwl4dZmBls$LURiPN5srtGlBEjxvT(VRPoRfxL|)0p%CzrI@p(;{Da zXLYTh%@+~1MwJWsRkR}q1Ca{?9xFB&QBZlKa4uX1sMtoG!9AeFYA(sIym*>V{-XX_ zFhwPHdjI?6h0pD~RW&hjD<{2)XOfx261=P()s=yN$ji9^|=T7`z(Fj`?}F80}uX)#coE46Q< z#nAkDIZHQaA&~?qYwaV`f-|X_jeQl?DE5P{%mO#(NreQK>ecbOPTKctb;DJX=Y{<- zK!K@~Z!T3Ph*EDT*8v(Zzesg4YrB#Xnk3oukC9Y>at5TDF~xfcZkPUV>4t*%XG*>m zehyXCsHL~qebrvmXJ(e&qxz99#=R-I<7t{=&1#YmKCv0bq1Wp66%`Uhygq31v~^`J ztW;Rzo!MS?NQOMBa{p!lD?*cf`*9~e*ec+U36~FJN(ght4CueWOiDJyswUko9v%Om z0I)&OH3E9a0&jotYNpDv(A6Wx=Kz&^u=sQ4=t;x84Z9#{he3H z-1GFM9u9DuA~Ahu*_I1SqPr;(vNj87X{~V}E>NT1eQ*-lMZCo zGTg+66I1}E|%PBBDSUs`6+;b z*AAKoU2+nHl&*I~iu$+Uuve@*fY2@uG&s5Gz28a^cQc#*QsT6_tI!cIRXA9rFI{TU zHS18s@xoejhN+P!JkH4sx#F|66af^Np=69=T*R|&QOTlZ3RqKxLX1_k<0#MBLKAy1 z@y*}rD&*!>5zlu+!WGUdTQs7ss~J-0L%z;phYq9*&4DuTw;;4zXjmRLOoU_oV8NS- zqcfIP_S{VsL+rl_!Hhu-jOx&c1nc`IIdE3giD1mR@m~V zpWaYTLMn}gPPNalwynl(9e?qY%rsnE8E&^Od#7H9LJ&r9BkUDU4geOEr&2TiJPG<+|Bo!7 zb{|>@H~8RgTy6GtUD9Ru**nf$g9>52@@J6{dpo>zYqGfSJ=dc$RX)R-`Mf1k@$4+2 zz9cj|!ywZg7a0V!dcQdp_klYUgjLapMdZTvBiF(}i|^Mk7u`lkLXG!5m0u_Y`2Zc9 zwS?Zk%I`mG1ph5$^dDgZC}!5-nNNZ#pl9Ixgq_J4xB@uuK2?UyXKi>@A_Nko#9W`Ht=a6ZQ9=XLgjE0H17Zlk`y+HS>)0MpsNx$8 zlJCGqG0B#H%iH}|ePB2H?&q!Lc>tGp;4mU)$Fo!3`|QLBc+J5xi9gSD124YQJNM}x zyT$fHr`2!7y2lu+srAcxzmY?fV*TDbX8&Nn+|u-<$)wb7jx5a*ng5CsTB|k#P|Tm7 z|1ucQwC;#vkL|Rt&+CajJPb}2a~6gkx)c4{k;oYOJ){{>Y9%SMehvs1(ZO+u-P^!N zsJbzQ{6(}x;z`X~^-n@;z|f~q&ReH_T~_a;kn06G{+TlVG+@Z~>x5ggvC z(yFoQ!K~^EJXneDVDmY=18_5qjeFVbzwx0_|INXZYRsx|=D_QQzMQ_JyrR)x+R8D^ z5E#Z72PlrZZN?LvK<+j7zz1f~1BSMk&c_E`LzIR(`rb=ttT-xhtv{?=)y@y4N)w6z zGclLu{vu`;STBaw_^j<;sJ1)oYp8ZEs;?_rYfR>dyIr8IByw;V5G>&Gsp@9^{qkq0 z)XF@sbUb}I6hwJFeCgH)@xh(luO>hfE1pNM^u9`(D8_-eoRGgXj7yV;zbJ+?GpTYj zO;W&l`|yi!)ByllBT09y!SJKn7}ReXi3slFMdhECT8MxVMylAWr?RUhJ+Lx0E*l#q zFdidbb+tTAxW2aU+6ruW#G-ib1`+}RMAlNXu7WQ6k(!okPgehIyL@1z|7ZW%aGrJu zk)2Ls?0j#E`eLs>8%D&Y5|NuSy$-vvlupPVOdX-Op*d98=s1_g=G2$!N-4gjad zd;mvU=09Z={`*G9+amzYMyR>oYP`=F9eiMY#Wa5nK;~Fj+@vR@z!&rv8&o*Sc0}K* zx5JmhmvZxZgm;!k4Jp}PXOkP8MKw)W56^U^rCxP3$dh^OQDlCF@YN9^S=U=#=LNuy zB10?1@m!CY^pOTNb+eR4aQs~`qIVe~J~k<&9lgP;>G#iW;z2mfBAzgKc-&U@b^n?r zs~H{^e_`El<~J+&$7#GWeDst*nQdb@5d6l}qK+%>;k(8HP*bXDtm3ZgWM(}l78?(z zVO*1Uj_38d8cgl)$#SlFov7tz$mW(4y=PO~hI7cs+|XClyBtaNSncZvcvNZTs$#6E z+d-c_Ley>2x$j_dGu0Wnv)>cwRhb~_+yEFp9)0$y7HUyul@2MMS>@Kt#3)Pkd4!~K z0LFU{+X+ZI>_vJkADj0_&_~?@XdT*nrbX}*8==tM?M4tn_fyMRnQcg zx*ZELOxAp@!U(X-?y@n(&9FH+xAuezD>08o>FS z>yfpvWZYGm$0heY_STS7bBm;i1&=M@e03KTXyyiQBaqeYO#fe`h!gU zB0ofvuVc-6s=(P7TJv!D5M=aI8rq;;{6J+{ ztb8plMpu6+lX z?ZO!*b@*IE>on-D3~hG^2z7XJa;oh@jkX>`$G-D2JN1Kl%*q457kh>E9|*cmOg9&K z1(ruFQ(3J2_3grg`NdSTJv{a?rEVLBr#71d!h&v4kC!$|p&4|sts)oq#^@-*>>ElD zPm1rQN^q`^ugy{1%U1CcYE~8t4ZMiB_C-p#I8c2Uax%{4&%|VwCcNlbk;l;~O+JbK zwD&z-)vQ;4Lu_n948j5?J80lo1l*UR`qv`}SzoT(j#cLST{2mi2~5n+HR8Bb@nOuU zMZY561|_m$u{H|BZtbGWUz6oKc2|P}_7jdhUJ)by9HWwlQZ}oa&J^|v(n(K36Tp#45^HT@EJIO+^j=e)yh*PMO!g{Jaqt~TTL;n=zWZe`LCK&ptS zdfc}6-gHar>Br>{6VwcKEl<@-qowxawe_NiVoLy=9}~GkYjQT)wpV|1K0OQ)^4fJn z64|9|k&4(U)G5&;-KZ?4y{K!;ql>M0nD*n97t*PALM`~aC7JuG`)1+Z#m(DbcT`2I z6U*xwOPpgla8FmYVVvyNwyM=J zCQ-=xPTM&5vopX358BBpxqZAE>qE;s-NhM-3;wh zvlA%;78%Uc(WKbm-&z1M0m1}oRUrti3PoB{6G$^ovw}bBlB$GZ%=<*v#FnSKeT|h| z`D2oyt*$(e%d4G|d`2yYQj}id00AN2^dOXBG-c1RbFGXQs2d7C){jdfsC2O1zLx<- z+WA*LEz&8eW38II6N+1s)X_Ij+O7Ql7VeO8JkW1MFx=i6jakm?%p0LvGOnMfK;Mm$ zh;D_Y;RoksMXzxuI~7iu!b;PdKid8v7rru_Og zA>T9KJ<@q?+g&#KVquTku`;8X(F}Kog(jWvPnr`;yy2Ob*it21 zCU>1qw;C%#1F_7bS9_63tT`w#P`GYCTlL(PG!AU;ht1a`>KJpLa;`ksTDsBthI(l1>mq&N1EY<7F_pyZ&no@S{3d}0^6OYp;tvJms9iqM zqpi!_bMKm0%;F4hIJDW`2a+TU&nbN`jyDS->`R@7j*4bon)WP6Ut%C9hunD%wtXp~ zhg7`BP<=iVhEvXlkerpas`$2so6R^T--4)Hs;aU6os{D*hslN2{RvfWCV8s3LkVBl z+8*Uo4z#IyPX-0X=vgFRS6;VWTJ>7r)1D7Z^Kq@LzJHo6T!-KWltT+%QvPpOOSmq0 zRogwP7ufK7_4L+#dmHc@8@(sYEQDjNf(1E1V}!<$p01Gb85c*2hU|tLm^=|ddie%( z*oCF_437Dg|51;q=@=(-*wXfhlvVxecr^mWbU$zu z6TsmY20){F4au1LQ6)TS+x_SF7RQ*jW^Oj)2k0c zt@mgG=_nQA+6|zeb-Q_Vob8Qp)jO{^c^v)7YwE&~7ZZSsS$Te-1Oz59@j-Kq`{BAq{c^!^~f&@7FyHi8mjUvx>*~a%&;^`egt=Ncszc2 z&Ff1B|8;r4{#@Qc*Hag`(d&|gnHT4uu#;NrUb4}iHBYnck-*@PW+KtzPBcx6l|Dz;J!U%`RV2Jx`2rJK=!XYeUTrxN z%;^kw!hqh@3KSmDE0E)`hM=zX-ewLPabE0f3zixPv@JUK?MDkaB!3S@-72YC1?NKm zFFX%DeHr0wH&JZ*uPYVvbEU>osjsf58+m(}Cl1EfA|2DklaG{!>N=y+ygEiccYc3= zl)RT6Nam|3Y=0~`TQyQ_AU4*F3*w;XAV=E0Pp>{J8#T!DA11%^kpuJVNvlQ&N`mMsvt*3EZmTCWpug_A=oV`2b@zq1 z?}1M#p(xM_)^$QNAgj`?^EbeJ+)k0HqZ>-G-YMo^9wZWs-vjnWfwwmqp_1@_UBzYa zsskBlr45bb4x(>Kr5uC_{klD>$;rtDJ58sr+7&1-eakFz?p_t_ic-zvBA5Ciga6VM zFsrT#)Zp;JtrJ1$EqT%l_C-Z#$BTIYkO@`Q72KM z2K!a2G3&0*3$sVJ7giWfop0(V(692bSUKJ;UJPmWEC z?kpA^*W~ZHGI1}!+GKgHmu_rZV!qNL#6;U@4^rK*KBR*?f8ziY;cCvBrplGJTqd6Lx>Kd zai4=Vx7^2bm)rIw(_dPTwF>v5e5V~o5Q|SkIlgT^+88O*_T2L6RruiIa zI(HlXphR3-L`vDnhE$cT5FrK+c9uVso#%o!{#dNVer-z|ZFL$pAx6C>Al<7$8M14t zNEk+9uZu3P#`qJGSt%WWSPbdroB{$+KOzu-zUzGY_+JCiOCSKW6~NO}2%vjyBd$$KG5aG^r*D6uR|E7i?Lj!Ry+yvJ4~pCVf#UBh5lkCzE5- zOXn^ya_XM|Uc&&7t@cckux&(J+ST;Amsb$RLzC(H;uee+I_Tr$12Nr(r!ip0wH`h{ zA!88B=rilXeBP3w{BAy%6pI>tDGWf1V5^; z+fvNa-v^gKgSUs-l1c6vlBYo{m9Wa%ls(uLM!722KXPK`!t&Xu4IK~~km|(C+=hcv zY}PT)B%QW)U&F_lPfrz6lk%yIw zVey={O;<0?5VWBue)1^SL*$v@fqv~KlEA8ysZmFlk{p}c9_*L`Kn6U z1>M+p)&jxT-)yf>-g^^wBP+eNrc&KHnTIz~NMIz$c8z{`w#F87u<-H{SGNAEd@G~t zI7HE0wDERwHTK7czAaas8CpBUSY`E82i=;?pzhBg zmvfKYm53XPv>sFA(njQzy&X<9PLKrrl{V|=`t-d#!5FU27!SIx7}0YKhc(`r@IB9? z2e_!Ufdst+`}rgZ5L*`EJyY>xWB}tb`H6AM6$c+6=7vBA*@pz6K_`|-#e=yldS1)7}P|& zxM##%z7cQKrlfMLil1cO(b3^4Uf{4+>B_YGjcCtn%rynMH-|X0ns%^$x~*BHz#-&t zy>5=G2|9NDUFu@v&iigJ`}ZRYJjN*#`%UI*84rvtm_E%;9x=s9dTrl1D5lh^awX6E zR%{&gG5BM{(E-lm%@uC0uu2c+W_C9%V$_Z2K=(K)4|yu@c>F!M%jdiGgmCL?W3CTQ z+EN|lXN18rzMudJ8}pUcr;-0=W!Eo(SCLJhLyj}YLA@I;btw_R$ZE6@h3fi<`mD;b zog;FoShvN7B4jPhN2W8HbAcW(@Ky1lA{&r3q|GSQrugH2&!{Rbb2QFp#65HBut z#SQ)VPS`w)1Q$KUwR{ax!`?ebw_z!qhv zHTKPwPEo$*i-a?qeT|XY7QJ6Fu8b##WlH-uPKi$bLAp{|sNephbAObqBQVmetv97~ zp|4PFH{K+}B{$M?h2-h+Jm-K098ny#f-7zo60r2}y(GFYpQkc;XKH(GjJ@x%NBI+5 z=tvTgE+SZst0qnYD&f`HSFpM+wZ9Z6~61}RCVqT@FqpZVeENuH3lgF^L#o? zr=b}rPVZTnY$ZBtEL(ZSRf`Hg|)5KRMFX|j<#&$Ztd5B?xFJqxOKw{FC7 zyA@EyDPOMg@NqjPG#^0qr`ppHzY4p`K__h2Z#mOjt1u^yFDuYHj+v5>u3GZ+vQuxyjb8K zj~E+9n)9t}^|MG4j0N*c^d)f696Wq}MYxw(>6u%x>|>%RRaN(123h;5q3>D?u162+ z?fR~TGMpu)x=b_;3W6D7W4<5FTRVpY7WT9=)LOCqqlxM?d|k%6WYkj*xR7E%{aO}h z_6fE=NRGEZT%;=+SSaxrb$ryu#EF?{P2&mT{ItC`r2B?S*^!eBiK95Fe~~73{|K6K zOqXx}dT%TmcGMOO8TcRtbz=SI&sRM0eS6;tq`D@WT7`P7CTSj8MRQ@2IWsts$q3nC zh+F6gx2uGgkK?C%M-#4?3!MzR%c*AsZ|2Okgh3*zH)m^^);52}E*2DburDzuPUqZX zU;MtH079G$PXU#8_uC9KNKlTfUAqJn%PI&hS*{y9Lx9B;kqJ3rAta-Ji;*dILS$i| zCpo+>&DSal;)WNrgL&!d_bo4i0kmaKV|9XB8hs|ML&+T++{nQjV~f1L9f?A|841p# zg2v}oc{FmulO4R-*&k_#*B@+mfHDq&|LIchyXBvsoQWpf)RU%|ta2;^QqG1&7P8eK zp_u>jUV1roC2urNp&o--a(6%hJ(psa0aKTkb)EWm_ngdd^^etbeeJ&$>-y}$0tA`d z`RnO?%r)m}at$X|!ai4i7Xyh^?EV{A_!{*mQFfCUP?ub&~sZ)R> z==UV_S<#nl3ywAe}{YCoQhV3 zob-<@g6k4I&1JuFR;WH@xn56Hv?_Lio6Q5esIAV(W_FoxQTq4p$KmCr2P#r*9fUjF z8$DiZdtXjP5cP;XWu1BOxJspp%fwHCnclCgSHht0#MY^)ZaCiU2yNDd^X|_c&f&Yl z9V-}U)|Xn}Upw{4XuUN>26_!2>!lGm1vmah!O4w|IY_4(~n zJg_-^Q43WS{a_RGvg(fBf8@&H;>2uO4siEwgFIJWd1^j(5A1wTO3bHxmcKvipV5E& z4}!=j^3HVweV8b#5av@!U6w=2ToMiGgTG9*I__>W2`cv4g(M8nLt2K1lbz_XY_Kc6hEyll0Vg5e8N@ARejr=t{@Uv)I8UU^*hi{zFz`3@+ z>rUZc2q?ixt|e9-$!dk&7m=n){q0G1I_r0NhBnSA+WHOVQ*ljJ{&(ot^Bx!f+9^=d zqExGLttKY)AVCF<9P3#9cCp))32bI)Q8CZfn>nHAEYLvr^Hc$2AYcViaTC|uR`!2c z+7gg<2jCL zrpt(cL!$0=pk9x|6EDGm)F74zRwQ}_@5K<3#+~N zb7{|m|Gj%l=r7x1yA9rr*Z|HW@q52>my89xJJbwdQ2((fpm4CXV)FZ~02n3({=0Jd zH^c7uJp4P1Bvxj=7=SrB7HlUk%3%lyju8>BX8XNGF#FkDo2EiMew`jFAnT~r9ZHXs zsI;*($P(iA?T9UXT-8gpD#7{pQ8|x4Dsqy=m;c4Z1gV0MwMs0*fgzMh{Vy!&?tOd~ z@nxv3`Cq`Hd1mnLEt==RK|733{Oc%DCW3?a5+U_3XX^noA;^Ro5CXuo|KoImI+P2p zub>Wg%3#XNOYa{zHQmEKw^G-M#kZoTod5DJzcL`;r}55&<)0QmlV9}xR)Fc& z9K%96ttP9$SmViamsL?kfIX;x^0E7uD|lW7Zv#Wz|Fi*zA-BQD@*Nr3o{Bx{>M|J6 zP~2Gqro$%-=97lrtMe(IpwO+c(X6`kKZoxZA9FX91Ao@8JpRX7Bh!X+Xp5^D#(y!g z5HRlKNf205Ryf{(0O~-&BsukL*(CIaw7eA4x{N3@tmPc4-EpOc!qDpouDjVL*Qd77 z7pJW!Z2hj)yGr?Fv&c5F3vG0~L<8Y=`ygSj!t`FX+IYao2_uf` zi@Jml3dzkLP?Znupx<6{=X#)`5*v)U-4_AX$@z5MVfM$B`2`EY<=|au{`)w74oyjwP(F=E!}jAWX96Yj(}<0^((msHfG+VlG1Be1Y;@Yz())wJ`xm9Uec7OmBS!9S~XI-@@HHFPzXZE92pe6+pr@1q8C4f!mF8gKckll^mo@)9mx1{WUK@3WqY@5*tDppnXgqohLa3rBVG@wH<8OmL+BIP|8OQZ+1j!Z|28b@mT3$jrh zsZRYr1Yq8f6tXkvc2(&Hi4s7Cq&h|06Ha`t3x2pRv$k*!cidK^?Bq4K%8(Ojm}2UB z(7lBAG>?nhv*7nbWsyBTqu#ZAU!s43ILPhYa`uLDY(_?bZ#Jpk`qqAQcfp0ajdb5# zuQ4*5Z#FvDFj3-BUaF1)6K342+`D|2uFriu;TwTKEyHB)xn!g@9QkT%A`CEVSi{(b zZ^ot)P)6gu;1&6QdO;`-MEVPaeorS?Z>g2H-}2<(=|gcTwEnj^n4?~gCzPPx;4C%KHM&zVQSf39B%+#cK}5Bn`QKg;hWbh6M6 zm@z-;JpVcf^jAf0Psnvn!VdN$`O`&P`;nBb!R@tWsZQ@~j=Tb) zzGJMtu3AOAxl!GG>T(d2U~L^>Kob*Od9Iw>Bbhklf6+g7ELvpPE3dlptzpCdA%$pz zlc+9sNVUIm)1hyb6YBM}112t5%b-@(3sZhY9sTa77rXNdFP69Q!0AeAYAY@T#vhfM zq6Q_nA73S_dq=M9I+47j`%3b4sEC!0HlvnS5Ybne#A$5|znPrRG@oI?>uxVe*}JcC z_rjYi8fz2=b$rHv1*P#a{USa!U1 z*V00ueM_O|JrWen1>q)a*Be*xj!m>@gOjZBEiT#>|GWZPG?{ohujf|JSTUy3*$pff zmfE#YiK4q#Mn})bnv+-3u_(nAlDK`K4;PaJV7<^M>zB#1wBsSX*~DOkQhB&1$}lfD zf$k+HxEErOO5cCah&;gB4I}PUc~t4&&31oAOmO*g?*WcFka$s3?)x0=cyG_252|B_ zzM^V$TInRkDiq^;yeD$yk#NBteqX5qFx}UaYq5~Xml$_o-#H6?)DOQll3O~a(70UU z=qq>@h=&g(i!-W|@Ro~H`lsc3F>6id@ew~{fZC=}nO&y*jMr+@GzWa}m7 zM|w?HLUvj~5n^MSSYW4K)p~UtONIhE4a;VO)fsq6yirBNz z^*aR5#6tnTUIv}`2HsD~GZ{RRuX)g89A?RScnROdK$B4G?} zhB>&(KkZ~ysOs&N%5=${#co@xu3VR!*?&+spjITxJ$elo{3MjsZxvtLricI28fnzw z0VGtQrR$C~-yLKYn2376Vb?R4=lD=uvd#H(^0fo!pzF}Nn&2zEJiN41JQS}kX7wfW zcf}Tc#q4elA-m>5LyYK{A-9OZ2_#qj;B>CWj1J%;FNTF+*LE7)Njn!ToSaIvDd7!t z(X9e9d2@rwj$>|ztc{3W1H+{HyRk?6`iZxF0x)IPnsNEoY5dumMJ&5t${jb2xEh53 zZIW)E-cq2_b+FL6#Ewu%Me1Jd8ECCf*imEn`QISY7oxr0RCVTx>q5P{8}^Pwp5HhHT_z^UeUx{es1XBkk*w z5dB3k>PF#19E~nDB)@XMCXt+eM`4VRPI2fG_i~N9{R|~KISgl6II4Va1dA4?xqYZ> z(OBRAK>;pA!D9ADPx03Q(-bSOb&B$FpY=ZXF+Wba^}u}*=rs$Jm@G0K(C0hB2(FF; z(ng9TzaV>l;|ixWP3mO~U(UX9RhFE-ezj-e!>be0^0+xJ`W=s=-k!6xn4D~*;XURJ ztseU*ldkA+P$q9bVDh=ldxg*tF}9UT9Ru}b`kj;c(B z8%oO-d~s#HcVu@;uBwzM;x6TEXj{~yb*J3Zq^I0ITMo^Cn&VbXm5^UiN~0l{jFv#pCJpiOmSV{ww<4=zQo4Ksj#z0o!6vjc^B+ zxiKVuCZ44VU3I*YWVSL{3x(u=>2v*(;z3ZvQr!e+0!!b-Mf1-S?JZ%>NFy2v4ZByqSzd8T@!Ff zA)rjbdvzgjcl|R5=T{L!60mvN2Rvd$7m8MYcS~`UrSU1X~(f_vdD%; zpwpJQDFW-80Tjc4X@A#TVQah$BU|;K7BCx4+6SmBM0DNEW9xmb1mn~jVV2hsVeMc_d|Ac+f$YalAo6mxQ zX+h~Se;)FP2vvENWIG=PFj%5>7i>$X%EF7P-k!n~IK>}~+GcIuF@~p_75e;CvuR#N z8bV&y3DhF$I;}T?cScwDXxF^QG1}ZdcG|rZ*Jqb6t<~&XV_YR~60sC(e|&OA0y2K; z#m%~xGMFN_)p7QQ}I=jpz`9*C>yLwa;g_0Km+De~;MiQdlHk#@peL1Wga zjZ*SuiO|zCSNQu*1%2w;!c`F(rQT8?!LGe5Jvutt|G1J zU8#I+=?-IDb{9*sa0$u zZtKpNZGT1+rT@*gkkyruW1xziL1;5mPtv4R_4#8s8Tr(l$Hr{6jz+x&iwx*>Y~MV; z7r-lmy?Jd?>g@89D`TZ2g_fgn9hc5H-C~GFG2gpH*p+?7i|BdDX_=Nq+jC1dKo`Q! zqPTsn+|A-nhV9h}j>5sc`g1Gi%+{p{E58b#+qPl#www6r=4Y?}sRkQhx-^W*J68~AHVW`_@KG$p|thFnv%OK)WY+rDL z*qJBMLGmH|{O2~&x93DoL3E6JOq;(y=68Qne@ALzS;{Gowl(aJxYDlZD@`DZ$FBUlck> zwfW$=wa(F)=bkf0IJba@-DU;}3w%E+Hf(yHG=7Bt0*cA4Tgsbgss_Z10k35y4xUx>L|YXz8E!&c$8~IURFmb;Z2Qjj>&3;I=vgN#dHL`I*Z3sY+DI z%c+!v=NnG>FZ^A)&`Yq36IXdUD?#+`Q~RbS$f6 zgV%HBx&(*Gu0Hi(oH$5F!*Bp2yYk|uEY45oi#LOt?+-9t1CU*3g84aF zlP|=i%Den3ndbJD8+U}Nq29HKPKNh&6VMF}aYoOS6XJ+N)h>jUzogXSS05E`@b%z@ zblT;6QkBY~45!_7>9fwSGfc{e4=xxIb~*dj(Ny9^TKdVPrG4TOd|^apWEXl5U^ULO z=_7WL1`<6OR~B)IV>n@WiQ>*R;)(@lej9H9qeSXHhu7NYMk}%{)DdVaEUFnBGIn-* z7#^ zGe^8u!zFa^-LTJRqSa0c)mz5i?|8?p@69@O#?wTCV9z+WrpF?-n8?T69VS)panfr} zjH}XDRYL_#ew`c}%l!K^OWo-%WZ^}9+~FIkHAx(99~$m`Hi5v$>3)+%4z3HZnWD^vA2*VJ|9na!3z-12MjH z1Yz`GLNK*Zg!3hBKQGa7jq_Joi^)<*56j;*3x?LUdK`1`ji}1j1**4_I5?a7u46nw zLx!y7LOz89rv7Uh|1Bej`3 znhkW3u@=W_BgXaJgwQs8D;DQ=+SUgICzUqkQdQ`!Tznri6IF2<`@_CBsgE?43}f7M zsI(wLW6#JK_)4}>dl7Ta5t(WAMK#~r82ZRS%@Yga5y{gw|s4_G^%j{4|S&E z^9346DawUfkX*u@8sg1^tmsC*pJ8Bppgkp3my0tXmrKZHolil(!N~D1T~1% z%)4_mboK!LQJ+nmWwY{#e#+j*QdiIF`V#G6N(4)9GS`caZuH)DvjStZ&>?4QBYHho zRN7;b_uOrn+=OKaXtsj3#fDjB2!u9BJeFpBw+HQyN^EpHJ)wj)i_v~>o3%5OZ&f=^ z!aaQ^J*7;^cS@PD!$d~zM_{TE%;J2E-R%EZRht19Q7D=dx+QLUEPa8Tec`bFm4DwHeV`IhgI#D!v?G{Y0KrHVnW%0FJ0 ztLnTo{NSc4)Eu#kwn#DRaZloFDaInN{2?P-F_|z3kG$WVDOmQ-j1FrjB>W+DZ7=7* zjcK(<9Ok@DBnYajvmJqO@<%-if&DsUPx9o=38^92H-_n>E1rIvk zxJEMN>}3eMlcl1{a8wyZFY(}Ou5G?cZ0yAd?*i?q%I)6cxN*XRqM9;h@qM%ZYRC~l8IFI&H0u&xKnZtkLrPm ztr<3|+F~A#ei3PXXMfJO+KoOnVq6nsQSXjQ;v~V4Q(&wi%d@AmZ9zW^^C2agJa40-sWsvax7icUaT9uhgf z6UsD*(^L7n^nxJ``4;4CdqsuI19i9Sp37TJ@Jk(-c)+6d|u-*s`z1L zM|ZaSr0+5M&vEvU^SBL{p7ruEy9nCXZzeys`@%NUZ{|HHc!oJOvc}my%fGRgK{$14 zx5uqFIyJ#57!&81LYGp)ds16(dGCPySx7B=+s2cs+~yPUU)wQfmdK%v3?gqQk{xV_ zVWufgH_z~ot&qLdVooOY3cE6ovw)8WHj!twIHs_Yj(RI>aJhVWqa*R})2D{)Zn1JU zJhyLTK8;pJwTHI8oP`p$D`P?j%jw!npmX z-Fev2X+-KgGkAzTRU#ti+dv^ zuB4-?5Ly!BGSBpv1@pNq=BH239DN1V=bMU7$TOUXVG;>3MJ(dH!*;M0u#~QNkS7

Ad6$Z3Akw%j96Y@|^JDZ!jG`&0tiQz%%63ZbY9CMpATO1za9+0`% z55OU{`CdV}vw6Mw{I!rII)}3&S*@jl!=Q`u;?yOIf_J$Fv#^KLD zP&e`3oEdp9`pCA5lqDXS_|OQr+Mv#XvO&m?QG2v)bRwk}_`w9e#ReTyv;&4Uy=pQ~ zgS6vq-OQ$FOFU`vIKNS*wf=oz6A_qvqXdX3w^SXq2DD3YYyF&Nd4c4D2~qv^q^OcL zJ?ENCKL{DlBIyaILZ61C?zLBAPsP%8<(CEmMOv(<>_R%KY)HuGjw99K$t6JV86g%{ z83r}fPS-ol>X~L|JfIEAcpM)t;2cQtg=K@~aw(&blYqSKxhD6^lN8q0MCm{Slg^XD z=aFX1!_z3nM_zhVRk;( z06~>DK+Mr@(O*3|+^$D5^J6;fe7?GEx4vvPng)JzIwin;KR|0V2H6_lu zI9i&!-^5a&#ktp>Qa+<7&uFSxqwQiXO>%B5}Ud*`qY4)(=Xm`O=>&oY!FQM1b#69If zQgA^*9@8nWU?h~I@!QZmZ68ZH=TuQxu2E-kFjgMJv^bx<(0RS;bdfnUPO_N2ykOTD zo}B6vHI3Rjm0?w})Of@(d-klO?!#9fSWAcM92^;f+_S!Ak@#yiJmXV4jy!h1qe?!y zQFxx7>}6lkl#6j-7VeU~l$?A0k(xI@wJexl)6{f*JT1Wyfsh_v{&hse1tXl2z{yy1h=zn#ogGD$4a_t=nrl77(QzY5q9N|=- zaL+~~6uW>5Sqz++YbbiRb*!g%ndb3(%^9<`YSa4T_uFJ1A4!N>XS?Ed0fuq98 z2=kE*i*!Ck(eKLqI;(S{{O#IeHB6g9ifHMs8|^m!9}>M>BIjT>{!CGR z{HIv#ECBcNGa!QInSOv=O=Ox=Tux?#95<;^%3Q^QR~iFT$AeBEO0~v~2^x%iMjdJ3 z=`M)#!U7wZvJC8Hd4|j(Ja{xIPwXd2I1LU}qA3d`&k(!MpVZl_mM=9s6mNd4)W z7gQzCEk8MfoYeI6Wx*SfEgw0?V#jcupXi&VR1-Sc+r;u;=GE&nz*B7#&D&!)?X0dQ z@z=HnU~^tgY*=KZCy@?bv6$S;toLlc&-AZVetT;$J_UL`soe-+5oNfSg!-hOW$okL z#^4}`B5m$pw7O$%VM##xN%MtYK#SP?RczEu*CI8zR+ zd?mcJDP~2hC6Q{IqQZ4jzfGH@eA$A=65|d;O*nD2GAY2VpGRtWiq;IOPH(g)ZfsPk z)Ep`Ic4dI1*f;yel1aXyt^DqF>rmg40^NfLv|X`3yhdK|RvIDUekX3wg&b|`YbOib zoT^(?EzkbE&MU-QS_@Af?@3$sdLCBJoJen>uFrPJdAbRs=-D7paEHp4Z?#={lyGKz zk#Z46aJbO7ZnIu&qW4-|Y^=1X2aT900dt0!xGj00D0FB=^tNsOIV?*d1Ek!I`^185 zwA1TzUjov2CVf0eyBhALK~G4o_HeMR7`!1TY`@r}B&DM-nGQWwdLrt5JISMgA`s4` z-QZ@Wm@F(*(dIdv2mV;Z-t3_|9@%9Yw5{LCGElvMai`JSlX55cB;X}A(3`&iU%OL~ zj$4=uU;IG`!QOme3jS6bIshkWTS9F0_GES;J8fl*?2Cn*wyl24pmf(nF2lajPHAyq z;QXm%&Q&gyp@_xGyt z_7=-c|H$%R)1JTJ!T&rG`Fo20ed^%f>DK>K)2;ui^58*bX%=GO2(rg!64kn(>!wK- z>d~S*_pyIcZOk;$k{7nl{LZA(_v`4WCl%c`5c}1Uf^6YCjO-vY%5m|FyRJKU3}~t? z-zBLf*cVEEI=^(^HdcS)z^wB>J0-4vBZs@lnIL_6Sd-HFA@4tpV0+2+0$1PjN^LG> zGBj%(%|s_Yu`>$q=52?dqs~?3)T2H=s@xs*jv1%8c&U$eXeN72N1(u^sSUN!Y@B=F zzP9PFS@2)s#GThMEktV@sD@!A#3<36%Lh1Bk*)k-c!P34^Opvk(-op7SHZQ+Umn@Y3D#ks)RP%JB(8++C-Sk&izL!0a}?Q+<;Nl*0r>SypJbam)g`* zuBID&o}NF)l?>%%$Uxs`uOII6-eWZ868XhjeY6D10xgiH@)i3_<#KgG^Z7@~Y5&3Q zh$x=Ja6DKSb*aQmDwu?`h7XbKg?y^>k+F}zH4prH^5ER7=hA%ujMj0s)j_5q52xx% zv)*r(YpL0p(uaz$Y+H4htINJ6{UUFFO8YBi6d%QNUB~$>H#tz(|+Zu-P_j&NYtq#!a z7Lk7HQ))cs>4ZU7;TH#p?pf13r&XCg(Vjb=%ex11+!S6&KO#n6j5+xgcl4w~S+JdU za?j#bRbjdJ%a>p*RnJ8HbW_4-5Eb))fDU$wF4W^E!$A!zE8{Ch=>ezbHSu=4w} zGott1A6S{H)E%QVobPx*og}3RKbU>ftqGIlv9q zrIpa1;+iPbJ*R1-adXhR->1JxBEoNB`4+g zYRy-k(jDY*FL#xs)M{Z)&2MHAt!Zamf1Szx8*M@?c@Nm1Ov4OB@A1@_6HIMkuDqs%7|L(1x^inyeP2kGj(V%n6U-7?ZnKO940o#yK z{a#)FF7_8^l^3p$#iYlZGhFwo`AOp)ui{T^pfKVGjC)t}{ruCfFNgzyLf4)1vcbDO zs!4zZrw_Yif8n>C)bD~k_sSFa+PV20p1o)!z10+@=o_g2r*A160Oy0a`EPuq*mJW| zR_Q*(^ml)e-IH^_v$ktjZf}6|ZHRN9FDvX7$ZqOD0bNyE9`GwGe}4`54DjQ0!+!7B zZtd!LSq`YiH$qQZ?fK$?#KzwSKK1m+aO%$mRkn^bm6V*>d;CFEwm$|YBGHfiqSzF7 zpGFrA$S6SPXzk%WA^j~DZU1-h$W}q2Ok8_p_fy6nw>AeK2^yOJNhXJxfUik1NB-PE zT$BJ5AQvPUbbZgD|E99-|1Qe|yh()@obxja!#Pv zOS+$#Fc=?L;r!K*r~fhON|POqR-Sl&veTnx_PI1)H=^BLy!x?e8XzxW`f%dC2TM}} z92g!B$onf-|IPHIjq&b4NuvCrr-Zxg@Kxf*ro#imO6VDYlb35 z4-njr69B?$OK5ow&eRB(ylR@-L>PCm^@4u=`ma~%fhluclUoexhGZ#G9z1!0Hz?iGW!l)oAGj@VO&4~P}F>d8!FlRi9yo@KupysfHq?b~;?N<^sN2`C-jhtu8}2lW9zVzS>M@(+ zL~euGdCYhwQroCO#I?ur#IeoVT#~QPdskv+S1j@H3CWnHpC3BB_ri^jP1&bBo?1O?1>7 zuBrEvA(8sRAo_(=f!Nq(46VM{Y({f<;cK7SGr|;p(qsap0-BziZHMLs9clA|O&j>R zUs>2$I7LQxz7c_`ZU)!Cq@jcjNl@5UU72Xb_Xgvfh080erWlWo`cG?^Piz1;@@(Y5oJ-E%Qx3PCuR_QG%c?f;ZsP3Wh&HP@>nY~D#1+( z+Ia2=@yYAwy@(r)5iI*i8c}xZ^C~gwfbdmzu12x?hPSa5#LH9}s|VmEOs(HBb^=$` zVxels8;m{`^deHz7Pe(~$SstZ5U%+>iSGcyD4s-`XdO>tlb;AEbD1otxHU)2B?cGZ zqH9zZcb93K##pJuLL-MpOE;KV;e{0;I6V=d&sA-Ac*pTj%1ya6@*P{$yDM!j zL7iY)`*-U+jCbs&?qaV)B_F1;Hmqo)*r~wm+a29*rNT3SGH#f6UvI@nD)inYxz)%~ojBmBRoe)B7{BZe}xGkoKGQkTON~|R3 zjS<3js`Q1RuhH(-}Qrp&)bPfJk31mjY_-Pj8#L3Fn zW`${z4O#jUP0EghajrSjOKLov7c^{xY7yKR(A2GDRBS9y<8gkt&Y>#V9qNipsK`J} zAe|n?eY$S^f_Fpyp+TG2F{EG58Vo9`JJ5ODO<$+L8rF*daf8eYXe={TYje;>9Biky z)Z$hTIEbybLcoi^qQx%By}HNaI$DQ%K7Pnh)x02HhmgEu?wm4%0_Mgz-Ldoj*iLzD zusQ}8X~Yjltt|Wy**4|I4m@{kJv_N-SL?qBl>UUcdWdrK=+R0LoWg%EdNSNu}_4%0_brn(lYM`O?#H2Rh z>4`P4xnCZ;8wx{!XvGQq&g$I~h}Df#AYlyV**3wiGN1Q~0?iWfeUFho4=i@4o&U)_ z;3=>1k#)~UXd~WF0UHqzV!uQjv%KVv9Tup|F|BWC-To4@ z(cuzE+fcLp{`heRSS=*Qu<>&*BKIs2{QaDj;P%4R8q(%a$g*|RK267*a)WwcGp^g6 zc*v3eMkV86EUs4+f$$3{<)SJ~9wG-#CA^#4k?*lBfSI~XPI;0o)R8636OPEx6Ql% zyA;2C6zPXi3Q&t~q)WbH=`dgaj=Ul;f<~ma5IgUmw6+;%QLQRf1idP-uxx}2~@+g{S^`7}U_?qNSXkq}~ zob2tVrQK&8#aB;N^W+q6%<_XDO$F27MzBo&NSEHM5vGfkPf&)3OK_5JC#>Ci9oR_B zwnI;G`zbO|P?7^3*Z#HK$f`MWTrk)m-yVnc{?~3j8^vFjx{9P2gCz3UL+K^CTqYuK zSS)Zl#3pd|hYM;BBrz3P4T8j0FEHnzg_E@!s6kU4{Sw;?pOyg}hwq-T%=vxk@`^N` zJpoeKX{o5ZtKYuu>1sb$&4B9WY_%!LQ=x@Cw4F8i6COX==#C5&hGZQ2yw_nWa=|*Z z*FouW;I=im@i8;!Fdn%fbbY_&AG!2O&3wH(p&?*W0E%d@&mE+$dCt_E_hAN$j|`w) zE#%2T+w!aJB)33vAn?hvpWMyxzgSv~{uYhdI_nXZXQs=ony73m-X>&?r?;f~eX3Z7 z)dqzz@fA2dSQs`rGE?15H-IqX;?%+FET#5bk^H2{$n-u7R~3TX6c93*NOsLYVUr^> zdF#bZ6)7VuDx@~fJuqvRv{Z~ZyfFu3qGjWbBKI3scnP6f?eBvLRZ4YlJQmMbTYf#) zX(9_a(v3fKBx&suoUo+LgW7kZAA;|Ez==uP+ZuOErl?sCR6#0a(JoGrj{RMC8<;pQ zZj4pR4$M{Xr#CMwh81#9H%P^GZB}+SRI(K=y|r{j>PXzkac*X-=RSg)XGqRl%W7Bg z?0dReH%BAuz`ZzqZbpkIfX;8Kpr47!x5WCcUXv}^bbc0S@UgVC`+XS#$|&2x?lJ)^{*WZV72R?F6c>xp6m zY$JZtUe^A*J`E#XkzM77Ar}V{8;yv33&+;f^nr*TkuTyIHUkSwUZkz?RVQ-KqQS;5 zLo=>R^%OI%8#pOC9?nJAp~SKQQdj%ixtq4aQsmJaos*bxo4dzJ0WFkK|6xL2CO|?y z>Cq@~Ml(5&y?HoPJG3&hg4Lm^@zGgK(#K`-O#LA50{|mH)0Yo z8eDEQTWOpSBj`aEVhsCpSYcrpp{zw{Lj9RhRSmFH2F4sV^v#UDUJlhQhpc3B`Xp47 zC*F9p2yj5EtAChi2I)Y;mhtC{U8fXegFLH8(=+fFH6>RH)N@@l2fm0+!1Rlo)6jkx zrc+OCAZlvCHU807-?&&Y@!{>bj&2=x0}I#L=w}VFli}i$rW~O}O2`u@NJ1Kl6+hVO zF-y#z=Sh1TO5}>InsR!buCba5Xxr=$vu5L&5(sp1O?9}+X9H`Y|1L66Ypy}A2BVFX zQhGFJRy6Z@D4B|bE%sqauDTa#J+S;iQvnHR`)l@XTd@v7+VxFA&>7sBx(S@boS9aot7)hT!uo1%B6Ei}LeGx4Oqe%nF;LjqSW~;>AldPVd1bX8%=;sTqGz3LE z&v2y*r^D%z&3v2zmEI@&Lw^7gm6_C3brLsCWSW~KJ+4HfCM}=#l)k@#KtHXo4>|WxN-~Rik+=Y z_T|}}X{dC6__jt*XK7(zCOlaR(TowvCkG0(^M7b^uawN!kC_2Ocert{*X{$!=;eEB z9cqk$0%8b@)e$p#CJaawtrGgKH75LVF; zoy9D~n7NgI)B< z6=4${nVJLH@a3zCJuNgob>XLIHfQ-PDr+#o(eXNt#BkvHknou=n;YL>&;6)RlF~jC zrenLQST$w_FIw|gZx@SqdarJ_R+4U^He)UsCwD$IC@j8X zO2-|${s{mbw<@D*07QYho($Mmr%T7Q;w|GNRWAhi8Tn$=kYOV(EMF+ebetxfSz+|f zBP~m7tBOqam5>!?uWwpfnW{hdKW8tVtQ>qfuy7g#lkCLe%XFw}~5vHuGF9l-B0IVPscx()57xU<8o+pKP9_C4nf###OeSWkplr z4t_cDav%@uQ^V{~S2R+tJ0L8H`7w_ZpP`c=WDOD%)JgJ-K^+$ z?3w9gjWyHdtuGjCTVWR~*jS(o^z9LMwXnZL(8iwQk~)!gJSYHJXsI37TVR1oGhsI6 zj4E=j3k$2P1XJ7OZ51;de_YHQhtq`{$U~L6^9sg06lRuu>jIc2EL>;SzF5q=e@T5- zmUT7*tuA@QF^G++nDhcAi=)F$8;6C30ZyR`M1b?LX%y+28W4l{fep|f?MLm8AwymT zyx!jZ08q_;*Y4-PzU}>AyOH~^vr=4N0su2quE+eMKU^7ePv97ReG?@U!w9m4KxC~U zRM0VwjbI*}&Zrj3bZ&St)LC<(S|()vuDKRb-p!p|vLk>spkhfJ_9LUO-U4U?>{(`7 zGGJ&Kf9MwfAHwC;FxS%L?gB6_$~Y6+Bm!i21xH^6USBA24+cR9UktA$*v1iJtN^qC zsw&62AK82o0zCKrkK9bw98)+LAa@M}45Ii4W@spfJ(mmY?58+Bge9uexB>2m82FOWG<8om;r&?fx-tvM#MXCcWbMbb+Uhw4?lo=qg&+63xw~~@7M$b z2LM1cmeNx12Mw-Lw+rSdPN~{SoF4Eo)FQ14J(kNL*6OEq&wO`6IP5^8vV*c z5hZH)Wx9a-b+1G6m&jY&W+bX4ZQgA!D0p`NM*aa&TzK1;BuWj~`n>A#WEhvE#Bkwk z=>y1hF)HH3wZ5?aW&Iu=87w6z>;pt1r~YDwqGyzaR$oBe)9uB0+klOn-Z}}d%l@_3 zY1+@{aEG1X38bp=f*o>fdlT)~k!;tz;ab3n($=k8*9pp$GlP4zbpwJ~009su?0i`> z*>@cisnC|IB@k-;AGdcz9}bAVJ~83$e$i)K(^abRB5la$#v8XB#x;QMxprD`ipB>} z6H-zIhHP3mn|y+tQAZkTVDjYcz!aeD-r*+v9r^Mi0MNslMt1)mlyDqcJdzHt!D!Kx z;CdUS{iPl&){0D?>B$#G)enSq}We zzYN?pIBEc98lM$dUVmzUD{ecPYO>y(I+Pnfv-VcXcOxLdHw8hhj*NN=HF$_L1PODK zN6|JIhEKO>mOxZeb_KSB$RaQ9vny#?A^`yYt`rPb8SjUkNb)n(f~}XF&0*v)&_PDI zLRBW`>Bj@FjkK4vM5$^W|I|D_1_y^iY{@~eW9mo`Y^RGvT>Vr>8?K)Sjy@1nz%NX2BaP<$p4?e}lA{6(f3MX40byG63$uXli|aUeo>gvk5sH;B%M zF_I|6xSq)ah{z^Fh#-&J0Pwf=@49(ia|uuagbnehX3Jjv2#Hfq!lsO5{krGv3*YyO z_H>SlY*SdR4b+IvL?;iZ5hw6fbhS3P93CA1;unlyR3l}gB}qoXr$k#Wrm%X$y;_G7 z$E-_lNo&>TG1kLvBfFOvL?({It-gj9?gToLt-gZ#)ssH^0$q#(K5ZGcCBE-aURO7= z5z*HvbVke2T5rmI_;vct(lLRR&ZgPLK%I_s00idwaCk=wPJl-*w<$L4mx3kPXM*-G zFtL6NgQJMQG!qu@2;igSdr0M zxr-Q4OaGWRNp~{*w5BYTFtrd(zeqJ~y)9 zGOuD@!1RQBH>HyJ18v#jD=XCd3~x&bzqhk4Z>3g{xYqvE3gDB)hbe)+kF>nbjU9!J zzXu{kPk!W1R{n*W?Z%EGK&+gt1%kj`+;+R1_s{wtSoJ=#ZvfbTWQ7WGywXH z6DwZYuS0+!Wx!zaD0V1w`@Yq~Xfk@YPgh%G zW^}%Ae%K9HpS62m#0I{cv={*6zGm|A@+v#~%T!rSQAkB5!2G^WoB;)48(hv|mp z3nrQaqeC?soi+u0B@nGr&h3w!_P{HcqrToSAD%k1tdMFy7s_{0xB5W+Fq>DisD3o; zY-!JVq?M>KV|<=@t6mnovrTuWOpIaY{0P)lecoisFVhH_EekuKaM|IJgV(67_8qT< zQ=-GO zw-*!=t;46!apy2;Z8H?oI7Woq4sG>KsmG2*Ff?R^K~S969h{oq=sd#W>@WXl7iwpcp}q$~FmtU@x6PONKO292i3A z?cBmEPW4gvoiEKcL(wYn=-BkqwO5%@f~HvCHE)Yo8b%yKD1NjZ_c zx_S)k%s1x{vn0h09FIPT>uMcc5T6BmU4~+f2dvSdB3-GnjZ3o=tm}@=y6B;}6XO@i zZ}BHPVwg0z=@=_w;n~I=wC{yX0!vCt7DnTuwm-9v*kbMD*0#1)Em1Py?}OjSweE70 z7LMf_b^^CpIg|Yo{&m^*RK!}flC>Bj_hJ!;3uDO&Z)X*-If!EBMj^bX?9-I@V9`Vr zl~r;5B5f2G6i<)#ctec9bziAir%?JphlV?(k#xt0z44wd;O4{AKN_yo3XMa#_m_oR z92BF8jk{8~g%UMU57HCqR=IObTT*r#$^IO#HuTXfs*b*fx=bqEERrs3p0gtDu~Fm9 z`}p3DT=zI$Md@_+^r&$Y6+&u;+w-65p`=Ju%(X_jVl56<#8z(DUJQt~#}4Fs?*q)z zF)BbyH-2q*M&dxdZZB7o>3Fc?{Ph(MARDQDPyUyve Date: Fri, 21 Jul 2023 15:42:24 +0200 Subject: [PATCH 05/32] fix: ensure resource owner in update human profile (#6253) --- internal/api/grpc/management/user.go | 2 +- internal/api/grpc/management/user_converter.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go index 5375ce5fb8..d7208c5a40 100644 --- a/internal/api/grpc/management/user.go +++ b/internal/api/grpc/management/user.go @@ -421,7 +421,7 @@ func (s *Server) GetHumanProfile(ctx context.Context, req *mgmt_pb.GetHumanProfi } func (s *Server) UpdateHumanProfile(ctx context.Context, req *mgmt_pb.UpdateHumanProfileRequest) (*mgmt_pb.UpdateHumanProfileResponse, error) { - profile, err := s.command.ChangeHumanProfile(ctx, UpdateHumanProfileRequestToDomain(req)) + profile, err := s.command.ChangeHumanProfile(ctx, UpdateHumanProfileRequestToDomain(req, authz.GetCtxData(ctx).OrgID)) if err != nil { return nil, err } diff --git a/internal/api/grpc/management/user_converter.go b/internal/api/grpc/management/user_converter.go index a3f7760b06..fdcf3ebdbc 100644 --- a/internal/api/grpc/management/user_converter.go +++ b/internal/api/grpc/management/user_converter.go @@ -146,11 +146,11 @@ func AddMachineUserRequestToCommand(req *mgmt_pb.AddMachineUserRequest, resource } } -func UpdateHumanProfileRequestToDomain(req *mgmt_pb.UpdateHumanProfileRequest) *domain.Profile { +func UpdateHumanProfileRequestToDomain(req *mgmt_pb.UpdateHumanProfileRequest, orgID string) *domain.Profile { preferredLanguage, err := language.Parse(req.PreferredLanguage) logging.Log("MANAG-GPcYv").OnError(err).Debug("language malformed") return &domain.Profile{ - ObjectRoot: models.ObjectRoot{AggregateID: req.UserId}, + ObjectRoot: models.ObjectRoot{AggregateID: req.UserId, ResourceOwner: orgID}, FirstName: req.FirstName, LastName: req.LastName, NickName: req.NickName, From f6bc0479f41774145eab8cd7e1e6c23559406793 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 21 Jul 2023 16:57:09 +0200 Subject: [PATCH 06/32] fix: emit project.grant.member.changed event (#6252) --- internal/repository/project/grant_member.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/repository/project/grant_member.go b/internal/repository/project/grant_member.go index 7090679810..2c0f41041b 100644 --- a/internal/repository/project/grant_member.go +++ b/internal/repository/project/grant_member.go @@ -109,7 +109,7 @@ func NewProjectGrantMemberChangedEvent( BaseEvent: *eventstore.NewBaseEventForPush( ctx, aggregate, - GrantMemberAddedType, + GrantMemberChangedType, ), UserID: userID, GrantID: grantID, From 65f948daec1b293a985dde57a3698309422b0203 Mon Sep 17 00:00:00 2001 From: Fabi Date: Mon, 24 Jul 2023 16:28:56 +0200 Subject: [PATCH 07/32] docs: add version to technical advisory (#6263) --- docs/docs/support/technical_advisory.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/docs/support/technical_advisory.mdx b/docs/docs/support/technical_advisory.mdx index 7fba134201..c9a79dbac2 100644 --- a/docs/docs/support/technical_advisory.mdx +++ b/docs/docs/support/technical_advisory.mdx @@ -23,8 +23,8 @@ We understand that these advisories may include breaking changes, and we aim to Reusing user session Breaking Behaviour Change The default behavior for users logging in is to be directed to the Select Account Page on the Login. With the upcoming changes, users will be automatically authenticated when logging into a second application, as long as they only have one active session. No action is required on your part if this is the intended behavior. - TBD - TBD + 2.32.0 + Calendar week 32 From 57d6113e2aa8ab00e944bdf404e8fafcc0985c4a Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Tue, 25 Jul 2023 07:12:13 +0200 Subject: [PATCH 08/32] fix: upper ZITADEL banner (#6246) Co-authored-by: Livio Spring --- cmd/start/start.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cmd/start/start.go b/cmd/start/start.go index b3d24cd2f1..80f9dc5308 100644 --- a/cmd/start/start.go +++ b/cmd/start/start.go @@ -461,7 +461,7 @@ func shutdownServer(ctx context.Context, server *http.Server) error { } func showBasicInformation(startConfig *Config) { - fmt.Println(color.MagentaString(figure.NewFigure("Zitadel", "", true).String())) + fmt.Println(color.MagentaString(figure.NewFigure("ZITADEL", "", true).String())) http := "http" if startConfig.TLS.Enabled || startConfig.ExternalSecure { http = "https" From 2183b9a7c57b1f027411b5f54d63ca52c2d9ce4c Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Tue, 25 Jul 2023 07:52:59 +0200 Subject: [PATCH 09/32] fix: build css for login correctly (#6265) --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index dcb0e2b1f6..a11884654c 100644 --- a/Makefile +++ b/Makefile @@ -21,8 +21,8 @@ core_dependencies: .PHONY: core_static core_static: go install github.com/rakyll/statik@v0.1.7 - go generate internal/api/ui/login/statik/generate.go go generate internal/api/ui/login/static/resources/generate.go + go generate internal/api/ui/login/statik/generate.go go generate internal/notification/statik/generate.go go generate internal/statik/generate.go @@ -109,4 +109,4 @@ core_lint: --timeout 10m \ --config ./.golangci.yaml \ --out-format=github-actions \ - --concurrency=$$(getconf _NPROCESSORS_ONLN) \ No newline at end of file + --concurrency=$$(getconf _NPROCESSORS_ONLN) From 702dfaf3140478e68f33f7f5026eaf549d144928 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Tue, 25 Jul 2023 08:43:06 +0200 Subject: [PATCH 10/32] chore: build release on `next` branch (#6266) --- .github/workflows/build.yml | 2 ++ .github/workflows/release.yml | 4 ++-- .releaserc.js | 3 +-- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 192beb3d64..d316c378b5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,6 +7,8 @@ on: permissions: contents: write packages: write + issues: write + pull-requests: write jobs: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4f23e7bcb8..be673af021 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,7 @@ jobs: uses: ./.github/workflows/version.yml with: semantic_version: ${{ inputs.semantic_version }} - dry_run: true + dry_run: false docker: runs-on: ubuntu-22.04 @@ -65,7 +65,7 @@ jobs: ${{ inputs.image }} - name: Publish latest - if: ${{ github.ref_name == 'main' }} + if: ${{ github.ref_name == 'next' }} run: | docker buildx imagetools create \ --tag ${{ inputs.image_name }}:latest \ diff --git a/.releaserc.js b/.releaserc.js index e52557bc60..e47c761db9 100644 --- a/.releaserc.js +++ b/.releaserc.js @@ -1,8 +1,7 @@ module.exports = { branches: [ - { name: "main" }, { name: "next" }, - { name: "ci/improve-make", prerelease: "2.29-ignore-me" } + { name: "next-rc", prerelease: "rc" } ], plugins: [ "@semantic-release/commit-analyzer", From 35f4f74b0850fd596a7d60766d538b19ac88afc4 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Tue, 25 Jul 2023 08:44:47 +0200 Subject: [PATCH 11/32] fix: remove logstore beta warning (#6244) Co-authored-by: Livio Spring --- cmd/start/start.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/cmd/start/start.go b/cmd/start/start.go index 80f9dc5308..49cd981e5f 100644 --- a/cmd/start/start.go +++ b/cmd/start/start.go @@ -218,9 +218,6 @@ func startZitadel(config *Config, masterKey string, server chan<- *Server) error usageReporter := logstore.UsageReporterFunc(commands.ReportQuotaUsage) actionsLogstoreSvc := logstore.New(queries, usageReporter, actionsExecutionDBEmitter, actionsExecutionStdoutEmitter) - if actionsLogstoreSvc.Enabled() { - logging.Warn("execution logs are currently in beta") - } actions.SetLogstoreService(actionsLogstoreSvc) notification.Start(ctx, config.Projections.Customizations["notifications"], config.Projections.Customizations["notificationsquotas"], config.Projections.Customizations["telemetry"], *config.Telemetry, config.ExternalDomain, config.ExternalPort, config.ExternalSecure, commands, queries, eventstoreClient, assets.AssetAPIFromDomain(config.ExternalSecure, config.ExternalPort), config.SystemDefaults.Notifications.FileSystemPath, keys.User, keys.SMTP, keys.SMS) @@ -314,9 +311,6 @@ func startAPIs( } accessSvc := logstore.New(quotaQuerier, usageReporter, accessDBEmitter, accessStdoutEmitter) - if accessSvc.Enabled() { - logging.Warn("access logs are currently in beta") - } exhaustedCookieHandler := http_util.NewCookieHandler( http_util.WithUnsecure(), http_util.WithNonHttpOnly(), From f331a88a160b0e3d4815e70264a8156924a8d001 Mon Sep 17 00:00:00 2001 From: Fabi Date: Tue, 25 Jul 2023 09:10:04 +0200 Subject: [PATCH 12/32] docs: remove beta state from postgreSQL (#6245) --- docs/docs/concepts/architecture/software.md | 3 +-- docs/docs/concepts/architecture/solution.md | 3 +-- docs/docs/self-hosting/manage/database/_postgres.mdx | 5 ----- 3 files changed, 2 insertions(+), 9 deletions(-) diff --git a/docs/docs/concepts/architecture/software.md b/docs/docs/concepts/architecture/software.md index 565221774e..d820e2c897 100644 --- a/docs/docs/concepts/architecture/software.md +++ b/docs/docs/concepts/architecture/software.md @@ -145,7 +145,6 @@ The storage layer of ZITADEL is responsible for multiple things. For example: - Backup and restore operation for disaster recovery purpose ZITADEL currently supports CockroachDB as first choice of storage due to its perfect match for ZITADELs needs. -Postgres is currently in [Beta](/docs/support/software-release-cycles-support#beta) and will be [Enterprise Supported](/docs/support/software-release-cycles-support#partially-supported) afterwards. -Beta state will be removed as soon as [automated tests](https://github.com/zitadel/zitadel/issues/5741) are implemented. +Alternatively you can run ZITADEL also with Postgres which is [Enterprise Supported](/docs/support/software-release-cycles-support#partially-supported). Make sure to read our [Production Guide](/docs/self-hosting/manage/production#prefer-cockroachdb) before you decide to use it. diff --git a/docs/docs/concepts/architecture/solution.md b/docs/docs/concepts/architecture/solution.md index 9b0656c985..826bb976c4 100644 --- a/docs/docs/concepts/architecture/solution.md +++ b/docs/docs/concepts/architecture/solution.md @@ -9,8 +9,7 @@ Since the storage layer takes the heavy lifting of making sure that data in sync Depending on your projects needs our general recommendation is to run ZITADEL and ZITADELs storage layer across multiple availability zones in the same region or if you need higher guarantees run the storage layer across multiple regions. Consult the [CockroachDB documentation](https://www.cockroachlabs.com/docs/) for more details or use the [CockroachCloud Service](https://www.cockroachlabs.com/docs/cockroachcloud/create-an-account.html) -Postgres is currently in [Beta](/docs/support/software-release-cycles-support#beta) and will be [Enterprise Supported](/docs/support/software-release-cycles-support#partially-supported) afterwards. -Beta state will be removed as soon as [automated tests](https://github.com/zitadel/zitadel/issues/5741) are implemented. +Alternatively you can run ZITADEL also with Postgres which is [Enterprise Supported](/docs/support/software-release-cycles-support#partially-supported). Make sure to read our [Production Guide](/self-hosting/manage/production#prefer-cockroachdb) before you decide to use it. ## Scalability diff --git a/docs/docs/self-hosting/manage/database/_postgres.mdx b/docs/docs/self-hosting/manage/database/_postgres.mdx index d012ac0807..2a50d337ed 100644 --- a/docs/docs/self-hosting/manage/database/_postgres.mdx +++ b/docs/docs/self-hosting/manage/database/_postgres.mdx @@ -1,10 +1,5 @@ ## Postgres -:::caution -PostgreSQL extension is currently in [Beta](/docs/support/software-release-cycles-support#beta). -Beta state will be removed as soon as automated tests are implemented. [Github Issue](https://github.com/zitadel/zitadel/issues/5741) -::: - :::caution Be aware that PostgreSQL is only [Enterprise Supported](/docs/support/software-release-cycles-support#partially-supported). ::: From 4656020ea62e813a4efff20f025d6c1a34f182aa Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Tue, 25 Jul 2023 13:54:22 +0200 Subject: [PATCH 13/32] docs: fix add instance domain description (#6267) --- proto/zitadel/system.proto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proto/zitadel/system.proto b/proto/zitadel/system.proto index 4bfec35e6e..e2e95dc9c5 100644 --- a/proto/zitadel/system.proto +++ b/proto/zitadel/system.proto @@ -217,7 +217,7 @@ service SystemService { }; } - // Returns the domain of an instance + // Adds a domain to an instance rpc AddDomain(AddDomainRequest) returns (AddDomainResponse) { option (google.api.http) = { post: "/instances/{instance_id}/domains"; From 2241c82134d135737e1822285483d0da3c47af1f Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Wed, 26 Jul 2023 12:40:23 +0200 Subject: [PATCH 14/32] test: more generous quota e2e timeout (#6269) test: more generous quota e2e to --- e2e/cypress/e2e/quotas/quotas.cy.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/cypress/e2e/quotas/quotas.cy.ts b/e2e/cypress/e2e/quotas/quotas.cy.ts index e3b6504797..3c8fa6c583 100644 --- a/e2e/cypress/e2e/quotas/quotas.cy.ts +++ b/e2e/cypress/e2e/quotas/quotas.cy.ts @@ -306,7 +306,7 @@ describe('quotas', () => { } return foundExpected >= 3; }), - ); + ), { timeout: 60_000 }; }); }); }); From 2fe76acd14906086da66c90f9267554dbed6c192 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 26 Jul 2023 13:00:41 +0200 Subject: [PATCH 15/32] feat: add secret generators for OTP (#6262) This PR adds configuration options for OTP codes through Admin API. --- cmd/defaults.yaml | 14 +++ ...dialog-add-secret-generator.component.html | 9 -- .../dialog-add-secret-generator.component.ts | 49 +++++---- .../secret-generator.component.ts | 42 ++----- console/src/assets/i18n/bg.json | 4 +- console/src/assets/i18n/de.json | 4 +- console/src/assets/i18n/en.json | 4 +- console/src/assets/i18n/es.json | 4 +- console/src/assets/i18n/fr.json | 4 +- console/src/assets/i18n/it.json | 4 +- console/src/assets/i18n/ja.json | 4 +- console/src/assets/i18n/mk.json | 4 +- console/src/assets/i18n/pl.json | 4 +- console/src/assets/i18n/pt.json | 4 +- console/src/assets/i18n/zh.json | 4 +- .../manage/console/instance-settings.mdx | 2 + .../api/grpc/admin/iam_settings_converter.go | 9 ++ internal/command/instance.go | 4 + internal/command/instance_settings.go | 29 +++-- internal/command/instance_settings_test.go | 103 +++++++++++++----- internal/domain/secret_generator.go | 2 + proto/zitadel/settings.proto | 2 + 22 files changed, 199 insertions(+), 110 deletions(-) diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml index e5244cbb17..40b2fc8d07 100644 --- a/cmd/defaults.yaml +++ b/cmd/defaults.yaml @@ -564,6 +564,20 @@ DefaultInstance: IncludeUpperLetters: true IncludeDigits: true IncludeSymbols: false + OTPSMS: + Length: 8 + Expiry: "5m" + IncludeLowerLetters: false + IncludeUpperLetters: false + IncludeDigits: true + IncludeSymbols: false + OTPEmail: + Length: 8 + Expiry: "5m" + IncludeLowerLetters: false + IncludeUpperLetters: false + IncludeDigits: true + IncludeSymbols: false PasswordComplexityPolicy: MinLength: 8 HasLowercase: true diff --git a/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.html b/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.html index e4c3600926..5a09a71362 100644 --- a/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.html +++ b/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.html @@ -3,15 +3,6 @@

- - {{ 'SETTING.SECRETS.GENERATORTYPE' | translate }} - - - {{ 'SETTING.SECRETS.TYPE.' + gen | translate }} - - - -

{{ 'SETTING.SECRETS.TYPE.' + generatorType?.value | translate }}

diff --git a/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.ts b/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.ts index c8d888f914..6d72286111 100644 --- a/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.ts +++ b/console/src/app/modules/policies/secret-generator/dialog-add-secret-generator/dialog-add-secret-generator.component.ts @@ -7,7 +7,6 @@ import { import { Duration } from 'google-protobuf/google/protobuf/duration_pb'; import { requiredValidator } from 'src/app/modules/form-field/validators/validators'; import { UpdateSecretGeneratorRequest } from 'src/app/proto/generated/zitadel/admin_pb'; -import { SecretGeneratorType } from 'src/app/proto/generated/zitadel/settings_pb'; @Component({ selector: 'cnsl-dialog-add-secret-generator', @@ -15,15 +14,6 @@ import { SecretGeneratorType } from 'src/app/proto/generated/zitadel/settings_pb styleUrls: ['./dialog-add-secret-generator.component.scss'], }) export class DialogAddSecretGeneratorComponent { - public SecretGeneratorType: any = SecretGeneratorType; - public availableGenerators: SecretGeneratorType[] = [ - SecretGeneratorType.SECRET_GENERATOR_TYPE_INIT_CODE, - SecretGeneratorType.SECRET_GENERATOR_TYPE_VERIFY_EMAIL_CODE, - SecretGeneratorType.SECRET_GENERATOR_TYPE_VERIFY_PHONE_CODE, - SecretGeneratorType.SECRET_GENERATOR_TYPE_PASSWORD_RESET_CODE, - SecretGeneratorType.SECRET_GENERATOR_TYPE_PASSWORDLESS_INIT_CODE, - SecretGeneratorType.SECRET_GENERATOR_TYPE_APP_SECRET, - ]; public req: UpdateSecretGeneratorRequest = new UpdateSecretGeneratorRequest(); public specsForm!: UntypedFormGroup; @@ -33,17 +23,19 @@ export class DialogAddSecretGeneratorComponent { public dialogRef: MatDialogRef, @Inject(MAT_DIALOG_DATA) public data: any, ) { + let exp = 1; + if (data.config?.expiry !== undefined) { + exp = this.durationToHour(data.config?.expiry); + } this.specsForm = this.fb.group({ - generatorType: [SecretGeneratorType.SECRET_GENERATOR_TYPE_APP_SECRET, [requiredValidator]], - expiry: [1, [requiredValidator]], - includeDigits: [true, [requiredValidator]], - includeLowerLetters: [true, [requiredValidator]], - includeSymbols: [true, [requiredValidator]], - includeUpperLetters: [true, [requiredValidator]], - length: [6, [requiredValidator]], + generatorType: [data.type, [requiredValidator]], + expiry: [exp, [requiredValidator]], + length: [data.config?.length ?? 6, [requiredValidator]], + includeDigits: [data.config?.includeDigits ?? true, [requiredValidator]], + includeLowerLetters: [data.config?.includeSymbols ?? true, [requiredValidator]], + includeSymbols: [data.config?.includeLowerLetters ?? true, [requiredValidator]], + includeUpperLetters: [data.config?.includeUpperLetters ?? true, [requiredValidator]], }); - - this.generatorType?.setValue(data.type); } public closeDialog(): void { @@ -52,10 +44,7 @@ export class DialogAddSecretGeneratorComponent { public closeDialogWithRequest(): void { this.req.setGeneratorType(this.generatorType?.value); - - const expiry = new Duration().setSeconds((this.expiry?.value ?? 1) * 60 * 60); - - this.req.setExpiry(expiry); + this.req.setExpiry(this.hourToDuration(this.expiry?.value)); this.req.setIncludeDigits(this.includeDigits?.value); this.req.setIncludeLowerLetters(this.includeLowerLetters?.value); this.req.setIncludeSymbols(this.includeSymbols?.value); @@ -92,4 +81,18 @@ export class DialogAddSecretGeneratorComponent { public get length(): AbstractControl | null { return this.specsForm.get('length'); } + + private durationToHour(duration: Duration.AsObject): number { + if (duration.seconds === 0) { + return 0; + } + return (duration.seconds + duration.nanos / 1000000) / 3600; + } + + private hourToDuration(hour: number): Duration { + const exp = hour * 60 * 60; + const sec = Math.floor(exp); + const nanos = Math.round((exp - sec) * 1000000); + return new Duration().setSeconds(sec).setNanos(nanos); + } } diff --git a/console/src/app/modules/policies/secret-generator/secret-generator.component.ts b/console/src/app/modules/policies/secret-generator/secret-generator.component.ts index 1bae7b67e5..44fc85df3d 100644 --- a/console/src/app/modules/policies/secret-generator/secret-generator.component.ts +++ b/console/src/app/modules/policies/secret-generator/secret-generator.component.ts @@ -1,6 +1,6 @@ import { Component, OnInit } from '@angular/core'; import { MatLegacyDialog as MatDialog } from '@angular/material/legacy-dialog'; -import { UpdateSecretGeneratorRequest, UpdateSecretGeneratorResponse } from 'src/app/proto/generated/zitadel/admin_pb'; +import { UpdateSecretGeneratorRequest } from 'src/app/proto/generated/zitadel/admin_pb'; import { OIDCSettings, SecretGenerator, SecretGeneratorType } from 'src/app/proto/generated/zitadel/settings_pb'; import { AdminService } from 'src/app/services/admin.service'; import { ToastService } from 'src/app/services/toast.service'; @@ -25,7 +25,10 @@ export class SecretGeneratorComponent implements OnInit { SecretGeneratorType.SECRET_GENERATOR_TYPE_PASSWORD_RESET_CODE, SecretGeneratorType.SECRET_GENERATOR_TYPE_PASSWORDLESS_INIT_CODE, SecretGeneratorType.SECRET_GENERATOR_TYPE_APP_SECRET, + SecretGeneratorType.SECRET_GENERATOR_TYPE_OTP_SMS, + SecretGeneratorType.SECRET_GENERATOR_TYPE_OTP_EMAIL, ]; + constructor(private service: AdminService, private toast: ToastService, private dialog: MatDialog) {} ngOnInit(): void { @@ -48,25 +51,12 @@ export class SecretGeneratorComponent implements OnInit { }); } - private updateData(): Promise | void { - const dialogRef = this.dialog.open(DialogAddSecretGeneratorComponent, { - data: {}, - width: '400px', - }); - - dialogRef.afterClosed().subscribe((req: UpdateSecretGeneratorRequest) => { - if (req) { - return (this.service as AdminService).updateSecretGenerator(req); - } else { - return; - } - }); - } - public openGeneratorDialog(generatorType: SecretGeneratorType): void { + let config = this.generators.find((gen) => gen.generatorType === generatorType); const dialogRef = this.dialog.open(DialogAddSecretGeneratorComponent, { data: { type: generatorType, + config: config, }, width: '400px', }); @@ -77,6 +67,9 @@ export class SecretGeneratorComponent implements OnInit { .updateSecretGenerator(req) .then(() => { this.toast.showInfo('SETTING.SECRETS.UPDATED', true); + setTimeout(() => { + this.fetchData(); + }, 2000); }) .catch((error) => { this.toast.showError(error); @@ -86,21 +79,4 @@ export class SecretGeneratorComponent implements OnInit { } }); } - - public savePolicy(): void { - const prom = this.updateData(); - if (prom) { - prom - .then(() => { - this.toast.showInfo('SETTING.SMTP.SAVED', true); - this.loading = true; - setTimeout(() => { - this.fetchData(); - }, 2000); - }) - .catch((error) => { - this.toast.showError(error); - }); - } - } } diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json index ddfc380835..b5a2abb5a0 100644 --- a/console/src/assets/i18n/bg.json +++ b/console/src/assets/i18n/bg.json @@ -1095,7 +1095,9 @@ "3": "Телефонна проверка", "4": "Нулиране на парола", "5": "Инициализация без парола", - "6": "Тайна на приложението" + "6": "Тайна на приложението", + "7": "Еднократна парола (OTP) - SMS", + "8": "Еднократна парола (OTP) – имейл" }, "ADDGENERATOR": "Определете тайния външен вид", "GENERATORTYPE": "Тип", diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 87b6e83fd0..01c8fb03bd 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -1101,7 +1101,9 @@ "3": "Telefonnummer Verificationscode", "4": "Passwort Zurücksetzen Code", "5": "Passwordless Initialisierungscode", - "6": "Applicationssecret" + "6": "Applicationssecret", + "7": "One Time Password (OTP) - SMS", + "8": "One Time Password (OTP) - Email" }, "ADDGENERATOR": "Secret Erscheinungsbild definieren", "GENERATORTYPE": "Typ", diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index c858d5acbb..e4c8d5dd2d 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -1102,7 +1102,9 @@ "3": "Phone verification", "4": "Password Reset", "5": "Passwordless Initialization", - "6": "App Secret" + "6": "App Secret", + "7": "One Time Password (OTP) - SMS", + "8": "One Time Password (OTP) - Email" }, "ADDGENERATOR": "Define Secret Appearance", "GENERATORTYPE": "Type", diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json index 3a0df8980f..bc7af48408 100644 --- a/console/src/assets/i18n/es.json +++ b/console/src/assets/i18n/es.json @@ -1102,7 +1102,9 @@ "3": "Verificación de teléfono", "4": "Restablecimiento de contraseña", "5": "Inicialización de acceso sin contraseña", - "6": "Secreto de App" + "6": "Secreto de App", + "7": "One Time Password (OTP) - SMS", + "8": "One Time Password (OTP) - email" }, "ADDGENERATOR": "Definir apariencia del secreto", "GENERATORTYPE": "Tipo", diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json index a81c6eae5d..61f2f7f780 100644 --- a/console/src/assets/i18n/fr.json +++ b/console/src/assets/i18n/fr.json @@ -1101,7 +1101,9 @@ "3": "Vérification par téléphone", "4": "Réinitialisation du mot de passe", "5": "Initialisation sans mot de passe", - "6": "Secret de l'application" + "6": "Secret de l'application", + "7": "Mot de passe à usage unique (OTP) - SMS", + "8": "Mot de passe à usage unique (OTP) - e-mail" }, "ADDGENERATOR": "Définir l'apparence du secret", "GENERATORTYPE": "Type", diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json index 387bc187d7..ed6e2fd811 100644 --- a/console/src/assets/i18n/it.json +++ b/console/src/assets/i18n/it.json @@ -1101,7 +1101,9 @@ "3": "Verificazione del numero di telefono", "4": "Ripristino Password", "5": "Inizializzazione Passwordless", - "6": "Segreto dell'applicazione" + "6": "Segreto dell'applicazione", + "7": "One Time Password (OTP) - SMS", + "8": "One Time Password (OTP) - email" }, "ADDGENERATOR": "Definisci aspetto", "GENERATORTYPE": "Tipo", diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json index 8ac4692d38..bdba41562b 100644 --- a/console/src/assets/i18n/ja.json +++ b/console/src/assets/i18n/ja.json @@ -1102,7 +1102,9 @@ "3": "電話番号認証", "4": "パスワードのリセット", "5": "パスワードレスの初期設定", - "6": "アプリのシークレット" + "6": "アプリのシークレット", + "7": "ワンタイムパスワード (OTP) - SMS", + "8": "ワンタイムパスワード (OTP) - 電子メール" }, "ADDGENERATOR": "シークレットの設定を定義する", "GENERATORTYPE": "タイプ", diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json index b511a8ced9..87d2e8a6ef 100644 --- a/console/src/assets/i18n/mk.json +++ b/console/src/assets/i18n/mk.json @@ -1102,7 +1102,9 @@ "3": "Телефонска верификација", "4": "Промена на лозинка", "5": "Иницијализација на најава без лозинка", - "6": "Апликациска тајна" + "6": "Апликациска тајна", + "7": "Еднократна лозинка (OTP) - СМС", + "8": "Еднократна лозинка (OTP) - е-пошта" }, "ADDGENERATOR": "Дефинирајте изглед на тајна", "GENERATORTYPE": "Тип", diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json index 774038f7ce..cd79105421 100644 --- a/console/src/assets/i18n/pl.json +++ b/console/src/assets/i18n/pl.json @@ -1101,7 +1101,9 @@ "3": "Weryfikacja telefonu", "4": "Resetowanie hasła", "5": "Inicjalizacja bez hasła", - "6": "Sekret aplikacji" + "6": "Sekret aplikacji", + "7": "Hasło jednorazowe (OTP) - SMS", + "8": "Hasło jednorazowe (OTP) — e-mail" }, "ADDGENERATOR": "Zdefiniuj wygląd sekretu", "GENERATORTYPE": "Typ", diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json index 00607c1596..21e5d79359 100644 --- a/console/src/assets/i18n/pt.json +++ b/console/src/assets/i18n/pt.json @@ -1102,7 +1102,9 @@ "3": "Verificação de telefone", "4": "Redefinição de senha", "5": "Inicialização sem senha", - "6": "Segredo do aplicativo" + "6": "Segredo do aplicativo", + "7": "Senha única (OTP) - SMS", + "8": "Senha única (OTP) - e-mail" }, "ADDGENERATOR": "Definir aparência de segredo", "GENERATORTYPE": "Tipo", diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json index 423fbf027a..5247d16913 100644 --- a/console/src/assets/i18n/zh.json +++ b/console/src/assets/i18n/zh.json @@ -1101,7 +1101,9 @@ "3": "电话号码验证", "4": "重置密码", "5": "无密码认证初始化", - "6": "App 验证" + "6": "App 验证", + "7": "一次性密码 (OTP) - SMS", + "8": "一次性密码 (OTP) - 电子邮件" }, "ADDGENERATOR": "定义验证码外观", "GENERATORTYPE": "类型", diff --git a/docs/docs/guides/manage/console/instance-settings.mdx b/docs/docs/guides/manage/console/instance-settings.mdx index 2603caee52..913661c33d 100644 --- a/docs/docs/guides/manage/console/instance-settings.mdx +++ b/docs/docs/guides/manage/console/instance-settings.mdx @@ -279,6 +279,8 @@ The following secrets can be configured: - Password reset code - Passwordless initialization code - Application secrets +- One Time Password (OTP) - SMS +- One Time Password (OTP) - Email Date: Thu, 27 Jul 2023 06:39:33 +0200 Subject: [PATCH 16/32] docs: correct steps for idp migration with terraform (#6259) docs: correct steps for idp migration with terraform (#6259) --- .../guides/integrate/identity-providers/migrate.mdx | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/docs/guides/integrate/identity-providers/migrate.mdx b/docs/docs/guides/integrate/identity-providers/migrate.mdx index dc9cbb0962..497fae6b9f 100644 --- a/docs/docs/guides/integrate/identity-providers/migrate.mdx +++ b/docs/docs/guides/integrate/identity-providers/migrate.mdx @@ -28,8 +28,14 @@ Please note that you only have to perform this migration if you already have an If that isn't your case please just add a new provider from scratch. To migrate to a specific provider, you need to follow a few essential steps: 1. Create a desired IDP as Terraform resource for example [Google](https://registry.terraform.io/providers/zitadel/zitadel/latest/docs/resources/idp_google). -2. Make the corresponding API call to [migrate the IDP](./migrate#google-configuration), save the ID of the IDP for the import -3. Before applying the Terraform resources again, import the new IDP resource. +2. Remove the old terraform resource from the state as to not destroy the migrated IDP accidentally. +```bash +# terraform state rm *address* +terraform state rm zitadel_idp_oidc.oidc_idp +``` +After this command you can also remove the resource from the terraform files, as it is not managed anymore but also not deleted +3. Make the corresponding API call to [migrate the IDP](./migrate#migrate-generic-oidc-provider), save the ID of the IDP for the import +4. Before applying the Terraform resources again, import the new IDP resource. ```bash #resource "zitadel_idp_google" "google" { # name = "Google" @@ -44,5 +50,6 @@ To migrate to a specific provider, you need to follow a few essential steps: # terraform import zitadel_idp_google.*resource_name* *id*:*client_secret* terraform import zitadel_idp_google.google 222302827723096428:GOCSPX-***** +``` You have now migrated your provider and you should be able to apply the resource again. There should be no changes and the IDP is maintained by Terraform again. \ No newline at end of file From b0dc02509ba20c90ca134b3ce1cae63d529c8c91 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Thu, 27 Jul 2023 10:01:36 +0200 Subject: [PATCH 17/32] docs: fix formatting of idp migration (#6279) --- docs/docs/guides/integrate/identity-providers/migrate.mdx | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/docs/guides/integrate/identity-providers/migrate.mdx b/docs/docs/guides/integrate/identity-providers/migrate.mdx index 497fae6b9f..b7564a9745 100644 --- a/docs/docs/guides/integrate/identity-providers/migrate.mdx +++ b/docs/docs/guides/integrate/identity-providers/migrate.mdx @@ -33,7 +33,9 @@ To migrate to a specific provider, you need to follow a few essential steps: # terraform state rm *address* terraform state rm zitadel_idp_oidc.oidc_idp ``` -After this command you can also remove the resource from the terraform files, as it is not managed anymore but also not deleted + +After this command you can also remove the resource from the terraform files, as it is not managed anymore but also not deleted. + 3. Make the corresponding API call to [migrate the IDP](./migrate#migrate-generic-oidc-provider), save the ID of the IDP for the import 4. Before applying the Terraform resources again, import the new IDP resource. ```bash @@ -52,4 +54,4 @@ After this command you can also remove the resource from the terraform files, as terraform import zitadel_idp_google.google 222302827723096428:GOCSPX-***** ``` -You have now migrated your provider and you should be able to apply the resource again. There should be no changes and the IDP is maintained by Terraform again. \ No newline at end of file +You have now migrated your provider and you should be able to apply the resource again. There should be no changes and the IDP is maintained by Terraform again. From d3e403f645a3a9bfd3254b46bb7427b8716542d6 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Thu, 27 Jul 2023 14:10:19 +0200 Subject: [PATCH 18/32] perf: reduce events read from eventstore (#6280) * fix: events query user * fix: events query user * user events query * fix tests * fix query * cleanup --------- Co-authored-by: Fabienne --- .../eventsourcing/eventstore/auth_request.go | 29 +++++++++- .../eventstore/auth_request_test.go | 4 +- .../eventsourcing/eventstore/refresh_token.go | 6 +- .../eventsourcing/eventstore/token.go | 6 +- .../eventsourcing/eventstore/user.go | 8 +-- .../repository/eventsourcing/handler/user.go | 4 +- .../repository/eventsourcing/view/user.go | 2 +- .../eventstore/token_verifier.go | 6 +- .../repository/view/model/refresh_token.go | 11 ++++ internal/user/repository/view/model/token.go | 17 ++++++ internal/user/repository/view/model/user.go | 56 +++++++++++++++++++ .../repository/view/model/user_session.go | 34 +++++++++++ internal/user/repository/view/query.go | 3 +- 13 files changed, 164 insertions(+), 22 deletions(-) diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 09c64ba277..c37dd8a79f 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -89,7 +89,7 @@ type idpUserLinksProvider interface { } type userEventProvider interface { - UserEventsByID(ctx context.Context, id string, sequence uint64) ([]*es_models.Event, error) + UserEventsByID(ctx context.Context, id string, sequence uint64, eventTypes []es_models.EventType) ([]*es_models.Event, error) } type userCommandProvider interface { @@ -1314,6 +1314,29 @@ func userSessionsByUserAgentID(provider userSessionViewProvider, agentID, instan return user_view_model.UserSessionsToModel(session), nil } +var ( + userSessionEventTypes = []es_models.EventType{ + es_models.EventType(user_repo.UserV1PasswordCheckSucceededType), + es_models.EventType(user_repo.UserV1PasswordCheckFailedType), + es_models.EventType(user_repo.UserV1MFAOTPCheckSucceededType), + es_models.EventType(user_repo.UserV1MFAOTPCheckFailedType), + es_models.EventType(user_repo.UserV1SignedOutType), + es_models.EventType(user_repo.UserLockedType), + es_models.EventType(user_repo.UserDeactivatedType), + es_models.EventType(user_repo.HumanPasswordCheckSucceededType), + es_models.EventType(user_repo.HumanPasswordCheckFailedType), + es_models.EventType(user_repo.UserIDPLoginCheckSucceededType), + es_models.EventType(user_repo.HumanMFAOTPCheckSucceededType), + es_models.EventType(user_repo.HumanMFAOTPCheckFailedType), + es_models.EventType(user_repo.HumanSignedOutType), + es_models.EventType(user_repo.HumanPasswordlessTokenCheckSucceededType), + es_models.EventType(user_repo.HumanPasswordlessTokenCheckFailedType), + es_models.EventType(user_repo.HumanU2FTokenCheckSucceededType), + es_models.EventType(user_repo.HumanU2FTokenCheckFailedType), + es_models.EventType(user_repo.UserRemovedType), + } +) + func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eventProvider userEventProvider, agentID string, user *user_model.UserView) (*user_model.UserSessionView, error) { instanceID := authz.GetInstance(ctx).InstanceID() session, err := provider.UserSessionByIDs(agentID, user.ID, instanceID) @@ -1330,7 +1353,7 @@ func userSessionByIDs(ctx context.Context, provider userSessionViewProvider, eve session.Sequence = sequence.CurrentSequence } } - events, err := eventProvider.UserEventsByID(ctx, user.ID, session.Sequence) + events, err := eventProvider.UserEventsByID(ctx, user.ID, session.Sequence, append(session.EventTypes(), userSessionEventTypes...)) if err != nil { logging.WithFields("traceID", tracing.TraceIDFromCtx(ctx)).WithError(err).Debug("error retrieving new events") return user_view_model.UserSessionToModel(session), nil @@ -1411,7 +1434,7 @@ func userByID(ctx context.Context, viewProvider userViewProvider, eventProvider } else if user == nil { user = new(user_view_model.UserView) } - events, err := eventProvider.UserEventsByID(ctx, userID, user.Sequence) + events, err := eventProvider.UserEventsByID(ctx, userID, user.Sequence, user.EventTypes()) if err != nil { logging.WithFields("traceID", tracing.TraceIDFromCtx(ctx)).WithError(err).Debug("error retrieving new events") return user_view_model.UserToModel(user), nil diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index bdcc012139..29737757b1 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -105,7 +105,7 @@ type mockEventUser struct { Event *es_models.Event } -func (m *mockEventUser) UserEventsByID(ctx context.Context, id string, sequence uint64) ([]*es_models.Event, error) { +func (m *mockEventUser) UserEventsByID(ctx context.Context, id string, sequence uint64, types []es_models.EventType) ([]*es_models.Event, error) { events := make([]*es_models.Event, 0) if m.Event != nil { events = append(events, m.Event) @@ -119,7 +119,7 @@ func (m *mockEventUser) BulkAddExternalIDPs(ctx context.Context, userID string, type mockEventErrUser struct{} -func (m *mockEventErrUser) UserEventsByID(ctx context.Context, id string, sequence uint64) ([]*es_models.Event, error) { +func (m *mockEventErrUser) UserEventsByID(ctx context.Context, id string, sequence uint64, types []es_models.EventType) ([]*es_models.Event, error) { return nil, errors.ThrowInternal(nil, "id", "internal error") } diff --git a/internal/auth/repository/eventsourcing/eventstore/refresh_token.go b/internal/auth/repository/eventsourcing/eventstore/refresh_token.go index 9edc5af154..7d0c1e7d78 100644 --- a/internal/auth/repository/eventsourcing/eventstore/refresh_token.go +++ b/internal/auth/repository/eventsourcing/eventstore/refresh_token.go @@ -62,7 +62,7 @@ func (r *RefreshTokenRepo) RefreshTokenByID(ctx context.Context, tokenID, userID } } - events, esErr := r.getUserEvents(ctx, userID, tokenView.InstanceID, tokenView.Sequence) + events, esErr := r.getUserEvents(ctx, userID, tokenView.InstanceID, tokenView.Sequence, tokenView.GetRelevantEventTypes()) if errors.IsNotFound(viewErr) && len(events) == 0 { return nil, errors.ThrowNotFound(nil, "EVENT-BHB52", "Errors.User.RefreshToken.Invalid") } @@ -106,8 +106,8 @@ func (r *RefreshTokenRepo) SearchMyRefreshTokens(ctx context.Context, userID str }, nil } -func (r *RefreshTokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64) ([]*models.Event, error) { - query, err := usr_view.UserByIDQuery(userID, instanceID, sequence) +func (r *RefreshTokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []models.EventType) ([]*models.Event, error) { + query, err := usr_view.UserByIDQuery(userID, instanceID, sequence, eventTypes) if err != nil { return nil, err } diff --git a/internal/auth/repository/eventsourcing/eventstore/token.go b/internal/auth/repository/eventsourcing/eventstore/token.go index 7894a6f4cc..151c25e6b7 100644 --- a/internal/auth/repository/eventsourcing/eventstore/token.go +++ b/internal/auth/repository/eventsourcing/eventstore/token.go @@ -55,7 +55,7 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) ( } } - events, esErr := repo.getUserEvents(ctx, userID, token.InstanceID, token.Sequence) + events, esErr := repo.getUserEvents(ctx, userID, token.InstanceID, token.Sequence, token.GetRelevantEventTypes()) if errors.IsNotFound(viewErr) && len(events) == 0 { return nil, errors.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") } @@ -77,8 +77,8 @@ func (repo *TokenRepo) TokenByIDs(ctx context.Context, userID, tokenID string) ( return model.TokenViewToModel(token), nil } -func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64) ([]*models.Event, error) { - query, err := usr_view.UserByIDQuery(userID, instanceID, sequence) +func (r *TokenRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []models.EventType) ([]*models.Event, error) { + query, err := usr_view.UserByIDQuery(userID, instanceID, sequence, eventTypes) if err != nil { return nil, err } diff --git a/internal/auth/repository/eventsourcing/eventstore/user.go b/internal/auth/repository/eventsourcing/eventstore/user.go index 2370e1c1bd..cebf0d4744 100644 --- a/internal/auth/repository/eventsourcing/eventstore/user.go +++ b/internal/auth/repository/eventsourcing/eventstore/user.go @@ -39,12 +39,12 @@ func (repo *UserRepo) UserSessionUserIDsByAgentID(ctx context.Context, agentID s return userIDs, nil } -func (repo *UserRepo) UserEventsByID(ctx context.Context, id string, sequence uint64) ([]*models.Event, error) { - return repo.getUserEvents(ctx, id, sequence) +func (repo *UserRepo) UserEventsByID(ctx context.Context, id string, sequence uint64, eventTypes []models.EventType) ([]*models.Event, error) { + return repo.getUserEvents(ctx, id, sequence, eventTypes) } -func (r *UserRepo) getUserEvents(ctx context.Context, userID string, sequence uint64) ([]*models.Event, error) { - query, err := usr_view.UserByIDQuery(userID, authz.GetInstance(ctx).InstanceID(), sequence) +func (r *UserRepo) getUserEvents(ctx context.Context, userID string, sequence uint64, eventTypes []models.EventType) ([]*models.Event, error) { + query, err := usr_view.UserByIDQuery(userID, authz.GetInstance(ctx).InstanceID(), sequence, eventTypes) if err != nil { return nil, err } diff --git a/internal/auth/repository/eventsourcing/handler/user.go b/internal/auth/repository/eventsourcing/handler/user.go index b226f54b13..847f483ea6 100644 --- a/internal/auth/repository/eventsourcing/handler/user.go +++ b/internal/auth/repository/eventsourcing/handler/user.go @@ -163,7 +163,7 @@ func (u *User) ProcessUser(event *es_models.Event) (err error) { "userID", event.AggregateID, "eventType", event.Type, ).Info("user not found in view") - query, err := usr_view.UserByIDQuery(event.AggregateID, event.InstanceID, 0) + query, err := usr_view.UserByIDQuery(event.AggregateID, event.InstanceID, 0, user.EventTypes()) if err != nil { return err } @@ -191,7 +191,7 @@ func (u *User) ProcessUser(event *es_models.Event) (err error) { "userID", event.AggregateID, "eventType", event.Type, ).Info("user not found in view") - query, err := usr_view.UserByIDQuery(event.AggregateID, event.InstanceID, 0) + query, err := usr_view.UserByIDQuery(event.AggregateID, event.InstanceID, 0, user.EventTypes()) if err != nil { return err } diff --git a/internal/auth/repository/eventsourcing/view/user.go b/internal/auth/repository/eventsourcing/view/user.go index 6a82f6ed63..b2008244a6 100644 --- a/internal/auth/repository/eventsourcing/view/user.go +++ b/internal/auth/repository/eventsourcing/view/user.go @@ -108,7 +108,7 @@ func (v *View) userByID(ctx context.Context, instanceID string, queries ...query } } - query, err := view.UserByIDQuery(queriedUser.ID, instanceID, user.Sequence) + query, err := view.UserByIDQuery(queriedUser.ID, instanceID, user.Sequence, user.EventTypes()) if err != nil { return nil, err } diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go index 3fc61c854a..5bcecf9dd4 100644 --- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go +++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go @@ -63,7 +63,7 @@ func (repo *TokenVerifierRepo) tokenByID(ctx context.Context, tokenID, userID st } } - events, esErr := repo.getUserEvents(ctx, userID, instanceID, token.Sequence) + events, esErr := repo.getUserEvents(ctx, userID, instanceID, token.Sequence, token.GetRelevantEventTypes()) if caos_errs.IsNotFound(viewErr) && len(events) == 0 { return nil, caos_errs.ThrowNotFound(nil, "EVENT-4T90g", "Errors.Token.NotFound") } @@ -238,10 +238,10 @@ func (repo *TokenVerifierRepo) VerifierClientID(ctx context.Context, appName str return clientID, app.ProjectID, nil } -func (repo *TokenVerifierRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64) (_ []*models.Event, err error) { +func (repo *TokenVerifierRepo) getUserEvents(ctx context.Context, userID, instanceID string, sequence uint64, eventTypes []models.EventType) (_ []*models.Event, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - query, err := usr_view.UserByIDQuery(userID, instanceID, sequence) + query, err := usr_view.UserByIDQuery(userID, instanceID, sequence, eventTypes) if err != nil { return nil, err } diff --git a/internal/user/repository/view/model/refresh_token.go b/internal/user/repository/view/model/refresh_token.go index a0aee58bca..a85aea06a4 100644 --- a/internal/user/repository/view/model/refresh_token.go +++ b/internal/user/repository/view/model/refresh_token.go @@ -155,3 +155,14 @@ func (t *RefreshTokenView) appendRenewedEvent(event *es_models.Event) error { func (t *RefreshTokenView) appendRemovedEvent(event *es_models.Event) { t.Expiration = event.CreationDate } + +func (t *RefreshTokenView) GetRelevantEventTypes() []es_models.EventType { + return []es_models.EventType{ + es_models.EventType(user_repo.HumanRefreshTokenAddedType), + es_models.EventType(user_repo.HumanRefreshTokenRenewedType), + es_models.EventType(user_repo.HumanRefreshTokenRemovedType), + es_models.EventType(user_repo.UserRemovedType), + es_models.EventType(user_repo.UserDeactivatedType), + es_models.EventType(user_repo.UserLockedType), + } +} diff --git a/internal/user/repository/view/model/token.go b/internal/user/repository/view/model/token.go index e0b80a1921..df9d12871e 100644 --- a/internal/user/repository/view/model/token.go +++ b/internal/user/repository/view/model/token.go @@ -182,6 +182,23 @@ func (t *TokenView) appendPATRemoved(event *es_models.Event) error { return nil } +func (t *TokenView) GetRelevantEventTypes() []es_models.EventType { + return []es_models.EventType{ + es_models.EventType(user_repo.UserTokenAddedType), + es_models.EventType(user_repo.PersonalAccessTokenAddedType), + es_models.EventType(user_repo.UserTokenRemovedType), + es_models.EventType(user_repo.HumanRefreshTokenRemovedType), + es_models.EventType(user_repo.UserV1SignedOutType), + es_models.EventType(user_repo.HumanSignedOutType), + es_models.EventType(user_repo.UserRemovedType), + es_models.EventType(user_repo.UserDeactivatedType), + es_models.EventType(user_repo.UserLockedType), + es_models.EventType(user_repo.UserLockedType), + es_models.EventType(user_repo.UserReactivatedType), + es_models.EventType(user_repo.PersonalAccessTokenRemovedType), + } +} + func eventToMap(event *es_models.Event) (map[string]interface{}, error) { m := make(map[string]interface{}) if err := json.Unmarshal(event.Data, &m); err != nil { diff --git a/internal/user/repository/view/model/user.go b/internal/user/repository/view/model/user.go index 4c68711a0c..d5d9134782 100644 --- a/internal/user/repository/view/model/user.go +++ b/internal/user/repository/view/model/user.go @@ -534,3 +534,59 @@ func (u *UserView) SetEmptyUserType() { u.HumanView = nil } } + +func (u *UserView) EventTypes() []models.EventType { + return []models.EventType{ + models.EventType(user.MachineAddedEventType), + models.EventType(user.UserV1AddedType), + models.EventType(user.UserV1RegisteredType), + models.EventType(user.HumanRegisteredType), + models.EventType(user.HumanAddedType), + models.EventType(user.UserRemovedType), + models.EventType(user.UserV1PasswordChangedType), + models.EventType(user.HumanPasswordChangedType), + models.EventType(user.HumanPasswordlessTokenAddedType), + models.EventType(user.HumanPasswordlessTokenVerifiedType), + models.EventType(user.HumanPasswordlessTokenRemovedType), + models.EventType(user.UserV1ProfileChangedType), + models.EventType(user.HumanProfileChangedType), + models.EventType(user.UserV1AddressChangedType), + models.EventType(user.HumanAddressChangedType), + models.EventType(user.MachineChangedEventType), + models.EventType(user.UserDomainClaimedType), + models.EventType(user.UserUserNameChangedType), + models.EventType(user.UserV1EmailChangedType), + models.EventType(user.HumanEmailChangedType), + models.EventType(user.UserV1EmailVerifiedType), + models.EventType(user.HumanEmailVerifiedType), + models.EventType(user.UserV1PhoneChangedType), + models.EventType(user.HumanPhoneChangedType), + models.EventType(user.UserV1PhoneVerifiedType), + models.EventType(user.HumanPhoneVerifiedType), + models.EventType(user.UserV1PhoneRemovedType), + models.EventType(user.HumanPhoneRemovedType), + models.EventType(user.UserDeactivatedType), + models.EventType(user.UserReactivatedType), + models.EventType(user.UserUnlockedType), + models.EventType(user.UserLockedType), + models.EventType(user.UserV1MFAOTPAddedType), + models.EventType(user.HumanMFAOTPAddedType), + models.EventType(user.UserV1MFAOTPVerifiedType), + models.EventType(user.HumanMFAOTPVerifiedType), + models.EventType(user.UserV1MFAOTPRemovedType), + models.EventType(user.HumanMFAOTPRemovedType), + models.EventType(user.HumanU2FTokenAddedType), + models.EventType(user.HumanU2FTokenVerifiedType), + models.EventType(user.HumanU2FTokenRemovedType), + models.EventType(user.UserV1MFAInitSkippedType), + models.EventType(user.HumanMFAInitSkippedType), + models.EventType(user.UserV1InitialCodeAddedType), + models.EventType(user.HumanInitialCodeAddedType), + models.EventType(user.UserV1InitializedCheckSucceededType), + models.EventType(user.HumanInitializedCheckSucceededType), + models.EventType(user.HumanAvatarAddedType), + models.EventType(user.HumanAvatarRemovedType), + models.EventType(user.HumanPasswordlessInitCodeAddedType), + models.EventType(user.HumanPasswordlessInitCodeRequestedType), + } +} diff --git a/internal/user/repository/view/model/user_session.go b/internal/user/repository/view/model/user_session.go index 98689590ce..b86076177f 100644 --- a/internal/user/repository/view/model/user_session.go +++ b/internal/user/repository/view/model/user_session.go @@ -198,3 +198,37 @@ func avatarKeyFromEvent(event *models.Event) (string, error) { } return data["storeKey"], nil } + +func (v *UserSessionView) EventTypes() []models.EventType { + return []models.EventType{ + models.EventType(user.UserV1PasswordCheckSucceededType), + models.EventType(user.HumanPasswordCheckSucceededType), + models.EventType(user.UserIDPLoginCheckSucceededType), + models.EventType(user.HumanPasswordlessTokenCheckSucceededType), + models.EventType(user.HumanPasswordlessTokenCheckFailedType), + models.EventType(user.HumanPasswordlessTokenRemovedType), + models.EventType(user.UserV1PasswordCheckFailedType), + models.EventType(user.HumanPasswordCheckFailedType), + models.EventType(user.UserV1PasswordChangedType), + models.EventType(user.HumanPasswordChangedType), + models.EventType(user.HumanMFAOTPVerifiedType), + models.EventType(user.UserV1MFAOTPCheckSucceededType), + models.EventType(user.HumanMFAOTPCheckSucceededType), + models.EventType(user.UserV1MFAOTPCheckFailedType), + models.EventType(user.UserV1MFAOTPRemovedType), + models.EventType(user.HumanMFAOTPCheckFailedType), + models.EventType(user.HumanMFAOTPRemovedType), + models.EventType(user.HumanU2FTokenCheckFailedType), + models.EventType(user.HumanU2FTokenRemovedType), + models.EventType(user.HumanU2FTokenVerifiedType), + models.EventType(user.HumanU2FTokenCheckSucceededType), + models.EventType(user.UserV1SignedOutType), + models.EventType(user.HumanSignedOutType), + models.EventType(user.UserLockedType), + models.EventType(user.UserDeactivatedType), + models.EventType(user.UserIDPLinkRemovedType), + models.EventType(user.UserIDPLinkCascadeRemovedType), + models.EventType(user.HumanAvatarAddedType), + models.EventType(user.HumanAvatarRemovedType), + } +} diff --git a/internal/user/repository/view/query.go b/internal/user/repository/view/query.go index 594c999257..c35188a229 100644 --- a/internal/user/repository/view/query.go +++ b/internal/user/repository/view/query.go @@ -6,7 +6,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/user" ) -func UserByIDQuery(id, instanceID string, latestSequence uint64) (*es_models.SearchQuery, error) { +func UserByIDQuery(id, instanceID string, latestSequence uint64, eventTypes []es_models.EventType) (*es_models.SearchQuery, error) { if id == "" { return nil, errors.ThrowPreconditionFailed(nil, "EVENT-d8isw", "Errors.User.UserIDMissing") } @@ -14,6 +14,7 @@ func UserByIDQuery(id, instanceID string, latestSequence uint64) (*es_models.Sea AddQuery(). AggregateTypeFilter(user.AggregateType). AggregateIDFilter(id). + EventTypesFilter(eventTypes...). LatestSequenceFilter(latestSequence). InstanceIDFilter(instanceID). SearchQuery(), nil From 31ec1d83b9e6cf83fd8c2bafc0da0c7656c4baba Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 28 Jul 2023 07:39:30 +0200 Subject: [PATCH 19/32] feat: enable otp email and sms (#6260) * feat: enable otp email and sms * feat: enable otp factors in login settings * remove tests without value * translate second factors * don't add new factors yet * add comment * add factors to docs * backward compatible settings api * compile tests * add available 2fa types * test: add mapping tests --------- Co-authored-by: Livio Spring --- .../factor-table/factor-table.component.ts | 7 +- console/src/assets/i18n/bg.json | 6 +- console/src/assets/i18n/de.json | 6 +- console/src/assets/i18n/en.json | 6 +- console/src/assets/i18n/es.json | 6 +- console/src/assets/i18n/fr.json | 6 +- console/src/assets/i18n/it.json | 6 +- console/src/assets/i18n/ja.json | 6 +- console/src/assets/i18n/mk.json | 6 +- console/src/assets/i18n/pl.json | 6 +- console/src/assets/i18n/pt.json | 6 +- console/src/assets/i18n/zh.json | 6 +- .../manage/console/instance-settings.mdx | 6 +- internal/api/grpc/policy/auth_factor.go | 12 +- .../grpc/settings/v2/settings_converter.go | 6 +- .../settings/v2/settings_converter_test.go | 16 +- .../eventstore/auth_request_test.go | 44 +-- internal/command/instance.go | 6 +- .../command/instance_policy_login_test.go | 268 +++++++++++++++++- internal/command/org_policy_login_test.go | 251 ++++++++++++++-- internal/domain/factors.go | 20 +- internal/iam/model/login_policy_view.go | 8 +- internal/query/login_policy_test.go | 8 +- internal/query/projection/login_policy.go | 12 +- .../query/projection/login_policy_test.go | 80 +++++- internal/user/model/user_view.go | 4 +- proto/zitadel/policy.proto | 3 + .../settings/v2alpha/login_settings.proto | 3 + 28 files changed, 696 insertions(+), 124 deletions(-) diff --git a/console/src/app/modules/policies/login-policy/factor-table/factor-table.component.ts b/console/src/app/modules/policies/login-policy/factor-table/factor-table.component.ts index 584476d293..916e805d01 100644 --- a/console/src/app/modules/policies/login-policy/factor-table/factor-table.component.ts +++ b/console/src/app/modules/policies/login-policy/factor-table/factor-table.component.ts @@ -146,7 +146,12 @@ export class FactorTableComponent { this.componentType === LoginMethodComponentType.MultiFactor ? [MultiFactorType.MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION] : this.componentType === LoginMethodComponentType.SecondFactor - ? [SecondFactorType.SECOND_FACTOR_TYPE_U2F, SecondFactorType.SECOND_FACTOR_TYPE_OTP] + ? [ + SecondFactorType.SECOND_FACTOR_TYPE_U2F, + SecondFactorType.SECOND_FACTOR_TYPE_OTP, + SecondFactorType.SECOND_FACTOR_TYPE_OTP_SMS, + SecondFactorType.SECOND_FACTOR_TYPE_OTP_EMAIL, + ] : []; const filtered = (allTypes as Array).filter((type) => !this.list.includes(type)); diff --git a/console/src/assets/i18n/bg.json b/console/src/assets/i18n/bg.json index b5a2abb5a0..b780879a73 100644 --- a/console/src/assets/i18n/bg.json +++ b/console/src/assets/i18n/bg.json @@ -1840,8 +1840,10 @@ }, "SECONDFACTORTYPES": { "0": "неизвестен", - "1": "Еднократна парола (OTP)", - "2": "Пръстов отпечатък, ключове за сигурност, Face ID и други" + "1": "Еднократна парола чрез приложение за удостоверяване на автентичността (TOTP)", + "2": "Пръстов отпечатък, ключове за сигурност, Face ID и други", + "3": "Еднократна парола по имейл (Email OTP)", + "4": "Еднократна парола чрез SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/de.json b/console/src/assets/i18n/de.json index 01c8fb03bd..78da45b99b 100644 --- a/console/src/assets/i18n/de.json +++ b/console/src/assets/i18n/de.json @@ -1849,8 +1849,10 @@ }, "SECONDFACTORTYPES": { "0": "Unknown", - "1": "One Time Password (OTP)", - "2": "Fingerabdruck, Security Keys, Face ID und andere" + "1": "One Time Password per Authenticator App (TOTP)", + "2": "Fingerabdruck, Security Keys, Face ID und andere", + "3": "One Time Password per Email (Email OTP)", + "4": "One Time Password per SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/en.json b/console/src/assets/i18n/en.json index e4c8d5dd2d..61fa997c88 100644 --- a/console/src/assets/i18n/en.json +++ b/console/src/assets/i18n/en.json @@ -1846,8 +1846,10 @@ }, "SECONDFACTORTYPES": { "0": "Unknown", - "1": "One Time Password (OTP)", - "2": "Fingerprint, Security Keys, Face ID and other" + "1": "One Time Password by Authenticator App (TOTP)", + "2": "Fingerprint, Security Keys, Face ID and other", + "3": "One Time Password by Email (Email OTP)", + "4": "One Time Password by SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/es.json b/console/src/assets/i18n/es.json index bc7af48408..5c128eff11 100644 --- a/console/src/assets/i18n/es.json +++ b/console/src/assets/i18n/es.json @@ -1846,8 +1846,10 @@ }, "SECONDFACTORTYPES": { "0": "Desconocido", - "1": "One Time Password (OTP)", - "2": "Huella dactilar, claves de seguridad, Face ID y otros" + "1": "One Time Password por Authenticator App (TOTP)", + "2": "Huella dactilar, claves de seguridad, Face ID y otros", + "3": "One Time Password por email (Email OTP)", + "4": "One Time Password por SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/fr.json b/console/src/assets/i18n/fr.json index 61f2f7f780..676badc0e9 100644 --- a/console/src/assets/i18n/fr.json +++ b/console/src/assets/i18n/fr.json @@ -1850,8 +1850,10 @@ }, "SECONDFACTORTYPES": { "0": "Inconnu", - "1": "Mot de passe à usage unique (OTP)", - "2": "Empreinte digitale, clés de sécurité, Face ID et autres" + "1": "One Time Password par authenticator app (TOTP)", + "2": "Empreinte digitale, clés de sécurité, Face ID et autres", + "3": "One Time Password par email (Email OTP)", + "4": "One Time Password par SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/it.json b/console/src/assets/i18n/it.json index ed6e2fd811..1bec1139e6 100644 --- a/console/src/assets/i18n/it.json +++ b/console/src/assets/i18n/it.json @@ -1850,8 +1850,10 @@ }, "SECONDFACTORTYPES": { "0": "Sconosciuto", - "1": "One Time Password (OTP)", - "2": "Impronta digitale, chiave di sicurezza, Face ID e altri" + "1": "One Time Password per Authenticator App (TOTP)", + "2": "Impronta digitale, chiave di sicurezza, Face ID e altri", + "3": "One Time Password per Email (Email OTP)", + "4": "One Time Password per SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/ja.json b/console/src/assets/i18n/ja.json index bdba41562b..3551fcf4a7 100644 --- a/console/src/assets/i18n/ja.json +++ b/console/src/assets/i18n/ja.json @@ -1841,8 +1841,10 @@ }, "SECONDFACTORTYPES": { "0": "不明", - "1": "ワンタイムパスワード(OTP)", - "2": "指紋、セキュリティキー、フェイスIDなど" + "1": "認証アプリ用ワンタイムパスワード(TOTP)", + "2": "指紋、セキュリティキー、フェイスIDなど", + "3": "Eメール用ワンタイムパスワード(email OTP)", + "4": "SMS用ワンタイムパスワード(SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/mk.json b/console/src/assets/i18n/mk.json index 87d2e8a6ef..590ee2365f 100644 --- a/console/src/assets/i18n/mk.json +++ b/console/src/assets/i18n/mk.json @@ -1846,8 +1846,10 @@ }, "SECONDFACTORTYPES": { "0": "Непознато", - "1": "Еднократна лозинка (OTP)", - "2": "Отисок на прст, безбедносни клучеви, Face ID и другo" + "1": "Еднократна лозинка преку апликација за автентикатор (TOTP)", + "2": "Отпечаток на прст, безбедносни клучеви, Face ID и други", + "3": "Еднократна лозинка по е-пошта (Еmail OTP)", + "4": "Еднократна лозинка преку СМС (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/pl.json b/console/src/assets/i18n/pl.json index cd79105421..2e839ddd62 100644 --- a/console/src/assets/i18n/pl.json +++ b/console/src/assets/i18n/pl.json @@ -1850,8 +1850,10 @@ }, "SECONDFACTORTYPES": { "0": "Nieznany", - "1": "Jednorazowe hasło (OTP)", - "2": "Odcisk palca, klucze bezpieczeństwa, Face ID i inne" + "1": "Hasło jednorazowe dla aplikacji uwierzytelniającej (TOTP)", + "2": "Odcisk palca, Klucze Bezpieczeństwa, Face ID i inne", + "3": "Hasło jednorazowe dla wiadomości e-mail (Email OTP)", + "4": "Hasło jednorazowe dla wiadomości SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/pt.json b/console/src/assets/i18n/pt.json index 21e5d79359..a034c9b0ef 100644 --- a/console/src/assets/i18n/pt.json +++ b/console/src/assets/i18n/pt.json @@ -1844,8 +1844,10 @@ }, "SECONDFACTORTYPES": { "0": "Desconhecido", - "1": "Senha de Uso Único (OTP)", - "2": "Impressão Digital, Chaves de Segurança, Face ID e outros" + "1": "Senha de uso único para o aplicativo autenticador (TOTP)", + "2": "Impressão digital, Chaves de Segurança, Face ID e outros", + "3": "Senha de uso único para e-mail (Email OTP)", + "4": "Senha de uso único para SMS (SMS OTP)" } }, "LOGINPOLICY": { diff --git a/console/src/assets/i18n/zh.json b/console/src/assets/i18n/zh.json index 5247d16913..2efd31d80d 100644 --- a/console/src/assets/i18n/zh.json +++ b/console/src/assets/i18n/zh.json @@ -1849,8 +1849,10 @@ }, "SECONDFACTORTYPES": { "0": "未知", - "1": "一次性密码 (OTP)", - "2": "指纹、安全密钥、Face ID 等" + "1": "身份验证应用程序的一次性密码(TOTP)", + "2": "指纹、安全密钥、Face ID 等", + "3": "电子邮件一次性密码(email OTP)", + "4": "短信一次性密码(SMS OTP)" } }, "LOGINPOLICY": { diff --git a/docs/docs/guides/manage/console/instance-settings.mdx b/docs/docs/guides/manage/console/instance-settings.mdx index 913661c33d..471db69451 100644 --- a/docs/docs/guides/manage/console/instance-settings.mdx +++ b/docs/docs/guides/manage/console/instance-settings.mdx @@ -120,8 +120,10 @@ Multifactors: Secondfactors (2FA): -- OTP (One Time Password), Authenticator Apps like Google/Microsoft Authenticator, Authy, etc. -- U2F (Universal Second Factor), e.g FaceID, WindowsHello, Fingerprint, Hardwaretokens like Yubikey +- Time-based One Time Password (TOTP), Authenticator Apps like Google/Microsoft Authenticator, Authy, etc. +- Universal Second Factor (U2F), e.g FaceID, WindowsHello, Fingerprint, Hardwaretokens like Yubikey +- One Time Password with Email (Email OTP) +- One Time Password with SMS (SMS OTP) Force a user to register and use a multifactor authentication, by checking the option "Force MFA". Ensure that you have added the MFA methods you want to allow. diff --git a/internal/api/grpc/policy/auth_factor.go b/internal/api/grpc/policy/auth_factor.go index 56a155413c..e12eabfd94 100644 --- a/internal/api/grpc/policy/auth_factor.go +++ b/internal/api/grpc/policy/auth_factor.go @@ -16,9 +16,13 @@ func SecondFactorsTypesToDomain(secondFactorTypes []policy_pb.SecondFactorType) func SecondFactorTypeToDomain(secondFactorType policy_pb.SecondFactorType) domain.SecondFactorType { switch secondFactorType { case policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP: - return domain.SecondFactorTypeOTP + return domain.SecondFactorTypeTOTP case policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_U2F: return domain.SecondFactorTypeU2F + case policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL: + return domain.SecondFactorTypeOTPEmail + case policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS: + return domain.SecondFactorTypeOTPSMS default: return domain.SecondFactorTypeUnspecified } @@ -34,10 +38,14 @@ func ModelSecondFactorTypesToPb(types []domain.SecondFactorType) []policy_pb.Sec func ModelSecondFactorTypeToPb(secondFactorType domain.SecondFactorType) policy_pb.SecondFactorType { switch secondFactorType { - case domain.SecondFactorTypeOTP: + case domain.SecondFactorTypeTOTP: return policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP case domain.SecondFactorTypeU2F: return policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_U2F + case domain.SecondFactorTypeOTPEmail: + return policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL + case domain.SecondFactorTypeOTPSMS: + return policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS default: return policy_pb.SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED } diff --git a/internal/api/grpc/settings/v2/settings_converter.go b/internal/api/grpc/settings/v2/settings_converter.go index 4330613d04..f48177e1df 100644 --- a/internal/api/grpc/settings/v2/settings_converter.go +++ b/internal/api/grpc/settings/v2/settings_converter.go @@ -62,10 +62,14 @@ func passkeysTypeToPb(passwordlessType domain.PasswordlessType) settings.Passkey func secondFactorTypeToPb(secondFactorType domain.SecondFactorType) settings.SecondFactorType { switch secondFactorType { - case domain.SecondFactorTypeOTP: + case domain.SecondFactorTypeTOTP: return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP case domain.SecondFactorTypeU2F: return settings.SecondFactorType_SECOND_FACTOR_TYPE_U2F + case domain.SecondFactorTypeOTPEmail: + return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL + case domain.SecondFactorTypeOTPSMS: + return settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS case domain.SecondFactorTypeUnspecified: return settings.SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED default: diff --git a/internal/api/grpc/settings/v2/settings_converter_test.go b/internal/api/grpc/settings/v2/settings_converter_test.go index e81c0a70c9..37ad664f48 100644 --- a/internal/api/grpc/settings/v2/settings_converter_test.go +++ b/internal/api/grpc/settings/v2/settings_converter_test.go @@ -39,8 +39,10 @@ func Test_loginSettingsToPb(t *testing.T) { SecondFactorCheckLifetime: time.Microsecond, MultiFactorCheckLifetime: time.Nanosecond, SecondFactors: []domain.SecondFactorType{ - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, domain.SecondFactorTypeU2F, + domain.SecondFactorTypeOTPEmail, + domain.SecondFactorTypeOTPSMS, }, MultiFactors: []domain.MultiFactorType{ domain.MultiFactorTypeU2FWithPIN, @@ -69,6 +71,8 @@ func Test_loginSettingsToPb(t *testing.T) { SecondFactors: []settings.SecondFactorType{ settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP, settings.SecondFactorType_SECOND_FACTOR_TYPE_U2F, + settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL, + settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS, }, MultiFactors: []settings.MultiFactorType{ settings.MultiFactorType_MULTI_FACTOR_TYPE_U2F_WITH_VERIFICATION, @@ -146,13 +150,21 @@ func Test_secondFactorTypeToPb(t *testing.T) { want settings.SecondFactorType }{ { - args: args{domain.SecondFactorTypeOTP}, + args: args{domain.SecondFactorTypeTOTP}, want: settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP, }, { args: args{domain.SecondFactorTypeU2F}, want: settings.SecondFactorType_SECOND_FACTOR_TYPE_U2F, }, + { + args: args{domain.SecondFactorTypeOTPSMS}, + want: settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_SMS, + }, + { + args: args{domain.SecondFactorTypeOTPEmail}, + want: settings.SecondFactorType_SECOND_FACTOR_TYPE_OTP_EMAIL, + }, { args: args{domain.SecondFactorTypeUnspecified}, want: settings.SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED, diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index 29737757b1..9603387952 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -889,7 +889,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { &domain.AuthRequest{ UserID: "UserID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -923,7 +923,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { &domain.AuthRequest{ UserID: "UserID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -959,7 +959,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { UserID: "UserID", SelectedIDPConfigID: "IDPConfigID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, ExternalLoginCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, @@ -996,7 +996,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { &domain.AuthRequest{ UserID: "UserID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1027,7 +1027,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { args{&domain.AuthRequest{ UserID: "UserID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1059,7 +1059,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { args{&domain.AuthRequest{ UserID: "UserID", LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1095,7 +1095,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { UserID: "UserID", Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1132,7 +1132,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1169,7 +1169,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1208,7 +1208,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1248,7 +1248,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1288,7 +1288,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1329,7 +1329,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { Prompt: []domain.Prompt{domain.PromptNone}, Request: &domain.AuthRequestOIDC{}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, PasswordCheckLifetime: 10 * 24 * time.Hour, SecondFactorCheckLifetime: 18 * time.Hour, }, @@ -1399,7 +1399,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { SelectedIDPConfigID: "IDPConfigID", LinkingUsers: []*domain.ExternalUser{{IDPConfigID: "IDPConfigID", ExternalUserID: "UserID", DisplayName: "DisplayName"}}, LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, PasswordCheckLifetime: 10 * 24 * time.Hour, }, @@ -1503,7 +1503,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, MFAInitSkipLifetime: 30 * 24 * time.Hour, }, }, @@ -1528,7 +1528,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ ForceMFA: true, - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, MFAInitSkipLifetime: 30 * 24 * time.Hour, }, }, @@ -1573,7 +1573,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, }, }, @@ -1595,7 +1595,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, }, }, @@ -1620,7 +1620,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, }, }, @@ -1644,7 +1644,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, }, }, @@ -1666,7 +1666,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, ForceMFA: true, }, @@ -1693,7 +1693,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { args{ request: &domain.AuthRequest{ LoginPolicy: &domain.LoginPolicy{ - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, SecondFactorCheckLifetime: 18 * time.Hour, ForceMFA: true, ForceMFALocalOnly: true, diff --git a/internal/command/instance.go b/internal/command/instance.go index 6ae4776521..8bc43fbd38 100644 --- a/internal/command/instance.go +++ b/internal/command/instance.go @@ -245,8 +245,12 @@ func (c *Commands) SetUpInstance(ctx context.Context, setup *InstanceSetup) (str setup.LoginPolicy.SecondFactorCheckLifetime, setup.LoginPolicy.MultiFactorCheckLifetime, ), - prepareAddSecondFactorToDefaultLoginPolicy(instanceAgg, domain.SecondFactorTypeOTP), + prepareAddSecondFactorToDefaultLoginPolicy(instanceAgg, domain.SecondFactorTypeTOTP), prepareAddSecondFactorToDefaultLoginPolicy(instanceAgg, domain.SecondFactorTypeU2F), + /* TODO: incomment when usable + prepareAddSecondFactorToDefaultLoginPolicy(instanceAgg, domain.SecondFactorTypeOTPEmail), + prepareAddSecondFactorToDefaultLoginPolicy(instanceAgg, domain.SecondFactorTypeOTPSMS), + */ prepareAddMultiFactorToDefaultLoginPolicy(instanceAgg, domain.MultiFactorTypeU2FWithPIN), prepareAddDefaultPrivacyPolicy(instanceAgg, setup.PrivacyPolicy.TOSLink, setup.PrivacyPolicy.PrivacyLink, setup.PrivacyPolicy.HelpLink, setup.PrivacyPolicy.SupportEmail), diff --git a/internal/command/instance_policy_login_test.go b/internal/command/instance_policy_login_test.go index 881f1c9640..e69c6a5660 100644 --- a/internal/command/instance_policy_login_test.go +++ b/internal/command/instance_policy_login_test.go @@ -884,7 +884,7 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { eventFromEventPusher( instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), ), @@ -892,14 +892,14 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, }, res: res{ err: caos_errs.IsErrorAlreadyExists, }, }, { - name: "add factor, ok", + name: "add factor totp, ok", fields: fields{ eventstore: eventstoreExpect( t, @@ -910,7 +910,7 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { "INSTANCE", instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP), + domain.SecondFactorTypeTOTP), ), }, ), @@ -918,7 +918,98 @@ func TestCommandSide_AddSecondFactorDefaultLoginPolicy(t *testing.T) { }, args: args{ ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "add factor otp email, ok ", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID( + "INSTANCE", + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPEmail), + ), + }, + ), + ), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + factor: domain.SecondFactorTypeOTPEmail, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "add factor otp sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID( + "INSTANCE", + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + factor: domain.SecondFactorTypeOTPSMS, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "add factor totp, add otp sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeTOTP, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID( + "INSTANCE", + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: authz.WithInstanceID(context.Background(), "INSTANCE"), + factor: domain.SecondFactorTypeOTPSMS, }, res: res{ want: &domain.ObjectDetails{ @@ -989,14 +1080,14 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, }, res: res{ err: caos_errs.IsNotFound, }, }, { - name: "factor removed, not found error", + name: "factor removed totp, not found error", fields: fields{ eventstore: eventstoreExpect( t, @@ -1004,13 +1095,13 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { eventFromEventPusher( instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), eventFromEventPusher( instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), ), @@ -1018,14 +1109,14 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, }, res: res{ err: caos_errs.IsNotFound, }, }, { - name: "add factor, ok", + name: "factor removed otp email, not found error", fields: fields{ eventstore: eventstoreExpect( t, @@ -1033,7 +1124,65 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { eventFromEventPusher( instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeOTPEmail, + ), + ), + eventFromEventPusher( + instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPEmail, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPEmail, + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, + { + name: "factor removed otp sms, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + eventFromEventPusher( + instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, + { + name: "remove factor totp, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeTOTP, ), ), ), @@ -1042,7 +1191,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { eventFromEventPusher( instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), &instance.NewAggregate("INSTANCE").Aggregate, - domain.SecondFactorTypeOTP), + domain.SecondFactorTypeTOTP), ), }, ), @@ -1050,7 +1199,7 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, }, res: res{ want: &domain.ObjectDetails{ @@ -1058,6 +1207,97 @@ func TestCommandSide_RemoveSecondFactorDefaultLoginPolicy(t *testing.T) { }, }, }, + { + name: "remove factor email, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPEmail, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPEmail), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPEmail, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "remove factor sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + instance.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "INSTANCE", + }, + }, + }, + { + name: "factor added totp, removed otp sms, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &instance.NewAggregate("INSTANCE").Aggregate, + domain.SecondFactorTypeTOTP, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/command/org_policy_login_test.go b/internal/command/org_policy_login_test.go index f7d1accfa5..ebc96ac419 100644 --- a/internal/command/org_policy_login_test.go +++ b/internal/command/org_policy_login_test.go @@ -231,7 +231,7 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), eventFromEventPusher( @@ -265,7 +265,7 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { MFAInitSkipLifetime: time.Hour * 3, SecondFactorCheckLifetime: time.Hour * 4, MultiFactorCheckLifetime: time.Hour * 5, - SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeOTP}, + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, MultiFactors: []domain.MultiFactorType{domain.MultiFactorTypeU2FWithPIN}, }, }, @@ -1504,7 +1504,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), ), @@ -1512,7 +1512,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, resourceOwner: "org1", }, res: res{ @@ -1520,7 +1520,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { }, }, { - name: "add factor, ok", + name: "add factor totp, ok", fields: fields{ eventstore: eventstoreExpect( t, @@ -1530,7 +1530,7 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP), + domain.SecondFactorTypeTOTP), ), }, ), @@ -1538,11 +1538,96 @@ func TestCommandSide_AddSecondFactorLoginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, resourceOwner: "org1", }, res: res{ - want: domain.SecondFactorTypeOTP, + want: domain.SecondFactorTypeTOTP, + }, + }, + { + name: "add factor otp email, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectPush( + []*repository.Event{ + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPEmail), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPEmail, + resourceOwner: "org1", + }, + res: res{ + want: domain.SecondFactorTypeOTPEmail, + }, + }, + { + name: "add factor otp sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectPush( + []*repository.Event{ + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + resourceOwner: "org1", + }, + res: res{ + want: domain.SecondFactorTypeOTPSMS, + }, + }, + { + name: "add factor totp, add otp sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeTOTP, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + resourceOwner: "org1", + }, + res: res{ + want: domain.SecondFactorTypeOTPSMS, }, }, } @@ -1593,7 +1678,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, }, res: res{ err: caos_errs.IsErrorInvalidArgument, @@ -1624,7 +1709,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, resourceOwner: "org1", }, res: res{ @@ -1632,7 +1717,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, }, { - name: "factor removed, not found error", + name: "factor totp removed, not found error", fields: fields{ eventstore: eventstoreExpect( t, @@ -1640,13 +1725,13 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), eventFromEventPusher( org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeTOTP, ), ), ), @@ -1654,7 +1739,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, resourceOwner: "org1", }, res: res{ @@ -1662,7 +1747,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, }, { - name: "add factor, ok", + name: "factor otp email removed, not found error", fields: fields{ eventstore: eventstoreExpect( t, @@ -1670,7 +1755,67 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorAddedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP, + domain.SecondFactorTypeOTPEmail, + ), + ), + eventFromEventPusher( + org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPEmail, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPEmail, + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, + { + name: "factor otp sms removed, not found error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + eventFromEventPusher( + org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, + { + name: "add factor totp, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeTOTP, ), ), ), @@ -1679,7 +1824,7 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { eventFromEventPusher( org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, - domain.SecondFactorTypeOTP), + domain.SecondFactorTypeTOTP), ), }, ), @@ -1687,7 +1832,77 @@ func TestCommandSide_RemoveSecondFactoroginPolicy(t *testing.T) { }, args: args{ ctx: context.Background(), - factor: domain.SecondFactorTypeOTP, + factor: domain.SecondFactorTypeTOTP, + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "add factor otp email, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPEmail, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPEmail), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPEmail, + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + { + name: "add factor otp sms, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + org.NewLoginPolicySecondFactorAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + org.NewLoginPolicySecondFactorRemovedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + domain.SecondFactorTypeOTPSMS), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + factor: domain.SecondFactorTypeOTPSMS, resourceOwner: "org1", }, res: res{ diff --git a/internal/domain/factors.go b/internal/domain/factors.go index 172b20c665..41f1a9f8c4 100644 --- a/internal/domain/factors.go +++ b/internal/domain/factors.go @@ -4,20 +4,14 @@ type SecondFactorType int32 const ( SecondFactorTypeUnspecified SecondFactorType = iota - SecondFactorTypeOTP + SecondFactorTypeTOTP SecondFactorTypeU2F + SecondFactorTypeOTPEmail + SecondFactorTypeOTPSMS secondFactorCount ) -func SecondFactorTypes() []SecondFactorType { - types := make([]SecondFactorType, 0, secondFactorCount-1) - for i := SecondFactorTypeUnspecified + 1; i < secondFactorCount; i++ { - types = append(types, i) - } - return types -} - type MultiFactorType int32 const ( @@ -27,14 +21,6 @@ const ( multiFactorCount ) -func MultiFactorTypes() []MultiFactorType { - types := make([]MultiFactorType, 0, multiFactorCount-1) - for i := MultiFactorTypeUnspecified + 1; i < multiFactorCount; i++ { - types = append(types, i) - } - return types -} - type FactorState int32 const ( diff --git a/internal/iam/model/login_policy_view.go b/internal/iam/model/login_policy_view.go index 7a39818b9c..c4aaafa828 100644 --- a/internal/iam/model/login_policy_view.go +++ b/internal/iam/model/login_policy_view.go @@ -106,8 +106,12 @@ func secondFactorsToDomain(types []domain.SecondFactorType) []domain.SecondFacto switch secondfactorType { case domain.SecondFactorTypeU2F: secondfactors[i] = domain.SecondFactorTypeU2F - case domain.SecondFactorTypeOTP: - secondfactors[i] = domain.SecondFactorTypeOTP + case domain.SecondFactorTypeTOTP: + secondfactors[i] = domain.SecondFactorTypeTOTP + case domain.SecondFactorTypeOTPEmail: + secondfactors[i] = domain.SecondFactorTypeOTPEmail + case domain.SecondFactorTypeOTPSMS: + secondfactors[i] = domain.SecondFactorTypeOTPSMS } } return secondfactors diff --git a/internal/query/login_policy_test.go b/internal/query/login_policy_test.go index 2e1900f218..9aa398d81d 100644 --- a/internal/query/login_policy_test.go +++ b/internal/query/login_policy_test.go @@ -129,7 +129,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { true, true, true, - database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeOTP}, + database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeTOTP}, database.EnumArray[domain.MultiFactorType]{domain.MultiFactorTypeU2FWithPIN}, domain.PasswordlessTypeAllowed, true, @@ -157,7 +157,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { AllowExternalIDPs: true, ForceMFA: true, ForceMFALocalOnly: true, - SecondFactors: database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeOTP}, + SecondFactors: database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeTOTP}, MultiFactors: database.EnumArray[domain.MultiFactorType]{domain.MultiFactorTypeU2FWithPIN}, PasswordlessType: domain.PasswordlessTypeAllowed, IsDefault: true, @@ -217,7 +217,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { regexp.QuoteMeta(prepareLoginPolicy2FAsStmt), prepareLoginPolicy2FAsCols, []driver.Value{ - database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeOTP}, + database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeTOTP}, }, ), }, @@ -225,7 +225,7 @@ func Test_LoginPolicyPrepares(t *testing.T) { SearchResponse: SearchResponse{ Count: 1, }, - Factors: database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeOTP}, + Factors: database.EnumArray[domain.SecondFactorType]{domain.SecondFactorTypeTOTP}, }, }, { diff --git a/internal/query/projection/login_policy.go b/internal/query/projection/login_policy.go index 77fadc2ba8..856d02a464 100644 --- a/internal/query/projection/login_policy.go +++ b/internal/query/projection/login_policy.go @@ -115,11 +115,11 @@ func (p *loginPolicyProjection) reducers() []handler.AggregateReducer { }, { Event: org.LoginPolicySecondFactorAddedEventType, - Reduce: p.reduce2FAAdded, + Reduce: p.reduceSecondFactorAdded, }, { Event: org.LoginPolicySecondFactorRemovedEventType, - Reduce: p.reduce2FARemoved, + Reduce: p.reduceSecondFactorRemoved, }, { Event: org.OrgRemovedEventType, @@ -148,11 +148,11 @@ func (p *loginPolicyProjection) reducers() []handler.AggregateReducer { }, { Event: instance.LoginPolicySecondFactorAddedEventType, - Reduce: p.reduce2FAAdded, + Reduce: p.reduceSecondFactorAdded, }, { Event: instance.LoginPolicySecondFactorRemovedEventType, - Reduce: p.reduce2FARemoved, + Reduce: p.reduceSecondFactorRemoved, }, { Event: instance.InstanceRemovedEventType, @@ -345,7 +345,7 @@ func (p *loginPolicyProjection) reduceLoginPolicyRemoved(event eventstore.Event) ), nil } -func (p *loginPolicyProjection) reduce2FAAdded(event eventstore.Event) (*handler.Statement, error) { +func (p *loginPolicyProjection) reduceSecondFactorAdded(event eventstore.Event) (*handler.Statement, error) { var policyEvent policy.SecondFactorAddedEvent switch e := event.(type) { case *instance.LoginPolicySecondFactorAddedEvent: @@ -370,7 +370,7 @@ func (p *loginPolicyProjection) reduce2FAAdded(event eventstore.Event) (*handler ), nil } -func (p *loginPolicyProjection) reduce2FARemoved(event eventstore.Event) (*handler.Statement, error) { +func (p *loginPolicyProjection) reduceSecondFactorRemoved(event eventstore.Event) (*handler.Statement, error) { var policyEvent policy.SecondFactorRemovedEvent switch e := event.(type) { case *instance.LoginPolicySecondFactorRemovedEvent: diff --git a/internal/query/projection/login_policy_test.go b/internal/query/projection/login_policy_test.go index bd87c5c4b0..b475fa2a28 100644 --- a/internal/query/projection/login_policy_test.go +++ b/internal/query/projection/login_policy_test.go @@ -310,8 +310,8 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { }, }, { - name: "org reduce2FAAdded", - reduce: (&loginPolicyProjection{}).reduce2FAAdded, + name: "org reduceSecondFactorAdded", + reduce: (&loginPolicyProjection{}).reduceSecondFactorAdded, args: args{ event: getEvent(testEvent( repository.EventType(org.LoginPolicySecondFactorAddedEventType), @@ -342,8 +342,8 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { }, }, { - name: "org reduce2FARemoved", - reduce: (&loginPolicyProjection{}).reduce2FARemoved, + name: "org reduceSecondFactorRemoved", + reduce: (&loginPolicyProjection{}).reduceSecondFactorRemoved, args: args{ event: getEvent(testEvent( repository.EventType(org.LoginPolicySecondFactorRemovedEventType), @@ -558,8 +558,8 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { }, }, { - name: "instance reduce2FAAdded", - reduce: (&loginPolicyProjection{}).reduce2FAAdded, + name: "instance reduceSecondFactorAdded u2f", + reduce: (&loginPolicyProjection{}).reduceSecondFactorAdded, args: args{ event: getEvent(testEvent( repository.EventType(instance.LoginPolicySecondFactorAddedEventType), @@ -590,8 +590,8 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { }, }, { - name: "instance reduce2FARemoved", - reduce: (&loginPolicyProjection{}).reduce2FARemoved, + name: "instance reduceSecondFactorRemoved u2f", + reduce: (&loginPolicyProjection{}).reduceSecondFactorRemoved, args: args{ event: getEvent(testEvent( repository.EventType(instance.LoginPolicySecondFactorRemovedEventType), @@ -621,6 +621,70 @@ func TestLoginPolicyProjection_reduces(t *testing.T) { }, }, }, + { + name: "instance reduceSecondFactorAdded otp email", + reduce: (&loginPolicyProjection{}).reduceSecondFactorAdded, + args: args{ + event: getEvent(testEvent( + repository.EventType(instance.LoginPolicySecondFactorAddedEventType), + instance.AggregateType, + []byte(`{ + "mfaType": 3 + }`), + ), instance.SecondFactorAddedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("instance"), + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE projections.login_policies5 SET (change_date, sequence, second_factors) = ($1, $2, array_append(second_factors, $3)) WHERE (aggregate_id = $4) AND (instance_id = $5)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + domain.SecondFactorTypeOTPEmail, + "agg-id", + "instance-id", + }, + }, + }, + }, + }, + }, + { + name: "instance reduceSecondFactorRemoved otp email", + reduce: (&loginPolicyProjection{}).reduceSecondFactorRemoved, + args: args{ + event: getEvent(testEvent( + repository.EventType(instance.LoginPolicySecondFactorRemovedEventType), + instance.AggregateType, + []byte(`{ + "mfaType": 3 + }`), + ), instance.SecondFactorRemovedEventMapper), + }, + want: wantReduce{ + aggregateType: eventstore.AggregateType("instance"), + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE projections.login_policies5 SET (change_date, sequence, second_factors) = ($1, $2, array_remove(second_factors, $3)) WHERE (aggregate_id = $4) AND (instance_id = $5)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + domain.SecondFactorTypeOTPEmail, + "agg-id", + "instance-id", + }, + }, + }, + }, + }, + }, { name: "org.reduceOwnerRemoved", reduce: (&loginPolicyProjection{}).reduceOwnerRemoved, diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go index 8cb0d4346b..e2378a44ed 100644 --- a/internal/user/model/user_view.go +++ b/internal/user/model/user_view.go @@ -156,7 +156,7 @@ func (u *UserView) MFATypesSetupPossible(level domain.MFALevel, policy *domain.L if policy.HasSecondFactors() { for _, mfaType := range policy.SecondFactors { switch mfaType { - case domain.SecondFactorTypeOTP: + case domain.SecondFactorTypeTOTP: if u.OTPState != MFAStateReady { types = append(types, domain.MFATypeOTP) } @@ -181,7 +181,7 @@ func (u *UserView) MFATypesAllowed(level domain.MFALevel, policy *domain.LoginPo if policy.HasSecondFactors() { for _, mfaType := range policy.SecondFactors { switch mfaType { - case domain.SecondFactorTypeOTP: + case domain.SecondFactorTypeTOTP: if u.OTPState == MFAStateReady { types = append(types, domain.MFATypeOTP) } diff --git a/proto/zitadel/policy.proto b/proto/zitadel/policy.proto index 49dbe34dc3..4b3aa9035e 100644 --- a/proto/zitadel/policy.proto +++ b/proto/zitadel/policy.proto @@ -248,8 +248,11 @@ message LoginPolicy { enum SecondFactorType { SECOND_FACTOR_TYPE_UNSPECIFIED = 0; + // SECOND_FACTOR_TYPE_OTP is the type for TOTP SECOND_FACTOR_TYPE_OTP = 1; SECOND_FACTOR_TYPE_U2F = 2; + SECOND_FACTOR_TYPE_OTP_EMAIL = 3; + SECOND_FACTOR_TYPE_OTP_SMS = 4; } enum MultiFactorType { diff --git a/proto/zitadel/settings/v2alpha/login_settings.proto b/proto/zitadel/settings/v2alpha/login_settings.proto index 9d4b37237c..057d076ce0 100644 --- a/proto/zitadel/settings/v2alpha/login_settings.proto +++ b/proto/zitadel/settings/v2alpha/login_settings.proto @@ -113,8 +113,11 @@ message LoginSettings { enum SecondFactorType { SECOND_FACTOR_TYPE_UNSPECIFIED = 0; + // This is the type for TOTP SECOND_FACTOR_TYPE_OTP = 1; SECOND_FACTOR_TYPE_U2F = 2; + SECOND_FACTOR_TYPE_OTP_EMAIL = 3; + SECOND_FACTOR_TYPE_OTP_SMS = 4; } enum MultiFactorType { From 789dcd86154b216fcd524b9c715e936893bcdb63 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 28 Jul 2023 09:09:15 +0200 Subject: [PATCH 20/32] fix: password hash update and add missing i18n (#6285) --- internal/api/ui/login/static/i18n/bg.yaml | 1 + internal/api/ui/login/static/i18n/de.yaml | 1 + internal/api/ui/login/static/i18n/en.yaml | 1 + internal/api/ui/login/static/i18n/es.yaml | 1 + internal/api/ui/login/static/i18n/fr.yaml | 1 + internal/api/ui/login/static/i18n/it.yaml | 1 + internal/api/ui/login/static/i18n/ja.yaml | 1 + internal/api/ui/login/static/i18n/mk.yaml | 1 + internal/api/ui/login/static/i18n/pl.yaml | 1 + internal/api/ui/login/static/i18n/pt.yaml | 1 + internal/api/ui/login/static/i18n/zh.yaml | 1 + internal/command/user_human_password_model.go | 3 ++- internal/query/user_password.go | 3 ++- internal/repository/user/eventstore.go | 2 +- internal/repository/user/human_password.go | 3 ++- internal/repository/user/v1.go | 1 - internal/static/i18n/bg.yaml | 4 ++++ internal/static/i18n/de.yaml | 4 ++++ internal/static/i18n/en.yaml | 4 ++++ internal/static/i18n/es.yaml | 4 ++++ internal/static/i18n/fr.yaml | 4 ++++ internal/static/i18n/it.yaml | 4 ++++ internal/static/i18n/ja.yaml | 4 ++++ internal/static/i18n/mk.yaml | 4 ++++ internal/static/i18n/pl.yaml | 4 ++++ internal/static/i18n/pt.yaml | 5 +++++ internal/static/i18n/zh.yaml | 4 ++++ 27 files changed, 63 insertions(+), 5 deletions(-) diff --git a/internal/api/ui/login/static/i18n/bg.yaml b/internal/api/ui/login/static/i18n/bg.yaml index 20b1c1084a..030e96fc2f 100644 --- a/internal/api/ui/login/static/i18n/bg.yaml +++ b/internal/api/ui/login/static/i18n/bg.yaml @@ -391,6 +391,7 @@ Errors: InvalidAndLocked: >- Паролата е невалидна и потребителят е заключен, свържете се с вашия администратор. + NotChanged: Паролата не е променена UsernameOrPassword: Invalid: Потребителското име или паролата са невалидни PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/de.yaml b/internal/api/ui/login/static/i18n/de.yaml index 9845803595..df9cf77b6b 100644 --- a/internal/api/ui/login/static/i18n/de.yaml +++ b/internal/api/ui/login/static/i18n/de.yaml @@ -399,6 +399,7 @@ Errors: Empty: Passwort ist leer Invalid: Passwort ungültig InvalidAndLocked: Password ist ungültig und Benutzer wurde gesperrt, melden Sie sich bei ihrem Administrator. + NotChanged: Passwort nicht geändert UsernameOrPassword: Invalid: Username oder Passwort ist ungültig PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/en.yaml b/internal/api/ui/login/static/i18n/en.yaml index ceb60654e8..3e06b634fb 100644 --- a/internal/api/ui/login/static/i18n/en.yaml +++ b/internal/api/ui/login/static/i18n/en.yaml @@ -399,6 +399,7 @@ Errors: Empty: Password is empty Invalid: Password is invalid InvalidAndLocked: Password is invalid and user is locked, contact your administrator. + NotChanged: Password not changed UsernameOrPassword: Invalid: Username or Password is invalid PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/es.yaml b/internal/api/ui/login/static/i18n/es.yaml index 7adf48d537..241ea2d930 100644 --- a/internal/api/ui/login/static/i18n/es.yaml +++ b/internal/api/ui/login/static/i18n/es.yaml @@ -381,6 +381,7 @@ Errors: Empty: La contraseña está vacía Invalid: La contraseña no es válida InvalidAndLocked: La contraseña no es válida y el usuario está bloqueado, contacta con tu administrador. + NotChanged: Contraseña no modificada UsernameOrPassword: Invalid: El nombre de usuario o la contraseña no son válidos PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/fr.yaml b/internal/api/ui/login/static/i18n/fr.yaml index 7cd2b0ad8c..45e62770d3 100644 --- a/internal/api/ui/login/static/i18n/fr.yaml +++ b/internal/api/ui/login/static/i18n/fr.yaml @@ -399,6 +399,7 @@ Errors: Empty: Le mot de passe est vide Invalid: Le mot de passe n'est pas valide InvalidAndLocked: Le mot de passe n'est pas valide et l'utilisateur est verrouillé, contactez votre administrateur. + NotChanged: Mot de passe non modifié UsernameOrPassword: Invalid: Le nom d'utilisateur ou le mot de passe n'est pas valide PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/it.yaml b/internal/api/ui/login/static/i18n/it.yaml index 8a30e9f976..3aa6c5c54b 100644 --- a/internal/api/ui/login/static/i18n/it.yaml +++ b/internal/api/ui/login/static/i18n/it.yaml @@ -399,6 +399,7 @@ Errors: Empty: La password è vuota Invalid: La password non è valida InvalidAndLocked: La password non è valida e l'utente è bloccato, contatta il tuo amministratore. + NotChanged: Password non modificata UsernameOrPassword: Invalid: Il nome utente o la password non sono validi PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/ja.yaml b/internal/api/ui/login/static/i18n/ja.yaml index 599710131c..9db77893c8 100644 --- a/internal/api/ui/login/static/i18n/ja.yaml +++ b/internal/api/ui/login/static/i18n/ja.yaml @@ -362,6 +362,7 @@ Errors: Empty: パスワードが空です Invalid: 無効なパスワードです InvalidAndLocked: パスワードが無効かつユーザーがロックされているため、管理者に連絡してください。 + NotChanged: パスワードは変更されていません UsernameOrPassword: Invalid: ユーザー名またはパスワードは無効です PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/mk.yaml b/internal/api/ui/login/static/i18n/mk.yaml index d17f2fdbbf..9f6dc6fc51 100644 --- a/internal/api/ui/login/static/i18n/mk.yaml +++ b/internal/api/ui/login/static/i18n/mk.yaml @@ -401,6 +401,7 @@ Errors: Empty: Лозинката е празна Invalid: Лозинката не е валидна InvalidAndLocked: Лозинката не е валидна и корисникот е заклучен, контактирајте со вашиот администратор. + NotChanged: Лозинката не е променета UsernameOrPassword: Invalid: Корисничкото име и/или лозинката не се валидни PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/pl.yaml b/internal/api/ui/login/static/i18n/pl.yaml index 56d4cc6838..e4046b95f7 100644 --- a/internal/api/ui/login/static/i18n/pl.yaml +++ b/internal/api/ui/login/static/i18n/pl.yaml @@ -399,6 +399,7 @@ Errors: Empty: Hasło jest puste Invalid: Hasło jest niepoprawne InvalidAndLocked: Hasło jest niepoprawne i użytkownik jest zablokowany, skontaktuj się z administratorem. + NotChanged: Hasło nie zostało zmienione UsernameOrPassword: Invalid: Nazwa użytkownika lub hasło jest niepoprawne PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/pt.yaml b/internal/api/ui/login/static/i18n/pt.yaml index e887ff6bca..cba0948f72 100644 --- a/internal/api/ui/login/static/i18n/pt.yaml +++ b/internal/api/ui/login/static/i18n/pt.yaml @@ -397,6 +397,7 @@ Errors: Empty: A senha está vazia Invalid: A senha é inválida InvalidAndLocked: A senha é inválida e o usuário está bloqueado, entre em contato com o administrador. + NotChanged: Senha não alterada UsernameOrPassword: Invalid: Nome de usuário ou senha inválidos PasswordComplexityPolicy: diff --git a/internal/api/ui/login/static/i18n/zh.yaml b/internal/api/ui/login/static/i18n/zh.yaml index 0680fa267e..eb27f0de2a 100644 --- a/internal/api/ui/login/static/i18n/zh.yaml +++ b/internal/api/ui/login/static/i18n/zh.yaml @@ -399,6 +399,7 @@ Errors: Empty: 密码为空 Invalid: 密码无效 InvalidAndLocked: 密码无效且用户被锁定,请联系您的管理员。 + NotChanged: 密码未更改 UsernameOrPassword: Invalid: 用户名或密码无效 PasswordComplexityPolicy: diff --git a/internal/command/user_human_password_model.go b/internal/command/user_human_password_model.go index c0ca58f58a..c4064ba157 100644 --- a/internal/command/user_human_password_model.go +++ b/internal/command/user_human_password_model.go @@ -90,6 +90,7 @@ func (wm *HumanPasswordWriteModel) Query() *eventstore.SearchQueryBuilder { user.HumanEmailVerifiedType, user.HumanPasswordCheckFailedType, user.HumanPasswordCheckSucceededType, + user.HumanPasswordHashUpdatedType, user.UserRemovedType, user.UserUnlockedType, user.UserV1AddedType, @@ -101,7 +102,7 @@ func (wm *HumanPasswordWriteModel) Query() *eventstore.SearchQueryBuilder { user.UserV1EmailVerifiedType, user.UserV1PasswordCheckFailedType, user.UserV1PasswordCheckSucceededType, - user.UserV1PasswordHashUpdatedType). + ). Builder() if wm.ResourceOwner != "" { diff --git a/internal/query/user_password.go b/internal/query/user_password.go index 97ca99541d..9d8ab71405 100644 --- a/internal/query/user_password.go +++ b/internal/query/user_password.go @@ -126,6 +126,7 @@ func (wm *HumanPasswordReadModel) Query() *eventstore.SearchQueryBuilder { user.HumanEmailVerifiedType, user.HumanPasswordCheckFailedType, user.HumanPasswordCheckSucceededType, + user.HumanPasswordHashUpdatedType, user.UserRemovedType, user.UserUnlockedType, user.UserV1AddedType, @@ -137,7 +138,7 @@ func (wm *HumanPasswordReadModel) Query() *eventstore.SearchQueryBuilder { user.UserV1EmailVerifiedType, user.UserV1PasswordCheckFailedType, user.UserV1PasswordCheckSucceededType, - user.UserV1PasswordHashUpdatedType). + ). Builder() if wm.ResourceOwner != "" { diff --git a/internal/repository/user/eventstore.go b/internal/repository/user/eventstore.go index 847736b60b..1505c31cff 100644 --- a/internal/repository/user/eventstore.go +++ b/internal/repository/user/eventstore.go @@ -17,7 +17,6 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, UserV1PasswordCodeSentType, HumanPasswordCodeSentEventMapper). RegisterFilterEventMapper(AggregateType, UserV1PasswordCheckSucceededType, HumanPasswordCheckSucceededEventMapper). RegisterFilterEventMapper(AggregateType, UserV1PasswordCheckFailedType, HumanPasswordCheckFailedEventMapper). - RegisterFilterEventMapper(AggregateType, UserV1PasswordHashUpdatedType, eventstore.GenericEventMapper[HumanPasswordHashUpdatedEvent]). RegisterFilterEventMapper(AggregateType, UserV1EmailChangedType, HumanEmailChangedEventMapper). RegisterFilterEventMapper(AggregateType, UserV1EmailVerifiedType, HumanEmailVerifiedEventMapper). RegisterFilterEventMapper(AggregateType, UserV1EmailVerificationFailedType, HumanEmailVerificationFailedEventMapper). @@ -63,6 +62,7 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, HumanPasswordChangeSentType, HumanPasswordChangeSentEventMapper). RegisterFilterEventMapper(AggregateType, HumanPasswordCheckSucceededType, HumanPasswordCheckSucceededEventMapper). RegisterFilterEventMapper(AggregateType, HumanPasswordCheckFailedType, HumanPasswordCheckFailedEventMapper). + RegisterFilterEventMapper(AggregateType, HumanPasswordHashUpdatedType, eventstore.GenericEventMapper[HumanPasswordHashUpdatedEvent]). RegisterFilterEventMapper(AggregateType, UserIDPLinkAddedType, UserIDPLinkAddedEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPLinkRemovedType, UserIDPLinkRemovedEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPLinkCascadeRemovedType, UserIDPLinkCascadeRemovedEventMapper). diff --git a/internal/repository/user/human_password.go b/internal/repository/user/human_password.go index f2f40cd6ce..909da24261 100644 --- a/internal/repository/user/human_password.go +++ b/internal/repository/user/human_password.go @@ -21,6 +21,7 @@ const ( HumanPasswordCodeSentType = passwordEventPrefix + "code.sent" HumanPasswordCheckSucceededType = passwordEventPrefix + "check.succeeded" HumanPasswordCheckFailedType = passwordEventPrefix + "check.failed" + HumanPasswordHashUpdatedType = passwordEventPrefix + "hash.updated" ) type HumanPasswordChangedEvent struct { @@ -298,7 +299,7 @@ func NewHumanPasswordHashUpdatedEvent( BaseEvent: *eventstore.NewBaseEventForPush( ctx, aggregate, - HumanPasswordCheckFailedType, + HumanPasswordHashUpdatedType, ), EncodedHash: encoded, } diff --git a/internal/repository/user/v1.go b/internal/repository/user/v1.go index a2974bad98..010e1a235d 100644 --- a/internal/repository/user/v1.go +++ b/internal/repository/user/v1.go @@ -15,7 +15,6 @@ const ( UserV1PasswordCodeSentType = userV1PasswordEventTypePrefix + "code.sent" UserV1PasswordCheckSucceededType = userV1PasswordEventTypePrefix + "check.succeeded" UserV1PasswordCheckFailedType = userV1PasswordEventTypePrefix + "check.failed" - UserV1PasswordHashUpdatedType = userV1PasswordEventTypePrefix + "hash.updated" userV1EmailEventTypePrefix = userEventTypePrefix + "email." UserV1EmailChangedType = userV1EmailEventTypePrefix + "changed" diff --git a/internal/static/i18n/bg.yaml b/internal/static/i18n/bg.yaml index 959c5fbbff..33dd828a72 100644 --- a/internal/static/i18n/bg.yaml +++ b/internal/static/i18n/bg.yaml @@ -682,6 +682,10 @@ EventTypes: check: succeeded: Проверката на паролата е успешна failed: Проверката на паролата е неуспешна + change: + sent: Промяната на паролата е изпратена + hash: + updated: Хешът на паролата е актуализиран phone: changed: Телефонният номер е променен verified: Телефонният номер е потвърден diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml index 929ce1db6d..b485f65c67 100644 --- a/internal/static/i18n/de.yaml +++ b/internal/static/i18n/de.yaml @@ -583,6 +583,10 @@ EventTypes: check: succeeded: Passwortvalidierung erfolgreich failed: Passwortvalidierung fehlgeschlagen + change: + sent: Passwordänderung versendet + hash: + updated: Passwort Hash geändert externallogin: check: succeeded: Externer login erfolgreich durchgeführt diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index f623dc2133..93a5290456 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -583,6 +583,10 @@ EventTypes: check: succeeded: Password check succeeded failed: Password check failed + change: + sent: Password change sent + hash: + updated: Password hash updated externallogin: check: succeeded: External login succeeded diff --git a/internal/static/i18n/es.yaml b/internal/static/i18n/es.yaml index 097bd9e7c1..5dc4a3ab49 100644 --- a/internal/static/i18n/es.yaml +++ b/internal/static/i18n/es.yaml @@ -583,6 +583,10 @@ EventTypes: check: succeeded: Comprobación exitosa de la contraseña failed: Fallo en la comprobación de la contraseña + change: + sent: Cambio de contraseña enviado + hash: + updated: Hash de contraseña actualizado externallogin: check: succeeded: Inicio de sesión externo con éxito diff --git a/internal/static/i18n/fr.yaml b/internal/static/i18n/fr.yaml index 7fba4deaf2..b80a9ed33e 100644 --- a/internal/static/i18n/fr.yaml +++ b/internal/static/i18n/fr.yaml @@ -581,6 +581,10 @@ EventTypes: check: succeeded: Vérification du mot de passe réussie failed: La vérification du mot de passe a échoué + change: + sent: Changement de mot de passe envoyé + hash: + updated: Hachage du mot de passe mis à jour externallogin: check: succeeded: Connexion externe réussie diff --git a/internal/static/i18n/it.yaml b/internal/static/i18n/it.yaml index 4981dc3070..e1bd873bb1 100644 --- a/internal/static/i18n/it.yaml +++ b/internal/static/i18n/it.yaml @@ -581,6 +581,10 @@ EventTypes: check: succeeded: Controllo della password riuscito failed: Controllo della password fallito + change: + sent: Cambio password inviato + hash: + updated: Hash della password aggiornato externallogin: check: succeeded: Accesso esterno riuscito diff --git a/internal/static/i18n/ja.yaml b/internal/static/i18n/ja.yaml index d0ba74e274..eadf7ad5ab 100644 --- a/internal/static/i18n/ja.yaml +++ b/internal/static/i18n/ja.yaml @@ -655,6 +655,10 @@ EventTypes: check: succeeded: パスワードチェックの成功 failed: パスワードチェックの失敗 + change: + sent: パスワード変更を送信しました + hash: + updated: パスワードハッシュが更新されました phone: changed: 電話番号の変更 verified: 電話番号の検証 diff --git a/internal/static/i18n/mk.yaml b/internal/static/i18n/mk.yaml index a02b79dc91..c3fcfdf69b 100644 --- a/internal/static/i18n/mk.yaml +++ b/internal/static/i18n/mk.yaml @@ -666,6 +666,10 @@ EventTypes: check: succeeded: Проверката на лозинката е успешна failed: Проверката на лозинката е неуспешна + change: + sent: Промената на лозинката е испратена + hash: + updated: Хашот на лозинката е ажуриран phone: changed: Бројот на телефонот е променет verified: Бројот на телефонот е верифициран diff --git a/internal/static/i18n/pl.yaml b/internal/static/i18n/pl.yaml index 3e48f45825..aa84c8ca5b 100644 --- a/internal/static/i18n/pl.yaml +++ b/internal/static/i18n/pl.yaml @@ -583,6 +583,10 @@ EventTypes: check: succeeded: Sprawdzenie hasła zakończone powodzeniem failed: Sprawdzenie hasła nie powiodło się + change: + sent: Wysłano zmianę hasła + hash: + updated: Zaktualizowano skrót hasła externallogin: check: succeeded: Zewnętrzne logowanie zakończone powodzeniem diff --git a/internal/static/i18n/pt.yaml b/internal/static/i18n/pt.yaml index 963191eb55..4f3c5af85c 100644 --- a/internal/static/i18n/pt.yaml +++ b/internal/static/i18n/pt.yaml @@ -120,6 +120,7 @@ Errors: Empty: Senha está vazia Invalid: Senha é inválida NotSet: O usuário não definiu uma senha + NotChanged: Senha não alterada PasswordComplexityPolicy: NotFound: Política de complexidade de senha não encontrada MinLength: A senha é muito curta @@ -660,6 +661,10 @@ EventTypes: check: succeeded: Verificação de senha bem-sucedida failed: Verificação de senha falhou + change: + sent: Alteração de senha enviada + hash: + updated: Hash da senha atualizado phone: changed: Número de telefone alterado verified: Número de telefone verificado diff --git a/internal/static/i18n/zh.yaml b/internal/static/i18n/zh.yaml index 1209fd5159..fb068a2337 100644 --- a/internal/static/i18n/zh.yaml +++ b/internal/static/i18n/zh.yaml @@ -664,6 +664,10 @@ EventTypes: check: succeeded: 密码检查成功 failed: 密码检查失败 + change: + sent: 密码更改已发送 + hash: + updated: 密码哈希已更新 phone: changed: 更改手机号码 verified: 验证手机号码 From 43cb62ca4ea5c7e3523ec2a0991335a7e52dc785 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 28 Jul 2023 09:58:05 +0200 Subject: [PATCH 21/32] fix(i18n): do not translate language itself (#6286) --- CONTRIBUTING.md | 1 + internal/api/ui/login/static/i18n/bg.yaml | 22 +++++++++++++--------- internal/api/ui/login/static/i18n/de.yaml | 4 ++++ internal/api/ui/login/static/i18n/en.yaml | 6 +++++- internal/api/ui/login/static/i18n/es.yaml | 6 +++++- internal/api/ui/login/static/i18n/fr.yaml | 4 ++++ internal/api/ui/login/static/i18n/it.yaml | 4 ++++ internal/api/ui/login/static/i18n/ja.yaml | 4 ++++ internal/api/ui/login/static/i18n/mk.yaml | 4 +++- internal/api/ui/login/static/i18n/pl.yaml | 4 ++++ internal/api/ui/login/static/i18n/pt.yaml | 16 ++++++++-------- internal/api/ui/login/static/i18n/zh.yaml | 4 ++++ 12 files changed, 59 insertions(+), 20 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5884c559b2..2b04c7d361 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -375,6 +375,7 @@ ZITADEL loads translations from four files: - [Common texts](./internal/static/i18n) for success or error toasts You may edit the texts in these files or create a new file for additional language support. Make sure you set the locale (ISO 639-1 code) as the name of the new language file. +Please make sure that the languages within the files remain in their own language, e.g. German must always be `Deutsch. ## Want to start ZITADEL? diff --git a/internal/api/ui/login/static/i18n/bg.yaml b/internal/api/ui/login/static/i18n/bg.yaml index 030e96fc2f..33e963c63d 100644 --- a/internal/api/ui/login/static/i18n/bg.yaml +++ b/internal/api/ui/login/static/i18n/bg.yaml @@ -213,11 +213,11 @@ RegistrationUser: LastnameLabel: Фамилия LanguageLabel: език German: Deutsch - English: Английски - Italian: Италиано + English: English + Italian: Italiano French: Français Chinese: 简体中文 - Polish: Полски + Polish: Polski Japanese: 日本語 Spanish: Español Bulgarian: Български @@ -248,13 +248,15 @@ ExternalRegistrationUserOverview: PhoneLabel: Телефонен номер LanguageLabel: език German: Deutsch - English: Английски - Italian: Италиано + English: English + Italian: Italiano French: Français Chinese: 简体中文 + Polish: Polski Japanese: 日本語 - Polish: Полски Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Правила и условия TosConfirm: Приемам @@ -305,13 +307,15 @@ ExternalNotFound: PrivacyConfirm: Приемам PrivacyLinkText: политика за поверителност German: Deutsch - English: Английски - Italian: Италиано + English: English + Italian: Italiano French: Français Chinese: 简体中文 - Polish: Полски + Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/de.yaml b/internal/api/ui/login/static/i18n/de.yaml index df9cf77b6b..490d9ebc08 100644 --- a/internal/api/ui/login/static/i18n/de.yaml +++ b/internal/api/ui/login/static/i18n/de.yaml @@ -258,6 +258,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Allgemeine Geschäftsbedingungen und Datenschutz TosConfirm: Ich akzeptiere die @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/en.yaml b/internal/api/ui/login/static/i18n/en.yaml index 3e06b634fb..76c7e0ff0e 100644 --- a/internal/api/ui/login/static/i18n/en.yaml +++ b/internal/api/ui/login/static/i18n/en.yaml @@ -222,6 +222,7 @@ RegistrationUser: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български Portuguese: Português Macedonian: Македонски GenderLabel: Gender @@ -254,9 +255,11 @@ ExternalRegistrationUserOverview: Italian: Italiano French: Français Chinese: 简体中文 - Japanese: 日本語 Polish: Polski + Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Terms and conditions TosConfirm: I accept the @@ -320,6 +323,7 @@ ExternalNotFound: Japanese: 日本語 Spanish: Español Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/es.yaml b/internal/api/ui/login/static/i18n/es.yaml index 241ea2d930..ed98842db9 100644 --- a/internal/api/ui/login/static/i18n/es.yaml +++ b/internal/api/ui/login/static/i18n/es.yaml @@ -255,9 +255,11 @@ ExternalRegistrationUserOverview: Italian: Italiano French: Français Chinese: 简体中文 - Japanese: 日本語 Polish: Polski + Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Términos y condiciones TosConfirm: Acepto los @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски Footer: diff --git a/internal/api/ui/login/static/i18n/fr.yaml b/internal/api/ui/login/static/i18n/fr.yaml index 45e62770d3..29db5b3e2c 100644 --- a/internal/api/ui/login/static/i18n/fr.yaml +++ b/internal/api/ui/login/static/i18n/fr.yaml @@ -258,6 +258,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Termes et conditions TosConfirm: J'accepte les @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/it.yaml b/internal/api/ui/login/static/i18n/it.yaml index 3aa6c5c54b..5e998c2e54 100644 --- a/internal/api/ui/login/static/i18n/it.yaml +++ b/internal/api/ui/login/static/i18n/it.yaml @@ -258,6 +258,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Termini di servizio TosConfirm: Accetto i @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/ja.yaml b/internal/api/ui/login/static/i18n/ja.yaml index 9db77893c8..f51a1ca3d1 100644 --- a/internal/api/ui/login/static/i18n/ja.yaml +++ b/internal/api/ui/login/static/i18n/ja.yaml @@ -250,6 +250,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: 利用規約 TosConfirm: 私は利用規約を承諾します。 @@ -312,6 +314,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/mk.yaml b/internal/api/ui/login/static/i18n/mk.yaml index 9f6dc6fc51..217ab7e2f6 100644 --- a/internal/api/ui/login/static/i18n/mk.yaml +++ b/internal/api/ui/login/static/i18n/mk.yaml @@ -222,6 +222,7 @@ RegistrationUser: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български Portuguese: Português Macedonian: Македонски GenderLabel: Пол @@ -254,9 +255,10 @@ ExternalRegistrationUserOverview: Italian: Italiano French: Français Chinese: 简体中文 - Japanese: 日本語 Polish: Polski + Japanese: 日本語 Spanish: Español + Bulgarian: Български Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Правила и услови diff --git a/internal/api/ui/login/static/i18n/pl.yaml b/internal/api/ui/login/static/i18n/pl.yaml index e4046b95f7..8561cec9e3 100644 --- a/internal/api/ui/login/static/i18n/pl.yaml +++ b/internal/api/ui/login/static/i18n/pl.yaml @@ -258,6 +258,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: Warunki i zasady TosConfirm: Akceptuję @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: diff --git a/internal/api/ui/login/static/i18n/pt.yaml b/internal/api/ui/login/static/i18n/pt.yaml index cba0948f72..42c6c27a0f 100644 --- a/internal/api/ui/login/static/i18n/pt.yaml +++ b/internal/api/ui/login/static/i18n/pt.yaml @@ -210,15 +210,15 @@ RegistrationUser: FirstnameLabel: Nome próprio LastnameLabel: Sobrenome LanguageLabel: Idioma - German: Alemão - English: Inglês + German: Deutsch + English: English Italian: Italiano - French: Francês - Chinese: Chinês simplificado - Polish: Polonês - Japanese: Japonês - Spanish: Espanhol - Bulgarian: Búlgaro + French: Français + Chinese: 简体中文 + Polish: Polski + Japanese: 日本語 + Spanish: Español + Bulgarian: Български Portuguese: Português Macedonian: Македонски GenderLabel: Gênero diff --git a/internal/api/ui/login/static/i18n/zh.yaml b/internal/api/ui/login/static/i18n/zh.yaml index eb27f0de2a..204e1a45ad 100644 --- a/internal/api/ui/login/static/i18n/zh.yaml +++ b/internal/api/ui/login/static/i18n/zh.yaml @@ -258,6 +258,8 @@ ExternalRegistrationUserOverview: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски TosAndPrivacyLabel: 条款和条款 TosConfirm: 我接受 @@ -320,6 +322,8 @@ ExternalNotFound: Polish: Polski Japanese: 日本語 Spanish: Español + Bulgarian: Български + Portuguese: Português Macedonian: Македонски DeviceAuth: From fca925659c5f7aa55a6fc65460f8a119c2df641e Mon Sep 17 00:00:00 2001 From: sazzad-eu <128996195+sazzad-eu@users.noreply.github.com> Date: Fri, 28 Jul 2023 13:22:32 +0200 Subject: [PATCH 22/32] docs: typo in the readme (#6273) Update modules.md Co-authored-by: Fabi --- docs/docs/apis/actions/modules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/docs/apis/actions/modules.md b/docs/docs/apis/actions/modules.md index 62a1c93717..2cc99a222e 100644 --- a/docs/docs/apis/actions/modules.md +++ b/docs/docs/apis/actions/modules.md @@ -39,7 +39,7 @@ This function allows to call HTTP servers. The function does NOT fulfil the [Fet #### Response -If the request was valid, an error will be thrown, otherwise a Response object will be returned. +If the request was invalid, an error will be thrown, otherwise a Response object will be returned. The object has the following fields and methods: From b8dbfc71b69e7621328d7062fceff3bbaa339a58 Mon Sep 17 00:00:00 2001 From: Fabi Date: Fri, 28 Jul 2023 13:25:02 +0200 Subject: [PATCH 23/32] docs: add org scope to quickstart (#6261) * docs: add org scope to quickstart * docs: move org login description --- .../guides/manage/console/organizations.mdx | 14 +++++++++++++ docs/docs/guides/start/quickstart.mdx | 21 ------------------- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/docs/docs/guides/manage/console/organizations.mdx b/docs/docs/guides/manage/console/organizations.mdx index b359c3ca2e..32fe246584 100644 --- a/docs/docs/guides/manage/console/organizations.mdx +++ b/docs/docs/guides/manage/console/organizations.mdx @@ -104,6 +104,20 @@ If you need custom branding on a organization (for example in a B2B scenario, wh The behaviour of the login page, applyling custom design, is then defined on your projects detail page. Read more about it [here](./projects#branding) + +## Show Organization Login + +As you should know by now ZITADEL knows the concept of Organizations. +You can define [default settings](/docs/guides/manage/console/instance-settings) for your ZITADEL, or you can overwrite them for an [Organization](#organization-settings). +Per default the ZITADEL Login will always show what is defined per default. As soon as the Organization context is given, the settings defined on the specific organization can be triggered. +This means when you want to trigger the settings of an organization directly, make sure to send the organization scope in the authentication request. +``` bash +urn:zitadel:iam:org:id:{id} +``` + +Read more about the [scopes](/docs/apis/openidoauth/scopes#reserved-scopes) or try it out in our [OIDC Playground](/docs/apis/openidoauth/authrequest). + + ## Default organization On the instance settings page ($YOUR_DOMAIN//ui/console/orgs) you can set an organization as default organization. diff --git a/docs/docs/guides/start/quickstart.mdx b/docs/docs/guides/start/quickstart.mdx index 470224cc54..4f4d967d4d 100644 --- a/docs/docs/guides/start/quickstart.mdx +++ b/docs/docs/guides/start/quickstart.mdx @@ -620,24 +620,3 @@ This tutorial covered how to configure ZITADEL and how to use React to build an We hope you enjoyed the tutorial and encourage you to check out the ZITADEL [documentation](https://zitadel.com/docs) for more information on how to use the ZITADEL platform to its full potential. Thanks for joining us! - - - - - - - - - - - - - - - - - - - - - From 782f7ad6473bb6c2f7d0cab8dfece93adcdbb230 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Mon, 31 Jul 2023 15:55:26 +0200 Subject: [PATCH 24/32] fix(OIDC): introspection (#6298) * fix(OIDC): introspect for PAT * fix(OIDC): introspect for PAT * fix(OIDC): introspect * remove adding projectID into audience --- internal/api/oidc/client.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/internal/api/oidc/client.go b/internal/api/oidc/client.go index 7a418df9ac..09475f1dec 100644 --- a/internal/api/oidc/client.go +++ b/internal/api/oidc/client.go @@ -189,7 +189,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection return errors.ThrowPermissionDenied(nil, "OIDC-Adfg5", "client not found") } return o.introspect(ctx, introspection, - tokenID, token.UserID, token.ClientID, projectID, + tokenID, token.UserID, token.ClientID, clientID, projectID, token.Audience, token.Scope, token.AccessTokenCreation, token.AccessTokenExpiration) } @@ -209,7 +209,7 @@ func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection } } return o.introspect(ctx, introspection, - token.ID, token.UserID, token.ApplicationID, projectID, + token.ID, token.UserID, token.ApplicationID, clientID, projectID, token.Audience, token.Scopes, token.CreationDate, token.Expiration) } @@ -272,7 +272,7 @@ func (o *OPStorage) isOriginAllowed(ctx context.Context, clientID, origin string func (o *OPStorage) introspect( ctx context.Context, introspection *oidc.IntrospectionResponse, - tokenID, subject, clientID, projectID string, + tokenID, subject, tokenClientID, introspectionClientID, introspectionProjectID string, audience, scope []string, tokenCreation, tokenExpiration time.Time, ) (err error) { @@ -280,15 +280,15 @@ func (o *OPStorage) introspect( defer func() { span.EndWithError(err) }() for _, aud := range audience { - if aud == clientID || aud == projectID { + if aud == introspectionClientID || aud == introspectionProjectID { userInfo := new(oidc.UserInfo) - err = o.setUserinfo(ctx, userInfo, subject, clientID, scope, []string{projectID}) // always + err = o.setUserinfo(ctx, userInfo, subject, introspectionClientID, scope, []string{introspectionProjectID}) if err != nil { return err } introspection.SetUserInfo(userInfo) introspection.Scope = scope - introspection.ClientID = clientID + introspection.ClientID = tokenClientID introspection.TokenType = oidc.BearerToken introspection.Expiration = oidc.FromTime(tokenExpiration) introspection.IssuedAt = oidc.FromTime(tokenCreation) From dd480f8a8d730b6405d4648029a1c091bf95da48 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Tue, 1 Aug 2023 13:21:44 +0200 Subject: [PATCH 25/32] feat(login): reuse existing session if no prompt is provided and only single session exists (#6272) * feat: reuse existing session if no prompt is provided and only single session exists * fix tests --- .../eventsourcing/eventstore/auth_request.go | 20 ++- .../eventstore/auth_request_test.go | 133 +++++++++++++++++- 2 files changed, 143 insertions(+), 10 deletions(-) diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index c37dd8a79f..9e797b8d0b 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -921,11 +921,15 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth steps = append(steps, new(domain.ExternalNotFoundOptionStep)) return steps, nil } - steps = append(steps, new(domain.LoginStep)) if domain.IsPrompt(request.Prompt, domain.PromptCreate) { return append(steps, &domain.RegistrationStep{}), nil } - if len(request.Prompt) == 0 || domain.IsPrompt(request.Prompt, domain.PromptSelectAccount) { + // if there's a login or consent prompt, but not select account, just return the login step + if len(request.Prompt) > 0 && !domain.IsPrompt(request.Prompt, domain.PromptSelectAccount) { + return append(steps, new(domain.LoginStep)), nil + } else { + // if no user was specified, no prompt or select_account was provided, + // then check the active user sessions (of the user agent) users, err := repo.usersForUserSelection(request) if err != nil { return nil, err @@ -936,11 +940,19 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *domain.Auth if request.SelectedIDPConfigID != "" { steps = append(steps, &domain.RedirectToExternalIDPStep{}) } - if len(request.Prompt) == 0 && len(users) > 0 { + if len(request.Prompt) == 0 && len(users) == 0 { + steps = append(steps, new(domain.LoginStep)) + } + // if no prompt was provided, but there are multiple user sessions, then the user must decide which to use + if len(request.Prompt) == 0 && len(users) > 1 { steps = append(steps, &domain.SelectUserStep{Users: users}) } + if len(steps) > 0 { + return steps, nil + } + // a single user session was found, use that automatically + request.UserID = users[0].UserID } - return steps, nil } user, err := activeUserByID(ctx, repo.UserViewProvider, repo.UserEventProvider, repo.OrgViewProvider, repo.LockoutPolicyViewProvider, request.UserID, request.LoginPolicy.IgnoreUnknownUsernames) if err != nil { diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index 9603387952..c94b57d7eb 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -296,6 +296,28 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { []domain.NextStep{&domain.RedirectToCallbackStep{}}, nil, }, + { + "user not set prompt create, registration step", + fields{ + userSessionViewProvider: &mockViewNoUserSession{}, + }, + args{&domain.AuthRequest{ + Prompt: []domain.Prompt{domain.PromptCreate}, + }, false}, + []domain.NextStep{&domain.RegistrationStep{}}, + nil, + }, + { + "user not set, prompts other than select account, create step", + fields{ + userSessionViewProvider: &mockViewNoUserSession{}, + }, + args{&domain.AuthRequest{ + Prompt: []domain.Prompt{domain.PromptLogin, domain.PromptConsent}, + }, false}, + []domain.NextStep{&domain.LoginStep{}}, + nil, + }, { "user not set no active session, login step", fields{ @@ -333,7 +355,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { errors.IsInternal, }, { - "user not set, prompt select account, login and select account steps", + "user not set, prompt select account, select account step", fields{ userSessionViewProvider: &mockViewUserSession{ Users: []mockUser{ @@ -353,7 +375,6 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{Prompt: []domain.Prompt{domain.PromptSelectAccount}}, false}, []domain.NextStep{ - &domain.LoginStep{}, &domain.SelectUserStep{ Users: []domain.UserSelection{ { @@ -373,7 +394,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { nil, }, { - "user not set, primary domain set, prompt select account, login and select account steps", + "user not set, primary domain set, prompt select account, select account step", fields{ userSessionViewProvider: &mockViewUserSession{ Users: []mockUser{ @@ -393,7 +414,6 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{Prompt: []domain.Prompt{domain.PromptSelectAccount}, RequestedOrgID: "orgID1"}, false}, []domain.NextStep{ - &domain.LoginStep{}, &domain.SelectUserStep{ Users: []domain.UserSelection{ { @@ -407,7 +427,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { nil, }, { - "user not set, prompt select account, no active session, login and select account steps", + "user not set, prompt select account, no active session, select account step", fields{ userSessionViewProvider: &mockViewUserSession{ Users: nil, @@ -416,12 +436,113 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, args{&domain.AuthRequest{Prompt: []domain.Prompt{domain.PromptSelectAccount}}, false}, []domain.NextStep{ - &domain.LoginStep{}, &domain.SelectUserStep{ Users: []domain.UserSelection{}, }}, nil, }, + { + "user not set single active session, callback step", + fields{ + userSessionViewProvider: &mockViewUserSession{ + PasswordVerification: time.Now().Add(-5 * time.Minute), + SecondFactorVerification: time.Now().Add(-5 * time.Minute), + Users: []mockUser{ + { + "id1", + "loginname1", + "orgID1", + }, + }, + }, + userViewProvider: &mockViewUser{ + PasswordSet: true, + IsEmailVerified: true, + MFAMaxSetUp: int32(domain.MFALevelSecondFactor), + }, + userEventProvider: &mockEventUser{}, + orgViewProvider: &mockViewOrg{State: domain.OrgStateActive}, + userGrantProvider: &mockUserGrants{}, + projectProvider: &mockProject{}, + applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}}, + lockoutPolicyProvider: &mockLockoutPolicy{ + policy: &query.LockoutPolicy{ + ShowFailures: true, + }, + }, + idpUserLinksProvider: &mockIDPUserLinks{}, + }, + args{&domain.AuthRequest{ + Request: &domain.AuthRequestOIDC{}, + LoginPolicy: &domain.LoginPolicy{ + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, + PasswordCheckLifetime: 10 * 24 * time.Hour, + SecondFactorCheckLifetime: 18 * time.Hour, + }, + }, false}, + []domain.NextStep{&domain.RedirectToCallbackStep{}}, + nil, + }, + { + "user not set multiple active sessions, select account step", + fields{ + userSessionViewProvider: &mockViewUserSession{ + Users: []mockUser{ + { + "id1", + "loginname1", + "orgID1", + }, + { + "id2", + "loginname2", + "orgID2", + }, + }, + }, + userViewProvider: &mockViewUser{ + PasswordSet: true, + IsEmailVerified: true, + MFAMaxSetUp: int32(domain.MFALevelSecondFactor), + }, + userEventProvider: &mockEventUser{}, + orgViewProvider: &mockViewOrg{State: domain.OrgStateActive}, + userGrantProvider: &mockUserGrants{}, + projectProvider: &mockProject{}, + applicationProvider: &mockApp{app: &query.App{OIDCConfig: &query.OIDCApp{AppType: domain.OIDCApplicationTypeWeb}}}, + lockoutPolicyProvider: &mockLockoutPolicy{ + policy: &query.LockoutPolicy{ + ShowFailures: true, + }, + }, + idpUserLinksProvider: &mockIDPUserLinks{}, + }, + args{&domain.AuthRequest{ + Request: &domain.AuthRequestOIDC{}, + LoginPolicy: &domain.LoginPolicy{ + SecondFactors: []domain.SecondFactorType{domain.SecondFactorTypeTOTP}, + PasswordCheckLifetime: 10 * 24 * time.Hour, + SecondFactorCheckLifetime: 18 * time.Hour, + }, + }, false}, + []domain.NextStep{&domain.SelectUserStep{ + Users: []domain.UserSelection{ + { + UserID: "id1", + LoginName: "loginname1", + SelectionPossible: true, + ResourceOwner: "orgID1", + }, + { + UserID: "id2", + LoginName: "loginname2", + SelectionPossible: true, + ResourceOwner: "orgID2", + }, + }, + }}, + nil, + }, { "user not found, not found error", fields{ From 4d09409328f83c9b1d312ee3af261cca8fe0a64f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Wed, 2 Aug 2023 14:27:18 +0300 Subject: [PATCH 26/32] feat(crypto): add pbkdf2 support (#6303) This change brings pbkdf2 support for password hashing and verification. --- cmd/defaults.yaml | 8 +- go.mod | 2 +- go.sum | 4 +- internal/crypto/passwap.go | 66 ++++++++++ internal/crypto/passwap_test.go | 212 ++++++++++++++++++++++++++++++++ 5 files changed, 288 insertions(+), 4 deletions(-) diff --git a/cmd/defaults.yaml b/cmd/defaults.yaml index 40b2fc8d07..3573242d59 100644 --- a/cmd/defaults.yaml +++ b/cmd/defaults.yaml @@ -383,7 +383,12 @@ SystemDefaults: # Hasher: # Algorithm: "scrypt" # Cost: 15 - + + # Hasher: + # Algorithm: "pbkdf2" + # Rounds: 290000 + # Hash: "sha256" # Can be "sha1", "sha224", "sha256", "sha384" or "sha512" + # Verifiers enable the possibility of verifying # passwords that are previously hashed using another # algorithm then the Hasher. @@ -402,6 +407,7 @@ SystemDefaults: # - "bcrypt" # - "md5" # - "scrypt" + # - "pbkdf2" # verifier for all pbkdf2 hash modes. Multifactors: OTP: # If this is empty, the issuer is the requested domain diff --git a/go.mod b/go.mod index 18077ccc09..bd62f2bd35 100644 --- a/go.mod +++ b/go.mod @@ -60,7 +60,7 @@ require ( github.com/ttacon/libphonenumber v1.2.1 github.com/zitadel/logging v0.3.4 github.com/zitadel/oidc/v2 v2.7.0 - github.com/zitadel/passwap v0.2.0 + github.com/zitadel/passwap v0.3.0 github.com/zitadel/saml v0.0.11 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.40.0 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.40.0 diff --git a/go.sum b/go.sum index e69bad2e38..2edc2dd911 100644 --- a/go.sum +++ b/go.sum @@ -898,8 +898,8 @@ github.com/zitadel/logging v0.3.4 h1:9hZsTjMMTE3X2LUi0xcF9Q9EdLo+FAezeu52ireBbHM github.com/zitadel/logging v0.3.4/go.mod h1:aPpLQhE+v6ocNK0TWrBrd363hZ95KcI17Q1ixAQwZF0= github.com/zitadel/oidc/v2 v2.7.0 h1:IGX4EDk6tegTjUSsZDWeTfLseFU0BdJ/Glf1tgys2lU= github.com/zitadel/oidc/v2 v2.7.0/go.mod h1:zkUkVJS0sDVy9m0UA9RgO3f8i/C0rtjvXU36UJj7T+0= -github.com/zitadel/passwap v0.2.0 h1:rkYrax9hfRIpVdXJ7pS8JHkQOhuQTdZQxEhsY0dFFrU= -github.com/zitadel/passwap v0.2.0/go.mod h1:KRTL4LL8ugJIn2xLoQYZf5t4kDyr7w41uq3XqvUlO6w= +github.com/zitadel/passwap v0.3.0 h1:kC/vzN9xQlEQjUAZs0z2P5nKrZs9AuTqprteSQ2S4Ag= +github.com/zitadel/passwap v0.3.0/go.mod h1:sIpG6HfmnP28qwxu8kf+ot53ERbLwU9fOITstAwZSms= github.com/zitadel/saml v0.0.11 h1:kObucnBrcu1PHCO7RGT0iVeuJL/5I50gUgr40S41nMs= github.com/zitadel/saml v0.0.11/go.mod h1:YGWAvPZRv4DbEZ78Ht/2P0AWzGn+6WGhFf90PMXl0Po= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= diff --git a/internal/crypto/passwap.go b/internal/crypto/passwap.go index cf72a844fb..a5a293a449 100644 --- a/internal/crypto/passwap.go +++ b/internal/crypto/passwap.go @@ -9,6 +9,7 @@ import ( "github.com/zitadel/passwap/argon2" "github.com/zitadel/passwap/bcrypt" "github.com/zitadel/passwap/md5" + "github.com/zitadel/passwap/pbkdf2" "github.com/zitadel/passwap/scrypt" "github.com/zitadel/passwap/verifier" @@ -38,6 +39,19 @@ const ( HashNameBcrypt HashName = "bcrypt" // hash and verify HashNameMd5 HashName = "md5" // verify only, as hashing with md5 is insecure and deprecated HashNameScrypt HashName = "scrypt" // hash and verify + HashNamePBKDF2 HashName = "pbkdf2" // hash and verify +) + +type HashMode string + +// HashMode defines a underlying [hash.Hash] implementation +// for algorithms like pbkdf2 +const ( + HashModeSHA1 HashMode = "sha1" + HashModeSHA224 HashMode = "sha224" + HashModeSHA256 HashMode = "sha256" + HashModeSHA384 HashMode = "sha384" + HashModeSHA512 HashMode = "sha512" ) type PasswordHashConfig struct { @@ -85,6 +99,10 @@ var knowVerifiers = map[HashName]prefixVerifier{ prefixes: []string{scrypt.Prefix, scrypt.Prefix_Linux}, verifier: scrypt.Verifier, }, + HashNamePBKDF2: { + prefixes: []string{pbkdf2.Prefix}, + verifier: pbkdf2.Verifier, + }, } func (c *PasswordHashConfig) buildVerifiers() (verifiers []verifier.Verifier, prefixes []string, err error) { @@ -116,6 +134,8 @@ func (c *HasherConfig) buildHasher() (hasher passwap.Hasher, prefixes []string, return c.bcrypt() case HashNameScrypt: return c.scrypt() + case HashNamePBKDF2: + return c.pbkdf2() case "": return nil, nil, fmt.Errorf("missing hasher algorithm") case HashNameArgon2, HashNameMd5: @@ -207,3 +227,49 @@ func (c *HasherConfig) scrypt() (passwap.Hasher, []string, error) { } return scrypt.New(p), []string{scrypt.Prefix, scrypt.Prefix_Linux}, nil } + +func (c *HasherConfig) pbkdf2Params() (p pbkdf2.Params, _ HashMode, _ error) { + var dst = struct { + Rounds uint32 `mapstructure:"Rounds"` + Hash HashMode `mapstructure:"Hash"` + }{} + if err := c.decodeParams(&dst); err != nil { + return p, "", fmt.Errorf("decode pbkdf2 params: %w", err) + } + switch dst.Hash { + case HashModeSHA1: + p = pbkdf2.RecommendedSHA1Params + case HashModeSHA224: + p = pbkdf2.RecommendedSHA224Params + case HashModeSHA256: + p = pbkdf2.RecommendedSHA256Params + case HashModeSHA384: + p = pbkdf2.RecommendedSHA384Params + case HashModeSHA512: + p = pbkdf2.RecommendedSHA512Params + } + p.Rounds = dst.Rounds + return p, dst.Hash, nil +} + +func (c *HasherConfig) pbkdf2() (passwap.Hasher, []string, error) { + p, hash, err := c.pbkdf2Params() + if err != nil { + return nil, nil, err + } + prefix := []string{pbkdf2.Prefix} + switch hash { + case HashModeSHA1: + return pbkdf2.NewSHA1(p), prefix, nil + case HashModeSHA224: + return pbkdf2.NewSHA224(p), prefix, nil + case HashModeSHA256: + return pbkdf2.NewSHA256(p), prefix, nil + case HashModeSHA384: + return pbkdf2.NewSHA384(p), prefix, nil + case HashModeSHA512: + return pbkdf2.NewSHA512(p), prefix, nil + default: + return nil, nil, fmt.Errorf("unsuppored pbkdf2 hash mode: %s", hash) + } +} diff --git a/internal/crypto/passwap_test.go b/internal/crypto/passwap_test.go index 2cc5aa80e7..b557ca4a5c 100644 --- a/internal/crypto/passwap_test.go +++ b/internal/crypto/passwap_test.go @@ -1,6 +1,9 @@ package crypto import ( + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" "testing" "github.com/stretchr/testify/assert" @@ -8,6 +11,7 @@ import ( "github.com/zitadel/passwap/argon2" "github.com/zitadel/passwap/bcrypt" "github.com/zitadel/passwap/md5" + "github.com/zitadel/passwap/pbkdf2" "github.com/zitadel/passwap/scrypt" ) @@ -238,6 +242,101 @@ func TestPasswordHashConfig_PasswordHasher(t *testing.T) { }, wantPrefixes: []string{scrypt.Prefix, scrypt.Prefix_Linux, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, }, + { + name: "pbkdf2, parse error", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "cost": "bar", + }, + }, + }, + wantErr: true, + }, + { + name: "pbkdf2, hash mode error", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": "foo", + }, + }, + }, + wantErr: true, + }, + { + name: "pbkdf2, sha1", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": HashModeSHA1, + }, + }, + Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5}, + }, + wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, + }, + { + name: "pbkdf2, sha224", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": HashModeSHA224, + }, + }, + Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5}, + }, + wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, + }, + { + name: "pbkdf2, sha256", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": HashModeSHA256, + }, + }, + Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5}, + }, + wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, + }, + { + name: "pbkdf2, sha384", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": HashModeSHA384, + }, + }, + Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5}, + }, + wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, + }, + { + name: "pbkdf2, sha512", + fields: fields{ + Hasher: HasherConfig{ + Algorithm: HashNamePBKDF2, + Params: map[string]any{ + "Rounds": 12, + "Hash": HashModeSHA512, + }, + }, + Verifiers: []HashName{HashNameArgon2, HashNameBcrypt, HashNameMd5}, + }, + wantPrefixes: []string{pbkdf2.Prefix, argon2.Prefix, bcrypt.Prefix, md5.Prefix}, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -484,3 +583,116 @@ func TestHasherConfig_scryptParams(t *testing.T) { }) } } + +func TestHasherConfig_pbkdf2Params(t *testing.T) { + type fields struct { + Params map[string]any + } + tests := []struct { + name string + fields fields + wantP pbkdf2.Params + wantHash HashMode + wantErr bool + }{ + { + name: "decode error", + fields: fields{ + Params: map[string]any{ + "foo": "bar", + }, + }, + wantErr: true, + }, + { + name: "sha1", + fields: fields{ + Params: map[string]any{ + "Rounds": 12, + "Hash": "sha1", + }, + }, + wantP: pbkdf2.Params{ + Rounds: 12, + KeyLen: sha1.Size, + SaltLen: 16, + }, + wantHash: HashModeSHA1, + }, + { + name: "sha224", + fields: fields{ + Params: map[string]any{ + "Rounds": 12, + "Hash": "sha224", + }, + }, + wantP: pbkdf2.Params{ + Rounds: 12, + KeyLen: sha256.Size224, + SaltLen: 16, + }, + wantHash: HashModeSHA224, + }, + { + name: "sha256", + fields: fields{ + Params: map[string]any{ + "Rounds": 12, + "Hash": "sha256", + }, + }, + wantP: pbkdf2.Params{ + Rounds: 12, + KeyLen: sha256.Size, + SaltLen: 16, + }, + wantHash: HashModeSHA256, + }, + { + name: "sha384", + fields: fields{ + Params: map[string]any{ + "Rounds": 12, + "Hash": "sha384", + }, + }, + wantP: pbkdf2.Params{ + Rounds: 12, + KeyLen: sha512.Size384, + SaltLen: 16, + }, + wantHash: HashModeSHA384, + }, + { + name: "sha512", + fields: fields{ + Params: map[string]any{ + "Rounds": 12, + "Hash": "sha512", + }, + }, + wantP: pbkdf2.Params{ + Rounds: 12, + KeyLen: sha512.Size, + SaltLen: 16, + }, + wantHash: HashModeSHA512, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &HasherConfig{ + Params: tt.fields.Params, + } + gotP, gotHash, err := c.pbkdf2Params() + if tt.wantErr { + assert.Error(t, err) + return + } + require.NoError(t, err) + assert.Equal(t, tt.wantP, gotP) + assert.Equal(t, tt.wantHash, gotHash) + }) + } +} From 4e1dcc06929a97c44225ec3df9b1bad40f1d1f53 Mon Sep 17 00:00:00 2001 From: Dominik from Unique Date: Wed, 2 Aug 2023 14:35:13 +0200 Subject: [PATCH 27/32] docs: describe database user credentials handling (#6283) * feat: Add full example for helmfile + PostgreSQL - Adds full helmfile + PostgreSQL example - Extends production checklist for bullet about insecure credentials - Extends database documentation to ensure secure user rotation Refs: https://discord.com/channels/927474939156643850/927866013545025566/1133692721710772294 * chore: revert example and move to zitadel-charts --------- Co-authored-by: Elio Bischof Co-authored-by: Fabi --- docs/docs/self-hosting/manage/database/_postgres.mdx | 4 ++-- docs/docs/self-hosting/manage/database/database.mdx | 11 ++++++++++- docs/docs/self-hosting/manage/productionchecklist.md | 1 + 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/docs/docs/self-hosting/manage/database/_postgres.mdx b/docs/docs/self-hosting/manage/database/_postgres.mdx index 2a50d337ed..543c895991 100644 --- a/docs/docs/self-hosting/manage/database/_postgres.mdx +++ b/docs/docs/self-hosting/manage/database/_postgres.mdx @@ -51,7 +51,7 @@ CREATE DATABASE zitadel; GRANT CONNECT, CREATE ON DATABASE zitadel TO zitadel; ``` -Don't forget to adjust pg_hba.conf and set a password for the zitadel user. +Don't forget to adjust `pg_hba.conf` and set a password for the zitadel user. With the setup done, follow the [phases guide](/docs/self-hosting/manage/updating_scaling#separating-init-and-setup-from-the-runtime) -to run the init and then setup phase to get all necessary tables and data set up. +to run the init and then setup phase to get all necessary tables and data set up. \ No newline at end of file diff --git a/docs/docs/self-hosting/manage/database/database.mdx b/docs/docs/self-hosting/manage/database/database.mdx index 688159fd7f..7000cb00d0 100644 --- a/docs/docs/self-hosting/manage/database/database.mdx +++ b/docs/docs/self-hosting/manage/database/database.mdx @@ -25,4 +25,13 @@ import Postgres from './_postgres.mdx' - \ No newline at end of file + + +## Zitadel credentials +The [init phase](/docs/self-hosting/manage/updating_scaling#separating-init-and-setup-from-the-runtime) of Zitadel creates a the zitadel user (`Database.*.User.Username` & `Database.*.User.Password`) with their password if it does not exist (and Admin credentials are passed). It is though to note that it does **neither** update **nor** deprecate them. In case you provisioned a Zitadel setup with insecure or _easy-to-guess_ values you should first of all rotate them but also manually ensure, that the old role/user gets deprecated. + +If you rotate the credentials you either must opt for a new username or deprecate the old user first (might lead to interruptions) since the init phase will fail if the user already exists but only the password changes. To deprecate the old user you need admin access to your database server and remove the user with commands matching your database provider. + +:::caution +Recreating a database will not necessarily remove the user, make sure to check for the user and remove it if necessary. +::: \ No newline at end of file diff --git a/docs/docs/self-hosting/manage/productionchecklist.md b/docs/docs/self-hosting/manage/productionchecklist.md index 2f02361b77..4dd93328bd 100644 --- a/docs/docs/self-hosting/manage/productionchecklist.md +++ b/docs/docs/self-hosting/manage/productionchecklist.md @@ -45,6 +45,7 @@ To apply best practices to your production setup we created a step by step check ### Security +- [ ] Ensure that your ZITADEL does not use [the default, example or _easy-to-guess_ credentials](/docs/self-hosting/manage/database#zitadel-credentials) - [ ] Use a FQDN and a trusted valid certificate for external [TLS](/docs/self-hosting/manage/tls_modes#http2) connections - [ ] Create service accounts for applications that interact with ZITADEL's APIs - [ ] Make use of a CDN service to decrease the load for static assets served by ZITADEL From ca13e70c92010e5edddf84d0cfb9aa20cf0b4db0 Mon Sep 17 00:00:00 2001 From: Fabi Date: Wed, 2 Aug 2023 14:55:19 +0200 Subject: [PATCH 28/32] docs: update oidc flow with new services (#6294) * docs: oidc documentation * docs: oidc documentation * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update docs/docs/guides/integrate/login-ui/oidc-standard.mdx Co-authored-by: Livio Spring * Update oidc-standard.mdx * docs: fix broken links --------- Co-authored-by: Livio Spring --- .../integrate/login-ui/external-login.mdx | 16 +- .../integrate/login-ui/oidc-standard.mdx | 137 ++++++++++++++++-- docs/static/img/guides/login-ui/oidc-flow.png | Bin 260211 -> 378549 bytes 3 files changed, 135 insertions(+), 18 deletions(-) diff --git a/docs/docs/guides/integrate/login-ui/external-login.mdx b/docs/docs/guides/integrate/login-ui/external-login.mdx index fa84303d37..d92f5b3a1c 100644 --- a/docs/docs/guides/integrate/login-ui/external-login.mdx +++ b/docs/docs/guides/integrate/login-ui/external-login.mdx @@ -6,7 +6,7 @@ sidebar_label: External Identity Provider ## Flow The prerequisite for adding an external login (social and enterprise) to your user account is a registered identity provider on your ZITADEL instance or the organization of the user. -If you haven’t added a provider yet, have a look at the following guide first: [Identity Providers](https://zitadel.com/docs/guides/integrate/identity-providers) +If you haven’t added a provider yet, have a look at the following guide first: [Identity Providers](/docs/guides/integrate/identity-providers) ![Identity Provider Flow](/img/guides/login-ui/external-login-flow.png) @@ -20,7 +20,7 @@ Send the following two URLs in the request body: 2. ErrorURL: Page that should be shown when an error happens during the authentication In the response, you will get an authentication URL of the provider you like. -[Start Identity Provider Flow Documentation](https://zitadel.com/docs/apis/resources/user_service/user-service-start-identity-provider-flow) +[Start Identity Provider Flow Documentation](/docs/apis/resources/user_service/user-service-start-identity-provider-flow) ### Request @@ -65,7 +65,7 @@ After the user has successfully authenticated, a redirect to the ZITADEL backend ZITADEL will take the information of the provider. After this, a redirect will be made to either the success page in case of a successful login or to the error page in case of a failure will be performed. In the parameters, you will provide the intentID, a token, and optionally, if a user could be found, a user ID. To get the information of the provider, make a request to ZITADEL. -[Get Identity Provider Information Documentation](https://zitadel.com/docs/apis/resources/user_service/user-service-retrieve-identity-provider-information) +[Get Identity Provider Information Documentation](/docs/apis/resources/user_service/user-service-retrieve-identity-provider-information) ### Request ```bash @@ -90,8 +90,8 @@ curl --request POST \ }, "idpInformation": { "oauth": { - "accessToken": "ya29.a0AWY7CknrOORopcJK2XX2fQXV9NQpp8JdkKYx-mQZNrR-wktWWhc3QsepT6kloSCgFPS9N0beEBlEYoY5oYUhfc7VlLHTQz5iECE386pyx5YmTueyeQ9GXk1dAw89gi8KRyjNlJApFsfLJaoiLIvKJLf23eAyXgaCgYKAUMSARESFQG1tDrpnTJ2su8BBO24zfmzgneARw0165", - "idToken": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg1YmE5MzEzZmQ3YTdkNGFmYTg0ODg0YWJjYzg0MDMwMDQzNjMxODAiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJhenAiOiIxODI5MDIwMjY1MDgtdW1taXQ3dHZjbHBnM2NxZmM4b2ljdGE1czI1aGtudWwuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJhdWQiOiIxODI5MDIwMjY1MDgtdW1taXQ3dHZjbHBnM2NxZmM4b2ljdGE1czI1aGtudWwuYXBwcy5nb29nbGV1c2VyY29udGVudC5jb20iLCJzdWIiOiIxMTEzOTI4MDU5NzU3MTU4NTY2MzciLCJoZCI6InJvb3RkLmNoIiwiZW1haWwiOiJmYWJpZW5uZUByb290ZC5jaCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJhdF9oYXNoIjoidGN5X25JTkZHNnFhRTBZTWFsQzZGdyIsIm5hbWUiOiJGYWJpZW5uZSBCw7xobGVyIiwicGljdHVyZSI6Imh0dHBzOi8vbGgzLmdvb2dsZXVzZXJjb250ZW50LmNvbS9hL0FBY0hUdGY5NzNRNk5IOEt6S1RNRVpFTFBVOWx4NDVXcFE5RlJCdXhGZFBiPXM5Ni1jIiwiZ2l2ZW5fbmFtZSI6IkZhYmllbm5lIiwiZmFtaWx5X25hbWUiOiJCw7xobGVyIiwibG9jYWxlIjoiZGUiLCJpYXQiOjE2ODY4MTE0NjUsImV4cCI6MTY4NjgxNTA2NX0.PwlAHRM44e8eYyHzdfotOrcq5GZc4D15mWvN3rGdoDmu2RRgb4T0nDgkY6AVq2vNJxPfbiB1jFtNP6dgX-OgLIxNXg_tJJhwFh-eFPA37cIiv1CEcgEC-q1zXFIa3HrwHLreeU6i7C9JkDrKpkS-AKat1krf27QXxrxHLrWehi5F2l1OZuAKFWYaYmJOd0sVTDBA2o5SDcAiQs_D4-Q-kSl5f0gh607YVHLv7zjyfHtAOs7xPEkNEUVcqGBke2Zy9kAYIgiMriNxLA2EDxFtSyWnf-bCXKnuVX2hwEY0T0lUPrOAVkz7MEOKiacE2xAOczoQvl-wECU0UofLi8XZqg" + "accessToken": "ya29...", + "idToken": "ey..." }, "idpId": "218528353504723201", "rawInformation": { @@ -103,7 +103,7 @@ curl --request POST \ "hd": "mouse.com", "locale": "de", "name": "Minnie Mouse", - "picture": "https://lh3.googleusercontent.com/a/AAcKTtf973Q6NH8KzKTMEZELPU9lx45WpQ9FRBuxFdPb=s96-c", + "picture": "https://lh3.googleusercontent.com/a/AAcKTtf973Q7NH8KzKTMEZELPU9lx45WpQ9FRBuxFdPb=s96-c", "sub": "111392805975715856637" } } @@ -152,7 +152,7 @@ Fill the IdP links in the create user request to add a user with an external log The idpId is the ID of the provider in ZITADEL, the idpExternalId is the ID of the user in the external identity provider; usually, this is sent in the “sub”. The display name is used to list the linkings on the users. -[Create User API Documentation](https://zitadel.com/docs/apis/resources/user_service/user-service-add-human-user) +[Create User API Documentation](/docs/apis/resources/user_service/user-service-add-human-user) #### Request ```bash @@ -190,7 +190,7 @@ curl --request POST \ If you didn't get a user ID in the parameters to your success page, you know that there is no existing user in ZITADEL with that provider and you can register a new user (read previous section), or link it to an existing account. If you want to link/connect to an existing account you can perform the add identity provider link request. -[Add IDP Link to existing user documentation](https://zitadel.com/docs/apis/resources/user_service/user-service-add-idp-link) +[Add IDP Link to existing user documentation](/docs/apis/resources/user_service/user-service-add-idp-link) #### Request ```bash diff --git a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx index 0a7b5093a8..e379060729 100644 --- a/docs/docs/guides/integrate/login-ui/oidc-standard.mdx +++ b/docs/docs/guides/integrate/login-ui/oidc-standard.mdx @@ -2,11 +2,6 @@ title: OIDC Standard --- -:::info -Not yet implemented, but should give you a general impression of how it will work -Subscribe to the following issue: https://github.com/orgs/zitadel/projects/2/views/1?filterQuery=oidc&pane=issue&itemId=23181369 -::: - To build your own login ui for your own application it is not necessary to have the OIDC standard included or any additional work that has to be done. However, it might make sense, if you want to connect your login to different applications especially if they are not in your control and they rely on the standard. @@ -14,13 +9,135 @@ The following flow shows you the different components you need to enable OIDC fo ![OIDC Flow](/img/guides/login-ui/oidc-flow.png) 1. Your application makes an authorization request to your login UI -2. The login UI takes the requests and sends them to the ZITADEL API. In the request to the ZITADEL API, a header to authenticate your client is needed. +2. The login UI proxies the request to the ZITADEL API. In the request to the ZITADEL API, a header to identify your client is needed. 3. The ZITADEL API parses the request and does what it needs to interpret certain parameters (e.g., organization scope, etc.) -4. Redirect to a predefined, relative URL of the login UI that includes the authrequest ID -5. Request to ZITADEL API to get all the information from the auth request -6. Create and update the session till the login flow is complete and the user is authenticated. Make sure to include the auth Request ID in the session -7. Read the callback URL from the ZITADEL API +4. Redirect to a predefined, relative URL of the login UI that includes the authrequest ID ("/login?authRequest=") +5. Request to ZITADEL API to get all the information from the auth request. This is optional and only needed if you like to get all the parsed information from the authrequest- +6. Authenticate the user in your login UI by creating and updating a session with all the checks you need. +7. Finalize the auth request by sending the session to the request, you will get the callback URL in the response 8. Redirect to your application with the callback URL you got in the previous request 9. All OIDC-specific endpoints have to be accepted in the Login UI and should be proxied and sent to the ZITADEL API +## Example + +Let's assume you host your login UI on the following URL: +``` +https://login.example.com +``` + +## Authorize Request + +A user opens your application and is unauthenticated, the user will then be redirected to your login with the following auth Request: +``` +https://login.example.com/oauth/v2/authorize?client_id=170086824411201793%40yourapp&redirect_uri=https%3A%2F%2Fyourapp.example.com%2Fauth%2Fcallback&response_type=code&scope=openid%20email%20profile&code_challenge=9az09PjcfuENS7oDK7jUd2xAWRb-B3N7Sr3kDoWECOY&code_challenge_method=S256&login_hint=minnie-mouse``` +``` + +The auth request includes all the relevant information for the OIDC standard and in this example we also have a login hint for the login name "minnie-mouse". + +You now have to proxy the auth request from your own UI to the authorize Endpoint of ZITADEL. +Make sure to add the user id of your login UI as a header to the request: ```x-zitadel-login-client: ``` + +Read more about the [Authorize Endpoint Documentation](/docs/apis/openidoauth/endpoints#authorization_endpoint) + +The endpoint will redirect you to the domain of your UI on the path /login and add the auth Request ID as parameter. +```https://login.example.com/login?authRequest=V2_224908753244265546``` + +### Get Auth Request by ID + +With the ID from the redirect before you will now be able to get the information of the auth request. +[Get Auth Request By ID Documentation](/docs/apis/resources/oidc_service/oidc-service-get-auth-request) + +```bash +curl --request GET \ + --url https://$ZITADEL_DOMAIN/v2alpha/oidc/auth_requests/V2_224908753244265546 \ + --header 'Authorization: Bearer '"$TOKEN"''\ +``` + +Response Example: + +```json +{ + "authRequest": { + "id": "V2_224908753244265546", + "creationDate": "2023-07-28T13:47:43.471505Z", + "clientId": "224901977648260028@mytestproject", + "scope": [ + "openid", + "profile" + ], + "redirectUri": "https://myapp.example.com/auth/callback", + "loginHint": "mini@mouse.com" + } +} +``` + +### Perform Login + +After you have initialized the OIDC flow you can implement the login. +Implement all the steps you like the user the go trough by [creating](/docs/apis/resources/session_service/session-service-create-session) and [updating](/docs/apis/resources/session_service/session-service-set-session) the user-session. + +Read the following resources for more information about the different checks: +- [Username and Password](./username-password) +- [External Identity Provider](./external-login) +- [Passkeys](./passkey) +- [Multi-Factor](./mfa) + +### Finalize Auth Request + +To finalize the auth request and connect an existing user session with it you have to update the auth request with the session token. +On the create and update user session request you will always get a session token in the response. + +The latest session token has to be sent to the following request: + +Read more about the [Finalize Auth Request Documentation](/docs/apis/resources/oidc_service/oidc-service-create-callback) + +Make sure that the authorization header is from the same account that you originally sent in the client id header ```x-zitadel-login-client: ``` on the authorize endpoint. +```bash +curl --request POST \ + --url $ZITADEL_DOMAIN/v2alpha/oidc/auth_requests/V2_224908753244265546 \ + --header 'Accept: application/json' \ + --header 'Authorization: Bearer '"$TOKEN"''\ + --header 'Content-Type: application/json' \ + --data '{ + "session": { + "sessionId": "225307381909694508", + "sessionToken": "7N5kQCvC4jIf2OuBjwfyWSX2FUKbQqg4iG3uWT-TBngMhlS9miGUwpyUaN0HJ8OcbSzk4QHZy_Bvvv" + } +}' +``` + +In the response you will get a callback URL to which you have to redirect from your login UI. + +Example Response: +```bash +{ + "details": { + "sequence": "686", + "changeDate": "2023-07-31T08:09:19.314537Z", + "resourceOwner": "163840776801878273" + }, + "callbackUrl": "https://myapp.example.com/auth/callback?code=k98NBLrdjVbwQQI-oM_rR_cYHv0k3dqpkqlQX8UXTWVnYSQL9g&state=testd" +} +``` + +### OIDC Endpoints + +All OIDC relevant endpoints are provided by ZITADEL. In you login UI you just have to proxy them through and send them directly to the backend. + +These are endpoints like: +- Userinfo +- Well-known +- Introspection +- Token +- etc + + +### End Session / Logout + +The end session endpoint has to be implemented as all the other OIDC endpoints. This means you have to proxy the request from you UI to the ZITADEL. +In case the ZITADEL backend is not able to determine which session to terminate directly or requires additional approval from the user, it will redirect the browser to the following endpoint: + +```/logout?post_logout_redirect=``` + +Prompt the user to select a session, terminate it using the [corresponding endpoint](/docs/apis/resources/session_service/session-service-delete-session) and send the user to the `post_logout_redirect` URL. diff --git a/docs/static/img/guides/login-ui/oidc-flow.png b/docs/static/img/guides/login-ui/oidc-flow.png index 552c357ba9087c4c7078c66e8f1f68b7e88ddbbc..d54018ce6570a48320dfc9dcbfbf86fddcdf79dd 100644 GIT binary patch literal 378549 zcmdSBcQ{+`|37ZEcBz)CnytNJYi&A|P-?}FB1WyMStK?sidr#hl%lm_QzKEeM-{bK zYqhqRA;I@}z1QdZ{jR>g@6Vs#TvwcvbIyJ4b3e!9IgeMmkJM?YSg44Ih-ft)-qRx@ zqC^l8k&RMZ1dgP-3TFZvVh=raHKMYwtSi8e6qvDwowhcSAh1tCL`KX)bm9CG;HyM@ z~|2j@WL=@>rME1{X9s%3)PdxBFAM=kbSwaL6Iq-`C_=e>W|8pd8K8NIA zBPkI%r2pC{8wIW-Qq{k!p#g05ZJxtmt{x6>_SeO;cN--k%SR}R>9fq6dR^mTD|^^o&by!qD^a=`xi zVbD#^zb^4~QoL!bt;>1W?KzB7MpR5x?4}YGCnu-Eb6Yz(y?YP-IUM+LV%Y_S_yMe&@~|keCEWLP7+%Ld4^RtLGD65m%2}|G3G&?sE_3Ve{PanWv+h zE9d!rpIEzjc`Dw#c|OsHy2=1 zPo@7b?4N`G=gEH#Q~;f?{eRHnAB6tvC_rf?Dh1HLxu!%#B<*u9KCF)SbPRwkAads) z5+~pf|39|CJ}Hxsq~d)j5s?a!#ywR7U*h#l@*r-*kq2{+CW#)}b?0*4QNPdqGKb%a zo0{Q1z3#os-25*Y?vo+zsfba3_&{+piorad^A0tC0#6BN`IGrT%;Box@3PIbteMPj z@TcAlmPMWozaF{mr{Q^pWxVo;J4uKsRES9EgNVpDiT=CYg@_iiHkA9WxqI&aX4v_) z3dC(7ON#&PsE+Hzzt5H8#F z2XlT~CELDadcxSUf7j|OMGX0tl~xp#Z0?T#&kAWWPI`)%NX|YFX>STn`0LDHA(Fv= z;$3<+(GFx+xzn7B>_G<6>}LmMQdSO>(HLLd&F|aMGdu^ye+M>QGX+4l< zENSqkyHI5G#NE_Jz#YZ!!KKleLXj=0++uZ2q~@XGM|;op=$VmZ z9icvAo%3TqKG#hXI26WH++;&)$i6biI2Bg<v;WxIsYFOJoquM*to@^gt&9Li>C%47=*Uxz7$dqtv3D114zFA&~JH0p^}rN za^k~g^I6`(n2?SqmQ5(;@FiDvou+dF&M{KbWW9D;CtoxQm|eBlwaSH*&arq1`q6q% z`~A}5_~XpP6yN#8QsWKJT+v}=JB?pL-5_U8zX1Vwkkaxa`wV$jLdW;H??)%ggwrnv zKo!S%#MqldBic}(Nv*xMMd+Gf3q?~yg$*4y>Z`L!&ZoJYs*A^XEfF{P1$=sArYK6+ z6fk#mIVtjPPF9fN!HqmEoFE4T@4VU+_SEej-QPTz)V-Wp^+1@l@r1>(1aXP8xk5$d zNr%!X@DyDP%Z$n90 zF_q;iNHK-FG3$?`AABpVscYpb)fi1#z> zY;Nv34a{ZI9JS^1{cve^iE` zpaNKl&bvy?YF2xjIUDXTmVp0g2K`!_25_Mh&RxAGkpq8D7j8fo-m`@hFtqablKVm59V6QRS1fAt6l!!F1(#Xk(r( zaPxg-sZhtUxCyGL-PD!u>bWsmq*$DN&RuE(UM33z9=R@*>jinf*>R?AXV*s6qlz+I z^2Kkhmnxqb(=@OcT-FjIaYOVv&$(x`ss`}fNZe1Zfi)*_5(OLG(q-D~nQY_X@cWV~ zoNC8&!rZ{mw>l zUC94nccWVu6V=&U_c-E@P)-zlOjg;5YIlD;uID7^{qe0ceI0ns(f@g!%&3j@Xmq4T zRZ#nhp=V)d@n4kevmjZ@#@c72+XlQU^CHlmjcA)n@Aot_e65PshrU zaek8{>rq+&xkYQWHbyu3=GGPlKg>p=tuqdCU54f^Yp4_Ag15j^t>SRAoxWdj z*A7h_qJ6GBFU;5)kk$v#;7=ZQFarrsoym;K<^!kofjQW~gz+{4aqkD{@ zP4*)m*M;70a`K~E--aU>>l*+HTWvCYAP|(N{Bd_;vp2#H#+d>;5^KCV*kAV^q$Tfc zv>WX&D(O>=EQ(JBzDuJ5C}mAnG{Y+tB(z8O?hf4Fly~qnbkR~8afZ5DLjgf zb*cSo@xplo7S>`)gDP4wYxU|VZIxqjeP=|bKWfCPN=riTU`KMqe-$NJ+b;XkAOypl{a3CD``Sa6luDtp?>HE zrRuM7B6|}BEA@+kyNG~kPDMW%(J@>6(w+X@9GX8WQVx6YI=i1tkyf>ynRA?VsvB5_ z8rFC>V>)+4P{he>hA|f2eKK3EJfr^mVFZjXX$tc04X|*rF^a{^Am_rL_7eDYp3wz5 z_sUw@O7>)H5lms9{6l4B&CYPFID5EhZK)>ArTy}EKr`%kb&qE`KmB0N+nH5;6kS=z zF$ki#5e8qHsuVe)pw=@1doMEQ4arK~`7wbrx4B=TNhrGJTjSDHUY^Zt?2_5oP-2+x z9LKfD+kDER25x#OCbxbkV!YgIocF-NVkTiLA6TZ8e6TRhGOAimx5M332oc`m5T`*; zDe}Z1fX1eJuH@sr`7|H(4b9)+9{>#_jqj0HvQCdZNg^vm%k(E#o*P(CGSqfG3MwB?QF)5O7D-A zXSFwK5SgreNmVibo4=$I!LKi_dwG zy&J}Jn{?&FqP=uXOq{8`KaCkT93lJeeg${+Q%~~*cQlWa$Uz6ox%V(a(e}`wY18U* zSgn{^oO{VUWSeMRoKol=&yC{2l~lr4@??zEZFYevv2~&1Utro-(4!wWeCF@k-`}SF zDaB!6SPKetea9N=%4BD#2X#;Tamc35h&L#n&Gn-Z0rYp5o}b#mWV~wjI}Ozs>s=?M z4@IRC%*DzvubxPa+BmhAbJGiDEybl65Q?nV0wBG}wO5AH`JlUOf!7@U&s?~_OlDEe zWq;oYTvp2Hl9?bj}@XuIzshcewMLxEt!(b`t-Wbw5BjBea^te1+AV>sl?y; zrlE}cAs!v@fiAD~&P1`MJ7wpqntD;U*Ucq>*~O}HKFD0%6*;h#4sX=eXYG1A89EX` zq}_v<4x;-Kbz4y2eYi`j(tO^eT3l^SKK;vu56myr6lwa{zbIAu6(d)>4GbAl-tA)` zHMPH5qs`FH`{rgD9LP1)?<*col`e!peByHlYVwCYh?ocVUeM7FuN2=|uZV9K{tN<+ z6m2x7HKP0=y>|Iu6(XZvHkL~UKX#VZJz5cKH1JWTUel@mpGD|;j{UVu)$L^Sp zfUr$AijI$tccgm&m+l#b?M0QP(Vw9y>wF5M`@1Z?lf1_lC$iL{6(?`QSL_ugFBC<( ztPgJSO+lD%e7zM*txn-GVKdHK9I5xhX^9_@fEHsu-2-{$w;sPgZqkhgb?{#TNF?;i z@+bU$Ic=_X&Zrg%^;FwQr(#$I%L?+-BAYK(i0o7SFM`~~cHguL*EPA%5d1C_A?b1@ z997NtDdL+YThoGj0zDg@o0%hBGT6jyiTQjU9G~vxi^J5KQ;g{Z$a<9GJHx>*d!qi; z4RpDJA9-SnFST(I+Ah1l-LMwD@YA=Tw3=P(IO?%dtmJp9(*qEnmx+Fc7a6wqxCB%B zP1)*1qp>600w<&BgDyKIYnsy;Dl53Hv~o~sEZpfeEi-EJXEzOq^ghMy>d`!|)Vo_R z&(RPtq2$yTZT0wc$Ufe3RkL)}g# zRf+5)J<*EvcxlgYm|o4NyjKC~>;lzH?%MDJkGhbpvZ;TzXHDforF|;o-8nnXvYJN5 zG->0OM#R*r!+N>)(7%odIWqr&zOl72#rM*L+zpP&)t69l3f@5wt2kLt(T^J!%IL)y z>F);hQ$sZ-YH5ijOLpU;+TMZ6s!Y8pD?oF4!kwj2rRP=w`yfZcDmgRIU8}^AEi{)- z7+sd~ja}37NaB_(1YBDw(;QlzKZmYv6L+UWSA6DV9q4wO%B6d}+yg}rYLe~dHCYl0 zIc)EBZcsAJYs{-^~TqmqoIW4%(Tgx-?vSBzAEm8b>0@8 zdvN_vv3-zA6$6Ejt`pSa>WBII5Hh>hs$YlXrY&d#)7e%XWk74g2SxtG!q8Z}ZuU$! z?SgZu_l;j;f_!)#qfe*L%wLz9&wql{>I44s>J|R8w@QQ(fFUj%YqgIMVpSu5C%RZceh`~YqH9G-(n)1w95jwCk?A;8q8P|zIQfqMly z56U&^Z##vTMxmOm*VA8@E_+U?-eU@GL)BM= zSRlwXKCr57_tTi2YlZN31W{TTYzj)C`YFvi7l(z9sLDEXfNsjqO^Q@R0$CNYEQ-Zj zy56%UPB0bl7Z?k(O+C%6Va|-bYomQg<+_@O8+YB~+X;7;Vi^IG5hk5`aAY_3 zoh4twUGTv+KlD}Dwem2Lm6){VkZ&;0Qj4XgJw_f7rdIoIEy{WnlusCOSA+7e(VzO( zj?S+gylwaBKRiOv@|#3qK;Vnt$o`B|l$2MuBJHoGUMuu$lpSr3f%#Z3WbTe%8y$5G z=Y*S#f~LyiH+o&i0q!{Jz{I9H-0bnRQ>$MCj7F6Rx$Z_<1MMvO0>Ux;|56zh3z8b8 z&H=>gmjN43;%dnnTSRbAH}a(A*uBE?i~M$8LdBr=OMgoI7#*UPucn=++OEbpYVBEV zMF$HBJu`}IPbtr@+cZ>`{(-G!&9Bbc@av*$Q5 zd;Qww3F>o~_Tih0wwVDmRqw{KgKCa8qQ>YO*2P`l$mjwQXnKeWMbZc|_Xl$d{Z(s~ z{-<14MeHOcAc5%!5JwCgH$uVTAh{qDVR7N7C-sf|`}_3eaB14scOZq1L~1i2+F7r2 zdKbyBw*ok7O|?a{aLAo8M-!e?2xI*0`4b{TJQQ<0ve%_=*k$&$D2D0 z#(_5x6Op8r+m-OA8Mhzcx9Wm>P8p9AYhvH9>hR?bFwK85W;_z|pX67yilw}&jH1iV zvCXb(Yd}!gm}Gy!DbLi^0F2v;OHrM_x+oFgXs~x_US?%W*X z9c+KkzgH$=h|^o3C4%z?z6#4l(TO#^c36DNF8FqqzQTgFCzTmq#B}+In2BH%)UujE z^lsstD%y3asZaXzsjTRV5S4ia%3^99L^m>ZBWeP?QG*#TaZA!DAXJ~cxoQbNReV^|4i7(>9NgG- zfQR#BnJ6rbv-?*abIwD?gXtn1i7s(fZU4qw*Sq+bY||10k#bOMu&nFlwF#xW&kln} zx2Cd#mGJ=rpC%KYvHBYW=CJ=BC-w7&BIe)oa@7LAJ6e8+i*T?c#;=gV#9W$}lP_9B zCAowz4(X1e4X8?0>A?p{o6_uH^#PKK2g&4CwEAwv!VHCi$N>E$v{VP!D59fof^#Hq zd}%Cqb?TzlCRMA^Rdlthwd>5f5(8k#5C(4Aj>ex9JH<-xe zSJW3lc+7?)>4iV#S&2wQv~u*~qkLLz8ZrKE+4!Rx_Z_FiPk?=CD2Yd+t22?91Yt|d zok}bN=D7Oxs0=SCXy36U_8ok}V)k7R^f6&**gnHZ1j|w+=Wt$J3SO5aD8z3QgK+|M zyedk=NTuYD$CcT0-v#2^k|``K5A@_RW+i5V~4Y!?LDi7xg4#X z$4OE*g6DtjeR`chU=TE?3oDl!!W2GA=%$&N_Bbyj^vFrT3{)eS``ti5tJunwU(4 zC7TdO>X(Xz>%X0yZJQnmMe>v_{C=Ot2!!aKWR*V(z|@~PYXxWoG;N_zv`RW#iW}%^ zl#ESPwAT_E)#zg@Av8njHzh>OG)|JCjt{j%%OBWc1+v@%^uA9~fzz0i3mGIGK5E;* zW9q#6x(s>YFFy8mJp7>v10~k($#;P*5}Hb8-ywuLouQ_9mjoF$ovFn*Mjoj^(e5i( z5!ZNsA*)~`l3!?-A zwv#gH2hXl)N61GE5T!h{5(lSF5)d1fCssSi;~LJu3zrnstZtL-r3Jcoul}rJdR;Dq zzkW&aou%&{oT0{+yGydGXNMxho_=zYeDZ`}S?0~>d528(G@qP}P>&o*3T51+lCXQ} z0BhCrp>8T5FL9HkePHzq-`UR{Vbclwo+y(EWNx@QNjT{2QTySAP?gP~V<&%d)qTwe zQ)p=;|L$HW7t2QwYo`ys;`GC4R-DF@Y7QH^Nlox0LeIs{A8X_eeBneT@gM2>TuO_# zc`meQ9aFs<$+EGo5@>#8?7koFsAS}=Eb)cew=wKxVdosc<@Fjrh-#m^|K+ANwbvo zf|yAiYzo(mN7E;KdBZ~8y7H+V{B+1GpE)_M|8eC|zW<=6P9|+vwDHGk*g#ar!`}(( zjAW?y>r)|%OL!OO$o!L@XiHTb)v!v0_Zm{z4sZI*I@`<|?K(Dc838lZzs(^OHWz+c z?U_E2tNJNFH+}6L#h-ncBg(eMgOy|>skWlcR?Uu`IT_=PD*vhJXgBYMvwl~)5Tl#V z^3yN@&HN$zrVS{iDdYelnZgR~EKg(7qQ+bPt_vzho*9>-`*jn?+y74gB$?Kc4uFIl zelSc~eNcY;r27|PHTed89p%>`(@^brABsu6Iu!x?MLrx8#>MPr;K$Cb!PO@y7uTm- zdIxulz4ycNj-pU2#=hjiRh%fUWhr)*YiAyE zVAhd~K5PH@8&wI9oXayDLLT$DBx^v~4lHM=Ek@^N*}2Ov!H#=gSqXNoa2Q&`S83{E z;UIBnoSDK=*3fk_^y3TdpZ`>x1PtTtVA)2VAg@oz+4X0j{@ zg`dOOV%0y`-ZP{eOKfp=nLh=;CIR_`UmjG|g+8MVIbiG^YMPwZo0T8emH#ZiebpDh zkY(xMYuZHq6$^K+e9rP3@KLha;<9BS8{(I=Syb_GjBhpDIMg4u4VEcrtM`{ApxRejV6ZEb(C!GjAI{Upg zYRMbu__PbrNXk|S|IX%DbA&%M`p6Tww6%B((VtwHoGHZ>{9R~!jEOZgWG`PQaPO`i zxSYOHod@}fUG41?EiX4F-!abH6zP-Vz7$VHwm7-d-}tB`T&F{xXN(Ley5#G9b~X;O zS_{)O82Y>9DQ+6qUb^18c(aRC0_KB?Rq2}`!_a}rdHz!$(ueh)EO}CY`#KF#}f{i~zRL5K0R8Of?jW@(^rFIBWtO51NEZ;^Ub-7pZ;g{Jng?zRmn~i^s>Sx+y4r_>uQM zZT(kn{8&IH-1X4Q()&i*c1@7>uT<#lZ&#lI%&g;_#paQ0!!)%~)(l@-+IfxVPp0fa zLQC5LqHd8y(e>j|Rwe;{Fv2ZtmaS3Hv z1L=ZVl2z4e9)THBZAE7=V>8FPmmnNfh>y+BRf&qZ)tZwj0lavl3qIxJduYjk*)w^w z9`ooWXlMW!WC z8il6RmCVo|*T1K^2xBkrx!wo!1}-g>+#hK#bafW_dFzNiEV1%}zKA#x-@CC@z=nXn z-{l2yyiClw5sE@KGprN~<1`N%9MQ`40O3Nh=dBD@WE9TW4sX|J**b9CRT1-vT5*bN zi=f1o2$nGYv|=fWYoz6mIN7qZ`f(r{Uc}Ly(1F!U0_b|TMe;ndz}>*V@kDS(Uv4xW z&F%N%XYXDD|XDwBllDMLI+xA}uKf}JTQ#JU#sjyFR?!hcBu9&RhS;hHg~ zY@TXCvz2pfa$fmMJtSLXHPEzzY1lUf|ELOBN*o9alXS1Gm`{rP6ej6?om9rq*7!U7 zf@@6GyFvrPj_TwrE=;@nEBO!IxY5$%N`q*I&sU#s2=(ucxTc|HL~V~7+|f?cuXmw| zZ&`)T@!^(Ej_GMb?~LqEONKiUO0 zqavBGfs_aH8JWAQ2@{|{7McM0f{|EwE8}hzYah-{mEelz8t;|ux(!~oy2%(&Tuv67YGyjyP(EZ`Nrw%_o9!ez+otF$^E(Sl{%DKIeYR9tc zXh(>#F_L%#J`K+PF^Eh)>_u->x$ol+Z`GC^TzV=`{t;)`bpQ*N$#xZ|MpKPam8%|V z7W&2v%kj2CGS+Q1MOTq_*D&*p5DloBRp!d~*p8lFXvc$_so5PBddHe=D9shH zS2xtGWIKJzE%e$gQy;7axIWR%w4+(B_?AoFxeEQMn!OO$@^R{PYNHY1eRep6XY#-V zIzLff$|D282*50e9`zbX57Y>hjM35>EcM3>$*CHo98qJP2+fGw3oq`fTvDwKd%oce zJvQcl2(>&NqRY?$*+?r-89$@WwTb6V(@6XZ01NCW!RH(=RIG&Qjo;zf9?hznpGuq= zZhrb&*vI-Z7s-?TY92C_qJ6|q&gFaYSIF8mO<-fZNemX%s!hc zc4zBpiSqZJO1MB3grZNp5n?wZI0cFP4$3}ps)Nwcs8^~>!1MX}fi>HNsle#bp6{p= zOQ0s(8#TgKT*DCSg(ABH7uYDM<{^QKc+AL={!(z=NE@nk3U2f6zDo~9L6L2Fk2Ca0 zfL*?1&i+{9BNzt5Mzk1ZTa{#$_W&hW}e$HKw`I~1S1ShqKhjLCK)F}{m1#C z5slODloctd=pCMr+-1bH{<_bykqp}6yfvisKHXNa(3UdaIjyjs$I4Mg&Z$5|k{O|}E=|1Mcw}1{z zUhuDp-y2!ad`2AmO^e&=m>|GW|AL@zRgui|R zxlu?=Okr@ji~J`!-^@l~0FA2g4kR8OLSPK3ASn;2Y%Nl&(ieOXjpEwRHSMiJBwzSR zpHuwE(OkCeBl`mCt=|M%N~X)Q+jIiW{X$?0DG^}OTva;P^VMs@G_85B^y(Z--u~0* zfoJM&r_MdjGrObi1E(mVQvE;UGEwj{XZg_0s_8i;c%Ywnr+HnI|8dQ$vZ+N;z}A-e zmrlMIg6++?@H4Xe z!Rl_VbuGxHY)?YtV!6R)0xmzT{d*!$#^a&1nkJv}EE(>Jn8FrPz>8p_T(rN@_~f*B zW|wWicP?ja55*tsxZzdKJs89Am27~MH~Wn$J%(Y6lM&-NvKpP;7U{!x0V_oN^`L|I zjB!XrkW;8@5+dzzY89sl%w@D9=zpg}v0RT_?wTMQI9VezzP zEf&3c%xMUFWz}tg5Q?OORQc`S86*K(?cy6QoX&q4(7;hr6{t3wbf|5Dc#w}Z5|Dvf zJ*uY((cfIZ1}6-x6IM@8`MEP3+aWAtG{M-roXS(ti5zY8kBE ze=cEw0x zFvW;eGYEl2n5fQ#XcS3S&hJ+vU*$5gxrFkrGZ@%$-Ibl&dSNpg zyM$!>b&;6jrOGTC?mOSS8QdLMms4z2+}YN$Z-P;~Ljk4gd3;it-_lca<*|`adtoO9me1DvQPWn=-b_v zGjJEzT3ghjnZA-A;ASy0}8;H8h^s4VJlxqsv z>ehFVpU|Var7)u?5UoGvTpvi zKX`+0lR>Xw0^q+7HiEjJ4A#;fxGV+Ik)~pW0}VBy4Y~Y?@VaB8x{#ipgZ#=iR6s2# z8Qy_1uSGq&(v&mt@3Wnna0&5tk5TWzbR;LW3xAFL~gY z2Md;fU~1Mx5my`4?o=D9y|xjY`gk|TgtCi^ANoBnn@Pk-)R(-*{(6R0R&YY^VpTx< zJ;_X&FR2nCrD?mD9=-K5zD*YQ7p?h&n|!v%j!u7D{`QsWKOR~0Yg$}-O`6!k9k9|1 zhARDx0nB#4JxQWs4(jujuU8BGN-hWSjo*0tW99)C+zJsV5}L`?6Vap?mWp%wYC2ac z;V%-GPNeVv>i(9Aj8m8M86oiN!9G&{bip-!i*B}I13Q6UA0)TP2pmHt?+d+z7DWm} zxribwr9k_Uvh}Kjp|TN%Ir>gn%!EK2)}$9FU>F6(3a)AI@)HADG`&w>rWXtdQI(L4 zZXjg$GPMBEZ*_1HC1T{;4}aQ>RLHR@Gn=)ra%}pWN`*>J4FzixmU@#6f9r{ea+ANi z&q5+K@6Z?-D9Eu$J^MmmCE|$2iUGYYZ+l9W0O>pC`PplKQd#4=g-;%>-Ktz+_tI(u zJ+^Y>Az7M-;0*Zf@C;}GJSG^Kz+F<;irMWu^s}l$&6D*; z6frs^FR*LN0%Il}DElU#Z}OkbN&BUFe}eOE*#bxbf6_6&p8R0q#rCD=^T?ksDeVO_ zLn*;pGvl);{(EcMS~Mf3$c#GoteK`4LTfS?EdlG`xIbcF8i|uuf=0fTCNoV@xr(t| z@g3|&Z@8zs$&$@|N7ppexoYEvuEtY+;$mLIAgH>i(AeThG~=|X38s3)*8<3bC80e< zfUpuZMMMd;Bvd+$R>!&fb$VZE;tq23Q&;ZK8`xt6;-U0TjZD?kV?tw=N3n>~aN(LI ze%fnhFO6-1k?j}l-+1I-xXbrQW;RiHWM>b8e zG))_%rY0UBozlR11P<;R>yMnLJ)s(Li@0O`Fq;tws!U|9*ryGnMR)BjG)WJf0JG@ zjcd8i;X4F>IwN+st`Mu*sM9kV(V#B*43b?_=C6LZnk79yW(@Ckw*&&s zEI`l;>M)B1{fC9zfDtI?25BEUI0;z2g5M}L)5h}?mzWZwI!f7i_yTJZaLJm`;}cs( zK*jb9ozm4QtNx%19V}|IbA)i z?sH>*G*oE}Vm)g*uDv|*8n7s*rY@s$t~|i2T-eqHZlJkL1z^jJ#2i$Z2z;#90lHpq z0t6318o2b~>gX2-8uedgUuQfoje*v*fnWzuW&MB}dx6jQt8svnSa{O9y4MPkX4e?GdjG8K0Sn(> z2C~KWA%IUB1Fe#7&+CSo9;OnF+GN88*C0ulq?2id^Dc}v zz1SRI!`>}?nXbdK zbI~|M+Ds-OfRAD5iiXDdDB51fa3e0v<-7@#Oy3lLpGJ9%%w0FXjIkz4`Ms1VT5wK6 zAa}aEE=Yuub8@+YG1~pmjg$Vj#fyIh1vO&&5AAz5VDrc@AO*-6akmzvVfEZ?!IZb` zIYM9olDE6DtYg&_1%0ss9=kHP<5bkygv<9sq<6~PDrm@F9(<4DM+h_`D-jw8JHzsR zD?+xXdZVaYGX7sn%fC4vw(V(bW?m~vR)6^Ch9sa9Kfc8mq zO2B@yPj(ynoTiD0so(|8JaU?}_jqXu_2}>s2qE&I1I2`xabKZl)**|UAN#WTM&pnN z5XvvcKIzYRZ&R3bfOy`nNN=e)ZLyEruYFeiz=wDh1LwuGeSf{77!BVk^AW8jqpKTg za^WTtVg(aSJ4?r#i{|+L<+yd61GQP9x!Vx3&#W8TbId4-Xs?b=KOJ0yD%}?P?e|M2 zx#g;LX!sgvio}DyagTX~f8SSjjE?dIecP2?FdvlZ+td((TbdH-MV>Ug8dj|3yP0|o zQ!@Re6$!}lq|R2V*6!`c!wTNK*D+cIxfQrh<5A=BbiaSIKkd6>Nk1PCu!*hiTF7rM+#){?p&Lv*lqQsM0ao9dpE7Fc_w*d(| z-npW19447b$~6%)y7jgq->jYvTl@)XV$MdE9;sqU@XKAhd2E$LG0t*AqOLG7cRJ$<-Y)p}$G)b9a zc%FrSGrJyi5=dJr>wk;&w2_%!x)H}14l3mddU5VGimpMB+P}tE+EHTt3*3pA?=pj< ziQ1H4VPG9Ml&^Kgjc6?&2 zSfMR82TO77qYo49Qd6nxq4hve+YPlmOCU=LxP_3$7e}pys(4)fa23Oz>5I|1eZ@R9 zDoj!uNTQ~wlFq8C5~u`2T5Cc|M-P&(V0!wdn4j^4wO96;y@I-JS+*@BviYN|tU^XB_iTYQainvDYz7u%b>H1s(u@X|4eHd$#WP{ldA3 z%-;aYX(>xg-?JQrZmxy1I9=iyXNu|YJ*$qIPZ{3 zKKHja^j)?3r`WHNxMyFOVRxGmq|aDSes2+T9aBB}w(($g!&XR>lnD^Jn00_gctZA5$46X- zAeIEpLjP(V4WV|>%5JlNn}a=?xARum7UcZMkJ38c!^1&G;Wmu`26>c6`n?%CY2D(n+9;FUKXyAsp z<6aT+DLImz3%;ObvnuY)LyDU`D0xi&^}hgG>K{=^5eMhu_T#u0AYI$i-_ts{5fhCG zo&^K;pS)qS-U5V4xd4=ezjhmn*Z1*rN_qz#lE(zUniEDJ{MA=bJv4V< zI1Lnz7RB}^q231H=r_ZZ@gS~u5hs3W&Hcv8_;DQ*S;~uW?CJDQ1YDAj)3CWrUVleL zaYl^RY30u1y;IZvHq?o%3gKyfHn@!OkKTWa)wyEa_j%++$2UKwr2*Bb1=u9$ld(Nw z11n9Q0jf*)06EV?VoElv0@C)wanj82W3yK(irC)674i-yMJ7qag$4C5l}Z{UQj!J;s<@R5n*Zq#x}Ag$k1l0PU0F*gmbWH#!S;0xK!- z+8dS!~j;;^T~45|L}NQU09j~vOy1^hq; z;9(Q#Fh(W|%ie}6fZun2LhqnNk~}}A%zF_FsYmtson|NeH>T?`9$WSUBPCSKvn7!RMYKUtN)I?+lXr01NHghEvG&k@r{ zD=nq>fDtH7xTmg)+Y)+6o+)C5dMqQ#y4yh~`w=OCGY31OA~B}N%p1g6$h6xO!Vamf zV?x%K3jMSeL9i3k5edXb<7xEi?Luv{j!Y#N$Nx(xiBx$^Fl|+|zK%)S=+)W(patzV zh^tD}f+{NQ0`aSRk9zMm4_3$y&!R9NZClXp^W_AxR=s1{~{}DN0Gx*Q1PC;zU0l81PNkcK7`|_IJ_S) z4xj7#(V5v##_Syj6&jUBa@8s;{XZ6{ytO^v$%Ujm7r$r=$jSxBJMODb5dA;_1CUHD z&MTOLMvTsBarXRRuVwnYIM6>ZBn*h5-~uw-D*Fh$gphP2XV^75!&dnbw&qx)pqWgW zbgQXPFZ+hzv)OiYXE{|~^XkL)h8Xfe&{0s_`+j>uB`|Z%1ZQa;kfiXdmU#tDpRX7` zZqOp=)dFvYn>qQZo9RT&BTFGwF;IV0ByNfLZQ0zYsJn}@``vIHOwptvwJedqBGl$loi?MO>YlcBPqjs;(yiQ!rj9fq+wCow&11V}ZKdAN1F1 znjUywWhpH9I>zq(JS27J@dVmVXc!_fV^jCaQjs?Vh<7eyI{JtEU&Y=eo*y``** zISP|Z(P~GX*f2yQQyX5rSTVxJaZMK$4>cKziP{l*mM1sLbEY;!%d0^b7R5$xUB`5E zQpZ&RSzwZ2fNXRfvrW=Jd&w6iu;5DM1#9K4&1puAkz2<4sg%3dSaQ=lcDi|>YB;gQ zmVK$jr~?ID*LofZ;)eEO#TSsH#Ue7p8#S}wQ%aj6b;R?(39VJmVLxuua$1q_+`UL0 zcABu4?+gXfDOb=Df`}DVQ}QDCdP{XYR_NJ}3TetdV8L@ONvNS1=rS`mpxm|(=3YWe zk60FpxWr~D4Wgk>iaPlb7bc3QqOH;mwb<1j-oEv-ST=L@am`R#$8rR2ejlw0PFP>Ms{{-18oB(7a0^(jlQ?NqHBMVv?%i>YcnV#bj zjskd}Jwb07RrwL%yKk~8=Pfaxc2LIrAUbKO*rM{;~l6_GJlunTRd*5DnMW)mjM(}qf_U=zB!$~>i(tnX!@|x$P)~C2yMv1 ziXv+2Jd#LOG zhp+d5YHHiQhZV6RARwS1ARr<&D7~wQCzIA zArg8Egccwn`F8Gm&+Ges@BYUKV`MOrbM{_)t-0o!YoDE~BDV9$GsxhBhsA&^h^bSvF(ZMz@L@>@xT)vm{CSXo z%A1PlGSQKEkC2$yf$lo+VVt)bj}ST;}dz z!Vl;M-6#0V-NA3~8t()2y>|u(B$nc@NAoQ}ZKnfvNSGov95oNrn;=Im;>yi)d}x!F zocQQ>nsP#3pZu0gX=3|(Q>2$p^WB&&$r#M=IR8Co=$dJl{doPOI$itRztp>*=1fdD zAuUi`=;1AI@c(1$8~FTv0Ey!i)FCF?mjH<04cZ-yfiQ@Ai!z+MixcuZp16cV-P@Ll zPgQn50=6^xP>KR4yytL$QuV!cI&af^3QQ%wqZ3au5^#A}V3tE7nBiJ@`U|jC69|4^ z_+XiH1xA&{`GFB7j`Kqgqa*GuynwD4w)y2+;BtkbMYLPhLWC@YVgW>ST3~vZI;pR? zptD*^!+hx3th*IjYA_>hPN!cHs5Ld0yp5{c>+7~GjgVmDXc`VkWyY4p=ilR&Eu*K( zY}%{(vqd=Ge*J$cxO{+ovbaRoD>TzU+qS^A`2?b6U;IpwL;IHGcs-&ZKN4D}kLCF4 zD1_(JRopSDgMX_g!RC+U+mU_EJoTa@XmRb=g`4Px&R9R7+Egd1Td|gE|LiN#mI>G$ z{0!j}rJ>T)_?WuOoCyJaiCKU+V6{Ph5IqeZ2&1LS5P+G+Hd0=EbLI*Y^3&Gfm)*g&dxunr znDV3k52!++nTFPsR^%JT>qK>(`;_mCZBXCVCDx2J6}@)G7*zh$vD#6X@51_h--x8G ziY|lnNnqmRk-|qt?u)}Tby^^VA=hXjh}1g(Amohi4F8N}kv4yEUGvnHY_DX?eub{D zj+Xmu>MamU;GcjkWTiQ1Ih;Lt5%!wLmku>Q}n1 zO)cm6j|wb3V?vIN+tsN3guXwVFP^YeT>2yzFnzGuaQ_-*N83N92|ns$6l=t#Efw>F zuTlQA`{J{FKz+=8kBOR!aunK0iZz#*t`l>+L(D0c+Kl~X9S%jNR)zbN!Gq;n1BO8jwMU34CplW87#`9yc=#|?q52K0(sALQq%#QWuro{&&~ zB+*H5E{Av*T7DkRt3>~zW&*^)(ezh z;!f|-Q{Wp%{DZ;hz;OYz!8d*_&r#)9&j~KRKXT*V+_3MIS#@-DTga8T{249jo}$ ze6w=v%p2R*48Ny%x5eiLCp(YfC+sUxx`XxPdU*uBpLO0%A1E}9(9{)jcI?X^F(tw8 zuZ~;hf@stA0q*3YG-W#Yg>qt^&a9zZKa`rhnLQzZglszkYQui= zv3ht+cn2j(*gRQOI)hX%?io1*T;|v#J{1Nen^gY{876LOJCVJK z!4IqnD|kzf!NKA9o!7T{F~ipP=fNJ_-(kW7e0v#eepUhJ4L+5r+}CNt9#y@JQdD&4 z?{s%3lkla*IaAxmE5{oS)?@l@9YS{Xm}ogvE&}YLzH|CKf&!kY-b=FhLXWkXvymaC zzROz~D03fJ*<4mARI<0{>MelWD%5f8!Mkw*HyHjl*Q3-k{~D`7QfCsWNtuMX^iofB z+|L?{$IEklvEwY4!wi2(pa1rIv>#^y5S0@(4jtmX1%?}Vy>j<481C#_;!?OR%8E`& z6fH61?BkP!SPa%c0WVIUlls>fs3~K3+4QDZ;}MWdtY95ZRy8!DwPjNghEC11s4{kl z3kS!lWTh%GH!L`cn*volUnazwiY}ZE|9yLa`hnL+JL~lsk<{BiAe_Ip;8^0d)j4@o ztH*x+^4eOrboBG{INOIf7jQ7!zpIj-KHvn#`-}4!wKu@UPc%4ybHGqEZPVw@oqJ*8 zh=@m!Not#&DuQeE<55_7v{D7uu&JoVbKycD`1r+_3!LNB!91|KjW#$cILUXQ4%ZSH zEINmY&~lfzL%N~t&mfmD=`JV0U4jqgJUM|eIC>`ck0HCH{551IYzRfCWWJROiy$ zAqduoUJJ`b$idax@yBtUZp%#k?$zU@9ihsOKHcRg6=H5gNY@Pzq_k9_*ka9(_lVwL z{wU{m5j`24W6GW%;>JPUO_RDd@8v>lVci^KHap763%kdP>eCQm$b+S@A|;qx7&U~A z7vR&crP*1!Sj=1>508$%#m>XYK8>9pu8J4vT8n}ay;e@cwO%7Ey6%+9{qh)i_F6F4 zK{-Zi+g*sTCS_t`5;7=1zB;~S#&O{ADGo74Kz)unOsJ^w(;o7$+BNqoPH>1Whwc!R z?Z>WRw`??|VSRr<>P4}_6S1fjTS=U4t-@nKKV}m!3co4M^-Tb8&+F%7h1imSky_?9 z`|Par+#w5#Rvq$&6$>1`D@?}`NG$^44TStFVCMzD@3u=2u3MQLWAZ$wnZ_RI1|=g6 zG!VmuG^GQ{VHC>DI?v$kyqMe4lOS#gQUSHSv%@_0MdCP!^*K*YlO4gfrXnUSg;ox~ z0sq3hJfT@0Cv_vFxwnn?n10cE9+a3iPE=%P4))y+TzhzQ7W9jM$*yL#pK{sU+1^I< zBi+*9c}k7&IIXlQD>T|8I-doluc4lGKhBI4UI}dbzy}!Tt}dXXGU63~$9 zO+_u|q6Vy+ir(^cI{nVDho}WXM1mYf=kG-UkjWR8MXFSm_*eDLE0q({+H#-7)>D1B z+{a;$9J6z{j+;zwyx&8i9m%gvJku*btN4J7B#@oD7A3#)rc5&kjQFX9$0W{VxVJYo zO6S;)-wvS!K?)x4t1u2~W`#DHxeVe_Cg_@bax=5>9K z-@QRCSENEmNHlSI9S1OBqVDS=pYm>;{Kgku8hgt)k;;*#15Am_DYIyWeeKF|Y?_A$ z+RHLs5dzDZ*7fo0NO2m|3A%dCaoE_yN7`>cFKDN&P2a=;BZ@5ZoEUdNwAz!Wv<>Jo zCvSmOXM)6AeR)vLed)@`* z`c6W%Zbp?oH)*O`Ieq#RcY7?b+r#MmF@p?R5EYCT3V+j}ZxaCHB`fcgaDh`DU+(Iq z(bu_zTpz9bxGlZ^mGHeeyQX~DxctSN1LXr|{J2n&P+6Q_l^hJ5qFxgPno(5 z6W<-8Fo7Zw7d=bNaC(}2?*T3vzP)2dx?H|8>fu-)K^R7+7XDN-LXccn=}~gFtO0m) zANWrz6wrke6}(~)cx>LOp+dSW;ivPd`02z}y;fCL-+n*ORy=dd>FxO2k9h^B!@*sq zwE^jv?iiu^JH33oN@Xccn9JHN|9N@2hL;ZAO|o9((1HgURoAXJXkbalNmE+#2UOX} zOB`*VkW?u9VU7s~=t#Fn>DEA>W~wJf03QK0o0iDDKD)7$S5%FLx>$@6M+1}>>)nZu zZOno+AjmNe?~#*1QhKCyLImpAa?#>=+}{2=Z~YVuwzy`B=q#^aQ>e}6z z&5LOvZl-A`d3<$2*)U0VVmK_ zXq%KfUXfl;D%%YeQH?LmJJql7+`DyKdaQU0cE5%@$Vn4~t*NqKvabkkxv#y@IRp;l z!pCLM30{x!5=zJ&;=!p?>BFk0qX-knJx0(Xh>nqy8Y#^ zJPTr@BStRN;n8>>a{P!><9sT-*ZvXm-UlmbMw>24us+>F|FB5lDNp z{9CKI$m^#ov2uBX3R!Z`y0PwnX$2E-+Av)Y(*mugBIBoj)&?JjLGaE=KHj1CzYfl4 zHfXp5xCrYd-11^}ng_C$Xj<7k$IhyyBL3Q@rP#RLCfj#(wG`h29iPxhc-y|=xNwSh9h$gd~;lRk01dKQqoifE1Hwq zHH7#8G~N{>qp}j4X<%FyyHV)9<)RG7`bB5_P9=mjgs>gOCEH`8-kKf`wRFKgS3|6j zWbyGxV!_unL)jkE{@!OM`e;2QX-)v`hE`gRxyc?k$4dck7dBn^OVd6?9D(Bs#6wFl1Y zO$P1ibp`4FCQX!ML@DV+eD1`VGnD%KIPZ;*fJ2`}N|=0jM%zwiKu198F-*vg4_8Z< zwkCHfW+z18brV08L)+odgS2t$chNP&=01KuFb1QF(MF}u5amOAAAJUQbSsDp$FmWu zN?%pemsR9Be>orzCMgC47&&O#ZPjk330lx%O69|?6X&xz^nN+_L)Tt#p%+U*l<$xR zS|=8>Sz1YZkjg4E4{|M+{6m~Z0E9RxJ)x#l`x-5(M4TE+nn+FCf0EBKB#l~ksT|7{ z%CbkHP!6lx?k|dJH_&CTZ@K`2`JCvbN_?Jt-sC?_5hw-{w?D2tLni}a;b42uq2Hqb z>c$gOgRR3e;EUjjtNO-^1rDI1gLF=~&90GFcI1C86 z4pr}!(?(c_he^01>^mP0hCCJXcog+ui-|*B2vf-I_s0EKR_fN?Vwce9`{j9#sjh+Y zkH}`HR@?e2X0ELXm+AabRa#S!H4KQuQM=KE*NhvLG8pA%{_xNQ|0Y4!8 zY2Nkno8yE1SKn7t@xu--cyy5uMjVv}BB6|}*xKnztuU*Nb|Q?CtU9uyXmWuS}<=zew-{%GHtv&W>(L zC_egkCcSP!sVY0ecFUK$xSZ#c4+b0VE|5c^^0<{;cDMcI-i#=P9>1w|KbmR1oQ_Kc z#nFn+DJCzzAMGpFR=~xkmFVbRnTrQ14t`$wplV%BZ9i|oBfmy-Q6k1gh3NguA6|8Y zUT)}Mx|qLT*QRu!ww22#w4WptuPJpIiI_mS)3-nrHdW02)}FZx;Af?v^pa(ZUmDB#rK4hdp94_+W3wp{m;G$fS!qj zJ^TGUcF@3m$x(qGGxP2Jd6Wf@CVv_C9Wvt)Xb@X(DA)B(;irV zY=It$9MLdaq|5)9!!8+Q0h8T~EUHpe-h1o&&L=Hpyl#heShy2}e;#iB94^o4*`JKO z=bV2@l3yb;lEr*M1UqB`TVyeMn%;1CV1KzoW?^@l&MgGy-fg(O45W+}`-%~&QF4W1q%`M0bmMi01er%Kfd8_}l=z{n6eSUb;)ytZR9~_Dr z_}!J7P@es(K~gB&pZra|D^Hg5kt*I?Ibt8wbtwf$Zg%Om=(8)B_%EhDoqP@l+e23l z$*q5!1}(z+A(5x>^95(a9KG6!HgIk2qROX|9IB?E71HLQgxuqApwOHxAkDVXQa#UL}^=V=hYopeRD?aK${QM1a* z2r&{6Wu{&2bP?@Y%}_g%kG10>fvn(H9<(O=$kk)WWP!rTUc{ZtSL$z-xdHTlATQ%~c6xvzZqltCL z1xo76ra6R!|Ab8FsIfYxN(;hl5`QAFRed7m1DGH`t{1?;OV|v~$$T(x`c0 zcd`4zGVCBpnWZAVulBF%!r>pP3sam%ztj>rWp6e_xu(Gn_d}P$!P7`U5nYu^V%{%H zsTeMqtjR+tlctW>U*MAPn<1y*-x-SJ<52`A?0{}b(yRT9&y@vbmWxnWmn|-Dg}iA= zW`&quzk3vyM}1234+(+yCIFaQVlHP+$beK#{jXGNbPfc=r7 zwGEC*2qc!Qk<<`qv+a3bT@|pOy|E;6jq&FY+FC8!=2CgG&(1Ir=GV+Qfc$=&%e`BX z{KW1Fs)+(9yFcxNG=va3rnaeL8gTdblhOzfu0%-~K1)t+%F zLP!Z<((w|3OOAWvX4poqgGluDpn>^<)TC$1mKdaVJ?7{FefIh9eRQWZH7H<`&GL_6 zBDzP)aUjs!>&f_2>gyDr$!JQc_&dXyv6{Ok5Za2-8}{$`wVm-MHRPir@7zp@&<_sv zwt7;B?#t^{P&2$7B$*uS${r@=`u7907a3lLbs+*9Kc-Ld>oy} zft#`u(9 z1b43~ne5~pMSOuc5^A0C7x1&eVbjs;ffHFwmjk8m{i9T!mx0zSb2jinCJkJDgx0TI z`?-%jjRwu3{?+20c9QjfMEi-i0)PB|iv;h#0iNW(2{}~~=gHyO;{xq^*uM6nF6qo!91qMM?=LbD4ZGhlQV_8VIuOqN4)x-7sp)6ivKj{5<=5Ol zAV~WrdG0!w=eB`(!WZvlHE8%}S0@qB8iP&6Y}4M6OQ5`#N{fFcp9jz%?C3A_As@KA z^TVejj#67r`eV@xN?NnmF5omyI>atqMqbJ3@Mgy@?2H^V!sLGVqUpFuWr*zxpAF5} zqz~YtOv=>-FKocFVVowb`KwZtip?}7`pJaE@fXw4Rl`tt>GO^kO_0?YlWeZlow3b~ zpo0`YY_#veSCt+0aY^!8&GOp)I2&P(>*)fN#to^A2PWASDe{ME!v@acEOo5H48PN! z_%)a0s6IvQKDmA0XY$#a_B*Wf{P4{Pt$rD)lG9QJ z7*7VI)R?tBo`5!c=(e~ga5YcPR^kdG@o8b3<+A;bGag00V_C{&lJJ%mmv@SZ_BWV( zw4sb>RkuCp^;M8+ELKk1^z{n>K~aOaw6wBy(tL7%$ntq#6{T0Bg*Z$80HNcI+RdDi zQWt#JJyUqF3OXsot#|DC$Y&FEJ`}=KFp2+Jrj@=&xh~mdV!&YJ%WnCEvqrUv<6fq& zn5ap;cZ0`-7y7`)D4vqQq~@`W(F#*@N!Lb2kiPF_7g&+CEgZf-3^bxOEjAg?wS%XJ zGNX1S_0!IG(fp273HpD#rNi!~cFMK;^Q;GGZSwI8b^=LsIPGE7iaU8`N-v3XulYza zDOzFVnvZ)Wg=ZrilYLW{7Z(d;eQQIZ`|$0QN^;hcT)hvedjba)BJtS`ehd%R)gr}= zJEo-w8mE}Jq|n!piTqCwcX`C%gtP;${idJRiojw8_+*#n42ss~T2(ow(~dnl$cSv3 zv*7YW5+*&6=HYjBrEzt*1f<1~2H&Sktm-qGBeKxEZ& zRz4Vw3z8D-1R6kIbs9PgS#!G?a#(h;sS)L$HdzqfS=xQjYQIq!Esvsxm;?*KY$ye( zKBvle=q9nGjO8zu?D)S~GOYnoj$B)Wh=#8m1To1hvXkfQUApK2t}ILL?HMrBvzF_0Dpx!w3r{d$*vRm(8$t@>sxG z&mx`|wnpq`(p0Ts^H2{oM9iyLEN_qdwxdiP9ii!U`kAGrjVRxKORT-4Nuk&bnhYDV zuey6R!sEirU1o6VR4`_eX%1|oY%utJXFn{@JB-UaOY{2gu(kwhe|d*)XHe8N z;1oJAD&v`TAY3hlK^sa2-zV)-i+SDJKT_6NG19DvYtr4DyXjShiFe-^oThgRxln8M z7{1pwI#2rHcktO|Q#01&C9oll!p~0MFkr)`jB6iAvkT>CfixLGx z?wv&os)3%0#D`rzDfHe>u>&6Ee($Q^^vqgKX}!x`V~Ehhnp12ppxNx4oeH}#x_&b$ zIS7d+u@6tCT6#wxnUS-r!l_M&ch{duGORoSF3IBcDQWv!h!8BS^?6?5!VnZri=Wtp z)Ffr27F|^;C$9lHW(To0nf4+()%oclx4AElxpMNDJe@Z&m)6Gm)L-rg63{;s0g_Hn z;*;E`GbwtUNOEA7H`rQT{=T$Zu4}bonJ&m7rO};htXq5boP538ey>B3VuUWk1pzu?#xRsgF!-Vn5wZ75PctUdm^VA7rx`j)EHjbo?acZRL872>*`WesTtH*`=z0ZXPb9UKM?aSa_18%x-7FY-D{B@cJhVA0mM~iKY~Xe4=xLwl%VYLmb<@vZ zBs#wrT=M_DoG%?2U#_=H&ogIiD1qU6p_6wp=MxS@ewYM7C3E955-^VUO8mxLKFoQU zi>k@N&b(X~f^~@BUOY;@k6*rJCRg5*a<`n#-Ws3USaad%M;ZnE?;JlKsN3-E1dhQAceg3+;}7kq zndlrFe-m{wZ{_C<9h1H>Wt*};JmO5K?q5FPap?9GYo(R;!__gV&-G~@A8&;*-X7

(mP9~k*zs$NGVj7lz@{RR!y zjI6sqFLGbAlE3g2((}woMrz%(Nv?kW)g@?-J^lOSq!UdT|>N$+J}la zuN&`f3Ra(3^t=NCjPQ(*zr z@h@G8Dr#6X;?=8wS7pxuOkCWNU`e6n8hbYe8@X;!aId4?f?mv-zgx0UvD`*Du-&%g@-xHkLv+X5$bD#Oclns}-c3jFK+wYWAKhv#<<4P}@` za7t!1u9_kZQk-C=ggCY2f-jU(zX}MjL1Qgrugxxx`8!V5ssx=Hc9!!E96EC{jTac^ zKp<$nT}k}EoOxZ5YPLQ8W6&o5!m%CqoPF2*j-zG?M$gs_P+tyOHOtIaxP?9HbG1%( zmEFGcrzgC;uD}m)SOIxRjCc-Q-5@f(#lJTBkWUo)t3x4H*x;Zd%(w!ZDWr0l1STOw z>Xf~Gp^;i9ziB}yZ8=KLyF-HQ>V~}8`D?g$hXSEH^BlnD9X(WkXQS)i@F!+|q=r?H zs_#pS?Fgc(moJ{8ryq`MPxz!t(?hJbSS%lAv~AXiFUWM~!Vhlz_xKK-xTOtTec^oi zu@hAR;1<}Ap-R5~-#m1W>!R>^3&9WY0on`QA_zCjA5F>>e?ZE%hFZLNi9{-|j_iwD zb|st3FZI7UBlw_<&I}p#f{`uOGno<>GygX(b}#!MA?QCClMrwVkaycx5HYHGuazvL zQF%+I@lDTt^|uNFnRioSavut)SWXJ4A3jVnW~XyAtTq-RM&&Zx_;c2WsFNv+<&u1# zhT1$9j2ohUX4TLCdQ0S@^?ZeD4RY~EF9a5Vr>b#T6G(E>u^;%^9dQ%kG|Cy z3E0Y^0&JZRxhK|fzV}s{{&UMaO^#rGqiOK}o8QovzVQ@#HTW33qW&&QyWX48`Y^*? zUe0&-v&L%gi9Z(O5H&^|pbKVm#bV{^U0~P`pI=*e3Hh5Vj_Yh@xs~-JTo(nm*~Q-P ztSaZmaWlXvxfwps$qT}B9dymX?WzCA?fLH4`<~o)-?*s$UO24aMxhBZF8FlPO|_`x zl0mw-8-I`!z*2a?HG_l>Q$Gm?X1UsUUhVMVGoc6y`XO9G#3?rd=Z}CJ-TEIlx_sus zg?nzxwHo$g1KH9vv&9!yP(FAY^d#?A=ZH<2?eL9u?~y-)9Yp;ZMKI$}R)K66e}Sh7 zVATOU`ydglTY~p{8!J!j05X^ZAA=Bdss9gFoPnQsG14kw^WZ^ESO^&l;i(}Vns==m7^4li>9EmlKKCg z+<#r@uT+Jne6&uXm;Hnx2)_34(`^(}UW@^Dt74?^y^Ad1%9dP8Ao3E@kNyEZzZ3KC zH!pp_M`z7bCnv`9V25K-ko4V4pA3k^#e2It&!xvj{^Y2kx<4c+~*PvY#ylFde zjI88&2U#?(?tz`yoSph>q5sYTztaJD^NSG-*R+9!pN)AN9#ns_?T#0bN!G1i_z*#E z=F|aX>sZi(KwbO$KPl`@w)>PMSOyF~_zq^i)&l&F5Y=B~j=*%7;y+y#U-Zj`J5y!V z^ORh7AF@fqg5O8ehmj8CbmFx{TvbvOEJbNANZc@(%S)K+TbOUa z&O3)P^0%u{j%zJP|C6u&9O+;0MJdj}XJ?N7^5mPXgt81`9dC)&Ke+}KNlUFjpAq>) zq1LgUUzsR@4-9Auv>^}%5x}}7^js8!CfmHdcteb1f-JkRbm^&eYvE1cN$51QqKG6h%j|#4V~(e z<{#Ro5*I2q5Nq>l@{zm3M2uLxi&eCgWh}1&UyaXN{i4#@zsrw5e3g<8uloX%#jkbl zM>q5vSWe+IB};mjn^A#st;{KYxyw8pO^MimOP=W;P{>XHqft|9F#kvx#Z+wtMNyd@B;huorPt z%Xt!7`?PWI&|7^a(i5RJDpjQ`*L`m($%rL0hPuAEF2i>^@(kBo*0fv1li|dfJERYZ zELE9X%FY^cY~_3fF+1ht_oAulnd&UP!GoXlAp7>)mqoaS8Ba1@{@BkyWILJXz9xHb z@OfF7`#GG^uHKhN4#tRQ?~i1(MyK7MvzraA`}UmzBLDEB!1Sz%!A&{jqp`HFFCFf` zQz`2I_NKk&n#JW1=*@lJ$DHaHy-0~H-T_K9)z<4%T-MB>&sjmXgSeZ8N7M*iNx@sIrQha_>B2Vq_Fti}F~!FetmEwbox?x9ut^qP{^~mN`aud~8opgh^=pI*_V^i_L4Vky*Iu;j;RwK$Pq#Y)* zUIp1cu(tl7&oa#D$kL{QEK1EukqU&eooc7{xotvhKPzaqRDI};(58#q)3e?B?R3RQ z{&DWU9{~8&OIGV0i8--mHd=N=ks%dPqBN+ABXBCq3ny!J_eFB`%kv8{sdXVXy%@=wYm!VC&fe0?jZNQL)a{?FQ?vH$ z?k)JwSpcnF2TO&Xh#)#%_iWCFqLEog!b0u2@#+2wy49fqwEDa34!0}#St{}FOYx%6 zj0VR#E4h_0ruxsfX`fpY=s4tVtijh$9&C0WDG*lTOO(!2;Z@s8|Mu;W zO)u$4D~2i95d2yMbSLXNGu$c9eu_Sp9{e;3v81)v5CKI;4V1fR6nHj#9+mL?aY=-W zm8mnaUd=)cKd1#*9j$6?n1Q)hSp9DP5xrc)7%Yv>I&n|PdcOmDg@8zBNCuv=!r3wB=Y8G0m9!(VuRJR+{TR{gDVAjO<6a@J`>6PTd zVt;nUenflR>ItM_y1dWam5?ctm_4`OB%VFQ849`cmgoHHc%3PYe^wNJq`3cKmM@cJ zg#Bqy!L}Kbp>|cSXy=i0JibOvFS7qh*vGOA&$BzpPw z=`~fZio&84If_qS`lqM^|DU)HrY?Pb>yzl^qgGkLhr7vI^_N#TC4Icda>RvK$kz() zzA-VVTz{wHDu7W2)Vq*kTS*6<@>8cyeGVYNGG~6ilY3|)^y!wQ%@8VmBA#aD1Ty&a zl9q6yxbZSQp{ETheJ;XJiJl|aifdcznHbH`T%P%% z7bf%cvhXtsZl{%o-d59i#oMTqSk9Rd`i;lhw266x)$It8hew(8WLf*{m5m#RF}xe! z{ikBDe-1d(An^E6;BIK`?j?-&{TY6>jn;v(Zz8kz|5d}MB5@Y(#43I897ly;t5UAn z{B)Jn>5xsc>J=YB^V&E1pwAy0TG-cIj&(wX1fV}F{!GDt&JDMi z+S$lK)>p*>H)XQeTD9+xJs}7D3h?jd$p8l+T|FZzor%oWE%dyR&FV_R!lt)Iay1Q# zP-3XHh#>bs=<;w^7S*1M?4$LgA>!38mYK(BbD2U)o)R|laA(=r=EU@?zs0+q+mNYK zq@9Yd?0(}4yAT}F=wvjSX5y}E#!w?x|AAvFezY@D)_&w`0Gq@R!amZL=#95it7}q| z}Mn5${HlrCk9pH*1AQLomO?HE14JoR1c%PRjnz5m-o-i{dlYD zTiku4(gBsB5~AJnn!U2zqB`c0C=iT3PgIxcczVikD0+u?r6QinDdmw8gz$|mk0bX| zMcG{hfWU`i#gj=sxmC~WVFy{JK{0%OuU|1yFSm8PF5)q17w z#tF*K{(SfP!71%HV*3G($!f9brwg4$Lhf%*>Ik&wvGqmF zb*hFU8L_**;kAYcmvKm}tc!QMcvNWU$0v@%8JqJElObFt$1_Z(Mtsr9qZ>YSjWf;b z1xc(6O~*R&%nzcPUR77wZNe{T#0e_Ft7LeIm}MIrME8qp4o^*b^!^-N;(_m@t7??W zCBJz#@0{bvrhzL4Qds*A+wXu&V0&?r6M5GAEjjbHl( z1(=+DV(dVUg-fnZhJw>rhXbl6?+clgWG8Y#=z$DZfw`pFFtH&>XiFc5ce8Bi=vB!J zYaD3P&oZ@;b0!$ke3~=??p;JJT$GzI8d_>H)o4Hl|u&AfsN{aLAz|xlpCl=P|`H4l^ns`zQ z18lE^j#pIkav;>{X~piblBc~7QKRP7`_h>jN$Lht4h{F%Y5_aj{S5zq4ZezO-Ud#zOeRakL@ftAkd7iFy?) zUE2}e^7j$$v>btVYr-GQ4ePPz*y6v34-4cN-t|`BZJzQSP02SSd_~R66~9kdUj|&g zpOS{Vwa1@xmgh%_+wMHsUy0D^^#^-KNPMAg09?f`0)`tP;11o9s6lw^-kSH6sT3|DP7|cN+fINnx+z_rdO#jBgJmB<`#QT9}WBEO9x9VbuaqtRbz zd8=r0nZet&Y=h>NgPKHw4^O`3&%W&pT2?kq=@Ht0ERicHbEh##&Y6(D!r?}9FGC)^ ze6yqc%8C>RJ^W^+Kwt@h?=yxJmg9Y$(M*xWZ*XsoIwi{UlaSh6Gx+NE6XML!g~QLf z3oYg5uhs7K6mP~ic~g(-=bLKVkHJJ)!HO2Hx3k_D$TfPKMHVxamaqzf*4+Nl1Rjb* zJ~@i03%IPgA;_Ur6%ORw^5AGL<@97P!T$X78DD_7XDrKaT(+c&ESUT(wAp+*5PFLu zCq}?voS!1*&o>lRxs{i$3+cTwnc*Tzr_d^CrDLEUxZn*}OlxTy_FlZ5Q;2_I6v##9 zs;1@N>1ml|=qBNIc{P|BVQ**E$7Yl#*@y2j!+y@M^0)K~iE+$sXKVMa1{EnIik?+QY565h|>!hmzo-N;YWQx$RwlT}*?^cQp|&F}D}>SPAu z1v8GT?{FHHd$S*>*GpxDWoo6os$W4TnEP!r^Ie)r3ffrc+T-G;8`~Q`YR#=Vu!Liw&DVnUyrUf3;E%t)OpF|bCw+u!4DxPsFc+Dfp zN}v1)(S0|#Yp0>Lr$XOEDjc)8bC=G@C`X+}4m22tvJ=HlA!Q_H?lK6*G(Ivms(&>Y zHm@rQY+qn9m=R3-{7a{Br9cdSe;7?Q=E#&~%-%%(!Nly+!3cc>Z6{MS(@Yo zx(FO;v)ivt|3`EA*MCweG6DZ$ivxO_Dn^Hk z`%wEz{I?vYskrxik3FpK{IIM!iyO$1`tt8~9J5&`5GQ(xT&+vF_NWTA+DnshQCvnD z`7}B5Ua!-yrzh4RXY&ZY_B2zhz4Lx!LgpPa)j{hTSyLz*002I)*izf!3T|5VJ{6Cw ze+%T9x1aR7VFDp;grUN5bWGzgq~kN48qAZn9xe=^bhs=eLu$>Y z400d-s?dG72`*bUiPtu?5c~hG|MV& z6kBA+k+749HCK-`S8H{s->9Ae+Gxt4sEujt5h$?*qf!#nC*50McBa_BK_fformN?8XQM^Am*3;-hc^owR0Mr;eohsp-_|m9e7?g>kX3*RtH};~h)vp{V{t0B5}hvX zZaXqmhzj{~yP%?G^A{BJxI6&61}@0thdTAaVtyD0`jGT>8qM z`(wUaPZ|PG#Z+J)alco zr*Fc)vz?Y--de(WrKCV}wMF)yqP{EQ7!`};o#5K3#BBWt_x9!IEpAF6q#?PDzurxk z-!|87<1XU`B?iM-m^j_?vtHVU^Y-c_qO5>!i}aPdF-@*Z1731GTeK@*FBY-`X7uQo zv}5wxSL?B|z3eT*n8;R}5Tv)b(KggEG8cz&n5ulAdR`>2} z2unS~*K#|Zc)$qxSVDDe-DJK?+tfdHUD}T;8C;FMw!tGo6X3nYrUlx@T|9c5R|pc;eo?BXRe@#dbM~_vv&~}`n)!uWgqsF*IDdS zbu}Lz2p=v)JyaNbv0Kn@CHkc~%VcM=4>0km%z{9zt0D%^4jWc#hsb&U)LHf=>R7b# zcZE56S35s*I>&_ma5Ip~q@q6?a{u+%>I_djD}K*^qEyW!_hI@a%l6c_uL4qAMdpuu zeX$<6E>;Q{I1r#O7qck{iiZo&tiNCutktaZsSu|X_c++sTpEX;7J(KkEU25fHmsvfJ&~bs(A&C(N*y!LD>+82Zxfg^FRO`|R zUino2;?mhsLyhlr`cn3!h+x_@b^IDxXl*F7+P;&Gd7)8?>wfX4qmpV0&U{0W`6fuc zUaKE(p#yTYmp30L?Kf$88+yFq^?Am}^SUOjGW^Jeoy!+Tqc;t%$kFA5nhrkx|JZx$ zs4Ba)U0f_m=?>}c?hquTd(lf;LQFQh7Px>jmwWGX&i?lC zJ$rv+{KokGamHAK@!-q*tY^-7&wJi+UDs1~KYO1r^}B)05w=J_7q`j%qU3lkTlJU* z>{G*4SMEm=rP%|}GAUw6(!^6w#)b})&UWul>ZBL4zyJx(nt&nw|Dl4-g6i$wm{IsX61T6znBs(*C0brwelJR2lCv_Dno+qeMtf2X3Bc!QvCAO)C$=_XWB()47ImE#TFE|(`$oUDb|)E9_bgm8^*B2GEM5@GWV_RoxwUBDh~|U zbSBb#ToXl|((DC7D)qA1l894HXmUoToOo7kFg8o&PICB*#lOei)LRIQU;V%}N;pjD z6UoF?+Z4tkhNL{~6c=2qQ)f%$RPj|Ve^a6#R)gWN*KNEu*5Y%$CUBWG8fP={au(Ed zwdYa+yQn)R}3KFR%am->GtK;U&*h?=YFNLX^qA|cfy24t%o$`N#K{(!~Y*0!7M z%%zCU$4`jXj#Qs`bmUq}YA7fTLEo=e8e_kT6Zi4_Bt?1cJWDGDTYD5^S5L)yG%Kc%(e_tUCq*)G0Msybl1l{@nXb|@G^@>FJ**<6(uzYp zdVO9QigI3+^L4b1j!OiYua3 z#=Rm;46P-TaTqLeP)f$`xhh);8T#e3f;AvlvNC`OzdT;G*Ozy{|3=Ysc6CF*m=Zq5 zU75t_RlY3qQs=#_g{44`m=`9CNt&+SX6PXo3EyrGqf^*vn1tbuy4_*aV!qz!d8jtq zaTDbr`iksv)#>f=+@)aM<`9F70LtQb||c1_@TZI_$vVfh>` z3;R-WGQY?a!PFV85U2vEmv|jMwAMPD!Y-lqgvyCum8I65{W60(=LMd?K*wJ`XK+#Q z_dGcdNgK#l)o|?WLzGS}QcF=Jy^}airXgF1`5B)Ha&P6_Y;kQ}68}T=%^3x=)~X zsiuNBwZ18$V~+K{+r%6dyf;~d^om_dw0A-N=3)a$yJ+sM?y40pfv(&3hyr9TedX4r z#juT00+(i`tOs3xj$w+BfzW8#h%tS@GOG2Z!cIpar2C#e zQ@f$%Cmnx3GV+*6=6gRUcYV+su(Kw_n&lg3+^TbD5uF?>*)r< z;!8H}t%v)Z2DMk99=bJVkyetd*Qr!lW_Ka%+1Q?>QW{;^RT`DO9irxYnJT1eOCrhy zU*?Mz;*k^D)s?a68#K{n`NGj#*f~7&{^9OY%qU6qLkA&K$Yw>@=H~;(9Fjoo)ozzp zyD}iFy?U|q_E4+99J?`)-q_aW%7mhiPZ`);;9!&YMvC-Hk-|HbdjZX3`NM}rTOMXY z;Pe$_85;Z$n;M8&L>=D8Y|!CmfaNuy#zy%i6=Uz$_|p67Gnh z<5KC=yTD}ywVCawOOt7S^LP%>k);?~3A?i$p(n@~WDtV=N>nF}H8(};rI9Iox)3tZ zUP|Y)K$>@GRhc}pS+D+gD-tIY?;m6>VjZjLnjP;~X$uv2t@>3U2+OOQNJnf$#83e(kF z#%y=Y4VfL?w~bZYJ;V*LUN!|hypq?T60)P&#<3!{3BTym+S&EQNI~0mUY(kScglhu zv#av<*si2O?e1{zYfx9Yy{OHSYi+iAw>6>d++iFRa<%^Oc&w-STOk+NYI!Rj=lC0&8^cy-Im#>3!f9=W1)YEyd|9w!#tNJX>EW zC*t0|y77K^C427uDEtiD7dfg}p?X5yGa+W1`p-2F4uB{vB~0HidU2=YvM1c1dMqA# zd$)ZLWf(Gj6aM`)2&=fCnTwV2PBr?N*HfF*lLuEeR790q$ZP9hpK))P=ElhID-v!` zdV1_8e-k~rtg#_GbLd-7MU3cB3FO+D55&6h2mGPVa&SPNLXKdv?IRw^%{J{o!zuM8 zdI4|O3)aN0pBqiQuL=?;$MauX2{{Wn>_#p0FOdT`^S-0gDj$*Hv&JjdVhnD(t+DWp zZr<&0swvmC9$KJzxxORQz~Qe>Ruh@bOO#v>a5tUGsd9IgugJ(5HFE?QIVmL*Boc&j z>y_Q>e2hGH8`yYVCQOaAMINrrn9h=t52w@l|B`=paERZ~vK z8|1r@;6USKc?=k$x652^Pvjg_!#?TG_QmpqG#NZ~$!fG@^AwEn@Fr_Wf~V^=eX zx#8RfnvR4a{LXZPGKG_iFZ;8VOR`>@sqZNm==GLV6k>Gn-Y7b;7t<%v(nJdD!#W2| z4EFIA+47O0u>0D@HhLu2r?u^mT0{9g$2P_?Jj{tIjT$jV)Ue|q1X7OP;S7zijUEh} z#jn!z!~Rbz!;F|c&Tf56d1h|=y)GpGoUa}uH`!>;YJ4~6p@gu%0|J)qJZh$%V7HUM z-6fPsjadY$RhnW7sh>&pXPj`htI}vIJ`3D!VU3*;zIi`E}mKLPi{*Z)JVZjeUf`m zu4<)U1`U3$m#0(Mlos4#mQM)T;1>z9u?_y-BSLrHYdJI*PvCP%$vVcJ z@REM!Xf+t>>_<*ai({`nq9rvLO~JvUdLcby?PCx{k(RL*_=s3=ju#rp)Vj@trfyaa z$!+!un$=wQW5`a8YHAV09)wIbbcH6XU{Z*WG{}SI)uukQl2^5of) zzxV%bGm-G+J;r5toli<(C8#m+gDRRlqjnA7*5S_Os|+$B9?d?TX4kyY9r3O5j zdZ{a?E@$`oJ$HCJh>`XoVF6IkN7^WRWfeM-IbkLDWMjxqt8#|l=>14=Eobo;>ZPIs z7K4e<;Jr6pRI|%;wt0%RU)z@mEX<6)jP<+=N>=UeoW!+d47IFL>2$@Q5PwSH_ET;r zUXE{qfbfXE^!PS7}3T5I4EkOayU0?bNM(cV9K@Lo~Vc`k^w|1r)BCCa(5= zQhWjD49zT0>Z8V$qkQXx-H5X^VZFPdCT;GEml8GVne_9kHaTq^XU^kkPLMuWAvEG= zG0K0b1te+RE`4Ze5(z8bO9yJolZmJHKR0ZPuk z@Gon~rFNibrfoXZYhg39^L5*PiIBx!Z;GC@Ymm+O=#C<$K`Cg2p6%&xIpVHk#mky} zPB;h=n<0KEHasCGf1Mgq7VKz$GLUWtSkOl2n&C6e2ZU zHx!B3FVz{RXnyJ*7@=XH5N4F3q!RiZ64ufnr+P)Lsuel3X!jji0SJ`|8mT~u%nJ#- zX9Yfx?SvOp@ZhYrWjg}vzRtH(TYM5RA*`dwXT@1n)+Y|3PKM4tvU!$g0sQmQ95(36!FcGO9H$iS*`e=-yACbcyyxGbGtRf%@>JY-2=plF z^=;zS0uNUEV)V^>%C@0A-yD17ZEk5Uxk$!~rRk80IO;f_jo`XAW-nn)#Y@)la5>Q?%44iJgKZ&V(E zd9pob5mXysHaI(Io76Gn0a(zXcvg4?%jL|PTWZU3>l0-E zxKhd+6f{drs1zI@>JJ4_9EK+Tv+=Y_IWdC!G8S;r#KUhW$Q(ZE)sg3q0a@|gqCz~M z^v(JMU#bnx>cOel5QD0+Hk&KA!m6w*_k<@7Hsz2yCy^ySyZmV5Z+7IYDcbJ=T#mlUX!bp?U6A<8 z`Ar_epSv2T$|5Q$qDa1gu$SK{DTz7oF|h!q6ROv%@9DDKBFIV=Xvv*eo?IC6{nr_5uE0q4gzFHO zl~8z*O$wGzLWh9m5S2{u=6KnbP@Pv_`Ad%D<(7kzOcF0n4;nLTzQS2geOSka(;+++ zBVFK_AWs$m*(Q=hxV}-}5|@~+dsrJgfWHLksYM^Hpj+&nXUvc!Kz%^|3Q9N80)N^0)s?}hc&m#GDi;(HF>ZWE%J6H80^L2~i>PK3117dxRztWqK|)pKt(D=z(yg;fqe`s4En|@TK;e8 zdUPgpH>^Pych-CFX?!X-jPCo)!-w@!D^jJ_9<+u4uNP-KH>Q&$(61?Vr@&(YgIqjz z>NqAgp%}kEu{qxJ?2*a1f4@Hzek9!5{wS8uUMqw?bi1^$;_nk5(Z7bwn1h5 zt4ga})NluF@cs_l;Ws}2aT*a{2BPDU(!QHq5j>HGrE1d54*!GgLt$!w5@tZ7B@4`u2yZ>QCr=^-Al|X(cUpn9@g-JypW$}`8BN5Ro6XPfto7MVasIzBG*yz*7E#IHol{?{$f z_jZ)E$%}Z(EexuQ6f;|{m0o1n72CgQP_XYV`^n<89Jg8KSe?K)d`$FX&NX!y1YZ5MS#Za%<(E|ICJOSOgRA&ehrS1wHQG#U?#|q;&;NMSr++mpb;2hV z)cTC$H(TQ(p*eJj!~XcPZH;A;O~eP#2``s^nKWDhPF>dPdxhJ^@^LJ6AgZ->+nzA$ zO)d?dXpZIo`ZGq>_JGx7d@v8;#I}7GA7%^hHy4Uz|2?L6wMgkcNW>G-;6f{|d9kRt z-@Lf6^pT4SZkj8%1DEH2b@^@3H=~kdyl)uvZ(PUwGji%HR3?fQS+;(4Ff_D)&QyVa z;26HA$9-@Veon*O($3D0M&2A`1;{nS6Qj)~ny!FX^~-tK-ehfJ&T}IwM)!NitE$Ea z*c*~)-5m9UJg52s?Lf^u6EL+#gAFg1mOCv&x^WqXsKPf26TzuYRvN!T(6_!vVdv}X z%dA10iqpy;fu&Pk7i>h@Lce@?B+jFlkW;rj-%&RN%6L44AFT!rvv9J-Ia7kIQ)Dn? zv6Iw;P?jL(@_m1uW1!*RxRbJ9%N*SJd|s|PxSM4sM5h##0;7nNeeO^wI(uFeQ`kYb zO>WM9IYV&$rqe$Jn$~{s3WWm-Us>gNVv6M>GgxwXZP}DdQi?>7ks?~7ve7FbT&g#S z(%Ro5>dd%ulF%F9IjJ+mQi9&?VCr^SeC$QPy%w`ilB`Z#gu8aViD3w%GoK@>C`tdD~x$A`WimYbF)IsY{?c*2DKhjZr&VQJFA<%eNzbM{Oj zssm6-#RW|hzVx%ylU$jQNut0lXK|CZyILi7PBLC!8r~tmTNUO{@vL|(lkFGFBWxxw zrcC0dXUHK6ap^B(Y~5_+1_ggySgu-)Rmd1sf2c?nvqC-n$!7>WKNH;2SpRtT!F)-s zYAOzt=14z=W!oHV#)UV0D3Jy-4wNVNFdFXQ4){TPwK`~GNUM${a^d(wZzUXLh#jtE z$X4G3-FiVP>4!&z&Dh&6m-UYNZ99W*jEucd>aMkM?+I@b_tHBJ*J0(?hP{p`BF1-J zJ{X9L~|Ab^8#7X!?MXA;2EX&hASI%yeE03=uJ3B1QjUo+M<;b-KkP z#d73-5E9#0^z0L&O2KRX)4aYrn>TRlay8m=tj#(u;J> zT;FGl3JOW|*(D{1Bz_0zZ5;FWaFjchPCDL}I<%EwIq3bQOA%RRxPEuAE!6+x*%@tp zFoL|xVvfXsE>s-a%6JVQbtz|?taP^R`*r)y9e?z3;&u~b3m#ASvbUT+M3JDWcj7FQ zZ-PW))51{r@U_s>&x6ie{@{okm1E^fcO<`UjtFYrqAJuQ%vdDZ&0Tj zsYRlgaS7JKS}-9;R^fSH#`qX0&4RM*@#Xf@e1$c)=R+yd?X5*^|9fBHpROr$06qp^ zGfT|(v%_0%jlM4%wkf1CT9KDG$yKgD`l;JjpwwfTb}}hs86ns=Ju>o*2skrg+6Q_d zY8ZuM9V{cZR{=^I8mIa%lp9^NVX*)fd1?FWI1g&G;c)~RpCI{LbhkaV#1|v#q2Vgn zTl08@y~^YphEW1b0-y zYKPh?_>#~Iyfzb2H>~nE4rAGm8-=jjJE7QGHpz-IReT)kFc?KS{R!{y&L}NrJwt0Q z2x_iFCh#nO49kAz2pjs@>=1}@W1#4d6y6(}PF24LDx^46#Dy#d^=!UQ$)YA{IITwP z8z;X`g};9)_IlaD+H30c$qrI-t<0u>mhmny+_r<5J1ZOMN>~WRc^pj#bf^?}=hk70 zQh&#MGfHL8R5Oo&5YW1nH_zMiD5d>2LwK$+s2ra<_I{GFW-~aa4%g!_*wm1DK7&aU z6!5L0`0_=x29$lJ3RqP=1?bAZR`D%LRoooO8A&`gz;~5^`A=z=8LiZ+@dpWbhB{!r zn5xrk+U4q}B3mcj)X-GKPPxdedHBIMzux7XqCl%YKw7ME!|(EsImHiFa1?*0Te~{d zM;)GIq`KA!Gb4_{$|!c>e_{Ydwn*dm8%m~v<6_HBr|f7pwx5AFJHpmTL@VQljkcdI z216|cys&4rmnLWF7P8is*BqxGiNAi5Q1NLr_-}S)JKk&E&hfpEAhwIQK1Dl`kHow6 zr#!g`Z*?fG<@l#QGfkL9s8ajJ@k-O$*zPFR=g^UOn&X(T(#Zbl-tFIK?foS}f9R3x zTFuFu>*RbOlwiNDx*J3|!qPG;HDF@^afsU43=#7oX0r`P6CN@xfjc^-7HwI$mfErD zpJpuTIE(~~Qo)zi^vN_7`3rSxos;uM!brz6P**NRv`icr$!b5{!-kZ=l_zgno&r)< zMrNRoCPDeyeI^aU=t}*W(ey_H?YK8r=P?W2d5{$w23k5@JjdlJmwkt(5V73@=}W)> z)mK&xX03YX?sOXvXy^lFpmbNbqj^|VXTk1iyf}l+yzdSarA-obPmax*k5$xPKsVT- zObd-wx1;ZR9hgoQ?XW5Fw^#vmK=|3dgzVGkW?73xCRydgu^ig>-&<`+d6pokOVidJ z75n4NGyJ@~q2Xj=GQd?~rF?T1agQBi7FPuD8Q2_0%CFJKPud5j`iN5n7Bh9V#y}gx zs5YgA!O4A5Vq(w5<8ZV|6pi60OlzIao`-O{<;p7sTg)`^J7-Pk@wg7u3i1+j281fUev3fsS_Q!`; zSoTl~ZhoVo5Pu!T46&5~uwe}Ev_Ej3fTx>N2JXrYH>~-3Fs9)f0pX2o$pCwG^=kDJN{vc7-3yhM{_S0eFP#deT4?o z4IlwfvU{PKem$MO`x`&03q15kf1oZ+!pg7m0487yD`q#(;aZNSqf0x9_A@81o!Wf* zMUUo&_3jK?mDN6WxOhRagN)K6(|EKA}Zw2ZAyO5fv~?~zn43M~$@NvnXNidkNmi(=EgxzjdP+t>a{rGg zK`u}ME{#tkbLo1HcOb0%V6aH!$5xrwn9wTOJnlkcQIU-#4hcwx9Jf5kPFPF1?%_>$0yP5M2r7Nsw{(J4Sxe)!4Bw+UKr4bH%< zQqQebQ(rk`ZrcL*{E129P&GHAZAk^ceB!=#xz$%PLnL^(T@W@_pzL6jP)Qt)^G$u! z+)R$AX|UQgN&E<7l513>J?EfLOT=-L1fNN#ON)mpqSC8&;-tfhe3iQ6>phW%j{~u; zps-5`k1D0A&9a?fROQL>-u)gID~B5xJcI_ny0QlH6BsE{?p#$6ie{XV@g&+*hSXBK z*V6f#kefRjy_k?$Ow#WM>0)aovB+}kcK9zbu_}{d6UyXwyOq=|@HorWw&4k37$MVx z?p^8;G!7nzo?k_qmxUU1t1UN(4S)_wpDeZ~i^IasQQ7mqGt@xT@-1a_>RqDU-yuHH zAt-I7sAv)Y$CLtpKi2;uK%)*y6cFs&^pNm|8s;mZ;-v4cqggYwAc_5!@wzJ;d!~_o zXi??ETy7Fh=@5VrI|PRs#~|P!VqV*+_jJT6p1T4Wm>2*`E@V~^3hBQ8FeM8`A9K&( zDS-cc-$Ha$R{M=J%~j3yX_%a}-ES`Qyd~(eegL@wMK4B$B|75|F{=>GrUs+$TMZIJHX%{$90vAC=y*zWWZFF`H^M!ql1_k}9I zSOX0>8)SG*@5irVtj*o|r(?VIE^$APTQWbSa{alP5yXUGWa4eciwySvDAJ;#%-?%6 zNu4tCa;e$YX^Omo_O4M=TN`z$sLzMIr_Y=VNYmVYetpztgRW}giyC3VdH$R5CTDEB z!RI!uOWQuEBIp@d`H9U|b_O6{0=GKjw(8%qw3YryqqJzI(k@tSFe`(wo`q*8=JGuR z#W27b3|_wx)FFRcu@*NK5?3TgXeW53F2Wf?*0oSEW&0^1!I}vKa~<2Sa#f1l1jqkg zWp!hOpiij}l#nYjdSCL|L{^aVx>GBE7L|jn_X-pHL$Q1|*{R*kbt%nHoWD|~GB?f6 zy*js)fb9UuPd^)B4h~SSLjc1fX>ye!l31(=W~xk5q~~;o%K1)W%PES6R-6|GQjmRLjn%A9Z*_d68hr;D!}JA zCq-z!#HLhbtnHq)3W_tnKjKG|53a(bvD}_7wo^UWCC8p{SnHK|eiCopew(f4d|NBW zMA}pBXf?8x3>ak{J9=#6OZ%q-NiA|9MqHyF(EU;6xWr7wo1ER`9VK|!SM~BxYd(o? z7&SAR-Xr!t=4H&5ubTFGzv)nj*ZHFyK$&4a?5}G3-OVa>h>7U)qB)<<}@ z_Gy1-y3<9-O=M=Sbv24h)3bClcZ-WAp%-WUe2x1gvppVGDGyUXFYY2s>7wE2J*LFA z%SP{(hzB~qGnBw-~-l}d%5T&>3@Q#W6Uc^pwRYs0V=}UsLer7bO2ZJpkAe+(=M#ci+28RzC z6yE_f(bYTNqMvLwKAAM|Wc7PW#f!yq)%s8FyMz7zXzBA(M3_1-o(oBLD;qBf20D2$X>4S=a3&BhKj97sv6KCh$B*DPe(9yen8LFBgq+rUrYV@BL|vs)1AW z^OMj{{G+wL$2Kn;wATRj>Y$a4-cEb^+z&*JJy9+6grfzE{7k2=0o1tB)aWba z%~TO;5ocCNAfips&WDFPL$wXc&=)TsiWKS@7!X8etETGAX)dI39`d8K5<4G_3Du(7 z8{;b6y!LRxq5v^45boe^-k%oUw2HmZivx0B3dzg?K$y>WsiIgw-%u!r<%OU>b;#$o zZ!|vvZoYj;LU+|AD78F+J3BKFlVUV^_WbAEg`$1q*%zWeVz3RVKw+6>tf^J`V^GQn z7bo8-ih?w1&*CPoIM#KL_(LI8SITN5;=0YWM0oB%!0@SWIB|(4k)-6UwV}9C-XfAzRRrKO z?Sx$nRVw~pw;4p)uW3ZjOsuWf{-Fi%SDFkUKQRskK8>SuXx6~$NKsPy9k*J-n|5`y zFD1chAEW&PORdude%3dlJ5U(S2}^*+;sBwXs)-eQ#bMt%nM?=1nH9y(OHk8j&=|9E5Zo^tC_U(D8aWS2LDRnYc8ZG%L{zCp(P@IEfLPI+cSe6Kko=}5aUrl? zL|@6akxf#en*k`Sfxc3`n{h!=!HyrT+ETyw1a&PR`vc-)$EDEaB?8?Je_+)UmGa8o zVD3S7ZKW)uf3d|IG8~*YTr1c+*?H=+nH|?JJxn69B5#3cUT)%L;P^B{8gUQ; zi)I2C7YUUFnx*2N9F~9?QWQokw&h|oaUvGjlF1_Irs5u9J1U1Am@v+VSWS?uPFF8S zau+5&OR7m71>IgFaZB(Dy3H>jl%l4eUWGO52t2*^dojK2t+{V(17+=8hE=wf%;XUW z*$w#A3EHzs5D8|*#^x_k2KrtVTjX)5qP4=Bro5j8o+;-6$a}meHBX927vtW%6>a%5 zRep@wQ-Dz$M#~WtH4jw1|9w%wemK0iwcAMdz2~YzvIu`J(p4tLd?)7n2I|2h0DZ6a z0d&hcDv5ad&|TGz00tf_yKkMzV^^b83RC=rmsmcJVHU10bYlSrU*`VW|78sk8h-KA zVJq!!;3yFCy%%5HDE<&Nomyra3%%Nq&v@4AFm5=pcIRo~q@7Oi059go5H!bSqg3s} zxg$*3)q~)~5n6CeGOrSO2#WmCAW1^srUpm`nJ|(uPK*KGp~xm-*DD3oXeP+>kvje` zidj{5Ze^EWh(dWVz9KUV$DkFSE9`XW9jM8qo{Qb z-N$4}Co;t*@3u}ZtjHOSX0-GnWTsqz|I;quQJ7>7@R9k?{0vXl-V6ee7e;o<%vawV zvFvIo>ptU_DK>L0%hPYJaF`y6@Tw*=AR8GyfDpXCI-NvH7fdM>qb<5TuR2f^V-HN* znW?8cJmj|UlxBF3j*6PyOkK4Sm2GQ1IG2s4S)JTuF=WU}>D4;e*v_mo4SU>~P9Y?_ zx6-8=WAv_dOLib>Tz&c6*)O(>qnZL^?d&vYA%J( zlBN@x?a*vSVhoSbijUp<#4)8SUn@YlbY6DaM7NEHn6!D+ZpVA``Dd=N5QNm-(p`$_9b zXn-s7&XhdgM8#)ekCgD>Zc8334jo?FE%CzQSbmFL;pUY`_1?AY#dzd_hMkwes$R1D zS4#G{vztn)m6{=qk%MmskyCR)1^JB?35*7nd zek0k6bWQ5>1Z^pWIq8H0Dw7Em>=;f7e75%+fFuG!QLNmJ*?}*drcX)`XxP%#9C)Ow z=?DqA43b4f&U5DY(p2MQ##7X=#yH0z$gj@kLr+xw1^26hknKW!cS=^euMQq2G$#fG z$}vhwiiocIEZdR*VFn(|f02~?S8C}GL?~Dv$KZJfi3MEgMIM$M<@rOm5{~qRN?DFC zk50F1{RPStfs{zjUd^1R{^&E0XPAIfcV#G4`Q2*d*;44YjJPoVOVzA1Jw z%RA~%rbzQ1=|azPIrlgx0?k1!l-o){Rlt5B2e8MUW7y3Nw`x-`Y0zeZ1|Z9dp!fP) z&B^!L(8FRfAT7$j^8QfRC7PGFJl0hfW>F}ubsvcW0hqW#{a5+Pe^uXb`14P}PjR#wCV`(#q)*o8VTP|q#84)^P<-Y~m zI{&P2`EPv%0z}V8A(-?JbySQ@@T^FvXp)q&;0Uy!5CGZWzpIn?^Wohh@PrmJosGRz z@S~E8FVp`};(bNL<`2b?SG#qaO92#%f7Sh~2J=6)%zhV}=M=%8o*zANpnL}WJ_if; zf;Nz=aT`D$r1t^(JuE&0wcnnD0;uHM+gL&Bh}@tH#4-Oxy7b?&9cO^Sv=w*cKMVn0 zOPK+GJ6_3Px;O*&i_FsWqPrl@}VS{CI!-Fg!3^9TrJ|D({|L4r= z5ke&HpHw{mwP60G8NtrrP(8VSTL)ZKP_G!R0WGq01k^xft9v+ltj^jEbnJ*hLDEo& zp$ZAf0fEpF7`Q)p4=5KdAViC}A_#PejQ!kGU0jx5_ z*zk#C5H4Mk7MQ#v9bzDotiRPBUxPsWzerO5GddHYQuP0Y+T;JU;=ctWSO|ufAu3`} z|GOOEf4b7|oDokS1m=mbuAmK4yAM#Va)ug7t&U*cp(Yfy;E$G>r=Bg8u0?wyU5WQtgKV@L zsUJ-weDy$xNP-vZ03Be<|7_fOcl+C+TjB(MVQBS0Clc+h0b)L}5Ql}ufB&$c#0^q_ zcbv9h-{!O+bxuYB(pm&COmL1}BdXHZgJQDaO!@&{0tujysQ=k?a^eK3z_TZA-giLT zWCP*F{;yWQM4+7JQGP{C$)P`RV29=zTuNXV`-r3I%ERwJbB)AERvl2A*RNbZ2kmd0Gcrsa(t?_) zC{1N#I@nF+p4{_7exmjm?}@sW+G8y(tSm)&kK@$oY3JIwIl8!2_6rANdn-#TD=S~G z*9QyN3j(x~w>M?qEJK!6L&1-J_xq?HZ~gfr>5NLN2p7(GL?-?;%vvA4@|^Yu4OUEB z@6*+gsHvh*OFl6J%-JMj*`d)n{}+qYG@3P9ioBmJywv)j2}e^oVTN1ftdt(?s2?R2 zu+w0%8WHcJsgQ8;?C&!A&|SAP`Opo9TK&}n+(M;|ldNbjjgE!!#VkXdDKO+{`~*=% zTdbo)=XEKCwip__;p=#7Xg-a0JM6P~W6>S;=xYfLnJYwLM)Gg&%BLNnsKEfBr-%f=P1raOTCyW4-Ni9I`qcM$GM7squx;M|;BThwIZf zcY7tlpAi2z)WV@e!eL}V3Wk2b&4R@W@}xYz4W{{zpO1#O@miz$qBA2UEwJLFp_HmO z5ZXmM@Uo{?aPv;hAAE?LD}bBpp&q^dee*krn}5sv_io;U)2hNWr+#T}#~~v_O}vMv z+*3GfMr=>v#p+2RDsU;tt}!A=M}97gLec7fQ4rm9tkhFTit^QSb7O_t!tXBG?aJfh z)$*pWqj5{F3c@(gRkwF{YKy3EsO#2ME#d1lh{_A1c?9d@MW<*2&OmQYW>qBj*~6?c-At>f2%VO(@sJCKW>fZRg4NdeaI2$K%ai0YI(|han0yKCU<*y1F zE{g*e$&P0mu4RR)N72NFMXY$EB6&#Y#jXD@tFM-gFi4GvXo2XqyPoFubkR0dD(>%j z(D}Rj+rp0OqguovdM#;Q76caRaD{kURbX85uE1h6u27wPz*K7|f-$sHaDX2PhYt|u z@yCzfDh}9mhACuWciT{24$Wy87Z20#sP)$jp-uGV!PmH1d^3CTKUw?49LOB9&~raR ze3uLOt`Rtr^CkGMO=X0u7>fA!Tm`TXcGYlMkZ9pVwurOoGPrHr(52?HLUkW$Y#YlY z;I&exSE$^kRigu@R1g&rD?fh z%I`f0V3WR)Jj;M(`yBvdO`E|=gK58b#ODwLEEgYPx$u1O<1_KlA1CYgJj$~J!|qw@ z8J7Qo!>Dq3*&f;aBzSeS%~k(2iaO62ua#9|5A4nY3h-y+`w7S4;1`Xc-wSg8KU)w< zN~O!UI{~{T1AVKwbY3QXYRhrj&5Sd&KufdYw_}>4|{8ms* z3+3yuIe6gU&f0MKG`O{gk}fs4+aBW9=MJ~_Q^7=OAm)Zl;y-!zVo%(%k+|4qyH6Zy zJ!%pQvWIIap=F``mI=OTA$Gw*T|E@n7J7R=+&le}smaKs3XR%l*uBYH3rJ*lb?+ZMJQ^?M$B1!I%Tl;EBjPxB zXN~ZQ2Qt;*Z5G@zoa)2%}9qg|&ww8S?}pUNZM80EB(yMrU! zn`wy!Vs%q7-J*q(1B=yxim80MD}U>5TRX>8jsE4xdU4NXM<{gRJYYGl>n+`%y)weA zdx7y3I@cW+j7La%1Vg*e0`NPV{CVo}S_>8-p>9gItyR+m4;8I0NAy}^P;`iwA(q(O zz9t@W$@_f+FyO3rTiu!v9xG51FtM<|luglSu(x%}^vYP(%L%Me$9dlEeGqGmW00di zfFm=;!=o&w7<=lFGgDY&r#;l8(OQs_WW>m)B_vR&W@Aa157maWRv#pp`4~(tGUmS0 zPw#4Vk)`qynz5g)(A90fEO zyRzmJw_=s>XnA%htuanTp*48s%k5kt=`t9;oS5db-CLJ0DXCo;^CNCu_Bq)B5AYG~ zZZKi1)=zEv64ZtZVNxRh(%1N*A%=(O7TKPgCn2&h?gGLN4))V{v_;23zrXTV1@ypU zY9H4hm1smrf`YanN~b{CFILurybg|S@-IT1El9wVXzYu8A&$I-il<7c4^J#zD;dbB z@L}pvWJvmI90FxN3{?;}BfFdA*vWdDhufdm&Yh>XaqCx^IS=uyz|VqHcCJ+Yi;9Lg z66x_>l18kTiH3F1Uh2CVqR;d4 z$AD%9A*%sg|FG}=3g@9B@`B_o{)E<(U9OclbEf;30-C!#G8Nil42o9;p7yWO$JEy5 zilp)rjIw;Rjjkrz9KtVN82M&?p0N(-^wL1bhxvQb@# z>o*b%l^47-`{nZft9`;&wF#C`b$Eda0LQbSY6;!;Ioyt$qp(QV-@;Bodcr~DBXk7$ zupFl#oJoLv+|JP@g5rd+Owh`$-N~_fDb>jlQ{_=e$3f$5!GsIpILW)?R8o}#(_U*y zYofx*+qw&1p4^#HfIAl%kO#%Wv~OJ~B0n>~3}#r%7`(Z+KVe7pm?-4&j529MO%%Ns zSYmq2;89wHr})Fik68(f1mCBwsXB)GV>~QiVL`!62maRWV?K|!-ae(A2nzq#2RMUM zSv8y*GbsoBxs`Ruto2fvnP4f)koD78TY} zI%KQrR%DRmJj~%ElWSOoBxu>m0lB=5#AvKAG)~&VVF`C`L7M~ihWP3~d}4yZR?{$9 zc}n|{(+}3cQN;Qw;Ug@7mPgNL6CKq`Yu1?bEE^Vk5WS2F7CKf27_Rdt&zJ2S$ZZ|kM&hw4}c!@$wQ}g%^+90cWNJYl=fae zI&1(p%BID_YZd3uDQ=u7DSr{^Q?ABj5^1|Tb4%$^@k-kGsr?jp?Cg8$tppoAxv}~& zGp5$hqQE!)RltDQfn37}AQO%SzMhahCf)FMvs}IIVP6riwFM3Dn7Qdvt zOCSDHhmUAofCTg-#&3UTLj+EdixJ|Mv5JUZp|Tdgc|!9qyePrY02OEAtXL)uxl;r8 z+<{a(`gM&69e}^u9FI__{h4L>0JpWu1AVv8>IcbTVc5EO)7LLAe+&tM?Wg5(TL-Qm zdm8cDm~=TV&YA0z2Whgi`aMH@yAT6g!uW*4LiviZ)~iZ<7E5@+y6=JeufN($YO)}B z>P7jO8!h?yu4xFA=$4!|!L4LNdVM%|h&c1HBtzn12-GH!N3vwtY~KRM7Z&ud?nGh zrT`~{Pcb2umWErvHsFiuXMeS)kZ^+NL75k9*t>7mfhc5UL8s))k3l^Av5z9G*-D5|WtCx~k4@6ph5 zM%!b11w+@4$d}Ti|PwdNN;W-aDA&*Rv~-uu{>$rgtpDeR+x1&1t4hEy&n?LzJcSikyQ z9Zb2-6>Gi~u1NAJl?8ZI)hqzwtky0OG!w(#eY#O>pmD?YNj%_)_$0#dKJ6h9k*M?~ z+ki;0&em`Un2j)t#$Dn4JJN}n1b!QrW>8lHUlLsYpkKqL`(}I%t~l}xTH=!kpoSTr zJdc(CK@A{scZHb_FBUg#Lir#)I_G&)dKbxwo00}FlTQb^-vinZFo34FA_!UK{#(m< zDa$zD0ad-CXF)CS)@hY)PufK?P;te-Qj(AS5wj43MhASp(meUo`O_^{s1iInGFeh9 zLF;lMU;vRn+ndpj2Z3Lvxr&G)*BJQz;?VH$@Gy&r$no0^C>``|?Df#Hd!AHOGqd?< zpAs!6Y&_!CKvyhaMh`Gv+&2NCEq4(+>ePhhXAAazy#RnLvQ`Q=2gVq+M|W6Dbq{s) zrXQL{(HUlkf&Yg&QHrj|j20yc!RtQ79hLMp)55*qtBJKtWjn@f__i4eWPgKaWMofz zrAgmuvdlj%A@Km8eiQ}$A^B?Qb~8F^?`*f_!U6-4ew=3Ks4O4uCKThXCp z(knwArhwskB>vvyU*TG&}jJ#JA-z2b@&8_FSwn<8LIpgEm-`>aeX0KFz$JGXe_8WL2()!AKMU#Rtmnq=(I@xZ1ah=Ws z&}XaHJj)4+qS$|lTr@B5nW1MOZ?2Ta3-8Jg)`h_ju%(e~mzbn0sF*)D z-a~DKsvT5^XWL4RWN3c~4>=}Q>x9D88mP%#)l0cKz5X=G5Iz-nQ*8tdgx>4SH!6_T zsx@QKv!gPier_9x{$>fAzkY3%t@n0I#`f+PiR{HGKF2*iyGlN;+R14x88``QvBKhx z_n0fjwr?hG>OP>L^i$}SNgG7e_A%|j-^=Q#9v#~UR>NO)AhvE>ehZkJ_ip)=OPxr+ zdgE=Pf*z4S|9{YxURdff=q=yFPac~{w-DU1tD$S;p{!jLJmHoJM!dz!KCTj3P!`AR z!)MbFlRCFAoYt(mJ(RB4BrgvX7gs0C7|v`7?syovp_;FH8z z1Hg>0AS-&w^8nw--94u&h+kaCGxC9*${R^eA0w~lsSeyuvcSJxaaWLk&*4@`df=OB z%ev#U%>rfOR5ud|%1-jXuaQ~lX=FD+t*Q+l6LDqo4}##QJ7s=$5?xLpY$>xQ3xi?Y z2TFm+vr#H6?uVdf6j@~OC!43PQYp)ty*}%Lul_MgiDFL0w6tQE5!c)Hb{t@YA(9xa zZ!veouz+@{!c_F$vGQJynQPRgy34695nO1k*5&%Aqh%h&lbJN$Cq3QN55)X9{yQvD zlfxSSfNsV9Cdqes^Xmv*H)%SAWKvm9N?`WMX=g?_JX8{Q`2L8J^0^H9Iir0q@)(8xhUu>jpX1f{iurvv)Occ*WUlcf%Pn$;wf7JJ6445Vw=OW# z+f&$SS*4{?47|b@#ghDr8XgI_ugr@#g1+*~2p?0aftdU|Kt3<880FE@_7l_1Ws}-1 z&LcAF{E#$vGGw9!Ri#TOC|ke%n>CoAb?y$KFsc)tV;}sU+h1)=1_$98KCb0Qezw5k z-pg2~iuYJmi72=<_df<0rvHpJotZw(w}V78pzF;n+Y`_PTd~XR_LaiD<;iSK`uI5Z zTZNGGxW4k}Yvha2b5qSHZ+<6rf8`Y(4l~dWBQ%e`?h~ZH8}uF?K=AEsPM_^y?NTw$ zCXhALUdRy|1a+fxvO#FcizAIEZLhL_zS4#pKK=rmu;6tu(R)2&6MG({%THgb3}^KD zaj#i;GJ(&|g?nJa@iE7&;TmWa12LWiZ`iI1omEC-soh<+mkNx+7{+P(I6B!nYA>k{ zv*O*=ILR;{yTsTlpS%KLi2T*WRUb9O26cc!z%Q@A`^Ny>#DD(hUo(B8>wr28{*1=H zt&MnX^MA?Gly~ zOw0=5N@HL)?U0}w(@y9kbWF?3|8^H7Js;+WFHZ($egBX_P7*U=1L-OBos2zS0{U9^ zhnROG#nXyMqe}4JksL&JemB>k=JKZP_si4mk9mqVNYvs@Y*1+Y2J(SJ8S^1KJG-jo zc;U+weq_&D|HYnr&8JGU2R#T?(4TR~AFgk1H8@i~X1#l`3I(vw95JkpH6Tu{k6Ue{+ECP(>3F<{%z!U$G{N+1n-GvfhTMU z&0dAfC1{{q1%-FRT!}<)F>*2EU7b-|f+Kw!?YtjvdR;60T)>NRTf-v3UbMw`ddXu< z--@Il%eZpfUqxYmc)0g4Ilf{cA19j9lOGc=lfwHxN6a*-KYeUL)xR8}wLtci8uM|6 z23lGl*YMPMN0(OlY$yEAf~3|MJiO@e~6}7e3awGWzm7i^`;^q$YBpkwKedSU)bC&$(Oj5B;?!)PP;r z4weJpKE+P>dG4GSBJgO@HzkA)8*8HM7dA2zyV2?oks~Eek;^uqd1!-sC^YBUrl+TQ z%+IWNwiZ~C6SEBAPwX;aZZVT!Z#6EM_17@S-_!gR^3I5O-&=job+DioOtm}qctGq! zX~VLfnC7g#0`AX(aBRh`$1+JkKiK!V_R20B*b46kXJ z&;A?Kq>9dbgDxT`A@!-8&-I%HA4p+ZbR*n&)tKd;l_^~j026rR#nuNJYeomDkMU#) ztVq|sEu#JUlCDZb@cs?I_3fs@MHeS8bQ626BsgWpW+> zsMz-*D>Uv4{ty3*UAe?~bpjLbo<=oI9!5rR@fysl)Ad0^VOi)$Zh{mH>zN(L2!i_3 z^PIqPS38#_K7?2@qcyLe5%qiD2`He3;wHiC?k=KaA?bl`ZD^H?$Y9SIE@C38*|}x> z=`_c2zO?-u<`k8e!{8%$;vu_w^HnPTe?$6e6jT|Ab38_=P?8 zNlNvZd37{4N?u)6F>GyaF=VJ)kF3d5i!Z*KD;Op|n#!u}woP-3!l(Dt5WiTJ zOA@g2F9ySvT`ijeX&n!m9fxuAdhOu1FT3b{qXzW&y`~r~7MjY}To0tgoHZ&uz`hI} zhs92%g#C_d`&u*Q_P122z9Dmh?tXph)LrR5uF>hJK{!WTu7Yc{zMBnu-kF%r9ZI)_ zuaLRe4c0Fw-(DWZSC3JQQy=+Lz~x`QVTp41*eeYXS5t)Mi~&-o(yi1?-kb7tN1eRP}yz_ z03)Tg#QK}~lNY=znx3Mp1JVDDv?%29-(vPbu9_6}X-D*M?do*j+={5*jd&-+#2dcJ z0~mZ8M`Qr{*|@JOXo29|?yg&ZS3n`kvl^T=7@_mfK9tiEQLF?W-Zf8ksrC{w_t~hP zsj>wUVNNn1R&FH#2*B390H(+(jGUAL3(^!}XGqn!bJrp@+dLTDWf zs#K$_EPHS~D@W+0n(IaBavqVB(JQjADA%hJ@gvOTFRpi7i@^I%(N|Kow8Ct!D<6Mt zpebcwOt>$oAL@i!K$(o8$t_-J-|+bO_g|Wl4}3Y6oF#hCm1Wt>*YYaO@?Aadgh2P( zQjofAE-2XWJwG;Kv48Jnb*)|Xt6uOAQNA-4pkOLt-B5IDm~kd3ZOKo3Fgv0fW(N!5 z|KR`+!Q^Y8Wv28cd#0(_bb>3uyph62fWMnxQt zRH63ED8~$pxalJX5mAdw;e4)E*lW98SYFXd(1j|xLMaOJpJ5AtX#9JhebR4-64U7* zhG;-h-jJP_qzz?i##6u^13wRB?X8C#r--2aP`{D>TuqHlGD23hvnLZ_8-GZ?;5e&X zhpwnZHdt|usc3Of_ofe3t}pQX4Z1=w`|Q@OxUykur|XUR2BYij%jtyIfS&xr^a=hV zw`91;FSvZhp-kU4g&QN8c2S*!J;y?Mjk28UzzteG=@{uHRIs1J@_=0_yk7ro5ni-Y zk8(H~lqmYR1J?Wg+rdW`eH?8^=8VnXUSrAFF=rYTtK+XHwIWx>ak|rdIEz`H6_4 z>!y7$y3y07*w$7g{>xkbBJxYUof?~x?BAd`wUaa*`lEbfF8f(yiZbTa)M;qk2lSSQ zq$XxyimWK5?V|#czzhpXWcC+)mhmVA*>{R>t*oc zjoa3g#&h3;Fj4U}nR=gtd6qL!!JAJvY}#mPl9*E>^WP@GeMPh!lBhL=Tj9g(kV=;=KjA<9DASOW3|~fJvL> zYd|ZsEdqW<7+sQa>SeD@M+>V#i#!o^KG|-W9U$87Pv4()fK+P>sZ2nX2U!nVUF&6o z4KywR7-sO6l>g7<-c#S|8)(+O_FelA{}|#w72uG1QB9m{+-M{LGUs@FiK}f|AJ}J` z5-YLiGRFnP`BmttW*nI-i~+~AI*!zD7Q|x>qjn(55#vQuJ_CCDSIp0fhGi}`6!ZoX1 z#LVl)VhOQl_r)Rw=X#x|G7^#0MCA5IlPldb^M7%xtv1N6MsdhKF?w}28+5b>VL*f_ zHAiZHJeY10lF-nczv($4tZ+oaA40ovEKXu$B4QOAJ<1O^vOIedyKKkhsG4s&S3g6) z2lkM{&vwhd?=-I~S6ELUJ%oNI?x`DW^V|n1NeJ=mU4`+LyPKA1tzXTq&{b})){DzJp2uiH^G~A^!aZSGz6CrVyEjZl zacro*ka6gi^)YRI#2Y32G6d4C(L{((4B9br9?f*}s-FQSG)8|%ma-Ra{%EaZ8rjQ= z&j|+R@*V`PB$JXC`1ZtAZia86%No>9Hdq;MOCP{>EGtjiAHjz@zUp@yM4gpH|2c7t z5X`LtHJ)VMYtX?8z1RHw`q{vr!`&mdSexTob4EOqyJt9^t_4B9kXvR@Rt;eAM=mbwoh0!T%|Y;EgH=Jf!;Db^O1 z_3wFCNg2|On!&xJnQYnLTrQ4_Qam2LdCI%$<-btBt`NLRKf@ZT@5se%+dB3_vH2%} z?PHIe1~vCWC|}df?csX5FRbb8^1E$X&=J!o^>z>kLeOCZ@UZPDK1>gR{b@ z&DXNNKNTv*jFTi10Q4J9c>134 zbN2Hx522#T_YaG%xj1vY^A;TXg|tx~4!5JG8~g_{qi?pDpJG zUE&F^!2~D`yDth}jAN!j85pr-iphH&>GzH$ZF)?qhI2}Bi*gK=+p41Ta6@^YXqpG& zZMf&8S(_jsa5#;ZSr)B=qrtXssQh!^q<)32@w$3sQ+rne9+mtiN9i5!oL+lWLN3J6@NRgj4pmd*EIepPYo}b1tlsi54%O#D26X zk{bu9kuoD<1n!rLh!9GI6EsaHMtcVcS~i6kiiFG7PF3D{T;9uKr9VSvz(xz-_)oUI zSBuIh+#}HHKB#_nWk4P-T+oEhpwW^2ZFX|6#tYK$C%D{J5If-{&S4h#6mE+~C=JDE3 z(}_H2H!!A~APdL+%R`C`=bH0~qt$Oqhv)Zb__Qw59b@mHyICwiM)jVIPpUFAS z)^CMom#~|8KAzig@s;#oVd#paP~-GFo!v34A9xAU22kg%ct&&ww1naM9-50%8IKXVPjYrV!FpB+bpy7sl{Q5%ipS*W(=B~>m6F&Lbme!N-X zxFZyZ{0;M4ixomA_asBFH~u#Z07rD4L}X6$MCu$Uh%bJBGyK803DEvh6IDs~4Z2S# zVqx}U^p#kN7NaXd#+yY2+e-v%LD5%}0pzg?^9)fpTEqJWETk^XkfLU+T>7z45t?Q8;;K1-8*(hWmj42w2&eMDE;8Kg4#FjXM z2XG22&T*Zu6(uzG=snWHsEaDd4ZvQm(j41Y!>jAaneBJIVNyh>r$zjZHTcP(5!*Bp6;v?`+kZ zqoQVQVJhL`XVMoZl|tnroes<@zbp3l9V|r`Fik+l7%i;aW_}J2!ki3)xY#}a(E6cq zd)V8eVAc$cI!UZi)F{bWJWJ~;NW4Fp^LUY{x3`GhzD>F&4=O;(7OAjQ@Yy$E zR)1IaOJ;=_y_8j*vVy2kzL; zJ~qc#ES=4jvSgLu^%`@c%Hz*OVokmXjBZno{j;t1cm1vwK40xbMkus&-Bt&NVT}cq zK;!XlZ_F+Mlf2}UhupU>PM+JgQ3aIb$rmIOV?1Zn#g+U1c|6=c6vNV5n@-wgXlrgQO}CP$QxE$O-8dwD8+ndpk{sZZJwqQ`~jcd zW5Z17rtVGl@PHUI2n5aEQyE^?tk`o}rJL+cGN)zj*FBA`whBb_#kr3*6CZZ#H1Bm# zu22{K4WC6c)!SKa5*=wa(Zuh!^Q1$Z#WdnMF2oi_rLU%I&;A6ir6mHh*nL9q3B75C z8^$!k?3yPWg9Gb$MM)eR(ISk$VIDn{@1t?kDl{V{DUqVrDM00M6|D=fXZbF|+q2d@jYq2`F)T_C`ER!>ijdensopr*1)jNJa@#E;S zo;1NZ4ExG;0it9lX9<_lsZ zkGok)8x}}$aO&VX z0k+#!YcQuDG_chrbK4Z_(%27^R3s$u-Jg83B@=A=?(8T);`x_#6Z0=wu?4_;uy>ji zIK?Dh`sA!TtrP=#_8nRI|Nj)S0=|Z|dI75mt#9|6wS?Vl^T3{qyq3jYqTa4?=PH0( zFSTpxpR?k8sIQQDGp*;;^c`4X{Y2LeotxA1I6mz%NpR&v9xx5Y-4QnAJ7^C(1QmE7 zfp@T3*eoNO_YQ>(lKU!G8ocg#a3_SuyC!=Es+;R7AR$e`rXX%*f-&b zMYD-a_{aaT$9DB{no9{vN~xD|$6pI}Lkx2+yo!%jG92T-WjiclRedpaF1cRwq|;11(59wS45%y(WMzLT z{m0?cWug4!=R3;!qh`etkC|GQgNYlPE0p#|Feimdv5FL+Ut~b3H0u zOQEeqqSeYICpp^Rzj=L(q=6YEkYwxWpadi$)$PxNqb)0jSoe%_;dUmg4q<@`v4wK+ zbYVrF%8KkRA66Lvl-&Hi8hoE7Ty2uE$J)6Qvw?XAS!1SpS z@ry2HUuoH!=O67dxpg!FAs;1HM%8tOec`}9QFr0{=3AOeYh8}oo5$4&;G6w^wfgWe ztl!fjnc@-LR$o_F9Dz{W3yOZN)0OH~?^5)@vx2UA^;6&={wIMnwZ(W5&6?#s)X)NL8y6gI@*KQfn$|&)dwF@`)YPa5J3ksn+2?qSqov;JXu|vWY zS-C5HosUlj z4x&Id{9I*B({<wij^V;xpLo*)1OpOWNyn70SL7rEQ+SSZ+(=Q_rGDWgHn0!Lrnrm0!nG2Z zGFDC1TgJ)Z?R2_pAM$8p`1UV;P9LRSBI6ryij|f!eqGmibQK%<859<$V!b6g#}fQJ zhw0LONL*!;*?Si3KnkGSequ8jP?%w_D~ApB7duSOGyF-%8k{C3uaSX`SetKA8mlM`BYS34Q2*H(1CQYL zn_A?;8VFKyCzxjwVeStKa7-?J!?2o_CvA7AN=&{NER2(QU=>iVeMTncO#04GVu2DLK{!CrRqD!O4pzt|5Rc?5 zWA_XU#M_OdR=)51hHp^`7JR*zzRmUV$+Sf`dcl(zuCEgJfj7vWlWE0fo& z@CM|9?_q?d;Q@$SpsR*F{gl=YBBdL;eND}8k|~Pr7Nq9cS$NT{t(|l<9P1Ep-F%fn zOR@M{F?jd@U>ra{_fO67wG!j^$nnlN^hWD0-#ZB&we;3j5PdEzukdSP?e*FZ!9O6n_s%8+>pq@53u0;)f?l$GGb>%!?xiKM(dd& zlCG0Ha(9=+@jpPnBy8Awr9NpoYC9mH$!$UTs#J(5`Ky@iXhPD`z8ItTv8T_1*cAWW zqR~i#AI%(AZRWE_H*vZAS$@B$wsOtJ*harGT5a<`PH72UiENM`a`7x;p&Le|W<_jd zKH>6Ca!{D+(i1%-%DOOC=GOT8MSXhbR(uUUdw+e}r10G%{ zcHF?GeJlT;%VqJOE|;Qv9~b_ELKrLJe?$qt)8aJ^97<0v!2%Z3g+JmUXo0wdggl-? z^t1hDRQViaQPn|CeAXJ4bN{h@L#prI2dtMb9Rp+eoF+7nI#X0*y{cawl?^N(AyY4G zuc9;ZWPVm&rOP5la-=+Vd~auE4QSmmAoOp48{ng26jF|=#_&F1$bFrbSE^y+5fi&3 zgpF6Ta^g96v|QoeqqE;FIFvYV49)P@L;B3eyp?*rQ4%cRL2tPl)#Vu9*?m7%lRqel ziv!JC*W_L^q347Hf?R5Rc7p=PPhu7sNP#n79x7^#Hx0%Yv_UnC=cmpkCw zJN!n}-$LjF2Ldw&5*bT$_+21O#zQ;P;6@ipwr`RyTv(o# zZ;>4pI&En&_vNr{N`r0>J%nzhw@%Oix;H`C@j5l8TkCE#+k=^x$$Or9Q#)S(6yckb z#lT<$(|+AMMWKuL^?R3%CVf+cb@D0#O$ZWO1DN1`i!g>KG!5sAp8Lvr57@Pz+joTe z9EY2Hhjk89w~ao2 zdLVt>7hq)Gf}ZM;k>*JD@5N#KG;Dc1EH=9SJq29b#82XlMc z-&B`0sFt(iPPN@Fb{vL3URKuNK53gvJ#SN&xm$f+m;x&=cz&Ma^h=6MOz9Mcwa%EN z@X+#E69et&AGM!9F)YIcAsJ()ms6j%6WXl()Voq|7B&)_>M`fn^cMRtG|%{HBNkd` zenZNG{$Y~B38XapVZXj8-+$p8z;Lsg)j^c3h~bJ|RB#noM4Z1>r`$rjDMw_;-y#g* z6TCEZdN&T4U%~@J#yT^XQg@ZT6)DaE+>1;9%*7?unJbso z&X2-UG>VTN9uT_qyx0aE`D z7%*AqWk<;U9w55ETqHTyxRorjIw+BFr33q%eICT*ws`ziK8;^4oz@8wo4A%{@zIy# zN_RjVG1`B#oYMWqUzoXttPK=1swDD!h`uPmbcjn+Wg4*6bZtf3Ul~Al+3a99brAaI zNwG7Lo|4K>4mgEb=Rp$K`>^Be*UCwx5C(^EudChG7fWI!8*C(V67q;tQUSPz1J<*R zc-@JpG#Y_e1AvlVi4b}F0nDDWn4}r>@%MU$Tg3p^S?$9%QYHAs8vcd)kBXm9_#@wt zOlyXV9!YX$JY9R*EPgq4eouF6c)=dHBMvKccP>XV4(*FEUUDQkOXJhhXK$YJDA2o@ zfQ0s@0+A)PdA)w2-(`9bq#4lqEw7}5ky*zMqjqvcS$o;wdxC?)4`(o`hNQTqyH`>6WkrL;!t(NqWo%n;$0>5Vakw^a?8 zPYp$}WRFz_{Gwp?-z=SQxShhCO1H?-f9lt+f7#}_eWC~Z^F&-9 z44PTWNqe2trO;$*-o82+-}SA%>XW#`U*S{kk5U`cpnGb#fD1|8|9iLYzw%1JU-J3y zRuQGwiU83ewD+OND(X=(?+WCW1L-&|!}i)t4iGj%g-#P1r!5pKupGB|z*%!JkU z!^@JctZqY(gC-4bKMklKX<7(yAiuH91D0f9)gxNrv2TX+{shZk;8mRl?B;1sKL?l} zc{lc@K%D{ndL+jnAH z{D)B_aWU#=JdF=vo8lfDf7fl|uI@1d=0DI<$HUMV0}rjEaYtzP`?{?~KIO66`I^!@ zy`*A2J2dK5erX=*o7>>;c=c22c;-=rXf7AJbeFpi?k_&a|oa|nysqPtTCrHHSZ z+`#9+V1ApKbqX$@zcW2`N+$MAJ0q2`Lp2#y>T(M+Vd23t-KqR*KN42kdNP(Am1&k| zftg2>`T>bk#MAhB!4m@yRnu&F6ZU>Bt$PI=KyGzJY=r~lGXHetJ%j5bz)sewl1NPh9q@@_0%q zTVfIFI(C{z9yae+6p;xP$Htzf)ISs7ao{C_&c{9yxYO;_gZ=IizTzi;M>c{^vEZ|@ zC1Kr|ImmlcPUAj|xMxt9J#*@Cx>-{s^qA$orlYJnOZDcBE3s>Yf$Q=OKQv6WsP)}p z5u2#Y0`|X=VIn16o_?ZVrsDCI5)Pg#YhtKKVQjq5jBP?IMH%=02Rj(XyzTNHo-fZQ zXnt1wVZ=R;4*L!K^h}oLtS4bLp##3jVF+>Fe4$yu!T#XM7|BVS+$HYfEeF`^;^&<2 z?PvgpiYq%{pzUh8f#32M9IhkW7C9d^*-IGSmIfeO(KPYDL^mRNohKgqLPU{bsErqP z@Qb%>C7|&H|us2jtRa6T`f}T{s*XCH;Jt?6Zt)KP zc3pEam|v_}K2WrAREnS(^g8Js+N?>`uRjHNM-MsZn=t2%~tsO zIV$;U9`Nto$&JtL&SYlWYVr0wrP^8Wq|@JVILI4&m-Q5;mMee3F%K{PnX#N z?~XhA@>Qw_#lsgrBu^SWul5$3c`IG2Ndz%E>C2w`y?Su)g!nr2m^cjMn*slyuv1cQ zN`4Vm7>VAfNUq2`uc_l_$=aN(SfKHOqIT#`%Z8@47E{cz0PYN1B~R`de}$~;2~UKp zVubY!V}!MiUC~_LW6VK@;PgbXT&B1c0(YC|K1ssj;}I(?f_(F4`dIr~(@lZEp*D-y zzO2P*2c?>|nm9;JoqWpJ66UsfMV(?ej3;Y?aok$Wn@c}iA3$U85%AG`zC~2~EZz1GCRn7QU&9M^?HuovYO3>J$EUST9Qj4`j3=%ORA0jgfj#v)+ zW;NZwCX7jE<0{9DG3zwq0fZ#{Hx~=DE?Tmqbo<-Naf*LSUqdSE|kX|Ci?V++F$hb?WCsZW8Fu>kC;pC;2yFy%Fp6_ ziOAut*%fXJY0s|*ntFXLGrg8>8+y(iP^~Pg+^_N2WoPo7Deeol#W`XOclLD{U z&Ns*OhKcenII(!2@pyU2h8+ZTXVc-(h3^O%fOx~j6@plu^zgazUXtxghJpn_qVCg6 z=C++g-x8CA%m(?^Az9~~b4#zrQpZ9(@9)1TT^`@*u6f{6JzbFhd$UOQZdLWuPlCjQ z&ABqFkW|u8S5}N|uIKN6r}WI`Yzf;Z`$+vo(6*6nFU~~uy|}?J(HWX-Oiv4gW^87z zuRSUn3t!fZ^Gt1`{x>y>(VtC`ae8^uJfrDR-0rqU9HG@1Oo>wNp)^%H*Db$yCzazI z;q`p3u5Gj4fW*EDaFh`I_=PO!R&efve+oyoz8v4D>NcDI=Nz4mH{p72zPok5;o-6K z=39T@8)INrWD$yuWy7NWOosm?<8qi|)9Hw%BmHt-V1ElqeVqoR4(!%0YJikC_5+Xp z%BHbq_=1MTp=n~7w8Xa5-ph7Lc0yMM{#tO(f0Yi4qN!{0F9Kx|s)}g#r7}_uljqMM?eu&eGo$w=X}qu7X25j)<{%5?AQlA3iQ! z&-gGTJtXiKlD58I5OJ8*O4y`hj&Bh|-IvQ}zjE(_(bqU=kYy)8X>!5ftoI(*Cfx*d zekRAL-&#%?%Y9|v_Dmgac_5E5+g6n+w*-7CkPjfsoxJ%Mtlw948ID`J{WI7}0VG1b zh(00PXH!()2O07pfP;A;>+WS!tg@ck*{$_)Pe1{d%4uVCYuLSD5`{Oj)ikP5Wf@ z;dI{B5C597kGG+UaVg&no(O(L(hS1w%Vsrn4!6gDkjMdc&N+uqg6mD&tEU3b8*K#i z7QuKAL`O@q?1%lH9v!jo)Hiq(8CzY^6VbJf= z@V|uyBu@0=yJn>(R&$!K{RJ!q)PSFCser&I|1wsh{Q;4RlIAMUQ% z#+*}bO4hs=4E{olCo(&H-@4VvBt@8#iF9@t2-eo?W56o~WAS?LKA75`w(@|GXWPu5 z)w=v6mI>cKl5rj9-5lI)ESB`04XI2Ip8ovWS27yc>-EdQwmO3l88x(+4ad>U5OxZ6 zTWrxXYX`LOT+Ku2-*_s4As|kY2Uu*~)#>e0?ZW+JGgYP>IbM+cK#q(H{U^r5`u3k& zOB-8&g&?+e@ucGYufv}LtO#Hq!o0EZ3eXq20enOhFI+W?O(MoF@PNUl$ln_Xe5o7S zmy;k1cDN}qUT?!i7^Ci;w^!A6buIwe}d`9Rmn}Cy6By0gZb^Ff4^fzmx7^-jH zvHK4&+pn%uy;oK~x#i#9$9W23M{Ho$Tt_aL_oUV@&REV}CG%Nz-)ZL)1JTKKt_iU4 zs2sV34lz8D=NUlVSmi|qGk?;+@{wqvL3m>D+s-z48<}qlwh7}Iq*yp?c@m692fLA; zJlN?=-JWGbQ7A5z%>2x;`FcKn3ztB`(5DpQ3Ee~n$+}8-YZE`MiAxqUYCrBFbg4bV zeipoM>3nu-u((b$m2?@t^&GwtgttQX;sQY>9kAeEAft`FrIRkZ1P`I>wmM#WIBymK zqyd>Zx^mCJIuh6TR$ZRNHCcgj} zga1`Nl8j@Glt0{_GA5?vklk4Hx!ly8ZiLtq%HBHoUQ7ZGMxAQQ%M|BtTqau;vnf!q z=lYGVHR`YoQKYKJ>M)hb@Nbri@d@4T1&B+05mZ>IW_|)fjgR?2We_ESrWKsjP|-(+ zR6klNZKQh&P-n9X?>5Bg54TH2pmDsHbX0=3N#?9~3saO|h>CWabs--6X{^}akB*K^ z*3GUyNcn58m5FvhK@z^|t_$@>OP4t%sh*d}qZ@qQhvL`mP1zztT5dsQ0H!jHfx0wKFDX15` zVYV+%pAf zfKspkcAfm2*Y)iKn=WVYZE1J{e?o2yq|TskYr2t`OoIw8hgP)%jonxK;uJzQ7Grgd zt2PU?<9l|&vS`nnX~^nQpy#<#%+)&yP9|Fq?jcGIiy3FuBr&JYW54u;>DdqoDLa%v z&+xw8g<$r8ET1{>ThGL@&Y$fv!EY{QQ_bDy4N^{mmj$U$O`&gQ&MzjQlv z5jl^pjuRe-Razp>lSNoxf6v{9E9Fawux9xE){ z?-A)rH(HKKvRb-74>TXKR&nDH@Wu{F_(IQu%x=GqGP`{^h&09ZmbH^0d=Gko5M*~e z#&TJWDr*o}EX(?5Y}fFg;%w@7UukL^B?#~k8v&HJ)d750pjJbxqX4K#&ub8nM)%K* z$$!0kYV24&kKq3pz^rnIgoYt*~c12F(;kR7kfp0~Z zCpiVcTz8Z)oyL9!1FGSEgJ|L(&Y?dAUpfEO0}ca=iHf|&xz9iu&ydexEYanAAisM~ zj^ABtS>N*(czMtS(JJ(9?OH$0-42t3l5V|awe#Gmz0?G+ZQNa~DDr51{6i))*5CbG z80s8wv98^}^>~3Vi<(3u%Y;Tm2(na!Z1%@3xpsL1rws=etExsipj1};QQj3>%s9yG z+xTvC+&K7KQ|Xw}=(KAt$wPt12!S$lZS$5rm}~5iB@`KFoe^?C90FXZr~|_dlH4;q zc{>pgZvz54U+%Ncv)UQ5R@8#f->&PDA19|7T|hXhB=R8v;dd6r{5q$m7p5N#z`7BS z4X)V-w*!rD$ePaA?P{5D1}jU{-2mxfOI&w>`rlT^aVDTTva9%Eat6N^;UfedO_mlQ z9UZk{fhwskA5lq z+}ZpOMu|RD{k_W}I}mi?qkHtj#MA@z1F|{2{W?kFwo9uvXLf}Qt|+nlxPHBK8+%1Q zO<46ZmFMn)2`vZT_QV+5lF%k!jk`G>{4#H_0d5#f_|OQ|Xb8I7Ryt}u7qG6@LkSQ! zYvCEp4Z=E&BO(%LY@50O-NEB7B#|Cskc6|$LVB~e0NG#b0Y4sIEbS#*@W0L9w9)Nb zm}p(26ptuNH_){hI2;XL$k1FL}HuMAmN(pKVjUcsP@`+k4IfsiD?7IlDCd>ana0JUGvqP^29vQ8k^!?pv2a#xlS7qWo#FQMXs z0HWmfDv@dbb_ZKc?CvHpvRq#xx|FpWT^EnPXg4@(mmi$XSZR7}pLSt;$KTY*yDqM5 zNX`PL1J*lV%o9HA%-N@6bP%+RNZcPzukwz({iQY$N;4%@R0>i*SP}-v6wp&mW z>c-huRZWQgkUbXeX{LWB+}S@v!B;kFKb={*dT9l^M@uj9m$TkvNx@e44i53JEiILAX#oK;`?NEJh$DZjz2buVo)U z5u4&K-CHmp_y1w+t-_-GyKrGakdhV#L zF}`5Xzb>|_OB)}451T8UI_s2@y4V2W z&n|nlb}CD9#{IEFR-6{NGqx9hWk&1mm85~$F0;qET$_gzU}s`$N3mvETuW01HIv3~ zhb<+_fZh%Ht-p5~I6D-v!~JWGuRaO^4#etOr~czkIq1@{l%-ZWB0$@t=jm1gfY(1_ zFuxXEzoMJ6q5z^^FRFe$<9X~tWi4JXD0hL(=Blwe|D+l74c;Ny75%c?Q#0&I&pXB$ z{$L#hG*%7=a{ry&4YpYEM~lt30$16LjpvIQ3D@I-si(+4f97@S;BZ>mYuM#v!ifZk z-NK_E#DWEW?T#}*)YDA+`2Xih`kcJ^{v7-1O$Kp2O8h#ho8||Yc;-{4H%jstUrCD} z2Xp^7{3Z@8$|=)$^EiHVCgk++NAR(ubXkJCZk=%2Wv(@jMKL*iyUvS*E%WR<(tf0vjJ@uk2+RlC7H5zd~ z6)MtH@-?J)XRKQekdoG;x2^elbX1;KGMUz!^sI6~J-*3WYtw$Tn5y@Tw90rU1GcfG zZfP`->|E)x;I5t9@8;%av$Tr2Lk-b$>uPWqP~Sqcd3reobgynGIv@Siu_l6LfDsyx znAR(DaO1e{cnzuw-DOIS#~9)|z$T27TFc)6#(1TQ{H(t-!k z6YRHL&Ihx+A0iV#ZkjA)AKnZTYqu|X1ifl5^Ss{RKIw>T`$Wl7A#~WF?4ZONc?57x zx*-An!p_s_EW^hgnlA^NF)`kRi7^$J7N!;tOeuuN zBVQL+&n=`p#5Rqy){WCEHDlnhduOZ%{2D10vFilDi2!(XJF9+nVDR(V`j@CFQ*~EB zQ;bT#!43Pr4Y)!mw7ypB;b?v~AC|LiKWyI&MI2g2KI^G2nJ@(~=tjVDk>MW(iFl&G zPga2HRq(Fo-Evd$`3Y5;t2I4U^QF^wxoH(4ADrI+bLf4+Zg{n!eEGwQrZ-1PkE>a_ z3roGp>vRCuVISiTRr|e)Ie+1hfy0T66rHiGc+dhp$osT~pZLv)f%vmV=NHj&3vWNX zW2yvN0*w&$9*=$=2ex#eCdea5;1Xe}>_iZ<7IGHeh)2$tD$>}QhKZ&c!1_`S;l8zC zelll!+?MDrV(fbJZDt7>15J+Wu)#F{NsTcq9!6@a_tvrPhGls1mj{WP;ok!l05E+n z>Xwr7ZqdlpQSEpCJUE8|nn@h<_AaswP!OPvG*{thnV3ZqX)^;IAVu`fa$drwfICyO zJ~~(DQ^F{6LbK2HYb+*W1sk2B$k9N*zjr9r+ z;f=&h^aC4oiz|Ci8{a6oBX{v5r^_w3A-6mg4lhzqC!mF->B+2;_?LyqA{b%Mc7VN@ z+UOc54Q$PRcHGpnZwt(hs11&>z;cBC2j3VNUd}=8y^g0&FO8Cb9L-0Fj#~|(4MEZK z&_Cl{{5joYl~L51f2BT=@!=@)U;8<=GI9`=%XeTbd$3?Eg6GCFDOW#JZ7Q5V#M$fQ zc**s5!f@_@5Wz#7YCe6XuHfl-ZvjTQo1w3+YloilLEMbpMBG;2#4a}}d1WZjre4ec zqKlP8qJbn2u-t(5B0jq`tt6v=ae%Fx8iz?ArC^^AT~S-X>b~LU9?=nkXF^Kr=YTR- z(n))juko|jbxV*3RcdxqV`G^f9BZQl$^Z?l7R+Jyt*HZ0zpNFShO~z;Xd7J+p6*Rv{85jM2Y`kvy<0 zJ;19rM{{Ien~!*!YEDp0n=swIjHvHQTU5WorF0)26f@0Y^a<>ln)_3W=M~VNwbtV{qF6gxqGWu3@Y01HC zZIlq>T8v)0IWQ|E1A&Mp+0akQZ3Alxu&KDDSsKf2Ur06EEtHu)&M{$H0l$w=`C9XM z!`9hP6M5IsmV7TngFan#y=vWbb}gcE``0i_?+F2e%o~Cp!X0uxBrc7YK2D+hM9*@` zbl*)bHH0iSf)LP#$9X54hHHmH?J7wzaf75ku+n-7eUH12#4YTGV}b^wKRaxZB(6^$ zBzbF=HrS2(O?_;3Xd#?tN}xsWO9s)}LNJ%K%Mzqc$#_$Mc33d}DlRFB!8Nj3fqMFF zb3?x$#wS?MUFCyBg&_z+yP!Kq}3kJ%Q zn)zJIc;>ZI0tmS`J|cZSBqSlMhf0W02=$A$?4)v_Sqhj4$#e%|hv*)`faLEeGc`Fy zCrAr6x2lumzr-`bV1yCxy>)UXXoIrr`Rt4re#{+WXwSukLHS6xR1mVyy4J%-T69R< zoL4&zzdsJNOU|EU>fkahOFSqFE8wGl{i*YR%`}C7aBhdM0iY($POBOV7_Uwr+^^X7bNDHn3*-e?VD z-j!Z(*MV_aG>Dzy&e65pw5EEmEdR-J!f*Rv-U}KM^3wck{OTaQ<#w^h;rLI=y0_rv z&mKxrgOqcj_$y=n^ZkapdB>@9-?#X3vr)=>$84hrxSM!PQNs zGuJ=0M0G*sE(_SMuyuwE;wfgk{qJ{8{c@}kE^`pwdM)F^y|qbgX>1_eRn~a@2UdHI zgkz`lZx|`sPu)10%jP(eYkUYM?T~R7DCTRuOBe|5*EcJ!{?s$qGbb6XnOn994cw z9R@6zm&z1o+L5DCv#=EfUIYM}<0Fr5Uea5%j3ZfOjG zFVLZV%A?Ae9o*=iPhDVISb0C7<^fE>@A7Kz0z1#EuyO+#w@ip+2li>ti+6YHh#`)D zZTD`-H^vp1&WsLIN2DbO&0Y$z)&6fKrN~>r&nCi2ClKLDaI)&cng9{Y6CrRXU4C5| z%fwo@9n?B+#6=XDt9Y_ z+2tO*qwUc9=3x!S)IBa(!lZe*4^}=-J@6fySH_pR>8DhcT-;*Rxxr^ z=L^An>X)GaV)~HXmwev`wcza2H5I(2{z=n^seR>P-50&2E?FdTa@aJ6ax6F*=tzzH z%2Nrq4(2%2mY3^O{`pt${dl3O4)5hY;RawZx(taLJgzk|uj_bfz4HcQuv*{NK6ROp zF1u?nQ7Q9%$MoY?euBkXTM9P}N<{*5WhC5D9s2y9ZA@Jv6qE?e^xHCNh2ndo(ePUz%+?I=+w{J_yxw;^ z>F>NWTFtr4j?Z)A?|%2gZC``;ra=F2#GvCS0gcLiu%s%A43NpW-HzxfT}v>NJ~`I5 z*H2kUiCwhlT29J2ENf$&7Vmls*0@xe+0VKNda@N{M*@qSScyUs7eysTOXn@U)PCs! z3lXbMAf@mhAn&P@`=N-8cQbp_@>qHwNQ`V*xwrP$CzTVwluIh~>*UOp_RlDno*3Vg z6?T;w``rIlLq$GzLnGQDiw(O9kWz1?esv^%!Sw7nz2o1hj06$ScFv!-WxXP)z0E2m zz|9Ob5871R|7fG}zs!U3?lJT9OaeWzu&s<1f<(TqvL_Mj>VI5&m&0-$w_I+zcybCN z^M_c*5;yD}fKw*&O@5D)&c=;zfNKQDg8w7n3xvS>7HV~X{kPInF+6fFT%lB&x~1zx zVCzsj1&sI~FQ{2_1i7J%zCBcel3te@+hdc$GQ>#@+lNK~e5t_5L!k?(q)dR3+2KZd8URzH7j(K$IyK*=#TNYf- zbL9Wc3@`%Kq-b{51HEM4*v(gnyGb=>@A+!;*XORYlG?!dzzJ+M7Xzk$F$>Hryk7e2 z0n^(=WO!@HOxe))?oL=*lN_o(-dcF!hDS4&d1aibguuLZ=$!djj#~L=;+MajNE< z^2fy-<6xY}ctm8hR6U8xzFE7%WhoG5Tv%X0MwSg$VO)5N%{YoZx*&~?PAiKp9rWD^ zT?LbIfdW&-_w3kvsqS)f@$cZ`f&SsbT{_F@;!#)g_20w!{njG{Z*41TOOC$fsyLr~Tu-l6;Zdw)CQ)>fhJ94+8WFFz;ziae6|q?7BL zTbO zp-AKm(9l*<4HXiSH^+ak+ry?EU(?hY#03555R1HJN21FlgkNA)2u*Fro33a&@qZHl z(fvV5d_ov(hMbPsR{k}EW2e~R3%cM_#b@s5Wd00pzm)X*lR5pg#xHZLwpd28#HI8C zwPg}NAQ3@cvjPvMA3fi3cO2FI=FB`eDE+-Q!O7`q+ySKkSQ?j-C+J43Ai?w6K_!`k zVSBcwZRd}V@J_$_78TcTek|M-k_hbgD!H->Ap~zTt4vu(LI_P4aIDwlf0uZw@k(9% zJ<)yrd$8?6C}*u_Xt?1tK`-5QLeYAGHwYaomRHr?{h+4P>E;ZT&wamoK7s6Y&cWp= zol+NO?&pE*6gbw=>HZ9RAD$8t5|Y#B4{-mgo#m%k_Yg=d+qWUGog z@xoK5>wf1ZmRhdnw&RAWv4NC_R|nMI|7RD#bReB<8ehQ3bDAINLLMfuKigA7U-Yq- zq18i{bu$F)2Mf~*V^RXPfjf6wG`8thC(XL`cIuGyc?|I+0XG7-7WH?Bi!H1}`HW4o z-Qnb#hfFr}JZIY@-x?uzdBu5jx5c!&B+&Oo{^dYtgN=L3SDV>p`_jUOCTQ8G5CWCe zPGD@m!nSExJzcj)(A;viL7v7uTC-0$y{(Wg#}PSwxhS80^`o0qDlCdX$gf_AT3|Yy zyl#8?c+4h4Zf{yh$bRSC*X>=&RZ8k-e~c!V1J+|9fxXEkdCvHI-ZtmG+OZ|StK&80 zzPd1_i~XeS(Ok>3)6%E4-fa_L7ahe?{>l55J{TWYLei7_bjoQ(nPNr4HQWCZhazCF+LyxfgLPB z1ZlZk)H&<$m3h`kNI#@}9V)-m7n85nr15rl;gpbpmW?d72`;(-cT#xQQJ;vWuLpPt~QU~ez^^tY=1pkA!ZYrAihkc%(LANgkTjA;-~ zH+jP*@^bhhrhELixqQB3xC`FFo!iw5>{kMPPJ`!cYWl)KJV)S+_qx@A<&p8w+pc^n z?pWxH2}+&!nUq2f(R@y1v?xlZXN*aTjGdSzUnbwC2Bm^GdTD#c$Yt5WUrH%1vFg5F zB57o0t!B%hPEbG#!c^7n*c#@2S7pVV`H0dDOc z284-oL%lTzK@wOD-Em`;r2{2v^OmYMGe*qpS-afOp>+YIrC(u{B)EgiW?o{UG15+l z!+ie}3|tH^uCLc{-Wv@)*@B7UDSa6WC+F_Ey?YT(%C8z|Q91cbz;YA4NWY|68P#N= zF+5WuY>JG_^4V&NJo#oKl(|&5CS=xgbZT~7jZ&zZsRsXuLT_I)OXXvNqiWhxnOb0f zJTr?>f_82_c802;DEMm0d+?~PPIi(r?b0Q~>y5bPj+cEZ1s~3&Jo{0f^L$LL0)OR8 zI5)wRtzgaGhhSn>?fjI_*P8jr-JfgvFDqN+QM7gmj-bf{vN0~&(4d3 z?>y;HM=YNE(^yVsqgl^3>m-TIH+n26KMmk!W1UV)dYe;0Mc+T__5gp=O?j> zG!5xx_mJYuDvDrpfRKDfde%AXA?;qQ`%P{xWve+u*Dp}o?(`oNXbgZw&=|VNu75Af z7YRML23$Cq)3>VJ5tkM7K!gS}*xb!rOf#?g4e`{d8lQ z>77W%CAn?2z2JQg%4DO#m5`B5SQSB!7r81B6`JdmimBG2SQN!HO;J?i+Ui^2G#ewgU`KxM~i@r~~8T*u0tl^#X5^$Q~D`40@<*`daJ? zmCZfkRT6`7sFBk>)R@ovKJ-9P-LA*C@oYy$^>BV>-Rm~#BMG{gyJAd}fFM3(#RI!J zZLP`OY;%2w&CY{v85<>A!X`z4JhcU}45YQlt=S>ri(H)am+-hZt zd`JL1gQlE%ivL2C2Osz+ApzGv3`i7tPmf0lElc6H4SF~G!~{IOdwQ*P!rw&mjg%Hyv&Rl7oslv)~~6hFd@FuN5}a8KM!Zy>q-RMbONpdHosF znYknzv&R=x%@tThgQv}r6lKrp*y2OZ_vRw_YHfGpUrGxD*Ep#w{djs=Xnu@0a#nq& zx!Io$FiPRM<|h*}Odk2GhZLAby?(N>7t3zUUgsY@O#`ha_AZWyf%heT{y=I=00CU^ zpYezf0qi-7gnxe=6f1-UqB{Wz^f#H|tuWv$lxmPt+Uybk z0m`bBC-FW(vx{hKVZQd#`*`Hf3nmFc^<}bgm-|J&H5G8!KI(HUC;nQNsEm}a?b?hU zXJisf18hMV;xVnzTaA320fE-Vl6XLKer;W4JdRESfF!ILzP zfUv|fL0+LjsKoqPB@#P2Sa{%nOK8x%$gBfpKq1;a-5e-w?2WPyf(T2Ny}74~d!ZjO znk#QSUijAxfA#qy?(aTEvdYO0*mQbJ(Dq`BcOjho8XZbv>8rILPCM~At8=(pbw$$~ zzm~v|LQpig>T8x3oS24%71SWAU714<)@a8aa&H75Gsd~+`;2ARrNQOSfngGK(K^>l zm9fb2L|9T4Nv>S~DPyeZMUC^;5~FC;uom#-uoH~GSF#Q1`~`Z)$um4{&}+BY~F ztE2xo2n-h^6>+_VL0Vh+wSE3fGOJmEmc@<{RLIai7n6?1clxK5NI~pZ4Zu?O zZ4-j?2g-UK!zBDEX`79T)cVd3Rm_|boxC^absZdTC$DzAlfyCR9z1PG$cuz7HHyJjRxHvSi^b-B&)I)XJVDPC=mnh=S zpI-jGRuKv=&ITg~TZoOa=_PLu)Z)geFcr#ITrrs5^69N?@{(rJ;Kby@o&xy9fs>^6 zBa$n+NG2AmmwA^djr?w`gZ;yPL)hpT)~BP?M`qsg$joo%*C1})XIbledvb(ygL&f6 zrepkL!5%5k9#}l*FVA44%Xe4lA$H^LP)^s`@pjr&cZFo3Z%Eb)jX?@&t<*>AcD5f4 zwKQcDgg7T`hetMAtiTv;fsu)_r~a37#hMS%xLT=rxXdfJ0-GAGo-!7!P}h!A5;4$P zYaffK^pB{$wtE+U6G)4+JM*m^dJr&MO)YNjO^0GL=ekcXpti{v5TDNvWfhpN^xWZa z`+-gF8sFAlpNuw_B=Y(7@&U9=%^tBW?P*$eH$xS+BnNuNN*r#!6&l%di(U?g-40?5 z1^;_`*1$iRW>Xo{-~ERcp9p;51dw*eA*q2znU#cOzVu$b3Mal5DG^I(OydFH^Xyz0 zguMvQWo3`FqtN&2SXB|dBZ|IF`+b1BW;P92&TOQT#Gpb)5%2wvmy3FsrcOg1+g2OpoU@4lksbqEzQpHsZ&DVtpjIY1Ko zinbEO+0HcI;FwTi!oX2)=h74-sMoEcaOz_5!k4Bw00bBlt6pb<#zXOa)uzGq)K-3V zOoA(3mv_y_f%W1OG%pM{ib~`uC#ieq8vFJ!td66dPd*mh6f*lu@^{_xiuzvlf8zHR z5~=CBondKU`cqEmUvRAPdtO@5Bb?6DM$Mh*=ruk8v7wA$`(>836E@ftZfRgV|D z+`Df`%GFSb{pfz&>Jn|ZtYmYJSDY%vV55HMg8tA0j0T2{UOgY`(3-rb9tm=yxs^+; zj*%y!mLE5dWXJ@{2@ULJ6=U-L{-oSV*TR&Y{l@- z%}62a1B2G&94+q1!K#F6PCmAJkfnT_g>}vrwlUVBV+2>?R?$St#yOt>^a}7A_->4c zMCZJU*bZtBbzPw`2@9{LyC0eLBQ6L$hGse~^PPgvR7r*%wQdDywFRig>`wHLbzGcqqSh~PTO7o%E(@rrfvlh7fAWy z6rWZ3;u1R(OnY=hD01ut3Qc$yrit8)cvY6#N2R>xTelAB-j|j7=E}Qj$ZyjA0Jv8F zSyb+inCV;h^ODiih+O5jONs2+1c&Jgl9&R`SuCe9o^a^lQkAa2#NM}}{`BJ1G1Xr# z*;#;fq|_3a_SsqT*J!Aw?)5v3t?n-;OlB4B;Kdt9;elG=gs z-i1O3ABPM|KGgn{2_sALd^~r~j^VE=S1{%A;?!8vhA=Jq{{Ev>P#z#73TF)FtlaP% zdbdaFit^IzNEUCE5ryJLgd_A4ALW%hRQILz0r1uOG9k3v7mC~0;olM#LXuZ*Wc1YCMGPsm9wDg z@^?xv*?yDPnCmT-zyAHad87cv_UYbaim>9aLRakSV2~n3RS%zbgvH5Ny2sC>e92qq zwYcV_<@AWTrojqnDjaKZ45G!6gcDr8$o%D;y)}hL{yX+(>Su&-mle&V`m*6lFt5Dn zayQIWZTXmrj+`V>L=6w%aB50hUjG8p5FH?RT~UO6LGAxN<`qe50U+l$68oYzq0mgV zKP^rz(!I+J3B0|0?|33+NMB!0h|Os;8pmZbyHPD{+#ADBelXvvL=ln|hv-24`Z_>IlPY#@H!zoHC%f z2ZvK7EP2)Wk6`Djl^mAFxoEm z^;g#qEISK!&bm5n(<0=!r$b1+7tfg{icXV8o*Re?*^K>p_xc-so*MSexwTXpABtBV zl`uq%ls!RXBCmuW`MHzbTlBuzbBY8g*V(PQe?fI1>U&T{VF|ZjwQF3nD4_f(J~_Ml zayR?hs$s+<-NLSHWSVG5pXn0k=vyTTge}U>~{oLi&#Gor|cG zTZlHD_|u((#rMi`n3&Ef=|N8j#l9?%Qw#KqdgcMKc5RP8icVVr$28v>bfy<@D_mP+ z{tx{>_`vA^L2H`b&wp@*u{2!3wuu&%suQ%B-FoV}&67yX%;lZmQvhThhYjNyzP(t6 zm=PNL$X1U_(PQeADm&QhVrlc&dy-K(%N6e8l%kIQu{bzZx^Y_uw+|j8C2lLt3m$qp zJo3jJTAZh-lDv~K;bakkf{;2A;x(zX2c!b(qf|h3UZnp|Dm;eSbKakxFaIYMY*1(c ze>4kP18d_MsIwc{^^f}DV%}A`llQ^LY^+G0>Pw4BSfQKQC-Ild!?wi?UX9~<6=Yn8 zVkvbf0iTqFk@vzsfd1+zqQkz!HQh1$EHP)Hr$B`u<=n=IsKkvC5&CX&4}u6>eE;PS z#}x3v=+JR|_MC;b+S&df43isa9gatDfT}rmH3q z{9`{F2%|H{x9Au$S2YgTPK?(sO4CX|j9mr43)UN5wqlgF=%q249J(XKrX|5&M#oYc zV1*uvrbj{U%zm%f-ASlgKj?moRz zBr(%zVNn7Q8kA>Z2HWO~h&XnE92;>VAawQx#;6hW;DA_t4^Fl;A#-AhY{kL(jqoT7 zyhG7H`T3l}Hd*l{x7&0{L+Q+f2h$gV*SELi&LD*pDZijZ)QF-{3Z!SVjRgMwZxEGD zl%6-*-d}1x{gQokbTpx?=r5n@Kda|_wwTfrk!EkPR|?;ovz1hh>px1q@ngCQjQzbr zI�KEj+w+*G;a6k9=Nt#}v-aj_wnxRKTb$9vVSS zQ60wOM{jRLhQ`>_Z)szq-jkyN%nWpOg+S4E-@1)q%e3Zl+8+ zNyfL;%V!7(n*Kktky4v7+MSyGYLI15%)Wg9zILp{3oNl2sr3z}(rL_;vUj)F!3pnf zZ=Wd%{Jgxx$h>N0?UIY_VnWh~L}(7KM;6$(>qIXm>g|~Avz%gUJa6y+KZrS!C}Q;j zGH~tk-s{RoTj`_mu7EFG_7MhS=r8gEv5Sgq3}(Lw=7ar!r#Z4r!`!U0X=VJ#OMk2Y zf>p$T1R1_RBd3;aMB%4ymm~+pilT&ITd!ncr8lZoVm(D4>DK&6JPKHhJ8_y1Qg1_v zveN};@zNoh7|0yK-_Mi^ig0vXQD0gZNF0TEs$sP`V3euX9nDuMzY3C?Q6Q;_Xb)HMIf^VXh=`-Hl9*OrS~!nC#)&jKUw=6})R6CJ|1UxW(#Y%nFFV2jK!bNoOnTRwO2Fxa z_+Wn2Q4XjSzVo`_INN1H}c2IlqrJ5pF07Yc1w(c9_?9En&&s$r2 zTi#<^Lo7*Fx?ho%MS)DBESh%N_peSs^C$(x72Z%i`wv+C$$h5ZA(Dlh(I*P;T0^op zQT%|vsim~QSSBU0(0z5r^SI1LH$OO&=HUBk%Pm|BS%cYhUXP!PjM`Hi&#>BF@d#PY zCBntq(s2;(i9){(aj*)e_O69-?xgW}whIU7z05a?9sX!i6#hx_BYUT9Yw8|I?YCDHtZVLeXun@)==-U&|Yt_v9U8> zFZe&If~5E;7n6wZ2aoPIsN3gkv_6TJuzG~S zv1nHC$tW+E>q+Y5P%+oDi&nK5)!)m{I2uLM{Gk%KinLioNI{0Alh~7DddkXA)SzX8 z9=IdBoH_+IX}Is&z{5EPYb^d~$~D>SQ=$~F7?HRVsMo#ENReJcnlo@!-kxg@^S7F5m zlwm$$zpnEO{G3-fwn@(Aiux4jm&hg_uq3~WA{BJWW3b989F|{OhS@rjegl+^Lk$%3g+V_X7L8Gv5mhL7;Yy_OLtO^u&INATB>0$lJTt> z)hs029_;7GU+K4-43X`ytEDbpm9^Q7l;e+?jo=FJn&dY(A^#Z06f=y5!*;{5J_uV1 zD+#e3p-dW=~5UrXk&LAA#uWt zSCX=HujwSWHU06DIUW5cebKk7OTet|(fXm~-5R!TS$C-(m7r<>Dt>iiW3h5RvrYQv zAOQ9_%3~%_y)&LNbVqDsv}k69IOe7h`JWdeQ+JT%b^AaKcJo49g;?z} zj(^i~V_Zpa*TPvMk7v1$K3N}>R|V!*)r%N#w{vhF%Wu zkZpJ1SVzzH#-qWwK_8so^O!2&CIGsfY*uwR{)cxy1=M)t0U$sp{d%v>o@mEyz34aj zP~A}u($hy(-MU8o?KiM8RP<_NZ%;gdb)VMiTrEcnyU}SU*#=WRJphDbrCnu0 z?Y}%c7DKPd;FYJ+*vFN@(O2xGg6?wWAMo6N;!~oepz+^C4VIU&o^v#w&+(wx{^-g( zgA2F*crkmE*1xo?5_kfFRS(WenvkE@lxJT`2yq3tBP?c>iu8)3F_4;d+vn7!F?^ZP z>(0)AdL9S3_r=1SQ?v_~e8BJ~ztC&)jtOIzgCvR>FEQ9mGih3i-*)-_ls(;wNLYNT z)*w};4BSRGxxNqm)hZp*e<&!0FCZAe1yom(QuCp#UMQZW#cGg*-EsGfWmG6jIO!#4 zI1%fcrr|Wr(#1^fP_?SP-Ji_W8IF-Iv}8>l3l-#3s`@V9%EKSu+@k>lek^=_l$nna z+xCwN$dZwXX_b8W)BsPI$Y5fnu%D&ymKdlxt@tENfrjMa(!cY83iR-my_eZYHdUeR z14iJmoULCo(~72++m`^)Gzm1KOrOn9C0{`yuDF&4d`v*33+@G|M&k4DUpP&2397?MJY=HeA z*K8M~lWT<}T|v;xFeb(|N5yz|tWR|-oNyIjdTH!k>tm&oQa^d^PhQ1A@_m5lSS0rc zC0@-=fK)3C%Tgk;jQ519H+z`rbj&aTnx%A#&z+nwc;w^`B8F7)>9xLUzV%8aPkk-e z-l4dXJ>eX4r7VQ%!wtQoq2P6p4fR3xmwqo1n&Y%}AxM8Dn1`hMVxH)0K>*R-hYFdi ziCjmln`T!XLSLXuK_w`{PoAp@IlZXoTv8FRODfKLxy(eQ#H2sPQ9tp#3ukmX>s4fb z^?V1J+oGQ;3kA*Jsjs?1ouun#jp{+*EI7D-CO7U z(P&EM_Ra;MrGpkRispM+))(_kDPlj#`Qy&w%JTKm-$LeY4^hs)adosb`^s7>X2M(P zhhsohKzgmQgDHotKK=j1jn+S0NpIBrtF!Ed4~5q{`r*A_XsXGhTvcBmAVaZlD$Y67 z0Ulq#kzWu*?{&)oM5!T{Z3E~Uk|}G3XIIRyH2wG&IlHmH9EfOVy3wJN_h8T!lM2T+{t#d~hiJZ#k>ab>(U@m${*59dXCE;JgTC!dB` zo-ePnZjBBbfSz$y_Q|KQ2k%bY4Xafd@3D>poiQ=;0XWK%uBcK)Eye#O0YeIUE{wK) zF?U)HIZ>J%-#SiB3`)$)yGk{I%xvLSF|{2(Vkh{pa=wjit9I06Ns@6TE{OsEE#yAQ zAcfx+)p?I?^xf+ipfQfm1>CZNinC&B3bZZoIh&bO^V=;e-jrKd{(6=CH*Y)PVQe_?l7wVRtjweEREgC zBN3n;qiQl&^6y(W53;cYJ1e?3{kvU`zjKk1!#fF)Y5P`Rk$=hqRPv{M>g7Lt2o^;d{}R$_1f^^< z9LCrbH~3E#MPhVvtdNLN{YAL{WJUwu&Nf&h0fU)?YPOf+W%RU9z;GXWD#0{ z6>w*8YAf6`B-+_XTD*86rc$q-<1A~2n!p2ce<}F^N9K&f&CvU?r)I}V1b!~Mp+Og^SA+z0rM&lI z&i$P9IcfXmJSCP+9`l!On=<`uqjRLPMiOVSiAu<7fSR&ULk5?;>@NYcUZZ3_>sDnP z`8?2)3mqG2w^pm+Q!iSvWB=G}KX|eB*cT3)&$eS(e+bw4kGLuYLCgGmdq2-iMv(J_ z{!_SIk>4zqv!D1ZH;m1phdD7a>sLn1I={>b9rbwC+`F^0Q)Q}F>Pfg$qf)1HT7N;K zOWQpz*qx;ZB$-Jse>E3Cv5fK*xCSNgui245)(}KqK0g+vwP(d%K?*tx?K4e@WUd5Q zA}sxCH6SKnYR6Yi3w&@g{(2`5+i^XUh!It=`D`REyVgvx ztTI@e-l8r`M`xmV?)ZicQ&^kvH0;MM3W^3Rg%KM~yfBQc34{k8~jTd`>bHy#D{5En;s%I@l@akJo1LcE49jLLD zMPfS#Y)6;*h{VtQs{ZF?lL8#gtvgKT<9|5)mmY7-9|RZSv>$bSY}y&~bpk55=J)f* zv8*7RF`2H&Xo=8?Or5&J#Qk)@917v3zTX|S=DDlf$~3n^*o9Ih@nf>`C6a8;|CUhv z@-T*@$`1s%fr?A^oA*~kHzpNlhTrb&FT=&$c48vQRZ5bHHnMMgK)9;m$r%LxsP3U= zD!Upz_^liZur0dV#&donj~L|_{|e`e9&;A8 z%xm-dEf*wdypA%>taW3U_+LpS-U2jp_=^8*VZVOL4i|F}*XNIl-pWkw)bo za^8+%QVdWEs2{)F3VFG+;3|hltp9r_#Wq3d0SS~y9Dp}#yy_2m?Bi5DC1FJ_SiK$a z^BNKZqaa1=LB*8PJ>yb^BF*M5#w0n6qGohbg}PJTT8so>X*$L9T+>laWMZrdai4dj zE;2vh1EU@Ct@%tE@8#tZN)j@ZTe9eX3pPY}jA~>=>QSydohnN^Pz#XgY8TIcx%G03 zL@cyoRaaZMXWNP%0j;UOGnF?xYF#ovnC{Q^v}mw`1P9j4U@(@d5T$1wo>K#2%MK3BjdsVuN$Mbc`@H|=ugkeo!2E# z8}%nYgCp9|&5Hz=>RyV9^B^x}zJKbs^3P-vWG4OajQN7t<%30}49a1Nq;26jV<&TGj=#^FBH= z>3Uq7>2gMZEg`M&H*l`dghU*q^xu9!2z|Gkuh*>1gX2Nc1U*7<5H5+0&g2FjN8v%m zt?9gCp(n!k)l?fKgYZj#V{Ez*WRw$?u~GZ zF2y*;gsgYsHUhohMYGe5nARJG=ue<8(AD-wu~+0V7WFBEQJul$uyjGfx6*h^<1fMv zj?~Qz3Dm$bzz>o`6+oY9*p-^`q7!#NUlEiEw81MA(1`hxFrv@?#(>5zdUYrN{Yis> z;tu1?sQduYNjn&l0HhP8dhh2>@x0&(Sn%++1Jx)4}`ebioJW z+Y7LSvN6lD7TPlBa59aLvzau_%&n(3;`BcgnQSAr{VZ2xj$QX=&)XREX4PWl5et=s z`85_}K^kQ{^BmVA z1--x#;^PI&xmrPdI-vYKkA{2yi+I3dEV)K!Clmg}1(<&5Px|!0Pn{m8CHZV|`(|9J+~2#ij(l?47A zpb{woE}9%{@&nZ8ewpi#qEWAufat#Ym$QyY|KSjKEi|C1a0QGIRhBO|a7X1A4JJ>N(YH+%k4=49YRJz~2&}^U1gl>5gAI zQjmolMHT7D4D3EfMmY?)_kq|Y)Nkl8+f;I-WgSf-*#ziO{T2!><}SR(i{x#0lKKi& zK8kDuj>fZ!CuhO~yS>03tjTBmb*wo84OQ9$kN(Swu|;0Yf~p^;>C>!lb{Jyy(X`_X z&EE@O==uMDjJ*X=6>QfvEC_l4K^mn)T2iE2x>K4X5(3g4(yda`-Q7rcr-*bTA>G~Z zU&naf=l%Zq{`qIl+%w?Z3RmoF?Y-Ap8+uMqevq@5+5PI}*+P|im`I>(pqXkpa&r?7 z@oheEsZ*_Q1Z3-g2yw}=3!k%}X-w3QE8J3Y*^8?{$Po4?x&#B6KU0CK3&H)GIBRem zF&btQi8(&q1Eq_P_i`;B<>6lK#8;scJ8dH@I+#xZMu+EnSkZpq!Atb~$LMc$W~mq9 z5baA4^sc&s>y7(jY}bF~9m)AD=$dux@3Ka+H^?=k|1`8p@pdgX8EK}z#`R<~Qek?! z#GlR!$Ve}ES(lShge%j@D;zP&#>KrkSbe=a+KqEMd{l}tMecNXsxt?t*|UAge=#zdhXV#g@W$r7fn7Fix&-b zOIrzz03z=n5OYkK>Ms8Hk}IhLuPf%za|xNEoJPM9*N`MUrljUAy;)QG_8Nt5`t}}y z;DN~ePioJlt0rtFMcfhurwcA!t_Z&Lu9BZ$mP4naLb`UP2;3GAzWqI)Vwiy@Z6zQA z_LHa{EN2#Ewh4t0-bB$xM$PlHwJ{wtDRBzO#!sf$tb9v9G5>v(EA8_eyrqrZFXM9wec~aB z>5ua($OC0(B{6_yY186M^FzFwyc+cdD{7%fqgh+bPm_m=`EVr`4&JAtyEoFc1(Dud z&R~$`*3#iBf05E!x}!{gCJCkVB~V168!rRYD4NbMb#t&DRlsX>Oe{a>0-Tp|!uUy^ zWlEJC@jXRLS@i`Wbv}9F_pPtIU&=gds9x#Q8hX8-e>#;jkpp8wsj^i;Is*qKoxq>P zFeTv^cGEu}CVT!pz4Lvrju_q|9+h_Ue1HuL28vxPr7xa0hX`c1^i9qe)$=Go4hH1) zX7m!nd;wm(;3r(cO*a;CtWy>k$av}TQsfQUJV@j}I^VLC$p1VrKs^GvVlB_r*i4P> zTo8@!B`+t5Gc0^K7oPAfT8>RAYh|?vR#V&wtwbN{wwbQ6f;TrAhHkGK_61*ceKy%R z6>!`rX||MP(j_|)%N2oi!PH-BC9{DxgCXb1QIygyb+%W@*zf(=JQ|75G(edy(%a2R zyTN9qPV3Pz%kc+er_CF#L4>y`a60FH`c)sBXEEG2(wQJl&6yxuOkM+eQyHxiuG9$j$TsXycAvV81op z_pH3t6<%IbKAtte9eoMYH{O;*G;<%twk7>ug9jO*r0(KV+E@N;{-h{JO@M?;#OL7e zerXaQ`9wcSpvxET!~=gL$*(?ZzwLqoOb=kui&ex9yiYG%k;NB;#2Pi>38a@cZkEG_wc? zl3xxpQ*;bO=GhuTMB9xcT3yYL{JFB<<26{|(7tZZwqKX!oJU%|l9GRPNweQpqqjWB z_TiUZL^V@IkX#$nH@w9M;-Q(o8XC-nAN`)ip8M%3RQ?YpkFeviJC>Q$>wNfe~fC>eqDZ#h zL$RfH&eO)z=Y5{DI?{7+>UU#*CM(U?DJ@^1JDbfu_l=4<64SN1EL!H~Ik#t#Ex%4On)6{EjB zUEfQ%`vE$a83VPRcs#zKzv3j>?f0Z-)1(_G;<12J!0HE{@m&9XW{=j#>!(Ss{sXE; zYgLGu0n7DnSBxv))q1mXc-59m=lI~!H(EalQ32=KVk|XZHF${gTNiIZ4v^?7?fVWs z^Oa`VsabqUU4VYk+J3+7Fj2r`ib64Z&h_3No>Qp=Lvdpb|H6&;S#Z5B%1)O`RYwq3 z@1Q$88A2mP@zy@g;`f)YPR_c_MGgV^Jm^wkxtHYUg6aoM9>K`(7FWi{f! z&kqv+7MiHg;b6xNPQh6MpveYUQM+M@ZU0%Upf8rfmQvbOcvCb^{Ov6DHo|;JLM-W0 zdA2nO2?6|)iM;NW*u>46D6Ke`8yk4O8sH0Z`hnwqsWG>2y6I%mR^bZNG_er3-rWBVig-@#D@S+ zP`IXhL5Uti%Hmhxu9%Z#g{V`{-s0L8$F?xE8(G$47u>Dea$i>!il3Qlk=`Fv6)of&K8VyZERra~4dHb_!=s{+ z$~0*|oj;myYQoWN=ImsIpQpP88@=s9ayayx4A&OrS=T#m8LM%QQyl2b4Eu#(-KlUG z5D)i{cf<}xBE_EdYBVatZCl@&at$0Wo{@_Yg^X&EBjl%)Fu^Kwz-L}!tROn$`ocCo z#O3Obdh}`es7fp1zrPPdrbWvada!iS-yAXZ)i7NIX?X-BJ{!OCY>$8SjwoOV#%?z_ ze^u_omZS|i-|OhLecNzk5s)UPJ`RMmeQpA{dL4W7wz?7`G;_j!hr{$icjEO9cXVfq zy#_4&ry10~&zs+UWokq{gsddU&Z-#)#rN!}vepj}jg6%#rMNN4+mkO$atG z^f4~m>5A5GZyu%*`|$i@+(H<Qd$v3&_~Y#goYp9eg!)ZAr+^46UjjAWLhC~ z1+uDM8(=|a{HxSLrS`Bs+l}!2r1Uz$!VZ~iWcO<*Ob3|#`V($R78=pR1hah4B=e#J`LC5aF5xWr4xw!W6pVF~Ct<~EwTwy@+>f@vcWDp4CW3 zx<5uH>(SF;&XbwagLjv?CLGlD^gh&WCD?7YQw?0pxe|-l#r`j*KvPu~@b$Cl)huJT z0ehn?2!yq_BU7vT!KetMml1Pio9~szT`I*4D`%p72)c{;X4*pUHMrZOWKERhqHF5} zt3@s$mz2BET^&P`u+wO`II!?Y2?fvyH0fKq}6#qAnpVCWB?POSW$(6{z&cQEYLy2-cj58dO}Zn2skW; zfGxQ3wXfy+VboUD&g6fhVmU-4YQF#|7)OC{fS70%##t^~s!ZhdSm{ZQ1AU6*a)aK5 zAt%VsbBDY-yQ6Gd3F3l%l>0F>8Ua?JpRFPtOhAdl_&m_WLA8n<5RTA$8Fbm==4q9` zIS{IeIZ3@gl7y;_0c9ae@;#JyDPu_gya1ZtUem7L|GbDW>Jl-hxA|VdrBO3fiG5;6 z1?7q%eZuOaHvF9Le!+VhU#P2ZbqRO)_71%yA(VUR&L1mvBIQ=DTGxL&Z9I>Hpds0_ z01{d(qFKyHR*axmJbnLjftxQvFrT}hNZ{5VWYIziXHQZ5Q>K8x9M`?JqYLLxf$ML0 zW%(=!WBi!MM@F*i&`CvbQ^Lqd+^)OifT`$*?jHnmmiYaDSdyXRv;kK_n;+4^M?Kxt zG!+zW+`Ds*fmM5x^3?Ll5gy{wQO|{O=%c7S1jL^t88Nv00CilMb@W@Sop=pcUx4b0 zk8JbO=oFLN=9q1+-ZACySFhYyeuH@D$3_d&>bEOmKBB|ZTmedu50g72gL z;ZK=asqPp!s-2JJi|XLNEDy-L^LcoO^!m!U`@5UnR!V&&7f?wo+^}{X@O?NZiF&S+ zLK?mNyVVS?)%c6SZXzs5ZY5Q{ewmiX@J!s+3BEYLh++)Cr>$d^2&q@WZE}EXWLwEv zIKe85YvOrD`{0K?q~{wc#HkAiycmHY0U?jz*{LVw&{w5$v+Bg7&p&|>c#yr|_UHD} zz}dej{)zW>pWZ*&jQ{z+v--c*T84BQD-d}xCTSs0{--tDRzjy7uQIT%K;2SH<8j=B zu~U;a2{`h_u&87Gv_M&$>J{TH@RQ3vMUO|_{uw^)KHXzb@-r6;a51_KzGAs=prYH@ z022jal~YexgS|I`I*UIgH0o${1~I03xzzYTbMuFFY2J+Y1ysTBkP=l(Q1D(ct*yXK!({c8cZW8XI{mg$`QLo%j zMdEOpzTzw1Xo>=$VQm1ypTF$j`Q_!0Vj=;BDzm4kN6|&i3O-^#xC(P-IR$HFIOta-(~`K>- zSrkc*WyqZ%$!%v%r>68JbgNQ4Ft<-r4~w!57g}hLx2|>^VP4=Ay2hExQ%sCx;Jrq-6&E3IdAieL>S)4e`8p*ZG zOV6I;b2*NMz0|-nMU8e(#HNu+9 zK4p^M0_i0>yi|){yR|kS;lu11BKr{fpz?w$n*NwNb;Q?#2-(xzp+t77O3R$5rp=a( zazJF0C9xm<2XF9FrCRv<+!8J#A$O-d1BH;!5j_9rdHHwCNQIF^{Pqg~3aD`3;aK9J zxWUUzZRb6{VtFcMy|OvrTk2o@&t4#Vb8QeBh=^Uk5}s;g4KOE3N{!Hi@PcC@6mF;W zTs;uBWRuua9-zkkT|KqGIx;iIv+XI{=`vfAq6=$+BAx2s-MOoYDk6e7L9=I|XgKLK zei55N0arf*cY`KW#6p{3S|S3iTR^dw+kwx*cOl~JwOQcv!B<{;_ikj1i-ZN?;}AVt z=%GL7xqF?wER89z*-6&7(MY9))ta!|bRoNWkOqDuO>NT5WeC~Ka`0lFQp7t~MM!Q6 zQ~N1npc{R^M5(8s(A4*K(o3T5A+w?FDCe!})sVRhAc}FLe*e>k^%O@K{mEsoAN+kY zJJAnHoc62hf5-g)30Hwu@a_I~Y4ZFQ#?y~Gl%IZ$qze4VD+x&nWd1lF$*)Z7a`-E+ zmlsfby!UBq5a1?4lCDfb0Tv8U2NS=DKyUg2+Ri($a6a=B?!)zvm#3!k@LK+O%;@wNx(w9m zht%g^PK4Rhx>VhWZrJMcA%w~y<~gYcKnPKs=sSpBhT2A+b_ZQEhsI7$ z#&G2x_W#P}k_)x<%kHR!#i~oJADyanfI-=gkzZbhgNOEuY@F3B9wIZ|d)b15aY*+` z&P&oT>YhxLDqof9hq>&-=hsTl{^!mraI{YIy+CQ^&F&%kzead21dtR6xm{J*Pfux4 zZVdx%dD3?4)20MIe>xBK@lk|DEDW)sc%a$Om0pV;72W!Yr>lo1j|mZ+pN&m~J03^jl*_HW zsgBS<7~86CNwddVYZpv47kqH3(%>y!a&?QTZSOli;1nJs)$n1UB2>|OaHOqfLYAG; zi3!e;e@@COi^Ok}x>L&wC!}GS&Xe~`MG!BqPhM4iQr>6wn%rJFW0F|a<-m0QP{FSm ziVMw81{nbfFa&w#&my)kzzcDF7aABFU~#=he%tn+ zy<2CNm2crwG!)99rUodZpL=nY7F&G+8d zOh3o~#de1(R@DoyC-NYxWVyvYf)mq+H)W6%K%h)kdM_npNY>_ED)c1M80AK>q$`LX zKi7sZ%{%PGm|_Mo`u+^hG*=`hYl*CI@WXno-uu?ETFcfHJ}s>|l)()zkKWI^9+z2; z&MiN8c^zoeBx4Z&n&f9h1=%h`L@>&br>BzUl+2i%e3r=T+=!Bv+mMEGJp!6@OdO?k zN=8PTPws8FZ*~G4YCh@_IKd5{`EAg`#TqX~s%SNO|L-8MZ2_KNZg7f)dxQV4&+j4v zNGSwiTE6MQGnCiLYsKw}+r^JSF*|jR2ahKx9QV1lY*L*sZ%A_rNffQJj8lb+yi282 zBu&~#aWcP~lty`@Gyo?N_Vh9GIbSUCSSq(BooN`fE4mC&WLrTqbyFRthEdH|i8me3 zl>iJx|2%55D`N zc#RLTDs8PjHSfNBKCj13(*aeC8s}vcqt(4kaQI0!kHL+8R@~c#xJQLPoTG(QG^$8r zjdMxHbftx$4Ofn)Mju$O!t)jKTu^twd-Jn{&9@eM`ii2!hLJGQt8U5`ze z|GGLzBp*c=%^vI}oFIQW+^3q52!aVFm5iWHeMKhPPQ1cwjggSDpVYwmnLtSYZpxVj zeVb?%GwR7ewREmyN*OGM%rjmOhth(?iOs@{Bwt~E`{{i>_OC!WW5o#iT$2*uFqa(^ z9=T&B=+NAPJKOxO%VSw9Y_CMS=#QE^lp$K&v^!2}eVp;04@1gqT z^yGz=@HkhC8OK`7stuM><9zhdE|&2D8&;*$=JRXrU$&v#l;z%-i-WKdcVizHHeuIez#eXDA&_;xWy&j097xLCk|v-c^m_%ft1 zM*~EZ6p^#Be_+J_J7R|mr-~j;!}^dpZbY2>)G)c~?rh_pN)7@3Xn~9})#FiMf59AT zIBzbpKZ+C2=C+BRuYBdEJn=VU%-q?jMjpw>fyQm_&0VSaM>p7Sh4k*4z+|UZX4V~{ zHUaKhvKzzMtVE`#+A9zln6Th~miq-7k0syTWRCLH?^o97R_AxNvajx*6*OQPrNxjn zU`F+!C1AS*U3%UN7uR{C6&0|L;!Jt3{p(YvPEm<*`ugpRE*v$Y&pxPC>2j3%Xnm>X zQLu~>AN%{?L;eoobAmxpLY>|_zyb67%K-yrA{sa+XD4yr^`Vi$diSgoft??K@)#yq zZXlWa)=w!?!l`+(NuMN%%XO$7qsCbTy@lMd)w@>qRf+Cbzti2TIfG^Rf56z1`rgow z>6c&E2htG}vt4d3WlbmaNEeg8$752)Bv z94M(t;xXw)v43+N=zFTt;6$dJ0Q@b|t9Bm5nvKKnmRRjw&R7P3n(EQG=|_t;Cc+lr zs@UTyX3wlvaw7_~4XUE^tX}G{B7WI!N#8BO9kCL!s712viX?py~7{>$j4B{K&oZ?{@ z!)skiaPE4^UxU(qxIThT(+3?(xs8#mY$IS* z*Il%QB`h@$yfOOJ%r-|ES$E&hxSe94;{O<8YyJ;6efF^&Xrvb-kxj&wK}T9&iOZhQ z81zMkRH2~VT|tF2&>lnC%;(!_Z2kYM$T~5DlzT$)O}U6H?<6C&Jhz>}i+M7rX<z{S2dc7SCR06Uf#| zLJ&3uz6m?!*>&8Zp*rn^(TVl4pM6y`=}02ab`uD^`W#PnH)XKw?TB9bq0@?swxCD) zrAmqm*!TvU)@+oocA+}^mn$?pB5$PboeD!*bOS?_2&t-s;7bL|VoMPN56nBE!Y5gP z7l3yf>RYBVuV;N-5E94dzM;Z7_@_}pjG@3$Q4{o9a;~PI;N1b9#QcX()bzhlYicmg zTBT>5t{@2|J^!CN$3I2)U&Vi%E3#DUSN`eCLF$f(K(6og92t#X%CXk`=tFI3zC8Tm zmyg&5k{lMZqXUVd2C(wA!9oMipL`c&8*VOcQs6;*bmV?}dqqO0n%&fo9(Et)wrNHj@8YOOv)4Yrp+QhK?-(DN7=i{hzQMX9@Mhv- zdh*8BEb%aYDspTlfvyJK6dtAIVbE;=6^}%>?>Rl4@=!Nz?o5(*Hm&yAO=w;Aq<*<| zYdvHVDYNj!=**Lgmd}jkO2SNmorS^-kVaj|NzClWrb*#INw{dalTA2;ks)KG6P3bSU_zthu>V)X|7e}*aHk60*e2X=@)Pi7FyGE8y_Rhk?eL!KlCAenV&P>^6!eS7;Hbp zY38a;3PgP`^V0j_QCF?nr2<@`Ek%=otW+z;6feB))I%jpmOq?h=2|lms5Zx_qD_-8 zXYUj7VrN7-hlOa)et*B|%ssDzAHM0?+vT?|D(KwXR!EfM5+Kf?f$LAIl^QFpB3R>x zyfH>^MK20nG9?$)_98FEOMi|CO}{Uqdx#hw^X>gxX2tPNsFXUDs9rkS)t7{p-Zxl@ zu&0<)2-a2rJ4>p9Fgn0!5vHod(FIahk$by^P5KC7@=nF7{tldGyJWt~G3;{j%BxfxX<#`<%J{zthW(AwTGJJ9}nu(04whBH&G^)F$z#Iw7ng947eo~DFF+Bk>a+CDB( zChI?nkK-XH>vF=AUBz?$BT)q$-sZYc-U?KEOji+2Bd8GP~(CneC}5u@^u0 z3t)y-x+*c!Xm$J+N2x;}z64g6k~f#~sX2qm8>%qbZV0ToGe^62|5O;>bU-2{{?(fm z1;*UUXS6k#RJ1LaVjG>(fyKXG=MrV2%S;k2F$PRZ2i3ee!XamJy768>ai%@S%x9d^ z9il*2z+S zM;p_9#CQMjtq1}9ev94hH+EPu#_|r={V9!b zl*ye27CvXH&(H)=@Z+Ct&-=Rs#w0uJ+y%#ZA)yKTe7fHtL?&geaM_~UU zgI1GQbjhUPJ{XzNAbOs)8qH`=`1HIaX<*b7MUPzJM&0D{ z<&AaS<;OR!R$K6>nvxB1|nnQ?&S>niFAMa ziEyDvJqdb4^y~7EEW(I9j3$@=yGHCqLlFk}Pt(os;!N(IU$ZXm*D(K0OEOXbt1)mN zoxEJpCqI%@=)-h{GhQ(MiwI)=>%k}V+(xB8t~$?~xHO(%PW0MRH0R@YgF5N1i&n(sCYKFB9%BOA zHj`XuahaAN&vUHp$Vkber)i%Zq>i(MdE*;wkm3*<+z_cRy#ts|gn7huk1Q6=ivJx$j!+$@E_>uOQjQrN+yE@AR>a18y%KmLsCiA>}4qqzW*B zZ|<%|uKk5eWf6kEH4cU0**+k}K?>-GX`s?)Ys>L(W^vq~61`P78tow-1?|4&-2Zst z|AW`RujQg3$R8H(g$KNWPkWX+{_%L%bgpN=9LLymUwT?Z1JCVga?`?`^eF8?Oo@D0 z4pXz>5T1yxnC>V?kH;s|mBymIVfY<4xV6JU_L}h!$WB%zZpG5`yHuS56VwiP$V_k$a|k&lSGboQ@WJ=VBXAvBQcu4SnB8~G?ttch zBW^By=k-?@xWEqjprHv4QKP}Upk#ybw`3z|MjiG-+^8>!Cjk-_;R~y@z>E`sEduPZ z5*ArrTa)e;5#VcdI`Fobe{@UR1uT++NP0R-^fl}3x7hi*mqpn(uAH%8Ic|15uv)wb zgl^lcev?8(`IQMIPQ!~7)Ej%vcPu;o5%68Ejc*ru7u;7>9=->xsk(@|)pN>F7E1>yT49k+jJqUG=McGMZjyX`m4Gnd@$XU~q9+wW zg~;b|nuzvknb%?aGltO-%r8>x1UbL8l~eBhIwo;7%ZQ4Pq9zcMZ< zao++E9A{%t$;>EmsZMqTynsmLZTUk`M;PlE{cEu<75_^$C;RU9D$HSfQXIJB2&wr!`KJ02 zZ!o1;d)81zz-gbP@lFqg7Qc<(#liB`$(AbBuM>o!3BbzF1?r1uQ|nRWcc84TQe|e{ z%2t4_<5iYS49w2JJ1oJ`dks1k@m=rFro`Dmb4R)UKZ$d_aAp2Vt`8>(da{sNR?fYH zo=GsF!le8A4cpsac6AmE?XVD{B6m7zql6j; zVkQR$x=7ved;*w2dcGQ0KeautBa8{J{pFpzcJ}u6?zYES+ppEywUs!@mSqYE!zDaU z{l2tGeZ?U?c{LNH5q*h;#fIWosn+^j*fq@h3b}@I1pn6DE1(^3w(;{wOr;khCMg_d zO(+5{;+vb-22tkkzVrqsEG{v{pvwd`R-6Ot=Dn~`-6bZHVkoxzTsJ|#GHe>J;0NkA zR7aOvZI9UBscU052oJHAtz_w+B%G2MeNTKmke&*V;+0JguG;fB6`uSIJyRVV(l$`?R;*MIBJ7b)0-~<&c{#gwM08 zgtq;Dgh6%!!$S3>gg>z+w(MhY`08$^obZ`{*esfv#T!rvy|p^ydhmM(GZ1L5KW1=* zv{U`w(Hd%m1$;J>Hc~Hj`Z}at5i9OP8Q4Bb_$6yszO7r^*i{exxWDC(9PUWn8gnB; z^5Hn{a|(0!{4W|HHItj){h{Q>nR{CvEQZf&*Kn-%{dID0%>LH;P=xnYfVrY1WJDv| z?0&!qj)=bfrV23T2;q06zxJk>FgTfA=?U+&p5;*`{rLW8TFkfjo3Fbcf26)@TBj;u zbHA0VcQF?~AO0AX0NHJn1Ov>K-d3E+zU-?7`uvX9%G8gewQI{oFF4noHVy@piiO)D zuQHb0gP)FxdwZul{B%o7Y-56|Op3w(_tfLFlzV>AvlOmD33z|c8w!G>jo_GlY5UjZ zh(yCfkS5I9t*#vuJwk?RCh2W^Y0_&}3#h{o9%0j_9KErBYa(o0uf08Wt}Cz1N{E zV*Py0q^ef(rU723`OZmjjU#O#|DS>_TeaZ?wd(U8VVVK($+WU8OHSA<;dSF;*VG}x;YSH{GvZV<- z2nuoLJ?*0txu70aK-8#IaHX1djirfgwC7_Js{6{|SZ$U|K735YK=a^)o;+W5kxsP+JFSD$9xlTddGNTb z*b5BsW4k}a{3iJ?WWcs_p%pWAf2;LyZ3>GW?j)x^N=C8XHSe`qyCw!33gjrTlKdB( zI){=C;*|?VpVbAj%^JG5&^}J4Fpud$OuoDYI`I-lI+MR+#gDIo@Xr>+5mq^-7-ADh z-O9N?neoJFqcm%S_z!s`%(Q$j`xSrNjdV~`#Yl{jQ|pd2k7wS`wB%ywd8KI^-x49V zyB9nb?6igneul*MHpKNTlVZDfLMR={|GWs)2)g-DgSF_SSDL33&S)sDzncj`s?|1(KYV^HnH}u=Gb%~U&hyfWy`83PjZrM$9dHi!@ESH1iB_PD#7B)ZY9}vzeh|Pm zs8T9u5yz!pLt#LIAZ@Q}oPl7rSz_S$Q3h~;e>@~{&rV90xr?M#UT2}0&E!kswtxLG z>X=Bg%yFBrARS4r9pcAc9K$;Msxs=kEsJGGm> zf+J%;!YSN*VMd*Nk{8izbsSKdKWC8o6wM&*i*;DZa!6~4CMaL&{3zAJugRV z*1C!8Vj>X!YXd3g(Ae?Ix=Yv1`%Am=t~pA@1)ehxjMTJ$c~=wO;&g z{rS&NdiLdBVlYVC$+pHV!^6T9QgT4G{pJs&{`-o zl*jO^sW=NN{QT~#@zC|O{Z?CNKYzV&O|{Y3BO!>GE1g4TxjHMNam{;WI#{H5Vn75l zU3cO{nxQ7&N}9|x?WM|?Wz8JBMP1U%g&MC?DXNYyy2h&ZC-MQ>ZHV!ruXP-tWjj3b zySPTr!k8hk_T;veMvXmSKn4L{J1;r+Bi}dRi{W%8%3WlY6G6&z?=3v-rY|(rOo2_L zw=Q`-&dyCOqHc6`ZcmqBLFziHWh#_?Gfhtpexd|DuxXZzL>8?KbfS7J$0_#tL}{_IdO@AGFP*Xa`1h~n6^qV{uK>h+*#lA+iQ*?1cVg+-oV37IBkgG2ke>^(8-IZ$^%!{IsO=w;-o+-5m`Sm?% zV8}l#45Ii%(VG-$*RZu!vWSuB=LY@AyKCby3QTw4Wr(`^7o|QU8X`z? zZuZc^-AS3nnEMau|NDAA+i!s=oS(G(IO;%(_0*s!r(oU^O>ScvWDW&BIigTZ#%r5T zjl6SU7Z&l__}tIGA@!z=pE$Z+%BNJML>t1^ai0hN)GD-SZLJJxkVFaIj*>qBGRJUU zXDwapZnCIWa}+~)?T!A8>U#JR;D$Sz>%;o`?{L3?J>j!AR3}E{q0*`Q^l0-EXkaWk z?8)&$kL9!VRr!!zu{=9CZb6xFH)&DXDGrQr%R~Fmj+)AgG5qFS(RxO32(-*4BdEgL zAHL=$tU@E^rOWDXGB^p!Ej7JhqgA0PsdOG)&l~=Frcgkvyf|@Po00XQR%zT?!Kp|V z?_#k#D}-HTH(-Cu=WIse-AOq$WR}#fo&?yC=tdQjRN5!zTQ*~`nsq!AC!k}&aR;JL zx%rKAf$oFpsy(u=Yu8K0M}?!##pP&&CYFOy)nCxWgQ}Vue};4XG=BT@c?8v9gj|w< zb%pb5@H;tXm?v^vX<=Zb2CCtyA>j z`9Sqwj&v0J!~#m!K%w2Vux~iqM0)8xqlUQxf9ig*{Do=9-c1U*neD+XY$NpHfi+)( zz_0PQOv{&kgl|jstwI^sm^edC&%igb+`Za1`jO8dXG|wN*l2IC-7gLX)_%ZNoRkrR z8Ov2>UX~ThMP_!aK?kK(X4Zi(+);k@{-~Ki8J+%N$detR*qSY*8wSaIs(r~5k=tm5 z0$$D^Cv6;D@zI<)@-MAqafKc^QvHn>fu9i2vn`j-y_E9aKJDHIp_Lx^ELTl0W$bVD zQh)4iLtHL=FS6L;m7$caU6WhjROVf77o;p`r*-qv^~fkzUjT~Zd+FLEqone1kl6z) z|3D&(Hl3QydHd)^&R!elsJlyFMUX2dt;Ceo*2DazCyX`RMZ1H&bE5>L55q&M~! zY=7b+YHnaI^ZJ`N{lT=v5LosEaY$x^!zy(5LoWa#`LU(gGi;4Ywtx zd7L#KAQLN&HILE8#QEXr5ZIAQqvSXaF78)K&X;w!P; z8~?sX)EVpSZ8vjg!NiUVaL^?w* z_aG4R)0rCf`P8v?F`z+N%Q4OK_935OKg$v++>5dtSh(T+7jBXRPrv7}pI6D%1Zj3Khdu)qyH&*~eqtqdkt_Wk zwiTV3O0|c|!)b0PLh5qzYlS@_cr$G!b3C|69q$|ygoTB(W=Dd5^G5HTYiszkNAN~&J?@qKe$afMFVBqwm_+=n z{hc2<-Uu7S3R3QRZ>gcDx6zcvI9w`W=zZRQFR}CL(hl2wD(|Zdz}zJW+ifM`1gyPi zl-G5|2)b0W%l0*Hv@is?U)uDJh1nAdc1f&sjui^QrSPeSv9(ui+Px@@&! zKNI={BsPc-fTo@A)(wAt$g_|42xGfKZ&Ykn`fxLp70y@MPM1)|47Mlk6Fwp{HZ9PO zOOLRizuQ8=W8!fLVgg{cUu06ob@N;f8pppZ?y6kTm#54}4h`O0x%QTW;8Ime1{RGqB5QdHYs8;hkR_ zlRSB0#J|7_3$LDc=&Aet9=nL*UjWWHA=55e!w;9fw`z0MCRX!7Xg_PNNhMGm(tkvo!Q8(M@^4|wH#CEo*2K8b4SHE}Pk^xLs>iWPpH~&jD8+ZvL z5&Q|TfB)NJ3Gm1YN458TNm7Jwm*|WWw!sj4vu^xwopZ#p7!7)4JU6i9!ux(F*%LxRklZHBURrK3AOKHhsT;(2_4e90mccKY{S-Dz|Bk1G38^*WRHozxQpH z&x>R=G`w7%Zihm7&gYD}r zJjoRP;Eannsgj=Jxho>`+-LI1GH5%{#j#|NZz7?hI!YdHrsDJO-bUMfDDcxC=}}b9 zR7=qdVRuDjRJAH7&$<6FL@LgPNkbOWUTwLjBm^!IokER27(U!PkG*5_0gyl5VZ zeVDPn0RWNg?mf;|^f(d+cb)mY(P`@jfvWAW2~9_gz+GPDD~Ewhwa}1|)k$1;`KGv<3@Jmh6V5AnS3{ajbXK0TZPZz-8K(uB6}q(;T}FP~e#XP`b9T zb^0BN0>IsAT+1Ym0q+Z8QyJkOR0XaStm1UKd#Q>^jaGU(SK(Yg>QWq~diGpI6pZeR zw3oi%dDnj-lbK#v!*~r(54DhgHu1wUdi3KI^}aDNgC1w0y@stxonYt=eaT2e^a*Cxv$B z$>`?GgkNjW*Wk~Ch~a#HxrYAWe*Nkwf>8J2JbPhJ*%cpPmBiP@ zjsFi{Zvj>1x^<5$!jTZzfP_k?m+kKyn*&KaIDc;Dw;&s=lPHP^1F+6n2*HaDVo23_YuI)8sHf%BlW zGqZ&d9A^2$uCLAWf_rs>xH_#-0)^E;ZW~m);S1HEQN0NIAu$*8qn-vlSWjj2omwsE zw_z*nX{eEkfG{1|R(e$03V1Z^uK)NhZL6_N*#7kJ0h9D|*@FzbAxHh-`ayB_K?ZK_ z!L(%YTa?u3+IGSVZr9_4LE|ofF834Xf$0~0>AsAY$arsRGVIhu6`1&7pJnxDVR>4& zCN1RLbk3Pot>&wFf90zzxrbY$N5v*>pN9JohwFxm=QN%UC9w*fWQU6b*AuDeAHMz2 zw#!aWcf0w~`Ej+FDsSsi*LKuAd5>R9+?HzJ7kXlZ~#fCppWNv+7)_tir?zEC|xg#fnwe5eYBC4fMhAJ`0hY|Ks)i1O) zXs!9_l75%~_D^BfF!9~gY}dt$^Ewtpx%tNHu(sV?+r>1G!1*8I=odLq{NI{@N-2WI~!=QgP zxd^-Q)H^M>C&v5NJ!)L!uL-Kf!xQ1_#bW;N;vUfl)hJEH?66B%w&Kx(yZChBz$>cUT!VGJAsM1ZCQ>g}d7e zdQAQ7fhhw(k+IX?16v!(1r-&z7|dCd0dX4MF7|9^t2)5EMEmVXAAla ziBZS7M$^{QpMuOEUaR38zW$5H)r7`;r@#1Hj-7z&;g+xg^V6hd2tF1jWBA>n7yZ!3=VyK0VCVP{0QZ8bz01b&pIx$N{ly z8kx$Zcf^l0&bO*=?W(&m36G&e63z{QlD$jjCLZf5ivXp_pvA5%a9Fx=5+oBg!l!zl8*tsg+Pwq1EBm^7K1|y4K zK?Tl8+maQdp^0oO#$dC>+fT}gH{1HsST?(#VUHAHY`~==T*Pp|q5D>Gp`w(*&CpX*xjY z>ryJZIbN!gls(xz-Mn{$7F3mW>xJxz{`P6R1`Ij;3-u4VbXzjR>$;j+FQOy|Us`0n zsZL3FI9u>egEO!3+Ngj9g%iGeOq+nkq%9&p)hb-i=HqNN|F?T~#6eEKVL(?613&|7 zfSLgM)V-1uMVwmV>J}K+TukRGdoZyN7Hfl!I_VM-9Sz+Hu55k_tUSY73mot%zh*po zA7>?Wbwe`wZHT2UF%P>-2O|ej447Lm?BlFuChXHEb2=iPjLzoh8)h~cv#UA!0B-TG zEP!dHwFe65o}p8G`;MHea9z?`1XPU$~$O1kj5+OyS|hB+C$ciUjrE# z@)6{WS{=8=ZvIj{IgGRwKHGJ(et?guC+v912`2H?dS1X8?aVT5I`=U@;~{+T_vA=|&hgeO>_A;w|0mqID|;y^@U zQkkYSYGex8FXb~F6xDqbkVl>sN@Zj`^puW|3Q2Dp>3cr9HFXn!jty7Ji<=?gbWO}( z=vG7kxx8^r=V9+pnb(2wBgq}_UTn_SUGm-(_E zg-1hI*c{jUwWnRqwGfUwBK9j4j^2LU9CD!?;Ve#$q&$)yu5T45%D1ELmR_;|mvqT9 z3rz$q=*nLVZNe4T#>UIH3nc89?l8Ab6Pn^8MS=^Ie?NZ-jN|BQjfOfoy3d6DsMRob z9>9c=?sMxK4`PeYgp}PaEiRrhv`6vg*40Gidd9RU)+~1%Sp?>;0fBb&skWe3!yDV( ze$rfOa=gC9IqQ)pbL3!w=8=-E$ZiZ8(U5{_m`4bY(W+LLO~ogGaW%xeC-YMcvzjAM zsDrFMxc?c*RU4)_NUPPNcV~d7G^)*|9Fn-R_TW-Xr-p|(NCgdSf+3!)t%zLkmjGhL z{Od&(&N()nYZg&@E~PRIl76ohTH*EBKa{f34k+81neY)w^bbe)30)9_MFJ$}MsC#5 zi9Gt($>Y)h`R%$UJ;smcfBxSgm)U>%E39T%h-&Iey^s<`Zd>U8F{;DUT z{A`M_6^b1eeI+D=OWI+PIHGg?SKeMPP}u9cj#dE4{Oyq_U{dlhy-Lf!fz_KYN*BV|SbRp@J$4?;L&n`2deOr^$pD81KoEH&SE%sw>86;2Xhwi_0vewbu`AC@24l`K476_?V)qJX?)_+EvOY$t}B zw5J9e#m^?iv0F1WpxE=jec9P5x5(J}0KD*S%z{ZLiuHMfbGY4i)uh1+XmR$>#NKp- zPAK(MXeooF$X_{@5Kks8E7)TNR1_uwjIA7W&6l`UOtowpC!}7<_l@r0G>fB&w{*@` zt*llPV57#}4uXW`bBA>t;wh)+5Rj{HqOe%h<9G15(!aa}f9ooV$cX4ST*3lyi9f>i z)_b%T`{<7r`>Fm0Erc>bGny-w@pNw~@Z>7>OJDw=N?e6B7Hcf4LV8BsI)`Z#YxyT{fU_L!sGc%nD7`?jZ`O~LPv1$-~Zk=G{W$gg-B zgl@uNWbY}+r{9bixE^6U8GL-dgNNZ-(c&uf7vUM|-kmI?cY-bcfk;Cr9QaF4CwSX; zn_+-j!Pa>_92ByHH!*tz$A`GnNrtG*#n__yQ>e9)X*W+6i9weyTqP+ciHcIH{dAl@ zuY>aV>TJpgA;bZ@k2NXYFr4&P66~)K`@-pOm*VbY&&3ct-X!xhAAtgZpzE1!)_J&| zVt*&O8DaQuev}WqdYvnTZg3+M4+{@{^GIL-ZUE%1q)VMI^&fRJqc3Q`diaMJ(*|Et zo|6ynghc508coe5kjlQF0;(?6^+C8KjP>(g%l2qW#zX6~)R^i4(0-UMb-@8^Eqw|= zlaL5iT_p@SVb)chh&|~jVdrJt=>u*E9O<{rk5_K^K*)URG%%R_M|f8~agbf7v^+U5 zM8Iurd*_@UyBI7-9T@Y7Eqer zDQ8*g{L}NAKzl=mRol;9Um5N68W-EP5?0s~B=n}AG0^q zsEj!MSZM%$i1ytN+Qj-Ly8V>igEQr^+v1o1rbib9vs9)o!3Hv~?$0QH`A(Mf>&R9^ z$%Vr6@{`615FW)v0x6{$X`c@V+LW4oypI-iU8LLOu#vu#g3X5GyNZhqR)yr__E~bk zWA3ihWSZ6LzZ>3XG&?sRIY51ey4#K-B>5pE<%QLk}}{*q?Fr_X2OICx$^J&?S6N+d+^ z#}!1IL?V%ed^<)R1)M7iUu=_w+>U&SnW#d-v6f8ZLDx=j9R>U2?q zsc*7`^THj6ZK}qpJy_y`fNG2f{)rW_HC>jW~R8uQmn#`191 zAJSk`CpqYZcYw+Q-ETaDbl6;+eQAV#5JZ2;mnr~m#$ljqNY%F%qhR|`K^#dDNz8ys zY)LVCxi&db{&&@$FN|K2d%oy-vBX@Jr}}fZ^D6mf=%?QuQS_gV=r30Um}VO#e**CL zjMyzoir+xs4~O`V-zTLo@anFf1rG3K0@CwSkRJ8z+l+yPdA9|w;vzr6VY_fp7w5pr zFDo5iH4Q@@u!Q3*JXnB|C*Lqa7MP&dPs|Y0SO&MyS%xgIGBcC#8*j5L&|v0MLHs`a_V~)nxG46Q{^}X1E)BlHYnqhGT1JZISiW z97SdMFI_AxiXD4%4T~5<|BWB}ZW|}8=MVi8(Lc%Gxb8p-X z`_Z;JoN!|VH|ANza+0W%k!Y^lqBZFr_1wT`AXDHVzoBB4kK$Ui0J*>BI0BA=q8-gDBhch-9=*uo_}qR#n5O8xiRWCvXQkhO_=qw88S?={ynW=(gCe0}ZtIplAa3 z@Z{6PE*?QTmyfFn*sxjKIB5M07rC{*Ip2 z&gnF|L_25v&nx?f1LQd7n!mhtsWn#=yXYcBb4>1fN{8_FVGN)p3;2aQsAk^K(KvZ^ z_VHPs5$+vTUr<^e;bJ~mAMPsQH&@g2ksSJ7mMXK~sd#9iaGj}*?UQ(n31D_g@v;2h z*V(q{8wBiM7QK!dA~$ZL*fd|rV(kYyJ*V^fP;r{br7jWGukq>S!R+Gx&3WiTAWh78 zJOih3f~eRQEl3w23n~{GKzq}M6OtE;eP9-a5zCGm2=$CScYe#PY_PfOX8N;_WW>b8 zY`|jkX=`d+@#7jPBR6;9&`r44RV~|0$c3`ly@x+Cz1PO#dY@z{m_8h6gzw#dr^nWM z33+Z<>k3Q(3Sip>RcfiZMqT7@(%r$iI;`u&$|tS67^4B!3WWPrcBu1|%0bKF+_U8# zeMZ>F*nF9wq*m@jIo?-4d$;X+wa6kpG62V@0FuN^f$ye{Px0+;0SzU6W102CsA$eL z^B3_R_c~HiQi?VawXO!ptIN#gCG2&TNH#VeEi$dNLlboCd+ z;`E=sU+8Y+h3_nhg%nAKxaOi?0pD!X=oX_)#ggPHdE1H#t+@|DBsp8c=A-x>oRrd zHp!e$zQNc+u9`f%n>h5>Z za7kb!rC2O1VnAOjBG~8_MsrcN>fC^b6IEq}C$(u|1;`5r#fxwF##ya5-`#UjM)zSs zSAZV@oXEQtH6l;FnHA?JW2aS|?tUVa$l0R|mi>Z#2d{X)6zcga-WGPoe=*(vwh@6p zR5)QKxuLLAc^}m`z}mwLoRh5dJ}0jDg^5M% zk}REU_!fjdf2JpBF2n!m&E#V+H8)!t4;;9Ss=LZR%{e(uJ#HmT-VF+4lPT&8J!}k0>8lpaenK!*g6)|M14e_SdG`ans(XcXDvzZ z{3zv%Y-UE`YOl*VtDQt~Cvh4v;WVSa7N`JV;qAhN!A`PN`*{E+b=+OpoT<J)4KLY@$t44c*J00=JVSz9t$Fky#?iwuize41oD$hB?>=jh$J znc?o| zc_?;!1!(riD)+6acnZ~9c)}l=6T6XfGUgZ+XVhbLqyt}W4!8f)k`??Hte{1C$+wD{ zZAjZYu4@AB9^lkTX?$~OQ7YHE%WnL`9x$eFciod_olEVO#n9Y^cT-xJS>)cLqWq=1 z;P-vnE@ppsW;C+>+r4ZVXHW2|_`BCuf2(}d8j(i=$C~qz|Gubxbri!}^S8TCfV_t) zb1d`J2J2kQuL_iscwk3cqUmD1AZI<#`=PbAPLWx=$u=|EJ>VE^_b><7KMs#PWdH4O zZ)edWNW&{{Y)l73ReN2$8BC>Bjxg2~T;x%O;Ugu13;zN9x%?LHi^a`AKRAt{O%J!s~_9%HP|As@Z!FRLx)XJ^;_rDj`#hQWUZX8e+&Y z8896f?MSeDQ$)S)8~$L)ejN5e1*aAG13>#A@ptOq-j4-uJ&7xO!JUiX5lRS|8DwOik)B)cS)ou#XVz+>KQu zaEzC;)M|Z|5>fD4dA#H|q9YxBOS!)kzrZ~q?&uqlJ`1GNVzPCzBqA1}3hlOsd}6f^?SmDdMq!J#`A zCqJqCPZotj(;#~k4y%A|vP{SMN6gxYCLP21+Egf& zI8(9*pX^eX{=)2a@-pim2jn9BMMh;A-4)w7CH^S{h;-Y-CwRgy^eUDx_rO4GM#L+B5XKwWbf0{!Kji{AoGz$23mh zcf>Ja!I}gUMhqxi?}?b4n^jVx^!zg`Pu>*o4TZwCf;}1zMk41&^gc$1!f@tr<{$kL z$iX%8&tJ`aKFz^5N`!xAe9$Q|h9rD)XR5CM@izJDg4ldtmS1DY1#PE&IFKj9BIwe8 zC>SyCtJxCs=~dUrK!#fwl*(|qhdLv%X5*txD-cr1-6GON-nO;wDam{ za$izB!FsG0VYZFi>{_Qjzzl8s1VtN}XX?;e%+hP#sA?i1fPl3m1=Tq99;$g5y}mk7 zO`q$eGHFrRhQye?b?TtAQix)M=jkJ5Bqb9X*@~^p@?sZ{XO?i2oFaOXYH8sgL@jbc zMZSr2h#h`GaeIZ#>sB9Ae##lrcMh&o$^-)o9aTfTRK5*j9)X=ZpCg`jA9;V?OuD$j){fU9*XoN3+mipeSwSY@3bndz>R@&e3LvOO~rhk1=HcWo01b! z5N3mhUJYtD=%}X}5!_l}cnb4*LBE7-EA%{~#a5E#`PGn>XXgxvqhe>f1&85W#Lgc^ zNEk580$0j1^Bbd7DX|CV0~=k~ki<0#Qw{FM7wKxosFn>z^}P~Y3NQHwE7tNz74X_npZ0Oo8+w4Fd* z_vevb`4L1+nOt_cn`XT4b!9k|$|ILnO{|eZ;uw~*v%c>`BM+oss>~Twt0R?dU!QXr z+xkdPIADkbLX!{@T0TKNye*Nf;CU<2*PyG}O1mg#tT_<`W#8*7!eMrd)?n*`*+FE+4Bt<}$z zIOqYo)ZRdUQV`FvkJrPo0$9tTBSLC6zqnVQ?N(54k2A2QZZEi`UilKg@LyAhY$it8hHV{-`bpM96b%dLCcZi2oD!EyLlM$>6PI*hgkj#zzs z)uFw30&mee_FdB|pN}E(giosC<&_(}h?+ff(5Q5qlW9e?C2?6XTxUVQ3hiQ9z{Eum zS%71T6Ay+8aLzCH*U*oMw&(Arv_6dDMxZSNK#K-C%`bvAC+yqo`4 zyH-pI`SgT#n0Ix&bUmEGNrru48BDA&y6l;l757+(jwtY19+79H2*~`w1b$%v6Rf06q>2rEx)yb>ZzRzl2IkTP{b8KcY4bV>u1^GX|CVR| ziScQ#Bblzv$!Dv}WJsQ>|Av6+M%cSw_C5zvrQSZrGHEmTL7e$j6kweI{8L>cb4nLo zIpOlQjx<@7sHED!XNJH0cGyijZWmeis;|c>(b3bzjZsgD{KMet=~-;r%^^^pSpNd!$b4@%B}gxLZQJ#6jEW zdp3Wdh5=ly+fIoifUbg2fyX8jNOu0`NQrP`n7y=SKBRa8UiEb=FuQk>u?AFTDUmhR zu>6Wmh^g5EZlj`m?-!en=yf{QJ8ZcY3G@?2*t4 z{l@uO{FLc5s%7}-gcjA249(0l6dkBy)@Tc__4N-3hrdmc7`5z>)$EI9E4NNj z$cjQUCwY2@h9x~TYRewygo=QcI9vjAWzj82rJc1nCVdy2+ILO4Q`11cS3G%S{$XGj z%zoBLMh@r%0qJ1DILr15SBn4!4iqz5mpf{GZ%Vu)4_JX0X?hF*O|Y=>o!#--TU3w_ zCdNY3xI%-Dnh8P|8^i($0+ML2vTd4x68f+_S^3k#G&Er&e+F!}%^gHNA>9at5#a!8 z9BhQDhb%n^7CtcM(F&N?>1;Ked2{b~E3!J(~5Kby%S>@ zN<%^_A!hVU5&%Wen@$k`x5VZ2lv_@0+GIMsHDQuOpW~o_zwMZ);J;ltWK@9d8GoQE z=z+zirt_6J5R3J*4l&?-dtg2ttBQi&cffc~J+5g5^OYMos9vsr36TA_df-zbbu9&l zDD@{VSTXw8)38cAuwK{`Rgxg&p$$wAEW%f3df`lXj`k|a*(GU7s#2nkp2&~xUyY6q zrn=yJ+O0-M-zcKy!Lmy7I`bxx_RkC-{2ou8S(szr0cpt^0%#cpeZdUpg<%QX?&)9*@xdS-6;O%0TVHq&pg0MNh){O8NExt+TeZz783yyFZL+*^9pxhwMD#m z1m>_f49j|QMaB3AUCUCH;<($^`@tX-hP*BD@XLcWV!RAUKuLB6&+8Bth(h4XLpZ7Qi%r#)wg#-62 zxH=iMf=Zxv3b50a8D9A?(+B5f$zs>g19|`Dmjnj=wd*5WR38`x1hO55uq_ADmLYfe zJ)>=l9~kisn{AHTv&`wl4?{b>Jrf(9)H4L_$lK#LYp~3|Y1GvSngXZYx14?87gq$V zFO}st^)y$kSfNuqjiJ+T-4hvqPb=C8dJA+X$%e+!*Ph)f<`?Wx5mQqlO zMY57_?P%@B_Vc(cVap}|JtZVO{!$%nL7(KE6m|oXyvUc;_eLK+m`54`2Ni4GYvUM>DmL<`dz#p*wG;9ThOW} z7#T?bDhu>>4ek8e)`*g5Dn@5FiLzAc#9@GH`hik# zL!;)MQ_iTSDaDKZ)f3aJ@2m4VStA!OZs0VtU=V#L92*HJP&J`%q{UV8-s^69ruLEo zL)Sto{}H_FEHzQuLxs}iC#}l{XfGZ4BnQ|O$qpi}TWJAADMiY#qU{Qez=7W53 zr_BgA_fAlsA$vp-u0VFY1NC>l<$q17mb;4Q7fzS;q>xfP>vjM5pnp;N>FWeJHy{|1^@X`HowA{sw#FFl;Hm7FIW0e0;D{@?KlvJlC@0IUjb0*y>ds zV6R4|IX(+|YUQIMyArnSSA<;l@*F`E8%6>AM_Lv1kbRY2}O$X5NUZ zoc;Qh7Vz@sz<%K6@xB?%*X4rA#68ErXtO6m$->s3Yx<6i0bYI&eH?{&mHp(idy)OF z3E~rcyH;F+StWLR{b$v8lVHj42gX8rH6|Y&yx6rk7>eueZH>PA(UqJo)jA!@r{ROW z76YHpkbbwk97qIr4PgzlUscat_9{zPh;2-Gw(L|TYwvrl$lZn1b^RQ+_$z}w^kQav z@R`^KswxeCJ6AnpeU&>p6h8;UXQ{&auP3EBJwKyYVpRQM#zv#iLp<0gFR2>~5n6g2 zna~PPcm)=W>pDe3odF&7XNHW=-}K5JjU^S&k^N&g96;xU{aY8Y#ceH8>#jM zH=!pGF^J{k`AYK)A4x4Q88z&Z(cRKPjG4rt=z*CKYSm;&=-Y^>mTkN7rqCdYL z^1g-Xn4L}m?>oY<1z-|@yWdiO31uHlE82OK3SF=kad~E&^C>J4nA=HUq)3{W_P;yK z|6P(L5?Frz&8Ua2>sDJ8OJL8(z9;L3lKk*s7PK|lon*Yj6I0kMFpB+R6qrsIKuU?= zS-xJi-gr%)R!?Ge)&xm5p&vE7p6*|SYxEFImv6wrQ)%}q0)KtUd5a!Vca*|$VqS^) z7jyJ~cu%Jk!RF$(7TP_Z0LT#P!PyakXOFJ85 z1DvGd*7YoDSfO@D{&tOz*GskWqb$0lcuYVF2jYy5lIvKj{<3i=u z-V_!K1x6U5N!g%Z!0P?>3b1tDadr1$1Y1i2jQQ_2Dq>wxU}nbdZPWSe#}U|PKuE8w zPgbl#v-P(@P}jSrwVNaPobg_t7TOcH*(dM$yFVl_!k#*l&QA4RrffZoB7VPP@vbv* zPj~5RVP%n#XYDuy2rz-J{wJMOYYzsgei4PjgqqWY`3Yb^Z{ehxR|~Egyg6fY;5!QZ zXfTyK6U6k_&(Bn)Eu?N8u86Dr1y)?UeP-9;TTQv_<|;?6Yvm%s9VBWwtcPi9ACBn|RvJolzSL^PLSCONXm zq?@rc`Fj>7>!VtOxUNv3Ta-AtZa+F*@#9w_XAk6l1w4tin`;iN8O^L=B6|g;-C#6j z2XE`C96|mt2DJC$Xj_~}%tjgyWkrRZaK=M5sDYbY9+&ZU6Lw zgmNmC0i}?gP{5ZLziBhVeX~h)rpPqVwm^ub($;in%fK;(#6Td9&r2m51t6)j^om+V z#u$mTfjH_U_w7`bqWDeHWG-NjteIV`H$4h|a^k=*LaVO-by^?b0`APhJrEdh3ifdo zU3t4IM-|}H%LZMF3{>nEFQjq#QFhn5)p2f)^MN^r4&clJR+fErV60Bw#v34XktFiG zxac91k2?5)m$(dAJ2Lfz|b?dmvZ$&vmd%7-arV=P1c z-9nz6EUq45_1rqd##O=z_V(}qewQocJ}|Xii57)@YJ>`Ztk4Gy%ht4T=;e*h*Z|;=8UqgG*11@Q^n2LDK+w z^k`-@F^T7+ zoG=2p*P%pF?w!MldkOO#&QR;@O|6~|l9_%6N4@RH{-b$3F;H06s^1oEgYG|@|OK4x9uj1hBgWFL#Gqx|q_ zb=}C5HiH8t9A%)x1z48HD_G^w1&EuW&M!nf+sGWXWh0biiO3fU9EJUUGHXY05{;9L z-F-O>`sXm3Jp=MazQyZbo0{uy)#u@lJ-x2<@C)s6)hE-xz77Z4OH+{EVb**8h3_wH zZ40S};HGqomif4y-^}B~SNCTy{l#Qs6y|h73PcMM@1tCwuNWUTgPAopW$KXM_+r+G zs6b_-TTq1M4qI)2HNRqj<){V#7J7Hh5d>xk znBQ5%;CDKDLX|&Y0onS?pJrpw+`IlxPdX663TPzRAEORI3*7aBzH3g1&*BKW*C3Z1 zEUH95+5az-tqtsLh2v(`!K$$2Y-*`xCq{cDD=HRz?(mD39XHPD=?<1}Ccp3!nAq!zh5{TlrLAG!QmCJK1>(9lb-L}7YuR6j?Piyh`Q)cbH zYqKMcsNPzVqO)%l*hox zd-hVvrldQZDb1GoX20WP+&1XqmMMc@=Q#39kMk_xhT6R)&HULg#m3n#w0Fx&=toH;xT#h!4RA==mDDf zUY%GLH6NYTYaN}7K5V6#$hcxjGX+BR&mo0lpz4#*-=dS;7u`RIP?r|W1ydXycW>fS zEDwu2wbL{8pE@?aef&iZhPKMuYyoDiliaVmJwoNS-K|CBRencmOYWlqkhm^T)*^iZ zzd>vAs+vDuq4dpShHf9m-cD0HWh;EvW+-RI6r@rVSsZ(|@@X{Kjiz|mnV*}HKyN+} zk-{V6h-iR?4E&PW&_Gz>-}#!<4sh+dlr%F+GVsgJ&zofz_w`agQG;&e^q`SHem zspK}4Y|Ecy1`exK4{RGB_F9GB-WG^ZVzzz?c6R0Ogko=EFGGP}q=R`f?H$Uu7;u7% zz~fBj1^9Jv&$v^Mp>xYTJldA4AXLa(Y{<6l(jB~C8^=*u$Y)Wu;ruWHsG7^`*I8g? zm@2I%HIKbyWQ!W)vRvnC8##SuinuzyPIg6p`Rx*Vp>}a~HRCl>qr0s}SI(a+m@1Eb z4?pvnn=7iFd~roB)A`oRE#tru-6=>NYHS?QLCy3~iejB`+L{5%@2VX0T{-7k-^i~P zi}VOvyOtWpZ^4a-FX8)$3ot*AIB)3t1B|65>%}VN%7d6sAij5i)#<_(uVJGRTH!(0 z%;5hVL|NHFnvK{3v6b+EU1lR#?kXbYL*hW%S|vw($eE}HBg4YKyxadtbb~KK1p^XM z4`g-F;9wR`^3HWd}ltM4g=?7N5uU5-3{I&i#P0!CVBz}AG5E?#EA7gq%FBp=u{ z!8K+l!ln~>J_ej?X^W#iKSRcfDig#TZ_j|iueNC<;hFtLQ2V21GQtX`pjCaZ}ghU+FT{VTi1s+bpR!s(i7oKf6 z7zR3P0-esmKF~$FLJq_`g4-Bo)CfIXPJLie^n_{DDL>gdl(3g6yY@*W)l(R^5&FK4xUK0&=K(z=$^r2HHQ=TWaAQKP zO@FUNk9#l5-WkG^e%<1EA=eS47U8j_Uh>*g?_^%rCt`Fe9n5Myxw@W~Cp8IvwEX9g z!+AVxHF=0@4C{o%tRvYJ;BM@LPhWX~`RM&R8_hrHj0h66g$Wb(%;pZeZgX7&(VX)Z zOuiHPPsDWim0asuL}3-`5Ic$LMkRN9sj)3rrOK7;{bcBWF6)CW+iLb7Kl}fFGCn7= z&qwWUE|NN#1TEgA{tUZR<{X(+hS6==gxMTRw#oUs+|o+Tzh^aquqlT!?WtoRxN9Ou zJ8eeu`nE7D{WvS{aw2lzA?I6K2I_FYCgcFBZ{v$?IIJ-zAyps`Bz(28RuOV z1=5Hfwi-r*N1Hg3xrWt*ZQr`R+6!KgeBbF^vEv5@Btcq(i9$Ps13Qg2tGM z^TU-#(t)bw==-RZ;f!Zoh$8A@&j6_m^)+f~B* zbvdFL;+-uomVi{MkQ4AsLF@gO{gwJC_+D;UViaoC;6e4P%_r=eo?VvrNI(2vc>B-4 z-~B8x(Vv;F5|wt=UzVW6#ao_9>Tm1c2BJ@N#-gN9SgmO2NdV)YJIU}j7(ZlJ!l?rm zy*2GGa#~KowT*BfP`9+Q1drU-0E8o+o`t0Ijci;g(I1gE8(Zk~5`Pv14}&rab(ZLHhLFA|_>)g4kj*g>!=1jp{Yq zo&-J9p*?c~wJ~&JX-2?i?O7@vpFeDW2^vi(hEn3nRvludlRh|km)s8QU))cH#2wc1 zZnK{zq;awVvOQI@{puXVL0laNG5m2777zu!_6_4Yk{4?fO|_;!Y%CYH&mULHl5?w& zyLd|IK5@eruyyvrp0Prd_3Dh3OxsbybnSkFuqC!q*eCrf9|Su(ci>-r%YXR;WE*?1 z%T4~0u7!u?36i zACol`THZ-6Dbxrg*9ys~8(+vg0IcZPRXp@rC&x4zKkTF$Cov&}e92NZ5fS-HLBPXA;Pf zW<0!CQXF@7?4e?0JusS+_NiP#tMaYgXp!{>D8V&TDH%id7p_4jou?&Q<>Xu1Cs7Pe zE!c2NfnH`(;71ANIMPrkz00|vLVCm_)J{GF7e_=!BOF6}Uf9oUf5VSr)9Mg9ny9o( z*39c~?lWU!k9isa@{)kE#$cyrXK&K-*t-#WlR*2Aff<$P?crbEp^ya=or zY6FvE|LDQ~_n##an7GTfJY5QBu`E!OK$ZgB7DJ^4fV}tU%QI%45 zuN+}B7enk0e4}EeeEG1f+zL{wLY;+F=q>+7=(=OUr+Vzs5x9H)&BqV2`6x)P0qJ_< z25~&74fPU&wy#SuF$EI8zrT%O0>h)=xhvj=-bZpJEv)!?6d-`>--1ij&7NB;5zwCM zWtWwm;0evwok|-y*X3k)fcVmko)60WJjJ`9;RhT4I2Svkcrpi0Ei9|r2*tS^N~W^G z3~VBH%g0SnsXm@JtNjt#M*(Yo`Z{z?ddAmd0d$6c|M$<)i)?PB`eJV8{DWhBRcb$|T(AvQB%xC|J?K;KY>7mZyO23!mz z4Hj*^#)YN;Czj12u9_9BO^vWN>WNj=R2}e8*`U;Yp{A>*m@vSvjek8$orr~fJ=%X&iCOI|^1 z9x*lOS4&Jx%NsQ?lJY^`Fcli#37TQZFQP3Yh?{vibm*H5OrafK_3pgi7s_-g8A_f| ztyIyPg^gS}Se)r4kaOC`k#-Ud3WXhCCP_O604wBBuD(>=Wlr+EJqW@CIW59c0zyKg zY=C+uHlf5o1nm=o#(ouH03V`S+4ddmhef`Y!h~ zHiVNk^QUc|{d`8H_y1Rwfen8fb9U{96XKO^1tv_z_&eOvNY+gY$+E9&6nS~A{KXaA;7WSR@VP7o zIz|!?17k!O(?S9}a?J>@@myMqVvWe3+Wq}gu${c@X$DBUr6MnVHvm(w?y(3h3u5!K z(xVMC>zN&$T>5Cmb9K(7eJ`Qm+fyofo2&QART{c274)dM!zr6=&AwI2r8~sDIR>)@ ze^@Nf=ym6kSwjMA1mu+kf>@NIs74KqcSqvC-PgBE%ITscUf9c}aXRZpWny zb`6SD|2uo&zrY57C~U%TFmrpI>5e)gv}@I2BQWeEk;O|qdDG=slcG}-TdFFems~+r zv|G6E0v&HXN}=krGFr2Ht`j6jx<*6~Eu}dst@dbGWS`ts^ici2_S5C@B-YgX%oRLi zkjA=CP?!Y4k$%N_pJ>>7a2#JsRIGx9i4P7dwa|(Tp1&!`wFL6L(8PbJ86YW%To|7Qvp?roEsBT8bo^lq0f*r+_lC-T zSmIXhYejoqzPk(iVp+Eb;$+*C5DmBbuNR^yEUgNG=PFwqqGZ(! z1L;n_+!yLx&mlghig)N`cnl(ZR}t+D@{QcL{?BIn57-cA_Wl%F9n~}v%G+RjU`t$X z7lS*K<*$F1(QL@I8`CkB3Z36DwGFDXVk0GA1CtT6Sl356qbzn~)E!guq(pKYok=U3 zjkx;AcO*{Wd~U$Mr0loouTWn{=I=nuDCAiwa5CQuipXM5;!_|V%vW>)roTNd%@>`` z4CefbUg=a6lb=m$BQ@=ovKg@lUaO21i?cNaxO0GOtiQWFlGB);gQIGoMNtQnjv2(2 za~UHOnMU$m?mhle#~cQVhS^hCB(UP}HkIvx5b-vU{-b*+Op2cJFAzzOZ-|*7Ujfz>uVkX6ZgHH^5#Q7z0x(*7(~ZU$Tt2|( z2*ME;7sn4zBA^{0uZE%aCrFTQ12&BL6}y8`c^6bLIhAEBPeu%k%#&S@x;ty4+#zIvvylOBJh<`Q0SGmMqWGXRTcByU7@eM{KLK_W6~qmuVRlV_p&N#-Q=HGNe%vV zTwCk)OHru!aBR;1v_AjmACn5ixfz_A#RdUin{J8_)4c$FavkGMon@Eg3ije#ydpH& z6^kFjwUdKtsD0o5iBRv$3bJy!$&mah;>Vd4cy{5=P4^|*>`sTM^d{?vc(=6n2;#Z$ zd@O?qU~ptE3Q4qJEMy+D8>!SRdgKQYj-Ud|k|+5W_+NEB`utU0_Z4^p#KB?Le^vT-`#v}}JcABGp;K!oIu1-VGqk{if zsQ{i#oc*Q$8o6Zq0%jhQ6=X`~92DZKTiC`so#C-|<+*6(P&?Td@LGiT;xC&l!H;#I z>3yoBLreFJSf5`3qmGbdU(JIimlxKu%^v**2MvlTzE*5fZD{1lI`o$%si|+P0gOwI{8M z>sS2PNqYBdx0@7Z-=ylp8P9YEMF+TNH;0SYD6AP9qwf`WIh|nEWG4nIBk^yxz%x7e z9paaWUnuZ{cPNn~F1l1NGyOD$Ia*Sc8^zW#s?SMIuwauUd|+TQInce09T|SbXW&sl zd53kb1I}46=o|-Leb9C^EO-8zT>ipZ+E}GzoT18ZDsOMHbS_TzAv&QUevg@u=O^i! z#_39)<-XI@m_}c|MS4=1IG)ClEak#0rCj1y%lnEC#%o1A??3RI!1}p*uJ}ys-?@6# zb0lTe@4MiR+}!n}Q312^1s<=pEYyrl%Id;`fQww8uIA+6bSrav$5G7jgZ*M`=>3#482Q6eIt zdZwgKhGW~ddW}DSVDg|n)|9Se&Q1`Hce{xZI+;lh=XI0JFO+}cKbNsvhjGK`7W68vRJOfG&~dps1cm>YdH-0A1g1RQrm-S$<3w4F=2;zG z`T2q_?kn=yt+w4V&iTt9TJEkS-()_6A)TAs7z@N18;Kf;WK)phA5kB`WdvTrjft$% zRnPGvt=zXLOP|b#z3OrsnV)MdoiUhagsaAtK8lvV-@Fap<(qZM{rlX#!;~|3x6nhb zsrcE#)mC+8{fK_JS3hO=6`^g==ZN@EaSuy9xaaL4_(QYD=Xp zmJaK%3mxs#BG_zpkD0lR9@qu(LiT5B&D{v!yzfy?bM0w^Bd^k;M`lOtG3r%bSh1V$ zoizJO$o_xL02$|GooQmg&t#(E=kG!LT28?k?k`A}P}3 zLZbdNcIe#BX;D}jr=Lu$5Y6{ZlntMs+FZXaeUL<5@LlXjJ%>qDQ4TP;7fE0w@$hm3 z+tDLig>FW@JEP6t9tqio%U4a@dQ&mGmzk9ZA9*q|(8pIKtC(I5o7>N-t2P)(@}9{& zk@`{}**m#4{ozbb51kzqqb^=ximE&NG@D!Is9)C?d*sMRmYEu-E?OPIH$pmTrW`w? z8_y^-W!_3YW*GL}(0i5Cve55z4|6cVUx6siRJ)+#a&^esC{I{jA&OoEEPS?>ofeQXId21DIP|ejlK4(y~eZQIMsp%@) z3B})g=_Z?-n{7VP;HMis$An8dRA@1UYu~oR(~jQwE@i9^tm(1*6e?p3@6}g?A)mIn zYHNpv;*5EJa!6_5nMlqR5MYJ<5-jvT0{z_CI@+5uf9&=6(OcRw#$hCmO*FkX5q1`9BoU<%%6s_ge5yzDo86?zc zM`+u{=IG-#E8lNMIOqzs#jD}>^26Y?e8mh1H|+9G+hmhLOQsgHn)_l=ZIp9W_l;qt zLF~4}i~-7ui*0uZWm}+f0W*4XNx?N6zsU!WP4P^e%nwd6XKFEEJ?gj{S8>Pl2NXBy zw@0L2!m}RT6(pcP*^6iU-)HODf-a1*#Z`O5%U;+R%fwb3t zwR&Aa=vm@xY^F}Sef7S9XG&&rf;{AQbVDZ#bK3)0BNtLWZ846vvOe9LZ>9wbx^Dpu z6;_MwsDvgiGey2CjXmjy8-`j8RG98>W@t^O|=xj4^H+yh*o*`rA z6Mlvptw|zC2A6_g_@ukuGo@B)%I!N`Lb2$+kmLD1jnCgQsj|Y<_DR`q{J@uwnsA4~ zd)Qm-hO4A_aT@91=eYPWn3`mhXszRGw9wvQ!TE7mwi885QRVoj%lEbxBcF7?=bNrS zdA_|LHo?vScWZk0Zt2=wnormz?-s!@Y_k97w3)|gN2#XM`S(ifP0Jn_#Gm*3$>N5) z6Y|YO6kdPpewUwWp~$_pc9G1iEVU?^J;eIR;HO*LqmL^-N=P>schT3>)J)G>%nB|t z&x~#yagUA3pQyN)PqOB8S$3vK6)zCYV4+H21>eXs{fIyC=J=6+Kp*mY4KtjiEpwjG z94bXm%C2fGyV1NUiY65s8*jDJCwjd2erl*BV`?U6*LJber>OU6UBy&cv&_!IHA{?N zWX@^hNH(AYZOi%(;yoeZD^BLSDk~LMgdYpu0YA>giEMiJ0g5`C2r}K}QNwy%-%3fD ze9q+Hn#Cw%fh`1(|^+ghiAM( z6|K9)_g5<>iJP?#$Po)AE}%Ne?dVq$JdQ2bj!Z3qu9UE+-p1Jb~v=%UY4rL z^=!8XRaEAE#N<3oXJHUPM0$$m;S^uR{bfe&O@Ej~0u5#PZ;Blv@a}I zw#0nAkX=-*;NY-;l1izN+|nxOG_YUk-$gpOuDssPww9TH#`ivW^y5=`nWZmzCz#dr z?voYPu8_W!az9-+x7~hlhApfTSy`4- z*;ATCYfhJbJ$57nVeWO}qchJ~#{9@%&g!j{%7XV)QU93{E%1b&W!n7uHXI+%P_^D& zm%K!$W$jH>>6f9lQ+lw4Ym${qOA*W${m#(oiZ$&v?)H{u(>t^1tl&X>v#I51II~hO zala_Ysl810M^CrdpVpvq3$fG3bc5`5Lu*%OyjjYlwZ-qDXJ$sociC3Hd=fCH1fR28 zlJwR}#h~S{ih2-l`%T-vK4ST=l~=9d^*c|le*uYF!_`~$H%fh z<#C;YlwB<5S!7Ao6EW@0VWn{VeIXM54(-Q`$LSLgqF!COKpv@_awdKwMC{%!z5s-X4wD z*BcF6a3Ail*!zaBc|MfY9y>a71LRiU6u<6=`_-b1HL^6H*PE?;d@U*_7czE#d!ch> z^Sipt_63ZP+xXN{M3-zypr7Y~&y1q5;IVr{cXJGAkhUH&o_*rVSQ~eBz)z{z#e)7= zV*t;B8@{hlPGd#CN2V;j{ieU$pf26~AC|!4Gw|9dHCp4EZ*{uHc-b081tT$XK0ufH z4+}pWgv{d%j}dQ}t5HFh!N%6jY0D7fq*o~WX2|dGJ}N3&?2m8Cy%S`szQ4N> zv@zUO=Ur94{Bq=DghFl}EYj zpKZrECJs6uY`Ir^Y)Rvwn)$%Yw45nE7e z!S-gb$TJVuQM4txqoupP7eu93vx9Q2Yn-e%1vKvn1P*&y_Mv~9dN|7^$iWYvG;Pe^ zeUfVLcyu9bIZ0^XTX)=5lVuJgZ;-yF2kT%iE=X^Q5IZ;_BAzMnlKakO$y|}a!DU3P^{j+r1p*&Cd-QoPFFH~tU z|nd(oo&gc&< z=h3Fa)4g;n0lu8bwI2SUhB$tU)}o`(cJqY%wS=SZD8XWU4p>gMOhwMhIJh|WTnJ%q z+s3+bxq9_}zVdjsv*hd1M(|NvEtp(vZpK*goeB;T=Xr*c%&wBTc+6+$h>yab$vs#< z6VR{WX7Wo%`PN~ndn{2lR&r#}-AZIYZSm7qcMZPloX7%fEj(m-wH;nl1b3DbM3$%U zncd2Nm2|e+cR*+3-hO=*ZmXaC%rso@C0zBnEf3-Pq*^~U3Ldn(2wcR?^i_mRuP4kP zjb~>)`=us^H+^SE)B>TL9g)zGJRa({(Ej*th*wRzQIzQ_rlh7&_#wR0Jo*PK*}b%e zP66b>`pnZ8Us1R5-W%S-Q4d=VME23b=5P37j(8;XzoN27z4^?lg%L@=4FoMeied-I ztzE1hRe!M3UFl&7bKo2UTjt%5M%T7rmIY;@MIYR^LpJG3ezK88ym+Q)J^4*5Y)aIe znzH2gg*7McCyPF5Q;O~pzVqR1Y~n9Yv-;{oZys@2r;x7|yU!lm&yygXIYBsUnAM2KlaGZCVh13t-n#0eQVqLUW1p|MDNFqwxhvd>_1+OI?pQouQ&C5kROLaJ z|K1z&V&SVnP#*mtP7fOunnZDZdGe7|_i%6Yfx=~BVPPJ&{DNAGPPwBiyWRW`T6+x? zVe3d|vH(YFpi_FYs58epW&i2V@sLs*DgI$kv(s(jlluuiAGIx)I;5Vc`bLlIbhj*a z0IOimhJfSq!Be-M&8^J$o$N#kJexZ9++D1AvKc%&<5~9k8qc}k-B8)(n}kJ>pE*Ww zW>WpdL=KjwV%CbhCrRmPDGJhjZ75UH|e+r-$owxt+z6^8J)} zd8|ttuc`UTfIDQ@0@@B5os!PyZU8#j5?0X~4zKXLIb8}5aSxnKJG61y==QEGeu%ec z-alFO@NT9kmsWt19XZaH*QxpDx~*76r~HsXBf8BEos)t1v=+R6xWmG$!QxfrTt0I@ z59Q*(4l8_WUR--fFEi7OiRIBL+kfb=aMIAMmy`2hl*bC>9M|u5) zfuBAY$JA0_eyF?Gs7my+`M$h zl^%Y(x&}`lf3Oqn_xN7UjYjkoGh2+mL|+B2Jmj3%a{37=%n#)!fVcov^_>s6x}V)X z?tQe=F3rpqufvqOS#ag5>naSh+}?h2AlIzgIfta}>@_A5Vlq-y8_&9~l;yFx!e0hj zs7uMU@@0cIJ9f2-7BU%k_$TZ-sWzd*_wP3`ZN1-YtFK-PgO9G>9cxl) zAf@OuesZ$@*^Gz-!peGKeKCA-v)MeUE8IdVQWUGOyS1lNjDX>kE35o}y;IeKuP_Gb zy#9qMVJ8P= z4iXo122c)^XWzlrw;D?z1>H+&aNW;oSD<0Q)DQg01urV%M^^6$Hg7#K6UdQd7nWny z1rq%sUrJAF?dtEEMS9(8Lc=8Q8R1J;sXSagX8cRFqa3Tcgs%Y1Vi&s{@V2xVpYHz- zSN=d%stG-P&?yozVR&lU+Jsc8LG70tXTroi7%Z6{`KEjZFN#U+%aW_vvo{}VV43jH z%yxe=$E3ekx@^fjssP>hGkKNx1?(5f5_TkIXSgKrmjejpFbZ>F5clb0AwJSk9%-r- zrKk|$e^%`mevv8M4F+gVvFN3z%j@RULb5J*{3KRWKBWJloLHVin5+%AGv99)Azxb@ zIy?!|=C>BRgdK3cncYjc^igLI9L=i5U&V zDoUNbfSKKzkR1}4GWWOqYT}mcOy_iBrv{`$4QHyYfn}@ zT13d~J#1L7X|v8?bwTfy+Kbb0L1fyC6= z@0ZfbQx}YV(vSg#Q}kQ-gCmnl%i(KI&v097hauC6ha-`=a@f~BxAb#(i(RuL+I6E- zKMM9ar+z~hy>jE{XmDOBT=n|oV58u=!ipup{J*v`a|+(O&p>sIVqWd=?64 zkepRasy!pV<}^{i>mqK{tHHFx^n#V?nb!8=_M*pF2Gkk4Cd8QAFO7*w57tWzGlH_kur#T~ zZ37Dp7O3h`@=fN!q`riokhysR_?jqjBYJPyr}z>CTUNAxFqf}U=?}QIOSw}w;N4v& z-jmWJ-b}P-1%6+($ldVRzP};31^4`PH%NMlt*d~wd#RrnDcNWwk1Sl}*tMVxhf96< zSh+Jb<573^UG(p!ulkTez&su~rL?x#?iby9^5O-|t5w*!9Rp+YLoK$Om`mrg!L5f# zbp@)faUhEf*PPPEmqOv&ES&s#GJC!`54qm}#0aE*)Bhm~&jY@3Yt2dDb-Ph?#WQe= zb1R+da+n!ErT*)J6Gt05Gp-Wk|jQBe~$g)=kO3{U>#NP7|XpQ8fN2i0y`MK z9zRgIm*SapSAL3@8~eW&^<*=*XTJV(v~ z+evU$P_d;ooZMsmLt$`OE~t>V`l$Mys0B5qXB=(0`lo(IQw*RCDC(>!7h8F%pEiop zVzw8muRcaSnBZDEOg0%Gt~EUDHK5p)km>^!i5E$kF}~)yG*>W)O*8q*=7rJ^Vtofu zUGL3)bBu^x2>4|w0RO!nJvG?eSn`E9<@e0?BP?H6$mR^0c#zT-AP<5rpGemV_C{q+ zfY$Lj-~kW!!V-=ZKu3myGxnTYt-mo;^O;nvGR?p6J*kQ1{QXHI_}Or@S?x5NCjzni zcu+_oE4vfZ?mI_#wOI)1NOf#n=`e>s;;1ltwfCYUAgg~_=?J6)?ynx~O{Ua9Ew;88mJR4= z#0u~Uoy46d9jszANNFN+x{F*tUlgV%($Uu9DQW3ZqCPy)Nkg}}f{G5Bu2pv`26ga7 z$6G@EK|>~D|A@u|wwE|#CbFYG+*UXWx*LAZ{j z?$60=t9wV^o_Td$j0tRr62Q^B@!$)S0B@s|D+n$_cQRT#ALJ%L@jqfw#CJf|-+ zDXnrWpr$@wfI_5*rmD(|YOO$8E{`?D8{>B1rZW+~zP%FU5(|z;6ktQXRHR~@kL!;Y zUR%6%z++!nJd!%3pxO^daU%T;o6v$zVv{J!%gb^tHXZy-GBX;W60N&!3N@zQ@se4- z0^hRcLZ&2ftU2ZG2x4fZR=Lfyx&pm`thyw;MhD_+4}*aTz~}Ats@yXlB}RO6G&59y z06)pTcfW+ga$dq~?`h&Ek#pYR4#HH7`d^qtR_ zbBY44@jRq-(NUBq zen*iSLAk43hkbDpmKTT^P$fH6zArn|#%^dpssbAAbZ$ixIQ^RjXzOA+pf)mPAP~$t zt<=4OEW%{d4R$r|j~zDdF>9l!Mm#@hzG?#-`q32kOL+gCj++1m#mL!_LBp;efsTQ@ ze0%fksOf#5QLQL@mW$$$M?6h)u|X(qD}X5iXLn-0Rg*-kLXmR;Mnm3CK({E6$k5J~ ziXK*c_b*QlK1iyF>zb{2S?>BFC`oc`%0g@B8YAlhxQ!ASsF!l$fX1Njh23FgU%R=H z@+IdpfaagHAl6;^sWBd%h7hJdXD zy5vrm8SpnTG9Y@l!ABZ`=vR~)j@)kM%~px>$IFfzHt#-IJo|Rw2P<~^&5Fi!+xXmF z_jFNwo*hcL_j-*}8S&=VTGof*fR#c1aEctCZZ{V&3ESb6$?>$~Ev|?IE|H$(F*+-H z_)Q)DV^zwPuxYCi8z_umyn(Y|zm0mR@e{-KsOmHY! zFzykQbN?RQA2~>}Q@h65<<%V6pqW|xYb112@)E~@>brGPe91-WY!IwootLNqFMxuz z%1@*HxDj>gmQKO4KKsy|+2_Ig7n;R*DIr;JJ6%V@N zK^FK*tAuAtrM4iHGDM{6x(!DvS0)2*+cz_x3dOmrQL5of*+h4G`L=ZUx1T5&{6?vS zA)s)4q4l!|*fy&T^tzMX+ zvGpPAI}IV7UMQ~I_7o@b5vCw|kR4_wOMIia$E<{h^xNxaik;7KlBx2atAPU*(kS8E z9J_vq9J5(+5Ie8d>fd=&VNxBjb@#qY$F7vzGjWEd-0V00s%3rHBJr-z(R=7TWU)#K zP3TyP>X&eidK!nTr1=I!AQMJ_OemlR{<_62a}KDgf$aeZR}rVEbN_3&5(Si!zrjh? zmB?32bX!Gh7Tv&?=9q{&39s@We3iYZ6kW$on8+Hck{-erJJ;L3ZP~&$&BAg0Wmin3 z2hMN-Ga)2C|2#d`KFUdmX=NzKb%k~^zj~>v5kp+X|Q-rXCY9w<8j7bG5b+$XCk*LN1LQnu$ zs_fyDgZ8Jfg`O`>%;eBFi%Chg)Y%Kb{|mBgM0@-2Jg%c+OjR;zLU)g^3e8mc(P#bj zyMHyg?S&kXc9wr_4MbgZu6ErjYk0omtG%T~Z8p5pd}mI$XmJXGq{ab#O>*c2ch0sDik4=_&em7G>-G9t zw%+NVvvN&D+_#n96_ek)iDz0uKG;EbNgy~PLs{i27R6=i>}qcapXWGB1l0ym0wf25 ziGTjC1&s3yK={c~FA0`o84b?`nA2fS?XQ(yk~;eir5cWa;N*oeyVE3WWIvwvWc|pe zcs#uKzW9f^t-?41PtjKr)x*mS*Z@Lv`yyYA8sKZJPSgRb3l_rBgl`X;j&K5luP^e$;B;AQTZvX-*;k-4T3*E6;5qry6SwN(?8?5cnDdKw70 z_O4R~Tsj8IFMSpt>Ha!81xdL8GApa2l+Q4&m-wyptW*TG9PD&=bRXa5>n1i|gJN6A z8;D51a08jz{W040tG+p2%)1YJrx|}=^+|p8x`u&a@zpxRb7gAEtH5vAA&Gca3-tG{ zBr`9b;68)(U{Uf2iP|mA$4KWJw82|__MfHXflDp~D-ATF(^otZiPMj?_FYcw-LD9P zw;SV2zZ|#_u?j#w0mi1l6C%YQ>I05LssXr0l}N^CNFZQ@Sn6EJUU|kSkDtj2;DwXb zly^VW57gaWS@MwyOQx|%KXdjSU+4!2J=j5Bp#ghw1rp*vPj_I|^S=5{KG?j@51+T5 zgf(&cXR+{Ah!dKpSJZ)5p+u+mdQf+;AJffN5J^{`{j6|WiRtfw74F!P?Z{_Vy}Af8 ztPA-)Gracr>OlPHyF3JJ+mm7c2WG;I2a|rGTMX2rAogvQz_9Wx`(p|qfjyvm%ARbI zpxpo+El&R(J?Op|6&%{Mdw~w26bEvcsD?6=&;Nr&7;y4K^Se6GB|wC|!p)4MPx+vC zOTyr*1~)RV7d;5_wF;WKcX7qEb=fQ!Trh?XI-f6xG`}(V#1BOItjB!Z zp=sUG7zs6JaPUd8KH&hNQ25ueRjD6jA?LGhTzis-IMCl*^>oUh4uc;W?bUDEq5PHG_1)}U?nX4CjPZN%VQ>>Xn-Ie5 z!{?_K8pkO6hwPpj-YpQJTGxgDXczX0Pn!SKE}wk+40g<*abfiNYYf%dOVm)&Oh#JD zjjZ1PZ8Q0$g0jfX0$WIIDs2R)InayxN^O(j&K~jU3=$xb8FbX(+6lc|Ym0{$*4hma zi=G#Dg%cw-fWh9Q=M}V`@O{ zvd}1^&a`vMtIb5C>A+?_;i8f!p-QJBOH(pw6lHd#O}P|{y;gCk zA>Tf|uexN^_Q>}1Jt%QCT%&CX!_CxdoaObqn7zzAGL1o8wQUsY9GsS{Y+Asd+;_P% zXx|Jage^UGok^6um~`JkabI5rGP-8s7LKwh=L;Z?z%g#W29!y1-pv`f7(IyBeiczS z%D*m8L)Mpwn@Kg-dtHCFdDR#%dzl02r`&{|cshwf%ppH~^h*69O+jdnl`FFgPNM3% z&hq$OT!xoBi@J6oE}U@fLAAnF<8MXD_Z=2Oxj`%e()+OI%k(xdf*J$WYmH>jAUzYP zAnxwWBzeOlSamNt$_;>8y<88vVra2RaLpWL!ia}X-Gn>jLGsN9oq)|AJG?S*c%jRW z&jE+O2Rw&khZXUU!z;f_XcXOvJG23jwW|vFL_XjXFZ6G(EiS#l*)b2DPe^m>QD$Nx znj}A9yaHygP*DwT3F9Z~avWA3e}xsR$jkEj_#|4D&PVZ*BfD#^pBYs9*c6fjFB6!l z$&s!I_w!%Z3E6BNa9a6O0JZkmW3-`bI8M>T&tzBVEp>7pJF<-~L@vnh>qBj2U4Se< zJ2U40s@aXK?-kCjyT0%&k3+oN&(&$sTXb<7`FAZKHyY+KT-k4UYTddD`i-ifW8%GY zOQz^S(^IMN$50N)y&Mn&dKrnp{+`aOHvO*YF0MUw%Ez zL-ZEE1*IgRUn2>i&iJ)RGl*x$0N?|{o1B9X27(VS2Pg@HbuKuF#Dn1P00 zySjkdS3bzHxFl9SWqxsG=!8cmhz}40S2WnU*B0>r6D0vAo;6sp=EN*{UHQAm6+`}l z8`*)d)F^gHq5pc|>yKXQ3&7C@egUg_Kv~>tPMLWKBhh5-zjDO`MH!O|g+Ps+U?5k= z6CMVjG)OMSL`W`GxC3%I4FLCN9!&C&gR10-jgN3ioB9iR&JFsvj}JFX25xFKTKf7@ zauTEM(^uJi3RijLA31X!+xZ4`+vsoZGi?KT;x%2HJ1u=ta{tzunj`ijYvwt^@k-T! zxt!!xd_WQ?1l{H~!VvZNKJjFINjUfFbA3xiC!~q%M|VGjfQDgw881PM8cof!a5Y4`b$K=~~qAlWW$QwkG!7YOD!rMgf!EEhD}Rq(RK zi{jN)J8#3>W^4$;#OOhHbC?fRESenjdI=x)ebg-g{P_kcSiBXo`!tqxuztfIwKVdm z65a%%1K6nq|6o23;UiHlOnuHs4s~oKMg|aTQ_oXggOZ0BXoMoS%wFKHpG%M~=;3Sf z-4mC_tMtzfmw+bja~z#5WNo4VbLd2Bac$;)bZ%Bu&z>0oJG8$SGnY`u2raC}jmfR7 z{U?gJ*93*jmwOXOJeWW{P24)}I8CX7i1)2}Yyu+w5|HB8CY>-eXaJrY5e6OJ-)POL z@&#_|5gkTE4bRlS_%emS-c%qT)sDR75a@zbHraL%1NC1Y31l7E9B-SNuw2sz#gPdP zANNt_zZ*16;6u?{*z7HK_ha=*g8P{*QjdUSdoL1r=79H$ZGsyRk>=lcH{OVL0#3G)#1 z5K~d%-xge_pNup7KPzF;oyw0l@VBwI0Ja4r50)y@A%$ zUg$w`2@4=o;;Aqz^A^IV-9^Z1Y3=1fqTq#`QWGJ^D@qPwCb&=rpb3)N&z3-8*>@fI zed6j}5h{XW*kkw%T>%T;V$BHr?Qchwa>N5UMBhosyh$VX+d3%`B}gy$;Meua@wvZo zPWDzwb8-;t#@s4uQ4#$sbz-OV(ukM;-whQ9==RnHd5A8qa)i0`t>bO1e+@vu-U~a@ zuGGT*!m;CnUPRB0T=OX2bsJw8D0ZtGG z3~+rs4KRQS=%R3oY?(lT00x9YVc^hhG>)De><4>6-a&s2!3i0{2P-t3oi2Im4@=7V zHpP9D<6UQVsw6$#y`7^ z!%-p)omvUH?%1%DMTN6{Xso>D%ya*OdrHtj3EFGf{if> zn2jM15wfT^K&XL~Al71+&R`EZ@-cQ$h_0}V95-vJa@hmCX)!%L_v}KK5RdQm2G25nmv)dXIkGnwr+|bq=YaI2+k0kLkKNFS#9i`VHiEsu7T?QDJZk z?nd-iIj|wHQ)fz?cUI)S>dhc{9@6TS4wU}e>U_Adyw5PZ>f#InBclik@J zz&-Y;{;t0$$wD@a&c$slzrX?3u!+n%2J3IpV960zGWQ**h!IHj z;*i9ZBq`BcRj1a3PNM#c{OpDW(9IGmyI%7;ymW6uvh1`49A!@#E?8bZn)h*d!amGQ2;k@JAQrZ6@2`+A>)aEi!?3F1DJIL+ zxqzz^Fu_kb3*D8ApF!z(r^VXVvTpnksaErHGV2WHV zlCDfZ2%>-ms$A){MI;@Dm!}ae4K%6Ph+g>Aa1CM<0TI+>YWTLi^>P(1Bv1RND4%L3=Q&|pJa>TfK9L?RGi*oZc9h|5~8rTiUi zCAX5mw^w_r&j?yqV<(U#IAUD;5baRLxbWD=r0qcs!(UvDQ3nvZKvy$ZP6{Kb89yI`j^0rH*aHB@fkI`*;3;|FDOrY2CQSU5?o0|JM7@ZvmL2 z|0cI7pc1F+^N&IG%1#P!lw*?y@#2_T-F^n;l<1Eg@mtJp;%*_iIQReVe>uhjxlnbm zVIPxH-Q_By)cI8{lQKdZ#1sng3B@1tjJ^s!OdRUHYC^PN%Z?7C0CGRT zlW}w(VT{^$e?K>|iKaQJCYk(k;!Da~rjjbQlG>l*2`5RT4Q10DJ z1X(Qs7;5YvL%jqy50(vtvd&vTJ>pwk(r^AXR2wZYRC~{TvppfqrCg9mUcwb<2#xAF3K7&E`zuBPZtD;*)QwcS^~ja1&+9qAKtVqQ38Afn z*tY<%=EZp_YV1t#RRY2`d;stftk!r6_;m`@M&4i`LP66DP}{3Qw6jS7Sq>=03E9=x zC;glja(b(8K_9y7vV+~rjbQrfTEzCV)DiCvmL3kj6AMr`jGc-QA!+5hv7U3hO@>FA z52}4@_e1}k?_)=#icaSpcXa<%_ptwqdq7t*(l9f8qn}d!!4*~aAVu7Mpw$4sYhO_cfAqv@7rdvNzC-iTRRqP`R(ct5}^a@A< zMt1}wuR$y@byEiL2PzT}&s5%_QUu2#A{9`Av|%TJlmyy1kX?yCy)P%A^ja0@0^Dza z`~@cxG5AB^$SFyZXb$vA()}pkLEYeE?(o7=hH(JRhh(f+@I=pb^BN5TCHV#M zq*!qC@q5QNzXw(9^xgqd;B01qf5gv>rz8G4Cj||JB6-_mv?Hh%YXBEvIOESSx)A75 z(ikg}^p|iWX6y{S=;~c|xh#VU^T!(h*~*6Ez^XlJJ$Uq#_%wXgS|Deu@a5mVCMdZK zib|9(%R$*c@^AJJhO&R|ReK<2j1~Zmw@dU)Ckehum3uwFn+C&lAuSZ%TB^}3zy9<; z$W4{249RhonXhH5sMl8hPiYw3=%3=}3!z}B4}+t%Uc&i2MPuRH*DoS99-ais>xXF3 zfw>WuRe`;HnKp4Gfh@$>Km8#I|XAlC>8<36%xDMc_=9~&f#P*X;h zw{F6iG2Z+IF23;#^aNBuA~#hSj;^P{Mz7wm>N0@R@BgEB@c7owU751Ey#GeV=B@}R zOe=vV48S5vO~P?Qg^>^3aEdgw7dYc*u+2=7U0{EiaBn4>C!`Bnct?{pC$lhIxkd9> zX(q<$-zhc>Cy9Q#LDf-kJ!NB-j-RJnX>1;$P2EdI&CV&EMC zIO6~qZ3q;~F@BI$d?bqn{ShflC-!dpSAPFpCHOZae-Lz^=g#1zHsviood%-%`ag8_ z3FNs9AT8Ld;5o|?-k4j*^QI}#M0dguJ-!ce%2}YGJDapce{)JiqLO?l9MN-GXT+1a z!MWnxd(pwq|7>Y0Kqz`}Tc}F+PtCrL}RGZ0%TC2j_lfT?!FxdJX7tF8`yyc zqjJz?waIbQ`fCvhk}Ymzk)VuMq2CJ8*tA5aaIrmH!N)mp8-?$U|A zG*qHw{c8LX@gG?|{*AKP<@b+|YF*q<+|7oQd(gc|J z5#6<(k}dU8Ez=#q7$4NFKlBf|p6TDUy%YB&!Vz%+)H`~M5^oDG{ja?XO{igG7yCe% zqzJBwSnP!+(!f(nA*VW1r^F26M+ho;+*W@`5kl~p(n<2Z*SK<|sy?d&^JSzSL0QXTg=;?BOW}gh-yLmq+Z%&^l{954XmF*tu^cjrcKA z;BMnr`K4j6S@Km|7F|RpO&HEScf0u{`C2<^q@Uc1-i$g#F9ReOCT9rf&65>W4*Hz`z~+%GYR zh!@`e@VUrO)Oh<{Xhsl#8DlnzVL|F&F?|)G=j_0C0XX=#6u|1MJc%j6-&gd35~f&g zZ2YB=@tlSRlY^%y_0|os#V39&7fud72Frp~hJYpZoerp+lS;U1zD`}iYFzT0j%7z{ zhf4K`%_!h!Qinw}MJELv=Dx$nrq5xmcCg646)9mL-#ru+wjL$_L{+lIxvbdQy8o>b(T%w0b%lO;Nq2{68Ye{-^C#_ zpoBW^eDrgDDD<;7{%;Xf7rYp&N`ooxIW6vCaN`>Og+k0)2!%q-P2-_U&~hUfo;?Td zYxU$R1E^pkz~6(Hf0hUygBv?HlO07@n^vMt zqWV5B76f1Xq@c%B;+Zcbm3So?XV-kF*M4q&b~L!#L8SMBIorT(^Z3gEf?Ru?j*71Q zX|MAum}%%diKHWRQ%_NSXt8FfToLl&<19ZrB$o9>ftD?E=WSD>xksTk$W9%It9CiT z6^w~H^FDJE!CtEo%MGCKC?)`qC*uojy>l=hXZJqw|H_jkwVHzWjT+I*gWpjMC)Wy| ziwd3t3650dr>@@cQ&X3W-14LTJ}K8F%WKZ=Ehmt7re8WRi~TL&!3MtzvJFwE6XC#WRhi(B=yYy$sku^ z@pQFzn&W8ngXC4Gq^s{(j0Q$IL>JH3nO(M!{Mf>3{Un%q&qU3kv-F452p~><^Z|p8 z0-rZN-G1)czbSRZ#9OBqu5B7V;wji>sy^LOGoh_FW~x7b^X2wLWYBQS!LP#Mj8~HS+Czu(R~qhtzj79B+E2$XB;{%P=tF8hZBPg|y-4KO? z)waL9!KGxf_g){GZ5u39JrQN@2XAM<=svx=)*+guZnv>>2jF)u8_9OeSK-8ZPd~qg z#&}Hrrd^)fvfMYrnH^!dR^{r@CcT7h&(_hX+VJ-NWO9I<1&9jg^z)9mnTK@mj^rb* zExUGs@qieT)T6gA2({?x^4i);CSy)(S9^!1(zM@!(4Z^WyY=%YbbfY24iJBIB&~OV zizR{)sd1TAd(d%d^OWiX8=YdV!Gynh7CLlX>H9-ONee5Vhv=(X$uaG6ZIG3vG;ISV zTT8*XH{~J~M&EJ#mcISS^#O=_oP#=L6x5pP`+G6k#QrOO9zz)z4ZF-V?<+l9bp_Ke zi%*A)xk@l67u;;M&gpI~d}A-Ap+>6He6@lMrIpBF?PSqQA$vny(8|}da3SPy?hgDXbUpVp*8v7JB z{)C*F3+;4h)6P5v4qODP-~4jc8E-;T0V_#Ek25i@!)E8c7b(7%8af}->?!;z+$W8- z`|#`XZG%bFL4%y48h+$%$8uhtYp^Y>b<4-WyIHYvg;Qp=)mBbn62`;-7)%Kos6S|) z_F?F0GjIHw=d=>n&(m^yqJQ%a+pXB)__R$Sl&h!WFZzNjdfC_U$rRm~MKhVn$3dJ( zGp6@!Qm)Lk`Z_%K`I|0727N`kB-hNcCo{;vv_$->ti1|;2;)+AfxjemXg;dR_P(x{ zK?SP?L|xb!Yb<5r)hK%0P7!4z-+ACyZ~5Ts!#-^T zsoW1DK-b>{eWCMsry&arIt1b`V1d7EX@fO0YoF9bXa#{NAdL2!ep<~@n1bIbN+iCz zbHPj7rMrb?`$C<3Bu3S?Ko?;j%^BFyzj*>#@)>tRj=m-1fCcHUHoK^WA5l*;sk2Hm z*GuTQjb|$0^L;&6F|&1hrzRaybC^3KYa{tj1ZQyD@Vgui$QC_~YnP-PI$gucFLGXT z14j2v_qO|t{n#qS7$&i4CH4%~Q#gCNWao>Y?253mk&de|Xo`?~@Q&=x)QmGsr&yie zJst;dqQPnQX0I>L7THqb-yx$8bmA48zv<^fxxljkSMH^PFKsEK z4@fv3n^3h-0QV}~BwYrkD+MYPERa{NCAb&+Ws;32569l;OZePOUg=W~n5to8lR#)^ zSpPcxRqio! zPVo)Ac9RMqWMUK~e~Z`;PhZ^Xy>6cQLIXS3RwHn?`U))TdDelIONnFe83~oI>DDiT zGiq291bx!jx_1FoDdeAso6tUMXq_>Lx32Rb6u;a7==nh2W^V^p(Pck%h4C#@w=!K3 z5P$N;tAUG8R|8LNzUw^cW-zg!TbczrG|yV@>2>X~McUh+r>$B)A3raQ_+^R$s@#_- zFDltMlZWtQ`a78W-;WMHQ)#NJd+DboPvmTj|K{KOB{GT2?wHZ(u=pk=ryNwW;Ukc= zUXt1!ytdVQWH`2)3Z)Rbgmp8dGc)1fKF!0=@{$N*(#?$lW?)Ibq zA7gJG5B1x{4@dS=){5-=KG{oID*Kw9ETinZ6v{G)Lbj}9ZNU&>?1dQ0z9eHOliEn>$>&>Nxy=OYqzDQNYa#X;fDV*n4{hxdt{^g)87;E6xw4tNV zPhMduYV%rN0H_RwLV|B_hQJ4)bKVaEfCSu#J3B<`{eE&s(;0*XwPoe?ThyTYGWVE9 z4Zd4Y9b&|QnRHJqXc(>z)O9pwz_6S;ceU{qVKt6)vXT4PwRQek&@$AHCB%(*=*bzA_mrY3 zjG#{AcP?zjrTdmCI(3ypd?Bfq4+92F;6`w_BYvqD>8ziAf|zH&ak6)#2@;HMJdE69 zA_e#)M6Zdf!p!ax%B}RRr`0Pg>yG5+Q3hYW%)`C!c-Ovdjlf~2nD!`}OYG6G*Ra~XMBH414GpyVO%5MAyJwb!&j_PKK` zRIQr1MNxluE7&sQecOZN$G8^#{dEM1Et`Yu+Sd(TkA$+1e7HHinX{fX2Fl)f1}#Z) zY2nzpeHxH9C?P1!!V@E;=@5z`mH66=axQhMftZo=DvjRe{hY9$7Ou-32HoEBeVEDU z7Ooeud1+4^HcCp(NOYp}%snVoaB}6(&K+cF`oP5dd&6b%E{W)E(|YVmhjGckD`SYu zEqrbeuV4r>*vR%(#BlRnlHGAw9KIN= zQJ_BUB;+^;1XJw`z5U4K2&^S*BHy!0J2-l#n(Soryl z^YYCXoev_GpNR%Nx?yh-E9MJ24oAfToRU-8yS0&wudpe&^EQ`Zu)YEBJNtjc$p{qb z(_94+@0$Ixj!FOEhPxXWHCcCqa9i4j^;ooAX{w`C=UB{3N(qaN0gL6cLY*MNiC^`< zZf;dQ2V@zY=3Lm9Xz$Q&wUyU+0-{OiD$Uapg==1K_M1YgSFgur_+u#0;ig+ffH*=M zOsp5aZD1GPuJq$Qc=Vs9l0@L-5-A9SDlrmQp=R1RaU72O>{x4|j1x+<0gdkf^Cl5% zU+_Y(L@gRK>&#!YmSVc8ilnk^cP(mtPxeE`m~u6F-hED54m*E2sZsl{1ZDByLkyW) zQ_yp`_k3C@SOVG5m*OAkRDTZ)D&g=rP z+QIWc1v8d3#YhNg;2qvgKGv+0lKt66tM-vPc-NA=u#mq7D4rmWI}V@c_x{u$aEwzC zfAkf-`Pq*0Q&Go${&#Y&XJ515f_ZxU5Ysy}iP#8HSwjO+nYV#hqw&Dy%t$*f_~f@b zqtU}MO;dy>(dC*|o`_k#HnGC2?Rr+v!6yx34|9gnN$e$zZs4QkMAs2F7F5c~10 zZHux|21t-OBN89pB;-6-JV9{#GkG?P9oVWI9-!{itex6w2A|E+8Bga-!3n4P!loj; z?-5lMQuk9tfTY&)`v?B!>ks0#EQ8}$i}jXF>)k$_RpAqH%SVT&42{1d^1M1qexH&8X-+*}ba+iVclOx^{A-`OR*m|C?lpALL(?8qK8e>YD_S zPdg0)p8Y^%iH$!MHikYtP{icCG(T1+vGV)koex}p((Yqiko#jY%kgCC?YTK|npv`} zG%5g9Qkph)i0WjY>U)SXu6VHesa+JyTfg=)1^iAJq9*%&q5IpSO-}>c$hU@sbXkcS zKUmSMJC}%0fBxSg3w$ULh;OTs5CJHMVO6o(}LGbwZpl`CNd} z91DHR7u_$l_NFwyxvq-y4#!Ujr|{Y6Yl_^D5@z4<*A`m~Y7;dHIz-Hi&H>09y-;qH zFtKb?i{KHiw#-ZTX1%6z;i?8nG4L^33C@C}xQF_RqKEwd3@-9#o40?rFD&KBiu~T0 zppGV<34>QEkH7FGI7}HV-PfFSfdhLLH41F}=)QM`#R6G-SFYTcCVfI9w5i$GvpP7Oi$RP5-& zYEhoCU-GwM=7ukbUI4I#Hc&7lsa`r9bdm0^mwNuSuYrPUWUrB9W657&7tCE1ntcGQ zgsKKdK^PtzKD%qfwXx!F_ILOQClGIWxQ^@wFr;Sn%EWI_jr8`MUN)P&cMjz-W_@9# zDyh_R_^3EPD{xRWRSG}g)p7GuXgfr4XwhLBE#OEX3lxZ=-E3(+aNds7-QJO~V1a_b z3TMe1wa-4zh;c{tnEkAcNyqza>t|}95#6-rAY%eikoVc;tS4+OaSmvu|)q(Md2zV!%!?zH7I{fZO$-F1o4x<|#T zS0+%~jkgE5Iba73-$2#po*;3m$6j;GuioDoe^;h6$lQv%;xZi2=qpEaX0dX<8ch1_ zy6$hdHeBxu-?f^q*Nj{A|DiZrwhffJVCmi5O`lCPBy|{#wjlIWVM#7HSwh9!C&!S9 z(<=?TCp&Bwx*Ak=e3I@T`-|&}M5I9t!oA?_$_W@sb+4GO@xE3m3ciI3@xszwGUQMM zwdFJAV70OOp1~Q9X%}svD`a}^0TKB%qVo4WrLTBvpVAT`KqTFSsT=%~1R4~X#QT5a zS73P-yIY0`=u+V03mW6-K9Z71rgk&^2w031nGaQWT9M|)fI9s8eXgXwgH0%_*1Iad zyY|k&{CN}b&v4%bgzPnDVqeAk`LrnJhA@^wT2v|Xw@9eY_)C5|cWi3DD6TLcB2t}& z09DHwuq`r46?do}3;u_&UYYpfDy=%Cd1NURTm!scg@%nIqpPQ8WcBpm(Mn&}XViF# zj=LK?xcYmfRi1oV*}dG0rj>a?s?gH6{f?$fl85R@d;Yn=$ImMfqEp)3FnpZH@Y`Ip z5OsUYT{6W#1qy-D3W~A8D_f$VIf7ZFdd)=WEIcV+UihaoIU$u96bsdig7(H9qqA1v z!N*H(nG~`A=|0&%7t=??oJ-Gx?u-;A18`ZVef^Ui zsjdu<)~IExyW+1{ z`T*!oHZDKVlXVw^x=mF){Q|0CsekI&AYui*9596bd(gH0fh3d^^!6paoS%6gH*(ZZ z>JMf9SdpO08o)v8vl=G!?XNurlgwC+;<9{Ta09%4tNRWA-0V89M|qyJ04?gf5oV93Dl3uO{OtzZfgZ9&0Kp9<=5JnGYh1L5`1f-#PxZ*K!mp4$RlYTBGVL!F*Zp zbETrOLFn-;Fcp|T7r1lU@-7&Gz0}rEy7BF0!Y>aWG##tCTOmoX6EQ= zLGmXeuP>`qV>!Vi8ZR?IYs9>20))K1!=LaO@vbPcNPu?!Rq>w-}71 z8tx4)M)*Q^x`m|^dyegu6EzwggRHp6vrHV6Gr{{+TKK*Oqg^|XI%RkKgRSRx+b-Z) zn0u8Zr2_#tkqx$!OaMR5O-6UuO`Uzb(#FY8yaw+n?j|5II;9~W@0qV+CTV;@I zx4ms*%HTU%v(8uzI5g?Loqeti^}zZZfFK|u_%K%z63N%j#9(!<$c(ANI9$^P>_Vnl z>Q*_vgX`MSdfo;CCnd2sW~EePt7%~EKpiRsD;Y-V#;)4yqgF3sgo)x+PCbN@Ac@S6 z+dJUfGeqB+gM;ijR~;(5+puVA>aK7j(u1E_jP=0~v*FxX6ab8hpoy?m$gX$gb3u;d zn|Fo0rJk8$6RvVsgqbl$7ghq5JOtl^_5dzB94KQNg*LT<(t0x}t#iLECGH&75bU4$fFDKTUcdK{s#Zu0y0FNqfs7a0xu>TM_X6IpN0*S8ko zF$_99w)~-yG?wKGv9$6pnb>>PC8|Z5`iB0)K|Fr3S@A5X~DDT`=20sUUp5aQYXe{_k-a5R~0Np2N1IRM- zWb=~mXd0BohTdHAxt+fOANb#xkF#o_40WI71X+uuj7`X~Ctp1>NqHP8u$8M4veWHY zf4TF9yzp_+qqivaXAR?j?5PhEFIfKtb4x#uUXm$sM3bO%eAW>AqiWsik5Xe&9~*CM zd*`WgmimH(c-)Hn(0WKt^yN1N_y+osBY}9fS*0{H8h;U$Jj4DYc?J$oFbEX6&-x1A zHcHyceRw5V;(aRHoX-<f$e6;D>vt7(7pK73z zP!acTuQ{I#?@db``9=6uDfBQXzYTi@Oax3(TOV57Y&(1GIvWy4dRQv^bIP?3s~U7s zzTQ6KVe0_1z5Pp7^K$jbIechQbb+qDr9mm=R{X5B@9>`UdH`m~I0A|J3x5SX=f{pS zrZ6*!Kl7|&csa1kHeuWruQNUJ@INmbnfv2nOgF1{OAf5F0d-KBR|!@^Ku zD3>0U6A8^Yq{X;mVGquMuXB@x46nJHj4C)Z*wG#Avm>Jk|89|o^sw>;M>hw0w50k$ zn7etbsYReEY*;A2aD&N+d^G%RTVIB4A)@g|!{@xveHSSdNN+|yeD;Ffv3z3;#N}*?aV^hqx(JxUp|C{fBp5t)HGCFtTr}?8pHFH0(Wq+jy)CRZ zqG)-~8RUZf5n}m?<26M;Z(JuJw`4sVsTtGn;gI92+Bg?u%ttE~2z_G~&Yl*ftKj84 z_#^WYl0U-gdNoe95|8x&;-CS2=Yx?@y-(2^P`-fLok@T+0 zLHgDAf_6A>R83zziDRLXs2mGEZZxS=n6-#RXU%nWPHN4FzkKBO;f69l; zn)?asXesDzi1W*Ma^94!YE`mA(z3??h>Wu}#%nhEl48F8i@hEjqxa>@H@}|^EvETg z=^Yl*ribf2{nUH&)d^mgUj}>5CDvUBw+vsqnBT^v~ z)_V`Y@`<2ByQ6h+m6_e_b8{vsf&`jY==Luw=Af+w<{)&6H?PQ55|DZ1Y`q}%6Un^a z^4y1+**2#VHO2LvCHL#F4eeK)`|$y#zhhutkO$^VHgmJXg0$Z&l?uU6!22HSsC=5d z)!$pXZ43B^lkO(R2=DYteCAU_VvW@I=o{?&a%oB2T%>h9`Z%cK_P6oH_`foHKbmQ+ zE~;`Nq0rs~;GOQKtdK@6HeW2neeryeOKzGZ-To5nM0)zc-D9bAzF|EL%AwvBr#e8w=%FpCNX=6ZJ|IN0d*Uwypu-wb1?A}sPcmk7@$Ve zWz_fVxA9m;gs)M*@GBgG&a8mS+61n*n|2vh2loH#;Fb-Sw1OWdIz2R$fAlR+XTMDF zAH2Eum_$Ub3r}4c+%?3EYadn!@P;8Q1U;^+N&=lXpRJw-tN#L|mzzTY3XR;`ECBl% zPj|g=^Oq$wvQJLexawcCD%2+_@cU^zOyuYyh1_r&Z?$9o`u@Vhji5`;ZCqg~!a-w? zpoMhRloq8pE7A%-*SZco^M?#}dQv^sH4b41ZIu!&1gbowiG#%YeF6$rB*^j!gI2gu z;aq;`5}V`ne5srJwM#TPQ?oXnWcFDAGeY!p*6Hsf)Kx>?T5-_a3N<;ltFH?BH0l$m zzF{By{g-1t_>8K-nrP{-zi)A|v{^e6D$F5GSo$j^SbJwStD^RKvRE8qiB$(DK_o(l za=TB{$d^Wu9}K-o19~_E-dqBR1VN|%3cBxFq{a_Z84x%$4eNrswnCB`aZXTO-13lP znGUuh5(=&@*gJz~?13NFq4}&#UU+e^*##A-G2n7s*HU%=FKj3S&^RliwXw4zI<-re zwfr7~Ra5cdVDZVjHcFhaA;tO}f+q0s!dd)=EPJrG$`FPAGWXgbRAp8|Vu(&ka~g^=d(N z>U1i*tiYl_H2{%ePXyVvxy%?aA30z_*+5E9s3(9>nK*w%Ll=79iU1JenuiPw2V3k! zmft#Yki>g4=gParW!xC(^MjvS>!=C1u zy6LyzThdu~JtNv=$``HmTzJY=m>GXfH$XJo1*WUVjV(VTgW`${D0xb5O-yrxy&v*3 zky0QbIq}Hkte0wOMee({+&dDvjVDO&iG`Xo-}Z|8>s~~;DEs4RkE%h>V&_t{*=||B zFiRhBq>NwvqA;s!_y*We|=M; zbAk$Y>;=A=kk!3moLd*@uiw%XmT+3P^J&yei+i5>V&^r#P4%x9!Y-yM)IUEb)m zTbWLoFoS_X&T{wZp(hE7>*m&$Vt#z!H5JFzZhp{SxUA*rOgl*M(k_Ilo|`+ziPX^v24)TRIg9}OSQ_nII5-?S(a+w*p zav_`OWNxQ*>P$IebHU)&{pEJw=sko%+ECESP&9X%tf;l#g?cX+sXj$~E?0q<&G$yz zil3geC@P>+xMib$AQ=^azglytY^;J}(YD(On<;uLi=Zrt8!GrcbF?cK4R~(rf>WOR zo;a~{A(@bmR|_&BNt?a+nFhJ*r8wL>#;GLG>_yh~8{iFaCC}oo-KD8tyHS(Tv#YfE zy4v!$NrjIGllcmI*S-W8CEf=UP3{>LP7}&5HQXTUS~)T?el1356u$Ns-*-Kgoynu< znof6iZ@Lja8w&(O>&gOVQkB4jKNr{~Q`1o3S z?6AY4D!VkRD50@2mlmaJ2;TZXBa`sM;qT%?L|G9<$IH-MDokVt7y{O-f8XKJv zOAYCG^!bhf-@ETQ$Hw)XH@NWin>4g1aN;c;y^P-@>hh!>ytb5ekMel-QMAqD>U6)oz?7*}wuR6JjZ`M6s24glHOSP7yYL?Eu^jj&zU%WSab zfODQ5z>q(9F`XN6yQ*^3Rq)j4xA3dO6gWz*ep`_3L@{82=$GS4 zLaBNp0(;LNs*&ENEzbe}MdmzgeLl)qHbBB4EM$@=yVRiZsjPmicirzh5BkyHz1@xq(`!TA z=b&`E=VnZEbj909i8;>Te_+J+09UJhq9v|0fAaZSs51E%vD;@zlsHmJ_1c@F(DBM*ZFO z8F<37c)Ea!fkMS%%GXaVJYA+j=d7Kx=JmOPHNufLgGi+v2=~_Ib2eddle)3QGb5z* z_pcMW-F70C+t2wH;5wD0S_shYfb z+hu}+K3eDWtR8XSW55UtzMj$#hq$&N8B&{+adebD--4Y*{5sLxg>2@BTV*8k@J8J3 z@X&=H)KkLc z#28@(h(Z=4P#R7Obs@kTRk$#zAKmPzk5kxOi(460(DYR0=VyNqa~pkAGow9Gs4fzE zRr01jA7)Zb>qZpfR>Jl@y!@MV@CMJ9Qj(r6DEj*O0Lu~On3l5&Q41uAJQaM(I>)8Xr)2GZA<(d-y3zeDtjhn=akKIl`OJ zMTHn2-mm8mQ#~>H7P&d6x8|gJw54`HchJqg)(uq@fIVt~Tv(a=<7X(@n>#o+$v9)m z)hp9R{LkNLzXOZWj?HlXJ$$gB-kFg(8q_9=6o0_)x-<%3VtEDjF3qNVa5HB3k~nou zvXgyjd77A=Rp0@U&Si|N+Pr?vQ>b!##p_S`9Q6X%`!5r$_DzV`%!s^mwUd{N=!=DR z7S3(Hxa26pNA}YIORGyaoKOfKtm)SlJjA=@GZZc9N)Kk>=k;bGf5ehFgAN96G1H=y z4-*A!aPY2`m$+8CH01+{0eMZ5YuuB$348r0v4kdctw-$Pi{$u6FwS2);4nBzdKls> znwi(M4CG$ncymniq~f`PNppkBSM6UxRg)o6e_J;SBe9InS*cGogo8#A?{DiktL5Y~ zOiV+Md847GcW?%2?+9PkgYR7!mRFVskm>N;ipv8ppR)u=g3(4|j(5`FaFIvX$4Ay! zcDwIS?XTrnd|4^cIdvyx1iSgOUw7nAdjX6uuU0)gi+@YdXh+Gw7aWDPS3XX(=jejx z1u!gi)1b7Mw3fMo%+d0ic@PwicMbNto2L1*-bWYm#Wt~<&rMGTSMTr4x=Bk1dU2cJ zEt5l)Bo4WM5#;xGDw4N$GpMB8RXAEfJmG?MLgPB1B7W)4c+21lIN*k{YHtfHu?968 z#Xk(hoZQ8|>W`U``p^6GhJrn4)HawETClciz*1U6q|9R>T?V{%c+ukpKz`$}mm}`Et>~XE-~P4Q{}n)%!G!MYV2vzCwfkso zE7?C!MOW4hzLthQcv*Q4Sm&Pl659aJWUgSygKdj@|Jeo5De?NRcy{YG$+cXOKIcZ+ zv@QMby_JEhp zf%mm1G-9(2hgJSc4BUE!ZN1%O_aK?Lyy-KKap6>}nH3K7IdyvWoyF>2YxRk9-gn3Q3DH`P9%yqS`|FO28pU&K zU$UQ=u9LaagRODkh(z$_5B%cI7o&u~%kjF2q<9OSi*1#8&iNdp8ii#Po6M!%6{b1p zRzK>Pfk)cB389$(Z4}QoB__y@SSxlY!tq8bpGn#pXye9ic-gX^5Ohd`{#vfTMmR*! z!D<*~ZV~DbxzlO@mz{SAn&Y5pK-1^ z;R6m)HXcjFs((~FHvA~~0or#Iz1}90BS5_-Ha12VCCkMzhsKM8drOu=$y! zMeAmDC=sUnb;Hx_6W|Eb(Qppc7No@9oo{o`30{Zi5?=c!yJW>8wy3pT)4RYf{79$? z55bCwOzD4s4Z_LEn!=KD;XQW^!HpcZaa6yb<2AVf|NipLGp6jBSZO{_a{1Tw8XJ^N zi{RuRs{RX%0W7~aFDPG+8FMA&Cnf}H0l84G88}N6D{0&wqgllwBLm88ii*lcgA1IP zeHRo~D{O2BNobDYEeNp#KEXjqUE{3t-i_QP1(%jB(=g2&DyTE730FuO*Hx=dD11cP zzjGEf=(yjdCZUUIIt*H>^6(_crjSFRtCg zd4F8+iv8|9K`t4|s@)Rf5j_UE#RoeV5AOW8Mfl5=DD3K%6upB9dfue&o-F=v#khf} z35sq-f}43?WZtg=KnN%`&lw_qjMhv0JU^+_FCJ->Tp{I~t%;^ovS~B$RrVMx?}~^& zV$0W@E#|Ow23~cQE)DvZYK+g|%87JgmJYS>!j**uL#74FxK@^UaSkTEcOboh4d9#sOkd%O8F0=Q7;)TjUSIQIoI@2d5azh`DBvDW z!VRJzi_+^%%fq(MvS$u*!YD}zeiB#jb?GKv@!6kypXqv8ADi0lX3_tx_)H z$FMQ3<>1z9h%1{t6LiJ4kJ^z0kL%D}0AB2VDIl^+Fi>gU44jhjm-357zofzoEu0(w z@QT{?RmW(r$ibT54vcH3ZawNwlMt*k?YTrsaitBf&k}cOiv9v{k|{mZ`8eJcG~ZWv z!j^s>#QdTN^^!2nTDMTJMzFnwP4G(j>{D+x4N+&2gIhUTS8Nj>rT;lk!8p89Uiw%z z*?{MV>u8*2`FVcBo)iqf6)Jx z23`mK5W_k311^Gj3V>ZW(*k)x3EK0BIes}1%Yn5DiMON_bFDh02D>t}YTHatUhABC zCwIJcHY_@;!}D1Ryy|<>vpm&1W3TH^O%PUuDsOcXx`1xs7xW*3Ssy3OGM@ME<&`%Mv@ze z>C$N@qvN@c$otwS@~k{GuAZ~jOn9O0GG8ac31hnce*#)d1RngZKUi|T)(surO7N7W z-YKp8m+dJvwc^7XGY?`QE2f6C@}B(4#g-$g_XOWIN$~9$shl^0DU3h$<~aK5!6Y~y&<4?phH@CHHXnu3zh4h zt*CO2AD*omMxqvAJ&*GydC3PbHFgQty?g^lmvXXvydn~exf%jJ+=@1ZQHpTbJu;2z z;eDP;0j)@`iskY-$n`5Hai}3Bffybpu2p!favzb!anq$`L6i??6jXbZr`jTR;-mUJ z;f;1XG^lW5f>{A2X^A4pZcZxR&#O+&_24yFj0LXtNU$NK%9c7HGJe!BAUjU%S4}7X z8>hnsdk=mqBxC{~_!_me@Ln_gA;BZM&XEXrGo6D- z=9qHOUD+4UyC%7Od4r$!n>JBT%$|K-(rjZ}?Lk_F6k3lg5ArxmHS@+)6W}1JDT+>C zj)O*vfUDoOA}2s%bku0|B-$@XB;k+c>GMZC09X&*x{>5i@X18r*}=T6yY6n}Ddr}4 zwbTOf>?8w?<`W7v6jQIh7aAdLjm2rt&bd2@p zZB!qrUs?jZ-zLEkd@xrM^4VT>Z3fX{1?v{83c|iP$ z<91)P-wJ81`}<^(&0pS%>~s6HBgPnlf7x&Jj1Z7Wke-8m&=r{ zr7U`PR3c9-_(>^)!fQ^SN0}YaiugflT5Z}!9C6w+5pMr08<`?>X)$WUDu`bQ^L=Er z!|!Pik=TqA_OUp+tHk^6a&ayJ#+a3A=5tQB4_c0={3eFQ2Bkhq$eX%eDCzo1fA!vV zttgr@EvWZB?yn}lvb9@Sf5+>Qrsxfa{*uTEew3@22v^>j*;R6B zw|N2qwa?fc##?+F+zZL>5@&3iwFE1?G`9sNIR3BTE8hZ^G60)w01#bm{pI!kc4s`4 z0bq?_%kt4s=mg;Er~(HC0$|0Deh1>!^xiT-nEO(Q0Rtg{TkDQs#q)n6&~HM7`A&PG z?~}@PmS)ftao1&HGbvj1RKF=zn#45C8wB|ev}Q%d+L=?jlPi_i6MeaTa(8~$afVSJfC|8BuXC7@j*xp2rw?IIkqFJ+r%OsD|KDDzjEy@f?^Zt7Iqex!u z++Txny27pDw)Hlzd?PchB;jI>y!Q`8RCsJIH-pp{hUtb_g3_d>xru(a_K|>=A zV$aFO!C#H`E0+ee?M5p$aU1hhjx4u#H0SSGjMiKzGye3!PfIf1=dn3pR`@_Bcp(}Z z#tCcPk&Z|T1&@_(;Zcf@rkI}OfQ3*RC<*9Su99kAJq^ZWc(Y_Lkj?ezR1@gf=$usd zoabFXd&a)(1O6Y*##aL-L}1zO^r+Y4GV2ib^90!|y`umjR}j_6@o=cQ!(zrZ>NT%E z%I+<=Aei$pDWWvwCu8wP+QwpM*0pxYoM_VT+<(N;ddv&^(5(J>uWVJt2w$m`TcHUz z;}QPgY{$ByoperjGfUKL>xR0wu6ajP zZO2!Z$L~6wWKTk|_K8h&|B%Xz5+1318(2oi77j6Xd1Asc>JLJxPlJil7zc25K2NqD zNXa+6kl?&|&b!cf@6Nv>n%7x;79F+JyVPPQJ=dO%JDcct5WypW*CHBf{If?{<9p}x zYGNHU`^gEP#}P_7ItNK8%1fh5;WWo6`htWh;NXR5@Sqqt?hdHxEF@~CwLPH&`j_It zUniUSJ)8O+%2ivozF?R_V@wz$m9y;d9J^K~%6D_RX+DhFOjw$@Z}mpT@&f1>e^XqR z2Gi2(*$9eXT~RM-NO^vXt@!%eRR29PAV^DMlSf?)AA9;=y>Y2Iuoq4!#XV2mNpOF8 zrfr4mY19{9+AlE_4-6bFx*gqaj(VtK6De%k8ogth#1Ud!aF!A5pS>JSXa#!K9nXqs!;NQxGgOYihd&6JT9W z63~|k(l%4DQZv&}K6Zai$Vc@$5s1Y%@evmQm4^6@%r7q~BG#XB&IsXM=)3c@WnIwx zTVUlM$qPFhN`MImnpaEYhx~K|8dYrs=uC$Ze1%HRLIJO2&2HB%g!)VIZHF z`#g{B+4fE{=vmX`7D8zLY7Mgb@E-ZaJB~I2f_N(*#Sg3QEm7w_S$`MfbB8ZjP4tts z^IcwX%18mmQj)okO5}y)ts;N2yEZF`-9_BXdw3%xNyN;(pFkvE!E2>jA%D!!Z>Mc~ z+?#E;Z!2GWoY-h5;IJcZ{^`>8eGZs;;VJ&WyDdW5E*>$I3o9IA`0D+~z{4iz)Q*#> z@zD6>kI_R3UDq+oUx>J|=;G756p<;u_?FR}aHZZ$S=F_63>1WS*8Yb9xZ^TWW*A9* z>cui>%c2drEHnf`G0ni_9tl0~SFXn(H&36Sw)(m#tdE+tq+` z?ByHq>a?I@cQc3;G4gK!gLDPh?+UljtQ?@*AXm)&>#Dc5E%frtlJ)PS*D_K(Y($2s z6>&W$-+z0GPgC0o1|4fXYo{2jZI1le>a+LxykIxPTZ5Owr&H!}HavgFJ}n3}1Qx4Q*sqi&fg7J{!@dtA!Na%q#bD6rpoKY`$VfK;c zX@dKd2Bh|K>ENbcfKCpdvn(ezTxaX>(#1a&Fvhzx;O7hq>~`VPvi>9Jf<}2n7dbhg z3cN1jjZy<-_9PbJck^m|`c`O636a}ADkSOp+z21;PHNe8vjrd8E1#QVns|@8eI=j6 zIlao~Y*bGq5Z6$nt!owatK77xnB&2^DyHDJs2(4WWZ$t6IzM7h)&rgRhu8-LHm$W`~9>gLrNDz`o@M`4z|4}2o{GoysgO5Vt&c!h$U4hX%$~XC4QpI8&`K4o8{{u7{H9S?;61xREkRUcv{ZDKRYNNdn zU#)WeON!xyuG0U+My)1|4-%{&ow$P2x8T9guKC0Bf~Cf>Hu(Y$6gJvlXR5{@XAD0krqYl-j+BLOJQS~;O}L%jB||LvhT2- zZ&VG2MI<0Zo(l4oZ6eh;gEYYXa%5t-v;QjO7*0GM(+9+gEj`M*YeM&%w`@DP!gs1u zMSF}lH^+RVJU@9I1{vY4%Ej<3#Q#J_-RaEI?b7$ojSU`YWR{>1taSdLZ({8zbXNo> zcjb$w7uBg|qB(4+OoweVxl#n7ti_dIINI*MYfi44y#gy2<_Ofd>})Il^;V+@0;Nc7 zwn_5^lu$|c5*}TNxTyS>YS^AvTfC3fK{7)tvgv5*!eEtBEY`<#{OyjF_d{^K+kDOY z?;^o3gw+ry3?B63^x+|bX66yLDJ3z!(O&j@vPT^fS4d-o|JI2dSg9|EDjH%Xmgi+` zr%%d$T3hy?Cv3j{M4i752=Z^eVC^ zJ}!(eHk~e^*g~<0Yqtqx#ZN*_F)LYfC$*qlf?8|);=NB<_WvU+ML_O4XrxnZeQfx+ zbZ%PVzuBf0EnW8s+CuklI^5%@@J)*M7mqH}79%u13C9a}rm`_P=>FNReInqqJ*wfR zqt2{enZ}hCyyRJ3sulgr<1zaR`WC#JdIh2N%N9!RV)9PazmeOXG$<+g`pk$vDdQqF zbS0AGFkb|rnD}~KoGXuH+=;QI=KV;uUD&7WHBmgE7uu!SkwoMm=wS&m)P` zBgfJLXH>_5kZ729&QrSIF*D-)pK8VDFg$ibGP!?vWbl&s*n30ha6BS&iHZSlp#;kI zFx7CPhFZhD{-xmr*VhN5o&O5$M4}XF&r^NM$cM;K;r7G5jiB&zG)j66)iP(wrTrcN zp7T_;legZjvYWyGq=8cS$}qy-)Kzj=E1@Y5w>KDLgjpHRW8CpUzcIMw+JE8L_qOY@ zftPYiwzclKHiXyx)hPK@`iQ1xKN25pa{J=24Kjz!F~j9Hc2s)W#Ozbm%rCB;zLg%u zIZo*>=!!mv| zWzi+D;uu~$f_l`Iu=A?mJ+X`R-{2>z-@X3_K`Ba%8yx37A$^9-O4+gcJN-|kXySnQ zOwH@`7(7aUTp%3BFKc4moRq@rY5kvi>h4`TQlo21hS90S84=A_F6;H@x}hHa zaGn1BIhm9*p@O7qA8K`Q%*j=WjX5nKw-R+yQ8To|Xx*z)KddH+{6&LMY1&Gq!7vQN z=KXK~qUJPP;AXMhN0qBLT>Gu1>$bOz{OGAkB&#h$8vX2zO_)9D44jnA%7IxNDR5-#B1gK@+7g9k`_ifS8YX*lpEzQo;J+NV0f@KCa(0 zBI>c@XixcL7VoJ_DS4EpwH-LzI4`qefL6tM54x0absF#hb-U%$^aqpiXlz8wzqljL~}V96VHdijUr?a_mqC zAHLv%eb##E^wZ=iuTz?utTiX2W|s$jOEXoKZNk#)`fugeR;|0bZ-2@pPq>eLI1LHZ za}%T_mQ0*5IA_sAJ*<+-+96Y< z*N<-ddNbnSJL95_ztz024|JveXS1!)g1DZYdsWF@Fz9j{F!HBKC!w@ydn@*XqozIS z2E9m7?8AR_uF^X$1gTQMR`?zMbFA)ag}Fzf4;hH+JBieAf@K1kuvs> zqgEwBcd}_eAmK3gu^XisZ?U?gOtx^q$?Lj<(ueC!q;;p=tOPkV#xZDQF93 zV0YdAUP@F>g?YbNo52Ro|G4y!kW9Q$@9LH4a-)}p1~yYX6|H_-A^zE|2fm@8TC9?r zRaKB`%kXh(e-7^Kf4j30I$d`Q*8dKImg?`W6>2gz7^!@%)A=zPkLa-R_1()}n>f4c zHDi{x?xa9M3`M+n1wGy}>0da&#Dhy|T+S_LuvlfN(KkyfTnNP5vj#_Ti#>bkVGaFH z7u9Vlnax*LgB2UhC7ZnMRqWmVYz01%P+g-R|0k#ss#LP(IJpsU6<^<^He}X4p4L5! z>@-Q8!ed8|hhXD0IPF?b_T9bGI9Y`(cKlP#EWGu$_2?#Rbaw5&O|DE%opTg)$JYu% zl&<5=H`qJ;8}})7{Qaf_X6NDBkkA7`C? z7!3Y#rvDR)@SP&DNmXXu|7jEvrpNno0`E{Qm&#uP@Ft z>hT3+pxSq9Y|Nrpy7Eo1gTiCFHN=Pc8bW4NM4bq)b5(?5?A|M+<=`NA(?nY`W zpa=*^cSwhH_rKl^-gEB#zW+PJ;qZ(Nd#}CbT5~@0na`Z>zJG;B#!lP`9}_u@M_B|> z!Utcg#Sdb3CimD=*;MK2Uy-&?h_NiLDP4-*zy)K0zSEehMX$SAWwi9C%W~fp-*`zV zp11S2XSrh&$2WW!y#K21C4nuJAwGtVD)2Io-#nha5BckBH?+aG@QTG(s_Dm-E@ln& zGD^cb{74C_l%dbQn~f=X8c=;$DbNu3Br8o#qV$l19&?!_uu0Ch(c52lfkSKuLrtfr zgWvZvcuL6s(kru?r@YNHFadxO9{B0oy_x?V1%2dYi1=G2dMCKGmUVs7=^sQ1;zwJ- z+qG#w{e642eS=Y@Fhd&&#DOA$7(A<){;G$dgO}Ua6sor&1b=DR@DEZiw_|$l91&H% z*`i82q@Id>ga@kUC=IuJ1>$Hc^duPEV(}ja?^3&y!(v-XE`Rmf^R`hN^h+bLxD!5M%frJ{k)y* zc&;dQxv@d!IU_?Pe-MUbME|>7O12uBn|Cx(m&b zDyCKvtzi$%V;kPR#+~!7NWTufa{@AO+?lo+#cLRltY^?nqUX{bDygFgpWAQzd<33S zcz>-Us-|(fBJFkCd{o;~a^1(*+o6#OuS!=&JZRmO>D+JllexD&dwNQL_WAq6OF$q@ zwvO0tltBGQBQ3>shvdg&r>w+?oaqV?xUv^APlRdf#)ffes*p65J^2fSFlIC|Gt{(W zd&rU8|4X7^0+|S$ZGLCdTZprL%`<{5%(My6c#&fvk2}Z*W}WOn`=G{mWmE&{A=50& zC=)j(D>J&{`O>cGil|mTG1T()e4_ifYsf7!bM*8Nz|182$GexxSkSUc1*J9qfY&tz z&3v!6R(1XKsSg91QlaleRtg2VV7Yur5Z39)S{K$*P8_(docudNXd|D=%cL7UTobkB z`WdHq5y6siDax7_1N99C9rH0xP@@17f_dc`Aj?31QlyZ`JaADoe)2s6!@y&z|I7@s zEF)5*rX?AW8qs^ed(?-|+e30pMah&iS*{~*$;QWE-@eS$rzIdtC@x`g{4n#q6Nyc? zt|Cw^X~maZB?bo2eko=SWLv1_)0b~P3Dn0Fxl)2nV?eKQXq{@$fm(e>oTOIN#y=`Q zaAGLAE7u5o`>U9^n|@o1aWn1>AuC)a#*mNFzu~`I|MQq%HlrBeTYB3C1CNQ zY90nN_4BE(oZ;{}ZsXiIZ^uv?G)CE^Yv4GW1W;azRNe{qBjGH+x9oq))5*xCn+;%FL-b^GI+3Fq3x()&XgV>DQrAJx=LmXo;Cm@Miuyjh5+%`Zum-( zDGUA}nK2TpJgL~lbClbDDKjO)2y+M57=hWZA=ku$1rC`iiq=xemdqnHYYSntGNm5VHJ2TP!BA-(HD!ujnIo8b~Q6E)e>{@T#^QG3QKi+hQG zf!tug4}F!SpA+U*-+7Uvkf9ZOVc+>HI-9|k`hZ#XjnJj%;24P1LqNhWv7vq3U!A>l zrKFjB3Y!WBc#p?YSEBXf^gW56gXQECSo6Kp!FX1*T4oF1*EE`{C zOoA_d>CV;ZBLnxISAbBSF?XU)YD~=(%+G*Q6U^`ikFvzE<3+9t= zkaDyq*;qC4Lfa+=9hv#4(ZN=13=6WRmo1;aN&Lt5&RDnzpP!Jd{Aj=?PJN@vkttv)TuDg=+WoUHT7I^4%w6JA0`eBBf#$fR3I zS&ptUx4gH0jmz%>?)x8n3Kl4h&tf)PXk;To!qK7k;@=A#@B&Zx1Ue$@MQp+=7=S1@ z$1EB>Oqj8|m+e{+vk$ zi5aM$EOJ^#@fEQNHF3}#_XY97;2zv(&N_o@``mtSe0m1_emf1c?(|5^bkN`sg)*uY zCRM*IzxeD1AoJKSCQuM1xkI<;Q=)LBChIe8qtJpGT~QHCt3H4mb3cn|qp zK-{KD)!FF?`Yogx5nxIFoY{n{AH^a|>9{iz@u_5l5ynyNuipT;PKT++2yXt6>z8)C zew{cYk8ZhBn(C&-X8};y>KHS+vQ>@OyGXUl;LN<&C{)kRSdNe*E?}A+#tO+j;eDo% zK=z$*1$0V*{C53!e^n>YACHs{01*0r&*B3~r5HNL_l0L144f02r7XH6>ETP9I zj>d@Aw>IEgaqR!3vGTKy2CcT*k1Za~=}M9wzJ7icPKyv#PnmY?-Bd|1OCEntDdx|& zqE9z$A1{n@?krxkMu}HoY`_L@q5cscP2rRer#HEY6yRJaovDjS8LlgSO zkEww$DXZp+(Y=nP1ol`&o!Dv19Bx#RDIvYw-W5}NxQG6?L~+XpbwY-vMR zHuA08KgE><>h~=&dvASiKmBhv0~#QwBPv!9AiH1-1nH^-KSlzaiA z4Dy8-+8t&Eo(R1ycC~li9T%ZpKeYZvx4))6i&Py;0?s%*3lFqrUwyL9Q)rQ`G^7&A znbk@;8?-+%IY-c-R2{U30a0lLXBUDo2NvRltXqj*r#axw2pa%ZSp1U1y?ZUi23su( zkO5ODp+lbC-x5=HxX0AOLacB9fDPPDa>U{cw=62;PmcvI^m+LfyPpV_4P>A=W;go^`dsLvaemFe zFW_C78Nf5C$R?0BYwubFmjms8F2|0hT9L)QXg7QF8Pc%0;Z7EL9YW+NEy&~mqW%N>sAV(iA<#g#R;4S9}w zh!Cs21VS}HvD4krC7UZ|^M-(-&vSPi6+;b#=@|{8lvxDr0<8D~VMU%vQLQ4N-6)ek zjnFS_FV;}L+{gCY(3_tgHfGACue!g%){U;kcQYL}i0j!qvm8=1Yx{+f>fHYlu z>fHO1w`3BRfRmOGI?#ig9>pOgX9p`42}TvH7s4Z-sC1~oX^*7<@!Uz(9Nm?>FyskK z^2xrk&4&3EUh;!7Q82rSvXiXp@}sUkt-FI+Huq_|0D9E2aFqJ3JM?yBz_nuhx>6Th z$6|%t{~*yuD&rQ}nbOireaQJC@L@6NBFQ15X859Lye0dzDjnMJ%d;~928!L}+_H$X zVbNXGovm8_vIky_`fH>qK#9s?|1P<&|B##gFBBI}Lm-Zg{=8jBZTDMae@;D?ni6m! z9_IgXfNFn+I6eScABEp{mIJrQ8Z`M!??LalBn6#pS!0uJr3kNsmW0e*6WGUpXOKh0 zxg5)r6{D!@ZH)r`-F50_;9-)$-V{&)(_Y5vh}Cv-61oQdh6xgT>` zT2H}8U^1j<*~s)0ny1>RTlrL*GY=3h;ubhQ#X$6v2{JICIxuw-slp3-ECuZ&Eh_XH z5QX>X=2k{^9Jf@*-+nXnmp?{e#hakxjuoNL2xia!S7@YxTohrLb|Q&%ett^w@|dKC ziw490+sDUqJE{9HISpQLd$rq(Dbe96{y~D=7%z^Lg)$K{M%7V|;{bMR@peVaUBJ zB#&fmnN+QA#&)8!h*}kc%0iW@ujeJ*2Qqo+uzOXit`yt@dv^Wbd*&&I5AWsf9a0ZD zG-63C!|%zuQQYtlQDps<1jX{3L}wD#18M^#LSTXW0R$(_{g!VM6v_*aNh;XvD^v>(C;WFH8YBDNE^+v9G!15mtA2KYlCbz=B(sKPQW9ep2%Rc=ps4E~@NhAMEctwj}Ld0xezyE7CvQKuw zZ5FoHDt*-zH^EL^gV%{HeA;W-#Hw=%gq%S{0xMIRY6B!EQDVcVLEO3Fc;!oS&6W-_ zB|S}MZ(a}v`EI-kONzihy;ne={|~j6^WW5(Fyj0x0nW_!zV{dw(F4Zw_|e-i}++S+54a;H!|ris6Y}Z~iH<6K!L9?Tk~-syNs)rv+B)%RK|~ zwfXmdQkxVqsYXAJ@XWC$YMzcFfjOjTh+Fri5D7>3G%qPiLKZY8O&2F~gkmVc{_9G1 zXL6)4sOHn==>GsZ9tSSy?n4O^V%I1&PgiUZ64n26=l(oAx9c6KB7GFRu#pow&6gLi z7c!~~Aj?|T-J7rZJk19}GH8NV`Scc&1Wru*7S?vBJnj%x*X2HDVv1(2-E`E3zhpSu zAM^T9Q}IZ0(l993C4YTx=l56rr*Z*kw^KnnC@Q`NHa8G#?qfG>E9Om-mEWa8mxiH1 ze6hs2)LReNo|+DJ#mVZ?Bb!MgdPxet}xlMU;t0fWxnj%sfMm& zK1_x8EWC#k$pak^{uT@Vv?c{`@4_CC3n<={-wU+j8c1#*lL2ih10FYQZ-Jxv7~%i{ zyRuImLh|@-52e9A?^pjz7y|yDk%XLTu`5B3IA~{4QrtY~Q$7{I1xdL$@L%;mX6wnY zeBRN)1a>!f*k^Y(qV*)zi=_5e2GWjChw_KC`YWVwYM0pZOguh(tX==cyI13&ebd(_ zozSMHsV1nrYgyLeT$AWP7EIkZprh@%?x!OY9m7Q|Fw*m*O##SAr-X-pI4i(7d6%EDxNP<{}| z--UMLCGscWWx0gJNIkY)KIw_k(Y5ujMwFY)8NN5;lDxM1x;=XLVCuqWt$565d%i;% z-q>I|aoovnv@(S9_^qEl%42kDPGtWA=fmIgH2ez|52X zx{&7IXNDBPD2fiss^-n$FI@FnXYc>gFTY^h3LjxHke@-qU zUT!c#{78+(BB>Gup>vxifL6T$R?P-ZA@y2ph7dxR;c1HCiZZLBE2<(U@h;0Ymk}Lm zxL6fcROO}4^m;-pYR}b6=;8rkm49WGX=F-jTe28DR_&U+$4mSDDRx}Ewqy(e`Cy&LqVX)VF{8im_}TL7|VACMKH&bQ)|P zl%|YFi5p$=)lkY>9LnFhG#5pA|MZZf((5KJSRX9}9U8uYr|beiMQeOd_dj=k94aH1`+SnWYPM9pOtvyIAFfW0 zkH2^>BlCpATr-q_BTx3?bcd8ludGS)Hs1#=p6wqp{k6~Tjdo&3s2Ax-e*WB*I}#BQ zk@NOQZhK)aVz2%sh6Q_ewi_)6NA&s0#=G9NlIHe@i*0RN^lQKA=R0E3Ij!Q98@nZC zV+xtocgy?x@0$;l(LKv^L}JpcN!Z`Gc=V=rCP1H>1GA|Lb~f5y@{(A)+?dj8v?3T4 z71e7t@O7q4v`l}IF52kNlVa@#5grL`ZF=ghi;+cU9-i3t=ng+uy?O2@#adb;b360+ zyzI+U^)8foI=Nnto$H)8m>fwheA}ZLRLZl^X{o8b)r+(x`JC5FtzYXT3pvww##i5; ziJ?r4u;B+xy%5;^@8Eu;Z{^Q<&LUW#uoNgTtu%328E9FOEo{0`~XdH)rB=B2x z4hwhhpFc#rI|+>yuiDyQ#DAtJ8-g77y%3=Q^T7g{qoX6L8(~r+4CgwshWZy_f`_(o zBNLkK`)&91Q#lLcd*~*Lv-VcG7{=D3nRQ2dqWld_|5%XzDv{Jv;=BNJPmT{GyUnIk zUdq%}QZ)UVcz@EvvzXBI^ttY~tAk6Bw2xHP+arS7#m4NV>M2wYCFkCYkgU4(`lQin z8|jA+m!o194gG0H{E+uXEl7LgZ9JZS!-Zowk&KpS?EQLQ9mW{SJ;N$0k+1aI_V{GO z1O2>NvR>>-Xt<2A@ojXsCA<~b%9dKSwY(v-IMuzQjp`}<-sw7$?8340G}6X+Vf~+{ z;Ut7d0ruQ3ou|irk9J#B4bA%diW$Zd=wozUF@j;|BDFO`ox5k4a6YHUqs*TV18u$5u=FOh^=J%G`hWn1v;DPMg|$7LBD* zwm8In3dje^O!m3`&4-G*4D@eN%1rtMKR5dxwDGg^Yo<z0{@Sk(g1%EWEz~l+a=!&?njfipAZWz56P7|u%Xn#4HZC~@+VnjJi z)~XC&`!B%^NhUbFr(%o}2JPL}T?t}*^;Mt8Leh4!C%{iYgI5kf?FMf~W3KJnKb1BJ zL%NJOFBj&>+w*w4fO$4?D-7C7X!F-{-hCklvrj%z0(~V!k*%f%+HOG*(k^oC(n>p-1ofM?Rw=1-X2I9UGP>~{3@_% zB@F-C)sW&b?59X^`1WEAX|!&`hIi+WAh~i2>OD9?*%HU=pXvQ6BE$q+!?L^0p$?kt zV+MZuotpjOTe@R)j|487#&!?y8G7mbVcq1~#jTN0lVW^l60x5IwzIg77w%j=&QoVH>H4mrA6fLR zko9pYS3jkXm49-sBd^nS?|fmjUTBEbv)WKCsoa;fx2%=ap%05yM8jv|N;7m?ANL6n zDq_>MoiuZNw!ya?Up$$Pf5e~31e12G0ti@MfMrFbxSlsjFp)b_pJnw(yIw+#&Ba~d z3!R+DxerNwGLwYKUKc$W}9<^SNk4pncVDl2kRvIx$Y-J`XnC#hFI1g2}o@LMF(c10Ade z-Sa^7Yykrv5NX11<=+LZm&Lkw?;0Vm#vA_4%OCJDvVh2Z#nOw_)4SV6>6mZpD0LokLIlw}83?bXJ1SVkgU;xcpWw+Jkaq)rl+>a0%ks5^g?Um` zuAD3&nU2S+6(O8wAPrzBqZ#Oo#k%F07NAe@>-6yKM6I+5yFcS7SAy!%4m$;rKfB{k zJAvh$Wg8VzJX5h_`U1bJP0!NE8q~#87mxkWa&1(eT$cijAew+*Z0BNUuC(WGq`=SZ8-Fu2 zjg8p|ng!Vm9>Bd5W*6d%7EHC@FC{uZ>TNg(Re42PUM}{SaBGR!M~o(yERYh0YeI5+ z(h(PZR!YBmVv9C7nRS3Dq>TS`bDRC;czM*%h+&?^1C3rz8OiWf*vXM<`dQrSde-Ni zkF+Q8(Ih6Pp-FBFun1b4Zovcf+(7*&3+X(g@nD`uRGfl%T2SZVA1Bv?25I)0EsZE< z3Y)XTvpejtQ?**RANSfh%V)OU1W7qjZ1F@F#>29@;fI2GYN0qNg+?7TRA!RTE7xBB za8_t#REYm;baNUPQ)LN0i^x*Fm~X|Fe){A(zYr#}M&NKR*suM^Lbl}}(QolMs=aQL zIISQ7k_PY-mx?ESTY})ODt3aKny1G|prohI%gu#sDhXv^6do7?JwOWCH6gq)x7HuR zb^Edig?M*yz>VybO|gxtG-o)@Z!_-{rP;ha`5)pQ0Fk^y>h1o_hORX713__{`n^*7 z+p4E=oM(J-TSttPR%yNDa^fl+RhB)UcuAZZv47Lbait#}3pOlmwcb`O?yz~BrlNJy zJ`5$Cyk|cxL{+5Y42DyllVo8E##v7=)sTQ$M;DXViO^SNRshbgaP9P&7F1xs!7b1o z!`p>h#}Jy)cM4L-cb*v1GtKxZ3a~sh<>X@)KR>qI&Ua*&9HB2dd=}-Bqw|@f^T>%p zev$n{^*HCaot&{@;6gBW(wdHvsttsfDK zl6r8*SvMLza6jz1yYqx7W@xw3kA%=J`?0gdpyl2DWw!}x_U)~@9NpIP;EJ%X=;E4m z0f*E$qnR-YRvCps5=o3rtWtoY7ynF?-B<}EInzLrgUE<&M{ikO-Zy3{0ECCk0Nw8n z=>F3-J%5z^IvU4LCQZKc z*qGnQXz^F>gd3sR>D-%2i)YyzJYKzAQ|EGAci)ixp#$^7ILy^Dg<$bw#qcd`bhkP0 zl9PBs?Miclj41w-df4vC23n_at%a>nZTtoEAD(x{7iw>)DtcJ>#bWk&>xO4Elox() zVZWEo$X2)NN^w8AKndX)4-n(HH;E(C!H7#wq~PF@EZ4y;Fz13l{({q2S4KuEwxc)X zkh-V5jK_X(S)d4=56|H}vU5jFSH|OF1tq;uQ6BWU6i*G+osSdgGoa3Y~sNK5+9NuWhM;A*rRo&4W;7CqR{=KzG#^b0g$$1&j=!Q@{{bQKbt! zQy%SGEaz2b2HNM{-F}KGk3W@TdOBhzVHc}qiH7}*x zbKif(>Bwl2z~RL{7th|BGmHG$AHs5;KTiPqiKdS>J&K6k-DR_RP&`)hzSQy)rxByo zXno@CyKh;CT?bBd!zmOyA`Bq%6O5Zb<^u7HqV@G#dr2WS$vBtaS2!kou$ahAv;m%zu8~%22Au1{s zG}%>ab7}omy0sPQ2dx6K2a`hWkMD`U98=`UWC(VjSFT+Pk(7oV7C6wYS>$S0KH;$H zeK%MzA;tIlKFd>`)j|2(CT!onZun2Mz*_A}%3SH$|d-WfkEQlb4h1WTR%RMDM;B3D>ujo`5G;J|%|>v%9E9=)3&&nrhnS;mG0@9V z4@z$*%1%1C<$~sFil|*jOt?^`9Z|c-1u?6&&e~*yqQCjlFi%%7j9Q8e{J9Isqa z$6()=ANAHaCuhO9#uX#8-{O|R70@%?nIbZuuIo<07Ln(DyTxC!8}&ZmEwXr&r#-t= zQir?$=jrRH6H^9_Las6=xdise?d`WOLmv^k>bsK*ob@;KUwlu6(gExf1IkP4whoe+ z7k2!S@>LFa^3Z-mX`MXnop3$ibpr5R67Z3luvp>z(qb7lCT9eHo+&B4$WR@xcOg7_ zd-Qc*iov+0*wmYn=VQk0@y_t9H0frOq!W)vuV11pQr8-88v1-NtcsV#junjO|7bp# zCjl{+-GUb%BdWUpnCSc5gMY8*Pv{ajxUbzrva#vAe?jLKB_damKf-h`hN`aw)VA`Jw z9=s7e$>(2Xz0MhA-$Kx}QasyV)yFPx_59QDv*G>TkC~`0ZBa`Ly^S9=1NH5N+`lhQ zF$B?T^hJ3-0ke|B{@*aqa)0uqPaML_^3+n*S^e>kw^ObbKFSUp<*x2H4(~KTFlH121^l zS8Jm$GF>k{`>;EA{7o}1`|0noAbFF-zLAsAgbNVX4E>}v})oBZ=104LtJ@(@52H3lo7kZ zA+h6(bWBe&!=MCP!P66|(O+mROA3p2sJ}4Qo)cgSG+z96j&RHkx26Xq=Y1>x*QV_= zL*0NW4n@r|9vsIJP_)A|4$zOlbK-`-F31F|THdpAf`KC4#IBW|U5)I@|1OtX*xO`LZ45 zBIPL*E8e}^M-uy$1m>{2Mv7mEF;V!kd^(B6K6>*r{~m_fC%_V4NrUVYFEQddsQ?|} zr8tTeB3q43Y|Y204l=5kO`ow42>&WE_PJge~&uK&j3 z|EBz6!(+Lk&rMRka!k7Q0bN#;_nP%^33H&_Y>@tS4x7O+488&)r`bCrcQC{_lbgX9 z6OwvwD4)~nBajdn7M5ho8+2f)m!~9gzL0E`*`&;T*C}Z>_-T*e2hpOy1c&+PMb)WQ=B#!iUF$Dj z?kxBDvk`})ZFOMF=5n+L%YODWW75Nen?L$=$N_6ogJ3{m^Ia|ck-fy~qzqms^WG!; zNv!A}1omMn=6+PLXcqmDvq`D zfMp!l6wg{=eKJ#mP_V+`R3^}dawv1#(y`R;9JwEvz&sFolgmngbcUn< zCu=6&?0>AQ-j&&)H#!vIHxt9k(TckaBWx+|h3)-5gc6n%Oo-T4Q*W#SvwGc@6B<5o z;vtH`o}aMa9pbX}b7O<~Ok|TlJ$o-H8-w_{GK8-QSr2Lh#N$np8P;6i7|V>gW8 zfI^Pz3a>OD%#nDM_?BlNM>)Fje4F@qX|@}pwrSnhqQL~pBcsg>)uI%m4)rnTz`UfS z_0<33-~&XjnYhj;^mr8w|ctg?7rDMAa(sTL>W!~??#yy)}ne$^PYKD?yv*R95D z266*?@zA#N?PgtfR~3`P#AIC8_AsM&VqRss?$Ph|oUkZGX6+rl{J~SZaJI7R1y4{Zo?k86qC!ktughA92@ z?T9t+D!>F}t={uQX97(+JGXX~K@}xM`$rdB}gck47c+0E7A>y&F_4()8$hhAdvK(fOB^<<8>x0 zT$~?}5<5R-X`PKbI6j%;j-ru2?=8hdKu=I4ha^$O_EB<#Px!p$q{jYuS2U1uL0vCE z-~fsu;slG=J!w(yFLtQbh~hsQn4P7(9m&rhb7xVZEU51@32aHd*6d4kf9*u9?%2JJ^O7azcd;ebn~GQ;nrpp)h-OqM5o z%U$>@M`l6rn{JZRf;3U|GM#8ryr7}_kC&kJf{bp!2h<8XfiCfm=4oDW?jd!Fp35>e z#1ESfRQZy>i>CiVi>U|n8eg6D6o(Ezw{XnFxZEVdhNr#VN{{D6)Ey$VgOjB4vo{mI zVU9BYzGDp$$Lo*6qN2pcs!t8xE=q$ZjNyp8?PHP>DA!VER)xN<0@oOs^$b)Z@dUID`q!T<^i2gLwp0C(XIpj+wWE>y*{iO;H&^74%~J z+chYsATx&iIXzY8ua%$>ayji+EGZM0S`AN4==L)7a$|y7@8I^v&^;5_`4bP(v#7+C z85r@P#8RkL9^S=Y7utKVls?wiFJ0WrP#lu&OZt#_{9{6b+%{U8u{_}~{|RQy@NYju zez&lMwl*uL3ohuR5~o;a>qvtl#sagrwv1!>J;gsw*ri?BR%5U6YBx@1lQa7i1d_}L zmt|aB8lRrT69-UE$Lha1*{_Sqg6#*pQLi zWc>N=@DGir$3QJ=(UluVp!xj$5brZvQ>eAIvamxQ6~ig~bH-C&ccSilb#t zzV1Uf`SHvA&1c$RmaKnj$cnI4WJgc+a$!{CMMNlpF)lMTJzum+W)3#|)q|{-(bete zOLZGCrp$2MwGtz(Q-a5*7?cf#&%r}Mw&`1n)6Q(JHQY;vh=IS;$=AjdW85^T1$Bb3 zfEG0j<&)5x@C`+OdRXw=Q|5>bYm)?*33B~nB8ZJ+no<)=uqk@pVaC&8`ttnx-=WNq zoUZsA(eDx;rlyzDpj%!a&ebG6mfpuMIl-^fe|z(qWp1{J-YvUv;B)(~CtR^|ecb;XW`Whhj&KU+2J z%d+}*yk%9v->e(h$4&iS0)P!-?k}a=>Gd0lKd|9?1Oh>>y7qV+7Ip+{69>*esN)a5 zHcvF8k6cHG0>iZ%MbPYvXWl~jOpD!?`@OV4cB6`QR&IE5p7Z`oDpan>K>{j~C|1um z09*3RPPzGn2xQ%KTCo>go4QbJVIX4PG?d_N~9j0Uv8&@o{Ba`HajK5Ke1y@mtFdMACC-w1BlHTOjP*2&P66?>-e#u(~Ny zMO9RNHOvowBx-AT&YFOn2}Zl%#w1I23-Lu2t-4{#$Diw}#VA*r8<|h!(XCA{`Q;ye zH&CWh*+HThZ@<86&|?9WkzUQXF;H=t%gP!5)Y-NbSBDe>SQ*2KV;IwhNHD=5n>Fgi zPPa$Jn>N%4qnDXfMXJ`0oQqL$&q4}XdL9mai2l%7T7THY`q7~dk6|Vzfk8kZ@!T+# zJ5D7$oou1(8j-w*Kaon~TbhGT)JZYCqS)An-}yh(DZ>Dd(~H(EU@MhNV$>MVUZg1b zq}gee>mk>EdV?7e`kmeDo-+_^u@E+Qa-}LPvNzK|-0vBfoXN!3!1#cQY$}riYQoR;c;8t2S`9mMB|3-Z*Mwr>EB_ z|LCj9M?<(&@bWT=c}HuQA(L)Z!0WY9!rZ#jLcIoU_Jf1A@0g%55!U8$Fkffg?Bf)) zLH5nvkH|X3o+%JtF8gGiRGjoJyMRtLMdd0POqu{)I{PKlrMUCzaT?xGGhc+S-!^NH zcGp6G6`a(-eC)N=^IxKv7*E!z{pJ{_(B?_9PY?F8lNWo=F!@DS2d&DIIBO<>5U26L zjg5HVGgF(%jq)E2?;jU8Du(WaN;Xf7(Ly-7PWNMk<*iWL1%DC&1&SjQ8@x7QaxK&( zxAV2>18awPcNf=#d#1lS8*+8W7SxJ#jBU%2rA61>185ZJPX!(9-i#JgzcCmCkBAIO z9cmTq(s}}$j_L{(b64aBW1C5h8*JWU{P}W_od|NXNA#wUoXWFITG)5ds4{}Tf)$J+ zMjDv^!&zYIi|AN^1V#l?v;1UO)ShBka4M&k>Zu?$>lOXJMeEsx`o7KLjlMt&N6W_%7ExCO>CGyl)@<`K?c?pRXh>56#%;IzBgu;lSs7j(5BDvO$5mcjDB- zQkwWdkyL+_2$#O-+3}QQe6^)Ut$gw^L8Z-9uN2>5Ted#!*w28BOv|1$Y+yrA>m?5t zxfT|l13ID`C-1kqAJRR!19-rKU8T?V;;yz!oeAdFT)}U2g8QAIdbOgUYq;?RdkmH9 zCoo|N9u~P|QVc(OjJ|ku7i1uFk)fHPlOCRvFcS(kkESh&fD+hgY28wT-D$~O(Rm1X zbk5kXlRLc^BXy{U^dZG=C@6z7+Pj$dhtj^$sRXEwPw0Bp-J#1gwe!M9Szpi4w4=SR zJ)SBoi~Qm3!QH7Wn`C%Q%%)z=&Pin*ANbEKYAkEL`nTfooNGO0j?cxut<6udMvcE3w7X^ zIIY3U_D{oudE&(8Q$?N;(Olm(oedvh@V_Km6|0tGK5AcO8^vaeXTIRM2Y=$ix@Ga_ zLDlzp`1@O^9yVJWRJ=j{J<61>Dy3;hwBi970o=DJegR3vFzO!n-ukRb%rWu#Is2<8 zSU;4=Fg&pcwv+HhS#&bVMISLx6f(`kRKoL>9$EI)CY7y;*KKi`{`{dwAAr{?B_d*z zV-T(GcwV17ADe%ym2Z6O{9rJw%%np~=}kXP#!I1k>t<#G0b_{=M|azOK0BDCBB9JE zH}FQ&8MVJ!*=YA2JU_UYKMkpYO`KA3%FItYqx@)x&6@OJMlPH=r^X5}QX~sB_^(g8 zOHD;tSY~|?v{+FT&3Wn_5%r!)gd-v*v&{<2P&S%g4CS*Bwak4AxkF~{`oTGygYfih z(~ZV2C4{()VS!baagvRv&$spO3%_BxJ1gxTma%o9BwM0(ZNz0J$-;1n(i%cbOWd}4pAqnw z^RA6uOw~y>&vq3y%gG#zG=!Fv@TYj(F(1sxBB(PpDoGhFYJRcCYKivzP_WS|M<)7- z9KT}o+xN~Ve3xBfR?izZJeF-1YcB}`LzNr^9QGrM#@F~T)!>e?7arGC&XvxsTkw#$kd#s{SoG>u zrt&By6*XpQ9fo)#?ikIVpYbZK*GG5a91-WrGOVJs6!VqtsNN08;?S~^t^X_>GX-WD z^*^Jy>|unKp0bYG3T!0K@}hrt^zjGS5phlQdPHWTLj&!dN1v$-zM z>YumA7(P*}#-@24@TtzbcHcj8(QH2fH$dua`rHtgNFA<+yYgdW-2KEOvv#lU(;1W2 z@%{kn7_W`gM=$!JQyy4_%c>wK2BF>InoxJR{@LC*^?Puh>by***phHH!;q~Q_ z|GP&8F`0pQkqRyCM%!;y>IK_Kxb_)x#hE+Jv@K?oO|84-OdL|lD><#%ZAzf_z_;0 zCXS;wd<)~xnChS-pq@aD}0`CKL%gBbHq9%o^|Y1xQ0bt6*_;J1om0@!pL$FCn4*l}5bnBX zGh8`5Qe#%FBH#Z6-Cy4qBRS>U`Mqck7Meg7{m(_PWUW}%;fP14tNlekJor3}?$&9Z zPMGfj59)`EG@f`kFmZxLuoNjXw6{mDnCrCZq?<&9d_(!6XPWpno!e`yB31=K_v0HL zXnOO``i||N$e9L;_J}J@^<=|SZlfP5-?`2uT#_3jtFZaBF2?PEdf2}$$e zV%ORUjrp_X*d^}`#h^Bc(Ac8J>zh{BX7Kx)O33`YN0YM{GfHP+gA=NJUz%oumYW9- zrhaO5n066Zja#gQz-w^RYB*+~;O?Rgx?NM<#zJSEdE?WL*3+pu>GwGr8>M*9N_d?u z)1q1kIM-99G)5~&2YaiF8x}dr?yGTk#4vqtNrjo~iPufq23}J|iks2p_gZ8M>U#rk z{BUh#aP9V|MA9!h)I@g!@H-Tbc%=FhR7~G&_8<3VO$gufA|4Ic8t6~BKOz)65ohRwVuRZy5 zn`Z2w{O!(lJvE=Es6wQO?xMBxfSOm9C}zPaFEm+@pZfi2qPWo?SApbItXmgCYad5F z@Homl?dP;7@$%R<_5I(-q{mW9zOif@_;K(TmD(A!`bD40zRJaB<%pv=IHmSn2xndU znk!Yx>$nyQ59%5f6stHB4vAv<@qs4nnlPuZSBC40>4)M!-_68kQ5hCV$W7m!;e7Yv zMiUWEyUl35FU>it29uvK^90@&+K`A7vip-L=hmk0?E}wEn?CRaOh+(k8SuV-Q(5-q z=GQMO?cd5)$ZY2gwo#?tXg_r)a}weCsWc$L7s>>S{DK=GWQrE$Cmi;*^2<#z%s-M1XhmY&n3V;BVb-$EPu)IhxH#dPyW_IHmR^|L3>MtF=mmB0R}ta@^%#8o16 zohe7tzm`VqRkKAYEjo2*@wTzX#+}o`(kONc$BEmzP9NBxM^5DwyH(?@*m!J3>{)6X zn1OkD`PKAKDs7TWD-0LO%R5)P=LEw{u+7kJ#8Qcnm0{aD&%_iv%dD(Ms@&-ypn+B5 z&%|Kd(nd{tM@`Y#AZ*ShM+WoU^>(I4-d4gaHR?m287P(< z%5mc`@9i@PyY*uTZ8211&d9Lx@!MwNaro2lc3wvk^R$otoN4ls7)5FaNBeaPKAjk2 ztz1KR>L1rT@_P3*1zxWVYu>u!Ic;T@;FFSQ#ILY3!>OJ-IcPTH^t;K$Y_?WQEk}we z5H0&9vE7T-34i@VUXKTL@1#RfZzrY;iB5f*ll37Z12^X*)+Q3@X{f3Swlc7C^DML? z*5GbAo$~)uDaU&rn74h>8vDVyqSU+mrNF1>Cu?&O;u%fO#dc+TYZj~Z5+7Z=Wa28d zdPqIn263WFQYZJGotx7O_m^1SB_(z8J5rNH*@<#{%}j%|e#SnaufbUV#@zieS18g< z-v>MQ0iA^m(#6$viw(~@Y&dHc5pNAzG_9V}ttKspRV>ilrKr`8as%K$tUc__4|`>Q z^h#0I*yT#zd>BZl5}7unAOo6q|Hkp>Ses->Db_dZ&^4!HDQRkCHBt<4Ls76WN%%SW zMr`sEWuyb~AFr2N@>qTwXYw3IviKgua-nQhaX;52cR~|OI{Ey)d(YY!repa3$JSSe zMHO}Z3IY<+(%sUHbax}&4bt5*NJ^J+NEcORB&1rB~CK|q6f6*45BZDMrXPj5->K$Ey%F%3gF5bhW zP4-RNlZ3Q*5C68I0(#Qo25dTruqnZZZ);jTE^cy3nxojL)Da%iR%CdPg14rOc|JX7ti-M5ei|R z8N?cYk=?|xX2K=GZc5%@PagJ7-2;{2Wm!M*5637vQgzgW*7-K)jTiP7s@{slCi~JSGH<;)*%X$wxuUHs#P;lN=UfyGI z1?@Un)mYg*JJY9-#=4(D*3DRiNF;#SVOi!?Y;_w$>4IY>=;1^Z#oBy}ZIR<@rZKws zT$W5m4YA}nV>Lgb#r%D&iRXOidwknT%|@cb1I-@YGEzNnF9!o-9}qFbuF^)N7vyI~Go}@eI7FkYNK{1R`+|dGHTB=-f zLoiZ}jDNx}PDLDu^`y*^5#PS5kzd2```BbS@8G}8ebFWXSxEM)p`btk*xP|VJ9OdR zlda2Kdq_ANHjXlg?W~nZ_0CVwgbWDkesP_XS6KU&O1k#(d`PZk-C^V+z_*N6kbVOr zk)wM!r}Tgyz1^`1=NutHFnR_^GF(O*@U!Ao7>|hqK5t><^VlJl5X1Iwlx#bHIhYKb z2&yL`FVxa$fiZK>k1c6KH^U8Rm?MUB;j5|tO{a6jlpq&Y zQV>0YhwQT7OSpB>7RXO9k4!Pg9l~@Bn~;Fy*_&tJFg--(N%xTt~N{Qn$hi>U*RHXISl00rsx9K!;B!qfl zE&N0+Hhav2l#+(55Y&R+4hRou{LQ%3cCwT6+W>Na7ok8MiFJT!lg9d)|LBWP>qAPp z&5M24qU-8O{?>?^mtst0Kig;}GP~91ACr%jKSNj=%kA{Fcj;02{r176-Nc#4!Lw7&-0sJ&zjr90V1pPqvG>locq{RwLpc zT*7Y;Wg>7@bHkGdKjM9sxwgEgkol0uURpqVn1T1nw%D5POqaV|cj0}fZGXlVpcoDt z-hR*=$oLE7oT}nquBMG5Pi%7>>L~4Oc-=r6pcSLr{5zb=sH=S6 zCTHKzqMAINW_Pri^3|U1n%UVc4jLfyY%ldiJz_y8)%9>1k9WvVm&>pYf|U{v{ifBH z#(!K8+=Cw}++Ky_E^ZSo64Qs}o36{v(p!QkXK$dyqmHC(mZquZDS1jk?>FWm@ES3g zx!KsJ%_`ZoO}u6#1!-FDcZK}Qt6359LKZ+57lFrvCo5^XwPe7!LTkMHt9_@I<65TC zFN*Cn+s`F6aysD%20G()QiwE)dtRO|D#8xmV}!ukxT6xzRb-1lujf>CY(-gcD0qpVNGOCrmcPj zPOh4`^4?9JC+@LQPAj`6o1w3v1HL+|Rh}(|@QfKj-a_B7Roa+N4*D@?tmclHfF}X` zjgfowi&gJfM23i2Sy_n-D<{bId_HX#vbI?cTE@>v*3JfX7Y_`n19J+m3%u__{nQgg+NEvcg0mpN1S(Lely!hvuB zq;fq%+U`eV4Sr6$OKJ|ntrb8gB(+*!!AR`vJN2u}(q9V}eGP#om0IzxcAMq2!TKqo zuymMaBYG7r&~#|kihriu-k0mu%B80=RS;oNU&JrK9#H>yrwpw&!_wf<9SF`MltABo zRV+4t9bWunL3RyH&l5QuWK7^UU>A!&ymh*jX-||w`cXB*y@T+F(~)s!_`BC?%Z(t)4DFN$-GI+AReY) z4@aEfSw`RA6;6vy#^{q>Mje~4+((?;OE|vY8baQ_eZ(q99BOP(Zm?FWXUcdUn!Gxg zX`c-}7+u$+nlD&b75GM}pjpJT8~WBQvrZmmB(xwJhz16mDd|;+2$!5bk(jwnqOc+I7<1a5RK08rJCCL&nuIx_#(xlIiJYndr)aAic$_Y3h z(Nah`B%W@bD!BJUqYRgDXc91%xM%U$uaCUjhUaD9n4@SA=>Cd+#C%*|#WrWV`ODLV zcA}2@_jFp%2E}2x!jj7`!(}=eosY;A3itIr7ZJE>%9kd@W#w9}s_G0rZE1CePjuWa z2avwgc2SF1Gyok#66bmaueBfIVEmHy>d94QWP+^F3kK`QMEv}t z@QQSw#DE`(c00k22S$I~M(3I3C&Kr@6TkC^IFjZsC}dHhm>ljF%&X&}*V0>%t%d#I zX0d-&xgXB*rJB}5D)wM=e1#|Acl>NRQ?49RpgL+=}pr= zDkl^>A41_6}&~ zQnt?S_VdA<59Ek;)!gG&(p(>}Jj z;P%mAe!6tTwEaq#j;51GwNX!A>L;Y}QQhyV1{qB({k39`!Z;syb9Df+XVEh_(qEGT zjJ(DmuD#$Eq+_vhek}-|CKDQI{I^>pr8t1$dLK2W5sm3^j1Tw?#|x@oixeta=v(oX|c+o zvBCmm?4=A8&5A{f9}Mp|A0HGE)nJDJvb4}%DEtWTFYU@N^crs=A^LKFt*pGdT!?CC z=i{d!)BIRWV!t&mZQ7_&@D;tV<>ceJ)qHdX6xz?+o9{cgu%(pk%x#v#uIn4Bi@(E~ zylx3{1vFGQaY`M9I=fWWqN={ZDB13e4fW#;NjV*VN=)SEi|bKSp20o-$aMC}Nvtb< z_XOy}n=l%;t9DGiVx2ks@j*75@;;UX?9P3o0DrCcXbdEuPr3GcW%b9`rC$5v>*&*U z9(FR(8Y7kZmGDnY)dJ-j)gdrQ86U*2Slas2gY}b^em%_zEmm)$;KXL4)Uju@PfZk( z$OhD!?OFqq`S`zMDHv~H9R$QKa;u@fJRM}Jl*&_?GKYLMNACv_M`O?`&8^dnC-CuL zO(`fpSxoQkV^%hPzYAmrCYLXG01wWdndR`u0eX>9ZMpt^(;?LU9gI{Mufl?_dYMW_ zgkIQGUkz;#J>;j{8IJD$s`nO>JSSaxZs>6H)UI+fBKGPk$3y@~L5k<@7y_<(tM5f6+)q|K8x)x#ZZ-4#%hz z$SMt*bZQBfjxFA#+O<)BQVcj{)0{A=Wwq+Hz$^HJIol<_dP7m1_9B`;x3^ z;9g5i_aVdpZLOqcewIMYp_<@}AX;6{Wwtxry8xJVFu=|Q2j z9d99t#i-}>&=!J5L0l(*vBX+`%9IpI$YayM0HjhyE)@ZVG+u=f?Hgtk!+s+?E=&nCsfq^OLxS@uDW!1!>$H-lq%jgN#^Q;ouE>3yZbl*~hxxM`DHfw}9k zhN#0vcMd>GsUU=&_TAK?;5AzOn{V+=wVH$?c~IN4a$EqYN56=@L0qZ6RMe{XEEPJG zbE8LX@A9WQF#-bQ>oBze|0Zl{1&8fym;u7EwO_gmP{=EOxINzQpHN0pWp(%}U^!b? zFp|X!Oh^3bP!cyVqcdiu7DTJvR{UA7ewx^Z_oG@=0!r-HSLp4E`i7-G(a8gicqS#r z{4qrrgV6oOZxKenkScq$J@u$LMuQHdQldgCz4hL8;{xA2Z=Vbbzo?r>z&FL-1%g}-7t=!YRwu)-Dq%TPgoK2qBe7y5 z&`H0Kr7cQ6mmvl1<}EPHRxBmo5Z%rE{K-8_ncj0SLB|`5(*s^KEJ|A@U*jaowicPq zl@<2kSZ^U>Y0@{bs7K#wcOT@<-Hs&92`E4qj0u^uHIvXP?CKSZ8~x?ZrpzY?BQM*G z8veGcO_e<6?rYK;b3rb(AH^=nRepZ4$)_}PCsIGkE#FPj;V?UT&o1vMmcDZUe4@H| z0|6H%ZDGZJu&~0-LjX8^zt%EdRe(XG^JsXzjaEa0_i;eI%}d*Hv3XR2N}(RsVxzz~ zCU5g)m8@Q~d#vtUGy3`Acetlwhuj0{7(8E1tuE|Bm&4{bE-R0R-Atc)>soD@?#i>Z z5Ijv%(7H}jP0yE!F1R{}DO<}`hv2DAc$8J7BW-!WM-z+` zC}}(!3#{I>65wD^*2^geJTAKMR1XE*-vBZUcf(QsRfe6BMaT7FUutBR1gqwGD9&1|E*@3WK7@pRsy0%K#8399Zs6uKrKL2Fr47*s>MJTg@(H*RvjMk- zCbdt^21cVU2cNYB3u6~fj+aV9ZKhIPbAeYYWg3{3!K$E95km7yy)hL6W=sZLe{c0! z>I+mIBmzcJ37KMzsE}5zCAZwO1w;fP&s6aVxAdbQ#yGRuj(bm7RsIlLjhFA_PY1mLtWvjCP*&OhJ1HMqNF}ycd$I3bygqp!UKJX??3p3N0A3hGieQtwkR_ zhotqXHP2;YUlVuaYi69bw((jFoNaK}1c~=WL61iWoGSJV(i8ZG4kpry4<$TGBI4aD zTFxdgL=p*9;PPw@q{nArhjvi^HaT3HoArpGGmWZe`A`5te4llF=!P2C`X0S)O2~FB zdLPg8dXVLu*6W7R;%QN{>zubA~v!Vq58AYiB7M!C}&iMA2v?0^i@DJJc?{B-4^pPvWF0rMmbHA)J~NT-8x2; zmM2yI9!!Zrl@G}DKAXDg;^9aPE6M>W{1|H8y$yQ( z(_o;7fXrZuX8%$#)e;ZX9PNO|%5(z*`3WT-Az`5rb_%W`1g4T}6N^0~Tt7VCl*4gE z57>=o(Rh#0pftKqjwes|H6mW`yjaUM_+8Zl%6%|nzdOV!M*LAYQ)fa!j^ePe_?gY} z%Go^Y^F+TQqEupbobnu=zVqFh^uyCF9?(X?e}OlZS_3rk`1$)sgcTb<5;j<;mC~`D z;b&dV0JN&sG{(Zp5zmx~I-+Rn0zd!n63!vZ1TLt}`?23g=?z0;N?o%IXeydPx7n<| zEbRl7P6XIq*f}@RV9y<>Qj&dqkP6nXc&3*0whet_U4VcwD0i>Hb+|vZi_|!&w1H*& zEpT)}Aj&8(th0{Npyl^%H#AS<-_pagmAZt3=?Y2K0z~zj$*N=yd5xbiA=dN3)NJ0p zXq!{bn|l+jUsf|r18hP*U(=Up>@hg5832}v^T8D~!0`Rvs&na014jHps}Xuz@_S_z zM(I35Xnd)E%jyUImUP-n8TP`bhi_TRwWdkht6MFuQ*5RIW2F^%bQolEqnq;q(4T@v z9xUPg5TU&Lqc(?vE<*jWCZyRJ&(IN(g~j_`AZ0+5;^P+#`dCKc5PewrRCcc>G3a4H zaO6=uqf;Ap-O&i1_C{zob66QiFz9}t3XM;7*{ypUy&QD@$z4(sHt-h$GYKd=t=4@* zOS_vf&Uc1%M+098)aMdJEuS`D$6!F|9sh~vcp0m|q(p?Crm0Kb^I_UBj?IFU9gEd; zk@R=T@ClFfqcDY&c~thn%pf(!^|$&0V?N+{F@ahv(60&-4idv%*DPeBd04r@_UP&c z<`|xt=o_MG)dD^?9Q$YbY-|6u(nZ4n8$Lj2M!2!yZvIgFE@ZNv+foc*usGNagGJ%` zpA1Th4xxbE-wcT?8b@5y&7|u-Hi%@$fNSPm=PmJ}y-vKrS}(Qt{yJOC`rJHn%Ri*n z_`CYl6Q+4A{MwaR(RB%9+ETMDyNv6Mhe%ts~22VW|o#$!&w z_Oj_EAtBUUxkFEtGErTYI_JBiTFxtuyK+s(jD^%kAIc-brG{dK@7QwyFVjjp5zf#=wtL)`8bQM!X^3GR%+TRbM zZ>VE`sM&-7r(Xne)984_sk6pLi$$KHS%)A~Q+<>(XQ(XaYV%#RX7_U%cDtEG+Z8rD zCoMq400+J)XRO8}R;nfw64FRO>wL}0aMN51W`W_VZeu*5Plr*6jZ)(X7^xx-IKIkR7pf5!!5{fLN{ z8j7P9rcID9@c%B45+_W=|JBG{YM#HBNd(4aCvc9+wYYeD=(RMk1y11Pf zC1a_sL?Q%@D$8udYbqx9CB{+$=~VvMqXN<-Ykvx>)Xe~>a1N$X@Xb_eC)1pNvSOtC z(G!NHj_O7F`5YnCbR=aa$3zNk;-pn#f4cbc>TE)JaO8L_lkr{sn$xXDM5{&Ziu3hi zCZz!MaErA`{`qk7a z$ma;R-?Xq)S{^QvzC3r$EZPt(`VG&usN)^<4xUu%J&6D{wS1r_ZmQ{0{UhknJzN_z z|17ZWZR2Ped{lKf-vG`A)=qhYovz^iWIh{B|%8MzmWrhmL=NPh=xE;LgE5l zyRlh7A8~sWW*PDqyDTpZ{$w-#3iz}{=wR1b_G)|OKWLH33kD099uYrJcomiRQ-D5- zKR4LGdSG!GRAgTd>DQFa!Y#bopBe`We;y>PwV#cE;uL;5k6Yk?Zgw2yF_ub^psnS6 z6>d-1UoMwZE@^re+&Ku0Qm)$Gk2PaJpN+fUC8TbfV|vw{#!q`f%jFt|kvk7+V7%IA zP3G>XTMu9pj_avkp_iC~jK3Be`dijn-5M_bv|v<_)Xz&~d|rQ0R)%Z%Y&~ky;&n@S zLF%NwazM|)&VoT%ogEH=FxnM(IZ515nbvN=E|*$8kF8bOr&()~<^NZGoG0?iX1cDB z)J3z!pu6e>7OKLx=fY9!Mor3YFpQ zgNtm(izMbv(uli~M#dLG$(JL8>LtF59?v2OO zMZUmChuDB$1`h&ajtn{<86&XSRTpls{npa@DBaoFUX7sM#EQk z1FX`&5vCS22XcXaK12-%6H-#zTR#VG4(7 z5~&~KnZAg*CMqU}6tQKY+>g)8?P??N(l)u&j3rAoio!k0l*nob<1_7cM6Q{^iwgtDLk)!Bxs^TWBubW%?WnFP)w zOk(%SUAJX6N;jMzsX_?{3$6K|b735Iw}*VD|2~{=nwO0?$!WszZwfYs<4jH7&?9Kj z*LenL@CjpF9U9f&Nml`8sO)TCe>rLMMl7X}OW-L(pUHt>J^{q7RyHg2bZ zG+S|Nd0G%cp-& zt`D4M?;V7g9#}f#6|2zE{P=cE!522_>a@LbzpKZ}`SDIOh0UXlp=wy#xIe}5{Jqs;q7Ce8s(~J zshPw0`SoGA3H>j;boNJN6>4-FU2?N53hhR{p+0|7%QKZ}?Hqtc=IBNxmym zSc-t$dEv5GWKkK3e~Y4F#(b$xd4!s1qqjR_v|9Pf;OCd$&i9;qqcK@;lgR@^SY@-g zQUK)qgN~3}^{GFeH7rF%oKR(0a8GN1M*lhN?erGIMTGMA8$=7ib|gdWcK35>dJSVz zbSMUisqDAyiq;^#z_8gG5AV^mWQ)Gpz|el^Au+1~!VRp7?|w^h10vIxeav)Xjb}!j zq&|o~jKYtQ+_AjS;4N4l91}7q9#!dI`?8eEcDpR{ual6#mt6M3Pk3fdHYbRMMx`mb zO0vr@KtJh!*5h+ z2;9xP3gC>{!xOV8n}N~*zV4+4u##6tYG_zCH?jGfB1bsYJio{R6xz!Q2r>zI-GvpB3~XrE zbyG-0wA5}Mbf7hs+q}mtvwoC6=r|BwA``Pb-OmxEUlj4V^zGhSi=QA*>LSsJjBB{Z z=DG*%>a90n9+)lEnwqFSBwqDhr*hZdpH0)w!2_EZ5L-VPAuqXrQ-JTbtoComiD?L& zeFf}UfS)Tc0h|Wa+*@!iu#p<|C&67h z2NB%h&^_Rl*$?@T_4bbR)mQ1z`VpdE3%H?$U?ZljX)E-AuKa8+oJpSU^zTZ4)%=>jG_0+usR9{9xI zF7P$c5@|2leyVBk?uGxJEVj-B|3Z^*^+-GLcK^! zgYnnN&v>UMhNg`{yoCjwJMmS&;RB8P0OAr3pax2 zA6*yQHi-dpGMIgsBWon=D6fLFqJ@dVc%$SJCN9A#g zSh+`UV5ZyNeO{IKKZTR<(^j#;QgKp1ew_6g` zidjmXTge|g2;44TTS>hm&Qtdlb=_}CRgyYZ4} zD#EB%XRrqb1>pn^hEn{cP&#uj)Zfm0Y{BsF(m#PMGw|!yq~Hz>-~h?(!Xiha#?s=~ zhR^@r_xkb`?AAr7h?kMsoaxTyTCz62=%(bsT6&uJUEYLl?7_7Ze1W2FMk#Q@snyy~ zf!p#VU1e@N`IK-xy0P(7pB*WuyeaPWU}J0x+LwKpA1xz_)>S)^TZdjRG*!Mwz%*QT)Ea+6DIabn{q zy+IGYg5nKwl>l_W+2NcWKBqf;dW&a(W@e?%qVHVgO19R>O?C;H%fZ%9M~8O>a{58l zo4cB-vofbsXIH$TNa;Zu@r*U(4KvsQpQ0d62x7RLxa({Ln0}QuXnXhNZi^!I?S(#Q z-}42TubGSKhzeM2#KE%aOi?#GaP09|KCGyBpTnUWK+1lD6SalZ&M_6D?&A!Vzq$4a z!hkr%aJb>-!lviB;ObRTS)DkAYk&cL{?8kTYfwI(VB_)Rn5sJOx>N~V-07%yFC6BD zD)W{(j^q_R3soUY-~IXTuXo@>q-;*;DDZqmKoS+tEL~J`<#|>fj%f^Ss&REkJ^KF0 z|EVtbE(wkag0ce&xG@HhW^kh4$uh(k-@Gf2Lwq9KkX%zQ$G-gjLuWE4-pNR;3xA_= z!|ObinNC<#gE5t1wkaj_n&Fs`GIolPHn{S|Gjw_Rk7u)v65=@Wf5b7#Dv$?5vplTLgxu`2;^bBMRZr+Eh>E-{sJYTei$p{J5=UThsqXy`Qb)QZxZn%}WV(-47DZkaTk~n8Z zhjoLbdxUq}(jh^I^?_^&91r`m8xzkcARv&&T@7J7p`-LuLl^4Z(#le4xu^v2tM{!& zrOdD%2*L?YO9>va6x^=Y*!Mbov0Mf$2xSD32>(Xbz|^V2;3~@CjOqfvI-;F_1JG;BfL~qJ(HPt<~ssM?+Nrp}nlDCnQ<0n=G17TRe@k z0jYMkqANJ2HV>)JZVts*;#SDNm(Tuck1N$}P%VcHh_$a@tl42m?1cIq33-0OL}l`t zhv~Zz#k|(XjiaQwNV{}!*&^>-;T7L}zK@;%J!#XyRtu%$n>?Nbq{~~sCzVpls zgg*!z9qb<%*vt^raTnK(#*tO7TMG$#`d+t3Ez~r_qtRT0+4pGl|C=||P$c)(!ks1@ z$uj(ZP|g*uz1eU4pozhb(GPtMv+lRpDVS6BhZqNl6stgr`cSQeY1j#rb#W(O3|qFT ze3`(o-3HvOzxp5GIx+-&0r>y%vAU3bxg&?@vMX@6qtS7S9anhp)e}ke7cau0wxK^xl_vZCJpuZ-z{WJg5 z#Tyx@tx{2|iA=S%_&P{Tv=PsHOCdJEDzKl z9hL7-qbB&ACmHH?DzNeVR2b?ybo}X7%6lxH7Qqklt;63@vd4$(B^}Jx!@QkQ`oXLk z+f|QXWFr2G&VbU$08etdd6tZH$4h-ye` zg&=txaAuVjc^2jxIBvxK?q3oQ<_51&GhKkbg>!(uNqTIVisL`95r17+RGwk;;Pjov z^)h><&r|SN6pJ4B00j6J$p{{IF*@RiR`}PwZE2V(==`_fuNk8rDg{A-PT7UG`cWJu z2rhfF=FQVJk2%Tp!D%ccUqC+7LZ@+bkqUpo!+s<76D2|z3hL|-2b_=&4oUbF(#i7} z^qAYC5@nR>I+kV=F1uMIsm*ZG1kjicpC|PLa(f6vVu3~Md}qY#Jpl*7k{iBCUc?@i zDotWn3C53n+i)Df9x-QV^h(sYGrc8Qg8>51AovZOzpdV7cYJ9hg=vW^?&s2H-F6!I z4<#Y$mGnN?E=S|oa=0^svt>AITU)^$9mG&Da1hhS-_KBx)17uJJJHtFul8)Q`ODtX zBrrmtxkE!kcXoC{2!I}A2luAz=+e^D9kw@+WK-MT8~2S(*|sfgCax5&?|Xazif}QD z3#H~(brz~bQnBQ5f3!dAlG_3!vauho2)>W$%QEgX{p9@JYUia=sfUC!S%~S!?8C{; zEot-1>z4TeIVIpS=d=JaBp>Kx4Q+OzAxo|578hpY`h!K9KdQ@Tf4Sq$HMmz;-un&8 zEmz`3JY)kJTzCBX@~jLyk%PbhA>8v7_32OF=5}c#%#zYiMO*h1t?<}<+>K5VMw7uL z%+1~#vE)fH_I(T4zsPC9+qAN!vo9r|ajBIl#UAe*CThK8c+uf+_`D)52V;;aWwpL2 zMvEI&0>{X+O+thvGkB|=8BwhSe0=`2-$Ef^*>wQD=i5dqw>YSjH4WcpJGrQPf99!u za8ZP9PpLYS=?qYKWe+jwU{so0z90_tFEzrp48zhY{Jj^LkVE}DguhVx6_k2hX z3{~FXX+lD1KeBJMkC!DjLI;3(DB5a?wyWO8)YS&B+K$(j@4s1@2aPyPH)EnEyULiZ zRV{j^vec-;fp+hcPQV&%l=1s5x9|`Zt~p^bOh#>Ax$z1Tj>vG-U~uo_5cz z&h@Tu6`}Mk{}+j5-h@DXtJxD#Uw+jj-~+LtTv8=-U^-bymUoVvZb2BKvb3!x+t-{0?Oqa61Ep3bW|}T6pG9 zL5Gp?kW_89;Uo@GH2QMwc7zPC$n}GIp1X@}o{OzfKjFX&$%GzCIn4l}w>+EIrEW!P zwXNAX{M7AQCb2Mxa^dM*H;Wp;gm&E<)iz?hCrv#x&H zW?b#Q-cDL0Cj7?vevtm_--ow2tOY{xH2LF|3SPfn&fqX;8@qW7j|UYc83XiygHbSi z!F}QB{^(SUT|rI^=D#ygJTsZ6VisFE?fa66+ozB*jB1}lE`oQ_*% ztLC!gMCUG-i&5`wyWcNmxCKA4bxdW%hoxW_#ldxFBs z%pb-X4RfF-$7>9AzV`N~o|oiZJz#&TRL%%(G>kcgRDIY9OmB%=JKx;>%q14K)d?7= z!}7x7NT-4Cah@@tR7*6_>{dZ2xBhKQk+U{`4>iwdbW4Kw`s_*g-*>%tU{n(5_rne8 z?Q2y>t{7SoFcgp|=IxuA7bDsgvJKKbekn)!15!zsaOF!0aWH2#v@ zSj)kV#_dX<=UP__e+v#WVivU5_#3)2?tr#YA|$z!5{&WD7Eo&y{CT zc564;-(Sf2cU5Xs8?6Bym$5VD3FXTaBnjCyHSj_+335)+Y!*2v2<<>kHsq&+k@4y? zx_FOG{xcojOs&ZR<$G*SsY+@S_T#Pv`dC$AY=vj;0GuOH5zUY++qQ(m1Q_ceccfGo)3u_Vp4*ZP;PR*~lhV7hPKN&dG-~ntkca zBJfwxufEZ$<+NqcN^9QD6iG3@zub#N?CQJv<6)KOFhf6-a;d&z9)QuXiP_{yZaCNZ zL~DQZN0qvj*)16uJsl?+hQ+Y*CL(H4STw1B(N7bL~WD6#90TxKmC~_4tQyN zVMPEetMszHj~?&T?7U>Go_7uTf2iTRbrw)~PCG(Kvv z5xJgfeAKK>;kGHRHu=m8H^7j#9NOYWg!2J3Are9;Z$dqoX4PF|8fLiJoJ@iVYJydd z5#cQ`T+g|tT%toLaoj5LtJIGN6~99`G)?DW7fW`OJKsBJ{jnXbTE*K`o2`=E8=ES0 z+)YmW_x>``HEzYBFj9^@G0>#sG6$vH;+=M+@9wBrFcqCqJbH<}zW!#(*BWuxn`z24 zekV)i1m6(O@5caOhW9?m%7W?Gnc18NygBw>HT*-=$cx)%W zxe{Z^Uxe=TLt)W1wH5a%L5lC4r1C!wvYyq}8H=J0Q2pC-D8+C^x_8(8^a2~)kGqkn zFu6JQl}>U=ZM&}mHaHx-TMy_sqQj>b1Zxzmi7iI)BuO`q`@M}I4W+>ZN2J0=0UqJI z%R-l7(h8Oi=YJ5!w@5TA&t7R>@3EJ3{j)TEVr2Ik4`em-8d(C&uitOiVPb_L)*l>v z>W(IvpBObBWp4hW`LQuK@CCyjng%V-YiWot(a*NfA(Ehi2CQ~+#m9Pw7ij6rL#H&Q zz6I*5L2hmVR}jGGtI7I3Tj;4>vFHndyH`7h28rfsvx|3BRkI7;_4A1(6QWpbM-Y_U zJ;Ka1x;W0D^Y$c?e+A(H>HIdrl7mEWm*woqmye~S4FBv2iQqu}cSvcFP4C#Sv>J-S z2GHMSUFerPY#-RjT>wq$o0Io80AnT#ib^XE`Q#c+CP9fWP@{(SOZTV!vIa};`Td1i zBAtfIDKq3@AT<54K`C>QUO8O?ph77}o;y253hPUm-2b%cioD0dY@N(w4D9H5DR8Vg zJG`|c+8WU($ZY@0nzXtoDHEuVK^xbhWvFX=bmuYoWLQDy_(SRzt?81SwWza`jZamA ziA{?9vWYx2R5trN3J7rq6?BZ|ZB6zt==;xr$Uy?@`d>L%g0ktYQQKcn*UX|VAbh5A zgife|RRX#}0rIfia|(-`zKZ(Gm%L^<@DC9s3jco-bP)=O-C$k)?hmmJ!hcuwqd2i| zm3!u#&`%%dH^2NJ&v@stK(Td)0x0!qXa?0*FmeHjlFIWE7C(iZCScy78nzyVYcrU* z+ACi*B+n;_Rxs0pS9AiHQ)ZPh|I3t!+wFQ>MT{`*KlD8$*B>ySNt_a#h0C$Ry>2tt zt`BcR4};{5x`QLrxLExMe|i6f06j82^T$oXKtu1(SQY7nIypGN;Nah14@nGC73N-R zmz)B$-!X1LfriRz_Pr$W`?No8m#{X;%@w|f`P&P#0AZJxzF%Ag`hVUCqf~KiT`AIC2Bw!)3_@yFvYn6-#=vYZ?45u zN`F#Qni#V20)|yvYlM2$@*N)w)PsofgdG*-Ma+%_TH$&?+xWI;yY#A=VE=* zsns0s2__Nwn(GBK9%txM*05>&X3xPgCyf8rQ9iP>E3V3Qo+Lp3SmQ1~A|UG3u!+e4 z#{^@*nanR+#c&bo)uo?!CJRIF#Kiv*PSH2ubpAvJl6b$dii)}>zd^|YaSdjgrT$fI z%;J4rBrOf9FWx=$CjW6hP?F*HY`Zmy?ogMXGJ-S{!O%_7_($>(MXvK(zytYwBU^yz zohco1`JCtf;@oN%-&6{mmE@cxvu1qOMCtUaRne)4IC*%o?M_{bR7?HH14vO5ta&$q zeuw$i-H(*A8d_hxD_7Txf}fpa(mJvfi#%Uu&>R%Zt@Jcif>Zy_O{oiLhh zhIsQ7GU4yxr`#piGP!utOY^Y{3xL7Dw$c@&J!1y%9HYC z&h^ZdjQJI7AHFE`Se zr<^P?B--AeVmL4r14x+>zz!(A1QUKC5$S|@T+VeF-#NF|1tRQr5}tQpbADmLWLz$C zTUHEUURMVujR;ks4`6KQW@oWub;;bte^TJU=dMC~`!0+h{!q_xZ>oj<;r8&GxSUt# zZsTWa`of7Pazni0a>VLsxl%8A>0PWbdBe^wm)J1r`)2w+gTtLB$rLu!ho-2+uuu0= z76XB%wV2*jFC9{HS^$4gkE=Dxe-;(`F+TVf$Uk^jIGXm)jk{(TTj%Z`XLPFK#3O5@1P3 z`4Cj&^Zcl~IB*6WWfw{0V(>#JR&x5oSuG@N^HD5d^!U+BQr|b7i>d(2*9T9*)kizn^g9j z8nMU7z3z6h53+!P$OLiu3S^`K`ecBJKU$o9{OJh)UnU|;d<0wOG!hOk@4$}nxOo~l z13|>L+rSToqF3=1nL5nfcI!a1*V4lo9`aKbgBXu?f6nKZa0f-@oEkvFFFfnUoZtxI zA?8PyCCL35O_EE$#PCioUe_PGVW{TGrJ^D1Lf@6)~b3?TM++mt~d1P+>P%o?3Y5Zhg?GubZ><3Bm`H9eb3B`T-`WI$h6e_qRv5}iH;L9}RVKSmT1SyS8Kb?mipjqjvo`M}{g}j{Uj%^p zWMSR7{F>sxs8*Z`Si3J<*>ny$P#?*=o#JVq;3g@eD~!6UGUy&zpkg)wQ3k6IiG+m2 z>1BzY(`PRNv7Vx|#Ftr}fDg=ocyJs}Z>0I^{q$h~_fZ$a$qZ2fIPUMTwnp8!-=H_!a;gy)w+e#*=ieX96jLwOnET*|n4Fov{Psc~&REvwsd1)GN=`PD zyIaHMGp{$%lspPr+vIKHjV;0toO`1r6nn>qxyfjXF*{?#yIK>H=XYaByxs&BdCu@>DYHdJbVS9RrZoH&}}J*YK4#_o_0U7!a~B!6Rhe-IQp@ zRZ2%Jr?^2a!}W)NjSs{uGB~20=`B(2m%BcDS~bKG{^Q91d~#oVN)!=|dWDTO(kCyX zqo_i)U#p?i7yQ8)L={?iax_1C(Z4CqH=?BbtILV2fbT z)OWa$jK=!^DwzJS62RljXSZ~+QX+?Kv3Es)gnTTR*NTYC@dMfiSLjG z9;=xw8BVoklO6}e}~!G)^2?c{+yUrjg7Hpr^uwpgCsQf9a(WysX8sy;OINYO-a%)1>tT{P;jmJ zSRU15%{De~vkx|vyq+M?uq-kS;`+fGQH6qLE*ZCEa>DA>5YFjfO+YEH z7a+Bfsr63?#kb7ouPPkP&LO3C`^hDKtTGVcA0!gs^>f@#U4MQ%Wfl!Y6a_+iP(+e1 zpI4OCW}@sufnS#+Vh8fx{%-y%PULI7AqiZo0Q>Pvfq}notk=i8 zi!LbsC)aggLo7E1*85!~jD|2TP?Q(keG=wOSlVsg;iW?&1<;wS@iF*tEpHD*vD)$z z_evSn{Gc0PG;|q@^?$2Y9x8qn)Gb|pl*Ah^z5SxBYE^N4xI}oep&wsjW3LIDBMYt7 z!q1??4w&y~xqZV*53vwgrZnc|<6nMuG_Zjru-o+<~7 zh%ZZI=FE2sHDbEq1XB_h+&6dUPGTwasXN3`XV3BN28fS$hKo!iD29Ax=C=ue^^URy zw%(6~zkO&2<~;P)?aNRohbM64Sec`d^TxET)nBsNso^P8Aq)G9FFRb#dmPJ%M@7)1 z{D7u+tc_ujlNx}^oq&Ay>0IfmTqookua{xX8&l~$^6${m2k0m>$XY)dd1J|qaHBt_ z)^C@K7qo%s*eFi(#khjd21rlKBNG!4+q4Z#b0$CLwnGA11N5=RYscl5(e2-`C;J4+QZCpY?O-^TszR_93+=| zYq>ec^DM*5gGrC=4|wD`es_^~38f^YQ#zzO1?f(aZb2HPyO~IL zN=gYR-QAr6(nupnhjhKi^zvG3J@@zhbeo{g^E_gVy+&&qFXR=>wGZXRkX-V6G__3= zBM#d|P0dQDDv2>&)kFf%(zL;@nG`=Z==y00&4^eUN7?2QEE_{@MpoDEnUd>%2E{*; zgxwI^ia#C}p(cRCtV{28_E$&t$F+$thvR(@A1R{#!5x1hf~HU+ZPR=*-NkUGcAoQp zIL-18!XkYsvv^ERG($@8B`-3DM3kdOQ8H_3Z!m7al*xMZEb>@t;9M>}LIHJBvoYWVLwkjV_JoXQlh5FOl z_=SA0KI@~W<%joWi(X;IF-U1S zNtBYg9_m6akJoZ^dwxm^`hUdq$>43o73x&|NWGLrOhRIRaqcs0P_AxHm1Lo9a2pLf zTVW#vobVAy@wk?2ktC2l0V-qXVD2Sym5I)u4~=3vC|hO#%+f`qQbr zO`)%*`GX&5Pban}y#L|xX#j-Rvsvr%UArPxexS@y{u z)2-!rGa7(KLnby;S4K0WKBStf=mx+amwRkt=gEJ>&Vala0?ZWQu$lbjyCF6*gOSZa z94S!GqtK~sNslV@kKKk(I20n$<>o$0gXu)YIudwygsnYxpOFijHmi_!G3 zk!F=kL63k~bzefXn9@o|ix~bZAD_Y?gY5SMzSQ`hr4Pvg(J6kL@ZTA4!;om*kg(1h z$qQyjE*1AIH=z7sHxKrzO<qw@T++4C}d?Y^VyIwrk9B4<5BGHj3{mWvNPf&Y_IotD`NOmwM{S| zET@Y7z8A&G?cM{(rekO~NWTFrwZHunw2$NZl8g{qBQ3Ymu$7Wc9W|QlV{}^H-1lq^imdceyB@bAsoGF%eTF^KO7^Od{-@jkg7{Giif}URbBiMMIW|D@gW}(DWetkmemO-HvvdTKe^ z{#jk0ZUX1y%Y;#zy>J}fwf?yotrk;S&1Y);d(bTdUcS{-k|D_A7&C}t*N0mgMNpBr z#7WevzExp-TdwY>~={ zD!`1%G91z0Y9eyKB|Z+Uv1{q0?LryaftDo+mb~EX5R4u{)bpuu9$a#iwg^3RWaQ4F zw$ikvRwG&+|7Bsggq6BOkHzHYgkp$7YBM5M&#NE8Ry!N7 z?c=^-rt`W#6R2ZqFJ!9{+2_HDKxzxa841=C?dJlzgw?Q<+9C?hnL-03tR7Xj77C5n zji2MM#VA&f(PSnKiAc+jhI)k?cxgb~hN5Cry@LfU>@6G=&Khw3RAVy-a7(^QGx5@9 zwd1>+w$>1t2&dg%eVKfnFY?A!n;=JyrZ{RJM3Rmvmza7=U?Jo72YGuY$%fC}A;`bc z<#397Wq?LJTc^uD0E(WMVlolEEx(0Om9i5KzFCBfbDjh>uc17A^H0R*bpy@k9Gz6) zB1fh`iwq)}Pquu+=T8VW(y)p9wDKzIIP_+!9VtgcNyfqymFrS7Mm=9j%1xd|)XXe( zvS=mnIM2U^k{+5IT*qw2z3poD263U|ZC`4}yT7iIeL-w{*^M%Mz|X>}f#B8t>R#Ux z{{yRy*i@UWaZjZTu0qa#YjpS|?OO^AD-9(v_X*({|#{Xkpz7j-TUqT@x3M z=6Ztjl~cX&KWd8uhr$3s%XlkG=OVm>B|z>hMgt&YLgGTAku7lJiDSU79#4#>US-ag z7wKJc4Nx;_^U} z_o7CZJMPlTww>tPbwnKo!}y>XqtWBGW(-eftm!0+(L9pc$3CKFZ3T$c?Gkw|tue%3 z!9ChppWL~YY}>!(2*(nn#wi!bc*}2hgl#&ko!x(aw}AfAeFxQ`qSRUjaUgX9T65Q{ zpyrJz6Sn!>)#ee_*YmFTRH@F^-jVS;6Iim2eIx(zEnig?kQ{_cE&4gxtZ%T0t>>>k z0mR_cw1&<3glw_p2GK|K#?Zp;_L6`f`B2A!EIG-b)ki8wmT7}7J`1e80TVb;`&e+c z`}Jvk^h-s&Rm9*8~@xEq++xw*juw|Z_>)y0mv~Jw~32@x|iqFe>*GEoeE(@Av@7_5|kv-I60o~E3to@!jx z@RNH7ZGQesKvlEP;-m^sit}@pJ~!?O^Oq->qyVO}x1D=T^4G1^(h-E1t260ZUE?c< zU;5)p0wnHNiVneuG~s|tdwZSwp1Vsn6IpmgDj>&0lC_ zp^}c9g8`q~g^S)N-6O^gk!!R$9rE$<$y_YmTx4y?J^6z)4dK-;h+l60#6@*F)R{Nk zVL-~hyS=qr{|Wa?)s_mS%>?rn1U`Z~kJ{O;gQ>3B zJk5FN1jRu5bVSx$%9sYj5w9_2t=d#20{R8rba16l>P}>TJoOd$Ui7M}o1#bh0q;Lj zFJve%7>QeIBd}9nt4GgBd~Svk9A^KgME|qJO)!!eL!O)O?JWA*jne8E;Mt@JbNpE^|6BSR=diD*5m9slT`3F z2i0y3(aZ>#{^g!G@-Y3z|rZ*xZ{1-07eX zKwJ>y(-;0>CPpGFlokl>u09am!D(H@!L|6cdAKKIJo1wGI(^p@a3pvY_me|1Vmoeo zx0;nl3m}&=9ahqpYK?E6SugSGu*=QW-U$b;l>s}4VMaMGhjq8S%rLjjHT!JW8lH31 zqOChXKXp5CJ~x%WuJ!4%RmgHiH&1rGuw@!=?IH`3lhQJmKrf(G`t3?R2`e3K%cNZN zRwia>1muD4{y|HC-X0@qn0p=EV&=>CtfjhK))eu$0AIHb!0bWEsld3i(0Pe6ATFAm zoPD}3HBF&^%S-nrkNdU;dy$In>i5-G3KT6C0S7m(=R!xKa;w4Db5+SwzBZ(NV-5~bw1e+kH%rQ<{O{vdwoEPDAin)0?kUQSch zzxxY`0H@@+H36i2Knrs)R(K!K2A%1L6u+8=-}p32iqfVwInf58pXAhg8<> zXr6VMMzX_35{lW|bycPFtyqGT_?5kgN*+_MtjZ_e>_Z{U1@$t0Ma iw6ZJG0;4@ z>Qdzt{|-T+^XhcQsp`e(FD)JiHLoLh8paNH~#t2E*d+gFgj z@?X5P*MprbdX`?#385Q3AESx1tZ8$6SD&8z_S*F!cZoU*FgTfy?znT8(XeQkx=oBq zmvvds0^~EdVg!B#M>og3bbmWQ;(2DdnYUG@%e~*NTV;wM8J&^)QDZk`wC6f;XOL z@BF5C0@)Q(@kq5}mS3_5nVRa5vzoaYK;5bmDa|gYskF@o%_38P*83dKlIl@LU7)f{ zi_-R;pM8;;#_%!B$yd+gMfJUTZ+NQD$O`y^C!`kSZ5}0PVL>(yC3WTK|!Ws0_i7I` z!dS-g6fh?$SezpI)fK&F)ihP1fvw*2*}iRPv-K9}pA`+R%lwYY*yDN{w4M2(LY%Ng zcL%e0#!6~=Y*IN$+UPFN!Rqurf;8Ri1he;=PQJqnM&0V?lu~0Vn&m3kCVlaR6t~D@ z8DFX1k^r@sc1x$x*Yh;V_z zZd-nkD5faTTQsc+NU5gqmaAVTQn+Id*c@fHNR5BaSlvR>`jE=IL~^#H{%kCei_9tn z9r7riQDXcw1m0B)!4+rvru38Z0*vGjiKOc)R$L}x6jD+H3*zkt2dR{Og*aYvWSqfB z;0F(Ye5u+hPJ;A&z_qerQ=f0%Zi+2_Ie}ir_O{}q*Lb`$7pBjs<(4)8gPP!K9TX8=5Sw3WnoF_r>8Wl}26Fp5FYJ(F=24 z8?LO%o|0@JDbk(!eYx-=JLhXWoW4=O1H=C#Hiv538bmL-B7zKlen=|g_>a~e7lX`7 ztwlFZj_CKmyXfDI4{RiJEiIlv@fnoH z&6I{0L61N{Z^^3!sVE=T`&eexE~&Z1Z=)B5xUID19Bw26c=(##uAT&=WyE$%RI|RP z`V-16%aj@n=7y zRz@~I-D2aJ@FH9vHF;KPK2u{UlVU|LEb1l~PRKxlOdwTkMtamG8jiY|3yM*0ws2B< zKfe+Zx#DmpQ*L+SM2q{WKBhmDex;1#d&0r@hxK5S6Ee8OSGy|aw6|#1GvebvVMf_L z3}Ixh+2xhSV6cE~WBQIdef%in$dVbiM+cCZbuf{h4$VjcgJfr1fB( za~Zwy4*wsOk0hq~xNAYSVdPPGD;7W^=t9@cjV6bN%5R7@&{s94KtM&w1~eJ>JycCghHevhoLqVs<(m|gWAcf_DhXw0u>97u?Uyw& z>PW0V!^5RXW?p7ALmDrD?ntAJ)P{sh0df)cj|tq^YsleQCjM2z{<`&y@SUJ<{cz$y zjKwM`JknYARP@q$$?u5a_)xC5vFli#YyvCBpn7g%ZKiu5{9C<|Gw2XrWA+jSKvhe> z>YfSa-v8o|WC_i8M7l=h@tkI@Z>+}$1=!DAM>B5Y!0SjHvE})b8_jnOgYs(X2I@^m42eg$c2jkPOo#@q)=;x z6}SpvZ(MMPCtI^N{#5uCQDXefBe8Dg#Q>Iu`JxfC7N_ETOcuYMO#G5#ArrRdL&@ioP829nzjI%`lf;zJieJ{Zu<$2~(!`*}qi8H$ zkgo}?ABVf^i_UU;Aukt46d&_MClY2#>7a!@Pl-|s)#LQsyRert?{0ilD#>12@PLVN zDaLPTLYR4tJ;aMjeG=zXQ(Mxl0NQA>Q!c7YUE-)SqnH~-!-g_OKAxMo+-7rx6221b zT!?M0-Z$i-(ft!a6~Z}vpu;+b37F7CskJ#|Q2t@=FioXX&5Cx_g}XS&fQo&0 zvFODh;`l;t-&l3pS66xUj{Y^W{gCn2v3X=U>-D}fF(3t@N>2757!ijgAAL0+_nK`n z&NivB-l@)~(UDm0!yC0tERLx-8ls|aH7AGRLTTF$f?7htGQTNGRbKY^BZ;d)F9(X` zDFq0_m1=>)gH0@Nn64S#3vE0gs8M_B&*d0O-ii4_Ymt*P`ID&3t<7i+jFwS8-p5}Y ziENiS-w0QeOMa>%lV$U&0BA4NO7c6ltxR>7Ir(jBM<VZ?Y1&_n)k}YH&ZW{p3`(3K z2B$$o0og82TEe9!7CBPWG}VEG5Cb>_r6k4!i@Kq2Y)CQv85XI(^PlQX*LwgQgIW=} zF37m40u5>BEDdJH0#&sOc6{xk@EqlUGGNI%}tB+)msRIat-rf#rs=F|5wL^bt zbM4E_75<>|NT7Bk*~K^J48yVGI~s~kq*|p(sQs^7?$8D{x##oy!?BcDQKVW7TJ00H z)iNkUKbp9uruT5fsP<3+mvCNkO0}weFUoa11q*YMC?_yGm3xlb-j_`QEe%}ywm)rE zx*SPhyuNGAf!bBbWS=3Ttl|k;Z4K+$BpCx0y~r42YF`AQpicZ!k|UBrwkcYpi^T^( zrYV0?W|DC#OIrkQo9U-&<5}=eU7#SvDgCHC^&>oDy=DHrI)a_Qzx4$Mx^qjB}uO1`d64K8s99 zCTfE^nml`pQ)2Pyy7slUYUpzg>gsz>$Em*YA)>Epl%(R6yRB+|FIj#}tMt+Jm!$e; zre{Wiu6?O~mDuFk7vIF*uy^r!Jr>$|wcL>4Be~~N4%9Nt)J#Z>x0Mjgf{Fyc)F6Wf z65|!=YT~fcTkOs0*`V z8_(NkQB>r%JWm|mKm~<3;x(x2S<+An$~Z#u+b?;Pw>cw})uE6-s_=Hu&EokGIM@g% zYTl#{;-Zxhm?{qacV8PqKiMNR{y^qmYJpOf;20!zW57FX71h(Ut1 zKAcXu9f@RAYROT1&I@s3ld(*s4MEfKHPqL7^D|FSw?uI$88-vU=KP`2(b0Y;U4eF5=yO45Gdlu)S#6&kn*+zikzc>o1*>I zBhH!FK&CBBhmSvnh7xb!h^9w{!`1J=JT?244WL4_=E|C|5~ia7J9d60m0&Y{joyRz z+XEjiLbK{$*DbKog7PB?d8U@jNp~R%^HAQjGDyr(Z0NtHQGaRCKic9$v^IDIvZ^tz zuad&307quE0g+!_aGQho2jp~gn#HRo64{~+<6k5MfmoVAuL-?xp^lXE zE>DP9pqUT>Jwp;SS6s&*(E8=V`o0~+U1R`h8be$PmJc5bHuAyfYyPzq08UOexLA_*S8&Q6xlG6@Z5bO@pW zNY!@$c&Bh!@uqSgMuH1X>&;`7Hpb5GP(~`~RYBgTIZMQpmP1S0Gn8hn-rB5!4X9qS z0Ic%5Bdej$eEkgY>mMtVW@4&0bwyPR{R083AA;v2gCXD|pFpSo=JfcL#%>S>3d`6zvY^#zPGd?!$x^aXG0eJQIs- zpwA7#VR!=6gh%&Xv;#Z%Eh(raJuEsS1=R~A^H6}XR%$2=GwPw$E$L=n2eD1P;z+Ky zBMVS_n$l2H3Rh>R5j6=)uo%Q@;V}?)c0T)Q0zUj}Q4)vRay4X*7o5^ABfpU7Ke-{# z8bjSLMD&)=p+}HH0PK=_NXz%{ML;w{2FzF!{L42Nq|fj#4{s>s7Nm1nJeDPLDrVj< zSuOEsr5cp{0^9lj=ap6IPUgm{iuR-^0#mTP5!J0FfZrB_c3a1?TG#r=t3ZR#XuH%H z9ZmYm>ef|?S|j=cqt8GfoA(aJ0JX`*bINj`+ydf~3#|%Kq+&fm)Di99>bR|xr{*iD50b4d@~EU0(#8f zc_#ZazQ>_^BL@eq>F5(OCmpvUVq7va`8*|3c`~sNVDwu(!Vi~yWzXgZr*c6pPl(UW z3;5G;7uCs9%l&U%V<@|@4~}fv-jV;P%6tC>gCDKVyC5~ya&hMokNx-3XNO+;iC7fg zsZ|yTWrhaW=M6>Ba0%`eSpoUKY@?wWaBF{(zBW&Bv5J1Rrcg@ z|K8?8-km<2C|%lS1JZ$2_PJL|sm6#e zVB}u#R2|#z4013YJD}d)6?)E~Zp)>EOI`12_3B{J8{*;XI+a(qsT;5;U8==}GnUzs zpsU*Eb|tAAeePcZF<>A2HVU=`?w>7jE;$q>8pVe5V{hjIn+Wa|Jv1Z%>fw!oN>o4S zE}UcGq9s@T|GiYp1{IIX=egno&btgru`e3(p& z9wrF09bg4*Tg74c&awa1e>_sfE#0^VN{9XojD~xwAGVKN4uvRad9L}aezI~}Dl62J zU5gnj$O}~LX_uK4eW-s}DLSWaF}A`JZ*sB)v-Ui4-ptX|GvG=%i%rsSiQu*jACt{U z2BVjDzb7>Sr4DSCkoPzfGBfk&(K$abu)E}H9FBX;Fhy!sniJmx>uu3wVs$@!S3q-7oELk;kP4>B=|r<|&#FxJ$!l~Z1_a9vLjz+xuB2BKUm^WZ2SrE;#L zco%HaKPct!KbAf72a(+K1;#3k{MR4-}+tvQzP}N++qTiJg;1s_{xRWGUUifqK zos+e9vUn1j;v#^9*igXi!1NXa|tI|;~bwBSR{J` zT@qC2drWD?=CvU|{IO}?`V^`woUfsmG+)JYJ^_G3xkZjBfkaNo=;LaZ~CmGb!v*k zWw4&$d)ewR+@9dilR(>AsQ&b7(6`CVhAWv&WuavOfz@+VHiCd>%w!q7og7(fwk-BJ zO$L@PdY8_ez((j0k-e>^)7CdjaH;jI@1F|I@oytq+hk|cl&QCnN~GO7`rj9X2|cOC z3GqstErP8?Ua5>T|QO&9?F)hl<*|M%j#r-okT;oTbjUS`3&6c%;yt?tTta+t+IJF5|>=bXVCMFX3RlA z_VXv#<%(1{E42Sw_=Ij{6Kw!!^q|P3N-5r7g;ld}dLX@GjPA z=pK^bszJ#T^5vQ*_s}oa=X?CSn1^aMX^U@{$0G-*!X<~YQIOX9dN#uas6-k|SBB>s z;6s1QTox~UhB|Twx^kgDg5P^w(`2bze;r$*|8^vKC+Wj+SD65T@IXbBfItsNAC{Wm zp1?PFjcY09?_b3Z$jZmi`>94rlb5m3c(uF=y!wxN3zGg#@lE~zdG{F5o`sN~y4!l@ zcUVUw#&5VOufsp#G_!$^fazW&WA|Un(~&Ri2V8dTP?EjOSZjnEOr!hS&#Zx8NhDEL zXP!cD;A1o|%W|FZ))8pF90rc@d}etrs z&5%hlBK6%j2^xDM8bPwAIEE;f8iJ@xYZE?5OG8#GFGzmF`NeeRwEGv*gF8-~pCm!j%wE_*K_E;-iw z!YC`BaTjVPCn{d7;!Qc8oiKadpWu{eU-U($UB8ky?hauNZB@)_jbP6Ym$i8pZqS%; z^%4~MjJG*k*n(x%T_c|i=(a#0Tv+r+;RH(Me?+*d4h_<$1Y*+^zvg&ttzQ*uw~*Z3 zII~_Zf>lK|n#Je&7=%!n#!zeZQNa)(<$akpr~RpYaWGwo2=%qN&n)xPQvB4ZNX(Z0=Tl)1Dphm^HTF63V zdT5tAjz)n>>mvn>{*^X5nB5F{FRGI_{-iPP#saK~d4`pG0?iKJJ((ay>9n+;p|QN)4_XZu}!V-stRXym3= zi}j5d!S6a2udJw6)6Umi4}Ir90pnmN^`^W1a&e!t(dzzb@_XqRvgcvgqj1sLKQMR{ ztp_INzRnz0$C^jUl&gX12uAicPh5~RQjjov#nRNzL{N6zgU*-%@vES%iU7rw%1lB7 zG^-7Zsf5yL;oUS!7kgW7l&DY`B*K5I2 z#j?M9P0VYDjK{Lv{WbZ0tbi-7Mdpbi9+rr$L6Zr`u6LraygOf`+XjIpm=SS+OO;J z3LC7D04sAh00eirhJ4<(q-+c3B{pBYPN!h|C;01L>96~HAtchjiDIr-xRw0h>I7Pf z{&7p$q{kZu$Pr4MMnCrMT5d(hwg+KSdm_NVeg0|G8JxX;s-MeOP!OGBMr%Vl255t zRzfV$lO!as*I|8MP4yfO6Pg?)ip(OLs zUc=WEHpj>2_E`bJ<<07E5NBrBlI25QiHSkcy(gWzH^d~4`^k`o^R`)CPxBAyr;-$~ z8*7a~<4BkqoFULcP!iOC4-%mq*ng?IW{M@rS-oM2UR-mR zE5*0acRpM))~$CF^U(Lf?zD33nALr|KcA5T9EPokLtj46i*HV*+ik~`N++@t_}pEi z;;p_-W$Zdw@P$?V%p40Dr~1zC?j;C>dRE`2C=-o;c|}hQcHo}AXef^HftG0!h;6TT z5!-gclXv=hhMdvaNr%A<^!7)5mlOfUL=kA4$i#%?4MS#0P1a6f6Sm#rW?J>Q>^cM(2A zRzZb8gP{&RODy+57@{5sL-bKZY_t3u9wZE=`az^$q6&p=-8&vfoSsg)#+rx3l^)3{ zQjWy}4?4BtcB&I?4lyMGF2jQl@cC*jO+;Rdz_+q4*n;}XF~Zo^JI zmVrh9TH?P{gk8N-G96%6s*wS^AMoz6HZP*?p%O-mEE$8^+$i= z2`%yk3mr4$+ehIClbAk0!(O&ZyVMUM(>B+kxmL&5XP%ta6RH=l^LXn%r~zZokyM3O zKh2^Sp8%gsX#)^XlQ0t_qu}Z8sw;JYH2n&T(d3@5TuZf9^ZEo%@hzcst zgx-Vht^}*I3>kEHBKKnzbSrugQn3T!Sxk_~Fnh8&@ln_fOS$UkYYpfvK=NWN1DnH( zUZ@@Q8y5J9ZGsOHNT65w;W`uyk2V@s8jqsy&@=Ssr5OHsG^L0r!9~uD#M4-(->^Vg zl4|s``rqya#2x<0eDqDm-rh|Y6>&3Ok#aio{PKU0g4x*iEWic0X)EKeSiFF1%K!GNd4%T=MQ42YjU0%eo zpmfY1gBYg>i_<_6dfKf#{LMIRe^=iXJkC?kynm7_MJ2&aOumjg-2lGnNtpg4w$;LR z<AC~`@*Xf-P|;2XWBQVQ7BaLonikZF(sr)*L=zn2{~Cbg_z zj_>!t=;$)NCp_TCCP11YFsQAzcc{k6$u|kB%H#tACI4rTPvRo-;!{c}MhO2@io+jK zR(NDA(DrTL5^IH{lEB`x&NAQFdE>`eU`E*eW!P*=YzhePzg*bFO7Aapelvb=m;jq@C?x(oOl@%Ii({tr$W z@)DjR^#}}3lIOK|D(UHDaiqj~rBD2_-W3sGfV~hIlo4w5s@-P_mpGA@Gzra8^U|WTxT|9z+a>5~Kf^Cx}2fpsiI7%l0T38g`MMF?b<7usD{_0PG7nCZCT)Uql}}8kKFmcG_hlCgMI|OMW?AI&`;lHD+F{SI05Dvl?Kd z1m#U#5LfY-=q-Z(Kw&F^|3YLb!c<_W$*KnF7B>D$oG2Tt4mg2x|DM3$$_BG=z-nBQ z0v4{O!ZC%HNVU;5HZ8q&@ZdlF>;v=-jzNOD@cD7kh5!-I1Y%!PJR^t(|I@}p{vf1( z?P3zN1&^D1H6N1y55@*Uq%p=J25JxVkvKy%bHi&Ikvp3ePRG38Z<-hs)0@rfV&APM z|M(W%xCZLhc^oF9FuvZ`M?1f^f@=H$b1wWh6ZD_2;!A$L!_W;(zkg3r=#qhg+0qi= zZL(DUmcVUu5)&c6^%w<$Z$>WwH~A4jai$iGW!G^hM&kPyx(iDnD9uzdiRHgyM=)0! zeA!byj!&7Yu#XQy@5@+UtRw;hFU511%GZZ`dsOb3p>8D)bv?j{S4i2nZwi}DwgN0A zQBhHsXS;P0`P~r&aPFrjfmvCkwu@e5-h%`sI6f*`4G!-_lnu#1=%$GZ5#1OFT-~70 zSGqnKNnm4oohKg#M4PLBVmn`8T4nqt-D|)ej8gkohfp*_0F=1XUw$o%S<)sRuLoD& zc_5*Rivz1#gE0BQPf=-z0oz+~DPV8R_gp>SMzYO-NvXgX#9l>{$YnDmKtab^+rS_Ag-D56JBsWmtP!k#nNWS;mw< zl+GvkMU9EFX1@nzGw^O|*Y&mg)|hqg=aCyK*O;(Qg>)!f41|5cr%B!w?;nt`UOcpz z6di>_%)LG9#7eYr@+!z+$k_6Ze*Z$*TXMw4qG9yQYI|sVOmy|C!pZf}FKJ{~7J1th z@CQBt^>)vUJvO$rigntE+I(-!9enT3#n^g(&M(MC*vA7$*haL+YXTrQ@A~AQ(LIY3 z-<#H(-U-NlR>LEcy(MpP{^*bgpvNm~5xrECmb#R{ebXO@{69&qjJGFtGC>EU1K5ET z^eciMH?RJcC6KW{1FM1IbBwT?#8_FdK*5-EGYa=zni>n16tuS7gz^Ov?;Dl~>}+(z zHF>>&d?oj`W$4krcZ4_&bTO1Tj6moWkFmShhL?#P;g$e5L$&rSMaUWPZC}(tXITi3 z)8bnij2a|-Ob!byauhW%a!mxpcnA5J;Q_j$Ys$*?XmiLFOzV3bguE#NQg>M`1}VsU ze?`pv6Qw>cVIDPr`5j=kv5J~Ogd8qW8))PI=1;a@C{Ky}H-XY1Ug^dUVgQ2g`amKe z#JPmc?%DJwT&5+zAr0Hrg&ETR6gE_P4QA@lp(Wo-NLZpy07TlMKbc41`nN3u(g$_` z;sdm26;v!9xTP-pLJp9p$$)o*x&%( zAPP(uD&=-eG5EuAp5`c+$~zU^pM0b^27fEkh;sls-# zKA4RBb})m1Aq;yU(AT53_irkW@(t=^%taExYVFF-pKM-FqO$7Av}`F=v_Rw|tCJm% zjIPvLg$B#AtmsQj(~j6GZ|_CL5_wp{u_e$M>7Ws$(Ih3cs}n=8$LvL$nJiNwR%&}1CD#hV`#?`(NN1o#z^b| zs*Cb^l6v`ndQfQiSP-JWn(I9~O3n8xU zQ*hD!M1-!LEiGtZWgAvE=TCTFD8eS-6ZFL;Fe<*m!;7a%tAzb#4v>}#3*Z#- z06)Sk5x=+@_b`0794_EV?MXf`vVZ^c^myc8aVhC=F^#ycEv>-Dl{^Bcjk31gY#5A; zrfT`oOk{JVnr)l!@BK69guHGDNsCWTu-5#Hz-F$b2Qnfn;k6AcL@2d zDQaw|Vp2H_^d(>aaFgi|dKI1fMUA46UcjKFga6Fuw!t=GWrmdTvgehFS}l4Bp83Z+ z|4Ni048KPpFy0a7W1vBo*y%U|`5fd~N{3MWuOXp!kwEBY8qm)^Dv&!3zFrDymHsZ` zfo=Dd+SayWAmx;BJh8<;Th(7K_>Mx(bAPPT%#qjfsf;U0;8Mtlu9Hsxn zrvW%}KS#CZ_@i-8&prK}=zz&!~Q8m{tB@^8t6lM)V3EDXoy0 zdg=fXKXUiX|VHldSq=*9Ma0##>d$NKAyTC z_?&1p-7j)3vx(uM>%Sn%;<8>o*!=x#OU$BU>_E)l>n5GAY9cn!%6#Qh1*iKU>?Sku z5K=}N$EEYhcXyA19$Kf}X}x4`UIF?97KvToEU{PesZs{$nJar}DOr+8J~mGoB%X;B zLF}*m9=EBJT~enQK88M@rN<`sekN2XJ}qC7eH4sTYtRi z?Tal@1F{pcJ26C`hW1Zzuoy@5WR6D+s0=oq;|dlFuZyeq^%82&_)Fa|z~2d8*CUua z#Qx{E+BoU~nJBW9e!iA1;wXC;5TRoD%=V++50wrkx)s~#4iU?qBs`k@~1i`Ng)+#~zcxNRwzA?1 z+uIeB-DdhI)uv$Co8sQm=OX*GmyED(0%R*@bRp2Rt^bC$=Dy6M{S!|=U|Rv4)BFf z9%F57-+M0~P?`=V_=n*z34^qAr=NQgjh;NKgJK9553&eo#20**i7Cbn9I|0Ts!4ll zUcQg1dSWZk5rx~|!)68;+$P@)81I@-r&Iry$cjxJ9aB9T(t@p!sfspVFu1{7#Cs5P z-JIawnY$snwz!uy@-!>zQ_Q$QxjRs|obrgmy?dE?Sv#ar>^j$N(81#49jy5&{K39R zr73a9oll_AcPX}Ydn)ux%eM$-y$PTAah;e!g6W-a6+9(cO+D^(Wv{Ged@_BsSfd)9 zNTlVG?w_~WRDCX++z1UU63zeMw0~W4>EnvBP{))b7Obc|V;iXZ{M@D0%h>E__X=-W z(XN)a_3piusmh0^7NPG+%}3}uSX|%FF2Cz2n*#e`UJiE)1-c?W{#g+mc%Rfev>>}g zc#iQO=1Wn$HT|JSAuaSMyplJnUVc3tBw)7T6GrZp{tGq`4Ll_1o@G(Ww?V0zsEt;c zpWdxs6Zz*Pd<6fSa^*niHG&JNMI_ZlEO!MG+Ta%&Ubif@TCHDV?}&UJP6IE}RDXqd zMES2@7zd;O5&6ZdsIW zfvd~$?p8P#wqD(FVoQnwzPHFjAxMajJEy)#j9P%>g6*l1Ni1fi)%LdfK&t13PB4#N zK>D~=*z$@1ssiU-FDaFmKjf(d33yC~A4-3H7KNeCX8;_PU^HM;M0JdNi1*`AV{aSu zHd>)4l`B_VvntoA)OGgV|{uFwqbv(pH;1q~N1Osst>#kUh&MO&h+kr*t>mSGW=|%)Wcu1hcGqkY zX0myAc)fl+{$fxA6bUMHa(hmxXf-ANk?)DcChA;@N)uCyw`%-_vyUreH9E*Xiag}+ z9{XO$IeR4ly+-P^Jak6E5+Kg8Q#_)$%5HVP&VZ|DfMvpx{*2E%!f+6&36Uj2)9;IH zJo)M;YN98uum;fWALoBeQTj8m^fEShaCsgTc918qN-xjMw((nn8#@@NNn)(W@{@84 zvG@xfw2DWvN2TQjDiE3-{H)F9O1Re*bs(J57WcU8>GO4J($_BI!Ags&IhF#HYnwCo zi-$98_7knQa^-EM<1wnH+b9&l^e}y;sVzC-CPDWE12avbiN*)@0EmHjZMB>1liVih z)@L!C&(6e&6&X-5~8XoO0{{9e|Y*a-MMf(XT&*u z(+iO{w*E$24BlLW)$wIac@Pd(yA>W%ms)#o^e^w1)YNN8K7T9G`r7 z-lifAm-M>MQ@vu4pvH(0#0no#L3$Ehfq?6MG>%HoxI!JFyH$l)s);S;pXo_*sD{q@ zqn9)bRnlB=$BsY5W1o>2t_+kZ30t|5X``Bzl&kg0c@iN@$TA2Z2c|O0ke@-tV2u(^ z*0Mu!QDPe2mUL`G!nR0ORcEhCTLuHpwcnju;yDY_Hs*wJa|?yb5*CNP2BWr#d^VPM zS9`Y4e-Ss{q;eu|;ag)~9V*-r()YA0J*cR%IPx*E-Cp0b>a$pUY(QL-cW^K`)J%)` zIink?xZJgv5H{C2@!GcIdB?Rz=Dc0|ACD-vz+j1r_Q&wnjCicbk=Fd^%)N=LGeJYv z?;#YMYF%c(31;Sgp8E$KX!1f#4f*ji5xpWr2sulYMFLb5`f=8ssd&7sJEP9FBst4m zZECAl%Zn--y2X#wE7kQLE3IcLaf77LHCer)cUmav{+!p?Jr1v)jI5K_!)K*S--XL2R!qRvpt&^Lb9 zLEIbW5c9c{f`l-YS!9DxhA3dznOaabd2(8LP}N1Z#s^TydOKQC_gnfo_HYj<_O*wm zoQ7PF95!RyindBQ!8pWDzjTHGf`hH)yHZx#6m?3%R6m{e!EGE}ZxnH63p)Zk>m;q7 z+Ejoty;m^Q=)z*Xy)02@GEYi-7|Z|Iu>hmSvOhyA*egbq&g1U zosYEYRc7*nUWalBla;D{zL1^w6M~cDR8k_zhgcCA-9~q^)#Ue_r6P4I_fLpR-&3?-2vywh@=&N zfvc#)3*MRD9wILK9Y!~|PFp{lzRND8;a5&Eb}&1~gZ#;yl~?|RaQ{r?VX)1J9v%=YcwfQfiZvC|XiA3Lo+yI?h;R8&ciS3D3qL+$wwe)8P9S(fB z!33UVSu3**pVyS5KMF*z!Tu}T!$-kh`gJ1wDkV2cUg4$LL|)boK*D(t^fRcyzM%!( z-vzXv+nQRP_lR}=a>y?huy*xvYx{oE{uW)To1L>`>2vup{(3iJ0-;E@_1G&Efvo{Y z3*aQgI}>MaVZS$pX-Y|NwpMh+nC~Q}284(>IzK@)%Zt+vR$K$2e~+L0ZH75}pGTEn zlY_nRXJ$G9SN8;yZX#iln8M8mru43iAAT|#^!=K2Ph3myAJ_HcRPrZXoAxHz4SlH_4I)XUTn2b7DCY%W!Y;h$$Tfi=Va3w^6ck+K3A{S zm3?z7SE-%89|Dd|zg7)vQ5BW0M3!4yPjFN{*6eRmb{?5Xqwf7;wMpa0A^Rr(#F;CN zh#|c@dc_R8X-e%0m&w3K`}I3_>xt(Yf=Dk5H%uqo+@>+5*d!Qw^^f{3?6_o+TXJ3Vf#=!ixvwZpwX zJAn^`5wZP&k>@|rH4J5fHaMAp9d2t8Cg>8_8hs5$G-|o2;^x@N3jGb%Ve)7GSv19(69LcFZ^OC&eOYsY%M+j`T| ze(O}-EioUDMrkecNDXi@Z!DS!RSl@g9iCm>+PTi?YoJqb|K01Ret~6)_5H59!}F0n zv-8FGdeas@@3f6&X!*G?7F?9@diz@habaww)fc&8tx@Z1ruWcl+`H;Z2s@v{4YMa3 z-?duc-dM`8;BotgtEjcWy0h6G9Qlkcu!F4FJbycrfEwp{L%E$B(Kp5EG?7_R7G}k%w>%s7w6T2l#dL8=!`Ad)iMya8 zA0w3DV^+=KH)FHvB`kdPM*80#W?Zhl_E(oi4!Sg_T2-I!SYLmY3=$7t{3gq+k}pZK z3kMzJZP4cUBF}n zp_iQ_h!NcOST zmhUdWZBQb)+Dgu8jf0Ya2|~u-KW1(abg=z76`=-*#Fh;Kin@AENAsgR$K~&)ZiN#V z?Y2!yhrxCOTMZi#k!0CA6}%0Njo4xP1u3QDQO);L61+Ig#zulu$@Sd=g-yNQxoso7 z*)(h-W{2wmR-qW&NZ1Ger4L#gRN5B4X)jxNDDJzAeFYaj&;QzwY~<0geQPzRvv87fCGTJa-@iIk_V~X zDuJ84n4c&Ch?Rt$SQ)#`e#D~sl{Lel!Et(Ij)ncT=s5^iwCdSk`TL@MnD1(uyKnuj zbH=7&U_S{^(P29&L3_A9J!beLI zFL61vzlsgB&aNywV9b^fyR92WQ7CoOl@U{CG}rQ-vZTJ$KLS5co6K8dlN`y;-?>SJ zrRC5`iTH`((QksqocI*bDvTGIoY8$miB``8c++uKrfSeDXW0FYm-XQC?^iCf3p2Z8 zBm}FABaeF-cN&s*G$+e>Y+97(5nX5QmRlz@c`$B>s-CM6p6`yWKAcx`+brI4oLy~x zioXKlI&5rI&*Th9GNySIDNYbb{8&N>ciwS;gS#IR8O>Trt(&CH{3pqpXVFs-<(^AUIGES^w2uyM~pgDxo=C;9mCX3v=17!vZbjN@;{2 zwM;SsJD5o z)EyAr>K!``6g%HEtu))-URw-Pwd1?lTW6s8q<4bXzQW^sqOc)vNS+ zgm$Ru>Xtk6(MO$8+tKow=+UL$lj)Az%O2(S>-bBaaWDi1+@jnyM{IC+eWpUfTKJ|2Fj&| zUt8U$r)`ZH)>@M(nZ~^;rsQv6Lt#z~ANsdF{G`cSKjEP{T!IE_BIP}6w9}d>3}YL; z@G}^DBUDRU7RS<~hHBJ``3zRP*7lpDxDm2IgYeeJuhCNIMXR$K6JGLrMg7$8yZV>d zD=^}f<)4oaWI5@-Ll^N-0_6l?@KQ!cIbo4R_6K~Hqvb?Z+qTzRB3REl%?Wl+-sXLd z<;kk_HOhoFDJr5BL}?n+7P`+FA{mx%8=%yg@AXcE()a$##F;&lmDT#XB<9-tbj!Y$ zu6>%ZWLdT8o)GG4#joj@onH1S5uU7K&dd=X0d;V~2hAUr((h4bVYwv!p zbbX|n`ARawv~`bzTJu|eN3DeCL$v0I2w4im&)SmFiZ?3M>_S6TGYE@$1F#YcwPrD!CO&zAUQ>|eYk-%c z)RjA!&gy`A1IdSC%3OqjJ!U=0KN^vfwRwrNU`*>Iuyf&tRuRW1lEnsN{~#a2nAbRM zTFpsddy-qUWCI)l7dQfyt~L6pBXGgb`4^T|=YCWTn!A8 z*jyYc>`X~&QhS-Q%bMcuQ5u<@$h$LjONX=Rk!{?cu^z4*{oFvjJzmFRC!AKj*irzf zXbU!@6Fz*i@VT8OGQ6kdEbIqk8;UK97qD zLXVq=I1vghB zdyWphuboRn3iH&#HN6&f1L_6$jo4^Z!j?y$%(}DGu5WIJ5cnGWF6!or2LqYx590%I zptNGta$7XvGD9MOUI5xVhk#wS@>^(uQ;GiDv@MJlE+o?GjD+Dn;CsDOY5J1ywvMLw zB)X>DSv;7x^C0c;J+h>#-Io51w8cGxK#CD0Is^5c@H2ea9pgJ!ndTd8E6XRbAjGGZ z)jz#(pj16(prw#T%~7eo-*q;l*><^p21{-#q_mSM%!`nu)v!;V?L4XoRTn$CcN7?bp~ zR<*%a*UDGc&LtxJZRyjTBFSy{zDET)+Abh=A@;MJ;%VB50krh;VxyA(=l+k~>epCw zyCiyR-4go;k8oPB2+qy6u*$o(SYs2lSJUEnE=jD)U#Ud~Ruv9FxWgATgD&~1Vo9tD z@5fcDKJa?&kMjjQHgthC)2?8AfEr}s`_`8=!h~&i?9T$rk0TRwESLcqYgml1TL;w3 zMNf2Y`!rrZt*MyW@WY5hvYL)GTgeps?$jF<u&1k5?m1afk zRrvL_oyg97UHrt`G$0!jU3P}O(r0oM{d4vm?WR1&ztkyj+LmxDZH|;IjqoOSG3+bX zUgG7&ID>QktHcu>i?+~}?KF)nl5MjucI5Hm7<_W83%E}t;#EiyZk&6UX`UT0`@gfl zfb74*#Q?&L`bNjqe8u?&20)HU&|4|bJ$M&0U5ARuAN0!9+`#&?m-|o;@JTkC%@d!t zhuV18ssGu`9a?iSXPG-Z)hJOZb$^M$^2)exly-oG1c8l@pTZeOMtHRQD1_{Osg+3L z+HG)Au{ii~wD*rlsaz7G{V}36ITC(m#80vAG;C{drJ#Xxa$nP8->gMf8uuxQgeE)A zb$`P1{Ea2&yrivA!*N%B^a;L}Ft2PB6`za0*`1?+#3%U_2_jw%rejgP{?!mQQ)N=ZTAcwi_-j~rJm1->wcl6ZlnplAO z61B#gjnkNaEi~BT>p+rg{O?xR4wv@tro9y%rMB|QYp(*wa91S35JSvhWBwNyJ#(iV zMd{7;*e+Sj7bRJ&hSS~BockG>xg(&M^cx5Kq$}s)-aXJgfZy3p106=gHY>TyW?mbW zS4tfJifT`3MY+&`h|WhYiAG2DGE0+WIr6+`Ti{2fcSb?4_w(_aFF3&Eud+B}z-)XG zMSp*1)kmYqc5;ob;>BO-try59)h{USpQwYal%|!&s~`tl8RWOm)gEJ6-~wl67DC#_xUC7P2p~6 z#E73w&G7;ZfE>ZmF!FhyB8h#YMP$u0tF7?^FU|X@#p)%{CE*lm{%(rQvFv-)o8+I} zQedbV%ach>Fl2qT$gPbDOd`)E2t0YdHr*zRgv+Y8ebd(@lI@Lsyu7+P&+nM(9fz`}($x1@Mpq}Atr10DTyaxk1UR$j!1kci)>vy-riPA(C5+G0V}`qstKWDk=0!Q>bQ3mPzX zb(iZ>&#a^2jZIC>DKc9!qg)?VXo~X_t!#|A^#BBJ?#FShPi#94HDxU|wLyPGtVPcJnufc%!D!T%x?lI^! zcP{R1W^-S>MF%}t6ne0r8LRY=VzTc82{Nw1=i|qWuBZXD*AFl~dkJ80k~LYQnKhpj z5A@z@NGLwi8g}N6n^?vB_HcIL${zz0ZBXX`qu2`=MOm?JB%>&Jd1KDBVPHH;Klf&M z-r3qbQCgw+o5+NSR_P6v$6v>;!V>fJx7*eE3klDIiI2DJ4C)>%Z%*B+i3QQ(Pf^DC zM|KqXkxOucBb!Yz89qwdSf#gP=3cisvmczyg*%afMam8?9@7|hCVxUOe5RJ0QzF>r z6x0Fc76A1bzwYilqXzW35qmy15-081o>pvM10ViZP~8&^)ICU^Od1s=hf(9&JVO8; zUC9uFf#Xr3`fZ=iLqlLe+$q@VYe1n6L{<8MQA2+yz7iw~dcr#^Q4ieq$9jj|?wnBJ zoJcp!r@(K@FuU<ZAwpnRCf{CV zUv0#FfQ#(?1c|Qz)ON?kRAVtXgA&J6PjppYI?qfO0%D)1(4qBk^F%GQ6?BI5p9_mg z8y{)>*=l-Fzw)cbZewuC13SEh>50Vz6&gj*9o(YY9^Oy|!~+?S=h#G)^znTf#6AHW zD0(m@ejtfY^yDKajo&@s^h}Zu!>i5vOr?QVgKGEfVI%TI-ZG#tpw+neNYes(f=xww zPF1(4oND3tnF)MJtvYtq8|YYjyeVNl&j)4xq`npk!{awh&24@5we}_4I^6XCG#zN7 zMnB7ql-#zs_wPM*tEHHgb|4blU_ipRuvt9n`8U2MkD#dE~~-)vEiG3L#$2*v0oa*KF`8uZcl%u2q%|4y?EEmOO);| z_vz$V5;{G(=CJd}4@FCYfG4K{Jh`cPKHh277etnWD>oS0c*x1#g%z-&6zde95#oE@ zeA~={WoXGc=z0FaZ(^s%ikO~rwlel&NK+BYph|(Y#?2zk%F8tji#zi2DQA&0OL{|U zXhjxz>-d3-x#v*{cOX?iK+dtz_u9WE!Y2Pf*yDax#$p|ks#k<-2bR;TH@mUuO@YrF z!pY|g0VI5BI`}Xa{lWX@Xbb4MNovsd%vC!~GO zpfDLe9oM=6+~1xA!A9j2ZQC%kDu~3!C}*+0QX;TT3f1%-uHQ6uB~z^q4KMJ~PyVEi zc>!rGtz_3{9loj7>&D9}k4G5)B;Ohy@c$~LW&?+`hD)x?jj+jnJdQe0x7uNB6%#be zrAn;hFnr|P!s2}{%(-ENj(SKey4q^6c7yBKu-;e~F78CeqStVhVR=TH)#lyA^qe@t zfD6ZEq_b+;l=CLJf$zi;n6tN`2kc)QnvLsp_uXLHXRx#tV*kg&=p#iV z*@!mQmB!S@xTSl3GS-yE-!nJIX7iY0__Se7eF;uH};he&TdVV7qmSq zlkl+7`sbG809>pD@KDd7F~cby+CY+HUaZf(1Z0OiOOF(7a%SM?yvNXh>Xk|eAMC)_ z%c}?n(%Au0wYi>-z;53pFDHRw;VO}Lw4-CG;Ma3LXr$xOh|pfZS{@&#Zz>*K%I6w* ziZ6in0^p7g+xJNh4%e%0_g*Xyi<^5?NoY?7O{Xd&3Wj@3YM2Qn5sy_^S`IZ2LTWUQ z-*kfkzRjt`^m&=$S!=D$>t{X@gWjV7HUV(F!Vov{5yR|;LjC{-{$B*`5%dxd%2%)V z0;kEsHHYX_r59Xbl3R^B<7;sEs>vSImrOKbFy-FeyFQOFVs8?tQ8^MCu2{)XpIMo^ zubC4s)f$zTuH*2=Wf<+ilkAH4Dmz0(jAvt8+lKL?*`CCAh3$2A!ax{(;RUD#=V}UK z#pj-;#p6iTe)ZdkSUizhz9ok~V()hrS&0R77%AiYFgZwtodq=3HLT0$!TqX& zq#mn3ZaV(%=DoYSa4zP~=t9}zXz>g1n|t2lQCf^g!sZ}Wfs|BmifKpV@;tpzP<@-@ zQ8lW)BlH1Qb{G@s%?i>SL|hkK83>fm8%?W|UvLD^%3=28ZP)d_i~fKpyQ$&(yX2CE zKY=!+M;*x!^PoEaD!Vvl~?88J8Vwrw#N^PGDsKa#2tTUCdB~&ebR|k&KpCzuw!T3K<``UL*d>4g*vP z(+5+9p=GQ|8s2RwYXoL0veo3|TQF;hio<9{S2QYWQtg-Ixc5u=OSP_gCkoKSz!W^7 z?r_nPI9_)Au;1BFs_8r730@9{i(S!P&B|fh;q{3up?T3=@^8hxP=o%pc8*%juDcCt#`nOHvT6-H7bKmDepzsxR@3mH!%bbmXF95xb;5@J( zXrM0v^-*pV*%s80ips$SODd2JTd*=j59$13$B6rlgXB>YVOX_YA%8DbOM!kkVO^59 zGL&ubhl&UIf%aB~?FF+N8&1*r$EqN(3=|F+$oI{K`6R6P#2#bEB|DulGbdH}_)`SB z@q;i1;Kt1ygv7)OQ1it%^(>em)lDvgG3e6v ziVkpxo7B(uKu&6DXn8>6tR~D(P!U5L;;MexjrXTIbg;`c-r2QzK=W9{3CJ2lQ?JxV z45tJ`65JO7j-Ac-p!<1HGf_DH7BMLs^+{wB{&W6H)FHfR}Vz zDG|Xytu4R0(B3u*)lR)Y_A^n|5(zrE`O)>W9}H^vNZFzXh<;*YUjx!mOdRWkbnd;7 z6fjF=O}fOvefNe>u0f4t()NYvS-Zh;()mLjX*RubmWGA~BJQ!TBQI0aXD5};-4r(r z4Lv#_APD8P-C#5Q799#MY*B(lE8vDw>ZR|n@uyl1*!2JfJeG&{?=Xl*T(wsh-o}k< zaXDWf4H%E|(s#MR2J5c~tp02yplu6`BvwB(EmWO;P^gxIamq~wadQ~1NMwQ7KEeW` zCXpx9fEAE2Mxk}vGt*YG>?tS8(cTT5tf>!F>I#W_%p$$TvGLu3G(&zyGeYPdnOntf zljGjEhMns&LE~CtWE-)3rYxi^;er0GOx^u9Pv*MQ7QXly09B6T(~p8hR&tY#9m#gp z3B+F3Q>X-M!nKgp8srD!o*_GaKKCKh;?SPv=k+l?lJd6ilp8xha1g$`Dm;ojbI zo5y<&3yC{=t2&LI7mi4OpScUhSs8#l2z@vhnPtrS0?6XK2K<=6h!Ef$lE6xn#QI|E zUQ0Rs`kGGV3$kNxx*!eHo&XtQ_${`lP-vmrM224@1+^|KAlZ@gY>~KN)r9elx=-#F z72-X{%YUNd0R@1HB>*Q@`Hg{l``K~B4)fj%*sfW{mJwEw#>-y7rrrBF!OesDl^)a# z+*EG|@GoB7Hr#qaq`qAom3id7V!johX1m?|;PAu#ynK;;55Dw})QnUI5EA%g3Ehkm z6gRu|Vk$HHSDan%JAp!}f^i-GVKDBUnV9ri8`lDps^=K}K%RDc>E_n^uU|8Eni6n^ z3QXSvRrifhwe?6ouC$B0&KlaH)=M8KST<*Gzurg(ZicSCYLy4vtmLc5GY{Fl@-G(9 zlVrGHri%1c?O8Em^l$YfB$sGNz17jnW_>*8M}db;tn9U~exQiB6MoWK z1Ae8ODP-4{2^_fUn>i4&T3u+Z)*G}o&dD@e>UUg5nC3Oj6#7a=aEkR=m0ZqhW3q1b zGbpyyboi#Z)zxHxHNj&fQL^@1+GZ}xXEeifp~IrSacMq~2=R#MWnn!g5KuGWER{qM zo%8NkZ}2@TL2FyF2GU64x1i4=Gg1%&0#V6v2ZX18X0DZm25X^{EV8x^{5E zLF*q491UpT?uh+Y1GhVUNuB?OAAQKS6)J`%f&(}~62=*bab8Io_O)1m3`O)oJ&ow# zVD@>(O^-L@TA|cB7J%*LF`2$Z$>ZYg+r*{u0rQ~D0;Otb_3Ut=bY;v}KZ7YS=WV{0 zSCP;lU$%b9f4!%DDHu@GSUg5QZ%s*rntlV4#7m}uV4o$yKBt4kDt~KDHSDC*LcT9| zfnhB+*%jrIID5^YXM!mwoz*Br>vtPa%R2H6a|=9<4-5SXcL&5l7flMrOP-+a&qYrt z{|ob45yibMe`6^%FT8j#tWast(-f?Pp#`c0{yCzkGbpJz?||;GJ>iE;;WUSR1h2x2 zrb4tDNZ^9gr0Gm;!YMXhjJNz=3h+ea>JCc@J@JwdX)|Dr=OTbj$H#7>&8MD^*^P|M z%3HS9Co89{4H$I!0KoCT-GUDweh_HmoHfAjlKL8y5h7l#@jibIJHzmJh$uf464>sP zv5shvAwE1Ck9vg$j=Oo|!z`EsXahDt3^nx!Zv-Dy<4dDP0qlFZ6l7LzFspb{NP+*r zB%uD6r;g##DY}t?x|Y__7rmoH`^By)$}JK3)nK{`F~4EQ zwO_7zP0AvlfNU(5$F;gMWIXD#(KAx8L2~)yUFD?9li$a{}K~0gQ;i7e~l)lmV;&K z3cQlI>T8soeh>H5OVaP81*&}E75zMpswZM8;djnc9MbprG{P|~ArG)T+Y*F=608H;(6&^s2n9uPMxN0m#L3-#B|<&UNWU zZRVhio50>D*x!SPZb-eu@|fJp-Hsm1eTgc(v$+@`*P_6;s>!Fg%$8*qKHFjzuKkqa zvg&xGj|BJ-(#PnLn3Z#pR?7lxg&=r|+`1YiQ`g-Khqnk3*AVh&&Jbd{`!t5=r_HGa zs*G$2&22l~BXJUgq4MXCK3YutU;c!1B;2>3#l4zG0H`%O30)L4Ty8>@5;Pmcr1ZSV>JxAz zXy&%-E&0_fy^&J$ZyD9-(x9(@0P`$^p*NlOilFgyg9f!#4N{KV1T#X9yg#w5|h%YI`sW)vK>73iY*z zxBZ#ZQiY0~YtqW=u$g0%yof9GO0oquM<>bNQ36cO(a_{qKr<6#y_0<%#FaQA?l8@j zs&DW@rdL0S5h;{4-|cROaPn@Ei_PB`pJl9Ud6!&M^+IpWq;ZCM@5K|2kp8U~EI@6( z*L&_eh#8&PYC4q2lV;9+@#!N2Qg;;&Dd+*uty(wXK8yuB>7-=N{4hqchD=bh3y|FP z(NL!VAJr|h8xfnEPuEYGF#0)|*=P!GE8D)-`83Pam2Powk>npuyU%4(?W#wVkz9H& z*fcC|6VUD*E{%a8h-ot$F7~)8bTDJ^;aE?~v^NZB2Oho8!d(Y}Pxjb0wFOx44#+gc zFQj4sOHj@ho$Xz(ZK-`ujS-xU2^bIj!7 zTY@2buEc6<4L2n<%?UZ{a~`tdPTy5S3u464!_F-_)axy-OZ**7CF;DDn<^-B-c+FE zH{!yh;p+mx0j8nFoJJ>$;fUnk-Bgq!$05O_uoZW4pr&k*jChN;;Pp<-uc_yYtcU=C zPtq&MY-vQI*Ytzg);4GnFZ&w2s-m^JH&Y_$m?Np3eJ zpZ~(+W1`+>t((Nw6IbSHm7JNV%ei={&2VxG0TEfYW2aOEzFf(`S?9l4H+T5n?bl?98Q}T9QQD-()hc=Coc2End30vd=~Z~j4|1{k z8Blbmrxm92cefbuckVB0gBw~+_HMVmc>f*a&18j=SMsBl?MI~n}}CmipA)M zPH3f(7gYoYBxyFUmo~j=PNhQh$T*dsAZ6u6$1*QYRqE^-^nzoL&j!E_yYjS6{$K-i z>2G}(X9(DSr^!jx9S|~N(Kp`)bg)?9H_hnSw673UAyiH0JCi9!D_sL)OA${GDyh8i zA%MOq_nL|Hrl+0dVLKI=xseSQxiZrTxy3Gzddax1|9Yp&7_8j-W>e=z_65b*Yf0w_ zc71+=|8@9qUp8G0Uasi zW!%s5KEboF{BIOMuEm6G{7P<2Yq zl)7mG9|NB@eOV~5=Q+vDQxlU05lHJ-osW3)CXkfe+wO}_rfx6M-_sji!2R^(WLJL_ zZBV{*PRsW!lDKYI#f}L0GCsh*NYy938e(}+MQAU1QXm02%x8F=dbtiakae}?^F?Im z3bQ{PQ4EZ(ws0x*rG$3*e`1O9bQJwe2mMBZrs*jlLT`IV8E~kxaHGfg&h{@=Z2XdK z8PI75LV`3CMsmBcYH0#mM8c(k9AV7IUtcq0OnpuCzmrfsPL8oDV00h?`Qi^4X$+pJ z21B`EchS*mB971C7-GVFttauQ^KIv?x(f)iqqt!mq6l(jIGCNi1J|XYDOaDumZsw8 zk-CQlQbNVRMJ`NKR@er?l;8$bc%TwSxLAx|_zO*5f_z~_+lG^0+fJG->5x!v)}lW7 z-`gZmV~x-O)AFI&*C1E}%zEs*)LG{KE4JL3u#`M|pT6b7!6^_TB~GsV$7&W;d}DL|O&=kMepsi)i)nj(kNb$U|u^Tsg^A-B1k_@0Qtk@P?M7x*&#C+NDVC1QkW-}J-agfU@$O>`_f-mRuDm> z;bFE(Bt88_7%-k5{bZwT>DB*mFYiudknijx7fJHv0^lv0@oi~zH1M5?p(5NVDzZeQ z)DrZOI3U5b`8pl1?F^bD2dp*TfU>#UQvUTp*!RG}s9@47s zA!5OO841Qy*!pIsILJ*A{j3dNuNuEip3eV1`8kun51jyl#q&(Nj^5)ck50b)N+obs zU-t!kd0?H(m%&%Js#%Q40ks=?ZQj!W(y-HN1%|-D4H^KCYs<avpUa zu#ZW5H~5g~`GP*IqkFX!7A0jLuk`?$HFjR$hmU|C0x0)G z%3|c-rd$3YEgV#+_A)_(;Q}8N{k07bJOB=H)uc-(>gsC zB>EW>+D0mHI(_S+j{n8z3l72OhH?REioAva8J+@)W`f4gA5KhEaU_p<6D?C6D^}XdOV#|0JwRiM{zpUh;oijtN*!16c0-K0y_w zM|ZeMXfQm}1X@(!8YXS%8BPz$jLaJg#|H>c&rR&X2#y57jsFSDb1LY&5?@fynCN&A z9IlXqN8qF`XOft2$7P?tk%)l&YIs{zbSeAO68n4xh1Nn?YlsT=c5BRKV^6Q*7d$A?ln5={V&e~I@ugMRp?Ct z*Y}}I+ZVT{QhdR^6(G+7L<#S$_}E=?^!8sPSzsz~Y^&%-cJy0!0j^j!X&O>EVDZ8R zc~;4TnhKd`ak*jE7+I9syX-8XH?#%Hr_evj=j)-dOf#@(nGrlnQipoNN#9^lvtPiW zS=O^=@td5cPko-7zRX*+ZUpoxNLtT{pc#YP9=Z&+;Rd<_mXRf*MDd&Qq`+wfMazI5 zT3$P6QC*ht){ToRC^1Zs>Hi5(Z~_)PNmg=b>x*z2f2tDe-*^b#gf@kt=r-j{>w0j< z%vj;+nQI-GZlAw>I83H__ibsxxR&kdCJ#enyRzBDy*{W8uB8qf#<+0rB!$uwu0rSi zf!i+Q@Xa56>~;Q2b)jQ+U`Gwsf%(Zn@xg&cKO`FcT5Z@HA?F9k5m(8Nuc)sa~=dyk#rcxgMw5X&>i&&Ud9Q*{?dW!Wn_N%Dl9$k7g6n`DOm!*fPwstfeeWUrR~nKQT_ql7TqJF}g4Qnr)uUH}oR zD)V`CC9-L8Th2)2NT0PuZe&?GvZS~$ruva#K>c|))A1{(d-@fkq6HewKC_e$AKHZZ z%EW{eZ0TF&F=lGP7`?6)7BdikP{r)szsFF*p``-kapzDdsY0WzP^9bl)P)64<@ zDA>|8An$sjEsKIM0tZHefxPQjouCO#1OTWMVE@()10-@Jf|vfvx6h%o^=E%*)7H?S zQm}pdnmi$t>ufDI4IUF0)Ha+!Lsf#gb_-;TyQGL=%KhkAsU)mQlzIweLHT?gPIT^` z*L-1#o<@?J6Sjm6>H)+5SQb1_4IDX%ta>@j?~f;~)!F7hp4j{@^fg%732;0~0foNM zX?*jq(uuT}o^zPhyLsAyBtRWq|32B>%&tTi1sGW2Mj|aRCk4@j!UiL>;^NR?+)wv9 zOdBJ+ps~g{<3BriD++LIJsaC|vqHnjyDG?vq>pmgu z0t)nk3swCy7*3C}aEx;qZbqYLWA6(XYQ#jA94KlGZ=tZ;+@nsj;SJ;DJ6$CZ4}nlE z5BT*~EZG(97r2}yvuZOQ*<1Zbs0xEaH4^|wR^u7%LLE;bi~py2mFNp>13Y!G(<9C;JKp>6<&{=KQ|;qkrP zJf&|dyAQp8lThTR#I=YPUx)!?BA0d)Bt_+9k$!JxPoyg+L|{+GC{P}f8b!~?*ga!h*0OKN#O z1-Q3OrhsPI1P2&xm{2pQ1wD=U+|1dnoGQ}AktfJ$#Ri0e3nAmUJOjG7--^&s$#P55 zk)Mq8v*4;J0q`aU^N1{9xS;DDD2PYuccicu@R{90*i-?OH1R1Q&Y!(8mJ0>LXFrnEe% zsgd@5!3C{W8cxk~g(vJvuhn442L57z;K}q-9%QZogE!sk-+|uWMKlH@vI|DqEG$x| zw5X`p-)K=TSY5f|CLUH>2Gkbqtl`0s7PmKtA4N_S zu%bwl{lITmc>N6>efc2&sB@u<`JW;1I=jfm3FtHhiw2>x8tG>Vn82QtG_gs;f%i!x zm>a&o&$C7%)6Yq;SgFx99p8>o4~x~N0FLLT8n|3kRCAuEaursd`hO z{`ou;Zqv=K2j&ioCMPrnxQzqY=7h9-xboaX&Q2=nblFHp3jp>~0FGt?9PRFZIhqyq zeyIifmYupO6&1K9Y$*5t-BJR8|H1upoDXXA?qGUS9885RfLe>o0)720qwiYux4LIM z007&Z*02p`xH?4{vOVD#^)@7@E10FqRh}q znF@z8;_`JeBW={b;Za&tB*T=6U;|m#VAuZPan>z|Sr;_FDl473b;{hJ`)EJ?_7m_S z%{j#q$f|w;m6mJ#;@MLI6m+LPkzE%WS}a&bG|3umTExqckxLBIJWPSy8o^E%Xl zE@WwYmSlmkK1>7_D9j7smpH};(B;wPtgy)fQtxbF2~zLpogfP^ssh`|dl>@{NU0wl zA&ISy(=JN`d=Lt9yb8KY+Q5MSUlqzq76=1~BJL8y8qGxrjEN5n(;d|36UXVV?VdcI{&ji4QK%sQa(_Jg?W&q+}xK!`!msQ zuFBnKdVS>rw{3Iei9LOso903gVF zCIJ%vcC@iNIc0EP3F;#)a3$pZn*Wzi$OEQg0C=qbFB2z6qgU7p5d@=icB#s>8*EMd&-`vdq-3@aewrL#VX_`(Jcevs?9`_bk-gv(N zhX=-AV$}5JfIIKX&y(jYHwwaRqz3`-e3RM!UVPhLnl%piZXjouBZjAqh2bW_dZ`8E z1ww#FGjhy79!7$gbc0pN^y$8fo6Et414=OZ++#m8K!A)_Ptq%ORE6?PWC|Ku?ZY8d4n_RfW5k3cs;>M@OI;}{o@Y7305y_XBf(^le zh&TNsbTCx@%i|Y-f_cMJhR-NFy>MJhBLmlFfb3?q zHT5z~-GElC%tfeb?I9&-n} zo97-#we{hDkW_YH3sQl@^G@?^mg?~$b|6sn_U=NvkL#J1W>`+BUu((&2KEDbXf?XJ zNQosx9pq+s{R0cQT4zxxpb=mzQg}cMe&hb~S*ms*>pU*mnD3&Y2Qs|DY_Yh8gCCNr z)U!3nj1=N4L6R{u%mmp8c~3w_8;q5b1fSj~ZFIYaxar`>VEX^p4D$wn z>&U=CN)i*>F8UGPR05G)c=`x9l;%@X=0h8PJI<@M+=mm2d7Zjg%OfN9RYHv-pC;(W zGwvm4_-$Nn&pnO^A8(@Zsd^VGi;9Wg@g!7;pZi-S24NVzJD<(B?4E6X@RCq4J_^{u zJ__h$dDaGnN}M$-zz#q6f7p7Z%*o?FS9uJQ-Z8rwA3Zwp7Zn0Er<_StOhAnKeWmZl zG+;XA9$=H{8iWYT1{xnB&yf9B@35VWo&ivXQ8x3(I6go79;xH8laDC*I9<`|8K2VC zsJvQk+Pz1fS0Z$K(r2#tcdN(?kRKkOd)9-DJJ^bFwB-P;_bONUZv_+)lOVd+_78PJ z8e?&k7Yu)o5l#-(Tnrc=BkYh1o{pZ$T zNq`*oyAeMODB8i`Osq4gMyn}WR_J1SP+TEQC%PZhPwH9ag1;bybV%|<8y=-Uz2p}pn4rR-gkpXN7W8sf8@T| zP#RY3jWrnkl{_%fK6$TKMV5Bpfjeg`h743+j^gIszIdP5d0V{qsvs5l{|h*NgG{GN zir7mWEusjG<2z~YI+M;M{U2p-0TpEzt&byulqd{k(H$~?N=UabASEdv0cze`L6q3xWe}RkGOGcr5(yr zALlVCoOf^PsVRWDx>z}GdVa{;NuNl?}eS6wpkA~%g-Ic(n||JJZ9aC4vut@Kr#3vtXoG|3+*TKTEIW9 zFgjAf;(EBrGJw4W%u8zXz*0tX5hWu7QE!VB5v)d=R&+djQ?siP<94<=4n6Qf#V3`oy+atmAkO!)Ku0e+i z*Xi6H1{`F#IRCc8M=#`ReG=35>Np1HO7QD{B+3sNelyC=?u^CDpH?PUxO;Qx|J@4! z;HoEP%zKske;tKMutfHxC}FMb@VWvUA5^neC?6z<&MS1iMyqPSPrXw2zviA9pt?ZK zjJixDx?FMPDHs}QO^d~lKJ-IhK?Mjv7qWQIf(R_z%dLH4AXV~M68V|Z9ugR50km{~ zZ>YgM*Q?O_+Lz}3Ut5QOHnm%+@)vye$GtRohEwq7;KVPoT-*qkozVmVG)irtyrws(WkYDdFi8NzCopX*o<{%mXwdJMRVpt2w}} zoiJIjej&Lo1N6riIs>0Cwd+*wUK%|eBa^xUD756~Pi#Qc z+{Ojs1=@K77SWsj>EO2X3cl5mq#3>k^UU4MriurHE2nH5&j9t6%Hew2IO-p5xJSKQ zQaE3Ul6e~GM>39CPrR)>9|PcYeM6;!G0$GL&pWa+L{KLD2m50oL+R$E!P3|EM7uXh z)x$5Ye+E!NRx521^2BF957^37!Bf?Apg^9rd5mmfZ7?5Mg-Yr-XGN{=NK#Ia0Axjr@rV>T-3w&-*Q!U%t^@KeN&H> zp4Nkxgm{%@-GZr^u?$J^JYFc)a#A)3H9ZNr&lw)}@ElcWMHTt!%nEj}cxmjFbJsk` z?&;I?229n@{k^e3F){O$VX}XidHLg;U>WrBWUi`u!?nGxEZ)yso5JQ~=OOHCSeD^` z&9sKEVvhm`ErC;MKY_-)V_j7oT$PGxi#zVKbEFXe<(P1^Y!rU@U2|bRk+Ta)WJ`jWzQx@QgrX` zZ#XvQ)VB%i@xWV>!1Ah@T3=t|R9K@t>lVnH2HoHf1<(t#J z-SG%}V;$|0VF!WwUO{`JuG!27bVm?@uH(gQTUXm8G3^IGG`{A416#bEd)DIEA4lLZ z7M+BSPKAbE1f>0{p*t`|&ODu*kLJ!A6Ij*OhNK?y^2Po!$Y5Wny^06E1NPzVTLfrc zSyUYK*$gtgXOkJ$QdmCrR>zc?PyB(E3zR;&|@@0R`c)S(F3dc;w72o(7@hR};|<9e||UWCyC?nW23$Y^;LHX0-|Q{A2&s&#RML|x^=$BJ0y|z zso|Wx6Hf^>BYkfI56K5iekiR0mfu?>O;RhA0vw=&UDh$vJf*9!xGbY7`w<6Tx5yDf zKHu>x!)XbTcxW@u4y!GE{0DV=r8we<7Y|NQo>WN5mvI8v z{IYeqd8R~oaCX1ljvx#`hF%Y-zfVw(9H@L}&01j?N^z+Jajyebo!s^i=)?HtS}_T{ z-k;XQ#cB+Yj2|a2OuT<0@Z`?R(!$R-6GOvpLi3tT$Xz7zs=)KIb7p2l7<1C6by??fuhU6Spy)8g&k|^) zvg=L)S2gZ!Rr&AcMn*BJcR%PXbDG5-zh&x>f})-nfQx=H282g7oNBKw_@E~{)lK7e z-wJ+NbW^nO43vJk{a-}crFS3n^$Ep2O1=C3iN+{V8vZ9yniC)xne9RbPcN#Ios54p z!L76gx;x+GB$khxiSdE4-z_&M{fVw5v{^Ea6PUzY=>;x53rxDPU;<6_`k->}H5iQM zXU&tiz@Xh+1@=arwp*GJrvbL!7C0s$pkE5U=`Dcs%o{KYfH+Og31X3+?+vmRSo zC;Pg-5uSZVfvX?2TU8#+Do^=Gy$rvY;ee@(w{F;291|sZ1K;1mfyo!Y>b?tyFO~2K z4|w~$v?~XXaWDN`i(C7E4L6rlyam`og2;2X=`OjC{^hld?yT;&=G2d|$bSBXHE8Hc z3RFDs$7-)SX8gmn_G+J6Tk6Tb zNPf9>4OO%9R1Y{|<}o_LV9_X8mn&xd+mg59yQ%Lc4tm}>{%SGjDSYlAtD_(+m0STH z^X*y49Y`0du7G(woG`WfL(xHzf_(#dxfqu+yuzzGZ(GGyzO9|IvahbPitjY57yaBD z>7*TG5qyaW+zBswJ#hi-LlaR;_%9Vfts43LO18wF(-@DS0`VcYW^)w>`5B3lXIEuo zsJWwgZDLC_u1rlLN_3JfT#JFTJ#s$fUE8B6_^1`U)_rbl;^P_ofh_ir{G6C>cPm(RFGp&->Vz3U} zpGFh>J$p2a{kTusaqWC>IkKrdc+7VIRpX_2pwktKt~Kw~r*}{DfqSuvkuQh&>jt)! z=iODdIZs+TOwm?8h31MQNcf^2;Gn)Lh}$c^Nkex_tv0eOPsYVUT$lXlj@Ln_wk4TU zQ}0{$Kz=VFR<&n~_{{?&N6e=i7j%n~#wGQzy&-MJ?fWL1Nks%6M&kJL*GS8cA%PeY z-i}Ce$U^Q#iXH{O%ap1M8~m0y9lT=ei$TFFx+JvTMPqdBWB~W#3hKr)8v#D!g{gk} z<4&*qG~pUlw~w7n)Yc<@IhXlxOKF_O@}N6Sjbwp!XR%;e}TsweqvvA%Xpnv^78^ARe7 zYK-Hip$_Yn!LIVoF1}-NtQ+Oo#W_6rA-3PnY(Lv$bm}IBjvD%V`cFO8?*(l%c&_~t z3PqKu6{9_QYC?UXR%hLX@rpt08 z@eo>-wE2-1a{D!)py+m%(SAHzORK}8;Ci;lTIX*&U3g&xo#Qi`?}&>(*dF7j-kVc@ zuv^HCS|4IfbiTk$yK2}2$b=mwW}nq_L6 z5@eG;g_Z2rX^xQMRH(_DbiX$Z)g}KSGi`m)qzHHkD6*4UN4>y+IqQ z28_B+f#BG8MvxLD@;cFx93em~Hj?!+ zO@r+pJ^e!1y6xELEudb_lllaIc4Jv03ZsqnTV>B7c}mXx^NRb#oiq+U)zeP>mzK37Yh{m@KqYMHo`5jMPG!T+ZyfbvQ239;4Qr8jGaO_cBP zFxA7xT9`D>+qtWBus1mEEX!oZj(_Ie)tq=R)DUqbD-h{|NsR>6t5-y<9v{5h}8C2k=sb5Uj|k1eKa4;}j7MOCH%jbLLt5P$5(mZ}GZ>-fIu#w|*P553W7{}8^h z@++dE|0;!N;Ih34s=w3Al*&uLSO1-ndXRMhnm`m%$mx4As_%Xc&NAroT(Z4`5d%8n zLBD2W4fwSk9-!PP;7AgFe=4;ZymI0jk=U=iE1HjocNh4Gk{nv1qmtWhq1`{w8qG+s zs*MkS{0EtQ-wLaQPu2<=p?h|eMis;9pH;ClDvlBpNMl{ ze!E^%=E-mIY&AzHs*b^~TxMS@d?5cN={I3V#soRX7A#Varyaa-tA z2biL;oh~dj@;iq$#w9l)bbznR$Qx%VnKFn-0ohuMRmz}z11M6w5 zVd@b367Riz#!A)S^fNBnJ%=)JMPIjB4@~18DO8xaf6Z~2Qm~OJ{@Q+_sef6WHd=WL z=4iD}s&&r_dh0al*7bm?TyQqeSMJ*G;ek|EWBaSSUgG}cY83Q-&nZ8jZIxMWx+ao0 zmihr@sUM_?&u?FoQHBkvQKq|A(JXG!ZfqE&bNmd-Z86qla2S+#9-Vr2Z_ z!l~nKYFB zj(fNN8hjJFm-PLJq+7_aHyP~-8l&`^*ME@^^tyQ4k?Zc1eMtDI6Z|)Y9JpkWln6KhEPCG`s@V@zUUXNy|6Bs$;XWn?&s;mm{X5NE8;_a zJ&?fy>qiV_G;0(uv|9!gL`)GF1?uQ(jnZ4NEf?d|$yvkTiOdM)Y53h_*mwf`wkp#r zLm|QPSm@=);&HpFScqmA7zuuTB@%jmt~?*}2Hfp=@HXTn)zUlOZwQ_2tgIgu@@TrVcdR@ET@Q)nmfLjmdT8_Yzg(kY6E14{ ztkPWfk7-pbdEbVS%B^X~M$ESVqRg|x`|x-rqZKk9u^a5G#{zTlgHM@_%(H`UMX$Hq z&fYtkbmP}zuD#12XRjK>BI9YYU(9#@PQ`zh^)c`JYqClsErRi;`(4?Zaa-h+6$hry zcs?eSW;@L48KHZi6C}q#1$;Rk&iSPnO2=SfP*N&GDVVa zMTU=!ong(@noDiOJ?0HN!t3QltuURJv?F7mci7rGNjQJNkLyP=(Q&wcur^a)dQY7H z1ab%EOL|cV_gr@s|8Ii_a8L#f{&<;jiz&V%CuSc6VJ3{46y$y>JB2;<-eoUric}Ov zY8&_oqFek`>G3PlXpdQ32{hL5}?6|{>XfKkkEmEhBOY)=9AUzo&jJ5)=?pNqJQ@y&I0Lwd!q)4e<8%R%lllJ)VK7x8|o4LTmeq@`GjP8kCi1 z^+ncE8zpVvR7{O|w-ALrHe4X-_jSHd^4llX*>uNgGZit`RMD~K-!m$*Zp}tpbC6Eb zJ@t&WE=ZFO+otk#&95gtSB$k73;jld_y0Ni*x+EY6QQpa!P8q?YOHD!ju zm{Y^Xv+HW)eQ_*qm79f|=6Wkw=5xP8|4xikdtFip&hkw#_Sb6MtjYi1I}-**-XrFx z-})=r6kzFzE)OxwS#L#=y2uDO=EBSuI$o{3v`WR)jb|-_QST}{u;&tl8ia2RTueky z!{4#o--C_&#SMDD<4?^RUMVp8`F2E=GPPhRO8j9%!4tIPhbT8>kno9AM$>W7Y(R{e zK3~}r*}%G1AgS384X*mNda~b)DL%SH=5Cq{>puOUhF6zH8C=h`Fp3xb#c1N&hMC)T zV>8>W=+UKI@^5d@~(G6Dd7z(ZELN_K^GO?!1sJMpUvEjotLkwacxh z3E1@O8gEl8JuLx-gFRt-js-Sh0Z&mxdWfJ6O68bxFa&&+)aHmkhvuv^Lgi`lxYono z*1A|vv7hY+*F^kg_3G${Ndg;2VEW7A(p-Y?0(JXne-7G_`(d1K@<;SW`AQhBUXn|# zB^@`8mwb%yr&mq3>c8JRf)qoU@4tKLp=(XjbFdk~v)ZZX3|OZaDg&w`&^mSpo4J>K zA)9_9>;@rFZo&t6Rp#g%+bbt%3=2h>1q*&uozzbb{J$@r8fn|UHWbu$41}kJymslT zVy}dCjc)^VdkM{(1%;HveCWDjOcn!G%x#ff1RjBo;38&1(iNKS`6`gR%mZoqJBD5` zfD6Tq{tAJj{jncQ@YQQ?gdLJ7MT2~dj#Mdr)8(grNfr!#crex=(q4r~WL^y`rZcR) z4BAuQfpux{vcOtkDP5a;A8e&$=QIe^{)roILaYDz-Ph|AaK2ATHxb9TPp}8F6A?*4fe&a{PPLS2Sm}}T z#h`bmzM2`U5a(5p5?KXfKx^=Xr!Kr z-C3-nG1Qk~*6(zma)lqY#v^;^FT*^-4#zKETtUHcWm8H(YW)_5>b0_SVbn+{jc1f8 zWjM*!1^r6dklk%25&ur2ct~#m&RvB>5*176T9ekpKmn)C`t8r6L7u0QdNIx6%&CVs z5t{25?M$j+S?{`RSiOiH zXFba&;Kg72mia$MyJ6km+u&$E2=4Dk>ee=e!?4RFqUjTAH8z({_UUQBd;3cj*~QrP z-za%Dl}VFfHEi?X>;nz6yD`vUIN;XtkqUuui2#PJFuVNr;UKdY$MsAm;i8C0{3p+^ zX@nfnE=bBW&h1$a>@sMvfSSH|zACyDi+!((e*P(KMC$0pbd5xzQ9vC?W0jtUJ$RK> zMZoJJxXe8To-ZzH9Ixf~Z6sH;r6;G=pdc(lQ_M&AZ{qSlYxoU)N4saev^B-8q>24iZ(Zg5+eZc2GKS zcJPz=8$}4wtl9+B$t9~BcndG4f?NV$eUa4HR@0|)u0D)4QPi3;vqMgne5pK||Nc+j z>VH>Vk$2dLOMY3LTppGAg2&93D->`vIWfNCQHb-latfF|xCLBfN*(Qlfk$^~AR66s z7rb_YZtQYpV4?mBwUtI=o5YEGP33^nt-~<#K_fy3nXpNgv#=`MomDbd<~_0r^Xa%(E zt`V#6p0hk=9$;^76H)ATxF9!hn;pUWl?Po_`ae(n#=aXqTdiPfgpb{$$Y3S zNnI$W9%wqWgS!tl3h-+v#-EFD5L5aTeT0MP(^~XMMs_X9X2#C+G%MJ|X4d~MxPL%N zgcn13oI4}pSe~hD%(+}Y3?XFSpO@|t3d62cmfWOI0q-H{X*j@pFeq9EhT$f@9EP4y z+s~8&J#nFSv(j0}N;ydtD}hI4%$FHkz6f>;991Usf#M+<`?p(d{ZjC1-vsO}dV zMGbFLDyeJC9J%IXx{uyVo+fCF(d#5b@>nI8GT9)<$vRKwwYcU80SjvSyzw{Bzuh_p z{abP%k|ctirsH;xygGw9eHW66_*tEW_%$XWt%96}M<9YFq1k>2$ok7o+Tex=j!x{0 zEDWgM3OJD&3F3^#t{;tq1ymvu*N!0k2!K|J;nmsYlaW#Z+#l^h^mR&Q8E26R8HU~H z2Lls&0=@}~G{WDDW_DOw>mYEK(Uj2L+nj?0*M|Li%GsCIq9V1Vvihp$m|@=F8JSAp z2!k^6+f)WV=D$WrAm{u6JsY@K+*4ut^+S@5>};Nx3D0?xLi*_ar?{k_RqegIw824prC1`CTO6hvsSoEM1MwTXP$Cf zGEo-7|Ct@h-x15d(X&NXuP?aiYrVa?5yMFtd{#wc5N7L3SyK0OBVYG-0Kf2(K}ZvR zW-frn+fEUCjfn|q`9hVA=U~8C=E2Sn2VyGO3k9(Ypt}eo3U*@DB$5IMdd0xC)yiaE zFuFF?>gEX;?oKN{Xgsu|eL~$Eib$_1Fl|4+y z&|}*VBlzBePZ;fV3A(Shxz)jl&H*lf$|9PnDM}8`mgo=ni-8+9b~^;*m{6h@A*7lm z_E-Zbf-qCxUz19>kpg|GD3J)10(`fH&E5y);lPoG%2r2}2jF8-# z9hLmohT!#{_G2D|^=zkYVyJk5XFF+r!8kOeQ6Ma!j*hGk_5veq?Sl2w2$;}Y(+4`g z)FEviPS?P`wABH{Z{7fW()$ zAIHV2Ok-;pq{FsIBT|CRe z{eMO7Zj6Lj3Y`WCx)q(4cFM|Zy3GY&-G~;ROkKNx2)GpyeCZ$EAalJ`rluO;BP)VA zp?Az`kz@G^s`3cpb;?6ZRSdlN6{#x#xrmQ3`7Xp zVuEHp(D|{Bjtw#akIMV#Y^dP_{bFuCJr2uZ=l6vgzz9M><4Q|3X9jz)jtMf?!};EC z?Gvy?H7fwg_SDx&zA}}W3cfg%sr6?bf&G#Fj^d*K@+FeY_z{uZZC7gITGqW7Xv;h| z(j|*r8qkF+Ya*MIDcr|5U_S2e>eZuwLob)E>%k+KNQGmOjm35oRTdu-Zl zg^&KVr2;O?>-XLxlU}bjaE>m{hYIEW%o$_n3t&;0(FOn(aK$uT*Pk~J#yNSvcSb)) zE{UM$+k^PKM&!^Losd}=HKsj-o~k@rmoLS?@h~EJpk4#;n6QpXY1yEp9R?1KKkT$p6 ztqIt^OIh3cRCc}Gw+MkD$LO|`0!yPCdiN?TZP&>uEbN^@HHLR|0O# z0G`)0ovRlMm!<~PF~!t+SZB4Q3XUtCJ!A|A(?_;**R>SbuqRFZDg9StzllG-zr7|6 zaN4u1E+QCGs@WKswe1Ud6$o%X$o(A(%;~4$X>0}sc0kf31^nSxiyWcn!`$#E6mT2Y ztU_{>UN%wP%AJKcD2)7Q00WtU)MLaF39$B1wll6q0fwN};93uvXlaslPOturco}Ic z%Ty6k$^-n!CtU1zk_}-0qX+$OPALf2>$71(TIrn^fFFAh`Gh<4AXTCT2{@9K0z2dsSzPeUNMDxw8U=o(l7Kn=YZz~ch_!5^Zf>5;N& z3-})fijL(6G14uaqd@BBz0YX>Wi}24JYHF}9{~e>iBvQx+Xm4xs7xlhzFA}q^iFRS zJkvOoWCqRm(IAz9bZA01=dXwnusDKVjGgq;X+%;74KnQEuXT_Mkd+#}aVf-t=%Uzg zuE1v9lq*m@Y#*^i=9#_wO_{8o%-<Xrh=HDvK;fSC*U5~ z0)94`N{y6VnLIpRx_^odREE_(z9|H2RY2E5q}#^4mCy~7SZyX5COq#@CP`Koa6OqX zm)pBc7j&0l_Xc|q0*K>W3_YaRr^tQ)3lATiP*-`W3-|l-dg;*--ApL4>L1Gg1K0#e zp|@`hn~DJ|3J7 zAPH`Vt_YgFGb0~oI#Lhv+9h1s0%awfIthgDb;kH#8fu>$RmmVuspH(MGCUbPkMuO> zj<%K*Fv)mmt=p+`rP~)wC}_Kn*h6Min$-0n&<9I;?{MklIK39gT#|I{+|9c#OxTb8 zMC!Jtz1*P$m~@@SYUJ$6Wn^}ZyD0$gNRR>)w5%j1AiGTlFw%`yL2~BQO&Jzo3N8}= zJ~0WD=P(xT_!CAbElbF1lm&*twe_6NWuHkvf$#!I&$$80=y59=_dFVS%xNhMoE=9^ zNiPKRZvlJJ>;ASYj>3;CKr-V$6|_@WyjdJhNf98nV&`80rWfaQ9@hJf#bi!h0I#NL z0p*eO$u*Hn_YYRd+?f@iKzfP-mCCL0C^{)wlG6>Q}}L&=gq;eidJrLqMTDP8$Vm zx@kD*&j7{7hVyo&wnvT>+=cH#0^!9Cg2iu1{aV3$=nOaw|4pyM!gm4aHY&~pFpvy4g$MP`0oBOCL_Sd5+n4{Aqg)r=vdxVMMF1ecwgum+Z`e=*uC>sz-=1Lc6sSs1E>IP60q2? zKnX;;?xk2p>6&85{9XqON|9;M!sBb*nL|*%3*eZU;BqqXpLy`TqfxSk0s;Q02M_)) zNrF)y=z{TSv+n%XM%K&*ETq`Q8{T zb6uG89n|X$e#SHW@C&etZiE0^ZvZkqfSR%l(!%%#X-N(UJdP@5u!2be;D z^d5qqqONHHHpo|+iVdf$Np-rIj}JPR)bl@|%*ycEh3NnO_h9VxfJ%?Z<15)5Y;Fq( zYdTYN09HJ|2PgsH+-zR@Ksk5SezT*rNkj;=3-XAW2OMB}gFvxTAbhi-K#tHma2Mi? z9H7PH96+yDnOrYq^>=jH&=1m! z2{uQq0bt560n#H-Q5^U?;k-GDxjk0OZ)_RYD%c=L1!^cr!&m}hGIu3ToYPe@H>Kj4 z19f8?PB>QKeDmsVqYg1Xpc9=|xOx8+<^DHT^Zz7u>;LbekXMQnpmG;&4Fw9zg)QKx zKnWQcEE4StAhlE0$i|l$#b|OUk4KC5yHhdbA=_cQ9w%&XKd_%Q+#*b3A>AIRwPdD4 zT$h|k!bH-1pdf$^LQxj4$2|udS^xrX$&*??K@^Ab;=n;5_;cU2%>y@sDtTl9^`ky~ zOn+6LqIn5WDH6rMb~(Ni6BBsxVfcG2cjfn>gBJ@Y2e95wP2t7*zTe;X zkiXSzY`7A|$!`G%7_`uv7n8;6FkVH*(Vl)^w5@U4dk0*g`d+BhkNF=Vq+df! z4dp5M#`0K6T#>(&0~+h6xu4%#?2@Q_@`9cH8;iQoSD*{5Pd#2$f&U;v%w)Qb!x+GsEqD3>J= zk!%#d!&X09IU$3VDu|A+RfR?}NxPD3aK2w^Fr~TKPPbO;O~QszM-)S)bxcBnDAv6v zX@aizd)p&Fm`*zi?|tChnyMCVSp#kzhVVF;CK|%^UJ3|)d~i{n$gEo^7(4TNJ|2})qyr%1tnT+z3`l)E|t9Z||b zwvrml8d$Z+$39OQ{u$dVN%liJGhRDk(N)e8H*N2}qwDczCfso+Su)roW6YMccb=X# zQZU{$97MEM^`RiC%DyLKyewDc$N11-d`n1XE@kpa-k8YDRiRJD>o~|n#g2`<>VvxK z1kYprs`LD~&ayI#neZs~3)LaK{a@{|`Q`(Y+A#LJkA-6E&OM6qU6y^la^t~e=GKH| zRhyukmK8CYuGov)U)@}5hJ0*p5fa>5`&Cr1%v&wsvp3`Ee`_n=+UYE z{E&M>h^wWHykNFxVEs+5nre={gQ~}B8bnyf0+^WbNF!*geBQAWNKfgPknRnQX*Z4C2<0vys1fGH}~xULn304ey< z`hSAJWB}9iXsq1cHNWzFQ9MP!!-$~-8(^6pdw`u*3QCOLLwV33 zkk@!wjuO01FnekU7CI?{!);X9u>fZ1N=q)NRfyxhApBV3;l7i0i42lhw`;t3e&wJ3 zJZVN}utK5d)!ns63!_EEFH>co!N~92%v1Q*%Ke?>kAz+g5HMVvNa#ntM02t^tGfbk zGRBl+PnTWKl#aZp7>D8Jgy;8ZC&Rn7C%{Q)MS@Q5VWF>Jp+vvB{Rcx?y3JftYfy7X_d9FKgl%oAC_G-daJ=rvR8V%OAGEjCb#rTGACV~T-zM~DKp)Xobh9V zEDW3Mr;Nl?_cQ$BSVeX!bjBZc=oVU67Wu|xoTD(6m0rBhQvJg}`E6eOkt7?+WW02w z)ai6)GM%nTTsqqyLwML2)EIgvD=m>Qob+c~J8m!{^*XzWc~mh7?T*7(=K z8lw?(aqI2M7p9{h6clT#$^=HJ?h6fOyQZ5w20F`QpyR?3$skI9=QP7hju4EMRW`ACY)yy3B>ke@L*X|{f^mtWWmsRi~TWgE$oWirO{5W# z2e9vrbI#NNJ^~WLfx8Hj;rfO@C?XHk_%E8CQGY%kz#oBDNqw()>R!JYuSx@jl#mr^aANE&XVQjNy$sw%CzSDh~ zi4Ub{rM?ZQvH-%LUJ!cnVpQ9|jB4cpK6?$r+a58@dR2jLoPxL2I=KR=S|d-)HN`~Q zD+g9X7%Ihl@4R&M-euLO>Kg(-nS)KM@L^rO@1%2aUd>8soDG0A%@qjCsFzyi_~Y=A z&5fnCm1NC)s%H<;_PRrK-`P;;NyGFbaiZ8ZCt)@XsSB(ciN`z^Dv50b9+)Y2|2}8e zbjK?`U*EtGeBcNk*Y5iwMDc9Uwm-IvJ@W$V^2odck{W*>9Dl|9!^O<^(*Q4}Htr}P zzGT!VdBoA0_Pv8>F`=a;)>m_6uC^z8Rs<3CMced;sf&MtclwEpY~twHb6_kGUm_?O zUpR^aPN|uI2T@!Vs9KNv#Ejq?)D3$m*)9W6J-EbO2K`4s9(nQyO9%=B+5umUq4#of zA#|FDNjDHOqMW@Amg3>hqqrv1R5TblZ}@)v`Qj1NG@+i>zn`c+&^2}Tt3miqm2*s- zGc~du|AqOrTtn#zZ~(dXJ*_xSjw$izRqfGkSQ6~g)!(i@G4455{7Uo2DYSN>rduDw zR#tFlRqnIyYMe^Nr!7!_fh6ly6`oj98X1GZ&I`Clx>#1Ae1pYs?o9Xbj~_EFss$GF zjE&hw9l`cPk@qR~@8P>2xx;iG@5kj%enA9Cvf_6OOM|KN+~!i21`qPDvUk&5l0;Ts z6L^@46-7#mA<_ep$c{%7mb ze+S-_;P-ZU6s+ifBIPc71NB0y|GQM0Q;aJ5L-d2OA-AcoXDdS)W6y+bx||PJ zIbY_w1Zz7lJK&S1%tca%>^G{7RF;Qrtd+s7Qph)%ozK2Fm+p_u=(y{l-ID*Uf&lgy z+@4H{I|CQLd`8iU=dyo=#-c<4-*+K3?!czE4^%W&TKWb=Q`#dHQpaY#boUts`3NAt zPPy%j?vb_OXX7q)D0ju0g!;VOm)&2yNPlX@fMabW4_KbZ(a}kM-SAdTdqLf?SJf*ki5 zKi;ZdZ3xb%$Kl+H+z;Pi&Wuo><5I|VDjrdmi<^9|c`zY$wo%}@dN`nv-fr^duG4gx z!IGBQ#P+?ok-=*wA$Wx-TWv`+9orvTuKQDhU2f2fOLza{;LB>3NG7F8^Ab{B zk0rrJ4Fw|EmQy9bjTw$|)bEo#K(9?+cy>1zNuSyFWQ)#IvsIT`&D=5@D3>m$W<;?z zt9z8IkEHS`jk|PT#Z{QACp32FCCKHy#pri!i6W55-G4(Is$H@2vy=~ zhS6&U3*hj2g$oZGy{!TAcl2o~z^0_Ti-p?XD3TGeBybnJa1YBw*7he>I}A`Adlw^D zUbrnR-5*iWExw@t`dBe!dt_kgCp#y&z1g+>1^G@!B5A=#{Kso?uzVc!2bU+SwTHXn zQ#wCM6s+P?$uLHwIBvX9G)4`En9V?)^3w0Q1}*5c&mEzuIJ4m_gKw#LsK`-SSEj~I zuyMkf9w(B=skIv58uX?5jcRcp8JIakyYp2e**{owww)+)I&1u)otpVTC6C->4Ix!d z;4G-xSAIJ&U3;EAv32o&tsiRPkR7kP_NEHx6tQ|d@shc3%;561`N$l*I(+l4^U>7N z(U<$H4S3xzGPnE7Djs?(KR!74wa!;tW50zwu*$I;XRZov=bsr3UUsh-HO5N^;pFcp z#B!Zlm^ta|^khrE+DA_mZ*w&qSQge6dqKEiw{jv?@%CkZAY;@U!&X;B@$l69gXOJq zPFnZvQrmN}u%ovF(M93e3UE<1qIOIPs_(lSr)1M9`c_VOaX=iBE;Mnt^3{HAehX6L z0ptKo!nT$>ABme3KImh07xu)dePNIXatj2Av;@Lwo9{(-PorR#exu7ULrF~(FR5#JozniJIQ^5z95q4b3%NN>3%j2Z6#Zcz=uRz8X2kv1!WA<5uu_E` zeUo}ZYQqj{6#mp2$E|Nz)n&dtt$K`uAx2FQw#ypn3#B>Z@`WOk9^%y#taB32ui~N9 zi|V&Nxw{9hakpwCv22#~(jLSIYC|Nx^kkYdumk%j!13WV7ZO23FTi(?x2&xEY_hS) zT#|M53AXyXUOZvzb?Rh*^LiWBpvs|*p{xhhu54(X^V$o4*i#UXbL}7B>!>T}rPn03 zk5A0x=GELe4qftoeD>=p)<`U}+zanJEB#+gQ?+$V(|Y=ia#!oH61s;=zEEtKAFG{q zx2~)`Io4Q^o1an^+B}TI1X~ z@?gFiB5)hW@rT1EGMN4SXdk^?d%;4^2q7hk!KtiS-Xnaj`P#2jQH@(MziXgcFHp}6WNOM`s*b)iB4Vd?Pw zrTEZ>7TM3=yK!mhCNvFE?{Yho4o8s_V;!|~-*1twWu&F`+qwx|ZMzcL)XXtn zIl2lv@gHs2W@ef+?l%BIV4rBcF2iB(JhJxWr_|SO+Of-U zoB=VHPq!Puk1elH-UGyf$_yLB6`$w@zmM-7y4~OIQ>$y4n=2&>0!NQ(54IU^Rfyik zb|S=PLe766r-ZLQz^kTH4s<#PMvX^pjuJW=IyDgoCR7XU53Ph2A~Ieg=1CY`xS$vL zn)_!hgZcilH#z6Q)L^p5Hz)z{C$k}zfre8eL8~O;{u9YZ=X(*_TUnEeggxk9%4t@* zcVb&iLz?7uSE93S>eih6F*@58V9O5j=W2(Su9jeN9=kQk8F#Cb)x%~JE2RTt{G$wG z_8E1W_XMGeg)%kdwSxPaW;6MbAHrqAO<1g+4d2QRtd$#pTAb*L$ zw?kD-`SNgKg}p$tII4xh(^slin3Jai_m_NH&krgjZa|gdb01nHh;X=uk5Xl8+`+1D zUb5q16>>g!eV`OPb#-!ez7v4UQ+0eIPrXL~_J-QDzRKj`!|52`?0;-3=xR{PP{0v_ zN6Mc0fq&}57HJ=lL?dhttp6+jK{bQTTOg0F)3`X{&7qV)xa;!j^qAtp^pE6l3za^NIQ*P>0yci z`Hl>Gc$W>etJ&;#JmFug6G*v3mdBh{;Ak6WTK1dg*`+;<)g6@ zX}vYg@})qSH!wNhAG}(kFvGE-%xkmAG?X=@wUzsm+B@=ZnoWo~ghk-VFFRj7Q-`=?LG z(UE#$Qe3s}LhQCbX2)vP#*Xb+;|qziNt}j)k0Gz7Eh)e4Le#jO6oso&tFIg>Yn4yG za`dW6HqBAo7|o^9>7m#0h(AC_!$ zFrx~y^shDIZFpiu2XmXlP>x#0`cTgs+q_eY+ZJQRjZ30@nbvl$U)NQEdtRSqiTM_< zSE-2^SxpxUPWYQ0m50Gt)%`$3L=kIL(iR{6MvwO{q;WcQs?}bA3i9_q4M9D}YI9vU z41YnrqB4#++;JgXMqfv@QQyoLOr%;n$qiz4zw{rcWW zm4BaY`YfgMZ8Q(j7io4U&!8=@mR>WsW?GA4Rc=LIEaDju=+y1=D(;2Qj@k~43mmAc zCBcKOP>aViuVY;`i`z~O84T}2%)nTj?Asl^LvX|)$3e>g&On(ich7^Kz_FhTLsZI= z4sp3dhRwOyO6xl(-qqy|1Sf*OqinK8zlIrwZb_@ps&bQ3U^Ov1x)$n51{|*J;Pq`lH94k_ynwRM2+R)6w2+ z7Hiw}F#HzRrl|L6`BvQ7dgGp}EMF5|*@J5{om6US%w*Y&ioYbfto7RIP%@jvqC^7A zp#|$}ZN$KmMY8!uE5tqoDsu@*ZW%iI{k=1@uZJ-Ub}t9L|1hdI-9Kx) zXETAIE?KOj&iUB1VHc4ky}5oJ!{g9}y{|5dIe1p0HLt%@lEh_%Iyhn4{kT2Js^wB+ zWVA@jUPqJXWVD_Zq;G#w3n+-Y^IQ__CM zzWObC!4r5nZTiqtA-_M6vQymee(4oY;lZ_JMDrW61%KgvBHJmtyWzsoUKTYc(!t8L z%zI1iL)59hx}{Qe_(CMn#My@D%%(PaDXeF%G+j`5aliHSusNM;5OG*fWj+SYv_e98 zTNyTf)Y;bdNQN5^?{t$Vh@{Kak%%PuW^uJ>MbsqA)+5j$X}cMOYx}kfU%( zhySCmoRdivA}*SM;vEVntt*>YV@CyF#NwxjE6_qcABv80(R9bfE8Ceg_HpoW&x&1*RKV>J1V9}0NWd5wuL2~SWDXKxdXXTY*G%9>9w3@2@S&WhE@$Y>m3 zi>f4aDC(}{B`1>eb#IlMtZq*p6U4eShBq!M(==BTesEt*U7Hf{%U!G%{^~bRvZpuK zCiuMLx@`b_Md62%r1s>ecGRM|ADl|@bh^^2+Dn~Nl05VMov)44)%&Kl43TA5kg9tR zw{@poSUcZ$Lj&_))_eo=UZ(R*qJBG}F+;+C|03zfB);_iftY-}k}2PGZavb`Xf$aW zAQ1n%_x1npz5h)A(0Ia($yOqe`RjIjbg+Wo;nMZFb7W_%XOYB6wFmFrnSo17$szIR z*O)g5+_RsFhSP6RruZxB%~?>CJebel-kBVb-5s?6Q!d9+eMQe&B&`^OdZp7<63DXa znzyy_M{8tt2vyrEs?)ne`3h==xdc;`jxO>kIv7!c)F%qiK-q5z@Jv`=D9!5qH^npT74v#VF#x)nvSb_ z$4DOaWK{Ql?ZYv|NB40lI|7AW}>1u?u@J z@?cVGM@5;Y^C;LFYO3jR3u*s)Kg@oW?dow@tjN((0U%kFi_H~k;_hi#6U-XDnMd0p z*G1T>>_pfBHErw$`Gecq>HQRIPWu*uQ|raWJMwaO`>xq9?4LkXM6Xs=(ecP=QNVdq zKl~L?WONp*5`1AUv#=hVx0cPhwoo%n!5oHy;jC`F=+6B> z*AWCLEYjPhO}qi@;qfNFR=#q#c8UZo0Y!?iN#!^id7MDk*hnHSU{h%|08Xy0+~lXk zdEHunaSVE%JK$7KrFD1?DPX67WlhkIuIo=uD_Xu)odC)h978BYZ@HYgTAa*BgJzT7;0{pCypsVMzxoGyY9tR2e(#TmbMD`YmCA)wwdWQu{*XgnQ4BSY4)Z_P z|H2s2Lp9SJzAP1ozBAxY|GYnAy?IWV4V0BsW_}i^a!t)k``bJKW^9V|2bt9bEy1#F z#(?c~&50>h+zp()W6B~z&J_$y-t=2gq-jL!ndWD8s`IL zJ$IIky0c|iY0vwQ75;K!zvuL(9Y^@JxH07!^;fVo!fvP# zP2Q}XPa)Nut(UOkb2%iMO_~XxIVIN7QS-UZk5WjC(c0fRIKZM;rxvXI9X()*`V0fKyugvskj-b*FS_xf&9fy{%2L%a>dGxi#6b@Zkeo#DA z8h0=lKeUgYEy<2y)!k>~korE5vXD?}x4efb+0 zvb(yV7a-eODQ3C+ej73y9+pvS)erHy|jDkg{!rbK%h)TFU%aQS^;J%j^>{}yGaHOK()%GN%VPD z1|AwoGfYy%4L~V6?k|kMJH9;)n$EM=)Kfa=L_jTbCxYmPcn zwe~oO?NlRj`GLjiKyHS!&@Z#K*>glo+dzF=xXA|j+ewKH-rK*|U_;&m^dw~Z^!M^h zFDWrmnsMk)^HkcRZb4H3L!s9sR@;}{793(7sfU8!!y6yY(5B{G>cQ5q_=MPAF zk&g}V%VC#k!g<8$NUDLN@BDALeAIA(KCUN>vXnEVg^J|-3~zNo%kn*|={7i5Pc1_k zS2&NU{t7Lk_pm+XV7Nd)z%2Y5{isQi zu>{D%SQ57rluD}!7YQlfp)%Y?9nU3HXh|jq=#TTQ&cwB?$gI@ZRYU4y7eUNeCx(5h|6Z>$Y!VsRGc(I?GW1OSo< zk5qL?yj(4Ef&nBTcMq!j%MB{|&tE3)thLL#F=@4AW}NKYl}_jLMDJIm8|jLZ71wR%NXKra8Gine=lOeJeMLI5 z9QckvV9EOUYmImwV1eyscwaRgWZ`uA#=1n?{R`4c6c7ka(fLQ*gkBy3r6izfNA5gc+wwbyc}vZ^)r1(By?=rP*i}Efmt7Ulh_Lae=5f2gYGZOh54-=G zyg$#1JXDbnl0{%BH8+n(o<)V@ZeiK+Z=XC5A2z~tofU>woCe4y&fVTUi%ZZ_XQCsn z@!UQR4ba}o2@A@X!V#CI?}O8%K6igKqP>#y*FF0(N2uv-lg8f9dJM2j!`^Rw`^1cM zBK5){Uf|7q{@6wE;*wpU0BCm?j;#WWO#|jj$$a@ed0i-{)*6H&YsE7K8C%Z>hH{5;Us~|6<8mvzKLF- z@SU@29iG)0xTH_!3aOgj<(U5^J<`c)UHKXgp7_!2!sAE2bVF!DTRo`9QTESoc*y-X|5mP}!HfStM!IOC+tnE6Ep1Nxrj z$M>HoID!5Q6v!l3XP~Yfa|$x{HerRzciS^Si51w}V?Qdk#(wz*^4tfH4Vc?7&iL8s z7-H;)?nnu#*e&J8B%GA&(;)?JV6avIGlGGhBD&iwYV+ppcFNsQaVv(}EI81{Clc4p z-sFvDIgZU(NPht^cb+HgvYzA&i@5qu4oH$;XFUfm8iWN_;6|Axg8S-aKptG=w;ADD z+JYhFrCmUrZZuY>^Kwl9Dh?<(qXVbGT4$>fCI>7lVo^-PRp@uKiM4h746*drCU>YNnH15lJ1wnVA4S znTEy1U-jXR`wfwPS%dWCn3CDB>w!%|g=TLfxKP|wbTZF?li+C6weHBxH~Q8;S}E#QL@GtoBqk7f zmIji-eAe*~H~!sg3~v5sj*f6&IMy#hBwj7vol%q%*eS|b4Zn^7T=D?aJMd`&_mBQU zg}KC`U;v6rt;u|jvHPuk;$j3w$!D7uZl=90<$-E46%HRBt38VCW3*;AJ%;XnD#>Gd zxw@XjBPU?8R|VRGi4WaOnnW@Wa5N&Mp^jqW2lS$ii0Lp`juLz%4JRMGj zFNd1Zi5{v~1^y1pjRq?3RJ^>tLWzdb&sD1VLz?vy@nzg5@Y|gJIFkz$=Z=HF9qo$} zwYJq1ayz2w5`hj9Ks65Z3ax2Z1IfJxLuQukq;L_S#4Kw=##(epJRFgHX*Y2LM}{z> znPltY90;%_Src~%nnmI@rEPuND44AM%{bYuK5CD0d%EG~MQDP%GlR*)`0!y0uIKOO zTI}lDX|q6oGbYA==7VM0p#0nN&-oT};}>U=P_s2P_p3;hoG4!}aZgY^uWo0IVzkWr zS&hlYe@ibE+M+!_^785c`@ZCSJajQQ(Z-4xH^6DX;N(1O;q!sUJ4vQMnP+a=V|yur zhB#v=NMaHU(|d^6?_Xg0qrgvekE%w==&vGCL=OsLCx1uD5miHjn?%hyyF#b58wZJG zg}|aJFF((pXH}H2UCOeex@8QQy8HFV-(JjYVBiSQKry0JyvU+|zlMSH`3Y3Ka`lUnVI|}~EmFu4qO$4fJ=uzK;Qe^m=QZ4adO>Y;^t>=L!U4@DLDpkN<<1>O- z&>-T0XTp`j%MelGa)%nB8zm#1;!J#s6R!vtXr777PSPBe!iefc{@19ZTU>vQ>c#uq zp~-R(7C};d6M#9L2c*Db9LX+2{PMOQL!@aUosaGJPCQdwEydF@+S z0#05uvi>l7Y0%H6w3;WtYn&`!GGsePlWh|@ZoLm4dS3`gpCX4MG}Frp-IVn4jWJA7e=wukZo zf^rC;f&?ovb9GDn5FN z29)kMh~Jx=x!%%&C2vU|nC?)%$NJmeC6GCa+&jc7kuwIMl>!?9#_%*%R}AI4!WBh};*}zEQ5*!>)CSS~|Crkob`1Wi*VG z-N%`is;Qxv+mWH!Bh&~V`FMie7tuT%yMXNONzmj=aOmA&&vE(n zN?BD@B$Ls28jGt!hi(Bc%Y_)EMVNU)TOTY#3EVoeZ!a8J{L0*992B2d2*tN`8lnZq^xvVjd8 z|IvkjxBmy(OWm}~i<93^_w&cdOqFHO&@5D?7Mfr5#_zf8*JwpRV|Muv*UAOaP|9`8 z073DmjxMWZMp;*-$%T-@I*BPs-!nB}`SSzt{uSxqD18>SI)6NUfze*7_qPlLv=B+y zqf5w;QQ4x`f+Jr0seFkz?27O!LWyW(p9&kQz3Bw@DoYB2w&JPQK@S1be>Bj-^Djxu zFt6FnSC|BdrRFa}&8?PJCsvbLpL*++I64JR3OkEZ)BAAk$v+*4K);B*1W?eR;nMNJ`&eAy!d=`Q4@4)bvzfcE#CPB0T zJ-*w_c5xN7ooaMxaM#<=GZE^$GAw^WikkqqX6g8|DON30+!vh)+HO%nk*T{$1@03- zkz(uyc4FrdiK6+l1;>4ct%&fZd=EC;8qhmy3N$SYAEjRc5^-e+UvxWFu@mq5cRAA7 zqBUmHWh$Jjqt@HD(FC{Uu{pL!{^tY5<=${Y*@n5AlAs>C)7DKX=jBHZ>D%$A$@&^u zU?WR&yM#3Azrrb(s{P_*Ib3c_AaJoE8oD2TB(QTd>MSZy$!u805;Ioe3j=1u&NKmq zYn=`KnRwj}h9>c=&TF(nz;B^XOkuY!a6k4A@p>{0D;XLX-H3+YDPw=D0C<76tPJYa z(dF%1G6`+y?gLn-Tg+gW)bs||z+`yQzno9TR~2X&GiO%-1V@@S?>@4ZtG>^R+YDe2 z90E81-g)eO0(TWz+@IW4BJBchiY1#lIdCrsd!pz1+Dn~p%8@|n@j%7la_KylqEWIAQM@wI2adcYhNv@8nt;ot~zj8MHh6f&K_C zVLTZG@q#aP`0S7ZXqZk|GeMIkp{g^NTAc0}(ERb@z~1`JC5uTq18oLHA%NdYUYe8( z7Tiux!hlAonbU6~k;T^?Yo?Cd!1c5vwO-G+tZHqUWk-fd7697aO^-^e(%I=ZcW=RM z-kkvv`KeZ2@pPKWK(}fvj*i+48@rz_8(!fH|B^!OrSXZxEOi#)6P?js_+1jbvE_Xn zm{EX1GvoH;LeJkjfY#Qj>pnhVpZM->xlnf3TlSq}7=wNPB3Ce${vYPf-JT4uF$zuk zRsP@J4>+tAY9mHS!kI+4TPm3w7kf?TBcLh8fh@nS!O-;&tE}V?xhGZmUj$h+8ltLI zdwXyBY4c>*7mp9jO19%m93$iD=(A<{v8~Q|au+tYh8B)JI`q4u91he%*cQ$J4|1>T zxTN4#MEUm23rQTf)?n--C5t*1#_GC66@4Wqy1ILN@&4J$=H>)NwFOJ4c4~W-duQ3bIodD6As@=4=KPGtDi7!< z9ZKJ&ANS*`LPGAJT|iVa=Dt6*iQ}_{us_cuhHO5CPJ!d0h+` zKtb8UD3A^GSDKEs&l>;l3QNm#NwM@Al#& z-koMG?st(0DR>`Lz+sI8VoHLKlSEbkYfsn#Qup+ zO4)gD?rnqfTn!=qGjwlxi3IKGM6&5N);@%)X-lh`Wc_*%uSYHxy@!3W4s>x6qo_y$ z!iak&qibyLH;`G#kD2hBROrY8*Kg#WGd`rdF{OFk zQ9pEwFq_S-=||&I52J^iNTzoHcY6};gDm!SJs4O7v4vX zC>GGR6YR`pl!rb3?B0TWqYXl3uYlSuR2@84pv7{aEYrTHE>2b5Cn* zUi@?DV;BE;hMk0KiFzF7IU5Pfe5EaJU&KAeocjc)qZzo(F~+5)ilS+EG`ww@R=d96 zY`8vk;h4VZRPWM+4Jca1Ws)rP;f1-{YE>LNkcWBftM^C=(J_F8(+nDM>=+mS5$Ljn zpmKl=r4@_{ISvuS`7|elEexLokKwcdg4Z-P1zado zZsfOvElrw)va&irqjX^V6TiDEgthRge?;u1YM0P%>>JbFqa!&SGQy=L>Pwj2SQiKO zi1)cIk^*wj5GWWzPv>+8?MZF!$4l-jZ44u~k6(<3fnOdi&MSjS*2C)Toj$Zz54Ya6 zUV@DHylw&XTCE}x1iaI&tDD1*{xH(&(|YZ;+r!%Zs+IAp(w)Wl)#1UqOgO1V&{z;6 z-%!3lle~vq9@eWi9w7RS!HmzvY`FJ%kDqZgam8mRJZzP;TML%Bct~IP;ro!o;_UK8 zP2zqS7U$47u30o0EK7u9BKuyo-nvZjj6hm}T2u_94rDO?a^Ij{z3s7e^3;3W3<;BU zx!FpQ@(<9u9J9Hc*C7$KvuAeO|8@Pu_8TIS3@?!0FDsPl+ceiP+|B1l`_gSx9$ zwe#9Rzu^S_G-53%XIA*}4C~(TZir+4)E{fM-G!8m7q+n62jl*addPx}7}=X)or$Um zo$#vVTy-RkI=7Ox&>XR%9hnEX_g(x4U*k7-CkkTej19kMCHe!)6m+&dP%iB<#JwXJ z8b;a0V14vDf8rKEc_nKCH(ckIxjcSt@F9PIX z1H?IZur;7wg1D)+}=v?8ifbytx+5ANT zt9gUE%2=MFVuw4v#%;3~CD1gHaA=lzV~G2Kz86^emzVORhRjOqq}AmTudz(VMX;77 zs_2w7-J&(cZ{_aW9O|mzuw5HXPlKmU3L?oF7}n+=&mU^p-J438e_%BDJyOSb#T51K zyn;*D(S``*OAB(EQW}D<)5-99*v=?$kdItu(7g>_3+6;@l_w4fQ#Tsa_`K8{p)@J= z;07x?UrTLzAMYA}?j!`_bUowg{(&9CWOTF0boM&P+4X#eEY>g>2OKVDJfcUh|Aq@Z zgzw2^$f18{3E9U}8l@3b-}TP7syHoT$1C0f*vtuzvluAFDSoHjrW3iDIIR6xF|qBB zJx%1aLdI*DPV-uAwVh|wtQL!L)8+8>JUtR3L|i11ET*56x!uWDxzRLyq6|)>FDDz0 z)taC01@pL!LlY#3Q?Mz#=Ac7DKY|zSkLXJr%xGb)iiYh-)S3JHjo3JcO}Rd_bs+99 zd-foUu@95gLhpL=<7Fk+EpQ>+Zy&TTBgcO0bE%@y#-x=|DjCxlndiH^Ytlbm``K=Y zczw)I6iFeKyq(!l@^d!Nq3FAWt;JDqbXn_!@g72XKY|ptU(@~qw*W0!khHoE+4_M7S`UI zC<#*q;d-=C1|!ElzWL$oigYec;gy84%JZ_cz^fsDM20!Ud!t9fZk>8KiB{BUrkQUoPlQ&y01qNhUxB?=_K7Zyd>ob zLO{;?u|1?)lYnkx7kGFSu2H_a8n2e5g{39l zY`&itQzvQ#_7i^9=F?Y;xz_Sk)=~N(5WkDide2DKF0-#ijMhY`P1Fr9$w9Pslfx~S z;|_;k<(K^;#?t}CuEzhlqiirY`iP2(7V(51OKE<&C(`^{e5X_6bf_jqq`#|A;nf|C zpW=39A}*aWS-XjGx#FE+e%`LrCfee_bJ83%JCSG4Y&Nw_JKaRX=dJwRz zwcgvs00l?qgCM%zbCIv5ujq^Kqn+s)_{l-i@BC}9#>=VYl|4fEdupK|D7`S9&Rkv(c!$rYSajOWQC5o%_!9kdYkBO2Os505lQ%do zInX2YTLtXrV9X;0B*TT*F*I>=y;Ewu3~1j4+WG0hY?~5oavsy@5fXYobFe6+2SM?M~V#XriC%V zx<+3)NB#%W^Fy|$cIHYX#Reelf1az(SB3dPWO#_09@!(CC`ly$X>X?FGt^xjYkyL( zE*DecGpnhBV2ZVd>)v{irt~L-|>NLgJ!m6#+3NzCsryTri@Q9o9i#NoA5| z@VYb@6&xuNJR(QXeOYX7It1>SfYgY({0ydx7K$cwb$A-5qdxP)T_Z;Q&#E!o_z24 z7RFvV_sypl+kr!FVVh+^lLP8c!DNaaUx}eE~`^0bzthL4)uf)cb=@)TAaU9#5Oa_7qT1 z`nCht-sJUpyAbU9#Qia-US z#ehLWlE?DBBkdH$z^mdJCIC?$E?43Hx1al8|Cj&$6A>!#lPkn-MjQKH9$&}}8i3n# z(OGbQTxlqiKkg7Vr^;LsAhnJYfC(?v&7Jv-+2ww$-E4b~n8xSn^QU}9X6O423A&Fu za!2P>9n9lt01PkH05D*oFR5hicsnc~wfnrUyDy=Op^NL8M3Rec`L<7S8%&w}61SJ( zKGRa5mq$#5a$Fw6N}*)0rruo7=z1@dpQSl3=Qpf)NzyzwG!FNZ+wUofQ-_*dw;Vr2 zTpjS{E(x|nl#B9KXCfG}58AGEp;#ra_jmJ1@IP)Bl_8_Uz(S|4;@llJtmFe<@a~YAnq@;uRUYNcxnFSha@BUM!PQAR|(A%Am{?g3TPD@bq+y zBwksAzH|*gGy2WPC!ky`iox{syR8U8utCp=0>IE%vlo6o9TwSSX=zxvHI1(K$eJYY z+@C}#YN5_M_aZIht<(aE}vvb8X`e<`{ zmQJM&Yn>&(*nqDEyMvtQ2hI9Q5tRved>)7B{#f%;<09pOibCCtSELbL*_n=$6q%rG zs5hTNKieqE%=aG5x_&F3u~@GqOE<_^wk(wUl?ol5qz)uIc8zKaCbU+lLArS?^1nfG|SS3hjh$W8R_ z2WznQD}dS|{3;`zHV)<_Cre!!-dZc%)jbh;8TKaz)LSN%taM!2ZXM)J)-AvQ%{^-~ ziB-&|7li~?A31FPV6j?F`wB?ekq4uBix{*YioZVFwoxABxW4xloh-RFfzzm79!)|s zTAP_L9-)$te(-ar(`AbKlQ&44!gicrvFFG#xhnneeVZBiMu3kw1}aQMA{bb0g+LiW zlk0TB==hlb?|1w^y#F6K01KKv2addu?Vm6=Z^0P>edgz>Cu}ag_T3esXbgpSg)z0r z4=ffZ2iaonlGd!6lt!0b91L2mK;W*+%qprkGH5(s{8Nh)twUo1w?FsfIGTxW6@DCW?l8~^jBbCsN1dr)31b#!8= z`EAv@@x+%^X{m%t5-&PL4cRiNyWNJV@Sg@(gDAOY@<)t57|ex zVtH~B$m0b+u=x{0O?IE4AWb`RT@l@Ym;Xa;Hu~)<7SJ^z7|i*CDPuup3s-O*u{e9S z1Jk@L?!$IDVJZZmA2B38mEQvqGqRbD>CMt>;V=e;ty@owsciks56iL`Go&tKb3sh<Ve6dL?5&*5iI=eD)YJCJGpS$c z!)edD!}=D!L_96==14+Xu@Zfemiyx!9bj|35A;-$TYdN6SlcgQuh2lHwt94b|IIgk zlrL)uBcqmbAhN^vnAeh69l6!u{X5TS7WH&j?$a1b) zYoVoPkDQX)bpT+fl#{ce6=G|=55hwKhj2Qb{!bX4f>Vj^P0%w+CN8W=HQEgUHIr;$&o#E4TEi53@@K?k6`Di=RJ z=3{>;)rt`aKLbqfj!DFA#}P@!^JWJdm(mcFFyRQhJ{D zT7p(Z$wlMGwnCXhIEg6Nb5*ldY(vB1SaDP16UgqGdEY>9xw^fw-Vg!RaxIi(K0_El zWOo)CJ@_@T*o;Dxj==sm62v!@N)aGJryDEd|7Me)83215Fy66R;z?jKmN1x9Es^1# zulLM|NJF96B@6>dBdk42PUDU79Sy zS#7K&!=POsrBS<=vy+MfO6PMIIXQT3m%)8XehRNAgd(H#{*OYj1?k;3VcfR{k6p5% zm;|l&kAnPZeK%EYag4b{6cp0(V&{!p2RPIJEqs23f(E*w`5QDc@OFSAwuC<7h z)T_>HBI0{|scN}%{3*sMjb$==t!XDMX)M*zbq}Gp!WinMP|zrD|KWPibC3*yX2H&h zj8UJ4&R7!jT#aES!oJamJqu2nFYHy`-{(On9K zr+71<>2mhXRiyJ4o2s!~$&y)*g=ti*R2;UXO4UB@F76JYvmbHy7crcx0Lr5Rmy2d? z#%ndN%%j^#1lt)_7a4?XW(qX?v(M5>Z8k$dK~dYR@d)=||F@30 z92hD?-fsU}oDN7J1^eS{?oCNdY)g(O_R5I^gix72AE_LIv?X-9T}9>id3&V!~!h$kO$?9r|Rg0$jw14|(60Qy7T& z94-<83+sr55~Pc;rcpda0#DM`Y9ct z0o&zR8833-zwXih@l!S{5UwH95gFVsnpl7X%y#9VKxW;}vD*WsBD~U|U2z&!%a3Qn zsQ&QV`D|r-rZc|*v{e82mKP1AfOaS`KXLrD;TcY>SBkx1u3!JlmyEQHEU{gE^Ibu=n%kSOrC5IkIIiLkA-LE0%?@5EP)120DpCHGrzv17py}XpJN)ga&HQYHs6@2^ z1LE?ikBLwuCcjFx`Onyi}ZYp`>9=mQ&_n-w3TJJ`u^}f ztw->ur5dvSH{RtZ%npz}Bt^eR{DT_3KpY9$F?v^EX9!PI@H;$3*f&r{#X%)$I4xNL^Hesz`_q1rqX55px9NZDXq}({ zJ9dT=srAcjuys&Wwo?wppiA$u%OT@w)f*rl4tav**a*r%>&I znbkVQ5}n|+dQ?DZkS?bGcFDEhTUvFy%_0fa^2JDH2{$l_DAKnTo@wi$O6Fr08zVly zTCg6g8{o#ffJNQ5-(7l#`Lkwj?e%)Bc?3ScWVhtBs>9Y`8Lm6E%)x93mqC0r4z-Lb zJwmd;Yxs@Hn)xc}1qiUKC2Tz0`s9YkS#s*3Wfd{L+LF)j_zM; z6LJ@P0;s2vc%XQiDp6(7GoJDZFajgsFz+R}aU?Kdkr(K7XJt706>?N?;g(k)(jo`! zlK*j{2AH4w#!>+6MBtZQkO&4SW>Mc@kVBVEP|Y z@>{@9bA8WDp;M1oKF<#lQ9K{XF`ti?+e9yM9E|(``2OklDiva5B*XV?b4bRz{gmr) z@sbp%PA@2ZFf%;g9+1hC#8Be$XH7I5V5jE#it2F%t0yfPze31E!ohr!_hsF^5A`kVLB5tx+KAy=?B1fsgZKxjRJPqEw6oZIF zAYfY%qXgW(W=}da(&o4ALHVJ~VR5V&R4N*(TJMIh2Vc0*p0`Hy8zu2j_>^eap6dFgw zOPu}>LN?3@x#|yKeh0j3JHt!n7{dmi^vjDX8~2S-vk>fa@?iMo>~Z4{(h-FGw(2Xl zHJUq*F1B$@7&Pn!Kz&W#K}~IUJP*6havclNcCul@^rp8+!Zmh(swOVGlf*Wq{xL2M zv(ef2jdGD>fsx3#}Q@R(=qG z$6U?hc^Av&M6iW?_EEk=*7WEg3OXl%7D%1S%tjBl1$Pe}(Kr4}j__L%`TD|wy?!R^ zk$N$vgR|;(_Lg~{rWb1LQOKo}<*1R)FewDKoR7Sp-9w92X`~_6w7=`!c86jrf%Gs} zR}Bm7c#W}qDusyTvt>>1r*B25G-=O%rsz4KT7$BjK0=~2y3cG`h59nyiMc?zo}5IT zJUJwV6Y`7p$fi#8x>zxUuf1MuD}X55M|nzDgN5<%yf0aegzC8_rxn<<1LS(KRv9_3 z$4y}Q*mIm=;Qe&|V~z6ST87J?rg%U0%XDmE)c~SBL!{92|TVs}SmXW8bST zfSWC*%AM0b(pGAV=l(8h2uqmP=egmPzvpA>{gu_dM*=&F2|Wl!hP|WSAkx2q1olvstHF{;_%LQ0`aF z%#VsFh6OC-DawJzGfFTZQ8sI_{}cXT-dFv*JFH&tUZnr?ZFaZ$>prt@DJ4Pi3~53( zVKneg#c$};D_kAicx5a)ptG&gLSjjT^_vo->PfuxK5qT-!GMmCH~RFLK(Af!wL=rp zN#gsL4Jj=YkP2-ItrnKCedEP&TFb@3iZ^U-af|cuM8a(`P3Xij&aTzctR&ITzUYsV z>K%_?T?HGJmK(UmTnKNJRLo5qQTQD9z7ys0j=nGc^HJ=oF<*DIQk-3*#i=EoHC#{p z;qI4*6CGy#lFel%NP!2H{K)4A$SmD;FyG#Nym zRFdDa$2meC?R)nS^ylPq?Ute)&Q2IV3`nCh@fagslc~KjJ;!?(TS9PH;UcLX5_P$e z-rRp@^dC^QAaSAmQNFgv`})@DI^5q6q}=@N>yK-!Hy!@)GssUWyK4uoQW+>hOYY(0 zp{|~_k`EH8H_XKfO=NkJDWClcXeCbKbK!f(f!e)|q|?m6c@zqaHFS1~?Q%k6O0d1# z65z4r)$M=3w5a6}>9+PN*HSMO%UXnHYIJRHu$`d4YxXKIIkjktxk9nIaC zHzx@s+uhIoZNPaqO~YFMW!2jOWL9FBAGh_Cp33ZGZt!ep!fzuUwya^1^&)hMk6#yH zLC^qd&d?uj|DWo42>m7l$rQfk#Ko{vhjjs&gjMnMt0hhh6h!>~SwGmJRP6$i>!Z8} z@sm8BExJyC4uJtk3WP1n-Hr^O&afOLEely}{uu0eLfdW0(FO86S3D$=!GE&N`^@q| zGmHB1X5F^IS%^c#&#;!JCp;tXtNs{P7riz>>^Nrrl_PWp4{eXzI}!C#fnfWfLM1X$ z(ClrrRjCYw)&VMLRKAfkgU_;15Qff~h{$3w_qe^_397VD9*CXq@LwB0U#YlVVhbwf z(>pY_Y9?6MMnxAJQB|SfWE3r8{E2fFRa$@&W~%k9Pq(rO2u5 z>`lN;OH73T9eHhltpeGb3v*FGm_{jU;OM=FM|Ya!Mt8`mlzfOTp(g*_GL(`NJ^bd~ zyWF3_=NtM!=Mo7m=X?mUGhE)6vw)m0sCwvY~1!jrvop4zC@ zn~Cu`-R3h!?UtfoAe=!^y3ViDiz;;H_0-EMdJ9nEz~Q0!{lLIbC>80pF;q*NMer4_ zO$u9)>8zz5T3jbp06X5>E4rMGJ~Zs1Z*Lh~&c08g*9XI{-yDF+|V--5yBZLt>RKd>=}e%CQWQ;&&Q z5#80rAbEg1Zqv7hoIUCvI>R!88ShUQiw1QsAGT*mJM33j*|~TBx}-=mBFazLz-4K) z8~YTVyYBAFD#x#CtRgDHW_t-}BeHxuQ?$Onskjkx$F#c%5qJ=g5RgWsyQRCkyBqJ|Isd!vySrS=SLzFyncsKz{_H)? z(fHcAu?UI5(>Wk#rG`s0M-4{-arXQ!;q3Fl(pahx?)4(DP zPbFYF^op0IzYudt5z1JJrz085Nz|(4M|*PlX17r8CLIV81*k7dD>lBMLHbADgD;S2 zMMrA@RRQpd9FT9>(tacQ5jJEBs019GzBE*q54pn{}>M zi0B8{>`HJ@40Y_=iI;i|FNd)*e2Rufopx^@4}gkfiUUO5ue{RMu&EqAx!G$n=VC1j zM=eu5`uO$$3W0g{n=ZGXJzFG1K6Qd{i;U)kwz&Kfhm(;ZH1v#wv92|l3FZY%nZ|NW zA=0LGO1&7Y-@&tHE*&{2Z>ihG)Y+!2M49Y2IW7O?tS?Vs7(RM|Rz6G=!9qW$-!@4o zDF#7DpK2#zb9Q_D7Ju-IrwRB4U(^3&P@X3Nkon`WJKT|4T}yu$6)djn%Ob@_R;Qy$ ze=t*r=|(v}0Z~;(ThH)lB{}Mzy#tqnD*Z=u;a}9+dy&_d;y-TtyM=!~5Z%!F_ zpjE@4A|3@5nkroy4Tq236PYMV%t|?)r|cj&LAt26Ji&C@A67>|f@I@`eo(*Gz^{@E zq(Mh->|v zyPm3n#5?N{xIf=jqbj;=en-6MLXZPi_)EWS>-4LQ9KmaWz~XKf+2kefyNpxpLNQKp z_%OL8&$Hl!qddB=fX5OK>Hh8I81OWhr1dxQ+fb^0%?5?=R%>K4m&*spq@*Xb4P}>D zB0N)K<2SJxKOJzzTX11Ekt@){uGuVveGJa%ZCDqq&vdHv=`iWzx;dLcLDPrI=m$xR zuAp>%*lYxtH9Zj;@4?9jURGW_1lhT zutBsrxxUQM+d19HgmkdzK|&3|H~*{g`&T2SE=MD|(o;L7&5xI26Z}8Oz->N(MFk`L zN>>|5B~n$N8m+Ngz`e?M)DxVA{K{U34B zBhe+wa`NNPNr;Km7#RR-QsLn||In(?$??_KRGlkv{wLCm4i$W{yMi`dOs3(TNFVyt zqXe+VKr05*yXr^t)vWsBD1L~K6Y`l-9?W_TYyU24sOew~j1!l%(E0dqk7Uw|htZ}q z1tx`1bBL(fT0?0jTmzwt`BEqbWu&}B3^ePRe@~$;<;g`OsiD`%PFl0mnRZ|LTk8T8T9D09^fBP)r@ zCqH-?QQEhG!aIs^BB1H9Fm7bLvdzQPugxivmkJ;kp@NPagAyHP7^!owGn#Jx_X&)# zx{V~>U35tJyd?^b)xjfTmh4yPVS0+_d!gJ!;gLslHC%?oz5}gWL)NNzuM|V|qTZJY0=`?o$-Pu;AJhjLs%lY+5 zJY-yIC~dUS%3(k`+|$IE(mRW&(fw!kPn+F-ol#zR;O0>G9l2NCK?(U9G!ZoLsM}tm z;@}kMV&zT;Bkelm%vFfs^QSrmV4*mgC)~UM-Hy(+&6} z(nN((ca$#w zID0D+JT5**qh^y8)Wi0gl-a;j0EGS`v%=-lenrYT_@kHk{gYit4DD0Q5M8IZGt?l9@hU$f)ojt-IyuT3K zOMA#&`S@&K_Jy9K7!uw9A<@Fd`}Q1nq4`fs*2A`5UDaCzbc>G*w?T4HZuuutE=${3 z4g7#B1cW{c{9VqU(ZNm->&ox4`HQ9#_mTR3vWL*-_y5P)@L9Qah%)bC@31`=Z@5~_ zeZz4yyfcPfbzD1?`NzyHsyKn_yza3CVzjqAdli_qf!sUnzo$>`Tiznol*#c$>h(~5 z`YFW;Ex0uAM9}R(vOX~xG`U|;HoBe&*Ji5Z0hE^2fJ3s1mPpuwI%lr3mT&I_v1szv4sId@UJ-6tthMTkTHEW--}rGW7(F9dPvp z%{RulYt$YQA&N|@pm$xZe@6nP*#cHa0W}?^I;}|5KbZQqF*1bRcfB@^)`eR#>=x(W zct&7Q+(s(pNeZ8=`4j|63XnyvFlBoH5Hi%3#e2xM`5{kr35egl(Ib<)-c6R7H5VPA zM+1q7vF70BY%5UV0t)%`K8+F%#GxYrjMk*K~_?ukt&C(PQ9cdJ+1 zy~1R>?W><C*d#F(R*XKRd2RQ&8jTKo%pa{yQu2O?c#q z*4fHDx)GaaP8_8yF|^;-adTg+Lb{3RkLrl7ZK&R2^w96?ZMQ%x@o7_?k}xiVLB=BP zY4}+<)~`@L&E3w9>3tWew5)HRYtkSGSKWtRfEY&8g?uPfPiImchFdxTdh)gg2*^WJ ziWPqM1dxxHuc2wat{Mc43_vHiN#& zKwwXSa489EX*~D#f+oUNTR7xQzH`a<6&0hx(&O58H&F~vdNQVB(Dg*!#?<(aJq~dk z?Q`@u(ftXw*-^-!B|_)Zrml#;Be0Vu(~QLq>isI5L92JPq>-#NLH5YjMH%us+vFQB zA47}Te5kcI$%;OBqa1wxowfcapz=FXo;f$7ljUpjn1R^TZ)W3X+Qo;t;bkN0VMj ziIsMK#qJ5!fu9v%R_{0wi%bzM7uDQ1c72w?wBG1@!WYdM?l;nJw4c1gv1ZHGnp@^C(|A*PlCgmjzD>yGTk3XVdYjwAt^c7u>gbK#?SikLk2%~#GLxFTn0_5 zX+hH77~~&H`$>S4Q4?k{0h>}k-7}SaB*Xxo=iPqHn_ednVX?cMZH6rii>`)Q&`g0@g0tDxLUi9aSNB%>{5QabR1^94S@ z&Pu?g0aTku{VX%%hi_Pk_Sr0^NMN*e);xZ|X=C7n40=I-{<^`)cdI{o8)-lAWs+sr zj~QiXFj2d?VvHov6xb?J3*QDyoF-giXX~7agtmtCD5`X@c)XgO-9pNZP^X-CSt2)o z>oBObTZj`2lPnK%mU3Kz10@@}pryFc*BN!>=Zzu}tKbsRIqcWA_L(5=Rnv`^dkwmQ zgFQx%nd!|&@{)OP1v0B=#|N$Y7O#n>;mLRk2TdCT;lrV*w3@e8m*K#I&R`Pqv{7WP zpGMChe-C5w83x;zHHu&hJnuvnNMcX*W@?D_Whb$D%@JpcAVznaI2rn6K`o@!pP-|{ z7lN$hnD+De%YY`&MICN#ud{)O&X%rM!Zkc}H=gTaEr&<{@WIwLDR)zTD3&CYN~H;F zzrtLz2a4XuSuvyT0p~q}*7#0wT!UD2w30f&K%=aE^28SGIhwVBMJAdII(89B`WGME zO?l5B!`ijvA7 z80)*!RUX~KCMUImS+kC+XwxPq-T0a%dUAK}hmbb7CR+NY?`vhBV(tvR9rw3!@pv68 zh{e+5)3Sry+gEuvuZgXfU8s>Z%ZFs31`IlNawfE_i4hhc@-~D|T+z#&n zhv#F`=c!jFQrO?PD#vB@-^XD))}_ieqe$p^`>eZj4M0RiVUu3Se)Wg5$CG`|g+xxT zL!(9`q}=TB-g?A|*cY2dQ*DSF|3@29PAsj~`k%)uEFI4JiD}q?)3W3hyh?q3RySdv zzSMV>HwhwyM%k&A$(BCJ>0(;P#&lR;YI8)^w5flutGv$m^FU+cZSJIjY#;!|nU?1Y zl0^WX5@lfBM5oNX|Kr@qJ8Jc5>hc@RpXzEb9_I0R3p>kM@g?CF>_2t+v@nFv{K*gH zn65IIETF``vJPc-65m{gW$xRix6d3qEqcC2KLJoK3***N3+|DQ#Od{oOfXo$+lKX| zo+tm;SmK4b{o2MEPPn)B63h@c-9rS%PktaVDak(p9d#39k(34;DorqKQ4P=n3TM@e zy*JCtUZMiF{Dwlc8fUtWhxeFgZ|RRvbDZ)bEzIYVYLl)Uas$iZkQC~G1`>tKqpa1_ zhT@=RzudxXNyjVWXRS|>MdIDc$qWdVT+RIi=`Y!_fQ$nfF}YWPUgJ?-01 zg2Yojc%`A_Vej%wG^3P1lam;N}SD+HM1rZ^IH8rlQoa^PpKr z-IMXSMieD}rT7(U$Eue=`73un;w??D2>k-MnHqql!jqP(WE?jP3+=-$Hg3gESjcV_ zUEX99+D2Zrz(z!SxmT0WDNUot3IaFkaP(DpLrXOGRYbFcx~Gt&X4P1tFBr@qQ{99mn%+lTWbUuUgwB`nq0iFQ7L+-78;pT}%j%e{JAt6*fL< zGNNmI-8VJ+v@y+k)y_z8eQZZJo28GTDqwh`(WPS?_`*DIuRRQ;uP1vZWbVd2OSf6* zKy#xr{aX>mTOG!LwGH5%h9{=6t>zV@%C9DuZbcs#!}teh)KX*3}eE!MT_^SCFDhx zHVfqKa`iv`0FHI|9rc5Re)~O;8*Nq~p1ja~Ka??3jJCjRCX-yAu=#$dP$ZrT<*TKN zG*`MmADXie?OT-!U-qrfL$aCZ-v(@rb!J$CsuW6`xAbqT%ZQS&e-akmlu#Kl+ipg? zzv1O_7rytG7-lQV+88%JC59!RUx+lf>axzh|EOvE2f=s)ylX*Jt3f zeH;_|=5OLp@U>_Qv1g;9#|pT6QD1+pmHvxfh15rVI-bA{iwX)4(d~Dz>o30R~SlA0`jr9EDIFO!B?eR^UWL?h!RPp=H|?NX}J> zZ>Q8%-&zF5na|}l8L%qL)%ECyusG9bAw*O5$HIg% zVA12y7EudjH!$#NxeDJSMl=D&E6(|&8g|~kE3q>70Ehv-L@zT+hks^&Ga5F#gjp}! z-lma7>Vz-ZaqRk!y&wMM#K#Oa%j&FU0(kuJyF#y~!fxd?zJ?4qdb}+`R;TTPAQ(b> zJodxggx6-e`Vx{qJg$h)cq3-e_jegSd@Bjq!Z4c>ud(G9?$+n{$>7Xazq4_J!-igV z$FmK*M6B7)=qVW7x1M?{4-nm##U0@Lq#g5VU6~U3leB$#U2=(o*uAj&E!M!ED=)N> zSa=AFPJ52x^C-b2FOmCApeGm6Xl8AV#Mu%>Y<+X#l%h4vmn}!XX;8Q-fVDe96+3$J z1~DoS`=o!$K_bwrv*AU=6;yJoq}}{7JsFIwnG1$H<+CbYreLXenWA5hS+QUGHK58SK*atYM9_4vQH8%;kKX@9$l9IywYj@+}$)<7Je8!3%RA`WD zIedN>L$_45E!(eFkhcAaU$r>J@$%eM+BR$M=TVNP(`@eqj)f~VoW+NvJ{7HDXk!R6 zW`p9vQhmar*OgB&N*F-!tkU!tw0}`{F^WF%PI^8ny#^>7zw7J4>XzS%mJ;FXnWpf5 z7H^Zb#bx~>Rs^lDrkd2dcZ>NWpVy}U<_Il-@hs8diXTfj$=q^ERA`%Wc=b#ZizY_P zbch7Jqf2xfh2APtlAui%w>gsH8yc;s$RvfHqG+NwuRAYdJ6r)IHfPSoJJ*r)bps|! zsAepg3#Jw!^+p|;=9e%%^nL5jU^N;eQGX;j?|Yw!sezXNZwExRnXH z9#`IKv(aTC$Nm)k00FUhbqMGT%Ux@YF)Q(xwJ%2>;9)fxsBZ$UgWyVqp3hpnI#*{l z;;zCy5b8<(^XTFCjYR9`A#-G(f+l!q6<~2oK7T|2Q;m^T#9*2A9cT>Bnc z?i8x7r;?B^h~o^hM(CJc@1vDW%ct{#+O>CPa%A&o;H?$w%?jr*J@B<@d<4Qi8diYu zdvJvr)5)aXLO7wNyG0RR*iBSkXHW>ttm)$rt38<)@?X1MNVS`2=l=eT>;csArR6&@!9id zw-;IorTX*~`#GhvTSe}}`tng%fLU@l#`1Sx_QKHh8iY0$2le!j3+tKuj-B=Mg|ARt zyk|o`!uzF)eFjrsG8NPEnh@d7!xfhaHpx%4;9fe&hM$<53kE^+4P+=}E5HA{GIqhI z@?rEB=XKXOTu+c zb1YS)bZ;?_5b9p zK<1DqmnakHO;6eNF|5ikMI@PS!I$Z0fG_p4Ql8lPHjk84ZM*B9w+8L5Uo)ou1Z-h1 z6xA?xo4G%nq7#m>AvcoX;dGA1aiRO)Zp_~ ziIcq4@IoDt^L&G*tBDnugKEy9plV_98!4GFWBqFg%v#t7i*PLrU6ez;l2~8;ZYipL z>Dw!WDS3<)f+98AsBa|4+_TkplJG~$5M@4TYyCDHIc)2;-uUJhtx(E{fA{>U7w`Ky z67Q9?dczs=jrvdz{U-Gv?pFP>sU@L$$Kf+#t_5A{^4Ni7!6EXzY8r?0wM8@4CIq9? z$1k&+>0E=4`7ak}HZQ_Q_`mAY2*NXF*WnJ%@OfHHyMpfRbIMP8 zfAeAxHCQwh%k|^fSXU5L$q$wlK6PJ1i`GBunwf2bK=fV(N*@9l%8KOtoFxUvNGYj=-;Y<~WEIy6AmJUk7e#N?56|VP{-8 zy1#?caU04x*&U~iztBa(5R2`^0YO6(k5!RbW@Wx&Bdx%#f6<+JZTsyBQUu0AJv$Xz zvp#G*oVXp@@8bEk_Pc%%zDIsu=dCk$8Ng~E2%U;iFF@6NU2y(3Kg%`7ii@L^`HbR`YR{cXU1Ou_AP|OQ36d#EdnyV>LIm@uR5wuTxYOB&0{$++62E^4!62Z5v4VB`=v>k5pWKaMrRDzf9_Jv>}2mqZ#OOP09Ktjo?M zM(g(vYR`+ZQi`W!qgIc#o^^SN`>Jo_yo#V$F=#g z?EMLc)P5&ARE2*;a-i|9kkId;S^<9?)Vg-5|y zBq#&K&Aiz~?5#<0*N4SukzC7a@}?hmm$0~&XdEnN^jrFWhLJo^dqW(7RNm>4MH{2{ zYmjJ(sFCmK+m8oB5x(_mEpbG=vdk~ncqdp~SFWYYarfFir~xL8)H=e{&qXJ)*69Yo zyHUr*!y4%9D;EeIj2c+9d52M@Crm~m*KjO^5XFk+G+kj{3AE3}9k?gbmyhO6C|Pg(a#9XEB0E~<-3U2!@oS-iXn&=-YRhk?({48I9Wtfdt;!3oJq z^0>e?QsEul2C%&aAtpz{6KLs29q21`J&K^8Z3`w`VbqlRC&J^YP@u({HOR{07iSFy zU5gR?1pw(FNO7wEy_Zm(2uPQ_#_4*I(5DRg2!W`{UooX&dc>IHH-&rzyspBB!JmPE z;|~d&>F*(1`E3*eqH=W?Jlls0cbWvuh7IDGUYE?knNvTbc~Nt2+6n{X+@D%L(GQ&1 zX}{1Aosbf&7RyO$kyl+;V@1Q!Ockxuc@Z;}sOQrv$)Iy2KbYP%^&d9{tojZ{`9M@K>iO-`pMkDZ?;Mbc7h;}t> zsL?cDEVHAUuo|9uOQ~vLCuGS$Cz%I{A&;1V;eir3!v@S7V4<<09g^Fv4kaj?qt0$f zWv_88^(mX|R79~dzAq_Tbx_29#?$b=henmPG#da_Y=81lkoTA5-og*zfS8@b z&VWj7i&z)Rvte|->$vHM^uq;zw@F|k+Ytt)VQdzUlSFCk8xO~M3Bg8}KL zMFtnb(8-c7Qni6pf*MV~wRDi4{!M(%TpK!nl(gq&zqPZ`T8o9zNIS@Y!EoyIAXf!A zCJ_@cd&?;UG_Pj;YQ-)Z^r}z1AkaR?8B~k8*?MAp^ZRj+}AZQ9EJ}l|X%E`TbAzF!#RTvc5#A;qjvvy)|T!6z{wg z2Tc}^RlV1jX@b6nNcE{%i{Ay=XeS?g!;heVbc|@Z#T&wb^!I=@F*no~*r+N}=#*-O zq#FQ{#hY`U^>KW%KA%@JMb!dAz+S#JM0H z`KpKw^Zk8NkN7>e^L_EAhV)@Tde_GTBZD!g(*#qh{?tI4(LMfc!_t_WgF z1Pxq0Q~1+0k#SV=0v{p`932Z&Q=7Cu-Jr8m zzX_;F5_~iHokYKKqgYhn;k;7yx7xv(3ZHp`&Kh4+_ceQJZt?MCXjyWJ@ztOhiUBUD z84zBIhGuD-R=1$AunLQFz6zua&X>~oFPX|%l;G(2xS95zX&PBT9?cFW$c39urc9LR z$wl;@uJ34_n?hSjbq0heLu(rhB^HaxOyd?BctJ=>)k62~_5wk{F~WaRG0pce9A(Wr z@{h^QLo3<9+zZK{gB>MQdPUycXL8&7x`XG=<<8EH@A!s7gk$a4i4fne==AL#VFg;EABbGF*%YfwOZZ_O*pfgBJs-LMo%{CW3)Fd=(w zDBdCu(bsjj@6jCP;5Wqo%&%-AO#aMlG~0~;Z&;opG%aj>N339nU`}|G7*ab|v&5;{ zXdkXf-*7=fUbZjmvzV?Zo}%$u)I%ws{-djhKT4Jt`l?!zj9!A%uE~4GkXq&@*}4`7 zHi&e^b;PyPhGE(2flO0=dRLdeHCj?<_%+<9W~R5%_rT*>&f7UCq9P)A^kj1HYoJ8J z-q_e8MzbnIW^oYu)Lv`3-Pqximmw0=^O~5WpT+FZes|m?rMN<-{SKeKuGfF>QzOI5 z14=f*A_&kLIDpjQ`A2gJ*P?z#-Y;UNVA~jbyU#oS-8Q7OPur$gK6>tNvOzFGNPl{G zaQv5nQ;vZ8dZ(eSd9GJ|Fl?!0#Y=ovzcN8G=?`SyeoPl75ewjJH?V}XEaaiQ{bnyb#*i_@>Es*a0ny#ms7@?78kRI|`7keHx;sVXp!S{0y z9aHSXX}_&$_2;Xk>y2IyOI`C;VYkx79E6C3!wwWcKHWvLyBy3%!px2hU-OcoQ9`EK2Dh;4%cepXrcGzA+R^d&4QWU|6k8i}B#)g1A#IEbkM6qRFSxOY z;s(0>`t*@DE_nQ*Ef%ij;au6NJ2jrO! zc=Xa#XzII2-0#kRf9r()$2gVQ3c+cQUrF`t&i4I4Hz`w_O#;2LWa~E|c2+HgWUtF4 zh(93*09ZL6t6o4^lcS3^Tp3Ly7R3vFRk4hxO&hV$Dek)Fug0LUIjAK>z=N8of?@#_ zs8|~By1F^_efNVVXS(}>RP52KySoYg`m+@PqP3i{<=P~XBe^r%1RoEr1*fp5rx z)}~@tWF{@&ZJwB|@V1E>#$pGf&j5kY;xBI}?3FYMq_!AjJl^-#C`hW1*Y>z(7QiuV z!q4nIpwTO#9!MuV{Sg3<76il6yS>t8gvB50T;&VpIEN-KhoKd!Ho=Q@;I6;9cYY7@_ysz5 zLRH4!*C;6(BfZa)t}&~qWA({mbHSye%G#}GX+h&%uySoh&;}{q3RZ`fiy;bn_~}?4 zV;*5+6B`5akqa6!*!6I2q+KEv+O_r~uBgto97&~N<`zJ4ucB%@_?y5X<_5{m((U7f z+JB>3qUx~v(|k^ze4sHUdQuz*Yx!m!gn_aw-@UAR_UwYKB3ye!(%^%ifml+3_`UEF zprH5k#|Kk#i?LoP9@Yc?2dxM3b;+8u5b9N50yDDBTsFh*3Rio}zMTG7A6cTJ(6);5 zZp-rHOdqIH8~Kg4>K^h*|JW614QpFP6((!*-IUu$Yi_GJa`!0rXwX~wr%)xQxP+9_ z8&}~IDGagx6enr`R~z_`H{k78T{}W`-YC(i&p;vKGSPS;RkTp0PUrD>FOWaAO{L$E z3}@hq77f1&MDs$zs@{^5#lDEnNgI#v&I^|XUAex-tR9R-6MxbEqxIv4GQ|L!x_Yp=bdLHx@hO8 z-^X5)x$cg39vbE(Qo-`9d_O>IF7Aps-c6vk@NP`iB|0!X*g zw^ycle%UF^$4k{u{%n3sZhP?P<7yaNWXz#DAtC{ z?tp1}QyIn02cx;Tp?j9ZB3Yxt*(R$HTeR+hQ_a4pzI=p%C2Zw5VaOA zTYmj7Nd<1GUm5f8B<$9vbQkXbhh-yN3XC!uc94ftjFuaYAZ>TFbt2K}cA!gitWQRl z>*Xy)<`C$G20dWgcH~h#V|4N8=66k6Wv^nd3Q?K5;r}mxxDq3HVVTQTis3Hpe0Zyf z^rm2Ifj~(7EkoOm2?pWw(Ol{Gz3~)zt|yBWbYImG8eaJolY$>PJ|DED$MIrTcA%(r z>wCOnj`##YsIl3QZnh=c+%F2BR#!N(Bt}tZu9#s8V)b5o*(zKTa-Fb=wv2j(7-&;| z0KD^8Q(2Ydb>i3$*sirm6ow&BlMQ^*G#jL5kBM>@=9CZ%0^T~$E4uE11ipcR;%%Xm zK7)PcVt+YrGEliV6L1z~-cM^P-lbHl;c z9~#Y)0HiH2SV2=|x2u3bOdU*vb1o8lrUo|m;{c;3IqE184nOuhP^Yf20+5ewNVi>(V;Q$m!HPdd34tP+3ex2X*DWll~_V0}9V9_o>FN`^_r$;ZBhqbkVy(A_TRBmG=@n zMWT-MYRh^|vDRM99LN#j`Qq05h1%5=2K#$q*QjUvoXg}qXk+4gF z_(+n4=F~Vb(l_=AmpPcyKTO)$i?vM%~M? zUGu*~wZy`~3nRQp%aRUou5cW^m3;Y%>O2QDqTmdq0$Xl(%(nP*jnp)WcaX`_NLMFP zm*QtqJ-mU1`lB)|b_Aq)x=2A$!In2`yjYFm$VXD@W%g9{SNPfDQT3zGSCECVJzt&J zoCgu7leFRWVa#6cI04fVELK`u9(C5BZUUD$5I*MqmZ!2&L%&Az^(V3W z@WCa|KsR1@bIe8{zjsxp@V^Tck4_gSeqZ_TlwI6bHH#awBS|Pwr%GnD?S?;a_Uvhu zlC$tcSU7`}`I`^9=N?ZpgGx{dpjD*PmaF!VyHX|%!+Tzdf4*< z%?YKhj5}l;`Bzi}9H%81*IoPbO@eQ;J)~?$3tk`-jP`O;**>=7+_%lp!;XGt0MB0M zgVa^F+i-GYARPQrK3?_nbHiEm#p0pxPoFDzz3)Y>Ba7+SnR+#^cEH1V+|$?l(VYtQ z3$;0SNxv8j*t!GY>8yFBQdtn3td~-LLw|<6OrsOF8no9a7XaOHw%X>Q8M27fW)n+b zb7M5<^<(HBeO-J(>AfQf3>8=ex&In^0tvt{jL1`bBlq7yiU`viPla(fCei?BAjAxu zQ&?1@LGq{a1(*02G~}<%On#h$)I{_(99_N)p`;2;vZJrlaqN3m=X-1T#*zZ{EF9U) zLSUO^6$Tx*EQd9qk&Lg4nFZp%#4nvRsD3x%i7Fqax7d(>%g5tvF7wpTVunB>s^oq6 zh5G66RP~Z*|H1o$_2aA#QjnQr@%X#WVp#=?nv$u};q*h1gQ`({~W&X){N8cn&{ZX6sx#WZx_CwOw^+4(ZaJj6Ad zor9qh(LRqifpNKX*7_*9&0%^Y4{5fSi?H%8#7hsCb4PuZD>CCxzPVo_72Qlg5YM-d z4^qKVedUf;>9{4AlBwZbcCUa>@KVtdh=CrRpyx@&6rXP3Qz+3urd0 zFZR@O0hQj9k3Y)saWOBuvq`mWXg5e$k_&|Cv5@Fxa^i2wbQ!wNLeVE{1h z3^Fz=BBP5}$lFekjrS;ynFn4|A%(bqXrKJ&O=UOZ_VR<#(qSjcqFtF)gL>F);Bbs8 zOw7k)W8w%#tiIob-UH}lwiWpjw6qQ+)esx{{<+f_Q#pDK8ZWaja`C7;A7t;t50~yy z4&EqUl?)*NW-jT|Q$W_SPG1*I5PMp&slQ+q(C}Cd;ygc|JllB|ky_zvox&fUnW4IK40GE8)vzZm1SVUKuRv%0~I^xu2Q};93DqrGBh_T z&3VK>$VwD)iIzstx5lk)o8(lKuQ-^VidkK>RHZa5+jXe^a$-7zr>-`4ZVcQ4u78%O zvxn&m#KV!;7_>Y7+?meoDE+VJW_@$`e_e5veRThpDSVKtw&3x7lGe9l5lUUquGnL2 zvI4q!T?ZW~RnuBLF_ji(_}Yd4d{RYqPa>o5yuaaaCo|_6(fc!O^@lfS>hV!RCgs!X zKV>%rJNc`b#FQA1d=JUGug+dF_qw{>AHh))igGsHUg3qEN2o2Keil`Iwa}UA?U~!P zQjIFmn}r=ep8gl0@r!xy8zs1p&i`8wL;4zqi3Q487tMdW?Ukbg zhd5;?MJSwAl98sEA1xbsDv8hK{sj+djXYG;w46mo9lec%NTiPpSHsFY`ruqfM=xs=uw_O7nk;eiHNDL z?V3hfJ=S>tr~JocmDzareY~UcVP80SjgRxcWT!1qSVCyatzfUHP9mCbL_w0;qRah3 zL#M$p>U3S%C24Q#8W17J=PtgndysPKSMa_vfY(H5_E9su89-ZfsxU1r&^BeutI;G6 zpi*}gOYD?Ov8i9XElPGC1|VLNHXkOPQpjL>?YHfHQ{GOzi&M{Sin^wB)EO_`!9KS$ zm-i)qM~`c`A-xJul~S_SfbX>B(qJaWpVf1aQ1hA`YQ3Afw)3jG$u4Ohp-I3xZzA>1 zV$k8m&0N8Y-4udO<$4S$vU-WfLY>??8b2=0=er?~Ax&Bhr-HuQ?`DZP01N4p1uaj3 z?_f3+JgaxBazLw#+jt>97t6>k+gPI2^4n&R(GNyhf$%sJTCRV-UJh{e_pEQdmTjXw z|2-r9-6ri;yfy${ULp0gQ0IeyMK$vdK$ewj!w2REJI}e(2@aw=KQ)3Gqtat$qMpn< zi!jy$G+7W&o0!;%iJnrO^!F(rF8RYIypO%{_BodPm>nmV^b-AD5)E`o;VbZ{zUXMb zrDFltzia|9Rk-1S-&*~Z|5p+7w=MwDq6zii>!5F-uUiEY3^rwPiSd6;AmZq*U!=$y zsJM_mo0z14!akcBR*82qIG7Ql7hi15y9b|FNWGuaA#M{>47(0`{0-&u2X9XWej`;i zV7-6=z_0VP35WAM-4nv8+p$K5)nDvf;j+ydxH+J=Q^mi(zSv{}wI?JY7m(M|9wAv9 z@SsssYSLEx!o}B-0w05xNzu19x@`)^5G=2$JA;kh96*c)>css!4r6z@6?uEA)R0Eq z{LHtPx|Bf(I0j~56ce#~D_-@i!ZFI0kHEQo7GIrJ=ECj4_|s92!G`5Opj0WRHQV$6 zUpdL;@Qd6Zi|3ZlCoprYUZzF$2svm}AbAtyl( z+i*jW(%dd+{I~NhRw|l}jE%XBXre$@T+zr5GorXcJ!11HCKRqW-{HRhHRHtTllj?4idEjC8MeinPd5kO2Bs}U^s(6 zk!}vlIKdSTGJHoMtR}o{!yEwFx>;T!a%W?RIo|eq{B4^15<&`(g0Jl8-lYe;O>cfM zGe`Nl4F)j7_H0+EG4R;Hem@134(BJ`L^z$cOHI<5-nXAWyRZugU#kQfOl)k;HPb8> ztgyXb3jLNm5_3&?U*__?y-U@FokcqaInM12(e{C~>Ko>>UU0@crP>9e7&r`ccyEi4 z0p)^gJV)21{e_A}2h)Vr8|d2xx1*Zt#hdu+pt`GlZBct_g(?T_Wqjct2{RUNYul$j zN_#x#^HGyGT1}Zx>)7vU9n1WG)^UsfjZuMXc|-6Eo`tftfmD6_m$on|4ZEv@pO{?r z;VmaWAj=zz-G8}VATHGY9;o}nIi1Y|*J+1cdt?XKm8xY>b0!q9Ur3_EJn!(<2eqOY z^d1q!(xpVtu7iTJmpokHxp3kIEooHpNC*V%2D1cIp>~4vw4j)Zo;SZ8E)GVwvP_!M zyw@E*pex)Y{;i(wgbh!d)@w$UC6;{@=UzB^{4ITByPstTJ03J_TGBtQ=3?EQQSH{e zpZXc0MHRIvaWx|MZE%l=^^4T5$G_aXYAPzxvQW@YeS@A_0Dg;`*hZbHKJ=u&joR!L z;-C8YK#cy;s5(nH<%Mfu9NZ#lIp;N~!tJ-Dh+0wsSkBJLTDNX|$9|Q3?f3Y|4ENuh zIW%TI0aWt%U)^NlZLiuNb3OoIwBi&o%>H=zxjbKm@A!jB)9!f$WPvUM++e^?p!vXr zO|OAZEg}chw@U4Qlo0JG`-qnZj#|RM{$!;|-D;W+PN6 zg(SA`ZyYN9Lw66YrCOK`-u^);VuHdMYO7Swm!`SJH12DZ8Nqr zn~LqPlbXZLOl^(=#SPiEnw(UZsYhlT=#rpnJz;-AnEFy5AuqYMpcbi zV$+uq(B3d^D9rvs3%mr+f8^05N}IE1f<7!I3ZYPznt}Vq)@oI9&uzX`p6rGiV9W&_ zaq~K1_hgFHV(vS@MU3YP{PE1*&Y1ZW4_r;(Oiu$)TtTBvom@QHGfAw|uLN8MgJgWh zqN?*q4e5d!h$6#K>Qkv69#0*%$`2)_w=u}b6jE%TaJ2e@+V%*HSJirypA-_T|ErMD z!gjPsyjr8SFa3bO%UnzdvlQ}|64(xEG0XIpkwE!D>3Z$kavZC>FXMHuo?)G)$mQdV z)JViwlHG;!j>P33xfNv_eQ^` zjyT_t7QvA|@H*dh#t>E1qq+w|aY2a;8MQ&y#p6Q=O8jN0)5&tk}N!ptw45d$dKM8WR%M)t{k7jTQ+zPrG~cIO5JM z`olxHi28c0KWlP!$;+DLzj){moBau-7jv%@Be=K z<-(ENn6cE<9dYkYt6K4_{MQFIZ))qyE{2F^z?++%{0S2YJTViNIPsyf%f9a0(p{tE z`xeVRh?iM;yHY!Qb_^BaB;qggH^dXBKARh-!}Gd54+@vp&|VIDQTmL4{t-;n0@2g$ zUqaEkRaRP~#RK%yRCityF5b^JufW+S*=KhQ-|4^d5Tv3x8 z>9%`%ppsY{V|%pr?Zx4YW?KCZ5~Zh}wjjjK$yvMA+bEuJs)FZWL?xF;-7s(heXGxfxI1@aL zvQ4R0il+^?rQEWTeYnI$?52J&ZbD73aXT@V;aCxipbYDO>Jm#LVo8y}9uod;_5nU- zXTFwJco|pmrhY1fTWRk!f*1~Qf~3TX6>L1|WEx3ntf+U+S?e=MxJy%KURiZzR+@^h zHS0^a?ns&#S>Ea5^V^*^tbX^y-m5Tu&lsl3<*1}suHS!EA6?OPl{K{9{^gkV7uGI3 z@_pj$&+?awJ+Ehq#svQGDvQQi76?}Eed+)GcZ1E&ED>-;&MYoSSC@tEKUiPP5;*Qp zQ1C!`#=}aVd~F!l?FZF=u|~?6c3_&wlo^U#3fEK;`=NdKl?x z{19D&6Cr7 zhmeJ6YQ69|GA41t-y?g!38L%>Y+|<#%YlhurI@=PWL#(QV=P&P(4W1{+x6tVH&?~K zZPPUV0n3%N`(cY|83-3-JT9uz*M=betdjgRV?V0Rp^oV5Popj*-ywH)_A>x=snH)sI9+wL1M;pU_^dE zxLJMF5feL_z#GO_B{j6LbJQ}V*{>lS7$>#R(lex7Br-v9QEazGSKJAz&ALCrq&U7> zZjGaBHk`Cv!l=6CtL{nKFnvPu_(V0^*65(s#_^O>>gq&?v*vE+{Gj$zeCoLeUHC_9 zePXDm*$;(HlzP4dUNh8K6MRLvlfcBSf0!0LGVOcZ=|PfPqW{2Yb2#5=u+mUkkWg=! znbiw+(itt9%vI)h0H&XXLwbAP%KsE=^JYWrKH-?X!-QVe{nl{fg;u3D)DI{^zcSV9 z(WdD6&=|SL6-M8Z8a!4Kt?K1;f2BUD@xu1(&<&v;L)+E_B4fMBtx=mW8?r5+=UyM- zeQ=y|%SU^FLHG(9YePtgcIXT*aani%VO20zH1rapM+MQ64Qvo$oWrd^-P-Q$zSv@w zw#WOTQdG&V7+(=|HKMuKnQPug{0^N+g?L4u*h)8)$Bmn9ojan=yad;5$R{L0Xn|^U zIn-h9;ss#+mW8;ShtQ@}4b@r_B=qP6w(=7r@yC5zdQkEdQ>tV5(x7X6lMmk~R+;yx zI+8)hFkr{??DlRzF&zd=T;F-AC7iowK7*Ki(!7TG!4u5t`rsE`J!~9yL=3f(Q;b{1 z9p|}qGeq?0dO99;;2;ds5iZQQ@hBp7Uzh~aKkeI?sf3l1=yjl?EnHw_2KHNHw-#aQ*eTu$XVsWK1 z&(fHW=M?wW{2i^5i4v0WnWNCIyi9@oR(vA@m#f8Vx5v$z+%;Vf+cq#=EqThjr_|{t zOLj~;vy%oZWo=ARTB?jWto<;_U+e8>!mg!mI}vD%JQBq~VMYw*PUwlHz?MvU^=Wkf z1APl|ZnZ7JTg>vlQD)`t&R4RvPl;oE`O1g_ezXL9${{q8Gyfg56|tS|BsGffT%(j= zke{(x#R)c+c%5jk?BtAJ^Xd?Fa}<9wE2sW^{Ox0pb8Kl}hkH__26k29>u-2&$ekY= z?>dBRo0An+wD{LStRY&9qvxNPN`z0EU3Of!W{ivV6Ws&3UhXw)0SSf`Q0S5y`nI)x zx^LR=g}{vJ2U`8}$uEwRYGv4jWKml(;`?omBD25tG;ff6z|`0FfuXy7 zFvh1{eThT0&6WA)^`C*~j7L%JJ>&{0x7>QVLTkcul#AV4%J}S|7oy8U4vj55Ifho^ z=B#Jjp6mO)cm3f!+Sqqd|A}g`BI(in$B!6&f*0XKqVkab=esUcqzkyZ zc4q3lV1!G5u4RlCI+tO=?r|k^{<^HtE+VO~50j(b;-?DGKa}o(ri2N9V%W7&g==+C zlUAmqPRnv0tWQ6fHZD9_S!CG#W$vc8-0u$Dxwm$4SwEia>4jWt6Pd?^Uvwzw4a&3k zzu2nDUSnv^8(HjNS=l(HeP!6+aBDldOsKl4qVg`;#hD`_>BU();xmj}H$!kgk%J+) zBB3q6j>at{B!nZ!=IH{3ef$m6qLutD#)&=kV!$v+o1T|+LPyPJakVn*nNEAfN0(kA zOwR0D_sfaWZGeyzQq|>=tvBl@1!R-SRT}}DB;s&3%QWsQ! zvMO59u!>7)gdQI_kr~g@P#&Zo-)fDFK@C7W-sBJ((7%$p_(c1Bfm@|E8fwmLNJlq3 zQNM6Yawn<43s1WU86KO@l6LYed*s=1*EGY{)N}#QeVdI}ue~BBNF(tWkM6-M>&mM3 zXPSU`kl|j0U=#7cXtAy&^op_t8|qq!xBT@HzUu?RUXSq#)9lFi)M*J08^=G>Y}}Dh zkV1K7NV@kY$`(6tGtO*iWv`O0uzZ6C;|sQht8LD?yD*b=00V&x@_Af4DJjYSIH19M z4`tgiC&Tw}GUyCvkMBf+B*_y_3pAHsiBE2uOje5Lxb99WJtZs|kE#G3)hKcH z0zIF&QFVq$)qbc{l%9s6DPG8fV1HKT%lgRmv!*z!kIk@h70^s;IM_xENg7JxcHyH- zI!dZ_pRRStv%wiWXVekd1l&NHq@uFhqcP8?<>}SyW5?|d?iJctxLqOHTWlbCydi%+ zniozUELTIqtR1(fA=~8}Nk4;@AsVlNi3E4vRol%phiG$r>127;{eed(oKjNcN7F-| zkV?1fB26-9frW&|y%@5KdmZ|?R=2@{K~R3Wvp5%jGJNgewR5tVtAB3+@#Y-KNW0?- zcPEae)7S3A7o6^mJUMcl|5(&Zong=DKVuCPdDx~Z9awnnR*wij;BGVOi3naWkEXR= z_XZKz`3b)2etv`$NvBE<1f5YY_kZGP!d+Vj8KW43an#OcEy(e_ZqfOxMA(xN^8zUz z5zHrS?5^lF-{<76AaBXc1AL!4_UL$^!V?@4li12+)o!6|Yzhc3=b2}9X;$XJDUhrH zL^`l-OAS&Kx^`M5o7_zt&stDN%TqPsBW*%u-Jj#+xwYJbrgafOjZ|G>HkActnPI_0 zi4=4^bkD4x;mkeu#b$IR9_xpfv@CydHNmsuwTWSL5?pAOIm*<_%Vzk@{h|0_^65)1 z*T##rj7_IbW zFXO9m7rwS|y+X1z*+53n$DGA|6+)y%pLE%bMZOtbYVboXZl#Xbk!(P#!3vB?; zTV2-};T2Mhn4ON;k!QY4ix%9uMZ7Pp%J)*%$jG6S8k`m0CtcPH;rk2aBCEmf#CFrE^Z7P37zNON-yNT^dXZqcw*nPifQ2G)ve^07>SGFKV~wb0 zcRbv`MKVSlC_0C>YtpCH-{G;g(5KPN{R|jgN6lLBH#aMF3lWCuwbbK`E*q`sWp|L& z3quXh@Aj`NF1AxT>c4k$`aBBx-MM~JN)gV?t=2x$;v93*RC$F0ZW_3L^qlH&eVDSIP}+UfR6zX85j^g-Oaj$cJrBEd2cm9m08gq z-~Rjcc~LM?MCWjwe$2BJ11DsiwyS+skm$>L;Zt73qrWs!o+Dl7SSr_$jeo9L=15Rx zHZh|T$a(Xxy_^tJ4jJ99Ci@gJt;w{_9fj8WOhO}ZF3oBpFBpT1V*)p;&WZKmEpBe^S1wB=uimY^D??HLv-GzRIKbD|MW$1@^J^4d#XG#owp8aIb@`Kqnvh*b&fWqYzqSPQdci{=PlUD`A2+@Zn zsB_Ua%x^8F2eV}jmJU+7u+*9fHgJjIkZmxP7ypqfI)w6g>ZfNWw|O8;6a&QQX~I0 zc$5!Fpov9deWde~-qGG7Ese&PBn5~@EVV4Te0zi_wQ9eY_4U<^_0i={br8V^LpcDk&n#u$fT{S7>uilHy(p z%ANhZ_Osn&CuFAbSM~UP_;{aVyYJA(Af!3{wj6A*0kOP%n18MN_uu+oe~wClBQc?x zLiy|8xR(IKTcitH`HcenO09mc-hcf`nt%nqLqd|h1i{U=)Zc7N{WDiW!kb_HpI)Q~ zH&1bpEYSHol_LTF1OE(L_=e_6FzZRnGW+BS5&~N`^<^RhP z{Qe`02VfzpS{%Mn->f~U^UYUsPBia?{GT7=+ba0f_v~`kzYYT_1~u4EL_x26|G16+ zd^3~8dt`#w=EU#jcyY{FZMhJ9QY8-NIb^JpKltNKJZ7KFZV`vx!)X@)qf0WWLn-=z z_^ZLh(d9T9+Rq-rvEqy@4m;vrFbk?}PB4Z@JSE#@f#rjoRe*dNu9ZHO!+V(${|#D3D>M9M zHAD2v%nlXMs#c@zxVDl~tI(^CT1J9?kxoA42)Z<7u5&q;8uz{b$Ank|zV&`j1mh;F z)$A5&nXDzwSAvv~NlQ_9bCG>TUhXrb0^eA9%JDA3h&J!gCrVMF6+n+x# z0DAd~*;`f_qq7xa zTjXLv$F4((>~>QAZPTl*DJRFvvj=s~hj9$BdOrPbjZ8*;C>S!7jA%+QPW#GSEuKb! zno_c{rzgZ{*bEwZ=P9Fc%kx~djEF(OZEhVy;1WTAcQIaM>Jc?UbrMIdUXOZu>V3JN zlFZWodo909y9+W*RCJG^TQ9EB)2LJihXG0$3Vi~P&_oucUXQ9&-FdKL$*3o940)l` zvUYm{TmCC55)zX3$O?Qgx8pU4WgN2YbViIb4!-p~IIE^u~8- zWXXAoSXk>0NmxBHdsK3v{C`*1Q{v5qxl0b;C5;--ZDh$o&JgsYwb!O>d_x?omF-i<(;jx+@gq~)qy1w-btx^9MD$~i*32T`B zGcR!J6AU}CZ+1|_@8;B7Ge3v?&xajl07<*mKLv;bw*-Few7T*fvfez~ytTa1-T<|k zWig+oDEK~Is=KaLMlE5gDSDFOd3bQ3(7?Ua9jQv63jSPf&APd<6h%6o4(s>Uknzvf zY^U~nm&E&3m~hwE-^_7wJlgOMGao5OaCoqioqh->X#UK||GGn73Pd_;00 zPJge@6byhjoOMSZe?fN9FGKp4batgoyEbdt>>(j%ipKFA8EAJ(i}2nNZ}9kihIv1N zc!&1&^99oX<}qHwp?K0y#UJ&`R2J_TH@DLttn6aze!*;FEVZ}Pk!|qe@!#=$M$PBB zUBTE0c`Kc6fQ z3;x-S9LX?)c7S{i^AEiaToD2T>rz1?frSL&}cSQUnH!3 zZoHgQdT@LQ9O$3Ln?>;ewV3{^IyVE!Z613G&~^S)`PiUIXQ?Rf?p(AOqB;eF2CWb| zUk|V!Yo8T_U;gcz7Py|q#P1*ex8Q(~6oX2NuKK-Y&EU&d_uzx5>7t1Vwq`J1(77WU z5V83Kh|Ne;QOc_zvlf;iOQw8w(;g`iX)d9R*wScWgE)auW>jrQoA@ znIk4W@{p?*%pAldm+wbOI+&aZAwE0r6}+xE7`)aw@%b?JJ0$%lya#VaUw^hp;Vd<3 zew1To0CC-YeRgOn47W9)>skdv&LcP#WuuSpl0RVo6qt7pUi?l}7!1P=6Eg3Tk5@p& z`{OxKylw?(1DxWurFN@=QE_y^8VRU?lVIOecsW< znE2lAp<+q<@Id2-_lxZkepr{(P3l|LbMs8q?@u!YxpG1o!s(42$s}Oev}DDKCpau- zCVM*;%H!`xjq0=d2zp*fCw&1`Uz)R>@4jHLwO9z;t9f{YQQQiiBmXq*KAs%yu?TK+ zt=V+7FbU6DtYSqD9q^K%OChI!+fJ5Zpjn({rF|&AeH3wx)bU{ZW1Ua&>B&j|{xXz4 z_Zk4a?X*jAq~9NkxwVEQ#VVq%~G$m@xZQoM5E6u>8`pWT}V6GfA7) zteE?6Mee#SwCz_#PDLCqt94iWQOOUB)|Nmea9+rSNK4ce@PCHJ+^ZDK`Z(^}IMR6T zC+%0~T40zn!>G1>tnu?t-t_OTDJ9h16;qA~UUo;^#_dZ?-?R4-ZAMCC^{$sb)AcS? zkvXwIT6^HL2Rv6*cU@u**H`oB9VV@aQhmNGjWP04i>t?m8VN;$yb6Ed2EmDBw87MM zmMxVCb=o)EZ-Ic9EMybV!FhE1XtM)SZqm^&+Pf@QAu|KWBqWX}JLcoS6GtmmWFXIWTl`)S+4>~?cBK&x0&)qMe>Gwy{1YD&%np(l>V zc;Y3?3?sOrtNu9teSou=UOc!eHd?nrZR7qou0la19FDza$!Q_aQnO*tRyFJ(E)OK; zwOY#2Cd1N6>A&PaE-g2ouFU{)Jk*}4G4u7g!W9q&KnC$|?X2vCCG#9@Avzwp7 z$Bqhuwn|SbtNO??c{JbHibj=_CqpVcP-QTag~ZYg93%SiYEu%)7}gm*OZ9HTSc6X^ z1^&-Fx+K5IuLU;SIzKG8okHI`(t0zlf9<-NqjN5#mIvf+)(fqMVY04JXA4ggBnIK zD9T{J%EdV~HwUtW4IgIi%X?(1^@P&@zr$1jAn{K&x5Pt5J$JWZi8(PU8?PAN zk5_-jel({Ha1w*fHN$b0q1WYL?BQIR+u)bgC_!aYwV|w*pj_F#pMLafJK8H_R?3F6 zpZ#t~1_77D_uivH$#jGcQ#)e^)D-5pL64s_&@9G5dqZ66*0bI3sXmu#vl_O;{kHTo z3Vc+j1yl#K-}xanSq&37y;G@hr8?YTiW3Ujcw4d4K~4D%`Y^UQYJdc^yZnAui;v&h z7sGQz=4#a@Ao*uB+T{7X(H06P&6*d?X6T!c)R&O3c)vH+zOq~NaTP0)t=H^X(9C8u zx3rfTXrj91@4!?wfu5wg-rO~Bm`0oDE}$QyVk#gA8kp89|75>iOW9kxD$e#y^*dsf zK|`f$1i+(nCe?iE3~erK3dxmC#l?%r;XahWc(M+`gSk7iC`O>w%T^$B%QApCmJ zTZq9Jv)2P|M4D-S@}sm$Q6@NF{G~m~FXnqg>B7nd37f2{u4i8?o>yhQfe2gyO$i6La$~Y#(k>K95E(1#JbZy&JlITt;K$-Tf@@QXV>GYZryY+HCd*IvyJ6 zmUkH8!J9s@z-)f(M}zP?Xt@g}2!{C2Yp-fmqpuk6gLYj+^e<-mgQT~gxgtro&qBP%Yg)6C zCsRdj3eMnJ#oN$6_)n@xir>cZ3w-_?f>tAWiUZY=esq6qj!aGL3PC_q!Q2H}f|#8ET%Oo0qjI0ea_fMm_xpqOkj@T_1i%ocKHIK@L*&Cv z9;prjY(7la)pPB+0q+21oDi)do#q=EXxh~0E<{oUbtaZ8wP0lNvtuDbwcZuobwEPl z=d@}a1p-?vyr{73EkK=|#|T#zq!wa?rW(a}j8N-f zA)-;%>Z2Jta!y4E$z}GtSRw1V1}2vmmIjSH70|F+-*zXLE@HTJ zshe*;oW5+m8MOy!+AN9%N8n$)*vtJtCTy-v)gUmV_R1%Qa&j&>#}YKAj?88jx26Sd_mt}PWZDCuUM+d zLxQVxy@rXzKEMk*W8c`_D8OD8wBI#u^6X9(+>`y;7J8r<;beUD#92rqzWX@{()lo5 zeuvtl!XQXLw@+b4@v=mGFa^)DB>s`E%5dl;R_DCc&vEu7(#nUTvE24L^sdvB&?Cu< zlNg_~>F9suWPhABaM>1`h=5CHH2Rq)l3rdV_C#7+_NCDM)5R2Qs-6H00qE1`8$Ub+ zu5%!hXzaoF;A=zqU%Uw9T64_enYSegn6Gm5GU$EL+231a-0=kgRxcQ1xVknp(ZF$6 zHi~Zb>s;(K4U`p__6To=mb!ZVV_M{i*E; zgQaKO5cXIf6;D%2seQKZ?~jhn2x@@35J4DBr;Fpe6X7&oFQ075x~AK0Ps?9>V3!(! z3VEsBF_u`On3m2POk5{)P`a)wQqFuD;EGL7?cm}ecz{F06y3C?$Dam}zJ4%*`%sf+ zmBcMj7`! zwG2K0|;_;+L6VvLgD1CgouV&e0Z!5aE@) z+mr>{jMdS`bl3^ET~qdI6EQpx5@FoD;jDr^do5RkD7i;WO_WqX1@M+vE<7qrg4A9tQnRa0zefF#@B#C`b)79=AgoWvfwSOIH)G52D&X_6Bi3 zssC~34I`JlT-is{zn& zj1NXtiEF(9D6sr$01fo>hSjouVbSW<2|*xC>g&w(-w7@=iVC;g<=5z$)=B>)sX+#T z9^DI3a(p{LTVxRfmoYtCPS%$r5kh#h?R>IAVll1Qh{<*}iS+<}}Yizcv;1 zQDW{=+A@PHrVGl7g*!DTe(%injohZHL9v)%h|}D~+4=Ryl(|ypW<8f8EOsNHLw*pT z@|j8PO#?Ko6?(MtJ&EgYhBHg;(Vube-iv&3vAb2E=a&YFv`O`J*6r+ z)Hp_CuV#jN<`aBb)5G>0e<~@z(k1$-#ho#}Mth&oJ{PCs=SlKUP|Q`DS;jX#c6u5~_CMT_ zaY+2}ph}I#4wxLkS*6?%r>Q!-=nkeE8V zocz8Q2f~I8EkM)CMglj&yPKR&lksrps4$q{M%ag&J`)<7WevB4rn@+Aa z3B}k-GcQZJP&gQExtx0brArl~7mRRxA3C>53&4N_&2XjyLZghC=)kP7r}wf|b;13b z2lAz+fQnqp$2p~VVq!@|gD#^tl}zw*r$>Txlcd>;%B|aiPO9DZoTaXEJ{;Gl;;K!# z&;3J=NBWo`(=WuM%-*f>(NJp>1Nx-XLwdDT?x{-45tB8!vAGYlbhR!IaJ8aaq+_Ut z81+EF&L?@TEKf7-HVYLTOow#GGx~$kotb)(`7eHElrp*p#_kw{LID^e@H#L5L~8@+ z(L+*LoKSbK5*%nFY=IWD^sV4L{Pw{u2X*GR9&+XU|$Hy5;)w3miVur-1x`L5u>@8I#xO`UCH!F!w( z!w2=?KtyC}65EKecKO=leLYXs;%#vazl6m3*A^qWhx>KHjNDiGi=qGIVgI}V_g;!5 zsQ=#~GH!r6bwi*&Ag1N!Ex=xAIg)K)Sv&ttD6iIny$jX4s$s#QJsK(*2B~eQs+OxUiHvDGT5 zT-gQs64FOUsqAGP;?3b%45@q{sGjLI`!A&}x;abbMUEQdIYH6dMrntKIyf?D4hd{i zHaXC#bqOKy1qgLT)Pc=!`HFt~1y&P^WR5z^6G?O!aZJ%N*U`5u7M)QbBM;l)+McTu zfQ%TON$9>tIm10`WQ*|G=^!&PK>8JDVmtxI{|+h%{s&Oim!Zt0ZQIS{b8w=MfrGK%EX1`a=A)pXqw!QZPrjPzDV+QFnfC3R zDBAyg)thN}#Zzm3EN4i9wmcfI`le+rzd*C-QBj5@EKG&7JBpUdsX0ynbI?XoAPdYO zN(XGMzVSm2CTUe48nt2BxoFiIn|XWC{VIEAHc(Cc;AkzK$QL`A+eNNHN8Fndug*?+ zI{$d*4Bj$i*h#Ib00)=SPj+G(^f2O#&V;t_)iCb}B>Bu`N-0;MM z8&e1{1n9{^_D%p7;v)tns0D9Q`BMV4F+eH9gQgZ&`fVNs zaUB4Fc4(@-T*Eu_V8m}_`@Vp$WD2MyJ@zGCB*JmEq#`7LUwnMapMa&j zpUMk{rS=DsHzEDznVROSBtd}n8E(DAS(e%V{wQ|r#`(QP7 z+aFL&cy-&EWZP@04zjA@NQA?(MufaVB#vPrKU#+g;MU*XihR%}BfEHsc5T>!c8{|F zeG|Xm{i+yw0x;&~gVbQnu^6r{RfzS@Pz)Fb9fKdru4|``s*&u2JHO9UN*ti7W6d)# zPdkfZdBN^sU4TVKN#G@}Feqh{bIj3>e5kzAo8|VeO2of$AT+{3bx?;+s7G*6OD#fF|to+K{uZD+Usv*MD%wtc=`4e1XtnL(^$Ug)fTn^ zf?XzTH2saj2=G80u>K`?>dQBg`~4%M76uvl5Ukm{(s4kj?x+ z0Snu$!3g&2aj!t);!-gf7TqnKZ5gm!j9cWw-Y@_pr0l{EBhMBv22Rmj>!p@D@%bWY zBR?H+#2JoNljN(`Xc}_=3C0F-(AHE{NFJd9hSC_?J;LCG#xP_(&={AAx^N~sbWrPn z>;;4EWP3tw^3p&V3H@%^&9Y;4^t@Wm##biz93bdphSb6kl z9a_EX5dk&siWMr^FhsxzGM4=c1yE9SY%97tu1k$v&Py|-h_161*@{d~^^9iv z#A!-cu(28nxZD_0Bx3tT1WFdYZ<&3wTB=$PY7EY;ts-nFfLbejkFFl#`>-R9d|UL! zXP}haa8F9IAlSD(K9OQTJvq8|Bt*TZv<-Z9ij=XF2}*x#dn@@M{RjN!ZVc!^;#%21 zOLQN(T8;%83S>K$y-bKO8QsZw_1&pnA+x6m)D9RDXELET^=$v(ruQNc}MfTD0jz)qxZZ1x0C2vI{~m+=v2= zI>9?=BYlVdzlkBYP>`fZl{#0fwd{KXAFY<`d=z-04=%SP?y^lh7BARqQ1-w~d8z9$ z0H|pZtg7F6rFj!ZU#zxg6eQJEA~-HWP(=gtk!Wj8aFjVs@dRL20ub2@ z5k(0sFAkauZFAVhp}0At-j&ql-9TmkYCB^-uBMRb1hQTrGQcSr`!i!Z3Y~~sR57-SLt=f6pL>$E;spI3^RJMcs*!uL(oB)H~S7FN$8pY45Bh|1 z;4KrvjxX|?)%O%I|5dn3VsKHA2oNAn8G#tFMuLIjHd707Pu_<#oFNd<&9gm<{zt3_|YHaC%_Yj=Sx{_ckYhGEC=UNp3b#C z-V$&L)im5XzDoS?=tb(qRISR7yVjtE@z(i0uoKlx1JAB|*fMnXJ*lCAci#a{uTp*t zKTxLat4?GzzjL@|>cCKT?{E6*j*0+@E^K>U1{8ec!}Yj^Og@ABSfmQ~Z9%e7fhOC& zLJD9n-)VbpK5bG82+uj)b>|_}`ev%{o+>_n2juAZHQ8A*fR7G~k9UT>J0M)j-Z5UN zj*WoAY**X3oPsi|_LXUL1-(#A7x#YjUv(&($)%9PMRbq!Kv#e?M+Gz@u82Cc*^f@n zdXS(0WT;9Wdu<>u=v5O>lzA#T5wfVR9-iJ0iNls8&1;o%Sz6DXb+mhmI~it7{1~pQ zGNhxJmXCcil#JA963*Kd2M5n4^mrKDr-0eFF)D=|Cg6 zs_7rZPndo?;lnjjm&Ix`PZqf2A%FZ6pjRvaa6f1 zP)-@{N7bn*14DTEPDJwD7CLk$gS}xBP-k9L)LIGnB!)=~gY4yAwMy%8rmBOs=Pktk zpTDlU<}}SegUGTO{kn`1&aN(z+vDmG>+Da**LvmC-#mOzOTVO%se#Szu;w|;Pzk3p zKrW`(HPRy4>k9WE=XMqgjov1AJoX@W-pN4Go=!IrRI^W&@8>4(n&-OOJr%*c;Kp>h zD876$zkYIxxqH+hjf7?BChHs2xV`f*p5{cZB3V3gX6GM9nU^Z!nxtnr4r9=cZaL;; z(=}S?O*5uBx_>EL{WZB=sI4898^b<^`mR8dc88foWPag7^R7XNF#|`rm!@-zX$fCv@ z$kp;_5u-wpnE2C#P(uoWdm{yjd_30?0=ZRxU@72q3$qFX$PeCuBKSeGLZyLbwe_hF z03zoEYUBczY|`KJ6g|h`>64bj(|5Er7X`phbUO*>Mf`iz5R%E3IC{0`Q9y`?ZgXo& zpROyZMgt(}fpZ_2%_apU8?D@0at0?6x?2{Xyouv6!zKFs;;6 zGv)#fxDt;rdotBpWJi1SK7++IG}XZG>;Q1(T#6#}qz%CkN34`@Gre0}QO7e@`XQgi zaKuGSziPrIGdixMQArp!Pr^WDhpzUf0v@~ju)VDRtLg1M{9al1FR@fmNFx!(GK<4r zliU=Dd@+2TOZBF)&*Z0IG@>=CJBnZV8CMDUP7d#c-q;!Yd*Djm{Bb2w|3mnABJoBb z{oo*6z4VqPCyo|e&*dV%#myP%RM|bf@E5J@U;Z3W%mTi3t_tL+4fXeb2C_$jT#i9u z?SuE7zJiv5Czm@PE<9y;`4j2mm*loI_O!J}wkQndQkje@GACxWdW%LDa36*(yI5R< z3aBCAaLB689jJ6u+mN#DHMAH0K;EBk=N!6OTBGz1ZHQ zV~H(-sYCf;NrBf6oejI{b5JLlKjOINr1sjs{c$3@r6I#_;ancfYZxRqRj+W>&j?Z? z#TxdKqPtp~w24_Fk}$=lS5wGUEFrXcq+QqKH&1J2G?|WUI##WmpK9VTlXAP`8Q^Zo zvH6C*lP++4OQ1}xv_XZ>mFi1gIbZk*D5#|ShFpb?-~E+qW(4b=Zcq0Yu{Dxap9fgX zo>@eOdQ*ggC|Px9DH>Vjr|nUKa|qGo3^v_eQvn1{*RfluiodNS0g#BHRJR4~NHJ_t z0}n*R3Vwuqb#atV_WD9wr~arNGRHxK|H3B|S5Y6{zRhN{Qzcmc$t_3Z5A67F31c+n zwq??uJTZ`-yHUcZC5>e; zy*FRTaKnCce6V$g2tXa2-vE*_@Xj1+_$6WPP9?w-F#`$$^_EaSaQSy8l_dBC#R!3r zD?ILJTT-Z6*%$GlyhtVfDZ=Y@LPZ=hZ)azhGRKXw^+CVGCM}|amVlaCjBLl9d2fEm z^sYA5v9TT?q*%h^S-Mj=t4c(C-#~FqIqVJRq4lmW^~J=yys2L30Ns$cyd&5nIk1A_ zV%F^8Yd~-c%cQ1r@RT`z`?qo;gh=PZ?WPBsZ>|!HJ7D%5KO!q=0AH(3h3Q)@Eh_vA zYT>Et!ro$h1dXDcV8Sbt6NR{0E?As00Iw(Ud|ywN>4c)-KS@Q#+qnAB+N4!XE)*!D z`Z6mG3ALVOkaSTin>U5M$>vb+KC;8%xT#vvdo)eBrSH}GHhqRzY((5e0cD0{xW-K9 ztHE>tb+i0*Dgq6O14DTgH}od4n7zj@=wKi93-Uqo{3$p?&mX5txZ^q|9TcAe_D;2S zyWrQdKvIGlNOwTAzq&Qo&+})4W9O1X?}VijqAjE&JBZV_45rF9l@SK@XGx0!Qdf9x zBCA6Zm`}nmMR5ajfNtO0bI(@^8Kw*fk9Jcrwq~krU~fbD0u$?!@q)O%?YX4%d7e9Y z?%J3CB)cf~##;MbonVayF;e%U-!y2Cz@lD(BvRT_X1&8C7cGHp9S4r1?&9A6&)D=3 zweZ;Mm*mIQLg>Ed_~E+UBUuPEvxo)R_{Oq28F7vq(M;^TM4q`+M~GF_ezd(fQQgG& zUiS;VKt5^hM^#9*cQyTDq`fyN_{yMg(UYWPqSB1As1^7igVi{drrKY^D2N>BE=|)! zfi2URj)%k)I94JQ=%(-V2#eQ%jQulm+J_JAN@&z#OT1t=eDkLPEryqC*o1q21yqo; z9JI}|%QNd6^P$zCeweRD=8M|CFK-jzE$5Of@`wEAF6J)q!%~E8=mwr(GOkcAVKxW+ z-R6e1DGpp(#4qlY-#p_Hz1OL=z70Cw*efguUn%XaKsAPwd2y@CPLo#AaQ@6QCY={! z^;6;*FV$ZX;uoe?77RK?%-bTM!cA6>0Xa?qE{i*#&$K?27Kydj*VVNrh-z#)xW^M^ z`s4`3n2-f6HHv{)Sn%GmV%~VE?pu|StwzHi{fBaw0F4B_vo}mSdW@9*py}Ck1l1oF zD;;`Z&KHbC2yJT{wPj%}%y*{)B9{HTi~vI2wGZro38$PqMK+jbrJBZqfzpUnPr)*d z!$y%2xHHsM2#+xjeTci#Pjza#_&g9n{-55VKVHN`M$+9|fR40y2%VUn@6O(GST6FD zLD4W)53E$mLP1{ikyb7A!5smxp*Lh6fIReixOC7VNo**lX-7tdxl7(@PGW{YFS;7A zKUDL4-ULiS9H`dDskk}M)#H$I^F(P*V)Z~gD#&spb?y78oq#)Lv{9194sZ7W?EK2< z=w*OK2!f_Gr}Pnq-Np`$VSCxSZTeJAh=^|6Z@YDO$MfhS&=cp6h{`|j1AUfVxp!5T z#2TQ)2KCNkhKKFX#8w21Z|iTTXx5--fvllFmsR|vnW)%(O5IE3XVIuO-PY=)E_KnH zsm@W36$~=UfTvnYh0T?42L9K22ZSxAKvC$X7vfz*Bkqhk(mO)*V#W9?|B7+|Ep$P1an0bUYw5#SD|1+6FA= zf}MbnR`N+ zO8>Z*bW8vV+F$|{n@~g23kYIlvIJ^;UhxuAkUAZ0+)*qT3TE(s&SCO5NwF&d^(6|DqtsPB&? zh1SdA5%PnVzJinGE^sXExJLf!xGiuW9`A=BxB)iBQ z+FI<&8sWjaooFvW$uYBNVTl^erdFrF2?5L%cQBo!f1ZL~@k~AQc@X|sV*|$!5S)x? zeg+cFm9F>-4aFi5r=kMxIr7-*2<6}xQAvN2>+_xuS9?xJ35$a@+bTH{$#c!@N8_Jf z=-@Zsj!9w}aRU5EB6jDnC3+P>;gFTQt^hZ-HK<)mt-=E$oQf+N;vnTP;{E@NpltLvd4k-Ti{JsYeYbfD1i3n8-92J@Upp-vwl7 z5f-to4FT%{bKV=%b;9HIpP#s%kbNb$)$S?Z*gZJfJm=Fweg}zV%)lWoBga5{Y(C>U zi!ottnP15IJZGo0WqQ~Q6>_}IbEP+;FVme@515>e_ z<2}nh_)Q2g2;^9t0P)8*ICHE+6*OhxycoY-l&w!65zcjq`z#?E42Ys*%8{wML&RY# z^e=qt07=EbWn;(4G6Y-PKEXN1{yk{y{>C6Jb$0a$T@%R!)7ASc-rLfzuR$oR%ueta z?IzXs!UYwzs)JaqGHrjX^BRyFW4M7|Hq0s@W>B=GKTR?m{8CJRIER&Zb&#y!^OvFg z=brez3g0T8V)Qo@%*Jd2`0gW@|0=!dS(rca0~fshe@+7ErU4M>Qx8*%n}!qC>{RJr zd5(ws4T$|b*}OK|8%B71z70>7i(Jc(WHC-;OJC`OQ!v?MdoCoPDVF*9h# zbx_!)@t4$E`UEZ~A%9FRd?MBpT)_DqNDZ!cpBl*ok)~V#2Fmt~8^(*pf2ER7r0BZ^&#>9EU0Ly~$y=Zq$znN5Jv2Ii>vZAy zFZ*(50$Za>@!`GxO;0l3qdw$c*oeCeK%t96lu<^s>fY1f(8Q>-8CiUU2mU{leFadJ zZP)HAq7o_~rHFK=ba%IOgMf6mv>-@#cejMFLD)!$Aky94-5|Arb8q#l|9k&4=gc^c z0y^--z1F(c6&#(Y z9X9tVUWD|5M`E>ZakM0%V2)24&L+6{NUrn}Ot5Uj zH*e)l`*rhu-%~)})cL-}nAtR3*%7`u9o0IY$*b}1Z^oI3+FFc`f;LdbS(teHe7N~} z7XNpgG|)nUZJluLFX$FxFe@ufsyDZ6%Hw`~dM(*5!;W-vPtfam-anNzt%P@$xiK-5 zn4Ov29{qgm^YW!pA;99hHzfy&e_c(%EX0uqWK(L8SDDG8cBDRibzT=3tvK>m4agW# z4U!EFu>y&1L1q8@3bHGTH$p!rN$$e~?k@*=LX1Eg4lsc161FMM-s8l>wFJVbd`aE7 zD&ua!{_j)%Ir?7umzLo$Ww2Ppw`PBpu&Y5|yOrm`c zT)0N2Ni3bhN?e9RFcd>3m35j=QENS~@CeTtNLs#t6ndF@2a~Zb1nHd#w(d8WNOIX6wjUjbKO+~PluJIN4xJwV{6_PneTmT{ z>>IB`ox~^s>Q{9&V%U*7>VMC@@YmH286jKoJpOh)4Fb4}sNOKE65CsQ$eT^~P%o-~ zo00k87kwWrP85(fv*7PL)ycqb215%ILdwE+=u{|&ehlJbqLFO+ghg+Oxk{xVL$QQu zNOO;k%^xBzF&fVC+S(4|b(|vnTKoW4AGFGGZL$6s2vSss(ankxVm;08j8v#Tb+NNMLXy%o7G9`hupK^PM z?0nXkTN?0>oyvb4g70Y2kx*MJ)GKcC(|rh(c%2SdSf2iR#C{!;h~inw9k+_Z6qzqn zi=5XPb;N*p6D|&Y_YJ(x4o_d;{bu-Z!hwpw!2r>3zYPznKwI05R#l>6D+d-ss6#J% zL{%;yUs!j7J@HVuwkx&KhmklQSDd4hg8_BLp+B9xMjWFycXSButtO4n)z2698||Qn zq+JEiN)Daokd!kgi`fBL3ZS8j)lViVfc-F+kzz6wjqR$KuM-Ky zsmKR$^r4k^^LpTYZXD;Jx*|5m#+VTqy+)mu#T7lvy_uZhDaoVyiOsW+txFwLCk@3P z;XlRuM5#$chqf+}1@znbb@F5~=gf^I|KlS6qw3b(_x*>rz*iOEEpT4{p%l*}jxkDr z^7^`;Wf9}{F`w6Et7>3~{lCsrQ0zp&i5l=NHi8;Hptf*Of)!Gff>2_g9JP6jztCRC z$M;I)r~_yMZEVx4Sci$pK_O^A|BZ_Yph5GF^;aM8Nton!Dzag3*R#J-7E9NRY4Ndr zC8&c>UcjqVg6=$p&M*%s6~gqsc$TSQv=$+?J@hy=%a6DBYu7LzN{ou=Umg42b2Tv$ zJGMw#xG`GFfhFM0yL!h2NRJ^#z#l&&sni0nFaXW$`QXK|`Y4HYw;u!^rrHDq;y`!+ zabROo^>_WKTAc2Ub!!J&3^#Ne|^Na5-!QF z^mJk3_;o6%f~$J(qNlQwTHW5Aoi8SbVuk%TX*^ERK`I zSfd0g)8@d){OPhqhQ z7Vcz zu=Gy0H@ZR(v>nkdWDtR)9G4`aCr9&*#TuV7AxD2CSXy(~PoDW_S!(A!Y+GVr@z~s# zU?LHPR3&bl7jlgJScj6Jvsgwl|JQy0Pu9%u=K;wQz7w}J#X5%1l)eMNFrtDeGyj6b zQ@Fu`aNx0GEaVWL{IS&mm|>ILD=SSi6p1wnRUdhZ+WT8IPnL6Q9K zky1L)vJPf_jm=~BUZ2rb6Nx2UX(`Dykaixt-j7;|5#Fs$gwlupx>T$(`>>m1E z@3TEVxHSR&h1Xp^kDtO*ru5Zr%lKWfJfRRC%LtSg56uX$n6t(v9{k~m{HuTcuh|ZKDjSaPWuMI$ ztiZnx-5qX^F|=+2q*p3LJ`ABuRfQE@HX)wiOY9qHbT z#hLqj?mPRIWq4ixY>ob}&u|a?8Scr@lKllx>cDrs44w`_V4u|Y#Otu_1-4?1)gkJm z=R;zKu16#HXq3x?RZM!?fG%A+{)YnaWGf77mC@?LlA?Cmd5XnVRbLd;XcvyhqP+Ee zkf}7i^1x#Gax#ub-K6G+(-l~AYBktAfQ$V01m4n(N~KZpr*mW2NlFw85hbq_hYb1L zHa^N5`#gK?g@`8ooR~Qu(||}B1!Dq}_yD?c8v)#h6wa;%TE2~c=Huh!{#Vug+u{NL zU<(JuUyI`${C7BiJ0HpXnu5$ZP@2=IFPDOOXmTuGHKT;zmQ}RvO`T51H7|^#f4EEs zx*5?IQ*1dffpsz*y-AC&#IPl!j$q8t?_pa~fZv1UL`C;wYt9j?Oru_`G!>x!+?BS; z324%Ak7q!r(GuE3u>OC#1Hg8M2@Iu8hsZ69@P7d8qe0u6uh5`(zG^jys{mL{>YvMd z>06oiKtW)W!#NL0rcG#pV|{dIMvFh zVs5zY^(Ju{^{k*y-l;140Az?;FSH4#p?y0r#T6d+h(_rC5N%yO>$W z_tEfrD>wnj8HqBP+CWW>pTn3@mkZPuaHFgfcB8fZ5!;rxWmFa;R1jeIYPhfAZWKKn zjJa-h6>-<;qD#&l2r&3=uBb=LH6!ky>}OR-8-4G~8C;UEjfl{k4`g})3LK4c0lI3b zR!RuYMdt|ZbIXth_KUh6C$a3_n~<)^u6a;5;7zS^Crizm^qmun8Ba9W!Ed-TD4 z?>Bc>icv>Cy4gZ+7d|yZ zgx_O*3gV3e+I6{-VU-?h;M4iHM7h6xVS$l6_`YwrzCVQjpe?6x3laBqQH~rSNE`GM zv-A@?X%Dm)J&y;D*HfQ8if!UDV*&f704PZ;R;O!wa?`k&&E0@OqjcscR^aXAqm|6R zNCS{wWyC{Q`>i&2X`p$yMyGa$J~`PMZI;$Nv!O2vJRh6}QmG<ysU03_4wl8CMX3Ei z@6NNd&agY_5mz3{`p*SPOFjGvV^BD`|LbUejS7BltL&5Btpkz#1sH-21q_(Raj;nq zY9Ct}r@=lx`&MKTucUNX@2FlRx+$KrKn+CsP!CJO`uckF)4f?AQ7*^sMdF%t5+*B2 zT#LyiTrb6-0Qb1Zm*mxN207vGZnfKAzco{P^hs;+>wTGUI$w}pdKvBh#}iEru)pPF zxw){ZqGHF&rllD5nrbH^5&o`d`YsTovsqxdpY1jNd`S8>;)%P*>B&JBvoVTt4A~(_ zEk$)&+1MQ5NhS(Q{0uyV zzVJImBrALG_njhz-zmgX4;Pjv-iPw8JG_!$_EpW*{uJ4+vwXWL0v4NVC9j>goTEC- z($yJl3zL{~%yr-3VTV1x5Z4+n?=9Ay78lkpKL`)R$TdOo&Sg``s0zA7OCvgAQSVG( z;|ovBu=Aiot_KK)RGRnDNDOen^l)J)05)gEav%;b|3i2~ku$?cg?jSMvtgM7dzv4b z)#?LL2FlJHa_2MjDdX7|sxqC5?Gc%r3aWXM=J<~u{eH^+$LY7Af#BKidwah>j{1>3 z;xX|0Q2MCBv@!j8|Kw=Z68iR#dw13+46fP&J&D6kr^tfUU|!(#n41FJCZf1hA8K{i zt%fjfOhm@u0{AX})X@933&O6VYpn%{Agi6R@laQ5;`6$p>a(X%&x;Rz{b3K#c8ZQu z9X&5kf-{=m%E8U_ftq3nSde#)pEcF*$sZnzq;3x1y4!Ldk$L*q0M1-Qno|1q*T(lp z*Ak<|*vzK13XueS!%**SW(n9-lXKG|L4R7KtZ|py0DwauPA>vSv2(H42Q80}uD#lo z%X27S2zbjE-|t=yF~%%5i{@>e(yG~%DOIz@@GJtglQRM|0})2S$-mDdEBH}gmgn8= zElxsXoD0hvhx=Vj)lA2cNg;H_aM52MN?_${@;SJFJBm*!cFtdDv_Qe8i&8G`l8Df& zHC(0OwmTpTaCIie5gsko)_fe#=mgWWha7Z|j>ZG|nlwn}R8uJAjduh~+lx(sre`~o zBf98i_FLbfr#xG2)@e_MOlKcWULR#{k zTeaI?{p8cCcHxmruT9cxb~DX)ZAk@eBzai9!-w4&=OBx5>;14|z;H&Ya z_G85@l}^MlugmaUz*a-zR{frqw_=Im2gG?)CF$YdNQoM?7)!w;cIVWx<6&cv4^83? zRbi4qZRSm_8?MYwkKeTBKMF@{x?}hTutKxNP`{%Wu0qDoHYO^V(7mZc7vchx^F7ot$qsW^a)I4aK04Z@g!jvY zVg9wAXvJBi=FhW3SRx~g@kl5{S(Giw0-Se)3<2r1kXjj+R`ud3=_TPvPj$lOi;gcB zb57SEDh4PkX~CGvZl8vR7(@hXZ2*@Eex(lJ0Q7m!`@v`7zju;(O8$)2Ds;Kzj@&#I!04+W5ar%cR0_n*Ab36QN z$g+EQCt``uD(D)`i`sPkBvLG7T)8BBtM1L905EI!p3MMqGdc;8VK&%@h$3JyQ?_mB zRBgY!J_OD*`aO240R663PMYRGQ&)G8PP62&fdN3JrH4bEVdb%IN2-O|pY1Z4CH0@C z@lHGm!smLT%lkR_{Kt2a=^jnmfl%BEe>PWOngNx(#d54z76S*4Vu_Fgu=J9wT+Yje z5472^NAGswAc|lV9N&|ye2^H6huln|peaf!-kUWSBUoY>u!JRWliBKULERA$IxcOn zlDN@2h58~NMF3cNRnwhr%!NFm2%=?m+(N`jKJ2Z=q-6YIjn8J;ne!=5HU!pg^nxCy zgwtYqc;ZwD93Y;FZ!Jmc1U^pB$^KS2c`7PDMz>i6tmoqRy=dI#>=s*T3gaTdNtX*+ z8{kM?`sf=BHC^$~rt?2X*UHep=G7+}9Wlg$(DgVX2wMyl$3eOywNPuF1IiEBg~JBH z!qShKv>`@TEngVd506nSVx_6$^@^g`(Nk?51Ft8mjkC&9*HN_TmCKRSc~9pXX|sit z?c)x%&kr3>78Wskdv39FWfb2qn@GxiGU^zpF@NE?U+hqmAn!I1l{@>UFHPKoTQ^zY zeKd&}7L1VJGw(UaJ`(?M*C(U(G#u5(#RPKZnB?;Knes36DOp*~Mv`l-W+~5Kfgk5Q zQm_#kZ#FYANAs94Q@3hB%^5~Vrwc=ir@E05e6*NIO*|q*G4%bVo~d~r6sfYBpqU0sOIIF}hm;$|4~lnDV0(=ou* zNaps&l3%om&+$Q?EiiGXw$FKs#bV-gK|xWm-J9xqCs~Q0d$3(8UtXN|c3a(cwU8cI zU*Rvff$`;^r^CPg@Q%s%-m$nM@Wl=gkN7^AWshqp6kbd&{WKCR_Z7mQt5SNu-QE~v zQOS029Ja|W(aWjCXd;RPviFrzW+Ew6i^$H*dB5&J(J)c)+%o{_^Ckjp z!P^*cu#&35u2}KI!{Q>%VXY5?lW%86Ek75_a-oG5Q}^}~zPkN>%0dm2HCkEmgFkxa z>topYe-|tgJkJm8Q4IC8-NV3}a(*f+lTeQPtJ=XNUIR_Ku=|LX^YpWV0Df2Z+yf#$ zfBm-)d<8ei0DidPIs3^H-t{4A!LKp>EfIeMJ-|TpNaWG}9z zc_cvq&#}J%6TZMlli|*R&Cg^}wCW~P5QBuu&r9UbhX9)!G1Hv9(qDh-nB7Jt{Qgf{ zMu9iQr;d|4ta!uT5#=K1t7bWU$&rKud_E?*FY7^}I%0cemjjwNLG$6ftZR?NVzTqa zJ^cETjjHT}_p9oR*2-7*cUl?mJfI;$w*WH(wuPRB6&CzN^uqw{n%`h3#<`5|0qsHZ za@gNi%m~Vs!3OzEtlUx0i_7?!d@5P}W^YFrGSjlH6cLamI2}!B8Q9ir*A}KXJVxdp zmVO01?;gPmiX4A6wMm#+flN+_(g~DQ39F$6_~9YM*53BVQ!C?5)p%vU6q-De+h~*O zrj`r1Q}j-diuhNe;NX`C==7kG$zYHo%Lr773Pk0V>2Ya-Mgj?_n!wi;fnB|Nkz4U6 z#a}l>91cy1Gm0-T-fOLBF^ypPBccVz*1!GY%=oL2N~hj4=jCA_8X>jnRLlu5!~eQp zBn^Msz1%rMj!k7RGf(EhwsD2kgHXWxXq>t=&@~^6IwnfHD-VlH2@w#73s~prFJY5S zr&q27xQTYqAoKZVpU*rfcoMoYnGEEgg1W}f?&vmozSnDVH^Rk?kj$It#;phz^VD*5 zw$BD}rb?~;_W7*oiyKS%+fJul^tuAOAU)2Y)jyl(^G_vzq{Y!a-G<1l`eU_H=Um}e z$jxu*<@hXy4h(diy16}9SXE1ggx6gQz74ikNJf(=K_S#2u4?53b|JIb=oHI26~VVQ zuM$aD;26&ztK|X80z+41Enn8SKPVuWg$8e~fI)Dh=YZQ|=vxM~3#llxi zZl6V(L+H*Yl-1ConMqQAVjJ_Hm^!Kd@B#=K1_XXYLhv9>A=g2nLl@Q0Rqc1d4vfk) zqr_={j`T&!SlQO#JMUdYAHe|qh`ReAg;+7dqC{7tl-v|r||G>0+uQAs5tB*E?@pH|&w3dSS&TK8^^rT8<%G$F7lF@4pZ_WSuv z0Cn6rx!-mUWpUj02EoYVZysB8X(T)7_hpGM&JETpg8}T;bEU@*+7yA=wZ(in6JVJ8 z-W1MgUvUxpQ1=+ZyT9R>d_zQL$MqGr`zN*%_4%yt>3D~xK-;|Wy_W|pI$cs;8Z?O+ zC=0H4rjWm|p6Ay0aEH3yVi@;pY92gOJzD9MPUmLL4|}FGm>GlKH$oubO@XXZJ}5~o z-32Iza;X8_sN*1|D(e#TK0u`B_9F)h9GI2H`+AEKJlvM5#(>) z$EU3~k^H3*RB00Pl7|C}Jm#yVwkV9 z5A0I6DA=Wld*Ss6q7EkqcE(;R=ZCZh%u6xIAe1{`r#!ipWv^i!y1DvkE(3Uc6gb_< zQ=nd(uWt3S8m>GHZT-{&y`NH!=8SH~3QjM4IjrN~O{xZE)=ZjG2cV~dCB!3XURX$l?kbL_mrDB&R(?zVfaVm zo0k}G^Fut&Fuv|*qWENYQ)l9hR2U8)!1a|9QvOcseRsdzd|5jL9vEV>1qjT!cgD-F zx{hCf{MYp&Hy9~wX+yNpqb4C&ezNKTPL*6r)vG7(dRdtoPyB zP|*z^xu0)PyRmNz0qWd1)S96`i9HE4{rNx7ChJmpQ(Tm{#RIaiybs-h1DjwdZp0|P zHJBP%4TccX=QShVAvK?04}+!s)^tM|mhoD1k^0zJJ^1#whO7}k9dxEmg72pPJR!WA zIvq<<#uAoXs+Jor|8{f3(r>d-OI|sZ!b=K|yAE@-Tve!n?AsCS-rPvzI@RUR-3Eh( zC48nYv~1=&BE>_#?yX*ZEEQoy9S0dzY&_}$VGk?nHG%vFgl=EWfy)}KRe~YRzRV| z`L?WAyE5hb4U5DtG~@S}@Snf?@!g3~YhNN)UZ&E~1`c5tsEy|R8M!#hHOUdGTg5Xm zQmrXWalCGZ?Z(50HF4bZ`o1Y2HlOe~TS?D0OeKcwfBi-o$D_a|^lquh4H%W=%O;D; zS0r;PdZuca@#r=$(xRG&A@Yc~GRl{>7w=kK7$*0B+x+WzrOZH0r$9HUOAH%+4|3&_M5qLo!rLiT~WPAtB(76Ne!ti1ql6NaH0-E)PDD3+%s`@7(z z0UCV_gU%Ou;FK7ji>O-iD$HTMkK{zV+T}T$?W8uqfxf0s<0xrF6xTVkdz>d;n*SKSQI&ZKZ#2NzFU z%x>?0Xw&DX{T@AbgzKbU@y+HlYsK^!HzsXe}n8S`)GgKlwexH zD@z!GvkWOpGGsS`;YuCoU}YS)W;&HWi)Bc7{Y{BDm`_F?V|Q7qDa2RMhd5q_TT{q?xiS$*=1@mRV)3j5u=+{w(r@ zA8VQ$FNcq?Qy~oXR!)senf+-w31Wt4djbh|6<~P1&bjW+w1ah@ za_qKGl4Vqy4JZwx1I9Fdj8;VA)>vq&Zx?_eV6a>_P*p#5>~wWRvP6XDWP>dQgbrmp zcdpji8!5k_?wu|jx6MCwN8OD`38bu%I9Hu+0wTdFD7<4OkW&wM&? zn^gf!vlMPOB74ZQGJ9zmd24fvTBK%p#sunmq#Ehf0X{x;rQUma;G--wOr7o^w-B3z z$yYg%ZQbAt@#+u~`q)Kx-e^nXzl>Flid!~Xrfr`j4g(ok6?8PJQ}&3y1M=^D5;FNe z`7U+bDvK!=Nxn!&Qn8Lh;i;w1qKn~FwcK<5^06SreBvt*xQ1ADVehiKg=KlNif7AH=0{MtT{*ssmOLa=sa+TIKXGfK60KxpoK^Ydp zSKRuMt=gKH4Ja1{B<iX^q_!COF=b#f z-!H!JBcX$Nz9OCz2<&}-kPHJVF!HuCjWWfftQ58`8r2IkdcQ<-6`lyI1a4hq!w)aP z)yx4j7|G4_juI-)qt}~N%{e~Bk5c@60`&Wu?rULs+m|fJDX9#HDY1%`eIkO`$Cmp| zsFuLXsyW4n03<&qo|D?a*4F4X; zG>E``yvJ$w-_9JrIR>v0YVw1W!6aLWvb;TB!TM%GrSv*&HXH1BMn3n?`@QR!;_A3z z2?UZU3a8}_1AH-AOImg7f-#@a!E(s1j?H*2#_8UuxU-`LC5{XAcSUz#cvzycn(L#4 z$!$TP_YRyzCOk${uMKw7lwMYoy{wAUW6=8|usL$*EbNb-k(U$q`0&Rd%a-SwzrK_* zRxRf(sDg0$(H5@`m10S@!3jq8aDRwLufs@=n{`*(rg|IBocdRin$ENh@nlL6=yLzW zQUch*C@16*IIffn1DkY}?LIotd52(9;sEqb^K%|R$2*H#ogU$J+%$GOjpqSk&~VbH zYPQB8I^<>zDya1_uTWm+dt7=w%21(zU~jcFXSs#Va8b0_Lb@2z&1Yo+Ua+Qg-cQW~ zU#ze0P-|&Qd@U?HXwszW97M!k#wv4M`eeyfNb1*BQrwIdh>Cm zCpwzlHjR`u`Nk9Fqh(ell8RspGQ5@}sL1}(h!edI09c{gU)f+Q^q(EnpTE8v&Wfkj z{Xv5i;Tg-RDO7rmkbAdKfL4hNZM0N57=#xW$~-cK-WL!MC}}rO{)w-e>V9e^x7&zU z>dc@KYVp-eW28NYu8iE3Rv2G1uuQq5z~NHFnkSKqZ+gUBCP?gQZ4#*4j*~R7B}llZ zUYR{gSD$X6rS1pgh^*FV70CBx2sPa`Elg{hFaBt~J3Bok1@z6^96MN^YczC%ON@)y z4PI9SV5`_ov8Z8(?hPN3IE}N5H8FdVf1*jw>Mg2&Mc@i1?Jx^ht^~qUL20l zHd@OnS-sjJ=9&OizCeWzyHdxKN<8RELmZRs7mo6X2Ds#@RTNrumHuKy)?16~6XM>x$b{?*z@rS_B^SWgHPl%yoWWDtwsS zT_Vuj%XAodK>M=X7c^lwRrYw(z*SSmZ=Jg}ffI#Bg2RX@F&aDGyJCr}#zcy)^kmsA zc)Wb)RmoBGy%IVVRl1iIzFl1QhS=axv*fCiq7_$_ z<4Wk{iNNYy+Cc0EsI)7~)uChM^9D>>vEXhEPt(AdLzvlLFNmhF8fSMhoQ!6_=TT(o z*Ao8LquE_-y3bV7-wZ7D7(avFTcot{bBUuijTs>44=kT#T8>+PW)-zYecW2{?ScA} zP&dfW!(~e8m>KA6WgZG5V_?^sAvbG25!Kg9tr_;JQ18K4Qxzsd@6Dk{ARVcEU{>;+ z+-X1sYyuhc-&mV6@fE>u(L->H99DZoQ$5?LOhLR{F7HK&rHhFUog%M*T*^SAVS5O% zE8u4&VSdRDeP`a*m*34ErS8FWREU9b3&5>qJhPMPL9^?f<#}HVsqq#7v8QeemuZdV z`(FFxm#;+#kP+_!SfM9E5f2nUYOxDWV78XRc`?5K*w^b37S4MVB+e-CE#Dp7XZ1`HFp<8(_fyQ=73~S?X<{%rygf7atD?kINe)i-B)FMVEP3X)Qyh~q130n(*BzGt|?p8c&q zBpN9=l}6H>E?kczmr8DC{#$he-T87A-}h+qy}7vxnOt)+|0+{GkEQZ2as+{v7<>zPW+k(wxwk{OsQy|9KI*_RTQTU46rCN1DG2Du z=B}Ylv8?SDFy1oU;&}aqn*zL9TT+UD-JygN_>o^R{lenky~9Q*S=cU|3PlqL1srJX zw`TYMb3O5gY3Vy4lqKSUW|$qoc6E75%XYY9P^MjJR-u_oCzs4B_&MQE+x+G>K2&?u zj1wB+!pZM*BYcr};s7r&5}z~*MXo4DveN_QD|1~gHDBL(D)D`5)byiyY+6JY#_DB&s6zm^LcOxT2lH9hJry1Upat&9-^-#2AVgtc9;zWwp0R7O654&#Nu zQrUJ#D>=?fYLm!=PythXYpeBgkuJO0!Q^rOmM466c`ZPkkK|!FZA0WHGkDk}Id1n9 z$zKg2jUj3HKCR0xl+oToL%T-+0J(MdrvL=urPXl1KZ8p)Bu#4uhfM9t&O%Rquv7!y z8y^4v_lC{%cOrJ|7k4N?Jx-|XKnAJTfQ9&G{_8a@m2=4(VIGM>=s62X(!lHNqnqpI zwk1YVnbm}_6xL#)J+`hvLLX74t(;3v=KB&qURJ&9Gb#lR=*(){%~yk6s;S`#raxW{2T(2L^Zd&ap=^8bs^B?Blydv@E z!g=vRi{F6kav^-;VS;6(@cp@K+K0%XBd}BY|LzDDT*+U$j@gyG%1)|mob$TP-egJW z;*WrR#Snz7je4Wg>(&ZwJ4jBBwg-UREPAmaDhi3=m*FMtl#9T_x{%I-i6+u#9oR~; zS$7eY=#@b#O(O={6oo%dg4K3sb?{TZc2*kISE$Y0E@r}f&>EG`4j{Zq6Dg1TAqv1z zX}~Jx5cjIU1t4;lv_6kQsT*WF5Fs`d2c;k%iPgnPVG#n>p~Pq0df-rL&D6euS?t1x z#S&Sgvd}Pp{p9NSLeOC=#!*F^&F|&MaoT$t^xV%(HzCF4{&ndCM`&&f?)*ys(i9BlSMhmc!7Bv57_rxKBX_X_o+uky^RCD3}ys zb~iDAj}CzAdztkieDL$bkf2A*vRln6uU798l03z)19W6huoK#>wU)6QyA!U8$^kZ& z>|N{y47q{KwF%1qYjvTct82dg^Ijag9Lj9f`RT$q`O99=O6|>P26dS20)1Z`sVg?I zMPjWk_4Fk_gbcP+kAm|7CXv3Ms_fR1XtD=A_cI^DT`UT?Mqv?YOa6hC@-b zkUaY-?>fnge4iDX7Z>J87aK?VTsftlC!y#WFp|1~2Nfwt zQ#uj)1!e>y*7}t0f4i81<6ZCWA>6&JiEWP3ArV_n;WNGGb$jzo*fu5?hR;<893FFP zSU06h%;(@7#qBZKVRra3W<^rER{Rde{b@}mIiB`!&)uA|M(<_v^78C_E@q0zvI~1J`2faGp9l1@)4*NG! z$6bn}2jke!rmW4+GIFIy^*g|d;L_6mDI$Ukyc$2&*g*NUo?RgNk81p$C@{iYhwPAW z{xw_8&0Pu&S%KG6gwFrn{=z>}nJ8FOl5c)FBDD1q=gA>o@HYwhQhsaSW-HyQ4Z^N? z+Uha6M8^3nVX^HJ{s;t!!LCzREM@7|GD4x`QjlOmSgsie8i|t6;8g&paqY;cmG-vU zsneOZ!&l4mV(n3$xf3zDYy)bT&2OZ}PJ0~AP zwOAbQTEzqb8@yZGiFCROyW9`e0M_4va= zIt?-1{^l^QL&eqTyuGcy5g zC**S%kC2FIQM2io6Wsy+(`bP3f1ep1}glgOwfycrzJ^<~|z^{9&2I?uG1DF-Z|5 z^Ohgy)M}136;7^_?^g_(8NyQEhGUPc*Gs8h07Z>yhOJeNh2UI=s?nuqId>Y%zn?7J z7w~%>C?*apjSIF$rBScB@KlSL!#8IxX#M7!&yvELW^5**Xk|a=XnJhR9DYL3$b$$a zcG;cIRW40ubZTr=?Bam01cGV4hi1X|3P-@VSn;8bp(KuYYy74MVzAr?0U(5KwW%_7 z_+*s6c~9N9koeRhx#=5d(~a}F#QEuZCe!ADZ#=Yr8Dq1$+k6ZXeX8Nqex`kOb~?ng zF$x^DlImqYJAo&RH;B}&>@=e!RB{}E$3Ptu|FQyr)}DT#ZyYJrmb#IpNi{swk68)W zc~Vbh1e%$7-1dY$G>ps9`kB- z0*@QswH2$had$BR+Mc#NAnc%z0TX3;i>Z%+3oMj>nI7U62J$+c#|>oqD3pT!+pWf0 z6vp!;)Eu0x`M^CFO79U;z{H~^z!sIun8=*5 zOi(V!wjB2|UoGi%0^m2W$3#2ACs5j|2i)vpuez6D35dt~HfGClgqJs)4>V!iOc zPWyQngT=KAMD}3Sp&~7oB%CO(Ou(4Gyff&?ihJ*PpN|4e<6t`?7J(lO=g^E9b>jm< z4l-qJb?aGk3fsOE7zSDJ>pM-^SG$s>%$Cn=OCaQL6#WJk`a=Nn|xJkmy0(L>82+cOIkO4;_?>Yz^ElMVv7{QaMSfpa7GaE?Btw82= zeH}~y;Bc{0^^m~}hig?iXu|Bc4Tdo~5;menmKVIS$78GdqK`wq`a@R?-EtZs$B|ND zYb?LMoK_&pdwowtI+Y?|MlIvsT1P+fb(-5F*2_sV(0ANRzS1-~ajXQ(t2W2ylR$O8 zG9Nl8Gv9u&F9vH6gs*qYVSI9*VjlT#%Y)$~ARr3?K^_ihVrCgi|1KM}p!KRk_;K5d zO@ozNU;W{^dMt!unnId99(gf`s=-CV*!C2y1C%lNbWN#CqQ3J zWTq6r<}vRg!Q+@aQcjWf!55*pNjgmbQ~NBxiVm1);kpEQge7Y_4ZL^5`t6jRxuDqJ)ZrNHWe438u9WLrMcA~ zSp?)xWnG@qOgDxB&`2?tVzy`RE5RZzD(25UEjo$SK?eWaztld?$f7539i?QY(N>D0 z;X7|kERJ@WujV$y4LO|ck@}%wqa!^+aeNhZp}%fbT&!N=3uU=7Kiixlpi^iL}mBE#ALzl4FBg`ntjph z$ItNb%PiMTM#L@)ljwcUug(h693ERr0Jc(`<3ILBD)z8&q?P_ek;mN?R_4Ek=Ad)L z+@TMo|3xfl*%x~kAo*g-O>#4(1W!DPd5T_ujQv$eRt=z<>XwM*-qg%=4=xC$Q$eLt zBy*c~j1;9K^^DBGpe>v@wYO?MkQKq+|4q0!Lg_N^3XOorm>^?BZxJ_gk)gsG9VK7Us{vh`o&U>QLS^+ql zz?qK4>d8)0$n!Y*JSqJUy(Z5xmAg(S6$c=TYhLCB54121MfNb6#{t3|0rXuPSk-=V z1eO2>xLOB{_c56qUS;BM=$pLD6g|rfeq38AEwT3#Hhh%>^%}qEP6Re)VjH{!>>@v8 ztErbV=r1{JCsTnT|60Y18tdVAmp{!d?RNm4R-^@%MVm2tcH3c=S%dxJfcA_tKp3UO z|2-H}X5s;=$b|=qayLj-3{UiTOzRrLS)OmWi6-dDq~pu7weWR*#LCCGMYLcB?;BF6 z)_&7+E8$V%+hMT5_nCW~_EzD0_kCSTfH|vTAFpb#tr8-KHuRj3Mv=D}`f-5{wnXW0 zL6K;vm@8V~kG$MP?B9F+>2P&hz2w!WXK+{JXCIbrg%|e69u?`&>-*@4oS&wCshs$) z)Yu6jA_KoVB}j;p3RFd?E188Q;1R8O&g(;rLK9w)cLZBq2Ieq3N$D$$B0Mf;B&hjA z`EpWe6w;Qwx1W|x&1=roj`XTkgP!Dpl5&r$RdH3CoXVs2A=KHyy$D>X;i6B~bSNJ9 zY?0vP?egaIdzGqoN@etY#DSYuFV>KGpO#~DCZLqnehI<-;2?PD&D)34i|U^Y-OTIb z*i|gkj<(C=3c6#sw9ij3j&a?8!pIxn9%^ZI-<_&HOM+$8x!y+S8*ff&z=aq1fyI(eCS^2$q`M>2p%WdtD7!W`V(|9U4Sn(O$gB*nRcfmoe@UR-bRR?SRh?gCJ$NMJw!e8om^ZE)+IJI_Z z!!oN8WL%+!))&a)2?Cwa7(+PJg;22S*S4P+90$t zV&D6(>~VA&3kw}`(y|pMR|!aFV}1L z`Kk>W9UUF>j^9XOVo1WqaqZHx#F9xpd8M>DZ#{qI zbbDizno~UKL122aK7Mo_eXHa^bF3W_mUDtE)e%P>I{=#B74rU+YCqsa@#14*e-mjS$s*TyTyw)L^(kiderwztLN!X=on-*6`>d zqA*+%CfrRM?gj6?1no$OW`m;T_@rwx87}po9xY2JW!|1|N&W{%8$Vlj^PWnH2QW%#$?U1c zoo{MR?2Ej2(4ixF(^QmMY-at*2Pp?J%BzX5eLUw>)ot?qvgn=!PhX~h2ulQPwoJNXQYeB=1?M9_JY?b zX2$Y!E-mh7rIDiOQHsY38C;h4Hqk=WOBjn#@grPMyE{`;3UQcpTt8pvcXa9NGhZ@dhP zA9AtD{cJm5dK0BVrAJ3dugRLAvA}NI#NoWj&P!%<*YYRjorrfDwX(zj?+;8Sf=?_)pV~f7Ilp|A<-cvA6{y9inDzF{@2# z`JE)E!=pz~_f?!vfAyu$!~AkN9TuQzv9Xbj3t44 z5t#ltuRjbs`vCn*?(3lJd1DH**b@gw8Jgw_Mm?xJxN@I2rAq0ZbiA0xF;kOpz#VgzFOMehT+lD`!@0ct1+@$kr$qS24NkUrT zlDO?7A?m5XoxX!ggV~4DQRDsft1NAVn+Rxz_&r!n6-_u)Ud?+Xf`qF!L)fB4PF zM11$|C@{l4ZcXXtr$~uJ!&isBqv}FW{~!@Mi>|o(w6t%tR4HSp&zs^Z-aXZto(WC_ z@#F0wtJo>ikX;2@HJc}%Q_>(s$802MPYd_re1`6GKZu{=+zN}AU6*IV`m=)ZZ>5MH=rh`um<2^#Y`%Z)E(N8M&BtK2A24Ru#Sf|bC7MTbq63i%->ix#wF_ zZ1*Hs7N5(*L&gbawVpEHoFB%1nTH!fOgZPgs{r*%B~Ow7xU}8NS4fOG7f%?|z%q~P zW3jzS!I`(6;(GPBDFH$y@#*IE=YcQw!vw(2w{&Ou1=TO(hC?X&#(-xA3D zKKvEh0T?!Cr4tj?k^N{x z7?=gBdeJ>J@=Y2`sF)D-@i-laKJ12jKH`byQa*izdpK-f3LaVa`a1t=*7&LKh8etW zmOm6BD(n5i;8N~RvFFS+P9Z5fkktZCM9L%cegzl#l!190p&3P~7WGfksK5a!`gDI= z%vx)l!=h>uzL=6=F(6(6`p+V}>>2j`bRLHh#-`3L_CK2$o!WID5LqvR>h(95iO2~v z2;&;fA$Dj51Y!rur$YtN2>6j_1uL)6#fa2CK8+L5cX2;Dxi|a8EigmC2Rmmhvi%PL zE+`2oUFwqVHI=_;2j{wQIeVo#vriK~WXz-Fh{{&J5{{WoF2WE++iVFwJyoi2OG zFAuMIjQi3OP^1j0*514kA_n1Qu>}Nd=I50RtvFm-QyGmCKwq7EqT}9AE)x?4?B(;s zb(hgkE>OpmY%ABI=l&0SZypb27ypg75K>8H$y!OWWKFg#EmGF3BVv?!xU3d5Ld%n*<&mZ4^yyhC$T-Q0D^V!a4c^^!= zL0d?bH?bR_g2f9Df>Qp(HcDp-P8jIXwOUz9Vx{<}y4hbVX~Utw)M4R!-;jDGUx56^ zJ};T?IWyrnsr&S_FWy}q=19+a>Z?s@AZiZkS;tQsM7gmG^_-#!7Kq^f!i47ky6lcY z2@m@!`Z0!#HE^7xr2VRMeeuP6KXXvCxNyG;>@LxocjvD8ft_>{O@Y2en3#sHE1&G> z?OWQ3%YounuNWd3PZ=xqACK<>)u$9lhk=^t7cZZm@|haHH@UvMXnG8u?V8#YM0L-% zZr5I!R?rL8hP!?_{7A;>dFt9w@zSAjsIw@#;?}1(NN^Z6acUF9!p~Kyh$qrAWu(ZV z%8wN*Yu)ko*a&Ri+{tq&{~lWt*f`qgYAgiANy62!ypn(4BKVt+LIuIbRVawCf2)q! z3&nJ{zg!Vyi* z^aSmfa~V&$1%qr>(HW<&B!1R(xQvlSvE2$IgHZQX9)gxMw@T>c0iQFdQGh38IsDaI znMo?6;@EySUSDyK13jX-}TT%>g)a+Y<<+~>oLqP*TaFbW-4yYsw^pP+YN6TkF ztMsN#EBIr3vF=qT2)$`ogE$duVcm2s<#hWS zAm{VdxHx@CEd9DP)?2dvO~(#H{HVYQQ25k@%0BHno9mXZ15TDZz@GEB?aY5n^4kYV z=!~j{M8Cps`pzHfHTqnoJ`Yf-p$e@VZJ_VgvJYSQNW)M>&A!HZiRpnhI3YT>|MBAd z$?w%=8zCoNNc81gqcgzXKxeLjJ`4SYT$3*>k)qZjvaZXj;hj0}zQ;%JnK$SSOcmU? zARTP3?d-@#i`V~<*p)F$`>d7WPWn~>&F!=f6h9ResDBNAfQfvgvhvANQYk1x(J##A zHE4^Ne4uX!#`tVs&)>UzzveEYuRyI-EmeKrDuAj1Z;OuI^pOB?UO8s1Y&Raq#c_g` zrU(d~2cH`P;gG#Od?8m5AX>m{!%@-Q)Yq^H3szO{p6TRV=J31#qUsj8`6r()g18af zFEY2sz<&`XyPiH>43(uCFnN#&YRRm+l~49^CBD72{h*S}$Wr$DK;MNITuKL?gq|9F ztR7u*1SEng&OwWY%(qb>5m=PYnvQ`mGHS0}vE@io|MFP9jP~gw>Bn&Cr_y~W$%}KDtV=akY+r7NdtQ`ZNroIC$jS) zl$C2wo>{C-(c@=Jtzj6rBO;wE8I%a$d^00*`}4%|$S&Z_P zJ`JQghc{znXZiodmQdD?XJ_^DH@4gbvE{>?#eQ4cJS9WV^SMtGoC<3HXRtL8q`XFKdW#9y_S7xG;z%KbPTAKNP1P zqmO0{KWcvsYL#!mID)FCx@)RAZeQ&{mBz<}`+GsYaKAS#Q%BCVbo<>Om31RolRiFP zP^o&n= zwES!oxQ^c9(?5a^ynz;cZ&6VxE-f#kf6t+D?VBiCqv*kEHUe^w8s1+-swG z)0;@6b)BzxttbhLqkcni66VK4gkTpJK>Yj_qo4slJ_np!l6oa&xyZ^0s{1^9Rxz&S zMok{&EAH$9j=+~y&F=)R;TJMq7EC_OP-!{jJ^9`zNE$n=pLO>b!>N}_DYZ2KlfLPW zt;k{rsJe=e>bwg|0FHxw9B6Y6)k?ff?_DTmWKwa=aRQW)fP$yH*X4sj+s_-FQPYEs z961%{=%MWVN_wp1Vps<_oa3Tl{%mKFgBi#zHMrYK`aQGBJ`o5uGEEk|c7~r0ta~$V zx}#K${DD^?^d_=}`kx~hzs58?%K^X`%;aFr`ZrGBkK^Aq@A+M$-*{r)Xsk7McXSds zt&aw^s!o{!hx8sQLnWKB)MB=1_7N5d7rN70R5rvafe_q#_>3;-hmF_8SM7;(>39Rm zVJ+`}Gz(nCq3Tv+TBq-9Foy(aT>>GF=+w@;Tn@HvnJfVuyqBhmARkB2 z0LDamN@e#U@tT;=R&$q&fFiM{0O%D!n4DNrO1J9^U`d~)XUBmP!u9>e(W+&j(;#jxml+x>Wy5{D&$Teu4lJ`<9jCBr}HaIVq{#j@&)TDIh7ph zUKI1mB8aLB_TF3}^|4Z~ln*f_7~PM00gj8F-)k=NrL^lNXqiNT{)l8F&a>|40g#Z+ zv~s*N=1g0LH5X`cD($?BVod++H~qLF`ESk8pI<)Q?pd)@<|;U9sx8!xL3R>gM{IRN zZr^VL_JUtLzRBT!JRsmA(-KR2T~phqosOn{p~)JcG{1E{T`JPGE%D3yBIbmVE@>4%%$X*Cx>ZTC9S0-8g~>wG@unBXpk3<&ed-pNQfgkJ5FDFof3Hn2@H&H(-SPGsZ%{vX z0PU`G?17>`^Et)=5K551m0Y@goM^Y|_WrQy1LR1}O1#g@=T={nBOE|aTfbBAAAnAX z`@LKJF9HbT2PR$wU5lBC*h)5H>}Vsm{aEAq6fH{7P+sq(IC}8JMaq9@I{4=M9MPd4 za_a^NXxeM;;M^I$tI44TN?Vb_LxA|a$M1cs9HBl7g|GZp4CYh7zIERX0a|DM=Odh^ z=XNXYx4%!rvqwUCWa2xb(L_xMsETQ=^6P}$oLAgd(sqvbn^!d1LXRO1D<%!!7jP=# zdS>1NLf0DFWm;liEJKGtXF^rpw>%a<#&AQP(L(oapMM#W9Pd~+d@9aSY!8>W$0pG` z1HOie%AeEPGwG=E;+O~k%+O$N4C%IqX{~W2P+&Fr&ZBlJWdRdLY4-WK!J6Dv!bv5r zFHHGTOQjW$&M1lAcXUMUbPKCJcHRuGY%v2C`=C#K!z=Ew z`y?<-OPGMeAB*%;hPT4qe83OWIdt-yAW*P?tC>sn=i|UJxYN~pnI&JGP`j4A)H|gw zYqd7jO1X5mHaGA#D(yYMTMwpZ{WpmkQ-!G!XD zo3M)0`r=+by?350QoNG1SjfjzQWo=lEe;_b3tM{HfS9O3j)^~;h-#-r6%OEbN%=C- z*5xn)@c#AOkwejW%wp=tOF0C_S|g=^S2oBRcx$-(0|=kZzU>cHGgFz=S$7;LHKj+X zjNiU57`Pe=&JplScv$ft9!)vh_J-m6xV{tOQB>xHkI}i{SU+5C-+n04bRL3wJdg7W zO8*9_Lx1(dg(*#gXK#4^NL(D(qzoffKIY!d6Y}1h3$(0jrV=H!Led<*I=KGXvi|Jp zkLp4_qi@xPUUz%9ONpR|mI%f1!j$AUaa=HloAIH@07baKrfBZ20O{!#z79JfB`zQ5 z1b`b6>BKYz+WSHh)MtCMbpo9dPaA+x6Q@1>yH_~(ukv?N+wWco6YPK9UvUjzMXMTi zhI_WFOo54Jwk}La=Zy}Rc>9}@h&b|yEI3X)x+f=9LxAsH6*%YS3cK`P6yUnUPUg7I z%Jqc$r29I%?q5s;#=ParPX5V8c~d@{bqlZ!4roBwO8U|$B~G_zi;FM4H50EqJUI;6BOH$`K8sO+m6!+ z>BjCw<@CD9k&lKxHqWM4NGV7(hCjqm6zbg@{TO?0|HCYW+k<7Mc8B;Gk7j{x1PHbT zy_!8r7YwkBJ}pIELc4AfLj=krge~Ptk>qnmdiR(RxbrH98Z~wv-v zC*N`0Sr(1gOuctJUGLPi7GXK%E44}VldD!gfgMc($ef-N??sigr%yeL^<}JA0bS^+ z&0UfKN0lt1q}(WRRv(-uiHu)J)p8&+ZsWY_=GFM+erys0%$OBJG}ZOP1EeEI5;g#%PnYwi7pQ`7tx)=_>d0bN{Yi%b%8y1=yc7 z5A?sIonABx;edTNZcPB2Ohsj<*_OlPSq@>g4Bc}Yz6O&)Vq$Rk81jk~yya;YBJ0ImA{ty^@x{ygW$@1#_|a2V@O&Y5_VQ zgfAg*Npy4?bi}@6Hpfc5S^_*JrWSpY1L`?N2o07vh7C{*m9nYbtUD$j=%b$hlQWIp zPO$^RTi#aw{_3yZ=WhwN1*+{Z7)%=J#8u@_uf|cYSq7Du0+hnVn!C)vzuRvBfdCm8 zTh449t@!95n98HpG|$|J4dH*Fy&l0oiA5$Y=dq3-U} z8X#rJYxniC-JnKGc&F{aWHm}X#Q)uGH4Ws&fb&%QVxKq0&mQ8}+hYgpXz{@15w%8= z{3M4_#`OqZP+7bTiVHwR!AZy+lkx5rZJZ7jElBcB3itYJ&LPefd-+$l_a^eM0sjRQG+bS=Cp)q4 zs#^j4ns@^=tgSC9dfT(f-;b@;wMY%@erLH4=mpIT0B{o^?aZDLD*Xd9!UcOB8^J_WI2_X`~Fat>dIkUL{w=_}Li8)_v zS=Br(7V}4OGPNZINUL82h`)Ma{cjb80H$*BKg|59jcbb1q(iMoCfWO_e8%JTb)mb= zg+C|8HK3?#oW4Uy;1?q#htVd#l0!%kg1#~sPQgSN($yXas>9VCsy9uxUwhJhZb$-D zymi_x9J@*TI}JURk7y-6J^jFh3ScVxs*U#p1O#Y1IM?T5(lrQbLXM?=xI(M-@;J>$ zx6xb5(UN60eI3>tDIoKm3g>@&lP4}4oQ(?M-bKo|QFxEL-8s?m9Yo<-ShB(<8#qbJ z77B-F)PJmKt}p4?n+VF+S;Xt)lrkD;t~CA7{zo5gBm2wWcL?B{Laa~iHLKN%)z{y< zRp_Gv1nS*ID(i29Z#epTcNrqJ6u*#t8RTSqq;6Agm!Y2NDSLjiCXm-ZSua7nzraOl z0YXRp@$f%CD7>mYb@-IAW`d~OlLCtk_24xeSvfw8}48iUKU8I-Pvyxel zNL8zaD_wY^t{J83ty@;MW_F`XeR3Yb)yzcafawo)nwLs#sPG2qn~%*ks$AhTF?;x+ zxJ7~wK!9m_9r96gS}dAP{k!Z_-=F};)GD&~xFx5>f{oA0l$c(6!qx!CAkGimL;OBJ zE)e-z>biORAC!it0$2IXWB{Z=k5+H%VZG8O4lrU*r)O3Z9Q;{`+o zL1~4{pb1t*Bd$vUWUW&Ku~%P6L%7kofm`vIaA8$nRu*3>WJH@Ee>tGXiq zLeu+t=xNWvcSn4+1?4;l=chv{wMc{qnrWeql*sS4>rvxnJZkpd^2A|)wUu+6&rJh2 zTouaYyfz`_Yg~#*a}s0FOWCXCnQ-5_rzENYUT_J4xcKZqH43Og%{atJn@vVW1_aDt z^jL)PK5i3)Qs1tQf&h~_KORKS2cjD z+w|RJcq8Fc1?DCh116@fYF0xIq8d_%>p)kU6_YBoNUC_T~}is)-;%WQ(b=r zKpUp&_WETQ7h9iJU2&ZI3Qk2n4Q_ov#2+601oMJWgYhBC5GrmPF82_x*2OArP8kQ5 z^WapFgYMgn;)DqSKD#q_?s1E@nwhj)M@!A}Kq)JhqTFX(o`5?)hF@K!{9Zrb&BC)0$%sPW{zlnzfo(NLg+yDD1H* zT73G&DCNos%Ok+E2X)dfSyg}&d})IJPy$C^DMU+VP0a9e-n=i#>X#;VOHd_R@9-9o za30ih!l*p)E%FRtgn?QK<+=U0*q_@x2cMS%4><)C0q8kb-%R@OX}7`b_{6?a*Sw@v z;{b0}c*(jXt@{d(Am4N;~E-lv@-;gTm>y^h(FmT;y2M_|5_>Yq(WLI=y zOiV@7#c*|v6zfr;H)`7YcX|t>x$O;lvaCIa#zfBQS#7@-2M(M5E-Ocl9~5SIEM%1D zS<>TIx%j+9{w?r7%KvmeAaADp72w09i&v?Bb2+|c(1eff@AHQHG5W{1pe|N)1EK!Z z*w}cB=cc%7xUlp&UEtk9d;Hvl7YkO4uN2z=KuT^4*x&PQvTPb4)LbK0_4i7CKEzUW0B;-a8RD ze-139Qvk$)b5^BDR9cx+e;7ajqDz;|v<0${ggleDA>nV>=SQ|d0kmyr_fY;ViNALV z*T$amYOhC-2qBRVRx^7Vo7pq2_bF%HtfF4X0UbT@?k!;@P*d>u?mJ&#pvlNW0qZp7 zT5yl}!G#YNpE4u{lXC0vIq)Hf>$HSbGib-}%^-jRHO<%G4BUR@Kgtj1V!7Px9&2os zS#@0iWOK8K7ovvL&_h!|(^2NY@PFDF9QjDi)`xurKNGZ#ve`ze0#`23D&mi5ZQ z`a^O=q`VLoLAnI>V2(G!z0b3BiGux|0vHv;eplviCmIjQ1L0c_V!iZFc|Qu)9nq1` zv`<^sr;&~r6y5de7{x$Qbr4&I8sr!|8isQ&UZJIyOHlsI+&nQg3V%^r5Ck%0+$z@| z1O1o0&vQXV(eqn!K;h)^q3^+ixjyp|n?;KrweL1L4_akCt%+}_S3{DJP6*__{ZAk$ z)CYFR7Uv&RS4zqK7WKKAC}3TjJ_;DndoSw~&;*b6>j{yCnH4$Dzo@eQ+7RP?CL@k_ zx$p-Z;W<3_kixf>Ir56WE8AYg?BjFgen${)wge^O-#2HOAwZt)w)4PrSLui|CyK9JmG*tAfAt&%g|VW}haHbvW)7if zb}&-VCO@R4ppfa>=0U&z(EgB{+bMN?@qCJwJ3{4keUG#p?S4gy8*k|Q)ECixD>&ws zMDgIp4f{r^wZ7Gudh-wxE;>61)3@=(hf@vHg^%GfPO{ALg5$K(vCjjuY~80{IpFCB zeaD{n=3`wfdJx6wd^ICX-8kCWF|~!XYZs!nZQnt0;$=BuIz2>?xU$BIaqsLW3+`yK z2XI;b^=Y`bx^XY$92clscTHm@`|sEEPu9U@jvBd)I| z`@HN0?WrH4ZT#@lcH=9wX@ZxxU3Xc4JY-iwJ?<}$6P`h z2cYE~Q-;m0A7g8+$39=PT#}d#-6V7(UtOp|M3}`IeD)aQ)3EiY`y3rHkhz{QnG{8a zn+mYhoho)9kWli<{Fo9gQ+E@SBc+J!nASn^eM3`KuWg=LJV)^2t8xc5ENb-nVz3-mlRC@ZI+}wKH8rfU4 zRMb?+9t&TVpPX{Cj*?(}1gF32$IU9yx4<3ZTs$7T0j7pLOB#)2SKqS^Y zDC2YcQ3aE`G}MTI^v3tCV8KmpQd1+;{2RLs5B#$F5NAFt2mGZ#_~_$o>(;8DF`3sp zrz}C94L!!Z8a@6tG8Rk7ZcV&W8d3-*xRz5DI)6noJ)y7q`~rWhS$eMVbA;QM6wAf0 zS4I=WSII@w0QGzYSvN1nn_k=yX&Is$+aalUCicPbrySe~nZ)qkA{s=l@5DhcjPi^7 zA9M!xCfTwrMO3F5+f6b|#`GeSo8#c77&Z?1#iyj+B+|?{_R4(!^y^wY)c|?Up)0-} z6>3^}&73Se35CLa5}H=8}MrA=ug0jN+109-9k6 zs0WRd-5egvxaDS&d|U&mTajJkAaUyB&F7FrRTq}K$jirTsoBr3A*EwH8Ytf*rkSvK z%1LJ?(vg)_J+H5vGD9C7rsx_{uABEecB(Rw2piV+Ya1WGOfHKdj3bISU9C{G2uC|# z-?)0i$7RQeW?Tv;GrPe`_BU1s(}R^H?tVp1$jWNO7;Mgej2$@595XSjd8B!Edy!U)kF5s>f49oK1O zJAGPMxQUrn-85*eM2vm4Fes51w~5t{FOnnrS!sUA?N5`*9^JsI}#wFcU_%Rg%+Q` ziQ2ur)i^6nB6z6t1F39b?7Q~+G2d;T+}DRDHQ*v1GYM{q$&pzdez9?(26qfb1K#ZJ zV1OA%AzV8!erBO>hGA&yx0Kl7!wEYs>yTaF-^M5lHK-_Loa)Flw9I^gOut8?$5M%g)LNj-obpsUMf0&;7G<-+G~fC$+NdT47@?JT0k)6Ddks^Ym#+&+m_TvfJ&HxSqGht_(skSy*)uu2dA1LG|Nk=aFYLL>H71|FN;;>#}>#_^FHHPpr#8(g*- zFz@`fCAW*CHh_9RGZQc`Bg3Z42LN65D=8MS%Y1p&a%(z7gG#xJK`MWhxxeV31YWRK zk%T!lXs!6bT7_)S+;bE!u8CzWk@#bY{{Dl&CLjri|BzVwy1vI2x{xosF z{jmHZ6QI__;P!zya90AP8d#?0e$xzpdC16Rg#{}%k8oq?RVx1AwFj0oU9SExq`$r8 z+W?rOATzvVkJAC9VIG9&w6V0}^jH4-%day(Qc_?UrLtHdW33SNa0tfw>@T+U)+=U*`lw^DMaU*;<5~DWIQ!8JN`s za#!qskb)xA0{n`bFtW4&-lcyYtXpUkU4!X=v7kOZ7$AS#<8d&9@{5r4UXIIi{!M!S z;;bniIfBonzH0OmTAwj4uv(l)d}w~X>9<*ymw-Wy&5oRe{v)s(3|BFJD)J9f{rv~v zrBPr{H2KWxg2xNr1{c+zmA;(&i}(1~cbR-Tw4Z1oDlee{$uhSgV3SXq#Iv%0z3(qX z^)CX%PDWC2K;Iv{3VyW%F<~6>?@UNh1k^^mnp)>Ezzm*WfVZ=^@sq%Rh~p7qNMGz1 zegYBAgdP~yQ|GUTo%nZl@_Yu!E>16JHV>Re&#V*RqC<|p5%?AVIxm%Q@Tvo=o-WrR zexe0*zmF4frTLE$GRuM+o3owG!F{UN!RKci-EQ{(@uLY}pdw(*MvtKpF+z&Uvq1Gf zX0?4sIuNGxV+4o+GAAH~Q<^37U%XVn2>7;>6BEV-_?DRgTqJP%*Fa0~FSPLFRs=)3 zvYvRB2i#R14CwNJaJrQCUw#7p%l{F$@#O1bZg6p;1blu>X59AgZ`!_t>mV3YL|pdP z0^fji$EA9yzvuBkAN3m8fcDo-kT&tG0_&UGmE8aI-)00&0}V!mCtfdQfG+aDMc1bL zS$1gP|3XB67qFxvWO^3`Xo43YrohL$a{v2}_UlK3rSjA6ErlNa8Vqn$22#EM{w9bG zF1o8jY~bk)G>pN?Gd#e9{P&g80%qe?CZu0ItAGoYi+|hy>_6UAjRJEoAnKPMf(TIn zE||#=&vN|N@EpP1vo>j5_lrhFjp49Hpsz$!+KVR_v zjHShibEgMuKI3kmY!M^RmqA#p`HU@QjXipEDUPbQdR!uNwMR%*iETA& zUCoLOU}n1#8h6r-x{)Ndf@aQ4WZr(KUMx!uQ)1TpRYMerlQ^AIKWsO5)CVDJm$ z88Ig>7bwe1o5$IolOAo$?yY9(EZ)WQq&$h`qX5-1L3Z-kCV?Mz%|a7xiPyURKfwPm!NTFL$nal<=M^-guF&k)ZL54o^6~zao5NZoTzb;YMpLZn4%ee_+aS^6NpY&SAfXGq&9_ zq)Cm=)7A3pxYE|`8}r>0&eVI!57vGMhe=@jjd}^F+JK8oDlik7GzjQ@0wYjYJip z;&*l_8}p@aT7nuRupW1$XBKSp0)#R=OV@ftK=`ELTygzifnm{DPZT3wGta%%s+E@q z>EhYwcW`)P4nH3oTehCAJ;u5XBB;0P{$H(?LML!hiqxkbK~_%~?s;h_Eq2w{s5AmN zw{_+_el|DNe&ug=BS>o%KCO{f*2XtjY+jpzkgXECi$afm&@6wWvC}55v9~47xPM(= z3f)@9T7g+C(v+Gin2!!E!v)NvJtM@xDXnVjt_arwhsVhFeSjNpje+k1D( zs09kWjyB!fd8&Apu$nV1Xqz70+v8GQtD$nA+%a1;ZEM4xx@@k>dD+lfW?A%QZ>fEq z!%TjvXKpQ}-S}tDxUkjkwWf|QE~`Gf5l|d_GNYK>?=)vucPhB!np;3li*j8)yA?+P z6l*mc*xWo+r?4+~F9T6}o~Y7NUS56`?Z_5%M^~bsNam}l?$HXWai49qL_1>(7yZ*? z=#a}#9eO6^t=MDDk;y}yK}b79(fGgy>o_QaP)SQ){k&WCwE%64bQXJak#{-a$#GaR*lDsX#}7mKC9w6xEzDdKAC?TtbZ zMr_eATVhKdEyshVu-3IjEvIxtiJhmYIPsp#%|SB*u6{YS*~SsK>m&Qm$n|-~#Vo}v z*TU{Lg>!6=p-s=S5j0^SYu~|!JQP#fKK0g zePXd$TE5Rs3yoabS1i-42MnEjayj|%xuYF!iD?;S@gw5KIb&0kO&3;GqO1w2c_Z|A zxBBUUkeibYW9d;yjYv$|ufYSqOMu~<3ySz4T6|V{O$>_xYVi8zM&lo`%div>yZl!@ z7#{YK`Fr4U*z$)STyhnyfpqI1y3mAXKfZ~|`HGLb(_kJ?>4ZcW+Ie=lISE-qowFJ3K*YDI+^0eLeItCiWyV3VeLXG-AiLfYhkN!j93S$3xhrIs8^ z?I<5Vr^hwNE_PT(U9P|wIU%eFJ+OTl!fbARbglfxSqMVh-i{1^+r=LC)_PpQK7ubL+HXabf6Vcqkx7hW$7QS>IT1>(#N!*09I6->QgI7ujhruP>{N8v;@Y7K z4D~z3*Xb@BEwD`qBX=BUs|yxyymYT?=PY!`nt)I*Bb?6&Adm$tczFj zARB?x=*$VwNF3^<#7aw9XKwoO@3M92-Ds_oaKA!mtKfX=j~p*XqcxDL6SZ9>(p)qM z*^$EfbE3hF|eJutZ(!R(tKl3 z$WMcV>X+EX>+JHj>)q>bXw|PknV38pnc2lGhYD}3Evpb!wcP^$4yjJkXqY7`Bvgnq zzY9Cn-it;Om+~A|7{(LLvOp_Y(EZcQqf{$SJRHhMij-9>Id-v=)O-I+w zabwMXrL|->@+Pl2YNwp0ELt=^rL}&j z^XsSJ7H+JJY&x!T{7ip*hx=^Oyt>2yzOfd6kp|&N81Ogapj+?jqz!^cZ}jIhUz zT}6=5t=;3-uO4Pi6>Ayle8$5TlGlGbyLQyJcouH?9#&E++EI_?389_-S-2jS9|I99 zgX3=nl_7y!0&$*5o*=JZcA!mynIMCrY#!~T+UuG8Gp_+OxP5xmgLO5Q-KYXN>S(6HQ1`bH)<pT;|OXauT7l@QF-V5*a;X||UQZH)FFa$1_dGJ1O}EBObjW?qJ3 z1~h4YP^PT>EEGEXG;-u;O-`*tsdxSUx)|p&k_P!kVx;@` zOgXn-CSSD%F>N2RwmA(azc9}4Ru9Oc z_U?Z`T2H}Zu_9+ACBuz3Yn>C5OT@9(i4_<~ySoxvVQ>4AwA%|H71RfkV?R&luPSI= z=n3n_*(p`QFo6TAij9RFRo4 zLM~nH8Ihe=g%c}z_)KBOjvhUCqSo}Pr5%gdfg-!UG#-c6jVrVpb)u6eTDVq3wvSQ( zzoC>ME|W;b>6&PVKsT5M$%-_l-d-DYQ|z_G$OW4NAE{8kx;n3oA zsCm-7=45@Zo=4z%^{2@tB@V-g&J?kiLoj0hGwg-*ULHDt;DGyjhr19E(y}xT@1bR!HL6!yBuw9%`j5s8bcwR#J($diQW1{IQrM+i>MxY)F4 z-8NqbB~ffu z&0BwGNMI`ej|HZUV$1Xn8av$aMNvlO``DSKbe3-RZ~1j+&o(*%2dIBH!a8prM9 zUE5{uL4Iy$zbMeaI@JkFq~NmXyq?9}5Zt``8YsGNU4&kjJ zc&==`ta{-A9l~Q(Y$M5Its8|aYsS~xlAk-duPO1FHb#46L!?Z| zFyDIMoim{|F2j<&?r&(PHg1L_}> zjXI%xRZ!)zw40?0r$|pERPe&pZ2N8o7r2|bHB4dDAX{O2_be4QubZ$knKeuO^9VzE=$*g4N;&WUj9EqJ_+|XyS^9r+$nkyXNtbJf_4&-Ag`b$p2%RVQW znXt_TByvu&6gaZd1LeOeeFt42-D%N+mmu@^b9(8A} zCEq#I=0q-q<**aR@-@_a*f;9|=h6`;axiE$2@kW;ck*Xv%_q4yW!{K(^b```iM6r_ zx!aiGlZ80qplxhO)>y-3FSwVN7v!+2`XD!ZCmUquEz2BG{r@9>ApGMFNR%9Kw#aZj zw+=prC&|7!vxaLN?^yKA?0nRL&~xoYtb8TIi8Xb|mwIrI+}hyHuV}0?j|UkINTROe zPauA2H`~tDmi>i)Al3#;%IKI>#P(KTz_}Soiy;|;} zF?rs55sH-Wu-ENPr5BS&TH2AZYxY$h#p`Q{t!~U9-SMZ@^qd2UBgf9xc1Yk&pxUbU znxem0)q`3?1-6`_1M7hjxuqMhGS~Bj;V^73w4(!}e~E?IgVz;O8;^GEyT|FFzZAGm zxH7pU)z@k{4O{@IG6Y+?(3WTDG2NxzI=(MWuZIQm%`$4%zukL-VrTDcrfm`arMzQF z<<$y|7}DJs>|hI3F7Erxd^vycKCEc81Bo)UDHM}kDEDH=NVJ(qkYo2a(vAFNuRvxL z$~DbhD>?w_wmmSgQ!CIK`#D7b3{?rq+E#T?YHlIVIZ#=#x5Nc=+NxtF&-6Vzw5tLh zMtr69dyg>nrMdbqaeIwd#{w_)??c3FzE5anJ=0q-D>ASeNS8PWM>v|fpWTJMNz)<^ zceF8BiQtC~I3~u#k%$tLrEctPI8ngUd3~-y>w3)74=RrC0))Ty)R6g?ES9GrM0omE z)E42xA;Lcv4fu0mK!8Q*NN7XxS7$Uze=5txjfmrEnLg7i1qB8peV7XR>lNxQKY~L# zrD(HfspSl{9@u**sP=eTqTC-|PfD3n$b2$b3Wu zpZmkVjas@)wd;0+s?arLRG@AV1@=|axy#BKRDlUDTdT^c@4#S6 zre)Xq;@*h%Ke`)*y)lxvZRlv+hO6{y0cW1krG>PB4?mNUg8J6>3ZcPW5W8gJfo^BS z7RvlwJ7%(n*8Ra?e+ybZSEKjf<}edht$5zWq!(Yg$3JAK6IGbnZD3XUdT}@HQf%?u zV%~DQ5G;%`8kANU&)x4mbTn}+owWk9RUCykrPHt~omj6A6YPNs&z6hS24jXd(|aG# zB4lSR`4g?kM8CF9iNeKHDt2OsL*+Abz3Q>fXJ%@qF0Es;^W=h4)+L`->n|u8{-007 ze|O2PekK$=#`&h<^AnXS7!RPowoe8!Z zXjTkBu;6cbTRDBVrI6jzyL>u8}eB61{|T1M`-gyCe2?6!L2(!F%Y$j%AbkZTt-{*p=lAi zk`6yR7(Zuy7_lIXFf8G$^fQ0?pYybAO=47`DqEmzw00}9ZzvV^foE8=ayBSDelA$J z>|5KGwVx&}Cgh_kDk`e+ zR~fMCQY$kKvyKuHV<75rK_}lnD)4}87NxjlKd`cH@vuP{9%de=sf>OJ>+uu zaN^RJKOAh0LO0}l46HMui{}e5qVt<>X>s;!{?0|izF&~@#KjW7)=^|ZkzK!fOe}F; zZ1cgoM$1$hMo-Fp6C?O(A1B6tFZy5xj*|5GDL||C67E)zok(i4_r} zXJEOWA^%l>4?+=zNyfJqS>uw{5+Qpwy^u-p@Ca_*+Zh|Cr+=fcmS~T3((DoQc?UKK zyyFuD2anNYl zD{nGRa=~vhF&Npy%tX9%)#8_cfdWYL!wx<<0ofLT6F>o0QOutC+59l~?r`pRahaN* zo+exftQzXXG{}gQE+acqN~S?9joTUo)%ZOYs~bs`Yl%d=K-1|IrK%a^qKk@;hR**gK{52r7}?DhHRI%8;|8*C*QV8&8FEb$1v!*DnVo$hR_X zf^85*`OSkwmS>svKRe&T2p|O2^XAj_fb)f&C>hNb(&Wiu`K^T3p*DQv%U$SY6pvhq z(T!&3Q8ml%{vftu!C3#F`ReDz`VnW{qy5@+!HS?T^@*$rb4N{PYc(niG=@j4ty_(~ zeKl-#B&abqxaBPY(O{ySZH_*)L4ax0&Q_e|$?Fp+^L27qJflC@=~@*h%b#9yW5c4A zLJi_|W~v>2T=NC+`6wpfTHY5ZYE%@mxTVI!k-ELvxoToO(sVv7*B#gRrz8|pnaI@ zXBC--NF&3=X00IF`1wO%=BhfLf|OXT$7O^Qvip0#6zN;l3f5Cdukj z20>g5wms_b1{)#r6kgmD>sTTUUVG_?@XMjjM7Gt)v%Dxad@2Q&V6{E7;`%zj+N_3G zRp+a|Ih7#fgN@-E8{ZR(To3M{e>UwuIl6xk%rom~lL%hi=yNMpk(%>}Ew z?#8i?z>17qF!A()m-4QxCRSW=k(Z(>0Ze&{*bbBs3o%lQ7KySXfx^d;;%dWxSj-R7Fq!sAoc@`wU!H;Rc(CNikVHbiI-D!B=d4mP1rhu7S!s~=9YP~x%mTJcDS z5xcWnYFYDw&ZvD;lJ}2f9;v{v;gt((Vcd9z?U`)LzNv6f$c=nlYFCB1zG8K6>eZVm zu!fR&1a9|VY5Zd>-&w8cgz&8e{z~{xOIif9AAiy%sv4mxvSUuh zb0VSchlmF6!zX$6^8VS?taK3p?$(Kc{e-;4g@Y8g@6VwxT?TmlaUfL(-XP?V4D89UMyT>?668pz9ueH@5aAmrVe^J-9O>e2%$ zNU!`R;(vZa?RjZoI)j{;V*VA-bxZ^llPh+mQG3*XBqc8ZO;p$e%W9mBb)B#RAp#A0 zd@a2oaEL9Shc=yP;>9xryAG#GP}Z$P$sQ# zbJ~C8ALWDB$73wy%dkVRg`R&M6;$9){dq5V29zIx>3XJ|R?vv|K8ep^# z4D};LZ_H6Xgzh7_84aeoY~bXD8*0&f2=N;hK#EQJc7GPb>n37bOg=wbfY~pAF=CG` zFo3+!Lk0%y;>(~a(I6=bMim*L--h|~(P~#f(AI8Y+K3Y63m;jPsrCDL1Nb{{nN-r~ zJc6Tvq83_W{(>p_YO0|_ti6GGW0Zmq@q%YhRbV0tWzilfN);HIwe+vvKt*P5+mT*@ zk<1NUtKHZKM&b@e@}?Fxn?{WoT{YR~0Y=BRLq$7bhrZ8H=k|F)4)q1A?Q&e&|D|13 zX~9tB3tls>)_MZ?Ck%Mp!%ly;9e&&N1#rxyHclL6z(xw61}_q}p?tC%QAMj1f{ET?r9<>>g6WX%>_d!hngH%dMee;c z#LtHS4=f3C0)lFX!c>$jj|{c(PU3=S5dppP+(KKSp?~B$Pa06#jv(<1t>C@jOzmZF zT41PQut5AUJl_rzdO~Cj_O>`k&ra63ZWAC^%lUP@H@U%&7e9x6Ujk*4rD+6I7x>33 zcJYip@BB*rsC_3~69ul79VBbu2j&LGj_tgi*$(QTq+`CSeWd7cL z^cP_Oft9lkJ@J+uDzR}V`kibeoq8w>TVTcmA~53AC%|M=FbXWBx7tkUSAEN28H9HI zsrydG9a+>Kqf_vJQI4f>UwA+1^>rvHFrsWCS%D!YBVH>_E z4sGLMkx&++Dqvfk zYOIr61#Ak~B-LXSlT2Ls+F+R2-RN>@%4OzL&M^NfhlIcJRw?kmjQd1V`H(gmMYW0V zA0FKx-}9Iv*XyS6z=+CXcHWp|g6?DNn;w|Xda5poZ`CEGrbjerWe7&U={w3{e=BXX zJs8A$$DBj*L42nC9tGoZdEH(aTLiK__GH)~+K}Jz#zM z@ZqeoK2x2wNMrB`Fa@yhkf~lzvtYV`VO!=)Lyi)GnP(=J%R(`(YJY{pL_W@w1o{Qv zQ>%sY;dbTxJpm{Vd-;4;PvGrY-Lu>03Jd{wQr1_~!ah^vK4g2E2e9s*^~RyQj7cvG zTn%n41tku+ah&Yg{F`C^>I160DK8&mO;QRRz&uz^F~9!m#Gr$l<|KdBVxZy>ztF6{ zz>2=%aF+S)eQt`Qm`e**>QfQHHOKJnIxA^t{aTTrT)`E6L7e{0+|{K56o(2Mw4?Pm z_q;)YJ+>mwymSoDpmLUR1E{^{Ffdx6w5H%v6S_2rl~HB5w$&F*1>3Hub>G}p|8(PP zPX+Twj#@76&G$Dqn*VoI1w`li&?lq8R~+OI>Q#n3%k^D%3qX6*J8K<#%?yN{Z2 zm9pp#f;vN;{1-YE9%Jn$_$!TfnoaQglpNdE z!A494R!g_+7(S$Pymqu~OpoYmb2pu#%wWUC*B9>n3VM}r1Em3I^eqzUU?KW?x}q>Q zId5Q+H^q5_lu($yAV`NSX6es~z}EOyfne`2$yy%C**sm)mb3hUY9Mm#ZKi7EEA56l z+d{G=)vD`1T83}xMA#T`c($wSgnuIghKb);jr6H1R~g<)wI~N%rI&$y0Crb(k43;N(Y6>rb&sgzNa(FwUX3^S%

qnedVx|kuSls5Nk z#@O(CukY!1ZvArp`2G3y*B(BPZSVK%{klA#&-d&7-r}>$V?Z_eRX`q&YR&2k0?yF^ z%@lx=5r;>^upgqkSPknjRr`hoa2fEZetJ43dAhxpKo0C!YU(nN<>@eZKCN}4yJ_~G z!^$JEzhkFQJ3e*IcVDMP0qjW3jF@r?d`>u8Wb$6CZi^cWQh;uTa~;sD9WAIk=g4Z6 z0S({T(Sr!mWjOT{(rYlX6Q30`;w)nxeu#6oL0%4A{+r-YRjzqxX)Jvj7L6e6-MX=$ z>gs-v>7?&LfCKhUXLXC_5dg#r#_+ZnPh33Z8;l1kP#iUBz zzvk<|pqgX{sxosUxAfguA^$E?VdHAklkU{b)RZw2xYu_)Vg_CUL5X3>gaGy(D8@yk0pljR(#EK;p1gM=ta75A!S0F|fG^NGr_7Ck2 z3@ZAnCHYRsPXQq%&LcW?12MRam>}>+c9E5E*Z+x!*DawNyd%@w94ia$U0l+OMnnNNk=#z{NUfp5kf{U0SsF=iP4Bb z$ghC3jNvUXRB491CBTc>rlxW&K$T{6z`p}nBZXt{Lc9?tN9O(5vm0rZYF4>uE-N0S zqU%hvk?1#77Qqb%3tlbMb9GrAiR~rDL?0muU{MWcRd99+OT&rqeAajelmJqQwC08k zQ#`azW|_lFsaOTR;qEtk&Q!h)^S6m3umN+^2cr}$SnHZ|uU+ZrAdFi+&)+lFCR2$(kjG~mTsI#jX0Ss23_3BkcJMq=-+G(F2zzBR#?fudi zQs^X8Jf*0q>Ag~b3vsL&%dWsWAnkHDCPm0oLeke~0@7K2!vszXnxjr+J07Q32Kl zlpQjssq>xB0Mo(ISDKH^(*uk}hB5-hQcmi59C;M~%CboI+-~1)H@lagT@T>xRk-CB z>9K<8r!;jG5|tL=)7$dPzM<_jNeQGLwsc9;_@?(m73chseQ#K>6M%g%$b5SSx#0X!fl@i?&NCH_J{@$7xo=;zrJ`QixMZ=|*g+_Q;= zb4G?Mm1=ePA`%_It1;Zg8BS`7>^WX`62c1^?1w}(-ql-BzhMVL4vXRA;w!J(1wW}^ zl9x(IY&vsG4cGFWu+7x%q8!jTpT#E1Ip|U)!%*u6N5ZAc?!%}WgLm}EBN(NuaF@iD&2S3n3hkzb7j=!pd4B0vIzVi-<%qC}IlWh*$S(P=o+9TZpn?abgxMR9s5{ zrcbi5T3DI!GNpjAS&hd)Dl0X(F(ai4`i47-eND&kjOy&t01F>yy9-&k8S{j@IxhCk zLe}kC0$L%|t8;X7+e9b}$r!0g7Y%04`t+`HaC0F~98BT4Ein4GfBeqi2h5M#j!%87?7gcpu9FwzwU6x1wqmp zB{AT}fQ5MofpoQqz^2Qu?jKrWIEHvJpXXQ&fF3n*omp-N^iB2K9d7J)V*LHyD=aUd zv)=nwTzzAlj-oDYW>WHXRZwYB#_2J}_X%Ys(2+?&v<%glTPX?Zd7S;K<@^xOc(z0F zYwnAm2{ZaqTl-4$;%%Q=j6eF$er(9)^r( zwSaotCTib`BWpj30Ui6;ottjAS~pO}YnMuL1UdCzlrUd3{j$N8483a768*IX|1E_X zBF@(0=aEh`w7n~Am%3#>FK@p#8wq7ZKgqw@RV`p#VflFqbO)14Aa*HHdkUoCQo}J2 z!B3&2Ai~~fOtcJB+9%{1^sJEyfBf)u)YI^FrwE}Tt%CqOSm2UZRLC3RFWlkbn=hU#*@kDZoz+r%{~)pJ2L`PWc>^jt zn;kuSobXD-jUGBtvT^sHdKEsE)+`p+G8dv-d6VJVR6-uVN*g9LXni&LAApj{km&<_G zK?mSe9LQXa_&vz{TbMDOw;ViVOpqgYpY_)>lnFEEfpynsIm=LbOb?adMR5R&Er}JQ z`6NCLNr?6unYUThcjQ6yTqH(KGjXeWkSlj`++wokWs=`FDPnEIdU|?K=`q5))`Ntz*RGMm$8~JL&32ywQ82W?-J0%=i9#c z=WQ&>N)v&B0u#g6V@t19TWbfQCYSu&LUiE z>M~E`g_q<`=Z#JE(DK&Coxk7}Sr&3mh;2m`Swy&6uyH4DL8X@?!KsX8>+mG7cpO7$W^2)& zLh7N?72As26UoW^=9cu7wjT#@3GC|+{M~;$_gVF?tzd&B! zHjvsz1I-eu3}Bnf>)nGIA^RU}q4!wsj?T6Iq>|%)=#W1jX8OA`65TJO)r4aP<0%(*Ufkj%Lu99G9l18o%Lu!=(AO;;6rVPy9Kn0sDEGCSd zlfTQXiSp2@YjB=_E9$na_5mLo+w67EUh|$`Md0gWJ1_jUtMF%`;P+YAoUKyC?MZp+ z5r4BcJL@LnbYYmoLe}Wf^TGOs8z8BN{)^0T3@AX(a$8$2&6WQ3gc`i79N_DmB zp2<7a;de&UtN0Z#4?bk?6JHdT$2E<^^P}QR!wloRNFj#9h$}^C_+YI7K&ZyP$6u6q z`Lkl&kj#dn`4vG2*yR+LZq(pjADbL~y>k>F=An0PlQE?7k;VOQTZxwg`z)G|m6xrT z35~7-r=unU86Sp8r8}UBgk(M~9|j5K{%eY@v89G3^m$&BxdspE54^(X?KfY0-xp|K zcHNlx2el`m_zEB}?5@ArKz@um{INRzrE724!|<`GU1Sqqy1=NK)!nrW3$J1f0NuoVZOwu@Gbp}1 z3;~pL`kRuggjJ@+aF?ykETQ?BFvd8?G{YJY^tufY{L^L$hM0k}*RyPsQz zYhN4Z>pFqD?>n+*GMBTBHI=1>x^wGSg`1c?Ij~ZaHM##q=;zmU*ALV;XEL`mFx3h+ z`qi)RLJY_dVRr8j;pck2IsZ=BhnKK*UNN%0zl?EOS7vPu3kYY+9bdE1jMSBD%~^xGv;z6OhqEwZ+xA>J^y>@vr@xHl9% zq|4#WNkn*m?Y)|xlAX??YP=Y+PW~lV??V0WA-F6^2jxhV_GyZeBc|_$o+<~T$T()4 zc-bD?-#0B`ADWA)_#R$-?2!{f!)L+uw^4c7HqSQH_}Myo!k;i`mPTR1E-?k(Ze$cA zlx$WdI7Kn>(#*XlL&`APdt6AT^nG|>Tc>v9|$9GU0U^O z@Wa7cJFf$r=<5ixSXf!RG6ad*1-r0;bTFIsN#Sucb~k95V#rBVLKXYyB%5QJ+kZBSz<~N=U1(!IS>ui+;rJvMp_Z_ zCnH7>J)uqotIJF%(YaD+i(MQn?pvW>679=`MKmlumJejF$QS*sWlwRW>~`8no24Yj z+sC0;R34e*-q++vXlTT89ScrE1?;dHTfivaSA{AsR9NnI`KvSrkNh5YDc2|t%h%&y z`(Dg4NTw$c2_C(*4voEUik&g6=toRz)**pn<1j`envSS?tM1f-BCyH>2HMJ=dXkML z$6}sD)l4-v87K75wMn#O@z2#aB|D6_@AGeANOAEM1~G{D1`iPcCJ*MdLAuOXgy8+d zi!XI#Mvi`EB(RBL)wMzIk`13@j^!N;kyLX!r6J}%rJbrK-abTq&~0=&K3oSxa!t|J z@RN*~$3PC+L)T~c*;0OxP(hX_oGI%CBsIX25i2|eHWg918?98*Z1^Ow?IvOp^5Dkj zqq{A2GZ?n&!MHZirsAXE*t?+uCnX$I|=95jnGx?$DX0RVM ziR!$%dRnonOIix}8KJN4Es3LxlH@A}ti6t9 zA}eK^BxNDlHC|oyd8RT;4c!EglFSaw-*P%XLtt72}SYP2Usg9T3qZp*ZB?0_*eidmy1;w+ssBw*|i(=gN zeqro}>Z-A)ls3!x8aK)#I++pW5xn+P4xfFf%cQNyJK;+6`XkeBqQJ}_=At&5UYC~y zn>?ED;vAOAyWqtgk zg?Y=pr*W07S{tUsS=~){$|F{8M)2;Q>{i~L1$a!h>YfH7oMChdlQJTEmbUO5u|a<2 zCBRgjSr@%?2|mGt96pUVia#QsS_>CxKgQxCzY+cT;m)T|(94ejzr@7s`LO$??4bU> zl+n8+f}+=YD)ffd(V&%`90E%P8(&__25uMvAbM0@OoirDQsOhyiDw&}gJOT~blsl9 zX&^3c)l_)xv@TG}Lib_E7HzYn(e;@CEtI)=s~A6xK9T8ofP@b%lHJ4wi=HG#Om7rd z_6ma2Q%^~YLMwD1$-|7TGGniAZuroo@%KvjzyG1G*>$mRc z5lp4qfMSXrb0c*6c0^XoExz<_1vs0h-6U2 z=o5c;^t*;P#nwJKdLk4JanLekk2cNS2#EiLCnl-QGwWC{Et*n*f^D^8|0!jrcDlU8 z(~@`eJudtyF5jTJT{7E*?0sQTv``in>eE4>R?<)+HMEEFaOg~=TBJ5xK%Yf z&V$aL8cM5U-zHB>i50S--W{7Xtm23byv*YIqTCl1sG&_f09_0Zf&C+u#+!4P{v(3c zS_*m#pY4gA|N3ljdaJ-ury0|Dj>0>AR!@0=PvBhB?v4asdNa4NJuLP zC@B6&*|35zanccZ}X6~GGu5+Dp?j!@fN5q5-gcukY#F`qaMi>})5DW}#I6f|L zB`-U84g=%PLw6Mw15FhbHUobj7k5u*3=EB=9CJLd@hDBP)$$U;g_;lC@s;_dsA{8!O2*TV49(IS|Wk5E-+Hi$4GH8YCGaADqy$o z_sgH}@&k6)JF%lz{L(eD6YH=uM1-hDaIa^xjE(jxsxk0DikJ-1!=GqidDGLMFmg*T zPPW&AqBTAUUKk;sT>M@v>;Fvai>X+~KD9yZd&d3{AH#NtI*ACAO)IRKKc0g>f!Zy} zA(~7idsFB^!}HBM57q^nlb$&%t&&7PCrsp=!csh^*xFND6{;y+Aw`vE@RDJbs3$J* zDm zP_NY{&1ELzn%7>~nKe)W#@T%6pzcJ4E+BhC_SNZvtUTLOQzLejMPh>nX+ITBf=-vy zQ=~)VlHn1YaST#Ns#meWh()d0znCbo%d$XhV6>-1Sf8mR3x~2G)V=Q$bVO5XH{SW9 z#rllwF1b4ibmDIhJRe$>KC7j19pP2diCOB=$e<%Y37|=EI{h373sFPM@VD%YC@wRG zz6WSjqyw_gnpJR&3U5f@aQu`gVJF3FiU!F^9s0x}I1(nO0G55hnZi1S(~YJTqf7|= zfiwC^CE(LHY^?2ok>YRh1b&1?q-Dy#!9T$-ImS}VmOfYg>apkdAw+2_8NP%F6@&3< zE38@HQBkXpjDJR_1W1=opN4*QW@ADsVw7ML!0GKN-eSg1^$tG_7^a?vz?QsPS9SX<9 z^QB@9PYS( zqEid;5A?@X?CN`~VCMsIy2dS={Z>?XiHEU{c>45dVqZWh0^=|svGK`S$W#GlJBc&K zlw<(+CdY$BZIKxpZQ@?{@HhB*m{4g}-VNNIXjXhsDH|dBDb+np^;g7;opd^w;%}@C z2*>)xkPL9V!Z&6}%0tX+B~EE9z3AButPW5^jI8hZ_h{M@)*kFvOdx#3rF)&6B#>)k_+2ehQAX|6U%b!9NTq<%NEF=WKY?foixLCOX8GZ z$bi~}NJ3S3dYTX0xy->$PKIStnYVoCOJpEH7Y#x^q@4H*!FQ~1;v;pt5^TCR*`mx7 zpym-eI--;TBb1I#>g2!}k`T^NKWMoT&>I`%7`621C2ZDL#+%gK7r!_<;M?dAp-9nQ zmXAqN8%IB=e_^gad%|fzfD4k1<&DwR;Bg|aBGV$EjysA|i8KCcv(MhcNs%O@Dp)2P zNox#yfZjt7p^4Gqn|=`5Z{&W_svLWnhZ^e@d=!Z$8Uox1&Lf`I=XbNhHCVH=b5e6& zX2)h5<-}=mYf)=;XQ%Vqn1$DU&xh-^u|+&De=B!-|J3MI(x2!jM`z-%{4ym}S*YN|Kv51^^0tyDVHD$Gs`T-+N+RezMu8j;&GYgqBcfXE8i~2Ax$8O7y8EVhrfmZHL2VwD9#8k3=U;d@Nf1d?t$7n=Pu`r``8Tk(?l5z8GbUPNCdmToDHqgoN1Z6Gq>eF zwYXXrW^_hQT%JD-zJJ$?#f$NX3h^kV#<_B6VQgApaix5|cD@l&dsJ3bBX8PmbX^nN zPEzGqJGd}9Yf;y1x7#&UO`gD+$N7VkCas3iFAN>Amf7{VD{@V2Eqo2y_3HbV@R;z< z@bPno^W(kGS8Z3KSH|C^_Fv7MFxE=UK)FJkmfzlR`Y@K@w&9|1XNlVw0_pD1G0@{O zCf`}4FTQ^$J|lW6J|=4E95_+4nCEinD0I)(dDY|B%LZN7nX@m@y`%4sDY3K2D3eBM zvh=dvRhd;0RB>0GS6xoQ2FJqm8&}9=>&%?XmkJ0b77AIk3ugi_lRkd)_`Wp zB`@RwgBsnosFrkH_#ANrbwpKEW)$KE8;?2BH<2PyJ@G~PHDk?bP217d`8X&b zgtB|S^SrCDySm%F^P|0+Xc>J9y{kMv%PmW@e0pf)_rNou@2e+2U%Ys2-mrML(bW+# zd^+OIc>VUnT;b=}L){+|kF$=Om#aT4qF;QrI=X)UZsOT)``QWrY(oCv>SW~J$rq6e zg{|Mk+oJ`eGAz+JAiQjxKwJ-89#8{m533VHHnj=k9P1&2ocxbae0DA&r?9ugZR~~P z4Gx!yU5Qh7yhx1+Qi!ZrFYc{MS~IOv#Hh!q!&5sL-O2e=JyWp^4{LG^FUt^RypLGZ z*@sm}Ooru>m?>pBFLaoMy&H_hM{;8U=FS|`0&<>H%$33P!w!KnMaDKa2h3q6xxLT}R2sVc|M>PvJ zU4w-B!~5%BX1vsWa1v1NAF@TV!@WJfE4W>~D@7y`-#Kuhsh(A(w@Oc+|fo znO{v6txFC%4X@IZx`?@Y=f_Ws<;_ce@Vxl7EFTcNd-zg2zfkt_l49gJHMh?$_arpm zNBYUsuSb2L-$qt-mI8NQquxOKtKxqs_YX{|O{FXdUzrUH%Gw=+Z4GaoMMJ**v>W-= zb+Opbov$tPqDy$KBeg@P518=TMfo0~IwEWz}L8IxF`GPsUiEv$bUrhU_Q}w>Ipu#&+IX+h{7RaAFxf{a7 z^SSfXR!LSVZ4Z}oJB}uNQa^gM9r%cRybVh9eRMgsRCFY9EFsZ-Cs-Jv2IX#j-8~y@ zw?c`muAS=j)_$!Q_0tw<-gNo1_j}ahW#W;K>>Fu=koTMR^Xx07O}G^fmMTvigB?SR zwT#UJ+ybmp%*RUyNfJYtL?0N1nOuLFam;o+dq&(w(@w%f%X}i68MJBm0o^9co275- z_00W5jyib%aIa*R_uajBEyd>#Beq`dcJ7>|o~6;Q-n}2#5zKV8c7CZ+-UF;zux``-7%i2u6|V=$sT2KJ--7TZ%6us;GN;&sWFK@x)6-+Pj+#^ z`WlXhF-L{r_BB$So>$@bC?SVJ^BCC=eeh%TY-%Zt{f*xdI;_9CJ2Bs^dwuf7$8gr3>=_@349-7GX76l9g`0O`=9Gr7#NA}7@&VWqX(S- zd@_LVpF00_#(tiFfd~Af0KTCmSpWSr9;5{OzsuNg;2wsOv5KZ9a5i@IcXsv;aPtW~ z36jnRE)e)?SOj2T&~X3xVrm+3eFfTIbTuIw`cYXX_MMNJwcp!35Ohimf7G-F*YyeZ1NJwCe!z2?~_w;P}(g|9t*yoX(-{|J##yz`v#i zOi<*{9TCyH_eB1uZJ?^$pQ|zk?xD_}7OL)Ez?uPlJbZBfp4>mr|J$Aa?eYKA1pjYM zQRxT&pQ``o*8jh%X@Il8ijNo2XW+yCeP93T_y6AfS4BCIKU4odOYvXp{LfWjp&t^; ziTuw?dq^0(lT`=2M<#bweG}jeNZFqc<^u4;_g`nAjKvx<9M;N-fuV?@sj6fWig{Rs z7fq?gn9z6d{Vp5CT#*W=7J?(o2RT_{yjZ7>ShO=irqnDUQ(`$FYO3xWy2)jHG~s<$ z?_`^skDhn0W{z{e2w_`xmleN0bn#yf>GKhjgid#=Qc#I;aVp897%4P-u(+Qip9O_K zZ9q@E`ZB;l635C|T#Em8WZVI1g^u&n>tT-=JjFK--N(`*-=6?gBmSjAW}{N>GN?5ng441#|@(3y(PCvt}Hw9lIM#uBlL z+pU!A5^!=_4AL?Ne3N5Fc-{T14tx}Kp~j|onA7{sMuxk#!4}jYtxa!!mTN9!Q%Y@9 zU#$yCM{`H%HX*tR!lXeqF3AQbLQ4%3xQI&sZj z(X?=lbFNiod%U74^wBy&$JC7{hXykKO0i6zofi?-Y zGZpPei|v@ejf=l9c)29E`!XP2nK+G!X8o;q6XKYr6MWO2cWwjTVK)XZ5z^4(OiR#n z6>-!==M)V1MU6L>GnA%ZHrBK>f9bPG1QTGuxH4owo8=a& zw=RSpywm%tQ;qojdGSkMST{DfVyDV=xhhv+%~q+&Owz!>(m2Tc4G(nn`ZYPEQDCfo z8C&nINULJK4{l|yp%+9%ji3DQ5w%mx1W^w%)ILpaeY5fxaZ|*SD0;)Qx|tMwy&zI^ zRY;oBq7DCKkWsuM|LZ~K(7nRoIUQ^1)C@%kew=qtL_yNg`gO1XqA=9C zO|q@>!`Bz;&qlb=!(yc%UJ9Qwzss~!#L;}}Lk*4YJ6svXAdV*+H$r6#zB~mRTO0Ev zdUtIfBahzxyp@rVXQ9zM`gY~Y-G{+A(cU^QwDV}Mv7!#NtM9{#E<0z14^jO^oB;th zd8udtar?TS>G9!-54Ps+Z9*UM6Y4&`gLjwDX8IZxUindI1YI3(L82L0hZ$9ROUXa2Q*cKSM3kasv&5S?3W5X<^o zBP*%<*^Okd`reT{#9RKiVRmvvM2-Lim!JYC<}GXJ@6rfJeXW(pGov!NIj3}IiD~0R zMXdXizCSZl8f-S?!dy81JheNe7u?XYoogfQb%r9o+!b+r3DSuE%dx3c0+&^AD4nZX zyVjhVx{ySgAE!--yycKueYH07;i)KvhBwx95OILiyLG(#j~vck%0^ubZZegH{C<~G z$`{UBHMd*@;EgfXC!gmtbOQxR2=XQ4HS{x+cQ@(Hvhls0JyENK&gx@S5bY;RuSePB z@;ic}D3fZvJ|6XYPr|STyYFw_o#2XT;UGIwIo4(4aoJz)AT?CXK0k3*D6cu#E;PA! z1Vs$14`S86(gR1g21!^}mlbgu?&Qk0crs{O>5tqLNe6YZ|C=KGQH>Z?imycFw}sP^ zAJ@5+SH=UpJ=or<7bV+9oeU>VHjg-eK)HKsvRM$QE{aT?AFUmz=w3T~ZHRg@Asn(F z=GLS*9{_W!QzLpKaS@{~R)tuk#tr%XZ)sD*1$zbg;@!tiM zD=zwD`22cPD@X0?s8Ss8u6I&WVd-8+UB!@9wb;tnMJ3%2iC*tm==Mc36vZg<4;Xfi zUr9mAi}Jb?x*BfCY6WZ?dL6&4`=Hm`Y`V`aO`LlrfBj4aFi(|dV^PNdI~k@=JuREx z$XLiK5EMjtqCFbHH#*+zb$~k_mcob5y?yh+eIOVz>v5n1vL%7o66HVNBk3=^uft50 zccVk?BN9TZ4#*$}*;jqy;F){#FS9x63Tn}IoC8~%dO~jf3$3qovf5O>UP8}2Ru+=W zFFJ$>1T*%R$4BS#Ojik!kH5`N8WZnD;#GQ&9G?V2t^=FA7Gn@c3K^rIzb}bNY&5k> z`H{y7K8~tMj{D^q5xgqBi!#=KzGQvBqiZ$>5imHITdv<;^d7??F$VNJQ_=lspgYSI z1WsjW^<67$+K@G>qBb7qZ)GKmde8H2p;>sJqZcqj*_v+}Z9?t1Vfop1C9Pda#$_IP z;XH`oZ+n8rw?8}&HWvJi`df_ok^J1~g4#EBBl%=6`@6CT>S{Cxa>I>*D6s#kCa7|U zHCW}&2~UHRZPzc+?x3UM)#r+n>;|`ZZ*IWL1gfk(`7&hZBY|U5?mxz{vWSMjy3>SZ zGNtPiLX~YKD)IrfQblO9=>?AZWY??NCE76QM=~EPOikM3g=3Ez17%Kw><{u^|J3_8 ztN#xVpynm}*?@h_fpa1UiZ{-#f6*oC+{TjzI!!jL8b_JB7d;cpS~xd3>zCAhvhcIy{;sxa9axtU?oa9#?#qBJU0H#24h?6RkAM6JGde|F$(K&A-gbH;B@e z^(ILzY4NEh&TP2dM=M3x`NJ=5>Y>U?#5uc#IujKex^!I$ciWBAnxCy351oew3f55? z5}9190<%@NibOwc#KIy+;?MQord8 zyq_9R@^o_l9cZ*DeNS-WEx)FebUbyKHB)R2yVA=F7c{$!AzvJTqLS+w>CECzOkVXru34PUv^0={Q)Emo? zvU2e{uc*pD!LRbv+_JVB6DF9G!@4Rr+DGa%m?z}fiT9JJQ-52}te&F`^7)8PeGWP3 zydF^!_lsZpIykpy-XNc@i^EwWQIIDoWSq(Hr|)c?<%q`r)C% z`9>`%)!bj-9gL*Eom&VBbie0yX6(mEqi{qH?Vo?Z##vVIK-4(Q`VsS%Qd~R+(SficwTKU|6$J*;9ghvS8x z5|pXhFQCNes?>{50Hlo@Y6spRT_Bc9+Il|w0h{PR(l%$$a-3EoY=Surtm)${MrQ0p z&xXfRX(x0=(2rh8Pdp6$BzR=k>@k)W_3m9@1QyReW3E^$xRM+KUZ*t{ zxdQSBM(swa22K*J6JMj=Fo zbGVGH9B>*Pzb|zdX!Ze1DYSaD>CZ7NN$s5OGB^Y={!)15y>lJ?*3-t(*~z*NhZGLR zUw(y&UM-PNn1?n0#t1anC}K9&itLH4cD(21EzyX0!8zl?1?74Qvl}cSkY(XrBWmsJ zc%ewt-pxES@duLqQuf#VX7fp0!$vUTV%DmZ3DjfpjK)>~SS zTgM1I;)5t{st!uMk<4d%$j&yy6aF9#yO zc^$%I)mZBgF_hn7{K}I4(D#RL&u;fvzCXUwcQA!0B)Z(;dvs(%`WTaD1oEs&j(maI zni?Cw*&>-5Wac^TLKA0!-^ORYr!!)TqIR4nJw>WT$&$#PguACE$NYtN0fw+HJ^J;a zW4wL@tA-W4PB~kJZyo@0tA0}=L>*FN?GxWj8N9B%O-;|{wOX%0I~Ic4QTM~X9;{2G z?6V%Lw3aLjn*6XsC;5acLmEq|2%w@ul4(0P$rQuj!e>BKO>&B z?nFL`>pJ-sRN*qEv*ZQ~N9^7xIuQ4x2Adbb(mVEE@mMV!qaQCMeIl=0r0)K%omPflVyb8U1Q!zEa06n_t>NI|TZJETs#sib zKTw89l=%@t=$tg`&gq1SgC#O6c~WJZuIz~UhW*Q}ZZGo!b^*13!)|jlz$-hXWjN3fuFol5KPOY5UDL3OX|DagIEcj?_>d@?l(cvMllG8j@O(>RG|1m8Xgd)v?D z#KSf>*f*1voNsVX#^(+X(16IY3V5TXIrXC&k_Ivl@NNh8CI(D1t`EcWf%%n7PR==b za;+kpkJ)L=n!c!5jn?TMbv0=mge}s;m|roQ=T!@n?uzUFovBRYt5V)SDq?Q8cHVeM zHZx4PuqvF;T2Bp0+t|lPscD6p7VXP%_t4Zu^dd8eQ<}n`%r`*gQyzcUZf*3AEfE2k z<4bB@t}(wV9KBeiRA}T<58hFs<)fg0z&6Cz~^k8QCg(*$#!!r%GWdhJSx%kRV*c2^HpzR7*)f7~o zMYmQCKHz*Sl3A9j+zx-c&uhu+M@@Au+8&-{X8!$gm+5>PJ@)#MtGG1ocP|wUSSzdd zVTr=2hnx%aU~ufhM*dLSjg5g^w~zoiqzWCQK$^q(oYgLWDQ##G(8LUHt0B z0s--MvTUqIvXXW*<$v|(xsaM5_{N@(Dp9$>AYp|%>>LC>ELSrNdem+}faDX2`$4D; z79J=F%oKRa20dl&rwKBNf^|L?rEw2B(^_kvVU%Z*m5lJYlTQVaVCdzJj-Kc3X~=k5 zKV8H1UWZI)%#Bf9s=vFs@Jk2hu=0aZfl;$-@FW`6Ah3wxGjHWdm_cY<-4#%cQPd5^B&-OJY9>@*E>SH{LGQT@?i-lKbR+xmY(t9{g3@ zYbhQdzPnrx?JlO@2@Af@b4&?2+Hw%Af7VsZ1vl7#1v+#pt0vZAPREC~1&hTnrG%cP z3Rk$h2w3WA4hd`ua_0Gx|k_L3TZo=YrNsad4sZY^cZFhBL& z^1;+<^@R%3ahl+dr}FQyxeP@K3g43pJ|+BbSd}Gr?aYP77ijj5PJ_6`4jPrYTf&uv zR2Q*esC0ZH(Kf{+yP65-Gz}=)Qh2K_64nvSY_aO2tYC&eT$(rpCPbACWZ+|wDZSoU z9h^0Y!ZFPr$38ODLd(>6v) z&PZny3kj`+Y@8#zm=~>t~jl4|9B+~(=&6WN}OrmpwKd+4E zg+eym@(T>5o-OP@>*0aYk5Y^jJ|iI2Xucro{qB_8!TF)3n1cW%Eg(ElH#l?rbUx74 z8eh=RG^hXheDh=KQNvAWI%ltP=;Wxt0+tXOEId_rBkP^Rxz;w7W79tIp#?L*=kF#( zLkuh61=U-0Jmc1N{7=hhfUd2}lzC#RTA=3_l2ICix+n{~1^gxrl~B{)Hln%8p3jTE z-e=G=AX6i}R7x{~+^4L7tJS0IgG?x2y|44KZ>5Hl+v>_#x$~0Q*A`Yx;|!_j%3$?T z>EtY{DF{fY)^d%hq1xhu+K0txoXwI0yFKhg-8HZl_z1;8#Bw1ER#!e(+MCo1+Mwbp^VV zpZ8i|E|9#_8Y8nMA1UX7xwZFu)Gx-UJ*Fa;n=aGCnsl3) zTKIm(b9}rjl&N5zEM#lQ(RY{9qSKc4TiV~*)bnCR+qSnfX{we|V;RDXDS;kEr9Dsb z9YicG`94m3WcxS~0J7lj+8Jb^v3eAj#x*w7WSCvAL`HPK<)-B}P{(j6&m&w*sdhXL( z{UOUp#FCpu;eS~1EXB_<9FLB2OKtOKsygXEXR9%8$NMa5D3y}ipAm`Mu+t2{sU1ax_Z+;5axKpw}H@sjCqJqY)ow#r$QWITq2 zP|Ed-HaYPz{Bb^O)Uj@paG)boX1S>Nvf@KuVaG`)EcXQ+fzT$-rjKXf;^UfO72$TM zAo@xTd>D5h?r?KAshJHe1Azx=!qv>ZetHNwAn*&TS1EP{pi4v%^DiWY{iiEdC91&c zzrbY(haiA*|JCg(Ng#ita_D-J$!>nsc#}H1k~Sn3x+?H9$^zvXrv_loD`!t7zpA!u z31zs29nIa8b4%3z-PVt4qHz{+NIGry1>a8*zX(FH;9iUmI>^#oVy(C05DthRbw~EC zy9W5p!@j~+Nl0NaOYO@ZmB4Z;2MOHXOvP5puZ*ZP%ipmx+JxBxWw-qTW{mJKT(5;_ z;WAVB3|Z<%a!9>go(Pf;kRmsx26jlRejI%wWo$gmN<6teH2*G z6BwP4eNI--Dr4y5(L1Ls^jPtS4TXy5q*?sq%R$S~AR!0xcjNq-*XbT*ZS?rl9v;yBHq6o7x`0|y zrs04K3>NX>H=)2oMzFL&0!K=60!8v~u}Lbh_^%%KDe+OatqwQC(BZ3jp^t8G`_fl$ zq7km%tnM%8W7k#WJ5n7p#!0Gp4C<&|Y>M@Mv?+CgN0UNP9Mm{a^#D3kM*M3zqtl;`hJ zfRbU#(3@19<*4yHKhOKH!oD}>V37wu4YxP|d!DbLJfQJlPXvCwu;V;}8r)xCda1*- zamaZ>1%du@Hu1vyLVzm9C)zXJl`YV`4+ZyqE0DAj95r3hY`g!?Q+Vx^qzrG`L$>}f z4>ZQ(Yq6u!HGocY+q}***VkCO9IXRvKvXCm#mBcybvBp)C|053kJC5RU z6SlsuVqiQIlqP>cKR_|ol#;M`KU%_b(Gt&Jng9A_Q#PnBC%VW)z43{r{Agxl{1TQ# z=9|@ZJ%OcM$<|AroKrxJ7qEq@1Nz7q!Hi~;DH`3-fx5odCVK)RDRgN6)jYX9ip5iy z8@KW znY^%Z;n_R{?r)gdLG9>>O0Fa;>|Hb|OP8x7s}CdxWiw{ABEJ67FEp06D0x9w4|XQ5Z_S!9L!rVcT8E(kGm@>WNm5H` z^oViiM!VEW*dJ}qd?LVkJSDrh@=DorXi5~CrKn86l;sy=PrlD8nL4i@qFQVcOJop{ zmE4pumQ$ETKRf$2R zo?BB3vYS~9?+B)Vq14dD%zIo46wrB-;i`V>T= z{zgxLXud-1k-ossDN2^9S!T#8HKTDv2cKEh`N|dx&xLa%CG^#?#!|mY31=Ufl~$Z- z0Eghm#roEW&GYn>%``Hnoc9GM;I~%@2oZa)04-8&Uy^8*vi`S6 zy@W;9#dI0j!P9;>Yy4~)NaoX&_t}csYIn4yIY{^=DG%OoBp@F1la__^k1&mzuB(#P z1eCFS_?_ICI!?EY4{*Ckf|lH)?YxPYrm`<~`7Pg!D_Ou`cm+1Ef zTEG(LlGUr43mbvrz$c?5aH15=VQTv*O0C5n>PD_K5e;(x2bq+z zCkjeTL*VYLT+M@B)OX* z!u-w(jc&f-aFk_+sZ|G0f`rgQs&KR^d}V;ctZy#L3%{u&=ZF^4Kfk_SMOJuhZt*Mq z<6HRcMaEM>Vk<#3hl|b~RsTw#o`{m!xfXk40riygDO z;`35aBao@KT`{cX(GusMiG>3}#reY$on^5NC92;OGN|d?K=db<7Po1fv1A`*B|`l` zK0}UQPKjD7sS*pwJcEq`rY!A-z|jL;c1Z#eHj*UJFA$vU+Uiy)zdCLyQV_kLga(g5 zune^g4wBFXAFRkFbE{>I3}LO_NuLtv{JaS2H_05&TC5 zLYdve?->@J6p8+aY>*VoOaAJRcNzSBUK!++i*A^~uPN-|-WX6TVNyX2c( z0t$_XSZ1)B$RiEz9`8UQ2vN&pia`CtMP0bZrriwr87>tC9~@RlW(te<^87kV(!9~) zr|-!_!TEN_oxLppaZ{mWCT@wgYy#3_6n~_u?ANkbqkUJg0lfBgyRFbFrTNw#iH~wW zdo@5K?$}{_CpFLi%Bzes$8REYMBVjlXo^Erp0>zBoQbWhUhng4+u`1)+%`115nM>{M8PRj$P0boHOfM% z`{JwT4y`W&Ztg$&I+`wbHaB}W` z0e{iS$UAJ@zk9Z9G52Cb?oK{8BUWQ!?ACc~W#$+oi()E>U<9Otm4FKt zO%3U@zD|esK56q7Wz+Rtn z={VqR38t~0%)nf26dE35mM4)%l9^1h_0RqQy+GI9Hb13H!7Q>iNc%f zd&y}+iFnDk#$`o-%mkKEfEY*laH=)J2!>d7|76RRaqo}1g->3myI@_Si&G%4^@QM% zRyCpZG-tS}E^-aTzVJhO#F)iJtUq>EJ#{`7ZpkXyPG^Q{b&@)FdK6`e<~ba&f5c@# zk5x=|og!qQ3@3LeB2bfGb6BMkq>Olt(MsVE<#K_{6zNDYv5`+-v%t%3Ya~{9w&Hi|GGAo)obv3FHEus=gm&u$NaMvVC@avV*i> zHs%?X!j2B)L`uQs{)R6bH!WfDP{^aW)&umWOZG>3QNVY6ncwUV8c>D<=7L~>7oBT6 zMQ)j7!D`0OyJAn=rP&a^%{N(*@2}eva3s%%_Fmchw9aL){RdZ%3P`hEn);`8Pg`xV zh;hO-OYQ5qz=(XRx<(%7fvU~-Dgr`iT-u_GIIs?v1v1W5#L@QIC@4!ySRQp~86m=r zmMn#C3iNR;VG@`W0}@N?6GtX%d@3#_y;)yiGN+0~J4EJ4)XELF2wllrb`%i(-SXZN z8z8Y)$j2#Qd?XSU&+XZe41^@ikgfjqEKHny975|lS zO60%czIGWKx^{WH7_j)3SD`T=4&1DFC<8-Y<&+MA4~ppy&@=+A)XJU}K@fiQ!j@oF zcse4Iokk+n|9S0;0F$mHXpc)AxUzun2<^rbHU{kCSgOiLR74%IP(kWeAQMgeXt^TNMWfpI%gt1jO-cP%%Qt zo*fOL5RHZB8?X%r8}M9EK^z}8!ZonwmETZ8c1H(dUlsAn$caY)5fzxQ{{jqA(|2Zq zf}Ingd^PXXgFARHRw-x&MS;jz5ZkbTHn@Xl7+O8qyoF}@19Ic06MBEuGNbrE$Z_MG z7AX^efKN)%ppdCHjjCYqkhh87YdufDDqF!eGBeaZM#@GRcy0DBv8fj|Xq(fxEd9*be9$;$H-;3YF&^npDfiFKx-6Gtm>c{ZTLPNj~8ohI;U4 z%{ez7Uv2p9&pS(HB6~I5%QMQJ?-w83Im{UeI9J6xb)YP)r7cJZfSlBlINJIwz=mW{ zWRQbtj@%c*1Y8oBg6P{$a%FfE%ygkK&*X5HIkai;EabQy7Vik`aY-!D@W@kx+cMG| zpk?kR1&HO~*KdYt1tKcZU@)42d;yGZGp0fD8o+e-p+!&sz9sN6FyNxE;~w;~<6v}y zA>=Sz5M77x(}!DA3S!b6C$XbxJTB2=9A;|?$t`+9=@U!zhA_l!^UEvFni?|beafB) z?FSx%63%aNMaovP+(fM@+bhTluU_CiVq`IK!fx;S#DRLGy1f~^E z{8Gd4cxTw+CXlM(6qfPgrTCmn2dGa>?af_Fn3v8X+TGXil+5@=G%tGUgxUl2v_-gi{syZk{8tbhAR@1VFutoLx6>^M1(kjOtNFt%g9KOYBLtX)FE)h{^ zC3IxzG>%$xCok-J1xo+xW;ZtSKT5yWGk>})1UNBqi>*H`R@6k%OT^@HU>FLBkEH0T10j=cH~v?uF#KGI|; zyo-bLnVM-8E{}2hN5t-7CRlY#rzyDT98FbS9V8wi?9crFMoi@=yxN zF>AuooImY31?t}UM$JycE-591mN|xfDgYCqJc^dugafvgys03>roDgNubQFg^hX+M z;+FiH)1UxW9}qUBnhM2%oiS5dAr9n)C;vo3CbBwBRZ8U87vLlZaEkiH1ORyPo77>G zhQ~>hM(Ji!qq7WJ;;rg{Wv_eS>X`%D)O;g?-f<0wq9L!BO30uu0`Dt(CQ;aa(r)3Z z!?a3O7UId)8A031e<q33;eN#mr3{5mq|po>y; zkZtD}v!8cvQ-UdA%-GNZg5ZM!I*8{7ng{-O;+Kqi@|FIcV*H~aH;;QMAg+k%1*AGm z;y4Mg^3Wk~p|R}9R$C#s1N&PVe&~`ibt154fX9&5YCpNKx~Iex14T2CL^jIBBom>u z;^My*T)8g5;!WXz6DXIoU_^uJoVgzmK#0mw5MIp!{7N=9v@)-u8A@Gbxn_>sv8M{h z;z)@~TSggXiUn_j2}3m>o#~o3sCg>Fh6ZM1f*_M|SmM_<9_Ij+L5{~VXDV*vt5QIK zz4>qmClP7|SkXmPt@0t}dBNLq#LAbLzV>~)PKVK7W6Y{J7XrpG(<7%kUb7Y`|&$M9!9D5!jiY=v%8|1Sud|bSV0iC5UrN!V^DQh=c8`%3nphKWJWFbn{k`Fr&L*#j1=4|B#V-_zuWuw!zX8$+`m&U8mLu7e)%=+N|MCga9TuP!q9BlG32U)0QZl ziJ^ahACk7z=8*=Zs^){Jo9+HKy%-br4FXiX)32AUP3lR=TL}oj`g9&T>c|HJV{*gk#OKqmL`B$rTpE zdEN7Jj!rez*#S%rU}BflCqR-pv!fRh)Bqnxwy~=dn8$X(4-HFn*KQX1-=+fWVNeC! z2!%hC&5~0R&;TeHJlsWt0!Dd>_SN;dnOq<@T1i^CVE22O2`;VlRck;jQ*f- zx*-kfp0%;9DmHL-6Z8dvyVIK00C4zxU@a^IxTQgjJn3>r1VGUKBcaQv`s<|@S8^gi zEhI{*Hd!YQTN?v}q!7g?H5&}5;D#ZSSLb78y04O@xFyD~WEO&_(@Zq$kG=>pRJBk^C1O(6m5#Ujib(Q9G8C2&= z79ZRmfmw)xA%rKh)jSJjY_^^~4-;#0aw{WAy!o?vJ42C+-K>$ENYt#GN76ef4Y~;; zLfva!6tP5`eQjxyAuu70L6Q-Lpn+)X(TSX%vS)-dPK4|DQKgq{5e%=uQyD;j<~bSE z;!1vH|VH^nPck(%r)0Bpi2 z8v8V|1A62GTh*L2&m16GX#RZ(&&Nt_|xCFJhPJU>BJ{b zk_k~k*>owb4(Hky=!J0r*Z{{ip9VGRZxg`uR~A32`37(t8lH=|2ri<>2!n|ifV@7q zgFC?#{*eQ~Q~%=e0yzOfl*G@&(;T&O91t)$H*4g9$vPubJtrBDqAFsOQb zPm246l?xTnnTkwV3OC00(vsXxHQYbnySP+Y6g1YA6$OHR zuQp$feo8z#Aqkra|L-N#6ult9e$OP00Nn8j&Dtb~6O|^|m#@|3KhH zc@zZzgO*0CX1thydC=_hxc2@KEc@>0v-4-l@Rz&>*z^a$ksk2)~^%HJain@NnhwOf55w_Bx8J&>7P_b1Hr6_ zQ}!IQp=G-FuNAH!iupSGUi!FF+g!uX&rgd(dMEE;)5*g%r;9_Jef0q-!KL*q(jjVe z@|N`1thtW}?roz;48_jTQyKeu`3D77mH zs3i1kRgu%5qM7|CrW3ouSR;SrzYMx)^)C3|*>CYGvP=GaNB#(Q9oOLqvu~qcc@OFo zuzAj&zt6h44JQ0QzTPq{%CBo5{s}6jfFLE^(gFg~h!TQ;f^A-A)G+XFy!C$W=lS2qdmMc5gUWU7z4lt?d9HKqD=fx7zea57ev{^Gj=)R| zefdoFkPMiDVSe=e8X+JWT5GQtpZ_TtOud&`u=pC<%m<-;rqQYH6U=hoAT`sm-r15r zm9LP2H1toX_TRs&2KH2KkUZTy7}Vo7b-gQZXjjFU-23|a;u(DC*x|e;WUlr*%6Aub zCsl{DNDT=ebyUvKI_Q3euv-an zwQ7c_C5Fc0{_(l{b2E{yDtTrT7H!w>mF`bjc*K)U9XK}3!%p73PS$U`L0F`HEurTR z)sVZ+1kU!=l-9fVE`ywP$fk61{YAt9T1+M;RDi}Z8Vr8Ax-3jWr=#-9?X$<#^Ct;fQdUput-ZGXOeuma)KGq6RyXWGr{O9etlwSQ_yHdJ4L1Rfi6DJPtuAvk8VDtC!5`L?RRxd&=^v3lXr6hQm_{q zs%rV`P|Iqrc?RLopc-!+d$lC2rjHgHP8QO7?JX-f2OPG8MhPJ~u5hx^y*WB81#jTn4R6=+_rTRCcj?g{G#@n&xgLwr-jb=UPb ztSxD9xs(0XMQg@^<(G+4UT>1EzpjCR&LA~J>(cmKY|_Qp)&e`}*^ThX%wkeQtT=+T6>w$ zL{tvXKga55KelN<>+Inrn zdA>fDTpe|7@zjl`K;ojbg+s#Z#d%xZC+Z5MzKwVzK_xiUi;&$lKR(?faGYSQI?fDT z{1vM1TH;v0Xg2v;Cw8HYis9w@JlAQjF>&|+8rBxI%q31sBrDWSMNL-9{ zH$?oBJ*Sj1!|rvPE=0(ly(5t4L3^NJ81x571yZy8#jyOW?NyD(@OySCr`SXI)5$Ry zChx0HMYyB*l&xACsw6pIw;+69^7Nn7G;!Cobs9W)#CDyBnBV-R`SZ<+Hq_vIaa5W2 zi;|BYeGEEm;)DDk#*|Q zHhi`dN4M?lRhC%&`Id3hts?wN=bqIPs-_w9@LODaB=M!pg()(S?N4|YMSw|s-*Z5 z3*?-&Cwh!Cbxh;zu!FB$InCEDaLQ%9#qn12Rx5#Zk6x+UhBK}e_Dz^wdU6INd2`BJ z6z9g_)LuT-)WZ;wCm~_6H`o8TT;xv3z*5vN%fyDK$UAVS=DiCOIi)3)->{0G;TMqd zXxQJJoP_WuvmNwr>u&sbIp%}|@SAO6IBx*z+OO}Y%n>vE?MEZ7 zL5N=!(+u?Y&hQv3?_W(>llF4nWe-@m$n=96vK-l@p;w*uR>LO?oF;F{o=J*t1%^)D zWg+!v9&@ZiQ%W$3eR-ajZ2E-sTl>Rd@{gpd%;jqZLI-~b)H_v~PFd+#^S+Tz)?>p@ zlq3UtQ8-gij9>2Np;pHVaJ6^k=0oDoIqUq=>~SbQv(5TvT4c#om$Jz7x+mOo&VIQz zB=dR2zNSROqrkMG$vUwGSaf|)ffy(i;ZWUrjP>WPh zWq0>DN6#$*BC8o}IEg1_$_1e#G&fnnCdR2W>i?vARHj|U%JaF-EVEZ zg_S{zd9rlyDKpgA?0v@(H8EK>4cWcyWNS9(i;NZS)^&JOE#$feb?S4o=zre@&{db^ zUEECg$;tj;m99Vd-Z7-nT}aA)oDG?de_=OYXIreqpXPY5Ap>a*Ez;HYBPmEy;J4$jX_;Y&c%0QS3}}0 ze)w{^F7cC|BJ0l2q%(TLCnwDHi(FziK1ucP8dp#CNS@b5FC0wP2GeAzCv!n-1y$%P!=JT_gOaMP`jF}m3zJ&a*|?-oz<9q7ZfnC0{gRIJN`Yq~!`K@m`*_bObM z#&g@M#t?YD+#xFWPBbJevifDl{Fh<8Vv%Exi@(o(ajpq%zPnglJHJ{g&uc(Ln`P|0 zn2JL2Y**7u?~ZM{Y!ofs*RxFXnZAzN@=0Go74w=u1vhQwSEJ~Rsi3S%Fg9EPl+-Qe zZR}xMBm+{CIeYX2vTXiSu{YWvb;;2D0xa=v$87N>k%k7m9_G%~g;efl;w>iHm=1RC zz;M-TOuAZE^n>jIG0zYFZdno@(nc6f z51uON7CUj7Y4 zRinb4X45X*8zXS!$GDeGEfsp}6w~iXGtciD5=*T-8-+M|$vf;Vsac^S7^_E0kB^Uw z?b~IF9mWZf4DaVTeD})3=Qoe3ra!FbH_WIBN9lnTAV)}M_z)3gJDn4aw&JTL-5m&3 zF@(>1vcM1dgAw794y+cke&f~%7p=nTW9=lOJ$qYzp z{aw2;Iard6!G_vbk7?|~Udi*T6@H3js=t9ztBLc*U(;_?sN9j#Jw>V<(&X4!uDzx3 z_-eQHN<6n0Gr|k)jBuAh(ScH1i$xLZXN}jL;vKP5XkGZ(D*3oW2}iZ}*9_?=JEtXw z2(#cskDDuBJ+ zywlC`ckt5*#FX39J5j9{$9lJOy!BHM9QPzh@2=ncb*iq6_>{Q=m&wh5#kb5YR!5;E z2xh$P`6UZ+#Z&i^Pg2a3Xa+{#WI7Kc)0)t+@<{(+v)w1WIJNJ8nT?q)VY3H)Ri(gb zeruCfEFH(*`s-tUI2(5xKp*PC+R%o^~oEV7B|eFic1NO zi&*zb?A@zc-m;%MU_yb4@QvYjnCkS!wwwGV590V2h~ilhVbLU{A{KV^lYt;^Z_HG?5p~=l_gTb@WMB+TBpg#Uf1U>aPt*6YC z8cvK(vt0h74mcYAn9+oZrQ~@z|1Q=?QiMGd1*olRK_$ z`&3d3p^FTgEmfwzf=|Px&*TlmChacx#;uQ8cJXt`(x9nIr6|L z9VoVP^?>N*O1cen#;*xsD04__M$?QJHY;k~OgS~un1lDljemsEGuLbkD2jvP4m0?RUHds?ZR;fJ9|V*A7oy}g!JeWpsw zqTGb3AKm*`g@W}LJ@{LpSbkS1gIq9fq8*YWT6+(O(4RMarx4Q9+Z$ET;Hx!j(8H)$k1o1ayJHQH3)g)Z za((7nvw==!XW%OlTaWc2-2(9p;UgVBaPdw^UN~-V$DKL}TDJ$$@(yk(cn6RE(7jIi z3s^M&PCG;z()bhwpmJp}YR!Hdkr9vF%51rjdl=vbcknz()LqO>uFFbG7O`h3XgEn| zG}bQN8PsrHnA$6dKi;E?%_cjW#B^pUcJNimY>Witm{ro1f8rf&jRn@6h`Ga=^C2ln zdVl#**d4#McK=_}2U6KX&S1Qk$^7*nlc#1Bz=bhV5L>Yq7eqfM7>=t*X70S-&ghXK zCF=R)pNCJM7Hxcq`|`Hb-5%`m6lsg?(^vE&i?LR>m9iEq~MTURli|}`RJgHgcu79htMf7zR|IUzK>653- zb!$pxQnIJcfa+^3U&NfB6GW~IMWWLW7p6?v;2qJS){^hS$#AVOQD zd31;FuK-N!yE9$F@oCy@ccRP(exWAxN}has@LM85Wu-ANL+g(tProx58CAK&Hd?58 zG1COO@byx5uJrXkX|VPl|44%UI%3Qe7_;NQ@ISlaX`cj_@&(c z%4?5)XPlM`LDmwTEn*eEgFKWOmS^TQQi4l8o-HT5B->rka0c_jqDkE7jxn2~58lW) z2RFVRc~hvHXi|6ZbG>B(wc|ej!}l1v>Y`t{mr*dz9XV{+ZV~Di-kBll*@Rk-EPP5w3C+*ZWFrpLZ+*ewB|FCq#mwM_gr{VLRp@r$TQN1l4` zp*g>L?PYEqnZIqMcRgqA8#M7|0eUU%Tf)7+`cK&fZpzz>&Hn=Et81SxDCTYiMM?*< z%4yyxN2>i-g9S1DUmBbS-#-%oRc9EHUZ?xvpOI90nGI%-0#$(;X{VMBzUN;Jerp?s zd{hjQe`Q@ZX7E}J>xHNC4uI?$`S#noEXFR!6mMOtI0WpgD=&Z{5>(Zz?|%M3k6s_z z{P;Y!xFd*&S89lwFD52Nd6_?$XoOo{nS+^f-gfGn|CCp|HXv($A9#fqmX{H@Br>cT z*J${If)t)!NXzfuT={#xg)Yu__ji?be~^CG2h%?UFp9YcZWOE1B1b^vLZh)cr2!4^u}4{7(3t&g?EX|NO^Kq%Z$sZk>qy zl4oBaV=D3T1rI>;T@+8xk8QqpKil#QmO3te&v>4ix8+DHnk%qfw^s^0gB7(-eMHXX zFs%1$7rnTxiBGB5YG-fSBE4NbX8fs;EP!Et9qi<2ow(0Xc%G*6elsT=iZ>3c$wNDT za=@Nk7qUO_?Xh0@8NV3s)i7cF*%64w3N1K)ix3TfPFhRPGSG5BDMPOopaMt))Pz?K zl&m^F#Anxi- zu|BDAq#t*z;j`NP)o_J`HICwHig%3EQRDUMt_%5K+b_T|9E;g1v!U|B2H%(uN1!G@v%2u>|AWzC*9%-TvCZJD;@TJ3cl^;_!LmK z%Z|C!|Kr4F(!MwXvBI&_^T2R6z1+YZ0Ry=Lu@YhWvWEI>VA5rHc-o-I@e=DW_>B%_ zzigI^$X?9AlxSqPv@1@4w#PoFf!s zdvSc(Bzn9{!o3Zpt*MbmQPW1r_Z6Bx?Q)>sUX$-9d$c1gzP@3P#8UsyZDan=00R-F z=p}1c2IN~#`v&#FDegd)h5*tRcHe)0%P*=MYh|YG*6z;p2s|KrlXFEY*^5y}p9>|o zdQilEq*K>aV_;p5-Tmf9p49K%j`IjB{I`YeqaDHX>thv)#KZQDKPCoaz6&pgoGo{} zxlU_=3_}0MN^xDR)VsmP`!Nr|FA{&HXT*g=Lqjt`t7&ch1{~Rr?!-OI-l;3GcA=8m zd|oP}I~O zbceb9#fJoqKbVy5!_WnAL$A)w(t)S<;<~tB1=OnP<#Z(t9A|c*Nys}G3EUP{{QD2U zjR8rb5Z;TvV);aIY^mL_yr})i!#Lh!T}oafw!LM6DCcxIPmXQ@@~cdx@L$ac*f{>x zrcL*2zu4>CuX+)e?Kr@Ti0sv(zA1nFf3w_Q68f*Ug0d=jzCl!J*3^B_MXA#IaVc8P z2o(G<9(C|=t7^X^cK_`1&dMLg_rK>f$u9Pf#n#79q^~zN&Fxl~dsP`a=OG1OhiQT7 zOs*mGIR&L>EDbqfQ7yhQQyut^)wcKgzHov;n2Y6*cUT`uMqF7==Y_aW>454lUm!*` zO2m6VY;&e2D+NB?=?G;EKY46IcUGRP9;=*Z;N=1Y=T6Yq;G6&9$Fp6Fd6a!Eb)M~i zztrz`NdnmVFaoV9ZYwLx4z4hRt{^o-Rb+Q=$Ywqle^k>smcJlhkEQK~{Z~_tps{_) zWhryA9k5C3Sxunn-^c+%Ah}-N0d(qpC6?G%e}2lVe{;gA)ZSp8-n(c);z`Ov8>gwThRLfj>`n;GvdVKipL8 z_##EU+!j#QhMf#uRz=q%_^`%lM%7~+gYMwmKs2ODQZC;G&sR$d4&yIHCSzdV0P|C@ zSlFdBzi9zhR==Pzvp!iSzmxre(ScMCY5o94+RXXReNo@B2QD4Vm^Eg4zwRrj;n8Ro z;sWr{fEWp#$L~fZC$BTikItMjDbf4YCtC;p&7=PjmYS&`Rkx-zjfi`p`bFuDb4DX{ z&N+3@MFh;356h?S6GMMKj&CwJ2${)5$d|z!B=EpG`W|>~urbLqm%q!$sa$oKD1G`7 z9m_MS41>X#1hmQc4DLp^BooqfiEe{#U^v#K2AmzS=!hNy4N@0X=31PYrhr~@pX8q$IVd0IHc`<8tg>SrO$X&Sw|<6*RWh(U22sqQOM2O zNU!+c&Hew_HRTIgg4~tzWCY4_2(1s;a(M8lXhRHMoXgMue#{Ho?QrZ+qrP>kIN;2L z37UV(X^wo^`IU4%b@c?jt^$si4dBk__z6aI#MbBTf z=^@A|i#7N$#-YV}WVkxT`ibmokM955SE0ftkfVnxR{g5uUNodrAR*qSDORBjU0Dn=$R2XpF#cSsiGyU8ipPP;;%$a^kYVIs=P%&*(j?653oGhcN zlV=cJI!cQ7?|l51=>QxR%M9c+p&{=2KHwJO%MzP5+P>%3Vkhp^-)AL?`W3gCp$aL9 z<9!JH(yMg0TfJ@Ie-)o=)GnJBYOZgP;7eyBO*T}kMFpa${lHm?Nc!@j5@gKp(AaVa zuh0Gg!NLWf9=Dm9w?wa%m8*0??0*SrqaOimt`KNSFQ|90jTHWQ0zc=AMoOR~U%&3q zAiBcMsn0_B*B&9Hp*TKQ0U4F#;(S^O;Eg^xq)cpy9BN)VUq1Ovf6 zcIeLz+FvURMx7)ur-x%DvKJk>>9vHM+Nf{0>NF)bUcmsyia$jj+ydGctf0y2%UHZ~ zuVqy)aLi-I%fNdJh^UvP*T_ZOUo+&ojqM6hW6>@Co1X9EVT z&`Og3X7_xq1*$&s+3TWBxOz0-Lb0{sT9^I1P|Ln!S>;a#=OUV~;wy_LH~INWT-|m< z5$92ub1a|caB1fkQhRmu1Cr_6z>j13eNRReNjq6FN|1rlV*VnVQ8>A`fc2C69{C(m(L+D3IWC;Qf61So&J_CwWokcI zTHUv%?wio>e!J+kgffk0i&&a^AE##1>#-Zi9)D$Bhzy2~_{4F7e!ieK&V$&EsBn2+ zId?7djlHL>dPLsY#o>OoJy4YE+`C(gNn_{jKfVN*eyG`kH8T{O2p^p8sgJ-Nj)F8R zUcak7Jj-(F0h(ZO$~I^hZkD%<&}X%_lMmg>ifrEh&Zr9P7*z_Bjtvo%tYW(BP2sw6 zCtXZ}VWSZuK)(mPq(&S&5) zcA@-!ylTrEv}!CfZu35S{4~cPJjpoQ7j!ma-jdf=?Sp%+V+86GZj;EqjDDVb_D}q- z6Me+2teA4J@t4!H$%?3W8`#ZHwY7Kt@G+cWClhGHCZRYGSN(mH8x5L9kxr&6GOsKn z{Qt^||AQWYNdcFCq--!ccAncl+ zpxdf@;6>lVd8^7UIaDE}4WFsmeXK0CTX)2`@VV*_r#|FphrSI%Rq0{ZJvwA9GyHn=u*^^zCS{v|lqvC+%$hyHej5O8^ScX3Z`) zNu&aiv4&UA_|m)sUg_!SEm*gMD>FP^b44pvLEB(7u9p(4JK z_L9689AD>INZlVJLycc^_2IG2cJyZXWLHlpr5Eb^4HrZni4u>s%>R&uKWrJWhIarX zshH&qsgHhhGuLn(dCM0?<^>y1SNUMfOAF?B^Led8URuxV2oRyY7gv|d>)H86Wd=@+ zcWEBX1Aj_yZr{|WSoYS>n%s2JK6f6Gej=q^j{a$wM}$c-U>vzBHTTbGGKq{+K#!)_ zM0z9;kGs^ekXC8T6C8Rrb*dwqh%%9a$-?P5Pi zhWkS)o$R0iu{`4-XW1eNx@6lSkXqV6oHH5=z1;$!vca%)r%JXLrlo!I0-Aj|j z$a9GF$=ljWhQec5BP9AZPrk8|#Bl~sFJ|uUyfrrb=urTMrhJqtu0`$`knWP2_itIn zr*ZWpi^bxSjH%v<7~knvO2=cMJa%u6$RD;IV;R}HFw3Df#bmo?&QCcp8-r>!XJuAn z2hykAn)z|t4Tloq*nNvBJJLrNtUFQAB77)ESJ!)gh0SMkyp2z3Az}WiomjJ|FmG#b zVvXFyMkR#H?1&2ePj{M+mtX8*FjJt*Y5z^GyAIDxtKLjc^1Y^A1YL{?V_FtYPD2^S z!)%7&yudPlrSMa|GXqq_1`vl`w!}HB<)zYGHb&3s5`l{(ub1z?#FK*%0Q<@B3+1mH z^*iv08^0|gHNL^r%-?NVfV>G!H&n8dR7KChrVV+{BPY-GZ!0`CqF%o`un;Dn+p!Yy z##V434V90K_;5Jmr#RbBeCaSvV#8gzi_cjbWC5Sr&iXc#4X{415to4JtGo{7$ADh{ z2;@3Y>67(opmWy)pIxaONclW6oGj?~e)fk*Gq8fi0dJYd=#eWAh6OYXV_$At2NLE! zxaWnsW=t4533SMxR(e^a_P1c?*t`B8^`1Ogv2S`fKdjCxpW7g?A6|ADVIXd0*Adm$iC|$^8jtMxY3S)0COsp(E!|&)F~FWLUl-G(T|b=F@%l>WsW$T7<>1Ym zqfZ&71kmfF!^ci|gz=xxc3L6^jS;o)7__WLUp+hr3bXQsoU0n2|72YXwn|Lk%M?Odl{PH!V|AmWj5i zhLmmAfmW@{$|uaYW#X1dvpnz8h~yR>Z{ga0@Qnf~ZoG|#tYi^~G36@7D$9yX?PvYL zeKqSr0;ctv>Qcv=9x@eZ{%WUJQ!XXT?p|l73f{)=Pkk-MZ&8|W!V)ku-ae%!TA$x~ z+d+ocL{w%|?L!e|A#OZxSe!CsPuqeQW&;kKReKv|6}>R2f{qeWOPp`6#ZNjOGRVs- z=&4xLw@nn`AE}SoG|aoDK>tXY|AENaNJ#+AnZI9T4tbe3D3|tPSZB@JT4Cx&^Li{C z%aWe2Pgx{IFFa@*5_EMZ$Uvt1>I?ddmbSpWThlS;q(c=dyQa%%tGn8)oz=&?MHKCx8Vu=GroHPxkgnJkQv2a!^9IjVD9`d=mar@Z2}^* z++FiVKXE!luVh7}@eom5cH!qBM;ty2;B>xm_<&O+)^4WeuA;~`bds~}DvjQt3VSXQ@ zN}F4J7dGQ@>*Nv5CwjNH8)Qe&m+>#17uMI6Wz~QF%u@G^_HHro1kmMux9b6dxzcG* zl1QX&S42655i{@B#4f3Sjq)XVihYEW`?#zZW=Ba0^B&2X$=W$Ek*tCg9n+4f@@ zHSvLdpKodvUKvqc1l&-->iU~-!9=OkjuKRZQu^rB=JTsa@5C)(Nl6qVemO%qWD@O; z2}36o&Sd6ZdW&`59OHcTTo7AKR#5m#ocFl-(mKD1(_9Z~Sa&8kG+P8Xx@C^yhxNJn zFnr2(p<~99rO`#{^|>U}@Sn49%ZkrPLmpnme4)SG9c>6L$y%Vgx$;topr}s@lQiWy z7~pMmRza?@!WnVam%LYhit>T<*sa%Q*RpOD)Uu5^EgMH5X4~J4TRvZ>Dtr10ZC-T1 zE6>L4-s};*`0Yy{Nw;ft@pfLV>}5Y~-2TFjTa*bU#X?roQ@dM94CmO2#}e*q>uHj3 z3(q?QB)7+Z!r}uiqiOyxQv%$HiQyt;1(-WP?)G-Y85%lp)~$=UkG^Y5D};$06q!gm z8K3rNXSi%PG<3cDJn-XzNzZ;rMh&UYAOF>C+QvGx(lpKI>^kJ5h-0qJ(H*O`$KppH zE;-gYvH3<^Q*_#?KL7;tQMycB^KhA1ZL~(!V_K(UqInRuyxV7nyw&gMX)m{b(wJgS zmGmgo_vhRCZtT`0jiUjdbLwcqbVwf>@#tmqX};S1(HQDD@`kLO&Y;zk{ewl%DC#v_ zzv3Mo`ACZ2%BN(ULuIVr{k|sbfYOjAT$ee(J!hF8yD%+1mFqd{iH^<#%=q)+AXnMyVFFiZ` zKu&@N2MjSu5`_xIb5pgQccSu^IqMWQa1V_IvQphkWoD_~)NzfPc$fx}Fu1ZTDbgNH zVD$Vkrh%4Z=D{+@@17fvI5jfz98FF9LvjU}aVj1q%AhT5zo$u+d@{!1Ue;JwAhbzy zPMPxQ6LE|@$FQEZ&%KMyu}t@i@IYR!kqly4#4=N7=SMryV0#TU-uk_;n%LJLI4mq_ zHCX;kHbo5ILo0iDR2tN;t<@k)WsAeSCm`J`bB>f#x-DTM;PT1;=dz?$&;uIte8Srh zMmb&u=0H;|4a<0`a9T%4bx-;9a1Y{7-3&sIf(7ApIt__*Gv9)Ex_gn8>b)lxalAZ2 zB-87ugFAewL1VSGMu{?zQl5kRo|9Ii0c{5Nn>8upqC_`FF%Kcfwu5JoBZl#g3Yj?K zn$p;Eh$?OVICd6A?dXn8lLP^Ga{G6{5l)DM&hI`dZimIdqU<+{xxGd>eNoWwQ2^=A9~;do=6%dCe?BJB6BN? zvsqq*patpD0K;2xBZ5EK!Y#~X(qn#}ioBHNov$kB1Zk5SG-_)>@;*Qd1z8{%lC1`+lRdEHzP!t`r}PQ6mFRTAEQC( ztD38N4;g_^*8i>jzx){dLb1`a^zs`7X!p3D_3pT`ww$3`g?c0-$63GJrS)?6>_&py z(jm&@@N=8($NxaSo!vY0$zkUj52bvkvae)-Z+o9s<>}R(hsdT-}$oVNkPskU~ArMek|i>7Wwvu;pd0WiCHkYIrht6_xM++hlwtc z9%k#xDxS+V8sU3TInCG)9#a|3Pn9U#4{6(N5gOvCOf4|nHaBin6^09>nCse#-R2y+ z1{3ZReKE4Z>jmF;Ex)amd3t-Zpjtm37fxqxf}1m?=_q>{x1ya+*lR#C+)9Qw)!A`( zJ50>jyVDCbk>f=*-H&(K2mkQ#e*+9e05DkG7d(_vq;vaxSG<+FeM8&X%;&V`32cI9 zBK1W8S;m!3NbT5awy_xd4-QuqYi3HE`H(ph$t*@kFG*969IdVKlIUyI1rb_rGI)8d zA7nJzSe9RZh+JK3gG&kLm~2wpy6U^;35=or`+iyslbrNz9vj}RRw=VnLJVzBAJXo9 zZbMiNe6=n1+!eA~d3xWT<4(BT>)7qlXxPu=Z0(2`#;h=BsR+lJdM%(5=}>;(oSm+; zLS(|Q=E$nhBB6(1RVHtz)q|wG`jmmnd}f z1HgxKJeYqeR;~A@^}65DD9HNNXF&C-XpJ)|nMbT2H6+2=sY|XT&L1SmWi*3!Ki;aL z={<^Us=sr;LDD-ny^Sg`Io{O!8C3SM^Ir90P|ds{W`+sZv7vu;J+DHxAGVlE7~8ZU zyhuBGmtM>xX9QWRc8aQ^*UB}QGtcq|)0%=W*JXZcT>h?G5%-vS8{X3zouh$YWRrO} ze%L3j1LX(rnvRiPD>3vt=#q(@$%?~h9dyD@GdALR(VdhbW%}GCpGK6+qRa#JS=;5O z9}3|(c>0f&a(6@B##b$s#&R4es#Zg|pI)D9K_b|sMU*%!1qN_7m=pCC6hqpGF7;if z{Td-G_LTH|jOEO^J;#veu#6LfZDGXcjszVKQqXX{zD!DWR`&2#j#zJVMx!1L7&jVm z6`#O6yVo67g;W9|4Uy!%0jHC98qBo0H+=Mzj@$am<(HK{eHyP9H@;QK^!8;=z4?E% z*H@QcgZ|cad9uBCTJPec4kO%6zrwAtgkEl6&Q&MJilOAbCFI8Zi zlV;{s7uam>(jCl77Xf{N_a)C1j=>#IKnK*j_?%IO`D&yX{l{Nz90L4JSx1 z5O=eGoq>I&w=`L~Gm703$O~Ah@9yicEML(Ba4k+#FX;dE(@>wC2Dr3QP>I*wze6w6 z+^SI;o5e*mBGBN8q%2EB>xWI85ahU9eSAeIj7eKtB6=L6gh6aLpX6Nu-l|1fY;xzI zo1hN%p{wg6he5r_nyqdBRO*v79asaNtV}a8=2bjCS)FD7vn)pNQSnmrb#@Q~vDH%dObV*0o2`U&QtNG@w95@MC5R!j zt%@)9`KTsWTpDZJU`a;cNlbS~+-D&9osH+dqglCMYU}=oU`}z))+t;k625X0>>sDHoaR35m-zItn3w$^T*Abm^5CsWIxsh;*<$ZvEg*V9uC=x$Wcv0M z`0uWqH2L%)#FtZ6jjl@j%y5Fai`5ti#}3UnYVll!m13=%RufU~haKizh*Iq>Q=mWD zZ3=#~>XLhM-v*DnwK;nEYk@I6L4M46mef|0mT~R?ZotW-h-3)~WLaHtR(d3@4sa@6 z_w6Nc#txkuFL3fsHp#tuLkfu=y?4dUU*6&42WW*4Yz%jTHJeXX)U#4bcxd>S1GdQk zxN$Cd>Dl!rOWvQ|rX$#LpL3@cRL32B&nVjuH5xl{+C|}98FCUN?C%@o9uu6Hy!(9i z`Th6LzUraL!Q~oHUgY}OAwIm{a9*&f+Ue^IZ}8H?YcUu~Hs@>o!3_W?bw}33uG(dt z7JsfC-(XBIms3siZO$B0BGoY`mW>po;lil2q18h9V$`RHWA97pxZ>iBEraw58u1Z6 zQ|+H%)cfm`3R`q52J0=?C8w88bgI&imeaLQ@^X|ItBegQsvE2Bl0OOwqFu65g*)-S z+6^dN6AY8D_r(2&%6RCpV!ceO+3qeU`C=x6$GXdGL<@+~Fxqr}#`^Qxy(MOojTf$7 z9_@U!!naL1?kH}I^>KDyM_#=uYLWO~G7n)2z?e8nyb(It{CTSJqmn0XqoS)vecMkr zUyenJEYxZ$t(4Dfj`2#LV}-Lf$%>wWYe){KkcN&`#}dmiEJhUXC2+{EO+8<+9^7YK zzJ1t?g!Jn#Ez*orKm>+Z(vZ|6k%dtY-)YOPtjh(B$ziXiEzCaUk6V3{zj>w441!uy zD(43ViY$Bn=qzw$ph*AuI@Fg5ciXpls|!k?Y8u!Wu$ZsbK6eP zjP$cK&r|jG6Ji#Q*2hqAu`Mlv`UAB^sr<$Rl7o2K8d_CxhtZ0efQc|+6rLpe7gAdF zKtJ0-6)&rj;#b;^af6x)HO%UlnJEQnNoy_s$`s}_3Ar6)%Y`3n-sUi%>gLQk$kK3a5DZh!(L|XX+ntm^!uBvl$f-WP0VXg zJkhcjZQh~m z8a_0=UeRoIufyhCRo^HopHX2pzQCk5CW5ku>JKE0j!i)dF_fsqA=%?gxre~*(Esp zPf`booc={_nKeSgAw;bdtNl=6y)SB4wfDdkc5G~5;t6?-xo=Y?4M(Wy68Lg>Zu@B< zR0SH=-%HBU1Ud&!&V0$yiEAMi$U`!Cynufn9L5Hu-B?kZj)}L)s-hokAwhB@YpTp7 zx2q1hypCi0r;*2tH>R(fO*>TY{93m<*zl^R2G_9aRen*Fv8wq%B73UojifuBny`J+ zK|@$1_)mDk7t$jKgJR2|MqZg`61ClCnul;s$(-5GH)Q(E(l)_&=`M{eovi1_0O!D* z!xn{y#ju8>7?nFir-<|BgverY0Ww*#!t-r!Q(%YOy~^wdJXNT!(90uU33~DwuPMzf zXmH8q!La(idFuiHGL!)G>qqQ~rmyp$?CTsd$B>KjzVl|i)JS~qjpn^j*i`b-4Rfu^ z%8!Nr1hIcpGhx0M$k*Y;G!+dzOjfipWrhnFSSPQu!(N#=`rErC%M%nqYYze&GxF8u zex;lHmF`(P$~(-Ga8>Tq?Pk_&kfyNzAg0>$timO@w7MJ6a(1T&5%D-nE4Fhp_<54| zgV`^F0))S;nV5e{o3NZ5Os2mS9~hm4O0)I|yx6$wwO=$Rv_JlHOU4OF2R|(;2IiD3 zY2p7LZ0^D+7N5f{M(-TsSSo0re%C}w5_Pq{On?CZc9{hyjWS zttOsx;uFX`>2%L&iq%9dq<2}&CvDrwslM34yl#YWags=O=b@HtVY1z}FECr)%z^#X zb?lpQ8Pvv^Z)skqtL3306OXZ1Sq@u*GJhW>OGIN5qBRUo-#ht zMO^Frnf_S2>qB>nd3Fj{;&_|3jFw&O6DkdF8k%TnBb_euWj2P5YY&Itk}J~xyt7rm z{K#u@`0(^3L|c*`v;h%U=#{H8g2N>dff9GxCv<@>Aegqgc_8uw>pkC=Hv{5JJ#xE#+JL zi$n6w+Qej1B7e7uLyOCl&7w_^)0POC?aI+cDHKXIqLVADQecnC(=WX~|3hj#W3aod z-qOK?ovj-0N9l(79-{tYLG9_D{akp~2b+@xZ3aV(e*2NAmLZZ1PiOLVtMfBnGzW4L zwNWURVj;Qz^TEQqa;i?g3L{P>di|#?Z_E5K=KrmLeFlyW(OW8bBTK%ECP(^<)?=Bf z@mLPkgRSDW4+wLv??T@VjKx{_9u&YmH#KSMywp0%JD()Jm*1$_mf~4XAH6-3<$e#S$3!Bc0Q06mc8Q&*JY&_IW10*OsOJ6K-j=qRJB$HLVQh^|hv=wl39D zUz&C01Kx66gxWx8M3)sLN%Fy}9|DVN!kbTVd2YR5)3Q+ON-HruY64FN{@gr%t&lPy zhw>ZGqqRf)Tsn*gssGnF^?Z{9G z)X*w5YA_fMZU@Xk#Q6$13BL-wSFIf(&f{=R9@()Mn;7}&*R;&4n3sT2<-;Fb{>xc3 z4KGF$?9U7ZWPQ&+&2N4D7^D~S=mO9_0EX+Afn$TJadB7KRS-_;_(c5_T>U{~heNXO zmQT)}`Y!ZSm9AKaPn~1NEOI)!(`DSa&1{e7H5xiJ)^Kw)^fcu=h#mtRW{4hW1Kb)T zGFbyn&(+?oh>*zE)U!W&0%B z7C)=Sm#%S#Fxr!w`!bCvJvTVshF8yY#dcv*S$AZNtL~U&7|{s-Hw4Uk;Um1#*5UU| zxi5yG9jn2V&!RR{rQnUNd2+C18I0T+K`E)m3oVV47?c^y=$=i?Gb(a#{2-`g84uK} z{UGZzvh3x(b#txMbjIyfV?uLgE&ex%ftcIrr4)!4InRp*a@tYQ2=5Ef zB|a1DpvQG|A!Z(MwY+=cj(Q<}yg;6EU{W!3F_=sEE4nvbvcK<^{m+0tJ5|BuY=X!~ z8md~qnjhd0X(Z!dzbNrsevaABtmX9l<~SI;>C@>k)AO@U4;?)j=%1=UW?lpv7=@~) zPH?j1Xif6?bREw0m9~W-8o{SBleTN^Lo8CQ#1x;~RPrlwzhI`sglJz=-dA8QU%@ZB zXR18H<1U0>q#d&(uBu=5pfUh$fjpr?++q)Tql*7egxt;?S!*@82jupadRA^7I`ud=*<-EPk>XmV|99BL!@cBv7#RSMn9)o>%#!V0c^bfc~vNt zb?yD-2Vs}wofs+hXtp-%xCCU0>n0UWn5kC=rfZBVeLs?h+FueJFw+l(ldu9~fqRFV z^j2H}C-~Mc&FFvI{xq=tJ>+2OZObULcl* zc1WA7gNR;_^GRkmmKpy|yErbS4Dr5(vx8tM;eEF(I)2=Mt1JJAs_FD$Nfi;90M!ur zioX3|uru=JcX|4{4Ao0d&L8;fMeb!kH25N$JdMO;;^eAfx10EUyT<)$$0)ljkG)Q-|=mzOlkWT4F>Bj%P_CEW(XP@J9UGKN` zVa_$@yz7@^jEaKy-S|w~9|DCO(+`&H_PiK7CPi^Xl({lh-E3=iAx|DbXZGP z*&uD_a(Mo2zs}iJ4_WEP3eXzN3$MKXnI%)6Hq|%WQhw~IZF+kZ!G6{9#aTcl*s(L+ zM|rl|GIJpU^m$I-JJ=N(sIjdhdcg~`RB3ZNeC&RhTW311n{M&Oc|1i)2Bhmu;{36o zD(Gwk!Y@iRSa&e;ua8+3R)7$96F1GHZZ6cj*x0Ky|C;CYBJ4a=J4|6n)!rY^6lwhvw!B4D! zhDvs}Y^@`#JYlA4v%C746W;bE(d1@carlef#DPFJk2?*c-F?-2>b<=e#pA;51ZulQa`|GbO^U!+6=<2Br8 zejRpo-a%g*l9qEAh)lB_&-^7CB+U7-2?*C+G!K`fzMGfQIF+6>Vb?lHuH5AgTDGYJ>F+=&Q)IjQxOGS|> z>ivH&o0V7)tatFU1?A@s{$aX3+vs#z;PS%sn#NtaJ5WCxaqg8;KUEjEwM%@n@D<-? zY$s9{WPhX5dDkVMMRg;kdl^ZRK{=l{6B!?y%!L3Ij`E=P~nsj=eq zLL`jqDtfl}T_iy3WVGD=X@jGY(ktiLX4B%6tv6BfX-C<|^BAP(4~1WdMACWISKBY? z<|(9?I>$d~^ReZLQGVl`nP3#|W@fII5$Jyfdg?VAT^&2kJE)z0=srYdg6xj-skEw- zQ`m+|GVZ)llX5pw7H$f;$xqu{bo;iTW7JcnT(5fIa2q$k?D*{Su?dw{CpTaI`}8`I z$1oX|u7|Cuz9{Q^J(_{)r!bc1%c27FAd{j{5+nh*<)aZEsOuNDlKC-Rc_yis>4`2O z){@F0VFxn@_YdcR{Lb)jT#7{qn{#txjll6qi;J5_2od_-0LR$38Y2^Xfs(z+TSex{ zhi5I0n=DCLG+DxUOk*$_-CBzx6D1FRH0mzs?WY+-3(@{LJRUx#i|=CuWvRB0=YNE; zwtya@ACI>zo`&In*b0IZUb*2y5B{AM(dsL7BSU2w}| z<^9IJVlA!SKrH1^){}r-xnGzTEFiepu4BZn;j*9623;|%`9hG}j7}{i*jH+JWuaZJ zfJe01p!LSE)Th0Dh^CzSITO^Fz#3cN$LDrtxkD=up^vMP?jfiFF^M9y(zTh)^GmJ( zJh+c}S!?x8;X5}0Jz*&l;g_89#WUO-7ZoX_F!g^pJuoam{dOR?9F@$rcSj$3^wwpXD00a~K5Mm&c>Afzeau<(*C2>{!fsJ8$d3f zeNT@`EZV)D79$bNta*TR8&34)$o5Fcy3RQ| z{;P=hwP|y@v};@__H_i-)B6w9{ck#2L!YwZRm%BG?~a{DlJT^`b{_FZ1Ym@DV_aEx zp`gpXf9S0IB!z6qrT)r{q!u*-0aUl`kg{9u>I9iw8P3}#^_}R*@rc_r$VmXD(R4eD z(@e3CL^iH5rPepG`_`WBgCD$R2Ns&n`zWJY$;z9r3_fg%fh_{aQ&9ul9cg)4e967f z4!qKDp4-N^xMb;c6rHxX1|hG+&yH7XKhn-95xDdmK^^xZ}2($~CSou8)$ z^){*#&1;sNo#8=2Xv0(MuKe)Fq_wI23a?@=`S4^&o9`lN|R z>0GrLh9wgyD2@rCIgvDnOsYef=I{Ti^GGGLv#~2w%{`jkah~H|9m9{$ zyOaqc^$0d=uyl0tP%t>VM_#L%>%f4vC+zn#rvKwro=`6O>835VS2D5__7=4y2U}x^ z5=XR`EKk2`QOKB_DqR=e78jO`$nan!I86-B`fK~){#ImUM5e&&T~i&a$ei4Qs8F7? zvLk|voI;~D%NbQBL8;Jub2;Qw-#2ZrJaq@?Lq7cl zaU5ZhK@0kCp8?*!MCJ>gukbx4MI=a)oSU1L-lZx-;n@ zd48T{3a|@e`NXy~pzhWrTq|b>h6hkfos+a@|C>YS|LZxwhean3EjA~T-`)?W-$VVQ1F8pbHbe>e0q-e%#lTIqUzHuD zs6JePmxGg46n~QXoBHw}`wW8>-f=dV^qrRi%r#L6+Eld23Va?eHWR@e0g``WJH?u& z>nZ<*cK**XCG*XJ0~EJeeJSpN8H(mrAf`gb!3S-=4+7&!VnmMqT0fU%9;9r)TixxS z0V4X$D0%Uzd_^3w{Ns)PZJd2Oz_V*Bq#cDHfoJdeeqF7lQa%CenfYq- z10b<@1Hiz**{W~A=fn8zr~AV{eOc*^7%^GEv_Efz01{RooZs< zP$B=jeJFzPKmvTSXtZe?49=|@&pGoH8AlMja@Zo@YOoBM-Cy_DJ*E9E;Ed|SYxqW< zr&s8^562&1~dOBW$Zszj`A9Otd8=ZFQXZ~nus}NLtUy+H9MFu zItJjv1J2`j(qu~DFE)^$5&@1|aquv(`Ez#P@BU^U;YUe4d?9|Mxemp>7Ysv{jh$S$ zZMH6cvh=h3rbJ=}M?Zmr&kETc66dH&rEyChWoo6E{GFAHR)0)GNS}Rz{U!Setr~Nf zjG1B{&LBODsT!kP#K%)p(-8`S7!C?Zr@1hAdp0;)wMS%z1euBhd?^kz=JIM2_FJ_N z92Rgvz+j4JSlT<=UA>y^M?ug*sHofK>`!Ji?6ZENF~s!WQ8 zObkEv=(|XVcB8KUO~m$}J3^WTToAMS_UT0SutIoE?*q28xYOOWsnjL{%1N>1kBC_B zz|#8eQ*A8cK_WDKqcgR^B9)@ikL>qJT`XECVG!J`qL*Iw_pvq z)6eM)1sX338T9j8Ke4m7X4!|7&gUHO3{EEH&h<=QpPO)3>>?zzs%)k5?!G0+-wUTP zVk#<_E4c48m&{!o{!!n0x4m=RGod!FZp5*qHR6+yJcoJPfx%v)z}!x)-LG17^||J4 zq524Y``P4=cMwCD)Fw_o-4VH82i$3F7YzF^s+^`MN%xMWCOeUrh{0>!YK& z9>gJH0WK%t{Uf^@A7}h_S+9H)@eY`74I*JpAkm>`i3)j7agWt^$>kurZt5UbxOS5c zGhVDD0ri+lSsff@%natCt5m)ez}$hOhvIdTL-0TL+}|4*8Gc&&eUc`XR7c!k+?{5# zc3AsiOHd6eSolQIB5&b_{Mn{&Hkq$KFvDQqiRtx$uy?f9JpBIS*1}lRKwXfpoKdu!2Ea%xzcPwdb!&PvX3q@@G|FdEZiwa(T?X^FoaHY_F@Kyzgjj zGG(IHguY}a7DaCKY(uZU<-*>YaIPlv+O>Bp{BvYC%S52J*R+RC#>bg_+suJh(F?qh ztCwous20jNQ#P&ytrj3M8a~-md%4ytdX}(z$X#%fghO`&UIr|>kAHpV$EPfh6n=Ml zD^nq_X$CK($5CkS1Xoo~u9}ZX9=XO>vL1?oSjLAya<$-(N=)P~0`TZJE@HgISabt_J$hh@wfDD*lgicb zg`%^`s4c}`xzpbeT2bXtqg&GN`;2&rJT)1t0&IruOGz6@nWow^m6gCg^k zRT|%~;2i@uI&=U50DP?h2mVTmh`JXPZ^q{(_xd}%5nv>f(ur6-@fK#@fE?G3@vA+ z!-PmsK~TwCD4w$gXeAIjQhi7S??|)ZzOEA8E(%I{@nU9=-=i4- zXS^^T+i1-q{{s_mWfz4A@?yAVy_iKM*g50*O9UA>8yQxr4JiXM4x9l2IHp&GCcmE( zDkJdR8mjv6M+o@|Ow1f{NJNQrT@SI0lMp|Kft|VbVo5*;i%uEgPHYchCZ$r-%Vl@H zHCC`vDegRfFXr|_ZiZERCx%)3Dkkn@ZWiTQ!Q0xSFTTW3>hE*S^nn5&3#Vq@-^HyE zC6gG367n1s^s+N^NsX!N>l8^h4w!$BiKpxytIXB%h{RF)5|6c`#!jh=);}~hsG2mR znyuPcU8HGX#xxjhElE%MyRO>T1JCQIlt{3X>_tGM6npVP~iDtS^b}7VrcE{pK&iciv_uKC0i&BO)AF zDyn4TM}h}T7JsGyF;*WXkXRX+=T;#q`)p)e&aKA*B+1_mn>W*3$KKP8XE#&}w5ETq z%i%LC!rb?67{5GMy=0n9N{MqrS34y4pB4LrlTS~Mqo4Hm^^d2^2Lq9lV>j8EPl#xw zzCXqGNYjA`CG@N_qp zVgI_*`~i_-utc~P_A|UU(C8p{L6a_aNt-9EGA_UC`l0%d*mE!pBPB~Pm{2KeAgbVq z&WZ`jQEi|)v?(*L)fKP72DOg2X~%~lJC*)a#)=W4BZq`lJU3uuBInjnpi7i4kpN5z zT3uqnT=uRw32LDnk~UBSKY=1~3Jj*M4r5Gvj#4( zZ&R}pL=yhpjv^DSek!9fS#HT-E>z(URLyF`hn;9}tx;17SGv+vSD5JIAd)?=0EtH> zz8Ada4Q!NVus)OAIkR$1&>OjCbnH-j_Rk;-TZ<$2C39ERwe7Pvex3yOw9O3(8>$Tj|D}{S|mMX zVyFXlh1gz^V3?`)JHUV0RZj!K4)q?q4@AW~-{ZlZ|LfM}(ce1%YanQ!zIn3>36LZE zAy&d}{0#=h9AQ(??b501+Rk!{v7zh%#&G_)uO(W<8`&*jT5y06?*(%BRQMlFQ?Sqg zOrjI4)nxoenR`gE4ODcX-Z)v&GqfnrP$S0)qP3-}p?&F$4@eg%FdsK2Anw({fQS9$ z?Wax#Zmr;&Z?ZpANO=Fa9SQROmHh#Yc4{G~{mPJfNlbN|h`ukIbg+7ySVqm+vXEk% zA>CI=ClW_4TY{;c?f3bKc3)tjJ;_e$ZH+Pe$}v)QfRgu96+~xFkm8Dg&QJs0FKSav z&&Gc_xj2){ui>GRJC#wubb4)+=2agHb61B1(6BB|qU+=eE|&}r@Xo5nE=||!rqT?X z{ub+zm6uGMD_($z?I|zd7IXjMx#er65`FBKfn3;+#kB-s795^hJ$MPT0~BXpt0}jV zd823(hh;LJBiD=VQD|5Ga21T!;_$o<3_|0Lka?h5lC1nQVKofXIv*F1?u-=~xF^Aw zq{;~5^b_+x{H;jx?>PRiAHEcD*Cm=yLq_mxGcpXq;p_0R%n1jZ5^sf3Ak-sbY9LoV zK1Mc8l$^V;oQ3qQ3fcF^u+?g$UDR!hE-m~r(cp!0#OeE(fLgm~JpQK`6O}fJlTORj za#bK#OeijtNF|v0u_jJ$;y7Fj^9Lzq*KEc&AR#z3N0KOCjW0(Y&jyXTvRnTA+x0|D z2ln$Qw!9k49E_9O&c!seXZw8{>R=TDv?K9;cDEnMd=~-g&MxbV zZE+HNZPW*yqkv4>PC~Sv3ZVaMnOr0lNW*PfvnH(GgRTEi}#yE@N#> zKCprwXg%r1{L&qhIYCF;Dvmb{4+i7c*b6~?>S<-mkIK_A&trooGJK!P} zFV%%!U;)i8WyKE;>O)$Zw4$%Yvy*bvOSV|MpsJtMv+{A7+gJ9{I11~*p`t8sH^LD| z=4o}eZT8R5!ciA zz#g>B_{u(pWwievH90CHq^@j?xk?Fag42y}4$gor-g?ST@N4x6XQ6WDCu04YO1(GT z5~{T}1Pz;uwCkPdZA{f_1d72ewa4r1YavZ*L6%i(N3}e-vu;OC+2%ouw5%-xI(HYV zKLlJ4Pc`lP9}M%ayEolm00L>F*j?CfSGDtXvi&v33ydOVIaFq4-eI5&Bl=W?qdwWz z5;~Oza?CjxC>iop7`^bt-Ffx}p@Z*W!XqRS6)5lJexw@~Cn~3J=~4=g$VghF=pq#5 z=7H~M$Y24r2D^2i5}#q=mo8q(fy`);BP?*{{%G=!b)NaPBlEy6#26Zt@oi%`(!wkC zdhzJ1uta+-2r&$_1ss0o!QI0`qQUqgwg;M%`yxsB-#<+K_>scPuED^rsWhe9?wh{Z zm$awjd1MS7fYhU~aBS}r$NJO~9u9IsH-?&h+btW{qVSRbHfTZ^_;E}#0GlA(v~1Gi zJbMZqrL+QgkiH7pNDWEr=cex;jjG2f^-2+xx|?**^1{98piRPmvp>F2iTAv7bz{Tcx=z^I)YoNh>_WE8azA?}|_JhjT%l zfRSDleK*iE$G#>$t?Hzr?4T&ue|l|&ekOKnH`yP_E};;3h01*z@Mm$M@CB~lOOW!q zpZ;h6KXdn(BR=JsQM$-M`tP=8hBP)^s94E^yU|3?1% zxwQ|2oTebh`x*w5!wSB4uN>og_n=UgafZ@!{84fUo8EhG1lBBf)Xgm`8ggLXl-KTD zf~?K#Z_*OfeDil>EyOvl@jtn_h=Lqwd-AkT+o}myl89S?WlOU1cnXOb)c22KCg_A= z?U6mH1=Rk%;x!8Fz~Ao;h!qQ}dcA*}6O+!cz@!@x+bg}b|KOr&z-0c()W6z~CY?@f zZwV#8FK*vsT|2l`qc|}9`lhBHoS3NAH$e>h;y|xBbi$8m9xFu)wxb&YgZmI#crlIL zUyP-D{aW3pg^`K>xVI~DlHP)1df3`9;5NKP^ONH7FrqPW4Ri$)dK)nnj;vcDQBs^D zjsv|9)}?YiOf+$Q z_AX>XOj(`D{o;>O(b!?Gv^e2OfTZyY@%3+mUozh;nG8AJ{jgDraO?UFU0sV4i@2!_;6cnFo#h2Zj3j?XCMgaYpvb5*8B;cqm)j5?e zRNEBiD{-QSGkY^#IKuW8TY6oJ6JBRGUo8=gWv$n^<3WkI08wnSAg2}iSuiD9f|_C> zc`vD&1Rk>vOf57Hc2O(t0b9`u1hvT_CFjFQ|Nk6ul5GrZ(Ut! zGH)atQ}Q#=-yjq4czvy?*d7@nId4U8VYV&Bso_rc(tT1-yV;^aU8pkalY7svwN5s} z0c@paD$nzMl-V+u{p6z_>z7o_f(qVA$4xd1wfgXWFhH-KIzMmzVd&Pmx!P($!8`dd zY^jz}Q$7I*jOf#NaSRuhD`%DrUEBJp^Ib6&ddVsfT=v9#jESMNp0ZUI`@we9{{H3q zu*x(3{bT+OI3T6Gm0b%>xVaij^JyO;*Cf2iMw{x?EO7Dj`Q`WbZ;sm3l;S;qY%^m> zk;}6JB6_79FVMsLYDH5m73RjF>1;v0KWCWrV2we8p&!)vPs`#N=gvO@f>wU#pl1-B zH18c!%lUfWAq|QX)tYi_MP3LSuZqy!E5CWiA8Ov$F5KZCd`VZ*l}*Bx$XYwN*mMez zV6(vH<3S@lp+vOY3Ph!%!XR)GI`86c&URM1Q5(@@s9qKSr4Iup78HrJtfx!0?|Q5! zsbQ$QNIx>&k10Z5vO6L<(0hw9jUeaSryC?z;8TZ&eGS?tJngHEONy znq}MLN_Wb5MclUY)e?Zu%rwj!P<_hvVVa`F9FJHR5OBV@e%y9i{7aWnTe}AXVdc0B zIeTq0-6y8?mh@=1Dtu=(E`d~S#a-L-&2kOgU1{^qqObQW!8B`mXahvQ$w`bm%;vEf zvAIjr-GIGdgY41-6BPSvo3y)Rks_FMOFGg_2O>UBdv{6}DmbhGGoCUnKjSc{N)wMb zOb*2?E;TxJO=}7E0L{>&%U(^C&lO8NIy=pAQB)?IXO>gd!+#w+SjOcl9`+<-F`1C} zjVZkOY{)r(AK9PcUH{rp?1n1!x?9VvwSj%9@u|PxIbSSw3DIjp#o$sh>v^oX3%GRh z%|-v{55FXMdL;10{gVIVbX}uX#tE3l8&2t?L|@9&zedC7<=tAVv37;c=am=(c@73) z@~_-X8bvuby!$5G4xN8c;}aU=uz0pzp9vE1yL^1&eq=f~Ztp&8>AW_`YVf5B<9hKr zeGrAUnHuGn&dOAJ-G?Q%m+Gm{-xLA8hx)pvic5CcVEv2DSC)%ej%oVXhHnoWfKmp! zxRb)oc#P{Ho76LE&FWnOhbI+RsYk;WmnT)_)!#`fRs07k#7cVK4M$*GJCu1sFK`3M z!d^$p@_@ZUV^A`xK-L4%SQL-OpJnTi`3|z$hzOHdcuhL6b0u6NmsYfOBoi)cRO|4m zShFlW+((VnBPs?jjR){bpQZ!>|Mc}t}>$oNpMRVT&=#w7}>m7 z1r4Z8h~$chM!Txf`ysd6Pb7lt%bXASwj+D2uK-85>4~Sw%QC5Tuk%F; zOG`_KUm503Dcq$g)~-PL$dH&j(lQ4hwycNUNpZHWDQWH6Z2Tx2vgSI3A+($BQfO#1 zD}7Bb4d8WF=65HBdW&Z?mxuX$#zCWJNAYkcygK(Ma8NsIQEEDHp)fpZ{0t+4#h8M4 zlbWAaPiBmecdck8c~rb5YP?nJ+_2Xbsy{8(a6w=CCWlCN{5ej~b>4s0!7bbXv8TU& z;}2KnRx3=1HI>khOylq=vQ{zS&wGFHK~f3>kT)&3VvNYSS8|{<*nJf}=M4@jC3h!l zS+qp*bQK@FQ=TQkL%N!j6@=X05#StAU}-g+vvMWf_*%YH!0?R2K-tx#ZoKl>++QGm zV_bu8oscLJds8H?N%{H8e>wyCK~tWDO&4~1+&@P9&ndX1_~U7Mcc|%$xr4+m4sD-R17Qf_zP&#Bg7lR@4V^3ItvD)lhTtGy3&`r(#Tq-^?~Y(f5*QYUpO)wOD9Rs|Dg0_}sC{ z>`XRk-RalR*zk7=0)D8sw5@w4QD`5EWVZqa7hltZl9k3BWNW%TVu2%b@d zri#{}m=t}Aj*3;B#nxT`0jOzo&{l9+zh}~<*z4K*Mf{#?S5(~-ZDKZr&45GF`g4yp zhIaNT1)*p#S6L|ArNypRlm^qD$+wBMk3}@-ObdxH46{-UYw_92!nn1c;|>m59@@E6 zInp4R9iSBFN##pLSz+}BDu`?|Vqi{#eQFk1^Og%zAsODS?uYykYIA}e>OR%E8;|d{ zKSy%tpNt1PbmHd4`)||JN8~$Y;HAgXvL;}jeJ*@KLAQ}r#U9CVx|2$=D&(UdBFI3M zD2rjA%xU{HA52RIqiX>yD_pRjicte{Zle#C9R@xijsCs1EeDao-GiKgxLgfWB*S z{#vIYYd>JDT05wH;bGh_173*(WxHJAyI0V!jncSxK-Vto;TJKOQz^6tw?tJ+HFoh{ zX_r>F7_H1XL51iCt{2Flclv8bc7a`Hyc8W9-epk|ms4BrSV5Bb3)V|*SILG32Z!zM zkvw7B0!oxxb=QF*s%O6Y+9|IF?@(p)hT?NQpVCos=EfF8y%BuUf|zI1V@+3$lUP82 zp7q?|C0XwcQTYQT*t_yP9I$~LigHY~xO|Pa6&WPMHLy{vCe|`bjV3%eGVy)6HQMeW z>}tsi6y^RH#;~!bq3_D%f?24z&~T=5P`1}8cvMzBV37e0Q;1>7b`kxbZJ&23S(k@a zM(z|@$=hgN&`AwxQdTC1bm_FsYE@i&K`Qc|!0^7wB_c~4qHV_G=Xa18-+aOc6-q}I zUabFF42-_wn9yflYc36$)}C#hZLPb1z6SABd}R;hXBZbNE&y~DibNDos@-N zJ5;tm=FwxIBj;{2>ERNx978uYnGJjq2{zp`{Bb3#sj@t7DIy%cNB2~4{fc#p6P_zq%_56y**50weiy~r zc^t3fsIv4`O1=#rwVFU4g(jBLh-j57hGWUhNj6weVSSG|Ty}n=XiuI&mQ$lTX*DF&<)h$eaWPD^Q@AQdN44T(eJ3pzPXXrI>E+F^$_`c9DUTRdkZ zi?Xj858%Dd0-b!c{+<6_vG5hZkj5cDJDY1n5n3E?R5%Z2Lu;``;ZP#yelbg%{?_j; zzk9V^v*{o=U#=p`OqIF46A`U;F`$W98UM7f#p(X5Wixjd_5Q1lu0m1s-L34XSZ$78 z+0TGZO0 zGo0Jr-}KpyJ6sj@4cH~^y7Al|hT04KQm>Jv<1(#&=l^)PbM2%~N%?e2su@}`s(9ms zTbhr5pZ6rnTmFZcC27knrmylP?&3jXQm>p1Q3{s8wKL{;JHH1BmT1A1JA?$$i@uX!ra@c6 z`W7h_&b9m8H)D}WLD%qE5t>@yzAm;ZS7?}`nb>j;)Z!;U0rGTz7csw`w%UC;Ey2Pq zLjKYMOA!SsNN7!bDMYV(4N8k!j+BzU>t*k>h5W$Ye$7@4w#vR5UTzQeud@&@;s5Mk z6!`unmk+<)(*O=lve1p23rwDzyOD9+di~~#=viMoe`ixlL|Jc_t;V>&)~Ap(!Ln%G zYgd5n;~xZ^LAQ#ER#rtNT0#o5bw8M2%aGXm4gRQPXx($xw?l7|5!LS6a2;}8m{C*Y zFI7~>D>%z|tQsuwWS2)uh`yKDwf2?iGJ)BaItE?DQUJzoxw)z$nsLWSJ6CTCGKinCjoaAhELR$96Z>oVnV`j zS4}8<*C>q+9(aAbqCxX)OC(yHznig2EkM4f_AZHRZ_SwI@ziZal8qiFq;$&O0iT@b z#^3L5*ef(w!G#^R?gl3V$*=kh`|t9d$RZL|C`MTJ$WR|fSLi~evu+uT`dE^_wv@hW zW28z8CZELP>PPII=$_%d_<+Q8u{of@J~4+mGz%k4?G(VBA2X%v8n~6(EVX|7vDb1q zi~TV!m6^whXiM{1;p+uw&A!z8p0W!bPX|X*%i_{pQ{bFXGs01EkkY1pB@XYyvX60$ zd4tYVODr+1NgLyu1$l1TO8%lht~NgWvc#9`sFr2`DwoD$-~HoZRUWf-%Crky55I$43X3 zKGvqm@;d1oO9dFR2^s?*xp&^5OlLV=I`WTjso5YUdVVfW$uP`L%9sR}!B-U;K3VON z6`)!D@`+YhM%=7k|DB zF3QK9AeB4Kr$wpew0B8FmWdm8;YKH)l&5hyYJb6F+@f%>2DPrI@?9hQj>|{>VfK|n z{hJVh^vmlscW))M41Wk6KE;M)L^+1{hPOvDwZ{Le z59Pl-=MPU2La4en*6Y#DfPinqH+xTaIRdsDH*X6Fx;P2 zYTzR^BO+U>qr?2B!$c7Yvs#;{;cU$=^*5hS*hhO}oI?X6V`W~W8R8);?BH9JCK_z(`4FGx_k0j%V1-cdaMoAl`;r=usXZM;dH& zCL%`BXfF7pu3eLkd&x(bqr$!G2vF_NXD<=Z^cGw+!BbB&wVGc>#$YDa4L`GX5$!(T z$L`@+PjOuzX$tJiPxr#Df3Z{9Mr!O7stiJZ7Ooe;qa5J{R!$gw#gfn1nDt7#wrCGL zikmIE#jWYg5WgygA13oV6{lQ8jp~2-ME>=XE;@c)kI?>(k^N1JE=!5toGgVcV{(gE zwd7j%ugBJ3LRy{`%lMDUhvQhcmM$90V(7whA+iYmn%U{RE5&%GDnSi~%rzL+wa(`e ze4{sW7zHWQ+-FQ~{#xn*Y3f6Sf~Z?~iM%%7Eq)2eZ|_%U#e0lB$CfR^g0P_y%xJ8q zB0spUzU~&1C%qQ0#15lBOhNn@_0E<3^XMv#i~TEI)o(#c!Opa}94h$B8bRrhIZ=NJ z!8{DtmCxfQwAAt>7Ut)e#5S|H%a*>!L0?~*)&6?=M76J%F> zhh00BCcTQoC+OWSqgkeryx7&5MHb&08)BKX_24)}?6%|`PQLY6!sO#}LW~g<%{rQz{lS~ zc>Z7@EC-I3shxXv7{)P|d7FE6M|icjdo;WItPe0s>4FG0`eOCb*?A|sw zC8zFCfYuWhVH2U&E4HJ>t<96$x92TN48~W_m}N~2cIUSp)_WRas#{A^m<*abmXB}8 z(Z>ZUq&-esHFa|g0At|CQvba-t2F$!Vy0wSBT1(L@Qfuw!ctOF5)iG`9IR)h<-g57 zz%?xmzkCR@HXlx7^*leA5aU_776K^1&`Vc`>vz33UB}ATgQX*e`6B&7*r%5GvtOSK zJbW_r6LlDIHW1UqIbuTg?TZj@^KZ_r%+(qtGmF(crx)Dx)plaTRCQIf4!6Uh1K;s`PdBEPQpDZdA2Up@1- z@8`iSAbJ=R>MeKwTS%I^d@5IZuZOwc=(mt$)wgrYE-$U$?&`88AV27=%oY(^!~&29 zeoA8W{{{t!E0ICOYyg4{4huv<3{Xaf_5tA^^7OZaiylRA-_t&wMTZl4qPNnN(e(U4 z(7U*7dtM2ImDIh&jjoYc!U-htmgLh8T*rQnwP##k4HV|59`FN`Rt}L@$fjMS&U<}{5k1HxXK+0jhqU3p_asEP=xB={KncCxG<=IaZtu-l;&2c3 ze!o(<#%yq5m2A+cSPA~_4pm=6k5yirgK!Dy6*NLSKfXvfJ3diop~1lZ%=SDtVO;)6 z8qyMvItxoeyrW4+YqM2d_}urN@Q4b_A&9;PEYYbz8K`GY9y|CH_SxT`tR_bOn+pI> z3=1hYDI;@~VF(q9gPs1Vh*?hs-5Iel1R|q8f?s@T6{iT@IV_FCVjfRU%ShQu6HE@7 zp*>LfmBOyfAwzEnYbC7mpE2LYVD!NOn`uS1G)g;yO9%18*J0<|r@N|4to>Z%R)_ow+4NJrS z0ic9ByZZh=sQpks6Ai zlU{c-;N-F7J>FbGgj7ajmGl^Rn>yvtc<-__|0H%-X&4U(8@B-1TD+_w>v91Wg_JbV zam))O#yqssyfk0rH3l2N!E<8`#;^8ueU|GMff7UudzX+TEc$YvmS-ylb7GQ7mrDBgs zEw38S@ctAogs33AoTN zRDCdU))tI+5q%Y0Jz{}Z8=yjuppRq1JUb(79UQ15MLqiX2_j^?KsYKetIqMs;!n=0 zvsYK$b&FE(zyT?4f_&|4vi>s1c?N6b3bVLwaFfX4+M>noyqr?8;~ z(cw za{{!~SI*9q3SdNuDZ6L_~KnAw_EX##t~=vBjxk!t$9q`bUwSk)M5> zm_QQ*#?LldKYI_3R9^d6TgdH-q%P2(@of7SB?c1_Ap!^NYeQ?9cq9H;9_;t7m9Zc1 ztkQ!n8 zSnBvu{?pGq%C$Sd`xH(p2x-C-x=N&6ACntN7@XyFo$Zv^NRa(1G2a(W*}HWGmQpPT zQdE`MaLh9wb~d`@#f$pYqS*-@b(`0c*0c|Et0=@DLW--*B2TLf0&rPN#EnZ`Iu3gW z))Q)Cv!l-HVo|BPgxK6N^jsHkM+|`8Wij*D4aW1HTv-wd^EByk>!Ru$P{@V%+i~AZR*A~m;Gt#CWj8j<^ zsx`=X|w(>S^GqAgJ{$o~zW^3F)Zq!81$chZ&_}zEWUh9GJZuU9>a3mXM=T<94r$ zV|J85=$HJXuF;2m{kuI!?iRAxf}~mK^O*PACPyypqUm|49!LA#Jol1rGe;Jq4)EVH zE5z{r$^#-iw85SKT`~1VLPQe}M#VwMm%mh*HFS3DYautFoPRoZa`(uvZ@BKsm_)Fv ztqxJx)c&07KnQL64_cZmm8rj|G`G$!UI0!xgv^n=8zk72bAx{CjYH^uhqjRL-aX5y z18Dxu^!MeXp|4Y^4h8auE8S~fglUld^-^>Uob*4qg*vB}HOTi`*6ag%{?Q-sI<~Ea z=3r-(04pGW*^X^VvTya40x9Wjb--K-WXca>?*~j1a(#&#*7Y;l98S6oFr1%~({aW{ z>X-K2yj;9aLnGpM-KqPrTmNYqZF1oLLo`Y5os%=&FVe>-gu7?ak^DPoF*)P`(^Pz; z$li&N{@3W=0QINY&NnGyHoQ{h&Crs@00V$Mv#&C!JKbU~qws_H_8;)LDHsjDVqH>& zmFT&58KVVe{whs~;(qXpXq7YAI8W}9-NCDY-Pp6)^wR25!u_4mfUvJoM90?C&kPT( zzUtg=&-EnKIa?J@@pqIoEsn~6rFe{qC-uJcWiFB!Q}P_qoSn^})wVp7+3aiDU=b8; z8xtDTZ)42-w{r)nw*iCUf!cB4d>gDBx zJDG_(I~)6qyjE@Vj{UH>uolIfU@P$aFX~nOx@N_fN*il2N+0ZLn_#b=vglEO5cs(I zbyWj0%+ZIWe1$FEmHXZEi2CA8)r8%-{_nkdzE|A|i*eTnJb1Yl&*-}Rh`J8iPfpa% z`?yHvcqf7fLoZ6C4Kj(>;W^XF^GW@F(kndUSHO-T$NPt)k*=qGsVhNPrMv27(jZ-6c2-?(Pr>?gV#t zhu{+2HMj>24#C~s-Q_&w{r>;rTj%E7&Ef`_-o3kaRdscPhq}o^-5q1jxXVWz%Y)9JF$0a(B*gb@ufhr%m9kjHv@T7lW-21K%BTb+W^q z%gYvS5!?ZnJz({s0@6_fwD&I8f^;P+QctRZ{6tAQPE{SRD|q82{}9Ezi`u93U+h3u zsc_m{JBEyHiuK$t=|(-P?H_NMhf~r?Pog|WijZm~B2|Jtb~~QGe{-7AZ?tZQ-O@%Y zz<`JT;(ytakBGz8FJ4O*>{{*V(frDi?qA2;3NPuQumbO2L&&*&kXc)d)}~}EbZCip z$#w^?jUnpZU3GQSsTV=}b*B}^lu7(Aq4BvM$;4@BvgLQOyo)t|DKV7tH5<>r``tq% zfXkxMc+?4^W}OazIsOW{Ihpn$tcLepPeIUaJ!2@m64)3=l-<_syet_8z6#Ui6w#6l zTs?9;Ik{IyNRIxJVFCCGX1=V`NQfPKN^zcY)n5TpB$-dP#P4O}wceBVWsR2X+H|VL zys{oPBd(_-u$g76>0aw7^!0{}kO}rph@i#dPa>q~|84Z_M0xe~XFnU;^!zeaC{@d! zV27{=Td$3G@{vm>cS&-U901X5FOSs{e*}d;svpFnBR=cYNO?Y3`tT>cGD?8BUasA| zwJzD*_jvd0d(wdpWN$5sd>_OS4=&SfuOq-KmqvI|NT`*bpVJ>Z&y9;r1R?-;CM$rX zk^OYXBE`r6P_zA+Qc(MZ?WbhG_$7Iys2#Q^mb&ViayL=ndl3u+#?hxyv?h2cnmgLtb;}EEXBYL#r8J)h zemEf6_oYmoKj$OLG-fhY%W#txm&-obc`6;v_DTL;{ud?#=}Zqc>s;Zy)2E9+d|mV2#sa`pbI$wF|JVxrI)i0Wdk(5<)C(0`*=x3H)p*~vB)>nn4B|Kc> zUHuyky###iZi|!h0O2r-b+K^bPW5E%F-z&j445@HO7Mv%3OqJhbgT5^(;Qu?3viSE zd(Yq{UlB3PK#gqS69OT+AU%vOi5kOehNOWpmXn_&Usl3kLdB;BlSndFEB7Y%%Qc&& zPdivvA!`{)lwW`wPdOXiD#CvJ&QG0Y_{VYTIqrq7QI-2<#43ta3wQWlg-`y)7b~Hp z^gatzxTLD_lsig1RoA+t-Q`XL?_wIOv`F`K>hzVgS8hl3lWXnVlq}~czCi0db*BEA zK2FC{XJ)jtG{0P5t~L7Pm`;0_C~bM_q(+D?-L-)iPGQ zj6M{{{~cWEqtcHQ9r9puB$ z@p?FUvKaZZ@HYEQTnQ)I$Ea6te=)S)KJAhi)I}iYQudjS&69}#p(g|jul0Dm)T|2c zELq#vY&wCi-s0Rilyq0p!nyy=N7$m!zA|7ojGk9@*?HJO`Vk;x2U*j#^rpGC#Q@{V z9+06PJrw@26<$q=CqHI$)88|}=CAOu!RCQb+A&~Z$X=Y>uqwa>g5McLXlU&9if{%m z|0l=wfG&uKT>;N?^G?n2=P3{cCw;4!Rs*}cOMnEW`u7yOO0RYzAtgkpB$K&bwU9_P z(N-IVugx*9rQTHA=lD9ln7q%FR8qJ$Dv|AxoW5N5v$7@|FqU7^gKC^+8s-Cw>}Cp$ zc!#?!^k!xquQTedOt#4Cb?fQ0=m3=|B2ApA5S9zB1|Bz9eaGS;`D@Ek1CO)0CGWY$ zLZ~E)7#_6GO|sjj-V6k!TUAT_J0*4@Cv|Ypf87cVpA(?FZSgoh{BOFu5BYVHz<0Cv zwm({L8unQ2&^zxul_w0c?YJ`@k5>?2HdtT3>gzhq=6>%5Yy10_Z>t;Uy?w~(=RQWO<*v(%@V*?KptMm7 z=SCXs`%xdqRHX&rz4YRVbbHu?UHp-l2XpM_CU{mYwP7V3_ofiNzPt?U%eo5jHKjo!$S)Arl%zgq6{5AsLV zJB9?v<$${)XbYoHUa@7G^@ABaZpily=gi*JGU%8at$?txfXqZst{@d&>|Tb)s<0-e}MIkp2w?*8gpfasw&v#n7O^Nt=fN%$g(m zv9aZOXk9#2d}3pJWPORjzz_U)Dlw9iJV5fIiRS{Y1tI#y4gN*@by%{S;e*ckk`r^< zhT!`nf-mf5YAZ!SyC2Wy^7(DA;$+)najcsL%N-LciJlFwIX;VG#Df^=TW($38)?x6 zEtX!=OPBD8BdN!M_oDLja;Ob163UuzZvz?~>+fknlsbStKxx;dn&N5Bo5&0+w;aae{~%0)q5V zF?JLpLuHuXsbOD!Cdv{o9619k<@x-uIm27A4FoHE2O__V|Y#Wd&L%m zEBFtf-YERU>th`m0(XK_9<@9(NgP^c)!;PBxIl$g*Z3=f23ec-N*H`7r`zRsUeg&f zol@PM1v_AKrdd7)@DDW!cJ&ZqSIw^MI?MJQnABZ&jHEz;-X z4Y1osbQ`4dB)ziW7dUM7C+@1ba(}96_k&!X?h$!h&gr$=+|y;!xMka)n|zRNKQm4e zeBXNDau{GJ*4(jMDmSght1-1(J+aP{$TN9v!FOog8uTiVNiRDgZTkJGgBf@9JE_wN zZ)V-my+rjum3~jI;JXWj7wh)yG|uWmDkc`xDgw2a*=k>fe5w3{;naHHz^F7Do66fJ zKl-_3W)b;vt?4#&dUZ+dX2dB=5Mw*FQJ+$52Cs*aB5a7Bkegg{U4*@7{jt!N4_f?L z*NsP!%f%NeN@>)aeO8Hb>165mdSP9342O^3q>9?+{cMSby$Xe3B*9cRErN1T06t)UBp14B-rfAn>SFghJSx@7*PO z!@+)$_3-WJ;CV6(Xh zkfPIR2=TPz2|PbP|4N}=Sve)s_vz_)Tk;k>aB7ZF-8>KqPm_d6OOOM< z+b2*4LBro^XSfdzr#HpH96#P7z>5G&8u%kvI+_6QXyJjHR61pLw)Jw(?P6P70Gk}q z9@(3lO%tuslm_MQd@DPmeKc+^3jam2k*|C+_I*twzO^hf7^jKrO%UugK8Ij^4-|CH zZ&)^#_A^htAEoL{!N!^r^ZT1)p;gil;QB%#0a6ccUTS^kD8vF%{%2WD?@w~!vZV`p z{Gi?#+@*NJ2&7vlOLz^^?fAGVv`@e*kNsPPe9z#VMx(a#r25#6}Le!*69Lqvk^d1RtPALtSiRqgE|DWB6MP?@bgWXmAzR)}vPa^h`-br%xdW zF-CBct8{_nsDpWHn>{7n~n0i&Sl zKmsjs$07sFv;OGM2ThaT&rzP3%zl}OX6Uy@<+|;mLprTS%nrv)Nnax|Q+}SU_Y&R` zkH%gRo6YB@78iS+*><)=Sf?h(wSQ!2WOD-q*!WN_NWsFW>}EGp1AIVTM~mSbWQ zp>OE7F~~1w>Y$|_ly28pzx)JP>vewYQ3`g1;~3OGZ2N9`T6bjjhaBd#$+q7~hasiZ z6rANphMOWFz zPj+!+i|uq1b`u5@1{RX08Mh(je_|>Hf46ePF_7v*$@k$==)I%6>4IZ`9s!-Aqo8vz zfDaC>R=6veGE0-g}TtsdEKjnjE;_{6GCRkv|n3E(9h;tqhpfw^5B5rTC?uRkK_@vsDe1?Bo>3_ zbtz>lB+{bNsOo?4Jx)FhdpT>q^>&O-fWoe6@+Llc=X1I()tMHIi16dq=My@`cl?ZC zerG-qHzG5cKF?9;xhp1=2*EGH-w+FfX8mL46>Hb}f(#yw19(PoNtUxU@az4MdBh?I z6R%CY!plKb0uh}M3%OkzEMgEZT#bo*qKMaws3Vd-<4S=tJX!dWc)}3=-({Xb2l*K* zA=9(i+AqT~eF1NznvKwBE(hXqE)NDG!23u9-wC(e>wp9P4@DuiRQLOUNT+y4W0aPI z&tQl}0WuACg(99Bi*^L_Bd?)IF$#Ui$iCeJQJLF!-2#N}NLf2Y<9f;UeFTPnc!whxTg+2@>l(oQbG$M4*mal==SE=kZjz=oK zCz5bd5Al?Wkd%jJ$0KxF?Yc;-r6%*YpQR4sDYg9-a>XQ^ju#WjP90Bp#iH;Q*bj1g z&u_d$y$&DZ0M>}|!SB6fo9uUmEI}7ap}-pZ!&$7o(V>{T##OV+4qPI(^YhISkw!b? zcyn%#d+5)6o(Urv%?8zE-?EJ&fMJP_jK}#jn9XvTHteflr9z&7U}h(u;%qk(j49K*pBAFGu{(SiUM z0h8UOHV;`uREipQT_xW@-GFma3gzO>@3enp)3W&d;roK3pmoXf@>py;zvAFqvzphU z86lSC2Y4?CWi72sb&iYDNXbGc;&#q_?ftm7DZ*{TvE2^xFBh zh#%1VN@&Z!D(di59I^)Eu(QR}Dux>k6IXOhG66~vLfNChE%&Urw_lTd8wkM-cslR(c#I!XnC@}28c3nzzqTN;l2iNn1U zUpLq;9S3SvR@dl+2D9-x&@(8Art#pz)JLS!BSL#+GRYT@18@0m`4(RE(6CYu(tZMM zFq&}ncrj!FrOG=MpN6n`uOWU1_z5zKlWg$(|IlZ5#ilFn4bI8SSbav(H3XT2<%@P%JuBSgcK05jDzzKX+8+jiH$`R{sA8?aAUGSH zT*!R==Xo;MR$BY>D9o)Hi{zR9o#|G^gv0f;rI%bzueO7RF#iX<7xNr$Oy8CgRcnQ3 z-zjC=Oq-3spId8@{O|HVg6{Gp*e4rBktz~lS_k@)8h?D zxrK1p_OmB?`>JwqHtp25JbqN=UPFa*CtVyZ)cc(#s%x6REop+YRWs^~hOaR>(`e3@ z?AmXH*G(iAmCk#ARU&bb-4H499tm4=!k9)uyg7>+IIYU3j(?}^slcszgEA-?6c375 zGv&9aXnh~u4$O45qQIvxFfBg8Jy3bTj3?)4Yw{5mau)erJ89REgkv@FX5;V&nI%<| z&GRqruR(7$u1RVj7L$eYJy3(C=lm2%akzZ8)7wv-%Smdocxx!c%^cp&2iw|=?WjmA zcFJz5j18`L$YwKZn)8)<1!iWb>#IxVYwcWxFX|T9&U(I_s55k~5a9F}HgIXu`oSZD ztDUzTk7|E!_*M6EteA&F3J2d6{WkNL)ldupIQZjYh$d>4K=xn&0K|X8aR_*asFA<1 zWduGmK(B>+$6$8KUAuQ<_y1+LUJmtYsDSe_#5x=~Je-qMs=ZIFIlKA!HYTR`Jun6- zwdpGs*_sWpN3mKxT9`hgr=mt099e6Ua$3+h8QS4p!6NMnrhj2W!?u?XAAZ~Oa<>Ck zer#!E@i3-gS%+PRoi96ESAU6No_@E-DHQ!-Y+k-?FMNv%scgMd*nGicEc>HD=cQ>^ z0QxUlsPcI%AyCtlSxw#FNufsDwpor4Eb2hSB7?)Xwigb?sufHf?RnHF@(>yp#+?y7 zT2{66VFc_ZT?agpTKWhFTQ6D-hGkNVh@(|lwiEJr!vyLZEt50$NK1OW7zj=9!CZA) zfkGaQXWZei=+;^zk(QiyxKl zR-LiGhmylg``5)4%>Q!8w7yR_nJLd?MNacL5o}i3aOXH)hFjI>(t1uT+gH@jS~?Q5 z5i^b9xMWmm(M>9I<}mBJ3-@LxSnY?h=zfh6G^uwFuz3YK0h$9~j z^K)HU;6{!mmlcfj-%6xee@V~jZ0g@2e+liT}gt(>&vw zlF`C0wchZ@R+;*fMrY_oMZ*dX-{6;?T%N2XW3!b?h$8*`VZh|h=S3qnx9rhIeA~t* zX~PH?8hkXLm&fg`R_{q}+1kgAR{&&tfp=4Bcv!_vctAXY_rVVC{GC&t+GX`TLc9{k z<~;tI*W-FkPrdq3LyMvUdil2ms8vR4+*APA71fr}`3MvwCRpxa+3bN!;)j#qgpSEV zm@b@0b{jE%4D1%VE;uSMYLqKTk{5R<)$&rp0#a_WMV zw0-cTu;1NlBO2EjfGa>xXCU}W5*U3H9;_@aU}8D zw$=6&l!vtuONuZL%3$EpDskkRk_r?dQbGH@f+G`fvf!kagyliWYG9kP1VDk>STZ=} zjOt;R$r6Ai>U5UK{LE~-&aHQSTSFot`2jT$czA0PJAnX(|08BkIQ~H9(+B1f+x6~z z?5RQ2p`TRpv;589^Tujg-M79dmuMu|6faWng(r*OV)m2@z>T}jU%s=KPfL-F;il}6 z#g-zX_DR6184lOCZsVAXGKV@xCx6LGHX@1ByRY%=sxV-mT|9nNX7-W&Xf|Dw5V5^` z$T?`ivXi;we7?!Kaq75{^*1=+da;fcA&<;^9~XNjmF*~jOl2ZhoK%V*gY*_g30k_H zNcdpZgrnYiCO8mjFRNIr?AUN{8kOa@9#XUC5*3Ukgmf(1+lUMa>TtG7*QojXXaKqw zYg-NjQHUC|zz5Xd?PUvO?Ccx85kdh7UMRu4C7SKT9W0zM8h;wD_aDwS`xOULTEio- zzTrl5P_f7j}T?=2J%JDf~QkZuXU@U`cBv5ZuzP>~q{=a+_k8Yu{i z!sQY6dUnw&5SaYkU4$Y#28<&$pb_NtqGXy~&`B@8L-!9TXj302TAWgx1{_o8(NGO@r2^_^mb3mI(oy*-t@!WMS=3 ze4{VQsaK*)Swc;Ud7*iQVpa1#NL+#b!96QVEyjMk>4Zq6ShbezCTi&-UMoSa?mUZu zYCU=*D>K9KCsfWe>`iV(8nqugm}L7Et^&{!sm+p^J|ew0Sq%<;s?#OEdl6Z3{p@Ey zr^n1ej_E@Ha$bQP#tglqbp3RYb>hB*JU-~u5{27Mda+9cj3M{u=j)hICn7+XKWTez zaRut%`2{X1gitkDEe+awx}|`ZGcqCsegjqldbAT=w9tAqXD`Qp4+)$+!sTen4&&x$e*I>$c;A9qr-l9KaMEEx9k4W$n_=qX! zPj~uNECJubU&wWbpO<{umm_FP=%-T;T{AkV13~_9G%BqLBkAosUwgBOx+s>7;@&`d zog_bfx}%_6k?Wb6;x4ei>lpr5nqE^4CEYPn@kVRC4b7#N$=INus1JrQ-kA>>Fp3t+(b$h1PC>tIG! zJEDwNQ>nL&v0@I_rg}RB*8wXxr5|)9hyVR#neWHL zh6LSGl;wiEKv&S!kE2tB`JZFZ4kQ`;-6PL?ZZ2Ad`ibk>Dp9df+9?5rKDSI}_ zv$tfV?mnDv9l&@srv@N@#kc(p4bw_=B!4WHwp2o>U6OOg@e>&5F`;CIe=CNl;kID2 zJ9^uzdf%WKLt|h7ua5kE*}**6SOp;kdn}n7WWLoSB-Dq6E1M=<_sT1pDCI4W*tj}a zkjLAn(P)Vr7O0&R)I<;BI_h5+Mh$rP^Wfa3j0&0Vy@@fIzAcAU_h|+E%jlH#DO!gH z2!R-c4%Z?}#HOQ!|0TM}Tc_9S*}7;oKdkFB;Vh47%zd$_LIZF@VUpVo(6ebok86k~dvCs59anc%&jW((-u-;2{^(Oby3 z)YYhV48#5c0wxkabyX$Iqxfn;BHxW3jV@KzlE#0J>Pud&g@3vXx@< zAM3DqkFkQ|?nN+W)noVGcbE?s>9^f`{k9V?^-779i?{$8PZwfvv*87Or@NkG$j2d( zja47!VMQgRiXE~?>qNQ*G0%!Lt#baJk>jc8a@H~av4m3JQV^mze|N4rVTzW_p$B5M z_&RJo(}rKB(W;Inso23Vk=Kp4S2FN;UGeJ-L8Ar2^Tp}eTKy2HlF|^>Dg|aevfIG@ zc{1D!A-*!6z=*_@+WCE;O0I*|N-+*p^rw53?tUY4P%)-#v7iJnglV2vzc1Fv1a&jI zYYGgJMQSJ0&nFKPI6azWGH9C}SnqqFR$(#a=DmGT(Qi`tTHNT*(6cQTo?=@#QR;#` zPa%aVR9U2w4H3YCU4wmTGE%2-?@ORp)iUbZbo{IrJ4`Wh%sGiD`55u7#2Esv`V(oD z`H3>NSdUUO@;eeM@sM2#-6IJyE{jTCz%(&Sww}bNUoXG)isdKnpE~sraGSjO!yXIN zSHxc|#BhdVX3CZ2Z)Nd(EGTtZ_5~N}P89nIgse&Q3uN#l9D24ZP?8k!+4N(_c$af( z@061nKUVA**_0>R@&V@fMUR^%yKKQnl?taIrD(g2x6l6Ok& zuIV@4x%fMq&mzCEpikn0hjFO!Xrc6dWownuR@Nb!`Wqa=0OF!1Q_#s84)Qjyr z)KF=++iIFU_>_JK`Msiiz~*7EsJb0C&=q){>1bJoBec|noF^Ps2I1Oou?7e*8m|nl z_lhyU^txosfJq_#+#()uaGh4^!V$KfkG?Yuf=O5m=+I0rMt}(c`|EROv z2VoVf1p>>h^g;5`@;$OxlK3bFz0SBo*Ug|#s&+H-Y|?^Adge4V^Kiqp1RmdWB9k#~ zS*(v>l6&BuG3ja1!YTsw^r^Z^xdo&8BcN0d5Dmq@+^jH5BpwTW*{m1Y7P=q`x?O%E zk=j=&R#Vs(c#AOuVlrL-YKi@{;`Neq=!>bc-C-C&@Y))}-oE2d`-*;>?B`{;g|BY9 zS>g)5TU7e?1;MXL^)FklxdR(rBB1915{@aL2ZKwra1DlaRGQ@BhFQZf=#fY<$ijj` zoeb1OfYgB;e+)1}Jss?0@g;2X4@fKf`Q<|x@x*U|69sLvIJWU3VS?SGO|_q2?|>d>tPk93 z-zLwDHJ@${Q}yy!)YP6+im}VuaG!;;NNi2Erf~-Wqe5)>1ISav)^Rk;N^RX5SF>jr zD9^m@A#DM)X59C+=(p6%m7e9t2Zx+lAzI_E4T2ajkRhY);rVlE?3o|fv&GuPYvzsz zb$puwZx(|<4){1bhLhgB&od%r?~oAPOy--Zmc_cEQvo75(dg&e#c;;&OHQP(xLlqh z7^0hYipcvU`Yq&gQ-!u=DS-xM#k4{HW_)J^=+{X!bH-PcX5LdF(V!@-0YfaYq4Bi6S~IyxDgv2btGM>L(t2QFO?$i)vBQV4W9kMjT? zTx3e0G3Y=^B;oGBPj5k0e8W0aGZAmYIB=Vd=^sYyub$Uj%Yo;OLuS9g$NnAL#JV(4 zkb+-w2q(m{DZtEzkGHJad%AA82LWeIoPEW5%(_CnZ@0G zS^guwSLoV9r2hTABF$OI=i#605HISkhQCjgk{@)7Gw3Prv^_2MwTo4OeA^ zzCQmI!QpwHVxdxzplhuNt%z~zg-Be%Df8U<;PU3n^xaC>plUfP9094(W2axR^bZE! zbe?K$L~-L0tz0m1!EQ|sT+LkMv%^5|O%C;iuvd&vu;p?o+Y`gQL<6nPuY@K?oPD@R z{%2a_5e=y)*vG;Ha)2N;v%-E#-tYA8JKHcWvV3TRiLkDIJ<<7S&e)@(>;aM{nJGWV z!|Sm)DCnp5?Sccz9dExl4*O$im}~~O@wY(ahMydDF{@r5p>>B(=UU9RK2oV%Dkj60 zS(!L}`*yZ@Cf!8W8-c@)bhOx}Hr+*Et!tpYO0ZrAp;`4F)xPzhRjq57zGmyZyxe1^ zQq6+bZZc?GAwF+3O%s)~1*ldN{KeY$tYnFd|F&?*>lRLBm3%*6?S{4Wl*_c#;xLmp zh)%5nG;mXjyn6=DVU&|lE=Rmd+x9oqxRtA5dF-mB7k#~Wqy3t9uFo9da0o&GQ%j@G z_`Am&r2(?HTowrr2ZT9AD#KEA&-^t?kB z(Tacj!maH?j28v8c|5NW7oTwNo7XmfqvNK-`P$}TU)wwrxXSBLTOgS^Z-!rx8hPFY z1T3hLZcuMslMn{czcuV(3Fp-x-j2~u$}e9ZaF^#~0#yYdcnF%$42_#FP_hl|v)7pQ z?fZJeu|?0UEg%?W#~buNg4f!B%S+5l?Jvl$!U4($l*is-uGnCJp~iTsv%*Op zt}VWPJ&+M3AEz368Hj?_banBY9&dC)@n}X^`qBqi{&-R3W4rm{ZkusdBmQQEqsxeB}9`_og_JZ zxRrYySi0ItZ%w9;#!b*bji9)4wXZxqTm0)kmkI2E0fd)*>UKmBSj=8tE$xyj#6MWC zq{iuc819(h0Ob3U#2baO`J+61SJm>3@IB%lp9+e}tZ!bf7u%MZWMJ{`_4I@FJMBps zwfYV>3K&@MLcO`5a)}q^vNHbrl%L7Li16=sC&jvn5EDt4n(A`RrZiDYyDAx=^#XoB zkm$RSON$Pp=1ods*#U}}hqGh>=eh?Rpc;D2q^Sy24K#RsYR&KgUb9-u9QtEj!wWqQK4 zW+o71*D?Jd?}^ytvtjJ7FWDmcy8t=wTh`f|_QGp}i~KtnK6Q!WDHCZ=Pfj_zM>4@0yGmdU|fRKg;~cq{j9iznB@8W)=xOD^B@ zod{m>m6ov%De-Fj>zc+VrenM!KP!KrrG958s*xY>*3`g@@ zqF31V;|HvwUjsiH{m7Cw`2@hL`*M&EL*mEkehDVSyYLKdm*QBuAY&QJyzUUx{d?^u zq%2ZNuZg`(BBSqUFw3JCWg6whv_rAab=&0eKd>v_eVCf;RswupCV*q033uBz3m%Ty zF{+0L3e|q3dyXgQS}&x%^$zk0Y)+>7`OXk%rFGm4F$4nKoZ2R+UOIWCpLyLojqXjy zbF=x7%cfiyUea03-zNwD92f2+`5Ak;r#Jyvehg9a?atDrpY%Q?A1{Byq}8esQFfqY zc|fY$`8GNGH>T?Ve)KIV7IWfwYEGZzKOknD{&q+`k#$X)rx;@UGksT%Qf0DQ?-hTY_))iitjPxg9P>!K zo%F!|7jW1xDHEt&`}G@+e*zQRK;pFi_v4LdJeJVnAin!okLR3^L1u@hSy&6g)6N~f z_>!>zTsIohlB&19FtRpiO~~M|mL=7{*clZvR~^m%5TAllYL)bEG;6az&O{&3ivP&G z-CU!yTLM%KQ1F;^s#8#isXiz*qDQZq#|KJ>hCtb>zW4JXxT+7IGaDnGLf*R=VR$wu>hNX7-<2lZ8w>@i zdZ*u0K#5$AQ*F4YOjI`kTV&|r<^i)m*%Q8pZ#TY5tH*(xn->4oQe6|3q61OS0o z-6aF&uM%_!aCW#819R#d;!{sB1FF!mNVh&Spy+mt<6?;6;;*sbZX3cP9vW>-RJsS` zU(QrbU`wg8?Red`(X(3Xh}QdTt5)db^qs8ATN3wvvNB8e}!E7ekzhz}Yta znN^|Fp5F#|ECHz+&eo#b<62!Wh0QQ&aZJI(bIK4zt68T*T4cXRG|pE#!XV5~v52v~ zk|}SyJI1I{=dMk_R|QCMK#`k_vMlK-sKomdkf%~l&V!UUC&Px zebu*=OW5W>X8=a;Az7nFf~EcOdy*M$cV|?$&kvk*QJKYKDW*2bic)nOiG({A@O1cL&asZ zmoFAhL=v5XJ@);N^h%=DNNgtCxwbZRv|bi)pN^rcZ%8Gl>N)$?WG=QE0bH3O(Y-F= zxlj>zS~Tx{fBBFBTqMszUhjx{dUJMj+8IDSjt#pnxWO8B%e5fa&@2b}22j_p_P+5i z!&f-<@SX-;ouU>1XS?Y(c!J|NPG(Dh5Hx6m9>?kQ|78K}7Jv2OX0bYa^Tp*Hw-#em zF{c*8q-CAwbAtBd1Jkn8U_7nJ=kAVSht7!ir5>0evq0tFM+U3m>Zfzt!Ws5O2kuWE zhym6wQ3rGp0x=kX*pp88%l|+$EtT6O*zN0oM8V5B`Wfzf+A2DoWNPa7-te4M)&^H! znHIR`4*ex4Q6ipKPUK#)58;*36Mb#da9AV%qzwXn(0|2G_33Nm!TuD^5BX>=#&5lH zb4)OVGXQs$$_;es!jH7A9&TQFx#Fk`HSZ{G0pp=wJ{zUpMh^u+s_V_2jB)ZA0zDD> zTXaw=6F>n^YqXf5jN!RH-s;}VnY`=FO_BFTIF*0JSTlh0BbDLmKviCQ5R{))<+CZ( zH9OlU)r~!f+mpqJFs$C^l;esDCziwScNN;8o7osV%#?Gu;H8FQ*~>lYGY$3F)kH*4 z-+Y5fSM#YfCFQ@`ZFLd(1P-ejHqwp>>OxViSk84mTc0)I%=ws_EF3zG1S!t`I9@Gk zexL8;CP}nf-)bI^&AVcsiMK?nky7lF(^R}D4~M8?GD~&jJo&Z=p`#;8enmRZc4McH z#k19#Xu7mDf^%)GV~Oi#i}`m0(ho{tr?@{HFV`wrWah^UH_#CnSTDEGX1Mg{Rj6Hs z2k0*U+Da80#+j0Z@UTxgk91}Nrb6wK>Z-=YP@wmy(BSrD3cp8mI*RZkF5hf~cl z0@uP0!<`)bt}vb|A-AI4iW-@D3GBrjM9qow|pz@eY$`Ih39PKAZ(l)l!M)|Hu!YZAh9!~ zH-k)Ej)w*Ky+gUqwi{#g7k}iFzej{i8!Re+l$!&C!6n9r9DH7m80+@WFOknYKt~1#?_)W!ucTt zt9y{rPS8nc5w8>-a^Slyg}1O#Hho}NJmLX-s#2KMmya7S*k;SyprCx4q@nNLmok-7 zP0gV`E>bdFqWnj;Un=%ISou4B!viq;XMw*+xHDy;Po{Hq=7k9@H%Y!b(9Zi)gL8BS zPN{g2J5m=iloRncU@~bpALaqrr{8WO{H?hR;D-!)801&%tP}P>_*6YCL&2`Zj{!Mc z+5v8;8;{E|FriFMmha`UWXT+3a=WDwDi|?|!b+|pl;sIWH0@XgT6)pr;Uzb@GjSoK zHAtxr34p2W;4mLXK8x*j7G4(r2#v~F3TSv{!~IA8e7nEX@psu7)DW6|z#|GD@p<9r z*FY6`mP4aa9V*!~p`4Lq|Ab)Wr>=rs_SSjHi#mWk87HCYdj#ICpP1Z3$ld-~Tp?&t zQ>M8CjOcpf^4*yDcAqtN^>aJ67`4hHUGw*?3`$?>)PnV973Ct);ADKk`FTN?ONuD^NWb_oq*G<@_Aie9x40 zlGatAe_a9wNGhyS&^+BK*V6r9;JgJzjsD9``?vAMUq4smmsTFg^clfP1c&o^0W1@d z(wd|I0hzbQj6U|Lt0He?OS}E@m^1CJ4E)pU$?^r)JCilyw7!i>CeKtI4t{K-ee#Mm zb9Tx`AG;nJO>wCU8>(MRh_&#namW`ap^+09Zt9s2x?2M;SL22Uh1DE~zdPX?5TKU@ zyPFV}xsgX9Kt;H2?+dmUqb4I9$b7;&2o7eAtu*;@@CdcUMnhDUb3fJ*{?1;N;HyCQ zF9^-+0Z6mVjSXybXGZ9K(tr>(`Zjpyy?=5j=WBOHi`byx$wag%rZg`o~Dxd?E?|zJGJBI3#K9*~gx__|=J!OwD9m;JQObm!u}S7qI^#DD&J)SR@^|AkPJbE;#A1}p4i~{I z9(n1X(_A`NfN15STr9`iRF#zWjy>XE-0WTYWgQ(osryXegZZi66$@NX=f_RmFCO>4 z<`IAr0ulfK0FD6v1w#xpRIMr&B^gc#S{8uiFUXCn@tz-TppF-0GPJ&WR=o8!2hVY z77$=&Z#~Vvh~+^7KJgsKp8E>=c+Z#E=ONVo+>_9@u6TRVZ3jJsN=*~l?kv&xtyfum z{^1ae7L_hn0Pg?XJ74)rmT^0qrSX!3yqmkN!BMb)6U7$Jzgw9GwF>Oy;Y{+%eSlyl z2P0f<_3*3kzU#SQ{i_52*WWD!hs%z@2>p4UJ)h98`QW<~~d7?_dqR~gbh?}y%faliHN>S8~||H-$aaS2+YQ?+OJE@_?ag z$@few%__#_InS%2`q#fe|6xM2ZT(ev*S;fLI294sVYVT$6>E#~ck{=b{S=Syn`8Tn z8W}s1b&&JT$Q}FeTs=)`u=;dxM8m-dF~Iuq!w_fcxK0u$hRnjXz2V0FcT!pf0^8Ke zQK04Pmszt_MYplRO!;6KW+3eKM#jDX(@_*ruCcr+A&OB-+X z;BKIpjp(vZL}d$r2>^yFXzz$JE=Y`T+UJ9C@85PAdElM}d~UgV_zB6YrITt(L)>e< zL}etJ?xWIEM5?1AFbXS;Tfx=C20c#i{@VC6sxWsR0o*MDjCc9WG7Qii5bu!Luh6|y zJV23?n_4rP{ZxqOB+?qbQu07LB4&8#O8cQ}(%VEe5pcI|`l4l5+cbDp{6|)zE7oxQ z%Io0<@2b7a>MaWa7}FN=D+OLd^ol{5OrQAF_e>5b77!;`j-F?~Cm>|D&*ihr^ndk( z2Hh(ydue(J#!>lZ!x!$21!aPdh%+B&HccaYin=d`_W?0qJkBeB&MskY>C|a5^5Q=t z&H$z}F8FAv?8b%f&W^&t<$Vc)T`2)6p-o7W*d>sQMUQXzo1PGRBN!*r?Xh>f(@ z3FWqpPN5WdOXHN;BZ;a}y7dfodkpBSmght8s=>3saP;b^@>vC#Q41UJ#(fMHR4s<7 zj^BK$(w)fpl$KFhjy`Ua?;Ek%p9)*{dBvr1H|w5>2k#5?FZ_!NA7J_q?Ad!=`}}k+WRt_M3eG3ThW9pzebbzFiQu8pSB2}I!y0KHaGgzCv^t&O zQ>nDj@wh%hZuCg>V_Z~{O8=w{jn`@OX|x(ub1skpb}z(X4a@iIFvK81fIL7Xv{|H4 zAj-TZiil%BmMnIU52{&Wi&P_U`&`J4WST&rul+YP{p|FMG%~EEnwGDXFOaoXV$kVV z!gBH#F@BSw1!Qxc&ZtSrhEiNylpL*m*Gq}BfOV1H19;;DL9Zeif37fpYhPg^4p3=F zd7B~sbhB5N<-huRmDMqbKspeMl7y?hX8Bgu?AA6c;a8|4LyQ7Uz_=C2x2mMV?2gOeK1CnVR~ zUB*0#zqV--95)^qLF`fwCtSr2Mz|~^^#E-=1i0nTw$x|McR}O$$9*B$pCYG zmF@o_>#f70Zo4i}K~Myd8B)4IT4@0(=|*Y*si7NGKsqFbmhSFm5TrvKx}+Nfq`Mo= zZ+xEjeD8bCbxcG4~e3gwEGA)@>@!;qj`&eVVrJS7%LrNXS^ds}9P43BOLhgm5 zWKTrU`g04DgfvzK5Vc&H?^JS2X-o!gjp&Ox%uAp&6U5^0kt5D1LX=a#>;+p0E$@iF zTsr^%?>m2{MqQFb@Y<<==?o{&1P5eH42vif(92IuCxRvjP-zBICbKA8_DjA!eo7_} z@bxDxjdQ)4ncJm5<0PRUcWeqXOH~-OMp<%!1zmeRNCa%M;q`rv<`OnClUqkiqkOFg#Z7K8$a52TWuMDN;JMrA`InJOyyQC zAeTJyO8vrXpKPy|%Hyu>c5wh7EK!HkDW-9zE_a5P9fw5$a*`~s#fYqNYu@c0^wzK( z%vJe~PYyJaA>;X>L~Nw3z^n-xL9K1=FwyBm?3)R&cX(fXs$;F9&O9R-Z-TdCyu!^- zHbh^c#g#(UOhEryp{mNhwRu)0JW{3G(_CET!z%B)R9kG_eRQ>PrXF#xnNVNP`2J8k zq3T6P#Bxqop_?`38~1Zfpdxg}NbFJeSfvW_iE~VPv`IomwE4lHB7O zL?epQdmt7lh8prIqPT<$l|})P3|`_!wh&KIw^(-Iy|kp08X&27t`}8w zM?1e02F&?~3@r5OHq=$b&jO5`cSnZ9}_z4r4B@&Ta}`RhYpcn|rk*IpE> zHaFSTeq2W>UOZq)o&!QDkvboW(p{qu8@D09WoIz!z*6uI3Jf)>rp zsG1H{`1HjA4&#?7PIQ(m%b@DFI^m>W%SMYMN_T!I&^VIgyMJ=tvv^`D;n(Cl0lB>! z6m>O9isH6}DL7?ag%{3&?$uviDChSd|oDo^sKD8MET zQ9`A`mc>Smg{>XO(e?NVOAD+a@&V_BLV5A)MDsq0Qev9fO;>I@w5OkMM4bT&{t!ug+nL`VdCW3q;QF;qkWJz1KCzsoRkV5UnXH zLk5xI5(ZIhv?2yY)rcJIZ0c?e%fKm+mTSo8fIyo}p`LaDM&nZ<1$k4N2{a5wpoDJw z2zuFCS}9e!{$5xA$=__Z6f8Q;DOu#%*y#py+O8cQI@a2%=9Ao-C{qAbVYyu9?8D06 z5`Oh1R5V#$X6aZb46+qU9HKS=u&;8?&miRuZs~sy_4~JmdppDGd2+;h(~FB43<{~z z0MA~`eqrkBeTjY&)3eSKyjJ``$ z9AjBZ^`ojQAge}dyq}{)zHM8O$E65AT9xttjM9!38TonXkl@hb;-V?%x$qtS&vWvQ zlhXpoGM-?vNJsFUW}suvwOTxWi~1XbcSnsk5y|~sv`I)&I5HK*fZ94)cPRvH6PJa`EnGgCYRa0&>Olm(tIDRe*W9&5O2`e7i3` zId7yCUdrI|`h3#3jwHmLs3KxIMo7_fn|exMENj@PVrEqN`AD{G>8c0`grfu$UP9g# zTIc(!2cHLO=P+bf7(;5*W`!1U_YCpRWMvJchVr^zADj^mcy$Ch@=zH)hf}Ckekz73 z%SME-VyRkD>m8n|m=p)R4;QzWM2Ps$Z>>>>gOPC$u zq$$j?9AZ5&jKj7wE*J5d3FT^!hxoeIQ(=GBADb-wq1>6;_iwV8VL!EyDWpkf_xbbl_r&yn%9+pA|-`Ii*TmJDeCG{KjiT8{;hJoXTXWJewU7qW%E#^B^e*c`7T!AKWQ0 zhEYlYEVRu}^GHoLTB$Z3A@-rtOXDkyqUo*D8~`oL^IE(E6_Q}gial&p{gz*2;_b`) zoRj^1lX!T_r*E&6$y6n5fRRBZegr2fwK#y(fPQp_&!M5z)WSBW<_*xcX)tqnOE6aT zX{*rSR@8=UnipRqt2wqXtUX%%>Lf}2ur0rMj8Ym*>I3b$7%gswSlejCD6Q!)zVciM_| z+q}OyhAE}Bh)PGK<_5>C4Xr*(TYedLMdX$IZX1rGEwC7KQM2uT zvW*!i1ITBKbSE`q0k!(o?}sIn0v6MEPAApXZSdvE#m&=gzCcY0uq2{b3;>XeIiCF& zcC_d3)7&iCkK-Qxk~Rz$<*zYQYKBX=_sc`9Ed=Da$)NbP)FFzYM_0B#q(y~cc|-S% zeguQs%0R8tG{TeuMfKSZ)mLDoHn!trL_+ABk-nGQ(l zhY%KuJBR#d7uAC9vCwDNu+!4*!IHlvc^d_)MoE0uYmx8?Nni;gNTyR-Y%~m(e}};& z^8neq8q$zrIiT;;=x-6_hntV0ewQ<4=l27)H`D_wNU(*E_CYI>e;MPQlZj4>8_e!e zm#>%-f=jO?3XqrzNcrpptCPX%_kcVjpWE-b*U=v)JtEJh&xf3aTl;yer4v{B3`1X} zbddDp>VybJb`Zt~dtks$C7m^H^@`7i+H`4O!>U!TeO$cB&p(`f1VaqL4E?^=^@@Ht z`E@;qsT^VWE1bt@3-jU9s?q44{48XFtL*dmzM(D#^6k#Ia3a6Y^a8HOWpq$_YL;#Y zIp(_wnNH?iZJ-|whHe^b`fn&a!jMd&Gsm_zr>5i?ipY)LGqF>qHa4m5$3d#5?Ijrf9MGqi2;Kj z@!;SGVidlS9M6-4KjaRTRMR-9AjH;CeSnT5i+J?4O0!IhWeF3PaHe9oI_({v$Bfw}1or1U~y`aw!Z1 zX|LUbBSLt{2pK?n;Od~w_PP2hRoZhDhX1u3Vgg{?PsH{&RAn3nIXhL}mHwKgAj{+)czlo6vl@CB0Bn z@ZMY?yQ#K6LVql~Rv254r)(m}A8s(3UqRV2hP#oPQ*QPXc8gWw&8#3L#FNh*~ zo&K8k_W}mKoc*Pg3p;Uu`pr$+WVNP6H!ygiuZBMChWLl1#;t{-Q-|7OCo(#lWkWnu z0OWN4+Sj}b*ak*Ez&7}B(vFa@dG6D%_ZQ>?p`o_42#>Ys8E>6B>5^uTO_>bLu#GjI zzW~tA;8!V__}#R!Z{zAcuZ69q3Pa^){QuR>Y&Au4#^XyYa23DHd#aei83y#4S$$-Z zI$qN$07ZyBbQcU4blxinUU@tnmUE?3b;2iWA?$wk-V_~Ex29AX026Bji7v891?_kh zlW#s!;hyG1j(lD83N_FKC7o`$_RCL4(_AK0B#UA!&{6 zG5V4le+;0b+^`gy$XSceX#e#|==$Nqb zv$zWP9-!d)I=p=#0ic&dSTP+Uc6VAB2TPf;h*Du)t*9`DgGB=v`uB31j;NUb>^lNj1QsO>%IOGp)k1;AN+U)d`^y@+ zEs(HgfikHQPzI;6b4z9hXqQP@lX6bTAhH{P+4t3-7&81fZlBbwt#Oap)N={nc;AVe z`6-|mZH1sEzydm7$qb+ElAs6UbUs>|+bj`7J0kbn=CYB&kxS*zQh0o7z0gE3);Q$S zASW~F|IA9ALm8OyRPcOpD#*vEE(WAl^4k;I7;eUgwYLI*O+8zP}!7CdPyRkc{2_JDK<`fLdd%fsghFWBxb57^ns;WKd-x`JYso z)w`{Z2;;7BE~3l^bxOB`0H-a#ies&T7gAx*$4V{PNRK|8rJ63s(hM@|m@H-U=v)t% zf=jki@z$KqZx0#g>)kUlQFL-0gf-}X0>eLa&YGv~IJZo%S^9~UQ(Ao3F+VmkMKk6J z)Uc=m*pK?Fa55eZEAQf`T;P(U{RK}^cYk7N;z$6K!Efw$>OHV1HH&scJ?E2ejR5nE zI?-L~4SgNqHfptx#zN&%47cxgh?LEjD-BDa#VD?SdQQo&;Enb>mi}1!128fF<;Jep zK>eei+oT`o7U5LHwsL`PyYR3b{}qNwKc2PL^8UUu0W)uoao13H>DO{5&#SR&mvc@} z4j-E|E*Ik61y2<#Rd3dQr7wm7Jx1Nl?)NJ2Wv9(yl-*%%!>u1ma2u;xmYPM{j$^Tut@)0f6$Y8Fhoy=%zD*9%aAkT& zfWKz4bAN2j05zg;nK}qY8*P%(u696;W6@PGPpaV+x#i}&ZLy1BkXhoZ)=YEeC8@Bu z`PZ<*wNfy5Y$ZRD1ZB`A$xsJdz=41}klf;F!J7uQ# z^Pld9G)17(pNoc2V#U{!#kL=eL-{I+K`GgMC-C<=p?^sR%Vft(1T!eY{ z%f2S_Au+v2@9NDXC&n7J1k=v@{4~anty$_L{eG8Q9%cvguKAJjZ8G3sY=}wF={4Y3 zo)6~Dr1HvKx7?Ptd|EOmIxoPD^`7+(8@NULKz1$-zygI<2#L}_Kia?D^51j(TN25` zlq8yc8((~e2Pcz6SmA2EWSKJX*M?d~^HZUrkg|!gXj-;0qXN!iN&xfXBXOV6Q2*OS zH;i|{ECay2RJ==gGd?rib_f&ARQ?K!qZI4ZsfJ2!P-=88u@L5mEMjtXMD*ivfwy0u zKd$fxR?<&Yw3&a&^hvu!Df;8Pe-xUHRFzJBsD5U&Xm`q^c^p#6;fAFP4HRJ9O5oal zfCd^EaF?=s_&*za{j0c?#iNe-Rg9NuFHbfe<6se#TwM3$q=zlJ(suNF1@9uTw907$ z${BH&;g6{xNirl?SFoL1*EX-M{zT6cQB!EmtdXL3Ii2 zI}`KM+amnd?O8s6gXQQg0LlD2a>IBA_Lwei>F11|`Q@koZKfC-i*2zfLw!OA(J7p- zNX}m4s{uGgVm?6@lgL5@2_B_@R8nTW_1(l9hu-Af>r3VpRCsK(PO5GuT?i3n5WRfJ zB!01~mNGYTlJfvFWp3&qaOlk;t+)jRdhSCX?&l4M3>L0sOFlj`^6GkmG|)WWQYw9; zkmrsd_(dBUTovi|#tMQnc@}wYqLpHo_^f^fJG@03#PQE^%(j!Kgtf|w(-L~8AlBn9 zX3@k6sWG%II@%RpRU3ijXeJI^FfG4jKzJ2*0*O)!{?Zx0__(=3X?Sf8{^}JnrvAVrjL|Q@p->W3V89dkyLF z@in%bK00N##G9zl3JApBr9L)n;h&f8$YuDLGJ$Q0a46w0Oyt=coh)Xv-tiBH(31Se zO9i<;_L6{(-@f@M>f^i>hw6YZ2+V?M82|jvNUW)SHz}N#wR_5f(7Q6kKb&bKt&cAA zsca5d0ry(3Qx%mESYii0G<@)^`{f%~nGM$mVCzF-Qb`b;uoX^aAlBJJkh?>A=yaBl z4Ckk#d-gO~a$4{uaQYhcY}1i6Pk&<6t<~V*sh3}31(8w!DJpf0i>oUDoL=CX|1z>`o1o(65NnX=J`RtRGT}1}7u3d5uOIYeazV*fzaf&x$ z;&O>p6ybyjCWk=4l`f3agxPXb-eKZozHnizI8U-~JRgq;mtJn70D!KdRMiLv0FNos zZj+j=h+s$n+CM_gf9?|CB!jmHv_y`|^mgf?YiqX>Sr^P)ao!MF1m-(J>T1KBVC7GM zF!IS_rJn~nn3R+RPP4G|&Hn_92N(Ss0Cvzt`^`vr2Q}aIl3)zTfLOw*+q6o@U;*{e zBJlQ<&?|uKGT1+FiUK0x(gJPyS>iV9M*?#=jec%t+4a0I}1(>#p)F27DK2QVp} z)N+QA&SzBR9^`FZMpwO#I%sg1<3Pey_^3#O<76IYl@%!-|0k0`Ev3U9w0%rRbG9Nh zZP~YGKvvFEh-wih-iW_ED6!LV-1tJjiQkP0;LH>}#-Z4%E&*Gh{_Ot<_&YPjP;D(y zPNW0;Nxg$U{$iCD|K{?vH3BBh6n1^UID<$zdn7M(<4THaM1YG5xbyxQr~JRgEV72; z(?9KQG+Sw6XYLIZbn$sLl+7%};0d-i2tFbK{{@R%3(g`Y%>-i&K!Aqmx6~3nQrX4^ zY&%)o^_eE2;9>>D%yI|QKTRqLibd1e#)6JDx4`yd3~Wl`$qHWo7W3qN*BJFm~z8qhb<2t_>iyW5{E zCTL9nQ{f0WoRbTvO%6ajK1X7F+MfuyI@>HXe*ir^Uv&93IPdjocSf_Hx2wH`qvM0= z%@W%kZ$7l`W6U==CG5?$D7&At7MS!1e{}+)mF$V|8eMl!7PPOYSd4=u^^*&k2q~t0 zZ?jWlfbO=pC;eC2HbovaQzD^g4lUrQ5sQK0Bdm@-3^t#@eqrI%!ovY)B`4S{-CCyc z&jFqeZt#oU$E84w>~Ydtf{-ynzrM>-t7RjB59we3!b)U(M9m@$kW`UD5@(q(cv-m* z!c1jNh69D(1>4U)W8j9O%G6I!gsom9Yq96PFiEO^FaOib`|HJ5R%3OfNEXvNHK*qc zMzLN=_8=E79MHWMh@6%GGWEXq496rW%KOLQ?uBGXuD~`hkJ@a#Pv7LGSs&WVL~CC! zj0RkkLlR7yC?3ZHGpms)%Ij^vf3wXe9ZA0a=EOJ{T+(J7{_jQl+Yy7`-4!~D_|Ht^Hv>l7b`>J;Z z8YT;=l!YHwN0?=$Xb8=$EA$uSRdb}qS35!`^Nxwwx4CJkm;o7{4B#<4aS0fKBt8kO zH>6Lh@?cOLEUtd_lm*c2%={~3`Bmr z*jQ!_SUg8fa-!GW4f<-&_3JlYHx2;l#fwd7Z0kqXDnx z*(L~7E-jGf)FkpyV2sysB&y9pE zv1lR&NZ?j!|24>Jo9@H=zws5Y)PPl3gje!uS~|7@Zmq?*e8CbVxguy-xrwr7{Wp>gi|E(rkZgyRI*%Pl z31jU-0I`=Hi-m@8d#=R^445UTo;O<_+id}koedvW1N+~meOL`qn;c}@7*+n*hutfs z*kC#EtC9|y1%5hUNKZvmGH$`f7r>%%73PDYfXd=1g~(nAF;y!vk=d7LLcntDK_DC zcWK@b0ql%A>;DWh&o2*#@kqEW$jaW=N9i|vu^p>#~}>|+A3I@Mec%X83z8XW3EJ9yCE!*7;#l=mwL@!f2kWSEj_QdYYT~1}=?IO6T|Anyi4T-Hw-Np$*I; z$xzuHTUMhzMv@3Tj0b0-QCSX?#F9F6; zV3<_S3$lKaMgW@sbu$O|bj;+L!}s6A%c2jt{1T?YX}^HEHNP%cgl#?cJ>dIJ1o`!5 zEY$}`d-Y;SZ)Ys`%q%T5iZYca>u#hYrVvnt!mM16*UC=xQdK~0!B2G<3mwkp=$W;P zeJ>vORvAHgOG*WP+=L}h-``zRij`;r?D1i!rZnxNxn;jYIzYm>WuS1HVTPY|8Ug_C%z4iY zq7J~qMg#7_R3_mqMq=&lLXIoQ>*Ols3(@aG3=5jGUk?S`uWP8FY%`T360fSEhffZ` zEId##L~pC=@_y_^ihrxd9g25Kn0LtoGNhNp^#LmKA%eE?1V&1u(|2ixfK9#oKG9!S z34bZQa#>bX2ory_FAOnE> z+@09~o=>?2>|fy*$H(?)m}JneuVf<54*=|TIG|BZ6(@Rfj@H38N!4WieTNN*})!TVma*vj!| z$?P|~4)Ue>bD^^3^N@?1uKkrl$>Yw6w{u4y*V(cxN7qIwvv7*9cKjjsopjj2kgJ=@ zprZZVNmJbJd4V=`_)c>;TWr~0aEECXBAER1epz}@%F$TS{fNIk!|(-%RH6Wju3GR@ z44(%WKBA)Fuk}5Fr=ww$Us9oiMCR1rwZ8@SZU@aZU1G%#^Gq(p0QS2H@b5Oso4ohQ zTrRKlynnW_MsoDZIcD4($wwBmKc#$?ykMv`;w%G#QX^)TUO&wjhD_p0`p40smSQH- zF0+t2%6LG)(4X3{xKo78cfauEraHz5XOd4aqaax2vz2E-AYC2`LOA9NFJB+UCl=Ia zU6MiJ*2`$S$%&GXAk$I=3_H)nS%Z}jew3sC+z(_u+8AQz`v3!90A>4+EPMRCt_=u^ zb*uRsmFfYin2ac^;$xhxw>Wc)Lj!UurOK_B&YaE1d+T(BUno5fa8Gw!>6wU{6V9{Z zN+ueIafi3F9$zz^f5)v*D`3-guF`F+;6K|L0+0$U=7Lr#` zjPVLBdA_&H$~iNb*FCST`I1ImR>RfeTvqt^fE6B>6gLv+pUrz+!w zDNYGOD_h^$*gOR~mV9_i0LVHoNC>$*&=^pZD=2?3BNm*uYq+BgIAdaCKrGiC^Y_;G z?$K;r;+q@8E1&wxa7L_740iZ&&_t`B_F0iga|Ibw3B*|7mBfs@iATu_z4W)yPE2X`$Gtg zOxX_epH;#Jl7!CuM2GQyiSG>AfEy1DG1HW)5U|x&wP%xvquO3QSlmTr1OyHP>z=rP z-vHnC05fKy|36*;f`4z2Jzn2sPJc-2BJO+8|9ns2YadC9HW9%}t{B$GwBkdbJTbQ% zNDe<)yfLkIDrvO#_C$HzvRc2sk^LbUc-z`cZ6Ya}exVGT>o^CmOx%Ql~oh(L-`&b+Q98@33aMW;y$cojQ5;wjpshw)h*WJG9TnyV5Ixh zuA$|WWu{2_j;wJk!8xA8;H`W@Sx+%BZUu!?eHl}X2%`~$CD6N{oN%$T7!~O@nb7Cu zhxki<((js3FHmxdOECCm#@0XlE%;=UtfdP#=q$DKbmLc6PIdDBaWYQ|U~%1?pH|9w z=_*C%e3O^(UNpn=D%tX=ao;)m>(%G(#%ItSGeh*2sNSB8LN#A4wN?&Ncf@;HVUEW~9ca~KV5Dd7htAImT z>yv-(jx_Po&*L$t2!~+2k~!RO*3bpHFbF&_+!+%Nm-Bb3qt_I-amRq)wItM0V0@Mr z#e%o85>6tNLLqnV^zoH5%)C*OQ*_R%rE_@lVGvi#?#=iqI5u?>vDpDfSNub{kC;U& zMd7hg$ZeiE1+G*|H*v7Td%?cWfap!JS(cM1H8KM0?oi-7#rWU-LG=Iw(Up)-lf&dD?EB62_`RlU*bZu3lXWu>egrjaa1+BA~JH% z$jkHWwDc4>nhsueBruu2QD1GnwX4F_lJptd3|ObkM>(H^mP$E!YR*c9b5Peu!(}hRbEPd2uA|9L zTk=njqvhdwDOGonU3TJw~y5PN`zDbpt48l6AKpz?lD78d^0 zrKyKOyfj^?Ln@!Cmc~KxeH-bQQQ-Ie&wWURgC^1Dp48C=n9BTdJE?QT+w3VYa1k6N z5-&XwLm--RQ~jqr$sRV##f7})rOlo%$ncEWd=B5a^*A9V`_gQd@0m`JBb+4qGo5lt z)0O~g+66qgv6&q@(@4IeeX$am^rRFDieSK%_$KKB@h>)*Wn}u3MAJ?C~ z<|#Ro6*}9te=d{4Yp=EHCqx@csF1BwQ@rXnQ0hNr^p-OB2WzI;=?9;hA34&Iqj6gE zV(ElK&`Uw*{*}pF}^U$wodk}0Q8x- zP3|bo1T(@aCjz%A{)Hc_|5SUcOC2f(eypf|z?8{lN=G~#ik*T={XKKaQ5dK$Gx3lo zi4}R0bOWYddX*?LC_Qtb*~|@q1aD_DDmxDLsL=+4X9-^cdHYiI{{Iu$9mU_fwdr{+ zwT-Nz9j1F8&XOKyHZ*$P^Km;z-vfz7-P{E998C@Qh^ksZP)Rhe-*+we1Oy$P^@9UC zAN$uAziq!xFdd!5V_>hSy!mmX4=2JevNaL#Px7F&dOuv)KM%QytD{6 zX0e*7_MM$dU^6Ir|7QCR2D7WlZ8;1q8M__7?zlQ{KJOgvjoZF>9c&U$zL9>%7XxXM zyE=1@ zruPBHOCht`s>L1(3C3a32b{~{RWP7Pp0uR~tQwW7iu|*C?OS4=%}Xk3PhQ(obx9ehDgkUUXFn ziRf$ibZEjCy6FB$=xvPGtuCebInJIu)U#+bh%&r@$iPjRXk2rSL4Hm%Se4oGO_$s5 z*eU~%7Sjpg%Y&DzS_`!B^qTx92Cec5dTzc&y}iA4OkFW)uLhhJZqWNSlCAe&t$#NA zfCnA2b$oVvy8hW%+wJOvxZ!w@G4`{itvsuieO(KS;>DU4?x9wJpD^u6M4g1!>T1`g z7;X=Qh1<%2YQD_?fd2Wd4O~VsYqAy;OZqn_&J*sN!Y7g?B;w4q3L39OEa#*`(GQ{} zV`P^{xBj>;=G|?TaAc`c-YY-(byX)y1U0V$v7nY#!B!z~cCAS2*zV9dnl^^MWnSIq zVz6-+a$RrS%5wUKGTJpU7|$!H>#a%D;~=YidPJ@`^jJ^L`c`EgQ}i3c0P>$Mk}o~tC|$8a!h*RO4R51U@}fj?(q zGS>?j@bvbJUq-Z5;k$y?Yc6ATj&FF-N(yf;jL++uMPGVe2{l}5CQR9pANQ_$tE~1C zC}>b&!9&Y{osm2R6sLKrN`z823WF01)QJ1feIg1HacL&3ft!H@oK#;a|E<`80$*P+ zmLG0K9yN(WzHrKqAoicSnR}G_5LHqfS+}s8hECn?5yH!ffdgvGXn)ckCOP#t|ukEBhyZj(EMD8`-(J$r#3l*UC{bql7&*z z%`CUu&69+w;Hzh^8k0jTVDDkw#ubrMyup}gPzS`edE0v-8pZG`ken%(l*`;U&+Z)S$1oP_MB3G z$2hJ3RB8INF@i_`WGNaTC$)w1inVE?Q6XlwoHMzAaQTWOle%!DVrE@x8i?i4C})a9 zQvw1u212&_4sl7S`}RAmnL-?pGCkU0{0oc#*vLO0(N{E7dmi-qR?{C$3!gSV@j4DS zmznF3!>#@9wB1Fuw8>lx|o{-_kHw3HR4+jZe zFYXtq<}~QLYL18wMP1 zF}wmFQA4l~h!k>;)r^h;s(ga%iyHm_ebEOc@lr&v69geJ7lM$=RZYc(j%tJf1v+ni z&&H$wgz4X4!5LMG-nrt|);GI3+HoikE7>~uTl+Y+#k`=3prp*l#K3(tT58A#&WWHBH zy&4L=iF4GI_6PD&^=fa2nnmHZ{r4t^nAq6Vitiy;xo5jWc`5c=Vt|#DNy5ouT?fm# z^dc0RJr4~n$j={!8#5k#vUD8fSl^CKO>JM{&kMC;Ib4&E594y$+$5&s0HdqNw4e2$T(j+<_Ai;2T;;DE;>@RUtJ9XV9zfj;jt0D1>m~MrDit zPe<_pt%?RjOe{;g;1yBc+QJeL6lCfI)75jtgEqRf`gcY+c6i=iCbVu8WaKx5zb+BC zvSJ=cYMf$qp4EVrspc@VX`hr3i)#|rnVIt@Arnj~pZHEIS4-ZqbdCkBLHh^Bk}{@ zaq4!2V5GEb0#!3hHmfy?4RMN7{~HXrT_hGJFf-MY|MX9k8@4C!-U8E=SL?zTzd}!T zU1Ahpt8kX-^5q~~(BOG?**krwt+^DXG`WLW&>p!1OY_Z0&YGKU?Otxgx`BP~Ytsdf zTg$D_Fi_}xzUdF(zUy=HvQ34(rEVmA&0&bKh5VVaQaN;+Pl z3Zee$zBvSDLoQy5Ydp;Zhai}#;{&vSi?NW^aMoIXXE#8#BTRndUn6}gz~H9E4Y-f^rHfo zXzsQJskqG&S0@3GKSHRHdpdCawJ$EUW|J`tql8f{YNlIjrM1T<%J_LaK~|{Vp%G9N zLOU=uO950oSsI;K1O(JufTcQ6U)?>z2O=Nb_4w-zWVGhZ<6qv#2|6X1JUGRZ4;N*y&IG_`aue1|q4Xx~@nV{*65ADnRk)V-pD-A2Zcxi9H zMfkSqIqv`7$3VeG;`^VjvD$k9eR4FOO;AyrGb<~r+WFL=b2qC1G+U(Ro_ujDy+#&1 zI-R|$Ve@9)F8tFjPr|5qMvGZQpAu}o(n|md8$^^WR$|FEHI_zm_(Low)vDc3Ya%z& zTttSpqU9>f3|e{1bZe(=TR8$Cj(seIX#z;lhrRiRSFgYN_TV-_-Nv9fXP-QBWK2ZQ zuNu)72dNVX#&9>@|B|&TMns%w{(G4Y zZx#SG{NQjCWaY%66qZ{zaG)h$PxRH!v(jKurRjQG-8t=kmL!Hmz>|IwvFXUpyVv!) zb&YEoh-Y}*6oZ%ZT9lfVV!t{_QR0GThwPr@v15x{^d1>k+nD2G!O19rqF`N_#vVv- zV8ctsB=jlu0&6G+9K|s-RDuTJYOn&s~E-m{MP=Y z?F+{rq0f~20ibQ;Ol|JR)Vx?P3X!$1?;OTPPmJ)OKrrU2oNG*YYc0zpVyTHs;R$?M zlP)crZiqdEUaA!GgSiB<&4378MovUOROES}G<78<%KRh`Y>Bhd#n- zn8&dGpx`XN6K085XgM1A0Vc=Md_&=Ra;QZIUqQTc*&G>nOQ>37E0iqd*8FCsk<7LI zI3yzCoo(psLZq~(0A_o(8(G0g&d~fa$C7+fNOd5>k1wleCBJ&<EL=Fp|=KMp0n@0ug~Vk0NnJ`(U|4d#4hyea$V&AVeGBLqWrqHVL_BZ zM21!r=`I0j=@JkOYG@cjY3VKnX+%;QgC1gN=@D>Dgs8oigc5l2JBC`vVh<5nOh~(+_ zs=eF5Or!S%+tGasa``Gj5^ag4Pnm=O#t_W}?1kH7F749%E@~_ZBV}<|(LZ|;YTgryieArr>3qwR9DaG?7Y8K5xJ9~fHGKX!9QfDANbX3Fxv36 ziFBnvvv`JuDPnbYZ>`mXw~jyYCph(S{o0?x1x7_>=4u1CPEXu%c5AIl^Ly1o6D~T` z?dnmBBJ)I*_!&0rr^{Y4w6^6dMitm24<#;UJVq9kWV``PRe$TBrW(F@kIL9qgsbPT z-Pg~4it})qlYo{nkOphA6-M_r^<=1hZ15(2lE6X1CM2Y&Q~2v2s!iAxqB{56HAMur zY!lf?YzhFQLq{_1dPSbzZ8^?VlRsr?&I;e^EdQ!l8}Q29XeYHba+A0kK#uJ^vY;sB zLVEUfN$`CSzZyo;Z6kvG%ComtfO?l#mL0$aBM%5LQmrVamks?U)dz6VLgovH9)K=y zMvGSB(hISQjp9R`#TXno>xK!jumM?Hwx$6Vhw?BOK&612wpTy|QSfPVnSKy0!62%F zqN1K7Fw>(|cLj?{<@Wtj)dz*UMlSrV4E+~FHztXx$@4#!?BVtU$@IULe+_jB&k*yQ*pwR2R4}q2zxi(6P2v37;s`5he{3tQ%U~Q(7u%dRjQ;382TflF0Qx zro@jmHO<|=aX4yo1-8%X#Fk``SalD6Lk}&-zkMrTG_m&xSyvqQR0cD*-D^`+ST?1e ze#lF7>u%6b3*2-JsmI!A_0o&&i6xHeB3OS(!zo{TdwZW8@wC<6r4;zY2VGcHjb!|_ zOqF*JpWf!fMUk4OV@tzqaZ=-{TczH`ciD$&FbQ$#cjRn6iKqdAu#cfW{BA}9jPtpC zmI5x0F}%+v3@a!PL;qog+>p_8F#a7!(3I*=)XfnMUdOJ)N`K>+Y}iq7Nk}it-mLbvC{)J#$m= zpX6roDYqojGT12akr=DC-t|fme~R7;Fp-d|z85q)38V0l3L1SOAWsPNLFNJ7gfh86 zzbvYa18YUHS`kjMk9o|15i=w!M4(k7)pDIVlpd{LvjCewa{Z6U9T4C^@GPmK!Q0i{ zxxY4y%0MaVFr_i$jxvE(oTz;&SC1t#M&-3i0*6dV(;m6uaHRn4dZ`fkJDVS^6g!_& zKRoN1Z11{MgsAUA+PKN0Du(~1d>zgaCO*bz*7$)~>Tm$FzLO0vEMZJ+?v?PCsx%!5 z1!Yq{$~6AOsMM)YSMK0vt{SgD_ z8(|`J%D?AtNuGYImeLxrZRYcDx+V1jj1kG-!%u-1&b9SSKaV|~YEE1N@m#-cWwbPm zs}>XvH%&oHLJ_Q#p)0(Y!9GkOFd=~ohF;-oE|F!5`9;kj&+#hh?9M+ZC$O%ERA0W#P`>CC-SqY4#5iRNi$-;1Pe{{Y1-bY#@eS~f}};FrrH zD=`sK4|2Wh;&aQGTk}WWy681_?1oTx{x=dGz;_=d>Ddq1V#9Q#F4siwrch-!7}`nK zstYRFdFElH70x3@VxVkMt@d_K;X?fN@;di*M%_od?xZa>ehuUCZ{y{U_G!A98V^56 zA@ezBOA+q&W3_T&uN!NN5gY_&y0Gt+Hkl-D1SdPBMTMhbN_2;PHSj=}L$S`t%l zBG-`W8gjY(9+fA$XTYx8qZ^Z?y%@G(aO=rL3jL0nRP@EvG7+_3ck=5;W~|4jQkFmZf_Hk^d-l$2^kO(>(66A+bLC22* z>b4bSk*+mt+P}j-`RK-ptRR}0)O6Ejh|ll}N9jD%?mYN!fbIOhfd;VpVS#wBD%d*< zanhyzgxp9Nr|g<8rSZIy{HQsJd4eEt7TPEijj=02yql)<%?nOsr4u%|pNi;P8L;9X zFHs=B|3_ln|M8=F3Lxk78oVxgm(IA3MHel#5{{>w#C}5W)1?S@TUd#0OzSUaQ_%`` za2cZ$8_)d0w_f$XlT%&sHFLKfDGnavlpn$)-tD%kI}FXxtYVA!^P|3oS$*L;n&ES}AgYED%M(@} zLCmRHsQ?O6Grpg%*!%>6puvyLwLTseG3q1D8w#IDnc6rzomgbK+rqae^t{`SnEmnK zc)}6>z94!w+X(eo+}Njl^V!Cf@cLjoRc5X_$-_(B`tHsV_?$d@Iwi-07&hZtTO!wn zm20caTg(_9{l>)KH#Y7<`AP+I@qX^M%R|Pp8M$d%&38kzpeV{@) z2nH=O&0=A(Bz0;ZYu12t@Wx=OX`}ZkjhT&XBN6Rg#1Um2MqG>f*vR*V`ky&t9-hXk zOO*^6<7-m*{jU-VknV#o8At^we&;A@Bs-};fE7(8y$778F-SS_5FvsfO-$?U;zoy- zB5$N7=p(IkO6sLUDX8x^GMO04x#&wlY}nUJB*>=ZjoXISj;zOBXOda_)3iwzQaL9l zf`SgyoojI(=K}{>QhbyW>e5APV6uJu^=*NC}tzg@xm}GuK z$YeS8d!AQiSI$Xc$tV4GlrY7ZIUUCG;^&ZI(7pmAQv;j9qs3WeQh9B}qJg~BeHIT~ zHs+P%*h+@TlS#4&1=O)fFd~F*^|=ODt8K?2pUW4~Y^}kIO=`JTH+OY#eFbg*r+dUK7ak5>p!$++c-E8)8PjxKP!UNdOmYIx^0?f+cm7<(rZ7X z`x6`BN<<=S+wz4{KGg8jF)`E}v@Aczl4Nmn;-pyIdvLWx!YZ0(_X{5N-Z4z;bTj1j z5-7?R9>2KMo!?P;^373fTd*Uh;kb-Y%W-cl*hQ{H#w%%jK`FFIzlkhe()V)_4SVEu z$)LkY?BEb_t^ak<@>R$FG$|0CN^|4;uw3XajcNs`dBKD5c9>LN@w65)NhHUX;H$*X zN0OT9W)TfiqSXsQ?_8x83Rd!%R5-C3t?u3)yFQSI=Q`toj-5UbPggw4ZKBNMIR2kS z7AR#5M5@lr|9dV=hur5>Lfy#8b->^VQZq)uf?Gn@$l7AYgI&{K2j)} znZ&>%f%zpNc9;^>5B3~6$^w@K8LRr^mx@%W zWlt3ih$9G*=}^vLUptSZn@?Fjszj3O7{r)ds@B_T@;j8Z^#)BX2=ah}hRyaMyJ*hloiYTSOMu^B2M;cNR zf{0ClgB_&SCP0hUFz*?d2EuP1^uC@_%o>3U6wz$8v9_X~xgwiMdOUT-pTbj(0;fIkAb1zLuWSZAK-Z1pv;>3X2^l7JW`LQnM zP%F{n-07UPWYNX6!=3d=2en<$aGvKnal3#^yE4x2G=60$-*k`Hpyq{qC(7u|)SfPCA>!JXv|%$(+QX#nZ9?G4hPsJA6v)+)LWS*x z(`P(Y&WlFY6Q|S~dtWQ;hvRdAkIy$Mw`4T*$?smN@cC2Lg~U=TVQ;N{MFF1c@>QQ# zRkmZxpSme!QMuQ-(#g@f@{5xL$DUG;0nqwp`dVs}BkF96RU`3g5GbG66XRVu7o0ID zsm53QSU?7KBPj}5G|OBU6e272K641Ss}mxazrLys8he)eNdMD=>w+bea=V=EkG@_9&q>ak+jHPbuMHAyj!2dNTSHJ9iLC4|Jh1e1WBqfAVezb?7F$aqoVjmJnTCscE+A1F_(^+ez|L{siR96 z5`HOGz_sp>N3Y%^o2P*LzX{rlpLwzSC`DH-52cM}_(~1(uxN@T#$!gFaK^Ovg<6rr zj^;E-?mB^mIcn{&oL5|(iQFVI%m@0a9&hK=`j4Y=7XL5N_%R8bWXA=`arUvlz%bXU z?Nolw5`m{pV$wb<7&VN+TCZPs>Rjaz z7_WVb5wrg|kI|MK#beSwkxoEbHrQzS=6d;37W zC|T5ful59At3TnW2|gkZ$a+=6rYt7neE~j`Ro)e_L@zIKS-rL$kAu)kt_Fd97#|*jfQJa2~~zK z*0+Q5zcx$#NAJ`X6>0q>%MH%e;`(kGx6GA@&xj~`Qf$1K)Bo!@4@DaTLQbW1Tn zz;3caP4}$WsNu0rzTH@v#j~Fq^e)3%hLbBH*KW$RHVeprE|}Fn53;U85#$d;7OTeL z&ove;B*o1x@dR%qF;)AxtTq>t(IeBAaZCb@=n7{mtm3LwEWOXkfI9B{u2?yLV#-yz zQoZ<-`dCm&cd<)Q%V=2CYiZ0lKS7f5|Duh4F!O9vYg3IqWg~5lcsdS?FV5-l2^TnD zurDUqn39;ck0)Hx3Zd)f2}%DQLeq*Ga!z+{nzkkpj+#&-cp|^28z5uEi8KCwr4w@qLn*3CwiNc0gKN_F0kRTR&+;q#j zl;=LHebg~J2>_q8P&6KcD9iNQq87Bl_Er4(R^2opN8DuIMP=-h0UE$L?(r)te{nhJ zgkHO{YHrQ#weYg=2EQW;+Aq@I_yO72!UZI<$K7Kd9Ef z*-8LQOu9$@YNY}Sr6__ygupl~pgtID1dW8(q-F<3 zevnq?s~0(SE+DL0pAQet9P1J$QBO$5cq0o{4f$#!=ufB3Ptt! zyw%8aMYNO!6pqKZVHgs77mE;WDyb`a1;nxQB@za`XAcH^1u1$Wcdz&Qvb{VP9l2!S zmQ{A1l?u1>yEaqSXKEOA4aLiltJsp8d4XXeFSd+~E?<-{F?Ekh{*LHG2H&{a?q{Y>Awb>$M3i!Nbymsi4TWhzeX zQ)LqRgp(^a^xDJ95@*jgwFoMG(n2e)C4Iiei5R|I&Ab@eS6JN9!Oo2}m_Q%WpTwB| zD*SM{Nv63PZ$~Wco@d5tFaQTn4Ij~K7mpTAwC`YV_C5-}V&S~j3^IY`cS=U@i}a_O zl0rg4`UM^mzsLXGB$v*MtzejawUnB!P{^=XWi|2AZGEg{ZyZSfTA0mj%ge)oxQAD> zIy*bL6laVC9cR~fCS$6VgI3l^Aq5_jxS59!!FL~$KL4kcZ`sM%m7|p@9kM$waeubP z(c;q6%GeKsb9#n|aO#K5a3E2|&TH;N;yv?H@yCLSVWsMP+QpnBk4F-_ofP+#_LO6N z|Ea_7G4$Oj;-7jufOWC<9hE#}M~1O8UOabC^cx7IPB@ZXJGc5n?i2p`+tn(xueo6X z0Sz!0WxEH9xme-!6q3g1Q^MXc<`1IRf#5IVa6eyB4ZCT=*zAVC>DeWd0v35 zb4m{_eZo7TDfykgUTj5c`V%iFi8f*VHQ~-JuUd^5SGUeVZoVJ{>vh{JQ30;s;2;m< zJCY4eFv29UD?F6)rFC8F3kTQp)JRC8|7_)J5OfW1_BI_WXTClOG$wWQ4}3iPS^e;j zh8a=e+=p-x{W5cc`PynwmWL|3^S`UTb~!BjUjC+4WH3=FONAGTj|J#XcG!ofmU7NI zQ;#sBPZQ!(QWW*8ew(b0e7i;Le&s~Ku2_T47L@tFqh8CBM9BFQv1z-Qi!*(lhfvoziHZF(XUm<;Z}3Q zExbhU?eI|)Na-@^kN$w$sigxCVQ6e!u#YLIKvT(va$jw|UHbp9{7mqiV$w? zb}zvB@9(WHgLYf3I$_&U6)M-?=~M4qeq6F!&ZSjKJ|Ql5{T1Y3@H_0=wNy)4PZE7R zGe^UEt3fvvb@eK%hrcF@N)BH=2^pu~Ssjq8aP;R$SHG4W^z)8b9BF}HPtL0+3};M^ zTsur*{=Z%7);;LMjJ2Qm?@t<*y(k)AHwI1 zQUDF?E^+>S_uwjiL)~P@fX_L+!a#Tce$Ywb84=bEsfGHA*-?XPTmVLt&V&qiO73Q# z1-+}9152*M$K@LnkYi!9#?6Rm)$5J%(tQ_G)TXB;|0skRMfu30MYlbg;#~r+YcXR$?04bO|ZqxJGfL~UiVp2L;|MLQ1DY|^8X&W38= z1@UU!-l&lcVT&+d_jvqcnf%+t+fbMAum`!I01UdU2&O+PV#Eu zGCXN@NuP#$C4Hlc8y1`@&9)P1K+b2hrk*b4QFj02aO%E8<7vg%VAY8r2W3&dbj~PQ z09=2~f$uU5v<#Bt?fg_JE^6_7$3=qLVlEOg6?ef}&@QQtv6WU}1vzzL~Wd*pIY)e?hUKknoX{|Yi3wBSgl-AyM=n0n-=*Cq<0vVvOHQxD%2YV8h}xy2#1ou}h& zkn0bR4am*Q&!#sl2|^Uddr`C{=x`4uaxyg*-oK&ECls|x^MZ4IE`8ajzUpmdVzyyO z0H>We#^?v#NP>+8bL)!a7svZ_kKW?#9Hyd1S{SPCC?DniI=Vcq$lJIP`e_uUOK7$8 z*1<|bzvH%)Tdc}+)Ts3^$K!qbq(^6U4h)XETvl5SgG;|pA0}_d5M09r?L~8vX7OOX zek@t6I)`OEk2P~nueE3r=ISvGQ=+ZAJ3?y;Rx6}A7uom{t5t&Liyln>6d7Z6t#>@R zFVofIRoV7tz{6w-SoEPW!FUe!1Q#Y>cJaQo%?0P@+ za>s9$<3EF7Tul!-*=#t8IGrgAvt{T-B~Ty?lxFJVEW5oMin6OcHQcgHiLGw~E+p_h z%M9YAbf;DK-D)KTDt=yxOILy16;`G$lR(86-;G4aRKiMm3U!Kg7R7o-kj0dym7N8} zEq3=~>jjt1P_CUXrAw5~+{UUS zd-WltWN}+wSE4ytK#wJ5+|4jkz~GL?1!R~juiw(}>-edXWYLuITr@~?Y`x5yD8XGs zYwSq}D+xHq4tV>e@R zp1=mK5mda+lYZSHD1gs(UsS%0Ogpu#NkFZwyDw#E?zEAs7?fUT%y8#ajOEdk^n1}{ zBTuXQK7LHkSzG@~$gI~-m`gG^ z{eAM6U&EUG!+agwywH-KdfWB^tq8QXDHc}3(76@3a$Qnew@KxuLGG%;%)Ebr`glB^ zDgqz>m`4w{Op;YuXxv1$Xl(N(hXo9M<)QRRIIl*yk>4`k%GkD3cx2?)s`ZZO^sIfU zgBPEDP9@SMQs4e^9DVFVARWrxxKGJ=5wu(4;7EKKFzlbreNf6I%3@rfz(DnrGqi?2 z(Q6L*mXM)SCA%s{YqoIvx~R6=qzL0;;k^;%fe~T-T?!?^c@a9=rjP_{bvp(_*|i8( zoq+*!5J05EG|ru!DlQFU_n<(wf$W<9myo61IGeJ2SlWcRF86nf>Rh?Q>~OP_mYX9N z0$Uk2)IJeT1&yY@{>sBozn3^VUJ)*(vGM5%!u{s2%NGMD=2ixx_yoT_YPvtFB9+cf zO|O0WP&k6^!vbNBTxUQ)T!7hbTda-rOt4gSr{?lpC=(3NMSk;Vg z$l=0er>iAVBI9#3X=S9QG`rTq;MVVVSPgc;yg^+89W8jz&mPPPqDVB z6TSq`uk{At5?%y{P4sOiTMBMAp zRUa_*nm^Ff*n7ILM_Rd5Rin4_6P<7{xx?yVK!|rGu=zDbZ>|Wq?BR;PNSO>5uYAI~ zo6L~O4S}&gjL)BjiMePP5IJwX9h_JS2{O!C>%F=_c>0mXV`Sh(;nUtJ%oAM#5|RYs z*dj_(HJXm7VcfzppZPgM%2KD>B>|m(${ed0N4iyl5>9~c10G&44K)JpQiO{K*nnG+ zprcpcWzEq7I1W0Hd+K|2^1K<^Bx=@L`0`fMF<2`m;e_L~upo&bbxwqNL2osUsx-WQ zA!Q&`K)0-xqjy55TPXWlKd{SX#zL#dPiA0f_jr`TqGCdh60zA2-doVt;`rdH>aDv-d^r+T&`>fGql{k zL$y03Q3)?tEdpb(9((2v=?80#Ewc1=@loPv2fW?ZnnrKEEBO$(yt)eIth~5hc8@Y1 zfQy0eqgMk0Bw*5^l^wp)yudJC1O;Tce0g4ZeT6;6`i&O-kC*o@=~fyyuyT+ID~V&B zUAz}?6K(Q^vQfOnob{uPx{d6vkTx9ao@jsi+->8iC{i6A)5HMp2g>Yb9X)( z)~vuczvMsP!)JK7zeYmsg*lT&`55iZ(Wc*??fqr}e{lDjtqk1^?D%ozhgA54Yp=fo z1E#0I@0}?t1J{E2Wqf|R8HzxhY#WWt*x_%YAJlDg3388lFC$Y5y_^ zDt5e`jwJ9>A{-dH>J!BhRJ^+bT2^=@v^#VzDk&4@)vD93TG4YVrTW@?cIaGPl~n5f z-L&hsKVF~oO6QsEVtY-{s1k8;_8%N3Oi!U_Aobb_zRuu)Ji_GXNzdGU;IREkmN2qw zs}$6!-QVsx2W3dqPsg7mEF0IdOlgf!#pUY2)f?R$`Tn2(!JK7~yfM^$91Iv{Yqf0j>^8C3!XDi6^n(gCI%$UIv^I zEbWQ_WqA6U^M&+d2pbK#Ul;*t7EA@#YbzUn{jgxhgHwIQHT_m024Ryuz7A5Chkc9r zZAF*zH|`_tR_&;D^9j-&NRYIWrHQBFH?LEo_v7=GPr60qFOit8PrMG6a#)v&27i*x z2RGfUyFZlz_~fgU$V|y4e|k3=yN(D>FU-N@5L4-;z-Fd9MLBhF?@jeHLNxZ%+Z>V5 zMKje6r?k(3;3M0To3jq|T$HT9u3ON*cIFAruAuGSs}3q9q<-4Hv3*JSmW*NFduum1 zsx{9j`FWwUc8Z%z@`&h;WAU~@1Z}Olu?}rvH?X_MBz-o4TNSMgRe8U0iwSWR6qDm!=~WU?OZsggms-=hJ@HFBdCNM5GMF zU2>X>+Mq3A)mhWmO&o-0uzA;^pTy31zbJca2^z+B#o*Q!5(%yFBB=wr*waz9~>O8R-%nka1o)tYLwXbAxkH=%&?ycnut3 zT(2h!+E(m{b{+0cJ-0#>#0@pF`6Gs>7~J}%UGEBC;6myQxmUj$=IWU`&g?-FLg{!F z9i8l2CkIc&sJ}Wbv;P%zS*cj5t!1GgQSMoWU-(fi3tR#S>V7ikEN8)jJ_ZLxu3Qtif z-VPtlN(Vf^7eq&)I#clencmr^YAVNo~=|mN03Z7b~7~TVv4Q%_;h6XY1_ITKOtLj z=uBYuG#goVUzb>SF%qwT>^(6jNlk+GkgWgm!EJ({EERgGflJoefj(LAzEy89#A81C zT_)X(I7q^LJ4m@9mRtHANnc#0Y+Zm-nHuG+We!K01Qh@86X3mo6SjQ3 zPfKEO3yf^Y$_pB;hY9i1g$n(tEfQf5B_Pj+r%vp1`s!~;sK&8P>pS3S8pi~{RtdwO zePDwvRf1bA3No}Kc!BSkFVI&#`!lx!w2f}Y8P^NBxcw@f$S*BeVeQtGkmx3ru z7gnx2cdtOb2)5GFL8I>6lxY8>eg-$!+bAsF8yL&hSQu2-7r|TbMqu1F;uLI+7LX}O z0mOt2Iq=EFc(?aTLur1nMj#wcAI^De7gv+uix5Z~w10qK#oO_s2^ux2nYhjfs{v7J zwddmb0kTno48HizWsO_G2-ub2&5v1XK=+PG**NI2sli$|ZsNrqPn)LU0}p?`|Hc`5 zO}cUNZ{>l7mstX(;mA!1&O4dh{`=GnsHU(vF9ikZl3@TA3&aCf{|i_IuH-&0t&Yuu zbS^&R`uugYGimgM8lU5?-$kFWbsBZB(AM6>>KS6?j8cw$4>0-dhCCW28 zwx7#;b97)8QgF5_^g@Nf!$isiLu?#9kq3)$AxpJSC?4qY!yimO&jS96WyS&g2-Uru zOi9J0_)y_AOV(Q-B4!ON#&G&S&&XWHb7BI^TdSc~%QJkyKFIs$+Au>cooB}nVcS?J%5)7Hi6wfN;qw*eJ_K5Wn=|+zvj>9OFN!X&Xaih zU#Xnx6GjPux-;SJC@~{3m%k8o+>vRPy&#Labh!+&qYJp7$YA93Sm(`NXY(6tvYeQ< z;6$Sb8}}$dZUXMivEujx2-K^(x;RrUnEKec%Bg>ug%YX5nvt^>J<;Be^ZXk( zc9#1kN}KP<#{izTlrZo;DYA$GReJEw(%G8ymy?>$T(nk2^c00^8P8|gJCE;g5aQWB zY|fNL?Fz_7l;SQ`@h2>gg;x?4^1l9+J3?%yW3egxIBo*e2N>!W*xYbtH&*(Xp3s;bM8K`cTIw00kQLD!;j-RP4chmr9I7ynf5ebVIR z|2(um+W4Z1B~#GiOXqCCM^ulFI1sdSv(Wi35Z=~p_~@wPqveH?RckZ<+TU<@c0*kw zF)|~`!nJWCkS#zuhHRr6&RHY%lggloUFdEk<*>uk0`=V7$06S$9_T*3W84P-IZzHu zNICxeHd|{^2mYp13g@~ML?(MEgBGn()TE`t_QbfVlZU=O?;*i8FkyA;UGopHIZ5W3 zhxFQ%isfXFbBFAeD;Yn08!aBMN^{F$N-694IrK{MvObW^d)66VdhG?xE#yS20ILAe zVMf{T(vK~{2Mr!vp6eStV0cj4cwdJJA#RI$^LNli0^>YZErW}HXTW6KSIyq8=IU{= z8Q)eletA$%Uni=RL-y#rM$sMvTo%$pgO3T`$q2lJCth$Hq#zgYZsD!*V60`d^jlYs zD9NZ*B3A1rEtxka#(zmnW3h{^xN;h8pgy0)20Ks|6|fpa~=aA@R=^t*ut}4ON!= zZz{-FDlEd-^#!*4^`59Z6R&PUP$59t5nz(4nyJT;_;_28kf(KjK&d16Vli>2*G8F^ z>kUQBRaa8!O=Bh7Wo?zf&%&; zLKfy=%eWB%O+lk+d6T`{sG|d=-2E|XH*)=U1^^;F9yWs^CVw_yht>8s2midh_ps*e zBH=%Ev1GuMe_Xa2AeIe8wv91kewPu8{@a<;tqzgAsQM`8R0@;GlK~}{T{uW>b-y| zvemn>b8XQJB53H<(`2PD;rd~V1cRQ9S%Z>$X^uC%`~I1j(D?ue$dV-wC(s1od?Cc| zyPtuZ1^UKd0$^Y+eWGQx?lzZwd2~74TSf=~#$P71kiL=&;ncy<h9YpAxK zF7TbM$%76-*aKWQIFgprIPN!x{_q8#qrPj@-nNNTQEU zH2Z6SV}RIWl7WtWeemcaZVT}1wxyF+kz|mD`N-2f3P$uEC@6{g^(%~Fc)=*hyMN1x z3?@|IB8JhMB!r8Y!!}YZ`5L|UHiQYH0sy{YD1 zwP@xu{Eqk$D{m(T*YE%Q5_lB~oQs|n9WnUe6R?8kQx1{mttD3;fEA3E*$xY)7S*|s z?x)OJl7Uq60^XWpGY>GLXM@pm)|o#J#vy43DmQPRxp<#SrOzy$4fblH)O@=%g)W@A zKNnXMY5aa(j_VZ10kaca8O)Zd#}`x79h40h{U9B z?mF+e%wwdpuAt}J7?-}+0>;e5n%}VA)e6UI#^pT1NkAu}x>B9H)b~iB8JkM^d;?Unvbl))swRA})n{69ggJEih1A;fhx6`{n)8i~7qQWcX_58e9+Q z>4XSJv>$4C(#6XTiMu=gsp~&i(q~*GTf@P`^zxQ|&$bR1d&s7Esp-2La~O52WoK`O_e(#?|K zw8s~XvREPQgM-hF0=L`0%C6l7tLGIA%x4m@m80LQ#m@QUV(1+nUo%iQry zEy;Cm7`XtX&Bn!=uZwvNTVj0e&nOS)f71V}SfipptlQKEjcSGEE-$1PZcD;$otu}8 zJkT%rl*y3L4GbcgXp|N{r8=35M#0$3V}VKdANvrF^>@ zZ1MEr<4i-FbBA#ba>1GMP<94NmqL>nY~63oL0x`7_x`eVd3NqdsGl}B`Yk`yxar9X zo>jR%P(CbE)EHcDfBJBMrVg8O{tP_k0RhpFE9PRL32@s&qrXKypQquMnBaM`wo#$a zQuK1OZ=9%8B1^znP7gX@_$IW_5tdq5(J&Kn3Q=F;tH z_BLNvJY3y*{4YmR6~V1AS0K!nZuEQsZ>rKe{hwMQ-3-7$*mhh|I7|o%(Z8b2>Y@EU zlEw|>z+jQ|d+tClBt+lTI)o_L;?Ux!T>}qc(CZRmM2sYME@Dt9fuX7K0l^UieZNt^ zlHO4JJ?h6k7~(QWhoQa=N*Kb>lME{T6h$4W4i|48LiEMIPr&I1BwPqWa1#BLp@TdC zQSnh!|9Ov0AOT(hTwk33RnCy)NTk2bmhKAL_dklDZuF3NT@WJQ3P-SXqKSzrRQ9^I z=dJ|rHsoe#HSOf7l0t;nK4ZBhU||llW=kD7!nI&Wi={a0D7D&~I+ggbLmld!N{f=8$L@sfmAb)zM z-{EzMQumkt-jO_|cZ*dBoq7u#)&#mN;O=uV$b=3uAdL_I@#gLadmDk8i}_z%zF@O+ zA_3C?m^0vDj&9W5k;pVmUKz?Xe0$na`~b3{dPqmH*PJQWzx=p*?%=3_5=6WbFTR57 zMh6t*nmdj!1R(-1FhF|QmWMd}q)jO2b&(J~A{Q!n?;N}nv|zbo zLrRvnuMR_BhC$X}b*`Rn=6BWde~}`q9SwdJlITnb^}@t(asNQi_G~DT`d|zCZpAqX zVY%A^x4@txnR6WV`pNwAZrAR&hPN(TaEUtqh<{5lg#M4ytzU8%;60^>$en;GDDV_@ zI9B>sVuq(NzbCz0)9a>gQ|#d5)t@7$iIi`7o-PD~4xa4lM$vKr$!wgfQbsmM-xFD-MuytUr10NbMA!RFE-<@`91k-FE2|9 z)MFqsolTdok6&`R*ffLAFy4XS+28lyRMq)N#W^gPes+q%@!D(_`lo&`-3%}aD&mq8 z9o!azlM^%@9uS<&3V=e0L{ji50VTbgXa{3m)LiVp$iS}E2+yz7g9P!7(nh%DzslgL zU&{yjrlog-l@mGx3!uiE0-V_l5wtwvgnW5$%am{Gbm0KUYo0C$aq(|IZz((gZW9>D z1;e`m(FbmAdT>C?8M^V;-7D!X?sbhF9VC584RQA8F~@;ZBRQi8G2wDrICr#M`EueMHT?gE zF+oDKF;K66!VYE3W%YA*`1?872$vFQD)X_Nou~Nz{b>aZ_mlTW#lv>IHK36@pZ}ypI#7^T+$Hu9kop^yZ%!6!`Z! z7VZceUj8K~Znehu*KL3|ngDhct8&p34ue46%T+(KigQS10xiVNl75dd0!}ELddZKx z55m6mkXB4onu}5!We48)vCf5&#G%J-NMFXoeFMcTW}&A}zW-Xl$m(6yXjWFU|GjjohGFb?cJlY#_ z!wl~ms0aHi$n_FD#tWUD#7BWe3}<%@-b`3cEmoKGe48=d^w%VSqlU#qeVENtcDW@u zm+5qi(^W}@!A@0D^{gy6x`ADJT6m@X1`x2$-6iQCUKFuM)5tkol@C{W6$9mDvYx?) zeu&CSoU-4K_2`V~&EUFEX1_QN(xe=u-HJv|+44vse)Zr;$NpcL0}=AzdR-xJ)uN}r z@pIHEBUkpxwK@0UR#^d$VvLmO4f2*h_oo$ub2aWdm@y2nv+$=QJ#XH8qsZ)WlPdW? z1~d&l^%3J9jrL545OIPKH5~cNnfE+JgTr9Z`FMR6KMt9rkqq((!P)%!E)ME-ASKh1 zlvVTJK3=Iy!n+=wxNt3A8)^_w^MY0{Y zr<6Xt{>6S*rvZ|K@LC=vjm28ogHhW#AI{4^Wtyw-E<4>C!WX%1EitYA@zFlWii^##+!zg`xkdo&5PX8m@*J_lN}*!J*LLV^c_(H41@=68pYNhu)3 ze@0waHPL1N`{&c?WU~0rgoceOkny(2uHBD-AF+0b`wTtYyk-%5!qoAw;QH-+`!;7= zt;A4|XN_J={nuazK>>*T6P=PGD^-Kwoa85a$=PejjrNNZWm0ss-fJc#6Ll`kUX4#^ z2EEbtB%Dy`6=xmh5l&7@Z93FHRUx^2HMsoFmQDUKr%^DeVu0wu!r< zoAt#Jm`0FZ?^4ohH!dEx8r?mwsr=tuH|WVAx%aXzcy1H4RF{=GJF~u=?j-ar*_izk zTb}FF3gsci%-#JP97I=NN+CjhCm+hL+4*E<%pWL=xlY!%*-k~%+8|B&guLjj1c#@6EI zcIFx;Pv76MMXJjt)@2+=D>{z}(R^UWRZXL6sM<{L_};N@1Rietn*blFR7AOGM~1t{ z_}gCIj%%Y0)4AB+KlB4jidK zm%@Fev3M-Lh;5cXN_Db6cy%n@Vm;T^aI=^g#R>3TLwN9LHMi_qyhh0K7vEIwpewBU zy!@~H@`lsiA7m`!(Q8Asu{F6Yh;I+)9%1G-AIWn6ZKQ9WUJgR9xca*m>wCxKs}~SMujj93h)`?{H~icMe#&UNVT#ewoPIa0y?q zdmt~?E}x^p4fcYnv) zCMw?nA0P5|s9y;7^L4XL!s?)4_ASCNGhG*-I+%hI*xU)?tzRqq1HyiE#~y!N`k$8( z<scog75V;jtFV27Btrk&H$+ZzEt%H>%)i zHjX&{ce#Uk#><#knZU#!9OW$kv4WlZe^Lt8Nf{OZe`IC%5+95YxfZrapMKkv zevkJrm#Vcx$N#yTyl!I2@+dkN`%qVcM7b!Gd_uC*C{N$BF!47D2xRMnSo=IeQ^cO z=7cLXVl6`?s{MhOEh5wJO_l~FfegD8Ck;*uPGQzQU!$Xy(reFREM;fp>YL#A>#ixIc1q8ebbJ}m`Y#I8r@18Y1$)m^d6FIWEcF| zY(4hq>%QXPtTcn2ZQC^!R_2z|;58F6zKaCRN;U0Y6nqHe?OvXtqVm~5Vhu6e+~-zK zXPrZ=nqhyfSJOFhdn&b?Q|A9l4P~cfVU<1m{CTg`Jq zLw?ln()@0OjPy9b7^pAGx47=xj9jlLUjJ!&o{o&jFFa_krll z);C)wcbA#>6nVXGtvUjP*1NM$erhYE=_##B@S~W8!^ivT*C(b-1Iwx*|cldU#n0-0VAOvl|UP(mYOS#muQ=6Yu{i?}t4rlf8d{jfPigGPWxYIHtmGY#~ zCCuFRhT|Ubi|w3_#8;k_SUqEpoZ`dWiI>MM3QQy#z_keD9vkZZRBwEKKh;F1Qah{R zbNWd5OtMjSW*yL|K51#{%hu`%^6?&-f1)T zohkMxTMuXQ6DI$l`;{NQq<)SXSY<&~e6btnli)?vEQ+5wc1%CVOhzO-J4<9ta%PCx ztV{2Q`o5XkJ1G_nkJ`k2Z*AJV=J2_9&Q`2@hSM%=uA(vbiS04AHR!}N!ubW+k#7Y_ zLxV}htVt}hc7!lL>vpH|^JOkCjzTPk^lCAV!){d}X#X-jAxSt~J!|o<*1KbhLTeSk zTmXI-smnGU#cyn<3QJh})p31)?fC5UX*A(!@*f9^$D}u9-+rd}Vqi;k zSdM?UStNpeFQ325cZ;rq5}U~xH5VMTc=q!r(ddpkJHv|8>-++uE4TaRg^Z=AfKl(y z?pMNd4XQO93`Cgu9x{@)bY3K_5PMWT@@NpmUfc%RpP(;;K(P zgS_|Zd!0*m*6y0aRf@uhajecY_xrcs+}eoox;Nk+ZMStdKEXH3Yx#a2eF8ekZOHJs zU-1MTd^G;WLw?F1;=#XA2mP}@Z1-QgQv6JPeABoxkV4>_5cNAk!XjT)qKwZNj&RjG zn&yl5^2=C?2^K%vlE8ea15^Ai2Nq){<~}WNyYz~R;6VF(HZ9@1wzMHBY*Uo`nq-$d z&ZlpPKb_%w84R7ps45xPQFw6(|Jwa#weKxajAVR$z)}Z-CuIzsfm`}%t${5`!>rcv z6U-Wr+x_4I$MM*`=3zO@o!C=~PD)oU;Z?pq*mL(caY=?XbE1MT`O7`V`xo?KzH*V5 z8XBGJ(MM<{%&^OjKJ~y+?Q$f#@w(npr1YnbFRUnOrOWRL2>Pg>zq$kGf=lFQztT-& z@v_bD7xVSJWW6QxQj>7WSnCs?j!=o3;wsIRd8Iy`MxOp`lohn!w7#<>5&>Z>kUq-T$U)Nk-2E+2p|`aB7~KUA;|5bQ1#dkgE^5p?|Mr2$nm1`G`1B9AUA_ zj?ga!^?cJ>I#TI^RK4 zAAIHyCVkroIn1~!#$(9BBc;@h7~@U8^XOS_|Gh`z=cXKBCK5K)ibv}E2w}>pB3!2Xs~oxbkjR_lv3@@ z)C^B0_u4U)q> z5y=7USx@vC-s!A=7oT7PwuH1@UIO%Z$?ZzebN}R&BBsUEJ{?>pA7lZudmlHeaGawt z!V@=sK74$?=QPX&JT7(4{ixPf5 zqO4>NrjT^wZN6$~W~4p#7(8M|ul?Hl7lRWsJ@8#OH1gmGj#92=zsmpE5$EYTf=(pu z?dr?#x-ojiy?mhvSu7`g)BB4YvtAYxh8C+EY2requbC6dC6D7}L`o*KuKDFIw)?#+ zeC2=GAT4QgjmFj4?!GYa6(RAdM_yV|mKwdj7(d>4nj#3SItblcIC@u z_}282F8->*6n$nv@ln6MM3k;QD_4HTi+n6Jp3|c)|G2ggI2dNQAwJcsWa_O)MT_fL z6XH9dCzM5*L5fe+5?(mOp^&;{%owus_kz2277U~^Ps;CZ&d_O#0N9`3O6%h>J(H?-?A+@SL=4BY-WBCK8g2dVSp|HjQ&nn%ar`fZzsRAIJWn z2rkMGg5n<6<3PBAdU3I@#QzD1Bgt)C%OA6^c#)fh>NL)x0w2Ho@O`Yn@zHd zzrln%sCFsHHqZJrD|k7qYpL+}@p|0Jzfw||3K*OXKkEMV@bNlN=lnuXCrNgG6_whn z4hx-fqI7iq_306OSsS4h|1qZRv9Bx7iCOGIBz$+kGu&NyYjj_Js!AZmc4O)#;8~~6 z4&TnUmt_gx)?d3E(DIYGWkVbpZ#*K?K{41EwK$CHl2F1HrjEcp?g?+32q3)_RZge)16mg8u|l?9>Rkg1JT^}XE} z2epMhHxu)~vj-Y`W;2+0jc$KCud|1G^|H*y@~Z#ku`J`CRS6pksjt1s)XJ(?=oOtj z^ef4UR^?<%-qg;HJ=ACp=0NL3jn$NYie&QX$7<$A#s7ZV;+|pp^i{5hw6&BX?$)Pf zhK$Y=3!SwNXSMBj(-{tEjAWbe#>+fcD%K|C`_{%WVLRrxItG1TNf|qFsFeEYYOE>l!FM~8n0DM$OO^<| z)`~7PTl*0dE+{}liD9iwrju)MFXy@@#(@CEPPo>d>klEF9vDm9zM1)0Cba2&4?Lg5 zr`8S^x=)RgZErQ3`8*>BJGn-bY2R1z(zbl;j#=(P-&glp3OC~i_HZ|1E`jVg$wTQ9 zf6jT6GFogdJa>6MT6#M)U@}<&u>A_)mO(>jyJs1=!hVol9K2~J)GWvk=wINvBzl4* zF&P)DOSUOS@ekq#hoQ$UV=E7-!8^bPsY-`&3)?tKtbvg=+1c?ZSu;h9mS(puBA-Lq z0o7=x)(u@DAw)`4<$%{roMMm{1Ee^34i%IJe~=z}O^Qk5>3XxzbESX~Zz5zK@}d^9L1>g+HlDqqX# z$uJJ+iXJGl8Y>;PQRQSRJ&4zf5y~BsYc@9Ry3ON@Na4w{L%i-tMr;5W_QEOfV z*Vq7cJ7H&ut<-*{ofogUbHL6tO2(L&_`X<#p<2QKXFgIwZPp`G(uAYhomZg5Qdu!L zmORaiHkqojxpP%*IKyG)2VH6V`Y^5(`PDByEnn0MgiuQY0=FnJ@BNg<>ZOO#4m|EH zS|bS)KOFaddQRDitKdp@v!00v&%9f12bpkwbndX5{+erfuvCoWmmEN_hcj9~r91p) z^(wLQ9&S0LkK-QeTn@_@T^%w_mgrzI;1nB;nrFBfA^jo=nK|PC9H21&_?1KTuk~z` zT8>gE!{jDhRH?~7KsBsLbU7kidN*w$w((x9TB-iNc&r<9%A4o+#qB@$l=;`v4B_)+&L=3~@|GBzjLu z!wfRSyuWIiw(Mjmj;Bo@FjBTO0@O8MlW;nfq`1g=p zaD&usS%+rzHN%nX5$Eg6{gQsxDII5C053jiLtM{LrQY*-TVU|29HxF73FeIKrci=Pv%{74XBffPiAobE)nH8=n>i8$akb#Bzs^|K#ao2T4!b6+la``%kBb3c0f%gvaCY3wQ?^h{OO26N+ zvY3;^PTNspr?a0y!HA7zpj`VwUQ!;3G%{Z7^~OU1@$gjVXJU;Y9K^v#y5$E&gd|nh zK8HMf=Slg)kdW>b`lZRFJFA+ZsmWx|^395w+F)8A@lJE;LcqCQLx0fuRd<;gQDRs2 zEtmNTha~7dFQ~Mu$20J2X_>9;fKC9k*=Oh1x@4w4E)VMGc)l#AZ-y3U7ta1feQ4BOfq618_qiz^QI&H{B6~od+BAMk_yyaJexu!%gYhVO5t9k& zX9k2+27x!a#+zSi@|ZT;+z<)RiT9~=4H>7Um5dqzJRV-AXkIMJ=OqQw933(sX{f-i z26FB@TacSIc{GhJ-Y0=IVkXa?L)ZqBZfmFZSJBJcY+RdPX{}vQkxeops@V)vW>6|Szw5Cz?TQI zls`@paG+%7(BmE{9LmBN#r6olsXkpqj@5a6W0bji1PYC$2zt+oPm5TI*lRNKUP~p^ zK4(i6oc~Y|Cc2eO?s}ovLo_+pb#2OJqcEq? z#v{nyJ^tKG_cq`8-GTDKuMtwBZ6AQ$*t80#vxZ7aIg54Y4+p>}$fJV%21XN4YPY|P zC2!wQKWA?y*KDXx3l8XerS^X5Yd`6;hvxz;eM_!@^UZQc22|Ctr42Fc92dWpo-{KY zm(8eI-iJ=c4>m$jR520?)HrSQM&047Y(PBsK;%tAnizJ>aJWb$GCI^FpIuZ5w<$>;t>l1GIVQFo z1g;eg|G}a$?snUwgZ{dAAPsg1iPHk)o~v4HU{V5&cK)zIc?GPp|262VK*=nB?kkEc z?cF}yPJC4Wb3l~LS%ZMl|C_`$Q>hGo@dOUgxYP$9;`!I6B%$#_LGgA!&U z?T$G^kVbh2z8k+M6@^9?lcjMjhjYM_4xYS8V2%Z^m$MtEGFLZ78L;gJ4Wpl+Yd+Gn z3xl2TOKrU!eP`uf#2tqZANNbqP2ocX=Co7hZ1EG(8?I3*_l5H~cZqFolAQfbP5=_k zzJ~3>%$G3w6^Ug&JHR{e`!jo!5C~G?hqrD!%$IO(y!&=^3B+&NcW1$VDvWdU&ky5D z)KYg?P1$JwvOyn04;pNF5wb3n<}!%aN^P5il-TrWWR4ZvV-23ToXQf_4ND4#l*zH zAK#wf`7}gYln8fduyLv4ii6Z?O8k+Axd{F)WNan;uJ#g*+*1!nWue1|L768Z&Sbz! zL2GA0r2QfzWxrOdOGUsZqsxHEL7Bm@nnjhv99AIsGQv#S!fLvoV+CP+6%S&|)!WpW z;iI0(4Af9q4_4rs1=1Wt;7_r)>?jVJ%sd>F5}YDv1YIELBT<(i9X3O(gn;wqd^(yU zz#L8ylCy)wXLNJGU1oJ*B~7)C=cVhc|CB=RfB|ff{}BYU2O8>6>KV%e2~HQU%0TBF zR%C#y(j>K9rf(&1(d83G>rs=a31g_R>K*jU;S@_~;GkT)(RpkQVo%UzI0gmEO6uS| zU&5&6o4+*+OxlR)dBV-?!_zM5VBuDg;@1)Em^?NFPdM1n6e;*9KT4@hJp}FXu(bsO z^jSS3kQLouOub9z=6rqR3JP|>s)%U=Vj4t`$K`MV%reg^#tqdg% z-q1latX)+ddlfx0dyMD7%n+>)gH;;iYR_KCX`v2V`MAL=P>`!j`~8|E^j)V2X#nBj zbL4nwN1aqw&hhJ0(FgIX*`_%487L|{;u;*<)rB#!nJ<#RtfR-{4;1@#q=6PP*a141 z6)Y7^spHV&JyMZNW%Ux0^x(M^akL-eaxEfx!;uEe2wj+l4+>U6@|$^VP$a236kXF- z({US^RJPR`ddQ8tFsW&F6!Und`VFsp-p|gH<9i)5K|>|%K<|)cg_5yEdpR^p!`_5c z5kvf#{H*x%Adu`klxhh-3Doy}xM;gS(<^{ahh?Qn!Lc(rLp+p4s<4fz)`(bo5v8$x z39oIQ3XUM+jYNJbxyvtQnA>MGqvn7kR=bOlf+KV?s88wXKw~m}wQF-U;kMuG| zscBz;IVST(cta;Ji0-Vo0d9IqG*i&-i;p$$i}gPBd~H`&RMQW>kV0?Q?IpYXg&YAHL)5u|LJL0w2B;Ni(f%DZBUF_1 zaf3SgfBcM>s2h$DMTAGpd&DIn2dN|dL_+z6lv>sAVumAWSovhEdA zV7opbA)e(+d1s*VdfKvu&1D|6fip5O>2)g;sY(4UCmtDPxD^MS7Cw4qjJg`n$SPnD zO3+PWoS7ZUiIL+6RicBK&uiv$VO;oA*+2zOU*cK1aCaR|T{87fIq3H+zJT68&{D!`nS>ot!l`fS7;uR`XTGnc%}*s7 zdd8_pv7^c_@nSm_nd5NO{KGy^IpHrqk_f4sEdIF*prcy-?&|r#E3&Cy9m)w1!9ikY zUvR8)7Ly$qM(a=@^4SHsUD`aXj5?|k1ilXAlof05i6*0R58=1mmQpfpb5(Df zxJx7;sm z5P+|ca$hc0#H@1YR5D&D{fR^?9P;9)TWUVN z5bX3G$p(d8XSXMyVU#UnB_m>@e82*oP&4PbsK&AYIJ zL^YfXcXy%NpyBvwa$Ec)q$nrI*2S$7YQx+)}C4m1$gFOO2lp@vW5Aa;nCPgB}r}*qU?+ zjtIpJht3O2=&|+ugaSm6Y zY<~P{5U4gqtg~_V|9-LlbA%;Qn`Zlhfn_6eA>&cPqY&K*% z|2Ft?eDBfrO+%X1+=pq1<$ogc2=yH*{aW6E;v7^We_|12AO0!-SZvsHo435W2slcq zf&MyTXX-H`{~CfPD&+SyDl@(q!}ofzb;`zfrxCa4#@=+jx1HBJlGvM^IBq1-{W|Tk z|0-EUC_ka#qYt>dmQ+6}qeFW6@H!<4FG|0Is*HC~ze6y5MV*5mR#wh!80|UVtaFl> zU#f~6p}SV<&=&E`fNGSHtTYETpU6`o>#YUCI&E9Wn@8bj-`PX?B#+Wgs1JyN1h!P+|C&{|Ol!`-w&7o(@OxPZtKL*`^qBq|?uKJAo z5eM{Q?Gjtbq}8=&pbX)pvS3?hu{pK9>d1FFr>FEk2=YP+v&x#)0{o`bly8(@(+r+; z`}!!&j)STpEkHu==@ouPl7Re8U_pq4dkuN*svEC=uN-DZu{^NQ&yCj(+~U% z=I@IHARFhJ@X8%Ztr;Bqs!WTOk^P_ljKD?FGB!dRqVlJCzIy!%5f`}zaph{rILvda z?75ns)Lf>My2aXG-VUt}EWPT>2mOfTiCFG0>jOKYNF$t9D0<{(KS-}m1&6@yxK^8b zj+*j`KBu7NmLFjnDFLyc2LR*d2(l_D(H%#1hR^zwO8B^JK-Hn0 zmyk&%gI+2)dRK!%ibyAsBt}-g%|vEv{wXSi(z~Qh>%^e4GEvMmArXOJZ&*-MvXyv7 zVF5*+gNu>ldH{Ebfk8mVI#|Kkdxpp_43HhsXO8a#7wEAiYeIavFF&3iri4oPPa#f$ z2oMsDnu+Xr>wE3#v8dIACj`7qwA1O+;cI0&{2yi%l5H>p{~(S7S2nKDRhkB<2bQr| z#fk`i5xDh~HLR3snb*}I$1E|yV9+2bZghN{^WfvHs)V^8qA={6PvYfNmDfp9Vq&-T ziLZMKY_}x7_X%P4jOJU>2#K8ANjagaibx_ZT*1~!&7C7JjCr@-8N*Vcf8$?zTX`NjCwFC81XLLd z9b*B~ZVN)xw$A4vNQ#B&Yy)XAwf)VZ zX~RwHGJIwWQiD5EKtHh&icRNT86NSfh`-oI5{s2%6m%R8OgxL^FgL1gxLc;t+yJ*X z>tl@*m5uJw&dVI*u(I*pOCRy;9Lp{|o31;NrkvDK%IZ(|I+d2FU>PeW^*+I~&|1B5 zz@N3cY46poBUAN9soJ`Ory@^z6M(+595jaV?ex-n)_dpFpUWtze{Vdkp^7~x$hxR zAC3VoxQqTkyKVeF(`PVneyxD74m0#WpSmOG)8JLcNW)j4pHGRvZG3#_#W@=cc5HNjbNV&nwxWlq>5VjL%h}rnIiS zaAx;QmrVO<=rnP;ZM{358=LAAPbbb#3=ZF}4#V~CJSH6V|JX0UMIY(^KZUitk-abMS5<9uK)iO?1-|`U5xF{p*ESkDltKKs640 zf`)*9<`^^+Q4m(mbgAjiP5D_8e_;A5wPJv zi9R2R(xDhV6rcNDZjFweKQV0^EA!^?Zy6je68b$KX;Iv0eyTg&1tmhrLx8LT zJj5Dy5D7S~fM6cAUh)JP^#aHa@Y)Hon1e@z!=RDhnoQusOfJ5~W*BcH_FmEL3-_3G zoqMMcyqeC@oT;h;OXV$ht*bclg|b74^I1VfsWt=0#n? zXadWD#TjlgMt#?ebrTv>d3~j#hHpGF!Ewc(4T>X_N=nv1A!tTX|2 z>}S&=&o3nm+x+Li%tWneD!fZ`eDt@wa|O@pb|Cpoy2gmlr^;VUdij&DSHHky+`oLL z0d_SK=^c7j*WOmmK~>+VkfYQ|?7R_&h30o;Ys1}A#|+6ZjfIA~%YEM@lNw92ETXU& zbxYm5@Qf>?YWE+p357TFjpw|dUV0XZ&VBghAx)-($4{3AUy56ehC#0A)74x0g!-fP z0j4MeQbTWplmo#}D{+`X8J1=A9#*}r^V+l2%FU9wU}nPl_1r0*X_P$wgd8JDE)GzMOxg9teEngN!~jY-@;IM|6|j z*B3Fjkr@#iq>b#kR@*q%wZ4vJeK=)pe(AeS#tH+|FBw0}y)Y;$b$r!3TvAU8Ih$b?vpp4BaKV9!)#m(GhtkB%RfmyXxHPm}m8rzI4 z^V(RPc+X+dUYEpd5xr!5pFb-0J9ABpec}KR_ihtegWae6K>(!z6>gGm-htGN6N^3q zZIUDbY!APJ2y2?{pocQ!My`!Jka|hSab804q(A=7-?&Ksh|~ll6x< zT%XHy*cFH5?7|}@7tyK2#6LLmCjuGaI@uC0lu=#gD|jkKk1|M7ZpnE*Z;3ST>-^wP zSrdcRy0RYdY(lWFFg32);hBvAp){Xo-~QU}|_zLw{(2S&8(% zrj%j-X3o@z%e&4n*qu#-D`j_!-dxE4h}`FWQc2$kH{Bb-F_0~<&{mfF+c349oyS%^ zPjtO7)+V0hy=q?eOV7F{^iLl)um&^4-y$3C-rCkc14m%yf{w-&dN~XC%Wc=?w~Pb-LRt8*Eyy2%f|WNWRYIEm0xA* z%EjFv@;H zuEHn4>zx0(63o|VOVC}dx)<^Un<}W{$(-&r6&P5|N2J zf;`{jus+>P3ag!Q7HE&yN(W|c0xH zvA-?3nTOp|M%%5s`gm;@#19a4fwUKWM^IB~{&gzmMrf&VJ72dvVt4QWz59?E*VJ!q zE#q2lsk9l~!*^@N9pYcCL}exvA%o z{@(bwAgft{N*sEuS4>@56!{t%JT^jJ+P1+25U419A8*XKpaWxT17r%`* zP>7CZ$=a|wpbdUm4U6u8%G?Ix@xr9x&MhmV55Q$>o!jxrxm9jmL;^LK(!G(zsz6~d;V3vO&B+%o2=vW zF!-N39{2>%$CheEANmY#EI8%9uO9jr_7&Lf7(I({7ZKyIw#jgcKO(za>gg&Y3%AKP zkTB0bji4{dwKO6NW-w_VI@2@xT|j&FcE0xRBQE%E;_l&*EixfseMK_TsLi~dEbB|D z^-#Zutz1d8j!{AhmiE;li`Vngq>_a>{qR=?B%VSeKY7c_uY(7DOvDEflh!?m70%o% zzWRY3_1?{W%r$!R51qqD{7y|i*R2SLxDKoz6t=$ay zJfxR1Dviq_CvtIN(x!t1<@a8BgWaDy=&%a!a+hkz=d(r}(^h5^ylb30YKbZPAJ=SJ z_jo4O@$B(7@}!h_O1$tBkx}0Fu&2a&ybSfnKamymL^9um(@u*|6*$mUqRmKQr4OJH z6-zegjKNH`4+P3f%O+a(>Vqg^CWW$YlQz96bmi{ccKiKYN`wkz}uP(rwXnZcoZu+k7y$GP6wx%ydU^Y z3vd|g1jD9?tgh9M7}h?^=QH*!86psxsY<2&sX1bo$!1B55n(b2H>@!uMP43LYHQfl ziz%O^`rizVcmzbshNTi3o|Z&SzKTQ8e1j$~0Fkm}fL8vFEoW&*t4TPfWy^CY@ShAN zT@5hU1Cz10!=l`Z?--zVEN-4reDVVLDA25xx}x2kzi-leoJ^+332jo~)2JZXIjSP9 zZUjw*?U9~AH$v>)3g`<8K&rS$qLF%vtGUXGPIHmtHl$BSE`yu)Kbpj5zV2-$ud=pz zYdo}0W8v))U*RF`so4kmK&UTc@b@KT8@Nh1$s8A8UwD> zHkp!eP*9D;3s6u!+JUMd(FWs9yI^OuwcmL(5v}8G5qKpM-Spui?0{PZ7cl$*hBbUB zyqf6oEX-icR(4aSByygWs)!%yC}|4b?ywag!gLxwdYjZAiuR`nLV)pCF@i@$UUv0p zrgv~pCPn^$Qh9yGNJ)(6%nqw4Tom=JoLhXjV* zY;N$D-Sc&>7mOE|{wbfwwfmvM&iV1kA(6<((Q^mGHe6e$$p=*wSLIGw-GFoh@mOf( z_xMr1sfw$AYuD651Pd2{sy_#rmP^=Kt=TmC|8S1!&jshr=%>uJ_kXUs`-t63`$qr) z(^NY&HM=irn(nc}cTw?Z|JSifn1s_;&yRK?%NG)o`jZdM3LQ3?7A4XUcjo;MIFCv_ z-wtXJ-4rmU5Oqe6hrrrAA@>2L0-#D%{O(c9QNv}X)TZnHcDaV{Z>nT~Tx7Y&cxY~| zYXfuS*+<@xxKWF*0E$9Cs&ZlD9^clS4a(co|GIXcC*7a)nlELMEbx3j3wdp{U<|R( zBVT&|{tpAPG^Z@_6C4;mIm3qT<_i+YLBStk`rygEli&sP_|xCEc^&GS{JI|JPE@Ij8(0Ek1~!;S6K<`1 z9$V^?=>qLFzcov@e`kzO3-iCJXLS~udbW+De@5ZSg7W{7^ECmF|3H5>p~e0L8H(}5 zb#)=$)-(75*Cdp|W-^R~T|x8EVYB943Vo|YC!(o2LCqO-+8`p3uu3?}fNy>hci^VT z50Fsy9Td_wqQVOSE!!trpZj&L`nUAyKNtx#1W5uuMT}9~xf#|kJ$A}Y%uzltm5=7S zYOi@Oo9tot<(7UEfsvZ5*U!XBA)^+lLeh96=+xq1zn#_10|qqRfFc2vwS$73@n(&2 z(D>EvK63Nc$DW*nYTbV&JYAf+I!a9wV+-b_U2Z-KEf z$rJjo7a-$hpMy4@`74R8(}Q}nw1fwb%|$wdgbW4`gQfToZwFHV@8lf2#NHm4XAE(L z2ciUgN>0f5Q^ueRj`)QILj7GF-QSECN(TJVU6;~(<}c_sW^`Th1AqBjVrDfq8CTMz!26>)lIrc6!643&l&BnO=|EVCCODAmZB91?JDuruBG=9J4- z^_Tns-BA~(e1>=cL|K>xot%l&z zFI;B#2}MBai3MhY;_zgaVeh2f?pOs_>ZDwv_Y$xa1*Bda4|-g!Ie%`za0v<8TK{QY zTZOc(gDgO5Iz}@@o{NErjeDL>gLrBHSc5uj^7_>m$Lg1I-U7x@pu<4-r(EumJasf!pE(FSnG65MTu{aT2+P?HIu}&+%Srz?<#Gq?cb6T{qxNrcg#m8 z{<7ROzg@%Me0g2GnTH&bBfmgf7)P!%2ru#68Qs~QY-YsI7~(}Yza&tS!wlOe`>d7t zXQpX--OC5PKmm%tMlph-S~S2$fp{AYc$}>vKQ~IZ0(8$;)qfcVbYmj;<%TsYiiTS; z4nk|)*~xqOqW32v%th>4{Y_k-DW`mmK>HJS-4)$Gqm2a6M})jq)pFq`ODPuhHcUr} zbteCiMPMRu)gjC`K;NW6sGwB&P|byQDk~Ap6#xJD6IbCo$9DUl`tc2Sb+az~&qBT) zrO1X71C=PH9MHiG^_I2b7leIlwXJX{OZGtTAwfoJ!|gxp74J!o{HU0#;p1T9YVghB z=l!g+SMb$nfEDE6z9g7bvyxOpwR1Y>uea;BK}1Qtk~=2@4UsMy&)o(z=MW8r;Lm`| zFkQ;482-YKa{E7yVmL5E80c@u249+w43|>(QD56WX~$Nm2~l zwiJZ4)BuQ^KNZtOJwp#(6zoDOoZtNQhZsTFHCqaG8wiEFXxF`3&VjYWS4U-j&>FLL zKYR*i)=o?v(|N$JXNHuhjQ4QSPIiwwdrXO)!@FJzV?qn^fA3nbLo9 z7YGMHTT900s?$^b4b{qrlJ~GaN!3O#_n09JXj~A7L?Lhy8z^Jl|9aJdma?d#AN}pg zs|t+%-;HmC1or7puMw?pjgAJs!ctMwT_5%TG>@o5r|oZTY|_~ayZsmo6oqsO?8s}|6P*FUe|joe$*B#>S$Js zw(u-rFQh^?g?#Te#qHSY`=Y;h`+eB4{bQl*P2ZPa4$ZmyG&Y|2JXIRR^d1Sfj-2rp z_N4w3sf2?duAU1BF=k?PR#L4#oj_t@u6S)uw zInze!+%w3T@O(}_8Xa|22}iDGEPIBe^Kdre3v|tSI)nheUXza+vX!27cm^VP{o~T| z@f!go_e6Ltb608#zq7tcZCL9jiG4(o+$#9La{NPRScNr*g z{u551R`D`Z-6dG>-JM(4jrR5{%xe}&U?u{z7<|w3Jt#{u>x7Hq*ij^$J%wLSlcf7! zyXp&8nFVQQ{*`8g8AETPY<=(9p7XEg`hzR@rL6YB_~=eP;UP6w4#&nS=c}9k#w{H*NjYZR5CuVJ zJPUXasN-?_lv&rKGt%nP%EzmEkNdBJX3c9*tflyQnnzUpHnrp*&hzI0{tu6s7j7f& zrCc|f>J_^a7{yTJzhhWFy7d@cMneJp`XJE20Ag+V$}L?-WOxV->`yZ4iQlvae=*5= zBfhAG|5LTa2mdQfpB{gc&U0v4obMkN_&x&Fwu6ZwiymK;K}!-nT}feXc}QxLbn)N5 zkiP(#HQTpVm~yLbj@ZHC$XV*Qw;b+DI&2pr?}WhtM?QBVX?3>8EY83A;naL`QR^a> zii8i25K&X(FAm3-q*|k)NCk2~Esz5i513YaNFOx_sr+Z-{<0q7*A~AQq8;}*DgHff z$D@E#kewUgdeGg`o?xbn!Jp8-lnMB_f09gHmfim60H&6@Xq+bA&bhW|W>C1* zrd31zAP1e8fQw5-*2JAAv6H1z#C*lK#5O_1*%hwRAcg4UJ zSzcldUt8z~J;t=_2;Z~H6jCcWJ&5Ogg)yl|3rOBk4vC{=_5aXvK^(Y`Y%a9t&27sH zF<*sqN{*71R%a-&=SaZB6B48*<9g!G6ME^lG;21HxakXjSzx(H?=T5ir_TmFn#or(!($;F%=aj0fk;M|rsx!4#6zZGzSMqs zwiutbtV6zhe~YBy%L0Xa+TQ7@0Ke?g0~%Z=^i~dpdVFKee<0jBJbwU}0 z-pO)|y0Jq5u928-M4vPr%F~ND5Gi7QJ=aqNZ5X#13$m`oD6KyDCo%DblF!~*3U`Gc z!M)}!7hjM;&G`V4J{Q$)%icEhr_EXb32C+He*%BvppY)1at(pnR`Iu1g8vt(#ouaR zfz<1H1a38WRl=ejGw>7K!iPO}D|=XQOE&wOlG9=@Q;|hW=I|RMJ>w>y(`9DKx7*um z#-i;ybOpH%jjoD_O6?ES)at;iPiejJI z5EM|j)43Qc@txcK^o*(iDlc0={{K&1Wb=JvwcY;Tx=8jh^fA81nCw%3Vu40~fKHR8cH1$XOuL^y9PtaFdFmamS{JSD!ik%_5;EPo4~Z>$*Qg zIDFXJ+Ip(tSLXNSxbVfnR1vjT4kN@7QO?>;zFxVF8{VnJmHmlX0Lg3uUJO)hFizGw zEAb_t$Yw|~D)(@%h3CZ(a+h_VuLKS?WCj` zJnZbD*RR(uAJw|_eDRk|LB^cUyBV8u97)%0~%bA`&~Nqn zN~$t=zHde)x9^4GN1kP$H1zuv<|bL8=HG%{-F-!QdBfwhtseIZW&%%VxNdSwuA<%e z6o*8==&LesSx?kBDo_iiC@(LYZ2y#h9I_mE;`@BxO?bVa#{^8zhIQ*Gu9nca70m?c zE!E#!f60{<5JD?pZ1w+e_10lgwp;tKASxlk&?QKBNq2XL(ybufAPrJOcejW%IHYuU zcZ2lM-SxZ2=h=I|-*+7H*L@5!>sr@Z=XtKU`SZmGLgPQ2O=H@-iVI6g223#4>WaMO z`F2^qcR14!AD^gdYFa}q7k|*e;FjgNi|W3!iSORzbbG#IV|C}TOjdt*yMtZhX7WcI zM2L+ieumL6Vf7|#77!SkPWHZS1L^q7GZ?(c*Sl3IAC(qxT+}L70h-ApsQ@~gfxZ-J zV~Lr6Gt@gL8TC2I=glY~taYz|?Ju^ZNQ4a#S!)*lizWax@+b_${CC%WlRVt=>w=Wd z_|{BJqyL8+6{5kWp*rKJlvN$HGlps2zfb>Iejme>=7cho`B3Z~j@T#U^Aw=(cJV-v zE0(XABAu(r8QJv5;(m+fp#)G(1N=wjQ;l zC>ES0Q&;x^C3b*y#pg&XQW&-DoiQOV@LDA^?|amyb6|SkTkOG7N8o;RXfjW(hd>Q; zApPn3!Q^(o@@OZ;Y-N1g;?QXyUF>Yz$2@)F{$^k>jiBiWu-_1wOBt|ofdQCMQN!Wl zrRRtHD-Q<17>Asq{p3*m8kC{Ak`v!`nsY;SjrE-&JuEiJWZdNPA61M zV2bqY!IEMmkrE<2Ds{GaiMXSzx|v?8c<##=FFt}GxcYWfOP&*(?4M>+IEd-Lk&AIr zJ&7#26Ulj8O_xSrn^o%nbbDgR$>&D?P~EcaExY1*h9Yn~`!rcZH?V8b$>|g++u3}1 zE9Eq^r1Zh9tiFUh87%O0KLK5RW&5*DOlqcotC0HW$Mv-)uj^ofvzvC*!MZqTfew&k z<2g>>N~(T5w8({ya?$yFS)7!zXd8}e@7f({CnYVw?C9O09XfRIf`LN z=12WMS!uQnm`M{jEjTk5Q?c?GBy3X)E?s} z>MKl0g`UNtVlwy8c|p;Vnj*f$lgAERs1kSmZnvZ^%osr{$@jyy%IXWluHd%=uAwaC8E1<=0SQr}<9W2&0 zd?Yhk&2d_fKpPW!nr7-uMp6b<3U`xm!g@!XC-@Rhi^=_0F|Ws(hW6n!2`o zyGZdLA0XziU??>(c&h4r-{&7Pn?fR}M5x9!@zzyPWu2$*Wg+(60y7E0g+*nB%Vd2y zH5ac+XALTH&Px58X*`M#!9Vte|Eg|$um;b^UfM|BR8^vk8-oGC0Nq}uDJkDYZdRKYd9?3}TZwH$Q9*ZSN=FlDLiZv{f*0=2`MERB zUse(m86P4e1-$u7^_xV>ZTBMqxXgzGX-O6@L3{y1`MX2HPzuOdnl~P_K3pH-Uc<-A zJo~TsHDd>q^N6sE=N*=MQxt2IBO5AU_>N)?=t&#r2F%>BQ;j1Cu zvO3sq$Yts!jBWEK5~@eFjdQ`o%5LXQt!pGWrO;X2td=a~uuy1s8gUVB6A&2PcLH}N zb4*@04RdJv+&vh~R~PdaT?TF+<*uz^0NvPVhjK!mSBm~*u&`(go^@Sz|K_qkI7XXn z`K@4B2y(|-Wj4~B>T-7NP8~Y?hG^~rQ|fDB4e92YYfUl5_5;;n{3)J=H-DW66M!A`f`7%ZIC& z$xZ~wNRW>Lxzj@k;Kf3E*6GFTFfUeYFv582b&kk;m;N*zHc(v7FAoQ&04<_*RgsY~ zPv`+g8xH2HbFc@R^GzZfqNht_iYi*PRrLNnLd(HgA0-0EM=WRLDW(yD?N9E|wzL9` zEX?AiWlj1F8e={PIKu=3@^5ckL?B|%-%T)LFb0t^P;L5Mq1rU^k2YI_ise>x87=W^ z;7u7oSZXR%z^!MfZ|Xk&>cZQU_Mb5-*j=^S9MMR-KAS4M_WbY^29|>HO`yaX3*-k* zFq+nN4jEvCSFcpYZ&#r0 zCo@x;Y&8{NR76A;@%=s9!4eMC3jQ*&U_1iH{ zoYqA=s(<2Amn~bIs4}`-jAW+b--+6aWOynt5w>pbVdh1^M>pX8SNNxu(>-z0+J> zU00VeK`~=qO;YkE-+vVl8t^ z|9V*_ZwynGCmdz|4-Irkg^Ab}6ba<9{Z`F<11#dytrb^1s8M=-?7toE)X|<>k}A3f z;}C+LPg;UUtk`%(JzQJk09HluQ8~_#Fu)R*lpMXPq@R`(Y;`S?x!tkWsa3O>H@$`C zmYeU@97MRy6$xCT0fK>$y})*Urni`_Eods;bi_NXqQV8Q96yC#`v4&bbx(!p%;vyDd-E|72o*8EW^R- zN#&quLRTEd>rh1@6AbHR-7{2=DTQ7D8^fxZE8jCRr~Mbyc5;`r{>yV|jWI>rclKZd zZ!&>5PA<2||3_>~0X+4iO?o0>!H0p(*B^r&sp$W|M}Y&ep0E0Gwd|Fedi<8RcIlF) zRJ*CI;D}D8q$3zLyHJfk{1fFFZ;r7$_zJcStsFE|^?7x@{<&poKa}PBsR|d^YCrszbNxA!UvsDF-++=!W zv5Hq9&LuMHjJla9<}KJXg&x-5$=pW2$gE8RqBlQqmZdvk->{m2jrz<>kfjnWiad%3 z5j25&3`XsZTZivR`RFm0b2(xR%iYZq#ZDKw@Z36|q3;iO zCH}wtb8kUsAZ(6Z4;hq*GqJ3L;lZlusKeH?^3_bqU zAa|hzfR<+_eDiwcdMtUznOp;>e zU6*bn*d4dHB+rvEqAFSti}SPU!y*N?Si}}XoluS1Zrg$l#&j48#eWjJ?i)F+E1>lq z*28G%^9kD@WBDX<3Tcw#Hi^GuF>d0NT5^?cwtrwoeWx$OGmz-)huh@?j#o2g>}thT zAj9#pFK9pZ%=_@Bb|*nYh@GN>mzAe{!8T2lI?D;G+I%AP@?apB#k9h6j-cN5*0FlJ z>qF0%@I2s9H~DJf!cKQe*pslVUrTP8&;gwY$&bBb`BT-okwo1pkdX;7v?l2%k4^tw z7xQ@MsSr)K@1$b4W6J_}UjWRQ%U@27=DyN2GjX|};py1nk;!k>6iHdWV-kfg0}$@K z45A$?8;8o?-2_LPvOSfpDePNx2)3PJD~#-`T1r|B7fjm%0yMdJ4?VHwEwf+!y@IV3 zFW}>0nciEdx0^F=7v6LL>N`&^W2Y)A%{*ITFcu2_I~C;@gbq|(FaO=eWM0nHn+r(; z+H?P6X_(}b3f#~dJ!QlPU*Hj2I?34-`1T(vN_=~=IAgS?=Caq zvszke^l0gd@SQj2HF$XHs!B6=v=^!^O~l($U)Yu^na*ow@uU(@|0$FHGdueRrgYAq zcWgZ$!1WnQ<0|DsJ7eXaa{UfI=ytX8F|RlAc%DDZ+ap(4xl3leIlstlT@fRx^If@V z$^rwj?C!0^KjJvDEVjq>Lz~Xnk`JwLof_1Q4yjgYujz*wr???%QVru_9vD1?#iMJs zzowBFR4rQ1sLjj<1!p*pUPVp~b;yG5fTf_k4Q_-2rF_5^(_(?S{}aIO0y*+hGVXR| zn3-p#fNt%7io$>CeG&{|^SuZjPrnu+IQh8-&&%PQ0@Ml(VC9`X_jM~+c_+XZQ=%jR z_!4x+c{ay022G03UuJA^tRA9}T`tvT{kTC%TKEWPKwGhbZ^@>W9);bZ?4?)`KO&@t zZ{$D&2C&WQInUq0w`VGPk3YGn@~N|a`>U$4LGzN#*rDb?>GeMYm}kwOb>0sxH~dp> z_zURwvyV;By{$+Db|~+z#smI0F8J^D)TEdDb#vA~?Jq{0( z8sDV&-aMgbY4L@tq5vWvJ(0$4fm~4hkhvQHRB(cu`2NOMzgtY;=DtC-RXpmxoQ~6v zZV3h|$N$V|{jEDN!?fIwZ@9HaQl5q{RJVi-n#&XgfKiToeV#!=7$mkJ1w(u%Dq=#8`=2}yBr7F;PzUHrNKws7< zcC<3eGk|+EBIw2S)_KxSjGg)ncPDn*a|6hakFN~IF_oH4`QZoze?5Cfye=ayq8=>X z-tPu3S?sv5ay^(Y&GNW(Z5cC(YWd!?H9Sd+`B#@bjxkHq*z=Z_Ml993$W`$e@f37_ zbqJ2mJnMM9yYTc$50lemg1`Q}B5h~e;E~g%>G&I)`Qq;}3UdZNXA3DpZm){E3?Uo3 z5Z~yZ7M=Q!D+@crd_TvpQAU0w(9aN(8Me0SV@);UE2Ow{J#e_@+@M46SYV+2Up;(h z3$`xi)BU0OJ1Bdy@8m?LO9w^$)~;N5n)}C6Z6#G4&?1kws>=n=_Knq4G*Q>h=dKhd(hJgsi<>XJGN&!!@4Bt zjfcR4-}cVLNb}5Hk)pI6%aZd9hf~{&T=SjSDT?>pq&X<4e@qq~7IN7wr(G>HibhtP z+?2((ao|4->q zrSo!=i-sg^IlE+oiw5`W4yr7$8qyOauzlx>I_A=op`?D@72P|bMbh#KJiTX|tPfDa z?;?L%Eh^P37(D^N#1yKRSWw%sJDtA%++UTldxhBu zif!CpgI%A~KDqNDu9i`cBd@Znp@D&NPWO*4(e;C2xZVmqM6NlYz&w(T!*tK_vHPz3 zsUYD5_om(S!Mi2xW(=wuy!+Eq3*sxCX{`Y}^8B9H0 z_ZW|m5IyK3tH#H)X2^%)FSi%lXkT8U4Bm=&mTAR_3q9St1~OMoITn2u+rFR8t#t^n z9J+oF?l>~Dk}`xgq#LGj0lZPja6^0H{Fjv?@n68bx_}(7-^JQ zv3IiGyu4ae+5voveYVgVSdgdfbGy?sCda(!GdkIc>mWXjt+6CgY4%h^T$BWW@~aW0 zoyw6G00y}0l}q)w!Z>g4bN??k?aHXG8s@BT6Dk0Z4F`Zb?z3>raPWt^913dctL$KO zkVnsfn)&1XXQ#8$DD@kk+?!`30v>1sbH9+a@CO%Oq3wzt4SnsFeqhGOQs0{_Y>F|~ zj~E(=670IBMQcr5xLCsJKq%LBQR(*E01i)vzwXTGkN!u@ZV6Qq8Gy-h= zQfg0Zlr$l&#sA7{m(X4uiY$~5cLL18KW((i|Fd-5*H;OasNSq&z#V0a`zk#}PHk_z zGu{(Jx%=BjAcn}T()q>^beAL3>3*ij3d{|w2o_E285+KG{xjKbZ=Vs~I{+(^XL>wZ z(=jm>p6dMibW$rBFe1g)QdXf*`g{A(QYO;v$ZG_zm}1R&^;`MQx09K110P1^h7VfP z>f|*wlbwM?g>L&N>%~L^jcd_co~s-evTY0KAU=T86SzL^uI3{Fsm?CMn;zjBgQ|dv&njU)H!gjC^+vT~6@6yC5fLgz&sQ%?X`NWX%0CzM(_UpXBz=yjZ6?vdo#} z>=DYB29p_`m02FfoWU=X^?>nNtH0y3!eWTMs0;=^4~`M$>+~eRL;*~EO44<~^m=+Y zO5oaq-20rbxMdOUY;jo^Y0l^#b-ulMT4M8b97-p7VlOX)Fw@3I8Q$=0H5SwDJFLcEj=~^|WkVD{gg9W=FiO-+AkyAz0X5%X}Ev4FwQFLOPX6AxSuF z52>zDh+#xi=Q2u&aTJ75ZXZH%N%PT4^B1|X#-PyEj)#rOoL=j8#g(_gVv5_D>0x^9 zoZi-;0B(kjW9T!TuSfXWf4nxdUS0VN&#Jfsj*Bss6k^OB&tN-6vZA`bRKO7Ri~CEez= zD`Xx;6Q3(RXHvL*a_h!8&#mPpdX?V=HTo2q5ydqz(Oe=B_Jl zWqcjSsAIZ6S51^Rz{x^@U$SFn^%)5JfyTK7-)C83OP5L=ukX6l>iWyWpOG8F!2^t` zI&kt@os@@ZArjgHecL8p68@^?Jv{KZ6_LUk0oXHK9P&J}QY(ebyrpkY^DQRC)VE6y z9}YN+UpNRQFP_&y{_Y3%l=d0N|v7t?#t-b@9T%RYbhYc6+np^$6x6p^7` z**t%mcxD6SJ)f+ov+WM{w2S`BOBY0x2GTyv35otZSy0Bx$E&fu;yFVkP=nnn9m5;_ zQl9XSbE;XivQsk)^om*4RG8RuU`+!5>1MYxrc#BQI!DR%(VX?r4Hg+ZrHmR)dIHOt z;m_HKTY2B2r>i=tjFGaaB3i^0(ALL#Qw8nk+(F85;GvypB0k+k>|>iIuZa4YWblV) ztKa4j|6EFJy%5|u#DWioBG zF3vzp{;4k(X~>iCPjGi;_H({e99&S^=;P?3-vckHwYC`oYD&pYs045Xnz4%HNE~xe zSG)&e6B7hHxB=K7a^W-#?wdoQ8Mck^4rm1r$Y!AYH9QM^xUj0Eur=AoAp!p%_qwId z*7BX&dvPW$e+|#_&6fiMVzH$NjsR1ho?lfvQt}wvX4!y4+{%O9t1UJ`WT*3+eHwEc z>4ogQO5}IG4kNp=bi0btc;Y2_f@p*UzOlxYnGW-*CW#o3N4*DO9u$GS>X@H$F=RZ$ z>C04oI{h~&g-R!DHqc!Xii;eYIr8A?9l)z4sEjGW*I5Xn!oX7GQ|=$FBushn3A#RK z$QR{Vs=K;|2!j%>xgS3VFl2lqs-we;u$dy7Q73a574|_N+dEj$J9CK}IIlaTba0y~ z*T6KN;E@C6qmf9Gm4esuba%HfASV}6GxoQocK1-Kox5~(jx|fbN9DTwevhvirdu%v zyzisUQEu->WPwkF-6x$D9!#oFPulk06BEIBb~D$jDtTn_BlCwLwjK%fRF8y`SkAiKI1IBAWP)5T=fe5!rNNmSA}X@Znen z_-X0RL`PZwKe`g}W)9*T6qd{mab9o2BEWfdY-YpHLVxMjdI!g@e3+n~eJ}LDV(<{Z$n{nZi=AzEmo^^+(v>4AEifOA}Gz+4RHfZowhRj}H=WZ_cAm!V zFD;Moeu2+W{iB9D2%{-zUuf+2wiboAH(n-9K*_wgl|Oq53)4dWa}~m_t7G9uV$SoA zzd|^vjIGyL&&U8jZ=FW}B}rEEtyiW-nmpuzRHW189v-aeeiYBB1HU&jBqrQyci(K& zFug#lRq+Y2#U5QyaLHa-dMnj}BA?sE$_I-N3LY&Wx<#E%_7itbVwj#oQ?2!&kTVCWK zV?x}c?Zo(D2f!G;h_rW>sNC3ce*2=i<)mD78=l;d2|hA160zkGx7l{_MQ~I)%Z`g0 zaP>P3?iPqPMxGd#8@(*YXD17ti@TxYb7=ag3+rRK(oJ^^l*Wt~QX_s*s8uyxZI-`2 z4;;?cCr_18ff{&~?6DMLWKU{$BG|aEZtGzGPb*?_ly539U09`ctTufgI?*Dr)bq~Zj@c+a;dG>d4EN+-+U`u%t*KO_Wnp$-i{KdIz)5nXtjFH<1391 znx%k;P7w>pQcfvtrXR8Mo3Q!S_iWVPP>;1OOHh6;`b7CH*-b}^}K60 zYg^U?7Sjo*aVoGFYcfxsSp<)c$~jb?6EuE-H(qX$3XXhUH6QU|14>SCG|Sq75bEzQ z@Md2pf}_Q{YavcMx4?el1;*5omlO5w)KS+*CbIq~7%G~aLmg+STKU}ef z?O5uJCZ(V_gTx>Auj+7{M*?0J^!?rw=t@}@Qrk|4le*GWxHy{fargB4?GuKPVpPTv z0+h|BOt9=`BRXwvy}TAWARdoy1cZ&wSAG$MIMSee0gniFb3EATBs|?6^Tv$u;kC7t zu$o)#R=ID=-#ebOQz_^h9uv!jXv#gXZixGppBW9M&aE{R`f0t2e;q+tTPV|6hW(0v zu~P(X4(j{r?YZIq;yRA_J_{20!oIc1o(SAy z`k>K&oz?aW(bVx+Yt)x)eFl$7{aQ5WwfR_cN7TzQZ3DIZ$f40%Td8v>>uWw2;$O`# zD13W>a2BiH*O+e8zl(-QRx^Mr-Wh8$k&i0Yg`B67ZzCrz=vH){D&#}Fzfz05yu4%w z{k1AhM#gHg-1Cn2R_#+?MRcL6{#;_|Ep#)962s*%eau+Ul|j3aw+%3o*CGBW4r40U zH>tNm0;2KHWHRQFTwGkhp||mBkz^mQNVr4o*SBesQ?%dhthPjz^t6g#Qi#@k*b{WG zH66*6AS*Gy=dCX8P7P+^B&%`1K-Pp<@t%hAw?HH;Q%-qyj#e-f2z-K5iH9ycH-dfy z!!7_T2vQ>}Ue+f$odM#p$M>T08^plp%vo+@6&V|p_OCGg5G(-c&=_g2WK zRtUy+i zGW+b!`0O+N#|r#k`fTv5DC+=5WH`D}PHzZPoVYUMp>|y-#^P6`Iwd_yz|J^nQ6E{Gd$ zN9Gmi<$o>-;|eqcUzlPubyjD(0V}oA{4uG9!#G08SeKYoe>~%LwRovUE{oBD3tZ-6 zWT1`cB?xG|qqw&w`&vvpl^wwWloL2_q0Yitr2j5@q8;#(4y*L#%G+ZJk%3~g;+DUDd*30C2D zhiBwbuJU^?MippR6Yb8}(t~Ct!f?cg2(a_geKw?YFMARVH?RWsk3nkH-BXRW6G4H! zjHefhSWhd=I?WgY)de_@IPjpmhG$4laZm23f<N_2;M*KfoMFa=0s8231ij8B%HR(FL*sQ0A8WJ$Fa$_gyB;~1;V~<79>?C zE1Ej)YVx=xl&gPGC@q%hR6R83q4T>h^?AT5YjOKrw6_=qxZ7)3A}(%#YovG&zfQ8q z@`sX(^&kAs0*~Y`ERo|vl*@$* zoiz$sdg2dTA9M|f++M|zc+Q%r64V*8Ap%K(Eh-h)q8Raq>}J3y+d>Sp&y*%93(VEF zMm*c%FMi0x5n%T>n2aoUV2GTj=*5$rYS%u(G2Xj-9Tq0s030C?)2`AHM|Jua008R4 zh(K8#@|4DXxMc5Y5#J|ne3OdEEZigp6^o0<${zxlM_8p4y^h)CfES!nnfPb1Zb18C z^Mp!?2%%p~YAl&qzp-8DDZRb%hTiV}8b4$)BGNmNMx0^DHe{sA?=66EJiQvD#l%@u zoYb}k@$Jr`Ey?elWAw{(L$e9kc$LYL&DDgcwgljPh{BpYqM)lr1%4YL9#=MKSL6Eq z-Ay(viQX$F_rKw2v>PKuw2XI22tjf)H2t+YwIAPo=Si5=U8(URdHG7Az0!xo$0|_b!#xOPls-uUo;#czPdw6FqKGNcnoKI*f!# zub$3JN)=&0Qy`ete%zBgUokLG?kAo)DR_@fk9bAbXX6f<(CkX%TF+yS#C{Z2S^_Nm z2%be4SdSL9FFmY|`+ad){eKYzAq0-70Qh0x^rb#|`RfKP=ICGa#)9uhjPIB$*PX8V zL``;8oPRBV&p5dnu2mae_lNnBT&}kX$V;<|_zvIAelGTpZwoX>?4a2Ke0CNGUcPgF z`fO`z{vABU-p!03hfENd*E+dA!Sq)>KS>Et$ATKF#Yf-F#NTqUQ@xGuOXH%}Z}y}V%sNU*2%DN5 zadNzm@w#_315>0a1xI6y1Ly5p|C>Bm%;7T+z~sr+0B(%@4xm5`!m#-76+{G$qm5d- zXzy`l*(8-(qw%%-7aPB810}~cz1!vXiKgWIuyd%B6DCf!4uW?5kn}0l!yA*M_n1hybWWfnnaMh|ZKdD5oj^nlup#G5Jb6 zzye@00vSA^L=lQcPrRzFTHaTgn80|gPnJ}tosaaVUEMQ4_M#<7Y!3UJ+o9}46FS5R zG9;Vk%;GD*MG<*t(tSn)T!b#prlyffaFx*DCKZOV%iPXcc<*qAFmq8Mrfmo?_{sA(7kb(^%2Vr zn%d?@!(?qFmYSKE>L_>WpwR7cO1_3qG+N(Tz@H*41=XhGc&p>saU^IOeV+7P-3v3{ ze?~4;GUC#ZafzZZv0ZAm{Kd?n`h-EbsH|y-LHd1DF`Yl`6`J72v#F+#Pv^1;bjI&N zX;S=8Yh6px-8>wkV$7@efxo`W(dp!}+aFBgvv5d>ycm8v7B$A#?oMu;5ct;xVkuzI z^h0OJsv7}M^_7s%x3XGh3Yl~_m2lruQXrZ)j8wmVAHuI!@uA6qD9U8H|AY5u06P9X z1^L z?42pdAEP?6}=QL6$5%;IJtx+iAbzott+b<6z*PcS9V~Xb8ZWxUI93%UB09 z3<&;$=T=F+e9GFji5$ymy?V^2efDjtn;Ai}nNLxNrS_|9AJPRpK#F7}pXzL75i!o+ zdlPXJg9s`LDF$${CZ9Jq>vOx2sgqgi>7603&7wZM3hzke&`DU8dYHsL%nNM?vN+M( zxAuF}`6PrCdD{#8!aH&=xJ2NYles=hXE!Hg^28jAU;f0s8FxR&i&V>JOiHN&2y3LH zq#-?~`)gwuEs*>pCk~4W^}U4xa(U_V25XguS$KXw0st7hFEUdhZAN{% z;8P{55lJe$aryTne-)ys!3in)WUABgA>5mt+5hSqouYqmV??(JV`PK(YYXo1T#hW# z)pqCvBN|fJjqzaqPS&382P3Z}0skY%*o(=yH0E z!Pdc)mbDp5%LIN6ar8){F~Use;vD16Zf#IZB05Bz$rL?6zf?P+^S76Boh&9}71`mk zl>A`u7Zox|$50}}c#pk5ZR?uN#?SSeZllpc?+K1gaGky!g;i`4$hx(&zuE;De(Jq4 znjX-QOBTJ;42ThbmL^fAiteQA-f!N05q$N^gZA6i@oJoAjb~G=PVA3mVCn{FtnvJD zLq?waV_{G$ij~aeroucMak9qxxjoN*{XPcpRyBoP89b}S^Zdz7{yOp+n>XDj>t-yb z`&RrR0Pm$fb$eWdT-T&>wU;eM&xZ&rP}&`>v{bgT5xQRz<(&KAVv=u;#uG}{e?8n+ z!6RZvYAIh};*u+`7AP|8K3_ey7}dwuDfUOg2B5OQ3lN`{KR9o~)(JTh2JrFxm_a~l z(d5{E#K?Ma*NI3$i2!7SD9;Df^td@%yF?Ve&}}j$Tta}UYevF|ifs%@jejpD{lbVS zhCN7*tl#dK9(V}T`N-a}P=uj)PJB*~eB*UNw7hDzmYx>@CP2j+%dJqreie*E(b`6; zN9I)ZPBh6!lFX@~wSAi$r>X|@%}_t%8A4?^W{Wm1{L`yv&z_#t8mF-Sv-*BN*=j~ih6QAYB)K(6LeV~d{}Z+d`-O#Z_pNk#NwAF+1gD-6-y}>+S(eNQ-;s1uba+S ziS2b8*|Ejw@u_L%yUf@7jT8s{%-1paoK=LU8+}3U7kqnD>gD>xm8Rk1^{?~Jhxc$6 zsZmAax;aK6XXsW-^%}LZeG}lUgk8Pi@l}a`#h9fqxCZPZ3V_bnH20iOp3%IzU79Xj`FNN z2lYX9xedfCtdxz(n#R|XPr@BO8WkY3N@QY=?G9xuh6>0W z4fOu>>l@F}THA0)hM+zC+SQ6?c!Cao*?wJMnI*4pDm|)T<#{5V$YbIL|HJ5BKOgz> zKq#muDogtjJ_e8VB?=@ayGJjj746+Gqa`b%hpX_+XE$sCvlKG>V>Nm{xvuQy?a#QW zoJTF$CLDi^H(S=OO5S~-F(7*Wsy@d!&$I#+39_Xd^%5M8?y+&~ZZ%&;h)F$^;20wR zQ)8rtM&-L9%?TerX^qUfHgq9h02!+&u-pLkC@_RXh}hZD60d`3iZ~v_{P&Jb>aD^sjwU{jNnd zmtvXF(oN>*uI`}|QdKCw;aAXX#aO}Edw`*(sdeDm$nz7rz-(TfOtbMqP9YySZ+_#kTejS4Kt&DYXDiv6)=R z5VrBbK1Tc1t@r0gvk^Tc9)-$&ANJCSGCl3@nj!V>4;`4s)Zs_LzwOt*OO2?wKZxQ0 zrG#%TqC`TDmkzx}b_3HiozoZwirssN5T7tTWB*PYRz<+uS^Ns5h2?;KBZFg6yc{Rn zd9vT4_rrw1YQ zRbr3mF9m$QNQc#w?*~LD%oQ@0q%IZ5#veX>tyEQGUhT37J~qYvC>u`$XS2-h3t2Z^ zoh(F=oxl_QrI^Z&q?)hjciR3ZBw&cgQA2xhl&0iHyykE`@NGL=0lCG@j;~KtM##S1 z>ZKVer>^)S@J-=vvz>96!lWX01GBTGpi>^<0T|c;nq0M81qN4K@#VAXDYz-ODRVF52UJylg0=nGk zUf!U@rd10f66egtdc`0<5L5=qfg8go|2xQvLRY-Ve8Yd?*n3#Cq~AXZcE)g2$LomU z*ex1jz?$o+-UV4JZH7l?6~suUE6>q3R?5(xT8&}FuN%ReO60Zzh1KYCIpJTHgcW?2 zuiErUC4&>xNo%yuGH2`dqT7BZ&?N>WCGiEJWra$FHKEpo&{5Mm8OY+Ab=_@`Bx9mL zg#6zd_ya2f;pUrEb0uG>mng$mRc>DFafRymm1ybNU-uT$Fn7++&m*fnbrh%+XDsHJ z?2?a)f+>gT6O{txioRc;QW`_bdW&j#;4yzjp+7Fy1fW zw6_T<8rh;7jKy|tww0iEM+8hw9)YD~idMV}zh&7@Bc=4S$kM8CjLq@~L*FA|3@kt? z4lhRcenmLQgN)5vfya-Ogdg2%@r^nP{0zm6rsl^m=@Y!Hx+a!gk)n0RPRzY)hY)=r2s-o8MuDKHevbRt z%sy2Er(wT8bjD(4U4*{3pN@q)Vk@=eo`K~LykR9mG667PZtzfTKSDb>i|rwIXE^@z zjHRGI6Zs=Kse~BDGQTOyQEl{s11-uk@%{&giu2=hY0Er^uqFGt4k7E?e-2poINLtu3`9Cz^K-s1vm+ z&$L#lcLGh`G(A^12&MpRN{C465)g?lXH(hhg+mRvPO`8%1#ms@g27jkd|^{nYg*{t zLg#8>o}b|5TSJk)P8AU*Q;xJmR~P+BW&W7-AB8Adn07e&z_-vdn_L6Z`N>QSy6@WjWNAVvk^l#bGKbiCed|u$4zIM+Ktm_>Cx@BI=7;|&R&NBIo=Wgqiu~*}hPZ+}}T!TiG zYJr-kzug9|-tjsSfroT1X~Z7&^DB;bXQf$bEH0(qh7(Vrh={cHr+RgV?ak%Js*UwVk=Sdyv zYOz{WQBT`mQ>&BkihPI6kh#txu3qh@417H~#YRSiSZ-@l@yz zjY?7T;?(zrx(~&-cw1jqaF(Yo%t+BwLZ=0 z6OPA`QNNehdFi6rWWoDoMlr^?Wp4_Vc=Clr*anIk_f@(e(QsevcegNo$t;uuPGm&H zNy3H6Z-A#o1QrkF@Ro6EAfc2)TCxLY#>feO*{y2VnG8*u$sS0z5(<@N>El+E_#Cs~ zT^$K2KbFn7+qR`~*WA~%pdIDTMch-xWPt;!n!0YrH@?s82?I3_d_=z6@QsMh(0;7^3Jtv5&kY%L6a1&tkZs-u86#v#fDi18*OMhW?d@1*53I_vPi z!35X9V0He_-thjASm{fEBK0t>BFDl|2Mj^@kx2M9tC@ylqRDif`2T8Nv~Ks1;`+(s zX7dj1O`9ZZIEiBa&8cpste*u1A|3a!E|#dHTfd*I!6YhxDmN)Pl~DiufGPv791Oc4x|i zkc<^7tm?WEf8+j`34Yz12o}Vq=bD&c3P*xeJp!{^?@4!U0vql;o2pObMcFS;9eM^+ z27Z|ym^SUj)2fN5EW{Uv{oyeQ(SKW-5=k&82eQxtPlq5+DH(Zq?C+iGFBor#xZgz4qS$Q@3v>;MqyvCb zJMXpol?AnNF>zb3O6I9InWKQ(VNWu;9Ok>2c$ZgWZ!$}Du2uoi)ZcizJ>Zwq-c(tB z^!EIKOOZzkr@YDo%n(zKRQoz!x};Py2Z7hsCJ1;xuS)Qxf+!LMM!NUsa!+)sKZbH2 zLZQA)HbbmNYr5t<`y25H14)V^uUVIU;V|uXPMts3qDL6~Rwf2yXd)R2A&0R0n={eXIL89GYld-G_v7moy>x6d%-sG-d6%-0YyVgD)yvYr*$8t-a>w-R-O}&F87RL`9v674_<@&uhoYyk7?d zwtYf}h1Uzs57Qy-f9Q~Qx$NR>BKsboo_b>e!}S7*ORq0Y}V2glG&D*X`Ba~1XM9jq1HM$l@cY$u~G8xcrmllCTZh> zvvuc;L$4*j7nlBG(5u_EC57T7i)`e2TJ( z3}6JLHTt!m{{Bs;Z7p_V+Fk8Q^M$k(Gbl&i?HI=9ZzxPJb|&Do0^U9T5n+i%Cb#cNBjygE?SJ?T=S02dS@#0PK%XO*X zskFe^Ur%f@BOqNefPkcQD?_(*gGzUI z2?)|KNT3_>K6*X9{)T|kNEf1})#F(>2HlQ#aE+YhP8Zji z*(13SZiq1wOWOC<&{8I%3H67eWf%3d&Xf{`#C1?YoYLQMO_w{8U;G;I5^G~xBYK|a zZ)D@x)@@KflZ`UxQMJhwMGX3_)G+pTSTs_gR)gR5OJuV^m^0@wzELr1C6? zuwmUt2k>m~%y&cl`zOuh1rctra}gPKRgI?THN{ts=IUzC<2+Cbwq~j))5GJh8uJ94 z41aAW^OoPM6~TEHa|>laK8b@bUD%UVcOjVrH^_NoIJZ@3!9P~KDUkZ?Q@!_fW<^h^ z)EnigXf8d$h28muwoW%|6xki}D5t1K@~H{=D~dW(m;8N!GkxpMjYv?ry@ z=wq?s1HpIFW8%t6YAo{DGzCD1n`T~68w1GG8^|g|GjF^^Rhko`b~!a!=Jhx|XyUQe z)RDTv!O*P_DvO+_`gNgg)vnT(l6vIkl-Dp9kIm83%!o2taU zuu>`krbj_VBbHSHfm9iXp%cXESr!xbVp1;^q5AJbYU-F{k_Rj z$eVmK=KU60U7&<8%3>{k%uz~y&f1m06R^m5))Pk@tgR^)-?KcKthXIOPCVx)`Q~Lh znuSxj?6}-=55LXqHWqlLg;;lJ?eT5(N_Bs=x625>EG`)(gm>uR6xy3j3shqOo_H9vK`{VM(+aJIO*GHGnmV;_x z!y>OL4g`t55t3K?Zap`6S3KnHu8E5!mK~Mk@%Kd`cL{l4*uywxO{s%3KuU78YX=rR zkA$e7mpmP&@cxi`x_?C_A9B(+Q-307$0aeVdAQo`KeE`k$25EU_aBSzQ-KV7Rx=wz z&S-8ACTU*fHE5RvpBw|2-62JszcdarMYKk4ih24=ez!U*yizkz)pkD$Em00Ys!q}c z+w{0|^8Jk~GfcckWBbnPKLa_D4-h%0Fu(Xz=5qbruA9=J*`I3}3cunR{kY}5SqZA| zNgaM9?0H}Qa^DY^vp?DVLOznJfi#5!Y4wkvS{iJB&WCRA>N1sip5Jzn)q876ztRv= z)+*%eMBJllT5xeZWF-sNxSr*GbI_rlW$2l0VF0#h(YrHLr`|hKBx;~kBI)SLT9pqjyIGy?9?FzlXWdgfuV9uwLZr`#g z@wK{5jmJSd&m4OcC47Y-I%)Ur3oH8ePs8+GM@$up=Jq2dRrWNRXKfOn+fwY#V6^_U zPY~U$FpIj{Yj$q2=;kN6cBYE1#~s@;cq}t>+kAxniL^WSgEE1{SW!tL%e3a}EZt#TgFr6_ zo1b;+e@J*Lr2V;PU0Cc0_AH1~h3o<6*95(N!1_gZ-rI@%1IF5wXz}EZ?e?i=6iC}*oIL|)i@RTQ6{a=@yKK>5|dG)H6l0}HLbVyL5~ zh0Obk531lWmJ<6ErPz1kyX~SucA1W1%z!t0-3SK~ak_z`whu@6B1QBl`3{Vo*_O7a z68>v+5sAK~*>Q}!Pu?5?(hP^l5xp8_L%>eCT<2`zm({*Sv~93Wt$8?W9HL?1aw_0HTS z7Bn>2<+&p?!)xi?{5M-iQ^j|G@Or;c&RbJV*FBC|V=(A%;pmg9$U3?Y0L5E6H8JDHvU85fE z;rf7P?(glF?oS2_PY4@-;V#uW&!o$`*ad1yjD-I-hqTH{+$`0gxSb`?ZL&bMo**^_fVw;Nr z1btVVY7w_DwH8+VBXMJeSgtldQdj%Qe89E=wHhu^fq$M* z;kv_RUgfvfC*byrs~Qj;DF7}mQb>`JKR>J=H>F>61(zjDVTWw=>N(v(g0?t4#HQQc z(zX~33h(|Q{}R6`P`ow4!Pqe9l;B_Z;0J3v^LBaA9ASfX!C<*H*d@=hytfKpbmpv; zy3*WG>1Yk4^NPsJ{}zT5oMK#Qxqiy&s}Vf#3SgB)HBXa23aX!+FcJ#nJ}FD3Nim-Hw))X{s3OlaYx+Q zORdTc;;dEoD3JU1b)MvJkzU-p0|+^#2C-oGyxiJ|J^hZQdh?;8>_$&YiRI_G&(fJ+ zS6dw^O`iz6{T2_m*=^-~^y2oO^luEdm!Oq#TTYv4P!(M#^#Rn*?l4J5tnzLk6AP z=orH#!CYT5y}X^Qf`CrQ7n`8ZNE%<+-MLh}lE~`aQF9_8q_p0A#eqb`>+uhv##qKh zr^SiuNE&SvL2v6x`RmQmUW2jFDC1gMZfZnwYk_<97)T(tr&ojQMfAST07u_;q~XR8 zHTKf3!sDZ_@+sKyR~oB6q$1VZ3zCH(4|us7Cj{X^j-kJf@TP z2oZagwejK7qRi}vHT<=iSDvuLN1eA;Q{}v|m=*>&$_Mwb2v47>h`6n#3w%}mdC=(E zOV)U{KRdN-{O7NN0E*h+y>X<9p*yYhNp_6HfWUljNjNN5ib%UOaE}wJJjw{ql7F(7x*8s7sjhVhTxWU3#Nw z8{TlSK`RDj4$4_pwV8BaYi~=pJ})~g)*2<)GPCYVXs#O?LVjlJ&MS>mQ6sX?<>g#49J*dZ&*_8(Ss0icG$GsT=NxT;2@y5(rjDhC^`}hv| zVVlV=@B|*bN4aeQWBLcM12%DD)xb0%6Th;}KUMb6`}DnrD64yw{b+{6(;md_E)yl{a16t0;fBn+`L)a&7$i9*GycT&)a%K2 zC3J#<_bTyAZ zCh~;kMfZKcG8f!$*MR;qvl;Fmq909gASHJV&xYn@z z}`A=5EJV^y($^v&()I9Rll4Bq4YMCSrOSp1D*X8a4r_|L535=(wrzrvlz>}WhbJPCuMaM+d>ueY23pamU{{l3u-cq zDuiKshtbGjzylt;wArs>FF;*W;4&YX-Vm@9$Rsq?1lhMh(>YhfgUQ61p^|54zqIj+oRC#+ z(6~L4H>zgF>7^s`8J{>LnQPCiBBB;BW5M3Pj&<{Rr4|~if%xHzOZ57Xee4k5>-MA{ z+Jhy!-lAnKjjP}}?!R9lN8 z=aa;1u5zB)+&y#dh|DCTe7sF-)Why;#MW*KXzKzKNa5@gzxPwkHjm=jt}%dGQB8r^ zK~6TV!k@>n2NO`_N@#S>`}1fU(%qw6kF=`I-)nI(1(#V_9Tiy;^AzOQyaa3{J3h;? z+SpZUYV;?aT9_$CYs%4%h#uPbSh*@WK5RvK9?2?!i@$h=Y%WfCl$Iu>5GVh@Cj#n- zph|}B zDk>}6bDIeQ*~AnE8zk7W@dX;)s#F&n&d#^$(V~2=6N0RWF+dPSOVQ8X7eyD=q)JVO zRzJ&m43#yjK7%8PX77~rb&=CtqbFM_7KhlZuI181meR`VFb!Jmb6WK_V8ukK&6uvU zB6r#o4h5u#?{-Nn3j^Y1d|V6KVK@EFE~R6qK2l{L?Q#F!AK0&uw@3o5?A~qrxqw`B z__9{8lhhiUqFBiqNE@G~5_|(BG?b>n0=II(5n(8u@*1J& zeZgy~fML7TF1j~sAm)cV*chMh3PxYbgPk&7RVTha1Do`0t8c3R#nd4cMZ+O39_9tR z&X2t)S;=pxU8L$|=mQeE_?XDe8wHO%g%aB+ImmC3f+XDj?UIjPs(J>#v z#Lx7@SZnEgLVmFQ2g8Vf04)$`3%{B};$5QZ!)NN%0w>V7*tw8Ad2R z6qp=Zb@%kHf#WeVAfn5*_nb8}q$=C;l?i_Dwv5~nGCAXrv}N4JropXW9%B?ZoJF^w zpD~n%aF-W3thKvtQGgdwfI;G=ibAZ)$4z3FyHk3?@qkXfErWSF1hw?JKl;pC_Dy>Z zTc7jZt}5(q->l-UkK-PVAcXtP>~_z26U-00$Cz@mLVP!(yZvf`>I>%U8-)l`u@Wj- zB9K5HH~uP+g=~%tDJ!UUTt4D-sBxD2FX-r6I)lIr))|LWYIn|jN0?}Cot_v>C^vU3 z@f+IvFY?k{;}x zORWV=m1W8Zb>&Hm8Gl_Ii_3ebXE*o_`3vNRvI`B|`9y_~e{|g0N~f=F;~x+{Js$12 zvC_*k-)PMgP9_xQyw}7gtZ4bccF9D$5mSc5RB}RVVYtSs-fN<1N!vqRR~UD##JyUL zvPn#L<_Fm7!>!j?#rD54!_1(|i?-VnNfZ0y$M4n%)b5rm<+Ps$;hZg<9Zi`|SET6K z%b>%bzcbX>kPF376Gh?`cEPfF$z8AQHW|Ra!;E-EmI{CPft&?|&kx<_Do|HkyfYNq zJvwT|$pT~08!UR7Jr4j`4E&;wrpwOXIwL@+0?|414lV=l{MnrM>HAsF4z2qIXxTvD z5dSKY&|cX%j#H2V2(Iv9G*7_8wMR-uc3)*YVTCVs<*PS1;(y3!y2g*jL+Z@_s+KUY zkra6_9`QLRZlnsi*V%i!>VBZS%p$*y56hn8ToW(`D*+J_v#2r|er}q8kPuGmh6d`A zph4mnAEn}bBx~o_EqfP6qRwL=6)5Cx%p@qdYOqq!?3l8-Qhogux8B$9VY~UL+(Iqy z=c;%oxgvMZ>i#}p%63=DpM(bOebQF{ETw0uA@blUM{LIftT$sL4%_Q*UQMGIJTxOQ zz=yAvQ>#aIhG+QHy8t3I$yd9ZDqx(6@_DU?TFlL`qqK&Q+=3u0ypM*Hkw%tM-?84C z)Ll;qDHs414o016m2pJ+j{qvK3m4OIulF1?-DExs^f2s7^B?2uzr!>U{V4+Sh^N6H z`mM$GH-4-sUIP7Dcd_@zu!Q2;$>Yq9i`R6Z%k|PYe3MOJKCC)!atjvOJO3+D{kyu) zKK!#l(yJz)ivQjWlK5|0cm1ZY{U%T=wJigceh4i@WtH#CwlJJwzlCt03A;DhGf^Os zkk7J7Bz!y@4kz;j4u zdT@5yOw4Xom+(%%K|cKn+t;^OE)!EU=s$97mtJzQTWu;*J2MpVq}DP|Ra*I$=xS%Z zi{d|}V2)yr0)w9TrN1?BI7E~54?`^tHM*s3JIs+iJX!;q6_i{z{j23_Tmh+|c`t#Q zc>dHHP<#`!k4*+FMF;c@_M4lX8Gq#@!f~_d-&}2S96NUr0~amI7X|BK`y_G!C+6w> zp8>RT^~7Ny@(weFO44|H60QTEY;+stS$6P}(qw{EWlc=8>slTv{$PdIW(Q0x-$=H* zkU9?`3TE4A^biuRxH?xN1>uw?i1JRS>XbeGp9AG3_0Ri=1f&&F`VBq z*&vsKH(x4DS0bU&8PvWLIZ>D}`_=EELiK8`T*^;{M3ov}T%L{2^I7rMIg)3tCA;i@ zV$DU7RN2P`kCynZ6qKn!{OVnRjP<><@T1zGk zqki;aUahh_mN4_Wo<;~Y#sS(0GCKA@3Dvxd-e5uv{wS? zw-ib|1uATqnf0BQstb(Xt@MO}DnYCHY7)_5Gpe<)C_&E4&;Kbz+g>)2S6$2L$`lfR zRmEW_MdjORl*r}&G*@1m`FdI^FO?sBBwmUZw&z)x@dWv$l~v7REk1qe(WiGG$SYk=``V0!0!$g(CK1oG&kX@8 z)!+#K^77g%O|imM7-D&>G818cYCn*1)V~AkQ|S+Vu=p>^E~xOp63yr zkFm%;85Ih<0a0dyaewOVFka{SgWK0+l9ADLB-w zN?Y$(xLFf=x;l0CnQxXu{y`l+j(#zWyFyr+&y|);KKY z7V+?E^z+gt@31pxRv=>hPoJ)$ywl;^k>QD9_9OS6W;f|2k2wk+Pe%ZLM-Q4zwf$P@ z;(>vcE*Gs7CV2we?hD{j@!B-_`V!*wUYY;7vlJ^|nEQG_+`xANm>GrL8@Z6L-Dzp> z+Qy$q`*ywBb)!?z4ZJ*$(BDoJ=5;?V2cqjssn}F@&wGcfeVM4y6)x`b8a~mHCwp*C zLiUCLOw%`h*su*7o8>^V(?)r`_Ct=>S@(dk#jp04nsi7;1_UuIq*9=PjX@y$f>w&p$DEYzd+MoL@W&wnREILr*L$>5Gv^yF_^qM8gRJQe-EtZJWLRMukz3k423LJ=c zq-LK2(&OFU)m;hH2r7hXFxOV2b)m<7b9eq>O3wsVmKP-{IFVcj;dcoI5pAFFDy>Bf zpv;wM-NCC+cE1gq7Wo=i+UjJHb52ob5a#s|xoWrPmuE|P2)I%e-z}L(q}VLR2zCQG z!tFb&9{z<;%Y2SUAom8}NKA=C|25GRH~ws+XQ@X93BM%=nGpJANhU)~&NltQ&kU|Y zrgS0qZ~`_x2I7GAnMWH9sKxd_q05#+9M1@zwb2qF=jG$#0?Nd?J`lcgAF9r zQvG#S{2lu;G$nsg>mSvYktwkRw$?WRBo~2s?S6bwzpk9=VVeyt;!m$-9=$TuB~b{> zSyuYf)>&qt9mVBv=8%6N#T+Z*X`USSw$35{-Sw52S#6OX4~L{!5hW+tNthP$*GkCk z5C3@3gaPl{)9Xm8275R~dLNqv1!cxU9keI{laXP_nBYv78ZtT}u7^%SvQ0S>P!gr& zagsG~_2QtPhf89)QI2_?Y{T>SYM-_;o4%a@c<1MK(w=qvsmH8e_#^hveShaqlAx<~ z7l6d*kwSPAPCS3B&_p|VR~wQ}$+R+>@{j)kLPe4P;?ELID`17FM}I7yxM3XBrz!uY z`3AN8?Ro66rUup=-Fq0iucpH!b1ft)2hz5VHuQ$f=09^R}{#@u8dMa&77YWidKmS z@#B?va|dY1=S&8itx@jDVi9#an)Ih8MFFJl6n(rfL1MaRZJ@0>II||`=T{T#5&;~H z@xl+h4yT_NUyWkoC*XERidWP-Y}Dy->83D`bnWCOclqf?wYvKCR(;|1UNHA9A{=2~ zmm2e}wKwr=)P?FaZiW<&TQ7pvRwozQ5t#E5xo{e2HTZH{=J};SpNSQ z;vV8bEe%K^@%Y!KSkJP85(x;dyGV;O5l8WB*-QXmv6&MljqNnv{$r+Vvu+bSAfbS~ zeanl1I;8penb#6JUMD-GIq6GOID^4p^oXJYe7DS8%X)ocvKm?`wSk{AHqss;9*%TV zbeAS@5X8k?Q&Lapj7R*JjQL^{S-vvCTt8i5R%&tqh-6DTICt;=tQeT_$WdHA$WOIE z1)_rqowsVf1!2y`f!CBTmWEBS8?G-aw$jYl4S$xNXE*zV?YuRZ8RJ5!Q*DHQiH>mq zLMFcCoR7}9hrhi%vqGma_ytaNqYASbOfHM+yX~nY+(jwadm+9*LQBk|=oGj^$vE%+ zA}Hcc;zmQ@j&r~R52V=j$nOc=seK4yOQ>Fk9ryxLhc6!P`r4;#k!LLLHQ6rCgT>&) zH7>}$5(zuDwar{pA>uKWx_w=@=P(5g?JD(&E1_T>1`$`$2PWu#?u4=Hp)n53ma@k2 zX+hvm^JdyGi_F*AL=@wQd?lLBqpdT1lt)C4?Ao8zO0mX<035K;zcDm;RS!OoZ{e{` zXkh$%@bqEYX-0Wt2RJ6O0e`%PcH2iW@pz(K5NTg3)pamn!_k6L{t zz09MKCZR;>7eKidU*;>s#th6IqBYe0bUHZpfO5N8#W8h}Ek0gu{=Fu{SE&*AH$v?| zru2WOQYw~rI}=S0!3ZN6k)D0DsQjAbJCbgO7ZzNMDGl^+`Jb{^S?@64o5p}Pdo3L; zGDi>AZg^vq!B$>cPS@Zx@$7ZkhV}XQPUs0u=@*~i8+JwBH|Xd`#L&$ZvofhO`qAi- znI1~=knmz&MF?Ye$Frpb0|(eQgTp%>qd{-PJ{ku+mSeZRU}ktmoI)T3Gk{v|>Fp>s z>v1`33TnU&Rj)~49ic%$|Cg!nLqxA!6-5SoA`GjB!0)%e*K7i}8@=AYx_pqs#7@fl ziF2~b%=e?8MYl^Vt_X9G3qBqrZf9OpqaqMi94Ym%KU>elZ9HORRsjfv)8}^q>Thb= zm47Hg5LZV2m@+V3ANA@;<9R9Bbht_|ya4sQ%N-@1bRs15$7-v=S+wHOlX2#@Uq0uN zwjEFxSzX*ZuTgA4kqYu8WA_%_i?jk*CjXVsO340Vm#AU#`OakKW&-QCU)ceXuCp9D zHeF{FrLHcv+huugtZTf6NE&#(?j^02KGPttc}uI8#up@O|M1QAm5xF~lf&aAV^;2o z>#Oa2mnD0Yr(eA5t0RBa^R(UFv;NcSxT*6~#JQx1P^f?)7_T?N{Ri!$?t2j(A>(d0 zw_L`IdNPB9gQ2^IiR=05rNKqcbm6UE))b<=rd527u9o~4dZ&1#cqZH4U9PvB9&X?a zhozd9&DtPtA&C-M&3GY8S82pud7{h9FlrRL!b|do6W$N%NFPZfFt(QZj{~ine+mv(+ z(gl7CW#azzIG=!o`L!AJv1RSMnV;@?{2>&&Yx6%C(%;z>U@lSIa<4{g){XbA zyBv3$gbEJ;CIAb@j2?*<@s@WfO$q{Xu1&NG^G3j+BjsF`TORh03etJFpJ0P|?`eqU z*8~F~O{uJ%wcU)(l#1ylKkG=}8B&<{T* z{_t_5{7QmzCUp1Et z#mH^&+3hVFAZ?i94#IGwk)vv1@vtLT_PP8^FegePkKhldO&*j65WWrdH^SM0d(wZ) z9C-?Vc$0=C8Y;!Z-zh{%Q_h}o5MJK#1mF8V$bcA>s$E{lcH28oyAR?9gr0e^vC6R3NEH33<73Y2LVA zwPL**jcn?m$an6MbRFWDZ#tje%4OT?I(FtXfYz7>fjH%^NfkiHt=riHLPO!`d%e1)Lx z{AdOk^JpQZ<@nT_gBK%gjH@3l&0?5fMM~Ehs8dI)CW04~n<2R`jvwaZvd3?#VvY5k zaDHq?AQmb6yVCj6C_9uI8C#v24$u_D8`T#KgL`eT4dTwg^~jHl%s(9^u!A0_YX1G! zDxU%O2FxQFbXtij!Jl~SYWdd+zE<8xLVBKIA97HlDYUNy!6hDn>)!3rZpb{lc-*DN z+f3QPcyt|9X2sgvBJjGIIYX!%k0~n+?Yi07lhi(rG z21ORjGDw8xxJmfVcw@2*G~-r&i=IaFBh;41GRRMt(8&76K#82js&jfnDynQ(9K7p2 zA77Erb>Fzo%Jl94ew;M=vpA69($u&r?6z>8mi#T-U#I}apZtkvZ7xAs`JCZ-<%`YJ z?DsB;4ynHVd(aZlA`e>aBAalWtyJ@~42?Mw<}p6L{~53!qJ>d!yUG(k9+x$0ZMZ8? z@4MgFL>^aIfeBYDrMHqcBoQtWc!e=u?~h%JO~(IQA(nAQv2=1!Fz*8c)UxGcE!?UX z_F3-D@F%2~C`m~%=r#Zo_fu={ZH-xR@^fqMkxe(_13p@2 zybF-tGxe1(K|-%$jyXmn92kJwu#7)6eHtXd<9dX8*uF~8g4EzJcJQm@eH5@4%nUBu zd|N=6Qe!EhLl9qHfLb_K2rKf;x2qAh;8(#?D^_pUs9(&%mC;c3jROx1?&KHD5MTE9 z-&wYLp!m{k-!bx{ZY_|;Gr(Ex`J&NUKv`6Dtq>ZP!4d#ND-13(Z)EJ~aO}&v`HEI) zFx>V>t~#^6Dwf*VHC@MKu59tYzf#rDaPyN?w^Z4=)vzVovDNVOjV`@mmPO*n!8ApT ztp!H~gv6YBg6-Jx;uBAxzB%I8;D2N{=){jNJ0Co2mGMw9f1jA8hi4#7-+T;SiX{FJ zT$u~y_KDIA;c}WHsNXf)O?fzf9tcorE!UBYv&m?0jM)3@IxT}C%Oj0cIkWKeOYYBz zyU%1Umi|FAfrS+w6ed=Jvb;?0eHA#&qws$=0EXX0es7h3@MF1I`J%RTY;91>1NiRO55n>ZvZ%-;AcrPCr^>96Qz91GpAN2lq4=FSq=GJdL zt#NbZDNwWU>rE&P*c5SJr5E%*Ku0R33pt-ZF@FnyeRYlRJJaxoPdO9XG1#l%6##@e zJ)e8xXl1aofjqo)r6BRs59SU8vUHYaw3k9gp`{&uY}8OEuo-p6(`SU)RXXjIh+HU*T7&w-~7>C{%Fu|^fzR34*nYaX^gEm zf$$*XL3Y|3*>-Gh!%I7TSE7>@<%&kUyKGJVWZr&df?>bT__XFiGc{WMx0^ZC?;yNR zh>AU$8RN?`H|;wlEfSyK;5WX;vv?rfrjI+tq^mO1yC6%g=(+kAsWg`>HiBZQNGw)>Dmjw&lD-?g+d6kxv+4o&>Po zIewo9i_JL59Z^H%Hdxw4NR_i=3|^r{7U_30f}Q^DohT~M4Y#PFp4$Wax`CebO?0t1 za|C~*5Wuk#$cj9zQmCCefPjoM;)bFjtYKC3)yC;_Wh$R7-~-dyVRw{<>R~IP9 z$3cVH?iN6qh#yzT-3jW+$i0U!`9WIsXUuw_-rSz`)abDIe9$J-u_|#1MTb{aRqdY$ zgc4OwBGV`q9u=z(K#R!2$<-2LDX9wR&R7x0Sfbn4SS{NuQH!0=nC}!A&|w~xUVp7n z8Q37hX+Qm#a9>=iGR*Tkn~U{}d#YQc;+H?3ZIVh{EU@RTYqObR@gv>ft1^?x1g94>kM zBEs$;l_fBWhU}raBTi7bW(d+b8PT2)Ar*3et;qz)Et7>r=~J_^R*>7qj~B9T4w5%n zG+*Q`q4mdiH3BOIwa9>(?+m~;VLMY?FH^=Iy)F`;d3XC117q-U+I{`=O8c_x}9IiQ#A$VO^BJJFD* z4Bp@VG`>a@gU)`0e{+@c&@uvA)SX8;Iw*Dzel2(JtGcoc1YunriCGxleM7Xp&$%H3 z3q|et@^YgoSErP*&cl#JIHmyRuBvKfq6*u0QMYE=p+ng4w+Lj~5}@v01?FJh$L)C` z=Pbeer+_k7@ISH-KjbtvMa{Y%_dHBoj+n$Oo9YX>FB^|+L-Jp|A`^)+#XQPFJaQ!wB4YsSKWbo^rX(8!6K0|FEN zM~CyX=+zy*gR7YbslxVXw{OpJ>*p$D5Vf=@{1!Ae?vEuS7x8QbA0-wRo}#5ABKpy# z#%U+Fh1>99ymY8oy6{GF0_*wwYF}CVMl5T8R~j90G>yGViRZ?!qoC^{^T;W?L>K&< zd*|yM^WJxU8p@py9iybu-;N`q?sd&1eT$%eD|JiG(k38=?yBPxWEbgnAL?}m3A=qM zm*H9M-ko0*=I~86?p_@C`Os_B#A7p!nyz8ufq_{LC|=?jHBl|bzl$G4AI+~39EV7! zrGpOB2%J>NkOD^7Ha@G;19D+sFWdYje?f3kMR!FoC^&Y9_MpXdwbWxkoOm$c(GPAC zk#4YF1w&@vd+g1fsjPsz+-UvAEtJSpGLROKUnSl77iewcQzBz)7nM2T<_1dH_)AoWC1;2n4wA>qa6EkPZEku zgW&$rmb#$FZ;ilQGj_X?=ghjt3ENwd6OWa@JX95*z@cNKc((t6(qXkf4lnzqI}uka zC1k`RO2E?hncMMqqXw5h=qSDv=M?mWR+C3C2mLApFdll;=@=T#s(N5W$m)2+lym&yf0o8H>+Cstqr{KuQNPcmY=9L!Mp$1 zuJih8HebEj=m+J*PZ~t|ig(M&Dyg8?h00GF9J?$ZuDD}RR7Im_h3LD zpZRe93%*tT3*UflVNXXI5Py``dRH^qWO+5cz^Dm@tOcu+!f; ztd8C5K*N&c`|Yk=yhepQ(8R!j=44v_+cb4T^CQupdG3Y`kw~Q6g!U~NvJoR49tM-s zcEiGZbDwt8F#gNP(aewBW79!P5J0vBWnb+@iB=(7jUe9%z&2B;rxzpwXhtxX8Ii9% zH#<|2E0VR>x^g9Y_ffB=*IlYN=aax#hCS2yBQ}HWu>S$+w9be9qzQLsi{mi0Ek4QqeCc*FSgr72Bu|gb z(JxPC(l42Qneu5m%dyrMjR!yYz3fcrCNN$nS40~3xi13io4LK9>lum7Y=de~Za9O0 zHg6lW$nV49JK1m1_d?OaKnvG+WAdHeH&%;mzwqp2x6C11_X&yQVLrtwL5T}Udlm;2N9>K#J++JM^R<#>h0 zSGW5fo|n&D@*Y^v)D?cu5H{3)UWx(KM6b_Jj)$#2z+Hzffsb}WuvR2jSMb4O5(2gg zlpfFF5N3HWcmi+4Z#%$K2Tm9*OZUa$K83_1mN>suz3m$8UZh!gQ&Bk62QjFM3P0Bfj1%MqyV#2nO0b5xvnpdD@JoD0V$VBlJ@EH9{?qNF z`kyM!2`Am--ELvAbh+|0$SS%Kj$%>%m*=AY2y5#*D!9}inqT9^ct+lK2_rM@r)zBe*nfPARDH$g-9)0%WXTvDmluNM z4cDYj1CJ&VMw}dZ^g!_Zl*uNWh>tK+>YU^!dFZSZvNe_dtQPc z%6wnexdA1F-wVwrB_(FDGY~`nJ^Rb5(=t7O5Rl@V42XhJ#mnmQ^;!Ga3rscQp#XNY z`sLxoBHmxCh5o?5&M?}ss&58~XMH(Vmo0e&1)h2=x{~6F%EQNKeljbhi$2cLoq{p< zU_{8&21kV1?=C%h&GJwCy5!`gZ<;?K&GMN@v;0Q+`$<5n14{bZREt=*t^$*-i&qL$ zB%Lz)3E3i6Nwe3cg>^ZAkK-|6z2IfHKJj=re{`a&uv$Lvb@R59BjtI=N~>9?tZjGr zO32T#s=Ew8+QFyW$ak5&TNm(dF%3&CqC5x91Q7s}2jBGrK=V|08S=!H-u(|yv3A36y?zY!A0%2HG{KgvNoL|EIH0<+i$!Rg$Q6t?yE_cT) zTwPLZRPik1T3NytN4opy-()hRqkr`<2$DT3)tU8k+IcWP--6STd>Q-e_nlxPgY45* zbzL@%v)1tN$ANTu9Lpi;9=+FH;%q(VC*&{bg^O!{!NI+)diO==WoMcl-GcldMO^1E zmb`5UXlp?*qB%wc<)qNqjePvAC8=JPq~nYN4P>dR^@i|tH4Vi5BQ2i*?)l{ zt6>SKOv-DKF~aA^G|4lK%r_L|U)^FMvg49M8v33O9&mH&xTI*3hgUyU4SdvF5R#2u7 z+qSe^T13rOR{Y-H;Pd1~C+P73+N-CPpGQdtK`338!DhHkkRS#;{!^C$_)JTR7h@$; zRW1Usd1NqBU6h~5)G~}|LEe^A^gAY2RUa|D%G1*LuXRBKg6t{q)+t$1QX5Vm-|D31wgc{Lba+nBb7Xc@Hp2bLve0+$ z*U1xsRZB~Ne1A2@Fz&meMU?2Rpoui!dWg%4^ctYU4RM_$HO7YpftuWAJNi?eOckZ! z+nk<0BSH1#PQ#OyJnd@6a1uTmLGRs;_~P^5i|w0_O@lFshu9rEtHsm(G-MQ)*%RO6 zVN%G9_Yye6kVaCSqw1ljG1~K%nw(i)Vm#SaHI$n;s0`*#xLKZN~yTsMFogIPXK7n_&XOT7}Wx%B_rdFgVx0yl%2+*3A)*F&t> z+K#ym3NQtvY7Y8R=mdzkcZo73Yn@LREoZ6-V!kjxpB#vW78Ms4zq9us1i~Jq^g2|J zvj{zyT_zK&P@O5l@+SvlCZS|R(ueoAE?w#Y7PjdqOR8*TlTQU|hO&DJSu=`xiq=J1 z?4(myKOfla71ubPvjV-xZIiXnT`>a0lNDy~+1@l|N%ZQu{5h<|o5oTYB1CG*337Y< zVFx=aEJM)SEQIfFC_`}xWVxUjOuqLe;%YoSL~Hj@$iGQIc)Nn!GK6$Fe1ykGey@3w zZ+jl8{5wRB27yn|T!%96KKlE=>9$98Bk$EamYewFF>UTwT($~^5#}oEaJaCj$ zporaZN|O>S@HhDd--1ymrs!J9y+=gzqx~WojqIr9EdxM05e5&!8SXTrM#7KSeN?<| zOO#dsvYbK?P|?@m**bp1OLh6xx-Mjgf?SSY$RL05AS>8HpoOUGmV$^kv^xc;sVP8J zsL3PeGPNFN`jl^?!}j%SK6gts1LIzRzWp5;?Wq0Ag(z#z*PQ>aO8P(X1*S-uu9LqE zeyqajWxXT8!Hk!G0-;E#<`9&H&fO&r+2J4s|4kf6l@`qot5E1q1`!r2uj?w-u=z&&xx zz@VpvB~~9Y2BmN%M0SlADwIH4T9oiEO;w|2P)S(^t8G0t&Ud~LTufCk=eOH8{%!LQPR_~kKLB^>9(L0qvhl3l`vc4*8u+l;X_huXOK>gWXbO_v#?-miR z-xF(9jw3*i_8}xver%oj5Ce{Xr@QS&-9KTKg3!J6Ig1JZC zJH8THy8tO`tpB*oZm=#fw@VAEhAYx1om(0CP-da#myayocFmXMDQ-Lw^f;ZEr;^)P z4E^>=lJemKL5?uUjO4X9=QRGV<^S_*LcnGWr38lyi<9J)2OrRq8TI0;wvxuvtCCks zi%^88~bg zCl)`K1@2HX+dm-{W++^5Xr99wv6*Pks~!jpXLwMp=hRWuSNY|EHDh0&H~J5TaF&d=plHE+IJ6pg$uQUlb* zz9!Kz+erwgG#sdB^#NxK^vRpe8+#~$Ak!E`>rq2V&M?&5*&~5i?zyD~DK|HF zPi=u}?>gWeOW(Fk?`u6r17m$aXDmvM{Tf-5*JVLqfofr_C=ei&ne1VOlB`JgiGJJ% zCiiFEo@5OYgzX^NlVJ^KYN}<%lcI~V21Lg7@XcHcI1Cc2mz<(UInfJyo`oiJG0un7 z^p6$0_mL?(Uv#Z%28J<w{dH_rrl2RA2d z;X@ZYmQ(5aJ@1>Ud3hu$}!FIZgf}0>wte6SS<8FEjoBLyc}4 zEuCGb96c5fzC|iQo90qzAZFoXoi9#CHMLw~W6UL}UKhC1B-;lXBs`ZHjbCqtF0L=0 zhF}m;yeOOB)l)A}G0PuR+GKIug!3#5t^^#a_xnd=Bn&djK7_I+Yh=k9LdY0v zj3oO`*2um@$x?PH!dS+>QwAXv+1Cc=gGYZ&vbrkc>HP`F`(TcC=%L9$aLySe;=2@i3TMZ3Tl4LF8O|vJb5o13rw+&OrkFoRY!O|Md}3+8e{SC==Zm7 z-Fg_&)ue0Kz9FV%GtQ1rN;>s37#I_H6g)LJVm~5u#1nz6TKgGVAt`-_;T)CZ{l^@z zKzSHlsYZlDm%?%~0_oY7eYMVc@*bQ!G(YGFEFmlq+?eW26O~=`QfYr0?*=JRGYq)H z%!Dg3qgbCEACQ7eXPvGZE4i3M2c0!^;zywq7h9rzIzmXTJp5;3HRgS6FTa7sIw84~_$iflPg_Z`=QcE8^R_nq9tO+5pargNY_JtzG%0`h^4rU)qK)OP%6|t58kD@C z{YhzxxvT}GFx*RN5jZBe1HnmHLI;wxv-p56i6h2Fjz`S!3d^qGy1~Y9XLA7Qj}Stu ztcSDN$|!Ww=gZ-~Tp{TDM=!!8Ga#P~FMn$gu9qFo2dz#!cDya~>&sbhAoP|L7^QwX zR-v`FHmWYPj4mvEeVOo_V|n&v@{x1+gP|Ic!I=9JG1^8lsh+IoWLXOq>@AV9g0WKp zOBa1scXTTJNH5tWe9jMq8)t|LBM7SxBjP!Z%PfbFPjKL0(Q+zHU448EKv0|56Kr6{ z^S%rD>F_4)mi0>B0TUus>Nr^AUT*Vb_^y9W?0fd&7XLBBWm$*dqZ4@-ckL~=9?G`} zBDYc!M19!BCfQl*ttlECEYtIIjzHi5uMb)+TF9*uZqsvI+(YcLj)VMTslNF4IuVzM z;TX=fG|M*dAsYFXNPuqp$an8CkuI#p7;G4q3Q2=8P6_VJ4F$fVTB42p{?M_pm^c3J zEA79ovXBBWSVM8K>6tkcJ(=g=8MrHIo$2sKmX?5jgCeR)f)HZ|l4lgsrppAZ*p(`99u!dK#ek476-pSBn+a2JNgK@1;JuEMaeg zAplk~HPBSTA;4nWrcz*aK+8}jyo&AOvi;-7GO&;%kj1G5gU{=2-%F58jWtG^P1nAB zuLH3gL~zbL=6P`GJVP(_h$!(0>7vJ%!@qyO$`bmT^9WM>Tkl2G31W6Q5dlu!2ppvV z0{6L8qrt;Dl7VOq#ZN<$rUtpZ=D7aCN}T{@g&g(jb7OG*#B@>EkZl?9Nze$9ew~1MP28P&y8gLTHcgHBsf$ z?;Vo0bNuuak+kIU5%=-sv0?z?Auw6>ic7!kM0YW+^-dxWkQD>m=r`IkKurIYK7b@{xmrecAcD zc^Gf@850P&d8n(|A3TgsIm@w)XnHxAIsUmy3d_x!^}2Ik&__!;x}LbR3k?%i;w%%i zO7)`x>-U#4&^(dUd@h)Wz=6<C363+Kz}$P0lmmD=pAZPNj|o7Hi~Na{uaz^$@+)htN|cB3N{Ueq zZbtj?kkm@Iv_c0q?RnvA&V(Z&BQTkDv^a3(9XdePyCM`g8w7HzV$kjO(!rjx1H_3+^;dh%gw@*v&)S5hJ&EDkeh?}xlCx*rSv=~B4eiq>TnN{BnpL)KE~ z=IZ@Q5Ea>B@Wejf-nKu48o^T&P>AH>@$YVE)}3mocXj)M*Du!uSUv-=e4$SoMG3Gx z4`KOW43JgSeF^LNlL$<;VuaYGYakk60?-dM@(pJ(*hz?;ZyKw9#5#2xIdtSQ5ec&v zgk{+dT-4khlvJg$Z2C8t0(L$KJZ(=Mg5ARu%KRIHW4Ffo9B*i_Er-JG0<#Wj2fhWd zr`@;4p6MT~d0Lp89PQj!9%>!|S3YLm#j=9)x=IcbZesMwTJ*bxXM^Q7pC2-tDpNs( zg;a)){i-W}!+wQ3tnKrz=UYo-gC~CxVLcfBIjZ$(xT-tv@PDm%z-mj^+~TYQc|>GA zuc|1!^E7DZKokYNU|!HU(t2vXDp{y_*jk+4`C<40M=Dsi*RsFRGGN^v(?UtM(uJXb zhRM43HTiOtr9}N2lr)b7T{{C|DNkLKQMV9x`I}n1rw?Y_mH>>FQIcgi#&U$#lgJpq zn9wR1DP3lVA)pCb7TLDpj@I&T+#=$GHtUZwfFld7B&jW(2uRKnU+eXHLM zj1NEl!%5+AKAZ)Y3RY`$$NRli+X=$AfGa@6S&#U(D=#Z6=BbYQwlgd%9|b5QL>)&c z1n}~Zn?E@k8(%i;UE?;ba16@Nfj=Q($E(bHcNBo!_bLrA^hk56`||=}-25BnZUy^e z{}Ob*Tphl?3A0TLq7P>qWjb7@AAqC33JzpZuy=Jo(PKZ>bL7(FWQ|FKUQq&Hc0m~1 z@{Z-XE8CGcyl^>|=NDy1qAKKh$oW^0kn^RoiT%^2ddb{KnDEjOt~jF`x}w75{t4eDiK!rJ~tP=Dm`uLqAn4tIod z_TSFr40jB6 zoPEZb*c05@5Hq_l+@4NZE1*jCZlUmV3Ly**Eh}@Rkg8RPdh(-1v-|eq<-@NLR?-3p zR^(R5aecMb?nTkf88gNjoBaQpW72L-oG%!cWSBpawjowI_4x$gM;14*n+; z$~zfG!l7ZqHWu^WDZ-D{JW?cKR~Cl=?tg&ufdI}mgJ+v^OWn-+@#3tTiWK&-7D&^Y zhXe=Xf{u!z{^#0uu6JN>HUQ_A5!`v$kF@e`8 z*GJ)HMxDGR@Q0}9{fK{|Clsba1M8U{Fwz{oI$5S*@KE(Eu!zRzBhDUJ^pzWgoTn@W z4hQO`$!`k@s&Gu}ZhF*UP@o$GBy~S@BwgXaFVEtlz^l75K%1Sq*KKlUlg_jR=rStnvT$a!M8`|k|?N0z$NJO#4USY7{rjk#Cz zGG|kcgO0dh=CRY_Z>IAAyd|GN$KTIi5M}4;$?^ppz*ub^{ihy);d*G}7os<|j!k@1 zeB%DDj+Bs=4LY*V^&1( zK&b(F0g`QRzQ^iAvh5-y+oDsqMXi;W&6OjR519#)g1gsj73-v)SH1kUw^b=>v4;9v zxEXU_&(af-5qDa)TIRg-lCb5*`8J2hs0yz5!4CNc!8l!Nf>UWVBdv`R!nU7`P;aB{hD0RV57PKP>dDZItZj z4YT;!{d6@0P^omqx@W8htV!Ai!fV3R_%vMMS0!EKmiwjji|O;Y-Tr{(c0!>E*nk|D zS(@m}SLHdpfbo=QikXb%{1=^@cuj#;_e!2Hv-%f$s&gSHN1^1lwbQW(CAWmYfsheN z1m-jFiz3LJ-fc1GWu(!dY?GISPJ>0aPis@)vf1)b8^@SF2%N6!RaFl2Ck74lcfx5o0{nG7K*FGhWwUVa93!#Gm9oe1hHwhcP=$} z(EC?X9}=fz8kBUmKXr-bn%OBj`pnDLIdX=ekCKqW0o{Xe7^alIHv8j@$oDCJd~p!m z?oQTk@pb?m)TziU&hc}yR*t8`vxj>MQTC8D+1<0;1TeEuZ?RFZ*L4@|u{C1H-m^1aE#I6r^oqn)zOHjK@A4HAeMU?|L0_GALxj;l5X0>3yor_>Qh-zBy6n zGD}N9ebzGctIc-rANJ4E_Tc-BMB>Ch-8`&+|3dZ}RwvW37&SaYZ->T3DgPI%eyfbM z`$zflTY8-~(j}vBxMa;h|%M`fr!%%eX`ip_422S@k zU4I}zAr@K%JCBrs)AWU>SwYdH1&Sw!zZum@uY3FEB;weF6WP|=mDJ?F$=zLz+1~5Y z;!{`m5^%jjSAOg>K{B;Njdeoy5u>zZ#7tehiZ@j&+x)B0s;PpTv9Wlh?zy> zm-vcpZ`afWr~3r&AL$XP3UZ_8opgk|ZQIFKMLaEy=ASwayZ!mer3oapH>77s2qnVr za+iMw)E+hljRNTD>jgGB7Sh2g^KjrXWic307VLQHmTJw0wh>YK(nLAB} zhiW-ny~ViZM`UPpecU}~;i#e^EzFWwx}(K*_T4fj9Y|^u@|^Fndg;6OCo`5dj@C;z zCr@TTQBN>#OX$EM@l`Xs~fZKmM zNi#Asr#Z!4*jhPbC@HUsP^7Y7hf+gRj|+3$?44Mt$r=~({YOu-3H>2ZHc=tBm=Ty8 zRWRK2>a-fQz2Sm${9{>I$T7f`=ymZkX5sFOI9G0#*WH8qpCEKY)J>?FGD{{ydP~x5 zf5=vNaQQbn<^89G101!;k3X=W!FW0EJ$-aBmWI$n2;qf@czdz(X-231iKHd*1JwbM z?LX@#5O-#Cj2j9oxyL4wK~2T^M@@C8lge!*)MI0X>DKC8k6F#l9e(YvxSJzV^?s|v zvo6ZXYW*Lj6QCzXChca4Rr}s{aRf#i6oLdUIgGlFAt%krcwQ# zmn$sihGYWGe@Q5IIQVX%a>V2-h2;gHO*SSYt%Bt5KrEhqt(nq8z2GMMmL<}Y^{{$z zmV(lohGf{F9&@*PUYucsKdl0`9hADnP%A;Y*^oNwe$)jwr)oc`IhsQjg@6=PN~k@5 ztIQA5&I7tBKF%fobmi^ zWC$I^us?Z3IB6eP-fx40M&t=*dq{#1<mdYmO>mv zO`ndfywJpu9{m&#TJxQtHUCGqABo>8G)iU7AAK8`TI$6o)9hdLr%^DRuswNwpa90B z%OV-iGAbtgXNQXxvP*c=NN@YoJ!gfZ;(MwhcAwnuERnSG~TF?Rd>}HWge$E zw%i{t4>cRZ_5LAur9;q>lzhU#sNTLDLB3mG2#OTqf(RJoNEpva8mAInA#m@^{D&4~ z&>Jv+NS83-x%#*7OEH$(QCknx+9C0b?2rx%VTR5{h{-c6cU>*4!yBY_uqE<02brbn zhOcTkn71@m`-(Kyxi$XHL7ne}MM1oYEChSkzW1NIO2~hQHFyx@_cK&H?}uo$UJ&*n zn9Q&oA7l(B7?F5{D%m(xQ?+E1q;ccLW3-<+F(F_$JM{H0Js*kxMgmUg2#1?An7$9; zsG;>%zAFG`A1*_r)Nbo>1<#Q_HPsjywla}LpetgiPB4xP9RWQnan5ZROT8`XNMTDc z6#U>da|!a#SIk_)cGtVd!XYC$mrr*Ppr3OUEEG24IEUbuim1?$@BgCOmZ_IzvSfW} z-l~1H(J*oNi>Ng=>)cg0e;%7*0wohH0FrZnr>T(QT--?qw*7-w1H2rm(o1ct2o59I zaM+VJ`*Qta))r3Rm%nmPr(*E6#cg8#tKq ziZT?9TR9t>o7hnEUi z{I$1G__}x2h5iUbv#|`)AVxv*HqKlh!JK5dwhluKajiZ zX^`4*NW2y#tL9{_)p>W6Y@vViuqp;@Ll8pK%-@T6I|2q49)nKTjo+QF!vdfBS?++? zIh(MFXz8JMKV*yvg<((`ltSpeB0eH?@+!m27bYsdyVGC%t<022pa8x5L&BGS$!RNb zFI9%Rd6e^`rokKFBE(U$R6-!-LxEJKg_UQMI19%xSg~bw4+**Q2E1VcHWNeIeGJ*J z)Utr5z07_SHnJ|U>i=l5cE!%-<5Ur{m4uFnh=)+rp3GF57F{+k{g_zl>1@vj|8k zy#x*d902UKEzkZ5S}{TUso8^%j%P?a0YlLtY2={+-lYF=AK_jIpm6IYV4=ESHLqQP`J@O@$VrU8n zEVj%BBOB3xvqI1fWQ6wC2?*FLZxohy!Pc-i1#TaS5BnfZr$HR_6$%)>Z%Z8A1C_P> zFRO0I%J^krxIo0*1l}=O;dZ|~cU|#Ub`jsglD{-T;v7PHrDZBiw$z8|<1}jj>v+L3 z4~;Jr&qrXA@t~r^;=>Y8;iOpJbU$C^vtH!=2IB^u{(IW8NuYZUZ-M~r37$aPpd69@ zq%!W9{SP5OZ8+)}Ao4p7{}B@PGteUG8tF+@>r#qT?^a{8*0$Cz{Iy6! zyU1a~z41lHy(->aHGIZlsK-KIGrkD8+M$2&E7(d5i8U7M28|dKs6O1Du$%**vw$*# zef6_0(W(GDHwh(5sb$57e{8A*q~%y7VaY)-MfE zrs)?rexbx5J&zyiGg!!<#Vl)pF{$fRsSqL11HVHHi;9cPkpl|-t0!w`_9IlEI4Gf$ zp%PkV8x05n$OfQv#)F*@F;x@%KO{tg9Y<=;#Pq?FAh)-h{0p85 z=8OA9Av?i=gq}yXM~Yra)Zm*-s}l`r0T)Zh|I!pAmhpve>o<*_sQqefE^@>>@e#J4 zAYJ&HkX5C{GXiWTMvqLzy8-SN0Xtv+=_h_iM96w7jmA+TGCFv4{Av5_HNHfZ2mwdt z8-_GbTc%kkz=wQ>nGdp8e=P{uBm(F+*!<&O09rQa!8na) zY>XbF_1M17-16Z!BLB^mzWj2P`>}KRE6qP{z3iz0PmEo=#!pF-c3D0kCUVLBhJ^Ay z82)3*sW@4HOU;oha*TBy?Rm#rbCFj-b%Ttkp8Ser7?CpGZo?o#KC^FZqCjpBd>s#xao?S{ z`b+nQPy~H!3I@O2{aw1o#gEp1vNZT*{h~7>z1gz~DDqmU)w5dL(FL`79)ng7`cfrJ zyORpAoLS4<<$K2Be8Kj8ox34u8nAbgI+3u@DLla>XH+p^U@~^N$;~-Jml0!3l6AO-s8+_UMrdWaRUi`26d22_N}nz zo6P}BX^7c@NlwCf5^=z1P>u-Xgq_@GS&oAnPffoR0FB7Z_Ir`&HlOHxuE|gDoaphO}W8hGIM_(^5SgHy)w@Iohq_g!w%vaNS}Emx=moRxTPVB)93 zK*ny7Ao6dV+27WShcm@AFNpB!=MDF#Jc&Fgy~{9J|9dZ$ko-R=WxZINi4Peu_am#; z#L7QntPr`wa0{f;VIe>#e-FgKR`S=RiaH3?a~jOttt=r4BUL);32PS3F-fS$W&^wZ zQfUi!oUM%b+w;Hn4;6oGwVQklZoyC`6r4A1cKmylh$ ziFMg)Q8NgbQOYX>CFVuLT@OeG1hSD}r}t69Rg%b|pArs@?O$h|+dMCZhmIr*C@h1P zR6l4ER*o^L%* zWBmrM>Gka<~JCgYYJRPq-5rnjW1OhJzYj#+1gS*k;nI&e86S4d2#TwQ=IbU4|289--5KZK99^*kgD>JQreAh&8)SPe zR$l1X+XZxJ1JU8XN(&+)|LhO@vyEqvRWJ6J75bxvV#AC`?w@1sxDEe!YScr@*#vk& zho(j)j#MVr&L^vP+0>t=w>o81*Oi86lz@ z!xYn{#xqliwvUkqJ#Vrse{dIxC2nuN;sP^VdSHf2(GLiZM}HLUfOKBP1(vLtd!vn3 zB^Eb$qM!0ye^F4#E3`(&tX=RxA!iYBXK#0ZhPBRN;6j|`Q`*1p>~;mqU%&1hL;LoW z+ zRPoGYU}htc&kAfo2NdYvokCO~ZrGM%eAZdiYxP6o<3?RI^V;|mHmn$)LX}kSnYZaB zAKK9wkCXL3>B_cUdpG8y5$>`fRv#l`>8z+p3pc;~}^pbS2(6yO?orC%F-TRs}!E0gJYC8=p-@bQS zGpDM67B}4;W(4524Cds-^bYPOqgUWUwxMz`dhCpmPFx$ z^r>x$;Jseg(o+;j@z-mVC#XR_WG8-!FbEbsc>J^I(u76ROBBwv{NPS>JtZ!JzS3cC%L1^RX{{6M(GlgC&IaUU3s7m{7N2e(`_MqrrQxl%eafO!6yW`7u> zcZnBY3LMmLNtkxu9S|82@b=CL;fhFjjJ+T}hY$$_KfD~!#W1Vyagl;wi0i>BK&nC6cZiQz8Ux~Q}fYEZdd zAyMaiOfsu#I{ZvswAhiaybkOp+O*_;tE>|Xh9={jufr1N!*tHGetn>SM z#TmT)$Y1(P?ij%Bj3yFLNx}=2zO(!+y+c&v7kNiMT43i}r`x z8L=(sgW|1@ei`&Ig+%WA?E1n%kw*c(eYY6fn}0#71$wcAnWB9bKkvB|(Ggl!`8J#B z$gfA{wwk{4T(wstwpSbPb|}j@dO2eAQxGFq-!t&DTIPwHzE0a*bw6#(A5Qu%7wGao z-_vv|)43w*LLQij%fPEqFr3;5xdqVP_G6&z)rX`Ecfo znWuO<-(aS=>{*VN35}Fvq*XCPIegdszRIn!%rf}ykKR9KSVN8n;ruKsjWO%gO%;YB zB4-C=glmsC>J-+V_O+b{LkAAO=hChcPwt3VT_u0o^P(};<|dr=D;#rI{L7U=eud@r zrO*8t6P&#vk%qzY5%9AMKFG&+2deYlKQ}HM55Pl(qJo@{Z#uWi@hck43$^J8AofX+I*fVkkd-e^engY`52d$CS{E(-U z>7Y^dmL6Y~qdW3--YbV<0oAo>?;iE4{`k>`&eaQT9O4Q6T>N;de4VfOk&fk*ALKQw zu;+RqwFIt=Fux#PB!6P_n27Bfg7Kx`k>G~~Djm8ko@|V*(;B$Fs1Lz!x@6%oiWXOa zdvmUuGv6&fx&1(ONvu3rJO{Pjx#*@WtM{qgYUcz0SY|R)#jJ%n91JITnhCw1vkL`- zM}Fxo!^d5FT6W$n?>`J=u_J-x33!!#m;NzdP`Mx&z^9UV1O}*aLPQBc4arg>1ie4`C z+UjcD^>q*|SsdRq(q*WM5jZ#5U_;*1b)tyvqd(tJ7EhtrdA&?`a~_#Wref(6V8{am zZB$E*QO^tGdrpNTMB@f;PfRSI$p0SN85l?hd%>h4mb#O+cs3wDfTS6UxHRRN=40v6 zY0gWVZc!6ql)#w7mle;o36IJc#y4v-k{Zt-Yn*YR6be^+PR`Eo*pUAvD&4E~Ud_5gpbtoUst({@G9r*hZ_=%5s8Z6_)$~DAaT)Cm zkMgPE`eK(aD|L=No3cYy>-16mGafQqfFn*j*ESXEC9Jg_EOEG zj4385Vf&-TEL+exs04AfL9ymhzQL_p>`?0bj=d@;lw?k-X89^8GaBdQ_X!^LEPi%6 z+z$ifXWGNg>XI67{F4{`_{dq-HD1Nf^wbh>(*=qJC1bmimhINcx?>ZP#@6Txi|b zO+V&o`Pf}`hcq@#&-mP#~+h6Cv8ed9$)8C<(pudmZHSE%Tzq@d2 ztW=fd=+k#6GqO$7jNv>}<=+_s%LpQ0XF7Q}+na-`&nN_WJZ2E~M#ZmTu z!f9@ko5?mfe#eB4%o>miHKExHr39Ne(o?TJc}jZvSMtM5jXstZy^lfX+nRvAFS*Va z+e&%FeLs2CXyu1c4O!b4@V^$C@=zeQrKsFm&7vXmLZ@B>i|-5%;>s_g=s^rqgg(gn zV?MSk{YX=AH;auk8UGnS1Ugq`!GTnh^i{sSp3wFN*2Ak_wK7c}JHu+y z2S8sPVf7>hXc8u#dYV^k_wKsuWIN^tk_c6mpIm>V;`KeGbXPhga+7TMh@fhwV9tUh!4trgB&qU;l=mlSf`>(^SVxYO!!wh&&`N;IkmmExZm!gk( zUKgkR`%J3~)7DlsiZ}K2=hZVR78v@5Cp%zey2+njY1QF2E{2Tsi?l+S z4QyNU-dijiQsy#nkR?IWm~47duj`L_2R9_-=hkC85L9*iyKcNgQbU7WUw$>k4<$(b zaMs>Cm=X{TpvGPe4j^_u0w5iMEUm!Ml@C1(-+ueGwf^@$=vj)Obv2I{zE|VNJX9PJ zn|%r|!pfZSvg~kPl22=f2gM%o%{DvZDui7=h#6smL~Cm^Nn|L}?Z8uw%&?OY8STeW zDv7rW*?FzJ=jJ+l?id(4SX-c!&}z1+8!p?4w<1uWZxx1>M^;mL0kUC+($etNecS@7%UJo`rmNE%dC0W!|Aijdo?hO`z&UK)!_xO9=u3YvdG#7e(WuZa@fjI z<{b^93~PjpZP7G03`pUvj8M2j-f&Kyof+29H++0@CxvL3;)Am|?$9knJTxs{rHZ{t z)vs+99fcE?bWq&}0G6j`UqSU;q*{%Sb6ulkiq2)7ab4F{jTxJq2e8Nze-rCi9u3HLHf4dF5Wpc zrt?<~DSA*4=5Cre>Ct=1^rS|;yQGhebCJq>sqA|fXY%-81rQ^LzRD9qzbm@s8$Vxtf?(M6>t9r?%V}%=TVlKWD%59`^8k z@I5KAb3^`q*!BIoV^>+5kiA_mbjS?PK;uDZw zM6%x<9W z;bBUmtHzO55T{L}I_ZIPrhk~YTSsCrHB%MV!+=CllnUb-(yP@b8{=>f=%dkG{YE5) z+qjq`cJmx$o;(^l5-j)qz=YA_`RSE$H888ViYqsie{=4tskntv!Vj+Eb3-A7lCy%gdLYw1h)= zwYgprK_owqldY1E+DQ_Oii%uH{mU#(wg3!-VFy_VK!GO2XO zg`=s?tbl(tLfLOFxmye;*j?juwRaA!j-4x0Uj_K%wn?s|%%_Pi&AWaz8w|^iJG(Q} z{vnJGE3*IiSDoEFM9WJ~-zz%fqZE2k{p#EbM@5uE*GIb`G5+Wxj#p)0c*iNaR86dC zY@bi2M^|ELtv74bUwg2rwkLTW+-SV1ZY!(n%maxF4zQm?a!M5HR-Pvkus0&rekY|b z9i0=;!1t;y1cfOa@pB+z>Ohp~&L`8Fk1FFdV&=rX_zedQ?h6nXH7G^QSw?na#29wm zJ)?_l1${uBwzwiIo@lKX{DZ{k?y2>*u1DwE|I9@Mp-v$D-=ZD*`z&ctJYJ*GbdDqB zo4@C|@_KW6h9P{2hheqKxo(3g!F3DeK>eXo{)YJ)ft%oNlHmg8TwW9v>Vf*ZYHYZe zIg@sM1+1@$o8Lw85^b~ijlG6$Tg&xd@(}_V)K#Fr8$wIuw5}VOdFgWXmW>H*v}6IM z!L|2Ze)oQ9MI;wLMInZ$P#H~Qrf=$sxba-O0o?QxYp;hWD|0&8hVRhReSTBD_m{Q9Czeu9Z`B<&+w#YdF42$!7xL-bf^v45B6 z?zHP3>#6WLINmi;Si$Af`#m_KEJC z+T^HFj1V9`kpglb80-bl+vs&Wi9`(w2u3Q0(0|Z3Zjah59Hd1>mvS_;chpYM@LUn} zNM=tRY6zk=XR5Tn4pSP6olL0pkeFlXI#)qS`446uzBQ-Hp0YO1GhCpeR$1VCBBg_P zv7oK+_U1kM3Wq`Nsu(Ne)&p2c{P%rd7frv%0=J7e1e`>YaJsjMP_=R>$7oZ*DCNNW z9Lb?rTFbUmL&kSDi+$f+5&XwU z>HkN&%#_5!_UObkR64Ktm7EQ?xSV6wES6OD0c}1hyWJ(w8PFI{Vz8g4F#Por z;_H@eyyD5byL3WByiG>kw-BKea14dWWeSixUeLTH#%3hH7f`@zC*v_he1ef&$M}uw z>L#e%dbN8am_GX90tY$x@80?BcCpe%Mk;%o{5sB-t7|I#@{*w+J&|W$f922De_Rdw zAN+KvqamFbD6iffCU`kXc~nWftgE*x_X&S{@srAgB6CA~dLk76O)jtI1TkzCl$|1l z3h`*K1~fH8n;8mMc1xgTv4MmNj?p+0(gWO$lyBk1`$U#LeLb&{8b!H;Fe`$9j@9tv zqA^j9(2VdRFOTGJcQu@#tG<*gS zB~I)gc(F9Ibgt5lZ_ui9nM?G0s$Ala0;LiAWcU*8&B<3-8cXGfIdK;qehw@x2B0KI z$zFgL#UC>AREum3z?)fBo&v}Hnf`1vn*2%6$3j|*+RL?PV#U|Zzu$)~d1~;ZO4Vbm zE{i{GLl;NGe1D2H=4-V|9q+!E&DP(Ko0g=a;Xd(?IqV4W!>d`JDXMYxA1&$c-7ggH zFQIF4i^MTIp6A_l4m!{Gfov3msy&}1S%#rcZLP&e&efC)3MVO}Jq?&|W6@~5$~S3R zJ2Ij?_<3UNi;}bi7~jR{Vw4>kf%&c+lgLodiD1BYaS2Bkb#dWfB>*A!uwAqHv!`Y9 z_i-zOrFWarU^V1YaRImax;!sE8M~<^6 zHGU?>-w`GNw@{9uCmM1f-Iuu0$=xP^KoNC|HAQSk?9U-lcQyfNc}NxvDZN?r^+rce#X)r35b8S+}QT>KiIy zrbg9rqP*{wg{`=}RD1u_l47jVoOHkcmzqDx9|Ot%zuPS2XF_PU^~Tm&Y(^WbME9ff zizUI6wrSKF(B3wMXcv9#1YNylTY)6bWC-N7qMhXebUimh+$eC+o2G&NFH@m_jwlrr zL$!qu3R_(4i=&ai^S^2@J=M)&fBDh~u@`{PX8zpUtm%Q~nlK*V=RQCT&slmr+;@s0=(PaJ9@L zDC0KuG&IdE2z|%MQQ9PoVW5>AIvx!I zIdPAoT$H$@!H;KfZ7_KLmrUIJ zFVR*jay|}hS(KFy%H(7@tPs-?#qNvedZl861XjkQ@t{o5(-+!N?OL7C=i30!#Gyc5 zJ_>mK_3vLHbNT%H}F^crXyOUr`mS>GM&9`owwEBz6`cJ_M||06=! z;V6>DjET@#CaH)m>*c(X>4O+o5vn?+5v)B(qBL7?Ef5wUfCVs<>zIWr8QsSLttYZC zacW^9Y?6qS~Y zN1naLTFq2?881`{H;xyaPV$#S; z>_`pQEo7DP8r=*1&q)@yhbopGz_!$Keu$1S4nLWP~Y7rDXYyU#Z8S!N~DxXV&LK#h07Sq(eM= zO%XOqIJ5teAR^8Zi`7>>eKhSK4Irf#+5~YU_+QE z!V58Yu&V^FL)^@GiMh<)06H|N65YjiF=2`lT^c)d^^sJz9xx*p4xnWiW7UnGi$!;Y zdqkJ+(9?eD5Ar`(i@D(Mww0bxYn3cZ{J(@dDCW;x%huve-<`bHb?LD(TU?rw4w-UD z&n+4hKW2w(s1#&Z&eh0^T3Ao*v<_lyS;X9>;c#VaX@63w)b_{lQ#dpEYoNnf`XsO# z#y7Ceg>SD39XW+C-+3M~g2shdAyNDmh9P1&3vi?PvWUj{g9F>3N77s6-r16u{#Tx8 zdB^_NYf8!Ev5QcgS7d1y;}92~mj;EkNVMXoz^S^Yp*=Oy_=I3M)mi2br$81|4Gxr3 zz;3)l;EW=G_L`uJw!>JFGig6Fp<}4wLJZ@FCwvo)NWqA=%LNzE%J|2krZh8<2J=he zr2rlT+9+=lI&d?Bjt^CeIbEoPhT*m{W!?ZpX6?c5P~ccW>DE$a{L#GSW!CX|qqT64A9V%_Uc_^Z6iJ#MB3?KBw;b1rnDc=w-GL5H`@8Rpklpl^T z+;dr;k^iL$nXk6MaEg`i?xa#$9ux+D%i9pYcnVj`fnSuwF>|6mw#>Vwi)?}?f{0^# z8&4rsunh3)ARO(vuOW~q6WVfpd)ay}RB@zo1pWG;0KUMrj8A1bu)g>@MTj!C=kw`s zFxd4^&JM~^0(#Oi+#dw2;U0zv6*9u_T^ow_RK@Z`t{-6(S2sCX_@k7TQ@oE0A4Ob9 zVwh1wdvlKMT)mq?&mIMGC<|)Vv7dn@u;b_TD(>(II&1O+!Gv$e@qLs;nA43&iD!V7 zP{zhmFVR}GiLD1pmt5-(fiuxsGd=nz+koXkS#;+WmX|p2Wj_kcFpwH*lffY{iOT%- zXT#u38{h981%%1$K>Yk9CJ|=Gj{&(Nbc6(91_B$TGA^vEW}4CtJs5VLb*DKFW*2Lpt%&?s?ws{w(vXzh@w30k)pbh0ww4Gg^GUT(ehia2Z{A>*Q*tp9qOw&=mW zwtv(q0VB~|xx6~ZH_4uf+f&>8jdCB{7=Mn| zSEiNnb7lmYg#E}>yJ5#?gMPu5Zyv|lv~^V~du)#ebe-$C_N!3v=_9R0HF`d7hQ&vn z+LwQ=f4=&2rd4PmoGlkIW_CR|qF{JqO|g2y@43%el|`w}qukvF*lcaN{fsH^ZB8ly zyi2I$V3A(*eD4m*i{h-)^t%06orh|+@J&`ZP4CRHO1tbT(>w1pH~O00&Sofj+fRIT z%03th3nmjujNn)J_Oz{g!8F6yMd7)}4H}luJv+U#zBa23zrMUF|7l$R?=-`L-7_N~Y!{!2$bM}A!v*?xClqUO>;<6hVJnUX74 zkCK^bYRd*B8~&u$JIFd1K5=2woL;bb`I67K$ok_lBLOa%#$QUBtx1ba8YB6h+hx2qyT;l^6lM_K`!fGa6sxNH~J^Av!89-Mib?azmhBhyP2@7d3o zeihpNrD->ltM;^`W|O0!aW#WM7~Ghd#U6|?o}~!4+zmJ=(}YOP73$R-cXb*LnFA#vBO=N&JRt)R#7hH8W+` zUchj9nV!u4=UpDBBt9$(>P{KN$u+&L;Fah?0n6B)xpM(8R^FGEIqCIctrV& zrSyB}@Lh`PUK0V7ly#qdJd^0w{BLJ&Hvf8}=`}5)MEY>zohj}(=2MYJL)(%1b6oX(fxcc`ZN+Wxf@x|RpXD#s%EcaYDZ>Vf z9_@pocVE)pNPUY?Ac=uXW8%9xP$qPCNbzn5n!->JURx1mA@^y8G)p5Wvqd8FfnUL1 z)kG+|Dkf19x11!|tUyayLy5ozrL!-C`v{qn5xM-@eS5U}ZI8q@C$99ILp_G@xB*t|(R^L)xxi0!z&&lAuI3XO>jQOAc{S2ocY% zA!sW_aeO}A)d{YN-=ml|UKBF%qWN(XxBk%|-f_bC@n|VsKAIBwjU{HyA5?);h0IGm zMCid>RgS(e3DbnIl$#xx$g{5`yqsrCKq>m~<;D45%S*4{`9WpWy5&JCUfZ^NBu(hg zyQAQtr96Z19g9seRAf$5C%fS`!9N_EF(h5?^U;y^?^la_DHD0?JQ^1hUS*Ytwsmyr>8xokc-!Lz$P-1H4PTzJ=Kt`YFPHR=DjdDH{j%g~jUn@3P+y)?qT7O! z+GZ7TcgYt|?iG{M9KR&n^29GwCwAz(;pe6ruC?m4WPjyIYzYpfg-Ux;*zPg5WpV_% zFW=a=sM>0D64`YRZVg`^G$`Tf3hgg<>l%h522Wg0C*T!omT^{@PK4Z6^ch-n4K6N` zO|JFIFxTO4(j5#;iy!c$lz@XZYl7$WYzYtO91rK?80(MUR!FS&YmiW~64w5TUz?Rp zx(_vrny&ShO%=fqUP$UtKHvWs{JA-}1H_dkoHSmR-o$lu$I~(!DE5FEJ ztuUu~TIHO+!z^CYpI=5hX6PuVTc!6pvG)IIVJp)g2kqqm9#k%;yb1wYIqC`coT34; zlQI~HdcYIvCyCCt0Q`j^U6%S1LD(zD&k-UPo~X4xj6rB~ob5c^Lv@ui)N&nZ)x3co z-t054b&2;A()$x#csojJkVUg|VM~U~eek!1$TRW-BLXm7I3P4{D~*XhD+t1EF^xIC zwOYZemg;sJTWK<4H%3Ve_jv7z5xA$9N`AOCcjWOIOhhZ!>rNHefv-xpx*2>iKA#N)%ooga6uVIV%XvLe%G!_ zCf=k6?1yt%m8;f8+j2m?i`Q`?lt~3?A6cCO2XJI7y-9*0iHp#)DddH47)T zL2UaI+RB{=PiI35avvTqTQ+rWPx1w1Y6P3<(8(tCo|ocpnw;?t!C^B1-uv1sg}`*G zly5w9?V|&CfL|7Z?1#2$^Q9=25-q9Zn_0euojs@q41xhVE<6L_pa|Td(?ra zB%nPH{b~T1{QiIj*ckH|!S3K%N|Z^{_S)wkl19YD{Dkv6Kd;|>ak{oTDg{6K<}q_c zu27q2LhVxR4&Kgw1|%zQc$5rmdhiE7Cp3r!%;OuVPyqlZ+0DCDW1K zJ}x^%H4-B2bY=C)UKgY>NuTEZ()d77HSQphU*o3x({f54s@k|dr!ArayM;kL6LnJ7 zil{kXfS@$NcRcX`KN3Tt&FEyP1H8M)ZBYyII-77;U@z!q!KE<=kF~z4dr1lH#lToq zKJ!OT-YM@p%J6=C9Cx^Lo_$xp+?Fielp_RmMCrS|%v&iF*kL(Ow)Pa1L&lfH(5%fN zKVq^T;fr`qS`_HrPX7=YpHZ}kUxcd^VxxrCvN=>~9wqDz+1B6S;^-d(3svRhv#;+W z^u7gj9DV|<%;`uBG9WWmU;|X(ZSeH_<*o=|4N0Xkc>UCHm}5kNZiPvBP|t}`D(8LN zas+0U=T8}iBX&P`GL*^PiwagQfF$|k30g7U*;@eS>=z+GmG&7$fC`zPij&3UwoqOT zHjqTtD#t%3%iE3oz+Q&3MaIJ(^3tl7odT+(OigQ=TG^QVg`pi!qJgxgFUX|OOs_}N z@A$H-J=J?Qak@h3GX)T#4557%KAy37-Nq6zT(17q`jkDEve7rtk&%%~r;BuQl`ar+ z?V;E0VZ)Mx^2U_zR6K(u3A1Ipcu01BI({iPB2#ME$3w72m043MPI9~o1l!i@wsI(z zx)?qVK2DZ@!>%{7R@PA3$3qn;hbD8_|F3%e1@g_eL9J3R2$9IPEzr|+=5&G_6)|mO z&t*)Pcs|YsuQ|%sGa{hLF>3e|MsFKWu2P9~H}O<#5~l}wFKT_u=JBA*XnI^sFiYr2;; z9jnKmD2**7F4S#XNhH_m1(?bt=@gTlw&|d(p>(l)44pt`eu3f${UVP5C&g3WZ*pUBgCjcE*>pz_RnY>06b6_ zneK7VNWgt;W{(B6!a|ZomwJ$~s}P@u)hw~<4t)wa^j`kR;X4nfS+R>6bzKGGyZ<9~ zzPO#G-MQyQvElOu3P5Q6a74!VV+>7|RTXtbQ$MwtsXO;)@R@yb)BwKTg?c|-2%8OX z#W{dZ*89doeiquUr2DP8 zVnN^E$AH6X|G!fF7dRifGVXN$=F8eykohFcMMj2Fy`#C@k{93XK821R?dF4Zt2QRa`e_k*k_GBbCOCO#$YgXID*g%995$sYX%)doqe|4&jNXq%;b{cq7^LNG)#Qdehw#2q=nsog; z-b~T;4HR|Wn{C1QDD*Z$bkqBhBl=d$uBh9o4#hoIR2=#Zu+?83%GB^mFL|65iE|a9 zxi1S+22x=M2581JsFav){~9@;Kg(8nKC~zOQGawWo4PB*nDk}bQe8QEI7-N&NvX%p z-i#R~Ld9w%EvKj16sHje5Q;LFRP`peCZ)*l(m*$%h?fQ~Krjvf`iksDVEUN?dj*&L zO{=!$BCiidieztmtc?7?U%V!k5~TpscmFTJwv%@Pl}Tys3Hq#Tg_Q1>w}nnNYA64~osnd0-_0VdVki(lNehrrXk1(z|; z5?528@8#32ZxV;4iGRd&Ee09a@cLfEX|I>_NWEjSayDJ^#r&!>l@ z|5gA#`vrowaK%$(;NP>=59(b}RgJ!CAG^kv_&*@ZkV_yqC>UDNh+kT*;|T8ZTTkS9UA% zFJ(yVr#J>p8CI&JugDWh8l)=Wv5ASIc1`r9Q52hdhMw;32zjfsbw?XDMTe`ewqg{+ zG8t3nMzx)_rR?}h#(-|}qoT2W*5L~cS5a!Okx+{WP3pqWx=F?+9&lW3&QmJnI8TfW zw@k;jMqlABir6)UVm-h6{?Ui~te9$Woo^BjDV!OFzGbg-9n0Pl-4&BB(cp*?{WBp@UAp`N2{Sj4q=?leOJK@bAf$c#KYsoO^{g3G!8=Lyq~c z>2goXyk79hp>II7uoR347_FdKpflh?mFJG%7Rhk?=mRRh+*+5X*{;G*t-7or{JSM@ zI^J1<`(?-Qy;U#O1sQ>d`*?AZz-Zb<^Ga?SeLnKW0NF*M;>teZ<#dl*BG0=6>vs(t zKiWAbvI^*pcDaiU(ZO4Tci~ozJER&dUKRZ8j)&u7>Ptzl87r;a{ku6zEHvxxojV1u ziee`R@@;5=QMUpI+zX-n_uF()$Hc2aK+okSo}KI!VpNPp*D1yGk(@F|-1Sc%fTa3a zkA)r}@a@2}SI23@c86yrRa9@7Z)!{!6{q$tl8R2Vn!jnfy(hfl{M?QI?oag3Azq#~ z3%b4mL!gBi$#c7t4Utw&NNoOLzHDlq81C;1rxGQzQTEg@p6Xy%AzhN$TaiXJ;UMK4 zj%OWfm&VIHS-?=2%V3bVNT4T_Fty`gpQr{^@5+)ZA^+)u)12{eK&*-7HN*r9p9>s zYj7?&kshaaGA05|E*SUG#7YA(ymWulbuF)C(#o%Q(I9w3B-zOrYd4>e)9QMvU1%jU zKvy9S&&^%^tlUEt$C(}h+Bx!@^B;)&(i+C@q1xs*Dgf0*EkSql=BAhXetDX%zyK$NJ_%)0-d;hkL~Mqyb>J z)%@Kw7n24LpV9UvgY3nxjtPUo#D{0nt*P3>^De;R7!a8riAYhyoVH!Uh7#(HQ(ZrV zlBlAMIjwaujMweC8lh0b1puuNmTfwJ0=pm!v^1YIHGX^cTxO5)@`y@dgE=%Q#Y7A3 z2DHzm+a$iw;Cx&q!8ZVm{M=Q_*!tl8PcMMDZN!`pKx5ehMOM-sZ37Stz}5Ok+v@QLl@nzM8gj!6XYh5?G*RRo3|9w`Hd9=E=!7& zd3z_-bchM*W6R$_nOd%ywe4j{I7SnoBx65NT?e&E+TziQYOv$CHa8<{OVinJ2*a(G zym|cV9ZZd9t!ht5Z+G|7Wwdd1+#P?F+e}=<>$)bdD{Ik~pxsTSlenu%1z$g`D+&km z`0CDic&Y{!@k1XksB-gE&bEPKQ&@Of;A{N-j{@zN8!ozY6IIGO2J3~@#`EL~cM0mC zcpa~3{@ZQB^tN37X00E+RX>5Z9N^RL=CYPM9XCcm8;sbcol@8d4P#Tu0`^K^QKt7p z2d9-=mUsd(pLL+MyK)PX<3xS{zPImmQCU5N+#x`AHA|fs?L4*vxzZ&bs>7two_ReB zZ|U>g{gPYwxuGx`3cw`&+toV=fHdFh^NopgIfU(Qtnua*j{0K2&267^fp~b>;y_`u z{g%~+j=1%?qrEzKxKyi7)|n=Tgg-?XJg_eJ-5l&qorwx086Zg+_Nk63${}Z`d*95# zrm6h|d|9F?NzP_Y2X?-vHtKM%N2SB&J&@b_iVv}NaJ{L)K}?)VG-G21?!{U%w+e3W zs5rf(W+iVZ%GSD?^9ePew_#sd*};lybxMFrR0T9@Z4$d{>lFZRiyO&$#YzTaPIA6) zhdi#SxCwylnvH3nr(B-c#jSPo(9d|~05;#zUMfbo#zAGhrHQN9xs}mR* zz-yq$n+b|FmwKnM7_G@UaJ&uwf4A%U>nSzpq~ow~YE7h^Ej#MbGh)$dXz?B9#@@mlB9iKk2Z*&U;5mf_B z0v%%A+_UkhjzWt{>eb3(SJFd5dYPDil$&hT*tUN;z5Fx+2p}fAi?5F037Z(wn(nfR zxdFx5hphtvI7Tai0QBKb5iJJv1VBj`FVhV$8ai)0W}-bz=TE7vuKTuj638Pbfvc_d zWwFW}waRQv$~hOHr^%m!Xn>;B*C?ETMS%wc9HWl!y?VGhQKzS;rhAh_l|~1z!-ncV zE&RNRwEhF}%PTt{1763f<$65~FgZLRqu%anSj<7D(zBW^HVVfImG^cM))*%zFznHn zUkkXwBfoR064!N|HXO;?Ahw*8{2$g{;IID6h9-5fs5Ljm(Sqg<11!4SKRBqOO<^_R zkE|I}v^rrvIhIlvYzpAo#rB`|S2C1Pj8tRW1&alV=4e^|y8NoZ(%Mtm+l?u2-r3?< z0OGFp>T2EYRaz}j?oO`3XfxOo|8b`9on|%Y4*TzQlNLNg>`yw$z4c`JZgPiW9PLYA zo_C4?Hk7VQXEs}Bdon(vU(V)k=6!axMm#*U68)hWv1-*x zbErZssu{%jbRz?bZW>UJlB(5OytA1}otc?QJz8XFI7@a72X}>7@%rj?1EYMJ#K&eG z=NuNZ(!1pYS8p6a)O0S*UG|*)ioVkuQdIIQZFL;4HHi(BUY_X*g<%%`@m-Aan;tgk z<6r}3g{2|o6h6H=}gkbS1p?gu9n>29IR;swCYr8 zs)F>mcT6&>oRNu#?UNMI%hDIkrS_a(EQlf#I992%{}i&=kfboZtt7>{c$II7gAIZE z=WqIJ@?$GpThKS#4E#0$!Ev@^IzP4XhXv=QF9Dax1(F*ISY-Z=pQ?c&PnAX`EqFW* zpH$N<}fnk=uj4x{|e;1Qw>pS5ZxqdXD?*Iu0_5nl8 zj#&_E6(BNk^pOtngcOor7sx}VttT7fWqCAMx&wsnX>0Es^Mre}xK{hy1{%vXs^;MB z3W}@s@s&s~@317cmwlAWg8-A^%WX(*hsA1q7cIl2Ht?VylaB#qT?D4Wn$3_#I3dz} z;5%){$nA>&DAMl?k<-2SuI9nDw?!)xPmNoW}572awVb_j0ueq_oQ`fXJRLy7A?|7QFwWrr|nV#=K=4#y#3*M}{NVJ@<{DDKSRWi0>xH0Fet7tzGwmp(P z8kM`Z(-CODvN3+c+m7!8j6)p;_{BgQ+F-oq$CIY>-^Io3X4|6e z0ghvuzfiTr?{02(c&jkpk>W@@9cdV?jFMdVNbOB}mIN(d3zW+q1hJdw8MpPL)@JzA znHkb|&|)+K14jP|DN(K8U9$@uc7#qNvc-nTJ&N(uB&?U_tyv<5HU5zDwrA@8#(SDj zC&lUJa0~V6PWVc5irMz9)sv+$Dx(a;f2;l!J9#vcEdT55{Z=p&_|KLqLYLSX7AX$+ zVx--?Djw(fk8W%5azUpBFk_msHeJO?u2R|11>X*azQaF-bPBky->A^^NGErdMMC`f zvJ4PW>AfE=B@cd_pj0>r*jV%w-xnax9dq>8JhA{}7{?<1yfuO++*N9*-%Pog0 zA|K$F;kL5MVLQ}F@7GQq*n-W*t|;lOHS!NVHTufCc)msRsR@Y!K>AVBEy9IZ)e$a%m19Ho|20@>9m7~UH8Dp(g-5em# zO&IMar{FB{V9B0ns=N<=_I+w5X7J1%ABlJ!gpAbhT1GXt@@9e4{pW5uZR09n%?lsV z&x7dbGlS-M9*F{FHiPEXa7rCNX&HM02NwDd8BGHC+$IJb zeKsmN0>P^zz8vV<)-dc3TwF*A-gd$VQLt;sl2?O}U(on?cad5q+&~J8Qa;P^$ejDT z5}hW$#b$S^vz9x~mw*YY+!Y;)MT4PyW|o^?^Q9GtIhC)5C}D4%I|?h8yq|s~)ojZI zgr~#|?IpaN`>D^dJ5|%%y(dcOGg z0)fTIYSnnbnO@Nbzmd_Vv?;ZAz0xU`O;|MumJblE>EKFT?P0V+Ge#=5=<@+Y}tYysoN4Lnz-sNH{Pov7ea%@i^lP2{36G)Nms~olcI$fX{p+ zLn9EPFZ9Rbu?2h648vhxmS|r2UbD1j*&{gWb*-1@MpMfj(tj#EjX$_6a7sl%xk3y= zYq01M`F;#*kL4~&#GNBV4}u+``Dw(Pv1rxC(|&*R^6+>ZYQcazNJ6$2QgD!XQz#aj=nx2$rgyp~?bXEkt1VW0dLLj6&OXJ`cg$wtR^K2j9rsP9(|Ec)U4;k5 zCcU~H@ZZ3nC{)++IvQumA5s%~XzVV`(E`Wu8uif?skTI;MO+o;+z+PlR4C_{X}1@j z^n!?VRBXbJeVu%97d_H|P~<}FQ*F7cxWsR1*zR=1FRjBdJ8en6S}U7uHY11d@;nm3 z_`C#7a3o!CAOvWzdor)JP?SRN?|HTVQAo9HF^bJZ3TsGC*ZU#16c{1A2nU@q>FZ>( z(`RWNFiEJi*&6f=BJ0pYXcB91xB+2Pt7%^mxkaG`|8_wu4JG|J>?Hlu^}WbU4uF(D zG(>i9vs9Sm;AM2;+&*U>&n^!*U?19GU!JwU9Cgu&NSFH)&QEcxM80gM=yCrGD^-YG zEAmD(j9dVVgY`xfeGi-iynd&COveNBiLsjv&q^sA_h2m(Of5hYw1@O3UmB6rMz3TZ zj&>6Hjtu>RL$p^5)%LMW18VyQqGKnEt33qUU@?hPrU4*>@i~S%b9;SH>gLSQ`IZ?H zyj1~?wn_ge-(@4uqp_!@GWU)_9pWegsd>&)^ghEFU|Ww`v%Sfx#CQF9^ObWvOm9CV z^H{$kb=oOXeNtlx+A2R>(D+i3$C1lyUN!8U_!ISq%4?LQ&rCY^hGjqJH;d7N@n3a^ zm&7w}5C4w+Xs%v#7&!p{wg3(3%Ecx+|81(n&RBfq?xA`t3)8@l8Rl$mPk)8;{Trm< zEK+o^Ji5_R7}0{};0x%_X)zcggY549Jkv2;b>4Q3yOtS1}P&7ipbie5rIE`J;r~?7zrLWJoEflrrJif2<%I+5#awtz!AFvV_=AdWq7wR2V z`#a8$a78~-bbz1m#{$rdszI!p(P+$blMTA?g{n1CGApVR$VcROIVKKr`w~L*vxqCM z+YzO3k@IQ4&5>R!e_(%oYc(yD4qWEUp@i^f#0V5Du1uJGmO@wg8gv1n?jYbPW_;u9 z22tL$GCJfwcOb>NXPN!N_vLq|zUWHV;muk6p_A#g2XDj+ohVvWT8RyBTCrD1n^?9% z3=5`NJvRDYhxZh-b!TWd*A|roxI-FS|&*{=Fxap_pxK3sJ>$aUl+4_e6Fd#8Tx zuooA2H3(ZFKvwQavG@st{93ZZr^#UKPF7?SQ^nGll(YErnJuulHr4=I)6hz{#`KbD zAzpf~J(O92OtvztzHRjy*E5xeV;BXFgb@+QlaufskWLEhmgJ&-VXs7O0VO+I&^fjO46~+ZgwM$@vHHx1K&MUbN}jGx%42`961JY zOq~X=U`9we1pDpOH;aEj{NG&deHI$GgC0lj=M@qj)Y7_@th@hjZU16)wYb3fU)Xay zo_VJ4P+%#GdZec8#iw@EjDW z$PjMsHl_-B6wCK{E7c9&TW|Ci4753ld8C$rKfiZ6sHFKpZ8lErmRu6+AKEaIC&RO0 zWG=K{x)5Np>S7(d_Ol+XtVDb$l5@dn`I@i3CTDZNYzB*;%W7U?!5t-DsHjktA(}!; zL>#3=UZPN?iQ{0#-nT1kN0?hR8=FBV8BOY~(`g4~TZo|{jRH#6`D|3CEB1>`edS3X={ z^$0yf3;$?8S$@9K-r|!K>XVO`lgMaEE19&eS?{&RnabnsH<;Rx0}pvUEAdq?!xTfF z7*^{6-i0y_mUk%F^D4+EvAPk{uNn=>d0o9cCmL4u3B8mE7{V*pz5jaox z0_hPXo|5MUf3BtJJG)V(NIypbJ=}0VM%_n1qPKBHi;>X#m^84SLRTIa+!2a5sKVBZG;dPQw9ZY)Q$c`3F~&r^kxH- z&Ej0p5Vnv-ql@iN%Van3q%jr%P%uQp-Z9_V4{DK|o*~)DG`jSFK;Dn#yv?p+#h`*d zRjc9Ouq~tQ;^74V$MYRI6r;OSBtuf|OF(a2i|@n%v(L6DcLaW?TNi0-vK`5C-42N9 zao`wAYsr{*Ekpy!$0Yix?FV}@yUm-ZmM-Qr-W2ZAiwn{Fp8okz8o&`uw1u=n0BTu; zbMCG?QyED`iR@_ouFVs#k;0=@TB22#NPPbYQSeHSN#ZCem_wP|pySLX6PMiqx%xe) znSb3K44-LeOGZV0&F64lm&bwFd{$tRjyM;3ChulH!6%7mulzHMlJ}Q7H*aKi4jP@^#<@AC%SFnCe%8Q6WNyTj8zhw~?-n)m56-39=vo%spzH|L0m zYWQv>Mmb|ZEh;P3`KW#NxRpM2>XyQ9|64`zWBR}TAW}*|u7sf5y?W*oa4(~;DLk=6 zTk)X~M7P_RvVAPU#!-uzzOe=O7ELX1NQl3CVQ28vvnWI_=CJh_@J`F@({1t6bW-~H zRuutS$VgwNH7mM}Cm;7-ABE3db)z6x9n$&p{L>FA3?oMZ%brz4C4elYa(F*V?oJxi z%GOvZhd186s#WB7yyYs?&i~&X=%pLgzBkVB)<5$?{_}Kp6$oAJ(@rDYvzn(DZI6f>_2V^D5 zSX!mlT~1R-3%N{Ze{fpNXU?_K{VNV2 zAU{h(ua!%q5t)6C#lQKfxejPl6$?K!@%*{aZb0dgANQkA1!7pO%%mSXIHH6ZY;p5s`pC9TbgjBMPOCQ zS(PV1lNrQa>pkz9=O=i{a1zmU=~PYiITm9;Ish52_+y5XFkspK`C2-$Z`V9OEZnfp zPSp2qH4;Q8Q;*?$`hPNT>li{SVHkn$bfJvE3PYDF7gY32gWX1uD%HOx6;QtSjJ>K} z>NuAh$%wNVF_OMTP>!Q9AOLD;skG5qB*jA$4OzxGC1d_n>MfekDm;tw44M~_KRA`e zOc0?hk8W{hfxq+6Vq^8059>MD{EV|+go|L)az-C97fOGg!^B9t^i@ka^S`J-1iD>y z{Ml*KKDUTnr}%GbX@wJdRxmRC9sP!*i_!oBh`%nkIc%1;w zpn1zCGGiB7MXlu zVTdOn#CtsX%;{9fBu%Fmy2p;qoNbn69P){6S7u|oA0X1mxeM)&_rMmIO|agcFZ&>5 zaT5M(0o%R<3#k7oF&t3HzujT#k;d7r|M^TfH556u+Y@aZLuz1JR6#m`i@B;31h^Z| z`LncwxdtCtxt8i8^}a6C@OyE-&SxaPVpIAt2_XlzJk)c74RV*wSiC9LDZl zuKlbipEysqnoK84!tMLt!jxkj5@&|9^c~;P)jpPIyn!YpHrU^Rzqh^>hF1V|DA>@^ z0KK;>+}!?yxDIW9i%MU=V&yTFiclao|Eij(0TdcI@0jc)N< z7BD)U%JW5@DqYB%ccm*5R->1SrGMX+3Ww0n<3ya3R5hy}1C9SRl@@Wzjs!gxQ4;Qe zmM9m&{N{;Z?Y}IcejU~9ipfl^Y`ONoj@yst#Q7@Uvq|!vb0PKgMq}e!b)SDvK6~hrPZz_iYCM^`wQZ_mak-ssU$+2}L0Ob@( zMzP2i*JYCe2?Ka;6%)slDgw~%@vSdqpNwbA4Z~%Nu(LJIVz>4&*o<)>8)s)$wZi_D zBY-GV%lESJEQPPhkNFFx|L+jUU16~c)T7d6#3eRnXxe2Gr9l6^VGvdzjaAC@dDF4R z+5(f{_I$l1(?kjG@|%yvz<~S9g=&sgw!z%KHsLQX=ZL?zw#{7n#^kF*s+@?92bBkk zs{Hy4%{REi|MkhG&&CCvshu|PC-~~Zpld-MR)g^z4*OMvjA7q0jky$58=>uk94)eV z$ctlHHeI98G+T5G2{_8*trkZO_X<1%d;k-QrQ0y|qdCpR4v!cP5)x^()K=bjiMhR} zhGITL)*~zoDERy}6vlbfhOWe7VAiryqjul!>(Nq6{sVm28N^OJ!-eNxhxys#dx6_% z(}`5UX)^k5Xnf?ojCy3Kfaz#Xj+-N${0ysTPChAN=e7Y7bjdUMo9unPeEMQvytiUd z%qvHY61aRm(v6)Ew7aXNvhDmgGTZZYeY;AoJ^zz~e7;ZtS@|c~CMGYSBr-~lIt#MSGpge*V}J3hgb*UXJGf@P8sq_Kn7yj*h+M{ zq-rd$4%^q2$@Kh-7mt^EpG_CjXadk2w>^8M-}L>B{czAmG-3r(@?ZK37QKmV(H8YpU)~*4!j%d2suUmRPFmg-HwZY&=;vo}_9mp2>D9Ov#op4+HlD4nsaWgZ;j>R$0znm1@- z%!CKMx!PDfm$)FhPi^nck6NB~D{XV1?H?y;l2i`MTkz?jfNcImP!k^1cC9N<3fJjp z)@ZJBSHGb}a|dA^m@1^1-)=o-UVz1Rxjg zdtEPsuy*Y0ZhWYd`NUu4ufk~-g`fSkxbMHI+1#8OMKj{GV5bi7iAbAvETTx64`*$BgUc-yrHuZrcLdj^p^9JkWCiUC1A^BiAl z1b8LIFvu*mSy^d#29xT1Jd9YVR*(po%Qu`WQ5V5pVG0U*Ri>^%$;)O74ou)&Ew68Ei;asAs|7{s(`wGs{dBvzVM7!R{Zd03FT^<`Lb` zQ7c67d=e&gJ6UB)uPHcv10vHUc2$_^(eKRe{XZx#Hm~m4%wBgMx2Z0+p#|2h>aVwfydvrkz;1dB!d!~F`%=tKw$&m zXsPtPXZXh>yPNku9=38}(~eN(jRI04v8#HWJdg?C5(VLKzyZhyVxfet5?>P#gYlu0 z#rJZZCYQx4ZkSpaTqfhn`7GJx1_52;Rlyt7HrZ&wZU6XZ4*)5k4G)ATgcPFL!Xxin zkhW$0;vmI=VfFoL2n#Pm-tlQ5iXt@y-+i^?W0i!Hov(u!J#Bmc3PbXix&8{k$i^$S zK5I04WT)^2p-=E8v{Oz6gGF5)tIMg8u?}SEV`K38$x<~ zr=@%QQ^}(9>2uJ9w8{;S7MrFjAS?vlfGL{;qF(NDnLQU}*I(sjupvvcnV>cNson7U zly^U{syeLaW+nNBS2mu_OCFnJ)k38@*ILVAr4ybKjoeE9r}_&}&$KzHy$Ab#(=$${ zTK%>?z`L_JPTb+>@W|or(oi2#U5m8z#ReNefz43}plWDtF+Y1al zqh1{9?c5r8zi>XLH#YI%XP@9pSm*D8u!=xnIw z#+~MP+;1@8HFF8fGC0m&^xZmSF@Sw-P>Adz-de$_bwkVJ^p%K0;#-)qJouKXg>&9R__%@XbGg0@eTY<6KEPyMS%0XTY0kT-&RsT2l zS%9)C{uY|}aWS7+iu$)Yfgbqn1i$y%0$T@9&km6?k-FW!)YYamo1d$yj7>`XiRq&v zeEi8fAcnaOR;|Z9CtnO0bS0ogCIxFMUxgpDB$7&=R<>aFZ>-52iI(i_fT_Y94;BH3 zYjPqSl3MsKX~}F&2IXP;4wV9}Am+Ay6ErrGz(M%hlKT!1hDSOR8AvLx?F)U%xRJ$X zPbs|I0Q{e>rz#Vr(b^njINb#N#e^JY+e|t|2HA>FlLzh!DIquvg}rf7=2pEz24eJD z`=3%&Z1ovr+r+Z8Zn{{#if89bEn#=Zcx>i19h5Q_t$iCz);QX#`ba@$`*nOOj%TB6 z2o?+F5v<0NWQ1ddj=CCkW)*WB#YzR=v2-2MK7?_A=q=UN5TTP{-uu(|1ne#tMErK6 zvzs>2#s_yVoWt&}N`|kpLJ6HmzkR~oo-A?4IS`UQp$sk3T<5Tum#IZrG>zPnZc7{X zd9Zz=)uAT|C7FtEzPI+R$mU)ed>7y6Lj3Z`>)@wjkz2WbFisf-NAT#G20^VTTE+>z zex*`D@bH*1Q;7Nsm`Dgc&GtkZfrUo%^3>ND-}p$b^y}}de4CS4D0k0utD&$Ja+HZxB`#Q_x;0V!&Rhdtbq909aHY<{*e(^2%U8jc@%X;>WSGAIgoR`Sa zWldf0APGN)&e&)IPNUibw#r;UF#jJhrx+86XNFCc?wjRkdudY?St-~^Q1lH+dmcar z`z6;(|47R4c;n4aDu7Yp$d8SmP({Y?r3Sz=axtm9f0>>_zGuNWolls;#oZ7wWR1IE zC;mjUIe~EI#h^qzv=4d-*fF~OBIU-Dpn=ehk>48!d|{jY#F-TXLi8fM9oWw`Xp9Cr zGo)Z-z~Y+%XeVWdQ2%_5aozq`wkaQWqwY%*W*sX#plE8Q#m02D&R+4ml!CjztX4;s zGFz+C%rF`lh?tDrKfp$$I7CIM8!Zx&KaR$VrD1LdZ1fuUBfZ?<{qHn91z{_M5p5`67h3dl8s z|Khu!xtgN^3hEmprZ)ibMv5a;6Bh~qCCZbz%Rjiq8e&{AyI|`Xzyy7B#nA#F?vIU9 ztqI)4IP_cAYR@1^7hk zp#g%7bW;6!h1d5kYNSmP(#gW2sfC=?mZ6pXd#+m!J4x;Bs-vj8O~~@819?Z5RV6Ge zLkO(#ij!Sm9N%>Re^@pr!n9j;x%@ms#lVx?Nr+laqcpL*0uV^{b2t0}W{F1r97wb) z++G8iPC4tl8aDtf8>X3yG8~IQLcSJyDC8_iKS!282vQ*mQB^2ywu!z<-;b z(y6WP{E=dJ<983V-xxc`4>nmDGGG65GY0qyDDY)DvoFbTa=iU;1@8mujr?#s|i&H*gXe7UXi^+CBRS% zd1uEOR0(@&#hR!j&qJ*UL0=hl>ptyGS?8-)#O>gBn+fQ+alTyB3#mKv_!(f+cVMN` zpz?|UP{nym!f85GipN71y|3R7!Ll*8V6r`~pto{I!x5HgHPIYJ{|@CLLp_dsoWA8h z-(HLYSR4J&U+f&Be$;>v=P z@&$}xA5Nw#xC{3!EcqLR_*nFw@*uTBsd(v#GzGM@j0Q;V{aMyG<~J*Wezs!fYm^J7 z?OjBt=c!Esby2UD(%Z(k0@k0Vo{jn=x@)5Mn{;r%ZTKDh1KzP3a%EO>4*={h!784W z+W}h#+B|WRs@s#jWY&NnJsJ(0MyjVz+Odj<@bujn*Zfkt!_j)Sm~|E7FEd+Dc^jfOW~>jBw{r+LIe?_bxu61ZFl zmMjgdOd5@xsX%KU1P)&rd4u^qV9UIcsd4ougJ+nNo2^Nn64lKJjm-4BR9slymjbM` zlNE7SSYG%K&XOo#Luc4su)lFX+;>V9RTxRHr&DSp9ypCCQBaY+_sIq0 zq?}HV47nHMy{jf~lNYQFI>%QS<6!wr-sn&C2XF!{XBq`{co69D*jCzla2Xae3N1}LC-XQcs1s@+U$21Kl09zm+)0T7nst644rcM zJP}Dji%~NVk`{Zn{F@BqbRXi-WD(+M&a3iy&Y+m?CvWJ1ARpd(GEZ3x?puQ?CgT%oAya=_9m@hRmuV$!nB?M5Bv}kV`5UkH$gyK7K!D2jI*t3D zD{9dp--PJFSfo0O04*>K5x375G|Aj_1AZSN9WDfBGO+@8gI?CzqUYAJ!ofI?=M7Y^ z+I>smyQZ!o1e?dSyu~Erbl%hS=x#XUlQO}_#sCW#P&6i0PmyTEuvvVCkT_70V%W_( z2rJ~en&XOah&_|gT7%e=FXlI%Zuiv9MGrPJi8~xa>DwlGz3yY)>w(Ij?TW7wm?Ht+ z0>cYDsPmMZ_CPHmBAa$PzpE@><6d!HIUisQ?Yr82{M+ZSk#1eAh+S)1$Ome%5A7K~ ztR@151n6a;nnZvXw!(eLKqJJ1+4@USu)tJnG6QY&CClJ!FB-rNB)5F{qTe4C(3-H> zeMIB9i`B+)E#UC@{|I~QuqwB%dsspQ1nF)NK~lQALFsNmx?38gTR@~iy1`9%xdEk- zmPWck8i8+Z&w0*s-rx88-tW5jhf8qZthMer=Nfa2F@Kw3{rdIPput((4`jfn_K`sub@Abq7F`xEJ>QL8oKxx$AcUsL*6Q`bkVEW*RaCltkr3--lKDBwr z_5bX8<(u$yso$-U*mYvo`tT;;5T%}RAhiV>*6g7@!>-vMxW`?tzx+17`NJTO<&AdW zbP(z6?Hs0@{-Mhz>)73G-&!<*MaYa8f`G~|^SU<`jx|}V{#;+M-f~gnbTZiwehjWy z`ka}@c}DT_Qwrt0_}y>5{Kj`T;0DTSMhHLuv(m7oAaYhebd85}-t>{1$S+^~gH)vq zL5G@G#Uf_?Z$4d+yP;CtQ%V?SlUh-J|5f&0*U~D$Wyvqg>GN-!&Ot%zoGZ?of%?snM`2 zy1zH3H0tuJgXO?f+X)YOB?*-7590$M(v-o7wnBPTt~!$pclN)W!lRNa2Rzhl!h(1T zPS>1_{}=nvPOxoqj5&Be-Gtp)GD0j~M-?6_QWcRUi5EmPh)fo1ly#Am|J85NF>E z-Za%^sf{$KcYj~Li%V3&qf4>!_jod5> zHlbv0<;)WDh<~yta=;xlGvS$*%mht~a7+V-I$TclR;frgj`QwU;vcFTUf?S!@y0b+ z&w1=hGG3Uj<7@m{Sg!Ol5w@LKR$cYuh}HWDswpWtzo03@YV+)ub(2_c|6qW~JcyL@ zWPG*Ky{LY-*XRW!+VZWUZ4;XmJodIbhYMNO>i2SeI8!7&sOIFcWITGk@!TWA`Vb#f zJf;*i0#=Q}z)1q$LHll5eY3yt&EA1G{)bP3Q)Ay!xx6V+B^bll0v4Z!LBk(j*4BAc zO$8^T<-Il^{3MoW**n--DIdfDRRrDH#xIN|WfcGE0>m&nB8ZrsJP;a~ZbaWLQoNTY z6F~p?uE8^1UaM65-LvS6kJJ(UY6GB)@csR3HLG8Rp4UGnOXlM1Z>yE?P-%7T!J>#4uxFx-c)(bnLiti+#E`}c0KL`(Q3c0$kEhGHtZNGl zR~K#e4ebx_Y*b2Q3FjR38otH1)_|=P3 zz;$PJEu%blxGQyjU!EGm#)()D$m{WiFAXeNq%mjQe^+aFBHN+^riMz=U|`A@<(A~Y8notjlU9D2fcMZA1;pk0)+lA-kf3z10?POVaslN~Gce zPa_`sAnVH`tpVP-(u56WFC9Ea2H=`%)c68nD(iKqLk+&r`d1SdzMpj*4r*3|x>3)N zu%5d-g%a;_`ctTrHQ4V>ySZ=izW>N%P{qAnz#+~geKnlUk|vD6D1`5>dVnd zoZ3_E%&4J%D5v448Q5V`A{x)Msz44|KRe-rt1=dG9SBSnOF! z(AY-A5&r(3>&YDUQn_zqsHMbnU@=%sP?`f3(ilc2tz4%uhQ?ItO(F-=YC44kSQp_@W8l z=NYW6g9kUrE_Ai~tec5i8?d*wmUD2fNoC@8q|SCUr>q(wf=v2YKOe%^2*+StzJ0-> zQcX_PTh0#p{El*K>lz=IRcCm|acSguB6Z@VB?L9sS;pxRi`jYm02q(z(SK(bysK|Y za-^DU5G~3T$t;Z}Gif@+#U|b8bz!4ap*yA0^Jc!0w2499L!Mu)+<0pHu1(m>oFzCC zTrct&S32(fq=-Uxsl$I-BQmY}Yz}E9Q6fDLDu%cZy-fO`P-`<+e|vhm&9S}HXdaUt z+>&jHZ?=a5iEYOyr5+5|SW5L27k?l0g5Hf|CpPyf?*O2Bm!}YHbVVc&) zZnOAVTNH>4MpcrnieGUGiXhOi{i@7}4L~#>A+B6_6GtqRcog`$kct1nga^@5N5KI1 zSE9wLklpXmM1J{cCYZ9~Yyk*Mv_3^2LQel=S`U$o298x4=(-L^Sc!T6`f%o>?Zz$T zn@x(Yr>52`x{bvlVemFJcLr|vTv@WE>ffxE$SG1oZr%WRJUHsNRxh>l!rx~N7n#}O zuf7Y6TthC|IaY($y(n6&fm9{`Hkp&S`;{?e_1MvH%w{cMf)LhN{k-Ob5qna@EE*@Q zBDXKrN;TvMM#Zheibf1ap%K5f2U8y-PWL@TUCS?gWi9JKOCRJYFj?B5*|YwA0kB0R zeplPYpYH{Gpa;v$es&7$@k|fVuEWZ4e?oqlL@w+FW)lWEZ&s5|XrC8Jy8^^WLti-C z)RC&sr$KbZQ_7K0)m{QP0y)3dN+}F>rHk99kDA%2UV@UiUOnC>z50W^pM@qO;UDN?9X_WV&(-QE={DRE7*udkaYv;PT^K@zf2+Tc zr8NB9elLsy&^Rd__M*v~*9ETx98QjB-^7POztiHBSjG$TcL3P{K8*?lPJCl=Vc=|V zoX^EKpHaCEXLY^Xx0v1b5GWk8w!?g&CkEAT0R}?nEnc2?h_Dk(>36rMDWuvIl7jx| zc)~U|Si7rVeDEWtjZae_m!z*PR{8_OWu@$sq$LVh zRI>p?!xlnrcj3VAK=4_t^UDyw^Thy}Q|gOO=$4mIe#go(xj^Ghj!G=FPa9$aET9>g zgRSOAR-O%70!lo=y+bq>TYcVuZ6iL5dU2=}lY!QPe@q`4eJh7?AqyJEYc`rGTTsoB zg1$jwDpS#asa;Am%UiRkhc}>$HZ>B8spOBD6M&f}OVmAZN)Qx3G}Zn^l&#aLZMfHE zqi4x|tIG$IhJ$VITGXEO$^<#p{9MgjSm&cC~T*r8F%2g8W@eT6;3nk=j z>+4(F{ts+1{078q&ipY%0(zkFrW5{f36O`7i1(r|yn^Xe%+F;*X9rToO3_}&j*bNQ zVVXJW2?7Y7L9af%KX+Z2q{Ob}j-5<%n)DIJV+asAJzHGz{-YymTE@86s<$=#G_Ea| zSSd*vzm(f4BmWumCcg96Yw$NZa$rCie*DJ^07hY(eYi3XxVfDM$V}Isq)GHyMp?tl zREbur`B!56bt!Cl<7Z{wXTmbE8M)aEoMToV*d`>LJM!)AEvHQ-N#AfDeI;sO5VE~g zC*~10UaR7w(oCwW3tk?VfGR-;;%BSh$jRvWZ0_zc>z!k+PV3gZmS|D=DQ)PCBMsdc zFnU#K%DD$PmNnP!1Cu8KnPzLYvwGCuzwi~=OAUtP?>d0EBC{0sVTrC_I5T}G^;?Qq z2H@p@Dyy^RJ1GjpKvGB=i=yVhdII&W(*zxp<|y2IN->{IGlg)jUgBOps^KHl6??s* zgeklu`CzI5q8-P&$8&YNm@sIqf$T!qXEQ1FkwCG}ukU#OIa280NO4!}V(E83=lG?1 zrA;hw@SfX!nbHp5B*^<-%HRbWl-Jw*u^44Y*8=BB7)J#56WXG2JdOtpem2=T75W(8o49SAR?OIuOccWR zXcx_Zt@m-0+wDZORJSf#zmK98&#vCwoXQ+@7*;!)_ zSt!%hA?Ey?$P{Vw;i--xA3TwLYAD*1a1?}wULh}})|t{~h^uC}+r~}6Sh4lgA;9pF z0e{|kGK~-0WOIZ}%B&xEs>MXIcJ@``k1fFJJQ4D)#fF6JY!N8v)g)*vw4U0+_oiq# zKCJiq;=W+qNDwMuV|Ik}!ebG2_SoguhCvdU<#yzfqhlP|{Ou^R%xd11;p;;ltE^OS zAc1?5Uv+5%Fd4T=YU)}p&hCcn7ofE7L z+=O1EAG2a9|FKkt$6+CHZqQ$OL}@*;-!@oX+>+J|9F7j9c*#b1!-CS9=D~!zjPpuU zd=siSQpqhX14me1w+3(ctiH~D5pZE{<+BUNIP?<9sq4vv|~u;ARL6Rpk4uda`i>v zU_7P`=}>eg)vD+q#2iR#qX-7*q^yxOU*MZmV8sx6hKoJ)n0zs~IQ$+`yZ2PJB5b!} z$i%&wSpU-r)mM`MI7z)me4f4r=N<>%#=a*9ewOJp$5@q1EAWOoE4g)Bzpn-utRT^( zeC!KtzRH_zez&0s&qk^Y@&p*6{LS~J2<4}#45p@3cDsHAe;*CiwSN&}-crL^WL1pX zw;tZP9}q+`FW$T+wAC-vr)jd!$U!-jcH42w|CMVy&kI>|f14W^hDX>9=Xi}`6A=}3qYvr%aU?dy7w<)876ZI zkFH%V;O(j1hQc8R8SL{H^o6oJ|Cn)GP~eG&K%1b_R@lvEEM&UxJPVb*rUDnP%t< zRoolBns90u9-EA7%Eo}l@^QITod`OEZGy`hOkrd0dT(Rb(k9r*|85`;xH&{L@-?}s z*g!NUr2);?q5~s*`bUWbj(qa4QF)*vj2gq-UTkUtdZInY_Dh1I;hA}ZhUG9o35bKn zP^o5$brw^s1iemQ3R&xrMI~bebwW`V)$^{Esv&?M7!RM-wEiuDHlc%#c0Rqq6nY1$ z#~!8&KCcI%jDBBu6&+*A5^nb*;->r(w`QujM&UPKpN0m2@s0i$!+u%i|{ zBN>7H{Wx!T?Ovdf9CM;#!3aRUs0;w|{Wj3=|6g(u2IcZzO_Ft~Qvg{jXTdcDxy|RQ zfpjq1f=@fSQo?Fwr0g4gC_~k&jnqPe7W9ILkG0BnwtMT^@LAl>kRCA}Z6pbsiXxN$ zgh0ybgkuxwxW@nxI>l8atD{{1kZ9xALYs@x^%qg9>%$R>EFM?yCtpe`gYhn_V|IsSInt1o`#wyRkfY~mQgrT5tw&uw4$r9Fre+GI4v zeNVpmokL|Nq6oDdA%%l8WBDi13TTDl#9WcX@~NdSg#7PR3uDOKzamFq&H0NKDP+NCHu6!d`9kANzsV~x62I)#5vA!6P@qp$X{AcX>=l$5 zHQNf+9llTo)ZUH8Rt^j10%2c-*5HtHuD+|!m;>VFSKi;OK;9D!1f-TMN4zF6DmxJ@W2>CzRcd}Oy=n;B`A&Y zUbLuw;de6<{@{R1&DrXLWVX`M@Gd&QiL0NX^BzWZRe+X(ot?=wiFZ7op_(0uzihN# z=j_jBZ4pMCAD)eLBLfupW*@5}7Mra2Wd4t8K!JDxf%;X4B;L)pRdY#$6 zDv-a%pcZ!DLrc0XiGQd7MkaV8&@;Pp(!%J7BN|7>A)D9eyXI==dqk&1X(5VjV&#B9 z_8+#S)~==U3E)WPi&nZTbEIkT*H-bxeh~+wWp-|Q6<~W70oyZIt|n%%XTk3unAB&$ zh#_-$5KNc#l9xb^g`#dV$xu+>EmsF;@_NKD556f!$lL32mm7@Mon};OJ2YReSA-pd z#o>@7rXJjA$q8kVM3XSX3>wg~ECmeaN^JP@o^XxIh)J=PDVK#Gslf!4W-zY}_=j!C z@F8Qs6oh)9R8WSaRh{o=wZ;Jd#8OMpFnbI3cM@nM*v{F*Ajq(d);Xp*Y4>1dfjXaz zc=>FbP0Klg; zD`e#6ZlNDv+Q2SZjnlW9|}y83mV**_rg(okdV_HZ8=)N2^=dG23VD>+`x6{m>1r zJ~-`gGpec8$9*WUT@8lO%bcm2h+uExJ5kV9vpV`TTwNLzrl<^Xv2slTKYbB#i#m3^ zZ1n;N)KY0sIFf)hc98oq1XRtrv1IVlt(681F=<>Fj;TSJlqOForecV>i=XXwQrL(y z&Ett#s)b(WOGQmu7?a&g@?RzA#Rkt93h4nIFx(QlOTL6; z6sqXUW@*@&xE@?Bt$+hSjd=ox`y^k0$9V=GLK|xcI1dmVa2_;$AHmAb06I{#O(j-7 zYXDT_KuqkJ7VjoMBJ0UQiVFR0o4Q`CFD-iEd2Kh*g*r6|!ODaA!P;f~-&7)W!kO>Y z*wTb-8Y?O0Y^Jv&qdsefwA{2LMg^olaU=LhaO^VLT0o^s5%I zPzL-BUTgAUAQrOczG<8N53On?)nN~+mcSMPd$w+0ZQ?DDa7!GG?Kl!7?O z!=QR(&4L@rzL646E)it%zu5(L;m%NHV&mg)S#jkW#rfK=n(_k)XrNpP!RyRPI!z;&~tGhGU2JM)9#vp$?B}P*5-d7crf3jgRURhEhr^&!m{$|$YagKQ&j0ocr=7$c^lWl}&#?Kv zc}e=KeS?fY-scTCAb=YlW$=7d6p<8 z?}%ovdzCI<%*p0}{b0hPe7Pr+ShV_JD`%R};j=9*-bQ~sz~3KfeBAYG{Prd;IIQS0 zFiQ#O^yC)25YevPd8qKw<Ekk&?Iq_5DtB5mb3Qkqf)6cW{6v$kV`UXe4{!>AH@7zJ zt!K9Rk&lGFwZu01)z8Iq@I%OB50~hI_rL$@%!P6D(Fo^~3gU@=8ctb}d1^Idk{ zO3CSoGwqb=6(!*M#nd=aDaR7==r!srzI1$z0+L&R7tE)QB3umfZ8VJ+m6ybCZoT%_ z**E1AwN`5KJc`x=`Y4&gZh=SdYMqm+NWYcV6D7ZOvSER05Aui3sS+X<1IHPZ{hO|?LVLN z0itLP42OQmZt-8C-%6~gV|GO}dQZ!blEij?8*n9_kPq&Kn7_q1$IHq+Qbd+WiL&ME z*JHGf54)JXJ}Xmp8@ms9A-F??8?sEhy_{oYwJ}%_*a|UjX+ecp;vn&90cYMYHdLnJ=%NC&~1ul6)SHNu?uT zQSv?WRDDd#*zQFEVdD{e@8*Om|E*M=yBu>79uFoAPt9kPm7m`__Ujl#!dlHLlmTU9MuoF~JOFng?tG zo+py7hl>*34`k{`sg~XP{U03tem=0B*kN?zZy2#I;;@xCeHredz(%x^*l^ghnR!Gs zByPKD2?!@j@Njw>0WKtJn9CFrn759|Cr%=Eb`8v{0_Oef+3Y(CmN))S*k91mk3Hk9Bz z8_vU`DGEE!Y4QW7VE+AsrR@2m+@t6JeVzZL1PtJ4Q2xkB-<}vehZrUJi!qIzRQ@_Q zM^E8%sG#pKR!=oA7-T>f{1c!KjyIs-C|^as+WJv9_d2r5Xvtk2BJR}ecl!i*115s` zWO6_OgE8*190WdT*%0yaZq0ByXe9LS^aHCbVC%^aThFT%$hig_7{yfpM zWfeqB9uB8m2iNo`PZk9^imQ0UPvva;+Zr@jkE($|gJf zmmKx~^OF%_UbmD_VfC$OFp%on2Dk3bTmJ9Q347=qDbNEMr5-qgi8|Y1CR6Q|1li1g zE#&|9hw=bjYfyZG_nazsA$3wbY+I*PA+Zz3-ygnehB9m=Ow~Rz#`}glmU1Wo%Rs0xf0nhE+7BCQn_AhF7#$28bWp0`}m4bSF?CA9Z(+QYk?{k@)CG0C*q-gYsOyJ3A^V!@s za1EP^bSD4T$$KY7X`i9(dOnEXU9OGxVBlk$-~!%==^x#Ji?r?ppPpd)*^W>@^+-~L zm3qOO~eQit`;)swr}^MVJu|6c&A&lV6Yng`;#@S0--YNmHheUkO3<@>lmpE3n2`A^z_y)e}JX7)7yTALJ6%s&sy zFtlm{G-IWF$yM{8uxWQ;y5wS}27@%6Ce?6_n8lV0dbb_+6#Jzo6sxuT4*$A>9mp7u zRGOXsj9VJOv6;^ou$yU=$X=^034)n%v-<*?cd2$$6I$k{$Bl2zcGd#b>#T`%7#~Ae zLP=03AFg|aoOwLQO|z+y$2YOdU4h}|lJp>8Nf!?c#hCs3b#{D7Nl!*+?lh($z8CUX ztHkEw^~oENn^TT!K#!mY)q#4EBJK6T93pg;6!XFOaXFHU~X6G33Uw`h`HhU4wQS_Gi2uhzhYlFMLvnqXoV@8c5f zbinCS2a)MiIre$6;qCNJYvU`JD3! zdEI|xY4en7XQdebdGV2kR^l!1V&*?-3K;=jY@e4cDk_H=3NHp6pticNjJ9yT)cBOJ zqr=d$*P`^7VJ~W&LomyRk;M1bA`sM7S^nby8~+E*{m)|YQU~Z%0*-nCAnFX{UOj$0 zRxmKl><-*-gHzB+G&U==w{6%Mxq%Pt2hMGe(}P=YFjPjM%@YttZa32JRhp`$f{PNN zz}oB)zxVkcVPqj4Mux-~wWrn8OMj*3#c!HMq;*^0W(sqQt7q_es}!oV0~zufKT_@f zjOY6omKYyJjNBQXBmL?L$I3k47m(L$*v|v3M%o6Vd(op;sqDaOJW;jTJQh~C>kT+` z800)AsN&C+wI6nS@omT~w_4yAgzJuOG=pRzNsbn5fMcbP?poR2C zVzqyWa~bylafam>M~#}QQ?~|Vb-L#Kih}bbPVaQOgQ6U7<-ggeQ}O{BnOuSoqkzwE z0etL%*pOeFRilPuI>4HeW1Rf%TX%@dI1liDu-j69_n5DSNPyxqdL})fi4{gY1n$gC zETA)$Y2#>>%=R;m+Hco}-}``?Y{ow$OV~Rn&O(3tj|hHR*gO z#7geW$EIAGotDG)9MV~iuZnfN0E#E!IsAT&J_obNb`F)^Rt=GSq=V*(D$K|YY&JfQ zh?;8xw83dKn;^Czffn8z^-G1*;%^PuZM*)n<9|Dworv&Q#Tqq&KwGP{K_TK7+W+D4 zUcuU0#H&-g?y9r)zYYDSwoBBIR6z5|jJW%C46$8F^4mq5soKJ<*;3Rm>&Jib`)L^z z0D?#~k{F9NQv2}n^!uKKKdylf(Im_M)!Y|RuZ_oo*Jk=3ZYyCjbShp9^W@q*o(0q2u5}m zU3kTUc}OZn+8@1WP5c*o{uA)ZPK_D|{CVV&UCiqsn}04M0TwX0zowF|;n_>%+UpYm zYi42Tpz)RlzkAgWN=y{N2kqVxb%z;0XCczst;2r@V_6Vi9Y;#pc;3tlIJ(N;R@AFf9A|B02HL1pxo<~$GM?wo_|C&gEFG0Fcba6e0Tdi>Pq zJ3^b|cPEyNN=6(M)>tQtumGmvLF2LH0`DptPhH9LDOO}v^TJ+XV-z2 zNBr~s-3_);%x)2tN;M}oCEQ42uB=B9vq0-E?yV%#Ub_rh^$9E#Ux~jm)eX5Zv zcnVB7qK1z51XQy%$xl+xX~4L>bKrDN*{2tpjPm}$-(PR#DM1}H)8q?D zqhU=dP*j6144AE+$_v(@LN?&mJwD}6Ewmhl6DQzyYrcLJ+$9o2FU3)<`5V}DYFSy< zm|sz^%1bAI2~$cNC|%0NmSQlcz+!yOU$mGftcWtP_c zDbee+*y?HV##8QfzWT5O&N{!z8YddDpjeeki~B<~q6xW+^%?*BHq8Q>SR$G{EQs<7rXWxH-i?YAGI?Q#$jr3JCLcs<{8Kf0WVGIf|X_}s9X<*DAtG-1e0RZg$3 zYycuWIUFhk?l9{lvYiBuj^>A(cP?7E@x(hkf%Ef+)(gBrag_%Tr&d?|yWVTdoi^3B zxnS)Y34ZtG2EY5)*F3Up?RtI1<9Io^%ICu`6LqC$ ztCJh#;{QHOPN$=?-#zvhU9=}{lZZi4tFZN<&6z9~Dt3qpp>}66hiaQtZWVj`GAI!2CgmDwK3{%pxlDEq zu?35uzn=~~qae*_k%t~09)rtMY)xttvQ(|r)HY1UT+>AJh0msa$!O11qt3tPXoQsOp+$J1@tgH<|d(^-2{(L6gMuc$72Z zj@d$TsF`@$Dw}$i?m}Ve*G|hsxz(%Fy|M3toUvpg2w46V;`RB=A36Jb&>=rKOK9hF z%~)&7RMqr2W_&J>#$@4ykbvBI+9jXOf6)^6Yqmk$P{tJxzbkS6jj)w+_!$cGFfAN5 zaw8%=6lvajfbo|bJT|((aCj)*&70r!%y)-Q^Or~KGAXxkMSWN3sb3m}co(mBo)a(e zTZn}C{u6?NM4M|nUT=*KH@;nA2z`?Mu1w3plI3LMx}50CdsZWEp{aZ;p7clL?NrdT zsGHNSh+7Go2xZIB&p4Gv_a}~W*4}bEre(Jun=$h%KUkfMmkSz~=nU)!>LLHM`+a$A zQug6Zg82}!6JxGJPB#~oL$%%z54ofiH~Dum;YL(dfoV<|j7PL~^H7vqyIdr{514bc za&AeQBZ5Yr$d@+rOqhY$((q43|NhFtdXM}yk#4GFOCeRO_AOcZSGC=C!w8FWaohdo zeX@@;ggk{j8JSVL1&^LMcYReEcQYauzVh9X4aYmK170cQcjTZ>D3sr{A$Q%KYAaSR z2$`*$)eW(B((Y-GA=#j`OZ#Bmo^Ps{oI{w;8Rju~$K$q9Zf1A)%D7Ucs*(fg$>jBu-l8R>_c3AnGktrIMFMoNX+Wy#jwil_Cn>%hsA8RpUC_AmUk$6M< z*z4RNAz2fUlnQ$sQV+*2R1F^p`JMVZIy)y=^|PBZ6xrG$+LE?vr_j1eoHlx{;H80#~l3>4lvQH z+?Sa1{wegCLKa2>>fmB5sUdpAgBKN&C0_5pB98BYpf+DqL0Tj~sriHg^SU>v*xjE? z6qw7OK9}`s?$_vOjj1A&{t1QDNvG9YdToKYU^al;ogZODO}Z8gXui97VHVfaGylna z*vRULlCnE9X!p zjG8r?3y%0j$rZdmly%&3zbIMAWVTo2S*AoarI*4RfhbGai31ex%MNU;qZi0e9}^*! zh=+#QDs^~=OpZ`^H8+NTrtXatx;usAW2HEE70&$o)F06xKb0e0Dn>btD+>GgLjf?` z&s>KuTnk^OBF@E}_7uv+Xh#fk4vC;Z$b~o)IE_z^zSI^Dc@uKgvh zN3cmVe@^E)Oi}n@>-$q|VsKkRrCi&vtTOG&3o$(b4g6QC^*gMV1I zdq&1pZ=dBbk@Kq1!1I?@&-OTh>(Y<+mILY27h5@is6Zu_o3YcN*#*z{!r_2^pM!)N zNkM45C+a@Tpanxrm0~X41I)<9Y;!ZEc*^zJ>KJE3*(#`@z6!ZVn9JsQl%bGrPDy-V zFXu?E^$_2=UiLie>~zhcDlm0ccc=VC2s~0GD){#YD_iUUU2Lpc%1&sp>Yg{6NI>nZ zjS(tuP8QM4wGaH2WE~_Q`p2k*-x6EThkk_8p6&Ig#SWNlwW-*qS z-a-_zuD{EwAl9Go87L~%*?|g4&}DR5eH%{toI2sDoUs~#TrSGf($3m!vGD!5B4%Q) za_cO1-G=R;tI!ndG?4u;ik}vw3%*Hsq^LRf*@>W_CBQw zM(kh*GK5CPRi>`A;Ox0Pf9r%5>aH-!KY{S+a=7SxBgAQ|6BUsyD@p#;Jgrvh`0`jy zMr|_1Vm0;UrB1MR)8g*^LFfkrHfFQZcbHD!X$1W3qmD_0-nri&TRb=TRR^5WEawWd zR*UJhi9z9@+z}*2S)T@0eRgwiJLbJVW6DQbJwE*=XEH6;!_RUnHrH)G0IY}EQREhd zTwjHu*C9q%u3z`9jMnyd`*UbyF~e%96>#Sj>r)IG0_zTJeO`R>_ZG5$MfQqH)AaS9 z(%^T>gAi>Iq~R|Q@!^RiWI8|aK3~R#?sr)&-Dp9Mw%aHIRV3Zn_G+Kl6gIHxGB&ze}E*yHp>PoNhB;f^z6cGo`T*-)hC)r4dZr!~zp$cVU z`yfEi;H@mZMgy{FwpzX?sp2}V@S@bN|?TpyYH5>h(G>Gje`AMzsnY<`&HnIbC zr>8lbRCtn&pqq(Mu1s7h>vWkdFZFyVDxT^{11my2p9{Z6Rh{S^>472rhs>wzj)CHn zNpG!LRt-R~%3FLv?Oc#mWwmik8x;HIJ657Cz(L(QEocNHwayRg(%*mRFagpKaoSC6 zFM^w7y1Flkp$@2!I_r;LMyU)=$H4ft2+fL{t#;op!UBV9&mWIgwCF*(LbSbg_Yy(b z9$*9x=&n}2XNIUaWy$({zh7rt zWZ8Z7l3jq=S=sgq?I1p*ntDUYRi3|*ILYru{%)HCUoXsc4kTxTrdouR?vOE?!dFIU z9tZQ&zBXS(kRc^%bYBY5UF=jR<)8tQPe%VKLuET@;1hh;zUEB6|B+&nR9f2!48nxc zDti$UFmFbdaNcwDWnX(mB^5_Wgeh*d*I_+3LDc8%kiyW(lRI1XM~~2DHqW1`(1s8K zbk*T!y;9en0Ts7yEj_QVbCBUcn&wP9r_8YaFt2~tE8|Ilw_~3P*u$Qrqg`D>ebmD7 z>>0IQj)g7N+figN`bWH!h>K6AelH4JNoIT=;*g=FT`2P&t_{3+jtL zegD0fM2}J*7m9*~?H`O1r`^@jiud+dVe@j_)>(S*m^ViwTR240wZY< z=L2$pfxvxz$v0XIO<+jAb?`dJK`=Z`z~U(?-k=pZInW69c1x9kY;!p#ZVOnvc00%e zOi-ah8*)0EUmTYg|;<%{hBg(^G#KAvcE3-egvCf4U8?o@P77VNA8|$t#$1;^a&|% zEOx=p?Izrwzgp3C8z#Bn+wxoUFYRbjOMa$o?( zmGn5rVX3X5B#g160fS6CVl+o0HB7SPJNjpbdzA$q5_Y--6~<{{(`ZnLl&?>Ed^6Oy zTYCM#eCY1Pf##RbQ`%E7J#UC*?fQODAF0Z)P16({e&YYv;U8r+H~A2QIkZwBbaRR| zo;BZF+t)yL%_sYJogJ9j*>%f^DRNhZ8YELPl<&S*&-|E^!JDeyrKk`Lp{YD)HG;sQ zlemrfTFDBP0CSp8z%18mJ|1&-{1M$b2Cz!}Re|RLIVx z1*g9L#ti9q5NO=C=W#3ad{=g4Nk0b3e>liTLBOPzbo70Kg0uM@!*@{3TQgRbak}DX z`9We+oM1rWBPa6I2@VpDQo57%0do$sh35TYtBKKq`2T5bG`)$+{s&e(IvFRN7YW$g#Ewl%+~h3=`H_oswIsqxd# z4?B2Ndf#FlUPUF-YcjEZWY&wrpb%!bm_~+F=Sc?2a~4}sf8e%TB%7{k5gLiKMUF*? z{yKZI9+{%%c>KNNYkET@zAeWa*%2gCI0=m0W4@ z0{J0`_sDCP<~UHhu1$K#QR`1vWR?s#wB8@VWrCfG!Ur;+ASCoiLCk8!YY&dECxFkey;+=%Z+e0kKri;U30pB#_ZC~Umrbz#GFD)qSbqb{3D`L zx-w5ES^V5F+71mS{|8X9HxK!L82jq5sM!;9tD__^P5m+eGJ=;ae}k0CT>u_ zAWLN1etU};&&`rlDToU=jS`FRjdub#&JJ)g?>oKGFSB$*qp<5oAyP>qj&2{{KfZc* zdqJUk2FO+=+pfJo%`tbodeg>RXNg#3%|Oxr-6Toa$IF!gXhM2pwhXtgby(8JP+8ur zusBY#^{Wp2hlOLg1Bj7ACl+*rm<8*Wsv~<+ya&Lg(NyIvw5$p`{B&@7*iLs5J6J); z*>;aiTt+$Lq)f;xp0lX1<5Yu)^10E5K8@%8)rrSk@@&ZN0s0-D zat5Jfkv#=1DPe@3iHaS(G6&sE)uJS!s)+qCgsw}mPumf+BVB2eSLy78`^n3%bo0nt z>hCS8<_#wekaWhMRoEe*lXRbsO3>6?}C1rfi}L&+j#oOuRB=J%&DJZkVAD* zvbGLZ7_7F&=@jKfgLGq|wN=*2{g6D^UNQ$J#&R1{+I~awkcex&{S`KO@d(~`TASld zzT_t74Og)yRpUaLpA$h6HWB)li|(L%7C!r+ZIqkZM#vskx4vA_qr1^TRo!#{Pk52h z-HccvSLJz1hz}h;$Cf-~e5amD9N@xc5IX&2m^Z9nZm9-`em{@$eLSy(FB)mQok|5E zViCXF+kJpsqDwefXqnk)hzBP;+rzNi1(|v`H<&%;w=1oxL`VgG3RBH?c^ySlwc4n^ zXPTG@R79EAxoJjS^GkBvAA!s_l0wTKc{-wD%U(oUW%GS(oPs8n8DOxzK&6%^5Xa!+ z<;cQ`CDoNYVjdrPP*hy_^(&`=t!%1HIJLZf=O0=C{c~2G-_R{Fb(&7^ zA*}?{7w{u2YQ5lki$+?=h1o%xed9F znkL?9N9G6GO*YWj^lNd980qkRcpjKZoArU&WKuICnnH9a!Bb8pN(uib z-zVKk5}ZyRU=<`hG{beQ{cZbZsXZO{baXeC?;#NL=lUE_%D#S=DMz-Upa<;n=998) z(1m7u8`;4|&Iw7A2p8m>l8$(p*gBRoRhFp<_+La^H_nQF zPN`oPMTCx)WN}v9{^JS+GO3bk3K?TZM#MIgVDqj3k)Y$JV)Ua8#o>B=3Yz2Iq(`fU zdbDHpH__Z>mgqYAx6v;_tmTc-d?3`1C@uAd3H>F5W~GV9HzMZs)fd)O`|SkOujJ~~ z|#8RX=$TPT!x*OV%3634KCPz<_ zHnk54-x=C2f?HPZl2Df;C-Ff=Tsx4`TiBse)aI!Xk$HOp6~U~jSD<@!#?5_S>;=?T zBEFA5gP&bt0480bv7=()A_5l^uWq3PDy2mM0nw}t2;~^0Z(Q+VlI4h z+XB^X@wQSyac{eJ?njbw$>~xC~lFNI_V`Y|?2yo|ndmx#Mb!4@9`q*r$S{AV|Y&qyZ zu)=AI+22@D`pGKS9RQ}DZ08G@eb#f4jOYA}aTf@zc%JM``M;~Pv);#NwwP2wAf&+r zLZ=4dPR%*G63dv9hEKDCC`=TXha3$)U!_NuwkHX3KVEsOp;2MD!MWdVCoznlWpgol zitKc-Oqeh}*5@j&OB%Q!&4q=Yx-;!`3;koQ?#zL^uf*pka_W=ScBuOhPY>1yMb~@z zyYaxfTz&?ju$C@8^-<*0*9)c_R!Q%keR)&)1Q&}ZrY_og!;GeJ=(rwAK zIL2q{3(YICl}-ym*}^7PE;ZC^)nOSDsYKZAABZm$bf+~|UHCcowz*D^zrqY6TP8%@ z7mD9<<#fFHk)Lk|p~#u}Kam7fgi>RT5l1HmxF7fCje}c2m0rwuy5Q9fV0t8b(PQ9Aaqk{Ji z!$avCkvcFaA?eL$@@m5JkEH!{@cuLmh;ZaE7_)zBvFy)ORLHv-3=r8?e7#yX0<+SO zHCPx7S`Ula$}V)T->eQeJZuR}ypq|7q}FJYm_nBt!VMX8VbH1;eF+O)Vp!5dmpj)2 z&JpGUxY4K-v-u^n<|0J>vG3JiMPk;cJx?|v`|5lomXD?r5PvA?3Pdkc)D?0f*i@r(xx z-;T!jnVxMIr`*_3-6Y-8Q5#L;pn^;#`&n7IJ&aPMzRrVG_Vd$W>S{M2fO$ETU!P5t4o??YZ5Kbp zN;)%rCXd_^-pjTvl(Q9 zq{AZ?F;|TlzhdbT(H2z?R{{YmY>xbyXTBI`ynG`s5`5mA2Q;(Wq*|EIOq-)q_{E_a zEtGBmp9_|X(PJ@TXgUUl82FJw89_2;%Wmg~j}bAJUZQ^mJs+Au(6rmZAZNBb>YyH& z*;~AXr`;qlxYyMBj|q_gkxO)~&1RE}S3BdTl(muTyz zatS-gu&zep@7j&Ae&XqEKx7vw+7vzzuKKC$qEe#O-@or;gr+$}({Op{-o#SA!cD zOEP$*AdmTsX92S>)?cFXy9+j|8CuOHsI41q>`9B9-kVCH@=9gJ=D9k?%AV%@7#z7# z)@}HQ2YCnIQ+ug6=`HrcO~G)kC0UE#t%+oHe)X+BB00ZLA_41mQ)h8e?SZDX++{v(EJvQ2DP9la=%5rim#q^G|j>GbuVqV{O~s1S>v|T*yF1nj~OC==-6_Je)aeaZ{Qku&|u@9jcU+%?*EX zHNffClxNk5HdV#lE#{YU%u!EV>>fM2W7VPWWo6E0#V%y#a6R*(?)#Q+3VMnOVLT#E zW9`fl*7ozq{;O>3bI(_ewlA{;>c358Ed;s@+{zFZwcEMb#dI)yE)>8W_?BCQe2GDo z6;%j-?D=?kRxl^A)_lwEHS~22`ip!1;Cg1JdB0t84WQ>dvx$F*FQtATfw;=Ivy4(Q>bg1$k$-sSztY)%Vsiw*(-5F| zLzVgX0sfoIo~=i4`HcOu_u1~hf2_8!Kr=DxU5E+cR8J7fL>1!t&X(H8KCNnvOxVBm zXxPXHIdHrye&{2^3+1lFJGYj*2=xa^Wv;tcs6xLS8-LL6({vMSY}OA79tK+na6^No zBI1O-BnNbw{el!}(;=E)N0-r@kBII?A==n!L7r2|;(hTNU=s7w%~~>vg=Tq_q|eJq#F@zHMX3zJ>rqQ??<}k;RTT zb04a5#-;Mc)x3AcN^qPnLAT}B*r9>4Hrm!FYIUJC(2=AMJSj?f`z8YD87zj>cjp$A zBfBMJczL=ltCcpXgjF<-FK-8Zb@HT23Vd9&)4!t z3W4CSZ3=yN$D5F_r&mVzy z!%|da@$?h{aooONCwCtolB+6Uq_F6Ca|@Bjc0echRMe|>v}sg8gmux?0o9lL=XRM?=3 zW0dwU`e6wzjN&eD`f5lTaNrWW_z3yN+ka15U z`3?{Z!5!apI$r&bw0`BTcN-C2La($}o!$UL?jZ^U!H4q_J_5hOtzrTanhxa2%F*R& zxuZdz67-E%uXS#mvN&4j)}4Ka;;atQ^vBFgyU=87_=xlY6!xzggZ5mn*4(>p15gB7 zu=In&URhS@7!jZSVZP>d@$^_pR0x$8R$QjCjrqma`!n5;nXoWUEzfM#$+GSU)(%5i z%fa{NAG{Nabe6<6KJ83LerlXbrUJwfp<&wa>O$b8$e|Z$cBLi$UZZ#LZ@VxZZ$(H; z!Kt6|6Nn``K{>ruc(_03VC&APa~Fv8M-Y?gbjH9#aW=`sTCQ@NM@LqAs<(ol;JTdO zp7$5%rlM=9<9AR!i-Py{-pkk_)7}lnjbemi>uM$NCk<;6@lvY4m=V@#6rijF=hRBz zO+VJcW=5fmul7&%_V{Gw`YOQ9>9P<*JIdQPSTbXq#Az25SDRo4Q&)?K3tAFr@@DmF zcJ!DYQy%YHyGX!@>9{%RO3I7yk_65k_gaCJ|BXbagH%Ao>I@G2G0n|4@ub2H4T(#O zQ+QF2lqMBlBKJDWC=Bfj0hAAXJHili=n3wwKWQYMj@hD6^RDX&3Pr=Q6CTRNLl5W1 z8HROfiWaeMEw~G96&iwrx70~OsB{; z8A=5Ne&P}MY%!H7GP*6>xKKFPvv`P73*lGRF>8u<+S5DWrf9Ht!9)=k;3V~*+d*HW z5D5qj;lufCrjjBuN{`w&TRGQba9Shg6u3Cw6MHv!Bu@!qmT{3})sObt#>>^GTW(sg zX>>QHWNt4O3sd{<#0~n~5g-iw>0h6!!GgW5yg6S0n4VGt`VovSA)osEvTO8Jy2N`l zvDCsL5ij$Ba$=B!GA2AOHfLyZR`{ZstfQZA3_#Ep%PgcA4NLQ$#EJK9p^(g~!2LQLKS!R8SDl$S9l`WmhKaqr==$oT%^SbMbTF}W z@u@#q_Qa%%stj2A0YRye?^|Q9wEz4r-V%T9oecW$VVsWH<~XvI%Q###BzKLYd34kc zAAb$n3a(G4p1P$ae+1KkGWa8PL##U(e(1~N?dNz%e+;jUR95%v8?2ixV|s9ru)&J2 zx7Hs0G1Q3Z`w14RKhHLxvZqU)E9tHFSMm}#x~D}je@*3@mm8Q*4^o(KyY1x`I9hPc2%y096yZ zx}Q*IpsY34N-gn{{Otq%RC1I+iSI&!{is^5H+ZOl=l_vX+d)TTvRCmd9Nk&RMl`LD zf))usyx||&rNJ1UX3*LEhB;S=gU;9uX^1@#2_TGSCa|v&dl_1|Tv>(1WN(%}s&eoY z>gUDQ+LZ?_N?~bjx%qrg@sF=l=d_NVM*s0GpS(!ZC;wnY@?0(p3(*a{!o`3 z0DYnKjA=T;@(A+Pt1Rq?*nuMAAgm81F)k62!eVMaGZ4(?k5iQvEirzc`7`PH52frheSj{cCEma2w6{5iG=w8(+f@F{he43EP$GtjECwC9_wuCAUR z-D9crxC!;K`CB~qkBb8zcYkhbksQGwbez@ti52jW3FQuQUd6^19#hSMlzb3XnWBu# z;VPnhI!$IZq`Nzw>*2k9LyjpOx+;Pt}n#ml>KmGj!)k`4QH&pPl?umNK$xz*6mZ&c_ zQAr_CjhvX!ugu4MUMdGF@;&7a1?)znU;Mb>xH5tg?&nLZ+|LZT81h7|1aN=ty3Btcx*fRs3#e?N0??4_meZaV4AKLl2JL{>&r?_!jsUY6_ zc})L$Qr%UH&SvH7YylHJRE0cwsf%I*2A_^7bJN!Q$at7Q3Rv*d6A;PoP&fU!4gBf+ ze)>2nHtRv#hXjks)iQAk;su}cWN-kU5bPHbyH@8$=2R>KNLMlu5EDLRa{L?{Byu%C?;e`Eqv^{G}7x_s+UX)N21 ztONFovW@aqJTk@N=)uCNVq<=wXJA%c|l&AXn#n`!720U+Jb_5z#CyB52i!g1oM*z-^FAeQO~SfIDrQvsLk+NFLRGqWojXd8v+azIrPF zS#}rOZBkj`hQB(MWLurtEO&}x(yMk*CLi?(3ei(IQNaS_$2GIBHh?Xuy1Ul=C zY|Q#Q?fzI7aI5}cF8||~x{vSRnBsYhP%yA))9RS7Uq1jOw;}0t*%N&Ej2HRmHY;=$ zh+@6ru0_vChjFy6sRdvLPL}b21T3rT&+igu^`E?X2T*QVw8{pwi}!eUA?J^YmB;Wx z{TZ7Wl{3)RKfHYL7TLH|*oT>)bc$a)(0;TxbE@+-sY-l)Y`yqg;)`A|K|sz1EdBLe zOaV}5@;hzA?vDO+BtOQNwLYWpafQA84p%^z7+yHY?PkweV(F9^w7+{i;IpdGI;{J8 z0=P(GYs|=2APqdMJ=7gR`$#NsHHgznr|RG}{385r;oPgiR_<>0|25fty&|BXt&RnZ zo2n`Q9-%vNB0vJ2EVC%Oh{f$Bz#QcB-PzqSz&`8|hTl9u4(50_SkCT--?S>eg6M(X zjj7af1|dxfTkv#Odng%rXRW`|80ZRwG0=*sYIYx+=J^ok!gSwTpmPmxXIy=Qgbe{+ zj?(jH%X*4t@aBu_zS5~wnlE))Ac&9rW1#x9Q$>=3h+zno`>TrT-9uUcZ(6wz#^8jboDrCg14d!b?u$3_}R zPJXz15xK$tQ6=y_GDa`B9}`U2CI)8$^H`U*K(zh{FbY0O`(h$v^&>_FmevoS=X}tcHVTf2AIz;1KBf9yipbl&l3S@JI~!av3kyhY0Bs-g_iPf8kHaAY~^p#6w>elFnP z!Sd34Vx&qbZ$7}Wg0tb>gTeEju`t`=bOAcIbxbsbL;l4|Bh11zcp(P9q8cVsuVh@8 zvRSrn0ce_nnn`0zAU=|=*ojbi?qgP8W_^4-HXRK+tz`kH{pTlnfv0;Oiqyfc9_u&g zv_S7uliGvY<#=wl?~QJtPs}hhVqZ^wTUshIrrc(Pbh6TFVsqUbY!Q1GJJca9rxIMH zHY@ZCn^n@B){B_@Zs)lxuko#?!kl&*TZ2`qtRGF+x)e+n>4=K^&Yy)mk>k~!k>v!X zuP{pse8|@hhCFC6nkCeNogo5F;v3Ab;PX6KPzTeRz=bI0U$zR8U5rfCG)$1SO}Yj8 z-`;7K8dThx_ip3VcGZ$VWGu*iQHydqb5lP0+}|7_qS41e_}X>Mtfi|PP^_2?HlG9W z;Vw$#;CQ=H9(w}8rEEG_ZkZ1obk_+W9>E84|0BA?Ekz54z3Jux@$607 zE;dZKF#ZVg&bS*w1Z{<26n$53;WI2aRH9CU>QtNU35TbYGM_D3x?jwafcl`flZKiU zz!z5rli68x)#sGD=^Aa5_sPFZJV6qwLW3h)z0PPcIirDc1|T?*G!C)wYg;1(p17z8 zA$w_#ANP@ohp$wgMg{A5i&b4VCw_5Pqj0ksP$#3iaD>#u~2XXy&@Xf!)Gdx zH+(GU7WnMj0Yf?F_w;knXl+mkcr6|gZW?u2O!?^Uf4Uc>PJr|cT;l!NxDII$X6@bv z6OjMilEW*1%=SRWB;mEY`GDcMoX55WX6HZl?Y};LQ$`?{{fxjwJWlHGt`9 z)(jY#Uf5lx5WTh#fCN8{kB=X$yo_OYV^Y_sPo>1(8xEk1SRK&d!6qwRdOef%3MW8f z=&I80f(V$;0ML4x#AL9|nNM;}t@^oe99u1h&cWl*@`IJ2_u!vh&NsRIF!RjGR;8r0 zxo{39MI{pWb&LFBBQ~DLZF7{GyoL`Y6MbpQ>$rP^UH8s;nJh`2HFo9}Xlc`PauZpsiu_bmi zG;mu87R(Hx;I{B#w{;gI0eo*oEGQS%uwb z5;EaWhDz7`=DOl4mP4kospFAK3x zwx!90y$4kcJ6X(O9In?F3?-%|gq&aQt`FHM>Eh69iU!4FmCa~EBUpc!4x0_RmoQm8 zx8&r(;i$p=MX(uhW52@>rt0k*qJsy(*n9=iQ?A1kE0lj(U*I(f-lBY&ZcF<7GpnG+ z+}VM02unpA+S+OuAcGGBPC%oN-H@~d-t3EndXXp-pT3Y!4OGDe!lg!Xhi}95oOXfg z#SpMVQFJr!`g9GxIP?s+CGeC?8}=`rtxhlae=+4Y8KMaWAa0xno8eyA&01aAoO%%_ z(8$X1Ca-39Z`kC1KcWfElPjScwj9--(kP?-#E{*O8;8;Z3FzXQy#EyJfp>?m7Kgwa zais(IrX?M8@vr6t7)P`_9t`%+^3`JohX6hQXNG(C2Z;5LH!g7S*fWzy)`s0U0kPxD z#c^QSO`IptHP%2?OR)weYJBbeA*HS6}d7vivk!;6CV-!jh4qlwhw? zV;{E;;I3BL_~zv3JR5bk6`a5vo-F*R9xrF2S?^``d z2*wi?5_phXNy`WND?Dw{S*4A@d*lU=Q2JAw&)O@WRSgahkYx|4f;E87Wi1lVS&j{= zFtg@Pc4o-j8wgGh*Gkr1$ea91gwB%DJO@ib7MH|uTgvftw}{It_cimI=Kc2SorE?m zzOnuIti6!&#j4Z;eN4DO7c+o`9lugE(US}{i>)=< zh(V*h=={t@AnLcs?x0K^NWnbJ%H?zA5=H8Km}w%>ou&|Te-u!cxS9>{`CU~m_oXpm zkiS8^P%bixJufV}dBkZ8);=5rYzlx+=I?IPi>~(weC4DtLxN%H3qg?K`fiKb^ zpiS(r!lu@YSSnfUr<$DIjaQ52UwIsM7KXcOD&4QxvGIaT4p8RSz((!7t+KC@9B-2-p)_CsIKU#)>o!caVO#FqhR(Q)$ zFK84zRSzm+@z}QgK*5zz(@W6cRxJbKY-@Q>GW;p!cao}og%-eHJaX4WEP|YGj~BsV zyf%#;1SmjJdIYrwLO2yNV+|m`b2%Rq_@+sZ%w74Qn(%fPFu|&U6=m7I&@<)ws;G}Q z^#fIq1CcF(ZQd|fhzDF{v@Za=uyb_5=_LMec~(4jN**B&sCK(^jpA`u_3Lf;=6wMb zz1uS$UPt)$j*cqz7&?T2+5Ca3w_--+NVq>VQFq2iaJ4syB+EkR<3rzYs-6XaJI$;J zsspF=9}no~$2(|15XLmgr2>21uiShBe&t73t)1OM%b|CPja6I~t*PRySEVMTjhib?TWM;Gv2iIN)D4cQZ)V0yWj#;KA~;i z2(zXoQKS}#<#aB)sq}CSK8FQa82XYambHFAaOy)kBy6507vYlWVBNpoyARua-!)Og z_LFxYR&d}r8yRJKd)iAQ;jH75qgH=csbE@1;Bx8$R=N=>b1-DJXkI0shVSUuNeoaL zNuY6p4Mc1js%)b8c*VJ0qXbjD75ge=)yh_P(O)q+wu#K}-BSJ&d;c5u=6Orv&CKUC ziBC^HR~Mfnb3a>8cW%X?4De5wz@eTS>T~rC+8Ub3+XgwnNrK*bz8_Jv^G4M~;rlv3 z0-^O&7ShyERvFIgU%OPjNJXr_gp8___DpF)4N9_5bGoVoG7kMi=VK!vru_o~y(-bR z$+#&8g1y3J>v`t=k6uB`J~ZXS2#?NCZxq}hbEBB&2r7~8rpw)boBeIX9Ad;G2psJ`YluHrwPNfMY4hgewHi7XLKz#tM+%R|d z@d@c4+%xP9vwS@9xY|26#)+o4VjE~;qdzgs_Pv- zjy{otXkSmtNhI<|xTlZhUA%q%x%gW(fwf)_bU1GvFSJ^cwCC)3IA(Kea6Q^($k zfa#<@d@7o0*!(ap*mG(jA_Bl=f`u}}%ly)qn@JyNBfdQe0z36A(BI+K@VR9C5uL?q zG5uAyWaec1Awlo$qxEXvaRGVg6`KXNgFxNlc%HHPb8Lu;|67@hYdCu|H7}sEmva|X z+FgHjg8Q#eBr);bQS&hopZJ@3@(MFs{#xcN7JRA~PmjL7l=5>Lac7bWX%0B^mxDjP z52&*XQ&V*vyjcwRBbDAjoHv`b1tUh9%+r!Wkn~s$(b@w{i+6w}mD}akX*l>%!)VZl zO~!9bdTIc4*oqc@tB~@Hr~Z}hk{@+Q#b(oG3L5Q7*>59iOcSnJq}$pBm@w{CcjR3b zXJ~os=+FVKh{ziCUjcK3mvG~y`Tl6YUv3M1HCpQA@UEI&^C99XJb0Q{jT*CDz#X}C z1Ru<|J>8H${!mn#2fd;=?R0AQ8lP6ix@;WtU4|B=)^H;ae@vZq%Z=_k>;<*3ine*6 zR3VhpidV1u(+ku@J{LqlhVFBtT4;R((e1ubk`agDJf|@%IDJ_MXnf*$J}8ObT7xa9 zKk#Lv(;m??<5ElZr^^_B)jz?el1*sb*6<;rens&5Gw6W=VM}=?D4) zze~@eH5?{p#r!r>B_Bb$cBpqRcG~v>0-m|UG9W7 zlao?3I8{Vd^iJWs`w^y`rh^@z9~QZ0ovZl^n@TK7pwKSVPmV}369}Yo1-DN?2`LF1 z*QSh#^I}gFAKJb6{@Bae~51mN%dqSbc5Ap#4P%PF~ z^pgY!sA-izh9AgQGF@7WvzEpV6yKhV=~{atpIh!+^8)p9BvY>TsW<9IwvPs7r)a@+ zibB0|&oB&+53(H$CtwZBXv?^#2rzV+>g3hQEW~UD`Xvil$*BI+*AAPLYn1A$RHq8i z1kNOZ9}#r9QMiC2mu;E^{}dTrqBUqM@0FmMdiELM=!J}9h2f2pg;(RIh#!dnoNG!Z zbYo4R_nzquhww;4re+E&?}Hj64|)^Z}}gz&QIP-PUI`d;y1`G9=B* z&e+8OVzJV#HdaD?_&)-Wkaq$gDNP#>IxB1)>SHK5;S26_-cMY?qzPgOzoK7 zcB}tkp6aj_hXtYI!7`l)0b7@*;1Q_QkY|=n)f5rJ0i2 zny75s!ezm_JBn88gZG9aFu!NK$P-V6qAO_i-^%EC`4D4iwarx+8ZlVj-Q7$YT0JcB zO0vG@+@oABLOxj0OPuKfs`5Deu(alcKuNADjJqPt1~Fk><#M8Y>x0eGa{u5mD2;^f z5w4G=V8ya$<)2{falDFTrkN@vV#UMyf%CEBw9Z+g9}@hSi=mpMG z^|bBw35T5!b{Q!JCb+Xv?`VFLL)(Xp5VvNjh^OzKzV0UjjM=tWiVt|<0%7B-{UmXe zC-2LgW$-5d)iVdV$9urvaeo%m3QPLkfQO&$LM}Ayx1`m?m(>viqq|&i{H~Y^_B~w- z{RSjYa-F^?WQA#OET0+RTpSaNf77Xd{Rz|shanEO(>ez_#IKUTKxwZZmq1S3sBcl>H*x+)p7G^nXYMI19h*z_OWLL z*GHjEe0?n=@u|RgLBk-$A(6>I*_^_yIKE;q2#d#XFrX_UBg_PFZhzux=4U0Y&G%W& z21QTONOdet7FvAQ-XJS1Y4I~n_%qxMhOxE_cX4Hx(xI0Cov zIvlu-c3SE!N6$V!Xg=f%4%Km!aHRMzI zvHjw%34T&BkcQv{+AN=!C7?quQ1QZ+D_=#CMspolI)7TKd(*$jaHqu1hj0S> zS(5_O>m1>XXW8Zq(f-k}Bn2UIF6GrpYtDFnU1+Qd!~sZSco%9nW~TUsB+$EAf#S69 z&NSH?$s+t@ZhL5a77u1%8Olj6vZG3bjs#@yX*S^fQZzgLj{w>o(5!N`LYJ+8DY%3s z1!<;s+aGNxn5b91#;|%~>;uRstJ~9CGc^wpAGHiE=y$NmQ+phJ^FW3vVMv7`F=*A5 z3y6Y*7&1uw^)1N6oiO&V<@dQIJ}3gkObtL^#A>w{vDUkcR4yN5%S3e!!nRlN;k;m; zn7tH9DzdF0eS6FWPX7nHg1MyHWW5&8P^19pswS4v9V9AUkERn&Dfw=yrViSjqhu*o zbF7u@bmWT{2)F0ad~R2A6mm8Nv#ltbYWc0Aqlx^wz8G0IS10L2Cz&7(M#fC=H~zri z-}9*)SRmI=_Ic?61bqV$B*p$sCOfY)8!Lv7$Z?ls%OMm?`CSyucL*$wQGaRNc3j~9 z6)r$hTCXD`J#O>~{=txCokwXLOp&a#KH{tw=C0hodp=0S=luRt)`RS+MgI0H<~;Ep z^k~j@D}_8QgdzyGY#jF}FCnoxk3C)hNN5Y1Z02jQ3}`qTqU%xQ9RkQlA=c1z+-Sq| z$)5#g|NWKD62tHlR0q!$fKu!(fXGkrNI4B9$2iRTG!{NIHWVT*a&B86^9tswTz*c6 z)(qC)R{ZIVLUHjsGEsQ|umq53)eg`&Bq&w=BqID6(x4C~3(J zVAJ864n}lkI~eyCvVdlgnHR&};8uR8u=9M5?A0KKAaKcEmi|hHXjIW=iEF6D+ zn9A}CJCp1I1>czJl$}FBa)7~01wd6{VwLV6UJMWHTJae5erb!|b5NA6aIJzs%|x`- zwt70#%pv8}O{#0ZN)!M8W)7SVsS*TDHbEu$?Oem^MQ=`z5kOyrPYBuG!y|bk(!0$q zE~ZY2`VF;&l4aP=Xxbh=u`UriD#qo{&6$=J5kr8zn)f@U zb~aP(hU%gB6j3s6BSI#Q8<#?Qaby7W+zu-DI2yR>PKZsG*{H6r|H}+PmcMuszRa)} z<=Y0OfwpyF!y}~tL?QF|ZelPpHO%l)h076Cwibe@$_t2RBz6FXiCnE1{#2BAs;6d! zePp%8nteROcc~*!aPlGVC5*gP6Xe~VSWoO?4$pwk<{3oCJT(nWL z%!^YIi}dy!@t>)7i+6XF4$)?izDh4OP)@sy7_3)90xa0;GnYHesj_K4TO%>QWC60S z?%uC{Gq}1|ZD|gD6Gtw22SBv#+?&QV0D^q`ct*J=YjzS7qyl^0e9#}=f+W~FBiEMq zuNmD%V%R|v@^C|-d(*j^PM#CTpywQ7|5v^Y<{bg?&NVi2NZGF%Xaw@3Txbr+*^7fj z<{^PGCx#B0*u!A|m5Ozz{QUeUudDe{i1~dXqWhT=>b^~^T?OEgTMVSL_2!7v9$*fZ zD{k-us!>|kXz%v~xf~@YKFTcL-^Jw5@}-}{P5dq;ue3S2{Qx^V2p*M)HW4}kk;;$= zRXJJ;eru#N=y!E869;|Ff@i(-!^_?6=DkR`DsZa_c{5W25$NYLCsSZ7cRdLzz4kDo z5AgO1LM4V9P5wCeHTF;YgbqPZdPePe^#CH4yFH2Z3N_xS#Mr=974C>Ei}+@SWx5nA zB7rsc8g7zITy~?;*YdKGzoky}NM#@MOkuEy>t(4CQD-bu=Ozsbu%t~u0uH8I^pvGv z#N%{V?&4p)on0c&>#Ol3z&A75@6`?`B?iT3?@nMggovseWYZB=;qGLi(F#q29Gcm- z1xPqqfl{V8reJQ2F~|K=ZqTksQZ|%ho}5|fsY>COQHxxL&={rgCoi4C>4m)B4r@=@ z0|fh^ZEgs9VEUX-7H?;!UfI-qrj8hkmTjPpn6&A~(Y58#!??CS90tuS%w`N@vsma4 z7yB#Sa10e!j4|hnV>hz*YG z?K60ghl_so3HRv=K9Hk}v*P=1G+IDb7fEMAt3AanI}Ta*+a>BigNiBu6*?S4W_es` znnh6DrPI0kIUNZe_4Bu^ft9_r0Yg2urZ-k3orp6= zK_#>DjK_g&N?=JzUM#B7?iN9@}t%xVZmTwgvjgLXqDE>|*7 zv3?hchAb=}Y4ocwJ7vYUa4g5rl+{8(F?fsvB<(z9#q_d8ykZUX^@5zpzr-57Yy!!tHzV7^**jALfPm53aHgvet8J4w=|np*c=Oz3@Gc?K zSA1qY31r`7EEmH;K8+d+d_cTJML(~$weVA-+sK59fg0Vh0$}o1`)Vo3vj(yA6}l(($MX`|CpnoF$DB8R<8&UGv}YGKZ&yH z&WjK<%Rc}fT7;6*DKzW8vT|oMJDk&jfugBXX%HucjMWHz*Pf46J@Amy@?W)xLL-ef zB4|0Ze|-A5y*^L*f}jU2GAAWE)L`_-i|O*OI+F`l3kKSA$wTKvKv4+E{3{&kOv?EY zjj5bgvJNUCx2OBv7VVpB-QhK}-{sE#pzqv5bUfG7kN-mp;F;hLT}daVBIhF>ouTzE z&CO>V;H^Y}c#8HX`RNXWry%gap>cF;mf;x^a9PAOp!rV20M!avXcXjF@@k+%IschR zN8*&o<)_1HNPvL*{zDGSX*px3S{Dsac?2bfci7?kR_lU#WbsJ-{5ubR?oQJaSi%ilHV(HkkMpD zlT-GZp;fjxHPYH4`f%`nu`$?RNWMI33*pBCg(+$D2Yo425^?#sse_oH*zns0Flo+- zScb4=tp^;4yZckfgConYNZDUD&Nu(t6EnI4lIn_MYkF@Qnw(b0OjD1GfRxBAA2>m6 zt8WPy^A0x%%Whwxz>jZ$26IN1d<^mbJ@HZ(D;Uj~WVPPpEK$x<6kio@b=?qApc%{) zCin)xz3he4PMWYcKnHv527nm~n0jU%-}_Sp-t6v4K#@03M)nmA|Iotv=ly>R0%%kk zBVe|&IfIA}lU8oT;(iVACZ}PkIG#_OU@Ih2T;C4QpbaR|q1O*i;LHzCuy&i_eb3L!n7L>LN(RF3`eY@r`p_4MFP#-#RS@*l1_xf#0UkX}UsDj;!LJOX(< zYS@q7I-HA$(8*y-mlHL0C%_+iG(Z~I^H%~~O43P8vi5P=T+(W;ZcH>Eoh-j-WzeV5 z8SK>GzLLqAyS|J$O;gtoh`$cz@t9~)eCyFiAVRBkk1T`UYR6Iq5jCYj1Yv9#k`pQtWy3PWMdp3oc%D&`ULY==<)T&E$n?#P<{|X|!4cw}-?m9W4dV zerekLmv~_|L=Z^R6xv+qEV&%5v&m;r-x=!%^TqWA2-D{*8)bo$NcT1-54x+{zI zks4~9O-@&gz#%siC1gYd-0x?gUCyoK4dci9v}t*dk#p-A8b+&6iOoMF z-iAXHy!D?y!YJN09yKmb+Po;P7zr)phD0LYhRdcBL{sDA$QQchSxp(@`7F1tVU|X{15}#(sXp*kjnv#jSre4KL z>z^-LE|xMxbyQ8clZodiJ~E!E%`hK9vp*jh&}+kyUg9;M;hZVwSg&*WIYM0mX@R02#&2eg-?`7!?btJrpW}GSHksz8P~#qsP$Yv z-O{cz?dDN#WHo8|N5R7wT zw74@lWF4+e4R{C4Tve-fU%w4fFP3KE(u>1zxxy*I>EL%cDcl-}EC??Vh^C8*IsOo* zKX%;X@%qWdWl{~8PjzZllHE=>I90Au=K3%F3GiFoj|W`WrbMAIOi!3*ja~UjaAMhWi*xNj z^|7j~hei{u{ru+XhwH=b-h~S*m~CAGxsf^C9HFpqjZ*qxcDy7f6%nYTzeWm<}_jgw%od+ZOfj+w3ynqS08v$xk9 zV74`0Y?0TnXIU0d1(XR`UJLzgKK`7ZKd{=m+C#Hu0>TZt%8OQzxfgBE_B*ncG=<6T zAT;5SKm#p>k?tVqg$a7!FFN;2X&im;`^XhRjo|AIzrkWIlCJV|#{r+h?G<#w7J3ie zTvTlh7hBvKvrTD!FT1Ti?ah9so(r_$GI5`x`XHhuVU-agaG;ZY>hA+reZ^f7Hpanu zKL$_l{QjD8fVAe<{~YYpH2M_g^Kl0xIE-+89m20q(`WB4b;M|3qtq~#H-cbG z*czvy8mwmf(-A)A0k6eh=bTzApGzjKLi+h%4%KTf`a)dQ(S9CSUOzX(PVPXOYf2Sh zhp~zN_r(q#uBYFwsU-Ytjo(r}`et0M-FJY!+N8ch+sr?(xW6>?7jiY4BH&3N2jHxqRONKR;Pw-lZik#D*vYiMlZLrl%W3dMC>2xs^ z>rD*Xr{?E4xFGAIYVoLHb6f-xW^JrbX*P~F4tIr$c9nCG*+tcu)Q>P8_aYzYB^eX% zFENAh!1;8>aab))#pkP?D@GXYd%f=!fB9(4L1xt$=UsG{gYMHA-S}8&<(xgTF1&>* zxs6&`1(|u{|Eui18GfAqK>=W$){>ouRR^?qL#;}(jN)`j&EL&&$b zk9z*tOnt*8QiUXw{3<$}Z@NIJSl6~7nzV3p(4i_AO@=V$u0zxnv)p2`1F!JyIgr!2 zQnAupv^>LqMZ~r4`_!sWjg{5g1>BD*C*;hhBKsA}_*XSa!y@Sjyu7#M%@Fr1lSvC_ zT{#ikq^FjLj9vAAq*o`6e2oYc?6Fh&$ScTH*OX2PmK{06ZtVH%dq2@ znBoVP2IrSvgs}RYWg>>$lzq%DN_bsJk-$%a^Z7VH=~g2gL)$6EYnC@)Td|U4i%a6w z%UX3eefV?O@;94V?&3c?4GukEXhn6b6xcr)oQdff74RgH+}cD>)swE+cmelfdu)t1 zR{9d`8G`ChEc)xKvimr;LXz;;Wn$jhBjgq;2PV*)t@ z(IdmB1VqT2kJ(FUYVNX<{2JDNM!6h*ho-TvXj5POvl_$#oNn@Saefv~P@IjB_y!R% z`T~T8R+e3!gxu`Pded4zIs0P*qJRANJjqCn+jph%y>(BU8ME*Apw*?S6oLQ(A`0L# z+~h4&y|M$AaS^Mdo+)i)Y(B<0NhgSL z{y>;UkDgsWK}60eBnwF_zu@){-1v`h{od0(#N<@mjo%CIEl9Cd{I^Q_G~ z0yv8efw!+p2+iW;NLk8DQtDOPk>2bp79UbSYG}P5NO2y@ zi)%lh$u<+&C3$G$Zv9!@_b#DdB|FGG7)CF40al+-0pZ%Uu>2~0>h*eo22>I z*Rwy@A;PbNPk~o6>z#7lSta_9hh!HP)<5`CViYpwoi{l(HRzzNT-2FV^}!@AC51=$ zy37raEgYW&a^;7oQd?e`)VHCMRQOlvM~C6AS}4^Zue}w9mPnZnek2VU`P(XB8I^T% zyO9J$P!6D(D-pxTxY<{wZ+>{Y=jIVlP#YeLNVit`Q!)l~wPLn|u)$Zfc~>5EM%CB9 z5$T(28K7Ztje)|kt>2sOw7-WdPJE(%XFDV+vNm(=CFNuD(ZJip8Zh7lK_)at@&tbR zXMi*m5w(>6?%o=5-|QJuE?m2IO~ie*Ok{j9QX}ooI-#Eg7a%v&nCBGmQp{PfgeVKc z#eehdKYx?e1Bx!0%MEbt>A{J%l*pSE~20m$X+!-~s9CfMuUjVn9Uwz|#ml%=-Aik7{J>hs#WK;RU z?b_Yn4Z+=2;1antvTE_~=5oX;f&?&{_qbE{;$vA#z-h*}J85^0zx{0iU~jip(jx*` z03Q%(biy#zziR@B#xD%yW*yrp1O(*l_krc^TsWT1$FkJm^;mZ9GEik)1sYPBh*R!6 zp3$39fbd>Vo^^6U;?iIOxdp8HjO6jRXB8jGViU7^9|)ZbJj(CrDDv-K{2v-)gaLE4 zr}98-;R8>`uV%Qb{xc^17k+FMfnIc8?VJWt*c~h$r2NG1yq_Qu~3pusV#6A;}4 zx8FN=1~3|M6jQgS)@F~rm%O(cEZC9gqzuHU48-W-1z!hDA482_3_T!sKv%vQBAcoM zR)@b#6qf(5O8)UsYCdo~?1tFqwF{4BrvRo4%rxp9PYb&`AE4m&WyjM*~ zEC?YT$CJXYP7iL+dFUtvM?S+GUU0I~E44%+H2N`xLS76}T#UeC~*0su$X!RnI( zP7nT)xnInghXYPkf%p=aIZ8f0KJ->=S64K*3geFFS%$clB1?fibm`o+C*aU2A_kM& z_o-UN*f{^H?O?fsrk}lrU#-Y4DpKNzx+|5LQCu#eEui;32Pr7mJ9if_Q(^Fz&F4?b<(-iLp zRV8)`j&h>gm?lZ_iS>!eQUl@0zJ+<{rQR4P-H&5- zoh4jJn7|6_ujejc&7a$!+HxMP4*Kfc)!^kRLdiI+2D1N21(IwNm3ZzGq%`^KeKjk) z6Gb!0RZUWLg@re#JB`?jtvaIP>ps7X;y4tLIk+mYv_ro?{oVNHuX%I{sCf+TeDR_N ziZ2I>e_F?08SdO| ztTRpYbA(3a#J`2P8JE}IpW?6B9ITq!VKAl=dnuth!@lXC7BDpk7vkTz?ooJ1$kXaJ zwy&Nct)r+YhuCJMu1;~^q_5bIP_|h4{%+hVdsa+$nuz}wXUnn#W~NU%GY*ah}YP<*uooEo0QPf$v{bcjqQYk$GjZm2!% zjSPUfHEfL?-VHYLi2fX3{6YKWV5Tz!->Pi>*1XyEU9$2iR!^_@dlPNGaoLgD_b}|( z5qT;6rexaZt1Uo?!yCUgb^7%IG#K1TUIsmY-lHTVZ%fYpC+#nU9A?w@`S)2Ggrqeq zk@E{(eS8+Dq!vzgXIqcx+~X}B^YLsKGLoq5xw9B4?UB0P@2zVhhQysbzdv@k*4!Or z-Q)Y>lr*no-fFu!YpgVW!Bh={gcrX#5Iay28{^rEcyw`B^m6++yDKIK>aG%Pq`yAM&V$GnxzcY+)+3sRpbwS*Ch5 zBVt?^ONEhDGs$cMzBT3RRaroNI8x?c(#}G95c^mU!RJkRlRa=Jfqa_07}WInMLv6SkT%qTuF8+Q3%)(7^ImCdbu z+do`>>7n~=6P+Mi;!%@we2`6NSF=c1;kiBW4tJWOiM4#0^xE{Rfc<@AcVzWz@6MM8 zRlc1Ma85>94mN%BZ zED2YvTe*Amw!g!Dy&Q^xx*->hi~@AaDx4WwR(K3~*%H4E*{0l0xD>+XSSlG-Re*rx zihX&Gf7bOWmeKM0!iz+U-YW&$c%Ie7HLuCvpBF*;iTE2(_ zbw>A zG4v$4dlln1F3KT5`{?uRc=x8~h<8E7rjYw~)Ps?Mf4@c9ZBi~8+*J`(!-wNI5|xKBR~I#HH$S7i@%zQpqz zq4)LHZ#}`S30t5$kFL1p>zBMY2O7qFzBk@-8m3^_o^YWu z^BptSb%zgY)*fnRc0NBrBQd~Q_7I)qb!AGWo3^!b?rNu$2kWJvAjM5_tO?*?qpIYT z9aVwK>lXXYk!Y!3GMLt*Ts}i+ONqd5{iuRUaZ^_rZI*|vxNU!BN;a&N8j+0@>e>WaxdL&HnTtjK&X5$mFYXWBP8&*a)cJm zAuOJ)(;ZEv{LGD&Yu^_eIBZ7T$9=dtLT!7q(vk)%94CS|;m@9m4n6mr`#P1+-DC;OA5nyhgO3(`s@aB00>G|T^&%4Lg)57sklCY!pq?&$O$O4rVeMmensZs~5n z1bBg=FhibMU`VOqw;d{7@s`Xw%wF9P>)A)2J@DwBbHcoo_a3>@Rm<hti?Y2mqZyYVhkr%THsv1TV`*0}FR zTedJ)#kEb2oeGT?589|#J9vawtu5NZ8C#yGH4h9$EYa$z@zprY3jUN5H#wq8Mbq8> z`x-dWCvaG8g6k7&H zE6&sZ3Pf@MeJHYqPXi!Q2ba_)j7Ca-)sI=X{2XqABkH7cZr^ULu5~%{Z$ST4IGgYK zm=nmYyvFRRtpmf#mv8wp8=YJGD!GMWv5>!c)je(@=oj1O8NuAqwBk3fw zO9J4};e#F~`-uq~{?$TB-_nxn>Euo^X4iSGDv2pO?J~fZL}<<2r#q7i#j5KgUy*v5 zcjKoc)2SrBmV*SLTifZ49?zz2u`%Ki6&X5LC-3qy;-yqxdAY(_!Ch^ic&M&b=W7AR z`UtkeS`!m7FJURwNil|bpWX{UgS~nWa9F5d+dfFpr9jy4S*z)W{|uagBtG~dmZKp= zH2CDyu4g#YR`N+!rzbM`cP~V#qjKaHzO0e8Bf-b^iONOxsZx5%#-51S4o1GqX&`){ z?cZ-VBGDeWlFsR2+f!$d;ytP5Pm$dP6Nrw$vd>pQdD;YoOV8v;`WN-GNp$7wFN!Bu+dEgfv^6v?^1QOP z9P{3yGtnKmVM~G@hu%U84y|=a>}MKI-a~s=D>cOic1zWs&d^_L1P!VLN~6T`6(e0 z1>mdl##bXjQcn+LsY9S}!Do z7IZV~Le=KiSB_4jJG%IZMLIIuSHX?2Qh0Q#vH=6>lrfnHjtqlZRZNNZRFR2 zG3f(V{ZO$I=NvM0W$Y4|`-JA>aizw1W=kw0X@X{AslnAlWm#JJSuoy?BlK^>cM;Go z7S#kBdjYvqR0{j@0aEuOH^x{O0PMa^zA5E=|6oN)hO4sAxA6ZHb{(B|_EYJ9NeuNN z4?$eiW7yQQ9;?keEL8~#S}pLE;sia8b>tMi%iw^nG0U=Ab~w9hqHV%a&UeelC;4!6 zLan;+E5{@Ia-UbPJv(n53`WYtUs7gvFO{JQc>>3x=vW5M*FgU`G^o21N8`FaBV<(o z&r!0M;Bu@xp%$z7%qKj*bjkrD3CczHgP^{nS`JobS95)BA-7gyxC^vb+IrL?R~A<& z8bs|Nr_vO-^QqaW5^%xEoD)f((BL&JjvY_WT)xa0xuhZq#rAf6qA0psaJXGw{Ja zpM<`qvTY@8$~YcRC!lw3ZPmb4VFk2?%#3Mi%*>O|q-)5JjCh<}6~rt)=#n}W4L(D$ zi&tQ9u~?63wGWM0MGj5r4s)wrUwI>mayaazb8GwHhu>Lqd5?~eaAlH1Mc@C~OZ|10 zz-s~;#$IgtKQl#K%m)EsnTw$4jsJ4RHk@5Yc}1x}e)mH_`eaJqse-T0)muwzt5svj z)xKf3LrtfK@U6iK9O-MSvqDkrLRE?fV&n3@W3V7C8Z$C#oPb)yu!vwu#Pg%$?kL_+ z8Gq5eun^|2YD&_Z_9ius6Wmoa1x!JAAoJF|KkH+QP|$h_u71c$2XN6Ts%vdRFf{VM7IHSiXS%<}b1SC(~di$8yxvmKTmz22E{Z0Ks%0 zCN%!y`=@vP_llfqn|-sEffGLB(W+n7y&!fI>rp(Gnxb;i>Q*F5MR8h_*USn>dxc63 zJ8f3QP~64OcexD8HbSOofE6yb1s~&VwHfd@CG`^Qu7lj9_Ddi)TXTBLDbwfmnYW*G zy62CvuwY9CgiZB*55MDyUObwZ<%^946A)$dKLeojRIPrvxhOykSWR;^%0GWHY%t<1R2H-%bZST^b3RByn4j`>~3MDDvH_^nFm{Q)TE

^pBEPQwfdbgb=uBx?C}zWSQ33=)vvj4#1hA=+F_sps`T~@YZ_8vY1NuGm zE)HxgWWMz&y{Q@zGdUXyqic+1q|Lp6@^MLmUAegVhA!_EhglE)!HwnLhzcb;$1Zw~ z8ZHl``((pj^)V35M5QPi&-Y}J5&f~Zkr@4wYx+8{HYz_#e^}HdzHVoKh|ZR1Xo)7> z{QE}k=g=OyxJfb&GvsYE$%~>Q{H`q~6lOi&-DG)w^U@21Y>lJoKx$+hrqDoS4_#uB z>MfKUYUk#?dlum^|9(b~6T_s0#2WIc5^{*r^CXGUw#to9!9DOMB@*;$Vsz6{2~n49 zkrGXd&R(gUBl(S?o^_C0h;B%^d;!?v2=5yXQzM9hmBNBm>mb5k5A>_*7?%Lpmhh`% z*h`ZmLc=M|MnYjM^tptn9nke?>21v1U$nrBgOU5L&d%>fISG$XnJv4@AuK%1x(Ren z=v@(XoXdWq0)Z$ z*5+bjUW&&w9WffXUPKs1Rwt9EQ*6E|fn8KY5uHy5#{qB5H1f#tz6y2$YzFU`9q%7D z+JLY!nW;?fQbJTPnh6?)p+zTNBt(IYYrWY|D9qp+Tq~9!gS|sE{)g!Gi#h=?v5VL+ zf5FQ=boS?I;r{)@hO|d+Nk5;#D`XwR(@Y~}%$Oj%xk1R#R@u}JpYz*hJpT2Nenukd zp{sH7W7WFY0t4anWly;xEN-yyBhNW%0SV|z2ADFP^oJ$I!jzi_=boIWt%8oSjDZZR z^^AibBAZ>bJ#1U-V=k3hM-~iVQbcG+cZnG^6q;@d4ejWGnswZS?O*M^hu(2&nG3n~ z4BIia`0+5ta%}I_=TT?--x1bEB~v zfEvJdi26|-2H237WjBMtg-{R74QH z1fYhlP4shgZSz)~D~nrhMmw$ zN*3=5EZ`0+xqylV3QifpFAG*}&0Sa<+cA`86urKY9MAeoz4)_o{PRjSoMOFV-fSRk zjBRp0GNYw$LMEITEk_P-fH5_a&NrMTnQyQYg*OaF#wWv+8wLrmG3G&qgPH*AJWYnd zb`+aC>~;_)6kXz?QWI{y5x5?O#o`gDPb=inCE6=}B9%i#FDAB|K49hBP{9v@ZAtAJ z2U-Sd4O_>G52Pr9lvkHWZ_zy3_23iHq^aASJ*QW5U(e#qf&>tway_8T?khnlFN^~l z7AlC{Fa-`;lYc6g!xXsY3T8zcw6a`|%#DSX>8={HF^|sOFE)M8FxF2xl;0>d0hjS~ ziAqUk6OOj`6q$?s$nZN_7OB>&zh9kmx#1gs*)rH`7v~wZalgZ*G0OT$0C+P91gGai zVZ}lSo!M@nshL>QXOqAMNb*rTQg{-+J$fW-J zd9dycvkrYUmxM^EY3=)kULDdTkE}EK#sc;%_)~gi5A`fP8{Ln$Gxq1CMAW`LhNOF2 zI<3}UZ;pEHB6l{LD?aWPaz7q$*=n z9%3EUYJ~1Q=!^^tE}5^#Jp@4%4svMvdL1Wyv&9&y`yW7NY=x27D-y)l-B!zZtnbE{($NO2JEq~^8C|x7YAMKh1V{1(KrmftZz^-!_V(=mz{wbj* z{tc|}SqZ#p@E*D%swi9XTW^462#xJxL+$X)T|UDq=^)nEzopZXWHkZ$vSG~oOY*_u z15L}-@>>SjfRWVn`yCHq0B9G0H1y5>lR1unpdk7X>W5kaT~=kPk4lhv&VHcXK}rQO z^e)5-f|#VctF{mTqx+EHbj!6j3ubghr|&6d?kTcB4yCGx$l!JDp-;kz zK{RQBt1avbBLL%AF-B45>flIut*}sPKL@b=f{*u`KWs4}Hr*d4#Vg5=eVqz#w3_d2 zWNfoJ2Lgh!(x*YFIW(-q4@Ggm${8w_gBgqZ6 ztDiHt7!_6MlLxyZ<@kicltc4OB1EU}S$OgrSf*g7TRQkNF2HS7JZFqY-sv71V@=0H zG%XG!P5Qe&`D3!-@?F2??tf3}TV(yJZ4+B)_BY?Bi25#=l33l1zmO8)ZK5Er!%%+~ zr`5=PA5%kG<4D30G=`Vcfyh2v5ZcKe!o7VYo;R6C*)W znW~5bFS(nj#C1Y8UEFJy8p2vrs5z0Yg$?XVOacKmoy(CJwp*8nPdPQhnIgTO-0cL=GeQ zxF2GiAoYNDeWC0J_1a=0q7q?9c=O;FOkja%A<~nDk14Q}u`^+Qero!5&-Bo%uF|g- zRopM~(rvs={2yay-e-JkAMDZ~lWQJ0KIwUGP4qEKW2^r_y`d}hYjA2*KnM4IL6|;! zZY+HZ&N3JA!=}#_`Z1ejAm?K)g;p_w0Iu}0k{ui2gNZ`Rsl#!LE{#Hg7^LZ9Oe3)B z`usknK( zL0N=7rqUldQFUK)-e}uq{%%mK(!0jMJlFR**RWA24}|jjgd);B#!r>(qOV+GqVv2k z>IVU-I?Am$@`2f?LZGoa8IRj$iz$oIOC=CQx23LbCt!t{IpIG$e+&!fw&Y}>UQoX* zYV*Y`81=0VT7!7_uAfb(pRjHwHTYTT-p{hmB z6u;R&+`f6CKQZZ)k@whp5gRHNr4seyv-;E}DutLP77tpP>R- zX|7V9vmyGLnrMJMCOph1{Qb*v=c_R#euzI9u|6S-3Y>3|`;Ml$L-3j*L*J3hp2t^B zBDdI?ttwGHi%|BGnOBr~J@*Pk!=PlPDkrq)zSxx8Y>I}JjKett!^6Cw>Gw-IUQa03 zUXC-0fcOeq&e4FHXL7%}FW9m#$F<{6TM!<2r%zvxf!#!&)ZlMm#7j z-X}OO#?*go>2GP#(JV+eS&V70N-(1~2%s&DlEn^pMFfX0EN)Dnk<`cfmRa`{?P&5d zNBBL!)2Ao%A5TB7NY;WHo5i!9mPvJ8C6QWw#1Yb#U<3lyrgoBFyz;q0Z9u-D+!5+CO`BK1BlH$;HCrgfxw zSlEUs>e{`&K#Z)ma&AtxYRk>3B^G%!zT6^NIMd`Y zt5k}sU_=eh1(z%k!E_lYjBP*I_z#|TerS)&FAJHLsEOQ}XwVg$pWZ!v?fdVF=}@k3 zH#*tp-+x45=g=eYYrC*MFKF{Se{C@$(X3O0z@|0n&)=HQ@1AhV;J`{(N?Yrd{cwC+ zT3<(DCcycf7+9{gpToDg2wQO*54%WUuh!Yv3fjENK6UM(jua6;RQ49I0r!t39!?HM zPnam+%eFY=vx9@19kCK_pIMKW;N7#KG@?*mOb4c-h8vynTKmmmC|h7wY3J+tjB{95 z!75it74+yIhRdDZHJ^y0oEMP#y&cO&7c^|UD4uGM&^GF5haDa5+8{REp7WTFfHIY& zuyd9iT0EUu7Nh-f=7y5~6{ zkoB9u?@e;`Qh3SEZt6%<#)f_=J{7@#k;5v$LsAi~dJS=4I~uc34y*YT@d`Rq;q6d& zi6Vm+TRXdtT=Uco)#5o_k7FS>JE80fyl9$e{C*G1Q0mo3q6Q3537yChay=>Gb8|W4 zIYtxOnSxm7;TBy3thv+xVpCjWxQH7Cf7aW)H)OccZf2vJClt1%IP3s3^b|mHfkqXxW-+008 z%ma(SLJv=WnD+gnqZJ$w8i^4{mvi&Dg~P*VR2tNN*!i@PkoJ%6{Pbtq!~9EZ@6F6P zK3W@NvHJ!#vmf(*zmt$cQ=71vOPb3X8f#svq6q4I$C&{M>ia6*@kIxkwN=Jl6m9pk zYsvCEv;!lJyrG-KXpHQ{(LobOKZpLg2qPujR_%SZmc7F-3aoeCM8l|)dtz1I$&4g1 z43cFQAAcU=XwFe@n#DS#=AhQMgxfRT!{Jy@H|pp{9PM;1 zAu-&>d7SrNIHBG5aI;qGRS_(4&pqQ?TdB18kG_YNg^DRNI8ey^t>^P=Z3m8A)StI@ z5y$!K)J)Y(MoGzRd$<`n%(|`M_9?W5!Q6HvOaQ#hh}ewe-JqK;8;!~c8h+}l zu8am&$}N7)P`=P@G0g^?&^%6=vZ>5|t2baZmvm+sy(JkkD)HqtlFcQ}lCB%j_dKC_ z7jD{tvoL)8-{djshxHrXZD{<kzND&I z}p1QC5u9(_q4Arb2@yA%J1M{rIw z3sJ5=u=aug9495#vIAXNYa!X~glXaDOUK%b#oG@$CymVA=^8(2q|tx@jRBaN7mvxP z9ZTr*WH11n+ZmmOf<}kBHKG6TZB56E$2UD*m=W5j)X*w5Vq-YBj$rjQ!Qbb#|0{@p t?tVDd-XD{5nC;O2>H+_LEA-Nj!_sn@-jiR*=Lo>RTZ*a*`8V$S{~v%fYtjG! From a1942ecdaa4b70178c1b2f628058935b0a345442 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Wed, 2 Aug 2023 18:57:53 +0200 Subject: [PATCH 29/32] feat(api): add and remove OTP (SMS and email) (#6295) * refactor: rename otp to totp * feat: add otp sms and email * implement tests --- internal/api/authz/user.go | 2 +- internal/api/grpc/admin/import.go | 2 +- internal/api/grpc/auth/multi_factor.go | 58 +- internal/api/grpc/management/user.go | 4 +- .../session/v2/session_integration_test.go | 8 +- internal/api/grpc/user/converter.go | 10 +- internal/api/grpc/user/v2/otp.go | 43 ++ .../api/grpc/user/v2/otp_integration_test.go | 302 ++++++++++ internal/api/grpc/user/v2/user.go | 6 +- internal/api/grpc/user/v2/user_test.go | 14 +- internal/api/oidc/amr.go | 20 +- internal/api/oidc/amr_test.go | 25 +- internal/api/oidc/auth_request_converter.go | 2 +- .../api/ui/login/mfa_init_verify_handler.go | 12 +- internal/api/ui/login/mfa_prompt_handler.go | 14 +- internal/api/ui/login/mfa_verify_handler.go | 10 +- internal/api/ui/login/renderer.go | 4 +- .../eventsourcing/eventstore/auth_request.go | 2 +- .../eventstore/auth_request_test.go | 16 +- .../eventstore/token_verifier.go | 11 +- internal/command/session_model.go | 12 +- internal/command/user_human_otp.go | 170 +++++- internal/command/user_human_otp_model.go | 114 +++- internal/command/user_human_otp_test.go | 553 +++++++++++++++++- internal/command/user_human_phone_test.go | 128 ++-- internal/command/user_v2_passkey_test.go | 2 +- internal/command/user_v2_totp.go | 2 +- internal/command/user_v2_totp_test.go | 6 +- internal/command/user_v2_u2f_test.go | 2 +- internal/domain/auth_request.go | 2 +- internal/domain/human_otp.go | 15 +- internal/domain/user.go | 17 +- internal/eventstore/eventstore.go | 3 + internal/integration/integration.go | 6 +- internal/query/projection/user_auth_method.go | 59 +- .../query/projection/user_auth_method_test.go | 258 +++++++- internal/query/user_auth_method_test.go | 8 +- internal/repository/user/eventstore.go | 8 + internal/repository/user/human_mfa_otp.go | 266 ++++++++- internal/user/model/user_view.go | 4 +- .../repository/view/model/user_session.go | 4 +- proto/zitadel/auth.proto | 92 +++ proto/zitadel/user.proto | 16 +- proto/zitadel/user/v2alpha/user_service.proto | 156 +++++ 44 files changed, 2253 insertions(+), 215 deletions(-) create mode 100644 internal/api/grpc/user/v2/otp.go create mode 100644 internal/api/grpc/user/v2/otp_integration_test.go diff --git a/internal/api/authz/user.go b/internal/api/authz/user.go index 13dc4076fc..3bfbe45cec 100644 --- a/internal/api/authz/user.go +++ b/internal/api/authz/user.go @@ -10,7 +10,7 @@ import ( // equals the authenticated user in the context. func UserIDInCTX(ctx context.Context, userID string) error { if GetCtxData(ctx).UserID != userID { - return errors.ThrowUnauthenticated(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") + return errors.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong") } return nil } diff --git a/internal/api/grpc/admin/import.go b/internal/api/grpc/admin/import.go index f905af1591..b5efbb7817 100644 --- a/internal/api/grpc/admin/import.go +++ b/internal/api/grpc/admin/import.go @@ -552,7 +552,7 @@ func (s *Server) importData(ctx context.Context, orgs []*admin_pb.DataOrg) (*adm if user.User.OtpCode != "" { logging.Debugf("import user otp: %s", user.GetUserId()) - if err := s.command.ImportHumanOTP(ctx, user.UserId, "", org.GetOrgId(), user.User.OtpCode); err != nil { + if err := s.command.ImportHumanTOTP(ctx, user.UserId, "", org.GetOrgId(), user.User.OtpCode); err != nil { errors = append(errors, &admin_pb.ImportDataError{Type: "human_user_otp", Id: user.GetUserId(), Message: err.Error()}) if isCtxTimeout(ctx) { return &admin_pb.ImportDataResponse{Errors: errors, Success: success}, count, err diff --git a/internal/api/grpc/auth/multi_factor.go b/internal/api/grpc/auth/multi_factor.go index cf95644492..b7c23da1ad 100644 --- a/internal/api/grpc/auth/multi_factor.go +++ b/internal/api/grpc/auth/multi_factor.go @@ -18,7 +18,7 @@ func (s *Server) ListMyAuthFactors(ctx context.Context, _ *auth_pb.ListMyAuthFac if err != nil { return nil, err } - err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeOTP) + err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPSMS, domain.UserAuthMethodTypeOTPEmail) if err != nil { return nil, err } @@ -37,16 +37,16 @@ func (s *Server) ListMyAuthFactors(ctx context.Context, _ *auth_pb.ListMyAuthFac func (s *Server) AddMyAuthFactorOTP(ctx context.Context, _ *auth_pb.AddMyAuthFactorOTPRequest) (*auth_pb.AddMyAuthFactorOTPResponse, error) { ctxData := authz.GetCtxData(ctx) - otp, err := s.command.AddHumanOTP(ctx, ctxData.UserID, ctxData.ResourceOwner) + otp, err := s.command.AddHumanTOTP(ctx, ctxData.UserID, ctxData.ResourceOwner) if err != nil { return nil, err } return &auth_pb.AddMyAuthFactorOTPResponse{ - Url: otp.Url, - Secret: otp.SecretString, + Url: otp.URI, + Secret: otp.Secret, Details: object.AddToDetailsPb( otp.Sequence, - otp.ChangeDate, + otp.EventDate, otp.ResourceOwner, ), }, nil @@ -54,7 +54,7 @@ func (s *Server) AddMyAuthFactorOTP(ctx context.Context, _ *auth_pb.AddMyAuthFac func (s *Server) VerifyMyAuthFactorOTP(ctx context.Context, req *auth_pb.VerifyMyAuthFactorOTPRequest) (*auth_pb.VerifyMyAuthFactorOTPResponse, error) { ctxData := authz.GetCtxData(ctx) - objectDetails, err := s.command.HumanCheckMFAOTPSetup(ctx, ctxData.UserID, req.Code, "", ctxData.ResourceOwner) + objectDetails, err := s.command.HumanCheckMFATOTPSetup(ctx, ctxData.UserID, req.Code, "", ctxData.ResourceOwner) if err != nil { return nil, err } @@ -65,7 +65,7 @@ func (s *Server) VerifyMyAuthFactorOTP(ctx context.Context, req *auth_pb.VerifyM func (s *Server) RemoveMyAuthFactorOTP(ctx context.Context, _ *auth_pb.RemoveMyAuthFactorOTPRequest) (*auth_pb.RemoveMyAuthFactorOTPResponse, error) { ctxData := authz.GetCtxData(ctx) - objectDetails, err := s.command.HumanRemoveOTP(ctx, ctxData.UserID, ctxData.ResourceOwner) + objectDetails, err := s.command.HumanRemoveTOTP(ctx, ctxData.UserID, ctxData.ResourceOwner) if err != nil { return nil, err } @@ -74,6 +74,50 @@ func (s *Server) RemoveMyAuthFactorOTP(ctx context.Context, _ *auth_pb.RemoveMyA }, nil } +func (s *Server) AddMyAuthFactorOTPSMS(ctx context.Context, _ *auth_pb.AddMyAuthFactorOTPSMSRequest) (*auth_pb.AddMyAuthFactorOTPSMSResponse, error) { + ctxData := authz.GetCtxData(ctx) + details, err := s.command.AddHumanOTPSMS(ctx, ctxData.UserID, ctxData.ResourceOwner) + if err != nil { + return nil, err + } + return &auth_pb.AddMyAuthFactorOTPSMSResponse{ + Details: object.DomainToAddDetailsPb(details), + }, nil +} + +func (s *Server) RemoveMyAuthFactorOTPSMS(ctx context.Context, _ *auth_pb.RemoveMyAuthFactorOTPSMSRequest) (*auth_pb.RemoveMyAuthFactorOTPSMSResponse, error) { + ctxData := authz.GetCtxData(ctx) + details, err := s.command.RemoveHumanOTPSMS(ctx, ctxData.UserID, ctxData.ResourceOwner) + if err != nil { + return nil, err + } + return &auth_pb.RemoveMyAuthFactorOTPSMSResponse{ + Details: object.DomainToChangeDetailsPb(details), + }, nil +} + +func (s *Server) AddMyAuthFactorOTPEmail(ctx context.Context, _ *auth_pb.AddMyAuthFactorOTPEmailRequest) (*auth_pb.AddMyAuthFactorOTPEmailResponse, error) { + ctxData := authz.GetCtxData(ctx) + details, err := s.command.AddHumanOTPEmail(ctx, ctxData.UserID, ctxData.ResourceOwner) + if err != nil { + return nil, err + } + return &auth_pb.AddMyAuthFactorOTPEmailResponse{ + Details: object.DomainToAddDetailsPb(details), + }, nil +} + +func (s *Server) RemoveMyAuthFactorOTPEmail(ctx context.Context, _ *auth_pb.RemoveMyAuthFactorOTPEmailRequest) (*auth_pb.RemoveMyAuthFactorOTPEmailResponse, error) { + ctxData := authz.GetCtxData(ctx) + details, err := s.command.RemoveHumanOTPEmail(ctx, ctxData.UserID, ctxData.ResourceOwner) + if err != nil { + return nil, err + } + return &auth_pb.RemoveMyAuthFactorOTPEmailResponse{ + Details: object.DomainToChangeDetailsPb(details), + }, nil +} + func (s *Server) AddMyAuthFactorU2F(ctx context.Context, _ *auth_pb.AddMyAuthFactorU2FRequest) (*auth_pb.AddMyAuthFactorU2FResponse, error) { ctxData := authz.GetCtxData(ctx) u2f, err := s.command.HumanAddU2FSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false) diff --git a/internal/api/grpc/management/user.go b/internal/api/grpc/management/user.go index d7208c5a40..c37ce3728c 100644 --- a/internal/api/grpc/management/user.go +++ b/internal/api/grpc/management/user.go @@ -613,7 +613,7 @@ func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHuma if err != nil { return nil, err } - err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeOTP) + err = query.AppendAuthMethodsQuery(domain.UserAuthMethodTypeU2F, domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPSMS, domain.UserAuthMethodTypeOTPEmail) if err != nil { return nil, err } @@ -631,7 +631,7 @@ func (s *Server) ListHumanAuthFactors(ctx context.Context, req *mgmt_pb.ListHuma } func (s *Server) RemoveHumanAuthFactorOTP(ctx context.Context, req *mgmt_pb.RemoveHumanAuthFactorOTPRequest) (*mgmt_pb.RemoveHumanAuthFactorOTPResponse, error) { - objectDetails, err := s.command.HumanRemoveOTP(ctx, req.UserId, authz.GetCtxData(ctx).OrgID) + objectDetails, err := s.command.HumanRemoveTOTP(ctx, req.UserId, authz.GetCtxData(ctx).OrgID) if err != nil { return nil, err } diff --git a/internal/api/grpc/session/v2/session_integration_test.go b/internal/api/grpc/session/v2/session_integration_test.go index 949d78ded2..7f6ad96643 100644 --- a/internal/api/grpc/session/v2/session_integration_test.go +++ b/internal/api/grpc/session/v2/session_integration_test.go @@ -396,7 +396,7 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) { func Test_ZITADEL_API_missing_mfa(t *testing.T) { id, token, _, _ := Tester.CreatePasswordSession(t, CTX, User.GetUserId(), integration.UserPassword) - ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", token)) + ctx := Tester.WithAuthorizationToken(context.Background(), token) sessionResp, err := Tester.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{SessionId: id}) require.Error(t, err) require.Nil(t, sessionResp) @@ -405,7 +405,7 @@ func Test_ZITADEL_API_missing_mfa(t *testing.T) { func Test_ZITADEL_API_success(t *testing.T) { id, token, _, _ := Tester.CreatePasskeySession(t, CTX, User.GetUserId()) - ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", token)) + ctx := Tester.WithAuthorizationToken(context.Background(), token) sessionResp, err := Tester.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{SessionId: id}) require.NoError(t, err) require.NotNil(t, id, sessionResp.GetSession().GetFactors().GetPasskey().GetVerifiedAt().AsTime()) @@ -415,7 +415,7 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) { id, token, _, _ := Tester.CreatePasskeySession(t, CTX, User.GetUserId()) // test session token works - ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", token)) + ctx := Tester.WithAuthorizationToken(context.Background(), token) _, err := Tester.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{SessionId: id}) require.NoError(t, err) @@ -425,7 +425,7 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) { SessionToken: gu.Ptr(token), }) require.NoError(t, err) - ctx = metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", token)) + ctx = Tester.WithAuthorizationToken(context.Background(), token) _, err = Tester.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{SessionId: id}) require.Error(t, err) } diff --git a/internal/api/grpc/user/converter.go b/internal/api/grpc/user/converter.go index 6b56ad6632..7b00d2f4cc 100644 --- a/internal/api/grpc/user/converter.go +++ b/internal/api/grpc/user/converter.go @@ -197,7 +197,7 @@ func AuthMethodToPb(mfa *query.AuthMethod) *user_pb.AuthFactor { State: MFAStateToPb(mfa.State), } switch mfa.Type { - case domain.UserAuthMethodTypeOTP: + case domain.UserAuthMethodTypeTOTP: factor.Type = &user_pb.AuthFactor_Otp{ Otp: &user_pb.AuthFactorOTP{}, } @@ -208,6 +208,14 @@ func AuthMethodToPb(mfa *query.AuthMethod) *user_pb.AuthFactor { Name: mfa.Name, }, } + case domain.UserAuthMethodTypeOTPSMS: + factor.Type = &user_pb.AuthFactor_OtpSms{ + OtpSms: &user_pb.AuthFactorOTPSMS{}, + } + case domain.UserAuthMethodTypeOTPEmail: + factor.Type = &user_pb.AuthFactor_OtpEmail{ + OtpEmail: &user_pb.AuthFactorOTPEmail{}, + } } return factor } diff --git a/internal/api/grpc/user/v2/otp.go b/internal/api/grpc/user/v2/otp.go new file mode 100644 index 0000000000..6e8e7686c8 --- /dev/null +++ b/internal/api/grpc/user/v2/otp.go @@ -0,0 +1,43 @@ +package user + +import ( + "context" + + "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/api/grpc/object/v2" + user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" +) + +func (s *Server) AddOTPSMS(ctx context.Context, req *user.AddOTPSMSRequest) (*user.AddOTPSMSResponse, error) { + details, err := s.command.AddHumanOTPSMS(ctx, req.GetUserId(), authz.GetCtxData(ctx).ResourceOwner) + if err != nil { + return nil, err + } + return &user.AddOTPSMSResponse{Details: object.DomainToDetailsPb(details)}, nil + +} + +func (s *Server) RemoveOTPSMS(ctx context.Context, req *user.RemoveOTPSMSRequest) (*user.RemoveOTPSMSResponse, error) { + objectDetails, err := s.command.RemoveHumanOTPSMS(ctx, req.GetUserId(), authz.GetCtxData(ctx).ResourceOwner) + if err != nil { + return nil, err + } + return &user.RemoveOTPSMSResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil +} + +func (s *Server) AddOTPEmail(ctx context.Context, req *user.AddOTPEmailRequest) (*user.AddOTPEmailResponse, error) { + details, err := s.command.AddHumanOTPEmail(ctx, req.GetUserId(), authz.GetCtxData(ctx).ResourceOwner) + if err != nil { + return nil, err + } + return &user.AddOTPEmailResponse{Details: object.DomainToDetailsPb(details)}, nil + +} + +func (s *Server) RemoveOTPEmail(ctx context.Context, req *user.RemoveOTPEmailRequest) (*user.RemoveOTPEmailResponse, error) { + objectDetails, err := s.command.RemoveHumanOTPEmail(ctx, req.GetUserId(), authz.GetCtxData(ctx).ResourceOwner) + if err != nil { + return nil, err + } + return &user.RemoveOTPEmailResponse{Details: object.DomainToDetailsPb(objectDetails)}, nil +} diff --git a/internal/api/grpc/user/v2/otp_integration_test.go b/internal/api/grpc/user/v2/otp_integration_test.go new file mode 100644 index 0000000000..5d36dd361e --- /dev/null +++ b/internal/api/grpc/user/v2/otp_integration_test.go @@ -0,0 +1,302 @@ +//go:build integration + +package user_test + +import ( + "context" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/zitadel/zitadel/internal/integration" + object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha" + user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" +) + +func TestServer_AddOTPSMS(t *testing.T) { + userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreatePasskeySession(t, CTX, userID) + + // TODO: add when phone can be added to user + /* + userIDPhone := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userIDPhone) + _, sessionTokenPhone, _, _ := Tester.CreatePasskeySession(t, CTX, userIDPhone) + */ + type args struct { + ctx context.Context + req *user.AddOTPSMSRequest + } + tests := []struct { + name string + args args + want *user.AddOTPSMSResponse + wantErr bool + }{ + { + name: "missing user id", + args: args{ + ctx: CTX, + req: &user.AddOTPSMSRequest{}, + }, + wantErr: true, + }, + { + name: "user mismatch", + args: args{ + ctx: CTX, + req: &user.AddOTPSMSRequest{ + UserId: "wrong", + }, + }, + wantErr: true, + }, + { + name: "phone not verified", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionToken), + req: &user.AddOTPSMSRequest{ + UserId: userID, + }, + }, + wantErr: true, + }, + // TODO: add when phone can be added to user + /* + { + name: "add success", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionTokenPhone), + req: &user.AddOTPSMSRequest{ + UserId: userID, + }, + }, + want: &user.AddOTPSMSResponse{ + Details: &object.Details{ + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + */ + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.AddOTPSMS(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.NotNil(t, got) + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_RemoveOTPSMS(t *testing.T) { + // TODO: add when phone can be added to user + /* + userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreatePasskeySession(t, CTX, userID) + */ + + type args struct { + ctx context.Context + req *user.RemoveOTPSMSRequest + } + tests := []struct { + name string + args args + want *user.RemoveOTPSMSResponse + wantErr bool + }{ + { + name: "not added", + args: args{ + ctx: CTX, + req: &user.RemoveOTPSMSRequest{ + UserId: "wrong", + }, + }, + wantErr: true, + }, + // TODO: add when phone can be added to user + /* + { + name: "success", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionToken), + req: &user.RemoveOTPSMSRequest{ + UserId: userID, + }, + }, + want: &user.RemoveOTPSMSResponse{ + Details: &object.Details{ + ResourceOwner: Tester.Organisation.ResourceOwner, + }, + }, + }, + */ + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.RemoveOTPSMS(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.NotNil(t, got) + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_AddOTPEmail(t *testing.T) { + userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreatePasskeySession(t, CTX, userID) + + userVerified := Tester.CreateHumanUser(CTX) + _, err := Tester.Client.UserV2.VerifyEmail(CTX, &user.VerifyEmailRequest{ + UserId: userVerified.GetUserId(), + VerificationCode: userVerified.GetEmailCode(), + }) + require.NoError(t, err) + Tester.RegisterUserPasskey(CTX, userVerified.GetUserId()) + _, sessionTokenVerified, _, _ := Tester.CreatePasskeySession(t, CTX, userVerified.GetUserId()) + + type args struct { + ctx context.Context + req *user.AddOTPEmailRequest + } + tests := []struct { + name string + args args + want *user.AddOTPEmailResponse + wantErr bool + }{ + { + name: "missing user id", + args: args{ + ctx: CTX, + req: &user.AddOTPEmailRequest{}, + }, + wantErr: true, + }, + { + name: "user mismatch", + args: args{ + ctx: CTX, + req: &user.AddOTPEmailRequest{ + UserId: "wrong", + }, + }, + wantErr: true, + }, + { + name: "email not verified", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionToken), + req: &user.AddOTPEmailRequest{ + UserId: userID, + }, + }, + wantErr: true, + }, + { + name: "add success", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionTokenVerified), + req: &user.AddOTPEmailRequest{ + UserId: userVerified.GetUserId(), + }, + }, + want: &user.AddOTPEmailResponse{ + Details: &object.Details{ + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.AddOTPEmail(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.NotNil(t, got) + integration.AssertDetails(t, tt.want, got) + }) + } +} + +func TestServer_RemoveOTPEmail(t *testing.T) { + userID := Tester.CreateHumanUser(CTX).GetUserId() + Tester.RegisterUserPasskey(CTX, userID) + _, sessionToken, _, _ := Tester.CreatePasskeySession(t, CTX, userID) + + userVerified := Tester.CreateHumanUser(CTX) + Tester.RegisterUserPasskey(CTX, userVerified.GetUserId()) + _, sessionTokenVerified, _, _ := Tester.CreatePasskeySession(t, CTX, userVerified.GetUserId()) + userVerifiedCtx := Tester.WithAuthorizationToken(context.Background(), sessionTokenVerified) + _, err := Tester.Client.UserV2.VerifyEmail(userVerifiedCtx, &user.VerifyEmailRequest{ + UserId: userVerified.GetUserId(), + VerificationCode: userVerified.GetEmailCode(), + }) + require.NoError(t, err) + _, err = Tester.Client.UserV2.AddOTPEmail(userVerifiedCtx, &user.AddOTPEmailRequest{UserId: userVerified.GetUserId()}) + require.NoError(t, err) + + type args struct { + ctx context.Context + req *user.RemoveOTPEmailRequest + } + tests := []struct { + name string + args args + want *user.RemoveOTPEmailResponse + wantErr bool + }{ + { + name: "not added", + args: args{ + ctx: Tester.WithAuthorizationToken(context.Background(), sessionToken), + req: &user.RemoveOTPEmailRequest{ + UserId: userID, + }, + }, + wantErr: true, + }, + { + name: "success", + args: args{ + ctx: userVerifiedCtx, + req: &user.RemoveOTPEmailRequest{ + UserId: userVerified.GetUserId(), + }, + }, + want: &user.RemoveOTPEmailResponse{ + Details: &object.Details{ + ResourceOwner: Tester.Organisation.ResourceOwner, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.RemoveOTPEmail(tt.args.ctx, tt.args.req) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.NotNil(t, got) + integration.AssertDetails(t, tt.want, got) + }) + } +} diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go index b115d83ebb..b0b6f439ea 100644 --- a/internal/api/grpc/user/v2/user.go +++ b/internal/api/grpc/user/v2/user.go @@ -213,7 +213,7 @@ func authMethodTypesToPb(methodTypes []domain.UserAuthMethodType) []user.Authent func authMethodTypeToPb(methodType domain.UserAuthMethodType) user.AuthenticationMethodType { switch methodType { - case domain.UserAuthMethodTypeOTP: + case domain.UserAuthMethodTypeTOTP: return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_TOTP case domain.UserAuthMethodTypeU2F: return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_U2F @@ -223,6 +223,10 @@ func authMethodTypeToPb(methodType domain.UserAuthMethodType) user.Authenticatio return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_PASSWORD case domain.UserAuthMethodTypeIDP: return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_IDP + case domain.UserAuthMethodTypeOTPSMS: + return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_OTP_SMS + case domain.UserAuthMethodTypeOTPEmail: + return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_OTP_EMAIL case domain.UserAuthMethodTypeUnspecified: return user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_UNSPECIFIED default: diff --git a/internal/api/grpc/user/v2/user_test.go b/internal/api/grpc/user/v2/user_test.go index fa3ce0b0da..e540ae7f16 100644 --- a/internal/api/grpc/user/v2/user_test.go +++ b/internal/api/grpc/user/v2/user_test.go @@ -194,8 +194,8 @@ func Test_authMethodTypeToPb(t *testing.T) { user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_UNSPECIFIED, }, { - "(t)otp", - domain.UserAuthMethodTypeOTP, + "totp", + domain.UserAuthMethodTypeTOTP, user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_TOTP, }, { @@ -218,6 +218,16 @@ func Test_authMethodTypeToPb(t *testing.T) { domain.UserAuthMethodTypeIDP, user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_IDP, }, + { + "otp sms", + domain.UserAuthMethodTypeOTPSMS, + user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_OTP_SMS, + }, + { + "otp email", + domain.UserAuthMethodTypeOTPEmail, + user.AuthenticationMethodType_AUTHENTICATION_METHOD_TYPE_OTP_EMAIL, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/api/oidc/amr.go b/internal/api/oidc/amr.go index 727e0f8889..e53db8b7c9 100644 --- a/internal/api/oidc/amr.go +++ b/internal/api/oidc/amr.go @@ -22,25 +22,35 @@ const ( // [RFC 8176, section 2]: https://datatracker.ietf.org/doc/html/rfc8176#section-2 func AuthMethodTypesToAMR(methodTypes []domain.UserAuthMethodType) []string { amr := make([]string, 0, 4) - var mfa bool + var factors, otp int for _, methodType := range methodTypes { switch methodType { case domain.UserAuthMethodTypePassword: amr = append(amr, PWD) + factors++ case domain.UserAuthMethodTypePasswordless: - mfa = true amr = append(amr, UserPresence) + factors += 2 case domain.UserAuthMethodTypeU2F: amr = append(amr, UserPresence) - case domain.UserAuthMethodTypeOTP: - amr = append(amr, OTP) + factors++ + case domain.UserAuthMethodTypeTOTP, + domain.UserAuthMethodTypeOTPSMS, + domain.UserAuthMethodTypeOTPEmail: + // a user could use multiple (t)otp, which is a factor, but still will be returned as a single `otp` entry + otp++ + factors++ case domain.UserAuthMethodTypeIDP: // no AMR value according to specification + factors++ case domain.UserAuthMethodTypeUnspecified: // ignore } } - if mfa || len(amr) >= 2 { + if otp > 0 { + amr = append(amr, OTP) + } + if factors >= 2 { amr = append(amr, MFA) } return amr diff --git a/internal/api/oidc/amr_test.go b/internal/api/oidc/amr_test.go index 1861085bc5..d4468022f2 100644 --- a/internal/api/oidc/amr_test.go +++ b/internal/api/oidc/amr_test.go @@ -46,12 +46,33 @@ func TestAMR(t *testing.T) { []string{UserPresence}, }, { - "otp checked", + "totp checked", args{ - []domain.UserAuthMethodType{domain.UserAuthMethodTypeOTP}, + []domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP}, }, []string{OTP}, }, + { + "otp sms checked", + args{ + []domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPSMS}, + }, + []string{OTP}, + }, + { + "otp email checked", + args{ + []domain.UserAuthMethodType{domain.UserAuthMethodTypeOTPEmail}, + }, + []string{OTP}, + }, + { + "multiple (t)otp checked", + args{ + []domain.UserAuthMethodType{domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypeOTPEmail}, + }, + []string{OTP, MFA}, + }, { "multiple checked", args{ diff --git a/internal/api/oidc/auth_request_converter.go b/internal/api/oidc/auth_request_converter.go index 02cbf8cba6..d424abfc50 100644 --- a/internal/api/oidc/auth_request_converter.go +++ b/internal/api/oidc/auth_request_converter.go @@ -261,7 +261,7 @@ func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChalleng func AMRFromMFAType(mfaType domain.MFAType) string { switch mfaType { - case domain.MFATypeOTP: + case domain.MFATypeTOTP: return OTP case domain.MFATypeU2F, domain.MFATypeU2FUserVerification: diff --git a/internal/api/ui/login/mfa_init_verify_handler.go b/internal/api/ui/login/mfa_init_verify_handler.go index 5993e2ae7e..e6f0749e92 100644 --- a/internal/api/ui/login/mfa_init_verify_handler.go +++ b/internal/api/ui/login/mfa_init_verify_handler.go @@ -33,7 +33,7 @@ func (l *Login) handleMFAInitVerify(w http.ResponseWriter, r *http.Request) { } var verifyData *mfaVerifyData switch data.MFAType { - case domain.MFATypeOTP: + case domain.MFATypeTOTP: verifyData = l.handleOTPVerify(w, r, authReq, data) } @@ -50,13 +50,13 @@ func (l *Login) handleMFAInitVerify(w http.ResponseWriter, r *http.Request) { func (l *Login) handleOTPVerify(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaInitVerifyData) *mfaVerifyData { userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) - _, err := l.command.HumanCheckMFAOTPSetup(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, data.Code, userAgentID, authReq.UserOrgID) + _, err := l.command.HumanCheckMFATOTPSetup(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, data.Code, userAgentID, authReq.UserOrgID) if err == nil { return nil } mfadata := &mfaVerifyData{ MFAType: data.MFAType, - otpData: otpData{ + totpData: totpData{ Secret: data.Secret, Url: data.URL, }, @@ -73,10 +73,10 @@ func (l *Login) renderMFAInitVerify(w http.ResponseWriter, r *http.Request, auth translator := l.getTranslator(r.Context(), authReq) data.baseData = l.getBaseData(r, authReq, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage) data.profileData = l.getProfileData(authReq) - if data.MFAType == domain.MFATypeOTP { - code, err := generateQrCode(data.otpData.Url) + if data.MFAType == domain.MFATypeTOTP { + code, err := generateQrCode(data.totpData.Url) if err == nil { - data.otpData.QrCode = code + data.totpData.QrCode = code } } diff --git a/internal/api/ui/login/mfa_prompt_handler.go b/internal/api/ui/login/mfa_prompt_handler.go index 185d61be99..c18511d317 100644 --- a/internal/api/ui/login/mfa_prompt_handler.go +++ b/internal/api/ui/login/mfa_prompt_handler.go @@ -80,8 +80,8 @@ func (l *Login) renderMFAPrompt(w http.ResponseWriter, r *http.Request, authReq func (l *Login) handleMFACreation(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaVerifyData) { switch data.MFAType { - case domain.MFATypeOTP: - l.handleOTPCreation(w, r, authReq, data) + case domain.MFATypeTOTP: + l.handleTOTPCreation(w, r, authReq, data) return case domain.MFATypeU2F: l.renderRegisterU2F(w, r, authReq, nil) @@ -90,16 +90,16 @@ func (l *Login) handleMFACreation(w http.ResponseWriter, r *http.Request, authRe l.renderError(w, r, authReq, caos_errs.ThrowPreconditionFailed(nil, "APP-Or3HO", "Errors.User.MFA.NoProviders")) } -func (l *Login) handleOTPCreation(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaVerifyData) { - otp, err := l.command.AddHumanOTP(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID) +func (l *Login) handleTOTPCreation(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaVerifyData) { + otp, err := l.command.AddHumanTOTP(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID) if err != nil { l.renderError(w, r, authReq, err) return } - data.otpData = otpData{ - Secret: otp.SecretString, - Url: otp.Url, + data.totpData = totpData{ + Secret: otp.Secret, + Url: otp.URI, } l.renderMFAInitVerify(w, r, authReq, data, nil) } diff --git a/internal/api/ui/login/mfa_verify_handler.go b/internal/api/ui/login/mfa_verify_handler.go index 788e189cb1..b65809c894 100644 --- a/internal/api/ui/login/mfa_verify_handler.go +++ b/internal/api/ui/login/mfa_verify_handler.go @@ -33,7 +33,7 @@ func (l *Login) handleMFAVerify(w http.ResponseWriter, r *http.Request) { l.renderMFAVerifySelected(w, r, authReq, step, data.SelectedProvider, nil) return } - if data.MFAType == domain.MFATypeOTP { + if data.MFAType == domain.MFATypeTOTP { userAgentID, _ := http_mw.UserAgentIDFromCtx(r.Context()) err = l.authRepo.VerifyMFAOTP(setContext(r.Context(), authReq.UserOrgID), authReq.ID, authReq.UserID, authReq.UserOrgID, data.Code, userAgentID, domain.BrowserInfoFromRequest(r)) @@ -45,7 +45,7 @@ func (l *Login) handleMFAVerify(w http.ResponseWriter, r *http.Request) { } if err != nil { - l.renderMFAVerifySelected(w, r, authReq, step, domain.MFATypeOTP, err) + l.renderMFAVerifySelected(w, r, authReq, step, domain.MFATypeTOTP, err) return } } @@ -79,9 +79,9 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request, data.Description = translator.LocalizeWithoutArgs("VerifyMFAU2F.Description") l.renderU2FVerification(w, r, authReq, removeSelectedProviderFromList(verificationStep.MFAProviders, domain.MFATypeU2F), nil) return - case domain.MFATypeOTP: - data.MFAProviders = removeSelectedProviderFromList(verificationStep.MFAProviders, domain.MFATypeOTP) - data.SelectedMFAProvider = domain.MFATypeOTP + case domain.MFATypeTOTP: + data.MFAProviders = removeSelectedProviderFromList(verificationStep.MFAProviders, domain.MFATypeTOTP) + data.SelectedMFAProvider = domain.MFATypeTOTP data.Title = translator.LocalizeWithoutArgs("VerifyMFAOTP.Title") data.Description = translator.LocalizeWithoutArgs("VerifyMFAOTP.Description") default: diff --git a/internal/api/ui/login/renderer.go b/internal/api/ui/login/renderer.go index 5c20168d35..bcbe4ad9af 100644 --- a/internal/api/ui/login/renderer.go +++ b/internal/api/ui/login/renderer.go @@ -673,7 +673,7 @@ type mfaVerifyData struct { baseData profileData MFAType domain.MFAType - otpData + totpData } type mfaDoneData struct { @@ -682,7 +682,7 @@ type mfaDoneData struct { MFAType domain.MFAType } -type otpData struct { +type totpData struct { Url string Secret string QrCode string diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 9e797b8d0b..26b1388229 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -368,7 +368,7 @@ func (repo *AuthRequestRepo) VerifyMFAOTP(ctx context.Context, authRequestID, us if err != nil { return err } - return repo.Command.HumanCheckMFAOTP(ctx, userID, code, resourceOwner, request.WithCurrentInfo(info)) + return repo.Command.HumanCheckMFATOTP(ctx, userID, code, resourceOwner, request.WithCurrentInfo(info)) } func (repo *AuthRequestRepo) BeginMFAU2FLogin(ctx context.Context, userID, resourceOwner, authRequestID, userAgentID string) (login *domain.WebAuthNLogin, err error) { diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go index c94b57d7eb..7e94c61ef6 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go @@ -1016,7 +1016,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, }, false}, []domain.NextStep{&domain.MFAVerificationStep{ - MFAProviders: []domain.MFAType{domain.MFATypeOTP}, + MFAProviders: []domain.MFAType{domain.MFATypeTOTP}, }}, nil, }, @@ -1050,7 +1050,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, }, false}, []domain.NextStep{&domain.MFAVerificationStep{ - MFAProviders: []domain.MFAType{domain.MFATypeOTP}, + MFAProviders: []domain.MFAType{domain.MFATypeTOTP}, }}, nil, }, @@ -1087,7 +1087,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) { }, }, false}, []domain.NextStep{&domain.MFAVerificationStep{ - MFAProviders: []domain.MFAType{domain.MFATypeOTP}, + MFAProviders: []domain.MFAType{domain.MFATypeTOTP}, }}, nil, }, @@ -1637,7 +1637,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { }, &domain.MFAPromptStep{ MFAProviders: []domain.MFAType{ - domain.MFATypeOTP, + domain.MFATypeTOTP, }, }, false, @@ -1663,7 +1663,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { &domain.MFAPromptStep{ Required: true, MFAProviders: []domain.MFAType{ - domain.MFATypeOTP, + domain.MFATypeTOTP, }, }, false, @@ -1731,7 +1731,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { }, &domain.MFAVerificationStep{ - MFAProviders: []domain.MFAType{domain.MFATypeOTP}, + MFAProviders: []domain.MFAType{domain.MFATypeTOTP}, }, false, nil, @@ -1755,7 +1755,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { isInternal: false, }, &domain.MFAVerificationStep{ - MFAProviders: []domain.MFAType{domain.MFATypeOTP}, + MFAProviders: []domain.MFAType{domain.MFATypeTOTP}, }, false, nil, @@ -1803,7 +1803,7 @@ func TestAuthRequestRepo_mfaChecked(t *testing.T) { &domain.MFAPromptStep{ Required: true, MFAProviders: []domain.MFAType{ - domain.MFATypeOTP, + domain.MFATypeTOTP, }, }, false, diff --git a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go index 5bcecf9dd4..1e2153863a 100644 --- a/internal/authz/repository/eventsourcing/eventstore/token_verifier.go +++ b/internal/authz/repository/eventsourcing/eventstore/token_verifier.go @@ -199,12 +199,21 @@ func authMethodsFromSession(session *query.Session) []domain.UserAuthMethodType // TODO: add checks with https://github.com/zitadel/zitadel/issues/5477 /* if !session.TOTPFactor.TOTPCheckedAt.IsZero() { - types = append(types, domain.UserAuthMethodTypeOTP) + types = append(types, domain.UserAuthMethodTypeTOTP) } if !session.U2FFactor.U2FCheckedAt.IsZero() { types = append(types, domain.UserAuthMethodTypeU2F) } */ + // TODO: add checks with https://github.com/zitadel/zitadel/issues/6224 + /* + if !session.TOTPFactor.OTPSMSCheckedAt.IsZero() { + types = append(types, domain.UserAuthMethodTypeOTPSMS) + } + if !session.TOTPFactor.OTPEmailCheckedAt.IsZero() { + types = append(types, domain.UserAuthMethodTypeOTPEmail) + } + */ return types } diff --git a/internal/command/session_model.go b/internal/command/session_model.go index dce787ff76..764724e0e1 100644 --- a/internal/command/session_model.go +++ b/internal/command/session_model.go @@ -155,6 +155,7 @@ func (wm *SessionWriteModel) AuthenticationTime() time.Time { wm.PasskeyCheckedAt, wm.IntentCheckedAt, // TODO: add U2F and OTP check https://github.com/zitadel/zitadel/issues/5477 + // TODO: add OTP (sms and email) check https://github.com/zitadel/zitadel/issues/6224 } { if check.After(authTime) { authTime = check @@ -178,11 +179,20 @@ func (wm *SessionWriteModel) AuthMethodTypes() []domain.UserAuthMethodType { // TODO: add checks with https://github.com/zitadel/zitadel/issues/5477 /* if !wm.TOTPCheckedAt.IsZero() { - types = append(types, domain.UserAuthMethodTypeOTP) + types = append(types, domain.UserAuthMethodTypeTOTP) } if !wm.U2FCheckedAt.IsZero() { types = append(types, domain.UserAuthMethodTypeU2F) } */ + // TODO: add checks with https://github.com/zitadel/zitadel/issues/6224 + /* + if !wm.TOTPFactor.OTPSMSCheckedAt.IsZero() { + types = append(types, domain.UserAuthMethodTypeOTPSMS) + } + if !wm.TOTPFactor.OTPEmailCheckedAt.IsZero() { + types = append(types, domain.UserAuthMethodTypeOTPEmail) + } + */ return types } diff --git a/internal/command/user_human_otp.go b/internal/command/user_human_otp.go index 8bf6f04685..a1f207b402 100644 --- a/internal/command/user_human_otp.go +++ b/internal/command/user_human_otp.go @@ -11,12 +11,11 @@ import ( "github.com/zitadel/zitadel/internal/domain" caos_errs "github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/eventstore" - "github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/telemetry/tracing" ) -func (c *Commands) ImportHumanOTP(ctx context.Context, userID, userAgentID, resourceowner string, key string) error { +func (c *Commands) ImportHumanTOTP(ctx context.Context, userID, userAgentID, resourceowner string, key string) error { encryptedSecret, err := crypto.Encrypt([]byte(key), c.multifactors.OTP.CryptoMFA) if err != nil { return err @@ -25,7 +24,7 @@ func (c *Commands) ImportHumanOTP(ctx context.Context, userID, userAgentID, reso return err } - otpWriteModel, err := c.otpWriteModelByID(ctx, userID, resourceowner) + otpWriteModel, err := c.totpWriteModelByID(ctx, userID, resourceowner) if err != nil { return err } @@ -41,7 +40,7 @@ func (c *Commands) ImportHumanOTP(ctx context.Context, userID, userAgentID, reso return err } -func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string) (*domain.OTP, error) { +func (c *Commands) AddHumanTOTP(ctx context.Context, userID, resourceowner string) (*domain.TOTP, error) { if userID == "" { return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") } @@ -49,21 +48,19 @@ func (c *Commands) AddHumanOTP(ctx context.Context, userID, resourceowner string if err != nil { return nil, err } - _, err = c.eventstore.Push(ctx, prep.cmds...) + err = c.pushAppendAndReduce(ctx, prep.wm, prep.cmds...) if err != nil { return nil, err } - return &domain.OTP{ - ObjectRoot: models.ObjectRoot{ - AggregateID: prep.userAgg.ID, - }, - SecretString: prep.key.Secret(), - Url: prep.key.URL(), + return &domain.TOTP{ + ObjectDetails: writeModelToObjectDetails(&prep.wm.WriteModel), + Secret: prep.key.Secret(), + URI: prep.key.URL(), }, nil } type preparedTOTP struct { - wm *HumanOTPWriteModel + wm *HumanTOTPWriteModel userAgg *eventstore.Aggregate key *otp.Key cmds []eventstore.Command @@ -72,21 +69,21 @@ type preparedTOTP struct { func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner string) (*preparedTOTP, error) { human, err := c.getHuman(ctx, userID, resourceOwner) if err != nil { - logging.Log("COMMAND-DAqe1").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get human for loginname") + logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get human for loginname") return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-MM9fs", "Errors.User.NotFound") } org, err := c.getOrg(ctx, human.ResourceOwner) if err != nil { - logging.Log("COMMAND-Cm0ds").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org for loginname") + logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org for loginname") return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-55M9f", "Errors.Org.NotFound") } orgPolicy, err := c.getOrgDomainPolicy(ctx, org.AggregateID) if err != nil { - logging.Log("COMMAND-y5zv9").WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname") + logging.WithError(err).WithField("traceID", tracing.TraceIDFromCtx(ctx)).Debug("unable to get org policy for loginname") return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-8ugTs", "Errors.Org.DomainPolicy.NotFound") } - otpWriteModel, err := c.otpWriteModelByID(ctx, userID, resourceOwner) + otpWriteModel, err := c.totpWriteModelByID(ctx, userID, resourceOwner) if err != nil { return nil, err } @@ -103,7 +100,7 @@ func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner st if issuer == "" { issuer = authz.GetInstance(ctx).RequestedDomain() } - key, secret, err := domain.NewOTPKey(issuer, accountName, c.multifactors.OTP.CryptoMFA) + key, secret, err := domain.NewTOTPKey(issuer, accountName, c.multifactors.OTP.CryptoMFA) if err != nil { return nil, err } @@ -117,12 +114,12 @@ func (c *Commands) createHumanTOTP(ctx context.Context, userID, resourceOwner st }, nil } -func (c *Commands) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, userAgentID, resourceowner string) (*domain.ObjectDetails, error) { +func (c *Commands) HumanCheckMFATOTPSetup(ctx context.Context, userID, code, userAgentID, resourceowner string) (*domain.ObjectDetails, error) { if userID == "" { return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") } - existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceowner) + existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceowner) if err != nil { return nil, err } @@ -132,7 +129,7 @@ func (c *Commands) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, user if existingOTP.State == domain.MFAStateReady { return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-qx4ls", "Errors.Users.MFA.OTP.AlreadyReady") } - if err := domain.VerifyMFAOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA); err != nil { + if err := domain.VerifyTOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA); err != nil { return nil, err } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) @@ -148,11 +145,11 @@ func (c *Commands) HumanCheckMFAOTPSetup(ctx context.Context, userID, code, user return writeModelToObjectDetails(&existingOTP.WriteModel), nil } -func (c *Commands) HumanCheckMFAOTP(ctx context.Context, userID, code, resourceowner string, authRequest *domain.AuthRequest) error { +func (c *Commands) HumanCheckMFATOTP(ctx context.Context, userID, code, resourceowner string, authRequest *domain.AuthRequest) error { if userID == "" { return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-8N9ds", "Errors.User.UserIDMissing") } - existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceowner) + existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceowner) if err != nil { return err } @@ -160,22 +157,22 @@ func (c *Commands) HumanCheckMFAOTP(ctx context.Context, userID, code, resourceo return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3Mif9s", "Errors.User.MFA.OTP.NotReady") } userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) - err = domain.VerifyMFAOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA) + err = domain.VerifyTOTP(code, existingOTP.Secret, c.multifactors.OTP.CryptoMFA) if err == nil { _, err = c.eventstore.Push(ctx, user.NewHumanOTPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) return err } _, pushErr := c.eventstore.Push(ctx, user.NewHumanOTPCheckFailedEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest))) - logging.Log("COMMAND-9fj7s").OnError(pushErr).Error("error create password check failed event") + logging.OnError(pushErr).Error("error create password check failed event") return err } -func (c *Commands) HumanRemoveOTP(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { +func (c *Commands) HumanRemoveTOTP(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { if userID == "" { return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5M0sd", "Errors.User.UserIDMissing") } - existingOTP, err := c.otpWriteModelByID(ctx, userID, resourceOwner) + existingOTP, err := c.totpWriteModelByID(ctx, userID, resourceOwner) if err != nil { return nil, err } @@ -194,11 +191,128 @@ func (c *Commands) HumanRemoveOTP(ctx context.Context, userID, resourceOwner str return writeModelToObjectDetails(&existingOTP.WriteModel), nil } -func (c *Commands) otpWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPWriteModel, err error) { +func (c *Commands) AddHumanOTPSMS(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing") + } + if err := authz.UserIDInCTX(ctx, userID); err != nil { + return nil, err + } + otpWriteModel, err := c.otpSMSWriteModelByID(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if otpWriteModel.otpAdded { + return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady") + } + if !otpWriteModel.phoneVerified { + return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady") + } + userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) + if err = c.pushAppendAndReduce(ctx, otpWriteModel, user.NewHumanOTPSMSAddedEvent(ctx, userAgg)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&otpWriteModel.WriteModel), nil +} + +func (c *Commands) RemoveHumanOTPSMS(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing") + } + + existingOTP, err := c.otpSMSWriteModelByID(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if userID != authz.GetCtxData(ctx).UserID { + if err := c.checkPermission(ctx, domain.PermissionUserWrite, existingOTP.ResourceOwner, userID); err != nil { + return nil, err + } + } + if !existingOTP.otpAdded { + return nil, caos_errs.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting") + } + userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) + if err = c.pushAppendAndReduce(ctx, existingOTP, user.NewHumanOTPSMSRemovedEvent(ctx, userAgg)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingOTP.WriteModel), nil +} + +func (c *Commands) AddHumanOTPEmail(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing") + } + otpWriteModel, err := c.otpEmailWriteModelByID(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if otpWriteModel.otpAdded { + return nil, caos_errs.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady") + } + if !otpWriteModel.emailVerified { + return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady") + } + userAgg := UserAggregateFromWriteModel(&otpWriteModel.WriteModel) + if err = c.pushAppendAndReduce(ctx, otpWriteModel, user.NewHumanOTPEmailAddedEvent(ctx, userAgg)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&otpWriteModel.WriteModel), nil +} + +func (c *Commands) RemoveHumanOTPEmail(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) { + if userID == "" { + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing") + } + + existingOTP, err := c.otpEmailWriteModelByID(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if userID != authz.GetCtxData(ctx).UserID { + if err := c.checkPermission(ctx, domain.PermissionUserWrite, existingOTP.ResourceOwner, userID); err != nil { + return nil, err + } + } + if !existingOTP.otpAdded { + return nil, caos_errs.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting") + } + userAgg := UserAggregateFromWriteModel(&existingOTP.WriteModel) + if err = c.pushAppendAndReduce(ctx, existingOTP, user.NewHumanOTPEmailRemovedEvent(ctx, userAgg)); err != nil { + return nil, err + } + return writeModelToObjectDetails(&existingOTP.WriteModel), nil +} + +func (c *Commands) totpWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanTOTPWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() - writeModel = NewHumanOTPWriteModel(userID, resourceOwner) + writeModel = NewHumanTOTPWriteModel(userID, resourceOwner) + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} + +func (c *Commands) otpSMSWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPSMSWriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewHumanOTPSMSWriteModel(userID, resourceOwner) + err = c.eventstore.FilterToQueryReducer(ctx, writeModel) + if err != nil { + return nil, err + } + return writeModel, nil +} + +func (c *Commands) otpEmailWriteModelByID(ctx context.Context, userID, resourceOwner string) (writeModel *HumanOTPEmailWriteModel, err error) { + ctx, span := tracing.NewSpan(ctx) + defer func() { span.EndWithError(err) }() + + writeModel = NewHumanOTPEmailWriteModel(userID, resourceOwner) err = c.eventstore.FilterToQueryReducer(ctx, writeModel) if err != nil { return nil, err diff --git a/internal/command/user_human_otp_model.go b/internal/command/user_human_otp_model.go index 2e4914da50..9c9b8d2c49 100644 --- a/internal/command/user_human_otp_model.go +++ b/internal/command/user_human_otp_model.go @@ -7,15 +7,15 @@ import ( "github.com/zitadel/zitadel/internal/repository/user" ) -type HumanOTPWriteModel struct { +type HumanTOTPWriteModel struct { eventstore.WriteModel State domain.MFAState Secret *crypto.CryptoValue } -func NewHumanOTPWriteModel(userID, resourceOwner string) *HumanOTPWriteModel { - return &HumanOTPWriteModel{ +func NewHumanTOTPWriteModel(userID, resourceOwner string) *HumanTOTPWriteModel { + return &HumanTOTPWriteModel{ WriteModel: eventstore.WriteModel{ AggregateID: userID, ResourceOwner: resourceOwner, @@ -23,7 +23,7 @@ func NewHumanOTPWriteModel(userID, resourceOwner string) *HumanOTPWriteModel { } } -func (wm *HumanOTPWriteModel) Reduce() error { +func (wm *HumanTOTPWriteModel) Reduce() error { for _, event := range wm.Events { switch e := event.(type) { case *user.HumanOTPAddedEvent: @@ -40,7 +40,7 @@ func (wm *HumanOTPWriteModel) Reduce() error { return wm.WriteModel.Reduce() } -func (wm *HumanOTPWriteModel) Query() *eventstore.SearchQueryBuilder { +func (wm *HumanTOTPWriteModel) Query() *eventstore.SearchQueryBuilder { query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). AddQuery(). AggregateTypes(user.AggregateType). @@ -59,3 +59,107 @@ func (wm *HumanOTPWriteModel) Query() *eventstore.SearchQueryBuilder { } return query } + +type HumanOTPSMSWriteModel struct { + eventstore.WriteModel + + phoneVerified bool + otpAdded bool +} + +func NewHumanOTPSMSWriteModel(userID, resourceOwner string) *HumanOTPSMSWriteModel { + return &HumanOTPSMSWriteModel{ + WriteModel: eventstore.WriteModel{ + AggregateID: userID, + ResourceOwner: resourceOwner, + }, + } +} + +func (wm *HumanOTPSMSWriteModel) Reduce() error { + for _, event := range wm.Events { + switch event.(type) { + case *user.HumanPhoneVerifiedEvent: + wm.phoneVerified = true + case *user.HumanOTPSMSAddedEvent: + wm.otpAdded = true + case *user.HumanOTPSMSRemovedEvent: + wm.otpAdded = false + case *user.HumanPhoneRemovedEvent, + *user.UserRemovedEvent: + wm.phoneVerified = false + wm.otpAdded = false + } + } + return wm.WriteModel.Reduce() +} + +func (wm *HumanOTPSMSWriteModel) Query() *eventstore.SearchQueryBuilder { + query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + AddQuery(). + AggregateTypes(user.AggregateType). + AggregateIDs(wm.AggregateID). + EventTypes(user.HumanPhoneVerifiedType, + user.HumanOTPSMSAddedType, + user.HumanOTPSMSRemovedType, + user.HumanPhoneRemovedType, + user.UserRemovedType, + ). + Builder() + + if wm.ResourceOwner != "" { + query.ResourceOwner(wm.ResourceOwner) + } + return query +} + +type HumanOTPEmailWriteModel struct { + eventstore.WriteModel + + emailVerified bool + otpAdded bool +} + +func NewHumanOTPEmailWriteModel(userID, resourceOwner string) *HumanOTPEmailWriteModel { + return &HumanOTPEmailWriteModel{ + WriteModel: eventstore.WriteModel{ + AggregateID: userID, + ResourceOwner: resourceOwner, + }, + } +} + +func (wm *HumanOTPEmailWriteModel) Reduce() error { + for _, event := range wm.Events { + switch event.(type) { + case *user.HumanEmailVerifiedEvent: + wm.emailVerified = true + case *user.HumanOTPEmailAddedEvent: + wm.otpAdded = true + case *user.HumanOTPEmailRemovedEvent: + wm.otpAdded = false + case *user.UserRemovedEvent: + wm.emailVerified = false + wm.otpAdded = false + } + } + return wm.WriteModel.Reduce() +} + +func (wm *HumanOTPEmailWriteModel) Query() *eventstore.SearchQueryBuilder { + query := eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent). + AddQuery(). + AggregateTypes(user.AggregateType). + AggregateIDs(wm.AggregateID). + EventTypes(user.HumanEmailVerifiedType, + user.HumanOTPEmailAddedType, + user.HumanOTPEmailRemovedType, + user.UserRemovedType, + ). + Builder() + + if wm.ResourceOwner != "" { + query.ResourceOwner(wm.ResourceOwner) + } + return query +} diff --git a/internal/command/user_human_otp_test.go b/internal/command/user_human_otp_test.go index ae44489aee..28e825de4b 100644 --- a/internal/command/user_human_otp_test.go +++ b/internal/command/user_human_otp_test.go @@ -22,7 +22,7 @@ import ( "github.com/zitadel/zitadel/internal/repository/user" ) -func TestCommandSide_AddHumanOTP(t *testing.T) { +func TestCommandSide_AddHumanTOTP(t *testing.T) { type fields struct { eventstore *eventstore.Eventstore } @@ -223,7 +223,7 @@ func TestCommandSide_AddHumanOTP(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } - got, err := r.AddHumanOTP(tt.args.ctx, tt.args.userID, tt.args.orgID) + got, err := r.AddHumanTOTP(tt.args.ctx, tt.args.userID, tt.args.orgID) if tt.res.err == nil { assert.NoError(t, err) } @@ -237,7 +237,7 @@ func TestCommandSide_AddHumanOTP(t *testing.T) { } } -func TestCommands_createHumanOTP(t *testing.T) { +func TestCommands_createHumanTOTP(t *testing.T) { type fields struct { eventstore *eventstore.Eventstore } @@ -527,11 +527,11 @@ func TestCommands_createHumanOTP(t *testing.T) { } } -func TestCommands_HumanCheckMFAOTPSetup(t *testing.T) { +func TestCommands_HumanCheckMFATOTPSetup(t *testing.T) { ctx := authz.NewMockContext("", "org1", "user1") cryptoAlg := crypto.CreateMockEncryptionAlg(gomock.NewController(t)) - key, secret, err := domain.NewOTPKey("example.com", "user1", cryptoAlg) + key, secret, err := domain.NewTOTPKey("example.com", "user1", cryptoAlg) require.NoError(t, err) userAgg := &user.NewAggregate("user1", "org1").Aggregate @@ -697,7 +697,7 @@ func TestCommands_HumanCheckMFAOTPSetup(t *testing.T) { }, }, } - got, err := c.HumanCheckMFAOTPSetup(ctx, tt.args.userID, tt.args.code, "agent1", tt.args.resourceOwner) + got, err := c.HumanCheckMFATOTPSetup(ctx, tt.args.userID, tt.args.code, "agent1", tt.args.resourceOwner) require.ErrorIs(t, err, tt.wantErr) if tt.want { require.NotNil(t, got) @@ -707,7 +707,7 @@ func TestCommands_HumanCheckMFAOTPSetup(t *testing.T) { } } -func TestCommandSide_RemoveHumanOTP(t *testing.T) { +func TestCommandSide_RemoveHumanTOTP(t *testing.T) { type fields struct { eventstore *eventstore.Eventstore } @@ -802,7 +802,7 @@ func TestCommandSide_RemoveHumanOTP(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } - got, err := r.HumanRemoveOTP(tt.args.ctx, tt.args.userID, tt.args.orgID) + got, err := r.HumanRemoveTOTP(tt.args.ctx, tt.args.userID, tt.args.orgID) if tt.res.err == nil { assert.NoError(t, err) } @@ -815,3 +815,540 @@ func TestCommandSide_RemoveHumanOTP(t *testing.T) { }) } } + +func TestCommandSide_AddHumanOTPSMS(t *testing.T) { + ctx := authz.NewMockContext("inst1", "org1", "user1") + type fields struct { + eventstore func(*testing.T) *eventstore.Eventstore + } + type ( + args struct { + ctx context.Context + userID string + resourceOwner string + } + ) + type res struct { + want *domain.ObjectDetails + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: ctx, + userID: "", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-QSF2s", "Errors.User.UserIDMissing"), + }, + }, + { + name: "wrong user, permission denied error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: ctx, + userID: "other", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + }, + }, + { + name: "otp sms already exists, already exists error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanOTPSMSAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowAlreadyExists(nil, "COMMAND-Ad3g2", "Errors.User.MFA.OTP.AlreadyReady"), + }, + }, + { + name: "phone not verified, precondition failed error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), + }, + }, + { + name: "phone removed, precondition failed error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + "+4179654321", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerifiedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + eventFromEventPusher( + user.NewHumanPhoneRemovedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Q54j2", "Errors.User.MFA.OTP.NotReady"), + }, + }, + { + name: "successful add", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + "+4179654321", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerifiedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID("inst1", + user.NewHumanOTPSMSAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + }, + ), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + got, err := r.AddHumanOTPSMS(tt.args.ctx, tt.args.userID, tt.args.resourceOwner) + assert.ErrorIs(t, err, tt.res.err) + assert.Equal(t, tt.res.want, got) + }) + } +} + +func TestCommandSide_RemoveHumanOTPSMS(t *testing.T) { + ctx := authz.NewMockContext("inst1", "org1", "user1") + type fields struct { + eventstore func(*testing.T) *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + resourceOwner string + } + ) + type res struct { + want *domain.ObjectDetails + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: ctx, + userID: "", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S3br2", "Errors.User.UserIDMissing"), + }, + }, + { + name: "other user not permission, permission denied error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: ctx, + userID: "other", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + }, + { + name: "otp sms not added, not found error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowNotFound(nil, "COMMAND-Sr3h3", "Errors.User.MFA.OTP.NotExisting"), + }, + }, + { + name: "successful remove", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanOTPSMSAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID("inst1", + user.NewHumanOTPSMSRemovedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + }, + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + checkPermission: tt.fields.checkPermission, + } + got, err := r.RemoveHumanOTPSMS(tt.args.ctx, tt.args.userID, tt.args.resourceOwner) + assert.ErrorIs(t, err, tt.res.err) + assert.Equal(t, tt.res.want, got) + }) + } +} + +func TestCommandSide_AddHumanOTPEmail(t *testing.T) { + ctx := authz.NewMockContext("inst1", "org1", "user1") + type fields struct { + eventstore func(*testing.T) *eventstore.Eventstore + } + type ( + args struct { + ctx context.Context + userID string + resourceOwner string + } + ) + type res struct { + want *domain.ObjectDetails + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: ctx, + userID: "", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sg1hz", "Errors.User.UserIDMissing"), + }, + }, + { + name: "otp email already exists, already exists error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanOTPEmailAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowAlreadyExists(nil, "COMMAND-MKL2s", "Errors.User.MFA.OTP.AlreadyReady"), + }, + }, + { + name: "email not verified, precondition failed error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KLJ2d", "Errors.User.MFA.OTP.NotReady"), + }, + }, + { + name: "successful add", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanEmailChangedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + "email@test.ch", + ), + ), + eventFromEventPusher( + user.NewHumanEmailVerifiedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID("inst1", + user.NewHumanOTPEmailAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + }, + ), + ), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + got, err := r.AddHumanOTPEmail(tt.args.ctx, tt.args.userID, tt.args.resourceOwner) + assert.ErrorIs(t, err, tt.res.err) + assert.Equal(t, tt.res.want, got) + }) + } +} + +func TestCommandSide_RemoveHumanOTPEmail(t *testing.T) { + ctx := authz.NewMockContext("inst1", "org1", "user1") + type fields struct { + eventstore func(*testing.T) *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type ( + args struct { + ctx context.Context + userID string + resourceOwner string + } + ) + type res struct { + want *domain.ObjectDetails + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: ctx, + userID: "", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-S2h11", "Errors.User.UserIDMissing"), + }, + }, + { + name: "other user not permission, permission denied error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + ctx: ctx, + userID: "other", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + }, + { + name: "otp email not added, not found error", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.ThrowNotFound(nil, "COMMAND-b312D", "Errors.User.MFA.OTP.NotExisting"), + }, + }, + { + name: "successful remove", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewHumanOTPEmailAddedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusherWithInstanceID("inst1", + user.NewHumanOTPEmailRemovedEvent(ctx, + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + }, + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + ctx: ctx, + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + checkPermission: tt.fields.checkPermission, + } + got, err := r.RemoveHumanOTPEmail(tt.args.ctx, tt.args.userID, tt.args.resourceOwner) + assert.ErrorIs(t, err, tt.res.err) + assert.Equal(t, tt.res.want, got) + }) + } +} diff --git a/internal/command/user_human_phone_test.go b/internal/command/user_human_phone_test.go index c7f7535a68..98ee9da7c7 100644 --- a/internal/command/user_human_phone_test.go +++ b/internal/command/user_human_phone_test.go @@ -885,70 +885,70 @@ func TestCommandSide_RemoveHumanPhone(t *testing.T) { args args res res }{ - //{ - // name: "userid missing, invalid argument error", - // fields: fields{ - // eventstore: eventstoreExpect( - // t, - // ), - // }, - // args: args{ - // ctx: context.Background(), - // resourceOwner: "org1", - // }, - // res: res{ - // err: caos_errs.IsErrorInvalidArgument, - // }, - //}, - //{ - // name: "user not existing, precondition error", - // fields: fields{ - // eventstore: eventstoreExpect( - // t, - // expectFilter(), - // ), - // }, - // args: args{ - // ctx: context.Background(), - // userID: "user1", - // resourceOwner: "org1", - // }, - // res: res{ - // err: caos_errs.IsPreconditionFailed, - // }, - //}, - //{ - // name: "phone not existing, precondition error", - // fields: fields{ - // eventstore: eventstoreExpect( - // t, - // expectFilter( - // eventFromEventPusher( - // user.NewHumanAddedEvent(context.Background(), - // &user.NewAggregate("user1", "org1").Aggregate, - // "username", - // "firstname", - // "lastname", - // "nickname", - // "displayname", - // language.German, - // domain.GenderUnspecified, - // "email@test.ch", - // true, - // ), - // ), - // ), - // ), - // }, - // args: args{ - // ctx: context.Background(), - // userID: "user1", - // resourceOwner: "org1", - // }, - // res: res{ - // err: caos_errs.IsNotFound, - // }, - //}, + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: eventstoreExpect( + t, + ), + }, + args: args{ + ctx: context.Background(), + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.IsErrorInvalidArgument, + }, + }, + { + name: "user not existing, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.IsPreconditionFailed, + }, + }, + { + name: "phone not existing, precondition error", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + resourceOwner: "org1", + }, + res: res{ + err: caos_errs.IsNotFound, + }, + }, { name: "remove phone, ok", fields: fields{ diff --git a/internal/command/user_v2_passkey_test.go b/internal/command/user_v2_passkey_test.go index 8a96d4a213..4d87e4bf45 100644 --- a/internal/command/user_v2_passkey_test.go +++ b/internal/command/user_v2_passkey_test.go @@ -57,7 +57,7 @@ func TestCommands_RegisterUserPasskey(t *testing.T) { resourceOwner: "org1", authenticator: domain.AuthenticatorAttachmentCrossPlattform, }, - wantErr: caos_errs.ThrowUnauthenticated(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "get human passwordless error", diff --git a/internal/command/user_v2_totp.go b/internal/command/user_v2_totp.go index 76840bac13..61514b0e7e 100644 --- a/internal/command/user_v2_totp.go +++ b/internal/command/user_v2_totp.go @@ -29,5 +29,5 @@ func (c *Commands) CheckUserTOTP(ctx context.Context, userID, code, resourceOwne if err := authz.UserIDInCTX(ctx, userID); err != nil { return nil, err } - return c.HumanCheckMFAOTPSetup(ctx, userID, code, "", resourceOwner) + return c.HumanCheckMFATOTPSetup(ctx, userID, code, "", resourceOwner) } diff --git a/internal/command/user_v2_totp_test.go b/internal/command/user_v2_totp_test.go index 90596428ae..32a5d9e09c 100644 --- a/internal/command/user_v2_totp_test.go +++ b/internal/command/user_v2_totp_test.go @@ -45,7 +45,7 @@ func TestCommands_AddUserTOTP(t *testing.T) { userID: "foo", resourceowner: "org1", }, - wantErr: caos_errs.ThrowUnauthenticated(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "create otp error", @@ -191,7 +191,7 @@ func TestCommands_CheckUserTOTP(t *testing.T) { ctx := authz.NewMockContext("", "org1", "user1") cryptoAlg := crypto.CreateMockEncryptionAlg(gomock.NewController(t)) - key, secret, err := domain.NewOTPKey("example.com", "user1", cryptoAlg) + key, secret, err := domain.NewTOTPKey("example.com", "user1", cryptoAlg) require.NoError(t, err) userAgg := &user.NewAggregate("user1", "org1").Aggregate @@ -218,7 +218,7 @@ func TestCommands_CheckUserTOTP(t *testing.T) { args: args{ userID: "foo", }, - wantErr: caos_errs.ThrowUnauthenticated(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "success", diff --git a/internal/command/user_v2_u2f_test.go b/internal/command/user_v2_u2f_test.go index ebab0a4ced..6ae5bf6e2d 100644 --- a/internal/command/user_v2_u2f_test.go +++ b/internal/command/user_v2_u2f_test.go @@ -52,7 +52,7 @@ func TestCommands_RegisterUserU2F(t *testing.T) { userID: "foo", resourceOwner: "org1", }, - wantErr: caos_errs.ThrowUnauthenticated(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTH-Bohd2", "Errors.User.UserIDWrong"), }, { name: "get human passwordless error", diff --git a/internal/domain/auth_request.go b/internal/domain/auth_request.go index 765fead8a9..f7f4da19f5 100644 --- a/internal/domain/auth_request.go +++ b/internal/domain/auth_request.go @@ -102,7 +102,7 @@ const ( type MFAType int const ( - MFATypeOTP MFAType = iota + MFATypeTOTP MFAType = iota MFATypeU2F MFATypeU2FUserVerification ) diff --git a/internal/domain/human_otp.go b/internal/domain/human_otp.go index 479814340b..8dd9ddcb37 100644 --- a/internal/domain/human_otp.go +++ b/internal/domain/human_otp.go @@ -3,20 +3,11 @@ package domain import ( "github.com/pquerna/otp" "github.com/pquerna/otp/totp" + "github.com/zitadel/zitadel/internal/crypto" caos_errs "github.com/zitadel/zitadel/internal/errors" - es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models" ) -type OTP struct { - es_models.ObjectRoot - - Secret *crypto.CryptoValue - SecretString string - Url string - State MFAState -} - type TOTP struct { *ObjectDetails @@ -24,7 +15,7 @@ type TOTP struct { URI string } -func NewOTPKey(issuer, accountName string, cryptoAlg crypto.EncryptionAlgorithm) (*otp.Key, *crypto.CryptoValue, error) { +func NewTOTPKey(issuer, accountName string, cryptoAlg crypto.EncryptionAlgorithm) (*otp.Key, *crypto.CryptoValue, error) { key, err := totp.Generate(totp.GenerateOpts{Issuer: issuer, AccountName: accountName}) if err != nil { return nil, nil, caos_errs.ThrowInternal(err, "TOTP-ieY3o", "Errors.Internal") @@ -36,7 +27,7 @@ func NewOTPKey(issuer, accountName string, cryptoAlg crypto.EncryptionAlgorithm) return key, encryptedSecret, nil } -func VerifyMFAOTP(code string, secret *crypto.CryptoValue, cryptoAlg crypto.EncryptionAlgorithm) error { +func VerifyTOTP(code string, secret *crypto.CryptoValue, cryptoAlg crypto.EncryptionAlgorithm) error { decrypt, err := crypto.DecryptString(secret, cryptoAlg) if err != nil { return err diff --git a/internal/domain/user.go b/internal/domain/user.go index b46d4227db..18fa2db9af 100644 --- a/internal/domain/user.go +++ b/internal/domain/user.go @@ -48,11 +48,13 @@ type UserAuthMethodType int32 const ( UserAuthMethodTypeUnspecified UserAuthMethodType = iota - UserAuthMethodTypeOTP + UserAuthMethodTypeTOTP UserAuthMethodTypeU2F UserAuthMethodTypePasswordless UserAuthMethodTypePassword UserAuthMethodTypeIDP + UserAuthMethodTypeOTPSMS + UserAuthMethodTypeOTPEmail userAuthMethodTypeCount ) @@ -67,15 +69,14 @@ func HasMFA(methods []UserAuthMethodType) bool { var factors int for _, method := range methods { switch method { - case UserAuthMethodTypePassword: - factors++ case UserAuthMethodTypePasswordless: return true - case UserAuthMethodTypeU2F: - factors++ - case UserAuthMethodTypeOTP: - factors++ - case UserAuthMethodTypeIDP: + case UserAuthMethodTypePassword, + UserAuthMethodTypeU2F, + UserAuthMethodTypeTOTP, + UserAuthMethodTypeOTPSMS, + UserAuthMethodTypeOTPEmail, + UserAuthMethodTypeIDP: factors++ case UserAuthMethodTypeUnspecified, userAuthMethodTypeCount: diff --git a/internal/eventstore/eventstore.go b/internal/eventstore/eventstore.go index 216a29bdee..67ab235910 100644 --- a/internal/eventstore/eventstore.go +++ b/internal/eventstore/eventstore.go @@ -315,6 +315,9 @@ func GenericEventMapper[T any, PT BaseEventSetter[T]](event *repository.Event) ( e := PT(new(T)) e.SetBaseEvent(BaseEventFromRepo(event)) + if len(event.Data) == 0 { + return e, nil + } err := json.Unmarshal(event.Data, e) if err != nil { return nil, errors.ThrowInternal(err, "V2-Thai6", "unable to unmarshal event") diff --git a/internal/integration/integration.go b/internal/integration/integration.go index 8634095f3e..0912f8dc0b 100644 --- a/internal/integration/integration.go +++ b/internal/integration/integration.go @@ -248,7 +248,11 @@ func (s *Tester) WithInstanceAuthorization(ctx context.Context, u UserType, inst if u == SystemUser { s.ensureSystemUser() } - return metadata.AppendToOutgoingContext(ctx, "Authorization", fmt.Sprintf("Bearer %s", s.Users.Get(instanceID, u).Token)) + return s.WithAuthorizationToken(ctx, s.Users.Get(instanceID, u).Token) +} + +func (s *Tester) WithAuthorizationToken(ctx context.Context, token string) context.Context { + return metadata.AppendToOutgoingContext(ctx, "Authorization", fmt.Sprintf("Bearer %s", token)) } func (s *Tester) ensureSystemUser() { diff --git a/internal/query/projection/user_auth_method.go b/internal/query/projection/user_auth_method.go index ee6f92a404..ddaa53c2bd 100644 --- a/internal/query/projection/user_auth_method.go +++ b/internal/query/projection/user_auth_method.go @@ -89,6 +89,14 @@ func (p *userAuthMethodProjection) reducers() []handler.AggregateReducer { Event: user.HumanMFAOTPVerifiedType, Reduce: p.reduceActivateEvent, }, + { + Event: user.HumanOTPSMSAddedType, + Reduce: p.reduceAddAuthMethod, + }, + { + Event: user.HumanOTPEmailAddedType, + Reduce: p.reduceAddAuthMethod, + }, { Event: user.HumanPasswordlessTokenRemovedType, Reduce: p.reduceRemoveAuthMethod, @@ -101,6 +109,14 @@ func (p *userAuthMethodProjection) reducers() []handler.AggregateReducer { Event: user.HumanMFAOTPRemovedType, Reduce: p.reduceRemoveAuthMethod, }, + { + Event: user.HumanOTPSMSRemovedType, + Reduce: p.reduceRemoveAuthMethod, + }, + { + Event: user.HumanOTPEmailRemovedType, + Reduce: p.reduceRemoveAuthMethod, + }, }, }, { @@ -135,7 +151,7 @@ func (p *userAuthMethodProjection) reduceInitAuthMethod(event eventstore.Event) methodType = domain.UserAuthMethodTypeU2F tokenID = e.WebAuthNTokenID case *user.HumanOTPAddedEvent: - methodType = domain.UserAuthMethodTypeOTP + methodType = domain.UserAuthMethodTypeTOTP default: return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) } @@ -178,7 +194,7 @@ func (p *userAuthMethodProjection) reduceActivateEvent(event eventstore.Event) ( tokenID = e.WebAuthNTokenID name = e.WebAuthNTokenName case *user.HumanOTPVerifiedEvent: - methodType = domain.UserAuthMethodTypeOTP + methodType = domain.UserAuthMethodTypeTOTP default: return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) @@ -202,6 +218,34 @@ func (p *userAuthMethodProjection) reduceActivateEvent(event eventstore.Event) ( ), nil } +func (p *userAuthMethodProjection) reduceAddAuthMethod(event eventstore.Event) (*handler.Statement, error) { + var methodType domain.UserAuthMethodType + switch event.(type) { + case *user.HumanOTPSMSAddedEvent: + methodType = domain.UserAuthMethodTypeOTPSMS + case *user.HumanOTPEmailAddedEvent: + methodType = domain.UserAuthMethodTypeOTPEmail + default: + return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-DS4g3", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanOTPSMSAddedType, user.HumanOTPEmailAddedType}) + } + + return crdb.NewCreateStatement( + event, + []handler.Column{ + handler.NewCol(UserAuthMethodTokenIDCol, ""), + handler.NewCol(UserAuthMethodCreationDateCol, event.CreationDate()), + handler.NewCol(UserAuthMethodChangeDateCol, event.CreationDate()), + handler.NewCol(UserAuthMethodResourceOwnerCol, event.Aggregate().ResourceOwner), + handler.NewCol(UserAuthMethodInstanceIDCol, event.Aggregate().InstanceID), + handler.NewCol(UserAuthMethodUserIDCol, event.Aggregate().ID), + handler.NewCol(UserAuthMethodSequenceCol, event.Sequence()), + handler.NewCol(UserAuthMethodStateCol, domain.MFAStateReady), + handler.NewCol(UserAuthMethodTypeCol, methodType), + handler.NewCol(UserAuthMethodNameCol, ""), + }, + ), nil +} + func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event) (*handler.Statement, error) { var tokenID string var methodType domain.UserAuthMethodType @@ -213,10 +257,17 @@ func (p *userAuthMethodProjection) reduceRemoveAuthMethod(event eventstore.Event methodType = domain.UserAuthMethodTypeU2F tokenID = e.WebAuthNTokenID case *user.HumanOTPRemovedEvent: - methodType = domain.UserAuthMethodTypeOTP + methodType = domain.UserAuthMethodTypeTOTP + case *user.HumanOTPSMSRemovedEvent, + *user.HumanPhoneRemovedEvent: + methodType = domain.UserAuthMethodTypeOTPSMS + case *user.HumanOTPEmailRemovedEvent: + methodType = domain.UserAuthMethodTypeOTPEmail default: - return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType}) + return nil, errors.ThrowInvalidArgumentf(nil, "PROJE-f92f", "reduce.wrong.event.type %v", + []eventstore.EventType{user.HumanPasswordlessTokenAddedType, user.HumanU2FTokenAddedType, user.HumanMFAOTPRemovedType, + user.HumanOTPSMSRemovedType, user.HumanPhoneRemovedType, user.HumanOTPEmailRemovedType}) } conditions := []handler.Condition{ handler.NewCond(UserAuthMethodUserIDCol, event.Aggregate().ID), diff --git a/internal/query/projection/user_auth_method_test.go b/internal/query/projection/user_auth_method_test.go index 252df8fe04..632f12ae92 100644 --- a/internal/query/projection/user_auth_method_test.go +++ b/internal/query/projection/user_auth_method_test.go @@ -98,7 +98,7 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { }, }, { - name: "reduceAddedOTP", + name: "reduceAddedTOTP", args: args{ event: getEvent(testEvent( repository.EventType(user.HumanMFAOTPAddedType), @@ -125,7 +125,7 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { "agg-id", uint64(15), domain.MFAStateNotReady, - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, "", }, }, @@ -208,7 +208,7 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { }, }, { - name: "reduceVerifiedOTP", + name: "reduceVerifiedTOTP", args: args{ event: getEvent(testEvent( repository.EventType(user.HumanMFAOTPVerifiedType), @@ -232,7 +232,7 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { "", domain.MFAStateReady, "agg-id", - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, "ro-id", "", "instance-id", @@ -242,6 +242,256 @@ func TestUserAuthMethodProjection_reduces(t *testing.T) { }, }, }, + { + name: "reduceAddedOTPSMS", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanOTPSMSAddedType), + user.AggregateType, + nil, + ), eventstore.GenericEventMapper[user.HumanOTPSMSAddedEvent]), + }, + reduce: (&userAuthMethodProjection{}).reduceAddAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "INSERT INTO projections.user_auth_methods4 (token_id, creation_date, change_date, resource_owner, instance_id, user_id, sequence, state, method_type, name) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedArgs: []interface{}{ + "", + anyArg{}, + anyArg{}, + "ro-id", + "instance-id", + "agg-id", + uint64(15), + domain.MFAStateReady, + domain.UserAuthMethodTypeOTPSMS, + "", + }, + }, + }, + }, + }, + }, + { + name: "reduceAddedOTPEmail", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanOTPEmailAddedType), + user.AggregateType, + nil, + ), eventstore.GenericEventMapper[user.HumanOTPEmailAddedEvent]), + }, + reduce: (&userAuthMethodProjection{}).reduceAddAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "INSERT INTO projections.user_auth_methods4 (token_id, creation_date, change_date, resource_owner, instance_id, user_id, sequence, state, method_type, name) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10)", + expectedArgs: []interface{}{ + "", + anyArg{}, + anyArg{}, + "ro-id", + "instance-id", + "agg-id", + uint64(15), + domain.MFAStateReady, + domain.UserAuthMethodTypeOTPEmail, + "", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemoveOTPPasswordless", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanPasswordlessTokenRemovedType), + user.AggregateType, + []byte(`{ + "webAuthNTokenId": "token-id" + }`), + ), user.HumanPasswordlessRemovedEventMapper), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4) AND (token_id = $5)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypePasswordless, + "ro-id", + "instance-id", + "token-id", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemoveOTPU2F", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanU2FTokenRemovedType), + user.AggregateType, + []byte(`{ + "webAuthNTokenId": "token-id" + }`), + ), user.HumanU2FRemovedEventMapper), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4) AND (token_id = $5)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypeU2F, + "ro-id", + "instance-id", + "token-id", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemoveTOTP", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanMFAOTPRemovedType), + user.AggregateType, + nil, + ), user.HumanOTPRemovedEventMapper), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypeTOTP, + "ro-id", + "instance-id", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemoveOTPSMS", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanOTPSMSRemovedType), + user.AggregateType, + nil, + ), eventstore.GenericEventMapper[user.HumanOTPSMSRemovedEvent]), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypeOTPSMS, + "ro-id", + "instance-id", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemovePhone", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanPhoneRemovedType), + user.AggregateType, + nil, + ), user.HumanPhoneRemovedEventMapper), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypeOTPSMS, + "ro-id", + "instance-id", + }, + }, + }, + }, + }, + }, + { + name: "reduceRemoveOTPEmail", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.HumanOTPEmailRemovedType), + user.AggregateType, + nil, + ), eventstore.GenericEventMapper[user.HumanOTPEmailRemovedEvent]), + }, + reduce: (&userAuthMethodProjection{}).reduceRemoveAuthMethod, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "DELETE FROM projections.user_auth_methods4 WHERE (user_id = $1) AND (method_type = $2) AND (resource_owner = $3) AND (instance_id = $4)", + expectedArgs: []interface{}{ + "agg-id", + domain.UserAuthMethodTypeOTPEmail, + "ro-id", + "instance-id", + }, + }, + }, + }, + }, + }, { name: "org reduceOwnerRemoved", reduce: (&userAuthMethodProjection{}).reduceOwnerRemoved, diff --git a/internal/query/user_auth_method_test.go b/internal/query/user_auth_method_test.go index ec38d04e53..2cfe553e06 100644 --- a/internal/query/user_auth_method_test.go +++ b/internal/query/user_auth_method_test.go @@ -280,7 +280,7 @@ func Test_UserAuthMethodPrepares(t *testing.T) { }, { true, - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, 1, }, }, @@ -292,7 +292,7 @@ func Test_UserAuthMethodPrepares(t *testing.T) { }, AuthMethodTypes: []domain.UserAuthMethodType{ domain.UserAuthMethodTypePasswordless, - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypePassword, domain.UserAuthMethodTypeIDP, }, @@ -399,7 +399,7 @@ func Test_UserAuthMethodPrepares(t *testing.T) { }, { true, - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, 1, true, true, @@ -411,7 +411,7 @@ func Test_UserAuthMethodPrepares(t *testing.T) { object: &testUserAuthMethodTypesRequired{ authMethods: []domain.UserAuthMethodType{ domain.UserAuthMethodTypePasswordless, - domain.UserAuthMethodTypeOTP, + domain.UserAuthMethodTypeTOTP, domain.UserAuthMethodTypePassword, domain.UserAuthMethodTypeIDP, }, diff --git a/internal/repository/user/eventstore.go b/internal/repository/user/eventstore.go index 1505c31cff..3a1247e524 100644 --- a/internal/repository/user/eventstore.go +++ b/internal/repository/user/eventstore.go @@ -88,6 +88,14 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, HumanMFAOTPRemovedType, HumanOTPRemovedEventMapper). RegisterFilterEventMapper(AggregateType, HumanMFAOTPCheckSucceededType, HumanOTPCheckSucceededEventMapper). RegisterFilterEventMapper(AggregateType, HumanMFAOTPCheckFailedType, HumanOTPCheckFailedEventMapper). + RegisterFilterEventMapper(AggregateType, HumanOTPSMSAddedType, eventstore.GenericEventMapper[HumanOTPSMSAddedEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPSMSRemovedType, eventstore.GenericEventMapper[HumanOTPSMSRemovedEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPSMSCheckSucceededType, eventstore.GenericEventMapper[HumanOTPSMSCheckSucceededEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPSMSCheckFailedType, eventstore.GenericEventMapper[HumanOTPSMSCheckFailedEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPEmailAddedType, eventstore.GenericEventMapper[HumanOTPEmailAddedEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPEmailRemovedType, eventstore.GenericEventMapper[HumanOTPEmailRemovedEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPEmailCheckSucceededType, eventstore.GenericEventMapper[HumanOTPEmailCheckSucceededEvent]). + RegisterFilterEventMapper(AggregateType, HumanOTPEmailCheckFailedType, eventstore.GenericEventMapper[HumanOTPEmailCheckFailedEvent]). RegisterFilterEventMapper(AggregateType, HumanU2FTokenAddedType, HumanU2FAddedEventMapper). RegisterFilterEventMapper(AggregateType, HumanU2FTokenVerifiedType, HumanU2FVerifiedEventMapper). RegisterFilterEventMapper(AggregateType, HumanU2FTokenSignCountChangedType, HumanU2FSignCountChangedEventMapper). diff --git a/internal/repository/user/human_mfa_otp.go b/internal/repository/user/human_mfa_otp.go index e28ece9c86..3427dbbfca 100644 --- a/internal/repository/user/human_mfa_otp.go +++ b/internal/repository/user/human_mfa_otp.go @@ -12,12 +12,22 @@ import ( ) const ( - otpEventPrefix = mfaEventPrefix + "otp." - HumanMFAOTPAddedType = otpEventPrefix + "added" - HumanMFAOTPVerifiedType = otpEventPrefix + "verified" - HumanMFAOTPRemovedType = otpEventPrefix + "removed" - HumanMFAOTPCheckSucceededType = otpEventPrefix + "check.succeeded" - HumanMFAOTPCheckFailedType = otpEventPrefix + "check.failed" + otpEventPrefix = mfaEventPrefix + "otp." + HumanMFAOTPAddedType = otpEventPrefix + "added" + HumanMFAOTPVerifiedType = otpEventPrefix + "verified" + HumanMFAOTPRemovedType = otpEventPrefix + "removed" + HumanMFAOTPCheckSucceededType = otpEventPrefix + "check.succeeded" + HumanMFAOTPCheckFailedType = otpEventPrefix + "check.failed" + otpSMSEventPrefix = otpEventPrefix + "sms." + HumanOTPSMSAddedType = otpSMSEventPrefix + "added" + HumanOTPSMSRemovedType = otpSMSEventPrefix + "removed" + HumanOTPSMSCheckSucceededType = otpSMSEventPrefix + "check.succeeded" + HumanOTPSMSCheckFailedType = otpSMSEventPrefix + "check.failed" + otpEmailEventPrefix = otpEventPrefix + "email." + HumanOTPEmailAddedType = otpEmailEventPrefix + "added" + HumanOTPEmailRemovedType = otpEmailEventPrefix + "removed" + HumanOTPEmailCheckSucceededType = otpEmailEventPrefix + "check.succeeded" + HumanOTPEmailCheckFailedType = otpEmailEventPrefix + "check.failed" ) type HumanOTPAddedEvent struct { @@ -202,3 +212,247 @@ func HumanOTPCheckFailedEventMapper(event *repository.Event) (eventstore.Event, } return otpAdded, nil } + +type HumanOTPSMSAddedEvent struct { + eventstore.BaseEvent `json:"-"` +} + +func (e *HumanOTPSMSAddedEvent) Data() interface{} { + return nil +} + +func (e *HumanOTPSMSAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPSMSAddedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPSMSAddedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, +) *HumanOTPSMSAddedEvent { + return &HumanOTPSMSAddedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPSMSAddedType, + ), + } +} + +type HumanOTPSMSRemovedEvent struct { + eventstore.BaseEvent `json:"-"` +} + +func (e *HumanOTPSMSRemovedEvent) Data() interface{} { + return nil +} + +func (e *HumanOTPSMSRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPSMSRemovedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPSMSRemovedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, +) *HumanOTPSMSRemovedEvent { + return &HumanOTPSMSRemovedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPSMSRemovedType, + ), + } +} + +type HumanOTPSMSCheckSucceededEvent struct { + eventstore.BaseEvent `json:"-"` + *AuthRequestInfo +} + +func (e *HumanOTPSMSCheckSucceededEvent) Data() interface{} { + return e +} + +func (e *HumanOTPSMSCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPSMSCheckSucceededEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPSMSCheckSucceededEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + info *AuthRequestInfo, +) *HumanOTPSMSCheckSucceededEvent { + return &HumanOTPSMSCheckSucceededEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPSMSCheckSucceededType, + ), + AuthRequestInfo: info, + } +} + +type HumanOTPSMSCheckFailedEvent struct { + eventstore.BaseEvent `json:"-"` + *AuthRequestInfo +} + +func (e *HumanOTPSMSCheckFailedEvent) Data() interface{} { + return e +} + +func (e *HumanOTPSMSCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPSMSCheckFailedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPSMSCheckFailedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + info *AuthRequestInfo, +) *HumanOTPSMSCheckFailedEvent { + return &HumanOTPSMSCheckFailedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPSMSCheckFailedType, + ), + AuthRequestInfo: info, + } +} + +type HumanOTPEmailAddedEvent struct { + eventstore.BaseEvent `json:"-"` +} + +func (e *HumanOTPEmailAddedEvent) Data() interface{} { + return nil +} + +func (e *HumanOTPEmailAddedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPEmailAddedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPEmailAddedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, +) *HumanOTPEmailAddedEvent { + return &HumanOTPEmailAddedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPEmailAddedType, + ), + } +} + +type HumanOTPEmailRemovedEvent struct { + eventstore.BaseEvent `json:"-"` +} + +func (e *HumanOTPEmailRemovedEvent) Data() interface{} { + return nil +} + +func (e *HumanOTPEmailRemovedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPEmailRemovedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPEmailRemovedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, +) *HumanOTPEmailRemovedEvent { + return &HumanOTPEmailRemovedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPEmailRemovedType, + ), + } +} + +type HumanOTPEmailCheckSucceededEvent struct { + eventstore.BaseEvent `json:"-"` + *AuthRequestInfo +} + +func (e *HumanOTPEmailCheckSucceededEvent) Data() interface{} { + return e +} + +func (e *HumanOTPEmailCheckSucceededEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPEmailCheckSucceededEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPEmailCheckSucceededEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + info *AuthRequestInfo, +) *HumanOTPEmailCheckSucceededEvent { + return &HumanOTPEmailCheckSucceededEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPEmailCheckSucceededType, + ), + AuthRequestInfo: info, + } +} + +type HumanOTPEmailCheckFailedEvent struct { + eventstore.BaseEvent `json:"-"` + *AuthRequestInfo +} + +func (e *HumanOTPEmailCheckFailedEvent) Data() interface{} { + return e +} + +func (e *HumanOTPEmailCheckFailedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *HumanOTPEmailCheckFailedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewHumanOTPEmailCheckFailedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + info *AuthRequestInfo, +) *HumanOTPEmailCheckFailedEvent { + return &HumanOTPEmailCheckFailedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + HumanOTPEmailCheckFailedType, + ), + AuthRequestInfo: info, + } +} diff --git a/internal/user/model/user_view.go b/internal/user/model/user_view.go index e2378a44ed..5bc7c9a119 100644 --- a/internal/user/model/user_view.go +++ b/internal/user/model/user_view.go @@ -158,7 +158,7 @@ func (u *UserView) MFATypesSetupPossible(level domain.MFALevel, policy *domain.L switch mfaType { case domain.SecondFactorTypeTOTP: if u.OTPState != MFAStateReady { - types = append(types, domain.MFATypeOTP) + types = append(types, domain.MFATypeTOTP) } case domain.SecondFactorTypeU2F: types = append(types, domain.MFATypeU2F) @@ -183,7 +183,7 @@ func (u *UserView) MFATypesAllowed(level domain.MFALevel, policy *domain.LoginPo switch mfaType { case domain.SecondFactorTypeTOTP: if u.OTPState == MFAStateReady { - types = append(types, domain.MFATypeOTP) + types = append(types, domain.MFATypeTOTP) } case domain.SecondFactorTypeU2F: if u.IsU2FReady() { diff --git a/internal/user/repository/view/model/user_session.go b/internal/user/repository/view/model/user_session.go index b86076177f..ec611c16fa 100644 --- a/internal/user/repository/view/model/user_session.go +++ b/internal/user/repository/view/model/user_session.go @@ -134,11 +134,11 @@ func (v *UserSessionView) AppendEvent(event *models.Event) error { return err } if v.UserAgentID == data.UserAgentID { - v.setSecondFactorVerification(event.CreationDate, domain.MFATypeOTP) + v.setSecondFactorVerification(event.CreationDate, domain.MFATypeTOTP) } case user.UserV1MFAOTPCheckSucceededType, user.HumanMFAOTPCheckSucceededType: - v.setSecondFactorVerification(event.CreationDate, domain.MFATypeOTP) + v.setSecondFactorVerification(event.CreationDate, domain.MFATypeTOTP) case user.UserV1MFAOTPCheckFailedType, user.UserV1MFAOTPRemovedType, user.HumanMFAOTPCheckFailedType, diff --git a/proto/zitadel/auth.proto b/proto/zitadel/auth.proto index 2e291e13c1..934a275709 100644 --- a/proto/zitadel/auth.proto +++ b/proto/zitadel/auth.proto @@ -647,6 +647,70 @@ service AuthService { }; } + rpc AddMyAuthFactorOTPSMS(AddMyAuthFactorOTPSMSRequest) returns (AddMyAuthFactorOTPSMSResponse) { + option (google.api.http) = { + post: "/users/me/auth_factors/otp_sms" + body: "*" + }; + option (zitadel.v1.auth_option) = { + permission: "authenticated" + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Authentication Factor" + summary: "Add One-Time-Password (OTP) SMS"; + description: "Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor." + }; + } + + rpc RemoveMyAuthFactorOTPSMS(RemoveMyAuthFactorOTPSMSRequest) returns (RemoveMyAuthFactorOTPSMSResponse) { + option (google.api.http) = { + delete: "/users/me/auth_factors/otp_sms" + }; + + option (zitadel.v1.auth_option) = { + permission: "authenticated" + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Authentication Factor" + summary: "Remove One-Time-Password (OTP) SMS"; + description: "Remove the configured One-Time-Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward." + }; + } + + rpc AddMyAuthFactorOTPEmail(AddMyAuthFactorOTPEmailRequest) returns (AddMyAuthFactorOTPEmailResponse) { + option (google.api.http) = { + post: "/users/me/auth_factors/otp_email" + body: "*" + }; + option (zitadel.v1.auth_option) = { + permission: "authenticated" + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Authentication Factor" + summary: "Add One-Time-Password (OTP) Email"; + description: "Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor." + }; + } + + rpc RemoveMyAuthFactorOTPEmail(RemoveMyAuthFactorOTPEmailRequest) returns (RemoveMyAuthFactorOTPEmailResponse) { + option (google.api.http) = { + delete: "/users/me/auth_factors/otp_email" + }; + + option (zitadel.v1.auth_option) = { + permission: "authenticated" + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + tags: "User Authentication Factor" + summary: "Remove One-Time-Password (OTP) Email"; + description: "Remove the configured One-Time-Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward." + }; + } + rpc AddMyAuthFactorU2F(AddMyAuthFactorU2FRequest) returns (AddMyAuthFactorU2FResponse) { option (google.api.http) = { post: "/users/me/auth_factors/u2f" @@ -1340,6 +1404,34 @@ message RemoveMyAuthFactorOTPResponse { zitadel.v1.ObjectDetails details = 1; } +//This is an empty request +message AddMyAuthFactorOTPSMSRequest {} + +message AddMyAuthFactorOTPSMSResponse { + zitadel.v1.ObjectDetails details = 1; +} + +//This is an empty request +message RemoveMyAuthFactorOTPSMSRequest {} + +message RemoveMyAuthFactorOTPSMSResponse { + zitadel.v1.ObjectDetails details = 1; +} + +//This is an empty request +message AddMyAuthFactorOTPEmailRequest {} + +message AddMyAuthFactorOTPEmailResponse { + zitadel.v1.ObjectDetails details = 1; +} + +//This is an empty request +message RemoveMyAuthFactorOTPEmailRequest {} + +message RemoveMyAuthFactorOTPEmailResponse { + zitadel.v1.ObjectDetails details = 1; +} + message RemoveMyAuthFactorU2FRequest { string token_id = 1 [(validate.rules).string = {min_len: 1, max_len: 200}]; } diff --git a/proto/zitadel/user.proto b/proto/zitadel/user.proto index 73cc14f7a7..bbe4f0be52 100644 --- a/proto/zitadel/user.proto +++ b/proto/zitadel/user.proto @@ -342,12 +342,22 @@ message AuthFactor { oneof type { AuthFactorOTP otp = 2 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "one type use OTP or U2F" + description: "one type use OTP, OTPSMS, OTPEmail or U2F" } ]; AuthFactorU2F u2f = 3 [ (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { - description: "one type use OTP or U2F" + description: "one type use OTP, OTPSMS, OTPEmail or U2F" + } + ]; + AuthFactorOTPSMS otp_sms = 4 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one type use OTP, OTPSMS, OTPEmail or U2F" + } + ]; + AuthFactorOTPEmail otp_email = 5 [ + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + description: "one type use OTP, OTPSMS, OTPEmail or U2F" } ]; } @@ -361,6 +371,8 @@ enum AuthFactorState { } message AuthFactorOTP {} +message AuthFactorOTPSMS {} +message AuthFactorOTPEmail {} message AuthFactorU2F { string id = 1 [ diff --git a/proto/zitadel/user/v2alpha/user_service.proto b/proto/zitadel/user/v2alpha/user_service.proto index 50562bcf56..40e3ea4af5 100644 --- a/proto/zitadel/user/v2alpha/user_service.proto +++ b/proto/zitadel/user/v2alpha/user_service.proto @@ -317,6 +317,96 @@ service UserService { }; } + rpc AddOTPSMS (AddOTPSMSRequest) returns (AddOTPSMSResponse) { + option (google.api.http) = { + post: "/v2alpha/users/{user_id}/otp_sms" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Add OTP SMS for a user"; + description: "Add a new One-Time-Password (OTP) SMS factor to the authenticated user. OTP SMS will enable the user to verify a OTP with the latest verified phone number. The phone number has to be verified to add the second factor." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc RemoveOTPSMS (RemoveOTPSMSRequest) returns (RemoveOTPSMSResponse) { + option (google.api.http) = { + delete: "/v2alpha/users/{user_id}/otp_sms" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Remove One-Time-Password (OTP) SMS from a user"; + description: "Remove the configured One-Time-Password (OTP) SMS factor of the authenticated user. As only one OTP SMS per user is allowed, the user will not have OTP SMS as a second-factor afterward." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc AddOTPEmail (AddOTPEmailRequest) returns (AddOTPEmailResponse) { + option (google.api.http) = { + post: "/v2alpha/users/{user_id}/otp_email" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Add OTP Email for a user"; + description: "Add a new One-Time-Password (OTP) Email factor to the authenticated user. OTP Email will enable the user to verify a OTP with the latest verified email. The email has to be verified to add the second factor." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + rpc RemoveOTPEmail (RemoveOTPEmailRequest) returns (RemoveOTPEmailResponse) { + option (google.api.http) = { + delete: "/v2alpha/users/{user_id}/otp_email" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Remove One-Time-Password (OTP) Email from a user"; + description: "Remove the configured One-Time-Password (OTP) Email factor of the authenticated user. As only one OTP Email per user is allowed, the user will not have OTP Email as a second-factor afterward." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + // Start an IDP authentication (for external login, registration or linking) rpc StartIdentityProviderFlow (StartIdentityProviderFlowRequest) returns (StartIdentityProviderFlowResponse) { option (google.api.http) = { @@ -779,6 +869,70 @@ message VerifyTOTPRegistrationResponse { zitadel.object.v2alpha.Details details = 1; } +message AddOTPSMSRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"163840776835432705\""; + } + ]; +} + +message AddOTPSMSResponse { + zitadel.object.v2alpha.Details details = 1; +} + +message RemoveOTPSMSRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"163840776835432705\""; + } + ]; +} + +message RemoveOTPSMSResponse { + zitadel.object.v2alpha.Details details = 1; +} + +message AddOTPEmailRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"163840776835432705\""; + } + ]; +} + +message AddOTPEmailResponse { + zitadel.object.v2alpha.Details details = 1; +} + +message RemoveOTPEmailRequest { + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"163840776835432705\""; + } + ]; +} + +message RemoveOTPEmailResponse { + zitadel.object.v2alpha.Details details = 1; +} + message CreatePasskeyRegistrationLinkRequest{ string user_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, @@ -979,4 +1133,6 @@ enum AuthenticationMethodType { AUTHENTICATION_METHOD_TYPE_IDP = 3; AUTHENTICATION_METHOD_TYPE_TOTP = 4; AUTHENTICATION_METHOD_TYPE_U2F = 5; + AUTHENTICATION_METHOD_TYPE_OTP_SMS = 6; + AUTHENTICATION_METHOD_TYPE_OTP_EMAIL = 7; } From ef012d0081a111abc3cec0e42f47cda865407e34 Mon Sep 17 00:00:00 2001 From: Stefan Benz <46600784+stebenz@users.noreply.github.com> Date: Thu, 3 Aug 2023 06:42:59 +0200 Subject: [PATCH 30/32] feat: user v2 phone verification (#6309) * feat: add phone change and code verification for user v2 api * feat: add phone change and code verification for user v2 api * fix: add ignored phone.proto * fix: integration tests * Update proto/zitadel/user/v2alpha/user_service.proto * Update idp_template.go --------- Co-authored-by: Livio Spring --- internal/api/grpc/user/v2/phone.go | 61 ++ .../grpc/user/v2/phone_integration_test.go | 171 ++++ internal/api/grpc/user/v2/user.go | 7 +- .../api/grpc/user/v2/user_integration_test.go | 50 +- internal/command/phone.go | 3 + internal/command/user_human.go | 9 +- internal/command/user_human_test.go | 86 ++ internal/command/user_v2_phone.go | 200 +++++ internal/command/user_v2_phone_test.go | 759 ++++++++++++++++++ internal/domain/human_phone.go | 2 + internal/integration/client.go | 6 + .../notification/handlers/user_notifier.go | 4 + internal/repository/user/human_phone.go | 19 +- proto/zitadel/user/v2alpha/phone.proto | 30 + proto/zitadel/user/v2alpha/user_service.proto | 112 +++ 15 files changed, 1511 insertions(+), 8 deletions(-) create mode 100644 internal/api/grpc/user/v2/phone.go create mode 100644 internal/api/grpc/user/v2/phone_integration_test.go create mode 100644 internal/command/user_v2_phone.go create mode 100644 internal/command/user_v2_phone_test.go create mode 100644 proto/zitadel/user/v2alpha/phone.proto diff --git a/internal/api/grpc/user/v2/phone.go b/internal/api/grpc/user/v2/phone.go new file mode 100644 index 0000000000..c6d46e8341 --- /dev/null +++ b/internal/api/grpc/user/v2/phone.go @@ -0,0 +1,61 @@ +package user + +import ( + "context" + + "google.golang.org/protobuf/types/known/timestamppb" + + "github.com/zitadel/zitadel/internal/domain" + caos_errs "github.com/zitadel/zitadel/internal/errors" + object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha" + user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" +) + +func (s *Server) SetPhone(ctx context.Context, req *user.SetPhoneRequest) (resp *user.SetPhoneResponse, err error) { + var resourceOwner string // TODO: check if still needed + var phone *domain.Phone + + switch v := req.GetVerification().(type) { + case *user.SetPhoneRequest_SendCode: + phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg) + case *user.SetPhoneRequest_ReturnCode: + phone, err = s.command.ChangeUserPhoneReturnCode(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg) + case *user.SetPhoneRequest_IsVerified: + phone, err = s.command.ChangeUserPhoneVerified(ctx, req.GetUserId(), resourceOwner, req.GetPhone()) + case nil: + phone, err = s.command.ChangeUserPhone(ctx, req.GetUserId(), resourceOwner, req.GetPhone(), s.userCodeAlg) + default: + err = caos_errs.ThrowUnimplementedf(nil, "USERv2-Ahng0", "verification oneOf %T in method SetPhone not implemented", v) + } + if err != nil { + return nil, err + } + + return &user.SetPhoneResponse{ + Details: &object.Details{ + Sequence: phone.Sequence, + ChangeDate: timestamppb.New(phone.ChangeDate), + ResourceOwner: phone.ResourceOwner, + }, + VerificationCode: phone.PlainCode, + }, nil +} + +func (s *Server) VerifyPhone(ctx context.Context, req *user.VerifyPhoneRequest) (*user.VerifyPhoneResponse, error) { + details, err := s.command.VerifyUserPhone(ctx, + req.GetUserId(), + "", // TODO: check if still needed + req.GetVerificationCode(), + s.userCodeAlg, + ) + if err != nil { + return nil, err + } + return &user.VerifyPhoneResponse{ + Details: &object.Details{ + Sequence: details.Sequence, + ChangeDate: timestamppb.New(details.EventDate), + ResourceOwner: details.ResourceOwner, + }, + }, nil +} diff --git a/internal/api/grpc/user/v2/phone_integration_test.go b/internal/api/grpc/user/v2/phone_integration_test.go new file mode 100644 index 0000000000..5fc75e7cd3 --- /dev/null +++ b/internal/api/grpc/user/v2/phone_integration_test.go @@ -0,0 +1,171 @@ +//go:build integration + +package user_test + +import ( + "testing" + + "github.com/muhlemmer/gu" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/timestamppb" + + "github.com/zitadel/zitadel/internal/integration" + object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha" + user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" +) + +func TestServer_SetPhone(t *testing.T) { + userID := Tester.CreateHumanUser(CTX).GetUserId() + + tests := []struct { + name string + req *user.SetPhoneRequest + want *user.SetPhoneResponse + wantErr bool + }{ + { + name: "default verification", + req: &user.SetPhoneRequest{ + UserId: userID, + Phone: "+41791234568", + }, + want: &user.SetPhoneResponse{ + Details: &object.Details{ + Sequence: 1, + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "send verification", + req: &user.SetPhoneRequest{ + UserId: userID, + Phone: "+41791234569", + Verification: &user.SetPhoneRequest_SendCode{ + SendCode: &user.SendPhoneVerificationCode{}, + }, + }, + want: &user.SetPhoneResponse{ + Details: &object.Details{ + Sequence: 1, + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "return code", + req: &user.SetPhoneRequest{ + UserId: userID, + Phone: "+41791234566", + Verification: &user.SetPhoneRequest_ReturnCode{ + ReturnCode: &user.ReturnPhoneVerificationCode{}, + }, + }, + want: &user.SetPhoneResponse{ + Details: &object.Details{ + Sequence: 1, + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + VerificationCode: gu.Ptr("xxx"), + }, + }, + { + name: "is verified true", + req: &user.SetPhoneRequest{ + UserId: userID, + Phone: "+41791234565", + Verification: &user.SetPhoneRequest_IsVerified{ + IsVerified: true, + }, + }, + want: &user.SetPhoneResponse{ + Details: &object.Details{ + Sequence: 1, + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + { + name: "is verified false", + req: &user.SetPhoneRequest{ + UserId: userID, + Phone: "+41791234564", + Verification: &user.SetPhoneRequest_IsVerified{ + IsVerified: false, + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.SetPhone(CTX, tt.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + if tt.want.GetVerificationCode() != "" { + assert.NotEmpty(t, got.GetVerificationCode()) + } + }) + } +} + +func TestServer_VerifyPhone(t *testing.T) { + userResp := Tester.CreateHumanUser(CTX) + tests := []struct { + name string + req *user.VerifyPhoneRequest + want *user.VerifyPhoneResponse + wantErr bool + }{ + { + name: "wrong code", + req: &user.VerifyPhoneRequest{ + UserId: userResp.GetUserId(), + VerificationCode: "xxx", + }, + wantErr: true, + }, + { + name: "wrong user", + req: &user.VerifyPhoneRequest{ + UserId: "xxx", + VerificationCode: userResp.GetPhoneCode(), + }, + wantErr: true, + }, + { + name: "verify user", + req: &user.VerifyPhoneRequest{ + UserId: userResp.GetUserId(), + VerificationCode: userResp.GetPhoneCode(), + }, + want: &user.VerifyPhoneResponse{ + Details: &object.Details{ + Sequence: 1, + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got, err := Client.VerifyPhone(CTX, tt.req) + if tt.wantErr { + require.Error(t, err) + } else { + require.NoError(t, err) + } + integration.AssertDetails(t, tt.want, got) + }) + } +} diff --git a/internal/api/grpc/user/v2/user.go b/internal/api/grpc/user/v2/user.go index b0b6f439ea..a5b56014a5 100644 --- a/internal/api/grpc/user/v2/user.go +++ b/internal/api/grpc/user/v2/user.go @@ -32,6 +32,7 @@ func (s *Server) AddHumanUser(ctx context.Context, req *user.AddHumanUserRequest UserId: human.ID, Details: object.DomainToDetailsPb(human.Details), EmailCode: human.EmailCode, + PhoneCode: human.PhoneCode, }, nil } @@ -77,9 +78,13 @@ func addUserRequestToAddHuman(req *user.AddHumanUserRequest) (*command.AddHuman, ReturnCode: req.GetEmail().GetReturnCode() != nil, URLTemplate: urlTemplate, }, + Phone: command.Phone{ + Number: domain.PhoneNumber(req.GetPhone().GetPhone()), + Verified: req.GetPhone().GetIsVerified(), + ReturnCode: req.GetPhone().GetReturnCode() != nil, + }, PreferredLanguage: language.Make(req.GetProfile().GetPreferredLanguage()), Gender: genderToDomain(req.GetProfile().GetGender()), - Phone: command.Phone{}, // TODO: add as soon as possible Password: req.GetPassword().GetPassword(), EncodedPasswordHash: req.GetHashedPassword().GetHash(), PasswordChangeRequired: passwordChangeRequired, diff --git a/internal/api/grpc/user/v2/user_integration_test.go b/internal/api/grpc/user/v2/user_integration_test.go index a23ebbad9b..ae8145848d 100644 --- a/internal/api/grpc/user/v2/user_integration_test.go +++ b/internal/api/grpc/user/v2/user_integration_test.go @@ -75,6 +75,7 @@ func TestServer_AddHumanUser(t *testing.T) { Gender: user.Gender_GENDER_DIVERSE.Enum(), }, Email: &user.SetHumanEmail{}, + Phone: &user.SetHumanPhone{}, Metadata: []*user.SetMetadataEntry{ { Key: "somekey", @@ -97,7 +98,7 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, { - name: "return verification code", + name: "return email verification code", args: args{ CTX, &user.AddHumanUserRequest{ @@ -187,6 +188,53 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, }, + { + name: "return phone verification code", + args: args{ + CTX, + &user.AddHumanUserRequest{ + Organisation: &object.Organisation{ + Org: &object.Organisation_OrgId{ + OrgId: Tester.Organisation.ID, + }, + }, + Profile: &user.SetHumanProfile{ + FirstName: "Donald", + LastName: "Duck", + NickName: gu.Ptr("Dukkie"), + DisplayName: gu.Ptr("Donald Duck"), + PreferredLanguage: gu.Ptr("en"), + Gender: user.Gender_GENDER_DIVERSE.Enum(), + }, + Email: &user.SetHumanEmail{}, + Phone: &user.SetHumanPhone{ + Phone: "+41791234567", + Verification: &user.SetHumanPhone_ReturnCode{ + ReturnCode: &user.ReturnPhoneVerificationCode{}, + }, + }, + Metadata: []*user.SetMetadataEntry{ + { + Key: "somekey", + Value: []byte("somevalue"), + }, + }, + PasswordType: &user.AddHumanUserRequest_Password{ + Password: &user.Password{ + Password: "DifficultPW666!", + ChangeRequired: true, + }, + }, + }, + }, + want: &user.AddHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Tester.Organisation.ID, + }, + PhoneCode: gu.Ptr("something"), + }, + }, { name: "custom template error", args: args{ diff --git a/internal/command/phone.go b/internal/command/phone.go index 7f550ceeaf..9b0a422b26 100644 --- a/internal/command/phone.go +++ b/internal/command/phone.go @@ -11,6 +11,9 @@ import ( type Phone struct { Number domain.PhoneNumber Verified bool + + // ReturnCode is used if the Verified field is false + ReturnCode bool } func (c *Commands) newPhoneCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCode, error) { diff --git a/internal/command/user_human.go b/internal/command/user_human.go index 1bbaec3ca1..044066aba7 100644 --- a/internal/command/user_human.go +++ b/internal/command/user_human.go @@ -66,6 +66,9 @@ type AddHuman struct { // EmailCode is set by the command EmailCode *string + + // PhoneCode is set by the command + PhoneCode *string } type AddLink struct { @@ -258,7 +261,6 @@ func (c *Commands) addHumanCommandEmail(ctx context.Context, filter preparation. if human.Email.Verified { cmds = append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &a.Aggregate)) } - // if allowInitMail, used for v1 api (system, admin, mgmt, auth): // add init code if // email not verified or @@ -302,7 +304,10 @@ func (c *Commands) addHumanCommandPhone(ctx context.Context, filter preparation. if err != nil { return nil, err } - return append(cmds, user.NewHumanPhoneCodeAddedEvent(ctx, &a.Aggregate, phoneCode.Crypted, phoneCode.Expiry)), nil + if human.Phone.ReturnCode { + human.PhoneCode = &phoneCode.Plain + } + return append(cmds, user.NewHumanPhoneCodeAddedEventV2(ctx, &a.Aggregate, phoneCode.Crypted, phoneCode.Expiry, human.Phone.ReturnCode)), nil } func (c *Commands) addHumanCommandCheckID(ctx context.Context, filter preparation.FilterToQueryReducer, human *AddHuman, orgID string) (err error) { diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go index 384ef47578..d6964ac90a 100644 --- a/internal/command/user_human_test.go +++ b/internal/command/user_human_test.go @@ -1020,6 +1020,92 @@ func TestCommandSide_AddHuman(t *testing.T) { }, wantID: "user1", }, + }, { + name: "add human (with return code), ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewDomainPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + true, + true, + true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + newAddHumanEvent("$plain$x$password", false, "+41711234567"), + ), + eventFromEventPusher( + user.NewHumanEmailVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2( + context.Background(), + &userAgg.Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("phoneCode"), + }, + 1*time.Hour, + true, + ), + ), + }, + uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("username", "org1", true)), + ), + ), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordHasher: mockPasswordHasher("x"), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + newCode: mockCode("phoneCode", time.Hour), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + human: &AddHuman{ + Username: "username", + Password: "password", + FirstName: "firstname", + LastName: "lastname", + Email: Email{ + Address: "email@test.ch", + Verified: true, + }, + Phone: Phone{ + Number: "+41711234567", + ReturnCode: true, + }, + PreferredLanguage: language.English, + }, + secretGenerator: GetMockSecretGenerator(t), + allowInitMail: true, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + wantID: "user1", + }, }, { name: "add human with metadata, ok", diff --git a/internal/command/user_v2_phone.go b/internal/command/user_v2_phone.go new file mode 100644 index 0000000000..b8e1174690 --- /dev/null +++ b/internal/command/user_v2_phone.go @@ -0,0 +1,200 @@ +package command + +import ( + "context" + + "github.com/zitadel/logging" + + "github.com/zitadel/zitadel/internal/api/authz" + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/repository/user" +) + +// ChangeUserPhone sets a user's phone number, generates a code +// and triggers a notification sms. +func (c *Commands) ChangeUserPhone(ctx context.Context, userID, resourceOwner, phone string, alg crypto.EncryptionAlgorithm) (*domain.Phone, error) { + return c.changeUserPhoneWithCode(ctx, userID, resourceOwner, phone, alg, false) +} + +// ChangeUserPhoneReturnCode sets a user's phone number, generates a code and does not send a notification sms. +// The generated plain text code will be set in the returned Phone object. +func (c *Commands) ChangeUserPhoneReturnCode(ctx context.Context, userID, resourceOwner, phone string, alg crypto.EncryptionAlgorithm) (*domain.Phone, error) { + return c.changeUserPhoneWithCode(ctx, userID, resourceOwner, phone, alg, true) +} + +// ChangeUserPhoneVerified sets a user's phone number and marks it is verified. +// No code is generated and no confirmation sms is send. +func (c *Commands) ChangeUserPhoneVerified(ctx context.Context, userID, resourceOwner, phone string) (*domain.Phone, error) { + cmd, err := c.NewUserPhoneEvents(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if err = c.checkPermission(ctx, domain.PermissionUserWrite, cmd.aggregate.ResourceOwner, userID); err != nil { + return nil, err + } + if err = cmd.Change(ctx, domain.PhoneNumber(phone)); err != nil { + return nil, err + } + cmd.SetVerified(ctx) + return cmd.Push(ctx) +} + +func (c *Commands) changeUserPhoneWithCode(ctx context.Context, userID, resourceOwner, phone string, alg crypto.EncryptionAlgorithm, returnCode bool) (*domain.Phone, error) { + config, err := secretGeneratorConfig(ctx, c.eventstore.Filter, domain.SecretGeneratorTypeVerifyPhoneCode) + if err != nil { + return nil, err + } + gen := crypto.NewEncryptionGenerator(*config, alg) + return c.changeUserPhoneWithGenerator(ctx, userID, resourceOwner, phone, gen, returnCode) +} + +// changeUserPhoneWithGenerator set a user's phone number. +// returnCode controls if the plain text version of the code will be set in the return object. +// When the plain text code is returned, no notification sms will be send to the user. +func (c *Commands) changeUserPhoneWithGenerator(ctx context.Context, userID, resourceOwner, phone string, gen crypto.Generator, returnCode bool) (*domain.Phone, error) { + cmd, err := c.NewUserPhoneEvents(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if authz.GetCtxData(ctx).UserID != userID { + if err = c.checkPermission(ctx, domain.PermissionUserWrite, cmd.aggregate.ResourceOwner, userID); err != nil { + return nil, err + } + } + if err = cmd.Change(ctx, domain.PhoneNumber(phone)); err != nil { + return nil, err + } + if err = cmd.AddGeneratedCode(ctx, gen, returnCode); err != nil { + return nil, err + } + return cmd.Push(ctx) +} + +func (c *Commands) VerifyUserPhone(ctx context.Context, userID, resourceOwner, code string, alg crypto.EncryptionAlgorithm) (*domain.ObjectDetails, error) { + config, err := secretGeneratorConfig(ctx, c.eventstore.Filter, domain.SecretGeneratorTypeVerifyPhoneCode) + if err != nil { + return nil, err + } + gen := crypto.NewEncryptionGenerator(*config, alg) + return c.verifyUserPhoneWithGenerator(ctx, userID, resourceOwner, code, gen) +} + +func (c *Commands) verifyUserPhoneWithGenerator(ctx context.Context, userID, resourceOwner, code string, gen crypto.Generator) (*domain.ObjectDetails, error) { + cmd, err := c.NewUserPhoneEvents(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + err = cmd.VerifyCode(ctx, code, gen) + if err != nil { + return nil, err + } + if _, err = cmd.Push(ctx); err != nil { + return nil, err + } + return writeModelToObjectDetails(&cmd.model.WriteModel), nil +} + +// UserPhoneEvents allows step-by-step additions of events, +// operating on the Human Phone Model. +type UserPhoneEvents struct { + eventstore *eventstore.Eventstore + aggregate *eventstore.Aggregate + events []eventstore.Command + model *HumanPhoneWriteModel + + plainCode *string +} + +// NewUserPhoneEvents constructs a UserPhoneEvents with a Human Phone Write Model, +// filtered by userID and resourceOwner. +// If a model cannot be found, or it's state is invalid and error is returned. +func (c *Commands) NewUserPhoneEvents(ctx context.Context, userID, resourceOwner string) (*UserPhoneEvents, error) { + if userID == "" { + return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing") + } + + model, err := c.phoneWriteModelByID(ctx, userID, resourceOwner) + if err != nil { + return nil, err + } + if model.UserState == domain.UserStateUnspecified || model.UserState == domain.UserStateDeleted { + return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ieJ2e", "Errors.User.Phone.NotFound") + } + if model.UserState == domain.UserStateInitial { + return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-uz0Uu", "Errors.User.NotInitialised") + } + return &UserPhoneEvents{ + eventstore: c.eventstore, + aggregate: UserAggregateFromWriteModel(&model.WriteModel), + model: model, + }, nil +} + +// Change sets a new phone number. +// The generated event unsets any previously generated code and verified flag. +func (c *UserPhoneEvents) Change(ctx context.Context, phone domain.PhoneNumber) error { + phone, err := phone.Normalize() + if err != nil { + return err + } + event, hasChanged := c.model.NewChangedEvent(ctx, c.aggregate, phone) + if !hasChanged { + return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged") + } + c.events = append(c.events, event) + return nil +} + +// SetVerified sets the phone number to verified. +func (c *UserPhoneEvents) SetVerified(ctx context.Context) { + c.events = append(c.events, user.NewHumanPhoneVerifiedEvent(ctx, c.aggregate)) +} + +// AddGeneratedCode generates a new encrypted code and sets it to the phone number. +// When returnCode a plain text of the code will be returned from Push. +func (c *UserPhoneEvents) AddGeneratedCode(ctx context.Context, gen crypto.Generator, returnCode bool) error { + value, plain, err := crypto.NewCode(gen) + if err != nil { + return err + } + + c.events = append(c.events, user.NewHumanPhoneCodeAddedEventV2(ctx, c.aggregate, value, gen.Expiry(), returnCode)) + if returnCode { + c.plainCode = &plain + } + return nil +} + +func (c *UserPhoneEvents) VerifyCode(ctx context.Context, code string, gen crypto.Generator) error { + if code == "" { + return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Fia4a", "Errors.User.Code.Empty") + } + + err := crypto.VerifyCode(c.model.CodeCreationDate, c.model.CodeExpiry, c.model.Code, code, gen) + if err == nil { + c.events = append(c.events, user.NewHumanPhoneVerifiedEvent(ctx, c.aggregate)) + return nil + } + _, err = c.eventstore.Push(ctx, user.NewHumanPhoneVerificationFailedEvent(ctx, c.aggregate)) + logging.WithFields("id", "COMMAND-Zoo6b", "userID", c.aggregate.ID).OnError(err).Error("NewHumanPhoneVerificationFailedEvent push failed") + return caos_errs.ThrowInvalidArgument(err, "COMMAND-eis9R", "Errors.User.Code.Invalid") +} + +// Push all events to the eventstore and Reduce them into the Model. +func (c *UserPhoneEvents) Push(ctx context.Context) (*domain.Phone, error) { + pushedEvents, err := c.eventstore.Push(ctx, c.events...) + if err != nil { + return nil, err + } + err = AppendAndReduce(c.model, pushedEvents...) + if err != nil { + return nil, err + } + phone := writeModelToPhone(c.model) + phone.PlainCode = c.plainCode + + return phone, nil +} diff --git a/internal/command/user_v2_phone_test.go b/internal/command/user_v2_phone_test.go new file mode 100644 index 0000000000..05da4e260c --- /dev/null +++ b/internal/command/user_v2_phone_test.go @@ -0,0 +1,759 @@ +package command + +import ( + "context" + "testing" + "time" + + "github.com/golang/mock/gomock" + "github.com/muhlemmer/gu" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "golang.org/x/text/language" + + "github.com/zitadel/zitadel/internal/crypto" + "github.com/zitadel/zitadel/internal/domain" + caos_errs "github.com/zitadel/zitadel/internal/errors" + "github.com/zitadel/zitadel/internal/eventstore" + "github.com/zitadel/zitadel/internal/eventstore/repository" + "github.com/zitadel/zitadel/internal/eventstore/v1/models" + "github.com/zitadel/zitadel/internal/repository/instance" + "github.com/zitadel/zitadel/internal/repository/user" +) + +func TestCommands_ChangeUserPhone(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type args struct { + userID string + resourceOwner string + phone string + } + tests := []struct { + name string + fields fields + args args + wantErr error + }{ + { + name: "missing permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewSecretGeneratorAddedEvent(context.Background(), + &instance.NewAggregate("inst1").Aggregate, + domain.SecretGeneratorTypeVerifyPhoneCode, + 12, time.Minute, true, true, true, true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "", + }, + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + { + name: "missing phone", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewSecretGeneratorAddedEvent(context.Background(), + &instance.NewAggregate("inst1").Aggregate, + domain.SecretGeneratorTypeVerifyPhoneCode, + 12, time.Minute, true, true, true, true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "", + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + }, + { + name: "not changed", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewSecretGeneratorAddedEvent(context.Background(), + &instance.NewAggregate("inst1").Aggregate, + domain.SecretGeneratorTypeVerifyPhoneCode, + 12, time.Minute, true, true, true, true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234567", + }, + wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + _, err := c.ChangeUserPhone(context.Background(), tt.args.userID, tt.args.resourceOwner, tt.args.phone, crypto.CreateMockEncryptionAlg(gomock.NewController(t))) + require.ErrorIs(t, err, tt.wantErr) + // successful cases are tested in TestCommands_changeUserPhoneWithGenerator + }) + } +} + +func TestCommands_ChangeUserPhoneReturnCode(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type args struct { + userID string + resourceOwner string + phone string + } + tests := []struct { + name string + fields fields + args args + wantErr error + }{ + { + name: "missing permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewSecretGeneratorAddedEvent(context.Background(), + &instance.NewAggregate("inst1").Aggregate, + domain.SecretGeneratorTypeVerifyPhoneCode, + 12, time.Minute, true, true, true, true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234567", + }, + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + { + name: "missing phone", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + instance.NewSecretGeneratorAddedEvent(context.Background(), + &instance.NewAggregate("inst1").Aggregate, + domain.SecretGeneratorTypeVerifyEmailCode, + 12, time.Minute, true, true, true, true, + ), + ), + ), + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "", + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + _, err := c.ChangeUserPhoneReturnCode(context.Background(), tt.args.userID, tt.args.resourceOwner, tt.args.phone, crypto.CreateMockEncryptionAlg(gomock.NewController(t))) + require.ErrorIs(t, err, tt.wantErr) + // successful cases are tested in TestCommands_changeUserPhoneWithGenerator + }) + } +} + +func TestCommands_ChangeUserPhoneVerified(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type args struct { + userID string + resourceOwner string + phone string + } + tests := []struct { + name string + fields fields + args args + want *domain.Phone + wantErr error + }{ + { + name: "missing userID", + fields: fields{ + eventstore: eventstoreExpect(t), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + userID: "", + resourceOwner: "org1", + phone: "+41791234567", + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), + }, + { + name: "missing permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234567", + }, + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + { + name: "missing phone", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "", + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + }, + { + name: "phone changed", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "+41791234568", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneVerifiedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + ), + ), + }, + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234568", + }, + want: &domain.Phone{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + PhoneNumber: domain.PhoneNumber("+41791234568"), + IsPhoneVerified: true, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := c.ChangeUserPhoneVerified(context.Background(), tt.args.userID, tt.args.resourceOwner, tt.args.phone) + require.ErrorIs(t, err, tt.wantErr) + assert.Equal(t, got, tt.want) + }) + } +} + +func TestCommands_changeUserPhoneWithGenerator(t *testing.T) { + type fields struct { + eventstore *eventstore.Eventstore + checkPermission domain.PermissionCheck + } + type args struct { + userID string + resourceOwner string + phone string + returnCode bool + } + tests := []struct { + name string + fields fields + args args + want *domain.Phone + wantErr error + }{ + { + name: "missing user", + fields: fields{ + eventstore: eventstoreExpect(t), + }, + args: args{ + userID: "", + resourceOwner: "org1", + phone: "+41791234567", + returnCode: false, + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "COMMAND-xP292j", "Errors.User.Phone.IDMissing"), + }, + { + name: "missing permission", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckNotAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234567", + returnCode: false, + }, + wantErr: caos_errs.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"), + }, + { + name: "missing phone", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "", + returnCode: false, + }, + wantErr: caos_errs.ThrowInvalidArgument(nil, "PHONE-Zt0NV", "Errors.User.Phone.Empty"), + }, + { + name: "not changed", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234567", + returnCode: false, + }, + wantErr: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-Uch5e", "Errors.User.Phone.NotChanged"), + }, + { + name: "phone changed", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "+41791234568", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + false, + ), + ), + }, + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234568", + returnCode: false, + }, + want: &domain.Phone{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + PhoneNumber: "+41791234568", + IsPhoneVerified: false, + }, + }, + { + name: "phone changed, return code", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter( + eventFromEventPusher( + func() eventstore.Command { + event := user.NewHumanAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "username", + "firstname", + "lastname", + "nickname", + "displayname", + language.German, + domain.GenderUnspecified, + "email@test.ch", + true, + ) + event.AddPhoneData("+41791234567") + return event + }(), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + user.NewHumanPhoneChangedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "+41791234568", + ), + ), + eventFromEventPusher( + user.NewHumanPhoneCodeAddedEventV2(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("a"), + }, + time.Hour*1, + true, + ), + ), + }, + ), + ), + checkPermission: newMockPermissionCheckAllowed(), + }, + args: args{ + userID: "user1", + resourceOwner: "org1", + phone: "+41791234568", + returnCode: true, + }, + want: &domain.Phone{ + ObjectRoot: models.ObjectRoot{ + AggregateID: "user1", + ResourceOwner: "org1", + }, + PhoneNumber: "+41791234568", + IsPhoneVerified: false, + PlainCode: gu.Ptr("a"), + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + c := &Commands{ + eventstore: tt.fields.eventstore, + checkPermission: tt.fields.checkPermission, + } + got, err := c.changeUserPhoneWithGenerator(context.Background(), tt.args.userID, tt.args.resourceOwner, tt.args.phone, GetMockSecretGenerator(t), tt.args.returnCode) + require.ErrorIs(t, err, tt.wantErr) + assert.Equal(t, got, tt.want) + }) + } +} diff --git a/internal/domain/human_phone.go b/internal/domain/human_phone.go index e6f8caa6d0..44eb5fe968 100644 --- a/internal/domain/human_phone.go +++ b/internal/domain/human_phone.go @@ -30,6 +30,8 @@ type Phone struct { PhoneNumber PhoneNumber IsPhoneVerified bool + // PlainCode is set by the command and can be used to return it to the caller (API) + PlainCode *string } type PhoneCode struct { diff --git a/internal/integration/client.go b/internal/integration/client.go index 65e0e9ab1b..0daf37c404 100644 --- a/internal/integration/client.go +++ b/internal/integration/client.go @@ -91,6 +91,12 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse ReturnCode: &user.ReturnEmailVerificationCode{}, }, }, + Phone: &user.SetHumanPhone{ + Phone: "+41791234567", + Verification: &user.SetHumanPhone_ReturnCode{ + ReturnCode: &user.ReturnPhoneVerificationCode{}, + }, + }, }) logging.OnError(err).Fatal("create human user") return resp diff --git a/internal/notification/handlers/user_notifier.go b/internal/notification/handlers/user_notifier.go index d726fb62a1..64661d89bc 100644 --- a/internal/notification/handlers/user_notifier.go +++ b/internal/notification/handlers/user_notifier.go @@ -182,6 +182,7 @@ func (u *userNotifier) reduceEmailCodeAdded(event eventstore.Event) (*handler.St if !ok { return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-SWf3g", "reduce.wrong.event.type %s", user.HumanEmailCodeAddedType) } + if e.CodeReturned { return crdb.NewNoOpStatement(e), nil } @@ -535,6 +536,9 @@ func (u *userNotifier) reducePhoneCodeAdded(event eventstore.Event) (*handler.St if !ok { return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-He83g", "reduce.wrong.event.type %s", user.HumanPhoneCodeAddedType) } + if e.CodeReturned { + return crdb.NewNoOpStatement(e), nil + } ctx := HandlerContext(event.Aggregate()) alreadyHandled, err := u.checkIfCodeAlreadyHandledOrExpired(ctx, event, e.Expiry, nil, user.UserV1PhoneCodeAddedType, user.UserV1PhoneCodeSentType, diff --git a/internal/repository/user/human_phone.go b/internal/repository/user/human_phone.go index ea5f4ac7c6..c6586c54e5 100644 --- a/internal/repository/user/human_phone.go +++ b/internal/repository/user/human_phone.go @@ -149,8 +149,9 @@ func HumanPhoneVerificationFailedEventMapper(event *repository.Event) (eventstor type HumanPhoneCodeAddedEvent struct { eventstore.BaseEvent `json:"-"` - Code *crypto.CryptoValue `json:"code,omitempty"` - Expiry time.Duration `json:"expiry,omitempty"` + Code *crypto.CryptoValue `json:"code,omitempty"` + Expiry time.Duration `json:"expiry,omitempty"` + CodeReturned bool `json:"code_returned,omitempty"` } func (e *HumanPhoneCodeAddedEvent) Data() interface{} { @@ -166,6 +167,15 @@ func NewHumanPhoneCodeAddedEvent( aggregate *eventstore.Aggregate, code *crypto.CryptoValue, expiry time.Duration, +) *HumanPhoneCodeAddedEvent { + return NewHumanPhoneCodeAddedEventV2(ctx, aggregate, code, expiry, false) +} +func NewHumanPhoneCodeAddedEventV2( + ctx context.Context, + aggregate *eventstore.Aggregate, + code *crypto.CryptoValue, + expiry time.Duration, + codeReturned bool, ) *HumanPhoneCodeAddedEvent { return &HumanPhoneCodeAddedEvent{ BaseEvent: *eventstore.NewBaseEventForPush( @@ -173,8 +183,9 @@ func NewHumanPhoneCodeAddedEvent( aggregate, HumanPhoneCodeAddedType, ), - Code: code, - Expiry: expiry, + Code: code, + Expiry: expiry, + CodeReturned: codeReturned, } } diff --git a/proto/zitadel/user/v2alpha/phone.proto b/proto/zitadel/user/v2alpha/phone.proto new file mode 100644 index 0000000000..775bb87300 --- /dev/null +++ b/proto/zitadel/user/v2alpha/phone.proto @@ -0,0 +1,30 @@ +syntax = "proto3"; + +package zitadel.user.v2alpha; + +option go_package = "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha;user"; + +import "google/api/annotations.proto"; +import "google/api/field_behavior.proto"; +import "protoc-gen-openapiv2/options/annotations.proto"; +import "validate/validate.proto"; + +message SetHumanPhone { + string phone = 1 [ + (validate.rules).string = {min_len: 0, max_len: 200}, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + max_length: 200; + example: "\"+41791234567\""; + } + ]; + oneof verification { + SendPhoneVerificationCode send_code = 2; + ReturnPhoneVerificationCode return_code = 3; + bool is_verified = 4 [(validate.rules).bool.const = true]; + } +} + +message SendPhoneVerificationCode {} + +message ReturnPhoneVerificationCode {} + diff --git a/proto/zitadel/user/v2alpha/user_service.proto b/proto/zitadel/user/v2alpha/user_service.proto index 40e3ea4af5..796688747c 100644 --- a/proto/zitadel/user/v2alpha/user_service.proto +++ b/proto/zitadel/user/v2alpha/user_service.proto @@ -6,6 +6,7 @@ import "zitadel/object/v2alpha/object.proto"; import "zitadel/protoc_gen_zitadel/v2/options.proto"; import "zitadel/user/v2alpha/auth.proto"; import "zitadel/user/v2alpha/email.proto"; +import "zitadel/user/v2alpha/phone.proto"; import "zitadel/user/v2alpha/idp.proto"; import "zitadel/user/v2alpha/password.proto"; import "zitadel/user/v2alpha/user.proto"; @@ -158,6 +159,56 @@ service UserService { }; } + // Change the phone of a user + rpc SetPhone(SetPhoneRequest) returns (SetPhoneResponse) { + option (google.api.http) = { + post: "/v2alpha/users/{user_id}/phone" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Change the user phone"; + description: "Change the phone number of a user. If the state is set to not verified, a verification code will be generated, which can be either returned or sent to the user by sms." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + + // Verify the phone with the provided code + rpc VerifyPhone (VerifyPhoneRequest) returns (VerifyPhoneResponse) { + option (google.api.http) = { + post: "/v2alpha/users/{user_id}/phone/_verify" + body: "*" + }; + + option (zitadel.protoc_gen_zitadel.v2.options) = { + auth_option: { + permission: "authenticated" + } + }; + + option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = { + summary: "Verify the phone"; + description: "Verify the phone with the generated code." + responses: { + key: "200" + value: { + description: "OK"; + } + }; + }; + } + rpc RegisterPasskey (RegisterPasskeyRequest) returns (RegisterPasskeyResponse) { option (google.api.http) = { post: "/v2alpha/users/{user_id}/passkeys" @@ -584,6 +635,7 @@ message AddHumanUserRequest{ (validate.rules).message.required = true, (google.api.field_behavior) = REQUIRED ]; + SetHumanPhone phone = 10; repeated SetMetadataEntry metadata = 6; oneof password_type { Password password = 7; @@ -596,6 +648,7 @@ message AddHumanUserResponse { string user_id = 1; zitadel.object.v2alpha.Details details = 2; optional string email_code = 3; + optional string phone_code = 4; } message SetEmailRequest{ @@ -657,6 +710,65 @@ message VerifyEmailResponse{ zitadel.object.v2alpha.Details details = 1; } +message SetPhoneRequest{ + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629026806489455\""; + } + ]; + string phone = 2 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"+41791234567\""; + } + ]; + // if no verification is specified, an sms is sent + oneof verification { + SendPhoneVerificationCode send_code = 3; + ReturnPhoneVerificationCode return_code = 4; + bool is_verified = 5 [(validate.rules).bool.const = true]; + } +} + +message SetPhoneResponse{ + zitadel.object.v2alpha.Details details = 1; + // in case the verification was set to return_code, the code will be returned + optional string verification_code = 2; +} + +message VerifyPhoneRequest{ + string user_id = 1 [ + (validate.rules).string = {min_len: 1, max_len: 200}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 200; + example: "\"69629026806489455\""; + } + ]; + string verification_code = 2 [ + (validate.rules).string = {min_len: 1, max_len: 20}, + (google.api.field_behavior) = REQUIRED, + (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = { + min_length: 1; + max_length: 20; + example: "\"SKJd342k\""; + description: "\"the verification code generated during the set phone request\""; + } + ]; +} + +message VerifyPhoneResponse{ + zitadel.object.v2alpha.Details details = 1; +} + message RegisterPasskeyRequest{ string user_id = 1 [ (validate.rules).string = {min_len: 1, max_len: 200}, From d33a4fbb2f76e26e65b969b4f06bab13c73453c1 Mon Sep 17 00:00:00 2001 From: Elio Bischof Date: Fri, 4 Aug 2023 11:05:20 +0200 Subject: [PATCH 31/32] fix: project telemetry once for all instances (#6323) --- internal/notification/handlers/telemetry_pusher.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/internal/notification/handlers/telemetry_pusher.go b/internal/notification/handlers/telemetry_pusher.go index 86f8420c72..837399b028 100644 --- a/internal/notification/handlers/telemetry_pusher.go +++ b/internal/notification/handlers/telemetry_pusher.go @@ -3,6 +3,7 @@ package handlers import ( "context" "fmt" + "math" "net/http" "time" @@ -57,6 +58,7 @@ func NewTelemetryPusher( handlerCfg.ProjectionName = TelemetryProjectionTable handlerCfg.Reducers = p.reducers() p.cfg = telemetryCfg + handlerCfg.ConcurrentInstances = math.MaxInt p.StatementHandler = crdb.NewStatementHandler(ctx, handlerCfg) p.commands = commands p.queries = queries From 45262e682972723412be631adaaa1dc50ce481e9 Mon Sep 17 00:00:00 2001 From: Livio Spring Date: Fri, 4 Aug 2023 11:35:36 +0200 Subject: [PATCH 32/32] fix: migrate external id of federated users (#6312) * feat: migrate external id * implement tests and some renaming * fix projection * cleanup * i18n * fix event type * handle migration for new services as well * typo --- internal/api/idp/idp.go | 23 +++- .../api/ui/login/external_provider_handler.go | 55 +++++++- internal/auth/repository/auth_request.go | 2 +- .../eventsourcing/eventstore/auth_request.go | 7 +- internal/command/idp_intent_test.go | 89 +++++++++++++ internal/command/idp_model.go | 19 +++ internal/command/user_idp_link.go | 18 +++ internal/command/user_idp_link_model.go | 8 ++ internal/command/user_idp_link_test.go | 116 +++++++++++++++++ internal/idp/providers/azuread/azuread.go | 5 +- internal/idp/providers/azuread/session.go | 29 +++++ .../idp/providers/azuread/session_test.go | 117 +++++++++++++++++- internal/idp/session.go | 9 ++ internal/query/projection/idp_user_link.go | 25 ++++ .../query/projection/idp_user_link_test.go | 36 ++++++ internal/repository/user/eventstore.go | 1 + .../repository/user/human_external_idp.go | 39 ++++++ internal/static/i18n/bg.yaml | 2 + internal/static/i18n/de.yaml | 2 + internal/static/i18n/en.yaml | 2 + internal/static/i18n/es.yaml | 2 + internal/static/i18n/fr.yaml | 2 + internal/static/i18n/it.yaml | 2 + internal/static/i18n/ja.yaml | 2 + internal/static/i18n/mk.yaml | 2 + internal/static/i18n/pl.yaml | 2 + internal/static/i18n/pt.yaml | 2 + internal/static/i18n/zh.yaml | 2 + 28 files changed, 611 insertions(+), 9 deletions(-) create mode 100644 internal/idp/providers/azuread/session.go diff --git a/internal/api/idp/idp.go b/internal/api/idp/idp.go index 37a84f5265..f9a3cd1f3a 100644 --- a/internal/api/idp/idp.go +++ b/internal/api/idp/idp.go @@ -120,6 +120,11 @@ func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) { userID, err := h.checkExternalUser(ctx, intent.IDPID, idpUser.GetID()) logging.WithFields("intent", intent.AggregateID).OnError(err).Error("could not check if idp user already exists") + if userID == "" { + userID, err = h.tryMigrateExternalUser(ctx, intent.IDPID, idpUser, idpSession) + logging.WithFields("intent", intent.AggregateID).OnError(err).Error("migration check failed") + } + token, err := h.commands.SucceedIDPIntent(ctx, intent, idpUser, idpSession, userID) if err != nil { redirectToFailureURLErr(w, r, intent, z_errs.ThrowInternal(err, "IDP-JdD3g", "Errors.Intent.TokenCreationFailed")) @@ -128,6 +133,22 @@ func (h *Handler) handleCallback(w http.ResponseWriter, r *http.Request) { redirectToSuccessURL(w, r, intent, token, userID) } +func (h *Handler) tryMigrateExternalUser(ctx context.Context, idpID string, idpUser idp.User, idpSession idp.Session) (userID string, err error) { + migration, ok := idpSession.(idp.SessionSupportsMigration) + if !ok { + return "", nil + } + previousID, err := migration.RetrievePreviousID() + if err != nil || previousID == "" { + return "", err + } + userID, err = h.checkExternalUser(ctx, idpID, previousID) + if err != nil { + return "", err + } + return userID, h.commands.MigrateUserIDP(ctx, userID, "", idpID, previousID, idpUser.GetID()) +} + func (h *Handler) parseCallbackRequest(r *http.Request) (*externalIDPCallbackData, error) { data := new(externalIDPCallbackData) err := h.parser.Parse(r, data) @@ -196,7 +217,7 @@ func (h *Handler) fetchIDPUser(ctx context.Context, identityProvider idp.Provide case *openid.Provider: session = &openid.Session{Provider: provider, Code: code} case *azuread.Provider: - session = &oauth.Session{Provider: provider.Provider, Code: code} + session = &azuread.Session{Session: &oauth.Session{Provider: provider.Provider, Code: code}} case *github.Provider: session = &oauth.Session{Provider: provider.Provider, Code: code} case *gitlab.Provider: diff --git a/internal/api/ui/login/external_provider_handler.go b/internal/api/ui/login/external_provider_handler.go index ee7696cc4e..ceb2653a33 100644 --- a/internal/api/ui/login/external_provider_handler.go +++ b/internal/api/ui/login/external_provider_handler.go @@ -222,7 +222,7 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque l.externalAuthFailed(w, r, authReq, nil, nil, err) return } - session = &oauth.Session{Provider: provider.(*azuread.Provider).Provider, Code: data.Code} + session = &azuread.Session{Session: &oauth.Session{Provider: provider.(*azuread.Provider).Provider, Code: data.Code}} case domain.IDPTypeGitHub: provider, err = l.githubProvider(r.Context(), identityProvider) if err != nil { @@ -275,6 +275,46 @@ func (l *Login) handleExternalLoginCallback(w http.ResponseWriter, r *http.Reque l.handleExternalUserAuthenticated(w, r, authReq, identityProvider, session, user, l.renderNextStep) } +func (l *Login) tryMigrateExternalUserID(r *http.Request, session idp.Session, authReq *domain.AuthRequest, externalUser *domain.ExternalUser) (previousIDMatched bool, err error) { + migration, ok := session.(idp.SessionSupportsMigration) + if !ok { + return false, nil + } + previousID, err := migration.RetrievePreviousID() + if err != nil { + return false, err + } + return l.migrateExternalUserID(r, authReq, externalUser, previousID) +} + +func (l *Login) migrateExternalUserID(r *http.Request, authReq *domain.AuthRequest, externalUser *domain.ExternalUser, previousID string) (previousIDMatched bool, err error) { + if previousID == "" { + return false, nil + } + // save the currentID, so we're able to reset to it later on if the user is not found with the old ID as well + externalUserID := externalUser.ExternalUserID + externalUser.ExternalUserID = previousID + if err = l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, externalUser, domain.BrowserInfoFromRequest(r), true); err != nil { + // always reset to the mapped ID + externalUser.ExternalUserID = externalUserID + // but ignore the error if the user was just not found with the previousID + if errors.IsNotFound(err) { + return false, nil + } + return false, err + } + previousIDMatched = true + if err = l.authRepo.ResetLinkingUsers(r.Context(), authReq.ID, authReq.AgentID); err != nil { + return previousIDMatched, err + } + // read current auth request state (incl. authorized user) + authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID) + if err != nil { + return previousIDMatched, err + } + return previousIDMatched, l.command.MigrateUserIDP(setContext(r.Context(), authReq.UserOrgID), authReq.UserID, authReq.UserOrgID, externalUser.IDPConfigID, previousID, externalUserID) +} + // handleExternalUserAuthenticated maps the IDP user, checks for a corresponding externalID func (l *Login) handleExternalUserAuthenticated( w http.ResponseWriter, @@ -287,11 +327,22 @@ func (l *Login) handleExternalUserAuthenticated( ) { externalUser := mapIDPUserToExternalUser(user, provider.ID) // check and fill in local linked user - externalErr := l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, externalUser, domain.BrowserInfoFromRequest(r)) + externalErr := l.authRepo.CheckExternalUserLogin(setContext(r.Context(), ""), authReq.ID, authReq.AgentID, externalUser, domain.BrowserInfoFromRequest(r), false) if externalErr != nil && !errors.IsNotFound(externalErr) { l.renderError(w, r, authReq, externalErr) return } + if externalErr != nil && errors.IsNotFound(externalErr) { + previousIDMatched, err := l.tryMigrateExternalUserID(r, session, authReq, externalUser) + if err != nil { + l.renderError(w, r, authReq, err) + return + } + // if the old ID matched, ignore the not found error from the current ID + if previousIDMatched { + externalErr = nil + } + } var err error // read current auth request state (incl. authorized user) authReq, err = l.authRepo.AuthRequestByID(r.Context(), authReq.ID, authReq.AgentID) diff --git a/internal/auth/repository/auth_request.go b/internal/auth/repository/auth_request.go index ffa70f9d60..8851b4f67e 100644 --- a/internal/auth/repository/auth_request.go +++ b/internal/auth/repository/auth_request.go @@ -15,7 +15,7 @@ type AuthRequestRepository interface { DeleteAuthRequest(ctx context.Context, id string) error CheckLoginName(ctx context.Context, id, loginName, userAgentID string) error - CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser, info *domain.BrowserInfo) error + CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser, info *domain.BrowserInfo, migrationCheck bool) error SetExternalUserLogin(ctx context.Context, authReqID, userAgentID string, user *domain.ExternalUser) error SetLinkingUser(ctx context.Context, request *domain.AuthRequest, externalUser *domain.ExternalUser) error SelectUser(ctx context.Context, id, userID, userAgentID string) error diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go index 26b1388229..0f81e64148 100644 --- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go +++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go @@ -238,7 +238,7 @@ func (repo *AuthRequestRepo) SelectExternalIDP(ctx context.Context, authReqID, i return repo.AuthRequests.UpdateAuthRequest(ctx, request) } -func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, externalUser *domain.ExternalUser, info *domain.BrowserInfo) (err error) { +func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReqID, userAgentID string, externalUser *domain.ExternalUser, info *domain.BrowserInfo, migrationCheck bool) (err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() request, err := repo.getAuthRequest(ctx, authReqID, userAgentID) @@ -249,6 +249,11 @@ func (repo *AuthRequestRepo) CheckExternalUserLogin(ctx context.Context, authReq if errors.IsNotFound(err) { // clear potential user information (e.g. when username was entered but another external user was returned) request.SetUserInfo("", "", "", "", "", request.UserOrgID) + // in case the check was done with an ID, that was retrieved by a session that allows migration, + // we do not need to set the linking user and return early + if migrationCheck { + return err + } if err := repo.setLinkingUser(ctx, request, externalUser); err != nil { return err } diff --git a/internal/command/idp_intent_test.go b/internal/command/idp_intent_test.go index 08948a2009..acbb1eebf3 100644 --- a/internal/command/idp_intent_test.go +++ b/internal/command/idp_intent_test.go @@ -348,6 +348,95 @@ func TestCommands_AuthURLFromProvider(t *testing.T) { authURL: "auth?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&state=state", }, }, + { + "migrated and push", + fields{ + secretCrypto: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + eventstore: eventstoreExpect(t, + expectFilter( + eventFromEventPusherWithInstanceID( + "instance", + instance.NewOIDCIDPAddedEvent(context.Background(), &instance.NewAggregate("instance").Aggregate, + "idp", + "name", + "issuer", + "clientID", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("clientSecret"), + }, + []string{"openid", "profile", "User.Read"}, + false, + rep_idp.Options{}, + )), + eventFromEventPusherWithInstanceID( + "instance", + instance.NewOIDCIDPMigratedAzureADEvent(context.Background(), &instance.NewAggregate("instance").Aggregate, + "idp", + "name", + "clientID", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("clientSecret"), + }, + []string{"openid", "profile", "User.Read"}, + "tenant", + true, + rep_idp.Options{}, + )), + ), + expectFilter( + eventFromEventPusherWithInstanceID( + "instance", + instance.NewOIDCIDPAddedEvent(context.Background(), &instance.NewAggregate("instance").Aggregate, + "idp", + "name", + "issuer", + "clientID", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("clientSecret"), + }, + []string{"openid", "profile", "User.Read"}, + false, + rep_idp.Options{}, + )), + eventFromEventPusherWithInstanceID( + "instance", + instance.NewOIDCIDPMigratedAzureADEvent(context.Background(), &instance.NewAggregate("instance").Aggregate, + "idp", + "name", + "clientID", + &crypto.CryptoValue{ + CryptoType: crypto.TypeEncryption, + Algorithm: "enc", + KeyID: "id", + Crypted: []byte("clientSecret"), + }, + []string{"openid", "profile", "User.Read"}, + "tenant", + true, + rep_idp.Options{}, + )), + ), + ), + }, + args{ + ctx: authz.SetCtxData(context.Background(), authz.CtxData{OrgID: "ro"}), + idpID: "idp", + state: "state", + callbackURL: "url", + }, + res{ + authURL: "https://login.microsoftonline.com/tenant/oauth2/v2.0/authorize?client_id=clientID&prompt=select_account&redirect_uri=url&response_type=code&scope=openid+profile+User.Read&state=state", + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/internal/command/idp_model.go b/internal/command/idp_model.go index 0849c5bd01..417f984648 100644 --- a/internal/command/idp_model.go +++ b/internal/command/idp_model.go @@ -1653,6 +1653,14 @@ func (wm *IDPTypeWriteModel) Reduce() error { wm.reduceAdded(e.ID, domain.IDPTypeLDAP, e.Aggregate()) case *org.LDAPIDPAddedEvent: wm.reduceAdded(e.ID, domain.IDPTypeLDAP, e.Aggregate()) + case *instance.OIDCIDPMigratedAzureADEvent: + wm.reduceChanged(e.ID, domain.IDPTypeAzureAD) + case *org.OIDCIDPMigratedAzureADEvent: + wm.reduceChanged(e.ID, domain.IDPTypeAzureAD) + case *instance.OIDCIDPMigratedGoogleEvent: + wm.reduceChanged(e.ID, domain.IDPTypeGoogle) + case *org.OIDCIDPMigratedGoogleEvent: + wm.reduceChanged(e.ID, domain.IDPTypeGoogle) case *instance.IDPRemovedEvent: wm.reduceRemoved(e.ID) case *org.IDPRemovedEvent: @@ -1688,6 +1696,13 @@ func (wm *IDPTypeWriteModel) reduceAdded(id string, t domain.IDPType, agg events wm.InstanceID = agg.InstanceID } +func (wm *IDPTypeWriteModel) reduceChanged(id string, t domain.IDPType) { + if wm.ID != id { + return + } + wm.Type = t +} + func (wm *IDPTypeWriteModel) reduceRemoved(id string) { if wm.ID != id { return @@ -1713,6 +1728,8 @@ func (wm *IDPTypeWriteModel) Query() *eventstore.SearchQueryBuilder { instance.GitLabSelfHostedIDPAddedEventType, instance.GoogleIDPAddedEventType, instance.LDAPIDPAddedEventType, + instance.OIDCIDPMigratedAzureADEventType, + instance.OIDCIDPMigratedGoogleEventType, instance.IDPRemovedEventType, ). EventData(map[string]interface{}{"id": wm.ID}). @@ -1729,6 +1746,8 @@ func (wm *IDPTypeWriteModel) Query() *eventstore.SearchQueryBuilder { org.GitLabSelfHostedIDPAddedEventType, org.GoogleIDPAddedEventType, org.LDAPIDPAddedEventType, + org.OIDCIDPMigratedAzureADEventType, + org.OIDCIDPMigratedGoogleEventType, org.IDPRemovedEventType, ). EventData(map[string]interface{}{"id": wm.ID}). diff --git a/internal/command/user_idp_link.go b/internal/command/user_idp_link.go index 4c03f46436..46dd96b409 100644 --- a/internal/command/user_idp_link.go +++ b/internal/command/user_idp_link.go @@ -139,6 +139,24 @@ func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string return err } +func (c *Commands) MigrateUserIDP(ctx context.Context, userID, orgID, idpConfigID, previousID, newID string) (err error) { + if userID == "" { + return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing") + } + + writeModel, err := c.userIDPLinkWriteModelByID(ctx, userID, idpConfigID, previousID, orgID) + if err != nil { + return err + } + if writeModel.State != domain.UserIDPLinkStateActive { + return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound") + } + + userAgg := UserAggregateFromWriteModel(&writeModel.WriteModel) + _, err = c.eventstore.Push(ctx, user.NewUserIDPExternalIDMigratedEvent(ctx, userAgg, idpConfigID, previousID, newID)) + return err +} + func (c *Commands) userIDPLinkWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *UserIDPLinkWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() diff --git a/internal/command/user_idp_link_model.go b/internal/command/user_idp_link_model.go index 41ff5c6d52..edcd1ebd2b 100644 --- a/internal/command/user_idp_link_model.go +++ b/internal/command/user_idp_link_model.go @@ -35,6 +35,11 @@ func (wm *UserIDPLinkWriteModel) AppendEvents(events ...eventstore.Event) { continue } wm.WriteModel.AppendEvents(e) + case *user.UserIDPExternalIDMigratedEvent: + if e.IDPConfigID != wm.IDPConfigID || e.PreviousID != wm.ExternalUserID { + continue + } + wm.WriteModel.AppendEvents(e) case *user.UserIDPLinkRemovedEvent: if e.IDPConfigID != wm.IDPConfigID || e.ExternalUserID != wm.ExternalUserID { continue @@ -59,6 +64,8 @@ func (wm *UserIDPLinkWriteModel) Reduce() error { wm.DisplayName = e.DisplayName wm.ExternalUserID = e.ExternalUserID wm.State = domain.UserIDPLinkStateActive + case *user.UserIDPExternalIDMigratedEvent: + wm.ExternalUserID = e.NewID case *user.UserIDPLinkRemovedEvent: wm.State = domain.UserIDPLinkStateRemoved case *user.UserIDPLinkCascadeRemovedEvent: @@ -77,6 +84,7 @@ func (wm *UserIDPLinkWriteModel) Query() *eventstore.SearchQueryBuilder { AggregateTypes(user.AggregateType). AggregateIDs(wm.AggregateID). EventTypes(user.UserIDPLinkAddedType, + user.UserIDPExternalIDMigratedType, user.UserIDPLinkRemovedType, user.UserIDPLinkCascadeRemovedType, user.UserRemovedType). diff --git a/internal/command/user_idp_link_test.go b/internal/command/user_idp_link_test.go index af6499785a..207a8e9df5 100644 --- a/internal/command/user_idp_link_test.go +++ b/internal/command/user_idp_link_test.go @@ -669,3 +669,119 @@ func TestCommandSide_ExternalLoginCheck(t *testing.T) { }) } } + +func TestCommandSide_MigrateUserIDP(t *testing.T) { + type fields struct { + eventstore func(t *testing.T) *eventstore.Eventstore + } + type args struct { + ctx context.Context + userID string + orgID string + idpConfigID string + previousID string + newID string + } + type res struct { + err error + } + tests := []struct { + name string + fields fields + args args + res res + }{ + { + name: "userid missing, invalid argument error", + fields: fields{ + eventstore: expectEventstore(), + }, + args: args{ + ctx: context.Background(), + userID: "", + orgID: "org1", + idpConfigID: "idpConfig1", + previousID: "previousID", + newID: "newID", + }, + res: res{ + err: caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing"), + }, + }, + { + name: "idp link not active, precondition failed error", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "displayName", + "externalUserID", + ), + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + orgID: "org1", + idpConfigID: "idpConfig1", + previousID: "previousID", + newID: "newID", + }, + res: res{ + err: caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound"), + }, + }, + { + name: "external login check, ok", + fields: fields{ + eventstore: expectEventstore( + expectFilter( + eventFromEventPusher( + user.NewUserIDPLinkAddedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "displayName", + "previousID", + ), + ), + ), + expectPush( + []*repository.Event{ + eventFromEventPusher( + user.NewUserIDPExternalIDMigratedEvent(context.Background(), + &user.NewAggregate("user1", "org1").Aggregate, + "idpConfig1", + "previousID", + "newID", + ), + ), + }, + ), + ), + }, + args: args{ + ctx: context.Background(), + userID: "user1", + orgID: "org1", + idpConfigID: "idpConfig1", + previousID: "previousID", + newID: "newID", + }, + res: res{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + r := &Commands{ + eventstore: tt.fields.eventstore(t), + } + err := r.MigrateUserIDP(tt.args.ctx, tt.args.userID, tt.args.orgID, tt.args.idpConfigID, tt.args.previousID, tt.args.newID) + assert.ErrorIs(t, err, tt.res.err) + }) + } +} diff --git a/internal/idp/providers/azuread/azuread.go b/internal/idp/providers/azuread/azuread.go index da1ce0ead5..244f383e1c 100644 --- a/internal/idp/providers/azuread/azuread.go +++ b/internal/idp/providers/azuread/azuread.go @@ -15,7 +15,8 @@ import ( const ( authURLTemplate string = "https://login.microsoftonline.com/%s/oauth2/v2.0/authorize" tokenURLTemplate string = "https://login.microsoftonline.com/%s/oauth2/v2.0/token" - userinfoURL string = "https://graph.microsoft.com/v1.0/me" + userURL string = "https://graph.microsoft.com/v1.0/me" + userinfoEndpoint string = "https://graph.microsoft.com/oidc/userinfo" ScopeUserRead string = "User.Read" ) @@ -87,7 +88,7 @@ func New(name, clientID, clientSecret, redirectURI string, scopes []string, opts rp, err := oauth.New( config, name, - userinfoURL, + userURL, func() idp.User { return &User{isEmailVerified: provider.emailVerified} }, diff --git a/internal/idp/providers/azuread/session.go b/internal/idp/providers/azuread/session.go new file mode 100644 index 0000000000..5bc7bb84c9 --- /dev/null +++ b/internal/idp/providers/azuread/session.go @@ -0,0 +1,29 @@ +package azuread + +import ( + "net/http" + + httphelper "github.com/zitadel/oidc/v2/pkg/http" + "github.com/zitadel/oidc/v2/pkg/oidc" + + "github.com/zitadel/zitadel/internal/idp/providers/oauth" +) + +// Session extends the [oauth.Session] to extend it with the [idp.SessionSupportsMigration] functionality +type Session struct { + *oauth.Session +} + +// RetrievePreviousID implements the [idp.SessionSupportsMigration] interface by returning the `sub` from the userinfo endpoint +func (s *Session) RetrievePreviousID() (string, error) { + req, err := http.NewRequest("GET", userinfoEndpoint, nil) + if err != nil { + return "", err + } + req.Header.Set("authorization", s.Tokens.TokenType+" "+s.Tokens.AccessToken) + userinfo := new(oidc.UserInfo) + if err := httphelper.HttpRequest(s.Provider.HttpClient(), req, &userinfo); err != nil { + return "", err + } + return userinfo.Subject, nil +} diff --git a/internal/idp/providers/azuread/session_test.go b/internal/idp/providers/azuread/session_test.go index 5c6c45b4ef..531d909b92 100644 --- a/internal/idp/providers/azuread/session_test.go +++ b/internal/idp/providers/azuread/session_test.go @@ -247,12 +247,12 @@ func TestSession_FetchUser(t *testing.T) { provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes, tt.fields.options...) require.NoError(t, err) - session := &oauth.Session{ + session := &Session{Session: &oauth.Session{ AuthURL: tt.fields.authURL, Code: tt.fields.code, Tokens: tt.fields.tokens, Provider: provider.Provider, - } + }} user, err := session.FetchUser(context.Background()) if tt.want.err != nil && !tt.want.err(err) { @@ -294,3 +294,116 @@ func userinfo() *User { UserPrincipalName: "username", } } + +func TestSession_RetrievePreviousID(t *testing.T) { + type fields struct { + name string + clientID string + clientSecret string + redirectURI string + scopes []string + httpMock func() + tokens *oidc.Tokens[*oidc.IDTokenClaims] + } + type res struct { + id string + err bool + } + tests := []struct { + name string + fields fields + res res + }{ + { + name: "invalid token", + fields: fields{ + clientID: "clientID", + clientSecret: "clientSecret", + redirectURI: "redirectURI", + httpMock: func() { + gock.New("https://graph.microsoft.com"). + Get("/oidc/userinfo"). + Reply(401) + }, + tokens: &oidc.Tokens[*oidc.IDTokenClaims]{ + Token: &oauth2.Token{ + AccessToken: "accessToken", + TokenType: oidc.BearerToken, + }, + IDTokenClaims: oidc.NewIDTokenClaims( + "https://login.microsoftonline.com/consumers/oauth2/v2.0", + "sub", + []string{"clientID"}, + time.Now().Add(1*time.Hour), + time.Now().Add(-1*time.Second), + "nonce", + "", + nil, + "clientID", + 0, + ), + }, + }, + res: res{ + err: true, + }, + }, + { + name: "success", + fields: fields{ + clientID: "clientID", + clientSecret: "clientSecret", + redirectURI: "redirectURI", + httpMock: func() { + gock.New("https://graph.microsoft.com"). + Get("/oidc/userinfo"). + Reply(200). + JSON(`{"sub":"sub"}`) + }, + tokens: &oidc.Tokens[*oidc.IDTokenClaims]{ + Token: &oauth2.Token{ + AccessToken: "accessToken", + TokenType: oidc.BearerToken, + }, + IDTokenClaims: oidc.NewIDTokenClaims( + "https://login.microsoftonline.com/consumers/oauth2/v2.0", + "sub", + []string{"clientID"}, + time.Now().Add(1*time.Hour), + time.Now().Add(-1*time.Second), + "nonce", + "", + nil, + "clientID", + 0, + ), + }, + }, + res: res{ + id: "sub", + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + defer gock.Off() + tt.fields.httpMock() + a := assert.New(t) + + provider, err := New(tt.fields.name, tt.fields.clientID, tt.fields.clientSecret, tt.fields.redirectURI, tt.fields.scopes) + require.NoError(t, err) + session := &Session{Session: &oauth.Session{ + Tokens: tt.fields.tokens, + Provider: provider.Provider, + }} + + id, err := session.RetrievePreviousID() + if tt.res.err { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + a.Equal(tt.res.id, id) + }) + } +} diff --git a/internal/idp/session.go b/internal/idp/session.go index 8cc2dbfef9..75f2e7a1e6 100644 --- a/internal/idp/session.go +++ b/internal/idp/session.go @@ -9,3 +9,12 @@ type Session interface { GetAuthURL() string FetchUser(ctx context.Context) (User, error) } + +// SessionSupportsMigration is an optional extension to the Session interface. +// It can be implemented to support migrating users, were the initial external id has changed because of a migration of the Provider type. +// E.g. when a user was linked on a generic OIDC provider and this provider has now been migrated to an AzureAD provider. +// In this case OIDC used the `sub` claim and Azure now uses the id of the user endpoint, which differ. +// The RetrievePreviousID will return the `sub` claim again, so that the user can be matched and safely migrated to the new id. +type SessionSupportsMigration interface { + RetrievePreviousID() (previousID string, err error) +} diff --git a/internal/query/projection/idp_user_link.go b/internal/query/projection/idp_user_link.go index d4d3fb2284..ed47ff1de5 100644 --- a/internal/query/projection/idp_user_link.go +++ b/internal/query/projection/idp_user_link.go @@ -77,6 +77,10 @@ func (p *idpUserLinkProjection) reducers() []handler.AggregateReducer { Event: user.UserRemovedType, Reduce: p.reduceUserRemoved, }, + { + Event: user.UserIDPExternalIDMigratedType, + Reduce: p.reduceExternalIDMigrated, + }, }, }, { @@ -195,6 +199,27 @@ func (p *idpUserLinkProjection) reduceUserRemoved(event eventstore.Event) (*hand ), nil } +func (p *idpUserLinkProjection) reduceExternalIDMigrated(event eventstore.Event) (*handler.Statement, error) { + e, err := assertEvent[*user.UserIDPExternalIDMigratedEvent](event) + if err != nil { + return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-AS3th", "reduce.wrong.event.type %s", user.UserIDPExternalIDMigratedType) + } + + return crdb.NewUpdateStatement(e, + []handler.Column{ + handler.NewCol(IDPUserLinkChangeDateCol, e.CreationDate()), + handler.NewCol(IDPUserLinkSequenceCol, e.Sequence()), + handler.NewCol(IDPUserLinkExternalUserIDCol, e.NewID), + }, + []handler.Condition{ + handler.NewCond(IDPUserLinkIDPIDCol, e.IDPConfigID), + handler.NewCond(IDPUserLinkUserIDCol, e.Aggregate().ID), + handler.NewCond(IDPUserLinkExternalUserIDCol, e.PreviousID), + handler.NewCond(IDPUserLinkInstanceIDCol, e.Aggregate().InstanceID), + }, + ), nil +} + func (p *idpUserLinkProjection) reduceIDPConfigRemoved(event eventstore.Event) (*handler.Statement, error) { var idpID string diff --git a/internal/query/projection/idp_user_link_test.go b/internal/query/projection/idp_user_link_test.go index cc6548a980..a343fe0b63 100644 --- a/internal/query/projection/idp_user_link_test.go +++ b/internal/query/projection/idp_user_link_test.go @@ -207,6 +207,42 @@ func TestIDPUserLinkProjection_reduces(t *testing.T) { }, }, }, + { + name: "reduceExternalIDMigrated", + args: args{ + event: getEvent(testEvent( + repository.EventType(user.UserIDPExternalIDMigratedType), + user.AggregateType, + []byte(`{ + "idpConfigId": "idp-config-id", + "previousId": "previous-id", + "newId": "new-id" +}`), + ), eventstore.GenericEventMapper[user.UserIDPExternalIDMigratedEvent]), + }, + reduce: (&idpUserLinkProjection{}).reduceExternalIDMigrated, + want: wantReduce{ + aggregateType: user.AggregateType, + sequence: 15, + previousSequence: 10, + executer: &testExecuter{ + executions: []execution{ + { + expectedStmt: "UPDATE projections.idp_user_links3 SET (change_date, sequence, external_user_id) = ($1, $2, $3) WHERE (idp_id = $4) AND (user_id = $5) AND (external_user_id = $6) AND (instance_id = $7)", + expectedArgs: []interface{}{ + anyArg{}, + uint64(15), + "new-id", + "idp-config-id", + "agg-id", + "previous-id", + "instance-id", + }, + }, + }, + }, + }, + }, { name: "org IDPConfigRemovedEvent", args: args{ diff --git a/internal/repository/user/eventstore.go b/internal/repository/user/eventstore.go index 3a1247e524..8aede0d193 100644 --- a/internal/repository/user/eventstore.go +++ b/internal/repository/user/eventstore.go @@ -67,6 +67,7 @@ func RegisterEventMappers(es *eventstore.Eventstore) { RegisterFilterEventMapper(AggregateType, UserIDPLinkRemovedType, UserIDPLinkRemovedEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPLinkCascadeRemovedType, UserIDPLinkCascadeRemovedEventMapper). RegisterFilterEventMapper(AggregateType, UserIDPLoginCheckSucceededType, UserIDPCheckSucceededEventMapper). + RegisterFilterEventMapper(AggregateType, UserIDPExternalIDMigratedType, eventstore.GenericEventMapper[UserIDPExternalIDMigratedEvent]). RegisterFilterEventMapper(AggregateType, HumanEmailChangedType, HumanEmailChangedEventMapper). RegisterFilterEventMapper(AggregateType, HumanEmailVerifiedType, HumanEmailVerifiedEventMapper). RegisterFilterEventMapper(AggregateType, HumanEmailVerificationFailedType, HumanEmailVerificationFailedEventMapper). diff --git a/internal/repository/user/human_external_idp.go b/internal/repository/user/human_external_idp.go index 6a279951a6..e5a62e00b6 100644 --- a/internal/repository/user/human_external_idp.go +++ b/internal/repository/user/human_external_idp.go @@ -18,6 +18,7 @@ const ( UserIDPLinkAddedType = UserIDPLinkEventPrefix + "added" UserIDPLinkRemovedType = UserIDPLinkEventPrefix + "removed" UserIDPLinkCascadeRemovedType = UserIDPLinkEventPrefix + "cascade.removed" + UserIDPExternalIDMigratedType = UserIDPLinkEventPrefix + "id.migrated" UserIDPLoginCheckSucceededType = idpLoginEventPrefix + "check.succeeded" ) @@ -212,3 +213,41 @@ func UserIDPCheckSucceededEventMapper(event *repository.Event) (eventstore.Event return e, nil } + +type UserIDPExternalIDMigratedEvent struct { + eventstore.BaseEvent `json:"-"` + IDPConfigID string `json:"idpConfigId"` + PreviousID string `json:"previousId"` + NewID string `json:"newId"` +} + +func (e *UserIDPExternalIDMigratedEvent) Data() interface{} { + return e +} + +func (e *UserIDPExternalIDMigratedEvent) UniqueConstraints() []*eventstore.EventUniqueConstraint { + return nil +} + +func (e *UserIDPExternalIDMigratedEvent) SetBaseEvent(event *eventstore.BaseEvent) { + e.BaseEvent = *event +} + +func NewUserIDPExternalIDMigratedEvent( + ctx context.Context, + aggregate *eventstore.Aggregate, + idpConfigID, + previousID, + newID string, +) *UserIDPExternalIDMigratedEvent { + return &UserIDPExternalIDMigratedEvent{ + BaseEvent: *eventstore.NewBaseEventForPush( + ctx, + aggregate, + UserIDPExternalIDMigratedType, + ), + IDPConfigID: idpConfigID, + PreviousID: previousID, + NewID: newID, + } +} diff --git a/internal/static/i18n/bg.yaml b/internal/static/i18n/bg.yaml index 33dd828a72..9f0d302cd4 100644 --- a/internal/static/i18n/bg.yaml +++ b/internal/static/i18n/bg.yaml @@ -607,6 +607,8 @@ EventTypes: removed: Външният IDP е премахнат cascade: removed: Външната IDP каскада е премахната + id: + migrated: Външният потребителски идентификатор на IDP беше мигриран phone: changed: Телефонният номер е променен verified: Телефонният номер е потвърден diff --git a/internal/static/i18n/de.yaml b/internal/static/i18n/de.yaml index b485f65c67..0607b9cf2b 100644 --- a/internal/static/i18n/de.yaml +++ b/internal/static/i18n/de.yaml @@ -595,6 +595,8 @@ EventTypes: removed: Externer IDP wurde gelöscht cascade: removed: Externer IDP wurde kaskadiert gelöscht + id: + migrated: Externe UserID des IDP wurde migriert phone: changed: Telefonnummer geändert verified: Telefonnummer verifiziert diff --git a/internal/static/i18n/en.yaml b/internal/static/i18n/en.yaml index 93a5290456..b9f92456d5 100644 --- a/internal/static/i18n/en.yaml +++ b/internal/static/i18n/en.yaml @@ -595,6 +595,8 @@ EventTypes: removed: External IDP removed cascade: removed: External IDP cascade removed + id: + migrated: External UserID of IDP was migrated phone: changed: Phone number changed verified: Phone number verified diff --git a/internal/static/i18n/es.yaml b/internal/static/i18n/es.yaml index 5dc4a3ab49..e45a075918 100644 --- a/internal/static/i18n/es.yaml +++ b/internal/static/i18n/es.yaml @@ -595,6 +595,8 @@ EventTypes: removed: IDP externo eliminado cascade: removed: IDP externo eliminado en cascada + id: + migrated: Se migró el ID de usuario externo del IDP phone: changed: Número de teléfono modificado verified: Número de teléfono verificado diff --git a/internal/static/i18n/fr.yaml b/internal/static/i18n/fr.yaml index b80a9ed33e..150d9b0302 100644 --- a/internal/static/i18n/fr.yaml +++ b/internal/static/i18n/fr.yaml @@ -593,6 +593,8 @@ EventTypes: removed: Externer IDP supprimé cascade: removed: Externer IDP cascade supprimé + îd: + migrated: L'ID utilisateur externe de l'IDP a été migré phone: changed: Le numéro de téléphone a changé verified: Numéro de téléphone vérifié diff --git a/internal/static/i18n/it.yaml b/internal/static/i18n/it.yaml index e1bd873bb1..fc50f082cf 100644 --- a/internal/static/i18n/it.yaml +++ b/internal/static/i18n/it.yaml @@ -593,6 +593,8 @@ EventTypes: removed: IDP esterno rimosso cascade: removed: Cascata IDP rimossa + id: + migrated: L'ID utente esterno dell'IDP è stato migrato phone: changed: Numero di telefono cambiato verified: Numero di telefono verificato diff --git a/internal/static/i18n/ja.yaml b/internal/static/i18n/ja.yaml index eadf7ad5ab..bbf565e071 100644 --- a/internal/static/i18n/ja.yaml +++ b/internal/static/i18n/ja.yaml @@ -580,6 +580,8 @@ EventTypes: removed: 外部IDPの削除 cascade: removed: 外部IDPカスケードの削除 + id: + migrated: IDP の外部ユーザー ID が移行されました phone: changed: 電話番号の変更 verified: 電話番号の検証 diff --git a/internal/static/i18n/mk.yaml b/internal/static/i18n/mk.yaml index c3fcfdf69b..78d059f1f3 100644 --- a/internal/static/i18n/mk.yaml +++ b/internal/static/i18n/mk.yaml @@ -591,6 +591,8 @@ EventTypes: removed: Отстранет надворешен IDP cascade: removed: Отстранета каскадата на надворешни IDP + id: + migrated: Надворешниот кориснички ID на IDP е мигриран phone: changed: Променет број на телефон verified: Верифициран број на телефон diff --git a/internal/static/i18n/pl.yaml b/internal/static/i18n/pl.yaml index aa84c8ca5b..fb7b80114a 100644 --- a/internal/static/i18n/pl.yaml +++ b/internal/static/i18n/pl.yaml @@ -595,6 +595,8 @@ EventTypes: removed: Usunięto zewnętrzne IDP cascade: removed: Usunięto kaskadę zewnętrznego IDP + id: + migrated: Identyfikator użytkownika zewnętrznego dostawcy tożsamości został przeniesiony phone: changed: Numer telefonu zmieniony verified: Numer telefonu zweryfikowany diff --git a/internal/static/i18n/pt.yaml b/internal/static/i18n/pt.yaml index 4f3c5af85c..932ed66543 100644 --- a/internal/static/i18n/pt.yaml +++ b/internal/static/i18n/pt.yaml @@ -586,6 +586,8 @@ EventTypes: removed: IDP externo removido cascade: removed: Cascade de IDP externo removido + id: + migrated: O ID de usuário externo do IDP foi migrado phone: changed: Número de telefone alterado verified: Número de telefone verificado diff --git a/internal/static/i18n/zh.yaml b/internal/static/i18n/zh.yaml index fb068a2337..10f7072d30 100644 --- a/internal/static/i18n/zh.yaml +++ b/internal/static/i18n/zh.yaml @@ -589,6 +589,8 @@ EventTypes: removed: 移除了外部 IDP cascade: removed: 移除了外部 IDP + id: + migrated: IDP 的外部用户 ID 已迁移 phone: changed: 修改手机号码 verified: 已验证手机号码

KJPRB&C&Y`YKL2!A%+`O_d#XRA_qTJvce@@DVbQP~lX2dl-Ui^O?m zf!0gbcKQo<3{4fC$cIP*);JVfPor~VGj{I)I3^IR+Hn5<3^PdAN^L6M8X4$l$1fe- zw+QoNs>e1eFrXBE!!S+uLflbWL~(bitoOCu>LzM_sJ9$;BkmrtI8?1%f%sh#oivEW zQDHLaz3tRCzOnz{ZErd>$at{lg^Y?~n}NFEiM{37rJoLbtSUv^CuWeSET@ORMqbIO zz$2!zXgpLLcTdcCb}B>CeS9HiPqi$Ma-0()a%b&xhCje6PWr~{byKM4*^tA};wQ5k ziQW%KIA?}UC!+Sx3?@XDcrSM~(@(OAppfT%kEf;yw4U7J@fbZ3$jZRx&ZTP`Zrnq| zIY#4&CT+GKbUGf_Sz{VKlf*Ah@S!VnGG4dhcWM{0q~v(opHibuIw9IFbiR}!-l(o4j!k8 zsC`MzFtBUk#}oVIRijnPi5cgG=FHQ}ocW&(Umgh@e6i+iI`1k3u_-W!8agEGe=c%_ z%S$a8NLrt$o>=0dTkj(=8$D-H{lb_3Lx%tBLiLWhr|)~TUf&hUp~%r5cyg7H{V>XD z0UeUfL!JAh86~P*C_ayE>x>ql74#Z<^^a2NW%Cxv6BO($q)?_%8`NN5hOu zI0h)+t2`h`wlo?FfgvA#_>N&+SUxyairZ+;%4%xq<3j+l&Dreo^Y$UyOhvFdeVh4v zk(%o}o%Rq|{4_3P%*5Y3@E-g=xV-CVUQm}}J}?E!Bo+7U{`8%tu{>*+#PMHK_c&7q z^zjt>VXuEz|M0Yv{m)H3UMWrfg&$RLWFye2ImQN^c?wk@{RPbq`RgGCP@fJ|qj2zoK`{omVyN z+cGDji+!t8_58&P{-YqdIrnS}7@4m7@k?%S(7lBFoilM9X`KNItNp>-yE({ptjbTT zmbox#C25rVDAbH7JuyctNU?;UNBAVf1AbTyU(jm>Xp2>=r3)FK`xyQUOI(vGvR%u% zhER;1c9_Y-18@kSKn1N+f5_}*NFF~~4IMkq-|pQER=^^Ir&iGk9>mZUQL8{B-X94` z8q1qwnHsTX4lYcG?w^ZEMuHopfc&pQTzNOp)`Z*7&N5lEI0o(4ZNZIz&z$avtTj*$ z8}GP{RnoXpBP#{be&cchlcC866+;Z%2Fv4<^!c zO~xDx;dnxq%i+Fv=>r_9Nf-<$PCxZAvkcL*^mK6FN?`aG?1 zZ@#D9XdfTk+who8r4~jm*isW-h5_t+y|!MvBM*BI zYc5uAqU~3ugT$DQt?@>RUQ2=HaPfJ?p$R2H*zd&|!7ug5{o2Fc)K=U5FsWfNsW2AvYyg9qa^dQdS}UU>6;20qZ;+O?q6Lgke!ip)iJMJhx%YEwLRfc0&Bk(Hm2^=Gi+` z=)My{N8tMVtm4aF zHLvL1&adn4YSP)+A**?Ub9dBqLN}zDU?R0B zYN_OTbIC-Sd$l1*xf`*Ho7>5A4u`F1tle!ge5(&M64s(xM)w(nz=YN3=1jbG3E#wqe3JUPk_+zQ?hj>0 zJZ=BIXy&rTqxl3FvNvnDWsspU^gke=r^*`ev6%mWBQC_jBZSC z6wOfSL$16rR;J-U6}{Z3I31Vy+$`}um>5;Ve3R6Lo(?FL^9Ff5b0;~&q5B^!fSn)Nor190 zkXqx^{fn*vrEjtAk4LJSxS54P9%;*mW5xBv8c)MVs3ToXkt+BcU{AL}nUr}z#~|Xn z*VSJJgOe%iYT;6+4d&%?KMn&KbzL~&6;Dzel+I>xW-BsIIN+>m&rM>gH`}?lhw=Hj zUf-ctDM#-;Ks@5bE#)_VI=%TSr?!I#AGY<4-R@A|XW#O1TU9!ps!PW4Ze*6}#%^1U z1?-2ylGfybr7Y_JLbX;j=DrP{m*MkJG3=KV;KnyXD1;RiD)^Q0&L5q_zSKE|M^`!r z(oQTqRVooo)5{r)a&aeYk5HZ{l!o&y?a(5f`E4?S1D{1jB@N3t zFQ(6Wel&vNI1vA>t#4AB*r=mR?&=#T?IlaQ3y3SLo95H)1j_m={5I!jm1W^8klL3U z&MRXr2IK3Z>r}O6YiyWekC4gV!RKbY$HxjbOGvQNtRik{rF8VP@Oe*?1OhD*>S~DA z&R-DnuYIh|wo9Ixk%<>cQ%D{I+#ycB%Ac#v0<7PxwBBlV*HeWMi&Y2%HF zNM4`0<{c}QnWtDw`L9=Y!*tyX=Y=;7TG>`QF@YCE?Ssz5p6ycj>Z!cnC*lz#?R|KA z?E;({`R~bPL%)yF*=w=BJDi}<>&U&_p!lS*jE}=qS`gzh>V^fy$@)Xk^QpckI z`Hh^V4SDtX{ImN^+ea(`mBof+W#ft}8wV$lw+ED)CO7DjfLrXnd%hXOaA3&O?aKhJ z1`Cml!!Sz9B`)vgx_XIu=J;CU6@*_7Yl|(9?Gpl*k1G-F6*nC`p77O6{orlkuRY@! zRL}HeN!G~!D1)*)d_mo@ud7kX#ifhmiOk{q8s6g=h1nK`39BHxTmS?>6kefVSCHot zj8uY;kW;s{FS0#^BMZPqfXn^kD8qcw3fQWTpRSn24%p6sf@Ri;g5#{fVD63*E5hY5 z?3tKm&@KEB@;XWoni`Rw4TYBh)2XB`mQG-!6{dmspA3QuPjGFwi7PtA<@M!^oQHVo z0a@4n8h4-Ls!vJZGu^!p;f413xt~|SwS1*jxm42KXE#-M&h}5dS#a&N$2wBo3sZ?N zjIs=y72SK<9nuMEJlc-F?vft|2aZ4|2%K|s%)d)!|<%jQ)+<0Bi9qnNq zSqPB?x&27ZB;f?xLP<^w;Z{>B-S628hp>LMKk3|aX0dT+hGr>LFd(tf5{l>Z3qOzc z{CWr9RkmNG%8SHBH(5w6Na0pT%&Yf;(P@0n&#U)QHJbxI@6F1gulkFWcR?xzI2XDI z>CABbCiiX*^U^1rZE=cM%+&C|<^!5PT9Br*-_b-wlX(7|@;ht?kKFEsYs=CeRFzCB zFll`kt2=0g4g^ai&j@yUpvl5^Zq0v|! zzlh98QkICid4}Kke9Z@yHUd*?@41qiLZ!f9Qa;o>$7t%Q`qYS2(qb88)nX`l{d8EH z5dY`BUDpPTbyw#+p_w>@$e$ew=Tm&EMzCkeXYou}o2t=_R$s|chw-5K{T?mEx8Re+ z@{F+_CP&dLD63RzCfdR0S;zO;c`dD&|G3Jo5S45 zENQTdXJWtV*0>wB0(HiOe-7;)b?@c=%bsW_Q%haWli}cV5?h+o^cH33*>c%LgMJgw z1dkt4xkPeq<6I32kps{DEp)%Ldy`&n>W_yu(CK3PqfQ1~;HyoWEHREbaVEW8jxB>Z zA<5t*=BG7r>1ev6x){Hc-&&|k_qdZq+=FT@4fbtgNFv4|udAzIwv~xV*gU%j-}|$M z(>7xgqpt_21twvm z*`7dbXGB5+M!_*dQ*AIfUfNQ>MNc3!u#1j-c;}A7>|@WP1l;tsMAbD8UcJ*V&%ZOh zA1ZQp@N|Q>fV&LaHu&_9ux)T3cetElme9!HYvyE~yS%;I22uWCucCCqx3emKW{ymf z%g{^M$n382wJ0}X^ULa*T~Zr}GX3hAJ7y8tzVnzuIf^QgY@3(cIEY-m6+2+_COQc} zsU&&*+{&)f#`m&zneF!!$r=`#beSnR*;`Y$8WQRI=x#K*fA~g#He1F@@WxK^(`8tu z3#ot-0n74gCl1F++SD!cTQ}EVW_&Filp`bZ^z)XeS~@$#*|k@haH(Rc%}xx%nBVZe z5opIf_3a*s*4kT_fKq;)=Xa|+DYAx^I_>ki=-^2TFzZbl!=Y*ID7dqQ{@tPJxyRqV zn|8>Lk2a0UC}H;8;=C~yBOSJ$hN&GvmGyQGRwj@kb#FO33(dFn$x?L@eNx<_klJa- z%V0jI&eH;ZK5dN<3#1zUvr;%1Hmf(Q|&>Q%yw-qPnZ`;vmawx4@EQrEY9S|t zON~6xPvbO0^8Os>m$6|3(22fVw4+W*mhS?6b@r>=v8aDKC*5O~;Ek#cs}{AJP4u?f zbG@nBOydv&wZ+CSo!yfvPuWLqejAOdjUR`t*`?!39w^eQ<$APh%w0d9qtZ>XTn>hV+Z5+R(zM#;ci+@9s0myhg=4)L zWQ^o(jlm4b9^+9ZqA@vb52=9En;pLgXm9d93?cPQIaA!5N@0FRJN2M-3yZ*{Zf8yc zE2E&BW^(4o*bfIT5>2eu^YY0E#FNV@O}&#RrZij8=7FN$^A94(_BEKin^NfOr2MvB$2-FQqc0CQ@2msvq&M_CEo2zuWo<4k5Hp=HZC&HqnT*>7^CP#0$AJK zgGbDR>lruHd|jj6K3TgFa5JVN$fuO)PkZmG{ zw)(+kv>yv+u^U8ie1QLH-d;Ir7iHB@j-^JJO&BopZPA$jW+abOV0JT%P!j*{c7@@U>A!tS$ofZr8{4$oGT5y!e zj|!?UMFst6)-!)z?ioCg*Xbygo>fuun$N~HVvhV3rXcZS(s6VO<-nNDtn(qmeQlKN zp9Ovdv?>zyNDq-m!M0e;a%@XIkIx4iDd~;LPffw-@Ng{&=f$57jrVw^E3{NnRGVvf zXGG6l_gQZQ9!gPXzt}0jA;AooG-+QhaYU9MZ*LquZ$sIFXm`I3+BD{qv~`+g0p(}E zgKI#^XnUrGdL}S6r2hC?DR2Ui8T?Hatnw-pAB=uT^#c%JVd}i$PZ^|=-1WT zo4RWvjdWm~GAv@rOJZ8#F`nc+;#PsEm|ki(iEgZ~Sw`Rp-{Oj-SYUrA))h_G_AY}K z-$>tJolP5BUUdpx%w%$fMOxu;lRZmReERJzKkUb9aaMBe3e_oMSl`%@p4@^43^ z;`I@X^VY0RXkzCtch@mY*ijVc{~6iw*!R z^>|NZjg&&pZ4QX-^v)@l@24XgHNS7=Oi&Qs-E%$;RctKL3_MvvsAMY!=y! z&&4YD2neRIiM4)!!<;_fF|(Awh54X_s$v2goexs}>h`W~-}|K!qRSP(IV6$adC@}( ztT7NTWMRfYa#Jh<_P&a~sj3%*#LBB1J8wHG2vm9PO-2|@CN25@;AD8K=et~o|MYld z)lU(z0_m(c(>JV~%^e&doDe~m9xd+tNRWzV``F;${nf_D4>!na84r%zMeV5SfjH-@ zF0L6+feRf!UPTsh&j5GJ4q>|jr z-^1Yg3A;@?EUL?lWe*VM-4AvG7#3QvO%57*YZZP@G_h{G2iNw$KJ#@crTRE=+n5`p zOezKH!5|g(am1}5R}ID~up7^ZN z_G5uQ{P$Oc6H`yhgUUMv8{o_CRm>I>K!-PvlC61N9@N8ok5&tMA%Fu?{|e@91V)JzHKNT;~u> zG+pOuEEe6J%gDaTwt1`Ie6yc!{Z!ldxe@P5fb6aVQT0Ov6u}V?z2p$V3_=gLy1&|m zzVn%Y)4T=Ah_zp!S4xiFN7i-FK?yT0E*6Y-nDeSl2TSlddRBo==$zqhxPbar@|u6f z2CH53i9>s;e;NPBUva!oq8#pTz5z zR1Wx9oh!xT_zrw4_gBjm>l&@B!vh!onzFhn;@VikFWIB@x;#kO`{XKH7=R>z6Es^2 z2NdY~D3xl}M>Fo%$i+t1*(`=1!syvMK3Yg{*2IIvRr@;yj(0^2EQsu7TO)C<#zc(d-}d0 zk7lF4wj}(ioJ{N4=8TlidNoG;2N4prm&dz{i$<-=q5#KepJa$0R3!d1PHrLL$Dg9uRWDlx7)L#R4dRDN|TauX)Fm_+-!Hb zIHOFWer-R$Vp@SAS~s4M_VQDs{RIa9DQ$Pn=BrqaO9a1PXxN-?pfmB(Xte(W0z$y# zQj=8aWXelD4Sjo-HDb;BUz3SU1&i38Bpm28GzwvfP^pScP9px2wE+5MUO18hy8j=Y z`I~l0|B9)23IGetcrE&wL1HbURPxdGT*M5uLTH?67EJ_oq|G!Tm+ea~n~gm9jW;cE zjU^sFG*{ie)IvgaLE1lX1^=yHSDytMfAKI2AnM(P7Z{j`I96IyfuYj7XroD~Ueowp~utbLTBeF`dEH zvV^q&JcvIY9a$@hf+&Dl(HU4~-R|bEinlcXg+mUq^nZ28o4D_PB-)1vPy@5eq;<~$ z$+)DdO~!{mTkW~4qa3#a#a)a`ixRNFF?`QtB*9#KQCCQ6wW#E{;-wm%pF6~f$1+I( z^`n`-$9@F~KuQcoHS?vV{C^DU5$0uH!J^SA;g`#C)y^jGq&4KSb2w_mF^cf1Y)4$a z(+U8^i47O(#`Dz3Gvw{Bm{ybLAHKUv_Xltyz;M5OWBFfi35f)6DHfj|em=z|Idu$x zx6*pl%0v@WdC(V};e0wk0Uy~ikc>(ugu1du;(Vx-=rD!55S-`Vh@8!_{|Bl-j1*+k)Q*#N>ey7YG0rlln zW9!Q_KipIRTZ7g5X}%>&Pk0s0(A-!><)YFtA|UC|@x^&b7Y8_^hW#8q7~RQh!{9$# zy+WJ^Jvap(ZY}EW%>RIT2oW#>!qMIl-JtR^6f2j+h&(w2aMHS+ePILfec!Qs0GNjd z(r)-Igq;=P~DTxO=uS^x>hj%6}q$7cnQ9=RSJZ$iw1BLR9^|p7_76zZ{ zBbOYtjn$c7pgG`0I`H86`+}eBu3q|A;dlqTylC{w6|qIYqL zflQecJ84v<0Ho8lu}pJ835C{-B$O20>DT}zWZDl!W#=YbY`9M@A&-B(e(TZ;VbFd1 zANV7rZi_%}B6>3mFB_4eP7YR)$wFu=hRT(@_%WxWV$KjL;oB=4&6eHxYa->sT8bJ6 zi@lP5xb(}jdrNv6?Ey-rT(JFD!pNXUo-;IJV}^O5)Re>D|7B+Wk4RH5;VO;;v|3)?o2pb<5J?4y?Z;qqGC~&2&-i%IYDrtj z@9v;Ul|=I&R3#%na4C!82OMBcl}!kbs9pT788`aD%zDV{#*&1MtyZ~EG1y7K5h@jWUM ztM&=0z&)^^ojLnpmArw5`9~bRpOc>o_cn~Xta%z)vDM7ZhkF4AnB?�&UfWG{~$E zF2cA}E!4RVeVUbLUa0L3XncNc1O%8p+yHwL6`xO-1TI)|>^SXXE76q-g%AVgEn!WY zUkgP8oZ^2LWE25rPVaJKd&_%>x~y_E>O>Q5E#iyT)H#>GrsynwRu5&@PjD|Pioi*g$bKj3JVPlN0gwVel>TVv z)PsgPtQ)*#yF|iux68Y%;Be*sK2oXr+mEL4Y@zcX^zY=E6>M**vd#R@iN_nq3=JwW zb^BPV`IUDPdkWJf;z`0lY($;Tn@IDyFt9?BkqNzhe~4KNvM@&@4@%hAJajRI5u5kO zMI54iB7ihX93IDQ%mHs1D^YWsOtq=~{*Lj&_nBfQJLlyON9V0+lH;15hB{0}W+V$- zWtoNqn?uNyrbX^69?`-1PB8SPiy@qO%&03~PlAP#;l$T_pRQjgxx#B*t|f7#Dv`ia z>05+q>b!03S!rCa>Rnac=haRIW4S^sq`V;FKL13a;Yb%(b_zT%ZkT0vCItXp zvTujn-8I~|2xk!%7<>yqY;-T&;M89i)0q2qKE6%DD9L6ts>7!JG?=%v_`}knS@RJR zb<}wNsW;75vXJapcxz`H*HG>P>2R58(ztB?TfvI8L4t7Z%|7zc(6~jUeUcCi{__{} zT_^Rc)1iNy_Tvy0&y^Ja@YmfP)#e)fIREiPfB7IFj0q6fsH!fGWPj)z7k8w{q?fV9 zWrnHgH7_wyV04)i-7*9)ymN;$)M7EcX{j&1Pv2s+=}2<<4q{1kcHRvzSO~U(`KCRJ zh6ao_4B%XJc;AVei_%bdA2nSuxowN`TLp*3Nees;>t*^(Q%}W|_^Y!8z9buDg`^a; zTtBmbCzT{8>(9puO}iy2RO4hpkYrIGVdp0?kS<@StVngGDjZD6v#3+ba&j_>jxt}( zGRaeVZ6mHU|8LYegX$C2ROX}$*AQYGt*Rr!Lm-VaH81}Uo^11R$Pj?_7md+aX#rSl z(u~S#89ygAu6I;!w2wlxjBCgnB{(GW)^cPobTmJ@C-~t3gsW4(Mi^#FI0v76O;IxU@)F3(aHXRhQgGXK5G5D22UA+}QEU`?1fsQj@nh|jnR zMPw@hj&omGnn780VR2b=>W>q&!FkCu^ zFDXJmfXh=s{azp4rSLnJN{x0RQ0u( zk3ms==KwxgpS5xO>cM)f7o_0K=#6xiK|+>b2IPLnN)scmLBHRMd3eT@E>#rRjg%8J0$daf+Pbc>6&z3!?!k!%h;ryJX28s+<%G`E#2~a3} zMu?Y8j_*UWez7`+a(a7@q;(79^=s<1UZ+LA4~I4xi+B;qA5cXmllBJPuuGwXwc*w!XfJ-vm)t{rafs(s#x z4NRGZbF5C{ztkp0CY6@Cb<|MIE^n5aiW=2xjRKL?(tdbV#_y$%z&;W*3o}j`sdb=1 zwokK->t7YeK+#A{fzQRrw%?1(n#RN3$;WwynVy*?(6I_}UKag=$7~aH8%2hcXyv@+ zvSmRs3|9MHKJnLs|Mj0+DCQ=U!I0=_0oJkRi;qepIBt>m63mgg7*ms3|n} zmLksly&PGHBts0qoBVeN|1}h$ zhXQ75ce8SEuIN7l^nJ9n9{(ZuUoyLFLAn4ci(A(E4GaEmz@z}^TdsJAUNPWb^jn?) z`tc)1Xjk;LK>xHkY~BCW@V9Wnl|eOg8I`?Nj^8||pa+j{TM3|C#~yJ^z&}sr&$q9h zm$`gid25yJuQEd>ox}kZVBI$FUUkP0@Tc-HXBhjM<{{q!`(sqO!|(ihz>N?eylxBi z-NAMJ2?6aNeu@6w{3d)a=zoH}>m~hu{-5S@!_6J^ z2SFnGk3P0sj$izz5#p78{BzuGW}pMN^GN-CehF0IDd^vV#af~1-+ha#fGudhDc||= zO8)wIq~(&#RN2q}VOM{?7QO-e5Tgmw`faZvXrOx)(*CP(*YFcl4YaR(Xm~X+x4W16 z;HiBbKS^6J^&#ikFwvDhh=RxC4EzhP)dxzzj}N6e_pkVY3f$FGc;Be&*eOE>+P|WX z9lO#8oJ)Nukf*}ArvK8Xm-=AZg?B~pZPASeR-aqfw03m`;4@>^)JUE?~Db-aMG z$-lwzx*9Ay7_4QH`Y_Ek+Dxhh=3$$AA-c}vD`AmBK>t)9s9#6_RRs7wGt0#Kw>NR?#0JhY=lC`wB8#l>3hE)cohY@wv=VM|Hsk&pVs{T zv^NXmQZik|fB<iwd?QBg{K zyGF9E0+PV87IaDqWv}S_T+;8yN&BtZ|F$hZpj(w+y_EQ`C^qAgmIsM7p1}^EVIo!bK?fAxM+eK7vi?~4Bx>hA_^qTu)V9C>Th-~C^`RP7-9 z;K{_ z1<++RnQbHdD}s-r+*b^IpdncUD{aenaA%VOFL3qOBIy-`v*d?JvnLYBX(H)qdW{P# zt~mNnAM%+4aK!(4jPakDB)_&G*Mm0~S$Va2N!0WW?Qtc$89<2!emV;X=0-ynr zzo^wRHD1#)%wEA|=BkjgyUqX$FP%3{cHpzCl>))73T)L4wLBda9v9v!OJ#Il@?Z`{ zNzN^ou1aUMDoNs`?Kg{igBGkJG%>QnG{I1Ijc zM@<=3t?b;=@N}r^GF^@BcLGr1EXlTe?9)znE``HJiO&hk=2kHOc}O0B{Y`Q__Hryc z_NljPlr(ajYx$O{H8eca#csJ@^r>UJJvp{m!lxH1PaTX@stYXYPewZT)c9LkV*TV_>UF>B~J0rC5mk-`b zcU$;sy8mno{8W=e-o?Ybl?lHp!Z&Xpy06@N#L4*(yl=+fP1I7@c2(#3$%aen2v!MG zx=F86tq~ezuQ6PT?}RM3A3gTE?s4 z!Uno(o8bySP;R?RWjD@L!C~h7)A*T4+iuLxX;_%O-tiQ5Pd@p}llcxkiPhs&Uk%!VMHGx35T%rMFv2 zn7c1`XNg*)6al(HfAL~jb(FsU3Js+2Du|ihxn?sV2CG^R(>1Nx;0ZpUT(0cOu`2A( zw)7@6KNRdb^Rxny$Q7@~Rn9;0@L82sADp*tvC(~phgx-Us&(<6uy8K>KG$7Hun7-* zY;-!EEmt@@pxbLR`F^-qUv_kDRo)7}B14;ib9T}|#wv=saBIRvH=;o0d@6(K?V{q5 z{al%O)Lz}@`~hAuNsjgR!{7U1 zQv7GMB+jQXA8K4eGMf%zl4+w}5#4k-#CcFPhZx!Pv;8r#b7p5{Q-2L5YK&;@jXoRv z_DGdTn|CfcqjxJZTA!~cGX|>|y&n9K;G7xn*jQjO^aZJHA0`)SRd@C^Hei&_0j|Bygql(Yn)+Ddmc58fOob$(=uL@jkZEPTDLhfgV_Fra&Yr8f7zz4 zzWof*_>PW<3_eYuxdYom`oj zX!7`h9F>DA)#2U2TiN1sHF9a~K}^=R>It{+^Nl|-tgx6%ooca~9c4Cb?-3!Q#w{IJ zmUrGspmo}DvOL|zuc74m*S0lH0=Vts0ge;@U#2R62$tnY3c^fZN+1sj+zs#G>PZn$ zRIOIaZc4^wX4hT3jxBz_0ss0u#@@QF2_^TmZ)|~p-6R~;m-YAdK5sC&<4~;s#9j|Z zFy|*mzu7$xAM#v8oQh#AF=V-tC6$CfEAMn;h~6Kaz(KCe7<=vcqu>f^6`T0 z{q4bQDTjswQ0H@YGNt>KbXGGx1%av!^8w7n!V0dNgfY zuU{U)&ij>OQLI}s(&=EhFHWSXuViJr@riN4GNLz^N9l(>AE-44*HE#wky8`vc;)IR zvwJ592kkUj5DUTUwPBi*Hxif%aWTvCI~n35W~tci7R+HXXiMfJIf}} z@$~xw;|?P4lbp`d3}PH`wYnpp!l&zWvr>|KKh>TwcO@kpNUX%byyQLAItkn9QIwJK za-W6`mxi=i?tvfi;oGR_ql@De(*=%k&6Bn2!I8@9SOxy`Q)zs}#nTon)fH=XC+FDJ z0tY!FEAOx$j9GM^viCz#AR5sZ<*TO3iZBo2un|Mo3$0tmX{sxuG^pX(`IGk26AlT9 zq@%{-Nvu*P`cW6^zQ^N*9)@Gywe%$|CEV~tEBvvEh(Wv+lL&05rvn_-AWpYSHf5kesVz^>ef67-gYj1Na6WD8DtwvSk0{ z%PLA}h+>u7xP5l+Z0x)-+8s1mC1@w5a9e>0$-0U1xcvegSV(2#KOj*%W5^)TT*HGA zA@ZJn-Ca*|(a=m#S8O}(3=3}i3pr)<)Bc^xiNTK|gw`SNqq-kFTgjjH z&r1mDw$nPVu9$t2F_+H=%~$boWFLY^YZ~gq(koa10Q@}P3CL(TbgfcsY;9~OoaHp0 zSG~{e9BYZ?=6#mpy&ta3Dz#Z!^tPv?ch;M`df|0@!dJ)2ZW7u!d>jUYnq7ijUmPBT zvIzwZ^MViTxo&GWU?i%B0!IyTJ2hx5EW5QW{dHp{dvobXu8CtK4uY%YAN$h!YMg4E z#93ri8%pY`%$!I@PD1`4X>T45_4@vSpHoRCoKmTTc15TtAtZ^ig(Az4kbO6X8AAw_ zqO$MVvyI&_V+p5_W$a^_8N0!lnHXbY%*^lYRNv3%(>dq5e%J5!pUd_3c%J*YpL==T zulspEykcXUcVb;kEhNZpPLq=CjuKL~Um<#io)|>FJ2H639OXEczThZ(iY|D zX(Y|e2~#sKx%#u5n{U;n8^m9C)qWJoY(Q={RUynU4?@DDqTA;V{XXu`tY4}kQZCcW zPFxcFHc#dWh8`~M`1}JG|4%Ab3m}%MT2<{0-$Rc#wt#A^AB=OfFLr8Mo!H1whG>OE zbbI+2p&uYTzJ#tTraf|Ik|o;5N;=nq)ySh8?N1I6qpFZ_ zG|%FIfUDTK+nrkN2rab8kkoVh#kz!>k3aUmaK zp6f5J#gjcU-#nnE7BeDz!kJM1SgWiR)LEarg{JgRs92`Gb{FDM}EHmG{&dSmv-YJ#srm|a%J#@p7x<+&FIlv}eT z<_(S7B2|!^q8ySeE|Zo-Rf1@&Hb*!_he3VV6DUiJuIIuTqGAP!i;HM6e7clpUP2mu z4@z%SyjsZx-20lo=z4O}+Jg(r@Iig5#URZRT>1CLytO`y){BPj6)<;VY*6djuNZ9X zp*FE0)akDTOba(&jF@iLArV6G{HPqcL>(6PZhZJ5 zrG~ZBPMLR;uh7F4SGvBD`#M`I{Aza{`%t{kwE`LYjzywQ;g|biHrOlHD;KG0T}N*l zsWj+nA9jhK#8v3Z6i3j^E;EF$-4!`{{d4je{Wb;b759qNQz?GfqILDit9XZ2p|ry) z4|NqL4-;+43iZb0bw(pTzopDuj4cld$tvk5f&<39RWf>vcr4>`<>ruw7(S0_Z5nP$ zB=CX-vrb~R0@JvHF_`cJc8vW-j__$8*Pg={PiVWtqZj%(QeG-hh^F_Y&@fzw4#`*U z>!1a%RNX2R(wo3zhMPdO5Avp_iQp2IH*7+^^n-j-+z73*3)mg?x`Z>%l^7IOQh6IsZq)Du_}~LeZW>gVFL8HM$WV1@Tx71BK13A_{-@2 zXg_V>Y()W=+Z_`CQAH2eY;w)h z=ei8#bJJ&)7h+E(zP;E~g@0)}&f$K5L4P|#@Oh$hb&nY0zS{L;(dC=7Z zfDH`%nvOA2DfYAV4W5ILZl&?6!Nx$%R#=CqIrb7LvC$1B%YXDUA63$BNcofB9rSH% z1nBUuG0Zthzy#*xvRQH^w$3r0trC{>Q~Yo9@@BaQM?=@^h!);*mJ_`M ze#M$0qpzcnHPsO^1LXCoJZR5y) z(~s&&wq7%J|c|9Oc(vg%OH;K0Hims@l1R za)BJSF->4lRGQ&Ozg>fko|9i}Q%l7TvDVPXTu~a3aNiS!4Gk;N@%WJxo^8!{UUbS@ zL6dzz^|oVMVGwT7w4}q98rpSgbPxJYgij`8o>%6yc!iW`wd;N^EGq4Ohj58M)?D9` zLLId*ChyHlht>MCKiy?G1ZlujmL^cDEZR&40Rp3iD}`}n@DGq=_eSmHOIWk31WmwL z`A~m1Jw!%v{F`$% zLkjYRl))8%gsVW?;ABtNtGknpXa5FAHUX;MB&GeMU=sBBk2d;*>F$tbCkRR_i`d$5IYq)`5vD0O@0h0JaApifH;*KM7rRdDJ*`-&b@fHoZ46<*`b(3 zi51|*U{cQwu3?<$4I50+Ss+QOADIp94th;KMT@wwpa$ff7RGqW>ibqe)7M*ubgY1&NFo+c@9|J#`gt{x#oR)0STliV zEnv8b-o#Co#&n5L5w{)F@R|*>^?S3u&P7g)j(g(94?@bB0%vOi$e|16Ojoo*A)i+X zkpgm!KWi-KK8Gb7TT}jazvQ705agE!STCSGyJFWRYv?E6TI)632nOhFe+m2n*Qx&m zTHk*<4S@N&Z7mT$p^=zvIVWn2R04fnl5g`Cr_%Gz*9e5=# zLMznsY3?DRbsxa6Ru{>cDIUy=+MbDAGjv;#-Jt{Jm71BCNzGQIv)b-1f@gte#$u_z zc`biD2}I6{I9zpMr>|oJv+`qBy(l0WnNdOM%6gKr-{TD#uDGbn8P|eISPS32XKiTT zPsgtN*R3upcEZw@G!rJEE8kQ-S9Z4og6_9ntI>z&tT~7&&^XJjQ2CjJiu%VRP4o($ zLs}Jake7|2K6Me+eanQCHERXIKZq*-G2;7yN|e~lr1}r+{@mT5zWwHfR`+~UBYQ?o zAb=UU8(SUAA2(a&Gemb3M75?oME1C5uow-(G64nsWF+EL=fwbTmHY>^9d<_eIpt)t zyM*CQ@da-U3-?0Fb9(aA1}5uW5G$i2GEsmML)=})^B`o@_{?)os-WRjX1kOk)rP{Q z+>ie4V_?)YU_B5meA`%{S7T$EV1Ev4?XoK6bP3OLyP=&HI&xi5{!cSEK&qDksg6vH zO6pkw9<-s{w&RPjX#EW0_E{ajyOjBXei%ixjL{-$9=N&YWl;8*%kFKwCFpFtoa?mZ z^*&lAAA-!tIJDZD9^hjtrg6R!UbkVUfhG+yi%F~waF1W43i)xb#jYt{YW*b*pWy&S zqAim^RyYBeiiM~sp>ugD57jhMPt43*a>;NE*b= z1Om-$_3AD-pA|kA8oUL_u=o`5i6CkOYb98$?zo(@mMf=v>0Vh)h?Am!zvl=jgV`bP z-vjq#*H+cF$6Me{E#NFks$bok2X;MA^^miCaPG)=;X9)|(sO5fUBM)NyJ?r>KpdG^ z3XXPkFCNpp4@CUTZ>d}cWz9pVJtJR$_ShU;*e`WaVwQWC8RO@+@W>n!y0g-ml{TZPR)xhm{ZBzv95 z;vLD9Fsp>r*aV@Ou!!e^=5A%`CVs3>M=}Lp*R=4;LEhQTDN&VmI$#kKqtigM%Kw&^ zf}R1!c(H?EreW@mIhdsDm4wE!F8pO`t)O*vAA5+Dqf>a6 zPzfP0d(1EP;9!VTFK!ya@sz%YW(X(aZUAZPiLc8rul4L(?@rEMj*U-<*cT9M*j+b( zE}`NfRdJ{IR30io$fSV^cDa8wJ}JNp})S?u_=em-S)mHhJlNCIhe8$ElJxAXcqtl#^zep^8a7AO%4tny;@ z-5yrV39fs8GR|b|A~<32Kx(uWRclQDfi3;n&{*plxR6XujM#CgW2*+hDbxo^)z?G{ z?sXLYE2Df$a_NyX*xKXIJcz6~V2@Xa`&}E5!;g8~N@Ts+Uk1!Vi;fPd&x z{q3A;CsD&sVX+Hq7NjTrxjN;X09Z!=b7=w5>{n#i=+Mb^_>#1#9)M$mmw{eXtf>~k zzK1<80X=c6@%Jp7k3D66GPgH@XIX|W299)8)b&`(F#%L&<`hk2ymG;E1XiMy0xgZ` zCwMQgYZgZFB0z|zFzzsSGiCQ&92an9hQ}f1dVH0^bPP}ZSH&+dEn`i0a_I{9uV?)x zU`lz;Jl^@!ONj%)?`m5v5N{g@1L)Tgxq_1WgcH=XvKMy?REZN-)7cQtzMu-7#EZ9d zue0YrVwYZ&)UCyt`{+2q-pL>`Ff$$@Hg*D!4_>vO@FuA1%%BHVd@I6uHMTY}8-)Pk z7Fm!V^2Kh|kgK#-QPLI)W7}TncF0#=ziqL*=!9QmTIyp{pq#ia8edOOldUO_6}XWO z|D3<_^(p0&;I3~(Eb-_gi=I-yc|<0Ugx5oiZxeXHQ_x7+1&nKC;4d}hkK2A(wVOHa zwcMnyA+lI^;D9-a2c$SIu2bSLADYFc4`ae#9hO!SJ@!QJrDB?+yD%iQL9jADv@i*O zh?cg}^=`Gl6bRTJqW6j_mPa|;L7|$m^JRX4)QrpitAB2*IC#jMv<+G9y106BQfl*a zIb`;ogegkz%pfBU0aUT9|6f?tt+FRdeV@5g`=P!4E+)G^P-WB&K9a`pMi+Tc4=4B{zHk}p-UiX3!4OOAbzx6)=ll%2v zIy50VP{pNg&iy6<-#lKUQ8z`mc0w=Ey&iMoN^0B})2HWVrHcGf>=u5dd!HlcPi+y;82LGo)QggH%55Pc0kRbJV<<$%+_v9&lRM%uq)}63M#vD;!0VD~xK#Zt zP109ZFJ!!Djk-x?M*^s+I5Pwl# zuJgZ9!tXoE)d4LwbA0Lfg9;V0#oS2uRJSu(9~(Mjpay%eVQ7&ykaerN>u2fxSE^2s zH&8dr(|Sk$Nnq*Q8pBwzF0A&&!kJHmMN>1gj=X-`Pb;=}#wz|ssQIx8Z|(pAOX7W@ zm>(It!Pz$wO;tw8VOZcU&bNa?;s^Ym76*X`_Xye0(O$cXwMJlJ_@CUo|5?>>W567G zRXrJz{{HLo8^-~T&V`BG=fCdv&k279qI^5&!Fw0K|AFTg512tpQ2Kj;`}+sY0PYs9 z|M(}h@!WpE-k!9w&H15X| zzYYDJh4&QT)sJ#F8~&Kixh?rjRXox9m(OpU1t?^8p5%L1e{2^(u~TT3NWlLaPx>aH zKH<+E|M>h5%|>AU8#*R`%XohLzc;S|O&@va6!V=r5_D{9``*5^k^3L1|3@i;o&(?S z``zRxt-=7<4qbfYnSWCU^DSm;&Zv#$4|TW>( z?*c$eNpebuf2Z)hf3~%~HQR=-|C&Mml;;URK1U4p9oYVt%!2yP-P;Hzaqe1Qslfd6 zl>WH$UOPLd!qzI7XF<*u1TSJ>nPncL{IlY0i!JJ({Sk#vq%V{Q#5NNGS9NUr%m_r&vw( zNqZSnpNJKM27j*eX0BT2&3qzoA1({M1ijmPPW=5LH`y~Fk6YBRJ!8_RNz+)XO zBC0OFu5(mqx9RDuynW_&-t>FdejEq0w8R^H6F9)W*xIbOPhn)y?kDf`7v<9od0Jh^?x?KunR473 zs;@M3%7m*4ynLLGj^2A)DZl;Kmk6I2a)(YK&%)KJNT!_KQ}4e zFxurjTB$$8Y508J$@xjDl4QwlM8(v-tpDS3-x%77HL@>uK_Kx6M^~di{*Bdba_TD+ zHJDrErwR_(Vw_cPTM)lqbb$8#|Go(U4vqZ7{H1?sHj3HmU6J((CfNsEc>UKRZy52| zSh|y`XRlM`B@q=H7qfrRzyDVfyJnu<0CH5c!DmPWX~`a}V>~JEakyOI`$pL0-7wmT zZE$UVkT#*97^QOe``Eu6nHy5OhnuP>#?@d!U7((7>|%vDz1WS2E|&YR z_KKim``Z9|q!*79RRl|+akSm*&G-iQpnrDy{Gz2J=e{yWsoECgYD6_KDIo}Sj&g(n zaOY4NHs3#;+47Oy#+MZTrI%}~bx4>u=@9n61p%1p|B&{7*|pjMW$!;w857FRR)W^Zcnw&Ct!5^V5eu33-Uw;HIU}Mjl^QXYE8|HAet9 z@htTR#re$SD^*$CHf zRO54l_b%ae`BW-RJHN1ja-jp(?`d82Dl1{(`aeh6e|17c8kPLIqDUh+0KB}_4^imY z7d{(0RM=>Fs<45j>Ua$PeBSA(#kjATo(X&MrM=MOA3FbQ9MiVdW@rE4)~~y6KM3jh z9oF$}A3i1a)nOUXXKmlRS6Pg7fLVj+_9ox--!P2GHs)w#xt!Y`=Q=QPY-DUHp3gAN zU$*-L4&MRYsD(z>CtE9WT z>}IMFPX2Gr16|;G&N5F_q?IBjAHrRS?)9ea0j{?>EtU=k-A3K}uyknHEgf&$cZwme zxLj3h+hU6)#9mUoZ`!Sfeo%a}t80Dsqa#e~(;l-9IiNPHv~hjP|Lm>&S9r*nNv_^J zxhRsmcrW`rIVBVQDt-Yji#~(oqGhe_(yq(*IJ0)lNbPNS@ zGuaplzoU8~Nl9D${_tHk3lg2;sk;o%i!h~R`;;HH6B(uI%CCJ;OOdRWQ-T2Zn2mj^ zp-<@G2^-=7iLo5GZA{2^zU}-9(yx-60fr?hveVZCmyIn;e4xjf&_PFt=WUg4nCBbk zMtrsI5htwEd7-PDiM_Kq?z@h^sogSji($W-x!wY5QU@k}NK(p+tp;P~Air$T*Ewb6 zp6dL85*TW|jNO{DOEW!D;fBws2aMbK+o}H9x4SF$ObCPj47&W$I~fsFucV#EE?O1Z zOi;?d^_hXQHcq_S5MMz~4>S=2AFVw9)^k`0-}3C@LG2H;5uyaS{nOQe*5cPWO`&$z z#*&pFW!_XJ@xE$EQC;fNLq8a?CW@hk>7Z$7)q0veXD5KC5_L|wM1{&29`E$H7jp*d z)%!dsHATnYPRbxZ&=#GEGdCc0|4F-Np!mn*xk4#LJ=5_X%`Zu58cP{>IuI+9t(L>l zdtM3p=wAQ!5pIL~is<%)THUYjaFr;H?2|o#t>2>YgG$Xcw8v@B?4$zH(m5C?*~-vJty&pGF$ z)<`9-PZBMMk^)KFJf-nI!Jk$hgDqJR=+D5cF0Uk?L(ElgH)h(Vxxac4csDlWlLngmxX>g$TLt>13KP z{r((dIKXY6xnPcW6POgW(ytw1Uk?i7gLdrY6`+TYk14JK4IUfliJQrJ!}LSc6ixS3 zjPcPrK*aY68Sgq%mD|)zXf#v##z{#6ZAxUfp_n=-_dhbuKKdIv$7ek26a3QSf?1!A z_gC1Y<4Mp(Ejv?pI5V!01VBZ-n~5ha zyqV`#4JNsRql>*lmH1wIa+bb6pFo|<;Q^j)W+B_pi;2wEeFfeo`4Wo-^TG9X6TD6~ zfgAh~uu!G=SAO3_32ap^#J&7-+HaZfUPa-jPx7F-@u;%1w*yTqH%>Z4z_)6W-2}9IQMun}ZJASr%&VYe4 zOnp3e(;eQotno!nX-t8s=1x}GxQn5cwyNsC1hV2B*D0{d`a{uPra0-3Tqk#!i&ggv zfHV2HmJ-`pd&_L2M21nr?y78-Xg{$fj&-0_%=8*^$P%bL+jO5-*Y7BiIy}9}`C64j z)k0L)G<+*qTPd#9F{)EF(?tJwZyAG+jdC-<=)T-cVbgI_h0B__Z%jG%p&i6du@AoCIr znMWPPjW`6ozgPQ*xm@kyHU~e@_B_IFgbd}YboI6^WhlP^G_2+)`{E;>@JGKqi1c}) z(2i@da1+|+v&&2ObWJz56I`NwEq=x+T!_a|Y;q`O!+Zxee=PR%87)J1&^uy`xFY$u zo}OQu{GWHd+>3u(G=SdB_Ynkm8?!+ZW#K-m>zJLBCr0 zg?wce|7yF~{dfU3+@cz>p2`jE;oqJdwiSG!?NM{B=s_RlPhinXPosZ-{mTZOE4GphgTX`T4=lTKwyLomD5sw>d~#vel8=*&hde*BVeRDN63@k(f>0>ovEOtTf8DHLea!$GS=?CY?s6WYkMExi zY&|B9rj$qbJ2kyC9)GLR#c%Q=>>PatVGKM3vNTm;(-PL0ZH>&(6_#ztMD*_u2qz=2 zFlJe5x0Mvs=A``xL4W#b+kyPQE(@+?*NWCO=#AorH370(o}nN{3feU`$70}YB9n_# zDS}kk*L`j%rM}J4jk%l8>v-%p_NE*!>?|XS8c0GC7qQ_#QdurT_t>SlrXqXlWu$q z8Ry*3O=4h0Npiy#iqlpYHFXnXu001Yo=AjCm{k|$hYO@uc{`441GjG3UEo9`lr%mU z`4NJR>uD*ho0o}yzMn9aPU`b2QC{@;x^6t)R+MM?MqOI6LeB7!dA$5`&8bvcSwLi9 z)rz9Y+M32?*QurKZ4gkI2uBcGDA}4Y{SAo6+N;Oz$G9~xRW1BjO2mqm#^upGmfm7A zEsbybtdey#Gb8X&zGHW|@aR>KT#{W+sYWjFD(uu?)iiG=u~$E;I|k@}()KAd{j}aW z#4yVAf|nEDX_3;;AZ(l-2$fLdfI_kOB?9Slr(06 zXu#7YBu2!b+W80(cafAR$di)%E?*#TzZ~Zd9U%ARk-S(?+Q{VEv4JvD&qtb(3k{@- z=~tMCaB*r)Fd4;3a^BsOisYJldxOU(@-czqj`BUA{2KQqScAhqANc?HN&(^CtVCMrL`ne}=$^B?k8 zrc(Bme>!A#jkqb$_35svT0yJdfG67a&RWWpR35RY&g)}PdA$74)dVV0GoRkVFFo)SH*;%j0YjE zGtT(hh;cV$w~`OQXFU$v$}a~G{zHEGvg+${uoEM|<;5Nu_u=W4VF9o0cDQ7&sFcFol@3kug}&w17vmH z)YHgn)X7qjE57xpPfAnHu99`q}aa|Ng# zYxC{G!kgep_PK9SyTN)&d9`LS39ZehIynXu8$x=!2)C&(FE0#?Hdz&Ut{M{d$7pIU ztT$WlOoPl8HQl;QyoE-r za@*Hm)Kr^zuNs&zgyHAB4=P>Tzn|(~?}Mj$nuW77+-Mns_|=7g2#6HjjS4*96$cas zTc4>n`bp!lIk71ZNWR2%YrRg7o4cr=x=yJoaoa@4!w^`;M0P%HraBq17mUzbGr#QW zYfQ|%V9T?(tS&9Sgs<1Z(O#uly4Dw3c5=BvOBRz&&Cl9)Nm>Q(WO|(#QSiXVe_@)( z>oAC@>TQGfG{Xy%#>wX2rmvT=Pdk1BB@9MLH!jriU-9<{zds(bb_uKzAGGoz9~LN_ zYLOQT$w)yfF)zh33gLv^%p?0|XJ_aJd$4}zW|!+gOecnl)?)mHi>+|bFd{OT6VX?y&|A`+Xf>qnUq$0u}#tW6um z(tN&@5o9^ffhHZrHEH(-O@PzD7!(szKBs8Z&5T?h{4(h27tKfD$QhO)InsT#%ofiq zdCDp}GqC4rBlZ36%Y)|cy8ujW1h^+lxH#=sAS4w^cR2i^_=y0oXrfUomf-7_X;MB{ z1yCzQY1XCeYk9>qoN8cQ-;g%t>%`OLAghuF<+({%O5p_9oTJ9ha8L)BY=MfBnX-F( zttNTgG{X^UDITo;X-b?f$r%z{ZO~IVP!$_hZ3J#v%9jyLDD|yVOs1W>0dx@s-sl~= zpfIltaFOL!rjsmfr27q;`2yS=$0X*&;h-mB>-$<*lX~%3(PnIsiNpi#jsq-xGj4pN zjI{lETH3LtPAATALCHum`N%Z zzB4_8s4HCDDr?yx97Nke+Eqt7xD{x6p=l5nO7X)l-u|v$O(Ar30~M zl=m9s^^+s;ey`VQW{|7J{Z&;}ir+9!c9z3;130Iu52A(`!FeKlaNWx7ry+_PA2NoI z3fNF>Hu2UPdE;Qr`-C_wv>{D?K{YS*JsOvnd!|23h2vv-7fp16m!!h=N!tXw=P$4I z%)hHhC7i`MK;ORGxd`1`WA(lvSF*qip9YzXQP#Us(|xw&K8D_&rUh`3*tAz7(a@B6 zj}OJ?fzW*w_N@BAKt>>D%v$PE|BYMmz1A(t#thNRy$d>LMihEovNx2aUt;LznyLbx zL|#QId0^t9OHL&M(8+sMEQWW3;0M1{tx;dWCys1t)rM@=|R#U-E4GXSw(V`wD~nC%hYZvKceJ{ zQcop{ZNRYYrA-0d1EmVwTHu9zHzBoM9yc-u*S9j;}84X~BfLt2k;(4NF4OlwYVcxLh#!y~RL#L2FC zP6gUje3Zli<5W56?*&n#Y6Wv^3Y*gu$h}nH_5)LFj$mtk2f^~z_ zFb7-8i%q1y0p9AY=%(zI5tU;!Ulq)+4GGZO>`h6Rb+6{6XK*Yl;``SD4(LX$GT2<2 zIE-Ci&8!T=;wJq$J;eOcF^*s_y(T1$7{GL?UwX_=pP(QqGE!{A#^a}V2Ar21ZL38TZ z*Oq*kA3z2wSH(*n1hb#^6L1>1hMSgXnE}x_gjN-fTSN%U`PrW`digEa%X=S8QAqXYfguLveQ|==tNF#MYku#? zA0}R6`VnniLg{TiQk0^(;OE0b1>C}=NW+~B?sc0GC&;IxHVap)&<^#QchKsCqMKDq zJWqJ(rr1RfPga*w-66$|mbn&|qA%#tVy%|+Lk}~dvkLqNA)s33qVjFL94HEI(f?b! z5(GV_xoR&hL`|{h)DmlWwcC=eN2xx7zN%{NtzLX z--aE7iZo^{d|DYoi?;eRp09{hMxDpM3DfsVGn>L~+>&nVzhQ(1MapGw1klqV-mDkO zrwmyB5yq7JQFmAkMXkwv8~6u}V~(|W)kZ7|>DS``GyxF%)b;ooQak#nz)EVz*Ojwr z8!CBpC0EEnk=bie2CkB3btgLIKPlbDz41fU#zq9>fw_5?T9YDN@exk+U`2BN`_iU{ zUB{P{5a3iTi$G(_(&aYhg+Y#x(m+KqQl1?9nY9`5m{NT4(Vr~70_hx?8WEMuYwA0TIK9x5LB+uUALfRXXV&olT)cY zDBKP&GjXQTMODBgrfFZKiq+pR<*xtZ+f*UttCVZRV=AZd`Oc}XF2-G?mJja)eTs+G zSj<;JY_M@9#{?q4XSc|nm$z=$F|GO=Tti><3UT6oF82|fIMbCeO=g&5`Eof=78OG{YRC)>~keK zk1CQ;+&=phKj^`T?5C*mj$|Ki3OHZIT}gQ^z>c+%x6I49#u!;Ud;0Kh+IC0`tBP@l z8k+Zedf@y3BGHSZoNBQjXh)`_;?&IUEkxa>Oqi0qVCnDj#ULQI1}92=^iv(d?YjNB zc9eUdtoE52-6~vuoyuUBvf!WSr>fF3Js&m0eN{FV`N1;U9S>Q{-}(0f(yt zdxmIK-nnpZ&U;W3-vTU8Mm}}|N@qCDWJ;_A9Wh&U)8=x%+T#{?o6hs=QUOPYMTyl9{K zm3&pi+lKa?PH%lq7m z2~oUiC*q<>Tl5mxD=jb3P}bTKj~($Mxj!ZLXu0?S2-+qApw?RMP`{zD|Ae zJ5^8R5liVk{p1kyTNGqjy@2Y4f5SSGfcVRQhMlLd-jaWl-1!N*pRQytY6w*|!E3qE zO+C$$?_5jz!W6Z$zA)f)6b)CufNw z9;P81KwJ|=`!K6(b9gT0vXu=akHHJVBvTVE4w}DO6qUU(nDznZZU*b`vAD9IH-86~ zotA~8V}KfpV2X+(J6*<`#_=+^0>KJVdx2w7k|$FW(1T0MpKEWumdr~7Njke13#y}) zO8!KHVhLz-4u5ut1+EY|>0##1&4oSHNq)ZyE8`p8zp-DybPQSc;;|dYaz@LGpCpk4 zUimWR+_Sj=8!z@O*o_1C@SH7icpLb8p3GYn0Lgp1h2#~4{)*(~8v~ajkgIojo6P_n zI%|WX{B)5K%6sECPFTXIqdehjAMP#TAmC)I?U4uI@Da}vX1#AvFJ+F6(MuAgc=t%m zV`M<4J9$UNwa}aW8JLgD-AbR6EZ{-4f+pMTOz*{i?&k4eKU)t{9As5(2lKk>%1Mgi zMQxU*PNUp%lq?gLFRJWXgyKZgSSp^QW2NZr5UR=193ajd+ln(sq0{F5@08o_#Gn7J z?gz3*eh+3%dlk&;&a(1#ts=Lhc|4H;U=z*+`&uDGeTaFA^oVoZ!E)e{v{N|6DqwGw z+HNH&p{orNxvg9<{OG8e865cHkuxT18XDLchn-CoYPhI!%h3e<93s+(eThbRC$Ieh z9`^>V`4xW%A-#7ssMs}q+Cu=X^;38S9R*aH^ zN)`mqNjfJ9-&0ZWsNO4lWzgi$Gz#^~N06OWYnh9%^y#W7^3>X0x;d2+nBeuITS&S_ zMCqHW{8Xu9_u>@S4NCPpzseB8?KwiOtCkB$<1g1>aX+23#y$;;BK=-Js(_5>g=1-z z4SB1N&E@CU=ag#bh})M(tt#rPA6aWIwWkchnv7lv#^`@P01P za)aVn;teGWBX_jsj$Tx-!K_?+#@H=6w~ZtuVcVm`_k^VB!6W-x&Un zidSPqElW%#o%I;_;_9<^VdJM&YUd(uquAO;VlJPV^Z_-N!b*?3N-! zq6gXmHj$P*^Qu3}>rj6j<7jiJ@RF!@@XhdZOef^E0T>ljzD`JGm)im?`PJ#iG0+t% zl6k!|N?pP24mOmTWmVn;j`1V~h|$;s>)>4l=sM#S4l2l-9rLF()S^df`pTPuiJROI z)1G&sT)_QdOZQG%)DWd)AR9M`?Bb2<`VtbbRG;|f zExtvmaWtqBjR{o>b5K88$yeWV8_nn9X$vZG@>Il?ZZChwhlu#n!Fz-i6i1Go_kTNo z1ttu@N{XH6Vl@?$l~MHC<2$dN!E~)-%gTt-=vK%53~}H{o6k!%rUw zM0DGCV%e?{U`zVR(s)a_#_dRW`N#UetOo9uV}{j`;pJvR$=Z5dDdzcomGS1d!PJsc z>ps_v{PDakxEbip*I;@P8s@tQQSU_raIpZGpdSg?OrMT}s}G0e&n!Xqf{-kh$AX#Y z%cEzG_8l?jE|z%dm+47z0ulgWJv(T$8B!pnB9cbeo z?kj1H$I?9#*DvLR(S+`7-=Md6;mq#CPwLgQYby&q(du7z(N2-)J!Dc{Le~w4`EmMd zjI|--J6T%YJ};LkE0`46*PXHFlY>d;=m#pP3X)s8WBCudQ;OkQM(shO(Y&;P{y2ZA zr5~E77l10yRB2-yRn_!&VqM)c$CRk=l69nc8@Udin0w5vXcGky5r2VN5xlSG`zDP}ZJ@T&TlfgbSk@v8EW6tsBzx>v7Zh*}+a| zNLYlFn?zyY!|9TDHJB=%ncKYGZ+W^4&oh_mlLgJc32I)giCj^ZF8Is8Lg!sXT~Q4g zK-)Vti}ALx-a4>Eku!BIchhzkG;N7_B@xIJFv$0wqy6uc&Wa_E4KF!KRrjc(-whe{ ztE$yajKVpKmtQE8f&rOq;l$kJEXCqds@SFROPxx()b> z=id8~FJ7^TAiW2xU*Z=JSLy;hX+NMwW8;FWBK;ejf?H|{Ux$?S7FiUt%35iPIN9t* zt>9@=r;odfbP?#K(;o<>^Ibb%;EgUT^-OIH+owj6B@p{Y#hlN*;R?~|zAN$ziuS>QaWxpSsB^IC6ZMgC075(2g=pv*@yV1TRh+Mh zG|*cXKLIEP%K5((W9*3)A)T@r%DPxY8m#*!5ac+2HSIStQo3)ZA$L~ITe7XTD?k|y z-o!zkl2xyQ$DfMpF_pmeep%4kCgVGR`h4ptdLU;4R1{q4r~L<>PIw4xEGUKIRT-1g zUfsPgmJv{d$MV9r4BubILxUGF_`x8@B|E=XsTrsnor6*;xa;|yQ+Fb-F$AR}t-lbe z1FsJZ z;G>*uVtsLa*EdWKfoDh)&qlxt8lJvT*-UE=qhkr7tgyByZ*eWa;UZ= z&IVM6dh|*l#@;C^8q`?G1K7${zKCkgkvpmwJw!8l{wFT4PU?PlU=X z>6|_W3A~|mAnc$mkm9)bL87cK2Tm3S%_^-wTkPWm)zRYcRnB#^H;B`N))z{Dd-B){ zJZmZSAJZb4WN{J;iiW60iFiSm)P-;FU786Uf>O0u%Vuui$?88LZo-*kF9gl?WN0K7 zl%@7p2t<`R?L2X)67j*}jIjBbq}+6B#OB;lXGeSejOL+kt&Meg=%#j}lPg!IY8>Ah z^H0(09r6l1CV>X800b-yF1m0v%fEpuR({ahKuwjG8%SUzl6}X8(-IXv@{sm}t3(0d_^P2&cUGJk zQrK-5jWu(S2G{BWYp$j)5cnjsyGO(nX`e`h5kC)FI?&7wmdQ^Vo85a9(g;~_TG)jc zgs?kL7&wf*?4BD!F!2iy#O%k`Dlblw%QS>f@-r}KGRj^CmiZ`> zZnrENj21R`a#OMGhb4NfLaR+D3p1da@ISx zDxIDL6EXSdAI0t!%>Ip9_}~x z_}qt~IDd)2G$itR9rLcOs1+z!+#HQ{o))6?_TCG@vr1TMS@rH+(UEc7)DHA->S*tx zKwCxT?6&FlXZzQbOvjlMG7ba<&KlR+OKuh4@MDlAtL|*M@k=V6ggC}2yG+_W4{R*R zLO2S@M){a^aSlyYa1{%eGD|e!bp{5Da$~ESnMkI|eX0F$3&SK@;7kKJ)@q&3Kw5cK z&cYS-P#Kd50jQEWR@1?Z$?J=4AvVt(x{B3$JeJFyyyDo(eO20`uc8 zvF!eZdKCUbm2PoHR{0d|fu}94yW2NYB`?*pXmx?`Iq?jErJuDEo8N$mSoDHVeGoC| z!lBK=#nMerD=}3TUyTJ)>d2lFF_{o=4->d}9E!n7&V6d33D^-ZO+wo%p)$~H>T zVhJI8S+noE;fqRTE&DEtY(p5!FeKTxWEqT^v2TO1jj_9D!uR|8mR|SXfA0O`-amSU z&-R?>JllEBbKZ{_oM2;7o;`3N&(#V?KN4u~t+QEWkj4zGr4q z?(y;`pHEUfxr+~_K)JkJ47v%BJkJiSnIg33H@mX4;!Z`WDi}7ZEIV?JtvDz|&|1WZ zFmxnJmW-?pWLO<}G<3khw0=6}5^+Xmu0&e)#AzbIr3CD1Iv9(u?8kjXIbJ@tFcB0F zvZq{}Wsfh-pDLYb%zy+x`!cQbf~7tEj^?TSYY^5lvuXGu*iUjZ)V}5x*%pu~|B93> z7rG98+Dt{z$+$WE!|jQgpN&(Fr+?=YC8?>nj7Q;oBQhm-czGO*{Z_B{QgF${usGUB zT6(N?&WJpFb=>HKhQiI^?@vzPdL@Gh1^#z{U<>Tue_b0+xGF(Id_PnRuU9T&WO|Ixn7wzrSpzWtgt<_JZA?RVDOG&lW| zCjAmGzd1tnO1k~;+X2zvUX0y1sHkTh`idf%s9Qsdml=b8jdN8^MrZ2Fo3JcJAYzL4;P#B{B?=8%p}lA7QUj*0fhlk9=-3y_yf zWlZ9vZyvC-NopVbBvz*9-1Phzs9`adqZSR?VOCuhanSqNOPfCoolf#TKwWD_iH5sb zueiU$?dSV;FQcSv;gyPqK&XO|=YYnHOqnIlwvl&ZbVM&fO#yzmne7TeXo^G3$kJ5e z@ym)DGmfG_g8k>F^{0q@Nx|C+)U6k!;?D8lj;#irPNGa2op!v7BbA$;SvI~Eo1ee= z)KgO@J<(OdvIR0nH>*)##3`(@)8>s9uB-gw7G@Xup}P4e$Od-uhiI;K^aEm1)XeHzk- zm}us{mCC7PhO=uf&lkIXf--Bse2pqz|1|Z)T&KKEU*8+g71db+ZvE-ug76dQRGxuF z+4sbe7`Yejqq-g!U29zI9N&1q9>6K!|!>tMPnW?8rQaU?q zf`wkLxkmZywa#Zn4%w;ELp0r$Ia&t&%H6B{8hoxPb|Og-gj3v?28fH&U;VeKTbagX zl+>LR&S8vVER}8_@iKjeDD!1OD7a`BnBK5ipQcJ2{Gwp5&q%2^e-3gwj-@tmrQ3w{ zQQc_9G>g;1xjS0EA}?n|Nf#2hndd+Go&@DMP@6tHPNg@0ZsnB&t=K498S7diC$2Kw zXoY9ws!vS_LcBsjrpJ6jrsNG3^+ey$?Jt|n#_`6_4b_}15!+OF1L>JK=fcSIG!ZpxKI$(VD^XoyZe(z^lCK?Ax~pu!n8k!D|~?1 zNG=NiAezj_Wu;yHQRwj1ztdw{B8?vRsWoY0n%P2Mxy;dBPLe2_>mZ!aRiM<3Nag=V z{4)40iX%Uegn23x{}B0z&lGZkuE|iFcsLAWl4tojQtWEHg|)VE!s9~Nob3?68E8q{ zoC(LCty%nQ6_5AGy$&4_W7SS3byo=#cg^Fvshj zWezPG_1nyM9>kOIaj_@bMk^d98(=HFXR1Iu$b=g<_x$r9?)OAamzO$M$Sd&re4CiR zJi=7K6jY)X1BGVVVW9VzmB9D81{+D`@XVGX7OCg0t;o%|G(&g$Q+ ztU?ZY`UDl-jr#JFC>~kDRt)H#W?p`AN;d34D9zG;oOol*8JK?1DYP|=(&qk z#;Jt243;?_R*R1}@_t-$pL;*yIn6Etv>W@H5I3BV{1LRsef9` zGJ(?VHL4&Z`V_}jf_a-S`sp7((LuAiWZk~MAGa9kM?7fw`k?O6dCOUpE`j5 zz6DyAqcoj3VtI_u&avMbQDb&DC$O5!zVj8AGP)vDrM}!c@DU+zgjJdB6KhoxyG1%3 z4YOioed9CcL&=tbN~hIRMU6Eal|ITm=~-nKI4=50nfpR{Q+7>sP|&K4^+aN25U&jC z#!Rf0f{QiNk!Q*ZhI?}%4z#BXL$W&%MOO|yv$5uVS;{kDliyn^;_yHnJ{e@Qe5~S2 zlgY+}LC{*Coh-_L!Stu1f4ezrry!d0s?kiQyV%6}lZqwWBoW!EwGmD`*c#ma6LXU*9f1-DyP@49s6 zhpS(oJlbWOH@6J#|0}suIDT`SMmWW1Qu%#b&XjZeT8DA1yDJ=nLSZ8OfkU{R6_l{* zgj6N;i(J1Q2VK%n;A}4Go8y1HJZG3nLhK1Np~NqAwm*<{u2DD4%Xj3o+6& zz3ZCI+(YvRe2)?o{(4sJU^+iz+f`bLP_$fO&dige;gk}DjjzI|S3kMN2_;x{ z@Ta3c&8MIZVku4`X&V=iLK-J@6DEWZHv^x}lvFk>uH?#L zshQX?wFqOH(cz*xZe0(Z5{|RiRt-y}n_WGssp=miXV&jrt`+C1kuFbB8*zr+t@@r4 zUp@^iCVF)EOerL$&(#|HG-%N2dx?Tbxs$r@)3(NImhEL6gi~S~k}T^fY9x7DhJw}i*7b}Z^hS#rc1aT3(d#amu^+leNty_mSz^0-E%9Q9KDw9MaM zdj0}F)9$2J;kLTEId6}OPP#u?w$Ax@$DdKGNL{|`Jw&%? zX-H>}tE#ECb%i9}J5OS!Qzs*q?nlL|7SCB-(=6@$A(t97EjRPhm!?$>zN(7nRw<`G z62xXp%l^KuJI0sRFoSW#zJFy|HUD({hhY`!$C)MexW!o=($`sc#)q%+`t_HlvI^-- zQYGE3yDmEDk~Z1{wC$rrovp9Xs(P;c$aoX<(acO{`JnGJ!{zD|ufFl8pGzs>exYg{ z>t^GUQ+Sr8&}L?^ap)AcX2v<%V3{w_#*$_YL!@y@*|6CM>zUAY8rOW*OpV1mB-e7; ztc1-C=qSCPvM^pv%l5v@LjeL-GzD@Aem|4eQQ8mBVVzwsGPy|8S}zKBuRUrj?d;V4 zId##SAVL{GKV@>YC=g|#tl(1o)7fTEXQv@vO%0~RSY9cd2M4Y`ce%C1HAH;!_L?9L z2z|}YQ}EE7t!?Kv6MW?0Vn1QThqx&|8z&RGDBvItLE8#LJv+N;(;Z%gr^zrb&gH6k zyO+F%-5Y%F`>aZ2(sobli}4H+I+=c?#*JO0!+otymrIlX4t(a1|{J(W9ZmB(;rxixb=s!VrmW@oLyhy*zl+P zYL6~;VyqtV?)Y5lgQ!{8*<~i}Gc|DS45+?;&`Js4RG$21UzOqIzXqjgZ20fRj^$xO zRu#UyYIz@|wG=dLY}kREXXn{a>dxiS)iJMZRdK)`=hjH^n60<^*pg%awffbRb1$;< zTUl9inZYA#ZS|Vf@fYI;;WVA)o`UIO=cY$C*UJa2untDL5i^>QmA|U$*vnkPazyvN zS?cx2$4LuM^Oa5n57yIBr@!b-3o-2}ikn&$8+rXOzYaK5(Y9j^?p6r4B|GK9)((&B z*dw#r@pyy~)`d$5UgT8sTrU|;nxH^scexb~WFPf3ya8P^ zx;{4+qIyM|ZeHb7uI+7Xy-N@j+ivz$OD+MT8_-~-k1irQIfbI40|^fF?sIQcJO+o_ zf)Fg?D$ub7eK+>!Rr#~f*^q=~+rP4K^XCfQFUir1Q$H#(Y+N8C9c4x{9;eI^ZO9RkJfJt`p;6~k{UW=td`}b&RlpB$P+U7rMAUt zO~u9f!(!tFHh&)q1=p|1%4T)A2ujWKuRaNUtAM3imdJ_pxuL&*v9LZfE7BS^_@f<; zb%2yTeRes%rOh5%DU1*=7eY$My+<$`FuHs6Cv2+3sn?q%xua85^II+Ef|Lr~^Tzk( zEczMH31y|4{}n(eNcU^Me}%SBMJk{A%t z2&S8x*ttb`CwJ^jkkutd` zloHhUar!D+#AHq)D7SIZ4k^E^4`E#Gu<|7Is3YkIE`FuD8NsElx^@}b^2sh&Qzc$- zmN_$AWwc;w72a${E#EdY4_InZP}da!xfJ(=4k`Jq&M%MYygA0Bq$UD~PZIvXCKWPO zYEkSPW>>Hp8tGAD4;{(TT=UbV(KMK{`79A6hg&Y}a&OC(`BW+s-g6|X>bYE_@#iI% zm}?ROgLbRcx>%)ehjKF*^b#1^FKrH$pK3AHEkg_kx_ZDS2cLI#`Fe~-cTeTXgkeCF zBG4$Z!a-C9{Dauhv4Ultmpll}V$^g`YHjxUqDTl4KQqnhnf&%)Y_ihbrSFth>WoY2 z5ut+!>;OXRkmsq;FUCq{-q%mtx=u(FzWSBrCw4+5R0}Mv#aRsJqk)4Xzx1c413yTL zgRhCFMx`9rYPqN{_Vdq=_keZfNSGK`5wlh_=(O-{5JpwHm{@+9w#TzY1HNtb>7tV@mLk}zb z%aDIK^X2p*5D%-o>_fyQ6dxiJB$;}E0u=|7c)|YPLH{J`iT_VBrG6n(UM=D4&sp4I z`1bp+N|V>_Vdsi0M~yAXQ3vaH6EG9084CSBzx59pTR)t>K(;FNzgm^Hj?|g|Fl(DI z|Fol7=j|m$LRTuXEVqCV= zdqk@*z9iy=6E{-)0IK5wNc>nC5QiRP55sD5HBP+wsj6JmUa!ISgbKHYF;cHGpit{{ zm=X7`21wNFWBI0>4Q|dY*A^U-_1AE6IH}`TcYBL8{sUmMP$urfsjlIsH+t(d!W|Q? z_bYXGGd3d+pQOWy7EsLdnuds}%+$@sr>~=tp{Gzyy^VLa>~Q8@uX~4KKKee8uB69K z7$WL#|2zNV5&pGaPl)?SSU0uLlg&7JxkzoCh_tLRz&6%J8qDE4N%F?$GIcI8VKX{G?Wp$M8A#jZ+RI$01Uq%&4~@OvySkeE#PgACXL)2bomG`w6T2$2Me; zrd%>DGg?;XoqmZFwr1+;<=}T?r+S^AqE<`vv@`q$-GAssY|VN90vUKjvu7 zM9kxVHC?W*ZgXp*4(FY9?)Q22T0S00o8m@NMGEM?Fk3)) zIg~+vZa4Ln90k!>Tn7Jvt$mS@3m~$LMdY*X<`<4V16M7Rjdiw}5e8zXlL=9~D+3=0 z+g_*L=e+fkHwbnRCh5do;ro5g!CyLG{@v$l@kxVi>*~V?03mS4V*bk7Nawv3#BXY! zPhR{voIy_3B4!*yk$*P}O4axgyqE`$Jhk=W?_??lXMTOu)Or1n zHTvHl2D!j^Mtc;6e!l5yKj7k_>?aw!8L>TH(co(IL$+vGH+Y%nm{z)G}XAJLchqJ*F6xlDkxcK(ElX( zJ0EzmhC|k7SE0xWrx+0}+VI@7XV2y){JM?oPG7G{%%R>#Z7emj3Fps0=rs3qt9=K( zr+8q^4GVvQ3(bAnhXB*HmR2w{y zTSDmmQ;X;?0AbTn(0K=0vI=w<*Us$aqW%q$Z3~L(G91**e{@9U=xq@+LDM;fNLGn=!HI9b=V4KQ>K1(i^rMfnEAcc-&As$5fBy56 zZ!kw#7hOfZr-YT0CR+e*$RBzujYL2hjHI zugF}ITd-zcrDQL7G$f}JMcZ8W$2f)e|q2}K(s|%n>^6Dg{A4mPo80EC$X4a;Ss_2 zC;$idvr=zQkmM}DMWjyw&r3V8#?2FUENN#+xm{xD6N@NL4$uEhfRm;Qb?xvRg>3 zzdth+0R0)f0b`&^rJ|Py2RGA%*YR#{eco`0>miRk8s{jG+r5Z)$7Ap*dhc zhX{L4{Q(A$DwK>Vt(1G=G0hgq^-16X^(;z&gz(>_F7XkV&WLnOMg7+M z9u@$3Yv|lCGTR*#a*x+-!2Z_;&SXq9ve|n>26e7|t-izUU&#ulBTv`on8)|Fr%M@3 z7lg#AxnuISHT9p_`v97U$H7hyZUcQvb^?O(r0e{DBYoTE#sY>(wZ)1z1!S{-h zn~&YL+G^KLq?Tf}xM#y3Vw!(BYr2@ahHA+Z?d| zP2-Oy0>El&w|{Ni0sH;g>ghxOw!Zx~j6_-T45VS2s<%x90u1;8YU7E;Z?|rb_#J@E zs+hcvG2Y$OG-QxYH$yEY~?b_*%l$<_4=Tox#cx`H* zD-KBtJ|)Lc|I}ACp?RMh!>1yLdXMl6T+yy@QHu*hGbZEz42w@ zB6WN+D!gx*=I1i3>T=%F-8bmwI`Pj$Z*gnq*V=F}jRhB@j&3W)2kv0r3Swgk`w2G- zGruf2ECxPlKmhoMcauk^^k3$QKYY|6I@Gs5 z{CqHQPL-6J;Q4mdsQD0bLWbERhY>pTQe(7Gwv2rtzgTFXj-82Dg@i_HPARCm^UTwW zsd2^R;L6GTkz<7tJLDxO~YP4MtW~h6a-z%EbrMG>K!-gBv6X4$<%Eq4+b zG=$Ri%;Qa6FT(SP) z{h~$Sc-lBQ)`?qv0pAKH5@msFG%kqo<0#TuSQ1a_{}f)nv7)&s{vnVg)|j9v`>d_HMLKXL%k_9hRFfu25LFAE=S_S z9GTqcm**%K$Ink`SamgjY>)_EF)q9^H~doji+9cRyLA*!HnGh=?y8D(5R!XxXv5i! z051^}$Yw3-q-VHh!fC||#d(&0N)Y3p7rIgEDrm)r-&j>x>?${Uf5)_tA}>{eYr!>_ zzHD`aGHQP5{F!U!na}=?l{ay86t`=;Rc_CA@A~v1hnTui&SVT#&Rpf_`m)m$-)$qv z!gEL?-EUT@)&lsOUaV)P_?BeeAfxhjPjjaCt)vyV8RDReGpcX;L}tsbO!px)BMNK{ zN57u?d@x2Bd+koOf5JOw!@Py&UP?l+&(ZXWmMMB=A5!841(NTBmAbi)3Uy$U|C86+ znqPKZaTekOQUjbaXo+%&VRU@9=wo(dc2J@GE}B++I1Gg=;Qi=+u}J>jH>%&XFqqu+ zlItcv!#4GI$sos2fjI9z5rIN;Ih9y)t9i{@(d@=B&;ijcqrCbW3kKQZ0Dzkm>dH4a zVzT7!-$*c9aX4ua-xF>~@VIPzt*nbSd@0$j?FFoHDTV+#66?jx9L;-Id|J!QVj^4B zlOfL~#yt1)WWj@zt%K}3E<>LW{HVK@$CUDnliErCEcbAIRp(-1+jQ={yvKt*W++%# zhi(nbk4b@rK?r%fY;~HF^f5m{c~HcHpY1mvU<_=mosrt-q^+S2B>>}Kv>N))aEKi)R3OSw`<4KYyEoV`bD9mbXk zU0jYpT0`h!w5VYxQ*2RWC}eh-tVn^?c$O=osnFQWt>K6J9Cwi;2@|{*Gn90sdDcv3(>OXBGMjH__+mU& z{QkM3z@(b|-=@0{L?k6=#kSfc?D5hg_hIml`G-01&hwVm(o9wzuGumPp4qcJGX6f|FsFbEHjLa;u-+tX}H|S*{Ia| zO-Ec6-jn3Z;t@K`;>mU-UgNwnAwKK`XwOB87#Y15T$!OJ&_*yd4SeH1TV<+lx}wP} zv0}8m;hQiZ4{`W$x!a?p9`r9$v+X{)jSK@zeB0{CR;dKsz0ws@px)(BI!K>xl; zRQLM;m(`ND9Ye!S%IQ&Y0Jx>Q?$Z5M*Lj>qeWT9U@w;2EE1rA!UFT@Mq6{M!==GXv z{xsTVV>VTHX#J=}IK7UCwq?0pN~UHZk5Tla{RsJ^y`qXjSZ95!_G#!#H@syk8UV5w zPGns`RvaqCUa}j73x-wY|3Tl_&aHNnzK~L_x&HIJ%QidZwcI*B22?octP+8hiXFEmJX(c|T zKT_X3)4pC}-@R&!%ak!37iGDq6>wGVg_TKx)nx5P?qDF=W!_~NUf48huGJ_efbkU1 zo?wNWG7b|tvE%i7u{Nci9muBQw6gY0n|!CnjYTwJu60hq@JHyXL8}1oH?D}CAmLv- zahJSm>3Zq3t$c~Ez)D_Ve{)rz>nMk4eR3YV-{PIvPnp1BnPAFFxZDWIx00z@epEg$ zer?9Exk@PKH&~KOT3YgsOhq=G?Ixb2C!jd2=sOFl|op721eZ7Uy0DtbNn;=ik&-aQ zN@Y3E>UDzy_b#l-^Ys@(b*0p4jOk9&q_{1zoXcZz{mSxj z>Q0m4LmX%6Q;U78o;Le*p~^80mKI+}ZVx99bCz0sCa@od#Y9PZ4CUx}1Y6ZOv9P!s zlxcO_y~@;P*kJPl2W#*NI+~VDkVf4OHC@4#^f4R{6Hc)n$ki zwF@Lgs5Re+He0o~8E zt0G4QWRH0|B;fUQ^#2?2ktcHiER|}U`c=05*5!l1k2MC{@fCTDM^Va6buz8fY>Xy& z4v*@3yyY(F`r7^t)9$$*XUK9Nna8{6ORTd~Xr3|U>!BBX^`oaogNy-O-lD_Ae0`z% zRzIBKJkG#$zf;-5EhhNG8+qfG=0?zjQ?BAmw-CS-W-wedlk2h7(C)pm((_l1@PcW8 z+0;l7R%gg}s`=TAc=<^Ch%^hGhsmOfMcMDmvaVPdC%)9E6f>7Y+k2a7OIt_H7A$Kj z53apB`&syyf4N7n+65deRh|@*#;sF9F?-gv=lCQ+6tsrN#p#2nGblH2hPmUWnFqdU z-|YR;zLgdHinCw=hTK8$sQUb9f|5&2)<^f{xed*h@|pBlH^rNY)8&yv_iQLoh@}?D z<4I4;&b8%;N8$@Z7tO-fvOt?VY<{jmYv!#^L=dqpN3l=fbA5X=q)fi;))58J=FX!_Gm3riqkv$s#gITkjsNyflH_(h zOFX4-wwI1otU%??*uoB=j61S9=`0y1ttPocQX4>Ezt*1|biKX(Ir7IfG!lvWHqV{_ zTfmj9ym>J6Mm}r3-wuuKU<$;+>cYcohw7%IxfQ zllh^ufhKvwF&2n4t*+_xhjPzS8MM%b%^pjKqFhntyo{(s`?+uZN+q427cJD6+UI|) z{9wjfFV77d5Re<}$=OpEWEdTTNzs;?F%7OOgZPlDlq*jTRP}{SBrvu_JPX^2ok>Kr))8QKS^j)YqNYfz!`6Bw-xis*_}2 z6?@&Rw9{mA)ucFYt1D>k<#S3YC4u%QE0d$_Ho z;FQIA?U)#p(SpSp&-plh+s2EcW8$ErDe+~{fgtQjWqk?f3lD@A696+$wpp~Yfg|_u zuJ#!KPwrqiDzx!AGmG(&@aUz(zr_I;$t|a*D@(RRkcZ^vvQhmb01P6GWl>F+G9vu4J0OC?hpS6PrZ27>h`YG^hHi1mY;DHJqD zW^p}V6O41&t4?Z}_IjHIQtTL2KC)3Av*Ru*bD2D5@;E#3ieA=u zdId2EvL0(Y$V>Qs-_^dPok77zmIl=u-9AmtQ(W|ddJI$LW)d}Cvg}_?ziLJ4W0s}9 zzL3YeLP%Y`i0NBd6eUF5tgNoqmIW<8hkq0tfF}xmK+k`n)2}{4r)5Uhm@U5f3WCvB z5WB>LSeWm|S>(TV^eKX0=o&lUlb|g)|%QnXC6P*5H;ScSTu5 zTUuHyS5fC#V$bMj?mG8HteKOG5f=4JDDjBs1I!XDj8 zCA4sei8>L$?6Mtq-lxFEuzMP-x!#9%H#M!mx{efaI3E zd8O!%etaYA$KFw(A2u0zYhIo8)O8jVMSgw&B0#qZ~4So?FIq2c#2S7WQ!pxqS!_ z<<~9YDJP!kv}&wxM#s<`KWV|=8=l^Qua6e=?5TJj1Vp_=@VkTIwa2Kx#Y2vRM)%M< z#_p%97RYWh$Xri?d+vZoH2?sY@6qXOV8PJ9d;?-H%doh-id8KP-z*cV!@*aNd3H(E zk@<~3DzS1~-o*O7_U*=GAyWAOa&!&ly2x;@jexWEc@4^~ch*_|1cP6Iaaz3MywfzM zio7t7at7XVy#07bR*}Qn)$Hm_OcEyJ6h(-L*88t)a}xtHYbm8u*U!p&m_{p>nXUMM z#7g&zXe|#{EHXD}eDnt9cxLhBK~&wXp_~RADM9T`y1{GvnH-}u=(No~ppR3(1#1zX z6`lSAg(61<x} zHI{tY=)E-cl+^74v`T?b(maiF*^(Z-{d#d4#I);JcLHk_o$vxDO$Bj5 z)G}0qopCD5A(DaCTh5roB39jd{VM0UD!rO@7W@$*_L_!#x`TNyu{D^u(H&IR0TsG- zDeD3dWw@2$l)m}{js$}WB2%G%sIolPT1vWWa8|cXY(p_cfq1oPkY2``Df7@|rzNv}mt7Ow6d zPYTpc^_Rb9QfuQueqxa;if-G1ez*cek*#Z`6)=psE7dRG4D(et&0zh+>V+)Nr1fRf z@-mHUV(A{{>qNpgiD!`f2wlgwjE-YopbOw~mvGbflNic|{YP8obrK-P(Tqi#64-gC zaOh=XGxocc!}~)arNIPHMbo-}C^k=?MBxo@8vM+tv(D;bF!Hi5N4o~gZ&i^uD^1kp zg!T3CJT$W=70oH}T4PHGj1~G;ExF$3~W7nDG!>T(c_axqxszZEvKc>2C2vGpGP z`~qE@VFHpgQ?0&EEVQ-HswT_c`j-pyAL`{r?*`}x&EPzjI|@J4EimV?36J#T)BQtwq-TRp$%IVWD^D5Yt5w?lWf zxT!f*u~KN^Os4ReZ)P6oOWf0aJ=%+JeOb7~5!z?z2dC*}%Zt_`2BS_G(P0 zN2&n8#m19#5_rQnEc&?zqDFPzg1mg*bxj7t z^tvA-HTw(a#fv1!S@T)SlqCi%s@*8g$P~`T;lyBtKH(I3wnrr49W`vqF&4MRb%rlL zl__*y(z};LZDo7Ihb$=)r3V1ph!w)cZf94sefD$tu=eVk&cmRcnOe+iwMK}m843>bT z)sLKe=;!?oL7ZqeIZw1oyTo(gy{OgmMif?+>TBBM(=HV%Fir=I3Jqtj>p{wAJRn~V zYlesxeQ`euYY5|HZ-|h%L{6R-j^m)4K8zk~Q8y1-IpebmLqDbnWmps}hX4S~4{gl> zqOesx6DpVkw3jWFA#!kT>LbA|BMQVugU{-cX!hFW4vv+X3=V-UjRj$h_RF%dPR5N& z#=(xj>mAv|DTNdL_W<#xSLdf^$&O(S-bRFcb5|t_Fnk0MWt2qZSG;d8PtDZvFJ(q7 zm=p{VZp1Cx0I=Dg;=-LP;AO?5%q6dd_$*6UmueQcVNi^j@?e31{^nm=nsUs)8Npv_ z1)hWb1lmIDWcpoRL+=Y}4 z=_)8)tQP&T_O+Ss{Rg4(jU}JLhDEf6nM{al0B_*uIUJSPmB2pN!2scK(Z&Eeu<;SI zFeZGwU-VRc6#xhq0MiTQrlvn#nuyIwR|>rw&sZ zHFs&~zM&w=fuWkXntbiD&iu}^D8&bneF*nu+Y~|H<=o|wlgO%Z8V(Rx^R^edl3)>c zBLcJ5Rb0)+-A1aT95-?#?g6AAH=;r|_gQ!J98nlo$HyMe4Yq{lb?U3h;*a>hA^rzZ zh)-a9(G|*y)+qL>VrOjku!WcRK55;^cItLvCk*S#US9qlyFAy4CfpmYN8j~hqgi8n z?(n<<72tPhIsZ_fVRkbeG~ci(!Lx2INbS|jmnx1uH)+M5=+Zs5GQx#}o+OXuMf1WS zTBp3tFkPs4&)fM?hMF5Ic&laW<5dg^4qVY8_JsoP+s>&HbZdyjDH*WH zBit~Ko6hn*7&CuLjGZ?!x?nTv`)oS`UK(?0lCOB^BkE(-i-=WxEJqPcW$;;)1X0@4 z9hxNA1}0Us8)R|Cg+;BLK0L9`B8V@KUAvJuA+hnSr*|clQ?+hRK|(;-!Tj7Rp-`={ zX|L;G4VE%)C@5j_9ves#D4;618KN|nDiV9jKuXc`t}o|GLt9JPGu<}}r-6w&aLv>? zz1O}nG1726fP+(F^Q#;8Sc)(^qi*VJ_t{|-UmNhapo<(7akr$Cd(FffYAS;P0fq$k zZ?SGI0{Fqsdr>=?`sX0!Ps@2yR7VjA^|dTM5sNt@NFUKatE*vEFVE3LS|SXi{TT&J zD*c-CqMQ_h!45~G%cYGrdL7rwj7yB}YOB?8d={mXPxe(m8un%J3>P>H4+pzCgFzaq z-gt8QE;u99(lxLf!*v#$KyApHH z^KSdNXp(~iEP2nb)Mz&5A&Nx2UWOpSZKnh=>kO9$4xoVlJJ)8(z|^LeFVB+wY!7ZR zS0{HYihcm8JqDNc!QT?NKjS@3YQ`LV4O1()-_@rPfkGH6pJ^|A&`5J)wo|H-C=@~T zN7K829ONjewh=uvGtsf8t}DD^6m@;v((3vI5bi~Fmz_1i&en-!CpoT=uczLLD>4B; zAE$NAzPV7;dC3%4SLwSDtSp;=LR+X6KctbTiO3H(K}}1Q)^x%BnbM&HHvD>b71ERp zeT(Lc9ouh539VOjz1}Bf0dt4uupE!upXO|5? zYZZ%nq>t|Gj|%t91wleYh|Rp$?sXX+jN!o!{;lDWS1r=U@RAf}lyb(N`)s`$q@b^u zbjusU)T7PH)DzDhCKo)_iRj2tijkideDbIVZsAkmkb`@QEPm2DNLn&`gl|8UJCLWc zk+V7!ZX@;4%LJj(0CFgLE9$V(^7V3z)7yI~X`|_@Q&XgF3tT%ffp3*>+^LD?g}0h; zk&bboulQoN3A>+*7>WY5UoK?stWHl7RLs-BGzA3U(xBatMU;q1XnU4+rJJaZwMD8K z*iIeCAoY7&UKVg&CDa)ke)-ODM9{@DHHb6@EC$j|g;Ps;H8MH9VRD>qP>y*%+JgtQ ze9T%~YHOM6eWzxSYXa-FxCJp9qS`+WGMuL^F7+22Le+1ibRyOnyQ|FRXIjdaqU|R| zSW}|hR?8&7y0#<`c|=ecHu$WK0QNl89MKNOObeFxucsSbSO%$GM| za+rD+CuFbP((xcp-RghZ7506Z(d=tsm~LjcFjnJ~vYk+)*tLhKvR6(*=ax9y+Gi+P zJl-veedS_jscs#q$cRqK(1k)xWS>PGL92o+FF6|=TE4j~qr+Ddb1-n9rM(*PG;xuLZV96waO9{>Ywg z?8Qah0?@qr*TI4MYc1oE>POp35PZPP{m{<{U*kyb#d@&Gb_t~FFTcK%w^Q2n@Ak^p zPpoEuJL<^>(mQW}NtRKdG%|?f$`E8Hyt80h{E0!m5uy#l>;I>MwiAUw)olFo#J0n# znV&4C`7wjI)AkY|J$1Yh`_lPk1qAG2XY!aYbZ!?f{c`)BeV~4`=l;x27vd^V zEvY>@#Pz50*~?*oKOb!ibCkBeA4&rv$lT8f-S@Z0`Wr*T053SsVRv?J&x0Lf9)1m@ zKh?Jmg@XI#r+8Gi${D@ZKxI*L_Ih3CZ^`=Ykwk&<8gtaxZ}a1rI#?F)pA-0%j-8E| zIWkfouj2)VtG@qx6bVOt`o$r8~Y*OKxli2xXyaGwh09eQ-YfCq?1 zCchHCvu9!g95YXr+e_kh5e+rDzSJwOk?q&j#!f-lIZ){!#mcvnT09W|7|>e8ul6Si zLXj&YEP_6RUIye>47~;SGf&A1Z57D=lN;Na;bX7Bt_{=PpnE%xFB;r`4U)1|!2Qo% z|FCQB4v+}l#f#`|iJ&D*M4!BV*qON38Jb9;JyRsVeawqgf2aCuYeW1$lJDVi;crhNUEx!t?C@5(~Rkvz8yxdRLmiLJq zQ>8rUv&vV6u4p~8JKwzcS%dlC@m#z0p59jJ^{<6!3f5D%zmJ#{&&AZT#XJhNWl#&Y z9j+g(Y1ZT1U9Q17fzB*VPW;BY=EkydKqg3*+?6$A5_mX(kDdk-lFC`Vw8Kw9uQe(d z%C{5G!eL$zX0G&JuhT#BuRk#Jm_lDdIjR=txuG-@o}j*}Fd(Otu6v<~r=!F-Y^(m4 zwfulBq$rRkOBh|68!8OXyt4hJ9f95XRnmqkQxKlLxi(nieP=lezWL$0>NzuT{=E6@ zC4udFbT9h@wxUJYV;cB8xipiw>1kv4-Q~L0`|r-ujfVEp#Q{@D-eQ8m(?eAPM}Vr? z80~!jm<;Qvk6FlLvuE1a1ru!>KZ`;0bG(15$-TpyGeTl9$Qqw_m2#E?1*c-o$CaK3s1R>nZw*d-s}ruh?Uc3#WCL2MY;Ehk&L`yVMau zVB;B0GcRsYwR|NwuL4e|VHStKuc=bk!t_mb_d!ZFQ>`sFnC8I_+$6r7iS84br2UXK zlcVInWn3kh$*S8gZy53iAp_@5VacEAv}ES>O}A#nR)dw~jejE0f1t7*)a+IUhiyBm z|LO}XFU4W7P74j#r>!+Aon;n%xW%tBIAF_$unHfr z6!JHN7T$4K!>%9L1N&>a+*`K|k?WxYr>?5f|M#0amg;^MxSp>qrQF}T7J2sPJzlY= zYNz^Kp?UpAM;{J~q#l)0W!~*!uhL^($F%SxAXm`#$T^Zp_J5AP)GB+GQo-arv`z3F zE(qT)u0M$BNiUp-4zdhtt*!5kwk5WjuA3$FJx{{)e4-zF>{ z5GGHM*qzPbgaO$n<;VT(NR_s&Bqm;<_OT9v1s?q!D{@{y}TdCu^1-Sc>9Ywh!s+hxRFKLAX=w#edsvz^-IUxcj~l;$&8 zupIw?VZb0zh{ZxP#dbHvq36N%XQDpj_9n{P^@44{)7?O>K6cq%_%7c8*IOMA{*V7= zO$EzZJ6F=@xnIV;{p-UwWF4QPCbyiB-42oD$wBnOwEpm}hE6i^1Xwl5pwEy&asO2? zVAcOE;s4DOTmfNeV1WR+S;2oKF%F|krnV=+^M)P3^(o zY8A-LUIk6S{>$uEN1QZ+#l?^sQixB+$>*IJzB-xv z)wUe}6DMtJbz(cj#m!4%M9Y%ti=%?#+*$C)YhPpLzBW8)i)KS#2x77cL%EkUJ2ifDGpwFm zHsRK*sHFR#^s#9eBG57Gz$S{?_UlVeEDo zWip7dCFm1|mjPBVGU(cS-S-7{6lvfhY%j=e+=Bboe)poW>LTEHnk@nm>#5NCo{L z?7ewBl;0aa{Atl9sT4)16qQg}CMHV>l|3OdmLxkfWM76j3v7n+1D{iNS3jW zZDz{EV2rU0gE8iJtMB^x_Iv(({&-%`e_rOEd(OGewViXW>-|=dYSNysny?I*J9N%# z&c@cUZ#tRge01@LH1zZ+J&3WXx-u?#mKFT=NMY*xs*23UL^QRy_(mw@j8)(=D#hcv4`|PI8GV3i%WrEX0Ke{oX<8jmxN2RyG5njBqnsITmiJ2 z!VO!}pV}c|7rGBX90;{|_#TD(B6z{;vIX8k16imsd+cDR2s=TFC6R%%I}Jx#KE%W!Nv@ zJ6-x<7|j(DoR`kNj@ON;(U)FmmFkkf;jk78#OnGDdsqWlnitl8L9cEcViJW$eP}b2 z2#5$^yllSm=x10m?v=Cf?BfE_dZdmZ9xt@vwCvNnx=~1jW{7C_RX&IOI4qKXuB$z& zv)-_h1QUX{527uSV?jkz?pFsr@gG3@>TFwf=zrq@5y%bi;&EF08_b>X*Lp`4TnUA` zxu-6VCU$X1oARetW{R<~*YN~#ZIXqEEb`-y_2j$3(9L-=ZjvNpEy1mvwhJF2f*BUF z;@~WDt^GM59?VJ2ty}QYtr*D@^S{1Aw9)G!Rzd)Ch8@OlZhq^UNl$~in=myQxQ*fN z_TSbW7o-l8mal-QQ2OE?2{tqHCARy!xDOXDDe)-}ZS(u|#8 z4Hxg=Tz28-{Ab>{`is4<{1mNM!|D1_+B#>fL!hQ zIl4I)bLbsXxyycA(9CZxz+Aj@qr#TkRiPoYYRY9NUMUL<6FE1qLTXRW zRRH@lU)K;lHjfm4;&>OHmd)j13KUdasqnTNx_e|BaMVg6`$CfpCZYq1<2yklopKYK z(Ju7~46n*E=>7MR-0!!y+P9CW`E7U`ro=CY31Uh#+uMt!V%zJYzMXHB1z1&RVb|M{ z!E7n}WC%yYu)Rty>jR%Tl|z!ojMpY~4*M5M)yL%*2!D)sbV6A540^b%t;Lf*WH{<} z&_+Ht#834Q_g{BQz4ZcrNG-kSSC}RLA#jwNjkS?ke(Zwj6q8^!rf7Xp$m7uWzlz(& zu)2LM!srvyBY{w90Z{dzYk^nGS;Z2?o%oWv^JZ=+8z+VpF^8(Z?mQ%n$Il}ugeYAD z!BJ0#f{F{To}3xDvcyJUPB}zzXcr}QO?Qu+D1`1oTkxbw07qAPIk6=A(E&d*sP=IA z4K6cwCsT2EUPeV29`fx@-}lDUcY1EAGaNW1*>Co1;m?D74@M8Wochv`Hnq?k>f_7d z091fyzEJm^G}vk)%%ZvfJx|dhQHT?o|HJ}7ysykVN7msu?G~=q@91D`ZyaE^_;+SE z*GE6w0qi13tzM2Q7m-05CdHi3<4zaqtK&@%uf)P>%Wx%uWan z@%Z+S=*5lqfMvuL;EV;dvvx@gUw0(gCe$x?X>Gb?N{m?5t|X%Y*1G7!#bQs?%m67x zR<;5d#s9a==#@fMebdT&j5w1YyPAW?L%ib*Nc^^oTPl)ky! zTH2`)Ex(F^isQAs@xkI%`TvKa0NoC+tbBj{0do++l!=@yF28;e*O=^P!j zr3arT!x9bia2A+7Iiqq;Q%5a%BISWZ1<0lx?Oj)fLB!268JBu@KgZw&MdG4&eksPW zU{il>Xf`4j8K65UALd(oXp!Oo~~Vo^F}5hJbR;GFlNiXO;VoGGd@ zD?6~~qDX{|G#JEK%5y{g+~P*X74=*UYCB z0s)2}qDnt5c22Y^kF%|XQF}f05fyd856&ZUd6?chA0;3BO*X=cX^Hn+ruUeXx3`yo zNK}MElrs%0XVHhoL@ceT|<5=)m=+; z92K4hR+VK-V^=0wS2|CyDuX*yJ2$Cb6B@*Nl}!e>N8lJmS)Y-cd)$<{2HXUR?r<>`fNwD!>rCF)OD&k|y9vev*-$1o4|>yOD4EJ>wKJ6lQtw8YZ1^!3YU3iHG3 z8215=b$mOG1ZnLw0icAAA%Zq(nWHPnwNIk<>$L-ed~)?yXXba<<_cFWL1N7o$DxlY zn5gE_n;dyI?COB8bJaE_f)9!F6QRH`Uzic1uaRr?XDK#|sk{Lc&x&69ab?nnvRO|o za?I-mvtAD+)>(t8^+AsSm5%jfGH^M)+!c;xH{^7m86Jrgw@;l#l>pSADMXAMe&-$n$aG2*vYap-d41)LC@@ydy4xsd|`)8e{ zl9ggzOCqP!WSRo2hG?Zx{#{c;=zJ#2wa&F_Wo03J61>`|sQ+?PVK0Bh>qT%=DpI7F zM^825JM-Q2_>Xw2Am+-l5e_pG%saZ!loH>^ep6)evHUW&r+jLG@zY3VxcMbp`C)J! zt)f-Bw__txb>-``dJ|(i)p`RF5XpW848_`yTJ+!YCfI7xS@V53?7QP-NJdx9rcSDa z;R!MV-+2k^L-J^7XP7V1d{oy*qvz-aI$bszu9Nd?`VptArA^T(7n5Xr=$s8IJm_s% z7j05TmdHoT{P5$r{6yxGkUyLX=VqfTG@j9A@Bq>%zWjZz-5aVuc9?mY6MTikehc*8 zo`NU4+b1qr)X(KGK#iGN@D;m-@U=Hqxz@YEV2)uhd4`^@t5ZhtPn!e#W^&S0ZZkpF zZrGe9PC^2gEU;0v-RcV-fk^-!z4gD3FB%>~*YX;@@R5`@KV5z1U=`_Ya<+Q1$Hs$Z z!XC_D-t5&n+qk{g37G=bVJmeyGbz6BSfw0unR3#ViEWAgxDyd zMmMm7Te{z#ee18h3TX&Q7GEL4UDBGveRGp7!pnOUL=%_BbP_91)na|%|eL?(7ui)L6 zk)|~Lg>OWgdh}7o=lq~ePoWC)o~8BY0-p#=v6gv*%lH^{6v*(Y>YU>2OasW@I(Pkx zWL1)f;rx=b`gP?^|NX}#d<0EhRYs&F2At_!$?FjD);JopH`Ts?;uHiScU{f`(i9oH zQ>S)aQN-4^7VXORmkkd~Z_K1jz#G_&)OZVc+8%z)Nn%dl_Zy(QjxWGYUyoV_4>US@ z-j|uT>bFkcST&mE5o^;iLcqqQB#6$#N}9{{UgR$U8kAf@#?A=h+ul<4ryC%_X$q}2 zB=zS_51ad$nby6=h?dpX8etqeaEiyy)LTgvWlIgbvKCa@&Z{y*f!D984EM>=MT#9F zlq>=W4`9_VdB(F~;c0Ywz3p3{KDGLZ8TWidw)0*gb9?`enJb>bX)drUuT6tCrUmlr zJ57jCfF0`G=(tjtqE*fkVH~F2&cFP@h&377)$E;Oj|?VoV_ZbBhQanjYcn>+MI2vQq!E;colY_iqa`7sXD|f)d1)Bj9s0|S_ zc0*ye%_Uq_`xY;=N?UzWv#psppEM1>;q%L=zbjk@?n-U9Fe*lZ{>P{%>-1%$XDkS9 zuLd900%KG^w0CwqJK~%Y~&`(PP9}>Q9I+(r8JM7--%H|Fiv~+$uz7kz%os1GL z=%a>SLj-H_JvYAO)9>8FEvehdC07*(G#~|tp*UH6n>II;X`?vH7k$$>$6>J?O|??) zP{F6XGXx?Mg^nFu9~9gP)CuKcEs-d5sZN=hiKyI0ICu%ik9wbOJqpW-`zDXTW0lteSsf_Thc%DI7u-Hu1_LUsFgyp+9NN&~Ay0NZz^c7<_<#LYgW2aOb zwpULQAEXTGe9p1ck$Sbg|MPMA73tt>0gYN#1~%ZdFtSon-{^Q)B&5%E=t*R0^xjK^ zC%D169><`|lfZ_c#va}Jf+tbzA8ph zwqX%LpL2|(x!+<_ zBFApAio|hv%D8a3Q7gAl(^p=2z~)CvGR8~qQ9=9FLXD~$jTO5%0SSUD-kfP)2xEM` zIo^V-tk3^xdSQJYlf{mBDY!H65yb5N5`|=mG7hNUw1Hf_T487}bHpRL{(vQe!C$?J zL-?3WLWFc82FI|J%^Kp8C!+r4;SG13wf}yIDo;!~KTToM{GnB!nZwXSXEgOA&qEiU z)0ov6erA2rbcwvvErDY3x;c9&qx#a(Nt;)i(cY@HAd#WySL5~e6ycT2eM^N~?PmEQ zgCEfM-HnQycOxut@2NUceieh66cPEJk@(7~%cM*%IQX1Ym!fg4SHmaKK_PX9IZB|3 zFfG?HJB0c!eiHonO5Y=-5Ezlr>LQ#qSIPkTBdnrKQPHsW*a*wT8(iR`C|;5e#^H%W zM36#*yo%GTUg3&A(K~`2SY4c5Hmd`q8WY15f9V?g#e*Dk+bB`?Ym>{M>qEGjpg4V) zZ(?dk!0S?B|FW*9TH>p%d0hrgKjw1%*UXzgIgwHzx2HW8W$Ff;V?E|EwII&7b zLlsT&CSLZKxfX$+dTcT zCqF~qZ-M6LNvts54rK(umuKjmHS4PM9KC?oj)hX{T7lS$w2ti_{szxth`Y3)~D*92=}9 zevbB(;wZl`eH0$d*wjxaWv{0?MG)mOSUqu%8Y?zcCyD2qHf;3amLASf`}O2*Lh(A{ zK@|HQC#r1oPa)p^%LgNnVB|qyEe?=I#G{EC4Odxgb z;r;?&yza|*<5CpHc#nx9#ufW^+BG&SAxOKrN9vv7eJSX{M}wIHpd6A)2Y0{ceP<8H zTlNvDT?eS1!gV~%q{u$}uft*2KvmU8`&ZiHrfy{5U#B@1bnVK9sOvcA4QI;lnM?D0 zV^uhYIt%t$xvF}xCn*_+na@e>5W-eC+UYxo=Q=$cp^fUx@O#TuyeHU6RZP!I3q!s# z5|`?ex@+G)5;zYWtFV&9HyAe>_%RNB1O{OaU1d3ipVyG_oMzc4yA2Gwc+0F#F|;j% zMx8I1$~xiiqiU^6Z)8D)UHAnUr@I zEQ&7f+ohc_F)cT8vtUrLcaaJY{(5%OcQE;&%hr*UBXBeYc5s3pSa3SblKJ9yxV$&+ zuef?f<(O+ysa2hKs*n0pg`NTpXMswP?g{6fi7JI3B>{b5&Y2h^9*qep^e3O+eTZoWUWwNp7Z zd>!fP)r$*}Qg~6)B)GlP;^Po^);)PdBX>}X-a9Jr<&svM-!sFui&nKS{maT{CaC7;0l+&(#flFJ!AM{A`xhP^? zRk4mi%D8C_cg&GsdWXc%oZGT&@s*0iIU%%E-gI%FQ^Zk!!_l~#IqN~CxHqXP9X1M4 zhU|KRf9sCNtptw^jXHMP%-XVV?yj^nDkCLVgCz7QiHfY6*9eBVnpj!5p3I=gjW$1t z{28RuYvKKlE)mR?Dj_J?73}*|ppxp-^TfJp9hI{)xX>Yje?<9-lwl=#Q5*VV@Gro} zZ4&W7qwAW6v)anc;0UiS;7Jli%0})s9x-z6;l~`m1>aYCc6IdpFF%4ej8B~XnP4}cLLsqP%)kf%6aG4CTfm};%d zq#cbM{o!c_3-LpYj~yq*80seBR+#BQT4UF8syITLoMHoJNBagEe3%QrUS}8Q2sE@~ zXKj}__k`Y2OS3lYyqSevk_1lcl-!Y>2hY`Q-Nmga|NSmbmV{8K9{g@M7pwiy?!&eY z>l}J@V3E6US%&*AlZ1J6b2H*0(Oo8w%A!B$?M1@##4leLZy*>D%PrV;~ba(mT@|5|jY9ieM(pp0+IoK#}+UEZ-Fq z_u%`3_`ZII5gyYXN=)BHuk>?aKGpxIP?_pYd`8AV%$17RxlWv}%IAAyD)zSXu!CBN zj0Y6HmCGHAavuk9SSdjRCpG?yuvM z2X`F~9UtjODYWKIm@g%IK3mp#N*%BYmU+`P>K1$54Re^wZG=AApS;^YD?s2BZsvZT zj6K35Bupd6Bx6ve&<_HJ2f8*8EjPTQBcUCM4c31 zcc6olt;Nwg1-#`zYJK=I@@Jlhau)~qkCsn5etbk8y5n_OweP#qH$R!`)V8p!i>+*x z?vI6N#X*MVE+`|Dd85xKm*<{63#*bj6?8!BO`T*8bstap<{CwmF8(s%Wyce6 z>MlbVp6_LYwx`HT6;R_^u3*>XWhbbkTm1B{U4XCDbKh}b^ky*_rGjs0VObJd0?eAk z*srO~bbjVi^jv9HpsF8t)RI=y`%YaRwlDjBT~}lGp>0Z+Y~RuOG3W2VBYO|mTXzLqo|k}P zWf@_AVJ@ph5Wi$&NuS>V7M7|K``f@MvY57;!K@nF^65oQ_^qByQs~G)DEk^fWM6Y1 zs;HE0D1jJuetZpz#oq<&YjKR${o@g~Ff*-n%+|I~2M;zp|Lyzw%iS$&gl*3iNx&Eh z$x6#$B}>tPS`jFx0a*7}08afw00z2GP;a_N`(HVZee@>o!b4(D8uoN6`kv~-bPE-~G)%<A}&$`7QO+E^Zqi`UI2d|F@O+3!$_ zem2TmTz3&=oh867ua*}c<5p>$jHNMPWr>3QGoc#L&pX@J&H8XD{5&^XbgHWiq>SjD z2ZKLf)KB)ui<2t8)U|z<)=Ulxo=-C*rdtN8{wS|pK~+bgjWb6sC}n`HT<@&x?|bK1 zKTdpiX#e+K9`v%TsLLzW>W-V+Qbw;e2ubhG#S0cfJdCwzyM*h3su9(Q1*b?=S)Ulv z!>0<=qE4`V6Ts(T-DR!x2FO1i+>aQQ!w7u=I@cJQmK+J8R+EB=wZvU`!>)iig&cno zTSeIYac|}C(tXOv=DO)tWziae4uap80JMcr%3anmItrYtdVx;@x2WY2?>F0qV&j)@ zXX11_Zk^gy>h*fYUfD1>2WC{bQm4;4h=)m*@5DZPR!B?pDR176snG{=*$;Itse=`| zOxEpO{i^}<1Z=?WB}+8WhGLBhLqIVz~d8jwzDq^fs+EyE+6;IBWqb!J2QfI`R+$zD6aZ2+1b z4U=8LmRH+j6l3v0=ZJY-h-ZTB)K!>lo3-@nnYy8)lhxfL{2umE%g!gMN>j}okghCJ z@T4Q(qBW4=)yTgQ37S1#v$768+(pFvRm{#9Q2~>654PON_1H1(yY!L?`M8E)j{7C# zeC7*%GFJ*Xbl6E+ByzR}x}%H7a3nb?7>?o<&;zesJ>FaV3?#%%Xb;nOBYaM2@)QJl zraoqhJ*K|fU2ir_K52F-SIq7|d^Jve&zi)y$3P~+ts|RViL*s<8w{^OPvA240w z7hya9;^&Wa%Om)ad=w7;9Tcu=vl3Wi{n<0Pa?4FWzljtI9)GLsp(h_EO|Y>N|YfFEnNVsCuamVKCgk?MF&jn(!m#Aw<6i zIKxybqMWOX91)DH-1mVa;Hmvvf2AcmD(k3UJb-Km{43i5>J_F9sy{GZ)P*s$5 z6H~y%+BWmMKN91;B)u`bb_OZ~ z?s67CHy5~k3w~*a3wf_K)FMZrQ+2Wy7KHU%@j~i@OirF+rSH{h=uit}2b7k%cA1Koo*Qr&_$;XWYmTqU?R74NXakNJP z){{=)}#t$bLf13z>EJ(a4SD~3<6!ro>gC$=@g7VP*GUbMB8 zyq|d(lmn0>ETvHsXZ_wyR14Jc5nK+*R}Y$OgCwC(7YJ8ZS&gbzD`zWKM?QXC+ZxC2 z@S+BWi2ig^rHuq5GRM8Gz7uu$CYKJuhYhjF!>HT_w0yV>a4&KKaZ{eIxqGy}9;{pW z)EPfdvu($ySP>?MD1b|!K2Zi+8g<^>(00OO`=wPTFB`h0zH!~_ac%0`O`rls+Dgfy zx1ZW@){flqWH1LWbXRO^SRW^ps0~)*|p!klAYA~9fAiHWD)ED zHIuLQjvCd$*=RW0RVl7+?ax`@>+yaqit+7Hsz>LDUo4Q9exTScxk*l|~@|1LcR{NwtZM=~a>#VZhZ zDMP>X)BI4@0fmg8?=K4oEZ=BBI&UsIeVqGX+`9lW+g+_M2F z)dX6-K4NW-%MoSmJG0)PMJw34Sd$hTwt2VYYzQPqh19qbM14}u+&Xn3m(l{1Hgv$3 zGvs#T=N6*pF3;#W0}qy?xlWlKnkhz zSp#|kz*2qhuZw=`HEDMNnz_-{Z9CoR0(puxrETyjiz~@cR}(iiy_v=z{mA#QTA70) zk>d_;#yoD+)0O_yff;tr*49P=o&I&YR^iGfP0y?5;J8QFmju#z&IYTv{~9V?V;@lV zKqtPOob2hMB}W7aIP~!IF~az&ZnAX~oUk*cTRNuq|EyzT)q1YS#2L4b91}6{(ob|+ ze^+_xgMwtPu9I`MbA)S`w6A+Jk8kX5E&-qgq9(6pX2&V#WKH$rtk=(d*u z2#Jy%HOV?di|KBFx<3HZea(N)io$6 z&Z8q5Jk8G>w+0$LNABJj<;E?Vxc`tXei3BXE5%HN%t4^K5tUayF6jZS=s8q3H>_Qg z7KIvjiE>Gp^8+Y#0SZ7Ux`M?~)O)Sh6(Ujh1eOTgpMie6VHJ8!!`#xjb|9sPu$Bfq zD)>=S`Hj>aQ5P4TGiq39K!Xe;4Vgowjmw7yc;6`68fzjb-e(&?j*L>2S<1e6^$M?xs~kB@M!z&C;NN}}`JpwOO;+o0+$ zMnVPRv;^4d>_3$&yRF41Lc0ib+XCUIt(ZS~XtSNbisIw(BEQ!OvLABoTXU=e`+KM* zjEhiK#LZHrzx_IOG-8Xi+3iVwnFXs0(0d_hUWcRt&Z^llXS6u`+*4;Z=Tnhm6Px3c zU7J|>K=*TK)re?Cmz8$uWUKRufIR%Gm`F-x8W04xYWVschpvygdu@E@F#qAS5_jSY z)UN*(0+7Dp7w&z=YPty%UtRu3Q8O6WzD(5tsH7Fv3EdKg53W|jcNdGlmOg73{Misd zIk;hztT&JuQsf$`7Y+o#{>^I@s@J4OQXUm*@Ak)KZMr)PiWk28zCtUMKU98RpND4j z{`Y1BHk6Lg)K9r4Igq&lIE?w*p609Ew-&z8Mx~8i)l!XtoNP&F@SPJ-8}N0&0^;xN zAoKAolyJ$!+h6Df_2XbyAH;w9-BwI%xVd~9W9hKpqrP^Ok1s563FBhy$c@c@s!6dt zTiEFgdpSey(nf|Wh8qvNgZ)+;c%;s5RbK@z(RhhPF88A^?&&>L=I)YRn}Bq5v$#i5 z=KZ?HXREk{$Ki@@UJ?%wSX>@bX3uslj?$e|D)`%g+LxKjGa^uhYVTxEzDO>%Li5JotR*?L4CjD#F&JW00%va=>%LJd@anOa#vMvGX>(D zYlv-2KefJjivBiM$Z~RE+$X*eS3K>JpW^;)f!LnE4#d$875hjpLNR1aXn(!HASd5; zeO*Mk=zC5+(9JCI28SI9kN|S9N#E{JTXLN(d-BV*>dxspsU2Tl|J+|qq20sEiXi1p zDo4GY;WGhq!JnVIFcm%SY{>P{d(L5_W7*<5%K>MS8!HGio+rEnf5pSD7Qdo19i_tN zRQe8#*-+)9Z0vBkF+avk(s(Z)u@;His;}`*4R1-M>1GA^66B_mVWKk&Po0HZmE)Fu z2Dj=rM@~me83ys?j1_nDq_h&5$4E(BeZp zV&#l0>?5i`&A?@D&*UfCCgk<3C{zD!WurgIcF87hhkc?L$>HWeG4W$#($mRsuTwyz zoN4BS&k57;n#Zm^EWM@xckl3@elmEgAb4c&mCeE9L0?Nc2cdVGUnRe?oZ{iHYFoTn z@xV(E^QqFUt249WUU>)N@yq>J*bnP8lJ{VWER6g{&8z*oT;lnepY=YPeFgAP$h#zN z!;QquBLu7JKLn47S1o6frE?VKQAQ&3Ed#26M|8m$pG^cVhKUm57+A z6sO+6)eSUn{>X{7qGvb?0#29?8U!l`mG5*mopDw|?#_)mjQN^lJJ`f++douSPkFid zyri@*@;FhqJkd`IB9uL>f#K#7u1%xqilQJ!2F_>eCi1o53(rU^{vq(`@VQaq(xp@B z;AocF0NF4~8|o=q@G{PxA3GO%YDF3F?RQ2ioX(W#N||6*MK8jJU?k|maD4ChxQcgo z@aq{e&VkLxJdq=HSPt|fWyOLXcb;$e*Xz4yX&A=un%e79_YkLC4#vK*ksN5=0Gip) zQIwTIa;mI*X3Nd^E8QoA+MJGSn&~CjD8#Cu374cTC3pKvr^&lM7xmqR+Y9Vd7(=&K zYHGd#ZX$Dib8$8X^suW?$>QUY*5Bqdxa?N-gRF0IyM1NH!z9x|_Z*!m8K4v{O65Jy z1RXaikj-4XRX%%;q)+^|b91O$p+{F7e_-~Em%h?S@`bIEzuCl^*bVwSU(z(pAdj58 z51j=>_!^zyLZDiinLsz8?PgUjAlNwzgkSrXmB9S=Z;U#PU@ck$^e9#w)72hF?NCwi zW2<;WyS}#2U+cxo#hOs$=lQciA_^c9!76AOVD4t-Sw#1PQDI|Ot!wc|!x|E%PK*bw z^s={-OX~uX*xbU@u86s?i++pV#SzHw_UDBnYq$0@K%%@>6PK9M`l?q4FJlSdVGzpQ zEv5&jHxgiphuIu)Vyy#m!9uBgp15ywS1FlVqyEet3fu+V+3G3)VDgq%@kVL)phg6X2#YnIbrK*FjGXI)fNh0!86O-o*4!t zPiOq}N6UMO@JiQ-f?^GsdvaH-i(N;C2EPH@ z>D~y>gWI1QoR;!@YoLCEeiDH35Pt1bj4T&(GOsK4DA zUFlLYFxK@faxd;0$H{TYt=%~H`EmOMh15u_Y5WSQJ-WnM|&09isbdcDQXXi=hJ=rG#wp+WYq$m zCe-6ipjMMUa@CQP!5${24i3)UIO|#8CJ}U;IMN+W{=y!3-06L$I+E4ZAd})YlKmrY zbndpO`a!BQNx4dzwC6CM_WHX&K|Y>WOSm*(%tC3_=d0rnQBGi~oMNN1k9pRxv!swY z2s?bzyCQ(l>2nrK;_O}Okk@{J(SJvTkCUQMJ}O1ylev%}Rfv-J^QkFP?%sp3$A|gH z7Bp+rqZGjix~0=guBJv7{h*!p=dRxF#6~ZL?$@j+6c>4cOnEkR6jonZrVefNGOx25Qcl1Vl2woz0x@Twjxur7AooYnxw9ZYD;(AG=Ox4w^ zYZtvWsyU)j;Xw%2bJr?!(1y5Qy~h5|aZhitf8HoAm&)el3Y2``8(|S6ij022#kHweMa5`u3UmU2Yu>5}umC zZzGBdJMQ59EAYSv3;sbxX1s@E&w_fpuJ!5nG869_oQUEh<&t%uyAs?IrHod5F2h7c zOXi2|t-_>07P7R4I?rctg`1I7fQ4D?2k`@V)7Qp*Osl>JbuVsJrJD7f+#c>IRUL`b z#nNgIO^EP}V*|!@LGE9d5~54s~cqfau6F;_fHfM7;)0`&;AMt1Gttcg_b}U zvnupA^V|)9#d^uq3eJsoKH9F*Udhlf9;?JOdhHKI*Ut|v#vgMRU5JS6jTc;qNPx$5 z!#;grLwV3x;Ux>jFA=P-2i!$lQ$2fjqH>_?nU`Qf*prIE{TZh!_dB@0uvMOTE!lf% znW8OqLNm?t!CGSbKxG6KUPt|54BaMgrOKMnU$V`fUTvm?+?HJQ-9#a74+G_v@m6oI zk>!aGxcC1t+@j00LEb1ymX#5RV$$+Mm zIx0+awN)4XZHK}jmUs{-a2D$NRHVnmucgOg49Gi~|@+lj&Yqh!02fyN= z^2LBH1A21-PJ)1F?xWXKI-^n%yv_|pYn~Nzj8VQXU)U2hl_Tp{RDsjTXeMS>pmSkt zWabVC-3J&M&8fz&ETc#8wm@Ddw2N04_F}{(Yk)l0i`|?3mYvdf;DD;d!w}D)jc7Lb zNG>_Pw@2YX>LGLcXBpMF_85C7B%*QIy?mxy81Jw$@@*HsM6G1P!^Lc{ie8=USa9^p zCQ4a$I^>LZbc(Rk8ry+3B+O>LlTvrQ)*#cuESPF3;cAB1}DnW8F7RG_F&*vs8-B#a(0G8S*Q((T?cFSD0EU zU_#0s+6nP3z|HCn3m`ZU$~9?a*L%h!pH(vNf@Y|%`ok0B_D@&oFXL43@s)3s%V%Re z&x*iJq4P6#w67ITL_{&64zXXS) zs#nnN{Q#x748Su;DFm7v{>x6lmWUGhJ1*~IgyYOyTRlttoJ+2jiQzJIeN1+%npn8! zU)q>Lj2Oqbn8pvw^h5WdZ3;8*#&;vnTFkfD7rYN!)t~{c?LMqgkkTsSZX-z^T3!mH zqK|lwz@8nfvoNU49Q-$FaB_aOG(@gN4#dehHNrYcTK zDuOB;v(tNcS-TzL|3->$MYrJ*^5KRs8_;n}q_`C$#c$JVI({_U70QY!MSZU=k5Z47 zZo)%c6F<}~-PSJa#rI@k4=~S2W#}LG@~Z(#p3>uF0xL&6Q6H^(m90;dO1LN_vOCI&Vg^smhGIwEn;9fxyP=WIhHZxgA6^JD}tq~{wlsd^!cV# ztE8(Sbg!s;H_WQvBe0c?lz)C*Y%jlZTGxeAFe_GVudp|bmbDrS|inkTLJ zgBG#47=9U_Fp>oBY!v>c_Y2fSml7@ggV6Z5lhW&={)}PAuNK;S5(xHN5d+j<-vYZ& zmVKm+4R;UPKm^II#Vo#FLUWf0vEssJSumFc!C)*zNNJ`o5IM~J7$D+%(KS&d!1Y{( z((8#Rix)_@nX?n3MF>H9&0M!G36+GKyrLuG&4Dfb#rWEQhQ->^K7PCDu(qf{9q2md<&P;{(=_wB zhpLv)s*P!4ue5|OEz(&oz*U|XZ4>fvN{|#andC9~*zF*tl}TM?AwFe@^%7Ob>t_wx z=~~d%NR~65l`n|%OYanawc4RKc1IELt9t;-1V_{ z?fr_tv(g`Jq&NW6wn$DALF>RBUtqEr9|U5!D9L5xWe@fj+30hzB(RcJfr_<(8-ql3 zrS;=A6}acF2$43xD;83QCOnpYgn*@WiU(HLY-&14n6Afwv$@BD3bgkP`pL<7q|8mR z?n7I@*_fbG+==c@D?0voGjWTJpRzLHgcU{f!vV-9o4>e*H}>QDz|WE^oDIC}ZTdbR zH?sH+~{=vGoNRXU;I4y?A<2`1_{*W8e_6>BVg_+<>AiXPJQDJ=+ zDlN<$owjN-e~q4IIQFH>RiXEAa_Caj8!hgl0Cl(SkEQ3YU+lE1U2|=kahnx^P);! z?WOVfk0lW^QL1a@7L7jIENADS{kH`ye2G76TmkEnL{w!)ELT?2rWTK#Yo&N=77rcH z8aar)XeGBdP8{jdJAbbi;j=XOZlKc9(Ne0l9VS#)9AzQhBHdx*Mj)uyukb@2bbavp zCUB~9UsMPLsy=2%tg+|G!fq;Di}yU6MiF$O-tUZWMOWA$TF?-3r{FLJ2ePV?%>j=a zDZvzubPxmi+EtBv4{zju=&I{Q=N6-4)GP2167vqOQ+eeBwD^; z^e-;co%b()g44SbDRjXwm$I)9m9>!?eVd@p>h?ihFIrz(+`}nQ_t&U` zJqPW74t8N=4eh*0N&oU zdM^ChhKug6|L&6lIDmbZjR81tx~?0+{EHkw2K-9mCJ&|ww!Y=jAJOn&4-ROr8%p=*r+{NpGnz$=LZI{UVm%DVy6h%~i2 zUyb(Sg_z?n*eU}C(jWiC;F1;M3+yu-OBSt3OHC}^**vP`jSHMs)C$cAkJ>NOu%VeO z@mmmR1dgS+7vUerGrmPmdvy$+T@Nx8jP_{X1`|H=3~a|;k#@fBeF|GDhap3CR2{pVx< z{G!(x0QJH2I57U8%HJH|p}>wrpmzO8+CLTPUt)RkSBTQDG;IIh(lBld#J)eVn5zlz z-4c7)|1WmHI{rh9+qVCIOza`2cj148ALM9byVYZ}3M2eI?U9?1BAPq9KY z_o5||AJ%r~>SJ%DGtzpqGbl?HAe!sVC~Nfc zvvahzXxN9QmO_ra`t=>gfsn90=-7gpQTy>r557kQXk{yE|ItI}JzxlkhSFOj+umur zr8ed{-ZT9nf7$FeBfVUXTFEo&eTm!Lvy6%G?%+@NAQn-5^Ra&zR|xFLG5pAS-z(T> z@{d06L0#3_lAFTdcl>x^kFuk`y-oMt?Qf2lYen9cK#DV{cr4$e**`7lw(YLmflLDE z2USK@r0U`1+Mv6pksYdVzVa+zv7=oAJkTf`Vp4VBA1}SNJ#;_XhU;}e|8jNoLZ7?c zhJkE;9NzHDe_Ppa_oybo{UvVDDr(bn!v+=WR-2-4U$-|Z^qkDp_~D6B4FA79<({7h z&sn+&>wB9!5j-h`)e_MbObZgh(o69aQaQ=cg;+7C`((o3>i)^CpX@$!$$Qr42kXQ8 z)gDMR%`}dT8y?Xzbo9usL0sPWA zxq3B?s}{>HvGNy8oRV&}CI#Ii)LPmDs$XIEF5GCP1f6oh)JCZ; z)OO%Y6*U%!=JqZV@$WZT!tuOOAzQJ6dl8cl~uaN)h6^80?LPl8tILx5zF3)ej- z+E-uk-34tPo!$S3MQ6NIGrD9UlI->&cOO23yblfjVkh={HPdBxz7jRp3jNk!>u+v> zfY~1#+5M+A!DytX=)~(+U$g%ly{M#d{E)docFw!s<|db}W&^-JJiOBAx!kj>NICcB ze+7}>l2g;)^Gc?L+PFK) z7ynJF?x?+TmbWZuE?oG5dmaBY4~=vt7oPBW z=H#D7dGK5ckSe(u=Y0CTl-itt)3)t?z^8r;7wz9t`?;07jF(;h(@1s- zY65BbCFALvzm!mI0r+Nfq3qe;Dbe3XqGk$&rn(ygD!&C0k_0^bFaP;>mE(~)Sq)pg z;QjRXfP;Xva~TS{^Y1+UKbACP?#MxNpWI5DL%-97qd;D{?*QN5e*X7Vrz(ICEuqVL zDZiJm9*_%#sme7V3|dH>%90qg|MovcP5`sVceGc^hj!@;C}kw2-^ zNrRifiw`;L0`SILo1kZa#DzYbPTlp##e2LD07%>!Ir>cSR|K1|}uU4pu0V%0a zzCtSZuQ#1b0G@qtG^hGc<2^Wa8W@B?aV6BT=F@)+Ng!bEb;rkk{FYLPIPg2Mp_l(CHHIDVAsmgM=>5_Z|NFq&H68u_ z$GyVAJU-yz)O*h#{u*Nl5s>)Yn~J%VKg#%0#*^>KDMoyYl24=&BZe6sXHH6L&U-8}bz> zQ=9Wc_ALq81HQ`ttmp_sq2Rd=NW6P^#{Kv2fy?4f%;ju}`yveY0|TU@s;xVDOQX+& z!H)kJgXie~_tXIv$G~z#4&!C%qNxIe4_9FDhHgIn&AdTC@tmLA6>wjr&D99@-M;G3 zuVnkx{4eiWf_HJnDP5OYiL6g>M)D?m&t=XNM3eUlQix;ON(ysdchnzaX^oXsqGS}+ zr$?$7Ly&WE3cXLXPV`IMEy4k8RQJITs3`7qRhFo`#9YLidJ>MaSC{!bw-^ga5M-Kna80V_AzuU(+a zTqfAhiAO13qkdLXuLe=={-s`V58ppGF3yrK#KNENI&p8ILrTfCewMN zw)o;c0`PKC+!s5Wotfl@e6HBNHe{q0GhlbkZ4bYf|4n$R9N51c%&K0jkvv~9RlurK zi)?6__H6)7*>vaj`=&6`FKyGA2`o|eK3G-$Dv#J51>84dwT*cV`Ni@s)ImL!SV;~u z!}T}@>UyJ{2A**K`*itbl{{LWoc|PKZaL<98dDd5Ov67)y%O!FHobVb-_qW3``c-q~_l<0RT0RqlSBMOF zkcXPJc|^(u6z`QSS9C9YvG5E~mT!xV2*f4$#5PLJUAf_B!cTyiDRomBu$2 zfi-mc$at63Nxd@9jF@4cs0=9H5?*x8=wX02im#}ZFN#u*;&rZx_CUeNmV~{Q;grgs zs5W_&Ui~96DK1X4yUEARC|YZyVTgKv3#g3payylUU2WaVyT2)Ft_4x!a9dGDv3Jry zX`iH&Sa^#HX4WdFwOg-pV~&d!rbUS*r&PYgN!!$)(sD^=O)V00Dwy`MN{~1&t_D@C5|5}|{$@Wi zH59%t#h-HjA-LbxEu7MNI8^35ok3wjSsj}*1nUgfg% z`)+6T?bPlMV-h9%YS#;2KW}*Ap49I|H7y^GvKQ@vlm?NsgxgryRhN5q;^OE)_Q%na zx*teuxKU0U9k~x(0_Vl;n`nU=OC#~U(PJE@66_>=fewq(nQjvoep3n?$g%K76qqhX zs#1<`oLLPy(<-ZWde2waAUCP%vjcu; zXH0nT%~g`?TtG^F36B|irComIV{s;A;8#Eh<&Kjhf0m);ebO1PjtEy-erw|tuf+1^6UWv3)gt}DkBOkMBpIShm3Uh`S~`6Rbv%fQQh7i?Xq5y zk-2hQ%YMG%S0d63w7c<^+Q;+wQYCg+#gi#Vw4EnX!$Cx4c1pi%p)*q9L5j#rW$%GX zSBqt=cVytTur5qb-^RLF+qKOaJrhsrBbwE1O^R+k=E7`1gD2ODFnn2wBy5Pv*vPiPo$wHWxR~ zi6KZD6%%eAnK4gsgC2cnb8F{jrn9AwQtA;-e&oNrL6TsjpYQINpi zrK6-%e$;!_!@-!6f{E^4&_I_&M9S^Fo}6gN$0k3%_Ly5B3sLQLiCf-fak&?h$vF+) zw=^xE=~HWLn0D!O-4jHbon^JUv& z{1-B*&(cE91%V<6oO5(cM-`zOQmLifJ+I#uKYRq6mFV&?&T~$o6QZlOH0nZxvD>oW z6p&KsQY>A^dSq>Ok~BhQISq{b%(!NxuL?p|Gp9G=A0(=Nu{A`GtSZgz#pPB!=JBar znj>4a!`SsE(Sn%?T-LqTaw7#Ll?=Rr>dyN)%!o1XJd){$JsSWqowo-9Te)2tN4}$z z_o0)#9(2{Sy(~FoMx{K}ufMIY6F(=d8ls>YSMNPmO z@Y?2{=miItB$WqdoEj6{l5&FA0^FBK5<0g0zqC!>rz93%jYNr3$+ENMSR#h}9!MTRjbi;>`-G4r%SGl}RGO})^4a)Z>xV)EC z5`ngLN;&Uq)M)~Xa*v*MD+K=6rOj~pvG*?Rn^XtYs(~2=$U-t`nhzx!QV4>LmlZYh? z9>MzJ2D3v#2OnGdV4J232{mL%hsxH}aql0|L1NL9@@S#bR}q88n6vi+and$5EU}gl z{Z12~uE$R(2rBe6pVG!l6OTKPq*=F5YU^v!vP_X;4+3%i${R*&H#<9h({@ej5ch|V zk%0LMJxp#XEsqd#+n3NU!>8ze!|1`ZNT&|G{8x;N^MMHTq!n7oh+3xA4)%Gf?NEl>BEuPi7SyXq}SmbOI2L;2BHu+ICvXXN{>p-YZL=7oyyj;y`I zKFd=G6tLjfdNXj{GHC} zL87W`HMP#aYoSX|Rk=lhoNJde2V;{zo#@^7eR@L<>#H>D_PKn)Jy`I+johu%*5^6c z=h)lDUG$6N3e9zr`}RVWbF8~C@|O3nE% zFs#1aukvAKGna+0$c9JH^E;mY4vWgmu|KXPU z&o8VUo6aQ*tl7##eq5gRDj5c$@2CtB?@!?Ma0_n<{5CxC zdS1bdRDE)lBQLlXan+E1CFJ8$HNN2hTDHp&XGeYXc!Wfbjp3kc`AWM#3wY7bQBifUxGTdP8XFU?jEkBlLItnI-uD-m zrz%_hd>hLeYvF3MHk0$c_wvXTD)^ZQr{za$tRQpk-pwQ!Zsyu@Cp6N+6Ol>~WUqs>^HA%o082Gw7 z7H+xlnyL%>u4zq-eR(ix( z<9UTd=kC)=r4J(|`ioG`s|v;MFZ-H#bcd!#J2l&iBREs+Y9?z!Vza^-T*s$$Xpnuo zzwPaBY5hU-r}_k4KR0nmOM8411sG)p3wq!t=r=xOwf1T9L!F!5P5U~C!!~}?+wH2R zII=$x$zJcw&THY+VBY8Huou>nFJ$N0lj+@R2~Nlw)sZ)DUES?@CFK$Q4U^Cm|HcKo z<^}o9&l*%_(MWlAJ568XA6!sJ08b(@d&Z-XZlcrxamvG>Pw>L|4J_|h%tvS3aV>>F z_Fb=C8*R?mHBTNX?I*AiMe+g?*g=MGCS;5v*MBc5BXjxQ#9jG0B@Y;k%ufskZ`oB8 z&+J4*i{#}*D!RMG+0H4PHVHw0Ue7eNU`Mm5r4IyoP$|*RaFS{=gXk@HlX4v;=6Yp! zMBW?nDn3DyY~HzjJ!LG#p1(>?u(;pD>cf#Na4qRjQTnnu__#kwNR_>s^a@|7)PKjz z1F7%lc{R>6S)t2V@I=}Q9Lj&og3t6m;nmLO9eZ>wR-d!jeBG?qrtSqD7`?r~Ins=? zy%M3e_$2>p{Zdwu33JAnTPe*1Ru~4hpwQtusE0qJ=!tA4kdW{8JtVppT@hqpU@R1* zH_Y#)k-FgZmbyHA=qi|4XxMZ+}+?ChB;5&t@TM?N* zq~@OhYv9BSyJLBc{wWV_?2Vt(_ZU*qVFe}*nRcLur@pgKf(bYyt+CTr-aR``r1Bn&BX!%4v2T;z5^l zI2a2tS7D~R$p0cc!08}xuk)7d*oy76g2AnquQQIocmkg?)E23zv zmQBEih&&(BtP|XMf35N39xzzt$J4W0-p|t@u#kC}P|Ps2(?JV{OB_CSo`*8tqob}dg-N3&VMwe;@Fq6VI$1SOKr+JiIl}s6f3N4lsemkKp z==V&AXrX|7W_>e;t8)kGbCqFt@iFvYeP{|ME`5FOFTL2}6EBz;nHG~I{QKV@^#R9| z3|?AqsqCMNOich35AK_Dq5rpfH29sSdd8~cLu0WVrpAq)ZKy&Eh>bA2FwBo)`av`O zbx&WErtgO{;5f0-#Ix+4FNF~Qk zN7J_LE2qE(tlj74>ECPWprJ>J;Sw-u4wtU|^s!p)eE_#h#|(KXnR#}l)VKOqr+-+< zV~i%rv<=Ouv7s}|0)&&C$lK%mYbxsfpaecn(|ZA>hVa71XgxJS%|vfkFW^MX5kL2T zAPYF};gLQ!n77CRBAI7M=EYa`yNemarwV}2 zxg(xewxIR^5dP-a3;XgS6?|)B45vOv0ne&X_1u#L9Y)eMwH+IsQVG5XWuzQ2HN5O2pu=-s|@{{9T?d)>Yg$Uh& zbaRHHe3X{3{cn;mcrFwO(cT4kjr+YgSZTbdS;uoXT5K$TC4%fRDuAbF-u*2rBp@9B z$-V_SWndkn638FcR^v@qZnw?8|3q`%3&3WZB>Soc8Ot&auvfi}6X;qoMe}iq{G$2r zO&x14OteV8tNgWY3i6#Laqp4+Tj>dZUF7;ifncS?mi(*0K+yS`ogHDW35moTJ0?p(7CS~e+oH{rwM52qNR2{VWRwi!YW>d2sc@#L6uLknBE?o70_>B>To2mMyy z10#8*UV1Qg|d&w(-Xx95hm z-8V1xtYVzAKugTQFBP8OQn=@Uj%zKMu_od#l}VxB;>~4C2pu-Gw1M8s&@#|;;?K4G zmaJkua2ozeMl#3JjP{k_UfTrk-x@=6YMBzsoki!q!x_xLar70K<3A+;Pt@6H&H}Fl zhjIgM#e2lPT<)WZ0Ljz_Hqc6nu8|&$*!oX^FQEND3Ftc?16wj@Ea_iSwTyF{qk-Wn zx3c)8g#%-|whf?#Cp-(erPO$u(xKncK=raMJ3DNB`BTlsJ(CgqO6OfOXT$vZN7QQT;G$w_vFgm)>x;PV3JFHrn@Y=VQ3)k<{NA?IGGLVT*KD^g z8zJM7ZXqe&{3&)Sqb*?&cI^2QhQ`d)1)#g^qe`?I4Ui*YI%?1_pdfu05U@6GgI0Q@KhmTrD0q@HdmV?_Y@<|}y6`GLU& zsv`>EgvgPlt<9DM)`_P=!45`4)l)fuoL;;geepN70gV7sfmRH11y& z2d2!N>@_6@2`1nU_h&T<4HmhoC~p{*U~Jo-L|c!z7J18a*GIdA%EhxXR89u5eo0N0 zQzCTC_?KZ@Y^kJ`CjG2m-74iM2B75hx^X+h)h(X}JVszhI==4 z3Jlh3Qj(!v4?JG{B3yNU;@MnWorrjmI!qlaGm2VvPjy>Xa9?g zK3Wb6B5q|%dUR=be4b2xhNi{u@~HpR5CvERBEro5uQ4i|`6r-_mW&sZvAHFOcpwpF z2`#%BukI?KSi>MEnl4)n0QYhx143}NC*<$%$tMj4p z*zitSG##No<59OT-&6IBT3gmj1I$PwlxF&&mX>nG)QV(oRVO+9SU!ona`E zGr$LAZum3p%x)DWihe>luQDU*{{qwf|(Gy}Xa*PZ=`A=n2q8|S+l*mKCHEACD=+;&G z#BpG3W3HhsV-sW*@Tgzx0c=Zpx&RePns!$hOV1zmdZ|5NVrxuF=N7mB{7PyOZ6*;r zwJqtX0uq5gQN&m^cy0mqzWO9hVebsJZFyz>I+rB?d8Sd)DRkO5h$BHtrhzuj^>EO}GdD73t{D_I3V(*VM=gx0^jQILbz#PY#svT@|#W3Zi(rtwz z$w>Dr`xWurPjR~G#s5~hAh$QL!4odx z-h+oMSm6CRs^4X0TI6afZb9Wrwvge5djM$nICc=1v3+#Uk-WSxKataFe^N!;5^xIN zF0PEo>U?vT>(`g!a>?s=PM!Qc?4fdiHJE@lh|HALwO^WxNvufvtbaw9h_T+CZ= zdY|Y(^T)5tMya0%?W^t-&(-h3gu9Weu$o{%uQ3kHvrFOh- zW;RTa~~R zO=33*`=9&n|HlfhFYkl&TL#J4MRjH8J5Y1SaZu;>>1*B@vgvac z{%1Ff?cyzz}+i7{BM4%$Bz(j{HxAfIK@zPYG~!{{LFuLNcjKD+y7tcD&Usw z3>t)?7MsO6V@SQntSarY*dmozuX_!Tpiv+{a!6rMK3!-3lG7Owj7mbh_%BZ;t$jqB zC2WVNActm>`&}cix(YFmReYIEeE>=`*q?%%enC3%#}Aj?qGH z3qrxr{CtZWVqEDJy_*9ag+aLaPJn)d-~qpw4bxfBlcvX)>)&1cWy+c->MLaltUZqRS@5YC{Wm<$rx)X>I^{yW6b3 z%x|K^Wj2owED%Fb)6Zkmpu5^s@u~A&4O~~*6=kRMMkwQ+ANL0<*ruE^gDosff2w}1 ztZEg;&nB5-V2`=yohiWgJkqaxrLPM-9J7S=Mq{_X?u4ENk0y3|jjRoV6 zoQS_S>eA?q305LdY-8V~WqB%kMdn?kQVx2Sb7w_V9@}j3#R#^u6%gOkq8t;L*>~$R zEcwD*vkhn8yO7scl&iL$|i!Jb{j1K!Pp+$Dxo+wZT3kfm+kh|D?{ zpW;r0MZDY#S9%%6SSM8RL!!!>ztz-8`nLvUO6Ucv@H>7M$&}Wb zT9!z)6>ING(JR(rQ3{iB3ck_HcjvqN&8Y)xbE+0itJz@@EVMS5illyF%^;}YT5ae1 zi?xz9U#mwpZiZw|&O05TI90a>Of1>q--#oB1Pb>`1*uWSiv-vomC>4-4O#SO99tmD zP?9|+Ich`K$&Qm5Aus(22IjRef3C`+Top*JW0{fY>}G<5hOb}~o6?-OyVqP0^`32s zyeis3Ciu0e0QZA93R(hwkPB4D;p}dFHxaAiPK8(Woz0sQmE0KjPYF7xM}?J>Yy3+p zoREn5NF^y|72vHg)W4oRGSh$NWE*AOr90 ztJCDMMtmV-x-};Ue8`)JbI?Pr&21{#8%ibxXW~QUg81VG4#kuuEZ9qt%;SVBToHLA zL__MSL`dC=V_x^@qSqMuP?JunYtMsNtC6?V>Yt;P=E%EI&&fgLC}L0#&WI1|g+u0( zR(0gWN>^)o`wC;e@vB9CX%}%dvL8e8o-c1BColC2^@r%lnMpt@@lx#1Z1f&gx+)~~ zURF~CE$Fc+l^?$%AD8iy2JKn0lWPqh=FBD`&0Lc7ZvT(}|F@6J_a}IwsF%=IOO@HD z46>Ha>o>o)n^wRcalq9RnXoJ^jx4iYf{j||ugAj9u?@pn#J$09w5 z3)e)CmBXv!6NDYo|Lq0ve!Mdp0U{i*I!NY~rBB>USg!`H2`T*8*u_yUV!`1aO2|tl zOaCRuC7ly-Ser>5&`1exiAC=elTFwkSQ~wXqB^jc1x=7RB4=z5vU}GG&?zi|tAd!P z2wB8KgbKge&{9^1=_BGm`< z65sX(wAxp&&5#tGrr(UU`Y#mS<{KsBzv1RA3T8&b+PK=3C(49&=Vl6F&)j4-0S&!$ zJZdSeuPZ>6{+wZ-=Mo0Su6Ry);~^UQk*69RBLrH|g8b4NK99jFAC{$GX#9(5ke7RT zty#zRjpycfbjk_yID%=i6Mjf2PeP24+8YY0w6C&6Uj~grz5O4J+-{wFqJG7X*r#}1 z#UIgO(5nQk0HMr}{}ayq?PVrqBg)(lCp)^T{Hh|mUNm-@m%eEG;QyDsL{^W{EoDgF33*rxsUS;NsNJaso6;@wVM?M zH$?HqSYzP5M{O?^rr7t99)|B_8wix~Q7p&Wm$jl+O%buo%8NZRRw-$s#8l0RG;J#r ztW(gKZO}P`JZzL2*6Zes$~cm!mfiPGmZBmR1Of3o#hHjtCh$O?nh4XgiVJbD`qN_K zZzU;XDFhaD%464t?1la6`q!ns6$$;)LqWn(ybc7|{7{oH|9S|%bmM-HT@~v$96AO= z7F2w%Jed4i6}J8?WRAyk7Bl24W#)=c$#J4gQB`=YuO{1u$~ArYM~qt%kmDLkHkvdH>`GAR zI)Yy-xb(Pa!n;W)*0p@Gvi2D`61yVu`fDGp4k=Aq_}Y|@zcB5ujn*AFMll^N8b5+b z5%otGYS>fR>>Q0f1bbcUAO`6Z3-5PfN@~dnmucQjsLQ7_AEou!vX3i#6L;!{S z@V8RtI1i8SxVRDJG_ngFgvnHCl)B8ucm6CsqCgh$5x`!feFWxYQ^G-Dum`XybCyuj$>fY}zU%%Vl5l7s&js-Sl6`@?K@{zB_>L$C2Me_rG z3){MkpruSL?MeAB39;ulS1#~l4Go=oOw_w+$JKG*-T&~|?=`4Ag!yOZzFvPf^Oax$ zOS%Ay1>Kzyet%sf<`QSZ()z%~C&ptzVX#;~r03lD4t6yGP#Uw@rl8JF5OH?luf5)9 z9eu7op(*xM*2~IcDhWRgEfjMrN83BQX9^&gFsWJr$@NV^6GuF6ZQS$w#t#E3>T{c7 zuUU$izeY8JXdwymP93+`mh@c*8T6@SAQ-A#7&Pl8G7-dnJIciX>1v_SFu`F9+ zhfP^n!9){G%kZTfWr5IC!N!Dxm-rgFR)}<_9#6)}wAa2X)~q=HQeYF(AT$=swUDT* z>NHdw)H8*s-76YVo?G2!>g@lj+tN<6)(?i7Q`$VOg1s(t9lQ=gg?Nd43Infhh|{hz z+Bqd_eb}+L9>v{{nm^Q1ms-Ka;_a2agy#o~#yD7AiC|wW+;WK@rON|!HLSEevo<6%&m_wDVEA2hvx(WIjOHMa>&7HAZ zOy)M78-fkhb`G_!QFs=kTfmz(7|M0NH_ zY9zj#J(oQAp=6=F_NM{Gc-`XcrhC^jVzj~Qc9B|t&;|YA#%Qzi8@ardBbe{vrN2xZ zM!dU-AG{=LU(HT_r$SF4*}f?`SY>n%jhKMse1sAEf+uM@BVn3FvMMtu{d{Z0{YZ({ z2l3OQ(*%>*TkAu5%7UX%o6;PdNwOk1d|ejh$RjhZzQP!bKP#3Tm}`;8L}yC)*jo#hLy~V1^pN9J%!t7^NElKWKNjHKGEul)vq-E`qV6_e8s5EzhcF&sUDYg*SL51rB2+O`(gsBm(jHPR8 zl=ZR@F>&psFf2K=S-dVM4nG*O7H>OHqNW$;wi>UIqIxj1mRyj41sA``^0#NzlyFO*6N}mp zo$tN-Gaoeb%p$lEj{9o}`p-1DtOm(FBRi?7E#v#;@>NeH@0dtUBW|PXky;c-#ay1LtHk_1)k7ngaqf-x4F z&2L?wo*N}E-EW!<@0`E%*zpRgje8N)y5*gdGjX0MHr-g=V10zJHJ$8xU29jX^cb-$ zV{T74S2dUKy6$;afI2=db(8%j9=CBr6P-14*PZ;{ot@sjSw*N}uQjqaBWX7mA{LNtUsLnCj08`V8W5IwXF2ry z&MOXWne|#4R;;;#Zbyh6r#8k3lZbaVa@YLzs$comATvijPgF(9V|xkwcv4bJOr|hF zp%*VV=u)ygB)o9*n9XQyo~5_&K%DObV-b?)1vAc&HM!}YXvr2Q1A)kts?l17(aG|) z!A6{OO#)?;3|lNaMkXSv>(*XZPe|esDg?bu$5DIRO(pTFb`$YYND=BhE;FHl_(E7u zzIFz}*)B$DTfz5>R!46reOz|#{pH^^R@;ElnmKBrwseB};U%@^dCJ%rkq;Cpxt4lS z+p*sNT+?xI_B|w~mvZ=v#b=9@^;z@mr>XBlQ;+GqdJo>m*qNz?IClE<$D>S4$3l1E zipXUuQ0QsSLzibMlL^gxZQY_BJc@{gP*TKWImlU(&RMNr32rCw?r^N_xO#jI?sAFP zuo7Gk^WaykrN4|ETW#yc!*rR{njEJTVJN;Jfmd@ULG&SSfKVQ1sW1mt@O$0CArzul z$i4A;;{A@`Hw4WQMdQ6U%XJ$gq0#^BeFgs1FC0vDG4E(Fd=#&D+HA}w&uWuLvi9LV z=by{R+7m9M>{NYm=c**8x{sPAEq;w-H@EVLNt@Es-A znwsFOV>iGd&3XSvF8*lX*}bE?ZdR7C=15t&@|v4;6+1(WJFKej_e|z4!CjXg%Ja+Q zYTxba`RC%m%HWklEG(y<-}h0T-9tI3=`I5$+!>D-wri4VBefZ`?}{Lt>YuW-3cAm< z(c!*d2fCmGq`YDb25U>QIcKUMiwsT z)GL+0%_Gz?R}Jl|wYoA$_d=lqlcfH^ug;L6}2|m%kLaPYba! zIcaDP{DP0k6E8<=LI#k#5WPpq>j^)dzA{PZe)WjQqNbnWc5@lZ@jH_0TsBwox1*W+ zU4>gZ@`G@axopPvN_#GN`TZhc%ntxo%f?{Ory&lq7N7=piB<2ebf3LxIbHZ;bQ@gg znZrtg>QH{84}am|r_9Rn>9fzq*yQB;efYm%f=;RoXO)qp0MV_lQeUv3U2ozZ`DZQfEgLe5_4jMx2O z?Pw-U+4XX?x$p(T5v%r82XDW9QUK6_ddJ$Pw6VG zdk>TlxZTL(l!iH}msT%#Q?I9x;w|>L!fjmY^LJUT);BxH>v|+U95+l*ZFd+_a`%a= zvF}sI1RUyuNa5Zb_+SaOu`$Z3WL2^%x)FV&VNLSF^2_Tw!Qr2mwxh&G`qSTU65)pr zbnTUhSB({MUf+;%_#sj(%zO+YZh7XWhs=d~MdhxMG)Yd`~G= zJ@%Z0?fJa9ugcb5XNkmrCA@OSB*cck>!^ni{cKwQA?KakfAzdd-4_NcY*ml<>3$SBX+FE`?-$6 z;We>emA-~?CyVk+_{(d4DKM*PANK04#$AS~rTM9=Y}42y>V8dg&)wQI)?H6ku&=+r zu6HhnCzKxHm|h+pvbAZ^FW1#fs)wBQ8%WrB^$G2d`Q1N3xY;mv!O*GKeD^P;&Acyd z$3Q9$!B-S69wIHEQ*;_$C_!1>9v;6KdP_y}ozojMW$j7h`ioT!Q=XF@uW*7x`Yf3B z@*bk6Sk&EFRXe^03RiEWCf@ash?&OD+O#X$QpV$ZEr#ZQD6M_oto9{olwDj4DhubX zPCn{T*LAZ|Gh7&+y5Aw0Kl)I(r1e81>T17W3%tA8;L^VNFGiUhkoP=6?^VydR&Cq} zyz+rtzOD!wo8;+|+*Q9oAvNb2`DHo$I#+D7jl0=nzPM3&m1{>xUo2;k_a$dHuUk$J zkVi_6hA!zuUAT-LYK9w)4rzkR-pD13Np9tVw+{NAO1K6-6E$vEIgitU{r4 ziG7#H@LpCB?VEPo4A*&hb!{lt(o|{=Z%(=vZPX_`naCLw2q5%XVr=L9G8W5VKI&DE&$ zKdDsT$J&{bOZ4z=*1<>(8xM6$jjBAs7gdC$KeP8wl6}~dXNN?V+3bDzM=v~T|W zWm28{#~&w0cyj0BReN&C9o(77JQ)dXud`|^U-PgfVGGwbzn^@d%l{C0Yt@7FMUYA5 z*vaOLKZNhJE7rAQ<(%WWRy4YCmMS%;Vgj2m-P*hu0p&~XFzAwmXF1!!uc8;5M{7dL zO1M{l8c5Wm^wh>Udhgc%ATPu1vaSsMX!6#wLV%IjGrf^@a>(HLzcs6#3wCogx5axVc0XH2U ztoLb0fxrakm2z;uKdF?+a%}feooR=lNr9b0Mn9HhAMvlYE?az7J+t}pbA{I6ySXFV z2;Z0T%Fb1Ge^tGzXPGW#)ZXl29&F`m-E2_ay+;!}sv1~0@hLJZD_Xhhv4~kSGDOiZ zfhnz5c}WJz)@hDjvJH1R7CFw|-i5%!0*S(#*e9O))j4+B>)5oesA)8(&SUVkk5}XSz*}P{OM8-DSw$;aO<8a>J% z5vo(9Bc}|!utD)mI3ofgy&yL{&jxY(rutLtW=Fi&6su!F1&*)pbHow0exv#lrSi=k z*x|~|P1Vl!_o>7ovu^(0f#|5o;}ACNg%}liEE1vZGc`*L-xT;lhP#hPLHtH|2=A8& zN9I(N76i!f@TaA7u|osox4wF##-@2r{cqZGv=${uuZOPVvZB`5nuB*83uP_i?`-JM zGEszDgA_ZRBsu913+4vAsLwt2hd!iCPnAm&q^6#Pcuy~fITq;sRK#f3#9CFE)wbUw z!?{*AGlJ~Lj|7uBeM<*D>dwP%dr z$XWj|d|_lcB~+l6N$&YPvTuX+r)A!Ho2;|kR~Bdxwsl_pb^ZWLtg;;{Zg56KXuIqs zK`)N?b$fR2ADJ`VlK^x4`iNUu>FC|(O@3!1H{p2sA1v%%H{QZpeiR^)ns(Hy@?%RdyP}s0W&ASzo z<%Bt-0Q;TW(`1?Nnufxd%<;sp#H>J)JR0S}1Y?zQ=DwI%l8=#56bdErZoVr$!aeor zX#bepUNNSwvzn4?EBwm6OUuL|%lStQYZ2C!+m1}gkxDDt#!S13v+gA<{V%*-eqygo ziKq?w^t>2^5UjaY&3|nYjZV~;2nZi|IkJ$BjDb|7cm2Z?o4zlN^#4TO}x%hSoX&t5H*BO3HM z&y|gJ>>y|?Xln59XjdNeW`pcG_Rr^Z_VA4SkCS#kDjf*B z_+*-7wv+9@4^e9ZS1JmR*F!$Eryf@hY?GUokua<;8E3VgAHAgSa56@4w=ko(OSJ$Wu9nde#X5-lE&Tit0XcD>BM z_oki&w%G7n*?Vey#N=a)s*N%QO~u`iS^v;xq4GlLW5=m;E!Re2C;B~+9|@whF5$WX z;ik(gm%M9@BHD)+mLv@_qyC|8<+-p6T7AN;l7XYj=mXMMn?|m8?#^@ z4hMTp$?->YOMMI4i{Ys4c*VLDb~8%#OTBmL9wi>;Gi;t?oR^=zmCYS7$}(^?c^Nn> zxWZEB(CsMalW;UQHyKuu=5W}_{sWU zJ$-->Ei54(!c(0?yk-T30Fp9ZSg zi}x0P%yXA;jyI!qJSR4UWfd+XIZuxvq$^D|D2Absv)C?M>iO)jp zl5Mk^)$@{7IkWVjz39}}1d0Aa2bY`Yx(XbHV@0S%nHKn>eLHV)&*;ncJePZK`jDEs z^v^N<&-L};Rc}`#IsGRF?j=!vK5g7ly3I^c;ckM%GkaLL5UbaT`sU*Ym4+gwd&^AS z%EG7$oF~jQZYVCNZnmBh<-gCGUln_xmrKP1?8l)7EZjg}fp>-(90g0h&B!?b`0fzV< zyzjl=jrYIStXVEx`tY1{_Bnh1VxK#tWS(k7+w=V&198B^CY~aY7GjVmz5D*<8V6?k zi^r`*XH{BNc~HMO5b9+c5zL#|Jn|vB0v=_v_0z?S{xOF8iS?6&jPbq?_Ya%)c$oXz?R`vEzsMlPSbez9={ zC2ez-k*M}V)bK(jV5KBkg_2Vbqw1j~qxhVFoYeB+fmE=W1+t=O(Vmq2jz&V4>n!2I z>To@5-Z$~pR;xb?k3UCD@hA$7q+~nL|g2f8l)@*v4`8-mN1C~s56P4wd zA?eIq4Ji~Aoll@{8V4qX#nxjR2i6uY2!IyRViR6qP1#QP3zV z#&ocECroC;ih;9yj1WsElZ(|a#9vWVA*I9gWy2^CsGD`?W1s?-3UR-<=UDF(f97{S z+OjngF$%})ZDtm(a4MgEh8NomSAN}j8*;TwXTlLB2({hxvN_Y;JT1n^;xC)7$JQ;` z->k%++7^2;q=fj9u_L)nS+OiB?dNL@rNuJyV+nDiL;8d=|GEu1j|z8wN#nnKCc*iQ zNu?p=ocP{@gv5tk*GVAMNHr2I&l3EV&QeWtN_&|To$ zW+A`(>C*Dpyz2;~JkbXn(!s?*1;Qkwo|Vdt<0luBbCVyVWS3#|q=Z&Xe5DdlbAGED+I;MepO$H+KRV-zfZ& z;rgbQ-~x6tV07s+eYRj}nptYDe?g0qAkB^^3+Ob)!_1gqtRQG zNN}vJhZ_Bo+qMjA9?`sFb9s#y&x=E!8IR#6#G+WX@0rEew1VPC0YCM=eU7R2)d|W} zOKpQC_wL37`ER52^>zCpN{W=_jIuYy?YWjgTm|BJ4NKEE$sEt)i^b<|KDZ2-Pf*^X zo5#C{UP%=OZu=z~)m7eEYWd}TM)_=Zv{U<;p`hM*GXH48Z~gTlY5F4n$B}zgtXxh& z=O-HE1|M(M_9e4H6$8b3YV00@JxK*6Z!k|<#qotO;KhocrQFsJP18MZjYak5%aP8I zO_q&@@EoGEvw1C;Dk#P`wa_WEjFrQH9p2lf{0A~n%E`fd2_9}gDHt^5mv7E!AYl*~Y} zxuh}>PDBsZH09fccnfHXxRvDZ(7t##nGU(Ldj9o{Q^&@;3zsDK;5s@itjC0y@8dzP z8D=K5JEJ7)`4ZngKNxnqxomZiF>1uZbok*;hPIJU@Ap~?=HGC=47e%43H%5dGCl$~ zId|FT_Pu~}2`hHE(WEZL^ z45_CmxY!IG!h}Cb0UnBUu(|TM#2a1}(2rlbPZf ztosmT|1x%OW?0ds{6=h;cK}u~MTLcrCm2FMOX)!ReBzFf2cp8_%TaBxcSB| zBvx&QMx2*^yW}>fpLB>}ttqO?|M-sA+H)R3(h9eH+i(V!p)qJ1Tc7-;f~0!qC4Z#@3o)w>$^t)eQUwk55MdPay(KGFj|>JXaFZ19!vvj7SN9J&9L&H zLojWFCP^7c^nfNuko>+4TP7d@%f#53;S(kB?p%9yQ-RT&#;9F`lChC7P71Zd zFyc>VFIv@5?gBe|u8#&f{oRB}1FYs%vIpK1%;z#a4@ul19g<(bN4bz?j_&WWJgD@= z-?YN-Vd=TRK`MIni2x-o2b7D~TRj=`80HqvM|c*~%$_hQR&SeSc{auDU~)->4dOkU z)$}p2mCXI>`kT`*>U*CXN>U`*1se+$n?!%V)QX4&nxST@rXD=4=I?e( z^9GfX-kS{piqM4sUKoqPugLynJ7gaD$65FG>7kxej<|OPxMY04bq=FO&hx`uk7#Ht z#QaA&BC1Eb@ii-v>b+uF6u9FP_tSu<}#3P?ip~@q4C3Vb){=u79 zC}mj@VoR^3P9utPHV1wCEWMpJ&K&qzEd$|jp6D|#n)cq{qO{kAfL8daBk!0g`dNR| zEWiJ9;5|!Rvp5C06rlIxF~czc9j3&Uc@7^n-Uywq$M+R!DthntibL~dX((Cu6op` zAd4rw@2upaaKaIjxA2DFfF7E5*oE5e%qLd}62!tqb}Zn;)0LsNb49#uhYgM5d45a+ zg9xqjI3EASw zFq>*FK+FEJk{_?7I351-CCMo>vFOTIbIZ-AGQ*;?2S;~Yu)Ho5VV8C4Tp3)2(8155 za-=m|2}@-dmh<3A@X-zF%DD&z4c@kA9|&oauEC!~tUINk^9zEFOXT=s_-0Ppsf4TA z=!LBuxgJ~M?@ZN_IKgSM)FWnYA*B@s{CEcV>lG_0*e%+wDCKB|vY$Y>ldM>?4({b? z_uPV+>9V*=W}&EVJ$q1o65jX|h!ghW0kQ`=2?Mr1a9OjqtG3$%=M<>elE$ImSt@$# z8$P6&Cwg@+VuYAZ?~+xxfgSDAV>=gxGX#6c6wE(RlVO^E*ZN&0x1I*T$JHMm&?j-@ zN3yZ3=g#6*5zvoe=0$b2iq3ny3e9llZHSk+yvPj6j+K3QP{LBmTzU#Qciy6LP>As6aM z5QiX(lZJeZr&nouPfOE%;CwOAY@8V`0J+gwLk`?vXc2u8#s9(76jFcrp({m|L_x3~ z=;9nMny z`81DKaQog%9Nkcan_o1qi;_NzY5*JYG@6wbky)+KsfYW=-qnuswPEHo#9b;Va|K3g zj?DUXkTMhnY=>uQk>4ouXinX->U-mlA1K54c-Co9rMHc*bow+fn=a!<8dRnCPGiZgj~OP{1D(gR{g&OJQ3PJ3j-D!3Z`m&}N|fz%X7BsKD>WTNKPp0PGtk(x z&iVEOFWO$NMrZ{Vlh4E_J)}|6=E~T>wzgsV;`1^t-CHg$sZgt4b1s+m$(~uP_!^0$ z?{;yRT%YZn&zs~nX}T&k7P2^7?%lErugsEnz4)rI4_v1`Q^66U%uq!Mq zJ&dBlR%gr>hbnrMp%(~{ZQ2H&&9+ZR)TF4g7?)w^#z)-CphxOgryFNdvsP&lMVHMo zj4wQr#+lQqRq153fBk}`az!Dpk&lfd6jE1uEHCVZOjbcfj}YiIx0aD>*vs;(3vBQ2OZyxj&5y810yjXBLX>(cx#6`1F z--L%w1DES1tw^!ONbYmm1xsS4WA2#Nc1dP>f|*$Ts651qtdYFeMU37 zsQ!~H)b=iH;Tf%25X6l@X)fe1j;8qpqz;8+r?sHl_8uMTj$&41+@Rjs$xGy!%qm!;KKI4flc2u?4ja}3)}m{(KVvI z39*lq6vMR%o}+br>{n)DSaMiRztYA#m))MkSS6tn{jNHp1`V;2XC#8ouRTOEIhSc7 zmCa1XPc2vs5Y;rx^H{vutc7iQlT*036J@=sbO3%(upk4{K!;Miekk<50bNB=(Os(* zKG4}V-4)C7(Rr};iKn2)JJ?S$q-$s0^PIlvhk%83k6cf0TFWZ;FL(G^0BT! zpbC#%6&(<_91o#rb7q|EsPTDD)fZ1vanSk<>k)|jJBk0*r1*OJL-&oluGSxHvYPHy z)F&Ii)^Q}Q%G-LFtPJpU4i>)-SO6&C&tm^g9f*wap1d1paGrF19$1YuvH2DD2`)-c zwn}O7gdkY|zyMQjWsB^tC)R$k0+Lr*q=mm6TEM#WcNJ2o(smTXXUB&WB$F*L>38Y`Bc9);6}#L`w0=|*bEVw@U1`E1 zby;lV^fHB5_#8Y46~V~TCQ-s~c3!vme{1Hmp6*oMTbrat_)y~ygjeFSLKIBKW`H;t z9JQfctaIj8ZqJV;E%N^bv#)6HjIa8B%Jf>gC#4rdN`QXS{>apn-V!b`R^1_?%}0-F z`;0)Rvi?;*AUhP{bfyI4MqSK|m%rd3pu4!&KT2|@K-ENmX#9O!eHkR#$qGSzFe)#@ z`L4XnWXk;d+0%XnuoS8wpRlJs=(LTY&V+N}XsW`oaqUiw5+ANS$+P#SGYR7T;*Dow z?5TlmQL<#6r8vu6&bymjK(>Q<=4Y}MrWj2vX*zSUNwiuXhty!0P$E@SIwqpv%k8ax zu}&Q_52sTvdK6=FGu%C^ib|W5?Sb)#dkq&JC;dB7>uv4%k&G7rG4*vU=GS|*lWxx? zsyL!G;$><#)vYiZZr`R5fpaX!bE_m(^zpkH%N&`X`>qsj#v2&7m2#KC=oSiWwjx?% zbB-Xpy=A6l8k~tt8xrbeU-2vk36I(*1VdH6G8$9PJ7QF<25_ooI%XOJm-(1s%@?uR zbzGxL3%-7GVp|46-aj0wIv;a2ye&!bOwak@gxMJo-#ZXRGaSRWClPqY=}^25ad$5!Hp~IOW?DZHlACe4P)^4 zW>VUP*(@4fqrLb(JOjdlMMOe4T0D0x{3Cb1AN5%o_kSBPCLjw!kcM&a`0VJ8x-}fd zeJ&Tj6>z?ptTxvp)m+QFX4;%}ES=w3@o1Z}o(K`Fl69(6RLR>`zAI6jt=&{1Uem^& zFfJCc@WiKw#G~2MQMAb2HrV572WrnNrbHKI-l!A)S^6}DWr$l&ylFK;z}bCAtGb=N zS}xwV1uN`4Qd9a%mxs7VRV%ZhJ=Jez#GmOs|DaS(F4W8b?1d&k zLvo0~ef}AG#Mm7_#*SLIikhALq|3SQedcqYZ2AQAs?Sr+vCT8 zxn9)-n-WfFKBz4UpzDXKMm^rXDSl}BkWk4~b|~gzCdCDM-YD+Q6N=cJM80X&V}8!! z%S!|8TH1`}Pkeap$_7CJEU_VnUqL9tX|lmYzD_V*f8JNZCSvG&&vC_6hw*NmG2rKI zI#~1-%b6bMMKT*QI^%x1d+b7N6CHW!v>1)`-03fFhL=?Yx18#m?dQeJeTc*HV8!?^ z1I}GA0pL!|fX=$II{X|kw8eZrQ=Z)1pPPYmsepU@n@us-!Y)dojg83rK<%-Z9N(LB zX7Vz7@(#MS!F55jru?|SwwlhlC%Rx5v_34p%UZhRK1Tl!q$6yp-2Sk1srLYLP1aG|@iH#*cAHg>+}IOs zWAoiQ)A!82-;XY`BZ08|6TVr14r`#!apFdT+ISF{+?*pHe&v?p=iw=~>cvoJKT`7x zScdxq{XV~}(umsV#+xA0JRS|XkOT=N+z3Yl2KEOf-WPUJJMwXAk#;(!pGopc{ z?s{$>XZlVjhGLO-22+#IvYTp_PYYuVaXMS3Lxs&xl1tm&kSF=so51ZPVLp3DS~GZ8 zjlThn*W9P4-n5dL|2h%xS3EL6AcW_ILJ_VZ;H-b9b9~q79KMGp8NhL)`b+l;ZZ~>P zkFEU(&vKf5Xj447Fodi4@y`BUz{x1np#D0dVn2kNj^jDF$2-Cp*B0HQ&zO>5R_wcK zv94R$`XCo)-7Sm0(i?@AeyeF^$^g?T=}a_bU?6+J=r`=eMfci*Q4{vDZRM2NXqqH= zUxQ$DYXWvGbpB-HsZ6*Bw(b%|-x9a9S5m}QX2s*&A&(oT zmn{Dj0;l&F%q{fkEhT7u*L9v}8Gpw-cs#{^iNW=-SDKQrONewL zB)yA{!u8@9n|5L3=hf$h9UdFW)`h$iKD)8YuJd|By-YDPF!u2SP#(jNDy+)(%L;n3 zws@PlC5gSPFV2}`^OQ3P8pu(bZ~$-nVFPlmQWtff^OEkPoH)`)-`wSTZxOxG?>T87 z+;&HAydyZ=abJM9zdNjBB{Z(t@w5HUXDm|v#3+i^xNaBuC|+QYT4yL1#QV2vkVLyo zQ~^}<)Fw?F1E;liKXqqqln5A*`x&q`$GXnur2WeVls(-T;dJqOQn}}X#O3&lT_cER zKFPD+XLvL|k^p6QZW_HSWti?|5n=HYM}D)i!^l3_akrIfAbIglsYGzm{g7j(yYfmyT1p^mPMe6L_dI394;4*lX3V@nWo^d8E>CAQo2#yDVI;*oko&}hS~-H!9k zmW1tnicP!o2!}`L$6Y61Jxa+z-Jq!1XKM&`Ru(DE}(Y1dNjVbpEB4>dg7jX;0^Z1`dJQEC{b(S7K_ z!To4vq3=GZpPj@)*D56B>n~=QX9J>8v+Z;s(^v<6=g+G!3&2r}NI^?g4Ys0&!`-LC z+6=m=Lxw{GNrqsav${q(J<{oQC>+6{wnzUjkr zNVA6Uobc{v6@pAn#^x)EN+QL1!o7hwsnhIfzedBMgIyx3V^s^I8%4_HczsA5t(t@K1&r2b1tm| zEAu#eG*&aVSbH(bNbb{vtF7}8$)YNCfHmJVgHt){Y}>Xi>;a-KACV))wqJ|Th@c$t z=uIn7Y&dFTJ81a$BuTNUUxaI+epsyIiwGTl191(Y8T?mHvJBdoA=C#X$k7DJf2ohZ z1Fdx+Zili9;~@xe*O89y1FpBm+(8?45LqGZYe-SwsO#2tFtKiGZ!fY^Yed$}Ezv3F zj)TqiWN)|7FDh4Ld3S3eAVm|(QKudoLk{j2JwpCO>{koUhi~BZ(mS;M1{Dcy47eXg z?Ev@$JVupkAlSeD=e;_H0lqu#R)}Y@$hdbQ(P!V~K|0cID!h)ZJY4t!LhtIVrKcjP zbSkC$YsoA2vV?!WZXnE+2_yM(;aw*bt_xk@h@$;SYEvMd71A}H`4|#Qs6K~iiNU>} zc#dH;o!I!5Hkq(nlgNtl3+mAfN$v7WcmX8pz@V{9XsEb-@ToNnS!jCq!zvTOHDMt0^)W>mHI< ze5Q~{?;%9IJ=SMD)GA^WifJy_tQ_smBmLO`B-r_aeeq3ZniW2Vi%V0bU`e&9kZ6KMHL?_Gkq7P4B(#?Sii;R-J-1}sKm8fbuZRGdS&c^`)Ub$)F;^< zSdUAl0qN4Pz`pmhixAh+>5<=_VK$w@jZ?$4>dN-@rDw6R*3N{P_8M1_r}^rA?=vVLC`aa+(SV9i?alCD zp6Z`tV=pC^{l0p&$aJ@tzt{C(ZMv=qMAyAMh|v#XPN4KKBtS)hW1V%@DJ!Z87KxK* ziL5mCdZvhiL_s&B9`-dBEMLXwOPh8W1cWmWspxK4+eDm?d+f8a!l~O?b{m&ZLd#>1 zac z%&`yrZJPu5%MSjk2#35ub1TBh0?;e@TK{OdSJ;-uN6cHdOP}u97F$igxU!%4bYmU= zU8ZS;gF$cTie$OBOPM+o zIslZM*Ycx1kU_j#$No&Ja6=>IFM9kR=v_<_m1i}C#G5qB-~T45g|y4DTow*^R&*#E zfSg#DLPr|)@ilWHYLDpeG2Qx(%-3J69+s17h&xm5{}vVV)M@ngdckk343fu9S0g2N z;Nr4N=r}k{(M{d(z;>JQo#7~zY_I}bn3M{=GcstJ0lWRVpSJiT_&7G4XOL!|S z@yOXeuFA}uC9$>xiPu%F>%zeAF;xw7gI8|T9!1?rNXMxYAum_@+9u1-CIp(?;17b& zQCd$?TT5at7P5Xq--%Biz8t`ZxTRRUC$@D|@`OFeC|Y#w6geajUSmEER`l=K?XEQ5 zZv5qqx4>uq?zzYqQLpv^@YR9p?V;7EH0&`YnDL6Bree43M!(eHS!tJw+ z^1bw+Dc|KMdF5F=%ik4&_9S*pcMeU(^L*cSBYk##z&fG^0ckT>LO);3b@Kb zZe`uu#OC@zx|fctE7|3JC*R>fF(jf>_AqltkP%bVLR6)ifuN$d-}jX=xsq%ndNDGY*PZ)P}m>u-k0_a zc=491=2j-ycd2ioQQ?w5?)S?x-bm~;$C%lq1+@&=| z#O*n365!eoK}RhvwMBs#!>arF3tc~bDRkmC9UjfC^XaG-&Xc#I{bJ4@C)R$G zmm^cqp8-6GSXQ)oJP0SV#Id>)v6L>~?)-K52l9jk`gPaA%Wx>HM5p!_gf``FT<#OF3%WP41Gd>^A0-#ex@3~Yowz8HCSrEI}NjE zJfDiXNjr_bsCW8K`eHxy)i)8B>ADG&H813a8Whi3UB zzF`U!xXvJsL&1;mVAGoYJ6X7SzYOWLE1_fX1UKe`?#2_`WfW&(p0$EgFA@C%>xjdX9z&xrO2c%6Zn88dc$r2sP&rdTF}#;QgA1_Fw&YmzpbHc{$R` zSm037cQcCJc+0S$YUIC@nHX#RaEMuZb3NWF-il^dKg3_*rQJ0-@SE1gdZ6%+FvU)10~wJv38{D8?eSvtx3&BbR+`0hH;K28(* z22Ucd>8%&PdCB~bfAFvGK#7M=*@OcvP@^vfyJrMxzk5odV`Xcs`Vm^Ue~?es4Sj#= zxS2s05ec~OekVTtHlG-0lwd> zKMl|I+lfJ|;EOjn>psCfBH1#noQWOBl~e};go6M;{P6QL;@9E<-FpxKyBxq5{-Qiz zj{Hdhd>=rDkWOjr#px->!+kBf zOCV$8AI3L5cr<#J`^P=_vzg4xo|X`(KR&&&G<`+FzQZe<+Xs z^ZPIYpcKqQWtKtI(z~jEXyd21ZmR;jj|?TFp!#1w_-l0kK`Z}7E-PM>%bW!Ns~W^_ zK1uQV?@|BP@G}KUJh)yJrvJMt0K;bQ;9oV=KZo)Ezay})NUuSkyTSiE3qd?mmjAPi z{WyiI11<$u0urCIKf-rB!dn3&26 zQ@-$CPa9JM^=!9UJwuMoxLI!ILsMIJ4Gq=~P`kedGrWI|u3ZpI3)1^U3w2yvDyB-W z`-=U*V`)h>i<9cID0;Csy4Gi9G`*oK{yXPlFlV8BNK4<|rbjKyof5g(5_I|ZLwd3k?Hp6vy!mAq_@;x7)y;9Rj4gZ}g_2)6TnXe#O%sd(YRJC@-OP zdmss`P0RR~!mz$6Q^P?371*U;16s8`S@gxU>AsUxwSwwyaq~uzX$wm%*4a2mdc2D( z_Z@Xbh)<@g3yiKdbE*KMjI<}x74xk5BwbC6&-KBv2}QjW%+1}xMx)tw;&(4B#0f^< zE9Q)Z*t#mE2_h|Pr@cqdL}sa16QJ!v(q*T83N}<0{->zMxgVy_|09TAKK-*faQz>f z!wV)_nVP!qtFmB+xtt^$tF~#A(8mT*OK+4QC}Dj^3kG9}?v~dxZq$}p0SAPR?PcnA z9T(Dr!RTnd)d5Gd&iyN!w0inP!M(meoL!uRbpm+>FrQz!4SM^?Kms{(SOn->yLfsI zc=ywsBoBLt97J!vJQ-2Q1Gnn#1#KIAnSEvc?mvEG69QntYTx|7R_)8lP(=HDS~}7; zW39jWWhlZbd2vnR@UAjAtmuhEg=xC1wUb9)yEHD)RY0mGUEN-EPx|s?tWg*iP?E=@c)NIcA)QRIKy5PyAS&^x4g7;klV6Bihd*opAc{1YPj}PI8f5Kb%ZwKmY*6H1rU2`7MJpz~Ue7Xub02SWkT^A%{zMAH;TKXlc8GShl^7BCcIgHC6+6J7taqwMIEvQP7C!>K~j zY|~*PZ-}O5ukqlu**$;0E5AK588D-QnOvdZCx8PC!E|gYjv+ek^ixtUlGkWN;%A4Hggs7*RklgHr9jE1n9( z^gNf(wwIv$p`G%AUG+0D7gPIzqmAI9z%OXw*^B(v)AOh|Yu8e%#s&VxSsv@Rm69H{ zMoUFB(H${J-CE1?(>+Xf3b}gw(kdRN$)(&Yt!e9UhKD*NzU^W+)F{64ast{JFN0_(@L;+Z7(-G`|yO$=ZLxR z^o`pPP+ABDT%j6I_Yp_l7!$^tu%Xd-Ru-{kP|uoy?bh#Pz=6gw4ZVOO=>aZI`j)**1GAjPDn(iy?HYmr721iTiP+ zC9e+yl_EM{y`7J@SuJ*)6Dcn*7MIx7(=ZoZ1Dr@IJjhiI)IIE*l5;o|*|; z?e#B)T7IP#XMnj))T;A^&mKZhN8Q?sQzXZXO&|n@(cjgk_aecDo&&|T8%`U(xYpw= z1=zyYBrq!Cmnm{X!VMK?OK|8=a1=wM+j3Oy^iw|~;fSppm!%!X@L|&#dgNeAx_FDl z)M>K=%ddsXOK;``E4v10(U8dE+`QmVvq~P-p(K5~<*bg2aJB9SPzIw*JGEU6UKzE2 zPryDsz4<54toqwLlXGIwtZY@7oA(JWBb_-(*T_hPY8PchKNX7yb)BjI{Tb#V$nvg?$&E0N{7^>A$9<0l}E34eiZQnUguE?%8< zW@xoFr5|76A>)zwSc1EHCVKim=x${!GKDl)i~OXgg!KIKf}f|~Pp|Z|!9k)#N{4>n z?Aq?8%q^CO=N$b|%+_^W9(dJ&Q~J(r7Hsjy1!uS9mQ`fXALhPR`ere;R1Z}f^xT=b z*anWTGEmA(Ac0eWyq54GcHH;?AP?*Fqkbk_pj*SpY{9E;!$EWLOMZwF&NQ*DzW}{= zw18tP%D;M|saehZeDy8POMIgm$fF7vqSD@)X0md5a%rZcX4z{^l+(lpxk#x>Gr-3XV%1jjq$fUr| z+A7OHV8X6`BFW((a$QJS*RUEg%#(QLFP!N4>AKojJKJTk4-amf+X9jjE_c;4w49{V zq!$d_4fb#vHig~7emPgPVf{HqrjBmBr5+~sBm2%)g7Vlp&0OtFO*!#3Ml^cCv>Ic! zDC`p0ROaut{yV_&tr$Vuu z?YOPga7`xt$S7MegS^gV*iATVe(T8caw1u5{O?!(r2YQC!7T8K-QM%Fvv3rk;4kb(RcHu2?5-n6fZ*$}U@dBXNHp%j}{^ z%dY*K-@>_dwz$xLWS>*_0b7Nd*4E!<`d{?c6bW}y9#B2yIt4~5lYRdf5o%^`IeyZj zDX~_dL5~=z;*q^AQO-~7XvL4~PV%Fg;aa>`i;2tO!xDm65sDeYAPX$j^$A^vxUA*!X1s(J5 ztD4vZ5xy|@);>I`0ZJ9uTVcB#OK9Qt9GTv?kS7wa(DNj$i^d!F|{DjS(Ibda2V%XGtWMG+Rb1RdX-q}@~D#-iV;3Rmio%XaEU(0q)FtWe<5Vqh6 zr8CXfT%!5#GD=OrGtABrAzO`E<90Ec6^L65MaRB}@fT|F0G*MVPS0j1EFBTmt?Rqw zRa3g@Y9gtWMm$?w%me2g)02UE;7OYmsmmUz4tLbN)jTFf^`N!q^17)>i#C0BWrv`x zz4ooVZVW53@woKre#SF9@oq?dzk!} z^x+?6Z9nL`7Ji=cceQZ)s{x5F3D0rnf&)OfMj-p)BWh!+E38U#VCd3XjzYUWX5y{? z!RqF^u?urJv(pcf;j^UNOmmm9c7&4%kpRV0CBtg#8ukY=RCYGEMIzd(?CnpcQ#H@T zf80k}*Qv7`EK20Gi6QGAXb`V#<(M|U)wWXFqd_R2AKLB}gtQC;i$2fa^adfu4@dPm zUUg}=N`_n}>aD9rMfB%`5B!Y6J#L?Jf}FOH6jEy;WFZ|2)~GjHtbrSz(4!w(?}UY2 z_wETg^!pi!YKLIxz2ITPSoJ&(dypph)P7l}+iXl0U(MXdFv&00xKM+Tq_7Y3TW8Eh zX?m|?Y2e;xCsJAanBf-2^rRge@!Wg8VK!>}HEr!apFIMU4cJAqhS33K-xq)iS104` z%)o1{B~Yd$nv~M}a$k;^??sX%yh3-G2lC5+HpwWwPXSOwYL$^|P?&xLh*p-qLR=VF zEo_Elmcuy3SgEI`s0_R?{Sg6PW9rHq)DY$i>F&t0FczUlv8#Z?Ho&fzp6tSTDj1@y zZMUNjFo_2w5krn_KDPNp-`r2SUkv$QOZV=d zrF#wD{Z|j2AfEPDLlUiI&&)?~!Xi*zotlzRPWo3mQM^Lp*s0s%fX2oY^Ef-nO zEP?JQbBFFQAwFCLA?9@5cyPKtD&&tofeuq*F_wuoq65^ZN0Sel)W)PU<%@qoZXDvs zP~NIp6bcS~ktKxXxWH6w#bOX}I?-6@&`C&t>%2Gk(-CH`!zc5`k+-2GNg?yg&O-GK zM9-IQA^CRB%FXb;Its=6ouZv2_NF8cp!J!ILD+p3BrnQ6*t%5kW{vK_@D6j4^nkhS z#3Wjd!5q+Ex@N(3*mHX>W@X0xHZDhv)^B(&z9_ag-PTnY5>2(xN-!Y20(}4UD*G7ik5*`&lA?o5At;cm`m3T8e5GdgRHc3V&V43`*!Im*RfFHw;! zGDAA+Zd4*f%R1Zj>UspG=32tM7=EYTg{2y?H~C9xfO#IvT|WE|AdCbkTDL)e3!d>h z3Uq9=>$mca5vCpS;c63(z14@co4t}qeTW2|*D;8ofbJE8GH;HZ(`{t*j}sP)7@HtF&S6l;m#7;rfm!_pI|ZKH=>rZ!9UX-aJkzV{rBpwVy{U+2J7&j$VIeMEIZl(i@^Vj6T_5~p*e6KP9*9Lqo_|Gcl)avy4MxzDiD zjs!WnWtzMdvnV#N@TXQpuHK}~WBM9FWbYSk4@kokR-2I_(zMON(Z;^xur~(Fpt0t$ z>}*%$KW6v$=(@_D44EcTOE}^B#RqZ=(}*$%ez!#!EZHw<{DLM-2dzgQ2 zjf3Wyj>PPyQpATYkV!c96t=oL^u?iwoLuftqOBF$GuAin>B@lKoBqUi3VZfUBBI%S zZn#}~bL+Mp!*TQw3K><%`G_6%W=Pgu7=6bjPDaRb>9MQq z8^ZX*h|5~zrUN=8RiJ9x;s>L=HEbospLqQY0ig-J@Jp=XoGZ}Kz$9vzwyH`^0=*zL zjz1ckdxMYl14Y4DW_TG|vHa8Orhop{(`{NsaF4r;+c7RJ=}q))0@&WQFTCz5u6_3+ zli_^!t(0Ng2YX1r2n@=87nY;?7hU*|pbLC(4b2$h{eABHZjISU7z}PM(L}n|R?_cL zy*2o>`WzfK!roi#r6FE>hG7gQvJxPN(_HIZZ8R3WY%pXY9@f2C`L7@yY^2{-?qY$2 zYK+J6?#Y~=#&Q;KTr4%sP1T4F#&!~DJo+gQR=~L(?MN65v|_+%|GymtBlyH0&CmtW#s#R%F3_H-tUFauOZv`qQ8S|E5`+hd6jXKsmQblvKl*PoTZrS zcI)8BM%LqieQjnI`9PduW8K)7J6!E_=ry=!n2P;$OTkSg#zp;5HseL!;?;hBiQ9qO z8ZT!o88vmP7Mk?X{OL|7OQ713L6Y{h)gpgW$1LOK zocDULWxu@(zwY3n1~?Yuo9AR$CffAxe3c2=HG!$S4D{gpn`WPnQx#dR049MZS{xs9 zSn6osiSe!d{kbR;H{8Nyx3zD(e%&EO2rwTpHV4#ATddO?qyd$?kh(NF4S*K<6o91t zby-#Irkz}7w%1Jc!U~UH4;8K;A2sC(6lefi^qNzOhqD2XjCREvaQZ|h#5!m4ygmWW zV~J6kg)x#yQh!~E86Q`>w_6iZ_(iJ{dKS?ZJJT7FPe~Q;2g7V@IeDCV4K7atRG^p7 z9yIBHT2ogxWCtxO1D?cNvgL52AXDE>KBz`WwBm+m3dM~vywtCo&cHQht|q!wC(42Y z-qL1v_EXi0jBkM=eYY^-E{x|hDqy(MIgLIk=kpK0+nB#>cNNC8SL@fOs)jFZvM@S*Yh5nf9z>yt!eH>7_53Qb^Cic0=972u%qXOqB{R92${w?(X z{2}t%K|>Aram6RCvI8u5+Vk|Q;YlG*<&xudABu?ECzAA2dXrV$f=mj{coD9A<-NLL zDfm$1ss68H66#Rfik8u9+;{%{1-pt}1Si2@hgC=k0I&1(oklT;h{STxsMFvFwW5!z z`RTP^%50#%5UV45cFUbj^{S5p$*3!U ze9EwDTwt?nE~p^O+%o{S5w6|H#$kQ{aU$`2KERN%1aUBXNEQ5qEA#0aKs*mL8B7C| zf7^%TLYKbEfM%Hq;=^mqH%gB|OJDL8y>Z+v6g(Bo(dMMIzlk~76Hx{VgZ~_T$dgGW ztD7o_SdA3uc>H*vGh#Xigqc}G4ZTT*xlhMz85Hc5`%=UIu|pMVvo!uY>&P+iXS5Cf zuhDM);WuptO*g_~E1;u<&n<|#eP9Rf!DY^z3JZaRWUOgV2=2>={XkR$trZ@bsmtBZ zl7uVp7B~VKi7a}-=l`|$-9b%m-QJ3zfJ%|3bVNl!nl$MsDk@b_K?ublpwdg|MY>Wg z6hQ(gU{oOV7J5hNQUU}*CqU>BdifrjM-RMbyx+{dbMMUYuNad3tiIO%t+jXV&x*@v z^E0KwhT}c$@el>{B>6JGMuSbyxMpJlg7_*>+0S}~RtM90>dvcC z+xL&H^A-T7NO&mM2RL;u1D(7Xv;Oahjh+8#wALRm#r}(Pn#an zKPf|bgs|Z%8uOxedVSHz7m_GF=tCuhhhN#;#+Wnxaq`Coao8}>7d;8jTyn5l z`Br6DGoN0rIr9FNC3LWVIj-UUapZ`u`w01qCzkIg;s%PUoM0sne|J@@ZR1h-PsY