From 45646f39f334f302fc6f95b8ae9d819981b20106 Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Tue, 24 Sep 2024 16:07:38 -0700 Subject: [PATCH 01/10] chore(oid): Split App/SP client & jobs to use OID instead of App ID Signed-off-by: Hayden Roszell --- .../AzureApp.cs | 40 +-- .../AzureSP.cs | 40 +-- .../Client.cs | 62 +++- .../FakeClient.cs | 20 +- .../IntegrationTestingFact.cs | 16 +- .../.DS_Store | Bin 6148 -> 0 bytes .../AzureAppJobs/Discovery.cs | 10 +- .../AzureSPJobs/Discovery.cs | 10 +- .../Client/GraphClient.cs | 269 +++++++----------- .../Client/IAzureGraphClient.cs | 5 +- .../GraphJobClientBuilder.cs | 19 +- 11 files changed, 245 insertions(+), 246 deletions(-) delete mode 100644 AzureEnterpriseApplicationOrchestrator/.DS_Store diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs index 56d7432..68615c2 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs @@ -25,7 +25,7 @@ namespace AzureEnterpriseApplicationOrchestrator.Tests; public class AzureEnterpriseApplicationOrchestrator_AzureApp { - ILogger _logger { get; set;} + ILogger _logger { get; set; } public AzureEnterpriseApplicationOrchestrator_AzureApp() { @@ -48,7 +48,7 @@ public void AzureApp_Inventory_IntegrationTest_ReturnSuccess() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) .WithClientSecret(env.ClientSecret) - .WithTargetApplicationId(env.TargetApplicationId) + .WithTargetObjectId(env.TargetApplicationObjectId) .Build(); // Set up the inventory job configuration @@ -57,8 +57,8 @@ public void AzureApp_Inventory_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationId, - Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + StorePath = env.TargetApplicationObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" } }; @@ -110,21 +110,21 @@ public void AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = "test", - StorePath = "test", - Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" }, - JobHistoryId = 1 + JobHistoryId = 1 }; // Act JobResult result = inventory.ProcessJob(config, (inventoryItems) => { - // Assert - Assert.Equal(1, inventoryItems.Count()); - Assert.Equal("test", inventoryItems.First().Alias); + // Assert + Assert.Equal(1, inventoryItems.Count()); + Assert.Equal("test", inventoryItems.First().Alias); - _logger.LogInformation("AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); - return true; + _logger.LogInformation("AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; }); // Assert @@ -149,10 +149,10 @@ public void AzureApp_Inventory_ProcessJob_InvalidClient_ReturnFailure() CertificateStoreDetails = new CertificateStore { ClientMachine = "test", - StorePath = "test", - Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" }, - JobHistoryId = 1 + JobHistoryId = 1 }; bool callbackCalled = false; @@ -215,7 +215,7 @@ public void AzureApp_Discovery_ProcessJob_ValidClient_ReturnSuccess() // Arrange IAzureGraphClient client = new FakeClient { - ApplicationIdsAvailableOnFakeTenant = new List { "test" } + ObjectIdsAvailableOnFakeTenant = new List { "test" } }; // Set up the discovery job with the fake client @@ -481,8 +481,8 @@ public void AzureApp_Management_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationId, - Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + StorePath = env.TargetApplicationObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" }, JobCertificate = new ManagementJobCertificate { @@ -505,7 +505,7 @@ public void AzureApp_Management_IntegrationTest_ReturnSuccess() ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); b64Cert = Convert.ToBase64String(ssCert.Export(X509ContentType.Cert)); - + config.OperationType = CertStoreOperationType.Add; config.Overwrite = true; config.JobCertificate = new ManagementJobCertificate @@ -554,7 +554,7 @@ static void ConfigureLogging() LogHandler.Factory = LoggerFactory.Create(builder => { - builder.AddNLog(); + builder.AddNLog(); }); } } diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs index 704df42..c78f740 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs @@ -25,7 +25,7 @@ namespace AzureEnterpriseApplicationOrchestrator.Tests; public class AzureEnterpriseApplicationOrchestrator_AzureSP { - ILogger _logger { get; set;} + ILogger _logger { get; set; } public AzureEnterpriseApplicationOrchestrator_AzureSP() { @@ -49,7 +49,7 @@ public void AzureSP_Inventory_IntegrationTest_ReturnSuccess() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) .WithClientSecret(env.ClientSecret) - .WithTargetApplicationId(env.TargetApplicationId) + .WithTargetObjectId(env.TargetServicePrincipalObjectId) .Build(); // Set up the inventory job configuration @@ -58,8 +58,8 @@ public void AzureSP_Inventory_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationId, - Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + StorePath = env.TargetServicePrincipalObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" } }; @@ -111,21 +111,21 @@ public void AzureSP_Inventory_ProcessJob_ValidClient_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = "test", - StorePath = "test", - Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" }, - JobHistoryId = 1 + JobHistoryId = 1 }; // Act JobResult result = inventory.ProcessJob(config, (inventoryItems) => { - // Assert - Assert.Equal(1, inventoryItems.Count()); - Assert.Equal("test", inventoryItems.First().Alias); + // Assert + Assert.Equal(1, inventoryItems.Count()); + Assert.Equal("test", inventoryItems.First().Alias); - _logger.LogInformation("AzureSP_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); - return true; + _logger.LogInformation("AzureSP_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; }); // Assert @@ -150,10 +150,10 @@ public void AzureSP_Inventory_ProcessJob_InvalidClient_ReturnFailure() CertificateStoreDetails = new CertificateStore { ClientMachine = "test", - StorePath = "test", - Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" }, - JobHistoryId = 1 + JobHistoryId = 1 }; bool callbackCalled = false; @@ -216,7 +216,7 @@ public void AzureSP_Discovery_ProcessJob_ValidClient_ReturnSuccess() // Arrange IAzureGraphClient client = new FakeClient { - ApplicationIdsAvailableOnFakeTenant = new List { "test" } + ObjectIdsAvailableOnFakeTenant = new List { "test" } }; // Set up the discovery job with the fake client @@ -486,8 +486,8 @@ public void AzureSP_Management_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationId, - Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + StorePath = env.TargetServicePrincipalObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" }, JobCertificate = new ManagementJobCertificate { @@ -511,7 +511,7 @@ public void AzureSP_Management_IntegrationTest_ReturnSuccess() ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); b64PfxSslCert = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); - + config.OperationType = CertStoreOperationType.Add; config.Overwrite = true; config.JobCertificate = new ManagementJobCertificate @@ -561,7 +561,7 @@ static void ConfigureLogging() LogHandler.Factory = LoggerFactory.Create(builder => { - builder.AddNLog(); + builder.AddNLog(); }); } } diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/Client.cs b/AzureEnterpriseApplicationOrchestrator.Tests/Client.cs index 18db671..8387bf6 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/Client.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/Client.cs @@ -42,7 +42,7 @@ public void GraphClient_Application_AddGetRemove_ReturnSuccess(string testAuthMe IAzureGraphClientBuilder clientBuilder = new GraphClient.Builder() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) - .WithTargetApplicationId(env.TargetApplicationId); + .WithTargetObjectId(env.TargetApplicationObjectId); if (testAuthMethod == "clientcert") { @@ -53,7 +53,7 @@ public void GraphClient_Application_AddGetRemove_ReturnSuccess(string testAuthMe var cert = X509Certificate2.CreateFromPemFile(env.ClientCertificatePath); clientBuilder.WithClientCertificate(cert); } - + IAzureGraphClient client = clientBuilder.Build(); // Step 1 - Add the certificate to the Application @@ -68,13 +68,13 @@ public void GraphClient_Application_AddGetRemove_ReturnSuccess(string testAuthMe // Act OperationResult> operationResult = client.GetApplicationCertificates(); - + // Assert Assert.True(operationResult.Success); Assert.NotNull(operationResult.Result); Assert.True(operationResult.Result.Any(c => c.Alias == certName)); Assert.True(operationResult.Result.Any(c => c.Alias == certName && c.PrivateKeyEntry == false)); - + // Step 3 - Determine if the certificate exists in the Application // Act @@ -115,7 +115,7 @@ public void GraphClient_ServicePrincipal_AddGetRemove_ReturnSuccess(string testA IAzureGraphClientBuilder clientBuilder = new GraphClient.Builder() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) - .WithTargetApplicationId(env.TargetApplicationId); + .WithTargetObjectId(env.TargetServicePrincipalObjectId); if (testAuthMethod == "clientcert") { @@ -126,7 +126,7 @@ public void GraphClient_ServicePrincipal_AddGetRemove_ReturnSuccess(string testA var cert = X509Certificate2.CreateFromPemFile(env.ClientCertificatePath); clientBuilder.WithClientCertificate(cert); } - + IAzureGraphClient client = clientBuilder.Build(); // Step 1 - Add the certificate to the Service Principal (and set it as the preferred SAML signing certificate) @@ -177,7 +177,45 @@ public void GraphClient_ServicePrincipal_AddGetRemove_ReturnSuccess(string testA [IntegrationTestingTheory] [InlineData("clientcert")] [InlineData("clientsecret")] - public void GraphClient_DiscoverApplicationIds_ReturnSuccess(string testAuthMethod) + public void GraphClient_DiscoverApplicationObjectIds_ReturnSuccess(string testAuthMethod) + { + // Arrange + const string password = "passwordpasswordpassword"; + string certName = "SPTest" + Guid.NewGuid().ToString()[..6]; + X509Certificate2 ssCert = GetSelfSignedCert(certName); + string b64PfxSslCert = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); + + IntegrationTestingFact env = new(); + IAzureGraphClientBuilder clientBuilder = new GraphClient.Builder() + .WithTenantId(env.TenantId) + .WithApplicationId(env.ApplicationId) + .WithTargetObjectId(env.TargetApplicationObjectId); + + if (testAuthMethod == "clientcert") + { + clientBuilder.WithClientSecret(env.ClientSecret); + } + else + { + var cert = X509Certificate2.CreateFromPemFile(env.ClientCertificatePath); + clientBuilder.WithClientCertificate(cert); + } + + IAzureGraphClient client = clientBuilder.Build(); + + // Act + OperationResult> operationResult = client.DiscoverApplicationObjectIds(); + + // Assert + Assert.True(operationResult.Success); + Assert.NotNull(operationResult.Result); + Assert.True(operationResult.Result.Any()); + } + + [IntegrationTestingTheory] + [InlineData("clientcert")] + [InlineData("clientsecret")] + public void GraphClient_DiscoverServicePrincipalObjectIds_ReturnSuccess(string testAuthMethod) { // Arrange const string password = "passwordpasswordpassword"; @@ -189,7 +227,7 @@ public void GraphClient_DiscoverApplicationIds_ReturnSuccess(string testAuthMeth IAzureGraphClientBuilder clientBuilder = new GraphClient.Builder() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) - .WithTargetApplicationId(env.TargetApplicationId); + .WithTargetObjectId(env.TargetServicePrincipalObjectId); if (testAuthMethod == "clientcert") { @@ -200,11 +238,11 @@ public void GraphClient_DiscoverApplicationIds_ReturnSuccess(string testAuthMeth var cert = X509Certificate2.CreateFromPemFile(env.ClientCertificatePath); clientBuilder.WithClientCertificate(cert); } - + IAzureGraphClient client = clientBuilder.Build(); // Act - OperationResult> operationResult = client.DiscoverApplicationIds(); + OperationResult> operationResult = client.DiscoverServicePrincipalObjectIds(); // Assert Assert.True(operationResult.Success); @@ -221,7 +259,7 @@ public static X509Certificate2 GetSelfSignedCert(string hostname) SubjectAlternativeNameBuilder subjectAlternativeNameBuilder = new SubjectAlternativeNameBuilder(); subjectAlternativeNameBuilder.AddDnsName(hostname); req.CertificateExtensions.Add(subjectAlternativeNameBuilder.Build()); - req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false)); + req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false)); req.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid("2.5.29.32.0"), new Oid("1.3.6.1.5.5.7.3.1") }, false)); X509Certificate2 selfSignedCert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5)); @@ -245,7 +283,7 @@ static void ConfigureLogging() LogHandler.Factory = LoggerFactory.Create(builder => { - builder.AddNLog(); + builder.AddNLog(); }); } diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs b/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs index e8be1d1..5941871 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs @@ -41,7 +41,7 @@ public IAzureGraphClientBuilder WithTenantId(string tenantId) return this; } - public IAzureGraphClientBuilder WithTargetApplicationId(string applicationId) + public IAzureGraphClientBuilder WithTargetObjectId(string applicationId) { _targetApplicationId = applicationId; return this; @@ -80,7 +80,7 @@ public IAzureGraphClient Build() ILogger _logger = LogHandler.GetClassLogger(); - public IEnumerable? ApplicationIdsAvailableOnFakeTenant { get; set; } + public IEnumerable? ObjectIdsAvailableOnFakeTenant { get; set; } public Dictionary? CertificatesAvailableOnFakeTarget { get; set; } public void AddApplicationCertificate(string certificateName, string certificateData) @@ -104,14 +104,24 @@ public void AddServicePrincipalCertificate(string certificateName, string certif AddApplicationCertificate(certificateName, certificateData); } - public OperationResult> DiscoverApplicationIds() + public OperationResult> DiscoverApplicationObjectIds() { - if (ApplicationIdsAvailableOnFakeTenant == null) + if (ObjectIdsAvailableOnFakeTenant == null) { throw new Exception("Discover Application IDs method failure - no application ids set"); } - return new OperationResult>(ApplicationIdsAvailableOnFakeTenant); + return new OperationResult>(ObjectIdsAvailableOnFakeTenant); + } + + public OperationResult> DiscoverServicePrincipalObjectIds() + { + if (ObjectIdsAvailableOnFakeTenant == null) + { + throw new Exception("Discover Application IDs method failure - no application ids set"); + } + + return new OperationResult>(ObjectIdsAvailableOnFakeTenant); } public OperationResult> GetApplicationCertificates() diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs b/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs index ee6e960..3d76de5 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs @@ -21,7 +21,8 @@ public sealed class IntegrationTestingFact : FactAttribute public string ClientSecret { get; private set; } public string ClientCertificatePath { get; private set; } - public string TargetApplicationId { get; private set; } + public string TargetApplicationObjectId { get; private set; } + public string TargetServicePrincipalObjectId { get; private set; } public IntegrationTestingFact() { @@ -30,9 +31,10 @@ public IntegrationTestingFact() ClientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET") ?? string.Empty; ClientCertificatePath = Environment.GetEnvironmentVariable("AZURE_PATH_TO_CLIENT_CERTIFICATE") ?? string.Empty; - TargetApplicationId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_ID") ?? string.Empty; + TargetApplicationObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_OBJECT_ID") ?? string.Empty; + TargetServicePrincipalObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_SERVICEPRINCIPAL_OBJECT_ID") ?? string.Empty; - if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationId)) + if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationObjectId) || string.IsNullOrEmpty(TargetApplicationObjectId)) { Skip = "Integration testing environment variables are not set - Skipping test. Please run `make setup` to set the environment variables."; } @@ -46,7 +48,8 @@ public sealed class IntegrationTestingTheory : TheoryAttribute public string ClientSecret { get; private set; } public string ClientCertificatePath { get; private set; } - public string TargetApplicationId { get; private set; } + public string TargetApplicationObjectId { get; private set; } + public string TargetServicePrincipalObjectId { get; private set; } public IntegrationTestingTheory() { @@ -55,9 +58,10 @@ public IntegrationTestingTheory() ClientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET") ?? string.Empty; ClientCertificatePath = Environment.GetEnvironmentVariable("AZURE_PATH_TO_CLIENT_CERTIFICATE") ?? string.Empty; - TargetApplicationId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_ID") ?? string.Empty; + TargetApplicationObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_OBJECT_ID") ?? string.Empty; + TargetServicePrincipalObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_SERVICEPRINCIPAL_OBJECT_ID") ?? string.Empty; - if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationId)) + if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationObjectId) || string.IsNullOrEmpty(TargetApplicationObjectId)) { Skip = "Integration testing environment variables are not set - Skipping test. Please run `make setup` to set the environment variables."; } diff --git a/AzureEnterpriseApplicationOrchestrator/.DS_Store b/AzureEnterpriseApplicationOrchestrator/.DS_Store deleted file mode 100644 index 414e25560c70e5d29556639791679b0555e046ac..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHK&2AGh5FRI?-4H6}08%cMR^l2$3JR#=lBTT?TtF;>1E7#i0^PE;quqo^jUw$C z-ho%(%8S6eaDs1a7i~60>Iot6MD}NU=Cju`{)vf5^k$KLliPk7!3$3YUD>^QW{JAi4 zEjMyNkM()8_Pt`ez$#OSZ;-2fi;w49h4XY`=l&&}#8EnJx4(%}xpHY^)7$iF-mBn9 z&4cM+I!k+ldSkKZ+_}~CckXtUO@Fc5x!v?T?cL?F>Rr2j^WKyGyZA(^5BPG3z}c&1%i31Jy15)I^X|?zkmO)l3dMsz G2Yv#y&c-$X diff --git a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs index 1528c30..aa3993b 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs @@ -40,7 +40,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; List discoveredApplicationIds = new(); @@ -60,7 +60,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd try { - var operationResult = Client.DiscoverApplicationIds(); + var operationResult = Client.DiscoverApplicationObjectIds(); if (!operationResult.Success) { result.FailureMessage += operationResult.ErrorMessage; @@ -68,7 +68,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd continue; } discoveredApplicationIds.AddRange(operationResult.Result); - }catch (Exception ex) + } + catch (Exception ex) { _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); result.FailureMessage = ex.Message; @@ -80,7 +81,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd { callback(discoveredApplicationIds); result.Result = OrchestratorJobStatusJobResult.Success; - } catch (Exception ex) + } + catch (Exception ex) { _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); result.FailureMessage = ex.Message; diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs index bc1aff1..1fa1ee7 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs @@ -40,7 +40,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; List discoveredApplicationIds = new(); @@ -60,7 +60,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd try { - var operationResult = Client.DiscoverApplicationIds(); + var operationResult = Client.DiscoverServicePrincipalObjectIds(); if (!operationResult.Success) { result.FailureMessage += operationResult.ErrorMessage; @@ -68,7 +68,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd continue; } discoveredApplicationIds.AddRange(operationResult.Result); - }catch (Exception ex) + } + catch (Exception ex) { _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); result.FailureMessage = ex.Message; @@ -80,7 +81,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd { callback(discoveredApplicationIds); result.Result = OrchestratorJobStatusJobResult.Success; - } catch (Exception ex) + } + catch (Exception ex) { _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); result.FailureMessage = ex.Message; diff --git a/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs b/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs index 73b3b78..0dfd6c2 100644 --- a/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs +++ b/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs @@ -29,18 +29,14 @@ namespace AzureEnterpriseApplicationOrchestrator.Client; -public class GraphClient : IAzureGraphClient { +public class GraphClient : IAzureGraphClient +{ private ILogger _logger { get; set; } private TokenCredential _credential { get; set; } private string _tenantId { get; set; } private GraphServiceClient _graphClient { get; set; } - private string _targetApplicationId { get; set; } - - // In Azure, the application and service principal are separate objects bound by - // a single Application ID. - private string _applicationObjectId { get; set; } - private string _servicePrincipalObjectId { get; set; } + private string _targetObjectId { get; set; } // The Client can only be constructed by the Builder method // unless they use the constructor that passes a pre-configured @@ -65,7 +61,7 @@ public class Builder : IAzureGraphClientBuilder private string _applicationId { get; set; } private string _clientSecret { get; set; } private X509Certificate2 _clientCertificate { get; set; } - private string _targetApplicationId { get; set; } + private string _targetObjectId { get; set; } private Uri _azureCloudEndpoint { get; set; } public IAzureGraphClientBuilder WithTenantId(string tenantId) @@ -74,9 +70,9 @@ public IAzureGraphClientBuilder WithTenantId(string tenantId) return this; } - public IAzureGraphClientBuilder WithTargetApplicationId(string applicationId) + public IAzureGraphClientBuilder WithTargetObjectId(string objectId) { - _targetApplicationId = applicationId; + _targetObjectId = objectId; return this; } @@ -100,7 +96,7 @@ public IAzureGraphClientBuilder WithClientCertificate(X509Certificate2 clientCer public IAzureGraphClientBuilder WithAzureCloud(string azureCloud) { - if (string.IsNullOrWhiteSpace(azureCloud)) + if (string.IsNullOrWhiteSpace(azureCloud)) { azureCloud = "public"; } @@ -133,23 +129,23 @@ public IAzureGraphClient Build() DefaultAzureCredentialOptions credentialOptions = new DefaultAzureCredentialOptions { AuthorityHost = _azureCloudEndpoint, - AdditionallyAllowedTenants = { "*" } + AdditionallyAllowedTenants = { "*" } }; TokenCredential credential; - if (!string.IsNullOrWhiteSpace(_clientSecret)) + if (!string.IsNullOrWhiteSpace(_clientSecret)) { credential = new ClientSecretCredential( _tenantId, _applicationId, _clientSecret, credentialOptions ); } - else if (_clientCertificate != null) + else if (_clientCertificate != null) { credential = new ClientCertificateCredential( _tenantId, _applicationId, _clientCertificate, credentialOptions ); } - else + else { throw new Exception("Client secret or client certificate must be provided."); } @@ -162,75 +158,13 @@ public IAzureGraphClient Build() _client._graphClient = graphClient; _client._credential = credential; _client._tenantId = _tenantId; - _client._targetApplicationId = _targetApplicationId; + _client._targetObjectId = _targetObjectId; logger.LogTrace("Azure Resource Management client created."); return _client; } } - private string GetApplicationObjectId() - { - if (_applicationObjectId != null) - { - _logger.LogTrace($"Application object ID already set. Returning cached value. [{_applicationObjectId}]"); - return _applicationObjectId; - } - - ApplicationCollectionResponse apps; - try - { - apps = _graphClient.Applications.GetAsync(requestConfiguration => - { - requestConfiguration.QueryParameters.Filter = $"(appId eq '{_targetApplicationId}')"; - requestConfiguration.QueryParameters.Top = 1; - }).Result; - } catch (AggregateException e) - { - _logger.LogError($"Unable to query MS Graph for Application \"{_targetApplicationId}\": {e}"); - throw; - } - - if (apps?.Value == null || apps.Value.Count == 0 || string.IsNullOrEmpty(apps.Value.FirstOrDefault()?.Id)) - { - throw new Exception($"Application with Application ID \"{_targetApplicationId}\" not found in tenant \"{_tenantId}\""); - } - - _applicationObjectId = apps.Value.FirstOrDefault()?.Id; - return _applicationObjectId; - } - - private string GetServicePrincipalObjectId() - { - if (_servicePrincipalObjectId != null) - { - _logger.LogTrace($"Service principal object ID already set. Returning cached value. [{_servicePrincipalObjectId}]"); - return _servicePrincipalObjectId; - } - - ServicePrincipalCollectionResponse sps; - try - { - sps = _graphClient.ServicePrincipals.GetAsync(requestConfiguration => - { - requestConfiguration.QueryParameters.Filter = $"(appId eq '{_targetApplicationId}')"; - requestConfiguration.QueryParameters.Top = 1; - }).Result; - } catch (AggregateException e) - { - _logger.LogError($"Unable to query MS Graph for ServicePrincipal \"{_targetApplicationId}\": {e}"); - throw; - } - - if (sps?.Value == null || sps.Value.Count == 0 || string.IsNullOrEmpty(sps.Value.FirstOrDefault()?.Id)) - { - throw new Exception($"Service Principal with Application ID \"{_targetApplicationId}\" not found in tenant \"{_tenantId}\""); - } - - _servicePrincipalObjectId = sps.Value.FirstOrDefault()?.Id; - return _servicePrincipalObjectId; - } - public void AddApplicationCertificate(string certificateName, string certificateData) { // certificateData is a base64 encoded PFX certificate @@ -241,7 +175,7 @@ public void AddApplicationCertificate(string certificateName, string certificate // Calculate the SHA256 hash of the certificate's thumbprint byte[] customKeyId = Encoding.UTF8.GetBytes(certificate.Thumbprint)[..32]; - _logger.LogDebug($"Adding certificate called \"{certificateName}\" to application ID \"{_targetApplicationId}\" (custom key ID {Encoding.UTF8.GetString(customKeyId)})"); + _logger.LogDebug($"Adding certificate called \"{certificateName}\" to application ID \"{_targetObjectId}\" (custom key ID {Encoding.UTF8.GetString(customKeyId)})"); // Get the application object Application application = GetApplication(); @@ -249,12 +183,12 @@ public void AddApplicationCertificate(string certificateName, string certificate char[] certPem = PemEncoding.Write("CERTIFICATE", certificate.RawData); // Update the application object - _logger.LogDebug($"Updating application object for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Updating application object for application ID \"{_targetObjectId}\""); try { - _graphClient.Applications[GetApplicationObjectId()].PatchAsync(new Application - { - KeyCredentials = new List(DeepCopyKeyList(application.KeyCredentials)) + _graphClient.Applications[_targetObjectId].PatchAsync(new Application + { + KeyCredentials = new List(DeepCopyKeyList(application.KeyCredentials)) { new KeyCredential { DisplayName = certificateName, @@ -267,7 +201,7 @@ public void AddApplicationCertificate(string certificateName, string certificate Key = System.Text.Encoding.UTF8.GetBytes(certPem) } } - }).Wait(); + }).Wait(); } catch (AggregateException e) { @@ -299,13 +233,13 @@ public void RemoveApplicationCertificate(string certificateName) keysToKeep.Add(keyCredential); } - _logger.LogDebug($"Updating application object for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Updating application object for application ID \"{_targetObjectId}\""); try { - _graphClient.Applications[GetApplicationObjectId()].PatchAsync(new Application - { - KeyCredentials = keysToKeep - }).Wait(); + _graphClient.Applications[_targetObjectId].PatchAsync(new Application + { + KeyCredentials = keysToKeep + }).Wait(); } catch (AggregateException e) { @@ -336,18 +270,18 @@ public void AddServicePrincipalCertificate(string certificateName, string certif // Calculate the SHA256 hash of the certificate's thumbprint byte[] customKeyId = Encoding.UTF8.GetBytes(certificate.Thumbprint)[..32]; - _logger.LogDebug($"Adding certificate called \"{certificateName}\" to application ID \"{_targetApplicationId}\" (custom key ID {Encoding.UTF8.GetString(customKeyId)})"); + _logger.LogDebug($"Adding certificate called \"{certificateName}\" to application ID \"{_targetObjectId}\" (custom key ID {Encoding.UTF8.GetString(customKeyId)})"); // Create a GUID to represent the key ID and to link the key to the certificate Guid privKeyGuid = Guid.NewGuid(); // Update the service principal object - _logger.LogDebug($"Updating service principal object for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Updating service principal object for application ID \"{_targetObjectId}\""); try { - _graphClient.ServicePrincipals[GetServicePrincipalObjectId()].PatchAsync(new ServicePrincipal - { - KeyCredentials = new List() + _graphClient.ServicePrincipals[_targetObjectId].PatchAsync(new ServicePrincipal + { + KeyCredentials = new List() { new KeyCredential { DisplayName = certificateName, @@ -370,7 +304,7 @@ public void AddServicePrincipalCertificate(string certificateName, string certif Key = certificate.Export(X509ContentType.Pfx, certificatePassword) } }, - PasswordCredentials = new List() + PasswordCredentials = new List() { new PasswordCredential { @@ -381,8 +315,9 @@ public void AddServicePrincipalCertificate(string certificateName, string certif SecretText = certificatePassword, } } - }).Wait(); - } catch (AggregateException e) + }).Wait(); + } + catch (AggregateException e) { _logger.LogWarning($"Failed to update service principal object: {e}"); // TODO remove certificates to avoid leaving the service principal in a bad state @@ -392,10 +327,10 @@ public void AddServicePrincipalCertificate(string certificateName, string certif // Update the preferred SAML certificate try { - _graphClient.ServicePrincipals[GetServicePrincipalObjectId()].PatchAsync(new ServicePrincipal - { - PreferredTokenSigningKeyThumbprint = certificate.Thumbprint - }).Wait(); + _graphClient.ServicePrincipals[_targetObjectId].PatchAsync(new ServicePrincipal + { + PreferredTokenSigningKeyThumbprint = certificate.Thumbprint + }).Wait(); } catch (AggregateException e) { @@ -449,15 +384,16 @@ public void RemoveServicePrincipalCertificate(string certificateName) } // Update the service principal object - _logger.LogDebug($"Updating service principal object for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Updating service principal object for application ID \"{_targetObjectId}\""); try { - _graphClient.ServicePrincipals[GetServicePrincipalObjectId()].PatchAsync(new ServicePrincipal - { - KeyCredentials = keysToKeep, - PasswordCredentials = passwordsToKeep - }); - } catch (AggregateException e) + _graphClient.ServicePrincipals[_targetObjectId].PatchAsync(new ServicePrincipal + { + KeyCredentials = keysToKeep, + PasswordCredentials = passwordsToKeep + }); + } + catch (AggregateException e) { _logger.LogWarning($"Failed to update service principal object with updated certificate list: {e}"); throw; @@ -477,10 +413,10 @@ public bool ServicePrincipalCertificateExists(string certificateName) return servicePrincipal.KeyCredentials != null && servicePrincipal.KeyCredentials.Any(c => c.DisplayName == certificateName); } - OperationResult> IAzureGraphClient.DiscoverApplicationIds() + public OperationResult> DiscoverApplicationObjectIds() { - List appIds = new(); - OperationResult> result = new(appIds); + List oids = new(); + OperationResult> result = new(oids); _logger.LogDebug($"Retrieving application registrations for tenant ID \"{_tenantId}\""); ApplicationCollectionResponse apps; @@ -488,7 +424,7 @@ OperationResult> IAzureGraphClient.DiscoverApplicationIds() { apps = _graphClient.Applications.GetAsync((requestConfiguration) => { - requestConfiguration.QueryParameters.Top = 999; + requestConfiguration.QueryParameters.Top = 999; }).Result; } catch (AggregateException e) @@ -507,58 +443,60 @@ OperationResult> IAzureGraphClient.DiscoverApplicationIds() { _logger.LogDebug($"Found application \"{app.DisplayName}\" ({app.Id})"); - if (app.AppId == null) + if (app.Id == null) { - _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.Id}) does not have an AppID"); - result.AddRuntimeErrorMessage($"Application \"{app.DisplayName}\" ({app.Id}) does not have an AppID"); + _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.Id}) does not have an Object ID"); + result.AddRuntimeErrorMessage($"Application \"{app.DisplayName}\" ({app.Id}) does not have an Object ID"); continue; } - appIds.Add(app.AppId); + oids.Add($"{app.Id} ({app.DisplayName})"); } return result; } - public IEnumerable DiscoverApplicationIds() + public OperationResult> DiscoverServicePrincipalObjectIds() { - List appIds = new(); + List oids = new(); + OperationResult> result = new(oids); - _logger.LogDebug($"Retrieving application registrations for tenant ID \"{_tenantId}\""); - ApplicationCollectionResponse apps; + _logger.LogDebug($"Retrieving Service Principals for tenant ID \"{_tenantId}\""); + ServicePrincipalCollectionResponse sps; try { - apps = _graphClient.Applications.GetAsync((requestConfiguration) => - { - requestConfiguration.QueryParameters.Top = 999; - }).Result; + sps = _graphClient.ServicePrincipals.GetAsync((requestConfiguration) => + { + requestConfiguration.QueryParameters.Top = 999; + }).Result; } catch (AggregateException e) { - _logger.LogError($"Unable to retrieve application registrations for tenant ID \"{_tenantId}\": {e}"); + _logger.LogError($"Unable to retrieve Service Principals for tenant ID \"{_tenantId}\": {e}"); throw; } - if (apps?.Value == null || apps.Value.Count == 0) + if (sps?.Value == null || sps.Value.Count == 0) { - _logger.LogWarning($"No application registrations found for tenant ID \"{_tenantId}\""); - return appIds; + _logger.LogWarning($"No Service Principals found for tenant ID \"{_tenantId}\""); + return result; } - foreach (Application app in apps.Value) + foreach (ServicePrincipal sp in sps.Value) { - _logger.LogDebug($"Found application \"{app.DisplayName}\" ({app.Id})"); + _logger.LogDebug($"Found SP \"{sp.DisplayName}\" ({sp.Id})"); - if (app.AppId == null) + if (sp.AppId == null) { - _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.Id}) does not have an AppID"); + _logger.LogWarning($"Service Principal \"{sp.DisplayName}\" ({sp.Id}) does not have an AppID"); + result.AddRuntimeErrorMessage($"Service Principal \"{sp.DisplayName}\" ({sp.Id}) does not have an AppID"); continue; } - appIds.Add(app.AppId); + oids.Add($"{sp.Id} ({sp.DisplayName})"); } - return appIds; + return result; } private OperationResult> InventoryFromKeyCredentials(List keyCredentials) @@ -568,7 +506,7 @@ private OperationResult> InventoryFromKeyCrede if (keyCredentials == null || keyCredentials.Count == 0) { - _logger.LogWarning($"No key credentials found for application ID \"{_targetApplicationId}\""); + _logger.LogWarning($"No key credentials found for application ID \"{_targetObjectId}\""); return result; } @@ -581,7 +519,7 @@ private OperationResult> InventoryFromKeyCrede // track the ones that we failed to serialize, and remove them from the map when we do find the certificate. // Finally, we'll log a warning for any certificates that we failed to retrieve. Dictionary failedCertificateMap = new Dictionary(); - + // Create a map to track certificates that we're confident have a private key entry in Azure. // Azure will never return the Private Key with the Graph API, but Keyfactor Command uses // the presence of a private key to determine how Certificate Renewal should be handled. @@ -591,7 +529,7 @@ private OperationResult> InventoryFromKeyCrede foreach (KeyCredential keyCredential in keyCredentials) { string customKeyIdentifier = Encoding.UTF8.GetString(keyCredential.CustomKeyIdentifier); - + if (!string.IsNullOrWhiteSpace(keyCredential.Usage) && keyCredential.Usage.Equals("Sign", StringComparison.OrdinalIgnoreCase)) { _logger.LogDebug($"Certificate with CustomKeyIdentifier \"{customKeyIdentifier}\" has a private key entry"); @@ -628,10 +566,10 @@ private OperationResult> InventoryFromKeyCrede CurrentInventoryItem inventoryItem = new CurrentInventoryItem() { Alias = keyCredential.DisplayName, - PrivateKeyEntry = false, - ItemStatus = OrchestratorInventoryItemStatus.Unknown, - UseChainLevel = true, - Certificates = certificates + PrivateKeyEntry = false, + ItemStatus = OrchestratorInventoryItemStatus.Unknown, + UseChainLevel = true, + Certificates = certificates }; _logger.LogDebug($"Found certificate called \"{keyCredential.DisplayName}\" ({customKeyIdentifier})"); @@ -649,7 +587,7 @@ private OperationResult> InventoryFromKeyCrede _logger.LogWarning(failedCertificateMap[key]); result.AddRuntimeErrorMessage(failedCertificateMap[key]); } - + foreach (string key in privateKeyMap.Keys) { if (inventoryItems.ContainsKey(key)) @@ -663,22 +601,22 @@ private OperationResult> InventoryFromKeyCrede protected Application GetApplication() { - _logger.LogDebug($"Retrieving application for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Retrieving application for application ID \"{_targetObjectId}\""); Application app; try { - app = _graphClient.Applications[GetApplicationObjectId()].GetAsync( + app = _graphClient.Applications[_targetObjectId].GetAsync( requestConfiguration => { - requestConfiguration.QueryParameters.Select = new[] { "id","appId","keyCredentials","passwordCredentials" }; + requestConfiguration.QueryParameters.Select = new[] { "id", "appId", "keyCredentials", "passwordCredentials" }; } ).Result; } catch (AggregateException ex) { - _logger.LogError($"Error retrieving application for application ID \"{_targetApplicationId}\": {ex}"); + _logger.LogError($"Error retrieving application for application ID \"{_targetObjectId}\": {ex}"); throw; } @@ -687,20 +625,20 @@ protected Application GetApplication() protected ServicePrincipal GetServicePrincipal() { - _logger.LogDebug($"Retrieving service principal for application ID \"{_targetApplicationId}\""); + _logger.LogDebug($"Retrieving service principal for application ID \"{_targetObjectId}\""); ServicePrincipal sp; try { - sp = _graphClient.ServicePrincipals[GetServicePrincipalObjectId()].GetAsync(requestConfiguration => + sp = _graphClient.ServicePrincipals[_targetObjectId].GetAsync(requestConfiguration => { - requestConfiguration.QueryParameters.Select = new[] { "id","appId","keyCredentials","passwordCredentials" }; + requestConfiguration.QueryParameters.Select = new[] { "id", "appId", "keyCredentials", "passwordCredentials" }; }).Result; } catch (AggregateException ex) { - _logger.LogError($"Error retrieving service principal for application ID \"{_targetApplicationId}\": {ex}"); + _logger.LogError($"Error retrieving service principal for application ID \"{_targetObjectId}\": {ex}"); throw; } @@ -717,13 +655,13 @@ protected List DeepCopyKeyList(List keyCredentials else { deepKeyList = keyCredentials.Select(keyCredential => new KeyCredential - { - CustomKeyIdentifier = keyCredential.CustomKeyIdentifier, - DisplayName = keyCredential.DisplayName, - Key = keyCredential.Key, - Type = keyCredential.Type, - Usage = keyCredential.Usage, - }) + { + CustomKeyIdentifier = keyCredential.CustomKeyIdentifier, + DisplayName = keyCredential.DisplayName, + Key = keyCredential.Key, + Type = keyCredential.Type, + Usage = keyCredential.Usage, + }) .ToList(); } @@ -741,14 +679,14 @@ protected IEnumerable DeepCopyPasswordList(List new PasswordCredential - { - CustomKeyIdentifier = passwordCredential.CustomKeyIdentifier, - DisplayName = passwordCredential.DisplayName, - EndDateTime = passwordCredential.EndDateTime, - KeyId = passwordCredential.KeyId, - SecretText = passwordCredential.SecretText, - StartDateTime = passwordCredential.StartDateTime, - }) + { + CustomKeyIdentifier = passwordCredential.CustomKeyIdentifier, + DisplayName = passwordCredential.DisplayName, + EndDateTime = passwordCredential.EndDateTime, + KeyId = passwordCredential.KeyId, + SecretText = passwordCredential.SecretText, + StartDateTime = passwordCredential.StartDateTime, + }) .ToList(); } @@ -783,5 +721,4 @@ protected static X509Certificate2 SerializeCertificate(string certificateData, s byte[] rawData = Convert.FromBase64String(certificateData); return new X509Certificate2(rawData, password, X509KeyStorageFlags.Exportable); } - } diff --git a/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs b/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs index 2043c67..3f3148a 100644 --- a/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs +++ b/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs @@ -21,7 +21,7 @@ namespace AzureEnterpriseApplicationOrchestrator.Client; public interface IAzureGraphClientBuilder { public IAzureGraphClientBuilder WithTenantId(string tenantId); - public IAzureGraphClientBuilder WithTargetApplicationId(string applicationId); + public IAzureGraphClientBuilder WithTargetObjectId(string applicationId); public IAzureGraphClientBuilder WithApplicationId(string applicationId); public IAzureGraphClientBuilder WithClientSecret(string clientSecret); public IAzureGraphClientBuilder WithClientCertificate(X509Certificate2 clientCertificate); @@ -64,5 +64,6 @@ public interface IAzureGraphClient public bool ServicePrincipalCertificateExists(string certificateName); // Discovery - public OperationResult> DiscoverApplicationIds(); + public OperationResult> DiscoverApplicationObjectIds(); + public OperationResult> DiscoverServicePrincipalObjectIds(); } diff --git a/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs b/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs index 3474155..95131f5 100644 --- a/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs +++ b/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs @@ -47,11 +47,15 @@ public GraphJobClientBuilder WithCertificateStoreDetails(CertificateSt _logger.LogTrace($"Builder - StorePath => TargetApplicationId: {details.StorePath}"); _logger.LogTrace($"Builder - ServerUsername => ApplicationId: {properties.ServerUsername}"); _logger.LogTrace($"Builder - AzureCloud => AzureCloud: {properties.AzureCloud}"); - + + // The Discovery Job returns Object IDs in the format ` ()`. + // We split out the first part to get the Object ID. + string normalizedObjectID = details.StorePath.Split(" ")[0]; + _builder .WithTenantId(details.ClientMachine) .WithApplicationId(properties.ServerUsername) - .WithTargetApplicationId(details.StorePath) + .WithTargetObjectId(normalizedObjectID) .WithAzureCloud(properties.AzureCloud); if (string.IsNullOrWhiteSpace(properties.ClientCertificate)) @@ -95,15 +99,16 @@ private X509Certificate2 SerializeClientCertificate(string clientCertificate, st { // clientCertificate is a Base64 encoded certificate that's either PEM or PKCS#12 encoded. // We expect that it includes a private key compatible with the dotnet standard crypto libraries. - + byte[] rawCertBytes = Convert.FromBase64String(clientCertificate); X509Certificate2 serializedCertificate = null; - + // Try to serialize the certificate without any special handling try { serializedCertificate = new X509Certificate2(rawCertBytes, password, X509KeyStorageFlags.Exportable); - if (serializedCertificate.HasPrivateKey) { + if (serializedCertificate.HasPrivateKey) + { _logger.LogTrace("Successfully serialized certificate using standard X509Certificate2"); return serializedCertificate; } @@ -129,7 +134,7 @@ private X509Certificate2 SerializePemCertificateAndKey(string clientCertificate, { _logger.LogDebug($"Attempting to serialize client certificate and private key from PEM encoding"); ReadOnlySpan utf8Cert = Encoding.UTF8.GetChars(Convert.FromBase64String(clientCertificate)); - + _logger.LogTrace("Finding all PEM objects in ClientCertificate"); ReadOnlySpan certificate = new char[0]; @@ -164,7 +169,7 @@ private X509Certificate2 SerializePemCertificateAndKey(string clientCertificate, // Copy over the slice before the start of the range utf8Cert.Slice(0, start).CopyTo(newUtf8Cert); // Copy over the slice after the end of the range - utf8Cert.Slice(end).CopyTo(newUtf8Cert.AsSpan(start)); + utf8Cert.Slice(end).CopyTo(newUtf8Cert.AsSpan(start)); utf8Cert = newUtf8Cert; } From 2c03c6fdd1ce70a3eb68be1dac7ae1e83e2cac41 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Tue, 24 Sep 2024 23:09:14 +0000 Subject: [PATCH 02/10] Update generated docs --- README.md | 228 +++++++++++------------------------------------------- 1 file changed, 44 insertions(+), 184 deletions(-) diff --git a/README.md b/README.md index 7f950ea..0b813e3 100644 --- a/README.md +++ b/README.md @@ -46,224 +46,84 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext > To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. ## Installation -Before installing the Azure App Registration and Enterprise Application Universal Orchestrator extension, it's recommended to install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command. -The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 2 Certificate Store Types. Depending on your use case, you may elect to install one, or all of these Certificate Store Types. An overview for each type is linked below: -* [Azure App Registration (Application)](docs/azureapp.md) -* [Azure Enterprise Application (Service Principal)](docs/azuresp.md) +Before installing the Azure App Registration and Enterprise Application Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command. -
Azure App Registration (Application) - - -1. Follow the [requirements section](docs/azureapp.md#requirements) to configure a Service Account and grant necessary API permissions. - -
Requirements - - #### Azure Service Principal (Graph API Authentication) - - The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: - - **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - - > For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - - Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. - - ##### Client Certificate or Client Secret - - Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - - * **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - * **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. - - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. - - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - - > **Creating and Formatting a Client Certificate using Keyfactor Command** - > - > To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. - > - > 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. - > 2. Select a **Template** that supports Client Authentication as an extended key usage. - > 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. - > 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. - > 5. Make a note of the password on the next page - it won't be shown again. - > 6. Prepare the certificate and private key for Azure and the Orchestrator extension: - > * If you downloaded the certificate in PEM format, use the commands below: - > - > ```shell - > # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file - > cat - > - > # Separate the certificate from the private key - > openssl x509 -in -out pubkeycert.pem - > - > # Base64 encode the certificate and private key - > cat | base64 > clientcertkeypair.pem.base64 - > ``` - > - > * If you downloaded the certificate in PFX format, use the commands below: - > - > ```shell - > # Export the certificate from the PFX file - > openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem - > - > # Base64 encode the PFX file - > cat | base64 > clientcert.pfx.base64 - > ``` - > 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. - > - > You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. +1. **Create Certificate Store Types in Keyfactor Command** +The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 2 Certificate Store Types. Depending on your use case, you may elect to install one, or all of these Certificate Store Types. - #### Azure App Registration (Application) +
Azure App Registration (Application) - ##### Application Certificates - Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. + > More information on the Azure App Registration (Application) Certificate Store Type can be found [here](docs/azureapp.md). -
- -2. Create Certificate Store Types for the Azure App Registration and Enterprise Application Orchestrator extension. - - * **Using kfutil**: + * **Create AzureApp using kfutil**: ```shell # Azure App Registration (Application) kfutil store-types create AzureApp ``` - * **Manually**: - * [Azure App Registration (Application)](docs/azureapp.md#certificate-store-type-configuration) - -3. Install the Azure App Registration and Enterprise Application Universal Orchestrator extension. - - * **Using kfutil**: On the server that that hosts the Universal Orchestrator, run the following command: - - ```shell - # Windows Server - kfutil orchestrator extension -e azure-application-orchestrator@latest --out "C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions" - - # Linux - kfutil orchestrator extension -e azure-application-orchestrator@latest --out "/opt/keyfactor/orchestrator/extensions" - ``` - - * **Manually**: Follow the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions) to install the latest [Azure App Registration and Enterprise Application Universal Orchestrator extension](https://github.com/Keyfactor/azure-application-orchestrator/releases/latest). - -4. Create new certificate stores in Keyfactor Command for the Sample Universal Orchestrator extension. - - * [Azure App Registration (Application)](docs/azureapp.md#certificate-store-configuration) - - -
- -
Azure Enterprise Application (Service Principal) - - -1. Follow the [requirements section](docs/azuresp.md#requirements) to configure a Service Account and grant necessary API permissions. - -
Requirements - - #### Azure Service Principal (Graph API Authentication) - - The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: - - **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - - > For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - - Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. + * **Create AzureApp manually in the Command UI**: + + Refer to the [Azure App Registration (Application)](docs/azureapp.md#certificate-store-type-configuration) creation docs. +
- ##### Client Certificate or Client Secret +
Azure Enterprise Application (Service Principal) - Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - * **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - * **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. + > More information on the Azure Enterprise Application (Service Principal) Certificate Store Type can be found [here](docs/azuresp.md). - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. + * **Create AzureSP using kfutil**: - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + ```shell + # Azure Enterprise Application (Service Principal) + kfutil store-types create AzureSP + ``` - > **Creating and Formatting a Client Certificate using Keyfactor Command** - > - > To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. - > - > 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. - > 2. Select a **Template** that supports Client Authentication as an extended key usage. - > 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. - > 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. - > 5. Make a note of the password on the next page - it won't be shown again. - > 6. Prepare the certificate and private key for Azure and the Orchestrator extension: - > * If you downloaded the certificate in PEM format, use the commands below: - > - > ```shell - > # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file - > cat - > - > # Separate the certificate from the private key - > openssl x509 -in -out pubkeycert.pem - > - > # Base64 encode the certificate and private key - > cat | base64 > clientcertkeypair.pem.base64 - > ``` - > - > * If you downloaded the certificate in PFX format, use the commands below: - > - > ```shell - > # Export the certificate from the PFX file - > openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem - > - > # Base64 encode the PFX file - > cat | base64 > clientcert.pfx.base64 - > ``` - > 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. - > - > You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + * **Create AzureSP manually in the Command UI**: + + Refer to the [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-type-configuration) creation docs. +
- #### Enterprise Application (Service Principal) +2. **Download the latest Azure App Registration and Enterprise Application Universal Orchestrator extension from GitHub.** - ##### Service Principal Certificates + On the [Azure App Registration and Enterprise Application Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/azure-application-orchestrator/releases/latest), click the `azure-application-orchestrator` asset to download the zip archive. Unzip the archive containing extension assemblies to a known location. - Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. +3. **Locate the Universal Orchestrator extensions directory.** -
+ * **Default on Windows** - `C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions` + * **Default on Linux** - `/opt/keyfactor/orchestrator/extensions` + +4. **Create a new directory for the Azure App Registration and Enterprise Application Universal Orchestrator extension inside the extensions directory.** + + Create a new directory called `azure-application-orchestrator`. + > The directory name does not need to match any names used elsewhere; it just has to be unique within the extensions directory. -2. Create Certificate Store Types for the Azure App Registration and Enterprise Application Orchestrator extension. +5. **Copy the contents of the downloaded and unzipped assemblies from __step 2__ to the `azure-application-orchestrator` directory.** - * **Using kfutil**: +6. **Restart the Universal Orchestrator service.** - ```shell - # Azure Enterprise Application (Service Principal) - kfutil store-types create AzureSP - ``` + Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm). - * **Manually**: - * [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-type-configuration) -3. Install the Azure App Registration and Enterprise Application Universal Orchestrator extension. - - * **Using kfutil**: On the server that that hosts the Universal Orchestrator, run the following command: - ```shell - # Windows Server - kfutil orchestrator extension -e azure-application-orchestrator@latest --out "C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions" +> The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions). - # Linux - kfutil orchestrator extension -e azure-application-orchestrator@latest --out "/opt/keyfactor/orchestrator/extensions" - ``` +## Configuration and Usage - * **Manually**: Follow the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions) to install the latest [Azure App Registration and Enterprise Application Universal Orchestrator extension](https://github.com/Keyfactor/azure-application-orchestrator/releases/latest). +The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 2 Certificate Store Types, each of which implements different functionality. Refer to the individual instructions below for each Certificate Store Type that you deemed necessary for your use case from the installation section. -4. Create new certificate stores in Keyfactor Command for the Sample Universal Orchestrator extension. +
Azure App Registration (Application) - * [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-configuration) +1. Refer to the [requirements section](docs/azureapp.md#requirements) to ensure all prerequisites are met before using the Azure App Registration (Application) Certificate Store Type. +2. Create new [Azure App Registration (Application)](docs/azureapp.md#certificate-store-configuration) Certificate Stores in Keyfactor Command. +
+
Azure Enterprise Application (Service Principal) +1. Refer to the [requirements section](docs/azuresp.md#requirements) to ensure all prerequisites are met before using the Azure Enterprise Application (Service Principal) Certificate Store Type. +2. Create new [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-configuration) Certificate Stores in Keyfactor Command.
From ca30904fe5ab0090059855b9c8c29f3e6a9595bf Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Thu, 3 Oct 2024 12:26:00 -0700 Subject: [PATCH 03/10] chore(storetypesv2): Implement V2 Certificat Store Types that interpret the Store Path as the Object ID Signed-off-by: Hayden Roszell --- .../AzureApp.cs | 20 +- .../AzureApp2.cs | 561 ++++++++++++ .../AzureSP.cs | 6 +- .../AzureSP2.cs | 568 ++++++++++++ .../FakeClient.cs | 43 +- .../IntegrationTestingFact.cs | 5 +- .../JobClientBuilder.cs | 162 +++- .../AzureApp2Jobs/Discovery.cs | 113 +++ .../AzureApp2Jobs/Inventory.cs | 94 ++ .../AzureApp2Jobs/Management.cs | 149 ++++ .../AzureAppJobs/Discovery.cs | 4 +- .../AzureAppJobs/Inventory.cs | 15 +- .../AzureAppJobs/Management.cs | 14 +- .../AzureSP2Jobs/Discovery.cs | 113 +++ .../AzureSP2Jobs/Inventory.cs | 94 ++ .../AzureSP2Jobs/Management.cs | 151 ++++ .../AzureSPJobs/Discovery.cs | 4 +- .../AzureSPJobs/Inventory.cs | 15 +- .../AzureSPJobs/Management.cs | 14 +- .../Client/GraphClient.cs | 255 ++++-- .../Client/IAzureGraphClient.cs | 19 +- .../GraphJobClientBuilder.cs | 76 +- .../manifest.json | 78 +- README.md | 818 +++++++++++++++++- docs/azureapp.md | 206 ----- docs/azuresp.md | 206 ----- docsource/azureapp.md | 76 +- docsource/azureapp2.md | 21 + docsource/azuresp.md | 75 +- docsource/azuresp2.md | 21 + docsource/content.md | 80 ++ .../AzureApp-advanced-store-type-dialog.png | Bin 41666 -> 41694 bytes .../AzureApp-basic-store-type-dialog.png | Bin 54630 -> 54648 bytes ...ureApp-custom-fields-store-type-dialog.png | Bin 40175 -> 40207 bytes .../AzureApp2-advanced-store-type-dialog.png | Bin 0 -> 41694 bytes .../AzureApp2-basic-store-type-dialog.png | Bin 0 -> 55531 bytes ...reApp2-custom-fields-store-type-dialog.png | Bin 0 -> 42405 bytes .../AzureSP-advanced-store-type-dialog.png | Bin 41666 -> 41691 bytes .../AzureSP-basic-store-type-dialog.png | Bin 54914 -> 54938 bytes ...zureSP-custom-fields-store-type-dialog.png | Bin 40175 -> 40207 bytes .../AzureSP2-advanced-store-type-dialog.png | Bin 0 -> 41691 bytes .../AzureSP2-basic-store-type-dialog.png | Bin 0 -> 55451 bytes ...ureSP2-custom-fields-store-type-dialog.png | Bin 0 -> 42405 bytes docsource/overview.md | 6 - integration-manifest.json | 148 +++- 45 files changed, 3475 insertions(+), 755 deletions(-) create mode 100644 AzureEnterpriseApplicationOrchestrator.Tests/AzureApp2.cs create mode 100644 AzureEnterpriseApplicationOrchestrator.Tests/AzureSP2.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Discovery.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Inventory.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Management.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Discovery.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Inventory.cs create mode 100644 AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Management.cs delete mode 100644 docs/azureapp.md delete mode 100644 docs/azuresp.md create mode 100644 docsource/azureapp2.md create mode 100644 docsource/azuresp2.md create mode 100644 docsource/content.md create mode 100644 docsource/images/AzureApp2-advanced-store-type-dialog.png create mode 100644 docsource/images/AzureApp2-basic-store-type-dialog.png create mode 100644 docsource/images/AzureApp2-custom-fields-store-type-dialog.png create mode 100644 docsource/images/AzureSP2-advanced-store-type-dialog.png create mode 100644 docsource/images/AzureSP2-basic-store-type-dialog.png create mode 100644 docsource/images/AzureSP2-custom-fields-store-type-dialog.png delete mode 100644 docsource/overview.md diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs index 68615c2..c55e588 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp.cs @@ -48,7 +48,7 @@ public void AzureApp_Inventory_IntegrationTest_ReturnSuccess() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) .WithClientSecret(env.ClientSecret) - .WithTargetObjectId(env.TargetApplicationObjectId) + .WithTargetApplicationApplicationId(env.TargetApplicationApplicationId) .Build(); // Set up the inventory job configuration @@ -57,7 +57,7 @@ public void AzureApp_Inventory_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationObjectId, + StorePath = env.TargetApplicationApplicationId, Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" } }; @@ -118,14 +118,14 @@ public void AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess() // Act JobResult result = inventory.ProcessJob(config, (inventoryItems) => - { - // Assert - Assert.Equal(1, inventoryItems.Count()); - Assert.Equal("test", inventoryItems.First().Alias); + { + // Assert + Assert.Equal(1, inventoryItems.Count()); + Assert.Equal("test", inventoryItems.First().Alias); - _logger.LogInformation("AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); - return true; - }); + _logger.LogInformation("AzureApp_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; + }); // Assert Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); @@ -481,7 +481,7 @@ public void AzureApp_Management_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetApplicationObjectId, + StorePath = env.TargetApplicationApplicationId, Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" }, JobCertificate = new ManagementJobCertificate diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp2.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp2.cs new file mode 100644 index 0000000..5188fa2 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureApp2.cs @@ -0,0 +1,561 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Security.Cryptography.X509Certificates; +using AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; +using NLog.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.Tests; + +public class AzureEnterpriseApplicationOrchestrator_AzureApp2 +{ + ILogger _logger { get; set; } + + public AzureEnterpriseApplicationOrchestrator_AzureApp2() + { + ConfigureLogging(); + + _logger = LogHandler.GetClassLogger(); + } + + [IntegrationTestingFact] + public void AzureApp2_Inventory_IntegrationTest_ReturnSuccess() + { + // Arrange + string certName = "AppTest" + Guid.NewGuid().ToString()[..6]; + X509Certificate2 ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(certName); + string b64Cert = Convert.ToBase64String(ssCert.Export(X509ContentType.Cert)); + + IntegrationTestingFact env = new(); + + IAzureGraphClient client = new GraphClient.Builder() + .WithTenantId(env.TenantId) + .WithApplicationId(env.ApplicationId) + .WithClientSecret(env.ClientSecret) + .WithTargetObjectId(env.TargetApplicationObjectId) + .Build(); + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = env.TenantId, + StorePath = env.TargetApplicationObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + } + }; + + var inventory = new Inventory(); + + // Create a certificate in the Application + client.AddApplicationCertificate(certName, b64Cert); + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + // Assert + Assert.NotNull(inventoryItems); + Assert.NotEmpty(inventoryItems); + + _logger.LogInformation("AzureApp2_Inventory_IntegrationTest_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + + // Clean up + client.RemoveApplicationCertificate(certName); + } + + [Fact] + public void AzureApp2_Inventory_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + IAzureGraphClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "test" } + } + }; + + // Set up the inventory job with the fake client + var inventory = new Inventory + { + Client = client + }; + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = "test", + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + // Assert + Assert.Equal(1, inventoryItems.Count()); + Assert.Equal("test", inventoryItems.First().Alias); + + _logger.LogInformation("AzureApp2_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + } + + [Fact] + public void AzureApp2_Inventory_ProcessJob_InvalidClient_ReturnFailure() + { + // Arrange + IAzureGraphClient client = new FakeClient(); + + // Set up the inventory job with the fake client + var inventory = new Inventory + { + Client = client + }; + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = "test", + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + }, + JobHistoryId = 1 + }; + + bool callbackCalled = false; + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + callbackCalled = true; + + // Assert + Assert.True(false, "Callback should not be called"); + return true; + }); + + // Assert + Assert.False(callbackCalled); + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + + _logger.LogInformation("AzureApp2_Inventory_ProcessJob_InvalidClient_ReturnFailure - Success"); + } + + [IntegrationTestingFact] + public void AzureApp2_Discovery_IntegrationTest_ReturnSuccess() + { + // Arrange + IntegrationTestingFact env = new(); + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = env.TenantId, + ServerUsername = env.ApplicationId, + ServerPassword = env.ClientSecret, + JobProperties = new Dictionary + { + { "dirs", env.TenantId } + } + }; + + var discovery = new Discovery(); + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + // Assert + Assert.NotNull(discoveredApplicationIds); + Assert.NotEmpty(discoveredApplicationIds); + + _logger.LogInformation("AzureApp2_Discovery_IntegrationTest_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + } + + [Fact] + public void AzureApp2_Discovery_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + IAzureGraphClient client = new FakeClient + { + ObjectIdsAvailableOnFakeTenant = new List { "test" } + }; + + // Set up the discovery job with the fake client + var discovery = new Discovery + { + Client = client + }; + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = "fake-tenant-id", + ServerUsername = "fake-application-id", + ServerPassword = "fake-client-secret", + JobProperties = new Dictionary + { + { "dirs", "fake-tenant-id" } + } + }; + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + // Assert + Assert.Equal(1, discoveredApplicationIds.Count()); + Assert.Equal("test", discoveredApplicationIds.First()); + + _logger.LogInformation("Discovery_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + _logger.LogInformation("AzureApp2_Discovery_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Fact] + public void AzureApp2_Discovery_ProcessJob_InvalidClient_ReturnFailure() + { + // Arrange + IAzureGraphClient client = new FakeClient(); + + // Set up the discovery job with the fake client + var discovery = new Discovery + { + Client = client + }; + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = "fake-tenant-id", + ServerUsername = "fake-application-id", + ServerPassword = "fake-client-secret", + JobProperties = new Dictionary + { + { "dirs", "fake-tenant-id" } + } + }; + + bool callbackCalled = false; + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + callbackCalled = true; + + // Assert + Assert.True(false, "Callback should not be called"); + return true; + }); + + // Assert + Assert.False(callbackCalled); + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + + _logger.LogInformation("AzureApp2_Discovery_ProcessJob_InvalidClient_ReturnFailure - Success"); + } + + [Fact] + public void AzureApp2_ManagementAdd_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient(); + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + Contents = "test-certificate-data" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + Assert.NotNull(client.CertificatesAvailableOnFakeTarget); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.True(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + } + + _logger.LogInformation("AzureApp2_ManagementAdd_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Theory] + [InlineData("", "")] + [InlineData("", "test-password")] + public void AzureApp2_ManagementAdd_ProcessJob_InvalidJobConfig_ReturnFailure(string alias, string pkPassword) + { + // Arrange + FakeClient client = new FakeClient(); + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + JobCertificate = new ManagementJobCertificate + { + Alias = alias, + Contents = "test-certificate-data", + PrivateKeyPassword = pkPassword + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + Assert.Equal(1, result.JobHistoryId); + + _logger.LogInformation("AzureApp2_ManagementAdd_ProcessJob_InvalidJobConfig_ReturnFailure - Success"); + } + + [Fact] + public void AzureApp2_ManagementRemove_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "test" } + } + }; + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Remove, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.False(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + } + + _logger.LogInformation("AzureApp2_ManagementRemove_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Fact] + public void AzureApp2_ManagementReplace_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "original-cert-data" } + } + }; + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + Overwrite = true, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + Contents = "new-certificate-data" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.True(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + Assert.Equal("new-certificate-data", client.CertificatesAvailableOnFakeTarget["test"]); + } + + _logger.LogInformation("AzureApp2_ManagementReplace_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [IntegrationTestingFact] + public void AzureApp2_Management_IntegrationTest_ReturnSuccess() + { + // Arrange + IntegrationTestingFact env = new(); + + string testHostname = "azureapplicationUnitTest.com"; + string certName = "AppTest" + Guid.NewGuid().ToString()[..6]; + + X509Certificate2 ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); + + string b64Cert = Convert.ToBase64String(ssCert.Export(X509ContentType.Cert)); + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + CertificateStoreDetails = new CertificateStore + { + ClientMachine = env.TenantId, + StorePath = env.TargetApplicationObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + }, + JobCertificate = new ManagementJobCertificate + { + Alias = certName, + Contents = b64Cert + }, + }; + + var management = new Management(); + + // Act + // This will process a Management Add job + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + // Arrange + + ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); + + b64Cert = Convert.ToBase64String(ssCert.Export(X509ContentType.Cert)); + + config.OperationType = CertStoreOperationType.Add; + config.Overwrite = true; + config.JobCertificate = new ManagementJobCertificate + { + Alias = certName, + Contents = b64Cert + }; + + // Act + // This will process a Management Replace job + result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + // Arrange + config.OperationType = CertStoreOperationType.Remove; + config.JobCertificate = new ManagementJobCertificate + { + Alias = certName, + }; + + // Act + // This will process a Management Remove job + result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + _logger.LogInformation("AzureApp2_Management_IntegrationTest_ReturnSuccess - Success"); + } + + static void ConfigureLogging() + { + var config = new NLog.Config.LoggingConfiguration(); + + // Targets where to log to: File and Console + var logconsole = new NLog.Targets.ConsoleTarget("logconsole"); + logconsole.Layout = @"${date:format=HH\:mm\:ss} ${logger} [${level}] - ${message}"; + + // Rules for mapping loggers to targets + config.AddRule(NLog.LogLevel.Trace, NLog.LogLevel.Fatal, logconsole); + + // Apply config + NLog.LogManager.Configuration = config; + + LogHandler.Factory = LoggerFactory.Create(builder => + { + builder.AddNLog(); + }); + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs index c78f740..e55b295 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP.cs @@ -49,7 +49,7 @@ public void AzureSP_Inventory_IntegrationTest_ReturnSuccess() .WithTenantId(env.TenantId) .WithApplicationId(env.ApplicationId) .WithClientSecret(env.ClientSecret) - .WithTargetObjectId(env.TargetServicePrincipalObjectId) + .WithTargetServicePrincipalApplicationId(env.TargetApplicationApplicationId) .Build(); // Set up the inventory job configuration @@ -58,7 +58,7 @@ public void AzureSP_Inventory_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetServicePrincipalObjectId, + StorePath = env.TargetApplicationApplicationId, Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" } }; @@ -486,7 +486,7 @@ public void AzureSP_Management_IntegrationTest_ReturnSuccess() CertificateStoreDetails = new CertificateStore { ClientMachine = env.TenantId, - StorePath = env.TargetServicePrincipalObjectId, + StorePath = env.TargetApplicationApplicationId, Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" }, JobCertificate = new ManagementJobCertificate diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP2.cs b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP2.cs new file mode 100644 index 0000000..b49a841 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator.Tests/AzureSP2.cs @@ -0,0 +1,568 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System.Security.Cryptography.X509Certificates; +using AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; +using NLog.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.Tests; + +public class AzureEnterpriseApplicationOrchestrator_AzureSP2 +{ + ILogger _logger { get; set; } + + public AzureEnterpriseApplicationOrchestrator_AzureSP2() + { + ConfigureLogging(); + + _logger = LogHandler.GetClassLogger(); + } + + [IntegrationTestingFact] + public void AzureSP2_Inventory_IntegrationTest_ReturnSuccess() + { + // Arrange + const string password = "passwordpasswordpassword"; + string certName = "SPTest" + Guid.NewGuid().ToString()[..6]; + X509Certificate2 ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(certName); + string b64PfxSslCert = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); + + IntegrationTestingFact env = new(); + + IAzureGraphClient client = new GraphClient.Builder() + .WithTenantId(env.TenantId) + .WithApplicationId(env.ApplicationId) + .WithClientSecret(env.ClientSecret) + .WithTargetObjectId(env.TargetServicePrincipalObjectId) + .Build(); + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = env.TenantId, + StorePath = env.TargetServicePrincipalObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + } + }; + + var inventory = new Inventory(); + + // Create a certificate in the Application + client.AddServicePrincipalCertificate(certName, b64PfxSslCert, password); + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + // Assert + Assert.NotNull(inventoryItems); + Assert.NotEmpty(inventoryItems); + + _logger.LogInformation("AzureSP2_Inventory_IntegrationTest_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + + // Clean up + client.RemoveServicePrincipalCertificate(certName); + } + + [Fact] + public void AzureSP2_Inventory_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + IAzureGraphClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "test" } + } + }; + + // Set up the inventory job with the fake client + var inventory = new Inventory + { + Client = client + }; + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = "test", + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + // Assert + Assert.Equal(1, inventoryItems.Count()); + Assert.Equal("test", inventoryItems.First().Alias); + + _logger.LogInformation("AzureSP2_Inventory_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + } + + [Fact] + public void AzureSP2_Inventory_ProcessJob_InvalidClient_ReturnFailure() + { + // Arrange + IAzureGraphClient client = new FakeClient(); + + // Set up the inventory job with the fake client + var inventory = new Inventory + { + Client = client + }; + + // Set up the inventory job configuration + var config = new InventoryJobConfiguration + { + CertificateStoreDetails = new CertificateStore + { + ClientMachine = "test", + StorePath = "test", + Properties = "{\"ServerUsername\":\"test\",\"ServerPassword\":\"test\",\"AzureCloud\":\"test\"}" + }, + JobHistoryId = 1 + }; + + bool callbackCalled = false; + + // Act + JobResult result = inventory.ProcessJob(config, (inventoryItems) => + { + callbackCalled = true; + + // Assert + Assert.True(false, "Callback should not be called"); + return true; + }); + + // Assert + Assert.False(callbackCalled); + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + + _logger.LogInformation("AzureSP2_Inventory_ProcessJob_InvalidClient_ReturnFailure - Success"); + } + + [IntegrationTestingFact] + public void AzureSP2_Discovery_IntegrationTest_ReturnSuccess() + { + // Arrange + IntegrationTestingFact env = new(); + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = env.TenantId, + ServerUsername = env.ApplicationId, + ServerPassword = env.ClientSecret, + JobProperties = new Dictionary + { + { "dirs", env.TenantId } + } + }; + + var discovery = new Discovery(); + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + // Assert + Assert.NotNull(discoveredApplicationIds); + Assert.NotEmpty(discoveredApplicationIds); + + _logger.LogInformation("AzureSP2_Discovery_IntegrationTest_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + } + + [Fact] + public void AzureSP2_Discovery_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + IAzureGraphClient client = new FakeClient + { + ObjectIdsAvailableOnFakeTenant = new List { "test" } + }; + + // Set up the discovery job with the fake client + var discovery = new Discovery + { + Client = client + }; + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = "fake-tenant-id", + ServerUsername = "fake-application-id", + ServerPassword = "fake-client-secret", + JobProperties = new Dictionary + { + { "dirs", "fake-tenant-id" } + } + }; + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + // Assert + Assert.Equal(1, discoveredApplicationIds.Count()); + Assert.Equal("test", discoveredApplicationIds.First()); + + _logger.LogInformation("Discovery_ProcessJob_ValidClient_ReturnSuccess - Success"); + return true; + }); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + _logger.LogInformation("AzureSP2_Discovery_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Fact] + public void AzureSP2_Discovery_ProcessJob_InvalidClient_ReturnFailure() + { + // Arrange + IAzureGraphClient client = new FakeClient(); + + // Set up the discovery job with the fake client + var discovery = new Discovery + { + Client = client + }; + + // Set up the discovery job configuration + var config = new DiscoveryJobConfiguration + { + ClientMachine = "fake-tenant-id", + ServerUsername = "fake-application-id", + ServerPassword = "fake-client-secret", + JobProperties = new Dictionary + { + { "dirs", "fake-tenant-id" } + } + }; + + bool callbackCalled = false; + + // Act + JobResult result = discovery.ProcessJob(config, (discoveredApplicationIds) => + { + callbackCalled = true; + + // Assert + Assert.True(false, "Callback should not be called"); + return true; + }); + + // Assert + Assert.False(callbackCalled); + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + + _logger.LogInformation("AzureSP2_Discovery_ProcessJob_InvalidClient_ReturnFailure - Success"); + } + + [Fact] + public void AzureSP2_ManagementAdd_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient(); + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + Contents = "test-certificate-data", + PrivateKeyPassword = "test-password" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + Assert.NotNull(client.CertificatesAvailableOnFakeTarget); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.True(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + } + + _logger.LogInformation("AzureSP2_ManagementAdd_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Theory] + [InlineData("test", "")] + [InlineData("", "test-password")] + [InlineData("", "")] + public void AzureSP2_ManagementAdd_ProcessJob_InvalidJobConfig_ReturnFailure(string alias, string pkPassword) + { + // Arrange + FakeClient client = new FakeClient(); + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + JobCertificate = new ManagementJobCertificate + { + Alias = alias, + Contents = "test-certificate-data", + PrivateKeyPassword = pkPassword + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Failure, result.Result); + Assert.Equal(1, result.JobHistoryId); + + _logger.LogInformation("AzureSP2_ManagementAdd_ProcessJob_InvalidJobConfig_ReturnFailure - Success"); + } + + [Fact] + public void AzureSP2_ManagementRemove_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "test" } + } + }; + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Remove, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.False(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + } + + _logger.LogInformation("AzureSP2_ManagementRemove_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [Fact] + public void AzureSP2_ManagementReplace_ProcessJob_ValidClient_ReturnSuccess() + { + // Arrange + FakeClient client = new FakeClient + { + CertificatesAvailableOnFakeTarget = new Dictionary + { + { "test", "original-cert-data" } + } + }; + + // Set up the management job with the fake client + var management = new Management + { + Client = client + }; + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + Overwrite = true, + JobCertificate = new ManagementJobCertificate + { + Alias = "test", + Contents = "new-certificate-data", + PrivateKeyPassword = "test-password" + }, + JobHistoryId = 1 + }; + + // Act + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + Assert.Equal(1, result.JobHistoryId); + if (client.CertificatesAvailableOnFakeTarget != null) + { + Assert.True(client.CertificatesAvailableOnFakeTarget.ContainsKey("test")); + Assert.Equal("new-certificate-data", client.CertificatesAvailableOnFakeTarget["test"]); + } + + _logger.LogInformation("AzureSP2_ManagementReplace_ProcessJob_ValidClient_ReturnSuccess - Success"); + } + + [IntegrationTestingFact] + public void AzureSP2_Management_IntegrationTest_ReturnSuccess() + { + // Arrange + IntegrationTestingFact env = new(); + + string testHostname = "azureapplicationUnitTest.com"; + string certName = "AppTest" + Guid.NewGuid().ToString()[..6]; + string password = "password"; + + X509Certificate2 ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); + + string b64PfxSslCert = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); + + // Set up the management job configuration + var config = new ManagementJobConfiguration + { + OperationType = CertStoreOperationType.Add, + CertificateStoreDetails = new CertificateStore + { + ClientMachine = env.TenantId, + StorePath = env.TargetServicePrincipalObjectId, + Properties = $"{{\"ServerUsername\":\"{env.ApplicationId}\",\"ServerPassword\":\"{env.ClientSecret}\",\"AzureCloud\":\"\"}}" + }, + JobCertificate = new ManagementJobCertificate + { + Alias = certName, + Contents = b64PfxSslCert, + PrivateKeyPassword = password + }, + }; + + var management = new Management(); + + // Act + // This will process a Management Add job + JobResult result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + // Arrange + + ssCert = AzureEnterpriseApplicationOrchestrator_Client.GetSelfSignedCert(testHostname); + + b64PfxSslCert = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); + + config.OperationType = CertStoreOperationType.Add; + config.Overwrite = true; + config.JobCertificate = new ManagementJobCertificate + { + Alias = certName, + Contents = b64PfxSslCert, + PrivateKeyPassword = password + }; + + // Act + // This will process a Management Replace job + result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + // Arrange + config.OperationType = CertStoreOperationType.Remove; + config.JobCertificate = new ManagementJobCertificate + { + Alias = certName, + }; + + // Act + // This will process a Management Remove job + result = management.ProcessJob(config); + + // Assert + Assert.Equal(OrchestratorJobStatusJobResult.Success, result.Result); + + _logger.LogInformation("AzureSP2_Management_IntegrationTest_ReturnSuccess - Success"); + } + + static void ConfigureLogging() + { + var config = new NLog.Config.LoggingConfiguration(); + + // Targets where to log to: File and Console + var logconsole = new NLog.Targets.ConsoleTarget("logconsole"); + logconsole.Layout = @"${date:format=HH\:mm\:ss} ${logger} [${level}] - ${message}"; + + // Rules for mapping loggers to targets + config.AddRule(NLog.LogLevel.Trace, NLog.LogLevel.Fatal, logconsole); + + // Apply config + NLog.LogManager.Configuration = config; + + LogHandler.Factory = LoggerFactory.Create(builder => + { + builder.AddNLog(); + }); + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs b/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs index 5941871..a3c4775 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/FakeClient.cs @@ -23,13 +23,14 @@ namespace AzureEnterpriseApplicationOrchestrator.Tests; public class FakeClient : IAzureGraphClient { - public class FakeBuilder : IAzureGraphClientBuilder { private FakeClient _client = new FakeClient(); public string? _tenantId { get; set; } - public string? _targetApplicationId { get; set; } + public string? _targetObjectId { get; set; } + public string? _targetApplicationApplicationId { get; set; } + public string? _targetServicePrincipalApplicationId { get; set; } public string? _applicationId { get; set; } public string? _clientSecret { get; set; } public X509Certificate2? _clientCertificate { get; set; } @@ -41,9 +42,21 @@ public IAzureGraphClientBuilder WithTenantId(string tenantId) return this; } - public IAzureGraphClientBuilder WithTargetObjectId(string applicationId) + public IAzureGraphClientBuilder WithTargetObjectId(string objectId) + { + _targetObjectId = objectId; + return this; + } + + public IAzureGraphClientBuilder WithTargetServicePrincipalApplicationId(string applicationId) + { + _targetServicePrincipalApplicationId = applicationId; + return this; + } + + public IAzureGraphClientBuilder WithTargetApplicationApplicationId(string applicationId) { - _targetApplicationId = applicationId; + _targetApplicationApplicationId = applicationId; return this; } @@ -108,13 +121,33 @@ public OperationResult> DiscoverApplicationObjectIds() { if (ObjectIdsAvailableOnFakeTenant == null) { - throw new Exception("Discover Application IDs method failure - no application ids set"); + throw new Exception("Discover Object IDs method failure - no application ids set"); } return new OperationResult>(ObjectIdsAvailableOnFakeTenant); } public OperationResult> DiscoverServicePrincipalObjectIds() + { + if (ObjectIdsAvailableOnFakeTenant == null) + { + throw new Exception("Discover Object IDs method failure - no application ids set"); + } + + return new OperationResult>(ObjectIdsAvailableOnFakeTenant); + } + + public OperationResult> DiscoverApplicationApplicationIds() + { + if (ObjectIdsAvailableOnFakeTenant == null) + { + throw new Exception("Discover Application IDs method failure - no application ids set"); + } + + return new OperationResult>(ObjectIdsAvailableOnFakeTenant); + } + + public OperationResult> DiscoverServicePrincipalApplicationIds() { if (ObjectIdsAvailableOnFakeTenant == null) { diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs b/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs index 3d76de5..9ccb238 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/IntegrationTestingFact.cs @@ -21,6 +21,8 @@ public sealed class IntegrationTestingFact : FactAttribute public string ClientSecret { get; private set; } public string ClientCertificatePath { get; private set; } + + public string TargetApplicationApplicationId { get; private set; } public string TargetApplicationObjectId { get; private set; } public string TargetServicePrincipalObjectId { get; private set; } @@ -31,10 +33,11 @@ public IntegrationTestingFact() ClientSecret = Environment.GetEnvironmentVariable("AZURE_CLIENT_SECRET") ?? string.Empty; ClientCertificatePath = Environment.GetEnvironmentVariable("AZURE_PATH_TO_CLIENT_CERTIFICATE") ?? string.Empty; + TargetApplicationApplicationId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_ID") ?? string.Empty; TargetApplicationObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_APPLICATION_OBJECT_ID") ?? string.Empty; TargetServicePrincipalObjectId = Environment.GetEnvironmentVariable("AZURE_TARGET_SERVICEPRINCIPAL_OBJECT_ID") ?? string.Empty; - if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationObjectId) || string.IsNullOrEmpty(TargetApplicationObjectId)) + if (string.IsNullOrEmpty(TenantId) || string.IsNullOrEmpty(ApplicationId) || string.IsNullOrEmpty(ClientSecret) || string.IsNullOrEmpty(TargetApplicationApplicationId) || string.IsNullOrEmpty(TargetApplicationObjectId) || string.IsNullOrEmpty(TargetApplicationObjectId)) { Skip = "Integration testing environment variables are not set - Skipping test. Please run `make setup` to set the environment variables."; } diff --git a/AzureEnterpriseApplicationOrchestrator.Tests/JobClientBuilder.cs b/AzureEnterpriseApplicationOrchestrator.Tests/JobClientBuilder.cs index cad3f39..5f6261a 100644 --- a/AzureEnterpriseApplicationOrchestrator.Tests/JobClientBuilder.cs +++ b/AzureEnterpriseApplicationOrchestrator.Tests/JobClientBuilder.cs @@ -25,7 +25,7 @@ public class AzureEnterpriseApplicationOrchestrator_JobClientBuilder { - ILogger _logger { get; set;} + ILogger _logger { get; set; } public AzureEnterpriseApplicationOrchestrator_JobClientBuilder() { @@ -34,8 +34,11 @@ public AzureEnterpriseApplicationOrchestrator_JobClientBuilder() _logger = LogHandler.GetClassLogger(); } - [Fact] - public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientSecret_BuildValidClient() + [Theory] + [InlineData("AzureApp")] + [InlineData("AzureSP")] + [InlineData("Unsupported")] + public void GraphJobClientBuilderV1_ValidCertificateStoreConfigWithClientSecret_BuildValidClient(string storetype) { // Verify that the GraphJobClientBuilder uses the certificate store configuration // provided by Keyfactor Command/the Universal Orchestrator correctly as required @@ -49,22 +52,42 @@ public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientSecret_Bu CertificateStore fakeCertificateStoreDetails = new() { ClientMachine = "fake-tenant-id", - StorePath = "fake-azure-target-application-id", + StorePath = "fake-azure-target-id", Properties = "{\"ServerUsername\":\"fake-azure-application-id\",\"ServerPassword\":\"fake-azure-client-secret\",\"AzureCloud\":\"fake-azure-cloud\"}" }; + bool thrown = false; + // Act - IAzureGraphClient fakeAppGatewayClient = jobClientBuilderWithFakeBuilder - .WithCertificateStoreDetails(fakeCertificateStoreDetails) - .Build(); + try + { + jobClientBuilderWithFakeBuilder + .WithV1CertificateStoreDetails(fakeCertificateStoreDetails, storetype) + .Build(); + } + catch (Exception) + { + if (storetype == "AzureApp" || storetype == "AzureSP") throw; + thrown = true; + } + // Assert + if (!thrown && storetype == "Unsupported") throw new Exception("Expected failure"); + if (thrown && storetype == "Unsupported") + { + _logger.LogInformation("GraphJobClientBuilder_ValidCertificateStoreConfig_BuildValidClient - Success"); + return; + } // IAzureGraphClient doesn't require any of the properties set by the builder to be exposed // since the production Build() method creates an Azure Resource Manager client. // But, our builder is fake and exposes the properties we need to test (via the FakeBuilder class). Assert.Equal("fake-tenant-id", jobClientBuilderWithFakeBuilder._builder._tenantId); - Assert.Equal("fake-azure-target-application-id", jobClientBuilderWithFakeBuilder._builder._targetApplicationId); + if (storetype == "AzureApp") + Assert.Equal("fake-azure-target-id", jobClientBuilderWithFakeBuilder._builder._targetApplicationApplicationId); + if (storetype == "AzureSP") + Assert.Equal("fake-azure-target-id", jobClientBuilderWithFakeBuilder._builder._targetServicePrincipalApplicationId); Assert.Equal("fake-azure-application-id", jobClientBuilderWithFakeBuilder._builder._applicationId); Assert.Equal("fake-azure-client-secret", jobClientBuilderWithFakeBuilder._builder._clientSecret); Assert.Equal("fake-azure-cloud", jobClientBuilderWithFakeBuilder._builder._azureCloudEndpoint); @@ -72,11 +95,11 @@ public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientSecret_Bu _logger.LogInformation("GraphJobClientBuilder_ValidCertificateStoreConfig_BuildValidClient - Success"); } - [IntegrationTestingTheory] + [Theory] [InlineData("pkcs12")] [InlineData("pem")] [InlineData("encryptedPem")] - public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientCertificate_BuildValidClient(string certificateFormat) + public void GraphJobClientBuilderV1_ValidCertificateStoreConfigWithClientCertificate_BuildValidClient(string certificateFormat) { // Verify that the GraphJobClientBuilder uses the certificate store configuration // provided by Keyfactor Command/the Universal Orchestrator correctly as required @@ -123,7 +146,7 @@ public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientCertifica // Act IAzureGraphClient fakeAppGatewayClient = jobClientBuilderWithFakeBuilder - .WithCertificateStoreDetails(fakeCertificateStoreDetails) + .WithV1CertificateStoreDetails(fakeCertificateStoreDetails, "AzureApp") .Build(); // Assert @@ -132,7 +155,116 @@ public void GraphJobClientBuilder_ValidCertificateStoreConfigWithClientCertifica // since the production Build() method creates an Azure Resource Manager client. // But, our builder is fake and exposes the properties we need to test (via the FakeBuilder class). Assert.Equal("fake-tenant-id", jobClientBuilderWithFakeBuilder._builder._tenantId); - Assert.Equal("fake-azure-target-application-id", jobClientBuilderWithFakeBuilder._builder._targetApplicationId); + Assert.Equal("fake-azure-target-application-id", jobClientBuilderWithFakeBuilder._builder._targetApplicationApplicationId); + Assert.Equal("fake-azure-application-id", jobClientBuilderWithFakeBuilder._builder._applicationId); + Assert.Equal("fake-azure-cloud", jobClientBuilderWithFakeBuilder._builder._azureCloudEndpoint); + Assert.Equal(ssCert.GetCertHash(), jobClientBuilderWithFakeBuilder._builder._clientCertificate!.GetCertHash()); + Assert.NotNull(jobClientBuilderWithFakeBuilder._builder._clientCertificate!.GetRSAPrivateKey()); + Assert.Equal(jobClientBuilderWithFakeBuilder._builder._clientCertificate!.GetRSAPrivateKey()!.ExportRSAPrivateKeyPem(), ssCert.GetRSAPrivateKey()!.ExportRSAPrivateKeyPem()); + + _logger.LogInformation("GraphJobClientBuilder_ValidCertificateStoreConfig_BuildValidClient - Success"); + } + + [Fact] + public void GraphJobClientBuilderV2_ValidCertificateStoreConfigWithClientSecret_BuildValidClient() + { + // Verify that the GraphJobClientBuilder uses the certificate store configuration + // provided by Keyfactor Command/the Universal Orchestrator correctly as required + // by the IAzureGraphClientBuilder interface. + + // Arrange + GraphJobClientBuilder jobClientBuilderWithFakeBuilder = new(); + + // Set up the certificate store with names that correspond to how we expect them to be interpreted by + // the builder + CertificateStore fakeCertificateStoreDetails = new() + { + ClientMachine = "fake-tenant-id", + StorePath = "fake-azure-object-id", + Properties = "{\"ServerUsername\":\"fake-azure-application-id\",\"ServerPassword\":\"fake-azure-client-secret\",\"AzureCloud\":\"fake-azure-cloud\"}" + }; + + // Act + jobClientBuilderWithFakeBuilder + .WithV2CertificateStoreDetails(fakeCertificateStoreDetails) + .Build(); + + + // Assert + + // IAzureGraphClient doesn't require any of the properties set by the builder to be exposed + // since the production Build() method creates an Azure Resource Manager client. + // But, our builder is fake and exposes the properties we need to test (via the FakeBuilder class). + Assert.Equal("fake-tenant-id", jobClientBuilderWithFakeBuilder._builder._tenantId); + Assert.Equal("fake-azure-object-id", jobClientBuilderWithFakeBuilder._builder._targetObjectId); + Assert.Equal("fake-azure-application-id", jobClientBuilderWithFakeBuilder._builder._applicationId); + Assert.Equal("fake-azure-client-secret", jobClientBuilderWithFakeBuilder._builder._clientSecret); + Assert.Equal("fake-azure-cloud", jobClientBuilderWithFakeBuilder._builder._azureCloudEndpoint); + + _logger.LogInformation("GraphJobClientBuilder_ValidCertificateStoreConfig_BuildValidClient - Success"); + } + + [Theory] + [InlineData("pkcs12")] + [InlineData("pem")] + [InlineData("encryptedPem")] + public void GraphJobClientBuilderV2_ValidCertificateStoreConfigWithClientCertificate_BuildValidClient(string certificateFormat) + { + // Verify that the GraphJobClientBuilder uses the certificate store configuration + // provided by Keyfactor Command/the Universal Orchestrator correctly as required + // by the IAzureGraphClientBuilder interface. + + // Arrange + GraphJobClientBuilder jobClientBuilderWithFakeBuilder = new(); + + string password = "passwordpasswordpassword"; + string certName = "SPTest" + Guid.NewGuid().ToString()[..6]; + X509Certificate2 ssCert = GetSelfSignedCert(certName); + + string b64ClientCertificate; + if (certificateFormat == "pkcs12") + { + b64ClientCertificate = Convert.ToBase64String(ssCert.Export(X509ContentType.Pfx, password)); + } + else if (certificateFormat == "pem") + { + string pemCert = ssCert.ExportCertificatePem(); + string keyPem = ssCert.GetRSAPrivateKey()!.ExportPkcs8PrivateKeyPem(); + b64ClientCertificate = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyPem + '\n' + pemCert)); + password = ""; + } + else + { + PbeParameters pbeParameters = new PbeParameters( + PbeEncryptionAlgorithm.Aes256Cbc, + HashAlgorithmName.SHA384, + 300_000); + string pemCert = ssCert.ExportCertificatePem(); + string keyPem = ssCert.GetRSAPrivateKey()!.ExportEncryptedPkcs8PrivateKeyPem(password.ToCharArray(), pbeParameters); + b64ClientCertificate = Convert.ToBase64String(Encoding.UTF8.GetBytes(keyPem + '\n' + pemCert)); + } + + // Set up the certificate store with names that correspond to how we expect them to be interpreted by + // the builder + CertificateStore fakeCertificateStoreDetails = new() + { + ClientMachine = "fake-tenant-id", + StorePath = "fake-azure-target-object-id", + Properties = $@"{{""ServerUsername"": ""fake-azure-application-id"",""ClientCertificatePassword"": ""{password}"",""ClientCertificate"": ""{b64ClientCertificate}"",""AzureCloud"": ""fake-azure-cloud""}}" + }; + + // Act + jobClientBuilderWithFakeBuilder + .WithV2CertificateStoreDetails(fakeCertificateStoreDetails) + .Build(); + + // Assert + + // IAzureGraphClient doesn't require any of the properties set by the builder to be exposed + // since the production Build() method creates an Azure Resource Manager client. + // But, our builder is fake and exposes the properties we need to test (via the FakeBuilder class). + Assert.Equal("fake-tenant-id", jobClientBuilderWithFakeBuilder._builder._tenantId); + Assert.Equal("fake-azure-target-object-id", jobClientBuilderWithFakeBuilder._builder._targetObjectId); Assert.Equal("fake-azure-application-id", jobClientBuilderWithFakeBuilder._builder._applicationId); Assert.Equal("fake-azure-cloud", jobClientBuilderWithFakeBuilder._builder._azureCloudEndpoint); Assert.Equal(ssCert.GetCertHash(), jobClientBuilderWithFakeBuilder._builder._clientCertificate!.GetCertHash()); @@ -151,14 +283,14 @@ public static X509Certificate2 GetSelfSignedCert(string hostname) SubjectAlternativeNameBuilder subjectAlternativeNameBuilder = new SubjectAlternativeNameBuilder(); subjectAlternativeNameBuilder.AddDnsName(hostname); req.CertificateExtensions.Add(subjectAlternativeNameBuilder.Build()); - req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false)); + req.CertificateExtensions.Add(new X509KeyUsageExtension(X509KeyUsageFlags.DataEncipherment | X509KeyUsageFlags.KeyEncipherment | X509KeyUsageFlags.DigitalSignature, false)); req.CertificateExtensions.Add(new X509EnhancedKeyUsageExtension(new OidCollection { new Oid("2.5.29.32.0"), new Oid("1.3.6.1.5.5.7.3.1") }, false)); X509Certificate2 selfSignedCert = req.CreateSelfSigned(DateTimeOffset.Now, DateTimeOffset.Now.AddYears(5)); Console.Write($"Created self-signed certificate for \"{hostname}\" with thumbprint {selfSignedCert.Thumbprint}\n"); return selfSignedCert; } - + static void ConfigureLogging() { var config = new NLog.Config.LoggingConfiguration(); @@ -175,7 +307,7 @@ static void ConfigureLogging() LogHandler.Factory = LoggerFactory.Create(builder => { - builder.AddNLog(); + builder.AddNLog(); }); } } diff --git a/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Discovery.cs new file mode 100644 index 0000000..00741c1 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Discovery.cs @@ -0,0 +1,113 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs; + +public class Discovery : IDiscoveryJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureApp2"; + + private bool _clientInitializedByInjection = false; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpdate callback) + { + if (Client != null) _clientInitializedByInjection = true; + + _logger.LogDebug("Beginning Azure Application 2 (App Registration/Application) Discovery Job"); + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + List discoveredApplicationIds = new(); + + foreach (var tenantId in TenantIdsToSearchFromJobConfig(config)) + { + _logger.LogTrace($"Processing tenantId: {tenantId}"); + + // If the client was not injected, create a new one with the tenant ID determied by + // the TenantIdsToSearchFromJobConfig method + if (!_clientInitializedByInjection) + { + Client = new GraphJobClientBuilder() + .WithDiscoveryJobConfiguration(config, tenantId) + .Build(); + } + + try + { + var operationResult = Client.DiscoverApplicationObjectIds(); + if (!operationResult.Success) + { + result.FailureMessage += operationResult.ErrorMessage; + _logger.LogWarning(result.FailureMessage); + continue; + } + discoveredApplicationIds.AddRange(operationResult.Result); + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); + result.FailureMessage = ex.Message; + return result; + } + } + + try + { + callback(discoveredApplicationIds); + result.Result = OrchestratorJobStatusJobResult.Success; + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); + result.FailureMessage = ex.Message; + } + + return result; + } + + private IEnumerable TenantIdsToSearchFromJobConfig(DiscoveryJobConfiguration config) + { + string directoriesToSearchAsString = config.JobProperties?["dirs"] as string; + _logger.LogTrace($"Directories to search: {directoriesToSearchAsString}"); + + if (string.IsNullOrEmpty(directoriesToSearchAsString) || string.Equals(directoriesToSearchAsString, "*")) + { + _logger.LogTrace($"No directories to search provided, using default tenant ID: {config.ClientMachine}"); + return new List { config.ClientMachine }; + } + + List tenantIdsToSearch = new(); + tenantIdsToSearch.AddRange(directoriesToSearchAsString.Split(',')); + tenantIdsToSearch.ForEach(tenantId => tenantId = tenantId.Trim()); + + _logger.LogTrace($"Tenant IDs to search: {string.Join(',', tenantIdsToSearch)}"); + return tenantIdsToSearch; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Inventory.cs b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Inventory.cs new file mode 100644 index 0000000..ced27d8 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Inventory.cs @@ -0,0 +1,94 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Linq; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs; + +public class Inventory : IInventoryJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureApp2"; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) + { + _logger.LogDebug($"Beginning Azure Application 2 (App Registration/Application) Inventory Job"); + + if (Client == null) + { + Client = new GraphJobClientBuilder() + .WithV2CertificateStoreDetails(config.CertificateStoreDetails) + .Build(); + } + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + List inventoryItems; + + try + { + OperationResult> inventoryResult = Client.GetApplicationCertificates(); + if (!inventoryResult.Success) + { + // Aggregate the messages into the failure message. Since an exception wasn't thrown, + // we still have a partial success. We want to return a warning. + result.FailureMessage += inventoryResult.ErrorMessage; + result.Result = OrchestratorJobStatusJobResult.Warning; + _logger.LogWarning(result.FailureMessage); + } + else + { + result.Result = OrchestratorJobStatusJobResult.Success; + } + + // At least partial success is guaranteed, so we can continue with the inventory items + // that we were able to pull down. + inventoryItems = inventoryResult.Result.ToList(); + + } + catch (Exception ex) + { + + // Exception is triggered if we weren't able to pull down the list of certificates + // from Azure. This could be due to a number of reasons, including network issues, + // or the user not having the correct permissions. An exception won't be triggered + // if there are no certificates in the Application, or if we weren't able to assemble + // the list of certificates into a CurrentInventoryItem. + + _logger.LogError(ex, "Error getting Application Certificates:\n" + ex.Message); + result.FailureMessage = "Error getting Application Certificates:\n" + ex.Message; + return result; + } + + _logger.LogDebug($"Found {inventoryItems.Count} certificates in Application"); + + cb(inventoryItems); + + return result; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Management.cs b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Management.cs new file mode 100644 index 0000000..9ba56f8 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureApp2Jobs/Management.cs @@ -0,0 +1,149 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs; + +public class Management : IManagementJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureApp"; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning Application 2 (App Registration/Application) Management Job"); + + if (Client == null) + { + Client = new GraphJobClientBuilder() + .WithV2CertificateStoreDetails(config.CertificateStoreDetails) + .Build(); + } + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + try + { + var operation = DetermineOperation(config); + result.Result = operation switch + { + OperationType.Replace => ReplaceCertificate(config), + OperationType.Add => AddCertificate(config), + OperationType.Remove => RemoveCertificate(config), + OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, + _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") + }; + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing job: {ex.Message}"); + result.FailureMessage = ex.Message; + } + + return result; + } + + private enum OperationType + { + Add, + Remove, + Replace, + DoNothing, + None + } + + private OperationType DetermineOperation(ManagementJobConfiguration config) + { + if (config.OperationType == CertStoreOperationType.Add && config.Overwrite) + return OperationType.Replace; + + if (config.OperationType == CertStoreOperationType.Add) + return OperationType.Add; + + if (config.OperationType == CertStoreOperationType.Remove) + return OperationType.Remove; + + return OperationType.None; + } + + private OrchestratorJobStatusJobResult AddCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning AddCertificate operation"); + + // The AzureApp Certificate Store Type doesn't support private key handling + if (string.IsNullOrWhiteSpace(config.JobCertificate.PrivateKeyPassword) == false) + { + throw new Exception("Private key handling is not supported for AzureApp Certificate Store Type."); + } + + if (string.IsNullOrWhiteSpace(config.JobCertificate.Alias)) + { + throw new Exception("Certificate alias is required."); + } + + _logger.LogTrace($"Adding certificate with alias [{config.JobCertificate.Alias}]"); + + // Don't check if the certificate already exists; Command shouldn't allow non-unique + // aliases to be added and if the certificate already exists, the operation should fail. + + Client.AddApplicationCertificate( + config.JobCertificate.Alias, + config.JobCertificate.Contents + ); + + _logger.LogDebug("AddCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } + + private OrchestratorJobStatusJobResult ReplaceCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning ReplaceCertificate operation"); + + RemoveCertificate(config); + AddCertificate(config); + + _logger.LogDebug("ReplaceCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } + + private OrchestratorJobStatusJobResult RemoveCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning RemoveCertificate operation"); + + _logger.LogTrace($"Removing certificate with alias [{config.JobCertificate.Alias}]"); + + // If the certificate doesn't exist, the operation should fail. + + Client.RemoveApplicationCertificate(config.JobCertificate.Alias); + + _logger.LogDebug("RemoveCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs index aa3993b..9bcaaf8 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Discovery.cs @@ -35,6 +35,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd { if (Client != null) _clientInitializedByInjection = true; + _logger.LogWarning("Azure Application (App Registration/Application) is DEPRICATED and will be removed in a future version. Please migrate to AzureApp2"); + _logger.LogDebug("Beginning Azure Application (App Registration/Application) Discovery Job"); JobResult result = new JobResult @@ -60,7 +62,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd try { - var operationResult = Client.DiscoverApplicationObjectIds(); + var operationResult = Client.DiscoverApplicationApplicationIds(); if (!operationResult.Success) { result.FailureMessage += operationResult.ErrorMessage; diff --git a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Inventory.cs b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Inventory.cs index 27cc84c..17ee8f5 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Inventory.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Inventory.cs @@ -30,21 +30,23 @@ public class Inventory : IInventoryJobExtension ILogger _logger = LogHandler.GetClassLogger(); - public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) + public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) { + _logger.LogWarning("Azure Application (App Registration/Application) is DEPRICATED and will be removed in a future version. Please migrate to AzureApp2"); + _logger.LogDebug($"Beginning Azure Application (App Registration/Application) Inventory Job"); if (Client == null) { Client = new GraphJobClientBuilder() - .WithCertificateStoreDetails(config.CertificateStoreDetails) + .WithV1CertificateStoreDetails(config.CertificateStoreDetails, ExtensionName) .Build(); } JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; List inventoryItems; @@ -56,10 +58,10 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd { // Aggregate the messages into the failure message. Since an exception wasn't thrown, // we still have a partial success. We want to return a warning. - result.FailureMessage += inventoryResult.ErrorMessage; + result.FailureMessage += inventoryResult.ErrorMessage; result.Result = OrchestratorJobStatusJobResult.Warning; _logger.LogWarning(result.FailureMessage); - } + } else { result.Result = OrchestratorJobStatusJobResult.Success; @@ -69,7 +71,8 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd // that we were able to pull down. inventoryItems = inventoryResult.Result.ToList(); - } catch (Exception ex) + } + catch (Exception ex) { // Exception is triggered if we weren't able to pull down the list of certificates diff --git a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Management.cs b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Management.cs index e210a66..590c077 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Management.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureAppJobs/Management.cs @@ -30,19 +30,21 @@ public class Management : IManagementJobExtension public JobResult ProcessJob(ManagementJobConfiguration config) { + _logger.LogWarning("Azure Application (App Registration/Application) is DEPRICATED and will be removed in a future version. Please migrate to AzureApp2"); + _logger.LogDebug("Beginning Application (App Registration/Application) Management Job"); if (Client == null) { Client = new GraphJobClientBuilder() - .WithCertificateStoreDetails(config.CertificateStoreDetails) + .WithV1CertificateStoreDetails(config.CertificateStoreDetails, ExtensionName) .Build(); } JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; try @@ -51,10 +53,10 @@ public JobResult ProcessJob(ManagementJobConfiguration config) result.Result = operation switch { OperationType.Replace => ReplaceCertificate(config), - OperationType.Add => AddCertificate(config), - OperationType.Remove => RemoveCertificate(config), - OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, - _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") + OperationType.Add => AddCertificate(config), + OperationType.Remove => RemoveCertificate(config), + OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, + _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") }; } catch (Exception ex) diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Discovery.cs new file mode 100644 index 0000000..accb6df --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Discovery.cs @@ -0,0 +1,113 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs; + +public class Discovery : IDiscoveryJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureSP2"; + + private bool _clientInitializedByInjection = false; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpdate callback) + { + if (Client != null) _clientInitializedByInjection = true; + + _logger.LogDebug("Beginning Azure Service Principal 2 (Enterprise Application/Service Principal) Discovery Job"); + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + List discoveredApplicationIds = new(); + + foreach (var tenantId in TenantIdsToSearchFromJobConfig(config)) + { + _logger.LogTrace($"Processing tenantId: {tenantId}"); + + // If the client was not injected, create a new one with the tenant ID determied by + // the TenantIdsToSearchFromJobConfig method + if (!_clientInitializedByInjection) + { + Client = new GraphJobClientBuilder() + .WithDiscoveryJobConfiguration(config, tenantId) + .Build(); + } + + try + { + var operationResult = Client.DiscoverServicePrincipalObjectIds(); + if (!operationResult.Success) + { + result.FailureMessage += operationResult.ErrorMessage; + _logger.LogWarning(result.FailureMessage); + continue; + } + discoveredApplicationIds.AddRange(operationResult.Result); + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); + result.FailureMessage = ex.Message; + return result; + } + } + + try + { + callback(discoveredApplicationIds); + result.Result = OrchestratorJobStatusJobResult.Success; + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing discovery job:\n {ex.Message}"); + result.FailureMessage = ex.Message; + } + + return result; + } + + private IEnumerable TenantIdsToSearchFromJobConfig(DiscoveryJobConfiguration config) + { + string directoriesToSearchAsString = config.JobProperties?["dirs"] as string; + _logger.LogTrace($"Directories to search: {directoriesToSearchAsString}"); + + if (string.IsNullOrEmpty(directoriesToSearchAsString) || string.Equals(directoriesToSearchAsString, "*")) + { + _logger.LogTrace($"No directories to search provided, using default tenant ID: {config.ClientMachine}"); + return new List { config.ClientMachine }; + } + + List tenantIdsToSearch = new(); + tenantIdsToSearch.AddRange(directoriesToSearchAsString.Split(',')); + tenantIdsToSearch.ForEach(tenantId => tenantId = tenantId.Trim()); + + _logger.LogTrace($"Tenant IDs to search: {string.Join(',', tenantIdsToSearch)}"); + return tenantIdsToSearch; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Inventory.cs b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Inventory.cs new file mode 100644 index 0000000..a216fc5 --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Inventory.cs @@ -0,0 +1,94 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using System.Collections.Generic; +using System.Linq; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs; + +public class Inventory : IInventoryJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureSP2"; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) + { + _logger.LogDebug($"Beginning Azure Service Principal 2 (Enterprise Application/Service Principal) Inventory Job"); + + if (Client == null) + { + Client = new GraphJobClientBuilder() + .WithV2CertificateStoreDetails(config.CertificateStoreDetails) + .Build(); + } + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + List inventoryItems; + + try + { + OperationResult> inventoryResult = Client.GetServicePrincipalCertificates(); + if (!inventoryResult.Success) + { + // Aggregate the messages into the failure message. Since an exception wasn't thrown, + // we still have a partial success. We want to return a warning. + result.FailureMessage += inventoryResult.ErrorMessage; + result.Result = OrchestratorJobStatusJobResult.Warning; + _logger.LogWarning(result.FailureMessage); + } + else + { + result.Result = OrchestratorJobStatusJobResult.Success; + } + + // At least partial success is guaranteed, so we can continue with the inventory items + // that we were able to pull down. + inventoryItems = inventoryResult.Result.ToList(); + + } + catch (Exception ex) + { + + // Exception is triggered if we weren't able to pull down the list of certificates + // from Azure. This could be due to a number of reasons, including network issues, + // or the user not having the correct permissions. An exception won't be triggered + // if there are no certificates in the Application, or if we weren't able to assemble + // the list of certificates into a CurrentInventoryItem. + + _logger.LogError(ex, "Error getting Service Principal (SAML) Certificates:\n" + ex.Message); + result.FailureMessage = "Error getting Application Certificates:\n" + ex.Message; + return result; + } + + _logger.LogDebug($"Found {inventoryItems.Count} certificates in Service Principal (SAML) Application."); + + cb(inventoryItems); + + return result; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Management.cs b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Management.cs new file mode 100644 index 0000000..8ff47de --- /dev/null +++ b/AzureEnterpriseApplicationOrchestrator/AzureSP2Jobs/Management.cs @@ -0,0 +1,151 @@ +// Copyright 2024 Keyfactor +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +using System; +using AzureEnterpriseApplicationOrchestrator.Client; +using Keyfactor.Logging; +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using Microsoft.Extensions.Logging; + +namespace AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs; + +public class Management : IManagementJobExtension +{ + public IAzureGraphClient Client { get; set; } + public string ExtensionName => "AzureSP2"; + + ILogger _logger = LogHandler.GetClassLogger(); + + public JobResult ProcessJob(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning Service Principal 2 (Enterprise Application/Service Principal) Management Job"); + + if (Client == null) + { + Client = new GraphJobClientBuilder() + .WithV2CertificateStoreDetails(config.CertificateStoreDetails) + .Build(); + } + + JobResult result = new JobResult + { + Result = OrchestratorJobStatusJobResult.Failure, + JobHistoryId = config.JobHistoryId + }; + + try + { + var operation = DetermineOperation(config); + result.Result = operation switch + { + OperationType.Replace => ReplaceCertificate(config), + OperationType.Add => AddCertificate(config), + OperationType.Remove => RemoveCertificate(config), + OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, + _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") + }; + } + catch (Exception ex) + { + _logger.LogError(ex, $"Error processing job: {ex.Message}"); + result.FailureMessage = ex.Message; + } + + return result; + } + + private enum OperationType + { + Add, + Remove, + Replace, + DoNothing, + None + } + + private OperationType DetermineOperation(ManagementJobConfiguration config) + { + if (config.OperationType == CertStoreOperationType.Add && config.Overwrite) + return OperationType.Replace; + + if (config.OperationType == CertStoreOperationType.Add) + return OperationType.Add; + + if (config.OperationType == CertStoreOperationType.Remove) + return OperationType.Remove; + + return OperationType.None; + } + + private OrchestratorJobStatusJobResult AddCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning AddCertificate operation"); + + // If a private key password was not provided, Command didn't return + // the certificate in PKCS#12 format. + if (string.IsNullOrWhiteSpace(config.JobCertificate.PrivateKeyPassword)) + { + throw new Exception("Certificate must be in PKCS#12 format - no private key password provided."); + } + + if (string.IsNullOrWhiteSpace(config.JobCertificate.Alias)) + { + throw new Exception("Certificate alias is required."); + } + + _logger.LogTrace($"Adding certificate with alias [{config.JobCertificate.Alias}]"); + + // Don't check if the certificate already exists; Command shouldn't allow non-unique + // aliases to be added and if the certificate already exists, the operation should fail. + + Client.AddServicePrincipalCertificate( + config.JobCertificate.Alias, + config.JobCertificate.Contents, + config.JobCertificate.PrivateKeyPassword + ); + + _logger.LogDebug("AddCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } + + private OrchestratorJobStatusJobResult ReplaceCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning ReplaceCertificate operation"); + + RemoveCertificate(config); + AddCertificate(config); + + _logger.LogDebug("ReplaceCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } + + private OrchestratorJobStatusJobResult RemoveCertificate(ManagementJobConfiguration config) + { + _logger.LogDebug("Beginning RemoveCertificate operation"); + + _logger.LogTrace($"Removing certificate with alias [{config.JobCertificate.Alias}]"); + + // If the certificate doesn't exist, the operation should fail. + + Client.RemoveServicePrincipalCertificate(config.JobCertificate.Alias); + + _logger.LogDebug("RemoveCertificate operation complete"); + + return OrchestratorJobStatusJobResult.Success; + } +} + diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs index 1fa1ee7..599d306 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Discovery.cs @@ -35,6 +35,8 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd { if (Client != null) _clientInitializedByInjection = true; + _logger.LogWarning("Azure Service Principal (Enterprise Application/Service Principal) is DEPRICATED and will be removed in a future version. Please use AzureSP2"); + _logger.LogDebug("Beginning Azure Service Principal (Enterprise Application/Service Principal) Discovery Job"); JobResult result = new JobResult @@ -60,7 +62,7 @@ public JobResult ProcessJob(DiscoveryJobConfiguration config, SubmitDiscoveryUpd try { - var operationResult = Client.DiscoverServicePrincipalObjectIds(); + var operationResult = Client.DiscoverServicePrincipalApplicationIds(); if (!operationResult.Success) { result.FailureMessage += operationResult.ErrorMessage; diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Inventory.cs b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Inventory.cs index 53e7b9e..9279ce5 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Inventory.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Inventory.cs @@ -30,21 +30,23 @@ public class Inventory : IInventoryJobExtension ILogger _logger = LogHandler.GetClassLogger(); - public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) + public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpdate cb) { + _logger.LogWarning("Azure Service Principal (Enterprise Application/Service Principal) is DEPRICATED and will be removed in a future version. Please use AzureSP2"); + _logger.LogDebug($"Beginning Azure Service Principal (Enterprise Application/Service Principal) Inventory Job"); if (Client == null) { Client = new GraphJobClientBuilder() - .WithCertificateStoreDetails(config.CertificateStoreDetails) + .WithV1CertificateStoreDetails(config.CertificateStoreDetails, ExtensionName) .Build(); } JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; List inventoryItems; @@ -56,10 +58,10 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd { // Aggregate the messages into the failure message. Since an exception wasn't thrown, // we still have a partial success. We want to return a warning. - result.FailureMessage += inventoryResult.ErrorMessage; + result.FailureMessage += inventoryResult.ErrorMessage; result.Result = OrchestratorJobStatusJobResult.Warning; _logger.LogWarning(result.FailureMessage); - } + } else { result.Result = OrchestratorJobStatusJobResult.Success; @@ -69,7 +71,8 @@ public JobResult ProcessJob(InventoryJobConfiguration config, SubmitInventoryUpd // that we were able to pull down. inventoryItems = inventoryResult.Result.ToList(); - } catch (Exception ex) + } + catch (Exception ex) { // Exception is triggered if we weren't able to pull down the list of certificates diff --git a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Management.cs b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Management.cs index 5540183..5e52827 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Management.cs +++ b/AzureEnterpriseApplicationOrchestrator/AzureSPJobs/Management.cs @@ -30,19 +30,21 @@ public class Management : IManagementJobExtension public JobResult ProcessJob(ManagementJobConfiguration config) { + _logger.LogWarning("Azure Service Principal (Enterprise Application/Service Principal) is DEPRICATED and will be removed in a future version. Please use AzureSP2"); + _logger.LogDebug("Beginning Service Principal (Enterprise Application/Service Principal) Management Job"); if (Client == null) { Client = new GraphJobClientBuilder() - .WithCertificateStoreDetails(config.CertificateStoreDetails) + .WithV1CertificateStoreDetails(config.CertificateStoreDetails, ExtensionName) .Build(); } JobResult result = new JobResult { Result = OrchestratorJobStatusJobResult.Failure, - JobHistoryId = config.JobHistoryId + JobHistoryId = config.JobHistoryId }; try @@ -51,10 +53,10 @@ public JobResult ProcessJob(ManagementJobConfiguration config) result.Result = operation switch { OperationType.Replace => ReplaceCertificate(config), - OperationType.Add => AddCertificate(config), - OperationType.Remove => RemoveCertificate(config), - OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, - _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") + OperationType.Add => AddCertificate(config), + OperationType.Remove => RemoveCertificate(config), + OperationType.DoNothing => OrchestratorJobStatusJobResult.Success, + _ => throw new Exception($"Invalid Management operation type [{config.OperationType}]") }; } catch (Exception ex) diff --git a/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs b/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs index 0dfd6c2..467aafc 100644 --- a/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs +++ b/AzureEnterpriseApplicationOrchestrator/Client/GraphClient.cs @@ -55,6 +55,7 @@ private GraphClient(GraphServiceClient graphClient) public class Builder : IAzureGraphClientBuilder { + ILogger _logger = LogHandler.GetClassLogger(); private GraphClient _client = new(); private string _tenantId { get; set; } @@ -62,6 +63,8 @@ public class Builder : IAzureGraphClientBuilder private string _clientSecret { get; set; } private X509Certificate2 _clientCertificate { get; set; } private string _targetObjectId { get; set; } + private string _targetServicePrincipalApplicationId { get; set; } + private string _targetApplicationApplicationId { get; set; } private Uri _azureCloudEndpoint { get; set; } public IAzureGraphClientBuilder WithTenantId(string tenantId) @@ -76,6 +79,18 @@ public IAzureGraphClientBuilder WithTargetObjectId(string objectId) return this; } + public IAzureGraphClientBuilder WithTargetServicePrincipalApplicationId(string applicationId) + { + _targetServicePrincipalApplicationId = applicationId; + return this; + } + + public IAzureGraphClientBuilder WithTargetApplicationApplicationId(string applicationId) + { + _targetApplicationApplicationId = applicationId; + return this; + } + public IAzureGraphClientBuilder WithApplicationId(string applicationId) { _applicationId = applicationId; @@ -120,10 +135,60 @@ public IAzureGraphClientBuilder WithAzureCloud(string azureCloud) return this; } + private string GetApplicationObjectId(GraphServiceClient client, string applicationApplicationId) + { + ApplicationCollectionResponse apps; + try + { + apps = client.Applications.GetAsync(requestConfiguration => + { + requestConfiguration.QueryParameters.Filter = $"(appId eq '{applicationApplicationId}')"; + requestConfiguration.QueryParameters.Top = 1; + }).Result; + } + catch (AggregateException e) + { + _logger.LogError($"Unable to query MS Graph for Application \"{applicationApplicationId}\": {e}"); + throw; + } + + if (apps?.Value == null || apps.Value.Count == 0 || string.IsNullOrEmpty(apps.Value.FirstOrDefault()?.Id)) + { + throw new Exception($"Application with Application ID \"{applicationApplicationId}\" not found in tenant \"{_tenantId}\""); + } + + return apps.Value.FirstOrDefault()?.Id; ; + } + + private string GetServicePrincipalObjectId(GraphServiceClient client, string servicePrincipalApplicationId) + { + ServicePrincipalCollectionResponse sps; + try + { + sps = client.ServicePrincipals.GetAsync(requestConfiguration => + { + requestConfiguration.QueryParameters.Filter = $"(appId eq '{servicePrincipalApplicationId}')"; + requestConfiguration.QueryParameters.Top = 1; + }).Result; + } + catch (AggregateException e) + { + _logger.LogError($"Unable to query MS Graph for ServicePrincipal \"{servicePrincipalApplicationId}\": {e}"); + throw; + } + + if (sps?.Value == null || sps.Value.Count == 0 || string.IsNullOrEmpty(sps.Value.FirstOrDefault()?.Id)) + { + throw new Exception($"Service Principal with Application ID \"{servicePrincipalApplicationId}\" not found in tenant \"{_tenantId}\""); + } + + return sps.Value.FirstOrDefault()?.Id; ; + } + public IAzureGraphClient Build() { - ILogger logger = LogHandler.GetClassLogger(); - logger.LogDebug($"Creating Graph Client for tenant ID '{_tenantId}' to target application ID '{_applicationId}'."); + + _logger.LogDebug($"Creating Graph Client for tenant ID '{_tenantId}' to target application ID '{_applicationId}'."); // Setting up credentials for Azure Resource Management. DefaultAzureCredentialOptions credentialOptions = new DefaultAzureCredentialOptions @@ -135,15 +200,11 @@ public IAzureGraphClient Build() TokenCredential credential; if (!string.IsNullOrWhiteSpace(_clientSecret)) { - credential = new ClientSecretCredential( - _tenantId, _applicationId, _clientSecret, credentialOptions - ); + credential = new ClientSecretCredential(_tenantId, _applicationId, _clientSecret, credentialOptions); } else if (_clientCertificate != null) { - credential = new ClientCertificateCredential( - _tenantId, _applicationId, _clientCertificate, credentialOptions - ); + credential = new ClientCertificateCredential(_tenantId, _applicationId, _clientCertificate, credentialOptions); } else { @@ -155,12 +216,20 @@ public IAzureGraphClient Build() // Creating Graph Client with the specified credentials. GraphServiceClient graphClient = new GraphServiceClient(credential, scopes); + + if (string.IsNullOrEmpty(_targetObjectId)) + { + if (!string.IsNullOrEmpty(_targetApplicationApplicationId)) _targetObjectId = GetApplicationObjectId(graphClient, _targetApplicationApplicationId); + else if (!string.IsNullOrEmpty(_targetServicePrincipalApplicationId)) _targetObjectId = GetServicePrincipalObjectId(graphClient, _targetServicePrincipalApplicationId); + // Discovery job doesn't require a target object ID. + } + _client._graphClient = graphClient; _client._credential = credential; _client._tenantId = _tenantId; _client._targetObjectId = _targetObjectId; - logger.LogTrace("Azure Resource Management client created."); + _logger.LogTrace("Azure Resource Management client created."); return _client; } } @@ -189,18 +258,18 @@ public void AddApplicationCertificate(string certificateName, string certificate _graphClient.Applications[_targetObjectId].PatchAsync(new Application { KeyCredentials = new List(DeepCopyKeyList(application.KeyCredentials)) - { + { new KeyCredential { - DisplayName = certificateName, - Type = "AsymmetricX509Cert", - Usage = "Verify", - CustomKeyIdentifier = customKeyId, - StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), - EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), - KeyId = Guid.NewGuid(), - Key = System.Text.Encoding.UTF8.GetBytes(certPem) - } + DisplayName = certificateName, + Type = "AsymmetricX509Cert", + Usage = "Verify", + CustomKeyIdentifier = customKeyId, + StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), + EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), + KeyId = Guid.NewGuid(), + Key = System.Text.Encoding.UTF8.GetBytes(certPem) } + } }).Wait(); } catch (AggregateException e) @@ -282,45 +351,44 @@ public void AddServicePrincipalCertificate(string certificateName, string certif _graphClient.ServicePrincipals[_targetObjectId].PatchAsync(new ServicePrincipal { KeyCredentials = new List() - { + { new KeyCredential { - DisplayName = certificateName, - Type = "AsymmetricX509Cert", - Usage = "Verify", - CustomKeyIdentifier = customKeyId, - StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), - EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), - KeyId = Guid.NewGuid(), - Key = certificate.Export(X509ContentType.Cert) + DisplayName = certificateName, + Type = "AsymmetricX509Cert", + Usage = "Verify", + CustomKeyIdentifier = customKeyId, + StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), + EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), + KeyId = Guid.NewGuid(), + Key = certificate.Export(X509ContentType.Cert) }, new KeyCredential { - DisplayName = certificateName, - Type = "X509CertAndPassword", - Usage = "Sign", - CustomKeyIdentifier = customKeyId, - StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), - EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), - KeyId = privKeyGuid, - Key = certificate.Export(X509ContentType.Pfx, certificatePassword) + DisplayName = certificateName, + Type = "X509CertAndPassword", + Usage = "Sign", + CustomKeyIdentifier = customKeyId, + StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), + EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), + KeyId = privKeyGuid, + Key = certificate.Export(X509ContentType.Pfx, certificatePassword) } - }, + }, PasswordCredentials = new List() + { + new PasswordCredential { - new PasswordCredential - { - CustomKeyIdentifier = customKeyId, - KeyId = privKeyGuid, - StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), - EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), - SecretText = certificatePassword, - } + CustomKeyIdentifier = customKeyId, + KeyId = privKeyGuid, + StartDateTime = DateTimeOffset.Parse(certificate.GetEffectiveDateString()), + EndDateTime = DateTimeOffset.Parse(certificate.GetExpirationDateString()), + SecretText = certificatePassword, } + } }).Wait(); } catch (AggregateException e) { _logger.LogWarning($"Failed to update service principal object: {e}"); - // TODO remove certificates to avoid leaving the service principal in a bad state throw; } @@ -335,7 +403,6 @@ public void AddServicePrincipalCertificate(string certificateName, string certif catch (AggregateException e) { _logger.LogWarning($"Failed to set preferred SAML certificate: {e}"); - // TODO remove certificates to avoid leaving the service principal in a bad state throw; } } @@ -443,10 +510,10 @@ public OperationResult> DiscoverApplicationObjectIds() { _logger.LogDebug($"Found application \"{app.DisplayName}\" ({app.Id})"); - if (app.Id == null) + if (string.IsNullOrEmpty(app.Id)) { - _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.Id}) does not have an Object ID"); - result.AddRuntimeErrorMessage($"Application \"{app.DisplayName}\" ({app.Id}) does not have an Object ID"); + _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.AppId}) does not have an Object ID"); + result.AddRuntimeErrorMessage($"Application \"{app.DisplayName}\" ({app.AppId}) does not have an Object ID"); continue; } @@ -482,6 +549,92 @@ public OperationResult> DiscoverServicePrincipalObjectIds() return result; } + foreach (ServicePrincipal sp in sps.Value) + { + _logger.LogDebug($"Found SP \"{sp.DisplayName}\" ({sp.Id})"); + + if (string.IsNullOrEmpty(sp.Id)) + { + _logger.LogWarning($"Service Principal \"{sp.DisplayName}\" ({sp.Id}) does not have an Object ID"); + result.AddRuntimeErrorMessage($"Service Principal \"{sp.DisplayName}\" ({sp.Id}) does not have an Object ID"); + continue; + } + + oids.Add($"{sp.Id} ({sp.DisplayName})"); + } + + return result; + } + + public OperationResult> DiscoverApplicationApplicationIds() + { + List appIds = new(); + OperationResult> result = new(appIds); + + _logger.LogDebug($"Retrieving application registrations for tenant ID \"{_tenantId}\""); + ApplicationCollectionResponse apps; + try + { + apps = _graphClient.Applications.GetAsync((requestConfiguration) => + { + requestConfiguration.QueryParameters.Top = 999; + }).Result; + } + catch (AggregateException e) + { + _logger.LogError($"Unable to retrieve application registrations for tenant ID \"{_tenantId}\": {e}"); + throw; + } + + if (apps?.Value == null || apps.Value.Count == 0) + { + _logger.LogWarning($"No application registrations found for tenant ID \"{_tenantId}\""); + return result; + } + + foreach (Application app in apps.Value) + { + _logger.LogDebug($"Found application \"{app.DisplayName}\" ({app.Id})"); + + if (string.IsNullOrEmpty(app.AppId)) + { + _logger.LogWarning($"Application \"{app.DisplayName}\" ({app.Id}) does not have an App ID"); + result.AddRuntimeErrorMessage($"Application \"{app.DisplayName}\" ({app.Id}) does not have an App ID"); + continue; + } + + appIds.Add($"{app.AppId} ({app.DisplayName})"); + } + + return result; + } + + public OperationResult> DiscoverServicePrincipalApplicationIds() + { + List appIds = new(); + OperationResult> result = new(appIds); + + _logger.LogDebug($"Retrieving Service Principals for tenant ID \"{_tenantId}\""); + ServicePrincipalCollectionResponse sps; + try + { + sps = _graphClient.ServicePrincipals.GetAsync((requestConfiguration) => + { + requestConfiguration.QueryParameters.Top = 999; + }).Result; + } + catch (AggregateException e) + { + _logger.LogError($"Unable to retrieve Service Principals for tenant ID \"{_tenantId}\": {e}"); + throw; + } + + if (sps?.Value == null || sps.Value.Count == 0) + { + _logger.LogWarning($"No Service Principals found for tenant ID \"{_tenantId}\""); + return result; + } + foreach (ServicePrincipal sp in sps.Value) { _logger.LogDebug($"Found SP \"{sp.DisplayName}\" ({sp.Id})"); @@ -493,7 +646,7 @@ public OperationResult> DiscoverServicePrincipalObjectIds() continue; } - oids.Add($"{sp.Id} ({sp.DisplayName})"); + appIds.Add($"{sp.AppId} ({sp.DisplayName})"); } return result; diff --git a/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs b/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs index 3f3148a..99be8f0 100644 --- a/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs +++ b/AzureEnterpriseApplicationOrchestrator/Client/IAzureGraphClient.cs @@ -20,13 +20,15 @@ namespace AzureEnterpriseApplicationOrchestrator.Client; public interface IAzureGraphClientBuilder { - public IAzureGraphClientBuilder WithTenantId(string tenantId); - public IAzureGraphClientBuilder WithTargetObjectId(string applicationId); - public IAzureGraphClientBuilder WithApplicationId(string applicationId); - public IAzureGraphClientBuilder WithClientSecret(string clientSecret); - public IAzureGraphClientBuilder WithClientCertificate(X509Certificate2 clientCertificate); - public IAzureGraphClientBuilder WithAzureCloud(string azureCloud); - public IAzureGraphClient Build(); + IAzureGraphClientBuilder WithTenantId(string tenantId); + IAzureGraphClientBuilder WithTargetObjectId(string applicationId); + IAzureGraphClientBuilder WithTargetServicePrincipalApplicationId(string applicationId); + IAzureGraphClientBuilder WithTargetApplicationApplicationId(string applicationId); + IAzureGraphClientBuilder WithApplicationId(string applicationId); + IAzureGraphClientBuilder WithClientSecret(string clientSecret); + IAzureGraphClientBuilder WithClientCertificate(X509Certificate2 clientCertificate); + IAzureGraphClientBuilder WithAzureCloud(string azureCloud); + IAzureGraphClient Build(); } public class OperationResult @@ -65,5 +67,8 @@ public interface IAzureGraphClient // Discovery public OperationResult> DiscoverApplicationObjectIds(); + public OperationResult> DiscoverApplicationApplicationIds(); + public OperationResult> DiscoverServicePrincipalObjectIds(); + public OperationResult> DiscoverServicePrincipalApplicationIds(); } diff --git a/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs b/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs index 95131f5..d5c8f0d 100644 --- a/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs +++ b/AzureEnterpriseApplicationOrchestrator/GraphJobClientBuilder.cs @@ -37,25 +37,44 @@ public record CertificateStoreProperties public string AzureCloud { get; init; } } - public GraphJobClientBuilder WithCertificateStoreDetails(CertificateStore details) + public record CertificateStoreV2Properties { - _logger.LogDebug($"Builder - Setting values from Certificate Store Details: {JsonConvert.SerializeObject(details)}"); + public string ServerUsername { get; init; } + public string ServerPassword { get; init; } + public string ClientCertificate { get; init; } + public string ClientCertificatePassword { get; init; } + public string AzureCloud { get; init; } + } + + public GraphJobClientBuilder WithV1CertificateStoreDetails(CertificateStore details, string storeTypeShortName) + { + _logger.LogDebug($"Builder - Setting values from V1 Certificate Store Details: {JsonConvert.SerializeObject(details)}"); CertificateStoreProperties properties = JsonConvert.DeserializeObject(details.Properties); _logger.LogTrace($"Builder - ClientMachine => TenantId: {details.ClientMachine}"); - _logger.LogTrace($"Builder - StorePath => TargetApplicationId: {details.StorePath}"); _logger.LogTrace($"Builder - ServerUsername => ApplicationId: {properties.ServerUsername}"); _logger.LogTrace($"Builder - AzureCloud => AzureCloud: {properties.AzureCloud}"); - // The Discovery Job returns Object IDs in the format ` ()`. - // We split out the first part to get the Object ID. - string normalizedObjectID = details.StorePath.Split(" ")[0]; + // The Discovery Job returns Application IDs in the format ` ()`. + // We split out the first part to get the Application ID. + string normalizedAppID = details.StorePath.Split(" ")[0]; + + if (storeTypeShortName == "AzureApp") + { + _logger.LogTrace($"Builder - StorePath => TargetApplicationApplicationId: {details.StorePath}"); + _builder.WithTargetApplicationApplicationId(normalizedAppID); + } + else if (storeTypeShortName == "AzureSP") + { + _logger.LogTrace($"Builder - StorePath => TargetServicePrincipalApplicationId: {details.StorePath}"); + _builder.WithTargetServicePrincipalApplicationId(normalizedAppID); + } + else throw new Exception($"{storeTypeShortName} is not supported by WithV1CertificateStoreDetails"); _builder .WithTenantId(details.ClientMachine) .WithApplicationId(properties.ServerUsername) - .WithTargetObjectId(normalizedObjectID) .WithAzureCloud(properties.AzureCloud); if (string.IsNullOrWhiteSpace(properties.ClientCertificate)) @@ -72,10 +91,53 @@ public GraphJobClientBuilder WithCertificateStoreDetails(CertificateSt _builder.WithClientCertificate(clientCert); } + return this; + } + + public GraphJobClientBuilder WithV2CertificateStoreDetails(CertificateStore details) + { + _logger.LogDebug($"Builder - Setting values from V2 Certificate Store Details: {JsonConvert.SerializeObject(details)}"); + + CertificateStoreV2Properties properties = JsonConvert.DeserializeObject(details.Properties); + + _logger.LogTrace($"Builder - ClientMachine => TenantId: {details.ClientMachine}"); + _logger.LogTrace($"Builder - StorePath => TargetApplicationObjectId: {details.StorePath}"); + _logger.LogTrace($"Builder - ServerUsername => ApplicationId: {properties.ServerUsername}"); + _logger.LogTrace($"Builder - AzureCloud => AzureCloud: {properties.AzureCloud}"); + + if (string.IsNullOrEmpty(details.ClientMachine)) throw new Exception("ClientMachine is required"); + if (string.IsNullOrEmpty(details.StorePath)) throw new Exception("StorePath is required"); + if (string.IsNullOrEmpty(properties.ServerUsername)) throw new Exception("ServerUsername is required"); + + // The Discovery Job returns Object IDs in the format ` ()`. + // We split out the first part to get the Object ID. + string normalizedObjectID = details.StorePath.Split(" ")[0]; + + _builder + .WithTenantId(details.ClientMachine) + .WithApplicationId(properties.ServerUsername) + .WithTargetObjectId(normalizedObjectID) + .WithAzureCloud(properties.AzureCloud); + + if (!string.IsNullOrEmpty(properties.ServerPassword)) + { + _logger.LogDebug("Client certificate not present - Using Client Secret authentication"); + _logger.LogTrace($"Builder - ServerPassword => ClientSecret: {properties.ServerPassword}"); + _builder.WithClientSecret(properties.ServerPassword); + } + else if (!string.IsNullOrEmpty(properties.ClientCertificate)) + { + _logger.LogDebug("Client certificate present - Using Client Certificate authentication"); + _logger.LogTrace($"Builder - ClientCertificatePassword => ClientCertificateKeyPassword: {properties.ClientCertificatePassword}"); + X509Certificate2 clientCert = SerializeClientCertificate(properties.ClientCertificate, properties.ClientCertificatePassword); + _builder.WithClientCertificate(clientCert); + } + else throw new Exception("One of ClientSecret or ClientCertificate is required to authenticate with Azure Graph"); return this; } + public GraphJobClientBuilder WithDiscoveryJobConfiguration(DiscoveryJobConfiguration config, string tenantId) { _logger.LogTrace($"Builder - tenantId => TenantId: {tenantId}"); diff --git a/AzureEnterpriseApplicationOrchestrator/manifest.json b/AzureEnterpriseApplicationOrchestrator/manifest.json index ff1e8e6..713c60b 100644 --- a/AzureEnterpriseApplicationOrchestrator/manifest.json +++ b/AzureEnterpriseApplicationOrchestrator/manifest.json @@ -1,30 +1,54 @@ { - "extensions": { - "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { - "CertStores.AzureApp.Inventory": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Inventory" - }, - "CertStores.AzureApp.Management": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Management" - }, - "CertStores.AzureApp.Discovery": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Discovery" - }, - "CertStores.AzureSP.Inventory": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Inventory" - }, - "CertStores.AzureSP.Management": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Management" - }, - "CertStores.AzureSP.Discovery": { - "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", - "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Discovery" - } + "extensions": { + "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { + "CertStores.AzureApp.Inventory": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Inventory" + }, + "CertStores.AzureApp.Management": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Management" + }, + "CertStores.AzureApp.Discovery": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureAppJobs.Discovery" + }, + "CertStores.AzureSP.Inventory": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Inventory" + }, + "CertStores.AzureSP.Management": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Management" + }, + "CertStores.AzureSP.Discovery": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSPJobs.Discovery" + }, + "CertStores.AzureApp2.Inventory": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs.Inventory" + }, + "CertStores.AzureApp2.Management": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs.Management" + }, + "CertStores.AzureApp2.Discovery": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureApp2Jobs.Discovery" + }, + "CertStores.AzureSP2.Inventory": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs.Inventory" + }, + "CertStores.AzureSP2.Management": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs.Management" + }, + "CertStores.AzureSP2.Discovery": { + "assemblypath": "AzureEnterpriseApplicationOrchestrator.dll", + "TypeFullName": "AzureEnterpriseApplicationOrchestrator.AzureSP2Jobs.Discovery" + } + } } - } } diff --git a/README.md b/README.md index 0b813e3..cfb883d 100644 --- a/README.md +++ b/README.md @@ -29,13 +29,43 @@

- ## Overview The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure [App Registration/Application](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) certificates and [Enterprise Application/Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/enterprise-apps-certificate-credentials) certificates. Application certificates are typically public key only and used for client certificate authentication, while Service Principal certificates are commonly used for [SAML Assertion signing](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tutorial-manage-certificates-for-federated-single-sign-on). The extension implements the Inventory, Management Add, Management Remove, and Discovery job types. Certificates used for client authentication by Applications (configured in App Registrations) are represented by the [`AzureApp` store type](docs/azureapp.md), and certificates used for SSO/SAML assertion signing are represented by the [`AzureSP` store type](docs/azuresp.md). Both store types are managed by the same extension. The extension is configured with a single Azure Service Principal that is used to authenticate to the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api). The Azure App Registration and Enterprise Application Orchestrator extension manages certificates for Azure App Registrations (Applications) and Enterprise Applications (Service Principals) differently. +The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 4 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types. Descriptions of each are provided below. + +
Azure App Registration (Application) (AzureApp) + +### AzureApp +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + +Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. +
+ +
Azure Enterprise Application (Service Principal) (AzureSP) + +### AzureSP +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + +The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. +
+ +
Azure App Registration 2 (Application) (AzureApp2) + +### AzureApp2 +Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. +
+ +
Azure Enterprise Application 2 (Service Principal) (AzureSP2) + +### AzureSP2 +The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. +
+ + ## Compatibility This integration is compatible with Keyfactor Universal Orchestrator version 10.4 and later. @@ -45,64 +75,429 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext > To report a problem or suggest a new feature, use the **[Issues](../../issues)** tab. If you want to contribute actual bug fixes or proposed enhancements, use the **[Pull requests](../../pulls)** tab. -## Installation +## Requirements & Prerequisites Before installing the Azure App Registration and Enterprise Application Universal Orchestrator extension, we recommend that you install [kfutil](https://github.com/Keyfactor/kfutil). Kfutil is a command-line tool that simplifies the process of creating store types, installing extensions, and instantiating certificate stores in Keyfactor Command. -1. **Create Certificate Store Types in Keyfactor Command** -The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 2 Certificate Store Types. Depending on your use case, you may elect to install one, or all of these Certificate Store Types. -
Azure App Registration (Application) +### Azure Service Principal (Graph API Authentication) + +The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. The Service Principal must have the following API Permission: +- **_Microsoft Graph Application Permissions_**: + - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. + +> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). + +Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. + +#### Client Certificate or Client Secret + +Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. + +* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. +* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. + + The certificate can be in either of the following formats: + * Base64-encoded PKCS#12 (PFX) with a matching private key. + * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. + + If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + +> **Creating and Formatting a Client Certificate using Keyfactor Command** +> +> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. +> +> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. +> 2. Select a **Template** that supports Client Authentication as an extended key usage. +> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. +> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. +> 5. Make a note of the password on the next page - it won't be shown again. +> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: +> * If you downloaded the certificate in PEM format, use the commands below: +> +> ```shell +> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file +> cat +> +> # Separate the certificate from the private key +> openssl x509 -in -out pubkeycert.pem +> +> # Base64 encode the certificate and private key +> cat | base64 > clientcertkeypair.pem.base64 +> ``` +> +> * If you downloaded the certificate in PFX format, use the commands below: +> +> ```shell +> # Export the certificate from the PFX file +> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem +> +> # Base64 encode the PFX file +> cat | base64 > clientcert.pfx.base64 +> ``` +> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. +> +> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + +
Azure App Registration (Application) (AzureApp) + +### Azure App Registration (Application) Requirements + +#### Azure App Registration (Application) + +##### Application Certificates + +Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. +
- > More information on the Azure App Registration (Application) Certificate Store Type can be found [here](docs/azureapp.md). - * **Create AzureApp using kfutil**: +
Azure Enterprise Application (Service Principal) (AzureSP) + +### Azure Enterprise Application (Service Principal) Requirements + +#### Enterprise Application (Service Principal) + +##### Service Principal Certificates + +Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. +
+ + + +
Azure App Registration 2 (Application) (AzureApp2) + +### Azure App Registration 2 (Application) Requirements + +#### Azure App Registration (Application) + +##### Application Certificates + +Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. +
+ + + +
Azure Enterprise Application 2 (Service Principal) (AzureSP2) + +### Azure Enterprise Application 2 (Service Principal) Requirements + +#### Enterprise Application (Service Principal) + +##### Service Principal Certificates + +Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. +
+ + + + + +## Create Certificate Store Types + +To use the Azure App Registration and Enterprise Application Universal Orchestrator extension, you **must** create the Certificate Store Types required for your usecase. This only needs to happen _once_ per Keyfactor Command instance. + +The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 4 Certificate Store Types. Depending on your use case, you may elect to use one, or all of these Certificate Store Types. + +
Azure App Registration (Application) (AzureApp) + + +* **Create AzureApp using kfutil**: + + ```shell + # Azure App Registration (Application) + kfutil store-types create AzureApp + ``` + +* **Create AzureApp manually in the Command UI**: +
Create AzureApp manually in the Command UI + + Create a store type called `AzureApp` with the attributes in the tables below: + + #### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | Azure App Registration (Application) | Display name for the store type (may be customized) | + | Short Name | AzureApp | Short display name for the store type | + | Capability | AzureApp | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | 🔲 Unchecked | Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![AzureApp Basic Tab](docsource/images/AzureApp-basic-store-type-dialog.png) + + #### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![AzureApp Advanced Tab](docsource/images/AzureApp-advanced-store-type-dialog.png) + + #### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | Secret | | ✅ Checked | + | ServerPassword | Server Password | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | Secret | | 🔲 Unchecked | + | ClientCertificate | Client Certificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | Secret | | 🔲 Unchecked | + | AzureCloud | Azure Global Cloud Authority Host | Specifies the Azure Cloud instance used by the organization. | MultipleChoice | public,china,germany,government | 🔲 Unchecked | + | ServerUseSsl | Use SSL | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | Bool | true | ✅ Checked | + + The Custom Fields tab should look like this: + + ![AzureApp Custom Fields Tab](docsource/images/AzureApp-custom-fields-store-type-dialog.png) + - ```shell - # Azure App Registration (Application) - kfutil store-types create AzureApp - ``` - * **Create AzureApp manually in the Command UI**: - - Refer to the [Azure App Registration (Application)](docs/azureapp.md#certificate-store-type-configuration) creation docs.
+
-
Azure Enterprise Application (Service Principal) +
Azure Enterprise Application (Service Principal) (AzureSP) - > More information on the Azure Enterprise Application (Service Principal) Certificate Store Type can be found [here](docs/azuresp.md). +* **Create AzureSP using kfutil**: + + ```shell + # Azure Enterprise Application (Service Principal) + kfutil store-types create AzureSP + ``` + +* **Create AzureSP manually in the Command UI**: +
Create AzureSP manually in the Command UI + + Create a store type called `AzureSP` with the attributes in the tables below: + + #### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | Azure Enterprise Application (Service Principal) | Display name for the store type (may be customized) | + | Short Name | AzureSP | Short display name for the store type | + | Capability | AzureSP | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | 🔲 Unchecked | Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![AzureSP Basic Tab](docsource/images/AzureSP-basic-store-type-dialog.png) + + #### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![AzureSP Advanced Tab](docsource/images/AzureSP-advanced-store-type-dialog.png) + + #### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | Secret | | ✅ Checked | + | ServerPassword | Server Password | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | Secret | | 🔲 Unchecked | + | ClientCertificate | Client Certificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | Secret | | 🔲 Unchecked | + | AzureCloud | Azure Global Cloud Authority Host | Specifies the Azure Cloud instance used by the organization. | MultipleChoice | public,china,germany,government | 🔲 Unchecked | + | ServerUseSsl | Use SSL | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | Bool | true | ✅ Checked | + + The Custom Fields tab should look like this: + + ![AzureSP Custom Fields Tab](docsource/images/AzureSP-custom-fields-store-type-dialog.png) + + + +
+
+ +
Azure App Registration 2 (Application) (AzureApp2) + + +* **Create AzureApp2 using kfutil**: + + ```shell + # Azure App Registration 2 (Application) + kfutil store-types create AzureApp2 + ``` + +* **Create AzureApp2 manually in the Command UI**: +
Create AzureApp2 manually in the Command UI + + Create a store type called `AzureApp2` with the attributes in the tables below: + + #### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | Azure App Registration 2 (Application) | Display name for the store type (may be customized) | + | Short Name | AzureApp2 | Short display name for the store type | + | Capability | AzureApp2 | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | 🔲 Unchecked | Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![AzureApp2 Basic Tab](docsource/images/AzureApp2-basic-store-type-dialog.png) + + #### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Forbidden | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![AzureApp2 Advanced Tab](docsource/images/AzureApp2-advanced-store-type-dialog.png) + + #### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/App Registration certificates. | Secret | | ✅ Checked | + | ServerPassword | Server Password | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/App Registration certificates. If Client Certificate Auth is used, you **must** select 'No Value'. | Secret | | 🔲 Unchecked | + | ClientCertificate | Client Certificate | The client certificate used to authenticate with Microsoft Graph for managing Application/App Registrations certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | Secret | | 🔲 Unchecked | + | ClientCertificatePassword | Client Certificate Password | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used, you **must** check 'No Value'. | Secret | | 🔲 Unchecked | + | AzureCloud | Azure Global Cloud Authority Host | Specifies the Azure Cloud instance used by the organization. | MultipleChoice | public,china,germany,government | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![AzureApp2 Custom Fields Tab](docsource/images/AzureApp2-custom-fields-store-type-dialog.png) + + + +
+
+ +
Azure Enterprise Application 2 (Service Principal) (AzureSP2) + + +* **Create AzureSP2 using kfutil**: + + ```shell + # Azure Enterprise Application 2 (Service Principal) + kfutil store-types create AzureSP2 + ``` + +* **Create AzureSP2 manually in the Command UI**: +
Create AzureSP2 manually in the Command UI + + Create a store type called `AzureSP2` with the attributes in the tables below: + + #### Basic Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Name | Azure Enterprise Application 2 (Service Principal) | Display name for the store type (may be customized) | + | Short Name | AzureSP2 | Short display name for the store type | + | Capability | AzureSP2 | Store type name orchestrator will register with. Check the box to allow entry of value | + | Supports Add | ✅ Checked | Check the box. Indicates that the Store Type supports Management Add | + | Supports Remove | ✅ Checked | Check the box. Indicates that the Store Type supports Management Remove | + | Supports Discovery | ✅ Checked | Check the box. Indicates that the Store Type supports Discovery | + | Supports Reenrollment | 🔲 Unchecked | Indicates that the Store Type supports Reenrollment | + | Supports Create | 🔲 Unchecked | Indicates that the Store Type supports store creation | + | Needs Server | ✅ Checked | Determines if a target server name is required when creating store | + | Blueprint Allowed | 🔲 Unchecked | Determines if store type may be included in an Orchestrator blueprint | + | Uses PowerShell | 🔲 Unchecked | Determines if underlying implementation is PowerShell | + | Requires Store Password | 🔲 Unchecked | Enables users to optionally specify a store password when defining a Certificate Store. | + | Supports Entry Password | 🔲 Unchecked | Determines if an individual entry within a store can have a password. | + + The Basic tab should look like this: + + ![AzureSP2 Basic Tab](docsource/images/AzureSP2-basic-store-type-dialog.png) + + #### Advanced Tab + | Attribute | Value | Description | + | --------- | ----- | ----- | + | Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | + | Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | + | PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | + + The Advanced tab should look like this: + + ![AzureSP2 Advanced Tab](docsource/images/AzureSP2-advanced-store-type-dialog.png) + + #### Custom Fields Tab + Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: + + | Name | Display Name | Description | Type | Default Value/Options | Required | + | ---- | ------------ | ---- | --------------------- | -------- | ----------- | + | ServerUsername | Server Username | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. | Secret | | ✅ Checked | + | ServerPassword | Server Password | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. If Client Certificate Auth is used, you **must** check 'No Value'. | Secret | | 🔲 Unchecked | + | ClientCertificate | Client Certificate | The client certificate used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | Secret | | 🔲 Unchecked | + | ClientCertificatePassword | Client Certificate Password | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used or the certificate's private key is not encrypted, you **must** check 'No Value'. | Secret | | 🔲 Unchecked | + | AzureCloud | Azure Global Cloud Authority Host | Specifies the Azure Cloud instance used by the organization. | MultipleChoice | public,china,germany,government | 🔲 Unchecked | + + The Custom Fields tab should look like this: + + ![AzureSP2 Custom Fields Tab](docsource/images/AzureSP2-custom-fields-store-type-dialog.png) - * **Create AzureSP using kfutil**: - ```shell - # Azure Enterprise Application (Service Principal) - kfutil store-types create AzureSP - ``` - * **Create AzureSP manually in the Command UI**: - - Refer to the [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-type-configuration) creation docs.
+
-2. **Download the latest Azure App Registration and Enterprise Application Universal Orchestrator extension from GitHub.** - On the [Azure App Registration and Enterprise Application Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/azure-application-orchestrator/releases/latest), click the `azure-application-orchestrator` asset to download the zip archive. Unzip the archive containing extension assemblies to a known location. +## Installation + +1. **Download the latest Azure App Registration and Enterprise Application Universal Orchestrator extension from GitHub.** + + Navigate to the [Azure App Registration and Enterprise Application Universal Orchestrator extension GitHub version page](https://github.com/Keyfactor/azure-application-orchestrator/releases/latest). Refer to the compatibility matrix below to determine whether the `net6.0` or `net8.0` asset should be downloaded. Then, click the corresponding asset to download the zip archive. + | Universal Orchestrator Version | Latest .NET version installed on the Universal Orchestrator server | `rollForward` condition in `Orchestrator.runtimeconfig.json` | `azure-application-orchestrator` .NET version to download | + | --------- | ----------- | ----------- | ----------- | + | Older than `11.0.0` | | | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net6.0` | | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `Never` | `net6.0` | + | Between `11.0.0` and `11.5.1` (inclusive) | `net8.0` | `LatestMajor` | `net8.0` | + | `11.6` _and_ newer | `net8.0` | | `net8.0` | + + Unzip the archive containing extension assemblies to a known location. + + > **Note** If you don't see an asset with a corresponding .NET version, you should always assume that it was compiled for `net6.0`. -3. **Locate the Universal Orchestrator extensions directory.** +2. **Locate the Universal Orchestrator extensions directory.** * **Default on Windows** - `C:\Program Files\Keyfactor\Keyfactor Orchestrator\extensions` * **Default on Linux** - `/opt/keyfactor/orchestrator/extensions` -4. **Create a new directory for the Azure App Registration and Enterprise Application Universal Orchestrator extension inside the extensions directory.** +3. **Create a new directory for the Azure App Registration and Enterprise Application Universal Orchestrator extension inside the extensions directory.** Create a new directory called `azure-application-orchestrator`. > The directory name does not need to match any names used elsewhere; it just has to be unique within the extensions directory. -5. **Copy the contents of the downloaded and unzipped assemblies from __step 2__ to the `azure-application-orchestrator` directory.** +4. **Copy the contents of the downloaded and unzipped assemblies from __step 2__ to the `azure-application-orchestrator` directory.** -6. **Restart the Universal Orchestrator service.** +5. **Restart the Universal Orchestrator service.** Refer to [Starting/Restarting the Universal Orchestrator service](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/StarttheService.htm). @@ -110,23 +505,374 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext > The above installation steps can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/InstallingAgents/NetCoreOrchestrator/CustomExtensions.htm?Highlight=extensions). -## Configuration and Usage -The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 2 Certificate Store Types, each of which implements different functionality. Refer to the individual instructions below for each Certificate Store Type that you deemed necessary for your use case from the installation section. + +## Defining Certificate Stores + +The Azure App Registration and Enterprise Application Universal Orchestrator extension implements 4 Certificate Store Types, each of which implements different functionality. Refer to the individual instructions below for each Certificate Store Type that you deemed necessary for your use case from the installation section. + +
Azure App Registration (Application) (AzureApp) + + +* **Manually with the Command UI** + +
Create Certificate Stores manually in the UI + + 1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + + 2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure App Registration (Application)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | + | Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureApp` certificates. Specifically, one with the `AzureApp` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + | ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | + + + + +
+ +* **Using kfutil** + +
Create Certificate Stores with kfutil + + 1. **Generate a CSV template for the AzureApp certificate store** + + ```shell + kfutil stores import generate-template --store-type-name AzureApp --outpath AzureApp.csv + ``` + 2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure App Registration (Application)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | + | Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureApp` certificates. Specifically, one with the `AzureApp` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + | ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | + + + + + 3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name AzureApp --file AzureApp.csv + ``` +
+ +> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
Azure Enterprise Application (Service Principal) (AzureSP) + + +* **Manually with the Command UI** + +
Create Certificate Stores manually in the UI + + 1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + + 2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure Enterprise Application (Service Principal)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | + | Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureSP` certificates. Specifically, one with the `AzureSP` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + | ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | + + + + +
+ +* **Using kfutil** + +
Create Certificate Stores with kfutil + + 1. **Generate a CSV template for the AzureSP certificate store** + + ```shell + kfutil stores import generate-template --store-type-name AzureSP --outpath AzureSP.csv + ``` + 2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure Enterprise Application (Service Principal)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | + | Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureSP` certificates. Specifically, one with the `AzureSP` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + | ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | + + + + + 3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name AzureSP --file AzureSP.csv + ``` +
+ +> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
Azure App Registration 2 (Application) (AzureApp2) + + +* **Manually with the Command UI** + +
Create Certificate Stores manually in the UI + + 1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + + 2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure App Registration 2 (Application)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID where the Application is instantiated | + | Store Path | The Object ID of the target Application/App Registration that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureApp2` certificates. Specifically, one with the `AzureApp2` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/App Registration certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/App Registration certificates. If Client Certificate Auth is used, you **must** select 'No Value'. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/App Registrations certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | ClientCertificatePassword | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + + + + +
+ +* **Using kfutil** + +
Create Certificate Stores with kfutil + + 1. **Generate a CSV template for the AzureApp2 certificate store** + + ```shell + kfutil stores import generate-template --store-type-name AzureApp2 --outpath AzureApp2.csv + ``` + 2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure App Registration 2 (Application)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID where the Application is instantiated | + | Store Path | The Object ID of the target Application/App Registration that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureApp2` certificates. Specifically, one with the `AzureApp2` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/App Registration certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/App Registration certificates. If Client Certificate Auth is used, you **must** select 'No Value'. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/App Registrations certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | ClientCertificatePassword | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + + + + + 3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name AzureApp2 --file AzureApp2.csv + ``` +
+ +> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +
Azure Enterprise Application 2 (Service Principal) (AzureSP2) + + +* **Manually with the Command UI** + +
Create Certificate Stores manually in the UI + + 1. **Navigate to the _Certificate Stores_ page in Keyfactor Command.** + + Log into Keyfactor Command, toggle the _Locations_ dropdown, and click _Certificate Stores_. + + 2. **Add a Certificate Store.** + + Click the Add button to add a new Certificate Store. Use the table below to populate the **Attributes** in the **Add** form. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure Enterprise Application 2 (Service Principal)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID where the Service Principal is instantiated | + | Store Path | The Object ID of the target Service Principal/Enterprise Application that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureSP2` certificates. Specifically, one with the `AzureSP2` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. If Client Certificate Auth is used, you **must** check 'No Value'. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | ClientCertificatePassword | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used or the certificate's private key is not encrypted, you **must** check 'No Value'. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + + + + +
+ +* **Using kfutil** + +
Create Certificate Stores with kfutil + + 1. **Generate a CSV template for the AzureSP2 certificate store** + + ```shell + kfutil stores import generate-template --store-type-name AzureSP2 --outpath AzureSP2.csv + ``` + 2. **Populate the generated CSV file** + + Open the CSV file, and reference the table below to populate parameters for each **Attribute**. + | Attribute | Description | + | --------- | ----------- | + | Category | Select "Azure Enterprise Application 2 (Service Principal)" or the customized certificate store name from the previous step. | + | Container | Optional container to associate certificate store with. | + | Client Machine | The Azure Tenant (directory) ID where the Service Principal is instantiated | + | Store Path | The Object ID of the target Service Principal/Enterprise Application that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | + | Orchestrator | Select an approved orchestrator capable of managing `AzureSP2` certificates. Specifically, one with the `AzureSP2` capability. | + | ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. | + | ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. If Client Certificate Auth is used, you **must** check 'No Value'. | + | ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'. | + | ClientCertificatePassword | The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used or the certificate's private key is not encrypted, you **must** check 'No Value'. | + | AzureCloud | Specifies the Azure Cloud instance used by the organization. | + + + + + 3. **Import the CSV file to create the certificate stores** + + ```shell + kfutil stores import csv --store-type-name AzureSP2 --file AzureSP2.csv + ``` +
+ +> The content in this section can be supplimented by the [official Command documentation](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store). + + +
+ +## Discovering Certificate Stores with the Discovery Job +> The Discovery Job for all four Certificate Store Types implemented by the Azure App Registration and Enterprise Application Orchestrator extension returns Store Paths in the format ` ()`. When defining Certificate Stores manually, you may elect to follow this format, or use the standard `` for the Store Path.
Azure App Registration (Application) -1. Refer to the [requirements section](docs/azureapp.md#requirements) to ensure all prerequisites are met before using the Azure App Registration (Application) Certificate Store Type. -2. Create new [Azure App Registration (Application)](docs/azureapp.md#certificate-store-configuration) Certificate Stores in Keyfactor Command. + +### Azure App Registration (Application) Discovery Job + +The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure App Registrations that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure App Registrations available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication.
+
Azure Enterprise Application (Service Principal) -1. Refer to the [requirements section](docs/azuresp.md#requirements) to ensure all prerequisites are met before using the Azure Enterprise Application (Service Principal) Certificate Store Type. -2. Create new [Azure Enterprise Application (Service Principal)](docs/azuresp.md#certificate-store-configuration) Certificate Stores in Keyfactor Command. + +### Azure Enterprise Application (Service Principal) Discovery Job + +The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure Enterprise Applications that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure Enterprise Applications available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication. +
+ + +
Azure App Registration 2 (Application) + + +### Azure App Registration 2 (Application) Discovery Job + +The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure App Registrations that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure App Registrations available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication. +
+ + +
Azure Enterprise Application 2 (Service Principal) + + +### Azure Enterprise Application 2 (Service Principal) Discovery Job + +The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure Enterprise Applications that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure Enterprise Applications available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication.
+ + +## Extension Mechanics + +The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Application certificates: + +* [Get Application](https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the App Registration, and to download the certificates owned by the App Registration. +* [Update Application](https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http) - Used to modify the App Registration to add or remove certificates. + * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Application object. + + ## License Apache License 2.0, see [LICENSE](LICENSE). diff --git a/docs/azureapp.md b/docs/azureapp.md deleted file mode 100644 index 8b578ed..0000000 --- a/docs/azureapp.md +++ /dev/null @@ -1,206 +0,0 @@ -## Azure App Registration (Application) - -Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. - - - -### Supported Job Types - -| Job Name | Supported | -| -------- | --------- | -| Inventory | ✅ | -| Management Add | ✅ | -| Management Remove | ✅ | -| Discovery | ✅ | -| Create | | -| Reenrollment | | - -## Requirements - -#### Azure Service Principal (Graph API Authentication) - -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: -- **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - -> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - -Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. - -##### Client Certificate or Client Secret - -Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - -* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. -* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. - - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. - - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -> **Creating and Formatting a Client Certificate using Keyfactor Command** -> -> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. -> -> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. -> 2. Select a **Template** that supports Client Authentication as an extended key usage. -> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. -> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. -> 5. Make a note of the password on the next page - it won't be shown again. -> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: -> * If you downloaded the certificate in PEM format, use the commands below: -> -> ```shell -> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file -> cat -> -> # Separate the certificate from the private key -> openssl x509 -in -out pubkeycert.pem -> -> # Base64 encode the certificate and private key -> cat | base64 > clientcertkeypair.pem.base64 -> ``` -> -> * If you downloaded the certificate in PFX format, use the commands below: -> -> ```shell -> # Export the certificate from the PFX file -> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem -> -> # Base64 encode the PFX file -> cat | base64 > clientcert.pfx.base64 -> ``` -> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. -> -> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -#### Azure App Registration (Application) - -##### Application Certificates - -Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. - - -## Certificate Store Type Configuration - -The recommended method for creating the `AzureApp` Certificate Store Type is to use [kfutil](https://github.com/Keyfactor/kfutil). After installing, use the following command to create the `AzureApp` Certificate Store Type: - -```shell -kfutil store-types create AzureApp -``` - -
AzureApp - -Create a store type called `AzureApp` with the attributes in the tables below: - -### Basic Tab -| Attribute | Value | Description | -| --------- | ----- | ----- | -| Name | Azure App Registration (Application) | Display name for the store type (may be customized) | -| Short Name | AzureApp | Short display name for the store type | -| Capability | AzureApp | Store type name orchestrator will register with. Check the box to allow entry of value | -| Supported Job Types (check the box for each) | Add, Discovery, Remove | Job types the extension supports | -| Supports Add | ✅ | Check the box. Indicates that the Store Type supports Management Add | -| Supports Remove | ✅ | Check the box. Indicates that the Store Type supports Management Remove | -| Supports Discovery | ✅ | Check the box. Indicates that the Store Type supports Discovery | -| Supports Reenrollment | | Indicates that the Store Type supports Reenrollment | -| Supports Create | | Indicates that the Store Type supports store creation | -| Needs Server | ✅ | Determines if a target server name is required when creating store | -| Blueprint Allowed | | Determines if store type may be included in an Orchestrator blueprint | -| Uses PowerShell | | Determines if underlying implementation is PowerShell | -| Requires Store Password | | Determines if a store password is required when configuring an individual store. | -| Supports Entry Password | | Determines if an individual entry within a store can have a password. | - -The Basic tab should look like this: - -![AzureApp Basic Tab](../docsource/images/AzureApp-basic-store-type-dialog.png) - -### Advanced Tab -| Attribute | Value | Description | -| --------- | ----- | ----- | -| Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | -| Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | -| PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | - -The Advanced tab should look like this: - -![AzureApp Advanced Tab](../docsource/images/AzureApp-advanced-store-type-dialog.png) - -### Custom Fields Tab -Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: - -| Name | Display Name | Type | Default Value/Options | Required | Description | -| ---- | ------------ | ---- | --------------------- | -------- | ----------- | -| ServerUsername | Server Username | Secret | | | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | -| ServerPassword | Server Password | Secret | | | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate | -| ClientCertificate | Client Certificate | Secret | | | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. | -| AzureCloud | Azure Global Cloud Authority Host | MultipleChoice | public,china,germany,government | | Specifies the Azure Cloud instance used by the organization. | -| ServerUseSsl | Use SSL | Bool | true | ✅ | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | - - -The Custom Fields tab should look like this: - -![AzureApp Custom Fields Tab](../docsource/images/AzureApp-custom-fields-store-type-dialog.png) - - - -
- - -## Extension Mechanics - -The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Application certificates: - -* [Get Application](https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the App Registration, and to download the certificates owned by the App Registration. -* [Update Application](https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http) - Used to modify the App Registration to add or remove certificates. - * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Application object. - -#### Discovery Job - -The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. - -The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: -- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure App Registrations that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. -- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure App Registrations available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. - -> The Discovery Job only supports Client Secret authentication. - - - - - -## Certificate Store Configuration - -After creating the `AzureApp` Certificate Store Type and installing the Azure App Registration and Enterprise Application Universal Orchestrator extension, you can create new [Certificate Stores](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store) to manage certificates in the remote platform. - -The following table describes the required and optional fields for the `AzureApp` certificate store type. - -| Attribute | Description | Attribute is PAM Eligible | -| --------- | ----------- | ------------------------- | -| Category | Select "Azure App Registration (Application)" or the customized certificate store name from the previous step. | | -| Container | Optional container to associate certificate store with. | | -| Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | | -| Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | | -| Orchestrator | Select an approved orchestrator capable of managing `AzureApp` certificates. Specifically, one with the `AzureApp` capability. | | -| ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | | -| ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate | | -| ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. | | -| AzureCloud | Specifies the Azure Cloud instance used by the organization. | | -| ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | | - -* **Using kfutil** - - ```shell - # Generate a CSV template for the AzureApp certificate store - kfutil stores import generate-template --store-type-name AzureApp --outpath AzureApp.csv - - # Open the CSV file and fill in the required fields for each certificate store. - - # Import the CSV file to create the certificate stores - kfutil stores import csv --store-type-name AzureApp --file AzureApp.csv - ``` - -* **Manually with the Command UI**: In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the attributes in the table above. - diff --git a/docs/azuresp.md b/docs/azuresp.md deleted file mode 100644 index 1029f86..0000000 --- a/docs/azuresp.md +++ /dev/null @@ -1,206 +0,0 @@ -## Azure Enterprise Application (Service Principal) - -The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. - - - -### Supported Job Types - -| Job Name | Supported | -| -------- | --------- | -| Inventory | ✅ | -| Management Add | ✅ | -| Management Remove | ✅ | -| Discovery | ✅ | -| Create | | -| Reenrollment | | - -## Requirements - -#### Azure Service Principal (Graph API Authentication) - -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: -- **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - -> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - -Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. - -##### Client Certificate or Client Secret - -Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - -* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. -* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. - - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. - - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -> **Creating and Formatting a Client Certificate using Keyfactor Command** -> -> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. -> -> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. -> 2. Select a **Template** that supports Client Authentication as an extended key usage. -> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. -> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. -> 5. Make a note of the password on the next page - it won't be shown again. -> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: -> * If you downloaded the certificate in PEM format, use the commands below: -> -> ```shell -> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file -> cat -> -> # Separate the certificate from the private key -> openssl x509 -in -out pubkeycert.pem -> -> # Base64 encode the certificate and private key -> cat | base64 > clientcertkeypair.pem.base64 -> ``` -> -> * If you downloaded the certificate in PFX format, use the commands below: -> -> ```shell -> # Export the certificate from the PFX file -> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem -> -> # Base64 encode the PFX file -> cat | base64 > clientcert.pfx.base64 -> ``` -> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. -> -> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -#### Enterprise Application (Service Principal) - -##### Service Principal Certificates - -Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. - - -## Certificate Store Type Configuration - -The recommended method for creating the `AzureSP` Certificate Store Type is to use [kfutil](https://github.com/Keyfactor/kfutil). After installing, use the following command to create the `AzureSP` Certificate Store Type: - -```shell -kfutil store-types create AzureSP -``` - -
AzureSP - -Create a store type called `AzureSP` with the attributes in the tables below: - -### Basic Tab -| Attribute | Value | Description | -| --------- | ----- | ----- | -| Name | Azure Enterprise Application (Service Principal) | Display name for the store type (may be customized) | -| Short Name | AzureSP | Short display name for the store type | -| Capability | AzureSP | Store type name orchestrator will register with. Check the box to allow entry of value | -| Supported Job Types (check the box for each) | Add, Discovery, Remove | Job types the extension supports | -| Supports Add | ✅ | Check the box. Indicates that the Store Type supports Management Add | -| Supports Remove | ✅ | Check the box. Indicates that the Store Type supports Management Remove | -| Supports Discovery | ✅ | Check the box. Indicates that the Store Type supports Discovery | -| Supports Reenrollment | | Indicates that the Store Type supports Reenrollment | -| Supports Create | | Indicates that the Store Type supports store creation | -| Needs Server | ✅ | Determines if a target server name is required when creating store | -| Blueprint Allowed | | Determines if store type may be included in an Orchestrator blueprint | -| Uses PowerShell | | Determines if underlying implementation is PowerShell | -| Requires Store Password | | Determines if a store password is required when configuring an individual store. | -| Supports Entry Password | | Determines if an individual entry within a store can have a password. | - -The Basic tab should look like this: - -![AzureSP Basic Tab](../docsource/images/AzureSP-basic-store-type-dialog.png) - -### Advanced Tab -| Attribute | Value | Description | -| --------- | ----- | ----- | -| Supports Custom Alias | Required | Determines if an individual entry within a store can have a custom Alias. | -| Private Key Handling | Required | This determines if Keyfactor can send the private key associated with a certificate to the store. Required because IIS certificates without private keys would be invalid. | -| PFX Password Style | Default | 'Default' - PFX password is randomly generated, 'Custom' - PFX password may be specified when the enrollment job is created (Requires the Allow Custom Password application setting to be enabled.) | - -The Advanced tab should look like this: - -![AzureSP Advanced Tab](../docsource/images/AzureSP-advanced-store-type-dialog.png) - -### Custom Fields Tab -Custom fields operate at the certificate store level and are used to control how the orchestrator connects to the remote target server containing the certificate store to be managed. The following custom fields should be added to the store type: - -| Name | Display Name | Type | Default Value/Options | Required | Description | -| ---- | ------------ | ---- | --------------------- | -------- | ----------- | -| ServerUsername | Server Username | Secret | | | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | -| ServerPassword | Server Password | Secret | | | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate | -| ClientCertificate | Client Certificate | Secret | | | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. | -| AzureCloud | Azure Global Cloud Authority Host | MultipleChoice | public,china,germany,government | | Specifies the Azure Cloud instance used by the organization. | -| ServerUseSsl | Use SSL | Bool | true | ✅ | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | - - -The Custom Fields tab should look like this: - -![AzureSP Custom Fields Tab](../docsource/images/AzureSP-custom-fields-store-type-dialog.png) - - - -
- - -## Extension Mechanics - -The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Service Principal certificates: - -* [Get Service Principal](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the Enterprise Application, and to download the certificates owned by the Service Principal. -* [Update Service Principal](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-update?view=graph-rest-1.0&tabs=http) - Used to modify the Enterprise Application to add or remove certificates. - * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Service Principal object. - -#### Discovery Job - -The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. - -The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: -- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure Enterprise Applications that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. -- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure Enterprise Applications available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. - -> The Discovery Job only supports Client Secret authentication. - - - - - -## Certificate Store Configuration - -After creating the `AzureSP` Certificate Store Type and installing the Azure App Registration and Enterprise Application Universal Orchestrator extension, you can create new [Certificate Stores](https://software.keyfactor.com/Core-OnPrem/Current/Content/ReferenceGuide/Certificate%20Stores.htm?Highlight=certificate%20store) to manage certificates in the remote platform. - -The following table describes the required and optional fields for the `AzureSP` certificate store type. - -| Attribute | Description | Attribute is PAM Eligible | -| --------- | ----------- | ------------------------- | -| Category | Select "Azure Enterprise Application (Service Principal)" or the customized certificate store name from the previous step. | | -| Container | Optional container to associate certificate store with. | | -| Client Machine | The Azure Tenant (directory) ID that owns the Service Principal. | | -| Store Path | The Application ID of the target Application/Service Principal that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension. | | -| Orchestrator | Select an approved orchestrator capable of managing `AzureSP` certificates. Specifically, one with the `AzureSP` capability. | | -| ServerUsername | The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. | | -| ServerPassword | A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate | | -| ClientCertificate | The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. | | -| AzureCloud | Specifies the Azure Cloud instance used by the organization. | | -| ServerUseSsl | Specifies whether SSL should be used for communication with the server. Set to 'true' to enable SSL, and 'false' to disable it. | | - -* **Using kfutil** - - ```shell - # Generate a CSV template for the AzureApp certificate store - kfutil stores import generate-template --store-type-name AzureSP --outpath AzureSP.csv - - # Open the CSV file and fill in the required fields for each certificate store. - - # Import the CSV file to create the certificate stores - kfutil stores import csv --store-type-name AzureSP --file AzureSP.csv - ``` - -* **Manually with the Command UI**: In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the attributes in the table above. - diff --git a/docsource/azureapp.md b/docsource/azureapp.md index 457bb74..ad8e821 100644 --- a/docsource/azureapp.md +++ b/docsource/azureapp.md @@ -1,84 +1,18 @@ # Overview +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. # Requirements -### Azure Service Principal (Graph API Authentication) - -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: -- **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - -> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - -Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. - -#### Client Certificate or Client Secret - -Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - -* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. -* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. - - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. +## Azure App Registration (Application) - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -> **Creating and Formatting a Client Certificate using Keyfactor Command** -> -> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. -> -> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. -> 2. Select a **Template** that supports Client Authentication as an extended key usage. -> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. -> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. -> 5. Make a note of the password on the next page - it won't be shown again. -> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: -> * If you downloaded the certificate in PEM format, use the commands below: -> -> ```shell -> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file -> cat -> -> # Separate the certificate from the private key -> openssl x509 -in -out pubkeycert.pem -> -> # Base64 encode the certificate and private key -> cat | base64 > clientcertkeypair.pem.base64 -> ``` -> -> * If you downloaded the certificate in PFX format, use the commands below: -> -> ```shell -> # Export the certificate from the PFX file -> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem -> -> # Base64 encode the PFX file -> cat | base64 > clientcert.pfx.base64 -> ``` -> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. -> -> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - - -### Azure App Registration (Application) - -#### Application Certificates +### Application Certificates Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. -# Extension Mechanics - -The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Application certificates: - -* [Get Application](https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the App Registration, and to download the certificates owned by the App Registration. -* [Update Application](https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http) - Used to modify the App Registration to add or remove certificates. - * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Application object. - -### Discovery Job +# Discovery Job Configuration The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. diff --git a/docsource/azureapp2.md b/docsource/azureapp2.md new file mode 100644 index 0000000..ede81a5 --- /dev/null +++ b/docsource/azureapp2.md @@ -0,0 +1,21 @@ +# Overview + +Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. + +# Requirements + +## Azure App Registration (Application) + +### Application Certificates + +Application certificates are used for client authentication and are typically public key only. No additional configuration in Azure is necessary to manage Application certificates since all App Registrations can contain any number of [Certificates and Secrets](https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#add-credentials). Unless the Discovery job is used, you should collect the Application IDs for each App Registration that contains certificates to be managed. + +# Discovery Job Configuration + +The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure App Registrations that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure App Registrations available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication. diff --git a/docsource/azuresp.md b/docsource/azuresp.md index 864b84a..692942c 100644 --- a/docsource/azuresp.md +++ b/docsource/azuresp.md @@ -1,83 +1,18 @@ # Overview +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. # Requirements -### Azure Service Principal (Graph API Authentication) - -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, Client Secret authentication is supported. The Service Principal must have the following API Permission: -- **_Microsoft Graph Application Permissions_**: - - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. - -> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). - -Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. - -#### Client Certificate or Client Secret - -Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. - -* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. -* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. +## Enterprise Application (Service Principal) - The certificate can be in either of the following formats: - * Base64-encoded PKCS#12 (PFX) with a matching private key. - * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. - - If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -> **Creating and Formatting a Client Certificate using Keyfactor Command** -> -> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. -> -> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. -> 2. Select a **Template** that supports Client Authentication as an extended key usage. -> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. -> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. -> 5. Make a note of the password on the next page - it won't be shown again. -> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: -> * If you downloaded the certificate in PEM format, use the commands below: -> -> ```shell -> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file -> cat -> -> # Separate the certificate from the private key -> openssl x509 -in -out pubkeycert.pem -> -> # Base64 encode the certificate and private key -> cat | base64 > clientcertkeypair.pem.base64 -> ``` -> -> * If you downloaded the certificate in PFX format, use the commands below: -> -> ```shell -> # Export the certificate from the PFX file -> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem -> -> # Base64 encode the PFX file -> cat | base64 > clientcert.pfx.base64 -> ``` -> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. -> -> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. - -### Enterprise Application (Service Principal) - -#### Service Principal Certificates +### Service Principal Certificates Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. -# Extension Mechanics - -The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Service Principal certificates: - -* [Get Service Principal](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the Enterprise Application, and to download the certificates owned by the Service Principal. -* [Update Service Principal](https://learn.microsoft.com/en-us/graph/api/serviceprincipal-update?view=graph-rest-1.0&tabs=http) - Used to modify the Enterprise Application to add or remove certificates. - * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Service Principal object. - -### Discovery Job +# Discovery Job Configuration The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. diff --git a/docsource/azuresp2.md b/docsource/azuresp2.md new file mode 100644 index 0000000..0e36d49 --- /dev/null +++ b/docsource/azuresp2.md @@ -0,0 +1,21 @@ +# Overview + +The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. + +# Requirements + +## Enterprise Application (Service Principal) + +### Service Principal Certificates + +Service Principal certificates are typically used for SAML Token signing. Service Principals are created from Enterprise Applications, and will mostly be configured with a variation of Microsoft's [SAML-based single sign-on](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal) documentation. For more information on the mechanics of the Service Principal certificate management capabilities of this extension, please see the [mechanics](#extension-mechanics) section. + +# Discovery Job Configuration + +The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. + +The Discovery operation uses the "Directories to search" field, and accepts input in one of the following formats: +- `*` - If the asterisk symbol `*` is used, the extension will search for all Azure Enterprise Applications that the Service Principal has access to, but only in the tenant that the discovery job was configured for as specified by the "Client Machine" field in the certificate store configuration. +- `,,...` - If a comma-separated list of tenant IDs is used, the extension will search for all Azure Enterprise Applications available in each tenant specified in the list. The tenant IDs should be the GUIDs associated with each tenant, and it's the user's responsibility to ensure that the service principal has access to the specified tenants. + +> The Discovery Job only supports Client Secret authentication. diff --git a/docsource/content.md b/docsource/content.md new file mode 100644 index 0000000..e5aab13 --- /dev/null +++ b/docsource/content.md @@ -0,0 +1,80 @@ +## Overview + +The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure [App Registration/Application](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) certificates and [Enterprise Application/Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/enterprise-apps-certificate-credentials) certificates. Application certificates are typically public key only and used for client certificate authentication, while Service Principal certificates are commonly used for [SAML Assertion signing](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tutorial-manage-certificates-for-federated-single-sign-on). The extension implements the Inventory, Management Add, Management Remove, and Discovery job types. + +Certificates used for client authentication by Applications (configured in App Registrations) are represented by the [`AzureApp` store type](docs/azureapp.md), and certificates used for SSO/SAML assertion signing are represented by the [`AzureSP` store type](docs/azuresp.md). Both store types are managed by the same extension. The extension is configured with a single Azure Service Principal that is used to authenticate to the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api). The Azure App Registration and Enterprise Application Orchestrator extension manages certificates for Azure App Registrations (Applications) and Enterprise Applications (Service Principals) differently. + +## Requirements + +### Azure Service Principal (Graph API Authentication) + +The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. + +The Service Principal must have the following API Permission: +- **_Microsoft Graph Application Permissions_**: + - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. + +> For more information on Admin Consent for App-only access (also called "Application Permissions"), see the [primer on application-only access](https://learn.microsoft.com/en-us/azure/active-directory/develop/app-only-access-primer). + +Alternatively, the Service Principal can be granted the `Application.ReadWrite.OwnedBy` permission if the Service Principal is only intended to manage its own App Registration/Application. + +#### Client Certificate or Client Secret + +Beginning in version 3.0.0, the Azure App Registration and Enterprise Application Orchestrator extension supports both [client certificate authentication](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) and [client secret](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) authentication. + +* **Client Secret** - Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-2-add-a-client-secret) to create a Client Secret. This secret will be used as the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. +* **Client Certificate** - Create a client certificate key pair with the Client Authentication extended key usage. The client certificate will be used in the ClientCertificate field in the [Certificate Store Configuration](#certificate-store-configuration) section. If you have access to Keyfactor Command, the instructions in this section walk you through enrolling a certificate and ensuring that it's in the correct format. Once enrolled, follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the _public key_ certificate (no private key) to the service principal used for authentication. + + The certificate can be in either of the following formats: + * Base64-encoded PKCS#12 (PFX) with a matching private key. + * Base64-encoded PEM-encoded certificate _and_ PEM-encoded PKCS8 private key. Make sure that the certificate and private key are separated with a newline. The order doesn't matter - the extension will determine which is which. + + If the private key is encrypted, the encryption password will replace the **Server Password** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + +> **Creating and Formatting a Client Certificate using Keyfactor Command** +> +> To get started quickly, you can follow the instructions below to create and properly format a client certificate to authenticate to the Microsoft Graph API. +> +> 1. In Keyfactor Command, hover over **Enrollment** and select **PFX Enrollment**. +> 2. Select a **Template** that supports Client Authentication as an extended key usage. +> 3. Populate the certificate subject as appropriate for the Template. It may be sufficient to only populate the Common Name, but consult your IT policy to ensure that this certificate is compliant. +> 4. At the bottom of the page, uncheck the box for **Include Chain**, and select either **PFX** or **PEM** as the certificate Format. +> 5. Make a note of the password on the next page - it won't be shown again. +> 6. Prepare the certificate and private key for Azure and the Orchestrator extension: +> * If you downloaded the certificate in PEM format, use the commands below: +> +> ```shell +> # Verify that the certificate downloaded from Command contains the certificate and private key. They should be in the same file +> cat +> +> # Separate the certificate from the private key +> openssl x509 -in -out pubkeycert.pem +> +> # Base64 encode the certificate and private key +> cat | base64 > clientcertkeypair.pem.base64 +> ``` +> +> * If you downloaded the certificate in PFX format, use the commands below: +> +> ```shell +> # Export the certificate from the PFX file +> openssl pkcs12 -in -clcerts -nokeys -out pubkeycert.pem +> +> # Base64 encode the PFX file +> cat | base64 > clientcert.pfx.base64 +> ``` +> 7. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/graph/auth-register-app-v2#option-1-add-a-certificate) to add the public key certificate to the service principal used for authentication. +> +> You will use `clientcert.[pem|pfx].base64` as the **ClientCertificate** field in the [Certificate Store Configuration](#certificate-store-configuration) section. + +## Discovery + +> The Discovery Job for all four Certificate Store Types implemented by the Azure App Registration and Enterprise Application Orchestrator extension returns Store Paths in the format ` ()`. When defining Certificate Stores manually, you may elect to follow this format, or use the standard `` for the Store Path. + +## Extension Mechanics + +The Azure App Registration and Enterprise Application Orchestrator extension uses the [Microsoft Dotnet Graph SDK](https://learn.microsoft.com/en-us/graph/sdks/sdks-overview) to interact with the Microsoft Graph API. The extension uses the following Graph API endpoints to manage Application certificates: + +* [Get Application](https://learn.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http) - Used to obtain the Object ID of the App Registration, and to download the certificates owned by the App Registration. +* [Update Application](https://learn.microsoft.com/en-us/graph/api/application-update?view=graph-rest-1.0&tabs=http) - Used to modify the App Registration to add or remove certificates. + * Specifically, the extension manipulates the [`keyCredentials` resource](https://learn.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0) of the Application object. diff --git a/docsource/images/AzureApp-advanced-store-type-dialog.png b/docsource/images/AzureApp-advanced-store-type-dialog.png index 534ecb221e9b4c7efda1bab9b8be958425776ed1..ac0509854a616af229474b084d602789394d0c94 100644 GIT binary patch literal 41694 zcmce;bySvXy9bB`DxfGJ0s^8E(%qp_(k0#9-EDz{fJnD=cem1wba!`m&GqhmzVpYd zHM8c-oHcu`z4qpPAD+1HD}Hf3_((|zq2I^5kA#GTF8rQf1_|kA5d2$s7a2bB$Mlp% zLVAuQ%>VX-W6Z{+gDsZab<6Ite!t81jh{#fUI7Q{$-BQn(ACnu-tGB*%$!mlSpS|%oZT5pL- zkE>oFKERms2>kl*?`SdI3;O4ydc(&rJpVbo_Z9#Bf6kXA?2Yx$cY?tfum8EX@1(>s zh~IzrRQz4?KL^uA{d*$sYb$AKY1Inr#nQ!G^_up@j&Kvb*wm6jtbcD!BZk)_PQdR; zf_zpayAA25PoJ>E{QUj(t}aduneb92Vnz0sx=f0vu8*mMl>Gy~7ppS#TlX5<9#?UM z%3yh3OuRt+Y;*`eJA@{ZV=Z9YFtSI-e7|X1>2Z97xL*ef3JPDu6?zTHsi<_}#Ep%O zA(RSu&r$E+|7%=ArCgleO#PGD+~)(9r>Ft@Sp6QYH32e+&=42A%{!B*mp)Rf`H8q|#WVt(2KX;kTSHFp*RBl%8+4!>AKmSRv zE}3tzj@z(quKs`vuP;)aPgy4I6DKKYnTEVsyI99!UQ)rykWEuv5Sg)E+tIQfPNB~H zJ)XGQ8y_FI;n8nZ5bCBZ&u-1XFB&?eE4!Gs_%O7NJx5Dcv^DN_Q8<@BYiFW@itKOJ z^0C*$G~`L&+)O6b+wJ;R$7px(xc-_gFtz+hh15=&JMDo$(ZRgb)r8%j zzh@bPD{MP0PWn8x-&2Ub{j`6Xm0T^+lhM%Yx_gv|#N?4qXij*f>MuN-WV9a1s`IiS zNSNGLX5Fqv?qX3_-nBAVLxG5xwkm%pJg*?t^ZVo+Z^Szmzl0w30(4A~PS;?&I;2)jW_p^w- z_c5>%GtEVk1yHcF< z^%S{YN$|K@5m>k%K8-zN$~X+m8)&4eJ$FQ5T=M^=R`zozO(w(As;r@_qBiKZ;xmf|EJ&4x?Z^o=$rY5ij=7x%i>vlvq(sf^#vLyu*PP}VP@ ztjztv!oc|58Ohl3wW;rUhD-(p+KtbFUINwo05p6J$%au$cqs_u#M3v1py>h9jjzYJDC;fWm8uRy%Y?UV+x2J~v z>Gks-hVblYwqcU|0#-tvfJT9d-#ydln0BYM*5U;L)f+dnH>v2$(x+&sXa;0Hq@Pwz zUH@WXPLPc!HRZZOUV4)1HIqp_WW`8=U-yR9^-_(FQ6Wht>V#q}=QUvS?wA!?O% zVqF7@qfrWYOxOa%tXUX2f_^1ABv0h^2ggz~hm@9{PI{^5{lExs-@TN!CHNcS{&IX~ zb^UgTYP-FCS(;S`NAWh{*P0~kLpd&&wE~I?&ek`>#twAE;|iTO|_)--$O!+9|)S_Q;}c)S(HfLDEMj*LT3PV zPqXi!_BPXAHr)p$#YlQvSD}v#8mSzyag@@pFA7#)t=Eo9x|=_8|74E#bTVw~Ry5|w zNQV>;F=^<-)ZC`}zVAP9FWH>vqAYkOx*Lt$?w%i_-77FcqKYVqyi>%&Xr)XMB>px>zDix)&AnEv#D8((K#(E&VS?p)pSo{%95*V=xsJph zx~^4N&MPDD>zmJLuH0!Ty)2xgQ#)hT8oH2n9JE3fsl55sjI+UOy8&GdUr=&Y7U|sDL!~gBi2G;$+qUn@q*3@9dj*_G#+uJOgSGGf-fBwWSk5(O`kv$Z= zMaPhgIf=}aCf9Q2^&{)`(C+$LgDaQWtsd>qxI1YYC@FYxHfcxD#n{;CR zdDWP_H&Qg2jyWT}7(UP2@W#larb2c&7$aDu=J~^@vMkYs(RHdz@(?qVfW5P29mCJ z2U_}Bo?e;vm+)9Fw_Ho450c(yIZCvdZhkiI5LuqC`%G=K{q|b%f@y%4fDCQx7nay{ z9ewpZ79IztI2)n)4k}tm2q#9C$EBN8dEEqW-^~B?i1WSAv@v4)`Jsj?O2}6s3toeO z&8p4|+-SDH>s)ZqCy$pscxHgCygl+b9|SddDqnFt7J4T}fth*)QFKSt#75cfL1S0P zrv?|=UIW7p290+LIx;6tt2dC;-LD^=`J4L3)-Vs}CGWPR%3hRPIz-y7*gAJV^V2$1 z&~hBMTS_@5Oi&y4iin87uv_K8uj6dZ)wrrOQ)3oTew>$ji-el-$xyReu6Sis_Zn@( zUn9Ft4eWOi^K@lQ0$IIQ7c+W1E|)k%wA^oEkyxwOD?=h#^L=oV;*a{C$?k;flZ7iS4m8UOJ8b| zm|0~DI|doal0H&XKD07iCV>ZOnx{QVRKNA`fWxycpm}Gos%~~e-%r`>b7aNqrKMD^ z{rDSPT$$9lghva@PpsFZ(ENBux_2+bE6yA#{FP7WO|Hn11I>D17ynj@J`Yyk{Fda0 zE|F`$p!+1>Zcyuim%8TIgccg^_zg}n$^&Q55m8~PD@%NnC);Un8HqlRpDR4QD@Or^ z+>uUOhHR;4g1@;-mB(!pC#+|@DJi(>Z>h>Hys~s1Lv~yHqO3{@ToOADD0;+!Wd<8I z+&hO3N##-vK0D;K?jHEOR1@Nt`ct-RlgX-Xf?R_>aeT@%%iCVjX?*?x*Rht?CG!bW z{v(GS8Zlf?#pj>cpf(FHlcOz2W@DqVaq zhMQ2un(J6if0;HdVr3Xb6yJs>wxT@{_4se9iJQ8+2l?ASwGg=r%UA_E{r7mB^|;4} z2z2_2-4{QXLX@G%3b6KuWUl0HMpe%12M;7uJ=m=MT9R|eta6~Gedrm0jKejTzqu~A zx(WQ3=QI@19EfmmLMNKswhXy+;;jEWKt+(~0)L1gEl49=pC4PxajmZd$(%Lt5kIeG(85$afeU$cv=yyYFPtK~e;Uq;> z+_BEA3ESTCuhfOfI2nl;ZDhGzpIIH-{~qeS?_yw5?Haoa>(QwyZmRp(rSzid$L^-n zNiWL?yAtji(ccljmbi5ZbNw4a4KH4|W|ddn{FqY0-auxrf10a+*1|NePXopEivhBG z8)nTvVQS5A|7yH0e~&{z=vARX2kzLRVQcd0rQzRB6iR%=vaaytv-ecHXv^b9`&}`=o1C^N^+Toc)8G9G zvF@c^9GAxf6T_BQO5;j@UEYgA^K6H&RQ<&()*Y@;iNB^-v~ShtZscx`Sqc%$qzz(P zv3#08r|E}ix{2?CU;A|<*3_`S#;ad zvKaF8QkSh)#cra1aWkA6s+$l;lb2r_8B<6K<@eO8=Jppf7)Y7>JfTe!Cvvh~suUa+ z(*+d6OGrc}HNlf=N#?PDCtgFfgn8-6*z_c4ny3-8vo;M$kRwSfiyHpSS>Tn0amhUi zb9*m*d#sxJu7PJmZdHM4XSBL&D2zq%|t z9PVoQw1VohpdWtSvm&p*WE@qtZ?LsTHfnjmD|Tr~Zmv%9iIayR63Ttcn#Ix2V5L** zVmxlEAlCQd?TLIn&nIdKI>cC+WihcfMEwG;_%H1Iqchk^Ft4g2X$X(>n)S2WcJuDh zY8Y@F8mTVD(*x?ji>?RgdGPG9Sc5)~-qmS-Aqy>QZt~c`SFbMDmA`3^hUfcQ-**sm zGk@DB%bSsF!L>n^1x`Xhf7&t=h!>QOePJ_U!s9a;M4`>jDKxbgU5Y=uS>=#HN8kfQA4kAP9fLNFZ#trtKdL7%$%fm7c*{de{O0)AZ($T+O58*bqR}qwC z;FXMhO?+YI?|#m1hK{dtFJ!s{HN$eNH6=SLm% z6rt@H5%*Djvo7XnJ1LiT;_g1qOJ>xWx{DlO9vC}6efboprl>@j_4Z_C_gkIuUL8xz zl-Y^S`T>jue=R*7iH--K%AGi5RI~N2kM>plM3bCUuE&Qmp68X<%Nyhf3cY){ArFS~x{!c6RftkMh>vC(v}{q@^Dz=M3#sCsyTCR+^}!_2arP zE=k~C`YU|+HG7coln-@i^BJn&!fcQkf;eY|-^vhHnh=%Qnq>iVdw=tmjD)V4{oF@pdi--*C=yeM!UX>wIko;!dZ?;K=&Nr}< zb@FX)h(kcFTteOcZ6wF);eFwItBpdWvLN3)kQkDSlRe%)8Rs1Ro1mcMu44C{_qzNe z0P%qBDzVmVcQ3Q-fQ`SrNo5U&PO;gT{1`AU5sQUjLB|^~oD}rHPX%(MYa#sm#Bvn#0Cz02Uerri zp+Az<=GLr->cWH%o9pGIA=U=!@9p(~{$Cjn?eNR-YkxELS(m$RIY;V^a4PqwdlI4W z(dMs*%jzNP%42ypezi@cC6&vX+TscLj<(u)im7m7HEZtc$MoH;R4B4w2Rhf?^Gme& z+R{kqP3qUKObGO6CCZD$;))|t<3(7!rFgyl=QlG4z*B(~nclgCk89|=d(+z{HR?A~ zba6BB+L!HFUO{M_Q6`&tK)F7k*>N zwT6iN)a@7wRajLt(epLc7x%0(98cJAr-GeEJvXi|sSF;p(7VbAsZMO<7qg@pjaP1r zI(x;}aeu5zdwKZzitvbnH_bcg{KbyNiqhs27Z4_oC5!aCBA88{EG;d`U4>}9d4rT! zcf}zfAi(_Kho-LgfYG5UNAT~qFTKTUkKZS0)`_4f+FO+^C#b*udTkYyaUORR*VbJ8 zd3k_8g^Wm^;)j}j-)plK^ZjrLl{(Yg)b5&Z2TG*PPwYA();7)EKa$x3i|5dsvC%Ix zS(5Pg9|9bavmHHby0caDvPrM;-OTyU9Up?zo@Am(c6ZzcQu|+WX>XYD2v9&_^Eh`x zkonf{SH){st(7Dwiu+wWpbzcrS&=ewhx1j@hOUpN%Vgvim;N4_`uWo3#cnR9guOn` zOH%t(iC>&LajWfBJ-J%l9lSP%!z3KX7N1i>*>}T(M-MLJK_8l5G3K*8|9D@e`U3@a zKzFI)xN-=tN)d=;ipo);xXr6U_Z~hP$X+m?YhPOcwhmlo!Pu4p6ps3C@w8ReLhRQ* zkzTntmx85<$A7~Vm7^8dHEWd3WU5-G--Fa^yEWdpGqv)U()*)V9QIZVAai|xjqc$7 zGYkNc+26V99aNuhlodfEPVL!|2Y8tT%Worv+D+g`2A?C4#G_yi>AVCKC0wUxQ*J(& z<2{U8#)&E^nyAM>6Civxi0)~(Hjq(bhll;5h;fe%Pk!&twbb#RL+w<1=R0xB zb0lcCmX4CQdvP$G(hXk5#huatY$w2%*lSX$!)up}yQH&QtHMRb`1aFMx-NsYpBJy& zAn&@qw50CO+6I;RIisGR>~%Iq|v+|0zoh` z9A<8{9POJLjoR%wu5TXtoHsSu?6qA#x}#RE75AG|9n|k8OEN1t5tQI9SU*nI*rk)& z4g{J71uOKm0~xDrbX3M_Umor@4Q@*{ZuH3B{G-wf$3{B0-zzNNBm2~VG_h#MX1M|hzdH$Y1f2giBIj6hPo5qGdA8~))$=Vj2)-ua4E}ZEf zjlOrjNu^a6OU<~wFib>}ALNh{F4jdYzIypy6x2ke!zRK8`q!5NQ8HheOLaDixX~st zGBahh9f& zijhG$nmPubvcBEgnhFS=8qMxs6|RVDE1@*P z!ZD_!r~mV3)QjWB7BmqWnt`8jVP8b#7%XiCSl@sV@W|m5S$=5gpOJ=8Zv&Wg|AE;h^+HfyuNGfK`{eMLG!RneIzgCLV>ftcp%0gL7n8JQANdzhaJ z9ti_G*GgphQx-?5ZWq%LB8}wCR%w2#4Zsd{6TX{)}>}*lLfdvQjjo$rO3ES*MSWSYrB{FQFxO?AEIk zoY8#!id6$eUoHxgD*HbG?8qvKa&a+9*jif$DZN!!ev*Z?u#Arb;Qm-1AkBIm=kM_C zi{^oc-xw&8O)6?r%Dh^KmjW|GHM$y7f)-vl>?%`q}L3m2i$dHvxj zULTTDMnP!LbPM>x-YDM_L(uq&PcApTYBMCoHvK(*EOVb8zJxZE$N|3IE|RrXkgDnr|-P4 zS^wYIgLnUjKI6}zpx6Jg8in%Si~g6{_%kOb=Rd|J*Z+=j`9Hn0|4Rq-fAd8BE;aS1 z`^!ng>*zgZW@b(+3EvFIOU?YlqGMvj)YS=Z+_=GilaIknr_f!1)YnjupZMF$xP3BAXatBj1ymNdGFVBWCJ)rFIMw&GiN_bYBC0~wje zh@)qIe?pvnW5ZP4bypyY#jL%;X4$xSL#HKxUcWO!In!vczM%ok!+=?CsWb0@0OVg5 z)3vUri{XRHLwzZt?C>xt{T`Qx3h(&%=9tFK|1%37h9V_|7&sGVagY`g9{4t8>S+Za5{Kin2Rw@-RJt{Q$2 z^CA6RwM8T1iSb0m86v-3dpzZGOw~CNkVwuiBvfRxEP-UdJtaO}>()^s_yh+hI5gA~ z+)dxarzIEF)m(e~`&O2gzro8@jhvg)E-Wf4C@pOs8>{SOij@$8b@NS}nVI>Rkzo{h zT3A?^pP&D`yZb??h@Ae^#f7W2jSU>mlG)9iLVll^n7FY8vD0s*q%e>?Jw3UOMs%{3 zio61O&Q=1#A)wk5_`VruRhBJoZ}*%Xu2aSwwGesCEH2vhtXbzxoYk^6PqMM_UhI5H zXu59n!7Mfz4*2_5O3)uqE^9qQytlU(eA&r=7r<>BGebVhXdoTPb`b=Oy%1qB8C{QOUc5QSS>`a2OXp@V~itE+1Srvpt! zM#d|MAlP2_^G#M;4gw^A;jY)0$JG~m9gR&*1&+Jg8yg!tJ3GJJ&W|=GDlq*8`2+=# z`%}erIwR;0)&@~oSy?&kH{L5MMrd8D*SW{8_NUFy&3(?wqLk#lWTL01U$N!rj^pm| ze)Q7P!J*~PpHC#BVLyU{Z-w0MxrOrJZ-I^wWU3>iv|@pF6F2Hlln2kAGckpP!l=T{ zS07=MRZ30iZ@2#Vfl+EYsvY6J+DD>XY^dd^-g{c4)qou5cBGW6Rwd~7gqqE64GSrn z)gl$rJ^cd(tXjjTTPSE9N`<=jWYZ)TQ^M8jr>5fIYime%2vjpR8liw^6-j272mO-h z;Z=4V1pCW9WOQ_}qD^1#VYarmrd#sVsQ17+@9yt6z%MVyxdcESH5_<*-z61`_z2tb z_U&8Ooj)j8I5^YN1SY|PNeM7^k*!?fJ5}QXZmr`%uMo_EhYO7IjeBTwh%lTTI8**Vm8d)|ri$mRD8T0LC46zxw+1>kgEFy_5OC{Rx{M zxvYz7r~RiarcWV4;MpEyV>d<6>*SY}8I0s>C8wt1wL{`gT6WuQj0C|QBB{G=)6 zu@V!dO54{EG`4F4J`nVY{i|&57i|4$k_Hf5Fix_wk`#!iOb*q@J1`I|TOs?6kw+dL z9xqyJUao8Y^5 zH>DoGnwy)0B|s*Vh|z>KK&<=0fo)%3Uj(ZKAt@;-Tqu5L$5K^I&FA~~1t?~naoo{c zlT|hwBlM+aS zr<$yCFgV_teA9M%)P$q)7iOi7wx zyjO~|1#KN2I@?n<+3Gb>l02thp^Suc65&uQ^TQKbjQ2?A4Hwz1%fp5nLUx75^M0IF zUHO}EE3fvNT5ecIy}gAtGy;wgVm_~(F4k#HZEYF7Q{Oe^!DWz(o>KDi5^3wqhq~O8!ecQ_ zx80ghTAipU(l#(igG8Z(XJ-w8`<8{>Ox+kO5%mcOkVhgRB^5k{g~NWMRAry@GdNgQ zzhb-QIF7-5f=xggOK+;$$u~AOR_4P8TgftUX)J-HUPK(oL*!-g3kbYc&XGTz59AFY z`)0=>p1A~G^Rts&eNVYd*?BjoKD|n=vk0w z3L)5(^5g&^eE$J^5yxIC_okqiyr9x6bE`$aC&cFF=BqM;ZXHzl+IX0B_*eUOSr zeNb#ceD)E68XVVi%Gyo82qsA*>2*ahdpX&0#Llg+XF)L3O&lGq^d^bL!nNMLdlv#g zgTgnFJV&KW-s>SzZVabGZr`Ot*~Pw_1_FG@-$zBoe#7o@Rh@9*vR#vg_LT08bjV(d zJ_IIW&k}nLu>@X^k^$;#hb78|b$Ipa75PV4;sWbKHtPlN1RC)uCh3XEN$fZ9Eah5G zp>9|37*{lEk{RQn8il$(2^$}8+zJ5{gcrwqI3U|zY}Aj|4+U99e-yEpC`7Km;I!38 zVuA#Yy+ZNdR)7o9jtzdj>c~ZAV~7KzN$W3%c{P*-~Mn+*Vv1CB6UQTip za*?$m4l3a^YS3>#_|w$MA76a>xrK3gc1XFeY=ml+p;C4o?~pc~dxwgRZDfa#+zoMg zz4lk6q&Mjx{h-|gp!nU<;RkUaT2ZV{0SlmB;~eVL)!Es(a}27EQqHkxF-Zd;oZ<4j1-B&Brxxf7=q+On4PW#+ z!a~`X&E;bE%7z9b_BHMjo40g!UR)jfFtM_x2?Y|WR@wV!XH&`NstPZ6$Bq{0pv1eM zy@smI6v9kTuLVUz2bw)`+#6Fh(SA6zeF=OhuqR}a zaSK60gj&FUOee~N5Y@rN5kFMK6L3gdTN?yVXrw;urJo;a5BKpisI4R{EJHhrHO|cL z?(PsuLBYW~D=JQTcB_4Ne$`jWQdWLd3tEfgMFJ8;HJr8!c{-4zaxB66$FR1xc4Tz4 zK)(wQQBNKUNIUL#v37)R1FnRcn`i6fkI%XU37Gop*GGt&7_gFx9JZ&bD()S3mRrqx z`}>msjstBsDqO?8qJ8fcGMeVj%pWv7Chul{e0=r1wf(dg&0%>W&|V`L^h7FjYT$mA zUt4sZ(tgDlM1T`pTP9fKc^D0b9gGD0`vXcRG)ixPm%_rrURPfLV0xVbHRu8iF6Qpe zb9Hrf8wDlYNRD!_&cg#5m14OiF(eLR+tT9Qqmq-8t18v*+`04h+qeE=BiR5VUUky% zfVuo(QqmG)-PO%a`2BlLz(W(|R$mqtbRRrp)4cl*kOY%a-)%B7GN_4fEG_Ba0LEgB ztNno0HIRrB+%M070Tu$zd;IwEdtqV76?D~V#~|4J#{>l8&dwY>JUk=g<2C?a0i5KQ zl#q~o&3GxHlDDq^uCA-WOI4>6ssTJe*`Y;5Of+~U?> zV7Dx$BbtWXHHQJ4ncYOFsHg}C3>Q&SQu>a^>`UZv(Q7Fy1K5uD>f|K=@dNHrb#iun zOfrduNr&mhnLl4(l*rYU3lNLB=k;^+XKX(X*N1HuS|5R1%IUDB3y+6nSfZ@%ID4l% zhW!h`@K_GJ`tI(nIREW?deg@#foo`4`#n0ck6=mSJg%IY0|-RlzP*89Nd$uhnLY7i zk20{vprBPJ?yF z!@GB9fO5fX^IcI<(Tj@WgkYhdzRdu7Af=@Z1Rl2ofM*xJM2sLq;3Bp}>ajksrdFFC z?iK*AmiG3k5ZJD}O*kdB53?Aw8}9-HY=YhjV6VBSC(vQqEgY9oe`ioZ;|85k->Y1W zx`5zdOn*G)`r+YWIuE&JNx;tte$~|EX}3Ov`%V{3T|^ZHvlr%Ezmdf`Ce~NVVQo-W zO?a#?c8x1RS^)h@22=(;U}k$eP$VUjt~!u_GYoMt0KnSj=H@F~Qtjj8(GbLVTixzw zt7!ndY)aN;WXo!|MTz7}V#3ar3o<$pKvzQIL0J?vP_6g?q- zye0@h{`c?i%FD|mGGMm;4qq$^+SA_bTU!H3``y--G2wCIn`pVeBo2XQ zWnVna=k17ZeotWo2cnYifE8 znE*FyYiYezR>phsp2?+^dNq_Yk!hY1HUA|1v9ZCBB9SvfvLtGYI$VPs+807^+-o{1m zs;#cBZpbR(uR&vY@1eekkSE`I?rt z>^4cLBWG)RwF-9w;Kl3Y}c~cLkxl#8=ZN(-mjChU0_|3ZovkmW2%et(cyjTASpC{AuNf@{|4k@K;yKh98e3Em6 zuP<|(>-y?0ClH!2p)K=eQ+q!=~^68hYpPO%UbsIruxu9%XysqjY0JV1Rt%C+% za?%$!fBCClCYqyosHlGDYW^N1LYsBx6OZPm+xyz@Q;MFdV!a!n<1aOzOoWSlG`@jW zHy!%V+Z~QGtr)y;v9B2aA72mopNgYD!^6q`TmMaw`Ok|e%~saM;s1FT<-ZU3KfjCe zKfRc~bJ>$>mkuNCm*yYXsDA~Kxp|dTs$@O+=fNG6a?1Eg)oO&VkuCB~_FrQOWb72c zf6rJQza(d|nz$VPbJ!eV`e9gW&-6rn=V{gCIR9}DfAz%xw9UV!)x5}ui^g5pG?d?&- z3<1gmg+%Az?4Or(j5CK+UNH9UXWC^{_T+xNS{TfZ7!YqAZ}QP6Z9OCIl++ z@ks!#pCOxOy}wjr(sr>FZNX+agA^1LgdoL$%|H5Jl37Fh8}D}6ofDXHKR0XGhl>{g zST)XJrJ)IEZGHdZaz7+hf33>q1S5MCZ%|AC~WM!T9 z+Q>j&x%~^479=D(Xkeg1Gyu%=9}@y>4$EB#!W2VZo=RB&0DIih)8lCm1EBr3n`5D% zar}sjGbfJ@4sN(O-A6w+9n6#i*)VDCUyCJv%h-FO=#bXlf?aK?z+hdYEVc)lBFHfa z?Hd6;AXkmcZ8z7}+MyiYaGdqTL8uaNVTdRzsDwP12eP$iYn0kLI+36iNj)wHPJOc1 zLF)u)dS#-55g_PX$*{W4T%(UEU_k(rF(6=LV#?Np4P+_g6#^r>dFvLGYbuS}80jRz z0)+AiE68(wVFM>M>P@_pBox@(+ZzN|oLyc|R2!Gi~`N23O4gj^Az2nIz*t8BWN zXluU%^a$r!O#^X- zsN8b)rp;mw7u97mK0NC45o?Cfo1WO>Cj5R0A)2?+ts0AAP#dyy9Be7{7w3xIwba9ST<-$c00 zY}jldLTAU@l7NX2XaqDWFTKN!(cl7|mYXx1n_a-WeEj?nTyJo)2C+~??kArh!GQiE zh|vw8Bi|A_$1Uo_K_Wz=tvz`W$bIw_z%mvVmgU)j5y0S&fCZ6gYYrakG=JAx>WqYT zEMG;4NXL`w2Kq$&gqM}iu44-Kucv-A7J zgenLKpTXq;TLnSRAe|^^(X$4P8>V5@MQ|gs&dJg7Z;lG9I~XbY-7#&D9=P<{x5L81 zyhKk)Nj+Fu&QDHeR#sX;m&h+IMb?D;SPa7lD*^=n?R1HMpJ^7Ji8Ez*y~6#na<(te z)AJ7G;|%0HDF;WTs`tV1aT*XZs8+M<>!`m0)xQP|+|-m(Z^vXZga*O`Tv}<tFD+jL_XmcmoOOr^kI`5s3*C)_eLUZ#W7Qa)WoyAy zcD5L#31H0)kf2cWeP$1#F!U!0Jp?ums_rt>Tu^&>s`tA&snn|@Sf?Bt=w3-B3Hl@S zXV`b_2X_XF3?!#q_r-x4y}W<_K3d+S^J!Tn!iIyQ8%d{i6S_@9TiZQGM#hFh_}Dio z=_N>u3=4fs{Ei;@C7@XP!e%x4I@Cw{eL}&54XL(pXi`K#zlYx^79uyAc_n z5bI0J8r}}A_SY{Y1A}Gj8{11=(Tg++pby=8`nhj&<Q3RrHhX=tG0 z6-*#JHt<9}`;CnuTujG`eM(G*@s6aetmtc8j`hI<03jzRE-t{&Pt=o`os~5_F)>ku z_VOPGJ;c|qP6X`A%`$%HL95xoboPxY>!=7(VeGI~&P2OVUI$0Ye>ebzc|kV$!3S2Z zFa{XOn4FwUccRb%H@IADF@C_AyFd3hlKSUIuJZf$QAz&m)!_Mv$f*AYW%SH)qW|@#aP$Aoo5ITe$oLxA zCBI7l>2iRb6L!({2Mpc+8$oADi|UGFX8(gcPo`f{|F685{67bStT=H$lXjYD&<*Af zN0c*Ksih3D4eLc~x-3iNCcEUWC4ts!LDGV23fmzL8Vm@t2xm}5W&B*NhVuxtHpKdU z{Fm6}sjQ<;S*dpjMHhEIHTSK{y4O`L&K93eMkCNutx;Uf-5gRYzGdun8E*+hk;P)F zGheI0(#i_hP&7~{02`x~c9f7`iB|K?$5l~+=Vj*M|1?82)eE`%d;8lG-V<Ae*hxu`w|%dmC9pZ| zy^`eG3$7ppVbYh0#P5qIz7%Iv4-dY?L1pq4@3+R5Us%a0(3O!-hR$|w8fRXMzMQ+ zg1V)La;FLXooweF1|br=jrFNt)5MJtv+FDwDdPI##xxb7Mtb@*DH2fuqp88{i3}1^ zpNgZZ0v4OSz2}(U-mbBHTW;y$aWWr(=BIkcYVFdMYm0AtIi`nw*=B2VwrXDqgaL@$ zL5A+1?wM=$fv5;D3%vbkb6g0P^V51l#jB@N-@A^swmuanctTw=3NYCC{Fwkhf2K+aS-M9mR{z9wg3?2egTLRDrGcBF~18fRPbJgw3s7V(bZ;7~HG@D3;#|x$%(vn(6^x!z$@Qf*n~Q zAy66UY>x;DyTL}^m?uAdc7sN>{5L9XwdOSs%(o1`X_~fq^e8AQBs^Z@lDKcY!RP!| z411{h>HVP!D*VkYtLBcHi>hL9L>s|Y*vtceAviL!4b<2FkPgTs(w8s4Kog30m~#3C z8hN3~Fbya=5rC#ZXC?s#c@LA6&T5VyposyV9a1_8V3t&B|bpWk9g&BwfMXJtd)*hZ_c%bv+(>Rx{*?vjh zMTl}zPR^>n?Fw)2_u|&{l^;C3JKKtOlQJU0&?zlAT6=tm`h45EXgx|8z>WXGvZVh@F!(rzO>U*KfvAGy2CU^`?<`WT!sU_HHO!%V#VBaFl ztFA6|T3T9AM9Ba>;Bq@NAtd6J-Y;Mm=fk|hIh)}3r=RNT>Mq^t+%G`~Oaq&i>tyE3 z?c28zv;lUdy{0zr#S_02v6YNggo%olj@>2e17i(gAd3b8$zX8UQiU-cikLEB@GvdV z1BeeGGATR&Vi4gpB6GidZ74?+#@m1oA%t-z;{k7|R-8;vU?>L-`Bq$9975)Ny**vW z3->nxW-8)ufK*&rLIfZV25At2juWo(UPOe#rY5Rep%90hI?XbQ*^E5P=FC*Gck zwy4#DF)k3hKfzD|1K7cH^YgE%sEW5;VBid~2F%7GZq*Pp=?5+}FJ8z5e;4FC)W94i z9*GP&(7s9wy`jLGW-V#t;>fZ4<_F_$i|@+c#EbmVJdHYv!|>>6zb5S)zhIF7DURmZ z6hk2G&}shu$Uvz}GORS^Sd#)mF*`fE+}gQ4u!!KGAn6pjDyYsd3M6f=B)622o__b? z!$29<%n()!CnsQ9juS(NX@hpENMK2jdz|&h-@SXcJOy9&+3eby@1QYtNtY&_l$4Za zJlRJG`moV5u(m;1w%VFt2llx!ZpNaLu`VY%;Yg5MRKy5*cXSMjI8sWp%%0Oz|CDQ+ zoV8LhWl4PXU-QK;5XGGFTy*{sd1*<1x92tk&Po_iEh%+-0 zR3bK398zTk_5^6i#hOCh3p%ZUi;AGhPz+91J2Ap-*QB^lIj>VgZ+D#cXLW=_{~0*ie}aMWF+QFMk#6bf z-mqHd8JC%v-Sfuq2SFg-TXY#hGZfM!2q4ly*B&t~y{|A0gto1xht{r0+y`z&>cfXd zpmD&_Df@-MP^OO*gSpAiFj~Z6x5lrjshJUKghWI{1VPaZveoABD}6mZdXph41Zi7+ z2D2KG9vAaO05pQ);}O$xPBWiSL~_W(T_st~C*H#p&FJVTSe#Yu|JGfpP0FCFDT!*P z)>finRh`9ob6XQ5@?-WO$=r%&N<-yfu>y_$6BzaChb)dhQk%LT{1S*F5Yt(Z zJmv~o2($91!216UTGW8N3ewa^v}(KlkjW@T+%7{5ixWQYMfjg6cJIvN65LF4Yoc8==OM}F|^JqYVC zZ~#k}_Q45&o)XA4^UeMZJv|SD+Zw@FX~=Uw%mSYpml2tlmsj2WRPVf`2w@GM?97Jp z(4>Q^hWJxLAVkX;1Q800yV76kOgOGnpa_!(^(`%FVoGp#P()ZSg$|*QB7ETh-sfj9 z#b!E^kFdD$m<-=&YCd1?i6?`W2NA^xJq1riDbsKYTp0T3F3`@l!^Uf6Tl83>VSlm@ zY#5`v^a6Il$68GIMwkeGdPJ8#Sgw>4)A~gSzy$xFb#Pg3y?B3WYU+VoIKtP2SypkP zw;y`HbY`7#<2-s)p~igX$4o-AJf`?qqcx$w$+3bnDB2=PC!cYiu(k%fH9i{p19US$ zK+WLkLz(;hzenaVkKMhwkX&G`qgsQPUMQx3Tdd>9XRfnlTIil`Vbjd`mDy`){a* zEiEVp2Gs6|JN}RcW?A--HjSRH^-`zOJ3e@wPPzeay~mJgK-HVeVT;Sih;(guKP!U< z@!Yq;18N=|#HE|t+7fJ!WW-X=nZSH1W#cx)pTw&swtV4)sjeQ!+*^%Uj1Tqw4SqHT zJvQ{*NzG^JM;PF(U0h3QQNBT3dEf~xtz-Zpw@;UTR?txvH-BnsTvJC!R%J9cVntC- zPaK1yoO1=oa*r?~L)}W6x9>iN&x4|E?5$r=a#rb&|)W+Axc1)7m3-Nf8X>XtG3`Bsw9^pV25+6qzc%odEhb^N>*2MDDHI zlb9c~vQUKr<6xu*HR%uTmp>niisC3*y-qszbJfnOf$p zGW?AJjX&P0=WVHJO`KHD6}hPFVj-$UiP80^`W$qDx9C{H%*^aIF0G3Y1{&-R_nk!x$zL?L9$U5Xe3ng##Ue zTG_{shh~>R`p@;S(8|PUbJaV9ej^vts*JPTIFL(a$1a(dCUr4y>e?w_rTak5>EY#P zltsfUiOKd2F+m88=Ziy4E32yNhxU^EYNGQa%C70BCo6_Or({sKjJ0I0^(j$^U4qp` z!0FpA7$t>K%8frSh0cWUU$jbwTL=Gf=U3!F$CXE-zC>P_`v5V^T-`ze4I_Om*mb4Q9k1PbsMsvCrGkhj&o4xOgZd%tstX)F^NP zRs&p|A6n|9EjuQwa1g8co;@p*8p?4gbBj~e+xe|_5~DCgj76Z7nL^S#;dex}c(6}a z5BLD)Wk%B065Ztf{e3(sBva+I(YQ@a#~74{2x6Cro+LWjh?fGDwFf@Li|9d#WrS1nmCcWD(;jrp z!ewZXi_v~GfqBD4^uUwH1{04LG#(-VA`}8P#3r;5rVg(U26~8_3uoqhe0+Maa(YQOi&hx$W%Yv(_EU6nq^N90 zEey*M%6nJ8$-LYGXM>*gXU(87$LS$u3R);ls~jqod*6dU0AvaM4)Yu^*^DikY;@pe zo}I`j$UQ!O63i4xJI$(-PWT%IoQW~~ z>|jNwvWk}0>+0(2IQP*5%;~0Cw(`N6#31T+ysD}S4bKtCrOOk3p5My$_%+EZcEW%| zyk__(3kzUfn&izpO|T}8S$FL8g8pj<$2P@btnCgini$V79{vQeoGdSFnXAKBKU?q- zk4;OKbu|E_;$S{0luF(x_{|%0xEDq>Td2KTW}q>Z7w{eC%we@B5u1mYdHz_54NUR|c-|A?or|QZJTw!> zv+7l;H@Tg!46_{MGZ^7D@WB-mKU(l*ShWi>yMM3IG+RJrEG;d)1s$fdb{XI^9)c`` zZ(}^y@#7d0#ef|ui^$JxyCVzuyjZLJoEqOog^pCT{T=SJ+7{^Ro~XY8olLSEq~V6b zH;K>#@z}$)t!=4~QWBsWmpA!-hZm@t7vKWOYr;VWYGb55FNCO_*4EZAFK@un$FY6; zb}iUf!PJGnYRz-B26cB9c3IR1?9?z`^K7@dN!eLWE-oVodcw19cEr>9@#8sSyGP^n z`QH{sHfr}5>_Ll%-x@(?A@2x__7pU( zmI@f={w$p9XGBd;(a3xTj*DO0kieycyJo-uugu;J{<+OcWBmJ_wQa457rgr*{{6J# z!7YHBcf_Xa1Q8?&orDtQ1&e~sQhgTI7hVG1>b94iXgQDC^`F!6T)INS8DKStL#cVL zU-8Sx$VUuvAU0%p&yBG8?=c+t<@)PlSjEr*vF_UCMVLi5mL_b!a~i< z6GDS&0Mj-p7KR-{gwQ848n`LE?dvGoqOr^Dn59@SXsrI~D0w*A(8IoKZ!f4fb--T) zX!hC9f8VZ&-Y+rbHBQ>z;;eXv1-%lwo!oOJVfX1W^9Q*<7f+WC85kSG@uzFm#DT`f zg0IzDA>l6IE&8z=_>8HksmdMWVzaXo6R+RCjcyYR;noF~rMI>o=P|?+heBTTW>)#H z7AEG!i;c)np~m09c0s?z&I>ZmZ%rwI{R+wljjIBU(?CD1Qk#`y4ey{XW@WH2%?-2v zdN!d6r#b`lUOY8KjQsI`{$ymVK(vUM>MZHxvHCr3njJe`9x?TnPHZC!i#%vuLNSAw zM~E!-)hz;j#1!}Lo=nXb(oDq3DlMl?Y2etOQIlP7{C?~U-tN2O0d8Gi3=A3#24HaMzhFoX*fgs2r$84 z6L~tTo(AC;Xr(aLJ&9dFAe8tzEt=C6TE!Mdj>3Yusu&GyGt4c%_equUV7@2uHsX%} zLP4iwb?BkU5CSb9sYCRm7})EwKbKlx!CiC?%xKW?{(bv+(6|#z3voEW97(tZfCZc5 z_kJO9Iau2T^P~1)V)bB2 zSA$R`nNn z40S=)kMacD-VGT!V#)y1iEDZd@dBjyMW84C2o~)0Im7Hd90BlBkq8A8j!8I9UzpbI ziSrCRsh$SOE=h zg7mY6gM@;*D+$A=Oz@#gNVQQ8Y3Dw~iAV|^j#PPAKEX0Eth=dD3I$sZPzJj$<(nF` z`VWq5T7=!T304wdm6lUE1+}bqF6qOB3f z^kwhaU3>BHVg2{(;0-?w0Q)zhC&He6C$K`#@NflG0hx2>&Ls@blyeAqE(_z>Ch7>_ z1@84p5M|I_{M?H+?U5ihU@Qj;d>styenV7;(1}fWUy`5h>@2ER0}HmoYViFN@a80? zLZXGR@{siA;T^u&xw+l_{Wl4TT*?em4tNP94)M(3^ynEKl_dzjyqrC&6RHT*g!Lzo z=Y{PRrmH{c@7Ezfhb<2q{?6sekfMz{cYZ{{q*w`xVe?E@T$UWKnwg#5kNe4M{(0k; zE$^~AJ%&Fmqk5~Qe3q_|Rw=d8+G}TLw`c$Ufw<9XpiFpTB0+kRC?0NwOwhvod@Yus zt@VkVBWef{ha99^zupjMX&XGR$=Z3rhEO(u?w$skkO}-w8}{1vHRE{z+{IlTaGO+&lc(P zg;%r>K!kyX=pN*e$>NoCpWvSAaygt@zDUY9_gki%wEo7TW!}|v%)Q94@8{;G^8!am z+9GHX*u@Bb{0W-gZR#YUddhWK5k3OVD$ny{t$jEkht-7GU7YzP& zQ?Azy))`xX7|q)g(QLtodUdWn_sWqSG6Sj^&G+KtjT01e5C>wX6ZyUoq;9bVA2zIJ zZ2IQC?(HMLZN%RIWZ1YXr$2d8yj;kGLIXVAd|mGj`YNQ>QNrXx-4SSij{lNyBxN?n-j& zRAVoUI~W^$EHFp*;l{aKCYa-%r{?xT!GAuPep ze^EtcAJ*cH;=Nt}<^^EojaE@%WoiIFpvg|ywScfIk}MNskFbi-{qN;Ko3tldn~gF; zQ9Maf1#ZBtKHfO;NpA*r-`v&7QKVA0q_&bT*zH1Dz|j&X*W&>XjHAV09Q7O;zE+f_ z_!E2e76t#?!%E6ru~Wq5A#`QJ(Bo$P@%!(^20X9`zs5=+4r1uInS6zL5&cxXR?nA{ z^Aa2nn0ad<=0h!>t5G^9?Q&#_U)|Z%KcMqQ8$FE$z->}@Pv1xN$wR>{>jOZ0_hI#8 z+(G^uK^FJ#n@}5A+1PqF+#e|tzfu`hX|#ufV=W5w;|Nb?)#Dbln)0}%GxN`8F~q?g9u^P~N*c{qyGQ%@(L!uWBi)zBTFl z5xXkZi;QJ;S=rAMSqGPJ#bhTwl2)#L!p9k`CqUYFB#+om#gPqH-os`Oi21+^eV-Vt zN=B<#P9WaHp_2Rra1>o$4dPWO|33lJdw5cI!yK~$ZI1!a!F`sq^h)2iE3>s*^i2Dz zbTAD{jGW}SU`L&3$vySi&8RQ)iudUP4`0q(Dameaz5>H3T2+}rEn>TOKdpBpX~3qY zrXkTo6qtR82azv)v_FVr69B|rdX7X>B`l(#ii&D#!NyR3|6<(8Bqe?v3(z(dTG70( zXv(qM4^d}E^-7A`j=#zPyy88dJWvlCYH5{iV~Z>D=la9Rcn_?61g$#B0qh?XRPykk zVxs*{fbG4Ao_GNS)fKwCmTq`<^N=sML2a}|`XRoKHj@%FPNq-E-h5jv(gW=(-^WP$ z9=gNL6lTfC2)GC=xS55e8n2|5?{oyTQ_@V@XR2-#K;@TSd)G$ej)d_Dz*{e$n%Ehu zWSk%CB9MUnX|NyxpCHZt?rsGmP1Gmc?TaWmXuK!z5GM#C?;_*r6#-z$J>u9Q&TU z4l$?ztszP$j6f5EuS77n?)}#nyI=t&a=0Y3^9`JUsnSy`vcx=LuDC>ajrZ?s;U%V^ zbd&;3G4L4tjs!j#+yFc?islIhgH|dFzyt?awLY2?C`~>f)*wX>orbfPzy>w zLXC`!c;Fug*LMb<6qAm80pzK=Yb03==O+7*mi@3CipuSWGmOaWFv+44>;ZoW=#B9s zXK*P97dv^oYvW7-QX!TB_)9;C%(jUaxJ+A_7LsPk@YoJB>%FjWKk)MMVsBUvuQ2H` z(}BRraE*mw^d%(Q2gW7cW!mhgO%yE)ItdCfX(Ls9NIiWO4m-*{i9J}ChM$wwNupq< zm`9sVqgiGkPJ1*!l7^~^FtToQVEtVoR#?vKB=%GXRaEH;T@epF>mfWSz zvVV8nXqgt+sq?k8_uLC{ZB{NucmgUlu8!DCk;-Jo$PH<+I@D;~7o=|u7Jp2Pv}XCC zz5Jz7Y@Ct%VD?|g95@PPWCg4#q(32nM2sL%ZBfM#Ao!l#;Hn1?RZ+-#2z_*Xy~b@= z4<4P1V{Z@vQpS1P7wmoWCXDfVos#Jk5&SdSavJO+d)iJu^m zN02R=OjB;KkEM-`+b~Xp%vW)7aS7^QY2~?$RQqViszu0i-3pCoBqSuDxXA%&!KM2=#$ee^ya4ziF9ca$5X8sn;r7ev{ zhhynnPfyQwj3!yn$cMIc-}jN`x-V&%ClH0Ur)y|P!&H}89kIxWr3U8;Y*=G9x+vyZ z(VtHlU}u6yQ%(#I2snvZF6EpcP<0bjKimyZN=hoY4`gDLkt6M%lb81ZRG3+KiC!92 zW0^Rc&`g(e+BrDv1Bmr0xmKb_tfFLc1!Kp~0*-ly0V z(W)pQNz5L~M@KPJ_Z4;z!o#CDPkj=nYaR|xX2qcr463(@x^U5d zA_g5HP`E!_DnS|t9qRw1|3&cZ4qv%*clf$T``?A9sl2DfjacxlPPTR~Z_V~-af0KO{&Q!h z`8E#KR5mo=ID|1+Mme#qvoi`%dJ+S6zV!F2ux|uc;@eZ|H6~ZFYfHMpZ=*dICCWu)cB?e0{T~|`AA*g5a zhpW&;?XEop>;?Jd)uhBeZ5uc(n$y37y6(#B#*9g!==}h2*pOcl=ZcLQgl^;vWP`CJ z6g1(-%xA_2s3atPE>buYc%v3ubdBmOYbAAE&mV7DNK6Pkhm)&os~GTlfKcpb&onZx z=zrq$*oaQfUB)uJ(&(OqzBhkg+kyT2S3_+B^Ut3A|8&Gw59mFqKe^_65xXnujl~{_TDIi zC@o#{5sNuFIUB_I64S@4;X{0`O6{ob-#vi?U^b7#BQ5SUoWQ`3xY8bYYJkIDzkUse zPU%znGTp?m$3=k~orU5<%^EwjNBw56glmHG!<+sKC-Aza^r@J@t4fKWsWL@w&@_nKc62v- z>Usw4vp>b||HEdI|EPI?sHj%`%gs`n&7l3ak>!X)^vS=e=J@}_@&Zo8$iU!Jfve*J z2OP>kJ{RD-i^Iqfb|POHWeBv%1KI(OUU4ddbTI+;n?i<|VFH)aU~Gt$={kN)VY!H+ zXZWfJ67?cfwxX0**2lnmk*RQ~c!WRPO`%ZbTMQ?*%a3#lyoxn6@|t>Iadho z9;~yHmRg z>MIUE9FOo{ZDwF7gVGFtBP_+W35xq6YJLEc_8Pv#1zi$t37KXHNv;xVwR88K{c0~w z0^Di1uW5jc|Hx8Z!K4Xn=eabjtNzkt6NJR#>AG)3J_k`_f#Zs}@Bl$~@S5F#&ZX-< zO-})G#fqqdB+4_o5A*P>JMtB%#AaSmS63G*<|#`1Q7Q&zzaO06um3~LOj(?(_S^?N z3qXo!DVdBD>cP2nE##x1S3w~mr5x1!Hz=pgfY_wVz{k#V-=RySh~+Vp+mCq+*T9~5 z3FHuQCF2q)fE@z;BB-(Zpu>@KMd%ec@t*$v_kh8ptutfoGRV@9g9o_iEmYN* z7&g59yK#?Mp@qR8AXSKQ97fMj2X~O#SgQ%DAf`wA0F?SMO2iQPGZ+K6J@{b2z4kvK zRx*u*%mO128SF16t%2vr9c&9}{0y=av}QDxQFdP56b|T_xKXm7ikUY!rWVYshhPnbg|%l_CWum||#?c292ufINjsXaU=Ev40zc*s0*#)c#p2`P#(PsFW{ zsZ!wLHc-fnkD~boDx9Iaalf+~K`D2Gm2I-%Lyj1H(i5CzC`WaGeW(cHXsjwm@ebFq zxQTrhuO*Fb20Zo-+Z0SID%w|IKYURnx@7%hJ8(W-!mS7Mhz_j(+k~NkfqzJdBe>$E1LmG8VfE9yq@B?BYM#W>-QeKjW2w;Go0!?De>O!>X+2nix}NN%vF(+X+*! z^8ON47ejJ}t&>rQHwEPR{cA?mvpODyf4{=}lCRJHI`Z$sSL#@5Z5(gB?S+XQ`|1a& z3Z<>yNdn%&O>ta*{>E2Qbl=>PZamePFC5;hE)+c{7Z<%WH50_;0sYBxoYiyFr!o@gJn_BdPl<-50VznjzDoM_D&s{WD& zV`uvqs39;>Jn%0JHB#lFoFJG4$p@1{PXRuIrcD{W^m$FCFYeQ{jDTIRuurUmc(3sS z_e7R8_hiS9^B(2wU9I}+kE`<~F1qtC?|su1%saHG2Uo!ugNUic6bco#m8 z5V_8Q*~9vCQXO;O*BuRx>iu%ZwfVcd;JAEtlqtu9vSZtVTg1?lK)4QZW)g9!e|i~i z30o9go>m`dm&Z&uBZzUxu?T4j$Bj>4>{9 zm+|q<1i$w<3iBI?f%TAwGzsgM4)dPbjvz=rmFQ%(@&$rI{eHC*i1%+c4}7sTcvfP4nw`XM_LnNEsy&Wb01&6u6qk#_z0 z?kpjGP)vv;;cXz%7?(dhNPrV?it>UQP&ILoK^p%F)ZeEig(#cDOJ;&ch`H2 z?Q(*3wX7m`W(0Xg^3|o^5n7PbI+%sb@>ou0nz<3p z7Jq=BWdJ+D7)U|OV+`hwP`#Ms5PV3z`_p2CfZfgc=_H2~6JT999k?=RKt-V*XjgD4>OGQ&{hmIS3n%8hr4hYJA%;fFH#U#I^ zqOWT5}CH8@N-O?U6ajx9AoClG-bk$ z;?#opuI#*waZfnrpDVQg6~dFY6vA|3*b3p`eNsOY_{knKB^Gv4$czl^Kr+ZgE>ie| zqP)l%ka-|ify+e!>!7L}#G3gZ<^o4Yp(z3|lzPl6VxEA9RIw*J7Z=wRZR}q*5TuxILslbJFBvFy@o?AR;2oce zqLs_|S8xUx!37F=y%wY@F|7bnja1_-Phbq3dKRv@Xpsl!Sy$J^ zg+~<&=TcNS&_&RDZ1Y+p?s|rOVHx*TwIzh)Jd-jv3Wz2iv=cpkM#OrXk%$M2L`W_F zRtD|IPNoJj`R(iTCzp$yJT5k{h?5B%|2(^zuDjm}lMr3iG2;}DV@5RK!0oP@dkvvK z5Y`-M6}iKcXy+6AjtG(&7ih(l6EXbF2o$HLS@=K6wUScV)wz4%y^zn!pIyN&KEAC< z4VV|anG7{0-n07?XynO&H!O}?^jr!YCHHgNb8;?p(i%GoO3$e8TV$baIO?_Qz>Z+O zIIdJyGgH$Y!8hrH*_iJN_n9Ra<|c*4U0RTljjk7VXcCSOH_Ck`BX7hht)k#Csm^Pu zF2CLEm+p;a>*7NP=seHK?Xn$BRP*SdHZFbvD=>Ry{nEssXr;E}K^`6j%=fz+GewiN z=*j61OPo>sJ#fsvo}CU~+ZY zaIPYS!gb4Rp(N~+hKKad4lVJ4(T4CIjU+pRv)R(i0Wx^j)Za9=tr^o!4s z80)dmq>SYm=@<@oH!+Rd9op~jIl@Xqy)kB`%z2I^@k z@+@L@>RJJrR~~n7CchC*eL(7ScxWn^Fb@06F&N?6ZQia|j;xqNQ939p3h&pjF0a$K zuBp^4B>&c9{_xeSecX%;{8o>_b)=!4#)~j^t*NQ!c=aob=YwyS~24 z@P)EP_&$aKNe3R+?}B0ca5c$3K7Iiwd&t`_pJ3*D3f)mzFzUw-C)r1bU)wQVQuf=a z+NG;L5JwaqReb zz^I+_D=OUkYS=#z5{F`;Q&o4aqIgxrwt&gKZk-pojb>kMj|{T7eQ(M}*g+={#B`MHQ7`Xw)$nEAbrE zUy#+?Q3sCw`z3J{>P#H?V8`zQ!$6-yUd6Afu$_5#-eT+P?R}1$)A!0*lq*CARPDA= z*Ib6q%DKnm)O1bw4+Vl$lbyp08&zrL%IBX@C)ZXjJIp8+FfuY-&DQ|5k^ssTbo%xLbBXX^ zw=grO;uW;N9ccA_c&69W&Lu}syL`O=6b{=y`Tz=LajVvaO?NmN(GfH}zp$s-qQRl> zE%h@Xd2dgToz(pkD=Fu-%UJ_?PQ)TmpwTY=qakr=X)xVGrvH3gzOx z+p8!PuOqCR@uT;*&;HZD*mSE->hv!ZO7T5vWysIh*dAUf{qrX~H~oQ^(Lc?G|9x*0 zu9b3F;^!|I{?RXPSM;&|yqcT07wM7depok{Ja!5H&;&>|UHd+hp`l>{a;A}<2!?-! z>7W6ftR&6|mjYEI%u$yL%YG(d;*ayv%e zlMMhnY|iP7+-#6j4?{x}VCHn;6muAP1g$CtX8U(?&$kFGA17np&nal&lWWS--2pyMfnR-ytqDnt*R1}4WqYnN z7}*g0Fj^46$iyhw$ z;^{1J498)4W1}imzD9hDLn_(?=K|x5W?{0i@QE>8Mk-9$IUT%b0>CH7ks}w#cbnNP zs3a-#h0EgYhU((|*bW{&s)+TuL(u*?;1YuS2f+564a8-U|2{q1stRl+h%6JEDWLBT zVW$_6`r{FEIv^yZiT9j-EGH)=RU^Y)(AzxzSitUKaPYocZ=a%bI*2LxC{Xn%=fcA< z>3h}y)RK?yj=2=&m6Z+1W({nwE21rpuNmmI7c|UhHptY#hoeGG29Q08T=i3O_3+f0 zg1iK1!54h46^TMm6AGLE*US`jnR_vv9dCpyQ6@4r%>ip`AUAmvzK`oEnsv+0LTyBn z3L6i81_Nt`6&0x}CwHH15IGN3R1jV;B)-fdxiC?n7?hWlop*7`CF=!T!7#9+s*zC~ zw76IhU-DQxk=d>w0jI$ovL8Gs1rjH)!Aw~~;wC_U5@r*cpxhuTbskitQihSNI~vQt z81hd6a21hJeJmGG$`xkNaq8r&!6wxJFntUK*s>#E9lTgz44VIgoSd=%X9_?7SW1WD z>k?pWFh##9==Q_L+ir)bTQ*SIQ_RoM1zkIJ?+Xl(s&LIrBi5A!V4tX-5eE*FON#x# zfltW3MQd6YG-O27)+*p$J%<@UT2AgW%yY*)7M+?$XK3H6v8huPa0Y}7*gJ%x#gh(1 z=7@~A#y5RjfU+1EgWBYr!nkqcE-7|)_F9Cks2D21blm1i?Wi@r3V`&h*a$oLt&-tj zl?eoZA>UK-q0cq}_;VgH5;iF`d0_%}aX_(LFMI!K{Y#qiJ8W5~>5SLx#P55@z$c<~8L z)zk2u{(OLU?$kgYXh_u-!ZGtH0~uyN4iOP;ICSce=-DTQMM!9{Y#mfq2Iv4aeZFPT zh91urfIm^qUc`X85Gs|5<|P{Trqg(?kp~uH;bTBibwV4vLM=P*OS{b7byJaQJC z!Zi5q!3Xl9H8_%k9zA-F{@WbyIFHW_|2m5)Ud;so1-PtYF$PYY?0R4*xONX9OLq=; zQ)iRI*mMX+lt&&|+MCzT<>^VA@?aUjT{Qz!)$+l z2aqcsHZB-8`fuH`r3@t{5NB^Zro6HH;v9MM5rE>dp;$LY=bXV@?9aHN^gDJW;`%Ei zMKnorE-{}>tryt2A=9iuntVF~mM&XF!6rgyA-R47Cg}ud7kD=getuO_*_4zX!aSP{ zVtWae*F@c-Lb7%mbzEh&bL}r+Sx+M_G>luK4CKC73Z=RMWd~YEJWM5)ZP^#F!xC+@ z;5h)39r*SOlF0!B$EI`O(Bp*+OA4r5ydrX7EqRVq*vR%LHL#-h z5eEW{^0O@}xC!)Ix9$t6h{YTeRlJ=tqE7Wl9%T8-_2ndTLHB zP^oQJ%)hN9-@f+ zA&8e}S68k!LqyiBJvVbe$rWdc66R%i-?~+ymv%rqUS!xN_mTtKK8X0-x+a+4F{O6!ITV&P9}pd_-l>_U;CfVXI_q-QPt2$1ZN0- zR-DHmCM9KQFOf-&G3p98HDqk^Qb~6*=;E+L&KfNd?-O@JOF%-R2s?E-BubM6QdV7`wtxLg4gk@B) zH_?Xpo8}f4k^q=o`a_MCl2kZh4LKVKo-fGX{|Veo>zM?Vz&HfPAd)bQQEg!;qZt20 z1wJ*wQpALr3rJtS1e-3UU}lzxIfaAGWV8K*TQq2`X9JOwy}%@38&f_-MY=PnasBVV ze*$L659ZV@)ItQCKtyypfO6!l!n2VCZcMTtfqC*X-VxPHj8pB!34HloU;h`I;|LxL z=AkW@Jh`_e7VH~{FBDztz23Mq+IYd4iNgI*{f-e zMGM+Njh3I2LqXo>2ah&qNIJG%E_D{OD@-#sFfajap@D&}1OtH3X|{M}I|avf8b*&K z0)d%=EpN$p&VWw2SBiX_A8y!7km{LM?HY(|B$DYmoa*VP|LW+UPqtx&QWZ1L7! z?5ryAsbQu@1Ez$<#>EYRhF3m$^6J0^A>|7WONPy_5{H03lyzoddryQPAZIB!qLv@0 zxusMs7Hd#gSR#RLDoL4b!UTvJlx-wH40rLapI;*q@*~Z1NYN-qORUc{t&;$$2&c^> za&qqm*WqKCFb-%y-`d&g*@KK*aUZ=LxbE_;( zVvDe^ljV0F%jP<8;9EXuVPU@-fktQsiFi0*C@%v*a%5G?yzVuLs2fy*bdev77Uu)U zQ2Aq_j=S%fckWCE4CLVBQvu`U4Oj0;>Ym^M!C8$907tf+>(S+rrL;WArCZse_Dt~V zR*@wyS-x<`vn>`|Wk<{v{fo|IJdpn0D^f^r6`!50hD8gqt%^MSR zhnTQU%Np&7*{3I0Q89Wl7txzDmrq7Uymu}Q{j35}|OViZU zRHng)&E#*;&62(w&31XEK7dl#5&fI!F?LI#mes&YQ0^N&BD4xOAjFJT5=K|VSu-{M zc&Q}pn~SKKU4h?>LAL$jir8kUz2qLWYb-lfbG~dHU4uy}-!F&;iM(jF%Hm*Si>Y;o z8)CcINNb<1DL$SVHg=9~@*Kvd+k?%8D|zG^oj5lqC)rOmO;eMT7^Jx$t4w+z;4juI z*4X+NidSbLNB1`K^4`an%`Zu(IWXBK7_IlII^Lcu&?c!rE=t=}))`2+0}R(s!PDP2 zIM7*Dh)`ORvjOl*N9uFJ#}re=)laLm`tssOKc@epSN*#CGPY8-Q9nlC;q?ZUS%lHVviP=9AR~Mx{R*@9%7cr zG;0;mlIdXV$xIe6YcktW8Pp@QaLuPs7Ie5*Cxhb^x+h_3?9NonfzE`b(V`*?{Tv0i zf*vmicNf#;(rYL>UHozBk8(9Kixbh^=Lf39L(GPL7M!k<>dv^d>ePFY^bJ7uE zjmk@&5{l}6rr>+eRr%LB@0NU;v%9J8lg0;<=H`=PLBZ+O867i~d4^LNL+@&Kj?PWK zFwSYc!gp-{It}*H(7S$z<1AWY2bdR<-kxkjNi) zbnd~tjZ+#gtYVDaR5uf`#A$;1g~O+WRq|xOT_5Qy-Cs>bY-in;uDs@}7SxaQQywoqsdx%sh!{8RQ@3ufmH+-N>RE&9+5MJkg>TInN3G~o+s&^Z zvwM@fX7-5rV&^eu53zPizoD0hNtI&Ow|-wOXOk zKzj}QxEr57l+D}1|NMc&A{oJPS3Bq(A}?fwe~#d>QFe~E+!VPqb7J74^?GysJcMZb+XAcLNsWc zK8C(Icu~Ic@r$ad`96o#EksH>u>aE6@Vlln$sNlwiElLP8?Rm2!#hNait{j76tT@~ zb20zIM;6a86HSFyntN7|QGNgYev_uU_PtU|681G&x-1uTQr~8b=C}PaIzRGcAagcp zoSU|afx5syKE_KPZyYT&+LAB(rm{CUH_ae3Sd$!D|b@=RHkru{Y^<=CyJd^*kOeGdz^nzJ@|k`Y<@+R>0GzP5zV8HuKPh z_JyxNbV;OyE>B!k#Ygn4=gGicmM#u4&+ry|i)SK2ekKjqw#bG}`3rV5oNClkm3eS0 z<$KH6RrgX}^EaJ|`qDu|pE7g$WjkU59_Sa0opsD>Pggr+yLHRpc#^1U887d2)6&|# zQl);qChgtw$GYyAP%YbQ3No3Q|4fNr&8>JoWk+C)|EFENMQKk(JJL1NmV{hVbYIa) z-8E@FD>C2iaxmWIf(;v4);YYnIidohnj)*)*>%N|!m>=C-}Duqe$f6j+}b*>rLn#~ zFjVvVVEhyrM8t z)iBDX=6^73*f`c{h8&OLhDhCCg2=09(>*rFpZ7QuDisw&hcw_PUIa=?bu+4^2%`i9;5 zylx7PB9Wh>%UdsFWf>17$rW_1r7p6tmvKMz^E<=)%Mw?!=+>g|g~9nR`<}h;|BEQ> zI*V<2yohCkk@D=uMDG&4oEWfSS5Gd7*e`_aX#A)82I212plbR#Bj&CKS1mrty)_Yj z3jgpM<7HzDbEz?MMhh-5IWdYRxboiX&GOSt277oSC}>G<{Xh2x|A`7c*EADU0)m7{w{&;6MVE+l2}ntcbO}h8ba!`mee3Z(@A&@x zednBiKF8R5kNrINbH}>YHP@VTt=oXtvJx1m#HdI}NEnhYU%Wv=x)~1t{JeJ;J_*6` zQ9wd^h$Q(!SkWb6W763HSLwQC_t>c4-TLYC2M-7SVvB6|eMh>2<`0$eeRR2bwYavlo_8XQ~0lH3+#^)Ho6mI`3#+fD(si@ zX<2qNzQn|Q(w1*+Zx_G!=o6NRzqg%DVatp3hK`O~_V#SjX{maq16en=w(^gwtV9rp z%-x7eNNA6wlV`UayN82}?2hvJKcAOQOlsNMI6P#dBf-(oh(Fh&K%DU2u293!kZ;2W z5$P>wF~kRt{#=uzg#Y_ZgUN%(K8TM#^*()p`tR^GNq^jb--$Ke4%aL@w5ps!=v49t+IeNn4WIox)m&}4&Fsw} z0w(c1Wj6C6`kOaz($W*);52@?gZ9^iT{@mK1fM~Dz@+ASTjOyFF&R;Ig+azr>fp+j zvmE9;l0AcC}B6B>GY zgZdA5UPwqp)2R?YL_*~JG&VEK5a`!jZQ)|ocYL4eotQ;Io4GpQ{>-n~?3~W=Pid*#jgI?a8S*f-8g2TFP zqBe-~Zqb-E|0JZG9ly3VKrM`k3FqOBHxG(WmKvvHIo+P=dTTyc&^%{|;LS_w_e)bf zvc2cMRcm5$Ibh~MdNF^qm|Um(XPD^AnpmYb+L_A-;WV`_=PF3*{E8G@_uccwsP}sh zFglYf0%H7M;EH7*R!-4wNj;zwnrtdC5B(CYrMliRyn2wp^PtHbN98NZXCzp8iwnl! z%rmd7qU!Yw>oLAM{ zrIIZBA0lUUuG#;J#3}jGc)eWcW=}N)m#HDqti78bMn@1{`v>F zWj9S!WD&+fy?RDL4_g6iuS3Fm&$uDC4iza8{AthXh}eCJzqJ~YCkok$<>lkEON;L^ z3vlr9jgWBhOv*i|k}f753!YfrtRXk`2?z*W=?GxAm<_2(oCiBPow-SG<2} zxoJD*X#PCxhHy!3=mJS>uEx*ga{s5=Zr1lE$*tbIlS!cN2l##C( zkD9AWYFP=_=OW?pf!iGo8Y-kF(7FX^S)o~a$ur!}8JU)EJ$XpT3 z;_0d3A*_4e!y26%&pZ6&TL2fiBWVCeT|hxH3Dw%3&O)3Xnd|5s)p0dFEBP8NRn4sQ ztk?U_HP^zHW+FDp85X>|cbD)pd}n?z424G}gjl~L5%gk=iOrGER=j=pbmuUN;B~fQ zq;@;wq)vvBS*}GF9Y$PW>gRYRf915Mv7rZObj4{_IQ(CA(?4nMP?A_l}y~Ip9#tE91ITd1MDsb-)3+`zk=a^lxsl@0=%fHVUTLcv4 zSEWV!Qud<@355eayh7~`>A22=hu6g}>|J96##b95q>}{oGq#f4gT`LBwBs3rBlHtTiKo-pw;71vBEz1M|1BkX(Ic5*^}vX~h`D1i`GI7~d^? zlD?Yo4EL-{WV?NVKsN^u3Em@%4|yLcVX+cEx7B|}+feoX5JY`Vjz3ehT)8{KCXl5t z?Gr!D79(W-#7~5gxO6i*QevgA?irl3At#^hbsyeC*an^QfkLJhmg?9miHoU`A_QclDbn>F&d>*u8PcDl4Uffx7A@7A_@ z2a>-Zh7yShMe;LLTL5!*b`L^2)!0#Cd6m8K0s#QJn)G*fojKM{hCj(>E}vZ8Tawn4 z?0F*+^{ds~yA$Zr1T z`W;f#{tCp;7cobUZ+(_*bVO<^%=JR#N8wW%~f%%tl^Q-F)DjMaGJ_GrI z9}Kd`Fh9Tkh?Px)x?9vnidG{MF;vTLt&z-osI@v$%rf1LHmj(L8=`R*WqR6+yMAxd zD~gNyTG2>N;`mdvc^7?Tyi)6!waDq#e4?TDHB=AL>58-WN@dcf9B%oVFCPl>`m`i% zifeg?(bkb(6Wx_MU+;=9eSfloyN2xcH`P<%arflgQHe(uI_|;4LKLFsRw3wIjT2T? zR?D(g+|5vxdgJT9R=rRA#n>-M+U`%y7vaVh#56T(bZ@Ur{klsSbuZ9$Hm`nAeR;6e z0Kcv#QuGmltzD7fjQ-}!ir6k+L%)&24XgssGaAum$6WT8KNM${R-ZptU}8)TSdNtM za4~bzal2#=FFw{K7R-OhRKJ+ATaJ108p zwF&+mMC?9f;tnO~!hO=#pPq4GZ@5==E=?hZIgdcQmQhtbzQ58Q$x0iObksRkP*fxG z^g$(lVrNeW=FOeG^RU0x1|%CBc@?%CkwTowOD$sV?YW|v{q{#L?B=zoO;t&3Of|>% zHmf)r{`~pW+QBt)F!{*odT-cr{l~MuFE$KhG^Vjdg`8V^^pQ(q0;`rt7jIP%e>W&JpomI_h^`v)J-;k*xJaiyX|8?Bh-2Futhu79-*;UY6 zpG2-}t>vBkW}$sy!yZMnmrR#55%UiLOFk}x#mp*hXa3MpH1c%aeclm1^@ykht^6b& zqB|B^jxmi@jQ!RI=H%W*1cxMU--e%EIMT-zOkH9ab7>5i;dFM&uyAoL#$Kb(%*t=t z92Qawm3;=jpte_!DN9=3P|~7cGSL@3iYCtDVu1{+7|yA6Gv>fdh*ZnM#;)WEb@4mP zoG=@jg~$EN82YUvp(8wMDL{%eWewW=#?`78kTBwhA7y>i@p=C`{f&HG3i1=GJH>B@ zj9B~ZP7g|SR9U>a!em!Ps;n?f`+nx9EdCws%3tF({5r4-py$g!^}eX*@OMj3$eaiU zb>rjHv&+qkLX-O#aqc)1Ri+hZ!7j8hNuug=>&w3JnW7<~*NJdf^C?pyqn8~z03~7( zQH~hb!K=UA9(QXkkJR2Hch4uO_1ZGXSSDT~+jBv_8)_-{v3V*>W-x&dTfvV1SVwo5 zDKmCu9QhTAJ!5iBb6C((U#a;mZ7*+{_rii%gH#L4xJCB+l7eoAx5kGljQb9}7C)4N z96(kOXRqVgphe&a7@D52_{?@vSc2fk+_vxr$ zI8zW1L{2n$Ua6AmCvSHbqSU(#*fxxHfAH;EXEt@yq3YREF(Nx16(gM_k@d2|j?mtG zRd$2H#-^ygyDgBj9>eAIqwWEz-8l)ZgSx;e59Q@ei%o_Q;!25}UfUy8cHn?|17GtU zHU>xjBKHnR%Z$(X@*hcaVftt;^u?MRHrrVAjYS{VCI0r8Of(%x#dKV&n$haHqjDb^ zDPhuLH-GsROR#TyiY@$o}BY&?t zem&VYUHJ+LM`!g_6=R5vLrGJ2Z(yiEJo93S-wkf>$Ds!Uq^Nd5+=O=Te|@)r?MeNf z!2^9cxg_yUjo&Z5gMoZf^orjlF$+~*%XN@laXA}|8|_M~Hg?5q6NPCj zczti|RIfL^lGf_{P1B-(x{49nhI3&&(&(jAy6dkoyt=mf+{s8d)-&Q{dPt{?7xRUd z^h2(y3vclEV;P-<{jqR5hy1j*a{MkV4&Q@5x2M`uFsOuhJ*mMwKoj(M0h@R4sK>)gB2bTm9cV zh4cecZ5XIxagZOc@;vny?^^$Qy4=`4Ry|Sv#Y_Q*n4>_nMKGiSJ6=lM40H7vk0!Sx zUO{Ddj7E&zzMFWgW&6vHrutD|kOEeJ(o=^KQrsU|O{wujk>f&6X0ms2Bcann)Z9O; zj_yu{7$Sz!&JLyZT^;Y!+@BEgUr}{$9htBb+ZCfCcGAaU#}f5hXlQ}YTIrf6J5t7+ z2bKSHYFZKsQtqnr#_3s>AlnX^u=@`ExUa3MVmP`H?BNi1zQ0cEmYB2={Kc)(l~<96 zK3rSJ&h`9qdH9P>$9KcAqLb26KIDNqOPJn^6!bD6|9j z58f_(XMB+mX53hYi~!Ax$~8jBs#K+x!1%dC-kL`Sm2P7yF2zA1iIn+UN17F%p9^d2 zMhc&Lk$D3|jyYNW9-<)QuDwPjbLXswqE#3A=c~gb*9vOc{Kzmb8#;3mv+;OG z+A2--dn%1)i0slx?H8 zWIt*pX>4y!P$s)&v+wY|T(#pp89_ODyi|~rS6QBdu(qvFUN=Z4qr(`09;S<*VAE~L2f2rrqx{5jLsyGan%4V`%w09-4 zo{ZK}n7HhKV}e^(FSVhi zCz3Pq<`2BbgBesVr%|`D=t%6<1s1~Q$wD1tV&giBF0p@Y_93ar`PubbZqj3j4y@#y z_{|ORifLC1YdZ5qpZTZ!l$tl#&#V_fN+8M*kM6;CN|xCJ0@ZzXT5< zVZ_^~t@xa%w21d78`{h2q)>QLC(I#0!db21*!W@A9SoZ^&$8d{S2)Swf0;=%`eMX# zS`z=q08??B@5~c^lQYO_ImS-RX`!0tNOEZz1LCOHlk&!VEm%P|NT>3d# zn9=X7BX-k8wBOC!4O!EzA2}0=F9Zn7#al+_S+W#q)dd%HY947{oqOgD(|!9& zFRIkYWLuJrf)PKM;u$9XDOX5rT^8fs*7(3*^+$NmWR;6^6e8Y|@)?bE#P)r!LKUm4 zk+(WBa-r9%@Q_zAg*hKu^%{3XY*NQ8Fp5J<#cV}Yb&a>?)@{8t*e=5uPx#o9v2pkm zxPB+H^f)X|8V|D`FDCO;pR*>Ob2as~CzR7kT3lVpfk9;JPy!Oc+lN7$HWF3BSR>bx zp*=Wn)bTkRJwsPJ`usubC%=0Z+IC#FhK_p}HuJj#?sg2cK4JydhQmv22T@j-eXHM7i)(NJb&*eJ*da}z!!>J3TE0?J$J0< z#FWL!b@`YcoQ?BTuk-X9yO?hz#}k>=9x zP&Db7p&-frbKPZC+n|5+U&2vTce2va+%i$zr*$KkKh!76qh4sB<|476jJ5bR&Om)K z6kO6#64`W5rq?CIM(oaHWK#SUBB2$gJ=(1w41(0H%Y>(@51 zNx6mTwnf*;vb(OndA-WEmGQi@E;zKE%yOXN!TxTtp|(|$LXOzt`pHqnnLPXFijLh} zC2UGmBl?*$HJ3wtT=r^T0naugS<6Li{OH-deCd_T0JG=smD1qYF$`)hjWK78g>1D; z)uOiqOrIE7zS{2F{obsb#I#yeYY9mD_)!%^WNjkB2hc!dZnx*ge}~jIj_H{i)@Rz6 zVnJL*y!lj&rk)iDNj=x!mST#H(}?Rk4_7`psrY#oRO74v<}8Rk{ceb5&xo-*VdW!5 zrA(+gu~mAHI|wf7i#)Lny~2(6HoSrp4#MV@ny&J@=Dl;)&=d7_4aL{rdV{6rA0|7S zq8(CH@ZCBa!dHo50p4`z*Hx>zrN!UDVd8%)^>2y3$_9?sFG%QH6Tva=#oJ!CFVaq* zbN+4VfMOIsel6JRA^5V_luFXl33JOTuKmk-fvD`?Gnc-t;DJ3*KWn?l1ni)GsvjG|f$2=MiAon6t>*qk=={nFtvJpZQcWrtWV-N=aA%-Za`sxtj_XU=s8w=dQPc9&+f zO+LiZ($Y3Ir78J!?y)ywgV0J4_w*(bom8tA1M69U+8^zTfXEV_S}!Z`F+V3Oyl^rS z1ml*wG723vzkf|qu1y%OIAft-{;DSHxv03hmCyQXT%Usl(tL4hu+D;kXw( z%$q4b0Pp#^WU{i35EtmZACu8aIlbX742hpketqe#}+SsK|$|F3H6n_0N^Ez4;YCb?&bd9V6i{rI? z^3DQNv0NX$zptb1m-i9x`qTnl@G9T1{p(d{285w_IjmuZ8YL zx3%=S4NV%AGsAG%!4THz*a!KNy&N7WATJE1M8C6h+}lN}bQSm*;g|o}h2f(ih0kA_ zEX>U+jxR&P(EqxRek%T8?nW97Wg`}YtG8c@^%_pU+dRRFtDM*6OK9I^VM42p|DEQ< zMht7F5S1Cuhp|)nGPvC*kGOfqSwTRuu*mCfn_Rrxf@}Us{4DsN7Gdg`)cK2{sn%Bb z6p^wR|F>I*|JQnu|35oXh0|u`f7_^}_vPgN8&{W%V>cf(eER1F!z4-LV`F=NMep~5 zh#_X+diE@!x|;vu^3q(rNj+tFy~1u0mCI`4o9q6Pi;Ih*njj^m&(4lb9EZ7Yaq+&u zkHtg~@&^w-q^DB~xF6-()|k&F zZ=b(OlL%|>>Df*ieDdhgd!-y@qNJQbGhz<27j<5jg};7P8y_NC+aKMh9`FDYDz%zy z&sNCfc3i`y@V;Q#94}k;qwvb=wVU=jw@mWbYg7MW*kx#FxVu?4-Ipmx;j}#!BA%B0 z(?d`1F+}De56>z2V4=~0n*af$=G(>g$c5$Q=?F(EDk{X$cQHv@;q0y5-AhdbI^Urs zm>}d`E8ZdKb-}IQ9GsmVr_4Z49}Eq6;;CEdVOd!;NM}cz9nm^oYI%kX8l}PdEul)h zm%}>Vluw_2xBG@V^xs(k>yYkWbuchAOrb%=#Keq=i;Ie7qN78DKN}kx&_6R= z>gwsC=HeoN!_(F@6#`S4UH1&;=H~9*zfaA~jPJ=&NQI8;%27-@Ry5ALb7HW#{!;0WnVCPs`YF5cY+6CP zf1x$}iNk82&$Rb-VoVHSLt`Vxx(cpOYwOGAFp99MDn7@x0o|!;*YDrIe~yW1UFl6b zh0OZ9>Hu9^yxq&=>HWP9CL9uyjxUt23X6*y8yi1jlJORr4>Ph8V-OJ$Nhb>?vgkMe z%~4^Rn3z}@$i_)YN%6gOpKr!6>Wq0G6oi(apU;1J&<`^QY5l9*&Re8U#DjlNPLjbg zMKNkg$;x8Be!zd9od0E}Y~s$&&P<9QxgO;0G5t$&ewWXmKVvE9sTG==N;wx7r~5>l z7KF5sf$wi2KOiD%i(%1+yD%Op)P?0FY~LO!YP9Kw1r7k@L(+ENYujcXoMM!o`Jq z+Vhy~(W6J2HExGV7SmnvT%#rC1fFLHDWZOuh}67=j7g|274hZE$wGwO&hhaw?5Yj8 z^}p&Xb8{lowVsIVzx{4tK=Ej6@)e9QpnFm~Z%wp8#9ZbAs82SEd;G(~kflDnu&|(q zU4ejbbP~>BhnHB5@GFY?P^DRCwFj~74`G|Pzp7!wXqeJlc&o_!4wx<%IJRngn zj}z#42=`~m@Yu{CadLA0vYsaA;^IO8dRm%(Wb}9Isp>Wed^p<@w9i3 zF9u1u>poQoF~?&X8voSPRJ#t%Dklauqt3Umj}y3UKV-c%4d7H<0`bfK#geV-O8CZ;gY z^P?ijP{Gp$9N+sC+FKr))h;ZM9#xh?5;fXArIzC_Wo0v*z08Lv6=aOLqtTxWW1CiOyGzR(0dN>$YQ*-tI+%IeezBX>l!gwpJL;l3`hnD zW9T!53`C{yMJHiVkvRGV-`$X}vTWr55r~^>SW_i_@y-DW3wSe0t9IuoH)*4zEWR7BU+itn?zT zvA3M;P5VS5R53Lztz)39u<-TiYG(3R6>V2B$ycuwaK+>ucoToRA6psjEwr^m(nm(p zsn9B9NXviu@&$e0a;jP_me=vem$*2$;p26Hy04s;V-uyC!}(f~h8Y6M4*qMzeL%7) ztF|CMdp9fa`pjiLudLnTqj;J;lHul9iLa|8Z{pnid>SdY&9{l8BfwZ`7(bAwl1s|% zjN^C(5jXA62x0X&u~`H-i`=TKS_IP6C!whL^^K}(7E-$p8Ugy^wEMPz;qP}h0#m;V zah@M-DnQZ31>OTUCAfQhtRi@QVGqkmDJZCY^T?^L}~|2 z!RW}@*q4x(I&xlhlbX!G=u3ZvVTg=Q_^mUZt7qpTJ2UA`hFr2$3@0EaYey2l>(9M< zWD1(VRGNaCqc~RAy#>~eA3rXH*3}13nLc4P`v=tgND#Ewu3%yaMH+rMzIzvv^G}KSFpP7Fr1jcBZh=4cQbwk!zW#=WhDM`@SqU*t z#Fs`G?h*io(G&he0=`}R{r(nU6*3?Sz?UkN~)3urvc0Qe*(hnXyFd4`S z*VT@cQp#XjoE%DjMF0g#E3KnoP{8}!cRmEIZLd}y6VY57+Pq$#TrD%d0dt0|)yPs5 z+jZAov8;fzNWmmrnD_7B=jZ1Kx-@roxNgXp7Y)yq3gyvIn+^V4K)EpM?Cdn@O}zsJ z7nm>gac&UuS5M%WFeHiI|EkCPo4RvG^p-ac4i0dQdVtgS+6Bf5%lCGVA2M_ePC~I52>zc6`QACG6zfI`%3CK(5?f6L&x(F4@zOn^mMY- zWaTdG@t?*$FRxiQbV9Azd9dMzABLnt;K(EQCvp z)Ozy8b6U>9o*E>c5>J1lYi%v}=FJ0O#D*EMadE&x8ti)nT7V7u2L!P259O+TEGS?C zsk5-KKzOD+Wv*4}a3gDHYaozOSLJ)<^8M#P!P*Z^`JFZh57!2(`em5o!ou!Dj^=7r zMScJNv{6(ZcgkbG%WkpCVYMLuhniMPJAz8)1X%tv8k!kM83gIy7%$tlvT6`u1B}(v z)4PX)GP_<-x3n0olmGML-Hls>{4UG@nW>TyRKCMGXBXN2MTv~H)&~T9>SJ2>WZ_S z`xC&bYXP{DAmAPa1G+Qw^P(Oe{N_WsvtUp^rKGe4%ooLCWnoDHwBqLBVbN{44SFw2 zr>-`|XD8WNTE#CQ00o1X{WlC+LRMf?P{_fqf~va!%l6A`Fc8Q-z&xxR=F!m+f_ng+ zv9Pp6K}R=$g#GmC)93JTVc;+B$6GbVTtnR4+=Z_DMi6WnL~5VzFIRY7^5!V#rGf&e zzC0R7Vz-`32qEDjR+qD`(XaZk-_p?VVSTs&!FZIF@j+wEwNQAoPkhBCCTvw-M87%%|_1SKUUe@~x3;^4r`Q+6NUyH=d+k%I-#hXpt8 zjL{{0c-lst{2d4ty=FPqJBZud;-U{gDX@=u$fmne>V5nI0;4|-(SSN3E)P$;1FR!T zqqeS22qc2R?pzZH!@2eKSHi+K0NNJywLO(9bj!N@Mp zkLOoc+vp0a8;p}ZeWRlZl9G}TD#0*nabrUofOvOzH^q5-YGh>Ot*)*x)JzbD%RU6! zGjQchAU=cSM~y8le!$R@!B&6~+#o+cWQ2rwb#+CkfU+sKAo!936elF^Dg5gF7iLHZ z>Lm9q9^la*i;LMXNH`aQm};{QJyj#IpNJPiQD@XFfByP479e2t`BqhD0#8Ii?HTGj z*gLi$u@VvzOeV@%1O)|sPjh&^d7U==LDDfYGUn>kO<_HDKV0*PjU@sk)!Uk=;NSg& zgEy3y`c`Lj@k)cqda4_?1tGW1Lom@Bp_o8C6ls-wW<7y?BQEB!Hh=>7CF<<=W@>5* zlDOT*`3TZTX1O~tM=Lt6^3YS~EbGVOuK}Sj8N(#kB_caJJD0^s71~W%n<`J8!DTti zuLUa!Gz@%Z12kS|tJDC6!I6=8h#gSv())V(#;vL;OU;ns)*4sIKh95KvVJf< zFd#tT;$mx(vT_X+VsmrzT@sRbyZ)cW#l0r%<>loQPCNkt0o=U2QxW*l2??aEtgJS6 zcC^P7wW&1U)6?ZuRsG}RNis4rCdzF;o}9RBY;NxE?WGnLLcSA-YQbZ*wYN7kHKlh( z>%n#bZVr~f+~y{5iu&GOY*-|y<3)vqzu|u(r3_U;H00>=x6RD~py@$rP6g0*adRWC zZQa}319Yv2eGeo4k*g}|ygKUY#Gnab3xDf1v2k{;%e;J&Vla{x9E=Vr+aUwS)2C0j zt7~fLE?5gTE_%V2FfjPKO8#xo4DjqvN5^`S^?V+p$itJ5k5@@24+p{#@U^YIJsp=! zW`B50jDKe4vgahZzLJB*)hZNv5V}zi7h-3=thN12&UO_s;P#LqAj;c)X2BZ66?@j7 zT=`=Uk7a3J;oc+K2PDoRot+!VT<~(k3rCX@b>)1`HUKNr$x03|3obA7zrY}0PNZ+^ zxtD$j%wWE7a^mE3+IYJ&Qx9(poOr27+5yH8}tKp2+{~ zbpL}FPX5nN)L&IHBcRcPh2vG+V0slIu*#NuIH_Lp@A=C+%xWlEch!k6Nowo27&7H? z(;HggzpK+b7!L~42aneNy*2Yk;PpB~cye7uq#7D|jpeKPq&(x3i>^G6z5WHM4p2l0 zi351C1GSo)n~;yMYAoNb1b7C%m^^yVd`;W(amMV-MrHKm%HLyPIl*cz;c3W;{o&+ zSZ64B6{u)vh?xUZ)8l-~{dnuz*_rx}FJ8Q`0VynaGINVcHlY>xwiVwtSRgLvn`Ib1 za>;^STa#5eC4m2`j~_qw_xFFh+LsP8b9{%Nj&41)3^oJY1{K`Kp0w&OY{N8Kk4xYV zP}q0CL}9a;d5#26t6E})r>(6Gy&T}oGT@Zt4OCPnxy+&PI&WEI^_1JrkNh&l0V$tl zR|{ktz~4qmr`l`6d_A&!0bIxU9)VebG~N>byM8Rx^D+XAhdW0-*+D1>uGP-rsr$ zf`ttn&q}AwcD5e=M$nNtS`vJGd~j!-iyhH7xLx<2_6S|`L*Nbn_+wj4RTI7Y`}Z|I zqvlH~DO5SZ)2CpnAc1-E(_!_Ecral-m{IUB5%T9R3x?TXp5q84<WqCZITIKfy41l`2Q->I#eTUPVjMTD?H&T0_NV8$6S?<=ZH9ELh=aqS`kMl+ zs^(hH^LzL1J3?7YQi(v}A2yW}_zc%rbdFuZZnyrT~GHJx(qLmHaa!Y&d{3&efTfRK31#T5Hfq4GkkebU>9F%r^L-6EeR8E9e0s;l1ZT@Suv!gVxrpbO->apzoXTt#1pgJKrTE zK=!pXHr{#%Hf1aG_E?FzD}-ldD31gQ7(yB-vrj%g*jQMvbrTUpo0NcmS4pC>dXK{YPYs0z)IC zz6==>fCp9GL@=mC_LsVDK;5Hy_z(#MtDU_)_$;($C2?SV7Mb=_f$fn~&7P~AgW(+y zWTeRWYH4;>xXfzu}&%gBk&YWM&uxPjR>wX058?SZIPEuQU7#|4rIDR zqQJ?{{uSsc!aD@hs;#wkrfk{^(f)!q8A$qfb)w-w(t*>`>(l~;C56zb)q3y%%Z$_} z-x@8ZuDd#;gFXT-0YOA^au2-G*)ierMhi$hlCM`hSn&t}n*l)u(^$mGsZ{=wJSR;i zp7Z4Fj1}IYtaMoYP*&y~yNYn0pFMj9ptJ|PRoBo^3=|YpoW|kdXrR&U%+kHUJ5OOb z%uBowkb2_$<1p$awK2(&g@8g{eRE=hC2hhG^fmyy!BxKnJ`G2;pkX_%+ri3vsq|Dx zC;sb;ec)ey&Qq>_l&_+8nn|n)eQ%oqD@VA_6BE@9Des_@*amf`4H`!;goWSFmS`|t zE31I{Psr;)gF_|#4Zs~VjINQ9k*YF$Y~$cy@b{arZ@lN$SE+Q`{RuFy<5ny7s z&}z3>Q&U64qIVk!(iY(0zPr0S62jU?n7H6phC&YGJ;oxMRoDSxc z+=0Ql`L?O#-X9S{@a6*@J&xzI_b@-Y(>O)sGMIN_XP*sJ5hNUf&JpZ@9nr3p4^{Xs z^X>HU-u1)p85ywnE-juouNIe=6*M)2!K$t>ntQf^0Q?<_s5Fw|*`wtNvvko};vED!tZa-Rlhz^6# zboBksFXCyvw|104;*E?bPUxx0uVh=f&>QOMeW1qD9$Ztu|GBNL zjg-gk6UfUX6&=r#K4rxc^^o{@jr5M9l9HyOp;F~_Dkv!a-UX09RnGb{$+~$thx>kW z-IO5l!I{y)1=uJ^agm2Et!?W7_+74!p5E*hD_-{tx>f>p#AL0Xe zh46oqlMR{_?hb~dndgxI=RD-VevLwwqN85ISw-&Y{vs}UF~nZ~@7-hnYni?W|MPc_ z|IaDle_QS*8P4{zZ9J$t8$&jXvSE3VffF}R>f?poL)H*t6Gfpbv{!Wa4 zLPK%Wi#Y7O7V8+-mtGw|$Tu3fMgb4a08j>cIq0C;Krl(ZeEAUi_+WvsfTE0JH?^zF zG5zJe?t}snyPj@p)=GOQbiMVd70!QQ_ok&xPThu0W7g(t=qKqr))IL27y~Y2IWd(# z{U!LaR);sPZnr^O7lsd6SSq|#4w$s75#4b_Q;C+L*ldt?tkm)q5Q=TxF0-ZSO0B`j z*w}!?L^89IGcOe}SoMhev4e{5l4<@LGe%c122#%>8Nt>NaS@KQ4AW*TF#SA@anxQER<@Q6&X-ut^p%hZ1W9!Tx{%YQ;wu>SCQ%>K}ag0@lrI^ zdIg1{96jCP#gw1e9Txwt28v3-zzH)UdT2Cs(mSG=mM5L34S}z3OxGoU_;3@^K!>h@ zyu3Vkn!HCnot*~2=RwOb+bz6=Zr6<%ZrjID0jqZ!(4gf^8qxOW>oWy}dRh6KLdx&* zx3_tuNMEhaO90w$>EFJ+17@^WR(BZ!ya&y5PqqW zBES)YjJ9W(BN3{$>{!7YF#^U%f^85+6Q(RD)JN>^10?B>?~^@>(N#U#{z*z@Q5w zV<-q*;IB%X`ajy{iJ9Lb!Q2r8FfIg#I^LlO>-vQt3zs{Rds} z-WQwQ5YsULwy$5mPH!>ej9>kmatqY4!{*o^_UF2jIW)xB4YUVNXFlF9RL?^+>{yzC zsk9uQhVpIAq=gC2fp+?B!Krd8Kmhy7l7sxQ{r;whHEoJg+K+h5Bj?$w;0JrCwAy*- zXlPH^*#~xMF-X7%&Vc!_@`{Qg(0uB@OzNR`hM2qplUe_GYZ9^>F&+kgn+YNah>i}- zcfdx0c=~|33$E)03}e8k1v6l9u=o=Jw*!P;fu(6-2?hTa#_cOD(|J6R65SP$AstFf;OfZFxx&!`ojS9_=;&y_L9;vG zpfa4CpY!G0!}~R%JIrt@J352(VKr^{nskVFMMcHn+PM*;R}vYil&4e$$pphQYPxEU zOWEb+gb-6!t{;l**6>uYHzo%TGdUbJk?so|V0oW*=zyfGP9af9nBCe6?J}Y(hE^Wb zD3KQa8`6oqB@?w|ybdru7YmIJFcvmOtjfkaGz-+%#@21Lw6u1?R;fPT*+HUVi|XrX zd`oklZ0`7<=S*oD!7YYR$ra1!yeoRk7EypgKWW^g1mvbHF%{0 zMhd0=Gbk6Ta6YIM(J}}s7P9?)n*ps#0hnlz=fE}!$2TMMYbz=%L0Z3FGKzl#O~;h- z@))Q(I205*`C$MHx~#D#FkJ<9IgDS#e*5-~m98HN1SewL1|}Hz@+CXl+H|4On5$Zp z+RjtHU3-4AEOad?E{+hP(3F5?M@435pxx@R1Arn(ab3=MXvsL2{J*ih<)P)`_4&O} zK}AEm1pmrVdtSrx3&GMQR3^;4kG<#3-W5iO2E|@G9gLLCgQ9->_927%uixY2@qoxI z0GBNoIEbwXVy(PNrv|6m!N&w#5D?Q%wlecLa{R)O#0BHdVsz5o2w?*L1EOmK_DXr5 z8{9D?SY`F&f|myhvI*SvAV6)MovCSQ17Q*}cC^@7h1VJ}XcVcUJqsgQ8Ibys z+Qlw8p>%Mr2x>X#RV|j!LP2V>t#k(=2U)E`oB*=40md)<0|RNx)=Z035v>=<1~Ab8 zHWf0e;Vks3h3`N(&u(vrwHeGo2W)|>?o_723(+3}#mrQ_^I?8$6oyflJx+FLDF_D2 ztaZR>Y5Dv}6#D3?0A?_`Ri#;DUe|+!7`Oq#QnU4+N;WXYG_=8Orr&**Q>Tj4_c!v$ zxqMGc9OaoBWi`I>d{c_!N`Jl)`M7?GI@mfev09)RJ8A*_hx5woEbVHSaDbZ0J>(Y@ zd``j8r@|s5lL0RY1r>D;h$0MD7C|n8De}gg?p0)$hP*sBevl7v$7!4KvbA!0d^8aE zN?um@LFp4LwP4mvK#Kut^R1w!54|S24&GIh-N2Jrh(iX?yug`40Z%Ej_LWM$X3Dp3 zGnHWve{2XZ4PGV%`TI}gs$Vw6y&>4&pqHeX`@8zUgI}wauCV{vpGe#L6BDQlOfuTq zf|YP39h{CLma{*}o0R=GjwkwR6L z^T`D*@f^F)OT^cu>ZmT58GI*TCU2SPVsDz)S&*eYEB@dW?3*Xe(_%wI|ODgRfZ zgw_>lclo{iSRVpITX9y(|FXrPEcz`op;`JS@%`{xLBSD=|72HLe3x=?L4n-AF!Zfh zL!Oss#N#0zgc^?^`gL7x(Z9!aHQqN`SXvx(C`LT;-2cplFbAOO3sK#&RMdhVnRTXARwTU<0fs%!9Wm1By1275S1(-IdA%z*16sNb>G|f z^!?7b-9NgF06y2<8JQkbuOyQrSWSITldw5 zRkZ0_+S(>YOqzEM{Q$jfTfyplDMQ^X+J(Gw;wwWRZ=;%_rx&Ad(V8R&Kc_8S*0J$U zfg7tIo7kUliL4M*gVt!{NLTVEAKomWP4{|@s;sT;syr7pwO!^%PMqSoC3UUbm$^Pc zpOTnpd{~d)zUA^uqXs!a^7)Rwy>yuPE?%FT$jfnw*A(&AiL3oIR9aT%9n2HHw8p%E zxHdQDoprF%_;q#u!HfJ)-ikFBcKR|rTsGO77w_Ylarf?Weqkm1Zf}WU<>n&uXt!UN z$`I&tu~_u(f?mW|`V`wU!`8ShO+p@DSGK#`ayf~tWz}+gAnHDS7+7)Nkt2^_afZku zOR(>R7wGTeg-I=_%vSx!lL*TV>_)5_sJSr!NTA^9>T?zT?D3$~fn4e8;lHllz6$rm zZUy6t)S2J|QC{iwlvN)xEtSf}r*?(6&%CG?#_?M?KUzKCb;zsp!?V*L2c2G6w7i1w zh1Y%%-HyJG=qRkixD;wJI25tzX3T^_u zKsJ{G*H2;+FmD0t+oA1{Z1ZA_Mcro+3P3x!m0SHdewKi2-~L?5W>cu3pkQ1dBTYOd=%JkkKP^82@B=Yw z`K9^k5n`(_Y+wAwzF2CM#RnY>#6o(D1$lP`i3P%$leaW_|Ku%>quyR~G$G_?kRFei z)^i-Q_*jbOf(acEw@!W_ULWpXqU{L@2?7_{c%9tQp-tqh>P#F8 ztv{we`<6XP!&;E`*~&v9rcu<3<(JTHZTCF~9^n==C9G2eEGw{s8*`aWc($&QnE$zy z++9G&6uWkUNs^LPPk$F5+bNi>*LUy-x*OH2mX};zgy@_*lYAyjE?)461h6_KNZ4Y#mt zD}56nYDMEV5N;CR3Kr>j+0e4fB;YGL{^7J><0P0b->4{d!0X~?3$+mo)%nF1uOYW9}*u?L+n(!*= zlG_F8Hov@l7gkG&JSiX)7@kY9=|aIoK~x~*j`OfCsRZc1VT(Ra85$Y_=Cz#}HAJzY zwptCh7h!oHKne{lWr`{nu?~V3YHrKHiYCbo2+)KDfq_W~7aAnmF1Q}hoMF$2%kJMy z+79#rV2Fs>zGAPNjGDqB?c8fE7Q9pKJCHVeTw_GYQYi64I5|-Df}`g_S$$8Y7QeE} zA*2`L23OluR8a*V_5)bC7!Q;`5g&Q&I1nK|vJ|J3wy6tZFr+Y6f+lQCxVV<(_yeea zcHr2?@G&4)F4Y#BuoPgvd;dNMAKys+0$BZU{0+2P)DP%10Ouv))=x`oj#`ZcOcYe? zp~s>w{KPtl)q?Yg4_ZF{A^NSg*W6CR0mv7KbQAJJi^Gj?zxNa z(dnr!X_o2P-wmRY=l}c`TcY03$53rvC}Yl@RcFm=kv(zZgttBw+<;Hn*IemXVGx&O z-0HdLjn2+fX2Vk*b8|B@pmS98BQSviPH{gf)jBWp#}5l;0h0@TbN!j>+*jS)l$4ck z#>XFk)%8_vtv@v8pdGhELeyfv{ldy=joC-OYo#7#-^0{Y6#6F4If*g&FFfPspRuM_Jqtk`26=9mL7Dq0YNl{D&^2-jd35B$*M|t8sT?kPH|fX!eJP zxnoHG*I!XKy)!S}9>GIzF7|NqK1Yt&F3(J7V>Co}DiuQhV|_+;xa-I1s29$OiMHhM zsN@+xxhN(`Ta@#z3?BsldFG5~q=T>)`NO~0x*QbhKL7XThsDc4?C-EP^6#H(F!**Q zcm#u-R%^!`8u2&4J=-d_mMm7SpDZ)-j z8>yxGohDyK$V&Q-DClNt2}79l@5BIt{=NKih7J7QT6G>lx>q}w!+DpaBY~}qc+g>^ zciTz0!0E@wlQ1?AcS?i)?_Xdm-*@of+rEV-#OaFygw<+#)Y zx^fdc-lwI(QcU^M*-6rH&Yx{p;JYp!H!3ta>nC`uS^T5Zw z1FcyFtTsX_a7uO!96FnEXu_yLVs;c@idf^?NPOSr*4EY(QkoGF@&RvfV}tk?*eYY7 zh$C_k2_O|B6im30zl3Y1Yap9J6B^=@meRKrfk3dwVq`iD;|Sz>5}(6n=*BzeBI&ew z^9@v8)H9~i%Nd9DU)_|cu;LFTr~{T?A<-id>jLCsH}auv|lmCFdzz6?gElz>Vh*&6BlAea)kB z7i4X;*CK;pAh`Gg@P%v<&7xQw+u7IG=a&x@h{KzLqAD#XX9$j`5UwJavclo4SJP0{ z)_#Y!A9;svT*=Gt9`k|d3&O=;YBTvm1CCMk%qy#~)Rq$~7jkW5D07EB=dVJ5!+BO- zQ&pVneSlZsMD_{` zhaHH#`n)Qm)#4cBkuyMXcYS>J0&^m@ItGKlPe7Ydn3YwJM`Dd@=2*$$I>JVzk0VXR zuhl3^|M2#!DAdH=0!#j7ya1&+f}O0WiQIj=>%m;^IAW9zj|q+}sDx{Xqj~S%Z~1dD zS+PggRYG`>wy>}W9hl_gL<)%o5)iQ`Mb}9oP=LI^N}TkzKLk;i5TyWfw4}76f<#3i zx{;Vj3*HwT_}*Q+p1xE6+}6fq)m#1)QVBT);beM;ZXp*}ns57BtPoIef5MFFSi!b^ zyAzEH4zh_}g z=9FyQwCNQBFch1%8B!SZ{Iy)2olcyf)Ya7yZ4xlGm@#V}KZ$%@g;AD@hHAdB(;#Q) zU(|53r5EuykG(sBgBdOfDdIPa`)ndm52b0f^@+S=>cQYxxi+j>V}K+7Gpa91H6Y#> zl58Js;EdMSW)7ht5J$UFq2a#@0}0EdMtzv_4hQ&5YX_s8aECa(5WBJu)UozNN%`LV zE%;_7i8mXRuf;~X-DY(Fx(B>_fOm;nIlTKH-32Q7;UscUi53I;Rj z4fXJc)7(1WB2I*2Y_%JXqtX!t8TW3wLW1#U+2ur=D2NAjg)a8c+{(qKKA%Qc@MrSN zT;Z|31S+l1`CcB@fg1-Q@qr|p%gy=%oN$` zj0vh&h8aCcrh?Jo|C^m-s_>!~_f|9-<(Y=nfTE5T*07dzmt zMG~t4bq~zwx#$c{!&sTQ{PuObw)!lG4gX7j(iMIEXWu+ja9N;(*)A(n1epvM>_yne z?B-B2FW?XS2Au2QQ%xTFXzl~5mQc2f@89{Odd`o=#6|4xFe^IB^)ME23~J~}Z$lOD zO@e|st51KOsOm?8Db-e|H3ypqUUm8>>UjB+d*#X(uPs9Ym#Qj4XLYkow2+So{Z)0k z@?*IkzMn;C0bf7y@Fi6hQhD~!zP(5}BbMH6}AQ+%({SoC!i}}_d;X> zQ*sK?9JD0`mfz+Q8|GE4=BAG6wwM^ypI)K4EZ5HYDOX3hj8qM`K4bsR+70|a3qC}> zS(F5Do45G;jVRhZidRPp@*0w#YMMPb{ofwTDW8*y75S*WA$#e4={Ao5H z8AZNwb3QKSF)Jl>Ut|p^^X<=yI1#<3O*5}9CT)$EuD!QJd(XKukFSGbmU4tozcqL} zRufi>%8Fgr$b3RWE4WSj@M@i^)dg3o& z{6Ws=N$h#zu8A+V*=yy*prB>b$hf>5C6kLv>-tZ3BHg@0nzv+hZ{B%`%C%=Uh|5CA!k}v}+dB>GZ^N?7iPnEk zQu0w?pt6w`IByCLISv4_k)*^e=W&j)UH!s@2+lyGC$`Pe`o)RQKjxVVCqJ1Je;BOI zV{|pW5gfpfcVEL0k>tn%E5|;Bk%*52z-ML8`scyia(`UL4Yo^h(rq<)ZN#06Pn3784T_ zIH{s{i1D|)!iiY<_U&$nRVdrbZoDKgnYe-xk|onRR+XV5*h=@b_yzb8DqW1exDi{}J!IXgO*T{;Znychl_ zC_nHlZenKE>@x;_tAW{wOdkNN5Dh?#aT||sv$@_uSKWXdXN56L3IqZts!`dnEJ+K7 z)FZrBvPi8V!FhT5XJ^o)V_*F~*xoDAZNQhig&=yk+Do3zkR`e?$8ujiq{!0JQZxFx z)vNKalH^yJ|GiZtMLRD5%||-$GMO> zPIz}dUu-tYx(GfPyc-TXD6SSy0Z{xH{;VSBumb_vjo`h3*F~}g$@$l4){c}W5d zjmu?vk_rVp#-p&XD(H0@@FEco0+=zlrUNt(IqQ~HD&i=B=OPI0{PAweC0r$Bw0!_~ z?Lm|h`UB%bLecJHc*9FGS^)4cbmf25t} z_YP@m&?FK5=!^Na9b4g9xw@xU_21a_g^^Y?)m%2!`%b}2I<~~ zRBwVAvkF2rNmb?A|0q$@k?={N4ZRIv+eb|n){RZRg*hc4X&wU&Y{Cc(D8GFljX`o? zCdl!2$+Krc8=M8)g)zeznAUKX7{suVpCcrQWLQ14e90CBGUS2T@S?CLkHWknTm^l{ z1gi$^YbOj;r0oE{6R85CLg~kAlgUHi&61C@+l-C%pv}qU_)-!CVupm^`!EKfBQ|q?~qE1M%qW*DjJx`k*9Up&VaV(_8h^EP!9K6VL z=n#J5zq%R$O5}}8&1jctnj;evhS-){ZV4I>-z#pJ8Gv;NvmpN1rj6A3G#azqfwTfn zi|W^}qpJpnNgQroBVXaH;BFnacksA$0WFg6hpO6cb8T7gUxt;zB|5fK3DcUV4_R*; zTIIBFU-C^qp6c2KGz}Ffo&-v#t8>GNa=cu-&e$xg1?4nxynv$2{E176K2-rDQcDO5 zzGZ>s?o2EQH0iOLj)K z3UNz`Z*21cd5X>V%8im5*vX{!{tj&H7N6#G$wfT)>pi)pul!!sLJti6?avi_2dzRZ0ly$#!ReX{r%&Rx`G z9y%C9^phI-4hJvH7@MIU1D*k$Ae;cHtMu9F+bn}%vMUTX;p_M*eN;*8pCfZ}(0*6e z*2br&KR{R8Ua5?={yDwX$$+G4&=imsUv&QG>!2n#5SKgnulxJpxMvXKD#NdB`pV#7)7nxTT8uSMD zFbf%>cSc9>jtI@J&Skbk8y*d*Sb>Jc|V|S4`SXH$S7)L_T4Fn1bj1yski?w5F z?7%<>+`dCsiZK|bv0SaqNl8?Rg+2u$+aSULE}J!qkc+8ytzH@3*yt7?)BnT|aL!9% zJrG|P_9wWMBd`SHCG1aI0(GxlaXMD8OPdR`vhWWwCY-7NlV_yho$0tD5X$%N?ytkc z!=IUyPs_cF`l}tK00YQm&$Dga!m`;?>Dl zHW_Z=)znGF3j=ma7tQLjY& z*IN)C zIsCsudif~>7`_UesSR_OmT(8M$9m$gCVC5|M|hn!$W_H4I}|+boCTbVJ?x9q6>>C> zR6=(_J^^XBUBKiw3P>6-LUHA@zqIBiye<4Hlpmk-9)W+IdVKSV&Trdz@Xj1`5b zcUhk&gcfiHPOc?*OA0s{%ynVL55Nq5yH#$JT6N0A)^&O^PnV} z*qFdhRVP*Cvnb%}Y8K~f7j0(8P4SAT;4#qRkvbm%s52 zz^Vx{nDPZPl!yQfPa*-{WRoMv2kF)|)D_<^4kmu0naS5k0~Zoy32iLe06vddhoRhW z>*0m=gLVihq8kdJ==7HxWGDuOAb-SWg7B&+^ySFDR?#pHrV0WO_-3Ub%fXKsH_$s_ zvlFTk)q!*xz$5X0k?T5EeMcYSJc1(l6T=15EnANv{o`9>WB{bHZ259N`)=94h+E5 zT+_X}Vk*C#o7c_WO>GSrpyW3df1HZtM|8_$@j^@0lX3R$gXC$M+nLWdDI1a~+C_y-G+ zG7X!943HnrG6WIr`WqAN7BD9Y#V6T%f`1?u>xMLzoDhx__1-civ?_prz8zeCx z{)6)dj)5fh29_CkkpY!qTtz4K6JiFLU4|nIwvG$l2CWEz0@H(_`;cLY+dvu~Fjpi& z0&A_L)|qhZ+I5ZiDndg+>8_uf8YcJ{NO#lLt>>^ls3KEaXf*2%aUj+{r1}uloCjN8 zVkJVzBO4zDW2#op`@~uByCl_#_#)||kw2u6VRH~}$!H|32en*k@&Mi40w^%P4g;IO z%v|!Gh{D_qi0eekCEgh9Hpq`;@B<9!ja*_yo?zIrF1=iW9-r{p_-d)?ZP;ja1S$WEL(}1s)`~7oBK3z@1Fb^YN?T+%PKwS3R{pzuDeWOR&L@P-?CVG3+A^U_%kE zeT<;z(iLl;!aPfH$NS883zj^CVT4q^iydHBq4-?NX@xtIjAO)6hS;_OKp$a*iCZQ8 z5dI-`1XYZ@78V(qw(;mKiKIe)jRE$+jX>D;+RID3(5GXDPe4?Z!quy}4HY3lLB!OE zrs6ZyT#%n5`Eyu8IB09JYDgv*r#8AWkv72-Sf)hOhtCHc#7~UiX}>@&{^-EiqxBCd z#I!*8Zeih18J0vJ!7xXnv%rZd@&cULbqJv(3Pk3|U{(mprlU1P)Z`W{4S24=YMlYN z`;F0TkR$_m1jMn4Hit#K2Ok<`{CNMlbLY_VfImwyaID<{*8x;sev6NXaVJ#zlKQ>E zh3xmE6}|MO^iRk$TX0?C=WZoCzk=)Ehk!0HPHL`6dW35)`4{DPW{~Z61BfXMdA;{- z|6{_9l5=L2s!`SsXkj2`trHIYS4XL#{9+_=D1o3LQ>41eJMR;Z;EEec&S$p4ft;a^ zIX;YaQ)|@NeHwFZ4RA25+`x7Ppbb9bZ*iX>@;=o2yU3d}8CDtg9sP~|9}XDCk;88+ zz-*m#2tbGk#ztBwPbdrXs3FCPlvQ5_1_s8(;VQ}NqnOe(L!pgfRikVBiB!nXMkR$d zW#Zl%9r&50bGNV!tw0`fdkw$irhbKi9EXZj>eTiug#S3_T~g9_DD7nDh>^ zo$^HiAdavcx9#LLj*LAj$vF3mZgu?!>DK?Xo%DZrk$;qQ4O^p;EfjI%ZAjvP*6nIM ziKX=g+vXL=_C8IU8)SKN84p?T1hSa()>vYDANaI4{+LKmW~ z$0GC!0Ef(Am`2nJB9=ZXFJ0IVgElak zaP{nhqztvja7z9rEa($X}VnPn) zv<@Qh00#KXsZ&cZ?NFZpClRNV@`_KGXaKXiw~tS?9L+wt*csa+)=KM+?D_N2CvWuY z_&25NpN5NxlRFvXxK`YFIbvsPyBh~L${uKnlgNp&dyGGfW}qYbZ_zl)HE>ZIH*fyc z$fa)q?f~YZApCg=+6qbDYuIw}@*07`#U3OhEHM>M!^j=tnm+jpXU?R94Fmq6K;t(C zQFotJBp8lEWZo20^Zszm8Vd;yE{EZRc#cpdDUDRUD4<@#hQon&EqRQFcBx{XgM$MH ziw2Zy)OG#IA1!2{2Pn=_*rS->#Cptcc+Wt7J)3B6uQQ2Bfbt^UG9d%dAyY2Fj@K6( z0tsLb(hM8Kr%MxOa-07AUX49fHgd#8``{mm>GEl18@)?FpufU|+b-AE>n4Bo|rJ#s$SOpLVy-bXJWi$EgPaN5ZN(c3s4#faiE5|$?) zN#z%bO6HW{-fV{%Xc4%;`f4#Qlhqq6Hnj9O(NvSI(1v1O3La~tnSF7l5S1~5tt#zXZ!UGp!!hm{v)EIPtb*v;e_q313dBa`g+M} z)~ufdr@A`!n+Hw2ztUx28{s+a+I&zg`2QDmI!h0_kW8-v-*dJ1*=-E!vkCGjtEf-{ zUxOx>431!7Qo~8CnrFEiiQ&uqp-C!JxKIdvtEpq;z&R6>gl`DHoW-8}H|f*)9wRai z4_y*`mGQ85U|=9smL233nZ`y04Kx)1Ov8W7k?AThqj7Vu1+Bs6{_~_H@&cR4EJYXu zNt*;u0I}ytx|}()>|FFiz&Q98&tQ%Mt$V4JCj*i(Ysj+s93T+>=CkKO+QNSZOayzu zkG6tsU=sH$!+iG zh{P`?nSPIMR)&EXM3>y&{-lU&)~JUHX%CZxpKIIjV6Gz>k(5?2l$6c`_LY-bg6U~o zW5#{rTiR|q4DwmGeLQdLbCX z%Zhsc8eV~(w{l4z?w&adco`1%Xxwr3!PJc@ zo?{r;v5}2Uw`;pXq^LCBltd??s&Hi~{zw_At9d*&bg+M}Nxx~YvwnioWZah1tlJ{l zTUP5S2g28G; zIeFnQcbTk?cA1i?DRc0xEx{aY_e8tQ5)Jc{L*w-4&dWtNiaLE1jSn}u-9S%+~V%-6JTW%;TZqpaQdjyqaJ24*KEwWdVgq6C2GHcWF$fKe9#=qIaWF}tF}*Ly6{Fg;OvO_45uPia6V^kmpkv9DNN2ejuBIuFdLt&!r%l+2EI|G%OH@+be#EvX{0m%;HFh+zO*1z5( z{3?k}C{0S8M`GW4>$qoQlYJAmsq{QUDev05Ec{biHJ;px&rWtx?}|2~(?zC!R~wQx zK@2$DdeB2DRF$q12i@!xwa;AqEC>z(2vTZm351~hJ zVeF?+v^nVvpQC8On<4y>AJ9{^)IhO)0B;l&6cmf|!yH%Dti5oC`pF44Hj87eF4k2- zYM!3O+*^Ijno?Za9a+}jmN|cZ3x=Byi50Y^VJTA^dJS<>1w})%_$m6RyhUQ_q*Ywo%WDYl$ZB215~gI@A+nz7Z@Jy_OdvBs`$O? ztFHnJ6AE6+4L_Oli*3^&h1m>clS=yvx~%4to-Nsx%M)fIyi zzB?5h1pzH>Jp3IGDZD>o5Y0I^d_Y7*3ysxGn`9q&D#J4fq@ zE}7{-x*$mH%o55^Hye$!9K3oUhc3d^XPBkZ8nmHA17dZ6zklsnp(X1mCmav@NL5jS z%#iqS+|VhQoV4M_O3Ig(xTYs|BH)`8d~KmmM@kpgFtX>Z*Q-U*m4TRW_cdR#y-0|4(Zk$>ktlBA-gkJ6m%Si zjj39KwQgH|%Eopi)03dF>XISlz+5EQ3?jG>RB|(>4izrRv|tAe`G5k^sy1BWzpFBxg+I`~a6peY*k(LpgWoq)iwuq6CB5i_@Cq@+H;d$>;; ztZoxH96DwR@TjMsXlZF-7IsMJalkgrB$nk`&z^Uo(ZHud5%SpS3UJf(w`9eG4(ie9 zfe$~Nlv})L9~{rhR#s_bSZnQL#=@|d+VOZmVtjTDOuC<&OGYXJOvVHF8xqK;hw1~G zDgqZh4#9@n9`xlXiN{o!t zKA2fAo;h>#z!2#d$gqh|xwg@0@b=;6<9Ac>5L0B*>R?j*eaDVOlqovuk)GEAjf4DZ z9eS#ukPz}M$tZk0#HJCRJV#)D{81Kpm?nHDkYgOuK#qZ!`g#;V23@H+)$1bi7t5GBT2+6q5F6G3@n*=Nde=P47RfB{rg}J z8m8`=w*l5lD_*?#uy~Q-hG&xWVkrb!d12?x;&8Y^)1(7H%0-H51T=!4BzuiF$w$B=MycL4V@$7&Q|CSZE*j`Bok^Z+bFS1RsuC?mQe_K~yRgT~{X^9+h_EX*`Yh_Db)(1_>7w4q|bMNtofC^*ONE&4sWUVYFw@76B@Gjt6P zd$kXL(^gGZ0gb1EQbLEH19tbs&+CqZENLR+owKtAEI+27gpXp>wd4o0;_cVFaTTN$ zwY8ssDNhzyfm6d?r^$aBtU6hp0=SZ>+XwM^$$Bk;Yn9U)((HMhaOi~;VThrp>4-=h zTfdnBxv~Yj07#ef*fCXHy{eiTI;t6|thljU+}yGfjOl1_G4Wtv`_LL+gsFghF%R5x zSAZ-!C^Bh99N#pIZ$vM55GO6_x*`rfP8Kx>hip7*=MO+1v_Z9|{q|e7Z8Hb!kLfMp zupxi9Iga7`;sku)5{Qe7V+%cK9Sp89QgU}M#94wmOh_>7j@Jb$KQqSOy5fE0#bp(_zZ5P70;SU8!HSVZLEp9gOH+Z(2E8TIc4SLW*}Ig zSwBWXk+biI=_rPgo*`4@VOR-7Nx{eoNnm-+%qw@nGbUh`V=_3ZNTop_aV0dYIFYVo zsQ(Tai))<(Ng?A;BgRvZB`hBS=3nKwYYlt{p7?1 z9q%#@hca9yLy9o!)3Ab3A>{%ZQR2k#z!z5_%6-ysE(jxO3yr6`t%x_GXvhK0V}Dyg z4tdfD{NoAuN2X&hsi53Y<{Sl0>l5-TZ0j&)ui7Xp5%)^B8WSm1l$B%9^HRH9TwI`2 zB#$2KS)5O)F&fiu)(8cwfYlcNs#hfBb>{_X>AP??t61q78XPK6wTH0K)osuF3)Yo( zyovV5TXl6+)*09dvxI=v?uRc!xzo-I-|KWn=HKS_?T=cwW=(RvD`t}f4RIYjD2-|M zjeGq?M}6ittXh>gIt>KDX;;Q_cfP2##H$1#5*<_#+o$!YXuEZ6CHHs@lj$sNr}6jH z?leq(uAVAq#-Ft#Pn|Z~{0r4c{%@n2uXcIAfYf8#JnfJQYh&Z?JlfA2mj{LV6)#*n zJ0qX->FjjxA?ImM?n=eB*9E=AQRsn1T~%56fP*YKvR{Zn)8z_2N>{3S#;M@fxBc_O z1x%GKZ+y(Bo~gC|qwc2ov7@WTE)LkR4_4dsNyVMdIu_I$>UpeRLipSf9}?}aA6k)|Csq?V^754{_3rBf9A0G+a+P(FSWxze&pI;p+12y(T_@SZ zXTEwNCf)g)f&z2JhFjgw3*<$~`LK^Rr`GrdT5rRU;Y`g`6~;VdRyvrYu@x~K zG>aBRrve=mepRTB)kR*@KlN*1GX~-dc9;~|&Ug7HnRqM^!e3& zD<9#Md(`cQ^9dP6=?twyR-6|-pJ{EL{g{0?@8f_+NcBGHPsJVu5cQ7YRL1Twhi-)$ zw@|i#IlW|fW<8Xu`%4uAJ`Y7zAit}O0;QJeV`9UhG)O+Nz^c872I*EG;pZ1X zZ{gVc;UvaJ7Lz!-*l6Wm&0L#jFsR)xSL|+nw-jsE1x--$p*Ob$?@dvC17cuFN!8A)&!Pe|Ks0=7z6dP)fI|#)E{xnJ zK|OjnK{%;9fBWqzzRy)2tz!2)P!9r_q6?5vX-4DZeIHS_Qc3N@Kvzw~ z*dU)(*Szj?AZrUK?jp!1G|$4dFHmY?q5UQSe=_5tJp>Vfi7b2b#su89O5`>QW!e%* z=HkTJE7)?WuRRz)1p0^kD4^FFZH^-gxQ)k9O{b z0E~_~l!yhY61m9E_<5U?3UOMg>-+bsJguOetqKNTjCppu8-PJAXA5N%}fw_GHc7H>3Yr>5}-+rjK3OvjjlW< z%C(M2^!q8Zd-yy0nu^zkgz4(c{KkAsGh47N_Q>)r?5Xn#0A4t$Nj1>a3?qju(#FbY znO1Mu&3X9qlgoPH*XMb{iZaglcXVlWI$Pvpxd^2*c5>25itgO3YmZ@}mzR99Vt5BHUg5$m%u#PSuJ`LP{QN z$&v&@48s$n;0+kZ1m56q$^QvJCDr?$Af@htrT_G*HJRi*5zBmj0o7PdS;?HRLmAI6 zG_0KE~E%SXAu z$r1%S^OYl7rFaPZCfJKz?FDGTXmH_>x{a*%E%ffNv!o!|c&b_3-j`sD&W~ebV`Pt! zzk>x0yN)WflBya5SON%Y!o{Zomvf8!d@KZrc}*R^_W{`xLi z43GcwzVrVMz4-q=6)Mj^NX7oYYxPgKR#_@j*bSxLe0!XpF`Rpz^|PI$nY9X?I^VwI z8!hE@t^&^_9XEUn(3*c$u#IO=-u{1tWG8pF)Pt zKItN>$8pw9ti|d|g1^*)L!OLdz8)`f#Lo*oecyav?em0EknN8^t9)9baYVPEc5?D- zcv;k+R~U~6aHKA@N^o$ZGfFal0~>)&C}gWpLr^9pk)K z$72Eq)@pM0gx>Q%yx+P#)tGIjpj_6c!MJ5Cd#^|E^C638Zw|C8n%+I1rWnFDXTHHB z>}d0tX1Z03v3tm7as*u+p>}fll+}3 zqEh7Rc&^Z960+aKHd@YYX_(qy>ssuoN-IeXWf%|g*7B<*p7(x#xi&c={X6*{FH+{T z&wB3*E5354zlq8tZT5*%J6R$u;k`3$G$qHXufp}`p}Kytm`BIBJNjt8PC4fi-qTNp z3F+&2&pkfMU=I^5iLxr0a@DXDU%hs;IjX!pv25|kIn~w{?y-#7%5L+C!m40BE8g0R z=pD=+g$yWQ$40R&U(bXxQ$0{qWiscWOKusIh{|dA}ezAJgB{q&DG7duI-L~ zjDZ;J7%4Hf-ly$1qQ~Ed>s3ZZ47+sH*2eV&ufJH;>K2$idxTmWDe9>iuh8YT-1O{= z10K<#o10v87xN;jmlKhxN_zWj{^c<7RKdmI=Xbg%vM;qs`OYrJC$ckpg?#4CX;;tH z!KIru>nWixKI9E}f3E4Sfe`cL6=!M1l8rj!gKCmNAp_$UB8QrvwMDUw7EXH1EW}1# zT5h&%+C^th{h=?HbARMYD@7^w2VrNL8rJ0q)QMPo4AI^nU3coJK}(c?$9TAK_To+B zypj?s$HG_fSJdR_W30?>y1rq$3tYwywmL33TDY#9LJ<+vkhsEB^1q zOQNUsbKX{%VdvIL2h1;Z@9MEu3itD+IX7QS)qId5ZO?Y0LL_V;$=u9zG(AYSRV-KH zbk_d)XyG{J#PvGirtRNrn1zIz2K*dyT6uiRo-dJn$jIwI;;pTs6HFNRVlzC1P&6S^9D-HiT#!~5p)#FmM5<8@79_Xa!a%oj2ti(YBH)n7N< z?IT2AbA2xeu+r+9x|(s@a*GKThb;Gn6tkwdKbZwqHz+v8TNTn0&Gb~1&Kp_LeH0c> z9}=I~ASO5|Cp5ZxA|w&C`?_i+6>a6D8FTg^F%dmIFS`%sbE@I~_@ZLeDtUH28CEOv zxb#`t_`AKyfsT9B0vt>hSBZV-bMY7-(%rXcpEJMU5tQqGr(E8r;iIXoj5gny9UVQr zKK=|9E4OIIC#91#v)u^{i;!JMs4J zHnGJQ#ytaRaSD2$rBzP)o{-?t7F4v4YEL+s^S-`MX=Zg1r_{nZr#egLoTdj>_Knt8 zw$btvGn#v5#aUwIxD>avjjf<|p(coxeBHgS&@s+fBgE}fueZtu(~DmV!j50fi^&rF zChOt&pl3x`b7brD=E%7j=6ZSObN#ViqWh(pcg$rri=(>d+UQ-|UETRwvJKpR(hG>X z*VY)E`EhDt`2Fc^4&m$e_V>p(tncc6lJ~T=Nd1$O--iI_@~b=pzwxWSKH%6Ky-F;p zkQEEd&8hg*z>3Aus*-@cB^SiSx6=PMUSKk(j#Eu@^i|Uu=5R?rwnq(}U!*uFl;b7r z>kU<=eoOK$yPTK6bWr-wlZ%yHoRTj})B3Fa8v< zb+a&+9wH~S@Eq&ao#KgZNAG{1^4Ckj*E$gtv~YRdKlTRyjxIg(y(cPhh!3#fi{KuK z#rtN<8Xx$JO&tI`rZROE|Jf$A`rW&Lw#eiMpJ-QvM!xwEZ9c%SqN$mLXX_>pW#H3% q;YYK|qv7GMOl8nV$0q2DOp^;eH`rc&@4@d=q|eHqNjr7v`hNipH%t1W+wHPbdT5@rw_~f>jWVh7A zt=%JVr18S_R3Pf}XOu94j$S4NA^h}BtE#Iv2~&H2|IYSBUZ40O?UY}N_ET;i9{%nF6NUWq3s-<7HT?V`6@7p_?n)TdhamXbZzFhteBV_+=mGNmIu!T%o*$P?cWoHGH!HSOuJAN^WXgLxpN*%OpzAW=2 zh$MO(8K-%zOlq&NrvHl{!K25FEf=Avw-;lD^DeLI8sPE{Vj?5o#XMCO$yQ7+ExoO) zt1Brbm7|zXEgTyiEu1N@yU-bfOA%$UE%}82b@)p1hnM!)`{-kw+SBRR@w<9L@d?rg zIaxAk&EeKBXG5Gkn_}$`=Z3#tIel_04nmlYA+^(aB z%GBE!PFjuac1{R{E3Q=to%UwLd6FJ?)p)A@aBO7412Z?ty>Ahpq$s6mV_DW}! zRhc)$Uv79u{+#T~4D(Aa@sqtOigVj zNJ~r0%*yH`pM4Es8R>2#w%deIZR+U2gx7J+YMN-G3^Sj!ian%xD2Rrz*>omj?cZH} zqpXRlvp~0^d~Vh0LGNWwwdWMaP?s=g%!=QSlq(DZ4CQf{;5P`2Zl{Md&VeNAKQSw2d z(}$+MK@!H#<;*NB=!i#B(UqP&cXp|-$6Cb)ct<#SdwXAdG2Gu*{gE`+qFYzjRILG_ zB_V=&`%cHsc)5xF);QLM=s9U!Sa*%fvF)!LUs{c4gtj8Yr)QIA{#yCUSD|Kel@Jy& zp$p~mdbhYSW|+S+cdoFt+7;xW#UL`Tt(&{?EqWnq(Vw8wnHPofe2MN_pnYTL^%h-A za}-3RBm!Gnf%u+~S_&mKwJZC{@v+Y3`3bLX5w)b$gAY&83>@}o5BgFGvXx9DZ59}N z$iw-;>t0(7VPK((p2F*cS0p z>x=Ml?-F7C1@&pzdQjXn`SmSMM&7L4@$s^E)_h#tHRCfz69Ueze9eu8yF^vRGGTK* zH{-ixs5r96rB#%2e9{$98a%JU(xOmMF)G@7_O^u0^uFNc=df~Y8sBZ~A10)jI%JL| z5uuJs4Qs$q+VZ?}Gx*Dx!swlXxTqqkZu-nYbXlrv?{}rsocA{kle=ya_GM&N-#b(kp& z711WU74}TOdSE5GgaGxYt?99)I=foAZQFj8=uH1mX6GwIJ)=+-xg&H$GLu4?ny>ne zPu!(z)SjoO4MNZLiT-d19VK0i9@OGuRX-s$sr=xe#7)>2h8!umZ_rP?y(@xT?| z1_Z+Wau0jkWcFQViI-nk^7XrZvVQ^?5gjsJEn5=#bH~3s zxJj7l`876eprpR^xG6HDWyVO2uidnxt!Kl+N{C>lVkhtr<)un>dTQD6CN_I#4c~ZY zCy898QtzgQz((Q0cTAH3lG>WLPx#%*_IWRH)0E5!Jg6zKQzrdTGA?$;&LUcReoAG@ z!1nWTiqCZ&dHyh$rj(dTbv!m`digEdOvYUhQ<-V1?eGA|g`Bp8j7JqEdiW-eoAIP; z=j|sNRq;L^LSnNOl<6o46c2Y6XA7ch_#2o+a^tk*v$WLdZExO0=KdZ*xoILCbX(;9 zfe~#wwNFI3}q<+YtpxQCAyj*pmMv1o5) zjE+YoMEl2DCiP`YV7Fem5Us`e>raK+_pTAeTJ0&TT(5K9Yr8PUx!&iE>d3OR!_#(o~gP4S* zu_F1YPe7^YelTg}r$`i1j8899dwL!TD~j<$5{Xx&Dlx~#dWGs|$P=J z{ukH%a)`o0+Y3ueFdU9pu%|J7m>d?sksP6f_WS{H0xB99x_@KJk3YDbF3t`(y7dmy_OX6`S z7p1#4ldX!@S6s%%ZsskN{$YD?Zdzx_S6TOpKjPs6W1vJ7)ft}CSpbPO*}IEz-F$_j}JCcaRVgG?3TuO)x2l+)_p ze?z6tfU;iQ_I4g`HI>b)GpUPvSMK-GLpO2ctR=XsRk)UqhXeC`aUyWdLTKDB8-H|& zm9DL4Ug*o@{kebH%NN8;5%HMm$Um#%*6!Q)rM={Eg3$Oew7jwErr#X|UZ3R{g+9|+ z&1`>`b{?{0mSOl(NnuBts7xkWF{9*c`IESG=jdHp8p>aPEMy3FX-$WF2tC(7O-hUL z;RL3gkW(G>RpgDbC6{7dpltD!rd_t(!HBe1^y;Sv-0O{1}OI`U7f(z3tlP?lZ~joRW(E z=K69gcZ1=635V!#BV5&r3J$U6+4VcX2X~uyT~K0`zPd6@X2|Cd-iq-9wy66DyJ?xD zFwYS$9g21J_42l8qBCmN^C$V5^?4-$`ZWkSdQ~pm`7Dg4f{%O?>SHZ={sLr4c_;|S z@K}gVd^h9oQZy>)=r>1rRhoZH-eo0a1HwN0*9f=bu4CkA{2MHN0D@^riPi$I^xncl z=Y_gH6UtW2-j++OjyUvzyZ=B+1{=?|~<1EFB|cs(hXfcu+3 zKq$WOSRUE!zdv>9IebcLaFZr-bxrlrpYqvNx{frBPTp;k7k$v4H9s;X#C*E)nOLxh z6oPH+@~qVEM|9j-+M|MNuL*Y^J&&SkFt+;3Yhe>sh|i1<4vm1Xo!)qZvHi^xU&#< z|I~mVk!pO!$y{+dE$Jmpsm*_ON?^Y=k3otd-C@!F+gzBhc6-qVA-sNa`>z2}`WH!W zg;`}Ap$vrFFOqkh$^4~TLUx~SpoeYx{ABaBeR7UvMQ6-;5_2UcHefTT>90BYW;`rS zi%K3Md$U(DNyrvW;Iu3N=-x(LWK7=m>gyHg2r=>qiK&a-*Ejt&f?L0vBHmGWT-ev2 zBN|6qF#%4J+aU{V1ZeMgUT!WAOxFB)j$>pbuc9`n8!d*q;p!%psaBxy z?XTmNJp`U)qI1n}Q9Tu)tV1vLMluga8hug7TH&Rssi3oYyiMafvDU}tTpP)G_CrP% z9Xr;T%J_WO@T{`-+T#gOD?YN>0#ii~Jq*;Aa7q>u?C#Et8H!5PBqbnc zcxAnrzsixlwWS^9;d87B*{Xs`D}7@WXj_x`?nbKJeEg7x%1X$RL=n|M`}h%`sl1uhu=9CMt+)$DEYad zAgM))P!C*H7IKcP^1nfroJZhwf_EG1;ol!vw~3;uSJZfo!Y-=YmhS%jnbwDC^V5zx zU7~+uyy81<JhH0N?{xIZrqsKF?c+0%izeCJYMQ6Zy zmDpan+t4tu;**LoPR3J)aT>8(z?npvNNnm`E7(o{W%*ARQ8**#qo)e9e=na_+Od%) zSGx_5Wqp_{ej<_lMv6m9s#C|r03n)@5HZ}sdkF}8d|Z_}oXW{f?ukp2vVOx@Sv^UB zA`q~pu^~_{IgaR$2|L`B?gI|Ls3@w?&@Lh6@cbcX&nbe9JBMC$QIa$3M%ZYgT4}P- zo6A4C{VH2=Z2EgOR!z?L@0-fM#ve*)RLX+GgW9)mOwKGC;$tYA z8)Pocdm5pzo1wrZH6(R2$j;2@`49ZH09dB-`!<}d3#_4Z<*zr8Zo-}Ml#wF^_OHK4 zFwM_8)5KN3wvFl!zmnGoXneLo#lbP8MX$SN65M`T=JCLq#RTs2sNwVzSzNfh%e~M{ zqc^c{9z}P&>WGSOjbXpBp`Jxx3ZGZ*-9_jbQ9X}qch^zqEyLR@ z4k2)$rkFe}_3;gH$lQo!RoJ-6kw9{p>Rc#yLwPH`GF2=~jwDRj)eKL5jt!{-4V5o) z)MrsF?oy9_oO>=mnNa7QIS(eq)MQqyiEwxwsqC}Q$75qt|;zGFjY zQJzn`NDy`O@ zj(Gd4a@12SG>OQZU!?S(+D{6`LwDHo>>me8pk4;$saitsnYqr@#70 z?cAfz+fp(f*$q8v&i+*ogSZKNd#5IFU7}E}Jy`BheRNILB$7ikhT~@S{pr1@=>~O3 zZ$^p(SS(eP&Ht-vqd+H(Qo=q8g*ROeYCn9Gw`-lAjX z65o*`+F9TC3gJeZlf6)WIG86g; z;sUqJj9hC{U9fGxTg%jIbf6-<_SW9|4Xrav4p}pQ^?YM3FDuq#YF~MOyJfq5XqUYg zBmfkTpPbLJ)#p0){TM0p+L*M62>dD6HHJsG-=kwl3il#a9ArTyqPa!*yPe4LLg2fm z&gj%ntO#5SUt|ERI`jJk*uV3VvkpxfLp$^0kKlWJv~%1a(bV5g`270AkqU-*oKg zdffaeWBBPW%V^05%p6?anK6%h$U_1XhfM)qST0BJJD>2*1`|QklWBRpU6x|I*x_&u z*BoDg?XkR-fzB{jLrb?j7AXccTyyr@R%z;}#u_V2Q@i+WgJM##D0 zSn|ed%W7z*@OzN&4CJCzCdd2VvEKMGs~N{)FMs$LW@!ye$W4+=9-j*}-OY#eA@iCtxuFH9aEG^;$$nh!vUAjBJ-}F7`ctftT ztgvOq7A0~tq2>2)1e&;`xP?6ywddI_Td#?x;}vg{m8H=03B4o%S8}=|?WWREG$8b^ zIxKQ1`an^TkkAxO1A#W9EL%Bs*U_Q~me{ad1Nlh3+1dyrKpc=*ru z$h-1*7BB9BC%AZHW^VPF6gBE!Ef-#Fwem$h`DVi)xvl#N$ zyLa}VqJc*0Q*d{y1+b$?zr}RJ&V9T_PtSyMBc_!jTSdlo*$+WB<#2CFZbCS4lY!Yp z=H1JxQ;px21{OhrqI`NgV{|(!wVER}CuE0Kf?1OktW~6+<41|g!(*2TC(wI)Dc>W7 z-NAnIQbW)YW{-zUeKD#k$MqT?dF85BQ?3bO1%l%4dT5Q-s}xSmT23nSOJ;ktc@nwm zV&{ihJ$Bm8=G5-v)of|r!e}{Gb42u@|ParUYgLMrQa_gZj+}O z;pxmF8zd6BKPyEd=)57JqLw(j(VOxvFv9ocr}yI)37@2kX8K<+S42`j79@Xv^I>hM>}fcFk<9!MQKDqfN1F---${(lNJ-hpZ*m+{wS*J06R)-pjK+Z zaHM|rw$jBBSNEk34y`}Ba)SD)PLMmBg?z>YM_^FUH{Lr`A4GA*B2wL)-r7>_qQkA~ zT@>3KpVVYXXbXko-6ZUz@tu|wiy)@zjH6O3F=%kKT4gK2XsQX5E}6IhH}D%HxPlbV z4#Qb%3vGyTaByd)CrP#Pl5#X}GyzgF)$))5#Z(zxZb;<=kJ7{Dz^-nc;QJ$QfZ13*+M7=KAR4RL!#O?j<+avyi0fp`D?QcaE&z_+S z%o(r6rqTv&u;mnW4A?SW}18}ZDvv5+S&EhI9cNmGb8Zu z@O}*i2Jkv*cdqYG-gy7~)pV^kc47n7+HHYYbtk5Aw$*np-Pq$S-q;g_?5TleKKTqzeiQ`|PWsDm> zooM6d%+AhMskEW;yt;6LqY$1QZMDa<=p*kgJw09AG$Y%6?-v*N=58aC_o@Gw9a8bp z(9n?aI}?Zo;DFDFQe0eI=z3tbK3PLl=X&6ikwF7~IU{3$24i4Z8HbFFjQ#2(dU`*R zw0H1pXjqu8o}N$eEjqI<k(@$w5?vs$@DaB(rK2|LN(r6v7e2^^6>4Qw18 z#d|*s*dA}|K8lgLefO^3#p!{KlT#qvKCMjryO9x<=$M$JDvp%dXMkQ1>%8t-o7kX1!KS$p<%`U0wC2>pgfqxZRJL zA&+q2#Dp~B_o=ATUTc>mB=I_6&Cbq_6dQ(c3Znw!e0;b$3F<^zTG~jBQ-R~z!P;;i zoPA^KsZy?Rh1H~vp`kzI#r*C<7u-IEmg~yHi7GpcWIm_1OzAiTqQ+@U96naszC4hv zFy@L(`Oy;Nd7-NleB>3UiDGC}+Mr+)F%HyQ_a^fx7kFH(m-Loq)eM?(z&g#Wtzp9z zn)ZLC;^M04Try=R$yF&r{rvfJVR3PD7gIy1j}Pj`Aw-HyA}6krl9EaPSKL@e&G!(e zt_MXdk7K0lHz)3?S6KZ>edY^G$80+%Hc{>Hy;J`dIe8c?^K2lcr|?owGK<}!482C> ztE`@nbaLs&y`LX3Fyxh8Y);m+{QP+%j!`qGf5{x0VCU8BtnJ+{rs3@KtQ61pu*IwH zR-c{cZm6iL>aLFzb#!+AiJflnYB&@a2GnZ(@dE{c%>P`~5_A|_5koG90$R>f?Kj%q zIny9^9>gXkQ73f$O62;{5k>PO{dq{MHyTE3y~kN=JEa#rKR?wdxVJFy$Ox8tQ;41_=ii3AzH|Nhb!4#4 zT^vml`TP6NogS=FKX@QUuU)SpCLs}mhJhCpr|qfQ+S-Z<$hdSlbX4}Ur{^xBb@5lC zKY@r$0{aUbGVWJ3b-B4R$0sMjx-9|0LRaSsV&dZODFj?G5!7^a67*`NlKabjqU!af zrHUN}tVJ$+Mp5zck9>T5S|I?Ri-`C*uVlvg$kO}RWPai)bj2=d-ja_(Id$uAup}gwzl^y`fWklUKei+jEt~8$5 zMn*qWpj~ir@h4Ln^&Npo(DJegiZBG=GdTKtTvE=Ug8Eabi5e$4_rp=+=AS=bh&_KE z3=sx+%7_SZSQ`rV^Sf5$dEts8Ovdw843nz$Y^#9@5yW9W6eJzTXc{pMdGK6DCX|@f zAjo<5C*AjTeHE2>o40Ro0(kYG@Hnh0W_mbZT^u1V9*Ub!rPJ1Dm12WnD2fD`nVB)2 zR-?tw5d_m-S9MU-ZfSd-WFqdvxCxUVf!^PaD7~RvRcbai1=z13NQz*%uTwI-IuruC z#qR9VUdVkIPf|n>Xx2F1p_BW38!AF`d%HyK)#ce6ip2T$2y6s$`~3m~ky{UIc6o6& zb_gI$_t|Z;O6r2!X*21iYMB}Xr2SJw5R}G&mA&i2?k5Xz)Bq7ZDecIJfegVyh|qov zo~&^S0TjogqoXU*Z9%8<`@K2*S-?%q(Xkwmumbj&nwC}^b|(mOMJ<#>Ep=A2*#MyP(a6cg*7%}Zth2j2qsmz z^)#aa>nA8|cSSH?YiQ6z2GWI-@lfBqb?Z7JDmwas-=nKJl^Vyq@~QVsBvgLfZil&t z(to!Aviu?dY1m$9q z3SAy&K+zmHHJ2KzV8y=;>u}?y-uUogGbk zF^yGNYa3FwG&jQxR%*eq%U0cy{o%80MJ$9K1l-tC&Y&51C4OjJ;H*OG$C<=16M^FyCFd+{$ zKTlJCJcmu?M*utm^<7YSc>X}ddxDjvB|5kgCWyvs2o|deZcC3ckNPKL*{QutED&z) z`+X8)(e*ldiI zJ?YY_bG-xnaL~n~Ba(_Y>j~wA7aJQ}a&ejF%G%aeM1Pjt+Bv;yu~?Rjni>gW<|kds z0L3k3Wo4+$5=#TF{;jQINKjv5(bw1CXn=}@1%I($9k>B?_4w~cxtv

TDTVQM(P35*0741??bvNse0#j^?EZ?hle1e+?RJwwcg z^L39lCt*Gi%4XNZgvOb*hfo9%ecmg4fn&j7Ai_|I%G$?9NAE#Z9B}Cs_{O+Ex&B>n z%ZoaFjF?oK@-j*ClMK4Hw)U5-EE+mG3?e42*7*pbaL9RGC>%(nay+@KprGLA=QjhD zliPOgnx38>!QH!G*(ADu|0XCeFYoB+cqfu(a(KZ5%-L$9(i=u$b+>1li20qFk*o`$ zQeuP)e2tKR;9YaG$V9D6$(XB_%fg*pVAD}iQ9+@ht=LSp2m}x!Y^Y{7+cVFQrC|gp zQ1aOj1O|{nYC*yJKjrV_uEC9Wm2EQvuMMfgB72p5<{rgE50C3Hpq&Dc8N=^FG z>uXZE@bU4Xwpxsr%eu)x3B2#uShH2Hp6w1tw1I&;vo%&jIJT#_zl|=<3yoex? zAVrmUhk#X>NAI52UIhoO0!Duk&v*tAB`+@@nUoaT(IJ_uUV+!s(*roq%+8+sw)It> zlKJp38w<-bxF}|iQ+uGx-v-SrdEl;KfynqAao`F%e*SC%y0ZhEWWFbvPqy9*i19lR zns;}1U%h&jdQs(h!Hb2BUF5W-Rcbv=0YAsvE%<=Lp`oETNV1Xj+4JJGskaxOMk2fw z*lwx$3J*8;eW(^S>{4)f|JobiE4qE@&pUqodTwi5|U$faj#83u)PcG7A32c!-mDQO7uGhML^%R_mI zhX-pTMKq4a^{qw+Ls`effIXDw^fm>(7%5!?13!o>B#+_EvUqs&Mz!O{`-QGJ{e#uP!itJO zhyXltUd61Z9Hi9Hd8?OOG(9b-l{e){E4Lg^_qw_qDbz)Kw`-^|H#etaYI=i+h-hSd zd@VXo@`3Yw7#FgqQY|qurA*yEr($dmo zLY`z+R#w|PJ5A7n7a4Zl<>uvW9vLD2u9W8!6LSaA*xrtDcDT{Pw^fS<_=waWfd8BS zUdt@lnQxy5$f2zYE}go#N>^=BHrkrBVs&DN_pT9Ko5 zwfgdCtz=*T!~~D+{4Gj$;V@!-X`>mKWY$`HnT#q(!vlVla@#LF+{le9(w(rwQ z7SM0QfqFPt#e~b@w5hStynIK9BP>bj_^c?q2dPv5?$utNt_{AV`?gUwe6*KoeUdYE z>y9CvY=R%K017C~%xrAFup;?dbvYY$l9HIPs@EhWB!Hd|saC_KsX+<*n8bP#qxtB{}zqiQ1zF?lA z^gSve0Skb!Zi&dq$OzaM>fO6{56o)xu!P?fybu>hmywlq7@EkvAJ=7jb?E`!@6h+j zw)9tzA`=s_iHPE)#{CE+rKNon6V+q17ok~t^&}?7rv?loE35pTNoz>2KmGl)tE;E4 zw*0=p*FJr^!NtY3aaO|%3=CpmR-j}*^nf;gC6URHUG1K}%*nU-vC10Ga?`O5cmKutB<&HDG5=?nxR1fUDG}CfzN;IynG?sdz^ zQozTS34f;&@U&b_wyk2onFud@ZGvII{Qvn8lK*(e|LYSdw~2_@{`C-wCkUJW)^yv4 z+TQ>BiIw*Mt0z|e#tFX#Ry3_YBv`SZQZ{(ylAufj9k5hXBiPzafDo2iO_G46ACR4Gs_&$_283&SZ_hU^jSBMD4-~g1cuwZ$7!54x zX_nc3RL4Zp9B*6X_T2nD;k|poTvN_y5ki;TfC6eu^%^yf zxFL5Laui0PBzGtA++ty2LA*mY>ILPPAc(bc>_70lPDlFzE==Ht@`hy@KtHo5Z_a?cYl^z(Z-Sy`Kbg}rNR6keaG zQaC$?n_{+};=hK0p%46q+inpDai5wR6}m(TC8fL2$?~+ew~J=<=>YXYs*66pzB?0k zy|d8vBRWM_k-80tPg0gCd`@`QwL9p@_u&k1jC2>r1i1QT!a)ONW3$_{p~E$xQ-Rw@$!;3NpHflWw8-JH%YQDqsi`Tf-uj=@+?FMwCRMkxV&t@*3XO~;fQ}9s%22FFAh>aGam_t0fy({P zR-i+Yal|{QHldV4^+QY7(b1`ynF#>LN6O5JraaFqk z+OaX!ndPZ22Q`a{q5Q?DTBP1|wgv5<{+}-|;#m!`;0%aHDBjcVd$`DGkWK7d(mp*o zna!)1LPgjw|3=~DA{2{atJ*?d;};CLHDsB`m$Nk{BqZH*67- z_nod4v`kFY9uoN?WBcmyi??szZy#FqncVq0T_3T8?h(#d=P@%rmDkDo0<8GLl>S?})7?Ky~xiAhUMO&!Cw`6umht-el( z2Ww0nQx!J@E=Ac3)OA|IlOSvM%A`o}b}eOh`Nt7Uzw&w_@>ggvoCCS%`^!52^2zF= zqhneBjlQ8_q4)k(w1mXP1ODw<3H^uX2!~SLjICu=rc^E^6= zoe%673oteQ!x4R0(ngTWqd@mSnkB(>pWoHg@PV*|3Y4+-Xvz%|Tg24#F{j1IyOuzF zG=!Gdg#!)=`!^n^2;^34XQ(cT30|G=6&4jW0eO64S>txZXw)6=?Tdjwce0d%L;^en z^eaKZ!A;1~FL=ZfnVGL1-A3kGZC#!1`Unf65fs9xm>B=9`ZGN9q1-0Wj%*gYKP^rO z{Ij58Mz~Sp;^IgOiuCzFB3!mGAI!M}Z*KSSZ3#2R(J(N`)@&5DQ~1L5tCgCdKzRZc z>l!EmU<}-X#t(sjMMNUS<@uf*u)XH4E^LTx^Pb6n3e>R4;rEi{q@+UU9X%uhgUG9suE|C*JU zoYOr*L%dQ_LiZOz`6Q#X#ryXy&w!bO@9IB+n=>g>6?U`gd^Su>>G_iwktZ>n-|)iu zk+H*(_u-HH)L|s@X7=?h47&eCL{3>)L2dr$>Ddd8lO##7kJKv^qEfVj0HmU09w%16 z_-B{yWDgLtN=vJ#cKvSd!bV5`FqSeP3{bmeXh6-#h*DoawY_g2*!?HHiKqw3?V|F5 zn1jBN@#V`kI=PGR!;SNq_4R=-mYk|VGIG7bj)xxmTSNnjvd9k;b}CmERm7nd`UeJ* z>J@1CB4+;hJu7~(C^psA(Ry*l1KaGOpeTo2N{;1$B7tJolBlRpg9euDu0aDP>_H*Y z!tLQ3BsFHprOL^8nLIW>R_2UJmGI?K96t(}bU;CYlfE(x9>BxGy9WntdFt7+@=h6n z9p^sOpu=%EmLcEzLWga~_Lt~3`-{mi3hI#e@9&qCnyj1s^DMC(>!*iU*dYmDHsOed zhEk04qVSD<%t)zB*>Z8NEfwUi|Kmwy4!0o1Y(>ZoS;s0Dj~KwYFJHdA7>5_eQlL1{ zTCSyl>n*$FM0E{zQ1Qu|jB*7vHLNnV$!`vvy{79Gr5_Rm!J|M`P-^9&3O22?hIwjdRWy0J=+ zGft3lvoAbgMELl4K4R^SvTRQhk1x2R%lzfWy%Z`cDmw5&*q9QqEj$W-Oaw8XBYijs z?_1Syk&ataxMAXG2&DPf7C||kdinS^7F^AJKE9e~2e6ME{*cN)e*8dIW^kUM?-*OO zs1^r1>_?gTF!ZW^00H?g#(CfV#bjk;1HtMYJXx&=EKE{H#^O~nIB=L)SU#Ure@Q>J z94SPpaoosJCN=I!Y64-stf9hu7|(L7G+SAdLlwXR$<&hD!4t%W7S8=(P#Kg5i+xU% zR9G4CT=S3i?B2d*)@{DF(eV{kiRvHL_Vkdo?h@Eq4h(;X~)7_%Tai6e6ITw8{!?P4)Y-C97ER)-VR>sIkpFI zF63GvNkj6Ik|CIB#B4@5muJ&gbD%d5@K~P0A4o>2Qej0-`!XpA^v*P>vxriU8kkZr z>irxBX5ifZNCfbaM$D=132+JCO??z@-@|Ap!w} z4T?51>yw5%rywotq+B)0Y)}5zEWkMi@ZlCvRk6#|!jK4@^)k8Hy5SO-wUCM|nBA8Vb#4*8Ri5WUmzC@8m4zG`JdCWg*)IYfEyTZ)!b`!5lKZP588whq z620xv`RQ#Z)!S|=r9T9(Keh~Yka3de=U0_$^3{5I9dDdg7We;fd@Qh4F>Y0{apBsa zT`+v+kaxK6*`T#`#Ma9%3W0y7OR;6b>6jRi_@X`KZqUEnM2!54R0Z^xH!g z`7ctTpRjEwe|~rdMbWS|h;SfJJ?{7KSK#q?!(nk|n32N+b8yF*Ad>N){Qc;@^MlA@ zwAla2o19lLRsl^=_Unv*i};txyddv|z%&fR-8^&=^U%qBg^`K<_0f;ubb`+!X=B5D zd3gy7@%pRGz4VNXjc1-vtS20XHKCGLH zIC33yJ_i$>-FyhS)zh3{3jyqd+-~qY^_k2k)*o6*1OIIPDB#8mNlAnb@MHV+5kes$ zp|Mia7O-7=p`Q&74xWY9G7VfH`;|ZbaAP}dq}DJrAPq}|@=ddb6Rr~M#}UzEFpR6_ z!}*ZNcXc}4P^gv%ThJkh4tC;KSYqOUXJDAQfC9Fz97@V=f)Liw&?xfE0u0w!T<+5s ze=%0ls2N+vviWl_+ zZzD6c6y;M}I|wGHbPJX_CUArW-1+yR*7+i$nvBnA4!4rj!p6tqCJfm2M@la{)} zv|hp%+SR}Z{)NNwlu^mOcNa%p%s7G5uS0(5k#XBJLK3lp2afCxVQGo!UM4XkTHtf= zclb_OoCoB#c+8VGWP%|^zY^{NHkQ|IJQW&;CXqMP7%a0eCa^7Yc7Q}Z4)-Y@E#p0P z^Rb<2q-rr#re5m)Bnq84`~w~|EG$v9vI#mxDqsl4cu=-5!;Le+SbzZt&p-0{9z1Bh z^pKIkf%B&V_#YO4ly~dS9fv{N09|H~^(nm0ZILr^U=q7P_YcvC3)X4HmU6wj%h{2Z zmKKuI;~i+aEaZY84N}I(kn6R2Q1e0|luN)@L@N181zKT04W5)vgMEK(#v6m8a99D< z5%;w%;K`Qb<(ZJ4>?Xh8;R~Jr_B7`ag4-_kYJev;U_)D_nd(}>7U&Kq=X+oF9yy>g z2f15*r2+X3jrN+2`DpK!mo-a{TG1T+QLB1&PrAaZ!|ba5nR*mY}1^0;APIF z2iJ~=*Vosd#2x`m1>ll?NKEVkgRBc^xd?RZX%{_fZWb1~qRU+o0Bt2kzmOsga@wtS z|Btk@v-9nz(N{+eR}0W+>p?03ARtRCKRV;|TLJgu!iy#7dZAI5fa?3+!TmFIQ*SpX zc+PrVLJFE&TF4K_ArZWvwuF#eH4E~+gWW*bKphD5O8R?{1*2WLnl*PT&+#+B>bdPG z)wnSI6C7q93qJ4y?mSU^w5w9dpHf_T_C6@6^1XDv*djv!M13=$O9Q9XLl!wgBkzl^X zGN>;Wc2M<(-eWTv_!cFa0_likrV3wWinMW|CnE$254=`3D28CLzym*Jb)NyJbj#F6 z8@z5gyp~rnQejOAt1}0Fd`HC;FqLqa zKb%=vc>ykp>F-qU3t*J|z*>c{G-fsOHF(Zq%0OKRtnzhfUp%U91NO!SW(AB{=xHY* zOCd~$1&XxK^nygCpF#(|NY_xFx+)A^v>1O(O2R>U{_E{`I4_@jIC?E^Y{-JgjvRo1 zR+fs759z7d%rv5$pPx(0$yEroEp^&L~ ze`jZrmMPiYk%0p36i6+oVO=n>7SC-<4FFU+9Fvgn9>UgX%7qSmlEd%$CqHYNS7&FN zl6dS?VDCVCcv?IS@cKnOj0A8Jxcsv`wX$`G#YtKYn1wnyVR79z>5OBN1OEmbYW|}M zyT%3eQW)j=3a-Ins@(#^5MW9qa9DXry97?lRU7FBm@!J?wnc@i3$?@lr$I6083?7! zK#I%;bNqpr71SM)tPK}rL21YHcq*l$LX5P`m~lXKu**@*7J;HlE|{2_djIrrW3A9R zyKskTwWO=J)@AS8t29(x686TH7GLBz0h~h1dG>nGXMrxrz|Oj(DRVCpgvRH)zjIaD zo+#&c!~7umYS)=Xjs1$xPlGw=9dv>7@dJN*9{v-i%zyy-U-pCq1x;Xnh54X+X=#HY zQzh}`;vT)e42f|n9xk~`Pmv5XTwNEZ<^JQx!JsEYhh9)M3G@k#*{GWsIww(KVFXM; zG%nmH0h$B;tDvBu3VrNa{f5e`2ABbr*3r2Svm~&dJ53mrg*LMyfIgAd0x)ye-qM2R z<>eK)aW~{ThyrIk=c=G#X33>|1p=rn`?zq_0{S_iTBGg}zq-30JbdV{Ze2I{NugX? zPA&_!jb5`l8i-9p$HhM&QZrYmLT_Mfe2ai!rtkv#3P|}y^bb+wp z1Y~3ye`8kpZ_&!=0P#HxOouh#{{E$8bgMo5qg7e8(My9D+Xn{>HlNi!WoY}~*p1~Y z>*8k|9v;@`7baw-dg7CEhJt0;4?_)}XB%7q{6Aop6FYaQw~4Md2Ag{qAmS5h`>+1~ zlHUZ23kweajkvcCt8(49h9@cp1{h#dii$`G3eu>EA_9U+C?PE^Azdb=A|NFKqJkm< z(j7{-h)4=ZiZm!8^^V)M*WTZ`&e`94ecyTGk9DoJfH~(gpXZM88)N*&T}`!#t9Hq0 zZa6*Uu#QyXiJkzj9ZSackL-@?Tx!bsd~4ZWH5Y~`zI=aZWN;9AVzZ>5+Xj+AdA9XV z+0H2NG8vhfy;u6Wy9*z)Ux?3YQQiSk>OF7?!DlFSgv9|FW$nF_Q3;Z@*|_6*N&dUq zkx^zWa>|;{0U)G0zQ=cNYvwU=C|rOAaVd*ctV zpU~}cayI|OaV|#GBuBCMD%_F^9cHietIy9nIrD@r$mrcA)K8gsNVR^UwsfJ9Y=8R9 zi#CM>xtNt_4)h9qxwtM~;`&`?Z2s@dFLQGwhBUt9*Ih^M zo*}=scyfZgxyLbC7R5ggAe!#a`}|K|9^_sI7^%JOUTi2m-p6-SPZAwUGtE!Q2J%AI z-zBhUgd8#4gk|cfh`k>+Pj%Y`SW$@Nu52nVCl_r$*=N%9?!DF=%4ZbqLpRdNlbDe2 z8S#>W(h$OB-rps-$qn8~oz%;-K(ea&E}~E?;NK4hZu1WhuYpT_ z1|0kN#6%aMNguY76`l3+;>C@PK`1RO8r5wRon|d5hZxqvMW6YGmQ=6_`HMo}bW2K0 zOCt}7iG`!SvH)IKwrtrpA?pJmD)t>b=!I6y>)$?50~sAhq5WDdlXtSewmPN$J$}5! zaTbKZwU5uJ;NfQG<@KZIP@?dVotH_x1|0A#wrKJl;f7n;36cbbG9Pp=tnkJ8i@&%@ zLFq=dd}6o|+osIyMDKQSm-$P2*!Z7o=DXmr+%$-A4g_$ZLcL0!DiQls-d&}V2|UEY z$LEj50C&3raD+m9Bk;qK3K+%o1pao@?%nFobq`|SzcKwn=88YyZp{jeFW zhdJXp9G@5$o7^A`VVm-DcV7jo7WToFZsvKj_h61wNHw|y&_GOg&1t5gx$UT}FXTGh z$jQkeEfu$ZR!x4nVovsGV6UN8fd6yYi7;H)Z5BX&eCx-U z1rkfV97g~G{AI=?ugJvK49U(8H9pY;lYkxcS{RJC+|wGvEYswOwxQ@g4_w*y)jL9y zlVL3onR48l#bh+wh=__Nu&-`0;RhdaIJ8=hDYVom70i&8`i(zdC1Am2=-7Z#tTB-H z;gEA}mX(}xOv-KNl`fVYy8r6ctHSw8<46vlKZ{JHtpRpe50C$}Dh5?~R#jKCaSm?^ zOgUnbc1ZaMSq>+B;19ZqoyOHQKQ=s5{qk8+$r7g7Fg^o6EEq){9kdC9YB}WFus%E# zc*Jj0?W2IOQ`hg(fH8UTx%E&gU5LMbp-=X-qF|5GlcTxmDNo4a>&vls@6)TLHDB9W z4|F|YbW~A`vdpdLS!Xl47?Qo?^D7LtsJc7kI(uF?{Cd;Y(76HZukxGW$7en6H@iN% zobHZ6tG=Uwe3vsUPEJm*RXH99FRYS@d$5Vt*Pv$ag)c+$A31Nbsi%^6*>d6TvnylM zlf6FTelk&u_!D;a{_&|V^kggW-C5mQ8fwMfFB3I_-{9+4=`Z=kEB)CObou9W5?=s^-Ykv*qd)tJw7#n=N`kY0UesT!d0^lm`FYQd044rx@52iY7uVL{tYfvsRaR!PXj z@D~l~VY|8Bv=s9y{5b~s{T)ZWAj8qZ3r7J1EDQI7VM_`-3Z-6n3w5xOk?D%E(cjPS z16+1wfUlvYHGn2Rr9*`W&_K_Lb zP@B8bIKjLl?{loO4=Bec0_HVZVa&O_mq-0rtZ#)h;J6vC1CyuYX_lpr&}V# z68EW1n>G!V`s^0|0_KtMQiOnc0i)qm5?n3IdEh@#YhxkOn?=a~a@vTx0Iof#ev1_0LCiDmd2#f9D&j?jUu~xKA=VD(W!C zEd>?Q(0P8em%y^Ip#UST8Qoa0g}pkrz0@f*AmGy5G>qQYzysJwZZwUcSM#do$IXn4 zBj@vAvqe{7q0``fZ|~*TgO%;0K&oHI!p#utN|q&8TgDN__>j#Z>Cg7Dv#$xQ)?aEt zL5m(0QE0ZhsEP;{0;br6k_pCIOilh!tg;|I?}0Rd1+oPH(3r%6nINne__;vTUVu7i z=i81|8b-n-2+t6L20!}r^ypIHq|r_=Xv?rriBm$WWo?E<_jj0WM@EA9rcor23SU$- z45}C1)~%;e`pQ_WAdAJKP}|q9YMWV6JX`==ITdv_0DU#@TvLr2yjsn&2_tzQ6w30C zuyH!hq6S3|Uq8BrUIMtFAR!gqbrdyQo4&yETa6N9pd()#{YWrYkZ!SR{qD(H@mD~E zDW{c=#JxY%Pb|hy~4)b$JS&`~TV}d-I4N-UL5k~vzF<($pf$bE6 zr{{}Qgc8|4^TLf2{#`y#~GWY;4p_OiVzLAdKDx(K3ncaw8-M zyydu+05;Ymx@5ssd-<>0Z%WX&k;EYv2zt(9U)!+OEdFkKx@{y?igvMA9m&PANoO(cV(G$u%M#Z6bIhb)=Ll6GU-wU4HZ`Z6o z(EjukhU7+e=cs_{vm(S3;TvcZ^D>rT`;Gfm4;ktj=mq^*{;Ty}4+WZtF`w1DSa^?REHeyx`&861{_m3Ntelv4!xOpd z*U!g%);wtbHZ$4f*!XFeQlkd?ze=j)%W=B|9q#|O{mhxle|9+4{lQ3PD0a6qXO1ac zmc`Y3ltsXf{uDnlw3e5QNxRUMAUdDC=d_Q-@1IQYY+dD_>+bEnWMum17Hrnj*Vo47 zChJ)kM|ri`Tp7?44$7T+*JpY(gEK`aFeRmOe~=-^@V-C8P@&>U^~DXD^scVr=l1!_ zv{;w#G)6V2SFMj<#9xymPwA{`OtmLLioT&i|3Ay9e^Z6|h5JVSRfyG$U!OkzS1H$@ zk)8cDn9d$x4kOe|vYsq5AU1Y>T~Dqde@oC^vb{2JshxppMJ5|!srup22TszsfS!wC zqL;F@RW1oaxC5QeN-O%4jsUw{$LT)wP#ze!fix|RGG&5O=FFMS)J6>~z3r|`&VZJ1 z{A+6*gniYZwAP7`vqoR9MJ(NiYH%zcB~RIlnkJichTs zr#{dSyY<12quNlV2=xF-Bm$kqeovpOJvZ&`>tj%{spL!_17f|(8^W`0IRyX`71Ak4 zKYmeCnpi0 z>n_lskmz}=zn>>UBZ~A-P#lhZJV|>PdoWs4NT)o=JblzW6zjn+4_<{k&=4fC zw9v7X2yNkwQe4H@x55}`V(6sNMM3aq5pzYAw-4xMtESUNH&VE9sb|qKG1Yo(+(Y46 zcN+}s1e}x5$Tglvkb=Vl+;mAvi6S;~N4NQ83>mVAinp5Z;|Wo16LmO3_-S;xleSwt zfyISUSF2jl=`r*kjN!gaU}a4NYbJGn+j|u6kj|VSl~A4v+df3a&WGMH4X5!_*p5zu zktUWU($<50EdPx-+09V+Q-{~0Sp43Yz=ZOv6Ev(I_KAXC9zrY=wH6(cw-XY$VbVEF z0V@Y-b>tf)G{W|uix3L~f>{>S@6nEndaIH91Z2r4^w7c87r!G&1j-Jq5TO`W%YqUn z(hTeG!D@<V+BZhU%rKL*(6 z&!1ykevXf`r{rVnszU?x-(CP#kOGaGuDfF!jA(Nx(_d|wV9$Tdtr^~)OSULkxKJSo zbwN8O6L1gyddE?trv9V%?%W|fD(Ft4gX5c!PV-X_A7Ig^xVX4H=DZRJ!y>VnQ}TZQ z;K;f$cn@sJ_$orIy$n{{#0p6iis&xfpzBTH0<{S|Oip7|5E|J81w-)JxU1o@Q`nH# zwYRrVMdaq>xK%12TZ;{4@fFkd?d912<6FWTJK$&qoml|GB8_@xm~Chq&pPb-GMGmA z_T8v}Q&*MEqmK$j=iL)?;Sne&lTDg=j84 z3VK_!moVBwVEBa%iw$BP=AzEFm3Yx|E^eV&Q2Q7-8&GJ9>=v?q$D|4A8hun4<&LAd zL1^x^nCOwl573Ug20Z(#g|lJFM8bBN`L>GC+4vRKF%}`ACn&9-f_WVSFJTFC2k6wP z!E_WffZ~M<Cg0g!O6xw#U4+v9(LL7JbJU9{fU4~vju0#yp&W--ge!=M4HBZ5oEPF|=2%+eXZZC}NYi z8Gf{+auC}E^l{`$)P1ATM-di+Tmn29G+5tM*08?|;6(b-Sm#=vpIVFFp9 z_Gp>12YInw&{8+C<`N!n&*i@nk}V=BVq#z_(4;Q_^1&BYHm$9yDnfC5iV;RUvo{)0mwIolIJLu2o{!N?w~`q1RAwXONj z7UJD8N%9sZz$t+nFX)E3Frh_>kmbvDkC$#at+523P#JbNB1^@`Fp{0ND~m;$)m#Z* z3j5q9jGU7#J`W#81Flkwoh3%$9*3_VIeZ0T{c;|-a85AZ;{pO#Y*CwPIf<8V%(S0> z0gj@t&+q#DikKJ%;!v*lo_ZZ}i&eSxAwHC|>sB-TTE;&=u!9l3QbnfO@R%(n&qIKi7`8_9e6+dl<8dJJ_ zS|GbloqRUC1(cCCOYi-35&;KUhL(OYuRI^K<#vy(`2LBXA>zkux$ge{RcLOljBg>S z_Iz>ox4laifqbregD&qBxZweAq!$;F(fu$>AnOlv&UGo@<=86P676kLF`r#8xR>3z z)BXAFc83?)EcnuvC-L8BPkiuHjG2qx;2X2G9%wqV?kg$xGg-iipUJgLy!az8=AiVwv|G+XkKbTCFYD zoTg(`1l>HMQ)dR;JM0EL2Xvzid;^~xU)ngVUiSwJTilX4p<6Z5A$VhGmyAu0(svi- zm1o=*93KW4SRA}bqrGhGKf9MHNlFrVNM*GKM?QS6<$b<1M!g7!2;0CF;~*LzTFr-}hle1fwxA%0^Z8Dznb5Gd=15B}nt+waPO6FToEs zP+5N18pXs+1xrE&818Fr8HWkp1X(ndL_>cNeFRd_H?e#YzaufZX zE{c^68+^;`VN5>ov(CCreyO2&tzXoGpn?n!5owF8 z0eIMk-Btjv!8S=eUFZn{8(9cF?;X`PByw0>??I@^UbMDHr zG9HQ!D6Qh%tYmVR(?52PZ>a0od>>zXyFiatceuvLef5vEE~h3cI3AtMs%GXq`r=|M zA)+us9&;!^#Lfx>)vaP}Ex72>Kvnn*eAE$>rbpn;=(9&470gY;-#}15+A5mz!G+2K zN>c!TOSBUSHUfSHXMtxz8vEUas{58i8Djn>VV0KYrQjJ&53;wnA8*p}X&&547DP_2 zkj(?#w!g0EOx)^u9;5KnZjow^bI3ZDvtvQ#ELJ5T@|Dk^uW!(U<{1Uyfg>ADr zQy+DC73OLx?rXL%S-Hu_{OU!86s4S?aq-Q?axF)QK^enotut5&hSI$f*6DyZj6_1$ zKYSQIXcDhWGrjU3eHij0<166BD8*BU?m_yL|DRq3Mjpm3TO^T?6e8v<1o4g<)J{WQ zR~8npDUKKl;*VYdJHh5km*GU6iow+=c$VxEclmaUI#jJ*ALsI7PT}C+rUScNrC9pV z>OLN(M4o$EXf~3BeE~rzfFfxrf(3Fm&=%zJ1{C+TU55Fs0uaz2oA^vIR_uUEa z@yl4{*b4LU)8^I!8&xU zd|SjdnX2?%b6L-mkE7uaUGL4dKK5uBKG*Veu29qt=5I`!Sg8)KRA$aNfe0lWhZG|T z4aOwx?ar^9xbMD$edz6O9+C$`U^pu=shEA&Im-2%$DPX2cN^AohLuN=XTP*pVBzT> zMV#IKf1;58TW;nbO8ex0Q)zFLdGV<@LMl;vWW&Sau=4aAsbMecf%-d)%P$8?O_GaM ztN=yFwRpr!w4;=-Z&IvHssD@9w4lQ=&zRBpVxDLH1-EYNo;a}#N+qTU-Hsh+!M9*x zWc%8ie;*xlUGQ_^Zbr^IBgF{T4D4X4x?$4N(nMGXd9WqZ9P1ut=D~M>^-QI$t=VM` zctKB}a#wn?a@E)OYt6+JuezK^LEdYA!F zEGd3c=h_IGxd#PcPP`D3d1_D;dbgPaZvZpIsodDd#zwYW?cva{Fj;{8#Kc6z(*;4? zAte7?8d^QI8;Gw#Ab(T-Ci_Dp=OU?iYfW#MagNzc!#Fex>7E#W?Lb6O!E#d-As%tX zoHJ`=CyLOu^Z2bm*3QN#r`ZY8u~pC;TR<)}A!mXHl#W1#0p58+c``^%#oxA=Ls+;q zuiAv44~_gz&d$)MqM^M%6?1OU$TO_pM;aeHCoa7wJP?fHpW?0v5V3?1ADGX_{T{c=CH`@4k$L6D=-pL|mavH`(B2cg249Ccj^ML3n? zZg_5x{c;D7;$yVz&XR|_E71fIZfk3!Y0I}B^xkBid?E$}{4=@J6+W2h-SBKtM%1Hi_OSsd7 zG@NayeHHq78s&$+INYFs@=;_c0O#~6{Heq504s*Rp zpa6qoS${;nB4`5QUx%lE^dd5QSZ03zP69PDmo_tF2R0KcTPK!p!uA2<9R^%jxnWls zB)cZ4A`-scq`?fa5UN?$?6`Sc(DJQkoPeWy5~40D8T4DR5n!WNK?`dkxnC zw0AAsm!BhFTV3X{dtA4&T29O%WOkytr2vWvX|m(IoI)YKWf9~eAxb0+w>b&KAc8xj z!MqN`-%z@Bur2;#TVCE&i!tymg;+lJM>u@|S2Vo9{SZTH4E+Pd@eMs)6*)4pPmV<5 z7En@5n*HFhXszwX6Yl{V{0xlfsfVTTszHEZM(K?Y<2Cwx;8iI(6;kch#gjcFYnN=R zOS3XFEwGSS;UE8yka7@Dq^APDz-J(2#pKqV-2?|4taU`{+@FG zi}-^k)6{Eqw|vBYd*E8p;9d^7m{?zidtDjPJh^(V;p_7f#EP_&hAKpvcw>hi!|zE# z8M<3!YBKOiv!xsjboOy@&=cnc&?0p~Wu-T6)H@Kwkavd>rzLp*lqZBWE^bDwlI$rt z!0=Ea-Jy&*dX$IuZ=<8T-jGu;Pr5hY<(&(t70<>xBM4(KmRqhVLAB;aSn{aUE@)2H zq^f0F%B2os4F=Jony5_;H5-9$cfixoXDp!rd99Mjdj6*!8QS2mR)tnep_PQ#e9>bD zB3D%ImjZbJ-Q4ye`@s&vf}aF77VGQ>h)l$>j+@+O-yeo@6vXZaFd|r);JH@+C z7z!(F+bmW|B>sK^>lMZ}iXqU)BX1I~m+bKo`2Y)f2v84T-krjRQq1prNHGaVi#VDN zs=%FA-=-B?eg3;$Pfrh-Qg}$?KYzXiR76F-<=7XjXqMdpGXZ5gQaLPtURU(>nI)Se z{;%)K6bNi>bO#`vtB`L)1iIHqCj^C%Y>T5yi$0iKz=`XLHMUqgadZ&&M%-0H#4=Gp z_4Va1Etn@(AepfW$|!;xw{6}px8fNFP0mc0H+8r?0#y%a<`Hu8D#Q{H=plGFVhO?w zxLJAp;HZ%n_SIvqiz0->ygqB=03*_5Ts8(2qV;xUuT3*YNrxG%J=-RVPox<3bQ6IK{C%AxBb zWaBRR2ejo}%*l9u2*@EKt(0%!2(r49#dhaOZHs*7a1>F%UFe z_rQRC!(qT;M9Q%y(De26AV>u^{zrxLQU+rN+hEc;6)vNN!d?#Wc^89VHK+{u z^d>u&7K4xk2Qe7_kL({!*u3DC#VE6YLUb&(^E8`S);qK+ zp>=qx-8l=*?(cnlQn(J9L)>zj3DW_-L>q@11N&SuR;y*x947I4THVl9mAax2q3 z9dqdIfZ#j5#AVusYc_01>yXL~v@F*I(}A`T1ISRYK~+aWrEqXahTvKze#Wz-=8vT` zRJnb4D8J{22{7u$S>wO$nlBA>5B%lWv=V6({Rfm31b6cfR4Vds6hj+z^SAa!C%gTA zAg3D*2p@0RWXBKA4AS^Ewq}r@%!>}#{E7AW|7`XAH=p?LoT6>&4UahaLN}lGlg_=q zrjRH8pg_pEJM9|2ZZ!He`>&i4HID+KjsFquQQ6zmGtv8Wc<3vmyp)tu-rNyW^`QN8 zsmy}x0o4BKV;@4p#(r8hyQZ-Ud`4B=8=5fX>(Kthd^YaV@@@QmYwoMvE+2gxePwAb zGu7yswrRpNcpH?s12frQk{}ojG8twz%29L*rz3 zpw`9L7ZFFy=p4;175{!r!>TE5Q8~@&*IK?Wxn*$;TlSt(d(YF@yPd-E@iSL2uLYy#<+kTcw43pVP5-v4XD%@eLVU@+=U&Cjt+;XB6Rau|3 zYYg$j5(nnVzT7$^m`g3A06Nn5PyD@o*T?7COtv=%SIm!!zZY%o-ZeFA<@Q!3Q>4Bz z_l(4&Nva9rq5x`z18+-K2Xqkv(kD5M!D1O2{&o+`C}Hx9Auk`5s`5FVsHflRx@hJ0 zbIiKC`>wO+HKo`lQzyiw9x-okTl@vhbP`63pf+ibwjQ;-cl-7W2Qj4=Ck?h1J{9(- z0fD)bKRb+9d7k#=0W29&pE^DuFn|}`7(wYA0$U4tX2yEi*4gROB#X6Bw(Mf&Xv`=c z`0elS@9E|B96O~Gw1&GQj(Zk`H?dcg^oozGWqYo3G-61r8gg3Rb9(LXPj7FCzWPxO zzB;o%oQP;B`|IHuS)7bmdK3__v`cTJMbCuirTo(HeZSh+C{t2QEGaf@EQoc8 zfQTf11Qt?k;Fb{Sh;BmMj*yYbT6lfdXBv>oek8LW&C-NSBG33GD88ybs0+^Gw zVIUwqtnlDEJXucO>l_`e1;&K=D;m^RRk&ygAU^6&}Zf~eBC~|J$hos8D+f-xU zd)Qz^{3mE>+3AL`+cdMU#99__W!*da{S}i-cV%-O<=j%Iv7#U6P?Keb09(i|hfS-~1ZMKobROGFJnLt*tYI=aPY4%xfGh+4z<1SC-FSM^fcX?%I#X#P*? z%*>U-{7l-{e70v~2C+EQvvj&rP2};{P?w1y#RWX54u2@=8X_+z4H9Uo1z+e7Oi#rF zXDFk?cNPjT^%+UY6=*I&4H=50=5g?a;}{nNfMJ(fUH}_)5r}1gtK_BK2>gXl+Yiva ztGAb$5X`X5^dNCU2PFYA13f@b)}#59>~GoGeG-+L{*?)m?Ml;12k$&y&ZQY}Up!dl zIn|~Dqtqnx4l(>$A?hJ%8JTVZXF>Fse9a1Y`EoA>{mbMoVAIV3OeS5nFbDHN?$>ac z)x)GA;02Q73tTaxs&4_vCz0+v?E1L#q$L%c;67|e$g)*LnFPVT0$+*$W@BJRm%Iv+XW$Oo z1}C(xo?fEkw3*{9S}QUjf2#l{g2`eN6JvCPt&KFehr2G?1KO3K)5c-9!2!!*r-j^^ zYsWR`w3F1Y=*S$B_|R)84J3$=<2yhS$f`VnyBP9c*tMN!nH(VsBP-7x=m!wime?o} zr&tAyi?F{9D62?856{G(wqO7`d=1_FtKTr3QERPITXamtcN@u_)*wPFoL?VSF*y|g z14zrt>LFyLQScUP)E?12g}+#m&TZdpD-fec>t{c)Ot)oiU)=PWG3N$ zv?5~#HzJbfoqsu|hMjzLXNmfZxGQ&HO`DDEuMuP{BJBV-;SSoTkkLnuj;A2)8c=-d zBieUSImW=Ihpw*`By9jtg=G6cxd)E?dQiZ3@NX}`udrujH#|&K-R1M_YQDv+u%}8g zjJ-a0!R4j-?@~@F9aq?rK+Wc%{?1>bNQGx*wzel*;I*+9?KRJp ztADL@^xP!l!De&n{JD!q4wf94+Vo)kPA_dLD(axDvANq!JAGMW-K08dC&!Au3i9<= z!Lw~EAF`fC8@>yKBD#SOO+?NW1+H;WFW*oZtL3|dp_(!Xz^5Omao3I8bCh1E5nbDX@11+f>pgt)>9r;Xf#UE69i`ljssfoag z?odQ7#3-^M*kY!lf1jiR?-3p+KH8nGhaWlRt(y4hYy2|$8jWCnzI-wqxTF)k^Zjzt zvkAvcN-H@ZE&)og%9VbnoR5>G4jNy^u6}W)!YKt->K+J`lm@ycUiSR?iM25D)^9NO zm~NcB*)u8nD7kdbYB<3$!MX~?B2q61NlSbOXwWAe0I;U`2M2p7##Gr<>np@I1P2G_ ze3@OX5FAdsH)8Z=TiWl{+58a>z1=V~M&QYk=qi}qlD{Bz z8k3}D(%C}v7S>4(8?=m%3}i-gAG-ABVkCS@cJ}slh}u6Jct{%Fgv7M8eemjo4#p84 zI^>6txh6yd!S_NggP4BJXCs`Ppz-j*q$3iY@&_87QDaqMb0Ef2OpQ|(Z@M`3pI0r& z6n3sLJEzvPrdYJ|y=ErXw>K*F&sjWYXTfOAY4Wz}Wb%UAxF)3eE|+jA0WwS+m)#%9kB(7o=rU z5N^i~$Gic0Gh3LEsv3wmeINKqwGgIzIZhvKIoR7~Q)}ftosR9A`#cA^Lp_w^%u^nJibJ4Z$GhV>sEK1L?IOg-{(H0Jf3{EW?vLk(l5@9?Z`ZF0QgllHJ)Qudo z-5;+V0S%&nyeN_7HCv;iqcK0-?%plt=w+8w$fkF3mrTu?xpihd9SUj^vUI_52J;y_ zTz3hl8qjqy?cwlv>@J^6g@7CqqXA}3n!=8g3p`x+u3_z<7#k0&DZ7wh^%L_K&Ikn4 zA%y|f15S%H9P(9 z*9qWxO*}or;#C+P_o_MT2Tyu}*a^-2tK!a6yaNN_ z$1b@s`$jL7cl3(!;-)W0Y+`Q4gdC=xU-MN&PuER|CB)x7KIz(7I-45@wRJS}uG1XC z#pFmL00JMnC6zC-(ePu=4$hXw7uK16cUv~Ap3tjm{xJ`E#0}1H@96ZYPnR&#Chs*mzg~?+*79FmHsL> z;#;dP?o0X6BjH{9gWjtA4&C{4$8|5ixfeO&9ix_eNbl`M`{=d#zaJepTia~cw06&C z!vn?HreB&k)v~vFn#R$*KHt}5c1>3zJN|(uK8L%NyKAKSnwgq?!Tfs7v&`)6_Ks=c zCDW~%*M3~SozyGS_hjFm<@!Dy74`d#gnk+-Rk3Y3u|-D4da;LdWSu9s?3}_~ zi>IPCVbPpJnjEzNIGBVqce_#_?vYeDBQ2-XAMHOgyhEC^^q_sTqnO)@)%g>T492Cm zZI?06wM#dh6MQ^!Tl{&)Yo*!fIs0$sCYn|kZ=GRjche5pyq$jbWkGFeePiPuuHVfZ zz5aoLC8Rn)8y+?Q($WDkX+x^ebmSxDMCjQ^cF0EVmd}X@FA>|r#=c&3AwRY=rckT- zQ_ePt%a@KA%+~m-eCPR!GnvRaQONm)+`V=QWPFC>bi9otws~y84%NvUpO1-pIo;Br zYFY1mcabA~JE-ycFSK|Kn#e1`DQgU<+#Nu+!=Al+S5R;S6zVE(5qZPbqFB3E3||gu z0mSSl>BU|mf_=GM2bkyw-9f8RP1M#u?p{vZJlqBs2 zUZLH>@P;8R#R}O01dzT_PN+e{@hKG*{Q@H$os%fY)=uBKGvf}n%K)uKDBIq_#)lYy zYC!n*8Bwu4K{uA4l5OFSj4gWk(zf4#7G>G$b?bD2F(FoNbmP^l7z0DK)eSZXs3`7X zVY^{sfT7|xN|a=toVYey-A0w#!CCV)j+G`(3 z72@rxfWk|m!)I9aZ+Q6dA(HRIVOfOd1E-c~W9PqZD+PK7)XSal%#mJIQ)L5n0TFF7wB*Cq$v1B3YKC zCdKn9P137GWS)Io?PZUxNF-agZXKePL4a;YQw5`lodi7GlQ|kpq7LL>QWE2h^lPAf z9Rq{YfJY?t0J|VIMsJi2*aWv>CqISZMD~AveugVou3*@b=0)^#vGDT;0xt04uS|38 z6}}{znwT`<)FuQQ6(NcMk{ca@CWwk+V}ouN_F79v2ZvA4$VqEFFnS5vY)KceRf;L@ z0p|}N^_=DF*01Xb3onD0MBCgvVLh`Z&U7dN{vl*MsrJAipdXePwMmC15ys$xp~CTA zQ6P9B#q7pV1sN*`svZuBWxS3e9H>%Yy7ch!(uOaD++`$qz!u~^{IobbvhK9ax?g6m zoQFqkGd?aWYXj&YStIZQ;@}YxXh1l1DG72TvM=xem!s1kCnAo0ufuU;+ejlZ348_T zy9(Y+5vQ3)7&xS+wi#)YCc}PX_5(U-U7D7;7x7{ECj zP+LmM5qP0wFr!eaza%AgYufsJv=(|D|M-c!KEYpz~Rk&SrQM^{vrg#xD zGD!k4a30B)LU1P(-99|nVvDS<-F$YpuB1t9THL@a6TCgSc=UW^Z@|%uQ}d5hV-%w( z!7!IVR|MU)>+Xs75W7jmhsvV3sVSH!QbgcF-HB;+4LL4sGJ!AQYLVy*%7k%v6CE8z zwAT!XE;nfymMFs2CcA5*26eZQH&bQa;IJ zS%phFpd7!8nEYXqnccvS$wf?U2r&h{u`)hB9s>s`S{-fplbp7JB-&P6`vi&`9A|_q zsiUV`_emblinRe0NkcTp8RxqC`WGO*keP3Ry8~U> zCwE~`H14=Z4(T}gSMi3M_QkAn*r8!*srY(r`fjiQWoeoW&I>uAD$dReCN~ZkZxbf@ zkX9e-EAuEZ%)buhC#_L9Uu;RwF0+l^(4ov^#T>|}^z?L_Iti%x(9HC(&ODDZ))jJ=_(-S&fB? zNJ}^zhpeoIhUIw1*RNmi#NcnC$I_Qa-yds|{_;$#{V3De;HkvGya0owX+meLLzoSFEGG3cFFmaXC;6^W zmMJqun#?NNM|(Sr?Y-iljvKdb?b@}(&LMIfQA9~Iooy{|UfEHW~lRM!wpz+root7c|$5c|mCGe~o8 z{siA@XMcYw+$NX>#43wk`{g{aWrE&)Hq1_}XrSNf^JqhI4B2Uu# zj19QoF&8IqG9k5w7)&iKd2y7%5!057ujUDt3}yc`1am}GlBQ{ru2wMD-{3#Y99@F@5zc9fr!OBa^8UjI)>5(Y@$r_DO}y?$fhp6b@02CkjJteZ zQ~q;ddVlbn#Sw-3fY0Xc3H?L9J74bY7rUdU9(5$wJ-wj2(#Ps+{6l&DxKWpL)%OR4 zyM9Hi19$D?>#OjP{yE6Ve-v>hqsB*e4A0pg{V7T=RG7EW~%f>$aKNjuV}4UfgjPt-9fONth$csqU$U zW+ua_sXyiQa}Rn4x=ahh)vp#aYTh2zJYSu6BHqwUBeT|TAm7iIDpz!pb}uGN1&L|0 z9c9G4eF1L)PMO8;l$@R?17n2hn^QXZ!*9LoxV&sQPaSk`EtvGcrsDBW)Q_{7WLA{lHPT5J{Do-bM zd}k7X01J!$T4pL7-(zuO!Ev<+-U0OjNydRRIe?}=teYny&tD(-#6}P^Yz4@ZAn^=f zISJ8)LklS25sC7Gx`a3}z~qAkrMe2Lie!)iSSmc1Ttli303?-6OE%b6o*@Sn)r>pf zRiC36dUGf^(!j6-XCc4`W2A|t0#N`&WCM^S?FT^2FBD_o17U}Aio`}jXsCOqbrSBx zc;{g(<>)?qj}WpMbQ3kBAqy(~wjDc?&}fg-3kDGE0AX+?&RnG;HR`To;E|{aLIHRr z7z3k&q^?5ZeE;P73MhLg5r^ab~DxvYpkXu zZVQcQK>p;MFLGuYPBAK5Csq4Yun-;kge62Bx(AVfC^naq-f;rvNdOB{Z_Xluj+|U+ z;~@wo5hGYJ+r|{B%brp%h)Q8S+P)hBXQb~7TU90wN671ai(EWF28cbY;H^UIqa6a6 z(=a&RegnbV3(E^P3=>4cgf9mn7`Kq)j1$9-2?`!YdMS#CN5iRkd14R_+HhnvIY}4! zXty#m1#x+=0Lh3M6Oe+Ex3uU;TuK0$1U#pkck}_6;A}D2_KDpG1uSWOCCzFm2XlTd zg^;=3&V8x{eZ#Jo9!`U9KejQOr(+@Mo*|T7sti!bIAlRK?Fg{xvQEHXU}ggNDJYU| zy1TE!61_?y<|0uO-QwanQHFIx(*OW^2WucM+|Ap2Ed~1|@xH-sXuP$Q=#OZ{Gn`aM z69|l1UD(D+cPq*gPYe(RUOB2WhO56*?_(|wrZHbcEiq)VBWhrrXosIGXvHuYa z?6QE~OR6{o*vza3wQsWML3ZQzeQrSOm>(j}zaOK5hl&TIPqd`xrc;;s$u=}^m6MvU z!iVtKc+LD8RB2>b0tJ1;s@=j^j!)DA=R|TWe*NkN>ZYinmlD>jEeB|Eo+HTx!wL+R z0uuqqEowN8sM>`BK)mt>=FxrUM)!Q2f>GasCpLcL@0M9_;sd1WxG4iCh|fn_=I(D8n>qHCf^OrbV^a`RSWWstEr; zCKyR^Y&pdOfhBg37w=ZNIUi=%~KH6k+ctvtBTK=&^()9Tfo1tsDw-{fH%9gmG%KR*l;@Y_Q>f?hAx&x^Dv5;lS*5Jzfo%O)trVr#79ny)K{vVfHR zm*CVgS4QBW6DSM6^sfFV^xyTVow)P3USs0nTs3T9*lsL;{kVkl>?<(05k2-MZ5KF% z;!mFx`>lvlP?SBWG_!kC!;cTNtW^Am)@ZfDhtt=pKQOOI+~-q~PYxo3xRZAa9!a(wY65tjBHJ7k5ZIB2c<#%}oe zDO$;1h(E!ewcfHM-mF-gD~xV5?^cTPCFAw`c;)`~0;trP7wr$e@+9}>CYo`Z1A)xE zoRa7rWonV;$z?3}uy~wFvlu2Tl+A(^KUBw&>e~HOgwY4Xry;<9}*~<-w+N?L_tM7^F zRblH$*^|Yo7qrBFZ>c|7`{18%m8MK#y0opdS*OvkjN0U&dyGg(S$4M4}o3sqz0@k!QtZA zY6(N6OO;}JA@AoETvf!i0Mxw2$i67M+i-|a(eKm8dRO~~iwAysdOviHazbhY=-)4k z_I7sUh+YcxY;Sk>QjXoq%2-Yj$NwX008+k>)QfVfIiP6#aYT0cPyO&yHw{mLaWJvt_b}3f{jpnq;@tdsH!N@@Ab@N#C~l_~?yL1B)4!Tura8V?5&Mw-##hI@c5|4b zAYdbdvWm5O^3-gqXM&<;#8OqewX*4=FiLy#}YV458J2%8xyu+HN{QFRGwk(cHyL#0vBxE~)PRqBb zeopnQi>)Wukn~M1&AfFz>IQ^HLN77~)=L=K$Qj+)wcd@rK&C0VbV%LmMOA>D0Dm;l zyaQaP08#Do-FECc^S5t;uQITMBR&9O3LjvSLECH2&o*3pHJXDlxb%^UC}KB8aU&_A z<6WmH04d}k32Xuq`Z)A%ftH2_sb{zG)*zBj!?{5Lh|sEd%#Lrh62KfQ^wg)M)xHD< z)FbcYAF(75##T<`O+i>79(Y_Mv1y{*>tK#k%)tL**Q4eg9EQq|bNSYjv>$-| zg26^l5bG1DDPh$vMPqk@T^JlWwS6^vd!OX_~AVPn* zoI!%C?dK1wy}JBIAZ_6$Gnb|j$ptPDxb0MtyaDeIA|9XDT_Y{v5M^{RFR1GcbsJT;5=a+h`LB*-y>F4=l~JPDFMJYxIBzo^;A4LEY5_(r8q}Hbh$_-Jk!Avp z1RP~81~3U^#i+p17k;SmN#_^pakv%VW99%OSt7<|*Y4dGH*OT; zL(`MP;eMx3QJsFc>v)tR&Vh*z>n7f#+qaiv*-es#IM&O%0!km zRVTc-ED&u-1*SR$so+~@C&@`>S511EwzUV7=a{gtalbBVKU&bZm;hyj&_^FJyj|!J zT7mKqFuf3N&KQ*J=uKF071M!`9?*ew@SQLWXy!w_rfaDBep+c1Q6NhTO!4(jB6vPE2 zDH6Vj>Jq7)``Oq|WsAE71vSPx>2`^Jekr|qcq>4a3IJ zJ)P!kKE>M`ZH{F?2*dz@FW)kavoUVwI*)MZ)6<+v6N*bn@PV}ncNuHNin3icc7P) zz}dSvdK`yteS=m_jNlhjpzSD?54t-I$M@-D>X8WY( zC(zC~aHjyr>e>Ag@(rDDDcV|pb7Xp_f|FO&e)I_#_?%Q?7IgYyaHwe}%4W5&LYSYi zgF1S6>M-|AIC23%jza}T%v%v6upqCXjF-a4*Q2X|dm< ziZ~^rM#Ej%sPry>@wYd80#KSJ4#}HgC>BFERn2qCv|)Sl;>8{?9B7w$0KKsuL>z3R z!Tkc~$EWxdelWNlkjZfSxkUD)CHkfe9)i-m%!Aj)aSjp>nFhMhagYFl9 ztlVTN7khyoWb}1N$;bQ$qnCeeXUSIdQ~g&;7~kpB;ARkuzcRvU zVhv8OCVK#k_>9VpRZQalrQuNh=dWK_tjIAPV7g$uuw2*RnH~{8TpOFBj4_JkmGr-1 z_TIi6x9`9K4}_UueY2nFSwl`8C@)`wbr>hn*^hM|4{u~Fz{E>TPdC6N!_=tpO7OPo zFG0LF)OI9*&J3q_q#XY~_}Q~R_pPjx>g+^Thlju`6$jScPxM^;*Qhz)f$>PMRVi1W zT5djEFj3&gdw-Jw%|;~Hg_tIK{~HMmG~ItvkKk02fiaTUWMM;V&T9t6=?!?P5OtQG zJXt>db7}MI*RLm;ROE0MOz!2p?z4FdQ>{UP{ii^zz%F34Q?_i#f;2+n1TI|vEtqD| z@D*;re6Za`KkD4;`V1Oj0ml8mmj+LoDf-o~7IvleiR4On+6XsJ%2GUx$5;nz4i~i{ z_y`TXwIH8y^2CWW#+;lV>vUH}0GoGX^&~Ev-rfN7J>x|C0@E3WXKl1I9?$?$ArBBJ zheiEUbewAPJ^*bU@Isl4l@%3UI0A|sP{*8HS`4B!;A~X2F`xy>4}@G_`!>^`f{D$T99K*Q@1bML8lck)o%T@B$AIgpK7n-?G6L87Ss#Y`v*Ja68t4 zRC9<*+nX;m{v2!Ed{2Xvch?P$`3;^%H^!-bPk2lhP7>M3!&Y92j$PCLF5TTXhyXx9 z@1QKsZD*0(NJs&N*Ld^Ss0Ty2?%{7)|If%<|J1hr&wSkWEyc$LxYn~=Z&3J9$k>;a z`zDNDJ@1-aLV}t%tK(mUOA(EzM_a~`I~QEl48Ai7!6dltf3$a< zK~-j3_M+0*CVWaTAPQn2D_{T`u$ACd6v-J{1q2D&L>| z2sByJ1tm$ipyY7j&N{xT_haVG)KpE?)clxV7K&du-#I(1z4qGh&A!KD_CGF`G%vmX z^rh0JarOnx7j za$=F2|3;8AkCeYW1m9vMwjZ-f!Hd>?9uvc%@5SV;RixyF)1HGyW~h9Q92Xwx_zKxg zXm#hHY=CHaRXIX5*{eMi5C_=h-eE5%!ysg4Wu&JYpoixW@&x7^LInO&qABDg81Tob zgfF--dL66b`g1%NUC}V1ih*T#HzJjPR8DTi)qh_t+76r)mIe&GU1)Lv=~)qingk2P zqg_WTf!t`7)a^_JcAyppXr%}#C_Dw$NqVn9@R@_`D`^D>3F=c@+rbNeu7(Szl*6?a zdb1QUtdg_^;r4NQKQcDd^(tVPkz&%q!^20eTa~bwGk8-Xt!ix!RRN;lh_9gxUICUV zj=-o~Ye?5FRF5F&$3)JB#6h}agtR-Oiw_MZRH7b;<}i}p;GaokU~5~Aa3(jp9~Od) zlOXLQwY3j%TSNssXruDiO0fV_l!!^7eIG3q)xZQ^C+OWuY8Mn z(KR#qN?$ugcZ>j2C#)fO04LV6Ctk4$yY4uXB?SjGT1A`C+mC>>EX zqagKr4I*R(Byew{2S_B?AD)TqSCs8YS`9kdN+e`I#wRoWUW5t~Y3fBDMxbg0WDVfd zqtf&msWSykKuct_5O_WaUqS(+N7>qXKLF`B$lg$2MS2`OavennK6nsPt3%jKawFtC z?Tr7d=ts1n&!Jfc;K*@Q#+-`JLi+%TBksZm<$~8J!JGu!kZd|^LL%8pL9}}SH6K)3 zN#_>|Q6(@fc+GV{2Z^cz4nN3UcTXh&1=;w!{3AK*!Z^9J(v8onOtU)=CasVm-KtP-n24RpU0U8nDjO+v=u|WYj zifAnq-k6snQ*Z$~;3Td*fJ1>amUt>`Q9KfwTF88lV|lH>WMn7!@UZAjp*#boLRdys zqmRJ4vw-MG`^7U)<${r0vVB8NzDs&z22v@2UhE4j5v=50?^40_f*S8USw@SmUcIs% zoIrDBIJW0SYwMFZFGOt^AQ1QjL;-^WWdOV|oYH@+gOT`xd{7ip$eMN)9l{nnk)TzN zKnPL@>V(0Vq67IDUNER(EWnf_^5z^p7;=KA7QfL&915OhMvB$8%X zdN;l{&Y&eMGeucNr5?_M;fm4SAWmFcm=Y#(S&(Vx@YH06g}&J(^-II4C}59;a`du^Shde&b9d!iLK|aT+x8x0OD8! z#SL_Hk-j60YXhQW2-*PY)PadpF_Iw1r}#Rn$~;|IH}(NhKbY9Tee6H5uXGNg6jc{@8INsV;05alNvZ_wguh-tyogP71>zM}_( zwsb)9NMc2Fl8*rtSzG*v2{FhlJ0JRH!{%E52>r3Lse?)g7m`w+HjDO?UNwZps))3I zRIdDhU~*!L10G5hz>lU#Fy>qzfG`Fa<UarS_kh9xa9dSgRdp9`(h)}l z{QV8j80;=CON+O@f}RSznJRx}qm*ArS7+yhSQZi*6d_|!`KFL`siSc&7USS>+U_Fe z2SNJS!0nbCJ?)i*gAH5VfT`U04kV%B_h>?6CLtz}Jp^<(uN4?d!%&VHAb3Jwz}G|B zJ_Or|$o2wM*l$`SQ^s1BN99xvrNfICgBVUfB8pe1#|LV@t=k?U;^SKW;Pi>3o^x_h ztoMtzdJW4Adgo&7qsk1lH)4?y+oOBZ$?i0j`WZVBq|kv+sE(sd`q8EAj|OWQ!q7&8 z0oPopIjXk@q@_i#mZDP%4i^?Ucw`0zLRbSJ+v*SP3EK{%i;eSm&3Sd8I)RcmLVUmx z+mAR{fVc!tsvj``D+@AAzv0;*J5}Dnr&~ZXLxQ<$({FES8}l-1S@}8goYu=mZ1MZu zQHmfo9bij6P!%B3Wbh%je4Werz#n`JPnB)T{%)0kG69G{iE~AQ78QQ(s*6i-cNY(W zE4ubS%Yl~ck62aBZTL$BLp8MjX`ODJ*`>j{+Yvl^vN&;w-wzrMx-xTTyfb!9xJdt~ zX>MexOGW;pD*3;}Q~PHiZ*|UOYlX_b=lw}a1&$JbOx?fF*D*akm2C9Z-)pzx>&}Ms z0{=aCHddS+^Fu~*i(V7)dF$cBy8bdjFLl;?npkNUx*LA1eq1Hp)$8}Yvvm3H1HY03 zQo?z2daDKeA9Qm1Y-Bm-zZw5~vL3I7M&Eo;egW_DlNz;sr7{dP?svb>d~ylTdoJlq zD=7gd8bnXveMd~W1e66t#uh&#e1?+&i?d|n;GKv_X(%P8G9fYzJY-nG2Krzp2}4qpg-y{BSwK$CrS(k zhK8hh2(Xc+#jON@KR|NYTL~Qi{8Vgk9;%m54QhMXMi;I2zV-gX(B+#w0rh4Ia7bvA z5RMLbuaFccEhGuO+&re^7bWST6!gxkg3vV4xesv!fMV!_PJHNpycn}la<*11opdgc zAPwOk1vD&B+A#a^Sj?a#B_CaB|riRz-}T;0;!MC#IX*8n5kY~UVal1 zr8MGY1TVikI=(?`COR_7urb6jHlLoy%yf+6VTLfv0lDr4pxRLU4}lUYVQ=F?2waGt zuPes?H^fYPPX1q>0gEM4Lb#57TVq25=mvjQRju~)^hEU^;ls+`P$;9U<2wpU?M~?G zk@+ofR_{R30Q;f=O(YZ&h{J@CU>B=PbPP~1xwcB0H=r!JjRN{$bn{p%8CKZEW{u7LAMAhwD9sT`%Mw{lOPP%9qjRQAbSu35%j#+ zNaYYLKLqC+fF=;`5t+t>gaaR-4|yN00N}plQ_VSvFN1BVdyV<{NR6^SXq2xgcYuz@PyQqX&h~5Tc z2oIKsSD~<4=}#+LuMK$ev7#dTg!1ktoRWGG`fPt{o{X}t_SQ!SB@=>D`p?U}v*YD^ zK%sEWQk8$z`Q&S~_%c`LbXuOCF;_;af{0Nn*LqD_Y=Z7O%Z9rN_wH{L)=d5J6hrFhvV>W`OIOvD%>((_I7C86PW8joU6dX82)NK$9 zw`W@hV4QRs*m@aeB}UlNt*B->&ret)<~>Q{;^y9im@>n>%nX4TJWKJUodU3P{VaMx zurquzhN*n8%8||5V1-_DL?8>*=F72=xZ`ST#kA&F7!MHcCB$M8um=4C@gP_=eOZN>9CJjb= zo1r1%FH~E?uB<~HkSx#SSTlZ;8&d^)?7e>M3kl_iTcuS|uxtez^AJjs>>M1nh=^0c z=z}M5Mib@y;v#}8Q(8Q552(HqArWn4cTLED-+E#$MKaQcYy&ZsnPzBr)I2$O0?V$C zUj4N<@)B{_7ch6=5O4{Eb?O*-a3AeTIC}z5}pY2iWwP zFew!Zn}XcO$J#Mqq9&OA0?>G4rRn#E?(Xw81E5mrD2R3L#aIuHoBss zVhHL-EvVKBqw{4O8`VXWy%vQO5m(Sn*8I3(kIDC#Wfz?K0(P6O9@ z&4vvjp`oG2j~`#hdc`&?lGB!sgwF=n7c&;pAi154ld}Kd!S5j*SiP#sN;OcdF*UyA zC6W!n(5}#9UL+fHKH?7L?M=AxVx;3{0L!- zqvqQ!KRm`nxTi=E_L1|0ipf1Nh$k{;t9gB)Flm`dCA{~p0NxEjxWb^bQvcy z4F^kN5@~%V8g*^qxlf%vi{Th0gjb(}=2j!j2uB4p8T?@zuoa979TUg_0%RpBA#oO{ z*k3r0S@28yj~+EZbUg9x+d1@%!4F{b#DVfQ1kB0J%xA8@c{Ngxgruaw?Uzv9O)1+& z>11G5ODf2F`^Ci6k&QPXDQSZ9L+9rU1B;wCe-o>|f)c~uZNESrhL$A(%T&OO)E{xE zu#iHRpBW~n#bE-I4wyCUtGJjm^3xml8{IRxC#GHdsiR)CwJa<;IvR&C5$`B0FK>)u zAX@ZdiMd7RWix7mAeRIK8i1ouPfp$sGb1c2THU|qDU1tg(xod9AOOh#iWy|w2Ll%}Pam$gh?{!1y#IVP8DEL4UAkTxk_4z*|CEcx zD6f0d+Nuwstu;UYtcmoipTWq$1M)0R{&IaH9%eBC5nU<(!&Kw^OrasbBXSUZhxB6> zN+_xLcRBCnVtg!#wC2=(QP+-3mQ2w=<&MSd_gtGsRUk1sCMJ>4!OcWNr?_FZGWb2@ zQcme`i`i{<$e!*XnbYf$493B;LDgE$b@YkQ5Mb2``p#!E!O99uVkAJKeX8K0x54iO zPJas)K^N%Pbq^0wVPPs5k&Z|C=EqJ!R>s`*l_})7ppc3(J-Z4*d5q4rBmW)r9c z4|Xci=RaP+{SKkWm`W@QPC^0^96==s{l?+Mu~CWri1Jz(T2VRmZu=E$=#Cjd$r9rz zxVgCEK^@{+Obf*Mz;rL!GMZbT!q+Lsfe11>FMCIGD0jL93@_9o4ji}I>Td;aIOb63V}k^kwm=L zWjw|<#Tx}U?*U97_Rce>V)^rIThD@_&~%e+<>Rn0Vd^mSDFI^&!W7~ROpkRLO;#2B9SWfmN}RYSyqM3JH+KAEI7`@* zLFu6~ojf~3mvOo&GIx=05*nJxe&y@;Oz_$Y4ILZxmht#fDfj!F-K|R)lucb9K5x@B zbv1YRTltQyZ(#%=`2hzBHl3Ck&1PQWu1lxW^AoZ# zC<}sx$uLeT4$&bYdnF~aZoGyfQIVZ(uF<5zqP9*1Z2wYocSKl7NFsPmeI9dNmvcW{ zc+uw}1`T?0nX+LIaY@sncyvqB9Xo*kv@vFky`svy;^T*7-hRHyfBHySmtC%rF5W5h zB5)!b;+gP8EpmYw&97Q!&IiD$pI_ALXR1|NAB|TdqE^Pk$ z0WGmLwv+h|=AX8#X=i;|=oe?k_IX;a{)TBD(@^nG!9uZ1h^D$esTnvPI2#+nJzKD3 z*a~w%J7<+wP$)gMyU8Er2aXF- zD3o>o|HJ=mxcKy zXUKP(-J)j0`Rwr%e}kEGensv_zunrjy}Ikmu~F)dcBe~c#a2I}P&zOAuhI6_;p9+! zc4?opDC7L&0-r30!ixg5OM$*g%`XX5^uH)8e*2X!A9H#-{+HpT^UM<3SD z-A*6x+^cAxnW~f4lWi6kvh1%Bk=8R-^U}S0RYg*bOITiXxY>n87g3w{L*Y`+KJ9v2 z6EZn}$;zDGYx91@xc_SB+?rWiSyz{gBUI1!vf*sTpe9Fi`=vWxzqryZmzCajH?&N1 zKsBy#{;qpocw&!H?^N=*lmDoq`K7Zae-|p57;nDJkbYyipkK#Mi|4P|H`1}BL{Bk2 za-WzTjpVf5~<*@vWnD*vl(}2iaS;^hOpP@`_QO%{tKPIO@O7LwoB` zTRZbD7hbgakFPNcf(yosF0ZCSdT0b^b=QTK!aJwsHhH(pc0ck^uzq;YApK(+yZQOf zKC2z((JG94(sZ&$nU>A z&a2j(dr5TAou4O%-|OWqMZ?@~S;^L@w9${YwZi*4^kNtFpVZiXc^qWl*rc-LZ2rKX z7Qb-jMy{Y$y4)}HKMU#M6|bge&%a&+QqoB1pG7b01)oQW=!<4;z1YI_sq$m}h|KS2 zuedBYN#l+>dBsT!55LCxM6U~NTXGk3l798R>+NXd#6Y+GSgj@-<)+rflE@Us&YfBY z%ElFDPZHQ8d{aGJRcrfsG~5)J)+;lNw!~Rpu?u=%6JNS}XOK{hhk%jg2g9a4OaW>` zx1U?cd!Z6(mmH@>9>%b(<>=8t85^^4TG#92H@thw){N2B`FWgTMj~ase)XG))XGmX z5@m+XEI3;hH_#fNR*Unvl@u35yE@3Ff8|~@$t$^fST{v@NaEJZUGlMI&G!%5MmE+k zI>pKP+7)AzZ zJwd+owz4AmIETDmLGbH7GIGUf3lF`zW#=egH=#o)HS3- zhVM>bg%8`Jk*K;`K+jgcWH4VJ*O?52G-@D;PcS2W?T9Ay>$D)Q$34*y}pN{41 z^GdI}7b9^cUY>75nEGBz%RcK~j>SIhgvg&**Q11lhd%DfFf1_E;QZOuW~6=}e^a*~ z$4KENy7u)el2r0mm;d^xaWHy^o^|wLiIKr+0V*5ke46pN+E`yEoyX)JEQZAR;f zkj)aUq$uQKYou7-a0A%+LYvu$~`I5aqD$*ee=z>FmHJ&x*5`( zhrh}yG|zBX*vZB+wsXF3Y&_8zI@Ngh{rPPNWz`!)XS5rBR?6fSF3;_9%V=W3jpE#>&qZszd%Yd7*>C8)Hn5Ydi9ube(aNKy|Qzn(n3 zQXlsAX28l<8pDXFrkKpKA)kCfA!INf!i0hfcpqblpWJqLY<%mX6j=b(VGfVOC{JmON)cv)T zd(;yWt(BNf(LhJNn!O3&H%$Ku^rFK z*lVxWu655&F2C1BsN=h$TH`bR=4 zzNJGAYB$fDynF`E*sVHT{OBHN_*6QM={5&Q!=y=ltYDr$LDi4*4S=xNU6$*OT9f@#ikFbam36-qvjK{o7wG YwxVU-2sWz%^0XAH%30;iF&O3 zzrXnF-uu-UA7i}ZCC)kf+0V1qTyxF2wt+9@r17vRuu&)!-cuRL*C^DL2>7oE6CHjN zdec_{g}RM;D*0H^DSmCzSyfSK9%E~>0C%-uGww=|P>?$ITHC7=C?b`29_#3iC$h5p#u9g%>OR{Wf}`t4*wnhZr2Yf`x4b@9Juk7H6IHH)3tO z5`^a69v)8E-o16}P*O^Y@qu`9ax$SL^5tn@Zhrl0;I+KGu8*>zI-g^la6CM6Xa4@( z$~=`qUJzcGlS4I89UE}4ey*);Zr%)wg)f4IzkgAtl%{{lh#Tws`sQ98`Uk+*1tTjP z+e>9NbZ_ZNB6|2bIn@ccgM3rNC3%C0h$v!;oIVgaJ1;K@zvYzKXTDI1bW-HKE_d=YYl4)r zl^c3`2ysYRz4G%dOBX&xMiP;dqNl$Od}#YGSs_CX&*YF+>_*n>9}&?CA!qTrnV(mr zCle^J=x%c;-xkXtH;MZ9$}!_97Trs=*I}ozzW0B#_^O>>x_ZKTS6Jxi(6W_tKfKP8 zeDmg3V`JmT&z}|3H4MDqetl)r8-FNeQwY7QIf9|_f42iY>D2y2ny#H3xA(hRo|0&5Tb5XcP*QAQ(~=o{78GU*m$`4=8eF= zDdz3L!~&jzH2w}6zqYmXO2UPHs_E$(6QYN0T*)7jBLBvTn1m^7U9 zYwFKpNqC(4SM9$8G?=jy)ayT;8rnv-hz^Q8`YfkgGjJT{)*>kFnJ>G3w3G9el7*yu z*16xMPyMH-t9ylkf#H6XEUE{+9YgvKE$+vtkdP2^W8pu&xhh*A`*)iX@9Kg{FDXOnnQHxiu0Q6Ib{ABIKE$4{I~(WATX&Sf{(p`ipt zdT)evDa*Y0-MCXJv^9G6Rwk_5i!inK^d$LnTm0Tu?K~4kJ&gMzkmO( zTA+=lR$|?a`{7ML`jl zzi;}x^D9o&5XTz#TQ|qM(_E*OmuTmvm(2Ai|Fp`R%G2K!y?J?}{on+D^V&T}%Fpd2 zGF4ID0q0yt*85MXMqRJJ^;T=D3blu5_$j6vYr zRYO)Pd{cECl$YccRn@PJZAaTDXN0h0?X9gCuwy+~!BLN2(?=*$-ZuTppB0YoD^n`# z?UU_DWX~$MxV?1KdTDf+pe(G2B8kPvt6ByvRI0vjOz~7TcRh>uKGS{g!a$-<)(h94 z)nQkyc66^ddRBUEQAhV!>PuJeOx<@Xx9)vtFgcZX-EF+GVRRC`d~Tzmf1C*2PpPgg zYQf|)@s~yoL+q@llbVe?+$6*Xzc2SsIdDU92?Z)d9Ns#Sy}rp{Zlx5JZ7r5fm{=RO zwN>U{I6!zK@S6FVNP%Iu=|`D6yotZ_+-gEX@N^8Ba=DDLVMAY{N4>so`%EDw=GO4L zBokAGMRE}zDTa>@ERZliCHqW&qW{Fp&1g{HZfWdB z65B*z=FM&LeLKdSb++tI7FLzaEor+O4mo0>3K)4;GGpfXnMw%$HZSm&DERS6=jon~ zMOIkf#Y1sgxLD#+^ry>Z#QPG;ggyH&gbXN+o+t5N6E%PP15b(3u!Vfr%o5de%&nBo zTaob5x2cL_cF|Jqv1X1}Mm~c$qoZ^kQNql4my)_D8xv*6zq4yM74&?%XoH?b1Rnis zy6WVyp)Gkv>Rs}e3RNHE>sp{YOCv1i$eEbLLvCI8&gsyXjeOrs{&}1T;cOMV?!x$K ziF=Ib(KA#%SzV`(G!6!9-0n@YHP!-7vrl|>XpfX#L@#XjDCEvAGWcc=DJDqu64!k- zuZ}hJjS-7u>ZdQx+Z`!U9UWiEdwVurgi_F44rb!m_ji5fI#Ctr-%YwEsei<~Ub{Z& zhVSlI+S*v~)M~%z>Ps$?+q#~(4j!&jLZv!8Iof-agIEc!N5T(cn16o;$oOcRPgwcJ z*UF~2*LhRsMFvw(4fEvfPL44C*p>YP3)_??dGmzW(9fnyqzo115M~Ng=JNi~M@^#-7y|4Uq-5 zMSV;Pj2x|9FCvas&ZoCditZ5!WKxU1t-xVUr?{zw+gSQ6Yow6w25M$`H6Sa0uc^K_ zL1!~Z9jQCn(XR_GTaC{y=ABWG9?@#y(u`kkkPvEY?k{^PT@e_NX{|(dhlSU{>ly_i zJ)C=0l*17d+$OeOmwdzF5hU^|dUXoitVz2H2e`ob$&Sd6|0F zN>V&5BxIj;PWg#Oj@s!GS`RHmGZKV`i(afVC@`m^^XGqOfM8J2+`!?WT~w>1x}-p7 zUR-q-Hp1xpRMcA($|JaM{QgL6Q@3fyYHgY(w7kv@Tjb>A9fzOuh=<5?_Y8sW6P>?) zA08-IdZiU{*osnlZ*yFuThv6WJvq!DyM39QRQE8n?~_gS!9}KEsk0Cr4pLR&WJku- zb$@-{XscBTpr)iR)RVX~b>c=ZB{rGea+@gv6~;caWxg3isnWOA@(s_)dX^BEYVvwm z-jEB%ExK!;@{F{bQzyr^RNozbFCM8`X4Q1}yuYxli`F_( zTs%C8dXmQyW3y-NaTQS?u_!TO<&wMFStacxh1JTerOK0)Ilm~oh3KUz5K<;h9rRZFXkz4b_L{_Fc{+{kzcU-QW zHq_Unu=qE0hg)Q*CQn->PJbw7eoXv|ldP-X@=K$xzw}mC<&m}hwE{s)Ff^gRM_t_zn7xwcD#}A zWZm%6=lKeLZ0W7%mo_WIZ6la;kuJ&VFHOxZ&M+^8lRo(B-0c0CCX{2=33y!~D;B&X zTWGoZCSJtms>Ho(GqIyrdy7hW9+p#7PPf;N z0s`ufH8uP?j3NshM$t3`>~Cgu>!+C;$+P0d`Mgqaor|m#>MafD_+IyrnD2nJ!2V;( z{W{`03nBluEz_9OZPk#(F&u7n9^(gB+WEN)4w}wKY7dCj9PRu)N^xzWpH07v0UAxcNwdTFyuAcVRh-1AiB_S>6Ky*QAZ~3)8#9;qT1+8TQ z0!!)7(M;Cc&#w%zPKIx)&`4y5SzuBP)XI9c)R70Er3p1baf3j`6TH~hS-stK(|c@g zX-dorD95^>>$^*Gh3p3bm%I3>^1t+cv$)SLult-$=&svJ!vz?=A3Vw~v*3Kd{VR#= z6HC})dz?VgA$Q^-6|Mpflf|!Zx*fmgmq;hD^Es%!`7UTUA3T79{9dApL-&|csNiyO zH%8RaI4b!CbORYH?5SCblS<=wN}D>7Yav(SMI5gF`@*<1ltI$Tn$F4jG1-8{Xm4ql zqOg~#;-b}jeXw;QC@8xE0-ke!(1Tovjj(H@j59hm*SJNv!DogX(VdiI(Uy}D` zJ7-s89`KOYpqCAHJ$}H=Cs|%U6tnYMOVUrPX`dxa&{UudXX{trem|#&3*nhyWm8SM z$b{NRQ^P0)N*ltYob;f;vFr!;2LtWf?{mHHYD}2Z6?1uKRT9ft3_&Vj#D>0!;$-xB zwDSj7^6cQ=39f0l$~0~00UF6{6V#U)jM66lx>~=K`KpFro#b6KWvb+SSlxA8*J!5j zf%i9dwPU~c9@A?(LVcU=dZJTH)$*D_plZCn{SU<#KEr|{9{+5A>i9`>9adgR8#nZ@ z&C{!CN$Y{LH>(~SntorelNVBX?wn2=wEK*Rnkc;Q(@F*l$_th^pGeT?C_UXn(_eks zj6iPn16|%k%8DyU#HLpFU3PKgRLTchFALOipo>5wc2b>UJlRWaNcviJTs?U@K+b7- zoe*ebfUq6OlVh6%k4{Z)Y)e*3f2f=Q`69TuclSjv_6=ZNtrl#(DXut@Pkzzu$|X9e zTR&#%N(#b2?X69t|5LuCTqanW4_=%m|FGeHraiBX6&rdB3Wk5IB_0Oqm!`~P3ppa$ zU=jgp50XP3obApvG~@nuiPH<7=veKZCH5F$7V?aye0tu8+3opf_vlmovX`0HzUGZt z;O=8bm_(sldw!p7Y>!*&&F2NW_pZ(-$BeCqt%4VI`$STBXHzBQ)BV4)cQl{Df|gb@ zb{8;EEsRnh-^48oe@Rjgq2zkEwd*LIu`#8@uFJ_2+1U33Kkd#9)V})em}DmqEhq#jBz`w zLMa`OtS-~Y?de`EX-897v$VC&U|k4}KJ0P^&D7CR6k?nC3~R56mc^iRc>^;rI=cgOl-ln zrfqJdnbBKc)MxYg%jc%{!Jl0!gUYR{CYf(V?=tX`{kBm`AhT9xjvDLzVUT~WXgb;` z{BYp6w5=lvP^HG|AP>Qxs>457Bcv3pU0j#5$0Izd=$G&k2))u=^NqQ!=bibrqqhVr5gIsK&k5YQG+G3m+O40#bU)89pcvf|=KYr1FWxzsEWg?lk> ziHg}C;w;%*QPM+wc@rm6B-AQ%=Z3j9GYeb(esEpRH>$<3R=RTs_J5vyGz^S~KArzO zcga=GPlpBH67FfoF=QM(x_ouP>u0M6t<%S0|5#t*w=Tzxz0K$g3(WC?RwRxV3&{$O zoBjt`CEu#YUKvHb4(;o+A*Z;7s2ubAnPGMB-(M5;U|-_R#Ow0WYHiDKZ5$mWU6lKk zB5_E%wK=P>xZwMM0`K#J3Hehz9esUFhWViGD4;Q#@nVv$zUNv`@7xfm8f~oqsA7DR zNFTgeS^oPTE$y6W`!s3fa@QH@ zLWT~MBtnZcLTy{~(@MTk0iH{knB>%`HV*aPkl!;sRh`o9>1ji4T&^40XrTZ8yTJM7 ztCG5M%1iotX()*Gp0eVMgGQ{YSFwbvse4MxEfd7Qr9_}-`InVZqLB zCaJx4C%e^tY<%`1r84#3&r6>T7@Hh>&ozkN)u;;o)c86<^xcCix87CC1a|wVnBG$z z|2lk<=<>OB`uETkD1uF!<6ZM&{`n2S+1cZ(1ABZWN>5eEe2>%HDk5<($XMEP{?HZk zdB;UlZ>0Zg=pQB$IVpR0pzd~q=+(UO?oH~1fLKU&4#Sn8c7m=)6!f3&HL zN!6z*q!yK=5OPUX<;Py5*6{l~y$n*QHRTHBl2x)F+-J*mL3_Sn`t9|PlwRXx<#)Ha zGAn-keCu`3!TprBWc#qb0Bf?;_8QBkZ^G9Y-zo30!HQqusfvLNr|b-77Z!Waj;8GT zr@pu+Z!WS!f4z&QE=)p*yw zcV)TUmW!)|V9n$WA#J8Ae@Sn+C-p6gTgh*YXn9S z(D`_`%A5Y~PVpcQ20@^2rXvSR*KXu}*XxPtDsU`noE$&g-sR8u=pj@tr)B5ohmN^4 zh>hq~q}^kFNkfT^AYtjWRj^xa7fCdh+9mXs4@Zjxrp*6rfRF4Fap!cuAT-moCe9bB zB#ksYc<(81nK@_zETm!Mg%OcJ2{ow)AJzsNZPBmbZ@O|cC`p>1%3S{W$;6RHd+tl3 z!XZ%dT12KPH=j>`xZZ8iII`$Uce{s7Hk~43R>gXyUg>!vNl4Fe6CvSJaMEx>%YmgF zNKIE%9EJWalFqLcQY!u9lf82z=4)Ji-*4hqt@E@0?9qLXZ9+UnF*R%DoL17cS)HAQ zL|x9w;zeApK5iOo8h9Rr2$bjRp4x^?zMsVc9;rnNZ5>Eg@Jx zFraF5E8|{<$a_9&mORG1EP0TwoD2_8-xv+`Kqax#KP1703YfF!wmuM?a`OtO@pH16 zug^^17EJZ@BwL5qB~rc3C3^6!=AgLORGaeXs8aD%(9nojd$xFb*0<7o77E98=eq*7 zOBD1Tmp1{qIGr?5`epy1ywrO|BoMiZUMH%%46G2_&_3IH1e%uAV@<3s>Zdd|F;gPe(^~@7Mr~BxoIpxLOhdHJ19%(mCcsnlkG{WiX$Pp~re1gGV(fZO(grespU za96V(G^!bzE5XIB7PogTJQ7YgczGK?TEErV)b+KerIs|alZ~=x6arZoNkC~U%Jp~8 zScGhaPgfp+WI3~X_p}g1-?a%RsZ*-ygS;5>F=^Mk*5=G)ku-vIC}{_+2H!}2g!kf7 z+)P%;6D6~wyhWMX-4mu-wDHaj`tbwvK%fDy#@6W~t7fy_xa+JM2huc{Z_Ry3IbvVK z)D$XKR&VJYqzJoAaM-#{=BSQKz7Ss8fv-E=9hlPv+z#q&=?ETH5+;C+tC#l-&CJERMrrIf=|% zd8kM8X`6|y-wT=oM2Yfkr4s@6xpYpn!c^Gu9rb7~F$N8msc!P8O*g zwz}#dXZb*`FZD^-Qh>Wye1ELP9B?(~j#h?b6_$0GEdTJU|5zz;Sk!ILP9%tjJgM>& zRO%wAxy;1*RR;|AuYv#}{prrV3{1<-ul}O6-|j2X^Jid+Gu$rb_D_GY-Z6Z?W3cTH zyASkjvA$S2>#W+^w;#WI`q1K@p)%`TT~jm_c_E}4aB7A1-FQ-JPd35vSXP(uw`_;b zrtx+7Bgm`_92w*wZ}A;`v9DF(d1?K1Q%)8ih^U0|HCBB_E2}cU$ha4wDty_46o|Z? zF#hm9he9LB7DEoCTRYZ$Z$4InJ~9zcFLQ?kM_R=ZP0~RM&0?||gU6OhxQ1HC+!D<> z;tHfE=y%%lFAMKisHH!)a3E5Y<%I>8sARFoMzvLGX_!-rWBxTHnFU4$v-(YZ8(bnO`aY$cYgTaVji)VL}URHxM(wr7E%yb4cEJ zwaXkCt=HPpuX?^Y&9&IX6+=v+VPLWBO}CR<@HEtBn2Mf0^{b+v3_dTRh~LI!dsA~; zT${|FCclMQq&Ew%^`N4@L!a7;UKbHS!y~T9DpBIFjJ7^8u=o%6gCk|MVdW{fgRkCl zO5PChgJKp_X-tlbi#IbpNvR1-)xc_K>AJx)O@R*-E5~e4t0y5KAX8M}-hXD|N{)@3 z{(Nr8bHs7HB>%tUJpMm4F8|+u`Lu*fln5s0-{x9D8 zx9?N`)4n|ysH%XyM;zRXkgvssA3j_;+is=3&&GBg1#N_?npz|HK3!d1oSd1S-)lTC zMX|B5XBHN&Go%?#=29dGJKyN-?REMWYcw-E`wDuwM)4f=a{Tb4ii5HhL`P8RK_*-qyJ^8z^km9&GMb4>>qN1YunoEF3LPFvTey)=9#N;G( zx9BPB+}zyE+8VC9`ndm4srfkH(dlW^^mN_W`t0m1CogZa7ur>diA_ID92{?{w5*+@ zzwME;>+6$d=Q8s0twXu$rFE1P6ph{81QP!E=i_c0uv27z1aHJfNBhf*ofFg1(P3g? zHEhi`^=8P^+Aa58$H1rZl1=}iQj?yZK2q}Trs(nCo5aMzH08|Dv!zFCHbNV>^@o32 zxWw)8W3(xkRW|eb3!#9}(B|J!EOEKuDdFPM2$M5Nh191%i+-u98ZcViCcyOLf6W3I zrNK(z<>oIZ7rT>M734(*Wkhl(V|k3WdZlS+`_i8YiUkG+qP*xN{IvI12JL^CHu>QN zgoWinpNiK}htD_w-{zLubaYg;*bwhv zecWHO#-*XRmq;A*^XJcx*rS`q#wZvW83pZ$Nk|^2ysU>GTUuH;xwsmB1>P)OV2O&3 zW)KsjeVs+DtgMVju{Tr|IWcdOBl7#k4cB4EuD&=Kl#+P zzIF(0R(toRNw1z)e;44J_Pi8XTU$e+$T&15!)ZhaX=uWpMl$l62!%3naS=Uy_%Qq@ zrKF@A^Z`EwRx45mV)ydQg`>l|)O3NDCUp4q|y zU8M*`Hyz4(?2k`UqGQFjVR znvtLO*?f<#cx7cV!AWP}eS{MkDYr~=I1Q!bN3OoU$)b`cS#B|@ZD8O#+vGnFaXnIL zdr#Bj*kGd479&B(v1Oqn8V%)ou=W^UR?@n(x7YAw@JQ&&p!lRPgf5A4d-a-~#N$=%%D=^|t}&Bq=93@Dun!`4Kxs5JKX--IA? zT8L7C+{v7zAtUpD*Z;lY_it?Tv62SRPhM(jYUYdbF~al*Ouy)jmzk44Febcn1B+2E zK484uQpMG*D@iOIwt2Rd)>Cq^D}l>&h?P~XL?)vPpe4nqI}xJJ)%bL>%F#bE@+O?2 zMn?DW$^PngCr|fGl!|7S!ZAP(u3l@{;PHg;{(wS3QBmVap zKydI?RQ3Llx@wgJ8=v`@51jJ54DPEG;TLJk2%McmfQeRsKB56rBWdg!bdev=gHHe+*{jc`VM{CGQz zR*c;bkCG9eM)*FvM#XLAT(!Gp=HramI5^Gl`(GHeZnuMif_}mINy^9ss21w_3V2>r z3pi~hBiktX{CP-^@dNt}OLwif_;@O`M`oi%PcZ3zeR~@DtN#7f((#Ut4&S7tByv8p zn4{fpu_yZa-Id@5VEnTfKt=p zppIw`)9~pa5*B1L$+`6doKBWAve)%gRb#AdY;Hi*4Ie*rKe3B)Kbr9-@PW;&aN16- zaNJB({b`p4kWFY{V4(CH0z?T#D0a5x4Y6}m%Y8ozb(@q`^|lY8?%%cu-GjAJdKQ*v zzkdA+fRGQIn3y=B!mmLiv|a4VE$W8kPtD1Bjv{!6faeg{>&=N{{Pt$4Em-##(D5#GqTRFSA*8TJvs?dIQNYK3& z6_8(hA`7QDaJ=iZHS^edWq=9o5u9eBQ8$hC#>B(fzkl!WSxnsbAsjm&t8&b5Yi}ol z%qQZGeU2;?_H28txH||iIe2Ml$^T1!UOsOP#Qt8C+iF>b+g;@ct^v4MSVSm050||q zI-o8-P$!t9WcBs+19lg?g8^* z9}*<=aLCw+ot>S>%A#b`HPK!NocOm5W~<%IU+|!Mli-? zhy29pQ&G1+efs1>NTNjrl34$c z`tcJ6A3{KoeviO2B{=M@?QJ5HQnk|&0J|rEwGh^<>SfQ7;8$d}FXLAU&?qsESQ;x` zmFO5GrDths0g`bClG84+-1E`{;5X&meWXA~ccQ{t&;U7_?=RvQeKIi}Bk#!%S>WK{ z+?4Rc?Y+2YA`pYAym6KB)`9{~v`3UnES^)Im+lGfFPWpRc#YJ$R~=NsLJ$N&=+fvk z+{Ef0+@83EL@8a7>2ThEm)NZOcjXb}lG5nnuV0ep0o5-1Kg!OKxE2=|_aRgY{}Xug zp50V1eALm=Q29kRFecj#iC6?2g0uLWzp^y(9JE1u^{$ZB! zNi?bT<43}6po*rRo{)&mP#sFg4gY*iS8y~o&QvWkizO5fD4%k9=HutLGN7b>Tz61f zb|^*^A<8VFU!2sH7k@KLIh)Ssk%xzI&dNtz9 z7j&p*$;r1nlf-CgJ&x!!G&HuBGm_{T7$h=0pcGU&ZX!8tgr5qe=FW|$k()_`R}kv) zkxs%2=x4l`C(V~HUr=6u;`py-#!PTTw)cP*mT;l8v$uypVS&fF3#xu)FdKp4n7BBk z>=hIgAin{G2s27@Cq>!ixw%_yWQ2x>9!x{!`|zAmVmR+@_MQ+-5Vp6sTiM$WCa!qw z52{%2{C)a4DvA!~8G&I6o||=L&z$ZpdjpQ}FYT=s=rnCLlWA#>78wBUk@K1m=V{ex znvcS<=`8i62!`X`;+9-gT<|`%G&KCKaG;}da&me)-xt=rsI>Lh z;2??P#zgPKQcZ;O0P7oY?gZ9yx@kUM)-WI%- zZSB}PL9OMgje*O;s-?EJm-Ftw+3ft<4^n9jj??b`G$Jm^(&03`qK?~h%}0Cv^4pV+ z)3Z<|5gr7ifGc~)-2D8*7wXg9X<1oWU6&FBweq@pdI*B97dkjNv_NRvP1zFscy^3& z`lI_aDIk-b<~Uv^_BpzimKJ3HZGL{TX!f^_k@BK}P!jcED-nodpVl=o34+K16ehkW zp9qkP3$)7aU%)M3@p z?ptM+(|IC{a9@PtGc|`(*{^Hi6DzD{#Y6X@`ry}{?cm5hd$zq0t)<(W`b5BbPEuh* zyx1AeKO#OpWNXVR=S?v>lsA{$1qpF+PLqNAAyf}-^Z zTAgnV=a+SMpSqNkwC`P`d!5#MTSSDKiHS)@PEJZ+|ISdp76Gtuz%+6S3S}YPOy%s- z)z#RTm}FQ~jHtWdXW6?0CZ%QZa96NFz)oPo&g$>Ke{%qeN3;I4Rsfic({)gCk-qWx z`1n36>%avd$JHlKo&eRP9V@pafG@YbUg`TxOpgr>8A&-ba}?z3JkDnp7yY3S=mIYu zE8T;p@MA_5-{O3E}J4ug5%iccaW~ z^g}=ZCR_>VyLQJHHel*f#p}iI-=igZUO2P9DY_OB5kV+^`|jQA&%UtsI(Ms3aOqxi zSQ~ktnRy?252}YY*TgQ47*LPWU(c2fYf3=eL;p-fPL3J-T-o4SDbrm>MtVLz<;4v4 zj+L|h5ye(W2Ea__?{W!2eSNQ=#|so{x(^)g4u0&O*Lo2zKt#!BRu3Hcm9ny5YAQYJ z+n>Y`W2lQmK}8QyTIGv;6W7a|M1!piSP>kxNAy6*XIEE)p^`ALvEd=U5Zncq)0XzH z=4NC;O+4Mg-q0Doi!S{rn~t=K-(E8T5^w^&hIo6u_&FE68OUOUydn{KaBu(xvjJ-I zs$IIF1e}=;B%>3gVm9l&fiiRTz0GM_Xq>LSEDU)D9U;tH&(6(VadmY~*nw$H%i3c` zNJUP-1JuArLzw zMD=8=a6qkWn3|%22CtY;5}!(d5V~b@0jt}hCrb>%Fswg#ko$AE?tB0F2`g`@&4O$Q zIoB2U(*s}VQLAfepey=8O_T_Y-xt<5AEs(tC77d3GQ1UmjY|MtmZ%tYL)Qq%Wxw%E z0`O11iqmC5-kc#L>cYj$WT)>LM@nWUre*cERA@gI&B55}>2Y7VoBd|s@1jV?7mct= zub!TlF|n~oQw7J>fAH|moooICw0_X@0)o@3{jbRIzXSb?lPiBWlc2Bod)VgtQNM#) z?t=gEwXv%U|8q36 zuaJ_G?weHEU_Y|Ye+p;;Sz$jkk#i@y!}{{V9ZqT}d$J|<<^7M*(HLZ8(ahsMgrNTT z$Hl3aYW?%|^##tP^q~s6PEF0ku1QNpW)g00?wOU96PZn)Z}7ILsO$Xv{OhMxjKC~k zW+__P+2s_y$W?|3_^a&f?BRbB5>`@w>g}pTb7)CHxP1Kdsc+^T#)(HQ#fh`qM<|%k zO3p4Vsouqn2E7C`CBf*tU}rFE`CML7QKkI#>xd++k!re~&F@+8Bm{3fJX7%RPh6qJ zq~Nt{*Jj2o>)Z$4g5K_#%PlFogJT*HK!Fq*5TfccU!@h84E~Uwq^3{x45{lrW~EOx zfmmOjNC(aDD~9y{xd$$WlCz7;@8%ficnE({V{&bv)c8+4UCO5*rYE?&Zif7x@!?Og z6?Q^U0Y$#RuhmCf_?5+I8yg7vEj<+Y_wV1w2s?9ooNfPSohK$Hwzaj@g8*0n3=QhR++vbv z3#h`NKH`Ij_3hgop#IAxDr#zo;-d#FL$ydB3vK}Et#QdYlc!D}{dYve-{@?5cjK~! z86#w@L^nHJhTrMwc|#@tySO;t7Qs+ZTG|ZzjB)kqRpc_qi%G4}7$fw~$=Mm9_VCaY z1`6p_f;npIL6b{)d7smMMe*!pHNUO1)5qIeqI5k=k@@qNFZ4k1uzjxpPDz9IxH{>H zSO}K{Umr+nwrLG6*)!g~+tAsG3!7MByND0Whs&^&eBA+1AC?0GsEYFj!n7$Uf)Yhs z8^^~f3kwSoHB&*)73ffs#|e|i@dBCIRP`+=j>w|@XJ%%krumV})CDu*MTD|(a1cNP z|5!!_6UsIc#elhH)3wx44G7#XfF$&0DcnP}8I%`Pnh;vCi9vHskBz-$W^TUSLTOn)F>yA_fsVxXrNXDbe~D+;CsTWw zJ7sFZ$3v)8!Kj8El`aX%gI-)^ncck^_k(WqIYOrM;X(2z-g4W`bDu%Jz@BNh~WS00ma-m;`$B_d;mj;4x7+gZa(fu z!s2vk4i`zSi!;QE0IeSNpHBn5&Y#}@F3OvNJ}IQG)&KoPQ`Kf|FhCt-(sLtqQ2&+l zH36e7>Vc>4{`=E(Q(pKzvj*eFH~>C$ z=37D$86Pzh%0E?~{Mh@e?csmt!S&T%?k}V}CM6|hjz(qC?=nz6bX!7hA&H^sw*ABn zlo%AMQX?!Th8zR~4A94$K-akfsSI$@1gYB^PK$vu8!N#A!{_MYbhFT5U2Scuh7xkb zylavH+0a(wA;Ne1`aXA`eVGAA4Uv+&%0PDp`R>YQ?J4_Tn}>iArQ?ZCb6BwcH1M4` zd3c&2ZndFzmrD?&13L(11)B&lJl`#LDG9q#U0qE`LNXX%^n3(!MfAFTJ zra1ZeEjulc`hGq?I;JY|DL$UQx<*}ir51(y-O&Lkd^@sz><%0-eo&F{)$hXxdSWuNv}%pf zfftBXd!8nf-tzH{TH|juKT=Ii7|s_ydx|&kjc!NNkaTYD#?0y}p1izc8!H=y+bk}; zfoPeTgG2h&D=bhFtXK9tdukJCftG(Q`NN14aqCuWTYF{r#rcP?Kd_LL5^u)lKR9@e zDudQuVr_7h5T)^zQ--fSzRflEO@*fzS%P4xWzY(;>P*rE!7^zFWqj`9qPUz;DFP%( ztgW$@Mhf5RslbB;pfe0)DY$CX(Gbu{Mh;9b(d`_pD;}M=@H>wQ+g%E~u-D$kI=xfF5oOFY)mi5!?*qARMXAm@G-+>-YNNrk;Tk#ABnGb^61 zSnLtL(aihHEsDG&94$+6OyAUQH;fng@qa&rtX}Ld6D51SQe#R#I&N6S+4&)CL|h48 zrAFR46AO!JU)e<$((!wciG$-Qk^UN7L=f#?W)Fs{8R?y_nmz`wt1vzw1Xa=!^r$OU z4(lcx-%aoMJOUL2cT(yD~=0!^4C0kegFAczHrlecey?K!r+ zWOX=yI6D+n>3BhV+0#>qu)w=dX$Pl|y6k`B*Y1o7{^0=a5}{fC17nXGJq^R6LC z#oCiU?f;D0<$@&O4=ZSDZ^r_$#67aies2kJNkFPZ12wrB%+83In2}_`+?*UjV&ZE& z#beRRV-?m64x3YN^ZB|GMS=ksj6E%f^QghaRmlHoQmo&8qk5|mM=(4WtbZCBnj_#K zuM`yrmdvj_f;$1fQe$&*@!vn)Mjx!Ph!>8Ij(f2D$L`!Trggs-``ix*p#On-`fDA~*kS~% z>Hl>ng~Q_XW*dD`D4=T~=aAo0n!rAX^&bt_UHF2ZGYi$hTP>Gby{!6w%>uL>PJ4#; zXUNaP|E0lRDBFZ~ya}k}$M|?$ppu()mo(iXhyRs{Gmv0W7vVLo;oX%UXJQu>Yi<<< zylD^Fxf!#b`rTiMc`1vZgdHLOS3xFXAfx#6mi_Noo8NRcopj25gs&o-hT5q3LZ~%t z&8r-oE-$vm_m_W%nML>QdQ`1Dj8Eksp6x6s;1owYF~1=N|Rctn&~7*>@3C{D0s&mQQ;CNHxqfcsqkGcuUBE z75Wh9RK~9!1Q0Pm1-k90Ga^Rd1wO`<+wKb*_q|t$BMrf5%0VgSAq?UgA}9)P|GEhs z!k>##0&-3-AnBwdmN3{t*_=gZbF#OLOYtB8bm_itPjAARS#o46X5E0W_wn(u`qz02 zagf{f!Gny1i1-v6`)=A1EOY=5jB}ih(=s=SD!7UJgIAIBC zV6`A~Iv{p|!?L}Z{q^Lpv<8c$0o1@D#H zjEvt^>lC1}$-#QD(jJ(P*D_461KsCG%>y;?(;;uEcHYG;9yL?VRrWszpIsZ61qIMB z9^58Qa0PMeWn^WGHv6GT(F4&D-T*@kG013v>nH$N2uN!Ff_dDf>JvS_xKIFJO1L6o6QT5` zYu)h|U-lf49gN;;iJDG;zF)}AvUn7?{^Hbt+^=afvssr5#*OsBY$gXA_W=}9WNV<} z-15?a*TMJjp79PuB~4Q+HNj7Ucw!3yU>Kh|pcNa37Evg~2%;bq)atn(+dzYu!afv@ zmI_|D#sgs|YI?^L0X&=G!Gq7(B+Ovp$b)KJpvnqraZ7Eu4msR-65tk(?ymsdVQOMx z{Yz11<{-F!?++!G(_!fPfX`H{2sClVa2sF)BNTuMt$U)PiT<=6F<_S?uHLB!;8}_1 z=Im^PUbx7=m(#RHT@c_+kO-BE^(=nis~V3K(1G$k11D{O)Q9Ka#ZRI7zeCYD&7ir8 zkT5H@m0ti4?WuKl1zlPivioSOiC{hY%dSGYEXnC1Fx>C5QOwnQeb0o?wwe%QN;SL9 z^JMuRjmMGBX*YEG86X$qM}Kj5yEr6GgAa*}vfuZXhkv$XjmHHAHe$1GVNdE491tD2 z;{L$Q7ne~NmH#|8u>{;KW4h$tIdXqH086_txe7rmg8 zuV-6>YuB0gwhCz*n$8^_)uu3r0mveF0ZSJ$>$dD|2M~G$1_u`xmm7o=z5xQ8Fjd!C z9t!D8QejNLS(H{@?pV73t@wBA`4$NN9T4qzezW8g5)!^NuG>AKp{8CZJlUC_pKpRm z6l73p+HDt)qh{|0^xMtY3zz4cp3bYe<%lWhrvnpIN%Z0GS)w&yn#JVuAwPdKv;{qo z0J_vk8Gw5*D$;vlJ2jV$Wb*mJ=Csz#@2&q}3qKj65d~%7*DUQl=kqMBI#Hlc7Y;eLY*dgiY2JkVn+f+Pl9KVwOgs_J!E{hL3P#Ni@}VH? zo*zzw@}vW*S1Y&~Z>pWRE-o(gjg0ij(G81l6_0lQv|nxe^T(hyj2bzp`Z93Lx*@`j zK}6U-JZ$am4u>cdV6|!E0sQ&;;N4u$y|_Q13RE|gyz5^pehdZ^9fbDYo*fiBDcEOF zWlD#6bQ-VaD6?P?(C7mTvxDJ|>4OVnFr1;V?1F7TGHMCDjK+113mLZo-=ZGsk<)xA z|4!~9kQY7h9--Mo9wDLNHPII%009S?5}3hWgmfD*8nUsmq1vGC6ymE}~XE8eqK3Tiy?C+0+ z+ua3|4$R#r(2@fV&%;(hy#P1X!ZW0swv{Wt1_n^FNgF_!c@JvJ&;@1+2vLDBx)lN? zt4MWz2c-2^px5iJv(VGevC3gZAVL+SVhUteMP=n^9g?}`<&y}wwE)pZGafI?t#NDk za2>`CcYx<}YuBS-(f}FisW?9v$1z)l7&HWo!KD)T=;ehH77+;y38`NBWMN~&4Vb16 z9yGo?7&U2HbsqRQW)ys8GQf8kGd#u$l3OG^vf_E~cf2^Kas zSe@RBiLUq+Hh~T+16hiYrZjdJPJ#O{LZT0)8Ob^jXoWQTET^g;0-l2@>o4MZpv@h- z)>;dc9ic>m_A4`UbB(6?H7&5ftT)BqC8mQQVjB^?5!V|U_;|1(dI7NDv~J(_g1%aa zRg?L@)7mN4Zn(m%^g|MG%*xhw9!Mh4Hh(frr}wZUR*--;n>B}HN$4mQ3mn7@f+x@n zfQsSoFSwThnm6flTLZ~OIvbD^0_j`-LSvxH`bFGx5z@!vTL1R^y^xuiuTM7LJRfJM zU2GU)dzM=(tei~}_vfEgxVjE*6O1^b0gZvv$gi9P`}hi{#e@LTE1ZftDSN8Mi8 z+>{4$2BU-U$*Z+%sxRv}G%CF6>cpVfLR7&F6)oZ`1MGda6oFX|2oEqrR|_U}3t_5R zN6cTWxCcc*k*i`w{G3~%%LSZtp}~%Q(4)$A$3c(cBb+4j0}ZrWwtLI zT3wLmT7NH|gnH^Ey|q?lB`qp0-rn7{9q~9=dvkVvzMH!W({&Rz9c;%#(UFl&Ffjm> zfz{@_U^fh;!0>V8dCC&t>|Ld?(Y3>y_X5M^t-3@a(i_IdtLjfDcJ#Po^L}QmyO11k zn#jv{uVQCAW3L<{Y#BxqpnF0kI4?skEl zG57DEa*lg21=0@Gd4nLS>AtV@mCyYDL*0AFbKUp-!(Wv;N>QnlLR1t=QAt)wla^#< zB&+P1JsMU*WF#vg$qL!C?3I#{knE71z3%7RaU9q0yw3AFulv64`}h0f{^NXf9(;Yj zpYP}M9c)`1*-QJD*EV;Mr2q_0oJ3{?Ln8BQZktsDITrcPTorE-oJqVd0#2F`LP+ zHYO>2iM|px%#o}ZgI^xek?u+R+7YP~M=%ASPX>u4(emME0&11|Sd$b5=)=bQjfWcw zB9&6e?>AkmeSfO?^9$x8i#yFn_C2j@^yOM56)imflW7NRkZwn#9_=p4^0V(#%+IbMGF zgxEHxa}MSAeE*2ulK?#hS!0*C#;4tlIcxvO7npCZo z=g~8ZpxD5c=6}I@>3yV8vK`|P2l%oKQ~6$*`b%u*kC}xT9U!{9m7*|>kx2jo@H}fV z{h=cD4hi}AcpD$VFh+)le~=Cp9oC8;UoMLlH8lld^)zfyGEW3^PvPD|gVj3g4IPAj zhl%9@)lv}zwPD;xkNV+j6Kn>W6;gwshuXu&b{`Yd%iH?{>LbjIRb(*)YCsl&Y~cE} zudhCUgFv%7qzYUGW$SU%y>!CAuLQV9VQ`hYcl%T{u46n*XoKGaP5xw!h5GTSkB>Uf z<@4vmP{_q9q&xy<2dtJlA9e3B%hBDqqOJ~4QBCZju}WE69NZXqHg4Ni2F?M`gO0RM z5G-;%Sh=n|jSib9H%bfj_Ci-#-(Ud~C#vNuiGU`=c0wLfUW!AVHdIJ(|_E0i5H%}ui!M&ne8Ql}Wf0oKlKo}@*Ck6d!li;8w-!NDo)AOiLaLUwj`j?CtZ^OMPt)?mmn98e_Q z5NapBr)7||o$>Od)5e{{z(gS9hunb%75gr9?`(jDF^v4C=1A)yB_(BneXjRY*mAsI zvsr`Eo_GSqcMg5nN2Bxnh)yxK_1=aA7Ho+WQ`B$Jv;!3hSmtRBuGIpYxCP{0RJVcp z+efhvk)zyM3%6Hjp7&Y^r$wB@^wrN6qy$hVeosGQQT9b$Aw#$t+Yy|1eqe{;Rg z-VZ{&tgP81)F%V0&OisEnVeBr(v3UW+1aTm%S0x-y+&T>vGbXAeL(@GLcpzV=x0P0 zmTczt*}R#TrUSKr;bK?Hr^;~hM6dm9X(WFmb!&~+fByGU1_!i_{_oyZ$ko)mZA=RK z96^S!s8d$fc1;x(2&Lk!y6?*G8(Y84`j`2~V2Q$l0wxs|7NK~P5i(d@jwQ*}oO2O9 zD|2_tJzvhNAlP{gk}Jj3FI}P)9c;N=_u|H#&vW0Cw3lKy7j_;P+>~{9sOvksYQyiZ z1?`+qr!N&8{F*hXHK<+tgz?B5-_!Ku0=+$-ABi!M4Hv|(P6VW0V`t^<`=Q#`%>3Bj zUrSz^hrGsdcy#pT-Qb%qX_*fsAH5(f9wO*}&N7*YDs9UDZXJ1rl%(%6{r3$efnz=N z6%h;A1J9o?v#`=$DMcQ{nX%uaowuZnmo~r}Z$Bq&R^RH#mpZpPpek36`;LZ`IksEW z{A$l$gpdEJ6X5HlOL4-Ftzav8>v$$@v@LQ8=EffT%jHM;Gi?hGfNW+iFWB!iD{b}KSIHA}wksCh?UWwA`G992FFpVf49 z9B4hDF12pN3cO>&zArlJHI^2U`}KUJyrClY>lnqsEZ(V!SdAVk z&HwrvX;)l4PzFHLYoYlsROf|Mp$s^4S!LzBp)A}gG@;A#u|3|wr9hg6f|c5>NDS3E zJPB+7q!u^a^mn6Og-uL>

Azure App Registration (Application) (AzureApp) ### AzureApp -> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates.
@@ -48,6 +49,7 @@ Azure [App Registration/Application certificates](https://learn.microsoft.com/en
Azure Enterprise Application (Service Principal) (AzureSP) ### AzureSP + > **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. @@ -56,12 +58,14 @@ The Azure Enterprise Application/Service Principal certificate operations are im
Azure App Registration 2 (Application) (AzureApp2) ### AzureApp2 + Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates.
Azure Enterprise Application 2 (Service Principal) (AzureSP2) ### AzureSP2 + The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant.
@@ -82,7 +86,9 @@ Before installing the Azure App Registration and Enterprise Application Universa ### Azure Service Principal (Graph API Authentication) -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. The Service Principal must have the following API Permission: +The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. + +The Service Principal must have the following API Permission: - **_Microsoft Graph Application Permissions_**: - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. @@ -142,6 +148,8 @@ Beginning in version 3.0.0, the Azure App Registration and Enterprise Applicatio
Azure App Registration (Application) (AzureApp) ### Azure App Registration (Application) Requirements +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + #### Azure App Registration (Application) @@ -201,6 +209,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext
Azure App Registration (Application) (AzureApp) +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + * **Create AzureApp using kfutil**: @@ -513,6 +523,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext
Azure App Registration (Application) (AzureApp) +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + * **Manually with the Command UI** @@ -806,6 +818,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext ### Azure App Registration (Application) Discovery Job +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + The Discovery operation discovers all Azure App Registrations that the Service Principal has access to. The discovered App Registrations (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. diff --git a/Scripts/DefineDiscoveredStores.ps1 b/Scripts/DefineDiscoveredStores.ps1 new file mode 100644 index 0000000..6a2a12f --- /dev/null +++ b/Scripts/DefineDiscoveredStores.ps1 @@ -0,0 +1,243 @@ +<# +.NOTES + Created on: 03/10/2024 + Created by: Hayden Roszell + Filename: DefineDiscoveredStores.ps1 + Tested on Keyfactor Command v24.4 +#> + +# Parameters +param( + [Parameter(Mandatory = $true)] + [string]$BearerTokenUrl, + + [Parameter(Mandatory = $true)] + [string]$ClientID, + + [Parameter(Mandatory = $true)] + [string]$ClientSecret, + + [Parameter(Mandatory = $false)] + [string]$Scope, + + [Parameter(Mandatory = $false)] + [string]$Audience, + + [Parameter(Mandatory = $true)] + [string]$CommandApiUrl, + + [Parameter(Mandatory = $true)] + [string]$CertificateStoreType, # Short name of the certificate store type + + [Parameter(Mandatory = $true)] + [string]$ServerUsername, + + [Parameter(Mandatory = $true)] + [string]$ServerPassword +) + +# Validate parameters +$errorsPresent = $false + +if ([string]::IsNullOrEmpty($BearerTokenUrl)) +{ + Write-Error "BearerTokenUrl is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($ClientID)) +{ + Write-Error "ClientID is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($ClientSecret)) +{ + Write-Error "ClientSecret is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($CommandApiUrl)) +{ + Write-Error "CommandApiUrl is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($CertificateStoreType)) +{ + Write-Error "CertificateStoreType is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($ServerUsername)) +{ + Write-Error "ServerUsername is required" + $errorsPresent = $true +} + +if ([string]::IsNullOrEmpty($ServerPassword)) +{ + Write-Error "ServerPassword is required" + $errorsPresent = $true +} + +if ($errorsPresent) +{ + exit 1 +} + + +function Submit-RESTRequest +{ + param( + + [Parameter(Mandatory,HelpMessage='The request path')] + [string]$Path, + [Parameter(HelpMessage='Body of request')] + [string]$Body, + [Parameter(Mandatory,HelpMessage='Method of API call')] + [ValidateSet("GET","POST","PUT","DELETE")] + [string]$Method + ) + + # Fetch Bearer Token + try + { + # Build the token request body + $token_body = @{ + grant_type = 'client_credentials' + client_id = $script:ClientID + client_secret = $script:ClientSecret + } + + # Include Scope if provided + if (-not [string]::IsNullOrEmpty($script:Scope)) + { + $token_body['scope'] = $script:Scope + } + + # Include Audience if provided + if (-not [string]::IsNullOrEmpty($script:Audience)) + { + $token_body['audience'] = $script:Audience + } + + # Request the token + Write-Host "Fetching token from $script:BearerTokenUrl" + $tokenResponse = Invoke-RestMethod -Method Post -Uri $script:BearerTokenUrl -Body $token_body -ContentType 'application/x-www-form-urlencoded' + + $accessToken = $tokenResponse.access_token + + if (-not $accessToken) + { + Write-Error "Failed to retrieve access token." + exit 1 + } + } catch + { + Write-Error "Error fetching access token: $_" + exit 1 + } + + # Use the token to call the Keyfactor Command API + $headers = @{ + 'Authorization' = "Bearer $accessToken" + 'Content-Type' = 'application/json' + 'x-keyfactor-api-version' = '1.0' + 'x-keyfactor-requested-with' = 'APIClient' + } + + Write-Host "Submitting $Method request to $Path" + + try + { + if ($Body) + { + $apiResponse = Invoke-RestMethod -Method $Method -Uri "$CommandApiUrl/$Path" -Headers $headers -Body $Body + } else + { + $apiResponse = Invoke-RestMethod -Method $Method -Uri "$CommandApiUrl/$Path" -Headers $headers + } + + } catch + { + Write-Error "Error calling the Keyfactor Command API: $_" + exit 1 + } + + return $apiResponse +} + +# Step 1: Get the available Certificate Store Types +$certificateStoreTypes = Submit-RESTRequest -Method GET -Path "CertificateStoreTypes" + +$desiredStoreType = $certificateStoreTypes | Where-Object { $_.ShortName -eq $CertificateStoreType } + +if (-not $desiredStoreType) +{ + Write-Error "Certificate Store Type with ShortName '$CertificateStoreType' not found." + exit 1 +} + +$certStoreTypeId = $desiredStoreType.StoreType +Write-Host "$CertificateStoreType has Type ID $certStoreTypeId" + +# Step 3: Fetch the Certificate Stores +$certificateStores = Submit-RESTRequest -Method GET -Path "CertificateStores" + +# Step 4: Process the Certificate Stores +$storesToProcess = $certificateStores | Where-Object { $_.Approved -eq $false -and $_.CertStoreType -eq $certStoreTypeId } +$storesToProcessLength = $storesToProcess.Length + +Write-Host "Found $storesToProcessLength Discovered Certificate Stores of type $CertificateStoreType" + +foreach ($store in $storesToProcess) +{ + # Add/update the properties + $properties = @{ + ServerUsername = @{ + value = @{ + SecretValue = $ServerUsername + } + } + ServerPassword = @{ + value = @{ + SecretValue = $ServerPassword + } + } + ClientCertificate = @{ + value = @{ + SecretValue = "" + } + } + ClientCertificatePassword = @{ + value = @{ + SecretValue = "" + } + } + ServerUseSsl = @{ + value = "true" + } + } + + # Convert back to JSON string + $propertiesJson = $properties | ConvertTo-Json -Compress + + # Build the request body + $body = @{ + Id = $store.Id + ContainerId = $store.ContainerId + CreateIfMissing = $false + Properties = $propertiesJson + InventorySchedule = $store.InventorySchedule + Password = $null + } + + # Convert body to JSON + $bodyJson = $body | ConvertTo-Json -Depth 10 + + # Submit POST request + $response = Submit-RESTRequest -Method PUT -Path "CertificateStores" -Body $bodyJson + + Write-Host "Updated Certificate Store with Id $($response.Id)" +} diff --git a/docsource/azureapp.md b/docsource/azureapp.md index ad8e821..19fe705 100644 --- a/docsource/azureapp.md +++ b/docsource/azureapp.md @@ -1,9 +1,11 @@ # Overview -> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. - Azure [App Registration/Application certificates](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) are typically used for client authentication by applications and are typically public key only in Azure. The general model by which these credentials are consumed is that the certificate and private key are accessible by the Application using the App Registration, and are passed to the service that is authenticating the Application. The Azure App Registration and Enterprise Application Orchestrator extension implements the Inventory, Management Add, Management Remove, and Discovery job types for managing these certificates. +# Global Store Type Section + +> **WARNING** AzureApp "Azure App Registration (Application)" is **Depricated**. Please use **AzureApp2** "Azure App Registration 2 (Application)" instead. + # Requirements ## Azure App Registration (Application) diff --git a/docsource/azuresp.md b/docsource/azuresp.md index 692942c..3158472 100644 --- a/docsource/azuresp.md +++ b/docsource/azuresp.md @@ -1,9 +1,11 @@ # Overview -> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. - The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant. +# Global Store Type Section + +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + # Requirements ## Enterprise Application (Service Principal) From a7cb8363b9528126c0bf458a87ac379ae5b174c1 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 3 Oct 2024 21:13:28 +0000 Subject: [PATCH 06/10] Update generated docs --- README.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0a3aa8f..6123f6c 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,8 @@ Azure [App Registration/Application certificates](https://learn.microsoft.com/en
Azure Enterprise Application (Service Principal) (AzureSP) ### AzureSP +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. -> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. The Azure Enterprise Application/Service Principal certificate operations are implemented by the `AzureSP` store type, and supports the management of a single certificate for use in SSO/SAML assertion signing. The Management Add operation is only supported with the certificate replacement option, since adding a new certificate will replace the existing certificate. The Add operation will also set newly added certificates as the active certificate for SSO/SAML usage. The Management Remove operation removes the certificate from the Enterprise Application/Service Principal, which is the same as removing the SSO/SAML signing certificate. The Discovery operation discovers all Enterprise Applications/Service Principals in the tenant.
@@ -163,6 +163,8 @@ Application certificates are used for client authentication and are typically pu
Azure Enterprise Application (Service Principal) (AzureSP) ### Azure Enterprise Application (Service Principal) Requirements +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + #### Enterprise Application (Service Principal) @@ -278,6 +280,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext
Azure Enterprise Application (Service Principal) (AzureSP) +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + * **Create AzureSP using kfutil**: @@ -597,6 +601,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext
Azure Enterprise Application (Service Principal) (AzureSP) +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + * **Manually with the Command UI** @@ -835,6 +841,8 @@ The Discovery operation uses the "Directories to search" field, and accepts inpu ### Azure Enterprise Application (Service Principal) Discovery Job +> **WARNING** AzureSP "Azure Enterprise Application (Service Principal)" is **Depricated**. Please use **AzureSP2** "Azure Enterprise Application 2 (Service Principal)" instead. + The Discovery operation discovers all Azure Enterprise Applications that the Service Principal has access to. The discovered Enterprise Applications (specifically, their Application IDs) are reported back to Command and can be easily added as certificate stores from the Locations tab. From 6eae191de63ac2f2bc06d9663bd0ba88b882b93e Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Thu, 3 Oct 2024 16:28:02 -0700 Subject: [PATCH 07/10] chore(discover): Write script that updates (defines) discovered Certificate Stores if they exist on a whitelist Signed-off-by: Hayden Roszell --- Scripts/DefineDiscoveredStores.ps1 | 46 ++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 9 deletions(-) diff --git a/Scripts/DefineDiscoveredStores.ps1 b/Scripts/DefineDiscoveredStores.ps1 index 6a2a12f..ab7acc5 100644 --- a/Scripts/DefineDiscoveredStores.ps1 +++ b/Scripts/DefineDiscoveredStores.ps1 @@ -30,10 +30,13 @@ param( [string]$CertificateStoreType, # Short name of the certificate store type [Parameter(Mandatory = $true)] - [string]$ServerUsername, + [string]$ServicePrincipalClientID, [Parameter(Mandatory = $true)] - [string]$ServerPassword + [string]$ServicePrincipalClientSecret, + + [Parameter(Mandatory = $true)] + [string]$WhitelistCsvPath # Path to the whitelist CSV file ) # Validate parameters @@ -69,15 +72,21 @@ if ([string]::IsNullOrEmpty($CertificateStoreType)) $errorsPresent = $true } -if ([string]::IsNullOrEmpty($ServerUsername)) +if ([string]::IsNullOrEmpty($ServicePrincipalClientID)) { - Write-Error "ServerUsername is required" + Write-Error "ServicePrincipalClientID is required" $errorsPresent = $true } -if ([string]::IsNullOrEmpty($ServerPassword)) +if ([string]::IsNullOrEmpty($ServicePrincipalClientSecret)) { - Write-Error "ServerPassword is required" + Write-Error "ServicePrincipalClientSecret is required" + $errorsPresent = $true +} + +if (-not (Test-Path $WhitelistCsvPath)) +{ + Write-Error "Whitelist CSV file '$WhitelistCsvPath' does not exist." $errorsPresent = $true } @@ -86,6 +95,16 @@ if ($errorsPresent) exit 1 } +# Read the whitelist CSV file +try +{ + $whitelistData = Import-Csv -Path $WhitelistCsvPath + $whitelistGuids = $whitelistData | Select-Object -ExpandProperty id +} catch +{ + Write-Error "Error reading or processing the whitelist CSV file: $_" + exit 1 +} function Submit-RESTRequest { @@ -193,16 +212,25 @@ Write-Host "Found $storesToProcessLength Discovered Certificate Stores of type $ foreach ($store in $storesToProcess) { + # Truncate Storepath to extract GUID + $storePathGuid = $store.Storepath.Split(" ")[0] + + if (-not ($whitelistGuids -contains $storePathGuid)) + { + Write-Host "Skipping store with Id $($store.Id) as its Storepath GUID '$storePathGuid' is not in the whitelist." + continue + } + # Add/update the properties $properties = @{ ServerUsername = @{ value = @{ - SecretValue = $ServerUsername + SecretValue = $ServicePrincipalClientID } } ServerPassword = @{ value = @{ - SecretValue = $ServerPassword + SecretValue = $ServicePrincipalClientSecret } } ClientCertificate = @{ @@ -236,7 +264,7 @@ foreach ($store in $storesToProcess) # Convert body to JSON $bodyJson = $body | ConvertTo-Json -Depth 10 - # Submit POST request + # Submit PUT request $response = Submit-RESTRequest -Method PUT -Path "CertificateStores" -Body $bodyJson Write-Host "Updated Certificate Store with Id $($response.Id)" From 6e7386090d285f2247f4520fedc662a01a11358e Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Thu, 3 Oct 2024 16:32:04 -0700 Subject: [PATCH 08/10] chore(changelog): Update changelog Signed-off-by: Hayden Roszell --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 101cd68..626d572 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,3 +16,8 @@ - 3.2.0 - chore(docs): Upgrade GitHub Actions to use Bootstrap Workflow v3 to support Doctool + +- 4.0.0 + - Depricate AzureApp and AzureSP in favor of AzureApp2 and AzureSP2 that interpret the Store Path field as the Object ID instead of App ID. + - Discovery job modified to return available Certificate Stores with Store Path in the format ` ()`. + - Before other jobs operate on Certificate Stores, the contents after the ID GUID will be truncated, maintaining backward compatibility. From 33364ac5095d27eab3f113639a168e3d1a187b95 Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Thu, 3 Oct 2024 16:50:52 -0700 Subject: [PATCH 09/10] chore(changelog): Update changelog Signed-off-by: Hayden Roszell --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 626d572..9ca1d0e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -21,3 +21,4 @@ - Depricate AzureApp and AzureSP in favor of AzureApp2 and AzureSP2 that interpret the Store Path field as the Object ID instead of App ID. - Discovery job modified to return available Certificate Stores with Store Path in the format ` ()`. - Before other jobs operate on Certificate Stores, the contents after the ID GUID will be truncated, maintaining backward compatibility. + From b0831dd6e42367b9ca6be3a13075e3f5d5fee683 Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Tue, 8 Oct 2024 08:27:50 -0700 Subject: [PATCH 10/10] chore(dotnet): Revert to .NET 6 Signed-off-by: Hayden Roszell --- .../AzureEnterpriseApplicationOrchestrator.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AzureEnterpriseApplicationOrchestrator/AzureEnterpriseApplicationOrchestrator.csproj b/AzureEnterpriseApplicationOrchestrator/AzureEnterpriseApplicationOrchestrator.csproj index 9ffa756..35e12c1 100644 --- a/AzureEnterpriseApplicationOrchestrator/AzureEnterpriseApplicationOrchestrator.csproj +++ b/AzureEnterpriseApplicationOrchestrator/AzureEnterpriseApplicationOrchestrator.csproj @@ -1,7 +1,7 @@ - net8.0 + net6.0 disable false false

~35KcR-!nSf|gQr=Ws&!0a(VT&e29h-a!{s4A9J`|%GJb?#Q z??ZLacSQ@G%VYd0LAX$OJ2mPa#U`n@)kzgH;abXL;2{F<7=WXR+M($I^q8)?)oBD! zKO?&Qcm5jc>RTO%<)NL{i%ifjn|!L`>qc5T9-ngd*m^0@H3+R2o`dx3EBB_REU*|l z72Q(B7BgYHw%~>R;=*D5=4UWdZOR%16*D_|_3BknH;=H*Hs(zXwqOlg@o!<5<5il; z^Rrk?-$KIx+-JoJbZ!G0AW4KKzN$^kkWzMGb&&C8bp-`RY!=inutCvkfES1Yh)f|} zBQ_l)m@~?KO)Asm<>iaCxq#K;3B9$MHg+CBS3{Yg7RKe%b^+1sLFZSQ_7VIq#d(%< z5&iwCX6vDxqP|cvb*l0S9zmo1zaNi)qV58u%`n4g&CiU}&YzQ%TtOu66IR4Xhr$8a zzT~rm_t2Pi^jYmO;gL^z2=)M^Tfk90Mr@VufKseIOIC}{gra?{qbRo`p*bc47|YG9 zEcl-Efz+lc_)VS(njfGLP{W@`?kz=DR+exAE7xvyKy|@lGfaif$NHXLi|u3!G${e- zVmGc|?|_{i!}zQ2Q6l$7s_z+K#7r|A)~`Q-!8+ikMUlF8ZDeGm?W5q(ZVrwTk*8}u zy;VJBHQwi#mc~zz?9t9LjDz%FE0?a3r}(cuOEda1tMjl381JSKbOZ1Mj2dl&gUU%y$(m~9UGq`% zug$EvM_ifCz+hIkmtVhtZF)8EL}O0nGN{Vu77B@ zE>xH1x3(ro_8k~sziq3W>$?gWKHy-r) zs+OmgqJ4&J7KM#~t4cgVU$ileSH!yWS`Vl`wH{>e`@!1Ye#!Ux(xy1d0nzVn?1Rsn z>1AFG_{`|gE&lpCLLVe-&1`PYU#Y2r9=AMpKW?d){Yw<9+~SWYM8P^SLj;97#d-Tv}w z9rpTFKjPB9!ygwTJxfx@r8dcG9X5ud4r?&TW1Ewx1MYEA^@8-Eihr028}JDH)Ku%4 zn5wYvTSAuwq)r_@3kHTCwooTprgFGR2?Y!z-P&!u4*|!Hp}9%Inu>sNOO(pnj_Pj3 zGEER_-0xx3x$7AiN+fu4h$ltGe*Osda(>js%&2{6=Yz3@00?PAyO?UAgK`{D@2Z{u zt_?)3j-2sAlnfR>!<^wM{DX>$Dk36+2>5{fEk6O6+5*K11>DwL>*72MD1{eTi%=#Seg4Pnu48c1cS7!}l!qb6#-n5^Xe;@Y7Qro>Z`Um0IHnyS;_0igNmlP44+5r7jO zT<@lZHZsQ)mq$H>DzI9Nr)dj2NF&e;#A72BerDaWWy|2&%r7b;+$oHhL?;D%Dh+wy z1SbHu4Eb!aUBG0RGxG=CqhGL5ypc_~gq8d+CbhP z%PwEOOvrCE%Mgg2^HS?T5`%-MCmp6p6sm_D%NS z=_COu7y|Po?fh}zyzR%ya`mWSA8U>7(Xj;kc{lhk>FMd0D`sTRwk|ICqpZG?Yh#Iy z{rsg%*haxcP!#1&N3mi^B`6CMc9T?#qPdD0#()=YZe2O~-I|AxZXlrWgSWbkyo1?e zmu4lE&I^y0?!pR3N2I0r)sv@BPr>E1#O{3z?)YDw^6;CA?9OSIS65ftv4mD>szLrD`TQ_2 z#1q)BEfK6ix&7_kzM*_j<8r5=kAT6N}dlaXPO3d|`VieH< za3p~|h3q#N4bdT+DML=#_)6er)c~EMuZ9<2_jk+5$=L?yJg|iPf`Wovxz|u_z=?7n zxE)ztoVQg%{mP3b1dB5=8`|KEC&WpRkY!S7ZmM?OBSO)9(@FT8X{N($KWC(DKW}!% zlUXU&gaEA>TV8dPT;BTr{gL2rx3#r7QIW_}A9O3apO!Xxy$O&xilk>%-7yo39jVxr z;mCM>B}^=O{0LlJ*sZQNfnUbYod@t#cVe+3eSNl%rHJL{+OEV$9DTinVk-h{i;4_;@c@) z(1r}lxo}N3fa$J+mXB(sY3|&)^HtZX=Ncn`Y4K?2po!S?Q8STPe-BxpI zVx5g9Jpxw0`L!EpU%|xt%+_{|(pI9?95n}b{#Nb)ETJFG1?_gevs2=fJoDYDHqLVleQy_^ZfBeD93UE##SHu%c|^_It-0J^PB*>*x(X<__{z7v%upXpAcU>hzKB z5pL(`5@W3Bv8nzXdf6+mdR<7DB>Td6X#HV*BSF#m;q9NVM)eB6PD#$>AXie@+ha5&7SW0Tcb$af-p0p_2EzBY0Xq z$LffPh{)RQM}Ij@5dCySdQk4$?$OA#%0G_=FAQ)b3byZkV($=?{<}5Z+OH+H`9H%T z8ugcqV4i${7V;1(3GOWw>jsu;ZKGrJ-+Eu(X%cwHL+jvgUDX}n&wQ(`b6|qf*m*CB z?gCC@`@#lv7^5wEk3s1gYnj|xW%?KZ(Q zNZkkMyawzr)H1{{0s9*tfi|}B729#2(ADK86(Zj89kyg_2*YUOmfcKIz*@f+OO7T` za2O2_AVL1cOSB zEu-q90N<{PscQOA#z|?&5stj>m)^xETygC8m(^-Leku}?E&o42SDHK5l%Hzon;J4I z4m)-B@%GWTM&@*~#XO8RL%rrY)^@&SCX;OMmx-RLz_Yh+?}Z{}CsZ~7e9+6lSL$xd zQgHBRYn~{CV48r;isA+L?k!!gMg0a8=p`tVi3E%o=zpm4;jm7W<3?R{AFxfOCZDRR zD#4J#E+tRfd!E)t>p+xjHH-F+SN|1tDSvcr(DnCd#!TEH%ag`szyGijUUZn>csH}o zZ)hQM&tJlpD=FI7os+z6qbO9cdCO1!zvkaL_0j}AC*|e0HEpz#kfp#hO1Fpv| z49ujBc9?&*$?KJs*+2DObusBl+6#8@+<{e^i{G*>`H0OK;vG#CZiKZ$IZnU@6uwTX zkXu6a18tuN)@vAy--BvfqZ_;}=?B*S9{A?(m6Pw;UR zPzIU_T9AkUm__JJDdcTLyEbp>{a@)y_9u^!??J^;CH{Oq`&qipPWrRd~6P^cgQ2ZmD!+enWPdta9mY{D|?Sz;u zw>=a6;6#A516iS9(1lxftzy7Qz2@{0GY_(3pKFsW@eDn9|AEf;pLRa30~=b$Zua{{ zDks!w7ilI7G<(WzEjS1(KfnwYbPTuBAl!Hi^#FiN)N&ZMucf2Cb8L{}LV3KM-vga@ z8=UM}){QM|c4ED<7mW;dwi7k-HjSy9u6E7d23rJ!#pPRelI%|l?g#3$_4dl&ro<^` zjGEOE7+-4R8ZUcQ6raTGrlQhnQ;}ubd*98??Wr{=M7Edfr~SKod&>Z*(Qq4le(6YW zy;KT_@^=a>Q5mC?cdt301N@EdP6RFZ>U(+!nQgahK%7`h<%2 zDs-(sQY#|B43*4o>_G1 z5toVHK_s~CO~JMCOpiU&7&Ma;lsD|fm*%Gqta2*ycB*^+5uck8elmx5-IHOu)m{|e z{E@6?3~%`ea_+ z$kY7ISewcHoB`9!i&v(P)wnlm!>?HpKcmpej#R6(?yTyO@YRy`=E6=?Ijb0U>_#To zS0r{pr3|?qXbg`=-2(#$7Bz^=2MRCjTWeZ|fXS3pRk@?hW$TwbckU*3W>~P}N^QT? z)L;?5c(04}NN_uzt|xb*~9dsoO>9VdqrFc*v1?=-FOCwuWf2KLV>{VvQZ}g-CD>1P$kb-pHkB`{r;DO#$!tlxCoURkawX+j&XJ z2!qyKEV|248=NN8am?G??rG2& zzj|ii0~LI%X9SVe7rZTcWTwp3dPipiT%1l2vQ`z zRzeDqY6}{-=hMJ@r)jvptk2M^s>{a75^UQj+ZlQAPfA67SR%45xw7WPzAT3Vc4V1v3KtufN-$68MJQM zzMT*?C=md~Cj;igF7yGd^b$8+{8$yc59PE+2}rQv@o|mm(XMQ4If%{s);5NI$Sco} zS3WpcOFDE~R*x@0a_*T>bg7!?)Q{zN2b;_At+&C2fN+&4+#;dDNSzX3J-tv~&rbn@A`uuTpjn5O4oc=t4zSul zrOJRdp85nZIYQw#VsaxGMia`Dcls^Q0bDkDdb+#sug{pjYBW28o?MkTfCBY6U8v3I z>H=rFw8^|<01b;_UlB*afEGmyqwBCv{bTeARG-kmTTT4BBN|HJH^9L6@Qw@u%t%!% z#0mj2Ub`W_3ig2uLgY}!b|DQ$w#ip>tw&h;AsU24p&I|Y3_>2Q`c2$*QZl0t_e;bJOOm|@J$)CYlUL#s@ZI4^~YRGp#| z?lgQHqf;j8(LQm6=R~(}R8*7+gd%VQ$p1>k4JpF+A$eY;3WprR1|ExvQBhA~rLn!6 z_IiY9SBa*QNIs<^FAxHg2%TYO@itc^^S;CPj!U)-6!Qd7!Khyjfe^_wM0V9S0H`o~ zl~`|e15LYJQC`R!$3ot=M4S?NOQN!0|I|D*JT$cR`XqIC58N90*lo2$7Jq?1LLsmV zz*oxGp5c<*RG@Z0p3gitk4L4u_i7fpSeT!lqK-9!ft{#c;77SP3o7U#pz7tPJqr!-?S4{9RvcyauNVcfEca}@e!DLMQjzou$3VXA;?Ktd3if3XwnDa z&bGI;c^QPZw6tK^>IA185gAF~p89wtGLx1l-Es`x0jgApec|Q~hB65;iB;G-O0nRL z##w_i15$VoPdLf6R|?>45tDf{)s@)XS5Z;KH3o(U<1Aa7`$D_dS>`sv5e6Q0=LoU* zpgJ)UXpq~6eTsvN%MEIh(eVbAF>Ex;HXUb1wkP2dLA)a=_6`*HD3+)_h)A#5B2t82 zK1N@|gXQAh(L4oN4nzqBcrxcNUtSfzB09VA16~Yc7eV3Z6f=UpBL&Q+KOPb#EEv@B+=knZ z8NQhR{-J$h95U01SsrZ0I`%%7uP)dK2tde#`w$A?{iDcT%fZ}PeVKU0GGKWF^FQli z{O6l#wtE7e#9HDE?P-Qo$ATF^SrJ_=EPqg00bM`I$Q_LaNML>RJ8;JpxmWioT4SiWYw$kQk@o%wAG#ooW` zZYADKZcOj;yYWcK{{x{j04fS_8$XAZ1IB^Qyv2DQ1d2g{jlpbEm+0tz7B~RLNT=To z{e7SBv!E0(3i%V%+dm&rs{BAfZR^3&fN95E!P&&zsz<V~G$jKUv53#O$Voqy6VND_i=8U*H>J)dGp0QZ(oX!!~((x1faQt z`~M~2c3KS#i%)@iX2A8PQ?&)Y0e%!ptZP1R*OJ0r7D5{#PR(z=lAda`>R<_ zVt4e#ixM$7Fb)f|xZCkx8SxznT;j?G9popYlMxmFM&tC)ny3G-{~iBPyVNhBDq77o z;+10Y!N)P>7uo6Gr^yy4cn5Tf(?plaXxGL4iXC)4rgZ7j0hNzUWedTHz~j5JE{~;- zTN+DI=Yf7lFZAC1)JbW!tKT*jwt(f;O6_fewD>TN0v;s#4xj4t2oWR$ek+AqBF zdv#phd~mabm;HgLxg)%5AF$*JKJsj&_guC>v9hxKy1X+tIM3^8u*9Xiv?-?^1bsfe zA!_^NsIi^krpv*fZXD_`yPgr4#l^&8Aa+ZPbGhKf?%yLcI|Qx#R!gkpJXe0vV5~g! z+04Z8=c%+|Qof_pgJVDWsty^iJ2Meb;^Cf`G!UcmET!$Veq7kjeeG*6O-uL~v%3GT zI6A0fel~1&{?LhKyE!5S!mZgZX;oBe7BE-`$gvjQy7LlT?!~@!SRuBfyB;dgY%lvG-fEy zeCcu(T~&JHjSolc^gxmRu0w~sh}7?rv)jHsdmOQme~#8GuWFMT)zID6_^f<>Nc6p} zpxTa!X%mN7#S}I^{%jYO6J^UgvBaK-$Oi&;PSZTFA;D;xdv4Stexj!4H=Ur7$Jj_T z`SYPOwVox38k$Y^3nmVxCgyD&Mf0n5u10;;vl%VpfO)ZIVH`r*F|2O>-_N@=7ZMRu z-dlDKL4Ou=@#LPSa77`1tH@o`D@u#^>qj-SEUc390kg*2YoLmW9w2BQ|E0+{&`ou# z&D1FGN?~4i0T#VwYiOTb*J+Vzp8-1r3i<`9`B2e24qES85Zt)0yxUiFMA5nIv4u8m zYUMAR<(+5UX1=`Cd$6%C5QQ|>cnBO*GA}bfyqP5TIPWw4d8N=@%o(tuj z4c#-|u0feN%e*UHf3uyZfVC3UXf@^zVTNU5d~rKWP*n0+{k}~iPGGm#hP+0@F3(BW z1}z6OdSJLFMGw)pub`$rgx7%+lCZH6A~BU9#?y`|UEW*zm)iYBcxm z9-1eX;N%f?Sp@3ttC}Z?%Y+G60st#{Cq%qZ-2~D}gas4?p+AFt1=da%Xm6mPAtWw| z%XuZ6p!~bPfzE*#c7Uwm>8dRXs`CbH6}CDI__m~=VEIyj;?PhvY<9)yKuCrTd>N)g z--E%iwe`KRe$kas1{gT4F3~&?|)gBLc4f zOaz06bB4gd9h+t{2z1n{#bEd)FI-rIzHbM#5?H_!wd*(;`SmMN8%AU6he|LEH;S~k zkne%)x`?tW&ys> z5~Z9x@H@n-_L~KTm8OhMjQCb zNB1WgDiVyA%)7LdYw;_5tD8_jA*Ar3;9&X#)a$&aKd%rKI!v*k$b0a21Z5;vVCWz} z!9G3v&@mx_r`2|n$*^mv4&N;u6znv5a8f%H2^MmFcON<83y-Ku&mWI`n4*>-qUM%Z z58-p&Wi(Ij?CVuL7O0T_xu^jd0?1q$`TaWrK6w(40*4c`W#R-pu{U^GSM`g zMiYg(?V00omf3OzJ_$^6A(|spG2kCa5In@v_xeS&re_(4wO2XsT)jy1L?oA)J2a=` zd0$J44g=I4kg%+Pw2Jgp7#c*QK!8|~&#RDa%6Rzp2~2vbuUY0iXg1NJG2(iToBlMk z<=AV?^x;NB$5WmV6AR9h$_~2U*=y~#m!`<6>eF`qtpz}|B9?*|fC-3&9A5NgM1zl8 zw8&yT$+V>?MZ|E9hD!r++NVbpuH64hEx1}-Qu^`xc)44ydl<7*sbnECB*WS2s1LMd;DjKmc9FRb+;o#taJMl7%K|diK zr^v=DhJi=MN=WqCsYXpG5@63aQkp(9{LAWoxs^~vCAy|cNz;GG%ix( z7=p5~lPh#|bVTNcPeF`X0V@VM4ZyU3v3+3Nbmz1wU1ziFJ;nL{K^i7p!vOpVyfBDi z`c^?1h~}{elMT9FWH_5BCO6`kI-CQ~VqhkH}jYu&O*i<3L!k-n+8WJ~#t;;a#SV=+p0jrQu5W0xv^4CNk?mb^#Q=CzsVrs7b zIkl~_RY;QmVVtG6x0ZtKIu?;2bgUa0pV!4e`mBTCH4^KOfxU!c}t#DERkWdnYl8XjjlT)Z&dXd?CM5jIiLv;GC@*g8_d`op( ze#v@^x40Bb2P7xmkbAyi_8^r*XGHCeUN;F04H5&|&>)+pkA)EKKO!(k`wPT{BpFdN zmwf!_0aH7%-a`mPlIc*-*HpPq<7*ok8@B@<$(YbX(+Qy)NkZUl{k30Rx!z}{>P@oF zml4G;{G8I9748+2=|)JiFlW> zcHP3nkdBqx5Xsvg*;8L%k1IQfazav4a&(?|x46-r@sms+>~qA;W*-SCZ}1e^af#NwWArbNZEa59 z5O7D!f3d>D?Si7|GXDh^wv)j=L)FX*a-7j$UUSN9=6;kTG<`Lu4pF13x{B!rsS0s^ z$h=YNpg}1j0cG&m4t5)>JOF-UKqJmApZ9x|%TO)5i{EgfbbQB9p7nFRapT`ijf@G^ z-+5AvfjtmfHp4hWSb;m+|{rt|5a4s1c9-kSC|3HLN(%U`|bamDlKKv}}HHu@hDbqV-z66VdN~jCk%o*~xWNM<=l7X)Ds? zAFf~ARI`p9fAa_HZ}yWBa1RcbWs}Nvu8(RoxD(S}^=HW)5&L=Z{yFmRA7T9X(4|}Q z{lc$aT{B6x8}?Jd6+JIYalcbqKIJt!Lrq zZu4Hv`r_gJ(%*;o7YO@biIbr&Z<6Z_JTO|m+{uFb))!Tl#}^~RHW{P}bfg)N-(NGE z>6>^WKqt$~Xy0*DgEPN#EJXU#p9%8cO1GO9p*d>DelNnJV?Jr%@Pf*`IL+iY>DSWi z)rSKD4w|I zPD8c|6lBElMbxT{7r&okj#{|J`6iH zJw|kYf1fjacqG{eMI(=C?91PP?dZ2`SxNNwsNjl1qTcDXpU%EYS5N9qT-avN(IjsI zI~8L{OUkPL*=Oiku7oM-@A%Q%N9cjbUC9NX`%~y6VQj#vXk6JMaf}jUFZio|E za%Tqx0p1m%x40xOE|agVrA2Zz9!)%aIOR+@3LLrsXqlu)!t+;wTwUd9VG%yho|TUR zm#*dzeGCHUkQzta{lszL08i-{s0Id#?}Z{joJNL*J9&A%Nu~i#7J=jO1EO1Q*T-%n zCLBahBU2K5Fv-?SvN9p<8`hDP`G7Ma`wIv74CLu84lkj=xnBVd?eLn9%5zVHMT~u4 z__k4Ehnr66nl3v#sbbel;SCfE%P%c;0Tzr_h~=Haei92#9w5KL_fG6R#{>nFk!272 z(Rl<36csrFa6};a2l$o<-IH$CzXh?^BnXgr81Wv-Kwi<&;;0hj`7pqr2KM5X9!em`U&-fAU|^45plv`cld-okOBeVvxBP3u)mko*8YwZ(P0gVys~%i z^*5Ukbw>1^fF1{1^DaBC**uz~%pzh_3cnK(lA~Cenwe?;@dGij_0 zJ?dGw|5ww{5bFafZ&d?>YB2tPtXXpl$R~dA`PIekcvVyke|5P?YH%n#Yat^E2sFg{UJ_1w@0%R`*R@RpWC`%9d&ERe~@r^ca;E1FMq<1gI)h29cp>+E1+ zGNbBDhEz)cWe%jas!+6oz#{P&!~{i}acC#Eg3h5pFHB@auqyvRD~hcVV7e-z!cNF| zYGEss&oJHt^*FI}VVm3tS0ki_uEEI`e1~nT@3rMJnO5ARa(3f(sB}X*HcohgAd|`c zOaZ`blCv7fZ$Q!%AaiN|`SV<~RHVh!Fe`@bOB5djPXJj#lcG?CtWxaA+%R3N$??5s8Z3cd7cSZ#dDtaI%rRSJqH`UZmA;ICS#||WdlcaqN zN{B8t(y@rBgJZzthWmLPvyg>@RKWNOJ&3ih?%jlgM{a3pm0(rMxI4gz2iAdhc#lzL z`#L^T@3S5!HZIWaln4xbd*sIzuP$F<>51P@Zd1JHw# z!or7Wb3Ji~Okh1gcXPWnS6HLmCk(2U6ZQTXsPS=H+zR!oWZ>d20c=;t@qliHWU~*m zR!vv861_Dl7i3F;P4Q!YMn@+aL|B~GBn!Anpef!0w}r!aTKQbORx~6R|k2%`B;Rmj*bLSghTxN zQ7BZ?ku|EXe+gc1pg>%2n;W6VcEL$t7(L=~GB`obFGi34<=gMib|&F&;vx{(>8oaI zXCi^~xB<%J=(LtlXw502(DtF#Q^kcN?H~Y=GM#}#n0BVK{Ky;e+uybN>_ zjqtf<>-5m-W7%kkK1hWtTEt1%VE&(2@hv6L+IdLal=13+BrV{Qe!`iiLQSjF3 zRrFgOnOk&j3(*(E*!EG&({*y1=1)ZAut49HiGz2otTMm%+`Rc@j4I+oZSwtcc5zkT z((4i2dWx~VtT7vYp`(RvIn#M178_FiVg;=B{odHP&G!NkUX#WHlY*$CQcPfU4 z5;v9xwY$K?#q;M`v2lSIMx;G(jdgffa`N(@(~Z<}Dh_-Xc~zd>BfKuS^L^*(9OJdB zI)|h8O7sNh9>jVN$O?~_5b5Z_0g0J<9ER+i9AN{@0c$r7vFJwCj7M*To7X}ggGbSZ zF-d;#f7?1CXk*O_S=(t~VuY!{CFfUE^gC87&6)Imq0K%QI1&pY-2~*l*r{Y@{fZ&0 zxPQ}jrYcV#fh?Yw6HykxGlQu^gR-M`d`<3a|2zIkO-EVR#E3J;8fo95J2Cux7wV;> zt)`zRJ4_-P8ekT{xoRZ3R{Zp7wBAN0CTeJkGnBmuPyih2u24qhmtsM zAprXjVTq6vfgG`)6Od7ps69f)VFQ4K@HE8ps50Iob5~GMu(GmJ`So1;fa-sAXGXUc z7Bj15!ldN&6?03_qn*2Wo}+zEDcdP4$50uIFTArg-q^g8fC=JoLE{JjX1lRUqccRZ z>uac9f%z@}f&M@hv~6Yx3GI`DUZ%yWwC^-F`+^T_{Us|%h#5@B@3G#P2{X^sGGIKT z6q|w55SP{7k3^b}-7Q2B|PS&z?ma$-u(mnUOJV z(qpc!skw3ccDKk#4Ucy)-9mAqrlH}h6N*E>l+;$s7ceTs9W6P|niO{RQJH78 zA3hcuD$K2>QM@X6`=Q>z5FcL7kPI7Yr3CF1M%?hn?kd?FhXIRpcB;2zcfK5D8>mUf zE;F66%`%X~)pZYp_?nT_avm4%HK&=xb7^6jDMSTy%x>-&N|1t@n$hbF;OK%Pm6u_7H|`;inN38b~s*NnWFZq2u{>Zv*} z?<4&ht21ZVpL3Ko=WKh>C?RAqmPr<5XopUVWaFr^mp>shnyi{G!n?}?0*ZZ}=HEIo zcb-pnl~3fwy`8_`+h}OsXFufl)H&X8@aHgdD|B8XLX9SDXd9N=QOCP{qel}xnahIyYR^I; z%0BmZV>$+vk;LEsfm}JZzq{Gc|5-Qt-?Y3ELC2NHL4!9sm8J|DuJy z5#4_5=PM1>6$v62)C(U7r8OA74Qq;u`#F|jZKTe#)NntN_gdu@=;vtEH>p!8KfCV; z6IV|_cX5|Bcknb{K)|PltRE*vQFsG{_JDAh%xe@s4}*i1t}cfxo&OHm29k~u!yZ9C?^kmM@w#6H^`ZPO=* zpP@V{5&}d@wDBka&V*f|;24FE_$q|$1J#1|K`O_}i~=s=B9s|~ z1wh@TiMoUM?@ka}N9cMHO0Ml@OO5ncXK5P8QzX#5+ zy|>pD?LCG&QpG~hjdjT#J$!gKAX*@`RKy;OvV|;IZHr0lDv%rUkM$I z&Ik!_R6jr(K`ID+>f6D#XD}gt2|r7xlna@A8&n^PIaa=Kw)kV#m>^l6$j*KU04g;? zb|ZA9vZO{q&qc;A?5iijuDk_Xh}5G?5PngSL#=_fcjA2r^@xPTo9gP~=y<7&_lv@A z77QeD`6oOaBILm*B&MaoFyI5ShgfJRh)l?bQh%lTxF62uz|pEeM#4}hz6Q8-P%-i%wR&faIch^!G;m|XZKo)xXZ-rN;{2kIV_(s( zpfII(z z&&#_k$*Hji=r=SAL`n<10;>ZFa>%K`aj0T0{0%w+95skp$NaIIYFmY4QXO!V(}5>7 zpn*&qbL>fSc?jKWA%m@{;DfRD{eR3B4Aijt;n*8@piVEOIf+>kWW8!w`RGd=U-kCgJ0f)xQ1kYJe$0?JJ)u_P7`tvL~SDrQ@Ffxt(~!Ha$`bhg|$Qw5=n1mn_g z&0UvIW-+)88eeBP@i0JkgYX9^4$=vWQ2ltla14&;rDRS&#w&TYcflJB6RHZ1&tz5Yh zLp~8iA|fnKBB%ok@TZHc1kgaBdSP*~)GNtts34uCq6_o$UwpD8=xuwIY^Si-ksZ2V zGQOLrjG1(d3Tq$x+G!uec!ZqV0B%47D`cj#7)i^)CBBx4W2BIuBDRY#{5YD^)pfNB z4yL$gskKTR8v`NFfui+#3=Ix?gsFZ{Gy|{!e+eHT!zf@i=#f;_)qMgwcx@W{wL zIQ6aiV#4R!=Pq8X6P^n9MBjq7P@K>ZYelYIy9R)T1V}byXs*g^q-ssBaP-BVA{D(G z$L}FBJYF&51NKw-G<_yWWZ)8DHqbI> zs(o{XDq^n{aF!0NFeH2rmL7;kJRBXVv96WzpIh399B$FF74_qM>Ht^-aOT}3nV3j| zt>MT5ef@g1ROkn^Dwsl2h&=-n+)tNO-UBdD$Z2upXYlYDr ze;1xJiAmgC|5{G+j3}~uQH6`-*L<7X z>~qDX;gstNuiiTfPSyv)6l7!;ME=$S#I5m3ODyGczqpwzNa>e=Z6~LiRqW0^``ins z)J4X6uWUTMsXgV8)|^bd@)cE;G~O+H$0VP62Nk<``oA6ZPy8w%!`ZfR%}6(=q&4+= z%Py)@LR%7h-_jMo+EdT6t57FWJbvzf@e~IR67C^CG>T2)rNth$KM7?Vx2IxuwNQuq z$ev)Oz{?xoS|2tGj$wFqSK3qK7p+iH>7tFISR_4`imwxEe&m$XAG7|&xL-lg??l;m z?i%*oZ5PxpslVf7K6Pq&%jnaRGR1{moM)eFEidgJq^(pDjUBcWKih%qARLkE0lid$ z7M3HPt250IaG>?(md2^mL%c8+U}oQGO5Kkgq#Y0~cg?5^e@RC=M+AG6+RdrCH_=zN zzVtY65oUu39C8xxJPz|C@CXGg@dJPV1{x+=6<~U?$~iL`y@+@A#Ik5Uiw`t{mZ`N> zv}6X*@pCM;6nqdCEz68${rip`dj@~4|Lu_WE}+Jf_n=XJZmiRYcURVajdQc7chF?5?PNM} zp!u+30_%PBygU2ZP(^5dW|*ViubjPAO-&8)UgVrqtc&eveG@X}+V}hW`4uBi1;JQq zDACEZ2JGOC!%<@-_PhsOjfGQ~zvVB|#BMJ+_A~l=%oei22nfihf$Esn-4p#HUp6~u zG)ApRX)+{!5*D0rC>bh4gtO$vY-CRAwY$|eM2RNLDz&zr*~2Uzzc@%?xYWXSL?C#? zcA4BE9di##lDy9R^3o`h5Jo~heSCa$ZXo*@x8nVmFZ7VP;LavAO`zr=u`bBw1guFc z-I;nojteR(XyBgP(Yg`RmMW4B39UVeCjn+t!B-8Igq&b@=ujJy$6o?bt={hm7Y-z4 zVR-%2>})c?>6TOkTM=6cJ{9roS|E0ap%@qQLMG;3EOQ7#!pLZWM158)G}0m&B@6I5 zM_}b(-ZR@GqX2eFHk?{b&J`tTT%9UffWx8eQiY^|ycOAICM+j1@lamHGu#5GWdoZE z9D83tr{RdawfS#V<#%lan$6D3JGqGgMJ&K^)S1B2jZr1{gv;)i-6v{YvY6{)T9fV86OtLD8u^!TGBEd)W z-u#EqC<_xkq<~>yj6z)Q2`ea08JtpV7)HlwG1@uQmI?eCLs|M}FmyAhO8H3I2kL`S zBnXkCpU_R3DEWhB0WZ@#nrS)4jsQ*F=5#M4bSN=7#D?Xf>h3=7i3+9zTo;Z}MUA;@ z@7~w>V|K$osG#qUgy0c5{%!y$i9-wx84kytgJX(9_!9u_Kl^?`jrReOngwW+z5+-k zAJLTRj#?4}gJLQihAnhN*rkZz+fFyL3%IF5TZ_XeR8B0$M%$fnZ=p& zf@oE#zZ(?BTyH-ak$8SzcO1(bn%&77tDZC*_}*2Tz@R)e1sN!Tba!AVVhQZ|x&=oD z0v^Fk?LkjT4ky9gKsy6X)C^d4vQl89E7`mVj4o6Q(Fm( zy*e;gkPlGSJ&6&5rv4_ZgG4_I(3IFL(51=Vv`kuuqjsSKBZYBd;vtM}v6#AzI0yx& z<`PBI(W4~hl_>ns9N+>zRT+^4Ssa6;rq;o*AXF3>gWE^U9=KCrfeEAuszbb(SUFA#;xxxeCZOA$`LRw^+Er(%6 zWGA#(;0}6jOrY^>>+BTAVu%&%aXdpOW&-&2zHW8UOGN4g!}U3chY@p3+C9)(gcrr{ z2%U;HoP_96ezj!zqv^Q{h6w!%A}5u?M6ZoZSl*pFZk<8e2cr1IP6oB3qgdG9;cqcF z(hi`nW`zn3EIFvdV66}=*#y8Q@DpD5IYC8q@Ow@L_Cpf>gfB%B(7U^fNg#9PB?>`3 z&>Vzc*}F!UzHP|*1nhBl5K056y*j7WMYhK`+kdCvlc3=;x*hZ5QXb5uM#`;YMX~xk zW^*J)My+^l?%b#Z%sS+I>oi!(iJD#o~hWn;lS4afp)mGm3w z)o339f`KQm8=wP#KE}opU_k@cLUFPP?pGXtYoWX}OE5o#L4 z^u;XOo!ht185<|Xe-8)@1tuOQHN5)iHq*R$iwlCNeuxB)i2BNB(Q%j8wLug$?(qGKN)3AVbCQyU zICt(>2obB+l=&d zzz{<_E?cEQsEU;ufC$OH0;q*Wft*N!*;$4YPYVhj02d48)hNG`byp9kPKY68GhVBs z*ZCI0#}bp0K45zX3Dc78r3(fN5hjnZAog>9g>>OGqyc~vru{g0h%6oxT^+qsCdcQX z;NYv#(uiYz3M!CbaPVY$5Ak0anc=(M$KbG6BF`fKWu3O!sY(ECC!(dhGwUDQl&A-BT>$oBF7p-|sx4#fJl}5gA$R$x@B=Z7a@M$9U_;*r_@4 zxEjoCJDgJl;zjjE(mQb?5z?gGJwT6=12sh8=>*{@sAu?dW z0`3|*l(LFEbchqS;c_83sMYy+^R6u|EiF65Jm9+t;-s{GhS#k9PPGnwsBG@sAb)$E z%e4}J$;%PfDq;36pBv(WG4$UFq7I#6EGR)w9}bLBkd}rU3KZ5gbE-%^C-P zAd7+?Pc<<)xd3DMzv7l|Vt9h+#SU3qSh%}{KMPs~GKnGny`-Q(&PA&5%JcHtKt%oI zY!Ix%C+ZKjLaaUBJSrp+EnNfMp;Gv2dEt1pqH1t+qp!!hzg56kJ@?*gi}?WmBawE= zeZRh$20dF$ptC&xPc&T3d=~Va01J*ZtRKSxJf(=Z6~OUg$jSNm`GLPm@V(d{CRl_> zl>>~!)ARB@_rftOTAz^$f!Z@xCmsG|B2>WHDp=EH{ZrB3A{{LReQcK{_dg0C$I}sL zhTb5oLI>qVHW+?z`PIKNo>K4x+ra4)y)Tr{0BNA6iNbP8JTC-b#kLAUJ-)wa!{QF= z6xqwxjT729Qy8_uRsLYHXz8U}hDa{#g+%Ot3UlwKHGK^Um$9&f5L-j6A*d|io@!?ssNmbhoT*XSqbo#mi4t2NY1cmJMPU8C*!6N_X>|}>()(! zIS!X4BqU&5I#iv>LQj8+gl-+#&7&;3r%`ziJG(bNyvNK3^h#o)QT)D*(@NIBSTM8cn!=dE- z^An@`@^t?LEBW7d9bDIUtZI43{rE@SS=YyC6ebvHkDAWD+iWXh&g1cGNth{qh--AG z@t357m*(x<1$0CsU#WEoeQ8d&@r>lNXXm4zvFc$u2lS9cCbbx2Nhh&%;A^@1*z(9R zdL-D>e!gENBlS*-0*+Bcw*4_^%*eUTFo(mS-TV<|@Oq?^lpy zAw7^KlMWMQKgsn5@Yn{H9P&OC7mmj#&^<#UAs$je$1L;%r-Z|ov#|F${RVI<+`bz1KDyr+J^G_Zf3(97ksHq0XNR@snscuIR396<%CL&@E8U@eB^t`y zfE#1Fd8;5=jd`U5-BC%0&xZqL!Q6lY0}{bbq9oxjHIRb8b-zrY;-~*B6aX~ zK(vH4OBi|x=IZL|h=Idaq{}F^biTQ@n)I-Ezc!CFpF|-F^?w{^gzN^xXTnk^-Ct0N zKyraz+^;bv=vH-@a@>C4D}ccOE_E*?TExg3yBYy((WR5nQ@~2cH;taC9+*(HMDHRI zNVMWDgfSohLTpf^1ny628_?9BicmTPW(Jsr@Hp-Udh#6sgD|0P7K73k3^f?)F@*Mq z`pX!kh3IbQQ&1oZMRlWV5X>ftL9SLmU99|r(YNaJW(c@kj+YAV26f{|h_BkhC`7XhYOk5mpZKxj`- z&xz^`1n~%PNy!e^_YRK{(#tyY>W?2Up^Y(M_}@2dcugEPtiCPB`+nI8;S8t)0T+W5 zW`?$bw*ZpCe~6J7ni3l*OvTGMMc~}&gVS;OH#ZVc@`_n-@d_s6&9iZqKLkX9(+;c8ffaQ__$F(^?0B_VY{ zw77yu!52XTX_<-HKzt^!_)j?gq^w)F4&$s8uLkeW8mPJm*T_RB8NO9F@LXzNDDQ=f z+ixeGokj4J@yT^b+DA!nO=5N}tu3eykWe4>3mnF8Fdx7Pio#%1ez|~vl8D+%->4JZ z3bsIl`M5DE*Q}WrLEa-&^(ZL8?S|EJwGFRk$`0}QpA5*cNK-;0`&@Qzyr-6UE?}Zt zgV2bEm+{~ZQb6}X(CSV4zgk*8LgAySDG2p`N{5z$ynJO~H(VS{=y?JZQZm9gg7ujM zA}gZxyo>VC&!L!2L7PG5ODiK$fhmTtMrq0L*Q&49Oghy;oyg(KDuQW+1+O6vw->xZV-ji_Q{= zsW9hbz^=u75>+S+ZN0ezLSgWj!JY;^;Wl)I@C|&5tO@FuMRf7AL8}4+Y#`Yqyk6+< zh(`qAgW7C!U8Dm5d&cV1BwBMO&LiN(yO}Ubxcg1K&P;qk%SSf zTFAVu!;A#@`J<7w5uZdj!u5^5A5y-q0XZ?@-~(hmg&hsg3xMc4k6X7G{#B2pbKhK? zA5(;VP5kjYsM3MS4BB-kO;3x=W-JAeO2dG*Vp!~M9DfZ=PYXSJA;Kk;PXxi6W`Daz zZhJmslat~lrq$cQsGDkQo+kkVf(yO?(yv_zR0z!47#vJ_yTq`q{G0My6hK-aI-r;! zEiU=+f$XddAco0d8P6d4C1|!s3QGfhVVET{ABh?ORr;$_@3-kp{`~nq=hc@lUx;T3 zf^~)(6wvh*e`FBHNTev(??8Fp-7neSqNvJ1UPQe7fOp_IV913HTpGYMFIC)78GT4(Gfc5lU}T>b}xW@{G* z2U2e76sS=+y$q$KRuRt}d=hJnEPMIg8o~9wM@ass_@&{2NJIR3YYKw zp84g+wCv!L%BhZu%e|{Clq5;GWR+bLXz=To_5-AQ7;I#=3UTV((u`PH@=26BubN-{<0rsg3;(9Qf3{ z0}}Vx)as^+vAteAe;&M~H|tnWuh}!I!glIcU9R{o{WT*KlTz7S}NW zl3EB33y{{6rbgCY>u(}G4SnFb?A!iS5k5W$atUZl0T+m9O+J14L=?X|ITrd?Z^S@3 z#1$x$(*_$cB;yaVvh312G#gOTgC3l@tLw=8egngO*5WH5_h17m35FF`BY0>)jTlu` z>sdq$lxwHNCI?)9BO+8V2_Q8GuLPAOVDs~y6`WJ2_k;~Ubb86LcQ1nnWVu8I1YR8S zJ4P6#ONMC@fD(s`@9M`;|3Q_F3#-IF-vS9Hw!pSLyLBGG6dwl#X+%4T@%&Rtv|;n+ zcW|ycpr6N&=!7?W{`Q8_AINVANQ&)`aP)A%NJ>a7N6zflC|N%zHaYIfIhP6{#LA&4 zm3VY4>XZ#s9l9%VqJ8_Z+IR2Yuc08kg>9~Aieb_ElfZyThzPnAcy`1LQzb!-6KlN$ z0W*3N5$QTu%K&vrOE!>Hq7X^uS!Up32%H}PgAZ)#^@Xl3@bDvCIABN!u7NIkTpwEt z7c7D{6}gAw(HsTI4WDCc1c(z9H$dDM@r)5FknyCDVfMgi{D4a(szt!2K@JlIHd#~T z?v7||6LY>kPIrhprJ^Tv&3 zq{AHy-BzYAPXdSgu)~nvZtkyb+2-5Pg#0{G%q?5CSdDg2k;ZI6lQN(~r6ncNugzP^ zt{W5x96idgSojD~^77&PE$PFuimLHyD42#4sSH>~&>xh*Q{xZ>-G7OQ5ZZy!6&%Hg zWkJdv$PAW&4^j+;2M9AxDF!-N#mX;_#qK{6DiZ^8`-uA>-RZjgmG5OEme>44OMXvN zqjF6CzEM)()V9b3u7&-)b`;9SPU@LcYI`3zaXy#h5tq97z}(n;AuCHwHu0uL+yNbR z7qv{ac;kD18+lYql{g+|-M_uPr7d)Bu9#0V_24xfs+#z4bN{?`HS#*zv;FNhVK!Ct z0+$>VfD+&gfo8O3kTZk`+r&b{lZt%X7#b(PXcYJ0>SO{;Y#aJqffcs%Ng-$)Ue@IeK-*&027SDN1$|*_}a<`Ed-!_O9b@? zZBisKx9gD_u~R{5ePSDxfwsoYk&@o1Cr1N*Q$#YEhtoI`(T8+C^0h=Xm3V;z2B@}UI^XJKk2h0$| z`9;HkOF=MH9w}uAZ1Az)WI-h$DJ5kJuH7t{;Otar^`dYkJKM>8-n4aVJep3$V|o{j zy05ny2Bu6y8kYiS(**1AbFOt1ScwOz3JXuzJG;6>?wErYWCxGC%HX5YgrJ3M9!D{h zCI6uNiWv5?!J8}BvC{|2ESmRs=@vL=VRiIBMZ+()#Kr{V)d-R_ynK8#aOqh9D!^6j z^<*(n!Z4vNgXJb;6slihcJ^*5_?&L!jrFp2XIGr~3NMFh&-Xy<%n+E9`?|x-ngYk| z(s%C?usCIqpTZ}hV|W-qyFJy9uw;QpHzsMT!h}!*F&<+xc2x(I4|LFy?^7PK*H}De zGH(*FkRzs=kiAHQ_(nrrEf%SCZ}62cWj(!TU}~^a5kv)ixKsy7gdaKa%-kF|#vZFs z9WRJ_2ANAD_J}!c9@rRSYH<@NQdKz@(S53g!Vgw=1XTyP{`nG^%V1ygE~4fp$;Ws$Iws;?xG*pek529 zw;X`XEUGX(CjxWeNND9O@_M6;7BGuNCJ+?YIQKH&_)fPeZUM8~7j)S~GP3wWycu_> zZf~CrLEb(p5Su!vFfV24Kqk+@%>0P0qC#AkCqA;TyrQBW$p;4M@ZgsMT@<3~@Z$tz zL@WnD?2tu9qyZjB78Z~zvQ~^D=gTkEtXoEZ{(M||fiqLI?jd*V%;|-1-@f4%crq6- zHPo@KKkI@+ogS)@%4%u>fD^`15KjaLBSDXrPSRHJEMPyWA0q0KO^A&k-IBeEJT@H6 z(18z|0Y+NO#6;!`0JBY-H*<)Ki$fM`g3Q4g4v;%E_qe$U0E#({JbUG5u&lL*nAcDo z@{#GI^`8OG&1OJmS@58=1DCg?6&Bmt$xRoYY!$Y!RId{ofiEFv4Id~M!md@r{T4W+ zB{4toj6*TziI|d{yZ`(d*G>jF@I&C)RIhhoK7x6R$tc_L10REP=4qH(tYu_WLpcz3 zk5J9Vg2D0vrx99(t0J%1xN~PR+;3q&dt5(aY-FSsg*HAaSf+mU8-$1;6XXGyt4W%$jM1X`Nf*?3ec7w>^43b7QOEZ6zuc$!ITHK(|;*VE5Of>OgS!) z5o(5^{?!C4s_#odKISkxYIOoIv@dDzhQd)Daa&`&sx+`SH9T8(Dl}!ai0>OCPOp{^ zJE2V|h+t5l<(aki!Ofy0C4V^2bUv{|F&+CB*P%m75I*3cpjS=u#vMD7K+-R#)AdoR zx5^X{5z)~|RL4cvV8*Unh^j-{K1k2kL=oSgeW%#<+>$wlfVlJ?X2=R{(mN4{p=W?5FXgnZdmuB=USx=k7>`d~PVNDE)~Ee?USpjd9q%t^ z(6bdkUdd>|EZ$i^s4%1tWX{#-JkG5I)N2di>WUJKVVV)$YjHzvyj;qe?DeMXR4;>F zsdJ|4oYxA%dG)MymYS!>!k3az&oDzM2~NRNvT6XGR$vq{iJajAtQM!R6SsJl99NiN z>L|!JCcBK4_G6=Lg!@<=7DWOc-9C}}3f4QhSt(e?rU_|E(mOvO~B;E&Vj#VuEK*9uk7gW=LU5-%d-88ax+{~$62$9Cf5Qs{;>9bI8m&Ie0W#YWmZtzW#~f=kDWqFynwlnHn~h}_pI5>{LShkM`-5>B0rlwQ zWZ_;r%&!B-j%fmC<+Y!~1ru+{H7T3DOHFjWOI5yp3IAT6q!jU%&&~2O#HBDd*ZbP# z;9bg=(W3V?+XK=RCl{Bc$SECz!t2_oN6`keF_qF=uI4O=-N>hEPu#W7r&}MS&)Q~` zUQkAb<(W?!vXmD%G_j%jmR|5hq4R!FCwH&)+?ZQZv}>d?Rsn)E$;pQxc;L5>AYmW% zE{_v08P*P7yzr1cYjD~_Y<`rMo{*vhfOVzBbK9t5-o85){vR$0o!qSXV3F8U3P zI`Ua)Qy;a4H|y7l)gJKwpl0j=XrmD{rYIyTW`M?ua<9*x{*y8F%%TQrcjaj1tGV+h z<)^MKFgw?cLiuz2 zA8gAglyh5t{o>C5|3LXaFb1?h2L=k|_4AROmou{*i)v2CqVz-?(jqpyi+y>6!g5bCzZ-pISWnSIAT^o|9*0wy7RND$o|c@&r&Eu zhf6)<+Y|5JVy(&WcMfnkTHY4foE@ZduOkes?|)E=o-@_-ZTT@Z zC3P~CN6|!FTPDlr0e4Gz)kmI25t%>8B-*&)aC(M)n3KG2VR-Dcw@v0?3AP~JGLz?u zj}+7|%${g8yH<2Dv}D{V!5|~O-dVnNn)|S8n1oAqLx`(?z*Dhmlh4+smxBkJ2czRI z8GpVPxHdsdgTBl06n&dQZQZf#4;Do;Yp42Yf_7#?k_*RQb!85A*RF1?x{~Q8WdFuw zvE8L8*?jwYAu)Ga=e^m?=Mgn|e~iBvw(%OEoxGx;7r#+o%7SW$VJRZQYRe<%#b4ipr~XGtm_yevY3Hw}(0GHTHR= z6`5q_X?VVEWMof)&{a<mQkAY*M~0m2uD_yPEXb0z?@!%(y3ys_W5I(D9k`4qpcX!o;p#;hB2Yw$0r4HH%(8??69ZyHQ+s%inG?r03u3e=0 z#q4BdRdGD?_&Z-!?c2(|4H3GkW!Ez9hLY>k;Pa{SsH6d5&VnL8J0Ed#NdL5ykxUBzD7v}%)9?<@5IK_TBZo?Vx5v`e>g zTT#sbjC`TUv!=}q3nRQbyY!?=HE;u`{)OjDYQxJ0v#e(0 z`i^%f(?ayHTDkq$nfV-oMcW$KUWWM$h(|GZ4c6QiR^n*7)L}*i@dg)Co3+47_3bL#hRnzI?Sx=vS!(m4e94)w6Pza(b!9I8vIq zqcl0|{i1yN?#lWJ9;7E?!;nmN)9B^gDw5kBtvbVTOw-Acc0Bg`oktZa`O@1HrOYi0 zga#NEY!|)QdmC!UoVj|`OU*?icZRM<1g3xV$@+$#_;1@p1@w+SVQQc)8E9N+8(H4D zu;3Yndx#%qUI3GEAbP)m%lxWRi$x7Vv#|7|Hd)t)?3vuIr(l<$`c;PP@3#xRSRT$t z)iC=uR>7c&!`H)~Az!f%A=UWXn?*gPIeXcuL74~Tx4n}4qiZ~HACIiJ;oL`)P>$rq zKjZcuuPCn27uIgxH1{E=uPN?fQ$bGL$(b9^88W-)xBFD%?wnuM2Gr5xfB%_uu4z8Y z*V#rUlkMgeZXN-wLrs;U_Zvh%FPvf;I3m5kcDmt}xoF(r?7ZS?bG>ZM2vJ?(N{3^i z<9+FGW@UdKEPM5Mziv+!^QwM&uzI;VP zU`6wgF)gMu!iOnqx?Wjf?DNcnrkdXrds?WXGI~A;8?goxzG%)&axY0>(?mw?3*+nuV#m8sV;9fpWe%Gad+ykoK2@Z-yE;VU8f%ZoyR{h(X=szGb2BLky&mZ WbyDW^#U}icLX}iFlOl2M=6?X=OvX$A diff --git a/docsource/images/AzureApp-custom-fields-store-type-dialog.png b/docsource/images/AzureApp-custom-fields-store-type-dialog.png index c6bbf79f78c05338bd7700f33f0e8f6a7d8f3984..296cd70671f91163293de7e68f946d483af014b4 100644 GIT binary patch literal 40207 zcmb@ubyStz+b+6jq)WO*P&%Yb5J3TH=}u`7>28pgkPhkY?nXMKySuy3T)*$zdz?Sc z8E5Z3&KR#_ysq`E`OLWEx~}`42FuAvpra6@Kp+tG&!5B;AQ0Fn@TUS95quJc>#qob zP(nV7i6}WGA1pem;!Q6hogCxGHC$xB@$e_Odc9bokf}IGN$`4Bv**Q5j_VtYbd2$LF6%LU|{I6da*2lv(Hf7ew z4cMaKnMe~=5pTTDpWmLGpCc~!_y2;W`OgncfBE_f78MoCsnfzOcXTv0?|=Buh)*<( zjDzyod9ba`4A9?Wi9Wf#5ySb<|N6=Y(Li5Hg_w!;`9I&GiBtW8e&9zKD*9jJvJv`! z`p?7qtSC|cdALg#kNO34prH2u9_ZokYdX4D92}K@zpJUKeUg+ki*`quH)QzF<5^l= zy}bqlaZFgq@TxTyM11ypO4jvNRqu*)TFK3-iKXHgy<1y73$N}MYQ@a{smFX8kf&z~ z6fd?s-g_6s7SR9wwPg0@sM(K0trWVSY=|HIQ9j*omvdJ`fxh15XHIMu z7E)MTjwq3N`L~=r7nepBPdfx|6~~-tY5(A0_11}Mi}GMKl*v9Ugh>}I@glVdF0`+o zCN8LCYXfcax*4IY99hTY@)398L!gGS{#ua-E6(F> zcr2D^--LmM1zLt2aEr2%^&~eRoA(3kq;Ojx0lGuen?bN*3vHQ95R1+fjqa6QQ20B zDVxDORbEgEc|MzD3HBiv6b?}5at9m-8-3)mF ziQSYWog)jLmayz8KQ8&BP~t{!PYnz!)t-#+M_Yx_fUcQYf3tGq$BGt+slL9C(Lh{# zXJ_Wudn^0%*mpVsh1<{Hw1UGvwLkJ>uFj3M{Eh3%WnyWB*Kz-jlZ)BYG1x(Pt`hz+ zjY`O7R~IQoIq)D<)GsZ(cj>ZKZ*eW{#8amw6z0|AT+?PDYc5)&u%Pd?aN5t6_Q}00TH zS3s7eL)l^m=xra~zjMJn3e8xDopYl=h>$#8zmn>6ij43qO7&|ucwAjE3oDR(O`ao# z?XZU7G2`;0m8{ucn@VeCcm1Yo|6kleO3}$`&hK=272!maP%18VqWz~+T*R>b0PeU5 z|JX2Ih*vM%Ad@uZJC~Xx3gE&cv@9$vj2bo4ER0j|pUERsti3Gqmb0kTUs6{Sll@w! zSiQRyYo5+zru{RbYd!O+3%z83@I$udi}ZJn?>Ofev3?PKt-U*Nze2X#n9%M#ycsOEL05k z#7W==zD{pGs@1o5o%7~RgH<4OX!1}uBqkE@TG93f@nD!uY`~1 ziAVN)0l-DUFngNoahjfBrQs!9F7qRjOc02wdQ$uBB0kp@{*b_*ocw}!a!POX^o-_; zgtrRlzk;(LVwOdw+L#@ei!3T;f}H$4%u z)k{>8^K$e=#>M-tBmEg0>%~4_B10%Gk+}?@H&A>fojO4Qxe$`BRwrYRMzy)JVf2{8 z4hI2rf&VkBm9aG%(Q$-K%dqBcV7|X<zj&OUr)4A~|IZx zy>qXHJLaZH2c}0>LDB_3)Yk9=}m<9>pEHH+UaMt>al3i=^8KKZwY@Wd?5c zH%&j%W+2Sxy6^1 z2VG>OcYMG0=UDC9DbW&kBHDCIX?^o6B*VZ`vz*!S2>Mo5^oy^Tu!&HiW(9dyC=<%I zA;>7wWqn$AGeFiQo&|yA_+zxK*goydwsH`BpQLBI z#(1tZ!e3}QKyP>|&Y0Z8a^HnfZmGfSq(xXcoMdU6YF8+g{+f*vcqO(H;`#KmcDlt2 z=9Sy&>{(idygA$BB^FJW@#;zmGQ`W3?uBtPCwwOzLdUSYCqI2Q;%PY%&*=xe@MkP^ z$PRBAu6WA~oUgcJV07aUuH`DNAJ%xy9_la7IllL>#mFFY2}rZNS5n1sb8X0Um6ND* zsFG;a(>k4`%f%*1@G0>=a$yoSi^bQYJ6d@bZJn5(x;ziISLZN~`TcdZEu8h>=^}J# zU*cM8{chO)!nDaqGINURtq>BXBI@Z`lJ8jiK=~MEZ*S-OFP_b^aim?H|3rUW*!p>v zA(1b*`)NJ%hT$UpIceYejU_OXM1nT)&z3VgTZ@$A*ID`QbNCcdo4n%h*ZZ^vdka{f z&ihZgTRm2N+$@C;>(D^L_I%#%GCt(ssE0sPDLB`e88zL9foA!5y3TejY@Rv>SOzYc z-Yk_nPC^=If%j{M{xTlJP{UtJC`T=2q3~agc6q;MVPq4j7fN-h&CFFKFzDY)9C)qS zy(*|uzLSQ_x*pc9$>0ee8?qi zHOLEjWk@?a>p|&}!>l-8mwRmGiGo7u|eW!pk)#^$3JFs`XSvIGmvQV)wJP;&a9hHy|Sp|~5^V1WjAUu^a z6JeM*^2f&qk8)(;(hMutIh+cK%N%7~Q^mxpdp#dEph28mhfoOxiwU~ojGbcMcF%Tl zpC0C%yWEeO+1KHw{G@0>^9>1PdMdv|fX6&TOdF9ndz83wc7z`$YhEGIkWrj_yg4V#b`yp{ZsD}qgidGAnk6~`aRYz1xtX*-)zr+ z%WKd>0=G(W@WQVAg|=I@FmqaP=T?MA`~HBq!9wT~mPSIyM!7_*=qsw8A!Kp6PXq_^ zHzY^mCc3wGyF25HFXN_+-_S=+=I1tvc^ll9uI*W0v$?3t4r&XKk~Q*(<{H(J#r|Y@ zb|*{$86&w0kIQ2$?HDS|pJ}5d-=#a~Xz)j3P17bvWY8?x6F^LkrzrATZaF%z#NR))aRSSoi9yWLO8Tr)C;ZA{?^=D??=;zfl(NOj3+|5 zlBrPAmC(t3lIDo9)+IX@U;E=nO8OUQo>5w+OeDSxo3kp$=S~73ZFTSVp0$!ye6(#C zn4b5@c7}n81U%-hPhB3`LSxF`Fd^l)g%Y;CAB}XU{!lrcPQuvysP;~nA=GMU)L$Bx zN7fQjx2A|?e_f*UNetxm^Cc4h_Vovls4&XI-nyXggo5xEq!*n?E|)R6BlouSh(K4* zRDblJAaOOm;~xcV=PPpKK?*;Q&c^TVSpMR$@aQ`}zX>qJfxj;_#%6N|W?IWS7TxZB zl};gmwf0m2Aq?>US<{lThRZ)V0U3i?+2*v& ze`c;qhR`6Cis>zZUh7hK8=Hsf#mMKAeKj&6kW)rI{a73x&KyHiiQz#m>HK}8K3T@b`2D&9tpS-G& z>g#L{xM+uVeak0&fthXY9dGW3{$3{bIa5IR(?R}TUf$CY0m90LtJiN%HRF0jc9a;0 z7i(~xYf@(Op!{HYg9x=%KvP<;SuE;g-Ujo60Wo|6T@02QGsm(U8Kj3kmQ`@{MxH*Y z-n8>5#W7&p(vqKzOE$YOK3$77RXU*Dq3@$ihdZpGIx)38F&WX|q=UHsWB<^5UoW_C zgn2bC_V-&XvL^^+)Fcmckn#E3?lDLs+O8&eE|?bq)y)W9Q#m`_g9PU)p$L$!Zo_m{ z`oKS$!2`ML@-Zx(2i=`3>&HFK&x2h(glzdp#>|9%;H#)u<&!RnCtOiv)8+tiJ??jA zjZ9T<#LPJPXqMcA;-x+#laC_+WLJktB}HNfkG=;B32L~3WPhA2rspZuqn&327m**>oDG?PFu^AbY#w0u7xR+Dai#d1X%l~Nl zyK+-Jc~}@nZVjBg$qc%G+sCx2-Ur~bs9N^cRCSbUTgTbo@Z^#V`Ta;2VFKQSZe-$r z2v-pRb0XiAMFrKv@JsgsOx7!_qt&r*z@_(hFomay8;9txvu2+$-_$p+yk=QfI)*;U zmoD41*Vj`z!G$lueC3!6?|;i%ic`Zp_zIr>U8?87yQGRMNRN2=&;svee<8txN4!ILoQoYt z&DLFQKxGmWV(7)>y+J5jKv5NJmmi(MOcun+(Q)#Az4M>6l8N?b??}w!qmmu&3I_6Q zDS7JH%sRR7n;B^Uc>McRgPIO-nhogR(g(&C^8&`UE+2r$#{^~N&T*VvVX_7j&sEAH zp) zjTJ=z*%@P4d5HY02F0r=uOy+@AcL62=FCR(6i%9zRGS?xds7 zEy`+0#i1({&wV|r5s`dlIn=mP2eNmOl<9LD3ol&0wsQfDFl_k%#u9}?`?wglG zsH&o`VEFEM{$xhH${8XFLbAoQJt-Uj&vSV!Quwb>E$xhzKIJ&2DEInHyV4D~AT`E^ ze9=AD4bHkDeM4VBjNX4}|M+F_BRF!R-j-_7i)@+;k}Xt_xU6)f3Xeq3u2^SgxCQP- zERDB%B6-x;+KVmT#F{B7zmcaZ6y0mqWc09=$lULjWXPCc8;#la!#cC*@9#HbeLp2o zWA*JWEtWy$k3nxZ(^73a)i1Vy!GEw~T16O9!WPYb6gAprWp3b&KaOXy1%xQvU?|LD zUAFK*~26F)5PqeHBV2;o|_$%xU~ z^cf}`?zafZBYF{X==}@EFrNxgUY2Nmg2tnzXE*wukpsB$ONvLr+K2t$#^}fe%_A== zeb|2JzxQ2T=u_=OaQ+aV7&4lvL-#4UC_}*%%Y&VKc30u%`pTk0<|oS6=Hg)xic$Pg zV5um8b}?PpTp|o&>F-+HyRZ|Hja}FH6G;jlzWJ58ZZT*a@zO0dmSxGB*iBb9rNVnb ziHAb@uArq9;1s9FNBITh``%M00iK2#FP3!dIk00z3iPp~-`*`8Uxsy*SpTb0F5GO{ z%*jT3>QV&E*Pb)hyxmOl#|&I(3O@XA42Lqu8c{tfBEaNEO^M(;dW4e)8AJ7s4TA$s z75XF@+6m3aGWEQ@FeyB_(US1I%GMoi*K)r#H8}AU9qa`VS4)PN6C8=iXLNXBdtfCH z+WNk>puyka&)Vm>ed!C9SkgMp!Nf-JHI|+*SbCqSP^o}whzSao8W0=o;OGGNUJy7O zEA-4Y_WuMt%;b6xqHo458quO%X0@srm_7boOv}Y9-8%)$>8nY-|BPSKAMxov3cTw5 znB)`Wm+b!9DL?oE76QAWyc|P|RM*I0YR9!eu(UNhjQ0-xy8HAv({|GWR+E43)s_N| z=s?X%U zq%|}SrP|hGQ#jh>DqO-SnTp3J_PHTRxN(?p&WkY{bg|1@(sVk*LFkZKZ0~s~A*WW- zg_LBXzYwZ>b7g}Bf$A`TF7HgXo>N477ghs!ibx(2*w&&wl(e>aJz|~`4pZbp(xmJW zgzD!8rt@C=GC}JhavhO22QuIu<$Y{Q^hsaYiO`~3@hhd<6 zT!dle-2Rj~C7L@SQaI+_TT1@*aDIYJ*wY(fr%ad7J)WQa=0OPp+Cq@bx z>+YtocxW!&)@s`o>xLn|fy>VO87_7zAvrL0%9N zLKT^#W#^!oAiN9GnHO4c3na<9v%~E;?t%A|X9t2}T5evE@{3rby|}o>2-@s6O4I)j3$`|0K}1PZNLy@kGll z29`>DCs?Cdoe?IkEwtk+YVSv2Zo7vV*9=BE6%)$M&99~`!NU=}jI_FYrZvsGqUoIC;vm%~6+HF4$6AIWAH>xG)>>zo#R zAB+^zlkpCbo9iT`lhgU<&Pls#Z1x^Z+8k=As(Lc5qH9LwQ{Bu9COtX7*1dkJYiSO{ zfojlP&xsVakBE!=s@XJI+o_txtwAM%)+$ftD1|1z*@>`10i}G`*Wl*xgef$23KxMl zTXQ;OY{EsqYl9rXKu$ir=J##Z^ZVA6KoJxbzqP#TPm!eB%$A zCbtxMWd-j(ju*)M9t0p26Y^%$b#WO3rb@^~g=ITN1pPd?wvx?$3G(B@K}_v4LP<(1 zbXT10|Jn>{@Dc0p-)U3<1zvzZkpzYR$Ihtn{ku0}{gU)pFO?r*mK{GWMwM0*5upO> zKqYf0wLKK21}>j|Tvp;_Fsu5FlP{SUFNEdkmO;hislR+@RITF+C5BR9$nc`($&qKy z3LuIf|8*m2>PQn{YBW{Zu$H8@Mm$Jl4;8fbi3Q0ky0j1f#o-qg@~_Jabsqxa&eqnnv*mP-cHg;D2=anr3eThb{87G{2_a7`;q zpM8M3w!`1Vz(}&AvA3od(!SofKI1rj(U9~hxfr^^e@t43HKp>CehbDGxnsw18Q*L+ z?%(W1Pq@qzvuE)4NTd2V+ZhW}f{d%VmYr?HDmxO8BxDY9?3=j$_8(~aQXHzP+(PbQ z>e(M{GtfZn%-QMzhz<$l`ah!ngE0?#`C=A>s|Qx7Qsx{W(`Mw!O*I}?{6R6y+Q^j5 z@JZ>y89u6E<>C|#t|A49Vafr2=&8gw{f&yYr>5s9+qh3Zw`XLE9hhaFi%^1CgmQNQxZT3xcl!yO99u zF>p(<9#PeK6Po| zCKAnZ=>_AIn;saFS!c@{a6_v{yAV*}q4#fSc-Aadegp7<1d&2atWw+9BqELp19J=* zM_tK#FvbnADHx?|Q~T?fwkeT?gO(z&$a=NzK4(>>$N02fU%&=sO1L6b=Lb9YZLVl_Wz`pQ_Jx4pTW~lYB;wc{{EO$*i?j4F^&SX zjI!9EealH8z4Hno?JqrH<16RfoV2pE4-IISN)Jt2Bqj!zJ)9GgWQKfh0AW|SL5F+eya!T#JgMBiTW zoE+fj#o&YFs<=-Htr{Y_Q)8cn>J_;V|2Z_5`R=axTw@3?;GUe?UrPZkEDniK{fab+ zOc4vcW$5){S$UOSOUL)a;hPODytxMIpbi_pn-FH)RDkS`47B71e;NE=rNbfR3A&0y zV{xEYLTe1@|F1A2jnIKk_m8JiWI;O<`Ngeb5$0^DO zS%`f$RdZGGhHlG7f*4f=cJ}M+LoEdGS8yCS|KC;B|Fzk~pO_xoJldCs znXhGWxjtGfINaLa&iwNSR$E)UxL7}_{>LuPpFe+CU9T+a>gzexm1(2(wue)k?hkAA z^!3kT%x3srym%259NfN8ZCgeZ+j3R!=GGT_3VsgKEJyr z19^@i)kSLKY;(Z&V1})$r-z!03qQ@{?yZln@97Zta+O(Qp>nZHfnLtrP&P)*IxGg2 zlCE$v{zOI{W#xdE49f2_AB)cr50scJmKexVZ_;r;6H7Ry%D^Rz$=kB-STY zbh`88GqH$>UKA_OlawieCV~Iz1^9Ew-ea>r#dNUPNbvggYfDXYcfJ%1d3kw4ZY$EB z2#V5cyOlN=LlYB&p+rs|hXX<-`mdSu1qB5ir|Z48$4kvFaEa>0Jz$ww`1n(6b`#3v zt;gmb^b8D1n%sPR#4ODh3Q7OgS33h$>%YG)(X98GnNdv^aK?$IlkKUqU6<3=UZTBs zQfPU)GY6&ZmgYhcWU6Eb)5M#TPE0n_aT>@Z6Nh4sbbHR1B=wiDDy7oSatjEtLu$`M@?6BQFz3XdBq3kwTMoM4Dj z;KH1JiF311C|jQ)d)}lOAraA}TFKbAx;u4MRe{N=`MK+6Dil;y+snO4uHpgiWj8nt z4Glx_1sM%ZOjVUo#bYAp3o;6dPj>d}o^Y}d@FffcSWJMR>y^zW4h{};=eQPDDwN0+|M@1(*Wn%2&ek|^NksDJ~dr&A^iy5hgTJdGe^ zgAK%_m||$PT^DaU?IHP+nl?HrXR+AuveI}6`bIxGP2d3ognA) ztqibdkjVJ>z7!5eN5^CyThUUC*2gOnSU5P)aR8kW4IN$WF0VPV0UGe{4^B=z$|agF zJUu;+#)^xJnUsrEy`jdQJF&XxxZIubAuxUHTN`2L<^J^PxD*SOpdi`zdeTORL!ZJz z1{$0fz+3{r!dF+?eF-^?(OPb|NZ^r>)`6SJ(Z}+5Jn%d`KCW(Tz=Ib&-0hcw59RWe zX232q*zX4{HM@4Ux5HRjS>0Sr$e#8yl(sD`k#`25e^642X+N$%JNtexUyC_iqUEbx z=&#A#JDkF=XJmwcgoGrW!uQhF*7nj$B|}d4`RTE&rY1m)y8U0iqV3io(Gh7+clYY% zZyoTNH`pwP<0bTZ&80ikf0CeA#M|5Z=IQ>JO}`5n9FKIG5LrS(0?&^ftR=VeFTe#~ zv9e-uTQ76p_3Dvi`@yNuV24@IcnV^UTSi#RJ)#5 z(Q)^mtu$FLu3a)yz8w*MCS_^4`LpDH4z{g*d>jY-jT)F?{TZEXs+gP{mXiSa-Su%q zSC<&1?dMB|GWUCjgV{4{K9Gnj7SFhAS4~y&h5O;zqqcL$Cp9_3Q)A#LZ)mpz0A&d$!#jQEuwL-5PNRPf2khk<>ns;ei8*jw(_ zM@eR*LGG{St%(dmhvM0M(J6$IHA)on<7;cVNx*qGx?VGf1O@4~x3{A~7?_!jK@8Og zf6=@JEi|j)zlE_iyU!ShY zNUD)9BDy{j2B|K$)q?JPjimuF-vcmIQANeC!@25^`uh5E_xr1IkUz?R%R)B+nC&c3 z24@~_&u4*WsF|APYmibe7zlA z(mPWee&;iqknnKhG|wmABz7YdsV`q9`L+E;+dUpHRkpUadK?bty7dhVW`R2;Bqfo| zH#u_*{QawE-TKG{T$3y$EX*iZCPg1i$nfpkx3YIFIw0b10uIRH+1$r~#p8Yh|SkgY5<--fl)4VB z`(xf(94*w_@7aP>-CUtw97o3Q5DKFUvat2kBZ8OvX*U5QFK_+q^*Z>KDu_66ZNPT< zzi%LeI6`b^W24*Xcx)WXc2pNmF4&)?@D}~?? zf$Qp-4)m5$GYLk2)DG4^#G!6(Zmws2g&&gO>k9{taJ64aNvRB%PNvLmdl>2+h+f$_ zIo~Ppp~o0Ku<0^iOhzsI{9p$TCqW_K;;WX1i&c%)Vn3t|gdE@$&|`+E>g!V*gxXTj zf;dxs72D(AS5(A^=+)iR!`?&4?{q>5rdagnj}P0_$*o?|ov#4^LJJP&Lf;4t4nW#m z2<%&*D%BZjYHErH5~nuQS4sGOyaE0SjE^1o!auX>rL$aY>cWD8nXRFuS>WJmpFe;0 z-AqJ@+8#+W=?ug)p_570g}P|5GDnzrCjd(3}VJKJKjKh|Qo#eKmw z4@|{!p)QI^rzII!eVJCHL;2T2Wwr$A9wqvh(6_r@FFJx3yqNg*?qH_ez~brQR+>I` zZ?c?L3^wn)(rl7GE;hEC>;v$LBrZ#0s9!j0f#Y!9PH_a!_o{-_tx{7~7704xLM`X2 zg1;&&gRNj-VKJfbd|;ceFhYge-SbVa@J#FTqcuJOK`#I(^>!EU1U#0fAF{HtY^d0U zgi;w=T`tYItQL5{RznvEJZPaJgn(tQnV?#o>HO?WKZ)BK7{t}d>IXzG5X7eQCB6h* zTwNJ^cz6u9w|m3r0;sZDGyU)JYh@a7z(T}&PnbcP+u4ij`~A|^;W%ckekP4FUGJru z4+5-eZTy4+h2dmgNCCxpI1vZp^W(8+xx=A)P`AExG7mP$rG=G` zi4xsmmt?LAga$JW_6*`-#QuJM@BkQgc67i(%B+`#Ad@Ng-TG_|j>p5rDy|zvjg9=q zgYn*_Eq5r8GW&gHM(rj-V`Jm6)HLF1iCuLK4ZCLii|`t@Z+MFlI^&Sn>(;;|N3ZwLkkMjt3koUR}VrA2_?+VuQ%uL?pz za&q#?tVtRbH+QX!n!l*`!GXmm8k{4-u&}VPY$<|`jSU-jYXn#rkek4NH*PIUw|Vu5 z2j$o^oT48-P{m5N6RvwelSi`(B)zH%@9*EgglziowJff#t`_c7IdUJ_KBvM$hA2fmcpNuhrz_;I93Mvn&76+}QduaH07Z??l z_joV%Q;Zsoj1Ld6jyDVpollSV*f=;o945oMz@%<&x6|q?+=M8kelvd*6@>+4g$gGa ziLIRPdmX__!iC$Jt z4mA@KIxw(Lva-EZrV|&4!^r-k0FP&aAhu-QwSKy?y6O$07d3!^in%h~P0r^wAOPjg zsoZ>a-i%d=jEf6^`UyyjP)bO`Bn+$)>K?eX(q5&dEY}Sg*DB^my}js!tPoUu#+9Si zhX*&-9-Gw;f3CO73s9fTs-Jr;mXno5$;^xaA}o14Xgd=2yAMpT>IJvkG1C*mn-!|ni0{ABa0>Vs{DQ=A9>x#-s0HCe^&F}r2 zf&xL%zZer2CrTS_D|~&t90*_~h;1v|+eqBp+-?u2y?J?g@4>b!7prI2rciwdXq%rW z0rPL$_#0hce?iPI{AG8knZK#Ixg11HAR?rLz?*brc(F6~NlK~{90%}|jInPgfK*a~ zgNCqv-}nS2cEAuo*{ja+cu6tEDhrrYJhwGDK$O9m5)q>Gv7#ArD@Tiss#V{xxh!V9 zKq69ARi)(Mzy*r~Oa2HL$HsSFkO82E1|TRn7K4>GZ|ETZ%s9d4@USr80ZA#T`t?N+ z?E#pQ1I#r(p3rI~Fgtrwk=K}xj_%@knWENuIY5;$AS478cq#x6z@{(Ms~8y>M}bL! zWI_gLY2;tSppcOD5*=GxHViU8KX6Px4rZ`{V|1aiG@U4EP@6Aba|#ccs&R2~i90xO z{R|1I7txKVEH7{W^D%_ge2Vc69tyzL%^&UGT|Ai$J>Jv-++YB(JQQgIVoUjZpxk(f zcw>7T?q*%!-$L4#SWiv6=Vuzf$St$qShq)w$JCUR5EvMkc#!T8G08(gfQCTu8C4-B zCMNMoNtpoL%+y$t0CI*0Rz}ME9Uh>eGB5!E!^^D}8~En0K|uuYyfUK!{P_6zw#7v< z6#qYJ6RlO^APrs}FGm2_JDG4(Z$4c@2vRfDIv_kC!Q$ZJ>gnmh(9z}cDK-O+&~&}z z3W%y|lM~yui@|p8ThJE-^28fPMnAxrz|Ps6u6?Ylt7`*}TV7s11GXPT?G&8?9GJ5Ui?hX|> z&`5c(?6wA>q)5-wG7Nw({i}mnLLoP&B!M2!hevsea@A0ORDzDdK{SvtpdqH!8} za=(f^F)>m9Y~$|<*uXY#I6%7mTioy0fD1qhO5K4?xVgEtfpD<00`Y$D1ws~AA+u%1 zmAlS4E-voGh6|9Ad;u0aI5;?&kQL@swE_+fHqZ$m3F2g)rhEg=izoIfH}~U|#0n1M z!8XTb_do!a;}a7*#>ampF_Pz52?83;2zGI8Z7q@Uxo+#}8C)(H>Xwok&`nJxKh%og zLqS0S&_VlH)0OjlMUcE{FFGj+)!f`1j6$p#cyS>u@YgPL((DwV2q0DwkxB#K9g;ss zu5D>CxxKvw>&@r>p`xt(Cod2A=;(-P&RRq64PM{ipqQE((Za&Q%Fa$-ig1cdAV`zI zfja>=1>pxgQdV0VSYFNsU==$DhrFgH8YU(t4*Q@Hsd}&_^IAFAoE_ZL>M(mUOyq7O+BbJ>7$omHdqJWM8 zt}Fol5280RJnYQutgQ$;2-(0rK$v`(aFYsAF8l~w;Nb9(gwgJN>kB*r0@bTmaOC90 zjn?SRt?I7AQ-CF%?2NtoMDvSpIu|H_p=`}9m0_`^5me8fIHI52$2ltG)ahLvK5SI3 zd=C61`f1B76 zH*W}EaZPjK>F;++Jo(Lq@74R%&!=0CKd(zmf6+73Ux2Dg0&t*9-t`g%ygG7Qnq|}# ztRDH6BlE2XP;>upH(~zQG~54$D>eU51JPOx^_Q2|>Y19(D%(R}i%cc!ElvADPA&q! zR7YNZtN}}nHo9|g;SXmL5W=8et0hP;6CKtM>Ualrl07aMQ;hlVUC@3^Mo z{?YySVTJ#1-1x!rt#&g{4Pv+uk=_{jV^ zw%3_JN^RRd2NcAriZq1)Oe@P{q?gWsX>)V)kCg1I+g?`wwlXUVbMi{CUrjlZj~rH%xrOkSImwS`*=Q`dxgIV!$ve*b9Z}^VppK zoW-Z4|5*h1pO={q>Pb}3X_AE<@c}*QYOqiHBQc`Au;17+7mi9W()q6o=-QYV7~%0k z>#yOFt`Q)bjV=iL)6Yn8ad8lc6oWY$2_GqobSkX(`%&iJar~o2srNE6T<|`^OWGjv zFE%1kvY)XlNxpP)gTik{CZ^TH!_F|o;gNyP%w&t3Tl?N>a}@{#NLZkX0_%+hkiIVx zrseN-vrzTyj$71iU44C62)H3tR#_S7NMKDEECxw;Jm75jaTSo%$WQ%>p-ktnV*y`W#;tpy&ugp2j1FMtWo}kg{9O{t=4K$&)j^P z_Wmt^vNtP2pf)h^jTeMQ1{LbPCMy#YOyO25ONHN4=~%OfGHF7=*smnk2NM)ssBj?0 zBTppSPOBdw@72vvxGd+q*8Wh367iEmu>SEAQn+8RK;GNhVmlnq1%G+gin#t=?ACxZ z*2Cv`Wo4tDvDEIaYijxeys5(nwo6PR!_kH!sM{0%4ahTSBwVl%z-};6QP~6p1X3jz zHTwJdf(k3eGewMz5lggMf5N~aepiH_ByFT3R`2~gO9a8f#s(sTiwI*0Mvz&oWGOQ+ zmf<~VB@^zYldn}dl6 z?3qluP*3Yfh*wFA2Ojk^%J{?tW%S>ZDUA^9ySrsM1qCz`l6jW_7yG?XOks8Z?BfTx zPKnTh%7v*ZjN|53SWlfQNO17=SasoXbcsjf+WD=`kMBO}nc_fq@bM*SO?Z+9X#rex z3;hY2pNx&u6?2CVwO#|u|Dsy9!gREZO3)Mz3IZ9=UXjMdNr{QD^_ov&sd0}6r~I0o z?UjC_h72jZ?l?f+_6-hx0o1n8^KH-0P$Cv?)uq{4gqoTfr}$X40 z9spJakfoTIX3rH_BLrg56W-fk|J-x2%fiW5o331lP#RTFpQQd|0+7>R99T6FgL-~$91bNz<*X{`sQs=^nUR^cF^XVLp zho9HrpzejsJlMI>T3O*BGrVH+LSBvS#g1MRnz+tllFUAbM&Lc5SbZEJ552*6S3fEKJRf1VO3N6Eihp{rq-k zv>grz-l}&;>@j!*>!TUZdWVT$XPS&O8ZkSvv1U|mIT5i{?d~=WVM~dK>PW$-^;Ec$$w7{4cL#wVk9e>bV zD(=Duh|B{V?0h31a8GrS47v2IEJDDz|G5gXmLYvNvsWuPynkEqHPTG3!KtWHxmnM|Qre3UkY}YlofF>?3KAJbl#Ph4>BUObzpZ$>!oG^L8 zc|&Y0r-#r314OsIM0l!`zP$yDhsPpuvWxCYTYFf^{?3NdHk(DQ zI#crq{i`VCb@Kh~v$~$}<_x1RDJ&4eci)2Ap$I`gUOuyT?WVMqlC_KuB#Wb^`Y?%z z3bvi=u^DmESHK%td!VTqP@A9ql2-2Zn##xPCO}?tyRjuV8eJ5I ze6L4aK7PjMs;N2owypfh>%Z{Ar|7LgXLNo?tIno+J4*bJ428mzF^OlNX7@|Vp7f>m z8|O`t1*xE3x@WbBRu*la!}%63kkb5Msg&qn9~{26uOXrEBuH~>LKJ@bQ8)Zs41iv} zDF(Zf?x`8Yk<22qGLOZ zv=GYZSZ}te4Ls|imn5!moq_0PV-5e+gP|bxpG(l6?1IJqAbwa~KNpyCBePUYM2Uoe z+&0;SBJ^=&vC9@fe3xk5=gGIR{l;Ik>9LU0JrMbJg_t57m8_8e2jbC^%8HKW&^NG7 zKjVGz%NPLqYs_yI$$;Kuje{#XiMeuxS9I@ixb{mw{AcE$w0;&8Y_o{X&CCEIN%e)m zZ8%7*2QU-UV>1D}ohB&0vnP5HmfG4o`yWh~W$z~n^FP`O>XZeCYs#xdGOE&x_rR0j ziBwn;jU;93%&$}xO4=AmfepAOLJa?i(L?uc!_A|CSMG6EL2R!Iw@E! zHT!DAcpqw^|L1{L(mmY&(~II~1S+7Cz4VoGBjNouEY;-Po;Cn#eL9-XA3uUNiAWRJ zMN~f}^Fmke|A|B0=~fJY42}KLKI~rW4OT~gKgtmqUt3R4oU2y85;gM?v&$t4Y})b} zBe^XvDMons$?5J~fy=bR<=#uco-PjOWsfg?eB5Ygx;mGIAy-!;N7G+_T@ip&W>-^d z9stCAtWafCu>_myFta}G#ZXivR>aK>kE({oE1o(`3(G@wrQG>KrThQU3vhAqZb9l( zTc3QUo`uDNZapZJP_eKOh={b8RsDN*fWoSi6V~`7jda1tA^&3V`V5U&Ys2JdG1*~1S=a$ z_J9$5RJyQ7BjQ5?g;$W~X~e@x(E%52{tg-*^z;bY2|G_#UtPw5%l=f12h;$TEbO$T zc9|$y%8$uEk1VD1e*Aj;4CjfChBl8D#M-%5R~Gc=lV~LEn;@E>gc;NUbw(j?V{aN0 zjcUz9Vi&DK`~srlT&?Q8vKPI^-@U|p$<0L&=}xF?OjvXK@I*PR;(%y0cJCoXF676% zeSX_Cvg$VMJi?o1hXG3HGi!D|gg9#vYo(PY>7}`tQssous<`^x$Au0vCk@yCPJTH(D(Fh^IT?IqVdwY9OJSiwBcyVk!W+w3Zb+>M4`?vxq_5X!x zjdjZ;fP4cDKoks)j~|DL$G@uuT0&5+&jU(ZAUd*`;NM4>EC>fc5>&?8#>XqVhf`}_ zp5^WC#E<5clwbh0l$DJuK&{ndVVjqC7UBi;<4zzbwRO%es}vSSMMtB@7Hkr7n`~pV zvcK!NJ>OQRX?**38wQd}j&4Fla$g7p#g>+qDcg7BIo7`iHv5K}L)zNX@h3pZB&>Bf z)qDP%qcmzFhEOY&7O(ReCaLff2M$j7TK%^1ySEclLO{Sn!YK?`Pk&F@cCp*e6drO` z!Tu&j5|k%)c6Y0Ta=|41{rz{ATZPfk(A29m)YM)Ci*N0emBj=|z)y+( zqlkyl)BXO7P$CX|P@!!b5vJ4q_eLde^6N~!0sl{_pD>U({J5Z?c+5(V$CI%JOmJU8 zUS0jC%NIe2?o8P#GCI0>dHG9xe1JO-K}i4(0st))jUg?K{tKb|k=&Cja!k+XzY7l_ zSM{dM*PcE| zJlAH*oi6sLBSLz+jqnPT=najHU?Bpj7h9in z7=gR~%`=DEZg4784(GJ0pNr(=RKbm{)m`0R&m2IcLwrAv;#^g2FFiUr`4Mm*Fps~7 zih+C>A7_$nK*t9)FYgNoP^8&TE>n=fAr>DU2V&TZ0-2l3Dzv9at#Wm3+@|NO&D$Nw zUv2%dh4rfA6Qz_wPskA6-f&AB2XgPSvhDg^Kyb-ZQ$f#7Zz>;Nk#=jN|HanRcJ{CEjJc%NW!SK0mrN1lbndZFGOm4G=*zXP5^No5)oWph|X{ex*rDEhrqjxFFhKXotk$F7WasyEv5i&YGAu*G@y}Gh8bJufD_^0%F z2uN#?=ilEr*G`>m$k|}+FVRhoh}n8h&dcHR3Mb=v4e)(@h<_D?4x(A5{`!R@9lzo` zI?4)|Dd}{n&Uy>N63gq?2#Bz7@Cbq-;0usX9xf(e;u90}^48_DvXZyg3X6)mhDf+i zx^~8xe#wJ=^hPQNWE28O{}Lk(rKE9JDehnnoxviZ*PC&v5&vAx2F&K)#CZ=iGSGJm)mV$ z;qONY%<;|P+dnVizm!Dq@k#yIXUCyyp&z>5>nRR&Z%c-asEJtv(a)dR9FAr%@|Aw7 zRT>+BBUos5C1`y(;|M@2?<{ML{>5gH+OyLBVQyjByc0yD+A;JGQsQCXyMwS_X$+oc zH6lUY@or`1BqJH1k*CU1(b17OU!ScA?-B_-KWL(n3lO$~ON!C!nkGN8t##_Z6Uhp& zHFR&YtGzWdGiL>rH02S)aME2^2q>D6U#pqlC!d|M-`vUgVaOsW?7nvjJKx%}4&5Ei z@O{Hb?^k*(<`)p4H<~UoQ*DQY@+|WSCcUf-3!sH~4mwgC28IVWMi{UufSJ6rTB`H* z^2$d>btV50fF@#Q_EUNPP+sD*AxBv5y#~p;zM&ynx?cL_qx6>{IUSvd#5r{|ilb1K zIL7X1Sr?lLi3kVZh-0x((%o?zM1|iGg(?#o|BjEJ(O}_xOy@)GrU04 zUNm_sXnOi2+X@Te@qA(=RBeR&BPbxi=2pi68ub>;#v623Q9&vWl&1AnW$Z~8@s(Fl z7&lCfj7$L4RT@pLGzbJ9Nf-(E?a58!;?FY_%@(&8;2-+|Htd(Xtq2;g7*i8Sy?i=g z7aC$GjNLZI{v}wl>7L<%0_9rpm{q)BTtMUGR7$>BA;l_~QxBP5)lz85fP=OJ48xSkS>u1>F#&jy3Rgp ze`oLS{oe07*Y*B$_O;f;#h%Xj#2w=|eq)R$`&;$~%ofLy!Tc0o0sF1!U~K3AzB0#A zU>~E}lCkAWKZJ$;n3z01)0uzI^=3n2QHN1us#pI02a{JmhEgbbdCU~oCm|^rsJioe_4h2a*jtUeTG8I_8{@a$UEZO~iZ7;q)7qedWo~l% zOs4pUh_KvTr)_tR?4=J9P0e2PE(BM0!}+AFte1~hSyxVd-U_gfTgMsrjA$Ttaj3n# z=9=fKs@~g_wJooFeII3`xq7IpOtoEXo3DWR)^!u>BAT1b7ZWpZryjd5Y+N}k+S<_s zXGeZpU_!!H!{J>yFhplf!h z)eKnecY8UJkeg>0Xxzfna{OjSOw7hA?zIhEn2&~c7CAs=ZXbVbWi!=k&D!ZvcwWJ# zx_Mzib#%yP)ei3+Vi!_r(ELCjSz=_A8nH5L;!xD))D~>#^bWsZc++|}dB><-XM}5= z!HIRA^K=)CAs~_Lq^fW3ieoSyZW*QhDYS`Z*|Y0%hLx`wa&|dB0;s?cUur40gEN+M zcy_Q5osax>heLiDtzCv9;u;6GY}xX2B>2L1c9B(^Jl?msqUANzXnYJvCg-Ea0mFeg zxuNkX8k$%2Z|RYsG-o}@ZZY(OIpA2{okOf^G4{|W)TLxeQ`7DlKb7;*5E@7hX_wrn zMZvq3A&U=A1^y^q!DGJ2tA!?0c{$(XS)Q$h;^K{6=<9)%zt`pObN5?N(?!6pS_2-l zTTQRLxt-0uIrp!Zk&!f~>68~*dVkEeUe_sWkxoQXQgZK%+6XH8ygRqPUA>7fz;lygV){Dv#xh4E6=dtd~i(R@r+qmN3n>#eHXXP>!{La zd@#`15)mi+AdL4Jf{jsMnuvanE)JSx-EH4wk0(k>R-Q$=+ocLpeQ8T%rm{ke)5@j0JyKcHG2g>qUQpMx@%T{c-jj#ICGOr}rQ z!2alZnjgJ0%PwCo+sE3^=+|2lk)L;Tp22 z@R)7Puc2*7v~?Tr6TbJ!o#W|3#*wC-=932uyF>0@Pn`%*ln}`&+^pwH<;519otKwT zmH(Cd`T1Zd8J4VLSXkMTmunQTYv=Z#Sju%q)@Zz$w{`7zSc28-aa^2}MSnamWv<0e zuR8qVuX#h-j77WE+eVp$7p45(ZCLg2_-o(CiwhHnC+ogQ3Gt2@W*3!a#D;pKIj`EYL5-TQCC!knOAZA`LT zJHB)6?%lhSE8AV%&b<23=7f!2)xe;o{bUQK*1b#EF zS=ZL)_Or1rbI8rpAVKWrt|ka^W@fBd>F+6DyY>)lf*6yGVpmylu?Wg+6r#)SiZGa( zjz`DG>wU6W^>Ar!?pd;^qT>5-m1XnRtyy2czE1rPE%q~a!%gRdH)6j{Oj>r*O7x`a z-f*VpY+hw0CClCNb%wXQR$~hh^#BwKw6|Z~-r4*xcJ%Sq1{S@;?|4mukD5%pDi;Gu zDLB7MLP7!!{DS>n=Q)ESU|V`GQcclW7-Y&z)Sb@Ir|tlHY7 zT#nGRwB1-I&q1oKs;=$?J@h~l#U#=|CF$9!z>BpXMO%Ti@i~kjLexHOM=f`Iq#&jA zmoc<0K)1_W&QVF1h1}_y(0fHAnZ)#x<55GReqhqOq_cJS1Gje~_DWR6jhr<#HTw=9 z-UN>Ynqbx%&G)Wcy#Cnw;qsyJot4AI5e3Pn)KK2;cW;WAHjYnW0VJ)flRIuY!UTSl z>%H)D~If1L4cg8FhcR4%FzNXpD zDib`t?_3*g?Yiv_n9L_06wvg%o=7;0J9_$2ZM@}6-}R^Hnd`g8{8{2(m!8=;l62+Z zW>)`$A_a?#y{jK^K~Rw7?Kdu>&3O1QOOFK8UN-^$n;R<}W|r<(TtT$br|A|w4%YFW@6vgU;f4xcmA8+cv+v4ZflDE2LcIl|y{EUgsZ-UP)lv;}M zEb}?qeXja}-?pE^cF>?oXut<2%;=9liTgC*Gr0GftZduo;IQp|94U#X3GGMIb7i2p z$o>aEeFKO4ils~Z9{x6N^)S2XZT!RKrO@vGlk9j#=fz*ikP(7IF5LAMH@S|x`#Oj5 z>Yoa{Y8LAJItWG>Rfj2c;Pt(|%@k=;M@?Sd_c=dVswNW|0qK&BXP ztT7Y^>?!EJVv!*#r8QXKDR)NN#VxF?PBCrV%fz${Ds74b1m%07O@#@D*n1kAnvzo} zKVZ-}D+!d@K!S5ZP|$GVmmKNSazLn@ zp9_^7gRv?6T#Psa*soTkK=;&%@Eg&EyEyVdIc^cluAVO1Bez@HRA4HRb@w^ zaBy%mwphV70ZLtR2Hm^9`d`#VUPp-zZ#_M|Ykx!Hb8zf9c1-8D4qTNCB#2~+WIoe0~B zZa*w6?6*H4hgMhvu7r8mPKetAh~Eri`4zaY{fXgeX}+`b@TrBTq`Z!hkAF&h3mkd1 z#4$j;9^@3Ex!g{9>E)I0$!GX;86@nw-Q|HtxVT;vb{I|cC$<=Uq7$-twU&l`f_lde@K}m)=K+1Ir(LM?Z39*9}LcS(kfNLp`;nG4lcEiBH4Q?t`C}pQ$ zj3U}O5GHG2>r9oZ(bD`71dIt1Lvlg^}#2) z_aRA9wwu;eOtaVkMe=c*DR$5?fihv2;%(pxf>_nC_49Hf286k;?Y*a$ zmvIMdinm~RiqEkC1&!6AkU7AQ-*i>Ay)a9U3vYAQVCLdFcd-Z2(d^+$sV}YBXXl4A zrhYo1SR0HM1QjvR1=Awb_cw6cwsUIG3^b=Vs9K_7@Qy9`a$zpAPoKi4<1;X2yXtC0{S2yy8$_0f{IFjHCL#s@en5b_2;>>v!#Pf+d3r zxSUwUp!8#h<=y;N1)TOg?70AU6cJ|X}Tt(~3ktN5`b z-*t4P23PKol_kPv*dOlTK+(|9xB*`Z5z{IvDnc8d#QcQ0M*(*ZjgIx(wmB9TOHkHI zug40++G`NS(B0iF5`6ia*BUH3ZMa*^7(AVwo#;7pnV6XT`1$i5bS4iTK0L|d3I0|c zsmVmmM?|TpI}+t;K0jP-2)Q+)ID7>TqYMf-6(N%YxiT~sQ$Oz0UX+)wS5?I74HWem zULgz(w?dBt>UA-iuu4)WxS~YM3vu2T=!ZYS9YM*0?{mYZO;o7iv2y=v$z-@4FCS() z0wwbgr=uA}O^vA}FS&{mH+}vqw3Fn*K#NN%bV#?K`S^rgTk}raG@b!S5RLMs7<3>< ziQO|$w_`f8fBZhKQ?Z}Gw!<>v-QP6fynaikY&OBlqfzjNZHpAJa)z>c9Lwl}_TtI* zpWAL|-44B$Jo5CsO}yo?X1NVj5yRYS&Vg^udLMJhyd9JrIRGv?Cl_+vGMV7 zxH>CCebLdsb?XqiWb$!Jva;0P5-UDkZ+xo=`5^!(zwO6Qe4qxNKYuRMHxLfxW&dY*^WH&MY}VP1sIOQ(q!BhsY#e!Cc7;(!RV$M~EMt)#QdrH>bH z`ki5U@susS=Y5#P31uHIJ!m2Eo%A2<055}$R;*aj=(4J0czTX!6W8k1PHgctVxpp5 zcRhq{ZEer*Vc@_LiJ6QHot&A5Ug{SjkT|xy&#&p5W~!*WbNx3O?$XFdail{ ze&>5U|M80}&L?Q!Z%jqkI%;Yy^kgi6eaV669)^2_0xJhU^Pr&;TX}Ix`c-+!w?C=d zrQO3!m(il}u(jo=t4R#;`Qvw|UD@P^Fg|<~gvoybv%l^92byv--FR!y8}q^6Y1<}_ z)ES@NUzM3)|Jl9u^on)emBYV3`a~$O8yDBF`dt^T?x9z*Y=%yF=+$q;bQ5POw(oR~ z5?YnYtndS~iIJmCsNdJ9N(j$P>@TP)vFSl~-ken~I@2+TWKEK>f zT;lVSb`6P%@%~Pl-x1(qqJV#C_$)0++Itc4rXfYIo<5*?)$JrGO!xK==cN2p^Zk=_&vzeC=@CG6Dy^qr5~SR#PPfV$M@SQ zbmrVSMlP<+Fzr1^O%;&cMoF6;NQJQ;g5gs*C9IG52XgM5lD3YHhs16wB_$Q%KioPx zjoFw3(Kd%c^9h^*g#xS0YFSxXe1V0f0TQvW5VJ09cF?$yQ$T6!wqf5n zv{_uRGTt#Y?WhOkZ|<>d9I)mrmSuE%;4+0_09bPf?wq(C*7EW@6a71jy~z}I9GToJ z7!)>7p#X|uo2SLD1XJ=!HZR^DhQ8_uomd8vR+R5bM~ue_1})8_s}Th8ZZsy=;8WyG zzgwlem*rqfz$eaR#Xh5vkyR7TnZlK!60$$TA|f=g)M`_R^OU$W(XoV)6+R>Hiw89T z9f*^WSo2`w091oK|uh_mrqkSLsDPjb}~puGp&s$q=8EsBP_&0SMNBN_vQz)W~H3gPh+UYw>)HSSs$ z78$99_NppOTr9FG7$v};uzeAu^ z3`#$bLJf(JS2-!+A3i)zpQzULc*{pDk#>RMgREBR4B9Mz2?s29Fcm6lax{=|AV>e7aT13^_X^MoPXLgX2|}ho=IwU~M9l>G$tf z^>x+GoLNS2+>IL!2uk0J_yGzjJYaMu{%uSb5cm5~BG~`HnA*;xyB%iuq=}kvIqYUW zGU{+Dow{*jkFs??H}N+hQ-DH&Kp<_rTH$)qoxQMAJoE6NqFD5P42iZFR@2w@0d@k@ z@Te`{jcl1y@c6CYycwVZzJqlPLe7BGjTyGP0K*=;xrstPi5pG>BJfvp`Yz&v-AzY_ zj)L@0DAMz@?^7#$QHCT5_Rt$}7GsIX1vp_h{Q1RkF`u#Neb_v9Vyf#YCWml}d)CvC zFb5JCAUP|lFrQUkz8=>K;#ok;^t7#5E#n-Y7x2{9*8YIqJP+LkV#J4Y^R%q&HgK9S z?=)uOEMHFC!4Cg6HacJ-8Xnk_PKPxJ8;VFlD9&rjGc`)}tfXz|>F-jId zK(tN`+wKz<>){ljS-CPBMIWinieGa(g;f%Ax(u{3>(8qPH^V{qW7K+X<>mIhl?e>! z7=A|Y{)(x2JOioxcL5M-Vb0<+PRht^-L4LMm?%65P$9x;;_m0S7P5vTa3i7&gh%h@ zc=6tVvV0hwKi$Y)N?bs|*%Ws5yfq{p0!tRLEMf6N>P1V31>Bw&<>a2A^i!J}YK1Cs zsl%gPa=_ZuFjd%$eG?@^0u^dj(;isn?lz^Gx8Y)u9xvcOyKXJ}TpPop$elav=n38F zujhsh(OW=a2TXiNGv_wq1W7T1BJS~_EAQhT7nYW;14e9nn_;K<0x9pF^9qx*U+ zvH!zrL_AM<9rXMrG~lSu&i9W~(b3U?fwKx<41@ma%*Q<3w1#jU7+;bQngTFenjSd}GYpZU!HEa2!*Dh=16-7G zMZ@@{pAWYwXGN>#{1_N;C5ZzRNLh&~4OHB`k;bkhK}|89(b|frp|@q-pa%q+xAUIFF#wS zwL3UJTzI%i+W&4;&Gv||X^VCC>yxLJzw&;4`&wk$+l?xE&CcdBXH0c$T(+wpJa`aI z|K%V-9KRbRhZe_n5#Dp_%%dph(32se!VLSeY8mB}$e2(d<+wR=C zlV?YMt=N&R=E)JI^o;Z0kTFne_)NdH5S=_hZldf?=Ss7go}%|mA|1NO^=eG z|C!$I?i(>tN1115CQK@S!>abZfvK^-VbkM(#rb`b0+<^cQ2Gtz28ObDt6zMT&k#tC z+Rk}LB*4{;K*IJ*<5}YG0t2&i9tSC4wu`)J8K!dk^O=MLZnm9lk_pj- zS1mVpdD)54H7LJ9AHfXCPeNo0ii#>j{Sf7{Pf#%ZY%$4&36F?C&+Q>f!DTB}2#s~@ zaeI%v1b|O9Y~!%2f@e7kH=G8iTw3AepuxAGE}fm%kiaACl%z(+s)Je!7{Gt4 zHeF?9rD5;)L(l+?|1&Qs1jre#khl&VEQhNsxp4IwVz(>y<=X`D_}$c0Yp3H2<5Bjl z!CuOrd#l1Aj$8x#I*NJ?P0j4;>V%vLA!IfH+7l}DKQUx!?ryL^g!UoaCQ4n@zE0SI zjf+N*ICGlOT?9q@{A7zGFg(EO+}s>;g9rzOK#k<8jwHlW7!i&r0bqtEo>sX0|HAGB z@EXr5W!PAH^y7ItVl8K(FTr>j8XEe+CYK0P-M!Rb6J_=bo8X%#-eFJzpHy>J;7LbR zH^n3{ZGg-jVc-pi=bcc}t&R*oIy)c1roYuR00a<%R`e2@E?L8IAtoX51p^jP(oNEb zXD^sRCrc1T#6?fIEgNLQ5R4BjNuiL?DiDf8vxAv!u;Igqh}!Qo89w%lw$KlNMA{1b z;=}v*PkVG=kcnb<1qFQR;zb9PR?C(xD^DsCEheA|glAGpirU=NFoHq$!CbzC0UIhXOSh7#7x`!G}M%zkdA`9iY8JLi8v^&}lk-`SSDXz87Qk7_kV-LK}+~ zCrKRW0H5yO-cPVypZ;U=1~vvUavFsK0GT6j`Hh~6;GyB+yCQo;G&Gn143#xXMon0F3*hfDk_46In0z?5;lm-4GuqenwWDwkwe>^^?y zO>Wm@{x|Q56fi{5x!Rz59H1}){;c1UjC4c7xs9wo$)Po#kO?@4kxm!#rt#*Z~h!MyUvs@rkk6cs&ERyx3oG z7s!7tpAM32fkl`6Vzjg5{u##Xso}N;y$c{fSUf|kmYHG=By9tNGJvtLIFsv%3-SfS zH12j(x>>#aOH$ba#bJcz;BrChdS_M+AaJp_%S|;0kVF-r-qjay~_db5n+2 zzI=hEeFan;(33mLN9da?JMqsd3S3)dBw#R4P#%@}8E9v5R|*hF7y6eTpsz;*)xj1;v1)mBu-T3h$OUl@LAL^=1d;5saZL1#2 zmmsY~K;q)Gja}HvcRc;39S*wnUt7fXtQXm{K5i;4z9Tw1x;#a)A`zRy^~B+)6?yq8 z@$V!0-z6s`sGQ$}>(HG3r@2Z;Kb80TvRoZOduw(ae8kau5aTJ)b21G@`{O1OH2tI-cI%JOPd-uzrf^hMQIe$6V2ra7Gd{*XD&y%p#(W zBg((wYIAj)cst(I-drTw9b1Y1ZN*2duo})SgwD-x=Vi=(iPNWQ}L<~FR$FBt{zdeW7iJznUTphgnQ6n@TJq8 z+l0odEgSR5P@x7Vd!E&A>eF`3T6W#jl9Fpto+1>*n)OkAy*zmmAbOlI!&zBbK^}e< zT~N5I?k%rPH8)5#)zH%V+}y0(m#}~1N~};d`Vwf200ENj2Nu@`)|zX3_wGfc<8>cA z+V3<{_%2?*Ui)zdQsg_BwgZ!n8?eV%4>w!GjSCJ9X1GO>@$oI+zI{Uj_Y@IKpg;5B z!@&<%L$~$~+2QEP28)%VGUwaIip01?gIm6&n+PgTc*rX*p+3dF<&2p58>X1Gh!BJ- zU&zSF=nfb<JR?+?rH?gp`rlS1S-FB3>HxLsSKZ%VjL9by2Xksu%q(Wo%h)-QN zZ6kzI8OF@!oDG{sx<4f(}Xe^1dmC(tEYD_d>*vh8(7+WxH*ymYxO^}`+H zB<2s6Y*sa78*Up#iD8#%GtCJWR2_j%zre;x)`vrl5OmH(4O$Crgz5c4XeVLG@t?;1 z4A2i8@;pyM|5i9a{&NhSVce*ERFD8Lvum1K6mVe0iU+5Qfd?oaqE;11tt^Q6~r`(QANO%d7{pGV~g}PMsx8 zJSk*3{>o^?|51lXqU2jHw(ks8Opz6g+(9|e)K|i)ej!;`4dtI=6EcgT0+6$^;>Vrr z=+)5^HnX<@8v6wqq$cjxk)uc5mfXN8~J+4Bu+EIB(8#Ba0#Ai-A_33VvO};$HsJ=OV1>zp)eqH zBUr&lv<&MI?@5$Y6jH0f$_**bo`VNza1rRLvHScb?V$M=O^NSY+vI*%i%;QkBb_V` z?b6*R=Eo`}J4=d-zd))n1nErXp3967+#|_oOMwywIL{wB5FgQ_Vqo;7o;}|94TUFIVNW#a)$5quv?A^TNp;ExX zvs;d6z`}PjLdJZ%{XaS^Syk$PFI)+=@V9=8$t|1P2KZCf@WrBP{KR_7(fy*q3kJSnLx(bLu`y{=y=eqUfuUebKe;Syz>>(A8|nB z!7@mK{fQ1kZ*(K*Vj6XIbr9Snz7DaCH;tSBRq>kK<1#x9dI1~#($dmW5~P^i6Vadl zdNnOAa>(|h#zeE_46zbHhc@7v*le{LtP8{y%dw}tesTEVK@r61kt|+Z%Ace=g0gYR zn;dodQCm$&)UXY6fcHnX5!q02|44+kIZs(t)fP0^&Vr67p_B9H)ThzPyi;U_#fj`D zib>A|s8Z3|A}T*w*~FZw1_3)Zlz<3x0UNl3NPR$Xs{$y=A2n9!qoZ_|`W3M*9xFRR zB_JT6-voVdVsiS}78Jcfmp?{Zj%xXWgMkDFPL;D#QtRFV0}NXtIrB4=TSHg?xeqmX zb39E+NkMV=Aw0Z&p~-$_ygT}rB)hI?6^3y>Nh%|(+33jh9P=X8+Le+DyWW7f07pXV zeDh{YY7%RSNZvb0{xefIa6YteUr=FJxaY}Mmz53k!;~M-qpQE7$wKq+Gjq|mmsp2z zoH;Em3^*{Nw{qRhSE0YL(S4Rdqvg_^--gYbA0W<3G3m~dT|Bx(nU%6z!2kle?4qNY z&e;DxW9$Gn4j3u92$)a+m%G2Wct6W10Idm`4n@AjD?Sg3-m1V0F5vEcY!2x~e##^k z%?2rLm4a`z3{cnpbIa;Bhk^PjD|?2FO#jl|mHbAFN#!JA`p8ywBt0W%j*g9rk~TL| zGzI3taCSnEOe(Z`2d|PP2AR~u*slR`=xUK`i{`WH&6`sqMUC=n+&IrO`qW|PhvEtw zDw_>-TvKTCMO#nmBd)6rJ4g=F%}9|A`Anwxb3`5$x?~c*FH$MB`u04o(0^4g9e4T< zMx#t<_DDrV1%-khUM;eCy~?>_{%{Sr)5PkFQF{YD`q^4toCprPRnKCekpp+u6G>Gxo24*2z{OP4)mkl(WocRsO&?E}f2E-qN z(?v-#-_xgA+jTgFuKwX&a_H=>hZDONX2!?HhCq<2qmqFH`4!i#%TCkSfk=ukB@5N~ zrK?w$QAn@#A{Zrog{E8ovIS@uQlo0^Z#}?ggNY6mIbn-2=0?^B9cXX;T3XsUkppx@ zE;_iYhDI;$8NmA`T+Rntu>K%;y;5t}Uwt>J-MfGH-FD-ep2id4J?3ptiD4!**czSH zhUzj93<7C!B52N^^zpyffi8BK09 z`2xuwJv}`^oyt}{`%wXyvn;r}27u)x4byuhR8QM3Ro%PcvXW9sQ=@{SVsQtt4?~@w zecC`;fi(W`90P)O0d*UZ%ATiM_P0!5Rr zkZnqC8r+tvfzQ8zqdIe(*Og9wVma{3hWLWV~cPiVpr;qw_oj06=@e(;BYnDU2bkh$!2 zBM<>pgsahjyfHJ@6Tz&9VC-zf7;+%`m)Sl9s%LV`L1pG3@R1||g5Oev`t+~>g4H)~ z-VDpaDyU=hjrkg!G6ivyNzx%y7fUF=Te?aq4|tm`f~t-!gIL3&&4ri3wMGsX^sJs9 zD;XEPEy*G1Nf71>0hy0nUDrX$N4Pvp3aO}^37D2wpl^!*asU{|U6_34 z%4cFsWEUgBibKgg)^`-0qr&?TTDk9Vlr;)@H0%d--;uJa*n)b+x4Lck}OqxtW|J%}w%U!gN$pj=v9 zoWwm|x^m?{cx0nKQVHX#*uLRmSe5drv-Kk|JZyV@uVsV2MWdI&Ol9A21v%X4dkXkQ zA?6*%tpvV^cz#U#`XiMvB|l$R^zkZ-3@oL+acIcM2uDG%0!S;LU+F8stizpAUtcdp zdtLwNLIMhPLt&&z`z*PEK53OD{Dg8?dGO3hR0DwBJJiD)sIQv8JQt*jm;`k|A4#Da zExH6|#Ixh-zQ4)>`HZE7MKmUq@Wt>4CXTZPc86G5^^6(nwBV}t8f&VnsyIB)=Wf?I&Lem;mDWnVWctPGUyF(6U53h44;S)V za&*_zFfCo;y?R9?EA!L$KQtoW4M#iHOCE06eC%DZeuvC$Z!7Mzu^U-KXAjqW<+}R) z@TG3OSWZ}*o_%!0rfkwiVE+9( zp>%8QTc=OYO!mpfDdogGsu>gK_4|l$=BBcIg;@*ViJixhbzZ&egvFiVn2CYe4v1EV zLi@>NOMa&CIMf)VY0|$AZ2;J|j#4{ips627}XWDgl7$2P}KscR|vvS&G#t28fM0^kQx{4b&Q*}h^k7-n=Z>=_$r(699nbIVnb(I|PEWR0*|e@!DJZj>h;1~fl#IGHSNO=@KC@0euG2@e$dIp1C zFDhO0dy2Mcf^K3HPt+~yV_HoCDYiBCZuuz^0UZ16?SB^TPFt+i9cDq~Tf9kKOyjgq zOS@jqqb;^(6FNH>bXjOm42iI?u*BrkTbtD8JWwg?EDH$8obNZ-fk!v=bt?6x4Tsxy z_DBizf3G^-bD5Qu)f=G(;axtcP#UjnL?`Y>Qw2$<~qyv$GfMbdFM`Q`$0XrnN;c<8^$vQTBXICqy_zgge}g@j15#q>g{~Vtuf==(jMu3%=nIy61CfUii2!r&xYxtG*P4P z8yvN3pY82$ey`HPYE&@WYcyYyxe?#oBodOz(-^HQhYwLoQySzQ*PkqEiJ~qkDUnOF zXbN~A8>oqQ-QBfDrL*urfW+CexraLgta?B4O*R_yS}no?$=C7X3MZaQr<>gIat9_% zWOCk z{T{B&@7H9NJdr-!C2c=*1zNcMLSWf z+vX;KQISRjDioidkc=XVgc&_barpaIc%78}@bM%5XbR%*CB}?)$D-Y;@4(@lP@o}e zh?krKzNI>)MBPpBC9Ta5D#VK!U_rrSOEensaPmGX6Ie0zJAZ>;=u&Gg79w0Hqn<$)0niZa-m=tB%pP197)*}V$r z#|Ube@GiXjDiwGOR5J$kc(?O6E=62na8LzKRpZ66c-Vx6_N> z9NvvDjIgIi+_Kd1)(2$7h*yNkMpbL#aT{MjQCzt;Ug7p4eo-k^7f{lVOO3+sblCkU z88ktz{4CoP@0^6$$_v~@XJ}aDS6GOAQA;8@W7HduUB)Kp1>B}p@NBPK(j8UY{225k zekC;MPq!Zs_NH2Qe2>7d=+n5a^;(Mu{7f#F3Qjhj!1TIx`}S9?U|vi+*l%R5@Y-Jp zsYQcCv+ik8uwK{D`S!DiqzxPt7Di3x{#1e zmzrmI;E^HP=tv|(wrZTUgxX}-n-cx;NrCB9bz+7m%5aT*I&(5dMuU&q9>V6LM8-2D zl)jdo-aGh=G|VuuKurnl5VSH$fCsG+Y$x9j2P!hxbW{5irgIn;hMw9YU@@Q!qw?6D zA6ZvrWxIkH=5GT3K8FL!?tam8ugFK$7%x&}qtv$7vAF*+A_9z@B>ca4AnwaJq0U~g zRZ?Iv5*m$)fZ~oc=*CK7|A=EM#F#p!`Sk@1czaR@GptMb`@(-gPoiYGlValVw|%T_ zN9=%fQ$~{#*kI&kVp_+wNmzi=o5y+L)}(lh&kKktTSXtI_=NO^_LjO8_=&m}^iLKSWY4;l zY_*+<)A0!|df8FhGRG|7w)|&>0GJ5n#^X9hh^$qF$5lvP$6iSq= z&$wp+26QC-QfzUzf}+l>s~su9Zb_k}x$0KSGA^NXZ)e;{aZvm3dtr1rEb~~5Liu`C z_L|f0pVzKEB|o3w<>~*e7p}+8{?FU}ul`ih5N9=FC#c#rFvbGUTTe zdC@>AM{Y8wtdglG`TSz>1Aa{8{cSGX7!J(;`w{RzclQ7DNcoRD`}%AB)w$8omGXyT32z|8q6|8?MInYqGQ`-MEB~4UEk7 zG>f9RRO(e4r1K98@vG2k{;=SYa+9km|JO{Rk4*p;Jf35$N`ek-mp|Rr9JCsos8erA zG_Sv&;>0&uTGl8>H!8gK_nUS-{m2_CIALooHP@@EBPMb06J2ySKn!oqE6L$AEF0boDCHT#41_Fj_(#(gp z8GjMT@DHK47aFWHcdRx&moXZ#gDcKnCPMdXSLSdwQ=w_gtln#%>h^cBdGU2ET^VK; zFL}d@ofQ})+@3yd6mH9m9eh?PAChAxlzOGiz*Z*ecIktC86F*L4;weAl$GEzOb@Ug z=n~eSHXcZwZLJ>HYM!_edYff*tnFxfV4Yihse#<+<(vLyzqoHHCJY>QHg7q>s~s>j z$k*Y!&uG!uORIC!HqC&^!55>_=|UxvIx+7pC8hXBqvyI}TlD>yTi63lZJM57&#eE@ zFXsm~kc&;lvnuR0zQAep$)w6l`v4p1KK>A2>odyN$JFd>>Y8>aC0=0(vwD|&OLAb= z&C$5reejl2RLXl!>tDQ#nHd9<5u?>yQH5Xgsv;^wJth6D?D~uw*3xQJeSPn1KAwN< zj#wsB;kwi{CDQh@QI>;uQ{y7dbGS2$3^(<0F0=)WjxsbiXfX^nn_DF8{(fMazgZ5y zo8h-@248!;=sf0yhg`49j2HOKeD75EXbw1(DYW17+EGn8x3BacLnC$ls!Ip;Q@TD- z9N1z_#MK8fEcIQFo0$yQc0RY6toDd4J1G#)7WFaWEB&lXf$0@H9|qgm$g5)?3i5^Q zMV_~h#2Sc4HFH}oPMMR!w8Qq}2eAzMX1$1pOzS~9qyBUieZSJAxmTrv+2d1DeD=~! zt%G8wk{wnxa>oa~i~YuLt`o4jnrCkkAdzZjhQWGMN%_hZPXp!A;o_w6?8cGG*#_O& zVh^X-sp&^NCsWua8%MenE$Y`sR2EHEDgj&m*pgv2=VnyCPP@H+u%uwf-Jr027jt{; z;w?Pe!EV^DRVp?~USn(<&iXa5X! zefTkpTAxuD2Ad;Yel~jawo^UT)A8|D;v=E?+h-D3V;er`DTL^mZ6DiN_CY;;xLJQW zC9dda*G{9{8vT+jDyiJU8C~C<7i*iR2P`X%zK2X)aQpgH!oJ-{{CT}{)kj=>eQP}* zN4rdRVQ(Ar44cAlb$t%*JJ^#9q!z!sHT*JP$dT@NTdCjs^h*7kOX{NS6_p014=VHH zEk&)MR3T)a+H~k#?}5pXMTcg-Rw}Op;{Nher}STqq|OzIo9a!(w`8YwCSB>e;@qDZ$RQg<+`gJ?&{QEm5Thr^qGbgr-$F!v;l&a?cs&fxX5l`B@X5clBUFu1fNuZT21SZHz18`PkP|@4g*Ak_6SxqM$bE!8tld!XbOj3^% zvt!Sh3WI2c{end84`-&&2R6=!C8Go^ofe+6VD>XUL;fudm>E7XKDmu^HgQz>Q)ZdJ zrNzuxzjtQod_cA30lV>XMU(onV{O&KA()XeM^ro+l&oZh41WaQ(wFyOA}{Z&N+K%j zr^PG2#|=y?WqXp9j4#tCfNyevRa<%3-Pg9`llb#sr(L5}(h?sMHA8Jfku{9;7ZE zN@tbvk=d(-eQ%3U+crM47N-~t_B2b8fZfMbB_;$kYHa3gz1m-`RF5gLPSA^Oat~-c zkm+ls(!0)H+h@9p+jF}5yL9`$S>;-OgW|x{j(Y(%jIw_A)(hi7!V)7DK86_!P3j6Q zBBS#L%`XS-M;8b7(#8RtqK*e}lPJS*j+UK|;a)|0X1AqyURRU6Y})?fmr)j_iD zSQ}eez<{lZ$AEEPE7j=FpB-`|pJOCbT3kmWC)br#RZ87DW^i>;e0t1_w)BaLV0hCk zbW!5-#%nD{vsjgFJ8EuP=6prai@U!;Xiv1dMDmXbMcZsTA1)pSg(-`jUPsOMZ=_t$ zT(lgki=;p0MLOf<4ie9K$3OO$&zo~i5?m|s?_P@c*-;!ynz^@0mEqsPUR7Ng?4i2M z6AXzu&tFE;pYyWnu`aI;$+Wq%%~@l#Ym*Lzax*bL;Ch??|G)Zk{N~N;)m7>+teCzH zRF$)u==G)_zo1{{fHbU literal 40175 zcmd3ObyQVf+wGx|F6j_Nx{;7BX%J}vY3c3`X=#ye5b2WcZlqf}B&9p=I=}aQzkj|v z#*K0RxDFjdH|OlV*ILgrpE>8VmSIYYQs^keC=dt)T}E0$83KWg1%G}bBZ4cDxIroq z$P0*!gs7@p+QE{mCf@8a((w^~LgV>IK4gY32&&z|EwhA{hOc>ub7*vJBV?FlmiJo{ zHfi3M6B~s|Di|6%a3yq;qf%)?Dq+4jVHL{#Mo1{#eh6SQ$YaS$y1o;@9DT`eYC1A} zz^gZs=9rKe7dPbKaGGU`mY3&%C5B8Hh;_K_3D@x7b&-UgGdTT4$i+H|T z=OyUR#rip!g!O{EyN#W8*HK#|Be@Wy|M}tsUEvfqcP%#^eSCoJr%&@U7tl{5Q~Khl zt0xqws()UYdH(M!LU>fqpnnY=r<1_>=gYb8L#hAyv}7)p%s-Ebkfi+j&l?d&ic$ab zJ$B-te?7_YHA?J1AMQ5$_l+JmzkdB16B|2j)-XIQPfbHpJIEbW`V;?OFGjPzzFzTZ z2p<_9mPxx7?eFip@+ut*3x=6;J#MIJ4#H9;$bCdT9IX? z#VV}5gbahKbg}WG`O|gI&KY#Qgx|I-@cs;B)2WN)-&r29f_IzHk&%&^`}qm=H8DB^ zBV(n{gU9#p-=`Qfz`V)6s@7tzwVIz;#~;A2li=vJd%6_A-~V+K`}hLW_i0w5x!DeR zm`OsiRH}4heQY+d@+MdBc%XHb%}W^*IS}1+aiY_~>Vq>{B@ai1$2RHp#W5th&(cZz zIm+`K7UA~f03N%wME=En90C$~%xAsFGJ>n~?@@%>PMm9g;Cvvmk^0fulK!%ppI`h% z!NQY+`>T5S4h{CM#_lW?1s1ySS6ZCllueWD56v*SsPL_4Py zu0v;3Miu#_=YjT|o?Yc3w1G6Axl2Bs8Jps*SA7bxyQsTUV0c%Q=!e#BZMfHzxDr zM2R!kE69vboP7^P9)V#OlCaVIfgmCb4g|$Pw$f;co+-Hj7u$3r>wTTi(09e+zF)-y za~HejI&TO@YkVxY_;iFwLOxYp>CfipQw}kgGL%nl{HZbas@&6nh+MV)ePRDo(nMD1 zvFiMVknfY}ccFe5qmt=;Efo(#@=NP`^tMMkvaQoWb-gyl{Jv7l0nL*I-2lil$n#GO zqzh#Jvr^W*l}BYcV%Z)H&Qu`$GMqCqGBj(gh=zatYM8YELwx??*YI$K)jWrryL*k< zZ)Tg;uUiB57xxsUjO=Rz^}gGbiwkeK7rtIsZ<##bD1N87e%?W-shMo}I9R#E`5jkB zkSuFH{ch zbvtdPY_m1&q}*H`Jl35p6rx7Buk9w~#w?1+e{uF=;l>6!KV3fy=ymQP8S3lo9l?RL zZ@?s|n_#5~XwPC&2F94iMMq;MFl(D&;TH!`NB0$Tipf$66W~R*3Z{p-q^@)(}nyj5Ys> zAaWAPh|O4xr}@GccWr54el^yaz>~H5$}uP|m3ackVQq~WMo;NZvh4l75{pKsm=$8I z`6NbmqcW;m-k)d>VaXSpM(zD9*KclLhRO%&*i9EX(+wwf<+i{dE@QA^KWpDO85>w3 z`yF*pCO}@kEHyvfCuc_G*AQQ@oHalw{=xiJH8C?&$*{hK&BS+a3$s+j?E-8M!LF`q zSc#BV24nSQgo4aiBZn@KBJxkar1s&rY2d;Ac%->hqor6CYM`mZ6i%vIbY zb2ABl2G_bR>AKhdWQ5pDcv>ZAcjH8=_=p#I zP2ww$dVH!KaB|w2ZD+adw^(B6)p~%{`L56L&IMo~8tEj$(CnyRc)p-tQ5htg_HcD< z7F%aFI2jeupuhVN8Tr)wby5)n7nnHF1V*X%t)$8t+5w|c{i>lbFPk7DaeLi_;)h*^ zflv4$;cbheV89T4t$qj^`7D{>o$IPtnPh2Kxv)-Gz8t2()(;}PlZw78y)y?ILQ(^;O6)QC_Upv^CJPBKHJ z=j}kujyoiI;31Dc{M_J#B9 z*F~s>=I(JmBi=a#7!dz1?|oetZUo?)`(b5V3y!yF|EKYiv3xoS+6No@*6UeTotX07 ze6qxBCXJ1wr?k26)+W?jMngqL$iifp{78%uz70Gm4qLqSjHF1eK}J2jyGiG=Z5{xc zkfhVB$6CWt4_7=wT}=);_lKkmuD_GV)Xx!;850^wHzWq2Gh#ZfRW7UvYS_DtsxjSe z!wz=_%zS~ErtU)0E)Nglrtl-tO+uXqo z!tGEZZ#9Hfd~NSjv~P(IjA(#Y$M#vQ(-XGOGFgjhXWYey?EJ zuK}h`Ol|S($-RolJ1jK9c?2p>%4%Y=oG#px70jsh)v}@E^Vs(3p^nv-zfJY}y(Dns zg8d{3hMdjU7QQ+{xZ%Gj9zM?|M)uYdwNTcwhs+yA`vlR5MWkW}wy#Fb)t&GxM#}b` zUQCWxrjnFcGb<&rmaDycTZz+msn;{Ta%gm3osrby#=GF`^jWvhj-LZT@9~cJ;FUTS z@-;wmN}Okv$6fY>{JA`&=_T*qtB0j(s8o3Wl>s&&#hvcSzb4vu+45rXW59Aia z+P>y1$*!3W9G56VI@xd6TX&Wqexma-n?q%)Zbhw3FumXx-NF6+mX)1pD z)1L}QyxgPE5nk7GZo|&FHGXVeN-;&`tOcH^B;B`lLV^8wzx1`o{u7{Sr~4fzl@zuT|-3LrGmtQ zI74h#g^x(P!!mQ&YSn;P= zgWXw|&8w-Yqcj~(r-gKN#~2P$k*L`*Jp_ZHI8&olaqUHZKw7$bV1iUx`UWIVOydFw zS#m?|GcAJ%_TZ^*(!fU#0=Pb>jvQY_vBV6uwXVTlva*7L`eA=$v#@vv=(DJ_$xJZ)@Zg!m-~A*<-3_AWaf z*=<+XSD-Zs3kC#j)UDfg@vJ5um5aVFxo`0`cyN|g?C%XSa>aT*MR2xE78$j)sBc66 z8BA?(#8FfbMT9tDQfsE`S#*VL1%2zj@4ERd^RreeMnFA;wEE2+oUQ24P{9D;7oT0$ zttU_MYc4Ug`2hIEdjm`e#5>sKbI=6^^MfE#ZJ*^)gxHaPYlU<5=eZfuhu|B7$1jx- zzquVJya7C=ghFWDMLF99SxU&~?7A)Fi*KkBku(LzNr2Y5HEG{3|I2s%$s>>hWiSSS@ zVN%&x{uR=8l!{>N?jRt`y6JQ3C|i&J^V{7UB{hrss|A@7{Z9|ZQi>Xr7U$9pnE?k8 zRPY#k$bEgcZO`Dn=484T{m6cp(lIHm=9jaqU9hKC82?cuT_*8A|E|Mg%qeKeCNj17 zBex2D^ObCXQQVp5etGvV#DSA}y13cLp#mD*SjbX9^U1(+125hUWkN|RT9};Ls-ka9 z2mt<0Onw%z_sUNm)x?4mSbKIrM5;poi2;Ntz?*@EDIl`t6;vaSwTADWvFzRNcPm_A}Sj)CG3;AkMN1w0FO0s7TZj&mGSyQGKSt>Nz*3 z{ko8=Lb)*brw)2yxI&!N^h}Qg_3Dpz0|QK-B}=VOsYi$-gDp$7?ye|Em>5~h{1hj- zSITl`cPUxRit@YXe{`6Ko!=Jq{kFs>6LFDL8zT`cr5zz_=}|DVIpDss<_+;C8JX6e znOHz$_%sQd0A|T0J#DNk4)@0|l2D{dOnbn3p}6U@L=l!n*}5}ce)z+!MR7DpUdnWz z52;D>%db_s8c9PP?r&T1=!jdjd`|!*!IJwKtt`CQQ>MB_KMTm4L#r##Q+K9x_arbRHIAOpxV;Kz;CP1?YJ70W5}B29Q(EnWU|%Z@Nfx_ zh`MlXneA<6JflX=$0nCw%eCW_U)h5rzIjRLmY~E6TeSoN`BhZsHI*mfv_Fp_AVlE> zLqS{BT>RA4CcH#@m+dYz!GTKR2@vGrt8hB}hF|t5jSAL_du?Okp?_GL6w506oenz?ZAy2t5Yuch=WuG|c<7|O- zx?-RAkb)zTcb^J9SG_Y=kY$I3yy^~IL^?jQ#yce5#*oLe9dOlrqqZ_XksYM8Jq*jO}!J+7fGAL}n z;NVnd3@%bM!4vdvVJZ~dg z{e|f)X6Wf3u?M$g1Ne3?(B5E%#{j!1gDkJ2vdZk3b2?#r1wh|J@ZH+=)%$t}ZgQKy zq}bl{*px$3j(2l-r#P=1etucqu|ltmMCj)JV|P(4Wn;oFupo!^x_(mS>B~DPxz9D~ zi_-jQ{0z8Lu>K-SNA1ZeqRPe7h67(;?aWmgh1Xi2FR=j)HOs1w5aI0k7#thtIdjv` zMq7oP$;uxXT6Klx`4atb8OQ0;6$z4dOHWMJ)Yws+`>n~JU)w+}r*(pYZ%(1qM#ic}=TW*7#GsgAlpkt+QW^wOUO72%T7E z$?%J@{b~=o_!^{kRf?CTl1MGOnCa@6<2|JjLuk-NC|!#z)|NPmc)9}@H% z{?-PNqSh5bvrya8@q0)NUTS2BIf9)-)kfI>F!VYVmwM7I&67CFg-NLm0nZq#sUu*y zcR+f&+vE5?QfoH58*N_BfX5)AE9+NR?iiX=zVG`&*@!7ze5xQQ5 zD^M-MN0M&u$10rMvws>9?+&ER-EP0!IXHTM1V4nKYx*x)EhbgV;7^f z@m`YBX8}9-AR>omX$OcTkIQ{O-;#_#HPqI==-*w(8<%VmDHCub8JE&uM!C(rJ)z20 z@D(tAsNl~}I-0Mf3|4|2ukTQQvl~5%Twk38E9Q$^Iq_i}HGF}|eW=gzm@<51{xpOb%b1M+T|J1>Z(B<(Q$eY0mzLPE~9 zZYOR6a|_xXor6>QHortS8as!FyY-3l33UI4D=rmD;?8Q&MqlC#>k6PH4vOV)U$r`#uiFXSO*o3GhqTKkN1{ zvK!AXW?X(4#k;=>$PI12_S+BN1;R5CAEOrti`c7z?=lwz$^07#g zbuBXn4!wUN^@i53P65iOgYrm1Akk8j-X(nWf{1=!B{OPsrOy^4N0r-0Shtfb{N?FUs39U0cY; zM*goMQT zJ8}cyb9K=IlN;!{%LG1y5(B2UtiyBLmyPT%f78rezp61!cPN2J`_gah6<>RQe%k33 zX%*|vk{81sj&!r=+1Y&PgyRSlN8ae3GnsEUdyo)U`f-1Hz5emb^T3PCu37u+es=0x zp`-jSg)v7zOn~yoYJ73v% zf30EdTo{3E^KvBvPR@emT{_(MaN5HDIh-Z9frG_W#_rYiVnNH#GW$Qb!ieR}So z+&J{_WwjSkRx`j+^i};_f<`nIPkemi1=wTfq?834WmThcI8`#NfbMknxHGyRT|fO> zEkl-JW{KnDg!bMJ9MC4&eDxeF8O2~cvI=TX4aB8N#5EYv z6QAgqS)iJYnuS}3&LATDdj%=cfIBb(VG8yp_tu#GTT~Y}TT8$r-z2~7_tDh6NXqOB z0IF@o#swHkGsN|iO6h(@<;e01{h~7O-(15AE&hJf*)zGEg=U177qnGCr_mv6g;DwO zuRCw#nK1#OCC>oon|vdt>ktBb{xZkQqrFy{=ahR}VMLlz!Y=a{pqM z(0sf>)71PDbNT`aEZ!gdAIEzyO0P%@)U*K2rxdP(2k!+aB#tSGo10w5Kx-RV@&#Qj z51Mb!pZ5ZS-#@ALA-lI@DY5cGudfo=Ys1Jys>QbEzpxq%A0pImW=H{(_%1X}`89rC9 zQs%$=j>gm8RNA&C#{V??P8YNOZyJdI&pMI+KimkNj)mTOpW&bGsX!c^1b5c=`tPO1 zBLB2^<#Yb8=I1>JXVrh2wHv%|_*MShukFPZ`iows*GBHql5w{*IEdnXclq{cxkbBr zxw%>3TVi5YUtfNnniW?f%SSO|V``Jp40Ko5E5xC}Er)}}23*^=2kznF;S6PTZ5kmV z^6~NUB!1UJmER`r?r(B(a$=H_kO3DH78Z8eoj|||gBKt_DxA)3aN;9_c6>83FnW_Z zIQaSbo&GL7|M1~MMQv?xaj|8<-FH<6`-fX+={)7@n;ZX8p8Hg#;%O@I1TP^9A0Hnq zl+4?$5%>GXa&E^z@@}4O$N)>cA6kMqnwjW0n%rANg!OsCcB zO%xe_a8eRscX#*d z-ISWEmxL+**$bfCO9+@+P>bhPPJMlSyrnfzOD{P%a5j1)yRJ_*(0wpSdHqUCm`XlW zA@)U)1!$Gp*nNzTkLUHd=RI6%(l8a7G<(hK_y6Bw_nPRwbyFR8=FVhKQ)F^vFLxV{BE~9&MAdcN;k@s7Ce9a(t#<%jeN8AbIA zqE&+6PA^FI+l&%EAo8>7*AA5kbXIwyz9YNeHIZEfxN>MA5MQXzL= znGR2>P_?46(myQh8KDs!9i51q8*gtkg{@L;P7W+e5UgP(AwE8S%}n07nUbLu>Fc+w5vv@%V&ew z5gT+cA|>H)apSaxYP6U&^cWe7^A|j{&l-6oMMYuCbXyjRoWV-l>f734Lh9`|5I=wZ zY*7DP}wziY61F@n;xa+UROZfJN4kYmEY zz#yZeZw=ZmR6q0g_XpA13nImSe});-UTM@8M*Ej2!`GWqqnriKd`!)eH6A1; zCZ?T?6B83Njn}?23#0Afk^~kO7IZ(^eD2+-U%jf?V=u-uLc2O#64%ruga!!md)!t+2|W@@pR?o=g$RuGp;XY^|FERS1+#g zyt08#Cdh_hRfeFZCVruZbCu@PK}I_#r|t@aE-WG<^K;X(k`lDL%fDSUma`zAvXtm5 z9Jdwc=H^5g;tltv3PU3!OC4Ke^KkC2jzUUHnW=G}{ZLH*!f85U*T=@qjnCS4&jGHL zl$JuDM~C+%Au|hq!t6CNGIIOXif=UbOG&@J4TIbB-Twam_H6NxV-OrvjEtyYf$QDR zXaI7t8FnMzA9rCwzw#LYwZZ{NdFSAupzL>E-fX*_^bnwzr9!7|W@ZNZulGty?eW6yr_``;a2=o--RA2{O-&7fsF!H^ zgAFZ4qZxw8XlR=wzTR8=MT|;MPnlp_3R7X>?twXMdjiYHK>!l%txu1hKp3QBzk`RIuTbk`61Ys6-Z7Iz~sz(-=YK>Q;P) z2#u_IBZ#c7kJlC*YP5cNd3(=;^`2X5a{U0(85IS^5Tg11J+^j@#dGkF^+64Fb&g8S z;ns)C--yweMiJ=5uS3In3@^_{g{#1>ByJEl+-74hdI^pA(xVWNkp39}8QCvGBcpkM zS@Qs>22an%hUqogdGYf`0Px z@$na*WG}!QD}bR^kM}oB!oqFK4ge;tb|>-j&lTKKUaz(mi(V!eI9)}KEPcP|o$=10=`=fBIu%?-rSeo$4# zySqOdod*!DDJ%P>+*1EXmM$29>n7Z7Z+~NyT5hw z0GBo8<kBE> zZAk$y@iUTyhoew+km}{jWE~b$0#;pP$Q*#px!uY9c`#Rm5Oqz>erwyoZ}e7&iw!k< z&{7@n6D%hgze@y+KFCVji3wKY$g~_|e>)mda_kGK2fRe5rW4nz1%n)(%opk~&({M7;|!>C@O zPf1CMxNlK#zu|1X^90OOc1h<@tGK>-5^gII2?=;W+g`*C9IuD78iJT!gdhRt2d%jI z?=pMS-Z(;ltR>?#L3_Mgc`^iRh!x(G#A{ClC1;io)6ri@_V_Qqv-MU0o)kgMg>rIo z68h!K=lJ;N5dD=_Z%7f}Rd|n~)Ba4Pr{1sFDspmifH{cJssU-ADb=oYJ23>g@!HL+ zXqq(7($aG1fuETf9dM%-kBcI;qwn9TzyJ8r+0zr`In`n|PNmc6^b90#Kk%8r=+X9W zswMAG;9&t(Ha0Qg_B@8m9F?-OV_Wup@-ES?!x$MExjv{Gjfsm>DK1eilu%d42c@wt z8n8Lw62Als*U(xA2oIn);J261%Bq`cCfwy5@__}IwU_~8{Rn&EVvX`YLW~eV(msRN zi6CVE{5v5x_a(ROazt7hX+Q@DsKsyIyxAGchP!ImKD)s}hKCeM`m|jwdjj6Rv)sZ@ zqnH*dm&n4!=a$bk-F#T=yHIC4%3OZaP*YW9>Eu1#mpZz=vE;haL!jpc)1n&<2m%$L z6QZJ`7p+i!4jn^<>yhqalPe}b34bLztBDJ>D%+CE*<6sGqQX-tFFTElj4A;n9^N`S zICN$RdZLj>183!wYky(tN%$G%_ritdci*L{JIAucW8>q4CMJ{*R@x{!Iy#{An%ibE zG}HGnnQ>_QtP-STcVFL2dirNnvB+Q^YG&qhr7#17f@%grr$R%K!5-E1+lzg|HxAU2 zQKVsj{J}zMZC9c|N}nIh;{t9A_|iq0>3GgtC}ryG>cS=`j{?aJClb(?&%V^?93Yn6 z9)N^t!Ms0TMGHbdCOth8NUqJTEm4-l0Cq%9PR{egB@&Ht-BKPrK^d`ZEYMqeYhpqJ z3K$|3L7G9ymdPywdluOM%}?WZ#Q;gt34pJ{=iyfC=y{k#MNQ3Hz<*~oH1a1!Y2rF& zW-bfSV}4dt_@$p6JaByQ`Jj&`DKC1k+Efohm`k8%?rZ*Fd` z0D1I1FV6rFuOuE@z;GK*Rqs%Q>C2l>Q2<@A2SnQHcP%=Qf-V7DeUT&~AhiuU1D_qA zoo(pyT;5s?TwK?~z#-~)d`4KjNK8yb>LmmiGsdu$diz968TeW)HL!nk)4030mkN+K zu(}gUHgcd?zc5a@BgaJ-PwaZg1ZrG`F;@9UWm-YU)@%81+Vo z`uGR|ZUG-J8wA7@lsP-s^3~LWQVt|65~wCILtBfZ4|iADN_2Jr)S!a&@bK^®Du zx=~>20T2%A3yKG$`Inco(#R+If%5CZ8iG6SvoB~BB4K>0|MB<)HjFDw(@>s*>-jFlkmmSXfvps;ebHX{!Wk3~W}S2P5MJJc5at*#NvimFcJ< z$f=r{qm7LKPz<4!ij9*qAS49oo9w5!AHL>cK(#`XJsh98i0i}=lx%jV9i@Zi77~cv z<-rF)#sLLD0e7wW;jwn&=62L_1(h8Dn-4F7quv>TQ~*^%Nl6Lf>FKHY;lmmzTXxRQ zL7?qoXlPggreB&GCn+gOe}AS_NB{KXqyuEZ@wgO4M|U@TS1`J`zP^5VR3barZ44cq z*UeVqT!jG~fMO;lCM+y0KOngDLFW$Kvj>n>04Nwh@3jB=g`Ub|`)7s{C#(XDJXC@T zIY_csCX5#W`a z55vEF87oww1+6+zWkA#ch^vxuHb>_wzuU{)+1Zg?nJw2720!EFBB!?`Cvoad7d;>ZVbMfBKW@aFRcem>2+7*?4$DfTZR5AfPnu;Q`hGOd@~* zZmmaqg@>m&EU}a?i76=~Ak`Nd$!j*Zx4R}LevUL;7HxNU3b;)JhKE#JTMO>O(}-bi zPUQBrPcnaUZLKTB&efHNFX^?DS4z$;w#`TH(bLmYeG?OP)19({0uciPN&x|Zl$xcP zEL8@;ef>ctsBdcO8W;%U_W=SJWCqCJ&!EDQl96SrGOX?FKtZu!+QQh_I15N`U0q!} z2M5^bJ~$(^`T2Qi85vQK-fQdYu)T!F97I2V{#-pg#E_DbDzgI50&W+$53oPq>*%1> zXrY7aU=@MMk<;8vs$4j=y2#P1q^b&_OU;r_BF06u|j z=^e|<nt20|P@RMqW-XATRF~n7XIe zD-$`ByGr2UQc`^$LyOJsxWK)Te)ldUQDdk~+o-%eK{uLf_rgQK;~W_$?EB0OJu54c z(Qww0mH5`a;V@K;DkoN-%YXaUpSgr}!{jyr4tGpAfY*SEbf8wot4!Z{JzUIMe|#l| zd?Qzk5o;|}5sW3KCB~At0Yn{?EX@YB*f_o3*A>TBnyow-;@71dA0rHkZux*P=2ir-_xjD~GDN^+$vW zdGqJK5BnLQm4akVOl56dqFsGrN~ZV1PdDFk-{Sri`g28#eTEp5pVN;u<(?C4oQ{r3 zsmZm@TwqLo_(A=;EwJFxn{Osj&*z~BVIGIgzEJ#QcK`Q-F#j|Ad0=!j|39AZ%XnG( ze;>Ko_&+;xV<5Loit9)M?1)k|f`3`P-r@Q9aY<9u3pRB~G=nwnZQ1+d@^!IbPW z#4~C&N8txaLjWRK+Q0hO*`dj}xVXu6=l^*3|9b=YuOmS->-0X4RuhwxAf`b*8=p~g z2c?doefw;@EZsF=Yj6;6Z2tmyyV22sz4!AoY ztM_z!LAB0t|KMqt8Dw$MB1MO{?$ap<@srK_EKLn?D0|U&VyRan|M(!E({ZV*R`#-}x4yMCI^h4G@4Y0X-sZR}QH1vR!qWjZ zj7Gu@3&EnGKw@NM2dp$hb}4nJyF0MBO1=24q$FS2$F?tkWICw8s~t75?|DX7g`+}V z2ne8oKEP*9o#$9w7B!+D!D_!&aB{+PaQq1aaXni04+)_K;RAuNjIf{w_ZJlGL(M&9 zaVZ-c4DgQgW}#CSHP;7|(b!|TwDP{TF%Z8IpO17BkIw-khJssZ9sbMBi?;0gdSn-u zOXq|O^A#8hpK27jl^dksXhJp1hL#q%Wlvv($5t~K9Gt^kN7FXij}P2E+h=Q=2WXM% z0fB+=@CaO9><`JHC{)|7z-(=8_4i9l-CdF`G|GZ>B(Bu&&|YjKU~wY@4yV`?OoxJp zt*k5u9!d|cyVhlN&ygKE(kKo}EVI*}bD0PtPH12dzBXeU$$UcRG-=kcbtfRunEU;E z!@xu`eJDtb(&Kz549WKtD>*ea;Plkt&=quG>KhxUKd4j1QmtJ{Rrzw^gyFrJkFH-) zQHe7!Jnhqq16&zc`PO!1zucq2Rt+z&v<}PG)^vTqe&jE}ew6zt_Fy9^OlTO;F*Co- zS4^+eU(>d8bnL@i@eNVQR}=wlj}uW?ZmUJuWcgq~d{;#~y_1rYb8XumuYa%nncgdN zInosXmRaz{K2OKgRCVNKnLC|CtshXWZr7izRw_{;Y$gY8CE8cE@|lmy0gkA9PJGA2 zNyR@aw|o&364dRS>^6M>87Qw~GD2(Db7Yb1Jx6RZF)~6$JrizamZ7$|7moPT9MZQz zMCuC}UAiv-E^A5@`3+HaHbKRno+a?L?Jp0^OEe$JTNi2w03j01E5ZQ_lEk@f3-K$~ zc*$nAip8XT31f_aaJ?-o>=#~z+8dRsU!fZ&@uk)KR#bJv{$hiQie+PO8oA#X;dp=I zIVB}3WxQu*I}A zt)XcPE}P{qYq#=`AAoxbT6R2zRz5!DR@Q$r>>?K=eRRnWEDllw0&>T_sZ!4}_R65h zt<^W48*mbu2a20pR5cMknzf z=F1S1rN$Y46m%1c8r|-ioJ0j4gXZla2Oh!mwXy6cgTEfD98PRmQ)%0kod6F{e>aV@twWrN!U`#CL>mvah~`hmYk-y$hIygY|gPB$=3( z(z^1*3>XfZ-KxG$n+wpZg_2j%1SmmstwuaoO(2WEE7JneXX$p$R<#UM@(wkq-$YhM zQ4Dx!G>R!!W23|K^F);8Pw0R+LHsCut}&!ADBuAQ#>H_iC$){e(C=Lg?OmMJg;C<_ z84X=~$-a9vzUXTLD512R+?G#y#yS$jMnZ~6{$#SwR#;O@t42*tJ5n-N)NBUzi|=4p3-_}iO~wcPVID;TJ}fVf%Ov&2qydpr3Sr3TpmnOPq(PBupVO6 zIBSRLzunI1Py>7@BCV-j`zsg18=-+VEDa3}U3tOka=B9fzSn&TXxJX<>ZC8NqM)Ky zI`nvIHoJi$cNHQ=*>`o<7L?v1*t}5x9OvKd{fUA%j=F$3{${g1BnAF$0hfi>`FPvv zjwV+qdxa~OkFGn`)%wQqfbY!4QFx;MT`lYC;TlY~2y%@Uf|Qg@=|ykPQV%Ufc}KJ` zS=q%aY`}SwE(S@xDxGm<>@4_aWYl<&E zH(qM>E>_PBZfpE;P$f^Z!4kOrR^>7|3KejTlqm}?JQM`baeOCGrd-%gxY7B-2n}!x z=Y&$3LRD_w@MnEzXu0^EyVPq3Ykh!ser~aAfy>@{zIi)qpSWo!7V-XUo6sce8Y<0lOM1D zRJ)kvUnG#eqN>jFCPuk^e2sOP z2KOrrj~k?FDEkFBd2}dv_rE;-{XZkUfHU^%=>Q$3t>GVI3i}Z?P}RKD(jOcp_qG4D zwFP*&SjICaW-R5rnlgm{I!=C`?iXDM^qui0*P$zj6`*3>+&nr*Mlw7<<|$KhU$S^y zpulIY+%u8;yg^e2r_=VP8s1)%?e0x80?TsecU@-3{>_bhXmqqVm}EOAFPFBmuhlI{ zNhC2ta{D@hqarBq~a zVWD};RylX6>3{YD9Imv50HF7_1u@9?lpfJ&^@Q+dt@`xy|wJ9V<%gX2bZDr6S~G?Yw2{W%Ih04)`P^6NZf55-J*i z$Wvbm9U?sk0}eQSU88Fnu{Je;8yeAw5gWGiG~aYqUr_YqyIO8QQcHwo5Zq&Lfc-W$ z@P&dBmJA-d*jqIFA$%2vlSGsG{AlI`^-TO{=r5VC79C*Z?%==uXviw4uWax;U~3;{ zvvTzD#kyi-YeyT*$-Fu{Ii?(L*-pD^S#&(|JQTdr)eMuUcReDXm|$7|6SL9ot=AaSaj!8&*8q zOtAM?&nLo&$O!wx#d-CCL*QFOAi5cmrj)6-#nRNDfqO7x|9bp~t%h`7|F0Gh`>X1c zKnDc1jiv?PNn^@C%Rmuq>2=!b4imONm}8Ze7x=uLkvdZ%uYCu0ERcqll0*l95~7kH zT+PQKJ2XTYH$;gao?TwP!jN%$>w$-lpJThy%J%xT)wGS8+H=q}B-noX@>H7l7anwj z&W~0oz+NJRo15z++dg)SDKpSLg=@S28jAgLF-uk5sPEDm?4d%0XnxS55(ByAVhq-<+F&;b#yYokV9gvcLJ$H3LY9F+11|t)YfAyCE{&1W*6xG< z`0*oX_~_4$kSz*1S4`>$j(!o5mBmq3{t5$G@gYGKZacBFC;H*yE9_Rm2^#8^2I6QY z!%5FHW_vjkK#Lai5)eU8dZ6cPh7ZECXCW{U&`%5sA7Tp(5gt|8K5;ufKNSNq1Mt$- z&DVqwKu+y9dY#c+h|yZJDQm4CV0bufV9f-&_O^M*jrwkCwJy0Ry#2ruu)T6)fV|+k z5b$|)7uNOsiw@Y5`BELLUIQA?aV&*4Im(5{D=Sf5Inf9|gh(csurDqzJJNsG*{z8& z^hTb&RZw8&whDdUG)lzYiJs|Qi!ZXlRvu2kx>{Pd+)=6L+YyRw6C+JsP*~V8LiRi6 z;oaBr^8DzEWJgCw;EHFJwPNrIkjbZz2IglF2Z6Y{Kc8d)W;!}VKg-td z_`_(|__)kN?-^lE`4e-2Dg)#x(Toe2zjj32Xcy>_riUqPy~ji25_Fc|l7y@gKL?P+ z6-5lA*<^hEiW5Py9bQpkhepJK2fWXXR)poF`kpt$6ad;;+nHBg!;7Q= z>4+QmH;y`9YHDir?i+|1gl~STaSU#p=nMCgcXW*ARF~i(VH~J5mB_R`5kx5}B4hfJ zi;8y8(KC10wvpL#M>n`r45z(8g+oN^-Wp0&DpjQtxOeBpbm^UUG*wbp{{kIa#V1ZD zXJ__LgR1fw0tk(bjbLYzcJYNYxiy(}c;k~*I7b5-co@}rgE<>JS4X8$TNcm*wa-uc z$Ip{MV=sd2cbzCztbT7qG9k|h0no-hV86v@(SQT?&CKt{Qw90#cB@(3S62%aKXE#| zjW@==LYLZV?pXayV0Y~qBCIal0jOE*Td-SQ+trwIgkZWNKtO*l`c8gHC_g8M)W>HdyKB;4 zVuE7X$gBP))sWBa7=jXxvIYXqz+jD#O&{WNI2YCFi=zyoV`2)di^eqh^~G;)fw+xS zLBiWx5DH1DJT@=b>^M5RGW)Vb17cD_Sitk> zEO?)LGTbeKhljs9Q<}!T@iLl5p|+wCy_dqv^b@kAY)D;3?FC3^Yy@QCXbPFVfPKv~(#`l^I0 zPEMYXxLjNtoi>ac;b`YKo`+~)pC=oDl3)yHQR7Vk!s8nyb&alvO#5@@XautHT4*t- zcV&(KAML#fRL*VRE_`)|%$ZB65OLG2fkqS+5~9!~Y1E)ub8eJqpb!m`RGLMD=4hl* z^ISB~^LRDvLU@^vdDza~EkT z=vbofONlO9wm9FBx#L2^x^X#B6xyTq47L5FeeKA}1vMFm( z1`FTEzcWZF5%3m8C)z)5)w|{;80Q{0)Dk?T@{Mg-AuNzc(J5YRmk6F?- z2w-T-X9jsBC4;E;=}XJ1s%tT!S##L$g)?s8#*t!ah|YQQUq?k1l|+Sy(=n^46h=l~ zt#+CjIi{L^n`ZaHja#Z$SM9$^5pdKpvtlJ$!~jX_ZMf|}2kH-jSh#3s-MY{^cU&r* zouljE9*!M%k`>yMdBMN~4CFd75F#Fp%$|JB;UB&W=E6L88T(O8%YDc z%rR;fLuD0*nilvO#wTo7Z-2R6_H-J-wivja8KDQpYv-2pfAJzaw{97Rh=C8K8rzRv zZ8(9da!ynytM~B5MFmc-XV0Gt`P1v!1ywp0=PeaWI#b=tx}^+_O5|_atTka`3cC=& zYyausTaZu1-*VZU-e!OPOtYDGpT2!gS-Z2h>^g`(evXBn?x|JyL$R`})zjU>W3>VlVAzO>@0NOD9AP;Bz^xuYb#u<<9m)I)6|cCEl|| zFfb{2jNcY>w>1!Oqz;<~h)gnIYGN()K9ripH$H2B?|#Ygd23TyxwBmoS-!rm-W8j~ zrke!Zcl3Iai|vpWtk|F5lx~_{^j7ZJ`y}H`srTh$8yVkDSL&!NTO6hsptLPY(pKoJ z?D9%|Ua$=HfE-W#6Z5NTe{Ee|;oaIxzy4Qek@8;!?LU6rzc^r`wGy{K_@>>CPiCF`Cp|5cReYa3**GvT_oE_IzgZg{Pt zth~6F=i!k7GBa*Tzw`F(((a)~kGAny4Cie>&N6D% zebg03K`swR(+^ zms9BJ>-kw1mzCYrq}ndSjWOF9Y+(n&eoEY&t5JeL;5^Hqsp<9=>{9GEn$l^+#T_oI zG`@xk6Z(VuFH>e|YZYvRJd^UqyGx;BURg0_1{oC%UiA8>sDnlaJDya3=lh(~E+_Dg z=~jFGx(U8vT3qxSH=3mHUu@_zR)4*)ka7S1@(GK{TZh^?&`j|28$)oZI5?9XW?E>L zl3sr}lL{-RDGtn*mX`bX7Z!L9s+_-k@qx3mTS@6m zVqzH$Qye8yMRNBOMj@dj*|Uo*SFXIonEkNX%!UrLl!kaeu0X8D3*J80^zH^bmwf2F?r<4wuOGilhcRr2m?+m5Mkf?q4zy2fOq&Y{ej%IciA zUyn73+0#lS8P2})AL^Xl(sb4EH3oNOXV!xH*_a!>wECgJi70CoKRmWJg&R~e{MMK4 z%Sf=T>wCf1Qds(}V<>v4HjWL{oM-MmcCulgI?YVS-)Qmkr7x5_w-;yY>yn-5!LJv_ z&<4e8eP*Z9$=o{B;1ey|pw!Orqj&-To%TeqZd zjeMM$^bI-eFvmmjSh(@+X@o()p@~x&IO(pbWu@V-q_BNZJe1RivZ5QL_iXxnwADFn zPsa7UMg!lR<^{R8d-h4?T^zBmctmZgEn{m;T6DJTmvC{5U-fV?g)_#}wZP}_%s5T7 z`T`F($LrA>4}}Wuoc67_cJpTVRJ@ryDnM89OIImZ$9(Hi)28l|E+=nK)pz@e({9&u z3ev)Pqc7XdHMpB#N6J#NhCd(sT06%E4>rfT;ykg>l1D>)1Tg26x!?^L>C`U49QVUq zijA(bV)e*}k0$YGG%duEndJ7J%~31ap4hT`@`7K@Xmxe9pj{zfXh6HRX**E6T&i&}Cw!lnVz^;6HP$l`=b%QSsq+xJ( zUkgZkoO7EL^vK!HcbbxO?%^)kb(y56%*QCLGV*~50-EluYN_(5sHpSj9@EFy`Ss6Z z;7(NVON+GG-OR5uGij`>tYV%kaQKk%!NQ!}>$o`j`^WEm`SJ&zzFWRbX!!7)V9cP^ zbIw=Ecc*OG{{5Wy5-&IPj-{leVEz=tniFiSVrVNMclq++xv4~H;~}+ApVr8^6bUv1zlQNJDFPXXlTam>mL z#qXC1HT${Rr;pb=-s_M(8?wh_NCnrxDD@!Ge&@$P(0nU-tv_U6TWYss{X zs!s=$-v8&HUC&d3gK6*tXR?Aq2rz_AS2EOq zQk%d1V%-Oman2*V z?ungADC@mq!QuV5Am9wg%}HsRe^}VPWApI|-*}Gaz2^nBP!vCG*k^ z6;VwYzDwDbVo6%N*Uj3Ctoe0F6(?95_xz4>v|u^)ckpA){=aASSMA!EZzjOhe@krd za%GdIduO<7-?>M)tx^r3W53pPxToh_%jsV)UYRQHCicqvuO_?Mm3CGKKtc!}VD~8+ zxp{%#GyLtfH$fT&Ste_|JeJNY3#B3 z>&CcsMIB}@{9fp(mFCt-w->e2pT2TsJEK-}1IMn6b(6F>rM_~Clpy9);K5P&mDs)V{Dvle%B`)N$R$}Pq+dkomio< zse?=y&m#nHL@ow}2dhUEv?tZN>(;Fk->_;{qugiV8Z=0dRSb_=;Y7q3PwiHD7aO~R z!pOt~B=H$aHfVWHW;rfUDErO^IQ#lCAW{*o9wG~&)TLSTz<01=+cp>Ucwo`)My;W= z*bR$A4+G`YP7x6%NJ8-|&3d@2YjkQVpC~1vzKSWEA@m0(Z1<&ie}*UxighOnWvC_N z5k#<xf#zoo#Tm>Cn8%-k$*m`4Wmkf}YwPZI-Fi^zDCf4EqM|jJ>CjNNFfeG9 z1{_f>4zeFxrR*9M#D;^~xn(t^c3$i)HqvI!as?p>}TN@?#+ym=Y2L=?} zt6Xfo>VboFlnqdlEyQ#ezod=0*bwamYg1T><9moIcZl0=*|>3IU6PT?G|yq&?GkO> z*6V?j)S&PL?(s$4ppRw|7yHdB9-f-QA8uX>J4E*F_!RSQehN{j6KU~Ze?euVg-z(p z&JFK#bETEk)JhN$O4P(!?(s7-w>dVfBqo8V*jSzR0xw-i^|jpjl&)O)y6g{{qT=Ek zM8#gbiq*@CiF4&F~eeBEi5lTEh3YsFXgXZ%yrqHw3Lk4yQnt90N2hxT!+pmjS z^lV@jyUm+s(Yxs&7ne5CU#euJhFU8VY2CKl=OENJ&X?Uiq+$kB^VyO!StuwG0@? zkOv0RGf&B-`OUBp$SFjAmp<}k4an4{VW@+7d3le*rU4l<4F#KY zTdCeq{YN_J1&KFJSqCyy=m2wk6eQfxeq>_@AW~6ivMASJxj_-wcMINy`RS~sU#dH> z9(0Q;Phu4h_g(o#7GCg5a+y0aE$c zd5Bs)u-L2_y~4w>IUN2z@DbDJFI_=0do!SAg-TTtPazQz!=YzRuahO&g6E%%y;zdM z(bX>OU}N)wI#vs|Ld^a*;PG$Nw1NIPnma|cG!NQ07wZ-q*P$7QWqOVDV2U*L^xmCs z4(uf+aa&h2{pHx|jNsr44i1L)?GLTBy}iAKB_;Pk_hJ*k_5IP;_i*`|ZP~4@Y@VK; z24y??uwLM;A(~)xZxGBldFuUc0DbqM0n8W(AqbP1kjK9e z(BDMaxoZ~lWE=p{dXR_Us@H1V)YD*fVl8H2*mYDE?Gc6BE(Ua8)+6f-dr|MO^9BT})dbM#Ftb zP;pXOfXmOISr{c$Z|IoW+W-~ob1~;EmTuC^%bz*7*GE54`di0`vl+c%A8(7P`}-Op zs1NVS_RjIn(eem07Z;Z%kJVgQy@@YhU%7hKDl&rulNkDd`R$C1=l+;|&}%4(2O7Uv zYFd>fUoQi;vCT48*sT^o*WNQM_o7F1J=h|C zXOr?#TCZP&*auduhus8(_-z?Y#Vo%0F{!4#^!WaY-A-f+dCSKIrCOpK6_3kY{{;zh ziYNUIHG4(=EyAoB94=LgxOfOcQ-l;ufeIEWV_yifP zgoK!U`8KcKaJYp&%}GM`_kqarln>UrXqz1YHca5wy>9qsv~$=s6eNUuys?qb;}(}W z8e9iUJ?CI1)S6pXRwrSv(ZtTy)1wEIC#%O-P*!5BUQ`A~#s?@+lX_vS`-7qA>JJ{9dEp)RJjzSj?TvBj7n($wR_Y!sOCnhG)DtcifAy|!^!mn}$(a+s;`|l+u6N-q20vp@N z)Rc?#?qfiE04{g?`V2T#KW!lUnUEoV)lniYu7+GHwglD^!PDn7940S82!E8@m;Jzj z)zA`Sd)9EA)%K4M4-GZ#*N4O(jh4-RC$8^i!LI2}oyiSRq z5cP9K=xNi5p7YYu($|2#nzP!lSOk0n9UfWM3_HE5NG+xYIh1}2y%19*ckneZ`Z%7Y`3|IX2DxIM2}S_(dT^hgU@G=Mb})R#whUV{%k zIyKeLgH7_4QDc$^45HfFdpECK#(C(F50^@kd&vvFyPe(LAA!9;@M-102a1LJb+ena zA!wMlllS?Br04_DB#c?*P?ot*dMa7(LTvv0|afxCx ztEw&nfx;e7@S0Ie`b*>jcnAszVBX4~1QR&^QbIyPbqDOk1f$}+9KJ={DM}Z2oPG@O z|NAonF6M&X5G1e+RNq%(?>p(v_!&U9DxVeKggN``+Y5gZ|7LPaVMy@Dg*KQ!&g|I~ z4+mD*#RK)V8cro<=H@DsUP*JPYS-{)hR8pN20gS-84rqBjffAs;MdZWl8VYWK9SA! zf4zFe3K8~S>FHwR#sDZl!+so&BG@)pxJeULUXCk$4v4IXh=``TT!;|idHGUazTxz9 z&SUVBQm(t%1&=whJJ@WKC31CLf zk<{kAhg&HW7}L{X3w{9uB8(f5wbN2=_eF%i$K21@&>u!_m$lpfLNlfbTr@)+&f2(R z$6CsZBjy}{Qup9XY07k9Mk^*OD|;09p1AA}9y~bEkho?zeSAI2-bja!!cTb33&1>I z%~QX4@gDHM7EC(?17dUn7yOLtQo(Muu#XGZaIK(G;)9dU+Qa`ExO^pdgBiZO0Dx zfdNC+Pq%0gwou@`_w*-y5a+71KnhF%bT#|KfRJ(NnV~AnfeV-x_FJIyGcWmsD_h4|lgpru8B)7B@z&u=hg4ku64VQv2H=zb<9QWsWT=-5@6#D)TbTYD}fRkV>F zHDV(D|9c2n{PGYTwh+=?TcqPCaGAcKKPAQ+cV^-BN83F(u}j|v;FVaM(JBs-WMkk~ zZ8LuSz}-EU*oMYBSRFxmiHUWj@zFgU2Gt$iQOAZB_yd3flNOE5IS?>$so?+Cf&1N?=t>d@!AbWmpg zD>N)vz45p#PfbCSyLaJp0L^Qfns?B*9hZ@zi;ay%F*yN)7x+t0R`JzNPEOzkui>#g z3`dW@WeHAzSn#m_4X^{8}G!7C7+koN2N<7TY`*FfXU($-+qzPnlxbu;Y4P&~wxw)9It=qPJ!6D;O35?A82VNY$ zIQtyq3PO2mX|?MFVe^NHZp zuj7Y!4xT=!TJ@3_u?1c{;GpMl7tumD>Al%In^Nx@+`Pr~~6|naU+kKeS@Sil;{Z$eh>n&5(ro8VPe<3}23%gC* z0hb8B<#hZ_{_qzeLB2bW#;+}#H?PDqM*!3n0I0s69`Ijm9CNdl)|KSDyE=9Sr~Ovw zJ@_Zp7V^ZI*Wqix4t7%$ax6`pA z^bPMjNLaw=E~EV!cRqxzs5REnO6V?pwVsFvcXh;%*Lk`Lbc_c_NA&jc{yI$7(_Th@ zbC0R(|1B?RNlp8B>A+T;W*Y$Bzzd)+(RlsMU!pC+zY?@_f z??<>roYcNyw%t+wRQ~AGEoUai`+u(dElZRES(t9y&Y^Q=olBsHN4|FPy+4+DPUj2- z(O>v|AQfvYsEL{{Ro4T7#}vI}^w+bWrD`6)*c1Yx1^;n;iQW)U!Cu+@gmPEr(2r7oOCtRr4Ziu6|Pdd;f!#rs~{0n)zn6d50ycB5F8u39$6WmNy~`p9@B6o*_Z`B8#}vL&<16Y;3zitXW29+6@|g|^AgHW&;UfjNirYAX+>>`| zo*+$kBS;9C*4Wti)2$z0q?SaV#9mTUTSvjoBs%cF?dwP z1Y_(PIyyT1nUu5(5nE7eP9T`$%aQh>hE}<>!f+{*+FK&Hh)Uz`~TuMP=o7FclQ% zOHoQc8WL|3;^9n7@dr3WEG$Tq@nfy*g*9)d9n?3g2CW5*#71Z9pI zDcjD?#s|#tr76YyM^~2%EUDK~Um>(vMuAIRbFAa*R0Rm;ez4*;;e48 zdIl3H9tap*P}sqU;uDod!Hl$3D{Gvvu(0rN9QG5u>1Py&jn0+_6gdKWjIF+2RV0N9 z$rl){IQ@jVmJ~=p{*>M|+c=%$Rvj-A*tFGikCPX5g* ze)(7E))v;^+xr>cfz%Ll`I5dC)D+-I>F9~-O?y& z2k~{v%jY@M(Bcj_gLH<2hW*HqEB%(IY(4)oP?`u$!Mu6_CKGBD2LlXCG?x_VlPAC6 zJD@C#jI)e>UlKN4l9AETV_-k={P{V=er=8bf+QOgl#s6+=k%fPN~sn@Ic3V@!Qc%jjFzn+C|Tg?b)P>uExmI)X-IhkV|%hiIp`U>~VNR`T*G$QdE{h<%)@hCU#v=&n4W6tr}VAIsogw zmzO(Z9B>`)3B5KCsCPjF|B3Zz(Pi}X_G2!S%_xPu9&8U7EMmY>&^(g}esG3Lh1zc; zS`)GlBBSe9i;OwOy^9BoE;-pX#wGpQ_=ai;_LH@gnC;k1nq~NLn&g+`4&Ck!v~J)W z?+p*amHL7$6|-AHTA#mqwZT}FIK1)XfQK^0Hm*|%zc0x}2oSMc4a+51vx2eCqETdI zy>?n!yqZV|ioYRNOqgKc_UiB7e>g5qR4SZTR;EKofQ@h$AK%8w$w`t=u#t)BA$j`H z6&Z0C;CC3WtieshmN(FtOn)l$L$l>ETi^c-lSxPUpOA${S%bgVA^m@jB22t^_3CP< zJ9~Qdr_6#PBM*=V6+2$YY=3|Mc|}E9A1l^ub+Cf?D?EGQm4kAj7d*5KF2KF+;IN>h z#c|WX0ITI{-W%g1*!zAlhMn>iRNj1Ix`)!Er@ueh57YORNOx1p5x^V+id10O@5T#8 zMp=RNWcU4F6NX*KCI=gpqh?{rR2s+DVEN)TIP3`dor(H!hv;q`5_Dph2%?t=YV9+( zEP~QK!qWe(HT0nG_1m|G%6ny92#*c9TbTTjpRfPk8qgjx&B|HfULQbqAe9r(ST$M4DK zhJRrXS^M`?JXRQP`OUB}<$_=DKlaYHZBIqvyXj01X{;^# zyPj;f&-{Avgz;>-xA9ND=R9Z+R;;ONYbY^vpW0Dh8T{)F#jIEx`JTAgOFR`66lYmM z&ZJPQH(vht09dv*_`ieEe;in%v6FQYiGF*!MK!~8Gk=O|2!9v{2LQ3VvuXS55Gfn- zS$oH26@Z<`z@VB9cd`%ENAL>rRljpT!<`c+_mx~DaHeWI;10)8^vVJ-VyK+!9`X78 z$N2A`++Ut^&K`BFTNpp~H-~C_$2d!f)2B$&;QAZOBb&80d+<0(dZH$s)6i(G)D%!u zRc-3OzMEd-*KGLLi9A+!S;3eT3{5_IQ=kFyZBlA#EC}MEL-Yw!GJqce?x4tEr0^nY z15pRz%_7(>z_-7)Y{b6-335}I)GEBOVk$8(f|SZRRu%Q*4G77j1Hnj{G>P7EMAH53Tb$W}&0I zpFlbgm0fjtfl&MSztK;W4`)R={Ws#P$6s6WlBmIQ@CVf>{y;Y`zI$nM^`RCJ`D_4n5gXDyWi!Ce8eWf-Pov(LuykTc!= z(I6~)P<)z;@^=xWtip)GjOVNgPBmVCrQejQ|k^ST_ zfC!f8;NUw(&8g2+WaK;J5J`zEO)d~NDIKg5a`f05a4DSTN9jOavqi$-47B4>b1= z4cE}J;JDy{>Bue&zcD^$6tUQktTQrgqc}rBjfIU56m>y_DOw?`%RxvqLUzP*G}=Td z0RDjgJ>|f0-gsn@y&NDMq+KgM&(17CoD?) z+7rGIDC9M-U85*gF4?75Aw-t=%a9872CoCmo-@P#5BW?iD}Ij_{n*Y8+1c3?^oNA+ zrI2_k97rHjP{U@hB;-So(RuH}fg|IJ5Vz29RmJ9@)yHTe>5@2Bz{=IDVb7xhb&Wu| zb(Fdk^L->^77tAbI**m~^utNo?9wXu$rt?Et8s)RevIT<;ZYoV-}HzlbLHmEo6#+i zh-#dziFpg*e@1`iVeo@U7E<#OnDMDso;nL93i6mXL2N^M%aq=}DJ`xO($XYI3w;)& zq@x&AC~GJqBO}?3CRrYE5t1KAnp?@Yty{M2JaS|^B6GLF*FkQg7Fs<@`47IB&P;w@ z-d{sXFaTH}AXt{;j)CfS5%uo|5doO8Q$Sz~U{{l4NW?rsgFk6!KP)}5c)r>zTy4`cN-*rWMt$g zr)iDjMi@=rMWrA5@CB;}*$CTlC)29aF;ps9q+{Cbmn3u)#09i=?8x3Di?AkE?GXT^ zYKCoMbDjV7Z-s?=Q%4jJ?N9$xGfk3}qPi(8)*Y!(M|bKa?J#ol@F41CEI17`!Tw4=bP~3qGfka1LZxbBj7< zgqux^c~|v*vcm`o2|>`_9q&N3GDNaARzEL4zwK*nC5D`k$lv4xnG<2ZKsbmSW?v+P zlf)`Ql{5;-_UlBE?+(yg%lQ@K)}Q$rO&N9!7!xU~Wc_>UrI^y6zX%|u=AL{QTYtyf|M^${NuGO zB3lq0N2cvauTSd_`!fvEOXC1plig^@Bmo!?55$UArzLUJWRe{TZVVrX z+MHN~_#p5s(BnNEQmwz9GhshO)RwHNmJYp;1Y> z0UR0Th{(rWp3evl`H8>(nkTYvM@0493aY)45mOhs1(y+Ki0|w)4r-dK{ajL zTP?lPJu@UCmKa7XCxVgK` z9$_a1Kxhk24)>7g(gAt91(bKKy4^ZtyftM(FmMer0U}{T?{n_brTg%}9)n&M*qXw7 zvxbu-U!qPy(^|5rm@2nt6T#_7qlV2Q8yElv>LZEcj$>cwzFId@ z#)?AO;UXt}?4m)7hSS1UT!gg})5x)$t9rl6}M{b+FZ2E@p$?v*#PUN;GRhsr$N~U1gf@s2)9tm58v3u z&AlEt4Ii2Cv?0sfdKHQm<|#;0UB$w}0=WQa-Yw{InBsD#$R`h=-Xk=H2wM=@KK|I( z`LU}E2u^%Z1Bv2A9V217D4&UGJhV)k&qBI~$*$JVT(=hz4z~VAXr>7Mz@~?iKGPH8 z1>%UbRMBc_a29Wkz_^7JCP-O60W#6@_@lBC7y@(eGE6LHAgE5!pH5zYMw7s9NXKrY zdDTQv)zLI9zc4bq26=oPd)igC&u;ik2J8$Y-wwvA93_+?g5#HyL{aDxtm^rb zEnOE;4EeCi0W7XVme({#T488ESl^Yn{$(6(a~tUR3JJLxkGy!`c~DTRVVj8^XblL6 zO$v77CAu3VHYLT?zjnf&zNq2S5dapi_fz0J?~U^sq1&{Gc9-!f9;42JJAS zRNl@uvl~qg1=Od`Vz*pNz>=b<36MGwOS|)-H@E`zrIx$pth0f9#Ki+v!!6=UDk_Zw z=0-KaA`ncISZN4K8MR3BVbqY&d*}Mzw+EY?#$oc)_otR8!IY?U{(P{h9UxA<=?ydw zoDve5m+S)Tb(3WdJTqH3uhxhSgTT>C%E})>kgRY<@95#L+=#+~v`&9&NfI<2k36;? z3R4_CRI@m$80eZ&Y^2{%TT@$m2wec?oXvi6B;UT#rwA?1%l#l!Tz z^(Se%*^5tr%=a39e5AJQC0%j4SnIfWYbg`|4cYJ-M3-J3{ZKkYOT*O zo~*3zrr>mINF*ls1^uc+%XwZV zQ`p)vG7Fmi%$4UJ9&C4t>YI8n06DMcyEvZIH!CSehkrKLQz%>TiLZZuX^dq5U}7Y% zKu<%t7L`zM5^XaY>cYk6$sIqQ)><7^Kt~x-O03^lAJ>{M$(tE|Noh*XNWPm*X*K0& zx1p7EW{9ttAeP*f43R85d(-udR9$iLEfnXNQYAZu8?6lu=^tz@73gWni&vk-2S=#M zNdG}OhYuR2oQrOh6t%-xFvYqwKrCrwR3Ps1_XwjE6T?B``R=8fn>pSpur;rtl*56u zdl*+kfyY6pz^S8dZI9$@#YTZRz0&A<$)XJNu8s$DbKI=EC=`>ojqGFb_r1D93Rr!f zjfs=RR(r5xk;n>i&1m2Tjg<~2?_$t<1CnqN>VZ)osyaarf& zR~q)5hBC3jnAhGz_mvF??sA;JQ~q|{j=$D$*9|N{CUyXlC|fjNPjLIVF+V8+x(UK9 zmgi3E4f7{!)_7_(_)yJ~=uD+P8m%kow?}mbtwEGsL9Ep_ro9w#IqA%ksB7QnFQ8x> zp;34Swx$*v(O0hICU3I3xVX6dRl!lFa+%rpxKBE@!p|Bgc(bMhn{p}Yv-wa;_tZ!s zrH4zp!~a%qsIN|$_;fLz8Gg&YDwLiBa{SgqO#@ge+YjHm<|#V#NeuKyT%#3gPcLRp z04o<@2*byn=%O@5#KyLC@b|0&fra0e!c%g{xam{$VynWPtMS)Qgq?ZmjS8THQ%J!l zo-`)g02hq^pm#b9jt1g&Eq+K2UNK2f)MTZ%T}{wC&z&_t2DXp~y>2m9yrP;~Ai0>Z znpl*=RsjZ#Q-;N|YK4ZQMDJUl3o0u9;DWor$CTmxD_Dd5udWdPkx+TI2&wt}`W0_g z9VV-fKr83HM>o(?X&bld3$lg4i}{jI>tt-&P-;R_k`8djc5z#aS1?DYntk0nTPP#p z-MToHEN;(1G1T8}#;#5s8=Z?IPtTsOzz{D~j8pcKL&CK%!_~Xt%3>u8^Y757c2D5v zPUWn*>i(f6Ccf*^td283#O8WJ>Y-s6PbqWYMv5^=(;^PvV+x1coM}IR9@oXK-p+gN zDD_evuF}*}5*o_UY| ziT%NTc5KQhliECNJaHJ)NoCNVahSRuk#b#Mf0oc{i925tN3ZoY&2F&NTpBaI{W)H@JcnD0V;0m+vIu!IZ*p<~! z&AM3-Vz8d~ONt8Of()v+jsdycPe@4U_)N!k#v8Etwoj4w4Kz$F941M@Q88COasUjM zur19LG&xcSkKnR`89seO!{Q^|0X~4z zH^{?vhmQ3HK(scNNg13DWmmuVDfo}i|>tihFR9uZ8d=6Gb8>OKLPvOUQ zPth(&WzKjP`w1SzK3)cI6&gQkN0WJ3$u8F&6+YoKM;YEh4=UG)$m*Fep;zM5!BuPm zv3mY%c$Rd+<|lO(h4s#Tx02`KDZ5mw=4+mH`=qaDTn?YV-v>~_=vF2yi${srQ)g>wCq2ZcV=jX)Qc~~9N$(G6QNKdc)BPv#rgW~P5=Fiily{aOiXVts)*q;A*zQUPiEEoz4_nwS~*Uq*-p+- zC@qmmeFvWapoxnwLxHQ%(Qw<5-khXz9g?f``-auZyJ;vrO#ghv|FhriUgsfC{w057 z&ALsf(og?cs{gBgr>|%D>qzR!Gqa5HI)Hq6@n88xR!YlS z?#&VMh426Em-xt%=Fi^YuUa;>Qz&g*H$KKn56ur*8%3B>DCP1($v+mmdqe%L_nPg) zJB=iL%t<@>X&<%&v;VW*}y50ZZtMR|M8kfYyDU@qPGyZPMowf90-z#%^ z&JQoOy;Bt)pIAShUn4&l{C$FToGILB)B)R1-M56v35u<39>?>HrMqc2TJN@08fo=% zbxFS8zoyHoWa%>Yw7PGG2f|unr^I{2k90=KOi%EpHcvbn?)&h-Lg9b6dA~m|3z z^yz6iB8S*SC2_dg;e0s_$uDaUbKP|{uGGwEp03}8Z-*|vnC=R5&GfVJs1!LfEpB=~ zIk1*l-#+*VL%>vsJM;Yg9gDBb&1T+x9M34y35^+CV*Qb6C4X~0o2Av_SoR}PL%T8s z$7k`DiXUgPmg+PYThFF)d~_7cTIfGwE#cQLF_Ks{Jkz;D?C0s1_Qlm##%9dryiEd3 z70H$4br||&vQJK8EOUI^e@V6JQn)&4j#;Xzl(hSn`;3(jw07Rj$$X*JN~OOtSM_K% z`&e31+@UUq;cw*|Ew6k`-5a#jAmhD9*s;4?-{^|3Vp(9Frc)4=s`cT6jipZOsO;Ru ziyguBOM!P?g6bt$G74;(Z5^3E;`lk(s4>xo>Vcw8*2lU8&lVvbnrq3CYBJX5;FTCB z++8Yj;gaG@-5}dPy-MvqI5;+@Doc$QZ;maC+{&E!<#wyl8nc$KO97Q-l0x(uw@!44 zIq0vSFCR+jardui_`uzNwYIa$+_Th4Y^h{QzoEpZv7pu;E8+FshRkZD-4;eZyZHf! z@ya1`SI}blv)OKNm2u{C%L}?fwRyVflv{jFC)2_|L@HcWspYk}hTT0RRpy=76JFdemndxCk2dJ!KBEn~vY%-Th>=eI;?+%)u50>+eDoqn#n5*rO z@@Wa$b7XWv5+98_rohlrpScjk^8Tjr?Y5%9%6esoXgh^l?29)S*)BL0+bOCkrhK=2 z&S}rRrc2^Uh!>l`T+m_OLnbeL^BMdaeQT>OcJ|jg;riU(lf2XuyuMLl`ivBly5Z1< zx6EcsgIQnq>b5jVWLQaN+y_=r?~dB%An7`6Yh^rBI^fPUUV0|Y#%yuQNh54=f`R^Y zV`|cTR@6|LUp3durR?Ex-+f*RV+J?Gsa2IweWm_(@x7q`ohw*j6=hs*Sd?-dw;C&U(1|g zlsVO`(DkL#xNx(Vc%wvCQj&;V%LpTTONQDMYnmc8p*>crwPU+wOmb^u48{4Z{_Wr+ z%1a9@DRaZah4e#`>^>4UM>8FM6x&aHqzhNjKA|JNIJrm8D65Y=M8gZ#-$IsB_DBX; zX=K{Zj@B=g^KBP1yjD6lKrb?2{ax#{dGE{QsoXz}D(Y5+nCD$d)*idESu~wJ1A_(7 zKV*-Y@26)w)!eptWHv{6uiSHPn?HpWmQF18Rn4uZip)I7F#Fj%Ia{$W)1QWx$|2X6 z#P<06Fw4uJ)&*IP#m+^R8Vx7+J@tbNq8&Y6gSF4XQ%`)_w2ET!USpwW{(7%u*Ne?l zr!D2RPY#Rovs*Vw@Ce6#lb{>)J9d}aoqBqxR9hoO(AS}}#@?ZC-IWx3%dq*JcsXx2 zr{T}hYL$KmO~m$k@CbA(n=@F}IcZ-Cs+x*24icIiGqq;28|g8Ww7*s=I_qk)SRc0M zD=x5qdw~PHWLE$8rs=pfpk4wWWll$&5nrk!|EmhLD_)s%_2nP#UZatml_lQ&Vl88x zaF)u5H;Yo!KbXm9I^|`|PG~B>P1IKNCSR`BBqb^Ickh!s zUF6a|y$nr}^ZKr(>*u>9N2mejlLh82g8TN!Jr|DtrYtGWu8}z(a;4?{fm$_tYgeQE z^kKExsIRVXlQb-q;;#DFFHQOHaBPxD=}a@%NM2f?ujeuk%7|X*$6`0Hi`BIrl(RhE zYF*V4>A$brUw3KGz8x0&SnZ`rcj-E`d9)LTn(OhC)%vZ#|QK zAj`4MjVrZ`<>b1rMe7b$PER2XfI`Vu zkv1QHI5Ai&?7-x&Uiv}1YVX-W6Z{+gDsZab<6Ite!t81jh{#fUI7Q{$-BQn(ACnu-tGB*%$!mlSpS|%oZT5pL- zkE>oFKERms2>kl*?`SdI3;O4ydc(&rJpVbo_Z9#Bf6kXA?2Yx$cY?tfum8EX@1(>s zh~IzrRQz4?KL^uA{d*$sYb$AKY1Inr#nQ!G^_up@j&Kvb*wm6jtbcD!BZk)_PQdR; zf_zpayAA25PoJ>E{QUj(t}aduneb92Vnz0sx=f0vu8*mMl>Gy~7ppS#TlX5<9#?UM z%3yh3OuRt+Y;*`eJA@{ZV=Z9YFtSI-e7|X1>2Z97xL*ef3JPDu6?zTHsi<_}#Ep%O zA(RSu&r$E+|7%=ArCgleO#PGD+~)(9r>Ft@Sp6QYH32e+&=42A%{!B*mp)Rf`H8q|#WVt(2KX;kTSHFp*RBl%8+4!>AKmSRv zE}3tzj@z(quKs`vuP;)aPgy4I6DKKYnTEVsyI99!UQ)rykWEuv5Sg)E+tIQfPNB~H zJ)XGQ8y_FI;n8nZ5bCBZ&u-1XFB&?eE4!Gs_%O7NJx5Dcv^DN_Q8<@BYiFW@itKOJ z^0C*$G~`L&+)O6b+wJ;R$7px(xc-_gFtz+hh15=&JMDo$(ZRgb)r8%j zzh@bPD{MP0PWn8x-&2Ub{j`6Xm0T^+lhM%Yx_gv|#N?4qXij*f>MuN-WV9a1s`IiS zNSNGLX5Fqv?qX3_-nBAVLxG5xwkm%pJg*?t^ZVo+Z^Szmzl0w30(4A~PS;?&I;2)jW_p^w- z_c5>%GtEVk1yHcF< z^%S{YN$|K@5m>k%K8-zN$~X+m8)&4eJ$FQ5T=M^=R`zozO(w(As;r@_qBiKZ;xmf|EJ&4x?Z^o=$rY5ij=7x%i>vlvq(sf^#vLyu*PP}VP@ ztjztv!oc|58Ohl3wW;rUhD-(p+KtbFUINwo05p6J$%au$cqs_u#M3v1py>h9jjzYJDC;fWm8uRy%Y?UV+x2J~v z>Gks-hVblYwqcU|0#-tvfJT9d-#ydln0BYM*5U;L)f+dnH>v2$(x+&sXa;0Hq@Pwz zUH@WXPLPc!HRZZOUV4)1HIqp_WW`8=U-yR9^-_(FQ6Wht>V#q}=QUvS?wA!?O% zVqF7@qfrWYOxOa%tXUX2f_^1ABv0h^2ggz~hm@9{PI{^5{lExs-@TN!CHNcS{&IX~ zb^UgTYP-FCS(;S`NAWh{*P0~kLpd&&wE~I?&ek`>#twAE;|iTO|_)--$O!+9|)S_Q;}c)S(HfLDEMj*LT3PV zPqXi!_BPXAHr)p$#YlQvSD}v#8mSzyag@@pFA7#)t=Eo9x|=_8|74E#bTVw~Ry5|w zNQV>;F=^<-)ZC`}zVAP9FWH>vqAYkOx*Lt$?w%i_-77FcqKYVqyi>%&Xr)XMB>px>zDix)&AnEv#D8((K#(E&VS?p)pSo{%95*V=xsJph zx~^4N&MPDD>zmJLuH0!Ty)2xgQ#)hT8oH2n9JE3fsl55sjI+UOy8&GdUr=&Y7U|sDL!~gBi2G;$+qUn@q*3@9dj*_G#+uJOgSGGf-fBwWSk5(O`kv$Z= zMaPhgIf=}aCf9Q2^&{)`(C+$LgDaQWtsd>qxI1YYC@FYxHfcxD#n{;CR zdDWP_H&Qg2jyWT}7(UP2@W#larb2c&7$aDu=J~^@vMkYs(RHdz@(?qVfW5P29mCJ z2U_}Bo?e;vm+)9Fw_Ho450c(yIZCvdZhkiI5LuqC`%G=K{q|b%f@y%4fDCQx7nay{ z9ewpZ79IztI2)n)4k}tm2q#9C$EBN8dEEqW-^~B?i1WSAv@v4)`Jsj?O2}6s3toeO z&8p4|+-SDH>s)ZqCy$pscxHgCygl+b9|SddDqnFt7J4T}fth*)QFKSt#75cfL1S0P zrv?|=UIW7p290+LIx;6tt2dC;-LD^=`J4L3)-Vs}CGWPR%3hRPIz-y7*gAJV^V2$1 z&~hBMTS_@5Oi&y4iin87uv_K8uj6dZ)wrrOQ)3oTew>$ji-el-$xyReu6Sis_Zn@( zUn9Ft4eWOi^K@lQ0$IIQ7c+W1E|)k%wA^oEkyxwOD?=h#^L=oV;*a{C$?k;flZ7iS4m8UOJ8b| zm|0~DI|doal0H&XKD07iCV>ZOnx{QVRKNA`fWxycpm}Gos%~~e-%r`>b7aNqrKMD^ z{rDSPT$$9lghva@PpsFZ(ENBux_2+bE6yA#{FP7WO|Hn11I>D17ynj@J`Yyk{Fda0 zE|F`$p!+1>Zcyuim%8TIgccg^_zg}n$^&Q55m8~PD@%NnC);Un8HqlRpDR4QD@Or^ z+>uUOhHR;4g1@;-mB(!pC#+|@DJi(>Z>h>Hys~s1Lv~yHqO3{@ToOADD0;+!Wd<8I z+&hO3N##-vK0D;K?jHEOR1@Nt`ct-RlgX-Xf?R_>aeT@%%iCVjX?*?x*Rht?CG!bW z{v(GS8Zlf?#pj>cpf(FHlcOz2W@DqVaq zhMQ2un(J6if0;HdVr3Xb6yJs>wxT@{_4se9iJQ8+2l?ASwGg=r%UA_E{r7mB^|;4} z2z2_2-4{QXLX@G%3b6KuWUl0HMpe%12M;7uJ=m=MT9R|eta6~Gedrm0jKejTzqu~A zx(WQ3=QI@19EfmmLMNKswhXy+;;jEWKt+(~0)L1gEl49=pC4PxajmZd$(%Lt5kIeG(85$afeU$cv=yyYFPtK~e;Uq;> z+_BEA3ESTCuhfOfI2nl;ZDhGzpIIH-{~qeS?_yw5?Haoa>(QwyZmRp(rSzid$L^-n zNiWL?yAtji(ccljmbi5ZbNw4a4KH4|W|ddn{FqY0-auxrf10a+*1|NePXopEivhBG z8)nTvVQS5A|7yH0e~&{z=vARX2kzLRVQcd0rQzRB6iR%=vaaytv-ecHXv^b9`&}`=o1C^N^+Toc)8G9G zvF@c^9GAxf6T_BQO5;j@UEYgA^K6H&RQ<&()*Y@;iNB^-v~ShtZscx`Sqc%$qzz(P zv3#08r|E}ix{2?CU;A|<*3_`S#;ad zvKaF8QkSh)#cra1aWkA6s+$l;lb2r_8B<6K<@eO8=Jppf7)Y7>JfTe!Cvvh~suUa+ z(*+d6OGrc}HNlf=N#?PDCtgFfgn8-6*z_c4ny3-8vo;M$kRwSfiyHpSS>Tn0amhUi zb9*m*d#sxJu7PJmZdHM4XSBL&D2zq%|t z9PVoQw1VohpdWtSvm&p*WE@qtZ?LsTHfnjmD|Tr~Zmv%9iIayR63Ttcn#Ix2V5L** zVmxlEAlCQd?TLIn&nIdKI>cC+WihcfMEwG;_%H1Iqchk^Ft4g2X$X(>n)S2WcJuDh zY8Y@F8mTVD(*x?ji>?RgdGPG9Sc5)~-qmS-Aqy>QZt~c`SFbMDmA`3^hUfcQ-**sm zGk@DB%bSsF!L>n^1x`Xhf7&t=h!>QOePJ_U!s9a;M4`>jDKxbgU5Y=uS>=#HN8kfQA4kAP9fLNFZ#trtKdL7%$%fm7c*{de{O0)AZ($T+O58*bqR}qwC z;FXMhO?+YI?|#m1hK{dtFJ!s{HN$eNH6=SLm% z6rt@H5%*Djvo7XnJ1LiT;_g1qOJ>xWx{DlO9vC}6efboprl>@j_4Z_C_gkIuUL8xz zl-Y^S`T>jue=R*7iH--K%AGi5RI~N2kM>plM3bCUuE&Qmp68X<%Nyhf3cY){ArFS~x{!c6RftkMh>vC(v}{q@^Dz=M3#sCsyTCR+^}!_2arP zE=k~C`YU|+HG7coln-@i^BJn&!fcQkf;eY|-^vhHnh=%Qnq>iVdw=tmjD)V4{oF@pdi--*C=yeM!UX>wIko;!dZ?;K=&Nr}< zb@FX)h(kcFTteOcZ6wF);eFwItBpdWvLN3)kQkDSlRe%)8Rs1Ro1mcMu44C{_qzNe z0P%qBDzVmVcQ3Q-fQ`SrNo5U&PO;gT{1`AU5sQUjLB|^~oD}rHPX%(MYa#sm#Bvn#0Cz02Uerri zp+Az<=GLr->cWH%o9pGIA=U=!@9p(~{$Cjn?eNR-YkxELS(m$RIY;V^a4PqwdlI4W z(dMs*%jzNP%42ypezi@cC6&vX+TscLj<(u)im7m7HEZtc$MoH;R4B4w2Rhf?^Gme& z+R{kqP3qUKObGO6CCZD$;))|t<3(7!rFgyl=QlG4z*B(~nclgCk89|=d(+z{HR?A~ zba6BB+L!HFUO{M_Q6`&tK)F7k*>N zwT6iN)a@7wRajLt(epLc7x%0(98cJAr-GeEJvXi|sSF;p(7VbAsZMO<7qg@pjaP1r zI(x;}aeu5zdwKZzitvbnH_bcg{KbyNiqhs27Z4_oC5!aCBA88{EG;d`U4>}9d4rT! zcf}zfAi(_Kho-LgfYG5UNAT~qFTKTUkKZS0)`_4f+FO+^C#b*udTkYyaUORR*VbJ8 zd3k_8g^Wm^;)j}j-)plK^ZjrLl{(Yg)b5&Z2TG*PPwYA();7)EKa$x3i|5dsvC%Ix zS(5Pg9|9bavmHHby0caDvPrM;-OTyU9Up?zo@Am(c6ZzcQu|+WX>XYD2v9&_^Eh`x zkonf{SH){st(7Dwiu+wWpbzcrS&=ewhx1j@hOUpN%Vgvim;N4_`uWo3#cnR9guOn` zOH%t(iC>&LajWfBJ-J%l9lSP%!z3KX7N1i>*>}T(M-MLJK_8l5G3K*8|9D@e`U3@a zKzFI)xN-=tN)d=;ipo);xXr6U_Z~hP$X+m?YhPOcwhmlo!Pu4p6ps3C@w8ReLhRQ* zkzTntmx85<$A7~Vm7^8dHEWd3WU5-G--Fa^yEWdpGqv)U()*)V9QIZVAai|xjqc$7 zGYkNc+26V99aNuhlodfEPVL!|2Y8tT%Worv+D+g`2A?C4#G_yi>AVCKC0wUxQ*J(& z<2{U8#)&E^nyAM>6Civxi0)~(Hjq(bhll;5h;fe%Pk!&twbb#RL+w<1=R0xB zb0lcCmX4CQdvP$G(hXk5#huatY$w2%*lSX$!)up}yQH&QtHMRb`1aFMx-NsYpBJy& zAn&@qw50CO+6I;RIisGR>~%Iq|v+|0zoh` z9A<8{9POJLjoR%wu5TXtoHsSu?6qA#x}#RE75AG|9n|k8OEN1t5tQI9SU*nI*rk)& z4g{J71uOKm0~xDrbX3M_Umor@4Q@*{ZuH3B{G-wf$3{B0-zzNNBm2~VG_h#MX1M|hzdH$Y1f2giBIj6hPo5qGdA8~))$=Vj2)-ua4E}ZEf zjlOrjNu^a6OU<~wFib>}ALNh{F4jdYzIypy6x2ke!zRK8`q!5NQ8HheOLaDixX~st zGBahh9f& zijhG$nmPubvcBEgnhFS=8qMxs6|RVDE1@*P z!ZD_!r~mV3)QjWB7BmqWnt`8jVP8b#7%XiCSl@sV@W|m5S$=5gpOJ=8Zv&Wg|AE;h^+HfyuNGfK`{eMLG!RneIzgCLV>ftcp%0gL7n8JQANdzhaJ z9ti_G*GgphQx-?5ZWq%LB8}wCR%w2#4Zsd{6TX{)}>}*lLfdvQjjo$rO3ES*MSWSYrB{FQFxO?AEIk zoY8#!id6$eUoHxgD*HbG?8qvKa&a+9*jif$DZN!!ev*Z?u#Arb;Qm-1AkBIm=kM_C zi{^oc-xw&8O)6?r%Dh^KmjW|GHM$y7f)-vl>?%`q}L3m2i$dHvxj zULTTDMnP!LbPM>x-YDM_L(uq&PcApTYBMCoHvK(*EOVb8zJxZE$N|3IE|RrXkgDnr|-P4 zS^wYIgLnUjKI6}zpx6Jg8in%Si~g6{_%kOb=Rd|J*Z+=j`9Hn0|4Rq-fAd8BE;aS1 z`^!ng>*zgZW@b(+3EvFIOU?YlqGMvj)YS=Z+_=GilaIknr_f!1)YnjupZMF$xP3BAXatBj1ymNdGFVBWCJ)rFIMw&GiN_bYBC0~wje zh@)qIe?pvnW5ZP4bypyY#jL%;X4$xSL#HKxUcWO!In!vczM%ok!+=?CsWb0@0OVg5 z)3vUri{XRHLwzZt?C>xt{T`Qx3h(&%=9tFK|1%37h9V_|7&sGVagY`g9{4t8>S+Za5{Kin2Rw@-RJt{Q$2 z^CA6RwM8T1iSb0m86v-3dpzZGOw~CNkVwuiBvfRxEP-UdJtaO}>()^s_yh+hI5gA~ z+)dxarzIEF)m(e~`&O2gzro8@jhvg)E-Wf4C@pOs8>{SOij@$8b@NS}nVI>Rkzo{h zT3A?^pP&D`yZb??h@Ae^#f7W2jSU>mlG)9iLVll^n7FY8vD0s*q%e>?Jw3UOMs%{3 zio61O&Q=1#A)wk5_`VruRhBJoZ}*%Xu2aSwwGesCEH2vhtXbzxoYk^6PqMM_UhI5H zXu59n!7Mfz4*2_5O3)uqE^9qQytlU(eA&r=7r<>BGebVhXdoTPb`b=Oy%1qB8C{QOUc5QSS>`a2OXp@V~itE+1Srvpt! zM#d|MAlP2_^G#M;4gw^A;jY)0$JG~m9gR&*1&+Jg8yg!tJ3GJJ&W|=GDlq*8`2+=# z`%}erIwR;0)&@~oSy?&kH{L5MMrd8D*SW{8_NUFy&3(?wqLk#lWTL01U$N!rj^pm| ze)Q7P!J*~PpHC#BVLyU{Z-w0MxrOrJZ-I^wWU3>iv|@pF6F2Hlln2kAGckpP!l=T{ zS07=MRZ30iZ@2#Vfl+EYsvY6J+DD>XY^dd^-g{c4)qou5cBGW6Rwd~7gqqE64GSrn z)gl$rJ^cd(tXjjTTPSE9N`<=jWYZ)TQ^M8jr>5fIYime%2vjpR8liw^6-j272mO-h z;Z=4V1pCW9WOQ_}qD^1#VYarmrd#sVsQ17+@9yt6z%MVyxdcESH5_<*-z61`_z2tb z_U&8Ooj)j8I5^YN1SY|PNeM7^k*!?fJ5}QXZmr`%uMo_EhYO7IjeBTwh%lTTI8**Vm8d)|ri$mRD8T0LC46zxw+1>kgEFy_5OC{Rx{M zxvYz7r~RiarcWV4;MpEyV>d<6>*SY}8I0s>C8wt1wL{`gT6WuQj0C|QBB{G=)6 zu@V!dO54{EG`4F4J`nVY{i|&57i|4$k_Hf5Fix_wk`#!iOb*q@J1`I|TOs?6kw+dL z9xqyJUao8Y^5 zH>DoGnwy)0B|s*Vh|z>KK&<=0fo)%3Uj(ZKAt@;-Tqu5L$5K^I&FA~~1t?~naoo{c zlT|hwBlM+aS zr<$yCFgV_teA9M%)P$q)7iOi7wx zyjO~|1#KN2I@?n<+3Gb>l02thp^Suc65&uQ^TQKbjQ2?A4Hwz1%fp5nLUx75^M0IF zUHO}EE3fvNT5ecIy}gAtGy;wgVm_~(F4k#HZEYF7Q{Oe^!DWz(o>KDi5^3wqhq~O8!ecQ_ zx80ghTAipU(l#(igG8Z(XJ-w8`<8{>Ox+kO5%mcOkVhgRB^5k{g~NWMRAry@GdNgQ zzhb-QIF7-5f=xggOK+;$$u~AOR_4P8TgftUX)J-HUPK(oL*!-g3kbYc&XGTz59AFY z`)0=>p1A~G^Rts&eNVYd*?BjoKD|n=vk0w z3L)5(^5g&^eE$J^5yxIC_okqiyr9x6bE`$aC&cFF=BqM;ZXHzl+IX0B_*eUOSr zeNb#ceD)E68XVVi%Gyo82qsA*>2*ahdpX&0#Llg+XF)L3O&lGq^d^bL!nNMLdlv#g zgTgnFJV&KW-s>SzZVabGZr`Ot*~Pw_1_FG@-$zBoe#7o@Rh@9*vR#vg_LT08bjV(d zJ_IIW&k}nLu>@X^k^$;#hb78|b$Ipa75PV4;sWbKHtPlN1RC)uCh3XEN$fZ9Eah5G zp>9|37*{lEk{RQn8il$(2^$}8+zJ5{gcrwqI3U|zY}Aj|4+U99e-yEpC`7Km;I!38 zVuA#Yy+ZNdR)7o9jtzdj>c~ZAV~7KzN$W3%c{P*-~Mn+*Vv1CB6UQTip za*?$m4l3a^YS3>#_|w$MA76a>xrK3gc1XFeY=ml+p;C4o?~pc~dxwgRZDfa#+zoMg zz4lk6q&Mjx{h-|gp!nU<;RkUaT2ZV{0SlmB;~eVL)!Es(a}27EQqHkxF-Zd;oZ<4j1-B&Brxxf7=q+On4PW#+ z!a~`X&E;bE%7z9b_BHMjo40g!UR)jfFtM_x2?Y|WR@wV!XH&`NstPZ6$Bq{0pv1eM zy@smI6v9kTuLVUz2bw)`+#6Fh(SA6zeF=OhuqR}a zaSK60gj&FUOee~N5Y@rN5kFMK6L3gdTN?yVXrw;urJo;a5BKpisI4R{EJHhrHO|cL z?(PsuLBYW~D=JQTcB_4Ne$`jWQdWLd3tEfgMFJ8;HJr8!c{-4zaxB66$FR1xc4Tz4 zK)(wQQBNKUNIUL#v37)R1FnRcn`i6fkI%XU37Gop*GGt&7_gFx9JZ&bD()S3mRrqx z`}>msjstBsDqO?8qJ8fcGMeVj%pWv7Chul{e0=r1wf(dg&0%>W&|V`L^h7FjYT$mA zUt4sZ(tgDlM1T`pTP9fKc^D0b9gGD0`vXcRG)ixPm%_rrURPfLV0xVbHRu8iF6Qpe zb9Hrf8wDlYNRD!_&cg#5m14OiF(eLR+tT9Qqmq-8t18v*+`04h+qeE=BiR5VUUky% zfVuo(QqmG)-PO%a`2BlLz(W(|R$mqtbRRrp)4cl*kOY%a-)%B7GN_4fEG_Ba0LEgB ztNno0HIRrB+%M070Tu$zd;IwEdtqV76?D~V#~|4J#{>l8&dwY>JUk=g<2C?a0i5KQ zl#q~o&3GxHlDDq^uCA-WOI4>6ssTJe*`Y;5Of+~U?> zV7Dx$BbtWXHHQJ4ncYOFsHg}C3>Q&SQu>a^>`UZv(Q7Fy1K5uD>f|K=@dNHrb#iun zOfrduNr&mhnLl4(l*rYU3lNLB=k;^+XKX(X*N1HuS|5R1%IUDB3y+6nSfZ@%ID4l% zhW!h`@K_GJ`tI(nIREW?deg@#foo`4`#n0ck6=mSJg%IY0|-RlzP*89Nd$uhnLY7i zk20{vprBPJ?yF z!@GB9fO5fX^IcI<(Tj@WgkYhdzRdu7Af=@Z1Rl2ofM*xJM2sLq;3Bp}>ajksrdFFC z?iK*AmiG3k5ZJD}O*kdB53?Aw8}9-HY=YhjV6VBSC(vQqEgY9oe`ioZ;|85k->Y1W zx`5zdOn*G)`r+YWIuE&JNx;tte$~|EX}3Ov`%V{3T|^ZHvlr%Ezmdf`Ce~NVVQo-W zO?a#?c8x1RS^)h@22=(;U}k$eP$VUjt~!u_GYoMt0KnSj=H@F~Qtjj8(GbLVTixzw zt7!ndY)aN;WXo!|MTz7}V#3ar3o<$pKvzQIL0J?vP_6g?q- zye0@h{`c?i%FD|mGGMm;4qq$^+SA_bTU!H3``y--G2wCIn`pVeBo2XQ zWnVna=k17ZeotWo2cnYifE8 znE*FyYiYezR>phsp2?+^dNq_Yk!hY1HUA|1v9ZCBB9SvfvLtGYI$VPs+807^+-o{1m zs;#cBZpbR(uR&vY@1eekkSE`I?rt z>^4cLBWG)RwF-9w;Kl3Y}c~cLkxl#8=ZN(-mjChU0_|3ZovkmW2%et(cyjTASpC{AuNf@{|4k@K;yKh98e3Em6 zuP<|(>-y?0ClH!2p)K=eQ+q!=~^68hYpPO%UbsIruxu9%XysqjY0JV1Rt%C+% za?%$!fBCClCYqyosHlGDYW^N1LYsBx6OZPm+xyz@Q;MFdV!a!n<1aOzOoWSlG`@jW zHy!%V+Z~QGtr)y;v9B2aA72mopNgYD!^6q`TmMaw`Ok|e%~saM;s1FT<-ZU3KfjCe zKfRc~bJ>$>mkuNCm*yYXsDA~Kxp|dTs$@O+=fNG6a?1Eg)oO&VkuCB~_FrQOWb72c zf6rJQza(d|nz$VPbJ!eV`e9gW&-6rn=V{gCIR9}DfAz%xw9UV!)x5}ui^g5pG?d?&- z3<1gmg+%Az?4Or(j5CK+UNH9UXWC^{_T+xNS{TfZ7!YqAZ}QP6Z9OCIl++ z@ks!#pCOxOy}wjr(sr>FZNX+agA^1LgdoL$%|H5Jl37Fh8}D}6ofDXHKR0XGhl>{g zST)XJrJ)IEZGHdZaz7+hf33>q1S5MCZ%|AC~WM!T9 z+Q>j&x%~^479=D(Xkeg1Gyu%=9}@y>4$EB#!W2VZo=RB&0DIih)8lCm1EBr3n`5D% zar}sjGbfJ@4sN(O-A6w+9n6#i*)VDCUyCJv%h-FO=#bXlf?aK?z+hdYEVc)lBFHfa z?Hd6;AXkmcZ8z7}+MyiYaGdqTL8uaNVTdRzsDwP12eP$iYn0kLI+36iNj)wHPJOc1 zLF)u)dS#-55g_PX$*{W4T%(UEU_k(rF(6=LV#?Np4P+_g6#^r>dFvLGYbuS}80jRz z0)+AiE68(wVFM>M>P@_pBox@(+ZzN|oLyc|R2!Gi~`N23O4gj^Az2nIz*t8BWN zXluU%^a$r!O#^X- zsN8b)rp;mw7u97mK0NC45o?Cfo1WO>Cj5R0A)2?+ts0AAP#dyy9Be7{7w3xIwba9ST<-$c00 zY}jldLTAU@l7NX2XaqDWFTKN!(cl7|mYXx1n_a-WeEj?nTyJo)2C+~??kArh!GQiE zh|vw8Bi|A_$1Uo_K_Wz=tvz`W$bIw_z%mvVmgU)j5y0S&fCZ6gYYrakG=JAx>WqYT zEMG;4NXL`w2Kq$&gqM}iu44-Kucv-A7J zgenLKpTXq;TLnSRAe|^^(X$4P8>V5@MQ|gs&dJg7Z;lG9I~XbY-7#&D9=P<{x5L81 zyhKk)Nj+Fu&QDHeR#sX;m&h+IMb?D;SPa7lD*^=n?R1HMpJ^7Ji8Ez*y~6#na<(te z)AJ7G;|%0HDF;WTs`tV1aT*XZs8+M<>!`m0)xQP|+|-m(Z^vXZga*O`Tv}<tFD+jL_XmcmoOOr^kI`5s3*C)_eLUZ#W7Qa)WoyAy zcD5L#31H0)kf2cWeP$1#F!U!0Jp?ums_rt>Tu^&>s`tA&snn|@Sf?Bt=w3-B3Hl@S zXV`b_2X_XF3?!#q_r-x4y}W<_K3d+S^J!Tn!iIyQ8%d{i6S_@9TiZQGM#hFh_}Dio z=_N>u3=4fs{Ei;@C7@XP!e%x4I@Cw{eL}&54XL(pXi`K#zlYx^79uyAc_n z5bI0J8r}}A_SY{Y1A}Gj8{11=(Tg++pby=8`nhj&<Q3RrHhX=tG0 z6-*#JHt<9}`;CnuTujG`eM(G*@s6aetmtc8j`hI<03jzRE-t{&Pt=o`os~5_F)>ku z_VOPGJ;c|qP6X`A%`$%HL95xoboPxY>!=7(VeGI~&P2OVUI$0Ye>ebzc|kV$!3S2Z zFa{XOn4FwUccRb%H@IADF@C_AyFd3hlKSUIuJZf$QAz&m)!_Mv$f*AYW%SH)qW|@#aP$Aoo5ITe$oLxA zCBI7l>2iRb6L!({2Mpc+8$oADi|UGFX8(gcPo`f{|F685{67bStT=H$lXjYD&<*Af zN0c*Ksih3D4eLc~x-3iNCcEUWC4ts!LDGV23fmzL8Vm@t2xm}5W&B*NhVuxtHpKdU z{Fm6}sjQ<;S*dpjMHhEIHTSK{y4O`L&K93eMkCNutx;Uf-5gRYzGdun8E*+hk;P)F zGheI0(#i_hP&7~{02`x~c9f7`iB|K?$5l~+=Vj*M|1?82)eE`%d;8lG-V<Ae*hxu`w|%dmC9pZ| zy^`eG3$7ppVbYh0#P5qIz7%Iv4-dY?L1pq4@3+R5Us%a0(3O!-hR$|w8fRXMzMQ+ zg1V)La;FLXooweF1|br=jrFNt)5MJtv+FDwDdPI##xxb7Mtb@*DH2fuqp88{i3}1^ zpNgZZ0v4OSz2}(U-mbBHTW;y$aWWr(=BIkcYVFdMYm0AtIi`nw*=B2VwrXDqgaL@$ zL5A+1?wM=$fv5;D3%vbkb6g0P^V51l#jB@N-@A^swmuanctTw=3NYCC{Fwkhf2K+aS-M9mR{z9wg3?2egTLRDrGcBF~18fRPbJgw3s7V(bZ;7~HG@D3;#|x$%(vn(6^x!z$@Qf*n~Q zAy66UY>x;DyTL}^m?uAdc7sN>{5L9XwdOSs%(o1`X_~fq^e8AQBs^Z@lDKcY!RP!| z411{h>HVP!D*VkYtLBcHi>hL9L>s|Y*vtceAviL!4b<2FkPgTs(w8s4Kog30m~#3C z8hN3~Fbya=5rC#ZXC?s#c@LA6&T5VyposyV9a1_8V3t&B|bpWk9g&BwfMXJtd)*hZ_c%bv+(>Rx{*?vjh zMTl}zPR^>n?Fw)2_u|&{l^;C3JKKtOlQJU0&?zlAT6=tm`h45EXgx|8z>WXGvZVh@F!(rzO>U*KfvAGy2CU^`?<`WT!sU_HHO!%V#VBaFl ztFA6|T3T9AM9Ba>;Bq@NAtd6J-Y;Mm=fk|hIh)}3r=RNT>Mq^t+%G`~Oaq&i>tyE3 z?c28zv;lUdy{0zr#S_02v6YNggo%olj@>2e17i(gAd3b8$zX8UQiU-cikLEB@GvdV z1BeeGGATR&Vi4gpB6GidZ74?+#@m1oA%t-z;{k7|R-8;vU?>L-`Bq$9975)Ny**vW z3->nxW-8)ufK*&rLIfZV25At2juWo(UPOe#rY5Rep%90hI?XbQ*^E5P=FC*Gck zwy4#DF)k3hKfzD|1K7cH^YgE%sEW5;VBid~2F%7GZq*Pp=?5+}FJ8z5e;4FC)W94i z9*GP&(7s9wy`jLGW-V#t;>fZ4<_F_$i|@+c#EbmVJdHYv!|>>6zb5S)zhIF7DURmZ z6hk2G&}shu$Uvz}GORS^Sd#)mF*`fE+}gQ4u!!KGAn6pjDyYsd3M6f=B)622o__b? z!$29<%n()!CnsQ9juS(NX@hpENMK2jdz|&h-@SXcJOy9&+3eby@1QYtNtY&_l$4Za zJlRJG`moV5u(m;1w%VFt2llx!ZpNaLu`VY%;Yg5MRKy5*cXSMjI8sWp%%0Oz|CDQ+ zoV8LhWl4PXU-QK;5XGGFTy*{sd1*<1x92tk&Po_iEh%+-0 zR3bK398zTk_5^6i#hOCh3p%ZUi;AGhPz+91J2Ap-*QB^lIj>VgZ+D#cXLW=_{~0*ie}aMWF+QFMk#6bf z-mqHd8JC%v-Sfuq2SFg-TXY#hGZfM!2q4ly*B&t~y{|A0gto1xht{r0+y`z&>cfXd zpmD&_Df@-MP^OO*gSpAiFj~Z6x5lrjshJUKghWI{1VPaZveoABD}6mZdXph41Zi7+ z2D2KG9vAaO05pQ);}O$xPBWiSL~_W(T_st~C*H#p&FJVTSe#Yu|JGfpP0FCFDT!*P z)>finRh`9ob6XQ5@?-WO$=r%&N<-yfu>y_$6BzaChb)dhQk%LT{1S*F5Yt(Z zJmv~o2($91!216UTGW8N3ewa^v}(KlkjW@T+%7{5ixWQYMfjg6cJIvN65LF4Yoc8==OM}F|^JqYVC zZ~#k}_Q45&o)XA4^UeMZJv|SD+Zw@FX~=Uw%mSYpml2tlmsj2WRPVf`2w@GM?97Jp z(4>Q^hWJxLAVkX;1Q800yV76kOgOGnpa_!(^(`%FVoGp#P()ZSg$|*QB7ETh-sfj9 z#b!E^kFdD$m<-=&YCd1?i6?`W2NA^xJq1riDbsKYTp0T3F3`@l!^Uf6Tl83>VSlm@ zY#5`v^a6Il$68GIMwkeGdPJ8#Sgw>4)A~gSzy$xFb#Pg3y?B3WYU+VoIKtP2SypkP zw;y`HbY`7#<2-s)p~igX$4o-AJf`?qqcx$w$+3bnDB2=PC!cYiu(k%fH9i{p19US$ zK+WLkLz(;hzenaVkKMhwkX&G`qgsQPUMQx3Tdd>9XRfnlTIil`Vbjd`mDy`){a* zEiEVp2Gs6|JN}RcW?A--HjSRH^-`zOJ3e@wPPzeay~mJgK-HVeVT;Sih;(guKP!U< z@!Yq;18N=|#HE|t+7fJ!WW-X=nZSH1W#cx)pTw&swtV4)sjeQ!+*^%Uj1Tqw4SqHT zJvQ{*NzG^JM;PF(U0h3QQNBT3dEf~xtz-Zpw@;UTR?txvH-BnsTvJC!R%J9cVntC- zPaK1yoO1=oa*r?~L)}W6x9>iN&x4|E?5$r=a#rb&|)W+Axc1)7m3-Nf8X>XtG3`Bsw9^pV25+6qzc%odEhb^N>*2MDDHI zlb9c~vQUKr<6xu*HR%uTmp>niisC3*y-qszbJfnOf$p zGW?AJjX&P0=WVHJO`KHD6}hPFVj-$UiP80^`W$qDx9C{H%*^aIF0G3Y1{&-R_nk!x$zL?L9$U5Xe3ng##Ue zTG_{shh~>R`p@;S(8|PUbJaV9ej^vts*JPTIFL(a$1a(dCUr4y>e?w_rTak5>EY#P zltsfUiOKd2F+m88=Ziy4E32yNhxU^EYNGQa%C70BCo6_Or({sKjJ0I0^(j$^U4qp` z!0FpA7$t>K%8frSh0cWUU$jbwTL=Gf=U3!F$CXE-zC>P_`v5V^T-`ze4I_Om*mb4Q9k1PbsMsvCrGkhj&o4xOgZd%tstX)F^NP zRs&p|A6n|9EjuQwa1g8co;@p*8p?4gbBj~e+xe|_5~DCgj76Z7nL^S#;dex}c(6}a z5BLD)Wk%B065Ztf{e3(sBva+I(YQ@a#~74{2x6Cro+LWjh?fGDwFf@Li|9d#WrS1nmCcWD(;jrp z!ewZXi_v~GfqBD4^uUwH1{04LG#(-VA`}8P#3r;5rVg(U26~8_3uoqhe0+Maa(YQOi&hx$W%Yv(_EU6nq^N90 zEey*M%6nJ8$-LYGXM>*gXU(87$LS$u3R);ls~jqod*6dU0AvaM4)Yu^*^DikY;@pe zo}I`j$UQ!O63i4xJI$(-PWT%IoQW~~ z>|jNwvWk}0>+0(2IQP*5%;~0Cw(`N6#31T+ysD}S4bKtCrOOk3p5My$_%+EZcEW%| zyk__(3kzUfn&izpO|T}8S$FL8g8pj<$2P@btnCgini$V79{vQeoGdSFnXAKBKU?q- zk4;OKbu|E_;$S{0luF(x_{|%0xEDq>Td2KTW}q>Z7w{eC%we@B5u1mYdHz_54NUR|c-|A?or|QZJTw!> zv+7l;H@Tg!46_{MGZ^7D@WB-mKU(l*ShWi>yMM3IG+RJrEG;d)1s$fdb{XI^9)c`` zZ(}^y@#7d0#ef|ui^$JxyCVzuyjZLJoEqOog^pCT{T=SJ+7{^Ro~XY8olLSEq~V6b zH;K>#@z}$)t!=4~QWBsWmpA!-hZm@t7vKWOYr;VWYGb55FNCO_*4EZAFK@un$FY6; zb}iUf!PJGnYRz-B26cB9c3IR1?9?z`^K7@dN!eLWE-oVodcw19cEr>9@#8sSyGP^n z`QH{sHfr}5>_Ll%-x@(?A@2x__7pU( zmI@f={w$p9XGBd;(a3xTj*DO0kieycyJo-uugu;J{<+OcWBmJ_wQa457rgr*{{6J# z!7YHBcf_Xa1Q8?&orDtQ1&e~sQhgTI7hVG1>b94iXgQDC^`F!6T)INS8DKStL#cVL zU-8Sx$VUuvAU0%p&yBG8?=c+t<@)PlSjEr*vF_UCMVLi5mL_b!a~i< z6GDS&0Mj-p7KR-{gwQ848n`LE?dvGoqOr^Dn59@SXsrI~D0w*A(8IoKZ!f4fb--T) zX!hC9f8VZ&-Y+rbHBQ>z;;eXv1-%lwo!oOJVfX1W^9Q*<7f+WC85kSG@uzFm#DT`f zg0IzDA>l6IE&8z=_>8HksmdMWVzaXo6R+RCjcyYR;noF~rMI>o=P|?+heBTTW>)#H z7AEG!i;c)np~m09c0s?z&I>ZmZ%rwI{R+wljjIBU(?CD1Qk#`y4ey{XW@WH2%?-2v zdN!d6r#b`lUOY8KjQsI`{$ymVK(vUM>MZHxvHCr3njJe`9x?TnPHZC!i#%vuLNSAw zM~E!-)hz;j#1!}Lo=nXb(oDq3DlMl?Y2etOQIlP7{C?~U-tN2O0d8Gi3=A3#24HaMzhFoX*fgs2r$84 z6L~tTo(AC;Xr(aLJ&9dFAe8tzEt=C6TE!Mdj>3Yusu&GyGt4c%_equUV7@2uHsX%} zLP4iwb?BkU5CSb9sYCRm7})EwKbKlx!CiC?%xKW?{(bv+(6|#z3voEW97(tZfCZc5 z_kJO9Iau2T^P~1)V)bB2 zSA$R`nNn z40S=)kMacD-VGT!V#)y1iEDZd@dBjyMW84C2o~)0Im7Hd90BlBkq8A8j!8I9UzpbI ziSrCRsh$SOE=h zg7mY6gM@;*D+$A=Oz@#gNVQQ8Y3Dw~iAV|^j#PPAKEX0Eth=dD3I$sZPzJj$<(nF` z`VWq5T7=!T304wdm6lUE1+}bqF6qOB3f z^kwhaU3>BHVg2{(;0-?w0Q)zhC&He6C$K`#@NflG0hx2>&Ls@blyeAqE(_z>Ch7>_ z1@84p5M|I_{M?H+?U5ihU@Qj;d>styenV7;(1}fWUy`5h>@2ER0}HmoYViFN@a80? zLZXGR@{siA;T^u&xw+l_{Wl4TT*?em4tNP94)M(3^ynEKl_dzjyqrC&6RHT*g!Lzo z=Y{PRrmH{c@7Ezfhb<2q{?6sekfMz{cYZ{{q*w`xVe?E@T$UWKnwg#5kNe4M{(0k; zE$^~AJ%&Fmqk5~Qe3q_|Rw=d8+G}TLw`c$Ufw<9XpiFpTB0+kRC?0NwOwhvod@Yus zt@VkVBWef{ha99^zupjMX&XGR$=Z3rhEO(u?w$skkO}-w8}{1vHRE{z+{IlTaGO+&lc(P zg;%r>K!kyX=pN*e$>NoCpWvSAaygt@zDUY9_gki%wEo7TW!}|v%)Q94@8{;G^8!am z+9GHX*u@Bb{0W-gZR#YUddhWK5k3OVD$ny{t$jEkht-7GU7YzP& zQ?Azy))`xX7|q)g(QLtodUdWn_sWqSG6Sj^&G+KtjT01e5C>wX6ZyUoq;9bVA2zIJ zZ2IQC?(HMLZN%RIWZ1YXr$2d8yj;kGLIXVAd|mGj`YNQ>QNrXx-4SSij{lNyBxN?n-j& zRAVoUI~W^$EHFp*;l{aKCYa-%r{?xT!GAuPep ze^EtcAJ*cH;=Nt}<^^EojaE@%WoiIFpvg|ywScfIk}MNskFbi-{qN;Ko3tldn~gF; zQ9Maf1#ZBtKHfO;NpA*r-`v&7QKVA0q_&bT*zH1Dz|j&X*W&>XjHAV09Q7O;zE+f_ z_!E2e76t#?!%E6ru~Wq5A#`QJ(Bo$P@%!(^20X9`zs5=+4r1uInS6zL5&cxXR?nA{ z^Aa2nn0ad<=0h!>t5G^9?Q&#_U)|Z%KcMqQ8$FE$z->}@Pv1xN$wR>{>jOZ0_hI#8 z+(G^uK^FJ#n@}5A+1PqF+#e|tzfu`hX|#ufV=W5w;|Nb?)#Dbln)0}%GxN`8F~q?g9u^P~N*c{qyGQ%@(L!uWBi)zBTFl z5xXkZi;QJ;S=rAMSqGPJ#bhTwl2)#L!p9k`CqUYFB#+om#gPqH-os`Oi21+^eV-Vt zN=B<#P9WaHp_2Rra1>o$4dPWO|33lJdw5cI!yK~$ZI1!a!F`sq^h)2iE3>s*^i2Dz zbTAD{jGW}SU`L&3$vySi&8RQ)iudUP4`0q(Dameaz5>H3T2+}rEn>TOKdpBpX~3qY zrXkTo6qtR82azv)v_FVr69B|rdX7X>B`l(#ii&D#!NyR3|6<(8Bqe?v3(z(dTG70( zXv(qM4^d}E^-7A`j=#zPyy88dJWvlCYH5{iV~Z>D=la9Rcn_?61g$#B0qh?XRPykk zVxs*{fbG4Ao_GNS)fKwCmTq`<^N=sML2a}|`XRoKHj@%FPNq-E-h5jv(gW=(-^WP$ z9=gNL6lTfC2)GC=xS55e8n2|5?{oyTQ_@V@XR2-#K;@TSd)G$ej)d_Dz*{e$n%Ehu zWSk%CB9MUnX|NyxpCHZt?rsGmP1Gmc?TaWmXuK!z5GM#C?;_*r6#-z$J>u9Q&TU z4l$?ztszP$j6f5EuS77n?)}#nyI=t&a=0Y3^9`JUsnSy`vcx=LuDC>ajrZ?s;U%V^ zbd&;3G4L4tjs!j#+yFc?islIhgH|dFzyt?awLY2?C`~>f)*wX>orbfPzy>w zLXC`!c;Fug*LMb<6qAm80pzK=Yb03==O+7*mi@3CipuSWGmOaWFv+44>;ZoW=#B9s zXK*P97dv^oYvW7-QX!TB_)9;C%(jUaxJ+A_7LsPk@YoJB>%FjWKk)MMVsBUvuQ2H` z(}BRraE*mw^d%(Q2gW7cW!mhgO%yE)ItdCfX(Ls9NIiWO4m-*{i9J}ChM$wwNupq< zm`9sVqgiGkPJ1*!l7^~^FtToQVEtVoR#?vKB=%GXRaEH;T@epF>mfWSz zvVV8nXqgt+sq?k8_uLC{ZB{NucmgUlu8!DCk;-Jo$PH<+I@D;~7o=|u7Jp2Pv}XCC zz5Jz7Y@Ct%VD?|g95@PPWCg4#q(32nM2sL%ZBfM#Ao!l#;Hn1?RZ+-#2z_*Xy~b@= z4<4P1V{Z@vQpS1P7wmoWCXDfVos#Jk5&SdSavJO+d)iJu^m zN02R=OjB;KkEM-`+b~Xp%vW)7aS7^QY2~?$RQqViszu0i-3pCoBqSuDxXA%&!KM2=#$ee^ya4ziF9ca$5X8sn;r7ev{ zhhynnPfyQwj3!yn$cMIc-}jN`x-V&%ClH0Ur)y|P!&H}89kIxWr3U8;Y*=G9x+vyZ z(VtHlU}u6yQ%(#I2snvZF6EpcP<0bjKimyZN=hoY4`gDLkt6M%lb81ZRG3+KiC!92 zW0^Rc&`g(e+BrDv1Bmr0xmKb_tfFLc1!Kp~0*-ly0V z(W)pQNz5L~M@KPJ_Z4;z!o#CDPkj=nYaR|xX2qcr463(@x^U5d zA_g5HP`E!_DnS|t9qRw1|3&cZ4qv%*clf$T``?A9sl2DfjacxlPPTR~Z_V~-af0KO{&Q!h z`8E#KR5mo=ID|1+Mme#qvoi`%dJ+S6zV!F2ux|uc;@eZ|H6~ZFYfHMpZ=*dICCWu)cB?e0{T~|`AA*g5a zhpW&;?XEop>;?Jd)uhBeZ5uc(n$y37y6(#B#*9g!==}h2*pOcl=ZcLQgl^;vWP`CJ z6g1(-%xA_2s3atPE>buYc%v3ubdBmOYbAAE&mV7DNK6Pkhm)&os~GTlfKcpb&onZx z=zrq$*oaQfUB)uJ(&(OqzBhkg+kyT2S3_+B^Ut3A|8&Gw59mFqKe^_65xXnujl~{_TDIi zC@o#{5sNuFIUB_I64S@4;X{0`O6{ob-#vi?U^b7#BQ5SUoWQ`3xY8bYYJkIDzkUse zPU%znGTp?m$3=k~orU5<%^EwjNBw56glmHG!<+sKC-Aza^r@J@t4fKWsWL@w&@_nKc62v- z>Usw4vp>b||HEdI|EPI?sHj%`%gs`n&7l3ak>!X)^vS=e=J@}_@&Zo8$iU!Jfve*J z2OP>kJ{RD-i^Iqfb|POHWeBv%1KI(OUU4ddbTI+;n?i<|VFH)aU~Gt$={kN)VY!H+ zXZWfJ67?cfwxX0**2lnmk*RQ~c!WRPO`%ZbTMQ?*%a3#lyoxn6@|t>Iadho z9;~yHmRg z>MIUE9FOo{ZDwF7gVGFtBP_+W35xq6YJLEc_8Pv#1zi$t37KXHNv;xVwR88K{c0~w z0^Di1uW5jc|Hx8Z!K4Xn=eabjtNzkt6NJR#>AG)3J_k`_f#Zs}@Bl$~@S5F#&ZX-< zO-})G#fqqdB+4_o5A*P>JMtB%#AaSmS63G*<|#`1Q7Q&zzaO06um3~LOj(?(_S^?N z3qXo!DVdBD>cP2nE##x1S3w~mr5x1!Hz=pgfY_wVz{k#V-=RySh~+Vp+mCq+*T9~5 z3FHuQCF2q)fE@z;BB-(Zpu>@KMd%ec@t*$v_kh8ptutfoGRV@9g9o_iEmYN* z7&g59yK#?Mp@qR8AXSKQ97fMj2X~O#SgQ%DAf`wA0F?SMO2iQPGZ+K6J@{b2z4kvK zRx*u*%mO128SF16t%2vr9c&9}{0y=av}QDxQFdP56b|T_xKXm7ikUY!rWVYshhPnbg|%l_CWum||#?c292ufINjsXaU=Ev40zc*s0*#)c#p2`P#(PsFW{ zsZ!wLHc-fnkD~boDx9Iaalf+~K`D2Gm2I-%Lyj1H(i5CzC`WaGeW(cHXsjwm@ebFq zxQTrhuO*Fb20Zo-+Z0SID%w|IKYURnx@7%hJ8(W-!mS7Mhz_j(+k~NkfqzJdBe>$E1LmG8VfE9yq@B?BYM#W>-QeKjW2w;Go0!?De>O!>X+2nix}NN%vF(+X+*! z^8ON47ejJ}t&>rQHwEPR{cA?mvpODyf4{=}lCRJHI`Z$sSL#@5Z5(gB?S+XQ`|1a& z3Z<>yNdn%&O>ta*{>E2Qbl=>PZamePFC5;hE)+c{7Z<%WH50_;0sYBxoYiyFr!o@gJn_BdPl<-50VznjzDoM_D&s{WD& zV`uvqs39;>Jn%0JHB#lFoFJG4$p@1{PXRuIrcD{W^m$FCFYeQ{jDTIRuurUmc(3sS z_e7R8_hiS9^B(2wU9I}+kE`<~F1qtC?|su1%saHG2Uo!ugNUic6bco#m8 z5V_8Q*~9vCQXO;O*BuRx>iu%ZwfVcd;JAEtlqtu9vSZtVTg1?lK)4QZW)g9!e|i~i z30o9go>m`dm&Z&uBZzUxu?T4j$Bj>4>{9 zm+|q<1i$w<3iBI?f%TAwGzsgM4)dPbjvz=rmFQ%(@&$rI{eHC*i1%+c4}7sTcvfP4nw`XM_LnNEsy&Wb01&6u6qk#_z0 z?kpjGP)vv;;cXz%7?(dhNPrV?it>UQP&ILoK^p%F)ZeEig(#cDOJ;&ch`H2 z?Q(*3wX7m`W(0Xg^3|o^5n7PbI+%sb@>ou0nz<3p z7Jq=BWdJ+D7)U|OV+`hwP`#Ms5PV3z`_p2CfZfgc=_H2~6JT999k?=RKt-V*XjgD4>OGQ&{hmIS3n%8hr4hYJA%;fFH#U#I^ zqOWT5}CH8@N-O?U6ajx9AoClG-bk$ z;?#opuI#*waZfnrpDVQg6~dFY6vA|3*b3p`eNsOY_{knKB^Gv4$czl^Kr+ZgE>ie| zqP)l%ka-|ify+e!>!7L}#G3gZ<^o4Yp(z3|lzPl6VxEA9RIw*J7Z=wRZR}q*5TuxILslbJFBvFy@o?AR;2oce zqLs_|S8xUx!37F=y%wY@F|7bnja1_-Phbq3dKRv@Xpsl!Sy$J^ zg+~<&=TcNS&_&RDZ1Y+p?s|rOVHx*TwIzh)Jd-jv3Wz2iv=cpkM#OrXk%$M2L`W_F zRtD|IPNoJj`R(iTCzp$yJT5k{h?5B%|2(^zuDjm}lMr3iG2;}DV@5RK!0oP@dkvvK z5Y`-M6}iKcXy+6AjtG(&7ih(l6EXbF2o$HLS@=K6wUScV)wz4%y^zn!pIyN&KEAC< z4VV|anG7{0-n07?XynO&H!O}?^jr!YCHHgNb8;?p(i%GoO3$e8TV$baIO?_Qz>Z+O zIIdJyGgH$Y!8hrH*_iJN_n9Ra<|c*4U0RTljjk7VXcCSOH_Ck`BX7hht)k#Csm^Pu zF2CLEm+p;a>*7NP=seHK?Xn$BRP*SdHZFbvD=>Ry{nEssXr;E}K^`6j%=fz+GewiN z=*j61OPo>sJ#fsvo}CU~+ZY zaIPYS!gb4Rp(N~+hKKad4lVJ4(T4CIjU+pRv)R(i0Wx^j)Za9=tr^o!4s z80)dmq>SYm=@<@oH!+Rd9op~jIl@Xqy)kB`%z2I^@k z@+@L@>RJJrR~~n7CchC*eL(7ScxWn^Fb@06F&N?6ZQia|j;xqNQ939p3h&pjF0a$K zuBp^4B>&c9{_xeSecX%;{8o>_b)=!4#)~j^t*NQ!c=aob=YwyS~24 z@P)EP_&$aKNe3R+?}B0ca5c$3K7Iiwd&t`_pJ3*D3f)mzFzUw-C)r1bU)wQVQuf=a z+NG;L5JwaqReb zz^I+_D=OUkYS=#z5{F`;Q&o4aqIgxrwt&gKZk-pojb>kMj|{T7eQ(M}*g+={#B`MHQ7`Xw)$nEAbrE zUy#+?Q3sCw`z3J{>P#H?V8`zQ!$6-yUd6Afu$_5#-eT+P?R}1$)A!0*lq*CARPDA= z*Ib6q%DKnm)O1bw4+Vl$lbyp08&zrL%IBX@C)ZXjJIp8+FfuY-&DQ|5k^ssTbo%xLbBXX^ zw=grO;uW;N9ccA_c&69W&Lu}syL`O=6b{=y`Tz=LajVvaO?NmN(GfH}zp$s-qQRl> zE%h@Xd2dgToz(pkD=Fu-%UJ_?PQ)TmpwTY=qakr=X)xVGrvH3gzOx z+p8!PuOqCR@uT;*&;HZD*mSE->hv!ZO7T5vWysIh*dAUf{qrX~H~oQ^(Lc?G|9x*0 zu9b3F;^!|I{?RXPSM;&|yqcT07wM7depok{Ja!5H&;&>|UHd+hp`l>{a;A}<2!?-! z>7W6ftR&6|mjYEI%u$yL%YG(d;*ayv%e zlMMhnY|iP7+-#6j4?{x}VCHn;6muAP1g$CtX8U(?&$kFGA17np&nal&lWWS--2pyMfnR-ytqDnt*R1}4WqYnN z7}*g0Fj^46$iyhw$ z;^{1J498)4W1}imzD9hDLn_(?=K|x5W?{0i@QE>8Mk-9$IUT%b0>CH7ks}w#cbnNP zs3a-#h0EgYhU((|*bW{&s)+TuL(u*?;1YuS2f+564a8-U|2{q1stRl+h%6JEDWLBT zVW$_6`r{FEIv^yZiT9j-EGH)=RU^Y)(AzxzSitUKaPYocZ=a%bI*2LxC{Xn%=fcA< z>3h}y)RK?yj=2=&m6Z+1W({nwE21rpuNmmI7c|UhHptY#hoeGG29Q08T=i3O_3+f0 zg1iK1!54h46^TMm6AGLE*US`jnR_vv9dCpyQ6@4r%>ip`AUAmvzK`oEnsv+0LTyBn z3L6i81_Nt`6&0x}CwHH15IGN3R1jV;B)-fdxiC?n7?hWlop*7`CF=!T!7#9+s*zC~ zw76IhU-DQxk=d>w0jI$ovL8Gs1rjH)!Aw~~;wC_U5@r*cpxhuTbskitQihSNI~vQt z81hd6a21hJeJmGG$`xkNaq8r&!6wxJFntUK*s>#E9lTgz44VIgoSd=%X9_?7SW1WD z>k?pWFh##9==Q_L+ir)bTQ*SIQ_RoM1zkIJ?+Xl(s&LIrBi5A!V4tX-5eE*FON#x# zfltW3MQd6YG-O27)+*p$J%<@UT2AgW%yY*)7M+?$XK3H6v8huPa0Y}7*gJ%x#gh(1 z=7@~A#y5RjfU+1EgWBYr!nkqcE-7|)_F9Cks2D21blm1i?Wi@r3V`&h*a$oLt&-tj zl?eoZA>UK-q0cq}_;VgH5;iF`d0_%}aX_(LFMI!K{Y#qiJ8W5~>5SLx#P55@z$c<~8L z)zk2u{(OLU?$kgYXh_u-!ZGtH0~uyN4iOP;ICSce=-DTQMM!9{Y#mfq2Iv4aeZFPT zh91urfIm^qUc`X85Gs|5<|P{Trqg(?kp~uH;bTBibwV4vLM=P*OS{b7byJaQJC z!Zi5q!3Xl9H8_%k9zA-F{@WbyIFHW_|2m5)Ud;so1-PtYF$PYY?0R4*xONX9OLq=; zQ)iRI*mMX+lt&&|+MCzT<>^VA@?aUjT{Qz!)$+l z2aqcsHZB-8`fuH`r3@t{5NB^Zro6HH;v9MM5rE>dp;$LY=bXV@?9aHN^gDJW;`%Ei zMKnorE-{}>tryt2A=9iuntVF~mM&XF!6rgyA-R47Cg}ud7kD=getuO_*_4zX!aSP{ zVtWae*F@c-Lb7%mbzEh&bL}r+Sx+M_G>luK4CKC73Z=RMWd~YEJWM5)ZP^#F!xC+@ z;5h)39r*SOlF0!B$EI`O(Bp*+OA4r5ydrX7EqRVq*vR%LHL#-h z5eEW{^0O@}xC!)Ix9$t6h{YTeRlJ=tqE7Wl9%T8-_2ndTLHB zP^oQJ%)hN9-@f+ zA&8e}S68k!LqyiBJvVbe$rWdc66R%i-?~+ymv%rqUS!xN_mTtKK8X0-x+a+4F{O6!ITV&P9}pd_-l>_U;CfVXI_q-QPt2$1ZN0- zR-DHmCM9KQFOf-&G3p98HDqk^Qb~6*=;E+L&KfNd?-O@JOF%-R2s?E-BubM6QdV7`wtxLg4gk@B) zH_?Xpo8}f4k^q=o`a_MCl2kZh4LKVKo-fGX{|Veo>zM?Vz&HfPAd)bQQEg!;qZt20 z1wJ*wQpALr3rJtS1e-3UU}lzxIfaAGWV8K*TQq2`X9JOwy}%@38&f_-MY=PnasBVV ze*$L659ZV@)ItQCKtyypfO6!l!n2VCZcMTtfqC*X-VxPHj8pB!34HloU;h`I;|LxL z=AkW@Jh`_e7VH~{FBDztz23Mq+IYd4iNgI*{f-e zMGM+Njh3I2LqXo>2ah&qNIJG%E_D{OD@-#sFfajap@D&}1OtH3X|{M}I|avf8b*&K z0)d%=EpN$p&VWw2SBiX_A8y!7km{LM?HY(|B$DYmoa*VP|LW+UPqtx&QWZ1L7! z?5ryAsbQu@1Ez$<#>EYRhF3m$^6J0^A>|7WONPy_5{H03lyzoddryQPAZIB!qLv@0 zxusMs7Hd#gSR#RLDoL4b!UTvJlx-wH40rLapI;*q@*~Z1NYN-qORUc{t&;$$2&c^> za&qqm*WqKCFb-%y-`d&g*@KK*aUZ=LxbE_;( zVvDe^ljV0F%jP<8;9EXuVPU@-fktQsiFi0*C@%v*a%5G?yzVuLs2fy*bdev77Uu)U zQ2Aq_j=S%fckWCE4CLVBQvu`U4Oj0;>Ym^M!C8$907tf+>(S+rrL;WArCZse_Dt~V zR*@wyS-x<`vn>`|Wk<{v{fo|IJdpn0D^f^r6`!50hD8gqt%^MSR zhnTQU%Np&7*{3I0Q89Wl7txzDmrq7Uymu}Q{j35}|OViZU zRHng)&E#*;&62(w&31XEK7dl#5&fI!F?LI#mes&YQ0^N&BD4xOAjFJT5=K|VSu-{M zc&Q}pn~SKKU4h?>LAL$jir8kUz2qLWYb-lfbG~dHU4uy}-!F&;iM(jF%Hm*Si>Y;o z8)CcINNb<1DL$SVHg=9~@*Kvd+k?%8D|zG^oj5lqC)rOmO;eMT7^Jx$t4w+z;4juI z*4X+NidSbLNB1`K^4`an%`Zu(IWXBK7_IlII^Lcu&?c!rE=t=}))`2+0}R(s!PDP2 zIM7*Dh)`ORvjOl*N9uFJ#}re=)laLm`tssOKc@epSN*#CGPY8-Q9nlC;q?ZUS%lHVviP=9AR~Mx{R*@9%7cr zG;0;mlIdXV$xIe6YcktW8Pp@QaLuPs7Ie5*Cxhb^x+h_3?9NonfzE`b(V`*?{Tv0i zf*vmicNf#;(rYL>UHozBk8(9Kixbh^=Lf39L(GPL7M!k<>dv^d>ePFY^bJ7uE zjmk@&5{l}6rr>+eRr%LB@0NU;v%9J8lg0;<=H`=PLBZ+O867i~d4^LNL+@&Kj?PWK zFwSYc!gp-{It}*H(7S$z<1AWY2bdR<-kxkjNi) zbnd~tjZ+#gtYVDaR5uf`#A$;1g~O+WRq|xOT_5Qy-Cs>bY-in;uDs@}7SxaQQywoqsdx%sh!{8RQ@3ufmH+-N>RE&9+5MJkg>TInN3G~o+s&^Z zvwM@fX7-5rV&^eu53zPizoD0hNtI&Ow|-wOXOk zKzj}QxEr57l+D}1|NMc&A{oJPS3Bq(A}?fwe~#d>QFe~E+!VPqb7J74^?GysJcMZb+XAcLNsWc zK8C(Icu~Ic@r$ad`96o#EksH>u>aE6@Vlln$sNlwiElLP8?Rm2!#hNait{j76tT@~ zb20zIM;6a86HSFyntN7|QGNgYev_uU_PtU|681G&x-1uTQr~8b=C}PaIzRGcAagcp zoSU|afx5syKE_KPZyYT&+LAB(rm{CUH_ae3Sd$!D|b@=RHkru{Y^<=CyJd^*kOeGdz^nzJ@|k`Y<@+R>0GzP5zV8HuKPh z_JyxNbV;OyE>B!k#Ygn4=gGicmM#u4&+ry|i)SK2ekKjqw#bG}`3rV5oNClkm3eS0 z<$KH6RrgX}^EaJ|`qDu|pE7g$WjkU59_Sa0opsD>Pggr+yLHRpc#^1U887d2)6&|# zQl);qChgtw$GYyAP%YbQ3No3Q|4fNr&8>JoWk+C)|EFENMQKk(JJL1NmV{hVbYIa) z-8E@FD>C2iaxmWIf(;v4);YYnIidohnj)*)*>%N|!m>=C-}Duqe$f6j+}b*>rLn#~ zFjVvVVEhyrM8t z)iBDX=6^73*f`c{h8&OLhDhCCg2=09(>*rFpZ7QuDisw&hcw_PUIa=?bu+4^2%`i9;5 zylx7PB9Wh>%UdsFWf>17$rW_1r7p6tmvKMz^E<=)%Mw?!=+>g|g~9nR`<}h;|BEQ> zI*V<2yohCkk@D=uMDG&4oEWfSS5Gd7*e`_aX#A)82I212plbR#Bj&CKS1mrty)_Yj z3jgpM<7HzDbEz?MMhh-5IWdYRxboiX&GOSt277oSC}>G<{Xh2x|A`7c*EAkry~lt?QnAR^r$9nvY?9n#&g z=kojiGsYRG_8$8%UWczwtaab>o^f5*oD2V#GU9kwDXyYWD7@zqqH-t{dMNzK$HIVD zg06eZqfoa{&qbdq*vGDp+r3wKR*$i1D9>rr>qLJ=n81tSvhdp^38I$@qA5f6&j<-` zI1nlHCHi4q_4B*Mr~#iKynGFdOys!)ZPM+OPw_7})fP_Z4YUUOUR)ANnB?K{U5$(5 zv)f=g(O+*@f9`lJ5E>tk7DU+G#f&0?pPoq-HMQC&bRRM@*iz*5$nG#qcvZVear5x- zuNMFN0R2NYHcBpw+utg&mT&W+sJkQ2GM@@gP+|-!sp2Qj(UE#k@qVf ziz3$#ogkz0hqoo({^#o#me|}2GtzkA0jEFzMm!1&m(^XB{2p}eOjXM+c#Kf_Jt3`l92%dr?!k9D}x zRE4pc1Bjd3m^@Td9fmrL<%F@qiKC`n#n7%=OC>5^TnK8?(S19Xl#r-d?$3bBy;4>E z*xmi|_MJPg8I_1`Nl8j3%B92ImoW|`I7{!!VSQL}8*6ma8u1A~#H~1$o|JGAt}VDzh8IqcpsP=)$I_*H8(ZOf2jV zh0bR@@QoO8vuYf&n-&COWwI^Kw#rxRV94Aj)AKezt( z`TmUTUzclIW&h+Hj)$Kp9}O@)v^NNoalh=Ix$Eq_cmA|JW|yP$W)=DymDvO7pRXy@ zdB6JM(RfcEBr6qFCNQQ_q!DPYW?<=W6n$@aVwe!~g_SVZKylB@@ zbI-1>j@e@{;~w2SsS?6*NcyHS0$#cMV`qE2&f^M>wt>NSm(^P8mY?V;>FM`L9xA(& zJW^#hn#5bLYVEvNGpu*9qTwGb(XbaiYI$J$qv&p4*?4(az#a|tlc8XvXtgie3*V-f zdU80%Dpr$TnOfexgOgU5JvG`*Z|}A*t9&{yk3}(--Q!f1|7SaID_JD^qQ(CGh8p$x z?Q7Vpar&0;i+lpo9!X0FqM<%syOXU|h3628-o_U-QHxW#z9?e-EA_=R$5S zdzKa|ho1KG$E$OP=1#=F_RRgyY0-kJLfXq64z0$Yr!*K&32g+4O-@rGP9ax@Uh>v} z-q{V;RoVKQ_`arC)I`=)??_q8XkYYA^~|mPpLdhwBDKDd3g0@GMxVIolEuO|4k5?! ztsfacN8JiVkwkuHVRbDO6atGGZSU><28+F~(|z_ST;ld?jOOLW7t6^{Y2~v1+?sCH zh!rA9+p(YX=iXgfAy5-nDeAf*{6zDIyBNK;vH4Gz%*L~Hj(eTV-g*8+?GMj?scSaj zbHiSBgtQP#?otk;F*8$NNf=<_jmjJyE^^mWl_d95+rs$jb+%bvD)|>DeLUht z-A0!!Cfn=0<*^a7B+0(_4)A^CzAZIuE2C&MI*cQ5T;vlGL|$Qk`*{f~DjHg5~UQ{cxvwa^Ppjw*_U&KyeZhy-+*_Z#wCZ4T*@++*=^@tOt zJyxhm#{S(pj)@0{_S4NMpUGnJ+VUc{?;VurlblSieHgE^=><9zlcJWKV}ABiq%i2u zY_1!f?)Kk@M7p_aE!v!7vBdR_{&eJ*N!z4MYuz@FP+dbGS??mjv-hHORgM>^@10bE zn_7C7d_0t>+;`K|nd+sO@{9P5eLS8-q)wC@{MA>I)faF!y>1@jWcO~X#UsuStNf=xapl*pq^?|B zWino(Y)xBKt1r6OMo4Yv+fE~2PU$Z<0$r1NzscK8s(Pk>Q@{qF96q@EDNF@*my0s) zAh@pq>#64`+LO4E+g>%5qh)^F@2=c+^?wRmMoszueY!;Xhv-A4s)~*gyR8i~N!p=2X!EwQpQlgiMT_ z1G%lm#~RX&^N)j(Lcxho&9}DdG+y5CkKPo1s~%M4O+`tELdClVN1whE!o4|;z2Et3 zFZ{kj>9shIGa=EL5}I!))CZSS7JDX7`!8?rI(EW>BpS#HxIAkUbJ!IhmdZ7W9-@0iY9;T&gr`tH<;><3xS z!E`KDXW7Zm|`59)H=oNiAXpFV%Tv62&qD?e)0|Gi4&ro4r|cK=Le z1cRkQ;hWAAJ(lyM2`B;~%;zTooXtW@X*n{{Tuj~4x{D=%7d!n%q%WGIw4sp(;n_3yp5lC9$gJbRsKLNFXT6kA73 za@xzEvs3lvzm1PgagcHVoUZ_i($#+Pim5y=u6=@zI*FHcAr^G$woE#)Cn zsOkX&`4m)oJYH%# zy5ozC3EKQj1#h9w$p*NRbPO9|cKkko4Z7SCnwuI~R_hHmxYWHWi&9I9aty8$mK3PX zk^H8|yZ%g{RAOc=OgQm3s=OX$1pi$X$r`xDz=$p6OpaedVtd%-6q4+eD};-S`^oZ* z$<{ourl-=aZ$vRw*t<}T2i59iAl<%KuKv~a0j5wUwy$cc*i!LdC}H?=^7KE#P1OBL zKXgru1W-}R)VB>1Sv*>`iC-D)ym8%d_i59*VD6_F-PLeSZkKx`3Dr9|n#wH1wAag@ z8kl4BR%;w{uyP7FH>@v>l;1#VwwqY0w$9S!!sRJ^NQ`4$4}bJ^){R|T9d#rz3{h|D zzKg!qzWQO)Vjee0btmQkn6ZEW`Zn?_qZ#jWqmd5kO9J=}!|u?*!RZN++Bl-sYFlN*-FpaU!BauiMWo zABxGYW5;BXvr~MSTluSeaPDfRWp_1;x0F87S2p6qOS;gS@(8v@SsdXdkMZV8Eic*0 zv4FQiJRh;yP7>87p%}DCjanNm-peR^Q8sV>5#Yj-p`-S8+u8K=tY5y|9j5r_H6w3M zw#I+z84cIsJ@p)UZPIl}>cOJ@{w`A7dVc?U3T|dbrEhQclJe&G3FbHYYdytbQTri} zizGb{g*I+&i}J@imNE0Y#D0pBPjOjCZqP8dZZzD8=OgBGxFh`T=!oCp5>)v*g|1qb zqE9o9?T^ero9X1{spnOv9+(_RRBc0Mn6ri zz3~2NV9upbS^gsb&yLmpkPV=lMAL*wmV)rQnkVQRk)2BuIX86a=@vKCkLdkI!d<+-Sf)-m z&1N0lcYfT_R1+k*BsM6RB%JlZS3!sIBDvfTbDblK-2PH0{&EiOr2Ae7mxcX0OvR+hFZ#m{O&sqrwJy81mNlW5+V52kP)yDGMZZq_IBCQU1lc*puBQAHdJ4 z;G#rBExPZBXA+R(>TpA($NFod zNl9Huyd{gTmrfKrZay_R!%_g=6Z2?Db z@nlKX12|EdkK2-jvt&0~=S$eJ7 zjL)}j>~nP^sp91KhEn#Mlcb*OXJ?PiCte~k#D;S}bL~<0TT$_fLq#kAzM?mOdDQWj z$?zF4Q+W?Yg@|;anNO{o6I>E`UfJd5LN0~Zla#?VVrTkcXWFW{G%RCWFrH6qmvfhi=&SgEKyHZy@}`aNx!8?eCX9tvJ^^2 zb+uEw4^RmdZU|Y&U}FTW2R<+Gu;N|4YH`Pq^Qheos72|rfsPWFY5C*62ckd%8qORj zNo6LU9JppddVO(nNB@oKhwR!c6e{%YOsHLTMU*J565W;w1uD@=%Po#s2*twr*rR~?i32>KOgK(y7$^7!F0t4TPovw9FNA+)V^DP9eMxAS$A`k-neN#bGoEU&v0%udgq*s`&T69Izl0ZPVSy=_G1$- zyw(blOt0-YbZVCD67NFGnw~RAE*NhfBFwtP-<=*sFmqn&d7|PyPkGKO?PT~Mu85rS z-8p3)xEBDE<B((2q1?r6!ErY37O7DEWwtc_D`?%)OC!oR5mFiUF3zYaHd zFp0`2(q@aM)%CaG%U!1*D-X-CmM%L8&^9;x081Ks(c&Z40mOaxUWPGw!k5Sk;~$P1 zolNavrcNUK&QveuQfh$TjjVCnk^pmQJeu7i+glYF;!$~;uJG+%^<@Y;xRhqvM9rVi ztU$MGTl#->7MNt{KIG_QO85*#rIqz{9I2HeW5meB&-t8lWxZh!b)LRfUu(M?L8_h} zW81d8zmx|{ABKv_yE-@xKNt;-RHfea5hU_Uc49UqWgoOl_^L$xdm%zRB zkE2Hdl!qc*4`4PvdH{1PuOv_J%os_duHzK`>u0AuWrqD4TNFiNl&n>qG)yEXIGmHh0e~ zHPaa1778GFQpaslP>$Ok=wCrcybYcH`Ij?(6`i zA~a9}ZooPEB*Z1aV1 zcS=xPWq$nk)p1iqlg{Gg~zc zBjkcUe`Y14Ag}5Ev9Pn3+gbhL!{w@TrX`*q9GzYo_04HcHN*WRi!u#KE+r&bOY3Tj z^WN+fc;RnM$e!cr=<8$A&u(``Bxi7FMhl7Z)t_$w6OJ7>)6s4whe{N}=q-#EA(?ts z`BP=+b;pQeM*m3pSYOn{q&@Isri2%N_O<&N82PE|6PB)WF*|XWs?t9YpgCZ}NqmJv zM$vyduWwNEc{p=Ua+s~>WUb8ecz zvSRsM@$US7gGJE?AV+UaA6rdaihm%dgWe(FsR;e0(u@AixzhLHt!>&5IWqDyg_A^W z9RDYLr%-a0(Dnb%C}^elgy}aWp&LF9Zg8+uN9g=YaID z^N7Gq^qi^XyrW(j0F*Y4)0iFoZ;AD%YYAu|0p%8R=+&%I|IZr>?J=JH8A|ot-MJ(FYy=q3BP6|ftQQhrXDH&0luS(e z#27npyM5!=uBiUYgG+r~dHzoQt{TsweyvO_k278#>D#*cCL(imeiRDR?U%da+IY{m zh_HPeey(ytF5QjgKAksu!JKjYM1ac04>bR%d{V*sP&mpXQ4y(`X3JML3Ph>WYF?MI zIFr|h)%#kQ)^bh(iKdPPb{#?ER4>=T6U~$wwFFrN9s;$#j>@&3CAUA}OP0!syimhc zPZyI`UJ6)<}7>lbf5@8F5gJ<|88Zl(^y& zMvwxlY05u#3aHh!e&?5fDt(KqT;gtb#%qf3aD{l3{1!!exQP)v#gEq%61c5~uS@WD z8?xWJim#vuaGkz=wGGt%U77p#j={IV#NvLYt>k;JW}2&{u;QvIk%YQ?B+~OMIjxx5 zAqm|uM5{iDswcOoq;CQ*{TJtvou&BTR3ySGDpYxOcI7X=K6YhWr!LOH5mzPZtf?MkFDe4p9SD#U?f~i%Dj5BEx z((swSS|K9qb%w?lD_5Mv$)!6|jV80M1Ycb9Oc+e?2@AlhP`h|L`~cPzdUtkec0+EF z+KGriDTgQw@wG(e{OxzC|4^d|IJ3NaXLs{(3w=FhtZBAO5JOf=ocKn#_Qn1W zNz>yP6^S0eAK)@KMys&I>mt~3DSEN@WfV)lI?@Qa*jzPE=dn5d#s=Z2-4zL3Bsoui zfb+C;o!C{~?y5+mjZZ)n)wS&Je|M`Yi%+d^sRnNtkjTAXo(?eH@zvgGO}5|LvWey{ zAV7CKe3GR|zb|~%_APHfVv>2@W|+U_LG~Me(&tCf{3t)}_eIXQTCUg(9ZPB}kNX;- z-T|(v8|^LDt}Xb=VrwFM8RH0w7CqhSRT-*M4}dCiU+#lML)T6v}4O_b7g|_jVk2_7X(+f5jR~+62CX7&Oy2{vZ|JHu!V$3IKzh)RK z;7C>JTjZG@Lkvo6?#b6l9fSMcL7rD&&5FabcS0q!^$f8=myIjp@Dv%T@9R@GBu{Hf zIWxNTL&LQPQ*z#BkAg*!ksM6Zti;27$c%YbUvD3 zX{zH}JBtn&)Hf*!4I^;XYv>2D*Tw!_1Z8aXdQ7ct1fGuR#`4)xrQxgBhVxu{Y`*@o z+3e?f56B7P;u<1JQBg|CYw|gSDxcH>n>V+a51Wo(#~&Tv(z`Bld3V#>&eRYoIt`}A z_GV8g+m%^vnnYmu+KSBv*tzvbCX^X*Lrj>E5@NR2KWp2!h%V8+Dd=R%Oefo5+NArd zD7QY0dH?sY-e9N|SB}hD)E5e!=2E6yyS%zVnwz3#`jV+O419tML4S9Azd2c&uDy|Z zz-P^W()vVM`O8#W>Pa4?4$yqXPHtA)W`nLCV#{Flf{`SQ`dIW<@M={cB+x{tOl0f~ zFVoar7~WF?x9IA|S3chBJ=8z9SRH*weNr4dXh9IucSE*w83(Gtdjg9fQWD(XB}w9& z%P}@1tRNy-o|+ETda93^Kh{=24LlNZ-=p!V9s6@x;JC!cP)Zz^eDub51BS!*J=BPC z>)cM{7t7ctzo4o)E&4TCBVbqEvvI%=-OaUb4#tOl2*eieCXC__ zuQ~Lj#-TWE_~8#7obkj>Ga&7S5?y|Dr{cc-aK}Sl?auAI+t}RWLGIq|m+?CXEZ-HR+Zq&rShg_EKlZ#s zOeOsq1_nlMae;eOPFSZ$`^p)QqhM@8R&I@u(QIaUuhYHx} zi+1-43A99K>5Q}x`qfx{8|t>7az8@>_ZpXML}@KVNoboec?Te0GG}}-mY)9N$skT-dx0*ZSyDp-Uzeqzzg_ zzLFN!2d@Xl_7_DoI>zQcB|=WusH^aK-!NJf7#lGCu9Ib`8x#JRa`+yEWfnHBrvZ^N z{qdfx-dF9QE3l(U4MZC^2zPo(7f+U^N&MX^GZB%1Gnc$Yk|@(4v*@)~JB$%gI!%qe z$~%*jEQ@E4qqzl2{|x=X6q);)be(cOn+F;x{pnbtt0uP`FC$Hn03xnWt`A5l6}@VO zYN*CfjtlHQ`T0?kpNi2rHekJ~!tMF>2D4C4KH)1HmSC2~m-%&ZxP(nD;qzUre7kU+ zg>O16EbLF7aM9Qoz5i)@=Q1UqRJ*e^H!kk&-25K5r*=rgZYug;zwu|m$H$>TC9JGS z)A7ud<^Q(3_`lhlOoV+~Q(=TN{p;Scju>Kd-~~Z901Tt#-Dqn)>?W#{4T+t{fh( z96k zQBqQ8f>4Njn#^m*vGH-LF2R$BGcz+&tE;$bYNM(vBgN*F=;-K#goH2W_j7YuqQ896 zt#L=gv#=BK^6?Q)?on`b{*&^2b8E}E*fu3KRcB=&Yh)4+4{v&7BP2=0_gqiV4s7<( zV9me1qvLlIja%TSPlR4xUfPG7(@VW+1iW_ZftN7xpQOt5XH0zle9dg65SzwjmuP#3 zCP?kZRocy&0A}5uZ_f^wGjdEGB_t$-a7{YPQ|4Y^>+0#{ne_iO7}aug}O>oW+RaGruGwhu5BoKV^{(WJm ztgbE{O1t?Jt#X0Ei@4>HT%Ai`;EeI}m7Hq2hYvGfjf@lGkTNw?xtuUk6{s`i?3D#M zSXfL}1w9KOnLe0w6Mz4n9see``(wSvTeojte)jBHP=3hw?GCQVTkPz+I$WN95*fqg ztAT-mmP_5Vxa6#tA+0vIw$_alndZHn6x>}Mz8)MLOemaKT1xh=?B>A00L$aYJ?Y80 zxrA4}(UE_0a{BoDV>3ucCqB|j%FM)daB%n}nVOrQZ}L($t*SGQ&lkoDv|GdP!yfP= zAF9ax<^HkmMHnsU!Yd~yM@UNQJCLPz2_-2dwbdstt8=oyrktnyta7CbRxw;)NSRSq zw7s=e8%)LbbIkT|Q>XOTFHSYJFKwf5tAl!y#aGTMzH@U;x*SlguCAg`q|BP42kYZR zBqTom*Y9#JyHd!54f6{MXl&X1{0ga$qa{pDP3@hWl3}S7K^WlT$|V+5`mE&O)^It3 zn>_C>OQv4)_VykEYlH7iFD?1qjkib7%gej>;6eS?Y*U_L7j<}KBzV~^1_lhhrr>@} z67@XYEAQUD`?6NbX))$EQRzg_&Q1&$Ib185d|!N*fk77>3u0(#r04-YjUX0bne4gMtk(*OP!sambSKyg~q*wl_geIR%DNLF9R>)7ZAvEyKs%;M0Nw$@erk} z^&_JH^yyRgj~ta3G6{k~5Hw~WNl@NGtLf__2CMgCH2>{Q)0?bv8Ce_5(GpLSi7Twm zQ7yWvQEuxU5plzZfF`&tidk>5GtT~RYLw+-C)NAqKI|wa4RqA%Z~-QKtUo@vH%-=b z6uS5TUmXEI4~rvHkk>o$Lag;N>sDNjEwG`o}NOvWqH#| zJh!l*c*Gwh<_T1^wzu~>Y}o#2KI+xWmx<%l;4Am#zt^<3UWMV1#_jpGSMYWYCnrOy zoWD#Qug++(Ibu^V0Jx)jUtb?%*9!#&VhlVAFB;cFG%!S6rb)_^a z;?EQnBa2TzT*55eDATNTq-A2lM{O>AeXBeE%Vwz1`1&u~wVzZJFEx&Sj$BnZJHJc! zvt(|LxJTV$qT;?-@Xh-W2Xy$<{P*@ZCYc3~m*}Ubr)h0hhiD-Ro z6}sEEMKjgQ$B#)X(I`Z zj=tx3u>PnsmWTe@wQCJh%$2wGSz}(ND+puJdU$$zOEX+Aw_UrYl&wxA%fID?g^y1n zjFqIA@eCL(@&_pfqGo29WNZe3hkJus&tL%KQ;WXtaQ+*}bRz1dmQRrdy{$SD!=e=x z7WP2hnsDBEVKv)`muI)3NgLK8`sB%zN=9C0Rapasiv<&(z}A%Iy;yQC@tmQ`c0~Zg+gYU zz-)+r7<9!yVr64{27@5ctZzOx!@j!yc2lAr+pUjDHpPa8(SxU4LG`3ckynQfa=7$7;q4bxT-SSX5a#n%jOe5p`>QvN~scveas}VW&$-E1hbwD`D_{ zhGNEVs2rD3c{VEpye?HJKjx}K;oG-w_Z{unZ%#c$u8j5sIcZ3ER_kLt({ppTA-&!6 zA{?0=DYwgM1|M?TUnOFVkw%Q+<#l;$wV>-Gm@J^VxmmSMsefR3;zCsPSh6aHvGbJr z{ucpJA1^N~6tB>Dxg9Auy>Pn1)dN*r* z;**07Qb_8(kxKW7M+jqJ_r+$zbRp7vmQdKJS{kY{&5%+)r|85l8z~fFPfrh68i_dY)_Y7$;FPb_)gL0^7)&j| zcSN{ zOjRx zsd6a7(UP}=f=XG6IN(`uVCj-gqp+AbPHfr+s2fGJ`BG6#x?`nQyc^{U=uf~Mm3S8# z8brf!P6$1b4@b=dIQXvq~6(Ty9g)2VLI z{+XQADl{FGfw4hs6mrp#W0Mo-*Q;qBf(cE4pSGrbX-wSQroBlU#>%XVMh!Z?q{<(_ zGJZp@Mxy9w;j8ZP?q6P;eueW5^Q^yTvZ5&=b6?ZxSQ%B>Pv%zv! zk{<%dvOHMVfE=a+)!2SEh%47@nDz3NE7SXHqewL!FXvk5N(cd@L&Lk_<{q=< ztL4%gz{9{_Q`j(iU{(#Ld|EUvFp$Z2!_wCv<))-tW z-uKlqR@F^dN3vK@U6JYF&xcNX%dcTo3X6G=XqMD}I&U6!w70)+ z9pLQcx^)X>*csb%q*81aBNJ0t$d0N37?CA#H#*)j!HawztW*f(o?b?X<&SIBo)Z51#9M2>qupl@;f+^_$cR_&g>NUV9hK{LeKwu#5 zJ>riBLh%TCZVaO2c01=suy?H|rXBzL9OwL_kfMIrzmB9Ua=4+1Ur?IJme73HtNr&!^DP z4{%>%V&W%QXt3k=03r;#;=#|mlv1p~>oHM3W8=Pj`jp6)o%zek5|DK?pB+=SX5~l7 zloF|O(g}imnJ zHHXso6q~E9%^tf}QEWS$mM13OYX8EK@uy7C_0&E&d~gxsQGv9BnvR14582@7&mMDg z`Tzp7&yM#1XZpZ7B_-)Z2>3vfD6fhK+z-+0Y25oAq*LK6MbozDsdB&|W)8PzVFe;G zGWY;^{5PsEsG)8dZ_kdFTG2z^42_EN_3%Jn>)Klxe5I`H=W?>21eV_1+^oT*adw}X z(bd=2*KYZIhj(vxWsu)JpW0j+23@2zwvU9w#t^RKAj2P*lueMr!Dl?*{` z&GYXL4-aoaB*J;2v~_ho;Cr|3-o*q~5zTEy2UW^rbJOyN0;89&uU=c^qv*$aVg*zM zA3mUcmx=qBDisBj(CETgDJd!1kO+7;j;_*+1=ax7u{=L@fHH!>ccIhGODN!>)BQ?X zfCq4;U%Vh9CcYdat(cBkbpH+m105%);$j+8+w$qzn8NRY0g{}G?W+v3@qs{FrK4Gr zG|l@CcKSbc%}&0EWxj7v^VjygZ!Rd5zGeQ;sNQF-C-w>+EV z)l8~skLK#?3RBi17w2bIC;R5@F>II<6BA_o_AEfgH-Y-j#2Cgu?TQyDYEuP=&eSL; zkxM5Q6BCQ(FeL#TlWyIj2&0xzf&j(d8OYYaadL8k>N2xAU2pRxeVDMUtZe9)%>zw` z`3T82>>}e{jI)!2CJ11(aOT--q@M0ri0o2kvT!|p%^y9PZ1GU`1tr>VtuB;|GK5MwI{^vx8!6%I*Q!9ymdoE zWTpd|2sc613=Wb4z-Z#zsJNu3r-w_%f&yPO?_NpG0j@W@)RSELZvHBW4O4&r`oodw zo}V5e_z?}&`~5{dWJM(ZaGH-SJ=|WOneh;C+OMgrLoY5a=5{`0nQ*&sK|KKjK`FWn zdq3Unl^r4Ev7CBBMoFnRRrBExxc=stb=T|R;-8uq%S;C=1$})#UuUrBHel_pjgkVx z1`*?fC|!EKxc&BAi}J7c_hAP8O1i>NDtx)xjt)E+`yc4+jDM_$0YF@1v6#INe7F!N zS?RQ|&sueQWAQsLz&biG(-r_3CBE3i;z7;HuBfW{3`bdo@Hp_(Du5V}jHnC@41l-S zL1(bY93LCIcDmjdVZR_zsJ2~byx4F9z3tQOyJ=W72@7SSX)o^~W=@q;sj~LJ{Qdj) z+=2p61;+l!wyrL5VPSL-6{Z#zFjD2PDJdzHm6a2Lai^!J1D1UX{cl9dNjweafO?OQ zkI%x+ei=o4;|A^H$3(!&1qB6dC=B-!zjDdCzeG!)6daU5I^AR@=A-Du+Db<&0+}zRO9S|UuY7SABnhN&H0(lv7 z&%KCN$yyEQ8F6tbEv|DhMqGuYVrgUJ^21J84!+jj?)CNS*Znh%I8de_fWc`LN4_g& z0KC8_C5;ka=#;T})n9g04!)fPt|#&Qx$$Q1B^Mzryfc15iR7Ls;7ykA-)9p01Ox=o zdUXdEWM?_Q{^@jaov6RRBV4Vy?Sat*;gM`_A3PvIA(JYn1N9bxnnYw|en58?bh!Ne zmM)4u5*~Hm9Uvs)5PkX-4UuwQC5!3oE%y_YgWh^UaS^+sA}abCOy6531-c&x!T$f8 z^qKXvprGVVrdg&f|7TT3r#ejae|qN91_d!4!JV~#uQTxe68djB5nfgsI%Zeoqkds> zX{;jVI9Kf{REEAK3P+_X4DaT?v9EX|N6Ac27@A;r1m)!LrfAT5l27xwMKWdKj(A*h z!wpW!4Bv5FXdC&Y$B?&6zn}(DW{Idfk&uU8+e)v<6M0hP{ApoFBQQ@!8+|ERfaCOUFt_8@J8|&Kf5K5Cd>{if#CxI&TR+#EN@qDm$C! z618+ zPfw4au%}O-4i%Y3?Qiws|2|^?0hsJ6PTciBIqM#~Uv*`Vq7UWp4}e_H3Np#8WXb z46vvV$Zx=yzYbywy|x)M`Y^b=+M-qoJVzypN7zr+86x z64s)R&@lw3>cL)(dcWhvJFW9v#>C`0&O^NWOrG7?&&&)#0QqllfP;bp*!}bMgVM4x zLiYdZ?N}N=)np*cFhsHZT(VleH2nP_LmXupdVM zOCkOgF1jzY6Mp4nD60)4nC$+2Y|w8JKS34&k_O;j98@>xy-0HakQvz46Uq$mg`&1y zfHL}T-XtX^qChauEiP^ZP*OBY4RV#5DP=)HLEgK0$+@{XM2LjCUS016B!2Wgg^gQ9P5wu}{y47R_fDn=A0e%4&sQ41( zfT59*8IaF>%gP+qm@)nxqx@%(9H(b{zx6OmSKH8Z5gg;jIUUvI#HmHRfob>Y5bKu1 z^+Wzr$6>BkSL=80ZbeAy7#pYW*#CZL0Tp{q4~~X~gTp%}MkQ{A`N0Dbh|8kumj4Wl zXYqYZ*k66(kT$;#HX8a~pt9B6)m&rcy%Hso790!N9sWJ&_wB-sQFu;hA(#V6e7j59 z|MmD^cz7i1e+rdrU{K(H=V381pZ|J{Q0V{RF~WgFC&RZ=%EQWQw~$~l*fq;I!gCaK z`md)5@s|C~j6ClAiz9~r$x8VD^@QS=JE8_}-q3P$lL0II7bU}fExu9^w@;h7u5xQ@9ApeaNkQ*d7eo$u;S5^IDJE|8VfC1|-H0nVIL`lY~ zj|H5iCr?itWF0gV5Vp&ZDNf<`64KIMQBkDO>6?u8{a2rIdR7Yx;$mZwdt@r-p>tV` zbqk))M`_gouK^Q*ex?(*{8{2QZ#5|?sR&aP{Fe-R{1SAEl8fUI-)t2KzvJrR;jsx} zM$6Byeli3#r@PGB5L7ETMCA=$K>H!U2ZEV?vIlA z947A-A{*d4j*ohxqC!r5^@={LO6AI@ws|Nhct8K4oS(LA^CXgU+rER>Rc?R?nyxUC z$UC$n0e0>yl$4Zm7!`rl(ESO?3w``wPtrCugL3tsp7Y?G9>US(-j0j8y3&69`0=IU zce7;;^_{0+nEWAhV5YxrWrYoN?n7D{pME3>UOcx5 za<0E1k-t<{M(AQJ?-}1n(VlNXfqd9{L5r}yqa#Ls!A7!M^~8%J9ArVlM_0M__vKK< zz-vWTBTNZV>R(tSI9sBdoycQK-Gnfy_=-(GE+fVD2L=^ip@^aZCo5~g7c-imf3m{N z%(d<$kWTZAku<*twrP0IHPi_gC( z1wT~S3XJCY9KRfzD3A;M9}g&J4U42mrh2F|z0Lo-u=iR~(FaO3!?>?H z)8ILD`8fYpowq=>l#`c-wuR}VuaS|8fAhdr;SmuWCSSuP?}WFCpG3yJt|WnbzepVx znFErF2BdTq#Dg+BjYqVX(Jx)nv9Jg(x7*-s5d`5LoH*(1F&mp_TH4+H_3_cEU%h|+ zbf?MEfb7wyybiFS6xx85`&KIhk79XkBu`F0-gvOtBTfU))h+|YsW{zkL;9{IC0u6a z=6TT1GGhP2*tWR1NYBDT`0UvQB}*(+c57>E>rabYvLwa1)qWWf!$nw zd9b7Om7L9B3RIzgKKUd23x_BPDJfE|5hZ3&%WXWiJi7-ZZ_Bk24v3yZ2dw) z28TJ{PVmPi08@L)6r~3_7b0;aA0!~8zl?@@pp@MJJ;^NuE$IW?e(K=Y`XYAum9H-*q{}~wbk2v1eEDK6nV$4r#rOvyzTY>$MEgyY zug=B!W>Z-_+2tz_Pb%Vl7e7?)YnraP+!M^M9GEB{2JsF?AVRY?Ak9EWG!k%YXk1*! z%dL;jlW zI~hKxWjbJG@EX3!S4*HbeSoa;h27Z0*B6tPmX_UgAW*~?e}06EjV+8o@X#Ilts}*6 z-n@Biy&w&^v#Fpw%HGOfuae;-6tpkG@#jiTG+|DAPUyNwFz=@jN z(JuM<`?nM%R0|!@iwCnfA6ovh+vxPAaWy(Qe%Rf8|NX^R zF-ON==98dW4~tnrwRsAKywq|U9ZFfF8E5a0SM<=LB8M=6t~I;)NH}z!7KhVPQf@<( zwYSb;-+lodKF zd^tD^Q4`%^K<&I)tG0gvn9>lAh<~%@67-IGVOxmsi7GdJe|l(jetuBh3jhGY)K!Nw zI3SWfFEZ)Br&jzBghP0|7{n0~#d4kYZrgfB*(VfOKLC2?;@U z#lpf$l#XEqFfr#AwN#}J;{F{lOyg-|?yVA)H zl6G6l^Dqfn*))Jm;SZF8VdBGjb?7kw3EU@OVYDBwk}<#rWv)$5yGym;q~MlGFrxtN zv(9~j6gU#Z_keC-KN(c(*HzJ9xNlK{5GQpDu40I8$gnxXxcfBj`MY z3WT5{_t7DPHUPUcLzqsU^6Gv$G)<=$7Y%{p4YT0ZOGrwxqUi76Zz-0ww9I|%cJ5ry zf}0He@+v4HRDJm9mOaz~r{B?ex~1=^-TEVor1EEU?v#Z)`34|2#hDt3a$AM+%Lca~{X zyN(|M;0uJ#gC4NrMi_OnAoI}yG*|~DGHBeU<^IZ8SwT;ZmXMmtyLb6$WKd3vZK1(y zK95Jq$qqhNz%LYXb9i{T(Yi~(u+VJy&;Ib38TgzJ%xR4mLyKet8KTi4^9co~v%R8I-K_{UxKPn<;%|LLUmJeH(DxyZKfkQc`i) z$K$UZAfHSW!xliUc4v6;g#`j!cu*r%^2X=^WK~*D&PYg0qg60tA_2TOdlt7|8<^tm zQjaH;LF6)!9bgiI9vW6fYf7-|(F5ok@}KSY+U~_jGmIX<*7ZR4S8rRqA%cd625Lth zkQhz3GaF8`A!J7H!beo3gc%EN$K4;}v22OmAxhYg=bn0EWU3amS~zJ2kRaka z^rB%#MHlX1`vyRf0W>WfkYCGFn;ate#Sq{vF$$8XL*&8VUSBxvPf&Fs{n)P+4Q}r3 zJ<6TraR~_wEW~kf*xKFI2gLx^fz0?JB@V{gaBj3tf~+v%dSVXe;;lmljfI2ACKS6# zpC9xMhg@NbYyqMoA4kbMA~v=iNw82XfZwIS=N;CSl7z2}E*tzKk)@AwwhyXK*7;xp z^Q-9z%+!E0+B-N{!Re~c-<65YJ;4;!q~I`t{B;@9bLRLysC@5Wngp5hgt`tPS3Ej& zrR?JT#Q)<*WKyYk3K@TF(XZ?8--~Rzd*{yhHq2&bl|x}JK_ zNx8{qi=cwX&>%sSxR4M60Hb6+AK(HosRFnYT7JWoPF#StJ4>=4Y30Kt91@Do&d!_r z`v#z$I|Lha#PLNznH||{F)3ozsk>~@8EdSjUEqB5F8C&ou!#vHG?H&KGJb?PgVE&} zUK>V|0Pke+5LTOI1(@ynV(7$038QvUIB{tNPb1H4t*oX&qgnuDhFEgu^k@gr9Br3l zHJA$EFKEp;;H%%EgcR>UCv^e*KDuLpKje{8cI=uJkBW+lEsoQ>;3DORwm2bEjUK@O zyWefkJs+KkMFRHbP4y{`!^-An32K+!SFXo@?;;d5BjW*#0JK;OnnDwq+h!So<@yE& z+mjdPQ9w`Uj-kD0)`H~yrVfBHhllpi!j6H44^$>Ne5}$ftQ5dypCQFTt5WwXjq0cB zi?a>ru6>0=`y3JR8=&@Y&@0R?{F-AHqYH)@e8a-711c&L3;^rtvc@19UrT%YZ9&0! zAQRmsZ?$gTylLTpCz~Ls@gtX!j_zHW!@lZJz z<&Idn6-GA$;p*U#`p_7IhRgQ($%ZvBfW^^)dIF*LV)Id?^H^0?1ri| zDCgMV4@E0s1qE!7X-m|!uM-oC0t(&Q+|-7#5$J5iLC_2>OUlSJ_V$KB%OAG(hSH`( zsuL>%z61`Yf3!UhBfftl&*Hh>QUiwh1{IUtVl4WX&C1AfJ2olwr~t!k*J9GVgk$7OVdA&=rL{H7(PljXf=2Nu*b`v}*S2I=t+K({*WG^uGx)^F6bP; zTl;E#4(F{in607y>%BkPB@8%WErMJ9kQYWad{0jA8)4ISa`!oHI&UsvJn1 zz&;`KCczw9@n|47XJ-|mcC4tu!WAVJ8%S} zd(|+t%@1W2rh$92H9>fBJwGy3%vSe@i^9zqSXjDkPdm&P=RuNJ^dlw;m7BI)?jx_C ztTxDdUHZU`K(^TYwb|Z$uJS|WtO2zN&2}9!447Z60r1DgRWfS9b+-oK3pkT~MP((7 zv7%XAegzs45OK@@LEU@D_1ype;%_6PjHpyb2yI0XX_3{?PJ7TK4T{n(L`jkgZB&vd zmG(5+leD}`NkiIO`*(kKUDx;fJLmg3=X-AFd(I!{y4|iD8t?b}^?E(W<8fb4d;4Mw zVbvtVLaJ5#Q&)pLXI6XzWd~Ne4yfnMAQZ%6(VMxu&FzhaJdrEbnM&$cAVwqGg648DQiiHT2W#R~ zIWbxKtFB;IfEvhuyW6ZkA_o1o60yDDK6C3M? z@^aqRxDEM}WP^j^0vnG;be@k_N$#7Bl%^gbGnrIPSu+LWE9kSi#^HO>y%E~3 z6sHp7Tn<=xfa`TvNn$G&oGx@%5SIA1y3Y7w&l55!3v}+qbE>j+(m&s2ihq_)W@Tn% zbZn9MQS?0O3+)361IL-C=zepCi?*bPNn92>eY$w5+acPS^+BQJ2Su3o=T|SWs_5nO zii|YypWbIbpv$2U_L9QQ&K~mt1@8uHCnx4PKT}tQND;X!_bt9#V()>fLj@d@u8D|8 zqQhvHUA&{56s~mNnwya0sDLkr;NT3J6xnx`l3B7rJU@Q^Jg%gq^h}D(tc&1DB6z95 z^5ZQYtjv%+P=hN)ie0SmivbHQL%R<{Uh6M<(`uI{-aD$30rcePa$ ztQ0%Dn`@OqRpEAaJ>4+tsiP*?95-+~sK=+Ccp-xSHo18naBw&;Y>+>GfAQC!S9CF+ z;YidOyuRhG_=!h*HR=ZrT9EJ9*lY5|p<*8j(6Z7FKz@YSf!SX_GoN-vb$ztVrH zey!+c`e6U6@wjoY;JW1!N`6uKY`g=nPLfUO!TqhiZSPl%bAOWiX(i|Vx++1f)bB2n zi-@DzF%|Ly@3x6-K88AMcr-iZP!Ch|r|+7onGd&P{kY|l{rJeW+2OIv#l|CFZayHd zcQ?4sywF17y`fAe-dL>hsjK%2X|DJ5tCdO<*| ziWzu@LjW|G998&@Y~QAdO4-?#CcMR;na35k6v(~F6dfztO#Z?x=qdew_0MFL_5N6q zKJL5s#p`|Dg{e2)N->=MJ8T$e7C^L<7_ijS^ zq*=9?r@KG{gATCsK9vcdc#7AC$M+OOz*CT2{{jEz(B`p{^vOi>gf}EjhUT}%bnETF zg3tsWv7_4lb{ou{L?a1BP`>6jhQ(Lm4WbVQY448B5_d=~UfmZ<`;yBOeOi2*=pgMg zML~`Bhtv~T1CTvv0x>g6NE!_d4gKpsXvpF~fgaZv#S6N?wr6+P3;_>Q&?7_P5*)u? zAZKVP2zw5?O?(9{EiDOrM~;MGFT9Kf8LJuVL32hw@d?tT^ik9Ou!JPTSK&C(CsX(8 ztQPhzCLXnOA8xJw`cnBORwt~v#n=s(5Fx*!__&(4o+7ToKl_cEmD!;SHSV}h()r9! zRl6lywH(0;Y0-(*IR=FV)HjcyxJ&|cNa?ByF9*1#_4eEn;#vtkWNivXGzCE2MmDx8 zY$m^`=>iLXiY0&5zuAIR0rJ&e%`T%QN>LWF(IvN?KlyH=Mrb z*RPUL>%3BItG}SCLg5{YPmgi2&YkD%tD5I0=};eBtbff4Vwd7PT6qYi>SJ^Rs`;)i z5iS#2uuE9Rr{hFVl2v{6`Dxwl#Z2<7ku)p`^)ShB;YX?8N+WaFkyMR-5& zLPJROtJJZd`YEG6H?M!~ot-TT@~*hD(ic=BM0vCY=$M8lC%XZNqK{LJI<*!$U4z#R zN|>h|ejl1jGp}lx%}h^!0SE%g-3b(uP1*L=2`*)UNrMle^5}QMC#o^zh-vIcG3H7=NfL@$RUw?5J~#_h}c1IKFWDOt3OU z=T1ye=UKueTtZL<{^;-5Yr6s&{c?;Vz(BTBBPRIFkF5{eUcS6z@814Le(TLYKc_)4 z2y;+HT0bD%P7GJ@|9A&a#Ns##dC|nMnUSEA3u~kvhWd3 z%&*ys0gjrdfiI|N%}3C--e@0xbg2EAH5U%OVq;U5`f7R-9}G1@=9?WCQnfJ#i;V@D zrW&{6R=$4yTJ#m+G&=nH#)4C#wfSO%HU<+=jh2araVq1(?PML#iW?A=HCE>5Y}@RB zTkfAvn=7hA-u&*Fon!_7_dj2&b)7IZGYfcVv&~kPR{heciwCervX4Ce(cXTqw46>r zpjx-OnV)+P8+(*u1c!vg5)BPz5KC8bKNj+my~eQGLg9y$t{7`D>z}i)rNfV;%H~vV zr1M9$KYMv--`V)))8(7|9;peDAGQg2@5%0|x{uJ@Ob(YS0|yDA#+bV*BB z*T5;mFF_mQvKx;_i|nBZD2>mEC(E)wyI^n*_9NNo0sIa+M>Kz%>{H1VsGQ&sAnri9 z#c!cD+B?8QHn|SrAT{CIOY0Xm&=N-Wzy6dJKLK{oFi8{e)Vt6$BbF6-f)y1N8{;JL z*a5U{j3bYw!-{vDehRSc7Ra)(uBd*Kr;^Se^)#7In!PRP^#D+)y;NF)7z1>k#IoU& zx|V!aEStwWATrf@cVPpTTO+LOF-=$bZM!O-0fa%9Y$zP+6H^7q6&|5a7}DN;ew@Hg zu;Pru#mFc(N3P3_Q6Z+O5no$EENoc&cL@qU1a7O-gr25v!fk%4JI)|q0(e0;bf$%n z@4C~_Z31Gto-Al67(bv6B%H@;T3S+DBT{z1%k))JL<5Rrm2}PN*K~*K8FqyCctx@> zVuE+YJl0=|MHiBX>rmN#1jG#Z`aB>UqK>8j0E&41nh#}vW0KKI=$hdlTY+1otEUI@ zt)R5W?eRDiqXbsj&B;jsnupmL zWUe}u|KCSM4FNVn6vE08Q2OMMbp%ktE8t$1?E`OZ+@KFbPX8Z}3M?1~LTf(mBY>FE zP}}>oWNhBc_Tdrw_lAKvKD}%oTIz>`rDL(X9EDgZemP8YiVt5t)8gw3rqo^6WCav z#Qgbh3EKf*P~ds^qF#-wPtxSuD()Bv7V!&!YpQcGZkBCF$p-8(!6?3Q0nipl^z~Vw zFFXM*gEUue3-e*(PLF^P1vZXyk-H}w8W3RAbE^a;S1lkA9*u;1kO}q2qYVRG844Wi z9##ZOO`eOB&J;R2>|}<(_=p1G^y$+?Bs`G6Fz-xtgqo}g)@GpYMUW+f5r9@LN&Ag6 zmKajG0?qn1{;{FqF?#>TP1O|4?4Lb7GAQjz%gT~{qn84v{fwFf<|4wO!iE+r6TksS z7rEgST*9sV{QQ1i4vrVM5)v@oq5NXKI~*xi>!Z7rlS_BVOc{^kgsi@d zNeZ?nR#w*NXkCE;^TjR43q7HrkZjlfn}uxb@*DycU4j3!eI@9@jLV$Di^F*)=(XM# zhr&Gi&-b_v?p?cm``}+&VWh!Hl?0s(XOX0gc#P@|{!+5i8TSew-i?g3_Wo+XZvFZq z3#0T{X{{#TW`9!Aaa&?r3y7^ky4JEi^{2dZC*Jn#T5sENVfp_3Nqg#U;VF2{R^f6* zY{ppRw_ntK-p@F5X}#NEN1Tvu&h^#I%x38Iu&T?w-b>yu|2cLmT*&MCH3RXw-rrK? z_^CnPF0JqVnsCx`A>@gwidC3yR%&$UVmT?teMwL`waf*ZbUSo^JeH5jwp;>2$AvG~ z8}s;fk-HUrE2uGSu}RFd=RR?lj0^w&Q-4Oki23`aJ|7kp;r;8?KciIt9!~E7cM~*y z1E*?Fnx<+4N4C#i6py)a#cX1SrVY*}R#Rdq<$9k&8=Y~G6pH9%HrWa+ zbYlwVO#hA-8~>_$wdaec>)bT)R5Ck>LIe;6a>LTGgP zZ*>iYG~TeE$OTK@91c3Q3(~~bdd?ERSN@{~$bJNs!3|JlOAjsmLW~K`t1Kg(M^-PO z?W1_zyJw8uhnVTmV5LAQ1!!Fwi!oUw0mB1kbO%rjn3G5+r%;w_rJ6IL9Qy%$0ss&BPT=CE zXo#S5wLvAOJ162e#syrgY|{B(w9Hnw-s5*X;N5!*UIL5qpI=da6k;dw6B}7&;4;pH zTjM<46RQhYGh_ehG5^zSuwJhP{ThT79tJc2-mDHUU*A1o!a$fWJ9NrH^y;qyxIu{+ zfI^r)4vyOpSKpA_N)`vI63@;rSf~rAX*8?XtTBdRg!JLS7M7tl#v*d%>eWxEPoclY z=6W1!>w3xAeP9Ey6FmTiQDhf72>=*G3M@vX!3A=+8mi*u%a=a@MjS71Z$G(o1{j{+ zhYugFqdmv=nN~nI1QGxswIaZPo`%HjFlwNHQU=(MM)4EWP{%MjfT<@}UV5z(Lrat} z=(-8hpcbd%iL$wM{AgU;;MH8)A-nF{;GfD#3_@ zAN3?W<1G_m4z4r~UDy9_=C<5i0RbjgvV9gGJ|T z3uzC$8C$^f>vkL=izjWAnpAYDar^d#KPyq(?Bd~}&A8$;37*#w-3Dg-Blx>fecw3G zLd-t}z9%_>2RXJ;|U@p;#akI@ssftAyC5t~~e&mr~J%(mN$0b7LP%ucQq zC;(uKw%*=LqJ%RAZoBj{gyRYkVlqGsXj@vbv8?&{6h%2vdk}#SEWOnBEo5M|tMkxZ zqQIub1W3yPswi(?UvhTRhy?K!<{dI=mbPNz<%`; z2KVJ{NyThLC`$Y?q#=OTsTRcwy4ESw}r>?>w(dE{=S6KLLff^{Sn6#Y(r3! z_yFWmj#Jq~J_h7Jr+qgcv}xg=0LuemB$+~hU#N!9%pzSLp#`)>nTv^Hdgz807#mW_ zf<^^$)S23#9|cqaCEUa#7t5BcgG5C_Tn`Ya#hmtIBMU1`*$GPBps(0%ME?zvs5=!9 z5HLJ4QpQwJVJd`LCNnKIHr5DRSMZt4iF^kgN5>;TIRP#wG){-Wp-^a8T9;O5z6Y`u zs~N0zWaY+OME|FZkCd&`1&snJ;rjc-&2(gBWS*RPp&MUl-PzUq7Jypb?1&sb_Sxva z#@Wxm5sgC|9a3hcz7O8iUPrE1toX)6wROHIR<$Q)`2-KUa;0?g@b>MIx>Tr-1FYRE z2A_N=>1oCO)P%il5ag|89VwbrH0@1xkLZK(J%bO9v11=IhcN|gEO;;~kc{ntuX@|O zb2ON`Eyt+-qx-Isk?>I6JW-s~7XD7f2Ijj3QGY*4N!raBiqHSvyiPP0rB+9EbzvcE zz++~U^5BUOi)#6Ar)P^G?e3#GPBO76)CqcsV6hOVU z_RmKYto)5fU7GOukKC;iI_CCFXAys4#dkSWJ-qb>ZacWW)n2wOy{-ye>;Amsnq@C_ zZyXzmh-7fsKflr2TLy*j_kL31dIjEnx^kIJ#?|0Ia;x{$7m06UM`@0TghNm`d1SXN zVj3z;jEp5oM*b|fmD$HzYj+BAbn#vL{in6xio8NI6aLP?z@Wo^jeKuPo0g4j;O|<+ z-ZS=&XlX-2kaWxBRj)I+2OXUb>De%wvfF4pIivril6#NJB;NE*{TlHig0syh;~~lR zWj4l4ctyrPR@FS{ww}}V{vJ`k)e$CJxBe;4|Mn%ib8hy}ob?Gdk<*boE#=~!$R4M% zJZ2-xqU7tDy=%zOt+WULt=Vbo=*Hi9SBXyjb+E z0{zM+ay?|!Y@=4@pzqSjY>}f&w~AkVabhM2trTuL;+0n3dFUpt0;QQLf6cx!DSs$mc7HnUykkh zmgu%H(+Z+A83T8tWw$!khdU6tqJQP9ceEe;E{`$=fHypskFkzl!4_(0NdUWf$FT4) zIk)qbc-7gI8NL-)XK&4&=XB3m*71%>;AgwK&9WH4{ALjLkv<3#_CQThPm(c%B8f=0 zOj9y7f1d#$UGwx9?7xAa5}^o+LwQjxHhL!MD`_v>^b{2C$1Du=#R%DNxWcu<-EA_W z*ym%UVdHgorf^%_yOtQGVk7k+6eV{2tgdLBKfFBns3)kkj47D}DxmiuSY; zktxgF3k}cD{u#y;y|YK|5mBO{({_OEV+q1Y!~qwgg?kGX8-a_2OxFPWLJbFG;k>=m z?7sqeY^r(3{Y&Pfj@0DL`8LpN*9rzpI)v)E&vy7cT>pTQVp>VEB?!Gt#DnkX51i-4v3M_b!btP7w&iR>MFXDkzrkn;);R z_~~zx_$}}DRl0*;RE6$&ZLel=N?*|C>mO)N6|L@vg-Dq46JsAZ+&RQW+yU?7Ggv=FPohCFIz6AwGvyY&6^~FO1 zO2mT2{&uOcAUGQ{{FA8KC`6jll*$Y(n5Zk3-&45Nc* zK^JEJ%X%;t3UPr$M+)sGjNJQz&k(5t=w)i%MZvkjBI4W(%dkO%ESsBUO?H3j=&yQr_GYl~0PpkrVZ|js zQ}3XN`g%z-=wkc|qY*oSq&%YN0kTZ=H`)FFKk-ePP9Zq3^dK@nngI=CUF|Vp*>LNAs%Lthz0mZ{5N)V=g{o20@{V^k((4$ z6zC$b5iG5FcTtrp&2v;qi5|w#F3iIM-wj^@MbU5HUJa@7k|zf)ZUo$!yp3VoHhJiJ zt$L@4dxUZr&WEC*$wY_r8D(}m&;B2!X>ac4>iZPls54Iu_0y#PxQ{eJu!^J7XUYmk z)zt>kfr`q;fq?yhLf z(Qo_l!+$XBQ_f)&-;G} zJX6X^&jn8V@kj&rDKYryAGJa4mD&c${JZJjr-bMBL@;RmEA;~JQc~tcK$o{4(gaPF zslC&T>xEw$JYTYLo_*)Wrw4|jo?0R8j(0Ztbt^x~YBN-p9wYR7TFrX=BwWh~rMSIXF|_MV`ECn)C#jjXoRCfOtA#_Hbq?*T z=c4rjU=sRb5yV-5IQs#XEX@*Ni{~p+%?`K}N^ErC;K?hX1V`D;&5Y!>xS&S{_wj)= z{-BB}`$8*Wc)kU()wLFTLO)NzRDek^APv000q#imEl~wzJxR=+*nIYtT4uR8lpFq% zA(9;*Lc%sALY+tz4k#t`929*!0EGbMyMi~-nSxS+B$Rq=iMj#O+6>kqNYnz*!6p&^ zp!%g}Wu(0=MVEgOsrP93jIsEoC5Qb?w{BI)cby}tB&sjYz-!`x*F=ii>Z8}MA4Ui% zNx~;CE6|XQzoAn%MJtZ%yKs;|B&9IHAm3G|A^vGz7s>y$=$?j|k*Y`iK*$_?>r-K2 zlVv1yme^(qieZS&(ixol)n7FppaDn05;pbg)Ql784bmv`WoTuP@?+@hjNw1)5p=<; zIdk4DZ|XN^c4Bz1TVCfC+_zX1YR+SyPm}r<_yPFh3%u2k?m|cdyrn4(2%|4*0}5Q- zMG*FR-@Dg=KtLlHr(hiQ2gR}Jl^ARdfTNTkHH0Xz2pEhtFo93cPx|!TCy4@(g8cC2 zjA(=DBFcGcBnKVkzy70_!QfF{n=a%!q8T_ zW{i~XU9^osnjs)+*GGa!NofuVo)FQf$fxK;{+y25~tXs27PJ&Io?f(r76*KqOy z3g&l~)JKG>x$k%XKL6Lume+4xT##LM`SNATQ;6Q2QP{(-Usk{H0h3#lfV#f`o1vw( z0PKls5>4$v3Ix`2;NC2{MhiC1h}}okgS0A$XW}Lnx|2s_AOP1 z>4~JG4G%Ab7HcU{ARb@@p!-&bVhfZW+~OGw4-p9dAxa8t*{`5*a^Wy7wIPfWtQrv# zQU<{4CD65JRCC}dMZJ20RCb4RcaJ;P|78gK*SjRCv7dD@XcQ1;&)R>s%KVwC_B zh~y{t(`*jW(k|HJ{l5&~+1j<5jxGw?X9%zFq3j^9jKD-`UEQsCdn^l{cqxMIyjJH0 zwU`-Ujo{)ksAj7$pEI4O1Pz>rY4DTLn0x7bZn$v-KSz4N9xS+|FT?F3R%Rf%qkSpR zlmql6xOre8BZf;k`YaOsWu6LEh32~p{(B4HdayIl>qhO%cNX~pO9!i%E7(FosHi_gwhtm)QM~M_T5+?NbamV z9@cQZjy2P(9B8l6u0;a#6N0RQf+tvvMK@${>Hq|Dcm?!x73imXpk*Q&4X^LXC2^ z>YPjun46uw-tNu$XCQmfqJh7dNYt@$vmCMtd$S#-Zd$n0u?E7`qOkrsFtF|@G>fCT zIL(jUW>Vy@+E!pTCqqYTzv#W~lc$8PO3km|TJ2yY|MSr`I%lJ`1sD=C^70_EIW?Y^ zmXx4h`}y;yQTiMjAp*{#a1VI&=r*_tYPWi)2(TMuCkY57O6A7wfrme($>PulqJKs+ z&TWtIzB8d}lxIzDrxTZQB-yEa<#W&z|1!Ji!qx+l1Q!Mv1-a(V#0$Wh&n-zIl_2WNPR7>tt5O&b!fj`v>tEWh z0X>oQl!XWJDWr4k@RR>r3AX#--hcjD)KseV_g9NbOO^lrtHOUL8T&^<)_4EA=ICsF z@!fdhJ!emmE2gI2ok# z9JhVkXA=YkVw;=Wo*dqgjECnqrtW%TDh8=fo{-g3R~I(mZ!Z6l`#Czsq$5+&X9DSD z1@*girA;sXQkWOnznr;2Wu{uaBjH=hxCW_D9wusz@Z~3F9g5ap znO8G`HUcN-vt&CH{Xu;UwX7DCx60@mU0GAvQnzWx`u;iJ*A*7Yf+;T~ zSa4#>Klw@d(2&HLjBXx#yDQIa{a%o_zC3ibDm<&Alz}-o%lYk%=;qP1H&gyK3)B)L z%VjS$Gc6)!X6Fhwu{5nPn&vm2>@sMYsuQSa8RMC(Q+mM2y*6g#@vq;Vj4Fvb4mlrh z(hS(!x-ZXo7^t$jg@OB8{n!~{mn#n(LJju3y;AACh>wPeY^c6wyBS%HF?DDCvkhC! zeu#+*4GU;gP?#lk#;*t5>-fS};Y_1U{bhWb}; z{2Abpv&=Z)(WGkEiv^EnSvxyB@3Hh9SjOScdHR(at2RR++<3~#;bGIyP^KLFnJ18mmvi9mJBsg4hG>up?A}P1BCfVgC zdtE5jBpBeZQIVtpqONh9>oqVo?hrq%b)qk5`qQgge`XnloOK01h64UH#8>pZ^s#5$ z;U<80K^QQ|<3=Qd65bMY+fSJA5%Lj+(rD?S`Rjh058j2h?niHLIU>QZF%MXUYE<&+B$d(sf~r0spF%ZMBo>4+77bwpK9| zZrrg1JMkIN=dc0)fEw@xh$t*vOX;_5t3>$@`1BcydvHP2`!k3UZA~ZI< z9r}jWA6j>t+2mx846a?c(PwefMfASVt4ZCh;bruBbBBlWDN_rL*`paRUoH6k6ktg^ zue`5$$mj0EcK(c=G~T=~GI;qj14C|Sc5c+pbe_4bZN;5=ff2ELM+2Hm(crP>PD{A<~#e zmfDPe`NtAO&QmEHzA}E zZ%-VR^cy#R0QydR3V0USBT3vf#`H*!Ex={fGk{q)^PD5>9`SM=bWBJc*2$c0=@1$45_KKxeI>6i zLc#|-M)w*WWDW?&F;~q?cXvcQV#K&YPes@RMC6lCdH&-HRQyc{J4W#3PS}axzHJt8 zLJ^9XQE;>uzUPPlN;?xOycS9UQnP}H+rNK5zTivr3#j){SH-fvMIuxuBrMBpW_aD) z+>q>Fjk*i6`C=+H6!MLSfq{s}wPrOqwv*=+_@d4`(t3K^`b58(-!P8Ip#(pCBHKI{ z&7Q`eiB_7#75V#bfX0U$qyUBug7Qk-<5dNCN~G6^xPdT|b*~CB!4c(ATvm1$z2A~^ zCMKSc^-WJtBjCgzEderikUILSrw6H6nNE}ZK!nc$QF#&?3N_jd6v}X>*7QYzfqL@f zNezs-u77^4d>9ariBa%az~BXBrzR4n!_^0^(sc56tae)|&7gYR?hhM(ovYtA(c5`> z5&#a4KT{%W1dNL`#OM&K7-6(c(XM~6rF{$KSn}$C(pyYi22dXra!gEMoKr72%S#!4}Qkq zJu)v*0pMvPJ$(TNCBjN6Ku*5$X~e08lmSIDcL z!+p3keT(QCe*MyHpX*wCpyP90U14M66TFGOQ~yCUBM99Gh4273#=IWdiQ2%6=H_Ma zBy{MS3`>2fRaH~)Qv1ck#~~msY_7j@C8tg$W14oj-mmG-7;GCzAz33JAOI%sco5Io zm#VSrFr$pk%zk!tK~|P?3|}PRUDC{#&!2aSi^Jr$wNe7J7N@ANV`oD1<_YKOrYy^a z`8ndJ0oVkwi^ivCcbT8~Cl3j%{b`!L->mb2vuY#H*%h)3{rSdN1Mi@FOg{I1DOQ#e zpybd8u0uTZIryJ7wX|@@-ea10X}{rsSRL8b6pX&(fKedwT4JL(NB>-qTYe3#SobgU z;<9iC%`}%BQ(B$z!?`urQV+uHOk_EEE}2mwfZN%D2w}0r)!g>pfO2+^5e^k1c~nOu3`YlfGIf zChSe9z1+i>UYhp;r?zAVXYLq%A|(g9Ub1#FR{&1lfb9t_wdIyM%w zRSGV`yDfg03D6Noqn9Ro3R2%;!FnUY*#$)F11Q=(Yj@j;ZwYv`AvBvU>eXPP#|_Xxx!~mphyy5;@uvYIfY$*9KeVC}nYpRjZ+iaRdda61Y%USWRPeq{lD1jnup$$kQP!Ac zVV}T?s91xsZcDAe)U_|`%n?}=2W-~gWAq}7>Lm2~{CVY9f}Srg9NJ|a@Ji*Zz89k# z(i*oyV77;o^A0qSQZIOLKFO+KKYwQS&MwvJW5ASHk6h&fX&Ol3#<#rOcCYrYMv(K_ zXBw__IDf7$ImLA&_vH`w82 zq@w@&ohr1~d;b1LKTcdIb7A*|>Su>5OaROR}=|%=Dy~;rx_m`ad_Xah$p4 zxW-(Se})mSDJzSYVe0D&nt2_mHgPd==O$9qk>wv-^Y9W#PW8#fu3t z1q)!KfOnA}KOBBU_z_DeOOTHH@|wE3_l=*t@P(Ibv5%>)xI`~A2Pj@~k;<%$ckf;@ zXUeq3dp+NW((0dEF!67mp(SLWaTpy2Ph-371DVn3bLY4Youyw` zM`p;f>}vnOr#x3PE1k*3&;YPCJtKhc0kgT=wqq6cT>!+uyJ^H{bdT>m5i@pzS)rxFs^j>q zU!_A=R$@a$Y39#{o|@8xGbS83rpeUww$wAOTGv}IS7F)cYjUM+%~iedTPd+*JYvlQ ziob^8^{}wp9?$O8`#h#5Sbt;@8@P5#zF)h~u{B}Vv!!)g06q67TP5!96Gf*ugZ|84 z&&oQoyGWe>tO#Tr1OrED12{+lEBO@iS(V~wBWbyP0W&>Uk1w}$Yj5pQ{$M2dCAsGF zT=wb+iH#A~;jzn%E01)&ZWW@T+p921ve}xNSV0rPC{nO6KPibiG)jvNLlsqb+4Tcb zf%z*x%lry_+FEn=*Q2azO&k#M!sW22sE|#EG!RvTS1v)Z#F9``qeOxD4iee;A;B1H zhL~X$JVV4N@b)s)2pet7FU1DN~-hOLrgw;2GM1052`JE6+!}ugd zl-4cTj{&&tcNppDo@b3zExERgNq$=R*_*HL-aYO%TOalO`6^mkL)cGHfv918YJ@vBg>DLATORWtpH0>{BfFF*ON#`nA?>mE3u z%0$UY935!>kOnw~Mua@X3>^IdMyUv$4mMEY?*%rB+&bd%z!GAE?AE;L-@Ld=&+zbV zBq@~0KmWb+!G0TzlOcfHV@rHY&M3KXVO0Up+?VQaHlz09OU@5 z%kYPad=iXL683`Dh1kX*wZ#TQ({ca0_P=g<-pY!a4%=LqaoojG(I4lqwaqEId8zSv z5U^yhV}_!2WRq|%K_}A)It=|kaK!UwW_NH)*RzS8gP?lN<^x`TtGb~NM~=Z7j2t7# zsj!dVL2p0;5ux(IfhCK55;?g6VkZn=A4>sLH1KZS19bpXN~x}|Mf2QsFlti1kwCz&6gxfXmn~MJPq~_BJM|wCEVHk z$q^1Scs~yCK#h&CoKlN{qLjjB@DYDsa@W!fT_NI)p%gAhe?mmWNLZkm7Tzf=p2Ve4}%^D z;jM@foTSx8vxnJ)yYjK9=r%}8l8F1e{!KYjmw10(E|fEEwn%qAwsC&l1CAHB`-a4I ztxP)QgTzHl)M4MINX(6?f_5Y#6_R)=NTt>y;u&cz zA8`7ed$WKo03<|d(U*uHyCyj+Uw%tQfZ3? z1gd}1Dia1BfZg>!Lpy0bpVw?Ch>dLcZ(1z*(_2_rh-m0wZ%}mZuV25&DJwv1NDl!< z_(N5Kh5aS^=Uj+0DS`+cO#8E_sGC7SL8e;g2Q^w2@>vE-^9XA;l~x`VuXB|d$0mg) zuI-dJGBYu`=(6U>ktu5rW2U~4M$?l`g$9!Lgk5^xx?!f(gN z$A^&8)cR}83lgWwK2$qxK1B5u;l0xl`awNTP$`5l&s7GcEOD6JzuyHw%M4Eq1oNKO zBM?AC6uAT=0O<=pF)@39i4|j%p_4OD&;)SE1AGWWlH>#uV$;q}7-mIIU|Im6o+@#X zjU6Bg`e1N*bWhJZ_28^X^zS6G5p7rCbYr39W8t}@7pL#V;v^RjY*tCu1_OnbCvy#Y zae)|wsBR&KLhy^V5+X>z+P*&PfVLkd3USg?!lFvVCr!yQrfP5Bm3>v-gcG>=tbnR8S30m&i#d*Y!G=&tq}n7A0N4Wz9;J{Pkn9N*p`?)o0F;z;CGNMt zy!e^;&7X7h#3w97k2Npk502ua1bOjJdS%%7-5cZkAkbWBbVDw#JOn;N5^j%JzlYGW zuiLUE)VUYE1X-;>4PqLQ2m>reONQV%*ax3erF1Ezi?Rr7I#7Llfa@+&b4^V%B{|4> zjmcPLQ8m3_9j{L9)#|iU9{y=!SO#y+*#x5p z49pY*Q;K!%BW}+Hpo2++4ItWnc6Jux<&X%v)mz@QmGqyTsxk5f|tVho;I zv%TMEvkaeQ{+MxV*YDr2>XN+N1dv``vUN-7b89+X*Pe3`3WhffU`cwqArI2o)-@oX-X5Q*Ifo}(3 zn~+_fX8$^=9L8k9I%f%9_nYtChF*F_ioZ5If97%Cn6bOnN8J z`)bkZx3;w#tnNs14byN{KMW5)o?CQ~Wo)8%jOFVK-3ijaiuvej?jk+v&UYNl^@}~K zmkK`U-(T9PviPM7^8d7_|FNaL^iMNa{~w#V|GgJdSE>E-&ujJn>g|#HyEpvyxmH#B zpTGZ$mri82%d)iOIu?3=11p>AuaRkAbHTR$`)i!4Q`zq_FSeIVubYo|q@_L!o1Z%( zm**6^!Y-9gkF&i@yxw_wmx#!|=9E7>h%J7b;)h>TZMq#ufkUgX5<@w*~10fE;S z5$g7=+`1*J5C5Y8aq#7;Y8tb=h}=#1zsO|UWp4SY=H(m$E)wjd!nH^x9jc92*s-ytFrjHA;czNJRa zX)kHcb$Sd*2K)AWv@Sr(9$ObK!Wegzc6Oh5bQWoJSbmKVBs8^jH_19mNN`j1z+Fi} zZ-8@Ph{XprydiEKjsqb8Ad2rEsE;7{M<-RAVx~w=P?35@A#5JnHj>GJ!j|+U=pL4x zL&i2L{9EVDzD?dKaP>47JQ3oZEmrMacWJPKd-n!w;{?oA2LW2lFND)4-a(o?; z-~o~+p9*$)B0NMjP*`94?b~KNC6eF=g#@uaLb*3pKLt?@+|{(uY9R)P_c;de)7DjAFOPwA;MLHs{6_*kTh3JEN)9XXjA+ z4*Ly-L=X}dw)F^-&zH2JzCgXGgoc_z&Ypui2D-APN8{9B+1*XD zm|;{~Qh;reV4O%?s4UzMr1d=fJ0Uh;M=OznjuiaOL=+0Jw;O{61>Ms|qY;D@g13b@ zQ-Dt|D-b{S1%nszByXu_=TM9hDG&(TWyB;5^D;RM2p9VTL-bc~Z!Og5?o0h5vFVoK zxh!D;mPkaJxC6*(C!ISghrc2(kp7TAH?ie`sCGz5h%8Ee91uo?eFV&RvLLJ3pUJoy zdIz52aurJ)JS((g(!2}5ecsZt5_g!k<34{?$Uz@uv|uDt3LrhB>-⁢5m>DSvmSE z3J#upk26;fFb^EHa=&)@@;MA%3h)B+M={aSLl^<$XeJ)8Vdvg2X6!ggJ;HS&7Sb?V6|K74QSe_CVBT%l7T-j{+ze zd6Sr!xV}RnMF8gzfyBeiy9HbV%LBr2wR(?`EvLP6Tq=U$BG52=r`36MEwY=7!A&wm ztMLSx=H`6PN1v5dL#GyTa4j{*!4`|}fv88-HlR%rW=lpA8VD51h)A2N=tq}JSUHU1 zqgMO2!6g7XR5#x>9FFkkYCOT>PQoBF_bThj#^VN}jzF?ir*pb&nW!~GL22n~Ob{H^ z4ZHUakbfpX(*gRcU1%YDp}i!L9jLdUm+(fTYkq1sZp>XU33y|& zRLo3RQs!qz6)`Mi)o?f~;bK6J;ruuc*%-n=gnZ75Jqt(SQCkTkfEa+ftNA#AgJ4b~ zIauAQIpY|Llv^pr+Z0v?9Bualvk+5VS*R>7F;Nk?1T3$}B{7kmJ8_3JmZdrM4?F z9or_Mb0BLfy1-L$YJ!Ldz=cw9h?SV@>=V$97zjyk-<|`Lg|hJR%Qa-Vo)!HCJyus^ z<5%AFZB{y4%7S+_VDtX9<$m{^q3_2_Y1OlZn@e)%DuJJZ&^wi9I~Ni7@SzkoI~>z; zxBeRBX7D<%!$}xx)~t!h%#)2Fr;6MD@DpZ}bUg!#8-ilq1J0(##>DH7xH6SC&CwfH z`fX0rS7a~?am$cydjgveeBdM}n4~rTZb(dwE5>!aefRF`Gz-~=hextl9YWQDUd2Ir-*a2*Y*o;xvT=6@qh>;U)JLzzf(o_5EG`5L1Z_2hmp<`t)c zgxPj|qKi@aKK1W>1h-u-=d#@ek+HjYqa1^9oE#yO@vtN8&wirg+a>NJPF4JoZBHw| z?Ke~QK*zC5Od?jb_NPKR8U(HGExoAI~#W0p=ctg{g;Zdo-#< z{FA^5{Qi9b<36w`Nb>o}o6)Q87K7isOmvDK=iF=5gs8j;*+qHXh}HRk0b8y#bAt%Y zWn{QN8=V7~de^cY3v7sdTy2>B%N})n_$(_VZ_|bpo!y z`JS(*Mu&#lFzqQQ4py#T@2AqQp##L91T6>mZWFsspQ^3bF@hozKYY*6Pcg4s5(h*8 z*js|wU*Lxc7EJXjP~c#3i~lNkvPrDPfa$b`#+^?Y#orzeFU-}|!a%F{d_qZEF?|N* zkeXvCSAwE*a_*zA0g)OIjGJH|>C`t`yYP4GA1H1nv@PO2Q9;u@0=|_5?uOKdP)Q@vBX5he~!&6e_Uu$b2bO8gg7}N>eG(u}Tcx(ViB)uO% zJMz0OJSr?K+z&?xmMmhzL(LmY61X5(M=;OQ%w1w|37^A&aYm9xjN{(Ia`|UUPh(^6 zfF1|=9?}!T`9?2WT}Wy*F};w3)frn%q0}HrEAa6}DVPrMavuX`7G6%^Lu@jvSU>=_ zEhC305$g~IMGE;AWc5b}xK8WOAa|nZwfYDK!5GFybBs>VeiC*ezk_&qQY!n9~mnh!n+0<~_r#tq`@eb0o4GF&-NwlwTHr*ZdCUY&fV#K>g}j)rLFP|T!2nk4^`FG1n~ zRdcX8^CK8M#B7^lN`_eL;yD#oRow^7N9+O6XOkwV2eJ^jg(x+55|13|-G$Y%d9 zS(>lr2cZC*MXCyA7EB({^h@9R(BxIXJy7;9RBZz8rn|?`k{V&22z-6*^`|?-wtF3# zlVW7GL6wAetf{T#oybjxkc228aYx~}+51lNM)NT*RPp3gZzLU;kwn`6fqu}$is9c$ zB6=sM8N-p(ac}{sE)rr_Qc_|lY5i&RY|qXw1xkJ~Iz<;3rF9N-U-a(J+a!IR zX{fCwR4q|?fm}V*O7aVUw06?UQ9u3Om^FY|0kvCab&smLLIO*NH zXlQd-SXjuxvbfJc8Avz}pl}sf&xkP$xk=~{$UU#RfYyY-jDReT z#XcK? z&+j5NZ7=pLbcZ%*AF!ICGtyJ44e} zt0+lWRMgDqPSK9+fXS#_a|#F)Tv_BtQ?KtbqAj?_BPOs#>0eO2#4t zEePeFRms|uk?{+0iCB$pA|{!@f0d(H&l;PUTnk@IJu7K=0qkSHurLRzYV2jpGHVB* z;UN1R5G)eDTFESf7L8!b{Z-)A&?4Z(GI{jJ;2*TN#r~PZLpTwqW&?D~`R00nJSLEY z;iS$DfNAjXiBpw~aJUe4k_N>g(ZT@wfM$n8XyY)E7r6B_W%?PH&wDKK>*#2v8;h8I zXnNrSVkBs>v>ffBo;ZKEmmyMr{kw&n4MDLgr`UryXije(xzQ0lm8+H1uUE-v_lhT~ zW<0gCqk}kHNA-H@kb(iJR8MoJ5M1auy{9JY+9kqZ{VRe84WA{X^tJaa#2l1yFggo5 zHd1}{^u&o+?^c9f3w!foHLzj=`=@fQ<26Rwlm6q}XFytrz~qMr?gm}&E`)sm;vlD1 z0DFOU{x-N##;LVxIe+d2exsp}k?C3Hqy47-%>M02mbw&ol=Lx%$EkfmJue@-I&)V75C#(rAq*zsIKbIKch@{`FErDx^XlsVon%H` z-9Dc$&d7llV~Eav_(_|}?_{8Oucz$sS;-MEbZ7S4Ba{xxd~(vVc|$_D_434*!pky$ z*kUCkL^Euu_^fyPcSoQ!^aRog8gQ$8F*#2N)$%PI(*sRO-D@gzCd3>LsF=1z1K7kA z;=`T*0D2(WjzBhFfX6RhV?`Ok=Cv%-Kw`8id^vf5SQKO6tj3!3OeKymy<`_7Y95>! zfG|d8uyK`K_y2TrCFDD*XwAf2@RlKM@|g07zecjVgm(>xf&OI zgU1JWqe{B}2fWu`D$LD5n6d@h0x*t9hxhLPYwt>+v0lIRhttt?(r7qBlN6eiF-=Hi zOo~(pMP(`~Q-(%Lkt9Qglp&NMGK7fq6-g19$ylZgp-+bUZ2iZz?)|TO*ZQx!)?MqK zwaz*%9els{_rCkx`+1)I>~0X2TF3?Fs=x8%(L6e&3v?Z$gt$jG)6|^Y+F*KY$x7Py1U${?!kP(w(!hE>-IG zJ$0tXOz)Ma9mbR;`FhXpxRTv|U{1lLWYuH3PS0YSn(Eye6D}db4cY1(nbnu$=Rvt_ zzIn_icp-0(p8d`5=zkFr*)f1F?GD1BvHE^?eqo-7vDm};uHyq?>_ylJgnyy{P*hYj za30(T;Rq=4);&XDr(x8jmC>z9n9aoI*3BUTDPMVg+Xh!lY-Qh&75j1imH#IghV4=vc=3JgEmz`^-%=mYo*1&A2GO+Ms#XRvfumN`wToLk79ue$`w1bYDW3WTXmW(W$s{}q@vAF}1SgOF#08YML&_f-85eTUZBlldz{CQHOVC)$LNNa(1A}sD5 zx1J<4vv!Mq@94VtqFpxe=b`60_=D=x1k^sZxDSAGyhi#f1Hc4~1QjaKV9<4j?Fejw z%4ldGli&zRo&U(I*r*K-1VR%ki#!xhculDO9Z*1EI^H7aP2KR4@qq7uGP7;a?m#Yu zR>%v~eg&lX3B17xqXx1>BqRfQ0~lK$xL%-UWZMt3TRbsz{l6h!vub#*Zed{&&V={j z4(RE4;qHmWZ$>U8EGfA!S^mG`{M@iYCZKZM*f@A)P98oFHDeX!q0rC}c<=-F6OGWI z2_}eYXjNl#13O3T5$^`GYM|-DjeP?(2WDi>q7)vGRxsShA(?W?nKiz2JX^?Q`lxqa|0O#&>fi517Oh93_6of;u2)Q@Dm`h7Sx?D-@Zk2 z`PoMFVSu7z{J_YMd}Q?)vlA8-jE@|Goz9W5^ctq^(%}c2#{pLuHQ2#U-_(YX)CcC8 zTt#Osl*vT{9D6RBe5ij7O;&CHDMd(w-LdtM+k(I0d_63)bm@bwfoL|lj|F59GKHop zAWBcbxZs^CB`44rEU*U*7`D09E`kMzJ}@uU?-Tnb1KYU;e=gA!cF~LKhU=+hdp{oi z1{Uf**cg~LAmNNe*-=?p*$dYNb_`NP#=!>y^99BcAVGoDlZjJC6Z()`fGfC&--e^7 z0eUn5&A2F8$($EK>9Dc!1$-<1^b!V&ekujXXzV*5r!hzj3@WWqw**vAKYTmP1^M~- zj*p{nUy*^W;%Ck8>^!!_y9O(b!%ve|U`5Tsej=M@>V=b&`_l~@pQo}1bYal(GnSCl z9UHeq&kbvMvbyyPVobXi_j9=M42T|b`5_^)9;PkO3oI*J-!L*s7|3S7Z+`;v%A zG9;eTo zK|5eB06L&3iNMVepGd$UmSQmZq~qg0Is3Jt425?0p=`o8MB1RE)VvIW7)cb3>qD-$ zThtFLnTUIg^aYUq9YX{}{mp#;el`u}11tg4WR%iV7;siaCy)oO2h>wR?N}8i!WL+J zI(pbZFxmg6&>0&Sr;5Xb(1IR5`S-Vdr0@UO0Qmv{!Z!%TYB-PhdLtks4jLYeU3b{h z@`ks!cN_OMObvnbZ*h<_%7D3;?Ep?P+*>sk3yU1L4<*PvShE~C60tm;BN*d>xfcXiRVB7HE9uy@F zv+H042#v%}+xkT<8mlrhG8X6=0v)EC4A2Q1=1%*YM)V!W`GsNwLKz{Xo9Ao!AGhnP z|3S8zZ6#qPz?AVS@Z4>g-C9^bvM8r*v|`1IhGt~1=7R?kU<8DaNrxj=H-W60NUZ=` zl-xhzpL_$s;sFT5q$G^LqjTTX8VS>=Kob+~gxa&|P$8Ll9byjn-nW(s9rl!*l~Bda z@{|dVE%;$Ayazfn``srCI*F{1le?mHPdlHpy|heoZo;NaCHTGc~n8m zF=z%5!#exkMujz9bLf>9B`7FH*gMEW%MVBdHxZUnMotbjvuIA{D&kC4|JKV>G{a}& z^R;v9Wnx9Ith+mR8w}E&b!oQWG0&Q-5|)Nhv-K+Se$kIxeAUb* zGuo+-|MnsNSJ**=qYG~H`saCByR;XwRy?t_nJ)gR{6n})bI|pm+9|fGWreYKz+}p? zSe1RUOMU)M*!^<@(cBY5O)9%~ZHw6pxDTA&rP-|ypKRe0!Y;#2fz2CP z?+!g$)Ev^=C+U;1Ecy2HlyeD=kZQEP#tGPtuL>*Xu>S1f|QhA3aojHq_7?GhBn|+49x2qfFVCp-+bI};HyPb4_Cof z4(D7TjK#fJS#vrTdL{)KHBsI@Km+|x6j zS)HkUy&|chLf8#t3i5923^bXFBDI6eqTkM2dvJHlP){I_Il?xBgmk0{q8kcC7mT3l z`kq5Qp|pGVdjYPSXEQ?p^`ZqAgajwj25Q&=6EV#ViHr@z)EleYi{aq*4%s5WDkFdp zx8Wy)J8%9$*Cl)8y@a-CpreTVozPtiTL#K3aZRW?9lO$5S$t-tbq9WVcnz4YCnrDW zZP}nvuIN*f*)Es@9Gl}Fdk+y#+)B02{30@{x0Z zc!8@=KFuINdIVp<%gq*N;aLVL&_xU_OGK*s?DSU!)KL&963mI}??ZxN&cPx0G&7N5 zfHqr$B6i{9y+$K}N}@;e`wcpt0}S5tH#|nZWWfyPT%F z((DWdH6BSEElfm?4tpFWfFOk0p+$kLnz5SDJQy|(n_&nWIuw{pcT}A;PufC?pP(gV z1(09^*CrtxZfcs<1N}!Jf*E*2fo9N;zoV@;&p3%13Xmp3ntkrYrD^jR1pT1l3A(l4 zGV9)9g9YMJ0@8*W&E`k15!~iMT+PIET+T*#>_y}1r9uxcCCU8LYFs9oz?94O9rMX~ zhTN6`Tdn23S2+dk$t0*zIrkb2*HIkj-pI|s-9ygJSY)`hW2Mm7luKO=ZGmQ3hs&#r z%m>agE#buPX4ttO?GoXV>og7YpOKad$xt{NzCf6012jhm!DWDWB$NY7PRe%hDsnd{ zfkdtYBMJ7c@F1n)82l$IzBE?w+I%?U&J7enr#0@_vpuzMu=s?WQ#}ea3KAE(8VOp) z04FwTxB;ArUA+zsd&mt1%sNpALhzQ5b_)ghR=i%RyTzx@tVMc?JEjj7T0r_56n;7a zmZu5kFq$AEdzMu@q?h=-1-Rm;L2L??8^%-9-2mgUNncZku9L3}P)WjNh0MG`u>;(=4mXH?_-!$I2THbpaphy$tvg=23`NNPY)47l(qk7V+C6GF zl5HIdB=|WVh6I!fX{gvZWXjjLVPi5aYXCR60GS{!0=!BjcwAwaF&SRe-*az%YkCN_ zX0N$GroQ@HB0(`+{&N8Q2d)*HHe;W{7T`Ka;Zl$csPA{6&m~~35j)Znib^HY7|Owb zOI2IC(*l%l7_@snjkS+!`*gdK%df%3laB-*i4WEMFZYWpIMIcM|AUh18H*(cq(U5^d*aD>k4kERV&@2pqCf6YpYz{1H2*Of8 zP&FL`N#IN2kBSi`SIpj+ximHbu=72nt-%=XiipLawhCMZiXbN7{7G}9acJ?#GygI* zo<0spSsI24LGJ)e3aQw{F~ezy!l$MT8(5442qa)iL}#P#5aCnq)hA?w2nYl{VqzKr z{r@FW^H_7hGPw-lldu z)oVfIa&}68aYkgLU{K1%K=zJ^g+TrQCkqiC-gJ;tFfmU0LqoC2F-#_f7Y{zSNm`8_ z_8K*3CK@9C=hfM!B}2Wf4Mngj6pG|p2U9h~VC-j562CKG+71eo3*i~pfll1uo$l6< z$K2(QM+)D(!MK16c=RMV1Jd+2=mU{sAA2qZr3P-;C1}*cbMztr&g10`u+F|~$ou5L zV|acpkP%EjRj}ckjw?haXjYu!oygUeAVV=pnOJ=eZ> z5t(BmHjRT@SM^>}&&I8(mgh0BKMxGT z7yfey1~M=-L7p5%bq?Mmx{w+>I#hsYQIiPJmuB3r8oFPwk!W}dTe^MU{jyc}4rc5# zWZ?O8(T#>|gC0*o;X+v|Il5q$pH~eZF!5k{htg9Oe@KU(DJ(7~(13c2f&Kt?fC5qg zzjbwQX7Au2ITa8Fn`TY(Z*UcF^T{az-9;X&a17ms5Q;-Oi$MdJpsGav1lrvT$_3bK zw1bDoYy1$Y%0osUh^>$lMd2}_^iPBs8N9MGO!+~=Hq^S9Rv`IPRRJJ^fxO|8y!oN8+iQJkaN9EuTg14Q0~3;X8XyLZ3E zzl6#osivDq9K?B=<-_yr?dwx_Mc^WsS?5v{6u`7fGfA#mSk|r4qrTktfev>Buo>K; z0|~BUo@i>EUtM7xBY15zRw-U-bLlfdhPi)N+qmcgtBm@{0o~w=iKXM{*iJ?x&K+^R zJOoc!92*>+m&h$phS3Z~tker2685kI1~&Mjtjsq^(sk_fAR%Qa50g=}$AU$7>*y^k7!(&1A3lx!=q(85U0q53T)O!gV7lMOeqw8B&LNUGA6*# z$Q>|4ra0~(>%Cy4c?;d|fRAX-y*M{M%XaK#1VK2M>;dtL)7JdO97Zx!I|5emfSww) z-YX2Ex@E0K^MPUO2%RomwP%cRsFtkwKp3H0T!>4V9>Wmr|O_Ku=az7yN zhRu1vw@VVRh60cRl1c^G6GY?9mi`L{(=Qu#Rw5(A&8CTbrewyNtj6ySzz>k1*4j+q z%2o$J2o%E0tkha3N{x>MN(crsvWm2MarzAXUK>7QlS%xU^LFaQ^-D|5X2@^Ebjgp_ z2X1K1*>wEF&yj+9;$H(TVm&XE7l#}l3pfX)2yYVF@y>a z6>VaHwr!$JAS-|rptrwYwDgJm_DxpS@h00JUsbN^J_|_7T8|&+-^<^h2N>J9es`Q; zp`qT@@q$0yxGjZRd|h)6?WtSv8k43CA7132@>7TF^xb09e6}Zv&&g=IM^-TFPG0st~yuLoSk@- zK1fgIL&*;-lB*6Kc2m>PAZIbMML=)Ec+U{h29;iwmN0VQ1TpOT#f@hUYrPyy)F>LS zow^{kt7I9pq7$R-TWDNVpYl@=USB)mJ%9106knrMZ<{lZMi(zB(ERnqnc5y?OFt+7 zm)YdYwZDeMultLC<^TWnr1|{+#br69>cqf{wlS0cWXbJr7bf0qbUW6)rsC*0&(h$w zO>Kk5D{r**%n6el@JfrBjZI?_4_^TOnOXVu+(VpAf6zn4=#sHuFr(xp!0#2z{8nTE=p zDi6MlHvT5}NucDuUCuJ;;ZI>Fb3!enZR`5J4~8|RbnBXP^#^?N96i~URW{o0bF?;?f19n^7j_BPl|QC8SCq`^ zt9~DOJz#!bXawKr&$k;!H%cyRiu9|rlx?ZB<&_E-Gc%CLsO4`MS;wytn&|PqwYe6KN!!@ku#QyVda_tpIc7LA>yO{8EYLVF!ArVTq8@aoi195P8Hq3%DH#t_ap9cN*kg3caVTk#`IhS9d74jii)wtUUG^QT zh>|jVRNJ27rTO%lnn9(vwELR&7Q6O^1CMp2-D-wDA8g(nB(GDnuKbZM%dSVOZ=^HZ zN*Mcj`>k8I-*tVGmiRe%<6O#^u;Y+h8J0(-d`I$YA&^g$`H1s}4b zf7rL_7=(<^e=KOdRXD8w64&_an7Vll!V;EmgGwtS6*g5o-@HC=%Tn>IyJh@eab;to zGmd}qc=IOveWFG0CjzHzZHg&+G;&fzldH4wqfX{(u0HQM0`{z`%l3EdIO%yt)Z^x4 zvZmIJq}m+VlEB5tagQr|s#(-jTfR|2mjd|9T}877s{((_s#84JWV%i}XP0Db`S-RH zCzcm;bZCX|(QDJJdz)$Uskf(6GHbBO2DVG~M#fVaTAoemp_U>x1zUEhtF$-9&(r9> ztFNEvm@XTYXC>qx!K^N4W}a{`;2&A%|4yH+5esM^J6QA5O0KYC&^_@$oyY!5DFU$rLR4R6j89S+ib!$TzOBu7Kf^Q<`fn)#k6`&v{{0^!b3Yl&YzP zQDcMY;j~r;{ym&&WvAvaz-Ezpq22#?{mC#Z!g)5dF}G(z!f0rH*3h;UjN>Z&4~STaO-4;E3|M6|7O968e4Gj0pW+#qZx_LN*(n-(aOxbUf4G z;;3Glj28l|Y_VN(fP+)t*3fAI9RWN)l;%a9lfUV@-J;3QjE7Cy;8mcE$j3hR;;gj$ zfx{IEB{x%hT9{pu`HZQZL(jE^`eN39tK~U-^Q*g%Mk{pv$sd1TgdJx0%C^q*l>P9V zjn$@u&xUO!g)fTvyJkG-=Jx-`>uZUkL3iF3=9yJC8?kF5mPcy$joYLdvg`_XmgE%_ zTyo-5O&aX`d|Ul(*b|o5m0}^ykmc)_Do*Z)mI{~64lyb2yG7NOYbT)>Tq3l>*fJ;m zYvAPcHlzOZ(TGtY3Uwqqlajs8sOPrtNf;TLkBP>|VSm4cB9=)j7_0SF)-j z=PTQMD}#ps{_$B-^wU$)aXJ1^C8d9Jisk?PyP=BHOswOQei5J0@fkgWJ?Rk!8HEL& z{whxL^mQBmO#8mMF)_NmvAYG!G6vdhOF}X|>a5y3%2P@O@8Xd>YA?gj-Mfm$6o{Fe cvTdGV7#vfu=<+@!%D_LnwreQGD;&P?A3OcjO#lD@ literal 0 HcmV?d00001 diff --git a/docsource/images/AzureApp2-custom-fields-store-type-dialog.png b/docsource/images/AzureApp2-custom-fields-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..6bb769d9399c31186acf3f9cb88099a7a4d2363e GIT binary patch literal 42405 zcmb@tWl)`4*Dbhlf?IG8fdrS}7CZrhh2Tzr;4Z;kf(Hri?(Xiv3GNWw-GcSn@AutX z{iD13-dla@oT|g#&tA`xDPxQ|SBQd~6gmnq3IqZ{|M)>%2?BwQ2LDwdBZ5!DaRWX> zAe4}g;v&i}DTm9>YIw6NNT(-bC`)J~6POfxh z>|zR3!z;zJY1!BsiDe8T5wID(=O7Y%!Be?MutPH!Pa+8wN(2hB4<2bjJJG2e945w2 zODra%yhB4HBZiHQcjIhen|VSO@cV^d*$ z(u6Gvo{2J16Y;_O`0?%O#RcN(;NVYKn*aRJ^rxSnU`a`-f(9+zYFAfF>w(yRMtq`S zWE@t^Er4xrWq|%3OZ3V8jX2JK{?|`2mc+@YT0|j^f_dpN7U(?aO;^3(MZKtlT{y|#WEXD(6@hiiB9?#M4 z>F+ljif6(?hF7bzAmVe}SGI1fsd-nT+fHs)ODq%5=+oZrReXKFR4;Ber4jpKNRgf? zNV3%OWdB_-Ti~GGYw6sraWjV_?NquSY={y8C=z$<12TByX3q=#GGMMX%64|_br$om zwHo0?MfA{d3kwS!2dCjb1c<_fOZqWs*3~pgR82EQhp{cSKVm(*UbuY~80cSp=EP=U zA%(@|h!$B?e9Osmd1Ykrv`gS#b;603J_QG>zd=-AQUI%|LMFBpE?cs~i_|8#)VXn% zw4|D=6|y^oX|uhCu64VGansZ@k1{DH#_Fzw>9G43BGkTTS(~e5%4;Q++gX||DA3F& zLRld6grfd(^uZl2z0D07GH(4317rNY1Xc#Z4dd%T>qrbN;ui~*@k}u>>i%Q#WL?v%$K1saL7K(}e@i@BaUSm? z;;=*qCJikt&@vT}Yc-RT(R%5rPqaN!MD>b{1|5z#+ zl&t!>;$U*J!H(I-{Bf$Fw!xi?e8~8uvrJxIEJ;;GTc@~t#Qg28!E`wU^4vy7Wm_Yz zVg~b6eMu?g^=y(OIDlYSGIF4yDXAoMZTW!S{$xY;vZ{z{wN0hCyVU%x+S!6mE93iZBN?AVN0rf#o|)NTt4gy(RU5?Az`)mND8941 zJNwJMmE%R+JKezIo#$`bA>ki7ANeuY7be<%$M@tju{6W$df4IQWA=3ocM)EwMo6Sn z3EAxFA*HGW9fpber$_X!T(#>j|4l#j(rpWadG)x^vQ^BQkJcwt=WC{C^U{tKE{Cep1txzfo_R%kmaW9f*VmHwY9 z$ck(jTkH_M?Zf+bu9(MRnH#VR?i2`-(q|jjG6ODAkzOTf{+))8>uYA=MbfXy^JK7{ z{$hB}xxQ#8YYot$(q7x!xa~QZia$&(IbF~Dm7%CAoMaM4#l=o^@N|ZY7=94Q9UmDG z7tRau?uQ#@lBIm-T6atVTzHI@g@uJtvrd+UaR&Y)d8Defw?)Bf4wc4B>RMv5pBohG z|L(+FXS11Uv&QtS=RWkHmkkk$lkgpp;Tx7>U&&IR#DEuJpTd(IWy6m?pAd73 zZUs;+QlO1fr&q+&RCD&vlJIB9N6=SoBUo`HjB5(L#yv zb`kv-aP}k2^2k)1^M4egN=ljFXvPPz)OGUSPv!1I?$+ZIcV~)U3F&$w&$0-0^r)We z8<{BP>t;$9b{-WdlRoUTcggp`6&!DHzjC0YANqoRn2!?O-n-FpEdwL??xFvN8K6A1B{eh-Wut&s!@;;7RC$KP<$aWBliO9WW25$B{ z-5|p&6%+&VGj>cDt z@mz0&ztnPw-t<(OIlYhNu?M5lR)^V5i?DVy&C)T`sZ=ieB^M>=T6`_k>*+`RY@0XC zEBCYc^YlzbbGFATESetU^|dl&h_@Tv3*%N!_-;Ccu2DrVe)?R*vq~bKGcmk~XDoEc zE^h^{WZN8^pQLk8O!Ek?&tpa1nc3`W!TDr z)Q$GWzfs3a(-tG?>=~-JLP(gOQP0kk{U$nxDkm`e`@7$N@@kcjC++E;5_Pz=_4lek zB46_G*M8;=$3@CI?cDx_B`}vvf;Ks2%bA<2P0I1}ymIe3Vuq+g@$;|O2egL!OIRN+ z22Xq2J=cBRErpL7&_KfWdfw?VKH}hLgg{d%IM=y3b-jn7R>cIm?oMrNo(2Y31}?e& z9MylEgf!m;-v9j?Am=#>HT;#tO4M=|ih%VP*Y|%djBKLx!>F!wn7K*>h6DPEgKo5X z*9BE8chhlMH^Mu$7+k{Tf06%vB70ZB;T^C09FK*3ySsT17Nyu0+!pJ9x#_O97LeZuh6BF=T#Qf)fw+mpX0JUIK4lnx*i% z!yVv1!)NdbG&L+z|5L)5Y4;-h71Y1cDxcR?UHrK?A_yd2UDZ&roFZwz#o5U-5T44J zi7-r@`4bXC#yN6uX+~8VoX&(K<&HCNsAA(Zyq}Mn&>${uBdCOer35|k#xAjMd*{2k z&yMmgT<^!t92;;`e^9ic`Gp2CJyrfgfX6&XOdpdvf0VlY?hHRl*1G&vds-UZuIdMj za{Vx2GSPJd7k4qCum!rGN_OwR6EUdqi_?mJo6_hJr&({OAnonc{x#7l151F(-|EPJ z$7|R}0=G_a_`<&Og^qizFmrlH_jaUb=fRMq;ZoQNmS$qtW~EfS=qswe5oAe)4+Mvc zwIBJkM0^2bdDlpB;auA_jX_sT6lXJ*Hr#S0@O0Uf zX{2;!L4O@Me*G1W`FlYyoopQBJ}Hi?gX6 zK1b`&S;2S+9H9FPkYj>580@#esI?!mO8*$FwCz0wb@oVnju7I1h`^JFH zt&{(ApRZRkNAJ&}P{P%WLc@3Ij3T8C$*=5nrMy1YT&Yq!$IOJRUFC8fd2K=v;QL+6 zpJ78{z7&^v$;{1#PB@FJrtrIxRARq9ML+C#WXqf0JzcZn%3>Dk7_vqWY|e+14jpQA zq#HT*JFE7cXe>sB7lk?Q%lV=^CiC(3X!ldgwh#{OHuX|_On^1F_WSXSQD78bLBq+e9K23MV_}e2tkx=j8kecxcnrD<(DU*n=!WXPc@wt-$NL$~(yJxLtl^pLF z1*YdSwv%aSA_b4R=i5+#w$z;ZJ6uTRZLySXzl4$AOcs^P*))ueL#)AH+dkzgQs&=-hY!i3+1K{H-hcZWst}!TK>t5D2i42A8?c(TOTKRQ&WYzwlOs6fH~2I$_&?NCXUOYRO%HX3$2h>Y!T^{lU8i zsjj!s*soP$-*Y8|tS<8Rii%#&2oP2_T>U|FsyVk~vg4$9 zyg0*~e3J^B2bBlQTSTa>0-Dl(!(!1O_cnwV42aMQANm2xY=qMqstZ%w6O$1QP6mkk4hKg*2l^oc zW6bOEalhVTkv%~m<0b`|!;H`0_D(<=(Qz}ubH%(2tZhZ;naSJb9wxX@4MTwR^nT4y zqYui`3K`1ZP>f~iKJ4vY+c@cKeID-VBV;Q?GG-?92VX_UshsvmJ>iNXo3;i@>T|y{ zYi6o>BW}jYN3-G)oFMZNnfwm|Kz0q7R5B#?@aX%nkl?0UNUp?mDb1iXrxK1G1k&l( zdL{G#=@?K$u8b>OG0*MYYVg{jYJt;QUtO#or9}Mv8Jm$Yc|y7ij(astqm*-3u`)|5 zz>S;Y$I=aq(N2HWxDjr0+3KQ@q_97Ec zAzViS%!zzk5gptJ!!O$pFj>F6u6EafA(#H|;Z&X$ZXBZD-?ave`DVU(7qrT|(J>52 zzjWQ9y}6mu4Jm#J=BvP5eE&<)Qj!|x!B6n)_evuV-W64RNitf9z2n*_K;(|0UR{{{ z%%VCAr%vz8$o^1lX0q0!JqF%&boOdkH;#XRq(ivjuW!Wv9$DbM94sby@Jw)uh!kaiPVtrYY#^Zd6&z;$r38?%!>9r-#te(2P4DOqk zBdBVkuVDE8@nmI3zRDXR2}ZKTv^^~z0?%`KE>i@oQLXGwlt1OUq^k4>$hy%Dxgs?u zgnrUH(F@7BC4EC*M2tRo+Pp-o%+HtGrR9Di+;u)nfFtmC8OClxE1BWE+p&@y9y17#tilV|_m( zP-pe+UwRyaYL;Pt1k*}=C)H23z~L!aaqSX}Xkm+1e~LOCvkG_cMu(GmYylw(cNhw@ zxcFp-^0%;=5Lg%r>D;_8x*jH98U25ib3oQ4#o7Dh4wg6dQivZ`56~gjC4_M8I%LFX z9R>`OPWRh{(YHlDalka#qwk)pWjouy}7oilKX-3rL}YvgkqEc z6j&+>pk2%sx0VTmSo*6T_h0y_$mX6~!l^U`58vY2La#V9j(F>p8_TogOzvfzPOiec%B-jAREoFS zw(@e(o_an5=Ih8AXWnTh?Jx%ymWmJm3&W|xxlUByiU=^daZ@7ru0G+EVa721ldmB` zrb+|S44s7L6WRJc-k20#+-S*o-W40pwtw@#wKTc#lpO8{64y$HniCw0C}wtfV|!vH z659H`wxGe^<?2mYNWo?BVDD_g)e> znke?lHxBp!Jj~=~A7Ws}EE?ISQ(?8P6_oqOPF&m7JHsax%;}3sW5Aq$a+c)m00my{ zL2Sw?@=Nvrom2EL zNAy?Zc0?ub*IblMV}kCL-#7*g9Kofs>wh}&zpK9nY*yq{FFpV1Wjc^A79@W$Ygc^z zjbkxig#hc5(dolc>z5;$-TCvi%y_QMFO{RkHTiDe6eX>8H8R$jqdO7+8`V!Aq_Kax$q)73EPk%Z2m!ri=GGQ+d1R)qJLXJ}IS*eQc=89@16p-w#{XRdu zd1?0GbVv(@;(%aE?A~XuZ=8%;<^#+$je29Vt;c9_$k<>lW>z4#vaF2_SOLaK;}48f zGS~{_3U~ z3G=LsBZ&g?bHnbGwH2xhED5TE*m7Ig++fc{_Idj%C{-K{mjk=$>bfI9_jt`qS3A%z zhLi8#1KZITAQu+Mgq&VFnK^|D0u}dqvenI*QMZkhI=Wz@oc;3rybFoK9g?dwzYlpq zNC;JAj#s}2&jsUMlFq%*hFc;@(VHLb#PJBar#wFt6xVk5j#6C48t=!&HAdLjjAR=a zeba?%|F3IV#@8+pmJUOFHgR%nO3R;W;}QEi7tE>`cHrhMX;=a&GCz`xz#wCnJbzbo zjQUauCZCUYWZEO&21PNQ{P0dUT2PI_Q6K!fwcW4bx76v~EbR5$KAi+E_ z3d=#|vObB{XjbQhNq?6*@jvSvL}KoEgc{jjul3IU%iQsnQz)(t<{^tbjX6tb)WZ^8 zrSMCG<6F;9{bj4y|2iQgeErZY^v_>AEkUn#xm8K>NF-biLp8OewSNIfHhWkv)Jq>`Tg=@PlUNk%$7TYT=Gw!gt<@57|cqlT)gr?aYhW>mhlt-N5;(~Ez5H_r4d z&0#oD4O<&Ik-`rUadBU@nx^Qu)UvoYsYcRT704Z@(j>IH5LPLnRPOm1-X5JYg{95l zBJk#F&4x})x*GIsk^>mX$*14?zQcO)z?u>$f})alwl|XP>q4jJPDM8Y_&`FvOKDAL zcA#l-PgPV=@)_WGfz0no08%j_Z!TRAmoZ?fgj`fuwi86q&qL~~*&J6O4wp{i>K_rx zQrn@s;^O$*W>}Mt*x=xwW(`o_1^AOlQ1~5o$Bpmby%8UjrpJ1z@(8o){9!q|yq1Uv z6<7x zM`ioP_^teToWJ-Xr#+z&ntH*KqO|3@NgsRZ)+W8qTuF0W?>>kBMCw9 zMY>zNGRm%Wezd-I+jJ@m0|@8mYBSl?_NJMiJ}z8^$I(aktKX&x>V(;23KR{_@p@CC zBCKqjeSL9KSWXYjT@kC(n$Ay1lM{u-GJcV=611XWE}2LmRh&H%5Hy%8U4*~mq#Z`- zE8z~ZTgD?$_W?wQ1af_rXuxpn!+xQ-#qj!}6{?Im2gtOU1qw6GM^#xUUvoCI zr89j~dvHdN>sYxsMMG*x0b-bO!XJ4mGtT(Ort1`l_gZ30j}Otlk_`|uprb9X4H%cI z1o=wk4vfZ%e#r$A1Qdw!x$y3O8Yn6H16T!8q^h8;g9jWXiv3VjS}f9M4(uht*MQwf z0reQTrFfsH+M=pFN*SPyT5mvUCjbn&JT#P~o8uXli=aDph#{@PQPOQf!=Z$HX)ujtK*E zEEq>a*=IP`9k3}FHU6y4a${qMe%6P5;aV! zrF!p|Bg@JROPJas+`6FWk%vvNRg;YFT5V3L)P+f^I$D(k` zj)bjG%x89*XDFGSzR~{S+oA-d8DxK0facbY-+rgPe*$$mQ?ETDbp>S=Vti0#lUD`m zB9gOi-;5Vo|4+vlwpR`cscpHnVw*p%I2JZF?Lqk~DsamGgP9rSCQ&R9PD!vo4vf%u zmOZBgI(swtBDsA&poCTp5k07}&%^XfT#2)e%;oGnK0nueg%|KhNgJ%EfEE@d06U=#|hK1N#4Kkr3w{Qq%^ zioq7*A5GQWRDGb^vY9AORfV1VI`>E$0sIM$1Lyy{s`|e+n}k!-6Pw3>SL1sQODFjF z_`8esEUq`l%SA`qJ3HA~S+F`fI;Eus$&C(sI9XX)tZvs94ULVQ8Y;9g`a7ekF84?E z`UVE)v1W68FJ8O|4hiX8YP3&Z5MrRG$08#O&&i?Lb>O@G_pfVg3=<~=UV!|ha5_7; zMuX{ROiXliG)!N@3Ofl2iNnDR`uzNSMNN%=XsAqfe~!W%Fe^tM9-fZbSpxUAr&WLA za76HiwTrvctE&Ko+bL`3(Ty9A@I(%iuF1)Z!s%CZbV&C%Cp(@5$ndAv*L}Ma+0XB8 z$UvTBNOP6hJl`6!J)C3f>FcBB;=)h&{P)(^&+lx6d$q=_xmcytwMakjZ5SJ)Rs$A; zYFSSN8GjO^u8K^=%rG4;Hxs;m{n}E?+=DL_Ls3zYklTv1 zFOs7C#(u2>=BtT`;YboEkJBNcGX0nA#iF93uCtAP+mn@6SGXjN(mt?EEPVW#zxI1is_M(8>2T*lsB3=&aD* zyC}6i{WAxp?Y7op5oD?qC)1?c({4;Q(?2wjX(o=(d9s~(pOQ6R!m5_*ESF&Br3T#9tS}5^v)fRfWYwn`Y1R! z`2G9$kdl&;q@{Q*<{+g)|G2o9VPRpQWTUT7MNLi3>iOW(S``-;7d5nn723^SDX{ACzMYX-!pXMqZ;$C%! z)6~?2bcB;|W08`EP3FrR_Jt8yHl^3a{`?7BsJyT;4RWSj^GygIGW_mBEyFuvbnpH6 zB+JFROwD>LkXew?(8Sf$2vt2N^FAS?p!nwIzV3@43k6@oK!C*r3c6j}Y~kSGK-UPZ zIo{r`ZA1!})z@x+oNsmG78Mn(@O*R~*s>!P_SCZeE-j4$evS$_P(}u2il7_*`>V4^ zLN?eSOo|zXcH0ffma{&RPig7n;|dnbO)smBN1$&+#2_uGZ)s>Cv~D>=BqbwT-`x%V zezBbi_6!o0kT8(S;q2_3!ec91j?w;jO#%xC2RaU*GoqoRtKZ`_M>a$Q{w?O>!lP2A z^}@@`>v*EHw3JDuM9l|k?D>=H%g(F4nPNd16W=-ryRQyr&;H1;Pzef>*)@_jJ01BJ z7cb;qh^Oa}yrC;NjmvIrvba zPj130-M6E&(25ePf{mAL5&E?)C(w8q^J{`Aj6R)&6;tPKWc=NFpL4OIOwf?jDW^#81yLSfUyUiy@UYK+Fj;eirTQXG)OzHpL~ zj12FimDXgByRBbgY<()_IwLyYw_f%U8h-!&U6v8QS|Sv`5=;f3oO~46r<#UFl8B?_ zUSqU$E*j+ideNH5Fl;1&%@3VIC`GeOsW73wo|^=mceC3Kb7*j|UT0?~8iawF*%-u7 z1Mr8|9cZDU#SfjYU-ewvz0(h?6!Al3t5h5Ie7ZBir=S=EcGHK5PTWIiC|f*T6%~aA zU4Vgsftr>UX|lj~_WP?@U3C!=7~Ifa3lI?*g@x05dwN){t*x)YHynM0GIDapkU6k% zYD!8t{H~X8z>|!Wlo=8`16b0zKab`r{YKJ-(_iA@y;Cb|Xh>kvZi*!naEU6MHp`pb zo2xaSof}T%PzTP}Y_kpvT?@bCK3-@@h`wf>h5o9?4HG?kgnN5?ONxqq!05HQ zUKy;fuQSrq{{ZGtIbEz;4JJ_sLeKWvS_jDY39__?1S~pVA#)&=%k0T5bpG8g(rXm|+H z=2FnW#!R{HSW8Pw0+2X$puS4N=kNyjD=EMRVID$@9R$)jxjx z=(m-G61_8)ZqgluX+kHLq6c-+QWcJH$!-9c_}#7r{)?l2)YMaNB zTLGAgs!<{UB z-2QYWtvGDKMYY*9eSBP8FPRwdiDWKIVyIs@YlGu(+evi>&-bf=)U8@qQ4s|?;leBz zYC^uKsDQ0tU|}(#@OofdtTIA{+THVQzwli9^P@FB0YN_iD2?`)?*u$oXCHEMa%`yB zg@n==+Fh^AxU80Vz*a*S2s~)1DwKd_zm=d?gX!Y@+#s3T8W_a&>AD!AHwa?0g;Jk_ zFR!nSJv}{#J3D<~^Z-;@ubZ8E{8F7x9Jmy@(HCx*?tcE_=Ki3(eKej~dyq-9LeFQV zPE1T}9vlV;U!`i5z5#)O`QpQenL+1es2~?=@g+ay}U?Rdw4eX>R5> z9!~HnZ~KP=sc<|{Vbp0MG&VL4PfI7RmDUW zQc_Y*=S|Y7xVh`))B{9)4i7Cp(BK>shKGkw)L}xhrTy zJgmf?;}jJWql%O6B;4?XCXZHCNJdQ!-tXVP3E2$b>sj2~+$>gFh(PRf^)tdlL9ny8 zpJ=ou`DvGF@7)2KyB_qZmyK3)!WyE$GTh<*iH z5=WZa&2GXuFFoI}u}vHVX}F2IfJ6cfjLTjT5fO9MCXp)}XA4Q6+nltM@1f!2T~Ks% z!Q;L74{>TVGCn-OI^HlabU!`bW8>iXa+r+j0h7AD+evS%au=eI`Nb?DDhdn83KdQW z7BR7gNwT2p<$D(wm*%h!;bCFoAP1G{wns$2k}}vFh$iHBVua`c99&RTBs!KRNcC$d zIxTHw%?Y1L!you10Kl-=*w_ieUP6#}uAWJM0C)y)P{8FhW3(zw(5-7|2$h$YcVKKx z%F|N_qyj=iRyH;funkZUizqe`LxYDhQL4%P)yQZaShqs)wChmlj~_{#MGHMW@L=ZM zjrKb>dw*U77KU^%TV7sW_JPK?ww4nLK-!u#O7WEn@n&XbrT*y{G{U{G2b>+w%Rw1_Yq| z1=ZV+-?!paqvGQOp?(6=B9s!6FbM;zgt`YVt*m!>Im=B`=8dZPaeqHLAu9wGpKJro^a~c<3i|6I!P%<-PfXK@Oa=}cgX3z^<+Kz<<;_K_{fsv6d z4L7CFpBt}6(}g4Dg&*+%k2t-&6bF=}$G|rAC=&Q50s_KZjVW%d^y{kXY5<_Erxy38 zW}rY2^e@K7$BWX&*b3jAtOfyC31ZvY&JGecH@Ex4S${!6!F#anDy15^^{G^1fgOvB zBw+p>o4;ck8!w6Zg+J}BwDPyKwpN0O2}Fbp5O|Z1zh3T6e2|gp2FC&XBy-~1DIk@U z;GiL_cAFod#10q&D0?+HpR9aNwaNh|mB4LH4iIHXwp64jeVk~f!rJk2vs%qJY%YsA zZ;*)8)YK?BIB>z@z>*~ZdMN_EQwH7^BKlBcqjl{w@Ns^yL>VmdAw}^xWN!$c_`8b#Fp~cP^Iw* z@#fAB-0g>x=Vu!KsBN=fSa-+GC)AXb5EvMk1d#3!G0DR~fQCTu8Py;r zCMF5V$=Lwh%+*^OE$9mZdEyNtqd(wGVCQVk{z^17G;{#Rt*oq^1KSU{5#YPfn9j@! z68L&g2=47}cBJ0dum1YofmCna6nxnk!ph6bgRZXa;atXIt^x)~BOv-i`6a*-m7uN% z#?(7q>jc>s36SZv{rw*!$=vpfSRvxjm5Wnj`-@V69r1>G$IJ{qXl8zIWc1qI!viXE zppo)m*>4X+Ns+##WjFv|2G@u4ghK8v$pU>|508ozm1!G9!6`l^~$ej9?f4{{5T8_}sAl^b9T+jP%OL4C$q%ksoPC z@}Z!h0O+7|qUFYUu_j2~vLBP2jB0Lf4n`r?3c9?M75HtRJ#BUdPy`UGh)89D?~W*5 zAlJ9GncUsof%O)0JE*FtWEB)3A0HnxEm&(Ryulk79u`+uCt6xsTHDAV zM(?i#BES%ReSLu9B1ZQ6$>ob#SuvkqTmZxl1C$J4p5NXPrP( z;K~Bv{~&rJ!^6(a&)bTygOCl}1BA(kNq3o0m0}6t0*6OOB#ibK+n?YO5U5_gf+Hs{ zZMH^lZP#!Uo&hZBba&#_2b!OJv-v;)3}b6;s}7GVkED9`!V&%8@rR>IL4)4SNo=!v z?PJgf(GLfv?}(vvo!|Lb9K^aaz|-oTGSpLIOVgVIIvPH-mnj1r>JTzZnI~%8ywTy9&fe%M3l8_s{7FSO_dOqvQnarcwGw zwFl04GUy(New9=yc6u^VP|}!L`En~WsGL{t{PF{8uIkg(i5uvfA+IqHuBofCm>x}c zboYVqmDaTupZ$8L%v0D}{9a=~<6^e$?eIQgC(e{Bmf7xB`2 zn3lgb%)&HsyY5hT^b8DOA>f8oMRj$MGl4Z>h&Uv}`H-{8;W{w6nVfVGj z(Z}a}ZDpg8xzg#OXKMNays66Az9rK7_P<~aW~cwyF0ZNHF^7eH+byV&vS4kKdWR$G~$N2sf-b4iF(Ke5YH2nJj7w=-Qp ze0ysP$UVOI%YA)_%*;fN zgh^cr^lea4>6~y{TT=l2ok+<8%(C4uY<+H`o5y||59GGBjmej&_-zQPs@xB!kIp=f z`|!ZCf0EM}boVg=r+aE1;Qjg7Uj$iBTj9RL-d*X(LhcE8! zY6OB+0c0sIuGM!<)(n9d_C@qJIX?GY?y+$4)n}*_Ba}xs(kE*?nE-469>mt~>@p^gTU^BroPpz+;Mp~`JFA8h0+B`uwKob_gTk@AK$$nrp;#zI+ zr7C_b?Mq#)Dl~C_w?{}oRiVr|wWLHAlr$Qeo!{$NS*32#$Dwdr_u6^TK9>Obj5IYR z=}TP(CB@7PmwbcdQ8uM81y^mv$mr1= zU&u!L+MnFe1Xg{V;o;$oX|qPp7=Y-hLD;puIkp6GH$=Z%lCn50KMDk;YA?*R$c>A; z-SJL1Ab6|&J7$l?BiI8p z&83pAe1OP2z`-sy^8xqN5Xn@?$jKoDjC;yWkhKEI&dgE0=;;1&71WVP;gB%;uFO>d zzc#jcb^)e*#P4L^-rVf$?dSJu#btw2z&&Al4KkA-Ao>+GH;?8O3kxPL-KUuYlkLq- z|MA)9z^p84NC&2{d(f*OOaS3JCnjE459<~Xuo_zT=pCDvLkiOVn)IATCtTitI~J~v zjit%S&$n%#l|6%la2sS@<=yTr)>90RFf9}pSxT0wykb0r_1=H$3Bc7v`7@-o9nUmt%87l?@DiG&q~v(PG!xIyIti+(06xcKUpQg% zqKl@uI8INY2L^~K!@af++nT1RJi*}?9n@(!Ct zy#`b382zhgr!gt?-JD~`{AVD#^|L<*iJ0)uc9Y_|(D~;h& zkyUKFHxqM`qOX8Avi3n!GoUs<2Bob$8nskTHcWuL^9Cu+AC^j){`KL}YsWeg3NM0m_ZCFqCx?d7U*Z7t z>d!FPpZ3mtdc(j3%qmbyO8(&@y*NE&p3BA5lxTRe+9-xc7cKO?g2D+`*`FB4`|DCZ z58|i&B>Q2d!q{f)G=dRcV?GvOf@Yr!l>vRJs4nI|YfvhLHw;7d3u6Pt&RI=xw?K4a zmys4i858HjHnWLmJ@S&o4X!%~-E5-izj`o~Wd3sr`h$Ilcow4A`o@L8j60d-=OmOU z2*_>IEhs_~W6M3Z0OGsG=si!rjT8xyp{67$nwoFb;42OZC zb;ddGi=V~-(BEKwt4aa%Cg%^hqLY-bP<&1I4u|WYT} z1n#53;(dUbn4Xvk*zdML@tq^li}1Ae{`vo4x*SJ;QJDYHR?wg#I9gX(E0S50QMwPF z1W%;Fl4vHYSZ9Bss#4a$KniNYH4$Q%B1R9}zl$(~J`%Mv-<`4qo|t|y)U{MK9p|EC zwbJUR1LJd~jsBkp+DZ3u|4%Q9pA)EpO7_YZ%FV?0H?UOG3;Q|%s14|9eV32`Z4yx? zu*<0a%I3vxKK~PkdeE&I0vQ_nrDOQL_8Y9O!9kQ`GQN(!zIZq7LS<^^V`kSY6xj6D zb4GGoUQ&#Rh|{yZg(BBkr>p&!fIVFvEy|x<`TDxk(DZb#3PY~1$Bt*e{JbUrr_8Rd z-Z}(``9!hm_~$Zgs-x`2^cN%1QCN|;w>)Z^ny+{oFfA;PG?eofie1OL~o;#2Xr>Cq5$(kAR>22s%8z0>zr=51LnR0US z^cHG}u9zc3n?t8!@dmycvDR03hlVozyE?!mkDUGMvC`&pi7V`pb|#`S>{B|5UO zNQsj1&>(dd!5sz>ojeT0cJKZTDggns=xA)fO3kN9*r@-q!@|NY@`y_URZQd!9`&07 z?i*K7ee3FC?wX$u5T!9ywm3xpY9d_XtR93xjz&hA?U(qn^9<*Oj)pe7PRp@`7ze|K@DceB9zwMEnP|ed;)23v%hz$Y zkNZvY_0xYeN^3t=RTCzfprGY| zj;fKN#0V{FY#2>%)*S}d> zN;o=ldfsiJ+1XWfZm8>Z`G+8*xT4h6xg*1iLYzr}K0_ueE4#M&PW&XpZfBHiYI+*n zv^sdCZXqy4`}7H?K-mn?7J+f~(aUTppt-_ij^{2Kfkp&k;(dJpZRzr z1u=4!yuubikBh#MX#l9M?Z0mR{(T1mq3U!V6Ro>Z^?47mx3|yU_+}!zY85Z7sD8(g zm2I*&!f(I*&hu#t4YnUqf4gLU&F&MBZulbP2<{QPuA2uk0PAiujmdm#3Oz3`Tv_AS3Y7V!`hgmiol=J>nut7D}T z=ETyI0D$3d78c^kb?8vN7B@IlGh=qn%-sBRTGefQY6>0#psuLJ;RP0o|Lv)@CN?qO zi|FV{has=4Y4W8OTe#m!&Y)7I=z zH^m17(9HDra_<=^yJP?aHn}`J_Gd^Gikqsxg;3rWVhtw=B0lOhz+qZ0d(Z(1 zEUTsl{=V%=+F6!todXtFaq!ZT#pd=l1S0h8j?~qiuQydNp-p}w6?O_WSE0vuFD|x6 zg4&;#IpR%CkrXsEd^yc$_6*)KwuD_?zJhqSx_xFfoBGD6cFMo(juGUy7KH_d17#q1 zA)!|g2uc8~gv2asmkGQJKK@+H`RgAtKVX&wyNSt#5MpS9_AKwWKb`0eCqRZ%I7uK- z$am5v(`{bf>O&=#5`Mh+i&@t&QtL5c1H`(Z5aCbom?l?r~(DT~2O*HW#4S-`gB5e1Uj_Ab{U; z%J1TK@38DbE_Qj*j$5jNy7o+`al}K4AsJ4N{%LWU!}*BN@K%Tej=mOUY%DcMz51B; z%j?|NO-97T#H`=#2><@Y*V`PRgATb|-r)v>icVh>ANA^ON@go)iLLFP8Qtmnnh+ch z@F9n@-(SI{^Ox(tD-ExHDq;k|m9Oh0aGGNfzYgbdIbCF~=e*DN>R#+eLdAc;n3$*@ zAD{E4@DiBOCvtN`8cu(P4a6V|1hQk6L~fTaLc8AyvTlmt4Jyq~NuUq9H@XqXe)_~_ zzily`z=jKS=iB{aLD&0efraB){7+uyp>_eJptVTk(B59((lETFAD=l{k0=#JLPyZM^Z`a+>D2@Z7+h4!l=o9n>+8V_Fw5t71xgG#6t376&PCwAI{n{9J}hY(^XII(LQO z_Jf@4OMu_C>V*a<6*eKBe~Z1z`v2A5n?PgT{_EmTsWg%XWQ@Ueka?=iNs@UMndi*obFSO_{@&j?d+)Q)f3I`?Yp=D>S?gWB3eWR= zzu$YfKG)~EuDj>Zrfp6qxeI+ceShX=*-13Bp4hs+yI|++tZ#W}Qf5$SmZU?b<5`OV zmQ6X5)gAq58W88XF(9}A7qgx-XH%yH$3=erm2*aHj$K1{X9bf@L{3JeT1K4+THky! z^5znX($xkF<)8r*na_js0)xGeFQ{KeXA3b0$G3mZJKZiF{B(P&!}JE+X6Bzi84y)e zIM?#+*Fu-{8;cTec2;-%ti(tj@3IvuUMM!WHlze=>g&_;SG*km#=dro(6Tj5`~@M0 z%C=;danM>EYFL?Kd}&E41On;lDk6?2@-BWbP%*`-p`-Uo8_!TyN_-voJ1;@3oxOn_ zW@)!9&0SP^Dy~xfwz;7}X}dCH`PpRN7ndWKG|uP$>J#69&R3DRHKUW$0(wSFHlA4- znHfXP8jkVtWhmr^ijGS^@OWYEeBV@*?L%@h_cW(Cm)~*Ng-7@I2eEDtXdBYU-J(iZ1%uoQ=JGedVu>a$hU5jtBZ5XBmGzZjtF+OJBrQe%`VO zdIfo(rjhPC57{44qF(bHyu7ItdD=pO!u}Lzdf|D-llo8rum{qlOLva3na`V)&{rw8 zkJzkFPwnosT%a@IWO-d>@UyFn{>FukCrVD3&e;fnhIoBUQDn+BtZ>N=zZLJIqVgj= znSTD{y6df2s3Cv(@@1RBw6yC6k6J5>{YC8unQoP)x<7dOB84O7vS;trlzr%V(N%2G zPE|Tfai$8Ql_^DO&2YIK1^b5wJ4L-)y$*aY-ilfL;CftU?ez4Uta_1&3G2d)Q(+wIn1Xz0m&tGAymMrQ zw01rBFg54!K!5+oS);>ZNt=Ja?VAg|W@6%t5A>ebDZY7!l2l7fXti-DdGaXPKLX_uQNWTUqH5gIPc zJ8O4!h21G^*Bor@65mtEEMw5?g#Px&PoL1OEiG98hAVx)5E~tB{*Gg*rt@M?gM*<~ zP60~Ur+4bMdMI`R$%UCUm}0MaUKh>$w68_Gd#-4?-|>5qeq~2XKBV6m$f<`CWu1!r z87NxTom_Jg4A7ktVHXr0Sf!vfUMg-sORFxu#Q|H%=(o^gfVZy{6{iL>T=oeI-Ve)> z#$7H-Z?Qgl_WOnF70EBq1EZUuLl;e6K|%0o#QCfY+dI#ECn3~meQI`2_59j^6ZaoI z()uGH!0M3Hdq=i}qc6Jm`3$M!Dn5PUx_5R1hUoeD_$c46>YuT`AiieV+sK$B zSFf@f7`!tbY*cQV@$P9r8vy@$CoE?nqTdRAMp@5y%QJxEMNAqG8yfQAM@OofH&s?w zaSNHLxb1gpVmH5?afOmmFAa7*HrBYPczTttZUm9C+Wp$MY4x!nZDDb7#~JCO(qh;9 z_m@Aj)mvJyOv0o7=~L>vktPeC1pf&QmFccgi=5TAof1>CzMm?K^wE5cNr7HKa$-=S zyveatxI=5k>w1%rggJ-R(83#Ir{lvFE4wQXqxgIl%6Q+)EBtuosf~6Irl46+_Rt{gXW2v{m9po5Yo>L zT6+!~sqD_4YTMr=wKDX;DzA82JKjB8Y}n}JhxTV`T)ntEpf-Dch%(qbAZmZwYw*+8 z%F9LJdEbYY#n-X|2z;V%(Qo_ugi1+mIHUJ1q^U#9UaWc4Mq(K*H*?OMtRAg{o8#>F zMkQ}txon@v{u;GM>KPMdYR2-{S})-K+zGtFFn7`2*iOl2*~BXc5B{soE=d8xy-pc> zngX6be{-ul!=?89PpXCB66-UsnMWmWjc6^w#K>@nRu#wS%l8aw8~!;o?E5P;y(f?{ z@bUhxG`h0GE9|5?Q|)b@KW|-%HLf+OrkOHK^)(#r%;y>po}c<%qL%*njhrlt#iIf= z#O2KsM~1?jDiwpZTFqrRnL>X5?z=fP{9;lgVNKo6vaRnu_ZzqzTgYD;-fn1QG%);7 zm!oWHY;3HZ_e)SJ8x*!lNV8un(N)ZgojN1^ATejoi>fxdGwWV*6T0}C z#>THF*N+7TGFDbzl;O1~w_L!2QCV5}vBI3!M#B910i#>i)-?@MX{tUmGh#M2?$=QH zMV$A53I@etuYmCNBo$~IWuP1J*eTbec6TdH`0HdwfuovnCFpA3&HdRe=^7rDT)S}n zQEKY)TV^bGzkJaU1cc8@K4El!?Y-u)mx7j1|A_TGjeSnEvO93YilWfMHePz zy=U2nAWytCZ?~M>iO+Z40vR_;NJ^T{P8c0f*v>rD@c!*i;&Y80&3*Y{$ZmQ86m zudM7*T`g|czOlpX(CRgNUG$B801d+x>X+R)yb}HStf9A^oqDR-4y#U|J`D;&UR&E` z(0<9jXcGu_>Cw`5;kb{!{W-kOyLTr*!PwZ*4Gb5F$@m-s2M)>GJ#?>+7geO%wy(H( z)5t<$kM>%TSPgkcnJo1>)|xnLCD>Bn7f??r1z>}$>zIrT4HQfqPf}VdE34Zs8?F1i z(_=S#F zG7d>Tx3;X=!9~-fIk{YDxchO1I6a@oD?vZUo88}E+_LCxnmsoJP2>arou@xG<(msuyaD^ZdA57@qiWkveqz z6|eYbrsMIJ7u)~p2YWyIEBNsPZFYQt5(tVyGjr33x6EeuKR*{bSY6HBA->ele`jvq zz2EAK?|i3vNa0s}qw2-xcXEv(b?@Vo1>bt9auw3o9TE);_Pp`)rz0B|`4}tH!ko@< z$8FlI-Q2Hy%i2;n)r-A_@!W;a@ze~Nzi!3arSnckO0j1@7Sz{wn^j+~UZJtzq=apY zS$ke(Czs2*aT>g-+KVNwYVf(-g+>h;NrGb`hUX3Vvcy|q4`aJDb^46k4L3UWx zSMYNGPGx=T^w8hmrMH*Xd8Gh2&+KCgIy)irIez^3VaR8p#zG-c4&J~+R_M8DQ<}NF z3AWG%itNz^*0nm)&_1kz6mK?@18+|6`l#r%ii!%fO^l4Kw?v6+DON3m&^{DVXuqMy z2fNO|%IY~YV@H7+hxXyahqqxvidIfs0lPrD<&uvLCOO_vT^|OYDJaN*l?VTUR;=OQ zZ`vk%vmtq1c6PR0*vPKkyFbHZ0KwNjI6+`PVWSK~Fw4!uvjQqdNUcPj7bGYUv@HeI zGc_7U^@4m1TI#J55^T^&-9O7K3%NR&EhfrgM@LDqcFP(*rG{T~$>T4Htpp<9&D7CGGwY zEO>l)>$SZ(b3#}he|VPU=DLK6S-#8t0MUIQRK}1+Uro?iH9OVr3+b_1mR&%ogzX~; zWEh#5i_inlgYr%s?ig&H(Xp{U(1dy~xkiN3O6KN?gH(B64qbz!r!i_7f&9t|_wbQA zN`mTwG@Obtit3=x-$J>3=~4urIaFRe0VnF*8MYDQg#U?%eopF?n?N$8y92a^pFh&ockaw5m zCe|jX@gQ=7gtZX9F$!g5WMt)wRMDYkeAmt;`+A=b(fCde_*wpkik;tV&a}K`P z!^>-}+B}4-Zo$D!ArydiXBqW5|Sb!l~l~+_; zhlL(flZHa1YcN}2&{*l3D1t zcYpr;8HzYeO$s4Q*=Oag=RaaYR}~=KB0OxItyza5TG{!BtW|Dl={gwpHVCMuQaCv| z*`yqp0mEU8g6c9|8lq~oz%XG$Mo76#7v^kSv|B^ zb63!V8L7*#-V5F6xyzSV6fk2Q!%n>lGC+t@{|E}oZE4|zFHlBSb{Q~lhJ-mr15wKE zQA^(h>lkFi%PC(&#hJ#($02~uHV%2gWvwJV*=Sx1zsuE3qF&28JBJ<%nvD2G$xUU_+X z<|6;4wX>7VEeJ$jCM5iL%Y2;LYa|U#uZ)9(1ZFF|lkaa-@bISFWE-BD-@1GEYEMS~ z&%ISqvzEa~ghem7Bw*nQvCxP`Bk$>~!*4PUn&3 z%_^a_Z$^@|yjNL)Z)&j(X9;z7akt}h%ZCe94Neetyg17XMP_aL zOhzB=`N+!dY&cl+ZqYy5c1bm76<7^woaBf2WY<#yB4QqY@cqiNt57sC6%8@o+h8Wj zw%AUY0UWfy^zHNKqt@X^^;HE@8kQLqJ><%I7Z>W`QB1Sb8IR(R!%|up8lYz(Aakr~ zQImeY3{Yl;$o^Pm>Q29K2l=g|Z*HDi6TJ2+E33gi?={i~ z8P-!3bbkFRCUE7$*jksC`$pPE-siHntv_UI#wjnq*hpPlKBVvpx}4Yd-LzF~Y@Dwk zjt>)zV?(-l@Zt+G{|%iEocI$~xtDYFZU1pseyDi|fj>QK=pD2b!(a7i=9TYswYOW_ zJN4&FT%r$=RZ*E3T*o{A2^d6TbXI!!@t?2Rb;tiW-^mg;hC-P)=c7!MQrX&F3h69( z$?I|Xh89|#dbQk_Hb6!4yXN9ANCa{;`~~I4*#G_*ynmVH<@zSA^$n9$*h)(C172zs zZC>s2rB>;x_8&tlWluj_yK&b}QU6m@RaL8ymBUq8#Z`q1Lv(+ETA`I=vq_q1N0*>e z6<(rzRhiXcdREi#`1WgFJr#(;GSKJSNv{}M8m#R@blpb5*+>RdAzI_>>7*?3Kad8Ms61_zshI<r^1HoH*I=#m5Gu$KhZ!G z;gIg(lDIal#((k7RHr5(Sl;rIjT&0}`Wia6a0&#i`LiLWHPV(}R8m4iwlbor#~a`$ zWpCU-%L%eze0}fu_M@jxtu=1W^guxxtrWjhE1ns?gn~C=POBp?KDd3Gq8186OW(ui z*}uQ=VXJjJ`rb-V-v zLqfhnSgZ_>g5ixDnlO%O+E4UrdI?&gh9$oN$3z|0y*ij#l+XwxE>_q*t`Q98CCIaW zWo^mcoUbq}jJ5q99=_J%FuIO!*Dg)?bM_oK@CQJZE8tnn!i0zwbkwgeN7a!ZC+6Cw z8Potkf4Vw4?}3z(4Qm7rS`VsLS2r-5|9wV4bpdJ-I6CoGj4UkgJhur6J*um(7xIw( z42VecvA4Ik7Co{80?8l=C+NRnw zIO|pgmE^;Ra_-Wl`|t*|C6-CK`1;c0Ciw*ffE8Q@I%1o=4>4*(L!Tb+@xO)acJT0U zBfTIlYk~!PGx5_=Ajet1FxMsBPWI7z*zX@cd*%b>{;4NI%fEg5R-0nNN&MZ!jUV~u*=LkJ zK0v{}`RZ4$xFNDn6P5)6eelcsbie%JM%DC_s%UT`jwU#}H^UAB=ReB3+pz52_8~Wu z=u$Doz*oSGLO-kyvGk9PC%7|yc6Pc3soSk$5>UO3J4eSUwf4e=3vVy(hM2D@3?4gy zk}`Z^v;#@Cm2A@D18;C|r?7}f-xul8ulpYhYP%j09B9emgyEH!m-pk&Fo&h`^77~# zeGNIZkzgL^JpjI5UtNIhe(IP1nX`CU_^A!V--?#E8xV~br!4GStU)nEzXQG8n2XM<`A8d_4EqOr5_F^u51Gei=| zDhN}#4IG5SZJvAE;G<4w-QL#T9uG@ph?wPS2r_Uj`S1dcRAuq zx<6{2EQG8NXX*Ivs5+RBC@98_>6|h z?2(HXH{lzW?Pm1sV#^{gzDrqnHgg9%Hr8Fq%kIDghk%7WP+EkCZzBl~kR(sd&Thkd z!PUAW+?5Nkn$K0Q()G#gV*(@Xp~9fp_SQ3FM-#M=?uBXv}oTA`~7TR1T%0W!M6 zJCzHsNyI|i)y58GdqG_V9e=)7ILC9e)pUKA1QY);W#z)WMqa>SVn=~?Nyzv=MV1=korJiqil=I zuj89*OpbEIOL5dbHa$zv}N#_MGZag9hlfYm3kRgQx$&k zwlEaU?P9I?%#&OF@nne5{iVu>4uSM~=^MUn5%Nstc08SM-mvA6t&mSgCtU5ht=5_i zf1#)atBOTTw{nZp{4?37j~`!Cu@NPB$-3%Kyu|e)Bk|93RLcKGW#RuI-v;7ObMxDb z4XP1f`Y?O=qe%6E6Jsr*5=v_)$CxWe7SDo_c*h~?@!`V<8)nn7Rp=}Ye;uNJ)F!{N zUMqz5GEXKTKda}$#O5zzWF>C z%ehd|cS^1RS}izNJ5~eMP>w4q=3~vZS33ii8Aj~%Q0M92 zx+uwr=^HJrl`B_%gfG}D79K@{D(wXM0#3khMdsvGmo(J_fN`wY>Y@Avn24baBWWq( z;^NzRc#cM1oUqNBOum9=;li}TPwn`rQ+Wt^@Po|_4b-+aEj+brebq774Gk;!ySlny zq5H00a{;bT#BOAi*b-~Z3jiG35)Uoh&FK-=G&H|ZAtZ4U-l5eFng6N629o6&VkYwTZTM5&J+_`fM z&zu)*Lk^h}M$^u8u4AwBC(eao+UTn(bTBHnnx(n>_{b4oUQ^T1)s{a&t|va;KY2o5 zfzGip3zCKj4n!VRE{H#3Yi>%;T$t&DNgTB^F(5+ne(vnq+wSfwVKV}k;6R<9R5LD& z%UO5;wiExhY}v9_Y%%on=G=}^|6iawyQ?fI&jFc%tUW9u#J{MO$$TR1$y8#vf&r|??i-%6_^j2)ZoVkNh%>o1p=Y@k(i4a zJxAi4=hq;S2Cm?$tCO&Gu7~H+sA)1P?$xVhU^5B347@l(oc;m=rZ`GK7_SW3rRdS<5gGSLTb_!udlDi z`?$bwgC5mZ6jq>!4-Ech*bj^M9_55(#Hfq35~=yI3zgN?ODPy*;HlOUTPrZxV<|^5 z&@B`SNme2L=3l>b006d$iZVkuMg)mqH$ASX+b;L;@MubIL4(ZtdK{Lx6??JC#wR57 z-YTv?i+u_zkX+;kK#;MVz(ANy(x)+yUC>p3eJ0E&JzeZWQqm`Ad{N84k1uzw^h0Co zgNjjH-_;x^N%R;02iVrvX`ZHvv>T%P|MKNsZaQ)tJOQacA#M!nJd&9JaX!QP^|#Ta zLueTEu`e<+*+7c1C&Lua1_(@y!?6CGgLD$ka=<(0tTV+Qf10Ji(ISGI@c!1%qYe{w z`q)E{pyI*`0qOZ&&9>H1auMQHV7g7%cswu zUp7oMsM(|J7n(W?O6vM`UKAJS&Y%CGna*YX2B265%3U7+pHK9kee&9}e=JZC z-mH57iXRILX%R!^3JDYP$lS_ALCSq>nlJ(y{+>RYFpr?Y9(xd)ZLO`hNh|;lkDN$g zTx=}eXjfTb*uvNw{gbDl^TLvwR8`jAMS zB7pB47Iq3TslPfO**s%!kW;X@0@JuWDiT->(umhu4$t-TjL45z;Z3rq^-^>Z5VAVp z1k6oWQZq8zk(_l*TU*`cJ9S12n^0am6Zw z9pwv-I8|Hhcm(a)*cb2iqE;TqDTL_c|gMIyLK03)+M$M_8Q#U zBA(6v^7TD!sbgO1 zhR6`Mpvk)Q;_x%vezye=E^?k*bgtjlWWtP#M`{Gn02pd``ys)OKzD|hpZ~tno)v^h z(?ZNjR_vP>FP32LHGRu*m=;3)OJXB1-3Ww0H7Zww;e{@-LDu7d6FctSy-QMhU_zqi zVbz<_5l=^E6%pq-V{1e@WQ=>sro zGWy59m_b?yS@x6MNTLLBjy$jHH*S1FO^IUm_0@04+Jp)MpAngW=u27!jiRIU6Zt#( zVUCQb^NCUpSz$2At-E;X(w0jkRqm{k(p#ocWU4H~S_T0Y7a9ZQ<>mB_;&#NS0Ks<~ zQn?7jGUebDx3TUH&=jrMJt_bH%fVvPpvk|aTV+60BIIi2Ke^A5hO@39gRdbf2AP*O z^W!xHiv26X^#LLz5Co-k+tNlKc`e7Lv7ftV8hRPp5kUI7LJp~IE^7@d5v>ZVd6ap_TXAyszocqun zq5+GkeuR9{v5DRWoX*S7*F?V?2n^X_mVY9!c!;K=Q=G(1>$`5}X(JEt=O18EbQ?f84-p2CV6$DD zR$I+YnGzONO)a$fppA{qdu;Ts$UJ?IhXbbeOLeqzE~o_(wg&}IbY!H5_m=%~DIt&r ztiFFYDLFX-uU%bV|AmB5b$$yi0Xlgs%dLqsMNjeg3sR!vzlv}x%%bU?=Squ_*6UyzW%b;!+pd~vt#n=@g0_?D!ToNof|Su$|X zirWw#B;bL*2eE==H53!+Mkb)V5y+u~asg5ZIu3~zn5a75SCj*OYddr6Kfp8RAU> z0xr2(4gs@aIdp*>2f*OHag!J*)@|rq;O>EUypOmFTiZkMGl<`m#}|OYf)?FpQ7?s~ z2Z^ZSqT=EnGjTLW7!W>Oqi(-$VPQcj!;1f}3?0I2Bc}5+m{t-mOh_oo`|IW0WL3vw zK(Wbu$ZR{1`g^mE6LYATV8dWUD8O)|dD%}lPN$E)(hKf8P6mF2GH~>KizNWC2;V9yBE%ZJ%MFLx48^eD#f9eR(JLnfod&&Fm_&Zc)%1MmAQqMYX@93p0hf z=XS5V5NJ^=0Or*fP%3hJ$gceqo(58x9|J&^d--qKc}3L7+D4qND#6u zaLF_j7FJf%-@g=)AxNULZdqF9BZ=2i#F3najMzu`D>s4T1bkSG8{^|!gB}0zetkNW z*u;njSxt|YA_yAnMI}EMArctDltT>mHo^y%TL+U7VN%AuM z&5VqY4s1Zm2m}@BtT})Ou3$}U?Cptw1?4~aebPj1h0_KR4t9M*k@GAK>YyXnu0Gp9R)n*yfF!4K_5gvF~NBtS-szG>^hOZ=I1X* zv}*UhGAIU+D)0#l%Fnj8rD$am!5dlWA&>BWxA&ith4Id$ur0z!{+qWaY?zVJeK7Kv z79?352R9?UiyjpqVJ9H6s2i}t)Y2^UVJDePV70-OtqC|$)t;St1uan2BEV^ggL`wb zGvfR%P$cvk8XBaKE0Y*qOPVXLt}93n13VRZ#Yc}G{TYOHo7CFi{;{e-edUJE52JwU z+o(RWUH~##dJJAQ$-0m2SfKrcg2E?xPRC_vWqo}nnNgy-($^Du6#_HCBN6>cPL4Ei zVEnaDOChHM#f3Hk>BxeRA<2Fe3WD+6eSOKBK!gH4*{h6Qz3P(xyJecoUhOYBLWDm- zLHxV}l^MoXw7m@_LoOT{2>z#QjKBhE@*zK{cQjM)K2LW5|f(iZ#ej%~Ro%iTk*;iy--D#H`R8Y=r`^KbR6 zp3Wm^&u&S|1j0R6VxHDG%Oe1_N6E4uk7w*g@87J+*GHBi9^2S!>m>F8km=21!*L4qn70NxH%AQk=JcMh9(a{FSig4%i)Q-uzaM^Y`qP-7_iw0sCzN*jF-q7?LV~*f z=y463R#ron9g6hZe53>$E40rRE-FoazqM=K4)=+*$+jN)*ROe6pR`c#6fSBTEoXuak3f7i4)tDzy?t;J3MFKK;ah_z_3#Dlh^VI)wU9Q`g8 zMvwE(vC;qrzsSz!ppc#=P{Bm14|Zg5#o>K87%df{e!haR=l!!Tlnm^PLEt`Ss+G7j zdS+-K0bZ_%iTkrWOs7hF*`NuGJP$bvGN0&RmEyea=yL4*`DnEd|HuXS*YtnyK(0MR zqi}4}AdtMj>-s9_*2I!Olo3b^fWa{(uVQW4WPg+U)n3qo-dK2Y8yndOCc(aWJMVw2 z53$O^V8ndTqiy27e@Z@}P|C^rV+XJH$b{f?IiD89Z7u`Qn%0mUMXfh3d zIccJUr-v@6=-apIQlNKIi9sg{$?`oAmo%yNmrYUJqeMf`hqR|RNv_?}y_@IH)<#Z= zMg~%v(=Fqml7XO@avKpet)Tp>_*2ZgPCG!UK)DS})Rb-e^F9+gGT)6P@VGu>^IF^x zL1CufOLNrtPy%f%kUfD=}XBKW!HXiq(Ehh>m~`M(3~KiCCgFtpE7WmnTXO78}M!% z&cVUq1LF25G9Ms3%9;DU=5~e*7q%YU4uV0@h0?+Yrb*7aXF);$(bKmXNU9-v^bNnM z^%Tc;hc8{tZBTNS?oHvUU2UiMPgjafUW}n>RynpO z>1>|C=A_e`BTipY;Y%{OfA`Y+qsul&9N{{=VI^1eteeOzv*J?eWeAcC)0h6zY&aEj zETP&hAjz7}10oDzZWgJ)W3qE?OgZit2ax>Agh~smq+8r*bf(UyN&B*j#8!`_qA6BA zh7P{FI&qID+I?N$f*2Tp3uPT9Gg=huJ6$L2eK{oC zHa*|@`VoDpS`pSWqE?(5(yBuBAY(JD04b^W36bXrYN)m7k zgdV-r)HUNRNVYFUr*4`gzT>xZW~$;6piS3Dnd5Z%?AeEkp<==)UoRbWnwyFS&JJVE zMQCUu3YU%rqBPcrwd{*t>C=EL^yHGN(=fUFZ`06$Ss(r!4Zh2MtXw`30IVPBk!3Md z+@3O!R*4#T=y*Gnw94q5Sz*5FV^yj{$(cYyC%QFd9fSL}NG2a0%T-yr)xgsj)ifcIW(c(o^6lMQ z_WE?_)6I;Gdg%7{u{&dm0-=4l2?cZ7K;+xEMKcov!IHm=wkhKhszHwQi{wlz2I?v& zYvn({K@D3`PN=)gnixWY6#xnF9#8jZWRTT?bW4DOt|o(C-iz69)-H0I<;bIN{M{?&<7npqRZeO4{D6r*`o!eCrTWdKyyvgb_O3g2)_go2Ei7PtYU&tN?Ku6!7qo5R{xXS;5Pd=0#fV4b zfi5@Jp#4(T(kId4G@R$1dFd(eVE;GKZKuV0UWv{P=Nc-CW375DX>X;9XI_qsUZi%N zUCVNScQP&o+QGSG;hH?h$tH5vQKa=V)H^olX13$77B6CCdEv&vBF}Dl zF|-2Be&MGOvSW#WZ+T7>l72(AC2von-2HH~PKbOfMrD4e@MNe}{f%-=UD1hJZ7>tt zK{I4Ek3eK~fV?H1a2fv_1T*`Eg>hnVmZN(OI!31v(+ymgIr>f9axj-KE>j3^^#(5ofnRx?M$Yy64>!j8YW5H{am2{pCk4Hyp<%m1CbLAGaSLBCW>IXB4Zl<>FXCJ6;s>KJ&O5 zOSai)1dGdJXVrcaYV{!8M{GA)a^2lUr&?Xwf0yh<;)0tzPy->8B86Mp@;%$>ou_0} z?Rp~0p~51MzTJJBkGs3l(Bg*F?jtUMq{vMe1Xng~+LWiTGjtOHpQkGsKd8Mi=wk=Yy<6m#Ew z4zZOFkTQ4_A>fk83uQ;6!pFMVcBe7UBWj$tC2uu{Llk@)j5A`YGg-}iwJ=fu1jSIK zKe2b1k$)>}H_^WZw(X*MCDPa?@_-#2xRx@-;IJ@_z8r?IWr~g(w_{Y29$@jw!>| z7Zv*e?z2J&Bij+ce)Cqpu(ln*tD$6AmFWc=#rKYO5)6Kx@6$VX@$q?Lqfu!%7lvgp zA6B7ola}mqs8R3^v|2dTWS!jbjKhpee~rk(I>BonZ}SQWki5+TTxdJGkU;#%-KBnsyKvHVs2jL?#Jwrdw?A4d~ zcB5~!XZEPPH_K-1da$L`Dy3WW*rjlBFMbd~?Sj0|_t&&%&klOxC5*n4rH#xCQ|y0* zXdII;dv_?38Xl9w*fpQjAi?N@K(1mzEx2*y24OppJ}o}*p&P_kKbDfPj0cGW$qfZN zf>bv^C7q%T;+%mY-mK$G>QMHq*^vw3a0Hbjfj2;|!Y9AUcS8 z2NNGleLlR4;aIK(u@u!}zG#<8PJ)@S%LCEW(wZH)rQ-P!7qdwZIDYb0?F?BDYVbzP z4PVKL+ElCvME(NOiXo-Z?BrN~-F_9Y?Bu{6@HX;+y0GiKBZq!$Yx8#=fF4DP=X3}& zHt=}dlg3nOBmD9Rmgz#Qgh8|7PY>KUZ!y#?Ifz+ai*4{F?3gD`oZv1=P?>ZiCz}9U zSKGImT%TJvJ@%WN;sc296k^vKN!E6N(Xp=A8VNcI&?<;uZ>_biy7_c)PYW1Li`p)!6D-`;aN%gzqSp6JdqR14y)%sDiFFH{R*rDP1NZinz z?O<9LIi^n=%S;+yPOx@x-vwpmC-&w;U`Wl3h-EY%3!upK%z2NZGBQlsao0U%=nie4 z>;^veVix4a33{9&O%@l(r}UBdT|{aFblJ9XbCaENs?@}Z?5pVDKUBFheFI;PU;;~# zRh)E!$Ym_d)Z|nj8t@irW=0iVmbK&sQP#s~X9GkiB{G1f6nlH2uP>w(Qb2qx1g4Dj zR`GF@L%rIeO7_7q33)(rrOeV!4*kgu#)8+sKZitJmkkkB@hwiXRq1z9rSKTFLr4(- z*w)#6s~o0-RFonHiq@Z3?Oa^8ahRSDyHzb0)Jz=KO_o<=We0=J-Po<%UFgK#R_iM^ z<4KzK#iSHqmTf}m8NI(AGLTJV560mRIn^x{=ohr(rg;|`nqA~bTG;+w1*@@sMy#;>Ca>d&Dr2-*y{ibBCHV#9gx7l8^O zPRV{oO0IZ3c;hzy+lp^cVG!KC_^^grq=9udLQu7iql8;()i+Y%p*&{8rzacEn`TQk z=eZH|dA^e^o>V@THEK+dIGUo&CgTS)H|#jhiP{B~920r0&U462v1t&4umuW7yZ)pa zb<^Qbw1s%wq4on6eNOm`Hb4N`vQweU)+Tq^{eyYEYdQ)8Eu6bxn#Ul&eSVof&U7I+ zPqZt<{GiPo!@4kOdg-}gGV$9WoA$vAIwl&KI}Uw!MseKsK9|mu%my{#{Y|UX0Y}qclpR zYT)rQGLUnn`a+Viw35OM^}%Iz^=Fr^TtO{lG{O2#q!QIZ0;;>MR}=LVW4bO(XsSs8 zUl8m}ikXBxC8T_S^ZDl*@689@&g4vYkmC#|nN`Am{P;m&HEU)zJjpd;zEBw*38-^;N^Xn7;;Dh5K$xX|$$BPfue;Q6UCU>~dhhv4(?2 zk2?AI_BOn2u^81wWz*1FRv0yH6SA%fka*qGSYWl{IHT?aX+vNEjiCelDj%jAeOqc$ znt`Scrn0lX%Z|E=vB&BltuE6ZcLr@73@6{lsp&Fjjv5W;`4!$B6<6X?>P}==vkDt* z60aWNJ3;Og2Zm>AN8r^qY_Oi_H1b1q+Mct}my=y|Rx>ebXsY?U;0MLFv{>atJu=Q3 z!^kmnh3wXiE80h%+$;c-Ymio zOdQ%-g9mc&Q3FW9MM^fz#gd$_8P(I17e=4F!6q;n$nk|SKvx-b+I|dEvbM8YF#IeT zgCC_p-G1QGP`r*ICpB>R7)wv+@}Yuv4<1bYh?AW_+B`}EF}F?&YFy>gAI97 z_EsL*Vd+1alC8j>6a{j8z8ur}>{9JhVUy;$7OAb`h% z+H3b@C-(_l9iO657A`qP#L31EF;&q}-kW9*2NVsYjEb8qp)52x;2UUQ+PWX7P#$^w zpZgl*3OE^F;nHM*a}`Px|B0rKl^OxW*qCMcmv=D98Q7!giAX zFaE(pzWPu2Bf((YVDT35Oe>PddIP>>G%CuStp|!wS!gUua9m%aGgDRh1;6Rk3yjaHg5b+ob&%#Yt8?A-~YUIK4Feu zl0vywA)44?G?LOYnliR8`K?R3^@CMso?YonGd3z~IT~JPm#HGA=fC%Y?9z`{P9;as zzQ2FKpfw3U=4CS0Js07vYdBIrW-Bd@4rkR5)$%+&I6FBj3&XQz{LSJorRhEi9Z}kr`A_jxsRGvOu>CqZ zaW+n$yag@42@B4Li4;~)Qx8rYvZ+z2keKeQ8Zqd3TWFKl685K$dFY+-2c6jL}!>x)B@O*m~VzuKkQm>b!V@n8AlgR)bI zbLsP`k`ITAHMzKj-nt@wo9n^pKh&Z%HlNvpXdgCjAHPGb?q8jkO(FBTr6G4Xwn z@a3^s*HfD$i&I|qbB$9uzGV-jr6=`_)1^;`vQI0Hw&hv}74*er``b%hom9BKaIGj# z>ymBL73MJen|gEI(e`bbQM3gbQt3MurWO=Ur^@XM$C)J8R~gpir}tV4wtX?dv20F( z_FlHbA&pbXJlI6vMktT+l%p@EbSa*Pd=R%G0neZEEi98>wo)Rcwl!7C&dOuwp!1>0M!e0rw0FBFl`f=BoNUUT zIpsJUfUgh6hVI)#1`jv)M6LCk)XDpta+BG!ov-bOuQ)%rAUEN2B$v+HZ74+DaEr!J z`L1NXo14R(hp&b9rQWENF`bUtDI2#yE359*e!cFUvcu$Dxc1z}u4C#8JC&kT#bDF%0d^|SJrEzDVO zJ>Oq{X~I-FW@}8zC?0mXw9UTBseZF$Mm(9R zkdo6`d_HyU4<65X-YCCO#;*0%r7Lf8f$AIS=G)6!m%hizykRu{wV6@o!TABvk?3vQ zZT>|w!%Y#UGx>#bvU#iYIT%bblebEw4J661+0@pw71OFm3M;yWrg(>)nlo0lAN=*0+Ub_o6)bGH zfg!%xvj0P$RlIXbleurx1aD&ze|_e{e6#U#%FTzmoB{c@)F&IXsro18W~M#0zFX6K zn$}2dp*q@?T@R_@eYQ|&i7rd@G5_oJd!#3*zD@1pK}>l~+Rr>s8cRtngqJ;wcXX>Z zo$kqrO=`3?aau1j-}-_-USVCYl}=D<$M3?nkdoOdJ9)c6-Nm7+7SH2kJ*n|>V4@*U zdENwbn4WQuH*Fzx*J+mWjOqkCjtq?uGxecVo9?{pRq3{}vLB3UcBiwwH_sfd?C-X2 zbFO@vt%sRw&wg=Ji`dVHrD>7D_xSuMhxy&c1~)j*v{LhKbGga-zqT#crG{#EHPz=o z_;IN`sgR>wZ`MfbbN8FJH$hUHq_f6eqz=v%pNmfrl3TF3CMzr9&=nSLplI1>N3A=D zb?mE+sd`LDSBHp?9{ZQ z?;B|x(vw5Q-!>!emOp)k-fJ|DgSqAm3nS+qRhGEy;p(oy$t*rv*{JGL?QdTv&B{U@ z>qOdLb3&f<`s;(P2PT=DGj=EAjuEIFZ5ZC!y>&a8V=>G3`}91cQxfw;Nnk&D=U$Ut`svMMI$+^xi+)#ONF>_c{zj>W7_Pi>*I^Vz>!vrfBnQd;?ju7rpAXm~r>ouqH)J4W_<**K@!W3tH+Zt=$) z6X*@Z+aGDCd_0~#GgrWZi&82zi8ej+cZK~QDhODD0s>5W1Syo^y^xqnJWaXI;e9eF z&i&D&9arrnP-1nQI1wm&qv!YahS!z{W^k%%e=hyWmoRl+j#f&GC|p7Lc=@ejaJ63z lXvX*2ng@)2Y+v9U$kIy)k-UwQ5GWLdW2a?fk6yd`-vAHxbtC`) literal 0 HcmV?d00001 diff --git a/docsource/images/AzureSP-advanced-store-type-dialog.png b/docsource/images/AzureSP-advanced-store-type-dialog.png index 534ecb221e9b4c7efda1bab9b8be958425776ed1..2b71e8ce6f47e0b32fe97f5ac26c1e77f438c5f8 100644 GIT binary patch literal 41691 zcmc$`bx@XV+XsjRDxfGJ0s>;tCEchJam9Ha@r&caTT)yA{XX7(BqStsA;AyQNJuvW;r|79k>L|ROm`V1 zq~}ONAKrbmkKUNHv&NFWZr(lC?RVO~@e3*5!~Z}nNeC0;_M?|0d>9x+PB*Y68@_to zq>zpL{psfu;Ut{Zd+8X0g2dHk5z|Bt1&?J~en}F#O%Jm*&1vj`993aRUz<>xfo@^z7o|m-2Gll-^zoMq>pcJG*uF)b#bcCh?gQBBfP)VX;d_IeM}vwg0SD>wFjJdeGzKBO46xcI7moJ)#XguMB5j06Z21otQu@p?31}?AE+s;m{#n>BY3!$DwuXIa<=ft#Ox&g1Nj|8zW^@WIvPU z&%GuF69o@abl1)m+Bt&k7fIqeCjP|7gk{KH@%ZvH*c+pCbX*^o$U+oVYiVeFNlz!o z^F#iF@yg63u!`wzC_NKXV_jVW|9Xyvh_*$1D1(5OcYrAJOv}_=>BkJ)`ig`1J}>Ig z=bRj#L{ZthyksC!mm_(5Gl@iJx6`wh!RFv`-8E}KO4*SziH#Ch>I1&QgL%oT37fw? zXX%40tUJvPy4*ECl8HQj*}lw7suJ%`ukUrxnKu-c+rP@@!WubDLPLxB{KlS@@5qiStHj}DG&K*w z3!c=K*a0DkLHnM;bQ#YG20cw39Uc44p(m|AH(mpd@K7LQt?J+DZNw;hG(d4(CocXV6smn^v6z9C% zh0a&v+|CvRX0C@%W6l`U4?}YY8mMZ{?NJz({C=yJ{@O{EPB*tGt?z8VA;CjRMb&{s zM$u!wYJKyxoX>e@^0p&a-(yTn>^EV*^m``oodk@Gjj6Y(KFbFskS*vg?~g}n6>ZAJ z5#IW0l)9ZjgchN|1=FfmMKJ8zl5?f z_ZJHT<4;EfL;Lr}zUS%E=@e)`Lk^=D`TgD}iD#0oUD)_<_>=9Q^;SPB+8)9nWvLWi zmW8Z~esSPHBsk|x@-5j3u`;~Ka&mrk5cN%VYHQUqc z=iT&SSy8ORuk-R*2)X?m_$K~zPorbnoYGo~<@;A{+|1gfdQ+MSW3o_;?mPe54GH%7-4O@mr~XQJ;AOo$7fd8 zZwITi+1i$-TC}qlZ4-X4PQ*UMbDWTh5$zmQ7?;akRm+ucX{TwZYs;E=Qxi0AW~$-i z86Xp}sO~3pDQeRTW7NK}@Do~*Q zD$VFby2peTSgv^I*`)mA=hub$jAF{eT2oo*&qncEXDnJ-%SJ-iN}{p&A69E_fb(H;*GVlz-M~(6!w@{N-6S-{MA?MHKP))rjJ~|n4&$M4BfgFg*h_P zF3C+y67n!5r?IZ@$4}f#RtLIBGwzA51_PJ7=Z9$b@(qxv!iyvB6f!edC=ro}Z}K*j z-=4DH6F?3y>;8`8^r&L@HmdrxW?Fp`cigR=(e9w#?DaMjnc=w=SGtzZ4>-q%36|@;Yd!DSZ{Ts79T6u^@`jGz? z9eon!Br;>FZ1b7N&rI^6-SxG4XHJt_g*g6o?cEWw>hAHws}5GZ3eLAw{MfIU;-M0i z(Eb|5l<%<;q@%4pzT35Rq|=7Agj1+7`mV-)U0&^K<`Mg$X$NT`bHdr0C zfJSR5&-bq2qX~*&+B+}kQQyn3{5@1tEGT&*i_<+Nxa8Rnj2lX=c-e3X#S)*m>L|G~ zHnP{1#LRa7jBBG>Z`ty)%#KL5EWEF{FZOiWr7E#wy*7*0c!firHf=4GJe$9Jao_t@ zL(<+z;ba=-jMQS-JWu^w1GnmOnc*OeAmQrg4QaO^p2a&X%?GhqL2n zb;HL^hBqe+aGForTdAD)!z@|MgNJn1Jb7_U5R@#oB}C>tTco#S%n1EoBcvkcC3-PjC|4HJ)pP zV6UP#B$w!16Uil}w%E6%V{akzdEe3a>Pg3x_T7MFW@?Ux6dh0dtL%3_94n&Yv8x7} z`D2e+-5#Xu$pdqHf|SDmZtqob+hgETG4{BzXzW*ZOb?2m~|~( zwLNBTJH}Wmf%$eST1W^72Ij{ln^d`71n=I?|8k4e*v;9lG z6K$`aemlMTdwDJC6Nl9sNNTRvkIwvz{bH(_hI5m4n^R;i%FOK|Y*wrtyPo-K9Lj6h z58Esy9}~u_4ts=$hhx~Rvg6lswB)E?RhXzU@hLsdO}X`&n&HV%lWLAwMP%0+ZGDe{ zO@})6dx&|uQbxYaUWO>|M znS%B~2GYdO)RYe`^p{`5gEY?59wn&VdU(L@UhChqGgw(WyP@l=Wb!qloP231g>ygd z1}A3*bq?Xt!txW#HAysIo{_HI%dqk@dkR0LlQ%|JWXJ&~-LQ*26(Y}r)HXd6ebL2p zY!|ejN^IaujA+PPw&c7Kq0rM z)08G%>Yn(})TzSlvWXMgJ>HlYRM}Iad<(BMO-rB6+O{yWLLB$C4LcM);($`U4J)pl zL%YN>$$IY{vKm)6d>*O^u}j@4>$S-w6&HTaLGM^zrJ3bzkEm2$KmY3(bIaoS_$j}U z!*=y(&ZlDYPi)Yxf2YNilL!b9Ezo_qPTjcVQVTU#tHfx1$c%_z;0s zUy_6d692-r$UtoXyCJdEKCaB&r9SHQ$S~@0e5!G`9^s1CVjJ=G2qpbgPTN zZ+T8#9?gyj2Pb5r(Pc}YQ!8$}EAL*+&W=UhSl3tNPUmpOY+B;Nvk*lASKCJdM<0I1 zDK{j^pZA%(wR)yvoM%;#V3T@Qb@7+Z@j>||IyQTD>_zl1*Bd2Aq5SBRiGcB}7(I4) zXy^?sp&S`%uYA)tOi2+-MTRoY0^2n+x0 zO%}N(;k+Kgh%BPGM^y44)Ouqw+^nSLZS5nIygd5)`eARyeStT-AvGswm6~vp!b+|f zN0#_)FS%E0LZloFL=09koX*cIj&1)8_1<^VGpcfq*@gA!P!TiMe(Y3o(fD(B)8V9- zd4x?7ca5lL#J4$iUEEanhCuxb@|Mi9%A22)i`nW)ZFNs`F-~S*XHf9^9j5v&}+vXJJfGUTD{co=|G{xM=a|KcOF}J758UgF%Py_CB$`I zBOI$vwmzwyeqtqXWUfn%MI|vDBp|xx(9z9FQH*kAG*J$FsqyHQdOMwHdnd)r$dw?{ z*zw)Ev8(OSD>>Dh5hudxW3~ofiJ8>4{&LnUqv5T&TxfsF=XaA*7bSlxH+<>YpAhX@ z+Qo5tJTNhAex*3B*yAK90?o4xzEbfMD_^&}LM8s5R^GN%m$Q+xIc6?EES)-tX~Fzu z{+y;CqUk2S6MoJ2jTmG7{^A=*0>}Kn914>{lE~C~58OW>joBC}EVV!U(@}@Tfs#p| ztCO;9xhi@S{hN#a)KKk&7@C~i(#V*6V#o(~jVdlbe!YR@xvvwNG_k@b+a-!Yq0yZ{ zF+2o>rBmYFsg|T4^SR^ISBaaJjEqfBa-@nFFga?{ybiQ~9mA}OKXVpvWoB4>Pu$ej z1K$>_x~_BJ*^o_i+=*S0?`QFZt2-MG2)>E_=JpW`a4>ol>Np1P9yN;`K?9C z%}PT`P2C)3w76f^Oax;2C1c-MjTrHGjRsL@v$6|}ZTY#`J1783(rXWRfav20_^74Vs_v;JQt`8D0+V#OO@OB?q}cBcFv<_H zHT+V69v4+F_6ktF%flOd>ub_2r#3pAfw|!BsoW(d6qV0a%VvBVs#cO?d=fWWs3()F zR?VSS+Dj}gg_YBgWNvLHqFJ9d*1sH|I?|1nCb`aL`O}|!m@2f+9)kP{QsVrm{S8G( z8%FqjRG-X?Iob}&rJdNjk8_h4w5IMN`+&p=9 zqN8pAW5G{DM@zi@!Iv@zc4?I?o$I506^~V!5zsKrPR}UQlG6LZVkIZ<( zMCqVj?!dM)@T10qW8+#VS$cMM^SigwR?ib?IcRV0SxJJ-p%_h6z>;&4jw) z>5w6UTbbA|22)7vPeX2FK=D=L#`-)@;BONi5!&AC5?HhJL+|#9lX~LJJ@3{r&D1 zXk2Xxe7=&IgCSF_Rz^Pu42wl$AXw1x2J|QS-SAU@9BG>g{W&oo#XP_r%cv9a5R&hY zV6nP2>!z|W;mzuNIjN7ef%<2A-M{~L`a>K1GW?o941Jbm&RdQVIwKrP{b}w*D7>_J z>tQlF$l7vP?hW6q6KF|fGpDw={ePgXcAR3$pIFSA`uH;ba48Xp$lrm^b@%)dEv}{{ z0(z6$wKF3E{aJ|cATc}Rh*x_M7Huh9Z~y(n#18P3FIl>GF8=cx`tIKJwo$d(jbv@y z3_MrwOffP2o&ir=F1*JTTd%U&hf-yxNj!!!I*L@TCS1OR60B)$D?EM$p&t|&s!YuT^~-ZxMA zQ4-9hroFB2qD~Fx(ZVD+V|<~_&+|3%95*y5PNpHA3uiR{>J_jI4|U#*EOGRxQv|jG zzVIRDYzxg{W1FLC{)K6tuEkSt`9256B-AchG_QxR=RJnbc5_LJ)9?8ypY+0S3^`X5 zk)666L!k<-j3Rozrt;#RMY{b7EACW~!>Iel^(B?wgXTBR(gG?I8+k>{sRrW}8>5aM zakX5ZD^p({e!U_*qTosON<4qDW45BW`NRo?$zzE^-Og|(qbEyCOR`tN8gJhs<#{!?v~^zWae~|N)Syo- zpM^wao$K(_dr?jG#ow0) z_*2M;DABOUOaE( z5SjIZv(8TC`9^6WG~$%*9XWuPiLm@ulBit-zNGLu0!cgyVwcK|M^VIecsAwYeL3FE zpkYW$BDU@sqt!?~2ATljvq5xso3(-TVjDc{7ljOatax&JcdjLm_v~t>+B)8gnV%y; zvo*JuxZR6`>5!)PGB);<4q!V0zW83FaxGq)MC>J<%~~ZcGKS|bbE(>NmVO?*F1_6A zy58zQkD71*+_?LI-8XAK>>YL(4o*+>1=rLo&(9fj|6;4P+R}F}w;+k)`4|9#k^V4K zi}`5Z)M(^x_ih*u|A^>ACuLC{vq7H&TB^Y9 zMoRmgmN^)dfIpkHlMhT6SLZ);|NTpK^@(G;3%zk{=<5;J*PYC5{%H-9yrP1c{?Vv= z=bKa-wK3ET+Y7@)uk!-!lEXwhsl`?=1w}wjR6J}Xtbap($rma8t*Jz7qmT=25+fr+ zCUr_IywLeY`_lDaSQH)CKvHcv9)9t&=G_cUx8bGTT3H*9uKYauMA=j%sO*AXLW}Wg zetEe`X6ev@D$tFaLgOBUt(wjO3_A$mN2D09NV?f)N*SJ~9@Rli%5Lm+Al$T5WuE`m zJs=uIj#~TS`W$50>({cz##M9M>JI(O*`PZBdjGwGy|Iy|^&TVL~fvyRRzF8=^pJ{oZf=uWn5BP+_GL4Z_7LGp)h6qlN7mx4k> zU|^`PTw;B1W64$z8eriV z(!F`}_wT3&`;9GVA~ZAuzhXnb3Cq%(Tl2BJ1tZ{*-6^u%(9+3iT+@dW8Fb;0~KiF@6JCL|-Y)`9G8DH1HW zoOeyIAiq+VoAND_oqaoj#9m2--{h-2b|RF)DGJSpCyWL3dkFg4+5Q(p7)as1E}?uv zP-{2!P2sbmGq{TlQ~AxBEbxqyGFM-bOi-0~QmWZRw+BmMxx<<*EMsdJ>AAJsWMrLb0x%8q2@ zlHHeD#ys6wEFNK3*p2IMn!%q@N)cV{Hda!MVlbK_%QETk_7+V@d;2Y<_>RqbrMx4W zk8hDmfXK^5ei9|W2Y?+}Bv39cCJ9?=Y9Xb!YRgVCu@;u`aRA&O%K@ZWujTj?wtdkw z@X(WG(X93nNtw6^jn3mQchUNg zq!J23d!}2!7xF^+kr0f=TXb@{=~0s|A-d`3_H&u*^zbFLp#*mD^>&dgEef^vHm<_c z#O|7|OF(-J@&7)vV%)wkOxOf`ygG6BRs|4447>Md|Js0FhLoF_icT+IB0hcZbO)4`kkulPWP7+ zhu6`&O-xK2R^mPN$4gB7LZhOiMb*>@Z``=Sl&zWFvwo;j;~cR*oZFwJ$iN9w8&zCn zr0|Cix5c8E8%IY^2?zJO$bH_cs5~PlCoj_Py-7)#=~OaBz+r1X*Km)Xo_=K{|0S2x zQN!TiVQf|{^D{Qf@0aJtVNR3H&7QmS&6tlKeev`}5f>LPRUOKZ&Aj{I0SPN>S>0-U ze7u5^QeUB7H{Nh1$<=8MEtBJc{>A0xwjvkUUW(&dJq9`*5N>GV=7X>e7 zb845f1C8MvRei=tigwc1uiv;`IZI1RZ%LsW@#hX(U0pcHWhuOKb-m(J)RUHej5vDc z&lkkmH#UsboOk&mnN8Ztt(FaoHnf`k-{^LPD`glA*45X8dFVgOC3)uM?~nZ3Y`Vtz zbTMpDX{aw*gbf}hx!>*bQ2sqH?;PW}>3?PcjFP9Ap!d0~CbBP!n-E5Q|9)GyJGL{< z?W(mkh;+2Zg@f1gfzF@LHx`zbhT7P-Lbq$LV__$!w++Fw{L5wLefy-_?W+DKF)vcj zsx=xBceFby&Jfw{n&T;_W2%k`{{*rR0s@6r%i>73+f!oGH7@PN{7-OjfRmHitzi(k~{s+8Vm58}H&4R+h{F0KUv9XE{#u#w{ST~=9nVFf->FEX$rv(KC zd3kw%y1E{O2+QhDU0gU@T3Ny2%o$xw$z=D5iHRGU5j*`(QW68n-QAt@XhbVZvCt!c z`)tKO3<9bxp4Zbbv!Zlyd%OGWaGf&xsF}!ZW^vJ`d(AR;;;e?HX_A$h=VIqueB*V4 zH)fI1uzydFB)=b?Z035pSZ{AH__CA#E`ZB6X1ZLa!9W_2%O_+8vu9`PxdvlJAzb5Ht=2VWwLf)!ZtiPlCZz<=CF7enZ&s|?yJET8y&kh`}fOhkvE)+qgu)D`-Ga+W(^A|ip4Ai z(mm}X1*}^Ams==k?TQ83_heGV7n8%(>ZYb*;cH7scL-DyRvH2SXXS||mk0e4=wX#M z>;(JE-K2DMu%eCM?_svIw4|AHSF3fyI`8i9*TXL_$2$2#9@QUsdEF%u4gU<=^6uR` z=bgVOSU5P-QUpdp{E6`}c9Er2>@!vE1a7VUL9YPJfe5=dFOB4D9c)cT4Q9&sC-9-B zh(^?Hj25<2SzTXU7MV@Q*45RG=hT{vmy}gjS^>r#cfI=l{re7-fW4FXfc*)pZrRL> zDu?~2%*Ib4Lg3jRV`DdlztPGoE!7*z(@085!E1xWoiy*V*%%3gJ48}*+GKh{tJYDV z)2`p2;x}8ERIrCVh)r>Qf%V>t!$SSNwt~V_qv0H#!?nSVNG4y{n;nS3TNpSv&11zz ziWS!65H!|n1Ktqy3H__At{1HRsS=feN~{Y}Zo zujc0FUa%jF5zc1TGY}vtzEJs_OmY#{v|yj##d!t;tHO zjgdDcCgc42`ecZZ$;I6 zG!zsW9buLl8pL|tv3JrAE>?%K@gX1T;ehR$bAJ#p^58!C{hzfmbaV24{D{@feNHu5 zX{UF*HTkyn^r#U>y$5Ecj<%-*{QS^2$BOGaJN;BEZD&_j6c%5v;hKILO~=@rkdzn znttH2va>_mfrIhAe0*Ne(&k1A{9Y2CJ}%{kCI@XYn#(B^3hiDO$F}*wiWFi|19+|! zX7gLy+qJf*sJJR{8)>Xg1z0l{;K$vn~f4t`FH2636p-R%N9p z{#I_ynPG988?-FW{SF4il0(Hq?TDEmXoW`UuhO>npR z(=}YMj5>P@t!M=7!Nj~CJDn`kpENb4bxwWOlm?eUE_zDI!$YL0H6P-1PZE#WIL&%% zLUDDXyiik5FBKAn5}utU817pJb~9yTtXRa`-(L>tH3|a4aGP>p4 z)yJ{)rW34uQdl}uRSrHeF)`8~KUzzaib-MdCH5lXKn@}=^8+6rxl*>=>3jfBFd>&C z84j)5#{s zSm{MvV{bXmjpC(%|3^(t&9;HkygbR%)zr9Pc{K;Va)`n3(f3Wpii9HQb$ot>hT0AvuS2B?8Om0kE>QvO5Rxnsh8G*hZXbTs__7U{;o)6`r!u=)_Zarm&4pCnOjhhnM02Ajm;yy^kB0nlL zBR>0#Kn?cm*`;m9-}n=ykaRjDnLHe9*kk6_*E1m)YA244R(cafW8hlv-@gwAph4l2 zK$fjsD(CT#C?}f3E~oF(uJmHxMI8Y?#n)dPVjbmN?(?kkxX*E1pIyl2K}6auWM3JWH8|Lx{^2 zJjNA`szmyDhwc=91h5|6&duS^+Q3H)*VGGCJK@BZ#Zq$(U_62 zprBxcj;!oeoK5!H1dX}d4GX{Y94XOHwGa(!xL zweM7I0E3VDcH3%SzkVg7pqN`5%v4ZRgc&|W;f3A|^>7w|4B&nZ?qVfBZ=u%NH04qn zs3P+_v-OB->2~dUcCh*_Dhj{ZpCHlg`l{+|Ewk$S>KswTp`Fl&g$x?nl-EM90}#y0 z%KAx9PcPim(9lOb^(8U!mu{ZxXHbEGmKqjE*0`Kop6=<;GcX8=iY5Vi^>C1-kd3Gb zwo?wHQH6f{(T}E9?)c)%uPuzrvqQ>#B?DB8bmh|PIJ?y8oI6yktRp*wWG;xy>$JTh zA-PEh=?Co|0L7p7c3+75kn$om3RnQOYR3?V&W?_bonrvjbPNoM4*S5WPj>#<}&t0vq>5N;q;e3%(x_=J~cyMKyMzaum7gg9vZ^7 zY$_YGS2{EpzOR0l*tEH$9rxkkNnkT^Jc<`w^mTP0GI?5M^wlAI+1@?qgB6cBA zfKUV2kMTrVAfh@L+2e-@y8{ksZEc0%35n2!z4Y}(?dCdu2DSAyGxN}nLbW54tE(%7 zQeaS!){3%2uFY!So!@npGL#kHRRh;zd60kvQ4Oc=LY@v}D<6xq{ME0isTmm^&DZV3 zL)4Rpd{XxNoh2-w5wW{HMmB`IH zPHDem3?jgZwKXFw@;r=#j1oCJa{^*9b-#X&{*3kK;rg)ELdzp?OF8VewBhlP^oy0$>}T(EMYDYa z7#_oJQ`gnC73;TsPiOi#IbaPfbH7_l<`FDOtlO1ClRtsTyLUGbEQw$+KchQtj7&X5 zfXF2nT1^4qbSUZ&ptI1DN!i$NPn>w5Sj7(-nkiq!Wt^YFJoTWB`uhdwkm$Ew@tiIM zS+5WIL3KrNDH7}Nr1|r2h4152M8x;&{YKxaD*Z*1^`&o)YNokOR{ZzJPLvsZ>!7oY&8{t zmsRn)v`lHuwg{1Iadha}a(;RT0_cj1Kgg}x6HcDIXIi?Qd3KTRw}%~rnXDt=ht~)J z_(4$cuAH14A_HdY?(oK-pgsKqQThe?6hwHX$*Eh$76R>k45MIXR@*(UwF_IxpnU!M z4lKH{v2mMNdsi2KV(-k{oaOi;a8@V+_7X}emX?-4(*Crzrcbz?_#~L`FNr~*Sy)-s z4-5o@5ES(DCxW7>si|Q-c>+v9GtJ1kYZsFN7qa04T#WL9K6m4ychy>3 zTRV7_@b{o0y!TMo-o74dHlOX|;{zq+@A!D7Xxy+5906a$Gf}dLrS=B~2Y*jZU3Qry z)RMI}zFLL50r28+a&m%a$B_mlmAOrx4|Jf*Gn|wuI+Lr$QmfUhy+$Fx6KAA3$ef=E+8^V`npOO!u<)RyS|37|50u;h>j&o)?KI*b* z*%NuZ=}%3UIbRX4Q5e2`zhJWAHELd)xs&_qAK~+4S}qX-7soESWNr7YFr#-;PSEvb zPE&1P?d1eQ6DG7~x@@eAbZjf>Zn-2|Z4&b_l!=S@od z=He%J_1oyvC>|=R@42d<+iQW%+VhD=bJJ~oZTBffPF1kp572!mF`Z0+i+wh{fmS;m z^3U5H_A@OQJaDn^82=w%5BZ;pqrbw!NdH^^O_u)8izrPNmPKLzc^Bos5BNX7i}F9c zn66{#lPafn1I?GFA6cn?2a>vY6jvx`KKbXt?G&?1Kai+a3tc0dPnsVCwqH)6wyO~ z@<1WcIyn31B^|?zA>|hgeft?U=@s31a@tAD^6V~K6Xl?G#eygcsH#I=-K7zMO1!<} zf$OKsq+0GTRU5TlEJc~In$I8w1_mNXF<|r0-k7A8(Ei4|oOb8i6N|`2bc8 zvsq|p{99TCU%Y&Y5S5^z&~tXTwN=b-B4Y4+nzxdfHzxt1)`!uR`|7n8^T;3!S6!X0 zBSgB-@VI~)y~DzA@ccaBj8ZBpDwH-kIZ&Iw0tUrjV*qf>Y&y{bO)xW>mVqG%#Hi_B z_EfPb-IGf7TGt;?oUbm=r+W*)d4McwzvW<8!k>8KZRQ}JT47<~{ONKWDHm4^U^2qb zKoi|TEk^$gV0Ec0rX3{KmEl|>0ITW5+J?nSvCex!AUK7y+fYDeqs;Wg^8!2Qfpv{_ zSi;RwDVN@49~&L*Ew|DGihKJHtcv~B>GJAWG387CAD=)EK>F_Pp8x6ZO=%e!hrL!( zkXLU1hNT4wi4GbVs1Wr4^ZdpH0Gq>d7l1HDpPQ>(>JPvkx8(GA+D#8=zxC!=2xuHX zV`ELpqJo0zFHZN-&y5E&WI;AeT>IBziQ6*tnkYP^wKZc?UCP&6S1*m}hNcK|3_|-x zfDg!3!!qm5wY4@Vhd1nJ-Ek1A1Y8&*$^t4O_vL|1&Dk2Irj}L&Xho8b%Yaj#?6uQ6 z0GeKzC}#i&I#)cbrZv~#Z46itz+^NC*qE3y)u98K^0@`T$Zp=c1?8Gby(U^Jkv|`y zJi-ccUtd_kNey}v?j#BXH1+ld!WCzimr>pVC4BJUf%DO*9vUHMI4FXFQBlg9E=HP~ z?*To+Ihm{ER8%_l7Tcl6GaK)NlI#HYeFD_FrL%Jp{y}~#g*9bAj}9uqDX3{6t`L=( z&)&3J?#i|$Kt#aq^{^`b9LlGo2JA&One>m(+D|S@_92wQKt(_Rh_82074kmaKmc#p zj@x(c+~|SH8)yrxc3aOt)zEJA!5+v}Cn76H;{;Rz$Q6JK(oA9iH+@GX;C@1fg+~=O z>&OV6vND*7Gdnwb8yQ(nAr-`;rvd^3Kr?_BHo#t_#yZ|FR_X+x-wK@8+s7vXZZiuu z8;H=^@wNnDA_N)%jmkskaAPzmU#t1%%;sh%@Gfs(Uj)}1oUBGH6p`!67f3LmzX)P< z1L%lne8;$1tr$pzNVGL4F9NuZo&s3L!oo5?J1_tk{28zy5^eRtW38qi8cQ7!(2nIQ z2@&ada=o16(J~+5yJfFdtRx2d+v-#`2ao~d>6#djzxqIg<=vqSiH`me5)wlE_9i?W zygt4$MnWRM3V>9FfZ<3`qwb-hHFR|Rn3zxj z0pTmSJYcIJ$Qh&)1uc5!pke(qjJoh|MASOi+xKKEv$%qhqT3bS3h9CSM)P)PXsCzC zDG7-i3-kHO$;`@13+NJgB_+t8AU_sE@xh7!!GAkV{NHDqg=gYO9$qhZy{wq+%XN3Z z1Nk@uIZwjQUZLW3aD1E!gbb?H?D{(DA3*iwfPotulk034jfT)bcz{bQZaOl7K2)dS z0Mefr=%@&z0E#dq9nc%e&BdVxkP{-9P4Ix#&jT^3+HJxQ2^A9&dC93y zn>TOn?C)!h7U(Q2Ec}d$Y6pRO=jbTsV9y*l@9E*N`aM+C#Imw*ux9|ANG&x5ty!9z zBhejt|8NeHA2-2!3?2M|`f=rv@GpqN-P6eTEo z_b4eTl}e1gYioIc3OgST%6n+|Ah}=zCPVK9P=*(LS#xk=- zAWZ;ku7?DLn(sY(2!)|PQQ#r4aZq)aq2_|x!(FxC#X+T370xncUr+Z+GLhd8p+CdE zV?VevP^c#{<-9Kj)ad2?`}fguCml~qD-bpu6x|3qjhoPI>RVgyF)%RH7r@6piHR>k zTBM)YuuA<1a?3K1PXwz&h(|#ALn*f*bHGnQ$}1?)gf0i5`c@t|HB%1D1cYuE7Fk(Y z;Bb{~nj;|DcMPPAkrDgG=~~llYP!`mvDl4ETxt$vjFE=QI{G&_n5XOJR6H9I{_-(C zv@Bt5&}x7GM$*$;w!E>u)ETu%BMfUc?2;pKpR^(l5G>ms7WnuBA+UZyqJOB`K0%K$SeSJmTiP>0K!V(e^glRAT zanOT(d~1cluG}pB;5cY88<57fF=ZJUE+T{-y2_DY6T)L>Px%iApfJtPB0KoV!Wl{r zBN>yElW7hVTHpqkX)MMK7}{i`v;+rZJs{%lfX>pLnOmb|K$)SG-PGBc-M2V0Hl}H0 zq?~E;{K#2$|32#L|9UleK0G4wzd_j>CRvgHdQ-UR|K?3$B|l_*b?oBb zCI56ez|Qfz=(+>?uK$goGo?hd#W1t}L7pemuc-f5UQGUop*0!8L{L5CaVcgjs|$sH{AGu3F7;1X>$n{XYLo z>~fXYQKu}_+6AJDI-Z*P)Mno6tP*35OCzP>>#kBSs^V%2t`XZZ^tg;O2cpPqHr0`* zQEzTx0c#&I6p0^wexw> z9T>ZMz_%{g@o~rYV{dv5o`e&&j2zakz7x}BmUTaC}tD=zNA*JEXB?X<w5xxM$W=QlY^-2ul1-`9fTuJfo%ecGAeI|>ltSI zgIVxtAWaHkoPdQmJZ9;Ks5X##nP^H#m?WZ~KuKCyTnurj&bT}Pcf=f^jZ*qDzFE~@ zC~KC4No zM$1oPkYFZDCbEl^r~!|p0K!DWrT-3afljaM8RU1l?Is>H)i;I?Z?g#n;CT~D1|1n@ z!YY|y=Y;ud>MrgDMLhh^EP$9&(O3boRHl@|j&JCc-yj^*hEvH@#W65Jrvy&YYesrYmMhQyyZVqf3)49_c@t5)_g4BS`mo z_EL^k`I{HN?Zq(O(W+q3OiUA9mA$NgA^$FWs=Ilf`@ps9G}?-Ld5W-xBW`hN5hPj3 zm-AGcsTHP2Wk|rnTRJ+l!F8|(v9t^?Qsmq0;fV3|X;(Ik1Aty5RqN^!$zmoxSz(ju z@X8;-2(HhDYZag~9#2?31c0@WT{@)+;yj3r(~?mDf->^Er9ON}N*T2OdL}P?uk$j7 zO_w5m$0xgvJ(LsQvpX1L;!ni4REh^sTWOy9@t?Q1wt9mmjgXHRV3UtF$6?INTT6%UqHK5b6kB5QjSNfwkBW+xC;jD77T=- zX@;=x5%>&njHIOG9}uBV#;33NL2%{uK+^z8=Ex@xbaf0tv%Kt1izk0Ce06aqH&$@WD{V_1(KpPeHSX zq+96bOWOQ{lnQzUCPkI)xU|PU+kI*vp2569K`o71l^{%)fMB|SzyUDqg7BX^Iz(Yb zxDeD4@aZ4G7_ghVKv#=Q#zV`>SiukKMobrg92z38_7_}-VRg3{r>$~NP&gl9VKspD zTnES(+`IcgOe)x$81w`sB=mOY8o}^{jK&2EMWND`8ir(O!AsWxr5d3RBZNE9JPo^p zQd9Mc;eG|}vxV3dr^@L$D_=&o1>Iw?_4^@)?Ln0Xs9z&;Z(##)` zFwxV|3HNNA|?6y?SpYHGNZA>p$ZdLe7 zfJ+Tptv84X6t&ARcu?HhxFWqzOwTgi6p->*i8-rc^*Ilzs~|0L?(ez5Hn8Ksg51dM z%X_2W^E{Ht$m8#)PvE97noUK6<7u_GAcO#BAg9wsh=R`8TV|nEbA9E6*lD035cLi9 z^|xT?1vF^{R}&N$*M;g0@^4?YlU;?~b{9y>oAXb(oms((I68)>X@toDU}F|AR)Yzi z4~%;O%Sziht7%i93bl++r3cp|oAI|CvqUn2db?ii3IGWI6U}C|v%8yaJp~ANwA73U z?yebnAUps&hz(;CYT1(9~B%2Vd0c`8hF3dF4wr!Vtc?p`(GBYyUt)lDoDGK6m1h} z(!EuS%ggh#vlcSLaYF+ZH#qlNUS2HHx)DErKI363YVjQ;c)85t4(4xv-)d;YyTl?P zd|%UPD6K)k!3{tl?%uy&U{*S6tdk>8ZL?`p*45Poc{e@{veb=WT#?mf4aU&R?&6AR zt4EIl$0X+|1Kn2V>#F?ZE;wVt4^Uq6YmK^n@Z%>X5y0QIwVLx&pqzJ=cXdyza6H<8 zwR!-lf@rn~cQb1G!sE}Mw?K!;$jRg3L-78;!T$C@gQPzX8-l+H(+DXC_l2YG{7yk( z1U(?V0;XXa5%@sX4pbNriMCTAQgy znVBR3ncxsWygv(S{g|VMVCE5`+Io6gg`*UzE>>Vg{QmvBqmwxqF>nVEK8#kKgoY+Z zg$NwN25ov+a8yXM6;SQquh!_urQCp7vZw6UWNOtW#F`ZyIDAqVTgjntTx%F@d z=KF#WRpkDCg;G-j2txG;?8UzARTxeIhx-L7sVB4q*>fkF7cZpo4V_>2O^iLiM3Q&nuSv9VMtWk1Pf zQbx?eSAgipaM(2s9>lagJ-`?A9yhlQon|8kXNnOIg4|bVf|B zoUJ5=3^_rT;&R&4!Py=h??O?xf|(9rpa|mzG(v=#4t*-K&mjtQq}=KwJaEux&;h(0 zL^dkhsKB|RSuJipeE9GjofO*9QU4^kETE9&_RS1{lml zufD^iSQxq4NFFgLetOVVAv84TBkaL&IqfuamC1?gO%#}4UTzklt=6u!Epa;DLg1yg z<~xV0{hlCj(%bKRg7DWL%EE>6LLt9Bw$1Pd#-!eXOP_Pjh4bi9I(6}pFVlE{LPYh} z8tu?+7W0%z)vk-5YVR#|@0m3yIl$spj}LWdIYHNKY-|KSA(#@t$KU?`{fg@}HLx-v zB&YUJJ`iy^27{`AiH*$%Bo!?A1<(hyb#)62`bl7>LB)ttB&1Ur-j~xYjDSd;G#@Wr zE9=l@fEAT>HPtOFhrcJX*G9>CGV{%Pdy1fN^ha*4S@QX~F*DRyFZl1`8X~yuy7BSx z`0YLzYXJ|hZ0n^Lh0{+5n}13?OQxJ#e#$^2C%*5zFROjVZCX3hz5B-2Xtuf=yey?R zPep>l!UQxmUjQ?)x3~Wp7bgLd8)RKgJa!95V~n#(GI0SIW2H9FAd-1lN?(2OnMenF zixi4Fg-Z1kNb5E*KgRd#2Vayb&Num)9b>=@rR$Jsx7n4qmzP&dcjWsd_}7b7lvox5HoEuj*fpLf%}1-$ZK zv8D;GT(x6s?-9=rf`OijYRrw7TU(|{Nh#9W#g_7)-fkW$;`?1$bAKz;6SH@47~@h$XbFgd;5%TJ9M$D`yv}&lA&AZ!&_= z#59@p&w{r!H~SV9F%;h}*D3h#X2z{H1-d|D5>$-<`~A;!Wz+{|(~_DN)#n z5J4F=e*M(1Ny(rRz9|jEk<0uiWLh?Li=WJIZpzMYF5zGeIC~u&?k6WDmHp?puyMj9 zb7Rf?O4l{5(@!xRV80iZ76+{h5sy6gd!mXnlF3AAeiJN+$cKSlUE<$8ib%Q>p8vb_ z3yOPXEJf(z;>G>0*%L97X;Qpf73(w|x>hEPw1_jvmKihm7pvn_%1uyGoUtXgzW&25Kd+!0}6_^VUy>!6aTg~h#c2YLDDMhtJ?Q+o)0=10fx z$@{`XPM+FY9$c^Uf3)|WQBiK&wrIIbOB69-Km-FOP)rDtmx?H;pyXUikPJ%BuuPyN zK>-l~C1(UACljJXK?@`&$w_i3!tK+w&w2aayZ7Daoc7LZ@5gOzuib1ERDCtSImhUu z_ddp#wk=+suZi4+Zye!OZcs=VS!y~KZtO4|++-CfVwk%WDnCrWD|q4ulgRu2*j$yZ z^WSlh{-eiO%a~_&O6S3cq=k@g5o65$ElqLjtGws^-%3x!c@B|X7vWE{ahs#3icLD2 z`__uucx*O?U#|Pxh6{t;eJKcG~uQ+2zH`e+Crk+qZ9tL+j0(Hp~iXzlfqgyp$mw(dbLSAAS<1$SpbPn6x$VdUVf}6Q72a7q?3T4)x?z0 zeEWO96&GCakw?4kxzvx)DY9q%C-vI@t|Hys#$=Ch6qw18yQ+cG0jeN zai(&vpSl>AuC)#qldXKRU_;RO^BBahu`7elHfr8MfoWji6r9n<XUE(QF31?=I(OpH3e6;`FxDX^&Ac`4D ze@OWZ-XDOZ43`Cm{&xBmaxNAM=WgFdSYH*yw7#(STA<>)uCujG!@!7?xyj7J#8-K! zHHg2T*v%K|g^TZNYXgYTwQ19`Kfv6fYhfvHoYv$(9Wh*;bxoSIhxS1vHaIma-~%B@ z4+PmVq*e+ll>6|gz`<1V;`E)8i6%I%zzjfcY6b7n4ssiWRzs<|nVC)dgZ){kR-yH1 z!A?Y~(8H=3aGg}*J1-$Prx#p$;FNlf#mk6@yV!Psiv!M!KORfl45Sp3yF5KrxL6JY z>);rCSR5eoKR;yV>S-wy% zK_SjwLY<-LMnh0E02l?}B^bDE4EFpDtgLI^q*aQPvM){-Gtdiw2?^FkS-D3B|E4b0qZGt)7a}+^0@q zM$}eVE6>5MLKrv@(K;r1*){34GR+BSARz(?U`5~yW#Vc=3xU6Gi0yrtD2eYs#iU7q zH0fxO@a02|799P^;)15HG@L^6o-mNX`~$4(3VLRPsi`TJdxZne)DE=yxL!rhAX6i%p$tHNo4M64AP5J71|nKBcFWc^DV>8?tq%RA52_`usv}D(rqB% z^j3whB&8gJ1?N=rdSWNVVM4L#h1Qh?Fsap8O?nDc+2f|oLZo=s*5&|5p(B+>_H^Tc zXxV5PV+7^+log8whkWK+LbS_P`-$Gn8{c9mAo6`Qr%-9BB76Mf$B*w67CPU%o}87n zHLcF5P$E)5Qc{wL>2UUC<>V;X7cMrp6c?{#V)AC_hi!AcqM{;^5dAPr6D;q%WQ$@z zozX}50>i>~!&e@NaEv{QEu2<%3WXQvj_6;j9T^d_uSFBMYt^gCK{4I}#R*eg(c|rz zG=@hq5OpiaQOC9szjkdWsP5fRmtk=vRdVA{8`k>Mkt>P!FJxO1`m?>GR;7rF9_*<003)ZH3iU0(_Y8b7)X^LeWFXJ5hHE_*pRuBfREd=Vk-k9f7sd2z~l zrfJxz80mu_9gd6>p=k6pGaF?bR8>b@BIZ%3`2KYZb-JM`=%Aw@b&*CC!(S!eXz4W` z7L&_vLf{@jZS5l&w?DbC3)a{oM9-PgPSq+$KSG{E1Bg=>J$B58aLQJ; zqqKH)-N(_eZnE5hY`gT0_VE!wE3(O34O-{Wi$;vUpspbbKS0?^=pVRAD`4TdX>J~$ zn((?DOmiEuC%mq`Xj!G;6upEuo!H#rOr#JIm>j>)+U;OX+W{uRK=}|!9sv&V7{b$W z+fi+>m1|vGT~`vuA8ODW8s;1Y3yfepQV7iokya1B77*R-;EHifU}W}0l7LpU;*AmS z38%Sf$zqe^fuxZThfo($i4fd?XQ>7>POz5SM4f~X7P$DPHoM>Z{#^-@+GqGjiD$lW zaelaz)==myN+HMoJ(H+5vL#rkuV7KZev-=qddeG`BYQ9T{bA(?YZw_LL6CWDJ$9QI zx$$Ra@MlpH6u8iOF`0vm^7PU^3c5Rq`}*ze<%H8AkrvH>^2)?&1Dhn6z4ph_BG&;8 zF9jaIhg7%ZCg^nJF6BI%V^CF=T>I?17e<*8(g+5`25|vqmUq{VKH>L*hZA2ks@ahpHXJBojdUwA)RKu8$lP#mpFMYv=E#HxZ93iC$mO{c;@h`PiTW7*`279 z@SOdY^|xgyKD^3j#hpK)g{0l;5C?#*%dmGs`g;=1k9bLC!!#f;`3Vbe_y$*uS*7?}p*T-=4EZ>TghBY1_ zkzeUm?Iv}@9VQXCDm`>fGlPypcuW?Yba5e4BP<ju`7G^YWy6wFVm zx=vbKT7n=|P*%thuo~nHgq=7$JG<7{87NZ-5CFUs!S>*G6{8w~brlj-S_UmYt`zj@0v0Z(9~7 z`9i=W+Ku;|HZX|GAFvzSgBVuG1}4b_-Xh!(^T`2aBi`*`WI*?|c6Sq3_`mb4r%;dt zI-*zN|KV4?L>y=3ls9kPN>m17Do#}J_4S=@cR%v`>ecZU4zNtVgdK)-6rl~^C_)iF z@Pecyr{WZnzb@JDu*L&#%RBDLgRt=N9S2;!rwad5w8no>z@BUy%+ zrOnL3;P?nCw>qnpTmoKsu$Bim^%*eP2?z}fq*~z(;%e-Mwg(512Wg*eahxJNaI3-5 zq>6t#q1h>2xNnEizT28o%(e$jdoD14vDx+PTC-v)?ji9&ii(P=WSXeop#HDyCpFUu zU*S@SP~cx8mIGN{(6m?Dz9ULWL75^-I8=$enXVv^59`pwjE$*~w1B<$i7Pqp9lC}{ zGZ1BmfWnT0lbLqxF4u?I*PrEX*56jP_8$;1S84L z^X{M<6$B<1o$fwLGpEh80Cxhd`*W+K3(U>Y9wBN5Ew9i%GDAZahiBYS&OrG10llHG zk4$Voc<9g%$nW`oJD+#H#>&QKU`d;NE3g?L2$NadTRnBg;(wuuw6fSn;?qRC*(1nC zTD(Cc6BCIF%CXf2N!Cl<@H@aHSvj0=Dd;&<{osWH3>-L}A_rRD*47qY$LL0py1F{@ zkFuwd@9WbW;sht_VQ9JI?Jb?Xup^NDSLTtB5WZYcWM-(a`yxL-KLIohrEv^$PX65Zx);q*pQ` z{NL!(HBaUJ2qk(UuXAqj-@E{WS%&EOEUV&wTV*w)E z)AoW*zo6Hg5kIDn85lO_)fsPp1HBmSOJr~X2}y`$C~HZ`Moo+gqdvpfzTu;F^w&9g zlLl`EjfQJF?R&(Z(FM&-T~3HTlf3Zx!1ZQvt|M!CMspttwl9X0RpXVBk$!BN(%8Jt z76lxXvP#I&oQY#_bymm9?uRI8()P)T&A?y*I|cU?C%1iIt~Bf2b$kTx5LZ|5dXqVe zx{no)i=LVpEt?joN{{^Wqvi8y=p=I^OP031Wbj2upvklBHdWO;8dMGuRbiV8h0SsN zYE3d#8Wd{aAie{jQDS5NC!alQJ&7`orspRO8pw`-5@@+}xJO64_CzgX)*u}s^clam zgXO(vR^7}}a4y<6=PbM3?ii zV<}}BzP=ksZG2i&Gi+X7mdhX6(Ur~44T{>S*Hi#A&v9pAK0#-SY2L^RS0?rwFd93c za&nj(DF*mBVLST6U`H{+Cosg47jUJ5CuvT(6SMbXyZh5=HydX;5@9bz-src3r}a zAiGS{>0e=(Jg!9m1L}yqf`UQV*lhL#$2`RM5afC7D11h{q_72m&C0-Ss3y+11cesD z4??=;0bx*OQeMCtc_~yR7z`rO$NHx`s>3lpe81}=WS^_z;cb(NVs>_R8(=L; z%zINf9x1k;w*NvnaY1&v$`4gq^x$XlSiVm7X>r z3L#BuHS9gHNOk?_Q3p*%M(M$$d;``?&_*Ac7qREy%GO4LPEbnu&AmwT2r}F-A*5g( zX#*$J2?z_n$Oh6HfDXy0Cv?|h59r_xBBG;PQfCAKGtmV-Nl`ArXaczZU%~Q2XQd>l z=lX*;B6SM6kpR*X*zk|{T@C}30V@gYeE>!m;8%j6(YQ-s3Yl_&^fWLCx|b9HFuo{d z7zNHhD|_|oD4@&-T#POFJywBxj)(u*>H^FP* zi&aHk-cGs)FeYP=j)^q{HPh*^VgWh>tA(RR8EDGQyu=QYFcSBPfM1{$1Wer{bhI20 zPKAeO6Ywyb)AV(FW$2XPLP_T%nVUd>Eow}ASjA6)oFE4k6H+j>A?_sm&9Sj==xc=> zt%ZJ1o;=Cs#*a7PtpT)uXJSHt5e7$h{pi-8<)P3=C9G%t402V5YElsi^+_ZT*t6vU76k`^op> z4T`4)Y3f_5prK_^qkuzsiZ@pGC3~FSM2)-ZA(vSN~ zIsW*|!J@al)gxZDsFuafM&K6p(TUH2doA>?It{Vgv@WShQZI!tf49yE!=S#4bUhT2 zji*VX(1~nW{-XMeMqpflC@xxlaxb*c1`}1c0kl$}do@X+3AHKcv`~Z0CK$?*rM>Hn zx-e^obPwRz$*DNQAM=JLn>aEua`*my|AWJDT@bU`^hgJVRm9=DMh!d#Xnr9b#JoY} z%?kR;XaWX{PWTf9m@g0}SZqBi$}2)qxFZRWuGPt}JqTc=D-@*hSnD08`hNeU-60~5 z&oG;%A(?)Nk-xTCnf0HPB4!>~pclAspzud{dw=DFR^OJ_d=D_%K5$^TEx36oieBXJAgs5} z2Jn)Tvft%n`{-Yh(UAIa7NcR~hnJ%9lN?S^}Ev~(xz;J?{MnW-aAqBb;r|iZtKBqYwh%@iO)2vm?-_=VPD)iW15A^#03s{Q7 z45$M$z~mRm5pQUZPS{Txp^2Xf%set>)n4?cIHox;aIu+(8(utnukwL|<^;0_Tl?)~U7EGH^z&0b7%ozc{lqEy zb^RXkpC7lIet{%|^PpcdAX-Uv#E_+@;Ar7EegXE}FUg1+A6Kw29xY1xs6h9iT+eXc zhxm|LV!T-N3|S==b7u$-^yS48l%&D$+!`x|N+h)Jz9^AF$k?-%}$lCdLiFgrb5~(8VC;!3@Y)!nRVWEyvr|CuuNc z+f5jdX74(q&UZ0&MoBkCD8zUN5~(y@IS}BEoC>Y6*Yj?Eb^S>TnwM`b)va&pEMw~3 z%c1N4Q#`>hz%}bjuJOdj$reufC1c+0q+d5)(Hm{)zXz3nL{rP3@z$f=ot^x1-(zqt zw{WWw3{&{j^@F?Hr{H0)>7r*c038T~Xd3hY3pFz{1K992*V@!oVW)GVf%$^u*&pT4 zH41{cyXur!sUP0T?zPDl^ijMPuJ!7K7JJSD!;kV=oT`$$uzL7VZwqpYl?0=c`5r>M zhxk0ti*V#gw9F>?G3((M8X|ebIJaH!gOS)N*Y#(bJgTz>;bnM5C46-(Du@4e^T@x@ zymtX>|INL!bxXMW-;66C^>_~aWpU~F7Z#TR|GThJUjp%U!}*@8YZ{;rScg&?nu)ZK za=sh!y3#?}k`{us!+bYe{~){sF<);5eTb%vc1F)O6-?5ArTJy!By4a#&T}2?e6-2* zDCy7&L?B{~#e_Qw?ind%S^9qoNh;uC{GU9bkYP-y2;Kr_5Ems_wF8QogjFA?+Xz>I zD;>ZBrrnaZd3+=VJCC$Ffk!z3T6sIm`*hCLFTtbm(T1G4f?KLZmk`4@=2RKJCZ)BH z%tzI_Kn&ZUB&wvhJ1=xQlNn_D9zOuBPpCX}E6kKq7f{^&1~`uSX^&w~qbM$|BaQ#? zXAxH!!eJX|Y~lta2p*%MFp`hNC+Jezs87Hj5uObdqco@?@WtWs@d|!kkZ+nh@OOFh zlMP6ZOMp(U6ImEV6T#m=W$l;=bSa28@lrni;A*mlFo8d=T^wMu@f+-qKZ^nAlO8X^ zL;pj}zxoX#lP!29V5o3FM9?R(YPsOFo+DX+R#B*{0kfu@ZomwJ7la;JXME@_V3M9w z*ttJyJN-2_28M)4AuAE#AJYaRVY~vl1%>%6R1h%lZ+=;d3F5}LSqV74H0gf!>(@LW zipqh)2z~+Y(m`0Rws-d?=T*}Uif}XknWZ}RrV+s1-2AXJ`E^LT6h-OxBsQX^N0ZrR z0qdbMU{F2G+(SuB+Q5jQ4q>@?DU;BZq^5`n4z$avc3EOQ?QM})Q6zMPF3#y zG}Dxt5)s9i$`C#hj<#vkydfY}~Mc7{?L%JL@MVCL$qW>1cp?&j^5Q{tViqD|&Y! zp{rlo_c;HMkPs`==ikb}9fOEhLnHruI7+iXD%&AvZ0gd+_I^==jTCGDv z6~oSp^!^OOp#GLQZ7~U&ct;#NCfgAMBNRV?A2PMj1%(#69p1re@EwBpJ-UD(wY+$< zdyx}MKE@m^TeeJ2X%XJnH=ucmtP7w|h6`e$APwLa+vit*?MHw2PBP-};K2tlZK7@F zDMN!X5Np2O1ZUb|5fL^QfRTODAxQ4#Kc}X;F|H)pf?LviKj=)DI@hc?8)=!`U7ukR zwS(NeiJWlu5i)EPl`nDY6K?<{6v`at_04th6~07?2*RaYqXkM1lphGRFidjn-06Z` zhKc|nSvW>EdM#@4q*q7q0V>$sKxX8SFF>4+s2R&a_6#%twMwCG#@FnI2BV1s zMxZL><8?cBl%ttLzD?_1(gc#o;*o>LXd^XNIC%VK}+0f_~y~o_^}|T z+YNaUA5V-WhqryUg?o|n-NKRoIF{F*Q zJjb&#(@&Z<4_JA>zm7YNCXphijhABKcqVCPSv=bAVQ;);X_^1B;4c#PLv3wlS#JyW z!C0~Af)Cm%6B(laKIcadW{6+^B3{5k40Fqne zg2-o=`uW;Db8zph(b%Z`7y|~m*4zW7+F0^DIeGZn4p0O?g8426Ibtqr4C^Q~uS%=EqgH};;|Jg)hIZ8z z#V+Y2$c(BL=Vd$EikTkcB6j=D)Fq2Go1k9LwEz7i8B_R|R!nrW%Ca5KTAuiqTchp2 z$kPA9{djhCHN)TD;TX60mcLQB9#wi-C!7Rf-Nl@hKMV{w;qk>ugH!J`x~4`ZCkvY1 z=XU5Xa0d9uetLIVpY=k{r5&bQxVtysat_MzVE?jdQ6MSP-UeSoR8=ZkDzYBg)v95| zO)#VY{TQi7!8X{xb0?e;V#tWte%LhkK|nQUj5PJ~IQ!9!T9)5P68Y?L{*HdthdWl~ zc{95X2gr7h2F|~g=<+Z)*Wxu{I&~C=JSR*o{I3zPZE22MrpFt`@&vh`gr=^ZnbhOe zO-ov*)Z)3gY9u@*lxxrC`A@BEp1loKi&jjENPD{BJYvlmA0V5c?J4m%WeM??Cr}GR zfNhUApv@OHFV*Z?WF%IW^N4Ujp$9VaA@7jU6F4snQ=s&Skky$Hin+b`JprEk+i#_f ztt7Ku;r!^uP$DQ{m?i9u$pTm9J}TXep3XE$A3nlDRV3QG8SAHVDKSu8WM5cI4R>PWv zU3>Q~cOk4?funu#+A#k^^-n(HE@wYg{g6PDP;xI>@jC3?2923kj_l<{Wm}z?OiiS? zWK9rYSFhfKv^YI&L*h8X)+t0WPw(`9$9&O22Hgsd!@wt!^Fh5JnWlKay9|E7E zQWwV8R_VPiL@o2FvQig38rs=5ZrcVz%Rw_)6kT`(EkKNiF`aS^{jBuL;yKcTG3-!GFN1-2dky|IR_vAn)*P{-kZv)I5aST^Z(&5hHxD#s}WO~ zpJNp2EuqD^F=D`grI8HfBa~fhUpHpEvDwoBAUd%-h+hh`qFeh6hH!&yF!yQ(Nh5Bc zAHXgTq9^H8#5ykk#kKr&Aoadm!)B=3!mED&Jw~Ak9Wx-?I1j1*T_4^j*a1&D&ho@7 zB({6T@u5J14vm2dQTQi-b!(-#br^FP8tJ7Afpzy&WW={^K= zN(QasIntWLi)g@`be>a0>qn7hN&vE|HR+c`()|fy!3<;Ez-F#eVv_od3wR%ih)b9W=zEis$X!4X+VAeJBD0^JF5f^NM`xWTdMwHCfwjT!3KS4r>rak# zwd}j-HzB3lW!};xVq>3!Mvn6GBJJa7!LI=2gBGMNw38-}p72C>5f%h~EMgyonK9d8 z=J?Htv4Tn8+sKZOLqol3273<=_DRMdQz0giUMkG*izz99$bjvSnifzVl%LPc7I9GbH9?!fYyr3&$j$HuwuNhEKp0H8;O# ze&QT9AIc2eWwgo`-0p1!jE3oUp@UZ<| z_uOdcI;(#~qozU2un&ey4S<`>*#^Y{1%~trf|4a8brAgs5cAXUwi6C8cb`U5vj0se zKB4yYpDSHu%YUepP?y3za1{*CCr~NMg-*h#0|{J|cZ$MkCev`CZ^JOS5x>^<^E(}2 z5xfwb_KB&d8i-beF7DG z9|pzuJBKXkfyN7BMS%)A9LN4i-HjBbfq4JL!$*!V@$qFclwzO>85p9OaxFy(e9#Td zRA#=^^zE#*NRbb!*EAR`4MB{w+w^?`~RgCF1p@$3LSJn z4G`0_QOH0aBg&6oO$&-jOyp7yxQu}cgd9iGvJ*gWGjR?tHeS$rAW%$Lq zAO#O@sk~ERdz**uFV;5C7uTxsEwDR>1gDkX(BdiLP%}Sv_NtgHk3q?CQG*#j_cIUr zcdx%(%O}S5Lsv9u&Wme9z^z1S8PCYn>La1+(&r@4W&|ddSJWk&i#SgY{ZOMzqZA3E`l4)MTQFj>}@pXbMG*frfrG zm_r|WdeQ)mr5U#!k9ao$5iAmwLP<;EsO;lzSm8Yos$*dql@ze9w*kw;oD}No8wNS? zz@9y4k-uO~Z4ho|TD!Iea#Sqhc?kw0?r{U6w19EF3C5{7#pDoh34>0UJ!K-`G?#_^ z8IItLE>T0Ek{mR+#0dpFRC60P1r}FHyWvTUBNDz%CbjSbCPDM=hnr->l~`Fy+tMX{hbm=sUKf#Tl6Zzug7h?GWqP&*yZP^u3`d$0$Sp^=7ZL5 z=e-2o?&_sW9^jq7WsMxUWmmkzy63_EkS`!#Xefsnyp2MWQyqn2B(=i`sc*<8%a<+7 zTHJ?a=A*J6*67ci4Y8kO%i)M0);J}=?hGsLPIRD~6p)?1mFB*7kikFWFj zkt0W>H@lyM&nw|(FnlM_n+~8uyUZTS!RXY~)Tv)&?gcQVcwCTI-LkmWGY-z&0T+?N zK;@6RotGHOt->E43@DY~Cl2|pbY6txAQ#s~Y;*3k@`tB_rBENKy&CRqN<8yLsAO}+bp8IajA<==yH_@Hz8VfwtWdDps=)ki=kvN#&d&Vgq`RSsAuiW24)tP zIEcF2cKn$qqh27K{Qk&m%ix{zE9e1&zcx{YkmwwS^1vNOx?*e$QZl1=3~44#$zr38;K}>@4p8 zGmP`j%X89ih2hx%0Jo3KF;`$Wb0N2%@xmgGV`$ixiUi3vD z6>;0@1CV2f1kr`vi`o}FXa+QJt_&)u-6CzudTg(JmN>rM2#w;6TPR5c!TIVDN5hqox2<&qzr6Vg($&; zaVzL(hzE1jY0`p0`ZvY4GFsZI8-tJf<1=B_}7th#w2Xhan0hP;~)d z;ggVW4WW*69yoB**#ssbvXaFaNCwPXwqQ)a0YscjaA(OcG+@s^ANCd3R#AC|VN$O_ z&gTQXvPCO(mj^||Oq)x^7V?e2FpTpkmA)ZCo&-rJDJ|XoLLr55$jr41w2m`4u?K?r8+D0Ke(;0&o+<7g|L-}ina*fKhI_>h7DQ^HuEJ!?KqTj z^(k7e90x^3sW6{MnH0?2n6d&E1@?~yh~+$X>?)jzwIHdV1P9NnE5#OG4cknUqJD_y~N6B}C+Mi<7yMUd0!ueynqH33SUM0ZlYhlj_v z!&A zeDJ`BgApVAK^yyXK(w%bcIs9bV#*N-2rkuNuS?5fL28qg2jq{(QW;{N2@4*lfOpyx zPveBY0tcxdDl85AjhUI59Kcu%4Z!|>X)lOU>IzJ_m@=4*VIX3@n>K6+Lo=CqKH}fe zRP^3l-0lPIBJpQF=;kN6bC866GBYz#jK#xuc?C#)=m1?BnS=%)F6__Gx)$~Y31Dyr zfC{)u8%eiOKU|$OOtU64@DGZJXpkF}j)QcME3v}cO$gKx>X^?r~&$3J&MV zB4Vi&IAq_xb4Pghz+C?kwA3_RoehOIzO%nywQcH_2v!wzRvf+&u*hT7>1tgoo&%Tm zgUKde3-dr@P?p-~QSBJ@otz559`2RElmUiSt75B3pq3N{w-hk7#|g|m*{4{_%aAG_ zdV7a(7law~l>B}< z@c22r4Prp39L5}-G-*_V_c%4jqBjgXsvplQ_@Zi>ABiiy=$m6T7>5&nfR9fRr3X3t zWJ1YM76fj;M~`;qHYH(KPU-iJ;oj-PFAM)<5Y7$uXgcHpf=F;op>Ys6nXQ&uX9P?r z@8FO(V3kYenWQ9Qr8zk`#H6BSAyoyCk3*~?yI6jK8v!N4AS>nL2Vg%Q$61T==lrr{ ztWbn`v{kXkHp~z_h5Vl(*?^}k`GkdspM>`sUUxNsK|lwd8QAX=;JwyE_`(X%2;|Gl z6FLl?8HT)Susq*#EDfh(CxI7YvFRBY8U2bhuWD;YAWX?AoQr5J$JILtVW zqZSqvcRZ+=f~)TU&>{-h8Zcxf`GOc|po$?bwTN3$WOHD^KRWjs$VE%Y;3!W3P4?g! zMZO&HK=#8*gJn2uK9yrJl=BsLH5O9_Nh*fO_7aXCPDgLt{q8hyXy0hB^*j35iq8dL zOmI+n6!>bJLq`rAxB{?^89>7R-CbQJ#l_Jj(a#sh(%=(uRM#cXbRa;-d zc)5Q4#Qa}i9rewH!NDQ@)nQZaue)PpmpE<<~>YF>?M_p@NJ9b{+@ThXXUO&LAHN!0Lkj;)6$ytlhel z;!^tFC%jl2ZnI{$#++oOpn?Nc?bi!tdvyb3*82B|WnA2Kdhs z_n}sGFIWSg;YcQf#VM_<99EnvgsUze&k7^Eo;0}5Oiyq1Tm-z57ZbaS^PdjxvI)-? zOI1mfUvM~c<~Gj0>h(V)Wo&G+5CzlGfsPR-(Pea)aceL#>NSWJiSB|s0A+FD3dPM2 zPN;TaDe9Z+3PHwZ_dzXt!xNhp>UTogWY@0W1A+T2h zj0YCq7mt{Z!&&x(Pz^j&n6n53sE_zYa^I~#Bz;RKN^LM)If_i9tl{QDL5U`fS=t0C z9x(?hnBV-P)(na_9&jy|Jzq|f=Ld;Qw=NY1tqP692V9TGN149NvZa81fpLd-7mBpY zeZ6*M$Eh|sO!{xM9IecG-F-g#Ouw!E)OFqLej9uH(%M=@>>?VeRuROIJ|%pggoGp^ zOaYL=Ja-*Y$dBXl)1#+B_f&%&Aa(2xA)70}wFCl^JcryT;R|nHI{K`p3IJ%+F?+>( z9vv$(zT@aa?*(@$AL5L_9+#IC8X5{4Z*PhbN>e1`Dugr`BljcmAk62ZodN~2Mx+)M zh41|}+rlvB$q>38pxl8IObFe;WL%t_k`PF%u?3nMScL6f1EoX(dg=o>kGc)sM6yg zugixlhQijwncM(r7A>5%hZ=INlTC65GZ;i=tG<5)@I^*Q?dBg zl|$798>LR>=8W#*iPNfT=83KlC=pee2?f?dc}0Q?82vab-YodtCw_jBU?K*a^HuQy zqZ1SIfTcR=Dl}a7-u?UgW1~aJSEXMSl)q{>uhW|m*9Qlayv7ue3TA(q1kU@1RP$ZU zwKA5d_Skmf$@Aw4swUaz$aE_qzyY#vNr{R`OIQ};*8ia;%Jq*g1#2e zh=KjH+d+XqYjk@K? zbbDv!rL0`B!T^Exp_f+;%DX7Q$;uA5&Y6lrg>OWmwZ^eZQloA5aqb^VtP6T5U)&P5 ze<=O)jj=TnLFHi*^F|Cm)Agjzq_E|F&21dS7L0xI;tvu?K(hP!`$wTOlL}lShwq5x zCxc8Z2kYg39U7A!R9CS;T{#%&BrLTaokhfy;8)rybNck3h!L`F4!B<)x5u6tCRIWB z8IA8BY|NI09qdvU{sU>oUHc$5J{Dk5f@GUtLt~L zGC=MG_saK*??leiiOD!Ww``@-xP@~N3G#cHW;w$G(;K_RywsFmY`c@k{DZnsRRRVi=e zS1~dlRTl<;kYGIy3v{VTCgHv8&_H2XezG0H!lK8O2?5ZD z<8;TN$ncFIWg+XSS7oOp3(t}Th@GS+*bWD23XgSVQxjGtc1QBo+Uc73i`d_+$+=Qud%RL#-f(daZ2d|y88zB ze9~e1C)IJQorJ^#pia+^AwfZ0FuTmm&MF9aqt2-_%HR~X-$+?nDcP?HKp%0vJMAHc25+kTif^?vUq%I$1DVv;xU%;f0 zDRRBCF<%WZPwUj*W0-$H{jAS@fBF|Y97xq}W z-uZR4{J*}j_?*GFoxjK^ufKzA|KRKXXPB;kz>R&L;Sc!xk2R=e;Q0UGWB;pM-9PvS z|M#u_vxMjWUBv%5IsE_6wJK9+LN2Fl`S_{l+-ys*D=21KoN@P+!;ba|#i?sgcf{%Q z1bA1bZPEB?OqlGsw^?!a6xs)w&-TWGixPvT^J9Crmv*+72Cqz~cesyX*|Od6TJ+g9D>=KPFs_j{nHj zSLv)M*CVSk@-Ejb+sXE>{nhIa!p?+NySQ}=i_kURDfX@7k#a4Z|Ex9BBXXp_$&;G1 zn6Fi;F_EhuwR^jCjqxsNJ-Os9mOK+rIC`^-TjX3{++s^EoU}jZ`;C6Tch;`9&Hbe1 zFChSrBQyM(r90d6^~cgahw^1bYND6-dj;2A&g3;u{@Q-u(9-h4BZk!vC%%_8`$kwU zPG8wuBqcn%7$%%CRU4cCBvkRmkIczWrJ7aIpIiEBR%~oa4r!C7R?o;s#Jmy<*VK@4 z()crj)kZv2_sBP{2U@QWj~GUB3|c2=YL&9pIV1?!9=d2RD%!3wWEQfz{K1`o&rTV0 zdpsn9towUi7h_YtYK`l6ISgJ1N^}!c;anKulb0EIlJ+6?{9?0gsCJoo;pQavPPUfL zyX1zjIT+fMYNmV&p~k=h6f9&V&eWXp$D&$RQ+~yFUCk$c3uy|6FUUlH@=vYLlam>c zE6JFD*k}FNUf7g9zP_bKZ86Oxz&;Rf|C_xJU0&&mgG9HY&*6Si+3TlMZXDVXXUAx8 z(f3(8L)9~;{jp=g=$B2TPWrG-t47SO8I17cva&M@Z%TX_XK(3p8=fVrg(69KoZ^*%3p_|dGmOY;&mQf*b6lB+udf=bQhD3llVKf1pAy|&HN zTwz^ZA!|NSqN=rNJ*|4az&rW!ps8V!rIVLbCnUCkn*3XaZ zn#e1>GrQ)&mj+XZq=7P_DY}RVuW+tWjBiVQ_=l6Bb`F!@MotKr3smm8P?{z@Vp#qx zt9gF5a!`$%XjNCl8(-CKq759(AMw_{ml2bEum8OM_@e0L`PRFFon|@XvtfgrhYr*P z2o~15xaM9E*rL4OTStF-qcDfW{CTS?J}R5MiC0tpVB>R#!G#}>=;_1m?A-IqO0T}h z6!!Y!QI3TA*xcbliPLYF7_cZ%`5LR`ObcfMiv?gwseUp~wmG!FE&oCeVCmZRBvGvmY?foF!7G#a)^DQfR*XX_@vm#gYOk>jiy=`Ha-&` zq0){;N?P{RtBpk))x;dEVzZ9ORpUnQ8UN_&iD6nOXHVQSyXlZ~z7ZSGr@eOie4b@m zFQPcZq`yjq$;0#8#B z-+5{S6g#0t);cxz;HTjlcTD{=z2(arc;w!Hd^^kEkhI;@II3Qe_N`i3b>iLQ#p>14 z3l}TB?9a|*FQ09Ay;Y+6BlAH{&O=qVExiv2o{*+GI(*ThV;?%q=QSmlNU>8TcbFI^ zwXR4XAAcY3ckB3hUkklOiKdobe#hwwjlJ{snGTNm%!QgUA1`}XW%V9=NadH?@ARp< zo83wAhJE;A^Tj3U20d?v*qch(9^|T~?KhDdRi(y9d_Q>J>7_={VgXy8d4c3ZC~>}; z(GT4v8?n=U<-S8EPa#`(KxKAL!MpNxR+|bVt7R^}g8a23GNX$Qi7`%m2Jc6`ON|OU2CvUf z|5!cbtgGAATX92Ly-`B`G@~>7VHHuyu@K2Gt*W~HWxYbQY|cOC&s$a*Tc_82F)^n( z%WX-|iG5JqJuAHFFQW9iR(8WoGPP3evNc%8K7#G&hRFNv-^ce;_SNyRrl$MtGrh2zQ) z@k>Kj8TZU|bZjw13csQgS*Y~>KlTCtqI%J=wbhNcUxPQD4*pas7|-H#@`qpWSX%Yh z6LI!J_;FTQWV9|Q^z*0F4L_TWMu)2HmyU{$h!Ddw0#uu{u*z?AVlWmi)y_87=}vrS e$6(^((z}}mCnb7sG~@3n66d7ElFnSa{XYQ7xQWF8 literal 41666 zcmdSBbySvX_brTxq#)fEA>ADU0)m7{w{&;6MVE+l2}ntcbO}h8ba!`mee3Z(@A&@x zednBiKF8R5kNrINbH}>YHP@VTt=oXtvJx1m#HdI}NEnhYU%Wv=x)~1t{JeJ;J_*6` zQ9wd^h$Q(!SkWb6W763HSLwQC_t>c4-TLYC2M-7SVvB6|eMh>2<`0$eeRR2bwYavlo_8XQ~0lH3+#^)Ho6mI`3#+fD(si@ zX<2qNzQn|Q(w1*+Zx_G!=o6NRzqg%DVatp3hK`O~_V#SjX{maq16en=w(^gwtV9rp z%-x7eNNA6wlV`UayN82}?2hvJKcAOQOlsNMI6P#dBf-(oh(Fh&K%DU2u293!kZ;2W z5$P>wF~kRt{#=uzg#Y_ZgUN%(K8TM#^*()p`tR^GNq^jb--$Ke4%aL@w5ps!=v49t+IeNn4WIox)m&}4&Fsw} z0w(c1Wj6C6`kOaz($W*);52@?gZ9^iT{@mK1fM~Dz@+ASTjOyFF&R;Ig+azr>fp+j zvmE9;l0AcC}B6B>GY zgZdA5UPwqp)2R?YL_*~JG&VEK5a`!jZQ)|ocYL4eotQ;Io4GpQ{>-n~?3~W=Pid*#jgI?a8S*f-8g2TFP zqBe-~Zqb-E|0JZG9ly3VKrM`k3FqOBHxG(WmKvvHIo+P=dTTyc&^%{|;LS_w_e)bf zvc2cMRcm5$Ibh~MdNF^qm|Um(XPD^AnpmYb+L_A-;WV`_=PF3*{E8G@_uccwsP}sh zFglYf0%H7M;EH7*R!-4wNj;zwnrtdC5B(CYrMliRyn2wp^PtHbN98NZXCzp8iwnl! z%rmd7qU!Yw>oLAM{ zrIIZBA0lUUuG#;J#3}jGc)eWcW=}N)m#HDqti78bMn@1{`v>F zWj9S!WD&+fy?RDL4_g6iuS3Fm&$uDC4iza8{AthXh}eCJzqJ~YCkok$<>lkEON;L^ z3vlr9jgWBhOv*i|k}f753!YfrtRXk`2?z*W=?GxAm<_2(oCiBPow-SG<2} zxoJD*X#PCxhHy!3=mJS>uEx*ga{s5=Zr1lE$*tbIlS!cN2l##C( zkD9AWYFP=_=OW?pf!iGo8Y-kF(7FX^S)o~a$ur!}8JU)EJ$XpT3 z;_0d3A*_4e!y26%&pZ6&TL2fiBWVCeT|hxH3Dw%3&O)3Xnd|5s)p0dFEBP8NRn4sQ ztk?U_HP^zHW+FDp85X>|cbD)pd}n?z424G}gjl~L5%gk=iOrGER=j=pbmuUN;B~fQ zq;@;wq)vvBS*}GF9Y$PW>gRYRf915Mv7rZObj4{_IQ(CA(?4nMP?A_l}y~Ip9#tE91ITd1MDsb-)3+`zk=a^lxsl@0=%fHVUTLcv4 zSEWV!Qud<@355eayh7~`>A22=hu6g}>|J96##b95q>}{oGq#f4gT`LBwBs3rBlHtTiKo-pw;71vBEz1M|1BkX(Ic5*^}vX~h`D1i`GI7~d^? zlD?Yo4EL-{WV?NVKsN^u3Em@%4|yLcVX+cEx7B|}+feoX5JY`Vjz3ehT)8{KCXl5t z?Gr!D79(W-#7~5gxO6i*QevgA?irl3At#^hbsyeC*an^QfkLJhmg?9miHoU`A_QclDbn>F&d>*u8PcDl4Uffx7A@7A_@ z2a>-Zh7yShMe;LLTL5!*b`L^2)!0#Cd6m8K0s#QJn)G*fojKM{hCj(>E}vZ8Tawn4 z?0F*+^{ds~yA$Zr1T z`W;f#{tCp;7cobUZ+(_*bVO<^%=JR#N8wW%~f%%tl^Q-F)DjMaGJ_GrI z9}Kd`Fh9Tkh?Px)x?9vnidG{MF;vTLt&z-osI@v$%rf1LHmj(L8=`R*WqR6+yMAxd zD~gNyTG2>N;`mdvc^7?Tyi)6!waDq#e4?TDHB=AL>58-WN@dcf9B%oVFCPl>`m`i% zifeg?(bkb(6Wx_MU+;=9eSfloyN2xcH`P<%arflgQHe(uI_|;4LKLFsRw3wIjT2T? zR?D(g+|5vxdgJT9R=rRA#n>-M+U`%y7vaVh#56T(bZ@Ur{klsSbuZ9$Hm`nAeR;6e z0Kcv#QuGmltzD7fjQ-}!ir6k+L%)&24XgssGaAum$6WT8KNM${R-ZptU}8)TSdNtM za4~bzal2#=FFw{K7R-OhRKJ+ATaJ108p zwF&+mMC?9f;tnO~!hO=#pPq4GZ@5==E=?hZIgdcQmQhtbzQ58Q$x0iObksRkP*fxG z^g$(lVrNeW=FOeG^RU0x1|%CBc@?%CkwTowOD$sV?YW|v{q{#L?B=zoO;t&3Of|>% zHmf)r{`~pW+QBt)F!{*odT-cr{l~MuFE$KhG^Vjdg`8V^^pQ(q0;`rt7jIP%e>W&JpomI_h^`v)J-;k*xJaiyX|8?Bh-2Futhu79-*;UY6 zpG2-}t>vBkW}$sy!yZMnmrR#55%UiLOFk}x#mp*hXa3MpH1c%aeclm1^@ykht^6b& zqB|B^jxmi@jQ!RI=H%W*1cxMU--e%EIMT-zOkH9ab7>5i;dFM&uyAoL#$Kb(%*t=t z92Qawm3;=jpte_!DN9=3P|~7cGSL@3iYCtDVu1{+7|yA6Gv>fdh*ZnM#;)WEb@4mP zoG=@jg~$EN82YUvp(8wMDL{%eWewW=#?`78kTBwhA7y>i@p=C`{f&HG3i1=GJH>B@ zj9B~ZP7g|SR9U>a!em!Ps;n?f`+nx9EdCws%3tF({5r4-py$g!^}eX*@OMj3$eaiU zb>rjHv&+qkLX-O#aqc)1Ri+hZ!7j8hNuug=>&w3JnW7<~*NJdf^C?pyqn8~z03~7( zQH~hb!K=UA9(QXkkJR2Hch4uO_1ZGXSSDT~+jBv_8)_-{v3V*>W-x&dTfvV1SVwo5 zDKmCu9QhTAJ!5iBb6C((U#a;mZ7*+{_rii%gH#L4xJCB+l7eoAx5kGljQb9}7C)4N z96(kOXRqVgphe&a7@D52_{?@vSc2fk+_vxr$ zI8zW1L{2n$Ua6AmCvSHbqSU(#*fxxHfAH;EXEt@yq3YREF(Nx16(gM_k@d2|j?mtG zRd$2H#-^ygyDgBj9>eAIqwWEz-8l)ZgSx;e59Q@ei%o_Q;!25}UfUy8cHn?|17GtU zHU>xjBKHnR%Z$(X@*hcaVftt;^u?MRHrrVAjYS{VCI0r8Of(%x#dKV&n$haHqjDb^ zDPhuLH-GsROR#TyiY@$o}BY&?t zem&VYUHJ+LM`!g_6=R5vLrGJ2Z(yiEJo93S-wkf>$Ds!Uq^Nd5+=O=Te|@)r?MeNf z!2^9cxg_yUjo&Z5gMoZf^orjlF$+~*%XN@laXA}|8|_M~Hg?5q6NPCj zczti|RIfL^lGf_{P1B-(x{49nhI3&&(&(jAy6dkoyt=mf+{s8d)-&Q{dPt{?7xRUd z^h2(y3vclEV;P-<{jqR5hy1j*a{MkV4&Q@5x2M`uFsOuhJ*mMwKoj(M0h@R4sK>)gB2bTm9cV zh4cecZ5XIxagZOc@;vny?^^$Qy4=`4Ry|Sv#Y_Q*n4>_nMKGiSJ6=lM40H7vk0!Sx zUO{Ddj7E&zzMFWgW&6vHrutD|kOEeJ(o=^KQrsU|O{wujk>f&6X0ms2Bcann)Z9O; zj_yu{7$Sz!&JLyZT^;Y!+@BEgUr}{$9htBb+ZCfCcGAaU#}f5hXlQ}YTIrf6J5t7+ z2bKSHYFZKsQtqnr#_3s>AlnX^u=@`ExUa3MVmP`H?BNi1zQ0cEmYB2={Kc)(l~<96 zK3rSJ&h`9qdH9P>$9KcAqLb26KIDNqOPJn^6!bD6|9j z58f_(XMB+mX53hYi~!Ax$~8jBs#K+x!1%dC-kL`Sm2P7yF2zA1iIn+UN17F%p9^d2 zMhc&Lk$D3|jyYNW9-<)QuDwPjbLXswqE#3A=c~gb*9vOc{Kzmb8#;3mv+;OG z+A2--dn%1)i0slx?H8 zWIt*pX>4y!P$s)&v+wY|T(#pp89_ODyi|~rS6QBdu(qvFUN=Z4qr(`09;S<*VAE~L2f2rrqx{5jLsyGan%4V`%w09-4 zo{ZK}n7HhKV}e^(FSVhi zCz3Pq<`2BbgBesVr%|`D=t%6<1s1~Q$wD1tV&giBF0p@Y_93ar`PubbZqj3j4y@#y z_{|ORifLC1YdZ5qpZTZ!l$tl#&#V_fN+8M*kM6;CN|xCJ0@ZzXT5< zVZ_^~t@xa%w21d78`{h2q)>QLC(I#0!db21*!W@A9SoZ^&$8d{S2)Swf0;=%`eMX# zS`z=q08??B@5~c^lQYO_ImS-RX`!0tNOEZz1LCOHlk&!VEm%P|NT>3d# zn9=X7BX-k8wBOC!4O!EzA2}0=F9Zn7#al+_S+W#q)dd%HY947{oqOgD(|!9& zFRIkYWLuJrf)PKM;u$9XDOX5rT^8fs*7(3*^+$NmWR;6^6e8Y|@)?bE#P)r!LKUm4 zk+(WBa-r9%@Q_zAg*hKu^%{3XY*NQ8Fp5J<#cV}Yb&a>?)@{8t*e=5uPx#o9v2pkm zxPB+H^f)X|8V|D`FDCO;pR*>Ob2as~CzR7kT3lVpfk9;JPy!Oc+lN7$HWF3BSR>bx zp*=Wn)bTkRJwsPJ`usubC%=0Z+IC#FhK_p}HuJj#?sg2cK4JydhQmv22T@j-eXHM7i)(NJb&*eJ*da}z!!>J3TE0?J$J0< z#FWL!b@`YcoQ?BTuk-X9yO?hz#}k>=9x zP&Db7p&-frbKPZC+n|5+U&2vTce2va+%i$zr*$KkKh!76qh4sB<|476jJ5bR&Om)K z6kO6#64`W5rq?CIM(oaHWK#SUBB2$gJ=(1w41(0H%Y>(@51 zNx6mTwnf*;vb(OndA-WEmGQi@E;zKE%yOXN!TxTtp|(|$LXOzt`pHqnnLPXFijLh} zC2UGmBl?*$HJ3wtT=r^T0naugS<6Li{OH-deCd_T0JG=smD1qYF$`)hjWK78g>1D; z)uOiqOrIE7zS{2F{obsb#I#yeYY9mD_)!%^WNjkB2hc!dZnx*ge}~jIj_H{i)@Rz6 zVnJL*y!lj&rk)iDNj=x!mST#H(}?Rk4_7`psrY#oRO74v<}8Rk{ceb5&xo-*VdW!5 zrA(+gu~mAHI|wf7i#)Lny~2(6HoSrp4#MV@ny&J@=Dl;)&=d7_4aL{rdV{6rA0|7S zq8(CH@ZCBa!dHo50p4`z*Hx>zrN!UDVd8%)^>2y3$_9?sFG%QH6Tva=#oJ!CFVaq* zbN+4VfMOIsel6JRA^5V_luFXl33JOTuKmk-fvD`?Gnc-t;DJ3*KWn?l1ni)GsvjG|f$2=MiAon6t>*qk=={nFtvJpZQcWrtWV-N=aA%-Za`sxtj_XU=s8w=dQPc9&+f zO+LiZ($Y3Ir78J!?y)ywgV0J4_w*(bom8tA1M69U+8^zTfXEV_S}!Z`F+V3Oyl^rS z1ml*wG723vzkf|qu1y%OIAft-{;DSHxv03hmCyQXT%Usl(tL4hu+D;kXw( z%$q4b0Pp#^WU{i35EtmZACu8aIlbX742hpketqe#}+SsK|$|F3H6n_0N^Ez4;YCb?&bd9V6i{rI? z^3DQNv0NX$zptb1m-i9x`qTnl@G9T1{p(d{285w_IjmuZ8YL zx3%=S4NV%AGsAG%!4THz*a!KNy&N7WATJE1M8C6h+}lN}bQSm*;g|o}h2f(ih0kA_ zEX>U+jxR&P(EqxRek%T8?nW97Wg`}YtG8c@^%_pU+dRRFtDM*6OK9I^VM42p|DEQ< zMht7F5S1Cuhp|)nGPvC*kGOfqSwTRuu*mCfn_Rrxf@}Us{4DsN7Gdg`)cK2{sn%Bb z6p^wR|F>I*|JQnu|35oXh0|u`f7_^}_vPgN8&{W%V>cf(eER1F!z4-LV`F=NMep~5 zh#_X+diE@!x|;vu^3q(rNj+tFy~1u0mCI`4o9q6Pi;Ih*njj^m&(4lb9EZ7Yaq+&u zkHtg~@&^w-q^DB~xF6-()|k&F zZ=b(OlL%|>>Df*ieDdhgd!-y@qNJQbGhz<27j<5jg};7P8y_NC+aKMh9`FDYDz%zy z&sNCfc3i`y@V;Q#94}k;qwvb=wVU=jw@mWbYg7MW*kx#FxVu?4-Ipmx;j}#!BA%B0 z(?d`1F+}De56>z2V4=~0n*af$=G(>g$c5$Q=?F(EDk{X$cQHv@;q0y5-AhdbI^Urs zm>}d`E8ZdKb-}IQ9GsmVr_4Z49}Eq6;;CEdVOd!;NM}cz9nm^oYI%kX8l}PdEul)h zm%}>Vluw_2xBG@V^xs(k>yYkWbuchAOrb%=#Keq=i;Ie7qN78DKN}kx&_6R= z>gwsC=HeoN!_(F@6#`S4UH1&;=H~9*zfaA~jPJ=&NQI8;%27-@Ry5ALb7HW#{!;0WnVCPs`YF5cY+6CP zf1x$}iNk82&$Rb-VoVHSLt`Vxx(cpOYwOGAFp99MDn7@x0o|!;*YDrIe~yW1UFl6b zh0OZ9>Hu9^yxq&=>HWP9CL9uyjxUt23X6*y8yi1jlJORr4>Ph8V-OJ$Nhb>?vgkMe z%~4^Rn3z}@$i_)YN%6gOpKr!6>Wq0G6oi(apU;1J&<`^QY5l9*&Re8U#DjlNPLjbg zMKNkg$;x8Be!zd9od0E}Y~s$&&P<9QxgO;0G5t$&ewWXmKVvE9sTG==N;wx7r~5>l z7KF5sf$wi2KOiD%i(%1+yD%Op)P?0FY~LO!YP9Kw1r7k@L(+ENYujcXoMM!o`Jq z+Vhy~(W6J2HExGV7SmnvT%#rC1fFLHDWZOuh}67=j7g|274hZE$wGwO&hhaw?5Yj8 z^}p&Xb8{lowVsIVzx{4tK=Ej6@)e9QpnFm~Z%wp8#9ZbAs82SEd;G(~kflDnu&|(q zU4ejbbP~>BhnHB5@GFY?P^DRCwFj~74`G|Pzp7!wXqeJlc&o_!4wx<%IJRngn zj}z#42=`~m@Yu{CadLA0vYsaA;^IO8dRm%(Wb}9Isp>Wed^p<@w9i3 zF9u1u>poQoF~?&X8voSPRJ#t%Dklauqt3Umj}y3UKV-c%4d7H<0`bfK#geV-O8CZ;gY z^P?ijP{Gp$9N+sC+FKr))h;ZM9#xh?5;fXArIzC_Wo0v*z08Lv6=aOLqtTxWW1CiOyGzR(0dN>$YQ*-tI+%IeezBX>l!gwpJL;l3`hnD zW9T!53`C{yMJHiVkvRGV-`$X}vTWr55r~^>SW_i_@y-DW3wSe0t9IuoH)*4zEWR7BU+itn?zT zvA3M;P5VS5R53Lztz)39u<-TiYG(3R6>V2B$ycuwaK+>ucoToRA6psjEwr^m(nm(p zsn9B9NXviu@&$e0a;jP_me=vem$*2$;p26Hy04s;V-uyC!}(f~h8Y6M4*qMzeL%7) ztF|CMdp9fa`pjiLudLnTqj;J;lHul9iLa|8Z{pnid>SdY&9{l8BfwZ`7(bAwl1s|% zjN^C(5jXA62x0X&u~`H-i`=TKS_IP6C!whL^^K}(7E-$p8Ugy^wEMPz;qP}h0#m;V zah@M-DnQZ31>OTUCAfQhtRi@QVGqkmDJZCY^T?^L}~|2 z!RW}@*q4x(I&xlhlbX!G=u3ZvVTg=Q_^mUZt7qpTJ2UA`hFr2$3@0EaYey2l>(9M< zWD1(VRGNaCqc~RAy#>~eA3rXH*3}13nLc4P`v=tgND#Ewu3%yaMH+rMzIzvv^G}KSFpP7Fr1jcBZh=4cQbwk!zW#=WhDM`@SqU*t z#Fs`G?h*io(G&he0=`}R{r(nU6*3?Sz?UkN~)3urvc0Qe*(hnXyFd4`S z*VT@cQp#XjoE%DjMF0g#E3KnoP{8}!cRmEIZLd}y6VY57+Pq$#TrD%d0dt0|)yPs5 z+jZAov8;fzNWmmrnD_7B=jZ1Kx-@roxNgXp7Y)yq3gyvIn+^V4K)EpM?Cdn@O}zsJ z7nm>gac&UuS5M%WFeHiI|EkCPo4RvG^p-ac4i0dQdVtgS+6Bf5%lCGVA2M_ePC~I52>zc6`QACG6zfI`%3CK(5?f6L&x(F4@zOn^mMY- zWaTdG@t?*$FRxiQbV9Azd9dMzABLnt;K(EQCvp z)Ozy8b6U>9o*E>c5>J1lYi%v}=FJ0O#D*EMadE&x8ti)nT7V7u2L!P259O+TEGS?C zsk5-KKzOD+Wv*4}a3gDHYaozOSLJ)<^8M#P!P*Z^`JFZh57!2(`em5o!ou!Dj^=7r zMScJNv{6(ZcgkbG%WkpCVYMLuhniMPJAz8)1X%tv8k!kM83gIy7%$tlvT6`u1B}(v z)4PX)GP_<-x3n0olmGML-Hls>{4UG@nW>TyRKCMGXBXN2MTv~H)&~T9>SJ2>WZ_S z`xC&bYXP{DAmAPa1G+Qw^P(Oe{N_WsvtUp^rKGe4%ooLCWnoDHwBqLBVbN{44SFw2 zr>-`|XD8WNTE#CQ00o1X{WlC+LRMf?P{_fqf~va!%l6A`Fc8Q-z&xxR=F!m+f_ng+ zv9Pp6K}R=$g#GmC)93JTVc;+B$6GbVTtnR4+=Z_DMi6WnL~5VzFIRY7^5!V#rGf&e zzC0R7Vz-`32qEDjR+qD`(XaZk-_p?VVSTs&!FZIF@j+wEwNQAoPkhBCCTvw-M87%%|_1SKUUe@~x3;^4r`Q+6NUyH=d+k%I-#hXpt8 zjL{{0c-lst{2d4ty=FPqJBZud;-U{gDX@=u$fmne>V5nI0;4|-(SSN3E)P$;1FR!T zqqeS22qc2R?pzZH!@2eKSHi+K0NNJywLO(9bj!N@Mp zkLOoc+vp0a8;p}ZeWRlZl9G}TD#0*nabrUofOvOzH^q5-YGh>Ot*)*x)JzbD%RU6! zGjQchAU=cSM~y8le!$R@!B&6~+#o+cWQ2rwb#+CkfU+sKAo!936elF^Dg5gF7iLHZ z>Lm9q9^la*i;LMXNH`aQm};{QJyj#IpNJPiQD@XFfByP479e2t`BqhD0#8Ii?HTGj z*gLi$u@VvzOeV@%1O)|sPjh&^d7U==LDDfYGUn>kO<_HDKV0*PjU@sk)!Uk=;NSg& zgEy3y`c`Lj@k)cqda4_?1tGW1Lom@Bp_o8C6ls-wW<7y?BQEB!Hh=>7CF<<=W@>5* zlDOT*`3TZTX1O~tM=Lt6^3YS~EbGVOuK}Sj8N(#kB_caJJD0^s71~W%n<`J8!DTti zuLUa!Gz@%Z12kS|tJDC6!I6=8h#gSv())V(#;vL;OU;ns)*4sIKh95KvVJf< zFd#tT;$mx(vT_X+VsmrzT@sRbyZ)cW#l0r%<>loQPCNkt0o=U2QxW*l2??aEtgJS6 zcC^P7wW&1U)6?ZuRsG}RNis4rCdzF;o}9RBY;NxE?WGnLLcSA-YQbZ*wYN7kHKlh( z>%n#bZVr~f+~y{5iu&GOY*-|y<3)vqzu|u(r3_U;H00>=x6RD~py@$rP6g0*adRWC zZQa}319Yv2eGeo4k*g}|ygKUY#Gnab3xDf1v2k{;%e;J&Vla{x9E=Vr+aUwS)2C0j zt7~fLE?5gTE_%V2FfjPKO8#xo4DjqvN5^`S^?V+p$itJ5k5@@24+p{#@U^YIJsp=! zW`B50jDKe4vgahZzLJB*)hZNv5V}zi7h-3=thN12&UO_s;P#LqAj;c)X2BZ66?@j7 zT=`=Uk7a3J;oc+K2PDoRot+!VT<~(k3rCX@b>)1`HUKNr$x03|3obA7zrY}0PNZ+^ zxtD$j%wWE7a^mE3+IYJ&Qx9(poOr27+5yH8}tKp2+{~ zbpL}FPX5nN)L&IHBcRcPh2vG+V0slIu*#NuIH_Lp@A=C+%xWlEch!k6Nowo27&7H? z(;HggzpK+b7!L~42aneNy*2Yk;PpB~cye7uq#7D|jpeKPq&(x3i>^G6z5WHM4p2l0 zi351C1GSo)n~;yMYAoNb1b7C%m^^yVd`;W(amMV-MrHKm%HLyPIl*cz;c3W;{o&+ zSZ64B6{u)vh?xUZ)8l-~{dnuz*_rx}FJ8Q`0VynaGINVcHlY>xwiVwtSRgLvn`Ib1 za>;^STa#5eC4m2`j~_qw_xFFh+LsP8b9{%Nj&41)3^oJY1{K`Kp0w&OY{N8Kk4xYV zP}q0CL}9a;d5#26t6E})r>(6Gy&T}oGT@Zt4OCPnxy+&PI&WEI^_1JrkNh&l0V$tl zR|{ktz~4qmr`l`6d_A&!0bIxU9)VebG~N>byM8Rx^D+XAhdW0-*+D1>uGP-rsr$ zf`ttn&q}AwcD5e=M$nNtS`vJGd~j!-iyhH7xLx<2_6S|`L*Nbn_+wj4RTI7Y`}Z|I zqvlH~DO5SZ)2CpnAc1-E(_!_Ecral-m{IUB5%T9R3x?TXp5q84<WqCZITIKfy41l`2Q->I#eTUPVjMTD?H&T0_NV8$6S?<=ZH9ELh=aqS`kMl+ zs^(hH^LzL1J3?7YQi(v}A2yW}_zc%rbdFuZZnyrT~GHJx(qLmHaa!Y&d{3&efTfRK31#T5Hfq4GkkebU>9F%r^L-6EeR8E9e0s;l1ZT@Suv!gVxrpbO->apzoXTt#1pgJKrTE zK=!pXHr{#%Hf1aG_E?FzD}-ldD31gQ7(yB-vrj%g*jQMvbrTUpo0NcmS4pC>dXK{YPYs0z)IC zz6==>fCp9GL@=mC_LsVDK;5Hy_z(#MtDU_)_$;($C2?SV7Mb=_f$fn~&7P~AgW(+y zWTeRWYH4;>xXfzu}&%gBk&YWM&uxPjR>wX058?SZIPEuQU7#|4rIDR zqQJ?{{uSsc!aD@hs;#wkrfk{^(f)!q8A$qfb)w-w(t*>`>(l~;C56zb)q3y%%Z$_} z-x@8ZuDd#;gFXT-0YOA^au2-G*)ierMhi$hlCM`hSn&t}n*l)u(^$mGsZ{=wJSR;i zp7Z4Fj1}IYtaMoYP*&y~yNYn0pFMj9ptJ|PRoBo^3=|YpoW|kdXrR&U%+kHUJ5OOb z%uBowkb2_$<1p$awK2(&g@8g{eRE=hC2hhG^fmyy!BxKnJ`G2;pkX_%+ri3vsq|Dx zC;sb;ec)ey&Qq>_l&_+8nn|n)eQ%oqD@VA_6BE@9Des_@*amf`4H`!;goWSFmS`|t zE31I{Psr;)gF_|#4Zs~VjINQ9k*YF$Y~$cy@b{arZ@lN$SE+Q`{RuFy<5ny7s z&}z3>Q&U64qIVk!(iY(0zPr0S62jU?n7H6phC&YGJ;oxMRoDSxc z+=0Ql`L?O#-X9S{@a6*@J&xzI_b@-Y(>O)sGMIN_XP*sJ5hNUf&JpZ@9nr3p4^{Xs z^X>HU-u1)p85ywnE-juouNIe=6*M)2!K$t>ntQf^0Q?<_s5Fw|*`wtNvvko};vED!tZa-Rlhz^6# zboBksFXCyvw|104;*E?bPUxx0uVh=f&>QOMeW1qD9$Ztu|GBNL zjg-gk6UfUX6&=r#K4rxc^^o{@jr5M9l9HyOp;F~_Dkv!a-UX09RnGb{$+~$thx>kW z-IO5l!I{y)1=uJ^agm2Et!?W7_+74!p5E*hD_-{tx>f>p#AL0Xe zh46oqlMR{_?hb~dndgxI=RD-VevLwwqN85ISw-&Y{vs}UF~nZ~@7-hnYni?W|MPc_ z|IaDle_QS*8P4{zZ9J$t8$&jXvSE3VffF}R>f?poL)H*t6Gfpbv{!Wa4 zLPK%Wi#Y7O7V8+-mtGw|$Tu3fMgb4a08j>cIq0C;Krl(ZeEAUi_+WvsfTE0JH?^zF zG5zJe?t}snyPj@p)=GOQbiMVd70!QQ_ok&xPThu0W7g(t=qKqr))IL27y~Y2IWd(# z{U!LaR);sPZnr^O7lsd6SSq|#4w$s75#4b_Q;C+L*ldt?tkm)q5Q=TxF0-ZSO0B`j z*w}!?L^89IGcOe}SoMhev4e{5l4<@LGe%c122#%>8Nt>NaS@KQ4AW*TF#SA@anxQER<@Q6&X-ut^p%hZ1W9!Tx{%YQ;wu>SCQ%>K}ag0@lrI^ zdIg1{96jCP#gw1e9Txwt28v3-zzH)UdT2Cs(mSG=mM5L34S}z3OxGoU_;3@^K!>h@ zyu3Vkn!HCnot*~2=RwOb+bz6=Zr6<%ZrjID0jqZ!(4gf^8qxOW>oWy}dRh6KLdx&* zx3_tuNMEhaO90w$>EFJ+17@^WR(BZ!ya&y5PqqW zBES)YjJ9W(BN3{$>{!7YF#^U%f^85+6Q(RD)JN>^10?B>?~^@>(N#U#{z*z@Q5w zV<-q*;IB%X`ajy{iJ9Lb!Q2r8FfIg#I^LlO>-vQt3zs{Rds} z-WQwQ5YsULwy$5mPH!>ej9>kmatqY4!{*o^_UF2jIW)xB4YUVNXFlF9RL?^+>{yzC zsk9uQhVpIAq=gC2fp+?B!Krd8Kmhy7l7sxQ{r;whHEoJg+K+h5Bj?$w;0JrCwAy*- zXlPH^*#~xMF-X7%&Vc!_@`{Qg(0uB@OzNR`hM2qplUe_GYZ9^>F&+kgn+YNah>i}- zcfdx0c=~|33$E)03}e8k1v6l9u=o=Jw*!P;fu(6-2?hTa#_cOD(|J6R65SP$AstFf;OfZFxx&!`ojS9_=;&y_L9;vG zpfa4CpY!G0!}~R%JIrt@J352(VKr^{nskVFMMcHn+PM*;R}vYil&4e$$pphQYPxEU zOWEb+gb-6!t{;l**6>uYHzo%TGdUbJk?so|V0oW*=zyfGP9af9nBCe6?J}Y(hE^Wb zD3KQa8`6oqB@?w|ybdru7YmIJFcvmOtjfkaGz-+%#@21Lw6u1?R;fPT*+HUVi|XrX zd`oklZ0`7<=S*oD!7YYR$ra1!yeoRk7EypgKWW^g1mvbHF%{0 zMhd0=Gbk6Ta6YIM(J}}s7P9?)n*ps#0hnlz=fE}!$2TMMYbz=%L0Z3FGKzl#O~;h- z@))Q(I205*`C$MHx~#D#FkJ<9IgDS#e*5-~m98HN1SewL1|}Hz@+CXl+H|4On5$Zp z+RjtHU3-4AEOad?E{+hP(3F5?M@435pxx@R1Arn(ab3=MXvsL2{J*ih<)P)`_4&O} zK}AEm1pmrVdtSrx3&GMQR3^;4kG<#3-W5iO2E|@G9gLLCgQ9->_927%uixY2@qoxI z0GBNoIEbwXVy(PNrv|6m!N&w#5D?Q%wlecLa{R)O#0BHdVsz5o2w?*L1EOmK_DXr5 z8{9D?SY`F&f|myhvI*SvAV6)MovCSQ17Q*}cC^@7h1VJ}XcVcUJqsgQ8Ibys z+Qlw8p>%Mr2x>X#RV|j!LP2V>t#k(=2U)E`oB*=40md)<0|RNx)=Z035v>=<1~Ab8 zHWf0e;Vks3h3`N(&u(vrwHeGo2W)|>?o_723(+3}#mrQ_^I?8$6oyflJx+FLDF_D2 ztaZR>Y5Dv}6#D3?0A?_`Ri#;DUe|+!7`Oq#QnU4+N;WXYG_=8Orr&**Q>Tj4_c!v$ zxqMGc9OaoBWi`I>d{c_!N`Jl)`M7?GI@mfev09)RJ8A*_hx5woEbVHSaDbZ0J>(Y@ zd``j8r@|s5lL0RY1r>D;h$0MD7C|n8De}gg?p0)$hP*sBevl7v$7!4KvbA!0d^8aE zN?um@LFp4LwP4mvK#Kut^R1w!54|S24&GIh-N2Jrh(iX?yug`40Z%Ej_LWM$X3Dp3 zGnHWve{2XZ4PGV%`TI}gs$Vw6y&>4&pqHeX`@8zUgI}wauCV{vpGe#L6BDQlOfuTq zf|YP39h{CLma{*}o0R=GjwkwR6L z^T`D*@f^F)OT^cu>ZmT58GI*TCU2SPVsDz)S&*eYEB@dW?3*Xe(_%wI|ODgRfZ zgw_>lclo{iSRVpITX9y(|FXrPEcz`op;`JS@%`{xLBSD=|72HLe3x=?L4n-AF!Zfh zL!Oss#N#0zgc^?^`gL7x(Z9!aHQqN`SXvx(C`LT;-2cplFbAOO3sK#&RMdhVnRTXARwTU<0fs%!9Wm1By1275S1(-IdA%z*16sNb>G|f z^!?7b-9NgF06y2<8JQkbuOyQrSWSITldw5 zRkZ0_+S(>YOqzEM{Q$jfTfyplDMQ^X+J(Gw;wwWRZ=;%_rx&Ad(V8R&Kc_8S*0J$U zfg7tIo7kUliL4M*gVt!{NLTVEAKomWP4{|@s;sT;syr7pwO!^%PMqSoC3UUbm$^Pc zpOTnpd{~d)zUA^uqXs!a^7)Rwy>yuPE?%FT$jfnw*A(&AiL3oIR9aT%9n2HHw8p%E zxHdQDoprF%_;q#u!HfJ)-ikFBcKR|rTsGO77w_Ylarf?Weqkm1Zf}WU<>n&uXt!UN z$`I&tu~_u(f?mW|`V`wU!`8ShO+p@DSGK#`ayf~tWz}+gAnHDS7+7)Nkt2^_afZku zOR(>R7wGTeg-I=_%vSx!lL*TV>_)5_sJSr!NTA^9>T?zT?D3$~fn4e8;lHllz6$rm zZUy6t)S2J|QC{iwlvN)xEtSf}r*?(6&%CG?#_?M?KUzKCb;zsp!?V*L2c2G6w7i1w zh1Y%%-HyJG=qRkixD;wJI25tzX3T^_u zKsJ{G*H2;+FmD0t+oA1{Z1ZA_Mcro+3P3x!m0SHdewKi2-~L?5W>cu3pkQ1dBTYOd=%JkkKP^82@B=Yw z`K9^k5n`(_Y+wAwzF2CM#RnY>#6o(D1$lP`i3P%$leaW_|Ku%>quyR~G$G_?kRFei z)^i-Q_*jbOf(acEw@!W_ULWpXqU{L@2?7_{c%9tQp-tqh>P#F8 ztv{we`<6XP!&;E`*~&v9rcu<3<(JTHZTCF~9^n==C9G2eEGw{s8*`aWc($&QnE$zy z++9G&6uWkUNs^LPPk$F5+bNi>*LUy-x*OH2mX};zgy@_*lYAyjE?)461h6_KNZ4Y#mt zD}56nYDMEV5N;CR3Kr>j+0e4fB;YGL{^7J><0P0b->4{d!0X~?3$+mo)%nF1uOYW9}*u?L+n(!*= zlG_F8Hov@l7gkG&JSiX)7@kY9=|aIoK~x~*j`OfCsRZc1VT(Ra85$Y_=Cz#}HAJzY zwptCh7h!oHKne{lWr`{nu?~V3YHrKHiYCbo2+)KDfq_W~7aAnmF1Q}hoMF$2%kJMy z+79#rV2Fs>zGAPNjGDqB?c8fE7Q9pKJCHVeTw_GYQYi64I5|-Df}`g_S$$8Y7QeE} zA*2`L23OluR8a*V_5)bC7!Q;`5g&Q&I1nK|vJ|J3wy6tZFr+Y6f+lQCxVV<(_yeea zcHr2?@G&4)F4Y#BuoPgvd;dNMAKys+0$BZU{0+2P)DP%10Ouv))=x`oj#`ZcOcYe? zp~s>w{KPtl)q?Yg4_ZF{A^NSg*W6CR0mv7KbQAJJi^Gj?zxNa z(dnr!X_o2P-wmRY=l}c`TcY03$53rvC}Yl@RcFm=kv(zZgttBw+<;Hn*IemXVGx&O z-0HdLjn2+fX2Vk*b8|B@pmS98BQSviPH{gf)jBWp#}5l;0h0@TbN!j>+*jS)l$4ck z#>XFk)%8_vtv@v8pdGhELeyfv{ldy=joC-OYo#7#-^0{Y6#6F4If*g&FFfPspRuM_Jqtk`26=9mL7Dq0YNl{D&^2-jd35B$*M|t8sT?kPH|fX!eJP zxnoHG*I!XKy)!S}9>GIzF7|NqK1Yt&F3(J7V>Co}DiuQhV|_+;xa-I1s29$OiMHhM zsN@+xxhN(`Ta@#z3?BsldFG5~q=T>)`NO~0x*QbhKL7XThsDc4?C-EP^6#H(F!**Q zcm#u-R%^!`8u2&4J=-d_mMm7SpDZ)-j z8>yxGohDyK$V&Q-DClNt2}79l@5BIt{=NKih7J7QT6G>lx>q}w!+DpaBY~}qc+g>^ zciTz0!0E@wlQ1?AcS?i)?_Xdm-*@of+rEV-#OaFygw<+#)Y zx^fdc-lwI(QcU^M*-6rH&Yx{p;JYp!H!3ta>nC`uS^T5Zw z1FcyFtTsX_a7uO!96FnEXu_yLVs;c@idf^?NPOSr*4EY(QkoGF@&RvfV}tk?*eYY7 zh$C_k2_O|B6im30zl3Y1Yap9J6B^=@meRKrfk3dwVq`iD;|Sz>5}(6n=*BzeBI&ew z^9@v8)H9~i%Nd9DU)_|cu;LFTr~{T?A<-id>jLCsH}auv|lmCFdzz6?gElz>Vh*&6BlAea)kB z7i4X;*CK;pAh`Gg@P%v<&7xQw+u7IG=a&x@h{KzLqAD#XX9$j`5UwJavclo4SJP0{ z)_#Y!A9;svT*=Gt9`k|d3&O=;YBTvm1CCMk%qy#~)Rq$~7jkW5D07EB=dVJ5!+BO- zQ&pVneSlZsMD_{` zhaHH#`n)Qm)#4cBkuyMXcYS>J0&^m@ItGKlPe7Ydn3YwJM`Dd@=2*$$I>JVzk0VXR zuhl3^|M2#!DAdH=0!#j7ya1&+f}O0WiQIj=>%m;^IAW9zj|q+}sDx{Xqj~S%Z~1dD zS+PggRYG`>wy>}W9hl_gL<)%o5)iQ`Mb}9oP=LI^N}TkzKLk;i5TyWfw4}76f<#3i zx{;Vj3*HwT_}*Q+p1xE6+}6fq)m#1)QVBT);beM;ZXp*}ns57BtPoIef5MFFSi!b^ zyAzEH4zh_}g z=9FyQwCNQBFch1%8B!SZ{Iy)2olcyf)Ya7yZ4xlGm@#V}KZ$%@g;AD@hHAdB(;#Q) zU(|53r5EuykG(sBgBdOfDdIPa`)ndm52b0f^@+S=>cQYxxi+j>V}K+7Gpa91H6Y#> zl58Js;EdMSW)7ht5J$UFq2a#@0}0EdMtzv_4hQ&5YX_s8aECa(5WBJu)UozNN%`LV zE%;_7i8mXRuf;~X-DY(Fx(B>_fOm;nIlTKH-32Q7;UscUi53I;Rj z4fXJc)7(1WB2I*2Y_%JXqtX!t8TW3wLW1#U+2ur=D2NAjg)a8c+{(qKKA%Qc@MrSN zT;Z|31S+l1`CcB@fg1-Q@qr|p%gy=%oN$` zj0vh&h8aCcrh?Jo|C^m-s_>!~_f|9-<(Y=nfTE5T*07dzmt zMG~t4bq~zwx#$c{!&sTQ{PuObw)!lG4gX7j(iMIEXWu+ja9N;(*)A(n1epvM>_yne z?B-B2FW?XS2Au2QQ%xTFXzl~5mQc2f@89{Odd`o=#6|4xFe^IB^)ME23~J~}Z$lOD zO@e|st51KOsOm?8Db-e|H3ypqUUm8>>UjB+d*#X(uPs9Ym#Qj4XLYkow2+So{Z)0k z@?*IkzMn;C0bf7y@Fi6hQhD~!zP(5}BbMH6}AQ+%({SoC!i}}_d;X> zQ*sK?9JD0`mfz+Q8|GE4=BAG6wwM^ypI)K4EZ5HYDOX3hj8qM`K4bsR+70|a3qC}> zS(F5Do45G;jVRhZidRPp@*0w#YMMPb{ofwTDW8*y75S*WA$#e4={Ao5H z8AZNwb3QKSF)Jl>Ut|p^^X<=yI1#<3O*5}9CT)$EuD!QJd(XKukFSGbmU4tozcqL} zRufi>%8Fgr$b3RWE4WSj@M@i^)dg3o& z{6Ws=N$h#zu8A+V*=yy*prB>b$hf>5C6kLv>-tZ3BHg@0nzv+hZ{B%`%C%=Uh|5CA!k}v}+dB>GZ^N?7iPnEk zQu0w?pt6w`IByCLISv4_k)*^e=W&j)UH!s@2+lyGC$`Pe`o)RQKjxVVCqJ1Je;BOI zV{|pW5gfpfcVEL0k>tn%E5|;Bk%*52z-ML8`scyia(`UL4Yo^h(rq<)ZN#06Pn3784T_ zIH{s{i1D|)!iiY<_U&$nRVdrbZoDKgnYe-xk|onRR+XV5*h=@b_yzb8DqW1exDi{}J!IXgO*T{;Znychl_ zC_nHlZenKE>@x;_tAW{wOdkNN5Dh?#aT||sv$@_uSKWXdXN56L3IqZts!`dnEJ+K7 z)FZrBvPi8V!FhT5XJ^o)V_*F~*xoDAZNQhig&=yk+Do3zkR`e?$8ujiq{!0JQZxFx z)vNKalH^yJ|GiZtMLRD5%||-$GMO> zPIz}dUu-tYx(GfPyc-TXD6SSy0Z{xH{;VSBumb_vjo`h3*F~}g$@$l4){c}W5d zjmu?vk_rVp#-p&XD(H0@@FEco0+=zlrUNt(IqQ~HD&i=B=OPI0{PAweC0r$Bw0!_~ z?Lm|h`UB%bLecJHc*9FGS^)4cbmf25t} z_YP@m&?FK5=!^Na9b4g9xw@xU_21a_g^^Y?)m%2!`%b}2I<~~ zRBwVAvkF2rNmb?A|0q$@k?={N4ZRIv+eb|n){RZRg*hc4X&wU&Y{Cc(D8GFljX`o? zCdl!2$+Krc8=M8)g)zeznAUKX7{suVpCcrQWLQ14e90CBGUS2T@S?CLkHWknTm^l{ z1gi$^YbOj;r0oE{6R85CLg~kAlgUHi&61C@+l-C%pv}qU_)-!CVupm^`!EKfBQ|q?~qE1M%qW*DjJx`k*9Up&VaV(_8h^EP!9K6VL z=n#J5zq%R$O5}}8&1jctnj;evhS-){ZV4I>-z#pJ8Gv;NvmpN1rj6A3G#azqfwTfn zi|W^}qpJpnNgQroBVXaH;BFnacksA$0WFg6hpO6cb8T7gUxt;zB|5fK3DcUV4_R*; zTIIBFU-C^qp6c2KGz}Ffo&-v#t8>GNa=cu-&e$xg1?4nxynv$2{E176K2-rDQcDO5 zzGZ>s?o2EQH0iOLj)K z3UNz`Z*21cd5X>V%8im5*vX{!{tj&H7N6#G$wfT)>pi)pul!!sLJti6?avi_2dzRZ0ly$#!ReX{r%&Rx`G z9y%C9^phI-4hJvH7@MIU1D*k$Ae;cHtMu9F+bn}%vMUTX;p_M*eN;*8pCfZ}(0*6e z*2br&KR{R8Ua5?={yDwX$$+G4&=imsUv&QG>!2n#5SKgnulxJpxMvXKD#NdB`pV#7)7nxTT8uSMD zFbf%>cSc9>jtI@J&Skbk8y*d*Sb>Jc|V|S4`SXH$S7)L_T4Fn1bj1yski?w5F z?7%<>+`dCsiZK|bv0SaqNl8?Rg+2u$+aSULE}J!qkc+8ytzH@3*yt7?)BnT|aL!9% zJrG|P_9wWMBd`SHCG1aI0(GxlaXMD8OPdR`vhWWwCY-7NlV_yho$0tD5X$%N?ytkc z!=IUyPs_cF`l}tK00YQm&$Dga!m`;?>Dl zHW_Z=)znGF3j=ma7tQLjY& z*IN)C zIsCsudif~>7`_UesSR_OmT(8M$9m$gCVC5|M|hn!$W_H4I}|+boCTbVJ?x9q6>>C> zR6=(_J^^XBUBKiw3P>6-LUHA@zqIBiye<4Hlpmk-9)W+IdVKSV&Trdz@Xj1`5b zcUhk&gcfiHPOc?*OA0s{%ynVL55Nq5yH#$JT6N0A)^&O^PnV} z*qFdhRVP*Cvnb%}Y8K~f7j0(8P4SAT;4#qRkvbm%s52 zz^Vx{nDPZPl!yQfPa*-{WRoMv2kF)|)D_<^4kmu0naS5k0~Zoy32iLe06vddhoRhW z>*0m=gLVihq8kdJ==7HxWGDuOAb-SWg7B&+^ySFDR?#pHrV0WO_-3Ub%fXKsH_$s_ zvlFTk)q!*xz$5X0k?T5EeMcYSJc1(l6T=15EnANv{o`9>WB{bHZ259N`)=94h+E5 zT+_X}Vk*C#o7c_WO>GSrpyW3df1HZtM|8_$@j^@0lX3R$gXC$M+nLWdDI1a~+C_y-G+ zG7X!943HnrG6WIr`WqAN7BD9Y#V6T%f`1?u>xMLzoDhx__1-civ?_prz8zeCx z{)6)dj)5fh29_CkkpY!qTtz4K6JiFLU4|nIwvG$l2CWEz0@H(_`;cLY+dvu~Fjpi& z0&A_L)|qhZ+I5ZiDndg+>8_uf8YcJ{NO#lLt>>^ls3KEaXf*2%aUj+{r1}uloCjN8 zVkJVzBO4zDW2#op`@~uByCl_#_#)||kw2u6VRH~}$!H|32en*k@&Mi40w^%P4g;IO z%v|!Gh{D_qi0eekCEgh9Hpq`;@B<9!ja*_yo?zIrF1=iW9-r{p_-d)?ZP;ja1S$WEL(}1s)`~7oBK3z@1Fb^YN?T+%PKwS3R{pzuDeWOR&L@P-?CVG3+A^U_%kE zeT<;z(iLl;!aPfH$NS883zj^CVT4q^iydHBq4-?NX@xtIjAO)6hS;_OKp$a*iCZQ8 z5dI-`1XYZ@78V(qw(;mKiKIe)jRE$+jX>D;+RID3(5GXDPe4?Z!quy}4HY3lLB!OE zrs6ZyT#%n5`Eyu8IB09JYDgv*r#8AWkv72-Sf)hOhtCHc#7~UiX}>@&{^-EiqxBCd z#I!*8Zeih18J0vJ!7xXnv%rZd@&cULbqJv(3Pk3|U{(mprlU1P)Z`W{4S24=YMlYN z`;F0TkR$_m1jMn4Hit#K2Ok<`{CNMlbLY_VfImwyaID<{*8x;sev6NXaVJ#zlKQ>E zh3xmE6}|MO^iRk$TX0?C=WZoCzk=)Ehk!0HPHL`6dW35)`4{DPW{~Z61BfXMdA;{- z|6{_9l5=L2s!`SsXkj2`trHIYS4XL#{9+_=D1o3LQ>41eJMR;Z;EEec&S$p4ft;a^ zIX;YaQ)|@NeHwFZ4RA25+`x7Ppbb9bZ*iX>@;=o2yU3d}8CDtg9sP~|9}XDCk;88+ zz-*m#2tbGk#ztBwPbdrXs3FCPlvQ5_1_s8(;VQ}NqnOe(L!pgfRikVBiB!nXMkR$d zW#Zl%9r&50bGNV!tw0`fdkw$irhbKi9EXZj>eTiug#S3_T~g9_DD7nDh>^ zo$^HiAdavcx9#LLj*LAj$vF3mZgu?!>DK?Xo%DZrk$;qQ4O^p;EfjI%ZAjvP*6nIM ziKX=g+vXL=_C8IU8)SKN84p?T1hSa()>vYDANaI4{+LKmW~ z$0GC!0Ef(Am`2nJB9=ZXFJ0IVgElak zaP{nhqztvja7z9rEa($X}VnPn) zv<@Qh00#KXsZ&cZ?NFZpClRNV@`_KGXaKXiw~tS?9L+wt*csa+)=KM+?D_N2CvWuY z_&25NpN5NxlRFvXxK`YFIbvsPyBh~L${uKnlgNp&dyGGfW}qYbZ_zl)HE>ZIH*fyc z$fa)q?f~YZApCg=+6qbDYuIw}@*07`#U3OhEHM>M!^j=tnm+jpXU?R94Fmq6K;t(C zQFotJBp8lEWZo20^Zszm8Vd;yE{EZRc#cpdDUDRUD4<@#hQon&EqRQFcBx{XgM$MH ziw2Zy)OG#IA1!2{2Pn=_*rS->#Cptcc+Wt7J)3B6uQQ2Bfbt^UG9d%dAyY2Fj@K6( z0tsLb(hM8Kr%MxOa-07AUX49fHgd#8``{mm>GEl18@)?FpufU|+b-AE>n4Bo|rJ#s$SOpLVy-bXJWi$EgPaN5ZN(c3s4#faiE5|$?) zN#z%bO6HW{-fV{%Xc4%;`f4#Qlhqq6Hnj9O(NvSI(1v1O3La~tnSF7l5S1~5tt#zXZ!UGp!!hm{v)EIPtb*v;e_q313dBa`g+M} z)~ufdr@A`!n+Hw2ztUx28{s+a+I&zg`2QDmI!h0_kW8-v-*dJ1*=-E!vkCGjtEf-{ zUxOx>431!7Qo~8CnrFEiiQ&uqp-C!JxKIdvtEpq;z&R6>gl`DHoW-8}H|f*)9wRai z4_y*`mGQ85U|=9smL233nZ`y04Kx)1Ov8W7k?AThqj7Vu1+Bs6{_~_H@&cR4EJYXu zNt*;u0I}ytx|}()>|FFiz&Q98&tQ%Mt$V4JCj*i(Ysj+s93T+>=CkKO+QNSZOayzu zkG6tsU=sH$!+iG zh{P`?nSPIMR)&EXM3>y&{-lU&)~JUHX%CZxpKIIjV6Gz>k(5?2l$6c`_LY-bg6U~o zW5#{rTiR|q4DwmGeLQdLbCX z%Zhsc8eV~(w{l4z?w&adco`1%Xxwr3!PJc@ zo?{r;v5}2Uw`;pXq^LCBltd??s&Hi~{zw_At9d*&bg+M}Nxx~YvwnioWZah1tlJ{l zTUP5S2g28G; zIeFnQcbTk?cA1i?DRc0xEx{aY_e8tQ5)Jc{L*w-4&dWtNiaLE1jSn}u-9S%+~V%-6JTW%;TZqpaQdjyqaJ24*KEwWdVgq6C2GHcWF$fKe9#=qIaWF}tF}*Ly6{Fg;OvO_45uPia6V^kmpkv9DNN2ejuBIuFdLt&!r%l+2EI|G%OH@+be#EvX{0m%;HFh+zO*1z5( z{3?k}C{0S8M`GW4>$qoQlYJAmsq{QUDev05Ec{biHJ;px&rWtx?}|2~(?zC!R~wQx zK@2$DdeB2DRF$q12i@!xwa;AqEC>z(2vTZm351~hJ zVeF?+v^nVvpQC8On<4y>AJ9{^)IhO)0B;l&6cmf|!yH%Dti5oC`pF44Hj87eF4k2- zYM!3O+*^Ijno?Za9a+}jmN|cZ3x=Byi50Y^VJTA^dJS<>1w})%_$m6RyhUQ_q*Ywo%WDYl$ZB215~gI@A+nz7Z@Jy_OdvBs`$O? ztFHnJ6AE6+4L_Oli*3^&h1m>clS=yvx~%4to-Nsx%M)fIyi zzB?5h1pzH>Jp3IGDZD>o5Y0I^d_Y7*3ysxGn`9q&D#J4fq@ zE}7{-x*$mH%o55^Hye$!9K3oUhc3d^XPBkZ8nmHA17dZ6zklsnp(X1mCmav@NL5jS z%#iqS+|VhQoV4M_O3Ig(xTYs|BH)`8d~KmmM@kpgFtX>Z*Q-U*m4TRW_cdR#y-0|4(Zk$>ktlBA-gkJ6m%Si zjj39KwQgH|%Eopi)03dF>XISlz+5EQ3?jG>RB|(>4izrRv|tAe`G5k^sy1BWzpFBxg+I`~a6peY*k(LpgWoq)iwuq6CB5i_@Cq@+H;d$>;; ztZoxH96DwR@TjMsXlZF-7IsMJalkgrB$nk`&z^Uo(ZHud5%SpS3UJf(w`9eG4(ie9 zfe$~Nlv})L9~{rhR#s_bSZnQL#=@|d+VOZmVtjTDOuC<&OGYXJOvVHF8xqK;hw1~G zDgqZh4#9@n9`xlXiN{o!t zKA2fAo;h>#z!2#d$gqh|xwg@0@b=;6<9Ac>5L0B*>R?j*eaDVOlqovuk)GEAjf4DZ z9eS#ukPz}M$tZk0#HJCRJV#)D{81Kpm?nHDkYgOuK#qZ!`g#;V23@H+)$1bi7t5GBT2+6q5F6G3@n*=Nde=P47RfB{rg}J z8m8`=w*l5lD_*?#uy~Q-hG&xWVkrb!d12?x;&8Y^)1(7H%0-H51T=!4BzuiF$w$B=MycL4V@$7&Q|CSZE*j`Bok^Z+bFS1RsuC?mQe_K~yRgT~{X^9+h_EX*`Yh_Db)(1_>7w4q|bMNtofC^*ONE&4sWUVYFw@76B@Gjt6P zd$kXL(^gGZ0gb1EQbLEH19tbs&+CqZENLR+owKtAEI+27gpXp>wd4o0;_cVFaTTN$ zwY8ssDNhzyfm6d?r^$aBtU6hp0=SZ>+XwM^$$Bk;Yn9U)((HMhaOi~;VThrp>4-=h zTfdnBxv~Yj07#ef*fCXHy{eiTI;t6|thljU+}yGfjOl1_G4Wtv`_LL+gsFghF%R5x zSAZ-!C^Bh99N#pIZ$vM55GO6_x*`rfP8Kx>hip7*=MO+1v_Z9|{q|e7Z8Hb!kLfMp zupxi9Iga7`;sku)5{Qe7V+%cK9Sp89QgU}M#94wmOh_>7j@Jb$KQqSOy5fE0#bp(_zZ5P70;SU8!HSVZLEp9gOH+Z(2E8TIc4SLW*}Ig zSwBWXk+biI=_rPgo*`4@VOR-7Nx{eoNnm-+%qw@nGbUh`V=_3ZNTop_aV0dYIFYVo zsQ(Tai))<(Ng?A;BgRvZB`hBS=3nKwYYlt{p7?1 z9q%#@hca9yLy9o!)3Ab3A>{%ZQR2k#z!z5_%6-ysE(jxO3yr6`t%x_GXvhK0V}Dyg z4tdfD{NoAuN2X&hsi53Y<{Sl0>l5-TZ0j&)ui7Xp5%)^B8WSm1l$B%9^HRH9TwI`2 zB#$2KS)5O)F&fiu)(8cwfYlcNs#hfBb>{_X>AP??t61q78XPK6wTH0K)osuF3)Yo( zyovV5TXl6+)*09dvxI=v?uRc!xzo-I-|KWn=HKS_?T=cwW=(RvD`t}f4RIYjD2-|M zjeGq?M}6ittXh>gIt>KDX;;Q_cfP2##H$1#5*<_#+o$!YXuEZ6CHHs@lj$sNr}6jH z?leq(uAVAq#-Ft#Pn|Z~{0r4c{%@n2uXcIAfYf8#JnfJQYh&Z?JlfA2mj{LV6)#*n zJ0qX->FjjxA?ImM?n=eB*9E=AQRsn1T~%56fP*YKvR{Zn)8z_2N>{3S#;M@fxBc_O z1x%GKZ+y(Bo~gC|qwc2ov7@WTE)LkR4_4dsNyVMdIu_I$>UpeRLipSf9}?}aA6k)|Csq?V^754{_3rBf9A0G+a+P(FSWxze&pI;p+12y(T_@SZ zXTEwNCf)g)f&z2JhFjgw3*<$~`LK^Rr`GrdT5rRU;Y`g`6~;VdRyvrYu@x~K zG>aBRrve=mepRTB)kR*@KlN*1GX~-dc9;~|&Ug7HnRqM^!e3& zD<9#Md(`cQ^9dP6=?twyR-6|-pJ{EL{g{0?@8f_+NcBGHPsJVu5cQ7YRL1Twhi-)$ zw@|i#IlW|fW<8Xu`%4uAJ`Y7zAit}O0;QJeV`9UhG)O+Nz^c872I*EG;pZ1X zZ{gVc;UvaJ7Lz!-*l6Wm&0L#jFsR)xSL|+nw-jsE1x--$p*Ob$?@dvC17cuFN!8A)&!Pe|Ks0=7z6dP)fI|#)E{xnJ zK|OjnK{%;9fBWqzzRy)2tz!2)P!9r_q6?5vX-4DZeIHS_Qc3N@Kvzw~ z*dU)(*Szj?AZrUK?jp!1G|$4dFHmY?q5UQSe=_5tJp>Vfi7b2b#su89O5`>QW!e%* z=HkTJE7)?WuRRz)1p0^kD4^FFZH^-gxQ)k9O{b z0E~_~l!yhY61m9E_<5U?3UOMg>-+bsJguOetqKNTjCppu8-PJAXA5N%}fw_GHc7H>3Yr>5}-+rjK3OvjjlW< z%C(M2^!q8Zd-yy0nu^zkgz4(c{KkAsGh47N_Q>)r?5Xn#0A4t$Nj1>a3?qju(#FbY znO1Mu&3X9qlgoPH*XMb{iZaglcXVlWI$Pvpxd^2*c5>25itgO3YmZ@}mzR99Vt5BHUg5$m%u#PSuJ`LP{QN z$&v&@48s$n;0+kZ1m56q$^QvJCDr?$Af@htrT_G*HJRi*5zBmj0o7PdS;?HRLmAI6 zG_0KE~E%SXAu z$r1%S^OYl7rFaPZCfJKz?FDGTXmH_>x{a*%E%ffNv!o!|c&b_3-j`sD&W~ebV`Pt! zzk>x0yN)WflBya5SON%Y!o{Zomvf8!d@KZrc}*R^_W{`xLi z43GcwzVrVMz4-q=6)Mj^NX7oYYxPgKR#_@j*bSxLe0!XpF`Rpz^|PI$nY9X?I^VwI z8!hE@t^&^_9XEUn(3*c$u#IO=-u{1tWG8pF)Pt zKItN>$8pw9ti|d|g1^*)L!OLdz8)`f#Lo*oecyav?em0EknN8^t9)9baYVPEc5?D- zcv;k+R~U~6aHKA@N^o$ZGfFal0~>)&C}gWpLr^9pk)K z$72Eq)@pM0gx>Q%yx+P#)tGIjpj_6c!MJ5Cd#^|E^C638Zw|C8n%+I1rWnFDXTHHB z>}d0tX1Z03v3tm7as*u+p>}fll+}3 zqEh7Rc&^Z960+aKHd@YYX_(qy>ssuoN-IeXWf%|g*7B<*p7(x#xi&c={X6*{FH+{T z&wB3*E5354zlq8tZT5*%J6R$u;k`3$G$qHXufp}`p}Kytm`BIBJNjt8PC4fi-qTNp z3F+&2&pkfMU=I^5iLxr0a@DXDU%hs;IjX!pv25|kIn~w{?y-#7%5L+C!m40BE8g0R z=pD=+g$yWQ$40R&U(bXxQ$0{qWiscWOKusIh{|dA}ezAJgB{q&DG7duI-L~ zjDZ;J7%4Hf-ly$1qQ~Ed>s3ZZ47+sH*2eV&ufJH;>K2$idxTmWDe9>iuh8YT-1O{= z10K<#o10v87xN;jmlKhxN_zWj{^c<7RKdmI=Xbg%vM;qs`OYrJC$ckpg?#4CX;;tH z!KIru>nWixKI9E}f3E4Sfe`cL6=!M1l8rj!gKCmNAp_$UB8QrvwMDUw7EXH1EW}1# zT5h&%+C^th{h=?HbARMYD@7^w2VrNL8rJ0q)QMPo4AI^nU3coJK}(c?$9TAK_To+B zypj?s$HG_fSJdR_W30?>y1rq$3tYwywmL33TDY#9LJ<+vkhsEB^1q zOQNUsbKX{%VdvIL2h1;Z@9MEu3itD+IX7QS)qId5ZO?Y0LL_V;$=u9zG(AYSRV-KH zbk_d)XyG{J#PvGirtRNrn1zIz2K*dyT6uiRo-dJn$jIwI;;pTs6HFNRVlzC1P&6S^9D-HiT#!~5p)#FmM5<8@79_Xa!a%oj2ti(YBH)n7N< z?IT2AbA2xeu+r+9x|(s@a*GKThb;Gn6tkwdKbZwqHz+v8TNTn0&Gb~1&Kp_LeH0c> z9}=I~ASO5|Cp5ZxA|w&C`?_i+6>a6D8FTg^F%dmIFS`%sbE@I~_@ZLeDtUH28CEOv zxb#`t_`AKyfsT9B0vt>hSBZV-bMY7-(%rXcpEJMU5tQqGr(E8r;iIXoj5gny9UVQr zKK=|9E4OIIC#91#v)u^{i;!JMs4J zHnGJQ#ytaRaSD2$rBzP)o{-?t7F4v4YEL+s^S-`MX=Zg1r_{nZr#egLoTdj>_Knt8 zw$btvGn#v5#aUwIxD>avjjf<|p(coxeBHgS&@s+fBgE}fueZtu(~DmV!j50fi^&rF zChOt&pl3x`b7brD=E%7j=6ZSObN#ViqWh(pcg$rri=(>d+UQ-|UETRwvJKpR(hG>X z*VY)E`EhDt`2Fc^4&m$e_V>p(tncc6lJ~T=Nd1$O--iI_@~b=pzwxWSKH%6Ky-F;p zkQEEd&8hg*z>3Aus*-@cB^SiSx6=PMUSKk(j#Eu@^i|Uu=5R?rwnq(}U!*uFl;b7r z>kU<=eoOK$yPTK6bWr-wlZ%yHoRTj})B3Fa8v< zb+a&+9wH~S@Eq&ao#KgZNAG{1^4Ckj*E$gtv~YRdKlTRyjxIg(y(cPhh!3#fi{KuK z#rtN<8Xx$JO&tI`rZROE|Jf$A`rW&Lw#eiMpJ-QvM!xwEZ9c%SqN$mLXX_>pW#H3% q;YYK|qv7GMOl8nV$0q2DOp^;eH`rc&@4@d=q|eHqNjr7v`hNipH%W1QhQFT8s{`+3%yYpyxhHe5wX79WQk2Z2D~KbDhHMIcaP;lCnm zO!y>3mHu~eEMA@I{L7ns7yl77X^=nrH9(Z3;D}y z)J;uIl%^S`9PY#Tv~+ZIU;L;-Uxd^5?aj zQbh3M*jZ9KtFmTf`ZVeD;&O#I`Y}gN_l&G2mT!@cx3s{J!BWV z;+VAxjWE(xADH!};8RnlT6W)KWTa3b6&Dw;Jv__b3RizH((#i`LeKSv zy8OXcTcxNV!ut5?-mgLGih<+P!X5k}k>gCm&%>zHlZG?D3dzMq@vT_En)7#AF zGkMy#yF(sMw*O>_oHQgPM1?61@frW^(UIINH4QTvIeF9gc!l0so}03X$48uj*iN~q zZUiDpggm0Bq$c!7HXBO8pLhGrzKjP{A8L!yic|ITiD^)1m_?}d{VE8CQZF$xuj>XB z)hu{1j4PLtsdYs*K0mdx7vjNfZ_b~uE(kofpHxn`8Y#vmpP!o-(SQE(M629c%*;m+ z^M&WLAhB>MR3TXbO5L3KzlLbW#`FmPFY4jz@wREO%z+F@S2UK++nYVyW7b_l?TjhKXGa87t~Qj&-;|I zufGiJbP8$cYNJHZ#3Fu?FmP~t)`*HpN$tDu9v-&A{lPFF#Rl4)q_k~$klJIWmW%wLZu(-y+P zbG7d1aYtxg{`F1ls}stm@)zP;hBiBs=L_4rPNS738+KE8qPZ^?md&Exk5_MRJNgHd z{JC9Oq#L#PN;RQVk>+9E)DtbeZ?C>6oXojiMGf~O9-*BVE=_yAA)~Mi%>JPp<@FI` zd)vXkI{r?iiK^UPqGOCIc*npio@n)feGJjuu(8(Pw4b6Vigs=U|7j8nyUh)YbG zNIvpAfvQ9~*-0HYN@iX|o}~AVvben*1)k>*;-ncHgt~55nM;Y(`eDl2-#D;T<;$nnmsMg^NN!BT=5yN?VHTA-ks(ozmJ8qNz>NOf9gNJzlJC%;SG!kWwrjx z`o~?Wl$l*Etwak2mw8C=f>TpN^}2LcQSVB4*xHV&+M61ENldxVDYQlR>u<)kGodb5 zGpEQTM*rOTowUL4#eKawwc9@~Svt-kcm?Mcn=FIj)F)#8x+5I_*POmf5?)`@zt@CZ zyk8h@WFD_NCC$^X!a$IUWC@+dSnFp#>6O5~+x~6gDEFzw=4#O6hgeP3aZaUaUE{;p z^o-6}h-7xPQtd#BYajUw_E3FKPx;}PU@yfxhLQ)oED+w>)fU}z@?A}fzr~uyTd>oL zF&COTrMxc|^lJEx5p=#0ZMnH_OtHsoh|Nur2C&hqWqCls9C5}FE0qXY{= zy~Za()ulEG-1E4IhE*};0I!E$EGd`tIW|8z8Lg9eol(Tiw5cxnoo~tdU8zxQSL0g* z#}Zei>CBB56mSI)qJDho!GFUS!^=-FG<)@`nx&yQ|DXv_IY7rrXd04K+1#$Zb31#| z_{_AKY@hOPjDX?N{NhX8&qnvfTT(0lv){W~G!Ll-4tTjECS7*&coLYp-XqJ#nJtPV z7w-I;W$xZ=EExrzg})eLI7?9id%89*;vH80{967%g+12|#J0Kxp=U7qXUQXy$v4?7 znoH%>y#~J{HxkOdDRqUd3s>}((lbW_-CBF%snHa4g!?hS!MRoK zfSr`kxWMmGwLF!Du3+`QC$vQMSA-adwf-S2G?`M_?ayWQhXpT(sch-!EVV{3I_2^2 z&;)n}K@qdfFrnk3qskR>|7?@_%ihX1#@0v2@Mrr%g+0@a+)0nM{qy_XBVpsjQ737M z&VK~G_{-$&%rd^5b6H;qqOO0~9P>Dj$2TuAUj1|?QeiHiF-&tQPi}k9bYVi%t8r-R zcYuDh9|2n2(t&779e(-SqWqi0i!?+dFQJ2T#hkM=MI* zJ$l8FwfQ=mh9?#oE&AKM4C9HKKR5s}gY;*szaX8-@}Q78xe#B*y6cX8={E=yi;Pf(erm zotn#^>bUp8$WqmkBDQnbZahCzwHU)Fokeu!meL+NEVsP($}OSE)fu3iw_q3iBeukhx@fKB9Z@D!_XA8%|?2)QoeJwI<0{7^RExS``v zP+x-Y9oNp@Br(FD@3u(zBW0JM=|MaQ8F^jnJ z-o9Ife%92`fVeicWzb&rj(@*!g+5MUijk}?eJ&Zj? z^!hW(<(rSB5*g}C)1B_#m%Z%cWryg(wRh$xdz4lyMK9S%`6?MvtK1uPZC^blu3l=n zB=z2z&3E@WqzQ^#$E%Ecpm6E>d#t~Mkanr+vs%oD@$HF6=VWoO1q_V`igGDfa(~*h z7k`!)!gYF5=(YDUN!0yLV9Fo=)yxCQy$?$L-!TB>7P5oun@1Z_RkKhcO+wyu;_Y-* z(~@%KJ^Y)@@>EqlBqH-&f#;51k`Pr)VxM{1Ga-VWYZRdiOVvh@k!#~aSnp=3(5-}= z#>cy#CTPCaFHdR&cu3gUxgSY7hwn(CX2FfxIW|;y+AIR7$**1JB59zRZ;6&BMfV66 zLHh6kwqdaw-I3l6(Zn;{y0d-4Hl^R;y|vn3T!fTu`qFX(&l_#JaxI2}--VOzcxy)b zNK`GQ z^1fZLWW8=1T*G3fSM97lK|ABobZYqx5AN%Ib)&dcdeI%-4+cfuTJ~OWI(y$Pu~@;$ zO1tTo@+6NxwSCcHJ3hjFz!;&>V_HGwLrf7*{U~#u#NBB?4ho{EW4z-_D&_gPU&Dkk#}!+`n^+fi2^5$E#98lIv`)OFV%;u<^unLzzU!bM6d*IyG% zT(xf-p3tGLTkS0=bXKAJlrutzf$P?i{#Mje;=uW3Gqi`5oUm`r>11d(1kK;{ipt~M zmlC$x8P76+?{KJ@?<(2c_aEet-Zn6N`DJWSgeil3 zAoel8%RG6T;x(Ca-`o;oLj0)owVT64eRYGljLrFrlNpJER{Uj~^8wOU3`RZaRNMIW zfdKmzyv2dF?`|O)AWZUp{xw)Nd7gpQ-5`!i;f2dzJt1yugG2m~jPgY;1TKlA)ew`R z0(QXiv9r|qA*1K@!}j&97=ORe*V~4Mrmr?Hbe7ij=Ndk9CL35=qBFWtAj9eQ967cd zyH`R&r@^`f;PfRa|2MQj+vU$R`RFoSlKhp=n+Ha4NJhUEl<)*bRI@_)H@N$bPJr!> ztgC)o*tHj&Cf1A{HVUO1N46WU%=Oo!zSO8n$+V=ERGcp0APkHcn%8c7%~wm>z3h9r zSxc9rQ$?MR_aglEDQk1SPVZ-q^8NgsV4m^^oV@t5uCiaBQ0psv62NAis%jk8#bg$8 z+NUD-*POlf=y5D6M2|(d8sDGUau-^P|((F;zPyQ?Eiz@4ov2MZjXH zlB`#zg>K0;&sFEC?}IPV?I?(#=cfu@JLuO_`7XL$V%li8^rYFt zzet6*WWPlCv(rednbnfpcO75bi=2{pqsuyQ4#+vEOnH!xjQi4_;hH_VAU=2%_ndSx$j=9|lLe`0wJy_TyJ zE*IqZE7Z|9hb!>B`8OEPw-27){57H*1NWDoeqoZa`c+3?jK4~I-I|a4Z4-O{osB9l z+QVI&>29W+@$E6gNrC5oa(-&1?&(vrZI)q^_iL}la6(;YFkhVBLEpb~1ADH_R?yEo z;Zx_29Oef+-2Qete9jd8IBu#%v57Cjl5!+;EA7$PQp$iTFK%w=CL4FvYN9jiI3e2y zB}-mzOK8o%v`++n*zxG!6+1Xki7&?8lP{^I1qySYRdrtJkI06rm5vjCh1SB~Sbn@z z``cyFAD~~n-^Ctm^-xD^;?qbLUqMa@Wk&0Yy>sD@y`0HEq@C%LD{6ywzr>&C{n(@H zmCsO}(kVTTqNdg=qbWzXT=`mA{aPmX(IZ=Fp*u;rR23|-GHMPUUIXhov94d~*6=-l zpk2Rkd|dsxvhHlU;4dLBi;%kUbEhZ7_vP0~3h<)RkzDqduadi^s&Y%~bW<4*qy1WZ z_py!B-KzaV=`-6Aw^plRa+{74x3V19qKL|A^uy>6VfAlA1{aI4Fjr(-SutJz^x^6wpB>dFKD*2Qvr!=_99nz&2gI?m z%o584%rOh0aqX5Y)W8I6gt$Xn8W5POXu!cHOLr~ldEQGf@%T%m{TR#Lij2fxn3=>t z*k78Uh6s;Tj&}0L;ayttArw-CNH6b*Sm8A|G7rhRu9AjJeZf~S%~&BgUu0)yYyU`J zC|4aD_&hbbu|Km~!uDd$A(HuWYfMlPyUH)Mxy|iS>Oufdh!efBq|KYL(5y@tRZXIjTRNYHMH5N<&ExArRG%`EyP|DmTBe9%*}V zVb63<9wIV!ONot_--(;VMvza^;P#dvJA3+o#b*}HW)+6uw6vQcGPhEhv2HWh2wQ!2 z4Y`qUGvsvzlhZdE ze<-R;QNkWv%S&-Ba4VF6a0$4OinydGI1g-Esy~AT>XwLl zgd3zsSlHZEOG@e&4hL;9t%+y&JY9}Fy_A&@1&-(kN1;6}azf9W02Y+@Z4b0&jZ`cx z5asogA1M=~i{3htb}D4EW~;gGb^(g>6H|6XoB(r6~X!MrdlQ;GT|a*r4gJw z@o5*tvjx5#rPue0A_zTLt|xnz`PUXdi`yV^B;Fw6`Gj@;$iXj>C~x+W!=o&vL~inc zeH{T%Rs7AL$ZAa_h-`}--0!Q;h!Uteu!@>1ms*HH(_9#xrdo||rFZV7+29s$tiyi~Wg54>zV${vgGVW; zQcUiLI+H@G=p9y_vYfHHgG=5Xh3@8wueVT^nh)3w8al3z=y563e+)#nP+4eWgifLu zn|jwRZmnHMj2{gNlvpo?n6cg|)t|4N2o8&>{HhiT3Wav*UIP#+;FHqH7$1WP<*MTX zTdaP&SeAcH=apO)LUbxgNS7rAxoACJhx_lmTl(5%=cMr~q;>pQB zn^N#O|6YpNPGv*(V%X$s`5U=i-E2+Nq4{5Y%1H`J^00|s@;Saqe34GP1_G4)lWZmb zEbl0Fc^+ZA`Rjic!W0{ME+kX1t2fR^{BWSwZ=F2;`00Bl z2m2%Gpr4cBwrJY4&Z9KP815G94<4w`@5fq!poePxm!-r_@<*0poy|=Dg9;4SJTd$} zl4#PMzkcSCnJu%eqa!zvxmcJcVtD3{u@msxMUvwDd@L3ejNB=Y&uaF#)-PNr#al0C zs`n3bxe}=nL`H-5%=d7WYr=~4MkNXQ3_Q-jTRW=W{R5X%#drq-lxZy4BE`1>*aUKWzt=dgisH>u>0xt}Wm?WXGb@e^NQeZVHDC3hg(A={0s<}&a zEysq{z|1hGxXcWsrGy01-z-b}%PoxaV`WCX4vIFr+YSwTL#K;oMkF8Viz%?&^qM|r z3er4eRTkPe>Q}qd?`MJ}pi~tGwd$7r1*`hX(9^DQ_UoTbtc~^&%+~de)I~r4eUk8S zL8yk?7*V5BO(RxLnt7-%-LmD^RQiz>GjbDA8AX<^inf1e^g8F$tgzz?hsKnD8ZBmts`7OR);U+kC_Qbf=#<1o+4^&3Fm_{J(`I!owYX5Y_7 zb6q_sg2YCb)2Y(}*;9rIlV{$E_zldwuVxT8lR#g#ExAUpRNu@fEa0n9Q||=PoOcNU zXKdE9(T{lUUj*Q|B;pOkHcX#9(RrxgUQ6A>8o4vlBr;yNc@y9x!zVhX9=9#zaJcub z@0+gHbS#k(6y#o38t))E?`h26&uW{749*nfj|ZGobXd-R33v-yF}m6bN6b+4S(b+i z&s^(M*ubE`!gaoO*xX%=wE()V`_izb4H;A~{&Swc^S-^dylXX~m$-2A>&*BtKEXTc3e-#d8XV_!&y<1yTW}H=2yn-o1$l8^OSB2Mvad*6I z$!hv;GC0-1tJ^m+v-4veRzuT1fcpS(z%_%haCHeUNXve%v%7TcrCg?Xo{wEysZ zmDiN<>EhFZ63*uQ#9kwiegs_(s76TwQ~#jvRpt1KOG#bHzg=EdUs!qOG`4yHMR(cc zwuA-x@&~hm0^jXjWW{tW!uhQ6(!kOd4~Qf5hDdLPBAo2jlko9`=GJDC52I%HJD4B6 zEc`NAwYPPPo`(|+_(*|MK@bR_uw=kt^f*;~E1?L%xoooU6+Lc3JQS5juW7hZe>obD z3q5Zf7^!Oe_|vi!^P}6Y{h17JSND4k4i5jgTmg_BTu4mV*wttms|kr7w>AxoDEfEE z_sPnizW~-dzp#RUHt79LCY3jus35@RY%r5xXl8SFbTS3WXNAP&R=R$u0o0sG^#VP~rSG(%g+w7QHJNWBTmDh#b_? z5}hL^w!J5JIXK@nPW;5Y&NljtVN>|KqIfGS>O141*myNOv@DeA#Hr@iA&tyPLe!I^ z*FZ4+gQssgCjMBr|KoJI{^Nc<9)?FN$6K9OY z;5&{{f)n^jJw(oxhfpMBbGEnj;mVsbad@6w~9x>~Hj`q3klx|3fNH7CCkIXF3Aejyp{8_Cvm*qj!q*&lqOSf)&i zez-Lkv$xtu&&PLrrrJ$*uFl8M&Th`c=6imzdEesk&eAg~Hz%j&plig06co6OjEv*s zyxS4mIjsmuLR*~HeCP4r}$I4CHH=I&i|$q>9peJLUXbv|By zXR2>A#r;Y9!^+CqdU~*4==@uCc~y+6oav^-e4M6UV~xk&_Q9C`n6{{x7`4-C?+E5! zzgJMeS@i2_IuGMhQle4NFb&rF(<!rMx|uI;26CIunt3^DFRaG$q)kjrqNe=LHu!=< zL;2*Y*NuCV1jcK<+~SPc9z4i8sKocMwVkO7_SpNi5F>Wk5R7}fz->z}l2U+(mX`KD z6O-i|AMOu!^%o?DhK4a!WKvSvinFHX78YR_XGg~K4FQ0w;u;zx8oAoRa3EiG%5ClK z?fnT+TU%T2KX?!j7k4W%D$3>0eHNA=i8O!Y|3*d{SX)OH8n;_^YcjF3%j)S-nQ)PT zXTCl%l$HO`yq88)l!};9sRa!DLW9OvOzn?c7=y$uEbgnSsoj866%!Lfh=b#v;&b@i zdZy~ulMgH&Yp2CUMfRurze6l-bKw{ZfU#PZ-{H4Mu(7czj(+&IyIH+u)Dm{XQ!Jme z_vg`^AAydJ4x-^?Z*?H!$!*viW0)ksuSyMhpO6st_wQfX89X|=Tv<_u!LBZxpNV|3 z9v%Wf_ILO83Ox@jJ60U|1q9MygZbUJX#m`DaB&M=H?%7%D;padQItgvZWc}6Wug-IvT^71nGghQ@Q`E?P`eQ_-n_b4k<3zHwkoG~GJS_LRPMP(itIG>ocv#oJTF60?Nhji4 zw}LM(&Xz){eZ^t994>#+pNZ7N~9%AEmKND;+6Zsh-R=Z8^ESKHm#JseZiaV z6(cAM$l0C6tjrW5NG1tv+F{GmwSljp$p84=Hj~1_!*4)Z-K@VjOzi0Cx#?J`%c5N( z2S^tNsCo?`duOA34u>{KPEL*x(K21>B<<~8bG#C-9|ZRb2nZlJApgC-*C%#6Iy$=a z1Mc`xUjZ%pN^hh z`q85RYyyJYh!!}0Or|j4 z#DWNe#0VcB*V=(c!9f@u{+)o$3Bjje_@E_c2lmd zANVR85wGW&B`?&QB9g79k*g5_d5?=Q0&UXe)Ek9R-}fW~_W1kWssj{aFB3@^8yj2tAwMsd zrxu!>{kSAY$)r()7Q%xFER< zVTOTts;-VavW5UORDVd!TN2nC@lZ&6e9q)YLpl=q>~Ii^O~JUZ)nztQ49kv{_u1G; zB(R_A>axHI&?8SA!Wsh+`~Lmipzp_v$G;NoN)9x92e4^dK0Y)r(WmpfO+vy@Q(GIX zojWR8=CNlskf}^f8$<|@L;}HkKTbY*L-7{f>d!<*K|ms_O03|Hu7aJV7_rw)O%lng z8<6%8308j8!tMp6BAz8mACYGhPRxiy%hWV8q%4*@Ljt$JyiWQ3!e{84V$;vORG`}glm8{hF_>+0%YCHfHO5Uu-b1CytgXWq{?GvA7)w!e8pxUYGyX4>dOni|<-B?uCRBVUK#6 zHijyJ$BIPsd|Q%VNNDMuvgjjE&nl%0mQ5}PTFOrJPmVPOscM40@-L=-r#$SWlB;+vV7 zA!}dH&!2_x36fki1zkgYeznVv4r7XK9z^4Vnan>YT;%O({S6&CC+ z^_QpX{H}jVySlpU_kJltTCSB8KQM1R`a3~(omN}S%u_PT&Q zlSP{Odaa)y1v*nv@Y{dx&FDIdnHwHf&$PCA=!1ra=J03uL2{~e1j+CBkDok2Lm+Wz z(rIyV@zqqh-MX%JK9cxACI2mKW@3_laRijvz{DiT-yZ>WbsqLA%eBqf_<5Q2^El(f zot**O`YRuu_>aHi^6LWvP|SLh!rAN3iO8cc=X{RtK)${L>>oa!hAM#ka--XvPbi?Q zAz%XsH+Rm^YIjeM!kL|qSPTOLgWwgx%#~<(cz7d}rP9?&Xc^YW^2a>-X7brqw(PP+ zxBTe7Op=myQe7m-Rq9@+rltlApa)U|w6_5+9}XnJ015}c*I|z92?;SVlAq7_r%58W z^2^t+H%LgnJ(N*kifd|X!z3dkQ@MXr(N{QADOtkXTNuzS0?E7^{831`Ot29K2Y*JO z&P#?~zoVk1754u9d-8RUi-R#F!AlbMAYxQbX?gzuMsxuiWT2WAK3RG?q=C z8ZEQYxk*Ao$Htb|RR-YDFf~O19Yse+hq#OkCX`;9Aph|2Yl1L;3!Fz1J8hMDkON5C zHN;4-lA@ekKbfY+5I;YhSWf~c8l0)Lgaj%OWC=;hY}Tn-uOlX7a(a4tLhKtc`Ca|Q0JN?@?I=B{cbD$#5FE69RL1n3H+r*>+ z?B(T~1L+4YXEd1p808KH}XGbZ&^HmnEd4icU(ROixcY0Qjo#IdlC=JqML{ z9;D`)8sVEaZ(8`}>DNaC9R8iHrMSGjw0CoBm!4D3+dtD~0N?;=w{b~W#G#FQ9T8F5oeb?Ac4ucNU=C+d zadDbz*7n8G+|qLAJA^+3#XN8)t$JS(b*5WDT1V5nqqLqsH(c#aP7w1GMFu_eZ_{-? z6v$A3a4N~ypDME{g!M14tkANuDw?+)E;NTCTR{k;hVE`$pdU~o5eOis$nQaM>gelh zuW(o@a9EOosbcXARhVB!1*X*kYe@W?fRBf_4F_km&=kz?u?v+-PEoNH>XFOrUL4T( z*T4f8fEU7^B3lvP;{_~)KMWsJ*wqBAtyv@_B+$UYIab!l6IdF{D=0`QC`9%uzxXh6 za#ooY9TkPI=Xc=}Ni9YNT|23e>tD&zr*nOpKB6&xd{ByVUR09+Jjg<~h3s%F2Iye3 z5yxBWDkmp7x#x2tYZuB=`y5n{!@L2;7nYXLAT{@Y4`G$t&NRW_12rB_c%&SN!oouL zr6@imO-8nelcuZ?(a$z*R^Vyam8IRB6HtEf1s-i%uC{wnpx&-mS2DA8MhLoU1}LD>T_x^Q{{qS`rr^A6%`B+os^txXl|aVrbib$ z4<$gx(2y4B(KjFOKf_t}4h{j8l>(C`F9V-tYrO0plYw6v&Qj~>>Ux!%%L>vAq{h>V zswyaH6i8@+7Gz<59s&7=?5I9`_<%sz+1bH%V{O$QQ9&!)Uv8)G3|H36kFNu=6$qfQ z0IUKV4-Zfui-b)#?0K=-LUw)~Dnj8C_cdghfjx(nXB2l-7Z*Qt-I&C1a)PO%ad<|w z75Hd8;mF087i^ZQiQy5rf~ z0qO>_HQ6CJ8zIPu!qX?I7Iv1}jUj5*W^08^xIVh_%iYt|)GV=^(-RW%+FkAhIt_58 zst+CaFk7VF$=>IbA$dPBJ|2&iI87w*mCt%+w=JNT)*hbv*6p+E&v<<)`iqRzmqQFe zAt6n}!#80^Dm)KG#;fZu)|K}ktTNKC9|byDwzEZ1v>a&O3&hWe-pXQ zs#!VXl~SmH(BqSn5)AKNcCW0i(!(S@jE&p7xCEH4S@X5PdtIp zx%$5r8vQVhIn}h`HC>b<%_I$yp;wpXlE`07^R$n!;9o9!#fiSI$ z)Nwp~Nc`*9FAhFFzwbVp*HON2@^p4|004*geoBm!mzTHSniYWpCp_#+@meAc2@4QF z+1A7oG_0)nd3kvwz8`PjyeXcgu5oSCvXs2CvQp5k{%MxFoU(FgL_{}zE%96Unwc4c z?u!?tTU(!&fBllkP=&rFt&6u*J8FO58K{OBubbc7;*Ebw`@Ka0s7;dRUhdWR6lf^bE@3IwWXp86Zs-@HvR!{!b zj;a55-esX1Of)op=IwrT?{52Su4|$jvpF8=NLryQm}XK^Q8|rXbVGKt&GR3&7W(rd z2qo0doGiwq@oZ112JL38)@F#2N;t8_c1j2PudTMf1%;)D+*GqZ*YtblqLg`qHL87p zAP`C*5b(~zK#}Q_66*;f;9dALCb>YgnxQ5_bAWZ7Qapl$b$)4S$l{D1&f_%G60SI% zv?%!E2NlN;G)E_S%jrvyFqc}wiNhiynt^ri98TFSbuy;5fKt0Y{Q*hwpccC@CC0`E zK$j0)FF9g+%C7!*DLeA~{oY}2h1WPUJ&q{~Cz!qjEJLz#1mfR-9?{fq{qZatv|25z z3l9&E3ZT!)lZ(sCK|EHY4Sjw2N-*Re7IyjblC!uNA0MC7wCg5128JO}zsYvH>52eA zTUvg8QscJBMwnVaLBPI%tU(4n^!DHrc3L*J>yT?8>@>j>+@Pe4g#Pv#&}wv*8>(U# z`)Veprq3phCW_6Gk3|m`Qv0Ux2u@&#lKUUg{KtTqIa))kKD$*rkH%ZMyK7=a7m{NF zCLM$<&x_CjAD{vyaGBzycx?*Q9L;(G>uZ1>I*w3LyK{rl~o#))$3Hk*c22LHQPJi1OR38YN}r}^rRALDhB7rJI8R)(3hild7W7vWvXVW zXluU)o_GHyj`QX;88lkHYlq0VyI{8%CiGyllMWpF`2Ib*nwlCQ`y%irxhGGWJ7Vce zr*7e3$Uk`kfUdVvxwEr_jgK!4ZNS3HN-(e|gul$!EC)ZwO3GC4-D^muYCT?nlB->c ztaJYJ^YfTuy#GYbYZ?4ld{z+tp(;qp$zg*62*WAYpr#>3VAZUW(N$_tN>NZyj{g?- zArQ}>KPP=?rjXl*i-RMfqCyDNyTEBxspf36dc59G3`)$pkHSAYD1|Rt_)W5}DnDCG zX9DOB{euVBKxiK?wYsh6zJLK@FOr}j`b(`e(=##*K}_iA?he$>ZL9M+E9u_vFyVr@ zN&Ea6AuTOkP*l_eB)w#bY73-VD~jUcVx%Mof*4Ypw3#dk$jW+fm*{bF%sU9=H9y6` zBdN*pPfOdIPh7OEr`rx2MLhI<4&n~yfaH?$*-|1^Zny)&KRcVb?&44f84MJ>>XG&P z2M4V}TQz71r2dW_sf@lhcJxH3}M|Mu-$ zL1AH|j$JLr!-vI_`XF?}(D>8;*tR1%jZ6yl9t7+MSCkvoUd`=urITEb#|G_B6u9cd zxQN+OT=9$MfUCorw6wI=g!Kd>rY0w~&$OU)DkvxzSXyeYo_2S4KUGmtSwaVs50XCc z{cz%a)(0<-37`Ll2bHTz(c9on9c6Q=%EpHXx*?)RF7l5(HgJ{FMR*cZY5bp$MgMim z*fUH`{|j;HCF%b~+?ceq_y4{)_^-|O-(DR2{W5JO4Qv;5U!#{ax- zsF9!2amt_tOQbtBH~JqI!vDv25&zF}k^5M}1pJU!fq_UxHo3jrdg7I7xBHdNKO6Ch z;aV&J5Mp~kmYVk7y^II0|G1G+-}R1qN5=q@c4ob{3@=U(ICywQCO$w%4zkN4D8$GE z14(VCg;*IXC8~LE(j&-jkhB8LQ#>$jZEeA^dWd9a} zY;kx%gu&J21w?QY+&;XeMGDNrMPT2G9`64nF1ezp(A2=d4dgxE-g`nwO`Y#^4rKck z;G9`cLIAvzDL8U3R?gX%osCWA@#AYi_y`FJ{XwSUv6%Yjoz*7#=ZlQcA@zx#vB2(> z#Js3<#MqcB4+RDehj@@zteh$e=`IN*oC9zknEGe14)G_f;kW5dpS)Abshoor!r^4s zbYm;O?v!cP=ja8jQv$re7jx_R_0jj9d@xwfM0YS<`*kfl= z)DIet+4)XaN?u(xfY znYeFEw`FFsI9p4Jj(*H1bAUX{eFTclMQq&1sK}linJL-8e`JO6adc4Gs?xImvFQbI zu(#VwtsDp?xaBYKspz2IUxO15$@_r3*Z%U-QZSST9{Cyg*&gm|*yYLok$?6jrRS$Y ztiDSBeHT9WFcu~zc;cG0?0d-P5$RkZ0dvyweHDeU)Q5QH%1DBLD!n+vJDy4MnVSC~ z(f{#=^5|N*$hi=(6|g=MK7Ep)dwH(2D;%bs8zPbReYZlLDY&q3hu&h~D@?iKWT{Vn zZYF%+^*Yaqp8hLlcJYIow{J^AchJ=(e>M(528}9~+K^vcP+@(2epF=SCFg3|u8%Re ztJQ8>O|7jfH_GA3EC-iGV!?vtMe2#57=D{|xz!#+9a>rG5tj-TDs6Oiw#I`PKC*kI zp`le|a_s}#i^=(eZy6blJw13(5b>*`htE&;IQ=fY5%@!gP~#UtXq%jqjUo>Q9x#^O z`v=+I!pqDEg!k$1%S{ZP+Rm|0&k?+>xTXx_aO+fIw8{V@VSS2Toq=afF+j8^}w1ik0hFT|GU+ zC(p}mU*z@)_?&V>lRS=|o84dKVs(6S!sA|>$ZPWovTt!|2{g+r%zSE#gtB~aNrl`t zhc9Qry9VoZr2M5Ic(F(cdFi8hN+WDf2Mha)NN%Z-M%uQY}o6pu%b9`U>Ux%uVG7o@C!)C+)` zwt!b1gQV5JX2^}0{%aPX=i_AAi(1cH@B?Xid7Kae>gWe*-^4-W2H1uH30d%F!LN-( zQg8+aOkk!!hxnb>2+uDrINdgN6A}|ObwDDqV81dqHC?!xsNUQDl-C-yG}p8ANP^Dn zQO5l&52lQ7KfXM(thkx+x{CEj?qF4|pyjQxH`mEac*caEDL$1{$*>s~mXRZ*b6C79 zKz6uApxmo`moD_KwvSk!QwpOwfmLp85s%&2tko6>&xJ1Q8cdpbJ)lBbthY~<(lUZJ z2O?)61P_v#ft>cZ*z9K!r5|WP;F#fp5xF#Bo|*w<7d(W?$#DqAx~oesu;0jdEN{k$ z9BP$$+S&>sOG;W=nv}Hkz~@J3mls=pOTaBBtj%B^0BqA3VBlO9{WRpf)*ZmL$IEOe zfQo`Xu-8Um2SVlhj2@`6MMkYSIU3C1f21QjlJk?*R5;5NsJ+GZ3lfOaqpeiq`4gBT z_^wmV1}BxHS4;k`vjr5IsE7z$0+D?}An)BoO^!l+wxaBJC@JlootJ?^mv4A2ciez~ zg5W3U!;e9`n>c9`YlVEOyF9f*(%sj$*_DnqXFSe#+PAdymALw>V8Ed*hFTeDfB-0d z;K{de;DN9~Reytrs2HU3h&*bE=3`&gC^ep94?=L|F?o#=93j+ND_u%}g0Qi`PD zi^jRdgy5UCJeYBtD>UsUQB_rS|Mk&)4cePBCo`BcQApqjU7rVin|K1kh4{ zkXK=ulH%eBv*M5Q^9Fgkl}!bP&GxRY-$1*9(V&yEjZ<(gioLnmS=rzVaC4$&4vVq8 zJ4kqY63^BOov5FmA83BpaB#psjD=D=P~l+Aq>|Eafwz!ormPpuZM_>j)-wWPQCD2y_@7rT7996%OOR0~(N`mVjV% zY4rWHnJYFY0HH@pMrII9Z`Z%$jWE1H04@R=KfoHybb#I)0plJpv+@MO`GIOWHgJ0N z9Ib)TvW^Zp1neb@(ffSYuNMWx_!Y%BTM$JgDkxruM8>A_+D&{|+J#9X3V(;Se%fXZJmb-v z=OLXYTr4C{K5Ve**I6H*olyYJa^N*{fLDdr0J1}|%}|;o))I(cobV}>2xD(>XUbgO zF(`8V(9BQC=mFb>bk6U}=djFn)*1oV>)Q1I5^QbCu2s-bb^%Rk6a*w$h#@Ih0UX*T z7KS=wpgJ4Fd{Eie-vqA-gtYY{4fomX<#jwzljbVJ6DzU|y>YaNlMQ3_W9n z3=9tBMnRWdb^sGk+~ho#?{jPUuBPGnzPfGAmifTQ6MpuHC25G^T?Phn2M32XXzTDI zT8-Yb>Wpd?n?)Ith9Jj1jG zUPNRDwi0Y^9t2XvnK=Cl3z7lPbpvAe$`<^XVGhvb4Im2|k+T+tq;8^pwj%68&T9t9 z&KdbUux1oeXp{RKea#QIz`e0PGrc^kNZhM}CCh;37zLn7;lD9A3`g|xtd=6g5X`E! z?`oOR8>>?X@gtTzh^hM8#3?r`vN)z^T!Vvyj>4DVfG)xJ+Nk}`4Po$z6b%!vV@FrO z@3IDE{8U#;YO{BvXktdtMQ{*&j)JEa^s!JYzCdi^N&4PGh$ zQxGk>3nRf!M0&Y8$sg&T!;_ZV5EBxg0s1N1>!q*er7z02PnaU(*Pr(x$H$OowT*sShgks)Q`=XYNx-c z;K~kL%AM98(#MI91qQUXxP}IL7Q`e;Rw&8P5k8z;p&qb zZ;<$rI+aFt91N(a0UNT8za+RLD3u`}S2Qj5$s>PxCTR?xoE!XPOfYc#0d@Bv;3r3C zypzhSUig_tpTlIAsLq+~vm7l>m?^WKgMG5Au7^Ho1sxrId(tX@XIM=cIq&iI-Miwr zSdYs&;aALbbbfb&9hFUtjOf7q#Ii*%ObiYR8sF4U6m($%T@E>hQ6^^ek&F7mff33M zfLS1{(EPbxe~kIH>(_rl<7^7e)bkIwS+%*_#oh=AK=h|DFoLg<0^98bBS_Hs!K(4) zl$3f)@yky^$wOI#o0YkUU7bIKmzH|U&Ou2__-O_^=VT3u-;QvsRc7bsPYA>!7z8M` zHdX$_9S+ki!4Qzfg<9XA7yq*9?tD)c0zA;ni&DXC{DDResaf$!w5iDt^(-PtbPU_` zm|$q{Ha9mx@ZZ}XQg(uo6g|)1_wbqv&V;R|%2 zv9s8^l{P|0r>cTudY8*dLQz2h4`$>JPkv{nj@S7JfjO`^rtfEZyuAQpYy>bG1BsMEvs^D6w(d)4ooaV=3|mL*KdG z*wMjZ0rE+Ug#<2zAq0ivw=Z8VOUEQmWzErVP=>I^)OyD%egyPZ7_2t7m za6{UnC}d#@66(u0K#K$g20*yI=@8&Umq+ziJEJ;wrYAmHxf-8%ZMtCPur6@xbZgvW zp=sfQISb&g5C&zrsoXD#NFsvKu&yJg8DVTD!Af5Y2JVo9C`jH0w*uRv5mW(iim_~a z=CL3i+AK@W*0*#d)2ge5z-3#4p~7Zs-gj@`HUSfnfbGbFdX?wnkqy;<5_Jvg#LLN& z2jK1gf~`ps@%pe;cNPt)xCrFt$m7@YG87DYcgQ8^(h4qOhJM1NNGOmDXwvR6FoeK# zAD8F81rZU^=AW8gyN^B>jabz1FKj*1)+UFVHb37OI8inOS|l)^d#tQc0DS|l1b3&8 zQ$Mw|P;5CUDl4}e6)tP(tE=C%r=N}p>(EzD3+iC6JAMUZfQXRLz-zk@$R~vCH`NSz zWZeZ{4waAXiCJDMysp*T+l!=u$PpG;D!An>k^~~oQ&pB@c|T!Hu?3R*{?jk$5VBxa znqRwHj)RBSv+J=@I=1Pqp!kWK7UqoE+1X*rsTs%@8K)6CpiqWM=UYf{7_WXJBlEwA zdlPUh+qP}=rde|-4W>{MWln}D6(WgBiAYE?h0J4vCK)m$b223%gk((SIWkX~lPN>y zSo`UDp7;B||NXx8uk~;L+Sa#i-}dyD`*z>gbzaAL?8C924-NSWVw1x4>)xG);b3%P zLc8I;Cdg7BX!pGz?R(etJ$tqeUA0b$cc@yLDTre~z!a$ZLHfImQqYrPP356sN}Lx5 zl-wa^#RDqmgFG94XdP*(v8K>x`=bJ&qu1diiCg$Uw`$*>f^o+%Z>D!=qtK!ltg7m^ zLxN4I#_o_*VME~)7Z<1HRDOmp=?xTC4OD;+^rFYIF3aAQbS)_K22^Y{Km%wZ!)2bc z01bf4{*1`3!3~#DE>qaE_RfZG-zQ_Gc4^q`FZ6>B`U|S+M;CA6|mz#=fA5cx<0%Z7- zpYI$MZ1WUXg0$WgVlIcXRmOFf;LYmrCqpkDs5V}z6UkkALO{Og~wzSG=!gdS=_g}omiA8+W*nXMA5Oe(ON%^5klESJz&=FBy@@P^MkXcw*7$;PqUFTJ!lb?~&arS3jY$^PF)?>x&X;z~wxDP4K z>*CZipW@4*3xRrZ?Qnqc+?((~JgaET5?iPI0t3sE_3Hs_D^uJX4GPN3hf@A{dw3Ar z3+{&neb1r`wqTT5#I`k$2#kxNtH12#+rRdwn2W1xerYMEYLK&udLNM6K6vO0v(!-- zLAGnbT!;_Y_2b9Op)otW8-cl4R7xAa>+@3&a2>BHw5 zFaZik1ipp&#_`h7*3HlFO{K1RzR@4uRcpTvt(h zh)a^(!XueWmweOxc@GdGYo_#8a+9EmP(1YOF^QA@8JWBR@qLyFuYP<*AFwtj-FKBui@6kezxcD*G1vailKHh)EuJi zC&I(Rmes~w?8ymvG?spoytp{*@v>Fc;RRn>dgMxm-yFN4>&w;e9-^^k1N}J<+>^~5 z2AfxHP)ZDET3E1l3<%7m8Px2e+WW`k_HAZ^fei;PZOALF!Df_x?8a)s#?E_Tv6l6o z1&8T5pYLUU`zwOn3k=TY-I708bl?<-!vzy4@4S8) z99KT9KBy|d`ChI;i1SxHqsWmXn|5605xVn~T(Cc(e_gr9t+XuURe44<&zG)@kh9Fv zWeAWACs(#XevcCV`Q%{aCJyrN7Uv(6@3A?Z<0N^X|K-bLt4?&|A>dgT_C97CUiaMY z!p%LVV5KI0*17U};bX ztSWz#Up&86m`-XhhzV3u4m;SUFT^Ojg6A0rwl^7S66E9K8;fv55i)@nA0$hlj`fWh zCWq-g1iG(W*(+yHzRjYx^A?u#N=lU5n34JX`EH_4Dc_B<9TXxL+QD^-42nMI+Ru9Aj z;0uP#3-tt&N8@|VWfYK!;YBvEnOJ5vZ_8laAFPdiTjbmus6O39#i1jE3JqR4!eX*%+ufZ_Q4`?jD20OTJ zCm&nkVZsTJ9Rv!uuBs)74|r>f&<$Fnz3@ZpK|$|}D8g4=Y z*(umvB2RnmgC(@;jUt&dSe=7a^P@SH8~CORC_fTd+Mqe5T-gXOd2=q58n*`pth2ZG zVS2i)n;|%t-pr{s;tM2Lz4X(8i*Gk=-(G+_17_r;v~+Wwph1HNpH9g+0DqttA|j#@ z`1Vf4YkJy>QWvkG0J;O87UuMOxEp{c!~cAI8aiFy+@PSVuTK&iV;L?j$E7%Wn8%7z zT*I{L_N9IL)I?wsdaHKxKj1uw6mAE83qMnqVuuxi-jWB?IAXpd-@kkG%wfUfQ=z3K zYYxK`!=Hl4eRkBTs5tAql|{&)AqO8ESWxVtCWd_Uuvb2CcUOp;JGwC4HIFV8%{<70 zGJHxr+@qf=8+a0ys2X@I(T?C#zN{pmX~ zFccO(LW}fm*pxi~3x{ZQuFGTdX+(Plf`T2AuoGmm8nD!u3~+4zqi)@^O&oUUV4I&D zl%^CzIW$0KEh$)8>(IKBwSjxz+Y}5aLWX*pvp|!h7cMxLWoHe%G z_A%k%Y^Z-D2UcH+RmKVgc()h{D88QH5ghEGphHU5yibt0*$Xz8h}%*u{K7|$oXfB> zNuMg!-=BWIsLVAcM*qbe_sByjMwG?w5Xq5>?YQaxUhfEK!`A!cNj?1F*OMc+OZkuw zxws=P?$FDO%+blolF726drIH;jO7*AsAcSM2?*e9Yg7N&+SN@8;pXBJgR^Y=W?7>3 zqNnF(6w^%espFG!B(-g9M6w5475u6rZZ?GAC%W@p5@>m?&%gd?>_B&r{D^h;rPoK=)PvPN(W)}{ z^w~as=92z2Jza{KY!$;omK!bO@~$5ANE|Qd zo0~baU6#JCs9#1V8YPaU7lA4cX+O2J5nVm-#vrnu@jq`S&WtQI)z$AWbM1Jj*lrpGV6J-Lndd5dYX};}85;n~Egpld zyLQP!K7a!v#SlX~MJPr`9OjRJ6A4Fs#L&Qe)`v?=Z}tXnwowAXO4tD!K-gn{Do->b z@LYUuY6RGY$Fy69YddC@Pz}K@QeirU1=3b8So0n%{pEz5Ag~r9_Cq`y4U>R87}LFn zos!h0r`r$8!by6>w0kw`UXsrUo@vn07vEm!05Z+f=1af_q8?$w@_L@_BDwxKN-gU5 z1I)xIWjok|bT?G(>+6$-7=wKfgEhfqPT>3ZV~|WR4z~|fS;`QKhOpf<4+T`JzWk$5dg0l;^HoiOL~=Z+LZal8q5Zvc($ zYK2P=UODZR$Mf*!HKbc|W1Cub4Ks1@r6VSIIWbyUfh+BAO6Ei<*TH}~>}g0v~I(6b+GNFX~j0TaNd zcmrv$)#C|5xK$??+Gq}*tne3f0YW|h;ie)y@p>&EdGUF%3pS_D7iW*KMSNINJWT zRb@|iuAQA6l7j|Nele18`_9U#VP_N}c+^u^0C;AGuvHO#MH_rT+bi-kg2%?EByPwfD8JBl;8F7 z8ti-a+y#5kBO(hW|vynVZfucKGl&p3kA z^UZVppJK^f{#VQVVq{NsA-nMu7b$KspE=(c;BWW@1%2}J24=3lTl(2zYyt-bV~>?o zOl{KRv(`Gy-upj76d(ceFDfndg_Gh-&?n6iYiRWM@4pJ^?A+XQtJd6}(o6qBAP8i< z%yoKt&Ue4Z*jjB1i&+0!VUsa|?JiPmWNFX@pssaC^MA7ozjC)$@tXT|v_|}4ppq>+ zcV0Yqk$kA4gSa7bd3R5Ii@y|gY@m3mp0VvGUZVE#Hr!=&XZ9Im%9Q5aAyQ==UweDg z0-?OCyCA#5J6tK^Ua5uiWYd=tp94x9@2Pvi+pO}ve(=X%&_wa+%QM~_S80rmxzUu+ zL{vyxTc$uhJ9TCs{>51_i2Qn5p3KQ}_@w{anB%{LENpw(IsZZ}_G*Dw|HeJySf^9$ zCkqM-z0e^@yiEzHy#+a`edGrDEb|d4S>Oq@@T|aj@dA8jH7FA@F~zmL^s3JkoSY^o z#dbzLi=yECh~EVunapaw*2s3ibTWVYfG|2(wDgrGS25jBguREFztFO7*}h#0n?2gQ zPE0OQ&?L_oZ!IES$7e-gB+z^YEgzr5wV4D$ay!>$Qlx=!vSY?T*%#vP$J2a-(7Dz? z8~<4!Ux^~$0HzX8%5`W!c?AW%`d6X8q+Y#*1_zoB?9|I1YEmHZp2Sl~)Hez-?MFvP z&osd+z4^H)N|P+ac480(?Gz3OlH=+m;4p9XUFv24Y7HEj92A1Niaqy|Mjc9HZ$(fk zX5?4X&|C+niV@An*cQpq06qGE-s>1pg$~x$ak~$Eg7W4_wy-sfzh8a@ziAUgovAG1CM-$gh9o#?migkF<5C8 zp&8iyu_uo@ZHY`bW(kPuYDhJvjA18`Ax&ATvC7zGsHX8Pcfy1YBo>C<8s3djc+ZG@ z*=E(XKG>>r$@58WF@AxcsO2GiMBuvRPS|^IgF@dY@1I8$SHjSOE+gWkqM{;Z;+a)# zH_#tB1{KK2Rt$ujE+!}l^Gl~;_Z%0FN+|a`sK8vz(O=HA5kzJ?nbD%CW!m_l+d(a) z0TEb%$=-b6ue-aa9@oWOaz`=!3Ly}Z$1yncQyhwEw{1HGwiZm&3ZrLZpvgferhr^q zMmz`5?I4TyER>RRn6?(!y0x{{EYlz$0JooCGj}Ns!wS-B%v2TDqK&26X+EHA3kwUW)dl*V{gt$YC}*0 zlaG!6KH#28+5c)+>+_3=zZ{7NyTXJ9Y^pJtC3j%7yAZub^^O6btYLZ8H92ijV~>Y`eh{r-7z z-IwpF?GDR~&WI3c0}U$=gq}#WD=B{%7#MK93V1LDb~6Vp6RBO81|ttPhIAUGeh&VI zl#>K^O4i)4D0tM548j|6EaD7KS>9T@Ps5PLCZgtK!?gC->SucuK=n*qI?!v zR>j87d-;MNe9|zq+T@cTWda0=L)$s0VxNlCogoCC*k-F zw7a(l8+bwVSY!SRHmL7l3oH%v@g(=x#qK7%10JaEw7y_1w6D00`xFWZooOocPbahg zn=D%0Uz3v++jGip@Z&jde1YlNYspu5{mwL|WLv9XpTI4H3@p&zHe1oDSMK-pVm{iZZ zRVx}r_R*2b+S(OfsY0io`oB4sCFbU4ZOc-gIbHamXe}MLNq3P62-k46G(O;U)1Vy$ zXpdQH;yMPzdwF~3RW@5FWnQ_6X1hUn*W%+%JGYuWFZGSD>Ku)nN?#&FXDVuIeLC~6 zQZbdhI9PsHVxuO7YQ+vVrfFLiZnca&A5Ig{M}HiINWlm{hmK1m!S|5asFK0m+RtV8~- z;|fb~FymDEk_~mr**9v{n)XI>`}go26b$keJsW1HBk|N%py#7}F`xK1Jtb#*QTOpH_3<*NW%u&# z@jD*YOeeLKeEYl&*bG=FgL~)wIJugBTf{ZD(lb+Sn74^M*6afSf}RUich#eNjz_D8 zzV&+)x7^vYdMQ3tBKh522j#mnrTj9_Zk-phQna z#Nv9f_@O(balBrRx6i2F`+#aF^1bNbY7aA~z>M!YYOQOHUQK}cEDJswK&k`$i`y?B zP3s5zz)p>^6u7PxKo$(?i2ss>bv4legLdQc?he=Vbc;Rr=Bp+9Qljlr4bPoOz;8nd7n zi(xOw7_Sf|X&G=?Q*Q!UfuaeiYz@#*H+DlUY&3+%B<2hBL=f0#;82IMD>9NXz5(?E zqvJ&DgZfE`Q!;Kzl3k!(djtlqgX4LlgM$Oqx>5A3OUt4304?cPaG}Jf2%Z>2WUH>B(In;mdkz)Ed)a8E zh{UT`m_#kO>}MxB01#Nfr{E0~(XiPKF3oq$wfa7CZQsRa%y^gn>mU6sTRqo)SO7PR z-qM^G;TU*lu0U+bm2P{Q9(gt1&56^ zG_UbXxYRR_l$vgI-#s#(1=$qN|K+a?8WVvmoI%+nVQa+aptQWS3oEV1uOGW~en0E; zGTb8PqhCN!WEFjUpl#B&;PcyBZVvMVJZZF2GDLd zfP=t*pxA&tn|Fd%j%j^1^omISdWoqrNCU(@3Q`C}_=g-f4OB8V3AFd&#fA5aT~_g0 zm(jSL3M?$@NPe_o!-fm77a!tpHOEHxzfU2)i;1CTUneIgu2L*Qd5}`X8Ioo(w2OkV zr-axLpc^phx(HgrkcS6opKA08YPzR!F#`a#p5T8Gn=Uqacqd=sS-%jc=7;u!2R#R7 ztF@YSVWs|XtG48@=v8DM^)^&dw1Kgr6^6_Ut+jQmal%oWw1aHaJUqj zcRxH1R}2g-!dd3MC}c2~or7s-Znl>mZ(;qb+mcb_Z{1jeee5{+4n5nm+UlqW+O`oL z<$Ue3f9;f^`VpjBUjLsJ!=bwyo`VF3J8Q0W9r;jmxwn!#e_r9KYOKd?`7JoEU$?veK! z)^WWIkRyBI!f8e{3gl00i~kEXRZht?@ozo0Fu(EC-;!+C;9&S)s_f+dOI7xNW=PBq zJ(i@i+gy;?n0~};@VeUor}Dwmz6-AX!r?l{FOWf1mK9tO3hr^|PMgoI*=JWDBD>MI z#3bOn^!3%&h>N7keAp%~BL&T0t8fDrEO=P~z3Sy?B-`Z|N*h2Tq9w%6!(Kl`0?+{Y zVCVRx z;WuCZk*<(rR}t52L?GAKbW3A=!jC90z*12#pCOfmFFPQR8}%&@1Ny_!U@I)%1Hg$I zr6O*Kz}6@}t?SpPfxO2*7y{6O)#yPr8*I-G0Z8`LaQsu7!X+pusL(@}>3!~YX_iX* z^q2ZhWf%H8lu|QW>;c6c=0~O59Oev{BrkkxSZt3*$hM{p&g~Hw4~DyL+(D=-n8>Dx z9#|$Mbr+wY96=Pv(Nd3?mEy~F$MS}Qfz4pnH!iG zsCS23hXlX<4NLJ=S1<#zf#9xsr@~J*I1CUN>JaN2WLrelNTOr#gE9d!G&^RYBsSI$ z#uQD_I=Ha-m2=6*f z{!b0jE+sTbYb^l1EM>KK`9l(9U^x}sNK#BznKguw%H6E1Ycc>tBVeJAzzL=Q#+kL z8(AcT9RZ9k!w;VTY=ZUPtJU5vDuo)I0x@g1!C#FnkqiN%HAsmG22a%0-(QS(GAIRK zbR2<(=0Cr6fC|B`_!2onB-@jGOAM`k0X@I`cHsgs2e!4fksrXAO9-I8&deWhN<|uS zcgrd&1U`)n0#DJ?Pxt)v79F0$;s^1ufrwHtFOyq_Au3&XM6KU81I&ViYR;M(X%7MY zGYS)Z3(OF|2dJiDEOZ6Sj)fHExVS(XS-8I&CqvNRK!T@ub89ft(b2&=z99$3-TrUU zTY;`uy+T((I6UCe`?xVlNdLjS@oA8J26G|!)e40cNf{}>Nz4=?AD!UH8^g>9Kll*U zx$)On5oD4I%W)$nl%Wcrf|v|nE*AxOmrR(XbV2^nAVZTFKuXtggif~tp8{U0H-Knp zRoz}GH09JOTA=NIRWn614AN%=aIYL$ICpa;>)Fp#?sRRO%=#TWL0K|_n?-N~_j zRD5Rk0RP0JBI!(H9T$U(LB0=ZtI+2pAa0Q?+U8l+IpQEs`PwS_yD)tus}xiYu_>U1 zCIM4qW=y&;yPJUy-(=Bh#V(c+Wvp$mby4`f6c7g_FL3+8E4ZEP27AVOZFh`xgBs0o zEoOy!nidzY6hVWB9M9C3?brE6%qB)hi!C&+on^G{-h5`Cmtps~GP?gxOrXG9C|p^1 z+e{VXV>Guf8J3IHVLNKN7!Ok}`iX1MkKlw4!YVzFwzt{H5rircmRiyz$aD$d3Q7xn zkmDHf*@6iPJiCLp!cYxq-LkuR6tJ4f(+pl5#nuzTQ6geMLFPomA&6S<4RQ^OMl1P> zFk*93`gTKG93|cy*l~z60fG_vNjymDU9(Wj0GcZCQ7{kGL%iacg#ldY>g|1@6>#_ zF9qsz;G-ADLl(RB?4kFOFufg^^&$l9D=_D&` zJ~J<-H*#E=eT1(-8_>aDySsgBU{UqcY9z`rNcfdTXKwElxal#}mWwAC_aXPO$F8R8~m{OLvm>!y=*!T#=oPl z&sWE@1}jO}c9LsxrqU5nj5&>sJCUPfFxOkhgozuLAiHJe}rMg$h)fDG^Jvuyrttv8UF#Wx0nF+R{EBC(VQST+xtrq}bOE)aSxIew{e z2s^f~Zemvxp8{3FD>&4e4~4ar+Y~pVZXooH3ppLIDUPYs)xJ?YVVpwR-c`j@rHv>% zEMwnGG6Mhj1_mv8Jsb`HcK-Q>cWeJ`{&ROpa`~sp>w?<$yC zFH{z9fm{AqW{>||cd%{KVz6X)rt%^33P*)cflI&Z-(LEE*nHTR`?kp6Q|eps*7r(HDNn-0It#UTCWb!oT-U^lpl~bs^*8h%Su-)WdclS5?RK4oRU6mUR z&KjJdHj6Uu^)U&$ZO-|@F@w++ol>CpU&oz1M=MQ|^XcMT^ zW4AWVhh;oc8cai==|QN*?}_E=A7=y z_H6Y-MjJdRm%6sB4YOu(uJHFPXmYmoOB=rUwm$lH^U^=+x~X-465e@9Xe9U6+amjf z`R3c7*4sU!Q`fg|Hmp{vF{Ik^y(C{h?_@q83azJP8atmb$F^0gRy9xIOU1RCT6fk_ zRK#AbHuo3v?h`?asRuS;LEwlxP&L`mX_C)c^QfiUFzB1^+TgahsPL3jb2 z`D%l9SD;JwF5Kaa^p9FTL{|jcff*n`w8FS*Ccp})Zw{t#mXuoX= zV@FB;a^^mY3V6*UZ4*o$qA;uM_n7S6CnDlsRaGS!e~FO`;%xDN%Z{;$by+iaj^3W5 zs6<{jNiTJGb;X3#GZ^B>P%wKx4gHz6WHV)#IM`Syr*Ky1!ie$v$nc&W%o0JOPLYPU z8ZH`PUng}QIpM?wa@erx*NEd{z_)LKBZ}LfzoYq6@U}*p+v9eR2xabz!j{W|PBn#x zTFyIVT*Tf6HRSX41Rxe8Qf$!`LNt_sIa3#N+c~ZhZLp1YNBF7}O9U~;VE#q%(;YqR zT_@1CJaKdD#pGuw1RL_3(P;u2+)YgtB6|WXwPbz?{v&MG#6Xh0xFEV$*83W|MgX)& zm>d&doHv67y987ZT!_e9eufAlYD5xNKxAR_8y}qzY!88iL)l}1HS1lT1^Tfv#-I^LuNzK-(v#AU=B^%6IcQv+x@7HC_Ty; zQPi5i7Wu0~e{FFQPebx3538+%t5*_h$L>9p_VMa(J+ar?C z)BE~|3Zl$bHSF^mYBUvSr)F#Uc#s266krh1&dAC{lSL-*vG`!AdxWf8q6Aw_yDm1m zJbem{_C9jw$BS6qd7#f@cE18YTU|qEPDDyX|37AUFBbog7XXZ-hlfWF-ftvf)hQY&B~#OmM>5jVt8NL!U0>_z z$G1%Ty4@CEZnl;iBN_S)@ArVY_?Vtv^Ir4Bf_vuN2A7|gnT{+tM;v@l^YpdV!Tra- zUCud6y;>-$=z9>10|D|2;F9tlXb$lI$V4QMR@AUl`9dNJlvjLiJqIxB_aKo zxSugSfqvkFHLSFVHsUAdO7&VDIBr4dZ;8vY*eRn3g8(nQ{RH zM>pJ%z>3%#0eG^}{~#Rn1ZunD0Ut5jNfHx_*%ui|@5E+J22s8P9FTzmlsXDL5Kc(T zKpkYo(<~|~ilFjR6pA+xJRs*E7)x8D=)Z3LI*sx#1sdzvLYVG~nN5i3Mf-0#G!kDk z2oV+rZ85uP4{)?VCLA^%;uu_sA;o5m2;;`%n;rH{K5ww1|xrkc!n?$(1ZVgJ_x;V zz)UTv@!KsyeC2!*raiLN<9EBqSv{KT8FZ%VYED&H5(Xdj64QubQBl5KW{aTDo5Vvg zI)G~Twrb|aMgi@b`uf6e-@HMiwORKu03w3^X9b%Lf2Ljy9$x)Y0U;q>l#4`Vm5dkb z*3s&0J$YcADV-OCOjGvN_3XN$L$oPUUe9%BJ(ZGf$b*@8!lnVGDFWRu<}21CI1ODk z<_G&=r4PejVxl-TCj)J^%<0p6`1#KVNJINTLBTk~D6F~F0Ka1HLl6m&L!*r+6k}4} z1<_CIUq0a*;a<-g`HA1~bUXd|hFj(bWcgdOwUM*#j;g_@U&lrIeqw+*Y`6>l9&K>q zSo_!X^ojxQ?n#C1L45(MPF00W095NVo8JdKk|$0)P7D{|FZq3iQ)tzTd4Z=`eYc|C z*H$Wxor#Hod`3cv?%hw45^VmUcLJFxpsMm)TN&i!nL_9LIHFPv5l$1PELT)xD?uCIU4DJ{*!H30%dhx|>754+H+7j(#qe<4&EJmla zUY9jCT-+X+CoW527UmF?o~^D1Q;8v4ct1Z)CWDph7#b?at5N1YLrKQ&y8Wd)a#!7% zBqE`}L32yMC^d-zzq)lCmi+HOeiXq-X2#HrAqa%gV0(yrCp5Q;kJ~u6xm-U{fBcDB zsnCIo9F?$X)=ri$k1e{l7qd*A*`K}#eo2oo4B`>Zm-kz)SU9h>A>KAi^1-$U1S z0(+g}fh0y7BOM)Q+<6c*Um6;Yv~!=3^nOt{QqMY3&-v{`Okme$lSYS)3tkAUmUPUN z9GDu|mM(_SR#bul+;I}h002Y^J#wWq5p#_6sg#ry!~^vnITZhi>awaTKO$oAy=b({ z&&*6uzfy{(On<+>k%TT|4zz0J6Wo{{Y|?i|+8D6t@L)h!4afGBFD|i1_I_KeYKLD+ z%8bO|$MC#U?6-T|S8wU`8vE0D!pGUu#x+Ju<@Cj$zl#-chmq~JW9PQvfLJUULBWg7 zGt@A~DIs}7ENV@Ngi+P2RHx$Gv_3qB!QkkMy`G$*&A0r zoN;X1E^X3`G(SQH!&lP1`*s#m2wm}f;&2z23z3^5hAgJ9dVc$vxRxbf1Hy12DnoHu znfAi`4BtiM;Y&Wwb{%9^Vif;PgKJg;I}>m|8&&uwB+DY3N7w$X^sblP@NS6LFKsOv!sSbm%m%lk@&0Lsee?z+7lWq>Y zDea5p&n3MRn=dgX-jUkGB!5f6tp3wW|J~<{LaNFy-PreL>-i(*)4Sw!muoIs2pTZF z^*-Z_&+yn6@dEgakE<;XPpp)`QXeVbCw1YCTHHx#mhuY)fon618>@D2!5Oa)_Vc5m z@)X2xIs7|`_HE-89Koe@or=vVD~mDm#=Z+l$&!D#BJ##?T)`f7(*8cj+a|s`=dFI8 zvpj?Ru8bWR(cMHo?dm;u*#G(3e)!-^mq=H~!qUR-3`=v?Vo*#UYY|S;NY>C$aKB<6 zyHjk^p6gv%>Dw!k8GO6sS5oP_-JUF3@99-DcBZQ(i_u>Cy(X~(c!gI(Tk)~)^f^8*aq!VT53X`fvE^Y+cT-X`Ol+Q*{Q%bz&>df+a~-P0Dk z!${q}=(RkP95Y9om93-5{SjY@n(Ej?K5xBC`Q>lyvpd?u9xSd{V}31$FD`V`>oYd5 z*G3tcNzC)Ay35<@HCe`-?QI#|jnhZZz2ocZ>OzL^e%hzkdst8E$;hA9t$%TTdWccl zKFWV4(pKDQ`ReRl`AHA7pFPw0pq|l~vbae$Wb+80m0db@&7b$(mn_~%?87CEKj!!D z$ul=Qr5}A={R0D=na1DA^uS+`1Ogr8loQw?Sh+gkUzCikussmIpX}CBVH^qbc@i}> zA9cg`MTJEzUfL>V&&DO~Pq$2F;MVqcO@bTb7+`)!1x7kQv?Fj%-Gntm4XznRKD#Cu z<9xB*dt}?fir9Z_d);1j=?7g}CA8bn6no5!@jykzkdj7thHNzqjyT(8HHDFp5h{YW zjbC-@lh;;ZM(>D`k~rfbjM9tSy+k8L=HOA&WZyl529Mr)YF2R1Qx<-HuQacevD3cB zGYbRPm=`IDS7M)v^aP>zM#oM@P>8vmF#TABuqJX|OHNLX0KVO8D=9fI50!-sfdF|B zRgBQ}K)dnt{NnuXb1P*7CJZGnoh~jmuBc>0`Z;o6i?A!a!8|Ml!f$u>;va4bT$WsF zA2-?B+M;nrW3vI{zl6<2fA|Q!5!2vP*)<*8-Z#FK&Q=v&J5^60gHp||FFTKcSK0i8H_HF@eWMpKsO})n_;@OqD32a zG(yn9I|~zQF+MbmtXdG{vECp}1sZ2&W@HfaF5n5le(0J9~Q- z?3qweF;Gccv}+XM03u|F1KknGVWLVFa5w|_7h*rTlNguKSl}_B5PAbz z7Ml}o1PiuEL_is}WfTJsBixhY*Z9@2uVhdbSGEv)BN4ao?a2=!$^w5OjdxkIZe2JK zj6r)AL(#3ZAWcFcBoW0EkDx28GO!C1@)(~5hf4{y+uZ0I>g<$6kBT7A<*Qbafg&=_ z1aMA$?wTl>#^>kXinKA}u?EwFEugG6b&cYVl`EeLu|F2z<^5_QG6O6Y3N`DcpC38j z2|=@`Wo0|js=m2!0Qs6Yj42eJT``-9$M|G88%7fTad>hhqsuB{4T$t2)Hzo=7?NOXx2aUK%<)l6&`VFgmd>stg{}jX79vu+xU( z&LVUeD$^;<4*UR6Dkvx*Swv9WAN)HuO3W&QE=r&gvwo1zU&zQ-&z2aJF`1NyqeT$H zgK#HTsj$!B`LP6i8)nvyX251f79V)%WY%ZLvg-Bm#DL4fBjpTahzu`e6s$*2zbtWf zCz5&AtzWN)6j2nXrbH0lCU@@S6%{>(A|3=AODEtOnoELAF$c$eTecAoBG#~`k0oOGwxL{|%kAX%JRosjE@jdL0lL8jV@~G&073Dj=GCcP~(!HPiPHOrT zUj(u_P&?sKi!gyB9;jma#=8*yrPW*JhpbAzOE$>j0_Kaxz!W&ANGv`A+3-XTeY3)~ zM_Dc?DLGJ>fT%j{8#hQw9`Fni<>9ozk#K~T3mQ1IV135hI^K2{Z*7pC+-&d5T;-Va zivB%8Sv<(#{%ewf@SlkY)dLvmIXa{pNy5s6l^D=qIc)&?;oaPt59eoHQHpUm*dG z2hMT)#FJ;ww2{_Go;sYm!2?nQk7Pa`z|%OihOzJGPgyL8m%y+84H()Uz0eu*B_m^v zu~2+*TsiyWnZ*Hd)rbQAACu# zj2GgNG5rZ^=<(2Vzu+yaL9Po0vSuZS++^0h7!4#2#isf_`n36lg{yoH3=}RWBigvM zq^6iug={Xf<10uqS+}Qgk>TbrOWYU&OzK4S3o=9i97vYOqHd#I&yJira^=1JGLykDb4<=d@e z8hVaek1aPd8~2SHL1AV)e0clXwJ!8}{Cs>?W8G_T@*mp98 z$(P|+(97Icj@jUHRwd16qfP zqfXIjy!Q*XFBVf!YY|`9^XY^D$N+c-4qSNS(PfT0X@4}^P5e^O+D3J9pb72@dX4%a zw!GbYj>>SZuRIVQ_~c! z@_Y94DSa&ER|ggScb+fmxj$1U|`FsfMqB&g$$hh(!$Y|6M zCfV*ZhTrG+?VYM$8&jrSVVk@hn*va1r%rdluD{SIe_Ddn5&)z94=A>T_<+-bPXB|~ z2)H0Pt?K{NAHsy-zYwC<&1?Jr`K7LR?@IoIo<;wKp8rA1BK-SZ&j`h@-gA41H}}iy zu@;TeHveFz{q4p)#($*0S-kPr^;f;b^xkfgTl+>X zCH~&BVsJhrQxrU|0uT+EM@E~l_v+9VGDCteb0h|y4W2`e{ud0L5skX8ZacQ#3kNPf z@di&K2S@wi!-w~JhLB%*^0=&>h$uc%LD>&aW6GLy&7lX>7yEN3%?rom!@k}mxyU$b z@H+`BC5I4bhNrq>>_c5HlNTyJwIe5!_z-p-u0Tt=)J*eg+)6aeBs#6NoQ;62h# zP^X_gV&-Alco^UbE>L5KtmE99wwb7yES4;VU95U_5C>Z zATq;c8wgXn(<|% zV`SWLj97!t`1<)3qp?4W<8R?oBKjS=TXJ-j_KGmw%HSS+QDSDsQ3@_NI{c8@M@kOJ z=NY7d5vzRm{McGh@MI*aiK7=0cVto(GpIk%U+!{!h-+Ad!yS=Qw^QWKer#18P~=wB zC82Ku6G>=5jBb;z2@Xl&YBH`!Vg?tHeTVBteD4p}?Zn|g2LRUrte}0Ag`f8Nffmor z(B9r2U4+%I?^G06qhQ2Zj{~-WH%`LRbs4Gern`}dUZ81Eu; zlfu;`KhOyf5>ciKNbRH$jD%qdNOdbH5lTUS|s5fB_sQwW+EOgFhhc4Q!VXS=%(>;v^0&d|5iHvl#v(HY6BReb9msHxnXb z$&qO2PC>dp1Q9@VMhXyX8QRx0ybqbNgVMNT*DezN;H1{fZHibG*h(n`B9RQtxk*Em zmDL+I+(3#FImN^YS7#jhBb7>61g;;R5G+$k7|w2D$G_XRkE|ufV5Rje3i*!b!@G!i zU%R!u1$_tHf)ywuci(-@M_3)wRw{rSDLaHswd2HKJM!0ULlephc;y7z-UR#DkgKT2 zwj9`AcuC3|IO60v#3IZ<=*Bm~Nqhdp0+011u&Z3I@-!M8%=(ejAfAJjL1#ylBOtuG zm3kzQsoie8-gY}YWUxFP2TWA=cU14u;pgS0N|Z8!dPH>-)x&K9XKEd*6PUx1e`Hb` z}E81Us*kM`OetUvko!U1BkL=&Teg@hAUcgsZA-ZK0&_%)k&U@LcD zP(QqW4josRQuK$g7u;s>+QH{S7#%$PAV@Gvqi&-H2LRlcQCRE8l&>`<=_;fcwU*#R z|A3=XHo_BGNC^F&w`|nWXgc*IjGmW+q`w>ceu(-V}_y;tV>^OV}r;{kf z29V;uAgPfRfGbTC$ZZYA2FzG-|Vk0buTU6fg zVRoO?cZ|4TF7vf=j0(=mwD>T53iQjWsyJN)^5OKcj))$Nu8{E(;w?qN2f5LOB0(~c z(MX5J$19Mh45P7*^P{W${QShMemUV;zbP$@Q;1+d*oQOAU8TJA)87O1pe@vajM(zY z+y#^dy3dHKl9(C(a&N_2B<~V+iNsgnp$QIF4=p9%FE1cIPnt!)QPphV=Y3!C-oCop zRo@a*DD|@QU3C)O z=28vw)F_ixt zY`BD$z)nS&86VkvGAFmbdTHN&<$Ygf)CQ+{@57Kb#-z}R5Fm*ELj-^J&$sA4H+2g7 zGMvnMVX5mLZc(5en7+Q^dHzAQr51Jm&wlwc+9FGOi{y{9|Fnes|K1Y* zOL#f+f9!|KUcIAv>V8_gc`DoNx83rcetv0_0|WiMx8LmsK5_weG8@W0y3(#wS-Ey= zXL9IQ?M?4{SL?dBFbfMGtQ7Exc@Z^rn{IHoGG|xQn$cd)GmaNy;soy(X1P22%y7O5 z-4y?bZw*ULjli?9%Tlf)K5uTumhiip3(5rs4jq9+-enulvX{d(kGi0)~#a~_JPw8e_}nH3sWCAyy2`E9VA#lEw>-79L1PSQR; zk+C(ivo=jbx(Z%tv(hKs1h`jv9Bdg>`KYPgQTo`e0C}T0Rf|5}xZ(X>Y^}6mlWA$- za9_T>{N@A7w=P^&(5}`o@0nw{+AH+M$M+Js=Mi=-0=+Dm3J3u>|SI9;iO%E;u zv8^8*(Fed4y~PRh9w3KR!tKnrA)N>txrYBR0-bLP_}fjjDjl4h#o_k!bTU;e^dW_*RbLb006XNx28>Nu`0Q8M|_Yny~tBr`{s zHJ?0g-#I>%{62UwqY0Z3!juk-inz@C%(x0x2JhpK>@$66sg^tH5p%4Ks=Kp1?2bPR zj$)%E9?C`Zg0Ee^%T0`=0PJq2rOkux+7DV6J-=0L?Uu#cV101>=rfphFhg+yy(-Dd zLa<0v%7yI)hM4>OI4V~IcZSP{4;l53s0UlpywIAE11t~^kQ}eun-Cn!wT*WAsbk!H z(`CKX%)aJ7a9cm{^V^B`>0m9N#)Wesm%S%v=WQq7HqS}O&zQbV+{hwiXX_ysHR9nP zSP{P9@XkL;RGQM5;W|v!Jr2Kk9_d)YIKBGU|b0%vYIS+t|`AiN9C(!GXO zA7%u-siF34CfptTh^d`i1~d!8MFVtb!}f+8Eb&S{oGS~NAF{z{G{1guTEWFqIP}hj^~Zhe1*G5X?=o8oiFZ?a!FAaG6klDik0Y znv;`5fjSON;6sgErE0=;XNw102(G}sx1uP!98DIld>z~+$}@UDxFSJY=YBEcHbF1D94UD?7Z`Lbj>fR-PYV$?dk9(|O-(NL zEUW2Xdnm*l2}DPY8P9w8Cog}08f{lo?bJoEyzm?K0}!G2hfufdS9kGN5*Ut;f^(+G zQCr-xE}N{$6f?T|T*NCFXU#lB=nwOvKDU4XEszclYc7V72qbq2fBT??v7wEPICGa=TIjKW0T9r0W%CZABiBG)*q6q9&+`5e7mLwd*+ygHrP@y(gd`Ti&i7K{iDT5n=2G85JZG&CiXO#x2iCj0O4S{w)wmN zP$J@sMxw0D3;}>qIL4vhxufgj)2j|wtN#VGW<5C=-~S17xoER#4ESN42}G(kKn!_& z2pA^w#L&m$29*9%Xbe?SjoZN?Jpyh7@`yKF<{?;n2^JN#KAZ|nH8?Z`x1wf62p2&=?9jtFp zBh&FZ<~#^TBwz!~efRy1;>V!sz~o2Z0varm?a|iOhR!gi!H{6U2Y+RfcKrBp`C7#i|-w*{N%qM6-0cJRPE zM8^Jr>dXe$ZrD&zS4YM_Zg&-|2TAZ5zXH51+ka)Q3luS@0f&zMn1`45b8G9>fOZ@S zm`}7$RBk+HFr)EYvL~nJ0Gve_jb0~l&kbvw49PpW-x%Q(s0~o7uyN9Ix_1J@k{NJHR?SfbaLl7ZT@yZCW@qhr= zbae}1ITAMOT?aIQY>E>Ua)J<858`13Y{A2QBDDSdXyth4g!!Ze(tW62Vt)X<0EXM; zEUEZC`4Z44glTC28ARFTK!vE}^F63qfYP7>5(-keCZdX3vK>PZH^O&4Z#6l0+T1)J zmMF;AwCVCocooxJug~qL8Qj_tU+IJz0&^KZ!tK;&ty$HBE{&<(8$4z@_Nd)#u%1&` zikaQUp)ktKW;^F1T6lh}2{N69TMN@{pal-9se~qYOxZ~nP5;7Td)_PM7+wK^<*(5C z!e$1mbMQ#37KoP!SiBI@N(=xU$O*z2xHo5zWaujl)DhkvP-YY+VP3eL?FPnKjvhTq zvhEO2grT7&4QSOW5-ygSa#M3400=2z+> ze+%68Fp@V2qzxJER<_K~fdK>tzcaLiO>-TRRuMJ=y$8OYx_+^I33nf#Z9t$vi#h6xvW*f_+%r8*K?T&mEp~gaEHpu4so^3Cs@#k zo(}TYwYe%RDhgjyHoc`yvR=(YknBi~MG~JVRyn!Az#p1gS|l% z)6J1II0P27i$Cy<0dgOVs|70OEN>3 z3!cCK%3`RJL;|IWXAV{jCL94za4kkn?+2*Xxig{P^F)FE`t~9xJiKQJISi{Z^umv6 zX`6TKkU?F+ic5?9nKz(NzYw+mj}O);JajlY_AbyrP(F^2V!`20sBb9g81SM)ATl`) z48>y<46t4NQ70@PQg%>d`diYH&g!pBYBu{%cFtS(t2#eC>C1elV5jnDY%XJS{8_(e zCq+_9X7_FVIJ_UmqsoN%vzc!L=MU;@8c%#-7p|tOCv#(6H|WqN0GXdacqxv3ghH_r zCvM~HWkRo@{*xI!v=mU<^k8yOR#t|jMB*U93Ypm@rQ6RP1_ec8z~IBfBy%2p&+c8j z_>jp>>?Qc?725LS_7Ir3V=G+%xX}{SSonJgc76g)h8@%$s{_I`NmFV+b|GV-tTf=4 z#kl`qlij_Si^dzRPs^WXAI!BElTO>7_71*^TZ^rbixE=iqISLv7h4PL7`>R42dLxT z9iL0%%a1Al!d$W}$QyF99=^Z|i!Iz;|5E(?Q@RjmbPd8Ym|DWU88(rQMDxo^oG2Qi ztB&J{$xHz{0csW2L)hV99WYcO8zd$qS0rZH-G~obeiPCxVUKX%$r+ohp< z_l-6=musMIJ=)5l{ch89``={SsGH0Yi!0fWhfHZAl#0O$LN6r@RAFVMJB;wJ&h59t zR;5?u;^J zRSCK5aZlVhFDA@#K-nrX*6{O2!9#0w-PCnQCm7&04e2wSM!(V^^tRw+$gqHYU#wEB z%N4jUzupve?Sl#l@ykDkzkFl|STgVm-$blFbwczl@!#$9hO|_^{d3@KwZ;R=`BJyp9d->2^g8={(#3}) z4#pEk1t%Vji{J+4U^u9L%ai%IOsq{fn_Ozo!itZuWxMCIp7)yaTxfo7UF)gAbg-oE zKUBLt3p;~15`Sfeb>e-Q8Go(^`xP&~y`YIf+4xVp{;&4FGb+lg>$1#B8&PZ(5E~0c zP*9SB(xQM`pn!lNNKm2@l_&*>nHH5$fG8>;IS7b^B4e9SaxOBWA{IduC_qB-?Q4JQ zoA<{%^J8Y#x8}$6>b1HND?HD0@44sfz0W?t71RiW^%pPN?NtzL{sA^ZP^3B3pt0M*3_ zJ|%w_a)gezJ+X;6=V0vpVz{Lw@WGOKg~Q9KyX{+5tgPbQ3XpP;aRAWLhPZ^9-a_p{ zrs9-vIq61I$hBZcyag2r;9ks<&*!+yCcJ^9%{3z;BuXzS^&>M^fsi?0nRHs*kUETU`xtIj37ovq_l)y zg1G7Rl<`5(y&l-VO?JMPhon(%AVFjE1fh>2G!F3S<5F9Ne|>T+uh6ZfD{hPJyj-D& z>nyJCXd!4lnOUubmJCuNB}88O2ruXzLHWi0Um=+5wY(Usu_I#i^|Gn*@k3l4>ryp&?>ukdiau{0>uWJr^)LA`CN8DeF!QLffnyf zd_ZAcNTlg7uX~Gn5nTtbIy)l}M~S9{LfrT8y-^^1z|jJFX*oUtXmtz3hdAX)+eTJa z*1l@#DNgS=3r<96;W<+97)?6_4Tpy`1S=$g0W1-tC5oowrBERut`e(3C-7?mZK$Jq z(QROblA5TK(7bPktQ93M4Vp7>FfbiGIAwyarZCiC&d7mLB@w$WsQO4#7$hD9mq(2R z!YvAz?wt*?JQ(uMD53nq91XWM7G$oN|JZug-&vl!eEwreZ4)es9yC%TNcy7Yeuh3} zsM*VquX!NA!uuWZ4zAX(apIiqDpn*`Lj-3~^jv!x+MHh|iO|S>?CtecixUQ<&g`WB zh6e#WgF*zPxIpq~l=j9s;6l*BgOf;-;KoSE$e;sq&k;L+HRB*@frh{ejqVgOQ~@F; zd<$Rjw)l!7aOkKWK{+Q2TA1jNFlyyItSV4!W=)|Vi0}t!t$%~#0ciCFcAW^6IF$QP z+9B6ZKxoCo5ofs}``Yc;3G}>C7XuKEJT!aqZ;IL7mD?U+6G84+y@X&f_|b zg$^!+yeAZaq)tR{MIufrfLb51BY_Uql=%2uy?T|X>f*G6VDSKH8deF34M+y&5Cb;s zC!}mqklo@LEF`=vmMd_E7$_BqcQ=_A#mjpYQ~&_27+gJ$VAP{zAT<$~elVS#{2e`u zn9g(ZR2A`YfU4`t(^YTq%UzhSg)DB)eVEL^RP9Ol38_X>n0xEi9u?2Y+rl*7RcvDX0IkOdNpUgXeZbWx3%dc zX^SAco&!SxVK7-h&yal2K?9#TkX+c@f(=XZ-T|)^l*-YyXGw{OHa+waid5&Lv?TLc z2tNkUAX$h+dCt~@M?T#~sJVvD zOf(Q6*_>yv!mzsd;fB*dM1Y$G12F-^hWfkeM{^8r-7vJr&oCehIKQ))1V$Pw*ra%t<+R||8dn{OI@Pq6!WFDy}j+dlQ$pg zUqAol-LgV%@a(+OOrMOmY{3FApNx1iCl-j-fh658tzl^I#YzO5SC%aa1znu>gWd}_ z;%d)coSxVPPH_9EWC_w5>;;prPDrFc#lsEg&*~W<4G6qiSc67W1Qg86%gb?)bogBl zffkf^w&7jC5yUMPVFCb==EEA;hFPZ7D-!9sZl-!2has>IJtyr=7jSLURPPcSn* zm)aXYrD%r~1Dt?TkcfkbZzZTy0{KBy`PsuffN*i0UU3^#{C1aOxh-D0lqxJdH%^;| zzm4@8+|{ube}ntvztmXe%Y|pb9g?MT@GpJ!|5N@=TD0nKp@q!tNpy0@5B?>U_4kZQ zhQFj9T=`%AO4?s{1t0zAhu^%CW~zhsqwQkhJrBQK(4FhwtnoYc9GotPef*h zs)-PO1Lp*=Q}!d%14OEW1Q0Fp+kUM0g15@NG((55Wf8Gy1h2mhMKl1O%kWhQF+2_6 zoMvGW>sElKN)P~$J*Q}IOOFMQ_sqI_V@0Lqq-J4p*~gKUo6rx7U;4|3YGe zEJ}VQH}K2SxiIh?^uyz*C7R1TsEkHH$8zqDCK)UbN+(l1Q$hlm+Sc z@?W^H?BVMx<30gxCLQ^t0|dngkdF;WRW9O`N=XZ^iZrkGk+7Ua0iXWD9HG_#8mWxF zZFp3L?flG|w>32@DQFGq^d2`xH^mYqfRRWjgwZpC{q!A%VQ0|Nfiw9h@arX*Nd}z> zA~XSVaUv6&b7%lt9bxcY6^G*wn?C~Tt{Qm26R!lo_>fwGJiv(M4_@Uw%a&QfS%EZ5 z!<$_S2Jd*EY*+AXWIPlS7o1;M0dObSa2bllxun+u8RoN`95R*|x!fXz7?61?7-%>L z=GY6Mt|#{X$iY!`ECbC0K+GDF`7^k999q3Ux!cxYCg)PT!&_K+1C=I1Be-=QK}!X` z89AwuoguFRm_o(r)zF~(Xg0lQDxf;AbGF&-B%MN8yPl?UKz9$f(9NDDTd`E#u5wyU zc`={W-Sq_(FLxP1aJbM4T{F=8+;UyxVa)h=mn5jg&6SBA(Nnv_+Ct8J^R(`}zTN&8U+!3kWY0^gV&M`QR2 znEYdj&`=@XqgJ9J4M(b~AT6bH$iEFiFKhYmx=XoYlj zBDyYGpPjh|o-i7j27J0TR;nC3sEUQrn4aG2+$TcS-DCh|cxVzL8Jjb3w%4W%IGuB_^?BtY%L8CL>D}1z| zkyIP(2btc8Nwz6KlQ~#q?*;`@8k3>+JB#e8udAd4-V@0n7LG7bp=@OvW&j(l10)(6 z9-fQ~>BlsRdi*9dFz~~Maioi600zPA@e*A~%P_$+io6+0>M~FnVXC)IqN60$C{G*fbP~6xyP}ZL#W;u>h82hV0dIi=jhQpsDHBHxTbpeuq}j8 zlQ3zc(%=+*4aGcrayyW)Xh^M64KfcQk%6Gn`SRYwh$Lv(-woN*5eR>4P^!DabAjfR zV#)}Kj2z0he~23l=NuE{d`%d}nE>Xl4`}0dSA%ZBkmmwSh+xB9iu^kgx2!eHbBe?5 z{1gtZjatx=h9HrMc;*)nppS5qg;>2{;X)fM5u5hhj84cfh0QT_t{!#2v3t6lW9L)2 za+o=e=&ZO>*Ky$wC&Ybd2?N3B$e>bzC+b<;H1KsnfZeiDT`yR$;2iQsMl7m~6rWix za^QO?d1FAtZTOanyM=Tvbo*NMByU;!R$bICWaa1rZ8nQcg+`Y7CwIaeg7~9AJ8N|` z730u@4N#88&;^P0pwh~|tJoMuVFWa%p#46JOyI&3R|3~u9F7V!S{aSMXI#TV67jvPT;D9dZhX^_h#T<4_NJvO5 z4!?e+!3vkAb0I_#gI@TCudn#NeMWGWaK7sZ3T=3NTwhJi&yeYWK}3r^JUvrzXKv1R zT;3bnV%G#FoIDrT!PXOS${~Bj16o;9F zUP|`sF`jC@^5ocJ9v&VUu*QP&PAX_O#QfrGLxKDIEe+abq=^VW>5vJ z0aa{KBvi7~BHPe1v&By^z-7?yTz4uLOgpY%&0a3xibOyG4kLs?fEC{n6rcq#EDQ%S z-@0{)SYBXXj=|F>zhCTiK>8sJ1-7)d{(ZeQV7D73n<(wy5Z)W12vt>8JqL{nL_18# z7s?BZ-k1e-I7qra2>LXZP-eIq>iceC*KM-0jf1@}4c#{*dc)wV7GDutHXWIQI5l>H z*_Gt0#4hVmvxpOW+vzWt&($Qm4-^>i(eUBn;RcjzkN0_KlYomf30o}+5w5(xUI%cL zo|ji4P?~5wgFh@i+=RYjf=E5k!lB^y{(FWan&cV zR4wHm@~vDM1(+WJv$K(fvz!CO(iU`8S!HD-XiHp0im*At9t-VkklKqHq&8{$oSDN6 z9!~VdQNhCOqbES0#dq)4XEb2Dxw7k25qUud_O&t7@xdmauh&^+CgFc@m}{f8tr74s zzl3=I1##p-NVytua;vA_x`BZy?6DDiCg0k%dLOya=$iulM)u~U7|bU4l%~I&K!0&`?I0;T7sYAUYQ3+ZQ6yk%;U$kA1)v7Wb863qMyL6 zNj53UZ}Up1PeLI~3>$F>7eCTSz#t@1cI*1@kY;1IcO8vHp9L#0|SHM zu`vl=BYU}rZ8>reQ{QFokIRN=uqSe+=mCD43=ky9w+p|<$rw~RS4vtMZ!?uy%o;|z zgEwhi#;kn*KIm0jS7!7SQ(@B%!hap5Uc^WJLIvWGSkAbgq;V|fU>No zS_T1aLadDEO)4=0%YCr})t}x)&Tua>G7=$SII}fj<45LGqgk`N)NJUZH>@$h zu{$jOySVaY)8OG`U&KDFn(b}|=dv+LH|%0zSkBX@rGo)e61K-=%IxHR=ih{8z)=7t zw%A~F3^%*vHr1dUC6KPdHALC=?$xVLzYBh+e7AM^QnCI71~N2n(rtZi8ayyyH#5~W ztB35)$WeFR&iLQMW5A^Lm8kn~ z)^>T8e=w|tAtgV(?$^q=x$1xUgVL>U$vVf@_B#&o&k^*WYZ<}psQdG|q)Bb)qv=zv zrKu`p`KXQxwa_9X?mwyQI(nk6rKOcVYAI{4!?J&T%r`+)#5S$3!<}jS5MMvpASJnt ze#~&uHvFkDJ*y_UXmuz7_p&_Tg%Q!)_kA6>tZ|PV>0mM(ZIgJ z=8IYzw*-%U+Y|jv;ggZhc)VmtKR5KVO|f$AaYwPOdo>@HJV?e3Fbv#zFp}yOr`Wcl zplOQr<=Sx8eOCp})#Y(sL*YZ)bJxn0a!g~}%ioxuY3Fv&DcU)pcsHCku88eCnjW0F zrZw(X{H%Sbz}Q^AJv=gAPVU}r++{2och@XiFXn2pGR~WG#u)D{v>h~x)4uF=QIOTS zR`9y7C@(UCxIffAvg$mPY4{VDXZ@aOp zH*apRJ-s*e6ytN#p_FGglaH4lmM%?|$O$koXNhgeNmrODzJX6n9x!jbTx*>5J?6NS zr^#*0jaDl>=nsr_x~JPJ2j#^m6sU=lGH?PzT5eubS1`U@A1c$QnaDM!j^3Bl(D;6!siNY z!)4MPe||f?q_}g|RCV<1ACkB8Ub|{|dFm~46Ve~wuNZ5hdBdjOZ;fS~b-}$;+au_f zwMyi9E-4?+xAz>=jhB*s-ZA&wg+Gr?sNs^_j_tSabvy8D-5(XmI%>>+tj>?=p4jc3 zEsN(6@pHDV;aVwIqiSwKXXJR&@W?=G$~c%!yILs6w9f})-16W z`^N?IQfym4&Y^p}<`LZQ)hgR%!(qhokFC;T-VEQbTP?d_cQQwM{A<(XV3ETD3Z;xH zt$1q0v_0{sq(ehNB==a+!YtO+u-!@3frmezkvrF4t52mhshK=Ksn}R(uPE5+esK1F zf$=BnS(?32k*4g>*olfj_l{OYw>`%)-=?PiWh~aHEXZ%GQQ_<7f6K*la|hd{%tDH- zrco?6ZJs`DqgVT^t2&q(_c%AI@i%w&t?pG0_KL&JGm|5UixtNk%zjSL)fv;%-VM2` zQM|JrT0t|d`KhMOzSJB0R>pqw7Ag)cpzE9$!O4~Du_rpiEv_hjA*XW;jliR+lg0=_1?pq&d{*gdRPo zxY@fR)jKo6_i1RMkRv)%px79~dROCmS@Svh}p0Afz5vTHskkJV2PA^n$U~24@yCmXU zq@?dOoNZSnw~X5%AV08xLB$`9r7UOZ?lENyjD76YpP!~O7maICduI z@xiRA(f+i^%(_fY!J%M>L5Az~mv{{vd~O+ta-* zef)xHR`z{)_N*zkR;p?K;Z=%;`IY0(?{oU<{-#UW#oL-pe5#cFBy^24&OS9dt)osg z_FUf^w_wItvZipP%&KUljAMPI&2>rbboMI|T5XVHJ|~DFJO0I+vhV>I_3J>lKk)G5 zEX$SW^2%$PZV@a=vR^1$s2(Qe?DFGf&%@Slsl)$zvdOwkn@{$?{$}Y=%61VGS3K1? zluZ8=>JyK!>T&V@XX6&9^2w8X%x{0RnjVS2SvjN`E4F*9uQ*P)D2x39`%P<=6IX5t zX5U+Qgofx+6gSvqvv2hhe1liy6r}9Dv+{rXL;3^`Lia*dX{JqWMJf*6y*xM+FYi@J zcsC^?FHT>_*Vk(O!Qtyfsn}_%`=4C1Wq8A~r{5);z8^)br7Yb{p5=?3B=G+4{V?*b zs@SO394~*7uHrUk>7hS-?{L!_b<}HKssW4e=S<}BRpR3P(bLI4%UmWa*7vgOdq1Dw z99`!~Aj?ruQ^rMpW&Fi->$5s(n1OS(fskd~Gb5drD$PC-(-Lj>vWIM@FE z-uI7p&dgh9<}mZjJZ{}<-Rr)u_{6mce)d#}0GAdQfj|&Ee4wC)K%hp!e^%qN6JKMaxd94jLxOeV+l=yyUi;lbcTU=&rdc~>nXYIFF z${bvr0>9M+?0A1Oxlai9szD)}ZQ^Q04TPezy1v<^$ zu^h~?kN8ab=ub{ghPAkF-^MU7FnGouo4{v?iHeF!TQ=wIq4Mofj-r<}4zAtfFKR!S zobA_c`OCfvM#ZSU{VZ27qE;*-h8T4@Gqx(}h5zD(UG~WJROe%OiXu`nvSPdCM|WZ$ zsjI8s;N-;r`SYhx_Y179y*;~Zb@n`+>XK%uPXt@RZ_&d zw8Z4u^Tn@*zT(o4yE66|Zz2#5bOX5kjk8z*u9>zDrHWHedzl4J&z;#V1X0a!UY)pZ zzPqT|4Ly1%fMv^k`+A_pj}1TUTSRdz5!+J7YY%Y~tfx#hx`lh&`ScMBWHrqX zj*cZXSXj)(J32ae1qJ=pa?lZ0k#&_yd$WjFy#oWp@HxSxv!6Q)2Zwr4@S}TL9+Zgr zjbc$F6LLxQ*M~ShLTTUhcBjmoi!WwU682j#QxG@^vBZFrzZsVad{^4Z;w~87-5uMB z>bZhdF5)=raREzn9}3OgWnMfIddgV$UW~`GspjoMSN(I%7rOb)?E()^%ony1K0aBW zTbqB9{`)zhDQ+(zom5YDcQ=t(PS8zzJ2oydAS{ikWm_iozM1O%jIlxu3)_Fnq<`xV z>Yw_c`;?GkIOWL%yu|bhmP%5|$kQCWWd+gbHstE&_NFgcj8{l#MB2$F!pI6`sI3j% z{_n4QrN+IqW!sp}ddtQX3kOlxM+G`T$}NWpNwyZ&*G;Ky-nI82*mwr(lMSH1&G?mqbhQZSrSc6vhV+_Cz{gC<36?! zNYGA@)Ik)oF{3~F*uB$PVe0U21l3b+Qs_*&#D;1ftI!b>-t6t^<}__W_QZJryJI9If|bEF15dgW-Qi|vb-MY=oK=%r}; zfKEA40$oG+F9H#a&Rfarn?4wQc*@N3l`XomQsnQi#0)aZT)%G$EIC55qe9kdOa!=5 z=CPQ;FRhn0qC`_VGs4@`EqL_CMZ4BL3W!nPw&R)#qEc$GPIhk9%9LYf22k+w3;XAs zdUMB*m7*2oDfsT_^)Y*#V;nG!QWo-16Y|KIq&yzIs_32nJxTG@dh|h9EgBII7WD%Q zuP6?Vkvm-M9}=h0`IpY>{bMQE@36;QTOI2?ARr(XY+{n=uO~_@P8Y8F!9G%z^ctOr z39HI|qWJ-9fC7uJo`iGW>?P|h(uXPWCAoS$@;C1)a~U~eK7kFz<$$W8Z)|{S_&mdn z;rHcHj(s?zYz9eH;%7g5Hc}G$Axyv2fA}WObch%6B~}bvgOE)%M@N2{<##`yi%Y2| z;lEW&cr{$OuA4z}hwFz=agJ)3{RQuep0Oo1n+RRX+3)C56hz#pvF&bAKv?~Ksfg8P zb`JGBJTIDBy32IEf4zu#A*Wi9=j;l>Su#vL{zqL_=e_cEE+byU`+(yl;AohFIa;7{8Y;>-Tq zACN{j`RK5mUpMv7B_k^-qckBl%^XJk2h66d@{o#)-aqu5iMwQ>PeO^s-HEvsSQnBa zjutW#(TI25@vXoAK}E#%&x9@8J1@a!J42x;K_T_Q$9l8=3uLu#h7P>2=Uf>%W@j?2 zTK}Nvp&}Yi-m*_8O&IPyE= z{rVHX7!n%a(CbKA79Xx-n-0@*YKoz3%^ta>Tn9eO6$+AOj5y`7QkWyz+!_6#(mFb* zmZg0E)omxspthGx7vYt0l3`!2@^}ADr#!nmLVf;-NT)tBd~=-z1p$YUu;XR}or2Nn zY0aTJyLy!!Gl9EzXbY2!A{s*c=%Cq0m4R3?n=4t$lF^JvgoH$>VDi0Dc?V&nESlUm zVpNgmr6d$lKBEj$0~Pl6uu)2t4f#b!(Y89GvHlvHQVwojF|p>*s0yjt%Nm@KyMz1*4;$W$|rw7rcc5^cXTZBak}Z_{Cpr?WB8 zcWu`#?bmpC(oZqdtrdTtCgY&%ec@3qg3ehhRhQ!)6O!?sml8C8?{yyDAd+a~<6_3+ zpuEsBL{)OsHuexCHPqdLGYB|YyY~8xdFp<7(fcqaUSqMBC~(XoO@y?x*lvLlPBtJc z1tU;;3`5NMW0B|UTNQ;NZFT*fZ`$@}*6=@(;>^!mVla7A=`=c!*+gi6c=?x50b29? z{F_YYND{dlr&_FW{d1WF5hG4kqG7M;o-TzE1sY7p=uYbHnD-cO4P4dQ+u|XJyswx7 z)y)xUqui@}MM7UA*lq~%;f)^IrO2iLn#c}v5j?h+TVdqVzmn_X+rCpMIUJ>HSP+w?gfcaT`&bBQU#z!gkx*~o zp`oGO(rpY&S-<)2WUPnCGFL5KPSK6g=SM1yp}-~gnDO_Oh0Yfw&vJ*cr)WPy{6{8I z%VnxB=@_9lxE#N<)N>|Hoh7ujGS1r9fjtgQ8X`mS)#Z&((jWe|CF**EQm^5fPB&2i zn|Y~5*7_}ObfeChkRZQ8SCy>8)*vaJjEuib#&2E`OHQo{M<}B-TgFr)rY7&a#EvY* z!hU}!FdPtI*ljuRGMyd5p)GHM66aCBN;EF6Da$V86ZMOjKapA2lLuYC!_l`s`gZpt zcH3PC{!z|}4^XcoujB}|%8#3-i{4R7r*p*hPWwKU^5i{DxmQ#n@FA?8z8z!v#A=-e zLa6U z+m4&xcWqoe?0S*#J=7rR5+g|;c;jm!0|O5?50qYzk4MaujVKn!8Sio zNVWT^6OoY6V=KkVkfcF>e`TK1#bWotNxA(8b#tGRHyDH);t`oPHl4F+8GNpPztG-G z3JOY9E`RbhM`J2)Gth0-Iy(86T(YzsgE3{t>U1dvbV**`$Sp9;QlF)3m_5_b5#nxY8B!?BbXR{Q^ycfQcWd)Pp-Hr% z)|Xmloi}J{9}bFT-%fQer($U>T%62wND-pfc0OoYERW_jwj(;htZL4$X3$BRXrBFv zi_l-!M;SAADzY!h8}xgtf5SJd9wT|i@o zGAXQc$bZGAM#C2;MMeDgj-dkg+St4qNa*7g7J46DOYk=^to5-Ck$-Kx6eMDiW0}G; zZ*P41-y}35d(YILVctw+PM*$NST)DMvv{sK`MJ4$hVrSkFz=^_QKV_X8SdPMZEXeA z{1pO!guhQ7xmP+h+ZP@yKD;OPm1R*?SL@ss1HsD|ZE)~dYUgsHvV2AG+8Sq+N5bdj zhk}-n%ebY=e3NI%dRJ+?0gjb-?{cFl9k<;mir``Gr}dAsn$b7s_KQssb0Z>X%H0n9 z0!^$7?d3C_XWxH^{|gCR+Ps}Hm~X=Y1>etCeQ#jp+JNTgH`A$Vu}KHBz*3TTT{W?V zGa71|;j3i32%iGa3w`6$xzww0DbJmuDYU`NES|hgF4(~P&@T8KXNeKA8`Xk;mMJsp z6nvov+lu63^C)lQH6olh&-<0FL$7X%>tB@VC*wE1KZw~-lHN}X3ZgA2cs1_WJ86wi zM8Pt`POx}Y7iZEcJqT;`gS>NCU&m5(mCD%2^woz%+lqGl3ZO-`xpOXBHAqr7}MoZIKiiY2{ucq0!hFTH2<{e7YI}(}1a* z>aKn+Mct=-1v*tI0D`(g3Er(}H1zQ;&vE(2=8Fw2mfA{iQPBzkPalll@aj34wmD4; zbj$9UXvcUvIZNzp;~o=#$5vvqz^S%8UyNQS&-TbvGEk)sO>+qmeF@ zH99?n{&DXNgA<_q=X0_2>NK*{#A&kKVv%Cc&4NQ6i&@|hyI*@-<;1Z^lL6CUV z7gzq&i7!5>X?Bnl=OzC$U9ER>UoNWp8iT9xQ~b2``&l^@m{epT%ni6jnwJIczL0+~ zyM{-1Uh`6>Dn7BAk3N}`#QPs5IW9CE3c&iZd*#Z?OozRmY1&W(!W4ZTr;?FKB@X@m zy^bF_5}&`Wb!BpOacVkScPhWFy-j@AzbWjGr2<1PZj?-ccsSEbhQd;hgI)Bp&2f5C zG&Jf51Yh#hEylXtiF4A))pAhCabNgZdzu(oVsDRfBYgIwf~ohE&SMap+O98108pI#(p`#AleJuv@m007iK2*46Mu*NT#EqGxw{5zlB&T3T6im+SpQ*f?Kb^x1~K)zLYktd>H9@%`5ef8O{BbS@5je=Jaj zcTjM=Cr2BG+5JceI1)AOBLh?Q!)iO*;uellEOV3b>sa7s(YXZp-;&dxC>(rKyF>mg zM}2b6A}QeYRGwA2R(^d?Z|l%Gor-EfTjuYdlZ<&-!QnxjktX7;BfklcxHYFVY52Pjo$zMY;TY5?s8I)b?4an8#i8~Cu zZBn^-S@V&;u~{EBFtZ8-@<2@EMe)JAKD+crDKRRI$bO^)SE=r%lS65TK)RIe@&$pV z);siA+}o^mqe>=Rbs)qkY(zA#>^o&ZyK-)%kBEHdYdX`6hA1+;yeoL@D3`UxbyZ7U zr52X3O8(#$X_$`|u(S285_tQ5fIKcx84vl{c4{Tsqp@(yX{u~2CloB%?9RlD)xRWYh+=hFQ0 zy3RJEJ17bslNDAW)%GiLtkE;a8iBL3vo6Oo&gswY(9+*Pk&^$WmDvmeR~2!hKQ#P- zA1O*Hc$`yWT8lYeUdRCW8s47K*(7W_HiFm6ivDI!WyO|blRGu_gj}+Y;hCCxc>UB@ zi@bj(=G^kz=_v3G_6jcw-!=}KRhbg04SKG3=N+#vE_!i{rn_>-s8RrjhRoJ8l zwU}w|{{BpMV%Cd;Pd|gwms;_l?sNL@^P|yES$w7rCdfo;$Q5DjXAFXpzto#GrawKL zid=|!Ic@REP?1He89IS^San*MpY}c$=PpYQZ8R1l3adaPY=MKb^W<(lqYFOK;-Xo| zAdh3Gd$fo_UmF4Sp_+&T{+_Q|j-t^CMe?{a#!?o>O@||W_^`QuF14+~CcIVI8lOr; zoBU7g{6W;ZP=_$kfP@5^)|Mf3lZcMik$v)yxZS*eGZ}Xd-nEq$Vj2!wOzrGyH_jg{ ztgrHoGqHZ>|90ERV9fbCFed>vJ`LzftgMRSJ)%-l z|L&fY=YM{p^D;@&gMO#wpy7c^ck@T*J0_+tHMb33jS=9z^I-OSl(^VC@N=olYcDX~49S46xCp^vi#75U%z#bMvvppzw) zD&f+0pFsxZNc4*zrsu;P3Y5$7EbL#`@UC)Zg-jY|d%83~I=!wRobJal3GZP3 zr-hliHii5AFTO8?moEd=&InecMUP5~40U!0+X%*?qixLLDpn&Nrdu zknDD*iT9_RZE2pA+2!wl%K6nse3`a|aOQEhyj;sZN>-nX`aW5Ngu*7wnR|2;jXyzADk2k?0)5|p3|EC^_hf~Yu&?F;+^Be*bIJk3kyp=pf|Yu z(Bse?<*OJ580JP`6(W_?zltyN4q9zqrr|)bHlCGAPHm->F((biV>*G0ic`)}FVceN zFSiY>_)Zf0cnka2u)q_Exb^ViLo!`mM`zF3$EpPiy4HODin7*bn0V{wJbD><>Nk0^ zuz{9-|JzYiBJ=^;Khjudh$e`hDD@jEuzx; z&({(;98fGYCqB3So>Dcr_qQ9DV$UvwIZB<2{`C}k5CG?Itkb?ZiTI4VgheF+N>Bjr zW4w)|p=+6JFjuuLf8x;yZD zwM75ga_0IsySZ6JNg){+vXKPzL6iCX9 zj=L4NsHjHS{fHd#qod5tMXYI5Rd>5M4*(MY->xdx$~FE*1ynKt8la*eLcKOz?7N&q zSD#_wz0FOA;hM=CNsF|5bR?}DyRn&{xm1$B&BWF0dcs_pQ%#s9z0%kKIyDeYTp*g3 z41dax*6^4kU2dZ>)gO{^<|*&aQuVjYOzCDRA6f}N=`~6?pAbz*?1`jL!vSaEyK#r< zXiIUQ{j;2B3r^(%$f?)WAP%hxmgpj&RJ6JlL_ zj#v7Ceg_Ids3f&TN2^KSm*-=A@1sLSL&M?BKhzsY0oT&NR{1|Z;)wQPLRW`2O(N2? zyyE*mG9CXvdY1qHe|=AS4-c2gnGE@?sSog@j#VS|cB+zO!CyU4c=LbezuuO*r2KDI zZ0FC3#Q)~TnvBOtaBygp0AA|Ko;Dk|~;%O^QGSzmu=C-G=&rWVX)|Ew%F ze1fEdqBVz$lXnXD?=J*U>H5^xo_qFCQcx^R*)+Cm+tg!_kwvqb8?@@wyHTw4rL^|& zG)^0xgN54Uize!QCAqi1KUnYXe6Tr1b#!#}WHc~P-2I62X|ky5(mN3m5#?l2l6UXk z+1lB?4-4x>Tc50P{|L77Y|QoAOT&GHco7$ed)6hk*g} z-`=Dwf^l!G;^Jb>;y3rBH+cjE$j~tHn+DS5-z~IYkW)|?oE`i#{r$Z`<~aGk&jJv< zF*Kx8cXn_PO!YjPP&EH{nIi6p%jA8*$E{QKWj{J51|2~yYI{Q?U+YC-&1k;%hwSWZ z@yhF~^KEP*BAXZ|k+$h-`(l&+RN77*4UMCw72&_t)vo)jfBVxSysyvas%#ffk2a@1 zMBP+kfycXj`*v7Kgwk^Dc7wd8=J=8|CP|b=wDSZFE$t#41@cz-`1q00(S9SjFAZTM zR!8&c=;`Ti_{*A^-R z86r^`^YP;z%tME@^Ut^W(*fy5~<3GD>1oQN^=bJbv!F zU4P8`rVYD3?f6b#FOkdzLR(uK(R8}MLPAX)w6kLyN+(jFdi*=#)2C07NlE8bN%s`K z9gcS@XuW!s?z;asJ1@^)G2yHp_tP%x>>th*85scV) zc=B+OtCJ<7luc-$)ci)+w@7isowq{$u!v9*g0uu@$J-IFYn}eZTwm<>^S$jRHx;DK z)2*kqnk@5GV7YgGv7c>TeteOuVbJ1_Q&d)_0H@+uv9i2u&>eFZnGw;^WUMNw zd7JfNAt9|0ZOl;*<`))x>)nsn$`;_yrgIHaaN|HihL3G+ZHk_~TPuHlMnm{?0uwAl zAw?)FD;JscGg|rJ6A-kgO1YO!73wvHL)2J!>lMGjfED9Ee*74ph94asvL&2BVrSB# zZ~=A)d1Y?hI&8#vy}Jnfvpgv!HkH)j(f!TJIV8nA8Ed@4fUlOB{l;ABPwRw)Dc_zd zHR+cgF7~=QU775e0n`o&yR*9s58Mnf5}B5!x4sX1qmieHLPSKQsin1eIHsqhsv70w zuA@WG`s6b@T=C@e)Zpi*+i->+*}}rCnQFnXT*LLz{METe8F<)^aE1^VA{lnG{+f|7 z*y!zjak3PFT<-TLNr4a|>%*>#Z8*r|h99D7Z+Niz)zzR7DxT5x{c@*Gt-75SJeSME zvGo^MrTx;aaK;YOBK^|moSa--eCES<{`~o4+Os`XsdApWK3gxbxVVTw?Emd;{VZfr zWYCJ~ur>WkLhwt$UU@l1_T{CD!oh%=+K|HYhfkhRv<4E8;ZbpupC4~ixgT#)0O=;% z+S+;p$Nlx|S2>+3+k47s(y!@7ZDn<893FD&HR#|oN^0I>W&H?o^|9FxE9CP0I0R;W zf@3*ee$3ad{P^`NOR@Eg`0m07rjLt@Z{A&=Ig*f)vc&P|al`YsUtONJuNO9Qzj^Zp zLO#dYo$09jXKybBq7AmgpI8nu<>|rtm`ZJZNr~FY+1Y>YA#;84TtQLsBMcp&$o^Sg z4i3PhLjJ+(^y5cd=J=j=_^yJQ+NagQj1QuYYcUU$mB|b1k3L8CEX!r8;V}DS6B1I| zRqJd_S3lROw!1I6|4V>HR8$k2*+*83Jp|Q^@ zqU1h;I7!5Y68hR=Zear{qAgj>9u5PaPFNXv{>Zf^BvA924c&^0k3Z(klD9#$K{2(U zx7XE8g*HHpP{?|k(iTj{rl77KvvYJr$>eonkiYVGyx0)c2O9^6WMN_9&GpqKs!x^s zaeWzl8HIAr+1kLUKC1l9JmC+H% zlZH;;o+x1ApOKNF+2~bIEN2?AKBnhQQC(gA=6Gucd0?|IUOrkQc(<#TXSzpB17V3+y+Fsr{1_C3ovzLv@FngC&bmz zU{GXZVqzf1L|t~iAZ|cj!j_)DC8eWt?{82mW9FBVdW|5a;?^OS!!GtbcY?>eZ)TPQ zK{7O?R_wg3`|f1NASx#279!}+A0uXk5vtD0Ij`LO%CitfY-Sh`%D5yw%`Gb8UD({@ z8a6LKD(2Fz2$J?ZgIj8r7zHDvAJ$`O^MhE-`^sZ5=Xn-ZT&-SE9wD8~$IwW*l_dz8eIowKJ{`s+qg%_x$*GJ_FZ%5K9DqeYW21Mz z6+Rvw8KTU$;cUf^NP0jFGgIv@BFJj0!YnOUBNur+(RYgqVN098vm%~CR)Z?IrT_!k!1gc&}4^k^usi{oX1X^;2G!Uuo_3fQXq)ASNf$}9ERaH-15 z%9Fhwo&aLG={ncv2;#xPL7_=i1{P0GPgqGKGRzTekoM(=Qmgwf>eI~6JQ(HW(+!W~6 ze}s!_YHA`7!q(H+U(9VAb-0xvYaJ(F_O`a7Ep>#o0<0ko13%$u@e(_TvN}OfeQ8D;X|0Q3^`Iern9N@ zUFwX;`1%#~-@kv5kb`C>&->nQPn5Dj*Bt-SQwTtygG$fC_x9sBS?+kK7z50gq;!UchL&B=0$PUuAtok9Ku7gB`jU*G3dsqq37r1y#$%}|jepyWfgj-F0K{a^g8BGZoi&|<8>05TuO z0`taJdVc*dqqlGGr9Trq-Ax9_jDv$C3XB00pV|in4O71>k{RIx<@yWkJ%fZ3 z63wYSf4-i#5+*X+1S=z^p$YEldZ3&lPJt+T+e3M^=UKCd1Sj&fp&NVZbQW z`^xp(w{JIq2j#vj>;SsuIJd{l%uFrqAqu=D5WZ@`GY;4HM$-iW0KRCAs zY(h>&h2$1H$HyPwxuvg83}fQrV2TtEV9{_+mh<-P&f#G@;3!_ZKMyvw+<+2x{rWY` z9rh_XS!cVV+-i!lp`k&u%9a^;qpFtHkJnp917Gez<~4u1{TRSLUhJa)Xoe_oVhChB z%)?T~iww}z*(nNM*N%Sc3DbP_%3!SEwPuk%igEAffbnt7=^95o?F!3#u-)Z_dQcIH z4Lb>8)i-Y5lsD-(0s@63fHASL%{@JMo0H{!I^0+YAU?>)?CR-}2O`lCM)%=Kk}xw1 z3n~~YfZd@_k$qQA95U*(gv5&1b;Ajvg^j5K?IpOkfp+ethPvB2#_tGeiH(?+5!;XHawm>AM2SK zv-tAJpGKPXZbC-aPT^;K08<& z!PC&t*xB2A4@0%(N-jYAG|Nm$YMi$T6P3R+5UTaUlQD=p4D|J-^1sD(146o8Avm1( zsNGcTt8Mn)3TOS%vf5)uZ5g?Z|qHrC9Yr-8`!0N9Iv{L9}uU!UJ0@A~-@ zoRYlBY7j5U$i^opp{|+rP*75`@bQrZ1_s(XItHla_?MRp{p#&ief26BnAi;-9wMl9 zeo#<+en^aFkC=~7P06#zq9PtWdK3vVN0=fS4^N?6SZU2m^ECp=?lHxDjU|8#fSAYJ zJq(qw z#Mn5D^C&7}>b!n!ammla&JM&rk7RnpTnIwYamy=1EeHA!4hRaJZfv*UYa1JuRW&u{ zb90VA`};pU%6#wVCm&`792F2MM5Nc7tqpai@|2{;8kb!bB$F>IE5js`7=YS3(7#j< zv=vYb0T$K=T7#;xGIBZWP0@9%*up2T|I_szJ$bBj@1E-Kz^=w5B?gw@>;N z2(2S(ap0;7D&OE^V`1H}k#M%?NkmSL2%|FxQgoz!Ex+A8_J!E>rcC)g3Gbou=y+x! zuFH2Ke(;ysgHof!6P=C?5n1w9HPC>dQeJI3NKz!MjM=NeYFQoF%JFdq8vZ z1}xxfBMJAeJo29ZtM^CZ;gJ5@DnN9Vx+m51dCfn|x5{Mzz|dR`>bs5KzD0rsKwc<_3(y?hHbY>I zt7+c`-C1~29*t&L4tZ8Ko-Bp{8^A)yW~vzges4>3tr>N$TYgevLR!R?R@H2pRk}{+i=cv5^{2X0AA)yjqjE)jr&u>=I8Z8X#_B{ zRMIdJ@D%!|d&^LFnn5@YJvng!p$sX)MYBGUv$f^b^*Vj4Q|Ce=`{KdnMrl9Dm(LC7 z0E@LtY}fh0g^(~0y73eH0pvlbWGe|v&>_OFoL)&36n}UMwuChA zE1Lb4ekDLcPz^psN2{u;rk6It%R``i62q$`EztCdVb{sno_?{JYasH(N3O}+IYLmO z&)du}tP|9$ultQ2tK#|j`5?WA10|vtcff|$;b zD$rJ%=jNCY`oLCr8ctBDcy#^c(wqEo$aX-0X9i>i5UPAjB~vZEu8tl!!?Qc&t3#Q1 zH4gvw1~&h57(&iHL2{5@0^;MTK*L5s(1v~QyZpIqhol!L%kg?e@0JwH%tvrxIV?~{=`P11 za)Pe78O?$$El*ERkL-sJd?;xFa8B5_wz!P9PyB_UV_orbi&9XgxM2l7Q+Ta6Icy1c2QK#BRR`Wa6xDXAiQCI&8eUcBEiZKLSwp;OSFE z&}^NyXTyMFk=Rw!|Nj024S^K>kd6S{9~T$*i$-p-_qEq1zZ8EWzL=QU9d>rPhYxY` z^73qtw_a~nb%LuPQxpbDhh~F^7=T-SGqYe}tI4L}VRF*oZ?m1qcis*fze7S;S@ym& z>d$oJ61FyUzfP?~icIG=-rn9IuMzf39n%9!LNr0|hAPiM$*mI6cXoERIO9Br zfk29+qobqL!j{y?_|Ho7qD6)A+Z++HM7G){|34h6!p4yatu;dH#dL2@n7#s zren@XXzM{$YB}F-j3A&BhA>e#(N>=4Nb5Xhre1UWBhZwI*xSA3rxl>cxP)}dNh zSmbFIf9TO z?cfeV9|UP+X$1=fNtyM576GMoc+SZ9pHo+i4tyXlFVCq}hTR##)Ct0%V@0{?Ao8VB zBzjiW&KZh2QJ|2 zIi#AC`8Xb_RPzc82j=E-fZYQHcQm1w71_-?ON%Ss-@1MKiHoa{`?M7bLR~{cF8vwk zIx-Fnux98h1V51QD9Akib6ogdNlE7z*(*A5$`X}Fzle|TKS0Ls>TbmcWQhI0UX$I7 ziU=My6|9Q#A`1v;zjOEQy|D)4@~1vO5?PH_Lg-`Dp~vx@l_C0dqk zqqjG?xk;p@b-@qwn{KIVCNn{<;K9qcZ*PALd5r8YWNg<2*P{*KBzb&0_b_4x9SyI# z+IcX`IYOx%51x!gZUk4v$%!8!3|RdBMyv%fBALk`(&LsP^7>0#Gm_}&Co&(`{!@je zQ76xCvPn?Anh=YyWC~+Mrpe+W>0pJ`dPl)$o$ggEi{|;#ZpLr~(4NI||~E-#jp~HvZW1^{bMabH<0RPoGG; zxPH<7_pj+#`z|hi`mew0esnv27g#up8)}zPiBg54$hPMHh%Ke|rWmhcA7#qHK0vfG zM@gP(?@dQ&lEL~i@YiK&Sgfzcl`ZT+hIHvnYf&I;!8H%~3cR{WIkE6M} z`_cJ0_%HeZ1Y+tXxZ3kyqw4z=ss|3pQl6IA!lUt(XxfuH!cCr-$%9-0-efB?k1Y(~M& za{XphPR$~O>{1!h-T=Aq^U<+thT=k3)J=jPrNT(r65tjJBF*!N=HlW4=qrkVfB=xn z$5{kn$Yw6(exv~WGGpX)?6@4-38XuqKs}37`45B!zY_QeCQS^7Q7(=>$ru=B?i@nl z&-nd~xdajqXq-RjH4T?XQ{Sf#J>Qy`tY75mHD3Ali-812$)z=no}W8Z<7ffy9IPA6 zjX(hC@Cvu>+Hj6yA(Lrx1sIErK&pqXKmvCb6%!LGGZV+f!`uDImNq|OlGeW6cpVPj ztieRd+dEubPzX>ZB_)gC6UCXV%*@-sb$1`QiRI4qgG%F9UoYhb!rD3$vhJ(`X!Sc9 zp>~|k1>p(=nO0vkEZY31@B*{W6E`t;5X%rgfH1!TrU{CO7z+#m#x)PxocJ;vLJ-tv z15n&fRx=_Xr!f&owMeVdIt)q*7;yBkX>CZj46pbZ3|NcEZ@m&Qar3^rL36ie-Aom6#^(ffuRwPfis&zYL2Z-{)t=Z1-zs~|d ztH5WHrhlIG6y8p~_v#f5C8ws(z`!%hi4qJzF7kk7hRucS?Cfm8qJWq54QK0Ic|}AD z%j=*r>R$Cj2?uxQJt)qtot;>Pb$i#y-!t%HWU*tHXWxbV8L`R3=%LW$EWzHp0_Do~ zRi8f_o6oA1@^jgYDfSGn%lf5j^ogk?eosI%|4#8&k_DIL<9st3ecxX@^dw=fe zPn^4^?n@?1<&_`3p|i2rE38xKxcq>@YVwAIUSHyBW z5|qGF@KsV>|I(ZtZH9n{lpj{_cDM*52shc;KSJ#8!lwWIv2s>{27V(cC8Z*aLlDpk z&d*(6i9nM|=r#VXlGXFIy1jpXtrDoY*? zKd-8)vW1o=U^81s&&=7lzj3xd)ZB~$ok`byQ)sH;0}+!k=s=+i5^)Cy4#_Enm(PE7 zbs0gGZsu#ud7X1X zRrX?u6SppA#8L%c(eg@e4Wpn#5a*a6nh2eYN>FL%dE z?lhrka>gZDGm(&>H0><3PE^~ofoZ~e73Pp6Ky@+%dA~yDXu^t~S04cze(TPiAW(gGfu{T??m!4kg0u$H5=n{x zMXl5y&!Xu!`JjNc@R3oU8OP+Jr{L3u6Z0^t{cr016I{ZQQS4zvx$-p@y7pdtX0>K_LJ(-$ChY z>*$yrb@i-=BBjrthzu40RY<#?Q@bMc$BSH23W|0(B-~*=C?gs01t1g9khP^x=Fwoi z@g_9CvsAJ`j74ui^ABU8=|4Ls}7QWw4|`>2)j+7BL?V0?(6t zV!cK|;SXVor0e7z z5pccble*KtNfjkjoSOPmUVz0E8@(>^TX{pF2vc)ul@;ZKS(CvBb3s$bF)`%G6@W5a z!XSTC4EI1v&K+Ow`B}~Zdm?BWhunHn>Ae&tg1iDQ1v@nqPZ2dWHRKMfgeWO#A%V9Mt3y(70tnzkR!92zlh1$^k`30HK{064bR>{Ytp@HJi$P8c22i zk5;$rU;=A6Th$ND8~F7r@}ME{CH2B@S{bScGoZ$&=JkO}&2K)OjT-;DKu2tdJU3*n_T0H-H)v`3UthJ1>A30fWlB= z1=FMU8%s+|hUXK#y56u2i}mTbHt517@XCSE3z2lo^@Fwn5tQi*jE%;FWiWlgW0JS^SLlEeSig& zcmimt-@NJobVEi>-38sPJ6c8hXJ3j0OfU7mP&_*IzQisF3c7G4?~#gvUylRRDhySW zZ3Qr=W?t)U1z-zsuBtMrw{P9@S7LPa2UG2@ zrf!MRPswZ9zso?hF+L{`GRFN*YE>|&*0d@j8Z-erXj$|N4A$FqSI3RlufHsDXKyq}Lnem%=nx~* z>r&;n_tiertmpA-kZ^(xsA1q$q~Ei|+d1=5Y>l5rNYDe-yKzxn8#qG9InsQMsg+J9 zZzG6XaAhL(yf0%HT0a0hk%acz)z#I+iw}Xv8XXM7n$fYb?NH1oAXT2Mo5PR*#N!(f z699|D1XT~1_BOTuWOzVN?c1%kU1;Ho_}ShL5QAI4SQ9Qa|1T@;FKqAvpaJOni}UkM zFypj;c~b_aSXge}gi>Ju5(2%Hn_y>=II{;TL)Z;6{3gBmLh zRmjN5h}WP69ilDLVhUUuB=SLS0L{rI=sI*^WhR@e@;@5(e#41*&g*f=vd2Y`&6)zVT(sR$WG*`$nyC?k0l9e4owq(zckeOLoq3pPim+NzV z9{2D5j^FopKkoaF&*Rg@={(=(`~7-7$8j9bkG#dKi(@Cb}I;jiiE^2w5;P3 z6RH0Gps;a4fSmY1tz~Q(9MadhvNQ>`s@?A$PG0jBp4qcEjo_HZ1C~r z3S3at_z@$#gj6jKvlAJVCngYP;hI%mNv~_~=x~4Zh%A{~YZ9;uS~!dy0ZEH5{QN*l zB5d6Tku+PpzHsD)J|Jdsa^WD?GTJCfV{DN7-WqMM0Pl!`ZI_diQ^*mUP2dOH;>Pq$ zLk^hvh*=GEkBupvI<*#GlSeaKsBHFeB7$^vu;^w61_n|s0aPyn!bBk?Z{Q&dRur5N zwsK@>Y&A7*L&STnl{Y8#H8huz{&r06*Mv7=ZA)jns;7L z9jX{g)jrl{&JBo67d?phcrh)04Qcd^oSJStMZ^W)$B$heK3t=hHXH3DSLxYg$c{wQ z>=*{A5&9@s7Z;by^Ju=>+uKdQC?Nnq_(I;kOnI>Y+XUeKDLJ{+KWEbF*qE8a#CaPT zn(VfL*$4ChR9J6Fwlb2W z?XP-StM;mWtgKVq!^XFM{MrGrs^?Pr!_2D2M!_!o5z{_264QRb1QUdjq4uL8CMY`$gBSG(s ze2#DS#HTIQ-E-A^OWv36Y~SKaan;Ec zrjzWtnW}r!(yIK{6?PQ}%};Zmf=ttmF0=g48m@DtVJK-+)DgT-E@m+{;R3gwmB2Q6>N4-JzVM*UbOtW>SvUAnbg35B{p79r z-dG$j&oq#vVYJJHPH_grWaJ{}^`i+j< znw%463HbjlTXObElfQE7pkrOWr>4}t1U=Libv;FXof3RJlKi?wk%h41(!z3nv=z_mD#WO&9@e<4zDFTs+YC|RDp@bWI zw}5bD)l=+#xeCRl0Z?$j{dFl0qwQIkUK#fuBF}aW_2mK2lv?~o#L6Trq+X-RL2gr%ntzZA)!w0sqY;+oesCobtKugLC zUN8~}1M2TItHCoU-AQ{6DGZ6q4k$qV_Mi8Fc;_LSe&3*=N?n5KnZ&hdhQE4=sL1?_B~HKjT$&3tfRdhiy>3f8FUM2#F-s` z5v5=HfiOwO!w}(NnY=3OKXT|$-;5L5Q=V<>aZ&i_dQ42Tna1FelwZ+IxnB-0j1*J2 z`46vcC#VYYSNG6R@R*a2#MJgK=Oqcfv_NRoclCz6!kpfTcz>AIVEUu%y zkwvqO47TDW*2G)Wjv)MB$ISv#@S!jcLv^v0pfL@=k;F3{QNHbfbkccYd<{CZ>P!h> zj$}9?(~()+mhXD$qi~fdIV7A`ds~8K`AE*W;d}KC49H;rf}<{KY-}7&U5#jkm_sKAyc5|2U9YO|5wsjPy2n zi6bVKOSyKwI6yYme+YIS{h{T^x=)@aYo9q&YN*KTy`KcnMSkd``0VU^M@IaI0^3eT zm7nMvr;Ty*^en@Sh?yC0`>6TEa=J1NeMO6M#U|>*M z_f#}WewO}LJ^8XKM;D{yzmD`*po2fD;uQX{{Qmu_cR5CXk@(+dYBg;>s8ZC=x-SR0 zR!nTi(~6uoo+Kh~ITEPQ`Mjp$q{^-Eho`Vhq4TBAxk!GK^0cCDCu+atKkDnRa(C5S zPAcuuuPXI!kA#y8`*(u5Fw7zVa>cXc?zQbDn%0|^x8`&40DWhyWdNZw-lX`M`@4t{xjz(rwPGk9T z#d!!zqdoBlsCzE__$mN(o;?X)qScbMF7j+U6DFyst<4G?2mx}-&YebWdT6#FuO^bn z`ZRqdQn@2kjmp_CznKT#%n6t`1r64HK=oFD)OHP_ISuSh0}P1$j38gEozjxAas7Hs z=Tf<#FHZ%AAUWGd>ooIq4F&O;ct_Zw$lf8S_sFCR%?=tyAbTqj&7$!=NrXepCw+s) zEMf+@i*pEK1b#&O3c`SEVv*eN*(2{lo~!1v2q4BnjPvo$wG#wx26$yMwD9N8x=oun z4jp=qt;>)38Vn^uLQ7z5Y?;;!P4F%N3#o`~`mIUZGw5T{+W26m!@PD>Mn z$aD}r2sSUl^zg${2#OQ{JR|F(oN0esgEuKM7C8s-;MLG}T$FFY7LsWhSe@rbL4xVi#1RMc|5pErT0~62~4RAeLyiy-# zrL$*gP#>(hig&#K;6W-RC;*1!Kzmtfsxu?BJI?+33Q`P7@IKx^namyx6AguLL8kV4 zUq}dE$#^jm90Cad@a&^jV?BTm873P(kS^>KP+br!^zViNNwhk7KYFzH@ZlhIHEoiZ z_+f!ioPredV8f0gKnCvK-q8r@8Dp)6pA$|a)}cjQiBUQNHM)LWNp{!troo=qd%;|M zZ;V-aHs4`(*ASGWB*#$z-|HfK40jbU%a(=AibzQ09kpKdf5UsSkdi1EazeYf+J)38 zm~(`{r3UQ94YYISCKFxKBPc)&3Ii=@=z3>%P--tPDJ2pR`&ECfX0 z*TF$qNID-}1JunIr~r9!5Mo*eV*2$@KV_iHz7Bw#P-aq6QVx!evuKnNX9qAQ1z2MO z^CA|*E&N#4$Unu#B9rB8K6J8bWGlDRdaz47VVDb;OaR(dj8hmBINu6#9Wv&N8esKN z%(NH}4OR!%~vm>&Z>$d$U>y`{=$@wzP)6~JE_WzL@MKhAA#H6y}g)|&9KvPv)I z;v4luR4{Zm>_6~9nOlO1SsR<_%R|5^biqnDOT?N@55`0Nup zFyXGKP+R{`NNf#Jkhv}6>!~#%w#UaAQZA~jUCX7px1XV6c=(}FQ}>Mfxr;oE zzT`UgnIe+Xaw?r03SZ-y;LU1Ztn}x0x_i5`%j?(QUd0_Jan;m(?$-|1Y34|$yu(N! z;RRDaWjN1-4lK;BM_#=uV29LvLC2ct6BcNrkYGhPuct?!6M3^?x+FLnj*%hLDUY{W! z@9|vAo>YSWG2#9Xn-fbh{?q^JQ+kKasr>7oG5jIE01TNOzDHYBLYr143_5U*+Q5k1Frr8-PFpD&`R8%9^L4It`0N(%+NQG=7A7ls>xa} z(5SuvvWdtO5aEbK@d}YYccPM;LfW32-y2*>({}sU4GMAtvU@J-1t6pmXPuYZuM&Z+ zc4$VKY`a%zxa2A$v;qLh7z5OY%t9fP41l<6(SUtx&k_VsN6Fs|HuQqW1R3$81n^#oM%;wj?JhFWBsxXQ@t%|2 zUnE|E61$Gs4h$msg5-D{8X6jZB^7Y%Q)~xFdG8oS7+chrYX37bcw2;tFC_cg6!Ce@qy*6LLbo*+f&k00*^oUW|1Iy$Km5vrPJEs&BsxwFIzGKml<_^>UgODt|LO8k= zK$KZ3G$mVE6**{^=9&wLY=m$(Nt&I1>YNupKnr!ueJeXu=U)L-Zh!C|VvW_8gKy&9 zw~=+adNY#($~5EoBZm(^!K~S}?S$LH^RPth!VSEHX&E5PZ%iUDh~&-G_dW1uDg6-7#RAcvN69^ihTpf*z%J8~YzH{Xs$o$Ds^2 znTL?l9KHb*f|Z~S29kUGPFwJ^XW&xNk-0*&`55=OG4>p1Ti;G{=Zh}z&>B&2!H)o! zkp3C7v=EJd#9km%d*ZP9La~KSUe?^)e2Y1($xs*lH%4HAzEbcc>`;%axY6>41$#IK z%LXcpM<{?vA&;9(sQ#rtW6oCTSjpi>O%l(BQ(bYIWj`0Ka1FQ<%G0x0JtXP`3h07d z{-<}%I>=xTgddxW2$Oq4@FdWLZY3=*o4JW%~B-0?n7g7d9IA&>>ErH;Ft;LpL%j#=p!+%ADN zdicIp2b3`RW|*!m5NK)Q{0F)+Av`iDdvwCng`uVQEO`=d8s8+RuCDIgk4V=~mKK&N z$WQQ-mX`(UDl1v{?OS){N|*SM9E?Sv2?#pi#N9mo0i4Fg?3?>gnBVgMdyU1M31b1$ zn(tda)WOr&vHepjgxsy8R@G+n!6r7Gu(Fvj4ggFGs6(`)uC9)^SwL2{EO>Q!@W?ru z){$VOCZx4K#Q1{5W9MD% zcKo@eBeg*jwIXMk}^$k$5az8GCj>y%cs4LHi(9c!DAct zyjgp%Pr_NLZ}#2#%h`TM(UXndI!E5w<7DDPLmKC=tQHJCsJiSAOJfoQlkxmax4*s5 z=~ylhwE^L6gdYnU-jgbe61!O=Ue%sWH~iRP`he7-n#$>hG|I~LCsn5KyQfKed%u6T z$P6aW#Zt}I?)KxG{c^s3j!F;9F=wyPsb!P11HWRmajod{Y7M!(SGTK?rNL0K`MLwH zr;oX+sVV(bsHdYCf9wp?_)}Z{z>+Iwy+6n5b^0yt#YEg&xin`Z|3f4%EboZ7#oh^? zya#W2k_Jf0cWMOye4bDgMxhn*yJM7N;Oy$R!9__wKOF5`VL5R(z}%WQ`wo;*$pZFM#t@nmBD5;& z{O*hSe+3q#($D9l4c4|)-?f@k}I9D8#&>CIFqB}}ZE9U*~-Y+fEXrB}7-aoOh3 z>t&@YPkwm-M#&38FEZXwK?8prR}K7-^7cmkUCbA|LwiEfB!|NDqv(a#t4`^MITD3m ztY(e~^aH{`n69EAB^c;&rr}1n_tygq)#gObC*_%rqeUYD76P^FZG9Jf28-|c>;Z0-EnVU5N z*p&$Y?;WGfl-)p9pwMLpTmju(OTK_CW0{&V~=% z(;C-P@AWNwG{3#c^jgmS7uqQUS&r9EpE;w4ZiIq8Bw3aX745PX6qO*MC{TZv)${9r zKBL6j^0e#Ty?e3v5HzK=DeWJ6zs%?M_VjR_i{3z?->-TV+M4Q6iC}WeUmjc8{iScG zX8tyU!vtyXa8KxX%}A*l7{1yzCuI`W@%3Ts+|^4?v$Jd4J}*_IiXE{uzCxGE`3WVb zcDlMr7<|2aQH5Ik>^|o7=eHUutkE9*oScM(*2)ijfHR&eaG>5*1lNw6P{VI%8v*nu z1$Yu3$=$FpW}s&d02(mc3aV)x5UyEhXAj*P-i|IAggfMfcBp7PhG$5~r#=BdCCEYI zd9E$Z)3Su_8+~Gr#I@|db$1{A{jf^VZhVhIKGVt1&q#v<>E71u+n-;z1MriDLS+VG zkau9CC}0y(62pXzwxL|t$J8)PNgg9aHDIAR=${7G5=_1o{)=o%XfWW+@e%|4L>7W5 zMF=U#My|K%gBim(Sf$93`Mxf73z)utL&eTic0Y?7`*uh(u zSqn*-Kh$IZ+3eN2LdZ6m4lSyMz-l?gFAhp~u19%cQs>UI7E0{P$wIkWQyK=i4ak!> z6IIDS{sRrzfgID+1hW11KbZ+o&1Fr`f!Vg{n{GmO_SZ$O z-Q>$I_v}sHW(~Y&Us$R3>2RIX=l)J+mHzuJhi58sIyR7EAgAZw%xiwkiO7hEmBLI3 zwTn`lJ4d3)8m5Z})NT8EU?p9Xy~5~snsuP`DT|9ytp!((5#V}}z#1X^l4%{JlS2Zmnlu0ty$wCbhJon zuQZk4x}Thd1wt`OvQ|@%mzmXl4*z0W1FGCl|LdR307(D!PpSWJ_}Bl6zO_2&ah$<{ zsW!Fsh?t|$!Mfk);{w9vmr8%_YDndZV<4Bxdf^+3<@>>}3)v%wX!A$v95?&bSOq_Q zczvCt*~SMe@*Z@GpOQIwl6e1MwPL7{uyaoA4=M zEL%4aYAm8@JE)o6ZrO%{1(HI$#@|G(4Ck&)9+F)~9bKKo>|2Ll&P|27);2P#&@PMRQ07EZF_FqT!Kl~+q=vf=~ zojYj3ZLg~VWfP2_$|M-QEC7u|mVImSvR)Wob)ySUKOhg`)mbrY2+J|gf?FM#Z*be_4LzqVI!pMQ-Q882W<#8DsU?`2*AOXz&$-gubHjhdX{a zq^eKAqPBk4N0p4YjE2Uf3QDu%(C%PpJ{C@rKA=%hlrWgq)9E69}Z~+i90?=RgktnsQlXwVI4v279lgh6v-;rQH1WH3X{F&_h#}jp3 z{Vg#kK+*&>B833y=Rval#3io_7C%f;LevC*Ss4*Q_j>mC^)axP-S20<)c{Jb98}8c&&T>>fvR4gTwcf_Up(W6d`El0EazVm_s;DwzZ$UzLmMb$ zuoc%mcc7Wf3AqseN&tY$0Ab*iNO+*{&B>4h$nu^~)xkjIGs$v{_t3(^H`1!9V5e{-q;3T;CP2Ssz2r6WYf zL_5Ca4Uty?<~=yNG}c?q>jIhm6Tk$6&nZuzKR*TSKe=uQ45F~8#ilH7Wh^x-f6UNZ zQ$G9~?-hb+0W2zpcS&f~C(%E=u^zer{XsGC6f%%tGGsPP^x`ctHfBxCWG0O;O3+P! znw!J~J&16nUAvc_*jy&hw3pt%Emso^8N_hj0GFt`L3P71k+_lo;LLO_9~!%s>kow_ zRWpYV3irO8e4v`uLBhntPs6PuzplQyS+v>lj-B1N@P{aKGJNZHN(R1#L*W6P zDnQ*ENrOA1BO`yJNwI{O0pLhEfH*qq`GOkqw4swFW z9sqfQX3jH6PSP;Bg1VU8C<^tb&zNB#R<3|m@u^vJMN9E}-A`2Wy7WOr!l znGYNb4?Wx8RMnR?3Z%Bo7z)Ypo?Uf^NDpOD|7sNlIYJz}ap}2~v*h_W)o?ssbS!Nd zOiWCWOb2p?+ETe-j%qS&X(8t5P*nhL9Wql5P-cSeQ;^37U@VmNeH<<|w9L%R7|kif zFA1a!Y)^!UO0a4R)A#sGsAEdmhy)+des_!l8jYIb{PkP04|{=?QY9&x?-082c%-xF zZpLqtb>?}oI85#R>Jr;+#l(QeV*2V4FzMFMHmy)W*FbIoc=1uJz?oD*9fRf*eFkh?ue+y9Ix6qheQ3@3bLd1@*6hl%w62TiVhqw9x-PCX z$D#n(f`Yw@{szu-0lf?vW&g!|Fy%1WtHHB8rKkvKx36X3!cf|d2k#LappiZJF<2dn zX}nxaW(GaqJGjRn+v1@Ne8J6r8W?C-rTiY)B)D`g=_;5q(qNKz z>U5Y?1P5-VU>Ss7O}{qetJKo$W=LAl3iRUq6{D_&IW|GTr$|G}ajN@rI2Q1=PK}HG zEgSjjBR#dNVe1DM(Xg-=V>xMI-3(Xv#A|oNY2gsQ#Wl27s<_^=Y?K5) zYDBO!muLcLpHeSb5;oJVJtvh{e~BGdnD~$KEB{qp_`i|$WgfYGU2*L9#`W>L@d2zV zj|L=D=Dnv1B53Sl{FmRk>*>MekNE#fQ25V<*JQohpBk-8R_f{U8 z4tU?(RorhYcsk&KYOGfDyC6=LVFAIki-(Pl%x5rj3JXirnFPJHdpx*Wgi}()J*!c4 zeB#}iciHr9QX0NFhG;)$4NA=RYG(9hHm0S`Lixv zE}3X9=i7k(luwJprrmU6&Bu-pHQV+$cQ`$&e#9dnC=jb2aoIvhIkH93)`Y)oQ}NkE znM(?`ed=R9KNRNmhiI9Di(hU!CuTpv%DE{_zhU7R^%Kjwd5a3I=p`HBjT)9$1>K_FUd|!s;Yi!dZl{ahk1s8mN-tV&HBx^tGVisb zp`^)OX>jAqGmVC;l6p}bN8t4t7-4ao0j9iuY>)KlHLP|IXKh72nQaBe5=Em29%j)6 z+)QM#`>Q-#aja}Sd 4)fZ+Z$+h0$wJjbZ=Yvr#=qg7&lQd0$1!?8e{&Aq3C8)< z=jB>8ouE>L>nkB6NYRDjqqKm{S7R2BNXtQcf5dHPFX01hb(GnP_7y@V=NgkN(^6B3 zuMFWNp%#Vx!2?ouMaB#|`lPxoND=LeXbMMLEZZQ2?es2=TR7LoF_p(g432Rf?c@S0 zjNN}7^BZWLz`*EXP6=W>X7odR$fw<3n8(nuOu*_)1#uUHbJfs*lZun5=uozUP$Asl zBq(O0|Iq1Q5CKp)MTm#Wg;#3f&V5_KBci(x`cc-s!6y=G z2Y*c7hjl2c+wPv|= zY4s6NCT*R%WOK_~d$m8XbT6&!i!d2k|F{+O0!+h7bp*z%1?%|m=g_cfi0#yfIcF;{IlEA-25tTGh{$JE#842ez$0a8yrE z55r6M7V;HPZ`F`)D&bdS-D^*phQ(y= z46ELKHCQ3Te$w~&`p4!Y8IfSRan!(jfU>8d;3Vwr@<47G9@H-AoGyV>+Onm2QJ?ql zVMdUGD9GwgY?dfS6HjymWzpUx?f=}Zco(~qIKCIlyz^a8Uz+=iM`B+VDr zbL-wYf0nMq=-9efrBt`Jx@})ydR2`lrFiQ`Ee)Pyz2~j+jwu=|Yp+WwZdu30v7di` zDc96i+MObFB~(SM?>@P9F)y^Z(On9X>8hLjS)2xKY)DPu3mg4`5Rl&cu{znYY~aEV zP5gS7#KZ#_k%2Q+J-QsMBUny74+$?T_ z_h|Upk7!;p%(^x~!Lf1iQ4o9B+&xZr!pKH; zo9T|g-q^odS47Isug=!pb8-vJ0RWxvIDC_9Gqa=)Y%?in+FQ<1UH$)sF z;s8QDJTj66?_x~oMWdy~z~7tlK@MpHdzQ^Rokboy-2Q9gmv4Mzl%f2)+ybRE;KPvi zn=dUo5_vNec-Hg6j9#P3=q_8n3^?U}Y_yX&V1Ju$zJS8P!C}|wcGbj05wH;%#3wfv zgv@6}Be&+}#yfqDY>%&;S=asJijAk=Al?o`Iy%5>;ala6P6fiZQoI_=6klrKonD%O z5FL_-vS`_KLc*RH)s{jZytYHQ$snkJSj zAm{n;(T1-zKMv)z3`M_5|MEz@F~AR9NIf1acwxc{u5StK>9=Nw7xD^uoa7f=y(O|*ORL|@$z&A$hjh^-UWs>wL{$CT0@4ccZNei5ZEz1y27sb0P&j2SI)njCXvxEsKPl`6 zd{u2m+ruG5AtE4j`ybJAIjrHmZ(CoflWsc2cAC{p`g&Y-Ys>j(dc~3ols#hmgk|R% z8i4-cmOh8w>S#Km@mI{>L0p7h<2}?+NLcjGeO|oSjT`m~iw%fDn)%n`7!{1upq)f6 z?*-Zce^jg8ZIIq$CzFOeLDYWZB~`xunr-PV>9e*;{X6~RFLamo+qb`S@cHC-v#74C z#KhZz)<)gywb=_2g)+Y;U@kF z?3Fe!m^5`Pa>|oFFuz}nX-mM!^y32f2JanimVaxP>6B8H_T~*CzX+d0BxV4x(8GVn z2`AVgST@@F`VRvGFM0P)#O-wP^4f^0ReJ30RjGQ>P?9Rgs#0=cJC~rI?t${)+udSN zGZrw3gIdlTo1W3@0g5|i04dsGVKhwZK!I8U9` zjg54A%6Reo1^?TQ6A>5U`2__(w7fI#GEP@N0JJc>mSK;G$TMJ0ePW6;zbwe~0VI09 zo92Y+9eG3R%8dJleTT$Cou`G`)aiHdMIX>&&O2xLniu|6qLH2wWJGyy$XYTn91$KSoo7zY8=XNeBrvz8sCYZu?&T! zr4O9`%+=$$uiFFn__gCcdyn<4ziMO@Jousu4)FJBmgodFaNuv&vi#yW7D@j9{>R|I ze3yTB+-$4#@*A$rJB>q8|Em{Ggq&ijEaa669VknGm}TA1^5B8%{P(oMit_Tv3wis0 zE&en){M+;bs~veSS9W|#)bK$6JkN_A)eoN@{#caAq_>TOZi4gXq<`SLpklf+OxZ;Z zf$tCHUfO-6EROx$HT>Btn!Rpxul!!D%aLgmvA)q3#ZMpa$6N1v%F2J8{)Z$hj^Uu? zi>~xbaL4NmLL<+1)G`WMHEvzMX9b*)`27Lf^%rJhz9BpIP z&F5*7A9kHs)b8?5D=ssbXg3QNh;p>y{F2}G?vWA4eHQ_0*2c!Sk0vh5)MWd|>O@qE zY8Lyi*)V;vXyAk7_Fy^LeOe}yoF=_LT)BpKs-AEaXm(=jwY)jnboZP6xWgyieKw}W z=6@y}x0%eHqB=cZIp1H_IODiTo7g_2oMkvG-l(Hj6mZU|&m#9h(n^g0i;b?fc_p#E zRUB^O&J!FqY)mP?zr7udcFg&rQ_GYi6QAK-vj1G-1z7W|YOKrW zLi~Z0h2o*_7VWeuPaFC97IM~w9^MtoR+F|OQqfxe!U*F-f2Jx4%x3^2E@^7=N1Z-V zu=K|V+2h;PL+JSt8ni>bXxPWDsfw?5{U*AB{=vynL6|FO3>d$X+{4sdBvp_yVHm$TY-jqfcAyjO&iihl$dWI0^G`d9b*HLQT=&N zif*qE;dDA96CD;7MIEMf*FJWpT*|w}o;Ps@(-Ek8cO5c!G0UHQfR11S(V3Phl>W_^ z*4BCu5KkmnSQc3@ufAQ(axbC(JM)5}D#V;t3&Y}$u)s3Ml~IawBFc2h)kSe=29P#! zj@EkU*Vnwn1k?gN4p!}fg%gNp_yv%r3*V_9s2ss;QJ>UfGy+Q8yD;v8g);Q`-po>) zbi4+LIs=lftuBz=l5_=dZyZiZu*IPe-6e5BUKNrz!+8X!wcd&UK)KkT^RVUHU*4ky zmxn0=!NiJ7Pi+6U6v0{G<@7C!LV{y=dW9rY?`!cIh~;KMfqFUxXXlEk0X zPTzK%`N@I=KY-=|DMtVw1s1~1!$TWxUc^8MmD9O&!}B<0;uHcuQQ#p*VRHMLnOPl5 zBJeT94gxG$Q^KamRu*ax44K*wo&VWQ4x|T9@g}C&+JUj{2 zwU=@kg9=6pUw?mL-L_)!p*)XEwI>v|Smdk{61%-*K7dKUfjOJt#t&E9Fu?O)zkNG} z&de6~4kE}XbPo$)F+hMZq^s9}JS9^%&Jl)6A~6~vOYYUlAhjA#OLkpAz(J(XL$mHAaEi+7NtV!X;2(^O8xK)A%n_jF9;fr zTXlAS+UQGRQBm3Ov*c_I6mmqHi~0`G{8QXq|B~+>YSnJBOkz~0XO6fCW%6AMUJBpJ z&21ky{C!^bJ5a4N;Y0H}#k;+?>WNJ%{C)ln?Nt#ben zKnxx?VH1fW_R;qD5WG-_sAQz4M?t-g{_reZe9%v)ym|8y@DlbH{lzh3fIaU&ee%Ns zMwtf1S5;HyI^~PW3N)>er)d#0;51P^e%r}N9{U}Y8=h`Q7>HVm6ui-3_;n2}plbXD zFG9O&jFL{MjJRigPVC=wOj$^2%@ZY`qfTP%F7eJC2U0AFXASx!J^_J-yl9nJI8Bk$ zMaU)uW;Xe)o{f(BWGI_UUB2o6(m!Q;i}3M1MvwEofj&A9;foyH03wVGDc~lR)Th`g z8PTvx!4B>kC^k6M?Z(Ne#5sO`B3oG#!m$qP&9Sl>l&NG3kAgI7Zq{~Qt_w6@j$ovp2b z7##tibpjkAv4bT8PhY;MiwbMu-lMdClaWztVf=S9hFQIB*hmOMaPKdytn>go|3lMe ze2)M8K;Ec9vFhgN1K)$MQ)@(=K4}nYGgtJ{FdYMbgscaHSBQ>&yQt}9Zz1e2%o{La zfD@pTH;x{d9_uQ@R5rH8x6zAvh-;#z?S=RO_P-^9IkH|0I$=af1YKrW|HF+0;wt#J zE_29vU*yp%;~cNOBnVVh#g`8rT+I6QeT_$hzPJ&_Ctx=Y`;3I(wuu}qC(nmC?aMKvef6fYuaq(7^AzQ; z#3RT1AkSth}0L%&*+OiG=9Pz3oVhy|k!HNjz zvFV}!EGvYH2V$X3%#2?LnRK%Zdgpqq2i(;M$NeXi zH)n_Vmz+EF<1eREi5~3gMT-_09ZBo7cu*^%-Q)6S$h=qJ{ESHOm~j4NI&vgumjMQ_ zN&3biPcRlHJQbse@!CRSr-dM3&BhKTML2Mf>}D1tx)PYw`|lqr`-@oXqLnOxbKy-k zrn$EaFe!z6YZfE@=2qNuS)R^GB4eL9(Yk#~O@3k&c|Zd|;z9%Yv zPTyPe72OuvAHA!2T3n2t&(&75pF#TB{U@7PudGJPPm&P<$iXhGKs;p7WJkxMl(oYm z_(;HAKgq|>ACA0i-16oa)hU+ywx<&{b1vLH#Ud9Rn6=Kv ztn{Vb6F9_F98j+-FPEO&8<-<{osYZJOO$u#`t|E!rKZ`_Xpi1Vt`^Q^S}(37Z0XVM zAJ(o5T4g_LQWy5t-1?}2>2a2T%>&$mv_kItLd0*nTFIL6X?w_4s9r!X#q}3X2)RVN zPx{gf+LDELQ+$~pn77TX_WRGf#k!|?94fdx(wHgV5M?u^o&V;G4sW?Vo4b^5=>Jcv zDh1JF%D?{u@WDT=>!1Iwb^Yf>|80N!?-v!v_Ok!0HJnRHP1y5KzZ~|@=l;+7<$u4Q zKev~HX!2V28zaiBMa+F!1sV4?N=O->Sn}zRkFfpwOION?yS3-C`kgDda(!`bb8PQL z^pyw%*Jne*Dyr|V=v=kt330MSKx@yl4uw3>R_8tJ}?>jp~(P|82Eg@;{ zl5}{Exefdp3K`TT{-;_Yq=P!*x{;9v>nzTQq&ZF(Ssasg?=zEbb@lY*#yu;39J=sf zUTQ4Ov7_Fh@kY8jWbs9ATiBKz&;j;e``P{8_{-ba$aqaw;?#uRW1@W!24|SPA!onZ z{p?-=I)sSEFiys>e~iqHmDx$q)Sc~m%J z@t|S);jR&sdA?7csHD;}kY!UY8=K(Hlk~S_umS*_lYZWPkw#Uue1>pcHwE&k%$kJHXNN-LuG^D=;6IWUm;dg29}`w$Fy?WM~ui zGDs!gaMT$shXRiBAW}J$vu99MLO>IRW(R8e6PY7pV|8#pt3@k7w8uyYYhZ*1n4cV; zh*Rc>;tm>M${w5rgq9CQjf=lOJ(2(8r9|w8V%Q2J*zoYcd4+$W+rYEhQ)Yi~dDF$& z=#OodEX&`mZ?!P8S#r9)7koVhQazJ9-=UzG1x-iBpV1Wn)+EO&1DLy$aP=1qVHRcw z!-z{FNBo4`CD|NYKpjERiF6X$(U9>ik?50#9n0a&FFhX68&3Vj+Ooj`_>(>HOz zFbWbvJQBeS#FTJFrGsk1ZgfeI?44XKIqSU*`sH6PC-2z4-JI3*^qn$YrACZSQJG^d z60UfSy9@xKZZ5=4Aw@NsW(wSkw_)4_jX9NzN-Q|mH57Y$dw2*`1D+;LFewtz)}r2^ zfS9=fD?wNne(u;M2&fffsEOP*fE7sngSuye*!^PL;9NyHkQ~(FoEUS(uu?UEi%Q&K za=sey6+INfC=S4q5&P@caJ;3U716^DAn$_>rIKZ-i^W3>0gfh(=x4#!j|@1F1`35# z77nz=0VW_{h_WSd&V15uh}lFx)TP-A%8+V1r1O(EPy6^Cz^1TXCG=g?PtNv3;n3phF}7Lmfg$ zarFAp=nu2^jDQ3j97q2}@y5_~zt5@UrjTE~{ zJqWRnVMrMPxZwZ`Q68YyMw>|-mQdNcVb2s6zWk_*uSe6uvr+C|>1xcI)313eSYLB5LEh>ud4p2NVE zwdiJ;YH$-Vwi72m2dr6Z}b~byDjc(_4kp!?&)nb8x&;-H$%}0{}oYo5UfT zc+ddaNQ^H7?Vo}Zhv#=KQx89~QIqcVitf92%0;p2L~DLhcUSEw|69dys#D4nu+}d` zP9k&M*wMya`Mdq)N&pZ|Y-}KZ&GORk-l=g*`7>uY0MQ`My=pQf2J*OjfC_TI#gWpb zhdp4obiSXBzGs83p&?m>S~rDB78~C@)c_AB@=q2mt$){F|4n7cYw^Q&9qaNZ-*-yj z;Xd^b|G|l(FZ8v?*MGDCWK(_ANMRCLJa#JnN!&y75%;-H>=gHA7@E;uo)<;z%Fs)riHsm322`cOVA0y7yHz?m#$ZQ()}tV6?sF9~{`!o;KQ4e7wwfzHUplRIQci`@ zeZ0b38yXrS#tb z2AKc+Z*gt`7Y*eO=VXKwJ5L{CJk-3OZ=|J@yJfez2mg{?!6QS?;`rn@f9MO_nmDYc zT7=cpt$FSR<*7$1ISBhz1eJe#Z41`uW}6Zdr`4=a`7VRdje9h*kGwJeP+kG z{TaK7x{1l-N9!#qgN8@}GulPSD`J3z*jK&O~h=GA!^5#`7m;prnNPLUXj0|bj zRbQ9TxU`?^Cw+4A!k3E%nRzj7f8YS(hEf`|3wM)1*!ilF0(4F8ct5(XSvW( zf5ij`F&?T*^Z}#;I7b(bPtYObOqnws`5+^3B7_`16}YZG{62^!1_qTjq^ob#@%l+b zSQz3@1y9SG7tqrbeU^(0ay*>43f^QWIv|vc&~&V2FNB)+-OcY?A3F!TgPeeaEHMZJ z&@X@^c{}*)v;si4eDXR@lxo0yx8a0e&}l>(zhb+XfRT(gRBRZI)9QIue`75y@la+$ z7=&)%XS%y-fc%?6A>@PQ6f{qg_wjS0r zU{RpDU$aM2G8A8c9PfdOoQ(ch4Y5jV;TX+wWJsKv+JkWwcn+*8U-|+N;R8H4z|IN4 zw30}b_48XtI&lUUkYUW{Q0b(%;edAXUN|_q5O3?!lj)8To1XyIVTV_PUs4a#t^n;F zKfl5Dwra{tN%h=Ax=hkeGpA+0+RiVrzz0EfDU&0Qhl=@>8hq$RH9BZBnO0*pj_KG8+U% z$KVeFmI`=%-+n8I??{_KObc-e#}K35vEO$RN^cL=?k492Axyxo;FDwTmppq>bXH`B z8Z$m*&J+TE1ynT8F=6w#DPxP?_#O>0dP-G z#nXbAA>6s6C};1Oa7akJKz~9;VMz0hF1QS$Ej*SwYfVETM!aPt_YepUxHc2BZS;6I zO(?0+bC}@v9TF$hD%8%nuwTQiPYVkRsp{q-2qc^z(0F1hhp+n{WlX(cI!=e3#N_r$ za(*G`j3lEpA{HbQP@p)jp_su(OpwYOhQpvqTuk@gL??%llcA^}`YlVlpnM@msS$Mw zE@ap4-4LB#zSG=^a2E)&2y=f>3LdCiT${R@1y&g!zz&iU62nYP>WR-_E<<`cD9%dp zM1U=SMb}zlN{c(f%ER*r6Bl%xoH11M(&a%vreTMIAb}d<1vKhZQf9@T=Le2Orkobr zX1qOo{oXX)HIHGr-(Q~0;1S{s7K;p9gApKAxY(5I|5H%bhobCXk|^+L1jGkq0;Z67 zn?N?{4&yPv2go{b9|*4+!+GZ2xKH}1j=?^llJ<+2M2n-1*x~?fGfG|orv+OWiU(5- zJvAXxI1LTriTTLOOU(KQ9lk3x`B1RbqTPIxlESiYpF4V?m!KauZ*ESsfV~Vr^L5v+ z_b#uK^HAL~3f(x0O4b662b4Lkk{K^WRuVKBvy#!#(c~a?fYKP9Sxe`j2_|_9n%#uN zMB>2)E{e0NX^ zri!1jM1JByfCEL(3QTzin8z~^#iB86&vzt5E_q}yq*z-BzGMgdgb4cqNeY72wmAv< zIk_ zTt^=o@XG~GFSfABkn$CbC0ulYh32-HP?7OPg2T8TSH2py*4cSAh8o;6|*eF5= zfS@CD{#dPkKrIF}!t{X>e9Sbv0(J;S;!!{Y4q>zd{w0Qnaig{rxOl(H)$I}fgzeqI zzzhI@2!}ia-W6LMhq7a2mJ>sA=nw+M=Sn2m^3xx}%<0 z3guDqBwaEy4mCtK0(16q{uy&TZ3KE(xhPgl_#gn8V}d?^VM1QStn+erI)VStQ_Ui1 zlY9yq2PlBJS}PD5yQCF9_wOg{{1v+RL{D4$I68N%m!tJ<(puC%Xu}lO%sF?urJmzp z^Oc)yXWP_zr|RaQ8{u z54uwcSR>)RAR^B8^@=g`Aoj_XmDE68kg}l6PK5~_Kk_K428^yc|M|@TZGa2{yhd2= zTeGfEz;~&JP5V1u+<^Hnf&me`1NAr#Z5hPwxAVJ>mQ>ZL#$KVk65_pGh~C8dTs4kT zISP4Z_ATTetAsnbkU1Q^W3oC`W`D9~&T5_XrwBQ8KUN3b?Mv4aJalL~o-V9)i?MWe z;7kW#KE0?o8mu4H;efFo{FKc4ff*;tbLeP)59!wsQxiehBa;nFu$tCXcH$^8I(kXU z=_8J_LKr=Pz)Y08ILap+NXB+XMzW%jz<_bVp<^H@j+R%-aX#$TFExNCz*bW*<%%P- zy<{R-!1H2?FXY7wGDHUv$-8&&h!6v@1L6s%{AQ*?ED}T=9fTMN8c!w*-)kKaLwkm! zxDY>Paf*=ju^Sd&iW@_lIVF>wW*s}-7}(D2z9PcrdnPe0zv5pEo8@r4Mgb$IQ8_-PO#kL1sUG(J(Bj(tU6&|{~pY}Gpg=$C# zY!qUECmfBS%Xl8)04kcKUYy|b0cGi(1cQ8J;f1WE4QLz^md87CPPB8j5Y zW`&jpXWjPgbn^%ZJGtsyr?Il9X0Q+Kuf_dyE~V}v9O7Ex@rz#%Me z0B7SU5x{PD4w@i;5_@h`qE&*tIAfTAo``_dI$rOPY+tFw-qbaLTmmM7JIm)L0`qQd zB{t{;IYM9rqVEZihB$ygM?mb#VFLIOCQ;;c*@#0uVG%DEe;AaEBtsTbg5vjP)jn)* z!0FLIXYd{j&d$z&`tKeOU$*cDhz?J$J#|LO@D3+50=xV(;$;Qh@eT;1wSHfEXU+n# z08xYjG#LL|clsAyvZDBioul?K>bcx4ybt_!SN#jE;GPLDW&aBOG*4*$y`Pgdlerta z{#RZv&bt1F5cmeom~kP1LePOG)e03{2T10_ELCg8IM><>TW2eUM22WdSKq+E)0pjk z_Uu{7kJlwtEOT1oVLq+pt!&Mw6)WtiTQV-3T>Z$vvsre`@3te}LMc?dV)Bb?yU73q zO2pj@QJYY-esWQ!)NzNv)OxhbOkg7`$2Y;_Y0JucMG_1@ah!<(#w-R}r=VZLRDyPR zbYDqT49|Q#f+Sj=iCk~|CFBjY>C&tPM!X>MK7IP6o&FS#0WkYH8<`*ZQe-^g?p*QR zzGhj^RBOQ=k<*Ndt*d;GyET7kBz%&an$j(reOI2k(y+%N9bk-l>7?2T&?EbZ7*Y8Z z$^#NKsfiN{t{8LArn%1q2c4 z(m|vwU65WQA_&q2#07!Sy8@#0b3J}#=A8K^bLKne$N6z)GD(0f@B6&ZbGPfduRFyB zuT}bYDVzV(nu2Uk82>-ZBgXSp1VSX$l_<%7{PtgvDCPd~qQn247iC+-cn|h%iCUQ~ zE(26Z>~o8CT2#NQ>A=!chbx) z(1DWU<0mX&NfC4nWuZKE4q+h+kBz~cxl2a10YV|V^p%)u7*51Mf*T1Gvwqukhbsoyax^?0y(F!Ge&2I_Vp zLV6Cc1If$x1n0m8;{{|(s`z%{zTLQ4w-%*)UZ6ohfofM+0?QBq$|L>@cG#vb7Q z;DJez7+6PLO|Yp(TSb!w|lp3E)SF z&A)`!5msy&fwK^oM?LiYN@7Peg1PIN0LsurLbC-g*v5rAcH?I?`dR4yrKvq)Z4X$ar)l+sk8=UIAGpT^xYjM8GD3pY7`GRG8rU zifd{M#Ms+RFLqjvu&;@hci?|cR}Nz_2@MogWK#dePvrmyTQRf;h2p(vM26XeYkP!A z%g~g(g!?C2jtH|TM4yygIT=WV{2LT_L?f7fV!mO+2GUJILDWH%VX>u_4aB|~9UVOi zZsgB~uOs2!NTWNR-$AT7ZetZ`$HDg44Hapm)yoM@5C?!Xlp|mx5&XcwfLLt?0$0L| zgf^jJP3S8uB|}E0VYC*EbD#)&&|d^cK?sG|ypa1}bqO1o%zGl8a!9x}*{Cm*ART}! z1uEn-=tR2$p%1d_KwUuTo12V}0{C?jmrn@(s2Ur=<>5U$!15#g+F&w*yab%i6Zzi+ z2$Nd|mk5b_*P_~gh1;SYL>xBf!G=I^gDH!rk$I8%?S!BMKn7Wc3;Op#K9NVw3R@DW zDr!Qfpgan=7cpumGK3YFK+iaPwi7uElxXh2|5Jd@K2T!yAZ8$BMxr)>+=r8!+Z}4s zXtE+{3*Z}EoC|^xxZqWtI!m)$P-5VtQcp2!kTF+dAKyyaScX3y!~nF=&`=5)LyLga zF5D6fjv4S`-e#Nc#Eo~8K5_~YIuaO=0|=jtZtoLFK9~IfA#zC0!C|ceL^%9S?Xn!h<9pUFvz?Qj{bmAGjJmgci z4lN~qUC9|4x|I0G)QH3W92lrT9(c{ls+UL;L)R1E2GIQ^4j{xtLyaOheU~j=Rhq#h{;7W;n^}VkFn$kIe#ZI zJPXqrsI$mmH-WLcoT%yMJ^)^rZl~HbGVkyq54SQ8 z?Sww$>HWaB;_&>?6xe^3cojEhqio^cbi_M|cYEv?K%pR!v!G_qhMO?i_R}LQ_V}NF z-bQwfIAkxFeyB~r+}s8O3JKHUGypkU|?G0kXiFQD!yE5>!I? zz2pR!36UWL3Ge#w?AZIlL^ju^O{D;ef$GNqcon(&c0-KPy<4}IfeG7%G8Z2tL1CZC zXcI!mMm~ga4^yn5TDqO^C;%sa1MdLd)%8@=Qb?wVcncW$E-2^Y{gSnL+}zwyD?3h# zIoMcM2Krw75>;RjkScAJa53l=W%#`s=D|>)e1J`d^rrU8;W0%b7s}fx0b(X1F1v}IZ_z9##k#0#U_cmh82=rO z{Fk^5u#<5PNr_~*c|Ao>kMM3^Akk&u4a=@aM~;m-OKxayZx2Js_guEwhV<9~DC|rm zr=nC0Sq`FwLLu4H;f60sur-(T_3xm+02xAseVzSu`x^>gWP~W5v?}63kmRPE2S@G! z(Gx<{%DH*7pPmCMYxadLfPoEQ=E&hdrqKwMYIM;824059qz7pNA%p{h1pUXNK=^As zWA%5M9W(L8Awn~1bWQDAh?w7bBz(bxUSrsR4z(1)R`WRGSgAYFf$OO1@(uF)&IWIOv|C-YmZWZ+6~&B4F=K@9CtS?T?cK?_es59_1T^o z-^01vKe{EKi4#9O`k#@v0+3b}1^f|nb7^hab?RGz;o4F-P;?y~IBAW;tZvU(B$ zjwfs=v8n+FdI;gUqu1tM0Fn4r%q@S~dRB(>`cB!ZwrU7-3 zD~rrfETR*MsyAK5mipvf+QRb(oxOH@e{fZQ9O- zO5_~S;f$kBA%$wBpuFmRm@@VcfQ=}CJqihdURi+>O@58yF_M3vNJ?h4k~SrhkW;B2 zP|@Jhq8Cb*hc9YYE+Wv@xmAwX@hQxhZqo%kDcd5ZS(GO!X~O6dwFeS`-2@2@lo~Q7 z%Mk-mh-MxlaWVTTHo@y|W zc0=L}^c7-D3Jb+SHmb=^!uv(9zAb@}C7HPmmKz!trJ0{mKSK12H2P&--3HJAu%N)O zET|N)hDyO##*>5G-z!9z$kr}H1(fui+=PuocJmU1Ez-AvPH@s69xCC;4Va5i(0~73 zDttTw_6Rrd_U+qF3=4!eB)U;(`~L~f3B5C*R}nx4n+dE9r1FG7hMxJnS$O3~h{Fil ziS0(TTS4~Fh2&GiD8ChjvUM5b)GrrHmNIQVf26l8?JSQlGCFSbC`j-r-O}G>gTQNU zU+NrpN6}%$qFlGsy^=k$m*)k16b||A?@L&h8-C84pL>&rl3$PP%>F*(jBAD&M~(VF zyLLP{pPwfGl;JfuIz6Ko;qiHH;ph!*2d9*pCqPF8jvP_NWB`jJKXM<^cLPf$s-Qp& z<@F(CcHYIs#kja=@T(a69iz|rY)1unX>vQl7r5>k;Z2ys7Qp3ScyIYM$c1Xl*bl8Iz9S-VgjN4NpVq}9}b zA}CAeKvwKa6GISQxja$6y>V%aMMi;S{z( z3n-32*1~inl8Nlw6xPQWNZqmDI&bngj2r~(DFIX}pCL@P8qT;cT zTFSnI2kVI~YQ4L^eM`NWzXhc&t zVCUd~iL#AN9jWDY=ucG>-0FylF4(K;xfU@gmXTE$vL!eVSd$jWPYd^@FJ}rEn(UdO0O1*u1xm?&WWq92>SPv0M z7?B@s+O3%0qIiZ+a846&;lMA$$$XW&uC82a<1ND9sU@qlUd_@i-=meMt8SYpi3kCA zQ1-wX15uE21hET9fex%t=GCi7V6J{b(_kX9m<09A1b8SGLUeW1U5FulhUyC4^xZ{7 z^GrN8RMsD35a$_e9q9YtLGaVt+Z%(HUTl1Ug9jB+muaA-7W|pF_TzBkMwLY6*4Eb3 zFN1u2FLVj7p|l)F&E?ZTy%g*}H>&Sog{Rcj)g3Z7f2yjV&6d?N?8#Y3PH%qUFqRv4 zR!c@s&T1||iJ zOWepoRpv3AO6HYDY2@6>2$i;M+s1-A0=Q2Bj8EMB{0(w<$ZZwzRKRwKLQEp0 znWKQTIYFnm$Rr6|1MH|{wjUx92VEQy_D8MD1e=f;11jNq8NA;ax!eDYIB9^TgIfv> z!*jR|!ui4_#lVzQwX`r1wvk=gI4Eer)Wtnue`D}pC}{~pceQ`s>xyd{{KCTW-@A6Z z)1N*p?Rwa5W+TTumU}qpT#C9{C|m#yo)@}L0ib+q8EX`u7GJra7D)3JVvG7w%Y@H2 zRA(mm=e!@>WYpfgv}f_7m-DZ%+3E$hPr;KWoeM1Z$F*zLD8T2D(aTM&3ujO?u0zJ1 z1a>Y?5C4%b6I`hvYN!FBekQRrZ`p*?ea^`KZuTxGHWPv5*Vy6Z%LG^*VyOVbwq>pV z?mMy%pvror_TlE(6gJtMVN-@u-`~K$iwV ztukb-di(m|DHPLH1@Vt@W2`5T6W)y0Brqvp`w^{Krxc-h$ubJJlg3^p?jMw_1e9U6 zZu2FflIQj~6lyArGXrMVt;-4bJ0pIzB_*tAan@x0k4F^Hvgh*z!9YA*7%Z>*{rea3 z-0{VqcJuj(hRDHvT~tvCfO6SmJaMgSYHD5@gBClsLq!*)95rJ(K@kl6&5nR8Pe@Bk zxyjN^>1!q zz!px6wtvyY!~|S*D)B^lj<{f8-ySQOA=Q0Z$<>Cmi4plLrm$KwHqPdT_$vnFsrPi* zgjDbKC{yZrdK0~M_?X3%@l1@}y^jyEE;F^Xu;}^iNXi$xhI8C}yAA?1TgGpFO znP$0uq0w53RrfHG*&VT;i*54?@@N5=V(zWLrzP-~SG>+tG-UniiiTN)tuYe6tHtLm z7h;{gc0fr`#(2`pOsC-oclJ{H>?fi5hRsd}Yd#n$X@9EIKg1$X=YCqU^`q)OPOr}m z0sfzI7OXl9lJ7|eRrl$x(3h5Wd2idj9wi7_@Q&V(n?=~K@$2@lkn})-0j_2~Y6TBv z@ji+wQE(fZx8IS`m^ShW3rmJR|9NB#)`g1eOCCL^dEYrpp-}wPF1rC_7kCp}m7_ zElI6Jt;1jMzfCnMocm~QoVD4^FQew$lH>boX+m_VxxPaPdu#XVc>Z8o}4YuWDa8x|)tJY89;-%um8db5hdeUqW)o>q(YVjs=dHvGqi z=)L;=R~9&Y{e9>flbkMt8F$Px^(LKK>~)elX!0Iv#j4}gV)$^Mt(;r#26nak8r)#Cyt$MJ$w^#eR+>G5cxsN0r?08Z5r*$ zZ<>6n;8-AXT5Yg3rFW}GoOWo3jz;sS@^hasGj_OG0PFSrtJx>iLu)q`HBB9)X*Qa( zbG6A@pV-*FT2Lj>Wz(}MPa)&q9E7U1HzxBfEs1_AssCK1*7;`6QiACeu9fe*7%d_7 zoL6h@*GFB~$Z^)keu<{pF)p#2-KxoCXJs6HH`#l+WvZRIB($_c(8Y$=gPq}3cF&oQ z!6DJ6?zAY8z@;QB^scF~yvnz|IhQvrFII3Mj>|=;scWHJYcg3yn31QubD5QyQbzu8 zUTmie-MODfOT)RaC7D7w5u_h$WHM$sEb=+m%D#WnInk)tI{5SR@*(cjJ$Sj>MLR^cW>1x`_8^Rxm{|mQAF=`g8SPTrS|qH zZ^N=1@dJ;}W*=?{J0FKV2b*9rnt!~P8SU;eZ~B0`Z?s}tvaLf1&o=I^=H^0jX6Vk4mFxxZft|u&cL|*aZ~EjyCQq*iu_}a^GVdf z4~yOQIis>NZE5l$Eo0tILouv%b0$4c_&q~6$FMwRX`{tPem-CHyr;uM-)cz|y`Q~Y zE1Y5{f8SZ*=a)&%0ahKAmxb%@hTaeg&t$9^kKlDJJmJ%m##P}|-xa*JU)HBxdw$-% z#2*g1)9`ba)Vr`L6rbke!yOA#sjmWp5@j^Qt6ZdmuHdL-+dpzri)pN_*>0I{75*BmJ{7Bckv5VVmnOVQqxc^#s3@AgX zA^*>NG@4Al#M@lY85^~CowW&Oy|3>wewUZRw&oD$NuYaJ^FMZ2mp!AsHA7onM8V5N z&Zc^ub6QYr;c*3Xx%NmS9u5A%hN>gAwZp^qxB9BNT868+ge9fkWm&rQrEm){+#lSi zPWJLkYGsbEI8cG4<4owMp;gSc@GB)vA5$xi&h8!jpltec{2$fF0)wJ6jB0e6tW*7u zvkxn@mG5cmYaczV^n1BPB;QLLn&ok1Dma1(PL@ry)cNDEnXgJqspFLaCe7vSMp1q& z36p+x@di~n_vlg0dn+jv-nrfngYG;h?_z2|i^vHXC4-&AbkimE?jREL{2&b{NV$3W zYXI~wf4ETwr<>DN9Z{q>8E2j}aJfx^_{6rKj!D1Y^-8V2G+rT4VucN^P+{4gTnr;N z!N)2X-gSQJV)VZgJUu#NJw4;jvjU&HNKMbEt;+Yw7E7-Q$CSu8n!Ol)ol}E?wYr*` zQ7^Na8QaZw{s^F6UIeR_{a3e$i{cfUt_jMM{;j1_nZ_-CWmU3EtAjW0;%Rz9*TWwv OjML{&rJTHU`#%7pW(0!( diff --git a/docsource/images/AzureSP-custom-fields-store-type-dialog.png b/docsource/images/AzureSP-custom-fields-store-type-dialog.png index c6bbf79f78c05338bd7700f33f0e8f6a7d8f3984..296cd70671f91163293de7e68f946d483af014b4 100644 GIT binary patch literal 40207 zcmb@ubyStz+b+6jq)WO*P&%Yb5J3TH=}u`7>28pgkPhkY?nXMKySuy3T)*$zdz?Sc z8E5Z3&KR#_ysq`E`OLWEx~}`42FuAvpra6@Kp+tG&!5B;AQ0Fn@TUS95quJc>#qob zP(nV7i6}WGA1pem;!Q6hogCxGHC$xB@$e_Odc9bokf}IGN$`4Bv**Q5j_VtYbd2$LF6%LU|{I6da*2lv(Hf7ew z4cMaKnMe~=5pTTDpWmLGpCc~!_y2;W`OgncfBE_f78MoCsnfzOcXTv0?|=Buh)*<( zjDzyod9ba`4A9?Wi9Wf#5ySb<|N6=Y(Li5Hg_w!;`9I&GiBtW8e&9zKD*9jJvJv`! z`p?7qtSC|cdALg#kNO34prH2u9_ZokYdX4D92}K@zpJUKeUg+ki*`quH)QzF<5^l= zy}bqlaZFgq@TxTyM11ypO4jvNRqu*)TFK3-iKXHgy<1y73$N}MYQ@a{smFX8kf&z~ z6fd?s-g_6s7SR9wwPg0@sM(K0trWVSY=|HIQ9j*omvdJ`fxh15XHIMu z7E)MTjwq3N`L~=r7nepBPdfx|6~~-tY5(A0_11}Mi}GMKl*v9Ugh>}I@glVdF0`+o zCN8LCYXfcax*4IY99hTY@)398L!gGS{#ua-E6(F> zcr2D^--LmM1zLt2aEr2%^&~eRoA(3kq;Ojx0lGuen?bN*3vHQ95R1+fjqa6QQ20B zDVxDORbEgEc|MzD3HBiv6b?}5at9m-8-3)mF ziQSYWog)jLmayz8KQ8&BP~t{!PYnz!)t-#+M_Yx_fUcQYf3tGq$BGt+slL9C(Lh{# zXJ_Wudn^0%*mpVsh1<{Hw1UGvwLkJ>uFj3M{Eh3%WnyWB*Kz-jlZ)BYG1x(Pt`hz+ zjY`O7R~IQoIq)D<)GsZ(cj>ZKZ*eW{#8amw6z0|AT+?PDYc5)&u%Pd?aN5t6_Q}00TH zS3s7eL)l^m=xra~zjMJn3e8xDopYl=h>$#8zmn>6ij43qO7&|ucwAjE3oDR(O`ao# z?XZU7G2`;0m8{ucn@VeCcm1Yo|6kleO3}$`&hK=272!maP%18VqWz~+T*R>b0PeU5 z|JX2Ih*vM%Ad@uZJC~Xx3gE&cv@9$vj2bo4ER0j|pUERsti3Gqmb0kTUs6{Sll@w! zSiQRyYo5+zru{RbYd!O+3%z83@I$udi}ZJn?>Ofev3?PKt-U*Nze2X#n9%M#ycsOEL05k z#7W==zD{pGs@1o5o%7~RgH<4OX!1}uBqkE@TG93f@nD!uY`~1 ziAVN)0l-DUFngNoahjfBrQs!9F7qRjOc02wdQ$uBB0kp@{*b_*ocw}!a!POX^o-_; zgtrRlzk;(LVwOdw+L#@ei!3T;f}H$4%u z)k{>8^K$e=#>M-tBmEg0>%~4_B10%Gk+}?@H&A>fojO4Qxe$`BRwrYRMzy)JVf2{8 z4hI2rf&VkBm9aG%(Q$-K%dqBcV7|X<zj&OUr)4A~|IZx zy>qXHJLaZH2c}0>LDB_3)Yk9=}m<9>pEHH+UaMt>al3i=^8KKZwY@Wd?5c zH%&j%W+2Sxy6^1 z2VG>OcYMG0=UDC9DbW&kBHDCIX?^o6B*VZ`vz*!S2>Mo5^oy^Tu!&HiW(9dyC=<%I zA;>7wWqn$AGeFiQo&|yA_+zxK*goydwsH`BpQLBI z#(1tZ!e3}QKyP>|&Y0Z8a^HnfZmGfSq(xXcoMdU6YF8+g{+f*vcqO(H;`#KmcDlt2 z=9Sy&>{(idygA$BB^FJW@#;zmGQ`W3?uBtPCwwOzLdUSYCqI2Q;%PY%&*=xe@MkP^ z$PRBAu6WA~oUgcJV07aUuH`DNAJ%xy9_la7IllL>#mFFY2}rZNS5n1sb8X0Um6ND* zsFG;a(>k4`%f%*1@G0>=a$yoSi^bQYJ6d@bZJn5(x;ziISLZN~`TcdZEu8h>=^}J# zU*cM8{chO)!nDaqGINURtq>BXBI@Z`lJ8jiK=~MEZ*S-OFP_b^aim?H|3rUW*!p>v zA(1b*`)NJ%hT$UpIceYejU_OXM1nT)&z3VgTZ@$A*ID`QbNCcdo4n%h*ZZ^vdka{f z&ihZgTRm2N+$@C;>(D^L_I%#%GCt(ssE0sPDLB`e88zL9foA!5y3TejY@Rv>SOzYc z-Yk_nPC^=If%j{M{xTlJP{UtJC`T=2q3~agc6q;MVPq4j7fN-h&CFFKFzDY)9C)qS zy(*|uzLSQ_x*pc9$>0ee8?qi zHOLEjWk@?a>p|&}!>l-8mwRmGiGo7u|eW!pk)#^$3JFs`XSvIGmvQV)wJP;&a9hHy|Sp|~5^V1WjAUu^a z6JeM*^2f&qk8)(;(hMutIh+cK%N%7~Q^mxpdp#dEph28mhfoOxiwU~ojGbcMcF%Tl zpC0C%yWEeO+1KHw{G@0>^9>1PdMdv|fX6&TOdF9ndz83wc7z`$YhEGIkWrj_yg4V#b`yp{ZsD}qgidGAnk6~`aRYz1xtX*-)zr+ z%WKd>0=G(W@WQVAg|=I@FmqaP=T?MA`~HBq!9wT~mPSIyM!7_*=qsw8A!Kp6PXq_^ zHzY^mCc3wGyF25HFXN_+-_S=+=I1tvc^ll9uI*W0v$?3t4r&XKk~Q*(<{H(J#r|Y@ zb|*{$86&w0kIQ2$?HDS|pJ}5d-=#a~Xz)j3P17bvWY8?x6F^LkrzrATZaF%z#NR))aRSSoi9yWLO8Tr)C;ZA{?^=D??=;zfl(NOj3+|5 zlBrPAmC(t3lIDo9)+IX@U;E=nO8OUQo>5w+OeDSxo3kp$=S~73ZFTSVp0$!ye6(#C zn4b5@c7}n81U%-hPhB3`LSxF`Fd^l)g%Y;CAB}XU{!lrcPQuvysP;~nA=GMU)L$Bx zN7fQjx2A|?e_f*UNetxm^Cc4h_Vovls4&XI-nyXggo5xEq!*n?E|)R6BlouSh(K4* zRDblJAaOOm;~xcV=PPpKK?*;Q&c^TVSpMR$@aQ`}zX>qJfxj;_#%6N|W?IWS7TxZB zl};gmwf0m2Aq?>US<{lThRZ)V0U3i?+2*v& ze`c;qhR`6Cis>zZUh7hK8=Hsf#mMKAeKj&6kW)rI{a73x&KyHiiQz#m>HK}8K3T@b`2D&9tpS-G& z>g#L{xM+uVeak0&fthXY9dGW3{$3{bIa5IR(?R}TUf$CY0m90LtJiN%HRF0jc9a;0 z7i(~xYf@(Op!{HYg9x=%KvP<;SuE;g-Ujo60Wo|6T@02QGsm(U8Kj3kmQ`@{MxH*Y z-n8>5#W7&p(vqKzOE$YOK3$77RXU*Dq3@$ihdZpGIx)38F&WX|q=UHsWB<^5UoW_C zgn2bC_V-&XvL^^+)Fcmckn#E3?lDLs+O8&eE|?bq)y)W9Q#m`_g9PU)p$L$!Zo_m{ z`oKS$!2`ML@-Zx(2i=`3>&HFK&x2h(glzdp#>|9%;H#)u<&!RnCtOiv)8+tiJ??jA zjZ9T<#LPJPXqMcA;-x+#laC_+WLJktB}HNfkG=;B32L~3WPhA2rspZuqn&327m**>oDG?PFu^AbY#w0u7xR+Dai#d1X%l~Nl zyK+-Jc~}@nZVjBg$qc%G+sCx2-Ur~bs9N^cRCSbUTgTbo@Z^#V`Ta;2VFKQSZe-$r z2v-pRb0XiAMFrKv@JsgsOx7!_qt&r*z@_(hFomay8;9txvu2+$-_$p+yk=QfI)*;U zmoD41*Vj`z!G$lueC3!6?|;i%ic`Zp_zIr>U8?87yQGRMNRN2=&;svee<8txN4!ILoQoYt z&DLFQKxGmWV(7)>y+J5jKv5NJmmi(MOcun+(Q)#Az4M>6l8N?b??}w!qmmu&3I_6Q zDS7JH%sRR7n;B^Uc>McRgPIO-nhogR(g(&C^8&`UE+2r$#{^~N&T*VvVX_7j&sEAH zp) zjTJ=z*%@P4d5HY02F0r=uOy+@AcL62=FCR(6i%9zRGS?xds7 zEy`+0#i1({&wV|r5s`dlIn=mP2eNmOl<9LD3ol&0wsQfDFl_k%#u9}?`?wglG zsH&o`VEFEM{$xhH${8XFLbAoQJt-Uj&vSV!Quwb>E$xhzKIJ&2DEInHyV4D~AT`E^ ze9=AD4bHkDeM4VBjNX4}|M+F_BRF!R-j-_7i)@+;k}Xt_xU6)f3Xeq3u2^SgxCQP- zERDB%B6-x;+KVmT#F{B7zmcaZ6y0mqWc09=$lULjWXPCc8;#la!#cC*@9#HbeLp2o zWA*JWEtWy$k3nxZ(^73a)i1Vy!GEw~T16O9!WPYb6gAprWp3b&KaOXy1%xQvU?|LD zUAFK*~26F)5PqeHBV2;o|_$%xU~ z^cf}`?zafZBYF{X==}@EFrNxgUY2Nmg2tnzXE*wukpsB$ONvLr+K2t$#^}fe%_A== zeb|2JzxQ2T=u_=OaQ+aV7&4lvL-#4UC_}*%%Y&VKc30u%`pTk0<|oS6=Hg)xic$Pg zV5um8b}?PpTp|o&>F-+HyRZ|Hja}FH6G;jlzWJ58ZZT*a@zO0dmSxGB*iBb9rNVnb ziHAb@uArq9;1s9FNBITh``%M00iK2#FP3!dIk00z3iPp~-`*`8Uxsy*SpTb0F5GO{ z%*jT3>QV&E*Pb)hyxmOl#|&I(3O@XA42Lqu8c{tfBEaNEO^M(;dW4e)8AJ7s4TA$s z75XF@+6m3aGWEQ@FeyB_(US1I%GMoi*K)r#H8}AU9qa`VS4)PN6C8=iXLNXBdtfCH z+WNk>puyka&)Vm>ed!C9SkgMp!Nf-JHI|+*SbCqSP^o}whzSao8W0=o;OGGNUJy7O zEA-4Y_WuMt%;b6xqHo458quO%X0@srm_7boOv}Y9-8%)$>8nY-|BPSKAMxov3cTw5 znB)`Wm+b!9DL?oE76QAWyc|P|RM*I0YR9!eu(UNhjQ0-xy8HAv({|GWR+E43)s_N| z=s?X%U zq%|}SrP|hGQ#jh>DqO-SnTp3J_PHTRxN(?p&WkY{bg|1@(sVk*LFkZKZ0~s~A*WW- zg_LBXzYwZ>b7g}Bf$A`TF7HgXo>N477ghs!ibx(2*w&&wl(e>aJz|~`4pZbp(xmJW zgzD!8rt@C=GC}JhavhO22QuIu<$Y{Q^hsaYiO`~3@hhd<6 zT!dle-2Rj~C7L@SQaI+_TT1@*aDIYJ*wY(fr%ad7J)WQa=0OPp+Cq@bx z>+YtocxW!&)@s`o>xLn|fy>VO87_7zAvrL0%9N zLKT^#W#^!oAiN9GnHO4c3na<9v%~E;?t%A|X9t2}T5evE@{3rby|}o>2-@s6O4I)j3$`|0K}1PZNLy@kGll z29`>DCs?Cdoe?IkEwtk+YVSv2Zo7vV*9=BE6%)$M&99~`!NU=}jI_FYrZvsGqUoIC;vm%~6+HF4$6AIWAH>xG)>>zo#R zAB+^zlkpCbo9iT`lhgU<&Pls#Z1x^Z+8k=As(Lc5qH9LwQ{Bu9COtX7*1dkJYiSO{ zfojlP&xsVakBE!=s@XJI+o_txtwAM%)+$ftD1|1z*@>`10i}G`*Wl*xgef$23KxMl zTXQ;OY{EsqYl9rXKu$ir=J##Z^ZVA6KoJxbzqP#TPm!eB%$A zCbtxMWd-j(ju*)M9t0p26Y^%$b#WO3rb@^~g=ITN1pPd?wvx?$3G(B@K}_v4LP<(1 zbXT10|Jn>{@Dc0p-)U3<1zvzZkpzYR$Ihtn{ku0}{gU)pFO?r*mK{GWMwM0*5upO> zKqYf0wLKK21}>j|Tvp;_Fsu5FlP{SUFNEdkmO;hislR+@RITF+C5BR9$nc`($&qKy z3LuIf|8*m2>PQn{YBW{Zu$H8@Mm$Jl4;8fbi3Q0ky0j1f#o-qg@~_Jabsqxa&eqnnv*mP-cHg;D2=anr3eThb{87G{2_a7`;q zpM8M3w!`1Vz(}&AvA3od(!SofKI1rj(U9~hxfr^^e@t43HKp>CehbDGxnsw18Q*L+ z?%(W1Pq@qzvuE)4NTd2V+ZhW}f{d%VmYr?HDmxO8BxDY9?3=j$_8(~aQXHzP+(PbQ z>e(M{GtfZn%-QMzhz<$l`ah!ngE0?#`C=A>s|Qx7Qsx{W(`Mw!O*I}?{6R6y+Q^j5 z@JZ>y89u6E<>C|#t|A49Vafr2=&8gw{f&yYr>5s9+qh3Zw`XLE9hhaFi%^1CgmQNQxZT3xcl!yO99u zF>p(<9#PeK6Po| zCKAnZ=>_AIn;saFS!c@{a6_v{yAV*}q4#fSc-Aadegp7<1d&2atWw+9BqELp19J=* zM_tK#FvbnADHx?|Q~T?fwkeT?gO(z&$a=NzK4(>>$N02fU%&=sO1L6b=Lb9YZLVl_Wz`pQ_Jx4pTW~lYB;wc{{EO$*i?j4F^&SX zjI!9EealH8z4Hno?JqrH<16RfoV2pE4-IISN)Jt2Bqj!zJ)9GgWQKfh0AW|SL5F+eya!T#JgMBiTW zoE+fj#o&YFs<=-Htr{Y_Q)8cn>J_;V|2Z_5`R=axTw@3?;GUe?UrPZkEDniK{fab+ zOc4vcW$5){S$UOSOUL)a;hPODytxMIpbi_pn-FH)RDkS`47B71e;NE=rNbfR3A&0y zV{xEYLTe1@|F1A2jnIKk_m8JiWI;O<`Ngeb5$0^DO zS%`f$RdZGGhHlG7f*4f=cJ}M+LoEdGS8yCS|KC;B|Fzk~pO_xoJldCs znXhGWxjtGfINaLa&iwNSR$E)UxL7}_{>LuPpFe+CU9T+a>gzexm1(2(wue)k?hkAA z^!3kT%x3srym%259NfN8ZCgeZ+j3R!=GGT_3VsgKEJyr z19^@i)kSLKY;(Z&V1})$r-z!03qQ@{?yZln@97Zta+O(Qp>nZHfnLtrP&P)*IxGg2 zlCE$v{zOI{W#xdE49f2_AB)cr50scJmKexVZ_;r;6H7Ry%D^Rz$=kB-STY zbh`88GqH$>UKA_OlawieCV~Iz1^9Ew-ea>r#dNUPNbvggYfDXYcfJ%1d3kw4ZY$EB z2#V5cyOlN=LlYB&p+rs|hXX<-`mdSu1qB5ir|Z48$4kvFaEa>0Jz$ww`1n(6b`#3v zt;gmb^b8D1n%sPR#4ODh3Q7OgS33h$>%YG)(X98GnNdv^aK?$IlkKUqU6<3=UZTBs zQfPU)GY6&ZmgYhcWU6Eb)5M#TPE0n_aT>@Z6Nh4sbbHR1B=wiDDy7oSatjEtLu$`M@?6BQFz3XdBq3kwTMoM4Dj z;KH1JiF311C|jQ)d)}lOAraA}TFKbAx;u4MRe{N=`MK+6Dil;y+snO4uHpgiWj8nt z4Glx_1sM%ZOjVUo#bYAp3o;6dPj>d}o^Y}d@FffcSWJMR>y^zW4h{};=eQPDDwN0+|M@1(*Wn%2&ek|^NksDJ~dr&A^iy5hgTJdGe^ zgAK%_m||$PT^DaU?IHP+nl?HrXR+AuveI}6`bIxGP2d3ognA) ztqibdkjVJ>z7!5eN5^CyThUUC*2gOnSU5P)aR8kW4IN$WF0VPV0UGe{4^B=z$|agF zJUu;+#)^xJnUsrEy`jdQJF&XxxZIubAuxUHTN`2L<^J^PxD*SOpdi`zdeTORL!ZJz z1{$0fz+3{r!dF+?eF-^?(OPb|NZ^r>)`6SJ(Z}+5Jn%d`KCW(Tz=Ib&-0hcw59RWe zX232q*zX4{HM@4Ux5HRjS>0Sr$e#8yl(sD`k#`25e^642X+N$%JNtexUyC_iqUEbx z=&#A#JDkF=XJmwcgoGrW!uQhF*7nj$B|}d4`RTE&rY1m)y8U0iqV3io(Gh7+clYY% zZyoTNH`pwP<0bTZ&80ikf0CeA#M|5Z=IQ>JO}`5n9FKIG5LrS(0?&^ftR=VeFTe#~ zv9e-uTQ76p_3Dvi`@yNuV24@IcnV^UTSi#RJ)#5 z(Q)^mtu$FLu3a)yz8w*MCS_^4`LpDH4z{g*d>jY-jT)F?{TZEXs+gP{mXiSa-Su%q zSC<&1?dMB|GWUCjgV{4{K9Gnj7SFhAS4~y&h5O;zqqcL$Cp9_3Q)A#LZ)mpz0A&d$!#jQEuwL-5PNRPf2khk<>ns;ei8*jw(_ zM@eR*LGG{St%(dmhvM0M(J6$IHA)on<7;cVNx*qGx?VGf1O@4~x3{A~7?_!jK@8Og zf6=@JEi|j)zlE_iyU!ShY zNUD)9BDy{j2B|K$)q?JPjimuF-vcmIQANeC!@25^`uh5E_xr1IkUz?R%R)B+nC&c3 z24@~_&u4*WsF|APYmibe7zlA z(mPWee&;iqknnKhG|wmABz7YdsV`q9`L+E;+dUpHRkpUadK?bty7dhVW`R2;Bqfo| zH#u_*{QawE-TKG{T$3y$EX*iZCPg1i$nfpkx3YIFIw0b10uIRH+1$r~#p8Yh|SkgY5<--fl)4VB z`(xf(94*w_@7aP>-CUtw97o3Q5DKFUvat2kBZ8OvX*U5QFK_+q^*Z>KDu_66ZNPT< zzi%LeI6`b^W24*Xcx)WXc2pNmF4&)?@D}~?? zf$Qp-4)m5$GYLk2)DG4^#G!6(Zmws2g&&gO>k9{taJ64aNvRB%PNvLmdl>2+h+f$_ zIo~Ppp~o0Ku<0^iOhzsI{9p$TCqW_K;;WX1i&c%)Vn3t|gdE@$&|`+E>g!V*gxXTj zf;dxs72D(AS5(A^=+)iR!`?&4?{q>5rdagnj}P0_$*o?|ov#4^LJJP&Lf;4t4nW#m z2<%&*D%BZjYHErH5~nuQS4sGOyaE0SjE^1o!auX>rL$aY>cWD8nXRFuS>WJmpFe;0 z-AqJ@+8#+W=?ug)p_570g}P|5GDnzrCjd(3}VJKJKjKh|Qo#eKmw z4@|{!p)QI^rzII!eVJCHL;2T2Wwr$A9wqvh(6_r@FFJx3yqNg*?qH_ez~brQR+>I` zZ?c?L3^wn)(rl7GE;hEC>;v$LBrZ#0s9!j0f#Y!9PH_a!_o{-_tx{7~7704xLM`X2 zg1;&&gRNj-VKJfbd|;ceFhYge-SbVa@J#FTqcuJOK`#I(^>!EU1U#0fAF{HtY^d0U zgi;w=T`tYItQL5{RznvEJZPaJgn(tQnV?#o>HO?WKZ)BK7{t}d>IXzG5X7eQCB6h* zTwNJ^cz6u9w|m3r0;sZDGyU)JYh@a7z(T}&PnbcP+u4ij`~A|^;W%ckekP4FUGJru z4+5-eZTy4+h2dmgNCCxpI1vZp^W(8+xx=A)P`AExG7mP$rG=G` zi4xsmmt?LAga$JW_6*`-#QuJM@BkQgc67i(%B+`#Ad@Ng-TG_|j>p5rDy|zvjg9=q zgYn*_Eq5r8GW&gHM(rj-V`Jm6)HLF1iCuLK4ZCLii|`t@Z+MFlI^&Sn>(;;|N3ZwLkkMjt3koUR}VrA2_?+VuQ%uL?pz za&q#?tVtRbH+QX!n!l*`!GXmm8k{4-u&}VPY$<|`jSU-jYXn#rkek4NH*PIUw|Vu5 z2j$o^oT48-P{m5N6RvwelSi`(B)zH%@9*EgglziowJff#t`_c7IdUJ_KBvM$hA2fmcpNuhrz_;I93Mvn&76+}QduaH07Z??l z_joV%Q;Zsoj1Ld6jyDVpollSV*f=;o945oMz@%<&x6|q?+=M8kelvd*6@>+4g$gGa ziLIRPdmX__!iC$Jt z4mA@KIxw(Lva-EZrV|&4!^r-k0FP&aAhu-QwSKy?y6O$07d3!^in%h~P0r^wAOPjg zsoZ>a-i%d=jEf6^`UyyjP)bO`Bn+$)>K?eX(q5&dEY}Sg*DB^my}js!tPoUu#+9Si zhX*&-9-Gw;f3CO73s9fTs-Jr;mXno5$;^xaA}o14Xgd=2yAMpT>IJvkG1C*mn-!|ni0{ABa0>Vs{DQ=A9>x#-s0HCe^&F}r2 zf&xL%zZer2CrTS_D|~&t90*_~h;1v|+eqBp+-?u2y?J?g@4>b!7prI2rciwdXq%rW z0rPL$_#0hce?iPI{AG8knZK#Ixg11HAR?rLz?*brc(F6~NlK~{90%}|jInPgfK*a~ zgNCqv-}nS2cEAuo*{ja+cu6tEDhrrYJhwGDK$O9m5)q>Gv7#ArD@Tiss#V{xxh!V9 zKq69ARi)(Mzy*r~Oa2HL$HsSFkO82E1|TRn7K4>GZ|ETZ%s9d4@USr80ZA#T`t?N+ z?E#pQ1I#r(p3rI~Fgtrwk=K}xj_%@knWENuIY5;$AS478cq#x6z@{(Ms~8y>M}bL! zWI_gLY2;tSppcOD5*=GxHViU8KX6Px4rZ`{V|1aiG@U4EP@6Aba|#ccs&R2~i90xO z{R|1I7txKVEH7{W^D%_ge2Vc69tyzL%^&UGT|Ai$J>Jv-++YB(JQQgIVoUjZpxk(f zcw>7T?q*%!-$L4#SWiv6=Vuzf$St$qShq)w$JCUR5EvMkc#!T8G08(gfQCTu8C4-B zCMNMoNtpoL%+y$t0CI*0Rz}ME9Uh>eGB5!E!^^D}8~En0K|uuYyfUK!{P_6zw#7v< z6#qYJ6RlO^APrs}FGm2_JDG4(Z$4c@2vRfDIv_kC!Q$ZJ>gnmh(9z}cDK-O+&~&}z z3W%y|lM~yui@|p8ThJE-^28fPMnAxrz|Ps6u6?Ylt7`*}TV7s11GXPT?G&8?9GJ5Ui?hX|> z&`5c(?6wA>q)5-wG7Nw({i}mnLLoP&B!M2!hevsea@A0ORDzDdK{SvtpdqH!8} za=(f^F)>m9Y~$|<*uXY#I6%7mTioy0fD1qhO5K4?xVgEtfpD<00`Y$D1ws~AA+u%1 zmAlS4E-voGh6|9Ad;u0aI5;?&kQL@swE_+fHqZ$m3F2g)rhEg=izoIfH}~U|#0n1M z!8XTb_do!a;}a7*#>ampF_Pz52?83;2zGI8Z7q@Uxo+#}8C)(H>Xwok&`nJxKh%og zLqS0S&_VlH)0OjlMUcE{FFGj+)!f`1j6$p#cyS>u@YgPL((DwV2q0DwkxB#K9g;ss zu5D>CxxKvw>&@r>p`xt(Cod2A=;(-P&RRq64PM{ipqQE((Za&Q%Fa$-ig1cdAV`zI zfja>=1>pxgQdV0VSYFNsU==$DhrFgH8YU(t4*Q@Hsd}&_^IAFAoE_ZL>M(mUOyq7O+BbJ>7$omHdqJWM8 zt}Fol5280RJnYQutgQ$;2-(0rK$v`(aFYsAF8l~w;Nb9(gwgJN>kB*r0@bTmaOC90 zjn?SRt?I7AQ-CF%?2NtoMDvSpIu|H_p=`}9m0_`^5me8fIHI52$2ltG)ahLvK5SI3 zd=C61`f1B76 zH*W}EaZPjK>F;++Jo(Lq@74R%&!=0CKd(zmf6+73Ux2Dg0&t*9-t`g%ygG7Qnq|}# ztRDH6BlE2XP;>upH(~zQG~54$D>eU51JPOx^_Q2|>Y19(D%(R}i%cc!ElvADPA&q! zR7YNZtN}}nHo9|g;SXmL5W=8et0hP;6CKtM>Ualrl07aMQ;hlVUC@3^Mo z{?YySVTJ#1-1x!rt#&g{4Pv+uk=_{jV^ zw%3_JN^RRd2NcAriZq1)Oe@P{q?gWsX>)V)kCg1I+g?`wwlXUVbMi{CUrjlZj~rH%xrOkSImwS`*=Q`dxgIV!$ve*b9Z}^VppK zoW-Z4|5*h1pO={q>Pb}3X_AE<@c}*QYOqiHBQc`Au;17+7mi9W()q6o=-QYV7~%0k z>#yOFt`Q)bjV=iL)6Yn8ad8lc6oWY$2_GqobSkX(`%&iJar~o2srNE6T<|`^OWGjv zFE%1kvY)XlNxpP)gTik{CZ^TH!_F|o;gNyP%w&t3Tl?N>a}@{#NLZkX0_%+hkiIVx zrseN-vrzTyj$71iU44C62)H3tR#_S7NMKDEECxw;Jm75jaTSo%$WQ%>p-ktnV*y`W#;tpy&ugp2j1FMtWo}kg{9O{t=4K$&)j^P z_Wmt^vNtP2pf)h^jTeMQ1{LbPCMy#YOyO25ONHN4=~%OfGHF7=*smnk2NM)ssBj?0 zBTppSPOBdw@72vvxGd+q*8Wh367iEmu>SEAQn+8RK;GNhVmlnq1%G+gin#t=?ACxZ z*2Cv`Wo4tDvDEIaYijxeys5(nwo6PR!_kH!sM{0%4ahTSBwVl%z-};6QP~6p1X3jz zHTwJdf(k3eGewMz5lggMf5N~aepiH_ByFT3R`2~gO9a8f#s(sTiwI*0Mvz&oWGOQ+ zmf<~VB@^zYldn}dl6 z?3qluP*3Yfh*wFA2Ojk^%J{?tW%S>ZDUA^9ySrsM1qCz`l6jW_7yG?XOks8Z?BfTx zPKnTh%7v*ZjN|53SWlfQNO17=SasoXbcsjf+WD=`kMBO}nc_fq@bM*SO?Z+9X#rex z3;hY2pNx&u6?2CVwO#|u|Dsy9!gREZO3)Mz3IZ9=UXjMdNr{QD^_ov&sd0}6r~I0o z?UjC_h72jZ?l?f+_6-hx0o1n8^KH-0P$Cv?)uq{4gqoTfr}$X40 z9spJakfoTIX3rH_BLrg56W-fk|J-x2%fiW5o331lP#RTFpQQd|0+7>R99T6FgL-~$91bNz<*X{`sQs=^nUR^cF^XVLp zho9HrpzejsJlMI>T3O*BGrVH+LSBvS#g1MRnz+tllFUAbM&Lc5SbZEJ552*6S3fEKJRf1VO3N6Eihp{rq-k zv>grz-l}&;>@j!*>!TUZdWVT$XPS&O8ZkSvv1U|mIT5i{?d~=WVM~dK>PW$-^;Ec$$w7{4cL#wVk9e>bV zD(=Duh|B{V?0h31a8GrS47v2IEJDDz|G5gXmLYvNvsWuPynkEqHPTG3!KtWHxmnM|Qre3UkY}YlofF>?3KAJbl#Ph4>BUObzpZ$>!oG^L8 zc|&Y0r-#r314OsIM0l!`zP$yDhsPpuvWxCYTYFf^{?3NdHk(DQ zI#crq{i`VCb@Kh~v$~$}<_x1RDJ&4eci)2Ap$I`gUOuyT?WVMqlC_KuB#Wb^`Y?%z z3bvi=u^DmESHK%td!VTqP@A9ql2-2Zn##xPCO}?tyRjuV8eJ5I ze6L4aK7PjMs;N2owypfh>%Z{Ar|7LgXLNo?tIno+J4*bJ428mzF^OlNX7@|Vp7f>m z8|O`t1*xE3x@WbBRu*la!}%63kkb5Msg&qn9~{26uOXrEBuH~>LKJ@bQ8)Zs41iv} zDF(Zf?x`8Yk<22qGLOZ zv=GYZSZ}te4Ls|imn5!moq_0PV-5e+gP|bxpG(l6?1IJqAbwa~KNpyCBePUYM2Uoe z+&0;SBJ^=&vC9@fe3xk5=gGIR{l;Ik>9LU0JrMbJg_t57m8_8e2jbC^%8HKW&^NG7 zKjVGz%NPLqYs_yI$$;Kuje{#XiMeuxS9I@ixb{mw{AcE$w0;&8Y_o{X&CCEIN%e)m zZ8%7*2QU-UV>1D}ohB&0vnP5HmfG4o`yWh~W$z~n^FP`O>XZeCYs#xdGOE&x_rR0j ziBwn;jU;93%&$}xO4=AmfepAOLJa?i(L?uc!_A|CSMG6EL2R!Iw@E! zHT!DAcpqw^|L1{L(mmY&(~II~1S+7Cz4VoGBjNouEY;-Po;Cn#eL9-XA3uUNiAWRJ zMN~f}^Fmke|A|B0=~fJY42}KLKI~rW4OT~gKgtmqUt3R4oU2y85;gM?v&$t4Y})b} zBe^XvDMons$?5J~fy=bR<=#uco-PjOWsfg?eB5Ygx;mGIAy-!;N7G+_T@ip&W>-^d z9stCAtWafCu>_myFta}G#ZXivR>aK>kE({oE1o(`3(G@wrQG>KrThQU3vhAqZb9l( zTc3QUo`uDNZapZJP_eKOh={b8RsDN*fWoSi6V~`7jda1tA^&3V`V5U&Ys2JdG1*~1S=a$ z_J9$5RJyQ7BjQ5?g;$W~X~e@x(E%52{tg-*^z;bY2|G_#UtPw5%l=f12h;$TEbO$T zc9|$y%8$uEk1VD1e*Aj;4CjfChBl8D#M-%5R~Gc=lV~LEn;@E>gc;NUbw(j?V{aN0 zjcUz9Vi&DK`~srlT&?Q8vKPI^-@U|p$<0L&=}xF?OjvXK@I*PR;(%y0cJCoXF676% zeSX_Cvg$VMJi?o1hXG3HGi!D|gg9#vYo(PY>7}`tQssous<`^x$Au0vCk@yCPJTH(D(Fh^IT?IqVdwY9OJSiwBcyVk!W+w3Zb+>M4`?vxq_5X!x zjdjZ;fP4cDKoks)j~|DL$G@uuT0&5+&jU(ZAUd*`;NM4>EC>fc5>&?8#>XqVhf`}_ zp5^WC#E<5clwbh0l$DJuK&{ndVVjqC7UBi;<4zzbwRO%es}vSSMMtB@7Hkr7n`~pV zvcK!NJ>OQRX?**38wQd}j&4Fla$g7p#g>+qDcg7BIo7`iHv5K}L)zNX@h3pZB&>Bf z)qDP%qcmzFhEOY&7O(ReCaLff2M$j7TK%^1ySEclLO{Sn!YK?`Pk&F@cCp*e6drO` z!Tu&j5|k%)c6Y0Ta=|41{rz{ATZPfk(A29m)YM)Ci*N0emBj=|z)y+( zqlkyl)BXO7P$CX|P@!!b5vJ4q_eLde^6N~!0sl{_pD>U({J5Z?c+5(V$CI%JOmJU8 zUS0jC%NIe2?o8P#GCI0>dHG9xe1JO-K}i4(0st))jUg?K{tKb|k=&Cja!k+XzY7l_ zSM{dM*PcE| zJlAH*oi6sLBSLz+jqnPT=najHU?Bpj7h9in z7=gR~%`=DEZg4784(GJ0pNr(=RKbm{)m`0R&m2IcLwrAv;#^g2FFiUr`4Mm*Fps~7 zih+C>A7_$nK*t9)FYgNoP^8&TE>n=fAr>DU2V&TZ0-2l3Dzv9at#Wm3+@|NO&D$Nw zUv2%dh4rfA6Qz_wPskA6-f&AB2XgPSvhDg^Kyb-ZQ$f#7Zz>;Nk#=jN|HanRcJ{CEjJc%NW!SK0mrN1lbndZFGOm4G=*zXP5^No5)oWph|X{ex*rDEhrqjxFFhKXotk$F7WasyEv5i&YGAu*G@y}Gh8bJufD_^0%F z2uN#?=ilEr*G`>m$k|}+FVRhoh}n8h&dcHR3Mb=v4e)(@h<_D?4x(A5{`!R@9lzo` zI?4)|Dd}{n&Uy>N63gq?2#Bz7@Cbq-;0usX9xf(e;u90}^48_DvXZyg3X6)mhDf+i zx^~8xe#wJ=^hPQNWE28O{}Lk(rKE9JDehnnoxviZ*PC&v5&vAx2F&K)#CZ=iGSGJm)mV$ z;qONY%<;|P+dnVizm!Dq@k#yIXUCyyp&z>5>nRR&Z%c-asEJtv(a)dR9FAr%@|Aw7 zRT>+BBUos5C1`y(;|M@2?<{ML{>5gH+OyLBVQyjByc0yD+A;JGQsQCXyMwS_X$+oc zH6lUY@or`1BqJH1k*CU1(b17OU!ScA?-B_-KWL(n3lO$~ON!C!nkGN8t##_Z6Uhp& zHFR&YtGzWdGiL>rH02S)aME2^2q>D6U#pqlC!d|M-`vUgVaOsW?7nvjJKx%}4&5Ei z@O{Hb?^k*(<`)p4H<~UoQ*DQY@+|WSCcUf-3!sH~4mwgC28IVWMi{UufSJ6rTB`H* z^2$d>btV50fF@#Q_EUNPP+sD*AxBv5y#~p;zM&ynx?cL_qx6>{IUSvd#5r{|ilb1K zIL7X1Sr?lLi3kVZh-0x((%o?zM1|iGg(?#o|BjEJ(O}_xOy@)GrU04 zUNm_sXnOi2+X@Te@qA(=RBeR&BPbxi=2pi68ub>;#v623Q9&vWl&1AnW$Z~8@s(Fl z7&lCfj7$L4RT@pLGzbJ9Nf-(E?a58!;?FY_%@(&8;2-+|Htd(Xtq2;g7*i8Sy?i=g z7aC$GjNLZI{v}wl>7L<%0_9rpm{q)BTtMUGR7$>BA;l_~QxBP5)lz85fP=OJ48xSkS>u1>F#&jy3Rgp ze`oLS{oe07*Y*B$_O;f;#h%Xj#2w=|eq)R$`&;$~%ofLy!Tc0o0sF1!U~K3AzB0#A zU>~E}lCkAWKZJ$;n3z01)0uzI^=3n2QHN1us#pI02a{JmhEgbbdCU~oCm|^rsJioe_4h2a*jtUeTG8I_8{@a$UEZO~iZ7;q)7qedWo~l% zOs4pUh_KvTr)_tR?4=J9P0e2PE(BM0!}+AFte1~hSyxVd-U_gfTgMsrjA$Ttaj3n# z=9=fKs@~g_wJooFeII3`xq7IpOtoEXo3DWR)^!u>BAT1b7ZWpZryjd5Y+N}k+S<_s zXGeZpU_!!H!{J>yFhplf!h z)eKnecY8UJkeg>0Xxzfna{OjSOw7hA?zIhEn2&~c7CAs=ZXbVbWi!=k&D!ZvcwWJ# zx_Mzib#%yP)ei3+Vi!_r(ELCjSz=_A8nH5L;!xD))D~>#^bWsZc++|}dB><-XM}5= z!HIRA^K=)CAs~_Lq^fW3ieoSyZW*QhDYS`Z*|Y0%hLx`wa&|dB0;s?cUur40gEN+M zcy_Q5osax>heLiDtzCv9;u;6GY}xX2B>2L1c9B(^Jl?msqUANzXnYJvCg-Ea0mFeg zxuNkX8k$%2Z|RYsG-o}@ZZY(OIpA2{okOf^G4{|W)TLxeQ`7DlKb7;*5E@7hX_wrn zMZvq3A&U=A1^y^q!DGJ2tA!?0c{$(XS)Q$h;^K{6=<9)%zt`pObN5?N(?!6pS_2-l zTTQRLxt-0uIrp!Zk&!f~>68~*dVkEeUe_sWkxoQXQgZK%+6XH8ygRqPUA>7fz;lygV){Dv#xh4E6=dtd~i(R@r+qmN3n>#eHXXP>!{La zd@#`15)mi+AdL4Jf{jsMnuvanE)JSx-EH4wk0(k>R-Q$=+ocLpeQ8T%rm{ke)5@j0JyKcHG2g>qUQpMx@%T{c-jj#ICGOr}rQ z!2alZnjgJ0%PwCo+sE3^=+|2lk)L;Tp22 z@R)7Puc2*7v~?Tr6TbJ!o#W|3#*wC-=932uyF>0@Pn`%*ln}`&+^pwH<;519otKwT zmH(Cd`T1Zd8J4VLSXkMTmunQTYv=Z#Sju%q)@Zz$w{`7zSc28-aa^2}MSnamWv<0e zuR8qVuX#h-j77WE+eVp$7p45(ZCLg2_-o(CiwhHnC+ogQ3Gt2@W*3!a#D;pKIj`EYL5-TQCC!knOAZA`LT zJHB)6?%lhSE8AV%&b<23=7f!2)xe;o{bUQK*1b#EF zS=ZL)_Or1rbI8rpAVKWrt|ka^W@fBd>F+6DyY>)lf*6yGVpmylu?Wg+6r#)SiZGa( zjz`DG>wU6W^>Ar!?pd;^qT>5-m1XnRtyy2czE1rPE%q~a!%gRdH)6j{Oj>r*O7x`a z-f*VpY+hw0CClCNb%wXQR$~hh^#BwKw6|Z~-r4*xcJ%Sq1{S@;?|4mukD5%pDi;Gu zDLB7MLP7!!{DS>n=Q)ESU|V`GQcclW7-Y&z)Sb@Ir|tlHY7 zT#nGRwB1-I&q1oKs;=$?J@h~l#U#=|CF$9!z>BpXMO%Ti@i~kjLexHOM=f`Iq#&jA zmoc<0K)1_W&QVF1h1}_y(0fHAnZ)#x<55GReqhqOq_cJS1Gje~_DWR6jhr<#HTw=9 z-UN>Ynqbx%&G)Wcy#Cnw;qsyJot4AI5e3Pn)KK2;cW;WAHjYnW0VJ)flRIuY!UTSl z>%H)D~If1L4cg8FhcR4%FzNXpD zDib`t?_3*g?Yiv_n9L_06wvg%o=7;0J9_$2ZM@}6-}R^Hnd`g8{8{2(m!8=;l62+Z zW>)`$A_a?#y{jK^K~Rw7?Kdu>&3O1QOOFK8UN-^$n;R<}W|r<(TtT$br|A|w4%YFW@6vgU;f4xcmA8+cv+v4ZflDE2LcIl|y{EUgsZ-UP)lv;}M zEb}?qeXja}-?pE^cF>?oXut<2%;=9liTgC*Gr0GftZduo;IQp|94U#X3GGMIb7i2p z$o>aEeFKO4ils~Z9{x6N^)S2XZT!RKrO@vGlk9j#=fz*ikP(7IF5LAMH@S|x`#Oj5 z>Yoa{Y8LAJItWG>Rfj2c;Pt(|%@k=;M@?Sd_c=dVswNW|0qK&BXP ztT7Y^>?!EJVv!*#r8QXKDR)NN#VxF?PBCrV%fz${Ds74b1m%07O@#@D*n1kAnvzo} zKVZ-}D+!d@K!S5ZP|$GVmmKNSazLn@ zp9_^7gRv?6T#Psa*soTkK=;&%@Eg&EyEyVdIc^cluAVO1Bez@HRA4HRb@w^ zaBy%mwphV70ZLtR2Hm^9`d`#VUPp-zZ#_M|Ykx!Hb8zf9c1-8D4qTNCB#2~+WIoe0~B zZa*w6?6*H4hgMhvu7r8mPKetAh~Eri`4zaY{fXgeX}+`b@TrBTq`Z!hkAF&h3mkd1 z#4$j;9^@3Ex!g{9>E)I0$!GX;86@nw-Q|HtxVT;vb{I|cC$<=Uq7$-twU&l`f_lde@K}m)=K+1Ir(LM?Z39*9}LcS(kfNLp`;nG4lcEiBH4Q?t`C}pQ$ zj3U}O5GHG2>r9oZ(bD`71dIt1Lvlg^}#2) z_aRA9wwu;eOtaVkMe=c*DR$5?fihv2;%(pxf>_nC_49Hf286k;?Y*a$ zmvIMdinm~RiqEkC1&!6AkU7AQ-*i>Ay)a9U3vYAQVCLdFcd-Z2(d^+$sV}YBXXl4A zrhYo1SR0HM1QjvR1=Awb_cw6cwsUIG3^b=Vs9K_7@Qy9`a$zpAPoKi4<1;X2yXtC0{S2yy8$_0f{IFjHCL#s@en5b_2;>>v!#Pf+d3r zxSUwUp!8#h<=y;N1)TOg?70AU6cJ|X}Tt(~3ktN5`b z-*t4P23PKol_kPv*dOlTK+(|9xB*`Z5z{IvDnc8d#QcQ0M*(*ZjgIx(wmB9TOHkHI zug40++G`NS(B0iF5`6ia*BUH3ZMa*^7(AVwo#;7pnV6XT`1$i5bS4iTK0L|d3I0|c zsmVmmM?|TpI}+t;K0jP-2)Q+)ID7>TqYMf-6(N%YxiT~sQ$Oz0UX+)wS5?I74HWem zULgz(w?dBt>UA-iuu4)WxS~YM3vu2T=!ZYS9YM*0?{mYZO;o7iv2y=v$z-@4FCS() z0wwbgr=uA}O^vA}FS&{mH+}vqw3Fn*K#NN%bV#?K`S^rgTk}raG@b!S5RLMs7<3>< ziQO|$w_`f8fBZhKQ?Z}Gw!<>v-QP6fynaikY&OBlqfzjNZHpAJa)z>c9Lwl}_TtI* zpWAL|-44B$Jo5CsO}yo?X1NVj5yRYS&Vg^udLMJhyd9JrIRGv?Cl_+vGMV7 zxH>CCebLdsb?XqiWb$!Jva;0P5-UDkZ+xo=`5^!(zwO6Qe4qxNKYuRMHxLfxW&dY*^WH&MY}VP1sIOQ(q!BhsY#e!Cc7;(!RV$M~EMt)#QdrH>bH z`ki5U@susS=Y5#P31uHIJ!m2Eo%A2<055}$R;*aj=(4J0czTX!6W8k1PHgctVxpp5 zcRhq{ZEer*Vc@_LiJ6QHot&A5Ug{SjkT|xy&#&p5W~!*WbNx3O?$XFdail{ ze&>5U|M80}&L?Q!Z%jqkI%;Yy^kgi6eaV669)^2_0xJhU^Pr&;TX}Ix`c-+!w?C=d zrQO3!m(il}u(jo=t4R#;`Qvw|UD@P^Fg|<~gvoybv%l^92byv--FR!y8}q^6Y1<}_ z)ES@NUzM3)|Jl9u^on)emBYV3`a~$O8yDBF`dt^T?x9z*Y=%yF=+$q;bQ5POw(oR~ z5?YnYtndS~iIJmCsNdJ9N(j$P>@TP)vFSl~-ken~I@2+TWKEK>f zT;lVSb`6P%@%~Pl-x1(qqJV#C_$)0++Itc4rXfYIo<5*?)$JrGO!xK==cN2p^Zk=_&vzeC=@CG6Dy^qr5~SR#PPfV$M@SQ zbmrVSMlP<+Fzr1^O%;&cMoF6;NQJQ;g5gs*C9IG52XgM5lD3YHhs16wB_$Q%KioPx zjoFw3(Kd%c^9h^*g#xS0YFSxXe1V0f0TQvW5VJ09cF?$yQ$T6!wqf5n zv{_uRGTt#Y?WhOkZ|<>d9I)mrmSuE%;4+0_09bPf?wq(C*7EW@6a71jy~z}I9GToJ z7!)>7p#X|uo2SLD1XJ=!HZR^DhQ8_uomd8vR+R5bM~ue_1})8_s}Th8ZZsy=;8WyG zzgwlem*rqfz$eaR#Xh5vkyR7TnZlK!60$$TA|f=g)M`_R^OU$W(XoV)6+R>Hiw89T z9f*^WSo2`w091oK|uh_mrqkSLsDPjb}~puGp&s$q=8EsBP_&0SMNBN_vQz)W~H3gPh+UYw>)HSSs$ z78$99_NppOTr9FG7$v};uzeAu^ z3`#$bLJf(JS2-!+A3i)zpQzULc*{pDk#>RMgREBR4B9Mz2?s29Fcm6lax{=|AV>e7aT13^_X^MoPXLgX2|}ho=IwU~M9l>G$tf z^>x+GoLNS2+>IL!2uk0J_yGzjJYaMu{%uSb5cm5~BG~`HnA*;xyB%iuq=}kvIqYUW zGU{+Dow{*jkFs??H}N+hQ-DH&Kp<_rTH$)qoxQMAJoE6NqFD5P42iZFR@2w@0d@k@ z@Te`{jcl1y@c6CYycwVZzJqlPLe7BGjTyGP0K*=;xrstPi5pG>BJfvp`Yz&v-AzY_ zj)L@0DAMz@?^7#$QHCT5_Rt$}7GsIX1vp_h{Q1RkF`u#Neb_v9Vyf#YCWml}d)CvC zFb5JCAUP|lFrQUkz8=>K;#ok;^t7#5E#n-Y7x2{9*8YIqJP+LkV#J4Y^R%q&HgK9S z?=)uOEMHFC!4Cg6HacJ-8Xnk_PKPxJ8;VFlD9&rjGc`)}tfXz|>F-jId zK(tN`+wKz<>){ljS-CPBMIWinieGa(g;f%Ax(u{3>(8qPH^V{qW7K+X<>mIhl?e>! z7=A|Y{)(x2JOioxcL5M-Vb0<+PRht^-L4LMm?%65P$9x;;_m0S7P5vTa3i7&gh%h@ zc=6tVvV0hwKi$Y)N?bs|*%Ws5yfq{p0!tRLEMf6N>P1V31>Bw&<>a2A^i!J}YK1Cs zsl%gPa=_ZuFjd%$eG?@^0u^dj(;isn?lz^Gx8Y)u9xvcOyKXJ}TpPop$elav=n38F zujhsh(OW=a2TXiNGv_wq1W7T1BJS~_EAQhT7nYW;14e9nn_;K<0x9pF^9qx*U+ zvH!zrL_AM<9rXMrG~lSu&i9W~(b3U?fwKx<41@ma%*Q<3w1#jU7+;bQngTFenjSd}GYpZU!HEa2!*Dh=16-7G zMZ@@{pAWYwXGN>#{1_N;C5ZzRNLh&~4OHB`k;bkhK}|89(b|frp|@q-pa%q+xAUIFF#wS zwL3UJTzI%i+W&4;&Gv||X^VCC>yxLJzw&;4`&wk$+l?xE&CcdBXH0c$T(+wpJa`aI z|K%V-9KRbRhZe_n5#Dp_%%dph(32se!VLSeY8mB}$e2(d<+wR=C zlV?YMt=N&R=E)JI^o;Z0kTFne_)NdH5S=_hZldf?=Ss7go}%|mA|1NO^=eG z|C!$I?i(>tN1115CQK@S!>abZfvK^-VbkM(#rb`b0+<^cQ2Gtz28ObDt6zMT&k#tC z+Rk}LB*4{;K*IJ*<5}YG0t2&i9tSC4wu`)J8K!dk^O=MLZnm9lk_pj- zS1mVpdD)54H7LJ9AHfXCPeNo0ii#>j{Sf7{Pf#%ZY%$4&36F?C&+Q>f!DTB}2#s~@ zaeI%v1b|O9Y~!%2f@e7kH=G8iTw3AepuxAGE}fm%kiaACl%z(+s)Je!7{Gt4 zHeF?9rD5;)L(l+?|1&Qs1jre#khl&VEQhNsxp4IwVz(>y<=X`D_}$c0Yp3H2<5Bjl z!CuOrd#l1Aj$8x#I*NJ?P0j4;>V%vLA!IfH+7l}DKQUx!?ryL^g!UoaCQ4n@zE0SI zjf+N*ICGlOT?9q@{A7zGFg(EO+}s>;g9rzOK#k<8jwHlW7!i&r0bqtEo>sX0|HAGB z@EXr5W!PAH^y7ItVl8K(FTr>j8XEe+CYK0P-M!Rb6J_=bo8X%#-eFJzpHy>J;7LbR zH^n3{ZGg-jVc-pi=bcc}t&R*oIy)c1roYuR00a<%R`e2@E?L8IAtoX51p^jP(oNEb zXD^sRCrc1T#6?fIEgNLQ5R4BjNuiL?DiDf8vxAv!u;Igqh}!Qo89w%lw$KlNMA{1b z;=}v*PkVG=kcnb<1qFQR;zb9PR?C(xD^DsCEheA|glAGpirU=NFoHq$!CbzC0UIhXOSh7#7x`!G}M%zkdA`9iY8JLi8v^&}lk-`SSDXz87Qk7_kV-LK}+~ zCrKRW0H5yO-cPVypZ;U=1~vvUavFsK0GT6j`Hh~6;GyB+yCQo;G&Gn143#xXMon0F3*hfDk_46In0z?5;lm-4GuqenwWDwkwe>^^?y zO>Wm@{x|Q56fi{5x!Rz59H1}){;c1UjC4c7xs9wo$)Po#kO?@4kxm!#rt#*Z~h!MyUvs@rkk6cs&ERyx3oG z7s!7tpAM32fkl`6Vzjg5{u##Xso}N;y$c{fSUf|kmYHG=By9tNGJvtLIFsv%3-SfS zH12j(x>>#aOH$ba#bJcz;BrChdS_M+AaJp_%S|;0kVF-r-qjay~_db5n+2 zzI=hEeFan;(33mLN9da?JMqsd3S3)dBw#R4P#%@}8E9v5R|*hF7y6eTpsz;*)xj1;v1)mBu-T3h$OUl@LAL^=1d;5saZL1#2 zmmsY~K;q)Gja}HvcRc;39S*wnUt7fXtQXm{K5i;4z9Tw1x;#a)A`zRy^~B+)6?yq8 z@$V!0-z6s`sGQ$}>(HG3r@2Z;Kb80TvRoZOduw(ae8kau5aTJ)b21G@`{O1OH2tI-cI%JOPd-uzrf^hMQIe$6V2ra7Gd{*XD&y%p#(W zBg((wYIAj)cst(I-drTw9b1Y1ZN*2duo})SgwD-x=Vi=(iPNWQ}L<~FR$FBt{zdeW7iJznUTphgnQ6n@TJq8 z+l0odEgSR5P@x7Vd!E&A>eF`3T6W#jl9Fpto+1>*n)OkAy*zmmAbOlI!&zBbK^}e< zT~N5I?k%rPH8)5#)zH%V+}y0(m#}~1N~};d`Vwf200ENj2Nu@`)|zX3_wGfc<8>cA z+V3<{_%2?*Ui)zdQsg_BwgZ!n8?eV%4>w!GjSCJ9X1GO>@$oI+zI{Uj_Y@IKpg;5B z!@&<%L$~$~+2QEP28)%VGUwaIip01?gIm6&n+PgTc*rX*p+3dF<&2p58>X1Gh!BJ- zU&zSF=nfb<JR?+?rH?gp`rlS1S-FB3>HxLsSKZ%VjL9by2Xksu%q(Wo%h)-QN zZ6kzI8OF@!oDG{sx<4f(}Xe^1dmC(tEYD_d>*vh8(7+WxH*ymYxO^}`+H zB<2s6Y*sa78*Up#iD8#%GtCJWR2_j%zre;x)`vrl5OmH(4O$Crgz5c4XeVLG@t?;1 z4A2i8@;pyM|5i9a{&NhSVce*ERFD8Lvum1K6mVe0iU+5Qfd?oaqE;11tt^Q6~r`(QANO%d7{pGV~g}PMsx8 zJSk*3{>o^?|51lXqU2jHw(ks8Opz6g+(9|e)K|i)ej!;`4dtI=6EcgT0+6$^;>Vrr z=+)5^HnX<@8v6wqq$cjxk)uc5mfXN8~J+4Bu+EIB(8#Ba0#Ai-A_33VvO};$HsJ=OV1>zp)eqH zBUr&lv<&MI?@5$Y6jH0f$_**bo`VNza1rRLvHScb?V$M=O^NSY+vI*%i%;QkBb_V` z?b6*R=Eo`}J4=d-zd))n1nErXp3967+#|_oOMwywIL{wB5FgQ_Vqo;7o;}|94TUFIVNW#a)$5quv?A^TNp;ExX zvs;d6z`}PjLdJZ%{XaS^Syk$PFI)+=@V9=8$t|1P2KZCf@WrBP{KR_7(fy*q3kJSnLx(bLu`y{=y=eqUfuUebKe;Syz>>(A8|nB z!7@mK{fQ1kZ*(K*Vj6XIbr9Snz7DaCH;tSBRq>kK<1#x9dI1~#($dmW5~P^i6Vadl zdNnOAa>(|h#zeE_46zbHhc@7v*le{LtP8{y%dw}tesTEVK@r61kt|+Z%Ace=g0gYR zn;dodQCm$&)UXY6fcHnX5!q02|44+kIZs(t)fP0^&Vr67p_B9H)ThzPyi;U_#fj`D zib>A|s8Z3|A}T*w*~FZw1_3)Zlz<3x0UNl3NPR$Xs{$y=A2n9!qoZ_|`W3M*9xFRR zB_JT6-voVdVsiS}78Jcfmp?{Zj%xXWgMkDFPL;D#QtRFV0}NXtIrB4=TSHg?xeqmX zb39E+NkMV=Aw0Z&p~-$_ygT}rB)hI?6^3y>Nh%|(+33jh9P=X8+Le+DyWW7f07pXV zeDh{YY7%RSNZvb0{xefIa6YteUr=FJxaY}Mmz53k!;~M-qpQE7$wKq+Gjq|mmsp2z zoH;Em3^*{Nw{qRhSE0YL(S4Rdqvg_^--gYbA0W<3G3m~dT|Bx(nU%6z!2kle?4qNY z&e;DxW9$Gn4j3u92$)a+m%G2Wct6W10Idm`4n@AjD?Sg3-m1V0F5vEcY!2x~e##^k z%?2rLm4a`z3{cnpbIa;Bhk^PjD|?2FO#jl|mHbAFN#!JA`p8ywBt0W%j*g9rk~TL| zGzI3taCSnEOe(Z`2d|PP2AR~u*slR`=xUK`i{`WH&6`sqMUC=n+&IrO`qW|PhvEtw zDw_>-TvKTCMO#nmBd)6rJ4g=F%}9|A`Anwxb3`5$x?~c*FH$MB`u04o(0^4g9e4T< zMx#t<_DDrV1%-khUM;eCy~?>_{%{Sr)5PkFQF{YD`q^4toCprPRnKCekpp+u6G>Gxo24*2z{OP4)mkl(WocRsO&?E}f2E-qN z(?v-#-_xgA+jTgFuKwX&a_H=>hZDONX2!?HhCq<2qmqFH`4!i#%TCkSfk=ukB@5N~ zrK?w$QAn@#A{Zrog{E8ovIS@uQlo0^Z#}?ggNY6mIbn-2=0?^B9cXX;T3XsUkppx@ zE;_iYhDI;$8NmA`T+Rntu>K%;y;5t}Uwt>J-MfGH-FD-ep2id4J?3ptiD4!**czSH zhUzj93<7C!B52N^^zpyffi8BK09 z`2xuwJv}`^oyt}{`%wXyvn;r}27u)x4byuhR8QM3Ro%PcvXW9sQ=@{SVsQtt4?~@w zecC`;fi(W`90P)O0d*UZ%ATiM_P0!5Rr zkZnqC8r+tvfzQ8zqdIe(*Og9wVma{3hWLWV~cPiVpr;qw_oj06=@e(;BYnDU2bkh$!2 zBM<>pgsahjyfHJ@6Tz&9VC-zf7;+%`m)Sl9s%LV`L1pG3@R1||g5Oev`t+~>g4H)~ z-VDpaDyU=hjrkg!G6ivyNzx%y7fUF=Te?aq4|tm`f~t-!gIL3&&4ri3wMGsX^sJs9 zD;XEPEy*G1Nf71>0hy0nUDrX$N4Pvp3aO}^37D2wpl^!*asU{|U6_34 z%4cFsWEUgBibKgg)^`-0qr&?TTDk9Vlr;)@H0%d--;uJa*n)b+x4Lck}OqxtW|J%}w%U!gN$pj=v9 zoWwm|x^m?{cx0nKQVHX#*uLRmSe5drv-Kk|JZyV@uVsV2MWdI&Ol9A21v%X4dkXkQ zA?6*%tpvV^cz#U#`XiMvB|l$R^zkZ-3@oL+acIcM2uDG%0!S;LU+F8stizpAUtcdp zdtLwNLIMhPLt&&z`z*PEK53OD{Dg8?dGO3hR0DwBJJiD)sIQv8JQt*jm;`k|A4#Da zExH6|#Ixh-zQ4)>`HZE7MKmUq@Wt>4CXTZPc86G5^^6(nwBV}t8f&VnsyIB)=Wf?I&Lem;mDWnVWctPGUyF(6U53h44;S)V za&*_zFfCo;y?R9?EA!L$KQtoW4M#iHOCE06eC%DZeuvC$Z!7Mzu^U-KXAjqW<+}R) z@TG3OSWZ}*o_%!0rfkwiVE+9( zp>%8QTc=OYO!mpfDdogGsu>gK_4|l$=BBcIg;@*ViJixhbzZ&egvFiVn2CYe4v1EV zLi@>NOMa&CIMf)VY0|$AZ2;J|j#4{ips627}XWDgl7$2P}KscR|vvS&G#t28fM0^kQx{4b&Q*}h^k7-n=Z>=_$r(699nbIVnb(I|PEWR0*|e@!DJZj>h;1~fl#IGHSNO=@KC@0euG2@e$dIp1C zFDhO0dy2Mcf^K3HPt+~yV_HoCDYiBCZuuz^0UZ16?SB^TPFt+i9cDq~Tf9kKOyjgq zOS@jqqb;^(6FNH>bXjOm42iI?u*BrkTbtD8JWwg?EDH$8obNZ-fk!v=bt?6x4Tsxy z_DBizf3G^-bD5Qu)f=G(;axtcP#UjnL?`Y>Qw2$<~qyv$GfMbdFM`Q`$0XrnN;c<8^$vQTBXICqy_zgge}g@j15#q>g{~Vtuf==(jMu3%=nIy61CfUii2!r&xYxtG*P4P z8yvN3pY82$ey`HPYE&@WYcyYyxe?#oBodOz(-^HQhYwLoQySzQ*PkqEiJ~qkDUnOF zXbN~A8>oqQ-QBfDrL*urfW+CexraLgta?B4O*R_yS}no?$=C7X3MZaQr<>gIat9_% zWOCk z{T{B&@7H9NJdr-!C2c=*1zNcMLSWf z+vX;KQISRjDioidkc=XVgc&_barpaIc%78}@bM%5XbR%*CB}?)$D-Y;@4(@lP@o}e zh?krKzNI>)MBPpBC9Ta5D#VK!U_rrSOEensaPmGX6Ie0zJAZ>;=u&Gg79w0Hqn<$)0niZa-m=tB%pP197)*}V$r z#|Ube@GiXjDiwGOR5J$kc(?O6E=62na8LzKRpZ66c-Vx6_N> z9NvvDjIgIi+_Kd1)(2$7h*yNkMpbL#aT{MjQCzt;Ug7p4eo-k^7f{lVOO3+sblCkU z88ktz{4CoP@0^6$$_v~@XJ}aDS6GOAQA;8@W7HduUB)Kp1>B}p@NBPK(j8UY{225k zekC;MPq!Zs_NH2Qe2>7d=+n5a^;(Mu{7f#F3Qjhj!1TIx`}S9?U|vi+*l%R5@Y-Jp zsYQcCv+ik8uwK{D`S!DiqzxPt7Di3x{#1e zmzrmI;E^HP=tv|(wrZTUgxX}-n-cx;NrCB9bz+7m%5aT*I&(5dMuU&q9>V6LM8-2D zl)jdo-aGh=G|VuuKurnl5VSH$fCsG+Y$x9j2P!hxbW{5irgIn;hMw9YU@@Q!qw?6D zA6ZvrWxIkH=5GT3K8FL!?tam8ugFK$7%x&}qtv$7vAF*+A_9z@B>ca4AnwaJq0U~g zRZ?Iv5*m$)fZ~oc=*CK7|A=EM#F#p!`Sk@1czaR@GptMb`@(-gPoiYGlValVw|%T_ zN9=%fQ$~{#*kI&kVp_+wNmzi=o5y+L)}(lh&kKktTSXtI_=NO^_LjO8_=&m}^iLKSWY4;l zY_*+<)A0!|df8FhGRG|7w)|&>0GJ5n#^X9hh^$qF$5lvP$6iSq= z&$wp+26QC-QfzUzf}+l>s~su9Zb_k}x$0KSGA^NXZ)e;{aZvm3dtr1rEb~~5Liu`C z_L|f0pVzKEB|o3w<>~*e7p}+8{?FU}ul`ih5N9=FC#c#rFvbGUTTe zdC@>AM{Y8wtdglG`TSz>1Aa{8{cSGX7!J(;`w{RzclQ7DNcoRD`}%AB)w$8omGXyT32z|8q6|8?MInYqGQ`-MEB~4UEk7 zG>f9RRO(e4r1K98@vG2k{;=SYa+9km|JO{Rk4*p;Jf35$N`ek-mp|Rr9JCsos8erA zG_Sv&;>0&uTGl8>H!8gK_nUS-{m2_CIALooHP@@EBPMb06J2ySKn!oqE6L$AEF0boDCHT#41_Fj_(#(gp z8GjMT@DHK47aFWHcdRx&moXZ#gDcKnCPMdXSLSdwQ=w_gtln#%>h^cBdGU2ET^VK; zFL}d@ofQ})+@3yd6mH9m9eh?PAChAxlzOGiz*Z*ecIktC86F*L4;weAl$GEzOb@Ug z=n~eSHXcZwZLJ>HYM!_edYff*tnFxfV4Yihse#<+<(vLyzqoHHCJY>QHg7q>s~s>j z$k*Y!&uG!uORIC!HqC&^!55>_=|UxvIx+7pC8hXBqvyI}TlD>yTi63lZJM57&#eE@ zFXsm~kc&;lvnuR0zQAep$)w6l`v4p1KK>A2>odyN$JFd>>Y8>aC0=0(vwD|&OLAb= z&C$5reejl2RLXl!>tDQ#nHd9<5u?>yQH5Xgsv;^wJth6D?D~uw*3xQJeSPn1KAwN< zj#wsB;kwi{CDQh@QI>;uQ{y7dbGS2$3^(<0F0=)WjxsbiXfX^nn_DF8{(fMazgZ5y zo8h-@248!;=sf0yhg`49j2HOKeD75EXbw1(DYW17+EGn8x3BacLnC$ls!Ip;Q@TD- z9N1z_#MK8fEcIQFo0$yQc0RY6toDd4J1G#)7WFaWEB&lXf$0@H9|qgm$g5)?3i5^Q zMV_~h#2Sc4HFH}oPMMR!w8Qq}2eAzMX1$1pOzS~9qyBUieZSJAxmTrv+2d1DeD=~! zt%G8wk{wnxa>oa~i~YuLt`o4jnrCkkAdzZjhQWGMN%_hZPXp!A;o_w6?8cGG*#_O& zVh^X-sp&^NCsWua8%MenE$Y`sR2EHEDgj&m*pgv2=VnyCPP@H+u%uwf-Jr027jt{; z;w?Pe!EV^DRVp?~USn(<&iXa5X! zefTkpTAxuD2Ad;Yel~jawo^UT)A8|D;v=E?+h-D3V;er`DTL^mZ6DiN_CY;;xLJQW zC9dda*G{9{8vT+jDyiJU8C~C<7i*iR2P`X%zK2X)aQpgH!oJ-{{CT}{)kj=>eQP}* zN4rdRVQ(Ar44cAlb$t%*JJ^#9q!z!sHT*JP$dT@NTdCjs^h*7kOX{NS6_p014=VHH zEk&)MR3T)a+H~k#?}5pXMTcg-Rw}Op;{Nher}STqq|OzIo9a!(w`8YwCSB>e;@qDZ$RQg<+`gJ?&{QEm5Thr^qGbgr-$F!v;l&a?cs&fxX5l`B@X5clBUFu1fNuZT21SZHz18`PkP|@4g*Ak_6SxqM$bE!8tld!XbOj3^% zvt!Sh3WI2c{end84`-&&2R6=!C8Go^ofe+6VD>XUL;fudm>E7XKDmu^HgQz>Q)ZdJ zrNzuxzjtQod_cA30lV>XMU(onV{O&KA()XeM^ro+l&oZh41WaQ(wFyOA}{Z&N+K%j zr^PG2#|=y?WqXp9j4#tCfNyevRa<%3-Pg9`llb#sr(L5}(h?sMHA8Jfku{9;7ZE zN@tbvk=d(-eQ%3U+crM47N-~t_B2b8fZfMbB_;$kYHa3gz1m-`RF5gLPSA^Oat~-c zkm+ls(!0)H+h@9p+jF}5yL9`$S>;-OgW|x{j(Y(%jIw_A)(hi7!V)7DK86_!P3j6Q zBBS#L%`XS-M;8b7(#8RtqK*e}lPJS*j+UK|;a)|0X1AqyURRU6Y})?fmr)j_iD zSQ}eez<{lZ$AEEPE7j=FpB-`|pJOCbT3kmWC)br#RZ87DW^i>;e0t1_w)BaLV0hCk zbW!5-#%nD{vsjgFJ8EuP=6prai@U!;Xiv1dMDmXbMcZsTA1)pSg(-`jUPsOMZ=_t$ zT(lgki=;p0MLOf<4ie9K$3OO$&zo~i5?m|s?_P@c*-;!ynz^@0mEqsPUR7Ng?4i2M z6AXzu&tFE;pYyWnu`aI;$+Wq%%~@l#Ym*Lzax*bL;Ch??|G)Zk{N~N;)m7>+teCzH zRF$)u==G)_zo1{{fHbU literal 40175 zcmd3ObyQVf+wGx|F6j_Nx{;7BX%J}vY3c3`X=#ye5b2WcZlqf}B&9p=I=}aQzkj|v z#*K0RxDFjdH|OlV*ILgrpE>8VmSIYYQs^keC=dt)T}E0$83KWg1%G}bBZ4cDxIroq z$P0*!gs7@p+QE{mCf@8a((w^~LgV>IK4gY32&&z|EwhA{hOc>ub7*vJBV?FlmiJo{ zHfi3M6B~s|Di|6%a3yq;qf%)?Dq+4jVHL{#Mo1{#eh6SQ$YaS$y1o;@9DT`eYC1A} zz^gZs=9rKe7dPbKaGGU`mY3&%C5B8Hh;_K_3D@x7b&-UgGdTT4$i+H|T z=OyUR#rip!g!O{EyN#W8*HK#|Be@Wy|M}tsUEvfqcP%#^eSCoJr%&@U7tl{5Q~Khl zt0xqws()UYdH(M!LU>fqpnnY=r<1_>=gYb8L#hAyv}7)p%s-Ebkfi+j&l?d&ic$ab zJ$B-te?7_YHA?J1AMQ5$_l+JmzkdB16B|2j)-XIQPfbHpJIEbW`V;?OFGjPzzFzTZ z2p<_9mPxx7?eFip@+ut*3x=6;J#MIJ4#H9;$bCdT9IX? z#VV}5gbahKbg}WG`O|gI&KY#Qgx|I-@cs;B)2WN)-&r29f_IzHk&%&^`}qm=H8DB^ zBV(n{gU9#p-=`Qfz`V)6s@7tzwVIz;#~;A2li=vJd%6_A-~V+K`}hLW_i0w5x!DeR zm`OsiRH}4heQY+d@+MdBc%XHb%}W^*IS}1+aiY_~>Vq>{B@ai1$2RHp#W5th&(cZz zIm+`K7UA~f03N%wME=En90C$~%xAsFGJ>n~?@@%>PMm9g;Cvvmk^0fulK!%ppI`h% z!NQY+`>T5S4h{CM#_lW?1s1ySS6ZCllueWD56v*SsPL_4Py zu0v;3Miu#_=YjT|o?Yc3w1G6Axl2Bs8Jps*SA7bxyQsTUV0c%Q=!e#BZMfHzxDr zM2R!kE69vboP7^P9)V#OlCaVIfgmCb4g|$Pw$f;co+-Hj7u$3r>wTTi(09e+zF)-y za~HejI&TO@YkVxY_;iFwLOxYp>CfipQw}kgGL%nl{HZbas@&6nh+MV)ePRDo(nMD1 zvFiMVknfY}ccFe5qmt=;Efo(#@=NP`^tMMkvaQoWb-gyl{Jv7l0nL*I-2lil$n#GO zqzh#Jvr^W*l}BYcV%Z)H&Qu`$GMqCqGBj(gh=zatYM8YELwx??*YI$K)jWrryL*k< zZ)Tg;uUiB57xxsUjO=Rz^}gGbiwkeK7rtIsZ<##bD1N87e%?W-shMo}I9R#E`5jkB zkSuFH{ch zbvtdPY_m1&q}*H`Jl35p6rx7Buk9w~#w?1+e{uF=;l>6!KV3fy=ymQP8S3lo9l?RL zZ@?s|n_#5~XwPC&2F94iMMq;MFl(D&;TH!`NB0$Tipf$66W~R*3Z{p-q^@)(}nyj5Ys> zAaWAPh|O4xr}@GccWr54el^yaz>~H5$}uP|m3ackVQq~WMo;NZvh4l75{pKsm=$8I z`6NbmqcW;m-k)d>VaXSpM(zD9*KclLhRO%&*i9EX(+wwf<+i{dE@QA^KWpDO85>w3 z`yF*pCO}@kEHyvfCuc_G*AQQ@oHalw{=xiJH8C?&$*{hK&BS+a3$s+j?E-8M!LF`q zSc#BV24nSQgo4aiBZn@KBJxkar1s&rY2d;Ac%->hqor6CYM`mZ6i%vIbY zb2ABl2G_bR>AKhdWQ5pDcv>ZAcjH8=_=p#I zP2ww$dVH!KaB|w2ZD+adw^(B6)p~%{`L56L&IMo~8tEj$(CnyRc)p-tQ5htg_HcD< z7F%aFI2jeupuhVN8Tr)wby5)n7nnHF1V*X%t)$8t+5w|c{i>lbFPk7DaeLi_;)h*^ zflv4$;cbheV89T4t$qj^`7D{>o$IPtnPh2Kxv)-Gz8t2()(;}PlZw78y)y?ILQ(^;O6)QC_Upv^CJPBKHJ z=j}kujyoiI;31Dc{M_J#B9 z*F~s>=I(JmBi=a#7!dz1?|oetZUo?)`(b5V3y!yF|EKYiv3xoS+6No@*6UeTotX07 ze6qxBCXJ1wr?k26)+W?jMngqL$iifp{78%uz70Gm4qLqSjHF1eK}J2jyGiG=Z5{xc zkfhVB$6CWt4_7=wT}=);_lKkmuD_GV)Xx!;850^wHzWq2Gh#ZfRW7UvYS_DtsxjSe z!wz=_%zS~ErtU)0E)Nglrtl-tO+uXqo z!tGEZZ#9Hfd~NSjv~P(IjA(#Y$M#vQ(-XGOGFgjhXWYey?EJ zuK}h`Ol|S($-RolJ1jK9c?2p>%4%Y=oG#px70jsh)v}@E^Vs(3p^nv-zfJY}y(Dns zg8d{3hMdjU7QQ+{xZ%Gj9zM?|M)uYdwNTcwhs+yA`vlR5MWkW}wy#Fb)t&GxM#}b` zUQCWxrjnFcGb<&rmaDycTZz+msn;{Ta%gm3osrby#=GF`^jWvhj-LZT@9~cJ;FUTS z@-;wmN}Okv$6fY>{JA`&=_T*qtB0j(s8o3Wl>s&&#hvcSzb4vu+45rXW59Aia z+P>y1$*!3W9G56VI@xd6TX&Wqexma-n?q%)Zbhw3FumXx-NF6+mX)1pD z)1L}QyxgPE5nk7GZo|&FHGXVeN-;&`tOcH^B;B`lLV^8wzx1`o{u7{Sr~4fzl@zuT|-3LrGmtQ zI74h#g^x(P!!mQ&YSn;P= zgWXw|&8w-Yqcj~(r-gKN#~2P$k*L`*Jp_ZHI8&olaqUHZKw7$bV1iUx`UWIVOydFw zS#m?|GcAJ%_TZ^*(!fU#0=Pb>jvQY_vBV6uwXVTlva*7L`eA=$v#@vv=(DJ_$xJZ)@Zg!m-~A*<-3_AWaf z*=<+XSD-Zs3kC#j)UDfg@vJ5um5aVFxo`0`cyN|g?C%XSa>aT*MR2xE78$j)sBc66 z8BA?(#8FfbMT9tDQfsE`S#*VL1%2zj@4ERd^RreeMnFA;wEE2+oUQ24P{9D;7oT0$ zttU_MYc4Ug`2hIEdjm`e#5>sKbI=6^^MfE#ZJ*^)gxHaPYlU<5=eZfuhu|B7$1jx- zzquVJya7C=ghFWDMLF99SxU&~?7A)Fi*KkBku(LzNr2Y5HEG{3|I2s%$s>>hWiSSS@ zVN%&x{uR=8l!{>N?jRt`y6JQ3C|i&J^V{7UB{hrss|A@7{Z9|ZQi>Xr7U$9pnE?k8 zRPY#k$bEgcZO`Dn=484T{m6cp(lIHm=9jaqU9hKC82?cuT_*8A|E|Mg%qeKeCNj17 zBex2D^ObCXQQVp5etGvV#DSA}y13cLp#mD*SjbX9^U1(+125hUWkN|RT9};Ls-ka9 z2mt<0Onw%z_sUNm)x?4mSbKIrM5;poi2;Ntz?*@EDIl`t6;vaSwTADWvFzRNcPm_A}Sj)CG3;AkMN1w0FO0s7TZj&mGSyQGKSt>Nz*3 z{ko8=Lb)*brw)2yxI&!N^h}Qg_3Dpz0|QK-B}=VOsYi$-gDp$7?ye|Em>5~h{1hj- zSITl`cPUxRit@YXe{`6Ko!=Jq{kFs>6LFDL8zT`cr5zz_=}|DVIpDss<_+;C8JX6e znOHz$_%sQd0A|T0J#DNk4)@0|l2D{dOnbn3p}6U@L=l!n*}5}ce)z+!MR7DpUdnWz z52;D>%db_s8c9PP?r&T1=!jdjd`|!*!IJwKtt`CQQ>MB_KMTm4L#r##Q+K9x_arbRHIAOpxV;Kz;CP1?YJ70W5}B29Q(EnWU|%Z@Nfx_ zh`MlXneA<6JflX=$0nCw%eCW_U)h5rzIjRLmY~E6TeSoN`BhZsHI*mfv_Fp_AVlE> zLqS{BT>RA4CcH#@m+dYz!GTKR2@vGrt8hB}hF|t5jSAL_du?Okp?_GL6w506oenz?ZAy2t5Yuch=WuG|c<7|O- zx?-RAkb)zTcb^J9SG_Y=kY$I3yy^~IL^?jQ#yce5#*oLe9dOlrqqZ_XksYM8Jq*jO}!J+7fGAL}n z;NVnd3@%bM!4vdvVJZ~dg z{e|f)X6Wf3u?M$g1Ne3?(B5E%#{j!1gDkJ2vdZk3b2?#r1wh|J@ZH+=)%$t}ZgQKy zq}bl{*px$3j(2l-r#P=1etucqu|ltmMCj)JV|P(4Wn;oFupo!^x_(mS>B~DPxz9D~ zi_-jQ{0z8Lu>K-SNA1ZeqRPe7h67(;?aWmgh1Xi2FR=j)HOs1w5aI0k7#thtIdjv` zMq7oP$;uxXT6Klx`4atb8OQ0;6$z4dOHWMJ)Yws+`>n~JU)w+}r*(pYZ%(1qM#ic}=TW*7#GsgAlpkt+QW^wOUO72%T7E z$?%J@{b~=o_!^{kRf?CTl1MGOnCa@6<2|JjLuk-NC|!#z)|NPmc)9}@H% z{?-PNqSh5bvrya8@q0)NUTS2BIf9)-)kfI>F!VYVmwM7I&67CFg-NLm0nZq#sUu*y zcR+f&+vE5?QfoH58*N_BfX5)AE9+NR?iiX=zVG`&*@!7ze5xQQ5 zD^M-MN0M&u$10rMvws>9?+&ER-EP0!IXHTM1V4nKYx*x)EhbgV;7^f z@m`YBX8}9-AR>omX$OcTkIQ{O-;#_#HPqI==-*w(8<%VmDHCub8JE&uM!C(rJ)z20 z@D(tAsNl~}I-0Mf3|4|2ukTQQvl~5%Twk38E9Q$^Iq_i}HGF}|eW=gzm@<51{xpOb%b1M+T|J1>Z(B<(Q$eY0mzLPE~9 zZYOR6a|_xXor6>QHortS8as!FyY-3l33UI4D=rmD;?8Q&MqlC#>k6PH4vOV)U$r`#uiFXSO*o3GhqTKkN1{ zvK!AXW?X(4#k;=>$PI12_S+BN1;R5CAEOrti`c7z?=lwz$^07#g zbuBXn4!wUN^@i53P65iOgYrm1Akk8j-X(nWf{1=!B{OPsrOy^4N0r-0Shtfb{N?FUs39U0cY; zM*goMQT zJ8}cyb9K=IlN;!{%LG1y5(B2UtiyBLmyPT%f78rezp61!cPN2J`_gah6<>RQe%k33 zX%*|vk{81sj&!r=+1Y&PgyRSlN8ae3GnsEUdyo)U`f-1Hz5emb^T3PCu37u+es=0x zp`-jSg)v7zOn~yoYJ73v% zf30EdTo{3E^KvBvPR@emT{_(MaN5HDIh-Z9frG_W#_rYiVnNH#GW$Qb!ieR}So z+&J{_WwjSkRx`j+^i};_f<`nIPkemi1=wTfq?834WmThcI8`#NfbMknxHGyRT|fO> zEkl-JW{KnDg!bMJ9MC4&eDxeF8O2~cvI=TX4aB8N#5EYv z6QAgqS)iJYnuS}3&LATDdj%=cfIBb(VG8yp_tu#GTT~Y}TT8$r-z2~7_tDh6NXqOB z0IF@o#swHkGsN|iO6h(@<;e01{h~7O-(15AE&hJf*)zGEg=U177qnGCr_mv6g;DwO zuRCw#nK1#OCC>oon|vdt>ktBb{xZkQqrFy{=ahR}VMLlz!Y=a{pqM z(0sf>)71PDbNT`aEZ!gdAIEzyO0P%@)U*K2rxdP(2k!+aB#tSGo10w5Kx-RV@&#Qj z51Mb!pZ5ZS-#@ALA-lI@DY5cGudfo=Ys1Jys>QbEzpxq%A0pImW=H{(_%1X}`89rC9 zQs%$=j>gm8RNA&C#{V??P8YNOZyJdI&pMI+KimkNj)mTOpW&bGsX!c^1b5c=`tPO1 zBLB2^<#Yb8=I1>JXVrh2wHv%|_*MShukFPZ`iows*GBHql5w{*IEdnXclq{cxkbBr zxw%>3TVi5YUtfNnniW?f%SSO|V``Jp40Ko5E5xC}Er)}}23*^=2kznF;S6PTZ5kmV z^6~NUB!1UJmER`r?r(B(a$=H_kO3DH78Z8eoj|||gBKt_DxA)3aN;9_c6>83FnW_Z zIQaSbo&GL7|M1~MMQv?xaj|8<-FH<6`-fX+={)7@n;ZX8p8Hg#;%O@I1TP^9A0Hnq zl+4?$5%>GXa&E^z@@}4O$N)>cA6kMqnwjW0n%rANg!OsCcB zO%xe_a8eRscX#*d z-ISWEmxL+**$bfCO9+@+P>bhPPJMlSyrnfzOD{P%a5j1)yRJ_*(0wpSdHqUCm`XlW zA@)U)1!$Gp*nNzTkLUHd=RI6%(l8a7G<(hK_y6Bw_nPRwbyFR8=FVhKQ)F^vFLxV{BE~9&MAdcN;k@s7Ce9a(t#<%jeN8AbIA zqE&+6PA^FI+l&%EAo8>7*AA5kbXIwyz9YNeHIZEfxN>MA5MQXzL= znGR2>P_?46(myQh8KDs!9i51q8*gtkg{@L;P7W+e5UgP(AwE8S%}n07nUbLu>Fc+w5vv@%V&ew z5gT+cA|>H)apSaxYP6U&^cWe7^A|j{&l-6oMMYuCbXyjRoWV-l>f734Lh9`|5I=wZ zY*7DP}wziY61F@n;xa+UROZfJN4kYmEY zz#yZeZw=ZmR6q0g_XpA13nImSe});-UTM@8M*Ej2!`GWqqnriKd`!)eH6A1; zCZ?T?6B83Njn}?23#0Afk^~kO7IZ(^eD2+-U%jf?V=u-uLc2O#64%ruga!!md)!t+2|W@@pR?o=g$RuGp;XY^|FERS1+#g zyt08#Cdh_hRfeFZCVruZbCu@PK}I_#r|t@aE-WG<^K;X(k`lDL%fDSUma`zAvXtm5 z9Jdwc=H^5g;tltv3PU3!OC4Ke^KkC2jzUUHnW=G}{ZLH*!f85U*T=@qjnCS4&jGHL zl$JuDM~C+%Au|hq!t6CNGIIOXif=UbOG&@J4TIbB-Twam_H6NxV-OrvjEtyYf$QDR zXaI7t8FnMzA9rCwzw#LYwZZ{NdFSAupzL>E-fX*_^bnwzr9!7|W@ZNZulGty?eW6yr_``;a2=o--RA2{O-&7fsF!H^ zgAFZ4qZxw8XlR=wzTR8=MT|;MPnlp_3R7X>?twXMdjiYHK>!l%txu1hKp3QBzk`RIuTbk`61Ys6-Z7Iz~sz(-=YK>Q;P) z2#u_IBZ#c7kJlC*YP5cNd3(=;^`2X5a{U0(85IS^5Tg11J+^j@#dGkF^+64Fb&g8S z;ns)C--yweMiJ=5uS3In3@^_{g{#1>ByJEl+-74hdI^pA(xVWNkp39}8QCvGBcpkM zS@Qs>22an%hUqogdGYf`0Px z@$na*WG}!QD}bR^kM}oB!oqFK4ge;tb|>-j&lTKKUaz(mi(V!eI9)}KEPcP|o$=10=`=fBIu%?-rSeo$4# zySqOdod*!DDJ%P>+*1EXmM$29>n7Z7Z+~NyT5hw z0GBo8<kBE> zZAk$y@iUTyhoew+km}{jWE~b$0#;pP$Q*#px!uY9c`#Rm5Oqz>erwyoZ}e7&iw!k< z&{7@n6D%hgze@y+KFCVji3wKY$g~_|e>)mda_kGK2fRe5rW4nz1%n)(%opk~&({M7;|!>C@O zPf1CMxNlK#zu|1X^90OOc1h<@tGK>-5^gII2?=;W+g`*C9IuD78iJT!gdhRt2d%jI z?=pMS-Z(;ltR>?#L3_Mgc`^iRh!x(G#A{ClC1;io)6ri@_V_Qqv-MU0o)kgMg>rIo z68h!K=lJ;N5dD=_Z%7f}Rd|n~)Ba4Pr{1sFDspmifH{cJssU-ADb=oYJ23>g@!HL+ zXqq(7($aG1fuETf9dM%-kBcI;qwn9TzyJ8r+0zr`In`n|PNmc6^b90#Kk%8r=+X9W zswMAG;9&t(Ha0Qg_B@8m9F?-OV_Wup@-ES?!x$MExjv{Gjfsm>DK1eilu%d42c@wt z8n8Lw62Als*U(xA2oIn);J261%Bq`cCfwy5@__}IwU_~8{Rn&EVvX`YLW~eV(msRN zi6CVE{5v5x_a(ROazt7hX+Q@DsKsyIyxAGchP!ImKD)s}hKCeM`m|jwdjj6Rv)sZ@ zqnH*dm&n4!=a$bk-F#T=yHIC4%3OZaP*YW9>Eu1#mpZz=vE;haL!jpc)1n&<2m%$L z6QZJ`7p+i!4jn^<>yhqalPe}b34bLztBDJ>D%+CE*<6sGqQX-tFFTElj4A;n9^N`S zICN$RdZLj>183!wYky(tN%$G%_ritdci*L{JIAucW8>q4CMJ{*R@x{!Iy#{An%ibE zG}HGnnQ>_QtP-STcVFL2dirNnvB+Q^YG&qhr7#17f@%grr$R%K!5-E1+lzg|HxAU2 zQKVsj{J}zMZC9c|N}nIh;{t9A_|iq0>3GgtC}ryG>cS=`j{?aJClb(?&%V^?93Yn6 z9)N^t!Ms0TMGHbdCOth8NUqJTEm4-l0Cq%9PR{egB@&Ht-BKPrK^d`ZEYMqeYhpqJ z3K$|3L7G9ymdPywdluOM%}?WZ#Q;gt34pJ{=iyfC=y{k#MNQ3Hz<*~oH1a1!Y2rF& zW-bfSV}4dt_@$p6JaByQ`Jj&`DKC1k+Efohm`k8%?rZ*Fd` z0D1I1FV6rFuOuE@z;GK*Rqs%Q>C2l>Q2<@A2SnQHcP%=Qf-V7DeUT&~AhiuU1D_qA zoo(pyT;5s?TwK?~z#-~)d`4KjNK8yb>LmmiGsdu$diz968TeW)HL!nk)4030mkN+K zu(}gUHgcd?zc5a@BgaJ-PwaZg1ZrG`F;@9UWm-YU)@%81+Vo z`uGR|ZUG-J8wA7@lsP-s^3~LWQVt|65~wCILtBfZ4|iADN_2Jr)S!a&@bK^®Du zx=~>20T2%A3yKG$`Inco(#R+If%5CZ8iG6SvoB~BB4K>0|MB<)HjFDw(@>s*>-jFlkmmSXfvps;ebHX{!Wk3~W}S2P5MJJc5at*#NvimFcJ< z$f=r{qm7LKPz<4!ij9*qAS49oo9w5!AHL>cK(#`XJsh98i0i}=lx%jV9i@Zi77~cv z<-rF)#sLLD0e7wW;jwn&=62L_1(h8Dn-4F7quv>TQ~*^%Nl6Lf>FKHY;lmmzTXxRQ zL7?qoXlPggreB&GCn+gOe}AS_NB{KXqyuEZ@wgO4M|U@TS1`J`zP^5VR3barZ44cq z*UeVqT!jG~fMO;lCM+y0KOngDLFW$Kvj>n>04Nwh@3jB=g`Ub|`)7s{C#(XDJXC@T zIY_csCX5#W`a z55vEF87oww1+6+zWkA#ch^vxuHb>_wzuU{)+1Zg?nJw2720!EFBB!?`Cvoad7d;>ZVbMfBKW@aFRcem>2+7*?4$DfTZR5AfPnu;Q`hGOd@~* zZmmaqg@>m&EU}a?i76=~Ak`Nd$!j*Zx4R}LevUL;7HxNU3b;)JhKE#JTMO>O(}-bi zPUQBrPcnaUZLKTB&efHNFX^?DS4z$;w#`TH(bLmYeG?OP)19({0uciPN&x|Zl$xcP zEL8@;ef>ctsBdcO8W;%U_W=SJWCqCJ&!EDQl96SrGOX?FKtZu!+QQh_I15N`U0q!} z2M5^bJ~$(^`T2Qi85vQK-fQdYu)T!F97I2V{#-pg#E_DbDzgI50&W+$53oPq>*%1> zXrY7aU=@MMk<;8vs$4j=y2#P1q^b&_OU;r_BF06u|j z=^e|<nt20|P@RMqW-XATRF~n7XIe zD-$`ByGr2UQc`^$LyOJsxWK)Te)ldUQDdk~+o-%eK{uLf_rgQK;~W_$?EB0OJu54c z(Qww0mH5`a;V@K;DkoN-%YXaUpSgr}!{jyr4tGpAfY*SEbf8wot4!Z{JzUIMe|#l| zd?Qzk5o;|}5sW3KCB~At0Yn{?EX@YB*f_o3*A>TBnyow-;@71dA0rHkZux*P=2ir-_xjD~GDN^+$vW zdGqJK5BnLQm4akVOl56dqFsGrN~ZV1PdDFk-{Sri`g28#eTEp5pVN;u<(?C4oQ{r3 zsmZm@TwqLo_(A=;EwJFxn{Osj&*z~BVIGIgzEJ#QcK`Q-F#j|Ad0=!j|39AZ%XnG( ze;>Ko_&+;xV<5Loit9)M?1)k|f`3`P-r@Q9aY<9u3pRB~G=nwnZQ1+d@^!IbPW z#4~C&N8txaLjWRK+Q0hO*`dj}xVXu6=l^*3|9b=YuOmS->-0X4RuhwxAf`b*8=p~g z2c?doefw;@EZsF=Yj6;6Z2tmyyV22sz4!AoY ztM_z!LAB0t|KMqt8Dw$MB1MO{?$ap<@srK_EKLn?D0|U&VyRan|M(!E({ZV*R`#-}x4yMCI^h4G@4Y0X-sZR}QH1vR!qWjZ zj7Gu@3&EnGKw@NM2dp$hb}4nJyF0MBO1=24q$FS2$F?tkWICw8s~t75?|DX7g`+}V z2ne8oKEP*9o#$9w7B!+D!D_!&aB{+PaQq1aaXni04+)_K;RAuNjIf{w_ZJlGL(M&9 zaVZ-c4DgQgW}#CSHP;7|(b!|TwDP{TF%Z8IpO17BkIw-khJssZ9sbMBi?;0gdSn-u zOXq|O^A#8hpK27jl^dksXhJp1hL#q%Wlvv($5t~K9Gt^kN7FXij}P2E+h=Q=2WXM% z0fB+=@CaO9><`JHC{)|7z-(=8_4i9l-CdF`G|GZ>B(Bu&&|YjKU~wY@4yV`?OoxJp zt*k5u9!d|cyVhlN&ygKE(kKo}EVI*}bD0PtPH12dzBXeU$$UcRG-=kcbtfRunEU;E z!@xu`eJDtb(&Kz549WKtD>*ea;Plkt&=quG>KhxUKd4j1QmtJ{Rrzw^gyFrJkFH-) zQHe7!Jnhqq16&zc`PO!1zucq2Rt+z&v<}PG)^vTqe&jE}ew6zt_Fy9^OlTO;F*Co- zS4^+eU(>d8bnL@i@eNVQR}=wlj}uW?ZmUJuWcgq~d{;#~y_1rYb8XumuYa%nncgdN zInosXmRaz{K2OKgRCVNKnLC|CtshXWZr7izRw_{;Y$gY8CE8cE@|lmy0gkA9PJGA2 zNyR@aw|o&364dRS>^6M>87Qw~GD2(Db7Yb1Jx6RZF)~6$JrizamZ7$|7moPT9MZQz zMCuC}UAiv-E^A5@`3+HaHbKRno+a?L?Jp0^OEe$JTNi2w03j01E5ZQ_lEk@f3-K$~ zc*$nAip8XT31f_aaJ?-o>=#~z+8dRsU!fZ&@uk)KR#bJv{$hiQie+PO8oA#X;dp=I zIVB}3WxQu*I}A zt)XcPE}P{qYq#=`AAoxbT6R2zRz5!DR@Q$r>>?K=eRRnWEDllw0&>T_sZ!4}_R65h zt<^W48*mbu2a20pR5cMknzf z=F1S1rN$Y46m%1c8r|-ioJ0j4gXZla2Oh!mwXy6cgTEfD98PRmQ)%0kod6F{e>aV@twWrN!U`#CL>mvah~`hmYk-y$hIygY|gPB$=3( z(z^1*3>XfZ-KxG$n+wpZg_2j%1SmmstwuaoO(2WEE7JneXX$p$R<#UM@(wkq-$YhM zQ4Dx!G>R!!W23|K^F);8Pw0R+LHsCut}&!ADBuAQ#>H_iC$){e(C=Lg?OmMJg;C<_ z84X=~$-a9vzUXTLD512R+?G#y#yS$jMnZ~6{$#SwR#;O@t42*tJ5n-N)NBUzi|=4p3-_}iO~wcPVID;TJ}fVf%Ov&2qydpr3Sr3TpmnOPq(PBupVO6 zIBSRLzunI1Py>7@BCV-j`zsg18=-+VEDa3}U3tOka=B9fzSn&TXxJX<>ZC8NqM)Ky zI`nvIHoJi$cNHQ=*>`o<7L?v1*t}5x9OvKd{fUA%j=F$3{${g1BnAF$0hfi>`FPvv zjwV+qdxa~OkFGn`)%wQqfbY!4QFx;MT`lYC;TlY~2y%@Uf|Qg@=|ykPQV%Ufc}KJ` zS=q%aY`}SwE(S@xDxGm<>@4_aWYl<&E zH(qM>E>_PBZfpE;P$f^Z!4kOrR^>7|3KejTlqm}?JQM`baeOCGrd-%gxY7B-2n}!x z=Y&$3LRD_w@MnEzXu0^EyVPq3Ykh!ser~aAfy>@{zIi)qpSWo!7V-XUo6sce8Y<0lOM1D zRJ)kvUnG#eqN>jFCPuk^e2sOP z2KOrrj~k?FDEkFBd2}dv_rE;-{XZkUfHU^%=>Q$3t>GVI3i}Z?P}RKD(jOcp_qG4D zwFP*&SjICaW-R5rnlgm{I!=C`?iXDM^qui0*P$zj6`*3>+&nr*Mlw7<<|$KhU$S^y zpulIY+%u8;yg^e2r_=VP8s1)%?e0x80?TsecU@-3{>_bhXmqqVm}EOAFPFBmuhlI{ zNhC2ta{D@hqarBq~a zVWD};RylX6>3{YD9Imv50HF7_1u@9?lpfJ&^@Q+dt@`xy|wJ9V<%gX2bZDr6S~G?Yw2{W%Ih04)`P^6NZf55-J*i z$Wvbm9U?sk0}eQSU88Fnu{Je;8yeAw5gWGiG~aYqUr_YqyIO8QQcHwo5Zq&Lfc-W$ z@P&dBmJA-d*jqIFA$%2vlSGsG{AlI`^-TO{=r5VC79C*Z?%==uXviw4uWax;U~3;{ zvvTzD#kyi-YeyT*$-Fu{Ii?(L*-pD^S#&(|JQTdr)eMuUcReDXm|$7|6SL9ot=AaSaj!8&*8q zOtAM?&nLo&$O!wx#d-CCL*QFOAi5cmrj)6-#nRNDfqO7x|9bp~t%h`7|F0Gh`>X1c zKnDc1jiv?PNn^@C%Rmuq>2=!b4imONm}8Ze7x=uLkvdZ%uYCu0ERcqll0*l95~7kH zT+PQKJ2XTYH$;gao?TwP!jN%$>w$-lpJThy%J%xT)wGS8+H=q}B-noX@>H7l7anwj z&W~0oz+NJRo15z++dg)SDKpSLg=@S28jAgLF-uk5sPEDm?4d%0XnxS55(ByAVhq-<+F&;b#yYokV9gvcLJ$H3LY9F+11|t)YfAyCE{&1W*6xG< z`0*oX_~_4$kSz*1S4`>$j(!o5mBmq3{t5$G@gYGKZacBFC;H*yE9_Rm2^#8^2I6QY z!%5FHW_vjkK#Lai5)eU8dZ6cPh7ZECXCW{U&`%5sA7Tp(5gt|8K5;ufKNSNq1Mt$- z&DVqwKu+y9dY#c+h|yZJDQm4CV0bufV9f-&_O^M*jrwkCwJy0Ry#2ruu)T6)fV|+k z5b$|)7uNOsiw@Y5`BELLUIQA?aV&*4Im(5{D=Sf5Inf9|gh(csurDqzJJNsG*{z8& z^hTb&RZw8&whDdUG)lzYiJs|Qi!ZXlRvu2kx>{Pd+)=6L+YyRw6C+JsP*~V8LiRi6 z;oaBr^8DzEWJgCw;EHFJwPNrIkjbZz2IglF2Z6Y{Kc8d)W;!}VKg-td z_`_(|__)kN?-^lE`4e-2Dg)#x(Toe2zjj32Xcy>_riUqPy~ji25_Fc|l7y@gKL?P+ z6-5lA*<^hEiW5Py9bQpkhepJK2fWXXR)poF`kpt$6ad;;+nHBg!;7Q= z>4+QmH;y`9YHDir?i+|1gl~STaSU#p=nMCgcXW*ARF~i(VH~J5mB_R`5kx5}B4hfJ zi;8y8(KC10wvpL#M>n`r45z(8g+oN^-Wp0&DpjQtxOeBpbm^UUG*wbp{{kIa#V1ZD zXJ__LgR1fw0tk(bjbLYzcJYNYxiy(}c;k~*I7b5-co@}rgE<>JS4X8$TNcm*wa-uc z$Ip{MV=sd2cbzCztbT7qG9k|h0no-hV86v@(SQT?&CKt{Qw90#cB@(3S62%aKXE#| zjW@==LYLZV?pXayV0Y~qBCIal0jOE*Td-SQ+trwIgkZWNKtO*l`c8gHC_g8M)W>HdyKB;4 zVuE7X$gBP))sWBa7=jXxvIYXqz+jD#O&{WNI2YCFi=zyoV`2)di^eqh^~G;)fw+xS zLBiWx5DH1DJT@=b>^M5RGW)Vb17cD_Sitk> zEO?)LGTbeKhljs9Q<}!T@iLl5p|+wCy_dqv^b@kAY)D;3?FC3^Yy@QCXbPFVfPKv~(#`l^I0 zPEMYXxLjNtoi>ac;b`YKo`+~)pC=oDl3)yHQR7Vk!s8nyb&alvO#5@@XautHT4*t- zcV&(KAML#fRL*VRE_`)|%$ZB65OLG2fkqS+5~9!~Y1E)ub8eJqpb!m`RGLMD=4hl* z^ISB~^LRDvLU@^vdDza~EkT z=vbofONlO9wm9FBx#L2^x^X#B6xyTq47L5FeeKA}1vMFm( z1`FTEzcWZF5%3m8C)z)5)w|{;80Q{0)Dk?T@{Mg-AuNzc(J5YRmk6F?- z2w-T-X9jsBC4;E;=}XJ1s%tT!S##L$g)?s8#*t!ah|YQQUq?k1l|+Sy(=n^46h=l~ zt#+CjIi{L^n`ZaHja#Z$SM9$^5pdKpvtlJ$!~jX_ZMf|}2kH-jSh#3s-MY{^cU&r* zouljE9*!M%k`>yMdBMN~4CFd75F#Fp%$|JB;UB&W=E6L88T(O8%YDc z%rR;fLuD0*nilvO#wTo7Z-2R6_H-J-wivja8KDQpYv-2pfAJzaw{97Rh=C8K8rzRv zZ8(9da!ynytM~B5MFmc-XV0Gt`P1v!1ywp0=PeaWI#b=tx}^+_O5|_atTka`3cC=& zYyausTaZu1-*VZU-e!OPOtYDGpT2!gS-Z2h>^g`(evXBn?x|JyL$R`})zjU>W3>VlVAzO>@0NOD9AP;Bz^xuYb#u<<9m)I)6|cCEl|| zFfb{2jNcY>w>1!Oqz;<~h)gnIYGN()K9ripH$H2B?|#Ygd23TyxwBmoS-!rm-W8j~ zrke!Zcl3Iai|vpWtk|F5lx~_{^j7ZJ`y}H`srTh$8yVkDSL&!NTO6hsptLPY(pKoJ z?D9%|Ua$=HfE-W#6Z5NTe{Ee|;oaIxzy4Qek@8;!?LU6rzc^r`wGy{K_@>>CPiCF`Cp|5cReYa3**GvT_oE_IzgZg{Pt zth~6F=i!k7GBa*Tzw`F(((a)~kGAny4Cie>&N6D% zebg03K`swR(+^ zms9BJ>-kw1mzCYrq}ndSjWOF9Y+(n&eoEY&t5JeL;5^Hqsp<9=>{9GEn$l^+#T_oI zG`@xk6Z(VuFH>e|YZYvRJd^UqyGx;BURg0_1{oC%UiA8>sDnlaJDya3=lh(~E+_Dg z=~jFGx(U8vT3qxSH=3mHUu@_zR)4*)ka7S1@(GK{TZh^?&`j|28$)oZI5?9XW?E>L zl3sr}lL{-RDGtn*mX`bX7Z!L9s+_-k@qx3mTS@6m zVqzH$Qye8yMRNBOMj@dj*|Uo*SFXIonEkNX%!UrLl!kaeu0X8D3*J80^zH^bmwf2F?r<4wuOGilhcRr2m?+m5Mkf?q4zy2fOq&Y{ej%IciA zUyn73+0#lS8P2})AL^Xl(sb4EH3oNOXV!xH*_a!>wECgJi70CoKRmWJg&R~e{MMK4 z%Sf=T>wCf1Qds(}V<>v4HjWL{oM-MmcCulgI?YVS-)Qmkr7x5_w-;yY>yn-5!LJv_ z&<4e8eP*Z9$=o{B;1ey|pw!Orqj&-To%TeqZd zjeMM$^bI-eFvmmjSh(@+X@o()p@~x&IO(pbWu@V-q_BNZJe1RivZ5QL_iXxnwADFn zPsa7UMg!lR<^{R8d-h4?T^zBmctmZgEn{m;T6DJTmvC{5U-fV?g)_#}wZP}_%s5T7 z`T`F($LrA>4}}Wuoc67_cJpTVRJ@ryDnM89OIImZ$9(Hi)28l|E+=nK)pz@e({9&u z3ev)Pqc7XdHMpB#N6J#NhCd(sT06%E4>rfT;ykg>l1D>)1Tg26x!?^L>C`U49QVUq zijA(bV)e*}k0$YGG%duEndJ7J%~31ap4hT`@`7K@Xmxe9pj{zfXh6HRX**E6T&i&}Cw!lnVz^;6HP$l`=b%QSsq+xJ( zUkgZkoO7EL^vK!HcbbxO?%^)kb(y56%*QCLGV*~50-EluYN_(5sHpSj9@EFy`Ss6Z z;7(NVON+GG-OR5uGij`>tYV%kaQKk%!NQ!}>$o`j`^WEm`SJ&zzFWRbX!!7)V9cP^ zbIw=Ecc*OG{{5Wy5-&IPj-{leVEz=tniFiSVrVNMclq++xv4~H;~}+ApVr8^6bUv1zlQNJDFPXXlTam>mL z#qXC1HT${Rr;pb=-s_M(8?wh_NCnrxDD@!Ge&@$P(0nU-tv_U6TWYss{X zs!s=$-v8&HUC&d3gK6*tXR?Aq2rz_AS2EOq zQk%d1V%-Oman2*V z?ungADC@mq!QuV5Am9wg%}HsRe^}VPWApI|-*}Gaz2^nBP!vCG*k^ z6;VwYzDwDbVo6%N*Uj3Ctoe0F6(?95_xz4>v|u^)ckpA){=aASSMA!EZzjOhe@krd za%GdIduO<7-?>M)tx^r3W53pPxToh_%jsV)UYRQHCicqvuO_?Mm3CGKKtc!}VD~8+ zxp{%#GyLtfH$fT&Ste_|JeJNY3#B3 z>&CcsMIB}@{9fp(mFCt-w->e2pT2TsJEK-}1IMn6b(6F>rM_~Clpy9);K5P&mDs)V{Dvle%B`)N$R$}Pq+dkomio< zse?=y&m#nHL@ow}2dhUEv?tZN>(;Fk->_;{qugiV8Z=0dRSb_=;Y7q3PwiHD7aO~R z!pOt~B=H$aHfVWHW;rfUDErO^IQ#lCAW{*o9wG~&)TLSTz<01=+cp>Ucwo`)My;W= z*bR$A4+G`YP7x6%NJ8-|&3d@2YjkQVpC~1vzKSWEA@m0(Z1<&ie}*UxighOnWvC_N z5k#<xf#zoo#Tm>Cn8%-k$*m`4Wmkf}YwPZI-Fi^zDCf4EqM|jJ>CjNNFfeG9 z1{_f>4zeFxrR*9M#D;^~xn(t^c3$i)HqvI!as?p>}TN@?#+ym=Y2L=?} zt6Xfo>VboFlnqdlEyQ#ezod=0*bwamYg1T><9moIcZl0=*|>3IU6PT?G|yq&?GkO> z*6V?j)S&PL?(s$4ppRw|7yHdB9-f-QA8uX>J4E*F_!RSQehN{j6KU~Ze?euVg-z(p z&JFK#bETEk)JhN$O4P(!?(s7-w>dVfBqo8V*jSzR0xw-i^|jpjl&)O)y6g{{qT=Ek zM8#gbiq*@CiF4&F~eeBEi5lTEh3YsFXgXZ%yrqHw3Lk4yQnt90N2hxT!+pmjS z^lV@jyUm+s(Yxs&7ne5CU#euJhFU8VY2CKl=OENJ&X?Uiq+$kB^VyO!StuwG0@? zkOv0RGf&B-`OUBp$SFjAmp<}k4an4{VW@+7d3le*rU4l<4F#KY zTdCeq{YN_J1&KFJSqCyy=m2wk6eQfxeq>_@AW~6ivMASJxj_-wcMINy`RS~sU#dH> z9(0Q;Phu4h_g(o#7GCg5a+y0aE$c zd5Bs)u-L2_y~4w>IUN2z@DbDJFI_=0do!SAg-TTtPazQz!=YzRuahO&g6E%%y;zdM z(bX>OU}N)wI#vs|Ld^a*;PG$Nw1NIPnma|cG!NQ07wZ-q*P$7QWqOVDV2U*L^xmCs z4(uf+aa&h2{pHx|jNsr44i1L)?GLTBy}iAKB_;Pk_hJ*k_5IP;_i*`|ZP~4@Y@VK; z24y??uwLM;A(~)xZxGBldFuUc0DbqM0n8W(AqbP1kjK9e z(BDMaxoZ~lWE=p{dXR_Us@H1V)YD*fVl8H2*mYDE?Gc6BE(Ua8)+6f-dr|MO^9BT})dbM#Ftb zP;pXOfXmOISr{c$Z|IoW+W-~ob1~;EmTuC^%bz*7*GE54`di0`vl+c%A8(7P`}-Op zs1NVS_RjIn(eem07Z;Z%kJVgQy@@YhU%7hKDl&rulNkDd`R$C1=l+;|&}%4(2O7Uv zYFd>fUoQi;vCT48*sT^o*WNQM_o7F1J=h|C zXOr?#TCZP&*auduhus8(_-z?Y#Vo%0F{!4#^!WaY-A-f+dCSKIrCOpK6_3kY{{;zh ziYNUIHG4(=EyAoB94=LgxOfOcQ-l;ufeIEWV_yifP zgoK!U`8KcKaJYp&%}GM`_kqarln>UrXqz1YHca5wy>9qsv~$=s6eNUuys?qb;}(}W z8e9iUJ?CI1)S6pXRwrSv(ZtTy)1wEIC#%O-P*!5BUQ`A~#s?@+lX_vS`-7qA>JJ{9dEp)RJjzSj?TvBj7n($wR_Y!sOCnhG)DtcifAy|!^!mn}$(a+s;`|l+u6N-q20vp@N z)Rc?#?qfiE04{g?`V2T#KW!lUnUEoV)lniYu7+GHwglD^!PDn7940S82!E8@m;Jzj z)zA`Sd)9EA)%K4M4-GZ#*N4O(jh4-RC$8^i!LI2}oyiSRq z5cP9K=xNi5p7YYu($|2#nzP!lSOk0n9UfWM3_HE5NG+xYIh1}2y%19*ckneZ`Z%7Y`3|IX2DxIM2}S_(dT^hgU@G=Mb})R#whUV{%k zIyKeLgH7_4QDc$^45HfFdpECK#(C(F50^@kd&vvFyPe(LAA!9;@M-102a1LJb+ena zA!wMlllS?Br04_DB#c?*P?ot*dMa7(LTvv0|afxCx ztEw&nfx;e7@S0Ie`b*>jcnAszVBX4~1QR&^QbIyPbqDOk1f$}+9KJ={DM}Z2oPG@O z|NAonF6M&X5G1e+RNq%(?>p(v_!&U9DxVeKggN``+Y5gZ|7LPaVMy@Dg*KQ!&g|I~ z4+mD*#RK)V8cro<=H@DsUP*JPYS-{)hR8pN20gS-84rqBjffAs;MdZWl8VYWK9SA! zf4zFe3K8~S>FHwR#sDZl!+so&BG@)pxJeULUXCk$4v4IXh=``TT!;|idHGUazTxz9 z&SUVBQm(t%1&=whJJ@WKC31CLf zk<{kAhg&HW7}L{X3w{9uB8(f5wbN2=_eF%i$K21@&>u!_m$lpfLNlfbTr@)+&f2(R z$6CsZBjy}{Qup9XY07k9Mk^*OD|;09p1AA}9y~bEkho?zeSAI2-bja!!cTb33&1>I z%~QX4@gDHM7EC(?17dUn7yOLtQo(Muu#XGZaIK(G;)9dU+Qa`ExO^pdgBiZO0Dx zfdNC+Pq%0gwou@`_w*-y5a+71KnhF%bT#|KfRJ(NnV~AnfeV-x_FJIyGcWmsD_h4|lgpru8B)7B@z&u=hg4ku64VQv2H=zb<9QWsWT=-5@6#D)TbTYD}fRkV>F zHDV(D|9c2n{PGYTwh+=?TcqPCaGAcKKPAQ+cV^-BN83F(u}j|v;FVaM(JBs-WMkk~ zZ8LuSz}-EU*oMYBSRFxmiHUWj@zFgU2Gt$iQOAZB_yd3flNOE5IS?>$so?+Cf&1N?=t>d@!AbWmpg zD>N)vz45p#PfbCSyLaJp0L^Qfns?B*9hZ@zi;ay%F*yN)7x+t0R`JzNPEOzkui>#g z3`dW@WeHAzSn#m_4X^{8}G!7C7+koN2N<7TY`*FfXU($-+qzPnlxbu;Y4P&~wxw)9It=qPJ!6D;O35?A82VNY$ zIQtyq3PO2mX|?MFVe^NHZp zuj7Y!4xT=!TJ@3_u?1c{;GpMl7tumD>Al%In^Nx@+`Pr~~6|naU+kKeS@Sil;{Z$eh>n&5(ro8VPe<3}23%gC* z0hb8B<#hZ_{_qzeLB2bW#;+}#H?PDqM*!3n0I0s69`Ijm9CNdl)|KSDyE=9Sr~Ovw zJ@_Zp7V^ZI*Wqix4t7%$ax6`pA z^bPMjNLaw=E~EV!cRqxzs5REnO6V?pwVsFvcXh;%*Lk`Lbc_c_NA&jc{yI$7(_Th@ zbC0R(|1B?RNlp8B>A+T;W*Y$Bzzd)+(RlsMU!pC+zY?@_f z??<>roYcNyw%t+wRQ~AGEoUai`+u(dElZRES(t9y&Y^Q=olBsHN4|FPy+4+DPUj2- z(O>v|AQfvYsEL{{Ro4T7#}vI}^w+bWrD`6)*c1Yx1^;n;iQW)U!Cu+@gmPEr(2r7oOCtRr4Ziu6|Pdd;f!#rs~{0n)zn6d50ycB5F8u39$6WmNy~`p9@B6o*_Z`B8#}vL&<16Y;3zitXW29+6@|g|^AgHW&;UfjNirYAX+>>`| zo*+$kBS;9C*4Wti)2$z0q?SaV#9mTUTSvjoBs%cF?dwP z1Y_(PIyyT1nUu5(5nE7eP9T`$%aQh>hE}<>!f+{*+FK&Hh)Uz`~TuMP=o7FclQ% zOHoQc8WL|3;^9n7@dr3WEG$Tq@nfy*g*9)d9n?3g2CW5*#71Z9pI zDcjD?#s|#tr76YyM^~2%EUDK~Um>(vMuAIRbFAa*R0Rm;ez4*;;e48 zdIl3H9tap*P}sqU;uDod!Hl$3D{Gvvu(0rN9QG5u>1Py&jn0+_6gdKWjIF+2RV0N9 z$rl){IQ@jVmJ~=p{*>M|+c=%$Rvj-A*tFGikCPX5g* ze)(7E))v;^+xr>cfz%Ll`I5dC)D+-I>F9~-O?y& z2k~{v%jY@M(Bcj_gLH<2hW*HqEB%(IY(4)oP?`u$!Mu6_CKGBD2LlXCG?x_VlPAC6 zJD@C#jI)e>UlKN4l9AETV_-k={P{V=er=8bf+QOgl#s6+=k%fPN~sn@Ic3V@!Qc%jjFzn+C|Tg?b)P>uExmI)X-IhkV|%hiIp`U>~VNR`T*G$QdE{h<%)@hCU#v=&n4W6tr}VAIsogw zmzO(Z9B>`)3B5KCsCPjF|B3Zz(Pi}X_G2!S%_xPu9&8U7EMmY>&^(g}esG3Lh1zc; zS`)GlBBSe9i;OwOy^9BoE;-pX#wGpQ_=ai;_LH@gnC;k1nq~NLn&g+`4&Ck!v~J)W z?+p*amHL7$6|-AHTA#mqwZT}FIK1)XfQK^0Hm*|%zc0x}2oSMc4a+51vx2eCqETdI zy>?n!yqZV|ioYRNOqgKc_UiB7e>g5qR4SZTR;EKofQ@h$AK%8w$w`t=u#t)BA$j`H z6&Z0C;CC3WtieshmN(FtOn)l$L$l>ETi^c-lSxPUpOA${S%bgVA^m@jB22t^_3CP< zJ9~Qdr_6#PBM*=V6+2$YY=3|Mc|}E9A1l^ub+Cf?D?EGQm4kAj7d*5KF2KF+;IN>h z#c|WX0ITI{-W%g1*!zAlhMn>iRNj1Ix`)!Er@ueh57YORNOx1p5x^V+id10O@5T#8 zMp=RNWcU4F6NX*KCI=gpqh?{rR2s+DVEN)TIP3`dor(H!hv;q`5_Dph2%?t=YV9+( zEP~QK!qWe(HT0nG_1m|G%6ny92#*c9TbTTjpRfPk8qgjx&B|HfULQbqAe9r(ST$M4DK zhJRrXS^M`?JXRQP`OUB}<$_=DKlaYHZBIqvyXj01X{;^# zyPj;f&-{Avgz;>-xA9ND=R9Z+R;;ONYbY^vpW0Dh8T{)F#jIEx`JTAgOFR`66lYmM z&ZJPQH(vht09dv*_`ieEe;in%v6FQYiGF*!MK!~8Gk=O|2!9v{2LQ3VvuXS55Gfn- zS$oH26@Z<`z@VB9cd`%ENAL>rRljpT!<`c+_mx~DaHeWI;10)8^vVJ-VyK+!9`X78 z$N2A`++Ut^&K`BFTNpp~H-~C_$2d!f)2B$&;QAZOBb&80d+<0(dZH$s)6i(G)D%!u zRc-3OzMEd-*KGLLi9A+!S;3eT3{5_IQ=kFyZBlA#EC}MEL-Yw!GJqce?x4tEr0^nY z15pRz%_7(>z_-7)Y{b6-335}I)GEBOVk$8(f|SZRRu%Q*4G77j1Hnj{G>P7EMAH53Tb$W}&0I zpFlbgm0fjtfl&MSztK;W4`)R={Ws#P$6s6WlBmIQ@CVf>{y;Y`zI$nM^`RCJ`D_4n5gXDyWi!Ce8eWf-Pov(LuykTc!= z(I6~)P<)z;@^=xWtip)GjOVNgPBmVCrQejQ|k^ST_ zfC!f8;NUw(&8g2+WaK;J5J`zEO)d~NDIKg5a`f05a4DSTN9jOavqi$-47B4>b1= z4cE}J;JDy{>Bue&zcD^$6tUQktTQrgqc}rBjfIU56m>y_DOw?`%RxvqLUzP*G}=Td z0RDjgJ>|f0-gsn@y&NDMq+KgM&(17CoD?) z+7rGIDC9M-U85*gF4?75Aw-t=%a9872CoCmo-@P#5BW?iD}Ij_{n*Y8+1c3?^oNA+ zrI2_k97rHjP{U@hB;-So(RuH}fg|IJ5Vz29RmJ9@)yHTe>5@2Bz{=IDVb7xhb&Wu| zb(Fdk^L->^77tAbI**m~^utNo?9wXu$rt?Et8s)RevIT<;ZYoV-}HzlbLHmEo6#+i zh-#dziFpg*e@1`iVeo@U7E<#OnDMDso;nL93i6mXL2N^M%aq=}DJ`xO($XYI3w;)& zq@x&AC~GJqBO}?3CRrYE5t1KAnp?@Yty{M2JaS|^B6GLF*FkQg7Fs<@`47IB&P;w@ z-d{sXFaTH}AXt{;j)CfS5%uo|5doO8Q$Sz~U{{l4NW?rsgFk6!KP)}5c)r>zTy4`cN-*rWMt$g zr)iDjMi@=rMWrA5@CB;}*$CTlC)29aF;ps9q+{Cbmn3u)#09i=?8x3Di?AkE?GXT^ zYKCoMbDjV7Z-s?=Q%4jJ?N9$xGfk3}qPi(8)*Y!(M|bKa?J#ol@F41CEI17`!Tw4=bP~3qGfka1LZxbBj7< zgqux^c~|v*vcm`o2|>`_9q&N3GDNaARzEL4zwK*nC5D`k$lv4xnG<2ZKsbmSW?v+P zlf)`Ql{5;-_UlBE?+(yg%lQ@K)}Q$rO&N9!7!xU~Wc_>UrI^y6zX%|u=AL{QTYtyf|M^${NuGO zB3lq0N2cvauTSd_`!fvEOXC1plig^@Bmo!?55$UArzLUJWRe{TZVVrX z+MHN~_#p5s(BnNEQmwz9GhshO)RwHNmJYp;1Y> z0UR0Th{(rWp3evl`H8>(nkTYvM@0493aY)45mOhs1(y+Ki0|w)4r-dK{ajL zTP?lPJu@UCmKa7XCxVgK` z9$_a1Kxhk24)>7g(gAt91(bKKy4^ZtyftM(FmMer0U}{T?{n_brTg%}9)n&M*qXw7 zvxbu-U!qPy(^|5rm@2nt6T#_7qlV2Q8yElv>LZEcj$>cwzFId@ z#)?AO;UXt}?4m)7hSS1UT!gg})5x)$t9rl6}M{b+FZ2E@p$?v*#PUN;GRhsr$N~U1gf@s2)9tm58v3u z&AlEt4Ii2Cv?0sfdKHQm<|#;0UB$w}0=WQa-Yw{InBsD#$R`h=-Xk=H2wM=@KK|I( z`LU}E2u^%Z1Bv2A9V217D4&UGJhV)k&qBI~$*$JVT(=hz4z~VAXr>7Mz@~?iKGPH8 z1>%UbRMBc_a29Wkz_^7JCP-O60W#6@_@lBC7y@(eGE6LHAgE5!pH5zYMw7s9NXKrY zdDTQv)zLI9zc4bq26=oPd)igC&u;ik2J8$Y-wwvA93_+?g5#HyL{aDxtm^rb zEnOE;4EeCi0W7XVme({#T488ESl^Yn{$(6(a~tUR3JJLxkGy!`c~DTRVVj8^XblL6 zO$v77CAu3VHYLT?zjnf&zNq2S5dapi_fz0J?~U^sq1&{Gc9-!f9;42JJAS zRNl@uvl~qg1=Od`Vz*pNz>=b<36MGwOS|)-H@E`zrIx$pth0f9#Ki+v!!6=UDk_Zw z=0-KaA`ncISZN4K8MR3BVbqY&d*}Mzw+EY?#$oc)_otR8!IY?U{(P{h9UxA<=?ydw zoDve5m+S)Tb(3WdJTqH3uhxhSgTT>C%E})>kgRY<@95#L+=#+~v`&9&NfI<2k36;? z3R4_CRI@m$80eZ&Y^2{%TT@$m2wec?oXvi6B;UT#rwA?1%l#l!Tz z^(Se%*^5tr%=a39e5AJQC0%j4SnIfWYbg`|4cYJ-M3-J3{ZKkYOT*O zo~*3zrr>mINF*ls1^uc+%XwZV zQ`p)vG7Fmi%$4UJ9&C4t>YI8n06DMcyEvZIH!CSehkrKLQz%>TiLZZuX^dq5U}7Y% zKu<%t7L`zM5^XaY>cYk6$sIqQ)><7^Kt~x-O03^lAJ>{M$(tE|Noh*XNWPm*X*K0& zx1p7EW{9ttAeP*f43R85d(-udR9$iLEfnXNQYAZu8?6lu=^tz@73gWni&vk-2S=#M zNdG}OhYuR2oQrOh6t%-xFvYqwKrCrwR3Ps1_XwjE6T?B``R=8fn>pSpur;rtl*56u zdl*+kfyY6pz^S8dZI9$@#YTZRz0&A<$)XJNu8s$DbKI=EC=`>ojqGFb_r1D93Rr!f zjfs=RR(r5xk;n>i&1m2Tjg<~2?_$t<1CnqN>VZ)osyaarf& zR~q)5hBC3jnAhGz_mvF??sA;JQ~q|{j=$D$*9|N{CUyXlC|fjNPjLIVF+V8+x(UK9 zmgi3E4f7{!)_7_(_)yJ~=uD+P8m%kow?}mbtwEGsL9Ep_ro9w#IqA%ksB7QnFQ8x> zp;34Swx$*v(O0hICU3I3xVX6dRl!lFa+%rpxKBE@!p|Bgc(bMhn{p}Yv-wa;_tZ!s zrH4zp!~a%qsIN|$_;fLz8Gg&YDwLiBa{SgqO#@ge+YjHm<|#V#NeuKyT%#3gPcLRp z04o<@2*byn=%O@5#KyLC@b|0&fra0e!c%g{xam{$VynWPtMS)Qgq?ZmjS8THQ%J!l zo-`)g02hq^pm#b9jt1g&Eq+K2UNK2f)MTZ%T}{wC&z&_t2DXp~y>2m9yrP;~Ai0>Z znpl*=RsjZ#Q-;N|YK4ZQMDJUl3o0u9;DWor$CTmxD_Dd5udWdPkx+TI2&wt}`W0_g z9VV-fKr83HM>o(?X&bld3$lg4i}{jI>tt-&P-;R_k`8djc5z#aS1?DYntk0nTPP#p z-MToHEN;(1G1T8}#;#5s8=Z?IPtTsOzz{D~j8pcKL&CK%!_~Xt%3>u8^Y757c2D5v zPUWn*>i(f6Ccf*^td283#O8WJ>Y-s6PbqWYMv5^=(;^PvV+x1coM}IR9@oXK-p+gN zDD_evuF}*}5*o_UY| ziT%NTc5KQhliECNJaHJ)NoCNVahSRuk#b#Mf0oc{i925tN3ZoY&2F&NTpBaI{W)H@JcnD0V;0m+vIu!IZ*p<~! z&AM3-Vz8d~ONt8Of()v+jsdycPe@4U_)N!k#v8Etwoj4w4Kz$F941M@Q88COasUjM zur19LG&xcSkKnR`89seO!{Q^|0X~4z zH^{?vhmQ3HK(scNNg13DWmmuVDfo}i|>tihFR9uZ8d=6Gb8>OKLPvOUQ zPth(&WzKjP`w1SzK3)cI6&gQkN0WJ3$u8F&6+YoKM;YEh4=UG)$m*Fep;zM5!BuPm zv3mY%c$Rd+<|lO(h4s#Tx02`KDZ5mw=4+mH`=qaDTn?YV-v>~_=vF2yi${srQ)g>wCq2ZcV=jX)Qc~~9N$(G6QNKdc)BPv#rgW~P5=Fiily{aOiXVts)*q;A*zQUPiEEoz4_nwS~*Uq*-p+- zC@qmmeFvWapoxnwLxHQ%(Qw<5-khXz9g?f``-auZyJ;vrO#ghv|FhriUgsfC{w057 z&ALsf(og?cs{gBgr>|%D>qzR!Gqa5HI)Hq6@n88xR!YlS z?#&VMh426Em-xt%=Fi^YuUa;>Qz&g*H$KKn56ur*8%3B>DCP1($v+mmdqe%L_nPg) zJB=iL%t<@>X&<%&v;VW*}y50ZZtMR|M8kfYyDU@qPGyZPMowf90-z#%^ z&JQoOy;Bt)pIAShUn4&l{C$FToGILB)B)R1-M56v35u<39>?>HrMqc2TJN@08fo=% zbxFS8zoyHoWa%>Yw7PGG2f|unr^I{2k90=KOi%EpHcvbn?)&h-Lg9b6dA~m|3z z^yz6iB8S*SC2_dg;e0s_$uDaUbKP|{uGGwEp03}8Z-*|vnC=R5&GfVJs1!LfEpB=~ zIk1*l-#+*VL%>vsJM;Yg9gDBb&1T+x9M34y35^+CV*Qb6C4X~0o2Av_SoR}PL%T8s z$7k`DiXUgPmg+PYThFF)d~_7cTIfGwE#cQLF_Ks{Jkz;D?C0s1_Qlm##%9dryiEd3 z70H$4br||&vQJK8EOUI^e@V6JQn)&4j#;Xzl(hSn`;3(jw07Rj$$X*JN~OOtSM_K% z`&e31+@UUq;cw*|Ew6k`-5a#jAmhD9*s;4?-{^|3Vp(9Frc)4=s`cT6jipZOsO;Ru ziyguBOM!P?g6bt$G74;(Z5^3E;`lk(s4>xo>Vcw8*2lU8&lVvbnrq3CYBJX5;FTCB z++8Yj;gaG@-5}dPy-MvqI5;+@Doc$QZ;maC+{&E!<#wyl8nc$KO97Q-l0x(uw@!44 zIq0vSFCR+jardui_`uzNwYIa$+_Th4Y^h{QzoEpZv7pu;E8+FshRkZD-4;eZyZHf! z@ya1`SI}blv)OKNm2u{C%L}?fwRyVflv{jFC)2_|L@HcWspYk}hTT0RRpy=76JFdemndxCk2dJ!KBEn~vY%-Th>=eI;?+%)u50>+eDoqn#n5*rO z@@Wa$b7XWv5+98_rohlrpScjk^8Tjr?Y5%9%6esoXgh^l?29)S*)BL0+bOCkrhK=2 z&S}rRrc2^Uh!>l`T+m_OLnbeL^BMdaeQT>OcJ|jg;riU(lf2XuyuMLl`ivBly5Z1< zx6EcsgIQnq>b5jVWLQaN+y_=r?~dB%An7`6Yh^rBI^fPUUV0|Y#%yuQNh54=f`R^Y zV`|cTR@6|LUp3durR?Ex-+f*RV+J?Gsa2IweWm_(@x7q`ohw*j6=hs*Sd?-dw;C&U(1|g zlsVO`(DkL#xNx(Vc%wvCQj&;V%LpTTONQDMYnmc8p*>crwPU+wOmb^u48{4Z{_Wr+ z%1a9@DRaZah4e#`>^>4UM>8FM6x&aHqzhNjKA|JNIJrm8D65Y=M8gZ#-$IsB_DBX; zX=K{Zj@B=g^KBP1yjD6lKrb?2{ax#{dGE{QsoXz}D(Y5+nCD$d)*idESu~wJ1A_(7 zKV*-Y@26)w)!eptWHv{6uiSHPn?HpWmQF18Rn4uZip)I7F#Fj%Ia{$W)1QWx$|2X6 z#P<06Fw4uJ)&*IP#m+^R8Vx7+J@tbNq8&Y6gSF4XQ%`)_w2ET!USpwW{(7%u*Ne?l zr!D2RPY#Rovs*Vw@Ce6#lb{>)J9d}aoqBqxR9hoO(AS}}#@?ZC-IWx3%dq*JcsXx2 zr{T}hYL$KmO~m$k@CbA(n=@F}IcZ-Cs+x*24icIiGqq;28|g8Ww7*s=I_qk)SRc0M zD=x5qdw~PHWLE$8rs=pfpk4wWWll$&5nrk!|EmhLD_)s%_2nP#UZatml_lQ&Vl88x zaF)u5H;Yo!KbXm9I^|`|PG~B>P1IKNCSR`BBqb^Ickh!s zUF6a|y$nr}^ZKr(>*u>9N2mejlLh82g8TN!Jr|DtrYtGWu8}z(a;4?{fm$_tYgeQE z^kKExsIRVXlQb-q;;#DFFHQOHaBPxD=}a@%NM2f?ujeuk%7|X*$6`0Hi`BIrl(RhE zYF*V4>A$brUw3KGz8x0&SnZ`rcj-E`d9)LTn(OhC)%vZ#|QK zAj`4MjVrZ`<>b1rMe7b$PER2XfI`Vu zkv1QHI5Ai&?7-x&Uiv}1Y;tCEchJam9Ha@r&caTT)yA{XX7(BqStsA;AyQNJuvW;r|79k>L|ROm`V1 zq~}ONAKrbmkKUNHv&NFWZr(lC?RVO~@e3*5!~Z}nNeC0;_M?|0d>9x+PB*Y68@_to zq>zpL{psfu;Ut{Zd+8X0g2dHk5z|Bt1&?J~en}F#O%Jm*&1vj`993aRUz<>xfo@^z7o|m-2Gll-^zoMq>pcJG*uF)b#bcCh?gQBBfP)VX;d_IeM}vwg0SD>wFjJdeGzKBO46xcI7moJ)#XguMB5j06Z21otQu@p?31}?AE+s;m{#n>BY3!$DwuXIa<=ft#Ox&g1Nj|8zW^@WIvPU z&%GuF69o@abl1)m+Bt&k7fIqeCjP|7gk{KH@%ZvH*c+pCbX*^o$U+oVYiVeFNlz!o z^F#iF@yg63u!`wzC_NKXV_jVW|9Xyvh_*$1D1(5OcYrAJOv}_=>BkJ)`ig`1J}>Ig z=bRj#L{ZthyksC!mm_(5Gl@iJx6`wh!RFv`-8E}KO4*SziH#Ch>I1&QgL%oT37fw? zXX%40tUJvPy4*ECl8HQj*}lw7suJ%`ukUrxnKu-c+rP@@!WubDLPLxB{KlS@@5qiStHj}DG&K*w z3!c=K*a0DkLHnM;bQ#YG20cw39Uc44p(m|AH(mpd@K7LQt?J+DZNw;hG(d4(CocXV6smn^v6z9C% zh0a&v+|CvRX0C@%W6l`U4?}YY8mMZ{?NJz({C=yJ{@O{EPB*tGt?z8VA;CjRMb&{s zM$u!wYJKyxoX>e@^0p&a-(yTn>^EV*^m``oodk@Gjj6Y(KFbFskS*vg?~g}n6>ZAJ z5#IW0l)9ZjgchN|1=FfmMKJ8zl5?f z_ZJHT<4;EfL;Lr}zUS%E=@e)`Lk^=D`TgD}iD#0oUD)_<_>=9Q^;SPB+8)9nWvLWi zmW8Z~esSPHBsk|x@-5j3u`;~Ka&mrk5cN%VYHQUqc z=iT&SSy8ORuk-R*2)X?m_$K~zPorbnoYGo~<@;A{+|1gfdQ+MSW3o_;?mPe54GH%7-4O@mr~XQJ;AOo$7fd8 zZwITi+1i$-TC}qlZ4-X4PQ*UMbDWTh5$zmQ7?;akRm+ucX{TwZYs;E=Qxi0AW~$-i z86Xp}sO~3pDQeRTW7NK}@Do~*Q zD$VFby2peTSgv^I*`)mA=hub$jAF{eT2oo*&qncEXDnJ-%SJ-iN}{p&A69E_fb(H;*GVlz-M~(6!w@{N-6S-{MA?MHKP))rjJ~|n4&$M4BfgFg*h_P zF3C+y67n!5r?IZ@$4}f#RtLIBGwzA51_PJ7=Z9$b@(qxv!iyvB6f!edC=ro}Z}K*j z-=4DH6F?3y>;8`8^r&L@HmdrxW?Fp`cigR=(e9w#?DaMjnc=w=SGtzZ4>-q%36|@;Yd!DSZ{Ts79T6u^@`jGz? z9eon!Br;>FZ1b7N&rI^6-SxG4XHJt_g*g6o?cEWw>hAHws}5GZ3eLAw{MfIU;-M0i z(Eb|5l<%<;q@%4pzT35Rq|=7Agj1+7`mV-)U0&^K<`Mg$X$NT`bHdr0C zfJSR5&-bq2qX~*&+B+}kQQyn3{5@1tEGT&*i_<+Nxa8Rnj2lX=c-e3X#S)*m>L|G~ zHnP{1#LRa7jBBG>Z`ty)%#KL5EWEF{FZOiWr7E#wy*7*0c!firHf=4GJe$9Jao_t@ zL(<+z;ba=-jMQS-JWu^w1GnmOnc*OeAmQrg4QaO^p2a&X%?GhqL2n zb;HL^hBqe+aGForTdAD)!z@|MgNJn1Jb7_U5R@#oB}C>tTco#S%n1EoBcvkcC3-PjC|4HJ)pP zV6UP#B$w!16Uil}w%E6%V{akzdEe3a>Pg3x_T7MFW@?Ux6dh0dtL%3_94n&Yv8x7} z`D2e+-5#Xu$pdqHf|SDmZtqob+hgETG4{BzXzW*ZOb?2m~|~( zwLNBTJH}Wmf%$eST1W^72Ij{ln^d`71n=I?|8k4e*v;9lG z6K$`aemlMTdwDJC6Nl9sNNTRvkIwvz{bH(_hI5m4n^R;i%FOK|Y*wrtyPo-K9Lj6h z58Esy9}~u_4ts=$hhx~Rvg6lswB)E?RhXzU@hLsdO}X`&n&HV%lWLAwMP%0+ZGDe{ zO@})6dx&|uQbxYaUWO>|M znS%B~2GYdO)RYe`^p{`5gEY?59wn&VdU(L@UhChqGgw(WyP@l=Wb!qloP231g>ygd z1}A3*bq?Xt!txW#HAysIo{_HI%dqk@dkR0LlQ%|JWXJ&~-LQ*26(Y}r)HXd6ebL2p zY!|ejN^IaujA+PPw&c7Kq0rM z)08G%>Yn(})TzSlvWXMgJ>HlYRM}Iad<(BMO-rB6+O{yWLLB$C4LcM);($`U4J)pl zL%YN>$$IY{vKm)6d>*O^u}j@4>$S-w6&HTaLGM^zrJ3bzkEm2$KmY3(bIaoS_$j}U z!*=y(&ZlDYPi)Yxf2YNilL!b9Ezo_qPTjcVQVTU#tHfx1$c%_z;0s zUy_6d692-r$UtoXyCJdEKCaB&r9SHQ$S~@0e5!G`9^s1CVjJ=G2qpbgPTN zZ+T8#9?gyj2Pb5r(Pc}YQ!8$}EAL*+&W=UhSl3tNPUmpOY+B;Nvk*lASKCJdM<0I1 zDK{j^pZA%(wR)yvoM%;#V3T@Qb@7+Z@j>||IyQTD>_zl1*Bd2Aq5SBRiGcB}7(I4) zXy^?sp&S`%uYA)tOi2+-MTRoY0^2n+x0 zO%}N(;k+Kgh%BPGM^y44)Ouqw+^nSLZS5nIygd5)`eARyeStT-AvGswm6~vp!b+|f zN0#_)FS%E0LZloFL=09koX*cIj&1)8_1<^VGpcfq*@gA!P!TiMe(Y3o(fD(B)8V9- zd4x?7ca5lL#J4$iUEEanhCuxb@|Mi9%A22)i`nW)ZFNs`F-~S*XHf9^9j5v&}+vXJJfGUTD{co=|G{xM=a|KcOF}J758UgF%Py_CB$`I zBOI$vwmzwyeqtqXWUfn%MI|vDBp|xx(9z9FQH*kAG*J$FsqyHQdOMwHdnd)r$dw?{ z*zw)Ev8(OSD>>Dh5hudxW3~ofiJ8>4{&LnUqv5T&TxfsF=XaA*7bSlxH+<>YpAhX@ z+Qo5tJTNhAex*3B*yAK90?o4xzEbfMD_^&}LM8s5R^GN%m$Q+xIc6?EES)-tX~Fzu z{+y;CqUk2S6MoJ2jTmG7{^A=*0>}Kn914>{lE~C~58OW>joBC}EVV!U(@}@Tfs#p| ztCO;9xhi@S{hN#a)KKk&7@C~i(#V*6V#o(~jVdlbe!YR@xvvwNG_k@b+a-!Yq0yZ{ zF+2o>rBmYFsg|T4^SR^ISBaaJjEqfBa-@nFFga?{ybiQ~9mA}OKXVpvWoB4>Pu$ej z1K$>_x~_BJ*^o_i+=*S0?`QFZt2-MG2)>E_=JpW`a4>ol>Np1P9yN;`K?9C z%}PT`P2C)3w76f^Oax;2C1c-MjTrHGjRsL@v$6|}ZTY#`J1783(rXWRfav20_^74Vs_v;JQt`8D0+V#OO@OB?q}cBcFv<_H zHT+V69v4+F_6ktF%flOd>ub_2r#3pAfw|!BsoW(d6qV0a%VvBVs#cO?d=fWWs3()F zR?VSS+Dj}gg_YBgWNvLHqFJ9d*1sH|I?|1nCb`aL`O}|!m@2f+9)kP{QsVrm{S8G( z8%FqjRG-X?Iob}&rJdNjk8_h4w5IMN`+&p=9 zqN8pAW5G{DM@zi@!Iv@zc4?I?o$I506^~V!5zsKrPR}UQlG6LZVkIZ<( zMCqVj?!dM)@T10qW8+#VS$cMM^SigwR?ib?IcRV0SxJJ-p%_h6z>;&4jw) z>5w6UTbbA|22)7vPeX2FK=D=L#`-)@;BONi5!&AC5?HhJL+|#9lX~LJJ@3{r&D1 zXk2Xxe7=&IgCSF_Rz^Pu42wl$AXw1x2J|QS-SAU@9BG>g{W&oo#XP_r%cv9a5R&hY zV6nP2>!z|W;mzuNIjN7ef%<2A-M{~L`a>K1GW?o941Jbm&RdQVIwKrP{b}w*D7>_J z>tQlF$l7vP?hW6q6KF|fGpDw={ePgXcAR3$pIFSA`uH;ba48Xp$lrm^b@%)dEv}{{ z0(z6$wKF3E{aJ|cATc}Rh*x_M7Huh9Z~y(n#18P3FIl>GF8=cx`tIKJwo$d(jbv@y z3_MrwOffP2o&ir=F1*JTTd%U&hf-yxNj!!!I*L@TCS1OR60B)$D?EM$p&t|&s!YuT^~-ZxMA zQ4-9hroFB2qD~Fx(ZVD+V|<~_&+|3%95*y5PNpHA3uiR{>J_jI4|U#*EOGRxQv|jG zzVIRDYzxg{W1FLC{)K6tuEkSt`9256B-AchG_QxR=RJnbc5_LJ)9?8ypY+0S3^`X5 zk)666L!k<-j3Rozrt;#RMY{b7EACW~!>Iel^(B?wgXTBR(gG?I8+k>{sRrW}8>5aM zakX5ZD^p({e!U_*qTosON<4qDW45BW`NRo?$zzE^-Og|(qbEyCOR`tN8gJhs<#{!?v~^zWae~|N)Syo- zpM^wao$K(_dr?jG#ow0) z_*2M;DABOUOaE( z5SjIZv(8TC`9^6WG~$%*9XWuPiLm@ulBit-zNGLu0!cgyVwcK|M^VIecsAwYeL3FE zpkYW$BDU@sqt!?~2ATljvq5xso3(-TVjDc{7ljOatax&JcdjLm_v~t>+B)8gnV%y; zvo*JuxZR6`>5!)PGB);<4q!V0zW83FaxGq)MC>J<%~~ZcGKS|bbE(>NmVO?*F1_6A zy58zQkD71*+_?LI-8XAK>>YL(4o*+>1=rLo&(9fj|6;4P+R}F}w;+k)`4|9#k^V4K zi}`5Z)M(^x_ih*u|A^>ACuLC{vq7H&TB^Y9 zMoRmgmN^)dfIpkHlMhT6SLZ);|NTpK^@(G;3%zk{=<5;J*PYC5{%H-9yrP1c{?Vv= z=bKa-wK3ET+Y7@)uk!-!lEXwhsl`?=1w}wjR6J}Xtbap($rma8t*Jz7qmT=25+fr+ zCUr_IywLeY`_lDaSQH)CKvHcv9)9t&=G_cUx8bGTT3H*9uKYauMA=j%sO*AXLW}Wg zetEe`X6ev@D$tFaLgOBUt(wjO3_A$mN2D09NV?f)N*SJ~9@Rli%5Lm+Al$T5WuE`m zJs=uIj#~TS`W$50>({cz##M9M>JI(O*`PZBdjGwGy|Iy|^&TVL~fvyRRzF8=^pJ{oZf=uWn5BP+_GL4Z_7LGp)h6qlN7mx4k> zU|^`PTw;B1W64$z8eriV z(!F`}_wT3&`;9GVA~ZAuzhXnb3Cq%(Tl2BJ1tZ{*-6^u%(9+3iT+@dW8Fb;0~KiF@6JCL|-Y)`9G8DH1HW zoOeyIAiq+VoAND_oqaoj#9m2--{h-2b|RF)DGJSpCyWL3dkFg4+5Q(p7)as1E}?uv zP-{2!P2sbmGq{TlQ~AxBEbxqyGFM-bOi-0~QmWZRw+BmMxx<<*EMsdJ>AAJsWMrLb0x%8q2@ zlHHeD#ys6wEFNK3*p2IMn!%q@N)cV{Hda!MVlbK_%QETk_7+V@d;2Y<_>RqbrMx4W zk8hDmfXK^5ei9|W2Y?+}Bv39cCJ9?=Y9Xb!YRgVCu@;u`aRA&O%K@ZWujTj?wtdkw z@X(WG(X93nNtw6^jn3mQchUNg zq!J23d!}2!7xF^+kr0f=TXb@{=~0s|A-d`3_H&u*^zbFLp#*mD^>&dgEef^vHm<_c z#O|7|OF(-J@&7)vV%)wkOxOf`ygG6BRs|4447>Md|Js0FhLoF_icT+IB0hcZbO)4`kkulPWP7+ zhu6`&O-xK2R^mPN$4gB7LZhOiMb*>@Z``=Sl&zWFvwo;j;~cR*oZFwJ$iN9w8&zCn zr0|Cix5c8E8%IY^2?zJO$bH_cs5~PlCoj_Py-7)#=~OaBz+r1X*Km)Xo_=K{|0S2x zQN!TiVQf|{^D{Qf@0aJtVNR3H&7QmS&6tlKeev`}5f>LPRUOKZ&Aj{I0SPN>S>0-U ze7u5^QeUB7H{Nh1$<=8MEtBJc{>A0xwjvkUUW(&dJq9`*5N>GV=7X>e7 zb845f1C8MvRei=tigwc1uiv;`IZI1RZ%LsW@#hX(U0pcHWhuOKb-m(J)RUHej5vDc z&lkkmH#UsboOk&mnN8Ztt(FaoHnf`k-{^LPD`glA*45X8dFVgOC3)uM?~nZ3Y`Vtz zbTMpDX{aw*gbf}hx!>*bQ2sqH?;PW}>3?PcjFP9Ap!d0~CbBP!n-E5Q|9)GyJGL{< z?W(mkh;+2Zg@f1gfzF@LHx`zbhT7P-Lbq$LV__$!w++Fw{L5wLefy-_?W+DKF)vcj zsx=xBceFby&Jfw{n&T;_W2%k`{{*rR0s@6r%i>73+f!oGH7@PN{7-OjfRmHitzi(k~{s+8Vm58}H&4R+h{F0KUv9XE{#u#w{ST~=9nVFf->FEX$rv(KC zd3kw%y1E{O2+QhDU0gU@T3Ny2%o$xw$z=D5iHRGU5j*`(QW68n-QAt@XhbVZvCt!c z`)tKO3<9bxp4Zbbv!Zlyd%OGWaGf&xsF}!ZW^vJ`d(AR;;;e?HX_A$h=VIqueB*V4 zH)fI1uzydFB)=b?Z035pSZ{AH__CA#E`ZB6X1ZLa!9W_2%O_+8vu9`PxdvlJAzb5Ht=2VWwLf)!ZtiPlCZz<=CF7enZ&s|?yJET8y&kh`}fOhkvE)+qgu)D`-Ga+W(^A|ip4Ai z(mm}X1*}^Ams==k?TQ83_heGV7n8%(>ZYb*;cH7scL-DyRvH2SXXS||mk0e4=wX#M z>;(JE-K2DMu%eCM?_svIw4|AHSF3fyI`8i9*TXL_$2$2#9@QUsdEF%u4gU<=^6uR` z=bgVOSU5P-QUpdp{E6`}c9Er2>@!vE1a7VUL9YPJfe5=dFOB4D9c)cT4Q9&sC-9-B zh(^?Hj25<2SzTXU7MV@Q*45RG=hT{vmy}gjS^>r#cfI=l{re7-fW4FXfc*)pZrRL> zDu?~2%*Ib4Lg3jRV`DdlztPGoE!7*z(@085!E1xWoiy*V*%%3gJ48}*+GKh{tJYDV z)2`p2;x}8ERIrCVh)r>Qf%V>t!$SSNwt~V_qv0H#!?nSVNG4y{n;nS3TNpSv&11zz ziWS!65H!|n1Ktqy3H__At{1HRsS=feN~{Y}Zo zujc0FUa%jF5zc1TGY}vtzEJs_OmY#{v|yj##d!t;tHO zjgdDcCgc42`ecZZ$;I6 zG!zsW9buLl8pL|tv3JrAE>?%K@gX1T;ehR$bAJ#p^58!C{hzfmbaV24{D{@feNHu5 zX{UF*HTkyn^r#U>y$5Ecj<%-*{QS^2$BOGaJN;BEZD&_j6c%5v;hKILO~=@rkdzn znttH2va>_mfrIhAe0*Ne(&k1A{9Y2CJ}%{kCI@XYn#(B^3hiDO$F}*wiWFi|19+|! zX7gLy+qJf*sJJR{8)>Xg1z0l{;K$vn~f4t`FH2636p-R%N9p z{#I_ynPG988?-FW{SF4il0(Hq?TDEmXoW`UuhO>npR z(=}YMj5>P@t!M=7!Nj~CJDn`kpENb4bxwWOlm?eUE_zDI!$YL0H6P-1PZE#WIL&%% zLUDDXyiik5FBKAn5}utU817pJb~9yTtXRa`-(L>tH3|a4aGP>p4 z)yJ{)rW34uQdl}uRSrHeF)`8~KUzzaib-MdCH5lXKn@}=^8+6rxl*>=>3jfBFd>&C z84j)5#{s zSm{MvV{bXmjpC(%|3^(t&9;HkygbR%)zr9Pc{K;Va)`n3(f3Wpii9HQb$ot>hT0AvuS2B?8Om0kE>QvO5Rxnsh8G*hZXbTs__7U{;o)6`r!u=)_Zarm&4pCnOjhhnM02Ajm;yy^kB0nlL zBR>0#Kn?cm*`;m9-}n=ykaRjDnLHe9*kk6_*E1m)YA244R(cafW8hlv-@gwAph4l2 zK$fjsD(CT#C?}f3E~oF(uJmHxMI8Y?#n)dPVjbmN?(?kkxX*E1pIyl2K}6auWM3JWH8|Lx{^2 zJjNA`szmyDhwc=91h5|6&duS^+Q3H)*VGGCJK@BZ#Zq$(U_62 zprBxcj;!oeoK5!H1dX}d4GX{Y94XOHwGa(!xL zweM7I0E3VDcH3%SzkVg7pqN`5%v4ZRgc&|W;f3A|^>7w|4B&nZ?qVfBZ=u%NH04qn zs3P+_v-OB->2~dUcCh*_Dhj{ZpCHlg`l{+|Ewk$S>KswTp`Fl&g$x?nl-EM90}#y0 z%KAx9PcPim(9lOb^(8U!mu{ZxXHbEGmKqjE*0`Kop6=<;GcX8=iY5Vi^>C1-kd3Gb zwo?wHQH6f{(T}E9?)c)%uPuzrvqQ>#B?DB8bmh|PIJ?y8oI6yktRp*wWG;xy>$JTh zA-PEh=?Co|0L7p7c3+75kn$om3RnQOYR3?V&W?_bonrvjbPNoM4*S5WPj>#<}&t0vq>5N;q;e3%(x_=J~cyMKyMzaum7gg9vZ^7 zY$_YGS2{EpzOR0l*tEH$9rxkkNnkT^Jc<`w^mTP0GI?5M^wlAI+1@?qgB6cBA zfKUV2kMTrVAfh@L+2e-@y8{ksZEc0%35n2!z4Y}(?dCdu2DSAyGxN}nLbW54tE(%7 zQeaS!){3%2uFY!So!@npGL#kHRRh;zd60kvQ4Oc=LY@v}D<6xq{ME0isTmm^&DZV3 zL)4Rpd{XxNoh2-w5wW{HMmB`IH zPHDem3?jgZwKXFw@;r=#j1oCJa{^*9b-#X&{*3kK;rg)ELdzp?OF8VewBhlP^oy0$>}T(EMYDYa z7#_oJQ`gnC73;TsPiOi#IbaPfbH7_l<`FDOtlO1ClRtsTyLUGbEQw$+KchQtj7&X5 zfXF2nT1^4qbSUZ&ptI1DN!i$NPn>w5Sj7(-nkiq!Wt^YFJoTWB`uhdwkm$Ew@tiIM zS+5WIL3KrNDH7}Nr1|r2h4152M8x;&{YKxaD*Z*1^`&o)YNokOR{ZzJPLvsZ>!7oY&8{t zmsRn)v`lHuwg{1Iadha}a(;RT0_cj1Kgg}x6HcDIXIi?Qd3KTRw}%~rnXDt=ht~)J z_(4$cuAH14A_HdY?(oK-pgsKqQThe?6hwHX$*Eh$76R>k45MIXR@*(UwF_IxpnU!M z4lKH{v2mMNdsi2KV(-k{oaOi;a8@V+_7X}emX?-4(*Crzrcbz?_#~L`FNr~*Sy)-s z4-5o@5ES(DCxW7>si|Q-c>+v9GtJ1kYZsFN7qa04T#WL9K6m4ychy>3 zTRV7_@b{o0y!TMo-o74dHlOX|;{zq+@A!D7Xxy+5906a$Gf}dLrS=B~2Y*jZU3Qry z)RMI}zFLL50r28+a&m%a$B_mlmAOrx4|Jf*Gn|wuI+Lr$QmfUhy+$Fx6KAA3$ef=E+8^V`npOO!u<)RyS|37|50u;h>j&o)?KI*b* z*%NuZ=}%3UIbRX4Q5e2`zhJWAHELd)xs&_qAK~+4S}qX-7soESWNr7YFr#-;PSEvb zPE&1P?d1eQ6DG7~x@@eAbZjf>Zn-2|Z4&b_l!=S@od z=He%J_1oyvC>|=R@42d<+iQW%+VhD=bJJ~oZTBffPF1kp572!mF`Z0+i+wh{fmS;m z^3U5H_A@OQJaDn^82=w%5BZ;pqrbw!NdH^^O_u)8izrPNmPKLzc^Bos5BNX7i}F9c zn66{#lPafn1I?GFA6cn?2a>vY6jvx`KKbXt?G&?1Kai+a3tc0dPnsVCwqH)6wyO~ z@<1WcIyn31B^|?zA>|hgeft?U=@s31a@tAD^6V~K6Xl?G#eygcsH#I=-K7zMO1!<} zf$OKsq+0GTRU5TlEJc~In$I8w1_mNXF<|r0-k7A8(Ei4|oOb8i6N|`2bc8 zvsq|p{99TCU%Y&Y5S5^z&~tXTwN=b-B4Y4+nzxdfHzxt1)`!uR`|7n8^T;3!S6!X0 zBSgB-@VI~)y~DzA@ccaBj8ZBpDwH-kIZ&Iw0tUrjV*qf>Y&y{bO)xW>mVqG%#Hi_B z_EfPb-IGf7TGt;?oUbm=r+W*)d4McwzvW<8!k>8KZRQ}JT47<~{ONKWDHm4^U^2qb zKoi|TEk^$gV0Ec0rX3{KmEl|>0ITW5+J?nSvCex!AUK7y+fYDeqs;Wg^8!2Qfpv{_ zSi;RwDVN@49~&L*Ew|DGihKJHtcv~B>GJAWG387CAD=)EK>F_Pp8x6ZO=%e!hrL!( zkXLU1hNT4wi4GbVs1Wr4^ZdpH0Gq>d7l1HDpPQ>(>JPvkx8(GA+D#8=zxC!=2xuHX zV`ELpqJo0zFHZN-&y5E&WI;AeT>IBziQ6*tnkYP^wKZc?UCP&6S1*m}hNcK|3_|-x zfDg!3!!qm5wY4@Vhd1nJ-Ek1A1Y8&*$^t4O_vL|1&Dk2Irj}L&Xho8b%Yaj#?6uQ6 z0GeKzC}#i&I#)cbrZv~#Z46itz+^NC*qE3y)u98K^0@`T$Zp=c1?8Gby(U^Jkv|`y zJi-ccUtd_kNey}v?j#BXH1+ld!WCzimr>pVC4BJUf%DO*9vUHMI4FXFQBlg9E=HP~ z?*To+Ihm{ER8%_l7Tcl6GaK)NlI#HYeFD_FrL%Jp{y}~#g*9bAj}9uqDX3{6t`L=( z&)&3J?#i|$Kt#aq^{^`b9LlGo2JA&One>m(+D|S@_92wQKt(_Rh_82074kmaKmc#p zj@x(c+~|SH8)yrxc3aOt)zEJA!5+v}Cn76H;{;Rz$Q6JK(oA9iH+@GX;C@1fg+~=O z>&OV6vND*7Gdnwb8yQ(nAr-`;rvd^3Kr?_BHo#t_#yZ|FR_X+x-wK@8+s7vXZZiuu z8;H=^@wNnDA_N)%jmkskaAPzmU#t1%%;sh%@Gfs(Uj)}1oUBGH6p`!67f3LmzX)P< z1L%lne8;$1tr$pzNVGL4F9NuZo&s3L!oo5?J1_tk{28zy5^eRtW38qi8cQ7!(2nIQ z2@&ada=o16(J~+5yJfFdtRx2d+v-#`2ao~d>6#djzxqIg<=vqSiH`me5)wlE_9i?W zygt4$MnWRM3V>9FfZ<3`qwb-hHFR|Rn3zxj z0pTmSJYcIJ$Qh&)1uc5!pke(qjJoh|MASOi+xKKEv$%qhqT3bS3h9CSM)P)PXsCzC zDG7-i3-kHO$;`@13+NJgB_+t8AU_sE@xh7!!GAkV{NHDqg=gYO9$qhZy{wq+%XN3Z z1Nk@uIZwjQUZLW3aD1E!gbb?H?D{(DA3*iwfPotulk034jfT)bcz{bQZaOl7K2)dS z0Mefr=%@&z0E#dq9nc%e&BdVxkP{-9P4Ix#&jT^3+HJxQ2^A9&dC93y zn>TOn?C)!h7U(Q2Ec}d$Y6pRO=jbTsV9y*l@9E*N`aM+C#Imw*ux9|ANG&x5ty!9z zBhejt|8NeHA2-2!3?2M|`f=rv@GpqN-P6eTEo z_b4eTl}e1gYioIc3OgST%6n+|Ah}=zCPVK9P=*(LS#xk=- zAWZ;ku7?DLn(sY(2!)|PQQ#r4aZq)aq2_|x!(FxC#X+T370xncUr+Z+GLhd8p+CdE zV?VevP^c#{<-9Kj)ad2?`}fguCml~qD-bpu6x|3qjhoPI>RVgyF)%RH7r@6piHR>k zTBM)YuuA<1a?3K1PXwz&h(|#ALn*f*bHGnQ$}1?)gf0i5`c@t|HB%1D1cYuE7Fk(Y z;Bb{~nj;|DcMPPAkrDgG=~~llYP!`mvDl4ETxt$vjFE=QI{G&_n5XOJR6H9I{_-(C zv@Bt5&}x7GM$*$;w!E>u)ETu%BMfUc?2;pKpR^(l5G>ms7WnuBA+UZyqJOB`K0%K$SeSJmTiP>0K!V(e^glRAT zanOT(d~1cluG}pB;5cY88<57fF=ZJUE+T{-y2_DY6T)L>Px%iApfJtPB0KoV!Wl{r zBN>yElW7hVTHpqkX)MMK7}{i`v;+rZJs{%lfX>pLnOmb|K$)SG-PGBc-M2V0Hl}H0 zq?~E;{K#2$|32#L|9UleK0G4wzd_j>CRvgHdQ-UR|K?3$B|l_*b?oBb zCI56ez|Qfz=(+>?uK$goGo?hd#W1t}L7pemuc-f5UQGUop*0!8L{L5CaVcgjs|$sH{AGu3F7;1X>$n{XYLo z>~fXYQKu}_+6AJDI-Z*P)Mno6tP*35OCzP>>#kBSs^V%2t`XZZ^tg;O2cpPqHr0`* zQEzTx0c#&I6p0^wexw> z9T>ZMz_%{g@o~rYV{dv5o`e&&j2zakz7x}BmUTaC}tD=zNA*JEXB?X<w5xxM$W=QlY^-2ul1-`9fTuJfo%ecGAeI|>ltSI zgIVxtAWaHkoPdQmJZ9;Ks5X##nP^H#m?WZ~KuKCyTnurj&bT}Pcf=f^jZ*qDzFE~@ zC~KC4No zM$1oPkYFZDCbEl^r~!|p0K!DWrT-3afljaM8RU1l?Is>H)i;I?Z?g#n;CT~D1|1n@ z!YY|y=Y;ud>MrgDMLhh^EP$9&(O3boRHl@|j&JCc-yj^*hEvH@#W65Jrvy&YYesrYmMhQyyZVqf3)49_c@t5)_g4BS`mo z_EL^k`I{HN?Zq(O(W+q3OiUA9mA$NgA^$FWs=Ilf`@ps9G}?-Ld5W-xBW`hN5hPj3 zm-AGcsTHP2Wk|rnTRJ+l!F8|(v9t^?Qsmq0;fV3|X;(Ik1Aty5RqN^!$zmoxSz(ju z@X8;-2(HhDYZag~9#2?31c0@WT{@)+;yj3r(~?mDf->^Er9ON}N*T2OdL}P?uk$j7 zO_w5m$0xgvJ(LsQvpX1L;!ni4REh^sTWOy9@t?Q1wt9mmjgXHRV3UtF$6?INTT6%UqHK5b6kB5QjSNfwkBW+xC;jD77T=- zX@;=x5%>&njHIOG9}uBV#;33NL2%{uK+^z8=Ex@xbaf0tv%Kt1izk0Ce06aqH&$@WD{V_1(KpPeHSX zq+96bOWOQ{lnQzUCPkI)xU|PU+kI*vp2569K`o71l^{%)fMB|SzyUDqg7BX^Iz(Yb zxDeD4@aZ4G7_ghVKv#=Q#zV`>SiukKMobrg92z38_7_}-VRg3{r>$~NP&gl9VKspD zTnES(+`IcgOe)x$81w`sB=mOY8o}^{jK&2EMWND`8ir(O!AsWxr5d3RBZNE9JPo^p zQd9Mc;eG|}vxV3dr^@L$D_=&o1>Iw?_4^@)?Ln0Xs9z&;Z(##)` zFwxV|3HNNA|?6y?SpYHGNZA>p$ZdLe7 zfJ+Tptv84X6t&ARcu?HhxFWqzOwTgi6p->*i8-rc^*Ilzs~|0L?(ez5Hn8Ksg51dM z%X_2W^E{Ht$m8#)PvE97noUK6<7u_GAcO#BAg9wsh=R`8TV|nEbA9E6*lD035cLi9 z^|xT?1vF^{R}&N$*M;g0@^4?YlU;?~b{9y>oAXb(oms((I68)>X@toDU}F|AR)Yzi z4~%;O%Sziht7%i93bl++r3cp|oAI|CvqUn2db?ii3IGWI6U}C|v%8yaJp~ANwA73U z?yebnAUps&hz(;CYT1(9~B%2Vd0c`8hF3dF4wr!Vtc?p`(GBYyUt)lDoDGK6m1h} z(!EuS%ggh#vlcSLaYF+ZH#qlNUS2HHx)DErKI363YVjQ;c)85t4(4xv-)d;YyTl?P zd|%UPD6K)k!3{tl?%uy&U{*S6tdk>8ZL?`p*45Poc{e@{veb=WT#?mf4aU&R?&6AR zt4EIl$0X+|1Kn2V>#F?ZE;wVt4^Uq6YmK^n@Z%>X5y0QIwVLx&pqzJ=cXdyza6H<8 zwR!-lf@rn~cQb1G!sE}Mw?K!;$jRg3L-78;!T$C@gQPzX8-l+H(+DXC_l2YG{7yk( z1U(?V0;XXa5%@sX4pbNriMCTAQgy znVBR3ncxsWygv(S{g|VMVCE5`+Io6gg`*UzE>>Vg{QmvBqmwxqF>nVEK8#kKgoY+Z zg$NwN25ov+a8yXM6;SQquh!_urQCp7vZw6UWNOtW#F`ZyIDAqVTgjntTx%F@d z=KF#WRpkDCg;G-j2txG;?8UzARTxeIhx-L7sVB4q*>fkF7cZpo4V_>2O^iLiM3Q&nuSv9VMtWk1Pf zQbx?eSAgipaM(2s9>lagJ-`?A9yhlQon|8kXNnOIg4|bVf|B zoUJ5=3^_rT;&R&4!Py=h??O?xf|(9rpa|mzG(v=#4t*-K&mjtQq}=KwJaEux&;h(0 zL^dkhsKB|RSuJipeE9GjofO*9QU4^kETE9&_RS1{lml zufD^iSQxq4NFFgLetOVVAv84TBkaL&IqfuamC1?gO%#}4UTzklt=6u!Epa;DLg1yg z<~xV0{hlCj(%bKRg7DWL%EE>6LLt9Bw$1Pd#-!eXOP_Pjh4bi9I(6}pFVlE{LPYh} z8tu?+7W0%z)vk-5YVR#|@0m3yIl$spj}LWdIYHNKY-|KSA(#@t$KU?`{fg@}HLx-v zB&YUJJ`iy^27{`AiH*$%Bo!?A1<(hyb#)62`bl7>LB)ttB&1Ur-j~xYjDSd;G#@Wr zE9=l@fEAT>HPtOFhrcJX*G9>CGV{%Pdy1fN^ha*4S@QX~F*DRyFZl1`8X~yuy7BSx z`0YLzYXJ|hZ0n^Lh0{+5n}13?OQxJ#e#$^2C%*5zFROjVZCX3hz5B-2Xtuf=yey?R zPep>l!UQxmUjQ?)x3~Wp7bgLd8)RKgJa!95V~n#(GI0SIW2H9FAd-1lN?(2OnMenF zixi4Fg-Z1kNb5E*KgRd#2Vayb&Num)9b>=@rR$Jsx7n4qmzP&dcjWsd_}7b7lvox5HoEuj*fpLf%}1-$ZK zv8D;GT(x6s?-9=rf`OijYRrw7TU(|{Nh#9W#g_7)-fkW$;`?1$bAKz;6SH@47~@h$XbFgd;5%TJ9M$D`yv}&lA&AZ!&_= z#59@p&w{r!H~SV9F%;h}*D3h#X2z{H1-d|D5>$-<`~A;!Wz+{|(~_DN)#n z5J4F=e*M(1Ny(rRz9|jEk<0uiWLh?Li=WJIZpzMYF5zGeIC~u&?k6WDmHp?puyMj9 zb7Rf?O4l{5(@!xRV80iZ76+{h5sy6gd!mXnlF3AAeiJN+$cKSlUE<$8ib%Q>p8vb_ z3yOPXEJf(z;>G>0*%L97X;Qpf73(w|x>hEPw1_jvmKihm7pvn_%1uyGoUtXgzW&25Kd+!0}6_^VUy>!6aTg~h#c2YLDDMhtJ?Q+o)0=10fx z$@{`XPM+FY9$c^Uf3)|WQBiK&wrIIbOB69-Km-FOP)rDtmx?H;pyXUikPJ%BuuPyN zK>-l~C1(UACljJXK?@`&$w_i3!tK+w&w2aayZ7Daoc7LZ@5gOzuib1ERDCtSImhUu z_ddp#wk=+suZi4+Zye!OZcs=VS!y~KZtO4|++-CfVwk%WDnCrWD|q4ulgRu2*j$yZ z^WSlh{-eiO%a~_&O6S3cq=k@g5o65$ElqLjtGws^-%3x!c@B|X7vWE{ahs#3icLD2 z`__uucx*O?U#|Pxh6{t;eJKcG~uQ+2zH`e+Crk+qZ9tL+j0(Hp~iXzlfqgyp$mw(dbLSAAS<1$SpbPn6x$VdUVf}6Q72a7q?3T4)x?z0 zeEWO96&GCakw?4kxzvx)DY9q%C-vI@t|Hys#$=Ch6qw18yQ+cG0jeN zai(&vpSl>AuC)#qldXKRU_;RO^BBahu`7elHfr8MfoWji6r9n<XUE(QF31?=I(OpH3e6;`FxDX^&Ac`4D ze@OWZ-XDOZ43`Cm{&xBmaxNAM=WgFdSYH*yw7#(STA<>)uCujG!@!7?xyj7J#8-K! zHHg2T*v%K|g^TZNYXgYTwQ19`Kfv6fYhfvHoYv$(9Wh*;bxoSIhxS1vHaIma-~%B@ z4+PmVq*e+ll>6|gz`<1V;`E)8i6%I%zzjfcY6b7n4ssiWRzs<|nVC)dgZ){kR-yH1 z!A?Y~(8H=3aGg}*J1-$Prx#p$;FNlf#mk6@yV!Psiv!M!KORfl45Sp3yF5KrxL6JY z>);rCSR5eoKR;yV>S-wy% zK_SjwLY<-LMnh0E02l?}B^bDE4EFpDtgLI^q*aQPvM){-Gtdiw2?^FkS-D3B|E4b0qZGt)7a}+^0@q zM$}eVE6>5MLKrv@(K;r1*){34GR+BSARz(?U`5~yW#Vc=3xU6Gi0yrtD2eYs#iU7q zH0fxO@a02|799P^;)15HG@L^6o-mNX`~$4(3VLRPsi`TJdxZne)DE=yxL!rhAX6i%p$tHNo4M64AP5J71|nKBcFWc^DV>8?tq%RA52_`usv}D(rqB% z^j3whB&8gJ1?N=rdSWNVVM4L#h1Qh?Fsap8O?nDc+2f|oLZo=s*5&|5p(B+>_H^Tc zXxV5PV+7^+log8whkWK+LbS_P`-$Gn8{c9mAo6`Qr%-9BB76Mf$B*w67CPU%o}87n zHLcF5P$E)5Qc{wL>2UUC<>V;X7cMrp6c?{#V)AC_hi!AcqM{;^5dAPr6D;q%WQ$@z zozX}50>i>~!&e@NaEv{QEu2<%3WXQvj_6;j9T^d_uSFBMYt^gCK{4I}#R*eg(c|rz zG=@hq5OpiaQOC9szjkdWsP5fRmtk=vRdVA{8`k>Mkt>P!FJxO1`m?>GR;7rF9_*<003)ZH3iU0(_Y8b7)X^LeWFXJ5hHE_*pRuBfREd=Vk-k9f7sd2z~l zrfJxz80mu_9gd6>p=k6pGaF?bR8>b@BIZ%3`2KYZb-JM`=%Aw@b&*CC!(S!eXz4W` z7L&_vLf{@jZS5l&w?DbC3)a{oM9-PgPSq+$KSG{E1Bg=>J$B58aLQJ; zqqKH)-N(_eZnE5hY`gT0_VE!wE3(O34O-{Wi$;vUpspbbKS0?^=pVRAD`4TdX>J~$ zn((?DOmiEuC%mq`Xj!G;6upEuo!H#rOr#JIm>j>)+U;OX+W{uRK=}|!9sv&V7{b$W z+fi+>m1|vGT~`vuA8ODW8s;1Y3yfepQV7iokya1B77*R-;EHifU}W}0l7LpU;*AmS z38%Sf$zqe^fuxZThfo($i4fd?XQ>7>POz5SM4f~X7P$DPHoM>Z{#^-@+GqGjiD$lW zaelaz)==myN+HMoJ(H+5vL#rkuV7KZev-=qddeG`BYQ9T{bA(?YZw_LL6CWDJ$9QI zx$$Ra@MlpH6u8iOF`0vm^7PU^3c5Rq`}*ze<%H8AkrvH>^2)?&1Dhn6z4ph_BG&;8 zF9jaIhg7%ZCg^nJF6BI%V^CF=T>I?17e<*8(g+5`25|vqmUq{VKH>L*hZA2ks@ahpHXJBojdUwA)RKu8$lP#mpFMYv=E#HxZ93iC$mO{c;@h`PiTW7*`279 z@SOdY^|xgyKD^3j#hpK)g{0l;5C?#*%dmGs`g;=1k9bLC!!#f;`3Vbe_y$*uS*7?}p*T-=4EZ>TghBY1_ zkzeUm?Iv}@9VQXCDm`>fGlPypcuW?Yba5e4BP<ju`7G^YWy6wFVm zx=vbKT7n=|P*%thuo~nHgq=7$JG<7{87NZ-5CFUs!S>*G6{8w~brlj-S_UmYt`zj@0v0Z(9~7 z`9i=W+Ku;|HZX|GAFvzSgBVuG1}4b_-Xh!(^T`2aBi`*`WI*?|c6Sq3_`mb4r%;dt zI-*zN|KV4?L>y=3ls9kPN>m17Do#}J_4S=@cR%v`>ecZU4zNtVgdK)-6rl~^C_)iF z@Pecyr{WZnzb@JDu*L&#%RBDLgRt=N9S2;!rwad5w8no>z@BUy%+ zrOnL3;P?nCw>qnpTmoKsu$Bim^%*eP2?z}fq*~z(;%e-Mwg(512Wg*eahxJNaI3-5 zq>6t#q1h>2xNnEizT28o%(e$jdoD14vDx+PTC-v)?ji9&ii(P=WSXeop#HDyCpFUu zU*S@SP~cx8mIGN{(6m?Dz9ULWL75^-I8=$enXVv^59`pwjE$*~w1B<$i7Pqp9lC}{ zGZ1BmfWnT0lbLqxF4u?I*PrEX*56jP_8$;1S84L z^X{M<6$B<1o$fwLGpEh80Cxhd`*W+K3(U>Y9wBN5Ew9i%GDAZahiBYS&OrG10llHG zk4$Voc<9g%$nW`oJD+#H#>&QKU`d;NE3g?L2$NadTRnBg;(wuuw6fSn;?qRC*(1nC zTD(Cc6BCIF%CXf2N!Cl<@H@aHSvj0=Dd;&<{osWH3>-L}A_rRD*47qY$LL0py1F{@ zkFuwd@9WbW;sht_VQ9JI?Jb?Xup^NDSLTtB5WZYcWM-(a`yxL-KLIohrEv^$PX65Zx);q*pQ` z{NL!(HBaUJ2qk(UuXAqj-@E{WS%&EOEUV&wTV*w)E z)AoW*zo6Hg5kIDn85lO_)fsPp1HBmSOJr~X2}y`$C~HZ`Moo+gqdvpfzTu;F^w&9g zlLl`EjfQJF?R&(Z(FM&-T~3HTlf3Zx!1ZQvt|M!CMspttwl9X0RpXVBk$!BN(%8Jt z76lxXvP#I&oQY#_bymm9?uRI8()P)T&A?y*I|cU?C%1iIt~Bf2b$kTx5LZ|5dXqVe zx{no)i=LVpEt?joN{{^Wqvi8y=p=I^OP031Wbj2upvklBHdWO;8dMGuRbiV8h0SsN zYE3d#8Wd{aAie{jQDS5NC!alQJ&7`orspRO8pw`-5@@+}xJO64_CzgX)*u}s^clam zgXO(vR^7}}a4y<6=PbM3?ii zV<}}BzP=ksZG2i&Gi+X7mdhX6(Ur~44T{>S*Hi#A&v9pAK0#-SY2L^RS0?rwFd93c za&nj(DF*mBVLST6U`H{+Cosg47jUJ5CuvT(6SMbXyZh5=HydX;5@9bz-src3r}a zAiGS{>0e=(Jg!9m1L}yqf`UQV*lhL#$2`RM5afC7D11h{q_72m&C0-Ss3y+11cesD z4??=;0bx*OQeMCtc_~yR7z`rO$NHx`s>3lpe81}=WS^_z;cb(NVs>_R8(=L; z%zINf9x1k;w*NvnaY1&v$`4gq^x$XlSiVm7X>r z3L#BuHS9gHNOk?_Q3p*%M(M$$d;``?&_*Ac7qREy%GO4LPEbnu&AmwT2r}F-A*5g( zX#*$J2?z_n$Oh6HfDXy0Cv?|h59r_xBBG;PQfCAKGtmV-Nl`ArXaczZU%~Q2XQd>l z=lX*;B6SM6kpR*X*zk|{T@C}30V@gYeE>!m;8%j6(YQ-s3Yl_&^fWLCx|b9HFuo{d z7zNHhD|_|oD4@&-T#POFJywBxj)(u*>H^FP* zi&aHk-cGs)FeYP=j)^q{HPh*^VgWh>tA(RR8EDGQyu=QYFcSBPfM1{$1Wer{bhI20 zPKAeO6Ywyb)AV(FW$2XPLP_T%nVUd>Eow}ASjA6)oFE4k6H+j>A?_sm&9Sj==xc=> zt%ZJ1o;=Cs#*a7PtpT)uXJSHt5e7$h{pi-8<)P3=C9G%t402V5YElsi^+_ZT*t6vU76k`^op> z4T`4)Y3f_5prK_^qkuzsiZ@pGC3~FSM2)-ZA(vSN~ zIsW*|!J@al)gxZDsFuafM&K6p(TUH2doA>?It{Vgv@WShQZI!tf49yE!=S#4bUhT2 zji*VX(1~nW{-XMeMqpflC@xxlaxb*c1`}1c0kl$}do@X+3AHKcv`~Z0CK$?*rM>Hn zx-e^obPwRz$*DNQAM=JLn>aEua`*my|AWJDT@bU`^hgJVRm9=DMh!d#Xnr9b#JoY} z%?kR;XaWX{PWTf9m@g0}SZqBi$}2)qxFZRWuGPt}JqTc=D-@*hSnD08`hNeU-60~5 z&oG;%A(?)Nk-xTCnf0HPB4!>~pclAspzud{dw=DFR^OJ_d=D_%K5$^TEx36oieBXJAgs5} z2Jn)Tvft%n`{-Yh(UAIa7NcR~hnJ%9lN?S^}Ev~(xz;J?{MnW-aAqBb;r|iZtKBqYwh%@iO)2vm?-_=VPD)iW15A^#03s{Q7 z45$M$z~mRm5pQUZPS{Txp^2Xf%set>)n4?cIHox;aIu+(8(utnukwL|<^;0_Tl?)~U7EGH^z&0b7%ozc{lqEy zb^RXkpC7lIet{%|^PpcdAX-Uv#E_+@;Ar7EegXE}FUg1+A6Kw29xY1xs6h9iT+eXc zhxm|LV!T-N3|S==b7u$-^yS48l%&D$+!`x|N+h)Jz9^AF$k?-%}$lCdLiFgrb5~(8VC;!3@Y)!nRVWEyvr|CuuNc z+f5jdX74(q&UZ0&MoBkCD8zUN5~(y@IS}BEoC>Y6*Yj?Eb^S>TnwM`b)va&pEMw~3 z%c1N4Q#`>hz%}bjuJOdj$reufC1c+0q+d5)(Hm{)zXz3nL{rP3@z$f=ot^x1-(zqt zw{WWw3{&{j^@F?Hr{H0)>7r*c038T~Xd3hY3pFz{1K992*V@!oVW)GVf%$^u*&pT4 zH41{cyXur!sUP0T?zPDl^ijMPuJ!7K7JJSD!;kV=oT`$$uzL7VZwqpYl?0=c`5r>M zhxk0ti*V#gw9F>?G3((M8X|ebIJaH!gOS)N*Y#(bJgTz>;bnM5C46-(Du@4e^T@x@ zymtX>|INL!bxXMW-;66C^>_~aWpU~F7Z#TR|GThJUjp%U!}*@8YZ{;rScg&?nu)ZK za=sh!y3#?}k`{us!+bYe{~){sF<);5eTb%vc1F)O6-?5ArTJy!By4a#&T}2?e6-2* zDCy7&L?B{~#e_Qw?ind%S^9qoNh;uC{GU9bkYP-y2;Kr_5Ems_wF8QogjFA?+Xz>I zD;>ZBrrnaZd3+=VJCC$Ffk!z3T6sIm`*hCLFTtbm(T1G4f?KLZmk`4@=2RKJCZ)BH z%tzI_Kn&ZUB&wvhJ1=xQlNn_D9zOuBPpCX}E6kKq7f{^&1~`uSX^&w~qbM$|BaQ#? zXAxH!!eJX|Y~lta2p*%MFp`hNC+Jezs87Hj5uObdqco@?@WtWs@d|!kkZ+nh@OOFh zlMP6ZOMp(U6ImEV6T#m=W$l;=bSa28@lrni;A*mlFo8d=T^wMu@f+-qKZ^nAlO8X^ zL;pj}zxoX#lP!29V5o3FM9?R(YPsOFo+DX+R#B*{0kfu@ZomwJ7la;JXME@_V3M9w z*ttJyJN-2_28M)4AuAE#AJYaRVY~vl1%>%6R1h%lZ+=;d3F5}LSqV74H0gf!>(@LW zipqh)2z~+Y(m`0Rws-d?=T*}Uif}XknWZ}RrV+s1-2AXJ`E^LT6h-OxBsQX^N0ZrR z0qdbMU{F2G+(SuB+Q5jQ4q>@?DU;BZq^5`n4z$avc3EOQ?QM})Q6zMPF3#y zG}Dxt5)s9i$`C#hj<#vkydfY}~Mc7{?L%JL@MVCL$qW>1cp?&j^5Q{tViqD|&Y! zp{rlo_c;HMkPs`==ikb}9fOEhLnHruI7+iXD%&AvZ0gd+_I^==jTCGDv z6~oSp^!^OOp#GLQZ7~U&ct;#NCfgAMBNRV?A2PMj1%(#69p1re@EwBpJ-UD(wY+$< zdyx}MKE@m^TeeJ2X%XJnH=ucmtP7w|h6`e$APwLa+vit*?MHw2PBP-};K2tlZK7@F zDMN!X5Np2O1ZUb|5fL^QfRTODAxQ4#Kc}X;F|H)pf?LviKj=)DI@hc?8)=!`U7ukR zwS(NeiJWlu5i)EPl`nDY6K?<{6v`at_04th6~07?2*RaYqXkM1lphGRFidjn-06Z` zhKc|nSvW>EdM#@4q*q7q0V>$sKxX8SFF>4+s2R&a_6#%twMwCG#@FnI2BV1s zMxZL><8?cBl%ttLzD?_1(gc#o;*o>LXd^XNIC%VK}+0f_~y~o_^}|T z+YNaUA5V-WhqryUg?o|n-NKRoIF{F*Q zJjb&#(@&Z<4_JA>zm7YNCXphijhABKcqVCPSv=bAVQ;);X_^1B;4c#PLv3wlS#JyW z!C0~Af)Cm%6B(laKIcadW{6+^B3{5k40Fqne zg2-o=`uW;Db8zph(b%Z`7y|~m*4zW7+F0^DIeGZn4p0O?g8426Ibtqr4C^Q~uS%=EqgH};;|Jg)hIZ8z z#V+Y2$c(BL=Vd$EikTkcB6j=D)Fq2Go1k9LwEz7i8B_R|R!nrW%Ca5KTAuiqTchp2 z$kPA9{djhCHN)TD;TX60mcLQB9#wi-C!7Rf-Nl@hKMV{w;qk>ugH!J`x~4`ZCkvY1 z=XU5Xa0d9uetLIVpY=k{r5&bQxVtysat_MzVE?jdQ6MSP-UeSoR8=ZkDzYBg)v95| zO)#VY{TQi7!8X{xb0?e;V#tWte%LhkK|nQUj5PJ~IQ!9!T9)5P68Y?L{*HdthdWl~ zc{95X2gr7h2F|~g=<+Z)*Wxu{I&~C=JSR*o{I3zPZE22MrpFt`@&vh`gr=^ZnbhOe zO-ov*)Z)3gY9u@*lxxrC`A@BEp1loKi&jjENPD{BJYvlmA0V5c?J4m%WeM??Cr}GR zfNhUApv@OHFV*Z?WF%IW^N4Ujp$9VaA@7jU6F4snQ=s&Skky$Hin+b`JprEk+i#_f ztt7Ku;r!^uP$DQ{m?i9u$pTm9J}TXep3XE$A3nlDRV3QG8SAHVDKSu8WM5cI4R>PWv zU3>Q~cOk4?funu#+A#k^^-n(HE@wYg{g6PDP;xI>@jC3?2923kj_l<{Wm}z?OiiS? zWK9rYSFhfKv^YI&L*h8X)+t0WPw(`9$9&O22Hgsd!@wt!^Fh5JnWlKay9|E7E zQWwV8R_VPiL@o2FvQig38rs=5ZrcVz%Rw_)6kT`(EkKNiF`aS^{jBuL;yKcTG3-!GFN1-2dky|IR_vAn)*P{-kZv)I5aST^Z(&5hHxD#s}WO~ zpJNp2EuqD^F=D`grI8HfBa~fhUpHpEvDwoBAUd%-h+hh`qFeh6hH!&yF!yQ(Nh5Bc zAHXgTq9^H8#5ykk#kKr&Aoadm!)B=3!mED&Jw~Ak9Wx-?I1j1*T_4^j*a1&D&ho@7 zB({6T@u5J14vm2dQTQi-b!(-#br^FP8tJ7Afpzy&WW={^K= zN(QasIntWLi)g@`be>a0>qn7hN&vE|HR+c`()|fy!3<;Ez-F#eVv_od3wR%ih)b9W=zEis$X!4X+VAeJBD0^JF5f^NM`xWTdMwHCfwjT!3KS4r>rak# zwd}j-HzB3lW!};xVq>3!Mvn6GBJJa7!LI=2gBGMNw38-}p72C>5f%h~EMgyonK9d8 z=J?Htv4Tn8+sKZOLqol3273<=_DRMdQz0giUMkG*izz99$bjvSnifzVl%LPc7I9GbH9?!fYyr3&$j$HuwuNhEKp0H8;O# ze&QT9AIc2eWwgo`-0p1!jE3oUp@UZ<| z_uOdcI;(#~qozU2un&ey4S<`>*#^Y{1%~trf|4a8brAgs5cAXUwi6C8cb`U5vj0se zKB4yYpDSHu%YUepP?y3za1{*CCr~NMg-*h#0|{J|cZ$MkCev`CZ^JOS5x>^<^E(}2 z5xfwb_KB&d8i-beF7DG z9|pzuJBKXkfyN7BMS%)A9LN4i-HjBbfq4JL!$*!V@$qFclwzO>85p9OaxFy(e9#Td zRA#=^^zE#*NRbb!*EAR`4MB{w+w^?`~RgCF1p@$3LSJn z4G`0_QOH0aBg&6oO$&-jOyp7yxQu}cgd9iGvJ*gWGjR?tHeS$rAW%$Lq zAO#O@sk~ERdz**uFV;5C7uTxsEwDR>1gDkX(BdiLP%}Sv_NtgHk3q?CQG*#j_cIUr zcdx%(%O}S5Lsv9u&Wme9z^z1S8PCYn>La1+(&r@4W&|ddSJWk&i#SgY{ZOMzqZA3E`l4)MTQFj>}@pXbMG*frfrG zm_r|WdeQ)mr5U#!k9ao$5iAmwLP<;EsO;lzSm8Yos$*dql@ze9w*kw;oD}No8wNS? zz@9y4k-uO~Z4ho|TD!Iea#Sqhc?kw0?r{U6w19EF3C5{7#pDoh34>0UJ!K-`G?#_^ z8IItLE>T0Ek{mR+#0dpFRC60P1r}FHyWvTUBNDz%CbjSbCPDM=hnr->l~`Fy+tMX{hbm=sUKf#Tl6Zzug7h?GWqP&*yZP^u3`d$0$Sp^=7ZL5 z=e-2o?&_sW9^jq7WsMxUWmmkzy63_EkS`!#Xefsnyp2MWQyqn2B(=i`sc*<8%a<+7 zTHJ?a=A*J6*67ci4Y8kO%i)M0);J}=?hGsLPIRD~6p)?1mFB*7kikFWFj zkt0W>H@lyM&nw|(FnlM_n+~8uyUZTS!RXY~)Tv)&?gcQVcwCTI-LkmWGY-z&0T+?N zK;@6RotGHOt->E43@DY~Cl2|pbY6txAQ#s~Y;*3k@`tB_rBENKy&CRqN<8yLsAO}+bp8IajA<==yH_@Hz8VfwtWdDps=)ki=kvN#&d&Vgq`RSsAuiW24)tP zIEcF2cKn$qqh27K{Qk&m%ix{zE9e1&zcx{YkmwwS^1vNOx?*e$QZl1=3~44#$zr38;K}>@4p8 zGmP`j%X89ih2hx%0Jo3KF;`$Wb0N2%@xmgGV`$ixiUi3vD z6>;0@1CV2f1kr`vi`o}FXa+QJt_&)u-6CzudTg(JmN>rM2#w;6TPR5c!TIVDN5hqox2<&qzr6Vg($&; zaVzL(hzE1jY0`p0`ZvY4GFsZI8-tJf<1=B_}7th#w2Xhan0hP;~)d z;ggVW4WW*69yoB**#ssbvXaFaNCwPXwqQ)a0YscjaA(OcG+@s^ANCd3R#AC|VN$O_ z&gTQXvPCO(mj^||Oq)x^7V?e2FpTpkmA)ZCo&-rJDJ|XoLLr55$jr41w2m`4u?K?r8+D0Ke(;0&o+<7g|L-}ina*fKhI_>h7DQ^HuEJ!?KqTj z^(k7e90x^3sW6{MnH0?2n6d&E1@?~yh~+$X>?)jzwIHdV1P9NnE5#OG4cknUqJD_y~N6B}C+Mi<7yMUd0!ueynqH33SUM0ZlYhlj_v z!&A zeDJ`BgApVAK^yyXK(w%bcIs9bV#*N-2rkuNuS?5fL28qg2jq{(QW;{N2@4*lfOpyx zPveBY0tcxdDl85AjhUI59Kcu%4Z!|>X)lOU>IzJ_m@=4*VIX3@n>K6+Lo=CqKH}fe zRP^3l-0lPIBJpQF=;kN6bC866GBYz#jK#xuc?C#)=m1?BnS=%)F6__Gx)$~Y31Dyr zfC{)u8%eiOKU|$OOtU64@DGZJXpkF}j)QcME3v}cO$gKx>X^?r~&$3J&MV zB4Vi&IAq_xb4Pghz+C?kwA3_RoehOIzO%nywQcH_2v!wzRvf+&u*hT7>1tgoo&%Tm zgUKde3-dr@P?p-~QSBJ@otz559`2RElmUiSt75B3pq3N{w-hk7#|g|m*{4{_%aAG_ zdV7a(7law~l>B}< z@c22r4Prp39L5}-G-*_V_c%4jqBjgXsvplQ_@Zi>ABiiy=$m6T7>5&nfR9fRr3X3t zWJ1YM76fj;M~`;qHYH(KPU-iJ;oj-PFAM)<5Y7$uXgcHpf=F;op>Ys6nXQ&uX9P?r z@8FO(V3kYenWQ9Qr8zk`#H6BSAyoyCk3*~?yI6jK8v!N4AS>nL2Vg%Q$61T==lrr{ ztWbn`v{kXkHp~z_h5Vl(*?^}k`GkdspM>`sUUxNsK|lwd8QAX=;JwyE_`(X%2;|Gl z6FLl?8HT)Susq*#EDfh(CxI7YvFRBY8U2bhuWD;YAWX?AoQr5J$JILtVW zqZSqvcRZ+=f~)TU&>{-h8Zcxf`GOc|po$?bwTN3$WOHD^KRWjs$VE%Y;3!W3P4?g! zMZO&HK=#8*gJn2uK9yrJl=BsLH5O9_Nh*fO_7aXCPDgLt{q8hyXy0hB^*j35iq8dL zOmI+n6!>bJLq`rAxB{?^89>7R-CbQJ#l_Jj(a#sh(%=(uRM#cXbRa;-d zc)5Q4#Qa}i9rewH!NDQ@)nQZaue)PpmpE<<~>YF>?M_p@NJ9b{+@ThXXUO&LAHN!0Lkj;)6$ytlhel z;!^tFC%jl2ZnI{$#++oOpn?Nc?bi!tdvyb3*82B|WnA2Kdhs z_n}sGFIWSg;YcQf#VM_<99EnvgsUze&k7^Eo;0}5Oiyq1Tm-z57ZbaS^PdjxvI)-? zOI1mfUvM~c<~Gj0>h(V)Wo&G+5CzlGfsPR-(Pea)aceL#>NSWJiSB|s0A+FD3dPM2 zPN;TaDe9Z+3PHwZ_dzXt!xNhp>UTogWY@0W1A+T2h zj0YCq7mt{Z!&&x(Pz^j&n6n53sE_zYa^I~#Bz;RKN^LM)If_i9tl{QDL5U`fS=t0C z9x(?hnBV-P)(na_9&jy|Jzq|f=Ld;Qw=NY1tqP692V9TGN149NvZa81fpLd-7mBpY zeZ6*M$Eh|sO!{xM9IecG-F-g#Ouw!E)OFqLej9uH(%M=@>>?VeRuROIJ|%pggoGp^ zOaYL=Ja-*Y$dBXl)1#+B_f&%&Aa(2xA)70}wFCl^JcryT;R|nHI{K`p3IJ%+F?+>( z9vv$(zT@aa?*(@$AL5L_9+#IC8X5{4Z*PhbN>e1`Dugr`BljcmAk62ZodN~2Mx+)M zh41|}+rlvB$q>38pxl8IObFe;WL%t_k`PF%u?3nMScL6f1EoX(dg=o>kGc)sM6yg zugixlhQijwncM(r7A>5%hZ=INlTC65GZ;i=tG<5)@I^*Q?dBg zl|$798>LR>=8W#*iPNfT=83KlC=pee2?f?dc}0Q?82vab-YodtCw_jBU?K*a^HuQy zqZ1SIfTcR=Dl}a7-u?UgW1~aJSEXMSl)q{>uhW|m*9Qlayv7ue3TA(q1kU@1RP$ZU zwKA5d_Skmf$@Aw4swUaz$aE_qzyY#vNr{R`OIQ};*8ia;%Jq*g1#2e zh=KjH+d+XqYjk@K? zbbDv!rL0`B!T^Exp_f+;%DX7Q$;uA5&Y6lrg>OWmwZ^eZQloA5aqb^VtP6T5U)&P5 ze<=O)jj=TnLFHi*^F|Cm)Agjzq_E|F&21dS7L0xI;tvu?K(hP!`$wTOlL}lShwq5x zCxc8Z2kYg39U7A!R9CS;T{#%&BrLTaokhfy;8)rybNck3h!L`F4!B<)x5u6tCRIWB z8IA8BY|NI09qdvU{sU>oUHc$5J{Dk5f@GUtLt~L zGC=MG_saK*??leiiOD!Ww``@-xP@~N3G#cHW;w$G(;K_RywsFmY`c@k{DZnsRRRVi=e zS1~dlRTl<;kYGIy3v{VTCgHv8&_H2XezG0H!lK8O2?5ZD z<8;TN$ncFIWg+XSS7oOp3(t}Th@GS+*bWD23XgSVQxjGtc1QBo+Uc73i`d_+$+=Qud%RL#-f(daZ2d|y88zB ze9~e1C)IJQorJ^#pia+^AwfZ0FuTmm&MF9aqt2-_%HR~X-$+?nDcP?HKp%0vJMAHc25+kTif^?vUq%I$1DVv;xU%;f0 zDRRBCF<%WZPwUj*W0-$H{jAS@fBF|Y97xq}W z-uZR4{J*}j_?*GFoxjK^ufKzA|KRKXXPB;kz>R&L;Sc!xk2R=e;Q0UGWB;pM-9PvS z|M#u_vxMjWUBv%5IsE_6wJK9+LN2Fl`S_{l+-ys*D=21KoN@P+!;ba|#i?sgcf{%Q z1bA1bZPEB?OqlGsw^?!a6xs)w&-TWGixPvT^J9Crmv*+72Cqz~cesyX*|Od6TJ+g9D>=KPFs_j{nHj zSLv)M*CVSk@-Ejb+sXE>{nhIa!p?+NySQ}=i_kURDfX@7k#a4Z|Ex9BBXXp_$&;G1 zn6Fi;F_EhuwR^jCjqxsNJ-Os9mOK+rIC`^-TjX3{++s^EoU}jZ`;C6Tch;`9&Hbe1 zFChSrBQyM(r90d6^~cgahw^1bYND6-dj;2A&g3;u{@Q-u(9-h4BZk!vC%%_8`$kwU zPG8wuBqcn%7$%%CRU4cCBvkRmkIczWrJ7aIpIiEBR%~oa4r!C7R?o;s#Jmy<*VK@4 z()crj)kZv2_sBP{2U@QWj~GUB3|c2=YL&9pIV1?!9=d2RD%!3wWEQfz{K1`o&rTV0 zdpsn9towUi7h_YtYK`l6ISgJ1N^}!c;anKulb0EIlJ+6?{9?0gsCJoo;pQavPPUfL zyX1zjIT+fMYNmV&p~k=h6f9&V&eWXp$D&$RQ+~yFUCk$c3uy|6FUUlH@=vYLlam>c zE6JFD*k}FNUf7g9zP_bKZ86Oxz&;Rf|C_xJU0&&mgG9HY&*6Si+3TlMZXDVXXUAx8 z(f3(8L)9~;{jp=g=$B2TPWrG-t47SO8I17cva&M@Z%TX_XK(3p8=fVrg(69KoZ^*%3p_|dGmOY;&mQf*b6lB+udf=bQhD3llVKf1pAy|&HN zTwz^ZA!|NSqN=rNJ*|4az&rW!ps8V!rIVLbCnUCkn*3XaZ zn#e1>GrQ)&mj+XZq=7P_DY}RVuW+tWjBiVQ_=l6Bb`F!@MotKr3smm8P?{z@Vp#qx zt9gF5a!`$%XjNCl8(-CKq759(AMw_{ml2bEum8OM_@e0L`PRFFon|@XvtfgrhYr*P z2o~15xaM9E*rL4OTStF-qcDfW{CTS?J}R5MiC0tpVB>R#!G#}>=;_1m?A-IqO0T}h z6!!Y!QI3TA*xcbliPLYF7_cZ%`5LR`ObcfMiv?gwseUp~wmG!FE&oCeVCmZRBvGvmY?foF!7G#a)^DQfR*XX_@vm#gYOk>jiy=`Ha-&` zq0){;N?P{RtBpk))x;dEVzZ9ORpUnQ8UN_&iD6nOXHVQSyXlZ~z7ZSGr@eOie4b@m zFQPcZq`yjq$;0#8#B z-+5{S6g#0t);cxz;HTjlcTD{=z2(arc;w!Hd^^kEkhI;@II3Qe_N`i3b>iLQ#p>14 z3l}TB?9a|*FQ09Ay;Y+6BlAH{&O=qVExiv2o{*+GI(*ThV;?%q=QSmlNU>8TcbFI^ zwXR4XAAcY3ckB3hUkklOiKdobe#hwwjlJ{snGTNm%!QgUA1`}XW%V9=NadH?@ARp< zo83wAhJE;A^Tj3U20d?v*qch(9^|T~?KhDdRi(y9d_Q>J>7_={VgXy8d4c3ZC~>}; z(GT4v8?n=U<-S8EPa#`(KxKAL!MpNxR+|bVt7R^}g8a23GNX$Qi7`%m2Jc6`ON|OU2CvUf z|5!cbtgGAATX92Ly-`B`G@~>7VHHuyu@K2Gt*W~HWxYbQY|cOC&s$a*Tc_82F)^n( z%WX-|iG5JqJuAHFFQW9iR(8WoGPP3evNc%8K7#G&hRFNv-^ce;_SNyRrl$MtGrh2zQ) z@k>Kj8TZU|bZjw13csQgS*Y~>KlTCtqI%J=wbhNcUxPQD4*pas7|-H#@`qpWSX%Yh z6LI!J_;FTQWV9|Q^z*0F4L_TWMu)2HmyU{$h!Ddw0#uu{u*z?AVlWmi)y_87=}vrS e$6(^((z}}mCnb7sG~@3n66d7ElFnSa{XYQ7xQWF8 literal 0 HcmV?d00001 diff --git a/docsource/images/AzureSP2-basic-store-type-dialog.png b/docsource/images/AzureSP2-basic-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..a485269e823ba32a15c92246246c1160c1b4bd70 GIT binary patch literal 55451 zcmbrm1yEOQ_b&Vcq*IYD!332~DG5Po5di^d0qK-3>6Ql&kWvv9>F!RYyHmQm<6HZA z-}B9UGvCZP|2fP!Bfr@9z1O|sTGzEUK}rhJgm~0=C=`nD*;7en6bd~O{^jFf!7E{; zelJj{8>nZJVk%CFYZK1uDlh+HZ*Arhtmgi%X8v3{8_pbf>My(TJuT*I@o^hB&;4DV ztis%OIoXbOZmyDcmGS2sWLmfsA6_bbcyeG7H-C0_h|nhFPj=#S>emxmz`Ufm*^TFUwc*(fV_Oc*xu2h zq@j#gb$5b<34Tr%^#X4p|4HJIyaww-JNYBBTIu3aOcr6uqa_Z}%QZfI%wp>TRWbSTL}#xiF}#>AIFBICF6jPHkr zIL>v7KamM9ablFuza{j2_9eN;%+lbq=XQNA`f=LHl!!JH)7KU<8k!Jfg)d5<3k$E; z)zt+?MC7PsGd=zo9sM|6MSp)~z+odY(@yal33^F(+O%knrG&EFqsgN#YdN?*33k8uzi^d4DaT1vTyEiRq`DOIb>YvrE@!4H!R#(!U~d9{#zZ4 zKNrYP>eC>|Hq&So`Ke_+@c{>GE5o^zy{{|2>(cUomYVyY4wlBEtt+Lx1%A@^rI%J? z89bkRFcWQ7`;yr?qM^!(P5c&hR(&ehn1(CVzr0>F`apfTD;P6i>iunOc{uOly2pf@ z_HJo<*;Rk}ohQ@2*(MV`bXfi;in%cnclSFn+#Y#SbkbG5%-Gq?O7@zGDsNCa=@L|B zVlowyl9FO)XZI5SfkgxiNv=$7GBJS!ijTnzsOkFOCWhY@ zL{wiF;d;fSeAC=^eMX$SGcgf&S$`)Bg^P-R>wL73DiJ3F0Okz0Eb)PLq`R|`&ezzhgQB>_>yiu-Q?qgdw ztdCtIL0t>$QsQ#dz9jpTg8{cE6j~O#BJ?j6DU_mhG&c7$R7|ym83G)&PqgnpMt^Mc zg|>n>xv9`wM}I0}QAz8DRWvVnqwxCp!~}=ugasdWA?)LV1&(Bs|3)VF=# zk=v}u$?x5@**NlaRbvfkno%{x)A}?rI2<)RyfM{LccMtdWVrYy?h}n(b3NnIV8!jk ziG;^l%6~1D?Ee=f$e7`qPji$s|VV zO0|~wU}njP@a9bklvkysx2D<)C9Qic`C%`*H%G#|`=V}Ks8VYj@i)}}xo))396?cQ z_6*0n{!IU@S{VJcE01(a?ZJL^M5t@ok@E!et)_2(FGXm*wI$qiH}(B`^#zo#6_B{x zxF(t<;FnsX{lxf^e9L6Hd)nfcVsZFKC#wNFC6+&I9r%pa$L0@2PHO0IaLhxN@%?Li zM+s0jB2lm;JG)!Ch^VCGp8d|=UgO#EZc)AdlMm5PZ@t87U1^qI`KrLEoThT~;6zx9 zpFV5f>FBqK{pviSnc%CUE;8}YrH_e+jD8bm&K=6dxU$_e4h#5>9{c{-^7r&e)%zd>&8t6OYL{o`zGiT z=_0qT;c65+HjP$UJ!Xnjab>QU-RETQ4+ttN9R1Af`&dt#IU4V_Tt}Fmp}u;CflI$g zQRj2QepB!0Mma4Zx)870VoL5}eA?GpXwf=h|PcV;{ ze?mu53KwCYM69W2$aae3+>-n;d$@kpWUv?Q#Uhcf@%%`LM+@9=PS(5m5|Bogg!{3zvy!;yU(9mlnICkqbMi`dSBjO=k_T9cJPM3m zAb7lV@$}m*Lo}2s>u^X6{=saT0LE7D8d_kuOx-D)Ro&L_3HCRtqP}a@zAra7`U>?{ zyx7oCI%k|1+42_1C3EvR8s1NDf9l3WQKgq1{T(JuJUdsEuiX^+Oa|Kv-*DG#81JPN z$AQE%E7$5kJ8pB8kM-Q~l~+*Ceto0bNp0FI((#%EpRR>XarIWhj=b~oV<8tJOCQX- zzcX`|7@ytlJznyDx^}XWX=Kvi8;`amJdRE0CTvFVeMcD+?zOc%C1NeqZCFtAZI$CU zDXcA;ZY-4Pz#Yab8$af5tSvbto;|!4+c1kl8Tg!a-|xmwa^W8G)p`<-ck1~lg3Run z-psFUYukdl;v9)Ds_A(q`?pG6Mpx`FR>jklZ_cU^kXIK{xl0$eBru5J)41Yiai%rB z87^Wb&~eXYuwr#3_c+)5+lN{4Mdc^E}WVGC4<*in>mYM+X;BA+b z_Q{~=BROufWfa5I_rT*_dfo@bb>8bUPKRxa(_?L#TvXq`|NZs*FOiL0c~bbx5RWWw z@6@jk3q+}dIM_~au6oc{pLAJ$x^bCHH^arsk*-tLf%9Enj0}oR2{>4FK8}{| zpx2Skq6~t3zIu!P?3KI6{Gm?Ou0>+XOlWJg4`&9NaZ9qlPiJk@uv^qU-lOTc`cC2F zBWx~mp?_}+$skp+8y>+yBX|uGt zT9;8odWKyr)tEl^G*mtyCQI(Vl5yJNO(AZq4vj~jLp<#$W!glWpU*rC#8d43#dceS zG^JxKtQ*5~c3rW#w!q<-L2>6ACedb@Z-mi0N{OC6X~LYuW`+0t;(A@Y$I$k{U4!YK zKY0o*5|Waa74(9VA7fZ-*2S5WXSq1uyc6Xw<_O#)gD>JdJqy2lJHMbygt*^-CdO4HkQ0bekDR8a0cUjirYK)ML18?JEIB4{1NE;vxxdNY*1DEJsf2rq)bI;8rn8p?3iG0b%jE^;Ey^JkUS+dy_%?J>JJ3M% zCJj&P5lu*uEb(-}%a)$XB(AfQlJx#$j=r;QM@j5b=i$1}o_q!HGWD@PTXL7G{0FN% zT0|idt3(^0M4MG)c=RtSL$;zg;*K=f;L|txDwKA|kp;S+Rhvxyp*q1jIoj11KRy<6 zppo{hdLKKERXZ#ftQq-xIDh3z`4#S#1X<~?Z(P;Di@%gU4sUQ})jQS{w9%Em^1YKv zh1mqDIO)Hhag+V}RPTd0Emn2?<2bKfc%evMcX0t5Y@ntlACizI`z8!+ zm>4m{{%$k2k@mZ**SlK9VH(UptCgw8!X*yp8TZKe#(Q#t-cf0rYFY{f$<$J%@N_F; z$(+Xw>bx92?W0$c&OiO_c#{eS=pbc*TMWkk(}EeNNx52RAEEq3+|Ws=lfEoyn+v_W zO6PtDr6h)gyZyGAcTmnAlF-L1KV=sA8$c3MFZaM}mfH^~iNM$T#N%z(cPG~&_X=uw zIKH9mEh)E6?$3Uov>$i9i?Rf0UuQBFa3V2u(D~8Y(i9^;=2;s19pA_G>)gH@m!!hj zC3UL|p^p<3=4X)dB79QP%vV$8EoM+&+uBG%ls%|UB1F$t#Y2)!U(C)MQ{Oy^?r}b* zI~}L+v??m>Y+RpGhH!dXAJf%XHcm6Xw!ZngLN+hde*Z5j47eO``SUiZrQ|mJ8UL0) zHnRBow#L}(uAEyIAD*2o2|cyXKVN?Z+(&uA_EL3rS`J$#dlUN-vHcLps7+Ol#de?> zG*z4=EvE2W=P!PS)e9|q7KODCUn>SHxg!@7m93^dxMYd*Ov+JYudE}+^MoMYj-lnLETuDRZT5^>AI=X^u4QjQfRB^}fz9;~exSqufV;6<{e zQTKR$pPo%0+ghJM2TZ}EBThbOv~;Z-9Yx~7iB(4Y$MxA<6JF!QQ%uy+!Oq~x4hBl% zCPwQ6`9k`(4%Wu3*6U6sj^2uD5i(Jfa&q6;OMX6K3%c@Y|KK`aj6!U%EMA-SuFM~u z7Ng+IJ-2aLm(Rz)pSBI`eQ27J@u^h#;+$QSB+&kl`rU#(W}0}|k>*?EAX(8K>YkQt zTb-P^RO{1@zNYSp*N2r;zlJ-d-*spldEHfqG~Z7{i1V>frJ|;^?A+o< zlPcb~p8FT0W$H{DQY?78_b=b+l(CPbfudd3nH9-J78W}1b0~QvG+^29b_+cH(>M(ZOn=pi5>gb5ETUZ_zjMR zItW}k%*>f$)SzV*T~LyW-w`2GC`hQ^Gx zKDli^-iM@DUaPU2wZA8@04M`UN_CJEAjZ>sYv2!C8kha^UZV*b^gV9Zeom1Hjf)@I z^sBb-z>B`~H4gNV-}bXb>^Nfi#sEw3uB;aSRiBxt%?1bsJU?_l=i5kJ$|=fW z82#njPl5x5k44EZHOVB>tBsDM3+K%5{fREpZhZAc$;2h&W7YQV&9;Tb>k?^BoQ`VG zGx}S*n5}*!rOw}sy{(+l#%9Il?k=dj8I4^fW*|5-oTJ8r|7o?ntK)uz-tHfRfsZ@| z?EaPC-l4VCDls5c_?0YnXwoPt$8+Z4vI~Ona~HzX690yh623?8a?0;(XDOSBf6q#N z5)<{h-LN^gsHAp%H62I+cS9u)<;5vTnyhFYc~&8}nG`0FV9~q7)m*fTJ1_Bcat+^X zY(-7fDK0(!>Kg3>61#oYIa|!&khyz**q)qqaJN(Mcic=#NYNxH((sZ^CcP@0^iNb& z2H^*?*sKiA3*(u3Ka;`C5ra+5MG|J;+N2`_-;@W$kw{~fGMM3L@Sj#CJb@$yOWsu}oT)DK{Zz9fS*&ebq9Fz7Sj_sThR@aR?aiid5lfQZ3@;FPC z^gaFLV(zo*C9X>MqM7mT*2koC4tn}`p0sRe=h_vDzly*1gIK#|qVd6z{r=B9`P)z4 zygYbxpNu6sI$CV%G4Tmjgouvf%Gv7jv+3paz>RawS@TwT0@rF9+Qdwo3q$VFcNW11 z)yYNL+E24oC7yqO@2$dsg>}Nt{@_w;MBtVFXr=cjssqovkx!?m%?X9wJG<{NxoG^J zx4jo5)3N!oqdwbouvjLocYJ=qX8A1aF5C0zl`z+|o;%p0l;#ICAj=#2@8Z z0;mDCFDi~p0>FgA?A<@C#PzCvw3D`L&vIX7QeO$~lhw0`i}4X5V08BAPb#leS=Dab ze@NUZZ_)kBC&6geH#zwV)P$w+h746kW%#^; z5n5=wV~P{nLV0BSe==-iH#JxUSJ@ChIlir7p`3x)tDGNsJ&Nd%{2;fG*L}`)P zz8RPO<`8v_RY)y^v}J8t{6p5{^03dCKHM$pG{;(tZYE;72ugcZ7`GJm@P!qtrzXd)=ZKV^fg_j4sO4zf{R5`wH>pJ-BWTj=E+ zqj&vgsa^l+s^Orn9{=?vHXnki@^o@c9=1O4eQYYjJ8SuU;Mc?ft12bUT*PYZhHl%h zzxSfxaMN zK?(eoyPTN`ab_F-Dz6hN$I3p-KDJvMu_xN-Sm)56^)wE>D>c<};P3?rMjJ6?D3P7e;Uxf2*r`l-s1|HR>9QE=HT|JF5Ud4g2%*^;Mc`4nUUuF{ zrsa2!4%`m0<=WG7^LZprEt6j!I6b>{O?@P;p@00TnMDUMOYFS7{Tj{7Bg|c&-&E|3 zG!7K~hWLf%CuFWvF4M)4A$+4O7z!ZcO&&F_J^k)sg(cDao4`CrXyt0_=;U~G)r2EF zqG)c|LP1ZJj;xc5pz84>qwn*2b#t5BJBesp=Ig$diA;&YZWv!`E^!yX^HQ>xlNt_w zhw36RrAJ3X7U|nPbt$=5R6)r#K-^JD_aXL$?{16L%wFAU9A^asGzwSZUk(V50ui|P z)8d}Jqhn5q`^t5uUAtfsdW{RrOS#QITsjO!Cf_0sCWLx2(=a+y0;R?~RD}9U$i8v)BE*`%_hzIkNAq}>~i+% z%l?*p@L(%ZU5}-v(VbrEG?_K=wh|Tb{kio`W>xM)sEqfX?IKL&(aklqw?zrX#KM|5!0H|(%=-&EJ^S-_koV@1qBhJAavVROfx zhH@o!@$)2#uu8uWKGeNr}tir~^W1lVet>=|C?~=ZU zCPm#|yP$rz#V$=@wnsNfzxt7`@kCKv*VNM2(p{rItBejSds%x35 z@s+QW20$#e8ZIP;kEOTPUz3z0T{*e$e8HfakY*PuN6_=Tixjxdr$JqfT<02fUq9ug zA=SyuL~!kNyK>N)6tEiD7%QoqZ)h*N++|e%Apd!8E^m{SsCF%Ex^QJhIFk-5VjaC; zG}GfT5D+r|`1;~?D0=bL-OzJB`$kAJU|iUbM1an{-vjHbVZhi zYiaqJlCp}wpw05UY>;|F-R}-8a@FsxT@R(6MOOYP-=)9K$jnLyh{QzS7!3$eU`Ltm zB0>$Gs(ibddydiPGtQ}rZx7~#?)fU=1B;-$s*CGtoMCFr3w*xecw5ti;H!K0Up`h; zB>u>2WPMmTr17CFQzd9E6aDF}d3!_S_mgaIGEv9vO@JXxv+)^fuY+t5gRE5;NF-1l|)1VIzO z_dqYtTBgB9r*kGBb3yC&nH{s5AO0IsS?+=xCw|VF3RA_G=UBLi)%m9|et)3S@gOUii$cg-u ztLaA__q|;0PEFOsfemg6b@Yd$N5{WEL1BLvu0~5s`mcysq{?w8|3X#j4v2+cJqiDh z6vzLuU*~;4Tq085 zG6*?&!6!;9DjI4(KPS%6_@R&_?&QR;?KFc~T3#-aZ|>nCQhk1)S$VvW0F}-18~I>I z7!9BG_Ux0&vz@lEVnxO)L<}OKvazg;ckf~gyX-xls&>~iGaECp_?dxE!8*OS+!sUd zXk$}1_dDt;9UUPyHnzH^=8*bOvBg+-wYzJf)l~JLbw)-;xV#j6cXfQD9EXU=Un47f z@5mRIbb4l{$7KDfynNGOmL^Zl>gsC4*cgou7U4;Y+XfhkJZzLSJ}SybQS|(}x3@PA z0YT#jMv3kMV@3P5;j7rh^uEgJZkaB!GBUYu`|f0_=b<}0E4F0e`H?uy$Ef96&xpJ2 zcJT3h>}qRk5ZtUx#T~x9^8ER8^&-=ksq1VH9};3<5!7~nk+3=5c{8`TXz;XbS^a;_ z0t{xpG8rp=`1R}86%|KG$t%gO8)Yu0%c)7iuH+1!XB@0L)tURG6cpGfN`C7b@aY#B z<-F#@URzsRrX`zGH4Jdu`@I|G>bbgT2kT>M%W)wgA!crt?#T(!(bpenm6CX#ZDYe# zLVd7__2*h6;qD~$^z^FMQopzzPB?;{JbF8BF!h@3u?k{fV9<)VQDR^dK?_6A$;FlT zZe3$-tb}-?!Z9Ezi4GKV78Y?E8;%DLALl`*&wnH1t zOQ*hR`-t-D?Nydbb{CO81nMl)MOO zcx#)QFyFm9NG5Yb7IRc4MLfxpKBv89HjX!jTO=_EkXIxHGY*e|NoPO8;POP^>7Qf5IzfVj|WJ&pO%|y|cT^GnSf~%JJsUb>xcRG3v$U$QjaSgzZ0rkqwCeqTyl-8n7vG zkmP%tzs)n9NrEqvLHEMh+niz$J>MgJWWVGU&tVw{OEvH%E)^ zudT1!%>RkeaIYTB(TSkYc0z-NHM0JA9*h`M@|Z>sE-sWUCj0pLVZw>~fpf|qLtvRs z+97$%-kuvZo#Z%KSMIQiqze1x-X~n#pUZb%7LoltIaie28@_h!A4!8}a&p%j{0T`z zDA>s1e6L{>(URO(%_Par&emV-O!`__sG?Qv_Nx68k1WKax>l9T%S^2@WdeF3^~UDr zU~s;`Iv?y1xY;1ML@2r@{>>QGKdoz8J zjj0;8kF2j*v|hh{0uGm!uUTSAhH8uuy}0)^HML1i$Ne@6bkRk8Mqf%^^SC%3vyZK< ztt63=k@|n4nVAFyPi+(eI#GcFb_*(x7S`6xpKEBapaQ|eL;8LwhHPzF&nz!9!-@?o zT^+xp?qZ^l;};hfM~?mqYJ0j4qvJvSC4(!w zn2+7|2h`x!iw9F$5C?-ROR@t-zWR> z<%{?iC7d*6=HA|37z6Vyb=m*L@3@hOSOC&#KEKCV>C#Y63cvNVSE=V^_4i6G)*;_k zxcj^}ZRB}CU_?emrH+({f9Ym^jJJKnXxs6L2i@!5g9q2eact&VucAGM;sPdJXuHM2 zvhv0Kwu!i*t!+N)1{B2yz9dM%A-DJSD-$^7lP6DRYrQdMhw}`WSXmWNB-`8D;(cW>`FLaC_l>wEE2g{8v)IZ5}Ey{qCldFCUW5Es6%pV3Km zMq5ZTU+oqjs3f=Rv# zjmyWeixoWN=T|47B?G(J8)m?-(rIY-CSKE#FLVqiR!{^`N`r^R0? zEHf)BED9+iua})p_m)#(KEW3U53kp^6>$+{iK*ct=v$NccJ16_ApLQ5L zj=lgaxGt_D!gp6Ox!;8ixfHlk_1TUr7=@Xc8QlxerPLIxQwSN-8OR zP<wLBk z#;gpMd(*adcO_(G@St3rou6}9O$xc~^+;RW+c*A5@dz#~cjU_E%oU#mDQxD@f%8IEwbzY+<#*Kr|~ellxLZP7d;x1US_FB0*kW za$HD+_+gmJ4MCbeW@1HzZPn@}Vc?VBCmu3#1si<5BxcXUOh=_=2 zxbSV%pzDTS5%ZD7V8Zl#mC7Rf(`oKDWpi~yBKMn)j&Ig{NFUeWSfqbeLX zoBi-9xZ6r7X=rY;vm>dvA^pV<5-O^o>1o|84*ipplicEBDHoSVKwYLXbioX$&FO)K zR;e`_0=vD?FxU-SNl>*=l9eXC-ehD%gSJ4u;@!hZ=uD(P5<^F`HPgUh zKFnTdIiayznw^qU?nZyv+0{kNW!#x*pRJh4|D0|9KW8G98t}A8Bdot)<<{-na2+%N z@kk`l($e0D`u!OMgEtXhK!nN6F*Y>xO%`_5U+GU*x_4bEUFDOlGK{1=a;Og?y-RZK z+Iz^-x9;4TZDH_i1OPyDcEoErj-#lkIJdBXl-gZ8fGA*CU1-`&`o0rFVcgzsVMzV? z69)>vdZkmIsxXute-P~a32FQzZ%UgE_7)TsJ<-tkWb`)r=;%nJByRCzRWM4%=T!!cu^2q@W65F1V3xlP5EfI}leu@T~LsXpva}EW^mhM*+vK!Brf=AR10~U-ffoDJ4BU zy~$LyupuXm+_bjhz_p*ed&j%8v%~Ij=43vSj|mk{i6sVykgy51!wyA4O3(;Ap>nTR zRz2Skx4ypqhVNr#OzGj_@!_{&jEfSDvX&MtG$n-|rUjXuQ(f{eGqbX`5yyr`;T|({U8&7q0LSGX z)hj#BXBB{m^}yqYi_9owWM!X2dy^&`%OosJSL>-05Zq-fKYzLLeA5%=ptmK(=fEGQ z=jSom*w`QwV?!B;6L#hO#AD_Up>^ZYBWkP4Z7ihEx8Iz6U6ARg!qNnmLb^U(-G3qW zaIT(4toiM0xQ}2k9TJ`X`e>0!?>Af_VPUAuks2NSnIVaZwB{4#WPl`G(&l|NicI}P z+)s1?pP~N5+60A%`_SBOO-v3Q9C8A;5&k$935$h#~Em;Zp(huovd^|0vn^D zUi?sK0uR--un1Gl(s=uDXJct85MHQnZzmWW9OSp1!x1@Ix`}#xxG|w;WfgHp{*x}G zuumi-IXa@Sg|9j_9!E!iBeo&;tBw@^(!N|_JzUN2@Bj5O1M!5tl>vO{RH54ktt&lW z+6hh-@fw%CCA4&vUsOcOb#P~Ng75mo&FuKsBq`aOmI#Ij;2N%qiHWguaCk#+V>w>><*l8r z?u~F-0dz1HM8tsl#U}ke067=h|4_j_{IN^W`vXe=jq)EyR$wuQDS3H$KggtgvUPTL z4h#!}s(_Z5lmzeVzIlVm#l;mJ6N5Blt(~1xec$D0rl(P#&%${?wka+y2I&DCb)B3X za2F9Ma1d8T)W-X{jg5jPtwU02%8a*fV?u-UD1xoMwbd&=o(fK#-fW6Y0`<#9zPGPW z&)ht-Xu-&Dc2-}=X$xg(X&F&8b;1AishFyBM8?-h!`1MxsH3-Ems+NI*aULO8deAfr$oHUecTJUm>n zBPq!=^_ShQqgu9>7&I0iqN7z7^{|mpJ8^c4)5vN@Jj2*njhTRgj0~y*mGSEr$G=n% zH2f>8@tYxJK|agCvmbAlfKGJyp~8~qyldokx?Zx>pH5nRx>0d=;uh1_%eQ2VJ3)$> zj7+~mpu?jTaw2I6AZ`KeHpSi!9>n0e5Ev>54E&{QV36t%3vG@m?OM?P(UTajl8lV4 zLSDbpS$AULQL_)gE>%Dt&FGmLV3wp0pL&VB9#&%K+$(2)%)|30l^2~hIC52iGa{(1l3XH#1K!}I?4*_8kBaz@=sWDHY|WVk(t8RH8hf39Lk zIhg)@O$xX893$f}xwUW(n{s^Cop#I>Q#_ExGkm@3eci)JX^kD9lSyI35D3Gr|8BdhZO?yoKiX^g%mRE`HJvyP$}1=cSEJCx8$betU}<$iCerys1CKl< z15}w96uFuC`2pS2n_$wDAHQJX#I>&)uYb|A|01=`56PIg=-`{025b@-6eI>nXwu`< zLg;j@0BVO+)|lXlslMs!>*KInkb@e8j)F!#r>`0znJ?s5s_yQrj5yK#X%@CU z4PmRsfuJ49>;UhtT)Cp#9>)QVAuZ|#H~01XYT1&I;GvOy)7aSfI7`(4 z*f{8&@X*oGw|3gt{z8Y2`XjMooZ{{ec|zv2+Ij{Zxh>>E&7o9Kjx7>>5ShS5hG%%q z9L2vq#?w*Sj0eR71ZuanM*##>@8{cMCDN1;yvSwLUJG1R#Nm`D0|HIT?V0ln3T74; z18_<2OaqXve~*ce5N^Inz@D<@9A*Det354OmsLr!zxa4fw zp=EZ9`oI6V4Mwk9?)%XL=h-5H1zY;+S&l^*iLW!Nwafu5R$w9fbh{_8q!+n5MDSEd#I zEb7io$&`l#Kvr`Li;VFU<#b8diSmmVjInJ!MP_RD>!bU5V=x;axmWX9Ok%ESd|+SO z*v(ByPEHQ8iw}TtCLSI#ATImOW83BdU5LGU^(t*~vf7;nYRA%G7LAaQ5D6I>CQ2z| zU|>V>PSgxwmnOEFv-cede5o%pRGqe)D6W!_C~dY#AjSfrjM>fGrv-K0cn3%SbM)Yj=0oCnbdeuy>wu7d^rP z^Sd3f!%?re$suXyQgUA;@B53c(VPtR7bD2dMMUURY!eFB&-?#7I z^VYfaZrgjBrfg_r1R#~c&(ANnu&@zWKJLHtn-djk1~div`ME&;03Fr< z%p^k8LI~cv_ADzR3gThOQ@-j@Qe!M`=BPTONW*-5bfHJs8JMb~g(-{C!n&jFzZ^ER zlCT2GtDt}j61^aV7i9upY(&i-AlZt|YJ3zT3S?$xvIAsqPv9f&5;=Xqs#WR*q`}u$ z1xA1eP+rnl;^`{E0C+=b1+Lw>a|ha>W=*Rq%oi{EKIsr3esuZ#zooixl0{C|!z=dG z(>q*P2!`Ox{%~&dy|7t#L-*k4pitP5UwKmltryg8c0Rr#mr8x|l9-s7g*-rK(0Da8 zHhvr2kBy086cw!*#pVCkz*vyu?=iDxUy{5+ZZxnaMs=PyXHcQ2JcAHPUBa)ah5i-C zdM=ZLNsc4R4F2=7@PD5Ryn8z>?Z4_2jRc0of3>5sVkRc{I#Wa=#>cgQUZU?3KBU#s(#myMRpox$ zdxgPm3k{x61G+C5_<&iU^HE+UlP>t@r-xSU4gY5KA(MWNNWfG+F)?I-L|?ug1MmUe zhCL$a!0QbZI&NsFd#tR8SYgza90p!H6RYFlt;N~`L;`T1-asp(P`nnSzHqBZzocGb zNeBGB55it8%pga4ZpLjI$j#1P`_FAzYv40zAK5=O(}ePJm6|#jNsUcSO#rb5%v~4a zji+a4-@{GUH#S~D1SRN?-Q3(hBqZRYkVu6@v9*}uiGaP0jSZk8#SQ4`VTqm^sno8{ z;*ydUSR)tYl<{hJC<8+}o`hy*W=Q*tiHTYCOO`3pJu9p%$%X( ze`{;m-TcM~$PRZD5(9zv=rBOwJHT!Pfdl!Rw7S;!gBS#=9suEpq5(*K2^c?jUeF1k zp7s7DHKXT+LI<*^{O)N+PIWNk7h>2aVAP?qYS;{2TP#~kYvfH(!L9&EbaHZnWLqeb zAdh$i>J~2Uv-*bA(sIXG~x_ zC11sV{o;tI;CnetG1THlmPGinRG-Q#Boq~uccWH*LP9^^BaoDCsc&n;u(V|T5T7vM zJWGI_>su%;5@KRkWn^TmPudww`bKGphz?k_v-S(x+c%lX0gr$q=ZZe#atYt#3Ek*oeo= zqIz#Q47mojx3T%Ar$2L7lSSTp#L2}YrtRV3)Bk#tF+Vq#gww9zB>N+Bg7&wf;!{6= z&J|n9J|uai`hA*H1o?&{v`nMAX7;<`Jjk#A?-R+dfbd9D4w{{v#Y(Wu#*dMK9%5ET z)VA#G8DG}(nCNIY!%Xc}6`(loUBs7^K44{S25&Qa$;-p@a`g}xhPk;pZpi}b_J+-K z=ppV-Bx<|>GUVXmT!`fA^9Hj$l4Ia48=xnILS(u2TFv%k?=29CFHfAI9)enHYs(3= z?F3HNgA#CgP?*0?uF6BNlAg{CL9@a$%%)L@1BDS?Nz?)a4Lr-q%JgIR{-4i*9d}Av zIjfkPGeq<)BO@aq_Iwf&XaIRUw>XB-)thY$LU}=^NCn*vS{R?OFv7~pO6%!bZx;&& zrOTGr8XCX$CxKP;hOYsto6@y_7=8j|Q)F`T#jpda7GTB9<|Z*f2;jaL@88c**oWu4 zEvb1V$;rs{ApETz9GU=GjKx)Wd~CXr5Ip z*oGi6AQ0~+uoeJCBmwwECM6+sm0XGl9mr?^JTr%Qc^hpoYC&!K5EghXo!NiB6F zZZKfo=>P_gT7Xa-z)s1JL3i#A+SUyYj;lx~7)r%;Bl4+|me$!N{9OSj`Jvh7ZL5Xt z8;n;AqI;FE^F+(OC45PdHTZ<}NqVqp26I}WWsbH*`d5=j_a4QW4*rV&$@nupjAMcF znk19WKT&gr!!@Ep0-}*(3JH=Kn~Tn!yK`%xftqbb-OMRE98G|eP5>OTGvPSJ;k2a- z5-|eBLHIKtFO7WUu)=QIe-Aut=fURmG@?tR;4L?xR)FS-q2@8&s>f#=4ma>{Z5KN)SD(tF@`e(F8>P3pZq88yf79bN_H1U0migLh7dy^$@B#KcE2~u>JV~XcNfogUB%=^%T6=J0gM@WmUCL4(x96KF7_Q zKCt>#a&koEM&@h>e!VQ%pI|5W=bwN0?G^}tk47+T@zeFmW;GD99l>Px zb2YMH#w8hesoCjiC0$o%=p^cZy9HmlBNtZ-b+i*$m1nZD1|UvyTTLbcN453)Zpz$} zgvV6mTJ_@oE5S#PfJzPr^5cs~1aOWBiPY26!)-Pg`r!k~`1rW(o@e)GF>cH8I0%~A z`83VYpulL~Yji;bgoL;G`QzYB5DspkGs#SIadA-^sJ!&o6}-TEAoMRkKmUi1ADjEr zU)X8=DAjMm3#Svrss&zp8Kwg`I5?2Di#OqI_h&R1f*_#bC4i#&iTkbcbb2?<{}^9I5dXjSxAx2b#ArOdgnz z76t(WjXr$v#cU`W;qm6@pTP7Hf|sH7odF{lf~keJYB7q|0V?57 zP&YM|0(c+&`fxxca(tksU%P(25udHH)^W-`_AmcKt>5tk~F3^WR zfrJ?p7M2F0OEk+%JZP1FspVL%YJyUN(1~f#)dS}9eYZZ!VLSJ9?4Aw00hwzqHA3Vo zxYu~8jSqCSyj?F2OR%1LL0duQb-Gz2sx~s^aT*3D)8~wLI+_Vc*DB+L9?H1h7Z>T* z=Wtx1MSJkNJQ}#$?)*2h5Iml_u7{Rm+s**i)T`YD2&uVsL0)*EQ$1e14uWHArStAj zAY{YOlQ|5qUYFa~wY7ynw6p8gUx7g+yOx8EIY3PiXViR_=7Js|6^w(`%EH~j>E4U1 zYS#2Qo(KmA22LL@ru+cr8EE39oa&Qc$4TeAYAH0_Ca7A_3Gj*{n3$BWK(;i#p4OpR zJYRMOTr8F@t*}c!J3&JnmvOirXFNej(?6->MP@?;U@!xyY5sbYQf_XQXp|5O#hgGB z@K&F!+;3nfNPV6v)eOk?ttKCgiKIfw5?DdThPEMJ&2OwObYSVm$$h8Ifsc)>z!=Jx zEVrjm1AA&bJ>km+AlFJI@LHI!0`sq5d2zB@dTye zOZ6;O*y&AX=HKwAN%-JE4Amcyr-C~n&vOtqu!k~A_*25zQ&&$3LQyd9&ofjX-sIxy0~-TX%Y*t0!Rt&PWe!-GZ=+&U!~pmf=WGU;c>!iZ zXY4dCj`DBK<#`VBJq-4hp&Tpov3I)_xsIFK80^sY*wSV|RTvFdJXqAF^hb1@vG7zd z04y2`B+1;cRmOlRs(8~|kFt2PHwhjnkdX;SqXh1n8)ldc>{t4KA56jtz#mvaY-s1E zSaAB`+zx!{?0@+ZV!ecpX3&8`k=;O}%moF-a8>i53rt;PI=~4WShN|#6UmE>oi?MI zq4IMj2}w z@g|H^y9-{PEsCPy;NZ08$;WfPF&C{UE8A}8>LMX0mjY>H_d&`!BzQwu4F=}IAun9L zc1=9$jy&F)!~u?WF^CU&kV6q>V2sDJ%4J_4D67hol??tzleFJhU;c`=NRXy?z5?Sn zpi{jCO(6SkA83?N6`xOUj|0U4!bo9Njl-T5qzk03!hJ-2_~12QTJ={BCQQ08kh#gR z{58mv{E%G74t{8r*`hGDGn_!;h8pf$Q{!1ZRF%wc^B#oL(MjwpSJ*Ab`J2ONTHuh8 zJP3&Hj(|WsWN(bE9MAJMRS{NJ)|Q`EaC8=;hpR&oe3MQ-P?({OMT9gU#9Dhi4xZ}5 zc&K?>eh$Y2IoFa5%@S5{(UzW`NHuNe+b!FBhlgxiCrxM7H!P_{f2$XAt4HsSM69IkqLP;;Bq!pxxD)2C0v=RpZ$-LrTBlE*)b zMJ^?)K*EERISbO4+sX0|Zi~_A{{DXSQ|k(=>SHV~D8>sKhrkK;!4#@i8yiemj+i%( zjR|&nyh)LHuyoRgMM#af1xPiK85=+YY{8LtLkWFAjt@TGR+4N!GPBwkM5^*r3GL|8 z>*aSjs&=DYy4BJFNFU4NWn7T$i~uT@mX^-F%62>6X>4jj`w$cJ1jen_M@M1)44D?B zciR$!@maYnjUrT>prd8@>i!P?ODGiceiYiekf&jm;p+A4hGQjTho_LP%d&?GON2|E zPXtdz*`D04={ixcJQqFzcFlRK4%>ojVzE8G0d}=J&I)4A)M~;L$!|+Btvrz( z7#~2|qS~!;nD~Jf`RTJ~2)8&7I~9=f+W99w{x`7If#Kob!7hke8TDJz#l_{zDd7LQ zyD4tO{nHu8;RB%0dj1a?_;o-{P0jiVmlqtAZk{^7{SwKG z?{Z(jB{1n%f#3ZEkrE0cqLHu=aLccN00uswwu9=-+K%&g)?s$L$Ye=?xTB*ZoOc~` z1->KZcOE_rBNjdT0P&;*ZjT-@zwU9ed>1(})Bc}zu*;x`h{f?TJLhnCBDfYKQNRwX z^jKi<=X0MYA>_!kF#KsN^P#;7&&zY6oz|N$F1HHU>Z>g%ty2TqHm#clow6P^(g2OWeftJ}gsC*`iKmb( z^cKGx3h5oFwX%DVl(A_xDDz6yX%4Z^upWUYx{sWcse^fk;EnD zgEccZ*9h<>L=elqE{;9LQqcp8VnUx}0Mal>n5ki>>30av93T1=} z8D(dMkj(56ima?`BD0LF=l$tC&+C4!`@ZhydG2StUe6!b>$)!T`+djf^Er<9IF3UX zW)s*HpCKA`B4+}AyUka(asB!a_7Bb{@ZR*|VmwxYz~p@b%SCOmGg~4%$}=o=OB?MAj#0 z*W;xF%G%mYcqpHfv_iprwLF+i;7KuEutj#6J@v&1acK>bRn1$2`>|#ZC`PTvIsFps z895N>gl_fBe8BrH0y7nhOG!LG{j*W4dvH(^C(#XSYZNEkf$+V3hyLVap*xV@&y3_P zIkt=zCiq@TsZZ1hBChNmE6EWLG!G*8@!D-{U%R^tfkRZ`xd8DE6MYKuG$NKD8IF|l z*T#9DDcqud3|S%|@p=46&>-7jGy{wmayXckU9kO;XImwe(KQt|n*Ab4q zC;(@u{0q?)fxIRakn1On+3ozY!<=@55V^{aC0MVyX z9qW1R#SV-E}%*uw$h2#(XOjCnzIfK=Vv;?!QtW13K}&K!Qw%LEJdhu z&t76;aCwzjsBuo3(VgO~#`iR!FcJ(0|JAK$;fYH4BAX%@tV#l5l=pxd_^ zj-3-;2L|5KoVA;(7){O9I2Gz}s>MK0?=S%IC0{SR5Ss-((VmuQ>avtRGi(oLX93m<+br=b}iHcNS_4`6mE%@vH41Zdp$}X~{Ij?pfE2 zC%S*GXcwW~W```ytPcL#JoxRK!q;PxK~*1^92ultOTR@o)ZOPmh@lK@4ws@pdApb zk(({z=-7Mwro<@)!qG+GABfIQIL^$`E*hFov84w+TIDxg`u_dx*9ihK^7}S(%WXQx zGO8WGNF?tGYyC8}!$H2UFDe|j{kDEny+hc=<;*mb)J7F^bDg6qo)-OFH^vo?>RW78 zHo9fTOMKB28QtH$xtI6IAkDbi5_KUtxFGjJvdGj&d`EtMS7w+ZAqz(~3MCWC>hy5b zX7X1|R*Da3$Q@=KJpKC#wb3w%e@9nT5in<7+sv+E`n$?L%MURQb$L} zu>RGyp@xLYWP6xY;KZHXl);YcnXvA;wDl2?;1R5K;MH{`3c-|I1U9D0j@ z9QfkkB9C4BT$U`DwTQI+JYY9+EsqEyNBiWZZe0UL*pPyx0`85INcMK}=&z@M7Aw_G z9&0uTO-6MGOei~r?T=$y?%TiLrAB1wIWn0pL@gu>vyFL+EAojf8y(FG&s8T()%tky z6u?MLr-h%F90={DQ|hS)=>g%R=b|-)2Hf#`&=O@^W1_~7 z;bvbce>Q^f95L=3N?@T3A@Hh5Mg4o{yV# z-7}d*w8g9HM5yJyxqw5Nznztp6_@q;A_w_;*bbIP9Lctv58xLN@IUvU_4SqISX8|T zt2czQ z#+693KL9N}%*zu&ww+?P1Rt~*Y=+=UjuYkzpC<_6%&L(nauX`@OpuWre#md!bDY>v zk+D*R!6*L4sL>N?Wp7p+@W6+q#c7d{Ti*^+P?mBMRQ4o?dY+?$>n8eY7~M+n;MWe< zfLol!t(uI&lTh&NuntHWHoW+$5judI-n*NG$;V-TnDb{{|x ze&c$nh{J`4Ko>-#B;~jOt#Dpol|GzV7FDluHQ=L$uPTpywOWEQ)C=V9R;EE!+R5Gl z0kikNk>;_pJOXwjf(N%tmp?qMZ*k*B7<`RZrYcS6t)jhEH>;>L?rGFoq}yeS1JNgM zosfX~zdY#(h(LsbsZ>W+s^FRow;KyNF&BAZ`#fZ8*Zuvw|4>Lvab%NNPi&n*ruqKu ze0(a%>2A#3^;IFC$jq9`@AhnfJ;ETOd$j-Tqh0kLIaS*0kdgQUhB(|b;+8Jp19KFBuT|3rbsw8H-< z=eJknE+V|=EBuRFDt+TrbUY##nKt>1k2jiGH?Ah9e_31KNT=+j`JdXcS!H4o{0GlDJqX5wh`W7~IDbSv3uKlb= zGcE4jCoA%_SP#@73bEs;ryDaO!z+E~?d`oM3H&Tj95Lx@CpT4qx(mWNO<|D>`2fNs z;HcqNq*N;ygoQ&0%}d}Na;~QIst+HKMcly!D&k0!ddel^MJEJ_?KqCiZelsX zp{EN{_1QTVtC3bogtRrAHW6F`^0^i!nm|6&YH$PY3r(c^@qB>a)d&AY1|2+ps=o%J z5ftm?mqAG09Qb$}d>5=uV82LcLM$ z&3?{)xalyCHbnT9`7n5-k06=e!*6~Mn1$x&3nDPjDzYbUwjKL=YHFlS8jqU_@r&i? zQJ9TrC^+B>rMYv8ENX;Gah?YpH)8_G<4|gYig%ch)i4v2dLaBf>SYqyyPtI?x~(qV3@H#R!tB|;)9Y<&RpdJpLASjn9` z!vrkAdf>o-*Kad`PaaLb0PVqD7JVOHfXDUY(g++FxJu4c+!FZsm(WM@t1k22_<9l) z^oIvq_N~>h#tCjBa`yD;8=VC!)H1G{sBho7Q*w5q7Z$5cIOhP8srT&p09t8wAlwW0 z3W@CmupEsuvVR3EW{3>7DC*F;6 zDs=&H5=#dnK1d0GGB82(H?SFTiV%_0n0FF>kPb5u90rC^*iaI!i*<>RV>Z&tk339S zw^Rz-zNev>?b#1+pi460!aVYL_!U`GNGpG z|B6aD4)O+cFL7SsEI5l0JT@`GgtQo?Zj(jSa!udfI?xUS9$&zDrNuVeB#tSLJE&Ou{k1d&WM-oNeCzLGyV*N9m|0ub zqzQxNEGjz92Ab~curc|Fyp)&K`UW+@ti{>~Gu@6k`5~2sx!i>df~U7mLDlz^P$`lE z0CkO*(vdWzOe^#+7?6PT-%GADQI&uPpDvY4&GBVoy0GL)N|uXjB#`sHsoYqWX`fK| z#cx~_n+=cH>hQ8|`x|Se@{`c<`!}i$jipn9^sl)&A3tLp z3vXX0s*%%p?LpqDUE8JCE-v=EM=lbOm8ZE^HdxrB_~jN!av6{H!FW0J?fFS}>vhwY z1L^AXM{Oe*x7_#Kyv_2(+dz^6__Ux3JLG}bS;Gm5a74*6dOMq}I)iGkR2NA64#+mM zuwYM5C*QZ|Nzw?QFtxha&F4erM%Z(WRkXc?;?1-yN7lu=@*f=RtBzFl$ol=|dHxD4 z)QH{rEiL58+G?13Iwbfzz{NpdHw6|&$)n&D&ct)%$TJZq;k_qrh9R2+OXLQ$gqY)~ z;(+bJ%*B=Xz;1R4>}4VRLlx9=g6|dOgv4>aHfLHG_+(h1<`oq}0sZfwW)rbFdUy%=mMH(!s&lK?$^~gS#e(8gT48)d&y!bSd1m_?sLlny8SAE0>90eQo z$4U6h@Ids2o03ug$ph~$>MYMeEhdn#!)Xa($uI)-V_eQBU|GN#Qo57rxNw4`(EvLq zfJ5v-MB>R$w3z0hFu2$#DW?QXCOL(1F!VSr&Cx?_;Qu86O$S9+QaGwjDq(>p-cibN zL^jxUzXGSAKnPVxq5y%Y{n3HJq^Pts)u@px#HMQv0_d4c^In1=@d)v>RyjjRu8o$X zr{L5JwVzl+ip3H5uYj0CIfe%w_G|d_Pgo5<3wIKkA6pJTMn9?(S9}H09tLbfU=GT4 zmS5hn5>jY3G+`)e(GntZWczI0=?0@o4{+D(6=f}Yy1KB*>e-p5sX>fd30xz583#9{ z*XQ6e38zY;?mjQU0vHW!=f_KDkwFDuxxr1K544CZ3T3`x6!?_hqND{(btkT*7vLlU z95wkEyrvsqFfT3egUQBGSz+x&(0bmQDEyr0GRMI)lkDmq0MPef5 zEqNJ&6RSavljTL6F{A;=TiZti?k-nPC>o~{O6h}#ADbpyB9R`yR0l)n=k1Mmft=TcM^ws`a{4&g~Utz@FAdL5>>U- z$b{2PJ7fXL44Ymv!UC{<*U<+uLA=eflfvUg)X2UdcAoWTyKohZBE+H3;8O98mrQQi z*w8d}{1aA9&tEs@f_{V%UQuLppZMA3Qe{yb73R#o>AfXPlwYco859*@|0M zmH_&J90iOfBDb|5FNxbomgQe59Yi_P2Yfx%MSv7i!&zP)JGP2|o(ON;9xpO9cqx&8 zxa_G+O`2pc13@k)A+Z`h7?`v|N%q6mjXI&MtgP=jFkRiSxR=V{>1jLa2x~wy3Yijn zn-_xlEm#03i3Gi(y0uzZ=K7A6NRe5vb++s~a~=e)y7LDQ(26*uR!j+TL)g-R*$RCF z0`QnV#VWF94UvQU;6qS0sBgxm>3~y+bgrQA$&D`di!60Qy^2Qe0xWN_@XK<2;a4Ed z{3=OSz{y^$)XQbwj5kMGo6~c`!}p=^ZHMbAI7w#*qeBV9fFBUj0{_9a z*?j?9p8zkQEC>&|AB+$LL!6#_U2d4)oD87vPIUsDou+|}I9 z#Z!^?8swp&b_VJ#74Ql&z$#+gM~H?;APRgL4uz(~?o_n|oKSZ$+X2=#FT8BfRDu)~ zgz4Zo10Hh0`DBJJB7h^0@Q{%JqJQ5a4anpa8S^!rfga2W|Q?Acz(m0{wL#XH6w z8Q`&zCyh1TcS2(rTELAPhj68ZRaI5IsxhElP#k{;J`!_C!F%>S153n+d>bzY&?O%m ze$DFDUolw0de{i*+2E(}Rm4Yxw5=CUlboyg@Tl{1Y=}e?cE|r@?BkVRK4L+o<@fKw z?9Sl2v6U@2<)ozxucg5cV(y=3sfve(SB4z=UD>a|fB?5*?eh9`F!-FDoTU@6VY!u+ zNuX$wkOb!fj_}I{fQj~b_6+}DF2tm`v{VP5Q?)(MSKX@+>6a?{ZXn~esz<*kCWRe; zXG1<^>b631#`Fr>+6qod`D(w!D(^x<_Er$eHk)W zbf-;0UJ?jM81lS0VgvRmc*nlaXZjTqFXR$vE|JIn{r>&?fMsd+rjfs?-m`7>K4o?n z`CmX_~( zzRSecvb?&G;2y5iIU+H6cHTs^ruDL??A^u{^Y#e0IXI153 zy~ifggFoB8-rieDJG$plp7?`@ZkYvXMrLnp<9pjiNUkU0gU^pNR#nNrkCkseFebmA zA#BIp9w8?g@&#@l9?_aPC#5@YRB-UEVPiNms^j+$aJQ2wfa}`c%Vf8hJgY4r+b1U{IB!#^D*F$saekD>mEtA=$HL9^<5ekJx~%Q zb#=Z#kF_AEfnZhQONo8{kC6gS$CdYPe*HAXM=y3&rs`{)+mOW{WriN^A}5!DPuRL= z&pD)Yq>vcGM_K|(fx>~gNd|z#^RVSNB~+?QzzhlM9h7==MdHQeJ0O3lNT)7Bvz|M* z9s)4&tsT935_%yLzJECe6%R%&ZPYH4_GEYlzW)9fzNQ6`&I880b#Kjd zD9?kJmX5clZwP5;(~a5`!}SlC^v4Vn)v)ldbrgl;^N$m|3BFk zfp_eDyYqx3+D|N-y;Z|4DRqvsVG8ySG1y)Xz%vU1QSjG5I35(juO2%X8e)3{)rI)= z@}p(PiNX_L%aHsL<8zA<*lR!*Dn3)nE)Xm*eW0pi8Il)CTrC?-(4R!F1}_c9Ux4pgxNu#qRvkLx!A+ar_4`X-H~(u4Foya)y_)?VFJ=e*+Us}~~tMxBA7j7g= zE3V7tmJ2&LWFgvMaaO`#M#{uM5pyc#VMU%^j6wQt+?35ismyCHpR&Afk|cDcG|t@P5Ar3s6y8i+b%a& z37H&Qsii6TkH$zNo*y?`<_uY{`AHt^;U7YTTB^fw=}g-6f0H#MRwC}jPhNi)Y)`-7 z(`W>#M=b%(wOQ$tpl-`lcp0-H{tD76Fz%m4Ei{Xbj#1WQa%P2x9pYHjRouDH@-=-M?jWnLnd+ z+=YaKaz%p?D?YNkM%;a)tIsDqqw}zryDxF}?5b~q7vWp;YX6={LaSd4XcwE9k>xav z7UxC=H?KMW&l>q69n;3WFYIkapu4&!JjyGkHd5 zCUoyXN#(e0ppkGn_|~!WZL8dmoh;~JKE2Fudb+S9X-|K(#@DXMs}TI-8-8T9agrMr z`A}cK&9^)V^4X_!nK*3$7l*h!nFsfRYF=+#&k^Dw{aaFy9ho)yErLf3{7*!2X{l?k z{vyOmi<`y&lE%A-ha>(J*Qfpu#dQlVPbpf*?IjbLS;wurq(X+`8rkHgsk~|h-kO*l z-rjtNO-f~{9|F1$-^#6Nsa8f3%pQlkjsOs<-hTj zg6?MgxWrUWX*oG=B_Z6o`6&B@PniX4BFzql)VAr9F7|TPT7Zo}=@Sj=rsJO#<)~oR zpM?oH=6q+hWyc0UOdz(qFZa2dU5 zSdQBbM2%fAe)tJZIHAB_SAUwb0LF%V4B?QF5D{q{wH?$ucdj{!Y=T549N46*3Yt|k ze}kW)3$QyHybO^~kT&6Ln9uT5Ipt854hFd;*Aa~t_&rUo0R7g%{0*Yaf`gv#`W`~< zkOK>r+jBv@kKnKVh$cXeXa=-LZ`}z}Lrf|)$cKi7G2|}(GJ0f>WOm+do6&>T>~AW( z34+hM(`@ULtXmVop`q3O9n>p4fFO_pvoQ!8;~|s}A9wh56lg4656ytc@#PH244s&e zXGoNYyQdeFy)Nhq7d3iX+Ot5AfS@{y^RwB|?1-!e$-J-05vdCVjY(+O<1pcR9MP*7 z!;ww2bfP-r>?MLf!fjv2(jp)9m6zXd&O-qTz`7zujf;Xv*!Xb4l7&4%TU&YY^uebq928dz+{^>9pmXI2I zC=#1)ly;AUC;%X>0=;KDnllZ~K-;s12)T=w-1V%i(myTq^{MrJ{hH6+7~N*pLRLQ3 z^=o+Kh)#zvF$f3lzB3OGD7Aolc}OSpWy%pkI>4z5mR-Bq0x{Ta4DHlgw`vbLT_JT0D5fVR1E9WVVFj^4_c2m%K>4p_tft9yGPbzSW5swzbJGIWJUew580hSV z50n1@@y_7c;mNbX&qu@(t44gNkb;5&QmTTzjetL}rcCakibD)$W@d(kbxEsK^*luY zr9|LY%MVkrFf!i8`9vyQ(XOiu{IieFZUcik5zm6DV*)4jljLBa#hX!rjP}ta4UYqN zM9jKGzeLH=42VGEAyW}L6ey%T8fhQ2$)2nhfZBB*&jNi9N>giurIGQO-JDm{Gy~Y2 z$WV!AoR~&0&Mrg=uu3Z^e0+TGtVgTyVrxKz8Z%Bb80{GCfrgu3RlX1D&5Fb%00W47 zs41-6uAP!(@nd|v+*0GRCeSbAITl}&o=GbRg8d-i;1WsrICsNH3p($bv8-Q#IY|J1 z>2Vq=Dk{h{iUEHlWo4tZi``K?!`v}}HyIAgbbhecS@@7htrpZHXu!l91Uae-M5eY1 z3I$F_=*}O!Z;SOzl78$ja`+&TnM5)7*1daWkj9w-&f{~9+p~AZ)mIQlZCl47>=VLt zL6^pPUxLO_FXP!Rb+2(?9Kd~cf(z2s)g``hD7&tLL!`qGVWn}B>VsV*1q%1+ zZmkYG?;s;7dFB0`75D_KcJsaK?B*v!mwMm{BGz@m=~fH=GxU5WUy1;;Bymw_L4amS zPp|{_gynY=l>xaFAOEeW-6oFsuNSuxCTtV! zKuRADs`~Aq721d{6XKx4mXjVCHNsW|IVE`WH3*bA#m4Oo{jsGU0N_szjysUM-LUXta za6>nY=%jx8t?h{%KmpqZjZ}RZ;hC??zxMs{l+@=Wa&j1J!J2QJwU~lvlCD16TK+xS zm-vZ>lS^kns+*K@spAkOer~uflYfSzfmgZ%_kfKbyNV}DrC|J^B5e1B5FH7f(|()E3NI(J|1|8da82Th@^rb5wKYiK)e%C(Z;IPh~;OEcL zqOsE2;mWUHXX$s^{uq!4p&*7p4Q;9>Pwa69JEaE$$xBfjQ=#G1hAo)D2Y3-oJ!oZgrr%h@t(RQu;Q|Cha;|3zyk z|5GKghBxcEo_p>;%(%1gkU4qg3}cHEGcy5i>5N#$-?@BCt9Yt3eOl@gj6Ico!(a0~ z717P4Uo}d6Zq;mKSVK_>^AXcNeNDQ?Z7LaC=f1eNUTA6Dt6x`fmsvBTCo@-c8~vGc z_8a$AUhbQrAK;%k%%(KX*{SJ1@8DmiwXg8dOmBa;O+c$zW&ftItouQnCr4V$9;2ZD z2+xsN`Dks)oAMDwGWI%$S-nmxrpm53XVarL+V$;Rv_a73-M(dCtLrjt`gTQoY3Wzo zdB66td5wDBO%a}@xqVe%8cMjsltT1E9CKHkdGbES(V{86?@*A+V#!mH94VJqYacW1 ze{p(o>;6m9O#7QFL{11QUCvYob@g*5;_*O;gj;Hq-dNqsoDXV~Y?iw&RA#g$P;LF% zI?m10*+mFt@=7&RFcBJTOYkQRGz z5R86PyMey0S$BFJb;hc)6spLppSu=CGq&vBEsgN#9#!b#hXWmLY!qIaROED){L}@h zcKrC_lFE$^Pip>(Ryu}C6}CcJksNn9{<-Bn$kDIDhD$=+lil#U054QqXyBtHq-vdp zBXlo4k}Y~azO;1x^t|~>BQ@9W3*V_~i|gII`Zh(#R|dLV??&{ALOPqS0+Nq-|2(d< zo*psVFPzN6v(G~-T|C8L$gC@od7161vJ%eG((xxwCr4oLh`abp-5VAeR6}cYeXqzV zKD1ugzT583((FMk8MReC^bG75xQ(nAphSVHk%y9k)|Tp*o3qA+wr2YNl%AgK@~zwX zsh>UGaHs9cGReu6wJ8o7S>LJ<)lqrE%)#*xM>?q;)3oi~R$Dijdq(xNIotTUxau>S zEQh&vIxp{xUK779znS{!(s}1>4ajPwv7&Y|DK*{2Yg`8V;tU#tuimuD;K#tH{3?<5 zzqC?v-Xcp#aawW&$xHrS3~b||pzOhN2!i{77t$4i9ZbTOI4fOF`5{L-;?Cw=kVJ5eQNF8ERO~riM|(uns4EIN|^WtX?WC_()d2i`d-kO}e^N z?aL9gcVj;7XwrV+h7XBVr5?;Dmyxd|22j|#gcoOYkY~7{+aLwCJlfDLfiqB@wT_f* zwxF+%8b==_q~dS8}g$yN|!#YoqSNqPLvfd{g&z?)IcwqGwq8^gfpo zP=y2)r6p*bTq8KS9+YMmvKTZFIE>zgF}L`H{`LZ(fhvU*Efd;=vg5?f1GqPBNL9d; zJm?RE{@&%}#*vNfJam~t0XNM0r=HZbxRL+(@k8igh>|$?GnQYTT1vL=H-PQZMrPN+|j< zNF_*<0YW!p>O-1Z70g!2DJj}u$jGDtpc(`q0vD0oeojz-N=i51pkfUI-L-E+sB{N< zuDto7Yc#Gc=uyC-jOf1Pyqa7#~0>Rc1>msB8uAyBtgA7oOgbmt6dHV=}?Oackn7(9Bv*AZ>;1zDLP^(iS^$4&e8)ehs%bB zZs_F$*8ww-E~k3>Ys_K*3%Ghi)j|sT3A&)YT4Uo=EYGjNSm@LVbNm(HI2`|2k%jmH z5kqn9;lK}pRO?_DBQ0YYGV;(fD;&mQ!nvV=0A!G+96LVbD-cHg#<$VD)Q*UXyx{oY zbAA2$MBhg&5`E?Cybrp?7A*uQ6*cT{1m%Yoqlb?ic?nJ(k~`{;wm~JWBCgPUbZUla zij{@M6}dLavjMzO7{K~HuLIiEMIyg9d$uRX2eQ_DU@wdkV8WQZCrD&l9qV|RDWFKDjc4r7K z+NP#n9vC!-#D$Bdk!PXjgLZjeQsRo}VZJzT3#$%ESfw3|MU|KxgcfKmQpXMM z_SEh3#^5fdvE=w!!%K2Op6!gO4UoJd-2)4tjlKZBH2|B{xCgrMQmq%jsA*5i4LT7$<%*M2RpWb50^=ta)<_mQxwF*2F30m?fX}$+11$JG%U z;2g|zn?<}OkL^=?lT?$tH+tRkT={UTV@!!c3|(KAAE`}Uop+OddQG+3(_~}@WI6|Y z1Jk5K#9xq&Q~~ROgCd^Pb0E0=y3~N2O020O zPX}k$#Qd$XP3Gq2s}}~@@Ef(h3G_HbtBH-MQzwKADs5hauYwxn@!|y|I`CrPkdCqO zbJMJXZ!6D37$PN9$g(!{RG&ky+bh?uth9cboLPg9dQbH+7las_c{kUq(>)WSJ!pa_U(E8_0reRl`%q5{d5H3DYr9Sfr& z`l@*+3Rx{n7Vc)S#nS;bLM&Fyx%Gbc(Kscx&)3qTx~X5L=<2g`kHJ_+XrNnP+?k0}T7s|R`e*Z6Qd zM@H(sP;ta~hRve$8fAx`;cpo4eGI%OL4LCO#j!O$ zf=PR}s%XTYe^ZSNY5!lp_`U;YlLM1W%zBX#;hK@E(oBm5#&_@b&kd&bV`sc@^bK5p zYgFde`fKW3bC?ssC?$oD*)}|tCZa0D{a{-EW_XST^+TEU2Rr2kwjX3&rF3xcxsX+G z{p6jituMJ6($gxV3-D(}7H}y_J)n8{Qe$uwZh#Z&(=>em|G1GJoH{TBJsB@Q$YiiKdRdUy2W; zSeUQnXsrMA;*_u2!@zl7{p~FN7dRO;cch&Na+WF0yfM#WXc*v<*xi(HP^^TXdXB-( zr2Xu(qe+`qx|%Dl7_S){dM|Q3o9|)79~WL!%A9*N@TJDHI!FD2dDXqm=Or1Buq#&m zk#X#^k<#79YXRFcHG6*UD0!EtU1}z`{$WHoO;UO!kCj=s`BC1gZ$@pdc6$+ThJ%{6cuii@1*3xlwfA!2$Pz-$|BMr|Yrt96r1SUASo0iU&;XJ1t%& zQKQ{aojNldD#|nWOFVJUvbPud_8eWmUhj=&_LnL9-4$QWOpjc<)~MY$XH_pZ z+;&R=Pm=p&%C(-LaA35Z44adtiWY@!mS6xUk}Jnu}C(1wuqzX z7I8-{fh%Ld%_*vMja->TrRdq|Bo>tK}Ez&al2vyyGaQ@{pb^s>$H_5tXSQgBGuU=W`njFGxgl#7TVVGY2r4K%W2{%vO?F2LKZ zpPrLC9k@!Ck1fuPcB4QEDK_ABCqf*Bs5GdgoLjLcXGTE4scR+GZZWE+ua?d;O}esl znaX{X0L=2j+yXhM02nK?1BpA~Zi(QH1IuE1L<4b!G_)YbZOHSW*GcC{9Q-J;?SXx} z3n^pMmoF1&8uJP5ozSSW1_2xX#?tC)Po$#IjtY^~slp(G-n$fHWrIBw$yW_iOC=r= z=F*YE3K)s+LaY1jF$PUb#62+0rDbI?=aSMk*C-sIK|f!F5-B)T$<4u%7(r@FbG7J& z?aN>$<9AvVL@Xlm5BOu^k%W=am{@XxTPv_p3RJ2Hk4JKj@HjqfZ) zkW&mZHA0sw@x0-#ZDC2#OWz)z*35IKSRy5j4^y9nFYs z7_58%eCrfswuJ0O4nhPX9E=c1NaLTABM+kgHR#!p@J45QlB<;|uYN&mNMPxra48_u z_7eDZ07HDx4niuj3n?|4-*{ogp`zt3x+S2kJRa%zSf?0~lwf|I!SdM&T!emWfG&sN zS$9QEB}#3sqIea$W+^gAoRUxnwl8+v=1117EL2a9TACh=;=q=D(V;+ zu~R81JwT|&GRU+X+75a*zqU4|sm2;$^M4tqI=7~yCnFUmm(^fV|CW!iB2iXC+SU0> z72{32#~ZZgf>}kQWP%Bidy_^c6S$>R*s7ehTU6n-Mz2HwxkEZ7>w%@t!WDNrSLVUv zk9CUKCm3rX3)c<`1VAUl#=(7Kctl$(qu`rhrn(ko~6u%hp;$flnklk0GA}A3XlMdhCvqj zgj#_lkJg#t*juFS34j%?K%_Cy1Z*;xm_X84SOC!8R}{W?Y`X*L?Y4w00ssWM!9j-h zG^$~y)Gs4612#9qECqbw=I&lGZ7<*d1kV8iIT@ZJf}E8?aQpKOl zVe?f@0ZSIWKb5$dCUWwoxBaa@CMH!ETW7i*GyN?ua> zw0(>NPRB?+J?q$Nc|Ytc(%lCYT_E}2WAIyQ{OjqsktMD5(>FUl!Jlp4()+2N^PNY1 zeSKA<>qJyCB zfP;|xbuQi{UJ(H#SW!eA!;AJn18)6m*?9KHPn^)ca>d8A1#u0z`v6)bVIRY+y#gX2 zpcPbtM-7&=OM+)A3To_j@wNE#$GP?d6)49ZIj?-se&I227xFd8dQ}J~q$4vr#!KZ| z!d6BG6Jn+VPF7k>Ib58dlp7u%Mq|c@eeU(RG&Hlljro@tj@1Lr6n(!fP}7JjCui?k zmu2Ys0~!UJC=&WIMJ??q4qJ0Dj$}|LYUyLWH0B))>o)mC)z~y(9w{m3S+%K8vsL-? z9F*60U?Is$FZQG*}-yJ z@|T6@h?aSfwPlzi^plAk7AGK=u?P!ATUeBH=~#@fK&^i$_5U7jN>^>*aggw0+J;Z z5HBy+g@s~~`~QaC+~$_19YT=7Z87^!wWX2H+b2YPCUWkr+zl>ERhTwb=70F`5Ox>kB> zGD8gZ%;kt%bq{T>)@cGGf!*we-=nlS^G7MyV(y8YHouRdi3%N2`nP@31#u|eTfFHn zYs$xIVG9z0oNLI5KxEHpcO;=_Y(AW*AaBrK4=plzAliR^m5rPt2!WMQtRQZnLmNPI z-QS)Y<5N^SB`r5?f*K^Xy&g0DwW##{ketr-OTV7NRh#Qmk9q zGGL_ME8R3(vu^@R4F`tp$n0KR5@b9bef=k7r8awHj_nQwtvD zXPmIl=v)2D@8+4sIg^JnOS|MB{sZNCJp54*{hDJ)#b73)`mNKL@{7s~<%9P94u61I zJR{3B7fc1F?C_yO2X44r1@D2qq68N~$KnJU}z-pHd1wW$t4 zo5eH#feAM+DT%w3O`LCMoX{IX1VuzDMffDnqC-49cAqY61w!=8-h9xYVXgd{&)>R6 z_l%{C%!wa5dNcx*6e6F@GN8NcA^<-5_YdQCm@irFdBtj|Yw)x~a;UkPKPDu?3_mK- zdpp*r2LsfdyLZJhc`I? z|G>iog9rcq=!wA{=y_!w9)PDlyjPgBLnLyS34Sd<|M=|B%Ya0OTu8VNhum=lc&~c zmBo-@&}4E0gbTKtv&hd#Q9TGZ{F)R(#l{+D`t7Bsms3;Qg^1jnB0}K(gD$_hn^s@@ ze9r|oW|dLaeEgWck#1?QDuk2Op#WzxKnq@7)qFR6!avto*8HR0*_rew0*)Kjb=}7q~OlT zw9?P9lk<&hzrv-46kz-83`(0>g@khK*}2GSk-xW=pEV_(hy!T!1=m*@Edv$WuH7)3 zHCl@kD*z{s1*-Q!O`?36%!|didD5&7QH6|?8lRqK1xE^67OpQEFnkmkX$kZIYYHex zYRY5bNufwT;dp__cq!Y)2ORn#WaESYNAM%p6AO1PiN(kPis|G40V!zW5ZI5dTWB)% z5uTZP=uzOjPh+$##0~?PJdh-&ppOla^U+`j{xve#cNlXqCYwr2@1r}MKPu%XVAUX< zK@on?Gru1h?ZD6w5ArqSx0_BP{Xoec8obhA{31BTB4j$Gfdn$qE-3zJ_66E>Cx(=u zX4EFP@e+A2FGZ88g}2`HDYPq`SlGMf-AwCuI2@^v1Xv^wVS)(hcf6UN-V4!$SZ4q* zL3dJRUipD;bMr`%2^xXV+!@LcnEF5RQ7}seZ(-)~k98Vt?8ICU;?#K&8^)ab9>|YeYs9MG%5os6C)3-d^FMZ_)y5 z&t{dCZK#Hmo&x7c0r9?>2E#$M3@u4rkuxLVUwIib1c{~y`H_s91NNX`R`f?SIL4K^ zBL6{t2^hNynk7mgf=OFWqza9f_V8c<;x$Gbv<3-5dK+L%jg{;+eGOQGX62`_c0Ghx z&~w|9UZfgTl|}GIk-^QNQb>U*GGJ5>7r`HoR;FvnK4wD0X>i>iqhxj?ZMmJBD~u0b zeqd}y6)~5%N}Y+H5>CPE9l4mVxB*X47p*SIv@|k!4o%kbD4F4ra9G0KiJ&fvM4gcN z$)zmhU~vjryTQkRI*+5?3PFFBd6GUF>hlA-a-hwA*+1VkgzFIb`I3zw&v3JeKFnh%?7vUP!0S(6SE)fudN zc+nZp8Edjn9bFyh%YyZ_;8p@OC5|+pZcqe}rF|PL2{Bj{HxwzzT8qg)_zmfwsT_at zHl72EL@egi-m(pM!Va~3K^r4zx+@)J1lY~j&TxjZLfOZ{ht%PPnFCn#a99dkXCX1c z&|)t@a_`;eR;}ORjQ%GC@1cwmLlwb)lL|~}rKf0u9Y;7D6e}I;NO(L^-SP(+#)`hK zSRmA3AFxaLZN?Y?9%DbgLwMfYHQF7yP#h>HJbMr17vTu7EJZN}5#F|jhZ4$h%4FUL zG%rGDK{KF`Jq%U&Y0P?*2IG7Og}?}|2FMuIh{wV$YoMj=a_+M)fx?HhCsdtOV*;re z;GiawDt=6~Ltu2$A?@9}cf@v#tvwDmrjM_0A@W}`pH$yZ5$Yrc20%oWkE>rn_tekR zb0geSgik{|Ta?W=zrJ#}kLC_MTjZPoh$I<1ltercKq#q8uH-#vI`j%}Z4NWzgpy%1 zV&aJZ3Om)UCO#T{ip;$t{80deg1(pDFc`lEy9mN)RX+JCzz`0jld($LSFe_#k*Jcf z&(y|Ge|rI%ZEu&sNs3M6he&HQHHs-KiPt-u-{As&d~bP*_f`vv3TWt4V6g8Tipy{%Hc8-rM1#ioA=q(oS2(M5KnLOOPq&*v zvJ3$BJcMHmrviyXu}aG>0~sTsC(YWVBDdlgM?i5+PBwF^_`M26?#iA%t?QX)xnSPX z>1oOMT*Q&uYl+68a6DTpKG~_TFEj7r^304p+nF&&I7&WPCwA1q-bxIUaD~^s1N3M{ zyW1=J`mVQczqe>qiB*CV@+#N-rxJWCL0SY~yVjslEMAl?dW){zW2E`9YMp(JFjp+f zadD-PJP>q9Wix4#55#vC2xfLI97 z{-36u|4aF6l#1$#{UwpFhk~>+tq!{nKYzZg($ezgj>F9^z(&=x)O>Fp2k8n$ZpOxc zTQgpJJ}z}l)6M7WN=?z%LUrK8u^}a$j~7{YWyGtOr%_|Z{Nu$}|0Zp4hq;Po?_t}I z^4V7bU(;Q0J-Rlg##txY7<-{{kKNhb)uC_Se?GNaLavH=|G`I_1nrd1Y;&1S8x`C7PZj1E%PjLl`1Rm5mUVikkuU$t*vIIYIE@vW8rq(&4c z3fO);F*O&eQ|oj~MdABBo1gw~@|M}8R-Y@7ZHv$`XpxF(juZb?l$RG#TJCQlt8097 z>$`U+0!!uSqRqZ%#MloB?q(2pdsKfmeSAOnKHly4E)0KrHad$u4AaL`j(pB#z|XLq zq~45xp$yxNfro>Lax&A3r%b)+rshDfv*E>jFPiV)Xwo zT!hIJQ|8xGkY_@+$WfZBSN>C`a2&ZsMhYe<(`L>idf^{qoOtl)EFsgu6jD%r1}>Lf z-6f4?$Br`ibJ^3*$@A7ssT6;zuV*|w;x?r>@8t9|9-H1TM#!%r^}8bqE&SVA+=r+` zuP5#Q`J=xc2{W28if1;e(j?S!$JYKLXH>;uRA{CQ`z!$6;*)2O*XtINQCi?#fr2}ick+82wc$eYB!Y-z9i z?uZ8ikGl&7Z75w0s9{T#_Xkg>nQs}E&#d}@m2 z`0XRAWT2cxN8iVM zI}Gg!9E^-c-*;Ia(KWBpG7-Hq*3z`;Bcui(IYnapl3Xyoh-PY4>S!f6a-%bh1oESn zhxAY&_yHV0GnLWYI4S$tGwpb9e&#>E_^D-U-_z$ZKLXftQ8a znIsD6*Sj2TQ;MN(m6w%K%+K;qd~rH|elr#=N-}^S=}}Bck&u$oMvD~k6ZqJXevY@k zTP^<#4h|m7)4;+eJ$T{DUghpM>f-8(67%=y&PcEu5TeTnUs78m+HHYR1Pi;dC%pys zg*p@fkqS;=2IrIvH{jZFco@lFLi}<6PE7^>{?Sk>IWM;Djb}Y*qie-_?C33{6*HnJ zx)FNgRkie!E6OeiNYgVgW`rL`iVxe+iYF$(YDhFlyK15)tzJzATmEN~0YVH4ZFNEH z0Ud!o-&?gv#sk3JM7phkG8cbwp5}lBVi0^?cfjtaqR2_6kRwspyX7LL7Ls|fX6EMF z$c6$*O5xEC*8BxrB_`t_uQ7!ynJhH!+J0#Xq( zE?@*P4MJdmesQe-EwLUM7~H>o`&6u!-1s+A0*qspjQNCEYL0|?tEu{>ASyCF6SV=r zG64Tx80U>KS5)p!T7XA;fk!zwI9_LD^h0er;Gd}yqk_f(A3YBQ2LgPM-6 z8n^2nKZhqzWEf;)FmGMpS!<5m4qD~We%-y8atQSVReA<^=cMqQcrY<`b@%SwBkeh) z5(1vjE=)>V`4waYDJsF9Q-qNRs=j7dqtg7Opnya0^jjEfC_sS^5X)fHyeInNz*J6S zyeiKVE)6L(-N*Tbk)JO=9>LEFu@h7=IEuJ&G0CGf&nXmG{4mC3U<@gG=@D%bF!5=o z3>lsR_MY3?v!Xm;)UmKUG_h~@?dKzl z$LKlf&POfan|#T#zyj|^B^xm4u}XLw??^>1GhZHp$N6r_Y0F)Vu?9ADCbQGA9*`^h zsCaEaX$(5q5=R(<8`eZGrV+8f4iSA32H*p!Z6$t7)+^NRi@FXWk&v+wH&FRJ~jtspQT#Z67mkf@^}1Eohc3$NV;TP+os z9t$;gmMJzaPFhVZFsd!!*|S5KD28#naJ&^^hsAZ%ED0im2i`(!vFD~^pgq>D-*bHP zpUPJzUOqww4=H>lGZLn9`g?nev4Cc<9|(hkau$fsi6@(JpmH4g>ht`$-R<@|ty;9{ zBvm^lB`Xg&1RXeM=FpWobbBh4@8yJ2g+xS()cY;>vl;je9Zi)-W=`_B1iz{{aMQtr z|HKLCkRR<;ZdsxS1`s?32i<{`)7RHW#LWN9c1Y&cLr^}pZ?~Kl4K>DR;zbgRo{i1b z>fPnOsK`Q%7QcDVgQ(l&XoGcNIW#<7hqZMuqeC~XglK+LKb6)SdqBcc+)a4A1r&fBWf(Go zp@;hoEDP+Sv8vWbPzB^g$vzn%aRkF^!O|3>jxT9&N2s2GK`C6l@S`vRq!HUFpmiW` zRq$Sn_PPQmUiQLN3xHQ0*-!<{djE zz-3{Tt%&+oR4Lc87=3iXABz-T1=89M{@0fZv1C;qIkMHx&W>#Ge=pb7Fm>2b$Xkcv z4_CJjQt>dTsTm_0!nUm`}38c&(koYFxyUnYMQ_17oGkc~%PZLrt~UqC)5Ym9uB zTCU!sz=qBb+?lLXC5r)mrVA;*&~{-$W0*vH#D_ruUTD?GRkSg^6+=z`m3UP2PyWMP zQ!9*i)<=2XUn3@>wz2t-Rg%Ut!MXp_E%LWug_cp>x}wcR^)wXh@dUt)(^k6K6*Dm96MWQ zwx5;N0@*T3Eespt1N7T~?^947iro6rKrX4_`%9#|-MWPq%pP#@F+CGByx{Awr!HHV z2(TVuCUtXfp#?yXFRZQI3aSPaANgy`LXu;)5 z1(vI7kVY!Qj9z(&$<8ThZqY(XavZW|p?qD%pZ=2V7NbgfJO4Y`E@!>g*|Yac622X2i=#K` zu*ne}!uo@D94Omu2oVhfk!c6cd3-sOpgf69DjNMFv<)c?d&lQnlHU}!{zKSPj`CE? z-lI*=oP49!szA1tXURpq@{G`DU+DY^hDp$NBI4sT7mYCwl6vx+o0M^utNx}RH9*uPmT z60=?4HW--uZ|z-qRL^_2{*f}*L1ajdOs7y34VtJ#la4XbJc=}rLOCRg$kd#oL58AE zlW36U5osPZ(Wuh!Q~kQn#(Lj>?p^D?>)!RQb=SHUYn`L?`wpMa{_MSBSmm$_&?->> z>h~T??`SZ#WP2tcl=N)Yb5)1u`W!YySKk)H%>wGS@A_AsCN}4(QJwG-j7U zdlQg`A%;Yd1wmnp{HmZ#@wY|IEdW8~7(g6!WBbwZi#!mnX|`(i%lwwt227UE44q9M z(CT#xBCe zaSnV$+Ak<sanX6yTGNa@o#8T#_8tN)dgYok!~#MenPxt|Kq6)>Y$Ff#+3W+ zEqfOuS$KvdKRn084cjAX7j}uclbz6*#2;=K-H%Co~rnR3L-MxAejF zMCJp^Q$%$12Z-)s0nFS9dIeA>Y3Hx*XrAE6U&}yS10)_0)u;kK578))7Uj{80~khB zEzDAZHCl**6jcZAUzRb^tv5x+br?wmx`+uhFbM(t zG1^>%eSPyPG9RD+oyN23KF@^q{sr+@@7;a5vc2t z`L`X{qb(a3<@Y@}A9n?6#L;FZ7Mw32nRxIS7(kye;^}Uh3brEXYSQN?{6UJOQGf8X z(7rN&V9W$K)*XPqL9AYi`93ftpa&?59srEsZ=gB=rlN$1i1GY2f`VRHJJV>_lSni8 zecRe~Qf+sO3XVPfF-s#z9Ov3v;FrM0jZlK2cwn>59zqYf4BV+J*RDkvWM5{Gt1^)t z=K2@DL0btM6s4Tz=Vw>!9Uzn7l!qmQ&LFwpK##2$m5boty0n3u2Uzzqj*`~`jMO3| zgxkR&j~Qpm&y7rtNcE{4VkOg=w3tO@2HY5u~aC=*mP1_}c7p3psmy}>eQ z6z~8_z62g2GUmWebWrkz!wiF;f$SC&9cRxmLiQKdrCct zuTCh9p}yX-WlJ-1dej6waH+?k1B59X#WP~_AO-?4oO1;`5lnQv5yItmqSPa92ZeWc zQ|^kK_P7-f(o#~0A%WuZQhkgGEL-@yyHU{~;LusZfK1=}YujW`!CDTb8?0E=5ruBL zJ{*4aBxV|B#EWS6VyYTgAEpM+Cd+gI{73U`9eQmuI5;|7U*YXM)9uD{NWfeeZ4lfq zi4TEO2c5$1>9cOXI!>pjb6X|`f}AI!KdXxk79=%TQezM}@wz@g>x+&o`kp0Z`e>SRLwr=E$to3p1Tg&vH%To~o;v%(E9f=+3=ZSV}4g zTY*fmFp7r-V2n%*PKYVxb6s(pNT#2Z|0bZj66;F3|4+Cj2}pwDRoa%hJM~^#dWnEXI`q+`3WfAOSJy^8KeKe z1pmG1`+tE6o+yu4@^F2|^#BiLlf$Y=vqR4E%~`F>{%dS*c;nwUpQ>$N6D$|4`*6Ac z>m!l*!+bewA&8~m$UFKr^U?dkXDCyaGo`uZCmMcLHj-<6{Yo1<&bO_Z*jMV(_tL5| zK)E_5$iBzo`0VYjE-0JA4hio6gIoBeAc~tqHTOMltdgU3v2ta|fqsQqtLGdPSPfCx z**Xok&bj}b4N@EzG5isbJ6;@!i9m=0T)~be*t1bhu+jUT18_$!Q#g5%iF}8&_h|;2 zcjZc&*rSFjz#fvgS-fNuOaqZgRZ924E*;2E7J7{Gg&VDqNAgNoGZrlhU@a1kD;$%a zk>zCN!C)+1uB^E05bQP3CU^h2mMkr&sv1K)tL*zGSGo1~827J@dQ|b-_KmyVyZRMqH4C#cqWWDST+*V7+~v${l?icuvpc7Nkm1 z=80Y<;I-(!`79n{^Ac| zcf?#zFvGx4;><)`9qUOb+pDZh037^Kxxnv69Zt{y&L)VRkz^SBKr+b|2X7XZC^178 zj<^&O4kryZWW;3DhwGF8>jh5WBud2Q4j-L{FmdSO%v@#7} zkh?2d;1I}|*&OMoJ3S0g0BrmM@LgXqe*~{_rKd+WB3^$&?4L;_dQ>w=p!q1~qB%_S zHN;H>T^w{36c@MqJI%y`a12Mwd(0uRxKgQp{p32Wc;nf4^8668LM4im@2a044^BlB zoGuu6!^luGZ$HpSVpc+N6xT{}A=J=Aj>DCS-ggWLH%K5QcsYr}hiVBL2x}ovk7E{P zUlGLTNTQbk*%T3ghNeiNNC*pkM=C6k2kXSjW8&4s)O5N&OdA8#$l?}DfKkPE1TPYo z!4^BS6bFhZI_gMqybFx^(Y!#j5qDY!D(01sCpX(`Sq3FbS-yV#`oao_OUaC`U*1*7)EC*pm{1*=8gfqh@Y49IvY*b#nL8gO+ zy#>W6Dw7biZY1*H!?hlH59lHv@7FR}DvmQMI+_ZPP}e?5Sb%7q&?8_8`0fVeWB6fh zsUb#*$LO?0TDT6xEY!+2pWe=9U{kSc3yXn7)q?Vn;2$D1(qtS`PmqfGd7ZGjkgrBz z=8J3r(Jms=53t}YAkNsDC8I;CDk{XWL}hRj`SW|w)OsAH(0QggJY2dp7^eVcN>E%M zO+PD%qp%g+*zBgJRoDcS-Vk3EtQZPXd3iGd5Q$ke7DM$u6^44K<@M3pWsolbmIZ9V zP~wI`1(CRJsC$9*XM?#kgJx<9@d?5Ab1-#;9McR77xvy?oLFTGT&&6B3K%?pwsaR=cnvQyLBKAMX zmMy{PT3&0g?8MYK@;QG5%wOiWq}hjvff{oM#U+8djm@MG&?10W;i&P!t{~MMG+(m;Rt^je*~!|uJVDtyRC_9J0SvG}t%V0l zHpU!a%{+i=PsELNmfE=J_mHVEgGNtKL7;=MFrh{b8B;ac$iqhkWY#c1dO%c3`vO6X z2~5rf1}$JYt-&@!dzt)V_T85)L48HpB`lV=V3dvg9str|Dos1Q=o)Wwa^;H$ z6^ibtPe@Xu^IN$B*EEnE_5hv3xFU5x5aQtv24EIsR;lqcmwBZ90((-z?5!n^00?jwb4@yS zh<*4j8dKPUz-VS6X$(Uzo5D22??g0K5X1!V2c^gs49}2Oz+Zp;HTcwNXs!a(cY{jq z^*c9zU;Lr|_#^@-8oupPEC4OXSd)lhNr(5?~cs)K(H`G)k&(- z;B$lNBSQA|&}yVNg~;6w7KZ@_`bfM6>jNV@G--#|jUi0H2uq;pDbsoQN>H2<1gf!( z2d{~Ojb5$y+i$5&%&Z&_!+Aw_uclX9E%x&}$d&znxs2N+lG49nHj2hvL zhydV3UOAAiA$J}?#$@q=5JcTk>`k&{LD<)cEoY96eMO|3ZVmYpzvDaE1s(~z1DJ2^ z@7F++3BpmR3sNjxaXn}_G`|Y*#RJ0{3^8l4p45s)i-_DmKuvvKV}WKltudGc`SzPZ zzj6;!609%M3c`&;D!hT;EfgvHLu@F3%cSkQA3Q$>1$S_bDb?cVpAKY#us8J1Ues7n z%}=cBv9AVb(3}8+82blA_#d;mh$BEHL81>s)GmFYw0pNfavh3Aa>ik@4v>o)atS!` z&2Wbn&texhMXwL9A9<2`5c+$q=-mLGCn|s)?!EBdW>v7QfdJq(Jb-vhJFNq{aWT84 z8HN5+y^K(^P?xB36D6NIZLl6Cczxm_3iY*`XuZPyY6F^M zcZBu$(0PV#P;dNcuwl&M5C{E58`*?v#0U;f-dQ_=K@wvKGyaDcx~j zIU^uBSsV$KDGps`W4pk$uJHW%qiw>KjGnq-JyXTA``(0qV1}*?gj>?K$Hi9)bj)kJ z-ld6LMjq{Z@19akyopW+cpx`}gNqfoWZuFE6U8tmnh?`s?@uGaeC&-T-*oiSLE?Ep zgg49kfq`Dp(Pp8|ClhM4lM-tzTtX)Wo~m0}^*2qt4gf_2UXX%i+5KWc^C58A`NAC- zKb$ltgVL)8fuBNWv?Hkw8BnXWgyp!4SG`8xVVUBB0vkTn%j<1k8V^@WbMVJZ3|F?GM!M9iN{Ay+;H=NZguJE|Tyh~;q_b9{bYRpZO8_AE+*T2!2@Sm>i<3A zjL6shEZL-kHe9WtKIroSO@K`t{-uPQp zGc_>OL32DMh?`{p*WP%pS^K>AE%yVrv$u6RqY@-rHg}0X>xwV+lT%wO>#+V~_YrH$ zMQ~}bZC6cwsu`!e_|rkN_epkZj`Z-Up6yceGw&WK7`4c-+^}8Xy13`2$la+6?49kU zSDw6X)Z!XcP>?#XxUVXn*Z$FVpU`OswUZ_VPs(X9=e0(!G1KYDs2^4ki>v9JU^cz; z{8DMZ@br`G9p)LDv-_ok7R~NtICrkv=v-*#U-T`bp@UH#IiQ$cH}s*Q)*<`H)xY(~ z=_-9Lo)$0FvFF&~rOGEB&R!d;7GX_ivw*IpH%WNF(>|MBEn3$q7ar*ReO{ zSHpYu1!iSvsILh-C$oOah@I0_tj5QJ<3|5mah^t}eWIF|rShEQ_S4!}z;i@{3xbl% zzG!I|*;;oP&zY><6K~uh*11EWX8n#U)u_61voYaR(X1EygMz-kxlMiZo1NwjBVDj z$+j#`)`-gSmm}s`fgWkvwa)y{mvG$`E~wbQaj4g*Hvgld;z(G@)V4Q0eV3h-H@@~v z>}(ajZ0MN5S5#kYnd0gnaG zA4BNs25%T?O|X`zS*}0B<;LNz6&IKH3 z0$$@&y_a<+b#~DQ_bTtRn;pTdNn%NX$?+xF@^t6<@E`sZF4ua~{5cczURYSpOYAyg z+)-$)%bH4#8NWU;SF%R(?2c0_@W4iTzYELEWS>^0P#JKWXW7@2dl+Y4alaiM->08; zr^TYqQ6Pk^iPvf06m!JSHRB@l>$mt6>2d%2k2D+ydWO^o1~x0tpYqyfsdZ6Uv&TUz zTE0DA?O1tG^5spfV_aszL(h(Ixz~-fXb!JlE_=8^^6(QKmU!R0hT%@v1~TLIqDhAu zD+~RR6)VP!>*PMyrmeGU{C=yCEi|{p!qDzb9pmV0>E}lq%&TAR@Ei?p))P$@IrDvJ zn_HAnyWpMmhM60Ldilmz`_B<(P1MA~{NuhmXOWjt~-qUp59A<2;!8m(X^+5D~6GQQp{1Ik$ ze#3U-jIVC5=7gNtmKKzDX3u98ic2XcDw8;+7B)rN9Tk<{WZJdusapHVbnSg5Vaoca z3-4^qdKDAoY*l=+aYaI4vghVC4fhH*E|Q;iG+~R+DJ@QZzp0Rlh;1YN(jD*9YZ~T1 z@$=_w&{jK7I!`Ekr0;^_Dde1cznr1!WDJtFcX{Dh!pK13?wxiGZ)O4#o4HhXZ z6We;H!2A2nv7+6djBa$8_qPv(2x!&bUd1)h6+AlnqDWT5s}| zcOTM>R15SQ@2CsaRh*ufC44D4tE+vNY3_Ez^f4dKhQQ}1vr46V#jRS)N=5r6-S(-g zv8BaBx)TkdqkSD4Ld@1Pdab4er%^(o-jXPFz)<>-Jp_gcj9j;ERoVnk_M$bCuGk^ z1>R^(ADCzEJ;Ey1m09Zk^(L40cRGDKWf>RMm&D%v>Zs* zV~VS26um7exfGq;9y>fRaOZk)Q2ZC4%O&?Ug4eE*(b1$sB|<-gFXPX8g+G?8zx^ea zV=trsR%Kc(t0Btlhttg4EkC__wyOQio#y>Aj`)W>e9-ZR3|7olnM=UP&=)5&9U%v=fVl~3dubq{%T;^vk_P?Ba9Y0ok z_Y)t63ZZ7cDqF6^zjh`6+#|Js_x=s_kB-JjFX7^1ag}zgj(l?1CYXU=%DeX|#>(se^&b&G B8SnrA literal 0 HcmV?d00001 diff --git a/docsource/images/AzureSP2-custom-fields-store-type-dialog.png b/docsource/images/AzureSP2-custom-fields-store-type-dialog.png new file mode 100644 index 0000000000000000000000000000000000000000..6bb769d9399c31186acf3f9cb88099a7a4d2363e GIT binary patch literal 42405 zcmb@tWl)`4*Dbhlf?IG8fdrS}7CZrhh2Tzr;4Z;kf(Hri?(Xiv3GNWw-GcSn@AutX z{iD13-dla@oT|g#&tA`xDPxQ|SBQd~6gmnq3IqZ{|M)>%2?BwQ2LDwdBZ5!DaRWX> zAe4}g;v&i}DTm9>YIw6NNT(-bC`)J~6POfxh z>|zR3!z;zJY1!BsiDe8T5wID(=O7Y%!Be?MutPH!Pa+8wN(2hB4<2bjJJG2e945w2 zODra%yhB4HBZiHQcjIhen|VSO@cV^d*$ z(u6Gvo{2J16Y;_O`0?%O#RcN(;NVYKn*aRJ^rxSnU`a`-f(9+zYFAfF>w(yRMtq`S zWE@t^Er4xrWq|%3OZ3V8jX2JK{?|`2mc+@YT0|j^f_dpN7U(?aO;^3(MZKtlT{y|#WEXD(6@hiiB9?#M4 z>F+ljif6(?hF7bzAmVe}SGI1fsd-nT+fHs)ODq%5=+oZrReXKFR4;Ber4jpKNRgf? zNV3%OWdB_-Ti~GGYw6sraWjV_?NquSY={y8C=z$<12TByX3q=#GGMMX%64|_br$om zwHo0?MfA{d3kwS!2dCjb1c<_fOZqWs*3~pgR82EQhp{cSKVm(*UbuY~80cSp=EP=U zA%(@|h!$B?e9Osmd1Ykrv`gS#b;603J_QG>zd=-AQUI%|LMFBpE?cs~i_|8#)VXn% zw4|D=6|y^oX|uhCu64VGansZ@k1{DH#_Fzw>9G43BGkTTS(~e5%4;Q++gX||DA3F& zLRld6grfd(^uZl2z0D07GH(4317rNY1Xc#Z4dd%T>qrbN;ui~*@k}u>>i%Q#WL?v%$K1saL7K(}e@i@BaUSm? z;;=*qCJikt&@vT}Yc-RT(R%5rPqaN!MD>b{1|5z#+ zl&t!>;$U*J!H(I-{Bf$Fw!xi?e8~8uvrJxIEJ;;GTc@~t#Qg28!E`wU^4vy7Wm_Yz zVg~b6eMu?g^=y(OIDlYSGIF4yDXAoMZTW!S{$xY;vZ{z{wN0hCyVU%x+S!6mE93iZBN?AVN0rf#o|)NTt4gy(RU5?Az`)mND8941 zJNwJMmE%R+JKezIo#$`bA>ki7ANeuY7be<%$M@tju{6W$df4IQWA=3ocM)EwMo6Sn z3EAxFA*HGW9fpber$_X!T(#>j|4l#j(rpWadG)x^vQ^BQkJcwt=WC{C^U{tKE{Cep1txzfo_R%kmaW9f*VmHwY9 z$ck(jTkH_M?Zf+bu9(MRnH#VR?i2`-(q|jjG6ODAkzOTf{+))8>uYA=MbfXy^JK7{ z{$hB}xxQ#8YYot$(q7x!xa~QZia$&(IbF~Dm7%CAoMaM4#l=o^@N|ZY7=94Q9UmDG z7tRau?uQ#@lBIm-T6atVTzHI@g@uJtvrd+UaR&Y)d8Defw?)Bf4wc4B>RMv5pBohG z|L(+FXS11Uv&QtS=RWkHmkkk$lkgpp;Tx7>U&&IR#DEuJpTd(IWy6m?pAd73 zZUs;+QlO1fr&q+&RCD&vlJIB9N6=SoBUo`HjB5(L#yv zb`kv-aP}k2^2k)1^M4egN=ljFXvPPz)OGUSPv!1I?$+ZIcV~)U3F&$w&$0-0^r)We z8<{BP>t;$9b{-WdlRoUTcggp`6&!DHzjC0YANqoRn2!?O-n-FpEdwL??xFvN8K6A1B{eh-Wut&s!@;;7RC$KP<$aWBliO9WW25$B{ z-5|p&6%+&VGj>cDt z@mz0&ztnPw-t<(OIlYhNu?M5lR)^V5i?DVy&C)T`sZ=ieB^M>=T6`_k>*+`RY@0XC zEBCYc^YlzbbGFATESetU^|dl&h_@Tv3*%N!_-;Ccu2DrVe)?R*vq~bKGcmk~XDoEc zE^h^{WZN8^pQLk8O!Ek?&tpa1nc3`W!TDr z)Q$GWzfs3a(-tG?>=~-JLP(gOQP0kk{U$nxDkm`e`@7$N@@kcjC++E;5_Pz=_4lek zB46_G*M8;=$3@CI?cDx_B`}vvf;Ks2%bA<2P0I1}ymIe3Vuq+g@$;|O2egL!OIRN+ z22Xq2J=cBRErpL7&_KfWdfw?VKH}hLgg{d%IM=y3b-jn7R>cIm?oMrNo(2Y31}?e& z9MylEgf!m;-v9j?Am=#>HT;#tO4M=|ih%VP*Y|%djBKLx!>F!wn7K*>h6DPEgKo5X z*9BE8chhlMH^Mu$7+k{Tf06%vB70ZB;T^C09FK*3ySsT17Nyu0+!pJ9x#_O97LeZuh6BF=T#Qf)fw+mpX0JUIK4lnx*i% z!yVv1!)NdbG&L+z|5L)5Y4;-h71Y1cDxcR?UHrK?A_yd2UDZ&roFZwz#o5U-5T44J zi7-r@`4bXC#yN6uX+~8VoX&(K<&HCNsAA(Zyq}Mn&>${uBdCOer35|k#xAjMd*{2k z&yMmgT<^!t92;;`e^9ic`Gp2CJyrfgfX6&XOdpdvf0VlY?hHRl*1G&vds-UZuIdMj za{Vx2GSPJd7k4qCum!rGN_OwR6EUdqi_?mJo6_hJr&({OAnonc{x#7l151F(-|EPJ z$7|R}0=G_a_`<&Og^qizFmrlH_jaUb=fRMq;ZoQNmS$qtW~EfS=qswe5oAe)4+Mvc zwIBJkM0^2bdDlpB;auA_jX_sT6lXJ*Hr#S0@O0Uf zX{2;!L4O@Me*G1W`FlYyoopQBJ}Hi?gX6 zK1b`&S;2S+9H9FPkYj>580@#esI?!mO8*$FwCz0wb@oVnju7I1h`^JFH zt&{(ApRZRkNAJ&}P{P%WLc@3Ij3T8C$*=5nrMy1YT&Yq!$IOJRUFC8fd2K=v;QL+6 zpJ78{z7&^v$;{1#PB@FJrtrIxRARq9ML+C#WXqf0JzcZn%3>Dk7_vqWY|e+14jpQA zq#HT*JFE7cXe>sB7lk?Q%lV=^CiC(3X!ldgwh#{OHuX|_On^1F_WSXSQD78bLBq+e9K23MV_}e2tkx=j8kecxcnrD<(DU*n=!WXPc@wt-$NL$~(yJxLtl^pLF z1*YdSwv%aSA_b4R=i5+#w$z;ZJ6uTRZLySXzl4$AOcs^P*))ueL#)AH+dkzgQs&=-hY!i3+1K{H-hcZWst}!TK>t5D2i42A8?c(TOTKRQ&WYzwlOs6fH~2I$_&?NCXUOYRO%HX3$2h>Y!T^{lU8i zsjj!s*soP$-*Y8|tS<8Rii%#&2oP2_T>U|FsyVk~vg4$9 zyg0*~e3J^B2bBlQTSTa>0-Dl(!(!1O_cnwV42aMQANm2xY=qMqstZ%w6O$1QP6mkk4hKg*2l^oc zW6bOEalhVTkv%~m<0b`|!;H`0_D(<=(Qz}ubH%(2tZhZ;naSJb9wxX@4MTwR^nT4y zqYui`3K`1ZP>f~iKJ4vY+c@cKeID-VBV;Q?GG-?92VX_UshsvmJ>iNXo3;i@>T|y{ zYi6o>BW}jYN3-G)oFMZNnfwm|Kz0q7R5B#?@aX%nkl?0UNUp?mDb1iXrxK1G1k&l( zdL{G#=@?K$u8b>OG0*MYYVg{jYJt;QUtO#or9}Mv8Jm$Yc|y7ij(astqm*-3u`)|5 zz>S;Y$I=aq(N2HWxDjr0+3KQ@q_97Ec zAzViS%!zzk5gptJ!!O$pFj>F6u6EafA(#H|;Z&X$ZXBZD-?ave`DVU(7qrT|(J>52 zzjWQ9y}6mu4Jm#J=BvP5eE&<)Qj!|x!B6n)_evuV-W64RNitf9z2n*_K;(|0UR{{{ z%%VCAr%vz8$o^1lX0q0!JqF%&boOdkH;#XRq(ivjuW!Wv9$DbM94sby@Jw)uh!kaiPVtrYY#^Zd6&z;$r38?%!>9r-#te(2P4DOqk zBdBVkuVDE8@nmI3zRDXR2}ZKTv^^~z0?%`KE>i@oQLXGwlt1OUq^k4>$hy%Dxgs?u zgnrUH(F@7BC4EC*M2tRo+Pp-o%+HtGrR9Di+;u)nfFtmC8OClxE1BWE+p&@y9y17#tilV|_m( zP-pe+UwRyaYL;Pt1k*}=C)H23z~L!aaqSX}Xkm+1e~LOCvkG_cMu(GmYylw(cNhw@ zxcFp-^0%;=5Lg%r>D;_8x*jH98U25ib3oQ4#o7Dh4wg6dQivZ`56~gjC4_M8I%LFX z9R>`OPWRh{(YHlDalka#qwk)pWjouy}7oilKX-3rL}YvgkqEc z6j&+>pk2%sx0VTmSo*6T_h0y_$mX6~!l^U`58vY2La#V9j(F>p8_TogOzvfzPOiec%B-jAREoFS zw(@e(o_an5=Ih8AXWnTh?Jx%ymWmJm3&W|xxlUByiU=^daZ@7ru0G+EVa721ldmB` zrb+|S44s7L6WRJc-k20#+-S*o-W40pwtw@#wKTc#lpO8{64y$HniCw0C}wtfV|!vH z659H`wxGe^<?2mYNWo?BVDD_g)e> znke?lHxBp!Jj~=~A7Ws}EE?ISQ(?8P6_oqOPF&m7JHsax%;}3sW5Aq$a+c)m00my{ zL2Sw?@=Nvrom2EL zNAy?Zc0?ub*IblMV}kCL-#7*g9Kofs>wh}&zpK9nY*yq{FFpV1Wjc^A79@W$Ygc^z zjbkxig#hc5(dolc>z5;$-TCvi%y_QMFO{RkHTiDe6eX>8H8R$jqdO7+8`V!Aq_Kax$q)73EPk%Z2m!ri=GGQ+d1R)qJLXJ}IS*eQc=89@16p-w#{XRdu zd1?0GbVv(@;(%aE?A~XuZ=8%;<^#+$je29Vt;c9_$k<>lW>z4#vaF2_SOLaK;}48f zGS~{_3U~ z3G=LsBZ&g?bHnbGwH2xhED5TE*m7Ig++fc{_Idj%C{-K{mjk=$>bfI9_jt`qS3A%z zhLi8#1KZITAQu+Mgq&VFnK^|D0u}dqvenI*QMZkhI=Wz@oc;3rybFoK9g?dwzYlpq zNC;JAj#s}2&jsUMlFq%*hFc;@(VHLb#PJBar#wFt6xVk5j#6C48t=!&HAdLjjAR=a zeba?%|F3IV#@8+pmJUOFHgR%nO3R;W;}QEi7tE>`cHrhMX;=a&GCz`xz#wCnJbzbo zjQUauCZCUYWZEO&21PNQ{P0dUT2PI_Q6K!fwcW4bx76v~EbR5$KAi+E_ z3d=#|vObB{XjbQhNq?6*@jvSvL}KoEgc{jjul3IU%iQsnQz)(t<{^tbjX6tb)WZ^8 zrSMCG<6F;9{bj4y|2iQgeErZY^v_>AEkUn#xm8K>NF-biLp8OewSNIfHhWkv)Jq>`Tg=@PlUNk%$7TYT=Gw!gt<@57|cqlT)gr?aYhW>mhlt-N5;(~Ez5H_r4d z&0#oD4O<&Ik-`rUadBU@nx^Qu)UvoYsYcRT704Z@(j>IH5LPLnRPOm1-X5JYg{95l zBJk#F&4x})x*GIsk^>mX$*14?zQcO)z?u>$f})alwl|XP>q4jJPDM8Y_&`FvOKDAL zcA#l-PgPV=@)_WGfz0no08%j_Z!TRAmoZ?fgj`fuwi86q&qL~~*&J6O4wp{i>K_rx zQrn@s;^O$*W>}Mt*x=xwW(`o_1^AOlQ1~5o$Bpmby%8UjrpJ1z@(8o){9!q|yq1Uv z6<7x zM`ioP_^teToWJ-Xr#+z&ntH*KqO|3@NgsRZ)+W8qTuF0W?>>kBMCw9 zMY>zNGRm%Wezd-I+jJ@m0|@8mYBSl?_NJMiJ}z8^$I(aktKX&x>V(;23KR{_@p@CC zBCKqjeSL9KSWXYjT@kC(n$Ay1lM{u-GJcV=611XWE}2LmRh&H%5Hy%8U4*~mq#Z`- zE8z~ZTgD?$_W?wQ1af_rXuxpn!+xQ-#qj!}6{?Im2gtOU1qw6GM^#xUUvoCI zr89j~dvHdN>sYxsMMG*x0b-bO!XJ4mGtT(Ort1`l_gZ30j}Otlk_`|uprb9X4H%cI z1o=wk4vfZ%e#r$A1Qdw!x$y3O8Yn6H16T!8q^h8;g9jWXiv3VjS}f9M4(uht*MQwf z0reQTrFfsH+M=pFN*SPyT5mvUCjbn&JT#P~o8uXli=aDph#{@PQPOQf!=Z$HX)ujtK*E zEEq>a*=IP`9k3}FHU6y4a${qMe%6P5;aV! zrF!p|Bg@JROPJas+`6FWk%vvNRg;YFT5V3L)P+f^I$D(k` zj)bjG%x89*XDFGSzR~{S+oA-d8DxK0facbY-+rgPe*$$mQ?ETDbp>S=Vti0#lUD`m zB9gOi-;5Vo|4+vlwpR`cscpHnVw*p%I2JZF?Lqk~DsamGgP9rSCQ&R9PD!vo4vf%u zmOZBgI(swtBDsA&poCTp5k07}&%^XfT#2)e%;oGnK0nueg%|KhNgJ%EfEE@d06U=#|hK1N#4Kkr3w{Qq%^ zioq7*A5GQWRDGb^vY9AORfV1VI`>E$0sIM$1Lyy{s`|e+n}k!-6Pw3>SL1sQODFjF z_`8esEUq`l%SA`qJ3HA~S+F`fI;Eus$&C(sI9XX)tZvs94ULVQ8Y;9g`a7ekF84?E z`UVE)v1W68FJ8O|4hiX8YP3&Z5MrRG$08#O&&i?Lb>O@G_pfVg3=<~=UV!|ha5_7; zMuX{ROiXliG)!N@3Ofl2iNnDR`uzNSMNN%=XsAqfe~!W%Fe^tM9-fZbSpxUAr&WLA za76HiwTrvctE&Ko+bL`3(Ty9A@I(%iuF1)Z!s%CZbV&C%Cp(@5$ndAv*L}Ma+0XB8 z$UvTBNOP6hJl`6!J)C3f>FcBB;=)h&{P)(^&+lx6d$q=_xmcytwMakjZ5SJ)Rs$A; zYFSSN8GjO^u8K^=%rG4;Hxs;m{n}E?+=DL_Ls3zYklTv1 zFOs7C#(u2>=BtT`;YboEkJBNcGX0nA#iF93uCtAP+mn@6SGXjN(mt?EEPVW#zxI1is_M(8>2T*lsB3=&aD* zyC}6i{WAxp?Y7op5oD?qC)1?c({4;Q(?2wjX(o=(d9s~(pOQ6R!m5_*ESF&Br3T#9tS}5^v)fRfWYwn`Y1R! z`2G9$kdl&;q@{Q*<{+g)|G2o9VPRpQWTUT7MNLi3>iOW(S``-;7d5nn723^SDX{ACzMYX-!pXMqZ;$C%! z)6~?2bcB;|W08`EP3FrR_Jt8yHl^3a{`?7BsJyT;4RWSj^GygIGW_mBEyFuvbnpH6 zB+JFROwD>LkXew?(8Sf$2vt2N^FAS?p!nwIzV3@43k6@oK!C*r3c6j}Y~kSGK-UPZ zIo{r`ZA1!})z@x+oNsmG78Mn(@O*R~*s>!P_SCZeE-j4$evS$_P(}u2il7_*`>V4^ zLN?eSOo|zXcH0ffma{&RPig7n;|dnbO)smBN1$&+#2_uGZ)s>Cv~D>=BqbwT-`x%V zezBbi_6!o0kT8(S;q2_3!ec91j?w;jO#%xC2RaU*GoqoRtKZ`_M>a$Q{w?O>!lP2A z^}@@`>v*EHw3JDuM9l|k?D>=H%g(F4nPNd16W=-ryRQyr&;H1;Pzef>*)@_jJ01BJ z7cb;qh^Oa}yrC;NjmvIrvba zPj130-M6E&(25ePf{mAL5&E?)C(w8q^J{`Aj6R)&6;tPKWc=NFpL4OIOwf?jDW^#81yLSfUyUiy@UYK+Fj;eirTQXG)OzHpL~ zj12FimDXgByRBbgY<()_IwLyYw_f%U8h-!&U6v8QS|Sv`5=;f3oO~46r<#UFl8B?_ zUSqU$E*j+ideNH5Fl;1&%@3VIC`GeOsW73wo|^=mceC3Kb7*j|UT0?~8iawF*%-u7 z1Mr8|9cZDU#SfjYU-ewvz0(h?6!Al3t5h5Ie7ZBir=S=EcGHK5PTWIiC|f*T6%~aA zU4Vgsftr>UX|lj~_WP?@U3C!=7~Ifa3lI?*g@x05dwN){t*x)YHynM0GIDapkU6k% zYD!8t{H~X8z>|!Wlo=8`16b0zKab`r{YKJ-(_iA@y;Cb|Xh>kvZi*!naEU6MHp`pb zo2xaSof}T%PzTP}Y_kpvT?@bCK3-@@h`wf>h5o9?4HG?kgnN5?ONxqq!05HQ zUKy;fuQSrq{{ZGtIbEz;4JJ_sLeKWvS_jDY39__?1S~pVA#)&=%k0T5bpG8g(rXm|+H z=2FnW#!R{HSW8Pw0+2X$puS4N=kNyjD=EMRVID$@9R$)jxjx z=(m-G61_8)ZqgluX+kHLq6c-+QWcJH$!-9c_}#7r{)?l2)YMaNB zTLGAgs!<{UB z-2QYWtvGDKMYY*9eSBP8FPRwdiDWKIVyIs@YlGu(+evi>&-bf=)U8@qQ4s|?;leBz zYC^uKsDQ0tU|}(#@OofdtTIA{+THVQzwli9^P@FB0YN_iD2?`)?*u$oXCHEMa%`yB zg@n==+Fh^AxU80Vz*a*S2s~)1DwKd_zm=d?gX!Y@+#s3T8W_a&>AD!AHwa?0g;Jk_ zFR!nSJv}{#J3D<~^Z-;@ubZ8E{8F7x9Jmy@(HCx*?tcE_=Ki3(eKej~dyq-9LeFQV zPE1T}9vlV;U!`i5z5#)O`QpQenL+1es2~?=@g+ay}U?Rdw4eX>R5> z9!~HnZ~KP=sc<|{Vbp0MG&VL4PfI7RmDUW zQc_Y*=S|Y7xVh`))B{9)4i7Cp(BK>shKGkw)L}xhrTy zJgmf?;}jJWql%O6B;4?XCXZHCNJdQ!-tXVP3E2$b>sj2~+$>gFh(PRf^)tdlL9ny8 zpJ=ou`DvGF@7)2KyB_qZmyK3)!WyE$GTh<*iH z5=WZa&2GXuFFoI}u}vHVX}F2IfJ6cfjLTjT5fO9MCXp)}XA4Q6+nltM@1f!2T~Ks% z!Q;L74{>TVGCn-OI^HlabU!`bW8>iXa+r+j0h7AD+evS%au=eI`Nb?DDhdn83KdQW z7BR7gNwT2p<$D(wm*%h!;bCFoAP1G{wns$2k}}vFh$iHBVua`c99&RTBs!KRNcC$d zIxTHw%?Y1L!you10Kl-=*w_ieUP6#}uAWJM0C)y)P{8FhW3(zw(5-7|2$h$YcVKKx z%F|N_qyj=iRyH;funkZUizqe`LxYDhQL4%P)yQZaShqs)wChmlj~_{#MGHMW@L=ZM zjrKb>dw*U77KU^%TV7sW_JPK?ww4nLK-!u#O7WEn@n&XbrT*y{G{U{G2b>+w%Rw1_Yq| z1=ZV+-?!paqvGQOp?(6=B9s!6FbM;zgt`YVt*m!>Im=B`=8dZPaeqHLAu9wGpKJro^a~c<3i|6I!P%<-PfXK@Oa=}cgX3z^<+Kz<<;_K_{fsv6d z4L7CFpBt}6(}g4Dg&*+%k2t-&6bF=}$G|rAC=&Q50s_KZjVW%d^y{kXY5<_Erxy38 zW}rY2^e@K7$BWX&*b3jAtOfyC31ZvY&JGecH@Ex4S${!6!F#anDy15^^{G^1fgOvB zBw+p>o4;ck8!w6Zg+J}BwDPyKwpN0O2}Fbp5O|Z1zh3T6e2|gp2FC&XBy-~1DIk@U z;GiL_cAFod#10q&D0?+HpR9aNwaNh|mB4LH4iIHXwp64jeVk~f!rJk2vs%qJY%YsA zZ;*)8)YK?BIB>z@z>*~ZdMN_EQwH7^BKlBcqjl{w@Ns^yL>VmdAw}^xWN!$c_`8b#Fp~cP^Iw* z@#fAB-0g>x=Vu!KsBN=fSa-+GC)AXb5EvMk1d#3!G0DR~fQCTu8Py;r zCMF5V$=Lwh%+*^OE$9mZdEyNtqd(wGVCQVk{z^17G;{#Rt*oq^1KSU{5#YPfn9j@! z68L&g2=47}cBJ0dum1YofmCna6nxnk!ph6bgRZXa;atXIt^x)~BOv-i`6a*-m7uN% z#?(7q>jc>s36SZv{rw*!$=vpfSRvxjm5Wnj`-@V69r1>G$IJ{qXl8zIWc1qI!viXE zppo)m*>4X+Ns+##WjFv|2G@u4ghK8v$pU>|508ozm1!G9!6`l^~$ej9?f4{{5T8_}sAl^b9T+jP%OL4C$q%ksoPC z@}Z!h0O+7|qUFYUu_j2~vLBP2jB0Lf4n`r?3c9?M75HtRJ#BUdPy`UGh)89D?~W*5 zAlJ9GncUsof%O)0JE*FtWEB)3A0HnxEm&(Ryulk79u`+uCt6xsTHDAV zM(?i#BES%ReSLu9B1ZQ6$>ob#SuvkqTmZxl1C$J4p5NXPrP( z;K~Bv{~&rJ!^6(a&)bTygOCl}1BA(kNq3o0m0}6t0*6OOB#ibK+n?YO5U5_gf+Hs{ zZMH^lZP#!Uo&hZBba&#_2b!OJv-v;)3}b6;s}7GVkED9`!V&%8@rR>IL4)4SNo=!v z?PJgf(GLfv?}(vvo!|Lb9K^aaz|-oTGSpLIOVgVIIvPH-mnj1r>JTzZnI~%8ywTy9&fe%M3l8_s{7FSO_dOqvQnarcwGw zwFl04GUy(New9=yc6u^VP|}!L`En~WsGL{t{PF{8uIkg(i5uvfA+IqHuBofCm>x}c zboYVqmDaTupZ$8L%v0D}{9a=~<6^e$?eIQgC(e{Bmf7xB`2 zn3lgb%)&HsyY5hT^b8DOA>f8oMRj$MGl4Z>h&Uv}`H-{8;W{w6nVfVGj z(Z}a}ZDpg8xzg#OXKMNays66Az9rK7_P<~aW~cwyF0ZNHF^7eH+byV&vS4kKdWR$G~$N2sf-b4iF(Ke5YH2nJj7w=-Qp ze0ysP$UVOI%YA)_%*;fN zgh^cr^lea4>6~y{TT=l2ok+<8%(C4uY<+H`o5y||59GGBjmej&_-zQPs@xB!kIp=f z`|!ZCf0EM}boVg=r+aE1;Qjg7Uj$iBTj9RL-d*X(LhcE8! zY6OB+0c0sIuGM!<)(n9d_C@qJIX?GY?y+$4)n}*_Ba}xs(kE*?nE-469>mt~>@p^gTU^BroPpz+;Mp~`JFA8h0+B`uwKob_gTk@AK$$nrp;#zI+ zr7C_b?Mq#)Dl~C_w?{}oRiVr|wWLHAlr$Qeo!{$NS*32#$Dwdr_u6^TK9>Obj5IYR z=}TP(CB@7PmwbcdQ8uM81y^mv$mr1= zU&u!L+MnFe1Xg{V;o;$oX|qPp7=Y-hLD;puIkp6GH$=Z%lCn50KMDk;YA?*R$c>A; z-SJL1Ab6|&J7$l?BiI8p z&83pAe1OP2z`-sy^8xqN5Xn@?$jKoDjC;yWkhKEI&dgE0=;;1&71WVP;gB%;uFO>d zzc#jcb^)e*#P4L^-rVf$?dSJu#btw2z&&Al4KkA-Ao>+GH;?8O3kxPL-KUuYlkLq- z|MA)9z^p84NC&2{d(f*OOaS3JCnjE459<~Xuo_zT=pCDvLkiOVn)IATCtTitI~J~v zjit%S&$n%#l|6%la2sS@<=yTr)>90RFf9}pSxT0wykb0r_1=H$3Bc7v`7@-o9nUmt%87l?@DiG&q~v(PG!xIyIti+(06xcKUpQg% zqKl@uI8INY2L^~K!@af++nT1RJi*}?9n@(!Ct zy#`b382zhgr!gt?-JD~`{AVD#^|L<*iJ0)uc9Y_|(D~;h& zkyUKFHxqM`qOX8Avi3n!GoUs<2Bob$8nskTHcWuL^9Cu+AC^j){`KL}YsWeg3NM0m_ZCFqCx?d7U*Z7t z>d!FPpZ3mtdc(j3%qmbyO8(&@y*NE&p3BA5lxTRe+9-xc7cKO?g2D+`*`FB4`|DCZ z58|i&B>Q2d!q{f)G=dRcV?GvOf@Yr!l>vRJs4nI|YfvhLHw;7d3u6Pt&RI=xw?K4a zmys4i858HjHnWLmJ@S&o4X!%~-E5-izj`o~Wd3sr`h$Ilcow4A`o@L8j60d-=OmOU z2*_>IEhs_~W6M3Z0OGsG=si!rjT8xyp{67$nwoFb;42OZC zb;ddGi=V~-(BEKwt4aa%Cg%^hqLY-bP<&1I4u|WYT} z1n#53;(dUbn4Xvk*zdML@tq^li}1Ae{`vo4x*SJ;QJDYHR?wg#I9gX(E0S50QMwPF z1W%;Fl4vHYSZ9Bss#4a$KniNYH4$Q%B1R9}zl$(~J`%Mv-<`4qo|t|y)U{MK9p|EC zwbJUR1LJd~jsBkp+DZ3u|4%Q9pA)EpO7_YZ%FV?0H?UOG3;Q|%s14|9eV32`Z4yx? zu*<0a%I3vxKK~PkdeE&I0vQ_nrDOQL_8Y9O!9kQ`GQN(!zIZq7LS<^^V`kSY6xj6D zb4GGoUQ&#Rh|{yZg(BBkr>p&!fIVFvEy|x<`TDxk(DZb#3PY~1$Bt*e{JbUrr_8Rd z-Z}(``9!hm_~$Zgs-x`2^cN%1QCN|;w>)Z^ny+{oFfA;PG?eofie1OL~o;#2Xr>Cq5$(kAR>22s%8z0>zr=51LnR0US z^cHG}u9zc3n?t8!@dmycvDR03hlVozyE?!mkDUGMvC`&pi7V`pb|#`S>{B|5UO zNQsj1&>(dd!5sz>ojeT0cJKZTDggns=xA)fO3kN9*r@-q!@|NY@`y_URZQd!9`&07 z?i*K7ee3FC?wX$u5T!9ywm3xpY9d_XtR93xjz&hA?U(qn^9<*Oj)pe7PRp@`7ze|K@DceB9zwMEnP|ed;)23v%hz$Y zkNZvY_0xYeN^3t=RTCzfprGY| zj;fKN#0V{FY#2>%)*S}d> zN;o=ldfsiJ+1XWfZm8>Z`G+8*xT4h6xg*1iLYzr}K0_ueE4#M&PW&XpZfBHiYI+*n zv^sdCZXqy4`}7H?K-mn?7J+f~(aUTppt-_ij^{2Kfkp&k;(dJpZRzr z1u=4!yuubikBh#MX#l9M?Z0mR{(T1mq3U!V6Ro>Z^?47mx3|yU_+}!zY85Z7sD8(g zm2I*&!f(I*&hu#t4YnUqf4gLU&F&MBZulbP2<{QPuA2uk0PAiujmdm#3Oz3`Tv_AS3Y7V!`hgmiol=J>nut7D}T z=ETyI0D$3d78c^kb?8vN7B@IlGh=qn%-sBRTGefQY6>0#psuLJ;RP0o|Lv)@CN?qO zi|FV{has=4Y4W8OTe#m!&Y)7I=z zH^m17(9HDra_<=^yJP?aHn}`J_Gd^Gikqsxg;3rWVhtw=B0lOhz+qZ0d(Z(1 zEUTsl{=V%=+F6!todXtFaq!ZT#pd=l1S0h8j?~qiuQydNp-p}w6?O_WSE0vuFD|x6 zg4&;#IpR%CkrXsEd^yc$_6*)KwuD_?zJhqSx_xFfoBGD6cFMo(juGUy7KH_d17#q1 zA)!|g2uc8~gv2asmkGQJKK@+H`RgAtKVX&wyNSt#5MpS9_AKwWKb`0eCqRZ%I7uK- z$am5v(`{bf>O&=#5`Mh+i&@t&QtL5c1H`(Z5aCbom?l?r~(DT~2O*HW#4S-`gB5e1Uj_Ab{U; z%J1TK@38DbE_Qj*j$5jNy7o+`al}K4AsJ4N{%LWU!}*BN@K%Tej=mOUY%DcMz51B; z%j?|NO-97T#H`=#2><@Y*V`PRgATb|-r)v>icVh>ANA^ON@go)iLLFP8Qtmnnh+ch z@F9n@-(SI{^Ox(tD-ExHDq;k|m9Oh0aGGNfzYgbdIbCF~=e*DN>R#+eLdAc;n3$*@ zAD{E4@DiBOCvtN`8cu(P4a6V|1hQk6L~fTaLc8AyvTlmt4Jyq~NuUq9H@XqXe)_~_ zzily`z=jKS=iB{aLD&0efraB){7+uyp>_eJptVTk(B59((lETFAD=l{k0=#JLPyZM^Z`a+>D2@Z7+h4!l=o9n>+8V_Fw5t71xgG#6t376&PCwAI{n{9J}hY(^XII(LQO z_Jf@4OMu_C>V*a<6*eKBe~Z1z`v2A5n?PgT{_EmTsWg%XWQ@Ueka?=iNs@UMndi*obFSO_{@&j?d+)Q)f3I`?Yp=D>S?gWB3eWR= zzu$YfKG)~EuDj>Zrfp6qxeI+ceShX=*-13Bp4hs+yI|++tZ#W}Qf5$SmZU?b<5`OV zmQ6X5)gAq58W88XF(9}A7qgx-XH%yH$3=erm2*aHj$K1{X9bf@L{3JeT1K4+THky! z^5znX($xkF<)8r*na_js0)xGeFQ{KeXA3b0$G3mZJKZiF{B(P&!}JE+X6Bzi84y)e zIM?#+*Fu-{8;cTec2;-%ti(tj@3IvuUMM!WHlze=>g&_;SG*km#=dro(6Tj5`~@M0 z%C=;danM>EYFL?Kd}&E41On;lDk6?2@-BWbP%*`-p`-Uo8_!TyN_-voJ1;@3oxOn_ zW@)!9&0SP^Dy~xfwz;7}X}dCH`PpRN7ndWKG|uP$>J#69&R3DRHKUW$0(wSFHlA4- znHfXP8jkVtWhmr^ijGS^@OWYEeBV@*?L%@h_cW(Cm)~*Ng-7@I2eEDtXdBYU-J(iZ1%uoQ=JGedVu>a$hU5jtBZ5XBmGzZjtF+OJBrQe%`VO zdIfo(rjhPC57{44qF(bHyu7ItdD=pO!u}Lzdf|D-llo8rum{qlOLva3na`V)&{rw8 zkJzkFPwnosT%a@IWO-d>@UyFn{>FukCrVD3&e;fnhIoBUQDn+BtZ>N=zZLJIqVgj= znSTD{y6df2s3Cv(@@1RBw6yC6k6J5>{YC8unQoP)x<7dOB84O7vS;trlzr%V(N%2G zPE|Tfai$8Ql_^DO&2YIK1^b5wJ4L-)y$*aY-ilfL;CftU?ez4Uta_1&3G2d)Q(+wIn1Xz0m&tGAymMrQ zw01rBFg54!K!5+oS);>ZNt=Ja?VAg|W@6%t5A>ebDZY7!l2l7fXti-DdGaXPKLX_uQNWTUqH5gIPc zJ8O4!h21G^*Bor@65mtEEMw5?g#Px&PoL1OEiG98hAVx)5E~tB{*Gg*rt@M?gM*<~ zP60~Ur+4bMdMI`R$%UCUm}0MaUKh>$w68_Gd#-4?-|>5qeq~2XKBV6m$f<`CWu1!r z87NxTom_Jg4A7ktVHXr0Sf!vfUMg-sORFxu#Q|H%=(o^gfVZy{6{iL>T=oeI-Ve)> z#$7H-Z?Qgl_WOnF70EBq1EZUuLl;e6K|%0o#QCfY+dI#ECn3~meQI`2_59j^6ZaoI z()uGH!0M3Hdq=i}qc6Jm`3$M!Dn5PUx_5R1hUoeD_$c46>YuT`AiieV+sK$B zSFf@f7`!tbY*cQV@$P9r8vy@$CoE?nqTdRAMp@5y%QJxEMNAqG8yfQAM@OofH&s?w zaSNHLxb1gpVmH5?afOmmFAa7*HrBYPczTttZUm9C+Wp$MY4x!nZDDb7#~JCO(qh;9 z_m@Aj)mvJyOv0o7=~L>vktPeC1pf&QmFccgi=5TAof1>CzMm?K^wE5cNr7HKa$-=S zyveatxI=5k>w1%rggJ-R(83#Ir{lvFE4wQXqxgIl%6Q+)EBtuosf~6Irl46+_Rt{gXW2v{m9po5Yo>L zT6+!~sqD_4YTMr=wKDX;DzA82JKjB8Y}n}JhxTV`T)ntEpf-Dch%(qbAZmZwYw*+8 z%F9LJdEbYY#n-X|2z;V%(Qo_ugi1+mIHUJ1q^U#9UaWc4Mq(K*H*?OMtRAg{o8#>F zMkQ}txon@v{u;GM>KPMdYR2-{S})-K+zGtFFn7`2*iOl2*~BXc5B{soE=d8xy-pc> zngX6be{-ul!=?89PpXCB66-UsnMWmWjc6^w#K>@nRu#wS%l8aw8~!;o?E5P;y(f?{ z@bUhxG`h0GE9|5?Q|)b@KW|-%HLf+OrkOHK^)(#r%;y>po}c<%qL%*njhrlt#iIf= z#O2KsM~1?jDiwpZTFqrRnL>X5?z=fP{9;lgVNKo6vaRnu_ZzqzTgYD;-fn1QG%);7 zm!oWHY;3HZ_e)SJ8x*!lNV8un(N)ZgojN1^ATejoi>fxdGwWV*6T0}C z#>THF*N+7TGFDbzl;O1~w_L!2QCV5}vBI3!M#B910i#>i)-?@MX{tUmGh#M2?$=QH zMV$A53I@etuYmCNBo$~IWuP1J*eTbec6TdH`0HdwfuovnCFpA3&HdRe=^7rDT)S}n zQEKY)TV^bGzkJaU1cc8@K4El!?Y-u)mx7j1|A_TGjeSnEvO93YilWfMHePz zy=U2nAWytCZ?~M>iO+Z40vR_;NJ^T{P8c0f*v>rD@c!*i;&Y80&3*Y{$ZmQ86m zudM7*T`g|czOlpX(CRgNUG$B801d+x>X+R)yb}HStf9A^oqDR-4y#U|J`D;&UR&E` z(0<9jXcGu_>Cw`5;kb{!{W-kOyLTr*!PwZ*4Gb5F$@m-s2M)>GJ#?>+7geO%wy(H( z)5t<$kM>%TSPgkcnJo1>)|xnLCD>Bn7f??r1z>}$>zIrT4HQfqPf}VdE34Zs8?F1i z(_=S#F zG7d>Tx3;X=!9~-fIk{YDxchO1I6a@oD?vZUo88}E+_LCxnmsoJP2>arou@xG<(msuyaD^ZdA57@qiWkveqz z6|eYbrsMIJ7u)~p2YWyIEBNsPZFYQt5(tVyGjr33x6EeuKR*{bSY6HBA->ele`jvq zz2EAK?|i3vNa0s}qw2-xcXEv(b?@Vo1>bt9auw3o9TE);_Pp`)rz0B|`4}tH!ko@< z$8FlI-Q2Hy%i2;n)r-A_@!W;a@ze~Nzi!3arSnckO0j1@7Sz{wn^j+~UZJtzq=apY zS$ke(Czs2*aT>g-+KVNwYVf(-g+>h;NrGb`hUX3Vvcy|q4`aJDb^46k4L3UWx zSMYNGPGx=T^w8hmrMH*Xd8Gh2&+KCgIy)irIez^3VaR8p#zG-c4&J~+R_M8DQ<}NF z3AWG%itNz^*0nm)&_1kz6mK?@18+|6`l#r%ii!%fO^l4Kw?v6+DON3m&^{DVXuqMy z2fNO|%IY~YV@H7+hxXyahqqxvidIfs0lPrD<&uvLCOO_vT^|OYDJaN*l?VTUR;=OQ zZ`vk%vmtq1c6PR0*vPKkyFbHZ0KwNjI6+`PVWSK~Fw4!uvjQqdNUcPj7bGYUv@HeI zGc_7U^@4m1TI#J55^T^&-9O7K3%NR&EhfrgM@LDqcFP(*rG{T~$>T4Htpp<9&D7CGGwY zEO>l)>$SZ(b3#}he|VPU=DLK6S-#8t0MUIQRK}1+Uro?iH9OVr3+b_1mR&%ogzX~; zWEh#5i_inlgYr%s?ig&H(Xp{U(1dy~xkiN3O6KN?gH(B64qbz!r!i_7f&9t|_wbQA zN`mTwG@Obtit3=x-$J>3=~4urIaFRe0VnF*8MYDQg#U?%eopF?n?N$8y92a^pFh&ockaw5m zCe|jX@gQ=7gtZX9F$!g5WMt)wRMDYkeAmt;`+A=b(fCde_*wpkik;tV&a}K`P z!^>-}+B}4-Zo$D!ArydiXBqW5|Sb!l~l~+_; zhlL(flZHa1YcN}2&{*l3D1t zcYpr;8HzYeO$s4Q*=Oag=RaaYR}~=KB0OxItyza5TG{!BtW|Dl={gwpHVCMuQaCv| z*`yqp0mEU8g6c9|8lq~oz%XG$Mo76#7v^kSv|B^ zb63!V8L7*#-V5F6xyzSV6fk2Q!%n>lGC+t@{|E}oZE4|zFHlBSb{Q~lhJ-mr15wKE zQA^(h>lkFi%PC(&#hJ#($02~uHV%2gWvwJV*=Sx1zsuE3qF&28JBJ<%nvD2G$xUU_+X z<|6;4wX>7VEeJ$jCM5iL%Y2;LYa|U#uZ)9(1ZFF|lkaa-@bISFWE-BD-@1GEYEMS~ z&%ISqvzEa~ghem7Bw*nQvCxP`Bk$>~!*4PUn&3 z%_^a_Z$^@|yjNL)Z)&j(X9;z7akt}h%ZCe94Neetyg17XMP_aL zOhzB=`N+!dY&cl+ZqYy5c1bm76<7^woaBf2WY<#yB4QqY@cqiNt57sC6%8@o+h8Wj zw%AUY0UWfy^zHNKqt@X^^;HE@8kQLqJ><%I7Z>W`QB1Sb8IR(R!%|up8lYz(Aakr~ zQImeY3{Yl;$o^Pm>Q29K2l=g|Z*HDi6TJ2+E33gi?={i~ z8P-!3bbkFRCUE7$*jksC`$pPE-siHntv_UI#wjnq*hpPlKBVvpx}4Yd-LzF~Y@Dwk zjt>)zV?(-l@Zt+G{|%iEocI$~xtDYFZU1pseyDi|fj>QK=pD2b!(a7i=9TYswYOW_ zJN4&FT%r$=RZ*E3T*o{A2^d6TbXI!!@t?2Rb;tiW-^mg;hC-P)=c7!MQrX&F3h69( z$?I|Xh89|#dbQk_Hb6!4yXN9ANCa{;`~~I4*#G_*ynmVH<@zSA^$n9$*h)(C172zs zZC>s2rB>;x_8&tlWluj_yK&b}QU6m@RaL8ymBUq8#Z`q1Lv(+ETA`I=vq_q1N0*>e z6<(rzRhiXcdREi#`1WgFJr#(;GSKJSNv{}M8m#R@blpb5*+>RdAzI_>>7*?3Kad8Ms61_zshI<r^1HoH*I=#m5Gu$KhZ!G z;gIg(lDIal#((k7RHr5(Sl;rIjT&0}`Wia6a0&#i`LiLWHPV(}R8m4iwlbor#~a`$ zWpCU-%L%eze0}fu_M@jxtu=1W^guxxtrWjhE1ns?gn~C=POBp?KDd3Gq8186OW(ui z*}uQ=VXJjJ`rb-V-v zLqfhnSgZ_>g5ixDnlO%O+E4UrdI?&gh9$oN$3z|0y*ij#l+XwxE>_q*t`Q98CCIaW zWo^mcoUbq}jJ5q99=_J%FuIO!*Dg)?bM_oK@CQJZE8tnn!i0zwbkwgeN7a!ZC+6Cw z8Potkf4Vw4?}3z(4Qm7rS`VsLS2r-5|9wV4bpdJ-I6CoGj4UkgJhur6J*um(7xIw( z42VecvA4Ik7Co{80?8l=C+NRnw zIO|pgmE^;Ra_-Wl`|t*|C6-CK`1;c0Ciw*ffE8Q@I%1o=4>4*(L!Tb+@xO)acJT0U zBfTIlYk~!PGx5_=Ajet1FxMsBPWI7z*zX@cd*%b>{;4NI%fEg5R-0nNN&MZ!jUV~u*=LkJ zK0v{}`RZ4$xFNDn6P5)6eelcsbie%JM%DC_s%UT`jwU#}H^UAB=ReB3+pz52_8~Wu z=u$Doz*oSGLO-kyvGk9PC%7|yc6Pc3soSk$5>UO3J4eSUwf4e=3vVy(hM2D@3?4gy zk}`Z^v;#@Cm2A@D18;C|r?7}f-xul8ulpYhYP%j09B9emgyEH!m-pk&Fo&h`^77~# zeGNIZkzgL^JpjI5UtNIhe(IP1nX`CU_^A!V--?#E8xV~br!4GStU)nEzXQG8n2XM<`A8d_4EqOr5_F^u51Gei=| zDhN}#4IG5SZJvAE;G<4w-QL#T9uG@ph?wPS2r_Uj`S1dcRAuq zx<6{2EQG8NXX*Ivs5+RBC@98_>6|h z?2(HXH{lzW?Pm1sV#^{gzDrqnHgg9%Hr8Fq%kIDghk%7WP+EkCZzBl~kR(sd&Thkd z!PUAW+?5Nkn$K0Q()G#gV*(@Xp~9fp_SQ3FM-#M=?uBXv}oTA`~7TR1T%0W!M6 zJCzHsNyI|i)y58GdqG_V9e=)7ILC9e)pUKA1QY);W#z)WMqa>SVn=~?Nyzv=MV1=korJiqil=I zuj89*OpbEIOL5dbHa$zv}N#_MGZag9hlfYm3kRgQx$&k zwlEaU?P9I?%#&OF@nne5{iVu>4uSM~=^MUn5%Nstc08SM-mvA6t&mSgCtU5ht=5_i zf1#)atBOTTw{nZp{4?37j~`!Cu@NPB$-3%Kyu|e)Bk|93RLcKGW#RuI-v;7ObMxDb z4XP1f`Y?O=qe%6E6Jsr*5=v_)$CxWe7SDo_c*h~?@!`V<8)nn7Rp=}Ye;uNJ)F!{N zUMqz5GEXKTKda}$#O5zzWF>C z%ehd|cS^1RS}izNJ5~eMP>w4q=3~vZS33ii8Aj~%Q0M92 zx+uwr=^HJrl`B_%gfG}D79K@{D(wXM0#3khMdsvGmo(J_fN`wY>Y@Avn24baBWWq( z;^NzRc#cM1oUqNBOum9=;li}TPwn`rQ+Wt^@Po|_4b-+aEj+brebq774Gk;!ySlny zq5H00a{;bT#BOAi*b-~Z3jiG35)Uoh&FK-=G&H|ZAtZ4U-l5eFng6N629o6&VkYwTZTM5&J+_`fM z&zu)*Lk^h}M$^u8u4AwBC(eao+UTn(bTBHnnx(n>_{b4oUQ^T1)s{a&t|va;KY2o5 zfzGip3zCKj4n!VRE{H#3Yi>%;T$t&DNgTB^F(5+ne(vnq+wSfwVKV}k;6R<9R5LD& z%UO5;wiExhY}v9_Y%%on=G=}^|6iawyQ?fI&jFc%tUW9u#J{MO$$TR1$y8#vf&r|??i-%6_^j2)ZoVkNh%>o1p=Y@k(i4a zJxAi4=hq;S2Cm?$tCO&Gu7~H+sA)1P?$xVhU^5B347@l(oc;m=rZ`GK7_SW3rRdS<5gGSLTb_!udlDi z`?$bwgC5mZ6jq>!4-Ech*bj^M9_55(#Hfq35~=yI3zgN?ODPy*;HlOUTPrZxV<|^5 z&@B`SNme2L=3l>b006d$iZVkuMg)mqH$ASX+b;L;@MubIL4(ZtdK{Lx6??JC#wR57 z-YTv?i+u_zkX+;kK#;MVz(ANy(x)+yUC>p3eJ0E&JzeZWQqm`Ad{N84k1uzw^h0Co zgNjjH-_;x^N%R;02iVrvX`ZHvv>T%P|MKNsZaQ)tJOQacA#M!nJd&9JaX!QP^|#Ta zLueTEu`e<+*+7c1C&Lua1_(@y!?6CGgLD$ka=<(0tTV+Qf10Ji(ISGI@c!1%qYe{w z`q)E{pyI*`0qOZ&&9>H1auMQHV7g7%cswu zUp7oMsM(|J7n(W?O6vM`UKAJS&Y%CGna*YX2B265%3U7+pHK9kee&9}e=JZC z-mH57iXRILX%R!^3JDYP$lS_ALCSq>nlJ(y{+>RYFpr?Y9(xd)ZLO`hNh|;lkDN$g zTx=}eXjfTb*uvNw{gbDl^TLvwR8`jAMS zB7pB47Iq3TslPfO**s%!kW;X@0@JuWDiT->(umhu4$t-TjL45z;Z3rq^-^>Z5VAVp z1k6oWQZq8zk(_l*TU*`cJ9S12n^0am6Zw z9pwv-I8|Hhcm(a)*cb2iqE;TqDTL_c|gMIyLK03)+M$M_8Q#U zBA(6v^7TD!sbgO1 zhR6`Mpvk)Q;_x%vezye=E^?k*bgtjlWWtP#M`{Gn02pd``ys)OKzD|hpZ~tno)v^h z(?ZNjR_vP>FP32LHGRu*m=;3)OJXB1-3Ww0H7Zww;e{@-LDu7d6FctSy-QMhU_zqi zVbz<_5l=^E6%pq-V{1e@WQ=>sro zGWy59m_b?yS@x6MNTLLBjy$jHH*S1FO^IUm_0@04+Jp)MpAngW=u27!jiRIU6Zt#( zVUCQb^NCUpSz$2At-E;X(w0jkRqm{k(p#ocWU4H~S_T0Y7a9ZQ<>mB_;&#NS0Ks<~ zQn?7jGUebDx3TUH&=jrMJt_bH%fVvPpvk|aTV+60BIIi2Ke^A5hO@39gRdbf2AP*O z^W!xHiv26X^#LLz5Co-k+tNlKc`e7Lv7ftV8hRPp5kUI7LJp~IE^7@d5v>ZVd6ap_TXAyszocqun zq5+GkeuR9{v5DRWoX*S7*F?V?2n^X_mVY9!c!;K=Q=G(1>$`5}X(JEt=O18EbQ?f84-p2CV6$DD zR$I+YnGzONO)a$fppA{qdu;Ts$UJ?IhXbbeOLeqzE~o_(wg&}IbY!H5_m=%~DIt&r ztiFFYDLFX-uU%bV|AmB5b$$yi0Xlgs%dLqsMNjeg3sR!vzlv}x%%bU?=Squ_*6UyzW%b;!+pd~vt#n=@g0_?D!ToNof|Su$|X zirWw#B;bL*2eE==H53!+Mkb)V5y+u~asg5ZIu3~zn5a75SCj*OYddr6Kfp8RAU> z0xr2(4gs@aIdp*>2f*OHag!J*)@|rq;O>EUypOmFTiZkMGl<`m#}|OYf)?FpQ7?s~ z2Z^ZSqT=EnGjTLW7!W>Oqi(-$VPQcj!;1f}3?0I2Bc}5+m{t-mOh_oo`|IW0WL3vw zK(Wbu$ZR{1`g^mE6LYATV8dWUD8O)|dD%}lPN$E)(hKf8P6mF2GH~>KizNWC2;V9yBE%ZJ%MFLx48^eD#f9eR(JLnfod&&Fm_&Zc)%1MmAQqMYX@93p0hf z=XS5V5NJ^=0Or*fP%3hJ$gceqo(58x9|J&^d--qKc}3L7+D4qND#6u zaLF_j7FJf%-@g=)AxNULZdqF9BZ=2i#F3najMzu`D>s4T1bkSG8{^|!gB}0zetkNW z*u;njSxt|YA_yAnMI}EMArctDltT>mHo^y%TL+U7VN%AuM z&5VqY4s1Zm2m}@BtT})Ou3$}U?Cptw1?4~aebPj1h0_KR4t9M*k@GAK>YyXnu0Gp9R)n*yfF!4K_5gvF~NBtS-szG>^hOZ=I1X* zv}*UhGAIU+D)0#l%Fnj8rD$am!5dlWA&>BWxA&ith4Id$ur0z!{+qWaY?zVJeK7Kv z79?352R9?UiyjpqVJ9H6s2i}t)Y2^UVJDePV70-OtqC|$)t;St1uan2BEV^ggL`wb zGvfR%P$cvk8XBaKE0Y*qOPVXLt}93n13VRZ#Yc}G{TYOHo7CFi{;{e-edUJE52JwU z+o(RWUH~##dJJAQ$-0m2SfKrcg2E?xPRC_vWqo}nnNgy-($^Du6#_HCBN6>cPL4Ei zVEnaDOChHM#f3Hk>BxeRA<2Fe3WD+6eSOKBK!gH4*{h6Qz3P(xyJecoUhOYBLWDm- zLHxV}l^MoXw7m@_LoOT{2>z#QjKBhE@*zK{cQjM)K2LW5|f(iZ#ej%~Ro%iTk*;iy--D#H`R8Y=r`^KbR6 zp3Wm^&u&S|1j0R6VxHDG%Oe1_N6E4uk7w*g@87J+*GHBi9^2S!>m>F8km=21!*L4qn70NxH%AQk=JcMh9(a{FSig4%i)Q-uzaM^Y`qP-7_iw0sCzN*jF-q7?LV~*f z=y463R#ron9g6hZe53>$E40rRE-FoazqM=K4)=+*$+jN)*ROe6pR`c#6fSBTEoXuak3f7i4)tDzy?t;J3MFKK;ah_z_3#Dlh^VI)wU9Q`g8 zMvwE(vC;qrzsSz!ppc#=P{Bm14|Zg5#o>K87%df{e!haR=l!!Tlnm^PLEt`Ss+G7j zdS+-K0bZ_%iTkrWOs7hF*`NuGJP$bvGN0&RmEyea=yL4*`DnEd|HuXS*YtnyK(0MR zqi}4}AdtMj>-s9_*2I!Olo3b^fWa{(uVQW4WPg+U)n3qo-dK2Y8yndOCc(aWJMVw2 z53$O^V8ndTqiy27e@Z@}P|C^rV+XJH$b{f?IiD89Z7u`Qn%0mUMXfh3d zIccJUr-v@6=-apIQlNKIi9sg{$?`oAmo%yNmrYUJqeMf`hqR|RNv_?}y_@IH)<#Z= zMg~%v(=Fqml7XO@avKpet)Tp>_*2ZgPCG!UK)DS})Rb-e^F9+gGT)6P@VGu>^IF^x zL1CufOLNrtPy%f%kUfD=}XBKW!HXiq(Ehh>m~`M(3~KiCCgFtpE7WmnTXO78}M!% z&cVUq1LF25G9Ms3%9;DU=5~e*7q%YU4uV0@h0?+Yrb*7aXF);$(bKmXNU9-v^bNnM z^%Tc;hc8{tZBTNS?oHvUU2UiMPgjafUW}n>RynpO z>1>|C=A_e`BTipY;Y%{OfA`Y+qsul&9N{{=VI^1eteeOzv*J?eWeAcC)0h6zY&aEj zETP&hAjz7}10oDzZWgJ)W3qE?OgZit2ax>Agh~smq+8r*bf(UyN&B*j#8!`_qA6BA zh7P{FI&qID+I?N$f*2Tp3uPT9Gg=huJ6$L2eK{oC zHa*|@`VoDpS`pSWqE?(5(yBuBAY(JD04b^W36bXrYN)m7k zgdV-r)HUNRNVYFUr*4`gzT>xZW~$;6piS3Dnd5Z%?AeEkp<==)UoRbWnwyFS&JJVE zMQCUu3YU%rqBPcrwd{*t>C=EL^yHGN(=fUFZ`06$Ss(r!4Zh2MtXw`30IVPBk!3Md z+@3O!R*4#T=y*Gnw94q5Sz*5FV^yj{$(cYyC%QFd9fSL}NG2a0%T-yr)xgsj)ifcIW(c(o^6lMQ z_WE?_)6I;Gdg%7{u{&dm0-=4l2?cZ7K;+xEMKcov!IHm=wkhKhszHwQi{wlz2I?v& zYvn({K@D3`PN=)gnixWY6#xnF9#8jZWRTT?bW4DOt|o(C-iz69)-H0I<;bIN{M{?&<7npqRZeO4{D6r*`o!eCrTWdKyyvgb_O3g2)_go2Ei7PtYU&tN?Ku6!7qo5R{xXS;5Pd=0#fV4b zfi5@Jp#4(T(kId4G@R$1dFd(eVE;GKZKuV0UWv{P=Nc-CW375DX>X;9XI_qsUZi%N zUCVNScQP&o+QGSG;hH?h$tH5vQKa=V)H^olX13$77B6CCdEv&vBF}Dl zF|-2Be&MGOvSW#WZ+T7>l72(AC2von-2HH~PKbOfMrD4e@MNe}{f%-=UD1hJZ7>tt zK{I4Ek3eK~fV?H1a2fv_1T*`Eg>hnVmZN(OI!31v(+ymgIr>f9axj-KE>j3^^#(5ofnRx?M$Yy64>!j8YW5H{am2{pCk4Hyp<%m1CbLAGaSLBCW>IXB4Zl<>FXCJ6;s>KJ&O5 zOSai)1dGdJXVrcaYV{!8M{GA)a^2lUr&?Xwf0yh<;)0tzPy->8B86Mp@;%$>ou_0} z?Rp~0p~51MzTJJBkGs3l(Bg*F?jtUMq{vMe1Xng~+LWiTGjtOHpQkGsKd8Mi=wk=Yy<6m#Ew z4zZOFkTQ4_A>fk83uQ;6!pFMVcBe7UBWj$tC2uu{Llk@)j5A`YGg-}iwJ=fu1jSIK zKe2b1k$)>}H_^WZw(X*MCDPa?@_-#2xRx@-;IJ@_z8r?IWr~g(w_{Y29$@jw!>| z7Zv*e?z2J&Bij+ce)Cqpu(ln*tD$6AmFWc=#rKYO5)6Kx@6$VX@$q?Lqfu!%7lvgp zA6B7ola}mqs8R3^v|2dTWS!jbjKhpee~rk(I>BonZ}SQWki5+TTxdJGkU;#%-KBnsyKvHVs2jL?#Jwrdw?A4d~ zcB5~!XZEPPH_K-1da$L`Dy3WW*rjlBFMbd~?Sj0|_t&&%&klOxC5*n4rH#xCQ|y0* zXdII;dv_?38Xl9w*fpQjAi?N@K(1mzEx2*y24OppJ}o}*p&P_kKbDfPj0cGW$qfZN zf>bv^C7q%T;+%mY-mK$G>QMHq*^vw3a0Hbjfj2;|!Y9AUcS8 z2NNGleLlR4;aIK(u@u!}zG#<8PJ)@S%LCEW(wZH)rQ-P!7qdwZIDYb0?F?BDYVbzP z4PVKL+ElCvME(NOiXo-Z?BrN~-F_9Y?Bu{6@HX;+y0GiKBZq!$Yx8#=fF4DP=X3}& zHt=}dlg3nOBmD9Rmgz#Qgh8|7PY>KUZ!y#?Ifz+ai*4{F?3gD`oZv1=P?>ZiCz}9U zSKGImT%TJvJ@%WN;sc296k^vKN!E6N(Xp=A8VNcI&?<;uZ>_biy7_c)PYW1Li`p)!6D-`;aN%gzqSp6JdqR14y)%sDiFFH{R*rDP1NZinz z?O<9LIi^n=%S;+yPOx@x-vwpmC-&w;U`Wl3h-EY%3!upK%z2NZGBQlsao0U%=nie4 z>;^veVix4a33{9&O%@l(r}UBdT|{aFblJ9XbCaENs?@}Z?5pVDKUBFheFI;PU;;~# zRh)E!$Ym_d)Z|nj8t@irW=0iVmbK&sQP#s~X9GkiB{G1f6nlH2uP>w(Qb2qx1g4Dj zR`GF@L%rIeO7_7q33)(rrOeV!4*kgu#)8+sKZitJmkkkB@hwiXRq1z9rSKTFLr4(- z*w)#6s~o0-RFonHiq@Z3?Oa^8ahRSDyHzb0)Jz=KO_o<=We0=J-Po<%UFgK#R_iM^ z<4KzK#iSHqmTf}m8NI(AGLTJV560mRIn^x{=ohr(rg;|`nqA~bTG;+w1*@@sMy#;>Ca>d&Dr2-*y{ibBCHV#9gx7l8^O zPRV{oO0IZ3c;hzy+lp^cVG!KC_^^grq=9udLQu7iql8;()i+Y%p*&{8rzacEn`TQk z=eZH|dA^e^o>V@THEK+dIGUo&CgTS)H|#jhiP{B~920r0&U462v1t&4umuW7yZ)pa zb<^Qbw1s%wq4on6eNOm`Hb4N`vQweU)+Tq^{eyYEYdQ)8Eu6bxn#Ul&eSVof&U7I+ zPqZt<{GiPo!@4kOdg-}gGV$9WoA$vAIwl&KI}Uw!MseKsK9|mu%my{#{Y|UX0Y}qclpR zYT)rQGLUnn`a+Viw35OM^}%Iz^=Fr^TtO{lG{O2#q!QIZ0;;>MR}=LVW4bO(XsSs8 zUl8m}ikXBxC8T_S^ZDl*@689@&g4vYkmC#|nN`Am{P;m&HEU)zJjpd;zEBw*38-^;N^Xn7;;Dh5K$xX|$$BPfue;Q6UCU>~dhhv4(?2 zk2?AI_BOn2u^81wWz*1FRv0yH6SA%fka*qGSYWl{IHT?aX+vNEjiCelDj%jAeOqc$ znt`Scrn0lX%Z|E=vB&BltuE6ZcLr@73@6{lsp&Fjjv5W;`4!$B6<6X?>P}==vkDt* z60aWNJ3;Og2Zm>AN8r^qY_Oi_H1b1q+Mct}my=y|Rx>ebXsY?U;0MLFv{>atJu=Q3 z!^kmnh3wXiE80h%+$;c-Ymio zOdQ%-g9mc&Q3FW9MM^fz#gd$_8P(I17e=4F!6q;n$nk|SKvx-b+I|dEvbM8YF#IeT zgCC_p-G1QGP`r*ICpB>R7)wv+@}Yuv4<1bYh?AW_+B`}EF}F?&YFy>gAI97 z_EsL*Vd+1alC8j>6a{j8z8ur}>{9JhVUy;$7OAb`h% z+H3b@C-(_l9iO657A`qP#L31EF;&q}-kW9*2NVsYjEb8qp)52x;2UUQ+PWX7P#$^w zpZgl*3OE^F;nHM*a}`Px|B0rKl^OxW*qCMcmv=D98Q7!giAX zFaE(pzWPu2Bf((YVDT35Oe>PddIP>>G%CuStp|!wS!gUua9m%aGgDRh1;6Rk3yjaHg5b+ob&%#Yt8?A-~YUIK4Feu zl0vywA)44?G?LOYnliR8`K?R3^@CMso?YonGd3z~IT~JPm#HGA=fC%Y?9z`{P9;as zzQ2FKpfw3U=4CS0Js07vYdBIrW-Bd@4rkR5)$%+&I6FBj3&XQz{LSJorRhEi9Z}kr`A_jxsRGvOu>CqZ zaW+n$yag@42@B4Li4;~)Qx8rYvZ+z2keKeQ8Zqd3TWFKl685K$dFY+-2c6jL}!>x)B@O*m~VzuKkQm>b!V@n8AlgR)bI zbLsP`k`ITAHMzKj-nt@wo9n^pKh&Z%HlNvpXdgCjAHPGb?q8jkO(FBTr6G4Xwn z@a3^s*HfD$i&I|qbB$9uzGV-jr6=`_)1^;`vQI0Hw&hv}74*er``b%hom9BKaIGj# z>ymBL73MJen|gEI(e`bbQM3gbQt3MurWO=Ur^@XM$C)J8R~gpir}tV4wtX?dv20F( z_FlHbA&pbXJlI6vMktT+l%p@EbSa*Pd=R%G0neZEEi98>wo)Rcwl!7C&dOuwp!1>0M!e0rw0FBFl`f=BoNUUT zIpsJUfUgh6hVI)#1`jv)M6LCk)XDpta+BG!ov-bOuQ)%rAUEN2B$v+HZ74+DaEr!J z`L1NXo14R(hp&b9rQWENF`bUtDI2#yE359*e!cFUvcu$Dxc1z}u4C#8JC&kT#bDF%0d^|SJrEzDVO zJ>Oq{X~I-FW@}8zC?0mXw9UTBseZF$Mm(9R zkdo6`d_HyU4<65X-YCCO#;*0%r7Lf8f$AIS=G)6!m%hizykRu{wV6@o!TABvk?3vQ zZT>|w!%Y#UGx>#bvU#iYIT%bblebEw4J661+0@pw71OFm3M;yWrg(>)nlo0lAN=*0+Ub_o6)bGH zfg!%xvj0P$RlIXbleurx1aD&ze|_e{e6#U#%FTzmoB{c@)F&IXsro18W~M#0zFX6K zn$}2dp*q@?T@R_@eYQ|&i7rd@G5_oJd!#3*zD@1pK}>l~+Rr>s8cRtngqJ;wcXX>Z zo$kqrO=`3?aau1j-}-_-USVCYl}=D<$M3?nkdoOdJ9)c6-Nm7+7SH2kJ*n|>V4@*U zdENwbn4WQuH*Fzx*J+mWjOqkCjtq?uGxecVo9?{pRq3{}vLB3UcBiwwH_sfd?C-X2 zbFO@vt%sRw&wg=Ji`dVHrD>7D_xSuMhxy&c1~)j*v{LhKbGga-zqT#crG{#EHPz=o z_;IN`sgR>wZ`MfbbN8FJH$hUHq_f6eqz=v%pNmfrl3TF3CMzr9&=nSLplI1>N3A=D zb?mE+sd`LDSBHp?9{ZQ z?;B|x(vw5Q-!>!emOp)k-fJ|DgSqAm3nS+qRhGEy;p(oy$t*rv*{JGL?QdTv&B{U@ z>qOdLb3&f<`s;(P2PT=DGj=EAjuEIFZ5ZC!y>&a8V=>G3`}91cQxfw;Nnk&D=U$Ut`svMMI$+^xi+)#ONF>_c{zj>W7_Pi>*I^Vz>!vrfBnQd;?ju7rpAXm~r>ouqH)J4W_<**K@!W3tH+Zt=$) z6X*@Z+aGDCd_0~#GgrWZi&82zi8ej+cZK~QDhODD0s>5W1Syo^y^xqnJWaXI;e9eF z&i&D&9arrnP-1nQI1wm&qv!YahS!z{W^k%%e=hyWmoRl+j#f&GC|p7Lc=@ejaJ63z lXvX*2ng@)2Y+v9U$kIy)k-UwQ5GWLdW2a?fk6yd`-vAHxbtC`) literal 0 HcmV?d00001 diff --git a/docsource/overview.md b/docsource/overview.md deleted file mode 100644 index 6daa83c..0000000 --- a/docsource/overview.md +++ /dev/null @@ -1,6 +0,0 @@ -## Overview - -The Azure App Registration and Enterprise Application Orchestrator extension remotely manages both Azure [App Registration/Application](https://learn.microsoft.com/en-us/entra/identity-platform/certificate-credentials) certificates and [Enterprise Application/Service Principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/enterprise-apps-certificate-credentials) certificates. Application certificates are typically public key only and used for client certificate authentication, while Service Principal certificates are commonly used for [SAML Assertion signing](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/tutorial-manage-certificates-for-federated-single-sign-on). The extension implements the Inventory, Management Add, Management Remove, and Discovery job types. - -Certificates used for client authentication by Applications (configured in App Registrations) are represented by the [`AzureApp` store type](docs/azureapp.md), and certificates used for SSO/SAML assertion signing are represented by the [`AzureSP` store type](docs/azuresp.md). Both store types are managed by the same extension. The extension is configured with a single Azure Service Principal that is used to authenticate to the [Microsoft Graph API](https://learn.microsoft.com/en-us/graph/use-the-api). The Azure App Registration and Enterprise Application Orchestrator extension manages certificates for Azure App Registrations (Applications) and Enterprise Applications (Service Principals) differently. - diff --git a/integration-manifest.json b/integration-manifest.json index a9dec1a..0fb8326 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -49,20 +49,20 @@ "DisplayName": "Server Username", "Type": "Secret", "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates.", - "Required": false + "Required": true }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field.", "Required": false }, { "Name": "ClientCertificate", "DisplayName": "Client Certificate", "Type": "Secret", - "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field.", "Required": false }, { @@ -87,7 +87,7 @@ "StoreRequired": false, "Style": "Default" }, - "PrivateKeyAllowed": "Required", + "PrivateKeyAllowed": "Forbidden", "ServerRequired": true, "PowerShell": false, "BlueprintAllowed": false, @@ -113,20 +113,20 @@ "DisplayName": "Server Username", "Type": "Secret", "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/Service Principal certificates.", - "Required": false + "Required": true }, { "Name": "ServerPassword", "DisplayName": "Server Password", "Type": "Secret", - "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/Service Principal certificates, OR the password that encrypts the private key in ClientCertificate. If Client Cert Auth is used _and_ the Client Certificate's private key is not encrypted, you **must** select 'No Value' for this field.", "Required": false }, { "Name": "ClientCertificate", "DisplayName": "Client Certificate", "Type": "Secret", - "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information.", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/Service Principal certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** select 'No Value' for this field.", "Required": false }, { @@ -156,8 +156,140 @@ "PowerShell": false, "BlueprintAllowed": false, "CustomAliasAllowed": "Required" + }, + { + "Name": "Azure App Registration 2 (Application)", + "ShortName": "AzureApp2", + "Capability": "AzureApp2", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID where the Application is instantiated", + "StorePathDescription": "The Object ID of the target Application/App Registration that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension.", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": true, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Application/App Registration certificates.", + "Required": true + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "DependsOn": "ServerUsername", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Application/App Registration certificates. If Client Certificate Auth is used, you **must** select 'No Value'.", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "DependsOn": "ServerUsername", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Application/App Registrations certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'.", + "Required": false + }, + { + "Name": "ClientCertificatePassword", + "DisplayName": "Client Certificate Password", + "DependsOn": "ClientCertificate", + "Type": "Secret", + "Description": "The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used, you **must** check 'No Value'.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Forbidden", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" + }, + { + "Name": "Azure Enterprise Application 2 (Service Principal)", + "ShortName": "AzureSP2", + "Capability": "AzureSP2", + "LocalStore": false, + "ClientMachineDescription": "The Azure Tenant (directory) ID where the Service Principal is instantiated", + "StorePathDescription": "The Object ID of the target Service Principal/Enterprise Application that will be managed by the Azure App Registration and Enterprise Application Orchestrator extension.", + "SupportedOperations": { + "Add": true, + "Remove": true, + "Enrollment": false, + "Discovery": true, + "Inventory": true + }, + "Properties": [ + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "Description": "The Application ID of the Service Principal used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates.", + "Required": true + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "DependsOn": "ServerUsername", + "Type": "Secret", + "Description": "A Client Secret that the extension will use to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. If Client Certificate Auth is used, you **must** check 'No Value'.", + "Required": false + }, + { + "Name": "ClientCertificate", + "DisplayName": "Client Certificate", + "DependsOn": "ServerUsername", + "Type": "Secret", + "Description": "The client certificate used to authenticate with Microsoft Graph for managing Service Principal/Enterprise Application certificates. See the [requirements](#client-certificate-or-client-secret) for more information. If Client Certificate Auth is not used, you **must** check 'No Value'.", + "Required": false + }, + { + "Name": "ClientCertificatePassword", + "DisplayName": "Client Certificate Password", + "DependsOn": "ClientCertificate", + "Type": "Secret", + "Description": "The (optional) password that encrypts the private key in ClientCertificate. If Client Certificate Auth is not used or the certificate's private key is not encrypted, you **must** check 'No Value'.", + "Required": false + }, + { + "Name": "AzureCloud", + "DisplayName": "Azure Global Cloud Authority Host", + "Type": "MultipleChoice", + "DefaultValue": "public,china,germany,government", + "Description": "Specifies the Azure Cloud instance used by the organization.", + "Required": false + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Required" } ] } } -} \ No newline at end of file +} From 71e0af0a5a332bc5c03159bb298ad9733ba37b35 Mon Sep 17 00:00:00 2001 From: Keyfactor Date: Thu, 3 Oct 2024 19:27:13 +0000 Subject: [PATCH 04/10] Update generated docs --- README.md | 4 +++- integration-manifest.json | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cfb883d..992ef98 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,9 @@ Before installing the Azure App Registration and Enterprise Application Universa ### Azure Service Principal (Graph API Authentication) -The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. The Service Principal must have the following API Permission: +The Azure App Registration and Enterprise Application Orchestrator extension uses an [Azure Service Principal](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser) for authentication. Follow [Microsoft's documentation](https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal) to create a service principal. Currently, both Client Secret authentication and Client Certificate authentication (mTLS) are supported. + +The Service Principal must have the following API Permission: - **_Microsoft Graph Application Permissions_**: - `Application.ReadWrite.All` (_not_ Delegated; Admin Consent) - Allows the app to create, read, update and delete applications and service principals without a signed-in user. diff --git a/integration-manifest.json b/integration-manifest.json index 0fb8326..6eabd4a 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -292,4 +292,4 @@ ] } } -} +} \ No newline at end of file From ca4302a8cb2d53f95b5532afc1cdd8d02a69706a Mon Sep 17 00:00:00 2001 From: Hayden Roszell Date: Thu, 3 Oct 2024 14:11:11 -0700 Subject: [PATCH 05/10] chore(discover): Write script that updates (defines) discovered Certificate Stores Signed-off-by: Hayden Roszell --- README.md | 18 ++- Scripts/DefineDiscoveredStores.ps1 | 243 +++++++++++++++++++++++++++++ docsource/azureapp.md | 6 +- docsource/azuresp.md | 6 +- 4 files changed, 267 insertions(+), 6 deletions(-) create mode 100644 Scripts/DefineDiscoveredStores.ps1 diff --git a/README.md b/README.md index cfb883d..0a3aa8f 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,8 @@ The Azure App Registration and Enterprise Application Universal Orchestrator ext