From e5709874bd2ebc175d8b8e44f96281af7754d6cc Mon Sep 17 00:00:00 2001
From: roost-io <harish@zb.io>
Date: Wed, 29 Apr 2026 18:57:35 +0530
Subject: [PATCH 1/2] Functional test generated by RoostGPT

Using AI Model gpt-5.2-2025-12-11
---
 functional_tests/README.md                    |   17 +
 .../.roost/roost_metadata.json                |   24 +
 .../roost_test_1777467397.csv                 |  153 +
 .../roost_test_1777467397.docx                |  Bin 0 -> 144237 bytes
 .../roost_test_1777467397.feature             | 3574 +++++++++++++++++
 .../roost_test_1777467397.json                | 2769 +++++++++++++
 .../roost_test_1777467397.xlsx                |  Bin 0 -> 119103 bytes
 7 files changed, 6537 insertions(+)
 create mode 100644 functional_tests/roost_test_1777467397/.roost/roost_metadata.json
 create mode 100644 functional_tests/roost_test_1777467397/roost_test_1777467397.csv
 create mode 100644 functional_tests/roost_test_1777467397/roost_test_1777467397.docx
 create mode 100644 functional_tests/roost_test_1777467397/roost_test_1777467397.feature
 create mode 100644 functional_tests/roost_test_1777467397/roost_test_1777467397.json
 create mode 100644 functional_tests/roost_test_1777467397/roost_test_1777467397.xlsx

diff --git a/functional_tests/README.md b/functional_tests/README.md
index 1c972b2..3e96704 100644
--- a/functional_tests/README.md
+++ b/functional_tests/README.md
@@ -65,3 +65,20 @@
 
 ---
 
+**Execution Date:** 4/29/2026, 6:57:34 PM
+
+**Test Unique Identifier:** "roost_test_1777467397"
+
+**Input(s):**
+   1. Aegis_WebCC_SRS.pdf
+      Path: /Users/iamdm/Downloads/Aegis_WebCC_SRS.pdf
+
+**Test Output Folder:**
+   1. [roost_test_1777467397.json](roost_test_1777467397/roost_test_1777467397.json)
+   2. [roost_test_1777467397.feature](roost_test_1777467397/roost_test_1777467397.feature)
+   3. [roost_test_1777467397.csv](roost_test_1777467397/roost_test_1777467397.csv)
+   4. [roost_test_1777467397.xlsx](roost_test_1777467397/roost_test_1777467397.xlsx)
+   5. [roost_test_1777467397.docx](roost_test_1777467397/roost_test_1777467397.docx)
+
+---
+
diff --git a/functional_tests/roost_test_1777467397/.roost/roost_metadata.json b/functional_tests/roost_test_1777467397/.roost/roost_metadata.json
new file mode 100644
index 0000000..2da4d62
--- /dev/null
+++ b/functional_tests/roost_test_1777467397/.roost/roost_metadata.json
@@ -0,0 +1,24 @@
+{
+  "project": {
+    "name": "roost_test_1777467397",
+    "created_at": "2026-04-29T13:27:34.368Z",
+    "updated_at": "2026-04-29T13:27:34.368Z"
+  },
+  "files": {
+    "input_files": [
+      {
+        "fileName": "roost_test_1777467397.txt",
+        "fileURI": "/var/tmp/Roost/RoostGPT/aegis-cc/1777467397/functional_tests/roost_test_1777467397/roost_test_1777467397.txt",
+        "fileSha": "cf83e1357e"
+      },
+      {
+        "fileName": "Aegis_WebCC_SRS.pdf",
+        "fileURI": "/var/tmp/Roost/RoostGPT/aegis-cc/1777467397/functional_tests/roost_test_1777467397/Aegis_WebCC_SRS.pdf",
+        "fileSha": "dcebdb1a12"
+      }
+    ]
+  },
+  "api_files": {
+    "input_files": []
+  }
+}
\ No newline at end of file
diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.csv b/functional_tests/roost_test_1777467397/roost_test_1777467397.csv
new file mode 100644
index 0000000..8d8d1a5
--- /dev/null
+++ b/functional_tests/roost_test_1777467397/roost_test_1777467397.csv
@@ -0,0 +1,153 @@
+Portal base URL reachable over HTTPS and served via CDN
+API base URL /v2 reachable over HTTPS and enforces TLS 1.3 minimum using <tls_mode>
+API v2 endpoint is reachable over HTTPS (network level)
+Register user succeeds (201) and returns onboarding artifacts
+Registering the same email twice indicates the account now exists
+Register rejects when agree_terms is false and succeeds when corrected
+Register returns 409 EMAIL_EXISTS when email already registered
+Register returns 422 WEAK_PASSWORD for weak passwords
+Registration first_name validation (alpha-only and length 2-50)
+Registration rejects malformed email formats
+Registration password complexity and boundary length enforcement
+Registration date_of_birth format and age >= 18 enforcement
+Registration rejects non-E.164 phone_number formats
+Registration ssn_last4 must be exactly 4 numeric digits
+Registration missing required field returns 400 with error, field, message
+Login success returns access_token, refresh_token, expires_in and token works on a protected endpoint
+Tampered access token is rejected for protected endpoint
+Login returns 401 INVALID_CREDENTIALS for wrong password
+Login with MFA enabled accepts optional 6-digit TOTP mfa_code
+Account locks after 5 failed login attempts and returns 403 ACCOUNT_LOCKED + unlock_at
+Login rate limit returns 429 RATE_LIMITED with retry_after after exceeding 10 req/min per IP
+Login fails for unknown email and does not issue tokens
+Login device_id UUID v4 validation when provided
+remember_me=true extends refresh token TTL to 30 days (observable via cookie/token metadata)
+Token refresh returns new access_token and refresh_token (rotation enforced)
+Token refresh invalidates old refresh token after successful refresh (single-use)
+Token refresh requires refresh_token field (missing/empty fails; valid succeeds)
+Auth tokens stored in HttpOnly, Secure cookies and not accessible via document.cookie
+Auth tokens are never stored in localStorage or sessionStorage
+Credit application auto-save occurs every 60 seconds to localStorage draft
+Draft auto-save does not store auth tokens in localStorage
+PAN displayed in browser only as masked format
+Card fields use iframe tokenisation and no raw PAN in DOM
+CSRF cookie policy SameSite=Strict is enforced for portal sessions
+Portal session expires after 15 minutes of inactivity
+Portal shows 2-minute warning modal before auto-logout
+Application Step 1 succeeds and returns application_id and session_token
+Step 1 full_legal_name boundary validation (100 accepted, 101 rejected)
+Step 1 email must match authenticated user email (reject mismatch)
+Step 1 returns 409 DUPLICATE_APPLICATION when active application already in progress
+Step 1 phone_number must be E.164 (accept valid, reject invalid)
+Step 1 address.street max 100 chars boundary
+Step 1 address.city max 60 chars boundary
+Step 1 province must be 2-char ISO 3166-2 code
+Step 1 postal_code must match Canadian format A1A 1A1
+Step 1 id_type enum enforcement
+Step 1 id_number alphanumeric max 20 chars boundary
+Step 1 validation failure returns 400 with error, field, message
+Application Step 2 succeeds with X-App-Session and returns PENDING_REVIEW and fico_pull_id
+Step 2 rejects when EMPLOYED but employer_name missing
+Step 2 gross_annual_income boundary validation
+Step 2 rejects when sin_consent is false or omitted; succeeds when true
+Enforce sequential completion: Step 2 cannot be completed without X-App-Session from Step 1
+Step 2 returns 401 SESSION_EXPIRED when session_token is invalid
+Validate X-App-Session required and expiry boundary (29:59 succeeds; 30:01 expires)
+Step 2 other_income defaults to 0.00 when omitted
+Step 2 monthly_rent boundary allows 0.00 but rejects negative
+Step 2 existing_debt_payments enforces Decimal(10,2) precision
+Step 2 missing required field returns 400 with error, field, message
+Step 3 approved decision returns credit_limit and card_number_masked
+Step 3 pending decision includes review_eta_hours
+Step 3 declined decision includes reason_code
+Step 3 rejects missing/malformed e_signature with 400 SIGNATURE_REQUIRED
+Step 3 marketing_opt_in defaults to false when omitted (if observable)
+Decision boundary at FICO 680 returns PENDING and includes review_eta_hours
+Decision boundary at FICO 599 returns DECLINED and includes reason_code
+Step 3 card_product_id must come from GET /v2/products
+Initiate transaction approved path returns transaction_id, available_credit, auth_code
+Essential service over-limit within 5% buffer returns over_limit_flag true
+Initiate transaction returns 402 INSUFFICIENT_FUNDS with available_credit
+Initiate transaction returns 403 CARD_INACTIVE when card not Active or Frozen
+Initiate transaction rejects transaction_amount <= 0 with 422 INVALID_AMOUNT
+Initiate transaction requires exchange_rate when currency_code != CAD
+Transaction frequency limit triggers 429 FREQ_EXCEEDED with mfa_required true on 11th transaction
+Transaction frequency boundary does not trigger FREQ_EXCEEDED at exactly 10 transactions
+Foreign transaction fee calculation applies 1.03 multiplier to (amount × exchange_rate)
+Foreign fee is itemised separately as foreign_fee_amount in response
+List transactions default from_date is billing cycle start (fixture-based)
+List transactions rejects invalid date range with 400 INVALID_DATE_RANGE when to_date < from_date
+List transactions enforces per_page max 100 boundary
+List transactions returns 403 FORBIDDEN when account not owned by user
+List transactions page min 1 boundary and default page=1
+List transactions category filter accepts enum values and rejects unknown
+Initiate transaction currency_code defaults to CAD when omitted
+Initiate transaction transaction_type enum validation
+Initiate transaction description max 255 chars boundary
+Initiate transaction enforces account_id ownership (IDOR protection)
+Initiate transaction transaction_amount Decimal(10,2) precision validation
+Initiate transaction merchant_name max 100 chars boundary
+Initiate transaction merchant_id alphanumeric max 32 chars boundary
+Initiate transaction requires 4-digit mcc_code
+Get account summary success returns required fields
+Get account summary include_rewards defaults to false when omitted
+Get account summary returns 403 FORBIDDEN for non-owned account
+Freeze card succeeds with valid confirm_otp
+Unfreeze card succeeds with valid confirm_otp
+Card status update rejects invalid transition with 400 INVALID_TRANSITION and allowed_transitions
+Card status update fails with 401 OTP_FAILED and attempts_remaining
+Card status reason max 255 chars (accept) vs 256 (reject); successful change is audit-logged
+Card status update requires 6-digit confirm_otp format
+Report card lost/stolen blocks card and schedules replacement
+Report lost/stolen returns 409 ALREADY_BLOCKED if card already Blocked or Closed
+Report lost/stolen accepts last_known_use in ISO 8601 UTC
+Report lost/stolen rejects unknown loss_type and does not block the card
+Report lost/stolen accepts optional delivery_address override
+Set virtual PIN succeeds with encrypted 4-digit PIN, matching confirm_pin, and session_otp
+Set virtual PIN returns 400 PIN_MISMATCH when confirm_pin does not match new_pin
+Set virtual PIN returns 400 PIN_FORMAT when PIN is not exactly 4 numeric digits
+Set virtual PIN returns 403 CARD_BLOCKED when card is Blocked
+Set PIN requires session_otp and rejects missing/incorrect OTP
+Set PIN transmits new_pin encrypted (client payload does not contain plaintext PIN)
+Retrieve statement defaults to JSON and returns required statement fields
+Retrieve statement in PDF when format=PDF
+Retrieve statement returns 404 NOT_FOUND when statement missing (JSON or PDF)
+Interest computed using ADB formula for a known statement fixture
+Interest scales with Days_in_Billing_Cycle boundaries (28/30/31)
+Late fee charged when payment_received_date > due_date + 2 days
+Late fee boundary - no late fee when payment_received_date equals due_date + 2 days
+Rewards accrual for Travel MCC uses floor(amount × 3) (fixture-based)
+Rewards rounding uses floor() and never round/ceil (fixture-based)
+Statement accuracy - sum(transaction_amount[]) equals total_spend within ±0.01
+Make immediate payment (scheduled_date omitted) returns payment_id and new_balance_estimate (CSRF enforced)
+Make scheduled payment returns scheduled_date in response
+Payment amount minimum boundary (1.00 accepted; 0.99 rejected)
+Payment below minimum_payment_due returns 400 BELOW_MINIMUM with minimum_payment_due
+Payment requires bank_account_id from /v2/bank-accounts
+Payment rejects unlinked bank_account_id with 422 INVALID_BANK_ACCOUNT
+Payment_type enum validation
+Payment amount max equals total_balance (at-max accepted; just-over rejected)
+State-changing endpoints reject missing/invalid X-CSRF-Token
+CSRF token required even when Authorization uses Bearer token
+Full PAN never transmitted to frontend (HAR scan)
+Selected API responses do not include raw PAN fields or PAN-like sequences
+Notifications webhook accepts valid payload and returns notification_id and delivered_at
+Notifications webhook rejects unknown alert_type or channel with 400 INVALID_ALERT_TYPE
+Notifications webhook enforces message_body max length boundary
+Notifications webhook idempotency duplicate idempotency_key returns 409 DUPLICATE_NOTIFICATION
+Notifications webhook enforces idempotency_key UUID v4 format
+Notifications webhook enforces alert_type enum
+Notifications webhook enforces severity enum INFO/WARNING/CRITICAL
+WebSocket endpoint reachable for live transaction feed
+Right to rescind allowed within 14 days via DELETE /v2/accounts/{id}
+Right to rescind rejected after day 14
+Portal and API used by forms negotiate TLS 1.3 (no TLS 1.2 downgrade)
+OAuth 2.0 Authorization Code Flow with PKCE is observable during portal login
+API p95 latency meets ≤ 1500 ms target for GET /summary under representative load
+Portal Time-to-Interactive (TTI) meets ≤ 3s on 4G (5 runs)
+API gateway sustains 5000 requests/sec while maintaining response correctness for GET /summary
+Auto-scaling triggers at 70% CPU utilization and service remains available
+Credit_limit changes create immutable audit log entry with required fields
+E2E Register -> Login -> Step1 -> Step2 -> Step3 approved
+E2E Login -> Initiate transaction -> Verify it appears in list
+E2E Freeze card -> attempt transaction -> 403 CARD_INACTIVE with card_status -> unfreeze cleanup
\ No newline at end of file
diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.docx b/functional_tests/roost_test_1777467397/roost_test_1777467397.docx
new file mode 100644
index 0000000000000000000000000000000000000000..4fea55af25fbf64516bc3db061b49630d42f216e
GIT binary patch
literal 144237
zcmZ^~Q;;q^)HT?)ZQHhO+qP}nw)?bg_vxo?+qSLKJ@5C`{8KX*lZ%~PtmI-<Y9~8u
zMM)ME3<l_bT7*r$-v18%?*RT^@9F4b#;ElF3xWMV5JMMpJJ<gQ2=%{fjpittfBpv`
z1_J`Z`~L#X98KNr%^lnryzK25{%2}k>W%^^F;ci;xYJ#8olZRUO+52Ooi<@mbBmxe
zHk4evzb~@~Ej#=}$P_ng-UkbJZAYPn3E}>bmGYywx+_GbJ+BGlhwhWh(|AYj3$0wt
zp%|6~rj}ob@MG{eKQ!_)kVN<-&%pXcEoY3$h3`RHfF^&Gxqd^KBL90C<yKqDmwwNF
zEjQ15V#iIl@=(hPB&d|8MwHMPw1}HpKV-^xMSTe(=Gq#gZ2eg1MrfkvH#wIqchpu2
zQhr-l#v*H88Q!qIG}OQ=;!y1|(rv5-aMa<>5?fvx-e5IZNc(9|I?=QY!a=beP7+RA
zA(8x$bPn<Gh~b_e@c$tf3MleF{<T;*uvy_jfEu$ffsp?XXa8@uuKRXew#HK`eg77K
z^e7I)(B!m=$#`^>-Sj2uXn59)1(HtOww*};r-&odBkk`?vRIB>XKlIipIJyw-*`8@
zkWmI!!>9vEDYxqafz?K3w@V>`wKO+3v;3X>zWaT88uWA!NAoqlzw9|^>AS;2mK&_X
z)cgB+dvr1vO8D3Ha2US4o)F@2#gi5}@J;Y{EbuRHUPP)JamcW?9Ku|ED3i;WKyM%?
zpVMu`Tz=2V{XQ?G1Ho{l=hQ^a-Klgl-}X*CrE8PZktM7nO1LwZY=QjXhyz!yH)@kF
zro__D!md-|Pg~qzbd;%A3Myx(yQzDR_=CfN3fTQAT^xo3NT9@84=iW5bS7x$*P?uH
z)0yuC%x&MB$PR_yi#`r`<Rb>?KcV+z(Ey?k!k1{P+`E&+-i*a!$L;tq#5p90hizR8
z!6Vr_2*=qKc?ZsaQCs1K@PPaMtI>V;<6S^tGp@tayXw#U;2Gtf-`K$}25CsgeBt^j
z^7WmXVzW~p(bpj(N<8uQ!BgapQQBX?<L4E`StgZS=EhEML(i7BQ|Vo}>ksf-N~qmW
z>-!bKsmU$F3tXPx?yZH&-F*OLPihw~`Jt;v;z6k6qu<-fZQ=-SeE+`0J*ec+VcjdC
zUkzr@yIMG|ebrPKE<hFiwzW*<>`v|R$iQzSUt)y!-@Uo#CgbkK7-NsBaQ;BjwjZFb
z*Dj$e_TNS5-TlxlNghm~AZx@BCTi2kvy$tLB)7IF<;ET0%S%@vv3m~IpK#8vfYBH0
z2;zY)dzR2GGr4)D=UtoA`OJZj^X{F=72-*K$Ds`fyZDF|p@R1NF6C!0GU~@Qxz_Js
z8-KU^r{<2KZy0m$<`DN`F@GQmz<W!Fye|az7666`drM-J91_XBPI&WB7AUuTM%lO=
z3uU;ovM2P*2p|-B3sYnuMUFk!@Ou*sPzZ(Y#;m{7i{XlXFopK#I@CQT?6_Bh6m<AS
zLjLuYTT4_l`N{t+7vTI<{&@`KjlNm)c(GjjPC!(CkIW*Q-MA8^gc;)MlG#7ggAaT^
zhz!LPy#D)ra3E;+8%}<+0O<J2ha~^|WK^>k9eSJ>2AJ+qAa#Kw{27WsRLV^;Y~Eq*
zcf~xMZz6DLq3Ax`jD<{<{ueO!knP%~BXGUe3+cGXEl_ik=pDQIEByD=CmXIn5Ep(x
zN`MefGW4J^KrpWL7I0*?F35)U@}*5^`fzW^{?MoMlQQmo1hH1-`>(N(G{kl<_RR1;
z^^x{;XpJVZ{;mBh`frp_kUGYa=$Vn{GfI98=2c;iI2It4jA_7$Fez3CY%;LuhW49A
zFRl&lgEGFas$w_0E1-8amP&ifk6E_e6PrPiks&|zC{|U+j!_YUa2L-I;Wc7b@aIS{
zAJI5%Ko6&<sGV?bk1N>;aDhK08ri}0{nx-CpwnsF=yHChe75e4hq7UBhqra>r~447
z;ltU`%*2Txphc2C+Yu4>zl5L<k4*U4&YrTDy1KGPQXsaA@=_{6@=HeIcpAMfeL9#e
zPP}fAbe94-7`uij%;JgqspL_|Pm_SlOH)r*K9@Jet=Akk2<8FalzO;%q`<@gws+vm
z0O@|QT7RbxxgY5}k=IY$6U&M&E2yVjxfxI4is+ajahUCzM{y9ceJ6T$b8*#@=m_}y
z_t)tvP@ez2Nr4Du{d?!yp#NYjaxKFc$cF<m7d{as;o*Y2@v9aaM*K&ezwMICL(lS1
zV#)iw)J+xcXF)5W^d2FypsoBa4`3dA6nVR>R<0#yr1nqU;DVxaE(RkZv#39K=^F5*
za?-juBFikCUl7paylp^a$dW`zBJ6_`$}{$sSaRdq`*3(1ircl8+>`et3UMLQE%Q^?
zP`|ZwmoNW<q4@*!FW9ku%{Jh{DKZ2%0m^~Dk(;gXjLFS7CvFH0VpEh5>9m#wneDxZ
z$|-XGFZ%42Cnkbdl8Rx$f(H5v{E)yK;umVtzLX47yiQ)y4heKOLIg^wkYelZ1Ro5h
z$(x%Gy~ld5jB0L}LK+0ZG+Q91E4}k|hltx3?`#i}oHW=Zs4ggECfH&}G!bu1?D82p
z4i@tMB&WMik+q%6XiXXJm`Qi&qN~4PZz?UMKryT>a>UJk01I>vFS7FC0LUeH9nuXT
z!8Ol%ZCL;CFwfA|w1TogU+~HnJwIlP4DR2$_gHLeYNsirSVGPP+^k2A$rvL_Q(XSk
z{09-qw2nYI^<IO`_#7ati2Zfwo<hH#ebUU^s~YMR-&jQ2mSD+D2G6k5Xkk!@%aRb!
zlPA2R<9?(d2yPCfam$6{Ie(z<rG9}aSdFO<neg`3fmp?<VB1!>9_?$kG0UREJQIfU
zG#?lI{<#k6I{Fz?eomDJ<C+Cf390G`QZnkE>aTEN7gCB1wK>JhFPOK@MbO)9Dvc-4
z+nN3D+-MYi6%6cp0P%byya@9VK=#*w2T{R~{ej=@#Hmj#65|#s@b)>KOSyE4?c;vm
z=x@<Xa3=yPqN!(V$>A(>URaK!O}O9O2;2`pXNLsa1ng*<-avF{zjVo(=CMiM9)pJ>
z14ACO*Ghksr<C|nTJNRy<q(D~&MvqW+x(pHiKm3GZ_k%+W7<%~Lu|Zy7rMwVb}MG!
zTSKPf-uXJHILg4mZNr-l%xM-JK#c1EuA>~(+RkVy$1_a8+hOlxYkxR@T6~ZDBm0-V
zGe}tesNdD^Xi%vd@utWY%@=mgvvf5s@&rF?@@K#~*+rL^;M_gs`fR^o*yI4>UfyN3
zb)vB_whSnHYCj9*Ms7B4T_1`%0A{hP@g<I_d~|hEhg>-4-OQ93vIAlS))W*4KrLQ4
zQWOt&T)XU7L|kO7aHRhN=gQeB0qVi|=2u`O13W)F!lJSdh^Qkc1>@C1$dT5*YOISX
zd@ExWb%Mjfz{7ODl7}x%iw?jDmaIAjMrh4d=o1@-!9hXh|JMt~2ny!RaJZ~!gNB5E
zYv*xNC&e4N_7d~^Ajk6}!KC)_7J=HG`*we18HjyDlvBc|&B&2YGX-6w8=9N0it-+o
z_r<b5w|A@jO;8V89!iEc5LocfJP@+XLD#^X@fa~!_wI1h{DWo^e2z`|1o02^IDKi4
z9p19ZdgNZy@K+5`OWgZXj($q%`_<oaV;3_^n)kMd^LOzq38FaE#Lxit#fQJYBgu#1
z_^AANzwT6qeMvT4ZnGg|Fcs9lADW&`d@c+cjTCfwZyi{&sGk0>u9Ei=-^=44`f>S3
zCyQ_Ir?XATKq_lboG&k_QFBb98PWfU1gF^64o<nFKT2J*(xO?vo9@!8rVW4m`<}I5
z6~oD~kY$~|59nlPZ+8<WTS8lFk237v?e?_2f;*%zXR>tJhoIAh9i#4TAW-?-&Fd^r
z*AAg;iPynUqk#0np~DZ3v9h$$^gf)uYPT7l!1lBLymyVqI^MIuSp?w<f>Y8+Z%@e6
zITBVt0h1-;4qIKdSW$ITu`)V^MxTB5IK+$#ACqu8u!8?B`1eR#2PL}=1vqSi;}1gu
zNl*Zsn&Hgt;O?f0;Y-}lFoguQMuEn{U=s09mJ%}!J;?C08Sl3+Y7ax+r*hd$;!5D_
zLOn}7;Fkr<e8D9)Q)gGcqJS&IY~@F(9H4wCLjj*=Wf;tkg&y?reeC1mU3ZWO#x4Vy
z>+I;RJuRRRx@4q_aInNVO5U0K;K4J_piVD4Bq#fW42Iy}G`XS<#DGWy!fho?x6|os
zQ4U+atN+n#bj|n5vRi7B?D7Qf2whFn7wmlnf!n^+Bv}^qn#J$SwB!vHG{*Ku3j($c
zdyr&Nszdq!KCkFNQs{-D;No1sqa1A=^%BDpXGsS$+?Qu|Gb%rXYJZQgy;~B8K&Zw!
zK`|?`%I16kN#w?)NnHdF>D<3={32Pxqd-+k(w^O%U$r0}=#<MxyffCldxRe`$*%S2
z3o1_xr6i&^?%``V_hk*0==VsG04|3PMT*alUY<4L1|EA?#*CPhDCfJfH}8TqReeMA
zG#}(sKv9!I!?^)IvGDtoF%P20B=zm(#lE>=Fuida*ZPh)i>y@5D5Op>RE^A#(J$3*
z98p+5{dSl9@iPmtKm*-A#FcA=T(QPQ3Ia3w>eD-@eLbV`-nQs9_NMJ<ZPK<9Z{Dm*
z;KKM1io#te@?y)Ge1yMo`vK`M@Leh7N`i8-w+#<TT3GTt?>{+3z>+~o3;vvFZGRE_
z9vpZPmO4x=x(hERC>a3Thq*8Q+pR)L4$3!$$lNBC-Q8y7={`H|+9W#)7X_!rUEqTf
zuJ$m<$jQA_T^rTA?Ab{GPU47yOt?DIL0=_nvEPNA*nge?o~{~d><j~=tNkwN@49EX
z39tnNpc#5pP3?gb8||mvxr2f8YsRHT_e7^-b@A0qZB8*zIkIKW94RVM^s;LW_Xd7r
zO@`#|6Gs`wg+lEVH=43A;b+<?h27L)nXY3Kf8|FfvzR?ccWygNq1A-wG$9h$)wDA^
zd_^F+7KT)rOCuQ%nAN=sn0iQmiMTL4cVL!c_H4r_Y#|z=2EJa1=|PpPdNy7QkWS!Y
zQp|qLqFkfWXv~BFI8UX!KPTabpnE@N8>RrTr%#$(BrfK$PiSv`pM%j!Bw>@ZCHft;
za157Ldb?z(DGs_*;~S_z>saHD#~yo;_#{G?ZSx-}t|ZBYNis_=SJSOiP1y0Mazm@m
zYb;tX1IgOUx`X1YS^Iah?!U~uz%ln_KoDHBecc<v7%A09R`gktQLnrL@BI+C**bEq
zZ{hyz9k#?WQ@RmtB`2#z_BUaafMJ*+z|HIwqjtjTA$^~0<0Jj-$L`}$>|5RYH6#|I
zXdYbKT#Juihr<4@T^*mJFT_uA6V!6~bND&WdmeIiKJIXFJ0av%dESsa6EY-*b%q!=
z4NRm9*y#OPgliPZvJ>Im=*+YZce-xbrI87HT=d9ukzL$=bMo(eEcc(XG9*8Uhw49o
zz7uq37clUdt$HrBX+_y9L{htQW*z>f{U$i0CuguFGnXso5DhqE@%f@HOs-6ZQ-tbO
zgwPXQm@)d<5j>=asaTci7A$t=HOCzGz8d8$QP|7@|F$qdqtradSx@dV4a?Z}Lqc5p
zmlC^hgQQG+7+H|xf8c{j|7%S5C*&o|HF%tC6Sn?$3)0V3u`k<y{L%PY5y7y38+Tw0
zp%AklIzN|Ii)ieUvU1K(kPoZh>*xDp*U2&KH|;gV#gKJVaNN*_OY+j>Ihg~T)wb=U
zGDXD4ApN&QCUo#L)sxuesQ6N}cFl~Ie$+jf2^_Yg|7DO3;;(L9M;0;%ReKi5MdAg%
z28I6m9K*wWtF2^V#;we%&rk{Yz0Nc<-JYf3!uA|mbK+n9-oVJge$;+JA%1^7y;2r!
z6le)BO+fKf3>nSDX}APdW?YE;;6<s!HcjffuPD%~16a$NpI)A5IbJ%*PV66$!%a^2
zV~a9W4A`1ZbK7t;s?q*ta8`KmTwi}D?Bq!*7}8^slfPQ&W&kLEI2_YFmib$`?RRJE
ziODc81_);!121U}9+3m`NsE_rb)5ju$5`6&WyDb1tU@@+5wg*O7}%Zwu%5j1um@-u
zHpP#mC)mM=7jbj(N*A!eZt}+p5#+^^WUttz4d>({&n6Z|O{XFIoU>22A_NV`1BUVN
z1#;WkabAfXSiAk0m~t><CZhdL^k#vFaNIw#^Acc@W*#uPYsstD@M1d^E0E^==>0|X
z_bl=C#`uw$sebm$=1{q9=}S)*+Dd+s=1OYVNUqePo$7+IS%2`|UhIo#5geQGQ%0I2
z{DOony5t-)fofcB#ZSVjqVBR2rqu!QO@rq^5DP9P`q6hbdyK4w65_l=vjDnY)v<IR
z4mbC|$!skjkNJ<Sxg5mu&}STkYny=_Zk4fPUB!ecb2MVqG9R_<TQR7Mp($_;20Zz)
z;9hnzOC52SI2&r1h3rBxxSCp|p%A%RKHV16sX4{E!JXyR_VCCC`hYshlDwBNQ?`6_
z`t8#PQWRc>ax?XpdXz+m{Ruq0=zg)H6&`ybEiG|H^)j_KXcv5r{an>O`9Z5TSxZ+w
z%!3<qtR>{=hnQr#UQVwXzaZ@$bcdD!hK2V7_&@3xHKsy&?fpKbwcNE4UZC<qby-az
z`UBaaWr*}tq{rG<a^6a$Q=~+U$;=Mycjz{fxXu7%7*nxQw_K5!mvKY4`(@GnDrMV)
zD%16Yu%feM`wa9XtO@A-VPeh1reeyA+sAKfS@8&j;7y`D7qH3c&a~RtT6=hHG~UB1
z(gGZ!zX@KKQ59d&6@?^BV>D?VjE`=Exy6x8ir{mX$XS%{vzVa^yO_+1;iP%CSruoD
z0q@SRr_m7|p#|;tS_Wz-O?L47=xQIt^Gl{Yf$7mM@CSd|mpvP2kg(Uy92l99{>nWv
zb8gRH$@|UBS4@U|%P&xtwUqW5(}s1xgO{zNXLE|hgb#r~KO&rP#8)QOKCKu$n18JF
zba7_OE<%okgfE;o;Cq*=TlnZ(7BFlZ1?9oq<Y5|FF$=Gy{;n5C?Xti$4M^~ox7jh8
zMi6x+#~Gt^9l+*ON@R62^{hZztLz!W&)VAkh~U&v)ewYYA>_-<6$|qu9BrG2moY>4
zyOdM2@39t?qnD<jx4A_3sKkY6e<>bLFCv_KFUWkP8L8!0(w)n#!Cg*lbl3c8ETwhA
zesa>MXeI_U>!iw_nJd^36Km7>!<tTJ?N8GhVS?NisIX!%^*n><*y$j9uB1f5S961f
z0O4}tE><aOe=F$Z@35;a-;pOuUx_AaAi>=2c{dFn3>3*W;3CQoY3j`KtkNX4$#%L)
z8`2}woK>rotcA(4iy;?Mt&`=~fu)}bC#6;~2!<1fB>(qd04t2IZGCKyql&Gh_J=f|
z7`!1aY=I@pS`d+$`PQrPZIRpG*YEZ8^4ZZ6GZWK}$?RQ7WnCMp2phGGG`E0a<Jpb9
zy&x!N<weqkqPqeSHg6~%_;xZ&_l%jwMV{3O5hY>GN`j^o2WF_eiP9OiBg*)0lp14(
z@#$@XA-HKHPz{6A!V;Wz__K4k;Vj=wROMpZ%|D=@e$T8?-a(^qGvT$%=F>$oh{b;Z
zMNM0qnhjW|!fjw)iEBz=e%xbTRo@vltN=t{ED71cjVc&x66Lwd>%Ch@^agPmUN>4y
zzr<Y~g`C-hO%5NFxtUi>&PkrAU@*TovUEr;5qJ1{zLE##jMxgT?&ThTOAWndL}gQ1
z86SNG=)+x2O;UVEQ9OU(vu!ga+NX{~6S25tlD}3`s5Aof{q`WUSour0M49m|0zBq&
zjuG<Zten|OSpXoeZO&%%XZ|#zj`&f{npkI!Vf?EqS;#ncI|<)0eRvm9oqLhzqIV-N
z15)(<zw}zJ#B6`<ix1(E4&pH^E%||i&v+p(I`JN!M*L&}@t)~FQF@zBiyH~|HWcbr
zCO)&MWe$HL1s9i`WNaCx<rb5Inz}^*<qaaT9rm<R<)m#6;se#}NvhG)YRhqTk~?MU
zOKyR7K>~Bve<@k5S`a7MnJ9aqM$zM%ELLNpUH>ijhm$!)0K@eSLs#`}nl46%K@Fk|
z|0?*h*t!lZ@6UeeCWV0^9M2HBMlW~b8s>N!Uw@RQ&vv~03(F>qk~c_6rc-vo4aF}#
zCLDZ0)uyioiBx-ob$FwhbhD`CY0v%+IPJ1RV43K*UL+j|B1-ww;s>BwIzyfG2*wOP
zdTteGm^KYbbY+`nNuQ3=VtCH^<?~tr1xsfNQpn;~zcTu~c6M(x0?tiGJhj#a<zo9Y
zh)|UQ3w|M{LS`fxr5IrtG2}2RL3?Ph(F9*7XPE`&)(9S)6Nme6A;Is`O5{;&?A~7C
z-_xp^lFVlKSIcSN;@>VLX;unJ$w7W=l-p<<dwypM`JwcQOdnztY|iw)>$pj|GC4ei
z0y<jwUr)+yT>m4jMMtA%Rk0hjiP_;k<mGej$3t8=5E(v%KuQfX^z~!UE|$BeMjFFo
z7dQ0&pKTaJJ@&1c<)}(d{H*~9r^mRERfgJ4^tV`j!3U(2>kIuxaQu4>&8Sn`YCn88
z_5SwSM|F#`9vega#aH_zjyQV9z~>f>E3?QBcQ0Mg<Fy0(!2XuF_z2sv)_)ET!FU&k
z!;xh~*z70LnX<??DzryCUTs*B0$ei2QIhkeW)%%MBngzN%smCZf!lELh)<9n1>Bg8
zmLYq=(d$&toG3Q(&Q&#JHUYIZ_=cLGwtZK6Ynz(s(f0+n0W9z__*NuH3FysAxarLk
z-KwYp<t$ws;fYmpLWl>ZaD?B%4+)e+m8dm~$utJ!zHmxwBsH%R1*w2)!}QnhnqceH
z+CMBdG|)C|x;Pcp4(Y5f7OYIa!YM5tXw9MOgPAvO%~$)nD3o~*P-WU+mUXPn_a-24
zWuhufQ0PkVD>yQvMpj8m=b-e@EJ@I$RRMT9!X6O0FkQ*3TB<1}HGDes9JiJc3+FCA
z7e-9dBzvQo$81p>lB=Xm0LlJLFPjmhV_5Slw8W}u7LbVta&|40bFM}IAEX;)rNr*2
z{epyp57$_0>6N{-vI$Eo7od5oR`xAZUlx>GWotp40GVZf>JwEP$y}9#5>P+80Z5E?
zL>sER1<8pot<4pJ{j-@b!`WT<0ZNJEGkLEY@SIFl)Ri(p?_DG0F6?dl`X98yOoDI!
z6L#`;O~!S}hpGBKq=yx_H|yZh)zr=TqQta+bT9aY5TNZgRa8lQe(Pa89S_;Oj5@@2
zCnokX(T`qQ{v$_&>C)#>K~D|T+cA^chyGqxRbovmrEBmenV2ZVOP;v{1(owv4b-sy
zJHiEe<|K5|;XSxY@Y4{ff1wNl!_un&=D994?&_HG8TFfNzHP7ba2o0f{r(wUN8UeR
z1r<u|F<&mJ8rxt8`bHOGi5>fUS2rUGyT^46<I6C3q8JS-7)qlYfWQ40mx}I<3f#4(
z6>tv2HnyBq#I&ZS3-~U%ImAZ^TOT|h?%N8Q8JBl&8VMw!_cPrW?B%a2eYW87udg`G
zU6m<zKHBL^t~kT%0iv0`W&cLHH~w%CTq30;e1<Ykd?lrP3R(*}^4mDnvp8E&0YSQ}
z1uPHdy#paQp0?l!>ST$#Oj{jD+W*rbo<wPkHt&|76KLeALsFsMPIHzYl?az*n38v7
z8W17VJ$5hbjjG+zr7Ts!#&#Z(6M8-{iWNan6ymdlZR{<`g`x`y`KPU~w~yk{qqd!w
z`i}etIhb^-2%-@pC2>!VR4StA+^yBQ0JA3PPvAIK2~oj%9Zua_UPx@vF+6s0@aUUV
z^OHKtAjzS_tf#TWpHX#1wm+f-wvtkbmm$veVnJ&eg-=F`8KK_JyfUoGvCZ~lf!ay{
z<@;vjNQfI=rZo*y#lr{hb)_s20g)gvCayDvUy-OwQ`>Bul!r2@#4Wnmtb`VimfpJF
zmuk{2{>U+U4CY5<p{H!Ba4<ccy|F=$mlhGWWdl#$mwaTFBylc{E?ruyev{FpG@MYI
z4XFxMmvY^&gE!lmc;mv%mM^bgYD}Tn9})MVS`;Ut!u<mi>I~Lnh8Nw!r7%&6?o@iF
zdmvGy%fTzk>dPB%gKxveqEuR|zcJ74`*!g@vvF0E`n0rGamO&1u&2kAX=&UxlSRc|
z8rPj7Vo2IoQCIz9Ce3C52J42+fD%3JOn+q`QJSVa{2}3O9dzY}<^7w1EPh<7jMP-C
zT)^-f6Xx7LTJy<rU*(&7=1v|)P!~;b?J~a=f$4aGRpx9qkyGq{F`r8wGFjmXiLsLI
zv5rBPqA|=B8!O{%bqXa>SBtGCf+D{NHFxnrJAuaCm)$vpG`|g>cLsI|7~!&=4{%{W
z@5BeW8ZU((^mfWFsuxm{#CA_p{@<XUws3xsws0pO5ofcrUuSl-fYh{_yAvX>FZ$}J
z-mE*+SN$!~Vj@ehjgua%J92uOcwwkXS;?2t2A*&NAps|k{p=xi6+2Pm5oH-0qVj0>
zjR`(n5E3OLD}CVuq9T{e>Tmp9RLZ6(Y(rszrd-Hg-~mpn9utFdb4XrIq!5Sh{0hTA
z5Eq3$=JkNFk{41F>4PzAY*{u(Fv-;_;;{%=WDgsK3f-QJKm@!n)Z&BbVV8xQBoSEn
z@zv{5gy=HDfKGD-KW9!ciOi8X`>cz{kuu5oP=Q1tzYw`uSc{2ox+1H|*hbHpq&!A@
zkM+R|w<wnmJu5?xTt<)^qRD7P>t?#I$Qa1|<sd6s2TF*!Zl~Y&!|f=Z(MZR1qH!fP
z!=@~tRQT_~v?n8ca|R9#)3JmHRaMf$Xe4dMKvbfSv})DeBGh}<VqNCF!Bb3kOz{Ty
z8*OH~Ly&Mvhguc-d{m+HxLRa37I@{ygJEyTi_YQ}JwclFRBDE(x?XK*ZK44jM^}+Y
zqD74YFv|^h)2@Q7&kiDUt{1TFY?@k2GMUY3=xoeJZdJxb<7LU@oS8?cSqN|uqM)c#
z<d_d)tv4@Gb5t}e^!JlxQum-DFY=|uFX1ZEMwHpT&Y9X7LLI9yVu3`Ah+^zRj0dk}
zmcKaI1pBEjLaP2rrD?v|T+$tNwlAAjK&)FC7jmza5knZe5~}MSBnGoFw``FYo6<uZ
z9EiEo%EG7=wne6&Fq^Q-WRG2jZjkHbIvEw&5QJgoLXKL}g{r`u+leZ{w)&3a@bU5!
zmODq|-#uRqzp>&K+ZNWx4GUG$)GlUjALORWZEYcjwTX0br_$UxS@TJ|f<D3+s;29{
z1<Ak)5U-L{UN=kjTnOdY4+#KyNmBpd(ZVy}a!Y(4S3YqSvJ@5@wYXBokGT}<MOfbV
zM+#7v2H>UmL>Er2&>SPkIEFtna6COOW9=S(Jb6HMW5-FFA8z#5D^MotA?GU)IjbuP
zxm)Op0Cypsq_sz?F`p2Z+0#Xdr?*%~63vaMbVloa4~AzFsV3Ly_u&#}yvK9}4ui0J
z*mm@E5h;L-)G6+};C5wc$Sw&g1D}%e6_&%acczlL`>zlt2(-ivTJr#4Bs&T^m(qXU
zxfos_bYh@AU?;m3xvlq)kPql!c5{?ljp1Bg-ks{$^DK5K>W>qtKux=wm!suiGr2Qd
z_Hj_yt$-Ser>w0lRTI;2af!WLP+3vMv-6AGtmryRm;KiVQjMiF7p+Ggxmi@8zhbPV
zf$`aT{Jce5k0xC4^Ma(6_zA!~tl)d4NWP8lWS9DO=?Y<!aMpPykAkQW(Y;2ZXs0>9
z70$Xwc(Lz|nAl^|u6f5ODenaPdwPAIevS(j40-pCXdpVeTv9FM%5n|}JKfPhZP<>B
zFFC}b*h7UjYv*64cXZvNCc7<c5)|-K#%V4@mxK`X#1sS=w%-yA>-i9$ioJjni$k*~
zu&$1zL%=-XcG+Lz2_&hfd7a=JPt8&~|8QclAK@@I)y|W$PNbxdeg$XULQ0!;X!-eE
zt^JY9mOF{Z!+x-f!c=ipBTE9MF43<hfe8>}xw8Zns&rnBQKwboLsTvF_L9|=XAJ>e
zTMOT*`a}tg3B^@aKdCTMV6oKBMfcD%W`wzA3yAkiKwz%2t>!U=trW^Vj`>Ndqq0BM
zH(;wo|M)SHE~>>t8d*63TZk2AgwpPR$9h+QjCY%dqC!^ar-BEWAf-3AdkH6nr^!g4
z?SkX_x_4yTL@q<@QwpJAIk6&818*oJhINU|ajTU6pAEhIXC&Ox&ajghrOtOI`(MO0
zDouD1&6ARXObm2UZc2V>#bc)S*5%?LIKSJkA7fIq?6kg_<=?Z<q-wt1>O{9Ot$dAX
z3#SHpy{rl%heJ0y$GMNc5s3A=rsk0=3#R?Bk!k;>4i(yu1TB`Wn5NWx;+}sB9)@&1
zq5m7tbSDxJXPhf_LzxZYc5><)sGnC@iLlx%1qQ!u^1S*JUGA<<GaBg*%!A+a2DVJ1
z(}F%BED!3(PYjG(DNC>tEtlU8)@cp?;SuOc7!hJ7R;|4E3Gw74Md$(Gsw0gNFBCTX
z);Tj-w-_BG)#gC7AIuGD9SmWqV`nVuzOWJ{8qF^xnu@UUW+~MNL^LV7Osm3F$QznC
zve`B5IhaK(Yxp{1B*FbzIV+gEcrgW{ixT`)OPtZHIblh<`U!Wl=?Dl>l=dcok2BVz
zQMFBE<`dK{NGXZOM_{RPX*vk$7WKdNM6UG=D)~LTi+o(gE{#S=@!(w>jV!LYoU_yy
zTenif<5UOzTZ$*j(F~Yjo%bOwnu(KFbdJ2na^EBR+g^ryz0l4cuZMT^&9KMyTJut`
zw&?JpcJxo<Y&0+xY=!oMcrS#QXTN#3mmWDw8JQ>^xgWdB-Q9&B`#YBx`$sZ~Z>_It
zG}yHLCp4-9$~o&wp9*sMujj+Qc0)8crD@|0c+SQ$D>NNvcMJ3fePmcuWsD7);(Ukr
z!<0N0@)!^9S`c|>vgFxIANL6f9tBe))S#+y6W1ir>nX9!oxB`O)J7KUyTpZ%^n%Mk
zHxOq9vP`oe?~bD}>|!BHtJeZ?lx^cqAXkvC+P#-qbx=Y)o_e_AEf`D=lsg-h`QZ){
zmez-?#E)n1g=SDN(Yz|z>mD<*_9zbx-A6^&%wpbyq%WK^Py!u9@se_uysAfv^==+u
z*`g(Bu%6B>_=lI85KFyZi|6`@-})6A-RKF)CaA4g#$1Vu1<eyPuU>d#(`Lg%9mvP0
z<thsJkc`knS*TU|8?wBE$8)5DO$I#1i{3i-pWQFz7q~CA`npj>yfqN7=DU72U;Rh9
z0S3J=Lg)h!H_!ODzKYhRnqn{FKfCi{pE|+1@iCq1aR6z)rfN%+8Iv^tXzjhLDbLVR
z)D_ebXJZi2=-cf($}e<k%FGvA{IUU3hIiv_o$%Lgc;l_H+RhrmVvwfhCi8*;f5}r>
z=U|m-d^Xz!9j;w%80^ra31W?581VXNQ;?_H846rwhe#151ntMew>*R_K>#_8HsX~&
zwQ!T+N>McqWrtewY`v=ro%Gt4QRx>C`Qs((E}U=dzm5Z|-~Eq-+L!U#2=5|+;d#h9
zB(z_wo0}%iL2O__I0DXd!wo9EB4mJQpD$=TGf|om&aU!3!f-&Br90sOI)H1b2s4uD
zv7Q^pp4WG?q)jZR(`IlqgJ#m|fXukRI}R+pEemGxuE`X{<~&LlnBd|!pnf$7zcdQW
zKZ`Ock4KV6Je1=R_(r)f<lP#TPF7}N?(7wDeGd>jkm58R3^{Ts6tuKgnSyqPgR>K*
z&c9WtMq%9|iP#ep%!(Jn&d&Z<>>>S^g>k{VQ{K;v8HRqv08p~r1XH6qdTxI8$2dG+
zh9~X<ftZMC9W-P$+qg<W&mz2<4rpqiilP5(5CdoKdKX4}z0~p%Ij~P50nZ8ia9P%k
z=e@WorGn^e4}E~hmdo0C&>)kukG}+$slwrU>y)8>yuW8yguKx&^vSy`5}3)6Wel7^
z5-4xh7Ww8G8<e6Z=IR#&-a<Q?=h2{U<S)LcQ6*2M9Sczm;Iwi&Mufj@@J=iF#=d6m
zx!3Yg+b|p_+Avn#c`_V#0BnP#QaM)0rA|9?Pn}BZl+<lGlUL}V9DWNpZ6@^lv(iPL
z93zRw(uKpv^z@MN5v?W}J$NjN@_^+Ce@+07iHJEpEA)A51FJ}eh7f-@=_Kl%?~uW8
z(^ICP;9Ci-!6T}RYjtcZpQ<c|!`ek^F^Zb?(1qZS7H=?zu@#?C3d4sk9#!EX<6(-G
zgOJEW2%DTKUoLK_{g`BV3k1CK#jTN<CsXt7W6hUv%feK|c+;vR(agyo>_@(_wj205
zdrVa1&PI+Ese+2uV_tBnFr2!{G8?XGOJ8%n8K+)r@;^))8<7@quxDR8!|uD?5At<s
z-?1k5GfAJSV|-uNMkyc1_<nbwfCApFg@SQc^Vvq1@hPf$7RVk)pS2qR|9`@ufMDOd
zdm|^=eyXIH1AE&MVN{O^yp^rs<+GcFzKY&bM57D)5PuIro?+E~o$9`iizml5wYa<?
z;AD)8s&bUNrZ`?4I{v_=`QR|KPVt#pAm~Pu31XT!eVd4+h?00tN=`LQRz2~n>n)PE
z%bA3+UpO(oc`R-Xdv5>^ZU@~r&_ULngN#Gj)q!=d1c(||+HBGQ9Lz|I)nI7&>Sa2F
zjj-1BSoHW^(LFeVT{ccyRjM#yNpH-07sIE0Z^)YB=9n!p9){KBjn^|77Oh*1K<Z=F
zbxP#K-!lAV?IC-68z$cJ$&#&Sune}xx*(Akd$!bLGqEtaA?4@~Sr9oDA2O~}KvXPE
z(K|Dtn5a-ZRK_}PSjlA_QYy`=7T;g`DTc>EM|6W@G@1@4C`?&QJaD=EN!3FwPU;$O
zGThn0SZ7l>|1zmFVfCEG_S{Vz)I^y^Ksn*Y2>pNlmBgI=dbv2tZmlY7uT?FRS;yBy
zFlJ!RwXkcON?2gJVUjova3YSH&;^DK9o$uVaod1Xn{^-MjA;*)nfk|d>(yV6haY^{
z$2+|D7Bn>p><_`f7uP!j_+;Kg&fh)=D<ks~j-*VwPm**tL?ky9V*4ekJN{zoOR48h
zbu?Pe0F7T^^q7f_4rOHx%|so)UYDK8XwYfiHw3ZY48$SrD_{n+<4Yf4=SqWSpKTCv
z^(op4T5^!7FA8#$D_&J6H4v{MdA5W<q=`34mWmpFo6d66yRhTIqhxt8%?X;-I(8Bc
zCwKx+_Xu)d=;3<tyPK`i`a3hmY0s4EbVbz3t2&|aZ#+^b2cLu04lhc6<1k}4cB8}r
z=m~wDsjY<NjyD!D|5;=()HbK|h`EIb9Ys){<`ULAQ>o(IC5S9skrW5f%1QkY+%(6W
zeMf{EF>5S`xft<-SwIXQH_MYc;z!Wv-R&c4dG#J}v6p-fV~k*Oi6vJMk0{wzD)5%8
z2^ZQ{3i4P%G~3@I5O&Z<WaIdKSR+nRzmz*4^M-IRcqtF)DJpE(7`o82zTg!SVW{7&
zS;>CT&b$359P?!b!>M~X57;#p0+8f7Cdm18b6L(*_fB?Av}Jn3vvw-MTBh3Nn@~T!
z0T0gkC6>^-s@1NnK#J|el`1n@Jz8>$P#(|!Nm+H$J*($V{La+zThagot=nuj<J2Cf
z<UcXay0oeym*0lY15S=Ll4|KQ?y?d}no42tPD1Ro83M1WN&azt+7ZrX9SN!Pn8J}u
zE5H>;#r!QjA}3hmN#}m0ekLfBP%>Sw;}OGJW*gYC(YhXGb;k0+6g)h)xQouE2?<{?
zJP19J-peK)_!OB_=B?$;2juwHjLGoL6wJ0Zf}+P<pLq~qqsHcktLhBBYVOx&#d_8C
z7qgWvD9Pm7yAtJgYTn5DDq&Mv5BiO><&!%DlMBesx^Tbu-s(rcFJjx{6o(GnYdX-^
z%Gqd~K+fDIHBbX>q9R*OT88pQ?wgjjhQRzZ=X;eDX-4LYtjG}R1<)Q`Zi7~-gD$^K
z&N)~o49>Abi@z3h#^iX$=Ap()uFbC{7#(;y1P=W1sXo{@HksO+w$aAySC=>Ngjx~z
zkN*Vo`+HL0WwwYLQol~!IdYkY9!6TcmuF7pIQz10tgYpB_3vl1%aGB3Qz#u^EnDe<
z@9ruEHYrG#5daoIyS5u~{1tvZUvzk+f)$&2cEP(l;sjb-K=fb)Hk&tIJ&wC<O>{ZC
zhNw#6@Z5!aM~zo%vpC<@t+b5RXn|R*H`NA3;A<zvTn_p+txIk<DwizQsfEMfWEwBP
ztK5crxzQ6gAiBfyVFYCeB68SfXQ&^&CdA=L(Slw<GjJ-RX)UHVJgfDlH~sR~LXF;i
zOiXr?051-*2EDt@;8mSPxZnanN-G>QNT18D<UUkV#ByW8zB7i){-4X&Z!uPh!>Uqu
zL+#F6eS%Wcv+Hq%Ov|oE3>DWe+?b^U6r*g)S*7tu%=4j7<nIC&$!6@O3X5euqI&&n
zz&z5yN=}Y#Ji=OP3`@+ixn-+6IP<QFjT|+i_<}~R4vC3en;DcfF2e^`LeubRQu9;}
z;q3bQ)sj)DX5&D`#Lz0@IrDasz4OciH?-tAh+F+dyEbVhlh;<{kpxE*dph@SXsP&2
z$PB}PwtH8Jg*~BYJ*3uxvg=+_&emOJm-}+wG{o^bV+ETx5NTNI1BO^EgD)*u*I(8B
z1EiObGKj0na#)^8I9~Qx@KNybK4d6}?-l)shh*!4cl7vB>b?2w>5=1dbQblplT!z@
z{lhqrld??DaOUu7wSfZGmb}=V_F7qfJFhaQ?bvFGx2uEBf1d-+>C#QiPI~#z*U0-^
z6=Tuf96#U-f)4gYm#wNPj$wG{iIvtn%T)2|=sLyFw$->HcObCmEHLKET>qWQxAeaL
zj;=o^)KWU)-FK0fEMQ|Xeth7~^(+^<FXw+0av5SU1$kICX|<R0GHVPp91g*X^(Uhb
zwYoN!y6p<>2o1wf)Q42^Zw6ikXW7v7%6ansOA4_xCnS#a+KE1t>k>rIo_TMw4&b0L
zUW{?yWe6eC)Qb${ccetn_O(eod^nT@d?}ZjL-mY^YwiEI3rCGkxcNA>>PBvaGH&gm
zNJ0>II@k7?g4PUjZhtP_0TIvA!PtKxi+wRIl$bapld15<!*7`AH=42%hO#AG*V?nN
zb~Hy*bWR$}w)LhER3Y)q7(S#~LWu+@LwvF-b>f(WhnVXfBv^`xan^}l@mbc0UH4$J
zZKLpbN$QUp36h5fM}D_;q}G73%y)%-E9u@hFf;Gw6xHYEkJuKf9AiR~Swlzf{P!C^
zXTdWz2Jf}KLTkkl{ZTyx`0z;YqXT=ap#JExqSeqEy|ORbChxAMRyW<#N=wZP4O^7a
zw0>#-LuSYM?}tJ%14aUdID^-~XEheKz_sITov*N<K0wv$U{JQ#R-o#+BNle%Y+z_h
zX=Q6^&602rMT7h*cXXBu<}T|n$gwnXi1){XIq9up+EcY%-CeT&c6eRPQmu_em-kbK
zKdKl9)|6!ke><I`AqG_ozPy;C&mF=jQkv0@WXjpp4lmZ+@lOrY)3+GL5a3e2NK0P&
zrUP|Og^v6`sFjW4T;S%G&nk7yIrU1h(}LPIh4FdnPRi=g1#|BUz*EyR*^^(<Ls8=$
zY|9PG4}^r^pEMZW+$e^J#t!3!@x;Vewr9RX9E_@}ETyPg<NecCVIp}^c)YOk5C1!?
z>LP(%n$}Njwl6!tKb13-aiDLB13$JfNDYx`^wQXn5Umh%7|Uwj00KX;BHUmAr2$39
z=F+rY$xoq?l4_`X?%lP~WdJ6OckT$$QeSl5el+l1R2}9%0J`SwA4gz_b;04dX<3gH
z+<4Igz*8k}Ckx$ZY`W4I2dD#2r)!|2vSe1pyd=Yid`6Weaq!v4f#;WSZk)}$;rmGN
zN0E-Pu-KSXks)~HSx2l_dOf*voS!!A`gC^G;bQbbA4{GUX?P$2<SpYBqV<XjV<ueK
zb&FYtjX7=577}u7%*kb7pef<YATN7Hi>&o9O@Xr02h%Y{F*~SbKUSBs2o;^`*(2)1
z@{inhGz%=Ak=VgREq+<@=VZkGauO!VZ$hAj?mn2sC|B93EqxP}Aw6H$h;8xt?0RNX
zU2f|TR`#uBf?_*2MxixiD68PvlM_6k`80o9s0m+$UAd|^XaL=?Tv~#AV%KXpR%`4p
zYq?B65Mqi8P>Lbe`)+)ai#Z`XRJsWyLr8DqKsah*L>e*_>GFkf*)9`C24P9u_z{Ul
zdi)Z357Nj9e&QjrP1%?I6g9EuQ^2`GeiiQA7%`o0hVPin9DW<w8txT8RyF}ceXmn!
zS`x!$GSivMCrvMOE*$h&cB!a^eJ=|qAw4!#4Mzm;iV6S<cRa?}7y+g_HI2>BLR^(v
zzuo~{WL6~TCg~veezO=tX+2If-*ZctH8eM;(oNR(+}(H%Bm~ZJ#BI$EsRSX2dYP(2
zHDikyi^F*>Y2K?Yn^R8zhDJNrG_-(I`#WV=>hxqdtQq^Nn{2e!T<Wav5jNWZFn~MY
zKCJi0qt09k;t;SlxtjT+mYW=*jQlJ-%zZa#aydd1J(QvRtG5vp_EJY&?LlA?`PUSS
z3PEN~YE1x3d5hq7`LtLtd}T}qFu-}}WzPI;5%mvxpJ`SSFUyoyds1pTycNN52gm|M
zJT^Omdp#kdYZ_|pEA_}e%uoXSJ=|AwZ}KI9JOcE5%E^hfTzssPPkHpjy3&&08XVS~
zIb~u~Gv%Mtb$%!PufP&G+Kj|p3<)(cGR^t$h%45>g%OQIAM_HW7RY#_=$VG60h=uo
z+&M9NrwA-i<Q%;HxTeo60R--5O+GsKKKf99M$*LBCrc(oCi^ga4KG|N9kKml$^2dJ
z1GI@@+y=e>$Bv$LN!}zrH!;tQZFWa^&tiC`RqWfD*Bbt=ieoRi?0ahn^n1%Zx}XDP
zy9$VwmMnaoL$AIv<4Z!Otl?7O?K<@zeBBV`4Zj#V_wdx^YEtQ5T8<-CbyPJwsffBe
zJw|60B^5zKYm8MmO^qDA;v{ny{XJ~XS1k1x3xzxeX9}}oD+DV~zbTB*|J=^a=MA|K
zsUJEa;mwk9d`TT$*530krnMWfEA*JM^NM1iY7kD>ql0fC2isBTgz#_rZsZlacCVdP
zv6Enqe;7=%Oqn1u)|HrgSXwIdX=kqiYm6rB?lY-F{ypm=dml#(7onjL{eG>avT^^}
zrgEYM4+)5GlDH^%_{tktiz<U4Pc)5Z-H!)|>dvDGF6<2E6fi#Tr8__BXCVhQRSl}h
zaU5P}X!X~tLggA$_${|D(844jgk$jB{^F;6s+n-Qmu2gD2Mv-z692q@l}Q7O-RAGc
zFoP9s-Uu+X=@wr~yH9n+GjwznD)2Mp4OTc$+flp=GmOfuO7AhuHs(V2<GZLEi8bql
zBtJdfACWycETG?HGk``h$~6(m{g3K6$rOooeCEoEipd&4!%s+9{2O(96$E+Se<Ot9
z>m@|mT){@ro%Jll^Hbe~;rp|w*@<jYr5}hxN8A@MQ9#vTpg{p#<pZGKp0{ERE+84p
zWMb}d3KjamK*VJcVclewqIfY6lXq9-1P{PX)|~J^J955B%KT5ck{VN?WS}oIJzLbU
zOiy3d>4ZBn+h5uU)WHOtgioX(tIJzMY1*z1<76LZWyR#rBRP9F7U19^>S1AL2eAij
zWBbTrx~t|xm(3-3zJlNxXmP4}H*JgjY3zp5Q|xuNQY5V+pQMJN$lXLR2`F>&QFW#~
z5hR$yoElO7_u8~i?x0@}-;=`;E_pE!<p?36WD$o>?0C5~B!?IH&a^xt64%K9ahzw|
z-q)@JY`LZnnEm!WF{pIu`Og3*YQwl3SD}Q_MxCZ{6BV;c?ZmHo2;qES!mP55r6Mdg
zJ$AsbhgCs<xQx&*nFj^|9rrfltcoRw9<bOm^X-I#OTb+ux8t&~Tzvf*Hr7JQSe)PL
zg2aVDpvquElc812Om>N0vv<{S#45M!fz6veeBpJl(BZCMNRZi0mG^7L&-5v@uujGj
zLPrncQ-Buu2r|u9#X_Eyr3;v6#9A}5PdhoDdU*)wBbA@<aZ5E}CnsG~U^yaa1&Umc
zb+w7~Md`{kArZaIoqhTdlO~GZbL~B)fVu;j^+Q^E;6Gnv>b1rX9#Ho+=c+Yx7oyFV
zK!(bF#L~h(!cpWtjkP#GoM{jY@N)HV@$>cpFQET-b^Wi$V;`y-YGPSl56*->S(;2(
zdTLBQ-fUHViHXPC`P1(Ga6o%@Na#5qbv;;~pQ#B8u_*r+%^<ysi%u~_{orB5V;n;n
zQ47HAdF96!7|I+qfj4J^&y#xz$2qdD8DrR6Yoip81Xflt4{78oa_Tn*6H-68oZZt=
za_&LJo5(6}sZ7AGqn8aP*qE*iA%WjiCV>JGF@|w^&zNuohj*>#c@k^8_IEJVipK3p
z7fW8ab*zI#CmBDL8S4{{KJ9Xn{i@8HAG?VbX-rG((sU0IF@mu`FtDF<8#iZdF!6zm
z%<Dv<qO%*1ConNpDoV`50_*mM`!_74M=Ed6oM<xJYvNKVJimlVO5`P>Iq`Al?d}=Z
zOtva3)$i`+$uR%Gk<mO6GJwd@C!Cr5Wt%X8kwKtW@Gn~-HbYb3_QQR}!o<%N=uZuL
zcc$%BIyb!50i=hmHmXro{{Q%MC9AcaQ;R3bUMJ28QeMz;_+1Q(s{;enc2z6QSjXC^
zyO<lF9*#Dyf)g3|2&%+FBdqI;2K?|_2ohnvmerD8F}Nrt>6<*HE<+N1w=pS&*hUc;
zPeLHP=C^pN!M^gVF!x%;4&<`rMG^drChbrx(j2p!RXwLF8pe4+5kWwmvtr9}9(r2w
zH}wak=Cf(i&%$k)f3^@NUe$1E!85M8G88!vQ}9h`5=dcTl}?IDYaY~yk``S6uBtw@
zF*`+{HQgB9rn$a>)9v_&nef$r9w!Ev(ScDk=#``2hJ5m$58}1ZT@I<pEw~|hSW;jM
zD`SXI1&32jnh9WiE|hW1<QsZNP)eDy8phnX^n=k)?h|<#%j1zf*kJgWWWT*PY3Py5
zr9%@=-^+KJV`ghtU|{t*$XI9V(6un?Hc1FgrbYA0RY{lxh~9xyb3UerM6eX9an?{&
z<0qmava6F)UdX{L&oY_q3H~S-EwRcg7f5h)(^RUkn(eT6e@aBu7sS^~$XmO)Gl=R4
z7KihnSfxI##yi@q+{?WFcRyRLy)CglwDp%(H4d8T4lqrV5152&(I#XV-TbWnvL;@q
z5TptO8QZDNO&8yL7sLu_VQ2$&ek3+$o9$K_J3eODHk$38Mwpw3HTRqCo<~?T$IKWX
zMOd*Hn!aR%&q>55;KQvJA`-zSL<4uSPyssOpER(8Bn**P-3zMF$T0Fxq+^unQOXEh
z?f6&TUL2`cEp1L^4+;@rk0WQS>rF*|Nw+<Ruo*hB9e+rAAM-nqDzQ$1ZD2pDR*mgi
zDYpGzQ5(l)_dkUM=u%}dN>|)W;>dR2%V5-C)yKhuxKsXoFb%=qA&?*PNP2yfFfn+%
zYu&0gU}Ph<AcsboQ$Gw~#SW=frB|-l>|v=AHl}svgk2>^ECHZou4`m+T6YmWf@Q-{
zRDwV*-1mF%{->piqloLgTv(I><wjALu-J4_9WiCpD!fW=rk+0W?tKJ7ulKy?8b#x!
zUJL1&gL|q^WRq%`&`ObNFG$4x|I{|ANEnA`7=j5}sIO4Y7Xn+qt9IOfQ{cF3sR5?U
zLuokd8A00IPUhr^1o-#eLp}tuNn#{;0&KB_G3xyGaBYd=E|g4Xql9+SRU|!&OKnhK
z6IL{h1<{yBk$<8Yw2)@GL~2*1^?sG|jaeOQL+g_MF94cAWxpG8f4(nsA~r^esV&Bv
zBqkOo*dWK9L?LEjq<S^QhF3`d@(-(GcnbvJ8iQ<+faUZb+Iq5Ok2)_ZliUgFdz6Ba
z$T`<nWG$#BCYcj$P5f2fk(QMa@YTP%%P>AV=KmPiSY13kSXPzm9^=Q_A?ocwx7;wi
zDjgO)(4;fEx7Mi`cSZeEdhDFQu46J6`I8RZ=a)Z6vEN-8!`=0!JJnKk)eX-lv&D?e
z$9hJhwrxVdFsK&9CcG|p=+bCV6(HP%S<GGKwUGm8I*GcUD&r?uEss~+$Mxqb6Zoly
zKqA3lU8yTw@S_#st^^A&GT9Le%>DDb<}x_4)<Ja>8M%VZas0?9Kx(<-4cD)D!_pOR
zC|A6n9=77O#F~7o6>qr3iq|b$#bxWDEv{9W5Nw*6P|-f``TCB6MSCul^()~^clsIf
zjJH+T=_HK!8>YJOcRngj-{JK5Kd)Xn8*=(hA*O1L+a2eREtOdnWq!>q3~lu|!E2Wm
z*i>YqNVxuG^uT98gGNN>A1u`DyAPyuufDrnYb6#f4>07xX#A)By&DQMg|I;RD@uF7
zZI@}1HLZv}pO5Rx#0Q2wLETrfKb?Gbm_Ws6Xi8m#4g~B#z@~tJKdHRvCq9H(9~qWg
zxkECsJvOjA>?`-!Y&4`MPyNwLF8WU5eg)D#qV>aits!(~OR%(`$tC;(BrQM1E_j3b
zkN^5l=UmlMdTXO8urR}8UE>1JXHU*vw+%_#H<2_M55?3y1w~6jqVgJPrJRKq)0GV|
zS2g3&RExBR2(O+z+LKq>da^`z-8(fFXvrtC0U&Onvfuz?MK~gb0mHY~4O(9jX8809
z9@`D?0$4oe-qMMeVK~G0WNF`GU8Q(ETh>*n`-Tcp2A6RX&6_!AutO#sgJYVxx`%wE
z&Q(RiusM&wI#|vu3i;42zX6vnR)t;wRQ11D)lN=!RYws7*AzaXW6ZWKN9V?7M;*-K
z(4WU0V77fxx#Em%g~Tx2XIL665r^W#5&$ciJkji8cB&txrrZaWg;gCEZ5{lnbvn2e
zKh`6b!lC+mS@kGqG{7yHth`rVk53*&10N$@^s}l^j_WVyF8mw(kxADBa2o{~R;3{p
zf~HG}TIJ{{&Y!ClTD0l9G1^)_4L%DK){Ez2`lyqyGTEw9CT@9wI$|fZL5oGAd46fl
zvQkeQ>=@j~13|fZn&;<tJ7m3mIW|+eEd6?<;wuwfd0jS)$@a?gbS~@I<AOI;i|3(9
z`c?^tp#iXN*y*}(q~GZoso!ktNX&ZVVn-mVe?K*eg|;b|n-D{1C+(@yzg5&GmN|BA
zErasHdD<>}WtL-$?=$<<Yc4bXF{U9DY>emQ4CjUz8OogDI=so#Y4timg}=0@luM%<
zoqPq6(h4ccnrnxOF)l01V3cD76EGFNNCa0<Bk8Xzx3;+oJ$0F)4kJ<8nBZ!y39jD}
z6}M6zx&-7lQFMG4Bi<YpjUUWYF{<~9?#8Y1-i7PRrg0ycLY#!kQQGrz*Iseda<j96
z#&Y>*P27M0tkQ6DFvYk)z*`i#=~3s-<qjqvMs$r>&~`DfTBvMCXLWQ|Q|PRkvqA?=
zDNgb!+b5rcU5uR*1XyZSqiyS)d^058p;w#HD<1Ar;Oc%AXd7{LU=ml#={neZxyF&E
z?rtTCJ=e$Hz*bJL8I!4Fu$~@+)j~C{Cxl~AS(=8?CAt={sr9g?>m&>$6i_lGu`^!D
z0aYQ?7#uge?R3Kc)3#9#bCBN|mW;Bl9~LIGA*D^*9d;>2frQb`3{O16wnkh>xNpNP
zDg_*3XPWZOh0%|69p%+EBz+{*%cvt(!h023i^^@d+@l*R!V0+!&XomPjbdV0xCFi=
zVSQ{04$u)_Uq*a^B><&r9ceS#0plrwiMh*@ajT_Ohv*Q#kZX6(dnTUsiM~X+6Nzcu
z1@Aw`B4RX?Wm5zUy@9Zo7%NuoHd<3$3`MV+iUb^r<jyghQbWm|2RlfPOzPZ_t=cL?
z*$O!x?BuKQPytad&ea){Wkd6o?3!ZOE9JZ@8{E=TV?|qC+e%}V32r;E$X!#;Dt7{|
z@7U;3-?6$L%X!8{tu$U~kd;+exvFdwjNCJ*Ci$N1aON8m$p%4O%gN4cT@8yl=c~sp
zX;Yc}eg`EDQ|%#eI}5afquqUy%ALHx4OXgFDd=6Ew9s{$?w=5H8&NtfR2ip|6&D?-
zPRW&+OSK#}{H>D*201p-ce+3dF=)8UEe(mZTW*?8V0GG@_{TX~h!M0yekVq2$uRP+
zJxt4Nvz8d#PK4`wU>s9HTo0%6LM*~)Mc@VI2r;|{-!h@#-y?6>Did(eZuYn1oXCx9
zRwjF8E>*<Q7#m=ULxO%%b4hi<Ix31!GLr1go|f)(fkP68K2^k$5m`1X@D6`AoS97o
zsVQYUM(A7&us^3O%b0H@EUBfZ8n|8<DUTR!2QKG3C||Q(tB`bzUe?fWqcC-O8A%R4
zH6%t{Yhvv(b1f7BrUSy#M^jPY^#f7xMkGXw>+s>4b@wkaKBi;A#YKtZU?p*BG?ls6
zzKm1TCz>RwCcjbVU}6vd=>{T9<I*e)$ZEV=x?o_&XjLeB$9;>NqMaR_*1>5Voc4|2
zw3iK$BW;kVt)LQVjl@{GUNl3nEn(2Usw*YB2glnb!ZtY&ts>G!gS{aUX~%}dXqZO1
zb2fh)z$JqV8JVBMPaw)ZJ2~*-^xf;TcfVYnpME+!{oVQAnR%1&YKc*4Z`zDmRx>zl
zmIgF;+=hU%b;Hv-ovuHrCdXyw1#U3$U_J1%^?-8gV~pM3Vhw2Awd1}@t|Eows#H#7
znjKdy8{J&Z@~j>_pBh%^TsTWqEioMI41@UBRHR~>r`HsgM9{N*uEE%i=`RfEOt`{T
z))SLXHu|2R$izgzn#HdrkvqA`ik*RoBAvqE?>3*Squy#ly@7Iuq$C=P(fzT>n$QSy
zPRmeQ?71oXZF26ad=@03nk5=}Td&$@>f7MUM#gz<mBc`y$jS>j<3@<3W#F2ES+tX%
z)4GRxN9$S~BLlE1D&fYMD)tQ-qiPiTwO4#@x+>w0c8Y6D8i>zJGVeW{gmQ(!i3Bh0
z?>P%P`5#QfyB*0Yt7HrYJt?0ZJHOIAJ+x<UD@2OiTs|v8=ptz?%IMe(e&VMPnA6ew
zas~dot*-yRtL<ldT6W5n<0s)p$QF{mDtt=D(C<MYXzfyXXD<EKlog;-&~Cr7<S```
zcBQMhLib`7zzAZ8+srkgF_v{w**2Mc9!x#9{+cT@RVl+`(49ogm8*T>EyBqAH^G37
zmAH{}_Hn0Rbz^WJ`b$0=OLnPZUg+IXrgBXlDiiw_tXajYbY+syO5PdZ*C<!`j!W(=
z{cweA&J}yUuViHM^v%y#r*A*JdH=soW##|AbB#TXuiPL=U2uT|aHYhnAD{2-?LFJu
z>pKf@qUZkV3J*`c8vZC>Rpk8DRE(3WrAyxxzuJG!Z^vG6g)lRICW%s!jV@YS1*(CQ
zaVLC#faVLP)o&M%j1W~ejvJ`g4GTOE?Xk2&atAC;*I)hQh$aH|ZlviULpzq^bx7A)
z69=!iM~D6u$z9a6B{t1~x^k8JM%Y3nPfYSugLm7bvt@<)G$qIt>ZH(=`A>z+QrNq0
ze(eZ1?P0|37hjCas=#noFnL@gwazj%gA-XG&r3M^Ct@KzoFEJaNSv&Sf^CN^&&7Z?
zo!afsEsh~pU0#H+dfMgc%Hm3;1`!9w3sOOQH|}6%1<s}4vPVRX!e(WTeY~P0#iZh}
zhJy<fKQ4?|owI0=X&Sqhst#Wpf@3)G(<w+*T95T6gU?5*%k8+G>aWRDVj{9QaMw-q
z8<1^!F4?M1;MuvoCfdV!xM4hrC0p}pYixU^hOQ|CTT>|P!R}`>q}^d*UnjqFxm<GK
zwoXLY`i&2VRI~j|f2&<jv&Q2mG>@lzl+=0a#y7RX%>J(HV&&ovIWVd${J{S$2|}pP
zX0Zr<g^s@Et})*?BNpm?9k@_1Ray8#U96%Q{I?OyP#0iG!`VPf)k%SB&UucyB81;e
zmZixyO=%n%8B^j*)*(OWWi=1_c?!7bNIBYwwEV2eh)uj`-$4}9`C%(u6nCdTXYoXW
zjE*eoM*=s>dABvAZ>dGwpwUrQ#&DEXl}19V7;RT;92LRmw_(YmF1=K~E4XgPq^cPm
z+LbQ+8tJu5b?b@LX$aJo>{y^P8#@bFd))+2Fqe-GMt$`FSy-o8>Rygh#%JoYz_6Hb
z11pVl%1VjkP4gk)>`S>q5w#>83%nt<k?{iEb2i3J6<*m<nU79oYS=;c8CFF{OtLuc
zvmTvM|FfbtC81+Y_Yk>EOEb4BOUMP;ynvI^+%S?9FoQcu>zabrba3T8a3$rJsfPp)
zxg9iY1&B7vOH9h5Z*Y?~QmLp&u%E4_A~UfSYh4oYBZ~``5>|FSFq7MAh4>D1D(1^M
zQEqeQPUgCBiYo7DpsGzV)s<3^2UV#-zTBWmK{ETO3HN&#M`QlsJX2@I9(6KRCdMxY
z8Jh$vRwrF*K$%XGQcMvX(u4~&mXnHhmO$1`!Q$uv?_<C%36<Mxd8|h&iCoGxzF5OG
zKHtnWj`qsA#&(S4*Wii_)Wln3i(knrK5{X`%7$b;uXupGqOwF5uh=Td7{^>CQo=}<
z#Sk$xgfFSCe>Y+kmr+CxA8o}by?Megp3KDpR^NGe$2I-f)IBcSRkf%se33;O3F<63
zkw<)0JfIMVLNHFsn8F1meU1&&F0r9j$o6ONv&G7zpr+HpYNxn<?f#w0cb&6fVy&Gw
zLM*pmaFHU_IAx*z1c8&%vbSS6Hg@L?LdOq-Yg&X<TcAB@Y2pOLRAfX+l=l;lJtJjH
z_10veKer<rzh#$MI~Wg(D7ltmy7@3o9%SJVyj8r92}v#yRV2J=u_^C9OUk3_A;^X5
zaDz>xvV2r3vdl`9JljZW=rRhqItX^<2JH?o)2#Bq0}k{LC^f8~e~HBnqi=XnvcoSs
z{IbI@JN&Z7<MAZ$%LkK}FLLB%DOvga0c7Q9uOlnF_Rfu}pxGEPeyTs9YWvw5Pw{3Y
zY{DyzCNx9*ZQ)O6S<mbTv8VRf%huWNmogf3zNId-4LaR7q0^F;+8KvwFm<EVp|cEQ
zk1N4qJk$N`yzIYxN&olkWkYHy*9<pRvTca)>WP~^d8Mr<C77=^S~d&<?YfH58!d$c
z_($YTs2ybzxyaodV#xvG|Hi@|G}-L|Z9aU|9KIrB%Bghu?YCH)AZEPOTP(371f~cW
zEuD&qM_sPzJEq|sK8bJ_#G<9V#C9F9E2K_yt?rzWQQ5Oh*CeJ4Q`}pm3&-{S@DAJZ
zQsoaE<3CWj&|@{PQw2V$QUEbZE*${Z8c3h-=Ud>=;8TT$*a-uF<=EH9PP)X8Sjt*~
zs5>_G!E7qgfr?a@G^$b0txn)gRr1<g%aglN`aTtzrkV;ZFVeXIN9|bC9BYaaQdM3L
z|BMQy^{}y(LZ#2E8t?m{QUe+-tH5gN#-q-U$^>>FKH4Nov@#+7lzNC@5nttdfv_uE
z>Q3M5a`5M;muKf$M#F+SHxixYJm-!ahEgB))l2^0R^H-M7@G@r=k?I2(Ex|*3u(~J
z#nxz=RKjsqCSu7ISx5$*=`7MB+to*VSTlpCAi}rd6h%n;yt17qXzOr~|Mv{5^U+3g
z>0+~B_w$Y{;U{;lrG#6jpexNYDRJd=vlL=Fa&Gy<C0ys)q;or@x`ocNvYNpTTUR@+
z?6mUnwQ?|gmWjL5!}{rAE#lbqCVp{^FLm#YaIjHRqXe3LK#|j;Q-(zF+GiN<^}$c+
zOJAk*Ar2Hi&Iej_F@1U_eT?GpUR6S5c<po0*Tda;zW=Gu(F~RDFyam)?l9sGBmT1S
z_(=i}&L_%0)@eK_O)9`nXVI-AShxRR4%6H^n=j}8rgfqjWAUl}oMf5v{Xy;mj|!L!
zo_Kdojyq2BNpO;7WB*!AJUo^4kN^75jFh}zA=(B@9;~g<X~g+4QH8(~hWnc_V`@f4
zc11Y9MtV<9JL`$7Y5dXX?iomeQGCWfK`&OSe|jMgh@mcdGB(QzNHlRW7n2+0+2l~J
zEyL*sD~D>;%Qj4mLu%+!jkxMnI!+_uriDiA9pqRm$WhkQEK?kMG^Yo{Np&=FOvwq@
z*{X=<SWMiMqlTmw3bx%!9h*Ydw47dCUo*3ae=r!$h+`{wv-`P4nisd8+X0Imu=p6o
zF`HslE9DhmR5jdRTLkk_=R{>vdP<ODbwX54%WuozM68^S$Y8-2Jffmoau1+SJ97bk
zd8@Tx<HhC2*Qf6;H}&WSqf%DO^2PIw;3K{JxCQDe8#f6s%JJHQKr~C)wL?TE!C)1U
zd<e_X4pAM`PP>fPC=@bjhd?ARWR@w!vsgIg%#ao?(vk32Yp|hi&VA9GJCc!~P9N{l
z$NbVv0hLY_*YoGa(z$;IdR~iIWW7PPlH34&XL+f~G8l`8#lWzNmVt1zl5dhFFu(10
z?U#QSPRR{5D!&T1Ylb3rcv**+b$D5ampxge$+Y-pYO5In?x3a3(2_a2KZT($+`xvF
z-fqffnwiX2F-!Y{y<x^I?W_7Zu)Ibvfv36(5-|clpPjsSs87m^ANMk!h=q6Md-O>P
z-A2<Z*hq{;bhV&Lwau7gHN%`{X)xj9gbfj29YLp-t8_gn7rQjvzTR^&zx3h!{ioB{
z**J|OSSaSqy%^X@JP9L_HFUvU+(INa3{?yyY%#JLlZw+w@>|O=N?@hJ+D}t2Ui$7z
zVO^k8@J5&>gvoNF6FR<#9eGe{d{5`Y@jGf}Y{OJ<PhX#Xd`s)0%+6pI5yNg#=u;sR
zt~thJ)-GwQ`YzDkI7!D1*<Ln?xw@N&xrVc`>^PgzSFw@T*_S$}HPa8Ty@|8pESqIv
zutZ%XCISn=Y5mq3?_v)Z(;?ZcrWHuABd)%PxGHU5EPY|C&oQ+%4pD7tmG-VmkoN;w
zy5JM7=A~3t))j5P6+%NmOXl{;XuuLRO(zLzky#<j>4|68&r~CX<I`WxF0Oug|3)6!
z*kSmO);|6`XfZ5bVA>FEp>AL;lIg*YbD8T;3=?;WZb1x&9KK`W1qeG#s4pms44;4(
z7RyOcJ67}qP*2$_?OE%@j*KNMGTZD#od#0`i12ab5F(JM*lq9#cIiF1?+l!gZ`h*i
z2_s}bRHay(5VFi8sS`(5nW#>3MOS+pn6jNFL1i_O=xCipHzZqj%m&rCy<t)2a@~c&
z*s}(svVvii3I3F}mTbdg*!wPb(Qf1NOf{shQ*>|QuweSBY_5PWOr^QlekGxOi`s6d
zfl*RSeWj~*(O_l7Y=);pc=_@2-e@}pN!5kaF$$vvY0j~FRqjNwhwA*~#^S}nKm?O;
z3gd$@W1J(`flKP&6Ic2Vd83c}emebS?oWU5|2X^k-SS^X&*#%$Kdt`dpI^x<(7@r=
zaN$NbbUf%PT*8yI#BfQfa!Ye%R@Sq!b9VXILhtVyRfnuh(&eDos2&}@tCmVJx~O70
z${@(dP6Y^D{bXZ>v}A+xWM@rqE4!doQY#SzhPC-$oF#R7(@^jcZHZ?(!~MbVB_G?I
zq|{_$>Ro$Dyn{WoCt*Y%1-}8?`A)v!nWFZBak;#O-Beo{0lm?;tbpFr8?K%X5$J3N
zL2>7%Wi6jb1hlQYu4Gp6e~++XI7S>PEg?QH!&pq4(#*Trpc*?P&5(2lsePUNI!LXa
z<I#*(%DFwJjXUMHn!5RMwwJU&aQ~LFYkK@mhHunWq5F1bs=(|>7Ub!HI!}S`+*f`v
z@+_~_ko^_x?2&T<<KkQhpD*sS%S;`&P1f_rtyoX=v^T~)4HsNF-+fC}`XzeOHtus&
z!hJ49K!uZwjNFU8y@7?uMX;X~cUK~DujZh;4LNtwA)a3+zFH%mPhNZL$<J+~Ipqnt
z!UC>>AX72(0x;k-N@L2Gn8)q%!?Ycm=}JiAF7l{yS|ny7ir}KeTTmaV4#KRR5<LQh
zDUCoWgQ@hC0(b?jt3XU0Y1xsMk0{8FwEP00ZA)6BSjbkfls1Ext&rRo^OSt3LoVkz
zpz@qv7gTaXum2*Fn?q^+w<Rl)sqA3NFH))>tJ13G!IYJW>dC^CHIeAZ1S5^&p4;J(
zZIPHvfRiCMw^&3&mhg`XeT*~q@xex){gVy&BYojE$E%*g7<?nhv4}8!`sLHVO;3Kh
zbbp_w|Lbq(!^z^KeCLSjVdcR^nhEWY`Qy-wb-)%Y6LDElvFdrns>N|HuPCD+72t~X
z6HPt{q=`gQChUqV7RzMyxcjx*h)FYuGGb~cVr7A0eSBc)g7F%!RHqPlFza$$bjKvx
z_vcQ4SQ?$6_h!xtBu`b@C>rZdj9p@!PUc*&<%sJW-+Ay{d_yYlf`c^?vRO(vD-I}*
zqnZE>3E(~*DAF=DYUgcJkvb=^35G1hYKuVR!c9O4WVS%2h-4Z<t5r`&g1?uybWSgi
zl_GD?BG*DoIzqA|B%2|>j*zV9c(jp_T)$&gAI<Ms)#s_CTt`oK^klv0$q#uPCJ#?G
z6N2eT$%m1W+eJtX2VJ`6{eph9jgZ_gAtXUeJ`qbLWdwc1Pxma!%#A|~_D>s9Wwyg3
zzfOF$#v`A$>edr$+r&n`K0SGJ_HOG+mtO3Qg&*E=wrmbxf&5aQm(-({LnR4}^4uWl
zQ}<!l3kXe-I^oRWHa-`un!;!BJqxddwZklYsXoTv=kWJ+Ol8fK?=cEnO2bhKRcZy7
zRAr`{709RqDm$R^5e3-+m0uvVZ&SLm6{7kof>JHtWfdu3D=)EU8TjqE$)*_gO8Ll_
zRq0Ig_{hpc^<??Tnn<)kd}M_ZyN{2QUU~@@xrHgO83I|EnEx~c^8A-ie~f?e(|@`6
z>Eplr?cE-g-MCZbHrgTFZ^b&+5^t<bs`bPhs}{$-c%zC(v}pov;2U)~rWR;pZ6u`8
zMky-T-pJ~CxEgSkYl~&XT6)yAPPfZ;Wl2UV!wAkEtSG@m=xU4+!F%8ESaHW3Zp9qh
z^M3<$xK$ZOGoFdi;kz)WDO_EK6$T^mTxJo=Yuh1od3V{xxFK56F@_yu*bMn~jA1>;
zqm7K=<}G2z5Oxe<%^1Sh1!klO5jG4I>G;7fsI<5)lxX<a%De8HD$zD%@W4a{Bk_m8
z#(7luCAi*QxIQMEgcU60t;zui`r_=DcgL3>&rh$;PyhMj+4<?~W=yD>L4$#~cCiUU
zLxfjPWUwWwTTgB)4-JX{WIvHWp2X><<!z+`cOi`4QW($64JG1r*=XuZV;)TWh8Vm%
z{C*hgC<-G962jx%iXcIX1wVwJ)g`TD-cI2M7(tB0GM#$t+(_&%wh_T!&wlxp)~_W#
zDIW5bAvL&PLxLa;V*fbeLGen~sy?2tKI1N8=A1_QQc&NrOiM7o2#y0O$0|<5!dawo
zB12bG)*Ny(4rDTd6sN>0G=&f8z`qXss}lTcg`^%*J~5@#m0A!x{tx-TY`&tn47N*J
z<S(PQ>S2JZ1oZazsv6X-0KKES(0SF#DM#lW)e^O<i+ChzS1+orI^nFry(qW)5aw%~
zCI#m?lj(04@86+W&MFhpTy2Ml9|8KRg7>OUpe0>+?VT1VG19X#OkCJ@JwEVM`TP!O
z=6!pp6Ye`0Q{+Wn*3;YMog;O6&b`L<nawT+WVn&^7Ez6-FaVvhK728ngi$0WNvXP;
z!5OTanuM9>M~Vnij_|3hUD5h#Hd;;FA!4bHjCqli#Z(K}C}W5K*_v3k)AODQkSy4Y
zi4fBmhd`5NIx(u2q^4Aft2Nj6RtBq0<+mWe0|oh!O*y>Jnjpvbwls(FRd?OraXy(d
z(Y!Hk$|n=COk~(c&TUhP++c$qHAIa%5U>LQn<2jr1gzJ1oRT+4WQtmgYBVNIO=;I0
z&O7Mfyl*B;)7vP`?hmLVZc{b61NF8C_0Vy>R~@8NyUv|$52g3qr1bJtU9l&ri|4b@
zL#L<X+DI7eO`6h9yk<;ZSIF-xoslQ3s`ccj@(doAL|_DO8ctFyxI<Vx4FE9;h0)P<
z{P=jN$Dt-{S?^87v{0Zgh`l($Q@AosXBXvjZ$od2C<*MdMS#Q~e9OQK*4Evd3T$=|
zJ0U#?MZ@)3Lou0S<g4(+@GIbvV4D=Ja0xo%I3s4Gu^(b~h<K)2A~YmO(QHspmgb{u
zV}8giDleXgDJWVJ2{&;t4-reNFkUH5Z3+O=5qKSe_ooqfWL?psb@1Ib@Lh{45FQvM
z1>|DK&6~N111$6+q0?_!O(wGfAD{6rSy+2;7gsOrGvB@5L7(k5OHRp}OWLF8W#|a?
z(4z0c8o;pSyb;r`74a5ov_Gs$j~Z8MuR2lXOYOn5P%^2}YE~EdJfv`5JLIzo=#v$B
z@cSM>{p9cpBd*rxDO=`<w?o*ERnP6Qan#BLdKTbuyM$bTyyrnGToze4GIrp7RaMGM
zVm_$V4#6GMVZoxOCF!zaG|cH`LPH1c0ldyrke8gfYrx1E`KL2%Dq)p&1_5F=p{!ZA
ztZ4<8dI?vUrm$9VB6E2{SjE7zamHfq-g;rw4xwxK%uQGq4S`9P4@KFRCwt|*kHpNU
zBfBJKR9h>E$ixzC0r2Bgx-44QSIom8#J%oqthN)6Tg<gWb2=+p1kXhLKq})^-qQBz
zL%hXu^%l!2t0_>qv7a!FB}&_BORPac-T@lJ5eR|7TAX0C+mkb^A%W9cLxR8Kj4B&$
zY4NSts1?AMdu&=Rd8r^m@OQFyY`-`KTfBQ<&sE&mgJwmZxJ8XIOeZhPJNP{E8}`>c
z@+NcIcep_|>Xx3%S-PipmwV)<(5D?X*kOaskY9%l)^j}CSU+(6sgAC8U{^b^W_V)3
zcls#|ec=Yq`z5nL&TB<a;A1pH?rnn-c@tv-i9c)wBtCHPTSXvVoc{A*Z%7Q{DVO$=
zHR2Nw<Ra7lv`ov8|HKW@{~rs32^fnRb_JD56EBWoQMA(|&6rR%BNg$)su;kgK8UFT
zd_#m-GhVS%>w3awnrh6q@Vg76n;AA2*0lzWp$j9}_~3(#SF-$|CmRX!Fb!y!a>-db
z-#DSLZy*D1BV9@`Oenrd=j6ea57T52&Ia^7#9J)Ga8^=bP_dE}*1=yC*|iZh8fpGC
zn$ga}oy@&JbR`HYBO9?ru$=K`li^X8#fI@iLPRx{1g|z$h5&iEu@He_DL7MW>zuxf
zHL?$XOkAuTCSdqM6X0G{xzI8>#J!^Cscy%7FS@Xx!4-(N!zZ`JCt(6(Z4T$-`5R7@
zz^D_&W{{IY1|1#o8GdGbxNR;wV=Y<%!i_RM&@L@!0!l?xP*ZU*=^i!5S1m}X;Vx>n
zdo2PHk+42~JbP^m306h4M}&k?r>)Nt`Ul}*Z5iq)YOi3(K3TOrhVp-dlK-dv*RooO
z@4~`LAwG*qn#j}}mH(KBu_#bwsnL^3l@52@B*7MFO|kZsGM1GM`zFQ`&Ch*!WkxDw
z#!MCLK%JokFHGpit=m+YI8WvwX0F}B455rSPAlH5p%aD&Opq_|T-_i!lRX-}oudp(
zvKI!GNN<Nw!4D(sMd_b(LS(NuFzeuihAU*puees04CjA*cl!3joA>|gRA&aRqcD!I
zz<*9%|H=!nZ~LqLJ^0_Vy}iD(2toS(>MBC^^QC-|))oxGO~p95g73udiC+z$^V@k`
z^l?F`>hv6@^uwJ#=l8SAU*CVcBt^E8X|lSTVNJ5#X(eR}E0e5IYD;lt<c0si8J`~d
zJ0olwV}doZL>%=Y<#q*jKSZ(~?J^qgFb>1si!!gvC|rsNe9Q5Q)+GGC4K3+SNE|*F
zQ@|Z}*9~e_-#81Q{Y<$!+L!j_F&=NBn(*Q?v+dX_J700})2gkCMUzH_cE-|-@M`(t
z^xf;TcfVYnpME+!{oNq@XWk^dTBbg%ppOegR_7%1PDVK%T$wbDRRFhKSE;x$*N{iz
zjqQlN=rKBHZA;~a1J+noYqC??18HQ-s-K=-T%5gscXj%=4_O@+CWQ+}SfzLy5|^$u
zII1RtoE!J&oXY)}zB3izc*jZP(s})uw&CdR%dA8eTPD2p7=M9IgsB7mLv<vX76f~i
z>7Gnw8J50v7#vGVW{r3<L&?=G**qRT$UY*kYMwb;YYSLJxk8%5vO=0=>fR8AZZ@!*
zxhc(%b_cC~o&25xwCeOIfG2q&*!$R4hwIx=k+XnI?@lv@Mm_&27Nl4?7ZVY<kr&oz
zh|Z*yXS*(o%8Uiql|g3_+!uEl#z(5A29^!t&+zNC6~ZMTXYd;`K+Q+|oD&!pFHr?$
z=*8c~*!dX|kDiC^7@ehZs&^#V_hKus?{tey`jL6?M*36vRDBre1OFIbF3GmX=%RrI
z*nieOI&hR#C>&|es$@p3*(=D2xhrR7Gv-~*NWiX-@YhJMU8-A80L!BNCcGk;WL%zz
zQJsR_z$vcmHdANq{PZr>D2!;ff60O$80GJ)R>JsW)4-MfAb(jTmcF}!e=no(I#S;<
zkHYktzhaU4i8rA2$9y1U7dy7^(b+zW49e;n-OWSC^}$=D5-cTE>>@D{9vzs?hcslZ
z!)*vb6_m(XjIuywU!T|}KVvEaJ541UnVWICoV98S3eryS&(cF;Ka_<csDqfE9&3jm
zUVDK`K?ameTa!d<1v@p`QS&mJs8(@FWIQ%y8hM4MDz!CA9#)A1lG&cSQGooiJNA4p
zSt0jFZPm43WEdV743h7Si5UcmD?5hC0=W#^>n-PAyr49D*a|5h>^T1vgm=N9;F_T3
z&7yFTMf1x$N$b-K2;;yQ;BI&U+P?*~S`R~CDf72q)xd8^&2I)DBn+5iAB<``kD8aP
zP=2ML2hEu5Ku?xmH>E~#n!<j~sHkNXM#17`Es-gu0MkigX2{Acw#=5(9)}LcnWE%w
zp&Fv(PuPid`2kL_5BB!<6y<FV6S&P&Z#Dzv&xTd<Jyp^?l?~4t1hd%qc^!+HCo%at
z5nTnaV#sT7%|8h@v6??TSF9!#U{f!b;G4teoB7Sr8h$gc1u;zTnD+mCXb-VwJk9;M
zJac8^eu3`R!znI<jZu@P1dhStZDrmURdl11h-M0fC$nu!c{`ecOtIb+w_|wT8<H@C
zMFfI+6fta{AnekgvU+XI5s6n{#ZWv2Nu7%U?V%{SgnhNkHdFZKt*mQbw&<<fH?5hT
z9KPnWS{NY83cm?OILYlY?<2f818}^V5xHX1OLP!D-s95tm5rGM;oLFoy9T_|;?v(0
zq=ls!Tb1Z~0N~uq9dRr``=`>AVgGV%bT7Z~;hxWr!;IL<xTvp;@jZnRIl(e4>GBX{
z8)J2<O&n-12%T9PQN>uM+tjH#+vkMKj2;Pgj}lP%#GAR8Sm?2h-?cci9p{cq7^1Di
z1_-GxFJKX+3fF5&^u7rMq-8m!w0Bj|$)0I>ypM>+b8EfQFt%zmn44Y*6n@OyE7|kD
zV4ZWAPoYKo(CJ}yOrelW8RktqE{vJ~88Weex5!n!xZ27J*Fu?|0F&};q_mDy2>rbH
zK_#Vd<ZWds$x@c9-u(bcod&x@O*_=ILrwoo)Rb%mAF3)jdR3BuF-~Efgji)L84#{y
zE+@Nx#7(Ie){q*iaxuuq<>azZ8l5vgB13f6<yN4M|5FmJlONGBJO0}Y+{r79cg+}{
zd{;&C)S^}v&XbqQpdSBaME2y{7~gBi>Q(a!ui!;AM2@sYrGDT_q%{&_BgyXb5G&;#
z!^ZWPwx%_b=kXeps)t*2Z0-pw*D{O}*C)QEA!i*jAkX<(xUt7DM2*Cbl;HZO;b(a|
zRQWzp<)2hf=dv;uS+0n}WPC;icGvrR&cX}QL^Q;!uNh1}4%1-jMyrMhuVyfLD>SyA
zpsx~r%=m{9H}q5`*3v=YTAH#|k{z}2y_ujg7-~{Da9K85bO=D6pYH2yfeacNRcZ71
zH`5NVL-6$%!gIo6X>;LkPhX#Xd`o0__ABsdsFzcS)oz^$Hh^*#Zs09bpT7aC*>cA@
ze2o3Q0Y7c_8$e_eFBbk5&`T}Ut<iA#oXWjPSZN!A90S~8n&fm9AqjoDQDuv`$7ktX
zKu<?651+rZKd6hwAs9fae28dS*}a`<N+lrKN;L&F?3nU(OnFC<cNF=bAx|tSn}OpC
z*g8=ULf>6twNhHHVh_6!8Z}E?{JSR!XICv}3_kOMhKOdaV?FhdoO{Zy(Q#WcU)aB+
z9hHs`vP#EgXdol5NDxYnpd7oS6#0WWyL#C7N>TEIs>c0Zl)Q`>e^f-ILeXqj4lo0Z
zEnr+#epN;Z?G=c0v2-r?oL*uckHNPdmxQWJsER|DMushpEOL3c7Cyc>ee?6xHnm`1
z?v?Vz&r2)BZsd#i_qOAUy;!gI?HIu?B#LR(c=vw&KDl;KaAgv<S=jqZ$VxktCx|uQ
zw@b_LE*PH}DU(W0`cx*$-(8rZDQsZ;GQSZFG01iFQU_hY`D5fVc6yh4-|y`ml1I2x
zP*7MJud#DE)iISlHrgW7uQ33n%(3bLzxIeuXCF%KLxxyq2lzG?hJ97n!m!o(ctreW
zq_r7Nr9NLsW*bE+K}~fpg+Scpe8W-EIUHHOU=rK@pmW(0U-}+9JhW346waja=v@xc
z3e#@9v%+6yg-6?&;a4Sk+u7W0eX`==3N5R9&n?j@8qC+}G>XdnGzH9V0_CrgA8V6!
zmW!>%ScCVnyzma!FiyaC{GNQnzEvG~!;E@Jfns}wE-y-q&oKO+EaTSCFmh(D=f~@g
z0u>J{G(-KK)VY8!?KN#H+eJd>hyL+j|LL5ocr3HYhqi(oNxE09zuh5$?vOxtNZ`+r
z-%o0N|AYrN>jYk&<{S`<MLFbzna=xXhkhx1yJIBGvbW@!fu?vcPw)JOEJ?HLj;S)u
zQXXFIj&D4&2e8fYjk5g4eaA9%s$=c34Ex+h$;pguk7exdJ(Xh_wMVfT%v=9F{4~vn
zv0tAb|9m-s6$4r9lVVj~7Y1q&yRhR9CzCXa9dRpQU3#&n1N2Ggpik{zBw>VJ@-%{n
zZH5-s49lLS!GzmOG(>zg1GC$vzV+l~tvcWGkWfjvZ$x|08S=uZY*daF5@GQ}mX-zq
zhh`jwcL+OLLnJwFqrNxnI^oM*AIsTIQ~E)X7vDJH%$d503m=bTRm#Jt*$p3#R`&zh
z>LJ{0(W1bO^-x|AFJ%ycXmf8N24gp-1|?mk?{5raYy5iVaraRbP%J81-&tTSkbx@U
zPJ@o>X&}?eNKA|70W>RTAlytr<B(4kxEvpf#0<V+P7E&mBf&Oqi<K@O-xL6^oq#o0
z2a@UUJ26(Kt8lR6;~C=kkyzKqz_2f5<II}Btw2~uvgoujo1p(NO{uqXl*GEaWwNs8
z6_!JmGKX#UwHG+Od6F#S!`)qe`I#%Oxk%JA*jzm-r&km7TBQLwRpCx;0V>0$I{(_j
zMCRRCz>+W|!zru4e(>GZ9b7n1c28FL^>I7odw^*vg3=8PUCnP;!XvJc$K{%$Fad{m
z>h#>(5G!xGlbh=ZBXt9~1z+w=e0Q;gNBoBIwkM2RKd&r}ycB`6$-ETO?(1Aw#XCH<
zd9O}(Sh6oF+U}ysF-2(m%CTGku%aKkQp$MAXzAlp*p-R$g3x~4!$bz$WR;3n{bgju
zPHC_49FyaVYq$uD%E;8?Z(%eA-xF6~1!phkVW8gret0l^@%;Joz2VE3Wwp9*DI0<+
zjsq-9sDr!X1xs+R<q@98t=C-H$eb+}FyB=R4BFb|wgGm*NrcccO<u8CkojIZVhK`k
zRw8kFvcI#j$6ykxB`Qw@n(^c5(1z+l4SEh+cA5tJbgHqW5-w3@uo%NmEA*#T@n+R2
z=6%XYK;&+^oYGNIQzuCY!Gzq1)h^9-*tUAn4$_rub=A3cbCIJPv_rIS!zoq=MuW-l
z$F12Y0hagxM9l^jrgYAxj`sG-Y^pS&psRNr5mN(0_il$=Y0A3+pGq{Q{?;?waj#wP
zaT`R`cYago(_U$mP9<1ndgkNDsXHO+v)3+NJC`vy@<z)<S8(8Eq%KzO59U<ir_(-A
zm2mf6A}=^b$inYQm$zUm?Iuq&Byo!MMJN~yS4k&%EavX57e*~v_jRG~$(L*&N|Zhl
zi}03}p7-MuOwkW$pr}{D!V73v8WMG{HM@J9>GoaZB``Y*i8J~()4YQxXU5&FiGoQP
z&b|=FOCK#+A!ecPhj;jEaPu8=<IG~Z&a{C&f`qZ|&JN+Z(jX|;hHV1gHI_3U-r1!o
zikIjk#3f(SV`ZdiEpt@@PffU_cyKp7JKGe_>ItB_o7&1hsEPdXHc8^YPkMiKmtlNl
zY6icu^Y2DdXp8pnb<%?x7oq%+6`0)B8NX&owZoh0g*S}|Z+cB;JVQdVGbNO&#S&j!
zS{u{8_6pDgJ1_$c1lM9NCN~W!cv>^Q39M-f&O=vr@{6R`I_<3|fpQvP^(&KZ`p19#
zpSa9lEEy`;`rMeM1a(i&640a%ZmM@pRmk){)Igr(SvL8N%MgZlB@@GvfZ{9QWAH3Q
zLtzT|Zx<If@Psvo33n=?oW9rh&*-Lx__y_En5>F^Mlo&8G`XcTlZ-hy3wNbvzS;x@
zIsL&3knr(E3Ze+mr&S*yPmd3%?Mi4#9#_Mth8wI*YqFESaZ@tet>l;tr<pi3Q_bum
zh!P@!6`@2Q@oYppX(bsOFmTRrR*Y6{LI+wQw*8$#N}mFI7_3kDoEq1yD~;{7LPQ5U
zWd|xSpB_sS>|rR0<7R${A<sCZ<(HfWqDWJ0G>C2k$TOspn*aEJ{=Y0R(NRWQD8T-U
zsx)9b$_R!Ymsr_ql%@`u?|l4Q75p6wJX;pq7W+|?2$cy`CC8Mpj?41jrS7$&_-;L(
zb@?q4%rZ>SfaCSJiL%N>`9%~L*I6WXs~u8$=iYkP=sKyoXeAUNLg7@pBcLpX6ECoq
ztGfu(AfXc|<egK>L!tzmku7&RrGyFpJ>1)42jwE!#B70jONb)_x7sm8d7!9}@Kp<{
zIwT}{tH%Y|DmR(yd7;d|5GA-!JEU|0#&9x6=ie68jaacp$$3U55?7Rg@7+jD2rD#W
z7BR;5Sg{y*cqSV*o!+h3Q7I;K%dO@)|JT}o+i(4Gm)I{@B?#=dxEz5|Loj0#VOS0G
z(2nsuo`RXCqqP32uK`Z!LFurlH$zWriWLTBSY<~qf-&0Y!cdosmclAj`W61@NsoiV
zE@SdECSiC(aC26beevj!bLAFD1uvhmIBY|0due#Mh4Snevi$ABfq{}Tc4O+~_&)Gg
z7}lm6(cCo7^Lc@>y~6R-pO6F562V`B19xqJ71`Eu1$%YWdUR$u)X2ai^_p?{wQNZ}
zg7Fx{xF1~)r4=U%%?l4bp>ccc&L+x9?e)SGOmykF2rvsS*eYEj&yK``NE2`7PPSQ-
zYY~I5HPK`Vo_H~oyo#lBP)1LfC=Ftcr|VRX{D_R?s4)8OZ@*tkV@71tWno^(Er96|
z^c~9y*rB;2%LNgTWIe0$_(7Y{JK-9HV_3%qOBYlnO7VyqXwM;HEP?zbbSM?;@~EE#
zKPL#Sq+xdK!_FOo)NZi`jib8U&pbbgc<&=KO0obfj*<D<j)i(G7HZ%5h~bc9JM{5a
zcd<NjRCUd_ZUAF~3$TQv4y3E1q9{Ag_s)ahDyK)2WoIkM>M~p5<x&osrWWQtelhm=
zP@WPdBspc3Pd;^c)t}Pi*GND%L$b9;tlH7c_wsM=RQ0H{031h(l|^n4tJ7P{Wki@Z
zFHW+)u5rbchdmAzFMq`Wwmz*)SCeomnxTy~BdxkhQeV4eZLccV6PmHAO6ifXhQ|z!
z<;KWHr~ZHT-flOJB|Fr-pQp$J+l?x?N@P`$+7bn#K~YpU?Ja4Wq|~0{IUusCqR4Dz
zWtQ`Y6uaHPxiXG#Jr~9S=3;<3^8kJY`+gpxpJZbFL}Wx}7FiT2W+pRfxVK2wA6Kkc
zv3|Z-i#+jx6Q?UU_TYog!|NbUBH=FONr(*?2T-X6ZqDNy*aJO5BACguhOU;Bqf{$!
zWuQ-g*ZS#ku_*@%r*JtC9Yfrsl)iw5J%%#y++Dm>XsC!68>+*j6fjLkin7UGhS?-)
zKR2cL-bxUvWMVGOX}-cycig_WJwsf_eTorL2$;5j`Xmfe#1>{#;fGMd;5w&UkX|c<
zH0e8s(!!|OZK@W)!UFqoK%<uBFWyJtAAp#IWDw?8ue}&YPbQIvSud_CK=K>%F#v7Q
zIDyu*Rytt0fzHM0V&Tm^$Z2J_W4WBJ<c#c#X@seW-V{4qDdhB1RqOl-=WuPYt5j-W
z?FBBtO;Q79uF9lBySRi~*YiM$r>#L(CdlJCSlq>pg1`(DP1c#9{x$Zwgwt`I&!3Ms
zm>u&Rgs0}&x|YMIrU&t0TfRt9FfjY$-50wsl~zR1<s&%<K!+zqp+|feE*3&Kr<dVM
zmEHAYy}5ei(dpTTqm#qmZf|do^uuN|^cDFryRSxL^{ZJLMIxBpn7=<f&|`JYkBK=V
z9vb*rzQe)kk$TuXbJqD0e|NxMuIr;Bl|TWx(cqQw0hOssZfYCtG?)yd_uQYhj0K3Z
zD>zD(){kY|WYqd|kfAmHl07C+Wt`=@z1=P$SYyYhFbPA~6z!-I6^HCIj1PW#ma@*G
z$_Lzruv|xeU?E-W3cA_UT4X94(O$(m5yLp0F1;iJx75LpcP5r_>8)o%72aHmCxrGL
zH&8^!7>!ybF+6*Ea$4-;MJAq7if*<ZJv~*nkIiV}7~7pdNgnTAzH#OuA_J5SwBB4b
z0pbCyYWb4v6SZRrH8<le$oVzf@p7Ivb|3?{bfd3Z*zbpVZ0dYvIDG&mAnO~j1BA_v
z<2P26PP5u=%M4Kpbb5+%S>7_&T8FS0+C=W`tCUAWlDxI%at_LJ`)b#zVV%g<oD`;O
z-=h|T*vuK4RUX)#QwC@$6yplJwA&XV!gfEf;L_a0U}2E9zmh5jmjqyHS59%jnt%fO
z;YCv_0L_PCc3+ILTC|JQ$}coWi}VMUKW2vI^+xOpjE7Zv`9>wJbi=9R(@)N;-B*)6
zXM4MUA02EK%2N9gpLYgv&5(09-1A}bYy1Ss!_$-ZL&W8*0g~Vv>AcPK#+eH>$*>zG
z`NRhi8SY{pkxvcECi1jLGo@(Fnp~4u%sox2h4rM893wx26OGoxjdUaZ$I3Zc56v=<
z#lH^HkJf{8Nl5ySk%_b(T%M0?$f>7&Wi-pDG#9=;swh2^X2`KIAgrqOhSx!d!geU^
z`ah~1g&nU)VWrlCnn^1Nui(ibOU4t?(Dxv7mBw;=?EaNAP33_QF=|FZFFfiTA9cR)
z-3tfC{5C@|J1X{J;%fpG+di$XCmv}5vU*X5C5xh+v8i0f*(LQ-=O81?fM@m0Sd=y(
zgjKT`S{&lyxybtja~jLJF!aN!ry_I))CVM77{{cK$9-_-V&Oqrj#TIFA+0=~2rj>2
z$_@K%B%yQ3Wr0ipLwJWFt0Y`-^}4=>KLXHQx?d5_4NBB;l|p<I3(|wwhslHf4J$)j
zB*ftArTp+d72;V%wP6_)NMB>PtI8*1i<WN?6?^bjP)DHq<i^&3(m~EJ?V)9A3WC<5
zz8&fdsBeKC>&RZ}qGZ+;;rKyp@gn7MzAQHE=v%NsYT7eCFiD`mo-0!+^Th_syw1-i
z%Q!!^^=gIucWknHElHhF&kA_&!-JD|=f@up4$qFi9Ce)zH(1@ttE!gwM8Nn?Xf1*X
z##<O~m0w9?_yE5-x~+H<r%QQE-(XkbVnyEuGz#d@(_=!FN&jH}d$`49Qp3ds05rw)
zl2Jaq4AiexMrJG3pF)095b6GCd;7)qw%nNSif{})+q^K>4%r{N{w(#W)Lg6x(1{_f
z9n@%8d~h`Ik&uPPEcVg%&I_m_7m1Udze3Nn9YR$!ciyePi{mEom4n<zIuQMwV1jf#
z$$fNs`uXhm=UX`Lo!4sI<B#LGvkz=UD6B3u=ejFXoO^TKwZXV66Iq=w?#hK=fwpV7
zGD~OjX-rR#FsFpWKc@0iZ<s=Owt_4)%@R=*M!F-G$-cUvb81ilXDFYxU0;Qs#43S6
z6!eA$b(HX_GXiDvpkdKpsD=TrPIw9+hHhmMQQkBPl)PUR=c}gRkY9FFKe1y7_MLJ1
z1?9!T56%&v@Ul&zIqQx38a%xsdv%<6Yh5XxiNKA#a3c<wmbf&l3lQ+f5c<RF+sVU4
z3SFehLZJ#UA50(2Q|TO4KrlX4(`pGF>RUv8k8V@Do{rc4j{q76_d9~OBX~Q4_s7&Y
zp?+IC^z)XK7)@EkTEe_PSf8DM$2MafI`;9A>~7upytYgOMnZ40p3qay=+5@oIsSP1
z`ThIj!{eimXXo!fe|&e!WJ=BgG(!bzM&bnm?#o>@1o&zMhxdGSx1O|9#@kux<VZMk
zG4l~!E2HK(!HT&-3^6g)iroqe6+17sB2(%<s1bx>nzB#=g^(3-n2Xe#yO3mqSNMGF
z%)NN!yEmJ+ucW`ls2)yTA6~E_k#2LSIqqC}tO%1_LnC)8!%=5>Q&g57EG^_%xwMG0
zBVd-PW+)w)PShXRoiABgX?@q&4s0wzN><RZreGNz7}tSu9T;~HFb)#m^7!}~z;wg1
zgT;V(S|O;8V0(%J((9_0R}*Zy2*mK2)w@#DRrMmzDwEow#%Bvs$n$127L}+ork!>(
zoD9f&gF-XqTNzVUnN-W0S>D;i5>t`4bg?}0#Z0b7;LYOOyI3Cmd~|qQ6U(0_kJ`kt
zmIza2i{D&?sWOq>hA_#Prd>i<(<czK4ZQt|F&_QA6V$pMl!Wmnjy#2Cmwd@GEB9=H
zmmH|GEj!iPAy3SN-B80roI$vU+zj6JrFJfOV(CkMb8msY)DrXbQ7%E@5E_?FJqH8?
zXN#Iy&(ahp_~g#?X643DJoU9Ym+W37)O!30*{6o&_nL({!I4xBE}@a$E6KqjsZ@M?
zQQHm28oQBt0fca5uYAZNZ+$*)$f9<5QV~zW46RWUaEMkjdJyhPja#cm#dd@p!PF5<
z9l`Y2@_QzI>?onIQ6sxzZsG1mcDXdeZGG&rjKdG?W7iNPSaU2(9#IXEBi7#!Ay1%0
zS|c$Q5ASA3wf3-Ei<;5xY=XK?>@pSc2LL1>O^~l~HA4wI+^s#h+jG?4dZJ2Ji#e<B
z4TogTRK~+!V|x^HoXz6JRY9r^8oYV2;*$(0Zq3MMV&&ig@EYgzgaH(Wu7KHq78Yhn
zM1CgxC}O@f^TSxs)8f0k$hmY}LFNPih?!CF$9iV&Lkm6O0ou(qB(KsW7|vS&?56Yv
zHnbFYfxF-p;^fy`TKWFq))CQ0i?~Sqo*Zh1;PMv5<lhYSQ=Jl39ib_FM~A|7C|rla
z-4lh=$Cr5;&=H_o{FJ#HIhzE(IK%^~-&TgsoC%GLa!J7sTIc!V%B7(frr6oRSa?yK
zbU@t(OHF}g6>F`>8SAa%#&J0F+{C;ZVNrFx;^;PP<12T{D)R7u!z+1ig@OE}c10M^
zWg6S1HR>t1RCRJbHLX*blUnqQie2BJpB^>q%|xm|noBphsE)#`PO#rc;f?Nq@ILS_
z?wBKe8-DltwJH`qTl}ud?bJ~Gt~!z3j^9n%B?L{Cm6CT>VEOdWT^+?^M$|mQSanUa
zAiHAj#X`pTY-3ui9YQT3@6@$HJqg)7yLhw$$S`uaL1}Nars1dp0GvQ$zwFH1h@BVd
z(W(unE@s#W^~W%XfIGaNIKAO_YRQ@y_#HQKD@KkSC6@ISEAzlqBeI6%7n=s-O>T$r
zES+D&;h8op5({7<(80dU8e;b{^VR2tZOD3d99|iRH=)~rrAePM%^8?V(ouIEb=OgM
ztplSb4UuE5!6?hBHbbDbXQEow0Bm<X6~!^pRQ~VWjc)ch{3#pk0F$}*oo%iekD+nO
zmxG^=-<=<P`1JW>Lo8;^I4LFfh6t|-oK)L1x}IFi7k~`p(iG6C^W6G4QR*uoC3gNG
zq7V}T3LvB_rt#*T#Vkb13kY^tc!3+tpvUnljNv!&=8eD_60<gkak3#LLp5@Zy4LSo
z)(MwxDg(-KjhaLK;$%o9u#MPKzR{A_+(TWWrw<(QO++&<RtXEOituchD>YoX@_+P?
zr{dDR^1=;}ka|?#JKU+mojTm99Cx~-p;arykYkdJyS1e=3|($yq|K=5ZE;0v`^ENX
z!v+xbu#uG#N~5Y)J_9_aIEs25<x$3Ryj92H-8{!z={>)zoacafK<qFWXa^n#Pg<C(
zY_*Y-D)KtmtOZ9d-4pzHvxfSJd2-N9NbArN+1^TkjGwdtQ}sf)odB_e>Ix8$x^2KA
zo|ZbIMQ8!-v9iJ4=KP_XldoNMI(xrEW90O3=rRPyI%e*7%KAvkYInG&%N4|H6cUrt
z>sEz78PKhwa3<)Vu6)v^40GpVf&KWyG?|4<A>F8(l??WL|0Wwd2lotg*L^bv;46pl
zW8r%jo(u<`mSn1IDUKJ8y8_}~%mH4Y;gq+GLe0&cq-ZIXBIQe!TRgk69n#YrnA9wr
zAitJTrqne|Hn<4}iv!r@A@KXfiJvfAJaTgLK6~>Jw*)0-ovYA;`kKzoIW$rg9udo}
z0k?MNj~I-$7av;}K-fsxn41ymK3t}`LfUMtA9Sx5nymXkqip0Zy<n-?)G1x5dQ!ij
zH=}@dakJ(qOUI^_uxWCsZz=B?z2Zibez|IOd|Jn+b$r@m%TMPFzhK3#Mlw7w2?03J
z-eBdAiivv;9!>lsoIr#R8Z|@eb*BQQwFWm2%`=G}j&1eh=E%ABkXwryf4#h|@fWwc
zk-h`o>^+a*A=EX=tUfsZWxqM2YHJ3vbq&8BBE1&rZ9Nes-RMi6K*GBShDyMN6~QZO
z$S0`=Np~&}C-dYIS#X-WoO%~&2)SwXX0tH35>c$$)XM_}dK7f5T1{BB+mvH)`^pog
zXlaW4Ww`W`1d@%E{G}GkOY%eYMbtO+%7rImYmj;V+1%s{@1z=yzQD6udNDF@)+;py
z*yy0P4r=S5whn50B&aRl&=XCpw5Tf)`8Qb!p()m}Qk<=_HQy9xyI<3y_kZtf*th8Y
z-+wqdIsEMdNVm_Y4<Oyjf`BJ2HCDFpM?nnE?>c|VSw!K|@``ZaSy|~esifCaWrBOe
zUQZRW8kLF9W;IB)Pzda0_kaZ$tL`$Y!hLCzNO(sjxS=}K7NV(JOA*IV@1ojeTf})V
z&&5RhqZgB1X->DD-b-gL&tSa1<IAVTedXpME@zT*rh1|@DLCqO_4-{+C3f3-QZ}O~
z(r(AEqqFV~uAQFuLcAE5Y=ZPL=jn`Ike@RotzAer6;3rgykhClIXh3wT~#LJ2Xa^K
z5YjEJ&!iV=UxB`Gy`XH9EC1-u-e=hiQJhmgb7z<Gr&n0TZHZDEZO!l)ha+1-Y~Km3
zasJR*2xySz&r+Wr#@AD(V&<kXnuZ&^tD?hDXuO}{Gn0Xu3y@rb)0-x~7i_|4)*|^^
zYufF1>xwJ)$lqEHp|<>SIs;0#k1*Ul-$rG6)onZFCG`t$yxFmY9NpQazAJ_772v+i
z!a*G(mYY`o*q53(i^3TGrj;T%(dxubkBb?xQOc0Pv*~FxMJb;(RY&ec0x7V2VRg11
zzGHX%6P9e`KTgy|J0QtRboq^XO7GR+WxoULI>4?2>>gWw&tvTBXrrmCYx1(UPhBmh
zXm1<3nq_P68oHV#Ztp#Gbx>kml_2<FZ;F-d0Jxd}aPLo!{%*KELJ026hy)kt8v?4}
zd(u~xC;LV6X0&b3j+24J%WdeElg$_$zjojy&yW88@aX8>5&5Odg?p}V*C$ch6xgd?
zq@4VR+$M5Onj*fMv2vYyHwvgjG9yU5AttV@G*z~Gs+0Z{?qkJiq&jnrMt1cUb6Pk{
z^X2wXu4oFtofpi*Yb)x`uGZ@WO1=O?4db|s09alqLt1#-5AP2;-tK96yC8?|l;d~H
z)K5HcZ*yZUV<zv8A;*FDph4q!Y(}ZN<@(Iwgf(Z8MtF5PH_4UqF)QDjd5{Z{x`rPT
z)Pz)y?M14)$rWa}M%}c`nzKXYq#e%=DWY~bk=0Za=TdrtEy2ykQdWUU;eGym{Ej9<
zc08WJ<Ea#l!R4uL3Iw2;E(%V7Od{{%Lg3j)T^!JS#L~6-DsppZ<nxa|o_>D+{`m0t
z=;PV>`_CWWojz$@rb^BakFzKZ0x2VyR_euZ3cdoBz%`_=eFgR|d^iuhrS=&9{4f8D
z9Yg6xJn7)F%7nMucNm=tLLM+_=^=AdFjA7WmnS~^(DNk|meZ5Z1b5DbQ#HP{hFT)2
z;X;E3pfH9|OGuaMbc8&|BaRJ!##H5`DkV|lHE~U6=p032As`VZoL*wXO={TB=d(lH
zT+-StS8r6~nLQ`jRt5dJ=57nV`%<`|l*^|Eb}AI{_W(NxG4__2-R<u=cV$)SKQQd9
zJX2aou>LGVA+)Whm*L9ECrsBQSbsh{{q3h;Hp;H<j7A$~SF;9?-<w^XXVH%JU<d+8
zv;TrW%%2Qx)y<I<hv)PZnBo9(@wDheW$Jl?rCtZjpEE9cD}OPT+c*l-i%aJ(UJs;$
z9Nl1mmT8F7`}xcPy>Pb2FJ5fF#v|dYkT0iC=eY-s*k_3$ec{e7burs&3nQ1L9g;`G
zU<R#!G1^v+jB)&i3oxv9t5zv>wIfONBi{G7>32J%dc0hUITXg>YDZDRqwkjRs9eI3
zUu>C#14y+c8S6|UU|tdqE<;Ae){8_aP`U(Vj-(k&+sf2d(2B7ZLPhG?5-8ebNJCNX
z(pmWK#jQf-quI!E8+S@PX_86k()owvcRNIUNHg9UqxwCwG{8er=9qdWLWOoK%T`Ci
z$CO4dV=-}x3HDp;m#qPlSv%XKt)1<O{QvQm>O-n0YUXl>+1t^!AV#nqtD+Di5WPsE
z8*>MccMw7>vV>u?Y`XO$^1+3%9K^UzX>2mt8Evbwn!sA4<MifYDVH;e^jsUPI>`^U
zqz1AIpPOeD4EhjF!Qg7mW}cN5gcJg8s6ipT%yk%ijR+>ZTH%l~ngM@vp*`T9>K13|
zgXSl1c>&YT?vX|P-*z(UG7pM^F)!A`FfX|D;+gNpF%`1l`gfLCl_J=(Di&K;G<XUA
zDL+Pb3wDtP^SD0%LxmZ}G{M3P7Uj@_Nsot!Z>74V+*7y>>n<^YqkMMl5;dg&*5P~|
z&esI_)xLAv>xRg&*7IDgv!odUC4#_B-1@<#nZ?|b?g4!b$MS19kzd0d`8C`%zTT9y
z1CY;zp2i5RtK8+D0}0DFc8h>L$4ZhmWAUE#<%aKW8T|SVSj^}e{BpNn>IV)=yu7>b
zIgp5-5q3Jh1v|}}tg=V#<Rxz9-m;srTn%@cXe{dmoOUyYAEfr3TGtyiwFV6v4gQ0<
zhl>W8{LA}*ryH#(775%)*f%cS*v#7@jwt3GPFfe7bl@DT{)kiQM*xbIgi;6K)|7NC
z(v?Qn7#|JN<y3A~P@xh{D4~$yH;`JPCK)P|VzcJxNep;kNiOTF%md!Yk37`F1x~hx
z^ni1L_s@Z%kbmW9gPLePIGT<q?TFI#vg(M^I|MY@ytN@#lrV}>Y6kcz5vPiiv20l@
z1i14w*kc@W52^_H6`kbAUz2z67o%1PT*k`>bQu)3E+Q9(SM|dP-FlpMl~SWSRW13+
zEj%b_ezI*+p-`<&+$f>tUJHi8=3#pDNh{x#N%7ubXb#Sk2IdEVp?ZwZeZbJS@9G7H
zmT{gfQYuSH#`h)OcrnLoiNdx@a<Wd6os6`Mb~+i|DWly^Mt92SWhbLMW%N@gqdR5v
zs*};3GJ4&~=mA$V%C20{rMc4i?yuV+L6c`6Z38sD=7NBiWCb$@Dog9{s=YF`u!Y1w
zU)I`Mg)wAY)Ef+(m7ow4R$?j_akj}_u3A)EYR%*x_<o^I27T8{HU^L7*82fk3@iPo
zuBacwK&WyZrip0r;#+k<v$(qSr$@qL>P<B=&6>iLlv}cDAq6<Mk|BHr1!&%b44>5(
z0QMYTT*wz&Lf-Y#ySQ}V6|Nu`<|cM?l1oS;hSad0I{IdF$rYwvUQ%p^>UP*|hut<o
zel^E#rL}B^9P2yod#y32vW}Zg1Mk0axM{oiCT5U}hEn?|$!;dAzU$N<!HpZzC$6JF
ze-H)QD&q6!<I^+MXcVFlTW)i)aHWrm1=aI8cdzFuw$AKk=5yJn89SzC9OohpW^^yI
zA>ykU$@$#XwVp&CffuorIq~rx;RT=+g?rC>O*|h+H>wiP^<-^psr2{_W2$x<2<6Sm
zLplkiHxkdnmB9Q<oUT@3gpWfm2Htav7ko$ye&vbl*hV%#9KAdK`~jg&J(K-w5MIN}
zlxU05ElCx&IlO2{*j97C)9eoltA&)Mp<TS}x-BTXb38;P(;#XC8sEfH4-^*a^0L#t
zf4^WcaDm|s^@PbX1wj3r-Y8ve3b@i?ns;EDtzft88QaKWhS$&vYkJdi2=i~H%@5XZ
z_?)rV-zy}Fp3n=Ykjqp<YSpW;8Ja;ql8ZE=3;Y;iF1&95KvCB{8L0Zg#ReF;dB>FS
zhIRl8CdBDuwPJA~6>Ca{4hK^{;+qG=p@!<G0*0|!>$7%Ydod<mDd3ksaj~7*6<<6t
zMhWW~n)k8&&p`Y(?)i_Y;Fc}c(J43)tnWzZgSaW@W2Io{Zgq7}G2fc0K1tW1Q{)db
zqqparokKxmj)wzpvXYH8Kx=k(9*ApxthQVwk2c9swFlLXhS!lFz>6HZ1qOGrs5j{o
zGozI)(4q8Io!=bYua{^L8le=(Q2rnZ@!Q(;3#?3{JZiPrLT%+<cmZ9|`6_PW(pF!(
zpO+!?fB0`GW61jrRrj!^NL*Cp9!+A!YaBcYl&4oeZM)IxEDSX9&WQ``3YiBPvq^7L
z3MSghX(#_)i%Z?w(9K&Rervl3vAleX2#xY{C&m*oq-OH>FsH_JkXR%-IY5?`FRp#P
zHFD?-?qRrGx$KUEixDB}0`i1AS3I;jlj>C__3WqnCF1Sp?wn|qwpI|{*#JenfQ)#|
zx5vrM@L*o^$8zhmV|n;)k1=a_OP_aOW!!Y`B`!w*4DfLLgE>+La?DoGkcxv0scsG*
zUs6If#EHcu;%vpKb>j`s$u<+VL(J~ZS!J4Xg}&BM7Z|^S$7n@th3?#xoXDR*cyM5|
zMLUODjKRxHBWz3DaS&0jP5u-AWxl?V16lvVI#j>qg}Gg$sz_+AOa}fJ%8y=Gy})*k
zI?*f@JjHd2y!b0<wlrTMHd@3?#SrfE5A$`4hNyB)A+OC(@Meg)o{X22ax=vDtQy#r
z8MU6u6YoiTJbpRc-WhI>-Wcf^_4CPawEM<Ly=0FcH3Tzz4kXi<=o#zaqAvIeBm$UX
zQX?Ghz?ib*>mB@$YM<>OyYv#&fX}79GSz7zzcgOMFHs{W;J>K&N4^eB>88_uM|wKP
zAHN*@eEjbG-ND(>`N_e@-yD$-!PztCSAOy)JNuilqiRMv1>!<(o~xz^ulAf%Th+Rr
z3=7YkfQvHn`)C*gm2#!qw(He`$%cV^0LB&BiY1}Kog8;L^)Avdjj`qi)0QC&!=$n=
z+^^C~cfIGTW0SBB3U9Hz$;~VF7S6HekzBpSgd6#u>h6}ql=QS>(hf5hQyPeBAljI0
zk)?r~QgQ8wq>f1Hh@@NE!e!J25Q|0VLXox>e8GgqO8&u1AwNoMn!tUIg^r0F&MQO9
z*VxY25mOLu$fi64(d@$ATN-&Kqec;2c~KbPy_!(^ACX7nsoVtd*dgCh)!rn!C0%#6
z4HkIkWmPLI4^k|!89E*tc^^~b&EIUl&Z9S8uu7$GI`hF<xp89YS;mW-HBrKoR>vxn
zEjEVOJl*{3tYVohz^`CxG7E9PRQl-9>8cy`7k=XMaAgu^9tTAb<Lz8@Z3|;JpSTrC
zb-US(VzIV+MiE<b19OOAJ7n}l;kopeV<>b5*OJXDH2z8k81i#)Dz%sfsbJ!0WkNH@
zVM4^IyRdNcj$C~=<eShWN2Pa$fT7(kA#+0IB|J6wP7T-&17FR!T)8)X=+2)Od#m=`
z(7kW%XkNv7l=A5nkBsft11Eo8jJEr=L5V6<VM2*m4%j<fQ1fThG@Vl8Y#Mcdp=*e0
z=&O;9GrJO*{;pzC%2THUYx&eJYDkK$)@;g&mGdg~I&<?rrBeV1%E@MPK8tIKfXT<O
zaDi1>E6bWG9NyBETUrIpeC*>sa|5ulG=G!x!e&Z%N^{FWns!Q<Zpo68f0Lh3hGl6W
z<9zvGwzv&Zx{f00D3bb%ujY+{cAC;CsNVBAi)TPHq*~whOX{HheaaU!=kCp#a+lM~
zTwFTX4fnPg>+oFpq(YOW4e=!Kk=M9tYrU=(LP?V~P?89wS2>d*#7acxDEFoNP0D`T
z>FK6r&Da<<!;HGYm=BTOb5_)P0w$OS2g=8|h6?wV<RU<67rH<w!5feenB+M2u7nC$
zi4x+Rh;i=;5`Nho2bv`|6*nPWur}cmxvbtYU3PF$b#PH6lE@QRMZ73$e{>9K1)Wx;
z;g+x&y+kZ=kK!TzCL71a?TLAHRZFBeok7!K=las~MfPCU41N%1FR%-MSb>J9cH6en
zG^Iw|VMiTy)L}=PO{3HuiR6|nG*RWwAaMRbcLT0wP&*xLqC>3@gn6RrBM7xmooM@`
zr!DSQ+R7-Sy1d{@?l+_hY=ldn^ajh-3i%MLbRqZLwR^L*io$O<jtfa}c$fQwZS^>C
zDut4Ms%j~DCM$Q>f?`E1$f*4JU;f{MImx$I;|UX3x0B0l-)u6<c35`43VrE^sQ#Zu
zgaS~LeAbiJMk^EeJv#;c+BCjMDA6~yDKb|lNYud6ZW3_qT?7}&r6DEy0Tc=`7|xiJ
zBurfYoJS5XoQ1f~hP!VMoN1aEt>$Gol|n(AHpkOK5|v3h--=1MSHj&(*doXfzBT(X
z84iVRw8Z^w+99~d+3VwOuWz!~@o++o9G7l;d6xAqyeko)m#q9>WTuv`7vQmlZ&R38
zlo^PYNc;QMc67@TRV_GMo%K`@B+~nIXN(1rNBdk#^u+NZ^$lnbNf%T_DPT$+S*WQV
za?dTc;T33Vl`DS~EnOc?2EGDK+SpdDdIrv1EGd1-cT_NaO!p2JDtFwDg*v1*NVG)m
zb+$}sSPUJ<AI!x9?*K*~Ch&?~m7tkYY_>ON+0GqAVL4?iD6y-<CHc<sdv-ubE#Qw-
z%Z7{JkW6l^88-8%E$^hHewa_%dU*tw(Kg(L@Hy!WDyB~KD`p1{z2Yqg&X(a>Ap~dX
zA#Zt|@ilk6VMz?bTdGfQNK2(`JgK+3f>g{MgGm5$uqjK2FNF7(V($-vdT+)~kKepc
z$(30oT(E`IPZnT0>b#BlYc_5T(fAIa>j1j?i?6<jl4UJnAe^*0)N|i5dp$&$R*>+9
z2Q)+K&lO1e?uJP^{dX*n7Z?DmTPD5Z27cq+H_8KTA&RuKwm%Yi5j)!x=l!RXx5w|^
z9et!eF)A$!XRj`kK~bz3Tcl=aQY>a^<Ru-N^hjvZ^Htn>;wmcf5Ti(=Azr<rO0d50
zh6SA>xMH$PX#hp`FhUQ0?!_}dq?=p|Y5M~=z<vcZ?IG@Hq$j44{P5yJ%!e{2h25gZ
zt+|Pe>sARYV{v{Oc8d;7t^zYtdPtkpmR!H1xd^o8tZj6}m%_7FM?fhzrTE)Q+UV>$
zgbkg@7(Ai!7AR3nQ(g9;Q%iJ!>k0pQ+X}K_+~+?Vv6{A0R}+)EI)Cd-g&#tP9%)Wc
z6;LTS`J|6)lv^vrvr}yPbl=fGD6C((t1x~Ow@9&e`wjyqmVQZ9qMg>Gfl`<mR2RW<
z3Mdud*$+YYVu0HB@zdG)`%j-gzSGEBQ%;;paidpNDS!#MLb^ITV`wB}sm(R2D+i_u
z&~F|0%JqE6KRjufsxlF({vi1sWEtYOKzJtU%DBL8_NBmpAinfg&eC12uo4kFJYP;t
z#WV+BwnMUaHjz4io3rI9&X2H+xvim>!kvq#UX}35<hyYTsYyHJv0)1-jayaNLaJ(=
zxnBb*on5M+Z&bC`tI*15?{<TBu->2*&faR-vkK2!yP1)Bj6y~&2!kP=y(){znUd0c
z=Rh5^@EI+K)?{zmAz3}r%uR6gsgZ|78bJCa&_Z2GmKk%9WJ!m!VzWK_)qoM?dzTGK
zJJuSV`I-9}7n6!5dm+~cYI2`GP<qppwSQ8XYNaU}4rN`DA4m#iE&{C{w_qzO>Y#uE
z{uXGEf%orJTPXZ?PMyrsrHCMak&nCba4unp&=x#F2lb|Oq*s2C!VN6g^xFD1L>W7(
zrK4KvFTUEhg_<-(j<s$JrH_PW2=gTLW!!ck9rFY932P)t_-IZVKp%qy;{^LEwbACF
zhv7h96&3NKL=?vH(Drwmu_DhE!}|WdP!oNXyg*+R9I^IbSnvOSxIIDw>wOpr@4|w<
zorQp@$^I<$DRgsJD<7J|j9y4_E@9;IirT7$PS0JUaR2k)pbN|;+`c~t=dmH!V$GPW
zMH<YA5^RY0YDQ(XTbb(#@?@MA$E~<RvowlCFvIW|FHpeBNJnDwSGZutx<K_%uARwj
zd4U=bqi*CwO#A-tfy9!_7K?SH)*S92ExiCj{F$W{Ss_Wrye_gq*##-=!`+Z@w(dxm
z;dw3Hub45wyvpIhJ9FC-qP3E%1M5$m)+}7E(u8iX;lttb5a)Dr$d*!??52}^8+Z=y
z@cf;mp7GY_>#P9$1gu6=YVfV3zSi}aYANe<{|-|mt~gyRycynh(*S~ui^SY}((HXr
zCf~^uBk_>wuv`n2lsd`Iv3&Pm_Q}k^r5>KXX&I4L2ye&8f$I?ls>};o$CiAaneljw
ztZs~zJujkM^i_7bTxgr#Lv+I&A%~}f__hjTVZZztUN40=p?f@-<Hq~WAtw3XKueTJ
zaMupHVhX>4f8oa&z*DG%gRk(UEm3N~v008Z)?C47^Sz~~Z{!Ekq|#K#OZftDw5uzy
zTQ9ezuZ6UmdlgFavon6}z~qQ%Az;fi2A{4JW_w+g793uNAyplv-A@G1<=b<Lt`c_6
zgFB6%Pv7+iw!zyUy%_Iq%P*s%Id$oEwc}3?*S<3v@51ZAhShr*wyVHYExPAVT05>z
z_U!5kmG;jp*}l_baicp*!qvVh3h~v8pLRirCPt!O2>BAe&_V`}9^VeRB1Q7cr_=l4
z%uvVObN)!_!J_(e%8~v<Ys1M&`p;58R4QLRaF@b*unbu-Ui-k0D1Vwa&pqkGXgskW
zI-8;UVLfj5)o5%z%JNjKhsu3xJ<{62_MgWJXFc2$3FJksXZ-T{<nXr#r$^Q^=2?K6
z7l@AcrC{iXf2s|oQ<>fpONV_dQib2JgN2tBXzV(<^yKPjuSP}3U_02ip}<*nJ2cPu
z9ymbcx9SkV&V_`L&f%CF#l&yrk5Xx@xX*|5{djIvTNX<pRRuZV2rah5rB)h^bL=eL
zWOk`|5qQ?vnTwgX1O%{0Pkh?me3glk`AE~icz8F5mD`*hY(GZXhXLs`ZvrcNBVDI<
zQtc4udjX1-7X&0c?{UMYM-$<|JOJPwBwN(FqF=rkkZ_kF0(KT+s;M2q{$d8Na8K24
z?I(q|@TDz?v;MMXQZpZ@YSAh(%xJ&`&(;32Y1};v)M|&=4}IYV>1q!`dytNqDA3J$
zp^y;8uD=Cw=>S?*g;%stm|QS~CM6H>+qD<N*n;RQ-__!p@`8ra3eynH=mR)<naR~|
zNd2JJZ04C!K{B_J)N|b>tfySWzSZZ<%^eU(YMxn@gffSS!TapA#z*mp`t^}8UK1}3
zg9miFOVRAvLEXJ75I~HcmEfX9n^H`*>AzEXgNB9JwDp-6Ec_Jv07A7cTzYY=hlnP`
z(3GV`A)1n}=BV-=eIBz8Hx*bC!W!+I$CM6Z?=i31w~;2jN66a@IoA^>1u-{6euu`M
zt04&aUFoi7NS+Gxfc1ZH<FB=ndS(*#oDqKw$MS19kzd0d`8C`%zTP-Sj%v@L#MB$x
z^zS*JPi2T}onw1?A)B#e&w;9(XwuL08{W&)+b{+9gDbz=eQ6hGIkq@U@Ry{!3Y}@a
z7+oA_j+_W+UKK0n_FO(nNzu!$_%vg;bWG*L#8*?M^7$)nJ*hdW#K(X)!V;jJh4eBM
z;$^&bg&9(n-voSe4FhXlBE;@bx;GXsDYU=C%E7=9fjjm2E?<f_0im4%b<LMgTKVn`
z2DtEVC{jubKZnP!fi9tbKs5<U+Rnrl6(M!IyoSVf4MHm;0XH{ox>CWhFt$?--W0;3
zatk`6G-H#^UZ@qtA*UH4it+=kJ@}sT^_2?Bm!+mG^5;1?pec+<2U~Wq<s-nB9b)Mg
z?+92GYCEy`=YRRXA@uK)Agypi7qVL+%^k{STUl`uDHS2^sNZLNX3@B}LVg+ZxQ26t
z5SXS&rZ@<cDAaFamOicv^L$ap-R;V1f}5j^yF@Y`eLg868Fy|W88c|u*>`>#zt}~N
z@hSICh4Rhgiqd%Ou@L_A-<)mA)Q(?_e%f{Z{LlYtJkAI%S$HOzD4+2P5p9_1K}fiP
z!WaRj)1#+3(-6v5?lr#|gel`8Kf}aGdHhah6=m4cFXJWg`XJZP+Oe2Fo{`+WA0i1!
z%6k%$?~jglbMH`!NWOmkdP77~8ib7z$(<jKNb1mx8->;nm8?#E@7;EglM|qM^NPKn
z>ZHb?U0GxgB3gwquJx{jgUzA585`?7x`>0<oF^TqSVxf|-T-<w$EM<wzk+EJn^i~@
zn?a*onKR)z<kD)6<m>rDzR*k_dD+3H%vQg!APAd?I6KdJ;>E>_0iLW+%8*vRPS$AB
zIPrWxYt06~gE@ZC>)eW<h^zKQ6t5>uE13CQoiI;C5_v+ga#pZ;4~BFNDJrEH-57K)
zwcShSULv0zrc)p8mxX{AwL{n%WhC&>OwQ6^=TN@r7V?LffX&~Fl%8{dF>48(NTXF6
zl6h|?lxU`3N+z&oH)4xm;z_|xf&FF|YRY^S-~!9f@O;MuSGC#*1HLnx3u4P?NIr;M
z=Rf}aFLS4nyIMuzD#8>VJhgZ@-2xYKeG1Ynm)O;EOL`d>_*tgjMH;5DfAdBc80e<2
zRl<T7Afd>pkw+^uM!P#^uww?BAip!U*=r=d|M+*XLk*GNb0Yt8kl)eglM={J<x6vz
zAZBNpv1T3mSC0PO$(odLLJSFHS654`P3@rrPd|T9Z5V$evP(sAx?I8l>+Gs8d5=@q
z2kRRTxJrDE^{D|58yV<kXtSFcPAdj~B0lG5HDkMV?BK)1S2K37)9M<7g_sxfIJBI*
z@#Qphqq$xuLb+&-a^3Z2VK(B9yCY_8n;`guyQ%PDd6fo*9%6$`Ey|YJ5y5;wO|)>i
z?;5;|Q(@%!(@o%gME%H3;LYelJ%=}3iNMw#YTFp!#Pal4kRkV9T;8zHnB1lo^k0W<
zz@170^D%^}DeATHQadtNIrAep&~6H_(Q$<xS9pJ}uoYqffRJ}L4OUfydm$3J5@jjz
zR>);1lMBpw{u)SSQLSa*bY?TGe5fsLh0n?QZkdkQmhEuC;7z39umFLzAb2JfF7Ymc
zH+%9vZB;^p_ZyYWr%+Q4pGs-LQB|vIPx0M&crQ)YiiA5yD4=vy>XX(jD-+<IlV<fs
z&>bQEF%|MV$P_K(+AvI&3Gj<*9TXL2|K*IgAuIEaRYEQ?pit;u<Atwf7>ERfUIExt
zM^Wa_z0G9Vda;?_!8(z(UP#K;QRLc*X^ogTpg+fe{#+g#_pxX5C+??SO9|TU`R3w-
zKHL`~+LC|Ev@L##p2%yGfU`@nbQ!3+hy*pV>IETnEzR<pS!&U`Cjd9hATFA@E9s#?
zV6-rDp_Ch?rdFG~Ftx}`)|$CexJ-epDyOIR@@~_haQNrT54Hgx6fIT06oKs3f$tYq
zA6mhh+Ys(!2dR7@h7<u@J@HjlWRd!t4D`jx+;-N72cpM{?z%E2{=(Jk$OJc)_uccB
zE8m;J-+RR-29ruFBk9PmAwR|jyl^cvx28PRMgdVXBwSCDsvG9}IC30!eYu_r&UyJ_
zgy@IL*PgOrF3vk0ZN%k3s^pXl>_7g<YZ<9CUQ6n*pK%_EYd4Zd{#-0v=`-Q&AN-(H
zF%6}d<+g9e=IT(Khl#HND9&?K+j_DThhebrq9tGB$cf#^eZzcGwG3Fv<VMKmIt<ht
zRQQN#0D(MSj#n>-FRurx3TSEpk6eMRpCuUoXSB~$T)J0Y7}<o)hog7LpFbdD!_iFa
zgj4uiD3Hy+k$M&LN`6Cvg}MVcCD_e8#G5j7&84`D`9e<~cqv13K)r7AbeB@Ua6v|(
zDaFc;l<7#Bj+9wP%ABnmg^}5HX<lH|g|_dIxMJfn-xA+eE*>*zgmN}#KZ#NS_(z<^
z>X=eD&2#*S?g1Ig=gc5w>dd_b4}^>{Gre5-f^1Pc#%=EOonLHtk#Qz<1ylKLJxCq?
zK}0wSU5ZSe=r~<->3+4PNNf7k)yg_yIAtdwr$(hyq^N`Z(TP4-Q_j0e;hf6W`ay7x
z&VW2=y{j@=9c~PyIlT~D-P!x0UmFsqLJ?wFFRK@-dDilvQe~zCLrnT-4h-aJkCZl5
zv|r~v2mDx_o^7IMZ%g#-ZM*c0Cu?TA3{HSd7F5MY#TrJ!M<+j~RC~O|<ygEc6#6~|
z1vzyzPmD`(gD!BEd6cm-1eo%J>oyv&UNp(7m=<ZtntcD>hp3_3`gx^3bb4iil9BBN
z5I@PS=guL|g|w6r!Zzr4sUs`C@jVwy`J5zj^^jl{yJg8pOzlxO&JD9c&tXk|f#&mY
zbwuGkJ?1N%&nG{}&R=Ug9rxMjK)-!sJyuZ|!u&}$$)@8i-Bp%aZ%BHy))deu&{lZW
zd>nVf<c*2d7}iDcH6|)lmezm_yxI|}ksgjHQ0Z>D#HId>(^E-QPT==xVq=zoy$pje
zqE|E0|L}P)Noz_oEb{YE%cG0bi!U*iujeN42i;QdtTX#}&2)^_P)DiAGf|S=SJATg
zMzD~dO?fQ;lr(tNwl*O4B=TT3r8}Q{bf7v}<w*u{KJE_u>lePeL65gu?2wK&>S&`{
zi|_eTGK4r|N%MY~Oy17F4MS*)=zLnSUHZGsCcn`IF_cBin3u^~=0yZ}Uc^{niH3xv
znyo$H<L$^7c>n3-?eV*JM<1K9U24X?$nZ6dyrdzfx(U?Fb5-1WLJYdg42zi4FF+|2
zIs=8$W5*IUJEU-zR`&<uTj|<W#NNQ!i(tBj$q2cyFQl_Az2&JqSiZ&%-ou3(GrkPW
zyerQa@~n{Ja(MzWGz&56#sa&X(>3-xI?r?sXC9Y#334TRW2Rm2GpNSfzUE+D8SgAt
zoO?5FH{|t-G$q8^cJ_LI{_p=YHW!^<{-8h5eP)+w4C)qW^MDyYj3dE3K<Y7v&WI?2
z{tDq^j;rsWnMa3a&aOk%BZP+&g4Kzs?7ruKA{;n9JRTs#&y?i+ppVNAk9bSvczjel
zI0Xx?IX|Gu5L9(V(q=0BFu1@}V#q?|hAc*>kS%IQf@lMnB56snn{z89IO((MT)LU;
z{^oaQs%p)4hKkj_G!Wlb9zq^<=qFKWKO1R|an{!7lb=bU+!^M-_MFQkS;c!>Tkgtx
z;ff0{1{42c7B080#!a!pm7*Mzs@By;Ibz-#B}|94Eff@0wjJIu`6MWdXt)ya7)%BW
z8SeLTGzj%9OyyHy@Lz%iQT(*iQ7T)6L#zO$vxKij>naD<^lsZ+rK!d9gN!LjWB8<a
z5agV#^Mh=q;H?U66W}53kU#dy0nvlFmH5%oB$c-Hd{3Pezw(nexL?j`bDX0}!}uk0
z4`d7KQ2@3|G8XniZo6w9<?R}SvEpj#ua&L9CqrE5+|&IxbmQ|atKaavb%*AH$}pfE
zGNPesAc?;@{q(UgU5zCuqc@6xC^4H2@@a>Vj6qW*hASMwC3hf9tJK+~OkUy}^sL3o
zV(TPisgR7J1&x2<lR&D{jT0^y<E7*OtGJ2zq-JK30P}m^bM0FOk`Nzv+8!-E5i8-+
zX&<{w``nqPSg{t_bfN;M$D-5A7l|dF+>jBW8QiG)THD(p)E*Ythge{rU5eRP8M3JC
zloGUcxVxIyPn<}ez~Pc&=w5si$Y)5OwGU^{%9n4H&p|lXm!7X?*kw-ETMa!M2O0!U
zdUJ6nW*0FCo;*)mX%16KFi+;Fq{dw5(ZE4~MJ5-`$eME|9q*I$v;yd*r#u}J5HoBN
z+K?1!t(h0IExSrZ+9V4aR6REgx8t6%9|1)97#5PGqyfau^zPj{KqRvleKe)YcU-4U
z*6me%Q(w4W-HWCGQ628l;U2XX-w7Wxzs2yePJLzW8_709-ZgLLBaerM$PxX<LkPN+
zNNXg<hOq!Ap)b$=1L?RO;HIjPB;lj&-BRVvifXFB3-7N}z`BwPCA(Z&u^DUge0jX@
z?OFw)!x^UJb*KV0!sOD^t6T76+r!}<9-O>8Jv%s4qvGC2Li|DCp4oGLIXFA~EoUtE
z-$&segi+@(Izh~+0nK@steUY)>W1M-35y}lIYf57AwsMfj@J&=ttVZTfp{o?YzjNY
z`y(Lu(*7t!z)*$>ub4p6hZ~1*`;;L~e8nm%*G(wvO;sgY!B1zuFpsy2!bHFwkXafh
z;S!*mDddsl^YJ>#aw+CGLOd4!Vu+1NW~46;kbG-sJR8I#-9flSzOl3LzQN7fhNKso
zi|1WmhM+K+eo+pI#=ag9ZKXO(GQdX`0H@F6<U!IO>Ep3Auv!_v9L~K9FEPylx3pp{
zL0pehoI1e?4+z9H_q2q2OWEr;g$`*Yqjx|%7;)g<p;V7g6ccc397{Fspr={^NsarC
zmJ;nl*i%q17&$#CE%Y_8ikr=g?H$S+gf?m`BnIu;bG8M}3p&1fhM76X2lWx!n+mul
z8po-C=IVyXlglVfFD{KHdl;O;E5Z>O2w%aF5Z<tAwnEN3edjDUhOeyqSpFCQCf{JP
z=&aCXM_s8PB_9|@e&D1l>|}rLCXZNhdd39cPF1RrCjhhUbO!}!6geww>{OZDxScF)
zl?c;g7@qDKCSQ%(<;~<N%kK1GU*RE&n+`T6d&pb(BH$vWtG-$3hoLEAZogUjq`-D{
zl9s;LiprW)RUtEUD;5d=j<^1(*WyoGdI%JYlrRB3PfI<p9TGhiiIyfIj`1ywW07u@
zx}QkR9%6z>(FO3lt>4F?VHnhFOMPyiV37eJ!h`ZFlrE*XhjX%KB(+~~cW9_~BwQ&}
z{cOzM;ACz2CiFw62g|fS-rWU1CyM)~no|p_744y?#Yrn%26nTR$AT+jK$6v?ww1|-
z`M)A%8$-mN$%v7^Rtd!hBJ-yMQKZz~l#h$*InsKG%t-Sva$7Wdrp&l(PhL-!*>AA~
zH8hq5P!zNx?7j+DDYewY8ZA_2Z%mlhTS`0UE?1jF-?hlNHjDNvjJPYc7G^kHdi2Ap
zW{ZqW;2~#)g76yhL8>5=aA@WQbI$orZ>(UOJqHX7vTj=(ZT$J4|5d%xeRfza6r-l3
zAGsC9KtqKY%@A%qAwQIDGX&T~%ulCx3aH=Uj<Bv-Yw{Ls^3gXJ8sIq}-1uv)P_{p^
zUqt4@CUNXjg8oY}VE%C>p`dz#5lh<78jUAAyDvFzyoKDU)0);C?`+Jh#xFEq7Vxo?
z6yU_e@Jd9r+88Q$kj}XCM{-~W?7jTyjhQXUM*Q}S%2B@=3(;USRCi?2F>pg<{v43c
zvGW-N1_~5T+55i_=E?i(2=>>X|F8ekIZ?YPzu6G#LD)!Y0^B>k4ohJp5x0>7r7@(R
zgT-2yPSG~c0jBFX(8myB%{b7uC~rMMK7#~h`qKnL(?B7i?(8choOwa+Bt#9`bC8W4
z^@Vhgyd@kQ&;dN8wu<Tymrr$Ra@Rf3&W`GQ%xL`qRHu<6+=S|6MS29Pvq*IEYr9$J
z0yDo^fw()+vjaVUh{)E1p5yy~o|_`j&p=`w==pS@C$}6iTQoXu(lu#(XrXwwszq%$
zqFI^T?m{%jC5R^bQ;29b0LrXPwhxCg$D2Z#8(633AkpUzW!6HlYoJUDUA`B})Txwa
zV3`#zMD4N6%4Ab#EVF8%tRdvqVwvOWvCMjjY#o+qn!QYB>;eHd#wneO$jo{Pu_H5|
zFPUkd|7)mB%AHd#!njO-JDREcDg-iI#VIFUpT&;8?C8sf3$UXv>$@h+r7!K1U_E`g
zCg$t-%coz?j=y|VS(<(2$+x<r!9z2I|D2f1amQR%%3OYTmrdAS{1Uu>j0;=-&0RaK
zji@C}zdkfD7LtdwPQS-Cc3wb*uPjMH3Emwk>*J4K4t_p<cYbzq@bUEc?D*41YKrIk
z;kA@#_LPPM4K*V%199PkyVMZj)r`RGbh-(EW*(xWq!TTZ8|amyOc25GdMYwiipYsV
zRz>>J@T%sNVrS*cS1nmRYf48N=$@Zj^55=4xB8^Fj5lI88<KZwEUH-;i)|=~1!C$|
z&P}=|*L!YFx!$&jN>ZH7Z2%-IFH&z#qljj{_o%t&j>YU)%!);}p2eK3V=<AIB7-gW
zYh+F76xN~ZWk>N!zC5vpPK3dGZv_NUu<$NYC<-tv)DEFPF3#CvRuf?#Hws|?!sU;d
zy8<mDYmVo3mX5)(pWJklj)65czbW>;QkwH+Rm<LRnzJ&wogi;XezYPkO{WTm-DReK
z5rs>uwWb<XO7rkaud*8T`W(}#_T|&UNR^5D;c(|<Q@HbKhc{OyQD6|CBh*=$Ko289
z2@`|sG-g$Sl_*J~unkz-m5a>=_=-%1E9*f9VxZ%&TN%+JBC00Q7C%#-zN!=rt#E(T
z9u2KbHn*UmJ0==R!9BT#t&)t*>5*$}agN1wNwF1WHJoU@M5htQvP6=>IugQYkd74j
z8U7Q7DV(!tu|V}KJ#}nwwNHg{>;-LQ<-RSGE`=-KMngyXRe=T9M+S`Qn|5&N4;%7b
z2AAfCd>2g(GNfysRGRkJ$Y_?ag?!1}i&wsT1Bs}m7snoiErIx!a2p=npGL(1Js{r~
z7p`v=CmNy~9eer%h1;>G4~2<3_O!NZ(p>g*)6SoF1(O|w`t<9%(-a7`-ZS2d?o%_Q
z`lbG8FS0`htzvNqDtD&Plrl$l&|JpoIl;e^4*qQ>{QF}zU>lj>opns`!u9-Ep^_tD
z63*Wr9RGau&O-56)bV*FmaZ4bkKK$NRWtfG7PB<+lADGIum1G!^VZ&a0-c)k1%62c
zi%_0fI373TmaKHmZ!6{detRa<33UbnmhkC_a6-11F<_HUfE6_RXckuya(vL(E|Gfb
zOrtarL;N)Qp&jD;G#QlJyRn)@<}j}v+@e);z^f>{0`|6CX9^8hZ{>hTs6$lUGE4*I
zlCk-3L8Y1kf_0#82m0PAvh|?v&aI$tDeC3)xPyn>Oq6!(!*<4&*#eEZM^`p*1Ogn)
zh?~hh`Q&YIDusMY?N$-_h03F%5fQ`#)rJqlzzqc{+xSKQ?hl-cR7xaBgnUIfG^O~j
zD2wu>Kx3`&Uq*hDOE<B+hq*U59Si&ftm(c_%_`$`8bbzLx-KZjq3v7BHBl%Nm5<Sl
z*uZks<AkUb75=Fz6=^ssT$$X;P+{H<Mj~ye><~ZzP&a;smai5RTp0^onJg6xe18Ub
zXHy1vryY`ft_*Nx0xe^JEw@?j{R^SHJKqWadW+0lsBu_Ae*E>lV#(z+S>U3llP!>P
zrND1$%_22`?5#{Tx01caaQQTF*<MIrd7i?lP7`?KslL$!o@XSiJ7M1}H&PeKw_YO4
z;KO1HGGlyQqoXOtcr{>qEA%Iavr94iy7s==j-I~-&P^2hKHLZnp;|XgSL)=Eo|HVW
z*bwqT^)(2ugJE_qU{{C$aM;}V0eRNV;e^tzJSHso=s^Q3eF)!^UW7Uib3r3}!<Ij$
zV#I(RGbi^~AA%Izr!oTZ&Cz0@A8EXak*-CqxoMd3XameRR~srx{p!xO*=!3?2Gw>7
z6V&EB-R!FS7Uy}a1|+cTR#9RqHGtFwb;r7m*+Iq+3%NSTxPy#4$hgjH^1LA9wV<#W
z$9ACbBVm}MhRCtjpm62@HA9-G3`;quGZDCv7uHLbdEf7iDn*q9i7H0}@rUm%y@UfB
z`I8H29OK3iNgbhDAXG<=p$ultw-9#>N>rmgEb7mnPS1u?TEL;62x!bm(T^X-iS*J#
zABK0!wfjm{4h+)b*`=7{<p8-~e3v=1o)<xs72$=>hM?Uw15p=gfZM_K8zR1%p{VUs
z;ChmWnnjIpK{%m^(vNXrz##M5c*~`jd(!axH)@?U`DCw^Yp&LS87Vixhr2V~=FnI~
zIM}7lPiK(eaZ||ku0jB#Yy$Pe(Yxc%A4(Y1H^!@ZJ~%x~_Xg9F@+fgcaOFi|fVu;J
zdQ-X;G!|LaG%Bf;v%Jwt1;-dD)#=%%pN~EcjDgz3p%%2vR<b1WE-sivio_6mJ37~4
z^mXBf*8_GGRWkz9X0Ud`ujV2_?44dux{>PftedW_n@s_hI;6EjTJIFudZcxC9nuOp
zeAkC!5EKQRx3DP%dg_Prgb*9&-=Bf>CJa!T2MTvdkGaBS*dF=QA)cYS8p=I*dQ+0&
zxix$PzmcYCASEA*bNR<jr6#vRt~-6_cu_dQ10kfauFyrHkaSQkdE<hFMWu!-5z!54
zbU&`c)Q3w=s+knMo9nA$Y3^o)Rqgb^Sq)$-L^P987dM5|11l4ziSkG2V^HJ$nb~(A
zo<0v}DSY~k3{E``mP$$3S5@g`!%5i6<aWqACOcPhXGrk?>Dk-?GO+79<AP-c)b@#i
zt;)oyVOa2+@593G{%OlNgYE)iciSP&=L*DDx7*hNu~O-z1R>)}DO!m86dgAYtqz6Z
zic)Fp9@V5VZG}3j@KxCI1$wn|cC|9W+`_Jo&91cEq_R~)iOT1X-w|jaN}dH91|sdN
z-MIPm_-7=|oY=4ft!7h+zmNFBbWE4%g?bK!&5>A$NCY!sbgVTznk%FnTP4}vaW1+;
zytVJB&T_5+uW}yF2-;|rJ&dc&^*NAocOgd@!kBwVBy%jc4rl|nh;0WRQ)};85ah`2
zy>)HgB4Q0^KbJD$I1y{sF8=}QLvq~6=b);4XE7r;=B3c_heeGY0;>_&alX^8re8Nt
z)yU_}(JNGabXggcVW5sGSw>p^N|j9J$j<&E{q&)}@V$pGViw0ZnGV;)BZ41tnQEtJ
zWYcvcXzbvW%Z$hFl0RS)X1WQ}2B>C&Y^^WcK<-90Zrqu>iA(hpB+-pTOO!UI4M<%9
zT=4bE_*)}}YleVp3gJrmHbZ_LgInJ<X$FI<LvI_k$|CTNt9=xCkDJnf_e=d-#cG{(
zg!HDIKZ3Fj7!vr?8{5m7ic9y(3uU-kQs5W!W~|9`AVDVzL_`wwXU2t2(OXp*=y)Rx
z^ti|t<&lrL$a^@wlcT>IZg2n8f8iXP#75hw(6LE{+93l4IXm00or9lGjt<`a@8@rS
z{&e`a(8g`SGG14gX~ssX85tUg3m38o4G~^FxzLuWa6J(}&4$iX^4Z0fqV!>XhE`Sr
z-kRogU16Gv06;ShvUZIIj(Zh)bGqj-PlLIOY(~!3$2wW9KM!=p+oVA$W%}et8>&<c
z*P9!XvS>aA%76}0zPQ8PBKwW$UPDpVvu1_XrP$w=@3Oz9<)++e&R{f!xam;N4&}T%
z{9KE2zBEzJ?1vleEe+$eLx>Y9229~x`F!#-71iC@C6sCQZsl!SA)Z@0hU$uQ1~@jw
zyjBV{zOHI58xAy9CO2jRpbTbp>CAfOl6fWbDGf-$vfAB`Dk2ywlizm}j4#&^j0j)M
z5+oVhA;Ra1EmkJbjj=__K<C@~RSG6nsD-zJi8W}eS@juF-d6LqX}W@i+=DIIWw$qj
zG#Y6_Vt^4WJ7BL%Kh1iHaP5ruuj1x@x66#(3uD}8Eph2iL=xR(Ae1@=LI5_Gc)3dt
z=783i@^6F+V^(+6?Uf-6S|VxtREeh!+B5oAzTTj3Wqu`qwEGyYyBp5XGx)2z=@7tf
z5ck>%>@Cik(DWsvZ>3I`XGv@?@Dk76Y>Z1S6rrQ!I!dnA^6MzM`mRZ%DLFIX>o~bb
z>Oc9qA#$vB|H+&q(+rV5cg(G%@!@8~8^jBTCcAP=Nv_<JZ5!k^SqHhnX}U^c$9Lo8
z9H$$cr+9_OIX?a5yn4Akaz39OIz4sIxFH?mY6iAVLqKz)Zua(Lfo;!JZR-gtX_yTs
ztg40sInmRY8NeiPX%xlABbDccrGeV9i&PW0BI4$SUT_7&NH4hekhc`R7l>|}b{&|s
zVy8>klbTdh8Pz*BC9QmpLnE!>?q3uNL1kU457pA?I;ZNjsgkyf)c0?iLQZsGS_h`x
zDYEro+E1JG7%X_ftq>Z3Xskn)rGZZCaDvECAj%+XtU3=IbJX>Cd;D^^y))b%osA}Y
zJG*<6?f*)@X@&fDejvzK58GQMwf1tms&#EPwN{<n@@@Ejf*m3K&<oXWd#ZYrLIXaq
zzjj@#Zvt<H@qJYgY}Lu~y9u_RYDTbCC&Fh+uvNIf@85V2Ev6mV?BC@(WD>T#lB=p3
zSXHUPHK*UI6HSd9^HnaCHSk-G(W*gfxVlQpgxA(LES!dP#j`z9J3$xB%r<Rh7AT;U
zg@C*zKyA{$gE!A*wXR(w)hT^I@}engNf?{5WBtM=UZlRtY~i1UN00sTDsS45lxDNw
zH)&WYXPM7b#&_kbAKd6}p!y-IZgM>20JEB)Q>+)<*6w48UKvNEGfy!dq0K9GHC&Wr
zUy;?M_J~B}!5`8Lz3N!Hj-{)${5qDdzH8EGmM#lDRg&5^?DnJA2caE@*RFnbZy7al
zzCbWkClS6=)fn<X_HwAke;vl@V&Q#*+8}M&v@uPHo;|5YbVmXufcv3(Id2qn;0$!&
zlfp<$C3u6^MM^l3_TYNI9Dh`UiXrWL<wXhH@smHM;1Q;JVdw%8#>&HCpgYdoyYP}&
z#}@btyyypHCC(RxP%{jm3A+w)nz6NNM)GyTiyvOg=#;vi@R!B;nTrISYo<6`jF!m@
zR%sGDOF`Z2f#Zv4c(Gg+oJgM~QgS1V;pMOizZ=9$F9C;71heR7#Vz@H?C|`Bb9PCu
zlE@QEbu^_C_4GzQN4_uq`S|%l@E5*$$;}pj98!-NTtdaSf`e`CIAng$nDTyEyPg%!
zn+O-q$?3uH)4|a%>Z3O2E@ER*Lk$&z(z#$5ER9TKf)ICxXeFE=T}tJhaRs24sTAf`
z)%x`ZN-fEd;G~Akx{#_WicxV9FZnGDYg67sZ{rG0J&>3VN9=IKyTjhKIO40@a75!i
zPOAnSALMKXoP|BZaGc|>`|^yDr<joXL<|;W<)d(kVuYtCFkwN%XLuae91cEs$N-r@
zX20plsnes72y)P1Lbv3LZ}HRUH|@~RvL1VE{83cue8|oWeU`7JM)SBIb^w;tsA2(4
zEMgI0S6%i<w~S+=DF(h$=5bV&Ml_sxtW0j7Y{{6h6(nU~GvTR;6RogruFVp8{Bi0+
z1rltQQSi>&J~$y>a%k5M!5&_QVGQnMd=p5)NzFuSM4l?y>d|<zlSjrp?B|R<oBSIY
z4J!|~O`<zuOP-ff-jo}0qdFtKAQ2Zdz}`Sdz15|N67eljHv(ihFi$~;)jUBzlt1)c
zc>1@bz=AyKp<12XHM9Hqe#q{tKW)kLu?DDaWs-ZYsBU%Ea~-P7j@drQQyYS8gHtuz
z@Y?W!G`caf0#eTjds8$HK0u`&={1ZaY`<`v+1&}@&H!g9)#q!+DrJ1{=X&D3l}V<~
zcyHB0iOT10vnckQB$6Hyc<t#5Zt~5~-J~2^rF1X%am4I$+LZYujRPl3x(05vax|qE
z!f^bN)hQqhq>Gy`0IhR<A)z9dJWKH!+1-swMOJYFrskmFA}{_5x&CY6e%<l{<+@;v
zN+fjWoi3z9K?2VURal@(gO@zwP4remm7mL*O1YTLkZVm@%Fi82*`bsVT$5&?lze*F
z1QIM$6ual4D^};3?|;4sqjO9t$i=cjOXC!I=t~*rj{Q<EcXuY^QHN+gq82m;(fm^X
zk;2LkTjzwmSwnF2v@`am%o%%QIbtej*Njzr4vgmxLWRE*)8SheS|oyZ+xwDn75)3c
zok!oT9W4Vo$E84LHl1}FzCZtPeEQ+w?C`e~3YptS4=uobq@tu|?3<baoZXD!he)rT
zDqK&1&cZd}XWk4F<-bQ>lJgd7dThMuf?$$Et*U)-G@DgujckyC4;04|*UzO*TzS%8
z1OQdsO<tA|mb&=HY)3<qE6pb^je)}iUz!^pYcG}>c?$#q5<-}i8uhL(Js(;gdA`r-
zHuz%<_pg8JB;svzAdG2QnnK@ncx8uI-W{^8#VcQTc;(%Ar5Q|?VU|#1P!!jF3CmW<
z^fr7_LrQUhoQymm!a@Z}HpL`Y3Pe`6#tjD|E0Y@mkz3p__O|OFc@%`uy($_iRVFNk
z9FyzNa0v64bEHLy_mqctj+EVg0qw&sRhfTjJuFL^8@hQZZumXhA!-FhA^=fppbg<z
z>tTRT{5*v}wnK8?i#5Kk3)Wbf<en?mSe?Dx1Zy<*D<Jr)!dS!_a}Pu_c^`Ih>BW=;
zk}o{>HoM;X99E(B*kWapxpgM@w$*XdYEIWG>Dc_DF_Jsx`k0xwdeAiPT4Xkxg(~ip
zqKdkMqLotQPK%l#l}1n=Q(*+Gp@}pO44$!X&pF;Oy>4aB3zT8HYKSUy1Yt)I)=+#M
zL0I24=?KERUP`&`9YI)?7VI>IAguSWWz)B6hCIL2pU7mwCX3aj0)Ts|E-R`*#}<Xd
zwe$C%PUQE^Sc>P0S$_Yl>xZs;%UH|FMyw@?rf}&DB)g7zZpQwp8E)B4zJ7@GTC2tN
z1nAgJK;)A9Sr!dFWTL1&C8L>?>4RVSBDhE{w`P}aB!2|+l%=!5#3f;yK^P3No2BOl
zx=M$Iff5!|_sGPIQmn47Qk@!#t;D=c1(A1jO<DwT3dE%hQDQHK@Y0zBd6Y!LUE-&_
zln?U(>nI<&y@IBi-Q4Y`L^BmQ2in1-X7IObkWH9nBv*TRQ`$0<14_i8rfH%(V!GOb
zpmN_~MhM>I{%Oo_f(ly`yzygepcA!EGsK4dY6?HpN~H4(aY2@5DiwlaqigDEZ}Z}C
zYXDEQI-H7DAS`T!sqn+#0$3~DGq!|*pnap6&ySzZTFZRq`qGu5pLoiZb;5Ld(BzS3
z7Z^Prbq3Ao(z*6ETGmbTVCwl^asyhaKu~oo+|qOnI|R~|KU|ikSoBJX&`DLxtT?E|
zv`qV|%N~CX$MS19kzd0d`8C`%zBuWu`~>MfX6SU89n)YW-{_G(v`h6)dJU6pXCwEd
zAVFm-p^76exns1$a@{o%QSZ%M-!HXKeV*&Nf?4CG?K^usPiN2QqqzH$?OL`t+_xVZ
zd5Za#!OhFPEtjz!3-TKghzQ86{Dm~R5G(h_4_z{LE?iF|Q7iKZqZcv0b0)e|k(y+b
zb(GXgz<X#2zL4=Ix0i{G`cS{Lt)*8H(^=Vq9m2l2C(wyN00k!ih3q+hEGzzPyb^<T
zHNX45Lb23W+^~PjmK_5t#UQm~we#SWm%%=nT-LOeGeXad&N4IP?GWLkSh(FyEZolS
zciFgcXXDn{xLZxxcNnqpgN<166*?pK03&8zdhU$WcNr<R_c*&D42CLesdMhP+N^_}
z?=o4F&SX86$(lUaWEEebGg&{>WSLj`<en^I)^bO_xOg#exCMVKl!s=)*Bd9|YEf&d
zH7x%gE-JXQ%cAjg<>K}xy2i7s|Ao|vHm64Kjt!uD?Sg03&^w)Rrw6KFLM?sWL6|c|
zQ0ZbGA0EA4XEdeX6y>QYUVq;ZyBWgnnEMBbuZhfkN7`3NQQq6<d#K0veg0lE*1QAi
zA4!h22kM)|aKB~f6X20_6IABOBza5@?_Qw})AL2JKj{xj(wF$FUE^0eOVBf2;x|O|
z>6V7g1~8v1hHrH{W;7&$I%n7U_=nK=J9p6d6Zw>rcjs?^{&e`aNALI=HRAwz<f$1u
zr)B_t*YEft(rc6A){~4rVqSecY>z}Vbv&M3y1|9uX2)jNOxKU3RlHHlGT?<&xJ?Gu
zyJpb1H3cFEa+RgLy^9A;?8w7LQQ01V^y!j*ja)w@{Q<;x(>czV>Ztm<Q1!Rd^Pm>y
z&d*q9&AsKfxzhv1poBQ(Re`AjHNcyD@V8}6HT(A_=qGuC-ZVf>Auc<HzGLX`&(MDl
zKHm!2OsIi$sWqAksax0}lc-zy)97g@hgS)*Kjhv(D`d2L57@scr%R<g|4vmac`AJH
z8{BfB-{r62RDKO-@@qJkUqfMhaX#w~kl(mJ>Hz#lW=5JGwmSy;0yc^J1}f;Ec>f+h
z_DPSf>XxPy@Grfp^dl(#cF34}sVbqVuG8RZmr<z(l%k9tdf6H^OTxP-e5>bEt$?rU
z7UAI>{&!*ccKfaGB=O5$q%lxfWlLVtBNp4kPS&CLS?Jmh0Ucl}$Bfvm?yzR~&PIuA
zM(q&Ki5Mmk`5Lji%;h{>>79%C63?@qJ|n?BwN6FKvB4Y?dX22&0`;A4d){z1iML@S
zmI&fOG6}`JRug-wPY7o=hve*GiE|z<y#U*wK$kRJB5q_0xzd(+c83hKYT4?Bzg{r&
zQ@Pm{=c<5prd-QOMYFYVN4oyVw$PK?2-P)oYH@?y1*59P*Xp6Ppkq-x7PVthI~KKL
zQLA5-jzw)1i#lnD9Ba*@nyyeY<k=3C@%#G=Pq>7buOD(_;iB)`26*xG?8Dh`dxZ4j
ziAW+(TnUoP5?f}9g)4&{sNOH##QB@kPamzx>AEvk_7r4IW2ZOX-tISJ<J62~T%-YR
z2iI?i_-e*7wpESm$);g?&SS7K6K_O|B(1vOpj#~xqAs{Xh^_IGLHjkP&CP{V3|aZ&
z0dq9<d>`>g;MJiWTrj)o*u>hgiILj0Fqs?ZC-@W>+#bVRT1e-Hx}C2ATUkrw`npSz
z!0R46v3wjh#GDBa#~jM7oaL!F`;LmHa#lu94Jh-iRjj69A{~U-L5TN<5ak~pra{ti
zh~*sOL8)0{NnwLn5D&?atc-q?i7UP4ui-2CHT+3_4PVNylK!Ku5bO>&kQTv}7li@J
zbSBS&IUNPkhFy}a)&{(1<_`<$!#+`uzr1^|pV1hzT`AqSTa^YJ&%vH7ZcO{5Hp`g5
za(#Mn$EdH(*uJb(4iAjtOK%0fB_UO2-`*#!?$$u)x4T{6XSvuMO2>@X)M$~6F8$Jt
zAP=M8&}hfozO}$9-M=}y11)1o##?{P_Q{{N^g_v>n~U}*=Xb|vzy0+23_ug|k^eCj
z(M{$l=hzVjoZ!UgVfF10emUedHv6qw=M4!*_4bnCEgnvcJ`@h4cF0hE;yBO3xg?qV
z#wU9VziEeP3`hxo7|aB;ndRD;-mt(`7~C%XGYJ#dKaW?^JSekD=?yQisV5M4C(bwS
zd|Hqp(9!aN$vO1LybzrrHxZ;Swefr*iW(V-Yama~Ww0D{vfN0POE2)2>GFK#-q21@
zi(-{OGc7>t1$vnE(wuq$^x1)MP9^KSSTkno+_jG$4{q*6=?t!#%(I+7P;4%~63v2Z
z3ZPbN{_rH<F?GxxGT(9KMK4X3&%Y(dkJMpVYBrbg|0-_cJ;y#j2aa)IN?&X~9XNUO
zKX8<71En#I*}y5;sRKuC&4%bo6Jf@C1~$!Dh<bvKGRSO(_?`#ocp!hWN}7r|)*N>m
zH>LIB7aFPyWvG+X7qN2)w@PZoyzx1FBt1Rn(~1}r=Z|m>55Qsi(;E#^P)x7SVcYS7
zQyEi#jai%KqjNvK7~$TeYSgdX<?4;|meGg9o0*SbgCgc88xeE&(}uPobK`Z$oQ&5X
zxM1lS{_Vc}aWl3<2gE&0eDw$7o`I6q6L&J(_}xmo#p!AlMoEn85T?m0<#pgozz~Xx
zz@4H6hspI224iI`3yJWMouzRSE}>9kQEeZN-W`AbfLxo6v^gt3jX9yR1#ix!j4SP*
zG$hDv8T4js(7Wk2lVr2AW`R^K`QLD{VfCdRNJK}nbtGFyvUMa|0|cu`wwdoKh>ed{
zVc}@ms6H_Kvp5g5Nlir;&4VM~y9ivUV?1K9;u$k+FRNPnHZyG13;of!wLGn&skC+o
z^oM|Gzs}s(dLd_(iFqw@)~Y}McB;;`kIWLjZZ%&R{jaiEHf_mfJr1C$KXp@Ic#*XH
z(;IAAwJ2gExW}$Y?$WYN<(3X&^6cQT$V4blgN^22$sgv8V)hv9_udXUm$eyFm<b>y
zD}Wy{KjYdkC}Ru}wnSaXgCsWe6`zGamEvrNAWvPhVWJGeT=H=Pcc}+ZXD0{vGB4yF
z&+8yQMT&lgO;P7e_5?#1aPYKvRAqwvv=YIV4lUFMzVck1@`++Jrr<(yUeKCR%+3uv
zj_{OuIK!bH890?w)rcB?iO0MH*-=vkYRde@T=*Uqif>Qa=fX$$2_`$hL{Ue4vlC)w
z)@j_Z`Gy3@q1no^0=l`MkvN{w8+NVU>PJWYx@py%4wQP3_?|B)CC~n5EJ4RfJ&qio
z0VmZAL3hwo2R+>rdYY_*p0at7JI=>XXXo!feg4S9BC`j9W0~b>!^l~BF+|19*e*4L
zqPlsf50PFwRk)t83?KONr04GX+?V`P#;<6~aSdFPUgIEDHw)<TGQf(!Z*GLKO#Oix
zWeSgwkMzl=Vu{QV-&P?`dZIx&3|y_Ea3$STuHi1FpXy%7pLdPJYRpjCRX=Pyp=T8!
z)BxJSs$(e#vJOjKw55Tiu$(-t6zqcPs=q^76r*##wiQh&&37zS$5M4H)g!Z1mhDMn
zHY$21DO4&b>n?vIg*6q*bJ((73cl@aw!u<GPbZQR50}p8&&Thm<b=1(la2}6KsR3g
zRF!g6&jdYbIjk}{A6|xG3~m6H0l`F3A*+N0+UBp}NPZ3N1yEn*B#^P~V5=G^zAxW!
zs~YmEGLiq7j#UQiuKEGgVZd2sQeHQIaHmy&ezazgRepq(cE_I{Ij&AdCt`@R0j<%3
zGP3o(nWws*@7sO2x{U-IDH{~HLkWOPoz$;7wX)S}Eyvj@Q%;$*$%+%t_YJC%w5(LI
zV5nYV-`Q#kR#9uzrer|k&UXw*%$osVXFi4{oQ&0-DiCtxh=`aPZtE4u7d9Z8rYv#`
z*qLT5L<h_~NPN#1nCUtTJ=!3>orcJ<)`Rr)k=YDkwuFi)nWMKEAOp_rsZ|eO$Rl-L
zT6tBY^>SWQ8+e)Hk9w@$F*l!-(q67oO4!1?AG~{u!BpzI6j{A<Z{l+=IOoMWr^SLu
z;^3E)X6&AtK{8$Epa<42TBN%5q#!al#?xy-J#49_$jgG^s(<4Ew1V`4u|T|JzntKD
zl&%!C8j8~h+r`XgDHv}VzFwq0T5%qsx3<3!w*iE!D)J*j|6FKjpeOHnf&7eAE-vYa
z)R4Hh=AcZGjB&O6XSf$lZ6V;{YY<)speX}Tj=^o(0V<X6p-gm)Tzc2nBltkwBFg?a
zJ<!4b{5Mp*Eobs_w-4WyzClw8*sUaIl<P>^LtsAEITzkHxFNV@vI@GZ8Q#mJ_EWhw
zR$A@U@t_Pu54AEDVlHe;F$<$jlAzB(+%{*^!8NxvDl$l<>r1Ho%P2%d{tdkO72N-q
zW-$_^ZhN3_`=jmc?HAkIXzup6UyNSAe(m%|uV1`={a5`#xn<g)JZU$EDw`I4xr2}^
z>t^`4pj<tSe5I7qtEv>>R1nV|3m*t<mrT4d_!f+F5n!6|SB_o6?mFs=3tNWqw>`r>
zn9-1JPIndY<{UV4-jn=<^BM2Stnw(e6&fheQDp9WIyS`9!cUbg-yyknQ1hphs*V=O
z`^R>q@>ej5d#+qH>7%jK!82onn7L|`ZMn>&moIiE+oQ?L*RNhqGO-(h2fyLfleb){
zOxP!o@Y-TR$rb>d)nge4&Ag@j0MwsVipq_=7@9A{goc{rm?Oh297@iG!9D$o=LL_O
zmm^yS{pJyTq;{>sA&lsLboi`iUhnJY2#2Tc%~Y9ekG>_)nh?!KeyAF%DNWbafP>vv
z2xG$7VcU|)@aek+RW88Wr_Y%(%*3R*fi`VsG?K>OUa)=Auxe|ER#4}>Oq1)ZeEG_8
zD|OE3P-Xh+s<BHj^V7MA3muk9XHMou(e(tkHCHWz7O6D81?r`5_Gd!Mg<0u#EWio6
zoY|!haplc%3Sf@`x-H9K&Rl;68CD3e;!7ctK6%;c+)G^P@p{QkCQmm?yoJ>F*ooaM
zk+u1Z(tx|iHzbi-Yf9|2B*wL<F=(=mfs8qvjyW>6T=Jw;Cm?P`%x7(7SugSvmFKP6
zFRe3s#w%%`n_dA@{o0WyiwNqoCeiVb{6;PGrUTDvvJf43_Bi&hp3qZc+5{aMr)LeR
zCtW$;-!#e646#!k6dEUdaO1DF5_x80_cuvP4y;nbzB{G=8_wpl`A{sxVz@op9t}t1
z?EjjvM9+a>8)w9tvCpv|*!^%db02PAkZu{LHqLQshRCrA3!oj|Vj+JUBx_I~&b;$o
z_3^8%$@bPndenxO+Kk;(GlFdjiCs6kX^8M@%dfRrrR#|;eJPS{GI)Z8xs5196mcn6
zQT~5&IrK$vAs@`U#KY4e>-B_0z!tQR#Blln3>z01siKo94xv@_A-a}Nk596x9xAcB
z6ecn>SVN=9ZvyEXK=-aNBJkJ0As((=pJ3p|tAX^w34fc6phh<r3(sh_0q?6-lsA4;
zV1|xZ+n88m#E7cpk+9}$qD6w6no;QcVhtv#4vgzdm`(6ih?PR673d~kLB8nIro-#U
zvbC3EJ43xHVcBACPzMMk42+u^kLqjfL)}4GX1q%o1yC&FWyU*@<6VpJD%}hh+TKk@
ztq}Y7k!?+}@0G%8ud7;9fYr8`RLd6cbo`38im^im*7hjJ$;PkDvZV=<J!#ppGHI@7
z$6#|vp@P`<oSrf|n8pNw8d((isC{SWrx&kB+dHG}*SoJ?J42v8vlqo*mXJ$N4>?pO
zXx(%eG!^Fb0KK$Xok%_depcj>sA~<=CV8j09b#qf0ff4)e2U5^HCU5*{VEBOy4lSM
z*R(OplE!mO+Dz1|_4w^9XEW|F4_M{c9le-L#=Ea3uceJ(^MF6=tO8ku$+iX3t<mM2
z$U60vLHoVbcXWUC9fA5zUTp77UjDQ_`RV0PN`2vHo%*u+jy6(XTVyR#Up}XnVGt%^
z0Lewp?aOfQ(!KJaQvw`faC-)g0smu!epp_fM#I-=F7WCuWX+nAg{(COcI3`3OYb}7
zSuiBOim6D@X%SnuVu{hil@##mdhN{=@}Bgg=lkfaK#V@$M_Uh}y8I{X8>gobFCE_y
z;spkaP%>Te@B+Al8N+p$cwP2WKZJ5tX0D2w+1(>$RSUK1D6yI>L`R7|j(O}Tu?NZV
ztunJ;FriZ;5tie)S#q`+@~t_ACy&!Tm3flq>7ELn<bk^9@QJ$aG;PKLbg)+kdu<GR
z{pRH0@JO{K`%NSt4ls)s&Sm&J!f?4ytt8<tc%Ulh092f3F38mN-C!opSFQ(FRL|im
z(0&r7O_@YjFTShmQ1(ENuAN$3Pktvux*+tuFqcO7-i1e(+MFmQ@+OvHHQwO7pf+PS
zn=Dce@Di?dZ)&)J3Ol`Ld^hZs!@Hb??_N-+vUw_o@TY9iUl9qu$w+6Db%B2=5_hwi
zFSSseCh=d#PJ9`rKJVj5%!G%N{>CG@I5)P2;VuWg1O4#AG&Yuq70J1FV+WK877&!_
zjpHq7rjPN%K~Z}VE`!HSg)%KoAp}}YfUTvz0J2epjgwr51=vedhm@a-MFIv#T8uO?
z_)oAG3ax?6+y?fm70^w`eihiS>}v6WZd(S5wy9r&r&9JJZ}0sg`1h3)X02F*9q1!>
z?P9+ORXVYZywOA-j)Dx+Q(gk)@VSQ%!@==QEQL;_Ihh;2FHrOkwxCP{clV`l0Yl=X
zIK5yVUgNpL4u~JheIl1=T7s~02?5_7Mo6ZfZy<zSf3*#i@2Bmmw9l+vo2Fn*Uo|y_
zFn4!x_{#V)`>JhfMT(?bc7#2p6{v0@vU;_#3ipGt4$4uicF6D0U7_CC4P;czMBiXz
zBU8S`CP&i{Mu}C{B&Is~y$9K>H}6|&U+U&DU?B`y4isQv2R|~fkv=N+LZTc9o-*>=
z`&$OpInjQHefh%eSfO%L{q~-oR%dBTEbZHSTH3drrM;J>ecM^uN3*nV*IU|;pU!lK
zc`9bEbjiQRFj%h(*(Ghk+p$0gNdhR8aW}iTCeZs_^*PIWputL^UeADDTH7V9AsN|P
zvv9w=Pw`}6>ol|q<ZU8%4Lc^t%x(Ot_~#X07KfyAA{MB(x1bD04v%|DBDOb$eFA5<
zb!US6A>M9X(P}nCi#qhJCJWJ_Z;xXQJM`^Aa^zyHMroWwXoOKKJZnwy9*ce6Vw3Yh
zhNaCZ+IOs$@sf|W_U*y9em*!mdViz=uAk9G5ke1yBhJOWL5Xp(d`_N>beS$-A`^~>
zbA!yq`D^H%EhXQK9n`^F4-;R_;H?&Fa6Q4B4BYb7l0fVhLzfJjqNBBe->T)wFfRNw
zSQQ;3o-<8>lW?ZuCN!cdW7gy>j3UUgY8BY1LsuT!$~WiHngOv~sWLSrqH7YVC6Dao
zO{sd2R_H}p`Dx5Mc95G@z^s>w%w1H*b5M?O;r!)f7dze*+H+}*m1=l#A>Rt{!lo3%
zJ34C}orMD=MR9!OBX9I)AkhxCDj67=X^qKADUI15Z;xLNw|9o4?e)r&J!s<eycgod
zz`;xZ1<#{3{M47Ok=Bn`(w|0Et*Ke+-gM;SE`Q~yq~UAh%S4m(c2O^o?LGRwSSeRe
zdD1dig^Q4E$y06NMawm@PeF1MH9?H~qavhi4#kuX*qs5B)6=gveo_-wov2l-v#k5V
zrI>x)E0Ik><YQw-R{1KeStIMB3oVE_M>Cjv)RlU(<{i&r6*L%PyZ`q?L#)D3#fV5{
zlC;MR=7zRyFrx7;gZ$*(dFmoc6?xWmQe$;;;x0xyG-pks=p1erkjN-pXYtL&N(6I6
z=mST7V)+s?hvw(Pt(v~sLCfWQkh_F!-wv6cx~NRNQ+cW!q&gG^Q%blbVf3^u9;-aJ
z$vu*eOp>Xdr-3$*mFvu*XMX_tgClCaVBIXt9^fNhun>`yV18&N2aFBL5!RX=+GL!f
zfdiF$Riz>KpkRQ=;2;c?y{#U4YNd+wQ<;inMagf#hG;;?{nTV3I_~FjELq3>JV=f;
zZ^@)BaTaxC_WiHPx@Vc!@tZZrf{~lu$0I@;bvg)|u~r=sWW1za!F^Ti0}kjOPC*Mv
zps`H?sl3*n6NFh|^cJduou`Jv6g9(vx><b>kzQMsxSoK=7ps*MC9s`exvMaKV^$UD
zCs{rn3KDwBh#!IlGnt<>PQs;#=#B;i;$`rc{3Y~Ch$$iD-$3GsV2@b-&iBJ>06>T@
zl1u#v&=CBs4T<=g#0A|>^r_Xw9Sq1qNuXcK_+)hxz6`V!3C8x)WU%v~-3i8uy4Fqg
zXAC+xsDp!=1_zCuo-$({8Pt(MkGiBkRko(zLk7L%uN)LK+%~?NNCs872=^v~#(BwQ
z#r}eIYKIViDDwk8Ec&ikQsl_UtY^b7z2v4HqJDN@Pi2yPeqc{cL|J>Vr!qO^!5$8*
zIXkn5*_<dT)ZKAt9?U0`k^dA}jI99f=ECld5c!d@1~tk2^MC)JvE>NnTWW*VKu^O6
z_pF1AKN6SvTd^ufkT(+qzF3gLJQO62_%giCR>fr$E0bFwE~JF71TP@SdWD&}b_noJ
zwhAtn6(;dL1h}e2j_}!YLF=5_LBWEl7DT;Rio{#U=+yUb24GLjw(ew9`rJ)Oxr%0*
z@lu|&KITe5AXZ8o>XDoZhel&=<i+wi(36qgvN3AY!9+D#hz=%t9P`(~L=Tc<edp(`
z%ZHR)b0Vl*h2r|K?<Tx8j}hu{pfVij<mh**DbR_ymPca@@mD1EUH&?f4zTZhI6QP<
zR#NON{4k7qbiD$HoA(_&?i+$j)QtJ*S^zyXW%$hXwVs>?CVM=jdt8XZXc0)RSl%&~
zA&J}|c2Ua-+EERAbu5JGUKQ!csLD?~2)QE6P15@Hod}LyP6(}Ngqs5$35PQoReLzj
zjo#med47BRo8KbJbMVXYa1KyVz||umMX~e(xb!nKn+Ru#jt=PgK|s&3vvj`#e?e+8
zgo5uyDBZ-B^i?ih=-6wO05J8(T6WGO`!M*9!~#o<ta;R>o7x4F-WbYvZrK33`VLvK
z>=6cLhJ)awK0w8mGXR9Lv0@uas;c){YoVr;rdtUJ;bs9|1yjxzaRBD#60ZVYA&>A@
zs+z!3wTJ<F`6_}|02yO|TriVvROuOY!QR)g6J8rFv^o}uaznbG28&I}40(ralmJcy
zMBAh97wXc5VU2q2!G8`C#}|O+hJiG@VGL?yNJ15NYzay&<a5LO1DSlo>FBKlj8hEf
zsXQIv2TN(h;jTE3XDl8I`_5=Qd9kzW^bQZ+wL|i|Yz;5rM2%xaBcn&J!NcnP&FQC)
zd}F^UhhwGO)}*p>myq@y7Wy$$=D((u-$yOL{U<&2OW3#Ur1L@hD?fRIrz|97Dn>Ud
zTY=-;ZSrY2zZp1~Arm<tIA7eZVmwb}a>DUEcxJ+IOqhL>uB6#79v;3IC;DX0EE=^A
z?++X(<0gPE818*8ZoTu+FnedI-XjEm(7eqBj!o4eW;<3$k#j;7QxXy`2W$HrqVcgy
zVVU~j<frWylU?{;{_73Tl*?Y}>A9Nf?7<>y(S{ckTrY^Jr84$ugA9tVEyGaw-h~Gv
zYpl4Is>+5{$pzC%NOG=}JFJ<A-8t3n;bxJM!WyV713brzGM!|#2FLT{=<kNxK=!ja
zxr&_w-*-a!jHu5^FO}DVfGSRxwgu6N4EdXOtid5`sP)$;VIrlUm#|dUHG14u1wIi&
z7;q+!zLhg_yya5NJ$cUgIILO_0w(o3mVX>wfy$Ddy&!agFc{kDP@Qa@N8Tdon`EP9
zH_~8s=>`{1+()W9CFPNdkTsK@$5sZ>YRap}zjKb?4Kg(a&zEwJZYr$`Fk|K-6#H}$
zEM~ke><vmpk#!HVoPk{Wh9s&RPnDUY-|`u0B+lNmpSi}5WY3UXo<Wwj4&)n7Q_=+j
z(@K3Kc}C-gT|_Qd4FR3S%_`<Y>HpFT_H%8la+{Xl0o~zr3A!lHtfBca^Xc@gOv8T{
z^vH))ek9b`dr-=<a!o@tv!f)8m&}xRPpQIR@0S!(TSiEXEkZ&ck*<FYm=G)ep1MpS
zw<$hkYbHEjL8Q&t3^ijUy1pn6^9`T9zSgt!{l#d3Vn7mx-xsU3fC12EJQ#>8!RI<0
z@USAi{y<?5@G-q$!S)@FZ?e(yO$^6?ca1030TH&xFMoYWR~utY_GgK*gI|sta)>vM
zgIH$7gK`b2W+j!zSV~&ofej@f|G@e)kHQuH)_M|M*6E>QNr%jZ>;v`kH(8nha_>-j
zi=1>daN>~ERp}Hr*#Xi9Ric9%YFp0h;D!!v_<?Z4#xR2dqLS;dq?jLb_Z>w`NO{9*
zv|@+4edkl~9Yv<?7n7Y9aS2lr6Qm_sR2$afUc7$YA~Eeqdtabp>@F+T28M|~A`p>2
z4pg2CayJZVv_f!Y+{-LqtYins3uyX;l%c;tHK889Po?b2PF2g=u`5-tz;S+L21xCG
z@CwDhG~=ZmLffol04_jQdM4v^PC&)Ewpl7ki~fQQRE%D1kKwyf0j6k|l-D>FsxTux
zh=P={Y+n>IdK*&6qrUZ{HVau1KUlZd5<Azx&&c^}`TzUQxW)2;j7q$&GzVqfGTBuO
zHdH3Cqi;}L^yqpG_75_1sY+_{^!WJc%$Yd7>q~ET>0I+1@VQ6l4rjYCvkf0FTsUA3
z|NPJYI)=0t>{|S{^nu*~x^^t5UVz7YzpQ`Iq#d$9k$$g~H8@nBW=r67p6O{?Qj^_f
z0SdW7?h$9WQyVO6UL`>&vz93EDR3NFub`eueO!mp*Z5M1L|Vmshaq)O!C*X`<9B6k
zg;pX$ky1V-l5Zuh8<MYY2o7@a%W)9|!R5&*zT&R|1Sw}O#+;5HPTg1le2k6sG8_;b
zxBvXNNq>K2z!YGg{`22P@`uQE<X%}f@=|vp!Gsx=Jk^rQ>4_H?F9u}6Hb{`vLPMSf
zma#=R=tMynI~ze52UeLDD|V%2!S+BHr)M9|4h|1htBP!c%0NDi+}X_@@JuCFe*fXW
z^)>W_-c<}49o)k5Wc!bQ|I6(c+oNV|h?=1pUHgiMx(6-P;d)l+sZ(ZbC$O;bfGKZ0
zuZ0Cq%8)_~J^A>uq6GTFv05g07WW8{uj&i=_?fV{4hV~bnG9376$QB4Jn;tR(_(b(
z#c{fp>Huej@)y}F=(oyRTQubSZxYe5ytz$ps9OasuEw`ngV4)2E2OZ}zI&r<q;68U
zxR%@b1a80^YE(RhLXT9pcqNt7S$YA62WHdUt&9m%;Y3p^939=!(H$M#@icS?asI`^
z4kT~GSXhRx71HCvyJfP`NYi{IZQb)G8x8Z7>-lc}3XiHp_k@R(o=srF{Sa(-6>ZRm
z!TMAS&zFBOCzgR8q)X4OSfyQBCHVu$x#NgFHx>yTx^b3h&)jIK_j3;>0;;awieth9
z7KHE95@8x8xr~IZ0(;H~n%NJWG5u$Pt?g;LFdX#z&dY7=te)M6Ha-FW_7M{^&loY-
ztt_3}AqEw%K(0Lo+_7}6om4ljpfX8W({!*2280^c>9D3L2H*GlPCYl@;@2=Bg$CY%
z_M$&=F5fOnsO9}~B{e$#d%1{cG<$%g$D%AE&$svR779O|_lrA&f?(rg{lkB&q*qF1
zs-R}r2zOSBPU0AwoPf}wksr#pvKM((F)C8{QWSl@6Ekn=`n}QiVBF`vPfuOsuT0nq
zf{<tac~RDYLHvLJPf3EWubGI-nm<%7vbpdRR|@E#*2(VA|KndxTmMg5X86o@2<w1A
z2$I#G|K)$d2&GZB4`Db@I|T6yRlZ9*DLB2t83B!$2G-^pkPru^Ra;wrFRQ&90ChV=
zt{aUgd4Z46BQ~TDL6v4hjL^ozv0V`I&a>vaAl6Kzx{rwUMD3pdWMaC^4ar_Ngm2ii
z-G!Ov0mK2KYj+xlKAP?<bpEIH6|B7d2HgM?h9Nf64M%DN8-uf8LK)}*4dN*AU%Wu>
z>6qap-rr;&mqH|3<y0A@A?ov-;D_D&!4K;-Xn((~{+U&{xE|6%Dq_5biqHdV_Edq0
z_9~>nK~`hfU;s>Bc_DP=S0c=W+KlZ|Gc=;>TJaF+wO5VnS?&H}H?uH15#;8w>h;QO
zGEBJ+<U?oRcH`Vb;JG0u1Fz-s^36T@hl`bb#tl3J+EdJUmP05{cj*>T#m@J`Yx!ff
zyw_eZ53g++;=|Fq<If+EhrlW^a2?oWEA)M?1UOjeqW-aA%Jmq!nT&6<^x_SN9M?i?
z>JCaoUi@{7mw?)ga0?6*gIJ5t&`yszPh}kcYVY&B5S$Zijpan(e2yhB@C<#=m9MH}
zJL+g*Xe#tIGp2y#XdD7>FvCUKxmn;>kAh7{OmxIVM@&3EF;PZGu!92k%B2mu;<K|g
zaKwRm*y<MTP<v;Y^^k86VlIFG?ya-%zF}Kcc_eG{#6TGF6_(*#^yNtb1q|fj)<%d#
zJZ5J^<|dj2{jn<KQ)zy*O+|aVB#%EGw+EM4*A#(rDbz9o)9vgzEnLrsg~OAa9)y)U
z%;q%YT&xsicv;nIcOXO6D{zwI7TCEhP<D1>cyx%B>8ijyRVgpV8MJtY|37>Gw%j<D
zqzl6L`zg?7z00UcGO1%!W`w0pDHV!LRmVXkDI&Y(Mh22g5=tPz20$rTZMChg#;k9r
zuiC8VZuX1ilZ>C%2?Ql7GKwGs_CNowNQnd~U%veGeeN!71&`C9334?O7uJ`6P}|{Y
z0>UEh0VMSgpR3aV&yRx0flxiKA%h}{eks$3xT76HeuQ}75u=<L;EuR37IJONGIYe}
zB)Ko(A848Cx1vREhtMA3A<$$$({B{KIXroL9&{*dltS$|%x-BOi>}NJRZH~kZOVwG
zTk;&K0;1_0(R3S9mH7&e?g@Ee%U=bdaO|reGVsqJo~PXvGM-UWAq`=o9fCh{Mpx+M
z1?(R$`eCAil&42iX6T#JV5gMd$fV}9&@UZFIj>1@!x7!|$9~8;7>Aw0yF#@iGwg85
ziW^dZUTdzyg}YRU&ruwpRF4saRwGRm&=7+q3~0IoU9vlsjX+6IUC^op12qhhr}`A$
z1F4Z^Jy7OtxJ%wz*iuzVk_ARj9-u@R$`iA4%*LvDu%#gi)?zlqhU9R1_-8%#;T>*{
zH!H4?ut%4plY{jfO(BY<tSm^!5mJt~45vw6h?QF&v44L#2xAoIC0xD;%x^;g;x*$r
zY(_x*Hu<$)pVt$${)AgmBJjcUM`I=`QQ5n6P6(IrQPHs|XR3sm@n!t`5@*P(WAz9K
zq1W2c4n9J?U?#)_!(1E;VbZbumHiUo0K$ac#O(i|Pt?Ke(fQe%AQi@Mk4U-%&p?RO
zkho#pnGthKK~5mm8-NPI@3h8Y0FX{0afTQ>x|-p)@YT-aKS+9AAejYgJ)x__GWQ!y
zh+cdgA+rL1EUFh6)yq@(GK>S+w8?xY#LkC9HQDS0Sz}ah!+}_u1HmF7gGYb4onvWx
z_Dx3u?%_meI)#4{M?U!19=^4AL2vDp>?OR02DxfF8s4CGz{-%^Zg?dR$Y*~G>~3;<
z=?ICNmV0rO+{zur)c($DA6@1S0VjxN;rn|U(rSlR9c%?h(=4-95$(G`cDD)W6^TuU
zS5gug-lRG56!gGMF8T!H@N@7(=`o_9zy8Pn4*q%P+hri>^>A>tk{Nzqmo{_`OCju5
zK>UW&59eP51dHC}!7nElKY#dm;o0_XFi1x;rZ@Ns_QUQ0aftL!spN9>@%-Y$yKecC
z6Kc#i+=q<y`e+)T{1+~%mI}<|qB_FFF-Zljdr`w_78Ns7N?a|TQkw#Nz0(eER5-$b
zcnRhTSqWD)Ud}OFFpMuJh`eZrw5Vq8OKs;RLp%&U!cOy$Wu#7GTpr<(COtKt6prj5
zgNb!$(GK~2l9jDh^@8e=CmU&%?;*><k=9^}sAwGbb^T_7DbsioQ?$+{7h`RSGy!3m
zl`F1gpAwCg9*^m<`NVd}`9v2P;u#34hb%0yvj|>~!)z9G9-dt$FXK*f#;b!N$9X0+
zqk0(a(TH*aPm@A@E*5aE%5ScNbXD7VoN<KU6m4{&vAk{IK@Ne_h#lUwMVDpyg<J5V
z_`<dh;Y<SQJ4ef5hsPD=yh9jOyDyMXg`(!7ussDZ-EnLSvQi@$v5CqTsJ404t(xWS
zQfwa8OdHF?dy1?Ldj@;66eN0BR|to<!9dMY%;lU?XD3Z!H^S)7)lw_{DtZHRVw3`)
z;J4h!U4Cg2OgT~hhFLnrNd(&Rp<^Dv*J(%<eXZ#ozdVS;biG^b<X5_S9dz`?+A_R~
zFT!dJO=SMvWi&6LjYja$tk4sn=VA-8E6#ck6V~ZK!#q?%4itm@(Znio(qf$uzO<Z@
z%IYL$oYb!=V$wOMU)>bnOuf0G%{smQ&drLE)$vO9m=zHQr>vw;9JW!?&53M~?>O=7
z7B**D6e+sWiq<j?%C6<0*xTpAbaQu;g{o2e`C@>+_RY908}i9-6W=<LPg<$S>&XZZ
zezHv2m}DuqZQ9SEPvhkLL-5^;?VYmxd2$7L<GIr`lQz)xBMpQC<hdiHcscUN>r%E&
zaFfeCS-g6rH_D<rl{oAYDpqq*6&{3M$?PTH&`DNACy{e@2qiq`-|_GB12i}~CjN+}
zjL?hbZoa26hBP9jTsQcJFd6>jrhsW1w#bGpvVbk}smvAeSRxBpA*~S3hVSv!_#Um0
z2QoQs(ll2UWewwCOw=<HMl8f0rmVWX`=Ymf(AzoKsvv#*a6nr)I=}wM|3)4My#jj`
zJ-Wwc>BbTo^84@VQjxEN?k_u!Vgaf@%(E-}HPb&{2LJBs*~^3NIqt_xu8lAQL@F`m
z%P+6-*&zD0{zZ_NT7BpL{#(r?g4)#L(?e8&QdH`~w89@?dS|OdHD4lsR9qw^-7HzH
zfUOc?vnUs}N$X7Yq=~^`r5aH{P@}YNtMHf;WxxJ{Fw;93q9%E%p#p?SN*mLhC$!uk
zGCv)=+MT4_zxmbo`33*CJ8A_{s3pgsJ_iX3V`7jx+)nT-cRYo(iaCKJE)2M~9-N8V
zq*p=1JuC`zwtn4c4vW?8O<r^+MZ<@gv1JzQYWc3UN&2`%AgN{?81j`$@`xG;%#0Dj
zpS`kO6{8_Zo%hlsnUO*)3$6%$&EBu}5*W@Oyc!EL<MO%=;vbwn#$1r<zg?{2Ka?Xr
zh91<&Muzl#h*mKF36)V1RSNZ(nI(hmwNRDk$Ow=alqOdHCU(GU{C_@ZihwT6yeh?C
z82MefjDeQX1ons~pk*&SK)b+T47ZB<itJo`l$N(PuNik`&G-PDr5nFRdM(h`^+awz
zne7@S>M#gC8c)aOD1xw%gFsLI7sP3C=lFdP70%iMIV3vE^s2OtQ$G@NYWM<o_?o|}
zEbYTndgA-F8elk2A2dqulN{#>j4?1kxQ{+2%hD`gOa^eiwV6B7kPu+KQGR#(N;f$1
z@cNPh3F|{2dWV!}OHx@(qI7c0YUI4O%S?6BB%>0zPNT@e2n*`8S|i8B^zm1mA+~|^
zH<11sLi*_LHdy`!%im!656I(SYknF7IG|XCIfgBS#OEn<5vj&%Lz#cx{`ULtsjf7K
z&Ns!k)C$gjU)Py`MR5KJt@qsr5c*dO5c-|34baz(yw`T-0yKFIOAr&fmBtFdz2&m0
zs*yTU;yP(NWMpkd$pVyaEct|vljTZkveo6vwR@Lkf}MAFyA`CLIeO0{028Y3?y46d
z)OIpQ(sWOwr7^vqZxz==sMujMzUM&3^rk2oVJw(t4mF}30z6Z_BCDJZ^pazp>yRcn
zn~{nRoq@*BQ??P>;#*sNjGol5!r_hW)SYjvod+<N>D0ASZIyPq>ko{Hb1$+*l4TWc
z=<(|ovBbhbdt`VHW{p+^fGjd)yhh(Klu<^s5L5nqh#!*iTC1<SNw&R6da3;RgQS=b
zbo)PHo;Km@^PfN$s4{2>MrzCz)1sm-Z%`Fp0pZ@s#mtTncVJ?5?rIwQ+}C{ib+hFS
z#=bI)y`)nD*aW}+_kY4AlQAzIiu1}U&#S5dmMw$Z_dU4X%M~uQY;lO9zU%v75`H{>
z`{9?%cPH;p-hF(>0b9jensJ-f424hBb%;gJh6ry>QTX<$@p=NT$Fjn~lqwb<4D%wz
zhnrDhOrz$^c$ki4y0G~3s>hV#?5+mt@$Z6=68wio=xy?d&&;P29Nk78^|1<_y%9KZ
zeDvUs2*m64y>-_1(I4Ue0ebMENx>k*QL`THpu$Dl?mmh1PC<O%l%Qn2QGd6$U*~JI
zu`ET^3}QlTZ^9%P&#JTvi2|}2B2z;}$1G}sc7#utj+=DUw<~%qR;AKY(9-3`e;mFY
z+|#fL`dUo^Z#Kk$4KZLt4A>9@HpGB`ggg#p1*fcRuq!P)X=dA03Ys&=R)?23RJofw
z;wU;75Z7SfSYhX>+(B6N?jHgg(l3J^J+cBWd!S!7#b?z?IAD#a4Lrp2{sO*%Q4#pL
zyJq=s|0mCs_<<(#FFPrqUTCJi6F5`hsPb~rRrGh(&SM2p;r2`GX5WKVFPpDVe5bf~
zH*=vCDf^k-(@rQ~A!RMH{cpeje(P0`*(u+$;D#U94q>i#HprLIj_92Jp}eF0wiuo=
zw}v2JQ-+`nR#()$^mR@8+SgTZl}Wvx842cErUjsd;oytxd=Ak^u<IM}7K>Oz>x+>)
z2dwKPY4C4THFX+(8E+qL)d{NCC%wl;2O!&v%C0@#$>NQwbw`Pm6ED_cJ_@#^R>aQC
zOZT`^NK?oW4`!1PT(MsZyW?gptd3SL;fj(w1dOlwCDE1L7tCLBwJZ8+jC0^mjq+li
zAff3H&ai#rK&a}d5)@<f8zyV4MP+%dITNPsQ*PY-4cw%1aEgJ*gJ6^iMZ6&d<Y^2C
zR$TOaZTTTzMC^$7X=%_G@*R|ABRb3pCUHJsVjH3}&ypfRT7m#W{+k#Q3$?LI!zwF5
zZDL5g?``ieL*no~IH7zJhch1SG04(;tpDqMB;zo@<y(alHvbR!Kj;71+1=Z3#?@If
zK7?M7(h%XT8y})2O1qxG^CvT!;PmJO$Ge0iZ~PFUDcq|;fV6`!4nCeB@MGo>;K?B(
zl+Z#zBrfpEAU#lscx~S4c~l4Wd6LqctMtl+zUe#2XTSdN&gV0{JAQovF$FRj<P&oE
zR(*IKyd|HAW4en%qeY>4cSGWWb!RDvE)cGK7pZ$*@BmqoOdm573rH{Ev~h1S=VGD@
zs5g4ZbBw*C`(OaBqaxqZ=Prlm%)G##enbijK2OX=9$Zc1m>$PW-!Vm@sK~fMGLFJ!
z^6T{gds<FVz=aZdbe#m;J)?`gtZRO~*K!vUgDrBEAkkR^y|fK7+!Yzp{d193yjJ@`
zC!Zy7af)cTg|zY;G|v0G`@65u_HsUjR}zgl$IB(>imzS$5a2p#4?oU%4Hm2B#eiYH
zyGYYGFT0$Sby#n;HSQ3X*IMArwUcC{(qzRoz&be-q^c^pi?TGKY%$8YPwtwQ4boZ-
ztO0palGU~1bvpDry>9pp%q4OJK>njJzZs<P%avB&>SSEJPfd&iI)-yR(?k|ag)w{x
z=ijtH8H+!-I5j~=g)OSkI^ao`UPWKCIq4abB6jLJ?hg}{Jnj_Zl!A7NzzgkMoi6n7
zPS>sFTA6FZZAWUf(gEi63G_WnLTNd8CI{|HC{<GPyM)&HqQ$bgs$gSQhV;t&XmqU#
z7w9QJA-@3^-3~ds4d>cgyV4-{80N-bdOQ+>7iE;~1gqCs@>rY#ArF3qynmgg(+REC
z6M3%|m8nhOXVLXd(Hq9m@K!4C6rymWLM;3_h+VdH)m|r8&Z+nS8U{LaOxl%1rX+(!
z_;56eWLm5waqSTFxeBx4jge62sL0}P-k|+GW-&uH%L@z`Ab}t!o#w&L?yrCU&z<jC
zRuJ#}+Z3U)oOPX7L1IBSj&6<4d$U#$gPbNS&2DOTdwlz^aq}PnCjH<{A^E_B&o<cp
z`QqK%AWy;x-1x$qb3RR++CvR90ctb|>I(jSW5vj&l8KVhkzkdlaCdd$BFoA}T9rm2
zDom+`U)BymO27#h^y3MUyD^HwXggCq)<E`D?EiIeP^8z_F_IgKd!<alBJZPQb7T(~
zrn4I{fX%RB2C8fu1%4jh;q>|p<c9Z|I}p&;j;7<uql-B(;mL89gVU);A#pZMf|J(`
zDF&}Ku>d*$bLfpzzBS+g{MZL^h(3l)Safrbm7b7ra3OBi&M)EUg?1;zao@A=%wogf
z#JE!5-3H+V>>u1$T5B!NL&rIN&x>pkJ>i`|A`|AkU_mHLa|~PAxUx+ZGa$wxr*A-Q
zlM#9;4R>t#39I5KeE026a4y(v@Vjt4c@-Q9E&zX+OkSW+O_LQ4mLe-GL@dE1Rlt*U
z2fl3?Az_yY32!t$!?+DyhH+FBT<yEcD5HQpLUu_Xo}Nf`!|q>#6CiqJ7T)8N8Zw7|
z!%%oe429Ne@p_`rdSC-Z8sYF((KsjfWE@~v>U-vp1~XY)kKYN0B52wwhnI40354ru
zc5BaXlzLomIY!x+)u(_1oCt&wQ~F~Og3gDjjIDGy4@7Q=Rd|b26RIaQ=+D*}nO&|B
zbnpv*W896#qA0Y;ilzh>>rQac#*$}Yq;c0<$iUnNR0geWR@qn&w9d&fz2X>H;!}Ca
zIGjOFXx4Cj3jr<!%aosxdPYj19A8CoC&P4X`>#b^OV-79cP!Fl9X)$tGwNnjV4w|M
z!t1>+p`;E&!eK;k9_;c1exNkVr3thGJcWGna1h0K#c@)r*ja5=^__w1eRUNLgU-)~
zXWGJ2MOTEJ<C>ghSY^*ZVtXZtfxXLAtnR{uEfjdxNlIH|Mv?T^kg`dWCC}B6ikO)P
zARs<XHgXz@d0u9`<-r$d*|2%L71FMvO5k-KDR?|`-E+9A6(w3M>vCyZMq!&F3VAwK
z3~0(B;JYsQU6=A8a0eqbj8La-!xO0c#}f@{wnF#^pz84VU#ri3jX6@snm-ms3SH!|
zZ^A4Qb`YKrXsanZS$wDC0YA)i)LywMPPbO>MQsZ4mRS{#vJw}vE-XJ_$<uxgQadlg
ztdQXa_~7>?uj*9IbQ<GM>ep`*%2GRI=8{rSuk=_0BBV$@0N(NX8ia;k7yWQ94SJe|
zZQetf<^q?Cv~70}w49Cf)-iS>VNpv&e@yWmHw<%J_v_#PD>srsW)++OM1sz21_%q0
zIfstnS|uvO=EHVK>m2hB{QKRB1DLX6cx;?sBD<j<aDo`(UD4FZ@fgDn$zN&Azv!;+
z4@~qR4gOyzfZ-o(m1q)mfc*6x2#%Zq{e!rhg7Yt(pCtC-%O@mpy(`Q>B~~4-*C+i$
zs?f3V5DC(tsrljV$;>Yu_AOLd(sPWwO?AeJ@#`HRQJaX5ev4KwGZk#3%C0Kge7stb
zZJ}`{X(j&#zYF9-h>UP)oER?2Y))$>>&I0an#9qN>h)SPGQcPI=W4#D`@}C?nIbS4
zpK=A8He@WMPvk_&@GH|&s6kR_DcbB-S9g{{RET@=!Kt461r8G<a1-Gc#jToUTmpVx
znNN^eF%F8?5Y5{VG8PdsmIG+pM8P;Z(K8_qK{VLHjlM3om=#WL4=&!G2Rq;H1s#0-
z>+|#A?T&7%##3krO1<G)JR`2f^H<mPM7}?Hs51fG`E)Rja&9Xu#}Mdg>2UDBY4kUK
z9eqGxbjM0@MpS)P!k8RQ!R}{Kev7>G2&{C53oqak`=j(efzWxR9-se!pLzq&%WrTN
zk<*hqiKoZ}Nruv&Qu?bJ;`Y~_F5%9DAmJ9obirI#U*xXG3T6U@x=xD-i=A3&h_s;Z
zJB4llUO=J0Da~8td0%7zFf}_b=~_oGjcp2w(q8I<i)RuW8ZPgnO|8i0LY9~CwOWBe
z%2)@`cy~vKTr`6)nHCfH!8b*m@9h0SeTJYqRw%r7ptVR$FjacT^cQIw`-rUw>*xkN
znX=S5la5TnL=khQpJqWiQAwUds(d+&k-XpKjSk4y`aEM7i6w9u4~nMf4m$&6p;9_6
zz}TtqR_s(ej$+^Ah_ENXO~<hcX&8`+9muY`U=|UT*tVPTj*{4?*HOZ6z`8b3D`~Gd
z7W<~fO`l%S7}H-XfWB9kVo(<+@1nAxuZ*3b(zhL7!H7`e;Ghrr2ft5wm?nwb{wNo9
z;;9H&1hZRJ<0Y0>JqNL$%p>ewGHfI*WA}=1U<QI1*7~*bWox1}Br~T)I!xpKFq+)p
zEG|1Vp@zW*wMo}qwe3j9bp=tbgH*G{!Hh=k*uKX8((LW$AU84w#`_vp2q>X2<!N_@
zL(9~p1h1WY9DP=!o*qa*hz)!K)kj$q@zOh!ZYE1DDSQs{{g^BFDmxC8H%O9KHhf>4
znLI)gF)jcQpNpNw@yi8KCDvv09L{X?k{aCf|9Rt1N_-L?7%?&>`4va;HQET8!hwG>
zAA^<$o`m!Y;V;kR#~;t$VqBju#yEMm`T16P+YaIx_$GKyJ0$xt=TRA8UwdFED8T1P
zU2AbUf)9EU9|Ut!eYwBC7xYloFL$@PW=uLF2e{5%jQFmtF<J3DWhZApJkNr|Lm7C^
zp<~RyCReq@=>MaRYY&b~zs{=)`O%9#B|YRy55WK<Nly9>-qVhwIOEA5n27}6IqeMd
zGWKPt>%MWGT9s~@>}Vi`oiO3VaCsjYY^YR_`%k9D7KFuP$Y+Wyq++PkmxHi5`r}@v
zVzLUF5nGBPmy+sQ6sXsl5pn8E-ZrY>+7WD{vtW}~lD^X=Y2hgtJVMrk>mx!Y#2X)1
z@OiYvcA*YHC!0lI&+{R~ZG#~r(w&ZN^{_2sKpe6o8qIqm<E*YI2fM$)lsYuE@e0G&
zF@H!uR@dQh*3$_cFZK>-M-OlC!=}~EK8<yxM+BYsZ_W_mx9Hl|(<l>5;H+)qOYq2w
zBjj2Nc@6JFbd}+DD&o9GxinTWJ<2eO5*!}Wj9aoHOFSd8#532`^#r|rrUZ?5#A5)n
zoXxOVQjG`bXot?(;692)XCr<#Hz#D)V%QxR3nxo(vee5Vt$bj#ghQIZAy=dk^N^X|
z*wGMo-y~WD#!;EwlOYREP<8a~vau>|(ox^hB+HxlDEl<<hGR!RDN=6`=0tCF)X7f7
z#3MFyDkgC_te|W=D^?l;pS6-Xap<BlU>s=toSdCYsNh2_Ef|=_BdkG@{@H=m;mBE<
zhi~Zf|M27yj!=Uu%yPJ>a$dk4Q)aF$*0=B&;O{}!T`R!tB^enln+aiej|j2e0t;UE
z-r{lHSE<?NBRff$+5bxC-DvbO6%xI>9jdl(w~!c|%<do2m$3idw0R^7!5b<*O@!%)
zZa$|0)f;Za5@-G0eqD#X<ZuChf~`MZz(f0Lr8?9m#qu_XD-|NV(kGY6Y^^ko6&7th
z2ib8NE4yfaB5YSW`gF8~eQVNc<V#vesXXqP-X0~BX`yF@t#-OYZ2~`WFnkjhkR|GR
z8wVT#;S2*;lwslKO_C^u?&>6X5au<=90M;g#$G|}KIZrr+mH1^1FED_oC{ZpUP7Np
zB`NkZIM<i|Mema~_0^(p>u^|I@CtYj0u>H#bV^Ezq(f(sAE#M_pf!>x;m1)n>P^C|
znDu35UFM`4R7)qWg`18@2=H+92zg0?G$K%l#5HAlj#N92=+I)$sI@qR&{8y<0Z)1&
zQIxoQYvh-7hqTmbu$%w?Y?b(OHz1~ALG()+hpn>;s>$K~V?Ch9w&NI(JY($Ib({{o
zP>Oea^pD1)sy!d%o#E_8?zRt}bKwWWcogpcuVQ?K*?jYq9Q`>QfX@y)f<z#VWn;xO
zq0yXl5Hfvzln$qq#A^9t7Lrc~c|pY%k@~+)RW>^(vzKOvaoqV`I7xH%5&X|B-S%v&
zVg7NjKQZ1$5C2Lhy;$8T))C!JP0Mek)<TbM<H?nIeZo640hGHw<DRM%365fbfHla&
zJJomCQE1`pVWiVyfctL@mumSLYR^H+Cr)ftmH?`y$lX(3b_=4Ow#>|?>6M12$#0|4
zCpsX!2i!u(xO)0M_t)1kSEn|46XU~@cF7kQ(g)F<@#EN0=D|1RdAn6Frui2`TC}rV
z2)Y*4_O<4CxG)&1XoPIlF_9Off>{N=813#!?iQPvC-=iryfPA&^43@I20R1fy#>~m
z@$qKwNJSAIau|iX8Shk&{zg0ZdrQV(l>1k^bLwU;xxLQ>HqaesGRuNNE*%3yxsVdW
zQCCq+JSGIJ3`L|Vio0QjJcSjq44~Y31P*X71*6R^B9fdPpC6sPf31ga&^AWQ>fjyl
z(W95a>*Ke_7sr7=ttuM*Er8%By_aQGAhw--xVp0(>`q?vaELdZw&92&$eiUj(ImK1
zsu?$N&6p>4E<i)Xw`SavjcPZDsDeW_a4&3;_T;z%;^A|<uGc4xTortSnIj8nFWG%f
zoz=%kFOrijqA{LeGD`35@(KDRX2jaHZ8u?tJ19%XykHf|1Zglx+jVxJke;{^n^qwF
z4tW9o@hi^LZZ(4iGw+);#{92zb0K%p>Y>Ho4Njybp4DqGGacKD>_S&mMFsgRFO;)c
z1;S(uSW8NR6L_%%t#_1K{b~xv*-`=vftFffgu&wMBC)eNgU-i~C$DAm!`!_Nazzej
zXOFcoyiS8og)w3~)DE)1E@r=A2Wi))yAfuj2hxLtaWkRb2qVlDZ!rhR&l~m|+(0y~
zvQ`LiuVOY$KAmu9nB5dM7nlV1AWimW26I8zX@+0wnU{TdaZVH0F;UX{%J2!`y{>s_
z2aX=s{V0DrY=`FVgXW%}y<rvX57YEEqAtpGfF%qHMX;<-a_oVilWV=PjmO?Enrhk!
z3D1h*7C2)-o#WjwVwO;g?+$8%Lfy4iV#D;MvbK!11nIDb8U<=(>)x|;O5q4iL-*~X
zX#rbl3A;9Vp7F?C9zI@P1YxWF7Q;l7R=7?XhcO5}ATs`Yl0}5~oBY5X0ALwNW<qc~
zgsrE7bkG(2=}=5Oy8yx=18vgC(a;_a8HL2<VDKr^EQ8-c{F|gsh-=zK(Q{zt>`b?i
zvocdgkQxq=_ftk|KL_ET>fs?+Q0JUOV`L7$Zu!CSORqs_hj>o}GSJu~_KL6z=WsFT
z{A&;Yvv(n2VV<W$?q@diMdPG#EWCBntjM7JuABDRD$XnswD=RP|C205Qv-i#J5J#o
zqsPjO+R<Fc7V}^=ZISK57RZr^=?~ux#Y<LPX<QzK?APq@H9Pw~$h#!HYKOEPUY6Ob
z^7#4``tT~p$Y%g{Jx-Hr8kZ_v*#k8Ur!u+6R#tQ|MUDD=KC7i+)h6{nk*7qbX?J(@
zC0o)y&xppzYXZqy3b_~~zGQ6>y8<ul^|f%P6-Jgc17oj5yqZt)$W9@WI#s6Jz49)P
zwYUNq&klLa`UK%M#OA*FHpOF837&9L!~2#~V)U4DamtZ>oPlGRiEXk6-LWY2OZiTC
zJoKu3wVdAi+yJdk5vSNUR^3ol^ffWndw2E}Q{<I*FB(!aUuz!9LIBLzc|4Xd@rvj0
zw=61Xio<m-hAwR)_v94eGyA)4*?Cwu!+wXhqVQ5^bn|!i#T~g}eQQ+7?#c}|u+UYC
zK|yai(Vh&aj!ZMf1eN!5)-y5{vc6<2RDsOs=&*|K{AGsyB9(r_eQAbXwu@$RcKoN_
z_Rb4SZ#ZMcc_Q1S^1k4O`5Qw)1Lfe7cy*qF9Ji5lvRg?yv4iP2FntX+WoN$`_iD{Z
zBg8$15WgY9TXV`tlNED4ar;jQ?$KbrO3sIg!c{^O#bjkQk~g$wBLv0Ag5S(>&~~U9
zoz;9n;1LRk`2a$LH!O}CSR4}^#P1wj*^S~cn)#=cMBA&1@!!JuR(orGpPPcPZTJ{p
zg^zLIq%Y~TAnN#rkg<r6F%M>Lh#A$yj1}+$+M$&DTfv2296;<`dhXov0H^%}b(IQ^
zMy8@eWp7>G*2Rnsk79`<|L#R?b=$APqYyh(0^NMOM)z%{W!Kt-dbB(U<gg}O(Tlrf
zk4gtYtS{~-Mp@_60R~a?`^eiNVGZI-tod9}``YBGQF|Ag*MR*Uwx?T1>FxzrpNq1m
zv>NGP@%Ji@duUWwj7`=i&nM#VCF+7Hcxb?v_jlNonoA%iS#F0+k7U&k3V_)P5Qa?k
zk_Lgcq{r1?eZnLLr3K4Cg5{)Xka5+EHfodP8HB=1yC_eTc@e?;?3j4%uW0r?!$U2R
zp$5DSFfF&eLv#W*o%xpQ-{F6A_*0cFtc|_7VUd6L2_A2UEI;ua59dl69wSu=)YTPD
zWlM)ddmLH4%Ww@<l6%;tOtQ8$NlX61g`c-P>9!?mN~0+j69DwM30l0YORtW0Hl(`R
zOuXN{?e{mbana4b1^0IgXEp{Xm(39DchmQ(t6|=3t&Es4^oN|*Q;|d&&bEv9GlGAn
zxis?L+{0yfu2sS;D5u!#%#Lt2h@@8m-gD=+ZlL^U4CNndWQn!H*PIqX@swoA@CPbi
zYNqtda;4I4B4UvRG}Q%uQIV-N<KnCtR=-&-@|$w9mMQOgBDiLR104r$>Jk$V|6l1y
zQpk0Ab~@G*RgzCLM(_o;*Nf>fNT@0X@#tN4>CV0pnzYzMfYj76Acnj~f_4_=w+m2z
zgkcP!4>5!dn*UYM{G?QR$4TH_oK+nL<1mhf5e^-t!!jWpHo#`lHSs|GKu~K$=m2e9
zy`h&eeYxFE6{{(rPb;DQPwrL<T1erdIzgwhD!%2-e`y6Cx{EA`1uo5>hNF4(Bur`Z
zKRvuS`kAsm1S25j!~fyJ8rLleBID7_9>9YSX$Rm;ODmbsAi|-wnJj5($)C4m0*<vp
zLi->g8NUSb$Prb*p?R{(UVL^3IsW4?=?_1iy=59sigR?O2-y@{Tq^+o``YTr9suuP
z?Q$_Z)2!``*luvZWegq%edg2|h5K+uJ(}sMjn+y_p0!Ez%g}en&QJ>t%CTm2y*3GI
zbUhR&=Jdxu;Lnyt)Je;=djIkK!~0;6j%M0z{ySHJ_?c2Y;{SP*rGHgY%j)v~fQsj)
zyv6_Xr$dQT;R}1Om4m)ai;4G!o!!0tgBSeozpWM(sO^AHXlpc$wFL8!>Y?iu3Ew=N
zFJ8q=vQJX)eeDn+;rqNxz_}nkppWU1u5-EozjO%eT8Pc6+9A57V0^L&=<N(rMSXyR
z-nT_iOZ%}7NQx2(ktNL$!+c+7C>{`9hI%xtYSq_$79={;gkQN@@=k4nXMoGj2JoHW
zU~1>0dj^yIA8l(ze3_dm`ccAuj!9JB^mqAHj~!!qy^BzO;yiUAG>-9fABF5#pqoRF
zYKiyK7G$oC-IHkB%*Am+>!9IshtpA1^xZ3t3_M)>nlW%|xO_&lY%b}5vjW&sAV+%6
z%Y?5orT(h=(}e%g6u@?^IRfW?l}XzgU3>NHj6)kB&>yGqYyTjIU1R^oa92V9`a=-<
zFP*8LX2O8~q4#}gxwKd{$I{JxN6&P1jWX$oXE2+Dkk{%0bVHP=U8q0pi8$c%IyI=$
z6EXioBn&Rb1?lrVZ~?ncDl(DQ(F1lZJwW=JCTScEXTdoHCFfD0e!vwQL&GMNNoQUk
zQ{Iegwc!LjH%`EF*Vy$0e+?0!)Xm7Jk!!inod<PrkEZC^h|m$`w}?i?(Ksqf@V*=@
zLJ>Gk(F6A19lt*L_>Q1`G3>d1J^1-7g49Vl+Y`~y4|s=pUv^YABn(({{NKfPyTN!i
zrw2NN6ox5<btRpE_l39k)euO62vdgY%@aLx9($PKL_-g&D>Vu=1%_%RCE%15hEj_V
z;xu9l7Y}ZmZw3Ck%X9y6jWwh_ae9q5i?bkZdd4f(3Q0g7_#@kDyT8?7lffZ30HQ7I
z<Iq9O545qNVkA~5^&Y}=RrHReQ{S%AZG{x~Wsd~$7>3|;(OiZxFQl}5l8)Kyy=k9c
z;yAziuCDW>ea2xhj8$l286;p{MY<Cyyo;`}B;(8$ud=4L@GHKXm-VK1@H|9G&R1H*
ztXH1KzBpEec0{8Q5$nP<7b<mFOJlQ%`dn3gvU}@zCo`0T3=IWnSk{%0tdD`3ks9~u
z<jR3B9Sg1DUMBt)(+rtvD0}^OURH~rob%DNL)s@+PrKTU1sFS(axYibK0aK|j9A8_
zD4)dPY{ghxZDN$xPn~=?c_Jfb5f0#{9JR!KDy1~7l9s-DnTpk2m=w$nbkvQa39P@5
z!|WFBD;0d%A^i+a=mV0%c(b&#UZEp<K{Tw^C8%?hQggSi91PS9o1O1*8A*h(9d#D2
z7I<6}@AO{6SsKzJ1^^WlvV<tHREBw5>e$&*9VW^(sM`*KI#c7LBq}1}K$g)08dX4$
zW#|{8Wc~<a>M2KJ7!kw}F}-`sAO$fYN72=l!gV=8nnl+%HanED+E^{QQU#c8;Ts>G
zo(P3jb0M^!BXG3{2yzz=PwD*HacC}q$8efd0l7<V`pG?oCp2(Ca+8te?lHpYwnJ{z
zil0N$rxFlTLHkkXs-xufax;IwqOZyXWcd>oH?2k0bgdEi)9Q*j-g+EhSydt>^t~cf
z*6g6Nbzd04aD5b^_M?jOs(9eYS*+xL%b-J5dxyCJ7Y-};*Hnic%zQMaDTIv;*8XIy
zy{vIQ3a3%G)*<P87D?CCFj-87oD`nD;ZIP7o0R)QRvo0$Ob>0wJ=%cl&kbB}p%Skr
z*vgzs>AMG~%j3~Jc0*pt?8}`)<4t7VIr+^<9(gW=tYtjm4t`2w<c*y7$7w?Bzw}Oj
zt0mj-arI6_efX0wS_08p3#C|d7{00vpY9x;<HFA3#eGzzwtLn#O`-EBa~x`hh1<F%
zQ~R0%D76xY|5V-c=`lJMH0b+HcI|*uAMDVlA`Ugy!|OShpw97S8}!>D!ac9UywrT`
zL>pX=e{fqbi<K&MqOM%j<9b|wtcoxw!s~z(+F=Re?ir~RO^^?sQRp(##UgjxZ!3;u
z|BJ>VG{vshN)-6Mwo3QHHh&$zJuq0`H1#jl4Y<;3YHb45J?f8+S@C*TmTgbx+eclf
zU#TJe8~&`Px1_h@IIA0~D-KO#3cC3bG0LhosYi#aw?nQzSfi((8*tKXv2KSzK0FfP
zELsTUt~-dvlbGtZ)j^6?y;(XX;wX+{ah7+`C$&S|XR4R$t6kAd{UoF8UhkLmdpbk>
z{ruzw-bCX~UTBBJ-5XCSf1a1-D)5B#!r^n>s#&h%ck!RyAW`?1?De|Abb|XLN0;Gh
zL-0DK7{@Y0$!3%yA=7Is(-%s^7Z%Q4AV3#iNNcz61CAf8>Uu*NkP4zQS{Tq0SM^ah
z9~(IhX1dQv%m$eY5wmoc(vEWew^UO7aN!#<^wqI}T#$AM_((6J(8{VU08{vR+dJwj
zv6-h6W{}bgU%{LFp$iQu5wA7pV6Jwxgj>XTw{nbfc`U$%_PE|d2kF8myJNY$C!2LI
z_zE#f>{wlk#ry?S9nhRmw(OW85qcbebOqwm7tRD=Xav8lgKacK-<nTactKP;{OpOg
za9~8goYEi^hCJBWAq9HE*np}z0e6-APbuoF+JV|0s>Av5`T5C*_j;{BiO-}yPw3+D
z9FUy@uptR?&eJQ9A70nH=3w$0Lc{YRG(2NHT~B0s(To6G*o{Rrng;jS0XP!_XjlMM
zO{NK=H@GOs40G_A2X8<8(sO16z$e0=hV=oV9(+6r2I?lfi_+{B)lH}`X&m)Jeuze$
zbfaBpp3NOe;Mi`dP?M#xmxeVYcvy2j19moCt5Fa9tv6r*Bz<C8s_=QBB^Dl(mtv*S
zYLhpWfXEDd@#!2-%zOg=zyQ>;Dd<)!Sqn}}v+a_9q~Wy{NUn?zaI3>}_BP77Ky*Dt
zE?-DxA06+~8#;~=widV@P`J-d7^{$G96Ej|L~jM2A)W;tlxW7yJK<f5_+2=>z0Pp0
zVPM|Sp#h0S+RGHAruj`f<VchPSqubPMx1ilF>YvL9CwvTYbAEaD9mpLDcs@BV1gyi
z`}^&>4*ab#!j2E7mU$u{B=ZMNIx%<3wp2>?9gLOu<kjw`txu4Pdp;{R2Y_4*ui7;1
zlp4V+VZ@bMq56b*UZfLTTq?>Wu_AGq(Jl|;Xn33VA^uI{xPPl=_|BXydR~MXE}<eL
zKQ}Ey4?K-VtKCghpC}KDU}w8JIqL>@+$Zj`^9(yZ<U0Rg7KjIAHnMdNqp%1ed>>sa
zP*aHQqk<hKO(f}xYc*$=T))EZ=R$=e(}bI-dz#k)*2jG?Zl|f(CQi?7$DtkR-MCH!
zGld_;Ob$TR<^fz-E;Uh~4{nRb%eJ=Mubgl)tdr<=2-RsKcc<;Rng=mpVVqmvdN+h_
zGldGsq6HUdg)NLc0&4@LU&7&lWD;G5z~DVoJ-=6@9U}i=^ik&If5cT6BZwe}vP;m+
zLEtX@j5@=e8UhNB(4%$;%+b*yGYhP8V#Hu528Mp5Yg`LB2ZqolV-pB0|9G-hO?$hd
z=6o4iz?Bvg*|*~W&b*6C?hiGQ23&&6x`ybX>gL1yi!@s;1EWqMc>`cLqlQ~Lo`BzX
zCKq%$$4+LXyQo}KnhwPzqb)N9!f{D+<z(vt8&aHIZzjQm)%tD~q0t~M!p<w@cUW^p
z8o{YoG|2n9m&Oi6;oE{^fEK$&Ie)7VyjWmv*90z+M(&A061t0q%7zJkHpl%Yrsd&8
zyb8nwSTx1BAxhSK`oNP30x#g@e5My%5q;v!gJ0C3JVM-n2@l?iHgW@YJ#GMnWV=0<
zPH-P)MEe-0BlzV&U8R}Qncp>>OEYfJnvnyprpb^O?KMPvYf2Azj;gwzNUz}sI57hx
zD;N_JJOH*8SI8HoL)bM&);SIY=Z68GNf+y#_#AkPtZ|;eM^T`8e}nUKxg0cBiWq^~
z(`$N-i-|qVD}ZE_sRb0<@Yf^S*peCgS|~?Dxd4LQXKJW0A`6$%61lWGKXv0)$dx&j
z7%O4YbN$SzY&Hdl+Asq)%m9xWa6V52Fq31#qB>V5i{@V`k3Y}~+4-aZNdZMhHV3T&
z|0&nSw@{tKRySH9wtc(iLj#X!$Yq3YNvkGVl+xgEw#`j3vbBQ!J9VAxLa<*$)YylL
z<(fsf|4Pf7wTbE6g^*?6G}(?J7AO>vh>RIQJbIjh>p~ow&?3R5R}0nGCM?94cOSu*
zK}2)D2s5=Ln7P{o61a%)%a14RklbRBcW19!pbqj-5-2ZMSS>nUo8Ufij>ggboMLG|
z#pBjTWW9((BORjbsBEL6#VgqDYiHjMS-xIG$0m8cvYC{lq<TJaf&?XV_uC<_!=h9t
zE>a#~WsRN-tZJ~t6gePKojr-J{v3pMrh1&x5x|6FF2Gt9)#R2+yT-t4(D`51GPcCM
zUfh88piSyl+)-av3+f(bUIUWmf?xms-`el|`uG1ATQX!oPKgnq->eC9675XF+`Rzp
zID=11vE+nPB(vATGK(5*CR4Gv;JAPex@n;Q$28E-g$ZVV(i3Zq1a_ZXS?fMZRUR<L
zjJ$@C2cpl}{T!`+AZ(~P@EO5w_u2ADLzU8hg>%)r4_()ez~wm@Sfvk0{xY|gZk{V2
zyczxfY+>+^tXEWae*#k0A`l!*@%h_B-5-yJdGh^15QCXchBJbl^5ED1`2T{P?!oqU
zFow$+X2^k_CL<E9I8+*!O{C>!+@&=G#3x*s!)wqG`K=iu-WtVSPw-P0DRMJuP9MZz
zN-YzEne-{r2o*ReGkguheL0jc7^$m>XH(A|Pd8AByq~Ao(R#izW={3p5dS{#Fc9)2
zWao#*$t)Q9FKzYeGdL%iUwCw)S6VX@K277GbNizI$9Jk|PRy|GfH@pdftC-OWU{bG
z2`o<(_58wVQ(QoN`XRb#mlU4U9p~`Vx%hI+(<}e-FTC|Z?%@MEq!jgpS2YFXX(f{W
zmab;GnVjw|WTc}hg`K@Px>W`awv#dR=5?gnwgT(q#Q=Oe%pT<2%+1!l&sg!iRterm
zvbJ98US#3bRWxjcyehW<xI?yBR#udhg7!pqC@g*vyoTF;uHy7QU|YQ6?$&yH>|=dR
zIh{|bCSm5#=$hT_i!E`vR_N%tF=KN~d{Yc^t*Co#=Y6hXT=^T8eXTz;)>*kV%`u;s
z-Lr;A8P7~CDB7{qlz+dI*3574hTyHVj9c3|=uH42buNq1--Tc(pCw?=k%4OErx&b_
z5rH5w5Wdp2Yq&Bd>!nFNqv5^W?mP^K)F(ZNLZ=-UA3_~u`BO$sJqMYeXa<o^8ramc
za!ZPzzhqy~*X!yE$XwvFf)qntoN@zkOffZEji?tF8-m!EY<ZxP8o@o`xe9bWYS?vA
zpR|uOzmH`N@!nMwtCztJsIDu+yo<44Uf@djFv}toc1D0Yr3(0+4z|q-x_+*PRM#Hq
zP|*$)c;&3Wc7sX8N7QQ3&Dx}X%qcQxxLZvf_okB|n<iN6-vwb#a+l}=CgCr*QX$K*
z<#__p_-e7V+J!|F0}LK_wzbeiSO+CxnN5hiVi{GoE+%V@H(NkKTg=17y}6M0Y(Pkx
zBzac()igFGrQC2fbiC0nvGF}46W2)~{oVcic?->%#=KDVu;ZQ9bQ&Q?x%92xfIs5S
zdF)|!25`6J(w;G2!`xXE7dhuKmY|%?1>jORQE~mk80SM{QUeOw4tX7BpfY;2!jwXj
z6d9#i5nY8i`Jw}&=pqCSw|Fq+-K|zfyI$!A*WqEny2TqFr=v&<xgiDDwPpsq5xe+6
znLX&ROX^Y__30!1!_biIu2r|@8u>^Ikp_;f5h|G;U1FuT{Lerv6r_2wHdsH^7VWid
z8i)BUK1pUP<Xc1`U_rCT#6Jkje$0s+W+^U@yQeFQ9dn$CPGzuGk%dVfq1M@tYD!)I
zd2s={E)9Tr0q;RA-k3JwDsI4T@Rl{@iJXA4_Ij$@9^n7t;-oYcA1M~Nb@W6}F~elu
z;HZ1FYjOXlX55brzW*ELw`TbMGgQ&_L}e=)-GBZ2f8}OrF~taa8ei3MU<F@xkI*Qy
z5gbV1=)YzJKp-uoQ7i#V#b4U9?r@z>%3Hp%0rn=1M_7i$vFPalnS6rXm0I4Nc6U?z
zm62h+L5SOv-7kVbgzkrz`S`K2uwZ@@VjZ&~0m0e>{m!a(#9ssOo=6l$?Ev8?92Fq?
zk6a8InfXvVv>DJ8PA0)X!B40oxKa(z&(4`~idg@Na6PVNKoSnd(ao_V6^D(1ms*MU
z&&`deX>?$WDCLH%{Xv~c!L9@sZ_ir+yy_|YV*+VZUyn}ArxO%TZtPrf17^60g=w8f
z<0(eQcrTeul^Bvfgp3-EdmCNf;HAk`{}(klg%}t=tR0XxZghM7p3pB!O|kyX1v5~<
zSYgvhnkZ=&*TW`1oXHz_I~?gP_S-9BAW=?=39Kz3wL+BpTaf5kpiyWNky&jvGNoME
zazK}!vb`y~^Uh>Ch;f)sNbQb&dcT8E-i2ADV+$H0`gND)J!1mFUj48hO@Bt!AjSwa
zg^;CE(vK<T3)_z{#AN(Wb{?rPGs9x(-t}>0DNQoAi)W49i%buRgbehFT*zE$5w|v}
z>nQ*@q}+{>*+>xxFcsFEGfny-Z|ip0nGPV%A%4Di_f{+*HfD@WFh>`gVl(_DQZ|<g
zz@Nhb{1QfmF?J{i%DTXZ&|u?_Cy<V)m~H`giI&8RX&I00r5^AUIUBg^E17MPUorDc
zs1NFo=a7XZqZq5L@WysX_{eP+wR-JLn#W5&LU#8U0;cNhwgWNHmOGiicySDlh(?1p
zgh>Re1<Yy_tRCYXV(>VLmAk?sh{g~bMZAlMCy%0_=<=i0u>3CW*oC(;9~(h}IJk;b
zOp95}==8q0dYNQUYUI@>KSN7YV99{iX49k5$Xunvsm=Fj3vX*I%<*Rwcs~#4u{vJL
zqCpxwAcow1nzT4r47|z%)t#rn#rb&lwrfXA@LX((-{_vSL*6cq>;$ibYsw&n^eQ;u
z*q{3o3ca1$#xqvZnC8-<F~o&)C!M2ehfI&cc*yA~yU9H7BN&L(k7-=Us(WkSU9+5*
zJSL0NeVM?Rd*5!i%YL6woIt9DfEn&IcVy5t>Hp7%XZ-@~y0X~5ZwK^`ttDWyjb{?(
zw{}cAq|ETmuR;!Jq#}V61D2Y)wHEc(wa58Mzf*3n7b7En)Ebv=>8@0wE93|&?gpa#
z7i6&Rm`Z?ErM~*i)g_#GWimKkbM#=k(A8hfNz2T))cJwyMC4Wz1>i#G4mj#Sjgjq%
zHI$iG5e|z!2Ox9yK_U?9L*s~p;)K40Bp8OLNHTL)+(1B%dv!N-f%T^gbOWC*@Wq4l
ztFDI&JGO{CaDH_7_ShX7fE9uJa0a$KFNoc9(B0nN####;S%z_sOR$zS6nQ}SYHrcZ
za8DBCU3oLE)P`a38|AlV41;!R@p>Z09tpuc7(}Dwa5!0lAPiqQqOf6leKVQr2@lSp
z5of`j0F)^RXx#$~e!jRkC1_@v%l02LpdcUKsBtKHTh3z#yl%DyGX+f3WAKfA7-TFe
zW7Jt@4#?0X9y(y=3p6CISbNsN!tnxS&BAJSh$Yd*cb>YlIQm^MHNfsQ5ha|c@D?Ld
z8c;5wBdXkVQW%|BBFkJ4JgSw9gF{}D;b4@~C9lD8X$!|0cf25v8~g5}FgX2iE<LN$
z;)b!wR-n2xXMhCew3uQCDS_lvDez_rxMD>!yHu-hD<rw+j<|@Dt1N`fb~>bT3@V=<
zH6TXIi%w(|PPrw>_iZ5->{~PGe~vyx5+QDwgO@Q1M~f$<U7eX3x(Sa!I9$QPE&zuN
z(V#&%CyWu`wWD-6<rU`iFseep7b(8-s-0&{KiIDg%yRdk8Y8YNSK%b`%T~U1mtnQ2
zWkXODd=7k7TO_3@6I<)uyUA|jlHA5h3(mF4_>()*Tn09oyGE^cglON>oqD;PJ7Cd!
zgC6v#7FWOv&Vt*Z;DggEt^h)K&e7lHAdEvjS<K8cxWwaKW`E{$I4+-&W78T8nWJLK
z;|UQTHhuVHcM<)XcUx#M7c6<FPepqxo9}dsepea^@rZ69GgB+x4N%+3Fl)y@72fWa
zL<LSAvK9PAJ>~;NU^;c07s3CM16l3zpZWy&+G|bhN<2iZkG7jUM14(0E~SaU6@IZ3
zO+m=uS(QJYe|R5E!VDi``_$vr&gZD#%FoG3S5(N*mV|1c!;<~&&Kcis!2f$m@tau&
zf5}yxZZL>qM3F9svmv}k;Y<%69H<}Jj$_bM0i@8;#~(*Sof7EL3YvKax4`XYr?GHo
zr$2x0?|=TRdu)lg(+=^S7wM#IVF^X7@KLDJSo`rp5;IWY?DV{=&4A;u>deLJj461G
zhf^@ObdCz@s0k0PSvG5`k{r2S@H^U06~>sXD7L;`+QyWnJTw;7nZ{ueMUTbZ6a;sz
z`38u;FThR~$9BBtBrjy7f6RZLIcQxjHTOg6rnKY(nIqb*4AK!o1;lctQXRQnx_f2|
zz^$6$v;f>MS#n0X!EZcW)b`LXRB0XR7&lKJqwhOAv@MNA;I}uH<3552;-1(Fhslhs
zZ?5%x#1#g%)Fa6v%^pVIOz@xEmpGSU2{1Y{xCF1*KH(M0aoLIc2MxmnM<@&|Ud0PF
znG7M#7R!-=*Wx~G7!BKd!TAs(8E$WR`V0hpVQDq72Gt$}JX=I?IQ)3=!6!N3c8DD0
zP5A=vwxQJE_uKz7I6D0pOba-NzuM`-I?ggnN_6<zjQh1_^al6`h*xdc4PRc?Y?b=1
zCnjxp4J9ZiTy#1<#{tg?VhfeyJOm*{%8SsT&mEPXykwq?BNu2zQUI|?LYo)lC4y1Q
zaK=SL6%rx`)0c-(181EU5cYh-l|4N_fx;aDrqT_O;j0iC5{JNWkMm#4S5{BtpmrAr
zsnXgai?e2sD2=gtIz<K2TBnfCz=M9N-CH+GSvozcmk!9`{|`=m!&+Edpc7dOnu<`i
zG*TJnbH&1@61ujS`$|_J=0ldN>D0)HA$3uy6*%&)VDiSq(ZU%tx3s=^2v?Er4coyi
z98GB*9)S~Z6UiVK5azaq!ElJ6OkCXb{TcAy3IIxD`M<bZAFSE%Hg{(SQf}M9QP@ua
z1ckhV&|f=-Q|wn!mY9-+8ptdhhn7P#;+G%Oz8*HcR%*gQT}SIt6X-C7dgkEU#yXqB
zuRy$M5=PDBwED#OBhP*ca3C1?HRao#NtO;&(Ahx@lm>|`Wo*33@VXpr<n0fpu4jjM
zZQ|CGC9-flVV~&LeX-kByM(UmJ|WrwBmTnln@OX-1Tc~fg%db08~K`W*Ph2*pd95q
zCqeeUn{a3p<~M^BX+5nt7BdY2&&AF`Sd>>_nE-V6Cc3^+na|3=x9E29q90~(H%9pS
zcF6IUuo&J*72eO|InkEhLY%7-5%~pdb$^nMuo)It-GmSYjYev;rBzbi-XF$OoM0eP
zw+k{FWI%Cju6nd(dARcBHnj=;wXJK=AKwjbm13B-!kA}M+5%}sNI%Y<{qd=EgajV0
zgHnZ;V*fIAXTVn%0ID5Q*31C|Jy{m97noZeWRS}W`u;}23o>diKluDv%1c2y98Q-g
z3_S-K{*0A6-UUQCUl{@=DuEH8@3z3n(U=F^a=}yZ|0=yn<>GAigl(12L8@mY8J6oH
z9MTXl9nSeOyrShu1I27@zjSKqVcHN#8RSVDFV>=Zxz^->!#O8~slP$Kzo?uUbRfXk
zG9w5ctbRLAReUn|Ty+<X5KW?v6gmHN>eBSImoQlWRv@E^hBs*r-`TYPA*TP%29o;G
zK?naTx>&(CrEdV~7W_=y6YnqBLa7)E0I`jW0;Mq0pGzqn4=!kkUT#48-vrVxh1uoY
zRMIAB{`JX)hUJeO3MgF65JI&ad7(68bv&MOyDsgKp-TrRqf3K!#3<2rnsKAn43;Os
zHbio3hRC-~bJr7GbtVm9he|S&qo6%s?g`nUYsuX4uurBiLgqm5@~~t?tU+lgawc6l
ztBrUnVWuE@A3~0Khf9*L$)qo_+hCGKcTudaxuh?MpH&$ddCRy9#z+)ZXe>FRaZsVB
zeD?395~+jg-+#@?_-%&ry~D?&GMIkopMV@ow@TxzK_K=XM3HPc=9JKwiio-qK@}l{
z$WwFX2>;MbH+neDQYOSG2W8UuFNC#NF+VwN3Ov+K$lvR@*X{J6ShNJXLbLP$5}6#t
z14z6(KgQ1HOqVdR88#e^;YFBor&m|eQ1$f=75FJGaziWG4xCjoPe^F7!J95uF(Y_7
zyNpI#T|H1-UnG0~f{y%5UPtrFX$@U8xeQ064DC2gx7S#noEP5J+a$eD`Zi50s2YsS
zgVoo6>*N%ip-ZzqkEV-P*hmm{m<@0G|29Q12{$x211U260q5hG5pDU51U(79G%}zS
z0^Z*Wj&QtTAmci5!SyT|-hd3Ezw*Wk143L*i=nKoi1Jj{Sd3MOF6e3+H^pbvN-20z
z8#o(XCuH_>)9r%o^At~_VY|OcA?3g^tz3R!b2RTuY|+&zpgFxWI+V~e55!DLF<V<h
zCMIw@5L-=jM(Xow`|N8wj5AInWMVm*rIXV@I|Pc<=_m%W`vlp%tgEh*(6danB)Mof
zB}Xokyh}6F;Y09#7lwyL8)Bukz8#X+NEgXb8ecpuH>?^SR-uC|UMT~YV@fk_#ahY{
zaIAC}sr!<^^%@NLGZmudcR0wl9fB6)x*#Bx`NSn5i#UZEqFCq$+uPgUZg1lycp?8p
zhfNVM$sGgJlH4uYgZp1{=hn1C_<y1xXi=zyDvl{-M6I<kC6gNPs5mQ*o94GW;OnOo
zEPObW1$QkLG9fs1<wYi|r9ssud@3~Q;b(pdFDZMjy`rzRJdoNMIyXkfiC|;or8ff9
z0(3$Nl$6b<tVjoGaic48BvdO?)^(j)xfKxOjyIy#qW0qdM>ICVo}u95#ZjQ=VA_F+
z6ShOl9MSXY1t!MNXotl03LP-G<8*|=2Wvc1u`2Y26*SD$C|)`c?$L46R@$t9m1;B4
zjx*g%^(YOd*ORTrBj69lA&e!X%~KcfBjEV3bv%sWJ-Dw&yoaV(@!zma*=H@v!)wl!
zK=;UJY=o~%yQUme;g02+iJp)qP`%D*3mv^7Oq4EjNHdW=Q0b-iMqS6Mb{&)2^-X|X
z(m>&C?wC}$%{rIU3mZJ_M6)+cWb#t0CSw|?dwsbOqm=Yf12wc$lNiDDSLvxL6BZi&
z-5k;o!H>&uxObSo&NB6!wb0rPlVW>6I3$g^$iUV;kx2piU4^aC&3KxgQ%~J|_}n7?
z#V^M{{`}#?zi0-=`xMLCeDZm4uLd`1dMmCymrkTfIAi8N-AufQxt*SpI1kW~8{G8h
z4!zA~*c5ufdJ!}1B=UxcZ_U^l8?9~zX+wE}wkJg>CaxmmwGDh=dKb4oEN@t&x3kOy
zLx%e<DPx|}=!Cq0m~1Q+CDS!eYlY>IXNWmXak%D!^$-&*I3g*-d{w&}q9H-adNVEX
z9NlXi94FUNqJ(U5!VQpGHNqG~Z*H{Iy+oOCXN0UOhS$3deJ<PLu?vr?b0V6Oae<9%
z3k&t8A;?)P*%lY2?FJt|p1js258cSc<>pR4OW;2t>0kmm7q`ons}-;^?uC%D0n+O*
z>wJ8=x@X_}+P*XLlJFdUWtY@;sQ!T&gdN_`ECCG<sN}943>8ST&js-yET82N3D4_J
zPv`Y)6zw`xG!42#>%<B@erU)=ppm-5$$_teG>K<+Y`O*}*@Z1t40;9<rdbQqB>Fd8
z`aM$PNlFU_FK^Y148q+$3RLgt7}>=V8kB8{iLaF$@%y@t_b0tvB{Zj5I%I(+_pZY4
z4z6D8_YQu)^ZVZZ!HeDAVDD<!+Z}%YV(;q3i|{IZ;b4&w-80b}PbXGd?5<6&5HL(=
z?1($BRfk@bJn0gob+BEI&@QQTa(;1mas2N1{l(?k@!{(~cd49{sQ8DI_m_vKr`=!-
zhAzBTmxFXP`$5W31)L=9e4#RFIGRc2D9CZr0Qe+$_nQyh@)<i_!}1NI-1*)uIWhFo
zym8wE$cue59pMp|S9??!L8v#D*Y*FBr-=_U=)4U1ca&k<MN#yk)gqj=N!ewgP-<#N
zgVRX+`AIJAkjp7<P!L72Ly%`kTEi>o-q4KDFyf%86|ZlvO+13umUGg)oRRu>4&9dz
z(IS5v0hiUTr&vF+xdHJ;X3NP;9I!J6iGL7)Wry$MT6wVTgb)fe!!Dcu-3}q1BUo8k
zE;4d8m1Rj4bW3@O&ld9Jcz6(&4^076yHoFx6lZdy4`tvDDKV}!T7O|{g!46Jx9}|I
zY2bI?kC}setc2M03)T9L5z_89d|@V`QTEJPPUM8!dVA?W*>a?*dujzj27y59o*Fhp
zcb)@gzU!B;87n`eV)ZYqd7^T|l&}j#r8PGGVkvAKb(J4zR1FD3RD~XuRkB;sM^V8R
zg5SFjfZv(=3mhP(_|&fDq^>AgeQhaC+6U>My#I9g_T=^D;oIZ0i_42YpB^{keythg
zoha;^zH7*U`ep#$Ez#ul#4tUWTc3zZAh1Aor=s?e(8SZS3dkH#U!M+#f&MwlJ9yEM
zw_|{3yrDO7*9Alg#|}Q&jvJ2ch$X@r9s|4eCAFyca&^zOP?Lt@-O*KWf*U?*_QN!h
zArxv<eVe<Uy3u$6)*h@|lfqEEu`jfV`72M$1SZ0eFnIUSpzE8>0c#6rJq&EO0@GWB
zQ7<lcx4BV#?`a5VD`c|26?`IRX$FiN)C2@Xyq~$%2eyB{DaNr@Ncg+D&h~Lg*x<P)
z(vfOPHU7KOl4osVJL0isp^x%XG%}Z0=<aC?_i}aN<NJSk|KXSS6k_mCwu1YcC{{H4
z8NaSZf%&(`?+#Di@;`Zs5ltd4b-8d!%pMKZ#v;sr;<(3CaoTZ0PeORB(Oa5prB=Py
zpgx^0qqUVF?f!~E+WHh|9;EfbS?szo{bq^enRE-=At0xz*2%F2ADhpjtl(?~Ul;zR
znu|~IYq|4}sR3B4O~UWfdp$ril&v8phvSmHUElKd@Z$LL^zhHfDRNwf<DhggMZA;m
zYTg|Ft9T^$)O<&SgeRd^w&OI6NAXW$<2xMR!7jrCYUlk2{rbsQp115Yq_DQuDDTJl
z7*$5LW9n~Ci5JdW%RYZF1pj_48I&)5)SeGNk5a~u=N6gJSeJ-mUtPr2m1Ankh8(pa
zO0t1-mw|Ipe=0QAL2F2{UREeo3sKy?2T)vtw76{IU>ttN;ZrEhEDt&Z+;$aav#n;_
zp*4eSwe%VyyhcE_&rxmH6LT~8tS9MMCD-7-aSvpXh17t??S5M3F0Pv1sVt{?oAL|}
z233+{c<Ahs)ZL*0cV!ie`-(>pMrY$Ffj34&lmFm{$WGmcxci2JttSkb65Q(P#dM<S
zb#ND>@pNo@7g=Lo8GMwq!h5AGY^P;Gf8j`(lqf9_SCvLnnryNGSJxI7+JLKH2(Gpi
zSiQJUAAwed#e=0K+hp3oA)6C{IzV(SYQ-I^;wB~2$liB~#<4(#QjU`a)o0`ziGMzj
z!pgz+4h2Q<D_o7?BC|~~rL{t_-`7?{Ge_*Y*-JWCT(iOlZ_YiQnfO<ZT1vSxAxx@f
zW^Nq3*s12S()@6+Vl<~d;p#FvSB$hZ*3l#not&3@GAf&@%N=J7@cfj)+REa!Nw%>-
zYkj&{4YV$(n(LLr(PLwt9&5H~iEtNL(VfLs)N`1fh4yo&%6{&&M63&7NIQNMi?<VB
z>OagML4`rxooB0%k#2`z8-Oa-ZYUQSN$NISIC;TT7CP9}O#6;UQ)&Y6${47(YDDfo
z{M-(?o`-sFycU<K)VSi!-M!LI)Fb`5xpqCc94V&}^K2EthGOt^my^wGNOf+l5!*v^
zP=usbm1h^^1nvY9XYsc?;q%eB0a4y1zQKIr>E6I1u%A9q!*H4tgNkoo?iL3L3O?35
z$A_^BGx)pmoAf@nCFdxaObbyo$$GcUz;3P|{`&X-%7amKb;T_`>9hdzxs2&t3w>-0
zILx~hz5o~YRPdamx?lhMKlPyPQSi=1h+YMgIHcO!=K`_gpD*6Mwe<Cq*X@CdPhKCt
zJAHW8wG*Me1fR*1j^>MY+JNkDe;>U5c>4C_2w7+EKU|!=!GE57c;Aexwq_VI{3F8k
zEW=IX?^i^TTc*?Ni8EF<01I@SJEs!5;~Vr!nDSA%F^u2xixY_9Nrg=m9B^?s%?pSF
zAVQ&$t0uqq>QxJ%Xl(d(z6Jy`H{o4``*QPu<^6Tb>>E6KLGv%Jg^_uB;n<%&<n(~!
zuS#0ebtf4Uu#NPBVIeyrjRG3odcYDi1y0!@(;H-ZgG@i%@{1k@{*DDbklxT^whgqg
zHXLSYo_nQ~c4!x&(|6v|5R*(X+1n2Da7eo}q)S-48({irXT7t%UDs)wCShb^EVv?I
zWQfg0_d<~9?+3f1-QjlF+a2!j_x1-nSH17m!LYY8*baAxJ6GR_JKJ+(q<Mdu3>T;8
zt@1|IDCP1LX}{CUc6hxxJN)?i^3B`BpKROK`MdMVA<?IJLbRLtDhsD033k+IZdCNq
z*~tZjHE-?KyM<$;*9i5l^R%8cLArAlWf+g}2EeT~LU(Eup^JmFd=~VKX{cLPE0zk@
zEs@rVvzgi`A2Yxx(J>=du}$vbBq-<z*f_6`8(lO=?8C##AuVi)Xlx^VSulP-yx#-w
zY+h-JoTMLqz8Ai_dSC^&uobrYjjQi~uk&8YGBMiDgW;zTh|8emeQ4JT<Cvlmyx45f
z)mS1G{1$ndDg`%9s8KSK!Vv8<ezFHzi-O-;L);f82q5P+M|E3j2c?-uEeA=Dde{|u
zAB45Oa<B4&+8=_{?^FFjw4fo+ucq<*+B?SJv4J&KqibjFwJkSluiLRd!l8y4@9)J2
zXdR|KBJeevLaS&CjQv}CoWBoVFT|vzzxg3=&<5c8mvfC;gVfK{;jJp{PCPLEkPGYS
zb9e)BIY5%js`e{|g{UI9&v7juyg0@k*z>#jc*tinuGX5t)|&;*zfFD{rEUmrtp#0W
zhIkd599quZu{fJJjA?MNUb<U-l+y|BuPkBD?~Y%ee0)dfvlQKO=Yxkx6ye1v6J6?q
zKslU33^P(i7{wgFLSTX%I)jkQh}ZM8^Dci)y~FV;9Zr$?nI`%VAq=U110Rv!gtr@T
z`)h#Pp-~Dtzpm_2hVKlD6XiJA%Q@pTNhB7Le(TAUUWKWRRy;VwIi(U>g=|G(E3nM?
z$MwKkT8Ub}m#x3D;+GOuGmAN!f+A$71j||cp!53udGHM~Ux_yx?C<Zjqj{DH%jO34
zhT((^vRKO^O?~)L<5l+{!~$#fIc5ZXW(oy2VV1yQv_o>(rv3ID`~&(5+HPqqe-NkF
z#+nSdUdqYr@@tfyfrR$Af|DyQzS}rW95edeuEBH&AR|{iRtVHZ`PfstSIA|e9n|1-
zk#3<zUB2nGeVR&McY3RJwKvwR_NEy1dI9vEx^(7D<!O9pLr33Y(^@h#)m7%+sjs_L
zCVY8@Po3f=U2QSAHZh(gQ4w(!7LAl27*)&mCHTArBE(17izG9R5^=zBI9u(O-WtXF
zk?6JITw2l9_@E4+NQfu7Z1mw**2VSW6d{_HO!cyl6Oh!%uJ~(*xP7P*ew0zCl2yfd
zY(nN;dg=>*L2!N_$)?29EG^Pu3h5qgX|x_iny?~D==ixUku!K{lo3;kFzp8Kij(zO
zAFb_3Cn}*Z=Eb&@^Yaoa#FrvdW196%uSb*sd~XnGR9=n}6g_Q?gwJUOQ$V{4t};Yd
zI*6L^RYy^Wl#@b~V^%b6xyBf@@w#tcXJ9viUXmh8aA6~f+a6a-M0+Tf*EHNa3L7Q3
z7(9$)6?4cCCcF!RC2u86yj0d+6S$)|xkX|)%`$j-ywX+Ab=qCLnRKBmYb)2dOPK0p
z&eCUAWw9SQUv3A?TQx_z&by91<JLz}or#KTdC(F6-8UEbMuA(;a_Pv8#_&xZ>L0gE
zCX-TqJbN1;m9!z{#<hpmjbN879eIUpI}`vrwNo!tv?|eYf|IF4c32$vjJRf0R0JaU
zDY}rbMcDl>H;OCM_ObL-Y!UB(_HT8|-rMuav@jAUqJ@w@S$9r<fViOCaZI{>%kMZh
z19kiy%MfF$E&;smN`W;U>gAF1>f8`bZZ2RCIvE^J7(~bOI?Nz6M!GWw+XFD{psg_&
zUxDWLmO|#|F`k#pULk~R-c|uU?Sbr%caJq@5C41#*6|w0|7O9j|M&kByiKnmlEHtS
z7vK|u&^bG-6Ya?F)MS_cH64t>jNlLU@WojQA$>4X!w5+-&A44_hS{s#O^^8(32vj!
z4FT)HYWIq?hl%PCqKwEtn7@FtOR$xk`}m5ROkpAq(JVL3V81uEPUc;S3TP`I(oCsv
zaOFNs^AU3<?Ohh>t>U1;E8FCF?o8|BO)10>#23zMfkQ#R2`6eHF<_)7R98zA-a?(m
zF+OzwjxU_{-<%wM&^W=DHF>UuvaLI!kGx<#TR;Q)nOKM}VrNmp%~iU!f-C)~ay@v>
zq)GsLK!m?P;k2+94&GnZmBZ81vk#w+Usvc#NB^iRkG!No>hNC>qg+DbI8fQ;ILvP`
z=xzvZ)JihIMd_m26b3TmOq5I39-(59j+r=>vmVq!VI&84WEl07gfzRoiqrd`<NY`)
zauqWw8RqaQnA1*^7|95>=MTwf_*w0M#33#Hku9mdSaJ=^hSXr=*t2j==s3?E8BHOh
zA~XEE>*7`L;=66TRhJ$@=P4uv1OxM8Iv60=n?BcE?Jazsw+@5YUe}PFXnW9#6WO!f
z=Va4Z#5Cr?Uqp??(Vvca=z+Y*jLAMc{^{iW@~01PUvJTAU?djowL*UTTfq@mHc?|I
zxUmJBQ%zlt<TlB0unl^q{N>|u4!2Qodjd&viMhDz;acjYB-Ew@CVAn=g)9)79y25a
zi7R~_z;IVgK1(2G!7V(aun6@<LJRf{WRlxEe^8%8jBT(G(nZ2y3g37FegvG&2!4<!
zmvNXE`#<dL?(IV`bPci3C0eumha#J*t+}?}9sXSWa$4<NZ^gQ|+5&uS2gV8J{1LI&
z=Mh=VJmMomcIX%^VP79WMN>787NFe3$yYLU1)qA;D(Q04j`DNk?+%-?t&-U7EAoC$
zZzMq?cyt-7>oC4d!m;YI`~yhX7^A1B!;$gCY>KRMjO`~kX`&=B$GGD7+npD9Jw~I9
zNT4)g0W#2$9ikHHKz`AcdCXw9<XBI|xADag7xkz!!*BrdbSVU|5A-MjGa7gy?WMw{
zr$A1)qAiiG)Ud9iBus`8wmS2L*?s83{JSsyzxAEB+ae1N6G~?oRbO)ZeK)wq8qH;x
zBvZIx@JcLahzt7eV0(M}+wJYGZZJ;4N5!*CgtqmscfQlVr2$~@{L7IV6ql2bKEZ^9
zy9e?zFs7HdaR+`$o{1B8Mm2+f?Hx`gy>r%>A3V)jWMcVGcp01?zkhx5{-?{c<4-5Y
zztBU$m!+2zv>dCRWKm=2QDl+2Q~jYdcZYLf{DR0my0X#zmR#HzS!viAeuvAWDx&)m
z5$z_;kx(+9H|W7bEjb0bywxsm?@2c}=SPvMmjnw}?lO<AlaNrjFb{qVbM<1srxI+I
zg#;Nq+9*gudzYpAcKm%hh<-dC?0%F{MtHZw>{ikBO(*d1BuL?7!H>Q&OoA`DqAfY^
zPnt<ijbC)g4iGQ%4RR?$hq0BDsW8eo3)zn%1&2DOQPeL(BRH9VMZ|-0`QG6XIdxcP
zFp5;@%2nC&E99r0B&85DI6Zvdl=lC%=f$|D&y+;X@FP=zXWPcvfCQ4nnO+9|;gCqy
zFyOl$uuepRF_*Jy1cp|wmlgu>wm^BRR;^z|cacAyHP)yz!be1>snE)f{4f40;9s#1
zHd9j6=LzxSSWTVR=@{93jtr}6h!!`O6QhS%><34TF1Z95B+R@a2!Iv)*T4Vg-WIcC
z^56yh*LO=%WKff;uqy<`#t2$5ymb$shV?Z@K#RhTPhAYVe%mst%&w)%SU$mFnMnYz
zVcGzqzWB9_hwc!_@M3$r_u{+lEjAdLx{K8Pr7FV98_?st8CPyYlzB!(nU?GFdXg3l
zO$M1Kb5%(~hCHUi-lHr9rwA>Pk{8?P(XwGtj&OMS6V`R)go8mACc_&uDGTc-@Wn_Y
z2KbapZFqceM#xn<fmIP@MTWA6s5&2#!`GYW<;z%8$7YG3$fE0OS!X||wEVpr64tCc
zqef<AaFP53DF;k`aVRtu+9;~mp~5_bGZKDxY?*PZYvb}gq^)B-vgHII@$6g6M3;}q
zhiL}s9!4cPnziFpP+jIXOUMEVqa0HGbK~_n9X69$`~<xzU}`IQI)^Ui<|wVKn~;fu
zgar{+Dpmtr+a<U*7c>>RAhs7J1~_GtIabufMT-9!w>o6gc(v1c>m=Y{j$z!AWmC$i
zBkj7-R;L3@V9gM98KlD5xL$<OzuUDmsaA+^uYyg+)UYy{NYj-<hkOJ{oVH8s7}*^U
zX6~p9dZsK-c0)I*-de^Jo@3uDIdkFH@ydO2)9_WUqFA+qWwt-Ruf>%Sq{QSK*hvj#
zm4<YZi_1%=1uex~3g2A$W`)`$d+@c{VsJjRy);>xGqxVixn8EzUR~#ZB9<#l?<tZ@
z!n^2Nyv0pXOt6`Yy>@9V3tk**D}1f)E>fJWpvQ9+;lM=|!-7gydIJ#rIzvt-ekynx
z97nxe1K_g|_gfCrZ7ygTt{6&lgq<%UGA-QvP%cortfj6`Swfh9g8ANMv|^r1Z9-@I
zlK27e%jiF7EXZS=C8_CGGy6(}CSC8v^ZW=Ote41eXv_cgNPw%~;!&RXhu`e%@4PrT
zIN09V-q9~xM1hj!HizfurytHP^s5aiN<)-8Kkgpwz227yWS%P366JWK$4VLeiZ4^w
z1Q3r!45g70w`%6C{6SpbPMm3pRGkLCVAth9J$n6?V?b3=8D0ke?w!lu=%{D|_5;)@
zxemwgPTzj`vqtQ@@;a53@AgruUs1)l`n^!Cx&h4`(Ld%NdE~2|19{;B(iO9<JhD}Q
zWUIOv8ntPZED#Zmns<5LY5G(${@EO%?3G@b<o=K|F`RZH;{;nGUiZT8eZegimXp&6
zTFNFo0+US`41KA@gbJ7CLVfz_(_cqNKYkkSewvwwF)?HjA8K=hTy~SGz(%Fp<6Ij<
zpeR>lUj>?`n52ds)uZ8@^ULpo&Z8}twh*GxgJnU3XK_TG!vW+1y-A2%!5cNa-3rcB
zFZb@Izp<qhoD8NCx`v26QC{Dtj_NYAMm%Wsu07&={)M?oqbcQr`eB?rm<UK}hZ7|&
zV!M6%A0i5QrLR%SZIi_F!Q$1m-ru5!#qq>H$A52VTwj64<*~BzQXhn|0UWbF))iss
zSGx=7SN`+ZepIu&7r5l$9)TsY74*QWFz*o{mH1mrk;I;E?JVSKz%2uazQPTyglwUn
z3%cc7M3Tx9Hjt{xa0kWo{f~XL0=jyF^%V4E{V*;BXtm>%otmhBL93cJ$TXXK-T}4Y
zk@$ldf-5+{fiP`CuR-E{{lq~;mbod{^BM5dzTMLrZ8s^&pr++mXsG*VID|{uuBQo{
z>3tTV29>BJmO?2PqdRvETE;uudm8Ty1PFn%JE(*u{JR*t+qW%SC(KjK?M6)@Pi;tN
z?IN8$S4Cb=QqP((&fqJgJ<))N2xmx7&TrCqG^Y$-k#P1n*UbN>4T(&eOEHs-l*e)z
z#RFYPr`M(v#I|=3`zr~&Ja!R@4C7vf>7yTK8$ElRN%s2q=<UgSzxBgY%!VM+8@kvM
zbTPU3mvI3eX~PzKOu`$s*c!0K9Q($e)H+d@BBtZ44M%LLb18GgzKs3Fe2OX0!XKO2
zS2^}5!mrvf0&7DGTMJUyeqHDP{wt8cQiCkG?61}0IJF5-XkLrvQ89$`VEFPF)yveV
z*OKa0o8XTyCV7<C#ip%H>#8Pny_U>!p3_C6t7NaC&DQC6!r_`HZ|&+wNJzyLt}=J)
z_1Vd%<FoV2w<kx(@6V4HQMg{i?{Qe%!J2TmYCQGjm|E<xN<^<$JT-5|>@5ebZjJC3
zUYUouSPSvFY8n>ndnK1^-6&4Aoy6CtIJHD@Pf_6q#xX4*CrKrNHJDjR9$U$yBc1*9
z=`Vwy;_3f&?opC9I$a*AB;iX5jMufhYBc@{CA?=Lyb3zdp<Ox}CGa8e;=-$dhq;|x
zgET&T8^Zu$vCRA%@_<NT(4;NtZ8K<)fC1KhswCGNJ7p!DnRzpc@<|-dg8AV%lv$f+
z$|YT@gtQi=`{r_f){y1ng%3~W?<{FD7IAk>?ae3fXx!k77(7JTxo|HHU14)AXi19l
zwwln@&_l*$RuoY+@GC>u3U@u>DQ6XT$qa9GF4cyf(=2)pf~CFJT3^aYyJh8Qb?>^$
z-5y5H>D$8#P07K+5|*j%!NVYB75>?yOR3nd{c`xG2iL0*f*VI*RJhc;4Fe9{_IJPE
zYQ}9@GZGH`BSM!yYzXyZ-MBa{)Zq2xJA9Jar9!Ypr|X`L`g{`&q9PBR6OeO>>|QbI
zZgb{eI_GJFCZb*%ru|@=<;AxUE5PaBsCbg=#|98L7c>!2;1))<c%wCD1wOsz=aZj)
zCUVULLveCLyrBq_U`cjm`5Arr2F;gTcb3dhFN@)RDVlsW9YBojY7p{ga$X2eM~>`j
z+Yz4z7#1krpeyhA_3!`11|hK7niMLHifZ-D^!j0r@Lj!=no-A^i7o^aW6%m(j-}UP
zIEJTNvO31nM4tL1#!7$rS4`P9e44M$r_p$vA#WH!FPubk+j+&lU`h5mHtGDyX)93g
zT|~X{8k2sT?bKX2;pJtSnqcNOim|2mF2y`dw=ePHOZYz1BoD8I+M(|qV&u4oE}&mw
zGPs3Q#}KaKNN^+Bm&P9ox#*S9H$#3>Z+H_X*VMr*ujvw`9#V}Z&G}B^GvK7tsSL-K
z(#$YcVKSYx;uQDH`mQ2P*&?UGwMrD(($Kg;ULcp7H5j)q`on1!gJ(=9TiyU6@}^=(
zDYt8d97}YXG|N=%4tLL~=}*To9bEPeG8#{0pS&Zk#_Z9om+f&-*GZrAmJnn0iLU`B
zO~<Nkq#>6jOlE;Y{1fjIp$(F9vBQp&+a!I$IPixG)kGiE6}~V?(xeCBNjXraMpCk*
zJ6hRRN@uI_T;6!TIOjUq$!V7Z$%AbhK!VH<;HN{10i|ZhyI*j8Jssu!O%y8`ctBnx
z9Nw^Hb8yC011q(O_Je?N_csdXbT~$hSt2%xBN3rqj;5K8mdS6J=@C?*jWQylOZzlv
z?q`l0;590`gXh8{S|ZycaIjG_RaR8I03<=SON1F*7zaDsMqeeDp>B4(>806WDEpy2
zQdWr+0mL)#*c@l8m`lJKZa-8ucdnRnR-Y9w(g|4xe5w%&je`y$4}4(+-WGXqwk_6E
zU(N73bjPTfOxgm|h|qx7NwBjBb+04afAr<&wE7-?3ZCgE%qh6emf9BnEackx<?v14
zseS2^0ELQM0f`-{Z(8Dd8bvy|i_&QhnNvQ^C(#i9LvK34j0nCQwXTJbXC=`!_H1Ne
z5~xF&us6tvoE2pz^e}6`BMCI-&Q`}RgE$@D=9G6~>wNAkg@<R`z0_OAw1>k2$F9p0
zbyWLpaKbylZ8e0qZz1-MKj$s1mLWZe!{KdjkbX9`l$Pkqd3aYYQssILS>C6~Tp%)a
z7ma9YD@|TCl_(niqH9l`FgGY?Q;^NI<_LVG=$btxUcs()tM2VJ@r#aw%GE<#p~U|J
z>!}hr#v$St-t8k=!QmBcOAhJ9UF)T!gAXEClO1#<AJ_^U`|FfLaXCDsoINqb_`Z=a
zq=zY7K)iiKB{+=r1!hJV@ms*$WYJ(+=t`z*CX8iys8B`-|9c#yp!6w&Rm$NH!<}$Q
zCyuPbqFHlOn_Mg!n3H6LFuuyNH0#T~2pm;MKtaA&Q?$Ohcs_1?a=YOVv*AsIZVrn;
zgJ~SALc{udOTqe>NdLsA_wwPgD<U^%i)--hf%gy3j(+ZK?-0B%)IqcF3Osjo9VKW3
z*sb!+V!8FyQy%>Bmy6&>jK?zWQ-rIwbI=<@@&NCmZirccH3>Lha3syRQEP_zLmC08
za4~C$@YW3R-zfE3(*X1kj`^|WS9(q`uIiJ<bWIX;4#;T+LLXvAY|u;%w}D#XB%Zcm
z=K}}%4Ln;;RfqwQlT7iIS(M+>SS~%nFZv547W5h9H}s=3MWkB}jTVmK(3<uQzpE#T
zB+(g`PomW5;D#*lb;ts7dVQ@%JsJV;O=!`l!J3710iDOD)8abCmsy+P*3;q5GmdG!
zHZ*KKoU<Fw$QLmr+#pC$4t|R{v*ONhgjkdb2t3{uzsME#!I6OU8>UH&Ivxgzx)*gM
z-T-#6d`&IdPz6>#dV?|1M9+b7M@O^*5#99=Q3T)hr8V8p)Rln*^8)mri5J>|==81?
zqN<#cVG3+q6GZFedPH%$jzvO2wnAKpwU?)US^i0?p;E&=aabkP@WzY}Y<A;+Nu%3%
z9A-0_(w1|rgC~%*LkSPO`zqs2b%(r`;V5G2OejIp(7XVFY}DbKFiTKL(~K*~<^^~v
zTS1;`*C!kyT`g{kudA2!@S-*d7{^vTINXB32tH~Po$)}Oin$j!N>R9Wt1a%=CP0~S
zA=Oif7f>)0)+0iEhcXxrBTgRIM*|LZD64NFfk2}$zZs+;{S`xLwMp<qLIr}gm~1w3
zlTH+`Q80)9ivk2+k!I0fIm?tbe4LsuO`A5ckOUwf-Y8t1;E)#7XKXc-_wpNu>Qx|<
z+K1_cHyCmd4}abi$vt@7iZFxgWr$tR<DAB0HHyIZ#=I88nZED2Y&<$ki9)0~=wKf9
z@x=HH?9YSn2IPLFis6lqSk}`TUYl5dL0$qxE099&ya+h&%)#A)Bvc$u5YPcF9x9VY
z=F<@Wv%_S0t>8}Wq@2FCML{o|NvNck#=f!^GBrjbAR-kfGp&+6sTrk=*Eo=?43(pp
z#|$u{SNEM5$rvcp(t>Zm`SAX33G<cQ<q{nqXm^>mPe6O0#TlNdo=PYbO~84AFw8-4
zDY)lNXYBAGDLURQZ&oALUEH*)CE|0hfUo`4D^93-p+<So(N=d$ch7(Xk!}L!hB~m@
zBg2QsP57SA_&KwVrZObS)R@}a#h6HC+T{je?*yv0X?H-{zGFM8cG8s023w4#0OV^;
z3vqBMO?ooGM+x*;6ov9RE`&rJBFI8NuAvA5FuL>DiDl@8@(mzxuwT7Xr86{h!uYM6
z-4xAg*wf#~H?r_uyUs(!U}%rJ&{TNaTC{>M0EepguS^p^tmHqvDeB!^{)e9Dup2zY
z1Q7<v?s5zeFqsRXUKjSE5mU>7I9m70!ETF4A|EddNd!$$aE**Fp-X+BpX`3SU9wI`
zI0NPlwv&+jPXFcTxEU8}L;rY2^pEGSuImZDe{$wK=tzb->^YB`A}R9;N73cZS_)Xb
z*HXhHA^})J8=z^XzFntJ7(X8$AuMr2^%+g+Po|-6xFZpthJ=sD*QkgO>BSH~#2SAj
zYCg^w;Bpfs?@yS*ycVjo?qm)E$D<@FBBm#kE+KWp%xO^NkdGE)lD1Xom{Bh@3><%(
zi4szt#WST>nC^(&aym+?Xp~Uz4H{t&#oW6g>d+fP(+vN~bB!B=U$v8~VS!DZ8QBbt
zZ5oBCZh2YTg1qlGj+QwLt$>Di?ScbBGw3Gk!3j)vX@wlBcp5x=kQItuqDiv*LR}Q6
zW*5Jp04bbtv=Cc%?jq9^uK6&uTYa_AQJuVw3p<2@i(k&(*7?xEiq;HP;KG>+3n(X?
zWa;M_m3{MQJf*P=V#51TLZcdng&$<JLfi*hn?FO2LNcA;MxLVJNt&9OrA6yFK^>gs
zMM^;(Bsm%Gh|+7TrI(n_=u*pcGuL7XW!TyNeO>CXB*TM-;}|!nxz&p|n{@Oipr2ha
zI#ru2kK$-}D@83Pe#p38x>pndmt$R9!cTae4E(HbVi1m42kKhpg|Mf=@VF%sJxQF&
z5xyr71J%`e1X=RPI$4_<l+%J959t}XwoN<;nJ#cHajX&v4E-Nn!s~BRy?)$!C&w2F
z>|#5!aZgGfU^8QDE`r{{>TL4iKoX}yqxOeF*6~qCVSNm+VZ*0P*-bu4RYag&5VEd`
zD1<*GHcnea{=pHXv%|g=i)tk$yE4@Q?7To<x!JiTTFDvAS7)3t1kOb=F~EXL(W*P~
zk&)ZPDPECnf*>{Mqz*kE>z-LOQd<TIwgj`egB(l?fse5+fl=*rQdK^qyYPyKBH?ex
z>4?X>%Y#~S2<|O0A}EO#+ja5>NH=|IM6Zi_Q=90{h*{6mUC63411Fx@qHQ?Fez@e?
zA(Qx|G{YweMGd()m`lf3u<8wLwF&cK5()Z9HTDUVC5KnsM?)UTV&|)rxMV!Z2&XvE
zb046FXcARZ(DSt>hg>*3Z@;X~J{hmU4Wv=?)DS9fU-8!4&~dk=Vl;6>E~;!6u{V6X
z52s#Px9++`N75)4Q|YtgVb+IS^e(bc>4qcSg(ePin~dM)CdPp-xOe%5^Fa;`0`UcL
z94NFXtimAM>a6#LY4>bHl(qR(k3CxJNXqJH^Y1_xUIns`CU_Sn;Wc%@3iV@uY3hg5
zDlT;e##_D+0RFZ;6pypxpL*K|#PB$yrqoREGfbCxJ?9-mx&(`c@#H3?n47!dA)iH|
z_71j#&LExQl$}{a1|zH)-9t;SA;McTx<|`&cRjKCPyTKX3d}S2V9Y2E=Y)nl<BY(q
z4joaid_;0Mk;=E+22%(qu*i-vKh=YZ84m;_&L8qy%^cZ$mP0)7&>|1y4q9Cyta3x%
z_&Veb?2~X*flmd&HR&Kg9!KaVF8nI?#{N~t!L)kBOAH<x9lOyD(wM*CS~*B0^JqjF
z%$O%}(6eyR9oqnicr(abAQ0~2M@pT_Ie(0Wr%3tXou#VGo8I5vwqq9Q;gryK;rpr>
z;><AwArKHW1-EJ?v*XOSOwwiHZ;?03NLfS(dZQ<=m%#j1z`jK0n51cp$=5WAAQj~;
z>^aIu)+fcX0Fs7UP7?!*;19k5d0r)#|NQUpi<8mc{-8dGSmZ~DupK;wJxhl%12{bo
zsps@^hw&sdLp*pe1&@egE0fEEFew7lX)R?dB)KmX1kj`e?kA3f;5}SkZzD54#ZJ>0
zTwE;L3IQG9dKTJ7gB#8;{7q)wC?Q#nIwI$M8I3q&M%K`+nea+IWqldlK?4Uo2Gb;s
zqv4DzF8cOw$Qny%#m@G3b?L<^n-v`Ytt}AS5zh|MT|vY1GKfPRfk{bc3_q6244Z%X
zMTLdG3|$+q-!y@ndXKeZd0>%kC)fXUia*`XM*3BlNnEB^mxCw+`^P`s`TqOu-u4ds
zf96>?X`*B+u)OG-o&B8`2L}h+J3HoOd7fP2AF{6>w7aLPO97mqQkNjyF(fY8bj7PV
zYEy(GbSVqMopS80D{aC>>FC_qfeXy?YtQE5LJ7$2a&2UUYN7XH*U<F4zVen-$%(6E
zp|?2(2)hopxsEYVI6}!LGCItXlX~+1@%t*yb8|Y&o{osVbVqi|GR54n`i{`j^Dj&!
zH-})a$WHYY*_^}5FT)?xJ$)UFbVt#3RBSFq9f#37Oy-W`W;VG|$>uzkuX1y>FiLo}
zn^y{?x;IHhYSJ|0+Bu01&jRC@P(`!6h2rq^WW{u#+9Y|#43bhFstdhT#&<{oIpu3u
zTaqoSIxpo^RAqBTImu5OQpaCwMv9}tWOH-^!1EL=YJ+vaA=aZz34zy6n(TnytxwvF
z+Vk@PB&RI+z=Q3lej*W2oTq6_Ng?9D3)$ZQiH`@{T_!)0l|%7Wp#}b&6Z~4$#?n-p
z78uI^L33zr1xC-6r3#E0Q0S<-%y*<eRrX5aF7u|U`ZM6Oe7nPpmJ;xcX1(A=Wlx~6
zIO=&`5I*+nfBz>9x1n<Hy9j5cpc>}5|Lil~0{JhCX}65B^80zp3Wq*pL;wdWID2yx
z9PI7x;x!tF)Kh^M*FlZx^$h|1*Nm)^C~PyjQw<T`I+InNv(~OBE5XuKyplIdIxmYl
zXHT0WOGG!WYraXJ;srP!;+>2YcCyOB@wPg>2~Q6mp&l+8y^Mbn1qb<tmQpJ%1?eY6
zHk+rOl=J|XD#H_U<xPmzQ!usiAmzkPYFxw^vGHN2GC*t$hPEM&JcT&Y3fviTw;vw>
z7QdX}K)0|JBHY_>8y+QpeB^ScXb7rCC*R`9jvfyQJ#?1FL`7<aY)ZTjy;JIn=37^g
zKB&y5rGz!Mrud$E`5WJ_F&x139=;md-tw^EIl2b@U|3{vB`J?z*gTAXeGkVy0Jxq}
zB2lG=Ws)@b1B8uZnl?|v4IqxpJbyTk)U-sn0=#&U^xDBv%}_n*=VV3ugDBs!>P9cz
z$onbs{(}e{i^}o0a~5_Z`hT40(anAP?I<nsdC#_y`#)Ch-wYt~pvP=v{~Klh2I6<(
z8`!dxG)<Z5Rl+++Ml{qum(zHdaj;^lL2cq&Ks7My0o(-WL5@LVG1s-G7wD##68uq^
z;;W1DTj1TMB8>Szlz<?q;9a@2?=1%TEr9;sR)9CuUd~~dtGp|-ujDCn#2_gw^E52%
zIYhzIs|-b;vSUNz5OcXZmm5*lOZ<UGtL}y_;6Ihsriv->$-hPXLcU9{G(!+atx!L7
z%NPUS%`*l}Bg!~RqVaSb><G<*Zoe6xGo8To>0`ff)+hFAKc9^UY21w4vu4zR&76zh
z7RR(reb*C0wj2U;2)z8^GmfFirZG<{;B8Z=@jNb2&WY!<;amaj$&2t-;jALsMDj|{
z-pYe}72cYU$n|RHGPwN9@!`K*o*tf`|MKDNHHRpVu?iSaLUuw!f`F#*3FgLJ$cT%4
zIv7WVdzQ!*N6rYd_0dyvCgQ76S1vL>PTNjRV%^yZ?sB;GU6+!;5iEFrJC~xQAQ%`T
zy_G&H3KQpBH3j_H5DzxQgL&e?N3RFQ@^uU%jA@XRO<Ez7y?+!LLmP}%NOAdD6S(&R
z3lCy;c}ZE6c!dOT>#dO57ZDMhejis;8{?O1B_-@^uPriA8u@S-?)+0I|2NRs_s;G&
zx~<{S+=apMIlN(VKT2<(L}gfM{ksVVWJ5~|Pzj;Ak8<U#Pk=`a<B(jdKXt&Ks*Drh
z1Zb{5wG8s??zZF@G=%}8^LYvb`HYu-tlkp2Jk@@L&i`5S5s;nWjS!@HkLw+qk&WP&
zHr#U~LrCysrZ<BBhkDF^npb%}mYqi`Y$X4Wid8DCjTXHdj%;NAkBk$w<cZG^&rGp<
zDcQFt(i5h`Bf}KD<Z45BSZ%#{XDc{0WnioT>p9h>+Ap^=RMH-Z&R`#+xdRfscYYV+
zh`TM>*CAV@X11hbMjCJ+zmNy<ki|mI!-en`rkO)?h;kb0jkh|%i;7R_;AXY`?d>hn
zH6PV@cpO3{onbQ$p<(<6QX|qSs);>`?qGbvqS*-A6TAv`I1=r`KPVT#e^79Q|6o_$
zGS<WQ^Q;Gdu%_-jKRN#peD`8|C-^h`U+>+!-s{(#y~8>E?z(vOL$LE*Gp^Hy@bFv-
z56@k5*Aw2hTnAtN!qMd5!je!>>?#JMJAjx3A{klOV6bZ&z<-D6HEnEwUxD-3`EJWw
z(M3PS$7z-X1qdLVCyY#>U}l6%&+z-@I1!TmmWG4|&xG~hD^8TqmQkE*B19$mFTBaD
zRdYiYn6hX$$henV_dR-@VOJg<w*+Q31y0(~95ytEd71+m1@-^4_pZxrD_Mf>|9%Rb
zKRd`M(h_yEw{#q*X<2)3b=j6nl3hJLF`)oSP(m35IJih=Ra8X3!ihP5CSsnhpXB7a
zWFiw6ijrjk5YRDGTNbZcxpL*Ye7V+lXPT%}aVvHg7<qm3gFB!5e}3nv2_f{v#}UCe
z2N+&29A@7Up&wMUA?{3K$C6!fJZ$a+G1V{jGKh}iU}mrAM<cXr&Crf7#;}w2@+5nk
z@gxs~NsQB>6>{AFfes(VS5Pb={*A7J*W+NTmXjD&mj7l$`~K`5T4v1^UO5PEUk7|C
z4NNY0N~uqz$2VMecjxknk+rkEb1>ZA8}9rHM&5_dc)PQ`{f2%=S#sW(YNHn4+METG
z(VMjt#k4$+Uv=WWHfuY2O=~)^b`SQ1ja$*`_5vRc+Lg5uAq}zIV)u*CC$reR!g2+7
zw@Vhgzjifv^4&d!sb_8>QQaCfp@l?s(zz%J)_@h)G?R?L_TJXcuUkSrx4AG^qG_9(
zicSqXH7r#_)GpU2zY&x%y0MpXvH@t}aI~w&LRmfe%!QEZO@C7>NYCpQpmYHs$`sD&
z0`JH#bm`+zuFLK1L;QdLvEC-+<ldupsgd<wd?uKj)Ya*Ci()o_khNa8VP4w%!CbpK
z^?;~Of=osfz~^Zn2n~@aN?7;Jc(>yweojPLo*T^hCPl>`$~r(9A`P$f1`<6Pne-8(
zFy9lY=MevNyt;vjW>45MdXuN>7NJ^EY=L*BeR=cSFuwC-eJVETD$(_jcvh{hriX;7
zW_auxT!q?KJ?$ty!rdV2uCn~nE}~+zUC>8DA3`d{bMk5=;{Hq@f7tB!KtnqC*Nmm;
z=1%;W1Jnwgt!KIXt8D3j4u)1U&y1fi)`gFMd<pmfKv4>xL|-O@n2=$wF_!|JTWA!4
z#d$fq0v(4l;Y8d8;kUUL+&yFvh2eB`tt6fps#t~rTqMRC?9>itH-R?;mhleK`lp#O
z6*lb8|N77WmvjQP$0F?+sOc2Ay?HlNM=}wNi(lFLw3D=vTG8wZy3j1NHJQS6vZmCT
zS_x3lKoW)`fWNwl<7ITXwPi2eS2k!5Xcg3Rwr-#G=4F-8#0ib?QT&7ID+o5#_Jq7<
zE48&CNKC-A$;1^UO+5D-y&A^ckG6-~+atX?)*2k*GnWx<D_Y?}<3g4{Z8<O7Qt{P>
zTxX;>u<YAFJQc16RCW)lN{Zt6CJ0c!%s5QQ6`n<hxq-MTk-=}Zlh}oGeJ(WCpEkxQ
zS6lqAY}wOYgXJ)J2#b|1Dcc?kFHY#f5Q8wwUM@XuX}a~dDDV-*n!Djby%Vu;Gn{25
zoO#fr=S}TaCfW-pR#Lzm7|M^#Q94|6V0pIs5$*p#8LNT069-ll`B(7ty@A+rq2pWu
zLL9vn4v>>d9%`Eq9+BI{Y!mkMA~#F(@97#0+P@YpiV@9#4NId*K2s@sv^P4~-`^kY
z?CxbR*m{)vVG{9A^q+pZ1W>3796H8D>@uavYxD_xHj71$#b5NiLrAKWJGUDwK|*+=
zq-8jGuFjpo6)jaAYKhRkrl`3JY*`$_tcnQ86qkC=zg?Vts$cECYB6S7UJHd2pDC~N
zX(l1tl?OyiX2JDMIWw`=QZZ8WotAfPd98P=?1}^E<jjSW$CNI;Q=yDoBHMFk>DXo-
zgc2z}O`}L9noq^C3jgU(qwImT-kP>Vw3-o(98f^xQn>iwK$R@*Yhf_co>Ik3Gp-B%
z?roXvXo+Nx+1v30$t-N;XB<!fK*u(0ZpWqZDwzxVsjAxIzann5g1J~Th)41KVzaQZ
z#jQn7x7O4GCFE#Eg(}>07hW@UYbO2?PdGP<`)bGFQgMN|X!B@OcIZcZn16fEfsBO0
zryzIl(z3(Yo!e8@nt^q#m#XCeR5Y)e{Q-nNAlM*@h2A9*Cb#AL8gw58Q&75Si0+M-
zu64rq)M})7=>D%u{hDz>Gi0sy`5)pBvo7$6t&z;d#%_ijTfoCuzliAn=+RwAbaPzP
zdBm)h(`^miFYLFBiy7s)7?nd)fPp0P_Mk>7PKhbCXNjzy#4Q^F8Pp7n>6(oEi1gZ`
zwDn{j6d9w4Yn8j8)^zELaDOvw_(w}Igr=i-DP61|^a+?HXsXTJdtgP$av6ja_A3NN
ze23xm#+iN-zUNZ-rQj8d-<N<e;Ki%2*g-GP1idi5A|AdK>n4_7QwPe)ARQ$_U%5@^
z!nMil)FVk!VW6?gza3cn>L(tFB44H&<VDH~nEZ8z$TYY9-XSt2<5MEXxTqEB{Vg<T
zWBXU>?<y8%G_-XR#&~2>`pC4E^vu@{DH+v8qr+uLWCeLLC8JCLwmlk&T`mOYMu7*H
z8;nDP;hCmb=xTYH-O6&_crQt~29ph1&XjhVi5xUt^iuKyG=3vPc06x2p)$z=nUQV?
zAsxLz-%t}3=R)){R|IsyM)&!t{?!tZ7V!hvr(={#C4E4Rx8eJzs@a`6v$`FkQ~Mk)
ziWhF~ggRIk+$4{(nhfnEhZDyO?$TIIDRHO6kI`XSvRz-SO$Dc2GjECDo?e6PNpR~F
zXz<>Cr^7!_hx5RJTA3<ngO{PtdRj&5@wjs*IyL_3LR2kN^hQeq<@|5V(%b{gG$a9B
zYeGgT=-X_>VS+QlpC;{AyF%k&6oQgpPRX_G^t0*XDC-^$@~7=U!)Q|DC2vcb-J^=W
z*nNP`x~&Q*&Tqo9!VOKz#6{LDK-`@_e+{Lx0hrSe?d=$w=acn2>2`j_4N@a<V;=C(
z+LHy?e0t)PAhJVM<jF^W>M8sAx7p7<$@Z2vcA5XujP+~*>+>MACp`fQxt@}0{}I-r
z^R?raVLm%~%txNk>I^LQO6Tb`veIh{&Dc;igMYfNI6or2cB^tdi4d(>PUae|ng=3R
zDg$CDXIya@)HcP=-j5RToxEbIPl_3cPY?$R6=db43v24Ra1lEK0);RS;S<a}Ir>QJ
zz_SGB+xE8X#l*c%f+X5>co7f@aE}nMla4NWLR~_-h!#-4L$BKD@Q5Ni+m4B@hN<zH
z8U0aUQs_(_H`hbhNZj1hm2qH2RDt_)ijyF2-0K@p{C|Sg^wzC$AO|NkrF7lFMIBtE
z4=s{ScQ|L9#fWxtEp-g+s1>q$1R>N4xhM=MH-*sbl+!Aq?5|;?5Gue2(|}iJ$|M>E
zr;I%2=$x52H}<U?giSeRss*I>s#^S?)=)?}**MqJiEn}#UijSD`FIiHeV4dmFW6>d
zA*#G#W17u-3F+JNp3Xuu$8*KA#OuA46@X)!iCfZkM(KK`zr%a>ljraJRM{e_W;Yvk
zwP}e^^gaw)OP_2b8>5L$`$V&@hmTgbGpmByEqc8wXw>vtEXsVVfm>=dgK2Y>(lOl)
zJ5sNccC4tWN@ZMGtt70PoiPJq*1lQj!Y8Jm$|~VGq@g7e#pA-3jtu8)v3H_6*R{ix
z!&4I3ScG2mQ{S2-&=&m;VJEwE%ru9)#=D4>8`}O5AK`ba0q0Z)4L7>2nH|O-W19=?
za-NIQmZ2pAKUOy%Y@F=3X*(e~M>^GYQtq7FwXr>^Mc%sBP}E00B{Nnf4&Cc(xS6V^
zCIZ%^^3V70ng_KC%ADMAM;G)&jUl7&WZ1auF`gbry4ibZlOY;#yjiaytsn!vh8*kG
zwPk6>$n!TuO*{Ij>oC-H7^(+#^vHffV7opR6r6KDW4VQH17q~z?Dx}8!|em4j6MX{
zZd!_EK}GC&!~yqv)`m8)!_A{kM3hO-pe9XQiT_PF?S4a=wRDit3xbSVt;zM|LKI`<
z;o3O9knL0s+d}dJmjF`*;8D+LZi&7~?79xb?`8>pJ@9wH@tm?Ni_RxF)((uHLE8`g
zig5KLOA6lsxR11cL%~;+*bqpS<3jv`t+1QK^^>q62sD87f#t!46S@NZaq0S7swAj0
zxI?iycV0z~(#so|gy0P<`>Y^I1W7#{%*w;K7%!qb9)4D}WLMwK${O{k)3%ca($xXy
z{yE>pKUoo2e*l0%JG6Z;OrNfkFltOMgtEmKCR;%~07|5w&{U=hmT@Dtt||V|gDF)v
zj@UYV>5U^a@flvT9nStQb$_H465Q<wwL-c`n-Hgs!Un4>!o+XTV`%Q&!5EtxVU73E
z0Be`>p70{wONM3kE3N#Pc9R@GI?KrplNH#&8fz(2&=;;JDJxWil1^oU=8{fY&e_S9
zbJXp18>i4y))t)Txp>Nr{HODM2{F=@`^<fC>Z+l_=onsOk+Sj=3N%$w=@Aq*J3TGX
z)4jr8O$di*Q*+uSozR>>WXz2?{q%MG;q?90@%hR7lTVkY;|~{ExPUG%M0m@xC4#$e
z7h6-$u|p9`%AAf$_K=uLIRQDPXw~iBEE+?36Gg_zAiAf*YL24CNz~W3I9C>RMvhK&
z8(wA{Pg}<6gq2Ci&^-5iyvpRwQ?p2wjd@v{9!fj;Qz>1GHtH^`T?m5nBkYqTT_vG>
zsArL;X!*0LCE}9E3T{i>+fg)6Jl4e?#52~Y&r*_d!)%>|R<e0@V;GT{ZiO6g;%hHR
zle7)Vsn!~4`H<R=qJ_ye`&rXdXT#V*Yy9&;w_O>tm6^`PO@=gP=Flp2cc?`VH;_;N
zqOIHkFH;4BjSm;CvM?1tfhOACFp87;9Il?@(}xRJBV8Jzq|F9e(DF1x&?o4(AA@Tn
z4MUCOU9hK`A=Z}wx9qS*q%m2SXnIcNF_`bIv%eAMLYA(mug*ts#*6FRt;1VhYk14d
zxpk)wc7Ya00#pdUd^vq@-R_b55(=>iInlGA+dy#b<7^zO$Fs+7RYUuR@BlR<Te{g<
zKO()hDserjg$&dp7sJ+<V*!5XOkXlg&I4#fQK)?GE%nFLr)QNfBsk0vPDOEmwm$_N
z6+s?G8}+{NXI4%r8sgSAfoB2LxQ6!@`Y{iKh4?isrvhE@tJ|KpQd75-t{hoztR`aR
zb&4C=EIm7hUozH&O7eFnqdk!M@Lb_wteR3e?eLZR@s-yGvjTgW!t7hKrAbF&>~s`H
zA)3Mz25MR%hS3T^>~X`SF!6mM2(Y75dx`Dr%(i0aUU90}=i38Mn5lfpD9S-qi!1xK
z6jce0c~)dJ(Z+5m(+SJ0&SSpEy1&2eyxH5{9y&X}PKJA<+1}88Jvtcf?HwHK@9&96
zwzp-;MK%o)2l+hkyx=bN)t7LJhr%hp6}}ocb-&olAUfKk|2*q}z6zH|wG{DmXuk%<
z*2*N(bfl;9oi1yohDOmIM;<4$#i6~x`Yk?Mv&FO9cSQdg;2C<mr&YjJH?RuGmg=|n
zx{X~yx1g$b_m7|yEHrh|#VM>{w?v*BZ2IixM%rhXB(i}E&qc~<Xd6$RC(_FrLp{}+
zLVK-(Vh=h<+Vmn9Cm(Tgs199gs@6;?np9X)h7hksvFmwCQBkVWZ9*lB*g&d*RPYtk
zw-R2Kl(ltt<9d!vio&FOx~n*&7S{N^Hfi`*ixg?C@sz)UJdHI_nezc}6JAixe<@Cd
zykUY!9t)`CKOGEP=JT;B&)-OdJ!Z!GWZ}~D7W;#dB?CC+3>4K=FVaq%;=e3ZWvHYZ
z7wF<L3}PrG!!1b4>JAHP0+?PdE(A0~SvySSnFL+)kyCOL9$K4ZTGaF?tfu8(RUEu&
zGpAB_uo<h@(J&=6OlohLh&hvHlojgep89y}$e1@s#)Qtofo9293kUlmi}NyepaTOR
zqYUj{UVeb;^zODbvsY0w_Dap*mwDn(NhKR1zMA1LFIZFS$uVR`Ln-N7bI-oErZ={K
z?PR4Ny9;L+2SX1A^~m7{+IkGq_AK%yZzTL-9C!_>R2Tv^)m{lU8w!*n2)GHrHMZQ$
zSf`IC?@zycM7YJrXhEsL7P|f`j-Ks_>%lya-qf?*MFgF}VjPs>-@0Mo!%!>y_Jqd-
zUQ@=kHUWf5CqOwKEIFmgrAk=~hkjwrNHaJx!aKApp%Du!x(O2K*oHfv^|5@@0~~Y8
znE`ucMea4+Jrf>>7YLON6+jg_L%r3@CKo5`QO)h}nEUaVHys|cnP@varWlX8%$^R6
z=z&qY6J{mmj<~A=Tf|LzRnd0g#P-aNZAkY7-&}{XQmX-+LM|LP(Cin(BVncRSh}%8
zUmT3jN&-~L;EefrhQWJ`-&{EH@R-DPBSI%|0(#IX_6#l@8glGglFd<)ri_?efR5AI
zVEIR**Oit>iXffTwwqXv9t_|YvwA`Wc#4mDsDG4axuhz=y8zeqyoHp?B+P}BOcp)c
zzr2=ANo6uScc!3kd3Ten&K6jD8C*cs2rP~<L1f`Tl;lRj|F{(@jL+huf$i4`$#m<Z
z{e3v*amVIo0p)LBJAIhl^3E0xwCg)p;*(pl2BnsP#wwJ8Jy|0`Gru}(&{=~zScAwq
zXWjhRrp?T1Xa4QkzP}vAAK?&Iq<dhe3zt~8e(*%*pQvg|se$L_Nh*^hyN4OeXrMM)
z>s%AQ(KIuYQANvI1Kgx)1(gz11VT?*%D#ag_|BbSB>6$ZPHOdiBAp=xh56B0#*V<S
z<_K&@ON4#wIkulH4@Jy-OV<ynC1@~#<0mJc$qG`$p!L+;+tFbP`P49=!YD#i*Pb&>
zB8S#&MoA22H&Qr1@X`-L4n$@NX)WMmxtoZK1A=6maoQyCJ7{8ZdG_a%PgmSzp&^;$
zdh<cljm9)kgMw6xX8ZLNusCA1!x%a_lW{ci1}a;ib*=eX)DiRohPE-or44^s0v&CG
zBtFdiNlJkk8-mHfj!;)nJnl`YYb?EJ1x530OC9PX*hIzbSfFPTbVrkv&?I`b^IZ_Y
zL6rg}CmYnAEq4yANsGn_ouB-6esb~0aC;BA5?Tm#EXy%08BdfZ+Q}KUT;+py-wkO^
zQ8UD(n;i5*D%}c|ttTpAuqLsw5Dt3+`rIHVo#j@rJmyr&#l*c%f+V%qYCa74baI|h
z9NW`x!u<>9_S8vldv7uxNOe@X?b@h3Ej=<7-Y<-OVt!<5d)_(~kz@yzYAIkd{Br$@
z6JBV7ooh{;sSR<RsY}TJla@85eArGfq@x!KkPbp*5Q0)^l60(=@Kh<yBK8;&F&R55
z%pZeroQHLzO^n(L5S~Oon7|+rLKO<<6HI~`98+*~$YK&@NYmMH+*qO&!b*qv_yJhm
z?<<&|hNt8d`&zj^bvr9Krki3^t7S6Y)T_jxx20E>!|XA-RWdbUXM6j3GuxGk?pT$X
z3+pcO7BJfju(h5YJE_H0x6!o@GQu0#`1<LK5Mpuf9<#(HTa1H0zfuNzW&PuyR*zvI
zZ3X(NKq-uaTc?v2iS!~%PuHw5M`eO3Xn-)saiRAPHqknSwM16grW+YuqCKf?MVV36
zHlmqqrT-N>mUb}>=h60Rdae2P`J3l-d$n$Y>GtXamB`loih`{Qf-DLFIlRG(GZ9RF
z*{J~;Qnl7)JhV-!#SZ{Pc+#|ZH{nfNvjk`4aH@GLHG?YmNnT87qaDU!srr2d>V49X
zL}aaDgmYT$NUlX@rvQ4+pgJ62rq4+kM%6#W$W3PkBFXHfk>7UxWfCKwFfQDtPr)nP
z%P8<QJk=Bm2H|M*lWd5BS=w9@byF9+7JArh_P~ganj!F)z#!~$x%-^YS7H%91lO>e
zAI~7@`>0^fOMBRY@#oK@;r2d)1vG@tTHXY{b0ypWyg<xt@=sok4rG&jOskv;YlxTh
zTw1_pY>Apt1>Mw^A9BH8zP{G8eyorJnCIulgi?}Nr4dm?0WE~FMm%bR+%z?oCA&a|
zJ2wmN{3s3`dx6iJIY4=bE9KU&AqY}%z_KIp2f$BFaouaq5crnX<Uu&JtOtrJ5MgW>
zGg_<Z$iP~x?%%aBOp6779TpLvK!bqTRi~$>Q-37tE(iXkz2|A|SyP%)8EYkO@CEAX
z5Y`x4)sy9PJ=zECyr6v6j!XSJC@QMXKnUzAvx^OaX<#eCT&5_gw+FnY6>{3`2$n*w
zK-C#k+9Ps#F7K5+n}v{f0Lyy%o<c0VJZRqr&`B8+VtKpTwSm}R%}1kOt6KFB1Sc_F
zkZt#)GdH@KO)Ev!U<Q?mD_<c`-Ir(!{Th;`a64~;(EU4mp6?v-s?hqyGn0b9T<b$?
z=w>_|bdmGS_3_FCiscd+u<7H0bU%;>3H)iaH#*qg-`^hX?8<2%=<d;VLo`8mZX|0f
zWTI+NL8(l*1*2_7Wut9UJ(g25xl15vYD*-Ro`8`fwxv={S$yi@T~ur4&ga5P`f-sT
z6@=QH5PJ%@LySlmw!8R8+%Hx1yqZHTgH*j918%Cd7xxXgX^AXy+k3Bcauwc89mu;H
z3$e59YbTZ6hH&Uhk{Z<rgc6C5;`G116XmEHDWTTwG07Uq^ofy|L1|d>RJMA;VD&9w
zvWBV6>NaL(W2QI6v-^;yLc_1#mMfxk65&iS&gw1WoW=<mRE360@=wTbwU<fwswEhW
z?I5fE91L+c0A>J;#TuAil{O#cv~-_E60YKA1KaxB7b+Bc4fm_n8vXzhBnm#5h7Pm}
z(f$^xbrxiD=Qi9oz|<~e;qh~{i9T#X8lr;D#SwC$Xfp(^_B?bN6%IET%^C?F_A?X;
zQHPIk|IGt+E;d8N%_lzgUX5fd1_iv&P8eZlh*O{J45l1&*vG*}*oR?q3#bpH{B%@U
zHEtUia-f4DoEm-wg;)p54BxGh*d@~&8~O)JmZ2e+^*a*e<&hvSN<r&c_BXmo$b7Ce
z(ynHt^K0QQl7;0t{<UyG<yvUXCS~D?T8z8G(Tt`y&H@p8@g}x#)2J$?u^{4ij))lv
z=_p4)(ob`uryWMoa{43XJs8p8M*i8==dx2q34*!Wo+7XiN^~RxArViQk0?Tf7!XIq
zK%fdE;j_s{)IiCO{AgH3x|IBYCBCsERj1ZVYOSc%@AMT<hoFZfJK9cloUE(6xG+sP
zxW>Z-dkx)S`&TDSDTcl6U#<6FK7Tkp9$%hZ30D_?Iz9W;3IS>a$gPgdfv}(pki2}#
zQ4wn(lOR-TfbWw}kPVdGpStmCK&OE}g(xkEV%xidyOaaVon1j}gg?*=n_`<Qg-7Tw
zt3qKI9;qoMQk`6m(KAh^u{fcGzcN(*ip72pUAVR`z?tFc6qG?oOTK@yetpeT+s5>t
zh%g79fJDC1+fi$Tni)$`!rhn-=3A6-5gfv-N%d8#>IB+UI;1Z9dbDm|kE|Z*-k*45
zzoY*YZ{bl(<ah5DMo&YdYtTD`yT14Z(m|#hfi-zkFzUAZ<7tt0iKze&G4&}+IXK^;
z8!5f)`C*YtZ6dmOkoN<PQre`7$E;S_LqzOq;|xhfiMQ9MZ4uzPGsIqpoC}L?f>1kA
z*gNFR*v@tz$2GFdRTEa8T!1;Sh&>#7NtS<Abiz7_q#=3GTEillOlRt@V>*kom1@e3
zcmY8k@I4*|j+A}Sh`Q<O$xj84q`~^bDUu>Hh#bkMz&wqC88HbFgH56ojFz7bZgENv
z^^iljvmtue5hKqm@OQFq^A!_RHIn&9`}<q1v?%v^e}E+k{;kybh7=q-cw`+sk}<zU
z_{c}S-rP1)<aH4#0%>3@!yh!Y3g2NOFBcPOzIN6V4tOvlA{U~J5c%ea_b~VnaC2SX
znmKbEXNcY;(IHgei^IfcfLS8}xNTntiqsDjK@}*)L=MU*k%J8&k%NvAX@1SRV?;Ve
zq+>*003$+&bRG{BE23hjrkLSsagb3}x>0i+q%yhaW#a>#20`bBYsSY13I!2A5%F<M
z|Iu8TqWbYcTjcmK0tAHn7NlBl{G&2yHWvS=$37mF?&Fcw1GSUn$NO^f<KUUWkNWQ1
zp8|fc1*ik{QJ-C2YwDwFF|DCKK$)`42jsCd;sd8V-lStsS|YobLV#3j9n+qR+MpQQ
zidRb*>qtk8feK#+Vc^GsJY6&_gr|>M)Y1WhdzguGD`I@8ZgoJ&!@u=Y0wK7P%60!)
zG>GvjKN|%}Z6kspmpauU^*Pr|#Ay8t9nRMGwUOM&2AzCsp^F_9(m^2_6mn3+gdB88
z$V)~-&<2+QAqOqxLEac6W%weXD#YzzRBfGJoLRf0gM;A?j#+HRrs$B6mxqMBC<U!2
z381JD7J0A87WdP^F%V{|W#J}sX)6$jgLpoSYF#M_5m}VLVF**<fKG%f`c3Z};&|@0
zJ8?a{rA)2wg$bYDIMZ(tK?C!|o4cL|(;iEBktKXYH(=(u$PsOrOu^V89yoI<V&Vya
z<*Z{ynoucIijRPfDdwlQlPkdd4N(<4%06>ff960<sflia#GA=EHG%J~<Y$p82B_$u
zy2c#JVq2rnwt=?L{A!Q@U-^)^15E)js*_cZrj$`zNweV2ONs~HkU8VHcxxI2--O-l
zTTvkO8jYI6$}V2g3M65NuAWd?pkVSCb|B4S9fcEcdiM|>?U*9O({Uzt<XB(MKcr)F
z4!a>ad$J2~W@JU|ES4UmwNz7nvcaC0866#2%U}SFKytsCc&Kv_Jc{$6;2a9UA6fzw
z6T>?{;YFyI48ByR71_B-nV}JrV8#rq@E*M@&$+g}E8kwo4(gYnM4|PUF=rQaU=O}$
znYGfZ0RSfdNm#wn_M3lozS}|@9oUy#9T=FXRoOU|K^DN`rX<_jbSz!O+2>)3qo5v<
zK11v9!%zIU|JB;Ll&KWi^@kt)JifU2e0F}RJ!*XE@#x*o@$UOQPB*thzb>2tD*-?v
z>)VdbBBX*o`_wWiNyy-V`EA;p$3lC>4jW<`$7pr_w<sX0jhub4ndf1!u*lerhR=HP
zRVd#xt?I3T6edjo;%SLIj=7LkGAfAD2T;3>m47}-Vwmk!vYB_aZG5Xu*f{%iDdzyC
zfv38W)DmfL2LFL>Cd(Nfk}Xojjkl)t%~?fhJNpM-a(NN5QrkAZal<FrwWG3KYwTIE
zS;gbsrtLQEb8p&O<dbVn=KKb!QQp&UP1kwAgMwi-W>E@Dnd_4>H20Fyz~~fyo;u<w
zhYaas<D+xjruNBBL@H7;<&Emtu0O-*F<U{w2aQ-VYv(wKM7F2syUTA*G(!!)cr*4$
zor$3)gF!e}=%W+g1hblnwHflOFIYvXSm{(9X3`$Aa2NHDR4EvJF=#Y(n2)V?i=U02
z+hNwJV_VmZ6>QRktwA?o>*W%0>hLb2;!4Whe8Qi78d%5Ue%o-lUkzMN%cUcbge3y&
z*!IO&wtY#%j7MW@G#)i$<8;*A3#8^=pq|zfhRVWoijq^ZrnMkbN^(b7DnDOK%PrtE
zEyr_(pR|I23vLtP7}}`=jD-(x<GFtqHXE8QbsStBIJmW>n^^u(tX}M`qz;I+D^w9%
zb|Us2I~*=t0%pW3BC7}gg1-U3inW!F28Z_x{q?|`LAJ30ptJzaHnt0LTZ*pGyg~8b
zWfC{06G(@!ZG^D3f*pD?POTNv+WncNmFAy32DW+u;@!i(X~OKz#jkFdIEq~%E2fYO
zfFtopBvdt;ud;*^OCG8ChFIomQMKKw*8K-jwU0q~Ej)%NLe+kK1gf^T7FFAksM`3}
zS;MNG#j$;7=TJ47oygXJOhoPd`RUh_^NXtwr^hFsE>6lwwfCcwo!@qUuY^>qOuY<J
zO|!BZtd@-e^_uygMMSv$Zqzc7{SdZR3nr~H;jOEoXWL<@0wk0iTOyw<qxK-o#oWJY
zhpG*li3pF<nDLqUmKyBck}Zn8=ZbZ-B_iU^N_t<U3;|GB{8!<RN;0HLik3(&1FHS-
z))jw>wYPsD_ii?O(-Nt6TehBCwifB$`eSP8#(rDiGMC|Mn`3E3?_c)zP^d4U;T}wM
z=@p7KP*?iZazI+{TN}2nZeP0@d!fV8IvlNz@}rU*414)#N8g+}2@w<4hZdXUBkPn7
zLi~;R#lT{-)C@s))L2K2)q@(-qM0IaER#_@lwe8ASh3Nz&Wg#LwQO7!_zp}=lJ~0z
zRwj)-us)w(9gol7H)H2?*x1X%#$LF}))OPj5@g~5VPaug^EGhtKGbxDnXzzXWNp~<
zf;%Xy`^mxy$;hWb88l;aqZm7|$rfrj_dtRUHzNM@@V1nQLuIqJM7(&pgxTjaYZgos
z{9I<w#B)2ytnQE*bO}<LA-6IX_XZ07f<KhmFl`*)(K>X^H#CFacVM~t8=0-GyT)hD
z!%;?k*xwp95G#gEHLh<3mt#O;IvwVG7k^Glg>@X*V>mDz!2`foYN1*Pew`q*1FRv-
z^2bL**28XA%XIBkwWOOcUA>}>flu$3bVJQtrqstXZqn1sV4?ow-;ckJc6KXap(<Mz
zV4<XyQAJp@zZq9z9ti-oM2;Kv$#{OIr!skbiKyE#x=4<H>xKbEY4D7AYw9_+pDbyl
zTHcT7@uW4FV-Az-awfk&K$IY-xrNwcMu9s$?ew&2J>{HGr=OjE)=WQbU!gI#8ua`L
zdrOZ$T%C4GyRp*Np@m&#LU}BprRKM3C=2UnLsF%+2ejmN7t!@U3OgFFyF*fNfc^7_
zkuLs5Z%d5L)5B5pzWlM;SU|{Y&1NoqW81SLR|JpFeC|N00i#z;+d~ULXBBX>U0Dcl
zv=a)VPCB&IH*1LUc0^T2RMk;_U(<8+Jn^7;1XTWNMOK}NGghDSG*1m%Gi2Nlm`bng
z@{FRR4y}55Xq9wRa9<fP)j#gXE&kayuxgY6t2nnUIThPm-q?sjxKngY7WQ}HsL9!`
zs_AnxHcm%Yy-2d^MeA%m;hECrT<LP8t>f|f9<77B5Js71`RU^<qc}kJbzysO00>)s
z`kn$I@uY8#_=qC%s$;3@q7DyWsZs^uVU!uI=!u<b>|lLBrTb9EYG<Uq-V%-;H2@3z
zVaaE7^i`?j(nuzxqpv#p>Zj3HXbz45yIN^>4SE8$LV_J{^|Q(^`&BLJ#yzywjW(n{
z17iKd;vHl4O50K8@hjsJ_%nBMsB9USuVRA&_Yc0?*y6O@Ig;s*@w?H^@%!Dqli&6a
ze*fe3o6~>$b-M~StwPx~f;p>9K55yR9dK2CawFMLYMyx1XUbm2*htx^$ZeU`xORx`
z*^r8K(~IEc5u3e|7IQV&?RD>YQ<;dK7^xurY>DhD*!6ZkJwZrSPp#L@YAN2RuZ+O)
zP|dk+$+~pgzOLK87OB!Euv8?_xA%GNm=ML%#lY|eva<*uMNi%P9aK9^PNWvjZhR`J
zioT78RTY0r&DvSLtgU>u@7Iit&~aHEmsLmk)pzjXNBcWxsi+`zC@gE?kj0&bOn0hr
zQ?b<VMGu!?*=XeppGA1d%@A)x=r=A^biCV3<lT4^6*UkWYrfHuLBh0+blcHMx7++g
zE}GV*d5nebVKa72%|JKbxwauW(h%X*6LfpwDqBymNpWs+{GSwg<_Zt2K*0h{13!k8
zz11sR84;{HzA*Ukoi)I1>bc@SL%K$Un32&|Oqlg#Dkl<!ZuAX0$=QpEdz}PueULso
zx(|ix__wF!-+0-WLc>X<v~!t;v;9@398P2LZmG$uR4}AiIekH!8dH~`VA!W5lgI!K
zvt1uP%~UZ2E=kRr!d!H8T1TgKbef{mGVG1w(n8@@uS%h`BkV0o_T|nMk5AynE}ScP
zIn`T9lhX<@?(xXhF!6n0(rrIw8o-+38EF06#o4Ea_KB#6$*dMrJE&?|Q%tQCP%Gs%
z*Gx=(-pXKQ(pxvlu(*%M>8G#b5As@lYoyc&j;u2Il(jEu(MA$qIdaSjyB*<a(h>oT
z>HIV#fQKoEB@`#e!E)$1w~mKL>tS)0qJ0u0AC1f`7HA{cgj||n*Iy>FoWPVD%Jj@I
zbY&tt4#Lox#)f1_CX*H5Qy6OBGnx0c9+P-0li|5jucliyIJKC5o|1M6ClM1j2+BZW
zM&2&8dUD7v=u{t+N>1O!QE8zoLQ|RVyR#!L4LA%P?9JSe{93J{slQ?htsrk^&^|`K
z3_+($u||+PE6kcjYY!wKknm&khR2Oky?Hc;)eNoZ2%?T4s-ygB&Rt|ci-9FU3}rW(
zA?9|l7kFe)_q~S$7_ih|^R>T#N<MU86rM1xA~1G_+xsbju|xMmuUvl`EF5d*%x&Rv
zU;woJ3aZ&~?gmgtYsyBc8FDdC{3&Jp8zR0sLKiPjOY2!aH@gY#kn8N^APbg12lH^4
z8q0GheRVFx!@@v6mw{|EgqVfxO<`gVMtQ!1E~YLwUj1^qg;jVr;!Xw~Mp0QCAq>-8
zKcOpl)6ki@u^v_xwi((Hhpcal1r=Wu1F;~94Lu>$B3g-MU&vNJap>6QvmlX+d%VY5
z*QbIZW(DXSRJx!k#llwd73}(nHC=iRrFrBPcW=c!6(C(OLhFYk_7@<soxb@;V=hdx
zC~)#&BGL7&8{u23DM<f5950u{3wj~n%>n~WTe1~`+bs~BAH<gPeTg;b9vCAbx7}@V
zy7&p)EDPr1Nl_xKmGi90{3>w_Hqr&9dAI<gdM@>Vb_rH+@?TM5abR7CK@?rtzMt5h
zGUf|$M%;L-tI&bIbBGIxuY5IgCh^tM#y1czja>f<4tw#h4J2I;b6qXl@w&Ql4_Rty
zxv|LOLm2z0YCI)lDS4Y!I$_O%2_%ARW%?_W{kby@!rVbP4+AQ8q;r%pm)<U+n8v;3
zGLZn5X3Z6TMg0YkNY2`D_7+Y)e*SRw-%iw+4tk#Oy?uKjtF#cN90%5icqX4!VE(N)
z``g>#rkm%0HG0FpEj|ydoqc*(I~GI?0OOot=bwE%y)=UX2p&V{dE5F`xVn!)pZ;MQ
zjel-s!Z7JC8lK{z^$%lP{gZnB-f)=?HyNtfUP~k|%hS~YRn?gl1gcDw2nQQeFB1{t
ztL7!zgtxgn4X&0Vp1XQps=3lLX=o-r>}zmidM*~p#nX)XGvrS2dcmzr#B5}Zh9X{>
zB#_DwaZ2ni94Xq2<@*lr;zI91&WN-`!eu+L>Y0L-`sHxsgLUT4N;4}+Vo;OFnmF;D
zlV-zFN>X<yk*0w&f#hsvfkQ#^)J}vnZ}U|&cpp$uR$!rnG7CI$ZtPn(=vopz6<uTO
zdm(dP%0cSnDa56)r%vkk(RMksKA(JgfBNb7tMikurzd~S+iC!G3O`!2I?x}D>n-Y=
z2x$aA<Ll5QH>l@|@1W9xvjp>AsI%hTjPE*eNOR$25)xbT1UPONFI82q6E#F#8-@L>
z@jaU%?G6U|G5MWy{P_pQ7<J-+GU3iIUVK!LNT4LbFW2!=Gvr<4o<f`C5{@h~-(AC@
zr<cDtjhi9Imq51dNRJ4Rgx}<$cTZcP*Beo7hMV)=nYs({#%I#OdC#5=diL&IIyY@2
z+75K0&B#FFv`G;#gK%zy2!lJgf84a;V>N@?x`BB=BE6TZruC$mvQ(QXcm#<+@_Y|T
z<J_e5k+w*d%OH%k#Zh=vB;ra}SjH%J@vb|JDucg3cH82bdN&fU4lG*<tA>dJQ!!$$
zf3ObVB69je_6TBXjbSu5&Q8EH-tccU7E|nV^No8_Px=FG=pCt%OkiZ%T6Ht;{_iGG
zHXZf$<J4P<yaC2$MDenc36jzPuU5!uw-n$qr{&$Ix2_`|kY^aBHqFSp%+3yBrwfa6
z@L>xPNx5R5>RU0w;USP(R^vldZ?Fh&A=|fs5HXZg#B1WNW6=g$Fxq)jW%W#_+Ukm)
zRVJVkqKMj>mT*MpCzq$^DMnNT2pw#1uSbE3L7<ih9Xdf7c9|<}t@-nR0_RlZE3`zO
zMa)FSxI}dZABhE+=H=WOEY4&l-SV_WEaN-cp^$x9cQg=r5<yibOPwY$Vggx9HWa38
zWc4rrUfPJKa_q~u@}IebQVr}}XU=}ioVDaH*Jj79X`ZwB{5XAQHYBxJYhDWmqv<kz
zOI~cI5z!M;TDcEI+xoL+t?8enjf49X@KkYO#kFiXbAWhJ5fj)QWc7pRZ3kI(kX8Ph
z)^}#xSIjm_@9q#o*v!l}@emAcL$lQkao3;o!PGdNJhI(YvnKs?2+&#t$cU#T0%S}V
z`y50rmYP8ktey@L^xMV)z1CTvl4N5d!gndj-e`LuJS*|OQx{{arcoCi9Q5+wpf>1j
zJ$aEVE#!a!pXQrjm8}Atz9p-tiiII8lz4nAeHq4O&`#H~=i)79_Qdtvm=FQ<neIZD
z8fOKIWkTm<hZNNwDJszfI~Grv@kze)Y|yWi{h2tb>vfhWVonK@u;M$ce-mPe=(e6V
zP(;Ox<d8I_VBPUU9Y1t`G}Q4!8_DSh_@NS$)+Ul@%!e~vrKa-Y<Itfn@vTW9#H<Qp
zb`0a?pk1ao^OuhJA3xqiuJtg{)iOoDR;3Y5VTvjf&|{dQi<1w(U1b{-6_G_krHgwH
z?QhqCDXL89z!a4SBBPz%y;u7ORxj&9K65R;Lh-yv=BP4xmN7@N*NCb`)~j<+b%(}_
z<B}>rUhd<P?zM)mt=?|N93ELIwxqH(?X!`cDQpt2RM}tt)Vxyhj%`Q=v-adtv2@?E
zG5pyW)A~<;{j->+;*Ztnrq5|ko>KpOSIE8g*|e>#1aLlO(Hz3Aqn|qZsiU8sh<-Yh
zzNF%w)NfulL%<E;oo;EIUuM2vGeq3+PHTCmk~po9e7X!^7&j;WM06~UX*wy6%yYSI
z6x17?f}%pO8rBPxnCzmNDF%~+gPk|i?(s$LRWmkP&CsZ3QJFPGqgt!X^@L%vycF>W
zIb6y}2S6quw5PFta<5s(Xdpr{af%TB#FGMJIbM*O;oOKg6Q4j##4N!-(;%m2&?obM
zCN`FCLpS=?%@nL1G$l2_*0}^j8FJm1Na4~1LGcjz3Ix$XP95a*Q$*H5PMgVTw@>rH
zrE%egX%-+h9u(h9*2%{1eFhCRphp7V$vh%XEjWX)2`j`MoA#7{0aBHnl)}V^Hi*KQ
z3&Fy;7@W(BCngPyd0@ARdKlnJ5vJYksur~&2vc<ek~L<#aMapblId|%)=ZXZXMOXe
zQ5{gH>K5nJFvd7Gu80&fX9b!|*b+%qH&L!70+zLZP_s&h$5m)5(Hj5(n6+9vLcgFT
zQW%pbWQai#5ang-_DP5Q>04~CoEGchku)6y&*&AH^ydY!Dm2@h&lv2JO)fhBn7qXM
zV6S;#t3D16WbQBspc<o7a&F^Z(=S5Yx)I;e6PG&B`XoazYmqgqHK>Gh>9lkp?*Wd&
zBWWb^xDbLymxUynS~sx6hxhP9a0Q1l+?q|=N-tBw6-wZS@QdcnmiUS=JHT^QnnAx*
z^|K(WW++}q9(CkVbI7BbgE5kX$ylf(%OGZ&A?lU@G8iC2WEeeyl7aO;y}t%tc(}ES
zhS@ddgY8OJLd4{DIJ;Vg!7Q1^klV!k(C;T?`}y~g)eD`u6FUAB3R9$)!JMx|H>A@_
z%`ljG;!i1C*AVg55rk=@9@mp>FbSAly<-p$k%}CTJO@}Qi&uo2IoX`~pcR>=Icl|T
z;*_zy;95oI0K-H{2!8{|=KOy2DcJ1Chu=E45V;@)!_&*0^vUA1NW?ke$Rv1%h52~$
z{`AX7Ji4e40W^3}FP2}4>(0~+0dCoa&I0pWBB&Y8Licu)@=z@_t2y9|kg+}Ek#v|8
zq8u6w1JweQfpuyv;Nl`Fg;2AskwE37;k$+Q;;3ZGnQeXZgS%80T&1(({XAEEBmo;Z
zz6`#2IC0}JouFn%G6H5uSg24Ec7RT8>-`;|^B6#feg6`XK{%#vD;J1NiSx<wJug72
zyN|%0-~m3C+ekoVdKCfTl=BNU)I%6>2QIn;??k>u_SEP(udZJWtntb3rx#bhpM7}0
zK?SBBhPzs@XH=C29LqIdTkluOfCUbF83O@L)EgV3^tk7AcnBwXMm?@jX`Z)8RGnlq
z$Q1PL5W<GfcpzXQjC>dyqOa2_TA_%|vghLk{IF&fIdlc(PxdgwhaRbF;LbA-YpZTi
zG9=t?0ST8qHK6$lo<9ZFf}#i7LoJaYcILW@+-u*)-41<$t#@|h9PAApAM(K>JX<Zr
z{~{sSi&nmH7GrnXmqkN5g(-{s_4luTpB=xuwEsFw{@cHwkEV++Z@Ha8Tg3SUOq<?c
zw}w1hWx_3L>(z5)B@9YSOChS6Y?*;&jQ%~1zwGq+8+IUm5uz;Z_|+2@RXk*oi@G!1
z?LWBF7X~_7k7wzwaX-<PNLcq5cGn(71&Jw$4fEMo$Y`1N_S4zr)mQ}L;}2J#&(Gd}
zIliRdTX#3E2bUe3C0;bu41Am1;xYhM`B1P2Fj=UnYc4q%y4TlESez<MElPA_FCG0#
zC@#4I3gzp#w|)=5j(JaT3!l8jWzi=LX4?yF@$SO|m2xo&U+K)QGFdpMtYBqOQJ_BR
z08z(>>*qOR<i1M3gud^y-$z-1+*fg<w3$9Ck5Z*xUO)SCNS-~Lxm4#&zj2Vn$YMrf
z1w|M=6)FzCG|$VkCeBLy$!vmzP<^V>&GhLK@E~oQ^v}bqA5#n*!$3S}O>B@H)o!44
z^V{k18Qsu=$Ucc95y*>o5`P%<r2en}{NIrkO@rkV=HWYX>>g*c8Ita(u^*G)IY-BT
zU{FyfU@Q~g{Nlw&8J{wZ%zwF#kD4KGs^mhehmUsj&8d^p>Mr4Zu{(0ZGVbT(z>#w6
zPv6tIfh)w-_+~6m%^^yImDG~nN7+VW+GEWS{7XP8ccotkT*`at6a8W@mPghxpfwi?
zfq882v8+#c5hH11^c?%Gn3u?w#@Ys1zAl6;%k!G4G3;rUu^}j0&5+7&=;Dt^uO&KL
zPrgmzlb94b76#Uht+AFK&102XHx}KeBCwtav!W#&W|lAo)zmezt%dEu+W>kapBKHd
zE+J4BmOjSk>bYC!19Kh9NsUNmVuo8wN@*V$#_nA9J(~r0eiVm}y-?x3_yS!^vS%kN
z6QNLkjQ5Ub8fSTT6IeIEI4FdR^7A8H>7Bv`X1fx*ge(kXSj77ql|E2$w@g1XCg#Wr
z#5W7?T)s^Y%a3o)aHZS_YLrr@<sK$Dn}X-GlB*nx^}7Zu0hSB^ZQH}?aHt}tS_+lB
zNzqv_5;sBU{+*1_J4XbAq17tDatx#Q;Hc28F}BBv^u&eLGm~#ro8-q--k7(mkaG)Z
z)pQnQ@4+`;`xz6tDdpM<!S2!hb5=Gpw+88**!4W#&!Cid@Xra{7V)9AKp}>p0j;eN
z;XZ8i;u;}UZNXA144CQEU+iTN9ch6${<|YpH(2P=Ze>et42j%L8<EiJJ*cumFX573
zoNmDaih^s3H91f#6#pp;f~^jT(6Bu$Rpn|H*)`#_a{XU=rf!6>P#h*{^;AV~{90^`
z<a~c-Or<hWo0y7$PyY4v@{hAGmndJ7w-!F|0&qJdskynTy6>&}={m^BLHar^k+C+3
zOnG@aj^bjE7+qZpN0sp!KqN&!wo81bRC2<w9B8L5rF3!n`={~cm-CaW^OL`PIXyq&
zgEtkj^Bs~O)UX}mUg9d~hCxdNYwmsO<b^h|Y_}5zLPIR4o;a6;W1S|c437uMw0Gl+
zlY_l~{nvkGr-x8MaKJNmqO%YiSqM%NKIt|n$T8}KQA^}sx)U}^j!7m{dyK@4`Nl8e
zGk9&@0=i%%;phP_y?>qVd|lCR2HjryfxWV`!D(u<>}9^&bZ97`Ti5{PhAX`8Lm8fE
z8i-}{f@^pB%ncvwAn-J$l8SW}IFTjHy$WA!zrZY^T+>C#@W>SDETNzfQ7)UdokgV%
z%!f6k#!zb>_9HiD(oK*Yl4BCd=B~k&Jhbx12?DMk)fw`H@4MUIsPt)jUT}v>0*aXq
z-O)Z<H8RZJ^^pEdLo}=7OgqlB8S<+yXKJL@4rOi)a8nykHp(1<oAxjFA*s#5P~~#G
z1Cx95-G%~5{fN{Qy~}vKCKQ)t+BAkvi&u@881D7GAY7eR?gY~l$B>?oenpK|EPre_
zL#kg>m-9UFgvWUt+(OyAMxr$xDaufrk>du=Q8QMfzC*Niam$vbw~>}Ixs@&HIa-Mj
z&~1j;&jZl>v2d2hc=FXq?(o$Pu?m(#CmNBmrMReONcu(5?gcFSk$fy|A<PfG*=)qN
zw#|wV_YEvv+wgXpsI6`tNaFgCu2y1c!&_MgZ{V5;1;_{6+e7&G1n*sHAu@M!YsOaU
zNcR^+y0=e#>xmvK=$%vCDoF;y#*7;Ay~z^VtH{NItKj%sIo4V{hFzUQaZHD{e+_+v
zRdWRmWrj>#Zk^o-Z@k+{91Q8+ID@7x3|Eh0VSTl}o@&_@4UheW;i=Og46)lQUp|lI
zw@=%`+=##YCh%sZU53+U)-W49pf+Fd9uslY*vXcL$cs;0CQV5o)*pXYT0+@E>=;eX
z1tadT3PvSHD#e!Y3};ZMF%~D%m5io!M=POC3kk2|xNfBytW^e#B~;6G?yj8JzPb^P
zTm;(34HKYS1Y@PTeQFBZ*J17*=DxY?0CV??0Cy^_+}jf>#oz}i_P&D>o;c7z7h8I_
zq!;ck&#iX+TQ>}RxFmzatMOLZR^&J{<IKX6oqz56j@1(ehmIj}yv}0_nl3|8E%D+$
z9k>piu4oUzJe{BXWw^b)lQD*Dxm@E0Su13}*Uw<=IT$|ixi7QT1LbyoYj@jPxPBt+
zWM7$l4tk*tXe;El27m9s_a|NA(e7?li+l`?60hlcpo8t0tXYtVW!;M6WTJGx%n?>D
zKRih@EVTHMW|{0*&5UptPR2N;oXC{F51lxXeXD#f({erYHJ%Dr=w0G^Gu;45W;+gk
z;Cccc;^iI=IYUKvfGTVSUD*<Rf$6IyrV#TJW>tU^mildd%|PbSzkdGS0#Cf9`wMiv
zttFzqNaxC!>YfS-v(9N7MuY%cA{{34HliOh*9c7Pv0d^~GNEEdAqQ$;)SMT{veRxX
z^H%KaeExiX_Ej?0EtP3T&$8*0tPH6OK}?`0-7bLhU1nmqMP<u2be^qcsj^Th19s)P
z=>ZPsPT8~Jh!TIw#0jq!Nd53@dNeqIy0;0TOZ_!(Y^|s(=wvfe@<lAexibtCzo2m|
zcD5Ei&lDP?>bVf<r^;J}=;$828Cku*VG9l$FV#`zyq~wuEs?86k}Cn}Qj|rVS=vr5
zZ&%IsyE4x|gsX;X5{8toDpo{rpO-#F*c-@y+(z*64awZs8Y=&5QAKBv`fEifwp?K~
zO$<SDY4yWgoBr%Ef_(Vcg3UFA%{5djjb9{~qi$vO=}?(Ct2c8Ncoo>jB7-a&skfOp
zH}<U?giUF~-NE4<9NrB1b#Qnsm!pHjn+At}tv|;6UPnm|h4%t{2o$#hgB$6QH%K+~
zK3|i~R^^+qDD|b8+2h`}dbSpe4AzG#%@F#FB5V!(>R}}9hWjh$d=GN|b<2R-(e_3_
z?f$R7s+i*a$?=ENPa=}wYpr%9&VC@2o3Uj&lD0)8?F-V|dg6;_-)My~Mwp<mCXN@}
zVb*Km`tBlG(CR1<l@hFgz6#6i;S?%DoTrY<eLhr|GHt;aevOhPaBPv@=GmSJPcU+Z
zHk~dv;_W<nH(tTAi4P5<eYjJxu>AzET|5OWNOCHC7E+!N-iXtKkjtp!X6vJP58-BY
z@uLE2&;?kCp8Lvyy0lnq@D=*^^Rmj8=)kOP=x7C^>R8y0g>5VgTim|56;gc!6ier5
zV3@HEY%K*_^)Am{^X86T{V7X4+TE*akxhD4GZb4AnFolKDfyzpGuo54U`Di7W$+r4
zLzTwmx%(qlCfH0rY>kL8hJG{*AgxfGG?B$<w_G?PTurK$FzF`EBTax5!$ytt*|_Q1
zix9QZ*|P*1ZHXuzLW`nCD*B>&WVC9bsgT#;LS_7W9~f%zqmW*yo)@iJpldZvOCS`B
zR!2oSXZFm9Xl>+|YrndVyEQRU^A%;7s1Ab$5}J-GgF@?Zl01|I-QKPx30k!lrz9wJ
zH(y7BN;I$sR#m3S`}#$(48Ug+pO6^1#Wo@h$vHQK_!M&8nDmsVC8D11Wu>Et^-R;p
zfO+PhiWUqMLFJseT(Pxuuw{u(16#ekWy=@5JI?dRBASl#>^RSk^K8I!bew0$dH#$Y
z6%5rmjZNCXK}Hur){~nd?3(kNSf?-IH%kJHW(d9GH`%Ni+o)%3pMHTSJ<xsSwjrA%
zL^j8=S)dZT3`6o>zZ~uZ|AMbbS){4ckX=$UWHWN6N$AEMviZ0ZvpsrSPjW7UZ2IZd
z&}<u2m6*WhlVz);w}l*7jvpo1$yzK_<i>z;!YeJ|$Jw$rp!%7*z6F$zb$8=>4nrC=
z^$M9yD~S+I;E!`>z-5V#39|s`=i}3%h-<{d4u2BzrX1+pk8J{IgP+LR6v$-?Nq`La
zEP{JEaD|{D$&v<vn|GL7C!Q&Eudkgj(!1f>9)p~xvTYW78^#zsgfwMNOzE#uY}*Uq
zZ@@aU)<FV`0(re|3hUCLn;p8jx$FSl)T=eZfd(nvy0)Alz7fM|aGM>oxsKV?dCgpd
zQd=1^p}6vRX@%q-(uTBSH9J=Gr!4VkcfYDdPFc;(IZdODD0sdOw!KU*FWZv<IR(C0
zWj3-ZfH<e%nLlsIy)uDk7|!Qt8`=`dp0dYX$hV@1RR7A6Y35V?<kzNbQ%hub;lw5e
zo3;4G)*aoiO;}i~N8qex3S>7`JYn4USsk@1CA|R&TS@!W$|O<>#Pao9Nt+b1pC-JS
z%2OpzCZX+5Z!G7#Gfkd(u0i!O%~L&Pohwtx=`*>fZ8??ilh?gaW+%0E5Nw7chPHoL
zT|+>uzYd2j0cd+VVWu4_h{Co;{>SzbPhHH5!~tKpQiHqF2FoIFoqCS#C(A7y4hAwx
zh2{s=JPE~1Lz&eKoj8P~JUFVp<IMDS|1gc9A&KXP(3>*hvN6Ib4?RRURbDx7yf#TM
zV+YUNTjbDAZ4blEiCiPlW++65ZFbmZGvwD{o3&hy4%=)Rw%H9>@9@D#;De7GqMrBB
z28I_lC~(2rLkwR2`={adYXk;QeK&T6##?b{`w=%tb9^jVLPcO2Bt9k{7qWF5G%*V@
zRduYj_m;Nsj^Ucw!V2zuaa!KE%Z5N%9ZdLwV8TwPn*bWxMxBg%Bocn8dNSIy3fLjc
zrB%fyis`zF=Ul^lC5Wp7Or5|hWMwp6YlZ_S;^6rf2|IXpZrKy@R0|e3vcxx71irHx
zE`nS51c!suOn1jWPJjOcA;Bf2d&ZwnEjtn)M_+_WTXzA?iG;7wlyJQMU|?=%D*n%o
zV`s6%!mTU!y>0CLB%)rQ`p!o+Q^}Ro1T37QHjjUUtJJdZsF2k_YAC#M;!90Nw=u$B
z26ID6n*v|75+1x1TXyEcy1^=|y-Q6D53MiaA7jkg!B6i7mSazEXtUqmgAhJz<*-VI
zkYt2hrM}Is#z!PHMlNUW9FyL${+xHM5YlenIu;Sf7XRUx#wXE;Q_1zAc}9#b3mB%m
zAn|4v9%pwhOjq@=W3qng^`gL<+pY)aka&k#;(+;5F3NzD#)$L?M{)!F>jemTPYC(q
z{5MIDFv-6_SEA?6r4NW#3^YWukM)&E?B58kD`=ggp=$z6m={aIMu8za+WG%JgpV6u
z!d~yA2YDN~`1(2AIE25A*Qgzq07=D(9XU`_WEtrvu{O9@!xrrY?g*^DY)jEDoN#&r
zHvy<?MTakLu<oPXgQ`|uPoBZupY+f~$}n75isL29(3$|-<Z&DJ6<MxfG!0-lwDi8I
zt&nz{$nE$0$)yz~iv`?F7W-N$lU9Ld_WXG((ACMGMLs~|6^Ds%Ww4q>kr39jNRCj?
zQWE{=mVT&kO`rW`?Suw<3GOe%N~wewZY1I&;R{Wi_|Ac@>bS&FGC_YCM}O0sv}6%-
z@E%2ksf4ejsY5}JwqI>;(~kpX@2-4%A(;yd%Rcf0xhE<Z5Yl@ePtK437=OCl9;xR|
zr&J}TU+nLVMp;%yn&XAzhy#+ynOoIep)FfSo2jm!RWjX>Hg(NFf{e%+Y#gk5OT?zN
zER#C#MjR`{HJ6M-Dt#}!64UboL)Hoslp4vcsyz3bu_!|4w;<Ri#RjKMUK;J|6pgQL
z3Ce-lEm;%EAt`;N9q)u;z$r1_<>JhgJtI?Q$))p_kdn+uax+<{1s+in&c(NQW}dU^
zbN1ap5?Yun0+X#>AW*+ke#|7{me9tjieo}%<TiO|I|@xqOGL{Cg@R%p_5(=+;I76w
zl#Y0)OfneG#GX)LN(9e>X|kZ(-^w0*b5>F28jQ3#l$?kt*-U1QZ5gK++qDiE6MZL~
zdPr{4G(B9TOp@Kg6i<kRALKvLAC=F^%2Id#!I>{}P_N#ZE~<<z-s!Ogyova_zH<k9
z6NE6pN%*C5+!BAJGt+&iEq29dQi*o)#06uxvJxMjdEFYrc1&36p>;|t_wK*`^M6ML
zA-sqLBB;#2mfE1-@x?`nvln2~Iau@=1G!3>oePJLXUCYhfq7lFx5b0F_=RwqN6;u<
z@vquWHs5PXC*c#`+HWr)i*cl33(S)YQ;p#0&0tp-6j61*P$A}N%Ma5!TfH)euaB7R
zg?`vh*a3B~Z(^Z=<ZhBmI?(D=KRb@J&Lzet^pU+i&sr$;E$LExrl`a!98h2!+u^mN
zvf5VfmWrHokzRk9hjoVQrgRLcJ*RtbPNNxe?kL?Kliv%Wbkk}ALAui@oYNDo-1!w_
zh!fB0c-^1HCFYZLCRa!~y9|M7<nGMpn<>1q*JZ)rOhzyJGS2LoufYUg=9&6m1H_{F
ziqBu*6E04&ubQPGi1~uQj7#!4;EHuL@)Od?G_D-wngx@ATZLv00H<My)t4R%d<_7b
zjzmzy?&QqzUE6#0FJpx|iI|DH<q`vhML9*dX+9k|<Ap?2Lp+z}L(u!LMk$?ZTYq&X
z)@OT#`;C%#F&qU<MgO`H6|JrBmoKO9t^fKz|I0d;GqFA^Jvh1_jBFVz{id9iE-3E^
z0YxyT!Cly1Z?ruSQH%HhzBS)#STo|9k<n6m4G~@w$mo}@!Sw`N&4#N5YhcfA9LSn+
zK|#xAmn_Tx&TohOfSuuto<x)7Bj_xLqvvHmcPd*#$^)K$i{0HRv9qB2>$Y$0Sn^Gl
zp7{0=Gt|p4h{fw7^bcZqvs5?WZ6yOMzD*L^)79n(bwhlM2IA5>J#S>B2G*%O?JdNy
zgt~EQi}VobL{sB{YZCg@1J>QtkUlkn1WkjL)$wWhZm90JZr~B^=m0UVlvOEGQ*f_V
z0@LG^lFm0+rQ~qeU6sk`OQGQ?D81=y_96m#+S1f7s4yH^j^|#xuqUzS$AhjDya3^4
ziRrW@)tCrEn5Ys4e}`$xkv7^lBP%4OQ>sZkK1J^a4l6onmC<PpBz-z3P8xJfL!!YN
zYlXXk(pNn*X~Mf8ZOq1VMW!99x!<?`><4%L@V1Cmrdgm;M2A_l&x?=VTBGf4OZ+m7
zOrX#9mf}a@=Y{T+pSioEv3z^hOqhgCq+E~Vv057Xb!El$A7*g1>qT^#LD(_lFeOLJ
z+?aDKEfMt1spk$lVvtdJb|$*ARba5w&eyI>k=$ST|6cw2t88%ghPRwJq~`&*=LJ{w
zPic4*^|itD8Dmh38S9lTL9U%&Wa3;YtOeAjeo8Z8xOCJ70J<R6FC++%a6Gh5KYbm4
zIDLOL{&@D~)1}sp4&!3mpE>|06$LX`_+LCftKOu|vHeQY<(;~3tnQ$sdpkQB)f7&t
z3))C`o?gK?GefOG{n58lzG*7hG_`}{Y?1{eTxh1wT@Zfjtb6%|3n6H!!M)vV>caZw
zI7`frcpe)i_UBO3JI!80`=_z3X})`4)^~F1{Xp(ZyRo7Yjg&!xpM>?90Y}=Bm3XAy
zOSN~ti)VN%OUvB})u$_8$gE3)-s!t;$%~OfQtJ||Fcl!3lv<J;-I3=;i>r%<BwBn<
z%p_d*OsU~4xyz*pIQ)z$I*b4d!B3qT+^A0Fd-^`=fZrzse#e}uPhDfQFVb|RagV%?
ztA$MiaA!sXYeY^>=qPQ+Hwh9g-!=>#kH$^qPL7CL>XH?^rz|DE1s?DHhtb9w`YVT^
z#Bu0Ol2{f)uzse0!ya{3h?4o-ow|r)B>pVg!hwd|alz>iEb{Pj&IE{rv%u*ESv}j^
z5Do6o;0_ILg8Vu(xTXtJ-_i2gaRyU{zgyAN1}{t;L#}UO+K7%h@u>KP48Qw)1X;b*
z)k|m4YuUnPtk2i<$U9GfmOW;2v_1<}5b+qvy=DlyLsbh<)$*k^sa0dW6}Xxv)>;Ot
z{#p*Inq^2ZYpMv@IHa$GQeQfh`jWJ@o~WP(pgI|GdyapNS4E(VZ9@YKJ67@+3*-Q|
zkiw?Smck;H@TGqvv%Cr*T^1{jl)L<bUlC#ZR8>t9pX&k<MV)^aOPk&Y?&b^gJfK=2
zHuj@J_?J`hX>ex-62TpBT4&yr`}RT-2JZ5knun<#R=;Ek`4>~|ph-=1gY7XVX=;gd
zfZrJ03Gpq~z3#rcMN{yajy~<^({fool0I#PY|7!%Qs}n0zbld_?Vuiu!O;yU(N;)j
zzi+)WJKu7`AF#XC;X~U%s_u^R9{Bj(@n~nath?iz(T;p5d+D2>qHcTRznXHwRSS^5
zsjOrwTh18X(G~bK<QW6UChKt-Plu~vtUX-!51plh2job?7}<9oY3~gG(%-T4y+#_F
zfnSGxx5!c*aF{E{Gn+iv=Pi3zwubK#S9qIG2LR`R-pGlQWlN-4j=h)x#M^=`gN4@m
zLS2=~bQ3z)hAj>C3#fYA)}DAgA1|%tU??uLRTnNPaj`N(FftmQ+Y-4yUYAEqddUW(
zYD5IzMB!eRomywq`mvy*oVr|wCZ>Xhf&<tZ+$NRqU6slE+!^wXVUE6i;D)@ymgavM
zXBwJAR3%3QsCKzg><V)|PkcHOJ9Wl>tOY_X!xE#L;7+zbU52i(<5JO~k8A8w7gzGt
zaw8J}%HuoyEfMjlIjzgObAVfu#~`;njjY|R*8}WYyS8O*wqY$?l}PDn*+VydN-v`I
z$}Fu|C+yFSX^0!`xSWb8GhMT35QcEQehDdbm{~J*<kSqJ?qo*3B}=Jb)50FJAnUZv
zEXE|_Ag~o(>dw_g;tnq@`qoc@mloEV^k5c;#IXA6w*tf}_?Y&WJClk`Ky?=MbloZW
zB=Dj(aS1kKN5|QHhWk@)$0)z4x$ZH$ze%h)*`^_y*I}U@7TN^)by#Rk7pA^gXvt}^
zZT0LJ;0NG8f&N6;0hk8-WizDywf?Z@8X~9}GVVCf0?yN1)e9;?7=-6XeWlxlbB?w*
zz&W#RV_;|O?lcsY>%h*|fSoT&Z|h0tnLS1g$z#|GUC>}^kG>3A-4`NY#ylWK77K*!
zCfM@{=5o0t5t{2KiXY279^|k*7qY}bsPgJKtFQRe84`_><uVAxH%*5!r<5oSPZNJ(
z81d*j@vN!q@!Up=;O_upb?gPyt;IWafatTT;Ew~M@N&aWXlhJ|sG)|%gy>O*4mDr0
znMT4p%ljoVd(;$;rXxi=QnXxFWuz#L)6#g+)^{ZB0LXQCXa<1HO!LK2i|athomabi
z>*itqWh?^3Aaw2>as6Zv<O^7qeX+Mw_6|!Z*N)iM;Fr%F@e$BPED}~x-MJw;(2f#p
zxZ$`Vdwfkf>#Ai&f30evf0wJOIY?K+&#@y_T!VjQeVYt0Iv(XH&jaf%UZ<5$7>{1P
zdPV=}$$+ijKay2$4iAL=+ueEIqI1nezYC&=|1A)?y<9rJM7;ll{!=Kz-8PGGV$Vok
z=&Y@C%}wZ;k@=zQ_NP(GZk%$8^x*LM4}%Kj%<SP0VaZtoBNVyLAYx^*-h{6utTvAy
zJPN7Z-KmzSty-%U7b^+*yt?joD!GP@Ex=&bxA5Eyj1@*=^MuKZkn_e0sgAhb{byIF
zus^P_2EmnzHs@QkQ(x_C+x5#Z?%b6`)l9jF;SQGQ&qex8rqlOPA#JP{Wpm}OMc%y`
zn5E0f&Z6i~X0}t}(gY{fYj-nGzqf?~z>)gf2nC6Sa>1XuHpjlfTQ@^FIuf!YA)6q-
zj)bh~!Zd({6n33+RpM~z5d$fXiWGqq|IS(a5=XZgi}JNWpd=JFHNhVlh)pxZ-7%Bv
zm`Sm~MZ{$JqPGm69F^mfe9bGe_J%m$%R0R{vqo=r_V&}VVvk4Hf(7HJH3Ubi8Aj<l
z*EV!WZiw)jfKk3|{jDd<rf^CnVV;D|C<q$$I1vBD+PSQ{+C^(55k`QKt^>F>2=C{n
z_XBmDQd>YqE3+*$<=YG=b|g*!FSr(t7UaKFqfBe+*-<3EKOI)Gaao5#))|Gw{P8Lh
zD@f!aC25G-l?tJhku*c=yh^i67{i6RBajD`TG_NwvK_(L5sc-s>IlY-#MBXt>!kC;
z1mjL&D@T)HJhtaf?kTFY@|W@P__veoj$<t47)2NhGprG0jDVq9Bwp+;Jym0+6ObEr
zP|cLPyZ$LHBTj<Z1|3oAaq?BlGg4q)#ezR||3p-aNl}Ydy|bb{TanNFtcBm|q<o=u
z?jo7w{K{;L**X9T)d}puO%qi)6FiQO$HyErJ__)XYg0*wxq2vRMlDrOWSr=X5ls^&
zIoC>mf3!Pd2~)Gn%329ZQ&(l(+n4IPFV(fv$LG<<{Z1cq`Z(T`>d1UfgvmzA6?cmH
zJc_9#-cr@ns6%o=OE31V=@u(H8pwv2<YnnXMw*eS!;Un3Leel7G4O312pP6u@%lzf
zM`LSD?Idyv`N5sO^+~IHWYgR|b}t6ft`FcEe}*!Y4k0AJ*JHyGf35Z19wEmVs%hb>
z`l1)+xN|O;f~-?dZwvi-=h$%|qwFwheX)GXjC{v8c6{Sc6mv7=*YS-tU6}gvjbFhq
z9~LCOPRV8;W|I$te1JE|`Pj`^m9Gr|9Oa3b=PKlI0qa<D702R<&5(S@Iu@~xa;=L%
z$4%G2W!U3RIrcbBM0Dg&S0vM!Gq*)FfujwN$L}fY9EgxixXI1fGc^Mp<;W7-Yl!%o
zfI7Z3ovkOGX7-9isTy3`oiOIvc~wCYGp`8GG1kdo*U&rVN#nC%n!t%5%r`HkdZE=5
z3);`3jjpe?epF8tMt<huH^U~C5r**MH8XdLhm4BDA=I9P!JYUshx`Yb^H+)($X)>e
z*^~(k4I?0@b~w8Uyjhlm%;=kH3mM3J^}&)XZN@&Jqe0rIt83a4G7hP)ksYD^n5>i@
z!gLOYrtQGelglC=#P1bs0MgZi7ilFa`ISan=i%B&1k!509>vwfMOr-yxce#PhQ<Px
z9)>)%g9zN|TVr1bB)@z)eNSfqMXlWN6h?&O1niuIWdR9L%Ng;i{B|2y%oiX*9wlxC
zH0V}N6nEj|5_Sw>A`+-eDes90qQ1ezpjFOFf$sI9K(!0W4m=8Nq#4A!QQ}%2aETu}
z9<GQmZqa6k)e8{)9%baE$N~I~lKI@7y5K9M+j<Iq0bb2uNy54;fDS=*)mMN^7dVvL
zLU*JgR=-+Ga8#8Fh{J9P)g7BiLAi0nQg1k)56=aYo{yY#>|Wm9<>xTFJmeidl_p_6
zZ~eA1;a@nh5&{slBuqI$PeNDVp`U#`y)+%QL+c-umdVr9oB_f;I4Bqs!jIE`(A`bb
zK4Z=*<!;KFFZy^q#$4@z`E*V;8PCP)v;M3slWja(k=gnyW~n!BJo$Y#00MJF5B*ac
z@o4zBe2Cy8_^na2w4Ii|%~KhP^Uz>aXirkPwIwq8nhqINQqbvl0#$YE#ZOY?k6Es6
ziP(<$qClorKM#Y2AxpD`C}C1iu7BRas#VJAVRLVL*!K>O&%V5=HUm#sJm*^a!wP;5
zX7(yWn*mf!!_KvL{qO&yZM*sd6kM<mH+Zqx+?8-h;L}XqO$C_^FL)*{W!G@Ju<P?+
zmZ&X9iDo8?lFT5S@(hvqaeCuSzoF2Jg*$VjrDw0AEjgIhJihro;g*2-?{Mb$!NT?F
z<LD|Gu!X9cFBeD|>tF)(Q9o;q#Cx@5{d(hx@WO{n5ed^;^sRGjRc=89WbIg!1THy)
z0A0A}49>jic#?x9Bt}1wl_6`zD}W8~wX1oi&-j}DZ7hNKg99~+SeUMX8o@5V3aOHF
zW8XUZFe8thW~E{93^xc{vYKjKw>zf|1>U^l-@0MoW8GNIe}ZyA7}?&|ZQx>agayR$
z0Sws;zooC$cO=Aca<VtfSQd^D04KA8!Qaa;fXtxgbn^ou^84n*TV5bm(vP7}0~-f!
z-VB34=M*kZ?09-3U)YptL9M~k2e5pq9%Y(axh0iLvF6ehBBz%n2d%KNa7a4v>W8>N
z*n>lug6ui)mW}~cdcX?VtgnwbBku>QXkv*};|}CdKLu9eJ96o;l?OHuQH}6VKYbm4
zIDLOL{&@D~)8#;X*!lab(@*2$%hRtXl7}Tnic=jfQ?W9(YKZ=J&`bd|W2zdHGiS11
z2DHrH&giw&l`j|X2iD1#bKz7-bySCAYnYk6a%LuX2VV|>3w#HrAj*^v?6QkLuEy`b
zjz1lXf4v)jfFG_d&&QuGemgmD#)hgHQPWLe{SoPP`dm}m=7for+*)AECh#`E5fG2M
zSX2$N=!_#gbqsC9Lrlu33nh|#f%l8DLr^_uc8$%1BJ3iTCtsihd8-)Urns>UgI=JH
zq=*(bJ^b};dP@6JjX}-p3QhHesDs%m+w+1u){a-`%ED?g`og`#99sk_@`<-V-s>I1
z#5Ya+Z@$nMdaNnc&yIO{81vE!JV1nVX9%Ta@s`#%0YhMg>q2M?qV|bluWwy!28+Zu
zq2owk#Hevl0JUp<w?-W=@{ojMWvecEk%y+1Ohlvx9iu9fAlKrJiB?(Hq!5NcKck>`
z9&DYGRuk2g@hcNA*Qbnx<+P+mElw{fVy)<BJ}E8swM2jq&`&+Sy<bPI-prlPg`X+@
zt(Aw$+N5;4d!O#=;_vkL5&E0W$aFgV>^huXf=-Vgp~vSZUr)|2#vfRJdz^ykcOJt7
zi58i=$)$=6RGIqVXz--PZL3l#>ROK-<GIKv8zQ$%#1DnvKzz3vXoLYIWoJ#Zz&)k$
z1!lt_dLU9Dx@upPV_%^zt<r#06t<uCzFK<;gmc+by3l-;mP%kbvnK-<-BlB;o;+as
zoPI4Br;I?t*tDQpf;L|}&^y!_O|}qdFjL6L5uCvwiK5cNEzgqBzj7v7hM(CG9qTB8
z0!kpKKPRyAMuUxiY+4KaXUlMb{c>DDyX=9p*LL>zEgtbLi`fmC!qlMvFC7JVIl5ZU
z+V58?q|2@vM%w~i_GH3&9!suIhFF!M8j%g_<SvrMK-T@?8>dsgL}Wj6koTezKRE(`
zy2fGR^X#wCjlOMA{KtVAap*eYR~-oO6G4Deyy&gE1pCEGLSwv^O9%ER-!@kZKS1ss
z`lK?<Bch2#5IS^MT<&WcvR;M;q`O}u0(SNf=$B0?Y;`C=hXQmcz-D6UP=HNP091{;
zU=0DVV+r4>BLE(f%iFCimxo|w0<c@gvl?F<pPm{=Zbaz(dpH^8Qi~s{<;|Eo-=qht
zRz~q0{~G$)Q&%;-ODJCXyy?=)M9iuG2QwC$=-;Bu!4Kh_|IV76e>K_Y%EY^QiRwxS
zv8*Bmk5yKcs>$v@*l_nBq`UuscmKNw@BV|9h*(bb@M-kck6M9)&I;UD_CqPHE%7y^
zz*n7Fcwm7KTtcm#1%>W->0<L%7A+C2>|l{Ue6%X5ZgzzNM{yur?=5vjRSqr325%E;
z_G|T2zCyFSSO;y1WK#<ea$hL3r3Fkvg6+<VX_k@6veL*It2cp033fQWfv4)d50Z#0
zfAIXiVNjkKc&*Mh$Q}jMX&|r17$0K0MtWwxivTtXpavnEnABQiQfpn8ALn{e8zzMP
zFZOWDitdC8VSXE;{q(*)^a9b|j_dH7ed56*%J7$ItL(BG0B8N>=ivFHeZyv`R9A*C
zD8uVol)b9|QLo7z>B)bU_-|F={ln?S<#3yd?{J!!$vE+cK`SM!XW;@YT;Ccsu9Vr8
z-Ct1I{l#i&J!`CLibX1AOA1z@lmJW)jWv<8MCFQb4OPu?AJIXsjUE{pgGcf+D{kp3
zK75O78Jb73`%v2BNB^3#^H+B%zq(qyb?Z8JnU;!{SXvQ}uGEEnnQ5^}TSP!I5wG;H
zv<lVs(Ll|R-~v0>(p~5_r>V^V3ikXI*?I>WI>5V*no>sU>g`><ee-%d$wk^#=s06^
zStF{2`d0}P?0PujV7d~4H0+Fp{ms#BCdJv{a<@XNB2*j;nYb~wnx8%_XW0q~?e(oc
zBOG7aYZ$LpWGsAy-5hbU5cGY%f){Va0A)a$zXARiBn=~~<>B9z_cvJo(cWHDGWlqb
zd_HuS;_qEJu|DLX4mGCAgt@NLtYkuo50GCfHI(Kpb{A@y$c_Vl?uN2=Jl8K!9KuNw
zpPPvsOp(2PyMf#HGQ{+-ZTkP9bVl8_EZ>&FVrlE!5_JwD)triDuhmx9R=-*5S2OaU
zYV{)vr`=5?AsO`#n5RhjE!EF3&Ql5Xgb|vhoWssIZlImR(Rx0n)5H>IMubqedV6pP
znV7@Cg9ZdgXLR2Z@s&_uISbpu@1jzoI9k){36EQ*N`O;HFhQvC1yLe?5T8UjQt`GF
z?$TRlySg_dA6n~*`d`5*#ibM*MCB)C9<#8IJ}nGZ$IW~4d=TKip-o4g2_FhQIuW?k
zJ?nFo9Bbr!5#AOGfXTCY;>m=McqPuMfr|OpG`-GO+T<62X;!YEpzCuNgx@mi$HWV1
z;LPz|+ZzV+A;`g<Iyfd`VS5lSvt~CX+5Qr0>pN7`y);O>Tv>gzy-{5qpL^=Z4)i-#
z6?HjsPn?#hg)J<fAC#2OA&Y$-K%LC>V9O9T6VU{0voS<7wnWVe>GD9dy@rUd_NDX}
zr?K@cma-QZl@!m*Rv}p5TxKBt5hchwX$5h55BMc|80i&vZQhMI>BXnrS1-3C@%8Z=
zHsuI!V7*-4UFW4=tc-FVcBX=vc~V1YTp`byK-J)#N-B}Nn9kl{i2gEB_cq5Ns7cyA
zb)#*4cUir*6}ql?ey@niis!BP;{k_O<N2ru-eEZ~z?Q}RJ6*Dq?W!b5pjCl;OkYEU
zSJ(^3om;-+%tSoe3OVon2unaal+IzSnKs7YR$CR{uWGe>r%Jo6V|fjM`WdJ_13Tj(
zmo>|;9p~@AJ#W6WGBH0ib1xmExA`{ib;#jYCdZ-zXSi-&ee~b|N2VcaJ0*tGofLLp
zK&-YFsb!~(DjU$Vp*q4X0mM5@Rx$-_-2KCPiF%QGTZXLKBJ)S@_TNsrjb6UdOUMMP
zx3D4Vw;+GN($rCJ{hd|~S|Y$l>!8@W=f9u48z28U?YG`3Wm!Y@)WkKfdfXJ<R4Aqt
zc0n5jkZ|Htwh4QoV`8W+@{||RMW|}dioAovou`(&a5>aj!YvfMur3>zbr;m1vz%U9
znn-iul&O@Rh0;#j!aLBL!bh1VBDPi!mlhgp@L0jmMHGYd0Ci($K|S3)cj3k~ST^Uy
zVSRn<=S?4e-}2k-8&vL_p;uicJv&ZbY5+EfSEcmQ=J4kyzkT`i9u;|DoqoDJIX}6$
zY*B~!@t4a#{$sd3!aDnyPCIL6M>mrInr+I<rV&CbZYU>%P>P!q-olC-69=su@y9t~
zGj>qT3h$9KO+q*BZm>VD^w&ZKu4fTeU2dmN;MsNAn!@5NY+sm7>`0QX6Qg!|%?+=d
zuXqKq-d?hbnExqQNxt(w5l7LtNO%i2KZoj8RJyYw$B*3Dy@gvszU@z4=xJ`pc3IJ0
zZdGe~<A}HID)&!Px!1%R_;DC`18DWEj;8l&Xa8a^L~wvDp+6Ss5jIAUo4!b4UZo`H
z!i}ifA9C3rTinx2NV)LcG}mz%iYSC<Tt(=FHKwf8$~ykoq6i^-$D1$>3^=i@-xE)A
zLW*gm(iqi!YRqBN(_2w}-Jzym>ysl<vRFXh61o2<_Ohop*shFCGm6>qZ{0BP7th?s
zw<Z_i#UZ2JOMoCbNaDgX3ssP#=$YfW6DJh0jki*U$*^T@kmMfY7PwKROTnWDxknzv
zkGIIv2NNi~sXa`a7s|$d5H7^Y?gb*;w|e}0OcyNd=o=-a#Dm@C`Au|Tw0BUIHeA3?
z+RP~7F8Xv<xXtQSN2pAi#!WO9K{j0m56W#PMT?0Vl^En^C|48P6ArYqrN&cS(Rd22
zYQu-B8{y5C*2wvxT5G86p|tsY1iT{KPu8m!t$eXUB4DanZLHQhU98WYnm$lX<uO~V
zuD^Kk5k7uJ;=Dq={pC77>NNF!hDfyo%2?Ndl{K#eo&t1*HIsn~c4%bMK=!D*!X8yu
zVu`hO3o4#Pm{rwb@L~imvF1m$WL0nzd>&sO|AE^8QdVLQz<+21&>*TFbX>A6{<Sr6
zyuiQKx|s7K^h>-D3N&Y8Gp(#iFv}K_TfQR<+pUbSS<Fk8h)&aT7~~gCk!Y3NHq%*D
z#iBU!KJ7!v^P8ly?}VEZZb5z;hF)S`5m-hnOJXpOqYtJrq&wl}+EoxQ!F1TS0d_F3
zJ?ftgeYJhPZ51xi-u8$-?@at-E=~i$dE{*~;g!p5Oz12SLru**+8zB`OH=aKwMHpa
zMp>+&S?m}V7CVX)K!(}?17VoG^=WAKU<*1OXgTdC`GDQr2NY>N&S{ixG>3`Obu5NP
zH0*>vsz0#81e<FHw1w<Rf=#2ulkae#2vu~_8(MHh#0ew3?kBd8IF-p|iXg*J8wn3=
zSz~y@+<k|8ti?SJHm>AQdPdS8qmAf~vF8<3d>>pbY!Ci%JU)MaaXD6l3iJu9>{p5X
z6Xiy(bGp?FuCEErvJ;p-3Qe<`(lMZ3+y~09A(E>Z^wA!jt!LH#D>eHE*5fWvC#r=v
zUd77HL&y2Mvz7St!=YRpLj2SWAy_MI6cS#pxWT-{tvf^a17C$@MM8h23D=g9Igcn=
zE`t!-IxL}RMhGCs;WpRe-~+@*1M@KzZwbBhP0-`x$@|kU9|`sN6Mu-%9Uhd)RLaa*
zit`5lSa?iTiUV+0n&MH{oCqnLeSpd&K1=EqQ9+<^YV-lCj%6#|iPf|W$Vk4Grh!JH
zqDIKaQzMblFdXX_OL$$j9Mf>src@1ENr8MV>*i3{z(EaRK|6+ENGs~>I6+S4Gm(-(
z;Dv?=^A3R|C!L|fV1o#G#4sPSoT~O#!rh08d@JMzq=%vjvvxyH@AIsM0}-ejEzp8w
zkQf;vLzXDSV=Fy)#1RErDc<~6&yMnGC|(?{S|Mk%9YhB7I2g{{Yu8Mt$$d<O7m6J6
zWv~ps<84K8GU;fK4OV=#_qwVz|K0JCf5K7d``RdUKHGWz`8k~FYX12?+pKeK{`tM5
z&-b4<nO&Jg&o<vT(|m;0gW)4W_}6eXAFekpZvx-hf;6+o_xEUbY2wB`M^{dtxnfY6
zkRMPnfa0I^4@y1J?>V<c|M@Kp{_b#6Z9xAa)i<66el6?)sI42%)s{8)0{ESJ{y*zg
zfUIogHY~~0N)9aFx#Kc>(R#@`*_Ewzls7h1Tg3Vo?8B6Gj&wr<PNyBh9K=GYVK@k{
zM1M!(pYjb%BgJEj+aX!4Vy+8FsVX^(Y3gO`7O^oot{#Wc%Of-uH?;<+U{ZZOJdJ~O
zp2opFp2R^*B&IwGVFcNm(2kq#{J;17=SJ@g4Mk2Y?byVgeuH085KVppso`5w|GJ}^
zEFVZkjndGs|M#@~vf0d^RTb|BXp<Z^gCAiQpY9z)jNYeoN!D?e2nIO@2B$<7>6WZk
z?~`+FgE|lKA-aJD2Ug!A=fKFeUV~+kr+eDWfi{d4y9?MA{w%mN1gf=lAn6ae=&zrQ
zvI$A<-N}1s$#SShEnm1mlPYe;`tZ$2HCqKwLoi8jVFrLx+)nhUF!d!Jar6~Xxhv)W
zaf_Et9k*JPPihS$@iJ+ZHM}JS4PH!|Pg0bya~!zQVL~}+d_#SWlxN;Y(kS~e2j#t2
zbo_?i5mBPwqz9jFUHXuL?zz(7a%lKhQ2k@A>QV8g4_(!Rsf&9Y|AvxOMx&JN1rR{5
zcC0TXd92)DFh>0wS)VOsi26lcU^e4`SX(a0RaaeLKI%NcQ85Y7M)v2Roc%$9Dk{tl
z_PCopbd-~iLq=NIgl6oenjt_F$ax5-vLV820tNJvwYQ$Y#tF<x5h90J-}RS?6siom
zu*M1QUIq(FQJsidy};tYSJT%=U%y*5g#$f}SppEzBurvwh#$1YpG&MTcpwTj%FKDe
zw1k@YS=R04mMABf{MQgyp@~=z?pz$RlWu32+k(`A1bTEeU@wrjdRoS!)qj;C)OBUT
z8x#1fNMS#Q$EsSsusP8^)`k>|JIJSld>#h*5ZR*<EO{xmobb^GkwD)sDF`F7q&c4H
z{7wQAAj6owZ!VNCm#j+t7s}_hX2{EB7KXyhLlHL3fzR5gkPdf*MBFDrI}HAy<(v2w
z<sPD?Go=CzpBoqF7frF{)q+27>Rmy3BtcO|MT~ZK_x72GuzLFzdJIv``f60RBn4B;
z@9VTIlZmMWX`XRK^}xzRCx?_56^1y?-h*Rev+7f(_%w5)rDyBoCK8{rt!)vnW-QPm
zX!~2=*$1!bA6D;mx3wR-wKH0)RIEVjHjb8FgzPp^zOhg~se2HNiZ3Z7Ubl`-o%%IU
zb|pM7ra6GsC86HS>(&9+spA$#EQh1wyo6KDEO0iv&0R{=uEl0)?~{zQ?VTx9ryZ(f
zCzVVNupQD>9EZFQBfRe$Cro(^Igg0a?Izn%!fNDJhn`J8HzW&QYdXWsPV3eNVkd><
z+8LF`mMxiht1MIfFPP|)r>W7WrKqfu=Rf)y@Db_6#yIW55+)w>ic4Y`e;f<dav(DC
z;VVs6OFN=^5GUyuYLw%`_TUfV8jMWF$3cz}dBR(@9i34*ouTU+BO3qpfBqM42BU@p
zN`a`4(1>Esr9H65hqH^z;r1Sa8s`plH?X`QinpRT@Ekuab&Fp{SMaA=jyQrWcp0P#
zE-ueLoP1J6Z#hJ<8M~@xoQBW*YD0uqGftyz%3IF@yc*AwikxVT6mw98QFEza_29dx
z)`F82^Q73I4V>`|Ux8~$xCY;%lWd0^+h?#G;!EB-(7sD+jcCItZBO_SY3CJmaV<B5
zXNQpsQzme{56USBzs<eiu46f>WI0k@S**yFvr*q-EPA3oDYSzMb1O|9#dFR5|H?X@
zTc<QY!%jy&s#g#v9Ib?xu#m%l&|WZ@u5b=i6IJqWO8KutIXaZ%VJL?IX@KGjllcyG
z-<fS4i*3URQkWbNz$SranaDuFw%w>7><f^cNpx^u71SR$O05M%*@SeYVYdva*TWrp
zeNG;k?U3vmo<rUwnmIGx)Rch+S*g~??qX?^n?Q-I7!xJ4#F1H8MT`oqg{SGhKvS%G
zwNS^eRq4h#HA8X~Je3>6p;>ZS1job>*Uy!e=Ur-h(B^j~ck9*^?VC0`JP&C-Z(g`E
zQ47Ce3F*Sm;7k<}G-U6G=$Pd&8s%LXc+AJsi_ag%$0zR%m`3>L@fA8{SK^E|Ua+&h
zb1>ZA9qx=SN85*^{lneu|H!o)(L#|(o>#~qg3;hOq9u!Vkxbw|rB(;6R}HB$!K^P3
z>vw?tAx(c^IpIxjDrRy|3nvVPky+X+FR*7Vm1BX^vX#Bgp1I8~#Qo{)GIfh0^ogLf
zVg+;a9(7K2CEi*Ml~na^eo6}rq4AR%-_EMs+v|x{{>te2g#U12dw@x*EAiDQ`b<HM
z?KV<XRdgn*OuS>+ts%g{44Z8P>imG)L2Ut6XvzoGk*%m&gE8}(EIo{>IFdIADwHQr
zj`@{t#lbOnXpKLdpN!xCx2ty_&W`_l^4{uE!j9c)u@a_dO_>7?Thpi5h>w3}>Y_5a
zE9ycx9FEn~_jn&JpFw{MT$PORV1Gne3=DYmNcm=U?K-~0rfBKee07py<j}@McPf7Q
z8?&`ZLz3IIMl`-;^UUR}dnU0A<b`_G+w8e*^x@E83o=~rXKa4n5RRdDFXF9_^W{o{
zV^Sq!1P|B*v=GHcVIXTW@a@DWQ2U&MbFCYv^L)6*uEYTl*Z9EYl?y7@6(AZr8zCC0
zwx2-t&cHMN0ZKgJs?0yzhG6WMAsE`w32rw6Q`^PPSY6q(SqSBdK>RC&8_Zzsb*m06
zi}?1<*fll7G3FwiB!M?XeDw!1TBFMKtf+rY2kJoTC9R{|Mj2hM7I_g^h2LPkqJWb$
z8K07?f3SSq6Umyn^SMLmd43n1tiov>;a=wPivRl0|Ib=NjtwviI}(3Tll+02Qx>>T
zH-R@Z;0jiXJXkT+6vA6+<8U6X9B!m31}Y`L6o&1H-y7*ccd>A0(00vRrD;N(a;(2E
zjA@$QI5QxJn^LXo7z~}kh{XDX58Bh`Dz+KIIDuZ|vUv>z`L3@n^+J4T!WaEb$@Ui@
zoZWI305XEu+hK#GU@K&`*S9WKzSu!xv!#|<n(8H$b7!DYG#&c$>1lsp@nGFJbewo=
z>c*=rwD<nh*;)$8+1}MOn5o&l4Y9YC(h>XHmF3GdTMN#fX-)Ag%?v#%9^r1}gZQEm
zpa3?{ynW{Ecy$6jzK0sgP;na3<w%o`fYRLk4h7_`T=JXWQ}|Wam<AJGl19>5&uzOZ
z6t#hy+{E!RI^5c_m+mVYF7RMpbQ&x+s)EV_KUPDj3P%lnN>i%jWzv>7y*RVp9BhxQ
zFPF!bSsj%Ntd~dkhTEgd(az!S_TjcHk7_F{F#)m2caG-`>DpRL*7TGrpapTm1OaQC
zVo!Ng^&)wE^$*i_Ja90XJ$AOY$tf7i8>O--k2t-IXI=)vXNUviN%C|vo_O}jd`^1s
z8BZIJ#@1*&%GJPgf1lZHn)R_Ii;h>}!C>M}E~b#6R<7OAZi!@0eYmYaNQ}W4fuTwz
zl&$!s%GAk8my=%A>V#AxB)wGJIvMq}o95Va5iZUTBWa)_dy&$B%!cFdRIMG+eHU|1
zG9fitSrA=V+Ndk-`ViH3qm-qf31gW;Dt<te&KA(_yh#i~B5#xwv5}9MxmddEsf%u^
zlo~oiH;NKRb&hPx^|V@7@F5j#l(}J_;c~L8h%P5r%<1NgM80&lChHwweg9nFuIhD%
zkEq={pc!hg4XLcU(D*onM``aCHNlqEd!PdF{ptD-!I(`^wXSAgR<qB!uV>_*tMM0S
zWi>mDU%7DCo_hZ0(@(OTf8oTI_-A?(opakX1sA$!VKc@gzS$DL*-}@(=p3G={l^<}
zDZOSTd|~{OP(*zV5njy-_-#|(dKPF^M+NjCA}5Bl;TAj`QvwnC#<^jfV9NeeI*mdt
zLohd1j#9iZ98GrblRcEEl0tV$4JHrXmrnDv6*jzR83w_;q*@Q&k?d#!r2-f0RbA=+
zr<Lw=<1AolWy>R70WcK6NF}@Y(A$Do45?j<m38M#h7%j|*Fp`B(&qD05%jmt&bw$z
zL8vRhcLn&z72t(TsI{c*d7u^K+i@S?>~x^IM51AVQdgmqz*lhNO!2-I0^1Ye{l(Z?
zCKC}wTi=}3mN=%v6&^3v!hwU<jTV-DD*`8*tA4_!!z3z@D?izxHkwNzNm)edDa=aU
zV8s>(cW%VJWuGt@f5{d4QB|t(R26zziRYG9+KrI8>>ZNMMSI?CZ)LJQhAV>7<3UeH
zwHhllQS!LMl&^V8@&T#Io6Mcelz_x}RE%O2_2!eXAo}iBrtroNeaNu%Xo4}QfaYFZ
zZMuhF#CoZU|Ca|A{Fm~6r|bs`zfe7IvGge78JpUD<*jK?_PmA6rU#?@obRz#vM;x;
z7NpOXxWp}4qq9XOw$M7lYmf!(oY3*Kx|8u5OiaR_m^^>+sWQ=}b?`3*W$>~|1vuPc
z=ll1*Y*@4q(Hvcy<6BfDO-;Tnk*72l%4BPDrAyxfv90ek;760u+nkjxR#gq$0Q+&k
zQ(jsk;`J(9J-JbtU^XnabJK=H;Tt4QW##s|ONlzd&#tJ`V7o+AKqP2QE+S6IQwxhp
z63b$nVWX%Ozpu5qm9FP4w8J$a#clk*9F|yi{D_DFTjq%nl@h|bM<o-2b~+oPAxYj^
zV+Mbve5`Q@1;XzV-<Mj`>UEmzf=!&M4H^Z{Q+}586_7M2dV9_wa~G!E#Gj&YiM~o9
z5`hY7+P-x11MG7|6;749V&aI~I_vW&dhkawVa+e@8)XW3A&-SXFrgvZ_Y%m1J=DU#
zI+Ni$St_u4U(>Qw;Z%ps@B>{p@0;pSs-7*Q4-O3aAP#Lm5*8y;F>V_5Qp?oyi}CPm
zeDc}qai>~*38Ew-h>pSEg<Y41!_C-P9ggq<afH@tb3LojCw`QK4yCH)g76_NFE}Vc
zBlM^o1s?b=*ONv%$d$BHH)SAxnkD$Po$t#4K8~0MUqS_Gau!Y_vCV`J5}91W$CLM`
zUp^w4pm-MPFmeCREtdimc#k*;09tE^2T^xOK^i{XeqrDZ2r{r`xfwcw06B<1ao+*h
z>QFueZMkzM7HnVPO9;goNL|C{NaUbcjWPy7k6%#3>>1|ZH%;Tzqd3;l3LUM`(F%`~
z&#u&@A~MQE<BH;lR>)}2AUb4s>mZ3IK_bp<2<$J^;VIz**~{5;;na`t!sh?q-nZ^H
zjwEaTKTkm{1`Qc4S&}Wgs$8hWs%_V_XUdo3OV{)+76L`4ERHErOHy{J2Mz46eSqB`
z`#}39=Seo>lF1}R*>bhpq)avjn6h<sWMtgFFCwVYGz^0WxTvnU2e%qoKld-ulZVJM
z48AR(Ixq%<EbaG%euLQE?L1`2I>r)%{09UM{26|53-za()3Amvb@vL>rp*3m^S%ui
zdQ3+y1W!XsaixPQG^VnBh0tf=_$7=Tp1D>*=uJrcP~9ElMz-)qs=M5fSFnv2tqr%x
z+;NnP?WorwlLS4<P{<bu+?uskoctyPt1w1;x#kLKrOSmc?nB?%?eYA8B{o9#8HuF1
z#)+#0{Dsvk1Ys;pz{eE0Ye<0*i%bwd;~bLRfH#@>*lvWGUK6rSM_G#`5s=;s)(|r9
zP$jBZluWk_8~H0PDU>mGDD#epDv#NNtH`;~{`&7G;vfkGazE(^;CpGRjXs~Prg=Y_
zwD&&o6lFr03p)f8KV^gLCQ(@?9y75#4$V?Z&sU2zUA|W8xD57|Ojl|UH6I~4-TAQE
zcj7yb!*l~Cog}GuSq%`nl(*pC@(8>Rq-&U#@G-tJ4X_kqCU}up11o416_HBgOtn@~
z3pRJ<Y+2XgLIq_w7?ZT{VJyOwdrL~P%fSi`-lW}lG}cYN%>=G}h8ShcHP9A<c*e#j
zqxHG>0-xv3>aM^EFJM=7JHuBac&OeW8V7S}u0}GHPnGWw0p{kkP3bW&HP7Hs*{}pH
zQMtW5gNJA-Ix-5bwy9B#lt+Oh?{U(mc(+Rq#f!I)j6kKCL=%(}d?%-%Z+t8D?bRfN
z6sz(nW<i2A5V(*45x8%|$gqfiup#<bGY=kR9w?Q`V;vmp1Wnq05qb_MY9Chs5e=2T
zY*mMfaCLop-Rks+ivacJ35|@*F2Hi<V&G!O3#`+YDZ*qf<0E?kPago!ncUE3+^Ldr
z4(crie=zf{ir$tJKK>=WvH(L)<3zADOsKGq5r#5!efns)RgzI<7-_FEF@BZ|bA9iY
zI^-a%orgGi{*h@1T0s!ywsC-EJ?-GnT2uflL@CL+6;o(sRLkSw@L(1~C>-IbG)3!-
zD`ddwM@Ab6JkA=T&mMzRsU@gFItgOeuQ!SN_^7~nUf}C7AasJs%=c^<yg{`uj{pwW
zi(o$%aAh_Hu&Q|m&)^xTb+^@|8t`8aYy%L0o-VR1$4ZEXM(-)315!cvg;T#HMSM%_
zR#t}^=2URCbP+_VjLAQPA?{=m0x&0OrR-|3H-MRdIX@WTzaG<K2bNmY{#T-fzqhsY
z<?qdt`2G85Pn5$d7fU19E$Zm=MkAzb?h8yuc-`W0VWK>7L6D<G!pSf#)siuyo^H4;
zU})NGmW*z()XPDf*3HeyQALD_V<o^8JqnFJ*G6IJ2)A2$4Q}?b8m<`Gb3eBJc6EN1
zKaikeik#iAZeYTuc#O0R>a=Rvu05kMw$cc+{~5jV*7O2zzX7Oe*?>yHD55Bl+sc9l
zhcUIdQsUAThYHGw?_r+C0M;1H=Dy9-D`IOp_x(0NFbl(md1kY>iqN#U8HcKtG_^w2
zB78nPo;TSahT)@7z*`fiOa(v~AoA??WIHLQ{Wx(21I#UIypLjIER=TU?Q{?{GRUWJ
z6e@Z$f>6q17<H8L#rgip@cyJ^<qP}H-kd?|r3Sg-=u-vcyy^Wp1;zAGe!aCxAptp-
z4*}@auTZypLk@NGk>YpTT?2&t!Jf=MT0e0)<#6Hn#4ggBpbaN@c?BEqt_2(CC__`9
zcXiO;%j2)D&Mt4Yf543<(&mK#%fmGTvw9uc_reD|8^J`rAZ*wZ%sKzx|Fyas(v@4|
zy?;!6CBu8)vZ|I7*wX{<Ll!;G<irKO4g|emyfddTlg?;t!%?g_k0zmUI2aG;xcHB`
z4}O=1J3=FR%L#=mqh@Cw#lb{`(F$zW74i=SqaMNLT=Q$y`0k&F?@sJHiqLb;y$N&a
zmAVL+nd&N@s0^?|VZ%_d1?z=+(IBlL6JcX7!U&Lh+GE3thaEotgT0X25(cvwW?cd%
z7oaWyjy2nuro&2NxTxl;e$6{ySy`r#lJQL5q{kIDdP-GOszMw-n@2&6X%Za(54W`5
z81M%}EgRmp*lwa-;oqDd9&V`=Tw!(&1eujU>2^~6!_3lwuDK-h!f_9HBm=&`_t=l3
zz=xF3c&iv3k|Jyv2UH1>?$*SF^@RnS?zN_IGLP<Bm1NosoJT=c3xNnW6sky*fMIK1
z-g4OdViDqAQOEv*2r<<I3j@>&6X7L|okxwIhgbw93!J$oL8yWy*bF2sHTR~$Ky^h4
z%BiBk>u_7T;<gxDjn(_ytG-0tQ>VsA@G}PK@AArhaD^Ss1%)U^*kJ}K9NT`fx}EJ0
zAFRXv5f!e@c!ZmAG_H?*)W&;g|7vU^FlWLVPbKs;lvz|&ZU&7x%ZW|QYVyd3V&ig%
zk{(9U0BAyaAQLr^x8uR~X!C^OwiJFKruUDKE)*Gh__{%6fk&d57vDj!SZ*k<h|rF|
z5j8zy(DmMiXsO>J5tTO0g$(5`PS1kLY%W6zp@1!{G2p}rT{BQ|qH*aDxc)#E8LJLx
zpA&iNH%xq90B^kxD)c5K%SgAWb1AK4i)us}KS}{w4Jqtol{NyT49fl}AJwM=C@i%x
z8>bRcfMR(%1~F{vG)T&Y(pz@BRsfA3uT0}8IK-He%$^D~RGg6?AXF?mxKuR`?jBB5
zx~(ct(67Q~!se*@qs8-SR~Qr&v8U?WDKpZ6@J?6Cv5vh~C|rsvbg3BvpOFHPQ*?%z
zvuMkkS-B_2s-H{k?_jHzoB(yYKl(Ax`xN~lsn6Kmvd#iaz#M;G0<271+Yz{t9Ty3x
zLWi`6nSwgIG#D;{cRn)6DF~l1M7Akf_ZBD&I|*gMfT1oC*}6Rb_g1I7gOHU%G5d5x
z&*LxjWmt_q;6SP1kDqcdw(2k$F8aT=I(x`uxZnmsJwtkEPwxgs_miF+3J<hYR)SZj
zB@gayW458!yoNs}zLN18s-w8&gtvc5H?nJVdzL+yXg-_y3w}_`e(AUx5xTQg=awE{
zGoPxKC;5W@;m<OH@coEhI-gQSR=x6(26x@peoueQTHsqLbYgRO574;|AXG5*VJz|x
zCSxU9qFBpt*1C|Z0BYNZdG-s7H3pVLE?~a$$b-Q*GM5Hcv%`&~X?5BZWUG>Fh8p;N
z4)H*hgMz8Z+D|PJ?!#7sLSb@Kw(1{)OQLGa8INc-XIG=`diT3J{dp51Cb_?fFp&Bg
z+x}o^`!F4&5`yb(S%+7bpBYb1&m+eYQA=-8R9&2nf3)Bwt!ui>-pCSD`E-YJbQ)@0
z_pCpwEVx(H@xQ&E^}<BCUYm8wQfJqh8g0PP#+4uk;3}5lYc=vd^T43{%7lZ$B(7`P
zN@Jt>WMYSlHXCp&nG2vMmB^4&k)?&!XVnJ7wIgP8q<q1ry-sJl)7diVAoLkh(J?)#
zh|JZ3fs6C2?;0q;vX030D#>H@jmmY0H&@r^r(6ci9L=YlJ$VSttj2#@x&g^CEw!~h
zJFj>X$CfNchjY_Im*EWhDZ35k-t_O*SY~V@jEbfs6ec;<T_5J}0#^#^rDF41Hb?++
z#=@QZ!qr{kI(KP!lZkLW__Yi)@nNDExMIe$!KE?=6A$ypsyMVK<O$P$+3gJE_4Oth
zsa8ZvkFB6rZSQF2VE;Ufrpem;r?<$frR3R|%QJT%XsmILMMpt-6O%Kj__-;_W2y1(
zeyRjbyNuLmOnd2wmN(?3iz7IaUAP>8XlIt{p4Y)bV%?h=YeoxT@@^yo+vhM53BF+V
z>!DsnDaDg9>CjvvuQiP4v`}&l-(yqM=`8@+yVj|F2RVYmrE-R}_trwIvnl|i$I_$P
zFY>E^A6Mvb#c=KY46gl8B;0vZOy1h_=?eS_?{{x!$2vLtrT^vRXz)}2?C*pA;o<qs
z+4W}Jqmm)qQ{L#ZA;K#yzFi#!E+?RAE`-<h2%3*hN3$GNC<GHaX!*F1;>)`x@u)EP
zlyMZy3ZNadSV5oj@a-^^uW$laq=4^HXwM<4pw=Uq?}Wh|q5$>19s#@6b*!8GUl#06
zwnnA5!1G=noa`%)M?u|FOW$BqB{CY+G__5ygx5izRv<TU=I|8xyH!`8RB2Oyl^PJQ
z0r5wK^?f7S`M#JHdh3VV_~R#Q56bkFkQ`2Mhg_mXQ+VT?5F*EIagQZU4vZF4`Gb_K
z%vdj_og<=E%7$s3^jxDQr4kaZvGFos<NHM&|J&)-FHD4~2H12R&c+qAx|u%`F?4{e
zNQDp^$iU^CKM}r5wOKH8daNuX4Zf6IRir%*f=CNykVQ#(k1GGy+L8aYdb_*3t@piN
zueE3V$9q;2_kez8X_7BGpJ;5)Dx=TEqTd+XETi8m&N~MKm!B(qALE6}9N9}F-;k9R
zhPf3c#V3$SDsEu2UzD4(Rzysf5E2R}37RoXRE(l~&sG$rWX_D{D&_Wi3wMryL|dxu
z98qxx$KJTqU7L^(cm>ldBjtq&I(K|}EajS1;s6GI(lk0!nWY4hx-2H=DB3XgY@Y)*
zIH64e-^z{U8f!4MImMagNg1uZs)m*ZX~6;|NG)2RgM8b=oyMy8=0)nZ;H_G^OCR-}
zoKG>qqvVZL1`|NO#G9fKZxW70?SXQ7^gJ{c6fT=ytf=ZgqEi)vVBeV#EXJ$4gbmbW
znYf*voSmHBoHnhi>;Coe>G9dMl-HO3+2L{1qM){EeZKkfMg10N4q$Ipci)DzZq|tG
z+e2iltk2~H;eJWCBAa=#s;5R-v`oktRF6@`+7e;8s(YA9NQm7L`fAyep?5nE=9=aO
zt*Ef_26<azY~Oo9_z3=buX~JZ1omYS*mS!wVz4Jmt;W!YjF;A-vX_mG=|O0q=cq9s
zr8+FM8qD(Uyn<mjr66Bpsx_wih_GH7Q{AZ)rus;G_S4fyDj}sB7cB!W`tA+jq9y4W
zE=-h9;G?R;R|)ZvKF0)+tBB|n6lX7WhorDIhR(X+!ce9;pxe#a-_Op!o(-;ly*Os*
z6Q23JF4H8cgrSA=IPzS=spSy|4=`|3yfO}5*wG;5_A(Hu3G}Cf`lnjBaJc-=w{NeE
zh!iIDClETY4^tOycBJeHZ!VMW8;lHi@01=lu>RS`zL)ky2H8+$mG<77%zQyvcU6R&
z7#mW>TvM|G#<%W-m?3nBQ;SiY5yDfe?T1WNRa{h2^8tT4$=by2i|#@%>+Mc=p%*gz
zzA(`|(hi)uR(MyF)!B}Xbv}mX>8jG6Mfx`;DUR=9T@VI_nB!W!w6BrR^fb>_e6yX{
zU#LPd<u>yP7a&v3AKui!pFL?%L-}C5Nn;C34L0B8)%<c}1dR9GK+p*iI-Eq7h&%VS
z(bs(+$~0%ZCMpzpfUOnn#$2H$96Y(a)H)1v6}eiimtL$YbcaHxOexJuYTMGQ&!>?+
zN}5k#L3~KGl1(XBzexo9yBmsA`gRPqCDl#*ujgV{zgG;+exGV6=BZCZm_2WYivw$7
ze^XSpbTzcW9bi}%%{<1-T_Kp>5a_RDP_~l)h6t~mP<CaNxtvg@UL0=peyS;R^BHWn
z!-K-b-vDz;Z@%ihn%L)nu03waw`-{*HW-Q+Rs2)Nu&n@hL2E*z0eZtDDy+$ew)Goh
z3{peee<rj|leDp!c*f(fGp7zSjIxc#lK}Vp+0)Fmt>NrVLC|VA`<38q)zX^reW?N2
zO)GEU=T5aciEGsRDJj*ccNtLc_eCB5+e5tz6Xlwy_mgNh%D5sjJJM6D)2>Wc2$e3X
zN!PG~R5hE4sf&Bkzyc+POKojdi?k202|LdVrqR}WwF{Qow=1Kzspj7o>+yY(Wsoxj
z8_5g}1vKEYrf){$AZM6)X=Fu?N<)Yx!3_%&#0E^SF8n^LeZqLJ)BU3i)<Y7WcL}>z
z1IjH}R9SHczY+SAHrg_2`3t<fB7$Ch8=oZa(3IUEqo~}zSrPFqHI*wM54%^}%E_C)
zJ&`bOX#+8<vR+FCoBC~N*AxvjhG*jHT&P2;3Nect&cSwFkCt2-v^$6bHl#RMYP>pA
zA*S8QagZ%ukpJH@6Nfd?<(;L^xW%Il^Qwu;Nbv`Dx4sWL-`%pVaG0VhK}Ti{+OmPX
z(FP(!7=okHwM={J&D8qf;er!q5IJb(r{_jBrBJ>a#m+;qSrd<h<4vT#r=V>9Wux0^
z?nvh<^B?OkT}()Fw4gdD_SyOM$>)~5nt)?}6~l25+$H;2Jy%-oAQn?+F}M>8nm2ym
zvl=uf(BOV<2)I`x)o%!?e*5ZLPVDiQbWb$|deUKgBaiGoj0U5F(GAwwgRud<<kM-=
zXd?KE?tJD`Rn!%}Ctdr(3ccu#hF-&@ZFrK&b4=dWiiGs@vFFq~onIe`1`RkfG{8Cr
z@IqLQ?fdXy@Hp#)Znd6;!9Db~Xg$a(2{>k-=F3^~$7p%dwZTP5qCQu&lp0~Yr<(6K
z1QMwvfZcasRsx)-E{LWKN?REeRcAJ^E~|lTXGkMeZF-9V+nLm{S%{m#3{V$FpdsBB
z#(9Dz(o1qMH+Tk!_6CHHY-9qMvTJ2xJG>P!Vv^=zR6;DfhFE+NGCvj(C7In$g};(c
zT^RtoKlFSr29l9<y-@CX2(;hlI$V@(l*onw_e@QfD#j5SGt)N3S{Dmoe<-}%Z4K>6
zMru>lV5Jm5jfo{YoShqN^M9?O{IAt>9H;f(b={UQ{!^G%a{c(l2@(DBxPSDkdLG|P
ze$vU=pnq|p9^;0?0RR^2U4UhwM)-v?7hi0vXGb!k2&HE0xB7fe|1v7_zHg;ht3}v9
zQAoE`VOnq{mT$DQ28ytt!+WzWYIkJ6-y7}sT6^!h?^?aR{hiiucjUBooDciEqy2q*
zWbbFC?ExqmJ7W>)P?4=gL!J~6+&=YQxqGy@n+Nfc5l*X{wv0+9W6KHmNIZCvt$igh
zS&@)wpqosxb}26O5n!7wt28kgph-)0k1Opn6<Z3pWw+*Y&*h%KEW-p!+OI!Tp?F0#
zTJF<|`Z!<*sDwMmE$h!o*58Kgw64ZuFLX2Bl%sQF9Sc;rcq}y8L#x~Jy*t6Gxj(eu
z4c~V=tq-p4wz^%n+j`#__FA2e)9H=e-fqWvzofM4o%kbqRS~^XTTntNSCsYltFH1_
z94x$cT3MhVFGVX-SbY$Bw;m+uslXtu*2$dhjQPbx3*u~RCw&04SIvq6CXB$y%2Yln
zAf}*1t|rPH#RJqcd6sH(4W`)iU6m*Tn~4a^Ph_EaJ)WAU-T6Rg!^4Y@ZZ5u@9Lnf>
zfS?il^W^-DW-6{cKD-|DNEo+Ae1ngK1Cx^flZ$oLWdJB}gmC@k61;LCN&VG?`gIhE
z3Xq8&5&ciV7aES56l<|ygw}IKzOT(>)4<|EgE+8)3V$5h9%KHOpg(H<0V)~Uk?gyN
zcnYu$HPPQkRX5e<ZkP^8ITHi|X$2dik(*Boc)z`qh7x|TC$o=MAJ2q!F3MvH?61WX
z$VCWKJORE99}|wrD$S@INnj^M642nDQ6V*^lc<n1Q?F@S=f50Z4!)e6o?LGT2wQUo
z-XLe7GTK{C(0FYM0g_Ht3}av|D~|1vaqT&awUb5K+t&3MYhuzjIQU5q5Q7MN!bTr<
zX@dwb9ZAJHGHMP+VyX7Miia?Rjv62%)ZOr}!a+#jVPGSOPzIem{#~<F?voxHHHQh)
zM=#PpCfatdhyTkkb>xMF0%~SSYNr5drWsbN{V)A5$CuYQBox7~tfr1VUkzgdIZ?Pv
z4{i!FR!JVib(WhjwuxB17P%ph$N<U%Ng6cSDWnyX8wIge0&X@~3d~B#k`<`&Ku<O>
z1+42#?9xBDJI;<feBau!drqr2+8MR%?r^Ww9l<Z&i4UW0=T!?qg|ZwH6#rICVHO;$
zD)Xdn>9T+U(r2@$8IFcQMXZFtdb$C@ky-3rJN721YX%sM3aA>2QU5+dvx_Tc^6DZ{
zQEFtQ(PtL=ixLsvFy&#tQ#>ZKg7WaUtMjv!yoYscPKxWWly@k8!|`eV<jb0r2GquT
zPdoslW{KVa#D-?}N`Lynk3Ry6dEaaGahw-;ph!>QUg^Cu05oX${8gP(fx2Oo({&LY
zM31ON*BF+K6Fehh_-mNIfihEXZK{%!a0hm*b)h2CT|(|tc(Q@tOCQD(hbCJN=k<+B
z5_bx!R_pywp!XjWrLR?cg=+8Cs{KN$J<ZZ2)>dmW>!94I+dL<}G4W{k+<Xdq$DJS)
zTTiL|VXgLAwMV({<sqY;Rf?XwzC20yD<Z$_JcK`{-I-v>Qc4aOA@-Nx=Rc|7N40|I
zD)_rv!HcupN|#|e!b0jGw75N~$;Y)O=W6nY*VW`wROL%eLb*&ef~?MOQQ`B0bt;`_
z2r2p?p)v4a-JlX^E17SUtaELvdu-JDQw-lsjHP~^@0^+zUg)jV*YByXpV<a)=-j_y
zO-?T%foaYztN=TJ2`aX8Cw-|S{}_YQW`{#hIzk|-AW#M2_-zovsOaGWO$4u)m``E6
z%I(zqEd^+NOyd^{JoDIKZS1|MsW4AaVGKRbS^V$?$Wj;mUqQ2**2T%$;LG{p-;a-)
z*5}Lq&C%fVm;PT(G<*pvuh1q4rpN5&(_>V@jnF`-y0yRdFV9ZS{@OmgJh?tO?0?ye
z8&&gQ-ZBs7&8TTP847C?UQz@CgYc3*pVd4UX0qV83`K9UW}zoTg4mc7Y)sL>Ri=vU
zm{42z7f5&+3feJtD?=yY*36a-WVQ&~85<iQS()x>F$XnjOjW<O=DjSFT_8hs;y-ti
zO3h3uKQpBgc>g2QF_>^tb4qGX$sZF~Z_E10jzk94R6_;S6xIW?I$~yEiWfi=5Ault
z!kMG7$G6Z#fSErBno7993OYN4O)=udvQWB3Da+N<L=5ubDVE1m<>Wq<lMAmQ7baG-
zhTL7QA*(sKr3SG}pp$9M<Lq%wwneRc#Hgs1??sePl`PgIJ=EH_g6U9e-!rsNAxN1C
zQcxgan0GyfLamLfX$dq7woDv^l53v>bw9`U717`!3}A?^OgYx28Pw{ynp^NP>R5^*
zXsL+=>4Ifs5qX_MOxib+xcpEg+bkN&jcxr==0HE;3M_pcE(3w3moMTQw}szC4+l#2
zYNYfgj|N~hpbDZAx}?Oa8&;|Ky7dTMfLQ|G6h1wT{p&C9+e3j{y{zG4W=9Gvkbkoa
zw7QSlr0`#9{y7_>)HMs>2^N4>h8zw+=8~xkRv~2nc;~p)=^?H!|9N1232wcq^&kK1
ze_JP0dC8%&DR1I5vgxeg0mYa%er?ZY!VYmT4X&y*9*ZoPLcJMxsbu)S*by5dw~|5s
zwI-Jn>P2~bIK(1v3Ayy>$xbX88?-z=I5&Mn3d;>e9D0K0kKTJW!pPDNd()+tjOD=v
z#%|Z_FbpCHhOo~ebjN}3%5NiNv?$*m_G<+r%bQGuyQD<-UgR+r#5<~IK^WWq>J1$&
z9QPq__J)KPB_<BY3l37pO)JT{$>1P>tp}-d0vJvz7p$JvKqtl2=7@{O?7+$mwkZRl
z2DGUz{ZRPg-k!#mi}MHV>Fo=idrcyE`86H##BPB!1koYx;XuR0P&no{lrKm#g-sBU
z4|8e+PybO~>`w2$h;K52^~JUmOsuvwv7<XkN@A=_KpOH8gf7)4kfZ=~rD!fv5Il0I
zWbz_kg82(*6MUCSAjUEmy*9RVgOH;6NahC~vbpq9Za4*x7I@fJG=ZV@GnoyI0c~!;
zMC<!Nin7<)ks0XK&F9Z2hbO?^{d{wFbX6I$0!R|fBNTPOTu!aNv{uq<;*5rroOWeu
zaCtO1IqM%@pZs!M4H5OWtV16a3*rxm6GSo+K)Ug95Gq#TPtqkoLxN%z-N_&X*@HgD
znyLQbXg-X9<bm(&`x`UXs94@XVOnqq#v@r)FOR)Vhf37Ki8MK%R#<rK>{(&u3*Mz(
zq&#QwoXeC^G%)T8c(TlW0SVqyE+(UHSadk>rbTUVD2)z29d4p-rcBg<vQYqXn6k%7
zCv)tWH{L=mXz%W9@AiON1<q4`($t=)_DxIx4ujE12<vJb%#xKe{9L{C25L*E$Crmc
zcXxJsd-{2fGl2Pn{G`42dgE>Cix>@~7dP@f`d7#5X>O8z@H1q7uN{4Mmr7w6PGM^E
zTzZ8mb|B;dOHRjB1CFWCs7cMjv#W?8@%}v{+k5Wy1DS#e96&aRFk~FK_QLvA{?|G^
zZ5<&xF7HL~)H9&k{HfanD(L|Ky|Y(YPqT{Ok)!U>fBWy$3qnOA2<dR|CT+&%ssPBd
z$-jbsSH+B6NzHY}S#haKM#gA3<le!mkmP%b{ymHZj>NEOsTF)l>BFJ=hG}#~#A(bG
z(qb?ROeB)VaFG%1mZ7<0TqQx^>iWK!3ZyHXd_|<+K+L#>n6Wb!4v~hXvPMoY6Efp_
zrm44YZTVstauGoLQ93Og3)>Z;IfOwk&H;p)2S<(OzSY1Dzcfz~yXFD5-;hdhso4|H
ziJJ2_fTV9>b15Qf8sQL-C7x9ke&Pec&|<+4cn?z1s3r(gI1|%>*g}*6HgHwRN`}OI
zng&@IFR^_XwE)u_EUk{Hqd+FfDySxxY>1X_J{@9jyNeclZ+nM=k;wY+AOG|JbUSOY
z9oRBOJSiSjCVC7_s~FQ^FJU@d08Ercg!Kj|+_^4)`Be<B0_RS|7O<w$ppv{Wn{g>>
zUc(#WHB?A%%ZWQ{76ZC$eAf)z43$gt)lFWFO2>nkRX{v}+*2`5Z52}?6t>^OsoXdJ
zz~n4Jz9VZANE07~I1ULg9%y$=F%eFWk4|n*k&D0sy(8l@9fCoSxQTk?1Ys!r7w&zp
zDqZ1xCZ<wP3~>k3Df@f|c#UBgx%$y0-b)U_0q8H6;PFgOgA5|+94U#n<E)Z~!V&Uw
zT&0w>4`x%4s+ys&#8AM~2cpXm(g?k%JO#pls^kD&mB4zD<esJhK{d<dcjOTbQblo%
zpM&MCgw%F<y2jWJrvQ9M^BK_Gq`>44>@*T%hIAGA$U(ae&I)|hwhcOq@^XR+=$+a;
z#rn$SM9Z7v%q!L7Uya=_z0^Pn<#UCaZL<v8d1~E~)Z!tP7}55d)*UzpR>N@MxYYqI
zJ%Or3Ys|bYg0k!r_zYe!@qf$2h24^X#tCr&oxWl$?3s*(WvGZR;xc6ay5-`+gm@f5
zV~H1y9|_RbGim7!-o`rwGW?5-TCl&c8p%fy7wi1u`0RBzbQdS`tJn@>WYmkPeB(B>
zZ-p)mVIwDyNJqH?X8Mi1Z`f@%b%O`RzTEBb@{DN9JOUm>$4(0NjG^!L7i{O?lhx`m
zwtR&+pYj-xS7e>M+kXGy5z@&uyuyngA)H+H&#q3cJDu(dvPrMo?fzl1$=55&&B2!D
zl1*M6YA;Y#$U|hJ22JZiEm8=4A|;QZuxSfNMps2x0jyo0i^RsMG}|=$X`dm@l`rfF
zDtOusS#}sovlMZqiO}|n$nazet8C*WD9!N+#MMRaf+8zuc0yWFb14ceWCL^uo-~sC
zN8ao5?TZxjND5Cn-KOGUB5#3Z1E?grPm`DsNo$=o1PvKv%F{y7lKLA0$C-ypb#<bG
zb^?o-4ff3NgN%VDGu$}rim)nS(4ikhB4ZVjs4-<jWAcY8#XkIUesz3=-Z+@+;w|>i
zZ^~5KQd0_+Yw>GWHF%k~ZN~o%4DM;|GEHEJl1LM$FEEf`&_(E;7+HPeG0wtPla{rt
zh@KN1Lbw^W!HWBg)Ph6lkf!t5L4IBY#hW3-*8vn49C$7yHdBbEBZA`P@9wZW(kLO-
zY=S?VO(0Lp>d$7rnyJv2{?P*n3F5b*Og}{&@f?NSwTK1F*WqB@`v7p$mpnY9V&sGU
zgnaNh6yi7T%L4pX5puG)uF6T5db7v?!0QJ@cHfK(RWlLZ5EG%QN?cBS*`Ot;-p(Xq
zgn;pL82l!ryN1QyQ5p&+W*GdF;tF^N8JfZSxq2j%E7E-=#<{8K2P*g1tObQ(AQKVl
zMbIKQ<CRShW6u}dybsaI2*2P{vlEv7v>&ahxV7VqgV~S>qr`*-zTRoTQ&sa+Q!$^v
ziV2vZpe#X}q+oIrJYM2$jt*P44?OB4rD`|`YEwX|igFYZVgi)hxxP-Y6jlXR(-SIz
z`0{)M6wp}DFJS=I=+2)<igK_-S@69nv>PLF2vWJKauE`?OB;w&p;oH>mh0Vmu`)P=
zAf91;@S=Zx_%lKsAhW3bFBbjp?bmM_EtGPQKU{;EE>U2OY|lqdMg-<O^oH|T-DHj=
zcz^_S3-mfWHBn%V6YuW#N`mvPAPVen1W}-1AwFS3o{Nw++1NASNViJ?lA*ApRO9=I
z!m<R8Y??NXpNK8^`+AKySj_Y5i>(s0$rpBXW}ooRI&<K~!(ipPP}jWj+VHyh40^U<
zsBT5%+2<I)5bD6*HXj!`d&LdltwOb$GfbQ}(R+7!qIW9ks<xbPZ+dQtqoH||dix{v
zYP(or=ad+0D}u7(SDu<tm>?Th7zVNrvPmxM`AO=kCfc=WX(<IVy4h{8#!tAp`qHo5
zDxm?xC7)(Wx+1c=6fk(<*<MQx7$gUzXop?thqjiPP8Q5<#5I3h-*V@eIHjvwOU>5b
zGl8!ZRm@TY`B=xq6@b*_9v!e{%J0i(Bh`F70Bo88AHertv6xLyY3hnPbmFCIpsCM<
z^QQT7v?pP?_?hR4Ojy26Ik^0DVQ!%dJ^!2^s6STb=Z{_bEgFMsOe;)PY&pi`Nfyez
z4HwT18A_q0n~UbF*#P_7J63}Zc#D@HbgdsPb96w1(3B|=o%vZG)`Ixa{J^W>tho#+
zgG8?O<mqVB)XR#Y`R@`m|589d6agZB5XJIV2EG(ogD=ch3LcGwOqx#4@ORqc|Mcbj
z@bAY*n{kn96#osO_*GNha)Pbtp#mYE2}KV}2crOd1;Ofl2pVpO1Cj^ThIfziAbs=H
z$gpSU3=p`h_bM|tQGShx`V!aJa6lh?F5?_m0OSt~*fu0mC^0I}*EKo)D5V?#2qx4B
z$Va9y;5%KJ$e{G{37{wNmM|xX8bv{evI`P|8SFaO!vk`$d)BH=0fQ<J&;x+FjLg@F
zysGV^J?8w!_Cpzg;;xsU_&&+__>joYuU_*j5`#Ay)-z-dg}X;mfuLZIxH~k6Y1C2v
zrmaRKs*WA7HhSbu6=c}U;W6BbDcDz}TwPxETj%}b3n>*RT;QU|d)QHk5`&C>CS~4m
z1Df6ks|semJcd|&ixt_v2ISXJfbRZYu~_m`fc(3S0OU&|#4OH0adZm;r0<&64e_qo
zE&N4(kgEUrb`%eAS?WN#4SvE-XJ^0F>9soD>+Z!|byQW)_P=z9goJd5beD9Bw1A|f
zAkC$b?k?$&QV@`C5WJ+cba!`m!|$SBzasDZ-g>{k-mG=*nssM?_SrLg&&=Ml&pF*f
zS!6dS+EP$*81@o9zSG>Q1R0XWr``culm+&LZ323y<68;MCXNMA=01AlWTT%&4Adm{
zDipN1m;60%DEack79M8c@3XDCG|MP$>9;-#r(~_Eq#?CU!2Pa6vfC_EYn3ophW`}S
zCzSmgB~ioNm99Ptq{esH@j%W;laU)cq5y^7WgBf{_CcRn@bhhha(y05dh*)W39-c$
z`kkGyDf%jT$yjv=%+wa|Ea-fB^wX{?mYm4SG>Xw?y^KE+$1&YRxYQMY9x7j^7rG?L
z%XGq!Q!=O(&w+-{6(NmxI_U^KZvG+<Ded?H@@26lYrUr$T)GDutw~;?2^*ym^ZV;1
z?nk>J*Ubnc-$*-?6<6p(vI1<!1PKJEu>hTT2B|9EH;jPm_c$JY-}b^*d!vvc_|I^x
zs06Q75R9%>LyDAWHSICia?jf&+_OQn=#ocRthG%iQV9bIpj{}9YYNGe-3P+u5Q9Lo
z8O1f2wkR$sn5Qkx5A0Qj-d>}><)?1Awhw>5SHsiey&kGSK6ZrfnuE=BGY!4$D8khN
zD^5#h8ORCe0|Uc4+g+wRyR1X*^F5bv*AF#9m7W+HX#CZm?dZLgh)LSD48+lp^0M`O
zai{solOg>P<YwP*=bcE7L{7CRGk)D!)UFO}C{gADx^&ve^@8xLj@c+x2u+Hlq}!j#
z?DaW3Y?k%hi*et}?fXfz)S~kwz~pgny=URc8ARpNR+?x$xBQ63MUVC-{>@YHd*@Zl
z_`Zh$lv-o6{r$o@vHkT*{lT6{3ym78=xKC<lFwivI~?pbT#T6;a1-3O+pZ-g0Fgp5
zn+bl4%gc)r`3${y{L<c#qJAGx5sEg|9}+`N!R-%$WP6_S)DgPy*KzYW4Ux)!W^!0r
z6MLt=x_`0^aVZ<fMLcYOxdv2OF;o^IgklJY*7G}@!X$IvZpGqNZQ3(k6?bs2!<X2n
z;kv#OuitA%+(XgKG9*2GJF$wW{&1lq=ED%ENbxN$urQXm47yihBmQY0|M%1bTo+UB
z1{QUPw#yLPlnAQgk(MY)8kQK3A<1${;kAsi*Z~@DnXjKY6Xal7orN-k=B&<cXuFgR
z7<3m{9o_I9&HW#gFHL0^!>~rehm!ZoTd)k^d4=6DKi+S~Z`a0mE%1gzB;?QVg0qPL
zO+P3|6xGuzf~q225*{RRmp~~81j#S3i0VHl896<EFgt;2nw8VN7Iuu0&!Xt+M>8)(
z32)+63glOR@rq@V34yv*lD#}|T)6Bqz(yB&*#9;W%2MtG-^g>uNBpiejMMGa6?KLb
zD^CdYKH8q)rx*?R7^)NHIvRFy?G2`BySIt`Be27-_*`BanQ+>bhvJ#;E_h5;Qjb@k
zrJdGn6@Xt&RBVUv>Yzz;0Tmyq9ff(19>Z~YosLy&G2>r}c%`R~JJgG*k*ASyBOK9=
zzl9hUbn53mM51zQO3LCWbJY;1fugpM(;AZz@;1e|+Dcm;QeLu#%)}K*9d#HyERcN-
zV|ne(_uymrc{Xv!hk=i9kz^W)tMPmlLunUuNZWiWDd+m6uTWU%Rn=I^l6hu*5HT_K
z@j9~F>r9d>P9Fx6Nrn_^clpa7$&`^lR>&HQkgzh^E8G0Q2hxD~LS^Mg8jz!k6_6$v
zXX)wp`J?{XJTLg^n2;>k5mU=6YRhCef1UcgJp5UP)I0+Gx**k(9XOQz$Ufj{i@XeR
zp(PAcm>c(8uK<BN_svr-K5iav5O+Q-a;S$}3*AGcz4!HQA}8HVrRs<ZWM~_%EitGX
zD4ElJ@0=!W{I&Q<#6k_Wp{0)Madd`9gq3+*U|wzpC&HSp6XiGMcJ}0(R&DmWl4S13
z^omnI^o*Z&)@2e~=@0NJA~k~X!3Jn4I*b%*x45W8SLDI1xR1hf)iIH9bTc1Ep)tqP
zn#IivpQB^nxUjrfI^Ef!dkM$%P^Wg6*T-IHD{vOuZpTI}Yyq*_J~jST=k_sAEb5bI
zU1Y<3QdD*9nZ)?huQXFrbGYGgc6_%w7f01sOKwveO}^QD1kV?k*O79ei==c7O&b|%
zC}zzt=mRj($D%Uwu>3KeopTJ4s=ZkH9H4`HgDl3xp!+c{nlhTw&Ri|-Bm1Lb)?pab
zr3}2)&NC{liS9SpL8O4o7D8!$6;>gBbzX-cc(`h4am@@1y&hvs+a#nE7XvL}s|G60
z_ackdfD1YAUUuonkMpn;!cY{oB9Y`0pYG@NzN}>CO!0-_GH#PCvewO{c$E^O(?Yg6
zVLuD+l8QUQUPFR&Mol)8+nFmP#4Hv1r4Y~4pzp0u17lpT&rS|&fd!h1SRZ^&#wcFc
zhcp-IlaRt}9?|{hwZRvY-p&x*<?p;)ushw|G9DJ{Jiuoz7hx<aN&y|Z=`bv#jV!+O
ztd(g#Q&JLX{OsJNjix+9vD;a}0Dkun4c?XsQDZ0HH(y(yq!ij;=t1l9gX_swTVA=k
zT$pkP9z>H7vN#kvb`dJY&PG2>yAO)&bV+NStPD>sSc#@XOqE5pfUqWo)iiPFJVWw4
zSS5~=JaUJ_n7caFC0@vE+%#Wk+j#9Pm3(@Tqx{!%%dRD^Y|-3<jVO!IVP6bFqV}^;
zLe2#3MiAOV_OE%rRdy71slc6ozx9pRvUNc~U$$(}jA_z`z4Fu|sSPj}?&z(~SS;AW
zV;%Wyb>#gcnK*3li@h>?IH3bj3~>u%`7Y@ZYK%LuUg61`ZO=+*ND6M$OQ@Z=#O;?s
z=Y;M26f&;U7|_|U7p6rw&x=yU8Tb>4l=D~INHb#kAonxdiC>kXmhwWTGU=7koH)I4
z?ijTMeghfOwu~{s&p(MJEx}GH6QAbvAgD|nA8!cbTx9EtfocT87^k{Z5Jln0Qy^zO
z>%@H&MyzI(ATy5IGE0K5KbL0#CqacyqPMABblv}w)~7t(gIp!YHE6Gdnxj@V`o>k)
zci2w;+QN`b{<_g88&;F{A_k<|-^lmCw!6lW5uRLSQ3-W3+-7sqrj;D&)5fWj_0_>y
zmz`FLGGs4^3CB>#!Ja(fyRM_o4y%F(CrQ=;J0!kY{wLisUK1@brf9w<FZH%grnzNI
zcI78K)tqSkjB;L<5!oNlmg}ttH{fTZB!ElKmSNfvB2^d>EC{2Gm(R9@Z#JJ8pdjxW
z%VLD78zdfSBQ6waLyF6;K^G%?sPW>ZGZnKxa<T7pntV@|ilZJLVHSAYhtMdWSXtIe
z>D@L))+{rPVa}qhHjbn)Gp_H_kUHBh^<sdYUF4&H=Asv$YQ5(CG~U4;UPjgGy7|-M
zMV;%=O16ClSlIA>V60;15>EDWvN?=pnA7T%9@c&1oE*Z8>`JtPH|peZw$#M^=i(1p
zoH#7S35y($@}Dd&vyx8(9r8<i;_|x*308f@TQL~*fb?3T+9{iommwG6FHxC42}SZh
z&?$SSh8l5cVg`Or#Vsn*5%2;+Na)&`?gn&{a!ubPw5FCJ=*5I=&Pb`-Z6Rl_F9*$f
zHc80GerVBZwZFg=u%HupiKHjz_L1>yO#rm<)t~5@5GtO)bocAa;&lFPGkyqLB6n-3
zmBJ5j+rpHm^Nqm-XTA<6JT95*a;8lxmXA+ShORDBZv^C}pr8=}002C|-z53f3fSdS
zg8~4UF#rG*@V^c~Ykfu=TSqek8-};$W=pE(is?+K*R)78F~Zt|VMA*#d7dsza;J2=
z%8ESUCYg)W*}6KHBL1LSKa9n<vK`g6y|16@YV}yQCv~CCNjT)Sq<Dq%XfeGg@ey-E
z_@@8GT0^n96+{3Esbp`P7O6#QYBGc0D>|}o`Pj&XD?Tht!5Q{*$9cXJmGps<r%Zli
zJQ$=nPm%pef*=Gk5J(kp<guVg!p*k7dGKYnLu6P%LZ{5Z2Y*_ydkO{BR3Y?1$b+Oh
zjVTljZR`M9BtkU9$DeBs*1Y)PxEG6nE(U400r~us)?f%qn2?EFKr=Q=hcPiS1<uwB
zSPCKsp0PqMb%?_m*jXF^rdw*`0}KzgN3RIR=m(y;c3ewSqfM$KLHJ{bZ!$LtYSm#2
zYds~dZ;pR0|H$`s;{#`^&SN088)RSGv6DE<9HT*4?Wmdq6}9Y_p~M|Eisw&?rS%ag
zJUqFfo@e8?D~(*Y)wYrf<5)rJ>2G&^O5kCwkGKiN?ox@7+Ts!F`6zpBnn*E8EoLTG
zDv;g(-GCx7!FfWVN?6b?Mnm@lX6ytdx&&EA(B&(_quRp}*0G};44bhO43K!xG@Rn0
zNy%z?M6(51^LEV(+bmFU`a<%#)#D&=D~N-7e$#_$(vc#|Sz(P+Va;7oXnXB4t?#S>
zE_%G6+x>A!q+_!ky+z-ST3F0bPXYK#Sqv5rx~h95P4freyJ(+{Zo(o_;9~@Uq^kyt
z;iFnjS{}$uZ8^nbG2|4d;$@!3>UJy&8<@$-mihUNJ`)fYB_vmVO=5fQy)BB8IS4-_
z8QnA01yN}D^pg@QO)mi=YShIWyE3@(Mm^u>8iU+Hdzi<rq8y^a1<iW+bB<Pcat63u
z`dnxihkm;5jJaPEs^rIInlnur+d7NTagMJR-mT_8fsntdiwM>yW~I&*?u$?%V>bzE
z(#+9<5TwaQ4s-ijqT!gF7%^m=o`Sf(@dEtNZ%L7I-&l20BIJ~MG05;OL*R{5<%h{x
zZ8MH8P{jz+7H6e8!lA%MnceaR$<Vp-d0tX=&(It9qlbl`m2Ex0%L^tH#C=c66vpi8
zQdE*Y8ZR;4vk`Kn&Mk<IV+S&~vbT?#Lb!%A!WP<p4y*|~moq{oCd~=v*JzvB_iehI
zH*^R5nuUNLvk*M-{w@gMnm+Kgyfx6$hVd8K&&f(<{m7F80s!!a1OU+PlD!668{AIU
zPmz5Vjl>v!+MniXKa~ZKNd&i7yk(D~7%&?n@Jx@yl=M(@z39t%neI^IbF<LtE~_Eq
zQ2o4O_N$3Zs6=c!bcoR>mJM9`$EAm86#SNCjsv*aeT2M;C6cN%>To*+<+EOpsiNU~
zN~5^u!bKRb89CCv^pNW6Rhc9&lMqhfYB0E+;#x+mpy!cTwnMdon99@92x1gMBri4+
zg@|GNVA<klncLy{OCgeu9f*+HVLrbc)u;+iX^fb5WcSh>G0@~rD;8+bKBx@W9aKti
zQ-nm#%}8s6K*@hC6@^<Mq<lJGqOH^98s92Yh|#uk1>^AksLDHkz3vei6f<G&LN6R=
z8+q&}|32Av!?XSBcoOBsX7Vng{&`~|N%h6(XtkudnnL>}E~%s9Z*_T82zZIwH(Z-2
ze-82r`4U$=SPAOP5P(PELH@BKTG*NE8CV-z7~YQZR`Qeu=@_Q3cC&DY0cZI}UEW?u
zWC-Q@6L*EDC>~a0;tyeHm{MvxT^X!7zl81^IYwff7S^z8y)G@QG&0ug^UJY8CR$E^
zoMcdYw%yu%sXuYNF;>EZH#VVf+iyRx)SOrI6z^*53I({{*Y3o+#z1*sFp?6=U$N2W
zFym(9JU&I&J>kZ+sn5*k>M%rq(SGK_H9Nc?r9mrep%NP|>(^Ivw6<m9#8EwMrku5~
z=j1fSK)F#FJXWS%5Eu8pa$rgC>({SIG821SC3V<YffN_+`R7YznuY${ZaixhQAbUd
z!8b(aUrcJ|S~?Bt;?4YsE^_zu`rWJ4Kse&sG90A`V=fhETp`KPC{1)d;+(DyP6FTF
zx58}6a)UH_ubP{1uB4VhJWCf#hj04q-(Q6+)Fz{ts@iXCjIFO(;6EL=TsUeX*080j
z2tFGS(cwP9cA1g0@DI*{&@Q<Qu8G1rsEJuXqjzi|E5V!J3yGtfJK!c#E{XqMofU{8
ze1PzZR*O^cd<l?CyWMc6S@%_qFO*|J+<C<HExzeVhI_N>3Cez!gLxPIa^XnSOP+CR
zL+je<!>F}oInLmy9ycck=4{ilfo|g&<cf6%mFcmyk+}C2H!?G_{7IpaS5Jc9pS?Nu
zx1Z>qaer0bBskITqB_@l;AX$qI%R$^WuCsbJ$h!(kI#h1U~jlXHHswHH23AJxr5?%
z*jUdAQ^-^@XWO2C^FquD=YeC5BmSQ2#lnKj&DDqiQQ^(i;oP{Rv!nazI^)&0-moT8
z<yHYd-pe%$imZ{SZ4<_|JZbyZupJb_oz`>fz2(wV_pkPQu`6(S{B~+rayM>U>x#4}
zs;>6rbzH`pL`CP95^gqr&4fkg^We(<<~u`kNAfyuG3&O{il?zdD*n8t8)Ry(33Z!l
zJlC6;dylml1_}?B_IGZqoW8hF)Na1r(<~bp(_^_&bE_+<Y;9nCED)qk;)YSDaQVb7
z=Jds-$zJ*?`~0)LQc(c6$Fobfff0z^0Q9yI2zeYI=xkJBNF_uP2pYe4fEW=84@6RO
zK?=0}P$LSoM`@Ap2=dRtG~{5KM_`&jFpa2$hvW~M+vYD>BLA`d7koQR`5*DW+JCX<
z6Zx-hd-j+o`VTqo^Z856#hF^g|K`4y0Mq~KzHmh^{yTQ`FEDfwXo8ENF~wEAB+2N6
zn$cp@_Ti=EJ$)#$MH?R}k%OC~-a#MPZLkR$Jc><YL6DM90Jlkl+bD0_ilAejt9o^i
z(}9~K(`w%)Q~q<?9jNf5L6xF`JGeV-ciBpKowL{{{^wiXLZ8cPcgmvwt2p=Ak|3-<
z7&rb))O&5edg2zLQ%N;4g^uS6aWvKZ*g+3_sb`{ssHiMe@a@;m)X8Jp;nUKAV*v*N
zR>$+p#m^UuV+T=&+fge$aw#=(TD$^|bNr5Hmy4e+7KaX^RJNl=dgQcf<fg$53;bUw
z>RAGB4kfIwV_DO<4^EOG`V#8akg~fkH4O#rmw`M`)vWF_IH)OScs(Bb-)9_QGYqeX
zr96)m+&4beI~mvCZ1uWtU*^X_ZhX4)|L3|R1s%}fj1zT{);bV`p~`qvsfCyqcdo$*
zHQWg%huAQ<9`5uwD)EpG7S69bV$lJ8pK-z|(pm<BkW?8DDz#wq;?Dl0_B^t7-&m@5
z`cijftpl2zapEr0BHYy?bYkuKQQroF@KqU4Dz%XF;x058;f6b}^5dX3mad0sJ&q9F
zH!$m+eCv)7bwG_XPB2AUb3hQJY9ah75|nGe&-!kq7DS%PsYW4SnD#PX1+ak$hI$@J
zx^IB9zMtxjBy~XjGfosmT5CYiBh|vgN-cyu6<8PhVE(V*?t$y)8imlqv{(5mkQ*`A
z!?_+uH0~QO>z!iij%aj19WzdtMOsTh5Ta_~ex(*np30d<A>?o_<Z)h_4DFxfCOV+;
z87KB4tt}u3SGDlCQtM%!%7sQD>~JoaJJiMynB4Qo#C>C^-pQ_Bi?2)#JOn?<VO0zF
zDz%{UM!@}m7&g7k9|3HzUk{sl9O1feu-7|<)*a#MfLdmp9u{dW06}1Kgwga64(ex{
z3VsvOP{-6%M(Ng%iWIqpG-9GWKphC<c}dWl%Cf!oOXNCr)?OTRR1iF|=w$}n2&1J*
zX)>M9>kF2k%{62pkLjt57OWrX2&<058=KX4h<hOD8k2o2hcLxM13gro3^1~&Ul$j3
zfQscL9mgxGMeCdKfC&qLh0C*qw&g;K;i5}x*3E9wh2TRL5kr1pWR0C;ttuGTB%ja(
zIganQj*r#5!lblX<RR|=LDC<__9;@#Q@XSv-Rxmq2oSPJGZ<ozonx;mSlJ~11q>nZ
zTPMKk-C<JNE%Na5{}2R*@FK<V(xolwW-o*9f+8Y@^1#RmJI6^?aHL6o3=ARkTPMWo
zJz-KhE%Ipb|Ih)3@FT_W)1@8hW*>v^f+ErkhPYwpxTy-BG|8WVAw+)bL|DByOiF-a
z57>YYhygIRf=DrfbZIbp*|2&Le5fK~s1J<1uyedr1s{Kt$N2_1PVBc%jMWRrtOQ@|
zAs+BS5)2VWiV>zu!_>>h(t`k@iZp{Ee%LvFs)C%~<hj8R62Em4tX>pmCDdXMzkm-x
zV2CJEjOh1t3Tp?)6BXIIE23Y1+`szNuwXw<+uFeFzC%rv9vQm~ZtDg+)DQlqVYsEt
zkL;0zVn+4XruYuxnNSwZFlJO(mC4{2lz8Ld-9<#Hm=6R#2~u7k7YR?eT<+u)!O9gG
z{j4%SuQ<qLt}c&ZZq0v;n^L*aPLLNHOf`=4IgsV_m6Ca&SQByN4q7n5llcA&>EdbI
zK<@~rMZ(fz#!RZD@-6y(IoKqYp%&xW(Dz>BwT9I`$<^H&P7?M+PdXB)+$d<qEag7V
z(HD!Hs9Dfp?SAdrw0>Vl)hwu&gyzk`EW<KlfhD)3kzLI@Y|TyC;<G&R3WdPuBN=Cb
zzBM6h^_R?usmIUfQZWfwwI$!~GspcsWIyAJw6L&GiQxDG{4opwI(RrVM1U5y1{Sv3
zN{*HWHk!A-Z@F@(Y!egeWy}+m!758Z`0}Ot1$g{fs8`NWxO#;KK*USFjYATcM1{03
z27IhM=sV&ai|bRvV~>Q{Rx{6xnY&pn5zDQH*xcQ!@iZ4zO4|qg{o|R3nvH9T_v3^`
z%K@~nJqhv2C}3#=JLM4=hjQ}-lR{fpgg=m3vV9yROO>%mi<XfYJ6h*0Pg!oEtaW&q
zGF5x9M<biltkoRsUyuQQ*KnDteeyhvbm#&zhMFfxX-DOofnDRt=!-qILP;lWJc__T
zy|u$Q?vP>DCy;~mR16{EGf3E>aNI7Kndjl{MRcK%p*h8L)RtNt5o2jPRnJ?Y*<U!D
zqkR3)V00SZg9p0>MH3JaH!<9dRoq`S)WzE&c+zhTj9Ar^Qmfl0<|cI=M0J2u)x9a1
zq4R14kZ~NNwrzs*0^uRz5dp0(x<jJE&hd6qe3{%C=KX0XB`d?;vg7Rb$eyVVD9#U1
za6gKY`wv!HX}s-4<&EOQ;aDw7B|zO%obj&|hYL;XrA(u0ge7>3R~3;o(p&k^^ewt@
zSsi4l+%N0@sY+GH3DQWg3KzlGtt$VHC|}#z*aFRORhir^gxJW0>N}SkJvO2AnDmn|
z=lr;s9Z|nAp3xg&O8VntacGp;{k^7E)9N_wpoi&Pln+}=ydc~6XN~%ISAqTyFd~s2
zzR?wa$b)EWZWE5rMCq@f?;+Zhq>vr+h$o#>VOjc12tMe!W6SeBuBX8&6}itO*Ogux
z8mK(qM44-C7|E?XWaKWo`Wj_e=fC;+_~D;jn7>ROj{=K+J3&$Jc0t$D@=y7FHqCP$
zMD&;8S#5o+Mrkj5$i_;7F6Hb@<^^YYb~?9EeuafqEUYJ&y;Pj@2~f7kE33}$H!(*F
zW9Z#Y=aaUCOm|TLq6&If0*3`7IBea`%^_KwOoCk?*`gpW*|5kmkYR)m@}(V90eoLq
z8Zm^?fVG`P-UENrb~Nuydobeaa$%*Yb^i1Ay$&P=wnub>r&B(7`T0ANd;<j9S^#Z-
z9<L2WcgZd=p|)yM?1StSAk@WVxIF|XQKwu13tXYTTg7HnAAogH-(;%kauE5f0_)zm
z9i%3VZcI4jM=EnMHeirzWRj!#iBNYH5WBkx(78o?gL@;HSs&oF=}T4l-Y!lB&>)D)
zFXXl7Xy_=kj%p_Rd8NGfJ7f7GGOv<uyO3fwO*_n1eT;3)n>D6V<f>i5rYYtD7CBPc
z8#yRiBtqp`wg*+VJUI!@rkjv!u`p*eF-Xq(S)6c47#UWS;Q`I$*$(Z`gsiyUR@uyl
zF`U%n(Mw~KDo|mV02WM*SJ-N$nwri5#&Q&WCSsXb`YLfpv(v@M{y1;LF0F0*O_bac
z<3AbNW;~N7T#-2CTowv^)BoMG?qy>7{F@PNs62ki&Fzw9-ls;J(ou1JDc>i)tur1!
zRxNIC{e0H>&CK-89;``<z!nnMagID%1zkf9)fG@CEHx>kvuXOH@8ei*ta`M`NCP3P
zF&!iSp3)6CAWkd1QGE{au6-7$IMTH{H`jQt|Byrt-J`cFQFeQQs=HFR@O+hC5ymmV
zL`#$czczvNsrZ5kf7k`OMI;|VuMlf8h+iho8=;@AiMI4A-sv2j<%Z2$@g<k~X_xk&
z=G*UZS!oV7TW9b^0KR^lBmCTi{;+``yNyhU5HchQl31Z|wL=g?2y@eS3uK)`z(ZwX
zWM6qb-dZ}%>#rx*U)>HY_$S#gtt^x1u(7mLo_l$>y7Iiz(Okyc8T9|a{F0pv%?{PM
zP(}18f^|)arjxj^pXG>Iqh9h_#&b`93uod6ZgwB)PdNo7!$KRtRvHPm(%VC&A95O4
z=>Kh`UC|R33&f~?+RgL)4Pn(o9YF)Zgvy}Y#3{Hm?AGjh;`-y|Ee99)?uwVu9GoEL
ztOVe70&^bl+9al|(Gek&c#MT2kO^PX*dFHW;6isVYSL_2lR?^;7(O)(^j}-%T;=z&
z?@<U@GXwRA-u{?eU62e@VJ6F3cr}96212zG6itL<Yex`JFvdykRNqJu*ERQF^s?de
zPI6m4i{qIM#iB$)`;3mr?y*;1W`hepAk%gAD9eg8Dkm+585=U-tFp;!(uGYStHVz&
z!;ML$e6xl_u!h#RfRAv~%KM~GI+1%fPSQqca<g>>kXs3;smbH6!)LS4Z0|G*UuG`}
zImIwF*|##eW?`O4RQu|gxDw6-6$W~u<U=o2wEp}?BP#td)!KehrO~XfK^TlBbfv!9
zJ28&YvAKiA^9GF;W&myx4gA+hV_=?s>i#+nL&|%8Qd3COYPEq?ez(jsj?I@uAcGv@
zlk|AQ7YP14>G7A88fbD^Tkydj7a#~Q238MW<lsxc%fum!-<l{J*hxL|KbKR|NxA5{
zcjAB7F7bcq`=?#r)%yS1EM-zVIzE8S(gx;^S=t!b+JX<^exxQoMNe5wFd>0Y;d)(3
zYgB_9vNddJhmZ6|#VX-+D8{fzUwDyEbWVhaEmR2zMzE<w3hnVc%V^%1a39tOA->?r
zQ!VaR%arH(T>N=-MnFJWTMY|64SGTTrCBa%4d@GDN4CO85oR(#i}mhDJ#)$0McyD~
zwE)vxG0VOoWBR0}f`W2+7fYf2;IC~CJVZ(I%#T)ibWkF;td9A*9DOnJG>hJ?va(GI
zkJ`G4*`hobFijtb9X%TgvBKPdjCKCDu45!kO(k++&<)?ZDocGLYpbj~PQ9Oo<Y<Yl
zu@z_P5-Z+d?{`R~`LWWEKwaL2yAbXK0#+Ssmic%oTEA=Y^0i(BQC|d_RU21JqiNSz
zAWUfRZkFW1$ExNfV~^lUz)aFelK<?}y52*_vS*X{stYyzp5?&(&fMmM@4V%+YcT3B
z_&HV~dGV}8={vL6$4)g$t>z^NK%QHisPFwuJgwteTHmc>PJg(hUy_4~%v9ru=8F#+
z()p-Y!#WVHYA-hccrS+)7g7Nqo1y(MT3a@UdC(VKl3#LPEQ;}9fBBx-1^aP-YX<AH
z1?*e?z0AA@nwx|D%b)rjoU)!L#)h5Mu;NmQR8{00D5FZ=0zYr^AkCwZ?Gh=iuSQ#e
z;(1)Mtk<)3@|mc(k@}{A=WM}b?6I_J-YzkoFfpoV3@7Yw-7i3sUcPn`j|QJSH?_>f
z;^pHn!&DZQU)yYi>Q_Ehf?7^0ATEo4;khYkX%_vGr*i*9xO~D&nuIy~h=Z==5?RkL
zB%P`k@61de%DurH2@^p+rGYg3^O0GOk7f>hwUn1jj>LGz^Bc8S36z+{wyBi)uZ`bR
ziWNrHqh+wgT+hqmcqZK#AIlRTIQB}Rm@b~e0jqeNS!toXt1hJ_7PFj$^4iVj2oc4M
zN-2e2uybLnX|BXwxjY6{f7cdh^hqeW?rbY<^ta$~&&S6dKV^t63o)G-Nys@1rXy}m
z#j?VXsVW>g`?l3jBT`*kQV1M>BAtIkz^|QyUr)VPcon=Hd1=VpLwQL?&?hGyxO<gA
z61WST+nvoY5nozHM|lUpK$F*dx>t|Va%>{VyV=`4hh8ae*)ct*znI~R0};#B_=Z|+
z71O@7jl_=*FW6QqTc#(uIhzbrXHNDN+pgEU1vsGP|2jYB04qM`rlMfWT=$wOgW4n9
z9pcZe<v%PncQyaNUTR)%X$=#AO;ZG%2fgE`S=cJ+>Y4q>t0ebL-R4!`c2!6wY0DEr
zjq|4Ir0nbX0FdRP$XRo<gOx=26{ho{Q<$jxH%l&NCn}bkt<WW_w6*GQl5h&;HQe(~
zPexkxnsCI{%57I=nt^_&Zk3>D_HzlkPkb?HG}GTkV};+DAW5j}nYx_kF?)op;e<iz
zb0tss3L6=e!EKm*4dm@ayw+)?MI0`FxlAyG6B6#K1-%d%kb*nWpQfqR$AE2%Cy(=S
zkh!V`uKzqj4a6s;^HQ+!DT5+wc#soKvx=HK)CpYP3d9+@{1cmGLo-4@iT2O0k9f1N
z3392rZ-Np48R-^psLz;G`V0)BLo?pcBsz-aKih_#3K5J+eHJc6_$so0SWO*&L)Sj_
zl|#`5%V;m;<C_1E+jD0~{})P!fW!dYroI6HKXB^%N9C^{@Fw$Dxs5b#%MUk5Uh3aN
zZqEyTmRkrJ_`2ia{RYDSxK~S}oWVJmgajG@xZQMr7in<y4iFrt+1)OQw*k(NA-c=y
zHes*I!hys35E4)n|M<r``kRvn*o1#@y36A}{C>XwH+&u$@+bUv_Ww8dUyoF7)098U
zZTF2HLH-Ugf5ZMcZTSlb0EFL#{Yqlqhu=@g{e~Z+|0VJt>ABzdf0Y{S<Nj4{rT$6)
z`S-EVFGc?p`ToJsFBAYU`#0tv)pP#{<u`DL5b~c6RDMhQ&w=}I2GzuO#`t#_f1knq
zu=zIwSCTsn{tBY+qwmM8ztQ}pe+~8@(aU}O-6j7v>iJ!G$^XLtyBO#`tNVe;Z&r)H
zSlxA4@5Ap(^5>Krr2IpYyG;I3r}tga--0+({l)37V|rhZ`<~BlxD@qY@VmR=efYoc
zhXCy#{kY5IANz5CpZhJy@-I$rzz2SR?|T19l0S9JO8<u>e{lIr6qp}V4-0?=e!Bnw
Km;eI+fd2!X=!*yd

literal 0
HcmV?d00001

diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.feature b/functional_tests/roost_test_1777467397/roost_test_1777467397.feature
new file mode 100644
index 0000000..7a62c42
--- /dev/null
+++ b/functional_tests/roost_test_1777467397/roost_test_1777467397.feature
@@ -0,0 +1,3574 @@
+Feature: Aegis Card Platform - Portal, API, Security, Applications, Transactions, Billing, and Non-Functional Requirements
+
+  Background:
+    Given the API base URL is '${API_BASE_URL}'
+    And the portal base URL is '${PORTAL_BASE_URL}'
+    And the realtime WebSocket URL is '${REALTIME_WS_URL}'
+    And the default request headers are set to:
+      | Header       | Value              |
+      | Content-Type | application/json   |
+      | Accept       | application/json   |
+    And I can run network inspection tools (curl and openssl) on the test runner
+    And I can run browser automation with DevTools access for the portal
+
+  # ---------------------------------------------------------------------------
+  # Platform / TLS / CDN (API + UI)
+  # ---------------------------------------------------------------------------
+
+  @ui @functional @TC-PLAT-01
+  Scenario: Portal base URL reachable over HTTPS and served via CDN
+    Given I am on the '${PORTAL_BASE_URL}' page
+    When I wait for the page to finish loading
+    Then I should see the page loaded without browser security warnings
+    And the browser should indicate a secure HTTPS connection
+    And I should see that static assets are successfully downloaded in the network panel
+    And the response headers for the HTML document should include CDN-indicative headers
+    And the response headers for at least one static asset should include CDN-indicative headers
+
+  @api @security @TC-PLAT-02
+  Scenario Outline: API base URL /v2 reachable over HTTPS and enforces TLS 1.3 minimum using <tls_mode>
+    Given the DNS name 'api.aegiscard.com' resolves to at least one IP address
+    When I perform a TLS handshake to host 'api.aegiscard.com' on port 443 forcing <tls_mode>
+    Then the TLS handshake result should be <handshake_result>
+    And the negotiated TLS version should be <negotiated_tls_version>
+
+    Examples:
+      | tls_mode | handshake_result | negotiated_tls_version |
+      | TLS1.3   | SUCCESS          | TLSv1.3                |
+      | TLS1.2   | FAILURE          | NONE                   |
+
+  @api @security @TC-PLAT-02
+  Scenario: API v2 endpoint is reachable over HTTPS (network level)
+    Given the DNS name 'api.aegiscard.com' resolves to at least one IP address
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {}
+      """
+    Then the response status should be one of:
+      | status |
+      | 200    |
+      | 400    |
+      | 401    |
+      | 422    |
+      | 429    |
+    And the request should not fail due to TLS or connection errors
+
+  # ---------------------------------------------------------------------------
+  # Registration
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-REG-01
+  Scenario: Register user succeeds (201) and returns onboarding artifacts
+    Given I have generated a unique email 'test+reg01-${RUN_ID}@example.com'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Alicia",
+        "last_name": "Tester",
+        "email": "test+reg01-${RUN_ID}@example.com",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-15",
+        "phone_number": "+14165550101",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be 201
+    And the response JSON should contain:
+      | path               |
+      | user_id            |
+      | verification_token |
+    And the response JSON path 'user_id' should not be empty
+    And the response JSON path 'verification_token' should not be empty
+
+  @api @negative @TC-REG-01
+  Scenario: Registering the same email twice indicates the account now exists
+    Given I have generated a unique email 'test+reg01dup-${RUN_ID}@example.com'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Alicia",
+        "last_name": "Tester",
+        "email": "test+reg01dup-${RUN_ID}@example.com",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-15",
+        "phone_number": "+14165550101",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be 201
+    When I send the same POST request to '/v2/auth/register' with the same payload again
+    Then the response status should not be 201
+
+  @api @negative @TC-REG-02
+  Scenario Outline: Register rejects when agree_terms is false and succeeds when corrected
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Brandon",
+        "last_name": "Consent",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1992-06-20",
+        "phone_number": "+14165550102",
+        "ssn_last4": "5678",
+        "agree_terms": <agree_terms>
+      }
+      """
+    Then the response status should be <status>
+    And the response JSON should <user_artifacts_presence> contain:
+      | path               |
+      | user_id            |
+      | verification_token |
+
+    Examples:
+      | email                              | agree_terms | status | user_artifacts_presence |
+      | test+reg02-${RUN_ID}@example.com   | false       | 400    | not                     |
+      | test+reg02fix-${RUN_ID}@example.com| true        | 201    |                         |
+
+  @api @negative @TC-REG-03
+  Scenario: Register returns 409 EMAIL_EXISTS when email already registered
+    Given the email 'test+reg03-existing@example.com' is already registered
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Casey",
+        "last_name": "Duplicate",
+        "email": "test+reg03-existing@example.com",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1991-03-10",
+        "phone_number": "+14165550103",
+        "ssn_last4": "9012",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be 409
+    And the response JSON path 'error' should equal 'EMAIL_EXISTS'
+    And the response JSON should not contain:
+      | path               |
+      | user_id            |
+      | verification_token |
+
+  @api @negative @TC-REG-04
+  Scenario Outline: Register returns 422 WEAK_PASSWORD for weak passwords
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Password",
+        "last_name": "Weak",
+        "email": "<email>",
+        "password": "<password>",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550104",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And the response JSON path 'error' should <error_assertion> equal '<error_code>'
+    And the response JSON should <token_presence> contain:
+      | path               |
+      | user_id            |
+      | verification_token |
+
+    Examples:
+      | email                                | password         | status | error_code     | error_assertion | token_presence |
+      | test+reg04a-${RUN_ID}@example.com     | password         | 422    | WEAK_PASSWORD  |                 | not          |
+      | test+reg04b-${RUN_ID}@example.com     | Abcdefghijk1     | 422    | WEAK_PASSWORD  |                 | not          |
+      | test+reg04ctrl-${RUN_ID}@example.com  | Str0ng!Passw0rd  | 201    |                | not             |              |
+
+  @api @boundary @TC-REG-05
+  Scenario Outline: Registration first_name validation (alpha-only and length 2-50)
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "<first_name>",
+        "last_name": "Smith",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550111",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for error responses the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+    Examples:
+      | email                               | first_name                                           | status |
+      | test+regfn2-${RUN_ID}@example.com   | Al                                                  | 201    |
+      | test+regfn50-${RUN_ID}@example.com  | AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  | 201    |
+      | test+regfn1-${RUN_ID}@example.com   | A                                                   | 400    |
+      | test+regfn51-${RUN_ID}@example.com  | BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB | 400    |
+      | test+regfnDigit-${RUN_ID}@example.com| Jo3                                                | 400    |
+      | test+regfnHyphen-${RUN_ID}@example.com| Jo-An                                              | 400    |
+
+  @api @negative @TC-REG-07
+  Scenario Outline: Registration rejects malformed email formats
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Email",
+        "last_name": "Format",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550112",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+    Examples:
+      | email                                 | status |
+      | test+emailctrl-${RUN_ID}@example.com   | 201    |
+      | plainaddress                           | 400    |
+      | missingdomain@                         | 400    |
+      | @missinglocal.example.com              | 400    |
+      | test..dots@example.com                 | 400    |
+      | test+bad space@example.com             | 400    |
+
+  @api @boundary @TC-REG-08
+  Scenario Outline: Registration password complexity and boundary length enforcement
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Pw",
+        "last_name": "Rule",
+        "email": "<email>",
+        "password": "<password>",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550113",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 422 the response JSON path 'error' should equal 'WEAK_PASSWORD'
+
+    Examples:
+      | email                              | password        | status |
+      | test+pwdok1-${RUN_ID}@example.com  | Aa1!aaaaaaaab    | 201    |
+      | test+pwdlen11-${RUN_ID}@example.com| Aa1!aaaaaaa      | 422    |
+      | test+pwdlower-${RUN_ID}@example.com| aaaaaaaaaaaa     | 422    |
+      | test+pwdupper-${RUN_ID}@example.com| AAAAAAAAAAAA     | 422    |
+      | test+pwddigit-${RUN_ID}@example.com| Aa!aaaaaaaaaa    | 422    |
+      | test+pwdsym-${RUN_ID}@example.com  | Aa1aaaaaaaaaaa   | 422    |
+      | test+pwdlen12-${RUN_ID}@example.com| Aa1!aaaaaaaa     | 201    |
+
+  @api @boundary @TC-REG-09
+  Scenario Outline: Registration date_of_birth format and age >= 18 enforcement
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Dob",
+        "last_name": "Rule",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "<date_of_birth>",
+        "phone_number": "+14165550114",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+    Examples:
+      | email                             | date_of_birth           | status |
+      | test+dob18-${RUN_ID}@example.com  | ${DOB_EXACTLY_18}        | 201    |
+      | test+dob17-${RUN_ID}@example.com  | ${DOB_UNDER_18_BY_1_DAY} | 400    |
+      | test+dobfmt1-${RUN_ID}@example.com| 04/29/2000              | 400    |
+      | test+dobfmt2-${RUN_ID}@example.com| 2000-13-01              | 400    |
+      | test+dobfmt3-${RUN_ID}@example.com| 2000-01-01T00:00:00Z     | 400    |
+
+  @api @negative @TC-REG-10
+  Scenario Outline: Registration rejects non-E.164 phone_number formats
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "Phone",
+        "last_name": "Rule",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "<phone_number>",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'phone_number'
+
+    Examples:
+      | email                               | phone_number       | status |
+      | test+phoneok-${RUN_ID}@example.com  | +14165551234        | 201    |
+      | test+phonebad1-${RUN_ID}@example.com| 4165551234          | 400    |
+      | test+phonebad2-${RUN_ID}@example.com| ++14165551234       | 400    |
+
+  @api @boundary @TC-REG-11
+  Scenario Outline: Registration ssn_last4 must be exactly 4 numeric digits
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "SSN",
+        "last_name": "Rule",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550115",
+        "ssn_last4": "<ssn_last4>",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'ssn_last4'
+
+    Examples:
+      | email                           | ssn_last4 | status |
+      | test+ssnok-${RUN_ID}@example.com| 1234      | 201    |
+      | test+ssn3-${RUN_ID}@example.com | 123       | 400    |
+      | test+ssn5-${RUN_ID}@example.com | 12345     | 400    |
+      | test+ssnA-${RUN_ID}@example.com | 12A4      | 400    |
+
+  @api @negative @TC-REG-12
+  Scenario Outline: Registration missing required field returns 400 with error, field, message
+    Given I have generated a unique email '<email>'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "last_name": "Missing",
+        "email": "<email>",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-01",
+        "phone_number": "+14165550116",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be 400
+    And the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+    And the response JSON path 'field' should equal '<missing_field>'
+
+    Examples:
+      | email                             | missing_field |
+      | test+regmissing-${RUN_ID}@example.com | first_name  |
+
+  # ---------------------------------------------------------------------------
+  # Login / MFA / Lockout / Rate limiting
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-LOGIN-01
+  Scenario: Login success returns access_token, refresh_token, expires_in and token works on a protected endpoint
+    Given a registered user exists with email 'test+login01@example.com' and password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+login01@example.com",
+        "password": "Str0ng!Passw0rd"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+      | expires_in    |
+    When I store the response JSON path 'access_token' as 'access_token'
+    And I send a GET request to '/v2/accounts/${ACCOUNT_ID}/summary' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should not be 401
+
+  @api @negative @TC-LOGIN-01
+  Scenario: Tampered access token is rejected for protected endpoint
+    Given I have a valid access token stored as 'access_token'
+    When I send a GET request to '/v2/accounts/${ACCOUNT_ID}/summary' with headers:
+      | Header        | Value                          |
+      | Authorization | Bearer ${access_token}_TAMPERED |
+    Then the response status should be one of:
+      | status |
+      | 401    |
+      | 403    |
+
+  @api @negative @TC-LOGIN-02
+  Scenario: Login returns 401 INVALID_CREDENTIALS for wrong password
+    Given a registered user exists with email 'test+login02@example.com' and password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+login02@example.com",
+        "password": "Wr0ng!Passw0rd"
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'INVALID_CREDENTIALS'
+    And the response JSON should not contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+      | expires_in    |
+
+  @api @functional @TC-LOGIN-03
+  Scenario: Login with MFA enabled accepts optional 6-digit TOTP mfa_code
+    Given a registered MFA-enabled user exists with email 'test+mfa@example.com' and password 'Str0ng!Passw0rd'
+    And I have generated a valid 6-digit TOTP code for that user as 'mfa_code'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+mfa@example.com",
+        "password": "Str0ng!Passw0rd",
+        "mfa_code": "${mfa_code}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+      | expires_in    |
+
+  @api @state-transition @TC-LOGIN-04
+  Scenario: Account locks after 5 failed login attempts and returns 403 ACCOUNT_LOCKED + unlock_at
+    Given a registered user exists with email 'test+lockout@example.com' and password 'Str0ng!Passw0rd'
+    When I send 5 POST requests to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+lockout@example.com",
+        "password": "WrongPass!0000"
+      }
+      """
+    Then each response status should be 401
+    When I send a 6th POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+lockout@example.com",
+        "password": "WrongPass!0000"
+      }
+      """
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'ACCOUNT_LOCKED'
+    And the response JSON should contain:
+      | path      |
+      | unlock_at |
+
+  @api @resilience @TC-LOGIN-05
+  Scenario: Login rate limit returns 429 RATE_LIMITED with retry_after after exceeding 10 req/min per IP
+    Given a registered user exists with email 'test+rl01@example.com' and password 'ValidPass!12345'
+    When I send 10 POST requests to '/v2/auth/login' within 60 seconds with payload:
+      """
+      {
+        "email": "test+rl01@example.com",
+        "password": "ValidPass!12345"
+      }
+      """
+    Then each response status should be 200
+    When I send 1 more POST request to '/v2/auth/login' within the same 60 seconds with payload:
+      """
+      {
+        "email": "test+rl01@example.com",
+        "password": "ValidPass!12345"
+      }
+      """
+    Then the response status should be 429
+    And the response JSON path 'error' should equal 'RATE_LIMITED'
+    And the response JSON should contain:
+      | path        |
+      | retry_after |
+
+  @api @negative @TC-LOGIN-06
+  Scenario Outline: Login fails for unknown email and does not issue tokens
+    Given a registered user exists with email 'test+login06-registered@example.com' and password 'ValidPassw0rd!234'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "<email>",
+        "password": "ValidPassw0rd!234"
+      }
+      """
+    Then the response status should be <status>
+    And the response JSON should <token_presence> contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+      | expires_in    |
+    And for status 401 the response JSON path 'error' should equal 'INVALID_CREDENTIALS'
+
+    Examples:
+      | email                             | status | token_presence |
+      | test+login06-registered@example.com| 200    |                |
+      | test+login06-unknown@example.com   | 401    | not            |
+
+  @api @boundary @TC-LOGIN-07
+  Scenario Outline: Login device_id UUID v4 validation when provided
+    Given a registered user exists with email 'test+login07@example.com' and password 'ValidPassw0rd!234'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+login07@example.com",
+        "password": "ValidPassw0rd!234",
+        "device_id": "<device_id>"
+      }
+      """
+    Then the response status should be <status>
+    And for non-200 responses the response JSON should not contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+
+    Examples:
+      | device_id                             | status |
+      | 550e8400-e29b-41d4-a716-446655440000  | 200    |
+      | 550e8400-e29b-11d4-a716-446655440000  | 400    |
+      | not-a-uuid                            | 400    |
+
+  @api @functional @TC-LOGIN-08
+  Scenario: remember_me=true extends refresh token TTL to 30 days (observable via cookie/token metadata)
+    Given a registered user exists with email 'test+login08@example.com' and password 'ValidPassw0rd!234'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+login08@example.com",
+        "password": "ValidPassw0rd!234",
+        "remember_me": false
+      }
+      """
+    Then the response status should be 200
+    When I record the refresh token TTL/expiry metadata as 'baseline_refresh_ttl'
+    And I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+login08@example.com",
+        "password": "ValidPassw0rd!234",
+        "remember_me": true
+      }
+      """
+    Then the response status should be 200
+    And I record the refresh token TTL/expiry metadata as 'remember_me_refresh_ttl'
+    And the 'remember_me_refresh_ttl' should indicate approximately 30 days
+
+  # ---------------------------------------------------------------------------
+  # Token Refresh
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-REFRESH-01
+  Scenario: Token refresh returns new access_token and refresh_token (rotation enforced)
+    Given a registered user exists with email 'test+rt01@example.com' and password 'ValidPassw0rd!234'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+rt01@example.com",
+        "password": "ValidPassw0rd!234"
+      }
+      """
+    Then the response status should be 200
+    When I store the response JSON path 'access_token' as 'access_token_1'
+    And I store the response JSON path 'refresh_token' as 'refresh_token_1'
+    And I send a POST request to '/v2/auth/token/refresh' with payload:
+      """
+      {
+        "refresh_token": "${refresh_token_1}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path          |
+      | access_token  |
+      | refresh_token |
+    And the response JSON path 'access_token' should not equal '${access_token_1}'
+    And the response JSON path 'refresh_token' should not equal '${refresh_token_1}'
+
+  @api @security @TC-REFRESH-02
+  Scenario: Token refresh invalidates old refresh token after successful refresh (single-use)
+    Given a registered user exists with email 'test+rt02@example.com' and password 'ValidPassw0rd!234'
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+rt02@example.com",
+        "password": "ValidPassw0rd!234"
+      }
+      """
+    Then the response status should be 200
+    When I store the response JSON path 'refresh_token' as 'refresh_token_1'
+    And I send a POST request to '/v2/auth/token/refresh' with payload:
+      """
+      {
+        "refresh_token": "${refresh_token_1}"
+      }
+      """
+    Then the response status should be 200
+    When I store the response JSON path 'refresh_token' as 'refresh_token_2'
+    And I send a POST request to '/v2/auth/token/refresh' with payload:
+      """
+      {
+        "refresh_token": "${refresh_token_1}"
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'TOKEN_INVALID'
+    When I send a POST request to '/v2/auth/token/refresh' with payload:
+      """
+      {
+        "refresh_token": "${refresh_token_2}"
+      }
+      """
+    Then the response status should be 200
+
+  @api @negative @TC-REFRESH-04
+  Scenario Outline: Token refresh requires refresh_token field (missing/empty fails; valid succeeds)
+    Given a registered user exists with email 'test+rt04@example.com' and password 'ValidPassw0rd!234'
+    And I have obtained a valid refresh token as 'valid_refresh_token' via login
+    When I send a POST request to '/v2/auth/token/refresh' with payload:
+      """
+      <payload>
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | payload                                      | status |
+      | {}                                           | 400    |
+      | {"refresh_token": ""}                        | 400    |
+      | {"refresh_token": "${valid_refresh_token}"}  | 200    |
+
+  # ---------------------------------------------------------------------------
+  # Portal token storage / PCI / CSRF / Session (UI-focused)
+  # ---------------------------------------------------------------------------
+
+  @ui @security @TC-TOKSTORE-01
+  Scenario: Auth tokens stored in HttpOnly, Secure cookies and not accessible via document.cookie
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+cookie01@example.com' and password 'Str0ng!Passw0rd'
+    Then I should be on an authenticated page
+    And the auth/session cookies should have the 'HttpOnly' attribute
+    And the auth/session cookies should have the 'Secure' attribute
+    When I evaluate JavaScript 'document.cookie'
+    Then the result should not include token cookie names or token-like values
+
+  @ui @security @TC-TOKSTORE-02
+  Scenario: Auth tokens are never stored in localStorage or sessionStorage
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+ls01@example.com' and password 'Str0ng!Passw0rd'
+    Then I should be on an authenticated page
+    When I inspect localStorage for token-like keys and values
+    Then localStorage should not contain access or refresh tokens
+    When I inspect sessionStorage for token-like keys and values
+    Then sessionStorage should not contain access or refresh tokens
+
+  @ui @functional @TC-DRAFT-01
+  Scenario: Credit application auto-save occurs every 60 seconds to localStorage draft
+    Given I open a clean browser context
+    And I am on the credit application form page
+    And localStorage for the portal origin is empty
+    When I enter 'Jordan Test' in the 'Full legal name' field
+    And I enter '+14165550199' in the 'Phone number' field
+    And I wait 60 seconds
+    Then localStorage should contain an application draft entry
+    When I change the 'Phone number' field to '+14165550200'
+    And I wait 60 seconds
+    Then the application draft in localStorage should reflect the updated phone number
+    When I refresh the page
+    Then the application form should restore values from the saved draft
+
+  @ui @security @TC-DRAFT-02
+  Scenario: Draft auto-save does not store auth tokens in localStorage
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+draft02@example.com' and password 'Str0ng!Passw0rd'
+    And I navigate to the credit application flow
+    And I enter 'Jordan Test' in the 'Full legal name' field
+    And I wait 60 seconds
+    Then localStorage should contain a draft entry
+    And localStorage should not contain token-like keys or values
+    And sessionStorage should not contain token-like keys or values
+
+  @ui @security @TC-PAN-01
+  Scenario: PAN displayed in browser only as masked format
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+pan01@example.com' and password 'Str0ng!Passw0rd'
+    And I navigate to the card details area
+    Then I should see a masked PAN like '**** **** **** 4242'
+    And the DOM should not contain an unmasked PAN-like digit sequence
+
+  @ui @security @TC-PCI-02
+  Scenario: Card fields use iframe tokenisation and no raw PAN in DOM
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+pciform@example.com' and password 'Str0ng!Passw0rd'
+    And I navigate to the card entry form
+    Then I should see card input fields rendered inside one or more iframes
+    When I type a synthetic card number '4242 4242 4242 4242' into the card number field
+    Then the top-level DOM should not contain '4242424242424242'
+    And the network payload for the form submission should not contain raw PAN digits
+
+  @ui @security @TC-CSRF-02
+  Scenario: CSRF cookie policy SameSite=Strict is enforced for portal sessions
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+samesite@example.com' and password 'Str0ng!Passw0rd'
+    Then the portal session cookies should have 'SameSite=Strict'
+
+  @ui @security @TC-SESSION-01
+  Scenario: Portal session expires after 15 minutes of inactivity
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+session01@example.com' and password 'Str0ng!Passw0rd'
+    Then I should be on an authenticated page
+    When I remain inactive for 15 minutes
+    Then I should be redirected to the login page when accessing a protected page
+
+  @ui @functional @TC-SESSION-02
+  Scenario: Portal shows 2-minute warning modal before auto-logout
+    Given I open a clean browser context
+    And I am on the '${PORTAL_BASE_URL}' page
+    When I log in via the portal UI with email 'test+session02@example.com' and password 'Str0ng!Passw0rd'
+    And I remain inactive for 13 minutes
+    Then I should see an inactivity warning modal
+    When I do not interact for 2 more minutes
+    Then I should be logged out automatically
+
+  # ---------------------------------------------------------------------------
+  # Applications Step 1
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-APP1-01
+  Scenario: Application Step 1 succeeds and returns application_id and session_token
+    Given I am authenticated as 'test+app1ok@example.com' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Jordan Avery Test",
+        "email": "test+app1ok@example.com",
+        "phone_number": "+14165550101",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be 201
+    And the response JSON should contain:
+      | path            |
+      | application_id  |
+      | session_token   |
+
+  @api @boundary @TC-APP1-02
+  Scenario Outline: Step 1 full_legal_name boundary validation (100 accepted, 101 rejected)
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "<full_legal_name>",
+        "email": "<user_email>",
+        "phone_number": "+14165550101",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be <status>
+    And for status 201 the response JSON should contain:
+      | path           |
+      | application_id |
+      | session_token  |
+    And for status 400 the response JSON path 'field' should equal 'full_legal_name'
+
+    Examples:
+      | user_email                      | full_legal_name                         | status |
+      | test+app1bva100@example.com     | ${STRING_LEN_100}                       | 201    |
+      | test+app1bva101@example.com     | ${STRING_LEN_101}                       | 400    |
+
+  @api @negative @TC-APP1-03
+  Scenario: Step 1 email must match authenticated user email (reject mismatch)
+    Given I am authenticated as 'test+app1emailA@example.com' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Email Mismatch Test",
+        "email": "test+app1emailB@example.com",
+        "phone_number": "+14165550101",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'field' should equal 'email'
+    And the response JSON should not contain:
+      | path           |
+      | application_id |
+      | session_token  |
+
+  @api @negative @TC-APP1-04
+  Scenario: Step 1 returns 409 DUPLICATE_APPLICATION when active application already in progress
+    Given I am authenticated as 'test+dupapp@example.com' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Dup App Test",
+        "email": "test+dupapp@example.com",
+        "phone_number": "+14165550101",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be 201
+    When I send the same POST request to '/v2/applications/start' again with the same payload
+    Then the response status should be 409
+    And the response JSON path 'error' should equal 'DUPLICATE_APPLICATION'
+
+  @api @boundary @TC-APP1-05
+  Scenario Outline: Step 1 phone_number must be E.164 (accept valid, reject invalid)
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Phone Format Test",
+        "email": "<user_email>",
+        "phone_number": "<phone_number>",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'phone_number'
+
+    Examples:
+      | user_email                      | phone_number         | status |
+      | test+app1phoneok@example.com    | +14165550123          | 201    |
+      | test+app1phonebad1@example.com  | 4165550123            | 400    |
+      | test+app1phonebad2@example.com  | +1 (416) 555-0123     | 400    |
+
+  @api @boundary @TC-APP1-06
+  Scenario Outline: Step 1 address.street max 100 chars boundary
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Street Length Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550123",
+        "residential_address": {
+          "street": "<street>",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'address.street'
+
+    Examples:
+      | user_email                     | street            | status |
+      | test+app1street100@example.com | ${STRING_LEN_100} | 201    |
+      | test+app1street101@example.com | ${STRING_LEN_101} | 400    |
+
+  @api @boundary @TC-APP1-07
+  Scenario Outline: Step 1 address.city max 60 chars boundary
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "City Length Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550123",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "<city>",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'address.city'
+
+    Examples:
+      | user_email                   | city           | status |
+      | test+app1city60@example.com  | ${STRING_LEN_60} | 201    |
+      | test+app1city61@example.com  | ${STRING_LEN_61} | 400    |
+
+  @api @boundary @TC-APP1-08
+  Scenario Outline: Step 1 province must be 2-char ISO 3166-2 code
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Province Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550123",
+        "residential_address": {
+          "street": "100 Test St",
+          "city": "Toronto",
+          "province": "<province>",
+          "postal_code": "M5V 2T6"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "ZXCV1234"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | user_email                  | province | status |
+      | test+app1provok@example.com | ON       | 201    |
+      | test+app1prov3@example.com  | ONT      | 400    |
+      | test+app1prov1@example.com  | O        | 400    |
+
+  @api @boundary @TC-APP1-09
+  Scenario Outline: Step 1 postal_code must match Canadian format A1A 1A1
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Postal Code Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550124",
+        "residential_address": {
+          "street": "200 Test Ave",
+          "city": "Ottawa",
+          "province": "ON",
+          "postal_code": "<postal_code>"
+        },
+        "id_type": "DRIVERS_LICENSE",
+        "id_number": "D1E2F3G4"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'address.postal_code'
+
+    Examples:
+      | user_email                    | postal_code | status |
+      | test+app1pcok@example.com     | K1A 0B1     | 201    |
+      | test+app1pcmissspace@example.com| K1A0B1    | 400    |
+      | test+app1pcbad@example.com    | 123 456     | 400    |
+
+  @api @boundary @TC-APP1-10
+  Scenario Outline: Step 1 id_type enum enforcement
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "ID Type Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550125",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "<id_type>",
+        "id_number": "ZXCV1234"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | user_email                 | id_type         | status |
+      | test+app1idpass@example.com| PASSPORT        | 201    |
+      | test+app1iddl@example.com  | DRIVERS_LICENSE | 201    |
+      | test+app1idpr@example.com  | PR_CARD         | 201    |
+      | test+app1idbad@example.com | NATIONAL_ID     | 400    |
+
+  @api @boundary @TC-APP1-11
+  Scenario Outline: Step 1 id_number alphanumeric max 20 chars boundary
+    Given I am authenticated as '<user_email>' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "ID Number Test",
+        "email": "<user_email>",
+        "phone_number": "+14165550126",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "K1A 0B1"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "<id_number>"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | user_email                   | id_number                 | status |
+      | test+app1idnum20@example.com | AB12CD34EF56GH78IJ90      | 201    |
+      | test+app1idnum21@example.com | AB12CD34EF56GH78IJ901     | 400    |
+      | test+app1idnumhy@example.com | ABC-123                   | 400    |
+
+  @api @negative @TC-APP1-12
+  Scenario: Step 1 validation failure returns 400 with error, field, message
+    Given I am authenticated as 'test+app1invalid@example.com' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "Invalid Postal",
+        "email": "test+app1invalid@example.com",
+        "phone_number": "+14165550127",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "INVALID"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+  # ---------------------------------------------------------------------------
+  # Applications Step 2 (X-App-Session, sequencing, boundaries)
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-APP2-01
+  Scenario: Application Step 2 succeeds with X-App-Session and returns PENDING_REVIEW and fico_pull_id
+    Given I am authenticated as 'test+app2ok@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 85000.00,
+        "other_income": 0.00,
+        "monthly_rent": 1800.00,
+        "existing_debt_payments": 350.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'status' should equal 'PENDING_REVIEW'
+    And the response JSON should contain:
+      | path         |
+      | fico_pull_id |
+
+  @api @negative @TC-APP2-02
+  Scenario: Step 2 rejects when EMPLOYED but employer_name missing
+    Given I am authenticated as 'test+app2emp@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "EMPLOYED",
+        "gross_annual_income": 65000.00,
+        "monthly_rent": 1500.00,
+        "existing_debt_payments": 200.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 400
+    And the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+    And the response JSON path 'field' should equal 'employer_name'
+
+  @api @boundary @TC-APP2-03
+  Scenario Outline: Step 2 gross_annual_income boundary validation
+    Given I am authenticated as 'test+app2income@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "RETIRED",
+        "gross_annual_income": <gross_annual_income>,
+        "monthly_rent": 0.00,
+        "existing_debt_payments": 0.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'gross_annual_income'
+
+    Examples:
+      | gross_annual_income | status |
+      | 9999999.99          | 200    |
+      | 10000000.00         | 400    |
+      | 0.00                | 400    |
+      | -1.00               | 400    |
+
+  @api @negative @TC-APP2-04
+  Scenario Outline: Step 2 rejects when sin_consent is false or omitted; succeeds when true
+    Given I am authenticated as 'test+app2consent@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      <payload>
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'field' should equal 'sin_consent'
+
+    Examples:
+      | payload                                                                                                                                 | status |
+      | {"employment_status":"STUDENT","gross_annual_income":12000.00,"monthly_rent":650.00,"existing_debt_payments":50.00,"sin_consent":false} | 400    |
+      | {"employment_status":"STUDENT","gross_annual_income":12000.00,"monthly_rent":650.00,"existing_debt_payments":50.00}                     | 400    |
+      | {"employment_status":"STUDENT","gross_annual_income":12000.00,"monthly_rent":650.00,"existing_debt_payments":50.00,"sin_consent":true}  | 200    |
+
+  @api @state-transition @TC-APPSEQ-01
+  Scenario: Enforce sequential completion: Step 2 cannot be completed without X-App-Session from Step 1
+    Given I am authenticated as 'test+appseq01@example.com' with password 'Str0ng!Passw0rd'
+    When I send a POST request to '/v2/applications/11111111-1111-1111-1111-111111111111/financials' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "employment_status": "UNEMPLOYED",
+        "gross_annual_income": 30000.00,
+        "monthly_rent": 900.00,
+        "existing_debt_payments": 150.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should not be 200
+    When I create an application via Step 1 and store 'application_id' and 'session_token'
+    And I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "UNEMPLOYED",
+        "gross_annual_income": 30000.00,
+        "monthly_rent": 900.00,
+        "existing_debt_payments": 150.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'status' should equal 'PENDING_REVIEW'
+    And the response JSON should contain:
+      | path         |
+      | fico_pull_id |
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-App-Session | invalid-token          |
+    And payload:
+      """
+      {
+        "employment_status": "UNEMPLOYED",
+        "gross_annual_income": 30000.00,
+        "monthly_rent": 900.00,
+        "existing_debt_payments": 150.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'SESSION_EXPIRED'
+
+  @api @negative @TC-APPSEQ-02
+  Scenario: Step 2 returns 401 SESSION_EXPIRED when session_token is invalid
+    Given I am authenticated as 'test+appseq02@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | invalid-session-token-01 |
+    And payload:
+      """
+      {
+        "employment_status": "EMPLOYED",
+        "employer_name": "TestCo",
+        "gross_annual_income": 75000.00,
+        "other_income": 0.00,
+        "monthly_rent": 1500.00,
+        "existing_debt_payments": 250.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'SESSION_EXPIRED'
+
+  @api @boundary @TC-APPSEQ-03
+  Scenario: Validate X-App-Session required and expiry boundary (29:59 succeeds; 30:01 expires)
+    Given I am authenticated as 'test+appseq03@example.com' with password 'Str0ng!Passw0rd'
+    When I create an application via Step 1 and store 'application_id_1' and 'session_token_1' and record issuance time as 'T0'
+    And I send a POST request to '/v2/applications/${application_id_1}/financials' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 90000.00,
+        "other_income": 5000.00,
+        "monthly_rent": 0.00,
+        "existing_debt_payments": 300.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should not be 200
+    When I wait until elapsed time since 'T0' is 29 minutes and 59 seconds
+    And I send a POST request to '/v2/applications/${application_id_1}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token_1}       |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 90000.00,
+        "other_income": 5000.00,
+        "monthly_rent": 0.00,
+        "existing_debt_payments": 300.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 200
+    When I create an application via Step 1 and store 'application_id_2' and 'session_token_2' and record issuance time as 'T1'
+    And I wait until elapsed time since 'T1' is 30 minutes and 1 second
+    And I send a POST request to '/v2/applications/${application_id_2}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token_2}       |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 90000.00,
+        "other_income": 5000.00,
+        "monthly_rent": 0.00,
+        "existing_debt_payments": 300.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'SESSION_EXPIRED'
+
+  @api @functional @TC-APP2-05
+  Scenario Outline: Step 2 other_income defaults to 0.00 when omitted
+    Given I am authenticated as 'test+app2otherincome@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      <payload>
+      """
+    Then the response status should be 200
+    And the response JSON path 'status' should equal 'PENDING_REVIEW'
+    And the response JSON should contain:
+      | path         |
+      | fico_pull_id |
+
+    Examples:
+      | payload                                                                                                                                                |
+      | {"employment_status":"EMPLOYED","employer_name":"TestCo Ltd","gross_annual_income":85000.00,"monthly_rent":1800.00,"existing_debt_payments":250.00,"sin_consent":true} |
+      | {"employment_status":"EMPLOYED","employer_name":"TestCo Ltd","gross_annual_income":85000.00,"other_income":0.00,"monthly_rent":1800.00,"existing_debt_payments":250.00,"sin_consent":true} |
+
+  @api @boundary @TC-APP2-06
+  Scenario Outline: Step 2 monthly_rent boundary allows 0.00 but rejects negative
+    Given I am authenticated as 'test+app2rent@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "RETIRED",
+        "gross_annual_income": 60000.00,
+        "monthly_rent": <monthly_rent>,
+        "existing_debt_payments": 0.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | monthly_rent | status |
+      | 0.00         | 200    |
+      | -0.01        | 400    |
+
+  @api @boundary @TC-APP2-07
+  Scenario Outline: Step 2 existing_debt_payments enforces Decimal(10,2) precision
+    Given I am authenticated as 'test+app2debt@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 120000.00,
+        "monthly_rent": 1500.00,
+        "existing_debt_payments": <existing_debt_payments>,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | existing_debt_payments | status |
+      | 1234.56                | 200    |
+      | 1234.567               | 400    |
+
+  @api @negative @TC-APP2-08
+  Scenario: Step 2 missing required field returns 400 with error, field, message
+    Given I am authenticated as 'test+app2missing@example.com' with password 'Str0ng!Passw0rd'
+    And I have created an application via Step 1 and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "EMPLOYED",
+        "employer_name": "TestCo Ltd",
+        "monthly_rent": 1200.00,
+        "existing_debt_payments": 100.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 400
+    And the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+  # ---------------------------------------------------------------------------
+  # Applications Step 3 (decisions, signature, defaults)
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-APP3-01
+  Scenario: Step 3 approved decision returns credit_limit and card_number_masked
+    Given I am authenticated as 'test+app3approved@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    And the decisioning stub is configured for application '${application_id}' with FICO value 700
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "U3ludGhldGljIFNpZ25hdHVyZQ=="
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'APPROVED'
+    And the response JSON should contain:
+      | path               |
+      | credit_limit       |
+      | card_number_masked |
+    And the response JSON path 'card_number_masked' should not match the regex '\d{13,19}'
+
+  @api @functional @TC-APP3-02
+  Scenario: Step 3 pending decision includes review_eta_hours
+    Given I am authenticated as 'test+app3pending@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    And the decisioning stub is configured for application '${application_id}' with FICO value 650
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "VGVzdCBTaWduYXR1cmU=",
+        "marketing_opt_in": true
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'PENDING'
+    And the response JSON should contain:
+      | path             |
+      | review_eta_hours |
+
+  @api @functional @TC-APP3-03
+  Scenario: Step 3 declined decision includes reason_code
+    Given I am authenticated as 'test+app3decline@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    And the decisioning stub is configured for application '${application_id}' with FICO value 550
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "RGVjbGluZSBUZXN0IFNpZw=="
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'DECLINED'
+    And the response JSON should contain:
+      | path        |
+      | reason_code |
+    And the response body should not match the regex '\d{13,19}'
+
+  @api @negative @TC-APP3-04
+  Scenario Outline: Step 3 rejects missing/malformed e_signature with 400 SIGNATURE_REQUIRED
+    Given I am authenticated as 'test+app3sig@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      <payload>
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'SIGNATURE_REQUIRED'
+
+    Examples:
+      | payload                                               |
+      | {"card_product_id":"AEGIS_GOLD"}                       |
+      | {"card_product_id":"AEGIS_GOLD","e_signature":"not-base64"} |
+
+  @api @functional @TC-APP3-05
+  Scenario: Step 3 marketing_opt_in defaults to false when omitted (if observable)
+    Given I am authenticated as 'test+app3marketing@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "VGVzdCBTaWduYXR1cmU="
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path     |
+      | decision |
+    And if the response JSON contains 'marketing_opt_in' then the response JSON path 'marketing_opt_in' should equal 'false'
+
+  @api @boundary @TC-APP3-08
+  Scenario: Decision boundary at FICO 680 returns PENDING and includes review_eta_hours
+    Given I am authenticated as 'test+app3b680@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    And the decisioning stub is configured for application '${application_id}' with FICO value 680
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "VGVzdCBVc2Vy"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'PENDING'
+    And the response JSON should contain:
+      | path             |
+      | review_eta_hours |
+    And the response JSON should not contain:
+      | path               |
+      | credit_limit       |
+      | card_number_masked |
+
+  @api @boundary @TC-APP3-10
+  Scenario: Decision boundary at FICO 599 returns DECLINED and includes reason_code
+    Given I am authenticated as 'test+app3b599@example.com' with password 'Str0ng!Passw0rd'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    And the decisioning stub is configured for application '${application_id}' with FICO value 599
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "VGVzdCBVc2Vy"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'DECLINED'
+    And the response JSON should contain:
+      | path        |
+      | reason_code |
+
+  @api @functional @TC-APP3-06
+  Scenario: Step 3 card_product_id must come from GET /v2/products
+    Given I am authenticated as 'test+app3products@example.com' with password 'Str0ng!Passw0rd'
+    When I send a GET request to '/v2/products' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    When I store a valid product id from the response as 'card_product_id_valid'
+    And I have completed Step 1 and Step 2 successfully and stored 'application_id' and 'session_token'
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "${card_product_id_valid}",
+        "e_signature": "VGVzdCBTaWduYXR1cmU="
+      }
+      """
+    Then the response status should be 200
+    When I create a new application and complete Step 1 and Step 2 and store 'application_id2' and 'session_token2'
+    And I send a POST request to '/v2/applications/${application_id2}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token2}        |
+    And payload:
+      """
+      {
+        "card_product_id": "NOT_A_REAL_PRODUCT",
+        "e_signature": "VGVzdCBTaWduYXR1cmU="
+      }
+      """
+    Then the response status should be 400
+    And the response JSON should contain:
+      | path    |
+      | error   |
+      | field   |
+      | message |
+
+  # ---------------------------------------------------------------------------
+  # Transactions: initiate, limits, FX, list
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-TXN-01
+  Scenario: Initiate transaction approved path returns transaction_id, available_credit, auth_code
+    Given I am authenticated as 'test+txn01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 25.50,
+        "merchant_name": "Test Coffee Shop",
+        "merchant_id": "TESTMERCH0001",
+        "mcc_code": "5812",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "QA approval test"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path             |
+      | transaction_id   |
+      | available_credit |
+      | auth_code        |
+
+  @api @functional @TC-TXN-02
+  Scenario: Essential service over-limit within 5% buffer returns over_limit_flag true
+    Given I am authenticated as 'test+txn02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with available_credit configured to 100.00
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 104.00,
+        "merchant_name": "Essential Utility",
+        "merchant_id": "ESSUTIL0001",
+        "mcc_code": "4900",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "Essential over-limit buffer test"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path            |
+      | transaction_id  |
+      | over_limit_flag |
+    And the response JSON path 'over_limit_flag' should equal 'true'
+
+  @api @negative @TC-TXN-03
+  Scenario: Initiate transaction returns 402 INSUFFICIENT_FUNDS with available_credit
+    Given I am authenticated as 'test+txn03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with available_credit configured to 50.00
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 200.00,
+        "merchant_name": "Test Electronics",
+        "merchant_id": "TESTELEC0001",
+        "mcc_code": "5732",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be 402
+    And the response JSON path 'error' should equal 'INSUFFICIENT_FUNDS'
+    And the response JSON should contain:
+      | path             |
+      | available_credit |
+
+  @api @negative @TC-TXN-04
+  Scenario: Initiate transaction returns 403 CARD_INACTIVE when card not Active or Frozen
+    Given I am authenticated as 'test+txn04@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with card status configured to 'Blocked'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "Test Merchant",
+        "merchant_id": "TESTM0001",
+        "mcc_code": "5999",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'CARD_INACTIVE'
+    And the response JSON should contain:
+      | path        |
+      | card_status |
+
+  @api @boundary @TC-TXN-05
+  Scenario Outline: Initiate transaction rejects transaction_amount <= 0 with 422 INVALID_AMOUNT
+    Given I am authenticated as 'test+txn05@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": <amount>,
+        "merchant_name": "Boundary Merchant",
+        "merchant_id": "BOUND0001",
+        "mcc_code": "5999",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be <status>
+    And for status 422 the response JSON path 'error' should equal 'INVALID_AMOUNT'
+
+    Examples:
+      | amount | status |
+      | 0.00   | 422    |
+      | -0.01  | 422    |
+      | 0.01   | 200    |
+
+  @api @negative @TC-TXN-06
+  Scenario: Initiate transaction requires exchange_rate when currency_code != CAD
+    Given I am authenticated as 'test+txn06@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "FX Test Merchant",
+        "merchant_id": "FXMERCH0001",
+        "mcc_code": "5999",
+        "currency_code": "USD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should not be 200
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "FX Test Merchant",
+        "merchant_id": "FXMERCH0001",
+        "mcc_code": "5999",
+        "currency_code": "USD",
+        "exchange_rate": 1.350000,
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should not be the missing-exchange-rate failure from the previous attempt
+
+  @api @resilience @TC-TXNFREQ-01
+  Scenario: Transaction frequency limit triggers 429 FREQ_EXCEEDED with mfa_required true on 11th transaction
+    Given I am authenticated as 'test+txnfreq@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with sufficient credit and eligible status
+    When I send 10 POST requests to '/v2/accounts/${account_id}/transactions' within 60 minutes with payload template:
+      """
+      {
+        "transaction_amount": 1.00,
+        "merchant_name": "LoadTest Shop",
+        "merchant_id": "${MERCHANT_ID}",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "freq test"
+      }
+      """
+    Then each response status should be 200
+    When I send 1 more POST request to '/v2/accounts/${account_id}/transactions' within the same 60 minutes with payload:
+      """
+      {
+        "transaction_amount": 1.00,
+        "merchant_name": "LoadTest Shop",
+        "merchant_id": "LTSHOP11",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "freq test #11"
+      }
+      """
+    Then the response status should be 429
+    And the response JSON path 'error' should equal 'FREQ_EXCEEDED'
+    And the response JSON path 'mfa_required' should equal 'true'
+
+  @api @boundary @TC-TXNFREQ-02
+  Scenario: Transaction frequency boundary does not trigger FREQ_EXCEEDED at exactly 10 transactions
+    Given I am authenticated as 'test+txnfreqb@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with sufficient credit and eligible status
+    When I send exactly 10 POST requests to '/v2/accounts/${account_id}/transactions' within 60 minutes
+    Then all 10 responses should have status 200
+    And none of the 10 responses should contain error 'FREQ_EXCEEDED'
+
+  @api @functional @TC-FX-01
+  Scenario: Foreign transaction fee calculation applies 1.03 multiplier to (amount × exchange_rate)
+    Given I am authenticated as 'test+fx01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I compute expected_total_cad as (100.00 * 1.250000) * 1.03 rounded to 2 decimals
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 100.00,
+        "merchant_name": "FX Test Merchant",
+        "merchant_id": "FXM123",
+        "mcc_code": "5812",
+        "currency_code": "USD",
+        "exchange_rate": 1.250000,
+        "transaction_type": "PURCHASE",
+        "description": "FX formula test"
+      }
+      """
+    Then the response status should be 200
+    And the response should contain a CAD total field consistent with '${expected_total_cad}' within 0.01
+
+  @api @functional @TC-FX-02
+  Scenario: Foreign fee is itemised separately as foreign_fee_amount in response
+    Given I am authenticated as 'test+fx02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 50.00,
+        "merchant_name": "FX Fee Merchant",
+        "merchant_id": "FXFEE50",
+        "mcc_code": "5999",
+        "currency_code": "EUR",
+        "exchange_rate": 1.450000,
+        "transaction_type": "PURCHASE",
+        "description": "FX fee itemization test"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path              |
+      | foreign_fee_amount |
+    And the response JSON path 'foreign_fee_amount' should be greater than 0
+
+  @api @functional @TC-TXNLIST-01
+  Scenario: List transactions default from_date is billing cycle start (fixture-based)
+    Given I am authenticated as 'test+txnlist01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And the billing cycle start date for the account is '${BILLING_CYCLE_START}'
+    And there exists at least one transaction before '${BILLING_CYCLE_START}' and at least one on or after it
+    When I send a GET request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response should include transactions from on/after '${BILLING_CYCLE_START}'
+    And the response should exclude transactions strictly before '${BILLING_CYCLE_START}'
+
+  @api @negative @TC-TXNLIST-02
+  Scenario: List transactions rejects invalid date range with 400 INVALID_DATE_RANGE when to_date < from_date
+    Given I am authenticated as 'test+txnlist02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/transactions?from_date=2026-04-10&to_date=2026-04-09' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'INVALID_DATE_RANGE'
+    And the response JSON should not contain:
+      | path          |
+      | transactions  |
+
+  @api @boundary @TC-TXNLIST-03
+  Scenario Outline: List transactions enforces per_page max 100 boundary
+    Given I am authenticated as 'test+txnlist03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with at least 120 transactions seeded
+    When I send a GET request to '/v2/accounts/${account_id}/transactions?per_page=<per_page>&page=1' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be <status>
+    And for status 200 the response JSON path 'transactions' should have length less than or equal to 100
+
+    Examples:
+      | per_page | status |
+      | 100      | 200    |
+      | 101      | 400    |
+
+  @api @security @TC-TXNLIST-04
+  Scenario: List transactions returns 403 FORBIDDEN when account not owned by user
+    Given UserA is authenticated and has a token 'tokenA'
+    And UserB owns an account_id stored as 'account_id_B'
+    When I send a GET request to '/v2/accounts/${account_id_B}/transactions' with headers:
+      | Header        | Value          |
+      | Authorization | Bearer ${tokenA} |
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'FORBIDDEN'
+    And the response JSON should not contain:
+      | path         |
+      | transactions |
+
+  @api @boundary @TC-TXNLIST-05
+  Scenario Outline: List transactions page min 1 boundary and default page=1
+    Given I am authenticated as 'test+txnlist05@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/transactions<query>' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be <status>
+    And for status 200 the response JSON path 'page' should equal <page_value>
+
+    Examples:
+      | query      | status | page_value |
+      |            | 200    | 1          |
+      | ?page=1    | 200    | 1          |
+      | ?page=0    | 400    | 0          |
+      | ?page=-1   | 400    | 0          |
+
+  @api @functional @TC-TXNLIST-06
+  Scenario Outline: List transactions category filter accepts enum values and rejects unknown
+    Given I am authenticated as 'test+txnlist06@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/transactions?category=<category>' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be <status>
+
+    Examples:
+      | category     | status |
+      | PURCHASE     | 200    |
+      | FEE          | 200    |
+      | CHARGEBACK   | 400    |
+
+  @api @functional @TC-TXN-12
+  Scenario: Initiate transaction currency_code defaults to CAD when omitted
+    Given I am authenticated as 'test+txn12@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "Test Merchant CA",
+        "merchant_id": "TMCA123456",
+        "mcc_code": "5411",
+        "transaction_type": "PURCHASE",
+        "description": "Default currency test"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path           |
+      | transaction_id |
+    When I store the response JSON path 'transaction_id' as 'transaction_id'
+    And I send a GET request to '/v2/accounts/${account_id}/transactions?page=1&per_page=25' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the transaction with id '${transaction_id}' should have currency_code 'CAD'
+
+  @api @boundary @TC-TXN-14
+  Scenario Outline: Initiate transaction transaction_type enum validation
+    Given I am authenticated as 'test+txn14@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 1.00,
+        "merchant_name": "Enum Type Merchant",
+        "merchant_id": "<merchant_id>",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "<transaction_type>"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | transaction_type  | merchant_id  | status |
+      | PURCHASE          | ENUM001      | 200    |
+      | CASH_ADVANCE      | ENUM002      | 200    |
+      | BALANCE_TRANSFER  | ENUM003      | 200    |
+      | REVERSAL          | ENUM004      | 400    |
+
+  @api @boundary @TC-TXN-15
+  Scenario Outline: Initiate transaction description max 255 chars boundary
+    Given I am authenticated as 'test+txn15@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 2.00,
+        "merchant_name": "Desc Merchant",
+        "merchant_id": "<merchant_id>",
+        "mcc_code": "5812",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "<description>"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | merchant_id | description        | status |
+      | DESC255     | ${STRING_LEN_255}  | 200    |
+      | DESC256     | ${STRING_LEN_256}  | 400    |
+
+  @api @security @TC-TXN-07
+  Scenario: Initiate transaction enforces account_id ownership (IDOR protection)
+    Given UserA is authenticated and has a token 'tokenA' and an owned account 'account_id_A'
+    And UserB is authenticated and has a token 'tokenB' and an owned account 'account_id_B'
+    When I send a POST request to '/v2/accounts/${account_id_B}/transactions' with headers:
+      | Header        | Value            |
+      | Authorization | Bearer ${tokenA} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "Test Merchant",
+        "merchant_id": "TESTMERCHANT01",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "Ownership enforcement test"
+      }
+      """
+    Then the response status should not be 200
+    And the response JSON should not contain:
+      | path           |
+      | transaction_id |
+      | auth_code      |
+    When I send a POST request to '/v2/accounts/${account_id_B}/transactions' with headers:
+      | Header        | Value            |
+      | Authorization | Bearer ${tokenB} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "Test Merchant",
+        "merchant_id": "TESTMERCHANT01",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "Owner success control"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path           |
+      | transaction_id |
+
+  @api @boundary @TC-TXN-08
+  Scenario Outline: Initiate transaction transaction_amount Decimal(10,2) precision validation
+    Given I am authenticated as 'test+txn08@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": "<amount>",
+        "merchant_name": "Precision Merchant",
+        "merchant_id": "PREC<suffix>",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | amount        | suffix | status |
+      | 99999999.99   | 01     | 200    |
+      | 0.01          | 02     | 200    |
+      | 1.001         | 03     | 400    |
+      | 1.00          | 04     | 200    |
+
+  @api @boundary @TC-TXN-09
+  Scenario Outline: Initiate transaction merchant_name max 100 chars boundary
+    Given I am authenticated as 'test+txn09@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 10.00,
+        "merchant_name": "<merchant_name>",
+        "merchant_id": "<merchant_id>",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | merchant_name       | merchant_id | status |
+      | ${STRING_LEN_100}   | MN100       | 200    |
+      | ${STRING_LEN_101}   | MN101       | 400    |
+
+  @api @boundary @TC-TXN-10
+  Scenario Outline: Initiate transaction merchant_id alphanumeric max 32 chars boundary
+    Given I am authenticated as 'test+txn10@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 12.34,
+        "merchant_name": "QA Store",
+        "merchant_id": "<merchant_id>",
+        "mcc_code": "5411",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | merchant_id                         | status |
+      | A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1    | 200    |
+      | A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1Z   | 400    |
+      | MERCHANT-01                         | 400    |
+
+  @api @negative @TC-TXN-11
+  Scenario Outline: Initiate transaction requires 4-digit mcc_code
+    Given I am authenticated as 'test+txn11@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 20.00,
+        "merchant_name": "QA Cafe",
+        "merchant_id": "QACAFE01<suffix>",
+        "mcc_code": "<mcc_code>",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | mcc_code | suffix | status |
+      | 5812     | 1      | 200    |
+      | 123      | 2      | 400    |
+      | 12345    | 3      | 400    |
+      | 12A4     | 4      | 400    |
+
+  # ---------------------------------------------------------------------------
+  # Account Summary (Dashboard API)
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-SUM-01
+  Scenario: Get account summary success returns required fields
+    Given I am authenticated as 'test+sum01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/summary' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path              |
+      | current_balance   |
+      | available_credit  |
+      | credit_limit      |
+      | account_status    |
+      | billing_cycle_end |
+      | points_balance    |
+
+  @api @functional @TC-SUM-02
+  Scenario: Get account summary include_rewards defaults to false when omitted
+    Given I am authenticated as 'test+sum02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/summary' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    When I send a GET request to '/v2/accounts/${account_id}/summary?include_rewards=false' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response payload for omitted include_rewards should be functionally equivalent to include_rewards=false for rewards sections
+
+  @api @security @TC-SUM-03
+  Scenario: Get account summary returns 403 FORBIDDEN for non-owned account
+    Given UserB is authenticated and has a token 'tokenB'
+    And UserA owns an account_id stored as 'account_id_A'
+    When I send a GET request to '/v2/accounts/${account_id_A}/summary' with headers:
+      | Header        | Value            |
+      | Authorization | Bearer ${tokenB} |
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'FORBIDDEN'
+    And the response JSON should not contain:
+      | path             |
+      | current_balance  |
+      | available_credit |
+      | credit_limit     |
+
+  # ---------------------------------------------------------------------------
+  # Card status / Lost or stolen / PIN
+  # ---------------------------------------------------------------------------
+
+  @api @state-transition @TC-CARDSTAT-01
+  Scenario: Freeze card succeeds with valid confirm_otp
+    Given I am authenticated as 'test+cardfreeze@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "Freeze via test",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path       |
+      | card_id    |
+      | new_status |
+      | updated_at |
+    And the response JSON path 'new_status' should equal 'Frozen'
+
+  @api @state-transition @TC-CARDSTAT-02
+  Scenario: Unfreeze card succeeds with valid confirm_otp
+    Given I am authenticated as 'test+cardunfreeze@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Frozen'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Active",
+        "reason": "Unfreeze via test",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'new_status' should equal 'Active'
+    And the response JSON should contain:
+      | path       |
+      | updated_at |
+
+  @api @negative @TC-CARDSTAT-03
+  Scenario: Card status update rejects invalid transition with 400 INVALID_TRANSITION and allowed_transitions
+    Given I am authenticated as 'test+cardbadtransition@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in a state where transition to 'Frozen' is invalid
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "Attempt invalid transition",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'INVALID_TRANSITION'
+    And the response JSON should contain:
+      | path                |
+      | allowed_transitions |
+
+  @api @security @TC-CARDSTAT-04
+  Scenario: Card status update fails with 401 OTP_FAILED and attempts_remaining
+    Given I am authenticated as 'test+cardotpfailed@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "confirm_otp": "000000"
+      }
+      """
+    Then the response status should be 401
+    And the response JSON path 'error' should equal 'OTP_FAILED'
+    And the response JSON should contain:
+      | path               |
+      | attempts_remaining |
+
+  @api @audit @TC-CARDSTAT-05
+  Scenario Outline: Card status reason max 255 chars (accept) vs 256 (reject); successful change is audit-logged
+    Given I am authenticated as 'test+cardreason@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "<status_value>",
+        "reason": "<reason>",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be <http_status>
+    And for status 200 the response JSON path 'new_status' should equal '<status_value>'
+
+    Examples:
+      | status_value | reason            | http_status |
+      | Frozen       | ${STRING_LEN_255} | 200         |
+      | Active       | ${STRING_LEN_256} | 400         |
+
+  @api @boundary @TC-CARDSTAT-06
+  Scenario Outline: Card status update requires 6-digit confirm_otp format
+    Given I am authenticated as 'test+cardotpformat@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "confirm_otp": "<confirm_otp>"
+      }
+      """
+    Then the response status should not be 200
+
+    Examples:
+      | confirm_otp |
+      | 12345       |
+      | 1234567     |
+      | 12A456      |
+
+  @api @functional @TC-LOST-01
+  Scenario Outline: Report card lost/stolen blocks card and schedules replacement
+    Given I am authenticated as 'test+lost01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked' or 'Closed'
+    When I send a POST request to '/v2/cards/${card_id}/report-lost' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "loss_type": "<loss_type>"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path            |
+      | blocked_card_id |
+      | new_card_eta    |
+      | case_number     |
+
+    Examples:
+      | loss_type |
+      | LOST      |
+      | STOLEN    |
+
+  @api @negative @TC-LOST-02
+  Scenario: Report lost/stolen returns 409 ALREADY_BLOCKED if card already Blocked or Closed
+    Given I am authenticated as 'test+lost02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Blocked'
+    When I send a POST request to '/v2/cards/${card_id}/report-lost' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "loss_type": "STOLEN"
+      }
+      """
+    Then the response status should be 409
+    And the response JSON path 'error' should equal 'ALREADY_BLOCKED'
+
+  @api @boundary @TC-LOST-03
+  Scenario: Report lost/stolen accepts last_known_use in ISO 8601 UTC
+    Given I am authenticated as 'test+lost03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked' or 'Closed'
+    When I send a POST request to '/v2/cards/${card_id}/report-lost' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "loss_type": "LOST",
+        "last_known_use": "2026-04-01T13:45:30Z"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path            |
+      | blocked_card_id |
+      | new_card_eta    |
+      | case_number     |
+
+  @api @negative @TC-LOST-04
+  Scenario: Report lost/stolen rejects unknown loss_type and does not block the card
+    Given I am authenticated as 'test+lost04@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked' or 'Closed'
+    When I send a POST request to '/v2/cards/${card_id}/report-lost' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "loss_type": "MISPLACED",
+        "last_known_use": "2026-03-21T10:15:30Z"
+      }
+      """
+    Then the response status should not be 200
+
+  @api @functional @TC-LOST-05
+  Scenario: Report lost/stolen accepts optional delivery_address override
+    Given I am authenticated as 'test+lost05@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked' or 'Closed'
+    When I send a POST request to '/v2/cards/${card_id}/report-lost' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "loss_type": "LOST",
+        "last_known_use": "2026-04-01T12:30:00Z",
+        "delivery_address": {
+          "street": "100 Test Ave",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "A1A 1A1"
+        }
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path            |
+      | blocked_card_id |
+      | new_card_eta    |
+      | case_number     |
+
+  @api @functional @TC-PIN-01
+  Scenario: Set virtual PIN succeeds with encrypted 4-digit PIN, matching confirm_pin, and session_otp
+    Given I am authenticated as 'test+pin01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked'
+    And I have obtained a valid 6-digit session_otp as 'session_otp' from '/v2/auth/otp/request'
+    And I have RSA-OAEP encrypted '1234' as 'enc_pin_1234'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "new_pin": "${enc_pin_1234}",
+        "confirm_pin": "${enc_pin_1234}",
+        "session_otp": "${session_otp}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'success' should equal 'true'
+    And the response JSON should contain:
+      | path       |
+      | updated_at |
+
+  @api @negative @TC-PIN-02
+  Scenario: Set virtual PIN returns 400 PIN_MISMATCH when confirm_pin does not match new_pin
+    Given I am authenticated as 'test+pin02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked'
+    And I have obtained a valid 6-digit session_otp as 'session_otp' from '/v2/auth/otp/request'
+    And I have RSA-OAEP encrypted '1234' as 'enc_pin_1234'
+    And I have RSA-OAEP encrypted '4321' as 'enc_pin_4321'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "new_pin": "${enc_pin_1234}",
+        "confirm_pin": "${enc_pin_4321}",
+        "session_otp": "${session_otp}"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'PIN_MISMATCH'
+
+  @api @boundary @TC-PIN-03
+  Scenario Outline: Set virtual PIN returns 400 PIN_FORMAT when PIN is not exactly 4 numeric digits
+    Given I am authenticated as 'test+pin03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked'
+    And I have obtained a valid 6-digit session_otp as 'session_otp' from '/v2/auth/otp/request'
+    And I have RSA-OAEP encrypted '<pin_plaintext>' as 'enc_pin'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "new_pin": "${enc_pin}",
+        "confirm_pin": "${enc_pin}",
+        "session_otp": "${session_otp}"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'PIN_FORMAT'
+
+    Examples:
+      | pin_plaintext |
+      | 123           |
+      | 12345         |
+      | 12A4          |
+
+  @api @negative @TC-PIN-04
+  Scenario: Set virtual PIN returns 403 CARD_BLOCKED when card is Blocked
+    Given I am authenticated as 'test+pin04@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Blocked'
+    And I have obtained a valid 6-digit session_otp as 'session_otp' from '/v2/auth/otp/request'
+    And I have RSA-OAEP encrypted '1234' as 'enc_pin_1234'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "new_pin": "${enc_pin_1234}",
+        "confirm_pin": "${enc_pin_1234}",
+        "session_otp": "${session_otp}"
+      }
+      """
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'CARD_BLOCKED'
+
+  @api @security @TC-PIN-05
+  Scenario Outline: Set PIN requires session_otp and rejects missing/incorrect OTP
+    Given I am authenticated as 'test+pin05@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked'
+    And I have RSA-OAEP encrypted '1234' as 'enc_pin_1234'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      <payload>
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | payload                                                                                              | status |
+      | {"new_pin":"${enc_pin_1234}","confirm_pin":"${enc_pin_1234}"}                                        | 400    |
+      | {"new_pin":"${enc_pin_1234}","confirm_pin":"${enc_pin_1234}","session_otp":"000000"}                 | 401    |
+
+  @api @security @TC-PIN-06
+  Scenario: Set PIN transmits new_pin encrypted (client payload does not contain plaintext PIN)
+    Given I am authenticated as 'test+pin06@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' not in status 'Blocked'
+    And I have obtained a valid 6-digit session_otp as 'session_otp' from '/v2/auth/otp/request'
+    And I have RSA-OAEP encrypted '1234' as 'enc_pin_1234'
+    When I send a PUT request to '/v2/cards/${card_id}/pin' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "new_pin": "${enc_pin_1234}",
+        "confirm_pin": "${enc_pin_1234}",
+        "session_otp": "${session_otp}"
+      }
+      """
+    Then the response status should be 200
+    And the last sent request JSON path 'new_pin' should not equal '1234'
+    And the last sent request body should not contain '1234'
+
+  # ---------------------------------------------------------------------------
+  # Statements / Billing rules / Rewards / Accuracy
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-STMT-01
+  Scenario: Retrieve statement defaults to JSON and returns required statement fields
+    Given I am authenticated as 'test+stmt01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response header 'Content-Type' should contain 'application/json'
+    And the response JSON should contain:
+      | path                |
+      | statement_date      |
+      | total_spend         |
+      | adb                 |
+      | interest_charged    |
+      | late_fee            |
+      | rewards_earned      |
+      | minimum_payment_due |
+      | due_date            |
+
+  @api @functional @TC-STMT-02
+  Scenario: Retrieve statement in PDF when format=PDF
+    Given I am authenticated as 'test+stmt02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=PDF' with headers:
+      | Header        | Value                |
+      | Authorization | Bearer ${access_token} |
+      | Accept        | application/pdf      |
+    Then the response status should be 200
+    And the response header 'Content-Type' should contain 'application/pdf'
+    And the response body should start with '%PDF'
+
+  @api @negative @TC-STMT-03
+  Scenario Outline: Retrieve statement returns 404 NOT_FOUND when statement missing (JSON or PDF)
+    Given I am authenticated as 'test+stmt03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/00000000-1111-2222-3333-444444444444<query>' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 404
+    And the response JSON path 'error' should equal 'NOT_FOUND'
+
+    Examples:
+      | query        |
+      |              |
+      | ?format=JSON |
+
+  @api @functional @TC-INT-01
+  Scenario: Interest computed using ADB formula for a known statement fixture
+    Given I am authenticated as 'test+int01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with statement fixture adb=1000.00 apr=0.1999 days_in_billing_cycle=30
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON path 'adb' should equal '1000.00'
+    And the response JSON path 'interest_charged' should equal '16.43'
+
+  @api @boundary @TC-INT-02
+  Scenario Outline: Interest scales with Days_in_Billing_Cycle boundaries (28/30/31)
+    Given I am authenticated as 'test+int02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a generated statement_id '<statement_id>' with fixture adb=2500.00 apr=0.2499 days_in_billing_cycle=<days>
+    When I send a GET request to '/v2/accounts/${account_id}/statements/<statement_id>?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON path 'interest_charged' should equal '<expected_interest>'
+
+    Examples:
+      | statement_id                              | days | expected_interest |
+      | ${STMT_ID_28_DAY}                          | 28   | 47.91             |
+      | ${STMT_ID_30_DAY}                          | 30   | 51.33             |
+      | ${STMT_ID_31_DAY}                          | 31   | 53.04             |
+
+  @api @functional @TC-LATEFEE-01
+  Scenario: Late fee charged when payment_received_date > due_date + 2 days
+    Given I am authenticated as 'test+latefee01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with statement fixture due_date=2026-04-10 payment_received_date=2026-04-13
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON path 'late_fee' should equal '35.00'
+
+  @api @boundary @TC-LATEFEE-02
+  Scenario: Late fee boundary - no late fee when payment_received_date equals due_date + 2 days
+    Given I am authenticated as 'test+latefee02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with statement fixture due_date=2026-04-10 payment_received_date=2026-04-12
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON path 'late_fee' should not equal '35.00'
+
+  @api @functional @TC-REW-01
+  Scenario: Rewards accrual for Travel MCC uses floor(amount × 3) (fixture-based)
+    Given I am authenticated as 'test+rew01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And the statement fixture contains a Travel MCC transaction with amount 123.45 in the cycle for statement_id '${statement_id}'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path          |
+      | rewards_earned |
+
+  @api @boundary @TC-REW-02
+  Scenario: Rewards rounding uses floor() and never round/ceil (fixture-based)
+    Given I am authenticated as 'test+rew02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And the statement fixture contains exactly two transactions in the cycle:
+      | category   | amount |
+      | TRAVEL_MCC | 0.34   |
+      | OTHER      | 1.99   |
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response JSON path 'rewards_earned' should equal '2'
+
+  @api @functional @TC-STMTACC-01
+  Scenario: Statement accuracy - sum(transaction_amount[]) equals total_spend within ±0.01
+    Given I am authenticated as 'test+stmtacc01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have an existing generated statement_id stored as 'statement_id' with cycle start '${CYCLE_START}' and cycle end '${CYCLE_END}'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    When I store the response JSON path 'total_spend' as 'total_spend'
+    And I send a GET request to '/v2/accounts/${account_id}/transactions?from_date=${CYCLE_START}&to_date=${CYCLE_END}&per_page=100&page=1' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the computed sum of transaction_amount in the response should be within 0.01 of '${total_spend}'
+
+  # ---------------------------------------------------------------------------
+  # Payments
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-PAY-01
+  Scenario: Make immediate payment (scheduled_date omitted) returns payment_id and new_balance_estimate (CSRF enforced)
+    Given I am authenticated as 'test+pay01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "payment_amount": 25.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should not be 200
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 25.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path                |
+      | payment_id          |
+      | new_balance_estimate |
+
+  @api @functional @TC-PAY-02
+  Scenario Outline: Make scheduled payment returns scheduled_date in response
+    Given I am authenticated as 'test+pay02@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 50.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}",
+        "scheduled_date": "<scheduled_date>"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'scheduled_date' should equal '<scheduled_date>'
+    And the response JSON should contain:
+      | path                |
+      | payment_id          |
+      | new_balance_estimate |
+
+    Examples:
+      | scheduled_date |
+      | 2026-05-15     |
+      | 2026-05-16     |
+
+  @api @boundary @TC-PAY-03
+  Scenario Outline: Payment amount minimum boundary (1.00 accepted; 0.99 rejected)
+    Given I am authenticated as 'test+pay03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": <payment_amount>,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be <status>
+    And for status 200 the response JSON should contain:
+      | path                |
+      | payment_id          |
+      | new_balance_estimate |
+
+    Examples:
+      | payment_amount | status |
+      | 1.00           | 200    |
+      | 0.99           | 400    |
+
+  @api @negative @TC-PAY-04
+  Scenario: Payment below minimum_payment_due returns 400 BELOW_MINIMUM with minimum_payment_due
+    Given I am authenticated as 'test+pay04@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    And I have an existing generated statement_id stored as 'statement_id'
+    When I send a GET request to '/v2/accounts/${account_id}/statements/${statement_id}?format=JSON' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    When I store the response JSON path 'minimum_payment_due' as 'minimum_payment_due'
+    And I compute 'below_min' as '${minimum_payment_due} - 0.01'
+    And I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": ${below_min},
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'BELOW_MINIMUM'
+    And the response JSON should contain:
+      | path                |
+      | minimum_payment_due |
+    And the response JSON should not contain:
+      | path       |
+      | payment_id |
+
+  @api @functional @TC-PAY-05
+  Scenario: Payment requires bank_account_id from /v2/bank-accounts
+    Given I am authenticated as 'test+pay05@example.com' with password 'Str0ng!Passw0rd'
+    When I send a GET request to '/v2/bank-accounts' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    When I store a bank_account_id from the response as 'bank_account_id'
+    And I have an owned account_id stored as 'account_id'
+    And I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 25.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path       |
+      | payment_id |
+
+  @api @negative @TC-PAY-06
+  Scenario: Payment rejects unlinked bank_account_id with 422 INVALID_BANK_ACCOUNT
+    Given I am authenticated as 'test+pay06@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 50.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "11111111-2222-4333-8444-555555555555"
+      }
+      """
+    Then the response status should be 422
+    And the response JSON path 'error' should equal 'INVALID_BANK_ACCOUNT'
+
+  @api @boundary @TC-PAY-07
+  Scenario Outline: Payment_type enum validation
+    Given I am authenticated as 'test+pay07@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 10.00,
+        "payment_type": "<payment_type>",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | payment_type       | status |
+      | MINIMUM            | 200    |
+      | STATEMENT_BALANCE  | 200    |
+      | CUSTOM             | 200    |
+      | FULL_BALANCE       | 200    |
+      | UNKNOWN_TYPE       | 400    |
+
+  @api @boundary @TC-PAY-08
+  Scenario: Payment amount max equals total_balance (at-max accepted; just-over rejected)
+    Given I am authenticated as 'test+pay08@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id' with total_balance fixture value 250.00
+    And I have a linked bank_account_id stored as 'bank_account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 250.00,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should be 200
+    When I send a POST request to '/v2/accounts/${account_id}/payments' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "payment_amount": 250.01,
+        "payment_type": "CUSTOM",
+        "bank_account_id": "${bank_account_id}"
+      }
+      """
+    Then the response status should not be 200
+
+  # ---------------------------------------------------------------------------
+  # CSRF enforcement (API)
+  # ---------------------------------------------------------------------------
+
+  @api @security @TC-CSRF-01
+  Scenario Outline: State-changing endpoints reject missing/invalid X-CSRF-Token
+    Given I am authenticated as 'test+csrf01@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | <csrf_token>           |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "QA CSRF test",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | csrf_token      | status |
+      |                 | 403    |
+      | invalid-token   | 403    |
+      | ${CSRF_TOKEN}   | 200    |
+
+  @api @security @TC-CSRF-03
+  Scenario: CSRF token required even when Authorization uses Bearer token
+    Given I am authenticated as 'test+csrf03@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "QA CSRF+Bearer",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should not be 200
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "QA CSRF+Bearer",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 200
+
+  # ---------------------------------------------------------------------------
+  # Security: PAN not transmitted (UI + API observations)
+  # ---------------------------------------------------------------------------
+
+  @ui @security @TC-PAN-02
+  Scenario: Full PAN never transmitted to frontend (HAR scan)
+    Given I open a clean browser context
+    And I start network recording
+    When I log in via the portal UI with email 'test+pan02@example.com' and password 'Str0ng!Passw0rd'
+    And I navigate through dashboard areas that load card/account data
+    Then the exported HAR should not contain PAN-like digit sequences of 13 to 19 digits
+    And the exported HAR should not contain keys 'pan' or 'card_number' with unmasked values
+
+  @api @security @TC-PAN-02
+  Scenario Outline: Selected API responses do not include raw PAN fields or PAN-like sequences
+    Given I am authenticated as 'test+panapi@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a <method> request to '<endpoint>' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the response body should not match the regex '\d{13,19}'
+    And the response body should not contain '"pan"'
+    And the response body should not contain '"card_number"'
+
+    Examples:
+      | method | endpoint                                      |
+      | GET    | /v2/accounts/${account_id}/summary            |
+      | GET    | /v2/accounts/${account_id}/statements/${STATEMENT_ID}?format=JSON |
+
+  # ---------------------------------------------------------------------------
+  # Webhooks: Notifications
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-WEBHOOK-01
+  Scenario: Notifications webhook accepts valid payload and returns notification_id and delivered_at
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "STATEMENT_READY",
+        "channel": "IN_APP",
+        "message_body": "Statement is ready",
+        "severity": "INFO",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON should contain:
+      | path            |
+      | notification_id |
+      | delivered_at    |
+      | channel         |
+    And the response JSON path 'channel' should equal 'IN_APP'
+
+  @api @negative @TC-WEBHOOK-02
+  Scenario Outline: Notifications webhook rejects unknown alert_type or channel with 400 INVALID_ALERT_TYPE
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "<alert_type>",
+        "channel": "<channel>",
+        "message_body": "Test",
+        "severity": "INFO",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be 400
+    And the response JSON path 'error' should equal 'INVALID_ALERT_TYPE'
+
+    Examples:
+      | alert_type     | channel |
+      | UNKNOWN_TYPE   | EMAIL   |
+      | LATE_PAYMENT   | FAX     |
+
+  @api @boundary @TC-WEBHOOK-03
+  Scenario Outline: Notifications webhook enforces message_body max length boundary
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "STATEMENT_READY",
+        "channel": "IN_APP",
+        "message_body": "<message_body>",
+        "severity": "INFO",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | message_body        | status |
+      | ${STRING_LEN_500}   | 200    |
+      | ${STRING_LEN_501}   | 400    |
+
+  @api @resilience @TC-IDEMP-01
+  Scenario: Notifications webhook idempotency duplicate idempotency_key returns 409 DUPLICATE_NOTIFICATION
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "FRAUD_FLAG",
+        "channel": "SMS",
+        "message_body": "Potential fraud detected",
+        "severity": "CRITICAL",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be 200
+    When I send the same POST request to '/v2/notifications/webhook' again with the same payload
+    Then the response status should be 409
+    And the response JSON path 'error' should equal 'DUPLICATE_NOTIFICATION'
+
+  @api @boundary @TC-NOTIF-01
+  Scenario Outline: Notifications webhook enforces idempotency_key UUID v4 format
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee",
+        "alert_type": "STATEMENT_READY",
+        "channel": "IN_APP",
+        "message_body": "Statement is ready.",
+        "severity": "INFO",
+        "idempotency_key": "<idempotency_key>"
+      }
+      """
+    Then the response status should be <status>
+
+    Examples:
+      | idempotency_key                            | status |
+      | 3fa85f64-5717-4562-b3fc-2c963f66afa6       | 200    |
+      | not-a-uuid                                  | 400    |
+      | 6ba7b810-9dad-11d1-80b4-00c04fd430c8       | 400    |
+
+  @api @boundary @TC-NOTIF-02
+  Scenario Outline: Notifications webhook enforces alert_type enum
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "<alert_type>",
+        "channel": "EMAIL",
+        "message_body": "Statement is ready for viewing.",
+        "severity": "INFO",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'error' should equal 'INVALID_ALERT_TYPE'
+
+    Examples:
+      | alert_type        | status |
+      | STATEMENT_READY   | 200    |
+      | OVER_LIMIT        | 200    |
+      | OVERLIMIT         | 400    |
+      | STATEMENT_READY   | 200    |
+
+  @api @boundary @TC-NOTIF-03
+  Scenario Outline: Notifications webhook enforces severity enum INFO/WARNING/CRITICAL
+    Given I generate a UUIDv4 as 'idempotency_key'
+    When I send a POST request to '/v2/notifications/webhook' with payload:
+      """
+      {
+        "account_id": "${ACCOUNT_ID}",
+        "alert_type": "FRAUD_FLAG",
+        "channel": "IN_APP",
+        "message_body": "Security alert.",
+        "severity": "<severity>",
+        "idempotency_key": "${idempotency_key}"
+      }
+      """
+    Then the response status should be <status>
+    And for status 400 the response JSON path 'error' should equal 'INVALID_ALERT_TYPE'
+
+    Examples:
+      | severity  | status |
+      | INFO      | 200    |
+      | WARNING   | 200    |
+      | CRITICAL  | 200    |
+      | HIGH      | 400    |
+      | critical  | 400    |
+
+  # ---------------------------------------------------------------------------
+  # WebSocket
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-WS-01
+  Scenario: WebSocket endpoint reachable for live transaction feed
+    Given the DNS name 'realtime.aegiscard.com' resolves to at least one IP address
+    When I open a WebSocket connection to '${REALTIME_WS_URL}'
+    Then the WebSocket handshake should result in one of:
+      | status |
+      | 101    |
+      | 401    |
+      | 403    |
+    And I capture the handshake response headers for evidence
+
+  # ---------------------------------------------------------------------------
+  # Right to rescind
+  # ---------------------------------------------------------------------------
+
+  @api @functional @TC-RESCIND-01
+  Scenario: Right to rescind allowed within 14 days via DELETE /v2/accounts/{id}
+    Given I am authenticated as the owner of account '${RESCIND_ACCOUNT_ID_WITHIN_14_DAYS}'
+    And the account issuance age is 13 days
+    When I send a DELETE request to '/v2/accounts/${RESCIND_ACCOUNT_ID_WITHIN_14_DAYS}' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    Then the response status should be one of:
+      | status |
+      | 200    |
+      | 204    |
+    When I send a GET request to '/v2/accounts/${RESCIND_ACCOUNT_ID_WITHIN_14_DAYS}/summary' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should not be 200
+
+  @api @boundary @TC-RESCIND-02
+  Scenario: Right to rescind rejected after day 14
+    Given I am authenticated as the owner of account '${RESCIND_ACCOUNT_ID_AFTER_14_DAYS}'
+    And the account issuance age is 15 days
+    When I send a DELETE request to '/v2/accounts/${RESCIND_ACCOUNT_ID_AFTER_14_DAYS}' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    Then the response status should not be one of:
+      | status |
+      | 200    |
+      | 204    |
+    When I send a GET request to '/v2/accounts/${RESCIND_ACCOUNT_ID_AFTER_14_DAYS}/summary' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+
+  # ---------------------------------------------------------------------------
+  # Architecture / OAuth / TLS form submissions (UI + observable security)
+  # ---------------------------------------------------------------------------
+
+  @ui @security @TC-PCI-01
+  Scenario: Portal and API used by forms negotiate TLS 1.3 (no TLS 1.2 downgrade)
+    Given I open a clean browser context
+    When I am on the '${PORTAL_BASE_URL}' page
+    Then the portal security details should show TLS version 'TLS 1.3'
+    When I attempt a TLS handshake to host 'api.aegiscard.com' on port 443 forcing TLS1.2
+    Then the TLS handshake result should be FAILURE
+    When I attempt a TLS handshake to host 'api.aegiscard.com' on port 443 forcing TLS1.3
+    Then the TLS handshake result should be SUCCESS
+
+  @ui @security @TC-AUTH-01
+  Scenario: OAuth 2.0 Authorization Code Flow with PKCE is observable during portal login
+    Given I open a clean browser context
+    And I start network recording
+    When I click the 'Log in' control on the portal
+    Then I should see an authorization request that includes PKCE parameters 'code_challenge' and 'code_challenge_method'
+    When I complete login with valid credentials
+    Then I should see a token exchange request that includes a PKCE parameter 'code_verifier'
+
+  # ---------------------------------------------------------------------------
+  # Non-functional: performance / scaling / autoscaling / audit trail (high-level)
+  # ---------------------------------------------------------------------------
+
+  @performance @api @TC-APISLA-01
+  Scenario: API p95 latency meets ≤ 1500 ms target for GET /summary under representative load
+    Given a load test profile is configured for endpoint '/v2/accounts/${ACCOUNT_ID}/summary' at 50 rps for 10 minutes
+    When I execute the load test and collect latency metrics
+    Then the p95 latency should be less than or equal to 1500 milliseconds
+    And the non-2xx error rate should be less than or equal to 1 percent
+
+  @performance @ui @TC-TTI-01
+  Scenario: Portal Time-to-Interactive (TTI) meets ≤ 3s on 4G (5 runs)
+    Given I configure network throttling to a 4G profile
+    When I run 5 TTI measurements against '${PORTAL_BASE_URL}'
+    Then each run should have TTI less than or equal to 3.0 seconds
+
+  @performance @api @TC-SCALE-01
+  Scenario: API gateway sustains 5000 requests/sec while maintaining response correctness for GET /summary
+    Given a load test profile is configured for endpoint '/v2/accounts/${ACCOUNT_ID}/summary' at 5000 rps for 5 minutes
+    When I execute the load test and sample 100 responses during the run
+    Then all sampled responses should be HTTP 200
+    And all sampled responses should be valid JSON containing required summary keys
+
+  @resilience @api @TC-AUTOSCALE-01
+  Scenario: Auto-scaling triggers at 70% CPU utilization and service remains available
+    Given I have access to infrastructure metrics for CPU utilization and scaling events
+    And I have a continuous availability probe running against '/v2/accounts/${ACCOUNT_ID}/summary'
+    When I ramp load until CPU utilization reaches 70 percent
+    Then a scale-out event should be observed
+    And the availability probe should continue to receive HTTP 200 responses during scale-out
+
+  @audit @api @TC-AUDIT-01
+  Scenario: Credit_limit changes create immutable audit log entry with required fields
+    Given I have privileged access to perform a controlled credit_limit change for account '${AUDIT_ACCOUNT_ID}'
+    When I change the credit_limit from 5000.00 to 6000.00 for account '${AUDIT_ACCOUNT_ID}'
+    Then an audit log entry should exist for the credit_limit change
+    And the audit log entry should contain:
+      | field         |
+      | user_id       |
+      | session_id    |
+      | ip_address    |
+      | timestamp_utc |
+    And the audit log entry should be immutable on re-query
+
+  # ---------------------------------------------------------------------------
+  # E2E flows (API-led)
+  # ---------------------------------------------------------------------------
+
+  @api @e2e @TC-E2E-01
+  Scenario: E2E Register -> Login -> Step1 -> Step2 -> Step3 approved
+    Given I have generated a unique email 'test+e2e01-${RUN_ID}@example.com'
+    When I send a POST request to '/v2/auth/register' with payload:
+      """
+      {
+        "first_name": "E2E",
+        "last_name": "User",
+        "email": "test+e2e01-${RUN_ID}@example.com",
+        "password": "Str0ng!Passw0rd",
+        "date_of_birth": "1990-01-15",
+        "phone_number": "+14165550101",
+        "ssn_last4": "1234",
+        "agree_terms": true
+      }
+      """
+    Then the response status should be 201
+    When I send a POST request to '/v2/auth/login' with payload:
+      """
+      {
+        "email": "test+e2e01-${RUN_ID}@example.com",
+        "password": "Str0ng!Passw0rd"
+      }
+      """
+    Then the response status should be 200
+    When I store the response JSON path 'access_token' as 'access_token'
+    And I send a POST request to '/v2/applications/start' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "full_legal_name": "E2E User",
+        "email": "test+e2e01-${RUN_ID}@example.com",
+        "phone_number": "+14165550101",
+        "residential_address": {
+          "street": "100 King St W",
+          "city": "Toronto",
+          "province": "ON",
+          "postal_code": "M5H 1J9"
+        },
+        "id_type": "PASSPORT",
+        "id_number": "A1B2C3D4"
+      }
+      """
+    Then the response status should be 201
+    When I store the response JSON path 'application_id' as 'application_id'
+    And I store the response JSON path 'session_token' as 'session_token'
+    And I send a POST request to '/v2/applications/${application_id}/financials' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "employment_status": "SELF_EMPLOYED",
+        "gross_annual_income": 85000.00,
+        "monthly_rent": 1800.00,
+        "existing_debt_payments": 250.00,
+        "sin_consent": true
+      }
+      """
+    Then the response status should be 200
+    And the decisioning stub is configured for application '${application_id}' with FICO value 700
+    When I send a POST request to '/v2/applications/${application_id}/submit' with headers:
+      | Header        | Value                    |
+      | Authorization | Bearer ${access_token}   |
+      | X-App-Session | ${session_token}         |
+    And payload:
+      """
+      {
+        "card_product_id": "AEGIS_GOLD",
+        "e_signature": "Sm9obiBEb2U="
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'decision' should equal 'APPROVED'
+    And the response JSON should contain:
+      | path               |
+      | credit_limit       |
+      | card_number_masked |
+
+  @api @e2e @TC-E2E-04
+  Scenario: E2E Login -> Initiate transaction -> Verify it appears in list
+    Given I am authenticated as 'test+e2e04@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned account_id stored as 'account_id'
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 12.34,
+        "merchant_name": "Test Coffee Shop",
+        "merchant_id": "TESTMERCH12345",
+        "mcc_code": "5814",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE",
+        "description": "E2E purchase"
+      }
+      """
+    Then the response status should be 200
+    When I store the response JSON path 'transaction_id' as 'transaction_id'
+    And I send a GET request to '/v2/accounts/${account_id}/transactions?from_date=${TODAY}&to_date=${TODAY}&page=1&per_page=25' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    Then the response status should be 200
+    And the transactions list should include an item with transaction_id '${transaction_id}'
+
+  @api @e2e @TC-E2E-06
+  Scenario: E2E Freeze card -> attempt transaction -> 403 CARD_INACTIVE with card_status -> unfreeze cleanup
+    Given I am authenticated as 'test+e2e06@example.com' with password 'Str0ng!Passw0rd'
+    And I have an owned card_id stored as 'card_id' in status 'Active'
+    And I have an owned account_id stored as 'account_id'
+    And I have a valid 6-digit confirm_otp as 'confirm_otp'
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "status": "Frozen",
+        "reason": "E2E freeze test",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 200
+    When I send a POST request to '/v2/accounts/${account_id}/transactions' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+    And payload:
+      """
+      {
+        "transaction_amount": 5.00,
+        "merchant_name": "Freeze Test Merchant",
+        "merchant_id": "FRZ0001",
+        "mcc_code": "5999",
+        "currency_code": "CAD",
+        "transaction_type": "PURCHASE"
+      }
+      """
+    Then the response status should be 403
+    And the response JSON path 'error' should equal 'CARD_INACTIVE'
+    And the response JSON should contain:
+      | path        |
+      | card_status |
+    When I send a PATCH request to '/v2/cards/${card_id}/status' with headers:
+      | Header        | Value                  |
+      | Authorization | Bearer ${access_token} |
+      | X-CSRF-Token  | ${CSRF_TOKEN}          |
+    And payload:
+      """
+      {
+        "status": "Active",
+        "reason": "E2E unfreeze cleanup",
+        "confirm_otp": "${confirm_otp}"
+      }
+      """
+    Then the response status should be 200
+    And the response JSON path 'new_status' should equal 'Active'
diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.json b/functional_tests/roost_test_1777467397/roost_test_1777467397.json
new file mode 100644
index 0000000..773f931
--- /dev/null
+++ b/functional_tests/roost_test_1777467397/roost_test_1777467397.json
@@ -0,0 +1,2769 @@
+[
+  {
+    "type": "functional",
+    "title": "Portal base URL reachable over HTTPS and served via CDN",
+    "description": "Verifies the frontend portal is reachable over HTTPS and that the portal is served via CDN as documented. This protects user access reliability and aligns with the documented deployment architecture. Automation: MEDIUM — requires network/TLS and response header observations.",
+    "testId": "TC-PLAT-01",
+    "testDescription": "As a cardholder using the browser portal, I can load the portal securely over HTTPS and confirm it is delivered via a CDN as specified.",
+    "prerequisites": "1) Test environment has outbound internet access and can resolve DNS for portal.aegiscard.com.\n2) Test workstation has a modern browser (Chrome/Edge) and ability to run curl/openssl.\n3) No corporate TLS interception proxy is enabled (or it is bypassed) to allow observing actual TLS version/cert chain.\n4) Ability to capture response headers (e.g., browser devtools Network tab or curl -I).",
+    "stepsToPerform": "1) Run DNS lookup for portal.aegiscard.com and observe that it resolves to at least one IP address.\n2) In a browser, navigate to https://portal.aegiscard.com and observe the page loads without a browser security warning.\n3) Confirm the browser address bar indicates a secure HTTPS connection (lock icon) and observe certificate details are present.\n4) Using openssl s_client (or equivalent), connect to portal.aegiscard.com:443 and observe the negotiated TLS protocol version.\n5) Refresh the portal page and observe that static assets (e.g., main JS/CSS bundles) are successfully downloaded (HTTP 200/304) in the Network tab.\n6) For the HTML document request, capture response headers and observe the presence of CDN-indicative headers (e.g., Via, X-Cache, CF-Cache-Status, Akamai headers) or similar.\n7) For at least one static asset request, capture response headers and observe similar CDN-indicative headers (or cache-hit semantics) are present.\n8) Repeat header capture for the same asset with a hard refresh and observe caching behavior consistent with CDN delivery (e.g., cache status/header changes) while the asset remains accessible.\n9) Record the observed portal base URL, HTTPS scheme, and evidence of CDN delivery from headers for auditability.",
+    "expectedResult": "1) https://portal.aegiscard.com is reachable and the portal UI loads over HTTPS without certificate/security warnings.\n2) Connection is negotiated successfully over TLS, and evidence is captured that HTTPS is used end-to-end.\n3) Response headers for the portal and/or static assets indicate delivery via CDN (e.g., presence of CDN/cache headers), supporting the requirement that the portal is \"served via CDN\".",
+    "sourceCitation": {
+      "location": "Section 1 Introduction & System Overview, page 2; Section 2 Web Application Architecture, page 2",
+      "excerpt": "Frontend: https://portal.aegiscard.com — React 18, served via CDN"
+    }
+  },
+  {
+    "type": "security",
+    "title": "API base URL /v2 reachable over HTTPS with TLS 1.3 minimum",
+    "description": "Verifies the API base URL is reachable over HTTPS and enforces a minimum TLS version of 1.3 as specified. This reduces risk of downgrade attacks and ensures transport security for financial/auth traffic. Automation: HIGH — pure endpoint and TLS handshake assertions.",
+    "testId": "TC-PLAT-02",
+    "testDescription": "As an API client, I can reach the documented v2 API endpoint only via HTTPS and confirm the TLS negotiation meets the minimum version requirement.",
+    "prerequisites": "1) Test runner has network access to api.aegiscard.com on TCP 443.\n2) Tools available: curl and openssl (or equivalent TLS inspection tool).\n3) A known public endpoint path exists to elicit a response (e.g., /v2/auth/login or /v2/auth/register) without requiring prior authentication.\n4) Time sync on the test runner is correct to validate certificate chains.",
+    "stepsToPerform": "1) Run DNS lookup for api.aegiscard.com and observe that it resolves.\n2) Send an HTTPS request to https://api.aegiscard.com/v2/auth/login with method POST and an empty/invalid body and observe a valid HTTP response is returned (not a network/TLS failure).\n3) Using openssl s_client, connect to api.aegiscard.com:443 and observe the negotiated TLS protocol version.\n4) Attempt to force TLS 1.2 (e.g., openssl s_client -tls1_2) to api.aegiscard.com:443 and observe the handshake is rejected or cannot be completed.\n5) Attempt to force TLS 1.3 (e.g., openssl s_client -tls1_3) and observe the handshake completes.\n6) Confirm the scheme used is HTTPS by verifying requests to https://api.aegiscard.com/v2 return responses while http://api.aegiscard.com/v2 is not used for API access in this test.\n7) Capture and store the TLS handshake output showing TLS 1.3 negotiation for evidence.\n8) Re-run the HTTPS request and observe the API continues to respond over HTTPS after successful TLS 1.3 negotiation.",
+    "expectedResult": "1) Base API URL https://api.aegiscard.com/v2 is reachable over HTTPS.\n2) TLS negotiation succeeds with TLS 1.3 and evidence is captured.\n3) Attempts to negotiate below TLS 1.3 (e.g., TLS 1.2) fail, demonstrating TLS 1.3 minimum enforcement.",
+    "sourceCitation": {
+      "location": "Section 1 Introduction & System Overview, page 2",
+      "excerpt": "Base API URL https://api.aegiscard.com/v2"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Register user succeeds (201) and triggers verification email workflow",
+    "description": "Verifies a new user can be created via the registration endpoint and that the successful response matches the documented 201 outcome including keys tied to verification. This ensures onboarding works and initiates the required email verification workflow. Automation: HIGH — API assertions on status and response keys.",
+    "testId": "TC-REG-01",
+    "testDescription": "As a new portal user, I can register with valid identity fields and receive a 201 response indicating account creation and that the verification workflow is triggered.",
+    "prerequisites": "1) A unique, unused test email is available (e.g., test+reg01-001@example.com).\n2) Test data meets validations: names alpha-only length 2-50, date_of_birth age >= 18, phone E.164, ssn_last4 4 digits, agree_terms true.\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe API response body fields (user_id, verification_token).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/register",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "requestBodyExampleMasked": "{\n  \"first_name\": \"Alicia\",\n  \"last_name\": \"Tester\",\n  \"email\": \"test+reg01-001@example.com\",\n  \"password\": \"Str0ng!Passw0rd\",\n  \"date_of_birth\": \"1990-01-15\",\n  \"phone_number\": \"+14165550101\",\n  \"ssn_last4\": \"1234\",\n  \"agree_terms\": true\n}",
+    "stepsToPerform": "1) Generate a unique email address test+reg01-001@example.com and observe it is not previously registered in the test system.\n2) Prepare a registration payload that satisfies all field validations and observe the JSON is well-formed.\n3) Send POST /v2/auth/register with the payload and observe the HTTP status code.\n4) Observe the response body contains a user identifier field named user_id.\n5) Observe the response body contains verification_token.\n6) Verify the response does not indicate an error (no error field present for the 201 success case).\n7) Re-submit the same request payload (same email) and observe it no longer returns 201 (account already exists) to confirm the first call created the account.\n8) Record user_id and verification_token artifacts for potential downstream tests (e.g., verification flow) and observe they are non-empty.\n9) Cleanup expectation: mark the created test user for deletion/purge per test environment policy (if available) and record the identifier for cleanup execution.",
+    "expectedResult": "1) API returns HTTP 201 for a valid registration.\n2) Response body includes user_id and verification_token.\n3) A follow-up registration attempt with the same email indicates the account now exists (demonstrating the first call created the account and triggered the verification workflow artifacts).",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration, page 4",
+      "excerpt": "POST /v2/auth/register Creates a new portal user account. Triggers email verification workflow."
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Register rejects when agree_terms is false",
+    "description": "Verifies registration is rejected when the user does not accept terms, enforcing the documented consent requirement. This protects regulatory/compliance posture by ensuring explicit consent is mandatory. Automation: HIGH — API validation and error response assertion.",
+    "testId": "TC-REG-02",
+    "testDescription": "As a new user, if I set agree_terms to false during registration, the system rejects the request per the validation rule.",
+    "prerequisites": "1) A unique, unused test email is available (e.g., test+reg02-001@example.com).\n2) All other registration fields are valid so only agree_terms triggers rejection.\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe HTTP status and error response fields.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/register",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "requestBodyExampleMasked": "{\n  \"first_name\": \"Brandon\",\n  \"last_name\": \"Consent\",\n  \"email\": \"test+reg02-001@example.com\",\n  \"password\": \"Str0ng!Passw0rd\",\n  \"date_of_birth\": \"1992-06-20\",\n  \"phone_number\": \"+14165550102\",\n  \"ssn_last4\": \"5678\",\n  \"agree_terms\": false\n}",
+    "stepsToPerform": "1) Generate a unique email address test+reg02-001@example.com and observe it is not previously registered.\n2) Prepare a registration request where all fields are valid except agree_terms is set to false and observe the JSON is well-formed.\n3) Send POST /v2/auth/register with the payload and observe the HTTP status code is not 201.\n4) Observe the response body contains an error indicator (e.g., error) for validation failure.\n5) Observe the response indicates which field failed (field) and includes a human-readable message (message), if provided.\n6) Repeat the request with agree_terms changed to true and observe the request is now eligible for success (expect 201) to confirm the rejection was specifically due to agree_terms.\n7) Confirm that no user_id is returned in the failure response.\n8) Confirm that no verification_token is returned in the failure response.\n9) Record evidence (request/response) showing rejection when agree_terms is false.",
+    "expectedResult": "1) Registration request is rejected when agree_terms is false.\n2) Response contains validation error structure (error and field/message as applicable), and does not return user_id/verification_token.\n3) When agree_terms is true (with otherwise identical valid data), registration can succeed (201), confirming the consent gating.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table, page 4",
+      "excerpt": "agree_terms Boolean ✓ Required Must be true; rejects if false"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Register returns 409 EMAIL_EXISTS when email already registered",
+    "description": "Verifies the system enforces email uniqueness and returns the documented conflict code when the email is already registered. This prevents duplicate accounts and supports consistent client error handling. Automation: HIGH — API status/error assertions.",
+    "testId": "TC-REG-03",
+    "testDescription": "As a user, if I attempt to register with an email that is already registered, I receive a 409 conflict with the documented EMAIL_EXISTS error.",
+    "prerequisites": "1) An existing registered user email is available in the test system (e.g., test+reg03-existing@example.com).\n2) The existing user was created previously via POST /v2/auth/register and is not deleted.\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe HTTP status and error code value.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/register",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "requestBodyExampleMasked": "{\n  \"first_name\": \"Casey\",\n  \"last_name\": \"Duplicate\",\n  \"email\": \"test+reg03-existing@example.com\",\n  \"password\": \"Str0ng!Passw0rd\",\n  \"date_of_birth\": \"1991-03-10\",\n  \"phone_number\": \"+14165550103\",\n  \"ssn_last4\": \"9012\",\n  \"agree_terms\": true\n}",
+    "errorCodeExpected": "EMAIL_EXISTS",
+    "expectedHttpStatus": 409,
+    "stepsToPerform": "1) Confirm test+reg03-existing@example.com is already registered by attempting a second registration and expecting a conflict (do not proceed if it is not registered).\n2) Prepare a new registration payload using the already-registered email and otherwise valid fields.\n3) Send POST /v2/auth/register and observe the HTTP status code.\n4) Observe the response body contains an error key/value indicating EMAIL_EXISTS.\n5) Observe the response does not include user_id and verification_token in this error case.\n6) Retry the same request and observe the same 409 behavior (consistent conflict handling).\n7) Attempt registration with a new unique email (e.g., test+reg03-new@example.com) and observe it can succeed (201) to confirm the service is functioning.\n8) Record response payload and status evidence for the 409 conflict outcome.\n9) Cleanup: flag any newly created user from step 7 for deletion per test policy.",
+    "expectedResult": "1) API returns HTTP 409 when the email is already registered.\n2) Response body error code is exactly EMAIL_EXISTS.\n3) No success artifacts (user_id, verification_token) are returned for the duplicate-email request.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration HTTP codes, page 4",
+      "excerpt": "409 Email already registered error: EMAIL_EXISTS"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Register returns 422 WEAK_PASSWORD when password complexity not met",
+    "description": "Verifies password complexity is enforced and the system returns the documented 422 error for weak passwords. This reduces account takeover risk by preventing low-entropy passwords. Automation: HIGH — API validation and error code assertion.",
+    "testId": "TC-REG-04",
+    "testDescription": "As a new user, if I submit a password that does not meet the complexity rules, the registration fails with 422 WEAK_PASSWORD.",
+    "prerequisites": "1) A unique, unused test email is available (e.g., test+reg04-001@example.com).\n2) All other registration fields are valid so only password complexity triggers rejection.\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe HTTP status and error code value in response.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/register",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "testDataMasked": "Weak password examples: \"password\" (no upper/digit/symbol, too short), \"Abcdefghijk1\" (no symbol). Strong control: \"Str0ng!Passw0rd\".",
+    "stepsToPerform": "1) Generate a unique email test+reg04-001@example.com and observe it is not previously registered.\n2) Prepare a registration payload with a clearly weak password (e.g., \"password\") and otherwise valid fields.\n3) Send POST /v2/auth/register and observe the HTTP status code.\n4) Observe the response body contains an error code value WEAK_PASSWORD.\n5) Confirm the response is not a 201 and does not include user_id or verification_token.\n6) Prepare a second payload for the same email but with a different weak password that violates a different part of the rule (e.g., \"Abcdefghijk1\" missing symbol) and observe the outcome.\n7) Send the second weak-password request and observe it also returns the same 422 WEAK_PASSWORD code.\n8) Send a control request for a new email (e.g., test+reg04-ctrl@example.com) with a strong password \"Str0ng!Passw0rd\" and observe it can succeed (201).\n9) Record evidence for weak-password rejections and control success; cleanup any created control user per test policy.",
+    "expectedResult": "1) Registration with a password that does not meet complexity rules returns HTTP 422.\n2) Response body error code is exactly WEAK_PASSWORD.\n3) No account creation artifacts (user_id, verification_token) are returned for weak-password requests.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration HTTP codes, page 4",
+      "excerpt": "422 Password does not meet complexity rules error: WEAK_PASSWORD"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Login success returns access_token, refresh_token, expires_in",
+    "description": "Verifies successful login issues the documented token set and expiry metadata. This is critical to enable authenticated access to account and transaction endpoints. Automation: HIGH — API response assertions.",
+    "testId": "TC-LOGIN-01",
+    "testDescription": "As a registered user, I can log in with correct credentials and receive access_token, refresh_token, and expires_in in the response.",
+    "prerequisites": "1) A registered user exists with known credentials (email + password) created via POST /v2/auth/register.\n2) The account is not locked.\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe response body keys access_token, refresh_token, expires_in.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/login",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "requestBodyExampleMasked": "{\n  \"email\": \"test+login01@example.com\",\n  \"password\": \"Str0ng!Passw0rd\"\n}",
+    "expectedHttpStatus": 200,
+    "stepsToPerform": "1) Ensure the test user test+login01@example.com exists and the password is known (do not proceed if unknown).\n2) Prepare a login request payload with the correct email and password and observe it is well-formed JSON.\n3) Send POST /v2/auth/login and observe the HTTP status code is 200.\n4) Observe the response contains access_token and it is non-empty.\n5) Observe the response contains refresh_token and it is non-empty.\n6) Observe the response contains expires_in and it is present.\n7) Immediately call a protected endpoint that requires a Bearer token (e.g., account summary if available) using the returned access_token and observe the request is accepted (not 401) to confirm usability.\n8) Confirm that using a tampered access_token (e.g., modify 1 character) for the same protected call is rejected (401/403), ruling out trivial token acceptance abuse.\n9) Record the login response keys (not the raw token values in logs) and evidence of successful authenticated call.",
+    "expectedResult": "1) Login returns HTTP 200.\n2) Response body includes access_token, refresh_token, expires_in.\n3) access_token is usable for authenticated calls, while a tampered token is rejected.",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance HTTP codes, page 5",
+      "excerpt": "200 Login successful access_token, refresh_token, expires_in"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Login returns 401 INVALID_CREDENTIALS for wrong password",
+    "description": "Verifies incorrect credentials are rejected with the documented 401 error code. This prevents unauthorized access and ensures consistent client behavior on authentication failure. Automation: HIGH — API status and error code assertion.",
+    "testId": "TC-LOGIN-02",
+    "testDescription": "As a user, if I provide a valid email but wrong password, login fails with 401 INVALID_CREDENTIALS.",
+    "prerequisites": "1) A registered user exists with known correct password (email: test+login02@example.com).\n2) The account is not currently locked (fewer than 5 recent failed attempts).\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Ability to observe HTTP status and error code in response.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/login",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "requestBodyExampleMasked": "{\n  \"email\": \"test+login02@example.com\",\n  \"password\": \"Wr0ng!Passw0rd\"\n}",
+    "errorCodeExpected": "INVALID_CREDENTIALS",
+    "expectedHttpStatus": 401,
+    "stepsToPerform": "1) Confirm the user test+login02@example.com exists in the test system.\n2) Prepare a login payload with the correct email and an incorrect password.\n3) Send POST /v2/auth/login and observe the HTTP status code.\n4) Observe the response body contains error: INVALID_CREDENTIALS.\n5) Confirm the response does not contain access_token, refresh_token, or expires_in.\n6) Immediately retry login with the correct password and observe that it succeeds (200) to confirm the account is valid and not locked.\n7) Confirm the successful login response includes access_token, refresh_token, expires_in.\n8) Perform cleanup by invalidating/ending any created session if the environment supports it (or discard tokens) and ensure no further failed attempts are executed to avoid lockout.\n9) Record evidence of the 401 INVALID_CREDENTIALS response for wrong password.",
+    "expectedResult": "1) Login with wrong password returns HTTP 401.\n2) Response error code is exactly INVALID_CREDENTIALS.\n3) No tokens (access_token/refresh_token/expires_in) are issued on failed login.",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance HTTP codes, page 5",
+      "excerpt": "401 Invalid credentials error: INVALID_CREDENTIALS"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Login with MFA enabled accepts optional 6-digit TOTP mfa_code",
+    "description": "Verifies the login request supports the optional mfa_code field as documented for accounts with MFA enabled. This ensures MFA-capable accounts can authenticate using a TOTP code. Automation: MEDIUM — requires an MFA-enabled test account and a TOTP generator synchronized with the secret.",
+    "testId": "TC-LOGIN-03",
+    "testDescription": "As a user with MFA enabled, I can include a 6-digit TOTP in the login request using the optional mfa_code field and complete authentication.",
+    "prerequisites": "1) A test user exists with MFA enabled on the account (email: test+mfa@example.com).\n2) The current valid 6-digit TOTP for the test user can be generated at runtime (shared secret available in secure test vault).\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Account is not locked and credentials are valid.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/login",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "stepsToPerform": "1) Generate the current 6-digit TOTP for the MFA-enabled test user (capture only that it is 6 digits; do not persist the secret).\n2) Prepare a login payload including email and password for test+mfa@example.com and include mfa_code with the generated 6-digit value.\n3) Send POST /v2/auth/login and observe the HTTP status code.\n4) Observe the response contains access_token.\n5) Observe the response contains refresh_token.\n6) Observe the response contains expires_in.\n7) Perform an authenticated API call using the returned access_token and observe it succeeds (not 401).\n8) Repeat login omitting mfa_code (keeping credentials same) and observe whether the behavior differs for MFA-enabled accounts; record the actual outcome for product review (do not assert a specific rejection unless documented).\n9) Record evidence that providing mfa_code is accepted and results in token issuance for the MFA-enabled account.",
+    "expectedResult": "1) Login request including mfa_code as a 6-digit value succeeds for an MFA-enabled account.\n2) Response contains access_token, refresh_token, expires_in on success.\n3) access_token can be used for authenticated API access.",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance field table, page 5",
+      "excerpt": "mfa_code String Optional 6-digit TOTP if MFA enabled on account"
+    }
+  },
+  {
+    "type": "state-transition",
+    "title": "Account locks after 5 failed login attempts and returns 403 ACCOUNT_LOCKED + unlock_at",
+    "description": "Verifies the account transitions into a locked state after repeated failed login attempts and returns the documented error and unlock timestamp. This mitigates brute-force attacks and provides clients with lockout timing. Automation: MEDIUM — requires controlled repeated failures and timing capture.",
+    "testId": "TC-LOGIN-04",
+    "testDescription": "As an attacker/abuse path, repeated wrong-password attempts should lock the account after 5 failures, and the API should respond with 403 ACCOUNT_LOCKED including unlock_at on subsequent attempts.",
+    "prerequisites": "1) A registered test user exists (email: test+lockout@example.com) with a known correct password.\n2) The account is currently in an unlocked state (no existing lock).\n3) API base is reachable at https://api.aegiscard.com/v2.\n4) Test runner can perform 6 sequential login attempts within a short period and capture response bodies.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/login",
+    "httpMethod": "POST",
+    "requestHeaders": "Content-Type: application/json",
+    "errorCodeExpected": "ACCOUNT_LOCKED",
+    "expectedHttpStatus": 403,
+    "stepsToPerform": "1) Confirm the account can successfully log in with the correct password (baseline) and then discard the issued tokens to avoid side effects.\n2) Send login attempt #1 with the correct email and an incorrect password and observe HTTP 401 with error INVALID_CREDENTIALS.\n3) Send login attempt #2 with incorrect password and observe HTTP 401 INVALID_CREDENTIALS.\n4) Send login attempt #3 with incorrect password and observe HTTP 401 INVALID_CREDENTIALS.\n5) Send login attempt #4 with incorrect password and observe HTTP 401 INVALID_CREDENTIALS.\n6) Send login attempt #5 with incorrect password and observe the lockout behavior is triggered (record the response; if still 401, proceed to the next step as the lock may apply starting immediately after the 5th failure).\n7) Send login attempt #6 (can be wrong password or correct password) and observe HTTP 403 with error ACCOUNT_LOCKED.\n8) In the 403 response, observe unlock_at is present and is a parseable timestamp value.\n9) Attempt login again immediately and observe it remains 403 ACCOUNT_LOCKED until unlock time (do not wait for unlock unless test environment allows; record that it remains locked).\n10) Cleanup expectation: coordinate account unlock/reset in test environment (admin action or wait until unlock_at) so the user is usable for other tests; record unlock_at for follow-up.",
+    "expectedResult": "1) After 5 failed login attempts, the account enters a locked state.\n2) Subsequent login attempts return HTTP 403 with error ACCOUNT_LOCKED.\n3) The 403 response includes unlock_at, providing the time when login may be retried.",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance HTTP codes, page 5",
+      "excerpt": "403 Account locked after 5 failed attempts error: ACCOUNT_LOCKED, unlock_at"
+    }
+  },
+  {
+    "type": "resilience",
+    "title": "Login rate limit returns 429 RATE_LIMITED with retry_after (10 req/min per IP)",
+    "description": "Verifies that the login endpoint enforces the documented per-IP rate limit and returns the specified 429 response with RATE_LIMITED and retry_after. This protects the authentication surface from brute-force and abusive traffic patterns. Automation: HIGH — pure API assertions under controlled request rate.",
+    "testId": "TC-LOGIN-05",
+    "testDescription": "As a client attempting repeated logins from the same public IP, when the rate exceeds the documented threshold, the system must throttle additional login requests and return the defined error contract including retry guidance.",
+    "prerequisites": "1) A registered portal user exists with known credentials (synthetic), e.g., email=test+rl01@example.com.\n2) Test runner can send all requests from a single stable egress IP (no NAT IP rotation during the minute).\n3) No prior login rate-limit counters are active for the egress IP for at least 60 seconds before test start.\n4) API base URL reachable: https://api.aegiscard.com/v2.",
+    "stepsToPerform": "1) Prepare valid login payload for the test user (email=test+rl01@example.com, password=ValidPass!12345) and confirm it succeeds once with HTTP 200 when sent alone.\n2) Start a 60-second window timer (T0) and ensure all subsequent requests originate from the same egress IP.\n3) Send 10 POST requests to /v2/auth/login within the same 60-second window (e.g., one every ~5 seconds) using the same valid payload; observe each response.\n4) Verify that each of these first 10 requests returns HTTP 200 and includes response body keys access_token, refresh_token, expires_in.\n5) Immediately send an 11th POST request to /v2/auth/login before the 60-second window ends; observe the response.\n6) Verify the 11th request returns HTTP 429.\n7) Verify the 429 response body contains error exactly equal to RATE_LIMITED.\n8) Verify the 429 response body contains retry_after and that it is a positive value (present and > 0) suitable for retry guidance.\n9) Wait for the retry_after duration (or until 60 seconds have elapsed since T0, whichever is longer), then send one more POST /v2/auth/login with valid payload.\n10) Verify the post-wait login attempt is accepted (HTTP 200) and returns access_token, refresh_token, expires_in (i.e., throttling is not permanent).",
+    "expectedResult": "1) When the per-IP threshold is exceeded, POST /v2/auth/login returns HTTP 429 with response body containing error: RATE_LIMITED and retry_after.\n2) The rate limit is scoped to the IP-based time window (after waiting the indicated period/window, login returns HTTP 200 again).\n3) Abuse path ruled out: excessive automated login attempts from one IP are throttled rather than continuously issuing tokens.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/login",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "429",
+    "errorCodeExpected": "RATE_LIMITED",
+    "rateLimitScenario": "Exceed 10 req/min per IP by issuing 11 login requests within 60 seconds from same IP",
+    "testDataMasked": "email=test+rl01@example.com, password=ValidPass!12345",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance, HTTP Code table (Page 5)",
+      "excerpt": "429 Rate limit exceeded (10 req/min per IP) error: RATE_LIMITED, retry_after"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Token refresh returns new access_token and refresh_token (rotation enforced)",
+    "description": "Verifies that refreshing with a valid refresh token issues a new access token and a new refresh token, consistent with rotation enforcement. This reduces session hijack risk by ensuring refresh tokens are rotated. Automation: HIGH — pure API assertions.",
+    "testId": "TC-REFRESH-01",
+    "testDescription": "As an authenticated user, when I call the token refresh endpoint with a valid refresh token, the system issues a new access token and a new refresh token per the documented refresh contract (rotation enforced).",
+    "prerequisites": "1) A registered portal user exists with valid credentials (synthetic), e.g., email=test+rt01@example.com.\n2) A successful login has been performed via POST /v2/auth/login, yielding a refresh_token artifact (opaque token) from the login response.\n3) The refresh_token is unexpired and has not been used previously.\n4) Test environment allows capturing response bodies for token comparison (do not log tokens to shared logs).",
+    "stepsToPerform": "1) Send POST /v2/auth/login with valid credentials for email=test+rt01@example.com; observe HTTP 200.\n2) Capture refresh_token from the login response body (store as refresh_token_1 in test memory) and confirm it is present.\n3) Capture access_token from the login response body (store as access_token_1) and confirm it is present.\n4) Send POST /v2/auth/token/refresh with JSON body {\"refresh_token\":\"<refresh_token_1>\"}; observe the response.\n5) Verify the refresh response returns HTTP 200.\n6) Verify the refresh response body includes access_token and refresh_token fields.\n7) Capture the returned tokens as access_token_2 and refresh_token_2.\n8) Verify access_token_2 is different from access_token_1 (string inequality).\n9) Verify refresh_token_2 is different from refresh_token_1 (string inequality), demonstrating token rotation.\n10) (Cleanup) Immediately invalidate session by discarding tokens in test memory and ensure they are not persisted anywhere in test artifacts.",
+    "expectedResult": "1) POST /v2/auth/token/refresh with a valid refresh token returns HTTP 200.\n2) Response body includes access_token and refresh_token, and both are newly issued (access_token changes; refresh_token rotates).\n3) Abuse path ruled out: refresh token reuse across sessions is discouraged by rotation (new refresh token is issued on every successful refresh).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/token/refresh",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "200",
+    "requestBodyExampleMasked": "{\"refresh_token\":\"<opaque_refresh_token_from_login>\"}",
+    "validationRulesCovered": "refresh_token required; rotation enforced",
+    "sourceCitation": {
+      "location": "Section 3.3 Token Refresh & Logout (Page 5)",
+      "excerpt": "POST /v2/auth/token/refresh Issues a new access token using a valid refresh token (rotation enforced)."
+    }
+  },
+  {
+    "type": "security",
+    "title": "Token refresh invalidates old refresh token after successful refresh (single-use)",
+    "description": "Verifies refresh-token single-use semantics by confirming the old refresh token is invalidated after a successful refresh. This prevents replay attacks if a refresh token is stolen. Automation: HIGH — pure API assertions.",
+    "testId": "TC-REFRESH-02",
+    "testDescription": "As an authenticated user, after I successfully refresh tokens once, attempting to reuse the old refresh token should fail because the old refresh is invalidated.",
+    "prerequisites": "1) A registered portal user exists with valid credentials (synthetic), e.g., email=test+rt02@example.com.\n2) A successful login has been performed via POST /v2/auth/login, yielding an initial refresh_token artifact (refresh_token_1).\n3) The initial refresh_token_1 is valid, unexpired, and unused at test start.\n4) The test client can safely store tokens in memory for the duration of the test (no persistence).",
+    "stepsToPerform": "1) Send POST /v2/auth/login with valid credentials for email=test+rt02@example.com; verify HTTP 200.\n2) Capture refresh_token from login response as refresh_token_1.\n3) Send POST /v2/auth/token/refresh with {\"refresh_token\":\"<refresh_token_1>\"}; verify HTTP 200.\n4) Capture refresh_token from refresh response as refresh_token_2 and confirm it is present.\n5) Immediately attempt to call POST /v2/auth/token/refresh again but using the old token {\"refresh_token\":\"<refresh_token_1>\"}; observe response.\n6) Verify the second refresh attempt (reusing refresh_token_1) returns HTTP 401.\n7) Verify the 401 response body contains error exactly equal to TOKEN_INVALID.\n8) Call POST /v2/auth/token/refresh using the new token {\"refresh_token\":\"<refresh_token_2>\"}; observe response.\n9) Verify this call returns HTTP 200 and returns a further rotated refresh_token (refresh_token_3) and an access_token.\n10) (Cleanup) Discard refresh_token_2/3 and access tokens from test memory and ensure they are not written to logs/artifacts.",
+    "expectedResult": "1) After a successful refresh, the old refresh token cannot be reused and results in HTTP 401 with error: TOKEN_INVALID.\n2) The newly issued refresh token remains usable for a subsequent refresh (returns HTTP 200), demonstrating correct rotation lifecycle.\n3) Abuse path ruled out: replay of a previously used refresh token is rejected (single-use).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/token/refresh",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "401 (on replay of old refresh token)",
+    "errorCodeExpected": "TOKEN_INVALID",
+    "idempotencyOrReplayScenario": "Attempt to reuse old refresh token after successful refresh",
+    "sourceCitation": {
+      "location": "Section 3.3 Token Refresh & Logout, HTTP Code table (Page 5)",
+      "excerpt": "New access token issued; old refresh invalidated"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Token refresh returns 401 TOKEN_INVALID for expired or already used refresh token",
+    "description": "Verifies the refresh endpoint rejects invalid refresh tokens with the exact 401 TOKEN_INVALID error. This ensures expired or replayed refresh tokens cannot be used to mint new access tokens. Automation: HIGH — pure API assertions.",
+    "testId": "TC-REFRESH-03",
+    "testDescription": "As a client, when I attempt to refresh tokens using a refresh token that is already used, the API must return the documented 401 TOKEN_INVALID response.",
+    "prerequisites": "1) A registered portal user exists with valid credentials (synthetic), e.g., email=test+rt03@example.com.\n2) A successful login has been performed and an initial refresh token (refresh_token_1) is available.\n3) refresh_token_1 can be consumed once successfully to make it 'already used' for the negative check.\n4) Test harness can assert HTTP status and response error fields.",
+    "stepsToPerform": "1) Send POST /v2/auth/login with valid credentials for email=test+rt03@example.com; verify HTTP 200.\n2) Capture refresh_token from login response as refresh_token_1.\n3) Send POST /v2/auth/token/refresh with {\"refresh_token\":\"<refresh_token_1>\"}; verify HTTP 200 (this consumes refresh_token_1).\n4) Confirm the successful refresh response contains a new refresh_token (store as refresh_token_2) to prove the first refresh succeeded.\n5) Attempt POST /v2/auth/token/refresh again using the already used token {\"refresh_token\":\"<refresh_token_1>\"}; observe response.\n6) Verify the response HTTP status is 401.\n7) Verify the response body contains error exactly equal to TOKEN_INVALID.\n8) Verify that no access_token or refresh_token is returned in the 401 response body (i.e., token issuance does not occur on invalid refresh).\n9) (Control) Optionally call POST /v2/auth/token/refresh with {\"refresh_token\":\"<refresh_token_2>\"} and verify HTTP 200 to confirm the endpoint still functions for valid tokens.\n10) (Cleanup) Discard any tokens from test memory to avoid leakage.",
+    "expectedResult": "1) POST /v2/auth/token/refresh with an already used refresh token returns HTTP 401 with error: TOKEN_INVALID.\n2) No new tokens are issued when TOKEN_INVALID occurs (no access_token/refresh_token minted in that response).\n3) Abuse path ruled out: replaying a used refresh token cannot extend a session or obtain new access.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/auth/token/refresh",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "401",
+    "errorCodeExpected": "TOKEN_INVALID",
+    "sourceCitation": {
+      "location": "Section 3.3 Token Refresh & Logout, HTTP Code table (Page 5)",
+      "excerpt": "401 Refresh token expired or already used error: TOKEN_INVALID"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Auth tokens stored in HttpOnly, Secure cookies (not accessible to JS)",
+    "description": "Verifies the portal stores authentication tokens in cookies marked HttpOnly and Secure, preventing JavaScript access and mitigating XSS token theft. Automation: MEDIUM — requires browser execution and JS-access checks.",
+    "testId": "TC-TOKSTORE-01",
+    "testDescription": "As a web portal user, after authentication, tokens must be stored in a way that is not accessible to browser JavaScript (HttpOnly, Secure cookies) to reduce the risk of token exfiltration via XSS.",
+    "prerequisites": "1) Access to the web portal https://portal.aegiscard.com in a test browser with devtools automation (e.g., Playwright/Cypress).\n2) A registered portal user exists with valid credentials (synthetic), e.g., email=test+cookie01@example.com.\n3) Test environment is configured to allow login without MFA for this user (or provide valid mfa_code if enabled).\n4) Ability to inspect cookies and execute JS in the browser context (document.cookie, Storage APIs).",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com in a clean browser context (no pre-existing cookies/storage) and verify no auth cookies are present.\n2) Perform login through the portal UI (or the portal’s login flow that triggers auth) using email=test+cookie01@example.com and a valid password; observe successful navigation to an authenticated area.\n3) Open browser devtools (or automation API) and list cookies set for portal.aegiscard.com and/or api.aegiscard.com relevant to auth.\n4) For each cookie used for session/auth, verify the cookie has the HttpOnly attribute set.\n5) For each cookie used for session/auth, verify the cookie has the Secure attribute set.\n6) In the authenticated portal page, execute JavaScript expression document.cookie and capture the returned string.\n7) Verify that document.cookie output does not include any access token or refresh token values (no token-like strings and no cookie names associated with auth tokens if those cookies are HttpOnly).\n8) Trigger an authenticated API call from the portal (e.g., load dashboard) and verify the request succeeds without the client manually attaching tokens in JS (i.e., cookies are used by the browser).\n9) Attempt to read cookies via JS again after the API call and confirm tokens remain inaccessible.\n10) Log out (if available) or clear the browser context and verify auth cookies are removed/invalidated for the session in the browser storage view.",
+    "expectedResult": "1) Auth/session cookies are set with HttpOnly and Secure attributes.\n2) JavaScript cannot access token cookies (document.cookie does not expose token values/cookie names stored as HttpOnly).\n3) Abuse path ruled out: token theft via XSS-reading document.cookie is mitigated by HttpOnly token storage.",
+    "rolesAndAccess": "Portal user (cardholder) authenticating via web portal",
+    "sourceCitation": {
+      "location": "Section 3 User Authentication & Session Management (Page 4)",
+      "excerpt": "Tokens are stored in HttpOnly, Secure cookies"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Auth tokens are never stored in localStorage",
+    "description": "Verifies the web portal does not persist auth tokens in localStorage, reducing exposure to XSS and shared-device risks. Also validates the negative-space requirement that tokens are not written to localStorage even after login/refresh. Automation: MEDIUM — browser storage inspection.",
+    "testId": "TC-TOKSTORE-02",
+    "testDescription": "As a security control, the portal must never store access/refresh tokens in localStorage; only HttpOnly, Secure cookies may be used for token storage.",
+    "prerequisites": "1) Access to the web portal https://portal.aegiscard.com in a test browser with automation.\n2) A registered portal user exists with valid credentials (synthetic), e.g., email=test+ls01@example.com.\n3) Ability to inspect localStorage and sessionStorage (Application tab or automation APIs).\n4) Ability to perform a token refresh event during the session (e.g., wait until access token is near expiry or trigger refresh via API if supported by the client).",
+    "stepsToPerform": "1) Launch a clean browser context and navigate to https://portal.aegiscard.com; verify localStorage is empty (or capture baseline keys for later diff).\n2) Attempt to search localStorage keys/values for token-like terms (e.g., access_token, refresh_token, jwt, bearer) and record baseline results.\n3) Log in via portal UI using email=test+ls01@example.com and valid password; verify login succeeds (authenticated landing/dashboard visible).\n4) Immediately inspect localStorage for any newly added keys and values.\n5) Verify localStorage contains no access_token, refresh_token, or JWT values (no raw token strings persisted).\n6) Inspect sessionStorage as an additional check and verify it also contains no access_token/refresh_token/JWT values.\n7) Trigger typical authenticated activity (navigate to account summary/dashboard pages) to cause API calls; then re-check localStorage and sessionStorage for token artifacts.\n8) Trigger a refresh-token rotation event (e.g., keep session active until client refresh occurs or invoke refresh in a controlled manner) and then re-check localStorage and sessionStorage again.\n9) Verify that even after refresh, no auth tokens are present in localStorage.\n10) Log out and confirm localStorage still does not contain any token values post-logout (no lingering tokens).",
+    "expectedResult": "1) localStorage does not contain auth tokens at any point (post-login, during use, or post-refresh).\n2) The portal continues to function authenticated without relying on localStorage token persistence.\n3) Abuse path ruled out: XSS exfiltration via reading localStorage does not reveal auth tokens because tokens are never stored there.",
+    "sourceCitation": {
+      "location": "Section 3 User Authentication & Session Management (Page 4)",
+      "excerpt": "Tokens are stored in HttpOnly, Secure cookies — never in localStorage."
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Application Step 1 succeeds and returns application_id + session_token (201)",
+    "description": "Verifies that starting a credit application (Step 1) creates an application and returns the required artifacts application_id and session_token with HTTP 201. This is critical because later steps depend on these artifacts for sequential submission. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP1-01",
+    "testDescription": "As an authenticated applicant, when I submit valid Step 1 personal information, the system must create a new application and return application_id and session_token for subsequent steps.",
+    "prerequisites": "1) A registered portal user exists and is authenticated via login, with a valid session (Bearer/cookie) and known email test+app1ok@example.com.\n2) No active credit application is currently in progress for this user (to avoid DUPLICATE_APPLICATION).\n3) Test data prepared for Step 1 fields using synthetic values (E.164 phone, Canadian postal code, valid province code).\n4) API base URL reachable: https://api.aegiscard.com/v2.",
+    "stepsToPerform": "1) Authenticate as the user (login) and confirm you have an authenticated session for API calls.\n2) Prepare Step 1 request body with valid values:\n   - full_legal_name: \"Jordan Avery Test\"\n   - email: \"test+app1ok@example.com\"\n   - phone_number: \"+14165550101\"\n   - residential_address: {street:\"100 King St W\", city:\"Toronto\", province:\"ON\", postal_code:\"M5H 1J9\"}\n   - id_type: \"PASSPORT\"\n   - id_number: \"A1B2C3D4\"\n3) Send POST /v2/applications/start with the Step 1 JSON body; observe response.\n4) Verify HTTP status is 201.\n5) Verify response body contains application_id and that it is a UUID-looking value (non-empty string).\n6) Verify response body contains session_token and that it is non-empty.\n7) Store application_id and session_token as artifacts for subsequent steps (do not persist to disk).\n8) Immediately re-check that the response does not indicate validation failure (no error/field/message expected on 201).\n9) (Optional control) Prepare Step 2 call but do not execute; confirm the necessary artifact names are available exactly as application_id and session_token.\n10) Cleanup expectation: if the environment supports it, ensure the created in-progress application is removed/closed after test run to avoid impacting other tests (otherwise use a unique test user per run).",
+    "expectedResult": "1) POST /v2/applications/start returns HTTP 201.\n2) Response body includes application_id and session_token exactly as named.\n3) Post-condition: application is created and can be continued using session_token in subsequent steps (artifact availability).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/applications/start",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "201",
+    "requestBodyExampleMasked": "{\"full_legal_name\":\"Jordan Avery Test\",\"email\":\"test+app1ok@example.com\",\"phone_number\":\"+14165550101\",\"residential_address\":{\"street\":\"100 King St W\",\"city\":\"Toronto\",\"province\":\"ON\",\"postal_code\":\"M5H 1J9\"},\"id_type\":\"PASSPORT\",\"id_number\":\"A1B2C3D4\"}",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information, HTTP Code table (Page 6)",
+      "excerpt": "201 Step 1 accepted; application created application_id, session_token"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 full_legal_name boundary: accept max 100 chars; reject >100",
+    "description": "Verifies boundary value behavior for full_legal_name length in Step 1: the system must accept up to 100 characters and reject anything longer. This prevents data truncation and ensures consistent identity record capture. Automation: HIGH — API-level BVA.",
+    "testId": "TC-APP1-02",
+    "testDescription": "As an authenticated applicant, I can submit my legal name up to the maximum allowed length, but the system must reject names exceeding the documented limit.",
+    "prerequisites": "1) A registered portal user exists and is authenticated; user email is test+app1bva@example.com.\n2) No active application is in progress for this user before each sub-attempt (use two separate fresh users or cleanup between attempts).\n3) Ability to generate deterministic strings of exact length 100 and 101 characters.\n4) All other Step 1 fields are valid and constant across attempts.",
+    "stepsToPerform": "1) Authenticate as test+app1bva@example.com and confirm authenticated session is active.\n2) Construct full_legal_name_100 as a string of exactly 100 characters (e.g., 100 'A' characters) and verify its length is 100.\n3) Send POST /v2/applications/start with full_legal_name=full_legal_name_100 and otherwise valid Step 1 payload (email matches authenticated user, valid phone/address/id); observe response.\n4) Verify the response is HTTP 201.\n5) Verify the 201 response contains application_id and session_token (capture then discard/cleanup this application to allow the next attempt).\n6) Ensure there is no active application in progress for the user (cleanup or use a second user test+app1bva2@example.com for the >100 case).\n7) Construct full_legal_name_101 as a string of exactly 101 characters (e.g., 101 'B' characters) and verify its length is 101.\n8) Send POST /v2/applications/start with full_legal_name=full_legal_name_101 and otherwise valid Step 1 payload; observe response.\n9) Verify the response is HTTP 400.\n10) Verify the response body contains error, field, message (as per validation failure), and that the failure corresponds to the full_legal_name field (field == \"full_legal_name\").",
+    "expectedResult": "1) A Step 1 request with full_legal_name length exactly 100 is accepted with HTTP 201 and returns application_id and session_token.\n2) A Step 1 request with full_legal_name length 101 is rejected with HTTP 400 and returns error, field, message indicating validation failure on full_legal_name.\n3) Abuse path ruled out: overly long inputs are not silently truncated; they are rejected as validation failures.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/applications/start",
+    "httpMethod": "POST",
+    "boundaryValues": "full_legal_name length: 100 (accept), 101 (reject)",
+    "expectedHttpStatus": "201 for length=100; 400 for length=101",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information, Field table (Page 6)",
+      "excerpt": "full_legal_name String ✓ Required Max 100 chars; as on government ID"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 1 email must match authenticated user email (reject mismatch)",
+    "description": "Verifies that Step 1 enforces the rule that the submitted email must match the authenticated user email, preventing identity/ownership spoofing during credit applications. Automation: HIGH — API assertions.",
+    "testId": "TC-APP1-03",
+    "testDescription": "As an authenticated user, if I try to start an application using an email different from the email on my authenticated account, the system must reject the request.",
+    "prerequisites": "1) A registered portal user exists and is authenticated as email=test+app1emailA@example.com.\n2) No active application is currently in progress for this authenticated user.\n3) A different syntactically valid email is available for mismatch attempt, e.g., test+app1emailB@example.com.\n4) All other Step 1 fields are valid (phone E.164, province 2-char code, Canadian postal code, id_type enum, id_number alphanumeric).",
+    "stepsToPerform": "1) Authenticate via login as the user with email test+app1emailA@example.com; verify authenticated session is established.\n2) Prepare a Step 1 request body where email is set to the mismatching value test+app1emailB@example.com while all other fields are valid.\n3) Send POST /v2/applications/start with the mismatching email payload; observe response.\n4) Verify HTTP status is 400 (validation failure on a field).\n5) Verify the response body contains error, field, message.\n6) Verify field equals \"email\" (indicating the email constraint caused the failure).\n7) Verify that no application_id or session_token is returned in the 400 response.\n8) Immediately send POST /v2/applications/start again with the same payload but with email corrected to test+app1emailA@example.com; observe response.\n9) Verify the corrected request succeeds with HTTP 201 and returns application_id and session_token.\n10) Cleanup: discard created application artifacts or delete/close the in-progress application to avoid DUPLICATE_APPLICATION in later runs.",
+    "expectedResult": "1) When Step 1 email does not match the authenticated user email, the API rejects with HTTP 400 and returns error, field, message (field=email).\n2) No application is created on the mismatch attempt (no application_id/session_token returned).\n3) Abuse path ruled out: a user cannot start an application under another email identity while authenticated as a different user.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/applications/start",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "400",
+    "validationRulesCovered": "email must match authenticated user email",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information, Field table (Page 6)",
+      "excerpt": "email String ✓ Required Must match authenticated user email"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 1 returns 409 DUPLICATE_APPLICATION when active application already in progress",
+    "description": "Verifies the system prevents multiple concurrent active applications by returning the specified 409 DUPLICATE_APPLICATION error when an application is already in progress. This protects underwriting workflow integrity and avoids duplicate submissions. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP1-04",
+    "testDescription": "As an authenticated applicant, if I try to start a new application while another is already active, the system must reject the request with the documented conflict error.",
+    "prerequisites": "1) A registered portal user exists and is authenticated as email=test+dupapp@example.com.\n2) The user has an active application already in progress created via Step 1 (i.e., an existing application has been started and not completed/closed).\n3) The test runner can call POST /v2/applications/start twice under the same authenticated identity.\n4) Step 1 payload data is valid and consistent between attempts.",
+    "stepsToPerform": "1) Authenticate as test+dupapp@example.com and confirm authenticated session is active.\n2) Send POST /v2/applications/start with a valid Step 1 payload (full_legal_name, matching email, E.164 phone, valid address, id_type, id_number); observe response.\n3) Verify the first request returns HTTP 201 and capture application_id_1 and session_token_1.\n4) Without completing Steps 2/3 and without any cleanup, immediately send a second POST /v2/applications/start with another valid Step 1 payload for the same authenticated user; observe response.\n5) Verify the second request returns HTTP 409.\n6) Verify the 409 response body contains error exactly equal to DUPLICATE_APPLICATION.\n7) Verify the 409 response does not return application_id/session_token for a new application.\n8) Confirm the original application_id_1 and session_token_1 artifacts remain available in test memory (no overwrite occurred).\n9) (Post-condition) Complete cleanup by completing the application flow or removing the in-progress application using test environment admin tools to prevent contamination of subsequent tests.\n10) Re-run a fresh POST /v2/applications/start after cleanup (or with a new user) to confirm the endpoint returns 201 when no active application exists.",
+    "expectedResult": "1) The second attempt to start Step 1 while an active application exists returns HTTP 409 with error: DUPLICATE_APPLICATION.\n2) The conflict response does not create a new application (no new application_id/session_token returned).\n3) Abuse path ruled out: the user cannot create multiple simultaneous active applications to bypass business controls.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/applications/start",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "409",
+    "errorCodeExpected": "DUPLICATE_APPLICATION",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information, HTTP Code table (Page 6)",
+      "excerpt": "409 Active application already in progress error: DUPLICATE_APPLICATION"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Application Step 2 succeeds with X-App-Session header and returns PENDING_REVIEW + fico_pull_id",
+    "description": "Verifies Step 2 financial information can be saved when the Step 1 session_token is provided in the X-App-Session header, and that the response indicates the soft credit pull has been queued. This protects the required session-based sequencing and ensures the client receives the tracking identifier for the queued credit pull. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-01",
+    "testDescription": "As an authenticated applicant who has completed Step 1 and received a session_token, I submit valid financial information to Step 2 with the X-App-Session header, and I receive a 200 response containing status PENDING_REVIEW and a fico_pull_id.",
+    "prerequisites": "1) Applicant has successfully completed Step 1 POST /v2/applications/start and obtained application_id and session_token.\n2) session_token is unexpired (within the stated 30 min window) and available to send as Header: X-App-Session.\n3) Test environment has access to Applications service endpoint POST /v2/applications/{application_id}/financials.\n4) A valid Bearer token session exists for the same authenticated user who started the application.",
+    "stepsToPerform": "1) Create/identify a synthetic applicant user account and authenticate to obtain a valid Bearer token; observe API calls are authorized for application endpoints.\n2) Call POST /v2/applications/start with valid personal info to create a new application; observe HTTP 201 and capture application_id and session_token.\n3) Prepare a valid Step 2 request body with employment_status=\"SELF_EMPLOYED\", gross_annual_income=85000.00, monthly_rent=1800.00, existing_debt_payments=350.00, sin_consent=true; observe the payload is well-formed JSON.\n4) Send POST /v2/applications/{application_id}/financials with Authorization: Bearer <token> and header X-App-Session: <session_token>; observe the server responds.\n5) Verify the HTTP status is 200; observe response body is JSON.\n6) Verify the response contains field status with value \"PENDING_REVIEW\"; record the value for evidence.\n7) Verify the response contains field fico_pull_id and that it is present and non-empty; record the value.\n8) Re-send the same Step 2 request once more with the same X-App-Session header; observe the server continues to accept and returns HTTP 200 (no error expected by spec for repeats).\n9) Confirm the second response also includes status \"PENDING_REVIEW\" and includes a fico_pull_id field (presence assertion).",
+    "expectedResult": "1) Step 2 returns HTTP 200.\n2) Response body includes status: \"PENDING_REVIEW\".\n3) Response body includes fico_pull_id (present and non-empty).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"employment_status\": \"SELF_EMPLOYED\", \"gross_annual_income\": 85000.00, \"other_income\": 0.00, \"monthly_rent\": 1800.00, \"existing_debt_payments\": 350.00, \"sin_consent\": true }",
+    "expectedHttpStatus": "200",
+    "validationRulesCovered": "Header: X-App-Session required; successful save returns PENDING_REVIEW and fico_pull_id",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information, HTTP Code table, page 7",
+      "excerpt": "200 Financials saved; credit pull queued status: PENDING_REVIEW, fico_pull_id"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 2 rejects when employment_status=EMPLOYED but employer_name missing",
+    "description": "Verifies employer_name becomes mandatory when employment_status is EMPLOYED and that the API rejects missing required conditional fields. This prevents incomplete employment data from being used in credit assessment. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-02",
+    "testDescription": "As an applicant submitting Step 2 financials, when I set employment_status to EMPLOYED but omit employer_name, the system must reject the request as an invalid or missing financial field.",
+    "prerequisites": "1) Applicant has successfully completed Step 1 and has a valid application_id.\n2) Applicant has a valid, unexpired session_token to send in Header: X-App-Session.\n3) Applicant is authenticated and can call application endpoints with a valid Bearer token.\n4) Step 2 endpoint POST /v2/applications/{application_id}/financials is reachable in the test environment.",
+    "stepsToPerform": "1) Authenticate as a synthetic user and obtain a valid Bearer token; observe authentication succeeds.\n2) Call POST /v2/applications/start with valid personal info; observe HTTP 201 and capture application_id and session_token.\n3) Construct Step 2 request body setting employment_status=\"EMPLOYED\" while intentionally omitting employer_name; include gross_annual_income=65000.00, monthly_rent=1500.00, existing_debt_payments=200.00, sin_consent=true.\n4) Send POST /v2/applications/{application_id}/financials with headers Authorization: Bearer <token> and X-App-Session: <session_token>; observe the server response.\n5) Verify the HTTP status is 400; capture response body.\n6) Verify response includes error and includes field and message keys (presence assertion based on 400 response schema shown for Step 2).\n7) Verify the response field references the missing conditional field by asserting field equals \"employer_name\".\n8) Fix the payload by adding employer_name=\"Synthetic Employer Inc\" while keeping employment_status=\"EMPLOYED\"; resend the request with the same headers.\n9) Verify the corrected request no longer returns 400 and instead returns HTTP 200 with status \"PENDING_REVIEW\" (successful path confirmation).",
+    "expectedResult": "1) When employer_name is omitted with employment_status=\"EMPLOYED\", API returns HTTP 400.\n2) Error response contains keys error, field, message and identifies field: \"employer_name\".\n3) After adding employer_name, API returns HTTP 200 and proceeds to the normal queued-credit-pull response pattern.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"employment_status\": \"EMPLOYED\", \"gross_annual_income\": 65000.00, \"monthly_rent\": 1500.00, \"existing_debt_payments\": 200.00, \"sin_consent\": true }",
+    "expectedHttpStatus": "400",
+    "errorCodeExpected": "400",
+    "validationRulesCovered": "employer_name required if employment_status = EMPLOYED",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information, field table, page 7",
+      "excerpt": "employer_name String Optional Required if employment_status = EMPLOYED"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 2 gross_annual_income boundary: positive and max 9,999,999.99",
+    "description": "Verifies Step 2 gross_annual_income enforces the documented numeric constraints: it must be positive and cannot exceed 9,999,999.99. This prevents invalid income values from impacting credit decisions and downstream computations. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-03",
+    "testDescription": "As an applicant completing Step 2, I submit gross_annual_income at the maximum allowed value and just over the maximum, and I also test a non-positive value, to confirm the API accepts only positive values up to 9,999,999.99.",
+    "prerequisites": "1) Applicant can complete Step 1 to obtain application_id and session_token.\n2) session_token is unexpired and will be sent as Header: X-App-Session.\n3) Applicant is authenticated with a valid Bearer token.\n4) Step 2 endpoint is available: POST /v2/applications/{application_id}/financials.",
+    "stepsToPerform": "1) Authenticate as a synthetic user; observe a valid Bearer token is available.\n2) Call POST /v2/applications/start; observe HTTP 201 and capture application_id and session_token.\n3) Build a baseline valid Step 2 payload (employment_status=\"RETIRED\", monthly_rent=0.00, existing_debt_payments=0.00, sin_consent=true) and set gross_annual_income=9999999.99.\n4) Submit baseline payload to POST /v2/applications/{application_id}/financials with X-App-Session header; observe HTTP response.\n5) Verify HTTP 200 and that response contains status \"PENDING_REVIEW\" and fico_pull_id.\n6) Modify only gross_annual_income to 10000000.00 (just past max) and resubmit with the same headers; observe HTTP response.\n7) Verify HTTP 400 and response contains error, field, message; verify field equals \"gross_annual_income\".\n8) Modify only gross_annual_income to 0.00 (non-positive) and resubmit; observe HTTP response.\n9) Verify HTTP 400 and response contains error, field, message; verify field equals \"gross_annual_income\".\n10) Modify only gross_annual_income to -1.00 and resubmit; observe HTTP response.\n11) Verify HTTP 400 and response contains error, field, message; verify field equals \"gross_annual_income\".",
+    "expectedResult": "1) With gross_annual_income=9,999,999.99 the API returns HTTP 200 and includes status: \"PENDING_REVIEW\" and fico_pull_id.\n2) With gross_annual_income=10,000,000.00 the API returns HTTP 400 with error payload including field: \"gross_annual_income\".\n3) With gross_annual_income=0.00 or -1.00 the API returns HTTP 400 with error payload including field: \"gross_annual_income\".",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "boundaryValues": "Accepted: 9999999.99; Rejected: 10000000.00; Rejected: 0.00; Rejected: -1.00",
+    "validationRulesCovered": "gross_annual_income Positive; max 9,999,999.99; in CAD",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information, field table, page 7",
+      "excerpt": "gross_annual_income Decimal ✓ Required Positive; max 9,999,999.99; in CAD"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 2 rejects when sin_consent is not true",
+    "description": "Verifies the applicant must explicitly provide sin_consent=true to proceed with the credit check at Step 2 and that the API rejects any other value. This enforces consent for the bureau soft credit pull. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-04",
+    "testDescription": "As an applicant completing Step 2, when I provide sin_consent=false (or omit the field), the system must reject the request because consent must be true to proceed with the credit check.",
+    "prerequisites": "1) Applicant has a valid application_id and session_token from Step 1.\n2) session_token is unexpired and sent via Header: X-App-Session.\n3) Applicant is authenticated with a valid Bearer token.\n4) Step 2 endpoint POST /v2/applications/{application_id}/financials is reachable.",
+    "stepsToPerform": "1) Authenticate as a synthetic user and obtain a valid Bearer token.\n2) Call POST /v2/applications/start; observe HTTP 201 and capture application_id and session_token.\n3) Create a valid Step 2 payload but set sin_consent=false; keep other required fields valid (employment_status=\"STUDENT\", gross_annual_income=12000.00, monthly_rent=650.00, existing_debt_payments=50.00).\n4) Submit Step 2 with X-App-Session header; observe the response.\n5) Verify HTTP status is 400 and response contains error, field, message.\n6) Assert field equals \"sin_consent\".\n7) Modify the payload to omit sin_consent entirely and resubmit; observe the response.\n8) Verify HTTP status is 400 and response contains error, field, message; assert field equals \"sin_consent\".\n9) Modify the payload to set sin_consent=true and resubmit; observe the response.\n10) Verify HTTP 200 and response includes status \"PENDING_REVIEW\" and fico_pull_id.",
+    "expectedResult": "1) When sin_consent is false, API returns HTTP 400 with error payload and field: \"sin_consent\".\n2) When sin_consent is omitted, API returns HTTP 400 with error payload and field: \"sin_consent\".\n3) When sin_consent is true, API returns HTTP 200 and includes status: \"PENDING_REVIEW\" and fico_pull_id.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "validationRulesCovered": "sin_consent must be true",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information, field table, page 7",
+      "excerpt": "sin_consent Boolean ✓ Required Must be true to proceed with credit check"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 3 submit approved decision for FICO > 680 includes credit_limit and card_number_masked",
+    "description": "Verifies Step 3 returns the APPROVED decision branch when the credit score condition is met and that the response includes credit_limit and card_number_masked. This ensures the portal can display the approval outcome while only showing masked PAN data. Automation: MEDIUM — requires a controllable test bureau/FICO outcome or stub.",
+    "testId": "TC-APP3-01",
+    "testDescription": "As an applicant who completed Steps 1 and 2, when I submit Step 3 and the credit logic yields FICO > 680, I receive decision APPROVED along with credit_limit and card_number_masked.",
+    "prerequisites": "1) Applicant has completed Step 1 and Step 2 successfully and holds application_id and session_token.\n2) session_token is unexpired and available for Header: X-App-Session for Step 3.\n3) A valid card_product_id is available (e.g., \"AEGIS_GOLD\") from the products catalog used by Step 3.\n4) Test environment supports deterministically producing an approval outcome: \"Auto-Approved (FICO > 680)\" for the application under test (e.g., via bureau stub/test profile).",
+    "stepsToPerform": "1) Authenticate as a synthetic applicant and obtain a valid Bearer token.\n2) Complete Step 1 (POST /v2/applications/start); observe HTTP 201 and capture application_id and session_token.\n3) Complete Step 2 (POST /v2/applications/{application_id}/financials) with valid data and sin_consent=true; observe HTTP 200 and capture fico_pull_id.\n4) Ensure test setup/stub is configured so the application will evaluate as \"Auto-Approved (FICO > 680)\" when Step 3 runs; observe configuration is in effect for this application_id.\n5) Build a Step 3 request with card_product_id=\"AEGIS_GOLD\" and a Base64-encoded typed signature (e_signature=\"U3ludGhldGljIFNpZ25hdHVyZQ==\"); omit marketing_opt_in.\n6) Submit POST /v2/applications/{application_id}/submit with Authorization Bearer token and X-App-Session header; observe HTTP response.\n7) Verify HTTP status is 200; capture response body.\n8) Verify response includes decision=\"APPROVED\".\n9) Verify response includes credit_limit (present) and card_number_masked (present).\n10) Verify card_number_masked is masked format (does not contain 13-19 consecutive digits); record for evidence.",
+    "expectedResult": "1) Step 3 returns HTTP 200 with decision: \"APPROVED\" for the configured approval condition.\n2) Response body includes credit_limit.\n3) Response body includes card_number_masked (masked; no full PAN exposed).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"card_product_id\": \"AEGIS_GOLD\", \"e_signature\": \"U3ludGhldGljIFNpZ25hdHVyZQ==\" }",
+    "expectedHttpStatus": "200",
+    "validationRulesCovered": "Approved decision branch includes credit_limit and card_number_masked",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection, HTTP Code table, page 8",
+      "excerpt": "200 Auto-Approved (FICO > 680) decision: APPROVED, credit_limit, card_number_masked"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 3 submit pending decision for FICO 600-680 includes review_eta_hours",
+    "description": "Verifies Step 3 returns the PENDING decision branch for the defined FICO band and includes review_eta_hours. This ensures the portal can display an underwriting referral timeline. Automation: MEDIUM — requires a controllable test bureau/FICO outcome or stub.",
+    "testId": "TC-APP3-02",
+    "testDescription": "As an applicant who completed Steps 1 and 2, when I submit Step 3 and the credit logic yields FICO 600-680, I receive decision PENDING with review_eta_hours.",
+    "prerequisites": "1) Applicant has completed Step 1 and Step 2 successfully and holds application_id and session_token.\n2) session_token is unexpired and available for Header: X-App-Session for Step 3.\n3) A valid card_product_id is available for submission (e.g., \"AEGIS_GOLD\").\n4) Test environment supports deterministically producing the referral outcome: \"Referred to underwriter (FICO 600-680)\" for the application under test (via stub/test profile).",
+    "stepsToPerform": "1) Authenticate as a synthetic applicant and obtain a valid Bearer token.\n2) Complete Step 1 (POST /v2/applications/start); observe HTTP 201 and capture application_id and session_token.\n3) Complete Step 2 with valid financials and sin_consent=true; observe HTTP 200.\n4) Configure the test bureau/stub so the application evaluates as \"Referred to underwriter (FICO 600-680)\" for Step 3; observe configuration is applied.\n5) Build a Step 3 request with card_product_id=\"AEGIS_GOLD\" and e_signature=\"VGVzdCBTaWduYXR1cmU=\"; set marketing_opt_in=true.\n6) Submit POST /v2/applications/{application_id}/submit with Authorization Bearer token and X-App-Session; observe HTTP response.\n7) Verify HTTP 200 and capture response body.\n8) Verify response includes decision=\"PENDING\".\n9) Verify response includes review_eta_hours (present and non-empty).\n10) Verify response does not require credit_limit fields for this path by asserting credit_limit is absent OR null only if your API contract supports such check; otherwise limit to presence check of review_eta_hours and decision.",
+    "expectedResult": "1) Step 3 returns HTTP 200 with decision: \"PENDING\" under the configured FICO band.\n2) Response body includes review_eta_hours.\n3) Response body matches the pending branch contract (decision + review ETA fields present).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"card_product_id\": \"AEGIS_GOLD\", \"e_signature\": \"VGVzdCBTaWduYXR1cmU=\", \"marketing_opt_in\": true }",
+    "expectedHttpStatus": "200",
+    "validationRulesCovered": "Pending decision branch includes review_eta_hours",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection, HTTP Code table, page 8",
+      "excerpt": "200 Referred to underwriter (FICO 600-680) decision: PENDING, review_eta_hours"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 3 submit declined decision for FICO < 600 includes reason_code",
+    "description": "Verifies Step 3 returns the DECLINED decision branch when the credit score is below the threshold and includes reason_code. This ensures compliant, explainable decline handling and enables the portal to display the decline reason code. Automation: MEDIUM — requires a controllable test bureau/FICO outcome or stub.",
+    "testId": "TC-APP3-03",
+    "testDescription": "As an applicant who completed Steps 1 and 2, when I submit Step 3 and the credit logic yields FICO < 600, I receive decision DECLINED with reason_code.",
+    "prerequisites": "1) Applicant has completed Step 1 and Step 2 successfully and holds application_id and session_token.\n2) session_token is unexpired and available for Header: X-App-Session for Step 3.\n3) A valid card_product_id is available (e.g., \"AEGIS_GOLD\").\n4) Test environment supports deterministically producing the decline outcome: \"Auto-Declined (FICO < 600)\" for the application under test.",
+    "stepsToPerform": "1) Authenticate as a synthetic applicant and obtain a valid Bearer token.\n2) Complete Step 1 (POST /v2/applications/start); observe HTTP 201 and capture application_id and session_token.\n3) Complete Step 2 with valid financials and sin_consent=true; observe HTTP 200.\n4) Configure the test bureau/stub so Step 3 evaluates as \"Auto-Declined (FICO < 600)\"; observe configuration is applied.\n5) Build a Step 3 request with card_product_id=\"AEGIS_GOLD\" and e_signature=\"RGVjbGluZSBUZXN0IFNpZw==\".\n6) Submit POST /v2/applications/{application_id}/submit with Authorization and X-App-Session; observe HTTP response.\n7) Verify HTTP 200 and capture response body.\n8) Verify response includes decision=\"DECLINED\".\n9) Verify response includes reason_code (present and non-empty).\n10) Verify response does not include unmasked card data by asserting no field contains a 13-19 digit sequence; record results.",
+    "expectedResult": "1) Step 3 returns HTTP 200 with decision: \"DECLINED\" under the configured FICO condition.\n2) Response body includes reason_code.\n3) No unmasked card number data is exposed in the decline response payload.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"card_product_id\": \"AEGIS_GOLD\", \"e_signature\": \"RGVjbGluZSBUZXN0IFNpZw==\" }",
+    "expectedHttpStatus": "200",
+    "validationRulesCovered": "Declined decision branch includes reason_code",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection, HTTP Code table, page 8",
+      "excerpt": "200 Auto-Declined (FICO < 600) decision: DECLINED, reason_code"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 3 rejects missing/malformed e_signature with 400 SIGNATURE_REQUIRED",
+    "description": "Verifies Step 3 enforces the required Base64-encoded typed name signature and rejects missing or malformed signatures with the specified error. This prevents unsigned submissions and supports non-repudiation controls. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP3-04",
+    "testDescription": "As an applicant submitting Step 3, if I omit e_signature or send a malformed value, the system must respond with HTTP 400 and error SIGNATURE_REQUIRED.",
+    "prerequisites": "1) Applicant has completed Step 1 and Step 2 successfully and holds application_id and session_token.\n2) session_token is unexpired and available for Header: X-App-Session.\n3) A valid card_product_id is available for use in Step 3 (e.g., \"AEGIS_GOLD\").\n4) Applicant is authenticated with a valid Bearer token.",
+    "stepsToPerform": "1) Authenticate as a synthetic applicant; obtain a valid Bearer token.\n2) Complete Step 1; capture application_id and session_token.\n3) Complete Step 2 with sin_consent=true; observe HTTP 200.\n4) Build a Step 3 request body with card_product_id=\"AEGIS_GOLD\" but omit e_signature; observe JSON is otherwise valid.\n5) Submit POST /v2/applications/{application_id}/submit with Authorization and X-App-Session; observe response.\n6) Verify HTTP status 400 and error equals \"SIGNATURE_REQUIRED\".\n7) Build another Step 3 request with card_product_id=\"AEGIS_GOLD\" and e_signature=\"not-base64\" (malformed); submit again with same headers.\n8) Verify HTTP status 400 and error equals \"SIGNATURE_REQUIRED\".\n9) Build a correct Step 3 request with e_signature set to a valid Base64 string (e.g., \"VGVzdCBTaWduYXR1cmU=\"); submit.\n10) Verify the corrected request does not return 400 SIGNATURE_REQUIRED (i.e., proceeds to HTTP 200 decision response).",
+    "expectedResult": "1) Missing e_signature returns HTTP 400 with error: \"SIGNATURE_REQUIRED\".\n2) Malformed e_signature returns HTTP 400 with error: \"SIGNATURE_REQUIRED\".\n3) Valid Base64 e_signature is accepted and Step 3 proceeds to an HTTP 200 decision response.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "errorCodeExpected": "SIGNATURE_REQUIRED",
+    "expectedHttpStatus": "400",
+    "validationRulesCovered": "e_signature missing or malformed -> SIGNATURE_REQUIRED",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection, HTTP Code table, page 8",
+      "excerpt": "400 e_signature missing or malformed error: SIGNATURE_REQUIRED"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 3 marketing_opt_in defaults to false when omitted",
+    "description": "Verifies Step 3 applies the documented default for marketing_opt_in when the field is not provided. This ensures consistent consent handling and avoids unintended opt-in. Automation: MEDIUM — depends on whether response echoes marketing_opt_in or is queryable; validate via response if present.",
+    "testId": "TC-APP3-05",
+    "testDescription": "As an applicant submitting Step 3, when I omit marketing_opt_in, the system should treat it as false by default.",
+    "prerequisites": "1) Applicant has completed Step 1 and Step 2 successfully and holds application_id and session_token.\n2) session_token is unexpired and sent via Header: X-App-Session.\n3) A valid card_product_id is available for Step 3.\n4) Step 3 response or subsequent fetch in the test environment exposes marketing_opt_in (or a consent flag) to verify the applied default (otherwise this test is blocked).",
+    "stepsToPerform": "1) Authenticate as a synthetic applicant and obtain a valid Bearer token.\n2) Complete Step 1 to obtain application_id and session_token.\n3) Complete Step 2 with valid financials and sin_consent=true.\n4) Build a Step 3 request body containing card_product_id=\"AEGIS_GOLD\" and a valid Base64 e_signature, and omit marketing_opt_in.\n5) Submit POST /v2/applications/{application_id}/submit with Authorization and X-App-Session; observe HTTP 200.\n6) Inspect the Step 3 response body for marketing_opt_in; if present, record its value.\n7) Assert marketing_opt_in equals false when omitted (if present in response).\n8) Submit another Step 3 request for a fresh application where marketing_opt_in=true is explicitly provided; observe HTTP 200 and compare behavior.\n9) Verify that when explicitly set to true, the response reflects true (if the field is returned) to confirm the field is honored vs defaulted.\n10) If marketing_opt_in is not returned by Step 3 response, mark test as blocked and capture evidence that the API contract does not expose the field needed for verification.",
+    "expectedResult": "1) When marketing_opt_in is omitted, the system applies the default value false.\n2) Where observable, marketing_opt_in in the response (or retrieved application record) is false.\n3) When marketing_opt_in=true is explicitly provided, it is not defaulted to false (where observable).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>, X-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{ \"card_product_id\": \"AEGIS_GOLD\", \"e_signature\": \"VGVzdCBTaWduYXR1cmU=\" }",
+    "expectedHttpStatus": "200",
+    "validationRulesCovered": "marketing_opt_in Boolean Optional Default false",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection, field table, page 7",
+      "excerpt": "marketing_opt_in Boolean Optional Default false"
+    }
+  },
+  {
+    "type": "state-transition",
+    "title": "Enforce sequential completion: Step 2 cannot be completed before Step 1 issues session_token",
+    "description": "Verifies the application workflow enforces sequential ordering by requiring the Step 1-issued session_token to accompany Step 2. This protects against out-of-order or spoofed submissions and ensures the server enforces the intended application state machine. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APPSEQ-01",
+    "testDescription": "As an applicant, I cannot submit Step 2 financial information unless Step 1 has been completed and a session_token has been issued, because each step must be completed in order and the token must accompany Step 2.",
+    "prerequisites": "1) API base URL is reachable and Step 2 endpoint exists: POST /v2/applications/{application_id}/financials.\n2) A valid authenticated Bearer token is available for the test user.\n3) A synthetically generated UUID is available to use as a non-existent or not-started application_id (e.g., \"11111111-1111-1111-1111-111111111111\").\n4) No Step 1 has been executed for the chosen application_id used in the negative attempt.",
+    "stepsToPerform": "1) Authenticate as a synthetic user and obtain a valid Bearer token; observe token is accepted for API calls.\n2) Choose an application_id that has not been created via Step 1 (synthetic UUID); record it for the test evidence.\n3) Prepare a valid Step 2 payload (employment_status=\"UNEMPLOYED\", gross_annual_income=30000.00, monthly_rent=900.00, existing_debt_payments=150.00, sin_consent=true).\n4) Call POST /v2/applications/{application_id}/financials WITHOUT the X-App-Session header; observe the server response.\n5) Verify the request is rejected (non-200) and capture status code and response payload for evidence.\n6) Now execute Step 1 properly by calling POST /v2/applications/start with valid personal info; observe HTTP 201 and capture application_id and session_token.\n7) Call POST /v2/applications/{application_id}/financials for the created application_id, this time including header X-App-Session: <session_token>; observe response.\n8) Verify HTTP 200 and response includes status \"PENDING_REVIEW\" and fico_pull_id.\n9) Attempt Step 2 again using the created application_id but with an invalid X-App-Session value (e.g., \"invalid-token\"); observe response.\n10) Verify HTTP 401 and error equals \"SESSION_EXPIRED\" when session_token is invalid.",
+    "expectedResult": "1) Step 2 attempt before Step 1 issues session_token is rejected (non-200), demonstrating steps are enforced in order.\n2) After completing Step 1 and sending X-App-Session with the issued session_token, Step 2 succeeds with HTTP 200 and returns status: \"PENDING_REVIEW\" and fico_pull_id.\n3) Step 2 with an invalid X-App-Session token returns HTTP 401 with error: \"SESSION_EXPIRED\".",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token> (and optionally X-App-Session depending on step)",
+    "sessionExpiryScenario": "Invalid token should be treated as 'expired or invalid' for 401 SESSION_EXPIRED",
+    "sourceCitation": {
+      "location": "Section 4 Credit Application Web Flow (intro paragraph), page 6",
+      "excerpt": "Each step must be completed in order; the system issues a session_token on Step 1 that must accompany Steps 2 and 3."
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 2 returns 401 SESSION_EXPIRED when session_token is expired/invalid",
+    "description": "Verifies the credit application Step 2 endpoint rejects an expired or invalid application session token with the documented HTTP status and error code, preventing unauthorized or replayed progression through the multi-step application flow. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APPSEQ-02",
+    "testDescription": "As an authenticated applicant who already completed Step 1 and received a session_token, when I submit Step 2 financial information with an expired/invalid X-App-Session value, the API must deny the request with 401 and error SESSION_EXPIRED.",
+    "prerequisites": "1) Authenticated user session is active (valid login) and can call /v2/applications/start.\n2) Step 1 completed successfully via POST /v2/applications/start returning application_id and session_token.\n3) Test harness ability to send Step 2 request with a deliberately invalid or expired session token value in header X-App-Session.\n4) Known-valid application_id from Step 1 is available for use in the Step 2 path parameter.",
+    "stepsToPerform": "1) Call POST /v2/applications/start with valid personal info and observe HTTP 201 is returned.\n2) Capture application_id from the Step 1 response and observe that session_token is present in the response body.\n3) Construct an invalid session token value (e.g., replace session_token with synthetic value \"invalid-session-token-0001\") and observe it differs from the captured session_token.\n4) Prepare a valid Step 2 request body with employment_status=\"EMPLOYED\", employer_name=\"TestCo\", gross_annual_income=75000.00, other_income=0.00, monthly_rent=1500.00, existing_debt_payments=250.00, sin_consent=true and observe it satisfies required fields.\n5) Send POST /v2/applications/{application_id}/financials using the captured application_id but set header X-App-Session to the invalid token value and observe the API response is received.\n6) Observe the HTTP status code is 401.\n7) Observe the response body contains error=\"SESSION_EXPIRED\".\n8) Re-send the same Step 2 request with the valid captured session_token in header X-App-Session and observe the API returns a non-401 response (expected success path is HTTP 200 if financial fields are valid).\n9) Verify abuse-path protection: repeat Step 2 call with a second different invalid X-App-Session value and observe it is also rejected with HTTP 401 and error SESSION_EXPIRED.\n10) Cleanup: discard the created application_id (no further steps executed) and observe no subsequent Step 2 success artifacts (status/ fico_pull_id) were obtained during the invalid-token attempts.",
+    "expectedResult": "1) Step 2 request with invalid/expired X-App-Session returns HTTP 401.\n2) Response body includes error: SESSION_EXPIRED.\n3) Using the correct session_token in X-App-Session does not return 401 (proves rejection is tied to invalid/expired token, not the application_id).",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 HTTP codes, page 7",
+      "excerpt": "401 session_token expired or invalid error: SESSION_EXPIRED"
+    },
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <valid>; X-App-Session: <invalid or expired token>; Content-Type: application/json",
+    "requestBodyExampleMasked": "{\"employment_status\":\"EMPLOYED\",\"employer_name\":\"TestCo\",\"gross_annual_income\":75000.00,\"other_income\":0.00,\"monthly_rent\":1500.00,\"existing_debt_payments\":250.00,\"sin_consent\":true}",
+    "expectedHttpStatus": 401,
+    "errorCodeExpected": "SESSION_EXPIRED",
+    "rolesAndAccess": "Authenticated applicant (cardholder portal user)",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "boundary",
+    "title": "Validate X-App-Session header required and expiry is 30 minutes",
+    "description": "Validates that Step 2 requires the X-App-Session header and that the session_token lifetime boundary at 30 minutes is enforced, protecting the sequential application flow from stale session reuse. Automation: MEDIUM — requires time control or clock manipulation to assert the 30-minute boundary precisely.",
+    "testId": "TC-APPSEQ-03",
+    "testDescription": "As an authenticated applicant who has a Step 1 session_token, when I submit Step 2 without X-App-Session it should be rejected, and when I submit Step 2 at 29:59 it should be accepted but at 30:01 it should be rejected due to expiry.",
+    "prerequisites": "1) Authenticated user session is active and can call /v2/applications/start.\n2) Step 1 completed successfully via POST /v2/applications/start returning application_id and session_token.\n3) Ability to measure elapsed time since Step 1 issuance (or use a controllable clock in test environment) to hit 29:59 and 30:01 marks.\n4) A valid Step 2 request body is prepared with sin_consent=true and other required fields.",
+    "stepsToPerform": "1) Call POST /v2/applications/start and observe HTTP 201.\n2) Capture application_id and session_token from the response and record issuance timestamp T0 (test harness time).\n3) Prepare Step 2 valid payload: employment_status=\"SELF_EMPLOYED\", gross_annual_income=90000.00, other_income=5000.00, monthly_rent=0.00, existing_debt_payments=300.00, sin_consent=true and observe it is complete.\n4) Send POST /v2/applications/{application_id}/financials with NO X-App-Session header and observe the API response is received.\n5) Observe the request is rejected (non-200) and record the HTTP status and error/field/message returned.\n6) Wait until elapsed time since T0 is 29 minutes 59 seconds (T0+00:29:59) and observe the target time is reached.\n7) Send POST /v2/applications/{application_id}/financials with header X-App-Session set to the captured session_token and observe the API response is received.\n8) Observe HTTP 200 is returned and response includes status=\"PENDING_REVIEW\" and fico_pull_id.\n9) Create a second application by repeating Step 1 to obtain a new application_id2 and session_token2 and record its issuance time T1.\n10) Wait until elapsed time since T1 is 30 minutes 1 second (T1+00:30:01) and observe the target time is reached.\n11) Send POST /v2/applications/{application_id2}/financials with header X-App-Session=session_token2 and observe the API response is received.\n12) Observe the request is rejected with HTTP 401 and response error=\"SESSION_EXPIRED\" (expiry boundary enforced).",
+    "expectedResult": "1) Step 2 without the X-App-Session header is rejected (request does not succeed).\n2) At T0+29:59, Step 2 with X-App-Session=session_token succeeds with HTTP 200 and returns status: PENDING_REVIEW and fico_pull_id.\n3) At T1+30:01, Step 2 with X-App-Session=session_token2 fails with HTTP 401 and error: SESSION_EXPIRED.",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 field table, page 7",
+      "excerpt": "session_token String ✓ Required Header: X-App-Session; expires 30 min"
+    },
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "boundaryValues": "Expiry boundary at 30 minutes: test at 29:59 (expected valid) and 30:01 (expected expired).",
+    "requestHeaders": "Authorization: Bearer <valid>; X-App-Session: <present/absent per step>; Content-Type: application/json",
+    "requestBodyExampleMasked": "{\"employment_status\":\"SELF_EMPLOYED\",\"gross_annual_income\":90000.00,\"other_income\":5000.00,\"monthly_rent\":0.00,\"existing_debt_payments\":300.00,\"sin_consent\":true}",
+    "automationFeasibility": "MEDIUM"
+  },
+  {
+    "type": "functional",
+    "title": "Credit application auto-save occurs every 60 seconds to localStorage draft",
+    "description": "Verifies the portal credit application form periodically persists a draft to browser localStorage at the documented interval, reducing risk of data loss during multi-step entry. Automation: MEDIUM — requires browser automation with localStorage inspection and time-based assertions.",
+    "testId": "TC-DRAFT-01",
+    "testDescription": "As an applicant filling out the credit application, my in-progress entries should be auto-saved every 60 seconds into localStorage as a draft so that a page refresh can restore my progress.",
+    "prerequisites": "1) Access to the web portal application flow UI where the credit application multi-step form is available.\n2) Test browser profile starts with empty localStorage for portal origin (https://portal.aegiscard.com).\n3) Ability to observe and read localStorage entries for the portal origin via automation tooling (e.g., Playwright/Cypress).\n4) Stable environment where timers are not throttled (avoid background-tab timer clamping).",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com and observe the credit application form is reachable.\n2) Clear localStorage for the portal origin and observe localStorage is empty (no draft entries present).\n3) Start entering Step 1 personal information fields (e.g., full legal name \"Jordan Test\", phone \"+14165550199\") and observe values appear in the UI input controls.\n4) Immediately inspect localStorage and observe no new draft entry is required to exist yet (before 60 seconds elapse).\n5) Wait 60 seconds from completion of Step 3 action and observe the time threshold is reached.\n6) Inspect localStorage and observe a new/updated draft entry exists (key/value pair) representing the application draft.\n7) Modify one field value (e.g., change phone to \"+14165550200\") and observe the UI shows the updated value.\n8) Wait another 60 seconds and observe the time threshold is reached again.\n9) Inspect localStorage and observe the draft entry is updated to reflect the modified value.\n10) Refresh the page and observe the application form restores values consistent with the latest saved draft (or the application draft is available to resume based on portal behavior).\n11) Cleanup: clear localStorage for the portal origin and observe the draft entry is removed to avoid cross-test contamination.",
+    "expectedResult": "1) A draft is written to localStorage after 60 seconds of in-progress application data entry.\n2) After another 60 seconds following edits, the localStorage draft is updated (not stale).\n3) Refreshing the page allows restoring/resuming from the localStorage draft (observable persistence across reload).",
+    "sourceCitation": {
+      "location": "Section 4 Credit Application Web Flow, page 6",
+      "excerpt": "Auto-save occurs every 60 seconds to {c('localStorage')} as a draft."
+    },
+    "rolesAndAccess": "Portal user/applicant",
+    "automationFeasibility": "MEDIUM"
+  },
+  {
+    "type": "security",
+    "title": "Draft auto-save does not store auth tokens in localStorage (conflict check)",
+    "description": "Ensures the portal’s localStorage draft auto-save does not leak authentication tokens into localStorage, aligning with the documented token storage policy and reducing token theft risk via XSS. Automation: HIGH — browser automation + storage inspection.",
+    "testId": "TC-DRAFT-02",
+    "testDescription": "As an authenticated portal user filling a credit application, the app may store a draft in localStorage, but it must never store access_token/refresh_token (or any auth tokens) in localStorage.",
+    "prerequisites": "1) Portal user can authenticate successfully and reaches an authenticated state.\n2) Test browser allows inspection of localStorage for https://portal.aegiscard.com.\n3) localStorage is cleared at test start for the portal origin.\n4) Credit application UI is accessible after login so autosave can run at least once (≥60 seconds).",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com and log in with a test user and observe the session becomes authenticated.\n2) Inspect browser storage and observe authentication tokens are not visible in localStorage at baseline.\n3) Clear localStorage for the portal origin and observe it is empty.\n4) Navigate to the credit application flow and enter a small amount of draft data (e.g., name \"Jordan Test\", address \"100 Test St\") and observe values are present in the UI.\n5) Wait 60 seconds and observe the autosave interval elapses.\n6) Inspect localStorage and observe at least one draft entry exists.\n7) Search all localStorage keys and values for token-like fields/strings (case-insensitive): \"access_token\", \"refresh_token\", \"jwt\", \"Authorization\", \"Bearer\" and observe none are present.\n8) Additionally, inspect sessionStorage (if used by the app) for the same token-like fields and observe none are stored there (tokens must be in cookies per requirement).\n9) Inspect document.cookie and observe tokens are not readable via JS if stored as HttpOnly (cookie value should be inaccessible for HttpOnly cookies).\n10) Trigger another autosave cycle by editing a field and waiting 60 seconds; re-scan localStorage and observe token-like fields are still absent.\n11) Cleanup: clear localStorage and log out; observe localStorage remains without any auth token artifacts.",
+    "expectedResult": "1) localStorage contains a draft after autosave runs, but does not contain access/refresh/JWT tokens.\n2) Token-like fields (e.g., access_token, refresh_token) are absent from localStorage values and keys.\n3) Abuse-path ruled out: even after multiple autosaves, no auth tokens appear in localStorage (prevents token exfiltration via XSS targeting localStorage).",
+    "sourceCitation": {
+      "location": "Section 3 User Authentication & Session Management, page 4 (token storage) + Section 4 Credit Application Web Flow, page 6 (draft)",
+      "excerpt": "Tokens are stored in HttpOnly, Secure cookies — never in localStorage."
+    },
+    "rolesAndAccess": "Authenticated portal user",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "functional",
+    "title": "Initiate transaction approved path returns transaction_id, available_credit, auth_code",
+    "description": "Verifies the approved transaction authorization path returns the documented fields, supporting downstream posting, UI confirmation, and reconciliation. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-01",
+    "testDescription": "As a cardholder initiating a web transaction, when the transaction is approved the API must return transaction_id, available_credit, and auth_code.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) User has an account_id that belongs to the authenticated user.\n3) Card status for the account is Active or Frozen (not otherwise restricted by the spec outcome table).\n4) Account has sufficient available credit for the test transaction_amount.",
+    "stepsToPerform": "1) Obtain/confirm a valid Bearer token for the test user and observe it can access protected endpoints.\n2) Identify a test account_id belonging to the authenticated user and observe it is a UUID.\n3) Prepare a transaction request payload with transaction_amount=25.50, merchant_name=\"Test Coffee Shop\", merchant_id=\"TESTMERCH0001\", mcc_code=\"5812\", currency_code=\"CAD\", transaction_type=\"PURCHASE\", description=\"QA approval test\" and observe required fields are present.\n4) Send POST /v2/accounts/{account_id}/transactions with the payload and observe the API responds.\n5) Observe HTTP status code is 200.\n6) Observe the response body contains transaction_id and it is non-empty.\n7) Observe the response body contains available_credit and it is a numeric value.\n8) Observe the response body contains auth_code and it is non-empty.\n9) Re-submit the same request once more (without any idempotency key specified in the SRS) and observe the API returns a response (record it) to assess abuse risk; do not assert idempotency behavior since it is not specified.\n10) Cleanup: if test environment supports it, mark/void the created transaction via internal test tools; otherwise record transaction_id for later reconciliation and observe it is available for tracking.",
+    "expectedResult": "1) Approved transaction returns HTTP 200.\n2) Response includes transaction_id, available_credit, auth_code.\n3) The returned transaction_id is usable as a reference for subsequent investigation/reconciliation in test logs.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "200 Approved; credit updated (ISO 8583: 00) transaction_id, available_credit, auth_code"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <valid>; X-CSRF-Token: <present if required by deployment>; Content-Type: application/json",
+    "requestBodyExampleMasked": "{\"transaction_amount\":25.50,\"merchant_name\":\"Test Coffee Shop\",\"merchant_id\":\"TESTMERCH0001\",\"mcc_code\":\"5812\",\"currency_code\":\"CAD\",\"transaction_type\":\"PURCHASE\",\"description\":\"QA approval test\"}",
+    "expectedHttpStatus": 200,
+    "rolesAndAccess": "Authenticated account owner",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "functional",
+    "title": "Initiate transaction essential service over-limit uses 5% buffer and returns over_limit_flag true",
+    "description": "Verifies the essential-service over-limit approval branch is represented in the API response with the documented flag, supporting compliant handling of essential transactions that can exceed the limit with a defined buffer. Automation: MEDIUM — requires controlled test data to hit the over-limit-with-buffer condition.",
+    "testId": "TC-TXN-02",
+    "testDescription": "As a cardholder making an essential-service purchase that slightly exceeds available credit but falls within the 5% buffer, the transaction should be approved and explicitly marked as over-limit via over_limit_flag: true.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) account_id belongs to the authenticated user.\n3) Test environment can configure the account’s available credit so that the attempted transaction exceeds it but remains within the documented 5% buffer.\n4) Card status is Active or Frozen (not triggering CARD_INACTIVE).",
+    "stepsToPerform": "1) Retrieve current available credit for the account using GET /v2/accounts/{account_id}/summary (or internal test tool) and observe available_credit value.\n2) Adjust test account available credit to a controlled value using test setup (e.g., set available_credit=100.00 CAD) and observe the setup confirmation.\n3) Calculate a transaction_amount that is >100.00 but within 5% buffer (e.g., 104.00) and observe it is 4% over.\n4) Prepare the transaction payload with transaction_amount=104.00, merchant_name=\"Essential Utility\", merchant_id=\"ESSUTIL0001\", mcc_code=\"4900\", currency_code=\"CAD\", transaction_type=\"PURCHASE\", description=\"Essential over-limit buffer test\" and observe required fields are present.\n5) Send POST /v2/accounts/{account_id}/transactions and observe the API responds.\n6) Observe HTTP status code is 200.\n7) Observe the response includes transaction_id and observe over_limit_flag is present and equals true.\n8) Observe the response does not contain error fields (since it is a 200 success branch).\n9) Capture and store transaction_id for cleanup/reconciliation and observe it is non-empty.\n10) Cleanup: revert any test credit configuration to default and observe account state is reset for subsequent tests.",
+    "expectedResult": "1) API returns HTTP 200 for the essential service over-limit scenario.\n2) Response includes transaction_id and over_limit_flag: true.\n3) No insufficient-funds error is returned for this within-buffer over-limit condition.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "Essential service over-limit (5% buffer\nused)"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "testDataMasked": "available_credit=100.00 CAD (configured), transaction_amount=104.00 CAD",
+    "expectedHttpStatus": 200,
+    "automationFeasibility": "MEDIUM"
+  },
+  {
+    "type": "negative",
+    "title": "Initiate transaction returns 402 INSUFFICIENT_FUNDS with available_credit",
+    "description": "Verifies transactions are declined with the documented status and error code when available credit is insufficient, and that the response includes available_credit for user guidance and UI display. Automation: HIGH — pure API assertions with controlled balance.",
+    "testId": "TC-TXN-03",
+    "testDescription": "As a cardholder, when I attempt a transaction above my available credit (and not within any allowed buffer case), the API must decline with 402 INSUFFICIENT_FUNDS and include available_credit.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) account_id belongs to the authenticated user.\n3) Test environment can set or know available_credit for the account.\n4) Card status is Active or Frozen (not triggering CARD_INACTIVE).",
+    "stepsToPerform": "1) Retrieve account summary for the test account and observe available_credit value.\n2) Configure available_credit to a controlled small value (e.g., 50.00 CAD) via test setup and observe confirmation.\n3) Prepare a transaction payload with transaction_amount=200.00, merchant_name=\"Test Electronics\", merchant_id=\"TESTELEC0001\", mcc_code=\"5732\", currency_code=\"CAD\", transaction_type=\"PURCHASE\" and observe required fields are present.\n4) Send POST /v2/accounts/{account_id}/transactions and observe the API responds.\n5) Observe HTTP status code is 402.\n6) Observe response body contains error=\"INSUFFICIENT_FUNDS\".\n7) Observe response body contains available_credit and that it matches the configured/known value (50.00 CAD).\n8) Verify abuse-path: resend request with slightly different merchant_id (e.g., \"TESTELEC0002\") and observe it still returns 402 with available_credit (no bypass).\n9) Cleanup: revert any test credit configuration and observe account state reset.",
+    "expectedResult": "1) API returns HTTP 402.\n2) Response includes error: INSUFFICIENT_FUNDS.\n3) Response includes available_credit (e.g., 50.00) to inform the client/UI.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "402 Insufficient funds (ISO 8583: 51) error: INSUFFICIENT_FUNDS, available_credit"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestBodyExampleMasked": "{\"transaction_amount\":200.00,\"merchant_name\":\"Test Electronics\",\"merchant_id\":\"TESTELEC0001\",\"mcc_code\":\"5732\",\"currency_code\":\"CAD\",\"transaction_type\":\"PURCHASE\"}",
+    "expectedHttpStatus": 402,
+    "errorCodeExpected": "INSUFFICIENT_FUNDS",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "negative",
+    "title": "Initiate transaction returns 403 CARD_INACTIVE when card not Active or Frozen",
+    "description": "Verifies the transaction endpoint blocks authorizations when the card is in a disallowed status and returns the documented error and card_status, preventing transactions on blocked/closed cards. Automation: MEDIUM — requires ability to set card status to a disallowed state in test data.",
+    "testId": "TC-TXN-04",
+    "testDescription": "As a cardholder, if my card is not in Active or Frozen status (e.g., Blocked), initiating a web transaction should be rejected with 403 CARD_INACTIVE and include card_status in the response.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) account_id belongs to the authenticated user.\n3) Test environment can set the card status to a state that is not Active or Frozen (e.g., Blocked or Closed) for the account.\n4) Account has any available_credit (not relevant if card status blocks first).",
+    "stepsToPerform": "1) Identify the card associated with the test account (via internal test data or prior provisioning) and observe card_id is available.\n2) Set the card to a disallowed status (e.g., Blocked) using test setup tooling and observe status change confirmation.\n3) Prepare a transaction payload with transaction_amount=10.00, merchant_name=\"Test Merchant\", merchant_id=\"TESTM0001\", mcc_code=\"5999\", currency_code=\"CAD\", transaction_type=\"PURCHASE\" and observe required fields are present.\n4) Send POST /v2/accounts/{account_id}/transactions and observe the API responds.\n5) Observe HTTP status code is 403.\n6) Observe response contains error=\"CARD_INACTIVE\".\n7) Observe response contains card_status and it equals the configured disallowed state (e.g., \"Blocked\").\n8) Verify abuse-path: attempt the same transaction with a lower amount (1.00) and observe it is still rejected with CARD_INACTIVE (status-based control not bypassable by amount).\n9) Cleanup: restore the card status to Active for subsequent tests and observe status is reset.",
+    "expectedResult": "1) API returns HTTP 403.\n2) Response includes error: CARD_INACTIVE.\n3) Response includes card_status reflecting the current (disallowed) status.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "403 Card not Active or Frozen error: CARD_INACTIVE, card_status"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "expectedHttpStatus": 403,
+    "errorCodeExpected": "CARD_INACTIVE",
+    "automationFeasibility": "MEDIUM"
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction amount boundary: reject transaction_amount <= 0 with 422 INVALID_AMOUNT",
+    "description": "Validates the transaction_amount boundary rule rejects zero and negative values with the documented status and error code, preventing invalid financial postings. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-05",
+    "testDescription": "As a cardholder initiating a transaction, the API must reject transaction_amount values at and below zero, and accept a minimal positive amount, exercising the boundary and just-past-boundary behavior.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) account_id belongs to the authenticated user.\n3) Card status is Active or Frozen.\n4) Account has sufficient available credit for a small positive transaction (e.g., 0.01 CAD).",
+    "stepsToPerform": "1) Prepare a base transaction payload with merchant_name=\"Boundary Merchant\", merchant_id=\"BOUND0001\", mcc_code=\"5999\", currency_code=\"CAD\", transaction_type=\"PURCHASE\" and observe required non-amount fields are valid.\n2) Set transaction_amount=0.00 and send POST /v2/accounts/{account_id}/transactions; observe the API response is received.\n3) Observe HTTP status code is 422.\n4) Observe response contains error=\"INVALID_AMOUNT\".\n5) Set transaction_amount=-0.01 with the same base payload and send POST /v2/accounts/{account_id}/transactions; observe the API response is received.\n6) Observe HTTP status code is 422 and response contains error=\"INVALID_AMOUNT\".\n7) Set transaction_amount=0.01 (just past boundary) and send POST /v2/accounts/{account_id}/transactions; observe the API response is received.\n8) Observe the response is not HTTP 422 INVALID_AMOUNT (expected to proceed to another defined outcome, typically HTTP 200 if credit is sufficient and card is eligible).\n9) If approved, capture transaction_id and observe it is non-empty for auditability/cleanup.\n10) Cleanup: if a transaction was created at 0.01, record transaction_id for later reconciliation (do not assert voiding behavior since not specified).",
+    "expectedResult": "1) transaction_amount=0.00 returns HTTP 422 with error: INVALID_AMOUNT.\n2) transaction_amount=-0.01 returns HTTP 422 with error: INVALID_AMOUNT.\n3) transaction_amount=0.01 does not return 422 INVALID_AMOUNT (boundary correctly enforced).",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "422 transaction_amount <= 0 (ISO 8583: 13) error: INVALID_AMOUNT"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "boundaryValues": "At boundary: 0.00; just below: -0.01; just above: 0.01",
+    "expectedHttpStatus": "422 for <=0.00; not 422 for 0.01",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "negative",
+    "title": "Initiate transaction requires exchange_rate when currency_code != CAD",
+    "description": "Verifies foreign-currency transaction requests must include exchange_rate when currency_code is not CAD, preventing ambiguous currency conversion and billing. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-06",
+    "testDescription": "As a cardholder initiating a foreign-currency transaction, when currency_code is not CAD and exchange_rate is omitted, the request must be rejected; when exchange_rate is provided, the request should not be rejected for missing exchange_rate.",
+    "prerequisites": "1) Authenticated user has a valid Bearer token.\n2) account_id belongs to the authenticated user.\n3) Card status is Active or Frozen.\n4) Account has sufficient available credit for the transaction when properly specified.",
+    "stepsToPerform": "1) Prepare a base transaction payload with transaction_amount=10.00, merchant_name=\"FX Test Merchant\", merchant_id=\"FXMERCH0001\", mcc_code=\"5999\", currency_code=\"USD\", transaction_type=\"PURCHASE\" and observe currency_code != CAD.\n2) Ensure exchange_rate is omitted from the request body and observe it is not present.\n3) Send POST /v2/accounts/{account_id}/transactions and observe the API response is received.\n4) Observe the request is rejected (non-200) and record the HTTP status and any error/field/message returned.\n5) Add exchange_rate=1.350000 (6 decimal places) to the same payload and observe the field is present.\n6) Send POST /v2/accounts/{account_id}/transactions with exchange_rate included and observe the API response is received.\n7) Observe the response is not rejected for missing exchange_rate (i.e., does not reproduce the missing-field failure from step 4).\n8) If approved, capture transaction_id and observe it is non-empty.\n9) Verify abuse-path: attempt USD transaction again with exchange_rate omitted and observe it is still rejected (no bypass via cached values).\n10) Cleanup: record any created transaction_id for later reconciliation (do not assert foreign fee calculation fields because they are specified in Section 5.3, not in this outline).",
+    "expectedResult": "1) When currency_code != CAD and exchange_rate is omitted, the request is rejected (does not succeed).\n2) When currency_code != CAD and exchange_rate is provided (e.g., 1.350000), the request is not rejected for missing exchange_rate.\n3) The requirement is enforced consistently across repeated attempts (prevents ambiguous FX transactions).",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "exchange_rate Decimal Optional Required if currency_code != CAD; Decimal(8,6)"
+    },
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestBodyExampleMasked": "{\"transaction_amount\":10.00,\"merchant_name\":\"FX Test Merchant\",\"merchant_id\":\"FXMERCH0001\",\"mcc_code\":\"5999\",\"currency_code\":\"USD\",\"transaction_type\":\"PURCHASE\",\"exchange_rate\":1.350000}",
+    "automationFeasibility": "HIGH"
+  },
+  {
+    "type": "resilience",
+    "title": "Transaction frequency limit: >10 transactions in 60 min returns 429 FREQ_EXCEEDED and mfa_required true",
+    "description": "Verifies the anti-abuse transaction frequency control by ensuring the 11th transaction within a 60-minute window is rejected with the specified HTTP status and error payload, prompting MFA. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXNFREQ-01",
+    "testDescription": "As an authenticated cardholder initiating multiple web transactions, when I exceed the allowed transaction frequency, the API must block further authorizations and explicitly indicate MFA is required using the documented error response.",
+    "prerequisites": "1) Authenticated user with a valid Bearer token in Authorization header.\n2) An account_id UUID that belongs to the authenticated user.\n3) Card/account status is eligible for transactions (not triggering other errors like CARD_INACTIVE or INSUFFICIENT_FUNDS).\n4) Test runner can issue 11 POST requests within a controlled time window ≤ 60 minutes.\n5) Ensure no prior transactions from this account in the last 60 minutes (or use a fresh test account) to avoid pre-consuming the quota.",
+    "stepsToPerform": "1) Set the test clock reference (t0) and record current UTC timestamp; outcome: t0 captured for the 60-minute window measurement.\n2) Send POST /v2/accounts/{account_id}/transactions with body (masked): {\"transaction_amount\":\"1.00\",\"merchant_name\":\"LoadTest Shop 01\",\"merchant_id\":\"LTSHOP01\",\"mcc_code\":\"5411\",\"currency_code\":\"CAD\",\"transaction_type\":\"PURCHASE\",\"description\":\"freq test #1\"}; outcome: HTTP 200 returned (approved path).\n3) Repeat Step 2 for transactions #2 through #9, varying merchant_id (LT SHOP 02..09) to keep requests distinct; outcome: each request returns HTTP 200.\n4) Send transaction #10 within 60 minutes of t0 with merchant_id \"LT SHOP 10\"; outcome: HTTP 200 returned.\n5) Immediately send transaction #11 within 60 minutes of t0 with merchant_id \"LT SHOP 11\"; outcome: HTTP 429 returned.\n6) Inspect the HTTP 429 response body; outcome: response contains field error with value \"FREQ_EXCEEDED\".\n7) Inspect the same response body for MFA prompt flag; outcome: response contains \"mfa_required\" and its value is true.\n8) Confirm the rejection is specifically rate/frequency related (abuse-path ruled out); outcome: response is not 401/403/402/422 and includes the documented frequency error fields.\n9) Optionally retry the same request once more within the same 60-minute window; outcome: still blocked with HTTP 429 and error \"FREQ_EXCEEDED\" (demonstrates the limit remains enforced during the window).",
+    "expectedResult": "1) The 11th transaction attempt within the 60-minute window returns HTTP 429.\n2) The 429 response body contains exactly: error: FREQ_EXCEEDED.\n3) The 429 response body contains mfa_required: true.\n4) The request is rejected for frequency control (not misclassified as authentication/authorization/validation/insufficient funds), ruling out an abuse path of bypassing the limit by spamming distinct merchants.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "expectedHttpStatus": 429,
+    "errorCodeExpected": "FREQ_EXCEEDED",
+    "testDataMasked": "account_id: 11111111-2222-3333-4444-555555555555; transaction_amount: 1.00 CAD; mcc_code: 5411; merchant_name: LoadTest Shop",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "429 >10 transactions in 60 min (ISO 8583: 65) error: FREQ_EXCEEDED, mfa_required: true"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Transaction frequency boundary: exactly 10 transactions within 60 min does not trigger FREQ_EXCEEDED",
+    "description": "Validates the boundary condition of the transaction frequency control by ensuring exactly 10 transactions within 60 minutes are not rejected as frequency exceeded. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXNFREQ-02",
+    "testDescription": "As an authenticated cardholder, I should be able to complete up to the allowed number of transactions within a 60-minute window without receiving the FREQ_EXCEEDED error, since the documented trigger is strictly for counts greater than 10.",
+    "prerequisites": "1) Authenticated user with a valid Bearer token in Authorization header.\n2) An account_id UUID that belongs to the authenticated user.\n3) Account has sufficient available credit and is in a valid state for PURCHASE transactions.\n4) Ensure no prior transactions from this account in the last 60 minutes (or use a fresh test account) so the first request is counted as #1.\n5) Ability to send exactly 10 requests within a controlled time window ≤ 60 minutes.",
+    "stepsToPerform": "1) Record current UTC timestamp as t0; outcome: the start time for the 60-minute window is captured.\n2) Send POST /v2/accounts/{account_id}/transactions for transaction #1: {\"transaction_amount\":\"1.00\",\"merchant_name\":\"Boundary Shop 01\",\"merchant_id\":\"BDSHOP01\",\"mcc_code\":\"5411\",\"currency_code\":\"CAD\",\"transaction_type\":\"PURCHASE\"}; outcome: HTTP 200.\n3) Send transaction #2 within 60 minutes of t0 with merchant_id \"BDSHOP02\"; outcome: HTTP 200.\n4) Send transaction #3 within 60 minutes of t0; outcome: HTTP 200.\n5) Send transaction #4 within 60 minutes of t0; outcome: HTTP 200.\n6) Send transaction #5 within 60 minutes of t0; outcome: HTTP 200.\n7) Send transaction #6 within 60 minutes of t0; outcome: HTTP 200.\n8) Send transaction #7 within 60 minutes of t0; outcome: HTTP 200.\n9) Send transaction #8 within 60 minutes of t0; outcome: HTTP 200.\n10) Send transaction #9 within 60 minutes of t0; outcome: HTTP 200.\n11) Send transaction #10 within 60 minutes of t0; outcome: HTTP 200 and response is not HTTP 429.\n12) Inspect the 10th response body; outcome: it does not contain error: FREQ_EXCEEDED (i.e., it is an approved/posted response, per the 200 branch).",
+    "expectedResult": "1) All 10 transactions sent within 60 minutes return HTTP 200 (no HTTP 429).\n2) None of the 10 responses contain error: FREQ_EXCEEDED.\n3) The boundary behavior is consistent with the documented trigger condition \">10 transactions in 60 min\".\n4) Abuse path ruled out: legitimate high activity at the allowed threshold is not incorrectly blocked as frequency exceeded.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "expectedHttpStatus": 200,
+    "boundaryValues": "10 transactions in 60 minutes (at boundary); do not execute an 11th request in this test case",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment HTTP codes, page 9",
+      "excerpt": "429 >10 transactions in 60 min (ISO 8583: 65) error: FREQ_EXCEEDED"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "List transactions default from_date is billing cycle start",
+    "description": "Ensures transaction listing uses the documented default filter start date when from_date is omitted, preventing unexpected history scope and supporting statement/billing-cycle views. Automation: MEDIUM — requires knowing billing cycle start reference for the account.",
+    "testId": "TC-TXNLIST-01",
+    "testDescription": "As a cardholder viewing transaction history, when I do not provide from_date, the system should automatically list transactions starting from the billing cycle start date by default.",
+    "prerequisites": "1) Authenticated user with a valid Bearer token.\n2) account_id UUID owned by the authenticated user.\n3) Known billing cycle start date for the account for the current cycle (obtained from billing system configuration/test fixture) and at least one transaction posted on/after that date.\n4) At least one older transaction exists strictly before the current billing cycle start date (seeded test data) to validate it is not included by default.\n5) Ability to query the transactions endpoint without from_date.",
+    "stepsToPerform": "1) Seed/confirm two transactions for the account: T_old dated before billing cycle start, and T_new dated on/after billing cycle start; outcome: test data exists and their dates are recorded.\n2) Call GET /v2/accounts/{account_id}/transactions with no from_date and no to_date; outcome: HTTP 200 returned.\n3) Verify response contains pagination keys; outcome: response includes transactions[] and page-related metadata (observable fields present).\n4) Scan transactions[] for T_new identifier/date; outcome: T_new is present in the returned list.\n5) Scan transactions[] for T_old identifier/date; outcome: T_old is not present in the returned list.\n6) Re-issue GET /v2/accounts/{account_id}/transactions explicitly setting from_date to the known billing cycle start date; outcome: HTTP 200 returned.\n7) Compare the two result sets (omitted from_date vs explicit from_date=billing cycle start); outcome: the returned transactions are consistent in inclusion of T_new and exclusion of T_old.\n8) Record the request/response for auditability of the defaulting behavior; outcome: evidence captured showing omission of from_date still yields billing-cycle-scoped results.",
+    "expectedResult": "1) GET transactions without from_date returns HTTP 200 and a transactions[] list.\n2) Transactions strictly before the billing cycle start are excluded when from_date is omitted.\n3) Transactions on/after the billing cycle start are included when from_date is omitted.\n4) The default behavior aligns with the documented default for from_date, reducing risk of exposing older-than-expected history.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/transactions",
+    "httpMethod": "GET",
+    "testDataMasked": "account_id: 11111111-2222-3333-4444-555555555555; billing cycle start (fixture): 2026-04-01; T_old date: 2026-03-15; T_new date: 2026-04-10",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions field table, page 10",
+      "excerpt": "from_date Date Optional ISO 8601; default: billing cycle start"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "List transactions rejects invalid date range with 400 INVALID_DATE_RANGE when to_date < from_date",
+    "description": "Confirms server-side validation rejects an inverted date range to prevent ambiguous queries and data leakage. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXNLIST-02",
+    "testDescription": "As a cardholder querying my transactions, if I provide a to_date earlier than from_date, the API must reject the request with the documented HTTP code and error identifier.",
+    "prerequisites": "1) Authenticated user with a valid Bearer token.\n2) account_id UUID owned by the authenticated user.\n3) Ability to call the transactions listing endpoint with query parameters.\n4) Use ISO 8601 date strings for from_date and to_date.\n5) No special environment overrides that auto-correct invalid ranges.",
+    "stepsToPerform": "1) Prepare from_date as 2026-04-10 and to_date as 2026-04-09; outcome: test inputs clearly satisfy to_date < from_date.\n2) Send GET /v2/accounts/{account_id}/transactions?from_date=2026-04-10&to_date=2026-04-09; outcome: HTTP response received.\n3) Verify HTTP status code; outcome: HTTP 400.\n4) Parse response body; outcome: response contains an error field.\n5) Validate error code value; outcome: error equals \"INVALID_DATE_RANGE\".\n6) Confirm the API does not return transactions[] on this error response; outcome: no paginated data list is returned (only error payload).\n7) Send a control request with a valid range (from_date=2026-04-09, to_date=2026-04-10); outcome: HTTP 200 returned.\n8) Compare outcomes to ensure only inverted range triggers the specific validation; outcome: invalid range yields 400 INVALID_DATE_RANGE, valid range does not.",
+    "expectedResult": "1) Request with to_date < from_date returns HTTP 400.\n2) Response body contains exactly: error: INVALID_DATE_RANGE.\n3) No transaction list payload is returned for the invalid range.\n4) Abuse path ruled out: client cannot bypass server validation by sending inverted date filters to extract unintended data.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/transactions",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 400,
+    "errorCodeExpected": "INVALID_DATE_RANGE",
+    "boundaryValues": "to_date just one day earlier than from_date (2026-04-09 < 2026-04-10)",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions HTTP codes, page 10",
+      "excerpt": "400 to_date < from_date error: INVALID_DATE_RANGE"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "List transactions enforces per_page max 100 (boundary)",
+    "description": "Verifies pagination constraint on per_page to prevent excessive payloads and ensure consistent API behavior at and beyond the documented maximum. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXNLIST-03",
+    "testDescription": "As a cardholder retrieving my transaction history, I can request up to 100 items per page; requests at the maximum should succeed while requests beyond should not be accepted per the documented max.",
+    "prerequisites": "1) Authenticated user with a valid Bearer token.\n2) account_id UUID owned by the authenticated user.\n3) Account has at least 120 transactions in the accessible range (seeded) to observe pagination behavior with per_page=100.\n4) Ability to invoke GET endpoint with per_page query param.\n5) No gateway/proxy altering query parameters.",
+    "stepsToPerform": "1) Ensure seeded dataset has ≥120 transactions for the account within the same billing cycle; outcome: data volume supports per_page testing.\n2) Call GET /v2/accounts/{account_id}/transactions?per_page=100&page=1; outcome: HTTP 200 returned.\n3) Count returned transactions[] length; outcome: length is 100 (or equals total_count if fewer than 100, but this test assumes ≥120).\n4) Verify response includes page and total_pages; outcome: pagination metadata present.\n5) Call GET /v2/accounts/{account_id}/transactions?per_page=100&page=2; outcome: HTTP 200 returned.\n6) Count returned transactions[] length for page 2; outcome: length is 20 (given 120 seeded) or remaining count consistent with total_count.\n7) Call GET /v2/accounts/{account_id}/transactions?per_page=101&page=1; outcome: HTTP response received.\n8) Validate that the response does not return a successful paginated list with 101 items; outcome: request is not processed as a normal 200 with >100 results, demonstrating enforcement of max 100.\n9) Capture the raw response for per_page=101 for defect triage; outcome: evidence shows the system enforced or constrained the parameter rather than returning >100 items.",
+    "expectedResult": "1) per_page=100 returns HTTP 200 and returns up to 100 items in transactions[].\n2) Requesting page 2 with per_page=100 returns remaining items consistent with total_count/total_pages.\n3) per_page=101 is not accepted as a normal successful response returning >100 items; the service enforces the documented max of 100.\n4) Abuse path ruled out: client cannot force oversized pages (>100) to increase data exfiltration per request.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/transactions",
+    "httpMethod": "GET",
+    "boundaryValues": "per_page=100 (at max) and per_page=101 (just past max)",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions field table, page 10",
+      "excerpt": "per_page Integer Optional Default 25; max 100"
+    }
+  },
+  {
+    "type": "security",
+    "title": "List transactions returns 403 FORBIDDEN when account not owned by user",
+    "description": "Validates owner-only access control for transaction history to prevent unauthorized disclosure of financial records. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXNLIST-04",
+    "testDescription": "As a logged-in user, when I attempt to list transactions for an account_id that I do not own, the API must deny access with the documented HTTP status and error code.",
+    "prerequisites": "1) Two distinct test users exist: UserA and UserB.\n2) UserA has a valid Bearer token.\n3) account_id_B belongs to UserB and is not owned by UserA.\n4) Ability to call GET /v2/accounts/{account_id}/transactions with UserA's token.\n5) Ensure account_id_B is valid (exists) to specifically test authorization, not NOT_FOUND behavior.",
+    "stepsToPerform": "1) Authenticate as UserA and obtain a valid Bearer token; outcome: Authorization token available.\n2) Confirm account_id_B is owned by UserB (setup validation); outcome: ownership mapping is confirmed from test fixture.\n3) Send GET /v2/accounts/{account_id_B}/transactions using UserA's Authorization header; outcome: HTTP response received.\n4) Verify HTTP status code; outcome: HTTP 403.\n5) Parse response body; outcome: response includes an error field.\n6) Verify error code value; outcome: error equals \"FORBIDDEN\".\n7) Send a control request: GET /v2/accounts/{account_id_A}/transactions using UserA token; outcome: HTTP 200 returned.\n8) Compare outcomes; outcome: only non-owned account access returns 403 FORBIDDEN, confirming authorization enforcement.\n9) Record that no transaction data is leaked in the 403 response; outcome: response contains no transactions[] payload.",
+    "expectedResult": "1) Listing transactions for a non-owned account returns HTTP 403.\n2) Response body contains exactly: error: FORBIDDEN.\n3) No transaction history data is returned in the forbidden response.\n4) Abuse path ruled out: a valid token for one user cannot be used to enumerate or view another user's transactions by guessing account_id.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/transactions",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 403,
+    "errorCodeExpected": "FORBIDDEN",
+    "rolesAndAccess": "Role under test: authenticated cardholder (UserA) attempting cross-account access",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions HTTP codes, page 10",
+      "excerpt": "403 Account not owned by user error: FORBIDDEN"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Foreign transaction fee calculation applies 1.03 multiplier to (amount × exchange_rate)",
+    "description": "Validates the foreign currency conversion and 3% fee multiplier formula to prevent incorrect billing for FX purchases. Automation: HIGH — deterministic calculation validation via API response fields.",
+    "testId": "TC-FX-01",
+    "testDescription": "As a cardholder making a non-CAD transaction, the platform must compute the CAD total using the documented formula and return a CAD amount consistent with (transaction_amount × exchange_rate) × 1.03.",
+    "prerequisites": "1) Authenticated user with valid Bearer token.\n2) account_id UUID owned by the authenticated user with sufficient available credit.\n3) Ability to initiate a transaction with currency_code != CAD and provide exchange_rate.\n4) Response payload includes the computed CAD totals/amounts required to validate the formula (test environment must expose the computed Total_CAD field used for posting; if represented as posted amount, use that field).\n5) Ensure transaction frequency limit is not near the threshold (>10/60min) to avoid 429 interference.",
+    "stepsToPerform": "1) Choose concrete inputs: transaction_amount=100.00 (USD), exchange_rate=1.250000; outcome: base conversion amount = 125.00 CAD computed for expectation.\n2) Compute expected Total_CAD = (100.00 × 1.250000) × 1.03 = 128.75 CAD; outcome: expected value recorded as 128.75.\n3) Send POST /v2/accounts/{account_id}/transactions with body: {\"transaction_amount\":\"100.00\",\"merchant_name\":\"FX Test Merchant\",\"merchant_id\":\"FXM123\",\"mcc_code\":\"5812\",\"currency_code\":\"USD\",\"exchange_rate\":\"1.250000\",\"transaction_type\":\"PURCHASE\",\"description\":\"FX formula test\"}; outcome: HTTP 200 returned.\n4) Parse the success response and identify the field representing the CAD posted total for the transaction (as provided by the API response for foreign transactions); outcome: actual_total_cad extracted.\n5) Compare actual_total_cad to expected 128.75 CAD; outcome: values match exactly to 2 decimals (128.75).\n6) Verify transaction_id is present; outcome: transaction_id returned, proving the transaction was processed.\n7) Fetch the transaction via GET /v2/accounts/{account_id}/transactions (filter by recent/page=1); outcome: transaction appears in history.\n8) Validate the listed transaction reflects the same CAD total used for posting; outcome: history shows the same computed total for this transaction.\n9) Cleanup: if the environment supports reversal/void, remove the test transaction; otherwise mark test account for reset; outcome: cleanup action recorded.",
+    "expectedResult": "1) The foreign transaction is accepted (HTTP 200) and returns a transaction_id.\n2) The CAD total for the transaction equals 128.75 CAD for inputs transaction_amount=100.00 and exchange_rate=1.250000, matching: Total_CAD = (transaction_amount × exchange_rate) × 1.03.\n3) Transaction history reflects the same computed CAD total for the posted transaction.\n4) Abuse path ruled out: client cannot influence fee omission by setting currency_code != CAD without correct total calculation being applied server-side.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "calculationExpected": "Total_CAD = (100.00 × 1.250000) × 1.03 = 128.75 CAD",
+    "testDataMasked": "account_id: 11111111-2222-3333-4444-555555555555; merchant_id: FXM123; currency_code: USD; exchange_rate: 1.250000",
+    "sourceCitation": {
+      "location": "Section 5.3 Foreign Transaction Fee Calculation, page 10",
+      "excerpt": "Total_CAD = (transaction_amount × exchange_rate) × 1.03"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Foreign fee is itemised separately as foreign_fee_amount in response",
+    "description": "Ensures FX fee transparency by verifying the 3% foreign transaction fee is returned as a distinct itemized field, enabling accurate statement display and dispute handling. Automation: HIGH — API field presence/value assertion.",
+    "testId": "TC-FX-02",
+    "testDescription": "As a cardholder reviewing a non-CAD purchase, I should see the foreign transaction fee itemized separately as foreign_fee_amount in the API response so the portal can display the fee distinctly from the base conversion.",
+    "prerequisites": "1) Authenticated user with valid Bearer token.\n2) account_id UUID owned by the authenticated user with sufficient credit.\n3) Ability to initiate a foreign currency transaction (currency_code ≠ CAD) with exchange_rate provided.\n4) The transaction initiation response for foreign transactions includes foreign_fee_amount.\n5) Ensure frequency limit is not exceeded during test execution.",
+    "stepsToPerform": "1) Choose concrete inputs: transaction_amount=50.00 (EUR), exchange_rate=1.450000; outcome: base converted amount = 72.50 CAD.\n2) Compute expected fee: 72.50 × 0.03 = 2.175 → expected foreign fee amount recorded as 2.18 if rounded to 2 decimals in response (record both raw 2.175 and 2-decimal expectation per response format); outcome: expected fee computed.\n3) Send POST /v2/accounts/{account_id}/transactions with body: {\"transaction_amount\":\"50.00\",\"merchant_name\":\"FX Fee Merchant\",\"merchant_id\":\"FXFEE50\",\"mcc_code\":\"5999\",\"currency_code\":\"EUR\",\"exchange_rate\":\"1.450000\",\"transaction_type\":\"PURCHASE\",\"description\":\"FX fee itemization test\"}; outcome: HTTP 200 returned.\n4) Parse response body; outcome: response includes a field named foreign_fee_amount.\n5) Verify foreign_fee_amount is a positive numeric amount; outcome: value > 0.\n6) Verify foreign_fee_amount corresponds to 3% of (transaction_amount × exchange_rate) for the given inputs within 0.01 tolerance (2-decimal currency); outcome: value matches expected (e.g., 2.18).\n7) Verify the response still contains the overall transaction identifiers; outcome: transaction_id present.\n8) Retrieve the transaction in GET /v2/accounts/{account_id}/transactions; outcome: transaction entry is present for audit/troubleshooting.\n9) Cleanup: mark transaction for removal/reset in test environment if needed; outcome: cleanup logged.",
+    "expectedResult": "1) The foreign transaction initiation returns HTTP 200 and includes transaction_id.\n2) Response includes the itemized field foreign_fee_amount.\n3) foreign_fee_amount is consistent with a 3% fee on the converted amount for the transaction within a ±$0.01 tolerance appropriate for 2-decimal currency.\n4) Abuse path ruled out: fee is not hidden/merged ambiguously; the API exposes a distinct fee field as specified.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "tolerance": "±0.01",
+    "testDataMasked": "account_id: 11111111-2222-3333-4444-555555555555; currency_code: EUR; exchange_rate: 1.450000; merchant_id: FXFEE50",
+    "sourceCitation": {
+      "location": "Section 5.3 Foreign Transaction Fee Calculation, page 10",
+      "excerpt": "The 3% foreign transaction fee is itemised separately in the response as foreign_fee_amount."
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Get account summary success returns balances, credit_limit, status, billing cycle, points_balance",
+    "description": "Verifies the dashboard summary API returns the documented core account fields required for showing balance, available credit, account status, billing cycle end, and points. Automation: HIGH — pure API contract assertions.",
+    "testId": "TC-SUM-01",
+    "testDescription": "As a logged-in cardholder, when I open the dashboard, the system should return my current balance, available credit, credit limit, account status, billing cycle end date, and points balance via the account summary endpoint.",
+    "prerequisites": "1) Authenticated user with valid Bearer token.\n2) account_id UUID owned by the authenticated user.\n3) Account exists and is active in test environment.\n4) Account has known values for current_balance/available_credit/credit_limit/points_balance (seeded or retrievable) for verification.\n5) Ability to call GET /v2/accounts/{account_id}/summary.",
+    "stepsToPerform": "1) Authenticate and obtain a valid Bearer token; outcome: token ready for Authorization header.\n2) Send GET /v2/accounts/{account_id}/summary without query params; outcome: HTTP 200 returned.\n3) Validate response contains current_balance; outcome: field present and parseable as a monetary amount.\n4) Validate response contains available_credit; outcome: field present and parseable.\n5) Validate response contains credit_limit; outcome: field present.\n6) Validate response contains account_status; outcome: field present.\n7) Validate response contains billing_cycle_end; outcome: field present and parseable as a date.\n8) Validate response contains points_balance; outcome: field present and parseable as integer/number.\n9) Record the response schema for regression (no extra required assertions); outcome: evidence captured of required fields being returned.",
+    "expectedResult": "1) Endpoint returns HTTP 200.\n2) Response includes: current_balance, available_credit, credit_limit, account_status, billing_cycle_end, points_balance.\n3) All required fields are present and non-null in a normal successful response.\n4) Abuse path ruled out: only authenticated requests with a valid token can retrieve the summary (implicit, validated by prerequisite token use).",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/summary",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "sourceCitation": {
+      "location": "Section 6.1 Get Account Summary HTTP codes, page 11",
+      "excerpt": "200 Success current_balance, available_credit, credit_limit, account_status, billing_cycle_end, points_balance"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Get account summary include_rewards defaults to false when omitted",
+    "description": "Confirms the include_rewards query parameter default is applied when omitted, preventing unintended rewards inclusion and ensuring predictable dashboard behavior. Automation: MEDIUM — requires observing rewards inclusion behavior in response.",
+    "testId": "TC-SUM-02",
+    "testDescription": "As a cardholder, when I do not specify include_rewards on the summary endpoint, the system should apply the documented default of false.",
+    "prerequisites": "1) Authenticated user with valid Bearer token.\n2) account_id UUID owned by the authenticated user.\n3) The environment supports observing whether rewards are included/expanded when include_rewards=true versus omitted (e.g., points_balance presence/structure differences as implemented).\n4) Points balance exists for the account (non-zero preferred) to make differences observable.\n5) Ability to call the summary endpoint with and without include_rewards param.",
+    "stepsToPerform": "1) Authenticate and obtain a valid Bearer token; outcome: token available.\n2) Call GET /v2/accounts/{account_id}/summary (omit include_rewards); outcome: HTTP 200 returned.\n3) Capture response payload as ResponseA; outcome: ResponseA stored.\n4) Call GET /v2/accounts/{account_id}/summary?include_rewards=false; outcome: HTTP 200 returned.\n5) Capture response payload as ResponseB; outcome: ResponseB stored.\n6) Compare ResponseA and ResponseB for rewards-related sections/fields controlled by include_rewards; outcome: they are functionally equivalent with respect to rewards inclusion.\n7) Call GET /v2/accounts/{account_id}/summary?include_rewards=true; outcome: HTTP 200 returned.\n8) Compare ResponseC (include_rewards=true) against ResponseA; outcome: ResponseC shows rewards included per implementation, demonstrating the omitted parameter behaved as false.\n9) Persist evidence (request URLs + responses) for review; outcome: proof that omission maps to false.",
+    "expectedResult": "1) Omitting include_rewards yields a successful HTTP 200 response.\n2) Response when include_rewards is omitted matches the behavior of include_rewards=false (default applied).\n3) The system honors the query param such that include_rewards=true is distinguishable from the omitted/default behavior.\n4) Abuse path ruled out: clients cannot force rewards inclusion without explicitly setting include_rewards=true if the implementation restricts additional rewards details to that flag.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/summary",
+    "httpMethod": "GET",
+    "sourceCitation": {
+      "location": "Section 6.1 Get Account Summary field table, page 11",
+      "excerpt": "include_rewards Boolean Optional Query param; default false"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Get account summary enforces owner-only access returning 403 FORBIDDEN",
+    "description": "Verifies access control on account summary so a user cannot read balances/credit details for an account they do not own. This blocks horizontal privilege escalation via account_id enumeration. Automation: HIGH — pure API assertions.",
+    "testId": "TC-SUM-03",
+    "testDescription": "As an authenticated cardholder (User B), when I attempt to retrieve the account summary for another cardholder’s account_id (User A), the API must deny access with HTTP 403 and the documented error code.",
+    "prerequisites": "1) Two active portal users exist: UserA (owner of account_id_A) and UserB (non-owner).\n2) account_id_A is a valid UUID belonging to UserA and is retrievable/known for test purposes.\n3) UserB has a valid JWT Bearer access token (unexpired) for Authorization header.\n4) API base URL is reachable: https://api.aegiscard.com/v2.",
+    "stepsToPerform": "1) Authenticate as UserB and obtain a valid access token for the Authorization header; observe that authentication succeeds (token available for subsequent calls).\n2) Construct the request URL GET https://api.aegiscard.com/v2/accounts/{account_id_A}/summary using UserA’s account_id_A; observe URL contains account_id_A.\n3) Send the GET request with header Authorization: Bearer <UserB_access_token>; observe the request is accepted by the gateway and a response is returned.\n4) Observe the HTTP status code in the response; verify it is 403.\n5) Parse the JSON response body; observe an error field is present.\n6) Verify the error value equals FORBIDDEN; observe exact match.\n7) Verify the response body does not contain any of the success keys for summary (e.g., current_balance, available_credit, credit_limit); observe they are absent.\n8) Repeat the same GET request but append include_rewards=false; observe response remains 403 with error FORBIDDEN.\n9) (Abuse-path check) Attempt the same request with a different random UUID (synthetic) in place of account_id_A while still using UserB token; observe the API does not return a 200 with summary data for a non-owned account and maintains owner-only enforcement (403 with FORBIDDEN when applicable).",
+    "expectedResult": "1) API returns HTTP 403.\n2) Response body includes error: FORBIDDEN.\n3) No account summary data fields (current_balance, available_credit, credit_limit, etc.) are returned for a non-owned account, preventing data leakage.",
+    "apiEndpoint": "GET /v2/accounts/{account_id}/summary",
+    "httpMethod": "GET",
+    "requestHeaders": "Authorization: Bearer <UserB_access_token>",
+    "expectedHttpStatus": 403,
+    "errorCodeExpected": "FORBIDDEN",
+    "rolesAndAccess": "Role: authenticated cardholder (non-owner) attempting access to another user’s account_id",
+    "sourceCitation": {
+      "location": "Section 6.1 Get Account Summary HTTP codes, page 11",
+      "excerpt": "403 Token does not own this account error: FORBIDDEN"
+    }
+  },
+  {
+    "type": "state-transition",
+    "title": "Freeze card: PATCH status=Frozen succeeds with valid confirm_otp",
+    "description": "Verifies a card can be frozen by the authenticated owner using the only supported user-changeable status value and a valid OTP. This protects customers by enabling immediate self-service card lock. Automation: HIGH — API assertions with test OTP fixture.",
+    "testId": "TC-CARDSTAT-01",
+    "testDescription": "As an authenticated cardholder who owns a card currently in Active status, when I PATCH the card status to Frozen with a valid 6-digit confirm_otp, the service must return 200 with the new_status set to Frozen.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_1 (UUID) and the card is currently in status Active.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel and is not expired.\n4) Test environment supports observing the card status via subsequent PATCH response fields (card_id, new_status, updated_at).",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm starting state: card_id_1 current status is Active (via existing test fixture/state setup); observe recorded starting status.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_1}/status; observe path contains card_id_1.\n4) Set request headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Set request body with status=\"Frozen\", confirm_otp=confirm_otp_valid, and reason=\"Freeze via test\" (<=255 chars); observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body contains card_id equal to card_id_1; observe exact match.\n9) Verify response body new_status equals \"Frozen\"; observe expected state transition.\n10) Verify response body includes updated_at and it is populated (non-empty); observe timestamp present.",
+    "expectedResult": "1) API returns HTTP 200.\n2) Response body contains card_id, new_status=\"Frozen\", and updated_at.\n3) Card is now in Frozen state as indicated by new_status, confirming successful Active → Frozen transition.",
+    "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
+    "httpMethod": "PATCH",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"status\": \"Frozen\", \"reason\": \"Freeze via test\", \"confirm_otp\": \"123456\" }",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "status enum {Active, Frozen}; confirm_otp required (6-digit OTP)",
+    "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_1)",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status, page 11",
+      "excerpt": "status Enum ✓ Required {Active, Frozen} — only these two user-changeable states"
+    }
+  },
+  {
+    "type": "state-transition",
+    "title": "Unfreeze card: PATCH status=Active succeeds with valid confirm_otp",
+    "description": "Verifies a frozen card can be unfrozen back to Active by the authenticated owner using a valid OTP, ensuring legitimate restoration of card usability. Automation: HIGH — API assertions with OTP fixture.",
+    "testId": "TC-CARDSTAT-02",
+    "testDescription": "As an authenticated cardholder who owns a card currently in Frozen status, when I PATCH the card status to Active with a valid 6-digit confirm_otp, the service must return 200 with new_status set to Active and include updated_at.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_2 (UUID) and the card is currently in status Frozen.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel and is not expired.\n4) The API is reachable at https://api.aegiscard.com/v2.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm starting state: card_id_2 current status is Frozen (via fixture/state setup); observe recorded starting status.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_2}/status; observe path contains card_id_2.\n4) Set request headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Set request body with status=\"Active\", confirm_otp=confirm_otp_valid, and reason=\"Unfreeze via test\" (<=255 chars); observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body includes card_id equal to card_id_2; observe exact match.\n9) Verify response body new_status equals \"Active\"; observe Frozen → Active transition.\n10) Verify response body includes updated_at and it is populated (non-empty); observe timestamp present.",
+    "expectedResult": "1) API returns HTTP 200.\n2) Response body contains card_id, new_status=\"Active\", updated_at.\n3) Card is restored to Active state as indicated by new_status, enabling normal usage.",
+    "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
+    "httpMethod": "PATCH",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"status\": \"Active\", \"reason\": \"Unfreeze via test\", \"confirm_otp\": \"123456\" }",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "200 response returns card_id, new_status, updated_at",
+    "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_2)",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status HTTP codes, page 11",
+      "excerpt": "200 Status updated successfully card_id, new_status, updated_at"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Card status update rejects invalid transition with 400 INVALID_TRANSITION and allowed_transitions",
+    "description": "Verifies the card status API rejects an invalid state change attempt and returns the specified error code plus allowed_transitions, preventing unsupported/unsafe status changes. Automation: HIGH — API assertions.",
+    "testId": "TC-CARDSTAT-03",
+    "testDescription": "As an authenticated cardholder, when I attempt an invalid card status transition, the API must respond with HTTP 400 and include error INVALID_TRANSITION and allowed_transitions to guide the client.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_3 (UUID) and the card is in a state where the requested transition is invalid per system rules (preconfigured fixture).\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner and is not expired.\n4) Test harness can capture and assert response JSON fields error and allowed_transitions.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Record the starting card status for card_id_3 from test fixture (e.g., a non-user-changeable state); observe starting status captured.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_3}/status; observe path contains card_id_3.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body attempting the invalid transition (e.g., status=\"Frozen\" from the current fixture state), include confirm_otp=confirm_otp_valid and reason=\"Attempt invalid transition\"; observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 400; observe client error.\n8) Verify response body error equals \"INVALID_TRANSITION\"; observe exact match.\n9) Verify response body includes allowed_transitions and it is present (non-empty value); observe field exists.\n10) Verify response body does not include success fields card_id/new_status/updated_at as a successful update; observe success payload is absent.",
+    "expectedResult": "1) API returns HTTP 400.\n2) Response body includes error: INVALID_TRANSITION.\n3) Response body includes allowed_transitions, enabling the client to display permissible next states and preventing the illegal state change.",
+    "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
+    "httpMethod": "PATCH",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"status\": \"Frozen\", \"reason\": \"Attempt invalid transition\", \"confirm_otp\": \"123456\" }",
+    "expectedHttpStatus": 400,
+    "errorCodeExpected": "INVALID_TRANSITION",
+    "validationRulesCovered": "400 Invalid status transition attempted error: INVALID_TRANSITION, allowed_transitions",
+    "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_3)",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status HTTP codes, page 11",
+      "excerpt": "400 Invalid status transition attempted error: INVALID_TRANSITION, allowed_transitions"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Card status update fails with 401 OTP_FAILED and returns attempts_remaining",
+    "description": "Verifies OTP enforcement on card freeze/unfreeze: an invalid or expired OTP must not change card status and must return attempts_remaining to throttle brute-force attempts. Automation: HIGH — API assertions.",
+    "testId": "TC-CARDSTAT-04",
+    "testDescription": "As an authenticated cardholder attempting to freeze/unfreeze a card, when I provide an invalid or expired confirm_otp, the API must respond with HTTP 401 and error OTP_FAILED including attempts_remaining.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_4 (UUID) and the card is in a user-changeable state (Active or Frozen) to ensure OTP is the only failing condition.\n3) An invalid or expired 6-digit OTP value is available for testing (e.g., \"000000\"), guaranteed not to validate.\n4) Test harness can assert that card status did not change after the call (via subsequent valid-status update or fixture observation).",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Record the starting status of card_id_4 (Active or Frozen) from fixture/setup; observe status captured.\n3) Prepare PATCH https://api.aegiscard.com/v2/cards/{card_id_4}/status; observe path contains card_id_4.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body with a valid target status (e.g., status=\"Frozen\" if starting Active, else status=\"Active\") and confirm_otp=\"000000\"; observe invalid OTP set.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 401; observe unauthorized due to OTP failure.\n8) Verify response body error equals \"OTP_FAILED\"; observe exact match.\n9) Verify response body includes attempts_remaining and it is a populated value; observe field exists.\n10) Re-check card status for card_id_4 using a controlled follow-up (e.g., repeat PATCH with a known-valid OTP or consult fixture/state read if available) to confirm the earlier request did not change the status; observe status unchanged from starting value until a valid OTP is used.",
+    "expectedResult": "1) API returns HTTP 401.\n2) Response body includes error: OTP_FAILED and attempts_remaining.\n3) Card status is not updated when confirm_otp is invalid/expired, preventing OTP brute-force abuse from changing card state.",
+    "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
+    "httpMethod": "PATCH",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"status\": \"Frozen\", \"confirm_otp\": \"000000\" }",
+    "expectedHttpStatus": 401,
+    "errorCodeExpected": "OTP_FAILED",
+    "securityScenario": "OTP invalid/expired; assert attempts_remaining returned to limit repeated guessing",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status HTTP codes, page 11",
+      "excerpt": "401 OTP invalid or expired error: OTP_FAILED, attempts_remaining"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Report card lost/stolen blocks card and schedules replacement (irreversible)",
+    "description": "Verifies reporting a card as lost or stolen immediately blocks the card and schedules a replacement, and that the action is irreversible to reduce fraud exposure. Automation: MEDIUM — API assertions; irreversibility may require environment reset.",
+    "testId": "TC-LOST-01",
+    "testDescription": "As an authenticated cardholder, when I report my card as LOST or STOLEN, the system must immediately block the card and trigger the re-issue workflow, returning the replacement scheduling details and treating the action as irreversible.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_5 (UUID) and the card is not already in Blocked or Closed state.\n3) Test environment supports observing the report-lost response fields (blocked_card_id, new_card_eta, case_number).\n4) If irreversibility needs verification, environment supports attempting a subsequent operation that would represent reversal (e.g., freeze/unfreeze) to confirm it cannot restore the state (without asserting a specific error code not documented).",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm card_id_5 is not already Blocked or Closed (fixture/state setup); observe starting state recorded.\n3) Prepare POST https://api.aegiscard.com/v2/cards/{card_id_5}/report-lost; observe path contains card_id_5.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body with loss_type=\"LOST\"; do not include optional fields; observe payload prepared.\n6) Send the POST request; observe response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body contains blocked_card_id, new_card_eta, and case_number; observe all fields present.\n9) Verify blocked_card_id is populated and corresponds to the blocked card reference (non-empty); observe value present.\n10) (Irreversibility check) Attempt a follow-up action that would normally change card state back to usable (e.g., PATCH /v2/cards/{card_id_5}/status with status=\"Active\" and a valid confirm_otp, if available); observe the card is not restored to a normal usable state (do not assert a specific status/error not documented).",
+    "expectedResult": "1) API returns HTTP 200.\n2) Response includes blocked_card_id, new_card_eta, case_number indicating the card is blocked and replacement is scheduled.\n3) Post-condition: the lost/stolen report is treated as irreversible (the system does not allow returning the same card to normal use), requiring cleanup via test data reset for subsequent runs.",
+    "apiEndpoint": "POST /v2/cards/{card_id}/report-lost",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"loss_type\": \"LOST\" }",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "loss_type enum {LOST, STOLEN}; irreversible behavior; replacement scheduled",
+    "sourceCitation": {
+      "location": "Section 6.3 Report Card Lost or Stolen, page 12",
+      "excerpt": "Immediately blocks card and triggers re-issue workflow (REQ-007). Irreversible."
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Report lost/stolen returns 409 ALREADY_BLOCKED if card already Blocked or Closed",
+    "description": "Verifies duplicate/invalid lost-stolen reporting is prevented when the card is already Blocked or Closed, avoiding redundant re-issue workflows and case duplication. Automation: HIGH — API assertions with pre-blocked fixture.",
+    "testId": "TC-LOST-02",
+    "testDescription": "As an authenticated cardholder, when I attempt to report a card lost/stolen that is already in Blocked or Closed state, the API must return HTTP 409 with error ALREADY_BLOCKED.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_6 (UUID) and card_id_6 is already in Blocked or Closed state (fixture).\n3) API base URL is reachable: https://api.aegiscard.com/v2.\n4) Test harness can assert response error code.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Verify via fixture/setup that card_id_6 state is Blocked or Closed; observe state recorded.\n3) Prepare POST https://api.aegiscard.com/v2/cards/{card_id_6}/report-lost; observe correct path.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body with loss_type=\"STOLEN\"; observe payload prepared.\n6) Send the POST request; observe a response is returned.\n7) Verify HTTP status code is 409; observe conflict.\n8) Verify response body includes error equal to \"ALREADY_BLOCKED\"; observe exact match.\n9) Verify response body does not include success keys (blocked_card_id, new_card_eta, case_number); observe absence.\n10) Retry the same request once more to ensure consistent behavior; observe it remains 409 with error ALREADY_BLOCKED.",
+    "expectedResult": "1) API returns HTTP 409.\n2) Response body includes error: ALREADY_BLOCKED.\n3) No replacement scheduling fields are returned for an already Blocked/Closed card, preventing duplicate re-issue initiation.",
+    "apiEndpoint": "POST /v2/cards/{card_id}/report-lost",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"loss_type\": \"STOLEN\" }",
+    "expectedHttpStatus": 409,
+    "errorCodeExpected": "ALREADY_BLOCKED",
+    "sourceCitation": {
+      "location": "Section 6.3 Report Card Lost or Stolen HTTP codes, page 12",
+      "excerpt": "409 Card already in Blocked or Closed state error: ALREADY_BLOCKED"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Report lost/stolen accepts last_known_use in ISO 8601 UTC (optional)",
+    "description": "Verifies the optional last_known_use field is accepted when provided in ISO 8601 UTC format to support fraud investigation timelines. Automation: HIGH — API assertions.",
+    "testId": "TC-LOST-03",
+    "testDescription": "As an authenticated cardholder reporting a card lost, when I include last_known_use in ISO 8601 UTC format, the API must accept the request and process the loss report successfully.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_7 (UUID) and the card is not already Blocked or Closed.\n3) A valid ISO 8601 UTC datetime string is prepared, e.g., \"2026-04-01T13:45:30Z\".\n4) API base URL is reachable: https://api.aegiscard.com/v2.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm card_id_7 is eligible to be reported (not Blocked/Closed) via fixture; observe status recorded.\n3) Prepare POST https://api.aegiscard.com/v2/cards/{card_id_7}/report-lost; observe correct path.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body with loss_type=\"LOST\" and last_known_use=\"2026-04-01T13:45:30Z\"; observe ISO 8601 UTC value present.\n6) Send the POST request; observe a response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body includes blocked_card_id; observe value present.\n9) Verify response body includes new_card_eta and case_number; observe both present.\n10) Record the request/response in test evidence noting last_known_use was accepted (no validation error returned); observe successful processing with last_known_use provided.",
+    "expectedResult": "1) API returns HTTP 200 when last_known_use is provided in ISO 8601 UTC format.\n2) Response includes blocked_card_id, new_card_eta, case_number, confirming the lost report was processed.\n3) No validation error is returned due to presence of last_known_use in the specified format.",
+    "apiEndpoint": "POST /v2/cards/{card_id}/report-lost",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"loss_type\": \"LOST\", \"last_known_use\": \"2026-04-01T13:45:30Z\" }",
+    "expectedHttpStatus": 200,
+    "boundaryValues": "Datetime format: ISO 8601 UTC (Z-suffix) example used",
+    "sourceCitation": {
+      "location": "Section 6.3 Report Card Lost or Stolen field table, page 12",
+      "excerpt": "last_known_use DateTime Optional ISO 8601 UTC; for fraud investigation"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Set virtual PIN succeeds when new_pin is 4 digits, confirm_pin matches, and session_otp provided",
+    "description": "Verifies the virtual PIN can be set when inputs meet format rules and OTP is provided, and that the PIN is transmitted encrypted as required. This protects card access by enforcing PIN complexity/format and secure transport. Automation: MEDIUM — requires test harness capable of RSA-OAEP encryption.",
+    "testId": "TC-PIN-01",
+    "testDescription": "As an authenticated cardholder, when I set a new virtual PIN using a 4-digit numeric value (encrypted with RSA-OAEP), provide matching confirm_pin, and include a valid 6-digit session_otp, the API must return success.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_8 (UUID) and the card is not in Blocked state.\n3) A valid 6-digit OTP (session_otp_valid) has been obtained from the OTP request flow referenced by the SRS (\"/v2/auth/otp/request\").\n4) Test harness can encrypt the 4-digit PIN using RSA-OAEP per system requirement before sending new_pin/confirm_pin.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Obtain a valid session_otp for the user via the referenced OTP issuance flow; observe session_otp_valid is 6 digits.\n3) Choose a synthetic PIN value \"1234\"; observe it is exactly 4 numeric digits.\n4) Encrypt \"1234\" using RSA-OAEP as required by the integration; observe ciphertext string produced (do not log plaintext in test evidence).\n5) Prepare PUT https://api.aegiscard.com/v2/cards/{card_id_8}/pin; observe correct path.\n6) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n7) Create request body with new_pin=<RSA-OAEP ciphertext>, confirm_pin=<same ciphertext representing the same 4 digits>, session_otp=session_otp_valid; observe confirm matches new_pin.\n8) Send the PUT request; observe a response is returned.\n9) Verify HTTP status code is 200; observe success.\n10) Verify response body contains success: true and updated_at; observe both present and success is true.",
+    "expectedResult": "1) API returns HTTP 200.\n2) Response body contains success: true and updated_at.\n3) PIN update is accepted only when new_pin is exactly 4 numeric digits (sent encrypted RSA-OAEP), confirm_pin matches, and session_otp is provided, reducing risk of weak/incorrect PIN setting and protecting transport security.",
+    "apiEndpoint": "PUT /v2/cards/{card_id}/pin",
+    "httpMethod": "PUT",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"new_pin\": \"<rsa_oaep_ciphertext_for_1234>\", \"confirm_pin\": \"<rsa_oaep_ciphertext_for_1234>\", \"session_otp\": \"654321\" }",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "new_pin exactly 4 numeric digits; transmitted encrypted (RSA-OAEP); confirm_pin matches; session_otp required",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN (Virtual PIN), page 12",
+      "excerpt": "Exactly 4 numeric digits; transmitted encrypted (RSA-OAEP)"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Set virtual PIN returns 400 PIN_MISMATCH when confirm_pin does not match new_pin",
+    "description": "Verifies the service rejects PIN set attempts when confirm_pin does not match new_pin and returns the specified error code, preventing accidental/incorrect PIN assignment. Automation: MEDIUM — requires RSA-OAEP encryption in test harness.",
+    "testId": "TC-PIN-02",
+    "testDescription": "As an authenticated cardholder, when I attempt to set a virtual PIN with confirm_pin different from new_pin (while still providing session_otp), the API must return HTTP 400 with error PIN_MISMATCH.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_9 (UUID) and the card is not in Blocked state.\n3) A valid 6-digit session_otp (session_otp_valid) is available from the OTP request flow referenced by the SRS.\n4) Test harness can encrypt PIN values using RSA-OAEP prior to sending.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Obtain/prepare a valid 6-digit session_otp_valid; observe it is present.\n3) Choose two different 4-digit numeric PINs: new_pin_plain=\"1234\" and confirm_pin_plain=\"4321\"; observe they differ.\n4) Encrypt both values using RSA-OAEP; observe two different ciphertext values produced.\n5) Prepare PUT https://api.aegiscard.com/v2/cards/{card_id_9}/pin; observe correct path.\n6) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n7) Create request body with new_pin=<ciphertext for 1234>, confirm_pin=<ciphertext for 4321>, session_otp=session_otp_valid; observe mismatch condition.\n8) Send the PUT request; observe a response is returned.\n9) Verify HTTP status code is 400; observe validation error.\n10) Verify response body error equals \"PIN_MISMATCH\"; observe exact match.",
+    "expectedResult": "1) API returns HTTP 400.\n2) Response body error is PIN_MISMATCH.\n3) No success indicators (success: true, updated_at) are returned when confirm_pin does not match new_pin, preventing incorrect PIN setup.",
+    "apiEndpoint": "PUT /v2/cards/{card_id}/pin",
+    "httpMethod": "PUT",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{ \"new_pin\": \"<rsa_oaep_ciphertext_for_1234>\", \"confirm_pin\": \"<rsa_oaep_ciphertext_for_4321>\", \"session_otp\": \"654321\" }",
+    "expectedHttpStatus": 400,
+    "errorCodeExpected": "PIN_MISMATCH",
+    "validationRulesCovered": "400 PIN mismatch or not 4 digits error: PIN_MISMATCH or PIN_FORMAT",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN HTTP codes, page 12",
+      "excerpt": "400 PIN mismatch or not 4 digits error: PIN_MISMATCH or PIN_FORMAT"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Set virtual PIN returns 400 PIN_FORMAT when new_pin is not exactly 4 numeric digits",
+    "description": "Validates that the Set Web-Based PIN API enforces the exact PIN length/character rule and rejects non-compliant values with the specified error. This prevents weak/invalid PINs from being set and ensures consistent downstream PIN handling. Automation: HIGH — pure API assertions.",
+    "testId": "TC-PIN-03",
+    "testDescription": "As an authenticated cardholder with a non-blocked card, when I attempt to set/reset my virtual PIN using a session OTP but provide a new_pin that is not exactly 4 numeric digits, the system must reject the request with HTTP 400 and error code PIN_FORMAT.",
+    "prerequisites": "1) Valid authenticated session for a cardholder (Authorization: Bearer <access_token>).\n2) Test card_id exists and belongs to the authenticated user; card is NOT in Blocked state.\n3) Obtain a valid 6-digit session_otp from /v2/auth/otp/request (per field requirement: \"6-digit OTP from /v2/auth/otp/request\").\n4) Ability to encrypt new_pin using RSA-OAEP as required for transmission.",
+    "stepsToPerform": "1) Prepare test card_id = \"11111111-2222-3333-4444-555555555555\" that is owned by the authenticated user; observe in test data setup that card is not Blocked.\n2) Request an OTP using the referenced flow (call /v2/auth/otp/request) and capture a valid session_otp (example: \"123456\"); observe OTP is issued/available for use.\n3) Generate RSA-OAEP encrypted payload for an invalid new_pin of length 3 digits (example plaintext \"123\" -> encrypted \"<rsa_oaep_ciphertext_1>\"); observe ciphertext is produced.\n4) Call PUT https://api.aegiscard.com/v2/cards/{card_id}/pin with body: {\"new_pin\":\"<rsa_oaep_ciphertext_1>\",\"confirm_pin\":\"<rsa_oaep_ciphertext_1>\",\"session_otp\":\"123456\"}; observe HTTP response.\n5) Verify response is HTTP 400; observe response body contains error code \"PIN_FORMAT\".\n6) Generate RSA-OAEP encrypted payload for an invalid new_pin of length 5 digits (example plaintext \"12345\" -> encrypted \"<rsa_oaep_ciphertext_2>\"); observe ciphertext is produced.\n7) Call PUT /v2/cards/{card_id}/pin with {\"new_pin\":\"<rsa_oaep_ciphertext_2>\",\"confirm_pin\":\"<rsa_oaep_ciphertext_2>\",\"session_otp\":\"123456\"}; observe HTTP response.\n8) Verify response is HTTP 400 with error \"PIN_FORMAT\".\n9) Generate RSA-OAEP encrypted payload for an invalid new_pin containing non-numeric characters (example plaintext \"12A4\" -> encrypted \"<rsa_oaep_ciphertext_3>\"); observe ciphertext is produced.\n10) Call PUT /v2/cards/{card_id}/pin with {\"new_pin\":\"<rsa_oaep_ciphertext_3>\",\"confirm_pin\":\"<rsa_oaep_ciphertext_3>\",\"session_otp\":\"123456\"}; observe HTTP response.\n11) Verify response is HTTP 400 with error \"PIN_FORMAT\" and confirm no success indicator (e.g., do not see \"success: true\").",
+    "expectedResult": "1) For each invalid new_pin case (3 digits, 5 digits, or non-numeric), the API returns HTTP 400.\n2) Response body contains the exact error code \"PIN_FORMAT\" (not PIN_MISMATCH).\n3) PIN is not set/updated (no \"success: true\" returned).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/cards/{card_id}/pin",
+    "httpMethod": "PUT",
+    "requestHeaders": "Authorization: Bearer <access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{\"new_pin\":\"<rsa_oaep_ciphertext>\",\"confirm_pin\":\"<rsa_oaep_ciphertext>\",\"session_otp\":\"123456\"}",
+    "expectedHttpStatus": 400,
+    "errorCodeExpected": "PIN_FORMAT",
+    "boundaryValues": "Invalid: \"123\" (len=3), \"12345\" (len=5), \"12A4\" (non-numeric); rule requires exactly 4 numeric digits",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN (Virtual PIN) field table, page 12",
+      "excerpt": "Exactly 4 numeric digits; transmitted encrypted (RSA-OAEP)"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Set virtual PIN returns 403 CARD_BLOCKED when card is in Blocked state",
+    "description": "Ensures the Set Web-Based PIN API blocks PIN changes when the card is already Blocked, returning the specified authorization/business error. This prevents actions on blocked instruments and reduces fraud risk. Automation: HIGH — pure API assertions.",
+    "testId": "TC-PIN-04",
+    "testDescription": "As an authenticated cardholder, when I attempt to set/reset the virtual PIN for a card that is in Blocked state (even with valid OTP and matching PIN values), the system must reject the request with HTTP 403 and error code CARD_BLOCKED.",
+    "prerequisites": "1) Valid authenticated session for a cardholder (Authorization: Bearer <access_token>).\n2) card_id exists and belongs to the authenticated user.\n3) Card is in Blocked state before the test starts.\n4) Obtain a valid 6-digit session_otp from /v2/auth/otp/request.\n5) Ability to encrypt new_pin using RSA-OAEP.",
+    "stepsToPerform": "1) Select a test card_id = \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\" owned by the authenticated user and ensure its state is Blocked; observe card status in test setup (Blocked).\n2) Request an OTP using /v2/auth/otp/request and capture a valid session_otp (example: \"123456\"); observe OTP is issued.\n3) Create a valid 4-digit PIN plaintext \"1234\" and encrypt with RSA-OAEP to \"<rsa_oaep_ciphertext_1234>\"; observe ciphertext is produced.\n4) Call PUT https://api.aegiscard.com/v2/cards/{card_id}/pin with body {\"new_pin\":\"<rsa_oaep_ciphertext_1234>\",\"confirm_pin\":\"<rsa_oaep_ciphertext_1234>\",\"session_otp\":\"123456\"}; observe HTTP response.\n5) Verify HTTP status is 403; observe response body error code.\n6) Assert error code equals \"CARD_BLOCKED\" exactly.\n7) Re-try the same request with a fresh OTP (request a new session_otp and resend same encrypted PIN); observe HTTP response.\n8) Verify the response remains 403 with \"CARD_BLOCKED\" (ensures blocked-state rule dominates over OTP correctness).\n9) Confirm response does not include success payload (e.g., no \"success: true, updated_at\").",
+    "expectedResult": "1) API returns HTTP 403.\n2) Response body contains exact error code \"CARD_BLOCKED\".\n3) PIN is not set/updated (no success response payload returned).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/cards/{card_id}/pin",
+    "httpMethod": "PUT",
+    "requestHeaders": "Authorization: Bearer <access_token>, Content-Type: application/json",
+    "requestBodyExampleMasked": "{\"new_pin\":\"<rsa_oaep_ciphertext>\",\"confirm_pin\":\"<rsa_oaep_ciphertext>\",\"session_otp\":\"123456\"}",
+    "expectedHttpStatus": 403,
+    "errorCodeExpected": "CARD_BLOCKED",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN (Virtual PIN) HTTP codes, page 12",
+      "excerpt": "403 Card in Blocked state error: CARD_BLOCKED"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Retrieve statement default format JSON and returns required statement fields (200)",
+    "description": "Verifies the statement retrieval endpoint defaults to JSON when format is omitted and returns the required statement fields for billing transparency. Automation: HIGH — pure API assertions.",
+    "testId": "TC-STMT-01",
+    "testDescription": "As an authenticated cardholder, when I retrieve an existing generated statement without providing the format parameter, I should receive a 200 response with a JSON payload containing all required statement fields.",
+    "prerequisites": "1) Valid authenticated session for a cardholder (Authorization: Bearer <access_token>).\n2) account_id exists and belongs to the authenticated user.\n3) A generated statement exists for the account with statement_id = \"99999999-8888-7777-6666-555555555555\".\n4) Test environment can distinguish JSON response (Content-Type application/json) from PDF responses.",
+    "stepsToPerform": "1) Identify account_id = \"22222222-3333-4444-5555-666666666666\" owned by the authenticated user; observe ownership is valid in test data.\n2) Identify an existing generated statement_id = \"99999999-8888-7777-6666-555555555555\" for that account; observe it is marked generated/available in test data.\n3) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id} WITHOUT a format query parameter; observe HTTP status and headers.\n4) Verify HTTP status is 200; observe Content-Type header indicates JSON (e.g., application/json).\n5) Parse response body as JSON; observe it is valid JSON.\n6) Verify the presence of \"statement_date\" and \"total_spend\" fields in the response body.\n7) Verify the presence of \"adb\" and \"interest_charged\" fields in the response body.\n8) Verify the presence of \"late_fee\" and \"rewards_earned\" fields in the response body.\n9) Verify the presence of \"minimum_payment_due\" and \"due_date\" fields in the response body.\n10) Confirm no binary PDF payload is returned (e.g., response body is structured JSON and not a PDF stream).",
+    "expectedResult": "1) Response is HTTP 200.\n2) Default response format is JSON when format is omitted.\n3) JSON payload contains the required keys: statement_date, total_spend, adb, interest_charged, late_fee, rewards_earned, minimum_payment_due, due_date.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "requestHeaders": "Authorization: Bearer <access_token>, Accept: application/json",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "format Enum Optional {JSON, PDF}; default JSON; required response body keys for 200",
+    "sourceCitation": {
+      "location": "Section 7.1 Statement & Billing Cycle API, page 13",
+      "excerpt": "format Enum Optional {JSON, PDF}; default JSON"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Retrieve statement in PDF format when format=PDF",
+    "description": "Ensures the statement retrieval endpoint supports PDF output when requested, enabling downloadable statements for customers. Automation: MEDIUM — API assertions plus binary/PDF header validation.",
+    "testId": "TC-STMT-02",
+    "testDescription": "As an authenticated cardholder, when I retrieve an existing generated statement with format=PDF, I should receive a 200 response containing a PDF payload instead of JSON.",
+    "prerequisites": "1) Valid authenticated session for a cardholder (Authorization: Bearer <access_token>).\n2) account_id exists and belongs to the authenticated user.\n3) A generated statement exists for the account with statement_id = \"99999999-8888-7777-6666-555555555555\".\n4) Test client can validate PDF response characteristics (Content-Type and PDF file signature).",
+    "stepsToPerform": "1) Identify account_id = \"22222222-3333-4444-5555-666666666666\" owned by the authenticated user; observe ownership is valid in test data.\n2) Identify generated statement_id = \"99999999-8888-7777-6666-555555555555\"; observe it is available.\n3) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=PDF; observe HTTP status and headers.\n4) Verify HTTP status is 200.\n5) Verify Content-Type header indicates a PDF response (e.g., application/pdf); observe header value.\n6) Inspect the first bytes of the response body and verify it begins with the PDF signature \"%PDF\"; observe signature match.\n7) Verify the response body is not parseable as JSON (e.g., JSON parsing fails); observe parse failure.\n8) Save response to a file named \"statement_test.pdf\"; observe file is created and non-empty.\n9) Open/validate the PDF via a PDF parser in automation and confirm it is a valid PDF document structure; observe parser succeeds.",
+    "expectedResult": "1) Response is HTTP 200.\n2) Response is delivered in PDF format when format=PDF (Content-Type PDF and body starts with \"%PDF\").\n3) Response is not a JSON statement payload (binary/PDF content returned).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=PDF",
+    "httpMethod": "GET",
+    "requestHeaders": "Authorization: Bearer <access_token>, Accept: application/pdf",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "format Enum Optional {JSON, PDF}",
+    "sourceCitation": {
+      "location": "Section 7.1 Statement & Billing Cycle API, page 13",
+      "excerpt": "format Enum Optional {JSON, PDF}; default JSON"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Retrieve statement returns 404 NOT_FOUND when statement not generated or missing",
+    "description": "Validates correct error handling when a statement is not available (missing or not yet generated), preventing misleading data exposure and enabling proper client messaging. Automation: HIGH — pure API assertions.",
+    "testId": "TC-STMT-03",
+    "testDescription": "As an authenticated cardholder, when I retrieve a statement_id that does not exist or is not yet generated for my account, the API must return HTTP 404 with error code NOT_FOUND.",
+    "prerequisites": "1) Valid authenticated session for a cardholder (Authorization: Bearer <access_token>).\n2) account_id exists and belongs to the authenticated user.\n3) statement_id used for the test is confirmed to be missing/not generated in the environment (e.g., a random UUID not present).",
+    "stepsToPerform": "1) Identify account_id = \"22222222-3333-4444-5555-666666666666\" owned by the authenticated user; observe ownership is valid.\n2) Choose a non-existent statement_id = \"00000000-1111-2222-3333-444444444444\"; observe it is not present in statements list/test data.\n3) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id} with format omitted; observe HTTP response.\n4) Verify HTTP status is 404.\n5) Verify response body contains error code \"NOT_FOUND\".\n6) Re-send request with explicit format=JSON; observe HTTP response.\n7) Verify HTTP status remains 404 and error code remains \"NOT_FOUND\".\n8) Re-send request with format=PDF; observe HTTP response.\n9) Verify HTTP status remains 404 and response still indicates error \"NOT_FOUND\" (not a PDF payload).",
+    "expectedResult": "1) API returns HTTP 404.\n2) Response body contains exact error code \"NOT_FOUND\".\n3) No statement payload is returned (neither JSON fields nor PDF content).",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "requestHeaders": "Authorization: Bearer <access_token>, Accept: application/json",
+    "expectedHttpStatus": 404,
+    "errorCodeExpected": "NOT_FOUND",
+    "sourceCitation": {
+      "location": "Section 7.1 Statement & Billing Cycle API HTTP codes, page 13",
+      "excerpt": "404 Statement not found or not yet generated error: NOT_FOUND"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Interest computed using ADB formula with Days_in_Billing_Cycle and APR",
+    "description": "Validates interest charged is computed exactly per the ADB formula using APR and Days_in_Billing_Cycle, ensuring accurate regulated billing. Automation: MEDIUM — requires deterministic billing inputs and statement retrieval.",
+    "testId": "TC-INT-01",
+    "testDescription": "As a cardholder, when a billing cycle is computed for a known ADB, APR, and Days_in_Billing_Cycle, the interest_charged must equal the formula result: (ADB × APR / 365) × Days_in_Billing_Cycle.",
+    "prerequisites": "1) Billing computation test fixture/environment supports creating a statement with known ADB and APR inputs (or a seeded statement record).\n2) account_id belongs to the authenticated user.\n3) A generated statement_id exists whose underlying values are known: ADB=1000.00, APR=0.1999 (19.99%), Days_in_Billing_Cycle=30.\n4) Valid authenticated session for statement retrieval (Authorization: Bearer <access_token>).",
+    "stepsToPerform": "1) Seed or select a test statement for account_id = \"33333333-4444-5555-6666-777777777777\" with known billing inputs: adb=1000.00, apr=0.1999, days_in_billing_cycle=30; observe these fixture values are recorded.\n2) Compute expected interest using the specified formula: (1000.00 × 0.1999 / 365) × 30 = 16.4301369863; observe computed expected value.\n3) Round/format expected value to 2 decimals for comparison as used in statement currency fields: expected_interest_charged = 16.43; observe expected rounded value.\n4) Call GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id} (default JSON); observe HTTP 200.\n5) Extract the \"adb\" field from response and verify it equals 1000.00; observe match.\n6) Extract \"interest_charged\" from response; observe returned value.\n7) Compare returned interest_charged to expected 16.43 exactly to 2 decimal places; observe match.\n8) Verify the statement response includes \"statement_date\" and \"due_date\" (ensures it is a full statement payload); observe fields present.\n9) Record the test evidence (request/response and calculation sheet) for auditability; observe artifacts saved in test run output.",
+    "expectedResult": "1) Statement retrieval returns HTTP 200 with JSON payload.\n2) Returned adb equals the seeded/known ADB value (1000.00).\n3) Returned interest_charged equals the computed value per formula: 16.43 for ADB=1000.00, APR=0.1999, Days_in_Billing_Cycle=30.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "calculationExpected": "Interest = (1000.00 × 0.1999 / 365) × 30 = 16.43",
+    "testDataMasked": "account_id=33333333-4444-5555-6666-777777777777, statement_id=abababab-cdcd-efef-0101-121212121212",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "Interest = (ADB × APR / 365) × Days_in_Billing_Cycle"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Interest calculation handles different Days_in_Billing_Cycle values (e.g., 28/30/31) per formula",
+    "description": "Validates interest scales with Days_in_Billing_Cycle at common month-length boundaries, preventing under/overcharging. Automation: MEDIUM — requires deterministic billing fixtures for different cycle lengths.",
+    "testId": "TC-INT-02",
+    "testDescription": "As a cardholder, for the same ADB and APR, interest_charged must change proportionally when Days_in_Billing_Cycle is 28, 30, and 31 as defined by the ADB interest formula.",
+    "prerequisites": "1) Billing computation test fixture/environment supports generating three statements with controlled Days_in_Billing_Cycle values while keeping ADB and APR constant.\n2) account_id belongs to authenticated user.\n3) Three generated statements exist (or can be generated) with constant adb=2500.00 and apr=0.2499, and Days_in_Billing_Cycle values of 28, 30, 31.\n4) Valid authenticated session for statement retrieval.",
+    "stepsToPerform": "1) Seed/select statement S28 with adb=2500.00, apr=0.2499, days_in_billing_cycle=28; observe fixture values.\n2) Compute expected interest for 28 days: (2500.00 × 0.2499 / 365) × 28 = 47.9104109589 -> expected 47.91; observe expected value.\n3) Retrieve S28 via GET /v2/accounts/{account_id}/statements/{S28_id}; observe HTTP 200 and extract interest_charged.\n4) Verify S28 interest_charged equals 47.91 (2 decimals); observe match.\n5) Seed/select statement S30 with same adb/apr and days_in_billing_cycle=30; compute expected: (2500.00 × 0.2499 / 365) × 30 = 51.3325839041 -> 51.33; observe expected value.\n6) Retrieve S30 and verify interest_charged equals 51.33; observe match.\n7) Seed/select statement S31 with same adb/apr and days_in_billing_cycle=31; compute expected: (2500.00 × 0.2499 / 365) × 31 = 53.0436703767 -> 53.04; observe expected value.\n8) Retrieve S31 and verify interest_charged equals 53.04; observe match.\n9) Verify monotonic boundary behavior: S28 < S30 < S31 for interest_charged; observe ordering holds.",
+    "expectedResult": "1) Each statement retrieval returns HTTP 200.\n2) interest_charged matches the formula output for each boundary cycle length: 28d=47.91, 30d=51.33, 31d=53.04 (for ADB=2500.00, APR=0.2499).\n3) Interest increases as Days_in_Billing_Cycle increases while ADB and APR remain constant.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "boundaryValues": "Days_in_Billing_Cycle=28, 30, 31",
+    "calculationExpected": "28d: 47.91; 30d: 51.33; 31d: 53.04 (ADB=2500.00, APR=0.2499)",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "Interest = (ADB × APR / 365) × Days_in_Billing_Cycle"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Grace period (21 days) applied only when prev_statement_balance_paid_in_full=true",
+    "description": "Validates the grace period eligibility rule is strictly gated by prev_statement_balance_paid_in_full, preventing unearned interest-free periods. Automation: MEDIUM — requires billing fixture flags and due-date/grace representation in statement metadata.",
+    "testId": "TC-GRACE-01",
+    "testDescription": "As a cardholder, I should only receive a 21-day grace period when the previous statement balance was paid in full; if not paid in full, the grace period must not be applied.",
+    "prerequisites": "1) Billing test fixture/environment can generate two statements with the same cycle settings but different flag values for prev_statement_balance_paid_in_full.\n2) account_id belongs to authenticated user.\n3) Statement A exists with prev_statement_balance_paid_in_full=true and Statement B exists with prev_statement_balance_paid_in_full=false (or can be generated).\n4) A way to observe grace period application in generated billing outputs used by the system under test (e.g., statement metadata/derived due date window in fixture logs or billing computation output used to build statement).",
+    "stepsToPerform": "1) Seed/select Statement A for account_id = \"44444444-5555-6666-7777-888888888888\" with prev_statement_balance_paid_in_full=true; observe fixture flag value.\n2) Retrieve Statement A via GET /v2/accounts/{account_id}/statements/{A_id}; observe HTTP 200.\n3) Capture statement_date and due_date from Statement A response; observe both fields present.\n4) From billing computation output/fixture evidence for Statement A, verify grace period was set to 21 days due to prev_statement_balance_paid_in_full=true; observe recorded grace period = 21.\n5) Seed/select Statement B with prev_statement_balance_paid_in_full=false; observe fixture flag value.\n6) Retrieve Statement B via GET /v2/accounts/{account_id}/statements/{B_id}; observe HTTP 200.\n7) Capture statement_date and due_date from Statement B response; observe both fields present.\n8) From billing computation output/fixture evidence for Statement B, verify grace period was NOT applied because prev_statement_balance_paid_in_full=false; observe grace period not set to 21.\n9) Attach calculation/fixture evidence to test run artifacts for both cases; observe artifacts saved.",
+    "expectedResult": "1) When prev_statement_balance_paid_in_full=true, grace period is applied as 21 days.\n2) When prev_statement_balance_paid_in_full=false, grace period is not applied.\n3) Both statements are retrievable with HTTP 200 and include statement_date and due_date fields.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "validationRulesCovered": "Grace period (21 days) only if prev_statement_balance_paid_in_full = true",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "Grace period (21 days) only if prev_statement_balance_paid_in_full = true"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Late fee charged when payment_received_date is greater than due_date + 2 days",
+    "description": "Validates late fee is assessed only when payment is received strictly after the 2-day buffer beyond due_date, ensuring correct fee charging. Automation: MEDIUM — requires billing fixture with controlled due_date and payment_received_date.",
+    "testId": "TC-LATEFEE-01",
+    "testDescription": "As a cardholder, if my payment is received after due_date plus 2 days, the statement should include a late_fee of $35.00 as defined by the late fee trigger rule.",
+    "prerequisites": "1) Billing test fixture/environment can create a statement with controlled due_date and payment_received_date.\n2) account_id belongs to authenticated user.\n3) A statement exists with due_date=2026-04-10 and payment_received_date=2026-04-13 (i.e., > due_date + 2 days).\n4) Valid authenticated session for statement retrieval.",
+    "stepsToPerform": "1) Seed/select a test statement for account_id = \"55555555-6666-7777-8888-999999999999\" with due_date = \"2026-04-10\"; observe fixture due_date.\n2) Set/confirm payment_received_date = \"2026-04-13\" for the cycle; observe this is greater than due_date + 2 days (2026-04-12).\n3) Compute boundary check: due_date + 2 days = \"2026-04-12\" and payment_received_date \"2026-04-13\" is strictly greater; observe condition holds.\n4) Retrieve the statement via GET /v2/accounts/{account_id}/statements/{statement_id}; observe HTTP 200.\n5) Extract \"due_date\" from response and verify it equals \"2026-04-10\"; observe match.\n6) Extract \"late_fee\" from response; observe returned value.\n7) Verify late_fee equals 35.00 (or \"$35.00\" depending on numeric formatting); observe exact fee amount.\n8) Save response payload as evidence; observe artifacts stored.\n9) Confirm that late_fee is present as a distinct field in the statement response (not inferred); observe field exists.",
+    "expectedResult": "1) Statement retrieval returns HTTP 200.\n2) When payment_received_date > due_date + 2 days, late_fee equals $35.00.\n3) Statement includes due_date and late_fee fields in the response payload.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "calculationExpected": "due_date 2026-04-10; due_date+2 days=2026-04-12; payment_received_date 2026-04-13 => late_fee $35.00",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "late_fee = $35.00 if payment_received_date > due_date + 2 days"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Late fee boundary: no late fee when payment_received_date equals due_date + 2 days",
+    "description": "Validates the strict 'greater than' boundary for late fee assessment, ensuring customers are not charged when payment arrives exactly on the last allowed buffer day. Automation: MEDIUM — requires billing fixture with controlled dates.",
+    "testId": "TC-LATEFEE-02",
+    "testDescription": "As a cardholder, when payment_received_date is exactly equal to due_date + 2 days, the late fee trigger condition is not met and no $35.00 late_fee should be applied.",
+    "prerequisites": "1) Billing test fixture/environment can create a statement with controlled due_date and payment_received_date.\n2) account_id belongs to authenticated user.\n3) A statement exists with due_date=2026-04-10 and payment_received_date=2026-04-12 (exactly due_date + 2 days).\n4) Valid authenticated session for statement retrieval.",
+    "stepsToPerform": "1) Seed/select a test statement for account_id = \"66666666-7777-8888-9999-000000000000\" with due_date = \"2026-04-10\"; observe fixture due_date.\n2) Set/confirm payment_received_date = \"2026-04-12\"; observe it equals due_date + 2 days.\n3) Compute boundary check: due_date + 2 days = \"2026-04-12\" and payment_received_date is equal (not greater); observe equality.\n4) Retrieve the statement via GET /v2/accounts/{account_id}/statements/{statement_id}; observe HTTP 200.\n5) Extract \"due_date\" from response and verify it equals \"2026-04-10\"; observe match.\n6) Extract \"late_fee\" from response; observe returned value.\n7) Verify late_fee is not charged: assert late_fee equals 0.00 or is absent/null according to system’s statement representation in the test environment; observe it is not $35.00.\n8) Ensure that the response does not show late_fee as 35.00; observe negative assertion passes.\n9) Save response payload as evidence of boundary behavior; observe artifacts stored.",
+    "expectedResult": "1) Statement retrieval returns HTTP 200.\n2) When payment_received_date equals due_date + 2 days, late_fee is not applied (specifically, it must not be $35.00).\n3) Boundary condition is handled using strict '>' comparison as specified.",
+    "apiEndpoint": "https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}",
+    "httpMethod": "GET",
+    "expectedHttpStatus": 200,
+    "boundaryValues": "payment_received_date = due_date + 2 days (exact equality boundary)",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "payment_received_date > due_date + 2 days"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Rewards accrual: Travel MCC earns floor(amount × 3) points",
+    "description": "Verifies that rewards points for Travel MCC transactions are calculated using the specified multiplier and floor() rounding to prevent over-crediting points. Automation: HIGH — API-driven with deterministic calculation assertions.",
+    "testId": "TC-REW-01",
+    "testDescription": "As a cardholder, when I make a Travel-category purchase, the statement’s rewards_earned must reflect points computed as floor(transaction_amount × 3) for that transaction, ensuring the platform applies the Travel multiplier exactly as defined.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) A test account_id exists and is owned by the authenticated user.\n3) A statement_id for the account exists for a billing cycle that includes the test transaction(s).\n4) At least one posted transaction in the billing cycle is categorized as Travel MCC (per product MCC mapping) with transaction_amount = 123.45 (CAD).\n5) Test harness can retrieve the statement via GET /v2/accounts/{account_id}/statements/{statement_id} in JSON format.",
+    "stepsToPerform": "1) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON with Authorization: Bearer <token>; observe HTTP 200.\n2) In the response body, locate rewards_earned; observe it is present.\n3) From test data setup (posted transaction list for the statement period), identify the Travel MCC transaction with transaction_amount = 123.45; observe the amount value used for calculation.\n4) Compute expected travel points = floor(123.45 × 3) = floor(370.35) = 370; record expected value.\n5) If the cycle contains only this single rewards-eligible transaction, compare response rewards_earned to 370; observe equality.\n6) If the cycle contains additional transactions, compute their expected points per REQ-012 (Travel vs All other) using floor() and sum; observe the computed sum.\n7) Compare the computed total expected points to response rewards_earned; observe equality.\n8) Re-run step 1 immediately to ensure consistent calculation (no non-deterministic rounding drift); observe rewards_earned unchanged.\n9) Capture request/response artifacts (request ID, response JSON) for audit of calculation evidence; observe stored artifacts are accessible to the test run.",
+    "expectedResult": "1) Statement retrieval returns HTTP 200 and includes rewards_earned.\n2) For the Travel MCC transaction amount 123.45, points contribution equals floor(123.45 × 3) = 370 (no fractional or rounded-up points).\n3) Statement rewards_earned equals the sum of per-transaction points computed using the Travel rule where applicable and floor() rounding.",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules, page 13",
+      "excerpt": "Travel MCC: points += floor(amount × 3)"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Rewards rounding always floor(): verify no round/ceil applied",
+    "description": "Validates that rewards calculations always use floor() and never round or ceil(), preventing inflation of points at fractional boundaries. Automation: HIGH — deterministic math checks via statement API.",
+    "testId": "TC-REW-02",
+    "testDescription": "As a cardholder, when my purchase amount produces fractional points, the platform must always drop the fractional portion (floor) rather than rounding to nearest or up, so that points are not overstated.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) A test account_id exists and is owned by the authenticated user.\n3) A statement_id exists for a billing cycle that includes exactly two posted transactions created for this test:\n   a) One Travel MCC transaction with transaction_amount = 0.34 (CAD).\n   b) One non-Travel transaction with transaction_amount = 1.99 (CAD).\n4) The billing cycle statement for statement_id is generated and retrievable in JSON.\n5) Test harness can compute expected points independently.",
+    "stepsToPerform": "1) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON with Authorization: Bearer <token>; observe HTTP 200.\n2) In the statement JSON, locate rewards_earned; observe it is present and numeric.\n3) For the Travel MCC transaction amount 0.34, compute points_travel_expected = floor(0.34 × 3) = floor(1.02) = 1; record expected.\n4) For the non-Travel transaction amount 1.99, compute points_other_expected = floor(1.99 × 1) = floor(1.99) = 1; record expected.\n5) Compute total_expected_points = 1 + 1 = 2; record expected.\n6) Compare statement rewards_earned to total_expected_points; observe equality.\n7) Explicitly assert that rewards_earned is NOT 3 (which would indicate rounding/ceiling of 1.02→2 or 1.99→2 in any combination); observe it is not 3.\n8) Repeat GET in step 1 and confirm the same rewards_earned value is returned; observe consistency.\n9) Store evidence (calculation worksheet + response payload) with the test run ID; observe artifacts persisted for review.",
+    "expectedResult": "1) Statement API returns HTTP 200 with rewards_earned present.\n2) rewards_earned equals 2 (floor-based), matching floor(0.34×3)=1 and floor(1.99×1)=1.\n3) rewards_earned does not reflect any round/ceil behavior (e.g., not 3).",
+    "sourceCitation": {
+      "location": "Section 7.2/REQ-013, page 14",
+      "excerpt": "Always floor() — never round or ceil()"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Statement accuracy: sum(transaction_amount[]) equals total_spend within ±$0.01",
+    "description": "Ensures the statement’s total_spend matches the sum of line-item transaction_amount values within the defined tolerance, preventing reconciliation and customer dispute issues. Automation: HIGH — API computation and tolerance assertion.",
+    "testId": "TC-STMTACC-01",
+    "testDescription": "As a cardholder, my statement’s total_spend must reconcile to the sum of the transactions displayed for that statement period within ±$0.01, so totals are accurate despite minor representation/rounding artifacts.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) A test account_id exists and is owned by the authenticated user.\n3) A statement_id exists for a billing cycle where the statement JSON exposes total_spend.\n4) The transactions that belong to the statement period are available to the test harness (either via statement content or via GET /v2/accounts/{account_id}/transactions filtered to the period).\n5) The prepared dataset sums to total_spend with a difference of exactly $0.01 or less (e.g., three transactions: 10.00, 20.00, 30.00 => sum = 60.00; expected total_spend = 60.00).",
+    "stepsToPerform": "1) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON with Authorization: Bearer <token>; observe HTTP 200.\n2) In the response, read total_spend; observe it is present and numeric.\n3) Retrieve the list of transactions for the statement period using GET https://api.aegiscard.com/v2/accounts/{account_id}/transactions?from_date=<cycle_start>&to_date=<cycle_end> (or use the statement’s transaction list if included); observe HTTP 200 and transactions[] present.\n4) Extract each transaction_amount from transactions[] that falls within the statement period; observe amounts are Decimal(10,2) formatted.\n5) Compute sum_transaction_amounts = Σ(transaction_amount); record computed sum.\n6) Compute delta = |sum_transaction_amounts − total_spend|; record delta.\n7) Assert delta ≤ 0.01; observe pass.\n8) Persist calculation evidence (transaction list used, computed sum, delta, statement payload) with the test run; observe artifacts retrievable.\n9) Re-run statement GET (step 1) to confirm total_spend is stable during the test; observe unchanged total_spend for the same statement_id.",
+    "expectedResult": "1) Statement retrieval returns HTTP 200 and includes total_spend.\n2) The absolute difference |sum(transaction_amount[]) − total_spend| is ≤ $0.01.\n3) Evidence artifacts show the exact transaction_amount inputs and computed delta meeting the tolerance.",
+    "sourceCitation": {
+      "location": "Section 7.2/REQ-015, page 14",
+      "excerpt": "sum(transaction_amount[]) == total_spend within tolerance ±$0.01"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Statement accuracy boundary: totals differ by $0.02 should violate ±$0.01 tolerance",
+    "description": "Validates that the platform’s statement accuracy tolerance is enforced strictly and that a $0.02 discrepancy is detected as outside the allowed ±$0.01 window. Automation: MEDIUM — requires controlled data or a test double to create the mismatch.",
+    "testId": "TC-STMTACC-02",
+    "testDescription": "As a risk/control check, when the sum of transaction_amount values differs from total_spend by $0.02, the system must not be considered compliant with the stated tolerance rule, ensuring reconciliation issues are detectable.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) A test account_id exists and is owned by the authenticated user.\n3) A statement_id exists where the statement totals can be validated.\n4) A controlled test dataset exists (via seeded DB fixture or billing computation test mode) such that sum(transaction_amount[]) and total_spend differ by exactly $0.02 (e.g., sum = 100.00, total_spend = 100.02).\n5) Test harness can compute delta and record a test failure when delta > 0.01.",
+    "stepsToPerform": "1) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON with Authorization: Bearer <token>; observe HTTP 200.\n2) Read total_spend from the statement JSON; observe the value (e.g., 100.02).\n3) Retrieve statement-period transactions via GET https://api.aegiscard.com/v2/accounts/{account_id}/transactions?from_date=<cycle_start>&to_date=<cycle_end>; observe HTTP 200 and transactions[] present.\n4) Extract transaction_amount from all statement-period transactions; observe extracted list matches the seeded/controlled dataset.\n5) Compute sum_transaction_amounts; observe it equals the controlled sum (e.g., 100.00).\n6) Compute delta = |sum_transaction_amounts − total_spend|; observe delta = 0.02.\n7) Assert delta ≤ 0.01; observe this assertion FAILS (test should mark non-compliance).\n8) Log the discrepancy details (statement_id, computed sum, total_spend, delta) to the test report; observe the report captures exact numeric evidence.\n9) Confirm the failure condition is strictly due to tolerance (delta > 0.01) and not due to missing transactions in the dataset; observe transaction count matches expected fixture.",
+    "expectedResult": "1) The computed delta equals $0.02, exceeding the allowed tolerance.\n2) The test verdict is FAIL because |sum(transaction_amount[]) − total_spend| > $0.01.\n3) Test evidence includes the statement total_spend and the exact transaction_amount list used to compute the $0.02 discrepancy.",
+    "sourceCitation": {
+      "location": "Section 7.2/REQ-015, page 14",
+      "excerpt": "within tolerance ±$0.01"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Make immediate payment (scheduled_date omitted) returns payment_id and new_balance_estimate",
+    "description": "Verifies immediate payment behavior when scheduled_date is omitted and ensures the response includes payment_id and new_balance_estimate for customer confirmation and reconciliation. Automation: HIGH — pure API assertions; includes abuse-path check for missing CSRF on state-changing call.",
+    "testId": "TC-PAY-01",
+    "testDescription": "As a cardholder, when I submit a payment without specifying scheduled_date, the system should treat it as immediate and return identifiers and balance estimate so I can confirm the payment was accepted.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) A valid CSRF token value is available for the session to send in X-CSRF-Token (state-changing endpoint requirement).\n3) account_id exists and is owned by the authenticated user.\n4) bank_account_id is pre-linked and active for the user (from /v2/bank-accounts).\n5) Current total_balance is known and payment_amount chosen does not exceed max = total_balance and is ≥ $1.00.",
+    "stepsToPerform": "1) (Abuse-path check) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments WITHOUT X-CSRF-Token, body with payment_amount=25.00, payment_type=CUSTOM, bank_account_id=<linked>; observe request is rejected due to missing CSRF (record response for security evidence).\n2) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments WITH headers Authorization: Bearer <token> and X-CSRF-Token: <token>; omit scheduled_date in JSON body; observe HTTP 200.\n3) In the HTTP 200 response, verify payment_id is present and non-empty; observe field exists.\n4) Verify new_balance_estimate is present and numeric; observe field exists.\n5) Verify scheduled_date field is present but null/omitted per implementation response contract; observe no future date was scheduled.\n6) Immediately re-GET account summary (GET /v2/accounts/{account_id}/summary) to capture current_balance for comparison context; observe HTTP 200 and current_balance present.\n7) Record the payment_id and response payload to the test report; observe artifacts saved.\n8) Repeat the payment POST with the same inputs but a different payment_amount (e.g., 26.00) to ensure response still includes required fields; observe HTTP 200 and required keys present.\n9) Ensure no raw bank details are echoed back beyond identifiers (only payment_id, scheduled_date, new_balance_estimate per response body keys); observe response does not include bank routing/account numbers.",
+    "expectedResult": "1) When scheduled_date is omitted, the payment request is accepted (HTTP 200) and the response includes payment_id and new_balance_estimate.\n2) The response includes scheduled_date only as part of the response contract but does not represent a future scheduled date when omitted.\n3) Abuse-path evidence: the state-changing endpoint rejects a request missing X-CSRF-Token (captured as a security control check).",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment, page 14",
+      "excerpt": "scheduled_date optional (future date) or immediate if omitted"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Make scheduled payment with future scheduled_date returns scheduled_date in response",
+    "description": "Confirms that providing a future ISO 8601 scheduled_date creates a scheduled payment and that the API echoes scheduled_date back in the response for user confirmation. Automation: HIGH — API-driven; includes CSRF header usage for state-changing call.",
+    "testId": "TC-PAY-02",
+    "testDescription": "As a cardholder, when I schedule a payment for a future date, the system must accept it and return the scheduled_date in the response so I can verify the payment timing.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) Valid CSRF token is available to send in X-CSRF-Token.\n3) account_id exists and is owned by the authenticated user.\n4) bank_account_id is pre-linked and active.\n5) Choose a future scheduled_date in ISO 8601 date format (e.g., 2026-05-15) and payment_amount=50.00 (≥1.00 and ≤ total_balance).",
+    "stepsToPerform": "1) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with Authorization: Bearer <token> and X-CSRF-Token: <csrf>, body: {payment_amount:50.00, payment_type:\"CUSTOM\", bank_account_id:\"<linked>\", scheduled_date:\"2026-05-15\"}; observe HTTP 200.\n2) Verify payment_id is present in the response; observe non-empty value.\n3) Verify scheduled_date is present in the response; observe value equals \"2026-05-15\".\n4) Verify new_balance_estimate is present and numeric; observe field exists.\n5) Re-submit the same request but with a different future date (e.g., 2026-05-16) to validate acceptance for another future date; observe HTTP 200.\n6) Verify the second response scheduled_date equals \"2026-05-16\"; observe exact match.\n7) Record both payment_id values and response payloads as evidence; observe artifacts saved.\n8) (Abuse-path check) Attempt the scheduled payment request without Authorization header; observe request is rejected (record response).\n9) Ensure response does not include bank account sensitive details (only the response body keys); observe no sensitive bank fields are returned.",
+    "expectedResult": "1) Scheduled payment request with a future scheduled_date returns HTTP 200.\n2) Response includes payment_id and echoes the same scheduled_date value provided in the request.\n3) Response includes new_balance_estimate as a numeric value.",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment field table, page 14",
+      "excerpt": "scheduled_date Date Optional ISO 8601; future date; omit for immediate"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Payment amount boundary: min $1.00 enforced for Decimal(10,2)",
+    "description": "Validates payment_amount minimum boundary at $1.00 and just below it, ensuring enforcement of Decimal(10,2) minimum to prevent zero/low-value payment abuse and downstream processing errors. Automation: HIGH — API boundary assertions.",
+    "testId": "TC-PAY-03",
+    "testDescription": "As the platform, I must accept payment_amount at the minimum ($1.00) and reject values below the minimum, to enforce payment constraints consistently.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) Valid CSRF token is available for X-CSRF-Token.\n3) account_id exists and is owned by the authenticated user.\n4) bank_account_id is pre-linked and active.\n5) total_balance is at least $10.00 so that both $1.00 and $0.99 are ≤ total_balance.",
+    "stepsToPerform": "1) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with headers Authorization: Bearer <token>, X-CSRF-Token: <csrf>; body: {payment_amount:1.00, payment_type:\"CUSTOM\", bank_account_id:\"<linked>\"}; observe HTTP 200.\n2) Verify response contains payment_id; observe non-empty.\n3) Verify response contains new_balance_estimate; observe numeric.\n4) Send POST /payments with payment_amount:0.99 (just below minimum), same payment_type and bank_account_id, with Authorization and X-CSRF-Token; observe request is rejected (non-200).\n5) Capture the error response payload for the 0.99 attempt; observe error indicator is present.\n6) Re-try with payment_amount:1.00 again to confirm acceptance is stable at boundary; observe HTTP 200.\n7) Confirm each accepted response includes response body keys payment_id and new_balance_estimate; observe present.\n8) Confirm the rejected 0.99 attempt does not create a payment_id in the response; observe absent.\n9) Store all three request/response pairs as boundary evidence; observe artifacts retrievable.",
+    "expectedResult": "1) payment_amount = $1.00 is accepted (HTTP 200) and returns payment_id and new_balance_estimate.\n2) payment_amount = $0.99 is rejected (non-200) demonstrating enforcement of min $1.00.\n3) The rejected response does not include a successful payment_id issuance.",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment field table, page 14",
+      "excerpt": "payment_amount Decimal ✓ Required Decimal(10,2); min $1.00; max = total_balance"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Payment below minimum_payment_due returns 400 BELOW_MINIMUM with minimum_payment_due",
+    "description": "Ensures payments below minimum_payment_due are rejected with the exact error code and include minimum_payment_due in the response, preventing underpayment acceptance and supporting clear customer remediation. Automation: HIGH — API negative assertion with exact error contract; includes money-transfer abuse-path coverage.",
+    "testId": "TC-PAY-04",
+    "testDescription": "As a cardholder attempting to pay less than my minimum_payment_due, I should receive a clear 400 error with code BELOW_MINIMUM and the minimum_payment_due amount, so I know what to pay.",
+    "prerequisites": "1) Test user is authenticated and has a valid Bearer access token.\n2) Valid CSRF token is available for X-CSRF-Token.\n3) account_id exists and is owned by the authenticated user.\n4) bank_account_id is pre-linked and active.\n5) The current statement (or account state) has a known minimum_payment_due value available from GET statement (e.g., minimum_payment_due = 25.00) and total_balance ≥ 25.00.",
+    "stepsToPerform": "1) Send GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON with Authorization: Bearer <token>; observe HTTP 200.\n2) Read minimum_payment_due from the statement response; observe it is present (e.g., 25.00).\n3) Prepare a payment_amount strictly less than minimum_payment_due (e.g., 24.99); record the chosen amount.\n4) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with Authorization: Bearer <token>, X-CSRF-Token: <csrf>; body: {payment_amount:24.99, payment_type:\"CUSTOM\", bank_account_id:\"<linked>\"}; observe HTTP 400.\n5) Verify response body includes error: \"BELOW_MINIMUM\"; observe exact match.\n6) Verify response body includes minimum_payment_due and that it equals the value from step 2 (e.g., 25.00); observe exact match.\n7) Confirm response does not include payment_id (no queued payment created); observe absent.\n8) (Abuse-path check) Attempt the same below-minimum payment with a different bank_account_id that is not linked; observe the system does not incorrectly bypass BELOW_MINIMUM validation (record response for investigation if behavior differs).\n9) Persist request/response evidence and the retrieved minimum_payment_due used; observe artifacts saved.",
+    "expectedResult": "1) Payment attempt where payment_amount < minimum_payment_due returns HTTP 400.\n2) Response body contains error: BELOW_MINIMUM and includes minimum_payment_due.\n3) No payment_id is issued for the rejected request (no queued payment created).",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment HTTP codes, page 14",
+      "excerpt": "payment_amount < minimum_payment_due error: BELOW_MINIMUM, minimum_payment_due"
+    }
+  },
+  {
+    "type": "security",
+    "title": "PAN displayed in browser only as masked format **** **** **** 1234",
+    "description": "Validates PCI data masking in the web portal UI by ensuring PAN is only rendered as the required masked format, preventing exposure of cardholder data in the DOM. Automation: MEDIUM — requires UI/DOM inspection via browser automation.",
+    "testId": "TC-PAN-01",
+    "testDescription": "As a portal user viewing card details, I must only ever see the masked PAN format (last 4 digits) in the browser, ensuring the UI never displays full PAN and remains PCI compliant.",
+    "prerequisites": "1) Test user can sign in to https://portal.aegiscard.com and has an account with an issued card.\n2) Test card has a known last4 (synthetic) such as 4242; expected mask is \"**** **** **** 4242\".\n3) Browser automation has access to DevTools/DOM inspection or can capture rendered text from the card details component.\n4) Test environment is configured to serve card details to the portal (card summary visible on dashboard).\n5) No browser extensions that alter page content are enabled for the test profile.",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com and log in as the test user; observe navigation to the dashboard succeeds.\n2) Navigate to the card details area where the card number is displayed (e.g., dashboard card widget); observe a card number is shown.\n3) Capture the visible card number text as rendered; observe it matches the pattern \"**** **** **** 4242\" (spaces/grouping as shown).\n4) Right-click and inspect the element (DOM) containing the card number; observe the DOM text content is masked (no additional digits).\n5) Search the DOM (Ctrl+F in Elements) for any contiguous 12–19 digit sequences matching a PAN-like pattern; observe none found.\n6) Open the page source / React component rendered HTML snapshot; observe no unmasked PAN present.\n7) Refresh the page and repeat the visual capture of the masked card number; observe it remains masked.\n8) Perform a UI action that re-renders the widget (e.g., toggle between accounts/cards if available); observe any displayed PAN remains masked.\n9) Save screenshots and DOM dumps as evidence; observe artifacts are stored with the test run ID.",
+    "expectedResult": "1) The PAN displayed in the browser is only in masked format exactly like \"**** **** **** 4242\".\n2) The DOM does not contain a full/unmasked PAN value (no PAN-like digit sequence appears in rendered DOM text/HTML snapshot).\n3) Masking persists across refresh and re-render actions (no transient exposure).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements, page 15",
+      "excerpt": "PAN displayed in browser as **** **** **** 1234 only."
+    }
+  },
+  {
+    "type": "security",
+    "title": "Full PAN never transmitted to frontend (verify API/portal payloads exclude raw PAN)",
+    "description": "Ensures the backend never transmits full PAN to the frontend by verifying API responses and portal network payloads do not include raw PAN fields/values, reducing PCI scope and preventing data leakage. Automation: HIGH — network capture assertions (API + browser DevTools export).",
+    "testId": "TC-PAN-02",
+    "testDescription": "As a security control, the platform must not transmit full PAN values to the browser; only masked values may be provided. This test verifies that API responses consumed by the portal exclude raw PAN and that network payloads do not contain unmasked PAN data.",
+    "prerequisites": "1) Test user can authenticate to the portal and has an issued card with known last4 = 4242 (synthetic).\n2) Ability to capture browser network traffic (HAR export) for portal session.\n3) Ability to call relevant API endpoints directly with Bearer token (e.g., account summary and statement retrieval) and inspect raw JSON.\n4) Test environment has deterministic masked card number representation available somewhere (e.g., card_number_masked in decision response or UI widget).\n5) A regex/pattern check is available in the test harness to detect PAN-like sequences (12–19 digits) in payloads.",
+    "stepsToPerform": "1) Log in to https://portal.aegiscard.com as the test user; observe dashboard loads.\n2) Start recording Network traffic in browser DevTools; observe recording enabled.\n3) Navigate to card/account areas that trigger API calls returning card/account data (e.g., account summary view); observe network requests are captured.\n4) Export the session’s network log as HAR; observe HAR file is generated.\n5) Scan HAR response bodies for PAN-like numeric sequences (12–19 digits) and for common raw PAN keys (e.g., \"pan\", \"card_number\"); observe none present.\n6) Separately call GET https://api.aegiscard.com/v2/accounts/{account_id}/summary with Authorization: Bearer <token>; observe HTTP 200 and parse JSON.\n7) Assert the summary JSON does not include any raw PAN field/value (no \"pan\" or unmasked card number); observe absent.\n8) Call GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id}?format=JSON; observe HTTP 200 and parse JSON.\n9) Assert statement JSON does not include raw PAN anywhere (including nested fields if any); observe absent and store evidence.",
+    "expectedResult": "1) HAR/network payloads from the portal session contain no full PAN values and no PAN-like digit sequences.\n2) API responses inspected (account summary, statement retrieval) do not include raw PAN fields/values.\n3) Only masked representations (e.g., last 4) are visible to the frontend; raw PAN is not transmitted.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements, page 15",
+      "excerpt": "Full PAN never transmitted to frontend."
+    }
+  },
+  {
+    "type": "security",
+    "title": "All web forms transmit over TLS 1.3 (PCI-DSS L1 requirement)",
+    "description": "Verifies that form submissions from the portal are transported using TLS 1.3 to meet the PCI-DSS L1 requirement and reduce risk of interception/downgrade. Automation: MEDIUM — requires TLS handshake inspection plus functional form submission.",
+    "testId": "TC-PCI-01",
+    "testDescription": "As a portal user submitting any web form, the browser must negotiate TLS 1.3 and transmit the form request over HTTPS using TLS 1.3 (minimum).",
+    "prerequisites": "1) Test environment exposes https://portal.aegiscard.com and its backing API.\n2) Tester has a valid portal test user (e.g., test+tls13@example.com).\n3) A network inspection tool is available (e.g., Chrome DevTools Security panel and/or openssl s_client, and a proxy that can record TLS version without breaking TLS).\n4) Ability to submit at least one portal form that triggers an HTTPS request (e.g., login form calling POST /v2/auth/login).",
+    "stepsToPerform": "1) Open a clean browser profile (no extensions) and navigate to https://portal.aegiscard.com; observe the connection is HTTPS and loads successfully.\n2) In browser DevTools, open the Security tab for the portal page; observe the negotiated protocol/cipher details are shown.\n3) Confirm the negotiated TLS version is TLS 1.3; record evidence (screenshot/export).\n4) Open DevTools Network tab and prepare to capture requests; observe no mixed-content HTTP resources are loaded for the page.\n5) Use the portal login form and submit synthetic credentials (e.g., email: test+tls13@example.com, password: ************); observe a network request is made to the API.\n6) Click the login request and verify the Request URL uses https://api.aegiscard.com (HTTPS); observe it is not http://.\n7) Using a TLS-capable client (e.g., openssl s_client -connect api.aegiscard.com:443 -tls1_2), attempt to force TLS 1.2 handshake; observe handshake is rejected or cannot be negotiated (evidence captured).\n8) Using a TLS-capable client (e.g., openssl s_client -connect api.aegiscard.com:443 -tls1_3), connect using TLS 1.3; observe the handshake succeeds and reports TLSv1.3.\n9) Repeat Step 8 for portal.aegiscard.com:443; observe the portal also negotiates TLSv1.3.\n10) Save artifacts (screenshots/command output) demonstrating portal and API form-related traffic negotiated TLS 1.3.",
+    "expectedResult": "1) Portal and API endpoints used by web forms negotiate TLSv1.3 and do not downgrade below TLS 1.3.\n2) Form submission requests are sent only to https:// URLs (no http://), with no mixed content.\n3) A forced TLS 1.2 handshake attempt fails while a TLS 1.3 handshake succeeds (downgrade/legacy-protocol abuse path is prevented).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-01 PCI-DSS L1), page 15",
+      "excerpt": "All web forms transmit over TLS 1.3."
+    }
+  },
+  {
+    "type": "security",
+    "title": "Card fields use iframe tokenisation and no raw PAN in DOM",
+    "description": "Verifies that any card entry UI embeds card fields via iframe tokenisation and prevents raw PAN exposure in the DOM, reducing PCI scope and client-side data leakage. Automation: MEDIUM — DOM and network inspection required.",
+    "testId": "TC-PCI-02",
+    "testDescription": "As a portal user entering card data in any payment method/card entry form, the UI must use an iframe-based tokenisation component and must not place raw PAN anywhere in the DOM.",
+    "prerequisites": "1) A portal page exists in the environment where card details could be entered (e.g., add payment card / card verification flow using Stripe Elements or equivalent).\n2) Tester has a valid portal test user session.\n3) Test card PAN is synthetic (e.g., \"**** **** **** 4242\" for display expectations; do not use real PAN).\n4) Browser DevTools access to Elements/Network panels (and optional DOM search).",
+    "stepsToPerform": "1) Log in to https://portal.aegiscard.com with the test user; observe the portal loads successfully.\n2) Navigate to the feature/page that collects card details (card number, expiry, CVC) if present; observe the form renders card input controls.\n3) In DevTools Elements panel, inspect the card input area; observe that card entry fields are rendered inside one or more <iframe> elements (not plain <input type=\"text\"> for PAN).\n4) In DevTools, select each iframe and confirm the iframe origin is a third-party/provider component used for tokenisation (e.g., Stripe Elements or equivalent) rather than the portal directly.\n5) Attempt to type a synthetic card number pattern into the card number field (e.g., 4242 4242 4242 4242); observe the characters appear in the secured iframe field.\n6) Use DevTools global DOM search (Ctrl/Cmd+F in Elements) for the typed contiguous digits (e.g., \"4242424242424242\"); observe no matches in the DOM.\n7) Open DevTools Console and run a search across document for the PAN substring (e.g., querySelectorAll('input') values inspection); observe no input elements in the top-level DOM contain the raw PAN value.\n8) Open DevTools Network tab and submit the form action that would normally save/verify the card; observe outbound request payloads.\n9) Inspect the request payloads in Network; observe no field contains raw PAN digits; only tokenised identifiers (provider token) are present.\n10) Save evidence (DOM screenshot showing iframes + network payload screenshot showing absence of PAN).",
+    "expectedResult": "1) Card fields are implemented using iframe tokenisation (provider-controlled iframes) rather than raw portal DOM inputs.\n2) No raw PAN (e.g., \"4242424242424242\") appears anywhere in the DOM (negative-space assertion).\n3) On form submission, network payload contains tokenised data only and does not include raw PAN (prevents client-side PAN exfiltration abuse path).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-01 PCI-DSS L1), page 15",
+      "excerpt": "Card fields use iframe tokenisation (Stripe Elements or equivalent). No raw PAN in DOM."
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Right to rescind: DELETE /v2/accounts/{id} allowed within 14 days post-issuance with no membership fee",
+    "description": "Verifies the right-to-rescind capability is available via the account deletion endpoint within the allowed time window and that rescission does not charge a membership fee. Automation: HIGH — pure API assertions with controlled issuance timestamps.",
+    "testId": "TC-RESCIND-01",
+    "testDescription": "As a cardholder within 14 days of account issuance, I can rescind by calling DELETE /v2/accounts/{id}, and the system must not apply a membership fee as part of the rescission.",
+    "prerequisites": "1) A test account exists with known account_id (UUID) and issuance timestamp set to 13 days ago (within the allowed window).\n2) Caller is authenticated as the owner and has a valid Bearer token in Authorization header.\n3) Test environment supports verifying no membership fee was charged (e.g., via account statement/fees view or backend fee ledger report used by QA).\n4) CSRF token/cookie is obtainable for state-changing API calls from the portal session (as applicable to the environment).",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain an access token; observe you can call authenticated endpoints.\n2) Retrieve any account summary identifier for the target account_id to confirm it exists prior to deletion; observe a successful response.\n3) Confirm (via QA ledger/fees query or statement view) that there is currently no rescission-related fee posted for the account; record baseline evidence.\n4) Prepare the DELETE request to https://api.aegiscard.com/v2/accounts/{account_id} with Authorization: Bearer <token>.\n5) Include the required CSRF header (X-CSRF-Token) associated with the session (if applicable for this environment); observe the request is accepted for processing.\n6) Send DELETE /v2/accounts/{account_id}; observe an HTTP success response indicating the delete action is allowed within the 14-day window.\n7) Attempt to call GET /v2/accounts/{account_id}/summary after deletion; observe access no longer succeeds because the account is rescinded/deleted.\n8) Query fees/statement/ledger for the rescinded account period (using the same QA verification method as Step 3); observe no membership fee was applied due to rescission.\n9) Attempt to repeat DELETE /v2/accounts/{account_id} again; observe the endpoint does not perform a second rescission on an already deleted account (abuse path: repeated deletes).\n10) Store request/response evidence for the deletion request and the fee verification.",
+    "expectedResult": "1) DELETE /v2/accounts/{id} succeeds for an account issued 13 days ago (within the 14-day rescission window).\n2) Post-rescission, the account is no longer accessible as an active account (deleted/rescinded state observable via follow-up access failure).\n3) No membership fee is charged/posted as a result of rescission (negative fee assertion).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (REQ-016 Right to Rescind), page 15",
+      "excerpt": "DELETE /v2/accounts/{{id}} must be available for 14 days post-issuance with no membership fee."
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Right to rescind rejected after Day 14",
+    "description": "Validates the right-to-rescind endpoint enforces the time boundary by rejecting rescission requests after the 14-day window. Automation: HIGH — pure API boundary test with controlled issuance timestamps.",
+    "testId": "TC-RESCIND-02",
+    "testDescription": "As a cardholder past the 14-day post-issuance window, attempting to rescind via DELETE /v2/accounts/{id} must be rejected.",
+    "prerequisites": "1) A test account exists with known account_id (UUID) and issuance timestamp set to 15 days ago (outside the allowed window).\n2) Caller is authenticated as the account owner and has a valid Bearer token in Authorization header.\n3) CSRF token/cookie is obtainable for state-changing API calls from the portal session (as applicable).\n4) The account is in a normal accessible state before the test (GET /summary succeeds).",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain an access token; observe token is accepted for authenticated calls.\n2) Call GET /v2/accounts/{account_id}/summary to confirm the account exists and is owned by the token subject; observe HTTP 200.\n3) Prepare DELETE https://api.aegiscard.com/v2/accounts/{account_id} with Authorization: Bearer <token>.\n4) Include X-CSRF-Token header value from the session context (as applicable); observe request is well-formed.\n5) Send DELETE /v2/accounts/{account_id}; observe the request is rejected because it is after the Day 14 boundary.\n6) Capture the HTTP status and response payload; observe it indicates rejection (no deletion performed).\n7) Re-call GET /v2/accounts/{account_id}/summary; observe it still succeeds (account not deleted).\n8) Attempt a second DELETE (same headers) to confirm consistent enforcement; observe it is rejected again.\n9) Verify no deletion-related side effects occurred (account remains accessible and no rescission processing took place).\n10) Save request/response evidence showing the boundary enforcement.",
+    "expectedResult": "1) DELETE /v2/accounts/{id} is rejected when the account is issued 15 days ago (after the allowed window).\n2) The account remains accessible after the rejected attempt (no state change to deleted/rescinded).\n3) Repeated attempts after Day 14 continue to be rejected (prevents abuse path of late rescission).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (REQ-016 Right to Rescind), page 15",
+      "excerpt": "Endpoint rejects after Day 14."
+    }
+  },
+  {
+    "type": "security",
+    "title": "CSRF required: state-changing endpoints reject missing X-CSRF-Token header",
+    "description": "Verifies CSRF protection on state-changing operations by ensuring requests without the X-CSRF-Token header are rejected, reducing cross-site request forgery risk. Automation: HIGH — API negative tests.",
+    "testId": "TC-CSRF-01",
+    "testDescription": "As an authenticated user, if a malicious site attempts to trigger a state change without a CSRF token, the API must reject the request.",
+    "prerequisites": "1) Valid portal user access token (Authorization: Bearer) is available.\n2) A state-changing endpoint is available for the user (e.g., PATCH /v2/cards/{card_id}/status for a card owned by the user).\n3) A valid card_id belonging to the authenticated user exists.\n4) Ability to send raw HTTP requests (Postman/cURL) and omit headers.",
+    "stepsToPerform": "1) Authenticate and obtain a valid access token for the portal API; observe token works on a read-only endpoint.\n2) Call GET /v2/accounts/{account_id}/summary to confirm authentication works; observe HTTP 200.\n3) Prepare a PATCH request to /v2/cards/{card_id}/status with Authorization: Bearer <token> and a valid JSON body (e.g., {\"status\":\"Frozen\",\"reason\":\"QA CSRF test\",\"confirm_otp\":\"123456\"}).\n4) Intentionally omit the X-CSRF-Token header; observe request headers contain no X-CSRF-Token.\n5) Send the PATCH request; observe the API rejects the request due to missing CSRF token.\n6) Capture the HTTP status and response body for evidence of rejection.\n7) Call GET /v2/accounts/{account_id}/summary (or card status view if available) to confirm no state change occurred; observe card status is unchanged.\n8) Repeat the same PATCH request but include X-CSRF-Token with any placeholder/invalid value (e.g., \"invalid-token\"); observe it is also rejected (token must be present and valid).\n9) Capture evidence for the invalid-token rejection.\n10) Ensure no audit/state changes were created from the rejected requests (abuse path prevention: CSRF-based freeze/unfreeze).",
+    "expectedResult": "1) State-changing request without X-CSRF-Token is rejected.\n2) Card/account state remains unchanged after the rejected request (no freeze/unfreeze applied).\n3) A request with an invalid placeholder X-CSRF-Token is also rejected, preventing CSRF bypass attempts.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-05 CSRF Protection), page 15",
+      "excerpt": "All state-changing endpoints require a CSRF token in X-CSRF-Token header."
+    }
+  },
+  {
+    "type": "security",
+    "title": "CSRF cookie policy SameSite=Strict enforced for portal sessions",
+    "description": "Verifies portal session cookies enforce SameSite=Strict to reduce CSRF risk by limiting cross-site cookie sending. Automation: MEDIUM — requires cookie attribute inspection in browser/network.",
+    "testId": "TC-CSRF-02",
+    "testDescription": "As a portal user, my session cookies must be issued with SameSite=Strict, making it harder for cross-site requests to carry authenticated session context.",
+    "prerequisites": "1) Portal is reachable at https://portal.aegiscard.com.\n2) Tester can log in with a test user.\n3) Browser DevTools access to Application/Storage cookies view (or network Set-Cookie inspection).\n4) Test user credentials are available (synthetic).",
+    "stepsToPerform": "1) Open a clean browser profile and navigate to https://portal.aegiscard.com; observe portal loads over HTTPS.\n2) Open DevTools Application tab (or Storage) and locate cookies for portal.aegiscard.com.\n3) Log in with the test user to cause session/auth cookies to be set; observe Set-Cookie headers are returned and cookies appear in storage.\n4) In DevTools, inspect each portal session/auth cookie; observe the cookie attributes are displayed.\n5) Verify SameSite attribute value is Strict for the portal session cookies.\n6) Verify cookies relevant to session/auth are also marked Secure and HttpOnly where applicable (record evidence, but do not enforce beyond what is visible).\n7) Open DevTools Network and inspect the login response Set-Cookie headers; observe SameSite=Strict is present.\n8) Attempt to initiate a state-changing call from a cross-site context (e.g., open a local HTML page on a different origin that issues a fetch to the API) and observe cookies are not sent due to SameSite=Strict.\n9) Capture the request details showing Cookie header is absent in the cross-site call.\n10) Save screenshots of cookie attribute values and the cross-site request headers as evidence.",
+    "expectedResult": "1) Portal session cookies are set with SameSite=Strict.\n2) Set-Cookie headers include SameSite=Strict for the portal session context.\n3) Cross-site requests do not include the session cookie (CSRF abuse path is mitigated by cookie policy).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-05 CSRF Protection), page 15",
+      "excerpt": "SameSite=Strict cookie policy enforced."
+    }
+  },
+  {
+    "type": "security",
+    "title": "CSRF token required even when Authorization uses Bearer token for portal API calls",
+    "description": "Ensures CSRF is still enforced for state-changing requests even when using Bearer token authentication, preventing assumptions that Bearer auth alone removes CSRF risk. Automation: HIGH — API negative/positive pair.",
+    "testId": "TC-CSRF-03",
+    "testDescription": "As an authenticated user calling a state-changing endpoint with Authorization: Bearer, the API must still require X-CSRF-Token for that request to succeed.",
+    "prerequisites": "1) Valid access token for a portal user (Authorization: Bearer <token>).\n2) A state-changing endpoint and owned resource exist (e.g., PATCH /v2/cards/{card_id}/status).\n3) Ability to obtain a valid CSRF token value associated with the session (e.g., from portal initial HTML/meta tag or a CSRF cookie-to-header pattern used in the environment).\n4) A valid card_id belonging to the authenticated user.",
+    "stepsToPerform": "1) Authenticate and obtain a Bearer access token; observe token works on GET /v2/accounts/{account_id}/summary.\n2) Prepare PATCH /v2/cards/{card_id}/status request with Authorization: Bearer <token> and valid body {\"status\":\"Frozen\",\"reason\":\"QA CSRF+Bearer\",\"confirm_otp\":\"123456\"}.\n3) Send the PATCH request with Authorization header present but without X-CSRF-Token; observe the request is rejected.\n4) Capture the rejection response for evidence.\n5) Obtain a valid CSRF token value from the portal session context (as implemented in the environment); observe you can read the token value.\n6) Re-send the same PATCH request with Authorization: Bearer <token> and X-CSRF-Token: <valid>; observe the API accepts the request.\n7) Capture the success response body and note returned keys (e.g., card_id, new_status, updated_at).\n8) Call a read endpoint (e.g., account summary or card status if available) to confirm the card is now Frozen; observe state change is persisted.\n9) Unfreeze the card by sending PATCH with status \"Active\" using Authorization + valid X-CSRF-Token; observe success.\n10) Confirm card state returns to Active to clean up test state; capture evidence.",
+    "expectedResult": "1) A state-changing request with Authorization: Bearer but missing X-CSRF-Token is rejected.\n2) The same request with both Authorization: Bearer and a valid X-CSRF-Token succeeds and persists the state change.\n3) Cleanup action (unfreeze) also requires CSRF, preventing CSRF bypass even with Bearer auth.",
+    "sourceCitation": {
+      "location": "Section 6 opening paragraph + Section 8.1 Security & Compliance Requirements (NFR-05), pages 11 and 15",
+      "excerpt": "All endpoints require a valid Bearer token in the Authorization header."
+    }
+  },
+  {
+    "type": "security",
+    "title": "Portal session expires after 15 minutes of inactivity",
+    "description": "Verifies portal session timeout occurs after 15 minutes of inactivity to reduce risk from unattended sessions. Automation: LOW-MEDIUM — timing-sensitive UI behavior; can be semi-automated with browser automation and clock control if available.",
+    "testId": "TC-SESSION-01",
+    "testDescription": "As a logged-in portal user, if I do not interact with the portal for 15 minutes, my session must expire and I must be logged out.",
+    "prerequisites": "1) Test user can log in to https://portal.aegiscard.com.\n2) Test environment session timeout is configured as per requirement (15 minutes inactivity).\n3) Ability to measure inactivity accurately (timer) and avoid background activity (no auto-refresh).\n4) A protected page exists that requires an authenticated session (e.g., dashboard).",
+    "stepsToPerform": "1) Log in to the portal and land on an authenticated page (e.g., dashboard); observe user is logged in.\n2) Open DevTools Network and confirm authenticated API calls include session/auth context (as implemented).\n3) Stop all user interactions (no clicks/scroll/keypress) and start a timer; observe portal remains idle.\n4) At 10 minutes of inactivity, verify the session is still active by refreshing a protected data widget (if it auto-loads, avoid interacting; instead, open a new tab to a protected URL); observe it still loads.\n5) Continue inactivity until the timer reaches 15 minutes; observe the portal triggers session expiration behavior.\n6) Attempt to navigate to a protected route (e.g., /dashboard) or reload the page; observe access is no longer granted without re-authentication.\n7) Observe that the UI redirects to the login page or shows a logged-out state.\n8) Attempt to call a protected API endpoint from the browser (e.g., account summary request initiated by UI); observe the request fails due to expired session.\n9) Re-authenticate by logging in again; observe access is restored.\n10) Record evidence (timestamps, screenshots, and any API failure response) showing expiration after 15 minutes inactivity.",
+    "expectedResult": "1) After 15 minutes of inactivity, the portal session expires and the user is logged out.\n2) Protected pages/resources are not accessible without re-authentication after expiration.\n3) Abuse path prevented: an unattended, authenticated session cannot remain active beyond the inactivity limit.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-06 Session Timeout), page 15",
+      "excerpt": "Web portal sessions expire after 15 minutes of inactivity."
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Portal shows 2-minute warning modal before auto-logout",
+    "description": "Verifies the portal provides an explicit warning modal 2 minutes before automatic logout, improving user experience while still meeting session security requirements. Automation: LOW-MEDIUM — UI timing and modal validation.",
+    "testId": "TC-SESSION-02",
+    "testDescription": "As a logged-in portal user, I must receive a warning modal 2 minutes before auto-logout due to inactivity, allowing me to continue the session.",
+    "prerequisites": "1) Test user can log in to https://portal.aegiscard.com.\n2) Session timeout is enforced at 15 minutes inactivity and warning modal is configured.\n3) Ability to remain inactive without background activity and to record timestamps.\n4) Portal implements a visible warning modal prior to logout.",
+    "stepsToPerform": "1) Log in to the portal and confirm you are on an authenticated page.\n2) Start a timer and remain completely inactive (no mouse/keyboard/scroll).\n3) At 12 minutes of inactivity, verify no warning modal is shown yet; observe normal UI.\n4) Continue inactivity until 13 minutes of inactivity; observe a warning modal appears.\n5) Validate the warning modal is visible and indicates impending logout; capture screenshot and timestamp.\n6) Do not interact with the modal; continue inactivity for the next 2 minutes.\n7) At 15 minutes of total inactivity, observe the user is automatically logged out.\n8) Re-log in, then repeat inactivity until the warning modal appears again (~13 minutes).\n9) This time, interact with the warning modal to continue the session (e.g., click “Continue” if present); observe the session remains active past 15 minutes.\n10) Verify the session is still active by navigating to a protected page or triggering an authenticated API call; capture evidence.",
+    "expectedResult": "1) A warning modal is displayed 2 minutes before auto-logout due to inactivity.\n2) If the user does not respond, the portal automatically logs out at the inactivity limit.\n3) If the user responds to the warning to continue, the session remains active (prevents unexpected logout while still warning the user).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security & Compliance Requirements (NFR-06 Session Timeout), page 15",
+      "excerpt": "User receives 2-minute warning modal before auto-logout."
+    }
+  },
+  {
+    "type": "performance",
+    "title": "API p95 latency meets ≤ 1,500 ms target under representative load",
+    "description": "Validates the API latency budget by measuring p95 response time under a defined representative load, ensuring acceptable user experience and capacity planning compliance. Automation: HIGH — can be executed in CI with a load tool (k6/JMeter).",
+    "testId": "TC-APISLA-01",
+    "testDescription": "As a platform operator, I need assurance that core API endpoints meet the p95 latency target of ≤ 1,500 ms under representative load so the portal remains responsive.",
+    "prerequisites": "1) Load test environment with production-like configuration and network path.\n2) A set of test users/accounts exists for generating authenticated traffic.\n3) Ability to obtain Bearer tokens for test users (pre-generated tokens or login flow scripted).\n4) A load testing tool is available (e.g., k6) with ability to compute p95 latency.",
+    "stepsToPerform": "1) Select a representative read endpoint for portal usage that is explicitly defined (e.g., GET /v2/accounts/{account_id}/summary); observe it requires Authorization.\n2) Prepare a dataset of 200 synthetic account_id values mapped to 200 test users (owner-only) to avoid caching bias; observe mapping is available.\n3) Implement a load script that performs: login/token retrieval once per virtual user (or reuse tokens), then repeatedly calls GET /summary.\n4) Configure load profile: 100 virtual users, constant arrival rate targeting 50 requests/second, duration 10 minutes; observe configuration is set.\n5) Execute a 2-minute warm-up run at 20 rps; observe no major error spikes.\n6) Execute the main 10-minute run at 50 rps; observe requests are sent as configured.\n7) Capture latency metrics and compute p95 for successful responses for the endpoint.\n8) Capture error rate (non-2xx) during the run to ensure latency is not achieved by failing requests.\n9) Repeat the main run once more to confirm stability; observe comparable p95.\n10) Archive the run report artifacts (p95, distribution, error rate, environment metadata) for auditability.",
+    "expectedResult": "1) For the defined representative load (50 rps, 100 VUs, 10 minutes), the API p95 latency is ≤ 1,500 ms.\n2) Error rate during the run remains ≤ 1% non-2xx (ensures latency compliance is not masking failures).\n3) Results are reproducible across two consecutive runs (no transient compliance).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security, Compliance & Non-Functional Requirements (NFR-02 Latency), page 15",
+      "excerpt": "API p95 latency ≤ 1,500 ms."
+    }
+  },
+  {
+    "type": "performance",
+    "title": "Portal Time-to-Interactive meets ≤ 3s on 4G",
+    "description": "Verifies the portal’s initial load reaches Time-to-Interactive within the stated 4G performance budget to protect usability and conversion for cardholders on mobile networks. Automation: MEDIUM — requires browser-based performance tooling and controlled network shaping.",
+    "testId": "TC-TTI-01",
+    "testDescription": "As a portal user on a typical 4G connection, I can open https://portal.aegiscard.com and the app becomes interactive within the SRS limit so I can begin actions without delay.",
+    "prerequisites": "1) Test environment is reachable at https://portal.aegiscard.com over TLS.\n2) Test machine/browser supports network throttling to simulate 4G and can capture TTI (e.g., Lighthouse/WebPageTest).\n3) CDN cache is warmed by at least one prior request OR cache state is recorded so runs are comparable.\n4) No test user login is required for the measurement page used (public landing/login) to avoid variability from auth.",
+    "stepsToPerform": "1) Configure the test tool to throttle the network to a 4G profile and clear browser cache/storage; confirm throttling is active in the tool report.\n2) Start a new performance recording run and navigate to https://portal.aegiscard.com; observe that the initial HTML is received and the page begins rendering.\n3) Wait for the page’s primary UI shell to appear; observe that loading indicators (if any) are visible while JS bundles load.\n4) Continue the recording until the tool determines Time-to-Interactive (TTI); observe a recorded TTI value in seconds.\n5) Attempt a simple interaction immediately after TTI is reported (e.g., click into the email field on the login/landing screen); observe the browser registers the click and focus without freezing.\n6) Export/save the run report including the TTI metric and network profile used; observe the report includes URL, timestamp, and measured TTI.\n7) Repeat the measurement for a total of 5 runs under the same 4G profile; observe each run produces a TTI metric.\n8) Calculate the pass/fail result using the recorded TTI values; observe that each recorded TTI is ≤ 3.0 seconds.\n9) If any run exceeds 3.0 seconds, capture HAR/trace artifacts; observe the artifact includes the long tasks/resource waterfall to support triage.",
+    "expectedResult": "1) For each of the 5 runs on the 4G profile, the recorded Time-to-Interactive metric is ≤ 3.0 seconds.\n2) The saved reports/exports show the tested URL https://portal.aegiscard.com, the 4G throttling profile, and the measured TTI values.\n3) The page is demonstrably interactive at/after the recorded TTI (e.g., form field focus/click is processed without UI lock).",
+    "sourceCitation": {
+      "location": "Section 8.1 Security, Compliance & Non-Functional Requirements, NFR-02 Latency, page 15",
+      "excerpt": "Web portal Time-to-Interactive ≤ 3s on 4G."
+    }
+  },
+  {
+    "type": "performance",
+    "title": "API gateway sustains 5,000 concurrent requests/sec while maintaining correctness",
+    "description": "Verifies the API gateway can sustain the specified throughput under concurrent load while still returning correct HTTP statuses and response schema for a stable read endpoint. Automation: HIGH — load test + response assertions can be automated in k6/JMeter.",
+    "testId": "TC-SCALE-01",
+    "testDescription": "As a platform operator, I need the API gateway to handle 5,000 concurrent requests per second so the portal remains functional under peak demand without corrupt responses.",
+    "prerequisites": "1) A valid test user exists and can obtain an access token via POST /v2/auth/login.\n2) A test account_id owned by the authenticated user exists for GET /v2/accounts/{account_id}/summary.\n3) Load test infrastructure can generate 5,000 requests/sec and capture error rate and response samples.\n4) Test environment rate limits (if any) for this endpoint are configured to allow the planned load or are documented for interpretation.",
+    "stepsToPerform": "1) Authenticate via POST https://api.aegiscard.com/v2/auth/login with test credentials; observe HTTP 200 and capture access_token.\n2) Validate the target endpoint once at low load: GET /v2/accounts/{account_id}/summary with Authorization Bearer access_token; observe HTTP 200 and presence of fields current_balance and available_credit.\n3) Configure the load test to hit GET /v2/accounts/{account_id}/summary at a constant rate of 5,000 requests/sec for 5 minutes; observe the test plan shows duration, rate, and headers.\n4) Start the load test and monitor live metrics; observe requests are being sent at ~5,000 rps.\n5) During the run, sample 100 responses at random; observe each sampled response is HTTP 200 and JSON parses successfully.\n6) Validate sampled response schema fields; observe each includes current_balance, available_credit, credit_limit, account_status, billing_cycle_end, points_balance.\n7) Capture gateway/service error metrics for the run; observe counts of 5xx/4xx are reported.\n8) Stop the load test after 5 minutes; observe a final summary with achieved RPS, success rate, and response samples.\n9) Compute correctness pass/fail; observe that the endpoint responses remain consistent (no malformed JSON, no wrong account data in samples).",
+    "expectedResult": "1) The gateway sustains 5,000 requests/sec for 5 minutes against the selected endpoint without response corruption (all sampled bodies are valid JSON with expected keys).\n2) Sampled responses maintain correctness for the authenticated account (HTTP 200 with summary fields) throughout the load window.\n3) Any errors observed are captured with timestamps and response bodies/headers for analysis; test fails if correctness cannot be maintained at the required load.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security, Compliance & Non-Functional Requirements, NFR-03 Scalability, page 15",
+      "excerpt": "API gateway must sustain 5,000 concurrent requests/sec."
+    }
+  },
+  {
+    "type": "resilience",
+    "title": "Auto-scaling triggers at 70% CPU utilization and service remains available",
+    "description": "Verifies infrastructure auto-scaling triggers at the specified CPU threshold and that the API remains available during scaling to prevent downtime during demand spikes. Automation: MEDIUM — needs infra telemetry + a controlled load generator.",
+    "testId": "TC-AUTOSCALE-01",
+    "testDescription": "As an operator, when CPU utilization reaches the configured threshold, the system should auto-scale so users can continue using the API without outages.",
+    "prerequisites": "1) Access to infrastructure monitoring that reports service CPU utilization and scaling events for the API gateway/service.\n2) Load generator capable of increasing load gradually and holding steady.\n3) A health/read endpoint is available for availability checks during the test (use GET /v2/accounts/{account_id}/summary with valid token).\n4) A valid test user token and owned account_id are available.",
+    "stepsToPerform": "1) Authenticate and obtain access_token for the test user; observe HTTP 200 from POST /v2/auth/login.\n2) Begin a baseline availability probe (1 rps) to GET /v2/accounts/{account_id}/summary; observe consistent HTTP 200 responses for 2 minutes.\n3) Start a ramp load against the same endpoint, increasing every 60 seconds until monitored CPU approaches the threshold; observe CPU utilization rising in the monitoring dashboard.\n4) Continue ramping until CPU utilization reaches 70% or higher; observe the CPU metric at/around 70%.\n5) Watch for an auto-scaling event (e.g., new instances/pods/replicas added) in the scaling/cluster events; observe a timestamped scale-out action.\n6) During scale-out, keep the availability probe running; observe probes continue to return HTTP 200 without prolonged interruption.\n7) Capture response error rates during the scale-out window; observe whether any 5xx spikes occur.\n8) Hold load steady for 5 minutes after scale-out; observe CPU reduces or stabilizes and service remains responsive.\n9) Reduce load back to baseline; observe CPU falls below threshold and the system continues serving requests.",
+    "expectedResult": "1) A scale-out action is observed when CPU utilization reaches the configured threshold (70%).\n2) The API remains available during the scaling event as evidenced by continuous successful probes (HTTP 200) to the chosen endpoint.\n3) Monitoring evidence (CPU graph + scaling event log + probe results) is captured and attached to the test record.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security, Compliance & Non-Functional Requirements, NFR-03 Scalability, page 15",
+      "excerpt": "Auto-scaling triggers at 70% CPU utilisation."
+    }
+  },
+  {
+    "type": "audit",
+    "title": "Credit_limit changes create immutable audit log entry with required fields",
+    "description": "Verifies that any change to credit_limit produces an immutable audit record containing the mandated fields to support compliance and forensic investigations. Automation: MEDIUM — requires privileged access to audit log storage/read API and an operation that changes credit_limit in a controlled way.",
+    "testId": "TC-AUDIT-01",
+    "testDescription": "As a compliance auditor, when a credit_limit changes, an immutable audit log entry must be created containing the required identifiers so changes are traceable to a user session and origin IP.",
+    "prerequisites": "1) A test account exists where a credit_limit change can be performed in a controlled manner (e.g., via admin backoffice/tooling in non-prod).\n2) The actor identity (user_id), active session identifier (session_id), and client ip_address used for the change are known/captured at time of action.\n3) Read access to the immutable audit log (search/query by account_id or by event type) is available in the test environment.\n4) Clock source is synchronized so timestamp_utc comparisons are meaningful.",
+    "stepsToPerform": "1) Sign in as the authorized actor who will trigger the credit_limit change; observe successful authentication and capture user_id and session_id from the session context.\n2) Record the client IP address that will be used to perform the change (e.g., from the test runner network); observe the IP is stable for the duration.\n3) Capture the current credit_limit for the target account from a trusted source (e.g., admin view); observe the initial numeric value.\n4) Perform a credit_limit change on the target account (e.g., increase from 5000.00 to 6000.00 in test admin tool); observe the system confirms the change.\n5) Query the immutable audit log for entries related to the credit_limit change event immediately after the update; observe at least one new entry appears.\n6) Verify the audit log entry contains user_id; observe the field exists and matches the actor.\n7) Verify the audit log entry contains session_id and ip_address; observe both fields exist and match the captured session and client IP.\n8) Verify the audit log entry contains timestamp_utc; observe the field exists and is in UTC and within an acceptable window of the action time.\n9) Attempt to modify or delete the retrieved audit log entry using available interfaces (if any) or by re-querying after an attempted update; observe the entry is not altered (immutability preserved).",
+    "expectedResult": "1) A new audit entry is created for the credit_limit change and is retrievable via audit log query.\n2) The entry contains all required fields: user_id, session_id, ip_address, timestamp_utc, and the values match the action context.\n3) The audit record remains immutable: attempts to alter/delete do not change the stored entry, and repeated queries return identical content.",
+    "sourceCitation": {
+      "location": "Section 8.1 Security, Compliance & Non-Functional Requirements, NFR-04 Audit Trail, page 15",
+      "excerpt": "All credit_limit changes log user_id, session_id, ip_address, timestamp_utc to immutable audit log."
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Notifications webhook accepts valid payload and returns 200 with notification_id and delivered_at",
+    "description": "Verifies the notifications webhook contract for a valid request returns HTTP 200 and includes the required response fields so downstream systems can confirm delivery/queueing. Automation: HIGH — pure API contract assertions.",
+    "testId": "TC-WEBHOOK-01",
+    "testDescription": "As the Notification Engine, when I POST a valid alert payload to the webhook, I receive a 200 response containing notification_id and delivered_at so I can correlate and confirm delivery/queueing.",
+    "prerequisites": "1) Test account_id UUID exists in the system (synthetic) to target the notification.\n2) Ability to call POST https://api.aegiscard.com/v2/notifications/webhook from an allowed network (internal endpoint access in test env).\n3) System clock accessible to validate delivered_at is present (format specifics not defined; only presence will be asserted).\n4) A unique idempotency_key UUIDv4 is generated for this test run.",
+    "stepsToPerform": "1) Generate a UUIDv4 idempotency_key (e.g., 3fa85f64-5717-4562-b3fc-2c963f66afa6); observe it is unique for this test.\n2) Prepare a valid JSON payload with fields: account_id, alert_type=STATEMENT_READY, channel=IN_APP, message_body=\"Statement is ready\", severity=INFO, idempotency_key; observe payload is valid JSON.\n3) POST the payload to /v2/notifications/webhook with Content-Type: application/json; observe the request is accepted by the server.\n4) Capture the HTTP response status; observe HTTP 200.\n5) Parse the response body as JSON; observe parsing succeeds.\n6) Verify response contains notification_id; observe the key exists and is non-empty.\n7) Verify response contains delivered_at; observe the key exists and is non-empty.\n8) Verify response contains channel; observe channel equals the requested value \"IN_APP\".\n9) Store notification_id and response payload as test evidence; observe the saved artifact includes request and response for traceability.",
+    "expectedResult": "1) The webhook returns HTTP 200 for a valid payload.\n2) The response body includes notification_id and delivered_at, and includes channel matching the request.\n3) The response is valid JSON and can be correlated to the request via stored test evidence.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks HTTP codes table, page 16",
+      "excerpt": "200 Alert delivered or queued notification_id, delivered_at, channel"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Notifications webhook rejects unknown alert_type or channel with 400 INVALID_ALERT_TYPE",
+    "description": "Verifies the webhook enforces enumerated values for alert_type/channel and rejects unknown values with the specified error code to prevent invalid notifications entering the system. Automation: HIGH — pure API negative contract test.",
+    "testId": "TC-WEBHOOK-02",
+    "testDescription": "As the Notification Engine, if I send an unsupported alert_type or channel, the webhook must reject it with HTTP 400 and INVALID_ALERT_TYPE so upstream can correct payloads.",
+    "prerequisites": "1) Test account_id UUID exists.\n2) Ability to call POST /v2/notifications/webhook in the test environment.\n3) A unique idempotency_key UUIDv4 is generated.\n4) Valid baseline payload template is available for comparison.",
+    "stepsToPerform": "1) Generate a UUIDv4 idempotency_key for this negative request; observe it is unique.\n2) Create a payload with an unknown alert_type (e.g., alert_type=\"UNKNOWN_TYPE\") while keeping channel=\"EMAIL\" and other required fields valid; observe JSON is well-formed.\n3) POST the payload to /v2/notifications/webhook; observe the request completes.\n4) Capture the HTTP status; observe HTTP 400.\n5) Parse the response JSON; observe it contains an error field.\n6) Verify the error code equals INVALID_ALERT_TYPE; observe response includes \"error\": \"INVALID_ALERT_TYPE\".\n7) Now create a second payload with a valid alert_type=\"LATE_PAYMENT\" and an unknown channel (e.g., channel=\"FAX\"); observe required fields are present.\n8) POST the second payload; observe the request completes.\n9) Capture status and response; observe HTTP 400 and \"error\": \"INVALID_ALERT_TYPE\" again.",
+    "expectedResult": "1) Unknown alert_type results in HTTP 400 with error code INVALID_ALERT_TYPE.\n2) Unknown channel results in HTTP 400 with error code INVALID_ALERT_TYPE.\n3) The webhook does not return HTTP 200 for either invalid enumeration case.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks HTTP codes table, page 16",
+      "excerpt": "400 Unknown alert_type or channel error: INVALID_ALERT_TYPE"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Notifications webhook enforces message_body max 500 chars (boundary)",
+    "description": "Verifies message_body length constraint at the boundary to prevent oversized messages and ensure consistent delivery formatting. Automation: HIGH — deterministic payload size checks.",
+    "testId": "TC-WEBHOOK-03",
+    "testDescription": "As the Notification Engine, I must send message_body up to the maximum allowed length; payloads over the maximum should be rejected to protect system limits.",
+    "prerequisites": "1) Test account_id UUID exists.\n2) Ability to call POST /v2/notifications/webhook in test environment.\n3) Two unique idempotency_key UUIDv4 values are generated (one per request).\n4) A method to construct strings of exact length 500 and 501 characters is available.",
+    "stepsToPerform": "1) Construct message_body_500 as a string of exactly 500 characters (e.g., \"A\" repeated 500); observe length=500.\n2) Create a valid webhook payload using message_body_500 and idempotency_key_1; observe all required fields are present.\n3) POST the payload to /v2/notifications/webhook; observe the request completes.\n4) Capture the HTTP status and response; observe whether it returns HTTP 200 and includes notification_id and delivered_at.\n5) Construct message_body_501 as a string of exactly 501 characters (\"A\" repeated 501); observe length=501.\n6) Create a second payload identical except message_body=message_body_501 and idempotency_key_2; observe JSON is valid.\n7) POST the second payload; observe the request completes.\n8) Capture HTTP status and response body; observe the request is rejected (non-200) due to message_body exceeding max.\n9) Save both request payloads and responses as evidence; observe artifacts include measured lengths (500 vs 501).",
+    "expectedResult": "1) A request with message_body length exactly 500 characters is accepted (HTTP 200) and returns notification_id and delivered_at.\n2) A request with message_body length 501 characters is rejected (not HTTP 200) because it exceeds the maximum.\n3) Evidence clearly shows boundary inputs (500 and 501) and the system’s differing outcomes.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks field table, page 16",
+      "excerpt": "message_body String ✓ Required Max 500 chars; plain text or HTML template ID"
+    }
+  },
+  {
+    "type": "resilience",
+    "title": "Notifications webhook idempotency: duplicate idempotency_key returns 409 DUPLICATE_NOTIFICATION",
+    "description": "Verifies the webhook prevents duplicate alert delivery using idempotency_key and returns the specified conflict response to protect customers from repeated notifications. Automation: HIGH — API idempotency behavior is scriptable.",
+    "testId": "TC-IDEMP-01",
+    "testDescription": "As the Notification Engine, if I retry the same notification with the same idempotency_key, the system must detect the duplicate and return 409 DUPLICATE_NOTIFICATION.",
+    "prerequisites": "1) Test account_id UUID exists.\n2) Ability to call POST /v2/notifications/webhook in test environment.\n3) A single UUIDv4 idempotency_key is generated and reused across both requests.\n4) A valid payload template with enumerated alert_type and channel is available.",
+    "stepsToPerform": "1) Generate one UUIDv4 idempotency_key to be reused (e.g., 9b2d2c0a-2c44-4b1f-9e5c-1b0a2c1f9a10); observe it is recorded for reuse.\n2) Prepare a valid payload with alert_type=FRAUD_FLAG, channel=SMS, message_body=\"Potential fraud detected\", severity=CRITICAL, and the idempotency_key; observe all required fields are present.\n3) POST the payload to /v2/notifications/webhook (first attempt); observe the request completes.\n4) Capture the first response; observe HTTP 200 and record notification_id.\n5) Immediately POST the exact same payload again with the same idempotency_key (second attempt); observe request completes.\n6) Capture the second response status; observe HTTP 409.\n7) Parse the second response JSON; observe an error field is present.\n8) Verify error code equals DUPLICATE_NOTIFICATION; observe \"error\": \"DUPLICATE_NOTIFICATION\".\n9) Confirm only one unique notification_id was created based on stored evidence from first response; observe the second response does not indicate a new notification_id.",
+    "expectedResult": "1) The first POST returns HTTP 200 with notification_id and delivered_at.\n2) The second POST with the same idempotency_key returns HTTP 409 with error code DUPLICATE_NOTIFICATION.\n3) No second successful delivery/queueing is acknowledged for the duplicate request (duplicate suppression is evidenced by 409).",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks HTTP codes table, page 16",
+      "excerpt": "409 Duplicate idempotency_key error: DUPLICATE_NOTIFICATION"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "WebSocket endpoint reachable for live transaction feed at wss://realtime.aegiscard.com/v2/stream",
+    "description": "Verifies the realtime WebSocket endpoint is reachable so the portal can receive live transaction feed updates. Automation: MEDIUM — requires WebSocket client and potentially auth details not fully specified in the SRS, so this test focuses on reachability/handshake.",
+    "testId": "TC-WS-01",
+    "testDescription": "As a portal client, I can establish a WebSocket connection to the published endpoint so live transaction events can be streamed.",
+    "prerequisites": "1) Network access from the test runner to wss://realtime.aegiscard.com/v2/stream (DNS + outbound 443).\n2) A WebSocket-capable client tool is available (e.g., wscat/websocat/custom harness).\n3) TLS inspection/handshake logs can be captured for evidence.\n4) If the endpoint requires auth, the required auth mechanism is available; if not documented, test will only validate reachability/handshake outcome.",
+    "stepsToPerform": "1) Resolve realtime.aegiscard.com via DNS from the test runner; observe a successful DNS resolution.\n2) Initiate a TLS connection to realtime.aegiscard.com:443; observe a successful TLS handshake at the network layer.\n3) Using a WebSocket client, attempt to connect to wss://realtime.aegiscard.com/v2/stream; observe the client sends an HTTP Upgrade request.\n4) Capture the server’s handshake response; observe either a successful 101 Switching Protocols or a documented rejection response.\n5) If 101 is received, keep the connection open for 60 seconds; observe the socket remains open without immediate server close.\n6) Send a ping frame (or client keepalive if supported); observe a pong/keepalive response or continued open connection.\n7) Attempt a second connection in parallel from another client; observe both sockets can be opened concurrently.\n8) Close the WebSocket connection gracefully; observe client receives close acknowledgment.\n9) Save handshake transcripts (request/response headers) and timing; observe artifacts include the exact endpoint URL used.",
+    "expectedResult": "1) The endpoint wss://realtime.aegiscard.com/v2/stream is reachable and responds to a WebSocket handshake (successful upgrade or explicit rejection response is captured).\n2) When the handshake succeeds (101), the connection remains open for at least 60 seconds and supports keepalive behavior.\n3) Evidence includes DNS resolution and the handshake transcript referencing the exact endpoint URL.",
+    "sourceCitation": {
+      "location": "Web Application Architecture bullet list, page 3",
+      "excerpt": "WebSocket endpoint: wss://realtime.aegiscard.com/v2/stream — Live transaction feed"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Register → Login → Start application Step1 → Step2 → Submit Step3 approved decision",
+    "description": "Verifies the end-to-end credit application journey across three sequential API calls, including creation of application_id and session_token and a successful submission resulting in an approved decision response shape. Automation: MEDIUM — depends on controlling bureau/FICO outcome in test environment.",
+    "testId": "TC-E2E-01",
+    "testDescription": "As a new customer, I can register, login, and complete the three-step credit application in order, resulting in an APPROVED decision response (decision, credit_limit, card_number_masked).",
+    "prerequisites": "1) Test environment supports user registration and login endpoints and can deliver verification workflow (verification itself not asserted unless required for login).\n2) Bureau/decisioning in test environment can be configured to produce FICO > 680 for this test user (e.g., via stubbed bureau response) to deterministically get APPROVED.\n3) A valid card_product_id is available from GET /v2/products (e.g., AEGIS_GOLD) for Step 3.\n4) Client can persist artifacts from prior steps: application_id and session_token returned by Step 1.",
+    "stepsToPerform": "1) Register a new user via POST /v2/auth/register with synthetic data (e.g., test+e2e01@example.com, strong password, ssn_last4=1234, agree_terms=true); observe HTTP 201 with user_id and verification_token.\n2) Login via POST /v2/auth/login using the registered email/password; observe HTTP 200 with access_token and refresh_token.\n3) Start the application (Step 1) via POST /v2/applications/start with full_legal_name, email matching the authenticated user, phone_number in E.164, address fields, id_type and id_number; observe HTTP 201 with application_id and session_token.\n4) Persist the returned application_id and session_token for subsequent steps; observe they are stored in the test harness.\n5) Submit financials (Step 2) via POST /v2/applications/{application_id}/financials including employment_status, gross_annual_income (e.g., 85000.00), monthly_rent (e.g., 1800.00), existing_debt_payments (e.g., 250.00), sin_consent=true, and header X-App-Session=session_token; observe HTTP 200 with status: PENDING_REVIEW and fico_pull_id.\n6) Retrieve/confirm a card_product_id from GET /v2/products (if available) and select one value (e.g., AEGIS_GOLD); observe the chosen card_product_id is recorded.\n7) Submit the application (Step 3) via POST /v2/applications/{application_id}/submit with card_product_id, e_signature as Base64-encoded typed name (e.g., \"Sm9obiBEb2U=\"), marketing_opt_in omitted; include header X-App-Session=session_token; observe HTTP 200.\n8) Validate the Step 3 response indicates approval; observe decision equals \"APPROVED\".\n9) Validate response fields for approved decision; observe credit_limit is present and card_number_masked is present and masked (no full PAN).",
+    "expectedResult": "1) The application workflow completes in order with Step 1 returning application_id and session_token and Step 2 accepting X-App-Session=session_token.\n2) Step 3 returns HTTP 200 with decision: APPROVED and includes credit_limit and card_number_masked.\n3) The approved response contains card_number_masked (masked card number) and does not expose a full card number in the response payload.",
+    "sourceCitation": {
+      "location": "Section 4 Credit Application Web Flow (Step 1–3), pages 6–8",
+      "excerpt": "The credit application is a multi-step web form submitted across three sequential API calls."
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Login → Application Step1–Step3 pending decision (FICO 600-680) with review_eta_hours",
+    "description": "Verifies an authenticated user can complete the 3-step credit application in order using the Step 1 session_token, and that Step 3 returns the manual review branch for the stated FICO band with review_eta_hours. Automation: MEDIUM — requires a test bureau stub or deterministic FICO band setup to consistently trigger the pending decision branch.",
+    "testId": "TC-E2E-02",
+    "testDescription": "As a portal user, I log in and complete credit application Step 1 (start), Step 2 (financials), and Step 3 (submit) sequentially. When the credit score falls in the specified band, the system must return decision PENDING and include review_eta_hours in the Step 3 response.",
+    "prerequisites": "1) A registered portal user exists with email test+pending600_680@example.com and a known password that meets complexity rules.\n2) The user can successfully authenticate to obtain a valid access token to call /v2 endpoints.\n3) Test environment can deterministically produce a bureau result in the band stated by the requirement (\"FICO 600-680\") for this user/application (e.g., bureau stub/test profile).\n4) Ability to call application APIs in sequence and capture Step 1 outputs application_id and session_token for reuse.\n5) A valid card_product_id is available from GET /v2/products (e.g., AEGIS_GOLD) to use in Step 3.",
+    "stepsToPerform": "1) In the browser, navigate to https://portal.aegiscard.com and open DevTools Network tab; observe that API requests target the v2 base URL.\n2) Log in using the test user credentials via POST /v2/auth/login; observe HTTP 200 and response contains access_token, refresh_token, expires_in.\n3) Start Step 1 by calling POST /v2/applications/start with masked synthetic data (e.g., full_legal_name \"Test User\", email \"test+pending600_680@example.com\", phone_number \"+14165550101\", address fields, id_type \"PASSPORT\", id_number \"A1B2C3D4\"); observe HTTP 201.\n4) From the Step 1 response, capture application_id and session_token; observe both keys are present as documented.\n5) Submit Step 2 financials by calling POST /v2/applications/{application_id}/financials including header X-App-Session: {session_token} and body including employment_status \"EMPLOYED\", employer_name \"TestCo\", gross_annual_income 75000.00, other_income 0.00, monthly_rent 1500.00, existing_debt_payments 250.00, sin_consent true; observe HTTP 200.\n6) Verify Step 2 response contains status \"PENDING_REVIEW\" and fico_pull_id; record fico_pull_id for traceability.\n7) Submit Step 3 by calling POST /v2/applications/{application_id}/submit including card_product_id (e.g., \"AEGIS_GOLD\"), e_signature as a Base64-encoded typed name (e.g., \"VGVzdCBVc2Vy\"), and marketing_opt_in omitted; observe HTTP 200.\n8) Verify Step 3 response decision is \"PENDING\" and includes review_eta_hours; confirm no approval-only fields are present (credit_limit, card_number_masked) for this pending branch.\n9) (Abuse-path check) Re-submit Step 3 with the same application_id but with an invalid/missing X-App-Session header; observe the request is rejected due to invalid/expired session token per Step 2/Step flow requirement (do not accept progression without the session_token).",
+    "expectedResult": "1) Step 1 returns HTTP 201 with response keys application_id and session_token.\n2) Step 2 returns HTTP 200 with response keys \"status: PENDING_REVIEW\" and fico_pull_id when sent with header X-App-Session using the Step 1 session_token.\n3) Step 3 returns HTTP 200 with decision \"PENDING\" and includes review_eta_hours for the specified FICO band; it must not return approval-only keys (credit_limit, card_number_masked) in this branch.\n4) Requests that omit/alter the required application session token for subsequent steps are rejected (prevents bypass of step ordering/session binding).",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 HTTP codes, page 8",
+      "excerpt": "200 Referred to underwriter (FICO 600-680) decision: PENDING, review_eta_hours"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Login → Application Step1–Step3 declined decision (FICO < 600) with reason_code",
+    "description": "Verifies an authenticated user can complete the 3-step credit application in order using the Step 1 session_token, and that Step 3 returns the auto-decline branch for the stated FICO threshold with reason_code. Automation: MEDIUM — requires a test bureau stub or deterministic FICO setup to consistently trigger the decline branch.",
+    "testId": "TC-E2E-03",
+    "testDescription": "As a portal user, I log in and submit an application through Step 1 and Step 2, then submit Step 3. When the credit score is below the specified threshold, the system must return decision DECLINED and include reason_code.",
+    "prerequisites": "1) A registered portal user exists with email test+decline_lt600@example.com and a known password that meets complexity rules.\n2) The user can successfully authenticate to obtain a valid access token to call /v2 endpoints.\n3) Test environment can deterministically produce a bureau result below the stated threshold (\"FICO < 600\") for this user/application (e.g., bureau stub/test profile).\n4) Ability to capture Step 1 outputs application_id and session_token and reuse them for Steps 2 and 3.\n5) A valid card_product_id is available from GET /v2/products (e.g., AEGIS_GOLD) to use in Step 3.",
+    "stepsToPerform": "1) Navigate to https://portal.aegiscard.com and open DevTools Network to observe API requests.\n2) Log in via POST /v2/auth/login with test+decline_lt600@example.com; observe HTTP 200 and response includes access_token, refresh_token, expires_in.\n3) Call POST /v2/applications/start with valid synthetic data (full_legal_name \"Decline User\", email matches authenticated email, phone \"+14165550102\", valid address, id_type \"DRIVERS_LICENSE\", id_number \"DLIC12345\"); observe HTTP 201.\n4) Capture application_id and session_token from Step 1 response; verify both are present.\n5) Call POST /v2/applications/{application_id}/financials with header X-App-Session: {session_token} and valid financials including sin_consent true; observe HTTP 200.\n6) Verify Step 2 response contains status \"PENDING_REVIEW\" and fico_pull_id.\n7) Call POST /v2/applications/{application_id}/submit with card_product_id \"AEGIS_GOLD\" and a valid Base64 e_signature (e.g., \"RGVjbGluZSBVc2Vy\"); observe HTTP 200.\n8) Verify Step 3 response includes decision \"DECLINED\" and includes reason_code.\n9) (Abuse-path check) Attempt to interpret the decline as approved by checking that credit_limit and card_number_masked are not present in the declined branch response; ensure the client does not display masked card number for declined applicants.",
+    "expectedResult": "1) Step 1 returns HTTP 201 with application_id and session_token.\n2) Step 2 returns HTTP 200 with response keys \"status: PENDING_REVIEW\" and fico_pull_id when sent with X-App-Session.\n3) Step 3 returns HTTP 200 with decision \"DECLINED\" and includes reason_code for the specified FICO threshold; it must not include approval-only keys (credit_limit, card_number_masked).\n4) The declined path does not create an approved card artifact exposed to the frontend (no masked card number returned for decline).",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 HTTP codes, page 8",
+      "excerpt": "200 Auto-Declined (FICO < 600) decision: DECLINED, reason_code"
+    }
+  },
+  {
+    "type": "resilience",
+    "title": "API gateway is rate-limited and WAF-protected (observable behavior e.g., 429)",
+    "description": "Validates that the API gateway exhibits observable protection controls by returning a rate-limit response under request burst. This helps protect platform availability from abuse. Automation: HIGH — pure HTTP assertions with controllable load.",
+    "testId": "TC-PLAT-03",
+    "testDescription": "As a client calling the public API gateway, I send a burst of requests to exceed the gateway’s rate limit and verify that the gateway responds with a rate-limit status (e.g., 429), demonstrating the rate-limited, WAF-protected behavior is observable to clients.",
+    "prerequisites": "1) Network access to https://api.aegiscard.com/v2 from a single client IP.\n2) A callable endpoint that can be repeatedly invoked without creating unsafe state (e.g., GET on a safe path) or a dedicated test endpoint; if using a state-changing endpoint, use a disposable test account and ensure cleanup.\n3) Client tooling to generate a controlled burst (e.g., k6/curl loop) and capture HTTP status codes.\n4) Ability to correlate responses per request (timestamps and status codes).",
+    "stepsToPerform": "1) Select a single API route under the gateway (e.g., any v2 endpoint accessible in the environment) and confirm baseline call returns a non-429 response under low rate (1 request).\n2) From a single source IP, send 50 requests in 5 seconds to the selected route while recording each HTTP response code.\n3) Observe whether responses start returning HTTP 429 during the burst; record the first request index that receives 429.\n4) Continue the burst for an additional 10 seconds at the same rate; observe that 429 continues for at least some requests while the burst persists.\n5) Stop sending requests and wait 60 seconds.\n6) Send a single request again; observe that the response is no longer 429 (indicating the limit window has cleared).\n7) (WAF/protection observability) Send one request with an obviously suspicious payload pattern in a benign parameter (only if the chosen endpoint supports it) and observe that the gateway blocks or alters response (if configured); record actual observed status. If not observable, mark as not verifiable from black-box behavior.\n8) Save gateway response headers/body as evidence for rate-limiting behavior (as returned).",
+    "expectedResult": "1) Under burst load, at least one request receives HTTP 429, demonstrating rate limiting is enforced at the gateway.\n2) After waiting, requests return to baseline (non-429) indicating rate limit is time-window based and recoverable.\n3) All observations are attributable to the gateway endpoint https://api.aegiscard.com/v2.\n4) No unexpected sensitive data is returned in 429 responses (only standard error/headers as returned by gateway).",
+    "sourceCitation": {
+      "location": "Web Application Architecture bullets, page 3",
+      "excerpt": "API Gateway: https://api.aegiscard.com/v2 — Rate-limited, WAF-protected"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Verify API calls originate from browser and require JWT Bearer tokens (15-minute expiry mentioned)",
+    "description": "Verifies that API requests from the web portal include JWT Bearer authentication and that the access token enforces the documented short expiry. This reduces risk of session hijack and limits token replay window. Automation: MEDIUM — browser + token-expiry waiting period required.",
+    "testId": "TC-ARCH-01",
+    "testDescription": "As a logged-in user using the browser portal, I observe outgoing API calls and confirm they are authenticated via JWT Bearer tokens, and that tokens expire per the 15-minute expiry requirement by verifying calls fail after expiry unless a new token is obtained.",
+    "prerequisites": "1) A registered portal user exists and can log in successfully.\n2) Ability to use browser DevTools to inspect network requests/headers.\n3) Test environment configured with JWT access tokens that expire per spec.\n4) An authenticated endpoint to call repeatedly (e.g., GET /v2/accounts/{account_id}/summary) with stable results.\n5) Ability to prevent refresh (e.g., disable automatic refresh in test harness or block refresh call) so expiry can be observed.",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com in a fresh browser profile and open DevTools → Network.\n2) Log in to the portal and perform an action that triggers an API call (e.g., load dashboard).\n3) Inspect the captured API request in DevTools and verify an Authorization header is present using the Bearer scheme (record the exact header presence; do not copy the token value into test logs).\n4) Immediately call the same authenticated API endpoint again (via UI refresh or direct fetch) and observe HTTP 200.\n5) Wait until 16 minutes have elapsed since token issuance (exceeding the documented 15-minute expiry).\n6) Trigger the same API call again while preventing any refresh-token rotation behavior (e.g., block /v2/auth/token/refresh in DevTools request blocking); observe the API call is rejected (record actual HTTP status returned).\n7) Re-enable normal behavior and re-authenticate (login again) to obtain a new access token.\n8) Trigger the API call again; observe the request succeeds (HTTP 200) with a newly issued token.\n9) (Abuse-path check) Attempt to call the same endpoint with the Authorization header removed (e.g., replay request without auth using a tool); observe request is rejected (record actual status).",
+    "expectedResult": "1) API calls observed from the portal include an Authorization header using JWT Bearer authentication.\n2) After exceeding the documented expiry window, the access token no longer authorizes API calls (request is rejected when refresh is blocked).\n3) After re-authentication, API calls succeed again with a newly issued token.\n4) Requests without Bearer authentication are rejected (prevents unauthenticated access).",
+    "sourceCitation": {
+      "location": "Section 2 Web Application Architecture, page 2",
+      "excerpt": "All API calls originate from the browser and are authenticated via JWT Bearer tokens with a 15-minute expiry"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Auth governed by OAuth 2.0 Authorization Code Flow with PKCE",
+    "description": "Validates the portal’s login uses OAuth 2.0 Authorization Code Flow with PKCE, ensuring authorization codes cannot be exchanged without the PKCE verifier and reducing interception risk. Automation: MEDIUM — requires browser-level inspection of redirect/auth requests.",
+    "testId": "TC-AUTH-01",
+    "testDescription": "As a user initiating login, I verify the authentication flow uses Authorization Code with PKCE by observing the presence of PKCE parameters and that authorization cannot be completed if PKCE parameters are missing or mismatched.",
+    "prerequisites": "1) Ability to access the portal login page and observe redirects/requests in browser DevTools.\n2) A valid test user account exists.\n3) Test environment exposes the OAuth authorize/token exchange endpoints used by the portal (as visible in network traces).\n4) Tooling to replay/alter the authorization code exchange request (e.g., intercept via proxy) to simulate missing/incorrect PKCE verifier.\n5) Test execution permitted to inspect request parameters without storing secrets (do not persist code_verifier).",
+    "stepsToPerform": "1) Open https://portal.aegiscard.com in a clean browser session and open DevTools Network (preserve log).\n2) Click \"Log in\" to initiate authentication; observe navigation/redirects that begin the OAuth flow.\n3) In the first authorization request, verify PKCE is used by observing presence of PKCE-related parameters (e.g., code_challenge and code_challenge_method) in the authorize request (record parameter names only).\n4) Complete login with valid credentials and observe the redirect back to the portal includes an authorization code (do not log the code value).\n5) Observe the subsequent token exchange request that uses the authorization code; verify the request includes the PKCE verifier parameter (e.g., code_verifier) (record parameter name only).\n6) Using an intercepting proxy (or DevTools override), replay the token exchange request but remove or corrupt the PKCE verifier value; send the modified request.\n7) Observe the modified token exchange fails (record actual HTTP status/error returned).\n8) Repeat the login normally without tampering; observe token issuance succeeds and the user is logged in.\n9) (Abuse-path check) Attempt to redeem the same authorization code twice (if observable); observe the second attempt is rejected (record actual behavior).",
+    "expectedResult": "1) The portal authentication sequence shows an Authorization Code flow that includes PKCE parameters.\n2) Token exchange fails when PKCE verifier is missing or mismatched, preventing code interception/replay.\n3) A normal, untampered flow results in successful login and token issuance.\n4) Replay of an authorization code (if attempted) is rejected, preventing reuse.",
+    "sourceCitation": {
+      "location": "Section 3 User Authentication & Session Management, page 4",
+      "excerpt": "All web portal sessions are governed by OAuth 2.0 Authorization Code Flow with PKCE."
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Registration first_name validation: alpha only and length 2-50 (boundary)",
+    "description": "Validates that user registration enforces first_name constraints (alpha-only and length boundaries) to prevent malformed identity data from entering the system. Automation: HIGH — pure API validation tests.",
+    "testId": "TC-REG-05",
+    "testDescription": "As a new user registering via the API, I attempt to register with first_name values at the allowed boundaries and just outside them, and with non-alpha characters, to verify validation failures produce the documented 400 response with error, field, message.",
+    "prerequisites": "1) Registration endpoint POST /v2/auth/register is reachable in test environment.\n2) A pool of unique emails is available for test runs (e.g., test+regfn_${runId}@example.com).\n3) A valid baseline registration payload is prepared with all required fields valid except first_name.\n4) Test runner can assert HTTP status and response body keys.\n5) Cleanup plan: any successfully created user_ids are tracked and removed/disabled per environment policy (if available).",
+    "stepsToPerform": "1) Prepare a baseline valid registration body with: last_name \"Smith\", email \"test+regfn_${runId}_a@example.com\", password \"Str0ng!Passw0rd\", date_of_birth \"1990-01-01\", phone_number \"+14165550111\", ssn_last4 \"1234\", agree_terms true.\n2) Call POST /v2/auth/register with first_name \"Al\" (length 2); observe HTTP 201 and response contains user_id, verification_token.\n3) Call POST /v2/auth/register with a new unique email and first_name of 50 alphabetic characters (e.g., \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"); observe HTTP 201.\n4) Call POST /v2/auth/register with a new unique email and first_name \"A\" (length 1); observe HTTP 400 and response contains keys error, field, message.\n5) Call POST /v2/auth/register with a new unique email and first_name of 51 alphabetic characters; observe HTTP 400 and response contains keys error, field, message.\n6) Call POST /v2/auth/register with a new unique email and first_name \"Jo3\" (contains digit); observe HTTP 400 and response contains keys error, field, message.\n7) Call POST /v2/auth/register with a new unique email and first_name \"Jo-An\" (contains hyphen); observe HTTP 400 and response contains keys error, field, message.\n8) Verify in each 400 response that field identifies first_name (exact field value as returned by API).\n9) Record created user_id values from successful steps for cleanup/disablement per test environment policy.",
+    "expectedResult": "1) first_name with length 2 and alpha-only is accepted and returns HTTP 201 with user_id and verification_token.\n2) first_name with length 50 and alpha-only is accepted and returns HTTP 201.\n3) first_name length below 2, above 50, or containing non-alpha characters is rejected with HTTP 400 and response body keys error, field, message.\n4) Any created accounts are captured for cleanup actions according to environment policy.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table, page 4",
+      "excerpt": "first_name String ✓ Required Min 2 chars, max 50 chars, alpha only"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Registration email must be RFC 5322 format (reject malformed email)",
+    "description": "Validates registration rejects malformed emails to ensure account identity/contact data meets format expectations and reduces onboarding errors. Automation: HIGH — pure API validation tests.",
+    "testId": "TC-REG-07",
+    "testDescription": "As a new user, I try to register with malformed email addresses and verify the API rejects them with the documented 400 response body keys (error, field, message).",
+    "prerequisites": "1) Registration endpoint POST /v2/auth/register is reachable.\n2) Baseline valid registration payload is prepared with all required fields valid except email.\n3) Test runner can assert HTTP status and response body keys.\n4) Unique valid email(s) are available for control runs.\n5) Cleanup plan exists for any created user_ids from control step.",
+    "stepsToPerform": "1) Call POST /v2/auth/register with a fully valid payload using email \"test+emailctrl_${runId}@example.com\"; observe HTTP 201 and response contains user_id, verification_token.\n2) Call POST /v2/auth/register with email \"plainaddress\" (no @ domain) and other fields valid; observe HTTP 400.\n3) Verify 400 response contains keys error, field, message.\n4) Call POST /v2/auth/register with email \"missingdomain@\" and other fields valid; observe HTTP 400 and keys error, field, message.\n5) Call POST /v2/auth/register with email \"@missinglocal.example.com\" and other fields valid; observe HTTP 400 and keys error, field, message.\n6) Call POST /v2/auth/register with email \"test..dots@example.com\" and other fields valid; observe HTTP 400 and keys error, field, message.\n7) Call POST /v2/auth/register with email \"test+bad space@example.com\" and other fields valid; observe HTTP 400 and keys error, field, message.\n8) For each malformed attempt, verify field indicates email (exact field value as returned).\n9) Record created user_id from the control step for cleanup/disablement per environment policy.",
+    "expectedResult": "1) A valid RFC 5322 formatted email is accepted with HTTP 201 and returns user_id, verification_token.\n2) Malformed emails are rejected with HTTP 400 and response body keys error, field, message.\n3) For malformed cases, the response field identifies email as the failing field.\n4) Any successfully created account from control step is recorded for cleanup per environment policy.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table, page 4",
+      "excerpt": "email String ✓ Required Valid RFC 5322 email format; unique in system"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Registration password minimum 12 chars and includes upper/lower/digit/symbol",
+    "description": "Validates password complexity rules at and around the minimum to reduce account takeover risk; verifies weak passwords trigger the documented WEAK_PASSWORD error. Automation: HIGH — pure API assertions.",
+    "testId": "TC-REG-08",
+    "testDescription": "As a new user registering via API, I submit passwords that meet and fail the complexity rules, including boundary length 11 vs 12, and verify HTTP 422 with error WEAK_PASSWORD for non-compliant passwords.",
+    "prerequisites": "1) Registration endpoint POST /v2/auth/register is reachable.\n2) Unique email addresses available per attempt.\n3) Baseline valid registration payload is prepared with all required fields valid except password.\n4) Test runner can assert HTTP status and specific error codes in response bodies.\n5) Cleanup plan exists for any created user_ids from successful registrations.",
+    "stepsToPerform": "1) Call POST /v2/auth/register with password \"Aa1!aaaaaaaab\" (12+ chars, includes upper/lower/digit/symbol) and email \"test+pwdok_${runId}@example.com\"; observe HTTP 201.\n2) Call POST /v2/auth/register with password length 11 that otherwise includes all classes (e.g., \"Aa1!aaaaaaa\") and a new unique email; observe HTTP 422.\n3) Verify 422 response contains error: WEAK_PASSWORD.\n4) Call POST /v2/auth/register with password \"aaaaaaaaaaaa\" (12 lower only) and new unique email; observe HTTP 422 and error: WEAK_PASSWORD.\n5) Call POST /v2/auth/register with password \"AAAAAAAAAAAA\" (12 upper only) and new unique email; observe HTTP 422 and error: WEAK_PASSWORD.\n6) Call POST /v2/auth/register with password \"Aa!aaaaaaaaaa\" (missing digit) and new unique email; observe HTTP 422 and error: WEAK_PASSWORD.\n7) Call POST /v2/auth/register with password \"Aa1aaaaaaaaaaa\" (missing symbol) and new unique email; observe HTTP 422 and error: WEAK_PASSWORD.\n8) Call POST /v2/auth/register with password \"Aa1!aaaaaaaa\" (exactly 12 chars) and new unique email; observe HTTP 201.\n9) Record user_id values from successful registrations for cleanup/disablement per environment policy.",
+    "expectedResult": "1) Passwords meeting the complexity rule are accepted with HTTP 201.\n2) Passwords failing length (<12) or missing any required character class are rejected with HTTP 422 and error: WEAK_PASSWORD.\n3) The failure response is consistently 422 (not 400) for weak passwords.\n4) Any created accounts are recorded for cleanup actions according to environment policy.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table and HTTP codes, page 4",
+      "excerpt": "password String ✓ Required Min 12 chars; 1 upper, 1 lower, 1 digit, 1 symbol"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Registration date_of_birth must be ISO 8601 YYYY-MM-DD and age >= 18",
+    "description": "Validates date_of_birth formatting and minimum age eligibility at the boundary (exactly 18 vs just under 18), preventing underage account creation. Automation: HIGH — pure API validation with deterministic dates.",
+    "testId": "TC-REG-09",
+    "testDescription": "As a new user registering via API, I submit date_of_birth in correct and incorrect ISO formats and verify the system enforces age >= 18 with a 400 response for malformed required fields.",
+    "prerequisites": "1) Registration endpoint POST /v2/auth/register is reachable.\n2) Test execution date/time is known and fixed for the run (or the test harness can compute dates relative to 'today' consistently).\n3) Unique emails available per attempt.\n4) Baseline valid registration payload prepared with all required fields valid except date_of_birth.\n5) Test runner can assert HTTP status and response body keys error, field, message on 400.",
+    "stepsToPerform": "1) Compute DOB for exactly 18 years ago from today in ISO format YYYY-MM-DD (e.g., if today is 2026-04-29 then DOB=2008-04-29) and prepare payload with email \"test+dob18_${runId}@example.com\"; call POST /v2/auth/register; observe HTTP 201.\n2) Compute DOB for 17 years, 364 days ago (one day younger than 18) in ISO format (e.g., 2008-04-30 if today is 2026-04-29); call POST /v2/auth/register with new unique email; observe HTTP 400.\n3) Verify 400 response contains keys error, field, message.\n4) Submit date_of_birth in non-ISO format \"04/29/2000\" with new unique email; call POST /v2/auth/register; observe HTTP 400.\n5) Verify 400 response contains keys error, field, message.\n6) Submit date_of_birth with invalid ISO shape \"2000-13-01\" (invalid month) with new unique email; observe HTTP 400 with keys error, field, message.\n7) Submit date_of_birth with timestamp form \"2000-01-01T00:00:00Z\" with new unique email; observe HTTP 400 (expects Date in YYYY-MM-DD) with keys error, field, message.\n8) For each failing case, verify field indicates date_of_birth (exact field value as returned).\n9) Record any created user_id from the successful boundary (exactly 18) registration for cleanup/disablement per environment policy.",
+    "expectedResult": "1) date_of_birth in ISO 8601 YYYY-MM-DD with age exactly 18 is accepted (HTTP 201).\n2) date_of_birth that results in age < 18 is rejected with HTTP 400 and response body keys error, field, message.\n3) Malformed/non-YYYY-MM-DD date_of_birth values are rejected with HTTP 400 and response body keys error, field, message.\n4) Any successfully created account is recorded for cleanup per environment policy.",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table, page 4",
+      "excerpt": "date_of_birth Date ✓ Required ISO 8601 (YYYY-MM-DD); age must be >= 18"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Registration phone_number must be E.164 format (reject non-E.164)",
+    "description": "Verifies that user registration rejects phone_number values that are not in E.164 format, preventing invalid contact data from entering identity and OTP workflows. Automation: HIGH — pure API validation and response assertions.",
+    "testId": "TC-REG-10",
+    "testDescription": "As a prospective cardholder, when I register with a non‑E.164 phone number, the API must reject the request as malformed and return the documented 400 error structure.",
+    "prerequisites": "1) API reachable at https://api.aegiscard.com/v2.\n2) Ensure the test email is not already registered (use a unique value like test+reg10-001@example.com).\n3) Prepare a syntactically valid password meeting complexity rules to avoid 422 WEAK_PASSWORD.\n4) Choose a date_of_birth representing age >= 18 to avoid age validation interference.",
+    "stepsToPerform": "1) Prepare a POST request to /v2/auth/register with Content-Type: application/json; confirm request is ready to be sent.\n2) Set request body with valid first_name, last_name, email, password, date_of_birth, ssn_last4, agree_terms=true; confirm all non-phone fields meet the registration table rules.\n3) Set phone_number to a non-E.164 value \"4165551234\" (missing leading '+'); confirm it does not match the E.164 example pattern.\n4) Send the POST /v2/auth/register request; observe the HTTP status code returned.\n5) Verify the response status is 400; observe the response JSON contains keys error, field, message.\n6) Verify response field equals \"phone_number\"; observe the value in the response payload.\n7) Verify response error indicates a missing/malformed required field condition; observe the error value in the response.\n8) Repeat the request with another malformed phone_number value \"++14165551234\"; observe the HTTP status code.\n9) Verify the second response is also 400 and again includes error, field, message with field=\"phone_number\".\n10) Confirm no user_id/verification_token is returned in either failure response; observe absence of those keys in the payload.",
+    "expectedResult": "1) API returns HTTP 400 for non‑E.164 phone_number values.\n2) Response body includes keys \"error, field, message\" and \"field\" equals \"phone_number\".\n3) No account creation artifacts are returned (no user_id, no verification_token), ruling out abusive creation with invalid phone data.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/register",
+    "expectedHttpStatus": "400",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table & HTTP codes, page 4",
+      "excerpt": "phone_number String ✓ Required E.164 format (e.g., +14165551234)"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Registration ssn_last4 must be exactly 4 numeric digits (boundary)",
+    "description": "Verifies boundary conditions for ssn_last4 length and numeric-only constraint during registration to support the identity pre-check input quality. Automation: HIGH — API boundary assertions.",
+    "testId": "TC-REG-11",
+    "testDescription": "As a prospective cardholder, I must provide an ssn_last4 value that is exactly four numeric digits; values with 3 digits, 5 digits, or non-numeric characters must be rejected with the documented 400 error structure.",
+    "prerequisites": "1) API reachable at https://api.aegiscard.com/v2.\n2) Use unique emails per attempt to avoid 409 (e.g., test+reg11-a@example.com, test+reg11-b@example.com, test+reg11-c@example.com).\n3) Valid password meeting complexity rules prepared to avoid 422 WEAK_PASSWORD.\n4) Valid E.164 phone_number prepared (e.g., +14165550111) to isolate ssn_last4 validation.",
+    "stepsToPerform": "1) Create a baseline valid registration payload with all required fields set to valid values; confirm agree_terms=true.\n2) Set ssn_last4 to the boundary-valid value \"1234\"; send POST /v2/auth/register; observe HTTP status.\n3) Verify the response is 201; observe response includes user_id and verification_token.\n4) Create a new registration payload using a new unique email; set ssn_last4 to just-below boundary \"123\"; send POST /v2/auth/register; observe HTTP status.\n5) Verify the response is 400 and includes error, field, message; observe field value.\n6) Create a new registration payload using a new unique email; set ssn_last4 to just-above boundary \"12345\"; send POST /v2/auth/register; observe HTTP status.\n7) Verify the response is 400 and includes error, field, message with field=\"ssn_last4\".\n8) Create a new registration payload using a new unique email; set ssn_last4 to non-numeric \"12A4\"; send POST /v2/auth/register; observe HTTP status.\n9) Verify the response is 400 and includes error, field, message with field=\"ssn_last4\".\n10) For each 400 response, confirm no user_id/verification_token is returned; observe absence of those keys.",
+    "expectedResult": "1) ssn_last4=\"1234\" returns HTTP 201 with response keys \"user_id, verification_token\".\n2) ssn_last4 values \"123\", \"12345\", and \"12A4\" return HTTP 400 with response keys \"error, field, message\" and field=\"ssn_last4\".\n3) Failed attempts do not return account creation artifacts (no user_id, no verification_token).",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/register",
+    "boundaryValues": "Valid: 4 digits \"1234\"; Invalid: 3 digits \"123\"; Invalid: 5 digits \"12345\"; Invalid: alphanumeric \"12A4\"",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration field table, page 4",
+      "excerpt": "ssn_last4 String ✓ Required Exactly 4 numeric digits; for identity pre-check"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Registration returns 400 with error, field, message for missing/malformed required field",
+    "description": "Verifies the registration endpoint returns the documented HTTP 400 structure when a required field is missing or malformed, enabling consistent client-side error handling and preventing partial/ambiguous account creation. Automation: HIGH — API contract assertions.",
+    "testId": "TC-REG-12",
+    "testDescription": "As a client application, when I submit a registration request missing a required field, I must receive HTTP 400 with the response body keys error, field, message, so the UI can highlight the exact field to correct.",
+    "prerequisites": "1) API reachable at https://api.aegiscard.com/v2.\n2) Test email is unique (e.g., test+reg12-001@example.com) to avoid 409.\n3) Valid password meeting complexity rules prepared.\n4) Valid date_of_birth for age >= 18 prepared.\n5) Valid E.164 phone_number and valid ssn_last4 prepared to isolate the missing field behavior.",
+    "stepsToPerform": "1) Prepare a POST request to /v2/auth/register with Content-Type: application/json; confirm endpoint and method are correct.\n2) Build a request body including last_name, email, password, date_of_birth, phone_number, ssn_last4, agree_terms=true; deliberately omit required field first_name; confirm first_name is absent.\n3) Send the request; observe the HTTP status code.\n4) Verify the status code is 400; observe response JSON.\n5) Verify the response JSON contains keys \"error\", \"field\", and \"message\".\n6) Verify the response \"field\" value identifies the missing field as \"first_name\"; observe the field value.\n7) Verify the response does not include \"user_id\" or \"verification_token\"; observe absence.\n8) Send a corrected request including first_name (e.g., \"Alex\") but now set a malformed required field email (e.g., \"not-an-email\"); observe HTTP status.\n9) Verify the status is 400 and response contains keys \"error\", \"field\", \"message\" with field=\"email\".\n10) Confirm again no user_id/verification_token is returned for the malformed email request; observe absence.",
+    "expectedResult": "1) Missing required field triggers HTTP 400.\n2) HTTP 400 response contains keys \"error, field, message\" and \"field\" identifies the specific failing field (e.g., \"first_name\" or \"email\").\n3) No account creation artifacts are returned on 400 (no user_id, no verification_token), preventing abuse via partial registration.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/register",
+    "expectedHttpStatus": "400",
+    "sourceCitation": {
+      "location": "Section 3.1 User Registration HTTP codes, page 4",
+      "excerpt": "400 Missing or malformed required field error, field, message"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Login request requires email to match registered email (reject mismatch format/unknown)",
+    "description": "Verifies login enforces that the email corresponds to a registered account, reducing authentication abuse and ensuring only known identities can request token issuance. Automation: HIGH — API request/response assertions.",
+    "testId": "TC-LOGIN-06",
+    "testDescription": "As a user, I can only log in using the email that matches a registered account; attempts with unknown emails must not succeed and must return an authentication failure code.",
+    "prerequisites": "1) A registered user exists with email test+login06-registered@example.com created via POST /v2/auth/register.\n2) The registered user password is known and valid (synthetic): \"ValidPassw0rd!234\".\n3) API reachable at https://api.aegiscard.com/v2.\n4) Ensure the account is not locked (fewer than 5 failed attempts).",
+    "stepsToPerform": "1) Send POST /v2/auth/login using email \"test+login06-registered@example.com\" and the correct password; observe HTTP status.\n2) Verify status is 200 and response includes access_token, refresh_token, expires_in.\n3) Send POST /v2/auth/login using an unknown email \"test+login06-unknown@example.com\" with the same password; observe HTTP status.\n4) Verify status is 401; observe response JSON error value.\n5) Verify response error equals \"INVALID_CREDENTIALS\"; observe exact string.\n6) Send POST /v2/auth/login using a clearly mismatched email string \"not-an-email\" with any password; observe HTTP status.\n7) Verify the request does not succeed (must not return 200); observe returned status code and that no access_token/refresh_token are issued.\n8) Repeat login with another unknown email \"test+login06-unknown2@example.com\"; observe status.\n9) Verify status remains non-200 and no tokens are issued; observe response.\n10) Confirm that successful login (Step 1) issued tokens only for the registered email, ruling out token issuance to unregistered identities.",
+    "expectedResult": "1) Login with the registered email returns HTTP 200 with response keys \"access_token, refresh_token, expires_in\".\n2) Login with an unknown email returns HTTP 401 with \"error: INVALID_CREDENTIALS\".\n3) For non-registered/mismatched email attempts, no access_token/refresh_token are issued, reducing credential-stuffing/token-minting abuse.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/login",
+    "errorCodeExpected": "INVALID_CREDENTIALS",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance field table, page 5",
+      "excerpt": "email String ✓ Required Must match registered email"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Login device_id accepts UUID v4 for trusted device recognition (format validation)",
+    "description": "Verifies login accepts a UUID v4 formatted device_id and rejects non-UUID v4 values to support trusted device recognition without storing malformed identifiers. Automation: HIGH — API contract and format validation.",
+    "testId": "TC-LOGIN-07",
+    "testDescription": "As a user logging in from a device, I can optionally provide device_id; it must be UUID v4 formatted so the platform can recognize trusted devices reliably.",
+    "prerequisites": "1) A registered user exists with email test+login07@example.com and known valid password \"ValidPassw0rd!234\".\n2) API reachable at https://api.aegiscard.com/v2.\n3) Ensure user account is not locked.\n4) Test runner can capture response body for tokens and errors.",
+    "stepsToPerform": "1) Prepare POST /v2/auth/login payload with valid email/password and device_id=\"550e8400-e29b-41d4-a716-446655440000\"; confirm it follows UUID v4 pattern (version '4').\n2) Send the login request; observe HTTP status.\n3) Verify status is 200 and response includes access_token, refresh_token, expires_in.\n4) Prepare another login request with same email/password but device_id=\"550e8400-e29b-11d4-a716-446655440000\" (version '1', not v4); observe prepared value.\n5) Send the request; observe HTTP status code.\n6) Verify the request does not succeed (must not return 200); observe status and ensure no tokens are issued.\n7) Prepare another login request with device_id=\"not-a-uuid\"; send request; observe status.\n8) Verify the request does not succeed (must not return 200); observe status and that no access_token/refresh_token are issued.\n9) Send a login request with device_id omitted (since optional); observe HTTP status.\n10) Verify omitted device_id request can still succeed with 200 and issues tokens, confirming device_id is optional while format is enforced when present.",
+    "expectedResult": "1) When device_id is a UUID v4, login succeeds with HTTP 200 and returns \"access_token, refresh_token, expires_in\".\n2) When device_id is not UUID v4, login is rejected (non-200) and tokens are not issued.\n3) Omitting device_id still allows successful login, confirming it is optional while protecting trusted-device recognition from malformed identifiers.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/login",
+    "boundaryValues": "Valid UUID v4: 550e8400-e29b-41d4-a716-446655440000; Invalid non-v4: 550e8400-e29b-11d4-a716-446655440000; Invalid: not-a-uuid",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance field table, page 5",
+      "excerpt": "device_id String Optional UUID v4; for trusted device recognition"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "remember_me=true extends refresh token TTL to 30 days",
+    "description": "Verifies the remember_me flag changes refresh token time-to-live behavior to 30 days, ensuring correct session persistence behavior for users who opt in. Automation: MEDIUM — needs token TTL/expiry observability (claims or test environment time control).",
+    "testId": "TC-LOGIN-08",
+    "testDescription": "As a user, when I select 'remember me' during login, the system should extend the refresh token TTL to 30 days so I can stay signed in longer without re-authenticating.",
+    "prerequisites": "1) A registered user exists with email test+login08@example.com and known valid password \"ValidPassw0rd!234\".\n2) API reachable at https://api.aegiscard.com/v2.\n3) Test environment provides a way to verify refresh token TTL (e.g., response metadata, cookie expiry, or introspection in test harness).\n4) Ability to capture Set-Cookie headers (HttpOnly cookie expiry) or token metadata from responses.",
+    "stepsToPerform": "1) Send POST /v2/auth/login with email/password and remember_me=false (or omit remember_me); capture response headers and body.\n2) Verify HTTP 200 and response contains access_token, refresh_token, expires_in.\n3) Record the refresh token expiry/TTL observable from the response mechanism available (e.g., cookie Expires/Max-Age for refresh token storage) as Baseline_TTL.\n4) Send POST /v2/auth/login again with same email/password and remember_me=true; capture response headers and body.\n5) Verify HTTP 200 and response contains access_token, refresh_token, expires_in.\n6) Record the refresh token expiry/TTL observable from the response mechanism as RememberMe_TTL.\n7) Verify RememberMe_TTL corresponds to 30 days; compare against Baseline_TTL to ensure it is extended.\n8) Perform POST /v2/auth/token/refresh using the refresh_token from the remember_me=true login; observe HTTP status.\n9) Verify refresh succeeds (HTTP 200) and returns new access_token and refresh_token, confirming the longer-lived refresh token is usable.\n10) Cleanup: invalidate the obtained refresh token by performing one successful refresh rotation (single-use) and discard tokens; confirm old refresh is no longer usable by attempting reuse and observing 401 TOKEN_INVALID.",
+    "expectedResult": "1) With remember_me=true, refresh token TTL is extended to 30 days as observable via token/cookie expiry metadata.\n2) Login succeeds with HTTP 200 and returns \"access_token, refresh_token, expires_in\".\n3) Abuse-path ruled out: refresh token rotation still applies; reusing an old refresh token yields HTTP 401 with error TOKEN_INVALID.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/login",
+    "sourceCitation": {
+      "location": "Section 3.2 Login & Token Issuance field table, page 5",
+      "excerpt": "remember_me Boolean Optional Extends refresh token TTL to 30 days if true"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Token refresh requires refresh_token field (missing should fail)",
+    "description": "Verifies the token refresh endpoint enforces the required refresh_token field, preventing ambiguous refresh attempts and reducing attack surface for token issuance. Automation: HIGH — API contract validation.",
+    "testId": "TC-REFRESH-04",
+    "testDescription": "As a client, when I call the token refresh endpoint without providing refresh_token, the request must fail because refresh_token is required.",
+    "prerequisites": "1) API reachable at https://api.aegiscard.com/v2.\n2) A user can successfully log in to obtain a valid refresh_token for control comparison.\n3) Test harness can send JSON bodies and capture status/response payload.\n4) Ensure no proxy automatically injects refresh_token field.",
+    "stepsToPerform": "1) Perform POST /v2/auth/login with a valid registered email/password; observe HTTP 200.\n2) Capture refresh_token from the login response for later control request; confirm it is present.\n3) Prepare POST /v2/auth/token/refresh with an empty JSON body {} (omit refresh_token); confirm field is absent.\n4) Send the refresh request; observe HTTP status code.\n5) Verify the request fails (must not return 200); observe response body.\n6) Prepare another refresh request with JSON body {\"refresh_token\": \"\"} (empty string); confirm malformed value.\n7) Send the refresh request; observe HTTP status code.\n8) Verify the request fails (must not return 200); observe response body.\n9) Send a control refresh request with the valid refresh_token captured in step 2; observe HTTP status.\n10) Verify control request succeeds with HTTP 200 and returns access_token and refresh_token, confirming failures were due to missing/malformed required field rather than environment issues.",
+    "expectedResult": "1) Requests missing refresh_token (or with empty refresh_token) fail (non-200), preventing token issuance without the required input.\n2) A valid refresh_token succeeds with HTTP 200 and returns \"access_token, refresh_token\".\n3) Abuse-path ruled out: system does not mint new access tokens when refresh_token is absent.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/auth/token/refresh",
+    "sourceCitation": {
+      "location": "Section 3.3 Token Refresh & Logout field table, page 5",
+      "excerpt": "refresh_token String ✓ Required"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 phone_number must be E.164 format for OTP verification",
+    "description": "Verifies credit application Step 1 enforces E.164 phone_number formatting to support OTP verification, preventing downstream OTP delivery failures. Automation: HIGH — API validation assertions.",
+    "testId": "TC-APP1-05",
+    "testDescription": "As an authenticated applicant, when starting an application, my phone_number must be E.164 formatted; the API must accept valid E.164 and reject invalid values with validation failure.",
+    "prerequisites": "1) User is authenticated (obtain access_token via POST /v2/auth/login).\n2) Use an email in Step 1 that matches the authenticated user email.\n3) API reachable at https://api.aegiscard.com/v2.\n4) Prepare a valid residential_address and ID fields to avoid other validation failures.",
+    "stepsToPerform": "1) Log in with a registered user and capture access_token; confirm HTTP 200.\n2) Prepare POST /v2/applications/start with Authorization: Bearer <access_token>; confirm header is set.\n3) Send Step 1 payload with phone_number=\"+14165550123\" (E.164) and otherwise valid fields; observe HTTP status.\n4) Verify status is 201 and response includes application_id and session_token.\n5) Prepare a second Step 1 request (use a different authenticated user or ensure no active application conflict) with phone_number=\"4165550123\" (non-E.164); observe prepared value.\n6) Send the request; observe HTTP status.\n7) Verify status is 400 and response includes error, field, message; observe field.\n8) Verify field equals \"phone_number\"; observe value.\n9) Send another invalid phone_number value \"+1 (416) 555-0123\"; observe HTTP status.\n10) Verify status is 400 with error, field, message and field=\"phone_number\"; confirm no application_id/session_token are returned on failure.",
+    "expectedResult": "1) Valid E.164 phone_number returns HTTP 201 with \"application_id, session_token\".\n2) Invalid phone_number values return HTTP 400 with \"error, field, message\" and field=\"phone_number\".\n3) Abuse-path ruled out: API does not create application/session artifacts when OTP phone format is invalid.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/applications/start",
+    "expectedHttpStatus": "201 for valid; 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "phone_number String ✓ Required E.164 format; for OTP verification"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 address.street max 100 chars (boundary)",
+    "description": "Verifies the Step 1 personal information address.street maximum length boundary to ensure address data fits schema constraints and downstream integrations. Automation: HIGH — API boundary testing.",
+    "testId": "TC-APP1-06",
+    "testDescription": "As an applicant, I must provide address.street with a maximum length of 100 characters; values at 100 characters must be accepted, and 101 must be rejected with validation failure.",
+    "prerequisites": "1) User is authenticated and has a valid access_token.\n2) Step 1 email matches authenticated user email.\n3) Ensure no active application in progress for this user to avoid 409 DUPLICATE_APPLICATION.\n4) Prepare valid values for all other required Step 1 fields including E.164 phone_number, address.city, province, postal_code, id_type, id_number.",
+    "stepsToPerform": "1) Log in and capture access_token; confirm HTTP 200.\n2) Construct a 100-character street string S100 (e.g., \"123\" + 97 'A's) and verify length=100.\n3) Send POST /v2/applications/start with address.street=S100 and otherwise valid payload; observe HTTP status.\n4) Verify status is 201 and response includes application_id and session_token.\n5) Construct a 101-character street string S101 (S100 + \"B\") and verify length=101.\n6) Send POST /v2/applications/start for a different user (or after ensuring no active application conflict) with address.street=S101; observe HTTP status.\n7) Verify status is 400 and response includes error, field, message.\n8) Verify field equals \"address.street\"; observe exact field value.\n9) Confirm the 400 response does not include application_id or session_token; observe absence.\n10) Re-send with a shorter street (e.g., length 20) to confirm endpoint still accepts valid lengths; observe HTTP 201 with application_id/session_token.",
+    "expectedResult": "1) address.street length=100 is accepted (HTTP 201) returning \"application_id, session_token\".\n2) address.street length=101 is rejected with HTTP 400 including \"error, field, message\" and field=\"address.street\".\n3) No application creation artifacts are returned for the rejected over-limit request.",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/applications/start",
+    "boundaryValues": "Max=100 chars (accepted), 101 chars (rejected)",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "address.street String ✓ Required Max 100 chars"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 address.city max 60 chars (boundary)",
+    "description": "Verifies the Step 1 personal information address.city maximum length boundary to keep address data within defined limits and avoid truncation/validation issues. Automation: HIGH — API boundary testing.",
+    "testId": "TC-APP1-07",
+    "testDescription": "As an applicant, I must provide address.city with a maximum length of 60 characters; values at 60 characters must be accepted, and 61 must be rejected with validation failure.",
+    "prerequisites": "1) User is authenticated and has a valid access_token.\n2) Step 1 email matches authenticated user email.\n3) Ensure no active application in progress for this user to avoid 409 DUPLICATE_APPLICATION.\n4) Prepare valid values for all other required Step 1 fields including E.164 phone_number and address.street within 100 chars.",
+    "stepsToPerform": "1) Log in and capture access_token; confirm HTTP 200.\n2) Construct a 60-character city string C60 (e.g., 60 'C' characters) and verify length=60.\n3) Send POST /v2/applications/start with address.city=C60 and otherwise valid payload; observe HTTP status.\n4) Verify status is 201 and response includes application_id and session_token.\n5) Construct a 61-character city string C61 (C60 + \"D\") and verify length=61.\n6) Send POST /v2/applications/start for a different user (or after ensuring no active application conflict) with address.city=C61; observe HTTP status.\n7) Verify status is 400 and response includes error, field, message.\n8) Verify field equals \"address.city\"; observe the field value in the response.\n9) Confirm the 400 response does not include application_id or session_token; observe absence.\n10) Send a valid request with a typical city (e.g., \"Toronto\") to confirm success path remains available; observe HTTP 201 with application_id/session_token.",
+    "expectedResult": "1) address.city length=60 is accepted (HTTP 201) returning \"application_id, session_token\".\n2) address.city length=61 is rejected with HTTP 400 including \"error, field, message\" and field=\"address.city\".\n3) The rejected request does not create an application (no application_id/session_token returned).",
+    "apiEndpoint": "POST https://api.aegiscard.com/v2/applications/start",
+    "boundaryValues": "Max=60 chars (accepted), 61 chars (rejected)",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "address.city String ✓ Required Max 60 chars"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 province must be 2-char ISO 3166-2 code",
+    "description": "Verifies Step 1 (Personal Information) enforces the province format constraint to prevent invalid address capture that can break downstream eligibility, identity checks, and fulfillment. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP1-08",
+    "testDescription": "As an applicant starting a credit application, when I submit Step 1 with address.province values at the boundary (2 characters) and just past the boundary (3 characters), the API should accept only values that conform to the required 2-char ISO 3166-2 code and reject non-conforming lengths with a validation error payload.",
+    "prerequisites": "1) Test user is authenticated (valid session/cookies) so Step 1 can be submitted.\n2) No active credit application is in progress for the authenticated user (avoid 409 DUPLICATE_APPLICATION).\n3) API base URL reachable: https://api.aegiscard.com/v2.\n4) Valid Step 1 payload template prepared with all required fields populated except address.province varies per attempt.",
+    "stepsToPerform": "1) Prepare a valid Step 1 request body with full_legal_name \"Taylor QA\", email matching the authenticated user (e.g., \"test+app108@example.com\"), phone_number \"+14165550123\", address.street \"100 Test St\", address.city \"Toronto\", address.postal_code \"M5V 2T6\", id_type \"PASSPORT\", id_number \"A1B2C3D4\".\n2) Set address.province to a valid 2-character code \"ON\".\n3) Send POST https://api.aegiscard.com/v2/applications/start with Content-Type: application/json and the body from Steps 1-2.\n4) Observe the HTTP status and response body.\n5) Create a second Step 1 request identical to Step 1 but set address.province to a 3-character value \"ONT\" (just past boundary).\n6) Send POST /v2/applications/start with the updated body.\n7) Observe the HTTP status and response body keys for validation failure.\n8) Create a third Step 1 request identical to Step 1 but set address.province to a 1-character value \"O\" (just under boundary).\n9) Send POST /v2/applications/start with the updated body.\n10) Observe the HTTP status and response body keys for validation failure.",
+    "expectedResult": "1) For province=\"ON\", API responds 201 with response body including application_id and session_token.\n2) For province=\"ONT\" (3 chars), API responds 400 and response body includes keys error, field, message; field indicates the province field (e.g., \"address.province\").\n3) For province=\"O\" (1 char), API responds 400 and response body includes keys error, field, message; field indicates the province field (e.g., \"address.province\").",
+    "apiEndpoint": "POST /v2/applications/start",
+    "httpMethod": "POST",
+    "boundaryValues": "Valid boundary: \"ON\" (2 chars); invalid just over: \"ONT\" (3 chars); invalid just under: \"O\" (1 char)",
+    "expectedHttpStatus": "201 for valid, 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "address.province String ✓ Required 2-char ISO 3166-2 code (e.g., ON, CA)"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 postal_code must match Canadian format A1A 1A1",
+    "description": "Verifies Step 1 enforces Canadian postal code formatting to ensure address validation and delivery processes receive normalized data. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP1-09",
+    "testDescription": "As an applicant, when I submit Step 1 with a correctly formatted Canadian postal code and with near-miss formats (missing space / invalid pattern), the API should accept only the required format and return a validation failure payload for invalid inputs.",
+    "prerequisites": "1) Test user is authenticated (valid session/cookies).\n2) No active credit application is in progress for the authenticated user.\n3) Valid Step 1 payload template prepared with all required fields populated except address.postal_code varies per attempt.\n4) Use a fresh email tied to the authenticated user to satisfy email matching requirement.",
+    "stepsToPerform": "1) Prepare a valid Step 1 request body with full_legal_name \"Morgan QA\", email matching the authenticated user (e.g., \"test+app109@example.com\"), phone_number \"+14165550124\", address.street \"200 Test Ave\", address.city \"Ottawa\", address.province \"ON\", id_type \"DRIVERS_LICENSE\", id_number \"D1E2F3G4\".\n2) Set address.postal_code to a valid Canadian format value \"K1A 0B1\".\n3) Send POST https://api.aegiscard.com/v2/applications/start with the body from Steps 1-2.\n4) Observe the HTTP status and confirm success response keys.\n5) Create a second request identical to Step 1 but set address.postal_code to \"K1A0B1\" (missing space; near-miss).\n6) Send POST /v2/applications/start and observe the HTTP status.\n7) Verify the response body includes error, field, message for the invalid postal code.\n8) Create a third request identical to Step 1 but set address.postal_code to \"123 456\" (invalid pattern).\n9) Send POST /v2/applications/start and observe the HTTP status.\n10) Verify the response body includes error, field, message for the invalid postal code.",
+    "expectedResult": "1) For postal_code=\"K1A 0B1\", API responds 201 with application_id and session_token.\n2) For postal_code=\"K1A0B1\", API responds 400 with response body keys error, field, message; field indicates the postal code field (e.g., \"address.postal_code\").\n3) For postal_code=\"123 456\", API responds 400 with response body keys error, field, message; field indicates the postal code field (e.g., \"address.postal_code\").",
+    "apiEndpoint": "POST /v2/applications/start",
+    "httpMethod": "POST",
+    "testDataMasked": "Valid: K1A 0B1; Invalid: K1A0B1, 123 456",
+    "expectedHttpStatus": "201 for valid, 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "address.postal_code String ✓ Required Canadian format: A1A 1A1"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 id_type must be one of PASSPORT, DRIVERS_LICENSE, PR_CARD",
+    "description": "Verifies Step 1 restricts government ID type to the allowed enumeration to ensure consistent identity verification handling and prevent unsupported document processing. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP1-10",
+    "testDescription": "As an applicant, when I submit Step 1 with each allowed id_type value, the request should be accepted; when I submit Step 1 with an unsupported id_type, it should be rejected with a validation error payload.",
+    "prerequisites": "1) Authenticated test user available.\n2) No active application exists for the user.\n3) Valid Step 1 payload template prepared with all required fields populated and varied id_type per attempt.\n4) Email in payload matches authenticated user email.",
+    "stepsToPerform": "1) Prepare a valid Step 1 request body (all required fields valid) with address.province \"ON\" and address.postal_code \"M5V 2T6\", id_number \"ZXCV1234\".\n2) Set id_type to \"PASSPORT\" and send POST https://api.aegiscard.com/v2/applications/start.\n3) Observe the HTTP status and response keys.\n4) Using a test environment reset/cleanup for active application (or a distinct authenticated user), set id_type to \"DRIVERS_LICENSE\" and send POST /v2/applications/start.\n5) Observe the HTTP status and response keys.\n6) Using a test environment reset/cleanup for active application (or a distinct authenticated user), set id_type to \"PR_CARD\" and send POST /v2/applications/start.\n7) Observe the HTTP status and response keys.\n8) Using a test environment reset/cleanup for active application (or a distinct authenticated user), set id_type to an invalid value \"NATIONAL_ID\" and send POST /v2/applications/start.\n9) Observe the HTTP status for validation failure.\n10) Verify the response body includes error, field, message and field indicates id_type.",
+    "expectedResult": "1) For id_type in {\"PASSPORT\",\"DRIVERS_LICENSE\",\"PR_CARD\"}, API responds 201 with application_id and session_token.\n2) For id_type=\"NATIONAL_ID\", API responds 400 with response body keys error, field, message; field indicates \"id_type\".\n3) No additional side effects are asserted beyond the documented response codes and body keys.",
+    "apiEndpoint": "POST /v2/applications/start",
+    "httpMethod": "POST",
+    "validationRulesCovered": "Enum constraint for id_type",
+    "expectedHttpStatus": "201 for allowed enum values; 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "id_type Enum ✓ Required {PASSPORT, DRIVERS_LICENSE, PR_CARD}"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 1 id_number must be alphanumeric and max 20 chars (boundary)",
+    "description": "Verifies Step 1 enforces id_number character set and maximum length to prevent storing malformed IDs and to keep consistent identity document processing. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP1-11",
+    "testDescription": "As an applicant, when I submit Step 1 with id_number at the maximum length (20 alphanumeric characters) it should be accepted; when I submit Step 1 with 21 characters or with non-alphanumeric characters it should be rejected with a validation error payload.",
+    "prerequisites": "1) Authenticated test user available.\n2) No active application exists for the user.\n3) Valid Step 1 payload template prepared with all required fields valid; vary id_number only.\n4) Email in payload matches authenticated user email.",
+    "stepsToPerform": "1) Prepare a valid Step 1 request body with id_type \"PASSPORT\" and other required fields valid (province \"ON\", postal_code \"K1A 0B1\").\n2) Set id_number to exactly 20 alphanumeric characters: \"AB12CD34EF56GH78IJ90\".\n3) Send POST https://api.aegiscard.com/v2/applications/start.\n4) Observe that the response is successful and capture application_id/session_token.\n5) Using a test environment reset/cleanup for active application (or a distinct authenticated user), set id_number to 21 alphanumeric characters: \"AB12CD34EF56GH78IJ901\".\n6) Send POST /v2/applications/start and observe the HTTP status.\n7) Verify the response body includes error, field, message and field indicates id_number.\n8) Using a test environment reset/cleanup for active application (or a distinct authenticated user), set id_number to a non-alphanumeric value (includes hyphen) \"ABC-123\".\n9) Send POST /v2/applications/start and observe the HTTP status.\n10) Verify the response body includes error, field, message and field indicates id_number.",
+    "expectedResult": "1) For id_number=\"AB12CD34EF56GH78IJ90\" (20 chars, alphanumeric), API responds 201 with application_id and session_token.\n2) For id_number=\"AB12CD34EF56GH78IJ901\" (21 chars), API responds 400 with response body keys error, field, message; field indicates \"id_number\".\n3) For id_number=\"ABC-123\" (non-alphanumeric), API responds 400 with response body keys error, field, message; field indicates \"id_number\".",
+    "apiEndpoint": "POST /v2/applications/start",
+    "httpMethod": "POST",
+    "boundaryValues": "Max valid length: 20; invalid just over: 21",
+    "testDataMasked": "id_number values are synthetic",
+    "expectedHttpStatus": "201 for valid; 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information field table, page 6",
+      "excerpt": "id_number String ✓ Required Alphanumeric; max 20 chars"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 1 validation failure returns 400 with error, field, message",
+    "description": "Verifies the API returns the documented 400 validation failure contract (error, field, message), enabling consistent client-side error handling and reducing the risk of ambiguous failures. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP1-12",
+    "testDescription": "As a client submitting Step 1, when any required field is invalid, the API must respond with HTTP 400 and a response body containing error, field, and message.",
+    "prerequisites": "1) Authenticated test user available.\n2) No active application exists for the user.\n3) Step 1 request template ready with all required fields; one field will be intentionally invalid.\n4) Test runner can capture and assert JSON response keys.",
+    "stepsToPerform": "1) Prepare a Step 1 request body with all required fields valid except address.postal_code.\n2) Set address.postal_code to an invalid value \"INVALID\".\n3) Send POST https://api.aegiscard.com/v2/applications/start.\n4) Observe the HTTP status code.\n5) Parse the response as JSON.\n6) Assert the response JSON contains the top-level keys: error, field, message.\n7) Assert the field value points to the invalid input field (postal code field).\n8) Correct the invalid field by setting address.postal_code to a valid value \"K1A 0B1\".\n9) Resend POST /v2/applications/start.\n10) Observe that the corrected submission is accepted (success code) to confirm the prior failure was validation-related.",
+    "expectedResult": "1) When a field is invalid, API responds with HTTP 400.\n2) The 400 response body contains keys: error, field, message.\n3) When the invalid field is corrected, API responds 201 with application_id and session_token.",
+    "apiEndpoint": "POST /v2/applications/start",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "400 for invalid, 201 for corrected",
+    "sourceCitation": {
+      "location": "Section 4.1 Step 1 — Personal Information HTTP codes table, page 6",
+      "excerpt": "400 Validation failure on any field error, field, message"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 2 other_income defaults to 0.00 when omitted",
+    "description": "Verifies Step 2 applies the documented default value for other_income when the client omits it, preventing calculation inconsistencies and UI/API mismatches. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-05",
+    "testDescription": "As an applicant continuing a credit application, when I submit Step 2 financials without other_income, the system should treat other_income as 0.00 (default) and accept the submission.",
+    "prerequisites": "1) Step 1 completed successfully and returned application_id and session_token.\n2) session_token is available to send in header \"X-App-Session\" for Step 2.\n3) session_token is not expired (within 30 minutes of issuance).\n4) Step 2 required fields values prepared (employment_status, gross_annual_income, monthly_rent, existing_debt_payments, sin_consent).",
+    "stepsToPerform": "1) Complete Step 1 by sending POST https://api.aegiscard.com/v2/applications/start with valid required fields to obtain application_id and session_token.\n2) Record application_id from the Step 1 response.\n3) Record session_token from the Step 1 response.\n4) Prepare Step 2 request body including employment_status \"EMPLOYED\", employer_name \"TestCo Ltd\", gross_annual_income 85000.00, monthly_rent 1800.00, existing_debt_payments 250.00, sin_consent true, and OMIT other_income entirely.\n5) Send POST https://api.aegiscard.com/v2/applications/{application_id}/financials with header X-App-Session: {session_token} and the body from Step 4.\n6) Observe HTTP status code.\n7) Parse response JSON and verify it includes status and fico_pull_id.\n8) Re-submit Step 2 again (in a fresh application created via Steps 1-3) but this time include other_income explicitly as 0.00.\n9) Observe HTTP status code and response keys.\n10) Compare the observed outcomes between omitted and explicit 0.00 to confirm omission does not cause validation failure and is treated as default behavior.",
+    "expectedResult": "1) When other_income is omitted, Step 2 responds 200 with response body including status: PENDING_REVIEW and fico_pull_id.\n2) When other_income is explicitly set to 0.00, Step 2 also responds 200 with response body including status: PENDING_REVIEW and fico_pull_id.\n3) No 400 is returned due to missing other_income because it is optional with a default when omitted.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "requestHeaders": "X-App-Session: <session_token from Step 1>",
+    "testDataMasked": "employer_name \"TestCo Ltd\"; incomes are synthetic",
+    "expectedHttpStatus": "200",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information field table, page 7",
+      "excerpt": "other_income Decimal Optional Default 0.00 if omitted"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 2 monthly_rent allows 0 if homeowner (boundary)",
+    "description": "Verifies Step 2 monthly_rent accepts 0 at the documented boundary to support homeowner applicants while still rejecting negative values. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP2-06",
+    "testDescription": "As an applicant, when I submit Step 2 with monthly_rent at the boundary value 0.00, the API should accept it; when I submit monthly_rent just below the boundary (negative), it should reject with a 400 validation error payload.",
+    "prerequisites": "1) Step 1 completed successfully and returned application_id and session_token.\n2) session_token available for X-App-Session header and not expired.\n3) Step 2 required fields prepared with valid values; vary monthly_rent only.\n4) Test environment allows creating multiple applications (or use distinct test users) to avoid conflicts.",
+    "stepsToPerform": "1) Complete Step 1 to obtain application_id and session_token.\n2) Prepare Step 2 request with employment_status \"RETIRED\", gross_annual_income 60000.00, existing_debt_payments 0.00, sin_consent true.\n3) Set monthly_rent to 0.00.\n4) Send POST https://api.aegiscard.com/v2/applications/{application_id}/financials with X-App-Session header.\n5) Observe HTTP status and response keys.\n6) Create a new application by completing Step 1 again to obtain a new application_id and session_token.\n7) Prepare the same Step 2 request but set monthly_rent to -0.01 (just past boundary invalid).\n8) Send POST /v2/applications/{application_id}/financials with X-App-Session header.\n9) Observe HTTP status.\n10) Verify the 400 response body contains error, field, message and field indicates monthly_rent.",
+    "expectedResult": "1) For monthly_rent=0.00, API responds 200 with response body including status: PENDING_REVIEW and fico_pull_id.\n2) For monthly_rent=-0.01, API responds 400 with response body keys error, field, message; field indicates \"monthly_rent\".\n3) No other undocumented behavior is asserted.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "boundaryValues": "Valid boundary: 0.00; invalid just under: -0.01",
+    "expectedHttpStatus": "200 for 0.00, 400 for negative",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information field table, page 7",
+      "excerpt": "monthly_rent Decimal ✓ Required Positive or 0 (if homeowner)"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 2 existing_debt_payments uses Decimal(10,2) precision (boundary)",
+    "description": "Verifies Step 2 enforces the documented Decimal(10,2) precision for existing_debt_payments to avoid rounding/precision errors in affordability and underwriting computations. Automation: HIGH — pure API validation assertions.",
+    "testId": "TC-APP2-07",
+    "testDescription": "As an applicant, when I submit Step 2 with existing_debt_payments at 2 decimal places it should be accepted; when I submit with more than 2 decimal places it should be rejected as an invalid financial field.",
+    "prerequisites": "1) Step 1 completed successfully and returned application_id and session_token.\n2) session_token available for X-App-Session header and not expired.\n3) Step 2 required fields prepared with valid values; vary existing_debt_payments only.\n4) Ability to create multiple applications (or use distinct test users) to run both boundary attempts independently.",
+    "stepsToPerform": "1) Complete Step 1 to obtain application_id and session_token.\n2) Prepare Step 2 request with employment_status \"SELF_EMPLOYED\", gross_annual_income 120000.00, monthly_rent 1500.00, sin_consent true.\n3) Set existing_debt_payments to 1234.56 (2 decimal places).\n4) Send POST https://api.aegiscard.com/v2/applications/{application_id}/financials with X-App-Session header.\n5) Observe HTTP status and confirm response includes status and fico_pull_id.\n6) Create a new application by completing Step 1 again to obtain a new application_id and session_token.\n7) Prepare the same Step 2 request but set existing_debt_payments to 1234.567 (3 decimal places; just past precision).\n8) Send POST /v2/applications/{application_id}/financials with X-App-Session header.\n9) Observe HTTP status.\n10) Verify the 400 response body contains error, field, message and field indicates existing_debt_payments.",
+    "expectedResult": "1) For existing_debt_payments=1234.56, API responds 200 with response body including status: PENDING_REVIEW and fico_pull_id.\n2) For existing_debt_payments=1234.567, API responds 400 with response body keys error, field, message; field indicates \"existing_debt_payments\".\n3) Precision enforcement aligns with the documented Decimal(10,2) requirement.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "boundaryValues": "Valid: 1234.56; invalid: 1234.567",
+    "expectedHttpStatus": "200 for valid, 400 for invalid",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information field table, page 7",
+      "excerpt": "existing_debt_payments Decimal ✓ Required Total monthly obligations; Decimal(10,2)"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Step 2 rejects invalid or missing financial field with 400 including error, field, message",
+    "description": "Verifies Step 2 returns the documented 400 response contract for invalid or missing financial fields, enabling consistent client error handling and reducing underwriting data quality risks. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP2-08",
+    "testDescription": "As an applicant, when I submit Step 2 missing a required financial field, the API should return 400 with error, field, message.",
+    "prerequisites": "1) Step 1 completed successfully and returned application_id and session_token.\n2) session_token available for X-App-Session header and not expired.\n3) Valid Step 2 payload template prepared with all required fields, with one required field intentionally omitted.\n4) Test runner can parse and assert JSON response keys.",
+    "stepsToPerform": "1) Complete Step 1 to obtain application_id and session_token.\n2) Prepare a Step 2 request body with employment_status \"EMPLOYED\", employer_name \"TestCo Ltd\", monthly_rent 1200.00, existing_debt_payments 100.00, sin_consent true.\n3) Intentionally OMIT gross_annual_income from the Step 2 request body.\n4) Send POST https://api.aegiscard.com/v2/applications/{application_id}/financials with header X-App-Session: {session_token}.\n5) Observe the HTTP status code.\n6) Parse the response body as JSON.\n7) Assert the response contains keys error, field, message.\n8) Assert the field value indicates the missing field (gross_annual_income).\n9) Submit Step 2 again (in a fresh application) with gross_annual_income included as 75000.00 to confirm the endpoint accepts valid payload.\n10) Observe the 200 response and confirm it includes status and fico_pull_id.",
+    "expectedResult": "1) When a required Step 2 field is missing, API responds 400.\n2) The 400 response body includes keys: error, field, message; field identifies the missing/invalid field.\n3) When the missing field is supplied with a valid value, API responds 200 with response body including status: PENDING_REVIEW and fico_pull_id.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/financials",
+    "httpMethod": "POST",
+    "expectedHttpStatus": "400 for missing/invalid; 200 for valid",
+    "sourceCitation": {
+      "location": "Section 4.2 Step 2 — Financial Information HTTP codes table, page 7",
+      "excerpt": "400 Invalid or missing financial field error, field, message"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Step 3 requires card_product_id from GET /v2/products (referenced source of values)",
+    "description": "Verifies Step 3 enforces that the selected card product uses a value sourced from the products catalog endpoint, ensuring valid product selection and preventing unsupported product issuance requests. Automation: MEDIUM — depends on product catalog availability but remains API-driven.",
+    "testId": "TC-APP3-06",
+    "testDescription": "As an applicant ready to submit the final application, I must select a card_product_id that comes from GET /v2/products; the API should accept a known product id from that list and reject an arbitrary value as a validation failure.",
+    "prerequisites": "1) Step 1 completed successfully and returned application_id and session_token.\n2) Step 2 completed successfully for the same application_id and returned status: PENDING_REVIEW and fico_pull_id.\n3) session_token available for X-App-Session header for Step 3 and not expired.\n4) Ability to call GET /v2/products to obtain at least one valid card_product_id (e.g., AEGIS_GOLD).",
+    "stepsToPerform": "1) Call GET https://api.aegiscard.com/v2/products and capture one returned product identifier as card_product_id_valid.\n2) Complete Step 1 by calling POST https://api.aegiscard.com/v2/applications/start and capture application_id and session_token.\n3) Submit Step 2 by calling POST https://api.aegiscard.com/v2/applications/{application_id}/financials with X-App-Session: {session_token} and valid required fields; confirm 200.\n4) Prepare a Step 3 request body with card_product_id set to card_product_id_valid from Step 1.\n5) Set e_signature to a Base64-encoded typed name (synthetic) value, e.g., \"VGVzdCBTaWduYXR1cmU=\".\n6) Send POST https://api.aegiscard.com/v2/applications/{application_id}/submit with header X-App-Session: {session_token}.\n7) Observe HTTP status (expected 200 per decision table) and confirm response includes a decision field.\n8) Create a new application (repeat Steps 2-3) to obtain a new application_id and session_token for an invalid product attempt.\n9) Submit Step 3 with card_product_id set to an arbitrary value not from the products list, e.g., \"NOT_A_REAL_PRODUCT\" while keeping e_signature valid.\n10) Observe the HTTP status and validate that an invalid card_product_id triggers a validation failure response shape consistent with field validation errors (HTTP 400 with error/field/message).",
+    "expectedResult": "1) Step 3 submission using a card_product_id obtained from GET /v2/products responds 200 and includes decision in the response body.\n2) Step 3 submission using an arbitrary card_product_id not from GET /v2/products is rejected with HTTP 400 (validation failure).\n3) No additional decision outcome specifics are asserted beyond the presence of decision for the valid submission, since approval bands depend on FICO and are outside this test’s scope.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "X-App-Session: <session_token from Step 1>",
+    "testDataMasked": "e_signature \"VGVzdCBTaWduYXR1cmU=\" is synthetic Base64; product IDs are from catalog",
+    "expectedHttpStatus": "200 for valid product id; 400 for invalid product id",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 — Decision & Card Selection field table, page 7",
+      "excerpt": "card_product_id String ✓ Required From GET /v2/products; e.g., AEGIS_GOLD"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Step 3 requires Base64-encoded typed name signature (e_signature)",
+    "description": "Verifies that Credit Application Step 3 enforces the required e_signature format as a Base64-encoded typed-name signature and rejects missing/malformed signatures. This protects application integrity and ensures a consistent signature artifact for downstream decisioning. Automation: HIGH — pure API assertions.",
+    "testId": "TC-APP3-07",
+    "testDescription": "As an authenticated applicant who has completed Steps 1 and 2, when I submit Step 3 I must provide an e_signature that is a Base64-encoded typed name signature; otherwise the API must reject the request with the documented error.",
+    "prerequisites": "1) A registered portal user is authenticated and has a valid Authorization Bearer token.\n2) A credit application exists from Step 1 (application_id) and Step 1 response provided a session_token.\n3) Step 2 (POST /v2/applications/{application_id}/financials) has completed successfully for the same application_id.\n4) The Step 1 session_token is still valid and will be sent in header X-App-Session for Step 3.\n5) A valid card_product_id value is available (e.g., 'AEGIS_GOLD').",
+    "stepsToPerform": "1) Prepare Step 3 endpoint 'POST /v2/applications/{application_id}/submit' using the Step 1 application_id and include Authorization Bearer token.\n2) Include header 'X-App-Session' with the Step 1 session_token; observe request is constructed with required session context.\n3) Submit Step 3 request body WITHOUT the 'e_signature' field (include card_product_id only); observe the API response.\n4) Verify the response HTTP status is 400; observe response body contains 'error'.\n5) Verify response body 'error' equals 'SIGNATURE_REQUIRED'; observe exact error code is returned.\n6) Submit Step 3 again with 'e_signature' present but clearly malformed (e.g., 'NOT_BASE64@@@') and same card_product_id; observe the API response.\n7) Verify the response HTTP status is 400 and response body 'error' equals 'SIGNATURE_REQUIRED'; observe malformed signature is rejected.\n8) Submit Step 3 again with a Base64-encoded typed name signature, e.g., typed name 'Test User' => e_signature 'VGVzdCBVc2Vy', and same card_product_id; observe the API response.\n9) Verify the response HTTP status is 200; observe response body contains a 'decision' field (value may vary by credit score logic).\n10) Verify the successful response does NOT include an 'error' field; observe signature validation passes when Base64 is provided.",
+    "expectedResult": "1) Missing e_signature returns HTTP 400 with response body error: SIGNATURE_REQUIRED.\n2) Malformed e_signature returns HTTP 400 with response body error: SIGNATURE_REQUIRED.\n3) Base64-encoded typed name signature allows processing and returns HTTP 200 with a decision field present.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{\n  \"card_product_id\": \"AEGIS_GOLD\",\n  \"e_signature\": \"VGVzdCBVc2Vy\"\n}",
+    "errorCodeExpected": "SIGNATURE_REQUIRED",
+    "validationRulesCovered": "e_signature required; e_signature Base64-encoded typed name signature",
+    "boundaryValues": "e_signature missing vs malformed vs valid Base64 string",
+    "rolesAndAccess": "Role: Authenticated portal user/applicant",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 field table, page 7; Step 3 HTTP codes, page 8",
+      "excerpt": "e_signature String ✓ Required Base64-encoded typed name signature"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Decision boundary: FICO exactly 680 follows 600-680 band and returns PENDING",
+    "description": "Verifies credit decision banding at the upper boundary of the underwriter referral range so that an applicant with FICO exactly 680 is not auto-approved and is instead returned as PENDING. This prevents incorrect approvals at the decision threshold. Automation: MEDIUM — requires controlling the bureau/decisioning input.",
+    "testId": "TC-APP3-08",
+    "testDescription": "As an applicant submitting Step 3, when the credit score returned/used by decisioning is exactly 680, the system must return decision PENDING and include review_eta_hours as specified for the 600-680 band.",
+    "prerequisites": "1) A registered portal user is authenticated and has a valid Authorization Bearer token.\n2) An application exists with application_id and session_token from Step 1, and Step 2 has been accepted.\n3) Test environment can force/seed the decisioning engine (or bureau soft pull result) so the FICO used for REQ-002 is exactly 680 for this application.\n4) X-App-Session session_token is unexpired (within 30 minutes) for the Step 3 call.\n5) A valid card_product_id is available (e.g., 'AEGIS_GOLD').",
+    "stepsToPerform": "1) Configure the test double/stub for the bureau/decisioning input so that the application's FICO used at submit time is exactly 680; observe configuration saved for this application_id.\n2) Build the Step 3 request to 'POST /v2/applications/{application_id}/submit' with Authorization Bearer token and header X-App-Session session_token.\n3) Use a valid card_product_id and a valid Base64 typed signature (e.g., 'VGVzdCBVc2Vy'); observe request payload is complete.\n4) Submit the Step 3 request; observe HTTP response status.\n5) Verify HTTP status is 200; observe response contains 'decision'.\n6) Verify response field 'decision' equals 'PENDING'; observe it is not 'APPROVED'.\n7) Verify response contains 'review_eta_hours'; observe that it is present for PENDING outcomes.\n8) Verify response does NOT contain 'credit_limit' and does NOT contain 'card_number_masked' (fields are for APPROVED); observe they are absent.\n9) Re-run Step 3 submission for a second application configured with FICO 681 (just past boundary); observe response.\n10) Verify the FICO 681 application returns decision 'APPROVED' and includes approval-only fields; observe boundary separation at 680 vs 681.",
+    "expectedResult": "1) With FICO exactly 680, Step 3 returns HTTP 200 with decision: PENDING.\n2) PENDING response includes review_eta_hours.\n3) A just-past-boundary FICO of 681 returns decision: APPROVED (demonstrating correct boundary behavior).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{\n  \"card_product_id\": \"AEGIS_GOLD\",\n  \"e_signature\": \"VGVzdCBVc2Vy\"\n}",
+    "validationRulesCovered": "Decision band: Referred to underwriter (FICO 600-680) => decision PENDING",
+    "boundaryValues": "FICO 680 (at boundary), FICO 681 (just past boundary)",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 decision bands, page 8",
+      "excerpt": "Referred to underwriter (FICO 600-680) decision: PENDING, review_eta_hours"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Decision boundary: FICO exactly 599 returns DECLINED with reason_code",
+    "description": "Verifies that applicants just below the minimum FICO threshold are auto-declined and receive the required reason_code. This supports consistent adverse-action handling and prevents unintended manual review or approvals for <600 scores. Automation: MEDIUM — requires controlling the bureau/decisioning input.",
+    "testId": "TC-APP3-10",
+    "testDescription": "As an applicant submitting Step 3, when the decisioning FICO is exactly 599 (i.e., < 600), the system must return decision DECLINED and include a reason_code.",
+    "prerequisites": "1) A registered portal user is authenticated and has a valid Authorization Bearer token.\n2) An application exists with application_id and session_token from Step 1, and Step 2 has completed successfully.\n3) Test environment can force/seed the decisioning FICO to exactly 599 for this application.\n4) X-App-Session session_token is still valid for Step 3.\n5) A valid card_product_id is available (e.g., 'AEGIS_GOLD').",
+    "stepsToPerform": "1) Configure the decisioning/bureau stub so the application returns FICO = 599; observe stub configuration is applied.\n2) Prepare Step 3 submission request with Authorization Bearer token and header X-App-Session session_token.\n3) Provide request body with card_product_id and valid Base64 e_signature 'VGVzdCBVc2Vy'; observe required fields are present.\n4) Submit Step 3; observe HTTP response.\n5) Verify HTTP status is 200; observe response body includes 'decision'.\n6) Verify decision equals 'DECLINED'; observe it is not 'PENDING' or 'APPROVED'.\n7) Verify response body includes 'reason_code'; observe it is present for declines.\n8) Verify response does NOT include 'review_eta_hours' and does NOT include 'card_number_masked'; observe those fields are absent.\n9) Submit Step 3 for a second application configured with FICO 600 (just past boundary); observe response.\n10) Verify the FICO 600 application returns decision PENDING (not declined); observe correct boundary separation at 599 vs 600.",
+    "expectedResult": "1) With FICO 599, Step 3 returns HTTP 200 with decision: DECLINED.\n2) Declined response includes reason_code.\n3) Declined response does not include approval/pending-only fields (card_number_masked, review_eta_hours).",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{\n  \"card_product_id\": \"AEGIS_GOLD\",\n  \"e_signature\": \"VGVzdCBVc2Vy\"\n}",
+    "validationRulesCovered": "Auto-Declined band for FICO < 600",
+    "boundaryValues": "FICO 599 (at boundary), FICO 600 (just past boundary)",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 decision bands, page 8",
+      "excerpt": "Auto-Declined (FICO < 600) decision: DECLINED, reason_code"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Approved decision returns card_number_masked field (masking presence)",
+    "description": "Verifies that an APPROVED credit decision includes the card_number_masked field as specified, ensuring sensitive card data is not returned in full while still providing a usable masked identifier. This supports PCI-oriented data minimization. Automation: MEDIUM — requires forcing approval condition (FICO > 680).",
+    "testId": "TC-APP3-11",
+    "testDescription": "As an applicant whose FICO triggers auto-approval, when I submit Step 3 the response must include decision APPROVED along with credit_limit and card_number_masked.",
+    "prerequisites": "1) A registered portal user is authenticated and has a valid Authorization Bearer token.\n2) Application created via Step 1 with application_id and session_token, and Step 2 completed successfully.\n3) Test environment can force/seed decisioning so the FICO used at Step 3 is > 680.\n4) X-App-Session session_token is unexpired for Step 3.\n5) A valid card_product_id is available (e.g., 'AEGIS_GOLD').",
+    "stepsToPerform": "1) Configure decisioning/bureau stub so the application's FICO is set to 681 (just above threshold); observe the configuration is active.\n2) Prepare Step 3 request to 'POST /v2/applications/{application_id}/submit' with Authorization Bearer token.\n3) Include header X-App-Session with the Step 1 session_token; observe header is present.\n4) Set request body card_product_id 'AEGIS_GOLD' and e_signature 'VGVzdCBVc2Vy' (Base64); observe payload validity.\n5) Submit Step 3; observe HTTP response status.\n6) Verify HTTP status is 200 and response decision equals 'APPROVED'; observe approval branch executed.\n7) Verify response includes 'credit_limit'; observe field presence.\n8) Verify response includes 'card_number_masked'; observe field presence.\n9) Verify response does NOT include 'reason_code' (decline-only) and does NOT include 'review_eta_hours' (pending-only); observe absence.\n10) Capture and store the approved response for cleanup/reference; observe no further submit retries are needed for this test.",
+    "expectedResult": "1) With FICO > 680, Step 3 returns HTTP 200 with decision: APPROVED.\n2) APPROVED response includes credit_limit and card_number_masked.\n3) APPROVED response does not include reason_code or review_eta_hours.",
+    "apiEndpoint": "POST /v2/applications/{application_id}/submit",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-App-Session: <session_token>",
+    "requestBodyExampleMasked": "{\n  \"card_product_id\": \"AEGIS_GOLD\",\n  \"e_signature\": \"VGVzdCBVc2Vy\"\n}",
+    "rolesAndAccess": "Role: Authenticated portal user/applicant",
+    "sourceCitation": {
+      "location": "Section 4.3 Step 3 HTTP codes, page 8",
+      "excerpt": "decision: APPROVED, credit_limit, card_number_masked"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Initiate transaction enforces account_id must belong to authenticated user (path param ownership)",
+    "description": "Verifies authorization control that prevents a user from initiating transactions against another user's account_id. This blocks IDOR abuse paths on money-moving endpoints. Automation: HIGH — pure API assertions with two test users.",
+    "testId": "TC-TXN-07",
+    "testDescription": "As an authenticated user, when I attempt to initiate a transaction using an account_id that does not belong to me, the system must reject the request, preventing unauthorized posting of transactions.",
+    "prerequisites": "1) Two distinct test users exist: UserA and UserB, each with valid Authorization Bearer tokens.\n2) UserA has an account_id_A; UserB has a different account_id_B.\n3) Card/account for UserB is in a state that would otherwise allow transactions (so failure is due to ownership, not inactivity).\n4) CSRF header requirements (if enforced in environment) are satisfied consistently for both users (e.g., valid X-CSRF-Token) to avoid confounding failures.\n5) A baseline valid transaction payload is available (amount > 0, valid merchant fields).",
+    "stepsToPerform": "1) Authenticate as UserA and confirm token is active by calling any owner-scoped endpoint for account_id_A (e.g., GET summary if available); observe success.\n2) As UserA, construct POST '/v2/accounts/{account_id}/transactions' using account_id_B in the path; observe mismatch between token subject and account.\n3) Set request body with transaction_amount '10.00', merchant_name 'Test Merchant', merchant_id 'TESTMERCHANT01', mcc_code '5411'; observe payload meets field validations.\n4) Submit the transaction initiation request; observe HTTP status and response body.\n5) Verify the request is rejected due to ownership enforcement (no transaction approval payload fields like transaction_id/auth_code are returned); observe non-approval outcome.\n6) Capture response 'error' field if present and store it for review; observe that authorization failure is surfaced.\n7) As UserB, submit the same request to the same endpoint but with account_id_B and identical body; observe HTTP status.\n8) Verify UserB receives a 200 Approved response including transaction_id (or other documented approval keys); observe the payload differs from the rejected attempt.\n9) Verify no transaction was posted to UserB's account as a result of UserA's rejected attempt by calling GET /v2/accounts/{account_id_B}/transactions as UserB and confirming no new record matching the attempted merchant_id/amount exists; observe history unchanged.\n10) Cleanup: If UserB’s valid transaction in step 7 posted successfully and test environment requires cleanup, record transaction_id for later reversal/manual cleanup outside this test; observe transaction_id captured.",
+    "expectedResult": "1) POST transaction with account_id not owned by authenticated user is rejected and does not return approval keys (transaction_id/auth_code).\n2) Same request by the rightful owner succeeds (200 Approved; includes transaction_id).\n3) Rejected attempt does not create a transaction record on the target account (verified via transaction listing).",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-CSRF-Token: <csrf_token_if_applicable>",
+    "requestBodyExampleMasked": "{\n  \"transaction_amount\": \"10.00\",\n  \"merchant_name\": \"Test Merchant\",\n  \"merchant_id\": \"TESTMERCHANT01\",\n  \"mcc_code\": \"5411\",\n  \"transaction_type\": \"PURCHASE\",\n  \"description\": \"QA ownership enforcement test\"\n}",
+    "rolesAndAccess": "Role under test: Authenticated cardholder (UserA) attempting IDOR; expected denial.\nAbuse path covered: IDOR on path param account_id for money-moving endpoint.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "account_id UUID ✓ Required Path param; must belong to authenticated user"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction transaction_amount uses Decimal(10,2) precision (boundary)",
+    "description": "Verifies that transaction_amount adheres to the documented Decimal(10,2) precision, accepting 2-decimal inputs at the boundary and rejecting values with more than 2 decimal places. This protects monetary precision and posting accuracy. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-08",
+    "testDescription": "As an authenticated user initiating a transaction, I must be able to submit amounts in Decimal(10,2) format (two decimal places), and the API must reject amounts that violate the two-decimal precision.",
+    "prerequisites": "1) A test user is authenticated with a valid Authorization Bearer token.\n2) The user has a valid account_id that belongs to them and is eligible for transactions.\n3) Card/account status is Active or Frozen as required for transactions (so validation focuses on amount precision).\n4) If CSRF is enforced in the environment, a valid X-CSRF-Token is available for POST requests.\n5) Known-valid merchant fields are available: merchant_name <= 100 chars, merchant_id alphanumeric <= 32, mcc_code 4 digits.",
+    "stepsToPerform": "1) Construct POST '/v2/accounts/{account_id}/transactions' with valid headers (Authorization, and X-CSRF-Token if applicable); observe request readiness.\n2) Submit a transaction with transaction_amount '99999999.99' (8 digits before decimal + 2 decimals) and valid merchant fields; observe HTTP response.\n3) Verify response is 200 Approved (or other non-validation failure per account state) and does not return error: INVALID_AMOUNT; observe acceptance of Decimal(10,2) formatted amount.\n4) Submit a transaction with transaction_amount '0.01' and valid merchant fields; observe HTTP response.\n5) Verify response is not 422 INVALID_AMOUNT (since > 0.00) and does not fail for precision; observe 2-decimal minimum positive works.\n6) Submit a transaction with transaction_amount '1.001' (3 decimal places) keeping all other fields valid; observe HTTP response.\n7) Verify the request is rejected as a validation failure (non-200) and does not return approval keys (transaction_id/auth_code); observe precision violation handling.\n8) Submit a transaction with transaction_amount '1.00' (exactly two decimals) using same merchant; observe HTTP response.\n9) Verify response succeeds (200 Approved) and includes transaction_id; observe valid precision accepted.\n10) Cleanup: Record any successful transaction_id values for environment cleanup procedures; observe IDs captured.",
+    "expectedResult": "1) Amounts formatted with exactly 2 decimals (e.g., 99999999.99, 0.01, 1.00) are accepted without precision-related validation failures.\n2) Amount with more than 2 decimal places (e.g., 1.001) is rejected and does not return approval keys.\n3) Rejection is attributable to input validation (not insufficient funds/card inactive), since all other fields are valid and account is eligible.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-CSRF-Token: <csrf_token_if_applicable>",
+    "boundaryValues": "99999999.99 (max scale within 10,2), 0.01 (min positive), 1.001 (precision just past 2 decimals)",
+    "validationRulesCovered": "transaction_amount Decimal(10,2)",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "transaction_amount Decimal ✓ Required Decimal(10,2); must be > 0.00"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction merchant_name max 100 chars (boundary)",
+    "description": "Verifies the merchant_name length constraint at 100 characters, accepting at the max boundary and rejecting just beyond it. This prevents oversized merchant strings from impacting storage, statements, and UI rendering. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-09",
+    "testDescription": "As an authenticated user initiating a transaction, when I provide merchant_name with length up to 100 characters it should be accepted, and when I exceed 100 characters it should be rejected as a validation failure.",
+    "prerequisites": "1) A test user is authenticated with a valid Authorization Bearer token.\n2) The user has a valid account_id that belongs to them.\n3) Card/account status is eligible for transactions to avoid confounding errors.\n4) If CSRF is enforced, a valid X-CSRF-Token is available.\n5) Baseline valid fields ready: transaction_amount '10.00', merchant_id 'MERCHANTABC123', mcc_code '5812', transaction_type 'PURCHASE'.",
+    "stepsToPerform": "1) Create a merchant_name_100 string of exactly 100 characters (e.g., 'M' repeated 100) and merchant_name_101 string of 101 characters ('M' repeated 101); observe exact lengths verified in the test script.\n2) Build POST '/v2/accounts/{account_id}/transactions' with valid headers; observe request setup.\n3) Submit a transaction with merchant_name = merchant_name_100 and all other fields valid; observe HTTP response.\n4) Verify response is 200 Approved (or at least not a 400 validation failure) and includes transaction_id when approved; observe 100-char acceptance.\n5) Submit a transaction with merchant_name = merchant_name_101 with the same otherwise-valid payload; observe HTTP response.\n6) Verify response is rejected as a validation failure (non-200) and does not include transaction_id/auth_code; observe >100 not accepted.\n7) Re-submit with a normal merchant_name 'QA Merchant' to confirm endpoint still functions; observe HTTP response.\n8) Verify normal merchant_name succeeds (200 Approved) showing the prior failure was tied to length; observe successful posting.\n9) If transactions were approved in steps 3/7, call GET /v2/accounts/{account_id}/transactions and verify the posted transaction(s) show merchant_name as sent for the 100-char case; observe correct persistence for accepted boundary.\n10) Cleanup: record transaction_id(s) for later test data cleanup if required; observe IDs captured.",
+    "expectedResult": "1) merchant_name length exactly 100 is accepted (transaction can be approved and returns transaction_id).\n2) merchant_name length 101 is rejected as a validation failure and does not return approval keys.\n3) Accepted boundary case persists merchant_name as provided (verified via transaction listing if available).",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-CSRF-Token: <csrf_token_if_applicable>",
+    "boundaryValues": "merchant_name length 100 (at max), 101 (just over max)",
+    "validationRulesCovered": "merchant_name max 100 chars",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "merchant_name String ✓ Required Max 100 chars"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction merchant_id alphanumeric max 32 chars (boundary)",
+    "description": "Verifies that merchant_id accepts only alphanumeric characters and enforces a maximum length of 32 characters, rejecting values that exceed the limit or include non-alphanumeric characters. This supports consistent merchant identifiers for reconciliation and downstream reporting. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-10",
+    "testDescription": "As an authenticated user initiating a transaction, when I provide an alphanumeric merchant_id up to 32 characters it should be accepted; when I exceed 32 characters or include non-alphanumeric characters it must be rejected.",
+    "prerequisites": "1) A test user is authenticated with a valid Authorization Bearer token.\n2) The user has a valid owner account_id eligible for transactions.\n3) If CSRF is enforced, a valid X-CSRF-Token is available.\n4) Baseline valid payload fields exist: transaction_amount '12.34', merchant_name 'QA Store', mcc_code '5411', transaction_type 'PURCHASE'.\n5) Test script can generate deterministic strings and measure their length.",
+    "stepsToPerform": "1) Generate merchant_id_32 as exactly 32 alphanumeric chars (e.g., 'A1' repeated 16 => 'A1A1...'(32 chars)); verify length is 32.\n2) Generate merchant_id_33 as 33 alphanumeric chars (append 'Z'); verify length is 33.\n3) Generate merchant_id_badchars with non-alphanumeric characters (e.g., 'MERCHANT-01'); observe it includes '-'.\n4) Submit POST '/v2/accounts/{account_id}/transactions' with merchant_id_32 and otherwise-valid payload; observe HTTP response.\n5) Verify response is 200 Approved (or not a validation failure) and includes transaction_id when approved; observe 32-char acceptance.\n6) Submit the same request with merchant_id_33; observe HTTP response.\n7) Verify response is rejected as validation failure (non-200) and does not return transaction_id/auth_code; observe >32 rejected.\n8) Submit the same request with merchant_id_badchars ('MERCHANT-01'); observe HTTP response.\n9) Verify response is rejected as validation failure (non-200) and does not return approval keys; observe non-alphanumeric rejected.\n10) Submit again with a normal merchant_id 'MERCHANT01' to confirm endpoint operates with valid IDs; observe successful approval response.",
+    "expectedResult": "1) merchant_id with 32 alphanumeric characters is accepted.\n2) merchant_id with 33 characters is rejected as a validation failure.\n3) merchant_id containing non-alphanumeric characters is rejected as a validation failure.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-CSRF-Token: <csrf_token_if_applicable>",
+    "boundaryValues": "merchant_id length 32 (max), 33 (just over), non-alphanumeric 'MERCHANT-01'",
+    "validationRulesCovered": "merchant_id Alphanumeric; max 32 chars",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "merchant_id String ✓ Required Alphanumeric; max 32 chars"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Initiate transaction requires 4-digit ISO 18245 mcc_code (reject non-4-digit)",
+    "description": "Verifies mcc_code format enforcement to ensure exactly a 4-digit ISO 18245 merchant category code is provided, rejecting non-4-digit values. This prevents category-based logic and statement classification errors. Automation: HIGH — pure API assertions.",
+    "testId": "TC-TXN-11",
+    "testDescription": "As an authenticated user initiating a transaction, the system must accept only 4-digit mcc_code values and reject inputs that are not exactly 4 digits.",
+    "prerequisites": "1) A test user is authenticated with a valid Authorization Bearer token.\n2) The user has a valid owner account_id eligible for transactions.\n3) If CSRF is enforced, a valid X-CSRF-Token is available.\n4) Baseline valid payload fields exist: transaction_amount '20.00', merchant_name 'QA Cafe', merchant_id 'QACAFE01', transaction_type 'PURCHASE'.\n5) Test harness can send multiple requests and capture HTTP status + response body.",
+    "stepsToPerform": "1) Build POST '/v2/accounts/{account_id}/transactions' with valid headers and baseline valid fields; observe ready state.\n2) Submit with valid 4-digit mcc_code '5812'; observe HTTP response.\n3) Verify response is 200 Approved (or at least not rejected for MCC format) and includes transaction_id when approved; observe 4-digit accepted.\n4) Submit with mcc_code '123' (3 digits) keeping all other fields valid; observe HTTP response.\n5) Verify response is rejected as a validation failure (non-200) and does not include approval keys; observe 3-digit rejected.\n6) Submit with mcc_code '12345' (5 digits); observe HTTP response.\n7) Verify response is rejected as a validation failure (non-200) and does not include approval keys; observe 5-digit rejected.\n8) Submit with mcc_code '12A4' (contains non-digit); observe HTTP response.\n9) Verify response is rejected as a validation failure (non-200) and does not include approval keys; observe non-digit rejected.\n10) Submit again with valid mcc_code '5411' to confirm endpoint still accepts correct format; observe normal success response.",
+    "expectedResult": "1) 4-digit mcc_code (e.g., 5812/5411) is accepted and does not cause validation failure.\n2) Non-4-digit mcc_code values (3-digit, 5-digit, or containing non-digits) are rejected as validation failures and do not return approval keys.\n3) The rejection prevents transaction posting (no transaction_id returned) for invalid mcc_code attempts.",
+    "apiEndpoint": "POST /v2/accounts/{account_id}/transactions",
+    "httpMethod": "POST",
+    "requestHeaders": "Authorization: Bearer <access_token>\nX-CSRF-Token: <csrf_token_if_applicable>",
+    "boundaryValues": "Valid: '5812'; Invalid: '123', '12345', '12A4'",
+    "validationRulesCovered": "mcc_code 4-digit ISO 18245 Merchant Category Code",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "mcc_code String ✓ Required 4-digit ISO 18245 Merchant Category Code"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Initiate transaction currency_code defaults to CAD when omitted",
+    "description": "Verifies that when initiating a web transaction without providing currency_code, the system applies the documented default currency (CAD). This prevents inconsistent currency handling and ensures predictable posting for browser-initiated transactions. Automation: HIGH (pure API assertions).",
+    "testId": "TC-TXN-12",
+    "testDescription": "As an authenticated cardholder initiating a web transaction, when I omit the optional currency_code field, the transaction should be treated as CAD by default as per the API field definition.",
+    "prerequisites": "1) Valid authenticated user session with access token (Bearer) available for API calls.\n2) An account_id UUID that 'must belong to authenticated user' (owned test account).\n3) Card on the account is in a state that is not blocked by the transaction API (so request can be approved rather than failing for unrelated reasons).\n4) The account has sufficient available credit to approve a small test transaction (e.g., 10.00 CAD).",
+    "stepsToPerform": "1) Prepare a POST request to /v2/accounts/{account_id}/transactions with Authorization set for the authenticated user; observe request is ready to submit.\n2) Set request body with required fields and OMIT currency_code: {\"transaction_amount\":10.00,\"merchant_name\":\"Test Merchant CA\",\"merchant_id\":\"TMCA123456\",\"mcc_code\":\"5411\",\"transaction_type\":\"PURCHASE\",\"description\":\"Default currency test\"}; observe currency_code is not present.\n3) Submit the POST request; observe an HTTP response is returned.\n4) Verify the response HTTP status is 200; observe response contains transaction_id.\n5) Capture transaction_id from the response; observe it is non-empty.\n6) Call GET /v2/accounts/{account_id}/transactions (same auth) with a date range that includes today; observe HTTP 200 with transactions[] returned.\n7) Locate the created transaction using transaction_id; observe the transaction record is present in the list.\n8) Verify the transaction currency is treated as CAD by default by checking the transaction record displays/returns currency_code as CAD (or CAD-denominated amount as applicable in the response object); observe it is CAD.\n9) (Abuse-path check) Repeat Step 2 but explicitly set currency_code:\"CAD\" with same amount and merchant_id \"TMCA123457\"; observe it also returns 200, showing explicit CAD behaves consistently with default behavior.\n10) Cleanup: if the test environment supports reversal/void, remove or mark the test transaction for cleanup via standard test data cleanup process; observe cleanup ticket/log entry created (or note left for batch cleanup).",
+    "expectedResult": "1) POST /v2/accounts/{account_id}/transactions without currency_code returns HTTP 200 and includes transaction_id.\n2) The created transaction is listed in GET /v2/accounts/{account_id}/transactions and shows currency_code = CAD (default applied) consistent with the specification.\n3) No unexpected error codes (e.g., INVALID_AMOUNT, CARD_INACTIVE) are returned for this valid request.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "currency_code String Optional ISO 4217 (e.g., USD, EUR); default CAD"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction transaction_type must be one of PURCHASE, CASH_ADVANCE, BALANCE_TRANSFER",
+    "description": "Ensures transaction_type input is constrained to the documented enum set to prevent invalid posting types and downstream ledger issues. Automation: HIGH (API validation).",
+    "testId": "TC-TXN-14",
+    "testDescription": "As an authenticated user, when I initiate a transaction I must provide a transaction_type that matches the allowed enum. The API should accept each allowed value and reject an unknown value.",
+    "prerequisites": "1) Valid authenticated user session with access token (Bearer).\n2) Owned account_id UUID eligible for transactions.\n3) Card status allows transactions.\n4) Sufficient available credit to approve three small transactions (e.g., 3 x 1.00 CAD).",
+    "stepsToPerform": "1) Prepare POST /v2/accounts/{account_id}/transactions with Authorization; observe ready state.\n2) Submit request with transaction_type:\"PURCHASE\" and transaction_amount 1.00; observe HTTP response is returned.\n3) Verify HTTP 200 and capture transaction_id for PURCHASE; observe transaction_id is present.\n4) Submit request with transaction_type:\"CASH_ADVANCE\" and transaction_amount 1.00 (different merchant_id); observe HTTP response is returned.\n5) Verify HTTP 200 and capture transaction_id for CASH_ADVANCE; observe transaction_id is present.\n6) Submit request with transaction_type:\"BALANCE_TRANSFER\" and transaction_amount 1.00 (different merchant_id); observe HTTP response is returned.\n7) Verify HTTP 200 and capture transaction_id for BALANCE_TRANSFER; observe transaction_id is present.\n8) Submit request with transaction_type:\"REVERSAL\" (unknown) and transaction_amount 1.00; observe HTTP response is returned.\n9) Verify the unknown transaction_type request is rejected; observe a non-200 response and capture exact error payload returned.\n10) Call GET /v2/accounts/{account_id}/transactions and verify the three valid transaction_ids exist and no transaction exists for the rejected request; observe list matches expectation.",
+    "expectedResult": "1) Requests with transaction_type PURCHASE, CASH_ADVANCE, and BALANCE_TRANSFER are accepted (HTTP 200) and return transaction_id.\n2) A request with an unknown transaction_type is rejected and does not create a transaction.\n3) Only the documented enum values are accepted for transaction_type.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "transaction_type Enum ✓ Required {PURCHASE, CASH_ADVANCE, BALANCE_TRANSFER}"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Initiate transaction description max 255 chars (boundary)",
+    "description": "Validates that the optional description field enforces the documented 255-character maximum, preventing statement rendering issues and data truncation risks. Automation: HIGH (API validation + retrieval).",
+    "testId": "TC-TXN-15",
+    "testDescription": "As an authenticated user, I can include an optional description that appears on the statement, but it must be no more than 255 characters. The API should accept 255 chars and reject 256 chars.",
+    "prerequisites": "1) Valid authenticated user session with access token (Bearer).\n2) Owned account_id UUID eligible for transactions.\n3) Card status allows transactions.\n4) Sufficient available credit for two small transactions (e.g., 2 x 2.00 CAD).",
+    "stepsToPerform": "1) Construct a 255-character ASCII description string D255 (e.g., 255 'A' characters); observe length verified as 255.\n2) Submit POST /v2/accounts/{account_id}/transactions with description=D255 and amount 2.00; observe HTTP response returned.\n3) Verify HTTP 200 and capture transaction_id_255; observe transaction_id_255 is present.\n4) Construct a 256-character ASCII description string D256 (e.g., 256 'B' characters); observe length verified as 256.\n5) Submit another POST /v2/accounts/{account_id}/transactions with description=D256 and amount 2.00; observe HTTP response returned.\n6) Verify the D256 request is rejected; observe non-200 response and capture exact error payload returned.\n7) Call GET /v2/accounts/{account_id}/transactions for date range including today; observe HTTP 200 with transactions[].\n8) Locate transaction_id_255 and verify description is stored/returned exactly as submitted (255 chars); observe match.\n9) Verify there is no transaction corresponding to the rejected D256 attempt (by searching merchant_id used for D256); observe none.\n10) Cleanup: mark transaction_id_255 for test cleanup; observe cleanup note recorded.",
+    "expectedResult": "1) A transaction with description length 255 is accepted (HTTP 200) and is retrievable with the same description.\n2) A transaction with description length 256 is rejected and does not create a transaction.\n3) The system enforces the documented maximum length for description.",
+    "sourceCitation": {
+      "location": "Section 5.1 Initiate a Web Payment field table, page 9",
+      "excerpt": "description String Optional Max 255 chars; appears on statement"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "List transactions pagination: page min 1 (boundary)",
+    "description": "Verifies pagination boundary for the list-transactions endpoint: page must be at least 1 and defaults to 1 when omitted. This prevents invalid paging requests and inconsistent pagination behavior. Automation: HIGH (API validation).",
+    "testId": "TC-TXNLIST-05",
+    "testDescription": "As an authenticated user viewing transaction history, when I request a page number less than 1, the API should reject it; when omitted, it should default to page 1.",
+    "prerequisites": "1) Valid authenticated user session with access token (Bearer).\n2) Owned account_id UUID with at least one transaction in the current billing cycle to make pagination observable.\n3) Ability to call GET /v2/accounts/{account_id}/transactions.\n4) Known date range that includes existing transactions (or omit from_date/to_date to use defaults).",
+    "stepsToPerform": "1) Call GET /v2/accounts/{account_id}/transactions with no page parameter; observe HTTP response returned.\n2) Verify HTTP 200 and capture response field page; observe page value returned.\n3) Confirm the returned page equals 1 when omitted; observe page==1.\n4) Call GET /v2/accounts/{account_id}/transactions?page=1; observe HTTP response returned.\n5) Verify HTTP 200 and compare response page to 1; observe page==1 and transactions[] returned.\n6) Call GET /v2/accounts/{account_id}/transactions?page=0; observe HTTP response returned.\n7) Verify the request with page=0 is rejected per min 1 constraint; observe non-200 and capture exact error payload returned.\n8) Call GET /v2/accounts/{account_id}/transactions?page=-1; observe HTTP response returned.\n9) Verify the request with page=-1 is rejected; observe non-200 and capture exact error payload returned.\n10) Confirm that valid requests (omitted page and page=1) still function after invalid calls (no session corruption); observe subsequent page=1 call still returns HTTP 200.",
+    "expectedResult": "1) When page is omitted, the API returns HTTP 200 and page=1.\n2) Requests with page=0 or page=-1 are rejected (min 1 enforced) and do not return a successful paginated list.\n3) Valid pagination requests continue to work after invalid attempts (no denial-of-service via malformed page).",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions field table, page 10",
+      "excerpt": "page Integer Optional Default 1; min 1"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "List transactions category filter accepts defined enum values",
+    "description": "Confirms the list-transactions category filter accepts only the documented enum values, ensuring consistent filtering and preventing unexpected query behavior. Automation: HIGH (API assertions).",
+    "testId": "TC-TXNLIST-06",
+    "testDescription": "As an authenticated user, I can filter my transaction list by category using one of the defined values. The API should return results for a valid enum and reject unknown values.",
+    "prerequisites": "1) Valid authenticated user session with access token (Bearer).\n2) Owned account_id UUID.\n3) Test data exists: at least one transaction categorized as PURCHASE in the date range (create via Initiate transaction if needed).\n4) Ability to call GET /v2/accounts/{account_id}/transactions with query params.",
+    "stepsToPerform": "1) (If needed) Create a small PURCHASE via POST /v2/accounts/{account_id}/transactions and capture transaction_id; observe HTTP 200.\n2) Call GET /v2/accounts/{account_id}/transactions?category=PURCHASE; observe HTTP response returned.\n3) Verify HTTP 200 and response contains transactions[]; observe list returned.\n4) Verify each returned transaction has category consistent with PURCHASE (as represented by the API); observe no non-PURCHASE category included.\n5) Call GET /v2/accounts/{account_id}/transactions?category=FEE; observe HTTP response returned.\n6) Verify HTTP 200 and transactions[] returned (may be empty); observe response is successful.\n7) Call GET /v2/accounts/{account_id}/transactions?category=CHARGEBACK (unknown); observe HTTP response returned.\n8) Verify the unknown category is rejected; observe non-200 and capture exact error payload returned.\n9) Call GET /v2/accounts/{account_id}/transactions with no category; observe HTTP 200 and unfiltered results.\n10) Cleanup: if a transaction was created in step 1, mark it for test cleanup; observe cleanup note recorded.",
+    "expectedResult": "1) category filter accepts documented values (e.g., PURCHASE, FEE) and returns HTTP 200 with a paginated response.\n2) When category=PURCHASE, returned items are limited to PURCHASE category.\n3) An unknown category value is rejected and does not return a successful paginated list.",
+    "sourceCitation": {
+      "location": "Section 5.2 List Transactions field table, page 10",
+      "excerpt": "category Enum Optional {PURCHASE, CASH_ADVANCE, REFUND, FEE, INTEREST}"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Account dashboard endpoints require valid Bearer token in Authorization header",
+    "description": "Verifies that account dashboard/card management endpoints enforce authentication by requiring a valid Bearer token in the Authorization header. This blocks unauthorized access to sensitive financial data. Automation: HIGH (API security checks).",
+    "testId": "TC-AUTHZ-01",
+    "testDescription": "As a security control, all Account Dashboard & Card Management endpoints must require a valid Bearer token. Requests missing or using an invalid token must not return protected resources.",
+    "prerequisites": "1) A known account_id UUID for a test user (owner) and a valid access token for that user.\n2) The GET /v2/accounts/{account_id}/summary endpoint is reachable in the test environment.\n3) Ability to send requests without Authorization header and with a deliberately invalid Bearer token.\n4) Test user account exists and is active to obtain a valid token via normal login (token value masked in logs).",
+    "stepsToPerform": "1) Send GET /v2/accounts/{account_id}/summary with NO Authorization header; observe HTTP response returned.\n2) Verify the response does not return the account summary fields (e.g., current_balance/available_credit); observe access is denied.\n3) Send GET /v2/accounts/{account_id}/summary with Authorization: Bearer invalid.token.value (synthetic); observe HTTP response returned.\n4) Verify the response does not return account summary fields; observe access is denied.\n5) Send GET /v2/accounts/{account_id}/summary with a valid Authorization: Bearer <valid_access_token>; observe HTTP response returned.\n6) Verify HTTP 200 and response includes current_balance, available_credit, credit_limit, account_status, billing_cycle_end; observe protected data returned only with valid token.\n7) Send PATCH /v2/cards/{card_id}/status (use a card_id belonging to the account) with NO Authorization and a dummy body; observe HTTP response returned.\n8) Verify the response is denied and does not update status; observe no 200 returned.\n9) Send PATCH /v2/cards/{card_id}/status with invalid Bearer token; observe HTTP response returned and status not updated.\n10) Send PATCH /v2/cards/{card_id}/status with valid Bearer token but an intentionally incorrect confirm_otp to avoid real state change; observe HTTP 401 with OTP failure behavior (endpoint remains protected and authenticated).",
+    "expectedResult": "1) Requests to dashboard/card-management endpoints without Authorization Bearer token are denied and do not return protected resource fields.\n2) Requests with an invalid Bearer token are denied and do not return protected resource fields.\n3) Requests with a valid Bearer token allow access (e.g., summary returns HTTP 200 with documented fields), ruling out an abuse path where unauthenticated callers can read balances or change card controls.",
+    "sourceCitation": {
+      "location": "Section 6 Account Dashboard & Card Management header, page 11",
+      "excerpt": "All endpoints require a valid Bearer token in the Authorization header."
+    }
+  },
+  {
+    "type": "audit",
+    "title": "Card status update reason max 255 chars and is logged to audit trail",
+    "description": "Validates two controls on card freeze/unfreeze: reason field enforces max length 255 and the provided reason is recorded in the audit trail. This supports operational accountability and forensic review. Automation: MEDIUM (API + audit log verification depends on log access tooling).",
+    "testId": "TC-CARDSTAT-05",
+    "testDescription": "As an authenticated user freezing/unfreezing a card, when I provide a reason it must be <=255 characters and must be logged to the audit trail as stated in the API field table.",
+    "prerequisites": "1) Valid authenticated user access token (Bearer) for the card owner.\n2) A card_id UUID that 'must belong to auth user' and is currently Active.\n3) Access to the audit trail retrieval mechanism in test environment (e.g., internal audit log viewer) to verify the recorded entry.\n4) Ability to obtain a valid 6-digit confirm_otp for the user (test OTP channel/stub).",
+    "stepsToPerform": "1) Generate a 255-character reason string R255 (e.g., 255 'R' chars); observe length verified as 255.\n2) Obtain a valid 6-digit confirm_otp for the card status update (from registered phone/email test channel); observe OTP captured.\n3) Send PATCH /v2/cards/{card_id}/status with body {\"status\":\"Frozen\",\"reason\":\"<R255>\",\"confirm_otp\":\"<otp>\"}; observe HTTP response returned.\n4) Verify HTTP 200 and response includes card_id, new_status:\"Frozen\", updated_at; observe status updated.\n5) Query the audit trail for the card_id around updated_at; observe an audit entry exists for the status update action.\n6) Verify the audit entry includes the reason field/value exactly matching R255; observe exact match.\n7) Generate a 256-character reason string R256; observe length verified as 256.\n8) Obtain a new valid confirm_otp; observe OTP captured.\n9) Send PATCH /v2/cards/{card_id}/status attempting to set status back to Active with reason=R256; observe HTTP response returned.\n10) Verify the R256 request is rejected (max length enforced) and confirm via subsequent GET /v2/accounts/{account_id}/summary (or card status view) that the card status remains Frozen; observe no change.\n11) (Negative-space for audit) Query audit trail again for the rejected attempt time window; observe no successful status-change audit entry created for the rejected update.\n12) Cleanup: Unfreeze the card back to Active using a valid reason within limit and valid OTP; observe HTTP 200 and audit entry recorded for the cleanup action.",
+    "expectedResult": "1) reason length 255 is accepted and status update succeeds (HTTP 200 with new_status and updated_at).\n2) reason length 256 is rejected and does not change card status.\n3) For the successful update, the reason is present in the audit trail entry (logged) associated with the card status update action.",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status (Freeze / Unfreeze) field table, page 11",
+      "excerpt": "reason String Optional Max 255 chars; logged to audit trail"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Card status update requires 6-digit confirm_otp (reject non-6-digit format)",
+    "description": "Ensures OTP input format enforcement for freeze/unfreeze operations by rejecting non-6-digit confirm_otp values. This reduces brute-force/format abuse and enforces the documented OTP constraint. Automation: HIGH (API validation).",
+    "testId": "TC-CARDSTAT-06",
+    "testDescription": "As an authenticated user updating card status, I must provide confirm_otp in the required 6-digit format. Requests with non-6-digit OTP formats must be rejected and must not update card status.",
+    "prerequisites": "1) Valid authenticated user access token (Bearer) for the card owner.\n2) A card_id UUID that belongs to the authenticated user and is currently Active.\n3) Ability to check current card status after attempts (e.g., via account summary or successful status update response).\n4) Test environment allows sending PATCH /v2/cards/{card_id}/status without triggering lockouts not specified in the SRS.",
+    "stepsToPerform": "1) Send PATCH /v2/cards/{card_id}/status with body {\"status\":\"Frozen\",\"confirm_otp\":\"12345\"} (5 digits); observe HTTP response returned.\n2) Verify the request is rejected and does not return HTTP 200; observe denial captured.\n3) Confirm card status remains Active (via GET /v2/accounts/{account_id}/summary or card status display); observe unchanged.\n4) Send PATCH with confirm_otp:\"1234567\" (7 digits); observe HTTP response returned.\n5) Verify the request is rejected and status remains unchanged; observe unchanged status.\n6) Send PATCH with confirm_otp:\"12A456\" (non-numeric); observe HTTP response returned.\n7) Verify the request is rejected and status remains unchanged; observe unchanged status.\n8) Obtain a valid 6-digit OTP from the registered phone/email test channel; observe OTP captured.\n9) Send PATCH with confirm_otp set to the valid 6-digit OTP and status:\"Frozen\"; observe HTTP response returned.\n10) Verify HTTP 200 and new_status:\"Frozen\" is returned; observe update succeeds only with correct 6-digit format.\n11) Cleanup: obtain another valid OTP and unfreeze back to Active; observe HTTP 200 and new_status:\"Active\".",
+    "expectedResult": "1) Requests with confirm_otp not matching a 6-digit format are rejected and do not update card status.\n2) A request with a valid 6-digit confirm_otp succeeds (HTTP 200) and updates status.\n3) Abuse path ruled out: attacker cannot bypass OTP requirement with malformed OTP formats to change card state.",
+    "sourceCitation": {
+      "location": "Section 6.2 Update Card Status (Freeze / Unfreeze) field table, page 11",
+      "excerpt": "confirm_otp String ✓ Required 6-digit OTP sent to registered phone/email"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Report lost/stolen requires loss_type enum LOST or STOLEN (reject unknown)",
+    "description": "Verifies loss_type input validation for the lost/stolen reporting endpoint by accepting only the documented enum values and rejecting unknown values. This prevents incorrect case classification in an irreversible blocking workflow. Automation: HIGH (API validation).",
+    "testId": "TC-LOST-04",
+    "testDescription": "As an authenticated user reporting my card as lost or stolen, I must specify loss_type as LOST or STOLEN. If I send an unknown loss_type, the system must reject it and must not block the card.",
+    "prerequisites": "1) Valid authenticated user access token (Bearer) for the card owner.\n2) A card_id UUID that is currently not in Blocked/Closed state (so it can be reported).\n3) Ability to verify card is not blocked after a rejected request (e.g., via account summary or card status endpoint).\n4) Test environment allows using a dedicated test card to avoid impacting other tests due to the operation being irreversible.",
+    "stepsToPerform": "1) Retrieve current account summary for the card/account to confirm the card is not already blocked/closed; observe current card status.\n2) Prepare POST /v2/cards/{card_id}/report-lost with body {\"loss_type\":\"MISPLACED\",\"last_known_use\":\"2026-03-21T10:15:30Z\"}; observe loss_type is not in the allowed enum.\n3) Submit the request; observe HTTP response returned.\n4) Verify the request is rejected; observe non-200 response and capture exact error payload returned.\n5) Verify via account summary/card status view that the card is NOT blocked as a result of the rejected request; observe status unchanged.\n6) Submit POST /v2/cards/{card_id}/report-lost with body {\"loss_type\":\"LOST\",\"last_known_use\":\"2026-03-21T10:15:30Z\"}; observe HTTP response returned.\n7) Verify HTTP 200 and response includes blocked_card_id, new_card_eta, case_number; observe successful irreversible action.\n8) Attempt to call POST /v2/cards/{card_id}/report-lost again with loss_type:\"STOLEN\"; observe HTTP response returned.\n9) Verify the duplicate report is rejected with HTTP 409 and error: ALREADY_BLOCKED (card already in blocked/closed state); observe correct conflict.\n10) Cleanup: none (irreversible). Record the blocked_card_id and case_number for environment hygiene and replacement card tracking; observe tracking entry created.",
+    "expectedResult": "1) Unknown loss_type is rejected and does not block the card.\n2) loss_type=\"LOST\" is accepted (HTTP 200) returning blocked_card_id, new_card_eta, case_number.\n3) A subsequent report on an already blocked/closed card returns HTTP 409 with error: ALREADY_BLOCKED, preventing repeated irreversible actions.",
+    "sourceCitation": {
+      "location": "Section 6.3 Report Card Lost or Stolen field table, page 12",
+      "excerpt": "loss_type Enum ✓ Required {LOST, STOLEN}"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Report lost/stolen supports optional delivery_address override for replacement mailing",
+    "description": "Validates that reporting a card as lost/stolen accepts an optional delivery_address override so the replacement card can be mailed to a different address when requested. Automation: HIGH — pure API assertions.",
+    "testId": "TC-LOST-05",
+    "testDescription": "As a cardholder reporting a card lost or stolen, I can optionally provide a delivery_address override so the replacement card is mailed to that address, while the card is immediately blocked and a replacement is scheduled.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the card owner.\n2) Existing card_id in Active (not Blocked/Closed) state.\n3) Test environment allows calling POST /v2/cards/{card_id}/report-lost.\n4) Synthetic override address prepared (no real PII), e.g., street/city/province/postal_code fields.",
+    "stepsToPerform": "1) Authenticate as the card owner and obtain a valid Bearer token; observe subsequent requests are authorized.\n2) Confirm the card is not already Blocked/Closed (e.g., via existing test fixture/state); observe card is eligible to be reported lost.\n3) Prepare POST https://api.aegiscard.com/v2/cards/{card_id}/report-lost with request body including loss_type=\"LOST\" and a valid ISO 8601 UTC last_known_use (e.g., \"2026-04-01T12:30:00Z\"); observe payload is well-formed.\n4) Include delivery_address object as an override (synthetic): {\"street\":\"100 Test Ave\",\"city\":\"Toronto\",\"province\":\"ON\",\"postal_code\":\"A1A 1A1\"}; observe delivery_address is present in request.\n5) Send the POST request; observe HTTP 200 is returned.\n6) Inspect the 200 response body; observe blocked_card_id is present.\n7) Inspect the 200 response body; observe new_card_eta is present.\n8) Inspect the 200 response body; observe case_number is present.\n9) (Abuse path check) Re-send the same request to the same card_id after it is blocked by Step 5; observe the system rejects duplicates for already blocked cards with the documented conflict status for that condition (prevents repeated re-issue attempts).",
+    "expectedResult": "1) API returns HTTP 200 for a valid lost report that includes an override delivery_address.\n2) Response body includes: blocked_card_id, new_card_eta, case_number.\n3) A second attempt after blocking is rejected with HTTP 409 and error: ALREADY_BLOCKED (duplicate/abuse prevention after state change).",
+    "sourceCitation": {
+      "location": "Section 6.3 Report Card Lost or Stolen field table, page 12",
+      "excerpt": "delivery_address Object Optional Override for replacement card mailing"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Set PIN requires session_otp from /v2/auth/otp/request (presence required)",
+    "description": "Verifies that setting/resetting the virtual PIN enforces presence of session_otp obtained from the OTP request endpoint, preventing PIN changes without OTP proof. Automation: HIGH — API negative/positive assertions.",
+    "testId": "TC-PIN-05",
+    "testDescription": "As a cardholder, I must provide the 6-digit session_otp issued by the OTP request flow when setting my web-based PIN; attempts without session_otp must be rejected.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the card owner.\n2) Existing card_id in Active or Frozen state (not Blocked).\n3) Ability to obtain an OTP via /v2/auth/otp/request in the test environment.\n4) RSA public key/encryption mechanism available to produce an encrypted new_pin payload (so the request is otherwise valid).",
+    "stepsToPerform": "1) Authenticate as the card owner and obtain a valid Bearer token; observe authorization is accepted for card operations.\n2) Call the OTP flow endpoint /v2/auth/otp/request for the same authenticated session; observe an OTP delivery is triggered and a 6-digit OTP is available to the test harness (record as session_otp_valid).\n3) Prepare PUT https://api.aegiscard.com/v2/cards/{card_id}/pin with confirm_pin matching the PIN and an encrypted new_pin (do not use plaintext); observe request is otherwise valid except OTP.\n4) Omit session_otp from the request body entirely; observe session_otp field is absent.\n5) Send the PUT request; observe the request is rejected (non-2xx) due to missing required field session_otp.\n6) Prepare the same PUT request again, now including session_otp=session_otp_valid; observe session_otp is present and 6 digits.\n7) Send the PUT request; observe HTTP 200 is returned.\n8) Inspect the 200 response body; observe success: true is present.\n9) Inspect the 200 response body; observe updated_at is present.\n10) (Abuse path check) Attempt to set PIN again but replace session_otp with an incorrect 6-digit value (e.g., \"000000\"); observe the request is rejected rather than changing the PIN without a valid OTP.",
+    "expectedResult": "1) When session_otp is omitted, the Set PIN request is rejected because the field is required.\n2) When session_otp is provided as a 6-digit OTP from /v2/auth/otp/request, the API returns HTTP 200 with success: true and updated_at.\n3) Incorrect OTP values are rejected (PIN is not updated), preventing OTP bypass abuse.",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN (Virtual PIN) field table, page 12",
+      "excerpt": "session_otp String ✓ Required 6-digit OTP from /v2/auth/otp/request"
+    }
+  },
+  {
+    "type": "security",
+    "title": "Set PIN transmits new_pin encrypted using RSA-OAEP (verify transport content not plaintext)",
+    "description": "Ensures the new_pin is not sent in plaintext over the API and is transmitted encrypted as required, reducing exposure of sensitive authentication secrets. Automation: MEDIUM — requires request capture/inspection tooling.",
+    "testId": "TC-PIN-06",
+    "testDescription": "As a security control, when a user sets or resets a card PIN via the web portal API, the new PIN must be transmitted encrypted using RSA-OAEP rather than as readable digits.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the card owner.\n2) Existing card_id in Active or Frozen state (not Blocked).\n3) Valid 6-digit session_otp obtained from /v2/auth/otp/request.\n4) Ability to capture outbound HTTPS request payload at the client side (e.g., browser devtools HAR export, proxy such as mitmproxy configured for test, or API client logging).",
+    "stepsToPerform": "1) Obtain a valid session_otp by calling /v2/auth/otp/request and retrieving the 6-digit OTP for the session; observe OTP is available for use.\n2) Configure the client-side capture (HAR/proxy/logger) for the PUT request; observe capture is active before sending.\n3) Prepare a Set PIN request intended PIN \"1234\" with confirm_pin \"1234\"; observe PIN is exactly 4 digits.\n4) Encrypt the PIN value using RSA-OAEP per the client implementation, placing the encrypted output in the new_pin field; observe new_pin is not the literal string \"1234\".\n5) Send PUT https://api.aegiscard.com/v2/cards/{card_id}/pin with body containing new_pin (encrypted), confirm_pin, and session_otp; observe HTTP 200 is returned.\n6) Inspect the captured outbound request payload; observe that the new_pin field value is not equal to \"1234\" and does not contain the substring \"1234\".\n7) Inspect the captured outbound request payload; observe confirm_pin is present as required (and note it is separate from new_pin).\n8) Inspect the API response; observe success: true.\n9) (Negative/abuse attempt) Try sending a request where new_pin is plaintext \"1234\" while other fields remain valid; observe the system does not accept a request that violates the requirement to transmit encrypted PIN (request should fail rather than updating PIN).",
+    "expectedResult": "1) Captured transport payload shows new_pin is not transmitted as plaintext (not equal to the 4-digit PIN and does not contain it).\n2) Valid encrypted request returns HTTP 200 with success: true and updated_at.\n3) A plaintext new_pin attempt is rejected (PIN is not updated), preventing sensitive secret exposure and client-side bypass.",
+    "sourceCitation": {
+      "location": "Section 6.4 Set Web-Based PIN (Virtual PIN) field table, page 12",
+      "excerpt": "new_pin String ✓ Required Exactly 4 numeric digits; transmitted encrypted (RSA-OAEP)"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Statement response includes due_date and minimum_payment_due fields",
+    "description": "Validates that the statement retrieval API returns both due_date and minimum_payment_due so the portal can present payment obligations accurately. Automation: HIGH — API response contract assertions.",
+    "testId": "TC-STMT-04",
+    "testDescription": "As a cardholder viewing a generated statement, I receive the statement details including the minimum payment and due date fields required to avoid late fees and ensure compliance with billing disclosures.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the account owner.\n2) Existing account_id owned by the authenticated user.\n3) A statement_id that exists and is generated for the account (test fixture created by billing job or seeded data).\n4) Access to GET /v2/accounts/{account_id}/statements/{statement_id} in the test environment.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe authorization is accepted.\n2) Identify a valid statement_id for the account (from test data/fixture); observe statement_id is a UUID.\n3) Call GET https://api.aegiscard.com/v2/accounts/{account_id}/statements/{statement_id} with format omitted (default JSON); observe request is accepted.\n4) Verify HTTP 200 is returned; observe response content-type is application/json.\n5) Inspect the response JSON keys; observe minimum_payment_due field exists.\n6) Inspect the response JSON keys; observe due_date field exists.\n7) Verify minimum_payment_due is populated (not null/empty); observe it is present in the response payload.\n8) Verify due_date is populated (not null/empty); observe it is present in the response payload.\n9) (Abuse path check) Repeat the GET using a valid token for a different user (non-owner) against the same account_id/statement_id if available in test data; observe access is not granted (prevents statement leakage).",
+    "expectedResult": "1) GET statement returns HTTP 200 for a generated statement.\n2) Response payload includes minimum_payment_due.\n3) Response payload includes due_date.",
+    "sourceCitation": {
+      "location": "Section 7.1 Statement & Billing Cycle API HTTP 200 response keys, page 13",
+      "excerpt": "minimum_payment_due, due_date"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Rewards accrual for non-Travel uses floor(amount × 1)",
+    "description": "Verifies rewards points calculation for non-Travel purchases uses floor(amount × 1), ensuring rounding rules do not over-credit customers. Automation: HIGH — deterministic calculation assertions.",
+    "testId": "TC-REW-03",
+    "testDescription": "As a cardholder making a non-Travel purchase, my rewards earned should increase by floor(purchase_amount × 1), meaning fractional points are always dropped (never rounded up).",
+    "prerequisites": "1) Test account with rewards enabled and ability to post a purchase transaction that is categorized as non-Travel (i.e., not Travel MCC) in the billing cycle.\n2) Ability to retrieve a statement or rewards_earned value for the billing cycle after posting the transaction.\n3) Valid authenticated user session (Bearer token) for the account owner.\n4) Statement generation available/seeded so rewards_earned can be observed for the cycle.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe token is accepted.\n2) Record the current cycle rewards_earned or points baseline from an existing generated statement or known fixture; observe baseline value is captured (e.g., baseline_rewards_earned).\n3) Post a non-Travel transaction amount = 10.99 CAD (non-Travel MCC) to the account (per transaction posting test harness); observe transaction is approved.\n4) Ensure the billing cycle statement reflecting the transaction is available (use seeded statement_id or wait for generation in test env); observe statement_id is retrievable.\n5) Call GET /v2/accounts/{account_id}/statements/{statement_id}; observe HTTP 200.\n6) Extract rewards_earned from the statement response; observe value is present.\n7) Compute expected incremental points for the transaction: floor(10.99 × 1) = 10; observe expected value is concrete.\n8) Verify statement rewards_earned reflects baseline + 10 (or includes at least the +10 increment if other transactions exist in fixture); observe no rounding to 11 occurs.\n9) Post another non-Travel transaction amount = 0.99 CAD; observe transaction approved.\n10) Retrieve updated statement/rewards view for that cycle; verify incremental points for 0.99 is floor(0.99 × 1) = 0 (no points credited).",
+    "expectedResult": "1) For a non-Travel purchase of 10.99, points credited for that purchase equal 10 (floor(10.99 × 1)).\n2) For a non-Travel purchase of 0.99, points credited for that purchase equal 0 (floor(0.99 × 1)).\n3) No evidence of rounding/ceiling is observed in rewards earned for these amounts (prevents over-accrual).",
+    "sourceCitation": {
+      "location": "Section 7.2 Billing Calculation Rules REQ-012 — Rewards Accrual, page 13",
+      "excerpt": "All other: points += floor(amount × 1)"
+    }
+  },
+  {
+    "type": "functional",
+    "title": "Payment requires bank_account_id from /v2/bank-accounts (pre-linked)",
+    "description": "Validates that making a payment requires supplying a pre-linked bank_account_id (sourced from /v2/bank-accounts), preventing unauthorized ACH pulls from unknown accounts. Automation: HIGH — API contract validation.",
+    "testId": "TC-PAY-05",
+    "testDescription": "As a cardholder, I can only submit a payment using a bank account that is already linked to my profile, referenced by bank_account_id.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the account owner.\n2) At least one pre-linked bank account exists for the user and is returned by GET /v2/bank-accounts (test fixture).\n3) Existing account_id owned by the authenticated user with a non-zero total_balance.\n4) CSRF token available for state-changing request (X-CSRF-Token) if enforced in the environment.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe authorization is accepted.\n2) Call GET https://api.aegiscard.com/v2/bank-accounts; observe the response contains at least one bank_account_id (capture bank_account_id_1).\n3) Retrieve account summary/balance from test fixture to determine a valid payment_amount (e.g., total_balance=500.00); observe balance is known.\n4) Prepare POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with payment_type=\"CUSTOM\", payment_amount=25.00, bank_account_id=bank_account_id_1; observe payload includes bank_account_id.\n5) Send the POST request with Authorization and X-CSRF-Token headers; observe HTTP 200.\n6) Inspect response body; observe payment_id is returned.\n7) Inspect response body; observe scheduled_date is returned (immediate or date value depending on omission).\n8) Inspect response body; observe new_balance_estimate is returned.\n9) (Abuse path check) Attempt the same POST but omit bank_account_id; observe the request is rejected because bank_account_id is required (prevents untraceable funding source).",
+    "expectedResult": "1) A payment request including a bank_account_id obtained from /v2/bank-accounts succeeds with HTTP 200.\n2) Response includes payment_id, scheduled_date, and new_balance_estimate.\n3) Omitting bank_account_id causes the request to be rejected (required field enforcement).",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment field table, page 14",
+      "excerpt": "bank_account_id UUID ✓ Required Pre-linked bank account; from /v2/bank-accounts"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Payment rejects invalid/unlinked bank_account_id with 422 INVALID_BANK_ACCOUNT",
+    "description": "Ensures the payments API rejects a bank_account_id that is not linked or inactive with the specified HTTP status and error code, preventing fraudulent or misrouted payments. Automation: HIGH — API negative assertions.",
+    "testId": "TC-PAY-06",
+    "testDescription": "As the system, when a user attempts to pay using an unlinked or inactive bank_account_id, the payment must be rejected with the documented 422 INVALID_BANK_ACCOUNT error.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the account owner.\n2) Existing account_id owned by the authenticated user with total_balance >= 50.00.\n3) A UUID-formatted bank_account_id that is not linked to the user (synthetic) OR a known inactive bank account id in fixture.\n4) CSRF token available for state-changing request (X-CSRF-Token) if enforced in the environment.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe token is accepted.\n2) Call GET /v2/bank-accounts and record the set of linked bank_account_id values; observe the invalid test id is not in the returned list.\n3) Choose invalid_bank_account_id=\"11111111-2222-4333-8444-555555555555\" (synthetic UUID); observe it is UUID-shaped.\n4) Prepare POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with payment_type=\"CUSTOM\", payment_amount=50.00, bank_account_id=invalid_bank_account_id; observe payload is well-formed.\n5) Send the POST request with Authorization and X-CSRF-Token headers; observe HTTP 422 is returned.\n6) Inspect response body; observe error equals INVALID_BANK_ACCOUNT.\n7) Re-check account state (e.g., via summary or known balance fixture); observe no reduction/queuing occurred (no payment_id created).\n8) (Abuse path check) Retry with the same invalid_bank_account_id; observe consistent rejection (no partial acceptance).",
+    "expectedResult": "1) API returns HTTP 422 for an unlinked/inactive bank_account_id.\n2) Response body includes error: INVALID_BANK_ACCOUNT.\n3) No payment is created/queued (no payment_id; balance unchanged in observable summary).",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment HTTP codes, page 14",
+      "excerpt": "422 bank_account_id not linked or inactive error: INVALID_BANK_ACCOUNT"
+    }
+  },
+  {
+    "type": "negative",
+    "title": "Payment_type must be one of MINIMUM, STATEMENT_BALANCE, CUSTOM, FULL_BALANCE (reject unknown)",
+    "description": "Validates that payment_type enforces the documented enumeration and rejects unknown values to prevent ambiguous payment processing behavior. Automation: HIGH — API validation assertions.",
+    "testId": "TC-PAY-07",
+    "testDescription": "As a cardholder, when I submit a payment, I must choose a supported payment_type; any unknown payment_type must be rejected.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the account owner.\n2) Existing account_id owned by the authenticated user with total_balance >= 20.00.\n3) At least one pre-linked bank_account_id from /v2/bank-accounts.\n4) CSRF token available for state-changing request (X-CSRF-Token) if enforced in the environment.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe authorization is accepted.\n2) Call GET /v2/bank-accounts and capture a valid bank_account_id_1; observe it is UUID.\n3) Prepare a payment request with payment_amount=10.00 and payment_type=\"UNKNOWN_TYPE\" and bank_account_id=bank_account_id_1; observe payment_type is outside the allowed set.\n4) Send POST https://api.aegiscard.com/v2/accounts/{account_id}/payments with the invalid payment_type; observe the request is rejected (non-2xx).\n5) Inspect response body; observe it indicates a validation failure for payment_type (error/field/message as implemented).\n6) Prepare a valid request with payment_type=\"CUSTOM\" keeping other fields same; observe payment_type is now in the allowed set.\n7) Send the valid POST request; observe HTTP 200.\n8) Inspect response body; observe payment_id is present.\n9) (Abuse path check) Attempt payment_type with different casing (e.g., \"custom\") if client permits; observe it is rejected if it is not exactly one of the enum values, preventing inconsistent interpretation.",
+    "expectedResult": "1) Unknown payment_type is rejected (non-2xx) and does not create a payment.\n2) A request using an allowed payment_type (e.g., CUSTOM) succeeds with HTTP 200 and returns payment_id.\n3) Only values from the documented enumeration are accepted, preventing ambiguous or unsafe payment instructions.",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment field table, page 14",
+      "excerpt": "payment_type Enum ✓ Required {MINIMUM, STATEMENT_BALANCE, CUSTOM, FULL_BALANCE}"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Payment amount boundary: max equals total_balance (attempt > total_balance should fail)",
+    "description": "Verifies the payment_amount upper bound rule where max equals total_balance, testing at-the-boundary acceptance and just-over rejection to prevent overpayment. Automation: HIGH — boundary value assertions.",
+    "testId": "TC-PAY-08",
+    "testDescription": "As a cardholder, I can pay up to my total_balance, but attempts to pay more than total_balance must be rejected.",
+    "prerequisites": "1) Valid authenticated user session (Bearer token) for the account owner.\n2) Existing account_id owned by the authenticated user with a known total_balance (test fixture), e.g., total_balance=250.00.\n3) At least one pre-linked bank_account_id from /v2/bank-accounts.\n4) CSRF token available for state-changing request (X-CSRF-Token) if enforced in the environment.",
+    "stepsToPerform": "1) Authenticate as the account owner and obtain a valid Bearer token; observe authorization is accepted.\n2) Call GET /v2/bank-accounts and capture bank_account_id_1; observe it is valid.\n3) Determine total_balance from the account fixture (or summary endpoint if available in test harness): set total_balance=250.00; observe the value is recorded.\n4) Prepare POST /v2/accounts/{account_id}/payments with payment_type=\"CUSTOM\", bank_account_id=bank_account_id_1, payment_amount=250.00 (exactly at max); observe amount equals total_balance.\n5) Send the request; observe HTTP 200.\n6) Inspect response body; observe payment_id is returned.\n7) Prepare another POST with the same fields but payment_amount=250.01 (just over max); observe amount exceeds total_balance by $0.01.\n8) Send the request; observe the request is rejected (non-2xx) and no payment_id is created.\n9) Re-check account payment queue/summary if available; observe only the boundary-accepted payment exists, and the over-max attempt created no additional payment record.",
+    "expectedResult": "1) payment_amount equal to total_balance (250.00) is accepted with HTTP 200 and returns payment_id.\n2) payment_amount greater than total_balance by $0.01 (250.01) is rejected (non-2xx) and does not create a payment.\n3) System prevents overpayment abuse/incorrect balance manipulation by enforcing max = total_balance.",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment field table, page 14",
+      "excerpt": "payment_amount Decimal ✓ Required Decimal(10,2); min $1.00; max = total_balance"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Webhook requires idempotency_key UUID v4 (format validation)",
+    "description": "Validates that the notifications webhook enforces idempotency_key as a UUID v4, reducing duplicate delivery risk and ensuring consistent idempotency semantics. Automation: HIGH — API contract validation.",
+    "testId": "TC-NOTIF-01",
+    "testDescription": "As the Notification Engine calling the webhook, I must provide a UUID v4 idempotency_key; malformed keys must be rejected to prevent incorrect de-duplication behavior.",
+    "prerequisites": "1) Access to POST /v2/notifications/webhook in test environment (internal endpoint) with appropriate authentication/allowlist as required by environment.\n2) A valid account_id UUID target for notification.\n3) A valid alert_type and channel from the documented enums.\n4) Ability to send two webhook requests with different idempotency_key values for format testing.",
+    "stepsToPerform": "1) Prepare a baseline valid webhook payload with account_id=\"aaaaaaaa-bbbb-4ccc-8ddd-eeeeeeeeeeee\", alert_type=\"STATEMENT_READY\", channel=\"IN_APP\", message_body=\"Statement is ready.\", severity=\"INFO\"; observe all required fields are present.\n2) Set idempotency_key to a valid UUID v4, e.g., \"3fa85f64-5717-4562-b3fc-2c963f66afa6\"; observe it matches UUID v4 format (version=4).\n3) POST the webhook payload; observe HTTP 200 returned and notification_id is present.\n4) Prepare a second payload identical except idempotency_key set to an invalid format (e.g., \"not-a-uuid\"); observe it is not UUID.\n5) POST the invalid payload; observe the request is rejected (non-200) due to validation.\n6) Prepare a third payload with a UUID that is not v4 (e.g., version 1-like \"6ba7b810-9dad-11d1-80b4-00c04fd430c8\"); observe version is not 4.\n7) POST the non-v4 UUID payload; observe the request is rejected (non-200) due to UUID v4 requirement.\n8) Re-send the original valid UUID v4 payload with the same idempotency_key from Step 2; observe the system treats it as duplicate and does not deliver twice (duplicate prevention path).\n9) Verify the duplicate response is HTTP 409 with error: DUPLICATE_NOTIFICATION when the same idempotency_key is reused; observe explicit anti-duplication behavior.",
+    "expectedResult": "1) Webhook accepts idempotency_key that is a UUID v4 and returns HTTP 200 with notification_id.\n2) Webhook rejects malformed or non-v4 idempotency_key values (non-200), enforcing the format constraint.\n3) Reuse of the same valid idempotency_key results in HTTP 409 error: DUPLICATE_NOTIFICATION, preventing duplicate alert delivery abuse.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks field table, page 16",
+      "excerpt": "idempotency_key UUID ✓ Required UUID v4; prevents duplicate alert delivery"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Webhook enforces alert_type enum values (e.g., STATEMENT_READY, OVER_LIMIT)",
+    "description": "Validates that the notifications webhook only accepts documented alert_type enum values and rejects unknown values with the specified error code. This protects downstream alert routing from malformed or spoofed webhook payloads. Automation: HIGH — pure API assertions.",
+    "testId": "TC-NOTIF-02",
+    "testDescription": "As the Notification Engine (internal caller), submit webhook events with allowed and disallowed alert_type values to confirm the contract enforces the enum and returns INVALID_ALERT_TYPE for unknown values while accepting valid values.",
+    "prerequisites": "1) Test environment has access to POST /v2/notifications/webhook (internal endpoint) and is able to send HTTP requests.\n2) A valid target account_id UUID exists for the notification payload (e.g., 9d2c2db8-2a4c-4f2f-a1b5-1f2a4c7e9f10).\n3) Ability to generate unique UUID v4 values for idempotency_key per request.\n4) System clock/time not required for this validation; no dependency on statement generation.",
+    "stepsToPerform": "1) Prepare a baseline valid webhook JSON payload with account_id=9d2c2db8-2a4c-4f2f-a1b5-1f2a4c7e9f10, alert_type=STATEMENT_READY, channel=EMAIL, message_body=\"Statement is ready for viewing.\", severity=INFO, idempotency_key=<uuidv4-A> and send POST /v2/notifications/webhook; observe HTTP status.\n2) Verify the response for Step 1 indicates success; observe response body includes notification_id, delivered_at, channel.\n3) Prepare a second valid payload identical to Step 1 but with alert_type=OVER_LIMIT and idempotency_key=<uuidv4-B>; send POST; observe HTTP status.\n4) Verify the response for Step 3 indicates success; observe response body includes notification_id, delivered_at, channel.\n5) Prepare an invalid payload identical to Step 1 but with alert_type=\"OVERLIMIT\" (missing underscore) and idempotency_key=<uuidv4-C>; send POST; observe HTTP status.\n6) Verify Step 5 response is HTTP 400; observe response body error equals INVALID_ALERT_TYPE.\n7) Prepare another invalid payload identical to Step 1 but with alert_type=\"STATEMENT_READY \" (trailing space) and idempotency_key=<uuidv4-D>; send POST; observe HTTP status.\n8) Verify Step 7 response is HTTP 400; observe response body error equals INVALID_ALERT_TYPE.\n9) Prepare an invalid payload identical to Step 1 but with alert_type=\"\" (empty string) and idempotency_key=<uuidv4-E>; send POST; observe HTTP status.\n10) Verify Step 9 response is HTTP 400; observe response body error equals INVALID_ALERT_TYPE.",
+    "expectedResult": "1) Requests with alert_type=STATEMENT_READY and alert_type=OVER_LIMIT return HTTP 200 with response keys: notification_id, delivered_at, channel.\n2) Requests with any unknown/invalid alert_type (e.g., \"OVERLIMIT\", \"STATEMENT_READY \", empty) return HTTP 400 with error: INVALID_ALERT_TYPE.\n3) Abuse path ruled out: attacker cannot deliver arbitrary alert categories by sending an unrecognized alert_type; the contract rejects it with INVALID_ALERT_TYPE.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks field table, page 16",
+      "excerpt": "alert_type Enum ✓ Required {LATE_PAYMENT, PIN_LOCKED, FRAUD_FLAG, OVER_LIMIT, STATEMENT_READY}"
+    }
+  },
+  {
+    "type": "boundary",
+    "title": "Webhook enforces severity enum INFO/WARNING/CRITICAL",
+    "description": "Validates that the notifications webhook enforces the documented severity enum and rejects unknown values. This ensures alert prioritization is consistent and prevents malformed events from being ingested. Automation: HIGH — pure API assertions.",
+    "testId": "TC-NOTIF-03",
+    "testDescription": "As the Notification Engine (internal caller), submit webhook events with each allowed severity value and then with disallowed values to confirm strict contract validation.",
+    "prerequisites": "1) Test environment has access to POST /v2/notifications/webhook (internal endpoint).\n2) A valid account_id UUID exists (e.g., 9d2c2db8-2a4c-4f2f-a1b5-1f2a4c7e9f10).\n3) Ability to generate unique UUID v4 values for idempotency_key per request.\n4) Base valid payload fields available: alert_type=FRAUD_FLAG, channel=IN_APP, message_body=\"Security alert.\", plus varying severity.",
+    "stepsToPerform": "1) Send POST /v2/notifications/webhook with severity=INFO and idempotency_key=<uuidv4-A>; observe HTTP status.\n2) Verify Step 1 response is HTTP 200 and includes notification_id, delivered_at, channel.\n3) Send POST with severity=WARNING and idempotency_key=<uuidv4-B>; observe HTTP status.\n4) Verify Step 3 response is HTTP 200 and includes notification_id, delivered_at, channel.\n5) Send POST with severity=CRITICAL and idempotency_key=<uuidv4-C>; observe HTTP status.\n6) Verify Step 5 response is HTTP 200 and includes notification_id, delivered_at, channel.\n7) Send POST with invalid severity=\"HIGH\" and idempotency_key=<uuidv4-D>; observe HTTP status.\n8) Verify Step 7 response is HTTP 400 and error equals INVALID_ALERT_TYPE.\n9) Send POST with invalid severity=\"critical\" (wrong case) and idempotency_key=<uuidv4-E>; observe HTTP status.\n10) Verify Step 9 response is HTTP 400 and error equals INVALID_ALERT_TYPE.",
+    "expectedResult": "1) severity values INFO, WARNING, and CRITICAL are accepted (HTTP 200) with response keys: notification_id, delivered_at, channel.\n2) Any unknown severity values (e.g., HIGH, critical) are rejected with HTTP 400 and error: INVALID_ALERT_TYPE (per webhook validation error contract).\n3) Abuse path ruled out: cannot inject unrecognized severity labels to bypass alert handling; invalid values are rejected.",
+    "sourceCitation": {
+      "location": "Section 8.2 Notification & Alert Webhooks field table, page 16",
+      "excerpt": "severity Enum ✓ Required {INFO, WARNING, CRITICAL}"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Login → Initiate transaction → Verify transaction appears in GET /transactions list",
+    "description": "Verifies an authenticated user can create a web-initiated transaction and then retrieve it via the paginated transaction history endpoint. This protects the core cardholder experience of immediate transaction visibility in the portal. Automation: HIGH — API-only e2e.",
+    "testId": "TC-E2E-04",
+    "testDescription": "Log in as a cardholder, post a transaction for an owned account, and confirm the transaction appears in GET /v2/accounts/{account_id}/transactions results for the relevant date range.",
+    "prerequisites": "1) A registered test user exists with valid credentials (e.g., test+e2e04@example.com / masked strong password) and has an issued account_id that belongs to the user.\n2) The account has sufficient available credit for a small purchase (to avoid 402 INSUFFICIENT_FUNDS).\n3) The card is in an Active state (to avoid 403 CARD_INACTIVE).\n4) Client can store and send Authorization Bearer access token from login response for subsequent calls.",
+    "stepsToPerform": "1) Call POST /v2/auth/login with email=test+e2e04@example.com and a masked strong password; observe HTTP 200.\n2) Capture access_token from the login response and verify expires_in is present.\n3) Call POST /v2/accounts/{account_id}/transactions with Authorization: Bearer <access_token> using transaction_amount=12.34, merchant_name=\"Test Coffee Shop\", merchant_id=\"TESTMERCH12345\", mcc_code=\"5814\", transaction_type=\"PURCHASE\", description=\"E2E purchase\"; observe HTTP status.\n4) Verify Step 3 response is HTTP 200 and includes transaction_id plus available_credit and auth_code.\n5) Call GET /v2/accounts/{account_id}/transactions with Authorization: Bearer <access_token> and from_date=<today YYYY-MM-DD>, to_date=<today YYYY-MM-DD>, page=1, per_page=25; observe HTTP 200.\n6) Verify Step 5 response includes transactions[] and pagination keys total_count, page, total_pages.\n7) Search transactions[] for the transaction_id captured in Step 4; observe whether a matching entry exists.\n8) Verify the matching transaction entry (by transaction_id) includes the expected merchant_name=\"Test Coffee Shop\" and transaction_amount=12.34.\n9) (Abuse-path check within scope) Call GET /v2/accounts/{account_id}/transactions again but omit Authorization header; observe request is not successful (must not return 200).",
+    "expectedResult": "1) POST /v2/accounts/{account_id}/transactions returns HTTP 200 with transaction_id, available_credit, auth_code.\n2) GET /v2/accounts/{account_id}/transactions returns HTTP 200 with transactions[] that contains an item matching the posted transaction_id.\n3) Abuse path ruled out: unauthenticated retrieval attempt must not succeed (must not return HTTP 200).",
+    "sourceCitation": {
+      "location": "Section 5.1 and 5.2, pages 9–10",
+      "excerpt": "Authorises and posts a web-initiated transaction"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Post transaction → observe event on WebSocket live transaction feed",
+    "description": "Verifies that after a transaction is posted, it is observable on the live transaction feed WebSocket endpoint. This protects real-time UX for cardholders monitoring activity. Automation: MEDIUM — requires WebSocket client and event correlation.",
+    "testId": "TC-E2E-05",
+    "testDescription": "Open a WebSocket connection to the documented live transaction feed, then post a transaction via REST and confirm an event for that transaction is received on the stream.",
+    "prerequisites": "1) A registered test user exists and can obtain a valid access_token via POST /v2/auth/login.\n2) An owned account_id exists with sufficient available_credit and an Active card.\n3) Test harness supports wss client connections to wss://realtime.aegiscard.com/v2/stream and can capture inbound messages.\n4) Ability to correlate events using transaction_id returned by the REST transaction call (correlation based on presence of transaction_id in received message).",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e05@example.com; observe HTTP 200 and capture access_token.\n2) Establish a WebSocket connection to wss://realtime.aegiscard.com/v2/stream; observe the connection opens successfully (WebSocket state OPEN).\n3) Start listening/recording inbound WebSocket messages for a fixed window (e.g., 30 seconds); observe that the client is actively receiving/able to receive messages.\n4) Call POST /v2/accounts/{account_id}/transactions with Authorization: Bearer <access_token> using transaction_amount=7.89, merchant_name=\"Test Transit\", merchant_id=\"TRANSIT001\", mcc_code=\"4111\", transaction_type=\"PURCHASE\", description=\"WS feed test\"; observe HTTP 200.\n5) Capture transaction_id from the POST response; observe it is non-empty.\n6) Continue listening on the WebSocket stream; observe at least one message arrives after Step 4.\n7) Inspect received WebSocket messages and search for the captured transaction_id; observe whether a message includes this identifier.\n8) If found, verify the message content includes the same transaction_id (exact match) and occurs after the REST POST time (client timestamped order).\n9) Close the WebSocket connection; observe it transitions to CLOSED without client errors.",
+    "expectedResult": "1) WebSocket endpoint wss://realtime.aegiscard.com/v2/stream accepts a connection (OPEN) and delivers messages.\n2) After a successful POST transaction (HTTP 200 with transaction_id), an inbound WebSocket message is observed that contains the same transaction_id.\n3) Cleanup: WebSocket connection can be closed cleanly (no resource leak in test harness).",
+    "sourceCitation": {
+      "location": "Web Application Architecture bullets, page 3",
+      "excerpt": "WebSocket endpoint: wss://realtime.aegiscard.com/v2/stream — Live transaction feed"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Freeze card → attempt transaction → receive 403 CARD_INACTIVE with card_status",
+    "description": "Verifies the state transition to Frozen blocks transaction initiation with the specified error code and includes card_status in the response. This prevents unauthorized spending while a card is frozen. Automation: HIGH — API-only state transition + negative transaction.",
+    "testId": "TC-E2E-06",
+    "testDescription": "Freeze an Active card using the card status endpoint, then attempt a transaction and confirm it is rejected with 403 CARD_INACTIVE and the card_status field.",
+    "prerequisites": "1) A test user is able to login and obtain a valid access_token.\n2) The user has a card_id in Active status and an owned account_id linked to that card.\n3) Test harness can obtain/enter a valid 6-digit confirm_otp for PATCH /v2/cards/{card_id}/status.\n4) Account has sufficient credit so failure is attributable to Frozen state (not 402).",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e06@example.com; observe HTTP 200 and capture access_token.\n2) Call PATCH /v2/cards/{card_id}/status with Authorization: Bearer <access_token>, status=\"Frozen\", reason=\"E2E freeze test\", confirm_otp=\"123456\" (test OTP); observe HTTP status.\n3) Verify Step 2 response is HTTP 200 and includes new_status=\"Frozen\" plus card_id and updated_at.\n4) Attempt POST /v2/accounts/{account_id}/transactions with Authorization: Bearer <access_token> using transaction_amount=5.00 and valid merchant fields; observe HTTP status.\n5) Verify Step 4 response is HTTP 403 and error equals CARD_INACTIVE.\n6) Verify Step 4 response body includes card_status (presence assertion) indicating the blocked state.\n7) (State confirmation) Call PATCH /v2/cards/{card_id}/status again with status=\"Active\" and a new confirm_otp=\"123456\"; observe HTTP status.\n8) Verify Step 7 response is HTTP 200 with new_status=\"Active\".\n9) Retry POST /v2/accounts/{account_id}/transactions with a small amount (e.g., 1.00); observe it is no longer rejected due to CARD_INACTIVE (must not return 403 CARD_INACTIVE).",
+    "expectedResult": "1) Freezing succeeds: PATCH returns HTTP 200 with card_id, new_status=\"Frozen\", updated_at.\n2) While Frozen, initiating a transaction returns HTTP 403 with error: CARD_INACTIVE and includes card_status.\n3) Cleanup/state restored: unfreeze succeeds (new_status=\"Active\"), and subsequent transaction attempt is not blocked by CARD_INACTIVE.",
+    "sourceCitation": {
+      "location": "Section 6.2 (freeze) page 11 + Section 5.1 (card inactive) page 9",
+      "excerpt": "403 Card not Active or Frozen error: CARD_INACTIVE, card_status"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Report card lost/stolen (blocked) → attempt set PIN → 403 CARD_BLOCKED",
+    "description": "Verifies that reporting a card lost/stolen blocks the card and then prevents PIN set/reset with the specified CARD_BLOCKED error. This protects card security after a loss event. Automation: HIGH — API-only e2e with OTP dependency.",
+    "testId": "TC-E2E-07",
+    "testDescription": "Report the card as lost/stolen to transition it into a blocked state, then attempt to set the web-based PIN and confirm the operation is rejected with 403 CARD_BLOCKED.",
+    "prerequisites": "1) A test user can login and obtain access_token.\n2) The user has a card_id that is not already in Blocked or Closed state.\n3) Ability to obtain a valid 6-digit session_otp from /v2/auth/otp/request for the PIN endpoint.\n4) Test harness can generate an RSA-OAEP encrypted value for new_pin (do not send plaintext in test).",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e07@example.com; observe HTTP 200 and capture access_token.\n2) Call POST /v2/cards/{card_id}/report-lost with Authorization: Bearer <access_token> and loss_type=\"LOST\", last_known_use=\"2026-04-01T12:00:00Z\"; observe HTTP status.\n3) Verify Step 2 response is HTTP 200 and includes blocked_card_id, new_card_eta, case_number.\n4) Call /v2/auth/otp/request (referenced by spec) to obtain a session_otp for PIN operations; observe OTP is issued/available to the test harness.\n5) Prepare PUT /v2/cards/{card_id}/pin request body with new_pin=<rsa_oaep_encrypted(\"1234\")>, confirm_pin=<rsa_oaep_encrypted(\"1234\")> (matching), session_otp=\"123456\" (test OTP); send request with Authorization: Bearer <access_token>; observe HTTP status.\n6) Verify Step 5 response is HTTP 403 and error equals CARD_BLOCKED.\n7) Attempt the same PUT again with a different encrypted PIN value and a fresh session_otp; observe HTTP status.\n8) Verify Step 7 response remains HTTP 403 with error: CARD_BLOCKED (blocked state persists).\n9) Cleanup expectation check: attempt to report lost again on the same card_id; observe whether the API rejects duplicates as already blocked (must not return 200 if already blocked).",
+    "expectedResult": "1) report-lost succeeds with HTTP 200 returning blocked_card_id, new_card_eta, case_number.\n2) Subsequent PUT /v2/cards/{card_id}/pin is rejected with HTTP 403 and error: CARD_BLOCKED.\n3) Abuse path ruled out: even with a valid session_otp and encrypted PIN payload, blocked cards cannot have PIN changes applied.",
+    "sourceCitation": {
+      "location": "Section 6.3 and 6.4, page 12",
+      "excerpt": "403 Card in Blocked state error: CARD_BLOCKED"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Retrieve statement → validate interest/late_fee/rewards fields present per statement API",
+    "description": "Verifies the statement retrieval API returns the documented billing fields, ensuring the portal can render interest, fees, and rewards consistently. Automation: HIGH — API response schema presence assertions.",
+    "testId": "TC-E2E-08",
+    "testDescription": "Retrieve a known statement_id for an owned account and verify the response contains the required keys including interest_charged, late_fee, and rewards_earned.",
+    "prerequisites": "1) A test user can login and obtain access_token.\n2) An owned account_id exists.\n3) A valid statement_id UUID exists for that account and has been generated (to avoid 404 NOT_FOUND).\n4) Test harness can call GET /v2/accounts/{account_id}/statements/{statement_id} with format=JSON (or omit to use default JSON).",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e08@example.com; observe HTTP 200 and capture access_token.\n2) Call GET /v2/accounts/{account_id}/statements/{statement_id} with Authorization: Bearer <access_token> and omit format (use default); observe HTTP status.\n3) Verify Step 2 response is HTTP 200.\n4) Verify response JSON contains statement_date (presence assertion).\n5) Verify response JSON contains adb and interest_charged (presence assertions).\n6) Verify response JSON contains late_fee (presence assertion).\n7) Verify response JSON contains rewards_earned (presence assertion).\n8) Verify response JSON contains minimum_payment_due and due_date (presence assertions).\n9) (Format boundary within documented options) Call the same endpoint with query format=PDF; observe HTTP status.\n10) Verify Step 9 response is successful (HTTP 200) and content is not JSON (e.g., Content-Type indicates PDF).",
+    "expectedResult": "1) GET statement returns HTTP 200 and includes the documented keys: statement_date, adb, interest_charged, late_fee, rewards_earned (plus minimum_payment_due, due_date).\n2) Default format behavior works: omitting format returns JSON (parseable JSON response).\n3) format=PDF returns a successful response with PDF content (verifiable by Content-Type / non-JSON body).",
+    "sourceCitation": {
+      "location": "Section 7.1 Statement API response keys, page 13",
+      "excerpt": "statement_date, total_spend, adb, interest_charged, late_fee, rewards_earned"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E: Make payment → verify payment accepted (queued) response includes new_balance_estimate",
+    "description": "Verifies making a payment returns the documented 'accepted and queued' response and includes new_balance_estimate, ensuring the portal can provide immediate feedback on expected balance impact. Automation: HIGH — API-only e2e.",
+    "testId": "TC-E2E-09",
+    "testDescription": "Submit a payment for an owned account using a pre-linked bank account and verify the API responds with payment_id, scheduled_date, and new_balance_estimate.",
+    "prerequisites": "1) A test user can login and obtain access_token.\n2) An owned account_id exists with total_balance >= 25.00 (to allow a 25.00 payment) and minimum_payment_due <= 25.00 (avoid BELOW_MINIMUM).\n3) A pre-linked bank_account_id UUID exists (from /v2/bank-accounts) and is active.\n4) Client can include required headers for state-changing endpoints, including X-CSRF-Token if enforced in environment (see separate CSRF test).",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e09@example.com; observe HTTP 200 and capture access_token.\n2) (Optional pre-check) Call GET /v2/accounts/{account_id}/summary with Authorization: Bearer <access_token>; observe HTTP 200 and note current_balance for reference.\n3) Send POST /v2/accounts/{account_id}/payments with Authorization: Bearer <access_token>, payment_amount=25.00, payment_type=\"CUSTOM\", bank_account_id=<linked-bank-uuid>; omit scheduled_date for immediate; observe HTTP status.\n4) Verify Step 3 response is HTTP 200.\n5) Verify response body includes payment_id.\n6) Verify response body includes scheduled_date.\n7) Verify response body includes new_balance_estimate.\n8) (Queue acceptance stability) Re-fetch account summary (GET /summary) and observe API is still available; do not assert balance changed immediately (not specified).\n9) Cleanup note: record payment_id for any downstream reconciliation/void process if test environment provides it (no cancellation endpoint specified in SRS).",
+    "expectedResult": "1) POST /v2/accounts/{account_id}/payments returns HTTP 200.\n2) Response includes payment_id, scheduled_date, and new_balance_estimate.\n3) Abuse path ruled out: payment submission without a valid linked bank_account_id should be covered elsewhere; in this scenario only valid linked bank is used and accepted/queued response is returned.",
+    "sourceCitation": {
+      "location": "Section 7.3 Make a Payment HTTP 200 response, page 14",
+      "excerpt": "Payment accepted and queued for processing payment_id, scheduled_date, new_balance_estimate"
+    }
+  },
+  {
+    "type": "e2e",
+    "title": "E2E security: Attempt state-changing call without X-CSRF-Token then succeed with X-CSRF-Token",
+    "description": "Verifies CSRF protection is enforced on state-changing endpoints by requiring the X-CSRF-Token header. This protects authenticated users from cross-site request forgery. Automation: HIGH — API-only header-based assertions (exact rejection status not specified in SRS, so only assert non-success without token and success with token).",
+    "testId": "TC-E2E-10",
+    "testDescription": "Attempt a state-changing request (payment submission) without X-CSRF-Token and confirm it does not succeed; then retry with X-CSRF-Token present and confirm the request succeeds (HTTP 200).",
+    "prerequisites": "1) A test user can login and obtain access_token.\n2) An owned account_id exists and a valid linked bank_account_id exists.\n3) A method exists in the test environment to obtain a valid CSRF token value for X-CSRF-Token (e.g., via portal bootstrap or test fixture), without storing auth tokens in localStorage.\n4) The payment request data is valid: payment_amount=10.00 meets min $1.00 and does not exceed total_balance.",
+    "stepsToPerform": "1) Call POST /v2/auth/login for test+e2e10@example.com; observe HTTP 200 and capture access_token.\n2) Prepare a valid payment request to POST /v2/accounts/{account_id}/payments with payment_amount=10.00, payment_type=\"CUSTOM\", bank_account_id=<linked-bank-uuid>.\n3) Send the payment request with Authorization: Bearer <access_token> but WITHOUT X-CSRF-Token header; observe HTTP status.\n4) Verify Step 3 request does not succeed (must not return HTTP 200).\n5) Obtain a valid CSRF token value for the session (test fixture) and store it only in test runtime memory; observe token value is available for header injection.\n6) Resend the same payment request with Authorization: Bearer <access_token> AND X-CSRF-Token: <csrf-token>; observe HTTP status.\n7) Verify Step 6 response is HTTP 200.\n8) Verify Step 6 response includes payment_id, scheduled_date, new_balance_estimate.\n9) (Abuse path) Send the payment request with an intentionally incorrect X-CSRF-Token value (e.g., \"invalid-token\"); observe HTTP status.\n10) Verify Step 9 request does not succeed (must not return HTTP 200).",
+    "expectedResult": "1) Any state-changing call missing X-CSRF-Token is rejected (observable as not HTTP 200).\n2) The same call with X-CSRF-Token succeeds (HTTP 200) and returns the normal success payload keys for that endpoint.\n3) Abuse path ruled out: incorrect CSRF token value does not allow the state-changing call to succeed (must not return HTTP 200).",
+    "sourceCitation": {
+      "location": "Section 8.1 NFR-05 CSRF Protection, page 15",
+      "excerpt": "All state-changing endpoints require a CSRF token in X-CSRF-Token header."
+    }
+  }
+]
\ No newline at end of file
diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.xlsx b/functional_tests/roost_test_1777467397/roost_test_1777467397.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..85eba10945aa37f104482c9d5e1ea7c20ad03d86
GIT binary patch
literal 119103
zcmZ^J1y~%*(l#va?h=9%Jh(#$8r)rj1$T#CAh<(ti{S1K8{8$hF7EEmPtLjLeD~aY
zf1Y=qs_J>Gr>CZ-x|waI4=}LEP*6~aP{E%v_2L%5NZQa)P$#fZP&hBGy5jbBE@pNv
zhH9P;X3qL79=0~6iSl+GY?z;~g(NnZWl{Cj)FnE;)ePbnUO-KFykjC=I7?|?aL1-E
zdP7lUgu|H1bL^efMWk34B{NMZEs!3e%#DjQ|BJzvpz$W7JuimxE20L-5#PB|96Mpn
zP7vbxBPgAD^IP<|h>VO`6q?eOpiY?@3n%6+H`9+0CnS`_>(13crpzcyQ(|2V<;Z-k
zp95VRW`i-;VgO?7{&R!bDktb=68(1@O?tYQA@SshMDA|HMYZ|RC_#cUmW<obA#Lti
za%0E|L_s(3XvG`TeNiZbtlLR*W(hb9`s%ybUl=vf>OXG41bicA=ce7CE`hd1czjTh
ztJ0O^L3g@1?#H_IU4QcO4I0Tqkao0)wG+A;sfp1O7rn%Sc@>$CaC7LpnxJnev-xBN
zL{lBHP0X!c5j@30yLr}s%J^9)aA_0tdT;Q%5cb^NUZsfu<L5nCT{n@EH4>$NJqf5k
zp2SP=|Neu2(F~o;Y@AvD;{5rv&a!3ZcVEtZ06;;Z{LNwc%`A=osnE%WDthcAv2mYf
zCyn?ux0&L{5-q1NnA(n{HtKs<;L&kdtSD-f6+*P*!M4TV{;*)wUX;oeDJoMjF)rNT
zNXQ6y@X5*%;|&UY2o=IxhaafvTjq~)RI-Krtufko(tYq=aW^@xbwctfjM2CQii1|~
z7)B>|L*2m97e!^qE_eOFt)RlX5z+Z3nu166UtBhJy7s$qhsNJ1EOZ_Q=s(Jlg@HUL
zk28Wbx4ynn8r#;_m}!0x%FmJ>`<hdiVTq+$sIWGu)9y;TppUdY8u{T}{c|H}+UEc&
zcWorohqu4zc*cC7{))(dM-ApBA|5t>hwQ%zNPiOkS7d{zD>Z&cw(%vh#Q#onw|BBO
zvA4JW{U-bs=ue$&nD37tkt?rt+;n6a;+z>kdb-yzK{a)9HZqnxwvX59B+{gaUlFpq
zN@i1grT2%gc|#TDCK1YW-pFF^$XB!;<N9ze+*@FF&Fc!m#vs#D&rZ7U^N@0GlR5cP
z$H@yaI1HUi$i79Fl9veGIhQB-Rlqkm*<Ubh;7+e;c1u062(yQxSXqtyYea)0jbY8d
zMSS53-Y}3aa_3eyh&n5Hh?O{#|0A4~{>N9bGwYfkdYqTLo$s;*(TjCaF(NcpT;AP}
zFo>MAgx%iY53R?u8NNR3e|<)@!FeY!+*?TGdAh#$>i-{T^gjdiJ2cLgW@aw`nWh)4
zuAE4eP*CYa&`^Z`#r?yD{dYXSWa_))&eTdkj?0a9gd{KLmdJaE98pe<L5O0N_RF}K
zl2ky#cpJLw8Hgls!dfA7A|ttrO;erA;<!lPd#X?s@^}k5US7UEJUH8XSbJ=3JxYIU
z6|guqG-%=Xe;#aYO&|#I*Ew2hY!dc;-n%&LzOVN7e&%bQzdyfzK3_T}NPceea&~j`
zwWtof*1W!2)-&|KxjI@ZPPQLe&NT3KK3zR{3~p&_@NxHQy<OjAbuSmz%gStPn%h}g
zXnuTp^0{8xy}fT$^uD<|v%YdXy}P^}tPYGwZf_It_J6dZOSZ6AEawq<-W$FRDQ5Nd
zzCN>dyFR)&Gi>*}nHY?4f5qK=vwgd8zW=;<;Bq|DoD31Z+kEWa+!cY?J<UBI^-Lri
zUiqFQ96l}G4h}{XN6gGXY}~GIL+&6gP0dZsa}(E)R({9>ig5H@=3w>A_0`ia-}@Ll
zgM+2Vr)HAN)!}j<H_z><x%~-4h=EA^&Ex9aEvtPQk67B(k=}#X<JH6C-1wZmg+0&C
z^0MF4(%stOFl6ar(%$fKd*xtn(;R$sC_m9F-qPaX?RwtszMScgdcT$JeRrJx{QUSZ
zb(!w%{kSD!_~hm4dwP_w=s)hed@uq3xQ!Mp!kuzeOcI&RL-_0+bO%4Njh1BS9W=F#
zrtu=|o(J2#o~>iXAK8_j$qHk}3vAEK3YyBvi;o74Ty?*5&G6j5)$@I>mD&wqO-D8K
zPJ9}~*zYYD9(W~Ub2pE5e?ui~`}UZ3U`f%+$GMF(!yw!5d1<rz*qz1x>}IcXx3^g3
z`mnckhiUfN{M?(n_ksRtP_p&5xOh0*|K9Jpxw+kU@zmm~lY2kDv|c;=z$hK9|H!_Y
zeQuRIJzi+m+_@@b!6xotoLiUHyJc9T-!IZ%0Dg;}LUKz+6m@t4NSMA3B+RgYX6N@u
z3tjaj$6P<J2NLEGK(oK2i-RWo+K$kL_=t;1b>S=;Ira?yVo<I4OYIzOwcM<4?4&D1
z`+3I@PQL<}Xw5*gmms_x*Y&GFV<FT~V_!_n&O0`W;7euj=~Wy_nxx(AGF8=O2#|2v
zRTOn!?B#fT(K~H<O|)LYc2x-f_Q7>%@ZIRiizBh-t4EXCc;=_*d7z+h^A>rLY%hnH
zXyomShw;!WxULit^icL^b_$i-m;2d~0e9e;d<vhgX_b;>q$tOP_WX?4$JoW4@rQgb
zYVaCxhK%(xB#$Bq>p#F4tsOeOh+Eo-Uuw&HUW6N~nG0-r1Gk}WMZ)5tj@(zQB5Lpj
zU^4V-wAOO?4|KCbXTx{p?s`1=C>t!1uSuwe64YYacfyI2#=b`H!$kNPTE80qFAe5x
zSA@>*^Q>=P`{DO8Ez&Zjf2%FQYqo88|EmPXWH1njxcT^U7>fp-{p8krornQLnHU40
zq=<o`q!3}T9@m*x=$mC;IXyeKy?;7X*5i_JR2SH;TMbu6?W2ePhzs*J9Ga-xcJ`1X
zQiiDa2kJ%<exEvXY_Sf-dCu&Gl}eB2<?a0Z68Uz_kz#~)g`t39pxb>U7u$EVArBai
zHE^V-$<;Xqh{)9_Sg2x+Tn(hC(~##Dm839_1Jjw9q7Tb<k7(qE4L+a&&dEbnXG_bC
zu41uyhl9~oHPKWx`NXo<z<n|6XiqNK_;;OU!-+e0ylEZjTC4IUC$t(KIE*b}c*|YL
z_C{W>Vt{zdZN$rM*vt8|wSW{tT@jd`&}Y1cu|5~uC)s*i!5dk@uGgOVC_~=*M$3nQ
zb3dNS5`3fObHI5SLCSS2m@2`jfchtn%@7Nm7OnM~#OncD1EqRftv*SV`SCPum~z5R
zaE-+gjC-WhT9&ecAlpEglqBD27k$hn{mjGH{MqXvdb%XtED!Bar}U6Xb@?ATWWzbG
zCi7wlV6yKS4Hk(w7%#4IFRttZVHT2}MN*Ahj6&Tx3<I7!zxwCRSzMhjKW47S@@wPl
ze?*hZ-x01*nC|++k}pZ%Vt-m<1#WjJ)u#$BedC{u;H8ezG}0*ta~k4IjPb$dL8Hi_
z;HS_sITY$zRvR@HA>h;`pum)5u~d3Bb?xn97w4leiNI?K>6=`-gt-c6SDR%SnO<#x
zb4fb5G4fDe0SyK)!2ERB`x(+D&L$++HEQS}R|V>6zBsMz_a?$=U{+01>#`yCtEdeT
zXcoQsJMM^F3~|xXj85QJnJV~c=j|@9Gtv~={?`>*!gSN;FD4)}#TfN~?TRaAlki@W
zFdHVhV|MH3g+5m#pU^vFxe_*74MJzH&mAdR|1xkGBlU$MxiGdEu7;mb8*qDikSH#R
zD8z&is4IW7P!Ccm!ti>!kWEcKv%j=>m=IbU3}SKjqzFSBunidJ6`=G^e|{>lKi9eY
z>ctX*BQEeUGsUeBn(dy$=*j|oFbbT@hOQQYG4~JluaD2!swFixr4b|d`pGC}WH1)9
zf5YcyFc8O`pNC;8T5kyQ_F~`fx-dZpexVNgCrpK8ic~!-Dn~8_Ipa5A8*sO{i}T8L
zxWv4*xx&n*pcn_j@HV@`olGS7D!*lDDQE2|mnlGZ^n^Q+HyKS`*lNg&^ePbb{HXZ^
zw3?z$QiqW%hELHzV=E;#(%}MMsDmtmEBSfod9Lt;u1l-PS>gu0?DYAQ7vz5UDa!}s
z)PSbLtYFBX_VpA>ocSt8HoN$fasDtol@$Z_4!$nV%EX3fU^DH>#Ofx;=L|pY6(4D;
z@GI?ix#Yau4s6&zG3bS@Mn|*RqYxli6K|xg7_ius2y45nZI}tht;xTwMHd`<;D^${
zrv4{N_GFYY#}Y|6kh0dsWCLdB-A@`_Un2!`uiF-k*dp_f@$1s%xw=6OQA3$yLvbJh
zQ(?h!03%wl=<s->0tLH)C|4Tr*Hl=LFAaD)m)f%WF!*k=5Db%9?`pztj{qJB==vvo
z7$SIX#9fbYucFwV$r^BbxgmClD6(|UZ49|=Tg@teCC0xclq<xp;LdIKI)KjEgi~G-
zq$xOaPr_Cu+}3w!nf(Z>m$J#v+18A&>bbEAOTN=z3PLbfT#K7a@G!Ze&Po*uBN)o+
z`tZ_(SDkNngQniedMzKakHl8B0^4ALPt77%O*&87`t^=-IhLcEcMv<JnhC`B?*eDy
zvlnd1IeR4~yPrDsyj;C;c;;JdF)N=^kd!3lX_qv07ExFi%8MEwC*5K~4VaMjf*x`&
z!67J*v~8PHx*QHbzbKmqH?h%9za%|NWSHyA+k#?hqECpk-$9u2lD6VgJe@sya!@H8
z2_cHdBUU5bC^kH70$b$+(cI#;1;n4k5Slcsjr7@Z_QO-PG>5vHOlYU^IM{5nq`(=;
z(V2__pMvL4gO`aR7Q6*zoqS?tE@XD+1Hl!(xDc}kO8pR=ef|usnboc)bh>F*-paDh
zFjunW9xAF+-g-BmVvg<#`;8G*qs+&_g`bMI>EZeA=^wb&^s92HGK;t>I<mD^6-!R&
zG;VMhAHwjSz%_2<2yHYET*(IvS4-?|#S2pB`GS_a7vu}573|wuR=Z)3H>D*<;Qs{>
z*-9n<CDXOM)DCRQwZlv0v=Xe-)-!cA*BOhWog~&$Rw$vT(@4bmzZbBv_@&S~2=)6;
zu-!3S>!X^ccXCZb0H}h$e(1nBL$ex{t-=kNwE!FA3D^kE0b5=MV7*_AC(Mo|ZSbMK
z6F-RW7ZSF$?dr``%zz7e1(iqd;K=zLZO}@f=rn*hjNmZ5l`dol6FA;VfZ!yIp7Yme
zo{Q;)T^!Py3he&bhImz9hJ3v;t88ewMRs7AH$2-Z7>bsh2;7AOlj30xg~Lh+?)m`F
zR;f^{*IVRLR7)gh>Z+kR78gBBtYx8Nl4%v@nnyF8n)J6Je<><oD=O4I;>w(9XP>X&
z)GWaOwr!gtoQUvY&RkCkcQBFQt)$G*!cr(fq|*q(VeAOQTWus?ZNy*2IcRYiwmFaO
z*-Q5olQMXi0XLb`PIGZomZgTd4$GBTo15r!;OwV079f057Qu7g{*V<OvCuq3Fk6PZ
z!i{59qR@cM|Lc=3%s=isLkn7=1Zqb9N2NKXP-hz!BpdX>*oGspN1ZEj)$4?~9bSX*
zrMCZj>DDqXNf$F6M)eBzrHXt;(L-FH+`5&Ul2H_+(=oI*3dTw?hBYSy5lQ~7dN!h!
z3?81sSNHc}*4}cxtPqq5anj-vwK(E|d|%*FRJH#pPL4G~o8E=K#kNfv#9am)%LgcU
z5n*bfw9!t-m+$IYj?Z-ITya(6`^lH&8sb==&a{z-wYgQ18gCO$<~P>b>F2Rd1bgfU
zEa4l#XU>zRGLRC<qi6i`QUXwG{08inV1c+1ji|}r7(oGKr9y@Am7;1PDY3a^nKt8{
zQ=O<asnp*JO=ykA==rAU)3P<o8M&o`58i_2%mCGcu;$4~Lo6JX=cXmwy)PWWx=*KC
z12MDF)j0-G1WfmZj-@AeCaW^H8*nL#2EhL%umyzjyu9QtFZyU^v9|KTK2Q93az)#-
zWfoV|EP`2?^MWOXO)Y9;VJs8GDb?0MzGnFU6WG-jUa&)RTw$3)&O+W>URN8Hx6A}a
z!Zs;wCDzf92MilctsbjS93y#q8^t*ZNsfT6w+djr9;B2(UT9~c{4SlpR5~LT-nUb<
zhGaCZZX0cl0~2Z~O_!t#UxdZS&5Pxy8ntDt6iPvj<n(MaFmPL5IUtMZ9vGuC1mvMh
z(cjH}X&r{XG3<q%*&$nLV6fhIle@RB#gl1ubB?OMm*rp%{Zg)qwQQ|Z#gZF@ys!(X
zKQuax2hGbHO+#b3y_@Z?u6N~jB9Dp{`n%1vw!+JLm!|<EE}hfhyCxYEUkG(&n*(+V
z`Xr2z@8*l{9Is`_FEd2*9^@EK4(Ikz$(2l)c?j@pdN6J72*7tvm*Lf<bA`*?6?z$V
zj)aMq;`NJ!V<V`6+6ur2>x}_YP;^#a<=wbn{>FCYZ7>I$p<QNs2~zn*-yw3j_=xSu
zCTT*q8aZH8r{hg!QUxF{3{?(?D24VdoBT(kv_3Fr9Ee~jrY-AL<7ND9TndI6j`Q8<
z=^`ZS72RyvirkRx$d;b|D$|af#V0g53qZ;UEL$d$5kC&tg%-Fg2Q`r@eQ-gzx63{`
zVOo$cWpt<7OY*=VguL9bxTQBTmHJ7{LLLanb3~F`$4=>?VT<};M4SxfWC2;}0nSk>
zon7<hmF?vBcRg765@yR>0_wG6&ehNye5@2%kD&Kq6-#ggD-}+<_<!R3VfYjw@YZVp
zi#Zmfovev9d(YL79qcrb9nuAOL-Kz>jXFyIu7ZD7ga0dzO#!2q91Z+G59#ZZJTp>y
zrcNKapBQhvozvTSG#^`YIP|NyDp<zDT*DMfKDe0Zf5X|w&eTfY>EaJ0xP;QA>meJ>
zt!H#pv$=L&k+90@UEEq3ZhX^1*%E2`=67Z5`bWWI-N!PRrfMmXnuYK^_>g3Zggb8m
zQD~PI&3_F~@i~hTq}jj?^=p7L{)YhBBb^kHuLKNVkxDUNj7M;%+bY-21+Z`uFjj7v
zKvze>o0FgoaTBN5a<VO08r6-1$bL%rHZ6WLN_>p`jvrYik*-|Vhqr^*!4fT#kD8*O
zZNg^;b{PQfCPGgzz~rgI%jGkjFu!J!&%Y<_D0BGIt&B2Jfp2R*{jG`Cf9$ilF|;#2
zKAVLx%`_8}(MShi>rcV5sLnDUnJw{1(+NhIx3)GC=7!%gHT_epcU_E<1I{bi9SjMF
zxCzXZU6lh^EE8UGRusTSAPuzzKmzMgK&PNkLpg(jx^gwo@NI*;O^WEYaC<kF*w~JP
zL7qIQL(RrU%V;p?c7!SJo#5PsByMLTW&Jvaoq(AqR};6N2;e4LnUaO1uKyEyMZ&he
zH{a$%5cGE@oWVuHVd}ns{l7Hq;yY><_3XMNcV&A|7*<XzB&{jB$|6M*_3W-9VG!3J
zwqxO4jcanm-kG2nfllT>7%!c@bYZh@)*qo=cj-B(<?-2>IgrJy8>;%|KS2;aT2;EP
z<2F@!uolZC99CP#%@%?2?{N5f!?d82ZFY(FBj<y!I(kYsLP|GXW!oEsp*5I4p+_$~
zST}9Kr`GEfDqeL3RsDaU&Ko?zOsPd^Q1VW)%^a<ozlGKR)u;vYZ<Igj)GVd<)i(P+
zNtYvZCo20-P{lXY8mBTPYYAE}R|{7(!OQN-U7MJ`Wh!Qsht=OJwh6mb=Qet2ee)7M
zAM8KrdT)e(U!{ptYK(?Cn5*IsKX3+`GvePJt*M+^y<BE+Pm5(e_TPO=)^Jknz~aBV
z{C%MtCe5kJ$R{9rC-MJ{;4eO`0e<*sQR%6+`YQ)G{a?oa<A$IJKK;RvKoCV)4e8R^
zgHIXt2Hmz0{8KcXEZR*?-<I6n8Nug;RKRaJH-j04yPGhEw%x!!b_o9xdLFtTr>5^p
zg71vb9p&0s07Ekpz}qH7HbVlLlKRj8QlVLfGWBaOg^NA*4N)rL4aOz3V9vYsjM`FA
zh6tQNw<auXhC}j0(a%^8#>DGIrMKGhl@nQksVUv0{{_KQr8ir)!=puavvfPMjIc1p
zDRdg_iX|plTHS(`;hrXV=Uurb%hL}fYq|PSo0RDNl5Z;wa-hwrkcK3&Q=+KZNMww-
z<H4ULou*z$dojL%@*SKK(3}jQIzetI>j^U@lbTIH#>nl3qwvCcELj^iOwLv(O(>;i
z)0Hu*iwE1#faYXr%~hW<Q%b2FzJ58lTDZ$5@x4t;^~jBpkE;g6Rl~+r!^c%4##JN7
zRilEEH6Vvq3;bV69;fXD(5#)>vPDM-aQkk90epta6x#yG8$L3i410!Hf;=4edt0IL
zs5btRpS5}{eBN?S+^HJ}Z~N!W<EuxhExyYb>~J<e)*bCg8j?+~WbjweTGS(rj64hT
z-OD?1XKWns_Rl%R6L^i-wU;V3jcdM9Kl_5u@Y(_*Gt!fgkxAzVY14QU2VBaBJrJRx
zcgb1u)17ho{%qP_C5mH@K1izusQZdtf%OGgS^#S!Nn<1+3*8Em!p7D4_0nNf)A)>}
z`$%V#m)Ob~9B7{amc<COAwX;e8y;j$2-{6LJ*~C0!?*->BkUVm3(I1P*$^$Z@(v!v
zNCeAbhS`uLro?1!+d3W9w%9<sOgi0-3ec>^-6=&t(i^345DNt3p#hRP5yQDkOK)Gs
zp5Xqa*Ht+Xtp3u<g{U{9B6`0Hf-SSgY$y{`Dzer$<(ZxmkwIuvbT?%NA(OzpvB52<
zP|oR)d@*1-X~<=i-q`4y>Q1X`qRF=KmHY?eUvzMCAH$dlDZ|c(4_>bNrrtACnupMk
z8C^{5v92#b?lM?TCz_lujL^e+NS52OV4fhF6<tg0L_7Va9?8mLmh=P<)fLz6cc3FZ
z`mszDxF+YXqV6oXJ0qU~ON~lk0w0Ek%?F~kqX#P+-sVd3ESsL4`4XD3QVdv5t)mY)
zy04I3_QgSVzVt6ma6Xr+fU=L0Vn6GTntJkTixpj9A=^KqYGHkFDWG4$D~U30DFK8r
zV}UWS)GOl9NDVD*Pk4j{IEP<7o;a^s^)GLY*M^N<?LUByY#GK{nc<r1<;5&Ug8@qm
zDmmV|$PIne{u@;%u_gP&B<p2&ee8}ibCX}e*KL?L%LD+({ks)!LqwnBbU->kt^>3K
zlB{AtQ%_H0u}CiL%r^Nn_Kq<ooEPzX5IKT!&bAot4(P?CgoQp#?!|V%@<j@V{&djV
zOxEh|L^NWJL`s4959HvE`FoZKQHavbix;*YkThTWNnK~Pd_S&E5`CnB+hb)=@|OYK
zeL$WxRLOaY2V5p&@`_?68gS0p%n|0?nb5Cf8gR#nqS3;AVq;JWlmQXTAx|2q<iIBY
zxKeN(JQHzuiYFGc;77w?yE!Vx#dh3z5&H!M1aWUrgTNLPu);8}PlymfqoRmD@b6YQ
zDj;|(^X}_0u25xkQeswdk@9h$P#t_9@lQtZvEYOQU&yGSQKJ{K_zDLhAp0lg4Jx@C
zT*KXx2N~3YNPZ5lbDsSL+nu8n@I2l0&aD;}o$bGH(!dBd6#_R3Wn&3Xu&&HhFwnQg
zRyRi23<38vJF)H2_hErxBq$IL6o3v2Rsjkz0}7KDn!*7f*NkmcL<fbgbQXFqiIZEN
zPVd`<;)Ny+@a)3vqskK{XNNlrWr&rM0|}ZSZ(wb+oeDqpZrrIwT#X*Te+N$QvX~cR
ze~6-0Xg75ecPh=PPXeEY{1*%lLj4av==aWxtoc)lvA0FBD7Sag$SzxJYa)>vBK{{J
zo6$GZ!riVVj{<F&xa$j+Z!f3RzhK)R5tAAq{tqlqMW0N!)x7WtmgjbZB@sRqjBa7H
z@G(Iaz5<u$L9jmVQh>HrDrg8K4rqTO4R-gSUb$-}q+QN>PFd{cx%U5Xx``orCzy~!
z_$(P{J!|Yhb9}jm59j6j;XmRfx&pi7MlCuF;s5n?TgZeI`&v<z?c{2u(G7g;scIAv
z6%gOe&8cJ4i5|i1X&(^<(6+(tGx;uxPXbppOCQ@U31Z?#{#f~Wr4F~4&qiwTnVDf)
zQ}uukE{o>97`r&JP?K?pRC3EqayyMfu;>aZ2uuV3alisB5Mf6!5i?$QMxz#LyZrVe
zdV4Ssi|f!f{gQ^LR-CuNw)=gogs?Bw4haClfd$YZ!YaIYP+;<kQ8)y=jGM@vT6%a*
zVC~6XCblw-f|Wi+79TQZd5U&9;|{RrC*vZ*E$Gh?m4}D>^p;*JK@60JiahyIDTkIS
zB&_qq^h|dx=J7nj2m6MW3a;4Xfkdd|^-#X<o34!BFTEc?f(FPNrz#XN$pFt5+`jc(
zQF2zeGY@eGUBIOLyMt_`6Fm`8a)0FDU!OXc#&)pL1@t;L0+UFS{%2M){SGmWV8@gF
z2dD=qI#J{%69DIYXeT-e`>klQ1M`39@yq>b9Z3VzqCA2gAxTg-&<a4@i*8uU3!;#w
zQ9=)At=?CF{{jD6swb}OQ^fmr=BFFzXn$l`MlM&=@2Y&$nFHYT&NolE^#6rKA8_S3
z0;&5Aupi+bh&hY!LsXao?hKkC7DF23BZ|BMqoR~nD9r6;w2qF!beltyNj;WMin}9^
zj#yKX0PB?y2x#pW11)dl<Xn6knzf{e5<va25s2>@4;&Pf0e{Y-UQtoRcBrI7u31cg
z)jN?1_$7E&IqpmJ^5Z1kGO5PI%RIvAgv=S00g$K47ya8L4OoM%s~le-++UVl88+6R
zrEo9~1b;>Y5O5>v{bdB07+brb_h{`a?VHg;NM}AX!?k?pkNsb?gTY=hU(d6j<@72m
z9q=F&UF3&wN;no9%!UfFmj<!Q3NE)+Q(xP7c5h}K1#2X|843seK(H$sV5Sx`G6Q_6
z1eoDM40kQ9%q1<(PFHxD8TX0*HLI>P!Gr!Xa&vZO<)Y9Q)E?h!z04}=GxSRO-$h-c
z08?DZYJV94D*EZfBz1*%;}u=$okb;LIWe{$a;hXj1H^D|tZ@rUlwS<7!V>wY$9c8K
z0H@y_P0=f<e;0k3)D=qj6Ghdd0O~ItPSMk=*A`alrw8BdpnGcl+4KkR_j$w}cfsG(
z02TFg;^x}I<x;qpi2v>SH}9n%3VPwNtlylcDw*Hmo}zG2|6>WE`Lcxg%Lp)0w?3H8
zYZPv}jRpuMa=~3Fp;P}SFGp*NIK9?NsyfN%M_5%7*z9E)Qj6;VKmHY#<z)?0BDPY6
zZ}^GDSFa(R*t^!M7iVCDN<XO<Rwp_Lz%2C+ltlGabTCdSXH%LYhwMx`;1_O1VWoDu
z8<TmQ&yT^XBvEHD{TL}5GABYLU>N%QU#4ui<51Mne2XbV_{Mj`&hMhCCG=ysjL4kb
z;Q;x{Z-1Gx5kn(Uhc7hWXFd`l-|P<n=GvqH8OTn&=!a6}oZM;pF%@fE%R(+>Sro_N
zm+-fkW<IZ^uYaOpL9W3jfYS+!0F-vYf!Y>nKpJb`L>V2Gm2}M9>}+PY$o3x*Af%eP
zQGhSp$ZGTSN><-R|1c0QgjkVeb8YPoX15%BPoh2b{)6x@c8=COv2LB`JbTOdkX((<
zG<HLc*vc<>&<7G&7F*0e4YA4^t}C1K7E_OH!LmP2FyzcQ83K}D-imn&2dhAEE?R(z
zm9@?MR(JHO{)VIeU#)=TI$Q_4ei)=bdBEJmqp9@j>ixip{fXoDdxyKhxrB*9!x4z#
zlBf68ow+nmx?$Gy+18-Hp`lO1ZTT?Y>1f3MeuTT>)5X@o#njwpuZS(nRXHn5S^LB4
zQU2r8;lbSuhC2((D9=~^R^fIJfBWOk?#;{1-P=p^^<l^}q#M3P=*Gd%-u^%{U3W<0
z`E=oPd#1iYc6$q)p6%1w!E*kw!;7Pz<LSh0@jg#_`^`gdh()%a+x02I;^X7mnIX^f
zujA*xx0?L9%c;tBF*q#+8md|Y0Sfoe?IX^X#!hA*Rb8B{>@1vrZyh;kU2-DPc4P5?
zD8}WJxj~HsrDGF|-s@ad&=-Z<exZ&~QzsjhV~ZD!AHoL)#UWK%hS2%!?{i?`(5>l>
zc*c7s_{D3t-;01?CDgz8>R~O#OH()>*UlL1>puHG){Bhh&E=bDCr>?eA4@5^`Df#u
zJ905>^RW6oudYp<>_aSE6GrK7Ytjf<{rn9l+n*QOZ<h>bToZn3ZeK<~Al$=i4i@?3
z5d7*EKNaS1zK5+Qosl#6r^c4KLV`ic?8$nG@u55c@8;%FH*-(EXJ76zjdOT|d!OUm
z<LarFhhB9@N)fNSi<N8t^BLD$9{;5WdFOWeC$Ie5^!DYS{)3|f=ERQ<DwFGGjh03n
z<J%EUeCa>@?y4R?R2-R|#uQhvtOl;K?&oPu5==Flgn6U+>pry5_sFw*8cr5l;rQ0;
zF!y%L%xx6TY(<>82y3ft3f@s--`{_0Ed5rx^3IqC0-d|ctLt|!&($dM$d}EW*M05z
zSQ(n7!jwF9_9G29zv`*Z*B1eWFJ!a)n<ke0Ijv&5Q7TXOzLN&`_PR+H>)@LQaK4X@
zLMYR*=EOJQLZHBUZ(@Q;T><gR)P4Qnb+<_xq+ZBD`=@F2cEb8;L&5hc1L$`7v&~10
zTbD1qrZ?~<u%XH<x`wgkX`dt+{nR&HJ=GNkw}c<Yc(bE5RqxbDtVpzW-e$*8)s;n@
zenJ|x(FI?A67E6Ro;cw-E;36{tS)Y0slqrmv~a-at-qbB>5DCyb0;7;9^q(M($;4Z
z!Am$$O|_t7g#^Xie$`5vF;lh}wvE$gE#|}Yi)X%BHCuX`-Qu?2`EXVJlwQ>`LObQb
z#ki81KsVRT?DMfQD1nT}wJrd|f-jS##Z+fYPS=aGqJOw$<Y-_kY1t?{ULN?W$ooMm
ziM6+$M%bp7DeGhJ)(`aRV@1O(-y7lk^Y$kQ(b6f6jlBV<`_$R`NVm0t@Pm!=FvzXm
zrMPMjSyK_CAUo)N6E9Jlx33TTBH8D5zOrgTlI_8MTdwZjl24fBH9N&-t|8tZ&rqv4
zZe|73HEz3di8KA#TQLd+%C=@UoszzwVY>lfzcs(B;hHQ3&7GXkt_CRky_$~jK{X+R
zCCeN<em0*RWmy3P;@_xsh~Z$_ud+`SeJzd$DZNP&r57U5L1ZG%Qj!<Jn;YcWCPI9#
zeV@?Mz+k<2pWw*leby}GDHz{qzAF_oT1|wQxw)wH!`-R5#JqcCcO!4-95lGfqh6;s
z%t6ubg78INUorc^u06Z85J>UCgIPKSRWVkBpGCTgO7YPr=3@XOY$SibSA`_);?yH$
z`M$}oUa9Q~D_1&%sQg5jeK6L_`Fr`J$Oy9p==S7ux^{sbi(WVVbstb9{+WE{WjGy=
zBD}eC!kVh8`UJmsCu%a+tvdYvPa(6;YQOF8UKl~50gA<Y>z~GD-M_s$E?f~n5=e$A
zwwjUWhMSxEn6pt`?XE4H3NE+iFR$jyh%WJo9X?mwL{lMb`#ewpKLuI+0v^1T7t0uS
z$G_<p=2k^YUfLYwi_Jv8ct5+)N?*kmYw6&1F2fg`OL2XI7uO7ZZDJ7ne#mR$(*rx>
zDxI&rgh#Lg<H^1QvAjWt@x}?%x1*M?fsdjyYFaPf&3Y%W?P1=cBcm#*os2$-8iwG?
zD6gHY7>RuAX=x}-dn;x2x#Tl;Ik6^uxX|sAD(~VNv4-=$EP&F)CB-GKhv==NsRtUC
z##QfmX2SXT0Wu2<{ZC=rN`vw4Rs(slZ*oP=eB{Umh|~t~J2n>n1a26R9s&W<yAAiz
zyE(>Lp{IxDh+{*N)O4g4!WsxLlq_`2bc}F@zA)G+h2m$&hjZ~%jH>Klx*U^mF}Jhu
zXYP+D?0wN9TNUb$DzD0w(QZuAShF9F7!AsMmsl$6^y&rcU0Xc@t!#6gfK(Q@q|4N5
zJdu}N<Okn?TwyBXnuaK5`#u_dXVQ(E6cot?5h)~sEW!1!V+`=>9hgrqE3UACyLxRA
z{Gt~ft-lhIq(5p+2{Z*S`1l2)I=SmA+yWCt`=n|S@3E=36CgspWWWM5G8$`k2hqwN
zQ5LE>I0uJ@qcxlrZtop8D<Fe;aI|!&4;Qq<P<(AQrygUBU`oeqmtHZ31!XEJT=Bbs
zI9!3RDJIaKCf)Md%{&XuRu`5H`_MEiBppxzNjHZypjS7GK5uP`UO$LYp8ED>4RBUr
zd0e0yKq*obWYlbEoY0VBEq0S_VYVv6%=QAZ%X1`Fu=O8c!S}`fdg{Y*80R+@SRd~!
zp7{DK-vJ)V#h=#or1=4GlT5|^;m^04MlGaf+t=WY>VreN$zR<|K)7}Chj(qY$&Xrk
zX1x*JH5(Qdz3AAJqvz@H4^pQbq?g}L@lRzdj#j;v-(lX8rxf=~8e&vUPCw_OO-N~-
zE~S3n7s$T)HJir5^Co&c;n7B8WN_|Hm8j6zk&qji3F{VE#q?L<nI6GCMaT-HkY0Zd
z8KK8#h;GuQ)C1wCq;#4J%uopJEB}(s(@W$yH<)0BsG6FhSK7Bt8G+DhTN7k#MRupE
zGY*$ND^E*v^$@IX0(veK_Qc)Y29?;433uGjeb_dQ(8b5O6?YkZ-FpV?d{|7JoGTtD
z3Fc^1J_E^&Jv%q@dRgHJ)LSLs{jhdr6~@#|#yT<^gpYzD=kKMNdm`6d-g`#8HPZ8#
z>h5nw#Y7f&2ISt-0mb`BLQth;))A4<e#U@pKElmo2Fwd16|EnvlM+IW>>%6a<c?8>
zm@@mplSwcFK%6XCh{Uaolt{eUT1FN+OHkOL`m}5&M+D%(z2tk2S|vf|BpL>c9ELpu
zN)F@32<*g9z9O&Ilj7E*#F-O+PB}3UDv)9dOHwzyIvwY35Tt$LS5oM8jMm^jA$LwN
z!XxmI8b$4sG%=Ap`gX9iaE?;<eM_5Nm-AX+Govm|Up>Lwo}F(3xNNN$e8ej~%4gE;
z`8j`UesBiN>G1mYW@2nEaA17?RdB*Mlr`}prf}lNWW*k!&0NHv80l6*O^f^PhQWAm
z-hUQ}dk$u*^NIe^06;GsD-Kpb?K)z%o`+QAJwByr?vs21td+TT5k_FaFvZ?(?vWR&
z89>&R5zi;n8>FIVGrX8Xl`>lT%PDrCiN_Y=CX}he$6iwb{9@{(R&K(8`e%GxQ&nsM
z<3~7U7XUj~U)`nEUtgTcHo9i$gRrHA-seN<(jM6&^~=PQC3^80R_+c8WO{g=G>N58
z=G0GO^G5{OEA6l8Dxa6p_(tfM_mdW&>*&3%tI;+jsrnc<#3Yl>J%h|k@JI&jJ^;5j
zkxLF`mjTTRd~3IOu9Qg=`Z~9moNUDw)+V!X2{5=E;bc7X{i~C`y?d8twRRE@PiV`o
z9Ye!=Mk`r`QfmqeMr`pg&)yhGIgkpBLJL+!-z+htJu$y&wuiztgf+?r-UgO32mKVO
zgxDVEfN<7WIIE1UEWwxQXf=U`nDk3MnwV4gc+sso9BgNKY;$xHbcjNvYI7d=J>tsv
z`@->nWocQ$px{rb@+y$iaBKOm_1F23IzFAaE|aK|KC@gX1%)I#R7Tzw1~lW*suYEb
zsr7HvG@+B#^NI()PDm<?;iKs8dt{37@E$~;o$DOB$Un&0K>5eJ(2RBbU?I!Mo5A;g
zM3~(^vTSG;xPu_0Ur=;jmu}<b$g}iK1ncZ|+GLH!iswfx_(=2OLoK5zeX_rCaR)-)
zuoUkP7CVKpAT>nzyH1d{Qg~Z9M)-Z1p!;rtVDvC~K4@jYgD@w?&0s%}2OoHCu8o^4
zdQYTctX{#Z64AvolwMoU?b1;6u{R|3JEb7i%U4MJ1|~X~V?CDiJyZ7MBlE{PsFcuO
zZ<BH2#Fgwn3akn}b{?5eemS{NG^;HF4Gkn0G?7{ABtZQz^{!{a-+4FSyIawBOrr#3
z5xvnKerwLZIo#Y!QutFOtKBy+qLDFg;&l(Jgbd~ebphe3Ey<^Go)8S07W#S*J$YpQ
z()tmE2dZ~mLnAc!VLl|rhacvksy3(-aHzGWR*g^jaP%mNe2)DcRq%XBd&C1~38``r
z9X9P-a2+8;{wM?RSX~tQpMqKqv5*TjHLI&CqXoNP%T|*=CeG%+dW+EFtTQYoiHKah
z%O&)M=N7kf=h{RV%geR&!wpJ{MdWt5&gTb@2U{_jjXIq0U;Cy`W_)Qvd_54}Ea1_5
zw*LNa2uF-(M3n`OV_w)8x%#js$Ng~p<y+!af_<Mo-ZG!@%}SCg;UBUMj!*emUs5i?
zt)c4;{(yRjcumOmC<e>C(ko9`qN8S{x@^&UHjmubChO*^(^L{nzg&__SYG$eoyp^-
zqRU^{#92`-(%Wp8yZw4Lsn$u^o)@RGu$(bc0nIo!i@L9SmW^QYECq+!F$Fq$O`-H8
zE9QvXIUXf&gU2e<;)Wi(CevZ{DFJIX&f(p0W-BtL;4C7n?#EfALpo@jA)$U2+||-f
zPUaKGYU47-Fv`n{<r53K4Ii6eg6oJiOeXd9p~YKOGP9^3+85dW$zkG2=$F_MMPo94
zevvFGdOKFaQEvoKjo)K-zkOiC8hAEpmPBojtkk5~?|OdntX|B7JS4l{4C+7TKE@+R
zJ=jNQi9p~ic}az$mV<aVo!Zj$ckwR-{0Ye-vxI!_T-<8}klW3m<WJIC9|KRmqmPVZ
zP%Yl-chMU8Den|a-5C+U5JTu=$ZlZY-1BEokMl%@ts=qCXp6;k49YIrsl6iJ+sOy#
zV{|2{@~voL6Keeu&E}^K{D|hkLEE4<cu#hwmY6aC&@7=1eBR4CME2nh^|`v=Rb6H0
z7-H{aEoUcS$}#?sd{I5V)stdbOAtR|U>cA1R*A@hNU~KBti#@2jl}A=D?=4uXH&eF
zTB!eCr`@PwrNpN(!26_|8Q59_=YUGt8UV-aE3ABO!N54Y7w$VJ>_pJmM?&L!HOsp!
z5gSIe<ti*}6H`!&W@8vK{sm*@Y?T!+t@(%KX02t%hiE-Z-eXPZ<0cCz&P>OaZx+yG
zq2E(kcYA#Sk|XMv$&Lb5^(&i4b)*nv{ND1f7->&a1m!{C0>Nf|5Iqs43aupU_d3b0
zv4r-E-L$~5cRX`Jaxh4}&DTjV$0KnLzzjiJ`d?Igy98mD?u0W9KaKbfwGM;G#g`&|
zWS~8G+}|`;S8}~Kx~6capX<>^^Hv$IcdjDE6>YNfVyFK+5?uBXB?zKO2*@NitA>u;
zuB4ls9ap@J;+UDUNdL4?{!wPBMtYORa249onqO!7qi}G3IlU38g_H=`l&)?;xvgW7
z3*Ow)!odMTuj!aKIDSyGa`y^nkeYTMizL3KjnTSR2gvx|C5I8gU{{9J#WidpzBLJE
zlVfVH$i*J<M1-6(d0~#?HGijz`vOD_Z{Bz=`?=RY5Fx_!^j=+l6_2_vZoJar^De~%
z+rw9-n{=9tEIUssd|_jLJD6Z9p>q_VvB!4x>he(__{89*6rb(kVouZ09jepiBRjF1
z5-Z6sgyzxeiQ|}21H-H*7dJo05dv+OdS0=TC;jwmirJx$Tqoj$XhU4S>JSpsW$T7n
zv|{nVZ05W0Bohk9QzUZbz#a31;n|S~;r{%>B^PESn5vYYTC=#U76SN556oB}tU1UK
z?~mvz%LBcgNh&YI#LIqc6S{ta?3mX3ISUGlH>>&8x!2VM9sxZ@{7@pg`jN!A<pKD;
z<Wq<Y#~7C&q!2#x`nKq0(7d)UB|34}i9E^)rANmea8Z*u>i(=Eb@mEpn#+Z@92#!F
zFkuT&a~c#uFBecKG_~jsIz2-~IJH3ienI=i=pa0ifGrnp`HJQd%I^DRl1sz_wYT=}
zn08?wHmsv$bCm)fjww!tALmT{yQrA%NA%1uBvwwWvI4Shi?cxiJh$##^sIXEROFO|
zi%iF+y{-+acQgi$2`=-_-6`bx;cRY^*8D;4D)CFQSM}Ce-8{I$Yx*N&f)S#Mh~*6F
z*`{kcOyb&G({y$PyYo^`Iq<VZ*N_AUY$Mmq`JBBxK8NcEa(9F?F$s9@D)u?N;@+xq
z!ScFGi)xJfRRv2uLponPfgfb!Af_{CVLPKoVJfG}&uLuTdKKKWlC<UQbcykj;^>~K
z9j-B<vSAbr*-aeuG!Nqe+$o|V<PzirpR>T9TaH7;4By<=iG8(7eL@i(#{$Q$?iee%
zv{T{wwh4qQSzEN1co(EA?=2f#t?!;f^xFi4MV?O&?~{Et6Yb*5E;))m;f_>OzS-iG
z=DH-4?V_0EXW!lHnMmm>ZlDO$?sz^5fB5d{Kt{d$i9Wwy1V7R0y>@d>J6zMZv!Bwc
zpj5sH?`ysVPYan?o2wymm$M-!ORoA2%J-ipU(s@fezq<MU7q&B%%9d%?Z&Xm*&%Ij
zalcw|Y^i3byS;3w!MCIAU_<{l>N;JAb6A;CQ*;U!W5nixWO&6AOKvR7edVtz`il=f
zyBJF(%Y#KKeRgoSg|PYRLGyLa`)gbN){b}$(RS>q;!kThtvaa#c`}~9XuW}(vgEb9
zCY=llG+Ndo2=-PLEkL)5D)$coshaCDj=s*iPrKh?&#JVw6KIqmqh&=_8HUy?3z|+!
zkpxya4FzAd)sV5i3#Ltfp^GPaEj15PJhztL&-<>c0e>bv4K>ihi7HGOoxVBQ`}3Wo
z(I#>=#5LF2<x+Ad<6@`ionzSRwcP2q2=kG^4yptd5TVw1xnHQ#iTKZ>`yixBh1Wp?
z6ruy(-kD+!4w-~-z5PIp&z&;n5oG-BOxW-&e)%8fMKz&&$iL|PqV~IBX?Ae&O-U?E
z46oIJYCcdBUPU+DfW}WZ(lQRCX(+9K)y~B8EaNsZ^M2NW`A1aWQyTJ{$t`8_HBNWo
zU!Ww*JrR@xV&%zXv&ofCC=t5kWJYdLt<p6?gSrKVx5GyX*i5caiF}e!u=B=E*Hth7
zwrfleX?HHD5O&4Y;r0z~_HVliU#UdTK)3R)Ww{8n`Q0DRrPom}f!!?xUM+sqssBd9
z=TJ?X0m7%=Df`~~6=&S=5vUs&zdqaFr>$D^j>XYwX2x{<5utO@m$g$M3Oce_8AAg1
zZBm&(lKs~h3VM<js#orL3k<ojx)8>=XilO^PvCk`ULL(B9E?qpOvVXX+15qz7+GIE
zy<8Kgg5@T|{xb(_#Lpi%2KlkxBuVS;ZejVyhevhmd?=e4okrJ{6+trDHs`QuQXX_E
zem&LlqYh;;zCZ?3gc=uam;obZDE<bv`qwibDOmKj=HXQO^Ezd-d|`HoQ$ZTEgi=K9
z2E*ojq1+<w6JAbHZIRNG*b&<Yw9Hxph=PH|I*dc#fxPV;2r!;?IfKWo%DPNyI71BN
z#%^G2Sj*Q8=<u*QPME%nvo09;)y@^oF{cYtiA9@G_<@&Kh1AdrB;Ti0iPimTi@yKz
zHgn6@2;h-b>pR|H|A?x@jPLXHNb1W?H1^pP981&r7k}o6Qzv8hncNmPJbsTu!827y
zpR!%N(==#^!&I8HpMoSzHW&spm1UDSn8>nIXpvL1n@AaS=|a^3AT}ef%Q4-NOvQJZ
zs^oY1;BJ;K#r}Fsr1J~m{f19lfNnx&>+R~z<=o(4!gW5YB1A8PtbHq5+&v3xGQ1J^
ztkP$qJv*3+th1J0s*fq@rRhxl@{RAgzk{iMSt$A<?F4Ba)!=7Uf5bfQ<I=z=tpigg
z%&x~AHP--jg#dT66a*CdY9=8`IHOlW*U2r~6rR9i=UYUp3pEc=bA1Y12w7|Qy(r_p
zK7o5;Ig;oF!%sP;o0X3oVb;@+hLh=6m?CNWYe>d32FPx<CH!m7N5I^(M(4&0pfCoP
ztE+$5Y3f>=MtgFl#Y;AHvuKbC@b9L^_$T2Cx)vSjBh#?wX*@J@<uxm>{94s+i@rge
z;k|iN0E>YpOPB1VTZ@t+ou*4{KY~|e?|Lz6@3x|aM8~H<Zj~C^5%eua!794no1rmc
zI_MZ--yDwCh7UOB*QyiGD%b#`E^Jf^IcGmt#2bU#g+_d{+luXOoPJcX+Z~5Jhy6I#
zf3JuLQ%&^>D_2NfhTGg9XCgejV~F9%Bc#D}G`3Z4Lp9~&H?43a=N^05=drKSRLGjI
z>J4{7By?vwlUom02V*kFKA1dO0mVzsAB#;VvSWYxXR4#v9i|GA#6L4Od!W3}(%(*&
z-l^@kZ)3Nyd*#`BS$Id$zkD(8__k$wsMg`LSS{~^IqwKT3DTv&&V=J>V`Z@=4(bnX
zuFW8+mFh1nKl1gizX%=#uS=!WdW*b*bkI;UnOm<R8<q1`f+@dWp*C9X@0I<!kv@7A
zZK;<1Fdc52`>03dDUWqkv5Wq-q`ezXk;Os=fi(9kLXMG))d{twOigUPK9}cVdTt|#
z6bZ@xpmxFtC(8h>=j|?%AclyhViWJLK;g||tMfSr#!Y3@cL=lDSGB$sRgTgL)UsVo
z?{l)aAHVaKy@S@;<X}h>8JOJs9A&rHW4u~3_+d5G_B{5)ar_&0@4>W^RvD*eZ`OCa
zmrYmgm{lM6JL+7$Y&TaZ33IjRFtu^)hytI|ZAq2Mt5mlW79N#}b%zIntC&%zykA9_
zfJ7Yma9d^kcFvCKC|rVy+4HDFWE$-j%mlymO4*^+xYSKOQK;<?+iJay%pq{^IUI1K
z=^@Hx>1J5h8qT-e*U61Tr@)S=w%R?Mz8sfX$7r~+Neu0ktdQ7yXEl6OC;a9VBdypZ
zNjx)Dh_*godcYye$G<7#2i4ffoAvuJeSJz9dHdWHj@xxZz;O2^Y5Ho$*9}kcsd)Q@
z9XOjn(bq^cx`I0N+~Kdg3kTFXeelldA=Xxqi%Ie3=-U<QhgSzj7QJ+I_988f4L*-o
z8^;QU=KiA5!M%E0hr2puS2Ypu@+6$!*P=4(;8*_;FqGpjVQ>(bYoapH43@2ttj}9v
z#iW>wZ5$~}GQvh{TuNDRRu<&1^~i$73jG;08u12Ag-z~TUW1oC4`Yudj%Vyuh7L?k
ze7}LSwo~QeYeODaWYSs9ICZnm^<bAv+uF3M+ie~OhZLw}Uba=5v+UFQn(Jhba!T_G
z><%_Khz4edmguh(SHYoPJmXq$ssvr)(2cY}r%D;i{uX5}lK}gJOq4=R7qtI*W9*=<
zc-SxN*Pkx6X*oM@B*D)O3=cfL=ckNjG;GWVgFfo=E6BoqB<3nyXN{1wnJ9j`M{XhN
z?wX7UbV)3mOoIBJ4*Z418|qIN-|=(ed!r`C#uvP=2)>sJeIiF!st1UC&Xq{Nr?|Wm
zdNP@*r+(!d>v!=)C3t6bH;xc<vSYC;C31LSS$C`zKzy^wecM5)1yh^o9iw#qQyqp0
zX^=R@gIfa+Vp2VrO~QiOXMG-QlLS!>+Z9^YI_l8l&yvD-x!KLHuvz$gUVL$t_4QCJ
zh4Mr-j${DhC?YZJn>^v;DRXjV!!lCmTYU)f495G;om7ISlG0OKf`ZK{*<YA@x;P!%
z7i>3Xx{uW%1(|OYd_6smo!N9ZNwL)2vhiN<HaBOXpdV8{%we_0&3@CpD(JH~;b9#o
zKd~mB+qAPR%;py@4t>rb|IXyAv;N4IN!aBv&9Guu9+;p*Q@4uK$NM;y5$3#QdGp<?
z_XW>Y+=P2&qtl>L5S=^Ln30q(21TV_4Kmjls*2ds=j$u&%f`s<8qHs}=%kE68TcL#
zi4CLnJqvCU@XK%6IW{$&<Bu#@dL$+~^P69%+{pW`p&mTxV%9z1dU&bnQ@TY;;e<(i
z_7UtZR8Vm3IzM<k?cUwouRebHDdyLBzjDe({LC`RA!XB|SXR%+v1<26u25ZK&Xd=v
z8`!EdBsu0D%O?k!&1IM-=~tUIDxGXKvi3`768dhlm%)UK7?A1WO;=%-hLJ&-&4O|0
zMU$(v8g8kSh;x_uv%`X3&#^boT={WmEaVn}`1Q^3?jrJ|G;0nusts0bJXp<JzOxzl
zM?1b(c19nDLPz=<Ea^fTBkC=$G$z7km@Mijv+<QG#q{`66HVy66jW#4u5IJbY_?Re
zt586@E!Fd8t~>A)I|aBO8W$`cBG<iMDsRi~tXkQ)HyU@&$LX?T<+bwO%a@oX&p;O}
zV<7V3uhpe>g24?wl(SMm2tQs6=AVXAq%!h%_5u0B?XmaDSX2JMT%<K>XbX;Lczrjy
z`0F(U9-D?bGI;~>U9=iPgzr?XfWYQl*~jj{uiAQ=dwDc+9c>!!UBF5r^ch`LeGKWP
z%mcqG{jAF8#`-N>c=-PZQ$Vc0-n{q$ABGW}|AO7Tp7y<l{jLMALb**mpm|Nq`wU-j
zG9s%nqy;*Vc86L(P|hdS9Vr=D)y1wC<HS>UOi9B46<|n)2L8=62V=oJh*0vqy6wFa
zJ>VrEK~ISmrya@X@CKR=@_#+mlXi3O=*vugA^eenTQnQNwuCuw+HC^=&~G^gTWfPc
zmi@fuFlWr~=<^xbs%Sm9LHb(y>5oQmk}lm6WK$l$O;8LTQy&E>hq`ya)hNBmh-bg>
z;5lJ*=fj>NN~AZK@Gv}&le}F;Mc}*J(_AfVdKYv2A;*SoCCLMJfA(CIjy-=fVB&gJ
zHU?D&A{U|hj|!v3S8m=0f{G<pk1#eOS4XaZ83nvF%@^qH1jfU*`MU$|{e-NE3*-i=
z{Q(={bfU<)Gd!$R7{clHENsiD+@Tb<s2dWN_H89Ee^i;X?;(k<F5X`Gq`+DpR(NE>
z)f(QJ<#U`P)>#z(s9IM*j#03jL4XnqBa|s(gdC`#EWsrdL1HYq77nS$$$?tfzHD4A
ztX+HdZitFuB4As@4s!(3T}6zx`<jRcXoo*K$P%k3Ie|8y_^XW1kg8E87}hu>YSaX`
zWJYJ~dL<F7Q}5`)GbWkfj&3y_OeO|!RUvwNXvyU6`2r>akIu?)3@f|ev)(&06#5+s
zb^vzUqfmB8f$h}s4&1YCF%{g;hrff@M+0LYqKc!!Y}!W_ZGsY#<Tys75Il<Nb0iG6
zUO-KD_AUa-bOt(RO_>er@uDD~pI+ZHI7|z+HyASVb!x27?p*B^ECc^c<jZubHI+NM
z1nqp{d}9!ee+w7pwC&VNa81{`E&r5{Kbksl)2q{agQUsgQ!)RetHqKo`+oKQ^!&S)
z`k*ib%lWB<xg-`#fX_QIV-&X2)H6Z0rmyMd=~y@V0b`0JnBj4)kT_LpgB8*wtdQe4
zQ4mK)T@{6K*e6St=%a(|9wURC$P-kWNbw`+_eK7XD><UR1+sopqH)^zPeHHMoV6!=
zU1^*ZjoB&Y91FEY-ZtnEJLn{Qz<lfl5Ez|sh_#x5X;Iddtuw-afOY0e!U`2nbUw@0
zyoi=Vq=`1|r*`DKVYRa2#Dqs&`n6D-^?Q%U?&Lwf#O28N9A^cfsr$$pa;ty#ok>2f
zaP0VI_dA!PwQo8|lG00iWRg--RC<pnU~hY#lKiV_@Y~A~B3sdSZOHy<FhoH0glsXc
zd<mxx1Yc+`hDqoc?Iz%iQ1bFnR6GZ?-HRV}x#wC6!KZPIv?;Y`M}&7&c!qSH$~hS!
zWpmH@9`d;0O^N4)OqY0IIB-bByvS9C?>+IV`v#uLO)iXH16?MOIt$qXPIqnc#tthm
zxmP5F?zx4pe$!NWclTgyV&F6icxXXYeDE9rzpC(6xIt=6C6UXXpLD|0V2=VGWW8Un
z1Ki=-@iX~&S=9z;)XWoLAb=@&!%gFi%Iw8Dmnxezf0_Lg-T)-}>_Z0(><jSLNy`kz
z0hnW0uQTRecd}=#AVV`@Q-_`c5f3i*@)p!Wr}eUub@`=#b@4V|l9+d7XZUzv*f^Hp
z@s#v=J&LeuRKVrqb9>e6teS=dj3&70uY2rP9Rg#vgLL`uP|EJjH|$Jj<l3OEZoCL&
zU9(D!*yM>-g~epcVlmC{O%4xM!^V#WWjZb9j|9S7#-OG^IB(<3&!7mbgo=z<C!|14
zMUjGON=Z7-HC37w<2?0ApPIiqrr!H<n0hWl)~12{wct8XqJ4v-lV3z=C*?x}3#<o{
zR7P+bqieo5|3V$=5+9;iMSe|gRG!;tRH<lD+tN>bd{TBpPr;~#s#9Q&UlK>}`8b+q
zVs?hn0g#Phb6Xa4Lc@PHFpbuJuy*Yc<cwCow+?y--gBoxFj?U1w#(TWSTyRCJxsL<
z`_TY;o7>$qo|V<e%6lk-9H)jgK;j~;z%}oV0_^0Pzj*t1r*AGL@re5iY$BQ^6@rBa
zlWK1Rsh&GKqZy$Td`yI3jFa1x;)&-c@_%{nml?LXUr!mr_Lq`A7p#4UhnTuZNdwRw
z0Q=ptgrmmPakAETwnyp5tx9^(qPy$_VA60=8hau^?=a*J@u7Q=JcQDmS>*OT@Pmhf
zZ^Dy|tSL?MGI(oRUKiv0@w8Zr>j{xm*VN;~^w*>PM##kWxNyMM7eMHr;U<3*qH!kr
zk&iem+-QNf-Z4hLaGc#olPQ#T5%WY4^w@2}jt9{l+IDki<D$G(v%(Z#8*-I&yp4}`
zZ9079gf){I<_QC*wmGjPI1|g_w(x$5p|eaTYPiJOxsBYAv%-XkCbGV^NVi#wo6|Le
zI_+Hi)m~?PZ?$Rz`X?Or*~gs>OzJvi&bTQtev1m9ibm@H+HiUQfpFO*L3_A1ODY~%
zzT0(`#90W0b?h<_Wi=zG!np8F8Dtq6^xlB5Syc6rdkp*&19f$dTQ<He#viRG`ZizA
zc{1o+i>Jaa4@<uSe9OsJpO1?7|HGo<tjD;9k2qRcpHXwVXF`OSof)-`Z%Tnriz|JP
z+BjgIDVwpJ@}kd{tfGP^+N#9gjHaW31}fry5lC$);xcksr@->(0%bRMXkPhVO%nY<
ztSFpO6@zt6zwj#xP5+N-JYG>Bo<Lc#YrA*CnU;N1%%=U$z65K#=-m!*aJV~Y5MmTA
zmlf!AgWAqoQ;pXGz_E8n8_u@fHH!QrK&wY|cF)%!jmR9^fSun|)?%vNmKUUeeT_(G
zO(nS=WBDyK2s9`|QNUj2m~Di}tj`l$5@1sN+;I0_jZa`&{uOnfu^8pIg_V*1@4daW
z!Nt@8wIJt%MBIPX7+^$#mFWLn(=6W3r}qQUCe$2YTvZ<tb@p_6DbSHhMyl+O=j#$L
z3dJ+@@H))ew*D-A0}i8xMd%9XHu53{ZlC-=0^&FyFUy54hdwA}nfQU9&d&|9E3TW(
zrIuIA>W(p&jH9L}{_%V$&nL8z1g1dx^NY9dPutqA-W69as#9;SPl|!kVkWcK>}kLg
z@_PeN;}g)8J2dIFonW5<F{Yug+Q8Hk^cf0|U6)hsT#Qarpkj9vYx>;cgPl!lw1ofZ
z2TXW>B>r?8Bz7jnr>3f=wdRmfpo%f>JGk+8%kt*7**Uq#71Ywm|4X1~CR>=yv7bnO
zVDxic-mI3=A_=o0obFT@-ogTG#<68BS<~DBfV#i&;%u4zwH9ml!!~B1+G(n#-Wu+_
zOYNC}WmP9DMG*~Pm0M5EmM8o@U=Cn1lt^IXY>{U1b^*My`BbTYRlEpvN-qmD4n_B{
zQ}bH-t^!7dv7)xbvd?8<U8Q@reFRe((+F2Lx31Xva7GliKl$^&{`Xp&=;8Trk&Di6
zz?W(M^#(4GgeA>#<&-)L=^T7J&p(k=B6$}_cwkRCu@sS2$z?7;j~fu^C4iG+3Qe&=
ziP8nD*Ql37>M-EbJNS?=SPA!KT71gqWF+I7h|69fUc}^aezxs`Aj*@_#Xt{;D`@G1
zw^Bc8MRx;qy;@OT0DHDS``IGQf+s&S1&}^vg$J<SYhbU3m6D)Rmx2g_o8gr~dpRGR
zIpL#kYJcy4A1?c1)x<*`5cqjMFpI7I#<6%!=m*1T`LU4K*3yYi$%3<qF#n{k#$|4L
zXy%Sir-pD<U3fQ0Pl#KiTrl&mX~AL=jD(;fh^Y=_lGnFaRjzfbpInPXTVP2+hYCSD
zR}OH^02ULpr?Bg-pDhA{Ol$~u@x(J%_pX5Jd!?$R;PQ$266!H{6x(yQaM$e44aUgJ
z+3^c&u!@$EJm5NN8Qk-mC1Y6>4lqedU56}@EQ1$;y*k-(L)NC5vG(-yg}I2y44cJt
z*Ue}V=mXsapy1#dn;3A}YsQ82&dm{E?Qycfh~Zr@mjLb?vZBl9J02$s=7G!ZuxKmz
zci^3Z6&gW}TokUs>DfWtW40@?a3<=*Yyh76aO@*nwgb+E<lpCWcsv&rlL>IJ*#x+-
zmepot-h%kwIWVY)avw_;uw%9hK7m|FK8x7a83~-l^hp?z7lq`R3Y1uD3pk+AFopKo
z@}!pk%mE`-Qp(6eB$O+H_%tw(QbmWLF>%@;B3kq`<A4~Ot>QWkhjc>}`O~2=3UGE9
z#<lEXFds_g2;m5|Vp~m&@a775YiSv5t%-EkU~1QfFi>hy2d-o$<H0!|xuH9O3p}9j
z5qCsuwfdwy+i2^xcjlL|4=f`3a@c=bCvblPgnQgU49T}%f7CnXS>=oX^Q$aEbae#q
zwSh|>=G&tI?3SLYP#2x-bSDTxZNL`!QpcF!A&T19C!+{JorujcxM`);v#hPV8wjuS
z)qH&0Y61|5VNgsLc^v~7PqRm5j8EZ21wzM))3jd<*DE5U;v_3>&?Y9Lg$OlJV|?pB
z6~DJ5_{;D)<1ZeTZYL+S7oh#=t{K2>!FdZ>wnjZ4%<3deP2BXFo8Tbrt-%tRA0Z<$
zqzDWTLnhPKp1R=qkZzh&@8BJS+Thg$Z<qo7wB7`Fb2~O2u$oV>%89E(c||LP3N~lk
z`>ydx2VTHb)8{|_c;NzJJ61t)u*nkc3;gHB1~)I~ggRU3PEH&bk?AP0w#5Zqe(k!*
z0#NAO+%ISZP&oJpv<=?pp3CgP*bV0>&`x0o4JYF%LamRu?h=e<UjHV6V`a3>#qf}R
zkZftQKuNj?mt#vrBVMFjoh6Haca<FC-Njx!^H1<VCzfv~t|4jzv_IEdvE7acy!%-+
zSmSIpvB?)vkAb7iwU{>0dOo6etpIN|?Bb8xma7L}`IHJ;r;^1CtH6TOVrea!?$XnH
zef(l~cMYwBV-Y=F0VXzzhFDP_pd~NP23REZMMRF&Sr(+5HI@<Zvf6G-5Dhdp#iymM
z)zW0cHMkvdTjXg};GW(*I)3GT>E2DsY6~vK+^K)ZfS!;eZz$y3wr(;G$~eb<RwJth
zyv#EDIUFzf2fb?=U&VQZ>q{w3ORSvG6v|NN-93J}4&h=E?EF4#3ZvQR&Je#~iH<;!
zMY?SvMu}N$${Y*;u)9~CO^O8<u1ik@`#SbOnLc?m@|NEAc?m1W@7|3%mRib&o%|J<
zyUSW$juWpJsj(8X^=BG42pYUF*|qv1N%+kKCX(1pH=^L9<+Et-F^>c&1Vngwl{p6B
z@(e3+7_buI<}l94TG-d9`WU6X(8x&68HxEdY}dG0R^0O=aMYW)?8^`DUZ0&{K{lK)
z{q5}So4$<-;Cw(-It!{`#HYyl$xPvuj7AmH!vLMrC!=Qv84czhWG5hC0E*2?bd!*t
zz)uDAVY~o?>G;F`m+u4PNWwz9<S|X?!2D9e`)b8KB_bx*lSGObY~%IS7CNctkkSYo
z(~Svr_`592h8ZRfT~5KIpVEkSoe=Ox0K@R+V=7w0<B%Z%^c`vR=}aPs8OHs*J0v|Z
z9)09~76?{~VR;FN6FKNG`)9zbMbU@?813$6e}`v(-ef<Dy2!?W5RHOZf-0``H+szS
z+qZAbFNh^5NF=}e{^@tw=#S4uGw_1S$tB=YLl~S6`tI%f3wO=%5r1>Xqi^<3_Fu}3
z(nLCuy*C)J!OlA-sZb8jl!T_zTWph>AfpAvxMMi9WV0m1me)q*!-un%fPg?ipihfi
zshH_|VmtKRB%7A^__8o~jWf;<+dZ<IWs^KbOT^bVfpE3s7Pa?$g%x`r*+=hBy%ErC
z`m>o`IN=6v>fz3ZmoAmud=`@ic1RxW%wVD9*P>R5T=QpU68B6m>9Ho{c$amLedt#d
z>kua|#aWKLgqeAPCKXN@H1#wRyFlWZX#|?5ly8OrYuY@nAA&P*lGx4soN_)iVn5Ig
z>Y^V{tJ)NlHPTSbChL^51*#Z?#*JzCnDy*{a;nPIDeJat7PdEl2X(g&*4@P*4}G+@
zZgmsOI){O0#WSVep&@~F9wpN{RHQ;r4xee(Cs`L0)qCDc%6Z}@7#<PMD7obMAz1$4
z$w&ngBDZ&npw3(bmCn+6wi(gm>~?v&HZ3~xNMh*W5qsbh;Xy^F(c!mHCs32#@>_JJ
zZrB;#(?Mg(w_KI!eL2>f15MP66sLSqw!k{ndss@7@*k*91FOqbs<KGYtlkHWewEKy
zCF_06SGDqC(Y1bsvZrwE2NSgM)o!AoH!>ows?~e~@-+OpB2E9)GyV9X@M$*7f6kDI
zI7F3d&arTST8)k3>S1I3>0?B<njXy5#Wr~5w3y#eOJ}(uhmoNoO9Al>QdAd16J6C{
zrA6iQ`{tHi1L#o+>vjokHy}bCD<?4kl35Jrrn5U%JLb2JdmK*T1=H-CACB8?yG|9n
zj%{})ZP3ZIo84zbE|RW71!^Xl|6I;iGtM7EpDht`Ksq)gp^%7mDfgYyz<^VtKy9hM
zsP%RvpCC)DtgSJ2^(kLtjRo4H-T0EmfRsA|<QtmeLh=CJp*tTi33qSgs=k6fl4gcp
z(cEE?Loia(23&O9PBtmf*I&*tJ85kE&DFIO%?MkMq+Ab#nZvehiUA&C4B(r6wv(oq
zOCVpcX%2U4*nXx#Xq2^(+%wM71{w9-!vo<81gcxZi8R5LzNAf443gW2C{X|;1lLzw
z$oNyP-Z+*b4*QwD?}o39z^L(SsZxd(+ap-zi{z@&@nfKv?^Kb7rZPnyL;;}d&^f_*
zn__*VhT9QMwNp;|>kS<bpqDN-^LyLuxe4^^ES|t!=VU3F`3O78_H={XTW0bS8*P0r
zjK^k?9U)Ko+#C&wuWEEp)gPem#YU5accm!U&O{Xs^@pPBLqz|8l&qzj{yJtHwKL-=
z$&4dm#&5P`#u1rdkHw6m4$Qczf;hoZ2Y6?K9-HfGLIy0B2AP_Fy_}+I35&5muqH57
z)`%fVMXfZ;#YFW(5Wv%ndi=+W7ugz2x=qKnz)zH-yq=&dpxoY~o(FlIe>`D%?rpgS
zJao52*S`B8sQOMHjac*I)Clc){Hy=oHL({kWtTL3g}Og2R*lVfsmm$*Km|;pRyT#-
zX6<>MSi{4LCpy_?uk1Xm?si#t4l)<(&;R4Ufi*1AhVOj@oMQu(>;~z>E`!!83gj0`
zE}+AG0na$1bM$@|0roU&9MTec%$0qXQ9Y)06oU~`iJC(6N4hGZspK>Aplnvw^vMlT
z9euvr-5)u}UVH|wG$1QnM4WtU7vdFeC=TDL?f`Jrx8))O5mH@K(jEsbV;_B6<#5*+
zOtNA)-D!u$u{T_X#d19eUrG6}h8==VYvg#MU%*Fa_fbXw#s1@%jhvK|Hv46REqU$c
zm!M9je;#+o>Kj5PF=<&SIrPE+2tIpE3Bc~$d$*vN9;qCxU`3O){MCQsuf7u$?-82I
zDD+}I?%CcD#exJ~(xDhJ`Qg5-W&`U<2Y9u(1q?KUyEWcIr@3g}gu=XF3zy^hv99>k
zj@(@1B-Afxx<Ogr7L#D8X)^pmP|%zU<_oKxDu-fy?Q4z$`-xAv`#v8?coJIx{_y3z
zxHZtJHR^z3yO&m}Ij^uEx1j8fsoY2dLm(=^t>fv~S<lh&R)&nZg-A)Qpt$hZ;;(*G
zgn($>2QRj?VqN9#u0yM@6W#mQod~DZ+kwwCtwc;J^jJ7tD@{<OMfo}w-h_VblafUS
z55;v(MB&hknoGEFolp+We=Tr!G{*;Mb#1|f^#No`^PqGEfM4C+0MwY?g9auD)I~FE
zC4_bk*%q2Iw0}WQ>l=-c4hqN!>`<6<S+I9FJ3iAY$F3^|$juOJ!m>%tO(T5rISU{W
zY3ddf`4no&+)-Gh#eQ2rmp74wx0?ZCYn5>10Pc)ATQI9_g!8<G`6=rqfi$$#*#Q}A
zD+~lw8Sn6HHEl|eD=12JWO)1<YAwl&G<nr_R8{Muxw!%_eI9asV&&l&D`H42GoYsQ
z)$$`%Bw`i(4Q2RKg&|6e8lW*hyl}FUKC_<=L*ur&ux&2v1U`-ujpQ!LMRRDul<xw6
ztwwSD*yzQCmo(C+=oduDKz`U@JXcDw*{x(6cVb{85E19e4Us}OG%K_&)_sa;(nBPd
z04ryO;({6zpSE2oHAJm5uY%?ou_kZsuzZGvq*3KQQB+!Thj8D2N^ux%d1+kS5`78X
z@1N)8j!$E2CwDibnYXx#17m)W`B-$2d8u4N5q20G!@;o`k{;xJ5AkR>o5WBf#X0H-
z_EqWSC`LNiDF_bmN6G0G9^!B+2H>?JpeFrdj<I-l2j2A0TH9)nlXo*YMIt1LYRVpC
zw!<ryBGJ=y|H;(gr`_jaZyglt+cnKeDuK9ZrSn)Pe>stMxf7>cMzWNfSUQ<BGN)|X
z>6jg$DkZJft`6F<BM3w17pkLzQ~H-APB00`&-%axvDC5QwR@L~2y!~oi_{twI?vF)
zzFCWsrQ=dGTY|>0a!EY(dE#0HI<pxLZY#O@t&>ecDL9Pk-xov7*2yJ2xYnSd1RvcP
z))$E=z>`5v?6-CUQkKITNvI$lK4G=fSp;5K-gcVW@nYo;slsi4TXY?~?mjJ?EgH_K
z-I%XibB&Rmf}cGM*BkeTAbWYE!F6?sf6eDbwW^cI4jZK0W0_QjLqNGh9H+8<L9g|L
zGm7wJj=Q0Vb!XQC?USF4@qaW<Dk?453k>d`hVYT07DwE|T4l<evfaDWH!siLe0%x+
z^oO(4AG1GzLK|0?3)G`!)O6k;dU@A1-0%6g^b_ATzpTzbY11hu3pMh3NRJic^+>Ha
zh;!K(n`BdpiBVlQ>Z8UDSa1enXN4o0;$gL>#zEF4quE$ejoG1W(^hQBC1$G>zzqB|
z9Cq~4I?;hdOQSaV-R`<R+dA0Wws-+fp(1J+RBE#0xDFDx;`HItg1?~JA${C%kA)qK
zY0!R#XZkjH*`DLyatG~+8!+HZ?&{)lXLqb>=zuiv`ddZ>S*w9CK1}V&qRhdTXk^6g
zc9K)i9YxBGr1y8R)tZb1l)ljh7Eo#IoO>`3K@WX0r<)($ni)9wfMZwwB7M-XFj_Lb
z^?&v^`Y$_%3nZ&Xn1ic8v>H^7UUb|B2ubXz22_AiIv?^0>7O0Bf%nMFrjWy41bUrT
zdJ=(MI|fK3?dS5ut}N0uMG~AQ4UYiy_fJw&;^}yyZ7nTCH&}Y^cuu#Zh=5ItMvrD;
ztus1OY`X788XOB?FH!CRAZJ?LBWGRmEqx(6`1JLw%hT`Qy?*;&PhV;^#0}<8T>?4)
zn0{H#;i?rczJ9v9yZdB!7c4Wl@VC?ZOZ5D_7=0~2RU`XyQd~8cV1nSg>KFS@`PYCG
zF420$?=;I*;ZLVhiv{l4T``>wrE4x0KBPuxb>wp1`LP_bNNwQ@>{!XE!Z-_-hO@DX
z^{(b2ea=rUhR^$pr@t*TP232LsHiMsH#WQ^k-U~2x3nxZ))YrR<eAEPt3u0CJn_pv
zJJKXgd?0_Adg-D9r_$1v)~CTMT_GM8akv9^O+iQeUNXPHcp#BzL`%T8)Xtb@;rd~a
zlzK`YhF5?qS+Op7vQ2iibi)>FfaQg*N*M}_GvsSF+Pr4FY8q?nU@Unzl>l-y?dOqs
zv!Q+Ms3|^7&~ag5#TMg6l%CzEZt<EA*DRVOPRqBw4fK+{@X&IDJ>3mrtyc!gtg{XV
zRQaEM)uG&A*FLgl<a^{nQ9*%99iJ`(Z{KYlgSM4hsb)cG3Fh`yK*2QVB)+0!FwxUM
zM+m91HL8ODOehTfuGJg-6Y^IDpK*WhY8U;zQ8IdvDOIB%R*fT-4p#5z2T=WF(J3XN
zS!U;YIo$`5OWMpZ<oI=ln7Nn|97H24*3C*~iudxbfoPQFM3IX5O{;<DfBLFGI%B_~
z`6O@9E0umD3UKpM&t!8$neuLHdl?57+(&8s9@G-hL9=JezLY)Nl-+YxNK*weBQ;N{
zMxNy<zn^b$wUrbYXemip>aBIn<Jwk_7fpg}pk2JPs%ToZdjy?AGaT#Cw%webLzK3L
z8<F>m7*0BwRxzY6m^e4ndt4q3;R?(pwRo@@L#xGOpBYDrq}Gj_38qlFA53tuz73@8
zeTIR=SshaItqzXRgZki*i)-PqU1RLi4fadW>{(q#pJ${zh9P3J%2Or?T%LwwIcY1z
z*DB(C#i;F^g$uB4rB~FuT}P%3Xv$`J)?%|fU2n7O?WS#(&o)IEu-2VTlFzh7;($(^
ztaW6L*|SBG72O8xF<|x}EMr#c7%q7%)Wj+QVl#HsA+&SdNcH%(nB_P^@osKAJnZ#b
zO%s0OvY=EF&8}6s87U@2^|AyKtBKSxhpiOvf~oSV{Mj>6uc%2^#E5E6n|pmKzXhB+
z_ShPmKy|+hXh0cLDT?HiQ6yZoIim|(C{e+mlRdI4#|Y{vPnbvarp?w&&p}5NZjfM3
zzMa+bqs1l)V1P?2$&g;_#|UvL!xk?<!`9C!@osG361%1|vWP<J9~M?WT*o&1W&m4)
zQxa>_Np*{5#Ss9>2c4sVqbA6Z!O@Vc60`mV2C$ZK+snr@t*&hrRcEuxKSN2TGJOwB
zMisVWk08~H%s<NrsdqG2wzgEB1(r(E5_!6XC9=2sAWOt2-m)XHS`3ZEex1_gMOBv^
z8AHLH|C~J^JbzCAd-6OAS%opA)T6yp2Pe-+vbUY|Td<|EVpm2pcndKzM({FtONy-v
zhBNYZZ8V97h3y_8M#ZEUmpr)}-!TC-gH`bPi~#YfSz8scmA%nc8e#BmkR6ikIq{kl
zQN<DqtC-o1hnx8mQV~-P+|Oy)hCEX|?45iuhSc=^K^S_cU6RAB<{q~G=W8je_D*Gc
ztAx<K8irzrI6nN(jL>kV4K`6hL^N;KhhEkgBHLLRZjr^|1A;P-WllKeLMp`L50~p;
zI6Q`Z@Xe}3d}w>NdhrUUVmPhd-=AKby|=R5gY#>#d>YC3WtGYM_ToAJhn!8v%s11l
zTo()c`anBiy&Ic|oI>y(R`3QoIenHod7iysEJFS7s|mh=E__M^aXSh6?+JR%N#ZPW
z%3l6ioAQbXOQO@(?S18M&*sR7J4<3SQ=5}O^sTC%aD9gz^HyD%>F>04PtSjiJz-K-
zhfNJfPwaBmZ(}t27535DRzNOG-d;yDIUdXe+}<Mek+?N`Yt}H@9l%W)$Zbh3;y|q{
zHl|Gkl-6Wy)Wgl^zQ1N2^m=$YANm(v$8XC3NiqLR0Dx#tc|{%X<Ypg5@E2W6*~xL6
z6_R?x=7&YlP>SadGplrtV0By?e&`Ba_s8MC>3q9{8XQHalh05et}Otuz?INCfGqfD
ziFv#_Wh+##GB%XpyU_*$!=+!i@e{TN8!$!MBsZ@LGecPn4Bdrhs9XUQ$yZS-*<%3u
zwt|jzfL@{oDGFVK7%V6amZAlmi;jhnok9iLhgbKn7E~v?KQMlfjtr!F+@j^haJ~yh
zrww4q#xDTQKQ9FEi@ExLF+hHzSxHGCj<GC+#}VHiaT9yKn8r6DrN>eL-kNK4@!{p^
z8|~hfR-AiDkNvZ!Ye7E!w(o*<H?MJX(nu@V_UoFrz&-@3k9lNv0{%q4Ai}|d-dt}p
z+QhgYS8gMFVbk~)5a(~`>qpwqkq!Xwwwvc|y9t?!#8#J$IE{Eb5En-$9$*4(<)999
zC|!%R!#M@4_}vbqN>Fbv{U&jQKkmEs)9=D_S>vhxEa?2(f{O0Ozo{x3uM^k(wrN;b
zyS5-j_XV!DPU5wFbp(PC$HD6p<F_QF^Xly6E%o%uo_)P*Pk~o)NnHs=6)d$B?sAsb
zABznY0sEOdKLB9Q`?o)wzO?VYTIM)@$kYVLw(D_4U8^M6Ml<1xrZwlk`)Uo^v+4Uf
zS|g{PY&fJ^(J9ageo?I&0^uBGBNG^di3rO0nc2JJH<Wp@d2+FxvBDYL1iT1f?$8P7
zyRaEVv$|@5j{EJ|{$75+pOH~ZO2%F|xIhj{M!o0}U{{lIcFzjfV~>H8vu_U49Bobw
zs~jF)e;yA5j>%jTx7<aOQYZ(dqV^?^;QRGk-J~<SOo(}3+UUqEGu%3G)MPbo@cmxn
z9BF&U_x$+u+q3h_Z{NNa3$gDE_2lov{(;-zfXswVec?eO;omgW_S$7q?gKwhnk0n`
zZyL=5PvZ_*YV<r-kSZx-EX6$>h{a`ph{)BP0`A_S-@$XQOPp%;7)aRie<wH`1PXd<
zpmG0kl3Cmr?zO#ejq%WTlWi#5jo#Fn1n((VU90bJI<UPYsXYtG>%|V9PcSFDuA(ER
zSV)0pw46nEj=3|<Q1+>die0k4((N@{TwkNTYI{}%sbo)WAi$^{C#4~{d@s@$O$v&>
z$?M|T!LXQP^QZ|948zTrH}jl`*DEf~Kjc9l_Cf!Adpn(cJN?tyt2c{(*n4_A`R<4N
zfB5?s@(JV~Y9yR5KaxFvSuJ2CbAt0?T6E+E*BS2R`}o0_D9vY6IN+=Hc@OQ$JYTO#
z=26w4)D{KdAo<p>dWu7nzWXgI#D2g7^N9~4ir~L7w8KFT!N{)B{&4i1eIVl%MJFfa
zP1)3aQ*hvwH*A$QzaK+hIz=Uv5x5?ujBItTq7l^wA+1Zmcd5B9)jma9{__Y^d{Chh
z)Zy8{lZU3=?<+MB8NF2ez%#o}u#MAsG35`prQd(uDgAz}6mp2J<Q{m08YIZ^d3pGJ
zaodtk0ukk>oP?6fq={Hj<bPqaM2gcxjw8cB!1?D`1HSEnQ@yBrWMq0g+ua>{mdCQd
zso9rBlV9Fet7UsDp@f+s)?%~~y-AbenhG}Q%~vG#UDGpsbvK(KpZiUMD1mT^?I_9_
z#dm)}>tJJM`WLVc<OGw(fgT8nyNJC1X#&X8Y`>@t7Qtr#eYTv1H3Ovoo_@|v{|ql<
zuW<K(yFz{h`~QjZjk7qYm#;hGb~@=3)%><vK*R#U^aL<hOkP`1zV+cU2d}~9^upp%
z(RYlkfB5!?f0~?pbCLfzS^d|a-jBw!4=*%>8GXJXqLzgEUkp}v#nYh;_HZCA!n6yH
z4n=Ki0i_F^Q!SB5LHYV$LNmrBqx5Vq8Q%Li^2-&y`tAE{j!=?3Y2`IeA(SD5sQhqn
zhY@5T$8XsMdgQd>=Ld3UA+7=7*l%?mZ<tatg??WKt$WAe^kj43y1^OiP<o^mW2CMF
zF9?AMloDuTXxB4J_Yd;O?DXPTPs><JzisH=O;$NaA%`%CsJJ23`*BfsyR0&)-+{DR
zpRoNdgv%iy-vp9<^bL=h67EfS{-<ac?Rxk-ud6xD)Y=AmzdSv8efFlahrh&jJUZi~
zxy6oO)ii?RW+ed<CkR+luS-lG0Te(`O7;mTaXy*ahCTQ@554o)M&t0;ukrgbe%~(!
z**7M4e+h@aoO%+oo0AmKZV%x<@%l!W{bvGnWyO>y{-xgHo_B`bVEKQ-?=J$s<-#RU
zcZVbUwGsCFZ-4mH)wk2tKb(K_;U9i_vrGP>JM|MiDwO^Wpl20p-QcqkdJja-T132>
zi$j(A)KlEXgUaY$r4$1@O-x+T<bKxfbA|CjV^+&_i_Vl=L0X?iYcOpm_p_@y@P59j
z0&>VS4(&=T?qw~Gw`$o`CQ=g0Zyds|z4#8rmDU57PQNH>U4Q>$RQfW4kufZ7#g2v#
zy~ZCqvwSM8xtwJ(b7Bh8`PsK`jxRpEKfQc^`u88OU}qC1^+zLV#!WJ`N7az_rJVca
z_a(u`8D@p%qqS3!Vp`C1zw@A+a5cv-;dgCEc-BCQ2vDLdi^U4tHJ5}wrSIwIrWx;d
zNHY%ml<Z6Icy2o490<)Qp&+RxhgSPV8OGGLEHR~mQ_12Z{SSvLw{!lkNb@NFc7T@;
z%3yv}{CBi1_&a(8B-atNwZJ9YxUeH;vdwqwJ+QCDwtAF7*?2P|39$VFpvmH;XUXWj
zf91T~+W7uC3By9XxigUKF%c&`m%8dclPTI5W)^YMKQeiWc3P3&jUt_S{GhEqw|pX9
zEs~pcMW9U8G8|9a(7~qOt!?)PnN3DxK;zyTVPE>RI@F;QZlec-@r<5UcIh64`Cb&D
zOMx{B!iO6v4l?2Uq^|$0r{Vwx_c+`KyOTtXYS{NE1<J6USifPMiDYuOnuIGt!ZzYX
z@NP5K+W5*LrCDr#kWeUeieh{|N9zX9hKriWza?qvo1h;X%~7Wac_<Gl4Bu$HlWc`a
z1)DY^kKB%CSc;}!d#*;A1GJh`qbUTM@RngYZ}lcl3iRgFR8v@pRKSR}Q;csb>a!QD
zxT0x2AS0Id$TLSe>Xk<lT3hy7eg5tE@aY5ap*S3qNo^h&tZ%Corp{wkP)05I<VeB(
zl_UB01^l|ymUYE^PTH=~J92QG4xsZfu8W2YtYo`5v6vG~(xW*grlN70-_S&iPgdcG
zhsoTIo<%Yg)uVTzmmb93$3)K8ui!x3rk%%UxdS)iNT);nRvD(BT67h6R%uBT{bdlP
z#n6B#&*o^?Hg;IUzVCQT%F-i8<_y$bg>%}aOY>Kzel22GL2a?f2Y6$iiMPN485;L4
zfH4hMc~%b(lkswwX<BMBeL%cWK{fKEEvp(B3|pmN6}S1P5{!SZUs~QsXH@$<9n88^
zyV($RSzJ$f5CyIRH|^;pGlV7Vtz$lMTg@vJRG(_S(da!!ka>0;)4Oz$rCUf~Ry3e5
zNtYiZ1w2=*=EC~L)+Qcp@GA=`XSs8LU(z6-1k$$c{i(VvwI@@~=BObL6o{;ocIC)z
zS{jEw4mxATVe!-F{(<$V<r{$i;!`kplo`Ko3i)h7+%_yXkRIqrKy#oL7WM9eCI1qE
z{fE@TMTFFXIMciBrNT4Z*l#3iANxMH+(-EJQ}#-VJHII@gPTkI5fX}qk~U>mg#&S}
ziffFQiwXqLjUBT*W!I(E0t-H!UTJ)!&T@cf3o>PC$|kx^H73cg9@485eR*+$2FSs=
zh>*Q-v<{i`*iCHJ46ExQy@x;!PLxl0M%`>%X+G-tbPcw4w?<P_;DX_Rzv8o9r{|}C
zzq!y3W9K@_)+-TDkH%Ter#N{<&e4n`vIorw!6&cz7!!YBdNp7d0oXJ=OY1-FgUCkE
z*-iu-=~?u_=&(AYI-nbRZn6*WU;C|$9q?^hBk-)3hjc8X-q6|{!gFo5b{sR2Z&Fsy
z7<+>|DbRjX%!?&G>BEP!m;Mtl+o%?_N+G_V#ms{zqtD7r^z?D3=k*!Mf5XK8>3^;l
z_e~WsL-8}#o)mV@BA9@65y9P+6C|4#H#xUC<gs(VLI-JkBI<3y<(s)U4CQYt!~l7;
z7s3um02X}3JUMvPE)CDlmgJO;fB1I#Nc$w4jh*2>yy-H%W`8%?SK|5lM$n^{;Wf+>
zYr1r-Yb)~O*~NEnKU}nq+uEw3v!Z9Z<J=91JC^NX_|nCH;(w(exz{(rofc|O<QcO3
zo$|PuEV`@~#S*S3PN#(Jqtf|RI*xz!VDg*G8V{krED4OFIbF^)zW}%RpwU3BJvbh<
za|IeP$1=lGJ1UV!UWR_Q?vx@XGDFt%QT6$efww0%<%2`suX@SjEr;DY4&;PWZvWHs
z^Ru^aE>C}YXWgCBttxc!$m_QqgQG(}H>0!kMH&F8pK<5fhUeU2Rv$_$!8%rrvr6QF
zr$JXJohQr5qCTljggS-W2I&cr0W+~*{z0wm_WPdKrIjJv8Kbp5*hB~*b*2xqd9YCt
zrbQk*`0>Z$Dtm>{xL0EM9YokNzggys+rC&j&o){*ryU^Kk!zU>w}hBa$9IlcHzr_P
zEltk$pR|}u-N*Z6JyP=vGZeu;9`;X@n}1Gw>xZv8lVg=xf9&(6b|i(4X#cAm?EfS6
zq@w$pzr#N#@rh?1oN#OJIqfqaeWT@u%Zqp9t!u3%ofZ?1Qg!ABYcshl-jZ*Vcsy?I
zqZ65M!<bf<p+X&K3JJ}!nLA?zd4$+Bzb__c%q+d-c3G`%_!TsGcSyYGE(mSE$FYst
z$_&?x9M$Q#TaFz~<TtljSSo3P15c@-fpJ&S^#X+AgCEI1ay3lAY!AZOGU76tcAxcl
zrI@HaSCA#cYSK7}l!6e@Qq&86Abwtlr1&OL=&Fl1opPFQ^Cb;u&acX8+1#74Ji&w(
z$wHYF)AEXJF0A*lqlkhLKXO4B8<g`THX?ZZck}9QK1?<ablL>ACfFEX#vYd}p^Tql
zK6dxHq7NS0$;MOwP#wpvH0eu%Rnr7U_Gc#qIu9jXkr=3KJm;SGl9Ok>Av=zWPMwQj
zHWEGL$8z7qxf;esb4N!iywjP=^o1dqPHGE#yTDqN^7<Ml+L&DngpYXg;1On(hK62h
z01GnyNwv-t{K|}Za7WR-c*vZf7V|J9QVq;elhz6vCUUgsVFQI6e6J)=0DO#Lq;9BA
z7%4qKU?&Q=CMY+7Q(L7r;-8Gfx6TJ$1xa=$wHX|dwdQ`#4^H`g2VblMkX=TH8qKY-
z-4s8z39gpCGl*el6Y3coS1?0EMVPa!DxJ*j@;V&i#+CyuukQw-@+%O1Ll$=IjwP+n
zBS@{&8HAchY?(pIcaQ}~yBQboB#K=e3}K8NHvx2=CMDDE1fA)t#UU1EQEvDeJF`bU
zNtP7zW5Y=uXTCInk2#TaKS2N})|A&dBDo$j*p6qy^s_q-u*it-$;$Y{J&RQ>!7UT=
z1MZSX?x<!AM@IVQ(Yl;_P5KFG46^=%z2B1Z7IAQZ{-X@E5mrM~p9(c;1;sQa$ELz<
z2!^Ac(6^yp`|RPZL=Kb+b?0al?!e!40>h_CxV5RpHV!#(5^kOZ9CAE9pqA17JiNGH
z6o)R|cK!sQqJ?g4(~FX-&i#rvYw9qe_4tqWK}SXb^1l-US)Jb|h9Ie0)Pq|y0!cI^
z|0^DVgvv5bY+G+x9=BL6J(NS3J_H9Ug`)`HBNG^nsK~0+oUD{T)+%ihig^4qs(XJo
zo0W5rV{y+Ld0fpn&k-S|hRTvJ^4ezlj6W@}3vx>8>?Z7>ZdZ`m&gheY(H<f{oUmbN
zUovh3{+pT?!a9L&n=5K*HB$b7_hO7W2RLW81ewflz;Gj{kl-@*cZa-My9bc8<FW>O
zW1aQdR&l$=dgY$w0>HbNs3_JefJ^?dAapY>5>=F({F8hN9Le7E!>7;vFPb<D;xRh4
zL$oGR&j!6k(Jf}O$2D4ilV<9%wM=J4PR$LAX}-XS8Sxj0jIrmh&GFwou@Zx#ZstHV
zo`S?X%EP%W^>oM?M~8rE0yP(Dtg%VhGDFj4k}hpv7?bLV{&==($|PN9hDP+ZCYooF
zYG_Vri)4p4&KB9lZq{pDHv;~u@5SnbT4F+T9O<ytd`r#`Pfl>zO<HK_VXkW}wEdPz
zt_d`(4FB0fUf;ZJm+sxns;8m3v?<0XhZx#m2E^|WH}2>>OY6n}1MbHh_P+w@F-=`P
zU;=C{`P?WPxIb)m02060{lo6=Azi9|v_0V38%&@pXNAc?z*m0t7$bB83TvibtN&pO
z;(u+4Z*4g1`dJ&f^E>}^h}@YW3}VW;`k69&(DZWxNKQ^|HZSgiOTQQ2`aSQG<HSVw
zqGuN)w&yl5!N|uuq*Q6Wy^9gD07=vCEP!*Ry7RzZHzs(I*mt)RAMI_vZ?Sc3GygZa
zEyzoNpwZwSg=*c?v;&;d3L!li5!EJ1{IJhK$_8%tAL#ZDyzt)|vThTB^lw2r>WFI?
z{ejr0^BVTD>%5%SZ4Qgrn*L0~^+7WQJfg|`TW_d9vMS+7tV_LYk8H(?e|bk5d@aNw
z^TmwVl)~R+oEqKVYMlDkYr;P5YMk!xZf~5P1~=KW!VV<?TY;wa4zjb)L7w(k;!lYE
zD{ORyKRt<Ko;kKKsB@5B)p(4})QV39EbZB@(bNqN{s!QG-c(Cu;K?$-jyl|Wp;c|1
z8ov!Ac*r_sHPN0p#S-hR(Bz^A<Lj=L)g9U)-fP9Obwa9`9l8YKV5ma+>MYBeTEtPC
zi7Bv&I`f<`DSR2sqm3r2E+RLdW1-<Ks^sDcb^fBV8uEnt^}*Gb?~h+ybQth(U2>X~
zitU)B0BF%AIMnzsZ4VE^u_5({C-LC|4TIy&?NLzA$s9-jE*SZ7fdv|Z@RtU&VP^Lx
zGTq(cWUs7XuDjw&876Wtd^nQ|j+TJEbE?Ey(QsOdWa>#ud(w<-qS{1@z=HG$fMG;g
z5Xi|JtgyOmnniuMv%^1rk{37ZxqbqYr61a&W_&KGwS3|~U5`gI$^18=h3qg~Q&m%^
z<oMk*zrTYI-ZncY_ej!O##WJj@v6myY`~98ju^0Gc3Cye6tz2*FJ@Qy_#;SD5Jy9J
z1b-YXVKCs}t=;j(+Xdz?uc1+dr`kk=H#Ln6)G6qv_<Ul@xo_~VXf20~p#<h@Jp<cP
zo^qJbQbx(LbTG3Q+STj>3B<^$P|NgbaRVQsE+eb~{s@>E?g=uWTC0oOYOcTj!{}i2
z?CH~|yQAmNQ_)cwmkk8M{Yy+2u0uIrtQy-m1W*5LHY>2B2uI$zn9IM>ew+lMzoo-H
z(_DZBxsN~`XZHZTdy?_yhzrK|eX=qM_B+2L7lEyGKryVvx>iDZ2p^%n?FZ<Be5Wq0
zbt`1V?5q|Oa$LDP;*|8P_p!L&;rP`eFPD9^i1@_Sx#{vBJ;0r$hKI%Q%?pbIbIxHU
ze3(G5;5-4)rp{B24`&Loj?{Ha!Q9tEPpxlr=-QcVoV!V;;YQ+-D)pH_SJYHmqQ(hE
zNR8626fM5@q6z34rXC$#Y|$6BGPYA*ZDOv|oM)4ersBo*5{>ToH(^dc_R2yJHz{BE
zlt>4y*Xy(4XhM(Uhsc!#(U!%G+UcXWnndat!Re4TLa}K;ciUCG9or3JL)3;VZ~TL#
z3{i(g;HtS0z@ru-A%;9QxirCL*VS~&^R7@b*PJyK<35*BdSn%%`@b)JY>6xMaxr7z
zQ)@YXYyw5+M3aHlqnLO}&lbBWK&0x!oTv*=Lto(ogNo}?LOUmb9(O^_|2*z--lMxi
z{z?B|9Gumb+WF1~qIL`<j2d+j!7Pfm<~rds40Ld`kw)xzwC-VbDLhpM&_%(n(`XjL
zpa1p0*QxVLydLh?M>ou3l8h3Va{z2o-jL%zl{zWT19{^DAkkRIS86*=E>OEIU@c?<
zAddR!{JbRtG6C)XV4iOw{TkrjDJjwkBpM)}Cn3CuxNMf+>$&N5n+KG_I8Z66!gJ(0
z{eqM2yCX<lJP6bvV1DoNLO*<PXYu4PB^d(lmg9~LteFzDp(4H*qKmk2%qkFVk(6Es
zHAxbM0Fb0TD#%90UlG<z3VbfkiQy??uUe>FQY{=wQcB}QLkW3_ZU9+FD@+!_JAlQI
z6m|OZzx_`u9UdE6<CHk<qm<j)xJY?vVDG9xmq^f1j7~#=gC0no0$#~mtwzSDlIasl
z8=wa&XBv`1>4*=}z#MHMJkN!7pxkee^VET#uq)7z<YH4&eOW!ja9KVBv!@|n0bMlG
zlLGP9!}xqMAuTJVfV;cQ!spF89KS5W1kDd;NfaF+Ddj8mb_fQqJA!1(g+&4*OGG7K
zj&Jeq`Og9P%<GX&(D6`C=d}DN*cc;>sMl*up{R>tiB2${W8c?$4zCcwE7$hql>e(g
z-8KFXJin#?EB0YJp%QEDz^)zI6V5)Ka640UKMjn<Bv-@e#`4<CT@>luH~dMNgApat
zZzkzX(KQ?^CwE1wMoKISu0E12YU95%wn-frugdTVf7)jf|N5cFfp8P5z(1a22B9ng
z0LOPANZ#T^hMqi#EgS190<dZ&9Q8cZZ^$~O7w!dI%^L?uTIqKWvKEPk_mCAH+fbDE
zkn_(hyJL0dutt&DZmGm{CbHsGLiR;(hW08WtCce$+WQ1hozh4(M&j#Bn?cxFaC=X8
z8vY7kVi>Me!`X<e+M`)@d>*RNcmDX}g`7Am&xkl8!rVJI$h>>jCjyEapHR5BR+U&l
zG86#f-7?9g%N6>MfJBFgdFQeda>OmBR$SGX3h1Fv>&oy!sOg`oNqPX48tINLFiv8D
z$U5$KA7%jTXCF|p9s5d*yI^QM?E8EU&!16q8?p!v<m#$E>;quj%A&}6bnyL+mc@m=
z&T?;oVtNY)_|g>(O=hWqXqHi6i09Tsf076_F7|@EN}6?<&ujJI==3;d1sw@tKS4#X
z#xB2Pbvz(GSU+V#WGp}3d!^UZ$bYYICh!FqXuDmSsZrfw%|nsTV5=0%86c38t~vs~
zHO4(3ms4)c`+0>^7eBpe@$6?#mSM^CWf6%!aA(s4+p5kb1^0><61g=^lC#_49Oe^y
z7N3(L#yN5=y}Uk{PmuURoMp=YaS#Zi1;J~1^k~M0m=!L0C}!3HKMARD%t>iD*JN4!
z6IwVZF>O;b^foL@3XqBVMm1{2bTr&VhcdV1p}5+5b$wlqOKSgaJWB#7z0LzJof$@U
zhx3$wv7>FBQY4I9T!aXCoU2;UWKE3hNYNteg|i7#70Uu7s%VdaPk^oFmNQ7D`%^cD
zpx1)SoSH764FTAYk0|wG@9C4Ln1xj=(UIDO)i>Emb$wkF+4*g?P>^RnYg(>doSt8N
zfBOF9J6l`?9~+N}ujMmOzaH)BuRvxli~0E8{r$<YNh5QYiS5EQ6XyfG;rRSiKQ<}q
z@v@})S^31@AKNLdjWH2C@&!44J{paa#rT{sjm4bUzw9{cbJ~$BrQ35=q(;cgND3-!
zv<qB^3L9U%&}+4Cl?+PgTB{QZCg)i>4hjIJFm@c{U7n~yExoMgT=~QKwg$l~%aVaU
zLnlhlg@5G)zFnc?@g9+o)Barx4Bwx}PJX}U$JY9oEULa{HdAdSW}>3U>Iifd;XcWE
zc3-YOY)PoH&BDxzg1Q=PDc3rd2K4}@uI`Y#+AY0tuQMVqvN-3$+7yedk31>Md4oP%
zp!7mV{xZ<1DVgGT^;zcQk06$|X%rg6g>d$TUq53q?zVs|ToHR~6CcAJqer~v_DFo>
zR8KWF(>}E*shk5WZqQwUc`*TXH1Qa$lo(WWfwfPcj534Sa>AeQIAbL)o_W3zh0<^f
zq3@9@LF4y7JAa#f{q*bo!whpsx1eR4qr1EKdtf%x$@%+NLxR>`G85huBcQ2Qt!5;B
zMp{#>^h`Yqsy@j)a`j(Sjg!!V!PiVfymo~s-w>_necaKF{D-F?y^mTo8Sf5trT5`L
zWAY!4+Vno0R-PLy7Da&o>^s^lAZMk11w}^*_Y#<TIpq10E9|KI^e@5m#wtiJ6A?ef
zV=XVSr!IBtTx-6V7Y!3HGCS2VDz%M9TaDtSnWjP^xDwC8G1KvEck1fe*|P^72!W5O
zZ35<Da`de<{bO@8Gn>h=IY&w>DDYX7D~e83DVM;9TLKL64MQQboha01J|*KTuK6^}
zKXNDT1lhq(gG*9tq5KpRW~TSD={g4Y=y$os_GLr{ISRuRgUAkZGOJVtNpY8U_M{Gy
z<Z*LY099(hR6G;%iy2}O>fdB{MZ@f<=Es|iCeNfuU_?nx7^4qzv2389^$>*YuG>vV
zL0N7$XCNKZtWnr%1UBrLMBX?#e*g0F?9K7X#n}(1-6JmVrPHez4Qq@+l|@`k|Ly5I
z9agVqGfesHQSoVrt9%$4!DE5K7`~tU2@QVNri<4{lPjF7$xdD=`KRy~h`5D%3bFhl
zeB+A|Ww!zeU&aWRzwP=^#Act4v34&o3`GSpU%;`UVwI<B4>34+D}rTJquqliTA<>i
z#)H44TjVu`2yf^nBb1+>wn9&h?EKJBPG7qjdU}5T;o|J|8YA@JxuyesIV03A*bz2D
z&4(BOY(SI0rEyn@%|_{Z8}wNR8??=GY=P|F8$(s?bVDJ*%njqX+k2Zm89Cm$fq{C}
zUDGS4ss(K>zzUt?HKv>nD`_Y!pRkU`Y^H@4K+Nfm0qdD}=rCWhjmmjOeC_?gk~sHP
zx)gh|MT7=7(Ipgu0w6F|@UdIu^ExK4De6!mxfXua<6@pK%c_%=#`{PrP?<Ogn#B0<
zhSw`fSfo>QOR&r=a~3^{Nt{)+!;@d$5IbE*zMc`A|HmAImHie7y+*uq5)hAj><`*y
zC4ROO+_p{I_Oi1#=O13ZIy*T#eRFa7>cg9t=K?f?^|ZrkPsS_@JKZ`3j+5Qh*p(jX
zNNNXZxn<y&&&Sdy(#g_nYMI@v$_drP;S)Zb>9pzYF$9^lW%cz{KE(&Ng5zXOy916*
znYwna^gXrt6|fK{?ngwS27xF8MJrPf6f<&+NswWXzaO<!<KdmsNiBKq<d%~;sUa<Y
z<M<clBOLa}Ip&e1*ucSpzY0(_GF>pH7eFv5u^Yg&W00c{g|L$IXuRC$rxrD$wc~(I
z_w^BUOh*(pMiR83yDgM(iaE@1lI6HwA4)iVeR{GklJM33qec?GY<%Fe!U1r5J-F7P
z*;ahn`R5*_+a?gemI6+WX()G)yBMjG+QEBhI@MW*a~mbwURZ~OZ{~K=9=Bjnmw;`4
z<uHcdv)JK}y;Oo1q8Q3WaTQ-u%TWQ!)%_x;vYqGK0=jk-M-cAeXpPQ1iNB;IHa=lV
z_ui-^U9r&Tu2EDCKu0=7#k=$2>^Fe2NNG86AY<_8IJ%z#<yy%R`@CC#*hUYrSDd=u
zMI1}F%`W0V(5>?jTbcI-J;V`#V%lyAI`@5T%1DR@kb}|<Rq<MXuIIMWmcTR|srIu{
zYMZV>Zz61o-qf;I^yEO(mh2TqtlVd3Igx^BuQjkI<uQqu=QQn%r!+|&zgBN{*?R3<
z8(y%ijud>b=)y#%(6`$PNt4s3JxE$!Bji;2;9<anBWNTm5xMb=%%dBu&6Y{ELJ}w%
za)XOP9WsYKQ~w<RQp0TS+3|s?r!B?s0cG(QC&WJeB$9R0W5^gts5ErqPK!@DN7LLj
z$z1`gS2x{Ztw~)mTLgt!jY~W8I>NTSI9g4S2rT4Xmh}JCCz^JJWvxCIMJ@=YHgYE`
zm&mD`5wmIRV%7Rx_l=6UxQy_Tu<&RD6#ia*u_2{q9SDA|g{uDxfZ+W!2u|W(Pr|H&
zzUJGm<dJk0by0dyH<ra7G8MKHP}+un)dyhn)*ZHzupho+sTC2uQH$eUVXiA;eeo*Y
zRiy)hw)dlHKLmTp*Kl<&Z;C*$cuZr-CQ>Zrq)c5c^=f_&B;H>SiM@TdpkeozrJ&X{
zWtGrU&z^8!R{xto!~5*RNNSK21qSYBTcDlyg>Ko#%#hkH<xqGp6<xxdju)BC6F=BP
z7t{~Oug_jy9)JJ#!<&nBJvNKf^Gu5tOn1+84#YndOK$IOCUHr!d}nW@2k5jftnKhD
zNy_yjBp@f}J+~$xd&$Q^ZgCsUwNQYqcEmGxL?KBtrpA@<=o!3d#(OKdmn3~1yY7J!
zDovwe+Z6}CjZsbzVDNwD$7b^CZw8!g@bhh*V63HShEncj5YZ2Me#HKc&IOwWP|!@j
zR#cI~4&Ny8H{*wI;GVtw)$s#{%!EC|Zs``)#qf!|NZkHzJD_pYf-=G`ar+w($KD=s
zOE<*f%Ql4^Pg{34B&IPkickRYf}277rFOm{_KULGYlyeSj=x%Wo};WssS+qejBM$D
z(XF<Hmc<rhWD)5mr<)gu8?aP3HLEhUb()kV<qL2>?ibQL%bgQo16!_~5q|<z%}&dk
zk}Dsc)2L|8UK*Iud23?qK}ebf)(YMz4uu^FYsaa`z9n-9g3$E(Z%Ce*0peX#iF<yo
zG$u0BG+RGU+RKpcE-%}}gAWk*_PoJm{*jWXX}ySBJ!rpeL8G{3e}c7)_LMOI(>3iQ
ze+{GwOJ0NK9RKTRzn>;i3);jdBmdB&@cfR5RQh8iU<8m{sL5aX6W8eivN_D?@Z?7n
zLOo1ArNuuf-Zvlu+5ML|DM_4@t}@L2%ZpT`-S{Q3A5(cVAL^G<B{))EtbVSIuN3hF
zul3MrKDz=lv_e^}FM~_?3A?dKG~$YTT08<+eYO=?T}On$`W;H5rc04<mb^xav_@ME
zUYRNxec4WNcfTz@Ng45NjArCLnt+XccHAfZ$3?ZFE1jrlM#0(=mdD1k+j+@e{gicd
zl)d_CW98WfsQcmkGoWrtT+l&tx1Lt!c00H`?del0zOlZy{YUk^g@Ebc5nGj`dwPAl
z@~71L!6(p*(UW~_2@AUB8RoIDrHW(E>b~9+!pm*NcHG>+CL9vreOOIjaB?iZ*Om8$
z<ZMl$RG6?y2xYzUNdZQtgDl{pPF7=npnPY@d&WM>$Z#?Qq*!DJ?1cPGWSJgnWgVGt
zdweeu4J=MjP#J%tC)38|DQjiS&Ggv4(T{R3i35?_5@mDSpjOdh8P@rXC3m{C%_Xmj
zalWD&hT@*P0l4Ld7LM%?G?+$7jbJ2TE>?HA`(qmh*+Nx%7dG85e9PCUQZ?z|a!vcu
zi@R~QQ^aRlthi%uoPLDZxk}s2E!0loxnEAR3X6_FbGUc;(P4GmL3}f=_UZXj<l0*q
z{cHP(quH1^lOz2~@9V*{wxrTcxeTLDsSGW8cYP{Dtb*5NGFWZADU-n}=B+as1_{C|
zA%u4$3SKx;?3!2_!7Qcr9!i~rAM}Sy{*3yC+k}U`=h>_Gr+<HW`qRnj>C02TPP6O$
z(zbNnRJR5ME{9x++$2||fgJ4WgCIjawxf{`vrO73tWu{n-Ieo6br(-V(54J5(bB__
zMd#8;D!6|5+V5W-f3~@S^lERt?SbO71!9`r1c?Z>NxXIH>okCuByHepr+~Q`cNpZD
z1SMubSMIq7B=K7K+R>g-cFAMpH%Q1Z(YFHgIlN{qJXM10mb^|N*h*sCb|5=$&KsL1
z>d?~iaeGn13|n@j5fSQ)x+VF6OZa}AdBhz;NIET7^SSgpq)G0;`i$?4$!%EQEs4ZN
zy>bEm{BQrS++FPTPheC4`@E7Q1#bs}*16>%_dS_Qlia#-p5%<Pl9s$qVnpAzrG;Z1
zqK@O<tN0)kPEkTn`v?(9hv57~;!|7b-fMh(uHnrO7bkWk)R8(c53^?1PTEluF%lUv
z(u>-jvFrXJpqh-F-Yl;%LE|vnq_p@CjDV*VQKY|KgMi}pf49{l3-wWp{(60J{@vSm
zos`$XXw*@8eYrwy6jyxke<6$c7w0gI5871N^t?7v+8fxNLmOS#zu3!ksQq6&AAodO
z-jk$tvvOZwWJtDbckjuQ-RH#H9}9S#xq}lL*D-FK#bNtVgBIi75Sm)z3g^EV?dolI
zu32@BT<ZtQU{QLWyt0vS%{uDP)puLA*YN^I4_?41y#Ry>-rO#2ENCog{)CgH?K~om
z%`hfqrJ{4t%@}YGk2tX!_np#z#Z3xFo<Lp3%AP9S*RDZsjRSQYZwU^ok|Fa>;oph0
zU1Af$8EPv?go7#w-F7VcSr$|7dXXoZ;Pq2W6szQ5ceHb`yAS`{+tDzWEo}?x`pxUy
zvO_Y36}98a3hdmurhko7Mopgxg{re!wt*#w)E$Sk_uPSCttSe0UNNJA@+OUfYtpo$
z+gMi4G-X~yciZ$L1v1qS;OsTh9YKiYIrmD0PeyF+#2bIkF+OsrVFqv0#(rG$0GAcD
zF7d!xouQ$O{2pU$LM~v!jzQ1Y436_U=(xM%A;X<doXmoMEu$QEFqnZ^b%YE8Tmt&U
z#UN7H?V;x*rNiiz&1VD@RHPc2^P9*|f-_ie9yx)dXHWad6CEVZtHsjwz8BS28u)Pt
zyvqL#_u#+bKKwU4fd7V1o&Sy!j%oO&l(8HcU-Dswy8p;`Rv%^_-somf+Mt%Ocoq`Q
z(>B)oCjdHIyMI5G%855h4J|3I+igtCPOBuHXnWquoyu!hl9CYy3h!|Y#!fBY-Hi7$
zw^4{psn9v086^jM2I71*yTUr;>*THzHnsLDV+XL_Vc#1-oIj9&c%XCic*!A(?GmS~
zgc(?8H{{+#a1Og1?f!eS8M}t4NGnUh1}~6PZIKd+lD!ilq5ezQZgnLQh9zNFqe1A`
z%<O+L;;@EW(?M<mbAujgpmr}pZMXPvh0U&O_ub0yEq-&W>4%#X`|x3=UtnJVoxXtS
zXOiQ#G5x-I`P(x6QkI+z`*}3n+tw<Pz3#OdMJ)!{e%p(Zk9eAT#KBgNc$Rv^)2$xy
zRq7GXwtB?ZsYiUZ)gzv#9`W^7kHBbG{EX+@J!7<;U7fO*{YlAQ2HkU>y6f7Lqh0C?
zowi@gL|gR~B-HSyba}Duu6HmmyRhpSP`7@3FRoM@z;srSV0VSsrq)4NK6NCs%Mb-4
zl}ZGTtG&TF0|K!~-17?SwHr0oOq5*B`XwICm4FQv;qm=mi^$ata3H<pv#^)^w77wX
z%~12+mN&OFGVT-VH0>s)Zgh9<83#UXYMWZKX&Cq)#BgabQd*zMNF#TWU`?;t;^$(F
zY8L_CsIiVR4JNa*H?O1k(d*K0gI$|mLx_DYClbY#1Th&3L7KmH#*`x|raX3+n==O7
zXWmmz8yZi8XkubA+q~DCShbVYwwjx4Ti9V!0q@u2Y9TF~Y+pqJf%wiH*~E}H@u@8C
zI#k(WlLAUfjVX}%4PxDr%e49N`s}=IRID4I!j%PO!n#Ehmy&ar=(?pA$D!(bxb-u&
zT68!TJH@8aiPL7hL2jwd(pgYvRXVpXVnu{`Ze%K8gHSuYC2b@89kr5ZU3S>#Pyel8
zm%q@fsHeMTSn1P*m|hQu9lB80<<AIhIb!0?=kapcSmmI%=UU7#UKR^c_iKFqewRfW
zfN9J+8RY3MzIE5Vn#83oqa{zfIGNleF_WR>9B*KafH)C{rN=s^nqEy<!-!kNqp<Q_
z{keBl7UO?=a);T)C8`W=Uo6B(5P&O}E-q<8YVMIg@oCqvF(t=BdG2FUl*^2LBj~B%
z;Fy>+Cs^pSzGY+_%mVFi1swNk0xHu#*M}VTO-5DhM+e;{BPwa$OVXj8XvkLo@Bb$)
z0af2nedM#E$$5~LGr&<2n(VM$1pOFF4W5RF#<VZF1iUPkJHg)M_jNc-%fy~gPO(kU
z`UV0IYu@01i}i1LMqTAOAiTv<IzjxpXp9KuQx&Ji$F-7a{b7HFfsUE&i+RVxQKwXt
zj!p+BA(UVG$u7$N^hM(B{lJ({wM1uTcR*x0X9lXp8^~uUX<zP-f$(Gny|-DOf=G4@
zD~4q!ihV@@xn&@37!cJRYFra`#zDN~6{mDDUV$YD2S@HD6VC+zLqZD^p=ftM3GzpD
zp*_(Tg(q1*ggnfwhv5ug8OM@7#XUJ^2(#R7MNDiT`0YlF8ft&AQ3z`uECCUPamMbT
z0ifwZS_AngU}6x98U9HFKe6fc&saE#XNvl8h<?jq2=*Rm1ngymcs-KDd3mGVjTV3<
z%1it|laWWT{~6Yo$Zii)RBnO(-DOYWo1Y)gNU=jtLCzs?^4_!I?!gc@XVtL&e1AB4
zdgQ2F`}xuCW~)OBv$c|%?-4cDkPa}rrd;Ud@x|%o`{Os?N>d<FoKzuX`6{YfXNXZ#
z`%U1g8ga9YxS17TW)K#~5X0J4P(>dZA5O+7qM}kptdX|FS-Ci~>vIDYY$<H)oldBX
z(kr~unVOpPoEhsNHzWeAJuNj95Eu<np|}(7Ox<Q<Hak&ftBrqK_JM<B(F%%ztXirb
zpcT{$3OENmR4h4S@Bx&U-ttV83=huq<QgMKraR%7Hx*|m;NVZE4-j^NU6!0lkjnsO
zafF!LKrGl@MQLG;vzFSqjqb|a-|RjQfp9rrtQr}*iy#LWy2gG!$qQ#4{N2Ua-&&Aj
z*GCil<Q*@PizC)ENWv@57IYj|C`WlT;<J92FYBV!-xy=;+-oOI=c;j2w^c1=thlg+
zekHwOSop`%OkHcw{QMTYmtloy03|AM^Z3c3&igUE#nwTglB(1!2F>-Va5$)!uiLlY
za1(9vMS@;ZmXW>qG<Tm5vhXNJyZ!aJ_iKxL<zo~hEI3q0>og)-q%*rRYd0Ht>_~Ul
zhwR=dMTTkhGVpe%XRt*?%@v->I}<jm38oya&ufVntnITyADk(AirZ%wK0($vcDc<X
zrq0?vK%z`tJ$l87aMBjV(WC6><CFXuRtWNKHOF3G^NBF!BVxM9r`rM2ArrJ5Q!B+=
zfL#2+@DutXszRob&iQ?ddd_<GHu1uoo3t5PN&XfMCcY$E%<`WzoOW%B%A=>4vI57a
zFy<sNRF3G?(uX;~2#E?d*e6qDC%Nu?ZyiGtMVd7jwC&7&#l997WWZ9(*=qJkfNE2}
zZOY3li%&76vJTiYo(nH`o3lTVm}OJUc=$7t<;ceCCGH_RQKzibQ~`o5r-l8nP{A)c
z<_<iVg)4TOPoUoz)N(rws&jL+7Y8-Ot*0}pMTM}>l021K>gVvFVH#Su@*s7=XTfD)
z9>^Zp20;-Y(;3Efz@6eV96*1U-|ql${uvvlH(YcO!N9Hrm*f)h!=i}8j*m#0KmXhR
zjA#;islyyl&pdN98tL;-)f8C54hOXNvmj*q5MSlrx&$Uv#{bypqCBDXCw)rj_$cN#
z&8_ng{sAf{l1dgSHC2;OFD3KlI=e3JY#P%pkJ+~2Esy~#L<&q=_D+VrQse(z=rD19
z1^&}@m^v(HJfZGbmB%6E-g-hl>qbc88`{ralBU3By_*szd?Ux{{UV%*3BEjg3||w4
zi!Jrp7y0l_kJfNc0>^*tpz3&(LkNa*o#1l4nmRC-fDdg1-p}IMgZ5tGDRt|qYe~|D
zA1$%Y63>I4AhV9tS%|}XG-sNvMpChC&t0p2^#;k%4)VLq^MAS&q906(Ywpojk`9U8
zp6KnY-58(A&L-1CG_+K#8Ht6N@V9z(m}<Ce-4)TMvruz+IqmAyABM`Y3=J1SyL1w`
zAm-v&xSJ<hmgOg|Vc8w$W|L6zh%Lu%G^=~+4mUZxnIzf~AB7BbF-R-c(a087OKpbN
z^dRyL)a5@F9Gt1Mp1fQ-uw&gi-Ukj>A-<Ll^9zD9MAl#1Pipkg8IS_AO^m1XrFet)
zo*wCqX+hH-D_{Zye4K->-kCaW!teuKoQ}5H_^Y??zd3vP^7M_2nGqdK<H!~DAjWCW
znx;XPL$Xd~rnj2RVG^U}D>%@3HP=!A?iP!!z{%LXcA83Z-0|~!N-`Kuclw@IU`S7f
za8+@)(Eu7)a-2Xwp`3U^yvb4k%0z=^=7vhGzQttU&F&>9ca<%AFca8oj_V%MX!~QH
z^aFqU#*Di^UeknU-$lfi-?;h9^bk!!_Lznq8luzjLxRTiq`%4+Ree<Jl5F*<x3aR9
z4fHsSO#;KKjbg~;W^8l&i8pUAE?;2>$j@uji2~J<m=i0KRCSb`pFhrN<$fz~b&G|2
z^@#lq8WGsD+d3s&e-mBP`nFtvkXS58mDJk2+cej4vO8=J?Yi^2{3bXtF5dQzER`SM
z0Sp~%;ndtGj_Byrw9`HUr{**B#_e31Mus}If@$yJ;d){ow-Ynsnr{9>mjO^hW0M-@
z8Z%ajrBPBR43t5rZJBqB4)l}h^b+#U8%pYM#6Ib1U^WaA6=qT}z9`|bja|?F(-8lQ
zm!<OseJw$bSa>JsvA&J=hKf5ST*@J-+E2-0tQ#Q+Ea<A7fQGPL4%$(ZiWHU>xEJ)L
zk!wR8mGsXEJCH%Ya7Q7|vNN4I@e4+>y3_%ga<eM9u+B2*ukNVaH*S^)phRcTRtu-U
z4}bB#ngYq@6B#;s*xpH_M>n#s;D9Vi?6))Y?^N_=>6hdck_Ek!XhJ)PrqL7FtF-AL
z&u9ezkb6u1fB%o)87OvQdIfFTrKzn4;{IRKBAj>OfFoFs3)4)FvT?>B%f0%^OsZ}J
zXA?BTuz@z*z_GVe$90Z9tGuRQQaqeMaj$;rkVvYdwdr<ahbFJRB3X#A2%6(Ws0?e`
zRt?*#^l`MH(rrkTHrCvO*H9CvS<;u#OEd?K4iJBW2maX(&Bt+P%80S{lCv<hT-yBd
zu$fMK$1Dxf2VJfX9ARssH*U?j9M;61RK3H5by~={`JQqK=-7HqIF5!GfD&&C|M3@O
zM&nD^{v%;Z&I@jFe}tYnY%fRNF*c<o<yHH`uXKVtJ)!TS)^sr`moE#Fp2IP6z}{30
zh#kE1Y!|MS(;EfT@@aaE<Yjkeq?6mKVqFU-OFjEA@O_wWJxNW3dmqkU_6Jc9!aZsb
z<>+y0ZRv^{=KUAhXz!^`ZZ)(<vT~x6jFH)6B!idIBtY2%d6D&GHFR<K-R2h2JHCGM
z)l)7<w!lpv#BCKcnHA5CKmV|1k)}yY=K?)iddCvIhjtem?d^9c(EEDSbwpa&SS-~h
zOzRK%JibsX7a)kyPi8du+HNjRz5_X}Rtk7U%KZQAz1?yfOLi`JKTm;+wgZ?A2>h2s
z1;fKlN!_&d*CN&X_?$SwC;~+i7J$N_08wnaPx$J@_}0E~oCr_EM9i57@GIE&^AP(<
zX8mTa%*p}^q@=CxF&(zGNuVlo<;u0b^-spD9ofY9-Cb?f0?2uC!C671dc(Fe)A~;&
zY^d6bxl_qO*FCcZ_!U?e7vj{*h8j1P-YbgnD<7i>voLw`3dq0<noH?wY~fow+Bvj@
zn?+yjSZgTi59yPaZQe}y86|#~sUai`v;$L$z0YJaz07f0@#hd6Y~V3yOI^+79hs8T
zMW6j-o%C7}aDkj9AFXCsMsE0=JU>wbG#Q6e`Y4qJ4zZ?iZ*~<s-kpu#b%M|`)+m7F
z;i#bz=L}m#<|1G;i?hteeN+vYWjZOOpDHOo^UP=5R_u0EVwiURF`P+u#VIwpJ!NT;
z-*Qxtf`Co>p(MD!#g*pll5Xn_?gUQtEMhU&5ycZebs@!2_t$|wB?(^jYOd1L)9JV_
zUmrNv!%!t{g!H2PWXBj)zN+FKw@;NumP;D?*+<i>@sdlp^4#Z;U;2#xByiK5Z?y(^
zJr>qq<^;XTj2YUT(|g*EyDc@FEV*97qEGx=o12jLKCv2Wa`R+kqqM<TB~AS-B=#Y8
z2!0l><Iv%picxeQSX5`4A~Rqw39xHNC7mC}(x}T<=6d&Ez^9a6Bk!%KD~v>qoy(;}
zy+s{e?pmKnx2R@7E40QuwyqL#Q9JK8EfWI=q_F{%PQgeKkHvD%8LCnQsYC5KWf}gB
z&=SZyT+#m@^)_PxR(FHE&(P5Y8tN?6wF%51qovr<8>wnao4zY$o(DF3g)~ZlCg)Uv
zBGR4%wFX_{sUs4-6P~Y>#=a`9MluBU->c2K)>5tbMFJQXO241~;s4^9@QEhfiuPP(
zNTAoG=V~!sj{v=yTRlH(I@XwrS|#q<m64@O_0gLg(*_nHk1lV&`0zeq5bmuo2)&IA
zLh13&qx~&61E6B{0Syl2Ga$&eSdi^J+6FoH^MC(G^Eo5I<k{B3gKs<`gB>&f*g;@G
zuaRP{wzL4fEKq-DxAHQS8#_I1uy2f22|D}31v%15nVsb76J`F5OwIkxEKSs^8ycD~
zU%c3l-tfQ{*1%4UEzP~JZD~3gE3vtaEzS*sQKD<`V1{)fKn${!fX64exqIaB9}VOt
z#1<gsa<sOriI;dHVLTo<i`NA-baB-XGbupj^eX||lGaC)pBBY9$EG8g<LfS!@<gYy
zUP9b7d`Rw+G}Xsj&B^*|soH!gu7PyH8vGk3mQWpxmC>$tr>wVUT@oBscT%!!Ua>V`
zcg-!;8haF80%m}z4|esU@a<xGIYw7t!I_QLB4qo`;seffD}aK1GUMDFbZa$&NSu<|
zNEmsX67g``&g#HK)>NuCTkX5*Oj^p^4{%@duIzSdE=la5&ols1OvV2jX{h7`AZ<nV
zZ~ywMh@YwB&TKx?_6t?^USXpN+(mVML!rPvT;pq6i<I7t@18jz$6o6I5#s}xC|OxQ
zndlcXz1G6~l-Ustwok*`M_<f3iwrSPMhQbqu}x&kkuHpv@NfT`nz8ol-1}L|<z#{#
zjJ#u#FUe&#Mvf}Gf@LoV?sX**q8p|~!!cm0cX=V-S~)Lan3Xq|1x?A4ciZ{VQN(Ld
z%uNFkE*tXG&T&?u6r#(UyOnTJ*Kakobj(xdz7@QMb!lFdQh`-8tMk3iKD@3A75ZE+
z+wD>^zKU5s4XKpsEhDkN$(?UUQons^)F|h-mKZIrP4yJfXOl0~X3FdFX{P^oVvGg#
z5T>69dHD#RBveslEE{)_5SKNz^<+vbi}xL&FPOl6dr$h|eQ-@-3Rmoc-(;vlt_W#O
z95;Yzkg+DGaL;_P#%W@l>M_qVX*FKkcC<k)sxprH^Gu~jxf<E-8sB&|S0_3m^C;^`
zSxDa%0LXMt$g49crul-VXNwBoTluE=@SD9VEL=^j-*8af6B#zISeek7?|1!E9<O|g
zNQDcM3Kwvqo6wTWlAo-6L3lr!KYhgc%zf_m8|Hpl@C|@{k_igEp6Bde#`b>{%<?M4
zOYy*JuJk)8u8i8z31iefLwU1#b&}LYRmUl$Am?Gs)!hp7#VR^vfo}CMV|C3Eb3CqW
z5#xOJD9~9rUBU-RUeqV<uK<~xsT~OIpvP{MTgFv?#^O=g(H>2><4)J*T98hF<<c&|
z6wT!su#Edn6+3ve-9oISdf`moUCkcbUW-3bj-3g{`uZn&uTCdI+9qgGxbtG3-vUH&
z?F-3Nzskm?v=fxJHMLDaxDYygR8;oo+Sj1^mbi|6cGR8FRW|G6eCs4v6iYQPNZ$cf
zRTx0(lCRe`DC8<h769>!d^1p!Oj(B!*E#Fs-h*sbRZl<+$QY9)I}-vK@9Me)Vd(=N
z;P(XP&g+8B{uF>nlv1kXu>F+!V5(+Q*H|f{+!0PLKoC|g{jgW@@I)xi1!7A0&VUNc
zhNCOVdMZghVS9R}D3?OM3n8??(YWT6rnLS(pHs>sJZ~<wxRdN-_zK?^E{POV93WD4
zI&^R=W*siZ{U-P^DlBM>Zn^7Pyz(^-Ep~k!;5<(1gR@dqdu*QKe%Hc)xcE|=FY_;A
z-lD6tcAQa@RsNV*<&SQa2R<*yZvhX-f0VHhEz9*AELqW&ebM)(xBX>B#Du-;c&O^t
zaysC`GVEdkvJrT|Ik#{-9Hy@d$)=^Pb%e!B+qfJ-iEsj_A@Q6J&%gzPa1~3ONZL%W
zm7%l;aQ9xkQemMg`F=&Rc*RC)g5yIhaS_bE!?-4zriwt@S~C0L{j0L|gX591BPWWX
zTw6muFQ}zow(xlslWgWSbK{Ht7FWy-MM8NY-CKeJU~>Qp0WF$M30^x~TV3oF;#Ktt
z`$*m=oSnqVN&rE}X$etuH^sD&wloG#;CgSEG)WyW(h+Fa03UC-_ol|3Wug7J@!r~$
zmols^t)c~$%89m?=~Z&_RmgEjc4}b=$1>!$;#9e)=nN$ESSEgCJR9tb0^&rC>Uu;R
zv%`-?fv$gFs`^`hbkBSjL*#%uc$+|~t~$6{DC(<=gR-Mq=Ver1T1=}>)B<jWErUUS
ziF2ijhsYgASis3b)z@x50*1yO;MkMBY>}@8jps2=O!+h#gB9G$OVIkhh`~TBt+_!-
z`=Gj2!l=mxE-PleQiV$E$4;t_H8AF4`Y}bgILJTm=fD3SrQIAq{<yQQx>akaw3~2s
zpzFq^t>QqGq?JTzYn#{%MVBqC>-dsa#(MOrP6UWAjyaCXIEv6Q*SeApDNJQ2Cnc#H
zvCqCr0+pyK;Akl{LsF4nYO8Di@~3kJX+kZ=W^L;2J|gT{@8Lsnhkb-Fp8`}8FC`n0
zxIAp#EEco!u;0&SqeoeOJu2}OAAx294ga8u)*n+)Gg!W2>Y92_>1w0h{>(TyZ3<Mj
z+7U?Q0K*c#iYYG(!q{a;Yhu|52pTpbK@iWZB13KMrCtJ4b{TR0#j)QAzN+H%!;hHh
zGdJ9cC+Ho=1PQ5hsQiF!u87(fOxg<~2*&Fz1%r8fE^$^&IBDi1&3Ektk|00ft$A8p
zU>ir>o=LWz^iB`!ZSjMDdG_{ACD%b-5LVfm&~}hwexrQ^IpQyAyG|we$5Glk!<E{|
zKUHZ~CZ=Rl*KAp1ZP+hdcucGuHaj=;4|RgWVPKwJnuGxw9qUqhElXf8AIw4bf$)my
zB2P9Y(mbFN1uG|{5#dbnDZtqFu^;vcz;5snTkeYv&~-#D4b{wDU{9(cz%CMi?ecC4
z-+;T?LAIEUvq2t9SLx=(2^aqM{OD{@!)vLwj+yT`qX$7%vUN4OG$I~5vJo8&uCNVh
z+KxVPj|;@C0}B5%mxv}nx}q}Jr76@E1jqW8x5;q6y|Gs^Ukn~~q&2_kZkQlh;G_#$
z_WsgtSv;k4lKPG-P?rYN=NgvwZYok!6~L>?em!omrN2%G236IO;;1BC&-48EIX(Tb
z_3rrm<ToOJk6zA;-{(dp8dsha<6jhu%HT{7k?EP_wZA0m2_Kep?lDgCRjzb_#IYy7
zzaA$(kR}%OAQ{l4TX<D(&)*4B2FrIr#R~&KgJ28KOCF0US=l3<84c#u_^PMfgJ`{o
zu~(#Fdx$J;Q&4Qdi(Rvd1aLk%e*gUJ{J3uN%nI~;ds85FJTduRayH5_15gbF2)^bc
zqy!?$t6*XQPsniwft7>aaCALd*z@cL4V9!FHOWRN8Sw+t{8mB`XrlV(H<x3+B}}V*
z0!w|%{48$KR9nP4h$;?5c?1&-H;)=&8%zXH9vuh#i7KNqB&F<xDas+Rh(dV8%yDf)
ztPA>3hcNYJj(!cCU_nW}emy#k-Fx5ZO5zidtEc(cwylv(aT0f&B$x1Z$0v=}pTVij
z4pBWj?19PCHRsrEEoT%uyT}$BsG|s=`)#iQ=|&f?=riLcBT@atp*dE~c9Ct5^z>S7
zqyTY|OFoyo+2?Vj)SISb;f!Qw2QOQ)&7_^Y6`?RaSAu%{Hz0bq)IaoH0N(Y}L@eY&
z{rW+f;piunGC(g^AoMCW2g+eiVekBIhAM;+27a&qH)Ua{uFnQ)$lyo+UP2HIf>;$u
z9x~l<(W6#o996DFS1RT*c&Ga|DH_Tga@otRHtynRXMZ2>!o2KQBC+Fp#wRc|vn7G$
zm9J^R2IAM48INmQ_;7>9E&m8X<eaq-b*~JYuE@c$iNJvuImsF$;c3kijW7+{`51!R
zM@sH7voobHjyPioCr&2c;NYOY<1BQ@jG7g*B}V}WSs<RcvzCOLLaX-Dy}@cFw;@SU
zE0&VHhfDW6k?_u3WauqQbOkR9kxQfLP}J+?T_E&KUm@ee7FmLY9r7eY=KBHFoz@3h
zF|YJYUf&d)3VXbmE+?&@|K*>kXCtL&{4FoFE9?9NAr(SUa7{{{S(HLhd0B&9`DRrG
znToOG=bHmyrywdIxVuJnRmk45q!DT*ZcbNz$I>YNTtX=67mQR3zqP%yySINJ60AZ%
zy~%h~@##FXV$<i?v<=LtbkSL73^+HV6F-$le3)L<!hD61_lEfb?Je40P8IKGgO4Z~
z<t1z3zk%{ypP^wUnqqLHkS3e5W%#O0u-X8(H-_vR&Z=Jx*^N|c0@;OXUjVXK;krEA
z)IC^<`kkTpolQ`@7$V;fiWgs#b&q3X_OId~|3>(GCxO3(xe0&&qKJE^DdOJw-Vrxn
z()%KAC-wjMF}K67wU~S73t?_ca{ox-ZN!5jIRF0vyF&)7f!wT<SzsEc)N0)AoN<ym
z3`+doKHwCzzJF#ee_i%!i~>+HYuqL^h<X)J4GCNiRBP_?1EH$T(s3NKW|I$wr#lsR
zdSYM?zo-?DBlOp;I*#!C{qdW#)AQ4}Z`d8o^X)JES1LA3P=sbd7vCH^hmhXR?93LF
z%V4lQffj!1Rgh88nvJo6c6CKjuCnuX_u=2!m2-0QE9)xJ*5_<^9J^uSMkQavP$NL8
zZcCLJhE%Z~q+bMOwnC-mhlt|kdWoGH>C`Bt>U#sKyLCX7P#Cij5OyBK&hvo1N1o|1
zolw%)Fqy1uwPy&Ocnms~X7FUtFO79qxuXFwOeys#n`%i69~kkWmnIa57k4wCbj`8;
z(oomb3^_PzIh+dq-0@brlWU-!L!C)ai_z&3;B`esUkLf`HbuU>4*7md#CrmoZIOqd
z*TgRuW)_~g5JKQucc9PARGUPPhN<6m5@#iVuHt7+Q>d;fhKJt}H}6^8EUnb&e$|8L
z6|*nB)UA4%8-QrvGbACd4bYXkF%NTDGMS6PDLE{SR{&}knb#xL{29$!Xa4Sc=+d{)
zJIYk%KUK^SJFHQXXC9E9kwV^ac1HC$NFdaFDG4VWp7zQSg}OG<nql*68T1C4Y#}~i
zX@KmI2wlPPIKReXJ_CAwX<$xp&w#N2d8iCg<dvdlH$}C3;Ps}C<#n>-fxx}G!T1wj
zhhh%~|GQ1V{}ts#3(nt0By;id`1I9_=V2dC-a~oeW>VF{e8fV*h%j+ivrW}sig9&l
zQ7(6aCigskoj@%m@v#+PAp&KA8MkY7Wt?w6FBS{9f0y&+BJXh#fPVA~ApGPwp%tEL
zt9gr<6ym;iW`LVyo+MDk8NJdB*ftY|%-OPhqbNXye%~9;-&=|ElPIv&7T*YFNRkxk
zn3>ARVx!WhKj9VN!GP1Dc$pC6C#hdW{G&3;T$UM>iltbrY;F0bWq^{dml<621<pi8
zJ~y4~)97CiKc!LI+b|pr?M2D17BV!I>Jr;gf(pH(7v6tL(PaoHRgOr3Upy%#WhuzQ
zjfC4v9W+5y=M+bGcwiIMngW}f0DDbMfW7a=1PE*Wv-x%I!U}7#|LDq}g~nR*ahccq
z(fQ6=Q=obq{QC8};oYJ=d_`by(ni8*bW0lYOd(6)M;eK>0oL~-_JJ6`s?|Ki&x|))
z2UXQV`}cW|GQn%@>^&C_Hf5++1>%w3a;97{=WKR91z{qpf9d%%lcAhcE*8Y3s2mHp
z$6axf#=;g{1t7D)l~*IVCSoACX)4C1{23W$<`|TP^AaS}*hadMe%Px0Ay&qA11lrK
zQ3);Uy!t+>hdWkZIAH;sz~FsVeNje%UlaEhfE_B1B$^O`0$0m-U}J3aX;d|Ag@D}z
z^}dibQEL%c0adjK{Mr(KiBIX7D(}Rd_Op%)>Fdk)41S}7xGGjaj?Qb%pDq`0#lS9@
zYQZA?9ytzM@eIk436I3`4K9xu&3RG)8mHA6Qi|c{^b(N@^u&^0hUX;jb9vnWpyb^S
zn}zSs><YSq;-oUhPXe$D<ATNE5*yXev*nPR9-=I+YY-A*_h;s5+^J!b-Dw6;kmO4}
zGE-3h)!VbpbI2WnXZlg2IH4Xs52<%{{`M7)*fZ@x2)kFv8B%jGA6;Jyw43KWawNBI
zi}}YZ5Yt^#Qp+Fk2QJ4z1t3!Y%FoMvjl2%U2oK?VGXwVP%m5l~JmwZ@fHi+a>T%Dv
z6X03R-Q-&JhDqLhem!FON<Q}`zu+Q>-O+ylfxED*GQZ$HS=@`{^s2&+Q_B9b9q790
zW!Z`oi{y)$lo|6?x|Q~X>ipAbAgaA1gELUSBR3vGV#`k3f*GY%@^ZI$88TVbhTib&
zzRdR*w;nX5#`8|ZCsihCuTG;0lXF~FO=v*i9pA)$*#AS{aN0T}V*mRxB4EiSHQN?U
zj}lHnuawiP<G9e)0(^xU`|^>V6~zAylg`)Nbh2&yZ8t{AShwn{UOnWGo*HJSu)P%Y
z;HKsr!mlLrs8<npDM{tBF!FUTMkAno8VR7NI5abWU$lXdE1WfgDH)MFE_XSnm=-#A
z@wvLRW@LCdnbrAML8)2b@CvMmu*THt1Dht3nY0(<Arc-{aOTCD#4=dA-CMA&O$%}s
zLvwwi89qTR(#SnQJhoo>!=Ds}iKGHC({paFL!NVGK&0Rn8bZY|Gy(;!wgE0KKt#^#
z2!!w$BV6F3@CSeqLdIcak4VpP&9mVeRqk6J^#GVJ6E4|iM$2wXFf$n~uLQ=P(T>$(
z*;#9`oL2E}jLym`G;6irzxZu$YwL06QR~!#tGa>!9SjlI0~kF~XY@FM9GWs-E>{g1
z_Z7*Y$Io^JqyFJpc=FnM=UED0R+|k9%|q_eY12<z$FJVMIDY=u7eBswd-7N4ke2-N
zS_NHes|=T{%JRM%llabFz|k`JT+C&)uI&}7eQ%eiZL+mCTuz4>;j8GJOQ#Indg^<?
zq;lk8X+6EhD{|%8EZHzmKHU$7jwh=clH91NYyhb%;Rg!Hh?C^0?NSh(_V;F599YxB
z|FRJg9B`D(pnEoHS>^S2=;R*VbG{P57AO;>pCe-S5eg<DlL+Wgp<d|7`%;MdpaxOv
z=sHB!-#3hA;k#kdOA;vG*ERmsl5Khg8(cI<7B|jtlrMtm!h3%&pLlH=3bk?B#2PoG
zxuk}o>LJJBE0z8z1p@2|*~2b!Xy%A`b?Cwu3)7_K%ZR_K@A+v1-*fyr=|WQD7BW4j
z!+s*uSSj{J?s2f%wiZzp>=mP*|MC@3Tf*hM9>C$5oLGplLZ+t)xyI>SgTL&Bt|GAL
z6%9}ncYZ2c<E&g<PzdH?N#;cB^z3cx$-&lk>%;j;tF1<Ny_c5);A)yjk8^FCT%#$%
z5N^tG{5l?ihF3*=SK_$^Oorj`YjIYMCOI(O1Cp#60BzbCuj0=}f;w2Ff@KXwd5aO~
zVe$msxn#~gt5P<w)T16$IDBs?=y4MVYvslS`OpEqFi?aC-oh4{4uF&T>b7id#Lm{v
zL2qlXx3zt~y?eN~f4IB#pZPDpNZ-4!<b!;SYX|PX)(FR?`kA>XX%UIpjzw3Mu;-V7
zOOOBP;gYd#@wCD#e6)_g`~m{bjXY>y3u@i7EH6SlwT{2FNd^`v)jKn3Bxc}E3?_dN
zCHj8*I^#zhDNku^T`XI14!ocJJ$30%Gz^b0lM=C0ArWR1i+rUP^u!k7<K1}Hhq&ul
zJ;X|(T&Dvc?BxskWT=Nu6$lbeHZPa|O@erKda`7+XcK)*pQ<Xlu%=2j@)dwvqGR!T
z<Q6UWIY@?c)GMxIu|0)nJZiTJKJJI!ynIn@6|N@ybiJghBERRV9+}#Q5q$g4J(_F$
z8P$A-O{XbsC4LCX<xive0<Erhr*BMW3FKX5vDt{i>w7KATl7s>=nvBWn?o5TkL#gi
z6Xo%h*wMaNno*$VR+^5}_|Hksu3W^1Tvml|k~|!JNt6?Sj~ht_we%?m#+~2I#2>Al
zJSzR?2;8%NzSORec!y|x1=8^IXmQt<<?xmVXx8zRa^TtZ14tI3k7h;@1-Mf0&yIU<
zk6*mgrKSuYfUmHW`)3s(aWg#BfbyEXwI`XWIt5nh(LCu$Q0h86U6*D|Od$EM${F3D
zdNA&XVK^o215{=9ogv&Os}Qa+2Ytdos?e`(wqGgnW4Nf<X!s8NisG0nj+03E&Nc5n
zdw<qyvz(w##lQ%Ccz9pFCb^VpAEBHtJx5u<vxQ?zTi(dLJYg>e&eeniosx%J1V-O*
z!Y>V@--chbLP}dt6Wi#NL_=K`Gv$&-z#!=jl!%WIx!^!#B&X)_Nc61bI^hyoWt6fj
z8>!^5lJA@xTjM*Bx_TS+$$L17j880nNPJ{Q)G4FT7&cD)FkpQ&yTReLRA?kqmI_Rs
z8oD6oxVXk1zWDXeiwZ{Ta9?LNB0g+pLp=FIAK0YMb~yOPw!`BUwu5l@5x&k**;9}E
zVj0$_4{{vSlh`HM1c6Rfulx+dT}Ks83%#poA?g$kSs$4I-r)GKfxYqc9`;6U{hv#N
zkdNZXYUu*&>-^Go0xMVX(~>S<ZV<BAu%pJR<*|8;;*j%JtwW1yKVqCzcXLtdWA&%g
zrbdxALR10Xq2xviDUQmI2p?|q>|-C)t=t`gax#rX+)0RWh~*TkFnGaET=&E2dvq~>
z$}f9AX6X6Ecea1$fkme|Kz~s~v}ZLSuI-3d7Y6^3j)DV)6CbUE^m42rM8`WlFSCmx
z%V!t<USEJRxgc2#H#nUn`~@Cm7$SVs!T#Rv&UT%tp!`|Koa^cQEXAbH0tQuGv(Ciu
zQT#3Z?~B)`XRo;`z-FxDYh2`p-lw;0rAeWU)wC~&Tm+Xp-Sj1m8ioWh3=j*b4Hwxs
zx`!E%=$eNWueA;mR)EvC0@`Y=f-ex%X9K|=7U{i!T&~?e0aPVd+xGHjIYr5io<HKT
zFJZKQ%Z9rwSA1_Kz|#kt0QSzLOo6Z-a5F1lHN<!Lv#g-|IS%e34j>@^eSr49xcgVx
zk1-|+niyChj=fbq^Tx(5kOlyNaPtL0-J=S=wzX*S$GrHBrh4!@1K>_bCwUO&yTNh|
zew6PiM1K(Ue)>lVy$vzYf>TXdh2GHz>4-ML*OO7nO2HKNekEufbP9>xu`4ikqJ+>&
z&s7N%U${+%a~ucKTO7;|%5(lH4*6>busdjIALbG?)YySCt{~y%><gmY`(+Oh+VMOk
zxxs4qY05x=h(s5@eES~$dyW73mjtVNv%UyewG>D-%6J$RH$|uXt%{k)?Y7crx&lz8
zGQadL>MBp+EpsyusiKvxD*kDlPp=m@eeC}Uzrt*U<v16B$|x7J_{l*%%BD_3xbYtm
zbaifTx-F%ej;vu(4>IVu%o)Hf`~dE}v<XZ@#6_6qJ)u?Jz{fBj=wWjU3CV7nogvr`
zsbK3IY7lOp^TQ{1NiVoCEtkVC7rvK<JAKV>UBv>``aC|WAkU-PZO;@$dERR*sDH;G
zE1;5YhX*{_ZZFN%IpbkMm0EHlpc>cAqYho6Np%$XGY661ygg4t<j6;xLdwLGDd%>p
zjjm~q3mVU~lQqWiUi%E|AUCtQ6*ue2ukf#uE17L*T65z=Q|Pv^<ULZ~uKe_N;HS3>
zKfOKp>Ft{z5u?hLYv!`sW(lTbBFep0_Lh?pZLir$L`y#b$`~SCu|TauQe@WrXlX>4
z@W{6%R+(z7WCHmT|KoOu{jht=vSgn6bw0%s$Gl=w(=cbwhLto$6@Gfo7~v+F+uC*B
zI}M_GFSuKwoInrnih0RuwQ2NaC+UhGS&XmK%r^x11n*hSAVxcE{cQ>>G+t=84kB#&
zgeo$q9`_$SRY*qq0oD6eEIjhiG*Rdmx_ga~^?=zzEV6vQ2>a|eVV}MIdoj??Mhx`W
zFwjaqxd(^rJeWhOPk0!IBvPOZhgerr9S1yp5C;gaamVawPqBeRa4Q+&c<)~Pu)7gI
zph5Z77-ILq3{ic;!x&<F`+*!`eLrxfRfASbS0!Lt<|<tRGgpB|Q*`hWjr$DjoC=3w
zK5Ki|!Oea5FS3Xn&l#_40~_ASNN<3wm6n`(Y7MTA3z`XxK+vsiX)sr>mM}hP?`y@R
z?w3IJ#p6?(>hR_xn;tx<Y2)ku(93?mtDf>2q%C}Dta(@gY;DleN4uSFLKV}W_RXK1
zP;T4H^^8q%7rtrg5vX@M?6$B+q^oLW-<NM!7?@7+Q(uUUUhiO#x?{>`<7V}13t8jd
zFy5JvSsv_PqCtQXG3jIAo&Y8G@>C0bM1$BT{AcoIplT{5^Ah9QU%->FVVlj>9)mb#
z(c9F{`ihSTw8AHy<LX<8@gQnRn)5-K&c<GY-Pmhjnddw48{Efb5KJto&{T5H@T+9O
zQfrk`#?#;5kwAt;W9z>$b<grK9$}WY@H6@8UBXXq06)DU{Pc43Ba&y0WpCVcEi^ge
z%2|U6ZPPgM0<Z(1EuZbwTl`5E%-1mMnFlx?q|dbZi789UU^P9xAZgVXme$&;fm8fj
z8Rqx0%R~45Jx%k}L%x)CZsS}O;@YjV%}rf8+TO=pwr=EF5a6;xPEK4DFWI^8^IozZ
zSG>em@M<0@*mmqoInkD3Ss`ICoS)&L9fHUPb|*`0H>^jidUtshwfktRpIx+MPior{
zWekhSXi8y(;!{57VRjtkLcQA|n^kMZ+^cJgpVfjDvn7qntMif`(7*<EzslsOF*mA2
zT4!D84jm12t6$%^xL;s!S5#fB=OmU@r9cJz+K*H#fEV*ou5A)1X?vJoWz=Mq3mIto
zi_Ld(UTyys?OnICwY9n)*neftF9zDcHJTM8|6<bo^j3mfvJ7-yizO8&U)3)N@d>Ex
zvCnMG&=*}dU9=%~JUf5=pyrK2aZJ6@+2+^cO|pB?=6F6|3O6g{fQ^9US>SU|Tjh;3
z=o{oT2(%Rp0~5(c6jf$7E-2JbwG{kLP$K-cSWXxB0*c2;;>u$*$6sFH`-ah{EEIbx
zKfNdL(|Zg*y#x431Y3NTmF>BRnN~wS?d1qm3>}9%qqa4}D^|EP9e?-yrTa$nlR3q-
zLsUA3h`OmA`H6x@v@`u_hA+L+qd5`f&4_Z6rTD=FljuDCnpWR|`yGIsYPQfV$N68A
zY>sl&z0kyn!lmv?I?u0Ptif;cB7kt7%G`{O_5r`Qd-_A`r_=M_yaiC0>3s&M0jR{?
z>Ig%a;S`b+MNF1PQb8Vmz*qcTH^{MMCe*1{G1GDGST-+XJeKhnW2*95<6j7-8K`56
zLj^}TYM^E|z?}cNC>GiHqMQNk^+;KuOD$=z9$N>Uep@!Yth@rP18n1Wfo}KfywQ7}
zta%UiSiHE(tNWSfw+Qera!k8y^s1+8UIk!pG+6?a&+eFv%j#R<cb2>>-$x#Q@4&tU
zED8LG630wXa!FUNYkN@mjaKD+IiS%89yU;W2YM2xgEYs8?_*!QR%$#KgyMVWI*hOa
zH_&xXX~76ZVB?>|R>+~<mSIV_E5plfE9RhXOV1xEV-LLBN*q_WrRQ@m!1?&mHg!m6
zb@u0AKtF5!C{X9*ZZIYwqd0SSEzT5by}&+wuJHM9ky>3mJ22=J7UJ*j<G0>WL_Wl)
zeM~ht>%G~VZTgvKk&yAJQxxhP;Lis58ZIE-26?&R)g$=zDzEKI@a%dz<Ff%a&X)3Q
zH<{857Q^H$yaB#pDSKLJaKo|$XpAbRSvPc^i^>9{k1rQ3<I_~@G4y?l5;nrnhPvy)
zvIWMW_?rR^;s1jKCKdM|!1w{cSccjmCf3130lM|Ea6H>V8RKKvBV8dXDj8i*GwzW1
zCjp7S7z~c_nW>@pTDbNv{8f7(g0-H))fhGlIVXW;XTz&bTvWh86#}ZKQ;b@17zOYT
z78cx*AML6NlxPE=cv&N?Z@(T*O)f2=9OXwjus?%e#s}g*Bi#ufr(J`Js}MuY5Q&q(
z&O+cWkY-K}c$&9oc1zz1W(}QX*1<{*tmz(2!SWbZ;5jnsBOqYB1NsWAY@m&t3F%3<
zaDuOI0V?&~?N;hw9lZ+Hc}WL}S4Y%LkVm1@h$QtGzM`G7J<g0aI(HpP9u6|?ABOoD
zbj6&T^3*HuNKD~xNF3uSau~`wcs*lu!V#g`6OB*Si)QDPHOh9tFI?fh{7U!xOXD-(
zu}$Gw1FYpk=X;o6eDU(_hc^;8_a8!Hd#MYGkFs<VGbmlAzLt-$KU#C!`MH^edUBG^
zz0j6NYh}V+ZeHC9id5i}V-QsY*DwiJhtx>?N|4-aj<Y&cp-zC%+4Y0d>=~Thcg(y8
zXQ2iokBo~r5YA|EO;Cjr1V1KDKd-C}-LvUg6dG^`{U-p@0t#Y_CWp)jK8#8gmpqK%
zGFRs9hg>aIzx7DEY3FlT07pQ$zfLh}Vc{xk8ZM9gW5QEhldC;dND+OOLX;$m+LE7M
zB7a_g(kRLh2#IQpr!l;+|1F${#;8%>Ms3Wo7GuH1N#;tg$%b}!OCkLMg;XgP8iZ0o
zT!CyKX&C7!^cY5~OgA$0fziD<lSThjv#2LEi>igEektif%y=n|TwK!b(WuQ5jh4l!
zkbzbCpm^!tJ>sPmN=X4`1!Dx>zG)7`0})4fMBIo|tef)y<bF}pMoz3m+;qJ^3lHin
z(C}AqvxZ5%tD)40I2C;1{$9-?WKSTqfm^b?qA8}&e<YS$jx*-J=h<C(F`8b;9xr&0
z$WX`c-q*v8k$XOS8d>bit2C={CiC0uOJy1F-qSmhZ|`zeko2fn&bh$)TIK~w@N|7^
ziXlcV(94PTx{J9=n?7n*Q*~aYpvUQ(y3lGBYGm#`1EQm)3TtiZqlgsgA`!Z)sG$9?
ztVfsOhBTd**ejA1KC>JHer+SI|NWnd!2Q<l0f<xhujC6FUvy=E-ih?JrnU|;2q8Jh
zZJ-19ve^0MNT6({htehrm0&F8;pt%a)e3NVfJ@2Xp4%H#&~Oj)`S{L_QRVLNw9rFb
z>CrZ5=0{swbZAFgkG7vaecEboKYjG{>7M~cPSW>icZ-$X8YGwUp>71|nkV+LEl~yu
zekQ(N%u{e_SAHU-M2;T)5p`mYH@t6$7@zP&%w}^TVi%AJ(@wr{F%a4XT`8zPJJ0Mk
z=i^&KQ}=1QXQ<_2cZ4rRMET0Uu;DA*8@MpCD7+?euKwQaZUGgx4<7C9Zf)-#JbiLt
z62gqMlNXBr2JL1P?AmrS{5!Ji4#=j#Xo3l1<lcrSW%E(V6DbK%TNu{@5lAT_qUR3X
z6E7;#K~`(~C&<g^xFo+wO#}SmNU&|=6LI31deL5dUZ5|P&Lob9a=im(7dS{0y0|2_
zP7cm=zhKAJfq(w$xT<}HP4p9tA(VQ|tQB;4sL&m=Z<W$?0!|0o<8IM7in6leFo<jA
zLEKZhQK&i!vbq#K^<H5w{wlueSWjAIlAq~-9d^6coWy=`Sc7alKz)reuDr?fMTe!!
zayVLKoUv>gkbv2Lm0??eGW(Q!NA!F-m9SBB5topq)h^d4rEJtyP^%m+u%faUH|Roj
z)b~nD+RO_3siUlpGt85m#E`b-SOu<Ph?xdyRHJQHD4F}g+#L^V&0)RAmc`96t%I3I
zn;?%GFzW@(Q4^ih4fOd@cFF(K8w>}-UVfEd0czXY?rrb*|EWdEM@{uWJ<c{nB<~v{
zP}dGAjj~0RiPvN2Nq={%zYAP!IHLgq2XQ^t?in>`p3Hy=tPK8lanqAx-%C^ppm^xO
zy_b)$P#;rviH9G6wMAvKmNUJfXi>a~q_d9@cQOzgAZ~R#QNpu<lhr&3M$IzJ6aACL
zoPD?24>L_SjQc$4!s#<i-`z(24Ek+koI?0scNB7HUl~~opk+`q&x3Hew!d4<i}5(G
zF)duf6>5R^G0$ge8Y&>it|^Obx>$j^Yw-3tttf%HOYyHF$d}&f-p%aRO>ZTzxU<jq
zkp`m@UfkJ3F<5Ib>8^?^cWS%a_eJ0vf$F{>YX6+GohOpy>UYu&wvmRtJ5Q_@wt#mH
z#-&`3C-hXnv`RaYW%xcL%ivQ-t-Z&Oo^EgLZEro@fAUo8w)LU(#{`5l_*VVtxKE6q
zA&hK>7U3KCyDBhbf0_Wd_ySw6A-=Ot&C=3g{|;bxDqw5B_RMw#8jw7Jg9AX!MN0K1
z${;$BHMA!^vcLUkcXwz1$?j7)0HHnouAbxvmgKuz0UoZQMD#=-)UDh6_GX*k-hA`h
zxcS{jTYI|)kGFOoA3WC0<L~M>|0LM_cB9RQPpr(_12tGIiYclp)`53!y4@l17aH0`
zY5B)CU9k9d#{CawC^@W9H#Lv+zQ9WPl>MLV23^%^(ni}lf+WxCO6&052CddT1Sv2)
zqRWDUa(G1Cg7OmniL`6A6^c6H#ZVN_lp(J}K46^8^Q=UhysT5C?jx*ntg2x@w%0h-
zsUa!Y>m_{rdDz*ZiZIyPq22`8+hI#KSGTeFS-%EhL_mF141u|~=`wUUNSxb#+6bR6
zJRH5u#@K@YVwR22NWVaf>j>+UR&`nfeQ00DgR{7}lgg<$nRP@~<u$uP@0z?g0(YGM
z>6oc^h5DM`S)X6$fL;XcT36%jn!TxDb@p&8ecpxZ8lP!TV9)21e34N=DuMle{r>pm
zMH7FkOPixpFu8Nvu#CHqmab+TDKRRRrCE%SjOPqxoCk$udxjI5Im^ZWvRgeTf|mHX
z%Ul^_WBgZ(`4A{6N}>*{G1PPTm#??9P%o(yoauZFr=;)*FLnd2*&O+K+xs}^Vchg?
z5EuD}{J8N$u0ZtXX?)3z(%_8AA)`_|I7gHDfv4>etg<{yR&me?`j^soGMV@k#h9xy
zdml9fx;Jn<6(u0uj;6!nmRL(})3^W%n*uRw7l>e|w_{j+IT{;uy_pwS^}ju`8t<=$
zo+Bfia{ctjdViaqb`|G(CRKlo=zO!t&9LTi8fi+gK39K-zBH9&{2$~Yw6Cvv3#l`5
z>@Ndedr2KBYmc$7n|6M*D;gQ*Ue#5I6UwoSIuDamk(H4dcD5ne)p;Ji;RqgF!N~Sf
zZgv}2pYlQSlz-gtlz*%{<;V9r<sX}#@{<Rj@{jeWjGZSHW?bfjjA#69O!eToQhUtY
zLvZ+bu|SMyd{@;aV|Y!yvEEZlWvoaQ?CVt4`f?jfrJpuIQQdG~=+qWc0p;XkkPK=3
zR3cmTv6LMlIvs_^kA+P+cO#?;v|}!vZ*`&ut*c^R#em7W)^F*?t--m3tN;Zypdbhi
z-xaIk+5KYAk01Ps=$Gd%4S~_Plr#w_9A4-ooNG!Arb^7Ir~eNap@9X}gY&Vz23f5v
zX%wYJ|NK7AP~lg4sGeOdBn@JRfa&EDQ5jt7yTUMm$$8LBPPeT_9@rR|$Bsa^Tbizu
zB2aSp^zr$NmoFOOaX81xU6K?`0k;4u&S8poqkxwndOw9v%h%AU_p9A~@&{I2u<mq#
z<k#2IZu-k&@PW2<iBcIhBk;zM`nXyJL$B3$9qIVZ?XCLP`VZ~4+M`D~PN7D(ONIYC
z-_%*!H2pv;NFwanduo0x0Cn4P>7I^8)rtYWE3WDh59lmk=rq6@K~j0J_Gi<81leLX
ze}Q@gt&u+1szRQ(!yXp(_Iel2O+NT|nD}aCMLQ-aoZdvu76K;&uQwRq##1H4&4ujZ
z09<&JH-m6N3c;G3fpj79`gDPH%uts-5LHk&&l(V4qZ47W4whnVmy*e1O`bl?XEK-)
zh^#I7IFAJF`i}LIW}+jq3DPuCNTZ39ATbrqC4t(an9IBmEw`q;c(-sro(3P4NzaIZ
zG~{r@l&fhAZSLa(>TaG_@(V<uebLaq0exwvPs+V+<&5}DBCm!^!U!b2`)W-syQUcY
zg6PgI@kn(jVy+DcRD<f==lrGeU;cr=>XpyVvzm7r^>jq<ckAWV)?z-Di-*`Az=41j
z2vAOU1K`Jujq<Sd=h>_%pII5szwzQ3#lKqy!$e$!g?3uVOqK)QjudW%Kcc6|cjqjo
zf^)F-*LYmqBKBbz3CsTi*bw)+68^0Z#;*q6x)VuUEmD^-3FW-X5p!%J^F83mg_#|@
z2zvZle%L<^47fwR4e2ocNC2Rg<V4u7w`G2QVF0+3D9ou7HeVmw;eDffM*3GImW2-Z
zM;xR2ANXw({3ZfOB=(^cELN}s#lN|TFuO$1)SsgN0!cULmT85A4SxRn|4|0FDUO)=
zY)dbSQpH~iSDxU+J}Ss`bDOGt6+ueg`bB2~Nd04{`86!yQ|=2gfz42v5kg#xFws)4
z1l3o-&Tk3->aJwBa>(jWY)i&CPKdedBFSyIkLlhK*Pz~HtFbr}P>XK@BtczF89{^z
z;4Vr1m&A-;03O!K&V=PFrC}nM9RF0}@$b2Z5niS_eD<()J_mjrw_cx|v@ot+;y|Bb
z-e!}Cl1@4;YDQDVc)kZ@w$SEC@>$YE=F!xrQ9FVoa#M%7JK3<fV6q%9M#w;%LBnh6
za0<Ri013%cXVe}b3uGCrou>EKlu94JJM9e-8A>DGFzM1Jpsuc^e*fa9#sy8MAXh&k
z=wWj75Dr`y*cWbz>7ivFx$sD)g{`KvLi&odzEIfZLT7qrhR7Ge`MK74<`V`}Q&=DN
zjaIVUTgL5jfaWk1_;?p$WAStDM)jgx53mt65XpR7h{UX35==7hH(h$Yeh^j+2Jr!L
zOB~ZFC$2=}hVN>^I?ZBe+7|qG3_2}GQ=^yyWee=nWIv{gsaoj9tTFmMpQ^b(H1LdD
zP%r2g6F4VyXGji1_2iFmNa~}#{Z{+r_&K-zs|*RAe{tl3TjPRK^0;h(YQJLR8g3tl
zbgHijGlOia*b6)PBpU32(ko~Pa(G);4JM{=XFP+gonR5HJNN0?zS4vOKpoJdTAgq1
zX(VXZvPMuJCQdM^tZ+>Uj7;Q`r#OFh!S5EKbR?okc#p-8{&M&6)}!5h{BQWzGYOwp
zk`>_tr&rzy?5m$CT11{;R2XAN_8#YX;SIIoZQx3dTubgirh*EgWmGZ!LEQ?nA>$G>
zz>Pxdx;#$!&S>s;Bt*fx`~JmmL1TdFC};JlY#jrpEwBW;BPvj}997mXC*kopaSwk9
zN~(fCQbWVa0${5(R7h=~>+CUD4O}^EZMQ~~320Yf!LbZUAb@Pff?CCi?YOa3L#SGv
z;s)(|wdh!@Avl!fluHc6nJT#l)dDGpfn7uQ)90pjB~{M(dMQNIc8yhEE<<VaTpB@6
z`iD8I@B$ww^JS~4Oq4s;{3Lr`iWsQ5=5lfQ%5^<Fn8FJ$m%L$y?a8|dmw*oKYR=Dt
z6~g<Z*s%xVi67XBe7VuV*>bPt1PKmY-?Ph%VT*@-vM)-}1jsaZy^=4bjy{Heza*^p
zhj6G{`r#-6nrk4v;%|2$vhghfc-i8iTJ3Nk^pQRw|FIfVYo-h<1UIZ+>hm%C#mbjy
zjspee+CBl_((Xj_w6BChc$mCXc!^;XU;R`Aw?i2Kf4*TaO-T^LYc+u7wJ5ux-*n>f
zv|b3A*iqUg^FF#E<Rx@1bQ;c!8E1prFR>BdCISK*X4E)?f{@lC!NlO4`yVZ5-Bwxf
zu_*1tUyb$(ZT*iOIyZ*Ou8{Y(NT6ZgZjRv&EC!c)_`kGTt*p~}JG}?K0i3a?z!x5K
z$&W#`B#&wclOAD@0)7m3xvXIJ(DNElXH=R5SQ&2MvYZ4Zr%`!a6rv0?nsRItUNFA<
zlS9^?l-vt$6KKs6jbptGvm0ql<PwkFn93K7XD=M_RkjmLg?M)R(bf+B*LDTVassO?
zqK55MZ9l?VwrCLq3#)4&euOn_cY<HltzqB8b#8R+x*j;RzTNtvg+)a>iLW1cj9J#H
zeZ)nnN2hS*WArO?|0wbxknh(jE`6ws4c~3GZ*N9}o7SzQG;up7Cvr(OQlS5;g-7x8
zfB(lFl)Xq2`Zso=oT58%g1r@y=$(}BcUK_q45Sd<l#xTewsWN!E)=Ym4JOlCDaiI<
zh&<r#nP-SHP2s=Aq_@TVBh~rCiNxOFj;~a3iKM5`Q!ZfuUGzp4rdX<x-`)ePRvJ^e
zqW@^~&bEb%kVb?%qBeV%I6wy=hMR)t@72Hm^KR#8+dw@$!hiqgZTKZ!=jh4K5w9LG
zJY|EH)MxGo9l;^rx0lsUpG~)2g@}7=A>wfW=?DoW;Z_Yq^vA%xn+A7>h^Z6qz5nuG
zI}UjJPWE(Az{CIcufN)QRP|COn~#&z(LTc##tEQ@yO#GxSgesymRb+Zuf}g_is7Od
zgBApS56~q_o9O`VuW1o0p?%DbA)!S>;a0eEgM4v(f_s&B-_~`)JU%&T;=!HVt)dZo
zWqBjcMigq%Wwj^=cQwxL9L~uW6~9h&attByh0Y%3R$c(AW^fQVfPikfje7OHWua2x
zPZwvhwOEA@+*dUZj>|!~;8f@wIEBC+V0<b>d)MvNx&joowWXI{Xx3;O-(udtr5dd2
zYBXL@XJUDoxcwL}auFWtWy(9rupj}LuJp>-ivh|t;~F*&EGiZ!2E&z&dHp0Pxfg<6
z$zf}oOFVb@|Lsz2mXnN-(T`dO+(F3u1I-HLubWg>{c(U*RnX{i%7Q&NMW{j206BY6
zW&}J?<NOuJ$vvrLU-1_h$>-!2+&f(<EFzfmd}eIixG3Vk<MbXpeN4YZr$R!F#BS`-
zmD+;CL^~^%+-6z-<-Z1XV490Swb%*GL+J?7_vuz&W#e(6kzz_307Z{tDf^uJ9<;Z&
zx;q`s9F5>Ku>M7LDF~?l-~T(Ir#lW^hhE$R|HNTFUS#n7zpH!n&;Q3iT0Z+b_elCC
zp=+6;$&dQ^AO0sMQkX6jn1eu2_Z@@8q)W8bt{fl60=mJ<yZjDYqgjtsQ!v%o!qOW{
z{LT6}<nA_u@D9o~2f~eXp+svE$wME<#JBo4I(KsL#h~kr6%}96ts5w!9hTzRWm$~r
z@V$usyLzM-a{v+mPnkqH36&Rmh$cq_b5*EGG$jZm?vH8b>CTv0Xad%VqpL!z2g2z6
z<}kXR5=TcVyz9}Q;HSp;+T_6s+~N~KoPtl<(ZoowDk#5FUf^H3#xrZ(jZw~$TZ3Od
zW}i*rql2IbYAVgvGg%Vg$pOLuY->2;{!s%-2Poh`ffE>GNw%vlnM<bEXS{~VtyzoE
z7e_9OrQjgR=fu}cMkS|@t-{-BUoOsl@5}4hKiu{01{6)#S{!^*rKkbJ6?%5n3G0%3
zMArF`U=}hym?D~w>Xd~wDKI=?k|rVphHVv6Abb)e+x{egcM4?7HIXg>IuK+iO#%$>
zxL7x$RC!>VU^4fp#lFUpLRwR`PfwT>!@PrYKyJixs+A3F2YNQ}H`zkp9oJ=mK<u_O
zG6}&e{dT7&cVZAIZg%jJK9*Y|(^;64`9p-8NLc^L;NkZX{FQ51G04JLw)B7G6L3_v
zsMvkGC!jZg#%fLdg829TIJOSLX11khYTLGQi5>;lhX7jOtKnXok@SYk*95<&vadP4
zz&#D`i#<5Z-Fz5~)mQ3QksF%8S&9_-4BMB-r?1Wcy;4FvYipbcOWt=C?}NNU0QgnG
zpvJ0DklHw92~nrND>3X1=0(!NI$>%+j<Ld!+4*-MGiKb$k%5?2rYY`@ipSh^r!X1T
zp#kYx;k8pc5-}Y&rc*wuGirj1q^>$<5wmV%18`oP@|d&pMQS%!aW+kb7ptXWtfdhG
z=58Xk!WNG^6*Uu~KjrfwCISOZ@Zep8hfUx!(aMA8^PnkjkmncaJrQ+`$W|b0XFah6
z<5GmG0Pfp?>J72-YfN2r`9H3_s$Bvz3;_^HO0o<r={O@uGnYp)L@d8`Jqdu!U|%n)
zkXh4-tFLnoeV*|YzB`&BpBwjfwfl2}bp`V>)$sH_<`DNaAIbF0FCx1Hrs&OFIs^|!
zlKXjb_WmW7s}axj$b2P41Q#NOt=}F0^#+;9<?<3p1%Fe@>NtANyr%B`A$bGzEOHem
z{w`2OWcIKm#*IUqBsp<JWqJt3r9qe@aaq7(7)5!B=hl=_dU`(l<|z{VcRB(3wU6z2
z_pfsvNIe(UqL4RY+WJpD{A%x<zS@os(9Lue3yWJ$q2RecWCv7nnN2@lm?yByu?Hyn
zqih{z(kH)eqEVX=2cjhWeovtiL){Z<mano-&ki2U4ZLmDlnA;3PJo!&F<>alL1%n!
z9Yv3kt^NED|4-{z+gNhb^nlyP(XA15{O;}9y?~%>p>$K*?df%S@D6us3if)mvrm?S
z{&sOU%a2YzoSnaY-Hi`}P$Qp22pKhJk%Gp5!}>H*)5L^rF)8dwY~Z#5SfGnLr>i<r
zbN8i)p|d=jm<4p6mU4#`vjGK8EV3m@9En`hTudD84qSVWyCldNNglh|bz)^rxx8tF
zo0R`)uYKLa{IsoTlTzC6ABGJDv5>8=>I(CMM}SO87O;l#vvLt~!__raWku_1$+edF
zcxq&(Z{(b1lcozI01YIqY5-I;!OE)knzVlY7<*hL_m)RzxRyfkxDASNeO}a<L-CiL
zJ@h!3hY)GyN^#sOh#j}fGPxX9snE>``#p-|6OSb`ogO3Ermf`<(AF{O&y`_eE`L|X
ziE}rD8o~r~>4Py5Qhtc}pV=)*6la>Cb14T|i%KB_*dPs%thQ}alDwy9x1!FIERUQR
z4vWKe1!>xG5u|n)q7}{oLtsXZ@*CWlOPmJ0QSY)^T-Oaw(g;sQ39Ysgx8qRxy|AA%
zGOFK>5$}|%px_=XDno_!@^TMRpRMA=ir!@RP`T4c2H7+_<h;&PX@BS~k|el5bwXZM
zA(JYU5S+;E9&$Spr&0nh?0qw4c3ZEx;O!j~d;^bvL}MKf+ctu)LzTe}b&jr-V5=+`
zPiG5!E2qG(RU4+NwDf@EcZl6C&i>iFfV1McUGj$0v$w4$2V2|mGueSoM^IUzbNDZ0
zOe$Ud%Cblj#4S^<I5-=cFKcTejfq0=LxyTEOFTZ8;M&k8X_&Wt>h@!-5>E9nhhFvJ
z^VKIK#M>S8p~|TRlyR2FCqFJoUkfrIQC#pfO^)Bi21j6O)R-3E&S+qBKnJj<ZwoBW
zaraQnXPnukdXu^h?Dw|!I|<9-XrJ;)+F%ZB>!b?w^aVD<hUp^@#=uQo;x*WJP|mM-
zA~q`0!`9!1TRz<1su&O={@9EVDH$J<d?qw0^t0ia9NI<?NO}>CH9q{`tpe21{jqRV
zP_`Lrkp{v|p2miDqECfi{+Gw?I8BxvA||(&wI(X=D1T}Z!0(v74+tA-AWX!Q1I*c!
zGP>;(QipL6PBBAIlbuQ%k~K}NgSe>&dnf(y3W43!dDa}c&IC-r?{aPXGY7mAM*1=6
zW?++0Hdnx$`k{hrCkkk_-5lG<9gCvZz*c7-0j3|3m&8Q@q}ViH4U4CR`7S+DdYIW+
zcg@AuO7hf7;A9Vv_v_%Vpb4J`6FyW1tPzyShyLQydL&jCzae=mNegPUgGI%cft7Nf
zDbRjzi1{4<&s)Wrs>q&27j?oDuRZLn!J4`<F&%wY3E&ELclpE)d|r@hR-Zx=S)^D{
zH(5@6j~LLlzjEsHZx9_}LhCJnBa^QnFQ)Z@y%J`*=_5^Bjo;_<q7P5$2`A{*@Pc#m
zWk4Dwx`HRjCR8blufeIyt8%ves#kW{APiZV6?a?)sWdpk!lJ>5P=cLxb8RA0M`Rp|
z50!dMF7w$g8~Q{sw{@DYGS9TSR*IiDD8>5ffDw7>7etB`hjFHTFn&c@#I7Qel#gfG
zUu|Js6N=0V_WLEE-v;i_?h5?(tOoyWe`)x)2G<2%32I~DH9-Q-Ss+*aYD&bLhiHQH
zo;{F=yb(F*?Au0a$rbE$Sua^aNiZoOOgDkoE698eguu=3P%6W|Z#qDsU6f{3f277z
zm~R>27{o<il5#a}W9A%uG_Rqzm?vWkhkPThGYZhU*qFhRKIJv@>ZNXQgM6Lxrk$s(
z>e#9RoF<+!lU8h|IoJdSM_x-M55!zANNac0nFrhk&eYIhvJ6)%RC+_qveBF%tJ5^A
zu&d2PZYpacHFG4QY=uK|gRnSV-Rc{Nh)Jde%sOGsv`FZAhdgAoq&b&*aGYVL9crGd
z<v6qp%jE-dfWHiai)bT2ruFl`{1aR)@u~;t=9wqLvs6rS4VVk0(uKYq!*zP9dvN$a
zzIgTar;FF8Z%$u-c+HnP@s+w-JSQRRU&a=N9GwefNZU7(ID=xC2NN?=j~T@UEb-V{
z2lTwu;eIqUI+fghpwmr;1ctJQE3+XG_9c2E(k8+UXw1tAC*bV-j@yV}7N^aez&;AV
zGPU4wZ;b;|MUu9Y%kH=qirP9%?o!k<Bh&n}G$se~0PjLN+5-JUp3uNV@^FclyX>9B
zFnjBkJioN8|G<}mFDZpgk`sJNR@?Wy<==K>r<|^kA~%~fW?z^MfuT|JRQB(rzJ1i9
z8~~eYte6+m8t9LIVi~?EG9)s6tBN};f>WoN@A>(T3mFXz5V7tu9nGCgEJB~ShiwpC
zNfhO*a!!i2_TT%~-r@V02DFW@Y8&iHE8!U66ZZ2BTTqZ4ifb{DVk^Ci2kV}j6nz@z
z3R8~xiV}}e8Q4z9JoWxfg`oB5#sC`Zdj;@uX<Tm7jHXispAGz*Xt0n9@2S%vh&Nhi
zaxD3n2E0-}#W0Onf?swwJmm=P$mJc@_C@+ee9_dnD3wPvntnpec`fxTS3b*9N^01X
zs>Om8ob6I&eZ-xU_tWA6^I#u7<ji^4gz8+I63GslIJ^q5`Kw?(rNpbw(v>?<)#0nS
znPl3VB8sI@ZIHJb4FG3bbOjfFDWpw1Mo?1T8)(;3HAShU=BxwS$8St?1OTX)^Wqj!
zjOJKOvhpL-4+D$;EBu)Mv%RxhL3-YG`tIbE%h&K3+|`WE;5NUcwq9U3d^n}zAoY{t
zYDT4w#GP_|SXMgsH`y1#iUJHxjR&Zj>B?eFT7$g%`P<j)%kMs%_Th8z70k?~Q^lee
zrA+3&orb?}>T-f*&jb>&Hw=gIsfw5aAI_sn`=_QQWiAzdyl143hInb5#vUBr^=MIc
zTw7aSWYl2z!>Keuk)tkY8ZbSME#wJZJ3KH~jdu^^i=q8;bj>|>3#aLM-=VVipm^#4
zB#Y^(URnAm<pkwaFFhXy*b?`@*J_t{Q`jM3Td7ckPwegN?U<$rNIT>zz5x*j<7YL*
ziEYp;XUy+Zs1C;Mr}Ls1mobCL)ZT$>nkmeS`FS3#+0!OUgM}pk={#zbPc4a2on9}c
z7lpJnvX9UX70g&|`kSU3ej0K2Ojz77D{n3f_#->nKt?Jr!|E`E=9+P2*!qHnls3?y
z#J4FzbuUFJ8E`f)u0|VpZr;uS60YTmaY1q-Gfke6w~U_?^rYxb*}mHzdrtBpPtSbA
zA9PJa0?NUzGE-bhf8)eCs^@hQQGkzs1%2{%G`!AjC)F%|0+xPHgGs#vtmI7WhlxY7
z(y>f{-)(i-4E64Ox{i;r=|2#^>|f7|<%}|+WI5bO@BQfdX3-mrM}v=|Qi+M#qcIi(
z47j_a>R5${S#*ew@G8(Qlx0RvZJ>5FjeA8{$%Ni)KDcoYXrC<R;~!q)*}vdbl+r|Y
z%D@0F0!}{P-ue0O|7rUvKML*y=<X@@nRK14G8AiI#C~)X3mol;zm`)@+9i%;(q3bB
z(h?(1eYCm;3x7TRW&X|i>sPIEn$3WmVRG<tY9w@+XnO_!b>rW{^46uu0!QGe6O|j1
z%qR~_Qhc;<@|r)UZ6&yaJj!}09+UQNJzhUE5p%BVIa6F?FXzjAahvB(5SRS{wK4@*
z>dbV@>u@0cg5ZYZ_2{4tEU^Od0>om!1fKJ7Ihn0ZYT&ka)D<|@d~Kt;w+g~BYSMuX
z_;m<$v|gF`Xszau#8uj#^Re^oq0E8txF2wc)ZhZ+I9?6;8Jo_+{U|x{QP@xKSwG-I
zw&h<7#F8F#sIuloiBg66kJ(OGp`|5=xB~L;jdE(g&+zGf!1u|cZMf5t%S!dTRG7-8
zpXwc^d#xyVe=Q2GMW?_&2`EZu`KSizzEs4+NQkyAwEzojz)Z3WB$nhR9=|&kCFN6b
zV2NbJVsbb<sggBdySrg(XzqIb>e~$P60PK33^<ryjmOA60NFO;yCZ9v!c{HiAN`t!
zMPOgc(j*n8&oOrFlr&rp2w|UK(q|#zJcFGHB#-m#Bf53du4H|;3M-#P0Jb?S_y>19
zijs(>=8GyrDNs%)s>UhNsg}XGX{D+ss^k<1ZDl#n_>Rl{laEYrma$K=c?1_&n&0v<
zxY;V<QDE-Da^hX9ax4*Nc*jcJd8u>=!~&kdJz=+X@kX%FAZ>%JS+H6teMBP7B5JP8
zyByI}8&j5|$E=%!bGW)14O;Er9KY8iC*3V8ka9iAsyB}tW9Oc6{wb5TmzqkC2u$27
zv`q2wu~%GlS6p60fs$%#piTgC@O-%WZwhkXWM!pocC3h_j(^6HT^5s^5v8mUzjeXi
zx{wErupPx<R0icnKqye!f+-0b9m5~5^Ur;Sd|as-gahn+Ep3f~g9)ksiB~HgAhiSJ
z#1^A+Wn-p$#prykaaW7pJ&@)XQ}rBneGvCCilR3WTN$~pg2m<(=-0$ZVK<P${<tbv
z9D}%D`vS>~MrvkB?aJ6irDnPN4vEGZu0uQC<|N9}#k-{Ambl(SI#EzZ0#n6GJ&E*-
zX#T(g;UXF5G2AM&w1T$QjG^)B<Dae17bO>7KF0%^0Jwq|GU?0(hc`ji6fs5#39@tb
zOHI`g&i~&qIsc*)!EKv<afSg0E|R0mf8W@P5dZ$s6-kGm%eV^L@<JLP(F-VsQ;pDL
z$6Kps`yS6lRHAnD)2b9nd$>;?LX#%(s0M_1>Ie~a^{kM=>$*D;d;Ax?KOl}4t_+V1
ziRoQs&myvITjs`s2$;TK(XGzU66zhNY^jPfL<%yCwFZW>d<qeOs1h`8BVo`@>z^hF
zjfB=)gHl2*<1QgP{W>I8)R_<g$!G2j63{S6_qzf1&A@mal*i#c=tM@&E<Fmwq=eS_
ztFzYjquo{;kZ$k!*;(t=c2M=ddXOIBOR7sK*((;a6b=2s7vg{C+7DD;iZ$feMI677
ze!m!EI2(g{uc5^cfG3}0!UuK`#?0R9c{a?~yQ%T5IH9q;p++Iz895s-(a@Oc42@`4
zNi+_tZQ!=%k_|E#PzvfHbOWQB@p*n-ET~FQiQ`%{Y0(EQOXDzfcqo<5BAT`}Cvh`m
zY;m17Bwp)$L<0>CH!;DS_ZgOE6F7t-4&FF-3jE@S#kkzw{onG>85Wo0lRMJhO~sWt
zs0Cn|5Z1|)PHuqja&Jeu`v;mOCrIB1%>riJv@Ai+T@1z}D)ywL4K!*#-!Vh;q&W&e
zB0+KdiKhQx$;TzYp^rjs8K39zxi%~b2kOz*>F6wqBJ+Ze&qdZmWEIz=DSrWVJ{h5u
znTo0mba$UV(EN1CX~&sA9v6x)npCj&X-gj_g9TS{Ks@qmI+arzm9jJTPot*sDSG2O
z?M)nG)GnP5J<J{7BD-`>bmv{T&cj!`tAhr5u_y+`xIY-pu!hN2qZ=2q$^0~5wg)~c
z^+Ne!6Rzv5_tW*&U`JLUN;?*Gs2sK+z5^bCR+y*<qu#(ZIvIV=hdp%-6YhZHBws7<
z11V}^3rG(Fw;!azvCzrz5$D7ab2?)cqqbCwk4X%|dgzuMAJ$yUF7@PvEe#LJgQP!!
zS3kn@?AabVol7zTJFt;A9e=~C)Q_7<(D=vq^6L-pU!mM6>v10Eu%0DHX5g3LJA_$3
zl<e|`v+cntkO*N}pfreOM5`y9-KxCwaBpw7)k8vE>~y*=%#RA0YB89BcD&B<t21iI
zq{(tnOgerV#%w#*Q`3lB!+ovY>~^|(pF`ym-aEeujU%bI9ypNh&nNhf^h_oX{uyS+
zJTb10>Jq|ND2f=Dg(rx4^!Apx&drcL<3;bIeTHiS**#k>;`C$V@IlOqccnMadC;#K
z(~*3@w>HlI2p{jAHPmM9^3GtgK>L4E?Jr2!K^)1r)pf|YJquMrLz;{RE)Mjf9B&hQ
zvgKlQq$)vWkA|g04ND1Fg_#|{Uy+2py%|wiyuy$KbF|$?`s4gM8{G9&TuY@Er7Cd>
z9=ciYn^MvofVbLjUcLt$XTWEtIVf)ctLqT?37WQI?cvTxS946qA`5&}`nnM5tU}hw
z6ayNo;W)+q@X@e2FvmXt(}DF&Q}+D(FgK&_eM0%tz15|N_<WFB?>LK?9(8lBcaIxn
zjsY4jEvO(p&0eX+-f2&`#oow4bDuLJNi9esO<bDffa->QLopA|KS*u~R}c!pcrH*#
zHXrxItvFx%Y@7`eHor-$X(~pJE%MQ{WqFQ8?fil$WdhT`FLS1a56@>qlf8vs==1+$
zPd;BQ90_zQ;{Oa#D;%;0no&{V`2f1lsWDtb*l+#XK1oGPZ;wm@2U>mH{;F{KIg-4R
zN%KOHn@gG?n~~wn2<^u>-r^HgbZ`AP&PxK814sx`A6j&a99vQ#zBvGI=mQP|x1kp}
zfOSbc9Vc&Gfx3lj+b5o3%LaSmqJj)Kq-~sR*w%D5Lch$(?@l`Cg%Y1ixDYWzIYv%j
zr{+`|d@8jinj^Af8zN~p$e=LaM_03bQ?{_OET~nN0Pl!;qLZD4O)1eahJH-GtJL)(
z*H^dYPQpRZN9c{z50AMC<HVAgd@a1?xW??I3#U(0yr@u3q-Z>NO@3W~r8nZD1o-u6
zKI~!trMtd_(B?*RxCz#QWRZKY`tk(>J`JB}K#1cb9-4A#qO}7|tVZJ}fKp5jko=Jg
zpkz@L`U?L~Co%|cGV1$`rY;5NRc2AN5>JoGM2{t_01X(&G}q(eGPrP@@zOt;3{zPz
zba7y7L!0};-uh6U;7aZPB%JUri^vFTG#*0x4vfgMkeR=jW|8SSC6i!S43@4z&_WU`
z0I6ZI0Ekps6ri>F-5K#zF$X}={__kJF7qe<v!kw8uN}kHGA}z$*FaY>>y2}q<A@|w
zk1i#KicXSNC{NZIuBPn>TazYRhNm4)(PIvhi1MTR#(+ci@oNPTPGyeH+;ibHG!agX
zRER%-o04UPJqC#-T^h9RjL-d<LSMR4dDMH(-9q|1dx%}=#hDe}<|jsUmIXNzC`Ff;
zxNQ9pN3K&JCO1Bhwj$xuRD)Qwi0gEH7@b2kh3DKBd!{A2tT&nq40IE*!D*V<Ymn87
z$Dd7ZkxRo#;2jXbQdZZaJ^FNrj(GE9ziYQbQ+Lw-P<h_RRECb!23^_?*;<s!2p0#K
z%>@HHJLLN|J(}1L?KP;)9xfXfb=C@{K%(*hrUcwSJZwFG@#@9-i>N#2X!r-$3SC-v
zZ|}hYVUc!GE_zy#>&?xaIxpUgW`I}fdu)?Lpe)Qq(UT>#$lt-P*T5l+)(zG0X)qcD
zBM*(zwu5HKmTTNTn&dKU#;2mto7k%MNot_fFex!wdh^cOT5;(wq!I<!P%eOFk}XEw
zzc@QNee-;M`|OzVAZwHq`l_yUl~Yn)-Z@Wm-MMyM;Y>W62B*E>RS1&kHaSQKQ&yNg
zc1Dbw@8Yv?Og&Qj!-v!7lDSf$XA7sf0P}9|GDWiMqSa0?0iQoxGZ<M;mZmZ{VzubJ
zu1-~IQK!lNP^NpoG2NtKxilGVmFq!GbeaDg3PWZO%1QBQefV%mi54`aM)K<L3BYgH
zoRNbm73zih?J>h#Ur5^@6vf98cQw64f$Iutqo#^J6{Ied+|CI8je&k9_G<RtTnirC
zlr1?3-Ml{#Ua*u&xO!oa8t#gvR341S(cwA=os?S1co*~-#Az%ZN_g~%ClkyxGHo$N
zj)7<M5#f9%n5_HUbTZHYdJwRnVMM<@mV@MjCIs2C6Wuw<rltKj=X8)#iwt*lTA1tT
z{GG@jGVfk@BwKL-5OjXvTwOB<WY1T{lA34nq43R^yv;K+8fU4HWpgTeKB#!I4ME$s
zvbBSfxEQcI*Ed*JUd6l%&#O!Zns4U0H6E8zZSPCYZP#N;(s(eLJ0)7pzHP!dhkb+_
zY#S76)1n0i#6h{@aa=>FeDO2edp!_(I!KMucDya<a*Ecc4rNyh3a3?gmX`=Tg;QxM
z;w|1@opNHYDFr)7>Ey#cFQ3!#e@je^{Ol8R`Xa7;DWZJSJx=BhwHX7uqE@&dfg_9E
zd?+#~{;(SvdsQh*OyJwx8|6jmKAwP5n6U0>xlK;UIu4FFY%y~s3BH-40+50w+88Ie
z-pRpxI<!4(J(M-^+#2{4R*#T5LwQ5>g|SLyhnH+jjy+0wK-R``yA~@tR^hUh0H?tE
z>-4p-w4sjG-0u)+`oDE!{_~v5tV=0DT35$SKa{FM=Due<;!Qb5hc>SYymr0iOfQ2>
zL+WUOZNy<Cr^fpta5L_KT`tE2n9R<c%_N}8SxjHsIN@162Q3Hv-!l<5uu+odjtBn-
zMvs?y)U9I^W1*?3;)AO!!JY%>Y_F)nP1+jnu1dcm$<{@q!S!vrypvb)yhV3{J|IW$
zugc^#rh|LI!u8gCfc3Dh(KW{S7j}{HS>TepQ8yYT6JCbe%dSVR=kW{L0sBU-q^6H<
zU<g$4=e-PqZveeJZlt^shE#6F-a9J}S<GGLSB2m@Isu-?p@2Yz_qWFHzSEBdT;bsm
zUEJ|CL^yVEvsu}SHbK0Ua(RgyT{9X+(Xrf%uL_6vJRA-NC<qcZT}mwKm7ypxyCl01
z-sa<R4?&9N({BcBBgpJTvqDAA+3|vsg|!oboH}I6gBc|Qvo6!kpu=n+2G6;^m({Dc
z!xVo}at&3Y_L}44;7vSa#iu>EK_kUNp&RG#D3WxDPe|D&7%QzkgOTFCm8<QY7iT?r
zork!SK&$p5_xp90AIZP`>WYGc#efV&ldP@9sunIuW`fsprm5}%1Q<uZJI0Y-4?NX5
zP8qST3!>lL!*Qmih?~`HrJ&$Vs~0>IrnG_;qbd5hFZ+{_qehNn@yf&AohQKJOr0+)
zKwiFE1`vkhTvN7Cj9xXKZj)34sB+BhxAn;WC?MpE%BUDaf!f>}RHo_+IINpKqdbwG
zIm36a)+0@?z~m+EW>Fb|Sj_Udlp@%MEe;K8LNPK)N?6+tiYDQPLW{j}wD5uyF3L3;
z&zK$Gq^BY3@+3&4MWp@9(?m<WE|saY06L5YBaF7vsvNJPr%wvTvXJ9->zRQ)T}=;V
zoG3?Q^hIMS@H?A&LRlvkN3_~WP1*@!2r^)?ZfsF<!lF%Ue|LO-@*9#v)EA)tw^Z|`
zMMq1qcR98m01AAFX1_Cnly6evA1^~ZsMYhZ6XR@BI;v<4^GGJK@LwD4<Vgm2^TYdB
zjF_o&yeOS}f;xlWWCH>5qfBl%?ikl$w67#@2WIXJd)(PaDE|ONXUIhk1ANUI#Foi9
z8fWH;Bi(2YixS7p6;#d<5zNmF3xMXu@AGLOFtIW-64SpumOBLt4n8Y%xF{C0;0xFV
zU|+^?{6Vu_5MEHa6VSfU(0@WmRUx8wBR2(PVGB;hjGPZ)$Qy!0t{`KPZ$V>f?xges
zZ3+#E+{lOyfRM*U5FvNvYtCYAO4*(d^;Hyg3HpFoE{t`*f-S#!`z(+%%PD`dGAWP%
zV#uF31!k0j|I#MvjzJmQ`Tfz9SumJx&wL<%>M_s8=`n)QF(KPS4!*o<;@iPC^eAr5
zr^i!qIR-DZXMyO^j~L9B!_lH|35W*CTnCd4y=fCStt+jE)HQLyD@tVIq|U2(p8r1Y
zFQ@#E4F)-ddLo_@6P$&Cq9V;q-864a@uWNZ6r8l(_@afY_gWQ6IF@Cq)VADESz~a#
zLCZM0a?-+4b^W)=l-TEYzjLT-!%XcJIFQ~I;E~FNWO3H4f}G;HnH2zt?!fAq<Y$10
zj?Sn#Y&c6L^wgBKII~ihi*G31u#fm1<cp(HNyflfFL{YQc|eFq=usAn=m4WsYilRv
z^Kj(z(dBXxlu!D816pES4=>lIZFjMqb-ZDfEMln<D@U7$?{Q_`i26GWC2&*)%%$`=
zz@SzDq9TXLrez*<wKL!^nRu`&+1F-FV=!8pxJlntmjE2J*h}OrAG5oL>R>Ux!)@r8
zWTc5uJ!uZrS-$9<h;z|r68gp-+#1Ccg%Jqyg_fqx$rmX-ykDtdkOl2)V2Pk%8lxc&
zr7|Kdgh(B!OeD~%1gk4bqC<FP4k*acW@bX&BJ4von(m=&o0qx4H|87^F4+NGl1<EC
z_ldJ5ue_R%tjW}rkQ~YjyOg+CGrY~b1lKvrc3swMX0E;)G%sQ&g7wkmwXK$QU#^J_
z87OA4#B->809|2OKWPZ&mEQn=P{ltd7MehPJ1WrZ$|zeN?=G@Z<`3UW=VECF&`Bir
zYW{27>`zM-1xQxU(VTH4nC(=RCqV>xG#zo>SC$%B%8(`t1-H0seSsf*0C{=L{q{&F
zk_F}aH%ltIv~4b_kwfb$Utm8$SD7hRpdwLaK>}Y3t|b%v9c?c_cL7|NA_H~t1>_=}
zacL(l+FjzbR_{Hujq$KoZLEw;bBgFev1MW!>1`_DW2M9uc8jDok}3C<o2~#oW{}z|
z#Hxs5L<vn6waN(H`t;&9A%U>G4$;6hsl3a(5Vd@xq}PW)xtMYx>Qa=o5~!)2A=yHR
zZP_mz#^<QwI0)ex=;p$2bv^CqO*8@tg8>2hE0YF8X%@l>Ey24(4@Q8=0gEpuvxV<U
zs{=DgqK>gV2IvpUvh=vHfu|6&6L?r8PARH~bg992Nspn+GOftEAU8MdMu|LxOjd>N
z0aWL^l=*>_)S7{UF&lajE6%I1z%cDg4E;TwHO@p5x#R=XB7gSdHT5NS;wEvC|IIMG
z3=&zD0LSknr6U_<{lu!JKLL3TSn9e(q%cMgCQFD^*AgPiF0EE6O4E$Z-J4&)Bbk^Z
zQ|o_h<o@A=Bk>om_4)>ecvDv)(}|o`U&uN51HWr?_aJdv+IyE8Yp47m&LAC99J@r;
zMu#~!IY1X0z70l1_@q<-uW#4ff>oWbG#GBHY!ZxIO({l?wMh(+`YN8HS1R2Sp1TLm
z@TM(>ZQE2-a*jmcLlqCFCub$gl$eb}ybEKO*xq)++Fcq7#|+tREoYcQHN40c9p9ae
z{rFzq)wBhS+^Dr4R9`ZRnS8e`=6t{Lz`cs7o7?+JljRTUB6E+qyi*s5oC%$UtU`Q8
zlocp7$E=t`M*l&WEX~zIUIw$8$L;p&$9$kU&-sVAU9y;$GqyA7gU?*on2qskMf)^h
zJiM;S$Y|`rJXf9$9!f(~(@(Ymkl@Kd6A{;!nOM}EDq~@!4<%f38i#Y*s^?O?R`~Q<
z_a(zE(=HX2&b<Ke0hwXcQ6vK^eV)y3fGh3~j|C2wt?g|hMney0%B7i3L?ii-N=B=j
zdJ;-WDihB&8o#}d^Ha!+K+V}GjTZLW)T@aJdZ-mB8nW)8#>YwSO%mkGDS{5p&=r?z
zh;LuL{i$cXn(#(Ate&5Sj$>71pwKfC<>a)PjCwNHLcvmXq=_`XC<Y%jEi({aDb#%S
z;_U47ZSB;PadCZ}4|~{c)_O(Zsi)rF0}^4+eTU$Dn=wPVz?Dj<nGcTEeCnL4{6ehG
zy=O1waiazYel$r?`4llhIK?9)39jtSqZSNjc($m(;0fR#Zd>9wCqw??W~yy`-JBgB
z*{1>#RyO#E10ZyWAAW&`F)S$$n3}>Xc9p~rnt<dxayXNNuSRSDMHt(R7}>m!ggJ3?
zWD?4qR^Lg>tGv+bCLO;h959+D+^E(YmWZb3Lz9WBeu&8bn1ob(VrPqDM)PrbDZ<wy
z?X^!+H_CoFz;x$6AP^*ow5cnp3vx!BGp{&^HHtPGj@fB?yl8E2rDaOj_8il5a;Cdf
z1yFuBu>o7Ko(ZS|S?5H+HN_Ty$Tj4n?h1dotxd0SVkkh8Z0NjqfTGAn4M%GqjF}mU
z#6l^V-zPZ1DPV@n0acC0E<b(FF$q*9?%E{Vinz9ffsAJnr=pRttnpo1@4a0&T%(2K
zyS`_<7LBK-Lhgk$uB#Lh1r-{gNvA4%Q8>)=Ug!p4@2%|^vf$P|AUvr5g==lk&Rh14
z&dDKZWGz0MFh=a1<sw0|HQUF_8xg7&YQU{CYQ)z|u=B%dO)VL>(-KcB3v4Gnq?ekd
z0&ynpLk5OLrAD5tz`8Ucgpug`xTm2nAn00mtF*|R-f@RCu559(LdUsw4ZBnnxaZF1
zkaZ;p=%!3J2TH`yii8`gH#XO;@GkpdZ$+wT_KBRej3=A)yB7TuCmCP@A|iPQP`Y(N
zNACN_V#~=Kj#+SyguCGs&iyuy+5`AFukW1o^9GLEpZwH11!WF@tUTRyAe8RzPLIFa
zy3M!){iGPeAEjnN<nJ}Ccx6`sZLGzOGDvH~5;3815j}Xvt<}5&A>g3J@9Cm)!{^{^
zYEH+)@<h5^+#8RjH}*Tm&*;Is*&PPttVXXO-Wb4g!!cT(pP#uBai*j1HHg#YV(Red
z1{4vZtN5~4mh!0S>$zC;lD_Pf?$^hkXH~fAT=Sqkl0u8f9PT|psWJ4FJ1h_ILL>z-
zc`CCOSeqg)s;m|ltb!&gERrVX;d)$AIg|h4kW!Hzy0%a*)}c!?k3x``8IZ`c5pzP^
zjv5H-CIy@w!a2eP0`COE!y)XffobrB%5hM0-_~6oj2WZ4rVpp=L9E3}+q>!a*~0wr
zebVKI!{kyrNEECrOOK0V$y$H{Cn`=SJ}>XvF-?PrHIyL;dOfeR{^)hj{FO3W)WG5t
zA-E%~6oN-0n8t$#1h@Fa%xY)BNBN;vyHbi`k8dNX=&2S+C-G^Lri@=&?f>Rag|i2F
z+z`;Cn;<~=s2b_woR`#m_~*a>7iEc`|Nj3p&F&&treF4D9ug8OE%_K!{jQN2p#vE?
z+L6WPBpw)paTf74*4BgkffYXWL&G)`>)gxx$}@<oW@m^v44_(tb;=eM0xZ%Hhx!Pb
zXUiiUrq^AV^X{%XGhZ3AoVsbJvNNlq-E&<^{&x?yJ}`YqQ*Qu{>Y$dC!r@9QhynO-
z_H>`hiKc@)!ZT&-=YRO0t?lmq7FgJ&c0yUw=sY`^;}bV8UtN8TFVKfyF3GCCyc2&8
zxme-lE>=M`*!-fbHO#L@(`Ximywc3~<(LR14#hYvlfF^|njA0&NKT13?$m06=Hf8S
zKf`HDu;}Dellj=(#kmFTj|cs~e2wF>lJnhQ-)FCmYllkcFgGqNDhQuVbMleF#<<d%
z+k8slxc3IT5gYd0<d8t@2WMA%Xst2;33|2UB;ZpUfDWWc><A=sfhZg<>H6?=83kFU
zA+qZTx46;JI&Z_J<drUHtFAdzf-(q-I3N(H(&)P;j&42Y{2>1x5-2@4VM;#)pON1C
z*gzLF`e?@fE^;1@b@x&$nVx6y5!5|1kQx65e2ACYoMQ7Fb?#c4#U~pE=S+UfvUH7O
zN2N20#&_<L$wC{&$wM!e^N|J-h#;1pkyA|$7N;)xcBQ7;-%Tc*&3FzDe$pNfRh3f>
z5d{(16F10s?(O9$Gp;av2zgL~Ixti~ioW$O^MNvHL{656eByo0ERtD90Gr`jq6ZuJ
ze6e(SBjg98-Z;cDod7K5Lz(tfwrs(@f><^>cqx)fd)V5BjoVk0)W08)BTaCdW6M8m
z_^3^)aHIQMF7c?()yG{>?{d?;r__|D1a}c}O}-!m{DS2k(8ubX2{uHbzNmmZ;a#(6
z%0>1!7_*<x(Hl2|yUux{`Yb}Vc>lJy^qKOk{peZMhWA-$oSAU9*IAf5R*I$LZxtnH
zRa<bC4n_M)v?r#Xg*HLt1><Jg+xh&tgQQdlfeS}h9v8Cc8e}*HG9!QzatWe$%_fA|
z$q9}i_%vcGYIkfx<8az6E9{X?Fd&I?1-8c+^>_|%RF~tDm=2r4nfVFu(Jlf)POhY6
zGrz@dAha<d2yd!Pp2h+lSwv&W^wRYms#V^tHXnMI`22St=pW8H@QGnoy^TUlLek}h
zKd9(<RGZOP{;VaZ2r^ER`ShtC3h4PwWR9?SMoTT-#$G;}*v(pv?Lh7g08K!$zYIEz
zE+{fPiQ#2sxUhfK!{KMwB2R{*Z(xfr{lu#T9NlTX;$3f2XA_-5a0IK}dWd;3jqFqd
zB`A~~w%nzpti4}1@aEBYNKIQK_R$bX>J_H16h#1r@RF8+zY0O&qKTb`s!^1(cuI6;
z(3NDda8VVlcv4)VT_LEYTwiA+p#-T(vkO72piV#20Z0K+d6S_6OCihi^G37EC}(_e
zH$(Fbso*C%X~R$oSFIfiM)`ZQ8Fuw3Cge#=lKbra8QXb?EKdbQUyJiwJEfA*nS*6|
z|6yjE)aAI@9X?n+A-ItDHOAvwb-H1`H^3K*u^6J|XtJbE3qU|NC#KF&hjUQa^a^_-
z+>jgWr~L9ATrYeX3y+iMZwRE2j6qGx+94b(Mh-s>8NGckU*JR;+A%s5b3*MTTxhPU
zQwIbl-V~;cg%Rt>rH=S6kP=BJT9O=~%+B^~c{xVscSepZ8A|3+)~9Sf(rdy+42k5L
z`i9pI=eS}Ug34t06S;Nrmz)9mQSjoL+9J%Mn!C^((Wfs}G|x;vnLE6Z^AorZ>cv>p
zW8mh*Xsx}NexfcxlzUE4b50PSZz~6hHvQ1uEII<ZDELRT)~L%Q@Xb%z$P^O5$4C+a
zr%({`!zqY}d`vWCUt9Ec6qOu9BsXP&09po-2IDi?Q}UN*AQ`8_F)By+V(4P!aHdkl
zM5K|TIxxCMAh+R`1S7>9E93Q%(xa&~%qfHE1{vPI8O?fjc?7M|1n$p>(>^%vgwG+$
z%1Fw<E$Aj6&@41*Fkei447o2HFRt3iTd3?d$78112b5|^kLH=dgQb^jl(eQzLV3_}
zA6w|h;LOj7#XsQs8Nr4YvG6`#&p5Jdo&se5@cvcTyOue^E4Q4eEbWgx?lcmBv*6iN
z47S-mOBePUxb#+k6a7M{J`MN8XoxD1{7y7sbil%sIk+tQ2&-Ds8PRw7tg=KIF*Co-
zeoO%2?xQWwJ5R~KNaKl@82RJ$L-UcYlifH!7r@!TOd1P`tiSeTW|qMv14i_LW)SJX
z7*`ozMNuc{^2Kn<Ca9VADE+nN9E4Fl{ksvpk|2v%DMcTb-uWqaW8GxpAxB)Cc;;-C
zmBOy8OEWUptx~0%Wy6*k^?R<84}H}-!|jsdN`5EVqHjy(&Eacd13J+7O4CK`%bhQ^
zf0fBK0eOj8ecu{<cUvL&zE`|Gb<7q;*UkwB_>Ow(HpBjYC68Lz?`{Ep2ab>q(t+DR
zv;kUA_-S^R&N1@_<a>QxyIO4eGDJ!8LY5-4e1M-E60<C?Z*am13mLNz0{7N&Z|2eS
zB5WIwJZc0|0w9=VBG5{92nX)48gH+2;I)464>Jw^#T)E1M`2IS^P7y$pB%q>vAN$j
zrXgaD3^j87iIFQxTFs^1xn>A5lN*%4N4#+q1DC6T#9hu7Zuc8>3zB?fk2_6!MY1rG
z-5;s5XkrMiIDl<`Q1lB1J(X%3CDF+@Ec4m5UhC2HY7RJjz8sKdz-6lsSV$k-5D6;8
zuA-0^Y07Hpi}9@iLmwwg$sjV*oLno(=DG2E5zNDk3qECxW#l}Jmx{Nr+FRxm3DhS+
z3Wv4WthsYgZRL(>b(>3feiFc?NpQaLK(#MZKtpDX3u*ha6Gh-9tl_9at};Tmx3v4i
zhK+p^1x-Qu*hN%67A%!LSln7jhP234ytvH9nTDF2qxk}NF9FZc^zp(5uQ%ZPhTYl`
z3_A}nF%W{aDs$q=*CdA0Taj@j<4T>wUGW1_vs>vFhJ4HBQMhPMPy&+%V<H}G)VXgj
zbIy#KQcU>2$$Dpu@}CDTyRO_BatV4zEv8_@ORZ@|Fo{2GZk)`hc1K37xWGEbhlIoR
z4h)A?9-~Tx4mo<K1A@`ncPj_qZSnuVpj++|NL^(W*wF}=E(UjC)L!K1s^`$2J~Hrf
zi$dt*Qbq$6I_mRw-Sn4J>nNsh8S=>I&;7m6pVf0o77~GT%G8cdm%vtneUKoiLW0ZW
zJl*f#oppWHnd7CZFvP9`;+;33!W#w&^EvkoBb6mwE|Tk<N-0R$n47)Q$#*HIXkKu5
znCAw`yii$9^E7>gsx=_0{_1hsi?rV65rbwRiOEA18i@+#HqY4HNEq|77;0+*(_)V3
z?=l{+kdMof&mwj%9gqtM?&g7n9k8`czPm?UJ11w(SE8c;PJ3N4W|L_Y7;y#Tix{-j
z!yK|ElR?*_B3xozrI{OSx3Aq5c#c3ezJrr~#yrZ|)T66lLw?A%?w8a5G!2{lU*y*K
zMZo`V>udn`n!RV6Ip3A>xJF(O^-2U^YYSkO2<UBgY-)7?5b5#OpS4cjeP}HKa;s{j
zdJGXaF6l;vT&)!l0jaF+jiE(=?*^vIOLVjQX<Z73E3emBk9%^V$=Nhmn=(k`BZ6}!
z9$DwBpOTk=77sjz!C{<F`U7iRb;}c<3oI;>u>bhO`P)^{e`+8<HHC<Yu3-)GFd5*d
zw2@pWp4SDx!AXsd#yJ`Q9403hwYu)SlLd*XatHnwljWPELf4`yI%5F?{0^#@5@&)i
zPm;0Z;3RiTrIBHGRdpoPUImorIdS8hQ#-L!V99xx_@Q|=Tv93;VHqG9@d=jZ+)491
zkSt?Bt6`c%r2(w`7kj(mOa>oI8)4+``55ot0DFp|L{p1`o(Z<~6g38M9VCni6!h+T
zc<TfMdHuYr>X>4u3CQDLXR!UqQ64`|Dj?r%UVvO~ZzJxbc*2JL*NvWc%LxPdCJT1g
zd-dlyA%fT<P{ruZ)PwI@4gzk3qdIWjGI4VYgNvNXX0RQ9OWoD<%dK4MQ7MHyoY?EG
ziz}lFUG2DR?_{qN5h$}^=QpG4n|Q1=enq{>i+;xW>F{~N+&|$UTsNM_%4Zg!;#b3n
z$cT&$;FJEW7^1h6+H;jSYCIoy-0WZedLNK6HNWFKZIPo>^*P`CoT{@j=?Hq@>;U(-
zE&!UGp=pAV0On4q=FZgz;;+k~dpf&~S^<v1m%>M>5KXH01aJjd+qbiKmVI#b{SFxO
z_;r9tU))f-{2hXBQ94`%O@RA1sNOi^h$K=B7zup4=Z74{71E_lg+qe;Uff@?mNxl&
zoNYp-)%04dSD*%Va!<ooTv3J+Hg37CsAH#fl*%IDZEnj3%?lzf;MpjG74M}PTWw%)
z-^qU^Y%p9aOmA9<Ne3<3B(*^I$wR_t4jp$iYk6=}fQ4&Pi9iUw_V?UZ<l(Ngmq54z
zOtJq#8Jts1sDrr!&E#EJERYIAeJ{yt_KN>;!P-VZlxN=7fmzB-s`LUgHn(di%)Nv$
zYPe*VFnyIM&U5HVIr|_vSvf2G+~|p!-kD(!*3vhzuxaI$QWGStw3QVRpmMWg_A8kX
zl1WbDP~#l?8w{}FFQ%Jb^EiU_DJZk~=+kJNU+1O)mLY@0&>0g^lNl-y^%D;y57`sc
z@0awxLCLq(#14kW&ri>5N8Orj;-VZr&cb)e0=g;M`s36l2--tBBDXteJ3AbZv+j-t
zUt(BLr<-OB&9nl6KomD$Jbm}jkyqUJGPO$$I=B%w6-rOg0Xz@p#ttXgxEF+cf%(sQ
zUlWX|Z~L@|ylJPMAed$<U~2^2B>=EaSCb}O!Hb`a+LqtR=O`zGa@$6;3xEY!%FoFp
z3MpkXNK_i_)%OBz!KwZ<&Dho3zDE}HJWBZ!iIawPWb?sIpC_eW-UYFOInC!FvAVdM
z<>4d<mkJX3<Qaoe*AEHmVm|EMbZ`S70A0)B6-6=^%f&#FZ$@Py$vBfdLoNeV(L9NJ
zbWPn`bas|_r|F*J>D=BFAfCpqn4f7{<(5iwBGgxLeY5en%UKJ4&?Bv#Bqh^xxuTJ?
zACS7I?^=53Bp_&|my%9|M!Af?G>l;T(RmfNBu<vJhbaF7UP2XD!E6roT(f`Ow7yb*
zNI;|XJYVg^3YIKIyXDxm;-Bskjol5`qv<@;<s?UlEj_`oxYJGhOx<S*<VS0ew}}-Z
zUCj2kwzeK&;(Gzs2>%ngmIMeb3-5JY)aKwBW<iyP<^=nB8f)EkqGoGTOmU}1zEb*7
z$82)9s%bb>T}3U!4E(n_ZfI4okaqQ!2SJTpEXzf9m&&l=o;mJs;*AqDZgQPNhh7>)
z_D!B|E&&yGI&tRTNDZ(=M{`3*_e!ReN;a!0+)W_^pvg)C8M9`;Jn!$r`AJKIxjxb=
z1yO9IXi|y5ZG1;O_;ykZac#w1hY+)}<cZnC%6i$WWW_3_z##H*5lxoF^Sno5nm$i_
zf-B?~WBfK^820(&D>R>e4Bx?|F5z6Y1zC)4&~4|K_>VW@-ry!p6t%)tNv%a7IwjVV
zg!bnYYjmKQ?`o<T?@;-<YZ$L<xUL(rfzPIK1v1KYa-z1a@cB&yI9=x)z50j2P$wd=
z%x>0xRElmX1C^W~v@4D4$QU!+H_Hq%w;3p4t}!jAI_T}&SS5RahjI7kb70QRCQ78>
zCY|tR=S6PPs+_H}W!@AEH-i}mpj_VIz&-8sD6>6y{-MyH8w|P#&D1<VMHrkXfVeqz
zZ(NzRGflpofMzz(^gv#OW+&?cf_Q6?CFdC4H}qu52`CDE^yLEX-9)sOb68UXuPpoy
z!QC>ijIyZC({)SrDLW|><fj)u{^sr5ze*b+xMq6{tryr=F&8`Jls%tr0@fH_<4#0N
zmzi*w%;WoOSXZSrMAjXcPoSqD*I2!`^)%Wjnckpf9IvY?MLl{9CCqpT+9Ly(m}59$
z$CNapxLcnw5-?p~nT`?J)D39VMA$ZI7rgF1H%7W3O&yY#_G5yB2+5niKd`h<8uJe*
z?Hl>G+LQpk(8$!Fl=+@i#snG)M-{k45Cyx;biNvNIUW7)n9w`~`C3rI-^IuLj_CYp
z58vjiOI^l~qTt4-_-oBh%G`sa_X)7vy~>{KUmfiA_8)IQ?(OX#?DQ^ouLixH!PA4?
ztAm5=Dm$o*f|4x+%ZrLRO(<IL0ZAg&Z=S=td|fWk6gxUQKR$o)`o){`i}x>%pZ|52
zWb8B_ADzCrIDYr83pP}VWvUn0vGz#x0#-nnx{u+Vh;op{*gj-&2j71Awi}bcIEZD1
zqtdLKC&MA5a%!@>%=PR^J3L|4);ov&9O}#pn%D9-U<uatK6bN>FSVNld}v<jge)Wd
zG;e~kMN(7k0Mft1)E0S7(C4?L{n_o$39M;1Rtvgg;Z(+=DclfpR){~*uYgG6&O+_#
zQ|*=8;E_*OJW^Q4#EJM9Eg(7$yD<ll>r^!69A-BDH^E>WB9kYDay);SEOin%;?#|-
zu#B@E;>2-fgy4~Mzu42XS%KxbS2tBvZ1uG)+9A`BQQYd*X`^na-<8e;Lakek#Kdm&
zs^HSOtkBEcYc{7sl}ZS%1$73rz9*dA2{k*z$YavsKQR@Be1n4E3xYO<jR$LCBhs87
z=17Ky4=LthOxkWlS0Uv_xKO7kE~n&CGvbwcZp-12tlERMoxb_q@vGD47ssz&yg$D<
z|Lb=zR-!?Di}cXKY*ch~WbO`0PL6wNU*E{Q9j;Bj;l~oVoDYt!A;oR_hEB2zF)60B
z`p69__;r}j&Bk@$aFG}}8^FR;C$(BwNWFWh13dKt6o-92OrJ(KAg!H;JCZgT#D9B&
zq^n0psU0%`%?=h090+Y5d|QG4>Y-e{O04y!?rw&KND=ag4wppWbTWK<ELD(UmWKDh
zenI5qV2|UW%0N>KlX&PO$C$DZ3=wNoE~z>gJt~rhKX3l(&D)>e(0R*@PAP@JXgHNX
z2w0Ly+OLmKUr7^t3QAD$Ir22H?DZ=rA&f<+`FPypz{2K0C=GJ7HC&knHAyV9SC3^v
z41?ylbEr&3de9bQ7org?0tBkp$tEkSno{j1k{+KTa^9ha_%Vtg9%JS0tp*x1t;Yy?
z!P<`Y*k1u6zIb>1*NBSEX&T;90jpJw0T;YH{!f*Gt}zcFWVgf0++l|cU3;u%CRkz)
zZ}n*D&l}T|vvnF@=nvH!CINI5PHrijFzb1v`gXd=A0nFH_ffkcN;5sw!o(EvypQPS
zs_s*T%ROYv?-TVP9TJo`0E7s1m>|wZV8_7_YZwCZ{ER^od>7U<Ut)$6HYKV>Ho>>Y
z`ShB*m}AM|XzJS4>2oY1DX0|$M&#rf%=FUw#iXXGOQyw6ghjpMO3S6;i=%;)68I9y
zG+YT&QnR^gVTz8{%BRDS1~`bMko1GkqsemOd@f9#XAW6#0|om@Nj$wY!;4KX4e=gv
zb<-~iOHz>J{I*yFN_6fZR$VwpO`94t<gPt~`g$h$;-(l%%N|aNZDEt0=`~ee<ew3E
z3cKx#Jlx;fCccF~(fGjf9$B3y?rru^FX$B|)jkqj)+LPZ+-;G!2GhZhMeaJcK780{
z6JGz(KB{U9by!*{#g&aYE>vCCbQn|oV%tOst1*&LYkfnAQlr!~yKl74{k_hb);|B~
z6Wp#p!GLetwP&}TI=gLxNhdW3#RqOs*3ZI49aUGDILw_Y#v}$IbaY?9VOnz49T2%P
z)=nIgHeQ&sCk;;nX~=y7h;g&e>=DW|;;T<{^3c9Lm_BOQ*|px%`5CSXo=>F223T9I
zPbHn#1`*6)BvVSO)m(V%fiww>Hk!1aZ+9B4peo?(Dfk@j4z?4bIm;N2l}-&t&(NiR
zp}CXP`vvyJm5WYOkEXNbLZ~UywG*YRQqL3~oJ&_~xu7OSUlCSuoPI+@6_E0bum8{g
z@=qGz9JXFt(DMxII7!QW##zAJT*ev7r_VP6S>`Su!u?>6c2z?vqwH-xZ9V_+?$zlD
znl5kNo}a$Nf1bX5)5x>rTK4)kW!8VDxdrj-Ew6^YB#erUadND0BJ1(U000o2H`bD2
zbjb<IKy9p;oobfh#->n45;cvin+SFK{Ke~c8-^Omr!=S1BUh+kS83d6_@{_IL2VGB
zKE#<a=-QClQE|mNes8etxP=@s&g)z@K~#-*NI7WIo6pMeGN`<%xR}_s^Da+g+mP#8
zjGKF*Hs^XmG+DC~o-QxT7nJt&a%Z?R*vfi4gT1}p-sSdH?`gh2=xtwaWjllItEbua
zRwah#nx$N6Ytm!{FZ5A(-^9!J#~+?wynJ>1YwvJ4dwrG+(7nU;Q%>B~JX;Qh@A6?K
zOn37B^c*<sl}~4>4cUEhK-g+ujpoR#ocK~Rsiz(w^0#Yz9f|=Z-zL(e1o%!(wwzly
z8whlpU3`g}<*&Ty{~vpA+uKHxr3-$aUy%b`3`i7diqwm38OAm(sj4+?TW(2q_4Hyv
zq{x(%ZHg3_q+RMl0r%5>-`!99_vV*uoVSP*k&(<KC0BW7Z{yx6St2tdPDGq|&f9Y!
z`xRkSc`lK890a{V>8tBQj7BpMZnJK=@N2$z&iBZvkh+fGl^t_&<>MY(={kykQ3dp*
zD<_8R;kdEU7h;^RsmlN(en#lu!U<0TJ@DSBTK|}EthYz{Lomf$xGy$|_tE=t=akHk
zMma!^`-w)2k6ORaycfZ35qiEVZVxz|@8_15#$_az(pCtUf*Wa?O>R^gp1ZJQOSjyw
zAlkBU-59*m9W%^r37)>S$IRTemDq~CW$QL}3Cx*6UChUyH8+Z*#k>}N4&<NZEWzuH
z67RnjkeIW8N?6DQEoJ9WplL0dlP@QcQF#2EJ}VJ5Ri^Z)`0ywnv_Vmedod^3B2SCl
zMUa#Xy$a1`gnR*T9FhJ*;YLSW+M!`eDh^VKWk{{X6G0f$12(4OHvJrhd_P~*P_oi6
zg?Tl@l=i%U(14nXWoWf6d{+1=%^hLJT9O@OYUy-}3z#)mF}5cprBy}q^UZ*oZJeZa
z{Qe^O0Zc74)RMiu-8P$#cB)+|<L1??B+mb8-mrvgyny4|BRroNBM68eDCz6+?FCe;
z-jn3qGEqYk$v2SvY`?Ymp6y7YPLZ_yG&`tc0RmzX+*EfNV4}RZ^9KA15Ikm#Sstbi
z2@rF|@Gi1BXz_g|)@kE)JI{*w^ou)=0r@RtQovfo)>D`0Djf|U2V%qN%BJ_7a+gEk
zcQlgr_h|ghhi1tuUI3496K2=DWcoqJngy=uM@ld+9rKRB9(KFV(8g)HHT{d5w;s61
zF|3H%{o_5b2&jyfy%0e`<`#Mt+%(F-fTKFz)cZUA<icE{lr{r>3+H3#$ciaDioJ^*
zCRF!I&m|0bjZaV<vZ_*AtqPJl!!CEV>;YgQfl6LDeqKtXZCM9T6jCV*YI=Wx`3?!j
zq7BqH${+e3un=J&DXJxN3T!@v$NOq#a?^94vv>*N1eFy}XfSRv+}Fy|!4jrWlf@pO
z3#0I}spOARB%H<-)NjzttxkZKkpqDXho+Qtb_8=qQAJhr4P<TMZKATzNDQ`P4~k8J
z8!~3awdi&ZDsl8B6iJKsT+fPzd2rg&JIpJ5FS{9?QDK!Cka&VMxe?lQG)2u6zR$>Q
zu`pG$>ND)--BRab#Yb+waLpRaXF%6O({=JQBxl2%-D7Rb`Ib2<+(|&KoVVpMkxA;4
z6z>C8#R)06+pn%^u69gXzrU|It%)03Y4f>j1IuS)Nop#u*+v)^h(d=h6O}qbfDsNl
z>&om?BY6WNmW)<+n=p?Cpzg5gRsf9lHiqmfP;53R(FvUlP7ck@MtsZ3fBv8UH*_^L
z=Nx`wat}4xi)D7-=f7q51Nv!o1r;3di(R7ZfV|9!0e)aKtOd4a!a%eNs*b8byqEoB
zZY&~jMsnAO+eHS7(wtiIfY{F29Yyhs7A7j@YyGgW0Mn7bc$Y>2bCK?6kc}X1foJ8J
zDZBnQz0WE^^d!5-JC7@eprRNX=$QSIu6oAqI1?li^~puhuUWGy_zR}5cwq(o3Y&I^
zD7ZVeaf>ZIL(z84XYOO`U`7S*E%W_QCc_UO&d)xb97kl*l3#`Fe6Wp2v(?>IwirSC
zk4>t|O5~nab8v?{n5b%ZMKqbNm6v41vTaNqF|EhfU?S`})$)FwFN<tSSX0UmlGSXA
z?0cH*pD6r^qKB4NBp{45;oxm<u4Wx&PJ;yZ#lPK{JN4kjPEfr-ZIE0oda+zxU4coC
z@3m`yr6gVg1e$74St1L^9$)fL;>vIjF*q-N3LsqfLMFr?va#*q$xo*jqo2;+9uu`H
z=z?UI%e-@$>pf(56uMasK9rg<z~(Cs>yIq?Nyz_zujy}q-&xDiF+nMosd44BFdv`o
zoP~^rJYQIaAB-~H>Ho>xCUB65qT6gfAVCC*MYEfrf~}a1rsl@md)*)G?wON!V-DH~
zR-|~nT&%Ko$+_95_v)f?y&V;CE9vP9ZeNe?ohAfUEwJ+UWOxzBDpO4=zA6G3*FgOu
z@7~pHrCL$6XhGV+pxh@4b8*2JseHxUm7{5PlTJso6dIFK&j2sey-YuBuGQQ5EMpA<
z=j!BH{{TeG)$!!Oh6)uIO2|dyREfK8+eyti?q4p}rEOTdVW}(D72jL5&piv_fqHL|
zBUI=3ve}L12w$>53~G=JICM$agLT6G)gRn%J@s{WV?sD){s0=uGN#_Zg*!@Tvz1vK
z^GUdyc<aC5f_Ve??#yj=JAD`}6qi;1h5QvGQ$V{q$*z{8`}BdkBhlvu`}{GpO-I<v
zX|}`@p_y@$zjY1L>T+Mt*PdLfHZM)#F!^xu{`mC$PowjbPp2n86QxT&o{#Qf*X5MS
zdd?NsJt_4|OFFPZ?LpPGsKz!gI<^P||2LJtlvQJ34-=75MCnR63C%HH`1n!V-Dvd-
zdK8K&c&%BkQIX%wQlgS9k~e9Q9qbuo2L9Ixa(h5y7Pk-Bp?mjoewDvDxf*=r02S<u
zbnzLx<c;R{=HUiCnAa|$s!vR(ZI+k98=9<|M4;1(r9(7fwN%wBS%AXf5aIl!Yfwcq
zJ~^k6UrdVzOo#!MN$L^xxH?CI93kWhKf%8RYF$u^$%o<l%_wvA-mpN%My4!;qs1pR
zojAV#MnIYL4X3uix7I8lcl_b?iG@%^f`<-7`h`zgo^c_%0(@DPNa0#p^ez4`{3)S7
z(Gj+xB<RsmAP+OFh5DSR=de<3t02f;LKIq_H3`<`j|f6(k^b|4{y)3iL9R#+%)egL
z+LM=-S;0r~U>@87d?%p))w~HQR7fo>T?oJ0(5fn`M<deNjl<AlG~*`oP#U+}<Jdx+
zd$6<9H88g=^k6^*Gs>3f=+>Bk)%;+k?%oLLsANZ3H@mf#jY3O&HoV;|G4ym9?rBP)
zf@_jTom@dP;aeM9<F0r(%PS!cDb27x0Fx3VV1y5VpV&imcC&j)VTN}vsj`$aZGgY#
zH7YFxjl0s?j1_Eo{qMloq~7(uc^Q#9i@1eY&}?p2EG>slnD2^(-J%`ZR$FrV@XR@+
z_!R~AZYE;IQX>=)OF3(YlXI*P7&K^2R9Y(=$?|WXjq(aDAlD59g{KVTz6gcU%;1$W
zM`UD<h_*M_eL;l*0_tg-QtL-rgkK;jXt6?0cn(Y3bE3KWy|bixINNF(-BLu7j11~<
z_BAQwn3-F)LdDKamDLJus#v<Tjp^`k75Boik4Q$YRvuEuWld$6WY5D)gk01a>QR>l
zYNN!7=0O&fet^+~1$9q@eds!#BWU7XJzp&`OR|w&z_~*EPi=!Qk(?Ta%9eQ3&3Vew
zr#@_*#;y3MC=UF*$Jv+5ImB5c%DGIhf=&ZO7|M++6xD^<N{|<V9$7YU6VH-$&JWe^
zq{;%WOdARzf;M+MzO4&Z%suGeQLgP?Ug|4qG>ze<I%AhHN8FtdSi%fW@gRLPQ;^&)
zQVR618r2|Q@oZ)K<q!S6{=xqK{!V|VFCVM2ojK=hcyaOJ?EF$bZLMiR(fv1rqut}Z
zQf-{r*m$shl(48ppR^FJNnG8L3BpUzh(YJ6f!X5XdfIB{3r1PLwM*B`bdK3Ehsm$r
zsDHzWC=!6E&7DY{>4&#x{~-oRhd*bqYp^el=JJV{ss5a8^bXaj%CG5Hp4Hyp=MPp`
z>tv>TRyuI_MRM|VX(-FPeAK+T`WCt>$JBQEE6MZIzbvykC`*~|<;_=^&0`fx2z0Su
z$Ya&5wR-~-I&Er1fBNauKPN|TK8**T9_+)&Dy%Z3<HoU)zA}p~y2%5{E0HVm3?J>d
zUazycHLJUrUQx~zO<J|Ces?_!0%hO{ws&iIWwd+uJ_QE_ROf+<rdxRH>SxgfD&uOk
zwAJ8T;@QJ^PH3(2$*r$t;R+Uc7+nXBc95=es8*vr-^2f)@$JDCW_lyr834zP<kU$j
z0A)KUz0utM_ssbs@NC*`K<cvA&nb5Mpu%qVpGR9L?sKa+(ZuqF+XWvO)1fu?7+=K=
zybGIecxSm;+ripZuOQzW4F^?T>>mo0N`qs7FgGvk?%!);@d-g907-Dvd&m|T<U}bv
z>hHpsqnR5~NlB0`2f2CxdjVpkXd0st42=ckiB~xu&h4^0_nz&_>bMk64u{vfFJKMN
zA!N@1F>Ivxb&-Q40&juyA@KrtO3V3JhlP2?6#E+m9*cjQLS$~oxh&FR4p-!)x?j)t
z;jO?n6g;bS&I-r&A5QQIofY+d3V)=P?ul5T_B!_j-zgN<w*uy7TOw8G^hD3WEb(rl
zDhEXF+ByWCSR;LfqF#vOlcTq%?|p};w*cSD)xg3YO_ye8|F`!vs8ynUuNqt^_kx`C
zZ{c6q&U0Xku3+$YHsD@>bKd-E_j__Eyng}*!rY=X?K#jcf~p|6ZID{Mwd>pj7AS1u
zCOGoy@2Y$Pv_PRtAnpt}W<6N;2M7<hf4AV@*#0jY{sVagpEn`a_3i%S^V3f!=NF^5
zr$;C6FHWk=|6}ua$ZptQZ~q@PwDM_F22O%klmziWmcLh=w!c=~>+JYS_!&3hNmfxm
zz#nEFb2p{t(_a$<t}tv__tWgjqV+6Y&y+p?>C->1ewwcSe&Lz3n;ES3$OR}~?!`Ea
zch_TuDXI9^ZMS9*W2A+PBwleRI@@ZmK|B)oC0GVx4zn-YVn~KtZc{U}jY^NVF~~_?
z+)tquWhq#R3g14H7kIV-|I1o?@jJ8-y|cNo?bmSERM~y1>6|wH1eR@O{ZXTGy)$s1
z+O-#QGnI6T>u<SEDL`$xJdMT#p4<ty<}Ga)o2;aE&L3skVLz&4nRjSRIg3t~t)myI
z!kW{qTXSlP+(qegh5FCKAG=IZfCNLRix2==k^xd;dxMu{UMo%rVY?jUt>2gZa+_a4
zZ+Z1pepl`?ehX^OVDl~17~Oe6OV@g#42&$6&&)P4GrG;D_l0Fyfa-Z_exe)pQ9TA|
zy>)z@xN45Ooi74TOUA)R^BIht_2KRCvdYjJOOhu!Tx}`cSc|G-Sv+ZO;C*mmpgGf$
z;FtLuSoecf{7&tD5%xh|3t0zS1i=h|O2B-rw%i&6HS8Txk}YkTq}nx|V9RJO3boFF
z;c@28b#GAnr%-W>x?S4lFe8I%aDw%HAa5LqEoPvrit>tueParNhc9zb3gT>}Bzf$6
zS)|u&0EvLW9)SGm1pfq@sm(=G*@V$0r!vz^u@sM6l+cs9*v$ds9Jcr83KMGJR+|?j
zJl&&9)4WZybhf%D9PP>#x%cpmqZC!`xoAJ}_&*=?#;e8DY~=ZU+Y8ZZUL(|8C5y~9
z0C1#3ii#|01)a3@vo`S8QmUX`R<vs7(5Ia=fZo<ZU^;t9l>Mv8_8DX-JGkw&FR&D^
zW8!(BD>FsrZ*vwx^@FZ!+ztK2F|Z9derLzb4V+Ftbm&a)yY}obqJ3N6!&j7T%1#p{
zu2l-{;66#mw*enJK{>Mt&H_>}w=`r+Ikif)^JY$}`6O-)8%5IW671|Zv;HOFZpvIv
zW**_UiM0>1&0HtuhR?AnN?+A7sjjz+pwW)`8;s1g^z;g%3W(2H0g`mwOF40#Gl7@$
zdz88E2Z}5HHO+Ntl`bRXRkPISKztF5&dX~<X7~i#w=QtpEl#c!v65!xhDW!+>;Rlm
zh;58T(lY9^r*1*fnRw86P+*vP{8rEe@yck~RRM+LtKvQ%!#^xr$34`dE~tf@(Qh+o
z=LXe?cNw~d5rE~_I=9vpaZ8y<&WEEkb2)EU(942~M5jop<qBHNvt6l1+iod?#~}U7
zwp1mZ@C*t_0n54Tf)ZoF%7EWfQor-UTusyQ=kC?~7ghT9f(sb^JI+-q_M``aqtD<j
zx^$6YculUZR$5pf*j!hAM5RF65LTh%HyLwHYWV2L5e#owcZ)L<1(S_V5`O{cX2Z@^
zu$|3^J8qM+qf|B3C9XNR(i62o6=cY%$yb+mD)Ej8eT-QHBo)FUn5nEG6LukU&vLoQ
zueh}kYcdP`WOJ>%z)_97haiT5?4$q-Xe)|T*XZxb-KxOO)*89sO%0u)CjjS>xT434
zpQ!Z&bjjn|4A(a(W-J;PGQvIf6OH0<J*)vZdR~pUDqudl3v4zjw+4m9rXxgIOT4@o
zi%9<c=gZ^`XeRFW4z;TLUFrf&UOQuAgWGHl$6|daS}$+OR{297E&JBRC{!<v^o6uK
z$8&RA@?G>8xbk#kdoGqdQnm)9J@q0lK4S<^V%qsXpyxCez9A!QA|+GkNuVQ88NCtd
z{XpO9vT*nm!X1>)tz4rP!tng)&sBAa)A`L!HtAwImlwg3*OCaqMiAX>fWpljKIRr&
z;~HBz<2ydV6<k_$6%ylJKn`03cQA_5p3u>IbGXRrprjBO$TfIgslgt9flC6Zw2b7A
z#sYZuHYf<M3)x5oBge9IR3#*V1H>)TwN7<(ej#~>rGbzwEsCWgw&JQ3@wNsT>kZ6j
zM9CH2LI67qd^&SwE~wO+D#{2!ZzdTC;K{Vici_dmy8{ktTk>-?wM^s`{cvIsa%uM1
z%L|Mp!VTl-G>q*Bq*Rm3uduTscDRxcz>wQO48uz={058w8n5*kgge#-MG)%HOYJ$K
zU{WMr0)cEcFLi8W>2U%fZ;$j&o!K6hcrt8r@R>bwA}s`9leD<Knwzl^5zHy?BLrN+
z_o8$pyxa~>neOm-?!8M&kzMerB*v)+KE}oPHiNV&1>>oVpT8@e!d}^)it~HQ8m6O2
zC0S<6&1r3ctA^Zgnkx=x>~f2|Jqr_a<`)vjwLsT=Jhl4*oNGCD3c1df<69qTdhMis
z2BdB_vr!`bgM>5>Fq{CD$uzwOjAA4(&a5ISR@jxX<;Zh`Ya&!&ZAAZ<Dw2+Kvg^v!
zcW7wv2|)vX_8`;g^5rpK(keM1$ze`B6E@(6pYEwMWS8DLwBQSnRN`k{*&%u4wLZAk
zhP%VCU}>CZ-E4*jc?MMQQ#VXP0bMWD+@i1`PQL90p0Qi0QfCOhwfKC=#S_OIABN-I
zWp|W$KA0zFA<=D%Z>SAZ`1{fEgh&cp^ca~-3q8iXOnmukOA9<eNUbDJo1n#Ul+)Q?
z5L$~3$dnys6FbQQr~o`wsRtTtCA3n8L**e6NP|GAQ^sJ<<h9Mg3pMmsOfVR$u-m?%
zU7oRur1AK>5GfJdLwV0=F3R|B(HUa0iWML;p7XVu`5KL;zFiz(kgT&D*kTyeTMW}_
zHJsPz5Mz+du%5^;)QDBF12_mbU<$Gwb%wtgJlhGj;SmIhurv=}@Zm2<<>p>0R3Q5r
zeb`cxZ~n5u<2&RM#WU)CmN*d&?0}o@3MNSHbDe`1-VcvpH-j~bjNw3R6lPyy87EM7
z7&D?ir;AsjJ2ks$stDl7i%<6+-UKc|BW5CeysR`45av?Hcf5<3tmM?W{IhVUW1=mJ
zH6lzaM_5%-J2p7MZ~+F7pRj(U!dVJ|%&oK~TW<p1rqZ{~CY6k1a|xLrDL-Qa3&25F
zQBF=t(niA5rNM<PK+)4q*bw}4)PN%Su9il8@IoaWL;n<Tq@mCbwi>d>_UkXwu->w*
zAg?kPZ}IrS3H2qnj%zVNFqfYJ*`;&#)7_=AV9UqAz1RBa>E5$j9JPc&&A&Y0jbG$<
zEA;U5D)pc^g8I982L^E($>Eo5Of*yXkXg3m9xP%;xt;}f6UZq9P6td6$;J!Fl9M!W
zAwq!(jO2yQFVlv00|rv;CJ-k<b)HpAUIM#}eEvs9y?^F7I++t3MaTIIQK5Gx9gN`G
zG4s2g-Jf)_uCg1BTF_pCW6UOn^3eN>&0_9|Ho(Qo-6nGfJUrZ8>3peHNZNbB0+{_X
zg?0+k^;!RFL|tdv5@oTw-fcGqM$QurSz84%P_{XWz}dYjCyjISR27@=m3BuuxdNY#
zZ^XHrv{~#($TkBX0UBrUOSFL6xU0|9YgEE`aE@hyxMC|g{N>lZ()!t%eyTsYe-SB{
zy;=l&3MvFD@;tC)l{0mV;i{VxjvR@0W5cDs$R}CbqF`qbmZk}%BLtm^B5|=;-N)`x
zl;bN3dSUhVd_vhGmcsJ6FJb$E;KkQSm0NA-^oaXenL9540fM81A~3j{$m*FsxSKz{
zyT@F9Wuo{-q_t9nHIFXdf_-#J-o!M4otxeH#&WO?mtXTSg-u)xB(VK_ZuNBrhnRJn
zv0{kR!$%Fae3$y0lnf3;57(3&oT|MX-1U^>99vYh3H)tirWS<-9c_K1*fcil(Y|Gt
zE?VmjI1X@;!HA+tBilDmQQ5JnJDUXS&z1z92jIwys}LZ#p;f_Z6}K?nfT@0Y8v|k&
zGg(paYGsH9T#A6+r85I`?vRHTA<teTgF-pv`O@PSW7~oJD$a{@O*V%&7Uk<Q>o5Z8
zbb5cA5*aai<*8}Upu4}bu92Rfa8zctv!Md@R@Y$9=oEZyH+(I>FgHL;`$f%`qTZz3
znaV&<3{0U7wnaB!H-E&KQ8VED<frb=ekFmSnlil|ARIekz#vGq9@1=W{xV>1IS#dO
z!#yVhl*~UMozG~^A}2oAI|>vq$N#KL>*pFQb>NkJ-KlxPsb7JSB&7y{-vJsp+Ssk*
z_3uy#rS0>vA(5Tk4eS=Gpt1AlVxvu8&?>kGN^qkOxOoHSj~79;0Axrqr*+{`;hC3R
z&qn{_SM!I{$!|KnzU?s#+OVy+pKWI}bO1xk6x$=E+?a&>c2es!x87trC<1kG%2S@(
z`gUfRvq@Rxlz0T`b#QcN4}Q&xw60)gKGG>*xO}z|WpuptII@6#cF%~qH-^plAs`QH
zyy&i*jFlqE!jmOV350i;0PmnKA-FKM%WWl>fWL&JG|DC*l|THz<zi=c^RFM^w>t~l
zf(CTgXnsAq$`@u0>9_rtFL#XH-*uD&Ynci9_G6YnQ64ndm0LiQDPq<=nJj)Xe3{Wv
z=?J+q*r;iVevYv+#<?SSGjyUHjpag+@@QD$sYA!<&~}jKOq%NgHPIE8iBz_h-1vWW
z1sjhZI}a?7Z$EtFUL`jNCRE3jWu)+9Tk-be;(d})9z3BS|9!qIqO|Xx<Tv^9X#`p>
zC3(zHyTe&&u(uEQ2JSu0XkGmXQ2avvpm)t8cH$OEh-)y9LyfaV0Yv%;#Rr3o8iO|4
zXbPQ^DH7ZO0x=LMX%1<u#k)qfe!NlSMxaX|Ta=lA>1Jqr6{uO@qKMuiH@O3Ux)CJ_
zI9Bn|fNHklh5I|3z7dt8dYV8}EX5ocm3{>V_&zX~EMyx10E~e#KMVuIiti?S%UA6r
zOi^$byrdl91@AR7;q~OGIZl=HS0R19c0HRJM$h_W8U^-6*yXa`7E)r4wz$k8jDrm>
zJKW@3{^iV;CbkckAp(@X%98URkCOe}!GK$HgB=e`q|6Nb{2Hsr!!z{lBK$fP3{b+j
z_^-u$>EXUHuS7G3>XUgel!PY<ei9KuZyhE!U@9_flBy<^n_D^0*IGGX%`B-2y02%0
z`AUgq=4DbyTv~*L<-j&NTxEc`^U#VOh~|)VYdeHk($~P)?M(s{mkVNSXASH@;wxTp
z{A_q=3p#_qe)9|>u0lYYsANV+))r-rM{EeZJLC~?aWrpBUVl@Q-QxG2q$qj`{o^mj
z%f&Qm#L)+z1{61e=z4hAdY5;<;ECBh`IFh+cbLV2j&m#w(A%L5F>p^XV(`vGBec;3
z59?vGvyTS(CsljcWT^PT$3kB{nm_Sy;O3b=E3NF)4Xg>;4L9GjXOsD|DDStY8&wlv
zTRIX~=Ct6!`<5d!AofS7J_PvcR6hH+Y^;l6tfjZ6v91TOYmuwXuh6PzEo6NJS{3I{
zfD9~4fd?8Lj&u5jAY`3Zc^4uCFAe4~_;8mN$*s@W++2n9s?#jt+SK5Cn?hjVA;eBz
z@F|Npqy8m<Go`Dc)M;4YXtVYCozW*vKL$KM`MZHWNPFUySe6jVKyPys0BYS*K>KpH
zx=Z?uYyD#H)x8l^5B$K39$L-4;^FRUKCMQg_Q4^&4Y-vlB?((DVwjKLO|dcLo8g6A
zrk^tiJz%2ED+vifNBH!!eMRB39y#dt^U3fpBVgeC`Rx3dc4!?ob>+R4sPx5VzIXP!
zGkJs>voHXW699>XZnKiObblrZdx+`R?<Zdhvtk_$Y`KbPpqt?Of`I)GMj^f`PiJaW
zzY~1@==ne#Jh$i&jwNey)FIyn@5;0{aey<$!C18y#^|9|iFvjyoK>z6J;&zjQhQei
ze&}J^|JRiNcO@9HKlnk+*;)-iAhJxa`*kw^yb&O725;@~-4P(lKR^^;bB}Zg`VUM~
z+*!V}*Uedosfec~bkBvLWH9i6@F2!R!wr(X6W0s^2P>1R|G9-pa0Mu%14msyW?G==
zu$o}uaKn^*;5aPY9#1u_CP=unkN>qSF3B1oKkwtm)dUNd&sSs}WnlUUJ!)hx9(VF(
zT!@Mdo)QqyXk>VH9bT^S@Oo<PTfycJ_LhYUR$}nM)k+SDD0oI)<Q^gjlyy!EI9K|E
zHfN(0uK0uR8tZ2z{Zomi*DfjdXW{s`S6=QhKEhL4kg~Q1B@-Y}9~`as(MCb>AL^q;
zk(3B>>Or&J-c=4;+0?I+KB=pY`2p1_{D3+FexNhi1Uvh|T5;l@UYsQ_4vYczALf7E
zckjB#L`Dg-fS!b}lYR+7I@s(#ldV14U=E|hqYNCn$vNGb6E!S6bm#a507T5xAcl(m
zi?)}9gulg%Xa?NU0(1i(E)z#-f>NAIC4heU7y#`HD4!*gfz0*_{|i=uq*wC#GJUAc
z1kwv5?my4Tb?q6j0iyh!5Oa`C4N~YqaXx&Ks6{E1_zNFpw69k)OzK=p`v<AY6y97Y
z@Q}E{G{w4lbI|`Sy`LAamh(yaKtFo=hLTb~dYLX2xP7k~Zr>2JdmF%Ins4K*jyo-Y
zzz2MujUhKn^7!lxie4SQhYT(0n>l-pK&G%~-R{&{LbC6#<%5N}iv|bXoxSehC9&w5
zcf20#?7X1g(e=#ov+|6)<R<g0{)@GMd|VA6s?d5c^Zs+1aVOb5*fR_DKyz;a+XYPM
z!KfHA)6FUwRTPLq+8grxc6Ta7(Ox@N&Ooa{Q%~U2zNk=0U|OqLk$89ZdV`leGd1SI
ztr}(XMcCtd*sZ5<P%#A@8I$(o@?eYR#M031bo;wD841X3=#$tRquo^c^tl?xbM^2n
zmlU;OQ)9zKsmq<6L;Qb#UoY*_s9F@|ERtiW&M=GVj%T}m$l4<<m=XM)mCk5?W*a!A
zBOV0jm{w>z1_|1}8vaHQymTyLxQI0VO{R6G_Gn8jaGy$Q{AV)nl+EA9dmPvh=^;<$
zzP7&c9vo~ncz-mKGy7DI^CoWY|58qEUtD;;Jcw@hM@yZ#SGcMItp%kua%}4yNqGRa
zI}WoeU|I1GH54}GWOB(J@ZQB6fyyA6)K)qz^Q%1wF8b5UyzmpqZE`tmp)<3cq)X{0
zsTSV$t9Ntvcj9dU7IUgzg|@BfVgl^0U_fEn#%Yj<fkb)#`9J?Jnmh4nlax9(|AJZk
z{~>G`mS#=ot+-fLEIWfdv1V0PSV6r}VZBT5PV3mHi~>4woWqodCNVf{P%||Tn>=U|
znierPu53QU3b?gCXEyV@Z!Rpq5jx>(m#_>J=U|T$AHO6dNYIA88>JWv6u^F&n~#Eb
zAmWR>ol}!m|4^Ej5{U>JoZ2k1&x7BpO@#$F*JiFz9J6^gHUb@6EH|$Lb4N(gyX;;*
z+-F{!``$kasG1a7BadSMmIBz$vZRnq{fo?%oZ4h>%S|pBUmchI-LYKowky3SF_mLo
z?oaQ=1(*)B44nWrYB2OeJ6@?2rsJVL5W6&FPrblOIF-eFiWDMcfV(Vj=Vvtc0=jX?
zp8J9R({=;Q6?rxmSK+|u4ZJsnLXe=ZRPa?ma2B#(uog0iT4bYPtQQyN51ZvQ$2_DB
z;m`d0#o7DDc$Z%i1fIRN)>_zMr~+OrY&iZXq?a+E*6<~yo>YTvTRvUoRDk&qN2dR7
zdQx-*VTEJB4oL|Y?tSGOOX>)ukic!D^{YsYzm<1|$`ZA^(g=5M5fE{8*dR^Z0_S1_
z^SjqotMcq$`a8%nDh<{c2KUM-4k1rqmQ(sk;8}I^Os{Ma^b*)GX<M<xE814q+%hVa
z7bL+USpRPH5d><ia}O_CsVR2&r~p-}jpVbMKl5*EwmYhw_w$lR&@!kC$Yp`Hoa{TW
z4rTd64e<(%A!N_FS`|4peOLZNK|!P<0Rw#_?=qE1ZsT9pOBC}l`{0s%8TvG}D_|??
z&~?zmSFUSOuPgZx$SaoB9w0BXG-L8~7wd{B1@>C&(dr|L*toZFL<FNm^mxi;cO{j=
zC+y#HbD@>RBW3ZeIXGRcmp1$1-s~0FsnDV_j&k8-*&#MSv~lW`Dn!fB6nY5cM6Kke
zO&XIboC_=B>-lOCNcokR1Gvd|`L~^9-~Pn881glhqAx4xo0ESi{{4tl*V^@~9KH&4
z?z{|39Q*yQR~F~}<*M>8<1#e<)DQw&w{i^@rsqY}uzf&qmZ8KBtAO)jj%+C2zF=hB
z+<VOZD%Msedam7=hrGy8{Pb1YateM1z|>-4H*n_2kkiyv4=NQ8GJ!)QCnXa)D_3hs
zl|9($YxcCTjZIyF&7P7V`1hh>6Rx(h1F#6C0I{+zmDE_(Vg<1M{3`%1AzMGyE_$K6
z$13k2B}zQ`?5U2ZJbP(UwaxsWKXU$ML}<q?sO7~I%R*~qk-_j0N8shR7Xct*>wwk)
zfsXD(+zcq!py9^)%?|Q)s7ESF>S8UB*5ohC+z0LOelEg;+bQqmj>5=pdBxY{2P<L&
zt3%&wmkV;E&E9iK>xD3|N_*UD2;Km7|H1xVw;EBfTmeg8A;2sH!V2t+m-nH03WM76
zU3E%^#i0dXWp!>pvR{78e(6J4;8&#>)`D}{?{-JU&-t}WE2{JmtnpL_4kepupc~mL
z0BQHQ#gF96O+%kVz``Q~1ENK<F9?E3ngDm(=^{4>!BZo%$y5?ql>7T0_H;V!rFU2P
z%?f%}G)zT7?n_AV2d8-h^gmeFeM$KgtuI^p+=f1Xa;(_IuRu=LaNxEMffDg_e@zgm
z13cOAg^#D0*KnKP+)mB^Un&k~KACe#gZYNw|I+h#^X(bJ{6Wc|?U@BzA$SGTOX*R*
zo7#P2e+{sA4Jn<D($<3DdMZtzWhOb>_9B0{tJ~3OLtYpX?NQA&Zv!k6UFFjWZ&2&<
zcGUzMc)7LsYJA=kW5irxn<=B+=hUOk(<9E&?q;LPt-)V-MIQTI<!El?QKpTee38o8
z96FIb2XZAqk9e2W#qYxk<zv&Z!UF}`3+=tA?51NkuPcfwZ^yK--xK-8T(+LcP=Um)
z`(LP}J>bPdnhV=Z6$~qZM(V>ueUx}>I=Vl#7d>tXovLpXg5>A}%izq|Wq{Pv%7i>y
z;HREq=G9GSUHl6_tr1A~;t%U+Hk$2;$bKk;dNoMj#Z8X$=8kU30t~C+OD9Q|s;N$U
z$9pi4yKRBsvXhJsvbSHo<Ti3*2j{|8<#@${{w@d)iQCS4V{GdFrewipUU1zk00<(9
zUY7unhcccJx^Lm>hWWgUK)upQt6sGdP=AYzimv4qGh@@1T+TV_s6yv_jD-P%Ngvt0
z-doKu>9yK*O$?5zF%ZYa=&`7ZxaTDXRMm@l;X8?C{0=GNap`Q=MU)aYu*Ec7HeGTe
z8CN&H$0Jz{Y55DihN&8F&we_6-`zQ=WCaI23Io9*a_1Y@B826SrHIlCJtB-(&O#;H
z8xp@bfo*4BOUMtPgg`JEva=HVI0xVG+TN<ckM8WFQeF{>;_B}lblt}_B(-@|aQxyv
z90I)7mU1t&sMX86CN$Zy?daQwtXU9)3d!5QTC<dh{We43dtUm9N&zFfVx-b*U1wh<
zzjhyGtegv*G}$aUw}gd1%7C$6+)9sA6%J+SizF*<;(@)1-7P!_Z(&#Khgou@XyN2y
zO9}ZW^;IfH`OIO;>e(65dD}ZSQT{+=me$BaX5X4Q?nUOf7xjlD4prfQ4OoLj124RL
z`u@}K?dkF8==|jP<o)I8@a;v2)X0u3&`0CiUapZ3wW~DR#4+)*r05})pi7bw9_r*0
zVpLM07NUxlX<5C)Y6hCdXyNe{t<3=2p<p)mHcijlGkC>Q3lW`Ip-9LjrK0Ip8LTUT
zEu&A{ujdY-68NHJ^P7Qlvko`N@{aMbBhI+QZ``70_HD0O3bC)d8j|2f_ComqIX3i7
zo2f6jtFW==dFvz`dwb|IUgMc<s1cO=_^n>uU}1v<4t7;5@Oqe39yLpX0jua{)GHky
zQPiErn^S=l$A{l7maFS)@E%e#!n<5S&Mg3IK$O3c<$$F_*%L(EeJbl-_73mYV$5oa
zi+6CS<8bhC2^6^L<G6H^eaXie#u+j7yhuKNJUvdn?9n+`m?4=l(5Eov`eugd5az<A
zbPpH!t%IcUf>ghPDP7bs@Rp<OV%RqFSxGKd`4iQH3tMS~Y}G)nUX?-Ydsk<Zq%_er
zXf)2-hWH71@+s?C`m@u(Elfr3cFc8^%nK`(SCFSDSrKLFv9t7knl7;@gy1)d<DXd|
zC#-mb4#JyI@oWS>pL>WCxr|Vs1R1<FFmbRkOx(3F(Q8oS;lwE4g*1Biz0<h=`MQx(
z<>u;K+@CQt;pH?as<@t&4ZP4UKD$Tu_jj@v#z5_6gO^v`z5Zmcn?CO!bocfS4)*u=
z%wMF!%FAxOo&$-wJJ!+<yY&Uy$sl_^q{QxVW-Mn&Fk+o*+qE{q;Ys1@o^l~G;_ybp
zO+2y1oi9A_maP|Fe~s`$!Sv}r9csV5r%;x4oI6}v?X)dBY(sbGc2G}Mc`~tO3?(73
zY#`21Y=~sLtCjdcIr?9ko$Q4dPd%p%0qaZaa$Pq$bk1Xu6}8J0&0FOf1w6^ql5e_a
z$tysS6w7=%wX?*R%1OWxO4D1Llz<c+_EFIJmxsbVHu>t&jn6Se$HfYbwb9S;CGSP{
z67I05Y=0L`2O+1JAmFy}vix>f`r!Ru7Z*nTZP$pTa1}+o)<*A~!D{$2q$Nm6=Y_c6
zlRLF}4+PH5#L-Da*Jd{YFYx}3V~XztWIBN`&^(iQve;kM;JbBM2l9-=q{*FR69^E_
zmA@5N#wzW=DWPyQ&}kb2bECTqV{m5sEi>?JN@q>d5SN#40XOdMU}1Jm0)c&Eay?CN
z66(+sJ`sv=yUTfZ3Sn;BJJ!8J^<WgIk91PwE^e4tWWNb(0iXq%0L@`fLOZ3Z=87{s
zrgmyQ?oTT1l86|iHJ+yV9k!t^@rEON0&@hGb7dTujnlo6YgIA@vMEfC?nn_{a+fiE
z0%t(;;Zqb8g@NbbN5}PI$yYBK0Nhj7u&Kcr`3=`IaNkvd`$5ap+0D0txG(-Vh+As1
z$i@OJ&DZonwVEkQ)He5JRCbpwQz$q9y*U4zOV3kG&CX$a*mj*kcXMh{r+Q8bgucj@
z-6MJy_k~Yde>PJ(qttly666q~p~)~vugd6}W9>?}om)H~T5G*=olcD;fGmVV_V!Om
zwh&kbGAVcpSP9x&8{C;;&~Fn*?YV1M?yn-rt_O?h+M~JpceS#hxbosoF_hTGdAJHE
z^v2%1^q20CbFch&f$<E)-VkgTHj|Ngv#W!P$y{|Lj)C(~{9G<rFX#Oym-E5X%DFI4
zqj|k!F*#?h|CcZb$6D?c<^dr>2N{~vrlqc^>vOKX0Nu%M+7H<REq{MS{O;;5_T>X;
zHLKt{#TBj17m(-2`j~6@=$fSqa>qY<>!a`)*`J`_@tU0kD}+rvi6jX9y+i<TDCJa=
z#YC;zOW(eFfQuMJMnTNXCu*aQ+9vibWWmn5=3<~JO-L^@G<Ej&eCl3=FjsCU8Y;Y&
zU7fZMUgBDK!tcPtdU^JjllLR`sy4^?<PY|juoJlj)ZWo|Y+C58j=j@x`*>R0>T2aT
z{#KR)1PWa<Nl1*Ffbab<n37#3hW?N^1~nicU5;w$WuY%UQ1OWG)TSuXTIv5$cwXbu
zH}g66=(Ujkqyg$hLLsvuDsVjw(QbT6QV0|UWtLb9N5XK|(Y_oSR4=`U+x$J1qL8@+
zi^wbe^bwmaD-W~*daqfz`7N}-H45`O9cRv)*CZ3cx_{UEe9upQJU_Ykb9ZNNO@gh3
z%E)iDMjQfS3D1#!@J@(!sh|S|nUk-waSCe0mm6BsB++k}7ds@VjKEy8wQ#b9*?pvb
zjWDFN%UfL42!pP^yqM1%%GIQ8=y$?cFtH5dVhe2G*0<%FbeB0Wn{%(<loy>?CGr_X
z8X~){xvMvN_v(nLSJ>u)I=zZu@PISOjw~vQUf1H{Qe1tIysMgvh?`EigNZ8IW|_v_
z)IM&IxF8&|2fGFj$*;c|*i4vNjjye9TRD4P(pvXC52@2NHJ;KiLzRvIcS5d<ge#Xm
zLcY)o8jOQxt0pP>S51*MGv8{gQ4PFC`A{Z+l7jOSxjfWuq!9P5ZX<=4Dlt`dN<;|E
z`A|Bxwz(DD{SZeV)cZ|?E!hM!YycH)C)Ka!a3zx!2IOn0CKf4f08AOu1~s{AH(<BK
zDY+UEUs_;UvK<QB!#^ve!mYd0yXb-x1KX)vUzS)a&Z;=JR8IlTYT+2WbR3Ne+-45!
zi~km{!O|_os$n~rwad`zoVPE*Ed#wkP}{*QJ-kSa{&8`5Pp^j0pp=vb>|LPffeK3}
z+E(H(NRG(8DxZX3WZ_q&PDHWqs(^d=Qg6FX=3jyMAWQG?b5IOnKKo$L<{G%Ask+vt
zd=5W+=vQ=r_R=gN^^YcO@t4s_3uY7cOP=l?>P5bUJR^^`i*gzG%+W_(;)130&<qIW
z#?Os445l{2S@CAr5^SaQWI3-BQ9|2t7^ITdliQ8p<-lTwrS~54hT8sUo9Ax2N+3~D
zMa~I3Bkq8K!aF^dntoe1MOSpBXZ9v(Rf)r4p_5mGNG(TqdwYPajF#L^DtfrZ=uKXG
z_`~E)X1=vRibnkwDBf~!B9|AebCIbMAW;iCXFzXQj?_AehJo$&O4NR??G!eN5Y8_U
z^ajb9rM_)0qVHrN`8yoz5T=5CkJXJ>l6YEz2beByl3ydG+A_8WA;Z&x`IKl&v|a;2
zntv?Yl|m|u$T1*R$Mp{y#`U$sZ%zHoMsx=n_H9Vn#iO@ikMXWYHx%W;>L)EDsCHsR
z)!k9W!gUzWpYxhB->^J9HVaj??{Bc4x4B9cDVyrn%2LUAi9VwxZ$uq`zpLoZX{D^C
zS}CZJZB`RhM-Nts)IfJzm^Nn02vuk)F-lkPgLfy~=S<*d^AUI(Z3W!+p7rJY0|YSk
zbAf)W(-}QKUUz>`i{3Wksd^Q~QQPCY(oGOP1NPAMd?8K$gbR%YS%C)metZVVDqCX1
z-Tn@D+-<^R1v*P^5D{~(#9V$pwpow{%ff`B+UD|wP4PNl3@8k4xJwo972W0v4+2%@
zjkI%WKxhS##z^qiA;4(O&rD;!kiyEJCZmC1w)1N%Tj}I3)W*x;FBT;VUo(}x_RSK<
zxvQQW{lV*Q)53x(jVmaJk5N9gS(XZ?b;#~y-Q@~ti;MXUu03VQ=R{HDb6*{Q{P6bl
zXn1)tGAo5YokESVLV+GK#xnNlG!a(}pHm(?qd`|ITUOH@yR_qc`Ou*SpFvXX{oI_w
z=?Hu$og|-(mJj#z1ATE*0J$MjJi^nkf(&BVI$hTnhqoXXj9m1QdR^6OI&kts^71)n
zRt)Js+?9yq`?PIe_nFW?h{#qTQ~xBq#`nhnBIC{94<Y&z>#viT0Vp``A6R5>q)s{}
zoPMmbrz{-Yi3)$>)&}2AdcDjRE}f?l^ehXx|LqWC4Mg<E5-)-B%H&__;+f2^U@q0l
z2TKcNe0pUgRq+5A&$BN2^H~oU##T}b&BuYY@?fV;Bp(6$14sL~rhqmreI+z&EO=W7
zBpd64;3{#4u!6pyfu5@lYYHB#UesSh@$XdS=14NOQEW-L-s?4G;jVs)hX`FvyVG0<
zF`#$z_k<b)IY$d~H0-K?h~_h|6*QBb(C#2A;NOZ&N`NhZdvKW{*gN<JSWg~ah4emW
z<{2K&gH49DLf4o|fon-9k8XaWw`XiZXoht1qdx`Ui<Z?i0em>uO1O7Wh4u~_fW3qN
zh4p@4tVbKJjO3xgogBR15!M}OREPVF5z5hlg>>d8LT*RWPt5MB7+N{l2FbyzU&A}U
zI~aG+uauC1a4=*+aL3gM?%<CEa4g$D9=*XpLhKe09F=+Te+MMTab$7qYv%pLSX_{0
zK`ZasIG6Lqe72m+qAPgEX(S1GuDAx=rm+4lzz&CN59GH(b>3UPHKcR9$2M2BZz~mP
ziC@r*lOfB`T1TvF*7ZGtI}~>nv^%Irb_X$FchDHuiCe-Vh5>3u?EJLbKRD<PFv+75
z+VNvrF}bw;L^}H__SGsr`sG{#wl)eNFi-A4j0Hlz)zt!8=_)6l>blx-ETza$S`Z+*
zUQMr!O$Ip>n>1%?5b=!`qA2*MqPvlRcSvi=!t@lqm72qVeqY%^>FUPbviE5besWiT
z(sg^{Y)K9rBh!TLmjwzClE|2j+`^;yM$y4$2x0NJU8m;4%RFN~R7`K(w2231;;rHl
zXr_`RJ-~^=Mmoh@WQ;p0W5F*WSAD<~V@qy?5hf>KXd#53(U5ej28p(9xElE7laJ?b
zUEKPxK59*Yp&<GSiKa-9S>L(!ety52;%K>hYh<e};B4#0v73`?e$m4$cX)z)%+WNv
zNvA|H$oDTyXOaAs+t_!s<shl|F^TIt9IK(s%JuzXD8AEu;!GP^3<I#85YMv@)ZBZx
z?=F_%=TMPHP=x!0a{TfK-|c@&2A6VKh%=b~2pthVoSk2)zj}in_TLPSc8_(@7Bmnj
zttOJG(P|7d>~+I9d#~<bhi5koD>WfYwTx3lWB>`HutSQZ-=)ocRzW3NYSc)WUdZL+
zv3t4<0O>95!G{|BqEbw|N<cdFeD?lQ0`pG0TE|B-JHVzcuI?web!i&UH<&b$>DXAE
zZ_0aY`^NZOJb^s=Rr2tpL4C}XI9_fq4#4hDBafyk3uu63*022o(cz>bu81o0;Rp1+
z^@ix6;(c~|(IpM{v-j$Fvr@nLR7KiG*x=U3Vr5Rwa3`?hw3JEV*k$B|Ilse!e~+-=
z&Lal>E1(rm_UwHpIU26*T(w2qzf%|YC)go}{4lsW1cw&wR~EvfZU7(qVOfjr#y^dk
z<S<k+ytArI7<H}QIijkgbe2x?bSCD;us=-t!&1Mg(2}txi~T-5pO(N+KMgVug2t{k
z(bTLpxDGJ2hWO`a@R(`-&ul_%)t=TUd0Fd|USoC$EdcS&F^yAH7OBL^W?8!ELXJ6q
zqfnJtpl_3&%k3hLpY_&<XJ+u~scy4rMA=&$tTr&^pf`8CZf;LJq0yj7_`e0RS4SiQ
z?g4mV3U0!cU&JbqQyFFj=7#iZGs)umAq43>th-HkU><2Vyqhm>%=UaDyW!;)c7sqj
z$L)rJ*bT!k*&4&)Y`ILorX{;U?urnc`1Zo_`RS*V^NW!&Gf&=MoK%?&$NiJRkGnrr
znhk2JD9a(#rWy?X#c0-@H~puxA+|LTLSL=L9M~NxW-x4ojD5-2x!b7+YVVa(j14UW
zS8!dLUuBa3A5K+wufd*<qJ^Cnk68_m7K*W=lfC@|kxHoio7o3zg`tvrpHvzf*$i&#
zuOkPc%64dOBgCFx_4sl}teQqP74TYPoizyC4XtDylt%6ChVO0I-=%G!&Q#1i2z2qG
zK-&t7fctUr=2Y}mw4FK$FHi-%mP<wg1dwe#zfQzE)k%VTr;~g*9~}+PkL!@OnX8!`
zWa-?1kw7Jmr^gAtO>hU$r2(G7=3cf@Edy`W+{*g>b<T9O!IiNwxNHp2H#gl9j1IXT
zPYTBSJC6Y4*fUT>AnSlPuU~V|7+NKQyjlnGXPyXL2C9CLAM<+xZ~f3iUrUR%Z3s00
z(;7uH<CQ4xZ-AGnVZb6+at;CVi4>>Fi)zzZo)Y`EV&lh;w=3dBfqkx1RGK)VJ<Ry`
zza4$*`}|;l8AVj~;`d$Fe79{01&K$oi6@ZI9ojGyX)E!{fwY&sF){H_LPmL)wKz`$
zGQP&KI<IyIp-*YnQQ#d+zG{y98_n_H51S+F^o{1$)U!=<d+`U%EuHxlu{_!L7^WM(
z9i47A;g{7DuJYMG2FTi^3WbJvavK3z5s1-kzeYn(>+H+O_W145(3eN_x?(w=9z@b}
z`L)WBh5KkS$(hcGT4!EgXOdb>003ea*~6S8TdI$z9S`<;vXpVrX1#wX@{}ELVzj=G
zHGi$gdB0WQPH``53}^eG*EpMTASyxR+HHzzm>Sf{dre`n`%(If*^AB7mP3!Qdxa_i
z$(HhLox-aUTFOlSr^ieo%^A%x82jykX~`450Wfuv;B=H=`Yj`7Py9MXCEpaV4*ELh
zSy)RTyQJbB|38GXT)X)N5`En2fIIy=0I#xVDw7*rhH!jhNvqNaTE?=T7pASjDoX_n
zNN#mqy-y_wHGI<_93AiOo&30e@YA24zc~H(mpf14=?t8i>C(UdbB`n3O9o$;QVMwT
zcSBK5oaTgXAx7&l{v&;(6(EXhF@IN7>g1W0wHx8nmYvP*!~HGrG>LeRx;A&|5B9IF
zm*|GT)MLr0K8twc;KknYc4C-~uoV=o9fS4%^Gy}a-gqj6T4Gd)k5cUiA`@9BmTxw`
z?+oOwVPF_4@x1b&Vg<Z)kCV(?;CqyAlaW+yuN3sqJU*H!F(~0OmPI7!EleQmSxwfK
z<<T~v#{||3JT>xCOF`O-zO4-%2F$uphXD(0iE^|{78If`&o^tyQBm9E#b<CaJ3`eO
zsxAwGo8aET8cI~j2gY)46g#6}Xpk6?^f{^#m(0NZRq<2>)e`7`3(glagJb_rPnOg`
zp2~3kNK_htIg3XZSt_tD0!Ck9jDV!{6>6ccGGyAAkr|ETro_>*uICjB4A+xLFMW5>
z=J2!<m{!8+HCYt3Ve`0SiMgA<0e-AtC;edbSLR>gX@T-Y)HNjedVfb@Th4l-1-|c2
zjWIh#(H~Zoi#_+Ar|ZA4F20bMj+dSz;kr@;uT7C@?opz@N8h-50N6yO73)(M)}$)D
zgo^)qzn-6y%21v2q@c+iC=KE#@@ldq4FLw^)sj&nBeqvzrTR71>0{kRhGB`#x+tX)
z#pK=co<g$Sl)d6Rt(J=Q%e~95EiX-8IN@xKzrGc6aJ|<zgbyI6Pvz@yPM5>x-PZ#T
zSSJyGnU!4>2n@(h9vKimzk^1M*Xe3Xhim5<-~d<?ZU(mAvo#P#`taiCXY#>;A$hO-
zDyz<S<{WG8^QA|+IZmfzh^<l8wgm!XA;|uC+QSP|`mH|xY9CbdZ`x`s*xC7PwNX9R
zz%1u1H6w@GSK+$V0*SQ`g32`iQ=oTofm$qHs@3AWM|^@+BhCBEa52*ylGR8RDYA2y
zGwEnY*Bd;3;bg7~Tru4b6lFdWK1kZvf9nqK@4FZDMYcC!%aH6)O_ZJr#hlbt!DvY?
zl;7O}dfpY75(fGSxiGc!;dO{y(tx|Ia}0Q{r}GEc#Ur{1JIT#rUKFErHd~pSLDuWe
zY=hhB!)Spl_y~T?mKaU4tL5lE#Rr(L8nb@{8`u1+d7JhlUJ9Ep^?+i79k+cxoGW71
z(^n++P1cq>$^@Uaob4_tgKM;1vmbx`s=uN571WAZu;t1mO6$aX>Ezvqw`c!xVxv6t
zIdg<`g_wEX(L8y(oXDplOPsve-`RoF=C5_qf5E?vuX!@qr$4KuPpDZ5$n@;p>7{?B
zLD`wR`oXo>+;EY9^_SzfUZ88_ta+#GF!|M6lHV$-s?2=|An&Y95WoQOxd22T{3)t~
zeCfPBDs+3DkLRO%$i&U18GF~)nbd5lg&h{S8Aiy|13adAYSTN-e!D^zaibux51iEh
z`x5^Jo|1#_mKCZOb`9qk3p7&`cIs!e#6~>$U1Xw!cNE56S$@sjHHr_B7n2fKU~Vqh
z&(*18+lz?lOzk%5a)8Gc_NtYBdz&FXPcqOllE&L{$Irs9sDH<uND|p$^5NwD@#*`Y
zM&~D=PEUT0to5Mc)oNY9o5^Uzj>PQe`L`Gjg=qJP<I3K3KF_{CR_RI-Hrb@ukgSJB
zQCmXMfy^CX%#U)cYrI&`YhkE2nd5An-<gNnhC9bRe%z$_wM?M`f(BXzSfC@ip7cCW
zLWkdPqMu(SG}apb7|Y7j*4!%<Cvs~ZG5-oaf~JAn@L|lywj&`+1$Z^blu*jM7h3pO
za4S|Kc%!f)61QYGDY{e$kUV9acF=@UGzwaAL;Dg4_y7pr(=m-#<K)XQEbBe+9~5Xe
zixdzIh(OvpsgOwl_@D*O#q9#I-xmHl><f6-J1cT6!($Yfbw0B)SoK4=ntzI;ww`Eh
z;I`CMlMe-P-9cJ`Iqv!W)br;R7<B?IXX8%RA6T><SC()KHFu|l@ODECS^*EG3rQ3d
zo}XNvo;yq!Lwg51JL_>>9M!P{F4)z4bp^d7pAgc;c9NF}Sf2!F3pTKsi2_zv4{{ou
z3!AZ+?s*k_tzyAcXLhttLCJ@}p36Z(33iPL`>|Siad(h=Z%vSLOEJc=U@4%v#_82O
zsHrEtQCw4h@ipzuz)SXoaIN%0T$^td0Mu{t^XMqO!|Vce?@E_x@HB8L-S>sIynQWb
z%ZnR+m=`%-{$?6G#^6y<rK&`Gz@9%^dGQ0vrCC>Z4d04aP2<8=0ILecxPq!=o>!~C
z(=q$S?ACFPXR0~U@_3%q0#`j5=36l$dpRxO<<KU}eGPXaR@A1~<`ENVDGvJ{W$<;8
zllRf+z!f#$d}=sWPxx64$10|5fZ4!U9<;gcrzz$dHc66Wj7RKPvzmw4G`O_T;VG+D
zH|#C=-wJzGER02Ax}P{*z1zXA#mZdKbIodNTZ9@#n%zU|+nKSUzh^vlaq{-ZQRu0Q
zp|bv9C+>vX->Jc4)v5uCP@e4{0NaGW*W2F_UK7tynP{`ph4wvSy4qEE4m2MAGQ3jc
zb5?KvcffjaVQhr@;*WUE!u-|{aQ)k#e=9r~f2~4>AKdLuAcC#j{AN}-Hh@Y@v4(5n
zk426ZrzeUbFXxc^z)I4bXft^_8L#}=*5Jtvczh1!3|k~=e^UZDRy|NdVgU|dR<MIL
zz!0=-K1J+inQ8Wwm5FJpw1(5sH1kXK*ot-OX=^jnJb;Ph^FW6Tr~vZSo+N%<$0k~V
zEoG{y20q@bOAbD!(pjH4_+J|fs)~xi78Mm8`U_;Tg^7P&Dw_leVySHR7+iarM7AeF
zdTBH?yB6?m7nSuP-(bCeuD=cuo_g}eAZ!e7`f+K0g5M4tHj2-#E%T*N>_IeF4;RNK
z>^+Ys?0M;0Yq;DilJk5f4W~9SEiWQyrf+E;?d1aX*qSjgMw|3GhwQ^dIonsq@2DfO
zf)ZimK;I4;jyH*AZ<uiB_lg*}{5KY38C9)GyYn~^E7I;P%)&ZBo5d|1#l1W{KSj@9
zSS&BX>@UA8PS_>B4Ho@o0IedauO6krDxB5>nr-s>f;D-ScrYyrvUX)d0qyx>GP+;P
z4ft5vJe{9T$av!4BfUE|l^DaFJ6{>}49QdE+Ng2b?P{kThX#vmN-iRJd%|xaA7RSc
zg5IL?hU{3(8m80vjXkd&*V%$kEI*Ilk~2%9${EzGB=TX~WuDb}fV1A69G`xChdYDZ
zC*ZWPUzQ;;f*>Cbn77iu!EE#HWRZV~<eL&G+pUkkaxy%Ij!`F)f`w?jms-fx0W^C^
zKMYow$<`rK9$oBL6+zlG`8=C{b(3~UUFLbyyb$h0jK0Fa7gxDK%r*e*+V^ZnpZnC{
zj}Lpr^Q1%p9T$=3*>`P{Lb5U5v<Z&8W#}2W3jtb|&aDD(&_4~lB>*((oP-;LsjP-4
zKb>BTemZ-5yg@diynQX=vBT13rUZOhm~L<JwX=Y26AX03H64R!79<E_>nzCX`q$Vd
z+702!_OIW}GZjzFi)L@SHckVMH3tZNH-gZ^oxzz_(RI+dJDi?qHtDFyZ)Pbq)PM?!
zH))X_>~+lzG6xt21=?mi!`W)tRGqef0!^v*>8DTsoE*KmOn;uN{^M`w{qfz$*U@s`
zN61=7IU3^Z=W(xW%bZTS+29feW~YgGoe(dyYy7sU`@Cy@Ug@wkxAHxte^X}T05Tgl
zb<|Qdv5V5k0kniv0R-P&yFnsaA5>QP4u|W)U+4E{m!qLkp2N4J59epcACIJBpHiWK
zzXIJmYGbh)s3UUcD~Bs;)Lcs!<08Mg0ak}7@vmL1;x@haDB*}MRxBMa)2QHvNxuK1
zhac`qA>(E@;I1wMTCqPSoC@uMtP0L~h#QkdWdqvn7qrr1>vpha5PI#y@z`BZ8cKEB
zr&f6p+7YfCJ7UhNO$u`YftjzGIR}M0BMdvyp<?(WGceofp|fC&*TG_L{+L{)AUQ&T
z00MtJJvt-b3*2U_C6=C2cCpc_|M@@vUuY0MFH<Eov`ThG;($GmWwig6-rc`4*Dmy4
zurPNU_i?yVv6AH<<1jIV3r)Pn>V_|I^Qga-5<u0lue%q}=9D{yFP>NS*~p2rU@s2i
z_BtD>`tow4YN;WvYfx%b&=J)G4V5M@TT03ss3$Kh<weDv+6{)~Ai4Dw^c+Eu{hYCO
zE@8(SDJ_X~%4>!R&FdxqfhaMtl-a33^+IlmiwmooXUREhz%Nwm!QQRTj_|vNTGQ$4
z?Hv1uI<U{x063*V)Ze{Z>Zm&NaSg0xUbPUx{&=POQU*ob|B$*<FDf2{BJkd5UZQQD
zbpuNS+XoC?qqgFN^I>CEDDIvw@_*9Gzsbx|0iqDGnT9d$c`534I527XxPxF%P{$*3
zoghng30M=NZfzXMZ3he8)T$%Lx+^y-6_ZgmHaCr%xr+0Gy2(Y6qcY$S8xJc?FZPh?
zIyfN~#;&PK$>P78V+JqtV%Ir2={XIhOUHs6xYBj63bP^@Q%Y)Tw$mwpObY$*1%9C)
zz0)3v*y6aJn3hnyU{1G{!xdJY@^{glo&B;bnQ?(Z^z-TEpU*yC;@fF7N(u1r*oiH(
zE}^m6^r7u{Ep>iRE@+F9;AkXEeO2{TqlpGQLeLiUBW^o>xc{BfM{VC#{MW_lPw$79
zAJ0z=DF5q6%#6n0yCERA6^Amh21=F2ka6Zom3;TO7FBX2U`ClCKzFp5J}5dn??iyT
z@Md^%a<KQOKmCah1(`Q+w1X8`C;JLYr?TuL-Gv@4!pK#u5i#YnR7tVX#Uoah`Wp=b
zV~Eggn@9c{3U9m%j{d+v>(hAf>4ARJ*-FkY8_9XlV2`IfGJzESAtY6Lmp)L&9k^uZ
z$}%9_Ov=E$eB3VO?kEm4`&O*8GyBXn2%be&9AE3k9GIu1`0i8e%7Y+-)+`~gh4)`$
zUH*=v26~Ysb-_0?eaYc)50mnCL?!&r?!hN~uF<JYP%{^qIPOX1TP<wkaaS~_eIueR
z9&1-ctfp7;Hy7{WKfS2W$5BFz8B-0!5;vsc+rqnH59Nx53On7*9nSW@)K%d{D(~X&
z{PkawBx*gfAcQL}unar)Yg+SrU-6U;{^nmw_N2c{Nvgi$Y9Qk9q33gGiRx1uDd60*
zro_6@NL24jp%nWU2_*Burv~uhW2|BC^6$~FApDUBFThl$({ix0(}jOuq0>Q~7Y;#G
zTA!>4?J<G};F();f5dy$T@jok_*+RwLe9)<bLNdq7U}E;VszH0rc5n3tEI6s8G|uC
z=3Vlnu<?N;GR9I#b@;|k#hRrUyDPB7lZbl69b+36J4fp+BnHf<lgbF53w}aQ*PI;o
zSXpRRF<tePtxDuU)plroU*>@5Yqz6#P4vYiv+tSxhO9&0C<-l2j|haVNKCV`GGOs}
zSlq}k&%TbbWjeZ@ufWY&h_5W0Sj$LnuJ6F!oW(57M#Mha9_={$bAYeEf~tF|cA$>%
zVg2Kn`ksulUXf)JZ;Rm_JiEzf87AV>t}&<KdYM494{k~1T`7o%3J(LWDhS!!k=>o0
zL9nDO|J?Jupkd(KlO?NkHLE5#Y1>uh>kNWZYwgf)VSye&wBu&QiQrhMFqyB+3wp(J
zb!CTGb@r^5fe$I+&@c)m-E?Uq<GGLpSOGhPHs<lrmMYROcK7?zm!#%5t9&}qQnV~}
z^G8_GxQDBEKOK~qN1^O0p^kd-1tm5>?*gLhP<t-bGMCYQyKG)dl4I`tER^`>@)CSe
zxkn(Na-kGXq<1E2BXc0Ic6~blEzi*4C5#s}8$64R^=4?M5r+d@V0;)pd^kV*B<7s9
zA*;q1D&O!8<V;+WSwKcG>`Bq%!We=EVfZR*r|>)Zm2|s|rn%d6*e$f;)39-fXLNLz
z7N4^Tf2YN@O(}Vw6Pdg3(0HI=%M}80qPy!t5mGr?gaJosi|28*h@O}z3~}%xTHV_&
z?~0O1XTPssB2a1K0x9JM^+RHUG`iR`)G|-<>n&U=z|Y3zeM?m72KkxSH&6A80jG{T
zNimy9reV`hC<m8!O*y_CZbQ@`L#(Cgf`GerIyevm0YQMF&<^b;0Ftpg>Yl*$kc7_c
zW2EwS+XiUXO7lQ#b8GAz5o?A$5Hyl)(e5Cy(=N-gQxa80bn94;>o95fK618%a4mc`
z@8F%Jm8z}ZS${G%wJi2uzO)N`d~)>m^u1YDHulqEK0}(z^#LtKToO=q7$Ab}8t{!4
zn3JvmQ@}`Iig9W(W2kAd7yMF#U}J!D_X-_<N+(~kMUiz=+BdOwYyg!oqaIAcyA-m6
zd5s|<)0q>XpTIOWYemSsIur2e?1<X#ZENia{T`IGf<Cakt^8RAH@uk@Y{7QD{a`nO
zHXu@OG5*`y2Jz6*Rz?DC`?<Fm+X8(Zergz1`u1pEO|~ay5P*8Nd}22*%H%bOLOD(0
zJ3cNK0cDeN0kMZCyr}8Z0O}7M@U2gbb7^-BuABJJeL$`2$6<!z)l`6*CS3udH%8BX
z4L}`)wkpBH$)X?XfU<|DLC-eE&#_S|^%H-whR%Go)Ies@ZR=3F51ajORKaEqj^|>4
z6d_3VLpvKHV@Q#D3^Im@);eS?D6$31DHnBH+tC5m^ARxUx-aOg+yVicFE>WMvKLWL
z91Ea`VPAK7!6`3))DkP&8;?;z@1CetwF!{4%4=UnjeivG1;o;|GbHqB@BfJKI$Asx
zP}hGZdY@s-de4qRSi~SP2wSm*OD`6Ou@#2wiSiOi7!dviSFq&z)#PNEd)(SIp_|<9
zAoST*y-|BpRY{6@IrH{ltqa!kvWm3+ZexT4#_(AGC^$&jovQ+GaDJW3jSm6whojT3
zx&4@28{UNYo3F!q7z;=S-zce$powxyHKtVts|5_0Y9L$J?F~|~3RXcb;nsx((rHC9
zmKQZf&?=|YE|gutbUHWFpc`9xK{&lXT)^)D%C4cTO&Su}dpPzH7*^xgk^?)n%VDN0
zyJ0go^>=|?o8wl`%?yW)GToi^onFoHmS@{G$nz<KT5O6E!?eGLTbb*ey{s#L<r-#M
z@pm2O;>zcx51PYOjjtf(l{P@mNsC~%60-QBaTn!FX2@=Uo2~QtU=4isbAIAj*ax%j
zZ7yMak<P|I%9V{*7;cKd-2my9eYftpI{9IoMd5Auv|5lFKJ(=UkU7BQ;1WcLfMBV;
z4m?-D?UqJcYN-)8j~UJ$sqQ_{`81P*OGv?a{vkPyI_LFl5vzOVY;LaJ1u_Qmbz^Sj
zMb0e3Goui7bO?f1TcBA{l#L;+Y$>`N<W?&$Z<EUnJ-nqyl%TF!N3hdMj^anc*ew!i
z%HrsF6YfN2TY+3pX9mS!36MF81v?3CvVA%p8{~=l=}z32;K-ZDnwGZiQ?pcH=-eep
zzF6Gm_toGs^;9wY2?=sqzhp{JMxRtpBSlA|8*4#ne^_G6^p-YpPmiAg;gwmH&qZ>2
ze0FXQ4e-Rlps`~4Za&K%x_8jy)KyS#z$wG`!`HcDoQr|M%fG#En4}Mnu#k_-&Or9L
ztXb-<nkzPPtA^sVJK8N@&@!bW-@fCQhRcc}#6u1d%!E;k(O3gq8Zku}`p8vzh{=~j
zYEol<dSi@+)LavaI<Wd4FHkek18#|D(aB>pd__-W2s+8HQSUAFXWpP<fC8c({}$C8
zeJ>~OOS}s?Hu)7x!CespX72fWv}MqfRLhwsFgd<GBpuc_h=9yZO-y=67w10;not~D
z1u~rS5k(70LDn`=yc@9;n7iTv0i5EG)Q2Q%hK?lAzjfht-AfQ*Ku^sipsoWTfzvC4
zH{dek2k4!sqTmXtrgtbyRQWsd-n(ouz6IllTnEh&t4>G*3)5{G%UohR=uo#kRe}ud
zqEPx>tUsH$<bP@*>-LLC32MBG)!iNPCttg1sY{sc3A&khKpmHDPqnzDnGm|tTL8A&
z_x;w>+s3OZ&>K`r5J7jTjA?G<WP4|j0L<mhyaN+?h-G;!yK&X~N3vizj6M*<NS3p#
z+9=GLe#d_(eb6G@%ae=CcPHmZe;&TS-09oTjmO+S8h^3B*YAfw%(l(WGAOADib{(x
z%|h=-xjLLrJV3rNrf(|i+z)cIZ54$r%?uB-N21p<C`ymSB43#ed(5W!XK%>RRvOeT
z2_;oYaBYpyX4W+zc@V^7$q3NSr6M;QcCt8z9a_xk6cEk{@-X~MTdA~SwYWBibix!#
zqPG<v2WG`9OV0kzo;|2-AcJ1-b&Ru3=%`O|RicZh(LSka4w{0V2Ov2t0bs|T<4Yb>
z*9c6gIx{P2;06k8Sy@fGPYPGo?HGSm)i{qb*c#A(5Uy2<kmD2r7(=y<ltKqLFKQV1
zO!y|P?xa99rgBDae5E70^o`b~*kWUjW%CPaNQIh4g1Y?5Y@*M5kJSf7AC-Na!!~;`
zcmh6olX0E;5m_RK$tg|j4VDL&?-rx_3INW}MOY=SlSq?r2}aX9Ix>l1*<sfMGac@I
zvyADq$I)<UFkY%*R@=aT7E@(3_n_hJ;Oz(hBp^fpC4(8T5%{fjlC><IGu7X}NvlfP
zw5gO`AJ!{Ye)-Mq63RfRCkx6w18=`RU9Xf+*n2~p+nEKs)OBnUDhDkCUZ*)-cgu8f
zlUb;iw7!rjK@LIvwJ9;&Z5LtKf7VY<9m4)OyGlL~NnWHL;$^L^rdIId$J670x!zh#
zuj&n~Z&v%@kRO#kjEluJePEPdkJzbZ=DbA}L>W%_RSkqHf*J@9UHG5(K}Oa0!g7lM
zbA(@G?BRb0AxQ8^JsZds^}q4qBfR0_B>a{+3*$w8uQnY2;jhCA)Bu{LqQ)aGaH!Fs
zq$>PwSgrxy0Pw(qk&c%}Th1S7a4?2nC6=DWT(x;RefBRyYaW|h;0rkR56NyufNw2*
zwZE^a%|+RYE}g@u*C7HuAKM#&vZKq-O(*7Z&uly7`gRE&PKk$E4Z1?OjhRbDsjHJ?
z7GUNzXpvddC?I4R068w<VQ#*dvBh?`8O>^ujvpRJ7=W&bsydCx4dXm8p1!rjYS1S^
z8kG|8BYC6E>`Ru}8d~5l325XywwGc^1t3quW&M)Rr(}a?;B~Q!Vg<HA@XEDnFU6}o
zYQ~yi)g?D>_X1p@H-=Qa?7cfF^)a^eO)iXQo=>IZjc|VW;aK{f{J5C^6H<8!l{phU
z2)z)RImYaIIA5@}=vZjFcw<c&B!)f+7@cxA5F@CCR~<W3eUtdMKPGGgz_Ap9U|9VH
zNb|Z;KLDkJ$oCIJgVS76uYs{PF~3|CzL}X$@6C_qJTLMwe{y%AEX+NF(r@yO8g4z-
zf>(|!^5>Yf@U{|dd0&3liMx3tl?Fh02uVETZ(zeWEhETEgZ?G|@7c?j5?y$~qA`2)
zdd{&xI8r}2byc)gW>>Iim1$VJkvL4@8)eSq0;@JcG6e;A`T%6@D9Yu++tc@-hHp=g
zN5gk#AKzc9KnZH`lo^g<Dha{q9eGLiwh}C~08-Jr%|sQUB;cHgy}=-umO0SKzeFCj
zXOO<)i3CK4N6(&X_gZ&}Nh0#SbW!>`Uwke!OTi|S@0(%B>`SdF+Lo*gND*ndT_b5-
zBp*m6WFjbgVJavz!2vVt4oafg&?Zt|D0>~#{iAcLH7CKQG82(WKCHSIjo8Qqh~5&}
zNR_gR1SsRCTH7z?@F(vcF9cK;hS=Ib&uo|8*0TrA7!X*+jD@iGl+LqY^BRlYC*Wgt
zuLoADjg9Fc0|j@ax%m?b*J(3x?<!^3NvJtnpAOW*^?tIg=dCchi)>0MDW#pqeqdVX
zx-L;X3OqdR%`ACkR!bhma=FN_R!f0mR4b@P*rI4dvAVv_$Jlh?+921WhiO<Gg@DGP
z%<dK*)l?W9v`bk-nD4>tjvTgV-w*E!utvC3sTE<<>c`WQ!q2Py1qpb+B*i#2tHX7v
z_!ZiB=C9@#qKn(SCz6&se=aLfUCNCNEFVO{C@h3(W=v(lBc|Ex2F*h(bIPf~tvu7b
zGy`nr3@5ge;KdcT64%He9bvu<OWeT<Ein9OZ&RWSV25jdcc0R8z{6<vNr#XEM$HIf
zeFWYWu#+E6wuZLT%O|j%IKC@XYQBU~aj=+;f`rCTo_OO;>S(U~U^pFS6zjfMcZ>el
zu%y-*N|n}CJk&`HrBy~y1B(ZN+#5ea%IXuj$`3aUwAuKX__2m>j{1Y$s`%N9{y_c|
zI;|vyPP|oAXwcXg5;v{4Pe-u3=qv)RmU}kXb6&3EJ4QT2)Jq$b5J~vtzIrnJOFyyl
zS$&1sh>eR*kwKc`HD*&5cPx46R8jlWnR;c@tuWX4y(U+SfJI*oypD()FW=2z^j<SN
z%o3s_FG<)ZTnJ~^p-0j^sf`K9c+9xFuzbo6(^-jI$f57jG7%ozG>op-qoh(Kk&5_7
zm=%&TR%J-IVF18@RYVb6MExAA!!_x4YCf?*Gc6Kw|LZUaxa-C(Hmpin^9JJ4My(XZ
z3l*7+yt2xOFxSXe2?X9Rpp~!)2_l-yoZ^{u`bx<XU?Z?k6D^lhKc6W1nk`i7BFFxU
zWViRc<MaC0A5b#JofRpuR`-!sL9+=a4&@6{It5>}n|N&Wd%5W69zY7D+>A5HCL!xV
zFi&7OMPrdIW+<U>Br$_P)q+?``E}w5o*rc?MG>7=;Fv(eQ_vPNX2)Nt)zN%QrP$w~
z;!SXZn;f`icF-`CHLj5?Nl{){OSD=WO!TvUz6TS>pG=HU?VX1B6_(5zqhS3<?E+E}
zzWF9tE4Jl4fOY)kW~NE#z=Z+r4mL4TU@ZD++_DPm)4WG396{{OlJp8MMVA;)(clgq
zg4i^r=nlS?kv8ZE$~#5^Z@LjMS111VHO2eZ&T*AZ1t;g2PmS{_XEo93u#D0M2bm{5
ziHTELe*Xv)2fpsDv05%Nay)U@G~#Bd`(J4$d3dr|{FYes`>=H=$3j^=>*GV)S}A)a
zD<w!w<AmI5Yi00kcW+%<pus2?kXBZk>DSa!0lawWFgspDH<^(Z=#)uj))hS31u)!;
zcYv&lwBXwOe8DHX@ml{R&sSS@WOiKY*d*Xz;VuhIo?*XaryMZfiF{z#fA;Jd{i7vn
zuWd{j#x1On%o^?vaPPziwhIG;{~H;Qxiq0W1HI$#mdL97f?eEL(HC5$6M7nM^K}Qz
zH~H9f?Mj3|*=V{mApNl`>+Pa2k21=_rJGGQHWuQ+nUeiPX44ayOuK`!#dP3hx_XI~
z<*8P)BgBfWd?>bYK&6@CvpYy)JkIr#u^X>dzoY8IB9EP{hd+a~TzwwgTmkrtt*hCp
zLxZd2?XfYnn1MIH$0J&3=Yz2YqQ;gTvz5%ohC<HQTTJ80y;>-vb`bmSZt(G17bGYn
z{TSwGqs-JbH++Lfe@|GxqR-4wP4ATlitAu~zV6HGzQtF8`Dlx<y;(B{?c1HQ*elLt
zBLl$Z=<anf2O&AVI7|9327CJsF|;@h2wuz|t2PAew>Z<t%deYruNHfIr?K}6_y$OK
z11ZZw<u6vFHU!k5*eD3Y7xI`cRL)F@Zk^NaIY?p5dxOZKLz8Zl^#mZkih5uZ5FeI{
zaqmmCt7PI<=xi3LwwIhMM^yxij2kwR^fyk)`Cr%@4%VQqB*$Ryqx3o}eZ*cbe;pnT
ze>~aQ7J(ZT0vSjM!3#i@cdO|#zn{8Rv0mFqU25|~P-xS1<)7L+j|04l1!}b49=glo
zDb>kV>S3k*ABJHbn;PZ0<n4t9+wtAe5v#bZ;H8Y*UDtd51cNErm=k9A;Hlj@t0xYp
zAM1OsKxMl;Q3u8j>L$9kFH_x@sXhWrKjB>VOLKWqGne6>OvSSA!kg(1eFSEH!b#cj
z)Z%5%sH<`$tO<gMGf;f>ba3<-5Qj5f-W(&B^Z?txpa^;}!nWs5_rx<!A>TfRd<W3j
z(V>g*l5O$U?#RCAB-nPy!^d(|sg!V?(NplS)_dA7ZE+iX)nXj43Yc@%gBr+D?)n+D
zy(WitVqBcC9ks$!BXb#443?Kcqr~IP#mk`asG2s+<s>(JP6_RT+zunR%_)iWFx1+e
zvUcl~ltd%IK3*+=Fyw(IFv+e{bN6F9#nJGXZksvKvSy`@mA<bYKk1>)uV%%<I51`1
z3GbKpZV#CfF=i1~b@1@)7n7D5WINVE!@Az>M?J<|Y4LauY#U=rv6Fp{<@JmCSECNP
zLeVhs;bIxdw<0h;${~h0e$WKRt7@Nha<y*xx%gh@Sfd2xj^5hhsp*u8s+~)I$-G=f
zoxs{-gAS56MA)*0t>vKeXa0!e+Mq(?6XpMu&6PrPGf`<9m%X<L>$ig{1Q-Scjtfha
z8`S6FrlfOFUy;XmDwSoTNy3k7+himuUQ~IKA%O%Zcq2Cnm3M}+hEYTHhB(H;(CZ>a
z)P>2VpvGl8u4a;;N+dQ#+xBvl@qpo@GC`fRnClNFPOpJM-vPwKiR$4=`YPBX37)J?
zdoZS6c?i6;VNgH9>IFPx600w-S+pf0A$(i5L?}PXk5J;JHA>;^-RY%&W)72IYw90S
zR-Nj4$4I%Ok*s%HmCGIZOYe?`sNWC#kNahgr7Fj@C63Vw$Exy1`p<Ewb6r*AZz^lT
zQ#E`NEOFYd=Nr~rM3r>R0`@Ym*J88&ku}XUeDs2bi%=|tCFHK~pB_>s0G@RL+dME)
z!)7TgE$Yr{Hg(%}egic^O{YkiSo?22NkggxOQ@xv`oI4lN?yi}c{?9VU7av4mT88n
zss%#L#n~;2ftb_oAgw~@9ED%B+XgD_D=!!zIk?TnpCth)^6E)m+)vYoqGy>=y)DPj
z1S8x0w>!yZ=02RIt_%px99xN1>i#}Qc9nLx&gNNYKee!owo7HSFjC0yg6N;{Q3B~j
z_6s~d2Ui#<FJG0=kulHX9^SZqv=4ZEvx)E8@wEUqI`;;cPVq7!d6-Snu~}R)6cRMF
zsK^SRMTiO6SpM9^BFJgVuU%@TF7&WD4whg6Qg6YHdN-#!#=CU!*?m_pr=qLF9369d
zAs1v4$&TWtiAu}xAIwGYIa~IobEr*TE*|U#=dc}QwOrHfafMVm{KX9}G|Noc?Ct_!
z>u<;s1Kt|1j`d;24r*TDA)~yx4fEt+JA^0YH60X-?TCZEt@Bk}E++B)3WxtLSg^!&
zN|vW<jca4Xer;RFyzKmVbozdHbb0#er0sFwINCun9QjW89?V5wWNb5@39ttHZg0?k
zE_42PaokBxKAyK<*%M_CdNZoNlE+r^S>`h=ag-|?<azPu(eU`w@cohb*PG#6_+fN;
zK74=i<H>pWvJ*CRO3$ZiBHKnfMaJuL9ep-i-3cQs8(7xP7lR3&SA@As(`<5sUj1Sf
z_7@?839zv9T2$LgdmB^iRq*PCz3$60p`<fV7;JhX1sqG^86Hp=HCs#^I6+D~`5?9C
zRpAmd($(xU6iCzGeh*U#waFRUGNDyeU!86_w5SuO{~7ctH?lE+EjSZ9!-GC_Vs?{X
zuq0|bGh<Wj>{}MK5dkl6A>1WV3{6xA<p2*%v5KA7!?(LWMX%f!;|h2Rb@)7hO6sDJ
zxw!e<w2G;ppSemb{i4DzRqkki-uoNRTMw?$+z&RId#F&q@%*1}JpXWjjb!j*BN?2Z
zd^$P57{2AXw^)O<AHB={4(Xy8OL{m`7_RKZgu@c<9a>^kBt*DG;;?Q2#H;+MdIQpI
zB|<avJ&yF^7Xnf^ZrvpA4C}csS;2tx>=i^XE8WP&b}kXy=mJ;b2pDs?v;3mzmTb_r
zst}0b*rC72)D2h$AypO9F%~gYl4p>n5W^^vsi21(Typr%?*Uwv<ZuEr@FEhwHU)gY
zZGtkDj|cOI2K)Q<DfxuaEDMu%Fze@$AZ+%1utw%hU7OA&iTNHcvCE#ZmA#A}X={LC
zxLmAe(#$6>J~zOXn4kc3=jK<{7<0cl#ymx*t&M@s;=+)off>k_J;!!}9ds6`oOPot
z6sZ8Oi7P6Ip-#7Q3TzJc59pWwtx+aE^y_>LxEvU8IoKFnI)0!u*sjBiqtjDweYukL
z7?wd^YJTMOZ;mIpRa97j)A4MXQd+<_HTv8b+^T`S#t~sjDP7HjHCOYN=yPOVQ3X2S
zZz1sX<$BOit_M!82Q1e&8_V^;t4d{J`NzulU~~B%c(@0ju@>Vz0^vO09N=ItIp=;>
zbh^!5&j>Na<6Pbn3Pb7T#-@)(^G$lzC1f)>3uy=n*u$zjwc?190!+E!*n{tahAa^f
zBu~nRV6>u4W7@g`*KN8WPF$~`NxIv^=Y8_#Eby9=@3SlfR9qPLqfeIon&`SDfA?k;
zOkugT7BZg<KABZ`j&M3&lvm7X;u87Q;~3&Kd*i_t2=CHm0aSsBpstU4A-WNM2MA9~
zBXl0V)4=PMMhO-nRA9Qdx$jFaU^o!uK=^}01J;>-lLAZkO;=<q<_Q=fUGF`Te<g1b
zmPkow?9<|^?2*2gJ5o;3kWASdkd2pS>ZNb!VM>f*YiHuy(~HaQPGhi_0C9Q{Boo?e
z>ueM~o|0s!SBsHKQ4pN#cWl}OBREN<UcT}~)KT@3;zS0gD?GJ%i}h~<=;%wb*x-`(
z0u+RA$z^W#MNVwx<A*U3SKXzbGrf?c^(c87ioMMj@+F4tH>3hUc!BJb)!|dLyi3hy
zkfsno0R(zS@a5iej{n8B=7r0I+5kUpc<pl09j!2u@IujJJ(w7*2Wze`6m`5ZPuI;C
zZaCl2M}J4sYvWc$XYj+^2+Tju{sUjX?i0}4OaT8Iez#vg;VK{D{O&&06UOm^>M0E`
zbX@td^34PIH1r0*FHU%fD^HK`E=b6+A_eZKxXPfgITn1e<;1!T7UgBl%)0&c&~`(g
zo!y`5(hnBGS!R@o>yPZpxUt#+V@i@<FEf{=irHhB)GDeGaN-JYX|EfM`N6!2?jrM8
zQd0EjFvi=wa~d2b9Ip|Qy#VB*h=z{o?RflsA0KZdlpP7)OAc<)j*^lVN#^#_f;}1+
zQq)k{gsC07a;Yc{Ze<UtHTjG>rvTq*AY(}YMllm1d3S!@1v%v748#A%h==TLUcPM!
zIR*)0qf5`MDdD#MPAzc5&z%~S3BgMX*(3+boC}m@V|->y&aU(6GF#Zhb<CagU6<j*
zc*_?Rh^*?#^Yso=)wfrnEP93{$9m1eY^dL?xOrP02&>P2B@lM7smG0{dG}Bvb)gO^
zEDg$P;-EQ-fhFx~`2sM8CxDu<6x^VkHZMv|dDpx+?jP)8bA4{nFG}Hs!)l1e@<Gx?
zV_A!HS)iLjPc1gg;A}>H$oVxljiemZ?a>=eoVFFhpXM@co!UV-COh&6+Nr?=HgWY-
zJG{ys5L}o|uU6Tkugj6!4gGR!GaC)I3BpOSEK1B;ut?7{aMD6o%KAA$R=O=@sAo5y
zOLjIV%kz!kb#K39AIs=mQZToa<Bul|M0gMvVFeh38fj2+3FdZsbnPyl=`PD{+-+|B
zMkwb$oxB+y{l$e?>nHRg8bfuWeHzg9a(jD5h7xfc!uwY<Qsn@TKybep{Y0%>PC5(-
z1k=JM#!1^KV^*V^P2vIHz^zt!ce{&KD!0f}?Lu~DXX+?v*akOMAj?(h4Hy=d^hC#P
z&)ncC3UVSd6{T#I&KH^0v-0L3%deJ~dJP=>gW;K-2}VpUKC6tDo}c{q@%=F_2xKN+
zo}8atTvmllhg?cANsHU7IYg;!`&g+LU}&K0&tXgYg$q=YyuMs24c|qq-FNBCNCMrC
z?%fRCHHJWc*aMG>%7Wq}L!}%Uo!>{->j`V22-JdeF9Cz0(%CqND5t?2Rp774#s*q0
zIhQ+*0EZth|NQsvPL#<&J%HK>cd!&$*5%l)%fF>}=9pt3@m)+}+-!!HEGC*~&W5_n
z3&M;G*Lhd$7ZM{rO`Q*J?n8%nz5);R2EKYalA(u<fTv?az*?jQDG|k+>@XtvYE$~S
z%^zN`uBGv*t)``tnena8h!2y!LmwRy1T3@#3c1g*Jx1)+T;7mP^DCscnLb$Y`ZNxE
zjA(KGay~e5h9eZ9JHAkx&MN>uRx~6NfP7r~3#=RlNb~Pe?NR@1n5OyT27bK@m~b<}
z;$+{SMWwNcW6!HhC~-5XsxNslS26KL#GcsERXPQtsh$m?k0^w$JI>Rdf@a3XJZH?g
z>5SuD>Ufo((elz7w2FtB8NbnC4UkSn%}?pNippZ$6!$luVw8u(YsiOxABAoCwg#v{
zchjs0SGALb%NjP1m&s7BMMoU-BXrD<i~w{y6j5ntPg=Zz-UL;w&qwt+3-H76^61Yf
zLb$z*{IFj=3Xk$TTHs1g6aF<9VX7#slv!4s9MXOhvk(ulj<L1qSfh4Yd>`<v?$Pq4
z!FqNJMc)+~ZZ=<>MohicjocClt@Ox*I-&WyBPalpjqpwbGY;_*s$k(xV2Xv&e0lFk
z^v$g><<eH_?i!4LPYAou%s+%LLVQC;4ao(w$nMZSb^8mKR69eOD`I<Pn_>F6sT;*j
z@w>^BO^V&I)W%qU&$DicIAIlNc#;?FmR=BBT53_x3XYY(sI9o^p^O*q)NZVc6~^o4
zv`<pkFY+rUR1i4Sb?MV7Fz$d?4ie}SR!GR!O1lLQynwjv=pPOm!#=uR#fIqD+7Lqn
zDa*iqV*p)YMCj}`Rxebu9VA>bqA^h9hOD@Bg(VaVbC}koV1Auju_ox(TR^dDmi;s9
z8N(WXIFuI#8JX~Yl?x)x87*}-e+w}onaVPMHMEfAm^cf`3S(uSGFF5aK>ImkLjZRo
z1k-)P;oZsc>Bo0uI{d&dfs#JT;bJRik^#>tP8R-VG4OmE?F?)z3@A9exEyX2=|{<#
z2Z|8Mqyp)dS&yxtTmmPyC-f6HshpGl?p8SvC#E?q#k1k_E1+rocsFyLO+ivUa08*O
z!HGR`RW~3}(A){Uof)H;3ucH=-LknCMQrvqH8;7-Ky&299m*lBH)YiZSJ(n~n%gU8
zSHXPD!@uZzpEod8hlYOYz;-xb(iVLYig?Ht!|}jP2V<ONQ*-04uA1LlmU}nME9H&E
zNss5zWYTk$^w=<u^sM>(#$|2Q!rJ#mb_0H2@Y3Di&SzN<E^?-fU@54<plqaLfwdr-
zAr|Ch;2VK{?`dmli0UbI5}WraIDjBOfZX0^)uc;bfZy5A|F(%eQis%Oo}FZteP#3=
zn~i|Hk*2Ql7K3b+zha0aJUe;`ksyBoX<X4~qRxYFQn7SUjN&i9Wa9ZLtNQD%hWR%0
zu9_a%c#^@1`I)k@!!ACYy!kvh9S7@9$3cCz?+dm2jqv#ds7+9{XB#7Y)o>e~A+|f!
zRXY9*zaqsaEF&<5*Z$b6wih6MCGzu%EMe+9Ck;NlsJ^hJVOhP)TWDtHLQ0fY2cTKo
zuI5AkNl-oQX3uUS{AVTuQM&ipO$x&3qE;jy7i=Wi(%wagyl|xgDM`#-=GaATHkp6*
z-lsg(G`KD!P`zU%cu;ye?RhiWfr>wTWE|zD9V{)o32hz<Zc}anNDU)gzgV-&D&in|
zfcCz!hngc7d>WhHG(47yj9+D9is5T}0r^&f(_0j>u{wo9(&1~?rTHp*fS!o=!;hkS
z-15;&I$Eog*+%q^A<?x6TeTtcU_Q<rb8N-+7MEx<ljPYT`AAPelz+iKjvr~e^z6=Q
z$ATO6h6&HQCSN#eF>GRtFhO$+7HDQ>`8$)6RuKz;8YM1)2thM!=fFB~7DGW13{AWo
z8<R)EY;^SsY?-UYYMFKMMLm8m*{xm&m>>-XHNH)(+cJ&VSr?5{SV;7ka^u#c6Y>%0
zIa_iXt_Jki;#uGt(2_%c41TI8wM20yiSm8vlljNn8h$It=quJ48Y&kBB2YFZS?dAH
zP;;4S1i0bK3?0d4*rn^m9V5EG+b(XQ4Hm9zgIEcydm|(a{uguf&FRMT50SY!P;J9v
zF%OF~6EDs$HVa^UD==OKu!)(H)KWe1?wTk_q(^upW-a%Zdp@Nb`euowk;cFbU+yi~
z3C$2w0GODdN=<P!qw9~^nB6j<td-=n%nqJQ+5Pk8Lfda7v|z?|c##p?%le?%z=xKm
zj%b6qmq3G|H|Pn!<<MVLn!>0h9mQL%soTtI2!$iOIq;J5``xS}hifBi!Go1+O-{|m
zpd=T7K^OFq7(sCVAiB4BS==dHUTJZ!Wc$#y?_=l+Ok5f~eVTsWk^(_52q+9|mZrh9
z0#0S;t&iN4F`k1p?v^snZYyA2Xk<Ke?)SxN3L&`F5)wO?Mt&J6oEdVAKHM9;i&AEg
zaA$M$Tt>A91Iu{{i*Lt;@U2m>mRpRgS)ZYTyMV-xa0Mtn$F6$jel3>f?wcDc#(`q<
z%YrBwF#Go{<c}IPe{p&C_T;^V$C9j9nd0LfL(o{Wb4!h#_j>O0=Q1-4G<FTwYjV0(
zk}~CNdwI$ca%2wtK}*e`Qwg5qBwrA(AJ*_=iV!>(^82q1tl1JcgDkr{joG}EQ0^XR
z&!#9?Y{y7~vlyD-(Swq^`K-Tq&!E4@DP^xHN)r2xa$^)*r|08ll!wK$-vMU!&@d77
zCvS*@xOZgc$2Vez%)_}Q9VYo=8n+Lf*^iEI4k(QoJ0~H3O%00HC`oqsdf+TBmI=^v
z6C)z=B`+o}NS)u^r?lni=2@cBpHMXl@szNsY37S`B5Gf6aGPL^!qqpH@=erI*_QRH
zcY$3-7G^pn+A$VtZ;WdcQt2*B_f3iXEClkjqFp>AB{Xk0x~FX4onCx+J3Kl$_SCY`
z3Cj_lkCEA;-WLWtgM;qQZg<eX?C%`*_YZe>{$6sREA=NWBg%Ao0V!~a38`sT(6^yc
zaDY0pr+cBFG;oue!Ms1abf>1kBLlh4Qk7Co03~LoGaU}f%pgy&@}M1`bkXbaeNEJa
z#WnJxC-{$SnRf8H8c}(5v?HE(X-O2rm;giZAaj9ABO$6TC02ZbgYY_O3e){E$;k@&
zhnJ##Ju?U2#@RJ5$&m${^Dr5{JwF*9|HtUf+q0v;oE#@Dx(!*4m~r}=gtWb~ymY3I
zdHpiTw+9A`q@~5z1`iW;Gr!Hkb>Tx~7X$U5R^hh~H+eP_7EEIjvonyC_aa3!;StCX
zzVLkYjn(tV@FK5v6$Cdo=v4cy*WszC;>w_<h4D7uuXMxekPI(BrnpsH2qZ5riwE`v
z?vnV%@aVK`Z`#PY*fJyM*>1wv8G-*>#$p!)Vk2OGPz(0mszoT!U@<xj->P!<BVb<T
zrdVdKsj(s#52JK4Spe9A&WDSfnhJV*^p2V?)Nr6VXqtM+R7N0`B0f7<)ffsPqzR4+
z<1`o&`}-3|G$~KP<P^R{fM(+{Ed~jpN0VlBGm_Hm%b<L$W^O>KOP$$V3VER<K&2D(
zRY=Uqr<r%_=6A;I%_+&;-oBVas-Fw_OXJ&Y0_OG8m2tLo=2#_wKM^_#(WX#6!k$Oa
zQ9f{Q3ped<HB^R64SmcF?ltm5N(#0UzO2SQLCgu(Yhw=Rhttz`C*jP(rLpUmy|J+q
zdbp&JTMi`9=~Q)?*`O9e2@{TxFD_iTAXO)xQS0edA(B~8^nhwws9v)Mj|VoBGHD!#
z2&}<%{tE!eUg?_UXIl0<vtgB;mCyq020;FHxx6n9d%g5Nf0lw91MjBs{H_ts^BS8t
z;;uE<nl2~-8uJ$iJN@M2<x%3}KilzJ0l>ZPjsbuJgZ>V81OTe}3y3x%_?k_pU2;O<
zmOEv-#PadKB9?5@m9iaGmB68kM!@FtLktE=;;9&li%?<`W`}y8yquduvz&V$k{#@Q
z@a(<+8MnFp6w>}M=@0uQ3|yL@AHf!Wds~38tn7wjv9iaXdjO&YX9pP@o^9jj$A_Rz
zbMifJ{1lC7LO$V!kI+a_Kf(6YNc^4}-9iN8wGd~E9)D+nC~-}oLRU?fupx(LD0F@u
z!i9yy;au_W12B9+;j##n*G(X_m}#~OYYgmi2$NdY)n*~sBI_cPsf{`|&mD}?foPTj
z)CCMDedZ&5qQZ^I8SHAs?Dr100Ja%S-{$Jjx>&#Ab~cV(q8=xtGqkllF1k8lJKB(M
z0ccAa;EXh!&E`0(f}ULeiTJYu>_RK652x>)yPB~FrF23(3xk&C+UuF$^sIA^4&B%#
z6jXbzaSIjM60W-*d~Lauo;(J5ELR8#-n$eF`{?<#HyXOQGu25+Vig2q$O-6KEbv@f
zP8Sb{FBwHWzpg;Ga6D$5Wd=}$s#Vv+T=SlKlv_&AfGJ4mK~EG9w&g$2lLTKm;d7DV
z-2*i5<G$f$7_VF!f=pOHI?Uhrj<Blv0>u@@wXCpf$)RimgeV>WRMBl(S$}E(#QDY0
zSTR>dBS7oYp4oAW2d1&MiQ|qa7<-k>AyWum${)@sym+6_EK+G%qr*B8(Ubf&mkzEQ
zDC#Eyv#D2WqMZ=e;z@TIRE~#4HXm*}8%2uB+2;L94>Gq&cz<}A!|+tmYShFFQ&g;F
zrQ>nBF}hsYOWk3-#m&4@Pj`)2)*d+ixFI&a7l)k$5aAa#*o#QZD43MOKjl5ql3*{~
zHB(3s%YIpU1Rzy=B!PS29tD7V_3SQC5h~L_p>>e@!WgQ`j?v%2%Ln9nMR>`Bj2|P2
zu_}9lx;X#xOIso%Qt<A#K-6zXpeYMsw~Bfz`9}>fFq_R;9qI|MORF27rozXtG6$UT
z;wnrlryB>z&2cGvjt_xTJ`0g)!)Lg>SnmPgU5#K{<%ll$A}2R96lgLM@Py+E3&T7N
zE~eHd+7AA&WRz9y3f*ZGFI{~|<T6TKGRJ1jcEJ*R1a}(5grmC3sCzbi&Yl3-r;Z_|
zw1c>U4FfHu9G{pHT*I|TefhlI;paf3nmV;>f_Iv0KH<(COfvVXdD|Y|fiH3%2SVH}
zG3*{n^k;)B-UzNpTAv(Ni>6`J16eKOx-^VRG1uT&B>6FWqp(`o>1B!ln|r@|Haz)|
zw4}NVzJib)${;~+V53p1uq*qY-DdVByeMLo+b^TJWH$yUn#vd{=R!u8x^3B^q-1Wo
zIEU8}7#8l7fVRaLOJ>g%(Nai&v=-dECczl6?B%4C;2B*0Scz_<smT#`6-1}0V8bO=
z@FM6JFpSFthz+Cyji*8MW?vZrbwsB48NsS?aRrO1l}}1tdl50P^8c>{b3b`GU)2^+
z>~xg*^C&WHR4-C;qfWZ8`#?~uM4G4A9-}~q8QlcjwcNn9FR(+5QX8J*rd*(<HUH%S
z6x%Jx+$_-@{RZLE&1xalC#W5z!#2GGN)BSxwv{Urq+M#UAXy`MtfT0ZS+gMJLawAB
zx1A74h*V4P6Z>W}uhx;wQAw_gk`tM?jHr4jkRBFTs1%$i{E+WCQkts_ik&6p+rzSH
z`O*X3HDPV-l7HDpTY|CSC)_yrl98IbJqw`B);gi{XRmca4Z&HIzV5u#`Q7~#{Sl~`
zI-nfKvJUP%n;nYXBWIpo#e2qg9x8Q<NpJbmm@ZSP=?kajQ115VAF(y_B4SyI;CnlI
za|<ikQtK<VLpSunN;0rJwZVDSSd5RZCoo6K22w)0ZBPcKP2rbS(FD1M>Z($n&$k||
z-hLXTyNfSrQKPe^^hz#Zw}YBQjmML0mq0n8uCT4Phq%Z+Eaijj0c2lEJGopu*vg93
zCE+4jh1zuPUN0Xoj2u$d7*i)vW_c3WD#~|kWzQX$+?$D%I-gHDLTvqPcbuLom!djB
z|6hC8yW2*R++T$s4grNFC6c0KS%QObW$9KqS<*@J`Zhs8jL4zI6U8Aoq`f*IKtAOG
zk`H;HyvaRDy8d-n_w<lMNj~2lVjOT@lbq?UuCDrZb=9vBrO5-Bi*|%1@ya*ax*>pZ
z8}QKcB0H=ku7lbEhZ|G5>_m&L?kOb9tIL*HPSOQ^9CL->&&;4J)0LS%6K(g@sATjK
zZT8N(>oB)NWdy?<WW%f$<roN=|8-$<nR*P5pI8sTr5Ef8j!Ga|T|B^68Aw<C*uqq;
z;WDLW378pc4DI96SPJTw(uXhuZK?{b<aF0J;eyb|vbzjOYu3Gv<9G~CA^Sk=6@SZY
z=*jpqmmQi7yd);N6;Wl6V;3sY*F=?XZa<WzH|yjHX(^J_K6BmsP&bBy_YTsrSRN~!
zVQRM5B-g!}?o$zkog{9_CDS=uyT%G)(`G05Y07!yNC%!`Glj_*Xnfd>aubiCak~@T
zA>SUCOO|B>nk%}*4EeC{gqI+EiCjsE=-?-)Z9bErlYaR2y1wMMrQ_y(B9cF5cbM&h
z{L{#n#!T3j=44Izm<-MQyB_Ahmqx%}5`*@H`U+uaT$i&Uyv7{IEyCC0E=ZIDpu$$Z
z!?M*)7WB{IWsc<BvJkI?gPTekb)3t7q<utPy6*h*&E-Wr^6P{U;R1=)R(WOwoQtF=
zCNsL<G~(U)V-C5hdp=CEzl7nyt%oA0D>b>S<pq?w>S5Np`cH6qyRo+czRG6HNx~s!
z<Cm9{$xcX{J=T#?SJrGBwjeCgtbKMculs_sYy-HU$De?P`MeH}W>x3i5g`zS)P<lG
zLb&-t-Kbav-0{_Vqz<P-as>M!##9OO{cQX;PTnRIIDarnlZRNljB*YlGe6JQ#xe>b
zF3C?6uqi$Q1R|=z+;wHYkOh7gvU;=Kt~p#nbZ|eiSw6;gQ{cMotgIe@!VApWT??}!
zlWN#;m*$~<#iS9lgmVCSAW+bf+j;UOoq*cpa5tCD>)bf<fB&b}F29DK^W&JLZjej{
zuoa|$Og(wFgdT<P_>y<1jvvSngnwC1U@7Rv3!<J)?yWjl<^~U8-`OZK8bXUIkWUWz
zgL+u2(b4tEr)Fz+9XNVS9%u(f=GTDRa}i6LAZI3@n~ZJ&bp~K|p1=I4?+fBFO)w@f
zno}OMStk}SMrkHrlP4pUc{ZD&&4ILOk{MFPRNrivlqTMf^YnP&Q`r7|b?PF2vy3{(
z@vuGidt2j`cr84Xi0b3*bi09T$^Y`<_;^c<q1TR$ipboH=Th91DC>YhU>t9s1x+Ce
z@#}trH_FC=83-&5J377+9)#3YJ4QBDsCi;lcNmi8SvY=9rDi*;Xm(I0-vM4Ry<`BZ
zRMCYk0z(-G(}9X5(pyL+F>Apgmt^WvRU@_>en-U;jKEa7pghM0qim>1V$1xEzCRYe
zv?u*lI;l07H{rWlyS4rHEi`2&52}^b=L0rAFZDV{JN;7G1p1m&H>g2yH8*B$$YIc2
zBEP=oYJWJIaP@4Uz<x{_>5N6ov~xF-{hDwu3Z<Hg%WwtSRee{hHbf~!wy|C{`*4t=
zGi;zpHZvhF9QNIVtV-wv(qnU8TrQxBj@v__5yrr=HL9}9lsFIBK$9k*Sw_9k^l<z@
zr->On8nWOWOw{A`X2dJ0cE%6p@knmw5+kKc5)AGK^Qj#>fHbZp^}3(JrmBtYzVTb!
zSg#7L2ivs_q6;}fPTCgCi?D8U$li!6wbN+GF0eJJ9OQEH*bz^IWr;356%_tRN_$Jz
z3P&&&4B@R%3o8NyjUZOogt_??;bp|D!%ZpbLL+>*8@v53g(6`!3ra*$$Ca<y>@D^s
z-aCw`yU1!OWE*hKqb&Z;AjQm0Om`4BgDKx0V&N?T(QI7zT%mi!VT>Q2m(coVyW`-n
z!e-Y9_pVQV-)yxzh~osV_ULuhu`!S*qdp&sD1Uet0i7i%Sz0RFJMOz=`p{Rw9eY;_
zA2h}Gp^%zpS`V?*RX?a`G2|?K7u1DKp7=xiyuuLb#Kc`T7C)ZsHBRXr|76q%x=P|t
zg<?Q{xgywTV~mbNA$qsp`=wguD%M{CX#}-USJIF(F3ib#TY;F82hWm$Trn)(8jT@J
zZA>eifd?E7^TqZZf`dKX>@HZ)uz!fh=j+;?6ZO8Cjd<HY?Q|%Rw*NCCl0pvycIi*)
z+yI>nib|L@ojT{<T%QW1yLW+&cD-p6v}{KAADZx!<}Jy{cr76U71aM%9X_lU)AQCM
z%xDW6;CY=73tL)l>w^#a?JbU0$SEkO^XE0Hxd5ibg`oujpM@QFyaWu`5;Ai3miyhF
zL1eAgmWJN+4kIMA7pM@`OT^;%kVj%W#L~D_McDDjo7>9|Z0>`Bzw7LoAvQv3y(>sB
zQu}3#`2+J%TJjX>AcJbAHJmB;^Ad0?fzFaFO_|)-+x6bvcv+69REgS<r0WxCOHBd$
z<HrP8iLahmdmyxoM$NwjUr}tu%Fs8089xT^EQ?~=yi%K}3*v>OQtWUZti<}%P)WiJ
zchOj1{ae(sM9-Cy#bO{#9(04;dCyr>evI66C53Sm6RUiyZOOJ=v5~awye`~iI^}2t
z%iXYyWZ|Nq&44U#bOhn>P<Xi~T`2^WTk0V5S}~?R7x(SfJ|qudhy-Cp?w7l3!Cg2N
z<QVd9nXlq*_NZhn*1|w4$K%c^JIiSaCc~BNb~?4Qi=TVvXYczz_AY+c?;Rgse!RF{
zmGWurAYJLw>xwER00=^8JOn&2CW^}&x0j{iM72^B$;2ZAg`yrl9L<v@s1yZXj5RRl
z1!`4J<El{Bw62;7Fkvj;)1|KXd7if92;z>3bWBD{tjN>@Nj0=oiv+W=lF71VBa!`W
zTq^U#v?H%U>wtH)J@Dpy=M3AWNtcR?h!RJXjH6z3spN{DYnRt%wdnNVt%RKoWvMb4
z`TK;B@ervO8}scxWsceiD%4n*1A2)?p^Sas8QQLo=z%OhfW1^?*N=Tr@oM@$%X0g(
zeh8O1>x}<2JLXTbySuyFJm_}2%{}!;h*PZwpehw^IZ?mz`((y}&F>2mQS*x+u|yi{
zX#&0hKm^lMmb+O3!pM$e3@DG9EyRu2u%Uop+8!7vJ={@7DE2$r$Mz@@4Ix4W0j2_&
zDK8N`4)6wmm^c)I<$M$Zl+i2gg|sZRcyR5Ks4m}3BMJ5tUu+x?b#^ja5XS$4%5_)`
zyk~Z<W~a>0tf)_yit+g3P=rn#)YvwTM!^=ud1RNxu?L&&PI5sD%Io-QxC|u$Fd?rF
z%Rq3U{VG8!D`c}8ixCNvICMBf8{7He?BeXh#}B~4)Vn?TaB^{Lo_J23mB}_VYNsF1
z&*fj&6QugFI&E@FS^HDWXLS2sP@GS5N;SWTyK2ef-T3n|TUvAvF)YZeK)B9L3RfU6
z#nxH@d%am3kK+bnVJyy;m=DO0B*I+f@F7YDQoo<<bZ4>k`ioVFe`7S&acF8qaBqFU
z`0o=DRSc@dk&%SJ<P|G|ISy?ERV?8t-NOwG3)--R_{IpJ_;~TVi_1?J{o7xzPE=XL
zW`QQB{&3f_T;xK}AoQXJ`6<HvR{=*F9{PK;a{0BF;8%h^K=RWeGt(p<Z8Y~-9T8ip
zlR+I#{th+ZdNjKioJx|rLLLMQ`+6CrZ&73sOTb_4Ax&qFXqQuq0bG=?4Aq7g7e-fh
z(@0h`AXN#S`60eF977T>^9D@KQEi&vAVFv0RajGQ6jxY-dEk<%8AO3~gnI02fcfUw
z9{i+Gi#;q^70cx9#SWnC+u|~8eP}*hL@$TdvSWse6JZDN>p2iLxh)?M-rJagtZbl?
zC^b@`t&(`06#5}Pbn8d4HMqKBziv|$${@i!wRX@GpF;sq2sq7?kqcZv#^!wa0xrzg
zinw`li%?*0ionWfGG&l_Gl8{V2G$;8Q&>Lj_zt-)^)=v`gU?jG(kdpQH1G{I18;yB
ziVDw`#v4=3R@oRDcoN68Tr|z&nlfy49ziwwquH5FEZ%m<7ljAm6Vc;1>a!1~7=8uR
zcTn*b79(skzDf;dhmE;|Xxw9lsY=N-5c%IS(vwhDpkUtRs&GvDmt~#3{|AKM8W64p
zf;a+PgZK8v(_cz!qh%g)OIpVkS`-Pfq(sp~cuDCy<fb`AE%2e1%?^{+iN%Q6s|CK+
z!qdnFDx%=JczeuC`BlYy*dWHNo*xNY0gGOA^J&o_XQ!dW{IC(DJg`!+>9uQhu)9Q>
z5ue?!<oA7LF~;II@N>j<<?~#Nr|Ehw3nnS_;eh=LQ95z|7z?s(ytF>L_uHN;;v1Tl
zh)W(rxg`zTNgWfoz?q5bl;SZn%4A6NkdSd_Pf?(`mF-60OI=;AZ&gY4wmjyrYQU>g
zc*kcP|2*c8WEJ^^?XBmbO6UPW<<(vqoGoYs@V?{tkE}OLrsJ7px7|IlT}FyMBmQ^6
zh6-Kvr}XYV%N|^2m^nZ`&N73u2T%Qn^oj00zjSMLt`Jk5Z7P(snwi>$IuPTgm)Y=E
z__9RG-OL*mmyBx_V9D3!<NU$ZY+@d>Iv}{m8WU;+WIW6(q?}z`-kzN{TkVny#tSu9
zgI_;`ZxDKq1yRPp><es)cE+JNj#T?9sM;ysF)Co^6l0h+MPStKg@b&RowBXnw64Qj
z#vNJ4Xm@(sm)<tFVc-KvyR$iFiTEr)J9uz{n<S4>0aaNsAL5~l5I}e>zewhv(*;)p
zxsmc!B>!e&U@Z4T0*_D4>`ISRc}Pe@RJ>m^tHhRGJ2)<fIxT0nY%WEXjN~gXh>KR}
z(ga8a;GxJh5(zrIbxZh9^UnNfb_at&^I$j}HdFOS+`E&~JL&KtXD#HUmG80m_)BLO
z{od7;e8z#7KKNgGicL`;6UEWfwtPE>$|56U`>4~)kk<vUo1Z2^MM^fd(b+<dfl%_;
zCV(VmZHf+J?2eLyz0rQRx%a01rrF)w?=<grM}uZ(@OFQ9w7;K>lKpTjV{V$4=62We
zs@AcwL^gfb<vI}9JZj$;X+>0R9$%+2iHOzUFo@ID%D_y+_6~7KTWTU4jG;KV10#~?
zkyK>lS}5lA&7`?pj)w*QJQum4c<7#*qzVXzL@%qb3wURyVpO)*578~|$Ma#J<9^F8
z7!tTBzH+2>sI|?p=pp54?cXJD?he|m=G$R1Y_{9OcJrWh*KM|1gI0Gm?C!P(2ZagC
zllT=~LW?qGn1FdJj^z2%7A;aVDToF&`?opQ7;j=$)>CF*B<_YYSa!5<$OGPqa=9!3
zh~(JXO_727V1?bTv43O0Rqk7gi5kL+TdSJ<NV-``1DE$7ug=eojkW2cpM}4kU0%?I
zQR(DRv`epLSo$lx5<Ar`#xL`P0*<7INx{HKuDD$ijVFUP^8U6a0!Qmg=o-(td#-CO
zVghj|R*xDA@PU|kPpjVEl-0Y;ZIBfuNvae+ojP+t7Mfe6mFwe$8I|^cA8}~y`J9di
z+Z`WRQK54WpU?8kWAVoQweiL%()B`)ysAeIkeAJ{B-HpR1iT7`=%$ryxdLa~s9pYi
za@{{a`*3#qe6Wp&H_>2)a!Q7>;#xV9`sY&pY;R2?QEV$<eh7Ukl1CO5WcyJXps`1u
zrW?bMjnV>~DMRcPJNPhK?`(k99e4%Yp3cqY;)`l~a{1z7B@*vPOF7Q%e>%Ck>v*sK
zp`13nTYg*vZ9XJ#p?7|AeT%n*MB^8%39@&&_NcV2x!vhTHQHX=vLtuCIM*EmVvwK9
zN`(6wJsG!!Bh>8SdB*P{tPko{^xGY6IqjUc!_J^HygO)ilJ20{9d$;{q<y#7Y>(g{
z-lT6w?N)({UCM%uOvh$a)`%;_9@>Z*#?>8TB_G%aK!drn7(b@mhh4xb4qf7gIPxQi
zfKXyQo=>x>D&TbGvafeIK$erT6G9cad8dMciIS7R$%o$Ac}4J#a$)wT;z0n80F6-c
z@BU%3I097qrQ7V`H4IS|%B^;(dIoS?^$_(sXEHb$Vap4HmD=j^nJL*KL^gghR^Z|r
z;vJB?%}OfBBVZKop=X8Vjhga!Aoj?1$F7F+547XTW%eV;?8phML@Z%L(NHYA-%u=j
zIuaWmC@PDDdlwnOpj;%KREXYzz+#>cvU$3-PGrZ`M7D25M$L9&NViocq-ctzv-r{Q
z^vfg@Y~Y#*2*4tSs?f-+70&x=!a4AT^X7Gh^Y#@rM&y8`N=(YSRthK8qyS~=S`2Sr
zRSeaeH|u~^xlJcRmZ*^-Y!aMoJZ7Q8%G<qD7?I2D+mW?YV9JY91p8b5Ij-F1h=fd8
z-tfCJ{2)zK>leZWn=%8p^vD)_2$vek;30(`BvXApPUd%GvytG$gP2!%YM=;E@w7tH
zFWh*1o)UwNo#c@Z5N%BmEA9Hl|K4XRwO+9%rf_<^>iq&M)Bx_!zBFq+z3zQ{-#<O?
z{Z=1(3MZnnl#aqVOTYxdYCse_pL*99XBWTSIlex-HHX*pm)~9lVPpTD<>x3qDWzPR
zMVd03kBy!z)cv)(&%g{qIfA;Q6aNDqsJN*+G>m$2?^8ZG#VD#?=j4<ogL{<-$717r
z6N-6FC9H1GRmH;;7-?$dyzchqFL&};c~8Lyn(usO0UF)_Z%R;Iu6_@-{nvX_&^|@{
z<8WU(E8rt6yq`^=KfE!GL_JJvUU{8v)&qT}Pu8c1b?&=I?t9GvfuTdeWy}5XbMU{L
zk3VWQQWeqs8VJvb{q+XES3YpDsue-?Gm-SONB*WTazPlu{S(+qm5sd~0Y4x1s#@9A
z7`NKU2jD)8^%Wrd)tI!;*r2j1jC}!itu&Xao89*ad5r=ByfrAr#HpJ~dDX4yUx-Y5
zs>&oB4x4Y#6!RmN`j+4DNcZ+s!im95;&&4xrqbLcwo2Y@YXux-6gr-A!I8q2cJRio
zr<h)4`z#^uFmoQlvG2&LRiuB@UmMD_lZs%>Kv_gl%8=tp=j5<<o*58R`}2SPSM6+S
zmJ{5o<{N_#Br4+5kfq5S?@BPU(4$F%bcWJ&U`Q4(=7&Oxtj!97-k4(^%+P<W03^#-
z2~E(rEs>Gncv|?0ft!m=r5%Q`dOCE>Q_VjL+;isfOzq_uKJ;_HjPo%=6HWpp*7@>O
zn<m~yq@Chrking1Eh4P(W^v%@Ntjd2JfV6#Tv17hxD39?Ug-Gysx>T4lk^r>ZpkDv
zJx?d;mt?vi?vpvxPHw>WF^3|Y1$L2KP(cBTe{2uNv@e0C4KxOftFY;qum50#+3NmN
z`fCD3E>Oo)+c9T^`~jKp&<DVF|C-H*<OlAl!8rG74Quj^kuX2Wbu~U3#9Nio3Qx$F
zBeSuw=EEhhGI1^uDCdumw_&N|>XviA+X51Vn~$fbXUAu7v^)KH@&1PF+wHyU9Zzji
zx%(6s6|0Br){cAE@B3#Lz2n=npHGN){+P;8U@L*jr!GqD7fo{xu|@hwZw=?D37P^g
z@CiL-06yb$CzI;eDwuTa(r=-=6Fr^|LD1j$UC9zsJJI+u#`0e~w$%yGsjub)3mMD{
zp3ek`W}`#mU*GF(<LKtsqz`-hqF9}ND3S)Wp+|-xd@7w$kFbSvo$cK&oGw6l%$ugk
zqr~a(#CDvGMrm5RxzA=U>xjQ=^PX-`Zf-xETp#}g&2IMW_XY#(Vb5RMJFt~0-au4j
z@am&^M(^fCzGiTz@%q?tm%m{QmsRvIVd$mUTn`FPY;cUSJFd?=4%NlT9cNaRH}yqJ
z2X6%BLV6&?l8bDZJk@?Nf0`dYG~XjUh8l)--vFoo4${Wcc_07Y*(=HLE;}4VM3w*R
zzj56q`a{_Am_bR&u<RJ%ZBk_cf0tIPiCM|;VG;gTA~<4ZVC+O=#?^IW|9YQdygqTA
zcg@ZMH_TlH4!p}2*Pd7TC;CDC?kRZjmYVgwB8siPV+co-Y&}&j*mUKBs3c~h`5>F6
zo2!^>@QPeqzCk9^ifE$=>`zH|O{3+cR>v$@x@N_2F5vy@*QFbnvv?wpzYvYWW^Cx4
z*xA|)SFCv<Xd-dgTCP9nGnGF2&7A=n`4CX53FGGnV(xTs)U_Xy?0qY9E?_LKf<1aY
z>#(r5-A0An+wRc5%xiD|{2%|_ZmlO_B{j-9bp@uLufor(&H>0#93p?4S4Q=7Q#iZa
zK-Wtkod}qT%@!N3C;~JKM-1^vNUKdN*5DLN#kr9Yu8zJ*jie0Oo8!c!iFpYh|6rS@
z6N1ibkC_orHm5Q+gR&qXx3&|jdncFt;^7u$g9+%9()4+R_XWn*%Nf#fsmEsK6mIJl
zgBW{M4h=dFMGgdTEV?!@z&ir~Gdzyh@*M|@!EL98B790?dL=|p<z~~csLexdFzg6!
z<j917zUhyL-eDmI%srT3AvM<hBk0y$>6v%KJk9(EFR@z^JQ$cy4tI7ywLr6qBm$E5
z#WS_-L8nyh$}!_YhP|jyDt84%csQ2yC|78S%c~a<FnX=7bP*F{a4`wo(up>BEP`WR
zb{^m+T?R{lzBG|VgukZ|ek2RrW2R8*Kn15c#7M^Z{ffO(ZC(5%VD$v!)Tg=fwC12*
zcdw!Y*yYv91)bDx7Rh{pVU85~i0n`W7hOWpI=kP>iu1{EH2xJsWYb~xRgSW|EzX4T
zIvL1CoHS&W2D6hVUM+aDB$-LKI8VR6-x=o3_QBf~N0?jq#dxve_;TI5xH-FRwb~^|
zmu|b=e(}-e(+#<jh3!xt1K)e@cp2;)d%$Gkim+jV)C^3Ucn6O-{y2kl;brQyM=Y&Y
zH(yshPGd{$F`t_S&)KOG{tmcoc}quhks<?#^<6V;-7VBkG79N=2nvReb51!i-hNI@
z9V7E-vlSY0)<&Gqzm%Ts9+1b>>_Eg+IZFtSLO9e`fv0VaAQdKnudnldf&Vc3_Hl-J
zw#MgEe*W<UD3*MAJ3HX5-Ga1KEdTNO<;}@^+#?1!%C^Knb@i}F5w%qID4fNdXtPyE
zn?zZ-6wl9<2>_4DkV~B*NL0#c)K_8rtp=qRm6$cJ&4G{3OO}+PD@LEE%h_SvoO72R
z=r@@{Ggk9mu*b-cN0h?Y_pDGez7hI1Z?5%R@4Z^jY=$uaN34Z69w1!^HQV}b2*qVR
zth%lMFwbMiZWUNRou}!aI9doeU5+Xteiye;h!}Efap;;&@tKwM9pwMqet_+8I?w)O
z;MyHz|K>i5q@xG?b!FDPAL~(L3ETHsU~j3WRkMX$Xtp^U+=fs`IKXw`_`=kFaD=<M
ze^nW#FEH-%()dtQJf%c<d7h#y4B}-KeH^dhd%!3}bjXFZl{$1SQoL*00LDA)u2R_v
z*hOe53Xttq*lh3Z-322}71L(Q<nY!4zNmR|!Kg&xx;skjzzJz?hqKS^sik*$wwR%x
zyXxH@|5S^$jaNa+UOdvz$A~<$6kH&f#bQ3bTP{REyeT+fk9Bjc&TC`o{g+^Adc_(!
zYzhP$yqt`yND6|xpe3IdEgsPhaj2`I7fR@IA#S~I6LewOFK@55N@B~qet@)7C3_<M
z+Ake7g_=cc!$#y?#~t=v(Dj}$>yfq#eCAB15)tkBBI?Fc8Fq`Q44!2vM55JG{JeK<
zdg}J*X;bgEB$ZyQBD#^3`&S{1tz+qgXa<okRMcJywo*huuP~V&6#`B`3)U##v$I@W
z^<$`MdK^qp0+H^GbxH0S{Wc?QzpaQILTYfgX_>Loq152|uA>mzjNCO=ZuSNH95ddS
z`0bFFE*|RTRcx%@nGJ6zLLDi(efmnnVh?N>p}nZjKx`(Z^Ph|EGp5KIxl-djSai5)
z9YPqH&6;JotFK)5ExMam_p6@IXY;~00J1yoo`U`OoN)90b_Y6f!(g{K>!fW^kB&yy
z2}3cNFn{aqS`>`B0>6YYv!6GXgq>nc)(tJ+Re<+8g}@wvCvz-V82M)t^UykrX3K-Y
zQ0;$pc7gw975GQWw_Y8hp5uE+eF`rVtSczaW}{eS3NJM;-+^tgh@oFS5^j7DM6C%Q
z+B{M|znNj=6dJ6MUqUZ7?o!p-l>*oTZ83}5%`*3d0Fca~Wh5#^t_jbA2Y?o<AQwUi
z(WICp$SO=v$!4}=W+}{N={*a}0%9zJ*oxp)GcHJnH1qQxdE!RXkLkq9PRvhU4iK|I
zRA%2Jh$@tIi2TgI?8r@^1ZhBK_PPUbNC6Mq9BK3S>ziKlvUhT2elnOp&0I50B#SZD
zX=Vmg=kCv#C^DNs)qMKvLeAE&ja}co9J|UZLg!Cgw+XuXtQ&pUVmf|!ZeAolXOiTL
zK4wJrjbiW@I<3xrv(;_3+PCe_VXI~S_b)3k!!uAS@2bA%9PvNWMbf|w*Zy?*c*lK_
zQ9@A-s{390z#?sVYUwE=oRy5K+3l!6C72b6_F)Ruj>~`I`zjrf@yZ&nKE{`AhPMwi
zNW_p9Gnr2?bz+_;{VYjmeXGWG2h-S_(kVoc+@`-Yu!paZp?1RwV%=E;_e^<vij_L|
zf{MyAm@bwP;B&DVn32B%#))EWa^?XR-Ibywa8%3hwL~^X!*fXWT8X>F8`eD!0x2<2
z0+dVG7GW1BdytF3yo^KbWXJ@dyW+WKia&)_t{BmVZ|J^ImgpkK%u6=)GQ3z0266}b
z->Yspwc#q^NTxSo+ky=Y0#HLae7R}^7QAgy(+&e2D@~{Xlp;DN$@<Q;5N(~-H?G5J
zSOMbzC9nHF`9f}w+Hzn^@5%U?Y1#YRG@<?Nt|VM{s-s%v>q$i;a#@XGIcM2%9soe)
ztoM|ty^ST=fqUToC{1k-XD(6V{6s8ja?dcDyFPf!M3a)*qI<FgSq9P?o!;4S9D^>!
z8G*(efaTl{x&bk3=D?I;yDGlP(+UPcYb&7d-eXcLh6|#VdWc>N^vkY=CzB0(P1a*c
z(mEg1EByCvGAykHrqa2#gfjoW(a-s3$j6Y?^JKwo$-g0JEzgbcr~o~26q!bng(nsO
zz;|itVCB$DL+;itE^qs%mme?QZ^hy0-~}!0$%qiA(>rAH02*P;pEF|s(=$v*$#Swl
znvd5;ss}GdsxO-MhTs*YB9wMYG%pI6>YQEsIWC0V8gArh!eXI59eONzN;14-*z0em
z*z@u&4U$S8D0{GEKyTLl-ruz)PdQlkl*jRO{J1o5l-YELjH}H5mx_z=PW_bD(h|~h
z`l&M1*^ItV%4SiHyH^G^GOmCABzx%U{pqs`-E;z~t1{!W`+}2Gz**BK<*pC(QS%l%
zO<3X-GluFr6?Ty4zWlJEpDXUWF{*m=)w2PL)>vt>3kwhT0FiZU*hQqO=l5)hcnb>K
zUhQi(e=y_7q)9A)E>j_ane$OjjdSt8Mf8+w<krsq%Dc|D3x(?qUz0_tqf;B>gCTOL
z7i0(1Qt)+f=z4Bjvv%!9;}E~-P$1U&>+^7#C@mdtb~j$LRR|0_bqJ?4VlUEpOEYbY
zDXB}`RwU6r)(E&1e?2A-6iakm-%-%@56LXckL>F~v1tVKfnU3_awz41O(>ULIU8gd
z+$95`$#Yrswhj5C*^pJDjiuP^ZTP`W(D*D4$GE3V*xR8Dt~s?E20Z>7wQ~L*z-&eT
zGrZzMs09oVMjG@lJT)@DG4}!h!Ty|J+K(sam!JCFK!z)6S2fP?*c#$pG#tkr2KmG4
zGgeTCnYk-xtjC79tGuB=wb#-!Xt&`JZs#fVcQy7C)S23Pe1o9n+m}GW`X%~l;QOC*
zAA)N5kh>DREUYBMGv3)8XrPm*dAx1ck->E!hXn&_hN?|7Hc1jFbdSKsu^YGDfQOUr
zHc=~)ubHL}=EdLg#0nxN?<J*aQ5@^vdh0F<5sd18*&k;Vlm=XK(H8X3{`L3ZD|9m?
zNSMZ(2jo&7rHg@OKD2#U>ZpIx*OW~d2?uN{;J(EeZkJt848AHLuxdSpZI~)jrewW^
zyY}*9c%X}iHSW-?x^|E^c+%{t@TKX%%!J7D(VlS+Pp}IG27dN&$QlLtf&&=fgj3-y
zGIrN-P`P$}^J*1Tc58%C)o)`P(U%Q8Re9u1+$ypUQBx<$R+Ug(iOuImUXXN|At^*H
zo#ZKY<vOBlJWz*0I!)%|j97IG&jXDCHfjnTGnA2byLv;}{xh%HN|&Of^pfgr*RDd~
z=a3h5SakhjSFKfSoyu{jz1=;uQTo6sV$?*I&U1!%ttxeBXn^&{r8pE_BVRG|?W*;u
zLc$vH$#85SCoXt0(ri1tz%H^oFiqEBp5=KnA1_>mqZz_yb3k2(GU-KpZ|siBk{#}v
zy>SANXMA{*Hz0M7_@K#r!2yWRQC8O66butH+$Y=;tqkb4TLrQ(o5)$#QLMOCx8e&P
zWPe&#de(s>M~CrL)CU_e4)57z94=X<w1n|5gM{h2X{C+wf|-x0k(K>5=L;9yLGjvM
zwSIF~;hxA;?{+>s-DTMV_~d6b28F6wovc|dwS-Gi7aSFsvdNA4%-ACekh*4wb`gvX
zNo;?$!w@A=AKk|^U0@)h_M5h3|5;t2{#vV>9lZ<!w_7iPz+uPPPym{2Zj(lBT0*ag
zBOMZ6L{@9l=q%KHe>%JU>GI=k%z9Qwq^vA~0a#Ux41o2rg8pOdP`W^R3QndF$wbBr
zvYt|OF*j0#dYi}eF`KJibNb=qJZP{;b7r!pF?Tz;PHnRfj9|W0;=POao}>@)YlD0~
zYOcF|f8&dNzvLirQ2w<l&@K+^{3gZgG!T#33u-@-OmJPK2bQO0v=APDER$WaFenRR
zgShbKdRW<`OrN4iNcgM$uz+qXql(588kX7xoYBQO0F12sheiCL*N=b*QRk1w8wfBE
z`bfMFw3lZtIja<<yM-!jMk`c``q<msKpv1z_id;M4z}C1i_`07YmWwZWg(+r>b<p?
zx@SgM3Me@wWbBceyfG;;Tv<TSJ9)nN$NvLRO9KQ7000000ETLvTmS$70000000000
z00{s90C;RKbZBL5WiL=m0|W{H000O8hH9N$cAGHYAqD^d86N-u6951Jcx*3pXk~3>
zFLY>SZDlbocx`O$Sxs--HW<F|R}i|l@|RL4s8hs_-EM8#AaOhNNK3TDh7tvmPU73p
z9tR8<)(yK1*lmYlTY(nXrTaD6I&2-#zpz)<hbfzCoF?5+AUQZ9^*rwv-}fbHU%zo2
zGIU6Uq&(_a^{X`tk;vs9jr@*ve>k|(wvbdf@-X8O=~z=Dts9#kUB??LAR$3OkK_jK
zSb<XUhHXn1rm?)rV-mr;F&80LFciM+348=%LuNN>wKY4$G_p{HLy&rJJf<!|!$hRD
ziE`<E1|N}<vl*9(eRrl)=cH)wpg#LAr?STcI>fAFfi9094au>x5W`Zzi;h*B{aH4k
z?KzF9D!N7;%>Hs}PVo*JDOLERf?FT7)~{{PwKOs<257(E@Ad0*sVM}zF8EzvhPMXo
zdbg0Q!_sGihF;C7wH7G4mgX{Lz1!_N>t#w)qqLSO?b=#vt5K%3G>T*JrMuPZt(7T`
zMp;{?46d!OwH7ETEMPP`SSBQ^JzumrXw2CyGouZRc99_(&el>elM$)Pj12K3E(U-|
zmmVt`AvKN37`uS%;cz4<o@v1w1Z%IdIae;vB?^&r1&vk5`Xt6sK6A{Qmp{FE`5e7@
z`RwHJi<8H{o;-PS^7t1M^A?VLo%#BQFaP=OGxYcK?_WRtx`H5e!XH0>{`+rVRUnm)
zeD%$<KVLk1_3amb{rJ>`-x7GF<A*dP65S<7Xpe{BpGgH7i8E4$0j4Di4ghLG_Ek_q
z-koA*1a?U|h7Sa^3nTL8<Wb4q{Xk3<H6d>YVF|gzIqPy^_UU$_PWNdN`4#%bL<jC+
zd}vhPTUh1(B!=9kMxnicluX@au<+O?5m6|4#}5cG@g7oIiti3}1($rR&_jy4n3@AK
zq$6c!-J&5Z(9~!nta>RzI}cEoGoylSa#)5!g<xhBN?0kHH}OQ_&}=mhnGU^!RbVu9
ze=6Kk;H82^_X*>u?-41Dq<dmoGWj-!Hf7F$9X1WiP@(975qbx6u0yx^K`+2zY_^+5
zfe!vy9ze!ow9A#*4qmRAWDE;}qw1A^K#4kIvEQeDU{03g%|sY$gz$2WPT3ffDBlFi
zy*#ARTRS_W(AqCM`$A{mg6+;&QH%Y&68M33@ohYbb_rC<WfQ+_;+IYQZ594LTDR7$
zZT-leN(!qF@MFr@zM3*}N2Z-#f}7p|X4BD(SKJ!n03LItWu!0gY=8t;pHda<2RH^@
z^;C^7bNRkRF_&;<v8olMS7QqP&nBJXG7EUDcDR?$H%qtNLQ*>PWl3E#5wg0<=C$*y
ztf$zOb=I8<oz7`GZ9TwHTL>p#Yt+{osRfWlm=P~oj7&(rSnqq~>NS1o0_+jfyyk1Y
z`TpYToY9txi+jxwciT{VELs?%qmH%iG#m@LIPO?uIEKMv7=uiiG$_pcsAIV*^L2&V
zUG#pvBI)Wir`q|lo>)k=jb)G$XYYzHdLqq{hSN%da#5ZbyU?n(G~4z6-4=Uk!O3_`
zTvautjq|sBqKMcJydyMX6S0TEgI1b)9+j|dH1dIf^lxQZSuXRufEK?_$}0=AIKWv!
zwDpuo3F)A)BOU5S+EqThvro+n^~t&PDc|{BI1@L$*|Q4=1%XkL!X1kX6>w->aX{UH
zfU`xa5$r=yI*DnBC10y2Hj_iG-KA2p?&t?<kNQYZXpt%qgzT!!<J08T8>L-07nQfB
zxz#ex9!BJluwhc@Ye_IH6y)tEk4lPMT1eYigd>0O0UVQB@4S!A)wRyHrMC3lL)%o=
z&u__UySt{eQQ>~WdCN|=yp6|j^+Cx8>;P1_OgkqJ`5t5jDvlBea`j3(E7oFi1h%(z
zKNDg9?Xjy}l?fMqde!3Jtcw4sO3xF2#}Iz!)acuWnzprzQaW7zagL83fd$)e37fEN
zO2#nEo_0m*{)l_i{F%wLmt=t{HV78&kujp)ak1nJQO<t#njabVGCfHs3T|^1ZpP3y
zrh?yCg<o(s^NVT0pWQr-GMJ`6Wn>vJZ?*H-vFO}UT*;G)D4O$p^(d~ig6|YXb$n_R
z^Vr$O{3ORp;9mZV9;CXhCHLmPP)h>@3IG5A2mpp^om>SwfL?Y200099000dD004Mw
zFLQKxY-MvUcx`N@lwEI|FcgOG_bV*lQv(ewiGXTpid3naDm9aK>wrnD`U4r$kxl#W
zI|dRGb=s!(%EzydpY!@Nx#^@pFU&Mts}u)UK1NIxy5wq?;;)<Bn`6{is!A%fVkthb
z2H#{KlExkcd)hN*5fD_9;=Q%?l8~m@GfA5(T{8tEl{S)E=$ajAYQt#RxJgow(D!2^
zDOY$PEM@UO5J}B*TYH6;HMM-p1-FNug^?_l_dBHx-3oBp1v6TpE{IKdtk6rZib!4<
z-RR0*0hH*f;stx{bwL({7841uZzBZ}@xx)^SyE|b8&v34S=fD`JBQ0>rN67(4LNbh
z%9270ZIFdh%*h0FD!DkI7b;R5I-xhh20?PzieCIN2thwb(PP3b6?|*B6Uk7aZyMlo
zAx^GBJP26=8*Z6VIdsq%Zw@t>QE)W|OrQ6U?46;9AdEYw_J#M#-K^k4p>w`H)=2G4
znA*zO_Ws+tt-I9nE=1jUp`&SeH`BG%SuVYYF@am{$mHGY@2}!63s<~)D(2R2qoV~M
z@4o6+l#n{iXj~%me~#IP`@OEQr6=td{&o`oGP&!H=dvH&)zV2$3vy4lK7GaC))-kf
z`Fh=zUB`<eStV3gXK259W-{ZE=D#yu_fCD7^7Tag7TL|qejJ<|BCuO(&1U}Ix6xOm
z<~^EUzPi8rYph&ValPsHwCg&b#4cvNb=`dXYSmo*KNt4@E&Y~t|6|(mcD4zr$_l4@
zx@FJW`$l!0w`%@d_y54Ro!?z0e$QWY;QOa+`wwY`bE`l9u=?~#gX8+goKo?p7iWHd
z(YwFJzbU~;URQUzPr*^WxB2HnEmU6oOBH-lA(ZlK-{$+U1d6?7l#-tuP?TR#jMg$r
z=D9twk&%HxnVEq>0GN*9$`T6-KuLM-B**;Q20X3re~Y%g>wU9Mqs<{KaEW$R#zh9t
z-NxFNHwHu+xm@%3_FCP#<MkTrx8FSMZ0eV-$osbTbX8AEv%c%b6RvIdT2B3n)r{Nr
zUEJQqjb|T|xXrXj4JvtG%(wO}JbXe-)0=ai*F}SJZ_Se?H<)xU-B|7^o5Vfm)Q-su
z*R4IcJHamMi;n*1KT(h7T?~(iEeT#=p{7^;@BRg?8IApM+uQY?W|rPAJty_x%j91t
zXGv&Wne+FKbcxrwb}iQ23pFmM+2?9o>R&z9a5$9fnyH18s=f3p#>5*prE*l(R>ghG
zusG85=KYqf-V^sSK5Pi?l3T=j{!xat*y1wT!YlioYL>H2^gOxJ^3=}qb#JHYxj73x
zce89%sqNdb_05ENuT5S4u@@Su%Sj&TDK!2d8vnyD{+D*O=q<jQs0DMb2v^*A_+ajp
z#b4ilxs-cY)?l7l&ApJ>Y)WA-1DA=<kb0%K(9QfuIPVYHF!l4-4;JvRKR)~V(XUGX
z=RJQcIj732Zr=8P@b)gGA$z;pbY>hdx*h|I9zo>jO3p7z1;<y=X}`k;0((A-PJF*|
zvPh`F(v>VL)U^}?Sstam$<3a1W7=NTv-cm{%-XU@J<r;D^W$2JXqnSWKNw#x2`d)z
zR}yM?6y>pX?&R&j@gwC%=VdI~Tbe9a9-Qb}H@R?fQSQT|z=0#x9S5W}rxzKkTf0mS
zdi8_P>zP{ILYtizx23#TcsJ<qk9oO`YJnz;RTYGJBy)M3jV&hK3;J;Il1$D;DGtAd
z4MHMTQvOL+S%Nt)*NJU8Gjr3F2<aVKwiBCwy?COqW>r>@Z}iId_RHi~KfhjfC16!r
zsEo%v&Ur=LJX_D+zY_P-EA@-c^$!{w8}|5qU)X==;cID&vX_iMA{ritNqs4Qb)vh)
z{<z#Lujq$1)s3^f4O`Z3D|PQZ(cEMi^RqZ#rK7#-%~$=YUw6MvV-Wl?cgbBg|1-b8
ze9YXdQYoam*<cs%<lm(>zLPb2C!b&Ty!+S14R7RsZhw4o!Tk4+;?e7Xh#c32k-*3(
z1V#owqz)+0FUn5J&(8)$Meii<{6hvj$KU@J34Aw!O(I8B_tF;MM@EWo3;9=iD}M@_
z^y$a9V(z&ng%5>}`~CTR-*4LL$rqn6C~Bp1pE@q7ny_^Bl)Iu|e!s5$;^OIZD9p*4
zo7L8N$?8vul_iP$OY{5<?jLJ1)BHJSqlUDBQr}$mZuPC)ZYm{*`&{K6LN+pbxNY{F
zc6O%VsY~37{ND{?VzoKf`)y;(+2z2LF)^SvXG%Zw*%Q?TZY{O1-7iV@cdWgnHMd$r
z)$Q5qxuuRdre(E{`k5uSn`bOeDY$qwvuDNX6SM0ok6G;B5~G*B^x<=(Ql&lr1(vN|
zq<K+k*>*406<l4WTdfc6cgXnbz1qa;{N)_4$e-VZW;<xDa9w>_e3jITAIm;R9<x-9
zFmk-XQY!GN=b_&AaPjrizP#S`>RiWL(b_V>d;c3+-Z{Fqes&Puc_=$E_N*0`v_Vit
zr;*j=WHFoBI=`fwPka&&@MdHZVE}akA(>+0?E{>kc=*5q>D>V(kU+F^eqKpxUP*jN
zWkG6jEGT9W24I$z!1^2tK*eDf(AfB*)ErQ;iE8Pm`JT640#$eeBcB_l1x&Al>(K-0
zL}<jc3|Qzw0m!lgK%;;iSbQ2leOw3tX?O_HfZc&DDjUN<4%`V;Bn8z3p*Von0_}ll
zLr$>--OC3z2V}h_FuZ~0fJ`XPNKGxl45Tmmr6!z83=Fd+85tztdO?g(4833@z+G`f
z06^k*Q|X<ySu+?JHixk@h@hA<MGfqN;*7+i)Rf?oqRhN>a03is0%n+_24TW}M&v;Q
z)Hp^THbB_jj;swah=8yc;&Sv>BEo>1N5S?Y+KdRTgq&P;f)P<oBeX$mM6b^gHZDZg
z2Cd!Eb)#1=2;BjvkSv8&Ht5>X3q*wWyQjh4MNVu1-mKufCID=A90R7v<g>th!vFv=
CsiJxS

literal 0
HcmV?d00001


From 279be94fdb47e1067f4edfbc3cfb790dd658166b Mon Sep 17 00:00:00 2001
From: roost-io <harish@zb.io>
Date: Mon, 4 May 2026 12:54:00 +0530
Subject: [PATCH 2/2] Improved Functional test generated by RoostGPT

Using AI Model gpt-5.2-2025-12-11, for user feedback: improve the test cases
---
 functional_tests/README.md                    |  17 ++++++
 .../.roost/roost_metadata.json                |   6 +-
 .../roost_test_1777467397.docx                | Bin 144237 -> 147893 bytes
 .../roost_test_1777467397.json                |  56 +++++++++---------
 4 files changed, 48 insertions(+), 31 deletions(-)

diff --git a/functional_tests/README.md b/functional_tests/README.md
index 3e96704..7299982 100644
--- a/functional_tests/README.md
+++ b/functional_tests/README.md
@@ -82,3 +82,20 @@
 
 ---
 
+**Execution Date:** 5/4/2026, 12:54:00 PM
+
+**Test Unique Identifier:** "roost_test_1777467397"
+
+**Input(s):**
+   1. Aegis_WebCC_SRS.pdf
+      Path: /Users/iamdm/Downloads/Aegis_WebCC_SRS.pdf
+
+**Test Output Folder:**
+   1. [roost_test_1777467397.json](roost_test_1777467397/roost_test_1777467397.json)
+   2. [roost_test_1777467397.feature](roost_test_1777467397/roost_test_1777467397.feature)
+   3. [roost_test_1777467397.csv](roost_test_1777467397/roost_test_1777467397.csv)
+   4. [roost_test_1777467397.xlsx](roost_test_1777467397/roost_test_1777467397.xlsx)
+   5. [roost_test_1777467397.docx](roost_test_1777467397/roost_test_1777467397.docx)
+
+---
+
diff --git a/functional_tests/roost_test_1777467397/.roost/roost_metadata.json b/functional_tests/roost_test_1777467397/.roost/roost_metadata.json
index 2da4d62..7784565 100644
--- a/functional_tests/roost_test_1777467397/.roost/roost_metadata.json
+++ b/functional_tests/roost_test_1777467397/.roost/roost_metadata.json
@@ -1,15 +1,15 @@
 {
   "project": {
     "name": "roost_test_1777467397",
-    "created_at": "2026-04-29T13:27:34.368Z",
-    "updated_at": "2026-04-29T13:27:34.368Z"
+    "created_at": "2026-05-04T07:24:00.030Z",
+    "updated_at": "2026-05-04T07:24:00.030Z"
   },
   "files": {
     "input_files": [
       {
         "fileName": "roost_test_1777467397.txt",
         "fileURI": "/var/tmp/Roost/RoostGPT/aegis-cc/1777467397/functional_tests/roost_test_1777467397/roost_test_1777467397.txt",
-        "fileSha": "cf83e1357e"
+        "fileSha": "cb52ed2c8c"
       },
       {
         "fileName": "Aegis_WebCC_SRS.pdf",
diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.docx b/functional_tests/roost_test_1777467397/roost_test_1777467397.docx
index 4fea55af25fbf64516bc3db061b49630d42f216e..fd3e279fd4009b8dbcceab76988cafe20d6bce57 100644
GIT binary patch
delta 137933
zcmV)BK*PW7<_NWe2@Oz70|W{H00000{W_$P4Il&kI;4>>CIkICq_J5s0S^5-q+BOh
z{`h$t0suwnvzP(k1AqDM0s0g#);}~$FoFk3V0_^=AQrU-l>a{4Rrpo77-|{vFB*GO
zPrWm9{dk=dQL>ErVwP<0F<hQrTskMm7pJt=UY-m-yg9xc><yiN{KtPfAHpbssWf&$
zYd@a9aU$V@&pU>P4sT)ff4#i?aN)SY)S;VAom<a!PF}yecYkEJ{dL9hUGw9<$im<>
z{AQ0@GTk0F5HoGM8X`V)ZEGaIC#|cmMLdbTCF)0wME*%c-pmuRlgx!Pi$XBHAm1eq
zgcq+Lf@JO{^r7rpdsG}Zc2rndOrJTIbGT#~g$Zm5VkgC=$DLqU2)@JjT#o6|tzF-{
z4!{lfk~w`tc7GRVDwck@qDZwHP39inERDo7=QvHm1$p0x&fC-1XCL2!_4|L}*8iG%
z@ME1oB(V3p*}Z(jj}Nac!vOSb4mKMeB^=|^b6odXGZc#4t9okHaqPIx#Equ&&`0T}
z82h8K97o|D4n1p4-#LTJ0>=;Csi{n{n82v|tGv=paDST>EgUaFeFLA_gZHJ%X{C#o
zVuCt7{dVKHy+FQXAU{Nc^fU%_j_)5u+vj-W#mNUZa<3zIIp>EA(uMSt{99jLx2NAb
zo9Z2|`~ms{-(0WP{Nmvb#Woxf+<IVhXg<$j=)yD^hbauShb|z@S!E(<@Ig`F4xxW5
zoY(Iz9Di^irM^6)ohs@ZMt$xd_9r00k(3}BwKyTWMG|x!j3h>Zo@l+3c@!?h?&<Ve
z?67&2rZx$kC=DE#Y5p#zTH@Gmh3NKooOdCZk_eOsb_NbE38ZfmL3R`usn07kFe1Q}
zZ|d|w)7a#US4%gJ#dHUy=lXtlCsz)9LKoH|jDOm}{bUYycOs(1fd$kHS|Qql9p^aH
zu8F(E#W}y$#!gQ>yMET!DmoRnNf`RE^Nts3CvnFPh#WQ38Jz7j#g1PjVi`M^q4PmR
zn6!LMQ@&r-ke`DIL2K-X;Z3?+Ym~|I@Kh1(JHmvL);y-klsLX{!J>tMaLztB?sN)o
zZ-3#7Jpmb>1z@-3Z0I|Id+S}JVFIaOb|XIA-Q7Z@;5@n4f?O%~onbM}Zp$tePRu(u
z3gGEmA=ne?FPfgGR4mwKf>95q-ULLA>n8i0(%A$@GZ3_wcY1y}xp6#rWyg{@ns#tA
z@#A2@64wI*=E4o=+k>PP^8HADy>uR&_<w5Rd+5sHdWjA#+!6lV=__%fMwe;w;laUv
zL7M|{9VQ-z?r25Dontr&HQv+;`JRgz{CjS0jcAe=j48Q*69;{hM6a)i#W=rR?4Dd)
zIAidteG%`FipD8<)w9%xE!H%=3(#nwpM%QpjP~|+_xE5ahfm`d8>@0Fg#I&VFMs~-
zUoYRj(Xj`LB!I)+U+>iv%rO~)iEzRhZcPW$*ua)G?+AVJ+`jX-!HGMWi@tO6GyiLF
z0fU;xedqYbg`rd*+CkSS_7<M+My(kS%R4ZY{ej~m<+gS_(CZ}G&%r&3#lj8Xo8+u%
zlVLv>O93*M!7(M;nVcE1yAV?R6n~_1Ve1)TOpUFTwMv3C@yW(w4sH#K7sdu8f>Vk<
zi$NP1$XTiRKtn*ooW{HA8Rl+qjRx#)?)f~ylmeigi)Ez1gAH3tMhJGW95j=%)?r%}
zKkrLthS(S|EI2OW)|(neDHHuH0*_M70~}~KoqCCk6*MFwdir?@UIqx_Tz|x=pVTNI
zI^5ap%3G0k4zKGK|Kpi->WyHi^6w2NbT{we$It#U+Cef!d9q$?I#revK(_`rE2kvz
z2|4#=z@NX}qxd~s7fc69IDr2=`^)|gO5L`+%3jDH0=M49wafBVlnb6|qRJmgV~|@$
zciA|o#jp>*V~O`y0cIKTr++oOBuDYre@(;W$j(&oYYoxyi!hBq7$+VF{c5D+fB%ak
z#S1$odN}^;P`-L0)o|#X1xXZ6Q~vX>?qYf5T&!SCSUB%*F_tFo`t0Y9;0^hyk@LG4
zJIBkV@A1u@V<Q2iuIF#+>n9PPVTLRd`$2w|X|BV~a}x7M=P)S~XMgx(-zig>zx?}p
z>9g#g3QI5|mf-lqS(cpLy&aWj2WeTyE!*(fzO(QGZ;>vVF}G@l6DWh;5aHDfCV1+~
zTF=a{#S>UVun8s*0k{ei3d6}UFtaGQ^5gJWxn1T7z%fbjbCDO{;AI%h05^ULPE?Y(
zlbcxHK28w=NFq0g(SO!w(NJ_zW?tY16VLT`-4v07$VF`2W(s~i`{h?!5tg_Sg2iJQ
zdI%u|9G!yA$uyq3H@qo{I*j0(VFUqb5eF6(E<k#eM?+wS<CS`7!oX)=vWO4hCvnu2
zH;g*A5a^BKJ4yqU_8A^!Q!-KQB?_VxwmT7}!X@&f5CY6GEq}e7j|anhdGf(IIM{DR
zeio?#%Cx$-uIHmAKIAMbg=}OP-;UnP^f($`nkSg4-6A9V1cU`U+GFP?fE5Ld{us6$
znQd9Ruuh22@T*9#VCOpVFxjSKk8<w{ZU?O?yMB1>1sJ&1uSBSa@SHn(FVA)cf5I~I
zC;$W22;+}rpnqB+@&nLMZy}s`6-;n$qB%~CX^ruSFp6X<3BJIaV(7q3#Sv`r4cFeM
ziwqo8HOeK(K+!U9;sqXaE>tF^3j}e&*<trZra4R|pdhoHwV|!eLV$6ZIv?J{w%+9%
zip4Tn?Ro)C9|sRWTEcdDUeWhv2912}B#i=069yp~JAV_YoxySfj`5=|43&*cdDh#?
zau>#??kVodgn67KsE{Z$+5^hX_((0G1-M|4`0?;+w6ndKv&|W4@gJNcpj2Ogsyv2O
zBU~(fk!-^ZKV6yc-y`$=oeiQ@5^RTYHo+oJuW?2M6pZclc!jgro2~F`rSXpMv)<Cg
zYO5Q|WPhhT<6im^OzMCR)3@VFihE$W;~{<n-bW9r9it-i)O18B2_vC*`k9`Br@aJc
zJD!JFd_ilz845r#suWl&<aRCwNP;u;VtO0-=}w`T5cVWN%G4%n>ePzo;WHW8#WE2$
zBs5m*eDY5iSj7Rs;Oa)JvL^CM>EV1BjK)n!f`3#G-MXYOrG4dULi(UR8dy{jj?XPD
za&6xsf3fdO#RAM+f>jfYsi@*_GAR6Q<8EDU_M7Eqx5~9{t)=bBsGgtxq7G-D%ODUR
zhtzYgH`*Jrua!jJ^);dt<V>i{Hxf@i9sQZXBx}aps9A2cJF5M)E<<ZHx1PB%ooK~C
z%zqsZ1LnqXGYhMIB3TtiqHwGtIRa+tQUg+kyQV`v3patCO`OlO!3d)h4OSamfnegN
zXjGjWv4Sf-<itX2$Yr8drC`Hg9D>m&S>Vw{dJI_b$!Um9f@><3#nK<8Ict)$wE58q
zSd1VuL~0-T#%FDaM^W?SEUBJ^>ry(rq<<2$(mIeA$?-(=9urErd%~ZpA(;q|VveX)
zS+G%(*>t9I5~iT7q|>MYmfDu;20EzH`gCW&>znHtVtOqNJlJXW;lC8Xpj;16d(TKx
zs_g^5{XOW`-f*zDH~hcFXBT5m=s>n3BdHF3V<|)lEXW)fn!7_Ma2L2B_{+IFAb<S9
z7r`}5z|r9OULQXtuEN>X*o%<a2N(XY*U8Z<q8pcUJXmr1Z201!@5FI%<-2im;2bzp
z@7hb^K3pCNaRt9(fs-qJ)VN5c8DNDl*@SkoaWB&f;n-)rRg?(jrR_N7mZZ7w;rejp
zP5YM7zDmLy5q!fF-hb+9e7y9WQ-A3{)o3NYKOv~r<7SBYSNJ{7TS{EkNXnQ(ZHD~L
zW%Tw}J|j^h8J-Y$pA5KsqMO0|yMM%6)J?6GbbmtQcFHb@^VW@TM4hxX3;4~vC{C`>
zHLxRd#|SOC`5+#y`z05n+aaPt#1B0+`@;1uTK>aWNCnF==K_&Qv=?0ew|@`#=AL>p
z`;g_s*q<D}e7QG(uN^)wd=ol1SFk{i)lX2L`F?mXeDVDG^S$BTF#jp-1?9eGw11Gl
z)Nqc}#pok#3TD=7^HC**^t>wnMO6lc%_r|d<i<nQhgh%4R$7ef0$~akZhh;8X$*e1
zT5mBUY*1`51=1hWJFHB)uz#Oj;-P8Rjy^5jm8|uKMGN4ym}6MJ&wir0pDAP?f4g}9
z4uyRue1Cv?`nb48WwIm^j0moRLzfjvRFcgLjW8}51)GG^N8PwpCb9R10PNieX0Q3U
zIEPF*Dh0Y1Nd?5UZ|ca+N+&E9R&mSL3dvB6ePs(~8VWY|`rtAmm48tbM#x3Vf3Ygb
zf)V-{G{!h(pxv3c@#E5xl?m}&4B~XW@RF=_gu+Xd&FayswEXVm7gvy}9|qSjKN*gS
zNsK)e7k2#!b~!5v;}aBUp7J5*7laM#i^_^n<p}<COXN?5BBVtl@fN4E<03)tVr5>g
z;D*~Y&-Lj*9jxBMU4M`Zqf6FUk#~%`7udiR6-^1kU_iieD`b7*3pYrYpp6I)$?O#N
zt|P6}8i=}2s}IV0Dttj(;AI+J!#WNxC;8f_%MdneE2rnpvY_~m%Alw+Am&nraI1b6
zF-be<>f1n99NuI*B#UJY`2d5=a+%&P0aoYMipmL75#KW%nSZN-8)Jph0Suz$M7t8-
z)xKY5K8=cYhMj|1c&Cml^=#<sej{mS^W{6`X*X>`ni9@!KCZR@Z0JxEk8?vmB%f7?
zQk3#pYqk|9qz5G#UcGcWmkRLMl%{VP)ituIE<S636gRH0Mg|QwvGjD!m?t$uw*qlZ
zRofaOyt;y0Pk%%?>j}qbI?GzP&ErQTc3e!!s_I=O9^Jr`IXDu1i9oA$+JLaIik_-U
zscIACI&8o<r@otn(Q22@=6Ei`+siPfBNF2kBUyNF@K*T%v$`wXW`Rwj@xvQPt1MQ>
zfH-Y^^+s89SPk(8nt)m{V+Ff_GY3l_T2MyFv(}mNpnpb|M?hX8W87-qE7XoQ;({X-
z#)wAgHiZ=Hk-zBRsfWN*qt?Px$FRc*LC+)GEGr-}k`us*L#`fULr>D(<@wW=iVPhB
zwLv)L2$Y#|DOnd;+ZwVccEnRhJT*Xm9r4r=Pxli~KSf}URVeLV<mrSrLl0q|3ZB&?
zFi-HEFMkH3y)R;(3P(8CFi+24{P5!z%o7c72R&`!vAn3tW7!&dDyZ^9pr^-l{wfpY
z8p26!sqbK$Au_PZ++JWHewpNBZn&Y>oA{ccPn8Mzo1#xjXGeR(RtRq!3QDmnGH-|!
z3x^Bn<sHgx8c`ux=c~Qq%krytb8j-2qz{S(3xA{0Upw+ltIYJe&OBYX!2mfG+Bq-4
z&|-qFC;zcS5xr#;Vu6izOl#R*#tcDnBN@Xaa>ExoPmC~iVRowz(xkq_8l2bI{Dm}D
zQC2+$F&sLTo<oCl9LKrK3QJ=WeC142YQASYO)EwvD{AEuccmBwv-Y3FnWY`j^P-jV
zDSyGJI#F5BnXVbsle2YKNnuA<;4<dnx=dt4f@QTPm(I(a)IvhCRQeXilrh1XSHLa=
z+&!gcEMRu&1+>_-BJQds4;xf-2m}E(ZZ@P-pR)L!v^u+MsHopd9+TFG9<3l0-oNu=
zg~NeCmtHp>nuf2moOP^KAZwR!>5{%$B7aoQRi#9)372Y!B0f>DNjh5zD$j!;CsSR1
z3PS`Voqzlnf;zI&$lElgGN7nPM><0aUKt6aWf0ST9%5qL@nG+zbNcr9?9J8b-_9;B
zFW6wn@PVYTvk*WtCQ3&(Jx#Ld>1u2}0Trw3kK{~rPahUIhZ_Ujl`*%@V^rjtW`E!w
zBpk2Nj8sN76oyS>PvRDC5yRe%Q!JWa=I@hT0%NoPs4Q;G&I(qD^>K+`&pXM6q|&+R
z`uu!bzR6&l+^jye9qn_~^yQ8KW%__6sIszBXaclO>42f3aF%_bk?o+Ty5bfHJq3J@
zAtT)APy#WOCFoP}@O6QP+8?MJwto_dx<u=$BuZk$XqY+%Vq|x)nBbZ~JcT=X4@ZZY
z9yf^Dp;2`d&O^{BTI=CEwy7#si>0)qqB<(70rKmpsE&%dpNcwx^=q{y6ZKkct{y@~
zm3vr^fJO}m@ZG~NL!<V$M5A8r4GR?2pI;8@&rM^{qI`mjvdU=GNTJOQTYp33snSBU
zo?VdlQzL=G7P%oi-YSW`AF6Vsb<%mWIV}%{;4wcLOrc`h*!MaN>?#H9h?9=;H9B6>
zn}(9{3n@e9%?$7_`;tf9D_1rS8SaM%@k)!DrLoEy%8?itBO$}i2(joCB_}4gJrME)
zgt!Ukt5e~!$^`TfWba0-c7JKtY}U&+m&f)>%qY@D6yAN+k5s2T8IN!um(r<BcIP6A
zR>iVh`I$&>VkCVm=I$-FrtX<p6t!Ha3`#rJ1Jy&*S_wEw!AG@CyuKK8hD)q?a~`iR
zkSTe55wG;P8=LB7v=yN81Vk_4GCkW({#z~>8az|A_pC&aY+us~VSmYzWQWeocfq?0
zR;Zo+N{9Hl4p{^qBuwX}^Mh5BEUQMw704PApRF~BS12Kds<~CByI4-lh@a!?_1T>y
zFtnBrfXv*xP!rKvoxhC@8R)c%CRx=a(z*2kKc-wT8ln|Xm5L)JLLG=71jP{@vxbFX
z#X7V!sbv)0!5Ru~G=Fk_KRy1Zs}IK)7r(zhf6Y@@MK5I=?9Z6@LjQ9il4eYfj)Z&C
zB-|6#+Ir$lnuaTrFZDtsGHxn+*%_6YN|`tuJXuy6{_jq>H~Pl0q~E|~r-<6AlAVcr
zBdF1H<i$4_1eACj{!XkYDzM4#a%JA<VO74!<>)GW{kavsxPNN4o2d~|Z#uSt4dCP%
z1+86JwJYuyyME#!B-zuuU<*3nt*#Kw*HrmB=&F2eS>>zDN_W-1I;8E}AZ-|1-u~!k
zE!N2nZ|m^32FS0&+x~oK85<4Pj%oYd+yXh$#fc9~K{9H}lP;Gc+ND;;yYXr<4t;Qx
z!Vr(3N6AiKHGf1LPo`paJ@@{&85$qv59~a1E@00DzXKDoQRr_Z)SBW_S4q_TSk*ed
zt_Ie6*SW5>uPPJaJ>C6e8WcOwL?9e1WT7@HWs`NMCVWg~a%~D9Q<;Ds!p9gs_ygk|
zPe4#7R;43Vyh`>Mpsqz$?TtJqgH^vO?fF*&(<WI-Wq;IE64Yq6G)`6BDrf4=W?=q<
zBxmg?WCyE+FWc#4*TJ_WPB`NcO0x*gT4!Y8#RM2ihooQ-DxeywHI$6O&>*4E2U_T5
zAQMJX{W!FO><l&)awDy=rX)pId9+$=+|LZ7(dG2g!C;a^zKt)*X%MrItVd#lk9;rj
z)QTa<7k|o9DIQaqWdxGrOKPwr&~c>u{2|(-pdNJ*!95+r^XC@RlB&NcOOwyg<N%=2
zXlu5|_GBd7qtbpf{FJEsQp%^)jy9#jMF;rUfDbHeAJkCZqmPpJv9zl_z|Wiaznr}r
zfKQCb&ztbt3p6jMCaOz+^1Q(!ax=KwT>U9NFMmDw`^sxdY_DFhkK&hIzaiqQ8Sc{p
zjjboOp+O%h`&sHcJ`DzJ)lyL)dHApib#CJ`cV4tY*viG)loI9fu=<L}g)5WL5dr64
zQ@9nCv&8%G&{BzFt4FUJ#4ax+LZ<IFfjv>7Q(sdS`nrQWxynRXk_vY>pc<GBCVvsU
z{(lH7Q-jMk<yPyeE}AS|wQ2Th?V%a0svLd$EOW>6{0Tfyp==fR<tDAT3BtR;(up2#
z!N1qriyghmTVIi>6*z`0UZpIcjBSE{ebd#S>R_F6SjSEo+=$iIZc;;5#>S#M<Tf=!
z#vQlwb@J=Dovtj^-|wv)MF!!Ub<=B1?SG|u*9sc#?KNa`Q6<^*vMQ(NG>EbNhAw$a
z`-^q6No_pTAtW932Vau+Atm*H(tzH2)ZAQU;>=J04(h1<sD(N40UX}UXElDbFpK1v
z(ZY|~`n5uoC14ZFbeo=iV0Bs{q*Ayk<C=_(3YT1#o8Dl6g-Eu@>ppoAS-ZDRMt`L;
zGUA4rfat@)7KI$1fOyUpV0k?^5m*ET`?I>Zz$NT<skk{O@gwdJgdyFZ1gr#+jNnTk
zMunc@bg^)w6|Rr^Jl>8`4Nhm+3sZPaKSR83iI3C6<@X?0{U?oGj%>7IxU8moEK}D>
zz>A>>swGi5EQ@gJ%~sA3J4i+@41cR^W2%X-Y`AIs%_e9)5cclD-aa-8OR<<0QgwJ5
z@YbVz3=JHOj*GO8J5C?BR9I!hAUP$Jp>l?#WuYh<DJp5Pdnd(oi{x#L$qD#C%($Y)
zoWhxzGqbZ>I4BJXx78X_dLzflAdS$IDw0N7tJ*DNp@<z>GY_T^S|!<iwSPFAaUa{|
zVrV*>x<<oHo_q}%^QS-=jihq?6$ax7cF8yrXK|d8Q7hm^&$q&jK(}mmhGzD58r3?~
zXk?&9S-Y~KbN24j@td>PS10GEuTS4yo*lorU@p(XYMU`pYDO7#C5665dQV$b>&cR6
zya*QPGF&7Qnd4g4+YCo3qko9=jq=g}*Xc0w{w*Vl$Va0fVp*d+UH%mb<7|yr^=05w
z_cqV#N(en#6Fu1FptlV#-qJBj<H(XVL;KR9H%kPSPwx&asw?fVEm$P2h;bGdmEzFM
z5sX?{GpK|lnxqk))ALu7DRO!<afczGxf?jo3Dkp&an_*y<Z94yJAVY$kw+VZ^WZW;
zU4fvEGU_O!jxy>fqpB#Q(ZeaD-<u2>)w;o3$;P80Vy!p31)I8t?BA+nw}yLF`Hg19
zmOQvMDg(EQ&CMUvzphSDc`R!S9Lo)i7@9KZ?U2?NlUMB!&lUxx<k|Qy3Wz-g5tWvb
z()9$Sm^Nqn!stOqX@8!A)J)7MqCRUp?Fv?^6cr`f#Y<E{oER(O>=k-|84)Xv@!~D2
zIR#e_^(>sj&Pty>lyPW<?4*OGYY2@I2Dz0DAA;*$SUU)~GD-`@AU(|ZcwD(m1h-xk
z2AFXI=`WXIgq}&_^stK<M_`!rPy`So>Ottt(uj(*=OU<-)_)S8#U$ku^NxEPf@Y&e
zhv}mdiq#EEz9^Ke61Ohvs+GK$er-rVu>l+v*=<|6`8IAto2@D@;8f;D$TChmPn@1<
zqIN9{wVN3zF5X0SCZ>+ez=|oGy@rf>M^dfp%m(wE&9Ig5U+;*vj-T2$_$iv1Z+||P
zwNj=M(2bpN$$wRaoEHPC{q0=7hw)g<+$$WDX3UYAK~!C-rmvG<3pBQ#bc|-HOoE+r
z7}{;6BD!h>l+d~SxZ}nqSw)mHZ@%KfXiCsZaa8cmVB#)0KdwH5<$z2~TAys70cTvx
zM5*4MzCQc-mSC#vP)b1eRyss+K(ii{yxBFEyN4%^SAW4|4jv2<UwR)J3s_^C(!;e0
z{8d3ARQ)GaWZSi;w~XW3N|~J=TC0(P>R6SC9FEt4T6Kj(2-M2XW}AqXxgLap72mNi
zEl`8jB3hEklF=?}7O4|nnQ(E+jfJv*6k>295T~~gPA{Ij5k)i5_!({V@c4q5&?$Pn
z(X9*H(SLS`xP!Vj2nV6AvO;5Qg>z6gX=g(g)DGq9P_DYmuk|R`6UHruRatc11uQZA
zic*iFu*o9tq6d4r1pNf+A*=FrusFPM=pONrqsr%i&Vq=H&DNtj6xE4%9jL+kApEM5
zf;lAh5<i!#RmdHb-U{hmZ06;uF}%g|=j{-5Gk+M5%EYsMU7b!Ixgt89K;o*Pfa=V)
zgaUFQ$|-FRsbb1QO50cviz;W+4ndxarEn9u_=O8EL8c;GyLvZ5Eb$d{|A+-@?AC5~
zb3vR0id&z+<u-CLt(K;Lq5{lEcs@-PY;h+^>iVib9DQaPh0}C`6^?E_ai=T&@o`-2
z<A1dj6YLh0b)Rz5z{exPSroiAqiDkz<m&O^T5CAXx=mckA5jLzbY-a%nHDZ{Eakv8
zBx=wAUPG7D($1zHDK|Dk@Z=_DCW<mULFv#~a7U^8uz@GTkglZDisf@;q!RWO(~<%@
zXm<JXhG@r==Q=n6lc0J$2<*@rc#%Z-!++kFrhC0vJ{KT0uyvHj0Z|?*@QM*vm~Z%<
z&U1@*GT^~rY7{BicaBd^-hX^|dG+S~$v>UGcD~0|3~qDfCe4^iHN!t}>nH})Xvjm=
zZHN$S27$C$q3fBux9AX+b<NZqoj4?sRnmv1fgHGqoP1ok?;XEfc^>9N@d6%02Y)k@
zG1kYE1PSaIyld(kJ&sbCci<Xe&B-KjNpCP}#x-7IS)oT}k|isR_X9EA50c1kvH0}X
zuSuCQnaUeEGUC|~FQn$ENFWDNM7vZ)6#R%}-p>YrP~)r>t5&FZ9;QC?@RqikW&{VW
zuM4|V^(Fok2REjw%1^<ZWX`fSD}U^`!d?{IY5W@b935g(*Hm@B7EpmU$rb$}TT$A~
zyS!*nEAsutl0aEGAd0KY38EK+UJ$Z;@iFk74jSp85l|wWd{G(%l1Ey~*y;;M8dNMR
zopTv*_Tk@Xv?EF%dZ7eOWXjPzs0v<7Ll)!?HR({3y34Qis7Z?p&)B|jLw_V%_nI^N
z4cRAD3PDxop`4Ty6F@g5J4a9DFSEAQrG*Q6=>GX$AQP9EyU5Od&-EcydAwC0>5j2F
zt(eW=UR$^@PeI(o=~&*L^M4H=T(`!`4y&Wbd>0NWRb8p1R`MOOWVRJ!Cp$xS`<?8*
zSat`U?7mob&$p5tADZJ(w|@p>ycoMRU0+k^t7kwkYR`Ox`PDe_d>`fB*Uc?qS;ET#
z@i~FF#S$q2^$pI#U6ISZ!e~!KF&@vT@58ZIy!tsjwv50&E*?{>@q2-EG$9SSf*Di~
z!yeL|viY!YE@!r1-VUjr1+wDHzE<467E%_Q&sz5}9*tnj(v4z4F@HFnPpW{0u1s>r
zQVFF>USn-CYp&XCVua3Cd2SVt3i@VlPGfR+E_@O}9r>n2<0#T@7DRG=KfE(pJU%3#
zzLNvUEwK|Pvc#029jnYnPC}527f?1;Za-M0yZE_;*txt=d+u~W_2!7w!HP#X8s=cZ
z%-C__Fsr0#w<il3r+<X|W<!%rDZFA9;=m2kWkVvXwZ`#|H}MU9YwL-5@hHya*@?Tm
z$TE<*XgMd>w^=w4ySvO8)vPX@)_}eNchZ4kocVXSr{!-(Utmn+bL4eR>*|8!eQ~L!
zeTy$c+|$-qt!T3PlC4zzOmA98=RG%j*r5scy#=jql2#hMbbro|FHf)DoV`7}g!PnW
zCY8dxVj1^_dkCTIqB&o}-)A3onlYPdM&-djJmh~S4XF@RHy*EzDqK%6%HZ(a#Hfm+
z+j5J5Ah-fc2eKcWeK5x`58lZWE!Y+hMpdu>G@{lR%MYp{)@}2sXS5^)?dErJ8qHk9
z!lQ6uqk0&^9e<~>htZ12o#BC+B`zrNP-|M{Eiu1O#J}o{hpx#K@d1<4<18iq+=e(H
zHK*}Zi$l5E;}>WWk5n+`(am~@r(+*R^Xx;PeM9bjonYx&K1h;N&}5G1LPCGa9xvDH
zcNQs~3kTgwkeQiIJ$WF&Dh6dzq<mj7^8%4Ikpjhl?SGI#?{UHD>(rZ~bJVeVbtQ!I
ztRB{(bN#jL`;2pfy?7OXDu4~z={wx_p3+9Ii0X^{y`hQpwF0*q6>+N=gOhk-RnH`v
z#jb+~SmEc!bcV+f*Ad2VU;#ml@7?hw{u3r8oA+rNsl6a9^I+XugZ8}(Vco;1y01N?
z0k5vKV}GK(dPL_-afMUI8Z&9qSvJ^M2^WUt#U56_2m`Q<V*&4|&LtR7Z-qb)3|8{v
z`I`)uJp4*jvL4pEQi5W?szFsXPHw3pon7aoSdy-{!AAFWO61iiyczZu`)|Y1{=xGd
zS?iHm4f8;Kh@lT!At?Sa+S_Aqgfjwu7(8y!zkjk(xIiO<hkEx0Y-2zu!8E+1;2ntl
za?k2MfGdJ=ra><bVdPzNG}?Cdv_)%)G;!60jV)D_(ZWf>e03QKDr+$nq~Bx51k}(G
zw*oxU|NUI80Xs$!3HmTkAUSo8bczOT<OABHJ_Yg9CRmn~qMy(0AF#iJ7l9?=kOL2j
z)qjBir@v7pDb6)Cx)G~-wm+#%(q@kyb`=9>I0S2IYJQ30EB|F)qVsT@_{d@uTB^N*
zMX6&IR<DfF%hpN53Oki_7}Fg>Kwz*31g$f}Qk}TW3RPJEmVr}Ue9wg~G@jYL6|%5L
z&*UTidYv3O;0na4m*{lxLt`aRLC(J`fPX>OaMI$0y)JKhdqg*2PTknI&0SoPeRqk4
zN?`d0=ksz817O}{jte}F063l3BHHOQ2255J*Z&0?%(4=7<h@#pe>;Z2P<2q*WIz;y
z%~6>Zg?eg*-?1Xw+g6|HdC$bNz6v!GzZR?FlnXb239>~{qZWbWTC)znt5C4aM}O$3
zFL!{#O&hiYD4PfQ^-<-TN-Q8%&g5+L#>~ZE<SAAoD*}%ZPr_x!JDz<QU_fFjF$d|l
zvoS!GR6aVqA<Gf*dBk15wC|KWJ^7&sUhNQbajcKGJ5fp%ZPMhBq!CkQ#N|9lv33G&
z!q9ktBwg~iI8Z*tU&JNR+<=7Q1%GLn#&|Y22HTF0OlJ)mqSD>L$nIcd-Q`#JgJz?b
z4UuE5k3gEsNi*bmj%(W+TH7urB5+}Cs*yZTX~}mAkO(zel}pudn9uggxSHX3(@IET
zva=7(7#Gg>yNT<(b>o{_Dft)0;F}@!r;d5{*})|9$vgPo2ZB9!wxd0f=YPtaVdapQ
zQCwvXcHi`_+k<<apZ<J)dhzREZ%Du=kBHoAYR5kicf}ge)_&CK>5RIhxTXzZ<!Xj|
zc0D-1Qo&oN!1d(rY}iwZn!bX|k8w~?jZ;=b8;cSe!{ubd#V=c*=wo~U+pk~@m_sVL
zK}0}LLY|SBrU;j+9`|$a4}W)Z<3wJ3gB}}Yj~TBszJVDSx-0hn+?MKWNNl3!+-AN-
z0a6x{$dtVb2*9vryoQO_>zM^<K3M0-hsg1t>H-aGmKc+!kUkx!xsKDkE%a=^hto{j
z$!Q)N6=vk_ckUt=D0GQDkn*kPmW9gu&I;?V<1@Lr6&lax&uDgqOMe%3(>xz{GMq>4
zv>!hsUnR#$NdQYwcp^67{16vaK=ETfh=za~5iGGc2u0OfAtqI<v3P!4mR;n9-zvPw
zDO7IZ5H6N3I0~3Lm8Zn9Zc<kBNH&~>7vshl`bv?`gQ_%PZ8x<wCLWbwgH1oOi(8EL
z_8v9CU6~k9bg@#?@PDka#GK#k#R*~pZmtR0)le4#ScpX!tqMSFRtKY9vb8p>TZ-2F
z%+;{<qAZ#1B${32vD2*o?c)7A7UbVK@MkHgj56|n{_5x6y&58S#Bct44bZ^KL~S51
zS@cCJX&xZxBtqJzQQmt(Q`C{@ajPg+Zv3qNgDMo0vu~rKtbeW^wfK1Dx|I_Ln0M|S
zi2f}fhO^cKTqwxZ^#bBhy=3*c1&XScS58+-1eW(rN+i~Irr@Xq@P?ac97#tW+ab@M
ztoXF!n3%m6kOPfLI2C0buT-_zjNHmOeCFXDnD#3Qxf;E-X%oA;o5LvSPpVizQzEUk
z1{?2nkjlgLg@0Au>Y@0M6^`54j6?h?9D8vmX+KQg+RYT_Zg4HAw3oR;a)3VGge2yl
z9j|dGQ5frtK+NVKo`fk(NBA7*u8!mOih*D+R?moWUOED01is|8O(Aa^iz!;_+6-BD
zxZ*c5ruD=X!4x(_j;bHVPiU%7IjB`XqHC)?IcEf}Y=7?!9l9%uml%8WW(>_I_M>p+
zIfpeYc22@uOitBkTyiTg_ZyrZ6;kliW=Q-g&~^Kg-#V9m3R8A(!fULe{UDfblS_EE
zHf7GIzRSJEvXpoWF}qO-W|wW7Vkh+Tg5%>lMb8qprc~!<0G@0^P^Fr&cCnbG5$xz2
zBD`9Yc7LtW;d<gy8n=^z9kARp>B1&=;UY;D<F;0&gw*-J;(+1aR*$GEo9mX0pst_@
z8{mLyRxEw&ry%<nd$SDV$Zj1cp)Z0Cr>g@_$3uH&cZJF^kRj3eM)|}flo6D2?U4<M
zvB<JB78AGZN?XI40!?&u+&84-MjajZ6?7bS4}bHh#q2svE|<$_O=ZJNI?`Su8)Qvl
z*3^E6$Z_;J4G4_G%EYa!TzIMK*vUe<R9(}ZQRO5eOR~I;OxdXNBD$mqm$BlzV4Y2s
zyMdLXBjUCg{^9eg#{cVyxRFi7-EywA64;|MDQ*Dba>P~<fNO_@wqvorn!xI`&(^*I
zdVf^Vzfnyn!OEm(A`GfL6YOy4gwZC2<^E&iG%?Cu;ueRc|IJv!N;tyG2E(A{WbH*Q
zZaFkP+<F=(^)lMkF0-`P62ofN)!Q3Bunghl`+qupcO@H?wnJVg_s#2UHe-h4i)Ztw
zo6VVSdNJG6(werq;GHu|BP#wSPuv#HXn$J*-rrGuv`t2+9fHjOyw|cBdrtXw_gOeb
zeonPH*#f=0i#)Kl0a^$=)U@02cHg{dVp%l3zb2px8*)Cs$6?p0oHh8<Xjfj+DE=^K
z+Eu+k3$DvUaooDpXs7AgrPO88CO?S_NUZ7utaHA;HxrZ91h$Bq2t7(2gqSkO&VMKJ
zdBs8sArgP^0Gk=4hA3yp+I6g5$J%|H(tu#|dSPJLj)L)QNM5<#wF9lSq!|J|gC%Jh
zVg!2SypO;UAPuQu9l_%)<iJVQ?fHpjjKot%>%OvZ-Mc(S$IjW2oi5LE<t?P<_BRx#
z!zI8nPn@BU<uA~O^&|K_WsYPsrhiY(sJTE~yV!%FA;POQHP;#)t|t{`6sgP3XzL1M
zyv5X*QXYz;tv0np#F%Qy5YjeW@^KtviOnHpmo-0}v9Z^u!3M8jflrf%tsl^1xFOr(
zn&Wd4j?e|@T+?l{Mo?k!whzaRY+`FFbG!#fi<$+SU4XOdaz)MBK89Qmuz#YX=Dr~{
zx8G57>!>-I4al)yPHFN0MhGY4Er=Ff_ErdTf2Y91A?gK74c1Xj7j%>vc4`(2j0=!^
zBM=PutGf*2Bh!HKD;ft=zM(Uji^)wZWU5Nb&D|)##Tf<4OE2#VV+xt6fIVksITyQa
zS(kd)@Jivh7gde!*TZr9^?!lmDwASk;J7;J*(1PlPLC7wZ2SwNf85$Y)oG_B-v~J>
z9#PY}sZkoMDzriq)>JnH-vt)XWfaPyaNOlr-COqh-sb$vQ;@WZbl(rvWeAQH`FILs
zU1id@>d{G^HeD1iespH8R<fu$FIT;++{6h&yOa~fv2wMib=f}IK7YOlC8~y{I@^Km
zf1GJ3xJ-38nWPaGRmw%)TCyJXPOyzY=<hi1m)r^l6!2ac`AZ!HlTxHzO5R66653cH
zb$B#RJa{D4uZCS;9<FWsb3Tp1%5!*buv&}Tfh^tI5JUtYx^b_+VF0haG~NBx>w*pG
zlL9k-4?_1Y%%EUy4u2z2I*JP0VOp|dF&&39jpnXxF)_NYj3u?oVN1EWmK~-JILKV`
zlVk=#d`<-QFj2J_VS<KZT-}UhLPIpLL*_bUu0!U&6*AWlId()`$6-AphlPv(xwVk4
z12D?GgZ5Ba@Ut&2-=CkVo}tHSqEp`#1tVt$jo<sgU-g{}EPu0w;j{1tS&JU}ChUB8
zI7Z+T|8~(3NVjGvR#(96YoymAy{#uzW8qhlkf4Ex%}P~h_p|yVYBUyZbR%6X94(4m
z@PPGIF*1DE-`rdGf_}P!r|`msmw4BFQt59O7n;w3hqs}sx2LbqKE5TaO4c`xopBW2
zF~tGjMh}N~{D19YAn#9^@1|_4>W*C9iLr^!sA^@lcJ!5c5JNQ<#$<*&xGPOw6(_J7
zOhZk2>kPmSlU~?FmgC0QI2Oy^NLOLz`H3usgVmcrv6_<FZzrCmSV|g9L($Zpp8vGB
z^{i7A(Nn5J;i9RyO~TM8yCtoM(_?t+gYT~HBJX;h?0=rD@Cml*5cmW{Jo=LeIG&9y
z?5w(9(!-LI_cQN0jTjZCrj|~Is9@pew?7|CKnoj#qWpXC7p9~=*eJ357c=*2g8L?K
z248@Cr)@eGKLM#8V2stnzCI{EFNiVFpuG$_9#0FsfF)ifwA9qcT%q`!U{6qnb)WI)
zVC8@n2!D5;#~;qRhM?Pw|L}*Z6yW_5R`2_5{shxJ#gWHKcaa#7LF0q(q&T}VE5MGK
zQNuI<ZaK7afp1Yoou$e|E%i#8r(_<5>Gj-n{y(0PY06&t$AA2vSYAFu!$zK50;}n@
zh<KB*BT<oiRtVY6osHenjpMs8nr0w~f&B#TEr0C|XxC9JnhS&GwqvwtVkm{z4i1iw
z;pBjUV;%RsI5V5ENNB|=olbD|F5V=cG68477q@OeCn`|r?GW?NNSU}3WfnNVh{BUu
zJ4z$<l?}nEAumM!9skU>zzNKZaZ1hCT4GVYT6l7c*Fw>qu`gp=H))44GTqM{pKNn1
zK7Z2=24{ZG=iwTHWz9Refnqy^YNAqk0f8&NOp}aqlD+YW7qO0iXH1oR0Ujjf03^RK
z@Vy%$<;p&45GutETm*SxfeR-d4JjiKMyS)nO1)t$EI&jUk;g@>DjTOub|H$(J08U&
z)Jpf;mQzCR=Kau}I#V~Ek3(3tEccF;o_{-PNv=26doVIRTwHnK1}Pz3)FWZe<@8l}
z6E+zVjx$Gx%-VQmZa!KvP*!aWcdDg=5jKz&!@?XCR3|BE_{@r?Qo3B-3WS`60NWwM
zH{rEI4WO_YhdS@JgJuRdHBsr7*3j$1o&^LM-iqn2*&sw608^+@Zl^4_LojUOu74q+
z@me!)n7Z0kvNp#CJ#Vu3C5e&D%ZUkPGuCxUj9JT&&U@t-GQEO<H-PJixk&9=%a9Dj
zgRhmXFYBo`BMqY>=!1xJ-i5`~i&YYbEu;RqvH=O}TSHXsJj4!v$1qSFl&+DkeK4Z7
zJ>03yLw^dZkClRfZ^ZG+V(85f`+pO_VVsXRFvoVXl#!SVX&v6W0n7x77BdZVupJF^
znGvq{C&$|ezl;j-3-_+RmFpc#3<uDc;oxRWi;i)5qKwPaP|teO3Kq&@B$KtTB>Umm
zJ8@h7eWnX2nvI?nMN&c{RM3fw=P-cN!BpIO6Q&Qa1dtzx&aLjeXx3mD(0@ZJaD^5C
z4xby^kgxQdJq$LqS34^Tz$=D*Eg_Tl^<^#%E^CMzR(BXiSwh;RMWNp};}gWb7_(dY
z^1HdxL^+i^azb>P*D`Mlcclwa(H8H|@vb|(rQUc;mhfo>6YyuDD}LNgY^4OSu$CHH
z-FUmAUg{k$m%gSy-LX?hJAbwWqq6xFS?UTWsZ~dkcvo!3r>Z8X*pLic-??7mq@bjJ
zzS1nL8Lq4}xk4e!<hs5yZtO9t>dl-uUE)m0LeU)1?)a81^k?{EWzk<Z4JPxo1Pf)4
z7<nLXbJOym>&IBL7pq$?mY|=A2B-|+*o}qn1;V)zD?S?TyXZ<zy?@#4aZ?wS3EoIu
z#4yKT3@ovsV0L9@PrFu}*@LfN#A@oACx`oXv4y_#$6e9~2Mv7rXh)V9n}pFc6Mw`#
zLfRp5OmuimUuQs30T0Tr!kp{Kfk9f)5k1n`yq=vb^x>0m^Ie?}gs-N&QcE=4?3-7*
zuu}(_U?qFbxYH>JjeiV+6glXAJ0$g~#BS<JGr95rg-H%V{O$KklLCm`JG~WS2tc*l
zeOzj{Le-P%mUA0jZgW4KdR#b#Pve-`Oz?wTjG3&HzFnMQHxqn2<f_1kWVHk%=jY+a
zN#fn2E7~(%1`uDEVnLX6v2df6VGc3K&*x?)E@u2xdOkiv|9=tP*8vaEecOR7_V9p4
zWKU^4bTR3Hbo^CgE%yASuW%#8QoH^%SVDUJl08vgy{t?EQuTscxS`Qz0zE~JFJWSK
z;Rb>7Egm*xgl4p3kWA{!2%GAjZVLQ1BCnGB&d1~0Auk1_n2?U8PFz|_$Ihj#&MGUZ
zwQw26$-t+x|9`YDg3Ak&B_pbu(h#oJtcf);#W67zJE0-s@?bqRI3Bn#GBN>c0J$^t
zmM-e1IulBt9q;S~IJ~fKsPbaDg-Bs_5xAas<ItW)QcILm6iha?9mM=f;q<2BPRf5g
zo-dY*qx$V*!Asn_TpM;ZZ3>Ulff3&fjG)XID?;AXw||G3IR5ZqsEdUdaa|0^Im2vw
zZM6c<uDgPr`S;4bP~~<<d&7p*UZ@#Qp)6`sD6QHN6|Ga?dZxq;;=;vZq_{Dpf{2)p
z!(F~HPCXu|9ej^C2@Db#@0;VMFn%ihq<5S7;WRcpazL57<)W!W+4TvJXGdN_J89)0
za2!0QTz|w=EU`jkNYpD<zt>;KXPBt%GIlbF)A7QiZ|k}~JuY=oIRD9dVDy2au}NeE
zSy}}2JSqO<1(<14WlAtHw}PQxFs{McD9g#0>*M`;N1BrL=qAN#N=B}oWX3&c0S>Vj
z=hP1OByumsM26Hio#*|Dl0Xu_=XlLc5Z(ox`F|j$<9pDhVR+Lz0)eac%5Yf8>VQ@{
zjUo^><uR}_#x<UD%ookj#hYJ${P5=N<oNRR3Orl-*V+4b?Z6RK5t6B!xERD*B9lmh
zl9rE~8p*7ireSpQ;`G_@#euV&hk@ujC$IyXdSGHP9zZ+)DZDCEaaf)NtHR@p?T{^^
z9)GZcWA4`Zc>V@s5R*Bc)jD)G)fsMzv9A=rcv;n;8X*WuPoWRM=7h}ojuix5g{d=l
zZ$;7VP<9??n$Ds;YP7gA34UNJqYR8XVoQxA3=EGg%;8@g#~C=-x$epr*RFqsC(%^s
z=C?4Kf@qI#MYJM2CSx%48CodSm21{Z^M86WVpkxJv53^iz8@Y8Up#;Qd~dinG_Qpp
z<4H*H%AHPebvbnY9w(6yiR{cU+}m^h2?ckNIKRt4lr!;?)u9SIMPZPH>K$bt<-70S
z={LxhQZXm_-rMKDI>X;y${r8=K;HBUV@m3|KOA3Ne0YC;X+AStV*j|~;ZLKJ{eRa7
z{8uY<FV~hUa~iP15A4>mCcsiVf4g}9j#RVaCPS4;?32+wB<m|QdgQ)BRsZ~`yr)pf
zW{zu9a${iU<Hxht10P*@JW`1U4bxh|fcZLRJsubEsHq_BEpSebT4L>x)CC{+xGzqC
zXp9|R$^{MZptp5Y3HCcvFTQDs!he}Cn}!_tz?9h}%qZV7WvA|zPhXLD1|9?k;xHFY
zHR5+^JG8rik)ShGD$fhoV*IxqlI^KBRthZHaV(#1#3eh%R2)YZ7NE*QM^@vhKp>^%
zg6F36SQWcL^;dN*bjLRL{+Mk$#4j6EN#&D)V=4k9tXiTH?}zm|>BAebDu3j}QA*5m
z4s>KB7d}xHK_-5PC&gqv7WC4iG{~A>d5a}RVK85h>2SINE6U*?cV0{zBkX7tcwm<J
z^R!i3B21G89nJAgyJZ!fS*sNmx@<^hoLeifELyciKE#-ZI8CQSV0=LE112@|nTLfi
zoK!WgC8ipa6Ady|Atmce2!GDbFJsy~NTWcfXPTlsjcjyPP^D(bx@&axjSO8q8(oc>
z(&*}3hO~Y{3wz4ZCg-gi-_)w%mFz8=3$0n*Mc2gF`jV!?0GoCF#weTolo@8TK3t5o
z^;P%NLa<GKQ2qptyID6Yi@x!HFa&2^Y6s%vL&|8Jb)k;Q$!oH}oPTwh9iEdH%lMpi
zp&g{lE-aCa9je=anAK?-G#@)Wcs5jlK!h?rC<@@rqyWl$l)cyvJ_MVlz5!3IEW!F7
zSzeTOp)CKbZ~IMcLl3!Blgd!q1`Pb#G?>D+@=!|DS-77av<H*98^uT975{-Jjj&BJ
zyxNSZR5RvKiMS!ctA81B*do2HCkLicLnU$<n;(n0d+UV}g;Vpx<BQ-rp#xPseuoA8
zOAcGQ#0ZHRIM}yRYXc&{XaL<{mCX4p0-kP>Xrb(J7Bh*FL}_5KV;sGq-Y|RsB5~Lw
zN>=KGxIC!81}8lJa5nJa3w-CNPsa_}IX4$1JfmQT<Omllhkvw)q9#%~P;+2*dy90z
z9e(ieIq6rQ!lrr6lA6QeQS>9kR22qMg;enl9(-R@=#dT;+!7T$l2;J+2XE><*7(+K
zH~N<gHm)cA#$tvkHEJvYvvT0dN*+Br;B|-fJeDAdL^ynC7C#iLdfFIjAB*HpV9t#{
z*pgC3cBQ9l5q}7h(NthP6EDCHNfTYLAe?c8Sgn(|{-HX<X5Lr_TOl{({(N8NL~M)_
zQ(KHTNlYwGutAPHi9*c6NcC!p4X=^_<R4bW@D>QbH3r!t0n6z>wDn}m9(7(+Cb<*T
z_b3G;k#nxE$XZZMOfo0hn)s`{BP}Z<;H!UimtlN#%zyteuCcm!c(AN0*FDCMwL{d~
zfo{2BcvU(qc%VsVbZ@OwG46``r}Wr4fnCRBF7hWGxX&+tj$*&NGKRbBO?RrL>Z%)_
zPiBi5nUD31L~YxIfMHNAh)sB1?$D*tpejJP3A32H%4;JB&~y@YKUKz0uv#9kxR2}4
zRVMIL4S#_|g2B2{SGwRwE5cm~7G7ksBNmwZ=XcFzaAd86>LxOB1)Jmekxzisa>X02
zU-5>eE8bA9ct1UC#cPQ*`Bp35aEleMTegbJ)<Iibt1=<jG&7;1ecto+9R-W_Tq^5V
z!k6y!Gvpa>tFY5a81Xkub>Z)PRGPlS>G6MFy?=5x<n)_DOw}5<JI)_lDzhre{F+-B
z+UjwF*DfuvsmMf;aQ(~ZfzN;jjfl=aSg6@|A4un3eRsLmN-SC)V90~f_)q(LHxy<H
zVS(~jl=gtzF4H7yS`m9bAJ>(M4-9*Py02t^I{EA{fr`)2l)4BV2-tyuO#uOaQhCu&
ze18bDJ~Aw~a))GMdu(8L*jMhc*=R^jp8BJgT=bp9{R*UgMC*t3T0`i}mSAZ=lS}vo
zNLqf1UGN6=AOH2A&bg|i^wvgGU}1*Gy2b^b&z_vUZX1%eZz5?j9*U`Z3W}D5MCCQo
zN;wNJrYjp_u4=}ksTOGs5nercv?s5$^?ziE?7DYqEYOlqWCK9lLS?}L#)@!63Im33
zuN$<!BFymV6+E^Z-UYCD%)O-(FT-$#@5$1>#kxxIdbX^qQuhrNq6{wMB$_vK&R~a3
zI0nZwb9E2-NS&*Sgkf_YfpxH)Srqc2TYdvBU91Yd0I2GJv8tV%?5d6;2(Br7LVw4Y
zZCj4cjm?fan8l$#k2}C@`=WBi8QThpVYtt*G*}`I#fK#TRx){_*~RQsKT1ux4=M|*
zIxN~c_*3h2a4UYSM=XUy_4l&sQO;<9TQXUBue=_gJc<TBM!M){RiPZ$U(Q|lH~1ry
zt_R>Y3NoxpLo5VMmlCzg(NUZ~SAQ$CXw!9Lw6%O1d=@6G7th7?Q72zzvQ?!_-0}i-
z#7<~~7K=pl{L-3brJgp}F}RNhf^zjV&(H66$a?#7Y^HQs`t?Y~S0=jhx@;Je?Um>0
zT-LG21#hYr&qI^+tr8AH17O{-({<rUztb~PzuDH2nDxlTjzCoZergg6ZGTfPHz9`3
zPTEtYf2*iXEOYGKS_b8X^R!*|$}Gng-)Huz*IZ`&V@yLR*ci{p8O{wcGL$*Pb$FAf
z)9Q7C3V&%)DVIh!I{6ABr4>??HP;RmV_a62!6?TFCSWRjkqEA!M$%tbZf$cFdg?Mo
z9Y&(GF~QYZ6I{O|DsH7bbbko|gg|@0$ZewN_%24gIVu`In5SY??-kvRTjjkA*Og7<
zJ~D+k36-O?=jE=w;;7|jX9JDp^3R&M0RdR0;pAY7ae;uhD00)I&YjC0Og@b08nK}5
zVqmpU*^bWY=&YvDSv6;c4w_P&<Wsg!J_oxPJ0}RR)T&0?);alRNW4R@Hlu%6Jlv(g
z)%_~aHsb2QB(9Xxb+GqxjU!Fn-AWRBu8+Net(;ynCR4{?Jv|1ig=$<+2*;qZG!3Im
zbS+?0>tRjTNf<~dpkzp5XS|XFszRtSIBs~`>4pKOZKE9KAipy#8D(8REKF!aN}IMj
z>{5yX38R}Co_L0Bjku0*--dr%R0=r6&NStl3!@+DI?AhSNcu>qmr+Nog!d}67M0s@
zxkootgcWidoGS~o8pXu0a0z@#!ur@09H1k<zKr++O8`pMI?`se1IAMV6LXg*<5o+n
z4$&ceA=mDn_e?zN6McztClb@R3*LW>MZ{<(%cckzdIMoEF;=YFZM1);xEP9FH5Cas
z6v>@qHl>D=I}dh{9GTR)AzQUoh_V%OJlM%s<DmkgUYx5lCd-EAE7>*0uvf}?RW`V#
zrN)Z3y0(?ZDihpxV3E6~oK@}wT;H+LqrPKxJ(lx~i&|;C(jY6Vu5wk`C>XhCP)+hZ
z+2PDLCXx+;xR#Th*}8uk7IV&5k6Y5FGWq=uN*boxL*RB6Xa`5T`y`b+d4U_ORIO6b
zyF6*3>onazA>=lqbXuq~P9-ZYI#8XGD>0X9Ic)e_Cl3sAY@+XUffQoUaF<&e5^1;G
zG@Zcev^nvQbF>g6XovhxjMkE2<XwB1mf2=4F}R%w*Z06Urh<RC9!}+jScK7vzzfU~
zVt5U{WkSKfN8YeiCg7gk>~F_8ksH^nO!mrLs)(a8Hoz2z1pTDulIntWR1}|NB-xui
zE#2t?ha?Prs)!{cvTRo19sX=MGn)ufQ_6OX(7703e@<7HG2cj7QcF)YaJ?{69x>Vu
zT+Vk;zGk~tA?be@y{w_%Mq%pmGLjs8YDkQ@*2LOn=2|EMOb3LekEWu)>j$FXjYx<V
z*Wtr8>+WA<d`!oJi;EJ+!Aj!NXex8BeHo{wPc%tVO@5=!!NeZ^(+xzJ#-&*pkkxp#
zbiu%k(W+4Nj{6ojMLRn<t%K7#IPDw3X)hZhN7^7!TS0#%(i(}ebiHVXU|YhVeN|UV
zbPtZVON4E5AX-JFjRt!|BGQfxiP12Pa_4ORHh@b87cw$Gho3-{eRgu-!|A)%XYYQw
zIzRn%cKW;Xy)*MB;nfnO(%!Tgv#e%t+AIxd?zjyBW$T8gbvj*tQcaG_%nRIL;=y|0
zW$OXu*2jMsyT8R6(70>IeU)5A3ddEcoX9jgu39#_xtir!J$ODftkAh|mZ(}{IM^8m
z@vo^!#WYW^DJ+SgXZc)%u^ZE07|@w;g{!P5CY@~bJwcI)iGVeWUrQo)a+4K10}(|!
zg~8u#K37M*)r5Kj<qSzlG!~=#W0N(Z5$2qhp|pS4b5r))<lI&HEJ#8%OEmJfUbWBE
zx51Z<jPu$miGf0ql^1fxjSx%Az%>Q4XeU3Xbr1E9*0nfB24GcG!i_Oi>>Dyh)hP69
zulU?_Rl*(Z6xWtC5TBQ1-g`I+<qCrn30~UYa~5>+KbVGhJCapa$rucJQa(F&ex-SO
zXwQG%R)`e2xqMcH&_&W(l+m#n{KQWoFsGyU<qG_FTV4NsSKH6_wCt2C$4|nIkS!#A
zRrr*Qq2Gf*(AuT&&RqJdDJwvwpxu6D$zw_?>`GU0h3>^FfDyzFx0!1~V=U{WvTZW?
zJeYcH{WVu+s#1o>pgW0}D_8r%TZEDKZ-RdT8!K@m=j`K7!Rp4~KJ=G-HkRyC#k|nF
zqfF(RJX9w3Em*UPSLw<mpOw5bz^_rR@Ew=jS^D7$*PJW%d|%1P<msEAuTI~7c=P^$
zoyyApedii`8eh3Vkh<Uk2jEJHS3f@A+uM7#x7T+T;6%^;)fFC|dNuq}zN*OitEqn&
zCs#|CzAJvU|D4~Bz2FLAX8cSNr6L<$w6+RV11IB7`2GOR7fh?)E*=>ns%#uLP_G*n
zcplngX@}$vSemZC`pFSZ1nk{N(?f=KEXV7RuCpc%UT=>M{VS5YsA)@VngMm?D)o)9
zg-V{7<f#Vlwnt~n3iWA9kSo+lp(%g!p9-0!uy@`3+7WKr!-(B4z8IHPf#IxR^0-K9
zon>kUC$d1EmvHn?#6o&FK^P2>I9U}1+YVWtivevqwcDRt97C+Sya-|Sw9D0%#g$48
zA`Xlfq=NQt+`-BUoJ+rDkBAzD&B`46ctuBwNyT9e2Nx)QTo|!BXVD<jG<JV2RUN)I
z1jlgVr&Exsv>xkC2A_{qm)mhW)nAjR#6)Cq;I5nIHz3>eT(VW2z_W9EO|*yeaKm^K
zOSb0I*4Xw+4P8?Pwx&?ngWb<&NV~(rzD|DUa=GNdZJmg)^&1}!sb>3`{#Lu5W{t;B
zXdX}bD5>+-jc;m&nf+bY#maxh9dck)S@?nfTM~p&pUq+s{0bd?%Uxr>Z$>QC`#Nx;
zV5+k4g}PWpG5BvImZ2`dkcP8?ma3Bi)tvJjbwvojnJi0_ZJN?JGBT#bm#jm6(93Eb
z^z#&O(UEer5o!5ZlM$PE(Y}Kyrt`yAxG3&Uf6n5G1Q{J!)Q<#il=FXXYewHvi?%_d
zqpXbKD61-sgjO-yuGTmzg3oWml0{v5seD&(-Hb_9Gdi>@UHCQ9YnSTQ6RFb>s4dyC
zKxZ~~7O?iZ37%jsA03SP>H)H_PP5d#9H)%W)MtTVG2sSQ8t0Ui63Lt9L&DjYa)lyl
zNjesILuw=A1-j>KjGKQdyt1P*ADzn7u!HO~tcs49WO3YQJvyWQXGLvFLdTl!A#$0P
zW^PrMkPEVT0Vk!oVI(PF26vLyH3hBd;L3a8O3E)&4+$P}J80Mn5N(u~n3P4|;3jRP
zQc;m$KU+;jW@0PWx+LO978fiftn7MVCb!iJ@g3+?%$IYb+~$AGoy>LN6jk2QKvkP!
zsw<@+52{jwe7QlBf@Jnl6Ylpgj>i1Md8W>aJ?dntOpIR)GBycTtWLVrfHIvVrI;c(
zqzM;lEGHH1EP<?>g2mAT-p7Dj5-PXX@>q{l61kLXe6faWe7>1$9PO2JjqMo8ufY`=
zsEN167Qd2LeB^&(hLsJ;dS3AWc|~Q3EMBoyk};0CN~DC5EQ=vxXb4|YUH@*xDlVgl
z96s8LQF`-)VLX|O1+2dF@Q!Qxv8j7pwySDUTlgZ2G!oQVa3YWRs(3&l4uxQxlre=1
zO8Oidrd?t~t&r`{-e-%IM?p=eh1E`R{o4IImG3%d!Nh-BJ8y(oZol9nMXGViLi-5<
zC#7X?$8c=y&Krb|9|qU72&uL}d(zUx35co4h>|GpCmwr7%9iS_$wGf_M>c-TF0*zp
z9u`q@EyZ;6VVXS1!XbF8cpnpzTq3GSc++B2-hGyoN7X}+3)SHUn@DB(s8nQ`l_+_(
zk<`#-6moxc5bVkg+8tn~S>=HT9OxfVYFI!25{nx~-|(PhhhKL1WrtsO_+^d9<4NF`
z4<;{P<jBiXvhw)@$jZ@PM^<+2of}m_voT`)RDVF#_Omsf;>}9fgjX6(XomRP!k^Bv
zp4ks#Pwlant+U@RWi;q~OI>Iibh>XsrzI=3GY)^#VCqJzLuVPr9#?|Jc&7W=dD(yY
zlK$`6%ZAiat{HBsWZMwo)e|>;@=9AzN-$q-v}_mz+I1D9H(Ck@@Q=uwP&>*ba*?|^
z#F7KV|BZz`XtLV_+I;w^IebONlvC;Q+i$TpLCkomw^(9F2uu+$S~?XIkGfpbcTB@O
zd=h`*E{H`-d5P^hU{^?;=33o3BcrlsnXXAp8K$_mNEeRl`{5n7<)z9WIL3dVa-qj+
zUZ)CtQl$W5lw3Lht~HQ8-_N(ep~0sL4Y3mj{>rhhkDYXhAF-6R0#SEt>Vw%-q5~DF
zE@@Pwo?D&3o2ulsxt1q)qx5|$GEFrVT3&yoa|4drv8FlJ6eXmpydM4;6-w)2V=IM9
zpI0^B_d%rwG+I`H)zpngogbA6>^^+7Nt9@1Li{Q95Wyn8%J%|cSGLrhzSrg8&rdJU
z&a;e$1$AyDI?H*^9XSl8KJ2TP{J*Wd#iuYf7wpdKp;4m&4%Zjbpqq=W(KM-q<E(#7
z#F8trkPJH0S)@g_tB>}uW(H3|gm1$sijeksWjjyM*5Mxi?-^F-qmAa$#b&|o=N(zX
zPwrex3Aau`SDI&1;>zh}Da3T--13J@xX!gn=XOYS3!P<UHG>_tu6A14Y31W<<zV<M
z6L+VF_0z*z#Ifs5{Nfs4>fRgSV55JgMhP_gfFh?wrwobUwa+lz>w}-tm%d8rLmVi4
zoDa0<V*2z<`WVIGy{d%B@Y?5~uZO$yeE(CQqZumQVZ<Fq++oBWM*L;t@sk7|oKKX0
ztkZZ<npA+D&Z1jKux|gs9HzN-Heb&FP3uH6#^O``Imt5T`-9vC9u+VdJn?_-oE&$Y
z<dfhe%f|k-n0R<9>mUF1pBX86ze2PPmONNnq0@--W1<RyB@FjBW5(2sitLJTevR~=
zoOad|SJU{T(cLqU1f%$je}Z1DRR8os9uPxa@?>n56Od@)WG*H*$g|0zTw8|I4OR}-
zs+Vn;7>Cr*r5bV7t8|=3!cBh*jo3TLu~v|ytfyI~IP_>v4~CQKXyTZX6R@*Y5zVof
zxG6^sNi7s?yOlaNg{)~gy|}(+W)c5jFq#p^R`6!`bBi=DZaudH7CT_^F^Xe0#i~}y
zE54{|xWBdt=A+Ju%B1v^AjRs0sG64FmcfZwIUSL~f-iVPMYrT0K%akh<^ufkR%^k=
zi_4F%Pv2c`>d_5GrL30ai{~4`M|$^h3)EFMZW3UW<Fy5WXqK{Thlosq!73v85SF1G
zqB^FXb{VfxC}h$Ofk<A+EK`VQv2e<nAuU{_BjK;sU_;%U`=U8_BqKkaKHj5``K6fx
zDxE5>=g*6!bN>wVycU14$a;fnCAk6m&hk=|WiS>Gi-BPkEd$|bCEp}VV1C>0+Aseu
zoRS-ARDKn1*9=AM@Ujjs>+rG;FMF~`lWFnI)K)VD+(Ap5p(S&4e+olixPc8Tz1@_}
zG&7m4VwUy?d&7)b+E?{+V0n#T0#9`nBw_@9K0A5uP@j|+Kkk2JJ`oG=%J=A#6uOP3
zSFn*7i|A@Wm1>(Y$7+T-&C+1P#R(fCzB+<VEm!G!QZ9CBxP86nVt(nv`TI|&ud{I)
zN3c-LnR_v?lXwzFB5UY^ySRl&Y#6E-NZ4XzH6|6Ok>t0QVU)m1g|(liUcB_(mBP9}
zr{Ik+O$d|aMkjxCd=WeHpw#%D&WGc7)Xdn1sotKxKKuBV)<c<{!7L(%-J;N^LMB{u
zjLEEB(pL3dpuKUDjvKPQY!GvGHxF|SXJgrMHlwd%Bd@bBbxv!hA6|PCXT@1I%feuZ
zx=2g}7J}3Itu@}o9xkRsvRO?lkYGn#eGze0+P+x&!d8EuV`^(0qT19d?Ol~1?+3DU
z!6#bHOR21^E82c5goc2Y%<YrWfF)|0P7>52vqF~B6VI-nsYVFLr@x$CT>bL?jXbik
z!|)%ief)XQVpzVwv?1C;-N0HT(}Nx7GS{CNChij5f*1@re8<8I5O$bQUr-hqJ^?Q*
zmXn}%tmuCSpq{c<+OyV)9T`hjWVYFfIt``>5aHv<Aw(civD@Gg?9zL1-x)X~->^m3
z6Gq5>s7kRmA!M0HQYVhAGEtr6imvuHFl9SUg34+l(a}1IZb-K5m<_6Nd&8p4<+=-l
zv1biNWd*}36Z|P{E!l?0u=ic=qTR;jnQBO1r|5s)#9_hoQ`uYrUzkdBvHeOy`xdp`
zP6MN)nEFar?V`cTh}jHJhw$>_<-O5%43eq~sbdsI3(}lp^{U*7Vh`2%$&JN}gMkPp
z;S|OPW5zf~t^=3UzbCHrAM!>Y_x*JG%iN#-;{S2>^SkB0jGoV@zkXW%%Rj%8SD=Bz
zt>J&djc(|8&{epECuxb{l2qlE=E|(BXJzN?^09^9-!-ZZS(&8EL9tOiI(%0xm11;J
z#dMTGkdd7V5V-ou#tLc42ItAnn&4J;L93)zA_xp?^S?Mt>hz|e;3L`+&vb_SgW*d)
zwmC_u$;8yV_L6u9duUI>h&~E_1Ge*>e8Yb;MePOSa(N58skSl#dZTYy0llX;Ts<8k
z(Af-v;?7OWT0W5oXj^w($*ki49$~|9j5tzSLVR9^v6wccnRl~6HFidtA?XfM`#Sk`
zkXk**qZzG~b9+o1cgk-yb@StFFKK_^{w-zK^!S?$->9oX_wCG7f!UEP$kPLLo&ta0
zxv%_U<XK*;A^R)X*(2u!#>Kf1K408tmzg?lo2=)LTd|(#X>W{q8ZNkUzWbJ{^h@-l
zZQSRmg!^2IfC?uU8MzmGdjkuRi(o$~?yf}QUd=&w8*=WVLp;Aue6>bApS<?glb_o}
zbIKEPg#}y%L8fBn1z^Bwl*W`VF^_-S<%elIG}D!k#9ic3<+Mo5L=?eAiMOCWQXPa@
zJ0*Gq2vZt?QU+7$DFyHfT33OXI?}QuEgw;k9clRmLfe+KM6r;qVkvC~FIyqGFXk!v
zP={R3b3o-ey)LNahF<?gBsYiB`fp2CB2(GHlwYJ&KUSqx&4Vc`6V;Q2DQkZs(UA#8
z8pS=g!z0@wF_{1-Lu_ubh=wfT9~Jr-XYAvHjXwJ)8}LW^!flRMJ%us&Mv!9>Vf^&V
zr+=HC{B-I5K287E-_D1V#Yg$h5!J)WgNrm1+9C7Dp%?3bEmkJtvZ7+u^NLlA<6d4-
zMnNjT73(LOd=N+ziKI-}6<L2QmdWaI_iMEglV%WQ#MDm2$^ygs_`uQy<27EXP9gAM
z*5$b9j!Crd&z%6VG&(`=&72iTo~p7@G}fIMyTmx1%(-C85!W}q^WeGohE(1K2Wui^
zvy^aF98erbH31qDz<oMUq-AQ<&fBIUbxvRt3|WZP7J<lxn}8C?Y=M7F5y>=!R;!+l
z1b;7Y>6~63D@ER(MXrUGbcAF_NH#-$9U)oI@n|C<xqip0KAPXNs?SqNxsIOf=*fD~
zlOOUpOdg(WCIr)wk`E&#w~LS(4!U&B`vv`I8zH%0LP&y`d?J=g$_V<1pYB<dnHz@~
z?4LHI%4~;6ex3MgjYoezZPl$O*0za_e0_TI=Iq_pl`g&584EwW<80X+z5@BBJTIw7
zEr&`H80EP^(x>jjt``uRB6Y%<!)<&nST%*u;CmKc32TR0_)>k0zt7?C>zK-#Dc@rh
zwv>jW6spt;E~&~)H!F})2UK=I<s%BR11i5jXy2xEWh+GWRRn*fTE5FFQodGRV$U-0
z+i{akG3=G{kuR&#ndb44m5J)f@{u)>XoL933MF<QA1S@`5-f5HQ(iL!vNAFMX$a)`
zFQ5Jx|Kg|ra`Ds0fBD<HJu16#r^;=#L%83Hb*v@cSeaDoi8od)j(hP&6_04s1l+(k
z>Tpag(8k(GNTYv^QdF?Lk=65XHQ*}O7R!jW^r&l{ZkO%Kl8jV_5u80(QG$uk)fgj!
z_rBq=;*L4oiaE6B{|4xAt1^scJQJbAcVSLbxVj803`XL)%p#W8wnOOh?y`$<L$sn}
z3_HfK8S?8G!+MTK8yUmRTf&YZ>=?qDF@&!R%t#R;Y#4ti((!{|P-$^pDADk-m3Q4Y
zRibUk;DLz@M&b{Fjq|AROK`oraD7ZR2`gC0Ta^P4^u^gP?~X4&o}XTwpZ@d5v-8u}
z&6rR%g9Za}?P3#zh6t~o$Y4uUx1QWq9vTz@$bKS$Jc-jy%iBr??m`&7r7)hC8%o6M
zveDF+#yo$R_zf|5cliA<)=?Bj5+sDjyA?r#6bpU`KdVbx$-JGy4={oliDf$V*twC|
zUu+|Szn=Z_E3IEkd{R8*D?@5<zlH=s8pQr_#Dn6MtW|wHUwy`1#LPL3^rfJ_Wto;>
zei0l8QjS%eh=sFA<3xt8rmQ*SW*o?51Sw95RcL<-AJTz;9r#xz_}2<aJ*0eMN~tTg
zAa?v8@_*TUMR6Hym$b-VMsL-_09Og<?eA4Js9OPgM|Gj|s*_WW&O53lYF8KWNYt)g
zR9$t#S%Z5~ZucR~*EmfI&T}Ty-!9(2L$jP!CZf684iP^B^i>7#Rh>Xfy71aNEl^^l
zXJvnwxUlVdeBi0_`5n;A`}R;L+;=dh$cwzJr?<&FN9y#PdyVTen_UdZa3kq0q8d+O
z06JxT_+m5(qex7WQgt<hGgvt_2{X@+6cMBx;Zs?=qV?5mw3@a<#8Mp@^CBsWsTQzN
z#t;FrHL+}`=RFf3S+E%sA*L}7fhNs#VpM-ENlmE|S8J~CtqfM1%5On_2MY2dn{s%c
zH9?N=ZD|hUtM0nL<9sq_qIqN7lussNnaHq@oZF@nxxofKYKR(jAYcaqHbZ_L2w1Q2
zI3;h8$P~2})o4tbn$oU0oOjT{dEZQyrnga=-5*d#+@@-B2kLDP>Y?L$uR2JlcAbAa
z+a5~qxk>5etGZ%OQWwu>p@&XS$F-3#*qbz^op{ZdysnVnS2`n4SXJxEPvsdrE{VVh
z-ZY$~Sa651cp3m=6bhrG>-h2UP>(}R*s|W6ifN%hUl4n7f~Rn0n$9lD=iY|i6j2h`
zXNv%dKlqk`7p$$jHx=0IAa+7}5Q=|>>$8SpGRMeQ;fdi_z$3vnDO%wYbi{E+%tm8B
z#Ox69OtnO4NRXo0pq?zvN7=^wkXck-JP%V)v?LO4;$R*kmR4cBQkvQn0Hh=EIs)%c
zBk;(&qDAZAyKUgR7F8fTFiHx@#g3ada}ftv=tV-O-?ExaW(7Vz<6p9{_TYamu3p$@
zzI(lcKHF`UoRT${v`5j)&=KmPMc;)rfMLsdBc@#|;w{u@e^`|sHLlcNb)w3b+JkAK
zWKyHmtS<6-Na4J8$Y&GKCoA&c_dS66$>9}7T&>Sjw#*T4hp->3p4(&NsFexyEWqP-
z3Aq4y&x2IBEV6K9?7;h~s+511#C%Yz9fCWi!-7RmOVVY<XqeN>goX~>19+XMATK#{
z*MN~T@=s^jRKhCl3<AV#LRqtJS<?zG^%AZyO<}F#MCS5@u!@0a<BY}Jz4gMV9YWXe
znVYaK8Um9nABwUsPxi`rABmYyM|MffsJ2!Rk%=YP0^rA~bXl~pub6*_L5O?Z+gNQU
z9=Dilh30ftv<RMw_<>Z$tGuP{(}#GA<?1b#RaR4=a$`SX8cUS6)s|R;guDYZh9eLH
zgS9xpXtyV4Rzm`(wT1+L#~D>N+|uG(u~934FZbBAT=G&ugy8RF?bv>C3buInz@DqP
zu?NkHJaLN}W0+1}mUn;fdE__juX*H6=Cto{gKX3-J(sg|Pwy`G$W5V7J8ZDS2Ad(j
z4jZiJc(k#8;QCV?UG2cGc3{o$#DeeiQyBWf4V?E&W`Ug7ik`s7XolR|1|{+)#sm_7
z*a}E|;NZ84K)g8p=fU2P7{pU9?Iml(CmzT}ru}J|mLdO%8=!yxKNbcPFcvfH3M!K(
zUL3=sXs1V-F`;TkD&mP%F@Q~d5K{&Ch6u4{yke);^@Pnd)tGPLcNa!CGi)xbYYiGh
z7e=u0!3P<yWcfi)HWK7v8qhH1lCyNaaYA9=KnC1Kx|Cp;P<)fl$%88&rpX|j4d{D_
zw^)YZtfa!AVkLhmtb@NOvTGx1G}8QOG^3q`JDGcd=t>Y)MmA!LU^(N>Cc~pFiw)z4
zgotV?30`fi3<2_RV<7^=QgEi$);WC{Yh)k(n7CLwOu+DiCcwR@a-n5%h<ioNQ{9gF
zUUXqWgDVhkhfi*cPr?Mo+8oZu^EaF*fl()l%^)X*3_5>0;xqir_;A}?cE(z?0)!i7
ze4t%g&IFW-sGz3eVA4Hmj;~sfQo~);Z1-9OA|hdZ{CM`-780zAXpaa9qfT3&CG-!%
z!`d>`QPf_+kbSahdkp3O1||Pb{jX)U5Z{G`l|p<LlQfa3H!A-z4`WfF%2J~zlPVqV
zxJiO7(3*c@?JH$0D;xGrj3t_%`|!$)RLG2(D%gQKLkV7((2rZUsWNe%%tOpvyM-A-
z8E>3cyjeph3=fzfU*NgAL2@R0G<rKn8J1)(3@VY{4xxe{M%ateKk0<XUT<L5!3hml
z$c|rett=VN|M>3o?T0t-|JSL`3|vQH9AAO|oVtJhl^0;&_E-CR@V{q!dwpjSg7p2>
zRfO#4OZg(LEf|8Eig9uU--+K7zZyR0xAVB@<APAt={Zd4hdX`F?`N04zW;bhifkp*
zWOX;gnq<4vO3D;gCRwA@mg36D3;%;NK0WkzM%XmQ1Z!l8IO;>n?F#IEh-5w5Wi;Ml
z9EN|r7iC_TQMeQl_?F`ptx5QO8(PwvkT`rUrhq%{t{c><zHt^p`<Zfev@h+;V?5qM
zHQ~i)X4|n<cD~}`r&U`OizbZ<?Tn=v;nniP>ATlw?|!*DKmBxe`ny5)&%8-^wM>0j
zK_3^0tj<a1os4okxH4%Ps{n4fu2OMht|5Pq#2ecYd(mTb&f1pB3kR&Rs@7zuv<K42
zmQ_DJy|_4g|L*GaZy&NcEKCX)j<8DcHY6@xYj9Le201tG&pDO*F@0w$!10cg$ffi8
zF>S-q-IrO3EVfK|=`sESod{D0{D<mDGA#)9EYm%i$}%i{>o7Q$l*}6OWQLNfTe5$7
zJbaLSL|)ZAbGFtNu!wSnG>2t{G|SYzAqw4WU^R17nj!5DTKzitJq2jh=}`br@<Oop
zv8@i*x1l0u0h!*NW(<vb{!=VSv2rdZB5)%wtkDpiNh{BGT^5xY3$81J&LX%k?lO#z
zR80*m8^oXC*J&$+OF+)xH)MdCkNAH%Con8tq6*5;i@%Gp^D`nIJrCP4I!onL??|xk
z#a3Y7=@yyvBlF;m^r!Nv`Y_N3{xQB>l5LOCMFR`4|Ezs<;3%t5IMSX~$&6aFSCA8P
zSI)|2%)6SAfL$NquaRE6RJWc0mPPwbcttSDxI7V~It9CdQ(W0?rq0^=>0N)SQ5ex|
z|B?kiFv{Oot%UK%rhzN{LH@ExEPZzc|6WGnb)>#!9);;Of5js86K_E4kNH5zE_Q6+
zqqBV$8I;vEx|@fN>w~vQC0I(T*hOL@JUTF&4{69+huaW>Dkzb&7-fOVzCN){e#TS;
zcA82yGB@LNIcwDv6r`QtpQV3?#C|9XMNkJZJw4VAKfLw=m4XZ?nYJd0)(UoNw4>%_
zHc_qOlE`>$$~5u{PgQDblsv2w2PCsSccTFLWq0iPUa~^&kJ_qhzsN8=E*K==8xu1K
z5?6K%lLc}aw%1$Ey?8-s_OKOFKG<>oDG2X^LBTaa&6`ExB8%picaneBrxy^$fib|{
z@B*}d3uv_-hQ3nfZ@;R6-;kQ$3_eI0FvmU^)pQ;;FIl1dN<j~rG1-BhEWd6_jp8(g
z{hCox%PNe5#mibEQ%V7*lf=xBm04_=EvG#W9gZ_a$=yOVM9H796YKH=oM0d9?d>Vb
z+ZrZto2TAv2FjletK@%ss-$@;8=f@?X0h?}Iu<ieV)At&x(Z;$kk{ave-dtDHGg=n
zSWPOxrd}?=H;2zR^P8hJ{AOMYVwm1B?f?1E9%9XSn)`8i=E}zX0^O~LQ(Oicqb5xW
z9D~K%%DgYC=td_I%@hhxX4{tXb~FQ-V!bJD$MC#2Bw+@N2n2uiC}P+?LD;1~W%b&a
zBNDH^ilKN4k~$Xy+Cx!t3Hxf7ZKm+eTUpn>Y|&e{Z(1`wIeg7$wJ<=G6@C+naFW|)
z-bZ+G2H<!zBXY&2m*^mRyvL>OD;qNj!ntGEcMW)_#ize1NDE6dwkpx}0KmDIJK|V?
z_D`iJ!~W&k=w5$*;ln+jABP#Sm2pvD8RL5jBXWXeSkmPo$Tr66RGT=^UJyF7G@^>J
zOt-01b+*q5ml-`0>>eec@`*QdF|p8N8^3FDW;@OumoP+IhYb)?U0%Q<N)@ixl<0jE
z2uRCvN@?$^pp!k*@^~K+jpx>SrD1H<XfQXu5GeeZxmSO(=Y7FC=P;i_i}s<@!|Iqq
zA(=AFn|NFpGygMWVgYZFt9o&@l@+dqGCct%<=IGS9jOrddGUivO5w=c%2JZ0ELXkz
z0g^fmc88jFsA-3q{+XyL*$O^XRdV#IBmrZb!a51D%1|;OT*+KccK?W*QZK9_HB{wd
zkdMpBWubpGI%j@FhUl!ztw0_BrzBb@KcZuH{I?mnlUEq;nlU{2u8QQTMXfBHCoh#j
zJ^ssx?8&z=zSoe|tL7D6!HZ~!9BGS6{lJw-Yb3@-lHKPaR?0nwjq5ROO=~32<25K%
z54Y&p+!I!=Wf&!{Pkc*5&N^g3p7XPCV~=5o8i{`$DZ%wm!_V?`sPcWH%0H=|&ShmR
zvRn~`$@q*4?5_9soP`&piD-ydUo)6|9Hzn4jaCg2Ud>?gR%mQJL0={MnDGxIZs@5>
ztfhm(wKQd`Bs*&3dow|0Fw~@Q;IeGA=n#NBKi${a0vR+ks?z51Z>Ak!hv4fkgy)3C
z(&m4{-=4lc`}mf~@a$LM(@-y`5Ubrf6KnwGEZo3brapfIR<q@fbNCqhdjo#j>^FeO
zCSEN3EufcLs9U4q@;Q}zld#e@1UUw{!!*h1Dnb(abfd}^agWc^yMUgKULHPwX@5``
zjYBYiRQV9mva)+S)09d;vXyEIYS=O5>zIG?jw0_U@;^hKSX4Fx#}}}5q8^04yTodx
zv|Pm=b|W-umbmzLPZG|qTFw}J<^>HA&0NQN>LEGzlwG6awq(Are@8ni9Uo+sj?2(M
zMqH5~lpH}hc1J1l2Xl7yu<w<k<Ofxa`@JZ688QB-h)9K^*{&R51{hnwxT^fBj1qs^
zD-h{o>0ItPy~I2ogKs@9300X;6^AU13|kyo<nnMWe0*{G=I5(zYQetTE9HxymsW_~
z$QSSLZO0dTv0m-lF@j%66w|8l?*00Ga_ykt$|P*Fu=kaam3Agi5Np0~mzLpOFg`I-
zCY7A@sZ5l=yD&vl*ueN@ej^xSkn4Zwr4G7)^T)_#?DQ`8zTewBB#&^XprEicUSsES
zs$(j9Y_vtDUt<7DnPb%he(e#R&OVgdhYYdK4)AR(4Ew6Cg<-4n@rd}%NNY2kN`1bN
z%r=Ttf|}}H3W2!G`G%vSb2zem!6df*LFck1zVtnIcxb08D4a>-(YqX?6{dgPcxQ#b
z%nFaTGsCY+^tQ9P+xle1!xdUq_nup#Q#6>b(`giy`DqH6-2}>CB|p|C>ns;rjj;yr
zWqIKpu3?;j@Ay6WhJC9#@P--nkOIZ_3SC~57@uMIJz2)BpJC+8T+ff!9R(^LR%nL$
zJ*jg6U)pQhR<?_T&JX?Lzy5#IIal#mW|I$X1v!#*uUdb*Ljv6)f$osNpCiAY)cXDj
z4{X*6ygbc0AQp>q$O$u@_s<UfQuubqNSI}B$uk2@@nD|b`3+f;X4f54WtyctyxJY#
zcw`S?o8ud0`HlOIW$0AL+G82^xs8&O8QUJq*x!39$1-Y<Vl$Yx{&|1+X_^mXzdk?y
z`Emd&2C~>E#j3n64AdZYVaFX#CTSEq;#R=A^kPp3=#$VvpW44j!U(<OX#@}33@xk~
zmOV>@3AdMMi1=y-X17g!>&eSnb-v{xp^|dni1wf}<b_k&s2nRK!s3T4Ee!$=%{U70
z5O%bNNOIgpeQ(%x!k2%$K9;karu2g%FTQcYnKN}07d{@xs+5OOvl~7ft?mc1)kC=1
zqD6rl>!G|LUdkW>(dOPl490Fu4NAI7-`^O<*7)_z<L;v>pjcG2zO%quAOlsxodzA%
z(?F(`k(d_E187#xK)9KL#vz|7a5+8{i5YyuoETjAM}lqK7At>UJiaLaUONG6t_~#A
z-*;lHOjqGx$Hz0o@guRWkAY!d$i|s9e_MgDj%3kkWi~<oVVY8J<tT}Db<1RB&nqm4
zEM*Sc>}xM@dh;Y%#)rGR{PHtbTyv4AXRx_?R8FrZ=(S1%a;n0e+5%LDO?CdYg^A3&
zv4ACENQP5Zf&G8ryQ@36aGva*tnlmOcF6Yt(^3Sb8yLEp->`&7TqBRmHAP_p4)4_I
zxwj!!-gGB7*AYhQ25<|$+?n|9VhNA<4dZQ37`J|2SsHmM0%wzXDWu)kxv+|Ncx>}t
zo$Rn=UsSZ+MU!KS(Ds#Mxd32AKX#>*@siQf$EC0<6Xkyeq5Zgri43^ODiyE#%gBnI
z(q7{^CdU`oa1j=jk*UYu!e|P<C$7E<&R)*LK)wC_@L>4j`Sa&{!<R41YIWaIHUw21
z2UwO+2Y1H{mf&8?BRr2=ueq|3Ia@4XzN;1(w6)7^1MGs62%%+~ykfH;^SyM$5~Sd)
zMB?;he`kMVkHI8XOH`f+G~>t9p$*lA8uT2t>@*Gb=~QD$C0wG+U@?ZBR_ITw;?1g4
z%=?s)fXLl+Ii;hbrcRO)f(f}1t6iGwux<6C9i%JS>Z)_?<|0QoXoqOuhEuE#j0Th8
zk6W`*0xa<Xh?)&5OzE6W9qsLv*;HvlL09iMBBp-^hVI=Cxzdz(13r~#O#Q8Aw&PyA
z-s3iisPFuy(5Jo9D4j~M%Jj^~k5hL-)Mu|<x^^yOaO91aiLT(l%Sc_U+#k%T!cV7t
zpeo_+yF^}ajF5%jlP+(;R@zOTXh`A|>x)n@7_O2|@>tB>TQ7`SvhM3b-;*!dK9neZ
zBo=?+Eh|0m$0wMgAJ9NiuY!da(6BTl>RxMh_c+t-yU0smb`%n4^lhej2T#t7yIT_l
zlQNurA&i$kTCzgSLf;SX@YmqxJLblj#dMu%1A7DsW8Iw{!gHlTP_7Nz1iWi3XFj~M
zOH&jt(MO0&zNE*>NYh&8ssx^za7pptZg_uowke#|6F_x0wUvKR6Zzw9lEi<X^#1BD
z!}!S541Q(j-;Jcu7VY8dqz5%FLir&pFuAKUe$9|-hd0#=ZyFKa^qS0ghJ<8iN+?x}
zCBC?{Hl}^;6`%)pU<MipuEktTZW>bXv}Sx0Skn}ohpz187fG*m+FMTo<ut(RS0;bm
z^pF4eKXIAASTa<w^|>)i3F@AlC7?+k+*I$Hs*ve@sDV7mvuyGkmmv)AN+yOS0mWCq
z$KY9rhQbu^-!3j};0bFE6Yf+(IeoA1pV3VX@o($TFj*D-jAGiFX>v<xCK+>Z7Vb*T
ze6<M*a{7Z6AmQVS6hslAPpdvao*sW6P}`Nzl02@4Q4Kd(nbu?{f8(ZPwp+<D8BQ~C
zXr`LkMGz%K0xLp^KH}MkcG5~RHeleK;j9>~+Jp|YLTvjxg_J%8_ApqV@HsWETUQ#}
zYlVmocFGP^U_L#TCfLJJ635N_5JR4ENXsud4MdTq*k};l29Re+B{l!?|NMV{Szw~0
zjJ8mK{TEefz;=`o3_UKfvehU}9Wvkf__r$fI~I7hEVeE7qb3n56R1j#DPtX%<-bea
zYen(hdOYj$TO^oen4kg2>v0ohm5K6;C@!wENbFWSr1Z|c^{&x%QgzWvC_se5sdPs`
zSqvv$U@cd75vD;xCs4>cr<8w(L<u${Tkdp92^0Q%xVOg+%0;q?*#h;J5Jv`XwPT3#
zKv5y#s}@vsNJ#Qlj|;L@ZZg;NLYaRdN^qfeNa+HM;be}^zb&X6v0{yq^NdU+t|$ZF
zyOEd>R%pg7VvOyvVlnXWOg3yfy<4%PQcUKSTg`L+ueJZS-}>V&v0s0%N)Xs@aXA8`
zhG51f!mt|Vp&jFSJOwjNM``_4Ujv-dgVJG9Z-$=M6e|qMu*!~J1Y@+(g`qANErnI6
z^eg<)lO6|!UB={TOv3Pn;O49<`{L0d=gKXR3SK^AaoC31_R{ch3+34{Wck~L0|O;x
z?8el|@qOU0Fsw~CqPc%*oagfbV|#_;sXrkHq9uaA1PAWg04uVs<qG!dsP*W~aHx@i
zN9r}>@@v_WdIaM!h;cu<9!e`t6q*+vdP3v&*qu$3liKTrDVXTea}i(`T(DKTM4laq
z1(7D+%$;nrCf6bcUu&Yt5<Kx@D0vl2=b((9Fi{%B98cG&9Ql6{8Oc#$^xfZnzm&#|
z$fnD}ypUS}(;?_PmJ_f;b4Qj7A|T0nR^{=7HlcUIH3-MBjt!PBs7jRL5jD`BL&R7D
z`Ag_fD%RyuKM8(L5L!vY?AV8$I|QlSVhtKcb-AB;eiHHCM`n~{0azR(^Rpcb^;j&_
zzVi{oA;)&;<F9}2VtM4K>Y8ue0LBCtU<pSZNLNKgQFff~od>~HPLC$b&Q_4sWwyf0
zr5rR(EzEuVV(jsuJS9v>a>^>7eCqJ3Kc&a7k$`N5WNVLDwWFEu<=@_^>QQF_IF1x6
zi`*bqr?-~Nh%jwloMe4n<BBT}dmJiW{)z)^eOj5WCgFcnG(#I}Mp|{1q`r2`+Fn(z
zCp2SKmC_?&4UZWd%Z-tZPO&Hc|FidYyNx7CqUL=)MI6lO0f`|+Q9oIk5)uQYQrWGU
zs>~WmS<`!V7ebJ9O3@jN;KYxV>_!25HNf1?UJMr4i*s@I0nRI&d6RyUb^CD-_lTfG
zrId;YMQDF8T~!hpqRh?B&CNbD8#r;ggkujr=q$Vq;v^F8LY{=!fN=nsTHxk9uD~AX
z2@=6no;6fjQjStB!IgnN{ax#)r^TimNSs1(AUcM)M=5*(4SNh_;JLe4RA{J(7aOX>
zqZBYqM~bq^UWVBuYCkt6`QAzps$^m=&1t^DQFnjbzPCL?TzC3(M?@iD*aGsCFh~(w
zm`#KqLJEWPoNhsStq{^~-#L~RM$K+hxd0Xx*pDL`wJd+|AqxKt#3TfRFur>0#W;F0
zi9C#YaaI9>-w=-hXoJQHw5GMv5z7s9E>7ojZ|XrzE31y>bh?r=vM;6)rX+e(>};iw
z(~o~ut@9_G!!=@8sno#Q3tWJkqy|h~6-kA5aS6As=YbN>n}e=Qkf$@Sxbu~Qzzh>j
z)|sIGHTJoL({Y{8pHDZK9rF@|r{>wZmcyr}2k~HAE~F?Jn72FoTl+ATRz%R{Be?`X
zhbKj$M|>R4=R!E=*Wps7-Sum|nR?~P`Ne<FCuhfh*xueA>z7TZ=qvJT_Fs>8)Q_fV
z6p3KEGJk%2q{r%-9}{ClJT&mL{0&FvC+cOh%vtAG{L>M8xvr0jR00L$MuS(z2UMmm
zxv6cm(_k`;-gCc=j0K3Z5*(#U>&LQfGHU%L$j};p$sQA^GR|_{-fou=tg+)0n1p|!
zbBgw@5*3H+GmH;@ewMP%qRL;m4Pm*C{J=uG))jQKskO*dG@`wVbtZ;!I$3y025zZ?
zA8RHSQ1sR_p$cy%#S=pNjuj-)@s38Vk{F&nKRYk>@gfsXAw@S^kDi_?+s9@!ag6Ow
zASI7=mxs<QL}Y-Xfz~fqO@Md+t6G1)B>P0|SVGOscyn@o&33#Tr;Qzmz%AV9%Lx1Z
zFpo{0uMDRTpaf)n19pJ0*>QYm-O_1RyKR}_mI9rgqFj`>%(d26SiIUq?(~b4M?-?V
zwdQh;%3}L!*QsHh$kv<{rfWYS7lYW$1)5bJ*qu`bXekuq3cIx1=OV&(Kd^t`(%i&g
zVUV`Jktzm70x-2Jr#N6uKmq;mswo+O=EE@iTjMMj?IN}E3(e6Y{ek6=nPGXe5xWB8
zVU=DUs-Tr_ICXmd$$7p1diTKD-tIp{2b+bm)PBV0y_dLV$hjNt`8fGCeuCuj`Pqjd
z;&RpiNpOvH+-9<JW<pIe>_&e{KJ!6DhPxO?<Wqy9i9GGm3@KW(Cf5WOb8nMsVZEs&
z#>nsBK%@0?Biu;;uwstZOS8yh@vnpMqxIrk5R(33L?W#hm&YR;a_VVc8O`!J&4sUz
zDoW3!8FFk42&;0v;cd{NupJ7!{*Nk0VRzP}uu|(m&7>8CCwTIbCGUR|(a`rGa+St%
zd+h(tnWXYSh!{1aOE0|Y5?^&W_uVT8#{4!zF*_>uapG$N727_ot|uO80kV2gh9!%l
zow12r#_2WnQs+xX76H%lnXxEsKnSa5F|;_u#dDGO31&2wb8hH|l}|<J45$wXxG;`M
zACLRs%*5P-upFt*{X>6Rc{~vmzhTG?`)wqlbIoaiOaMdp4MSE*C~)<<zJ}ie&|SD+
z5Y7!s)Nz@@{U#Qq2eA*62mKW*LtG@pp!8CHc%KsStfJbm3<{*LG2B(fld(n1SGW~>
z@T(w?K=tIt)_~MO&M+OIWoin7)}g)~>I<lEfgS6}Uh1M`<`sY8_(5#(D&=v$EH>=u
zTd+ZD+B3c|Ng%<VOH(QH#RkhP=Vy~;oS)iywL<=THd(!vq)w=31^n*gqqFyyryq}w
zFHV0w={g;5u)4dit6JVO0pmNNwFm|n?_j)Dd?k(H1N{EvuH;ReF61%2!mh-{jJ^$M
z6wsmP$Al`A{?UKzPf*2VQp3ds05rw)l2Jaq4Aiex-prP&KZX2{f=J(vx3{;px8=rs
zUxZ`m-DbgDJ7j<C`qR{>RC6&SKqrQ@c95fC@xjr+M?!WrX0eaA_qHI5TqI8ReutiE
zJA|re?z~%nAIDAND+jqx^hNY@f&tR?B=^br`R9w%pYDI)xcA<uagX1R<IX;?aYJEs
zsX5nOnc_T{>#hyPU75)0gmG6c1PioX!<AV&lMiEhdW1Oz9R4MhpL)X(!iyDTp=p+g
zqA=1Ou}t>W1)Woa3OGXfyzTlb^dy!ETtq={Xi!H9pE@N_HV+yW{e@~6@alx80AlD?
z77^u5qd<Sj`&IXR)f61!%Wmo?_8o$KXPkaPadGg2bHpb+wkb4cy-{C-r&naJz9-(9
zSBj@1a3e3=hy$i2E{*B}1pG0C{;;|_c{op@i!@m%Q~~CL>4SMHoTCy5#;0mpE}=tx
zi>U9(U250U_qG2cfX2c7j^OPG-j3k?J~>Xv-`0N){k$V2MpG6smoV!O)<-Acwar+E
zj(vP0yIXfYuPxJnk<i;+Pv|LUbZ>jdIsJJ4`NN0P<I|Im7ndJCe|&$=WJ=BgG(!bz
zM&bnm>g8@40(>=s!+W{9TTj|4<L#_)awMFYnEHsWl~HpXV8z%VUNJG$iroqe89Ohw
zZl+AseNZC^#V}<d1qxSI#9^*dZ{|Xf4W97%)R}ql(sx&zx38qX#mF8`Tpu3TkehCE
zs5$Ojd8!DLTtg#wBCn&)VpUX@9xN@ySUI(m(tRj@_W&>s0^joZ_!7W$!?J_LfO%RW
zsE%NJjs()1s+Lz1Y&r?V@R`-SQqxuSBF`$5+OfuG3sT7QW;7O+s57RW_A{Ie$a{lA
zGv!+uQ&yQ&%bQu=+r$z>k#}^lJn_X;u14TZ<GZ_9p8Rxjd{-08A9tU$iDfMjrpgw-
zxd>B#Wg@!^VUl;6b_rokpFoT@@b)X-@#y=Vpw{)EB#bw4<S8`0<|4~1-7^9&IZ$U?
zcB-{Qo)`&RQNu%=L3n`N4A%NmI~P2$bdlf8n`1Av#5{eJOHeq3cFLxn0|J7xMa`&Z
zX^0bia%Zwyy74nleXY(Vdk_h=9)CjisUh)yy=Gxfa3qz3OK7AIN@8$GDivQ})ON$M
z#%`ou09QD&S3X3MN1sm{vZx)NRK$}oLTls%9HP~X9)$Z+<JPKCu^nMYFm(h|M=(9L
z{9Z^OI|?Xl)X1(FTe!cGT`tUUS0B49;_w~&*fqom)*Q={M^r=Pi23(ph!ZH0)<}$h
z#lyQ9QmsAg)}m%~dz+wcyLOt2_yYhEkS56IxSFAa9q!g1-0damZ#_{ZtHqqv_lB=z
z&P3jazr^+^<~W<hi>rcE8#H+HV#OyJP~4i4&BV&V3*Z@-^o9W>hHik_fEE^JN<@Ap
z{3v2Jn)+cZ=xy=+UF2Lkt{`#(0L0XPNcdwuGxwo|p6~$e<{A=LX%Y<Q%>i~(dIK9;
z3cSEw@CtG8>m99pe{koBXro13B>qGWHA8TDi(>L`hWe>ai7JoK6uzTF;W`wqL*X8X
z!s+A7JPqgwP%VDS+>M+~f*%~?fz)p+Lubx}Mn<_LVF#`Ad~xH_&<j)S>|o4)y(msP
zpl*Yuri*12Ypur_>#gI)aX9td#4L@lsJdQpbQ`wul{;k_dHBEKjXbx)Kz>p?BaG)V
zjqTDJ^_*L(Iys-4)~U=%EqX@9u5Zv!kDB#nB2^&GwHsVjN8wc`*l(lo#`i#YKl2an
znInA{e)r~$N*2CY{I1IF)KL6?t~!z3jo<CIO9+}OD<$u&i{<k}cXbqxd86hL#;R+Y
z1=$s2FBUS!XB*RE?GS1Sd8f(-^(18T?BdZ1Aj8Pv2Bp36nuenaurp&Lc3h-Kt2Ugt
z7-1vSAFn|K++lg*WW~R!C2L~fcihCScyr`iVp(6YG7n5OB5O!|v1u@W-tOHno~83^
zI6TvaMPd#t1UlH)SwrkzX1@Bounk$yj>9YC@OG&hur%mXra1#sNjmDTqwYHDu61D4
zZbRf)YcR^Ps?88+?U|@nH2~XRPet*aXd?f2=0>XnzW$UAc7Vy;Z=G$<8Sg;jlwXg2
zI(>h6^z*0B9~)vZYsN``DY-X9cunA>+NRO<<XV0O$UrVl0iC+ct&bC>z5-HW=g%Sv
zF(9A-LMkzhH}5QFAyQsIu*2L7++Yelj+bE!KZ!SQ1lEu{YjYSU8&Wb<BiE>F{k~<L
zaH&!mP>x&F9O@S*uS5ddh%MwVTF{z%s7v(rfg`?(XzIl(V4+oi5#9}RrG`sa{*V6l
zL|nT!Ubq1gQjhF=hdXt+Q-?d1<4*T9v}%PIa!is@TU$EA(B(!(+Kigs7H6ckx3<R{
zHh`#yjjWVV8dtUQ8Q?L&QPk@wk203yojMNh=Q-X<@A-Y@JO|7JVu!&%JMcJo*2G+8
ztBssgk=MayEjV(2>4D(K;Tq~A=E*@*A+1A8WP2w8vh%DBn5q}T-2{kzsjdJ4soMq|
z;%TXGv<NMrJytfj+nnEZb8^{Lr?U?`G{#O3hc3hASl^lZow7cWvf3T)sknl8jY42j
zdfh7VCogo%D4YuVS69C2T3&N!Vvhaz!!((O3nAU8)ly!6_I!Vpjh%x!1KoAsyaRB_
zA$(i--jye>1J6q`RkjqTbH`l*aW7^7FVJwxJ4T`A=1$UWDU~ASqRJ7^u55?&GzTU%
z%O=Qg<t<a{8U`EO1TTvN*ySPc`^AZ$Fk3uwa`QfWvk<og1!kR_(1ZM%j?FnVQWahi
z%dG)byR#>Myo|ONA6s{Uu#vJIZbqp4aGB-`X|uI{(1RYdyY2&xvyr>>z*4iRL%LG+
zq<%qfMgi^Orp-~7j!i3J)8ta$k=`?U#f^9S<*L>3X&s-|@o7&jKOHmt6*G1<lHrj_
z2*81Mh?zf1CLTC=H1W4^0ujDw+zhGLoeGrJ8r(d8G|wb@IJVWdn<MAiLvAf<{PpUt
z#$Vj(M*0p|*?SqmOQ>s-nSF5n%iHFRs;wEw);0WkjPzQhxAjDnbfYhM0txRb7%Bl5
zRs>7dkWW$#lI~p|4(7=vvfwm#G4Za_5MtBnmrcXqMnth{Q!ft`=uyzIYBgci?oy7y
z-78Ojl%l06@`vHVOA-h+Qt+2rC@;tl)rF{s^yI>uu{Fpn|88#bg*B;0qc8BR7G8|Z
zoAsoo0E<9$zW^H@)Yd_59n{uAZBGQX<r{jUiIo<0DI$NBr4X889V^AzDqHhSakhsw
zE&A|BXT!clAO86B$=UHA9znW&K7R!1R(1(^)>LC<e+z#S#Nhm{^QWA76fP{U2nU{(
zrEZf-dOcMpxF_uOR3WQTnfPp0gH#KJz+QF_Sb!bXT}EZNuWb?uYgB?2<)KE1rj8aO
zjv?Pgxy!bQ^Jtd46TKa8?e0r+y6yB{IWu_%WBHCR-xl|kn}@iZNy?e(iPEIYQMaqt
z?`lf1f7{lRq8UYzb~}C@opt}^+Ua>)VryWs3DU=$rBiw!zh_8VJC|-MoN9P@#nPd3
z_MVr!s!Yg_<gVHwq&r%lNiWhafxdFRplp*X|LES{XW0x<oKrq^r`PhkH<-n3iBcME
z&F~n9BU?di-w3U7{Lq;TXprVlQ=eYO<tY;}e|6IsO~VRnRrEC!8t-TL%<e$V1xT*J
z=}i;g3pQaiYZ3gdHSPA#>yj%Eh~HWcp|<>SIt5C%k1*T=e~pUts%kssCG`uxc(Y>(
zIl7B$T`Ps`72v+i!a*J)mYY_7+n1U+jlvlIrlle{(dxubkCPd(k;;&lXVcSYic-F4
zf2xk$iv&Vo55nqfJ$%pZ_$N%+$bUIgg?2!am+11LdQ0#1;8ni^>^i`%1MHq!elKI}
z>Ug86t83!2cTZg{hG_2^x|&66?;E<B1#TZabahZ-U6mmCU~h_*>;Sl$0B|49PX1}Q
zJw^!b!ng^}(KiHC!S|%EDo^&S<Z!%gf6tDS7l~Kf&@CsMF}U-_fk$4R{PFnY<oyZx
zrHi?HsjKUgC~XStRWDLb{)^lua!r~dzM8Reoq9J4s6#R%NW38iuB<RswtA|Q{sii=
z;xtm7xyEBVdy6qGoTd3{dni{l1>nvLX5p=M>&{B+bpR!wfT4zQoJIgFFO*kWK=`#k
ze>m!RyXWQYf*iV2j^8a(Kk>l5&5gB;nY=rN7zfrtgU0dLj8b*W^_jy7YtB54uyi^%
z$(7<UOW&J%5R)Z{Cx2Rcf-S+#cBHHVlfwJ_`Sd+agzR`cgU3@L8iUJI-4qBwGhGy%
z0GUMI)s?`rkGeRZ`G}=!^F`$5(8%|nemwvD;lt_i>B+~7%MYJFzCVA~yiApxA0B5>
z8U#{CFs;;!;}m=aN`Y%gU;7H|UHEVwcnj?@{Po}d2Rnw+jemI7!DW>RZ@=#_Iu(RG
zVA9e<=B8kzBx^5EeD<N|OC~I*C*KL~oC~LFd~FT2L{h_r1`R-A3?Y}0F4XA=agHY(
z8~%c+%H67zM2*+PHJze!6p6WjK$viPi48ZYVLzWQj&XBIYqwY)s>U-1PO_~M`ZLYl
z7JT=Ga6u^-&wmZ<R4C$a0d^2#>@6_5+dpvbi>lH;VAxrCq_hxV{YhSh(6*jmhf60P
zFkKU1{psTT51)S7D7v~g9&Z?3%^E;{Yjky%-FB=O!zF+;`)~Ne{AOsYZjPilJg29?
z6bF!t=S3eXQ_nL@^*UhwoSmY#@;5tj8%JS!b?yAkn}30HkfRk|&@v5idOuw_pcl^e
z&eqoU8$1%e2>CdDI?p_4#6C?7=?iyyt&`bSTNt?{?T|bg2J_PTH{)&P$QZ|OI0wUO
zw`!GAS38nKKjwXZmwvZHs;7&Em_cG3N;`@Y9)Gih$K?`+_+rZ>96+co$yjF+0rQe@
za2YZxwtrqELV?01D03vuSlU*kwt`lSwGb*&&z3;ZE<+fKVwcX`cdzagG9S%Gl-sB&
z@uW#6p-bl<g5T{B@iEPKXN>Ak%+df4Ns(jfnFtx$Q5LO^gpVPOUdCeL6cg;X*e_cH
zCbRao$D_UNUHShzBh`mgPt?rC4zpiJ+kzOuc7LpjLX1H4B8gV!4j}I!guBQBhRw3+
z*00E4E{x?M#&tqtlgZ9#Tb1Pm)*2nBHxmoFoJpkT+F;g6ey9aCkX88HEX!cfhiD20
zS8F!&qAVe#5NJaU3fIeAhru_9V8YW1hm_F__^S);0S{ESI7=TiKY7OkOgno(7WId{
zjDNb!gQ8%}i}^5&3og8P>br4Fi7Y7p&H}4a1S2bBF}k6_OYpDqV`NpZ^E8;n{Q(#%
zj4-ANCSEWphZanFJVbme)g|SgKsBtpzyOZ&*|kg5lmu9Z^L0316XaL>&TVfRBF9?K
zbG6QrW(brB0ylB%2bX3R^FX=>^fla(Uw^}0`8C{=U&DRl>#(F9fP5$PG)8D$#V!vV
z2v{E4EdmZ4D@fXm#e31k4d2`{_{}}An9()()qcO!4;++udH2^jkceLpcDi#1cA7O=
zWslm)OWcaRWtFm=4R@MoEb9fFb~A<_rS_d#*Bdmo1`Qhx{)3r^iw2SW>xY1+8-J}R
zCJEd~*cF#<Y{u;nM-;OTC#?%kI&e-^f5eIOBLKxpLa75#H6<O3bg9ub#z%v6F_D`U
zRH#G~N+@Lb34~UtNrsA~*sM8v5(6Gsl8gE(^MDokk%xLX$H~?Z9&oO({v0R@`B#oN
z$cfg2qv?p!jwoF(tBxqWM?kxqw|_Roj1t~rl$rs4O2nz+WGq|O3IXmt5B3;`+=D7Y
zenkiQ@yFyH{LQ!(0+;vYBPs@kt&7No;Z=P%Lbo2LU8U6MUR6teb_Wj%nxAZ&R48O?
z6E{j|xz~cBuz8pseb&r(Wm0@F7@C9gq=ESkV5lDB^AIrf-TQihp=F$Bi+_~LQj(pA
z5^ubiJ8Ox;wn}n$og_OMX&LQxGP+kr`<;yLmC>tCM)%6-$4*A~%II|`qkCoarjyYl
zN;AqzE~sd(biVtWc1Y0V*~i-eO|K~s@RBTH#z19h{#~_KrWUpk_~&A+(K3u7;-Y@R
zz*!2qV!}#H<RVTtspYCgwtuD8Ozx5I7xHA#cfDj|@K|oWAE3ps(tqlT`Y{ZIO4nhS
zh!!utQwKDQt5bh^Bs_-RR3p=@DNISaCCe7l1?NsOgiBC><~_>rSzQ2d;P~Q7K5PMT
z*K6<U+JPtBKrGBn?B*ob5JU{AVLf&9&E}FTOuam%*bLR}u-gv1ZGVFNYL4AXYuOAr
z)_2_ZT4PRW9XFc>-amA>X}kC;rVxvURQou|Dw9>;b?T4c#trEc*HNI~i2`jE@%hu~
z`GsmU3bznjZZk1=rH_gU)yo-oujeVY&U7{PIqlPo9aA%obDjoMs*7xh_-aOSzI1i1
zCy__sMQlY*e5@n90)LdEQ1`6Y#Pfl4qb%`EPu8}UN{`<#rfR2wP~Mz8q?1s3Bk?p`
z3XH$R>2euH_&Vfb;CGIA!H2ZqH=ekSZDjN3llP~ee@19i&t(4+gtzdR5^XWMC8@+V
zUoRSRZL2xoY4!(&)k4bB&@Ntf-4>MHIUb^tX%MvmjaRYM1Am2uy1eXE_wN@h1}-rC
zLOo%!OaV|oCo84PO#xRrO!FR0vlZ-?J!2bL%<vXkVNF&ohcN$9+WcVshR+#${oe|S
zqBr!y3B)qhkXrRLHbYbBM{<=$RKSln%(?d!04VCZCoihLaIpbKZr(8kyrCVyoC$II
zSglwb2*sL`p?|}{l#lr80dc6I`iX#HY}Wd$UD#fXL07u)%kQ|@&g_N@PmEE*dWPmh
zZ2t=ozm0qTODec!i*<Ag4g~8O34IVZ<$SCZ?A)&|?<r=Zsp^w-8#+b)Ff)1w&c!7p
zG-h}>@FpwSSOc_X7ngy!<=1M<Rq|?+994Tz?Pz$8{C@ym<WLnD)MQa_(r0EyD_fvr
z>8m=wKY3U$(I7OgQXoV5jU>eXtWCeb$|TC8R*NmvmhP1oP=U@Dv5HGued&H)hRpx>
z{}W{lalfJJ9<~sPi;CQ%Nvv4L!IMCFdiC?R8?Da5KojqrxWKNEd60KD>1|5EM5CN`
z^3S!nRDacmZr%#_x3-HA)5~{=&`3XbVmuQ=Y9{{xb81WniAAD=17umbaP7;TH;2yP
z9*2vi%kDV17!jf_AWx{d;-S@<RBtk=XWxBWBHn(k=0vNswSw@Q4N$}j$cV>WJx*qZ
z2lJZWmRqMC%fq!j#;oCyKJUQFxarJGT)qJ?z<<N{AB>SQkYl!bhEN<tNOg1g_?iN$
zAx<nN5oaq-ts7T7C)*6z4l%krW0h%234N`hE--!tkI}lZ6}od%a3X&K;lY8;7VQ{n
z@eW>Q8ev=Fj)NQZ+TcI&U*_|T7|8ku>#O=559W4_DkGt}GI{a8QhxNh>;<-S)PZKH
z;D0HuQ{=^8K(nR!3bD~5Mk<C-&p*uPEgGWAHHEx3Kf#+J=6W(-Qp(K`--~KsS7y|D
zDo%VL?eWg5;r8BedwghwW7PL|hvWT2BlMEJe%uhu>?M#)J4DY|2N!k0PaqJ$6q6d^
za1X|m9bfO^e^mQy2ic`ppay&{9h9j~3xD~goi+RtHF5&}i;{oj>%f$5I_>wQr*r!8
z*Q1|K-(S8zx;VK!JNo$h6Y?QAdglDCpB!dqe=~Me%}A#}T*=LI(-h&=o^xueTGx|d
z;h7UqC?o$n8pc4S+~~ILdbMD(VIW_C_lj)Al2GAJj=Pw6S815Wm~(?^%Ww_DpntM2
z+%M8fcfIGTW0Nos3cq5p%FQeG=FX|+kzBpSgd6#u>h6}ql=QS>(hf5gQ+g5AK(sO0
zA`1gICF9x=Nga{Y5lMHnh0CZ5AQp?zg(7V&_<{+IrTl{zLVlFiG=cjZ3w<YYIIavW
zUt>F7M@&JuA)E37M6(aIw>0uf-hUcJaN|W`fOR#Y^gkkx##6Zo;;}=nQPtigx+PtA
zwhb0|?^RVREDusluo*fY8*v{~<ISIJzsaLFUa(B1Z#wnCSy?%;^ep4~YRxU-S+ir6
z$rc+!Y#wg@`z&LbEx_Nx)MOUo+fwPHL#MND)L;0S)5DcXn0Xu&L5$V8=zrQ4#%?}y
zE0XGVvm3=?ZTE~Kw&Vup5W#lH=vRg3(qE2Op&KYmHnY(9BYDA)pMyiG#V|+(6Gtl(
znmG;=Zk)Oc3pek`<#$7_geEyEy)y(1?RE*76Dls@slj(@z;+n;YR2W#UHPFqdtU6V
z+H*tqzO`@j>aIs2pI-6E*nfUAaPsHHc)MR4l&C@#CX|TffW5;7HGf7;(;+pErcnnN
zDnnF5UyW#-*_FujcNL3L9y%RZ%cpixLqcq|W>e0rm{+OSnVa`1odQ5m&NiF#SzJp5
zOg@H%0#;?MENiB4cuQCAXcaW|v5))I4ZzCM{7sGvn<3!|%`FFM+J7Nos*)uo|0+MB
zyq2Ybyywdov&C(Q(sdL`N0HQDd^K+rwAYkILG_-`Sv&)pA=Ub}Us4D4pHeQ+oVlwt
z=`N?2xwv$&8}4m0*5Re{Nrfg$8{$deBd>AQ)_PqngpzjGKuIEyUgcC?A(kS#M7b~A
zuTu8gPER*2YsSW?8GmNf4aR(o^j@-}))O$nFgQ>?Mj0y9Ey+cI)Gl;^P=YrgAu!2t
z?A-`;VI@k4V<JY~69oLS8V8ysHW90k3am}IL@ukhNEaPkR2^Iti6rvGO%X53+8>=l
zSV4ysX}Be9MlTTy+@pAiA7<mYxIHniu4;)Cr&DM;?A%^^zJJJG%$mV3!srEd0T4^j
z5Y=wmR+^^dh&$}4!;U)aXtQaQx+9U?l7%L!+!+MUALwqt*$ir@gH3d(^?@)?G<^i2
z_Nf!??f7|<yOp*w%BU_cxRLt}=>i+!(kH#aa<xJ}#426MJ$LJ_M$0Jtx^i3yg2Qil
zIM`N?1E*3b>3_$nmXc?(a(69AR>Xpg%3uHO|0|f2e0w#XFoAhHx!iVTlaaQ=wDV2q
zOFu;Q|1@qW05!>XJ!@{XGJ!v^Q_$a=#uo`C`j6TqnX3~dYG7$M2`GCP!Bui?NQu4y
zi9);#XUs_wCa!<UBZueCT-;{E-M0tMBu$J~^YS{CLVrS=HplZq5|v3h--=1MSHj&(
z*doXf{?qKoWH=PM(GvH!X@}sRX0Pvbdwr9=j)xO!<WA|fmuFe;%DWK(ddbTFMP_Q@
zdI26=_-hLDiZTPy5@~<C+K%ryqN)XFtFxX8f<$_sYQ|U)d9=@^Ku;XcQ{RC0kaR&+
zlme#Ek$;7n>LK^sVjG@7Q>$G0t!Ux;Xfp5#G-+d7wdxr-GqIrXCD*86_?YSr<|=mF
zj)gj=Hb}HY?rpYAXjlv#$8XHU9BTk04+D6`u1e5MDK^`ivutM$qOcq?78Kak*CqLz
z<$tpSLTUkjq*^vy{DwqwYt68kM{Rj0CH2jG(0|s;Be;yV;Vy*FNoP<obfTY_9XRyF
zI}V(Y;aMRBXXzntc^&aJcf4Uq48vQhPlu$XQZ}B{Tb)5F#*V=xfH~NdrNakd{Zj1x
zSy1oI*y-^v?^AGP8VMI{A@!35n2tJcWBi(pTSGLy1L!({uKwbyFQQ~wOBe_zZ4UL^
zw|~rD4-uv%1iaw|&5-&_1(LqGVUiC2oyy|{2Egi;N$<IV-_HJ_@<3aNBJHj1k3?R?
z-uABZ;nUf>)A#RBK2o0;6_$mwSEtD!Db|cFQZqCu7SlBHk`7IJA~fmcDsDY-6%}}h
zQKZojORp#stP9>Sp;H7`Om-;^Ajuv^=zqb_ym;z|RLM1$wm)zK>{me39^#HhdS)8Q
z53jDoY$)%fuv_%FH8+v>x@7{(Se&1R-J%1NtH8*V9?~YYCD-q0CIYQFYa1PLQFzws
z2q@*IB!62;8(rLnu%Q!q2Tv%y1xggtRF?zj)Dj)xdcwcGYX#Y`)8{`Mv6{A0SAV-E
zb#?j9nFv3G4n5MGpemqJaPUbV*C@AEh-a_Z^y#6ae^6L|>n_9iFm91z?e`r9PAvVB
zszf`jM+2oWGN=l{aSA9U-`NjA_hNwB_wm!k<%dt7Kfc$<T2oG(N^zstRVjc8xI(x(
zJ7Z`hW2wzGvMWcX3eZm-_r~>nh<`skYnrMu5vu+m`5j~#;&(uJCh5{BU^n|x;DsQ*
z_Lk1VT`n;b5j#9zPEEx$2Vb^BviCNTx_p<j<tfgOu#CB_q1VEliKt$g@XF-7aSN&4
zcF1GH7E&6ws<4Gr)jIRA22wh@R6*aUYOPnHmC?c72JL9QK`WfS)v{+5o`1J?Gb8gD
zg@{@Z217b~RTPsWC8hDsfjVa4Gg=O<$=<X>vU;SMo8ahEBMyl)fb>bAg}Rh1Gv*-4
zk`8CZW_$M2fDz=n%Z7v<YmLtQ#QltmLB*22kn01r`;b0RdefA(e^QZZr70Q?WnGaU
zND5^p0<9i*U@Pj@K^F@6TYsQI2G-xHwov$=GwNiPE<^+u82P#z59bnw2yMX|^rhaE
zj`Yf}QmDX!O|PwQLzJ<jS~{ww{^F~BTd3WJ$g$RKq4bf^3}K#yzPz^`Nyq#MeZm?^
z5<Z%f2GGYK!Fz&TN^P_`=;3vsuab&bC=rEmJhc7YW~|6d#jw7;FMrgoE+sF}7X?SG
zJs8%9KMuFYNML;kBjH_H(6=)eFg4kqraoQW+~v}TrZD3zDb59qTwYRJwb1Fg3l#2u
z{s(k{xrXZdOK=_=f-TmJ$(pCZlqkW5h_7Z;R=btCo*+-gY4N=kS7@3>kqD-EJ;nkG
zSQ+U^?EVfH%vcx59)HTUGnp+fPy=FAMLyhVKl~9$EV*p4SVwBjpayB-1#rcmT3V4M
zlH{G&MK&lakitIP4Y|(N9qBSWuZ8;sBL)~(IX-%CZd*dMmU4Aq{fX0>hKpsIPz4*l
z9EyiHrkg{yl+t9CPV(2ldw7TEYm$1#ufAMo1>ieiHJXxxZ+|8AwXVlhOIfFfcbFn^
z#p!(RO|jZd0|@e7Bxc^TM(=Af`A(h~iHA&w<yxSm)Jb-U>AU~(mdp$k_3-pf%ZRi>
zczZ?+T#qnNX<pDew&b(SjK?Fgx-n+<yoh4aH(7DH&^En?=!Q8$4o?U1bs5IOe*6WN
zm%=ZhIv$L1V}HGKh(Z2CXo(UD?%F{mrtl;9H~csQcnhU)@Cnb_5~T(lo8?Gj&J}z%
z-&=UPB0rEOm8L>o%Ll;Gu1a7>uePPHg|wS{6H4>5xAVq<$q~_9z?NwYK3yry_NFQ=
zIKB=;$~sEBp9r4Ici<FVCG4CBHI1Lo-}eW$!FxO2+JD*KmS09jbK=r-wc}3?*IQ@2
zvk%XK4XgJsY*&GyT6E8!HFsQ{?Ag^7D(s(GvbRo;#f|PL30M23D8$!WKkkDNO^if6
z2>B8&Xd#0~uWyH3ks|r!)A_@2X2|0nIDet=U{U=!<VgRZwc+3-{bM2ERw|z!xC>#u
zSYBE2zJK;JzoPtY-YoZ~pT|49_DiQzbU&=u?Y|!HSg*1?73-yP-&(J<cCh{DvBFs|
zH$?(*QR^MQd_Ft=!_oPP^^RF~LCp(9-}j|p=$pUQhSI4_Z;7SDJ{GCMZ`i@YVg(wz
zPA)yUI@+sIw_~s!?Ay@AS#>)!&-flVK;*aTD}RC=3kf3~!!b9CiQmd^rP5e&pAYH#
z@!Y7kES5s53Ua^^T5N|)tuz|v*jc#A^jh&E@U9(aCZ^s35WpV2@p*gmRVGU2BTWP2
zVQmg8w>dl5evPsZ1JY;S1lH}1be-BswL_dA1SnQs5D@TuK!s0_Cc=Sv0Khv)M%22Z
zUw^(B5O9}Q1nextR8u>I{i}I-g*sKcwVxE;+?Tc>&ic!mLCyR{Rf|@UVMYTkc(3-C
zP2=uapjJD?e(Vc3NS6n2wFl{#fdbu}7ZM3k?D`|Pmkyw1Rd_=Sg~0_wXj1Y3zukH<
zj4g=1aIF^Sl;<>*R+xrpN*}<{%S^6zLx1uIwPrIfj0}>wm872QE@3_8BKEC5XKwC*
zKvMI<$|RIIL=4_%r!~HcN7S#s31gXf={0yjr@Iu*fqkiaPzC~s(TfsXv}jX`p*H<@
zDsRxR5Sz9>^MbjbVjn=r)`bf%j`a}HgczE#uqfQ7<kK9LzN61$=HVs+Q$m=doqzF|
z(qZg9WvP7|Y0?K=d7B~Udg7!Y=4Qz6*w}M51R=jE+|>-pQ-U6_{-53WORc1ynS=vp
z%wNMD`8C{?U&B55HQYD84jm&#b>L87>d-d*2hQhndBwHPu>-x3%~-ORKvnK)($Dl8
zKFHJCFa-~TE5F%&X%}a?V{w+?FMmmQ6*|*;F}gU=961rtyed}C?WKH`lA@QD_%vg;
zbWG*r#8*?M^5rXTJ*hd$#K(X)!V;jJh43;Y;^lqo1|y^@z6to`8V1%ZBE;@bx;GXs
zDYU=C%)!7BfjjZJmM_IhKxk(`UGwFemcF~f3oiUSBq^nZpTX<bK$nm|pnseM1#PEd
zL`g{9F0UbXy9S|^k$}ogo32!FER5|`gExh+sN90iD9zYpvlntjamZnYh;I3T)*k$w
z^7%>y<zuNSi~N2L4rmG^(!rJ;Z21JRWrtY0#To%CLv05Z|N3wL9j^X;5~OwA(249;
zNOO;(*;Z7XL`q4Bd-C@gpMP02?yZnt#yqa!9N`K~QzTOy1WFX@S20bW)`fYwDC7Qi
zWjVpkQO12D8Bac+m5_{kcaV%3H0-=}e%#sGM~?A1_fCcK&EtyFcpR`0{_{VaZHm<H
zY>j{1cmDdX|8Bg_xLmUEOf*rx<254MFw=vOa07)gE|^Y_-sVg~NPk<oxBScCnzA$G
zcbFI{kKf6xqP({B%XmpFALJZbI~Mc%Gm`rcLnI+c`9MPQ!^z2h?l+Vol5gI;*$|PG
z24Q1Fa_@U1lKN`KjY8{(N>-=74{kfi!3og3S;gK@by8!{uIy$HB3g#>UhCZm2b)8A
zQ#RIlbP)%yInO#!v44&tL%ad>Y=%w6cYg=dBsR;CC^myexiV+MbI7ID9LwkVLOy6J
zkG$+)Q)a7QSP+CwM4X*xJ+XDQHNcbgSsBvG*U1`98YiCbXRX=bXE4VPdYxN0DB`L;
z5yk6C(+XxjS0~Ifkwl(Qtekb(d;mkbh7^@jj8+ESOKtbknSYnacZcc3hx)P*@S=7I
zTceBw9-6^f8tfd(hmMdx!~kr*E>e2V0p3|l=tLT=(vZk|GoeH?{8BQ3HLHj%f{AAZ
zHwE^aov11ERe%dDKg07K4_wu1BMi7^Hg}0Fqapbqa-IM6KmTj)G;){AC|pJu!h^RK
z52rieLe5V?n1AIOyIPK<mvM!kW#V0>VH*3ZL!DrtN?$951rH#h$Xg?iR%ncNcg$eN
z3^qZ27izQDNP7S4e}Wxqi2Pm>`Im$IPClQNKz=G-n!^M!I@63b>(IY)^zUBQq>K|{
zNFXa+EzLHyhYmdd{IhDq_<NBR6~*ad0RybFQeW~OCx5OF);At-miQ9$Qv)70GSJP?
zrmHDVD+YfezT|f`W4m?i;N!$sGj_1k>KcQE7#H*SYB_V`>q+QFGrdlPa?u*)y6a8D
zY{VURN6gwb!Q~HXQ{lt%Dh&!f#0HsKlr6I(g4uwYXyJ0-H+UDP!pQTdo51^o`jMN!
zo6&`O4u5aB6oIWh)V48R#q#u5kRkV9T&&n<Ozu((`lrJ-;9ezx`53~~6!mN@YDeZO
zXMO}<w3`BKbX;M_6+WCRY=u|=AmrUmgH_ewUbu<eh_aA)E9A15$pz*-e+i_rsMa!Y
zI<py8KGaBC;Y+f<BhwKZ*$x*B-b4xx6A+jSf`4~X;u32Syy>&|X{!<%eAuXDK82cc
z_*6;@j;mT#dy4PI!+UAERwUdRLII_tQlB+%S(yOuoiwXAg6;_MFR76K1(BjfTpNa|
zG6DXoS_egi*?&3XZOF>3u}a7#1{4b2Yb^L$gn>vv=oNrXbrfa(+}li+trwf=9jp^s
z>wkr$Y#rTPJ29;h6JO{r@j`zokBx`ev)MEEQ?I22ZTEb0@j)N%D-n(4-!f^7U!o`S
znk3-#S}a@!s;(kIjjVb>NL@>_xMmhwwCV()!VK<3Q+Fvn6u218jaVqfMyaXQ<}OSv
zB9padt`sg)Agjvhse`=RG$<VY`SgQrz<&otOO;PWAbWM>`-RnqR<PzagnH~Cl`q6A
zMF6EIzRHTsQ-70zzBrlNj{5LG^jOhdH^#(YD7}tMa8r5TJ#Vq}y(#>?H*8`ssI)YK
zj{FSyF*e|ZYoWO{<*7Eh5H&->^(3jfVZKiz$DOV(*K@%+ueQdBeyDiuIUDBUynoa2
zMqCbrO3pdK{{4@<mXSI;Ye^mUGcF@>>qhd(pNY9EeI~5_!4FCq(@=_8Zu@3zt`5a{
zocJ1m;=Dw)ttU%y90qeQT5uUhPV7eP8|IU$Wxz}(H$pboVW8%q!beO4xX5F1ym}ly
zUJq0i(9{B6xddB3P4NDo(LNJ#?SI~QVPq3FKcBom{rodBHhi0jop1tw3teRMzeqjB
zEXi-kWufi>P6>813$ap$%3O-Om<xLHz)KmL1M0QP(_Kpa!Z{g%rX(vnQl=wiI#OmG
zDRZ%I6h>y(rFnr-7uvo<;EIjQY$U!eT|8#c2<2?f+ayW_;2&`st7A%4nt$i`5#0ka
zmhYKD$kds6a~=p8V`O@<^aa_Xc8uHH>pQ>L@FL?(ssvN{Z9NDb{#isg30;azp6EDT
zbK!omrATY~+}X-HVK`+cAcsb!Q>3Va{LzU%SX0isO5vQ!*7{L!j*fslYrd;8SsiZ-
zq&dA1Tix0Fp<f#kr$P~8T7NIg7pi&I@}N>_rXxd4`g;xx<Y|wTHdVC0&wCE|u{u55
zM9<!p=-In==^0Pf%yt=^0GTW(i;s#mjD(L)eoUeEc*N;gtQ87<pDqPCbu>?mYq3HX
zIEy^WyE0rb<p<YoG+@1Gl2tJ*(vmg#_Pr0chHmTUmHOD}l?h7TY=5tS_(|?OcaC{3
zq@|2-ZG(Q7`ewxy-!rk0?@1z84+&Oxw=5Wmp*`xxxnVTuC9KIW(0m?BM-<-EW4^-q
zeD+i9{GGPbai5J2^xHSqV;O}Z%%60VY&zb;U1p*6hJ;6JO#yuZZH1@i?{O<8Z%nMl
zur7+PF;Stium(in)qjpqjr4FtfeLraB`)=6oSq7zasa<i6C1Mt>~$D~5k1Wa|HJ3K
zCao!ru*lCtEsw5JFTTc5zMh-FA9SRCvySZFH`6gzLmj0ePen;|U)`3)SAvE7Y|3N#
zr=-EFwzUDVCy@uUDc#x3qXX5+GEedn=i~0czkcq!8}xXq#eWXzXrqocs<rrDE+s>V
zGo~~jhRNjZ{JSuOwusKBCEKNc%53tXPKco_TE@KWu4P_CfagVw36^L`NUGV|13uoK
ze87iKXYWqmzd!lt^ay_iaNl*Lz`sbz^qaAXYDUAzOKlo?Nka^H6IhsbsdGJn2i=i|
z1<#=xAQ}o?gnvTm-DA3&omZ&4)xCtcf?d0n*he^f2!?i;qL9nIB^`6=Sx@94^d)w%
zW*4e!e0hoUZaiPeb47~F<!Q;#Sj5ON3+#waCGXDZ0%i`O)2rE?14sJ3VQ?isY9Ov$
z>`XAlX46-2PvERwV)mNGs1{udZrsRo<<oE&3Ax`~N`E}c?&xX&-=I*|k`=9BNsCfa
z>X-t(UF5q)(4B2avu=zD8TU5b>3Z!vE$S2G=mcY&U+*($`n$eHfLwXiTP!*3XcTtj
zw+ShJh-v-od4K)C{-4;?VS4;gf1q3JF47owPoQle20QTz4K@(8Cr1s5D1z1!;Y_+>
z>cR->27hvL={eRX1EblLOlvF2qKn&5HB#XTj$m$MViOJ=P?;mAho>dPK{9o^JnEx@
zz$@Mnvw*K^2h3p+NS8-6K7&%zh$BseFAoEZw}vc4?pkBCQyEdu7UVy`Xi1xkEw5W4
z!QDQq&b6D#?jQd7LZ$ZEB2h-amj?38@{ok7Lx0naDj_1$rf-oNJ6a<><^>p<R)`JI
zA$i{69JkMBKhZvPrx;s3aITYN86S*B?$X<G#g!Ms8M-wM7o(e<R*2`7JO{u4UAs|$
z9=RK+N@r&dHLU0oXs@$Jr9+N%Mx`4-yDuhZ6Xr0{xd6|QuBWP4bxz+)e;p>~u!AlC
z8-HiMRgeU%OwK<_HFV-tAe}1d{?SR%GtQAn3a-zI0qKkh-yZ_<1vzZ#XU#%E!xOT>
zLvXr)+a;CR*S?o$^gMBTS0aFm3*`3X^-2ERTWnI|`vRo>y6^N(=L&%(5CE)zyq$?#
zcSVUBv;V2<7z#Sd6qi+8p{{=%p3#qnr+;i%p)09yiA_Ajc`S03xEOq(cM>d=0Tyg}
zYSqIzt`tMutxAQCIW#fCqXX=n)5E*JL7Rrr7YaR)``Zq|*nDPexVSk`({e}@>0Gt@
zR-N2*&$PRIj?!%2<&oV^O&KLimIulY{98Xc#5K931-QfofVq9`kaPJoIP_ZN@qY*%
zL|Q8baM6qoRv5pL$6Oc~gMDKw^~UF3uF~B3bXKS}hwquy=Hv<*j!QtsA>cq#IQf(O
zg<C)T@Jr<3FVwM9*D?{)Ycc&|1Q{S`1-wOjjqSV6*w)V2zUz#wwla8QWQz;oVlcaV
z+q>-$2n{C&dHloqr;qt5#Wy4_FMlzturi2faN8jy)*AY|<-G`Iy&G9q@f9XLAdmOF
z6Kty%Nb#`7^Yi1U3*-FE2CRG$E4qGU-M$ce!NDA9g6A%t#R8%Q-_Rm$mWoT7zp(HE
zZ;>u8<#z^(=~K_?Z#hSpDRkTkR(^tK0n9k=06-EcH@S49#B+Ul&?Dg3u79P~%gQk`
zm7Qi#iPlvFIyyVO##K}tDy*`+eJ13ifigfGfxWY1`D!s#7gl4sF6SLEB#};hZ|bk`
z(byvrqZRgBsVa2<_6hTY>ca)$5Q|V8{1n~|46<&=>Kz*aoVz1L6b!Ov7|Z=QhgAc_
zd`A8-rPM*dxn%<X781TtsDBsHIAH1SeUvMA1eC!PBYN_25VX=xH9s31_`dX{|0&mI
z1fI*E4k-ij0_D~f$h!1!jU%xDyV5GJ`b;c^v{4Y)a$b>_M=%Be%<>nlt6}5gn|&LS
zT&(lubeyU0X6G40M9N5`)izp2wqqkbSmabX)Jgn_Bo0WveEN~}9DkO{0ijDo<c|In
zhru^Wy2X+_rZaem+-O0b@@T%n(OF@7bqyEM{<li_hacn_V=!pWh>mG=v}W=?>xVI%
zP#7n9R(7S4w|mI5br<|^x|vw62hV&{qwe$Hr)x@Pe%m3eQ>u&N@$_U4q!T^E@EvV+
za1&K5bEfjPv4hqE(SJX90PJ{n#cy)g2a2VT;*!b8jy+@nO*E<J`ZTQuaa84lV#7FL
z-z{=GBwJ6mFv2i884DI8E1MCn^nn&~o48k4N#`0D98OU)u`BP4iMmy?SA0-*_qFaw
zYUUL&lYw+|2afN?$=<*LyXg-cq#;)d6CU9`cIbOw1o!F&bAK8vQ!IsB$WM1eO|h{f
zJU88QCab0VK=`LET%WV>aE)z=cdV@|chiybzsc}6EHS)+S!3$@nHgHSSVMQ1rru0h
z*uIm-@Zl(K{p@YZDz}^FzIC}AlebB4@9S6Qw6n0FN6{Y0QaPvd9HL;rxQ5>H(`YUB
zwzuJ#`j(lu%YT`%z){^E06(#?O*lZkMFalB4^*IMULZqNO~n_}tmPOKSAf^kq8;;x
zlcV>KOE<K8tCVOfco%4dRKSY^TEau#9S*_}{;@w;d*#!R*$+QpiS&?4q@_oncx3kF
zvtv5iRxMFi`#zIgM?yHjhCxZV3NEX%aB^tmNo(pQg@3XP9oCl{AS*MYXWns2J(hbe
z>KHbL_O}t1zJmf-8BIE=n=-ZHyLDQ4f?9x2m|9omSO5pB0)R+Ng?A%j?dt1%bD`R!
z;DBNShL1XPPdBIo)+GI4U37x}FGp6DB|I`qS=4XCUJGZIvuOI&ksb>}3U{zJxdfdP
zK89=l7=LOp(R*;#L?qL#zGZxJpH5G5;e1XOobBa`4dE5Y)o%T;-=~`8Q9hy@7rMzf
z5IY;8#tb;(Gcv;!eU*H0eGC&@dx{&J9AXBCgTr=Jr1i&C0Wq#enNPAf$tVq|#zOk6
zTudd;7U|(f)I0?B*~p!t*vSvFFFsjTMyZLu3V)5%W#)$;`_5^>OO9}#$7&2vFoa(z
zy*|Tx8^(B?Xp5-|t4#L`3#op14H^%28*yI#dw6~H5eA(*D3V_^oy{_qUDJ)O=|-)^
z#~`@#2g>KxNQ4g!WHv+IH6N)YkI06|5nb?O;IfoRYa~YPWi&&WXQ3~h%p>VF9FcEZ
zAAd>0M?1Kq;5@6^Rqg~9ax08f7nMUzaIT!Z8Ef-$yCQw->@aZSFYx}Z11;bnV;E5T
zwz&&ad%7VVADz8Fzc{)WZjZ4g(uYWhKMUM52hJ}?7sr3#)a~03QTS)UkrFYB&3PPC
z8Uu70$}@^e=ivqhw}-#}>%Y_c8qz?fZh!rd66j%)L@r*&!k{5StXW^Amg{sqTf<~c
zk;)pxP;DXBRL^Pk<SV?0SAbqZi398r3W=Aj>=h30;q=-Ku4pWH;zn2UKw$)>$BRed
zTw3jcqdNyUuZA=4idc1}0J;NG>_p)tjT0;ypRCN*p(?t8gT$<EMFR>mC+=bilz-_=
zdL1DK-gPpX0{P1@PKNTgQWsHb$mGmJ-w$tx=@L6ZjWFP>a_n&;mTS5h*^P`yuRqE2
zbMAd*vQvs!<+0#;Z$7vo!II|oJ-WRPLBZ7=G=-@9(6?QwxSCeVosr0FfwJQ}SeK>8
z$|lSjk6og|JSGiBB1!j<8CW~r1b;6G#4XQBg<iPE^Nr2oq)VKred#8dW)F1pB>a3P
zWUD^mHCoz93?T&kV@c<pa&mmvFX`zgu~DlY>`B)<mTUWou1`G6$<n*~da@`LakHsL
zoDUhvUm5yR?a@d<fSN0*(2BRCLC{X$(efqp09y%CN@J%7@%6sF$Gq4!9Dgh_vLCIG
z*e<B2ZSp{WnA0(=-zC1Nk4=Oo0y?6{af<aphRBoa2)Wg4o+L&9;EAAyf$#^au7ovu
zpi}d{{N>oT9CCpUI3~WZbyykW4Nuq?usVBv=bdUIq0b2?*+#{s3X_@hCpai3Vh(jS
zu?S|$rK9ss6`b^>`N7p<FMmszXAqbWz!+K~)P3$;R66sJa0Dg7B@KH}9yMztevVAU
zTbwFIN7?c&$vtexIp_9)J5y;c5LZ0<3tQjcur?{{W228gkFZr^C9sA}k!x(5S?-6<
zr?WOla)Oc!LKLRLdCd)-k%39Xd0m<p5mV$6#*0KL4>W}Dqx+%ueSe%ifk_2;nMU$_
z?8PM=Z+V9r5!Whh@fRTVDw&a2WrMRb;X+9Ub+n*1xF9P=fC1D%QeY&niRps-`NC(A
zI({X^51F&K&d&ZmoL`YUO`v?UC)Wxl?%=|roq@%{Cy=#x!bJNEZtt{Lm0IK*Yh=#P
zJ<T-^dG@McuRd4DsegU^XJt1l6C;nk2h$$mHo!RTf#I*)#vjDR*ZLlWb?oiKF_{rQ
z1g_obl1h%nklMhg)?58-6{OD-Mlk=%`Uvtjy{*9iuW%u_P+5zcrVxR*iN}icH5byh
zc~Y?cO1YVEsF3@p{7XZ-x3y^7A;DiFu_R~@C86TucM{#Ue}8m2{%xdu93@5s!F00^
z{la#L^jswR;=+9o4(_P4%Y!M0_Y_$kt}SQ9%6lCKH>`!~z94N&`<4JfSqM`d{NOmw
zFf){t<fZ5&Cw%b*X6EOuQ-~rcnD&)}5r?=>?~2IX${veZ3$XTJ<msElA7I0S0XbO8
zzoMsn(%XlIq<=1HbI!<dV}BRS9rR?FLf8kA&*(vu^Y*+IhZQa_-wmuNL8kAnb<e0|
z>}F-M;kuHtc2qmt+nJ2G;-OVS(OO|zSS(U2SW@YL$?M}x{sa2?^c|z8NhU+yhYq?J
zxEI?gPP@Y*ANLd+O;o2VBbH6}ldqdplaR^Os8r~L8GoAzIa{8^(~AW=z~aWC2KX)6
zGEK^tk-z@yzpLzA#+Y<ckIm>ZOC2j&jnkW4fz$I(!`H92$60*a^nsx#o<d7nB~?Rw
zQf}bXzJ;4r&jpqNFRKfvvzfwVDkuITZXr1gRDy2$G{9DFm_>$s%S7s~8~GkauH670
zHd#3fx_`|<zz-fwtVigJ2>Y{Hmt{y0v}y^oVi$VRVyuR{-jZR#d>Ir}ZHcXcX>k^m
zoWWMP;oSKP*%>k(%w87F&~K)}k$=AY#S6KtuqN$TfnRbQkC{~IO|Qd{TV+l#cB%&#
zPz<||x0Ji`5%RuW$ViwI5Dp+h3n5K>zfovkjDJZL7tb(XI(vk1sV(?elfH8z<(B;h
zS6(UMFI9L-h|~zfbtNYhj(TTs%LPq?%r&KA$)G~AwV1fQ-09Qk4EZNVG}j<Y(r!6M
zx0Z0J8V1QfPoq}QOv4fLxzzdt>uR8?I}M#z)w^ZqYY-aeq~qSYE1FZyM491SQ$CF(
z*MAD7Kf|aQ&*tFz&$8Bm-b_a$s81jUk&9C$N@q`G0;Uwd$|5%eSgZBWd9&$;o++<d
zYFqbgd%!$8PP+0~`Tppnf<4ei%Q{%ff-eM97_P%IT&6x|2rbB{=yPFVv;_preE}2M
zjYuzsgnP(tSdPSXrbQTWS9*%C2RB2kz<<7F4hFa@R6>1WfH)cEMp67M%dRcbp?wlS
zWC#p2G~k(w2>B>Bd~weBt`XRlIwR!oPXlfL2N?dqUI&cMs;P=SlH*cdWS3AzO|+Go
zve`FW1tM0^#?qgYGj%lZNIDc=0G<PKTo84<Z;czWQEOU;OS`ayP~iA`GlW~u3V&Rb
zZ8HSe#2Q?kXfD*@4(>^JG;2-X!D)E%RUS(6sQB5Hhee%~{4Z>h$z0fFa`sV7|D>Eo
z{&gjZ4fO`YbGP3$-r3#Tf5m?E9c6WOTGN`>UQ7S18FKtJ>)LjfLgnx=^<}J)EZJqj
zaK&FJzA<1|=eI*EA*k=5J%c!w7k?8@|8Y>;hNt4g?9yp<nCJ7`bd3jwBioGSZE!WX
zp7N}3DGe#<dkIzEJI-gint^Y?=JjEf-Mnj|{gLz6|M&lP&eYz_Z(%Hn!y-Yc2@rj|
z4GTqrc+rX5Sopnzh2Nip`PwpBRg!j3nJgAD(#<s{c{XD=bw%G#A;g*$eSf!DpX*r@
zn-zRRBng5@RQu`%kYY*${^rD;eu01zuMvm(?K7OtZIwpQnS;S*McCLN?ke&ijY~xa
zP{>NfuSRkti@}9v-73~$$KP0Xz4X)ADCzDBuj^EJZ3J*PDZFL{eS*U4V$n4}8`%TC
zD`eM#J4&t9XQGy(@-8B70Dlhz;X;qhrW9v%h1O3{XuX6cnAFl(Y80nIOdVDuylIED
zy~cXyAvM-yDq112+SFK2!Zg6AVOEd5JI;IzOKPm0xjbc2$@LPqV!=2w39bmj&#sgW
zTyUk6b5~VID`c~evWbZK4Rm3ZLE%XKnu}z5otXdz5!S#sJHPcE3xCGZz8?6Am;vWv
zu|iIla>QhqTOs{dT)Q5nfokqF)srS?$caI9L)I<H>ESygo%1K_ybx}jW;IJA?droj
zo8seCT7bG=l?psr0cy5m;f++Y$3Mb@V`YyaeO3soGU=|XOI23^)7eq{NvTb9a58tX
zEY-ZMTBBWyY$3Tw8-G-+8taGiX8B1bf^7oXmt4hZ(qrvd-CU{WH&klwY+9-LtlmI%
z5-q9Je9}VAs_QRnAy{31X>-9AMQ#R6-WKi@1GW*6VdZ!0=x)BiGFMe;D!N@$*_MSU
ztCS>ni(N1H={&`;CnnOFjnR(pE37n4_yc{hmmuRhS6o&tlz-@MOt`#6aHslez?#bK
zo@zkTre-qaxHc5~aeTO<V!xUS)r_oDrC&y#X9fE_v{ID<-rQUNm*tzxPB~B&_}pEn
zDi^%P=Cd>~2ZK?&1E}pOI{3G)QPf1SSFv<<^qfz#$S|<ZC4jK7JHi!q7-Q7G@EfwF
zT7*HEgn>7$Ab%QD;eEoc@Ukv<rFTZE-s;_XYcv935CF3-iTT2_a&tu=CX1F;6(*~E
z*MMV|CGkMa7%R7nYfamN$0QVT%5_k6xBar_dsZ%S3Vs_lqY8DJ5=SD+lh<r@py!3Q
zY7w-|)crvh$%wB@dr)3^TBNV$9p)MrW}*#3e5;sVhksDp=uW@1L&97#_(jOeMwEDS
z7fQAuUo#Vv^y&(JS1&6Y92wPwP(^4&_Xe4bvU}~*y~H^5jr(BsE8`^WY6z>ZAuRL{
zDbx_|n4olN7$H|d*t5N~e!fu9Lyy|51zbj67@05O4UI&F_C~1w?<h|NVee9vHqy0x
zs){a86@R(9RX0pI{TP;767!bL{butPsUeEn)zp1Q;dV83j}%~6Q&-<LX>LuOeK@VJ
zsaq4x?yBmZe>uCVx+j%o=B?<q_;=U59p?NqCIK?P?vMinMk5x@=;uLgygR$TQGS=*
z-sEk|%sMq=(O*)n-A-3)S81)?HxE>WZOxD1J%6cETaZRv-M7QrSYo$}C3eRKe61Uh
z{|P(QcmWwY!>VD*d{4^y^y9BbKb^k6yf{1hcz$|u`spJDRiTPRN;G>5@N!t};`|+7
zA8+&_5jSMF)vOjT5LYhva19Y&&1&#Eg};Bz>RCsni}mt_PZZ*#HFN{LjO3Fsg|GTe
zQGfW=2nX(|iYJ`6O_W5*Vq=w@>)Z<89|9T+5ni2#EmZ?wx_?{F(QJmvzfgXN$f(0J
zdj65RjHY}&hVx|rGa}MN_nlMv8qi-e<HYY(Ditf3>ZZ>)0#?PRGpHMUOD`z<ko}En
z1{)I1YitRiuItN`R4cJn;HMXk3ix1^xPQ_PREc}iDXkvpGCk7lhgh&ovq6i&L#9s?
zh_5PTDq>bb-4NI4&}Mw<rm*i_ec$8i`&v;gvc6PrcU`F-)(+rQvjSy)zRf+R*<zbN
z8q<48^f2Cx#|T9jSAhnN7$~^HCXtNAOKZ*{$piUpPDUO3VJv2<*RA|;=i{<2xPOqJ
zcjYd=#z|^=g1G(!t_P<VeiHl$?O5-pEi~k!L8Fkc6++zO602)BLI-8)N>`)j_HnkV
zoq`=Wy-A<D)WeJm?Ig(`O#6!2A--fPM(zav3Fi|54Dw}i5wcFuc3Xom$abbt1ea^F
ztevb@EY5zPrec;>9by7m6~E-mw14d$;&&D#?*2x0G205jD{>Nvhv<6Z7FNfj(%7bW
z4V6~Ry{bxSo^oVkB{NW~6Wy6c813q`J4)YnskgqW;SJMdnI?U!Mh$$4Ot#Xm*t`q*
zOAzY0fZp0t<D`RirJMbO6NP<r3{MLCMN9c;KgQ{?T!%9;_XugpM}Z7NOMgBx#$VPJ
z(LTPwZ+FuIzuk67w6al*)z|)2Ci7#2?(OnF4z_qanZCH~57cm(GK>P2=6nnbaz9FO
z#9^J{uh@{OfL~U)Y-GRtx0+NGR=A~VKYOt<+1ybHxMx-ZPJIvD5sVeKN;1)d1~3+l
zDi-yM<ZYVFhp!D+!MeY;Q-7j1LycE-4n|`QrN3hPRt!z&3vjBcxvZ%u%Yyc$LjfH(
zirm!*qWGCGeGyzq2Mi7nXS-G6ER)*}O_~EImj@P`6_$i~1>V1;II72)rL_NrS;r44
zyAi#JB3##E`X!c!@iSLeS1n#D1yI>XGY_jn+8;k%==!kooTPQx!hZ-~OPtiwEwAA~
zmCR$TNsZp-%hM?1nnq@^2}bo->P<s0nBn1-B^nrkV85|n=nSAeO0X*}T8v-T#E{G5
zGsZ;2Je;7y%IDi?KP)IAoMIGcW>4v}GX3q4cJFj<xag_~-gU0ig&PbZ42>b_g;Yp@
z0#Wz-O5$Fj=v13;DSubUXx(}+<-(1=K&0&B=*a2KLflky*Yh{XWYq$1XjYY-yj$4y
zbb0R@++(bLJ1g&ifPUh^Jq{w)ysddasgGnkM+$CGZD~QrEX3i^DZn(IWsYaMP>#$c
z8((FeDRO4l%8>)CF9tun>RS+IAq@rekLUZ+fb>-p<sr6%)PHs8*eyqDvY6>o#%8E=
zSAX{%h1=ENJyL+}s=phojT<*>wVGR*x9POIM~9QU61^v1*S)5c=$)YVaSRb)CDIy+
zvFPVDL#n^lzwi-@80?6QIX9kcikK<CySNgA@?gzf82e$V6K(`2<y}pDWq*BL;ONjP
zT$=-QchjgLC4Vq4sX}tMAtfwbg=DTm^84)nHWp6qtt*@aqZF%>u`!UsmmiK!e>!<@
zRUNUY<4d~f%a7fR9aXa`$XHBMn3vWN;nlwi@?~ppJ?p}BNh3Df3+ACbvlbA=4tWwG
zPZUz4g$~TpFifLk83DdMUx#HTA#|M<k9jMuA`LN$!hb~SsWXYvL=5rM=$Cetg3lA$
zxqDck39W^B?cfQ5x}1=E5w6jh!aTq`%L&KitmEy`Fbxz2$C;M}m1+vZ-&Ou~m4Ek&
zY<=b5-kp_yr6awa9ydLgn~9=+eb~+-z!6el%sr}d$NAuJFvH&>H|*@$8>ClSdRJ<<
ziiLP)6@Lk}_T*wpu1cay$~Jz{zxM~uRVpPCBtp#a(1a2s3gWb5?paAuo+_`ynhDc;
zn0YhPvB;8+Q+Xq#sZB<UD-`3<_ASlw6$Bk<T2oU_h)S!xeymDGo_;Rcv%)Nu$&GtR
zbB|rC;@b$M?Ufw@Se~SZoWXdr0vS|EWmjdgRDb114=+2~+qCRxuN{(vvZI$cPpmS5
zmemwlZnIsC$i9fxDBSA6;LS60L6%|Q2tO9~Tg>*YeI8MojVUX7I@tm#R|@>5)+|y3
zDuXJM&7GA&<4i_rV3g|5QtS)>O2j$1Rtd|7v$>YV9Cww)M(R?+QZJEZcxEvK0HHu$
zziC#mWaEFX@Q#;>k*kO>OwkTGo{1qAloUE}WUgcyqx@(_PUr&(nqljF@<>lg9$0J$
z`JlqSM8oV{zy^2$;KjL7yVwato>1Ai3A2L=Vy$lEdr(!+=V9*Bm`$8m&$^TQs}DiC
z+^6ye;_EY&V<TzY4M+J-*!H+&3`!o#&gF(mLcf0icAGgSrlwVIUJOthj*HQvVZ?Es
z0TBH+aQ~ElG%UN7l$fM2v<TD%bqB*^>eoHtxb=>H?&#-^er^H%+^jWuS&Z{qPT9Q2
zcAWAPQJ~|7$g$R(a^?UvLz?FdOF8FL5x9{T)=QRo-|tYRqDn4_x|~klKYVZDC48|F
z&<=lF+Wf{4NgbhDAXLYWp$uluw{Y(ml&D5~Sk#|BonH*4w17iB6U#8-e61hGiS*J#
zU*4`Ja_zoQmIE(ofalM!HbL$e-(}9M=S6VKim>*zA!v8aK-75};C68RhKR3bC~Er@
zxSr&pW>F(t5DqB1)Ls-81`IN<jkj2cnJ0e@zrRxJq{%0Htz2`p2Fysg3BKH=V+3M9
z#v)SV;aNI`0FRr_Xs9(L8Y}|!=acuRpMNf4P!El#(fEvoyTY)fJW3o9+;~wKENB?p
zMtQJW=uBggRZXLkS~-iARw_8gK&j3zKK*p^kswrVbB`QqLCb6<OCs;;ib<qM46%RX
zx^o*wU*>*zJ77mqwRbda25Tq$XeJWG-syS5)$JfzH(gsdn*uC#NNb0*-Yc^8NbCMO
zq!nWLt`Er|ND4UbU{eb8)M?Dbrt$X|AiZ4%D9r;UPM2WgV$N_Gwnu(<h-awIhH{6P
z-h^a$X-z1^|B$9>ASEA*OZmr5q$Yp2Lauv#=X72;!UG|su*{JIgL26m1ripO8ZJdd
z1={F-+=i(SMNO(}6#X{WSIN>`WrdaP^uSpSU@OQsCt;K&H-*y!D-))P@<-@nEX5Q)
zw>e@A-aZSbDSY~k3{E``mP$$3*H!6c!%5i6<aW$ECOcPhXGrk?>Dk-?GO&Mkd%O&&
z6+HjonSrg!#HnFe@S7jP!tVbzGR~m;fY|+ZNb{uvvDNMNbwI3CIw?VjxKfA~?tO}m
z<3^0CyJ@(jP#U{OHEC>Lp^hqi6}EhVUag#6txPa?u&X;}S9@;D*eao{=^1{{MFUat
z?6P4X(!Sb_s>f=pq?r>Nwwiy{Y%1~h5f@CyR75Y-d+6F6iMfbyOr6nIJQME?QjV>X
zZ0|I8yF<LS@2JLhX3u4g!x@*hKwdkfPOb`l4y4>&h!KWP8e=Ia-{sZ;ZQvHM?Z9Jd
zZJh-{j_lrBW%CvhYdHJ4kO|)tF=y@aAD})Y-y8WHRC(|0&d5!@>FR&@-ENH?0;>_&
zoqXqFO}}m)s&R})>!va&!$2KXvWT?&kxH4&ke&TS`sqVm@O^*}F_U8)OouY@h~S4@
zq}u5j(RAHJ9y>VYBIB{U$Yx?{-4y)+=S+~T^@SVA-3X<=7-XHfiA(ttB+-pPOO!UI
z4M<%9T=4bE_*>%+*9?CF*A&8)@@<CvItI7CYtjq`S6{tt)GE7ycU<k0$a|+L{eOS0
zf2UflvyPD7l=Bx*)&WBTza83M&O}_hH(nSWmL>SbtQl+a5=hWp1tKB|`V-?q=jg2}
z40LBB4D__f7UhwTxX61ry|a^l8g6g@*xzzaO=6>MROpULh1!2t2D;?zZNG7jemXlj
zdjG#&zWeFZ@jpTvw>isrU0$Xc8>wbwXdtd!h$1vZc=hB$Tc*PGMEo=xs>dIW6r~UA
zGqj=-@T+Mc*A0fL2mmz0AZyoX;J7!TH={a_SsKh-WHWNMKGwl%{du4(-X;x7DbgoD
z+E9gJIN#imkVSv<F;E6{i1Ni9?iSf^4EGv}vYs_7v@XT|wp`2phL)RRr#XYs6yl~s
zIXjf|{_E#jl=GE|a%SJ$Xm4p4ryWAvrDVVa&Xvz+KT%TMonAwl=HO1=rWNA3qhqMf
zIA?%kQ_O3nK;xUL*0SM1V`Xw<CIHf4R+rAKXD*pnGM|6afD|mN-TkN{g0V9BeKW!M
zY7N1N@WnJilCd2ke5u%CWdhw8TcikdzO7%SU}A+@cqf=xgSMJgpAqG4HQ$(~E11hY
z*pgj#cQZ(%ktPHN7{RhH>~-m<SuYW4v_}!tOuRZ@#Oh(yWybE6{|u%rap}%P60I^2
zN*x0s0GodcEbh{SIiNMB{2L*|nB^UHd*wurZhx-8QwQxCeJkH=(6=(b5<uF04A<3$
zGxQAps%|<2up8Wa?Ev<Oqb4+c$>>|D!{u2J+Y7wJb2l5~QVT`sD7lW3tF`<(O0K?Z
z(r8M~yzq6L+!OVmeA5s)*1G>>&XH+`NMAbUR?>g?a5Lf!?hD5zyK+ZLuH2Jt8|1dT
z4swIjbeY7C@5ad`PB*wrv4qDtJ^$pqeziSzK3^O=JymDikdARR1KTDcpgB=Dd;6)t
zwil|l^#qkP%!U(IRl|Xt=xNLhU=p}AielrD%Co}KK<?N@s)<_>aq~hixPf7$SKNEZ
zTL^#O3q&_fyADiRvC}2&NlmJ$i0VC?l2$&)p^?^b_b<8%L1ta559QLSoKyAMR6*N$
z>iesvkP{u4)`4mFiflcY_Twf!1`A$rD})9h8taf{X`s_OoFMWl5M_`xW}OF)IqG_6
zd*{_~dvCZsz8LQw?Cl@yZvQv>Nh{>H_Z@#hzIxc+Dyg+s+f}V=v#GV}<d$#4_ap2G
z>4#pacH0xxqZAtOf&I1fT746ED~#`}f?%somfuXU{a7=CtvV6DP=c+({r&L9duTE3
zi_P2ne1}ZJmRE99RRgOkHMr*VTXmwTabv#9g|Y^I%Q0FtXbo3aNty84`i6y*kV=0%
z+at9zbivGM(<rk*0fj6C#4Q18ll~q2@?2Ew)-^(%(g!3jnxdA3u_-&&FKps@>Z`~W
z{#khR*pF9n(}sjJn+3l~!%8vBe55kIFJArVMt1|%4^efK;~@ta)dZblz2LTXA4~Mg
zI3k@{iuV!Pyi!-gc}esYSxst>NJM`g{2|TItB$4XSh`xvuVd-zyC#ih>9VV*3R2sK
z-G24@OK8X8wX0v<J4Q{MU*R%TClS6^*%<Ob4sxi*e;dZ>eC~aP+#qe)v@uPHUOcHs
zbVmXyfQO-aId2qn-~x2ulfp<$B{;-#krEE1J-FU4rytdzVhH=*cu@j1e)50Yba{lS
zUU+qZ8^+SZVW4}?%)9cESl=!12UzF_WF^iQg{x*5KofR-#c9UYsu{`G4KIFtE~8WG
zdct28=VvYwbgr4;Y%y9UFIc8Y>?{Ozvj>hZqT$7IRd6DG7D&mBFowrr6Mi>{7hVDm
zp9rSWYRN76dF=3P%elCwrzC&!gi;+%DMdY5$@j?Li+?_Tz7YI{uU@hm@y8+cm_iXM
z{wg@w){aBw-x*WfFKgGc#Ca3p+&Mcx8h$!D`9*!y=F}oK7B$pRAt;>-hQZRvG$sgf
zZ-`dH3DSjB-YI7QdYMXLY*npaf1uQo3<*wZ$gB&gs-hSb7x9XJg<*ef%6sT-oS~@)
z64T*`9gcYawRbI!`1&p!(Wu91)qvxpoXvo<uxA*KOZ;(Po-y(i6H=du!GfrK6fRJV
z@D>Fo%xU-xkHeb5!3QrnKRb7NbR~iqG?>tleE5jpMn7qXewOvvW8;saQs+Z<X6Ung
zDK(nM{jdYDphgvQXkvd6ivYXovPU{Hj)|ri_)3|_aa9`8aOSZxxqY%FW8SSGC<B`b
zPfeU?g?V#rmdN9eQx`IjV6%*bci#5F3Gs@rcI^=C@pTx+;7-P?KnhN3CR!u%RLNG4
zcXs#k$e4%yoUvz<zmm6M<>9tTbSG@d^HR#2a^v2p&PXpv#1(%Hus6_AZ+R`EM0`zD
zMS#2x%u>){HBZnF<u`p7-u^WyuprNRs8%O;&Fp@D7_$5Nw~;&_Yk=xjCb^f2>Q-kx
z*P*)Xn7svgYD181aLQ&IUK_rUMmJ_wK<YVRZ;Hmj7pTx9J;OM{-WHBCyE`G&3~+=}
zeZF?AQpWdwt|x!qTbX3)jQ3V8l&E~}HjCoGNh0YXf!Cfcp^|TQ=_cjSDusKwk0VBx
z)27TPX&g9N(lv0Sm7^)Wa1F<AS)BsHK)Sg31kgIy7Xm7B$+Hlz5#8M=Rb(Y6U}_Eu
zF7o0p5bM7c?w64lDAxsZR3f38cPdDSgan=!DzQMB1}}ek!b<d3LY1G(nM%2s&5&zN
zS<25HO4*^5k6e>xpp<-i*aQ+RQxv<Gp(~b`neTr&52H&ADaggLK}+KldF-Q%bH{$v
ztNp#*opFa~KA{#g2GRVr{v(BzAGXd3J6uC>^t3Z}Smul!T8@~C*)?O;UIOE}hfv`^
zi^=ev3oU;V!MpAKnsF8VhryjE->e-i13Gs~fzE6?>o)xN<<F<*KObEj|ADST=JwG;
z3veH)TT(OjP0aw#ZpQFqq}NUrt|vfe;hOM0Zwi6(KOry4aSJs)Hr{kWFvy`+)h-;(
zW))f^8|1|Yl4FVM=fWngJn63jfGX}MFG~nZoqT^|wxc1zmF5$d#=v2MFU<{)xfe@~
zyg7mZ2_Z~Mje57&o)0aLJm2SV8~ibb``5p767jY<5XQ7DO`&f(yt2b9@4vFH#Vg-*
zc;)?grFoew!z>}kpeU|~5|*uy>0S7whLqw0IT?9CgoO%{Y>G*)6o{;BjT;U`Rwg$B
zB1eDRF!ru;kUR=P=w1~Kl`0b!LypO9XgGxV;v8vF;sfO&ULs}pwt)6wm#WOav|g5l
z%njYV7AyXp?GUwsA`yTnHPD7|to1O!Cw`y8AKM|hZ^atl)CFs-OmZ(3Ypl**Zh|!$
z`xOv;m0>Jmjky=1nS2PlxbR{M0?7x@yv={gTVKK|)E--`Ofq-Q<leSAZd%RhS|uHu
zUo=K?$DAKC<5rKF#$AiZX0uSmy;4+BcTluKiri^Y6Qt4z%3~^wfHgFc#(}{z_U$>x
z8-~}d$a#S>OqUH&g^nQX2*MhQuOkTSyCxk$c;BOx+ujj`RcXOqQwYL(4_h{Ut7d=5
z^Vj+lnM~MZcXg=%;9ja?MK$QyqHs8O{^8S^{O@Kg#Y@F3zkSyAW7oZ9tmW=TtR;!2
zP;>^8UB^5(WB=3)x9lcgKSp}3)#7>rbnGS|a>@NHi-sN|QPiH2(M*c;!H;|qTqW0|
z>9rflZ^1le>1;4@N!Vr(21D#->A8P_&eCCGpoGQLJu)$(6syuz%2PwKm6(@_Ao7mN
zq(u;?KwQczO6<jOy>w<k9wm`*7x*c!<;#4)I?6|GFQKVsH+TCv(M$!-fp+ky8T{!Q
zWD{l?$<<!0N?T^~g%UBSNt)=6n69=UsNDCM5rQ|le;V_fpu*M!Z~WLA=tO_*(+sg;
zzna1iwG!$4mAD{FGnEQKve7m5w6}S3xHW($S{)8WD-ag8!bJFCa0RRt?ipLcK+qm)
z=JVsHi`FuqxxRE|=qH|XWt}jc9yEER*#$<AM;$>kx^%96M$5Ws9!)&oOIDzj3ItWh
z!W~W5utOk~{Nb`R#iCbAgzkS<wakixN=(c2R(09qui=jT8t%%k;hy{&?i*hmbXI<X
zbRRQxy3CGgFp?{Jqz~;<zLTC|vh8f-o)sjhY$a53#3gr(c37^vCL-#+sq6ct_NmWv
zJ(n<RytI91kLT$e7=0A?U$I@w7Ki)xLnBWy8yVcZ+}m;)+p!?O7lD6>fXvDlq{)R?
zx+_0)$=JD2o<^cp<`G6O;{DFq)t!peB%`dOq+SBvLqqU|j9+qhn#jlx^-J4YdKEF9
zl`YsY?288iod^Wb<piLR1LrSg$-j+PVz4gf_s}O4Q+>q^`&+i`c(GCpQae^V4_<j0
z?32l5O<OtR>Y345W`uvd9U^=Z3%9?Ch1=WzCL6cY*|>E!?oLzo4MuF|(MGKJgwBXP
z!ibqg&z+I_CL_i69%na%!B9mlb<F)vn{~AJO(tu%Gg;4NvUVSBvWidWOxAZbS!PL}
z+>=GjTJFfLtF3{<E%;-hJTwcw-Z&6fi(FH!VfhbGsNhboi^hM`m5bZk)j6Jh{clK}
zXme`x?$`jj*DiRL4ZYVHcY2@-Ce+f`9fUbj1eq@8@!{3$bw*SAO;Mhj;`I-`VmCwB
z9drLE@imdT?@0R!Dar@?e2?|`zRllj#+r9P{S(Qt_CS4;818oreF8j^Zi31@n<P)k
z;XNqiVS2s@-tK?)2PNT4{L#MgBON8^nJ)1m(R{k4VY30umx|$A-HsUzNg&VJbw2(s
zH2&T_H2$u9%h~(OcRzhP{>PK|Tt>|}KpuH&#?Gl3fZz2yevI_mq`37YqfeMuUk}?O
z5ltPBr`K+9CAitK*)`MkBWV>^YFP%nkP5fSz<SrbG>(5JK;%HIvXr-X@t}zvdDti_
z+XIk3UC@t_>xZB}fcS1Y!x>W@RbLmX{%(36)WY2P8SAXMxBNDDdY~8-5U02*Fjb%i
zSh)v(Th>&w|6qcCH&4);2B;~-WyjEW4E@6y`ftJKTOpfWY9L)|jV40s7B<Kv>Q;U?
zdfv(5Rf2!)kEt7Ig^cze0Q)!Pbg7i*->YgR&xH?ugIf;tyZkkr$gkm4ehp{xYbcB_
zj%VEi@*DM|4#0n8W~Aw1yJMg)V3W9Spo0F1_wVs*pY`afZfQyZ|I$*W??LgmL&n@o
zRS8XXod#FCj7l}26lL_#%hsq_65dDQTRop@1$=*1w+N5t@V^Pex7%-hBZ*)3kj6k^
zl`VNmk63IEySom>&#tcR5YQ2Za?BgM)g9KnzOzx{oKZW(b0&sKM7~DsE^;vsS9<3n
zzQ*&cr_V@mPpwmtVr(#ngr1RQTp+*GZO;`)lXx3OVu2tY1d~wAYc;W_`h;*~b4bn}
zrZ|6R;lc~B4GMHg!zJQIwh$|AiD!4rK&zImZusj3Q$LlPU2(1oSZB($oK!Sh3wNaJ
z_iPKjdl#X)hE6SRko#a%wfI^+looU>YR95>ENaK1b}VZ3tJ1NktzuDk8zRSAv#6#k
z)C_sH17-a7{=&PQLd@q6xv_B3_iY2bcz%EJ^Tlv`jP&A}NFq<%2$IVJTV{&6D=#~c
zy<fPA^AG2rK3bF0b!V*XEy$Y2PH$&>yWfnBQ!|oro(8xbT)!dWs~OAKRyD3Cn}*>z
zkHN-Fyb&#uwCaK{-D;5#b-@)vY>k%;+OIKfZZ4c+$jTQFn4^j3`-ndRuMX|tg6V&%
zV-st~CPr%0!enlspWstmaeEANX(5~&>UO>gY-KHx>+3E=0?$2lV);63h&dG=jyaTD
zIg3+q^c@vV#jK2;8j$8&t5{9JL^=qugAgAMA<92IOoOE35X(8lqf)cPlEMbDARdw-
zSsDE*6IXh}U&Gh(Yxtx58orWWCH;R#TOrszZXhj!8!rk2l<8ES1v5Gdqz$_!TdfUv
z&x{`y!iRmL9)EfNLBFFhX1h|lZ@(%HIGuq#nXgRyqc+P9f93l0;*L>Yo3VXasvKSz
z#n;{vd`m*A%)Y(Pn%%8|(C>D;zRhy6Ih2kWuc^@@8D08?8$ldK|3af3Z~IHu0;hEU
z{^TCCj3pV5{*vvJ-$r_&<oC@*`_1|1(~CcR`g{SP3HiwXl8R`RdCEC<gaIcw@p)K%
zJA_{jdF`0}R;}}fgrj<U$?KE8%@}__X@_VGND03gOa-)=<=mLwu)tLq+%ElV5+<&H
z884-IP-d0F8(v^jPayD4oQLjgQjj6g(ej1KCG^L<5}hD75u`7*@p3MT8X1XOAWtsk
zWjW|%xsfavUf?a##pTjn(N0f`VwK-BEkNr9dYtvroOl8B*@5ev3f6hCX3T%oxoaOi
z9#rl`=@d#$W?9T1C^i?LM6=+U0;tuRKRnBKOx@uQneRFCqL(I%=id?IN9wRFG@Fa~
ze-W$rz_HKIfnyw)(ifXe22S4m4;*FNKxs^4HgHOI>cCN3vmv_DM40h`7n^1*L_I-A
zdC6>s_+AF+cqG5GOqz-~)*OF#+i6Pc#b0TtE~KH(QeVW*F;tb*ih1L6_(Xbo&Zi|Y
zD9&Ht93Ftf^xL5ZDd<kG&tco~f>Rkoe~nq2=A&~zZjEtoQa0*u-No|IdB^C(@oMTL
z*r15H-HnL3hiOCGkhz_8$eg^d!R3ObXZW{o<+q!$9XcTHapJ2#5chuql(e3>li9}a
zPTDO_m&-6pVqAwXO_nLI0~Z0qRa6A-1T8pBu7_(dX2!BB5gxMBG)}?=Bx)?G?dOyC
zr=NdDuFXc;oTZ<}98ej-FXvRojrLC(a>;EO^k!_(`{_25WV54YfmAK|&v3qB_N5+3
zL`Sl9BwI(abtGE@1gn2YwyEzah>ed{Vc}@ms6H_K(>M>bNlir;&4VM~y9!*$V?1H9
z;srBouc})6HZyG13;oHswLGn&skC+o^t*s)f1kOp^+L`n6Z2Z+tW|&h-Bg`xADJb5
z-EuZJ`d?*t*|a5_^)!H{{?tu<?nTn_PgdBnYF@-faF5-P+@*hIo5(F4#N^q*Ymtdi
zo(3Du-^p+0jbip1?DyUdIhVB=Q<w=LB};%GF+StkFeqaT5w=8~%Y!5~^cCNQ-<9HQ
zhak^gvtgpVgt_G72JS)+pw3PX@MX5-9?$C_zD0_DicL{xO!fpr7;x~scvNMA{InFo
zNM9|~2EOrJ9rAyPVl<}ULULTtno-Qo4LgqTmRUH(p&l7Hl~dJ-8h(kVtby#PsRA`+
z{$M724->_A2kmp$NB9l~JHSLyM|`srVrJH9+_3oz36Mjxl|=<~b3Y?+Jf&aQwR)=`
z9rgE3%jR^T)T6}razQD1_BUe*I!@|o<oE(Osb&begPwmn=;?vb)9yOxDVrC$=Y0Hh
zarxoX=Z`!rGJ6p?mRXE8jGToR!>za(+ofhuR5$PRG16<N3fB{s;R9cu^xR#a`;uSF
z`zxAqTm#pn*Z7jEn+5cE8DK@=Co5qrQ-7dFnZhgND}A!5m?Cq;*JX&4o@h`G16Ru^
zTuL{UbGUyC>8H9^^7~!muo^Q|cGeHuPUu+$2sMCqu<BR}f~><rCv9n9DJ&;XD+Rlt
zy6W#y6vgPAuWdzBQu7^4)v;6^OZCJom1TR<n2m~_NeY<?in`06NMTKc@*GCCOTpFN
zW*aP(^mHOA@o?dM{(SnLQchT9o^(vm2D<U;$Etsnqk1OjS<_*a$@%y?3}bKuFbxPM
ziV|5RB+xd04af3pXfJ^JDkp)AZ3kP`K=FO~3rE$ESCxtU`*f@_V0YCIpbi7hDwFcM
z`Gb3{`tzeTgRJr+th77+{K#>2GCC7OoDFD=7L+$z-<x`>>-k%|4_CL5U?XLN0{18Y
zkg0!@`cbD=wpy*_I6Gy^DU&u?apL*DK{b+=l`0kt)l2M}t)^fVwMK191|;r%!+^xR
z831<XV_3q;Sly`tAvcbQh^gVWUV(hD0ns#Nkz2sdG-Dw;VCGTcd%3_&*IDSv2I=iJ
zM2@u{q^FO}W(cz-R7}Ynz0Cj_aBk17eE5G{9;vg^%&Qu$m-Cw1z{{L|)MNEdx%s4&
z_F|b*z!rY{(ffCJnM!?^ZdUKzReb3Mm%Lb)v{-PHIQr$R8M~)ukWAM(=#jaL7O8GM
zDToY?@$_0y4_nG9^0MG{)n7RPtsuQ%ED$f*FK4(Or7H!khT=5Bb}`dw3dUPrU$1{s
zAFVi#&|BMIh}!@{sfzrF&_5R%8tBP;ULZdsrHe~CA~odRTXRsRNXEEY{!`qGrnV69
z@FfUu1JINKD97L~?Esa^_fRG}MlQYU>k)jQZV^R)oF3@lfBpw5-pJW~wcm&TD*Xjb
zNnp2<oKdbLX%B(<nCF~(U!g*9WU_w>x~m!1Wm5a8TpKH`cItRg2BL>r84EEJwxyVc
z(I!FA7a(q%v+3ZPyBZZ4B+~6QWd7wXL`41ye)$d5|4XwN2~xKM(6_ha?d|QY?QJx7
zZ@0I`Z{ECddgC`+Z{GZ_KPb0MZ+D-y8$*>%i+;U_kSptE__Uy0J&b&%l+u6esubW{
z5YHY99|&xhOuRAp7L0QdVA|!c9J_?wb<`IpwhZHMdxi%vqaoXz?lR)dIdEpYC;1JR
zQ{IzV=22=ZG*F<U$lUjIY>4NDpDJ6vV{+{v=T9M3eOn;!AKQ`2AHgW@nR3;nkH%65
z&x{RX=Bn*(%Vi$F+S=RQ9`Ap?dh`0#ZYFl);=#Z0=Gj}WR3_{*2zZT{P_hL8XZ4P}
z2Ti?&`~cLSRf@`uycn7<#Ds>L<d`F`TR4=Q6N3l(iI)YBo0lV72K~z;_(<(qg<}}e
z{p9dj&n)lj=Lm=A?#)!0Y)`%>(3%j<Mt-Ooswqv^)qsQDR|xNfvBQ71C6nRvcMGaq
zfOk)yGi8{GNpk~j+RSJqjlaEM`=nvj)()+pj(M3T*ID}V$#E-n&gf8O`s%8&OEC4*
znTQJ=mP%(%=0?%=1h+L;EraH%G`<DurEm6ULdu0%>2@r@8M>TV(TBM4W;g|~#{k{P
zGMH1>pF)HcE?Duk5J`WZyzF%5C9d>%y=0Zi(~S~uF7-WjV)sU5Z9bzk;O_Aa38dDV
z5<4%s<66`hG+D=sj5(Z+IWo3f@}yKJAZ|sBXN|I`7x{_G^H%Mb)|oxyN!sV8CqSrQ
zJMv@^L4DQ)Ivx|>sD<8i;8{%;q65#K#{Sh4dTLCYpkw3otRa8(q%-GlHx05hL+q3X
zg~ka#yYZJ=i9EBhZ#M}`4y;tdTX#bLH=NF<v!R%a`EYx@JsysCvj1zw61@b1Z6_nv
zjD3#%z#fLHnfq|_gmlX|wVfQNW{4b{umIZO&FAu`L9zz*;mAAJs_(oW?QV~DrAKXe
zsm<6uH6z$25ZHfpqg6wMS6hCq%_?0_Z0Xk`*(NVfurPNKg@__9<SNSlPp*f)2(ILd
zd6#&2I%K_`kO&w-`$)V_KZ0T71S4g1GQ}aZiatcw^6BYGHq}EVb{E1#h6ZbBH2EKa
z^bMeUR~Qla>#vB1E7vC&xbb=*y>P<ccE^yTn~Aw+G~0iG->X%WH-1xKhK^X<m{?=P
zh_dC8u;y%{MS@DrDD-`?29s0=#_cuCCio)6QlZicbdyhz4}IQnc>P$m_Ht|&s8=N{
zTg(mW0D**oaTDWJeXV_{I|$3{>{CPm6pMJ7ojr*0u0?p2ZiaJh?{>$n5c{{0ZB4Q7
zmBMOos#<?jfYnA!s%49JzVn*4im^im*7hjJ$#!0wX-g9%d)BmNWzt;Fj=|=TLItrM
zI6Y-_FpLQTHKHi;Rd1cWAGh9&xA(@|Z}wlmafU#BW)H<5mXJ%&4>?pOXx(%eG!^Fb
z0KK$Xo=Cm}zE|XtsA~<=CV8j09b#qf0ff3PeTsj|CpB1;dHpI0k-FK<UCwFaElV2D
zk+hkpSL^ZHY0hTcV;(Teu|MA0-QC%Lz57Pm2sRJ+z0N9-RoLCOK)N-$oD*56zVg!k
zAoU$TTz$u&zPnr7d%LfG+}{21)sISj;d`C>vigoUQeRtSEmB`TrxsxlCSd@<MUL&u
z>)wC0d*eZ;1UST?dIpUF|H~Ntu)I8thOf~~VCgPI&6*O0tThI9;!dwi>z(o}7?NMb
zP$cNIh^?wvV)Sq&1w37^y%|D2kbd;+EjlZ3N1we#TMt)t`LD2VoSs6w^!<hqFEChy
zlIfI(7eEbW4COHKy6C5V3B|0;SQRz1dq984supV1QDQY&h>j9_8uQpuVvmyJJ7s2n
z#ehzYL|BgFX2IEJ$hYPco;*$uROCsXrw8itBoEXBhfmaXr)e`5po6_S*lT0h>-T3z
z$0w>S+3zFya)4R9a3-(6W4tc+sg)$uf(I&d4nW0a=7LOI-wmeXa_M?dqIwCXKyQDO
zC~e9lx_a?lU5BzqdUWm7;(GEs8PWw;-z#%zgzsH>RMh4~DUmm^yjEic=M}XXTWzvP
zIlxP}R^8Na4jFd(o$>v!R}SxT=DvGHoyumZ7{Z@2qQ4>%T**jhlU2aK5Q)3l%$HiI
zPLuerQzyO-Q=j*7B&Nc{Nq;+Ixj26-Tf=adgWiFDcwrhFOT>!g+`6#?$^;7t%5>;>
zbDHU6d~;CLUWCiwbrYdXOH&AeRuf=rsV{(R6k+2ew_ySH($pcv=VFn7!I2gtO$`1M
z?1e&WATqas{b~ht)3IL#_A4tbKGJQ=K+!h!OYl_69`f$N55d2$oG@#}8ti{TAGuo>
z`$eeKiDl%CCi-v`WSE}v5-5hxJ$x7rj#sf1I+5mNZn$2c=pT$AO#`+2(zk#iaZ;RK
zFbi+-++hdA59L0QOEf7#SUH7&za2(Mrk-yggk68N4V3T4?W(lT%w3zNU`<~&HH9!&
zyEuGpe3^aKHnk!}(k(l}p3{E{RJRaWzS>xYhrw7!<tSD=<ag{YQE%)9GV0Dm|ACE-
zO!*d@98E$PC01FJnCj&B0c5k@ypPnr)XihSLKw0fD8RzL{K$)q^ii=F62(C9l#&1W
zaLb@NC)&T^t$c7hR;b)mzk8sk)mhpSOZ)DDmiAp|X&+>1-*uMu$t-{EyY-g#<EIN9
zVV;PoD_!z$F$~soA-be3csmy8C`kZ?GHSDnYXZH`RiCr02O6vt>h%=prL|qs8WNGM
zH4FF84@sU3Y@LQyfxJ!Ru3^UnnYoRhiho}5u{b1^1F=B8y#r-1VtCw360yAr>=QV<
zt(pn$hj_PjMXT8mE$V;Jx0)<OhrT_HHSEy0N6C?su^Oduj-e4ot?;Zh$$L!pdGk%q
z2YD@RPSU<(wTwqT+1j@U-}>q3;^f1L2DpAg7exp?5RNz(cZCw;WciFd8R;@z!9*q;
z59bD%i}QETJ6lS=89S(hw;m_Hn!#Hw)Zlu8HyOC)t0jTETMU0)GHi;D)&_p6mM6ow
z@Y7&cbO-UANeY~VGZCxMxK$amCZ}N(L6lXiz(yUq^3YbkIgi#1xXYC)Q$ucaO(M1A
zk-b=zst0L>UX-Pu#=K((xmg9wda0Yai^_Nj$`Q_;|GK-69d8QlxwOVgHN3i#zY6fe
zrX<5VI%^%Bg#&*iMR9!O6L0hvAkhxCDj67=X^qKADUEr%v%T|bxV<+VZ?9LL>_xjy
z&)X7P0|$%#3!X=7_^DsJMq1xvNq-zywWemOd()AR`}~!ol7?@LFB47D+eJMf+k5oi
z#Z0++%d@7zDqMtQBu}-u7cJJ@eF~D>RTIRxKPp1X=1_l3>44pPVRCx<c{|T)!m1Os
zYIT-%U$_?2F9#*EDTsW>n2}Y!N^920Ds-U*G3RIoGmpAbZ`QoyC9Hx5Lu~i|VQ7ez
z7^)Z%sZ5ggn8Do8whcx!-e-`Xy*p1`M5%6`b)D2$ot(Ifk-nO<CeiI2stZVDbX{lh
z&BRg!Gem#r14n*h`G~1Q^K+r9rf+u8aycI4E@0cYL#F30DiiNio+<~S4u!##5-v#?
zJ#UN0D$i|lkEA1$WUA+Bpbcc@Iy30mAAtVgh*~dLHw&`|_=p$GMI<GdA6ohUv-d8`
zjiXtb;C`M0i|RCTf^_QY8R2ej)e5;HLfL*xN$!79HEnG&ko+kk1p-U}l$=?WZMkZj
z+Ey*v(yV4R-48IYFuk9Lh$oqI`)?p9Q68QGDX_Y$B0?fT>ip+Fx9>aWNW!=wHNv&#
z4z03I(V+uXM^%+6cW1!>vB4oSko{P*^wcXAnYRinQWT|p0XIYgw!EJ;IfyOq=j&Lq
zE$@HlSIKeBM=}{pY_kq)-@jq&ZY!^QFPFFlr#AbFT!b;|><BjFthS6G=aJ?FUum!p
zc|Z>c3L3}++Vhz}x~}yiNKy-o-odJn;Aun26l+EY+V1N6HPUOU60ax0<C8bai3`}l
zZ^CJszjRRr{)w%pBOqapjQK-&U@qrpmKT5NL}lEgfr)q(`3ruDvl4PH2*q<O95LA=
zhu_6<dW!@Q<`=<He+AMI{;eC5@of?>=x#=zK3%%ONLi>z^eZ_&7B`V*pouCdw+E9U
z!Gj4WgjTd2-L(E3gDp8|OAgvJa?oDT(q?SS4B9e-zUq<wwzf0<5@yhI`JWOgsJnmT
z{LdybgK9j42Q!2A%968S|AKXDh7kXzoF9x~DRw1DQ8FVJ&&FRy#k?7!esaW~+9dh(
zh&^i}%C#r<)F!7gu}2bXsm{EhYED)x;O?|E5BHNn=HEvyMlZqMT)f>GQGOuT;31j6
z{N=B?7YLR|YNOSlNW)3@JVz#9NuYoJMx4qC*3A?XUp$h+FjXv#e4O6eQwfENW#yKr
zE0FMwk^@9pPpLB33<2KDt-|KAg-v|FhH$kOHNq#)3tAS`b`~s{9zoQ~K_t-#veP)8
zchH`=W8K-Pv}Kx*4i()p;}|?`Otlgeh*uIvJW@*GIA|=)q8#3XGa30KH%5PLwq&9;
zIfyNp=<ArjEt%+7$#H%6=Pj#;RJ1uUsa&Vx#@TN-yloywXiEpGq63|s{H%upovB-J
zjXCCD8R$FwI)eZ>4&ELg2e>OK4@PmCW-V^7pylT6fZY9t&?VN4^RpcR^lM9oPh4Nu
zlczz&o`~2zA!cEG2rO5EcbtD?D6%lgL(+04?dXBMCKsY|ug-KJtBQ*VQ?86^lYD;d
zAVaq+1)(Xga0_rEVRryobwumj`15@-&rhd6{zO!sqYtOuA(Da;L5~!OViG0T^fPdW
z2-`x(meBJzBJ`XFlkgh(7px{-1bnYj2ot9etBgaO*y}+6RQeMwyOe*GeUyA>YD5sD
zXdX}L=5fKSH;(dMdNzPt-?1uYU*XWqXb~Lf10uFk0bnYdD7K@d8ojrpg*FA6ZX`j7
zE(`KisO0Q14$$0;sTJ^s_z2&Fswsl1RgR>WYn3#Dkg<m(7pkN?D7{c!X!dm;q_@rp
ztt}UbYeQz9hKNnejQD>Jc9j5a1SH#I`U?$o;aH<qbLc-uMGz~b=B5dl-84rvawMU_
z9bbZ=h2l4&Ke5Sof{xZy;X1{1I0Ns1KbU|K$6j$+&$#FoUIn{*`_B#zgVyoU>t;y)
zP^{q?J!+m4H8T6^7(AZd@6O-9laBpOagMd}w)Sg-yA;@WJm`O~Su+27KKWOq1$6%)
zLLcM3l^|Ul?Qi1ZC3#sa$ka^TsO<z!OWoxCbU5z>R3THP7`O~>*Rh_bHaXFH9`c#E
z920ln%%))W7oA5O<%RLg)}ry~@OCFa7`H&`f)n1C^45EuhC4e;&mLj&2k+Y)(b`m#
zVm9N1G;>aAFr|NB;YzahN>Vg&yPTHkAMXEl=h^-t{x|&FOW7%BpY-^=n)>X)$c|{E
z28A$6avrHnbK0<i5*y3VRdI9`;mR5>uVqx(u_~oxx=2~hwek+vOvK@kv3u++a!Obo
zU1h-cM48n|QELo5&rW{d-9cu*n3J14IEv#Sg?D6aDSChDx)vr>`E24_5L3v2-!$V4
zjzvSgzrIKdkbYUhpsY*uxTy+!rn<P`3|!wd*bSn|L=7YGb1^NeR!ji{z0To};}$4e
z>}(}zkfcf1FNd09>oAK(McZXIdUj)$48~z{^~iIi>Qho#sfblGh&+0hL~B@HE%{w=
z`nqG)6eE9Mt~rJ?uqwzIa}Qy0P8XBKoaf@*;6fBz_te%5;OIA`P`&Z2GI#Y`xgt%B
zvmYeRToOl0WXK^;$Cj-V_`v>*b%BX#m9Y`{Xu7bYEELobsk3xh)vyckFF&wd8e>(u
zwDJiQ4$mg2i{P`m?$<1r(=ALRe;3Zk$5MW#^xA)WRLUy2W<xY{%aU*&X_fbdR)ud~
zRRF0CV@T|I3<={R!}u0yLZbLDbTb89Q+i2nprTllNH^m$tQkjQI~V2G#fDE_U)K}*
z{^X26aYzzQ+?VUKzy;85KA5N*C4L<pJf29a-O;oM{F+fR68nzsn{70Fh!Ysdt%=k!
zLWF-G@x!mj+}fB^vELTTjy{}jh!fv99>l~l9&~8Pm=!3EbCi6(9iNmy{0GsWVU|wm
zx89q$S*Jyc1p!%z)d!yC?{aApti2=jmIbqEC&*J)SFKYrWCxixq!L?l!`i}mTXMse
z-0(LfH>^x%(1fVsHmv~jbD6%Q*%BacJdJ-w+|aNcyidLWWZHSQf6yRaLZ8KiWl0g$
zidfvU@4jo0m=3_+FR)_#DJ$Lu#*IEIQJHZEy3U2Q8zE^lLU2{Qmq8h<lmIA7c>4s%
zFkS&oSdZAJR_@9{UB|lRuGD=3r{$FyD7A-?S2+LW9WTug+G>yih5#0NX5)0pgo=Ml
zW3zOTmf{7UP_g@LXAl2tcY#dNEGaJuDl{+y5yXO&3ASGpGDRC8<lVOSqb3VkGkyrS
zHxj!vgrD8u8~EQ>!Cr&qgB6v088nBmZk6n6CN|V2u#?XSE=Js5L-T{&TB?>Bc#n7Q
zFM|D`bvup*<KR~IfDa?~J5ueU$~J#~y>t|yIsE0n{p%i<z3|r3ze5ZhCOEZY(vK2y
z@9nDjLHo^+{Tal)AZrY$BEu~~?>sQuv_O-?$pR_lhIo&(!=1-qdHX7vgfeJ|0-qy~
z!_Eq7xvY=dG`r5nN)=!g%M*rlpMt~j2u@#DjTM@zj6}-ylng#f-EK&|enWrgAV(ig
z7l|NrJSD}~{A(nFRC6x&q#WPvhq*%XF%8nQbU+N;{?~usZ@=1g$P{Rw{?~usg&z{H
zqx57m$V>M^q6u@5JUx;sXsKsc&pK?uRw$6Hg@!x{T1JoQp!=GHaj+5z<H&<)39+k$
z1)D>{IKOy%addpFM^)Gh3W<OGEDHzo7szL-X!-rm|D|n6PZV9{Ska*?44&=({eS*$
z=h@EgW?YChqh@T!SNz)Wpn*EPo(Mfp%FO)&77ZS7<xT!tdE`k*DO5Lt*H?iO6btA2
znDAXPBLJQnD|r1tdAtrxi<1GQDKd%z!)@7kgZpVIyN>dFwv^R@!3uxZFYFV{N7>O9
z8{+>riP15c-=#M^t%48N(6>c{D9U#cQatH6oEwZZEEXEqN;jX08~A~SDn3J?2h=T}
zf^r6vD53Pg9h%#-oG_hEYzo4$Wp`}Z9b0zC<FGrJ=f4Q-VDUE1m1pQ0Aw2=!J(EpF
zn)f3a>s~h5WSDQlC=P$iEj${DZmEb^dOiaa`$K5lRkp$$2Jc&qq8R>SDJ&y<kei+x
zaY~1LO7H`$xzmciFjoaS-P{)1Z5R!DKa6lApq}cjc}(PBQTQ<*5tUJjai)9~coFR4
zF#Arh$N$);(e}Ju7#;nq;Q0<sR=54o&Nq<Xe#OGf6Q&p()>ePc-BJu{K7rDB4D7KC
zy_>Xdyn@;!<!#fUAsCoyc-~>jPz>q!`$9c;KjQCkK?*OtL+zz_;u1bCD|qDnWC|Kx
z{yiKb8O;__(sNank(bANL?cZ<9kv&51}DMJ*ZR-@rIuMKwW)&MVWYx9C3TY4*pviB
z0S$bq*sETYRmFcnr07wceZE$MXcES)-JQ-}TjoAJHppL_ur&z+eE#L4tdR!s|NY+;
z1-`c7MASC?p>~lCRa}H1pnqN_yI=m#e|2sBKO33RJDVY_BPK$ytbX~I|A8x%cI`dH
z<vh(0#0N&cD<>%gtpy)}gP1zr<?65yJFZn*3cpuj?+$-~x)~xjgGRKxFh*!GH>8b8
zmEndssZB&{yD;S)+Tpq=Rx467N5p%hiBFJZ;)cu{QoY^~e#5HcF5EH?QXDY54*Pi;
zlj*jp^FJ>~u*&uubpuTprP#!7IMEl_S)7F%%1{q@5l2P*5+!h_b0H_m{bu_(QK~R1
zr(uu{QJ;UOM1DAY82Mqj2EBS!g@0OvOYo2evLg1Dup-RDnim=%;=76^aFo>^UN9s~
z-b5)*<<}y#Lfwq(vS!qX?bM22BfaLT@p_`&pZsAK?j(ZJURHBn)+XbY>jYjpz_6S4
z9wMI`Yclw(P>ydH!5^-s@QyjY1IJSgWS2t<-W`9!0!HlOIK71*>*KwRl3{x5vmxG|
zygvQ-miQ2a5+kpJhHRyAEJ#2=Ko`%CO=p6~aAz`o%p}TJTyne?TC?s%i7d*mdvXLk
zW<*9{xHO2R^clYCxzwo~_pk51><ghi!QNU<BAgEi0>j8KjzV~<$?bTeg`=rB*UZ@h
zQeuDOF!6>eT&$g|C4TDx*lZaSTgJqeG4b^o6IJX82~e=F9Bj~y_|C?VBaU2WYeuvq
z_AWAO5x+sHA^iUJ_rWOoOk-8SB^&06Lt&&ROwyrhgQq|MgZOYuGel-QS|4G<L>JKC
z(?C8$^Se6?+WU|^{dBK6bctm{5xADZBO`yP+%A#RD2!q}IP&EDB0}z{nzJE(u~s6(
z^SVxZOJu0~1kOsl1qp5!Sa$wkcnXNM>8imz)hREbGZ^u7g{|Om8Z<$!M&iQy5)f)T
zJWW7Y#yx<f{_b;i8sPa+5IGR4=QU(dMA0i{`Ve<CL&*0K4?JR&GXvZa7sf)aZCQVX
zj`)-$_XYd|EmQqgw8+g6+C4l3n(Sx#je;MJPT!mdEeac@P&)~;YnsQRD>DPt5Pf@-
zG9u}gJcp`)XgWtU-G)?UzJjBBLSAV5s~{APef2{I{u#vcw7WvaGioZNAxtzw@W;;R
z3Z1-w{o_SHOjMBa^l-)ueN!52mGXZZnbe#X`lXX7=QRm#IHH^W*bg}e<FHeBSEzPm
zh8-?h@rD$j*P82a;Vu>8a})<C)nf#q)ld@!G{j&D1DftYm+VGmLr@Y_7qn_YUkyU!
zsXm1FKx$-J50rTu?vl3_wp3M;WP#C>J17x`^2Dqhv$1LsY}pV6YcLyPOLBksaP*IQ
z?895!9B)=!Az_a$M=J;GIh;WhOIcZvP9mfnw+*LBUWk=j9<hIW*$-nB=OtXe2+Z$>
z0K{v?bJ&i6_;vDYygsidYW)efqD0_>7mvnFRHCwX>6{QQ<D;TuQO;BeGvmwn_Z7~N
zSI6oR5JIoDqaA#NddW<PDTaT!I2gjDWBE(_CBi<03EipL|3ROqgW2Qrvmb&~7{6U2
z=@L8xA<~A#4eQQ~SXc^j3aMTnR0w{jH4X!SbOwnt#Msejj^DypJCFY$>2-l*7OeGz
zt`f`KZ!jTx@o|LA3jDFCUSL!&PvOfj4rJ3N^PLbo9}LuVyAx!MQN4dH2V!Lo1dD(S
z9{uHZj-~C{HysJMhZCXc6#kVs^1(lJ@vYqpdTXm>FX1&b$W_zP@CG#lR)*wu%PYA<
zJ_l{EyUF#XBP4EG?#5AaEq4@C`x~o$beUTOoFJNo@9%0zs~K8#*ba_oS!Syu+INBM
zt`pEJ5}OXMq$DyJr#XM}6!gGMF8TzM@N@90^cYdlU;gEP27kBvY!yg)Jse!EWQO0?
zr46m4QV81)h~Mzx{rMLG!J;>L@bl@#Pwzioc(%P0^wZ&-=?%Vuz1lk@4w3#Tm0XTL
zo?pCw+bLgiLXG)``;f6-A5G(v|G*{HQh}LVR7;pRCaIuxFKT}<%c5d#N{Nq)r_`nZ
zU+=Vou?mM65U;>oAuHjk#)}1J3x@IK1d$i*kQUX<eW~rdWQd2MN7!i|vW(P8jLRcD
z(xj^<)54J*WH7M~Et(;}PqMPLs$Nh%@?<Nm@;ziZIMV9R5EYH%p03|aF=d)eV~W<f
z<YKHXktQH4vvPmMwd^yZvC`u)JvN`%3^||bB11d}L3NRZC3Y6U>q(f+gVx=%%j9L;
zNzQn6FyJ`Pgl1F^qdgi?PT*-$sL#a`&Q<x%b&#%VJC8Gt5S*foE;N?64cy5ga2m10
zo2KZpEWdCIUKC&0)*+lpAbsa(IqdMbqMUaKqiXLt5~_bt)Lay{rvRoqj%`6!Y6L?z
zQTY<pHm|x?^SoJ#&7+!WV|jQ>k+osZU~iU!L=Wo<;ov&xt9gpKoKxy-rAh2Y7@dV$
zYNcOAZ(vT0QUDZu+l}1imnOlK6XkE1r8AsFpe-Ld=01F#4XL89HNE5KJ8_tfcZ;3;
zN>{IgmcD;jZNsbhBCN*HL>Av&M)MNdXao<<3OxaOA+{j9;;i>DVVw>%%tIyQKrzT4
zO{@|pE!GL)3(F~~tWILaN&T84CY^Ko)lKou)SDaHtkdi7+^!gTJYLB@vm(Oa11sqR
zhi#N}b1EC;TTVRN#^x-GB1I#uXbt0_>{$+qy?uW!Ot)}1S*RMdUn~abYrh${WlKK!
zb>dq`@<}5Vc|92c!cUed8`CTWw@v#Q^l6-)zYo5BzO!4FKTob8Z@h4tX3_?_ex!j=
zfV^;o6fZ~qcwNf232t(kC(Bolbcb1VqY{T*Ld9w>s=|ZNE1A9ITRO=j(MjZ-9YP6@
z`FDT(`{Do%j*f{xVksl^qJ^99X^bI_NGaD1z9CG8KY3HYv@Kg?%NAL}7Wq`>ig+xM
zC9IG}2xrUp_-cHQM#ux19OE?2RYh6DI2aT4422O3v4<(E?(9A9?i_Y^58D-_k5`AZ
zg`@S$zx+?+anLKUSJ9(;Y?p4Vpdr8gwl04a`8w$Ss`Dt8p!$P68{w~+{_!ICCtuHA
z9PTV|KVEQcgc%@Gi78)xd5zBo(XaI{g1pq~JOB5eYbFuYrWT*>q6(CvQWvHb{s7ZE
z8zrj668XL2A|dH!$!Y~`ln6JAa#5SK&Qw>L7z|db5d{P_O6#@?k2z8H>(2=@y^((*
zYLb^4DnOW|v@y+jLc<Lr^V6}b-AT&*n_qpOpYwmaqgD`wT5$~OQ;?uACi<zv?F7Ga
z!&6ABm=ieS!hmb*!I`K{dKEO>qoP1(>(`AIuvp#R<V9yvG`yP`TV}yNF5k5_NuQJm
zB-M-qL%vc;9#I2<nK456vsbpOVl;mwsq<cXBr{ToWx*A}ui5+6Tmr-SomXRNW?Wv^
zLHvWW`<M$-{kMx%{D*SH$Iycs+Q^W;577!1KcO-zqDrA2GqYl_y%wtS6d3^$gVMz6
zU&Ri1jsNGprU>Z5%*#^zg^}OLWehZoCa_O50WEvs0onxy6S!5>S7hhnqqKj#wRxLy
zSJsRVuwA<GYoylzeO*uF_LJGJQKAlm;G@ZGVvZsR3poh%<bOb%7I%){22tUxEs#T^
zvrI>&ZJhd%kW<4KxWU)_No8pdp3)WHuhjs<dHSGXdYj}pPhf(90m6OsF<F*o`EoLV
z^R3O?i46$>)*Iz_x36@9QxAWyFDa0)KJ=ltNO{_l%3>0wlUr6J=d~SXs*@%emB4ix
zMHWU_P^Z-zIWDG;zv2wBEu_DN^w$v5M|Zcy^0!$27R$dw9*6D4X$;_iVio2Xwh$7Z
zr_4p98mkRu{%+^lci&N6X#t(z6yH)SIR9N;XZ{tz`3JP#ckV#wUoL+^=y$(1KwmfV
zUfY=q(Bw5NK}_gY8Y=+zhRdd^M(Rk3>!i()k+m5m3sAbT<P%y>mMf`AyTg@h_b$r>
zJMZpxDo8&I^qzYFCRE?O$6ka`+sPbD(>;xr#`J!%Ra_6DVu#K6o&y=vo1$chv0$1x
z)QDyX@Jw}!ta3Wg3yyzvu0opRY(^?NbOstfPuWIji*HT!F?v$J3I}7`sk_)%y9i*e
z(y42u+9>UG*B=-Y=U!xsB+Dw?(Bs!FV~K_R=E(3I%o?o-09j<pc#WQ8D5H#MA*TF!
z7e6H9wN_tulWcR5^iuirm86(=bo)PGo;Km@i=RLjs4{2>hH8Jp71N@kE^km3UIF3W
z$>q$B5O-i=b#63^eeP>M`?}fk7Gr-jjJ>2&0@wt<{QJMbC6h5P9*XnQD$mQR0hSGe
z+Ydar-OCj&wQK-%K#RX|h@!sh2VfGuKY8>1=gYUJ?@r%-e9Hk_#alMxHmw;7pQx)4
zi=G=IyfsDPo2SO>3Amnr$O;Ejs#tz7%!?EsZbpSMjhZv#K{}M_!s5@X9#e|5I~u6R
zzY9W2@E;nXx5*<uGoMXybQ^Wl$0~I8M&QKp;hj4o5U<zw)>+#}e}w-B=)s331%nVr
z&AYUN3Kwm=`y|pE1@Zl+1SRW@`n$dTI$xuWWhts=5EEiM4wGPiGOyAqBnrr8h)fL>
z9kZwj+7UioI&RWY->&GfSd~goK}&}l|8e+sa7)7`=xc2Xc(Wx2Y>5F|V!)Oduq6ik
zE#z@1D>!9kgI#IaN;BK0QqY_^wmQ7Tp~~Id5J%CufVc(&#|k@7<qpECcfSf~NWTnv
z^vDXh?16r{DL$)zPQn3eL~Y<9p7$5<4UCGw&)qf4fBt)(De;OX^RGH7pk8REz7sf8
z;jr>@(N*+!)-GZNQQ`JW>t^4>$6hvHpZGrD-rdZFR;27_c27H@e1(*?$PS);_g(vC
zkl88Uvfzdv*9>7k?re}Rp&ijV{Y`mC2Td_NWo`{YzNQR+K^d&BsC((_n)J1=tKce=
zdOb4|%(YAlKnugc7uoq7qK{zDH{cBxv4+-{BX<s1*Gkghk25uM8h#mXAGYfR)$5bq
zeWL@A?L}qRuI^;<M%B8bM9PU5YcU@MTT&}xXXd4QTq&d}<cRz8X$Y>^uZ7)kvldoI
zE0=IZ$qfR3##j83Xk_;V^Ot<w6@4|vIq;`Od9g^4&~ylA*gkO}RCQDdiZT2ZlQq_&
zvb@%u3Dfo|H|}-}H>n()VjyxS7-d2cZwLW-8pDAV7rj_pzRMR8JK|kh8uW#H2W8oa
z4s(J@oOhVm4bhn=Ns%BeL4YCuRSb!x+E}Gwm6f1>CNU)5b$51|A#wB$oKQZE!#R)k
z=x6CI*8lZBl1Z3f^R2=OoBuofkMn<a_x2Aq<Lay#A3`rk*%0Ba8y}(}O1qxG^CvT!
z;KT7Lj&})3-uNLxQ@B<A0BHwd9DF=Q;K$4%z>`BnD4~UbNL=8RL3*GN@!Gu8^QaE$
z^E9P@Iale(g}&)K$Y;NP|JLU-yghk+3NZyT8srml_*Ol59lRx<ietKoLZd~YdH06I
z1?$dI5M3Z#`6g1gyx;+{B$+;DCKixhz-i;&V$Q`x7f^5XkmneCM-RXNTt!9R*5@vV
z=ghpopMFFN3qDWGMIMZ1aZHb6rtgHJP*h}p+#nf8;VSv{dVoC*Cn(@Ti9EVW0`8vC
z#a`Amzus%P3yHxNxk`}etbtzI1R3s$4C(&4$SPi|gP@hq6Sz1<G-xBOe2m8VVDDh>
zCE8xjr|?Rm5$AZh<XrK!k3R&sPTIrw3tof8s(CSBm~Sr9G|tN|CuJShTWyUy#O1Yr
z7C3Y5B-yAmdE^>kotz0$Rh8UCS(;F`80Fk2cSXwvX{`p<fIKP5>RRzSE&82aH+%!;
z5;+1O|6!Pq`zieLQLArtGA`bwCdL6B!#SR5B8#QM7(RsaZ`z-X#UEUpnjoXX7FB2+
z@H9(D(bsHFdcvfL-MWtZ{Zu9QJH<GErJ!9R@IpIRrwcv2(RFLNR_5Ap+mRYR>Hzcl
z1p1C8p|l)4lLL1plq#wDT|(=8(PG(LRj@HDLwe<HG`v!U3-pwqkdMJdH$%>D!@0KB
zt~AI!hPm;V9*>0JMHyu~#p-pI+!v=n$b(-Y?_Fi-Y)Y&3MBa~!%G4(Cv*>DnTyzI<
zG`N<^JB29Rs1OT(4q}(KuG;J5$~hGuK*K<Xj!C<c$dqKT2p<lIkxYw~B(52PK38Ej
z7#j(-j*Be*<_EODCoE>jW_f`D10)dSq_aHO-TUP)|F-)b%L?M1Kh6*;%URcX6(kmP
z<LKJxyf<qFG00i+sM$@;ZjWz&{}pZ?B*3H>oGBz9nDE&K+do~reG}wKIE5QucyrEY
ziBo&1VJ1M020@MB-^W&rTq>C=8662$c?Ne^CoZzAT%=WL6r#eETKHwn5Tpd0a6vzw
z61f|rD2%o<)nyH2PsRRU2M0xZbrmDIp}1Ab6fE){N;XIKfMGhj5d+wN3>#*k$~IBp
z=iv=bug^ekc%Qig0d4JYHksbLm;)1@9A`N=oq7}!XR{<YeZ3*Y;I$?eAm@Jpy>ZI7
z1{{DN`ydX{$B+q&ZtlL)6A}(C#Le3IB^<rb?u0n*dG?)IY#5vvSL(alAe@5zgZoNr
zt;KohIH%`%kv7p2-U=jtGG)#S7KE}i$FP-+E8A2t17aL<`UccC8KIZbaL1OP@L2qW
zZ=dZ3=Yq`!zX>PPm%*{%0`P~)<OK@VG+E(rC9=X&#1c$W1w2W2;90{63426H_(9_{
zjN8y<m_$Xv)xJ?i83p7KvP=5t!>Lp^?EWP<0isuC;VnLCL*~$bZy5?th@sF}EnZI)
zS`TcXNFy9vD;nqIo{R$wOMTBAQhzRs>+w6`Py|g|<?vF@ErD=7&93eF4O5TnEypPP
zvU(J7fD?f*Vn%-~LeTjjm9do$=Yhx#u?nwoYC`p-2L0JOBeTmDf);+^Z;ZRqSQLd8
zS+OaB#kvz5w6WxWSr}>D@fI>Lw*i$wYnxRz)&s3`a!fBd2A23#UNQ;ikQ16UT+blD
zg<zTT6H?De36$fjDDGsKO>F<QsB6i(*zS&HdaR>oFKkBL+!PpSOPBC^?@K7D!;o+o
z5u69R{D4=KX1O$hMu4Y~PagH77_T@^Y85-Ht*X8=aJ@%=qi7JcemXkS7M3cyBIF#`
z<gCIfdjb;MFG&pSU8Z7n6DDk-z_U(M+8Q&Aq_>8YO`0ruu7*^^%sc=A@oBP=(@@Ow
zGUK)fU!Y~f=IusEyNW7-*LkSm@yK=0;i^`YXtAuzrEM97ZH6f1=|nN0DTjdXy5x6V
z%7efi4AmfiLY=k^PoVA}Pc@|32;m=ss>9!Zr9SsG=13iD{#Y0(bdkdzhgl-*AUq+^
zR#SGe_)g0MewgW~z4E3w-CDU9wJF3KW>wtFN?gjiu>61(Px~oI?Ys!HLWURMgWr|B
zs#7)7X^cCmU%yQ#OU;m(OG-h#(qj#XkRtg2c*m=MD-arbUG&4bH0Ws-ws{X_noC?R
z(ze|_&~i4?TgTXmghdSz{Rzc)+%U{>-7kOnYi=Zi%qlnmhy<P43=kF~a}FKDl}c2G
z&4<m9);Z=M`1iXL2QX#D@Yp!NM0P{p;RG?n8`0Fs$ppg=$zN&Azv!;+4@~qR4gRMS
z!0-=$+9jGq9Uy;w2ZAGKK>r}_rr`Wb=O>AM`0@!!T<;1qP>IJ5*Xxu15mo5ec!&gP
z(A45^_hjyu4to}=Ea^E$-ljU^#Q60Nkf=?>$G=9aSD6a7Rb^L|Z9ZPD$hOcpm$Z_9
zgWm;mAw)*FG)@ecWWJ!alJ(=N4Nc<Mkm~h+S~D`hC-)X=zNY)cFI<@-Fc_b51)DZx
zETvE6M9J_g(^9BGQfMjK>{M5GRzXyVd-2|>p8Ew36C-dFVVmMs%`z?lKQGNE$gCI#
z#oG|g+Y&OC5i(W-Xq!aAI6l=gA&x*a*usszF1MH!PHqn_-kb-!&-Q~BzW(+3dGKa`
zSGQH;DQpNzz2#awA+E*KSJ(AKzCU@WGXdTCtUrlzZYwOu5a?;?aPYrr^f!JTeL!Gz
zCrWWfRDD*$m>kZ)?q^YcjlA;+taOG8FW?h<!}K<R(0QotpZ|cLI)>-vW1L0g^yE(C
z88ShVf%K=8{;Cae`|D1ZaOXjga0_C8x?rxWFLK9Y1v7y{U8O~Y#ZIj>L|V}IokF*i
z<}LEPFERj_nw^()t)-X7ZVHOhT<U_0XA&D4F7Lfft;ps=mY49g8i7H|SO?H}cSna@
zG=ngi78CfvH$|N9?*B*i8G`Cqq41i4)*>;%ROublU!-a5Beo)}<1u(LWvO$2CLNiE
zi6Z7qFU^8<s**g1RQYlcBYD5W8y%3Z^?A-N5=-DR9u!T{4R!{|LZx(8fU#5Iwb-d<
z9L0gh5n)e&n~q}@(l8(sJCI#>!7L&wv28cw9VM|(ucCzCfOT!6R?=Q^EcVTcagScG
zF{Zy(0DZqM#h@-u-bH0WUl}`1L8WgyzJd{<#KA%D@(+HW@*qtTx&2Wt>cmqKun1<i
zs>UlUt$GS#KV3xFJ7m~MTE^}bVc!e{F|73~<;&JYYe;5Ji*%62y+Je`<CmcW0ULjA
z*}lf!%Ixi@AU84w#`_vp2q>X2<!N_@L(9~p1h1WY5`9*~t{zB0hz)!K)kj$q@zOh!
zZl)_ODSQg@{g^BFDmxC8H%O9KHhf>4nLI=iF)jcQpNpNw@rxx<CDvv09L{X`f*RcP
z|9In0N_-L?7%?;@`A3f8YqSwGg#&;8WIhHh4?GF!6~bSh$&Wvty}`IXUygC|Zu9eY
zdD{-+8Tcl6PctO@G3QYkU|+jnC@8?^NL_1jIf4(m5+4K$Qhjl7upe|$)i3wj9Wy2!
zkpo=kE=GLM)|jmLowAd&AD(By;i2?B=g>0dUz4jEV)Xx3$F&c~rC;Y&h5Uc$#h#KL
za;1l0fRQ98eFN`l#!;N{<PXe5f^VI6hD90sGSqe7I8UugH%xXkkit%waALT;hYU7U
zD#-n(v!V@Q@dWajA`7V)>h$FxY>xi8o2i(rf@Z{)qR5q`x)ufMwPr+o@Fi~>RdDSH
zw$WLz$ty|U=#sSX6bv3A>%j)~5g`-e2bVtu0U&>|BN{GxBIB$^l!M)lF{KVoZM?$p
zwag#Vi`7*)n0IwT$BVrK+R?)s{IF?tyH8^s=@CKe-4ADo@LP1P{V>YJ3OH-i_!2y_
z;uyJ>LSDoB5REe2PDPy8D3``6rbih@QG&x`Hsh9T$r4Y9Eb+v3bv;3EpD97(9q|~z
zEN6dnY?f4$K04Zgb2hk-V%gb<pUuq)nY9>p2gcIL5}Yh`b4V-i7%kzDCUD3VX~ZIA
zrZ;wMh`Zk;S_H;Xncb5i3r<jV^zO2WD#q!s=V+4UO?;Gn8hFF8qn{M1+YfW1H#+KM
zCt~6en>iKJI2=?^ww)C#8v>s-k~wkYqB4JA9BBNUoSjRk;6p7f7?{OFtU;0f*@4yJ
z&{>*?Z|Lzqc=8BGsKE%c94@My7jVavnQM#nEj$MJdysY42ylBvMn=PCLfG9SLaevI
zg4eybd|dY^HQRh-CkZqAU+TOYjb5fgqIWk#)eh_y5`&Z3{UiDk_THH`k3=DOL&blm
zsW2VU&F3_rddrPi;jF(ssOzv-94_Ebu=U3acxYd(REOH6Sl;F^QX#@CJ#v}M)=J}8
zVbRuekS(XNvV-;~!gi(OPseTSTa#8JU(!NK<#EsS_9&Uo3Oy_Aai=@fCh$`S!#808
zS)z`&aljD}&M<IA85VBdB#Bb!u1<e~2Vq`=%rWp16YLel?qiOBvHe&tG@wc<#kp{m
z=q2=tRFYypgL8fP-{^hPrvA9-+d3Rp2fPB_gFuCYu}(=Tk#y)R^5Zm%5VS@TCHy$b
zhTUnH74x3VtjnBqgKFu-wQ$oB2?6eo9w9F&kVXUwk+`Nz&yi}z5gl2~8MS{FhY(td
zhBM$vPb7*GcW;gSlJ1a}It_O7|4+Nbmm7na1_jYCX&koBDySxh_mA~}9@~s#K=O>S
zYgcjF_d+S&@zFb;46F8hkavc&8@k&*c+Q0%4C7I_|F2?vh1q=bkR1If9DvUbJBCCc
zjb&rSETPeybPzIqeV7hrl*E5(`C}H6&-!^m#TJqJA7?6?pOe{3v!gg}{U)5IIr|9y
z*S2nZw$(8IIM|;UZ=;8QrPFS#ZWQZ??xv>Yw^D1N$2Rfg%Dg_|otXg2U7vAFRf+^h
zF+ji?<l&9#IqWF3aP~0LS<%P+H-<~K`V6(FAmvjhwkk^i)l%f{DKCG!1yN61W@gj$
zQbW_^x6$Ym9T46FZlPsdJ^h~h>+6`SQ=7br@nK23<O>YxgXqrqaqKAb;G6Qi-KrPU
z{EGoC+F30GU5je_T5~*H7z|Z3LbmFJ$O}@ztO8$*c6TLri%rav`(Y_w83{{y>nnHz
zo`Lbs0&A=Ic(Zq;q6mKvIgG;Hj5n%Ff1{oI-Ig&J<^I*qg1VVYZtpXJ4Rptu%(7&V
zOUuAeE~Lb8)F_IH$Ao~Dp@?jX;%-?X4`GF@0w}lcfdkx2!Dw@Xh$Lqx=f|h-UhCl-
zw2cw7I(P?s^zcRS`sB^Y#Yx~#tBQty4j}kRZ)I5(h;8=(uI_(42fLFOT^!;~r)@Z5
z2r_5+IGP3{r8eUxt{L;h&IQ;I@vRy6WUJa6L{z~c8@Ly?NV{@e0rBv;UDxZAMy?9J
z!OW3`w3qC@rq1ePq!-D_7SRMxFd3$|cKHN-5;J1$+O~0+;SS2uF)vw#GDR8;(srF4
zD5NKD#HJMpze9gsfPego^RyeyV8P6LoW_{{m2NKNE?Pab_&dR=w8XP|_2;HzdzoG6
zh^nX{pXY^gHmg9Gi~(y&NpJ!$mZ0^HQmbE^f^jyKz(Sy<Rv2NhIJ-#ftj?hI@#E=h
z+5E6@uY+8X!`a<uEex;HpjBav*bX&=EU<^!FW5oawdsFugc<6A^dMo}OsF@)2y?|-
z%mMQAhW!R(h^AH62m$U_%%;g_Q|=72o5B_Xli(Jl$==LhF6cVV@Jl`OvIj5DY2rF2
zN_t-zJ^{Sf6))|;(c`)w<@ZO;(A)#i-1D;^SOt57G`)_fi!$wF34=lrEbEgTyCCS~
zN^flAvG;$=rkb`w!n0zy1<n{y=Xke_m=)CG+r!$RP<O4B*f4#mtSw_LK{~9VMu8gH
zy7xStQ8+@=(0#jTTEHH)gk76F&v@i64<9ctg0R(oi(#TkD_p0H!x)4f5E=hH%_744
zO@81G0I&=sGa<Mc!q!tkTIdRXe<UWJT>#;bfi{0><Y;IQhm1nvaxnOmS(d@?ApT8K
zC&V@FqUbp=b9Sa%$XS^wBS;O0$onCqwV#6UKj`5hSWxGjLt|tPzi#!x@hh)EXoh%C
z1v1dsBle203+He#X#GPM|Fe4`U}2u81MX)w^hM*OaV)%b(yYj!{H~k!*(%N~5w!SI
zt^WwqEJafTe`zz9S_}awf4c`=$h#!HYKF8OUY6Oba{u}i`tT~p$Y%g{Jx-G=8kZ_v
z*?lz#XEM3RR#tQ|MGbp=K95Vos!i&@Cr^n^)9&u*Nw%bYo)L|a*A$Yq6ml^}e977%
zb_HJ8>ucdoD~v2@2F8Agc(s`1k)1*$b*4<Y`_a2R*5V3eJUiq*f9n&3R}h=~=GzpH
zO(l5BNe%B?PKnWD%Ec*1_HhP|WiGbK9(2p1&@bdW;qlO`^2g=$*5?Ljb&5E}p0VnN
zs-mxnsouM@r<fwIynC@BHS@LRp)3W!jGf102@|h)4u8wCf~GiJ=VIv6CUQ?cAbe(j
z*C{&>>t@*R&{h;)e+rFm{>HwzB{!^RjVjq)xxoe&8l@N%bZ1lT$#Ck(EK^KSdADFa
zBU2&kNyb7I$c&B-tN6}eX4o%M={MY$&Cttc(M--xe&5~MeQxOuXRJ66WSdmp7rZck
zW+<qy99$Bw&O?ynCX!C}DoH1HFdYY`ufeA59&E<FS~JoJ3vrJj#NQC%tvO|6mkAC5
zDt}@@;2sKx`2a$Lw=9ktSR7Lv#P1wj*^S~cn)#=cMBA&1@!!(;R(orGpEm_z+ww8K
z3LoRpNng@gLDcarA!8XKV-d{U5;Lla8IQmZXogZAw1W%3IDpu>^xV1S0Z#k-YLp6&
zMy8@gWp7>G*2Ro1k79)*|Mq!pb=$APqkj-PR07?6yGHlzQOmBi3H5k&5XfOoxS|(#
z%N~^uf>>YNPmHq8XMGH!7Wa`iL&6%wmss<up!T)NQ=|4SHm?Eu8*ERvj?&!=u09uK
zPiZyM!QyXK9Cy*EJ~B30n>-(gzn7>Brr@CgU*6wgQ)(`Om}I#bGCh`6KPUiZD}O*3
zGSf>M1lp1wSAX>hlNgj1ECUIalcqt&$6mBin<UR56kgdyd7{jV2;OJM#A|;=v+o%m
zYKROq;BA0ux$P~Y6R_#b+pd3yf9CL~DqC2acyq%d|Lzk!-V9lO;yE79l{7p?suHNt
zh^Dfo1EM_+t=?t0hAPQD>{2FK+bEi(C4b?<&ugA^+YmLS(G<%G0D9a6Ene28S4TTH
zq`JD9c)xqwZ^xI|4*^4eqX6%@b6dAi{u74sPc*W`TH$L>gP?dyvSj!Jl`l0@`bD`?
zX*UtE$O4+`0>7xp)HdVdtQl6nT`lsfa<Yag?|LG*W`qMB2X5*T6A%BtbR;R{x;#4_
z>xnAKXBi{-0^94w^cW;m6@z&6F1vJR-v~`w>>@yF>KG71ULiq$JB#w`C8$5bFow{F
z7{V6K|0-yHQYyXUB=8Q-st$um7)OH$hmO)=nGg;eV6*6oc%XhDs5K&VfVPg_(94*<
z+-|3ewJD%aBcc6I?p6v~Na3P7L94PV-uC9dGy)IZLl(pmm*!8y(L8z*rnLEgIJ!9g
ziLyQfBOv9&e{f+@jq8>Kk@09|58%OvGy`y^rIk!*5aH0;OqR5?<S$w>0mm94p#zYR
zj9&tI<cKQZ&^%dXFFw149REp}^adZ#-Y^X(#W}iCgxnNcTq^+o+m~t)0Um#bU7G2s
zjn<=<JZqEam!a>DouL*Qlw-~4dTkQa=z1tl%;}H6!=J5+sFRj!_5R)Y`*%S<9nQ7e
z{3osg@iV1*#Q*pqOaG*#met{ZfQsj)yv6_c{gK3}@P)nC%0XYI#ngMl?%w{v;dB1?
zKR+%iP}>2Y($;7iYYFBd)kA;RD-ym%IA6SqnPi`&-us#%K*INVmw<CYd_W)5BVFfo
z0e<Na*0m6uRW(C&E5Z0=5zyNiq>B0g1-);IpjP%{Eszu?5+X~QBZm3D&QLrcx(xMb
zSk<bp`z%OwW(mLYamhQi37!EiI~%}vg8iADi|!dr@_)3g74c<mrs#h~3Hv!FQF+tf
z<yT#HjOFz%LivgF)Pc}A#?yTivSWd64n3+N-b-7Mg*J9iqD?awCkd^ChRYq!hEdUT
zuQ)RBaP4cxz^&o(8O^e}qyx?hU`v4<={YYG9%V}XN%dw4|I4NTwrkB1IQOee+ScgW
zt7m5%+5mz6IE`QX2Qh!_8v8efy9)Z(AA-<-=}h%B69)W`yzfKHrNyc_mTuuYdZw#m
zlu1WC{rNP6yjB;WH$;h=h5FN;h(kWF4+d3wAm)FBgu&&wAbp+(E@0P5MJCcXdcdBg
z2S{JjG>xOdJUEA-<UA_WD_pTLFl<7ZbmsLj<(qM>ww!>c#tDCT>KePA;IAP9l)4%D
zG;%HXh4Y{e?%@nQ8xcC9{2I}yIGRL73Er23MJNKNDSE*E+mqL)AKwzRFNQtWuLnP$
zMUXlvXL}+V`abV4@5zp;4G9C*9RGK*-A*u>FX(~JAcbK{VO>cl;C<mWel-M=Ai|WP
zdW%GloW~w!IMIL5!|F<nLYo3ZHIfqWffa^QixA>8Vha~{Zkule{<_C=|8b2qq&;zZ
zg*J<`AZ~ibE7k}}Kpyx#+iJVN)nJps5jOy$E$rdYLCg=dv7urlRw(rz!gE!0kEK)J
zuF`FU6c1#N1o0RK;B(PjhA}Usw0x45+3US+pI_lPzx^(@uJfdQ#$hmsRcK-vBw&sr
z-H8<5L|0gnab}BGSyNm172nOvdea+t9-<`YkC(3$0U&?lcqcQIgA5G?Xjs;jkgSJ+
znvoj!>Ez0RFC7c5;a(>G7PAbQYAAdCc3xJCpPcj2G(*~_R!=+HjRhDxm2xjv);>O5
z&Wu>b!ziD|;rx-Yw%Wuft)DviaPmY(%px4XO*v|b`&3G48YL}#^)eN!n=mPu8|bJT
zMH5(mpM-zeHQZM!__9O#37pV-B!%&2X=lAcOZI|jSgk`)=P;$_Ze2O(t2s71-{LZo
z2xB|yEPPzxaZS9_I|*lLNQ)Q%R8YtgqQp`e7Hz3xXG?XMDA%BFGX&~PjgOM3h=>DO
zMhj?E0YR3bUx<?VBaEr19Eo8>5JSZD_6>s+#DsqwMx&9!bvZ$rMOQR7JCw27SS=Z;
z0?fAXjgLN@3WZj4A+(<(aJ2{sau*Iy>HL~;XfA=raGF#Bxl3;P$vuT9G_X%{lab}_
zF~aFKLvGZHpF`585)e~C`%xFFqvZ8+Gk?FLugU~u`2!X=twq&ztr7SS)fIER^*F$?
zsziTE=zB$|tl2?j>%KIC;rb{-?Z*}6Rq?=)vslUhmO+cE_6~CcE*w_wuc!{&pZjRc
zrVuu^So?#q_OizLD4a&!8i%CsTO?gm!(=fTa#DEqhCe|SZc^?KS#^*~Gd*-O?$H)p
ze`?@*1C@9^!B*y6O5Z&=T^^6-u^aMAW?z5q92##T^Uld{M)JsWA!IF+DR=Nw8Y6Gy
zygyD8V*jN#`dh8oevhknBI?7RhS3U$)><gVn#1r_ZTNKO=p2`J7BBCkDz)9SwrL8T
zN15YLGc4TJEt%T4DS%QVarjTwJ)a(<V@ZR)-(=SeIQ7mBeJbKmV?Df{a|!AkU$uWh
zzZoLj_d3i=&Bso(!R7cnxAn4EsZuBE%0)e{$Mq(v2!kTL3P_<HmLTq)kxJ1N`QRCa
zE<;@`a<~09;z$m@Xe`2}*!5b80^ikE>0a9Auj98n2J4%q{*}4`AGMlVn?QAs`n_XT
zyxx^n+tc~>Q5Wi0YDoWvKkMNw>CJyQ&gzEhibK<wf^L39jIydt>fYh%&5)}P*68Wy
z2Ap(TteYW__xD6N%N7E;>kgvHG^V<3b&z6JZ=TMGIEtfKoaG(#NzD-Vnd;{HYF9K<
zKgcM%*ZT$ip3V?|zc_h;H_>>L7n&h)_r_DopXa5y3OpgbaQIx;YM$%(UHpG%CrH%o
zC40S2Fq`7O$l+!9xFL9*QjBAnp=2{kk&x-NmFWwm;R{RWE)bxLFQm2Gw*kiwR&~9h
z3`hl087&NGh^zXjn~#m0`g7f9BxZxmg@{?YOKC?r|GQLD{czzMG4$23fn1Pg2>4hp
zqR`5!EdW#adD}bcE3uhpQ)YjV(hFb0oBW{*8&V=(YtF$!?P>+Li1BXa80GR<fD7$$
zy@&SGrB8Opa(PcS>t65`VwBjix)zK13#dAvIiYOXF+(EsH~{Gi#HTNv3Bb?@ep?6I
z*bsf&eA2>mqSE1KPql>uBl_i(2B9$I!R{_8&;!N>RLu#vsoZ}`QD1-64%FsQ9nMeA
z&rjdK(`yAvd?xjIN*9mkfb1TE4M~V|o{m6%cwKKc2b13t8lDcJ;R);MdLq-yW(45E
zZY-kFG`RZ?z?m38!vd&kGD{G>!9_u4n1jzec=P_}t}`P5J`w&jtPcqF;Nxk~SL5&|
zO0$<#H=(|yNz@JbAsT;m(v5bZc{X<>fn&R-LQR&&UK+L`!NZ#K8L+eAN)5Z<Z@mEn
zAn8-fQiab0EwS*Ryc8>qR-3%31Vm=wi%;ixYUUI02L_;)n}TjNlC|KpG}|uudm3IF
zf#k~g0Jl24U~i+G3q)5l<no17_R;Y!y`kk8VQYb#0fqbQgo%F&X~v=BheGsL;2Gk1
z&_ao3+`JRsq=?^zgX^md*BS=q4J{gwSft%dL28<hn;}P{6v$#A&@$qb%Z_nF6XUq6
zOj;|kJBDFC?x%2vw}S~*IPdRv>N@Z@#t1t;m|EtEe2^?2H0i{`Dce#h*>^Bj;*%eD
zH*I}_T;B6pu{nPL<YIW$reUYl2wn*zKB^U}PnhRLI>p7MqD&Gi5|<h6@*s`|*Le@(
z-!zVU*J_UM%-N#nMVR3dDl+m5(=znH(`fj(yNT)(<xvsr?o=mdo#2N1#9eltVW)>&
z=kL!0@qo-mw$5P~79oW1!z%@93bB1uu*0N@Bpq?B=InoxtC!gQT&Qqpns5_!OY=Iw
z`nV6q?KBnJ#Ob-sIJ9HE8`p_oX7Hn!$pNU^Jb(+!r6%h0!EMoa+18f(l@m^ebrRhS
zp*l_E?zA0O^B@K+jC1Q*?}pHArceP{wBQ1*u!WIFU~Pc(OE?^mOrpyW7`$hy>-TCj
zL*(y`KFWWb{ExWmVh9oBKz0e5ISAZ^pHXMHQ$s-E5qi`NfjK%lU}k|;PK+1~#lX;y
zbd75X=fDu!WNZR~<sVPm)wH(}HRsFF0<N@}$i5i|aOPc9a(}3aG~g0k))hn#RW~2r
zU!>XNGBD~Ck~aW`Gitb{lPUOpXL3P@bL?bJx{H6xHKXZJOfqVlDG-iJS|}%554a)4
z+4W`;+*z&fR1q2t(jx4<QhtXuSELbq@QMa`PxsQ;fhc@ia179Lw<zat6@nKFEbN-V
zCDO<}F-SsZ*-+Uq!O!Nn-^8>$oQPL}m;j5W7;lJ@Z9aYA!32Tl@Nz!W3$BPhaOT0!
zs$YK|A#T8gJ8wl3xdD3~H-JL2y)H{9xD7L+eN56J{Iah`X{L1McLnFN88>Ln$N{5S
zGT=pf8zR0nr3XAkRb5Y{*YE?Jm;sU%j0p)I0NaWy<crcF>=`5L90!8)gMiPZgY`~)
z4!lLyI8WiDDA2qe<Gfrh2ThbBMxgfenqGh7Vq$mm3LqI}Y5~PI{Pl=7wql097Rs@q
zTmZrDGc`~ck%g;hiCkKppSp1?<jR~%Oq4L`xqjwUHa7)_+A;&S%m9xWaK1<cFq31#
zqB>V5i{@V`k3Y}|+4-aZNdZMhHV3T&|0&nSw@{tKRyP_UwgbE7Lj#X!$Yq3YNvnUR
zS(MV?aJJ2xVq|Lt`*-U)*`;8=hN!U*70WftaQ{awZ`LNJa~DFEebZz+23Vj_L?SX~
z1o7xe3a$%rXhMqwmwsHRzBXYYzPxu2z6>H-@I{!ZCBfX?CXm2IgkOF<ZHDBQgS@-@
z)dF>phmt^fxx(Y3<FyIy6X$3g-7kMAmiALTZhc7Bi#RmWA<B-*HY!@Yg5AD$_RWyx
z>t%FolIKgCNjXZY=MyJLP%?MF8S*+RN_FBQ<pEaK=()hE21`tl0}|EwgXro{L1<^H
z%PAcJOgQEOtW{A>ZmG0u47>)d|7tB`L)`1d7_<j%Qm5jM`m$P5_b~GskTic6{PLH7
z*M8@hzx-d=k|6_fN{j&gW=)urXlEMc?gePZ8GKraB`2IBnY|X4S=4AVnTo{)$0c;o
zZ3F$^rh$GTOfdVC9$0H6u={jmt@|)ldB7Mm@*0L7h`wO=bF}(_u%Q;fX9T<5XUiiE
zRZ9OA&Q<T+bzNHmm*-$$l|FwU`ODl|x_PdA@OJe7lZC-QvR+Zy{Q*c>gFtXF#piF1
zbbmY==IM8bK@4U(8O#ZG%7b72<$nabox`1-U;>vj%#Z^;ONJy`ai}ydn@G!>ahKK%
z5T9~k4zIz6$ZyRM@y00bdV-(2NRgXKbNV3qGisUW&!tb1MyS9+nc;tH81BoVguzga
zBA!jXa6FwrCGvirVn^%w%9uITcSHR9z{5bulaQSs7$>u2=)bhptIyz^WPaiCsa|Q#
zO!zd7gVy!)-tXS3Vsm1KbqCDhhzhiP*d&vMMM_|KqNwK=PMhKa;?ob%MZ2W%obEV>
zpU%aXTb_>m%fIy22f2TT59p9m)DvE{DIiZHk@PooHOtN9bZ;Re9nL81?8ecxGH|e+
zjG;HLBh|JMSSK$A;M-yLAm?Uow(fn#iszL|@II2Y^-}jD3rC}9&<J@|ZUJzIY_Y7Y
zC@BT)itJEW{33V_xBZOb^fq8y{K(y{_4e4u`kHb&pHfZ2%%OkLHM{HQZE?9)=;*mI
zV{=UWrWoW}QTN);`&`Ai@;5B|T7PD&vvO;eV?HmtXAO@so|{-uv}2_y|9&T}ncv_I
z!F$v)Zf)nFHvxpyxhzJ14}zh5o`5|^2C9{xUa&er1cJyw_)6EV;mVk-n<nv`hWB#2
z^B^2hpL9P8opyg*d<b=r<qsJ(^%P`&su@H&X<$>&$}K5={(^l$Pp_*hAajAw3Q`Pp
zamo$EF~!VmHKJZzYzSgs()K_lHH3S@a~0@%)UfNKK4~9oejm#k;=NH6s~5p8sIDu+
zyo0e{Uf@djFv}toc1D0Yr3(0+4tLB7x?ZjZRM#HrP|<%56nN>ZzjlL3#7ETQqMNlz
z{e)9w&~Ue!I_b`)K{iXU*1reBoaQdk1x&&paHT?)VaxLrqVdPY(rOnLQ4BD6+}+Va
z6JZ^egk?4%@``0t*}9mlHQsCi1#K}87x(5u-m?KAZIa|!<)c|_N=mumZ0LBSSz_aR
zMkcP6K>B~X_xW=h&6&o$Q1!6moz`?3AxF9Nt&YJTapyetFgpXd8**vSn6F{(EQ*Vq
z^8`y!&gKGeDV(Udeqn<1p)sie1#O1BjxtagJz8N#p-GC2(yWL^Ax^$%fhal%LBlQX
z&v<vM)zOYuy1{jL7_hc^!{cliX(4Y&!F8>f0Y86;UA&{r9<<mcbtsPd^pXC>(2(q|
zRk!9E`A7?q22QLIDw!T#Vx_nIhd?Y8q<OM7SU=Sk?X_*1g!wf-NoFhLZK4pcpxI;M
zAB1H;=0py%6qm={(v`)IInG39GFYp~!X%GS>+DBuN?reHaRE9m4S;z8??5enFm1wB
z+<<?*;0<fa133X@?e$c*Il%wL#c63OK2j`j>*%STVus1Q!BO{V*W$sCn{hw3`2Mey
z-<sk3Pf$hI6P2xKbpPcqf6dL(Vu}&;G`_0izzV+X9-&cYLpYGY(SOYdfIwPEqgVo#
ziodjH-QYT%l(&3i1ME1BhggQhvFK?ZnS6hO-IZG2opyIq`<0Pl-F}GMlie?ZK!omx
zm-+ayvan!24zZ58ApybK1O3jbcEn!;@SaE%MeP9LCma<Z`j1=;8ku=lJG2?l6i%l>
zU%^kPBe+rx&(F@8af(>~sc=26WIz%Q#?j5OLluV`11~ia?_Zc3Pt)kY7*Wa%S^H3(
zI+KE32`=88Hv)LoQ}!nW(x{#uotV$2D4g8bxnc}vxQK;mokx=yM#gwAnM{=!l0Jlt
z8jX7sU5)Y5<f`|x>VJS37(c8TkTz~~d;N}=ek1`Ff8U?U8+bb$=`Hr#D`Fr~PKpVv
zEg&^Qlm~4{^eoUQG>OQpHXE8!u53A=OHbL}4BdHaI_t+cOedsv#~!`kK`3v+EYh(B
z4H5miOY@#EfndLWSdXSZqiPUigqlLgQYq=j6!V4cM;Kx<{wF(+RG67zv2^cxII@%`
z8QaCPTgL81riVmA2Kq!UWIk#Uw>GKkDF8U6+>MdhND&Ay6V{wFP5Lfx>vq_g4j|4U
ze!6)3Ml2vUW(-X*M;Du7GyEk|HdhM3pTYtB97csPb|?qRy1<9fVB?Rcmu@8i8GpCQ
zub6oz)CcvubI8JyVT{#Qcw;jpeC)Q1TD^8A&EusXBD;G60aJB$+kzOV?M@~zUL1oX
zqS2rYVG_aP0%o-dR*&%xF?gKD%3Wa*L=%XOBHl&BlSffdbotS0Sbi6G?7~}_kBuNf
z9E>6r(_$7gI=v^ZUM3lo8hN$J&wtPo6<9K$wb}G&G%}-fFthm{ZQ*T<g*o|*0`KMF
zB38#sSu{w42gH!OPm>l0i-A{ppt|!ExHuor-gN9}37(5B@f+QfX2{#ck)7a`a7`Jc
zkdA^wj{Uhmq0rl@Z9HQojcG0&8be$-chWhkX2|q7j0c>avYX8F9)f{L{ePIng{-=_
z_T4qhdC6n4INg^CjJf}8r&;#<l;Q+ZEd<PPr@148j!FN2Iy&nWVAqw!_I*2`e{3xQ
zn{7OkFu%5A(jjGrZ$1h+ppl9MP7GLS>egD+Th|`vC;d*jy<Uur_)%+II;Fc(iLQ_%
zsJI)5@?Vg_x?w5-R+W0{Gk;f?aN?E8;CRi^o#{eHe>Ep9Gv89@2d)#5TTK*z3!OXQ
zr~@@YwkOt5=3YfOEP5P(EZ7H$K&TImBMyoadJ>Xg7@i`@%vo^*0Xgo~-O>ftpDxe|
ze7e9F57Mu?9xm+IAo9TZ@zI+TcW3}s1a8AQ*z&v}cF$pFXJ-d%Eq`!i8OA*>!CKN#
z<N@KUxkWd_JxP#v<(qM(whV(`DZe#i7&KFh*Ap@JNC@u1AQ~ly!^si^Vfe}+g$=W-
z@pPsqJUE9&oCS9RP^KWDbq_4~>Ehx8K{K;lw*Qy`1^HmCCZXhQIgcIiy4jY@6fjMX
z!8i6{kg=$YQD>PsAb&%Xc<6wcFR&qT#oDtDmW~%FYZg|sLoA6dzw^|c#nJDQsR4Gc
zi74Szh1VF7(tvUa9Z}_G)57S)3R&iQ;8Bfa931hI3<sl>E_n@(OItY3xZ?$R+}L*$
zg~5mS=hCw}E5?jXHUib9IRhjxr^OUINC_mTN`W_1z!fW+*?*N<eH$UkeRsq~l#H?v
zGTYgJ$}y;XdendzEiXEeQ8?w6Am6uzSg>!*r2hr_5J`l%VGdr#C>$-Gkal%uX6Pn7
z0^x843%dXuGDL$0;hZo=fY%Pw!Hid!)5E9=0biu}%ByysF#X`5HZaTGhiZ(tu3UxF
z$S+&@)?J3xqJNeRKvD2H@KtS*l%h;*t#|JxyNye78;@FWu1&_D+>z!ou*uvtYPBOo
z`<Cw1i`Co#i{2abphva10$y?!+y(_7oQ}8x2;n(Lf0z9*4)tU)Gtb}>k9U>*nNQ)k
zd`6B<YcOPviWQG1M10uv;gj7(^lQ;=p}}0T<efeh?SHLozSAxG9cd)QBN{_yrXG1W
zKy4?(tR4SUc)ME?6*zUsR`8egnD-Td>C|an1pieI<Z+k()F;5#UTb1U;vs5%wB6((
z>T5D|DNO{f@Qa;j3PJ|Ys{HQ!{kvcqX7~`>ryf7<e2)69{DPcxMTHD)NvH-oEZN`A
zg7NJH{D03&ir>sK_)D(hbb@{qBZ_o6m=EAR3TJxo;6VMzW*mc_3Lu4!9{xBQ=#)T@
zR?y5dxCL%EJB@`yJN@}{@8I)i-D69{oo0ydyhx{I3ri?sg^xm&#@de;l9+)CXCKZx
z+6*`jtIk}k&X|J7csK=fOXsMdj+*e$nq{-5Du2n5>jl4~?Nnim$%<m@+o5etS;|9W
zQJrZV7E$zA+?#^nt~K8P@%JUz$@18a*PP^qjP#HB&oc+D%cbUiNZpi{d?0f~yOn-A
zM5usRu2iZcw@Y`=Yyr4dbDS1{`z1@xC^z_xr;FMi`h_a3LoMUx>0|VLXNT6-SOk81
zV}ChrBZwewiLG#y%-Q<pTF-}EVPH!=lq}NhVf4)e|G7Pha~YNZqcev~@RIElUZEV9
zow$F{AWU$CLf_(5yik+L5YlY18X0&k?!%VRu(KbW4<M4^_LhgwK+qSKRugMb?M}e6
zK?H}Rj~DNKk^^ps$U)weFYs;~N)3Ly^M4<L;}0K$SpnzpCp%qO$601ci4I>k<9@9f
zy#f9O#H+UKhA%H`HcEZh6O%T)h7yz$E;}8c<ACP`v4zTU9)ge}<wa=F7mi9#UNTR{
zkqfjUDS%icq0I~O62YitIODRR3JH;e>B~c?fwN8v2z$Qa%ATH|K;e!6Q|Xq-@PAc^
z42eTvxW)Oe<twWva!|XAgH&m4k;PeaNR%d6J)NNfX{}R8XW&7<)b6btr7WEu)k_ED
z@W0^Hx2%P=1v-(nps5IDOCyzGK36PkDxqtOxvz8uVm@TKnof<J7*ZFN8i6D42_|n$
z94(wdb4%-s2XGbX-mo3a!r_e8;eQc00XLBhasgp(V;Bra2+G98xaZG+_f`N<8q5F1
z-TGk72G_YeJCJhQ7LLMx03ayj9fbaxF`VL{in7F%B-B7=;W)G$ni0SHnD+Is>9tZ5
z4(mEvkD5S-DbzCu-!|6S9DW7jO_MNcCa2XW#_xIdQ-A}(z^^Ia?o6|^uYZEpE@GfG
zNMt2r<4uOw<!B>se=v1DJH%@fx1KDKg_9}!M6d3P-LBdtbX@ld(FPdt=ceCG8ucZB
zk!&cO!g<-q*Mz(FJQf1wDCao|viIGDL&Gp1_fw?xG~!syGz2^sI|pG|UV&u-(A{x#
zHCCC=%D}hicJZPYW^gx#_<#Cl$noc}7>uO~@8|KHXiIM)&Q*zs`~tSRH%*7w42!F7
zLWqKfLp5w`m6W&l2Js9h7)aFZf{X?kP#l}9E^S#JJo<8*+Jyev)-~vl?*!LMF-%)w
z%(EG7fwUr|ALq{g_*6PV0uR?gslrRKf0?>7;HwJ&)eI?X=752oEPspG3(Tz!GRS2G
zeLGh0f{fbB4?lmF@=}lv2D23kLr+15KVhYgcL7n(SB5}|N?-)&yDe~XH0A-fT<{e9
zKS^&=xj36WU|Z!=km?yphUMB12Q&mshjYFRN3<NNub8dvmrhMROdA3zgFI;C#adJ^
z*P0w~wBV#L^*6}(7k`yAgBAoBZ8L)4&g!@0RK+KQ&s8_k5YZ&+NRjhTXD&@odkKT}
zw*whXG#IBjd}q`ChnW6b8%XL$2QB=o=wb!ml)eF^Tktb+PrSdNjZ!fb0Ad>#1xjJ4
zKbKNE9$c^?dbtJZe-%i-5@wfkQ%RGc`PZix8kRqHD4=jLLw^X>a^!{5jMd3x#_hVa
zM}{sPoQy6F+7Y8f+u4j8wPvt933fvyw`PcZ(=>NI!BuC{0CuP(b2$py^W~n99lDk*
z91r_s3L|6=1TPOuhQu0_h9YOum9yH2rxIogqW1yhm^Zj2`HD>X3cC%aS#%S{>WWMH
zg7{gLk&(BIyMJJeL{Wvtk|P=i6?)2N|6VGQI;j5b*PM*sWGLS|d^{?H>4*La$gy;)
zG|n0XV(&o|$(Cb535}_Us2dSf5kiPOHD`|S56yI=htn)&LX2`yCXN3>Sc?_&(+`^h
z4>c3=_d4!%J3S~CErG7kEIoikCI|5V67SAWu(LVSC4Wq8h7E@kcoC-D>1Y%UR8Q|v
zfuG_cH?)$?z*!~pgoG9wyy<ckbAqR{%V^l{=z-$;BH8;FwB%><I+|BbYv`isWjGvW
zXvb-~y~gt7yzs7GC+Tg{vuR>M)nH^EJbwMRPENrYx-{$aXu5cXjRaAL*<jrJ;|#$h
z+|b|*q<_fp2b_;%M%4Bh33?KIX=Fen1bomAj&ZzUAmci5!Sy^Dj6nv`pLk=10U<7D
z#X#0pM0qM}EG8;M7c`p1o8mKSr4&4`4V;ax5;FU_>2|^Pd5R~|u-%SRNI7s!E0-VG
z94-11TXb~_Xio2p4kh%=12L0Q%+}VBi3!{e#D7*3oss(dxPA7u9mW}_5i+qH&C=<I
zKsyAA)afYtvik(tysWFPlhCtFwIsP{I3q_cle|ka)8Rw#eiw#^MH^zJwZ0jW*GL!1
zQ5s)7EjO$h9#)})EM6%Cmt#gVZpB*45pb+@6RF#h!1Wpo_%juv<~KOVwi$vJ<GLgu
zm4ErfB_WGAg&Lw*=!ZKyJI{7@@De<ie?^B)5irRe1Jjb+E!u<oUvlTxG(-5mryyuq
zsDvtxDP=^hwJ{}=8t|w%D~_8Mw>#kLXHzVEIFto<Efz8%ICbSkCXY*ls!jM*Xwt*a
z{1jeN_FQ{KUu$_FwKH^Xf{YWv#>h)=1yQI4=!6m|DVtAOk@nMKtSfRPR4Y@~b)8zd
z6%gZ&x1!df_TvA0G&aJXq2S}iaiHg5+JT8vwnNMu(evsBCdSWbhQ##>9Wc0)bcn(S
zYdln!K{5dx0(B{uUortD0ZNyJG660Nh4w}r$EtQ5liKl@zA^zBe?qG!V;ZP?J-HCW
zl=M*pHMCQc7{T;c>8UDH78?HD9MTZMkIQhlcbLA;D)pST(Aq7NV&@<@B8|Doz}7vG
zNdfv@g{{!dc$l73Pu*hp+#vqN&nMsi^#1*S(hQ7uDVDYQ<n!QG^~Y&?Ev`M6PNZo#
zXXZcMOuUG>ot~07e-F@+8{G8h2EEN?xGD64^&)22N#q+MzBOZKY_)nbNE^x%v^^<8
zF>w_cuWjH1)4RC!VR^$Ey`5zy7&6><Ng4B$MknM2#AFkxD4DK#S}QDvJV(rFhQl?N
ztcRFl!4XLr=BwJ>5E~MdtT)pF&(Xcc!AWuzB}&K^r`!Oke^n!lLG<QEOWjM933o=w
zs$zJ(+tBB-E$+MUs5+;jDH#{oxVErVZ#D!uYb4v^qO{%M<Hyt2y5yl7xwzci%I69E
zCnOzAAm`$C*>W`kR>r*$QZ_((9cG>PPgnQsdr#YUMqU!0!>{a;+7{J6FoUqe`<W%6
z;Q^K0G=rf6e`)r)ARdI}vm7GfdEMygyq=AsU5ARMLAPj~SfR%c4Y&w2R3n@m_%cY7
zcy7n0YhaRH*h<BqCm>;(wJ=MfKjPBwp_)unS}=Hdt>$D9ZVphOdPm35E|$=s?53Fb
zTFDW=t?PJy)XP;ubDE_?7HD#R6n=X+dVbJ7{O#^<f4c{V&-c3h{n4PiH~8-P{^<Gh
za1=gwu*it+ndptD6OUT#u1&5GFidIeh&!)UhhCIC=@O)MupN%jE~#{KesOeh^7iE2
z#pT(_(d&QgP&p@2@vGB!mq#Bybb<*Oy6{R}_S50~m6V|hI7!<1LS@o$IG4&%kmIBQ
z@JaCQe;?j=%4h6!4a+x-a_4(D<iyZR^TurxATRgLbcDxTUhPs{1fkwoUf26Wo+dub
zpz|{1-%*Bb7e&#F9v9)PP0B6{g;G;H8k|PjFHUl4hFm`21_e<RI|O--q&2*P?hVZd
z4I>VkdgS%(wTVa2+Hy{smorlT&Y}DAAzI{be<R@Xxa%p_Pi$^Lyp`E%G7|^vj6vcb
z1Yp_W`?yvfY&#)@0?n|?=6`R75YG{;tSlE9xthwdqzbyFyu@b<d2&2F2+N12fT`W7
z_ehE}xzUF*@C_+3t~FYJVQYkoHD$N(Eaz$9ci)ehgS)SU*zpV1`i>FO?lyd3CZSRG
zmrphU2!Cl`*>a?*dujzj27y59o*Hh5?mPv|e9tdoGgf{?#p<6~^F-waDPb3gN^5NV
z`AXP0>MB3bs2UQ6s0uwSt7NC7kD`JN1i$z00KYT!2RJ}X@u^+QNnKI0`r1;ObO6#n
zefR0;&FSmQqc<mK7nc|R_~B$T?$??@-igA#>3^FI8Bo6&fOkVQc|9>q59Zb<q7n!!
zklm@MeIzvTw5$R$2h`K2!(pI*j`9v(H013V;2Ce|P26<>QNpo<54PimV>@Dru!j4<
zZhc8D>b+Xsb1l?lL-Fot6rAFQPn!KOOJoRz8dl%tj;C%kUVya+>(-<&6mJ{|ZDR4t
z(|<C7sW2oA-aRnr`gU``+5%d41KW+j^p;`N%gfzOZWP~t7y{Y|nH;o(Pvk7kfN_JG
zfPjeiv#|QW_RnvMajX>*{<f~Oy&n=bc&>?bq?%HV|2}HTvo^6E^H{UcM|mk4S;#AN
z_q2t3xw`Q2-G6%b{^xfTV(?Ge!R<JT6@Sfs#;>bUVE*mN+oRJr{I5L4h$a!2x?H#<
zW{-wyV-e;*aopvpIL$br2O+%G=q=5)QjfjYpgx^0qqUVF?ZG31wDl>_B1r3lv)FZG
z`ppu_GwBvKLqJYbt&?L5KDL-eS;5%~zApSrH5Z@a*K!vhQv<M8n}pw`w|anPD1Tc+
zN)E>*d%M2n&C$il<%gqxL{5?8G8_k`iz(urd{^_s(Labsa!<{7G)Q<7YGpG{!*~?`
zB(}c8@g3|kJfL>bf6%WVeC2t|&W04$)*9vgxEP}VXF!<0%E)$1{mm)y!g*`i7Y~Nu
z-;X7O@}-a3_u=PZ%J}iZA`=?x5>f1{i@1Nfa!gIxkfUyhl5FAJRp4CIp9+n2&>B*#
z7Zpm?KoocX4iwiQEiRiln1r8k_!LSr%Y#-Qw_SzVyuBHBXw4v7Exip9-bO&SPf=~x
z6LT~8tS9MMC0F3SaSvpXh17t??S5M3F0Pv1s4S;>oAL|}233+{c<Ahs)ZL*0cV&MS
z%lnFl5JqQ{D1kRd1C#&YhsaLd4RQAy3bvjyWJ++Wrx&xSrq{t;j3%>*>0M-vd1>%b
z(hBdDvap?&1^s~|Wm2NFKwMQCO=+^p7F=ChTxbifej&KpP+;}qHoXU06&4ScmTZ%0
z3x{k@1?m9NHK-MLqKa`!rjfnx42^$dfefV_Ckv|2$Tt%Id?<yL!<}6Uir`nc8pB0q
zH^r3J3dMd`TMf+|vFm0p>0EKm3Lm^V_jqpNUpZ<i<;sLGshXL&aqwcNn#)S_>hO`#
zoce^T%jjG&($-i<lRR{CQSQmGY^pAIoiV_RQwD1*i`OREjRjik)5U6_bxD8KT(2CC
z?i=%TU$ad^guBd&?k=~Yp2KV{wV%6H_H(x(VqF45+VP`Uyq)?|f3<i76$W*0k*z{T
zx*3Aq093JdL%GaIQn%sK$qS~k(88u>+IKvhQ4@ey#z4JQLvsJ&=Vr+DJk)dJwYW^B
z#uabw?v-|;9_i1`wd=v<NI8Fvm}jd9HWY)Wo1ARshE(U)8nHbx2SrF~Re5$vPT)=;
zaTb5O6F%>a8xZAP;TtR_p6(4S0{iKGH3(-pF{t?V<!*71px_g|b9@l1FoVA<AE&pu
zEjdTYbXJI>N!Hso1G~9?_{(4Zng_#ZG~$+?bXI`*T*Y**g+4X~9Oi%B3SWQ=dn$O&
zQQa^9{%?BF_Aq$sB1A8PX&h4R?Q?<H@lO|T-&p$k>Fee|#iy@N-hQ}y*0mF%y#Sxd
zla3aPcG`d(?0grz{`ld|=`pg--o3v#{Q>{=^!>ZdxN2*LA;Z5!xSnOOZT$U;D00Je
zdOdN*$_8M8j&tW!LU(_BgI)<!J}Nhc@mqdz0x>+Pu!({LE)HgS0dW9CC^T}_<o8~^
zY6%pL4ZqIUfIwy(-bA=BHxF3eU$@M@#iN%r|KeI0nWq;{{MkcJ4><m+q%|FPk}(0>
zNG})^vLn(cpwX>6EWxJ0DO+TEi%f5k>APEg(Zj&sv7`sm8+w1twt+U*hJ!54bFY-r
z4DBLx`o>!tVv;E)d)r|i4r!N$bO~#B3rs)ktao>I>N;)HB#caqC07KD46(WBUI-HX
zU4L)5H`ocgdxL|6?m>Td)csB!4!XPjop5ikJNho%-B}nT&HK}2xHvuUF>h3jQZ7%C
z_B*|7hu05hM<0J*U;gms=ttYOb^i9ea!B+CJR#c6Jj%k^P=XybTo@I7e0F*PVa*%6
z^=|3d=ruyU>pZOoO^|Mlq735^-T>HMBXp-m5xO`y%V$Z?n1;G#wPLAY-4JP=I-9AD
z@-YL95*;&Q72D+QPJ)7#fQ^g#xYb32#NIuu9MZyuh{k_5!j}c(_rv==@XqFyhR8|!
z;TL=1tE&fAa7$ZZtKaze9q@JDOIapH+j%hj6asM>w7d=NT45YhG=vwMExH;@q=Mfv
zPgAAfrU^AlhEf=!eZ~*=Kx<L(TWg5>!UO^2+!m;AEA5~(^Qh$@=}~vPLhpmH)>rOT
zUQ+u*kotdJsy~PpH01ec7B8;7V+<Y}SYtK3a@Jnka-;UTE&C%JYMAl<UVMPoVcH`C
zUvpDv6-|M$e{GNRcfsqWn3VK4-{lRO09^lku2E}{`guCIR)yV(2c{o#VLg2gZy+uQ
zNOD=#K2lhSDuUY_*Yd%OW88tgxSNlMd~U|oS~Gvxdb^<c*U4|I)Ek0ZYe83;AzsBM
zhn919EY2nlV;UT+m+n>{<!p-kD@)k(+mqL)AKw!CEJe56`QQN(MR+mFRG0c7P!4Ah
z!wgjsMlr{)5SSo`&LHG6;`RLOyu)8p?{FNYgBdbE(?tIvgdz3D@DceqyxxM_Ujy6@
zjZ%Nm`E_KEGJI!HoG8b^Ud|b(Ng}a`^jlA7^eRkkwBo@bE-01IDr74PTY*)^KduMX
z(n!?$ooxM;6~C0Qnpw=*3=|<lC0Nbk2d&rd&Vz4|`AWRm;NW1t8O^gqST;API|!#_
zki}XSY3jp|8n3zqAr@G(&oLwDF;gfQhgp9DhtUklVVm}wbMO!7D`>l=vHU@tUKwjL
z;Cd-1v#YOBdIAzUXa}bwF2371O&l}&-HyR@2p}U@JW&YLMft>2yO+piq8-%WbdheM
zh8@1?w0)XNUN?HHb+tFvtoBVY>h%KXyLIWznab1n#)gi*#iq4nXsWBsy;EOzt4x3R
z@(iCk!%O<O#o*e+c$!2-#8p@{Qhs1mE!!91^OlGZA7L+&%rr{G0mtF|akuo=DAtce
zuMHQ{ijKwyWdKD&Jjqp~55KZ5t{0~W(X?c$mwlXqq=t6IUo*t*LyhpGj5?L9DlTFZ
zGVjt;U-%1x^V>)^C4R`#A|0fV?$LjiM(a_e2`i$6j-T5QIfIu*88M{@({AvtI9Z?d
z(b|r5suBugp6^IGKQEy|d?_+Dp;_PbdPE7p_Xd$h<>e?r(bL9A_?%WS1+=SRlp(s(
zLezw>I*K}^oD`xQv!bc(8e`DLtDb$Gf!zptNs1`Jg^eU`dt40>?U7hs({O+9C~TDA
zV(>7IRm>qnnD8zLmb{fP@lsiPP2i5=<Q9p+EX&~K@uRMKuG8+~&7=!mSzEcnUBXl+
zbCy1{DvSNd`Eom8-eYs5>%8mOGj4qp)tRWcmIp2I-#v4I#|qqfmP<!&G=Xn&SO2(W
zGMSX><Jp@4siYfHZd`k4-3Whn#nO>i$hJcPuv0trLPe_*EhjjcNo0q`fzOC*Mny#+
zf}f%b32nmee;zBYOxwrOQ?W(71=`>4l)bm-m1$ulPDBeKf3ohJ{s3`7x#O60`<CBv
zZU*Z3IhG;DR$T&k-AI8o9q8qei|V`~n!LGyJ?La`G-VJS&+90I&=`N|&KPX>!LWn2
z#$bE}n%`dunP0?sUaWeB5VCnw1@trrvOn27(U?8_>kF`sS2+GR3x4@;{~EkWuOO1a
ze>*S0Cj_B$c33CcmEWo99{<~{KLIm>KiJ0?XDNjA!B7n%B*|>X?OHR;UhQpr%)dx*
zTW#JDupX>-w@AB~s1AQ1%82}f`2#q+1Y60ukFOYK3KMyVX1Qqw`@OMsGVe%KKwJ5c
zW=e&Fk^3;sN6eYDcUh#@ih~BPY?I@;Gp&y|r4U09U%03R4h4N2PSsLkz)(%8u9hae
zg*uI6d}<#YUpVXiaC-b+;{;#U<hd5gw(f{N@`Ckj0S)M9Vj+Jzh@C|VH&^M_3a<2{
z%5~v2(<=Rh)52ajcz;<}jy`-id;jU=b%n09^p867$V(ce4*vx)$|WR@eU)8K!u%S8
z?hV0>8c7DYC|y*W!a!!6iE_!>BUCKXF%ze9)`MCojO5^k45OZskY?ATIK2&8-jAaq
zS23fKVGf^yIqiQeiII$8d;XA&hM(08NF37A@7a>-izU~vY)B0@jy(%kgpTvvk>Lz7
zDl)^rxhh@;&%fQVTXpFnbe=*&Krk>bX8k^Lz3Fq!)o$bSymc7F_PT=XMB9T#oXEcI
zJ|~;TBBn79{vv8Dj{bPULl5LdW=!_c$&aV!mp{IL^SXacr-6}Ju-^#z9khdEu56;l
zPH|%kHm91p9La5(;b0r|O!<rZ;~Z|I;PwQP<O*|f*Tc2cOG&6r2Tbz9kqcQMG(BcW
z2ohI%I)LG>n0%f<%z|5ZhG7xvi-Z>J8^|PgcK@UL9Aa#Pg^&&s4paEXQ}83;Y=-cI
zJh_a+yf}Y&wY#@}0Kw1|#6Fj3&GJ`8HdF0|w%=X;T>Nrc?Obogy7#yR_}UJP6U@aU
zVz195vY2_qM~3Xs30T6OK7fj*Y91{>xrvjnWNHMTI&PG7IcZ1vx$$?4O<B7ncKeFF
zm(v?bkO&@K#_B4JFOzVhIxPPH5;n%@>FID}JTZTpBC8x@`{_7MlmzA&SDZZCeU8^-
zILwFyN+T8^10C8SDv=K4mtC3r40c0~^@I2}z8K=7?saAu4nUqRg#h+}9wlH-123e#
zRJimM$O%`pA<~r^)+kECWDsGiGhdj!yDrQ>`Qra`&w0BovfwbGbdFK=CAZ&qf-9`i
zT!w#1GJ^{Suf%eOxS($jcXoE3?d-HW!6XGA70)jb+Sb3`{Z{{$27tlyFNdmMTuwv!
z1QQbO9m>nVm|o(>9rz`ACQjTL)eQcjdo-PP&sk$$d787##PXl;BKUCf?)B-rA1}{N
zKAoQYOb-QLmR?TLay<4ViyA|ZB8$|G>J5LSxjS44<CjG4(a1*kZMnEHveK|K{05gt
zRYdnCBHB33kx;UjH|W7b4LJq5ywxsm|3No6=SPvMmjnw}?lO<Al8{iiFb}>DbM^e7
zs}gLMg#;Nq+Av5$dzYpAcJf`?kG?<Y?|qa}MtHZw>{`+FO{ehiBuL?7!H>Q)Oo9Y2
zxuOl1Iz|COf2|~?5Ht92^lnqy|JR-u<C;EG5;en*OaY#48)pL&ND^my75IlkB3Z+L
z@4CY}5eddz&Z-d@TDe|W2*BF{<*8b=ei7Y8{&?0{qs|B)5uK(&D_inU{8hleVjpa#
zq^QqR;>WR?I<M0)viTetR<$8oyt$khJ;dT5IA(Ooe<jEuVde*d09dhq`OClUx0xN2
z2hZWZzFmnTgPK%@T_GqoLC}ifty}mstgkTwS`>DC>T=liS;MF@dzLC=`2<I0CIP&L
zX#<G*;@2`Bx<w$v^PQdU^KW<BY%nr)6RF!vRfLyg(BphFuH2R=^Mr^p4cF!MBrO=4
z3^Gp^f2xv%40%k2{d-voP7zunB`>zoqh-UQ9O3ZtC#>tp2?zZwOa@~!DGTc-@Wn_Y
z`uLPeZMc7MM#xn<fmIP@MTWA6s5&2#!`GYY<;z%8$7YG3$fBz&S!chXwEVp{B&=C?
zMvctK;3D}cQVy8>;!tQRv{6*AMTL0?XC(Y?f7vo)yJO?>eWa~pJkoXoka+&gGSTHD
z@<EzGx`$DTj%MvR6;zkS%@VRe!YGGS|J-<eL5Iy`7C%AX6fm`sJe?yKb90nd)=kJn
zLBfIvD;28&uI&<Bn+uu>T@c%g5(AvF$($%^;v&WWj9VSDS^T)udFv$LV2)wjl4VoM
zf2bqvy3kgqeN14@5Oo=(!r8c9gwea%voxtjh;YAxO~%x)GMPxzl|qMn1WBB>OY9ig
z9rx$%s0(_gEKhbrH>uuQ#uJ`n&nr1|;n(rXJ#y3VRYp;)n!z$VSlrj*$_P?o@(t{y
z2C_;+I?2W5rL%&TVy=X5KKf>b+9Z4Uf3?|Sa6YuXG+CK5wjR#8UZ&H2UFUx)mMcqd
zDUwXWo9Ifs#keS@*v!RVyEK*sFAlX8zE(FEDb7~V<GG5k@1lxfK_x4_0SJDbAtw_*
z6+8`&qh756@JWdK4TtGA7qkpl45c~3&X*CHmTrD17pPs<Qpcw(A<RF;eD5-Pe`KCZ
zZ9-@IlK27e%jiF7EXaMFC8_CGGy6(}CSC8v^ZW=Ote41eXv_a~Pk^i6;!&RXhu`cT
z>^?s{Jlxsc+0`#wMuC#$Hb>{@AKsr`=vNz3l!hpGzu!CFe|;bk$Rbs$A<FTC9xG+=
zE51w}6F}S-F_cD1T&uaa@&|E!e>-ueAyRc3_<}u`19k89Ta5u#MP+yq{F8Ssf2O0N
z4cK>3r{p@Ey#4Uz{Xc5Nz9X+wS@~`sr}`CDjH}-Y)v6QF%n|)#{*gz%+C7vPE+Jhp
z+sY$b1xU84o1sygM#%yZ(Wph2=bffcCF7qh5XxTal}YXoITOQaCo)d3e<9*^FYNvo
z+)`mVIgOyDY{DZj*@VH+mr6{ia8)kUryoE4X?Xnor@`K*xp^29LzeNOwl~OSH<=1-
zRJuLRwJ`*Waz*xKplOOpYS>X-8qT@6{4QwS+j40OAsRhc6*PDfN7Op%LoU#rhR78h
ztHE_UI8)u+yPN*TmQrxif1gR{8Y1#Ud3}#Ms>{q8@u1ba_K5HK2j(UXXOs)-hjH>?
zA|R<9PL;HX?e*v%L=^H$U&EB!CW+^R#j7j5zeNv=<B5Nc|K8HLz5<QQV`b%~J_ut2
zIA*=CE5gvP_Lk7E{O7U#sAhLBamm3g0!w5o=z&#X-aSAn@wZkYe~CTZ+F8iefLjI-
zeTf@d3E4tD7j(<Fh$NL2Y#>#W;SP%F``-@G3h3$y)>F`v^}@Iipw*63c50&j1+8k@
zAk%E_c?;BrN8<PA2(I7&2g0-oy#|T*^b`9LS>{c-o=<?E_H18kwB4j6gPK-jp`q@d
z;SerqyPhR*rngyye;QPxl2{6*T#U}bHE0;`Z2w`rGY}vI&hDTRmhf+4>~7z&Y@IMq
zF}E9T3VCWvI%^i`?5Qg9dXjq9jBy5EA?=C=+(kG;dU8Ha<Kcobd_}_9{aiEun{G&C
zvbhv9$w+xDmr*>>g>-ghIzeoE2eH4Bz{_Kok;pLaRhT~de{r_av-_E3uTPHOoWAp0
zKRm_U5JY-Q7h8cYCKvxQF2Eyg*<$xec*_=B1GboB-`JB{C+bqfbey&2h^=%kWscaF
zvA>v4G2>bI6EpiN#~wxaRWn9lZAoEkK?*yl>-^t+1rk_lkOi0h^|&}rZ2}aU*Rpw3
z4B^}vzT8Lke=;@dwWNC0Cir8FN$%x!v1u#Qx~d6XuO+iw<aE*KD%opjvvvBNaJUx9
zTYLHu5>hdRtIXYceRlfk<m~+N&FS&UyYrJ}6t36sdmI*bxF#H~8c%&SrWQM_64C1=
zPtBV%d&_~V8za1>SLQA*)>3?~nuf*tUdiQJH;Pkje<$(vDNYR$+(T6Oj&V#&$VpO3
zU=3zglE+r^=tyTje)>cI$9VRCoO_g{txlImDoOZK0^@b<t{RPhKnd?j2(N+;bYz!~
zMhScfytwcx;9+hj*C34#-^MUNSgbPthCCor7&K{1dfN;dBw&DbpDM}q#!guYXJ+0E
zqkI~NfAe5*I1Xjj=9zLyS1KW`Md^NXIX`R2^6|ol2lIDUG#SgdJEr#L6L>Uk@I?$B
zqU>C_mxivexfZk}MR{9I=xXR8<1#CXs2cc{A#8=ap74~jio0Znw>p<<OV8OXdJcl6
z-Pc-Q%1FCq<!E*9xXRreM$U&fM;DrsgM}q5e^cFphe66J{A-skrDD7G^U)7oxL$=2
z+&BWG!lmAA7;xxzu=ibiGj7Y8k#OK&B6RtK4WWLl8yBa68oZu-hfgxQR0y`{bltO2
zpT|)@D)PWN0Xdh*?iHi%HfR2&bDlP6BI>1K+V^K!UOa<X0ZxCc;%TlQ8$jG#&_qCi
ze_I&Y;*Hjr75Ma;pH6@LiO4lm48_R}@rEKyf+g9N<!AKeH)y`(y0c^kdRYwjOVQ-3
zSs!9-SA&p0lk-A&I&x%J+m84&z_38^23>i_FMs(f8-&1SYf`8*Dyr2p)9Z&h!guvf
zYDO(<COQyIOh7AWIhJ0F;TWDy$?6zOe-nA?j~FZc<zF#n+wy6?I-f@4afZBM0KIS;
zEo|o%`+_CetJtLTrym-Ddha3Xjn|m;+ia)i!U-=g%hVJzw_%Je#WyMDVY+>Z7hl5n
znI(BR5^9IOcZiYW9=d>jg~?zWsg5CB#i8IvvM-H46mrp#&^JSVQg<*8lPl_Af0oyD
z2vQHJ#**fIC-E6@(&<cwV@qjf5UVhmO&f8F`(}Mtk)~{s)8I-aifn0U+#oNI%gq{$
z>*u|}EQ`T2rqi}JK#07l*ip*u8X?CLohHpP6}!XTb87n2aZC%BeS?f9Q`sl)h-+i^
zXx7X2IIQcW&v{FTvHHZ<0F$O;e^ocqkjoM#^S~kgiFb+621&WtVaLgBl0IP^_(O$i
zq7Ui{Ul=55(uMG(94J#GDOu88t!$4<XRGmCe(-#8&ULcW4;>C94|i+;2{J!~pAIMn
zl$s&$e!=nebd<N_C{{A?fV@aJ7_((_aK^_5R%#RNdjaEa#|r0kI7W?G2_iO$BN3rq
z4riC{Pyrf$f#<>_8Y0_caIjG_Q&v>G03<=SON1F*7zevMMqeeDp>B4(>806WDEomt
zQdWr+0mL)#*c@l8m`lJKZa-8ucRn)ZtUfDVq*JmC_*5el8V4Oh9{Ah{yeabFY+J0S
zzMA1x=#Eh{nY0C_5upLElVE2N>RwB>|LDulY4t6C{1iOXILs-y&Q{tM{v_nu`uXUG
zo>TkMB>@T*+X0Cksc%~1dKyLAzlqXW4w+Lv%cs!*|3hy&!HfvL9JQ{6kY^>)74~do
zU=pZ9nXos=h@2H=CiF0Czat4W7S2}3F8w$iT<4T`Ve5SEEQN<>+r89nW7@+(fn(R@
zi8`u(eHNVZ4scry;q6<9z2nb$3#(;F_v3JI-R-BJO)aG%x^f=gl#5ikUPG4mXfhXw
zOx;97n%YW}S4|~~hQH|AQ!C63%DE}X=2~+EK2mheo)WKM$GTPb_L}%b$3f-lp{-Ej
ze}VN>2^`}9@eA+v5v|~8MB9=>dU3~kDe2&UgUHon2QA45+JR$#opLBHhliB2D~1@~
zHx!2SAcYHvw~wd<N3p)Z%m^cX3z(ZM>dy*Y$#l(xu`G8L$_U|qhl3Q9K4q{<Is9R`
z6AtObkyThUYi??ji$w!-k_-{XS6P;3J-HWwqv{AK$oJY5t>0WcA2&X^-S9`*U>u=;
zo5Lbde-_88(6IjgO0YgA(m(R)y|}yVipb5`@)~?|;Qgbs<Da@ay9DnGb<pg)0?!>?
zMG4vfcB?$ISZ+P_ln1~2`6Bop<FSnU6yd7v9(E^?JixoC8)6<{O#;pr9LZ+fs5Qg<
zA&r1kxR`H<@YW3R-zxQ5(*X1kj>WNm<s&^O7+3X4W4a~@ItS!51ECKwBQ|KJhTA|b
zaS~74u=9a~d<@T)Qx#$W<RmkEWftYvG?q(`@QeNci3NQI`3?Q(OcCjpL!+f*IJBmH
z!|&>fB1v?H<&!8iI=CeZd>yhtoL*h2VV6e0dlOppX|QG?T|not>8!X)@nzP3X1Miq
zc=McNTCWWaTMrlPhBNX-3<);~5|o4AV!^DqGaMlnWdZ_^cf~I<!ag_>kbc7~iBZSH
zAW^rXj>H?l4wkQ}MO&)CqmSNTOf=DRVBFCWjX*^AJVX@1cYSG1_cL{6Ai=x<{b%BZ
zb|5;vYlNsOXJnWH8`lKUI=LQyQJk)0kx-D05Eo+Y<*8qmf0Amb)NoH6RtYt{G2;W9
z-T2?6(QPsbv$;%Z%emIU6G)n&gooaJmGP#!Lte{p7%_DwlptwfUVuP0>hL(s5>(PO
z;|j8Q0iH@b$W!h5gd?P@#hc>m>SaAVuMGmmu@!d?w;(WrkJ?0MJW!{9V(tZwQWUP;
z;}-X86QInvkm{+#3n-W=>k%Qo0~rj55hsu9qXCCHl-0M8K%ilmkNYV||B<1z+9Y@?
zp#s5LOg0<3NhgZeD44_lMFE1ZNVDiqoMlQIK2FV-rcIkzNCJ=##tK&_IHU#j8C%Wd
zz5K?3dKt*1_CY%34Tc<l#KWIALvjxuw<65oY87JF(>SNeL=7YGy)m!FaHj8jE*p=|
zQlb!P{{Pu~)7{3EEK&D=KLs1O*pRTLwB#uV-^4AY?Y+0Vaw^-I)!hdN1|`upD=AW!
zgPp2E0sRUW=hp$w)Af_wSVIIOILNZoX_6*4x+^oS(JNN0Si={8Ygs*r!@iuTGXw7D
z3HL_G{nCkN*Jj1CnycZJiS@6*B?xatgplKXi{j2m9JfLej%P2Spd+++=BO|-N^JON
zk6?MJ;9Bk^8@{$hLC>{LsHm69zLFLa8p9qCLdE_{s^pM!Mgi4pw2~_~l|!FLH88?w
zZ)rY~GEnMD3%me-`oo*ECDd2ahfDO#Lc31d-lN+4EY|SU89F|?qP{phg)r1YP%3z6
zbZ6{QBPm?ozR{}@@-BK<)e`aPTfo%*;t?m9y>RA{)st4YFK^EX2?A~+%njbaZjTJt
zx0^6eK6TEiaWsW4N$4!_dOI5v&P?lU5Zs*r)mGOX0NdApY)8>dnvB^Xi_w$<d9AS!
ztu7^@Csp{!6g|qkP+G^*l86R^l%C_V6oCbdLB4j95_&d&1K~KNU%gkPGuU%Nom&wd
zQ`oCvM}8mE$cpbe(B6~{hCESAO@%S7MJjknaj1CyO5&StCH?A6QSavRAF`jrwzZA~
zVFF}(GXg|^n9R~ruU_`S7E_xQais2Lo!u5eB45rGBmySLx&q>haj8%ElkFFyjCDGM
z9x%VbbrO`{=RY4FH)BI}_{THCKc2t3*0cEjRqO8{JsG@VPjOTNQ06_BVn8=*(P1^7
zix(cD5&$W*DVS!wx2xR~hR=t$U`kw}KJx^BWo+ty1~U@j-2nKwdyER7Awy6251y<)
zBAO391}NQx!TUYBFxNtr>JD>YaoqLY*d;s}bqUZ7)u+M9x_meo6Sb{C$CP@3VIcoo
zb(G-rEUYO$L*0&uQl=xLib@IP+@Lw!p~$^jcpY*=Xb{3*sjqQk>R0V#HPXVSjEvF<
zjcgi!x~Y14S=xeVOTRdpWf)pf8s1I^9AGsAcd~4pK)6dQ<WR(EQ13xfC^`~VkiEs|
zA|Gn$;1>`ex-*&<!j+vHS6vF1JPgiOf7;Sfm0ZVp+Ju6VU)tQ(yz7vPRy9_j#F=sn
zFeY4v!S@xWeIs{~U|R+@;ajectr}*r>14EjLfm^&o4<<~1!cN~i9B&koirtxB}J<p
zg3>vQ;sBjG5#)q0BT9~~=DWnWMi)}1U0;h0lwmx2S(Q3$NO)j#9CZvzwz_<>Nl$(P
zoU>0{ovKWhhn_q8#z`##Ke*j4?kn_wv%YSc!uM&MjQH7>@<GUBojO<CFN97SaF1Jm
zBGD6H>l|U81Z<!NGLAq??xu%q8X9E7f+02Ond`QVPY^U+;&Aai$7jdT{LzJY{&gV7
zkEf@Tb{28jCB2yqb5bG;E;F`fBgh%7+9V%xB%v!bXur*{j#+hN>SGEQHcVtHo#f*e
zc?9wZ0_qw;A^0KEIBgO6Cryyr4Ev0KFDjK3?MfmY*t|dw^yoYVt#}Rc*%_@3fwqy9
z4^XlxTD2#>Q03Owl2>S(gp+FZ0u7Icyl3dnoxZ9Br+`^*A*V^q<zvW8fLEI=i_&Mf
z7Y?W?5<I#H=G5Mu->4;vpzjhTf{bY4x=yqPy4k{u=vARNm5J^Y$$IMUf>xb>2pn&f
zCT;Bn+=uh8G?>JM(iBf(vl>!zFyb3u)>BVlt4x^dArd$vorMWdW)8gg)}2vHmbAZ0
zh9#p;M$p9p-**ifA|a}#RL^S-hn#Dix0%+aGa0tQwFsl~Xb7gaFKOzntsS?SWHhoN
z=S4OP=?&BFi&ZboTMu;55j9GGuc>U&!9&ysZ}b6BsJO!ccfpQ>bWO&*=ElYWH@LC+
znfbs2O*rBuew<KfR#*p|>{MrsFO0Ki8=|buM?H3MtRpI`rp><yT{y6K9*y<E_U$XY
z0n6ye?#Aecc2%773RG`-U;+3=dk~M)<KKs)JtRC%@ltBY^)m>UX*}nD4V84UENXkp
zYa4xTx(zSlSrF=QZ)EkRK>}TNRt;&4P&3>^O0OZps~PUmGTp6bt^TVy+XEf*P+u6;
zibGqW8TB~B;#LorXqa6hUL4nn`uYV^;ZQ)59ejSw2gNID2!_lb@U5zkY_y7mKd^3)
z2e5;wu3)XQgEt-r-hg|55}GQ|sz7m#Zx8^-Ve5elJ&R6bb1Oq*TG`^o6DKwt>`FIK
zWBvwX<wPJExpRzQ7SxFY-wPVukqr<YZz$px;Rp}lBRNl{tv~p}2_Qc-v((9Q)4QWl
z+GY{o90U4+_`Z%O{LF=LLWD!ml)6<b$&ORgGVv`7bBerDMvNkVY@s)@^LnP3--@y?
z!W_#W@F4g~d{=~`G=)6^`SAE8j|V_vQ_I9xWfAznuR@-e{>A_G5Ands{GWevzT1%G
zhZ12sIE9@QhfxhUjT2J#>7^USOItPZpvDx`B8sd`#BT&akuaU9rEG;HcNswtn&gZ9
z2`wRL4wrGak%&)!w$s=K7Y2*ALO^>ko&~4Tz=Sh!fBluwN{EM}&hc=*aOV^;12yzb
zb$G=)Wn0|30~-z)1k*C`+}VmUE^_yGu*L>jF&@3DN-sW>S%LQ7(gKkkG3*fT6)-$+
zEYFr67^id=;>VnsA@k1<6j=BRTetD@MN6?$Zy|TgZy1MvBme4OKf_N);aoloB8iLO
z@?z?S!v4`u$FE<HhNH3gKlNVMf$#8CV1ClC<K6N8-rnA5JXTMOBL4z@kzM&l+dDG5
zWQi4YoC_h`g$P{2<cUXfRHg`raHN#DJ6YdbX4;rV>B-nxD;KEY*M`l7ff6FNi=>fZ
z)I!e1uHe#tZ++#>p_1lT@j!3248rZ&8&Mu(>Oc#nG?0;Q7O&L3|D)FxtY^16o30Lv
zKC?&0S(!rYSiDDY==lQ!$!-zSEix|NBHcPX`DXaHU`K8TCEdAu<;LBnsA4gO6F;{c
z*Q@2V<9F+^d6t{9g|1Jd-HcQq=DkrWoRh{L*V;;d^r#mYJq0tG*(ns0&nHie163x;
zQzA$*ai~o6Vj5qA0wRppAh*O*R%KjDp{Nt)l5!lMHYAT<Ya&HcVYE3i0HA&fY1Ibu
zfHTNPsT2Z@om9~QzFMxdYPDy^0|2L#eBj>bzMqHyiuP`@rsP1ye_KR<Qve_LMgxK$
z(aM2;_=>6pW}g%ITE)gvWtvJ1<-cGb+B5?r`^sVlMl~qZRGs@f;;+hcC1I9%Q&s&L
z@GLLJM6_fI&tTSL8dP=<ghf-&vl#1R|NVdd7dE%SbngcjdZmCGMlk>EJM04fS6b6<
z8M5*+kF1dEvw#ZV)Ui%~JGAz8wzpv$Eo{7hQvn-Ss~Y3;8&dGE8LZ+vaLwq(X^8OZ
z468h6t*s}OkYXxE%9|t|Wkns)NgDwrA}_8>-ee2?1+hHHoh%%<$;t~y)9U0TJlS{z
z?{H!3W%!lQIfyzerBW;f@RK-P<<XOj9>7p#@eYw=bcmK+Fs1SUa*}pxEF(rz|FBno
z=pZ(xhSq^2_W?&*QFj)x+q*S|#fJk9xC>h$!kvz7xD)>PLg`M{5KxU?)Thpl28RSE
zbQpMuBDF#`8SX>Ql)A+J)&<Z9rrD&FAjj5}v!_~q<8_V80fhI^){yp=ng!=@4gA3@
z4!uGskDl1P8h?EkM_&N3Jzbx@N?DeF@dN8m!fjk&w|Q)CApFSCI1lrcnwAKc3onKz
zUAwYWGgOc7bCRO{iIs0tb;Boi^1hF}|HJ}^q_X!SXJI?h|2)ydG56xdJcy(G$=1pJ
z=gR%psqj4TZ93WipzMDW{yXvpX<CXeO{wlx%pLf1Y-%6zYOE&?o)|T#OnfDOsDT;}
zpa(!}8H2{wTx*RN$V)Mq@<*(auX>d~Exf0p2-W=81t0(we8{Hujlm#4QqbS&Td+gZ
z%{j9pCmL|?D}I+87{rNX>V^e(4neT^EQJUZ-q?_Jh+OPW=|)iX3_s9l)$MQr^Ib`8
zib#R4<}RWq(q1}{gdnt9!TZpEEh7eA<%t1x5oO`}?jl)OW5z6S_p9bP$x>{eEx2zS
zZXvz86|EN2z-z|tsTn%Z^||;lKc;Q!Th9`5$`GhUpy3bSp$$ctc+{zYrcHsyQ@cQ3
zC+g1zeFfx69^2m>=v9Q1NDgH0t;o7{>~HELB01VQTU`F@@#N1JpC@O3XMg>4dPFYD
zT~q-Tlz>iXh!fBho*>uef?Hff$#mhy`dR`j4$KJA`fyTHBx0)3fHyL{owS`2VjYjI
zn@H^XfsQ1Q2P;nhv@b<QLBKHtycIvnwSDbdHKq8|fd?IUkOvRG7<XV&UPo1gAq?WQ
zNh@Ts^Rr+KX)szL#m#$vO~Bj>NIbCFr6FamZzK}LvEB-)JqSe5?)&JP+L&{xQYc|O
zs%>Q;)AC_rkN?%?|E99`J>LFRUTe5BcA?^UuHLY`od@6Ug)%&8{<{eal)9GapkjsQ
z){Pu(e1dqZnP=nCYIYq+SC!idPym#>pPDW5Y;U(@86?6Wyz@MN!hmPS8`D>BiCpe$
zKWy#4)O=WICukxBYTn&?M`olG{Kkem*D?eJk7l|P{7*eG|241jvMoEcROlrCvwW2T
zYa>OkyCa?Kf2N-(C67FVw^GUOjbz^*Pmf85JDMpN!Bq!5JZ-*s+_yffG%#d<WuNLy
z?w77J6k-pEGo){SBH00U-h01z(BiJo^E!BH)GAHssFnug$d_^u>ns*959iD+B%y{m
zxDht>hF$H$Mum6j!DO}F(WsBQW>z)Uw?inz8M<}|4dWY7jZmjBCw4E~L7fR@y%FR|
zaA1we6CH@ZU@QQCLFWkmLPvGWsE5~i>cMQRDQ}*ioPDx?UhR*@)_;iqh95o*kB%sM
z7wh!PRebQ)8oz4BcItqK=L$SLcg?M5c{^ntO!+gTNzO$Ip@7&OPZ-^)@JWOx!vh;s
z?K*YfUqSU6CpL(O#Njc1)i*|T;ZNc1Bqf0kf)LI<S|*?~Gl!vP@ckm_2#LQ-LtKMr
zLOqy@<N7#%Wfc0FFsQ`;f}KoSm20v<$YMG{M&I1>-lK6d?9#w-GsVoNl#@Elp~D>V
zm;)LG=esjY)Ty`?y9<oGzWKqe&;38YbJT<odg9}VV4MRCuNMxp?}*S3s@V{CCb475
zt~eexcY>Je7ke2*2XQdBSM*mSv}?`KjxWZrllJm|B)gmOB=>|#jMJeNa@_lY4j;u=
zP%I(-jjn>%<6x_nlNeW)|7Jsb^ywX1X3Z5|IS6iF1$-$DOfGmzsZXTGH(YmjFXa;>
zYkRc4KOF52w_k&i_u(_%ZjVN<=x3BA=Z&d0YVobjc`zNnT1!#P%JcYDC*Etbw&Rzy
zrUPq#XMb1NxD~B#FYw`@U0Ev;(h$oncE1RHGK<YCELU)6RI=FpwX4CC@9ro}J#h<(
z>ei?UEhMUw&RI#Y2CTTInPdb;yIb3@w}g6*xG-0uX`7phP7OOXELB6)F4rf&5tK2y
zwwH3U0chcHyrafKSv~p8g^=oXe^V<+&+8VK<YfU7fAi7k4gTMMuD1y}x%a4DYGfUW
z&jgc`x;p)CQOpJqvepYX%u9Pem}^(39uU<@kjaPw_&n_cp&=4Q3G2QY?{?h8&xt6@
zbAvhGq^S5qSqCUXq~Vp`K%yrjlRjb;=6fRb9OAEzS2r-x><L>&Z}M2(B2+7iE%2_i
zFK>Puf5vwntxv@!T_w665>Kkt)%1`s)eMhagR4;cs;3>r2e=z#-Bp%f+C@~1M+JQ(
z^dY2DJjXA_BJR)h@rTWh4>Y8Mf6Z8mZtld7IY6z@*?N}Czsi;l=wN6y^UU}OV_o?8
z$CrQ)02HP0N%UnhhzS|?8gnVoxrIg%Se%!$e=E>&_#~W&+aUaQ=>@m<8AM??9bGGl
zM}{hvVE`A2u?9P{!})dK&4FdSg|z-jW=w?*`}4p5>;EI2K<%+edj@Jc1#WNN&D4=h
z1mogIwm$77ZKPH-yMit>3vEqiFrBO^b*5GV6f}^8p$OowuH$$az1iBbm+lK2v<I{b
zf9g3~H&1%=vPx*;m`3<0{z3H>1e<DmLSFNg+FB4KCSclR;);?cp8Jhn4P)-dqv2>Y
z)~jQ!!680#8PT?)6&^G$WckyU^Rg`!Uv0>BMv4Q=z6r!r;c7r-_n@kzC=RcK0QJj^
z!-QPnS#+2ih?^1_{8T%MT{zb-g~s}`f5sT)YK#AsEql6aupA~2VX?9$W!ppH#R**)
zVi0E8%caLHO}G9Q1wNu!mu|RF??f!z9A{YxXCCzEX;ZtEiT2Eil@u@shVmnGln&P%
zSe~u^iuQk?jMc#0i32N&{0n&c?m%q0&~YvRA&%Y(2gpe!54BAQkI3y}wh4QBf03J|
z`S)}U2JK&q7R88Wz=oyKB%i62J=z`b@9pi4w|9247i>Ms{V<96EB(<=mjDV?fkVf*
zh+Sqhd5u1S&t|d6vG|Rib_hw8a_4q~B}fQwl(Y;7&(*mzxT2-1LoE^7*Az8Zfh~(e
zm{k!0nc`B<`M0xAAM01UuUd?mf0oxm;lyXk>wKC?$aduc(UMtkeN)a%thH2(6n&@V
zU0Yu3-734{06IB$;p8!;OYc-D<Ce(w)LA;VnFpanicixhQi<kMaje3>{yNScSnI86
zOGK*~(Z~S>G%kgU4-Qnx(!LS~Gwmr=%rxV=;LqNc*^ZV-_K>|DKakAAe^!3R0R;eb
zY{TYuTpF*ExuBn_sxAH$aibMniZz3H6wfa<3maS9TI6(VO)XGDj%HM-!aaB4HB+}{
z;veyZQ=_=Ab_^~R7kG;{k2Yn8{)!LtPwzO8kx=*;<nCQsb{M;t_Dr>AU|s8_YB>NE
z&8udA0HF^EHb`QjcS(fFe{K1`2Hi)&6qGI+qI;92YaR1FwHhfNy8r7^zh+#}3|Xsv
z{)hO*tTQ}fYb0~Av6~^s7Vt3EFCzLscyQMd-5eKn9x-d>bX!CB3;QkOV#awcM&-~H
zU?7RSU8qrtQ({K#St6?^am$841~mg?x+Wt(BE7aKZ9SO>MaC%Ne_G`(s5M=>BHZ5$
z8~)K!458^LUP>412YmwO37Tp%_a0bLvRnosh5ZVF5#M1ryLM*Zgzvc&ekpjx;^!qG
z40!SCD|XP!6G1ObuZV|l#JY*4*VKV>GDt^>&{uBLOX1pNcIts7sW8yk;hzqyJ@q#p
zi6UR78stUF3Yh$Lm+NW)7Ju|w`n!sS84qopgfSkOmOe6TB|Y<XLrO+<(dcj)5?Mi>
zOvxw{fQ`muvCD<v+$iwia)WVbFg()~3tcTQvr}2l8}B6v*I>Fq%bC(nGm(R)i(X1z
zfW~iR$d0G2CR8R_AT!bpA*7=>=o@OH;#`Pc=8AwW*yuh#)xTOI(tjd;0Q+=|Q>mm6
zsPQ&@|5P=*GiO$}Lv(7N!$tAJ&7DvO>w=r)QC5?oo#b%pc)@KNt0^V!boe1UEK9cQ
zi?ylXv}@)q5!~ZzusscKoB|Er-RpGt=jm`BI8ZB71#R#=^jS}<NIjl(?nI}?KV68b
zWs2TtX`r0{jaiyIfPa~WB!Fv8$S4JUn~gY3a7Oskq}^&)XdH|}Q1Z(uxt8sIHhmmr
z-NQltv>j*|O=`U4ZAr6xRM8i^3(#4&RRP8MO;}dAp-Gvz$eIU;yYuI-p>#F?a~h((
z9b@x!vVJGs&ab#ZY9wyV1HQ3#WdSyyo;V?h?2Rh&<fA|Jlr+8k+wA3@WP8hNyUc%S
z#(K7Z^|=??lb!&DTu({0{{U;z`Py;IFrV!_<|9vNbp{rDrI(koYym`n=DBbYI|2fQ
zFc0Aq%sn~!NbA6}1n1lKw(P~!y-I>4+H`mk5D9RP5U`VuE_y^=Lb`|+P`^X3+Uf9!
zB0JlTiLQpJ@tGO@QD9Q&%p5n@L)b{%+|iYBU`14c`*MPlAg<l3Yft<?!D@Qz);N%Z
zlbTYx?%<*hF4Bh<$)-DhoHNd1MBBNRItF&s3RyjX5Nd^76b6)=LTGl%X_Zj+*050s
z72tzuz^gN55{-gWMjmr?&P<(a`^F8zrkpa>0#dtGE&fkyD5RWhoa^bt*TEbwd~WP~
zJPYx@OI)!RY_qWtRo<{M&E~y?^lf=ZXQ8>{x#C&k_1?+~z%k8e#4Tw%qjbH}pW!|G
z>C<<9s%()|vzv{&+O$L{dLIU@rBAkzjnTxWeWF>{!$+&znN>mU7QJ2-G-`S+7G=KG
zzzwyU!L+$b>6q?@9jVtzJ66<Gr82IpRuWdt&X@r)Yu_w%;S<x}mt1ZE9DhWFUi7!V
zHBF!``YpmvcIlXD4tI@r5i2*e{UJWW?^XlOsSX-$bXzk!j6cLS7ue-I7o{yjO9XzX
zZa&yJ*>BT!LUN9Ds_UfOIk#(Lds2(Mb*-VO4}3~ytV$fZS66T|RZUF<tV!jc@7^`{
zY88|@x#5m3=!qIbM&HS>aevukJUxzdvv=PnLp0!cvtC15K?ZsaIo6G9%hHUI=WmFb
zcJx!%VW{gcR1fOtf&GNQc6}%)IOlxEatqxC#_0X0-%macNBc+_y$`P3v=qyNirDjr
z1Mc^%4Q*hDn@639D3hK+O`5h6|C?~y{f0Da=^&$L1R1qjlk3TaD1XMt!?kgIA={Z8
zwuR&cE&-+rz@whi+!B3}*mWI<pUo5edf@MX<2hqj7M)LUtQ{CXgSH>~72)bhmK44N
za35*?hJvpsu_2Hu$A$O>TVXee>nCAD5NH7D1IvR8Cv*k+<I?rFR7p^0aED@Z?!1Z|
zq?b1^3Bem!_E|xa2rrU)IGB}(aWP&*cRc*8YRRs?o0T={QKxMu4Wz3B&i!+~i+{2r
zu>Jr5gLY`NKbItM0V99cj@UYV>5U^a@flt-3g`c-?vJ!Wf;%0dR!A3V6XLW{*kF}K
znD`BP3|%_6FvjLuSmQl3z}ls}N4!Y)oMD;0N-IC6-6Y44&T_KDWCb>`##+i0^o8q5
z$_mw>q*IxoxulbpbGEbP9Cdr$#wqlawFM{oQat5a{?qxsgcyJ6!hPaCICa%fVRQ_y
zu}E3@2?d&}sPqU5o1LB(=;>}@uO@^;w5d7ml1^w&ATs7goP7K`d4F<rad>)sbo}xB
zWb*zj3m4Gkg$Qq1wnT7u?P6=@Id&*QNtx48$sQ6@DJLMO6s@}5n?++NZ=%Q;8ASI~
zSj|ziIEniD7UzG;qRz<CiEhKojN@s`IGwOE2^pHFo{v|Vym@LCsj@LIYtut%JAW#r
zYtcsCWwi@IaDIe+lBBC7ln?bR(iAO!Hnl`t5?R4*iF-SWE)$P+u?O*tHSV*Nq}(uD
zC!v*WUfmc*WTsmo$D8=t3(_QQLvpIMMq1vd_M>QFvdw>f*7VfbFm})y|Gd|2SH^5*
zrgL$VA&r@NW0kr))S`zQ$fv*2R_=h8se-}Ahl^HOn2EoECfeRGij&JrxO$FHA1+*t
zbZLl^HXCR`%hL=&AEV!X2(FDZ3^kH>!JcY{Sf2yjvdtEe#$=tN={b?dV7|A`-bR=U
zS-PUWIv;<)885DLw+?T4so^bi=f<5m*acb~2~Z*Y^5x{ny4fZ7B@|*4a-wHJw}Ifw
z$Jsbmk7tkFsD}0p;Q?w!wsf<zenfh0RpNS53mK?IE{3fy#{&G&xxQqWoCnZ|qEPwV
z8|sg#PtPh}NN|`ToQmQAZGQ?lDuO(WHtK!j&#ix)QZ&S^Z352%s&NJHE%f6u3>M<Y
zw44fb!LM$6-bzi~Qo3?rxv`pvmDee5WV7__7=FlD6DrByos9NC=EHM^gRyE#<+Q_B
z?#5SM8q5mpWeT%z%$6n{g|XdH7=>sGQy8deg&0OF1hLBvlfuOJg&@F=&g><&voqU@
zp?iPDsbZgR4?JR~@;Rd@`&BKj?AuaQB{b$)k<mmOyQNGgEVDX~`5x=u-pF~iI~on0
z?bp-c?s&dCv|o<*hr7G``+Ix4;*rrvmRw}h5OI)S2A&t(roQ?TPVrDU<u}4t1E=m6
zdl^IryY$DC4(O|Jc~nagPlxtvP;9MCB29lsdMe-PvQ}zn6zy^3aWY#R+6%1T;^Q@2
zJiC3z^v3|t(3@SY0<OA&RY0~>zrELO><YRCRlU1^1f^i1sf#X7VFkM-^4wt4XE!&}
zKEouD4P1CGQcgqLc<MZoUe*}usn!(QYZVlG&_U9s7r8k3h?7Hg=vq^?W=hed!jgY7
zgm^8AUC&dBic*zs6DnE622u^Ag0GmqmGH8ptgYK?*K=f26eiu%UBx-Iu*UDTNyEQd
zq)2Oxr~DP<X{>?DoDX=L@PcywOK~dX4HHE2P(UUB>0sD0pN~y>{zf9~F*DXD3zwd^
z*dL568Nex@Kv7NgBJH#({>wsDhDv|Bae*!_!ytx2GTefstnRR&CV=VX;zB?(l(oZD
zo=DI&A2}sA;Tvm{OpBTxh1InDtBQj+ZRS+!4mM-;IvS>ghDq%$6EUBp8D)h!xT8Ma
zIx^-Jk};vPaG+W8#lpe9$l|<=9q7Qo$0$R)=jZRCI=wTp=JqOT#$Krz{BnPp_%l+;
zhKR3b_{%fa)OvCZnbA;6`qrgqUs<zj+rM(M(vRJRGmL|w2ZMU#a06{U25Ea1d6PF1
z{xA-_hEysHftqQr1e*;7N)ZHH2jCi8Zf300hvTD@FCP$Y@iAIZYOsZ_|B9n$d+K^H
z&!ac<Y<CesXRsItrT8~)82EoM)C#{n;W2^NlyR+10AbPzP>u&nPHA$fQr5zuA6RqJ
z433QO4(&>4#KMZMg9JLZ;f`m0EZ_71$DD9xz+PFAdj)sTgva3pLS;h*P=(G=Z}qat
z#mRb9b2~idZan5yhsSIt+76E?#$(R2rvoE;VAO7fS&6wL?yA5Rag%>uRkU3=u|2nA
z8`3?&H`k%8)M@~ykPF8RH2cNyNLVR6mags47YE~$k^ogQI1@geVelT~H)l>fJS1^l
zi_i(2fF5*;{R9^d4LSBL$>u0YQ$|cKK*#B9u>9lk%Sy{5MUYNv+f6J-4+ijySv{cw
zJjF*n)IZ3xTvC<bU4Vb<dfGxtWfJB>N+ye*?O$F?rlc~NojNnnx4gSaR%Z(=y$mj(
zY6KR?m>{xnAWCv0;eXr+6~<@r(ZKfWm}I*3!Tvs+@VI01vw-rqube*2Zh2=52io<W
z3-QS<S%Xr`Kw}k3!Je#<pqXEtHR!BC9jrlQow9CzXwzn9wKIQz_iW!^4&o1R2rJS(
zu+xQ0tXn^LBJ)pFHKo+RQ}ZO1Ns`^ejAb-X8?AM&3Eya%naQZ4Wvu~jQni9g2`U1i
zCoN^)zz=-q)-aO%pkXJq`aY4)kb=Ve=saUbU|4emwxcD&KJ*;hPnK^)%zH!E52+<+
zFookMC!XmFQp6dc_0-(k(P0Yt)G(mJC_+?Mo-<4$ht_OPm(h0tAAd7wVsifJ&&MAx
zxXD68GRO7igQy#gX`luLsTR%l>nUJy#A=5zbaE!+Xygr4wm|Dz^RuWU=miXIV}?r`
zezOER+6GDdCi5#P1!imrCI>r0T|x1<H>Iwz^r96M&9g0asE=S16|-Z3o=DIgO;SRW
z=+(}5K>!C;3X~jgP=9x}+)H3hS~O1R^!T^a<Fh}8qg~`mXd%?GEXS~9JW-lxCuh`h
zl@Ho|H>5R1%@C7ra?lT{bSqT0o~VGqn#9IJIP3}NbAz08mRrH{m{TbiQ}-$flGI+S
z`7q?u$$3I?Y|p+4_b<G(XHI(Cdz0}%s-wzH*GA=W>5-Z6et%)?6Z0c8+w<0`h$K6x
zR7(My;g{=IobW;u>|AT=%xsA3OkG0$pR}wg<->M@AsxL?fOHTdgAkNTlcZy{gr`br
z7O}^Oh{@PdVg49|<2<YzZDQ1(f$${y!2|}05UNl(pI{oy;h2J>Ll%=LLz>Qp<Hi!L
z5LP<O#}B~jet%!V^fWvrXV}-u^{Lxg!7<$wqgpMK@v2@W2E8o+Z$Oa0y|Nr;kI}7?
zsR`So(bHzOD-+$JDl-?>UF0obwijS)Jv(+%i>q#<YaL{SH?r~d(`O;X;@&-GiA%N^
z2Y-I04D`zS$3Lwe!$8^!^izRS7zejbr!5lcS(cuzS!0gM1XF*|0O1nHh2A;XMC%aN
z5?N)NZe(<c_N2BIWkyxoh-R{t{#Wc++Ql@SN879EwdR|rZ=Tcb)w&6$+pG6fB3tt-
z3brZ;vM2=P@CGl=L@@bfy9Q)P)moSF&^D<S-vbcgNz>xpgg0%?6P%I5sphTJ4658G
zc`>1lb{L1H>i2&YsP{=j5|Oor5l(5fBe@otodW1NgX(aAnLa0F7*+oeBR8EHh$OR@
zMt<A%mr0C#!lZDUJ_fIFC!@gE@KjSM7=)wIPqHBjW@&Rt)J<LNTIgZ3*#jdwYKFj{
z1B0-`<?d5HUx`I{A6&t1emH}m@1ue_FYRFqCZ9i#hogTz1Pf>gowd9UeCI;A0eFF!
z+vFd=81Ks_`IuJuB&;D`(sOA6o3SNoMiq2ZTYks|fByPf&-$@K3Sgd}8xu-NVwFZj
z5e2jm#v1Xc4RX`eSeEPp8SdOXxb>qrbnFE_Z|(r)9j=sHzlI=4!2!#T#4iAUYl`b$
zbB4gTv?hNK!l7k7P*i~kW5bxyT1`g=)?#({u8m<@EcolNi1-8=1jMd7JvE*BBT;ub
z@F(p(PixPb(v-?rD{+G_P*;br#?Y#sET`+yK49ks<+FBN>fc6DQFR7FU{{%4Y!FNX
zTM6beMM=Fq;5Ds~(@saQ6mkWs&Y;pBk;`*=FYJH$JcPUhSk{vx3bF9=pnVfSCuK~C
z<?U+M24aIXACF&Gwd(H)PGY(s+wMnaZgex7R*I^@3@Q^>zCxb5FVPnIH6%;nc3uae
z`*-#{-#Ow{q4kSrCIx@F(uda2&3HKIBIk+g<CO^%%Ox^k)5inpejpDL_;tKH-rw8X
z8;yUrcjPn>boc1GA)26DH<Gm#GEp_Cpj0N@g3&hPve7oF9?Pkj+$E4SwIvcuPr%3#
z+fu2fEI#${E~+(mFE53a^y4BwDhRbXA@&SzhZvDCY<KaGxL>O1c{PVx2B~^I2HaF@
zFYX#}(-K+aw)bx7<SM+GI*@lY7Gh`HS5AK_yA9#c=Oi_%5eOv`AI0f^eJ9FMHBv&Y
z+hdY7lIas8FN4ys<f&}+gu&`t!ek9oo7HX1%*IS_h-dd9O@)RZy)9Qn=_JCLVw}}m
z#yO1>GN=j-mE@n0-)b+D@KsAN8rwlu{W%!oZUD>x7>hM9y((=!%1P-yizHmd%?5u)
z`r8*O6nhPKtJNC*01_k$KA43Lv<lIF7pZj?WO6TUxNm@|UC6@Y=V%js*n~7h1)GZ_
z<U-MA2wd%X=rk%EZZMiP5<Ki@C={X&AK?DG4Ai;U3=ub<_}G0hma!NV@IE_Xgq<Ny
ze6ll`a?D{L`x{{&hRH3UK8*6yL1BN@xNTs_z7B?PYWM{dVjU<me7DA8m&~qh=pQUu
zhK5|$??{m6M}j;n1+8b<-{>YG^SRPUyPA>CuZ6ov7MADuSHc06YoRrpl!Yg1G42XS
zGn!pH3q<V2o7lolqpFm~f{33vB4#9{qZ|QAKh23AcNj&>>5r86U_^r(`DcGupUX}e
zB?vCn_7s7IP@)4F2#I*Yd_)l<#DF*=1_D(W3!hCsq6SKK<VV9Q(xv1FEb+A+sXDb@
zQfo!6e!H)DIs`o=+0k~Y<9J=&#f53Y!4)1R*lXw-+rK(tN-^w?URy_BKEFRXoSYwD
z2v-;XcJk?CD+H(!AU8TP2f}}XE<p0~DMv-DflPu>sR6!EK0!86c7Nu^s{x$`{tTkD
zAc}480`5`{EO&kZu@U}-Uf2}dTq!(4zgZOu!|+H=DUs^ra)_R3GK<9tCH$44@>eYO
zd+5Tobq3B1Pp6;^LR#|u)q4Gsr?yS#kBBe_o`6KY(%W%sgqj&kQNovDe*qYOyl!8Q
ztsd&$ue`C}(I3TIc-#{C-MNL))6nP|^v>X}FMfe^km*KXP2LoYyY2pPTBKcKD!@Zb
zeacb}&UffWN-ukQSfo;$h%O%F{XnCXHmTw<t5x<85xd$rLsC)V?e$q(1bFHUvDYEz
z!lLUS)J_!k4mmTnJ?i7QMwYpMYQoBs3or*3v4=x1$?~s?PFM$#G$apNYgi<c=}g^q
zOlNVnQcbxLFCfSRzQ_H*k+KgOQ#V~b`KbVsG+4hsMN(u2kt6vSn5Qu?BPJnYut}7H
z(eksw4NmEy9&!kGHbf6QV&sVh{!Z3yzG8x^Ml%0ke}Ai$7Ue$g53nSE!9SH6-;jc1
z2al|SM>6KO2p{>N*PGi$io7f$MIa4~W%&K3R^dBL<oRME&DYL)!U6YYMC3x05hC9l
z@g4>r0&cGBTXW|U#~GqGNpuJm_~J0}8DQ2(0B+mYfg<$-MNkDwF_HZ;N@RZnNMyfb
zM4Df-?ii7d5$PC_XTXSm&>@}21I3D{*r_RIxLO=!T$OIr90#dPE_&H`U#CIPx#61e
z;l4sa#NUYcIHW%`SEi_byx$f%-j4tQ;l2f_)*Jt*Oqz|wKkBiM$EEvtZ1q6xB>8bv
zPJZk^G5As6o%>V354Hexpg!ue%WF-2R4t}8)CVY2mid4@mPUMk;FQPfbnHn>WcOSM
zkZP@C+H+AG6k}WQY6)W<>4-5<;qxF2{5X)Oi-v{p^ihjiIzVs_Gf{3tj1SeV4hXsb
zw|-0@1XohI?mvqLF+SyIqadkmL=fa$r#hrQ=X!}4t)HR8+4{aVk{j8elW#3_v4cW7
zC`5xo_KTR1{SFC#dCo`(+Tb!EWWS|6$SY%{3||CPg}7~us;!f=Pu9+Oe}A}*V-}mS
zDLN$N`5__CN<r&M0w^kkMcym2#r<?}41}3#S-8nu+6n~XAf6AST31R!L>47*7{W|A
zpi|+Be$)GgIG%guPF)XgDO2lvVZvwE&g@%6(7<KlUAmq`2h$!)c#$Q1L^ojOsmKv+
zm`uUgAs#q$B4XkxfaR=XMw(D5Q;Ls(jw$A+x1B4%{0&hRJIX$DM}Ou(O{s~lgT$N5
zm$!leJAW1g--O-lTTvkO8jYI6$}V2g3M65huAWd?pkVSCb|B4S9fcEcdUp^W?U*9O
z({ZMD<XB%$-=|}8-gHB9c4Zgf%*cw^Su8zBYpJIEWP?2~Gdeo5mccUdQ0E|c6z4&~
zITV6Fv;-(7hIf9%i%`!Qe5p(;vU8I%LnEfaoPQZs;XQg6o^xe;7rwoa9n{Z3i9+iy
z6V5K^z#e?hGHaz*0{~3^Ram|8=+&Q`@3zoJ2lgdb2L>i;RW?p#kOi=~DamL=$I@Ax
zeIBMb3hEK*Gqesr{KOA?U#;zPnM#pefB3=Ale4qWpH9!UM~yE%8Nb^;+&S9ibaOlO
z>wnBCuo3_yvc7HWEJ7;iPaj(*B?%eaGrvuH^H6B7*kMCV;~1^Z{}u&AwUM(gHuGf|
zEG#m1<KdH@d=<*~lUDWCKnjy40P(a$9*11WDj5|-=>w?U#>zjRCNa$RD%s3C+BUw?
zCTx8AcrNDvrGclqk<=1tZwCK?ZYIk)9!`=iQpJt8ruEHPMQJ<xdtP#R7P3;?HokVl
zN7%LFvR!NJS+QBg<K3q1Htkby+FIn3Yfa|-2B}fr({D}JdBB5$VKwGa3QL*mlQJ}S
zm%W4mAOXjh-h=@re}fZW2lJYVwHflOFIYvXSm{)~$)r7G;V$YQs8TTcV$f*nO+L2T
zDSkG3Zf~+q9oxEQtYDKSYz?{zThEt>Q-^mE6<1R3<`e$Y$ANV?>9-A+du`xyS}q-d
zBrFkFhqf=ivh7P6W-^{w<H@)g8>ge@o*^~&4E400FjN+ve^Zp4k~OUbnNpHF!czJ9
zT3T)ar)fE!EBvGt1YB^N2*=RQ9AGSbcpK0CyRg~NbgARu>cGLRCEdjGhhp_&ZzXj=
ztX-js*s>F`@7UpR;Sw+-UJ+S6_!s;R_*JZ}bTl};U+Av~-VCyh4FIJDaJI2sklRvp
zh2{;4KbJ||f0#}n9m2K|!qy6Q=+QW}R!D2-XOdQ$fASF6>KTZ47yG6OvwJCibj`$3
z><U>ig<Jp}iAN%#s?p^tODM7Ak&17KWv&)g+o@{Ze-Kss5QJC4V|XM~?ezmtwcWL-
z+O|a1CO6I+R_#+9+qZTORg>9?Yz@dn)Q(P1z8;^Re_gykIXwP&c3eiP9gUB-f7|)J
z5>l-)^)g5`&B|)9S~d#QYvz9z5#i|FxMd>yA#AM{Oj>2aTUSHRw!=^bNGLhBL_S$Y
z?OvFRxqsCTRU0%D5gw#5;}i2OHQ2i)TNHcG73*kAM8uty^u9<L0-&(?ufiXdWJr?~
zEs<OXe^mS7tt);NYj<y7?%izmrX^DCwroAOY%S8g^~coGjs3R3WiG?jHpkM6-oNba
zp-^8y!`++c(km2epsw_*<$$!@w>E5D-M)4+_CklFbvRlb<wqqs820kPj=ni{5+Ww7
z-&kyt53Cb92=OQ42Lp@EQZoeIQDYr7Ru5`Se~V^{z_Cn5@r?vaTE>cvM>;DebJntP
zRp2`?F-hL99$1+)_Q3jldT}^8J!;0z>9DcqhmAdRm8~a6lqJZ-1H#0@wB{?|<b9~=
z3NvHj%E;QV=LNS=R`-*I6Oxfnfih^u=0-7gV3RG>aPENw9j-<E>EUfD5r@iVZHajC
ze{u=4&*#=Wm?ikR%$|woc92=!Av5R_q%=crWi0Lu6#NChD6?VOIKG2*=$db62EXsX
za`iVdTU&RH&zgs$jQg;^HEbYO44G<N-wH0rfW&k<%=s>Uos<geIIxFsU^s#YfUnd-
zwGjL|MrH?CLzd-_kA|#=-K>`B+O29ye>Y*edPN%ppWZL&hMKudsgGyeq^Fm`LjC8z
zAATKg?^MD<Rkkd^LP;y5im+yXGp@uu5CCe495?Ed@$^hjW%BqEQMY4sksSZV4FihO
z;2H7O%yVo%S<*<gydTlyNoz32946W2On!fWC_zqh3$e$H0(W}a>1ow^$~mD<e?L3@
zteJk=zCvSeH0b#w_LiQ!zc}fXc4MWjLkqjggz`{8OU-Z7P!`tDhNMbs4`|8lE~4vy
z6m~RTcZa0l0Q=_;BVGKB-j*1f$A_cnefeXxv4D`*n$KPM#<pigt_U8T%S#7J4H&&*
z+8$Z}I;()2?aD%cqn%I?b<&}wf4*5ml(!?QI-;tM^81>eqo;`n%_E@lS1YpWSe&u?
zl&8zour))*4S}ij$}Z0+I_S`<=Z98FHwE{V0aN|sZrtLZZ3C;u8L*0T+mchUz2&uy
zD1<vh$7ErD7mk{o?W&qSH)G>;WYx1ItDd#a))Ss7ZO)Z0N7_0bukX=1f4B=_lxdcq
zKF%_V17u$pwg(4*u+=9=6bOkYeRIS|6p>dQOH~(jxCcv>DhLmw%xFbV>{Me1>jNs?
z`!ZJBW9{{paP+7FSl|y!KBJ?rN*$L*G9ev()zMc!jlM#2Z~)lVO0#Rw6R;H$?0Bo6
zRess4YDqWlp|x(bA@vy$f9oF>?-;9B+KwuZUm2IcpSY7lWy`>P6&n<|fAHPL7N_OT
zkxYL~-i@~pk9KyCf7{#t{g0QgPX6uns0uc%LfJKfIjc-QY1x?_a8-VCBiT^uGV!R-
zl)a3xk+M;d+cK+h?GW3OAr<MS7s1N|HhU#4=4!Cp>)!LGG7&v8e^NpE*%H}Ru<Px7
zdV-Luo?5T#)l$4sUm1bJp_+5ul6C2}eO<SGEmEaTV5vx;Z}0NjF(Hbji-F+{WM>gR
zh@QIhJE(S;oJcL4-S}8g6@42Gt1AAMnzgffSzGyJ->(@Pq2sbTE~}36tMA~&5B7J?
zQc*$bjj*hRLl(Cie=^;v#!baizZX4Rf@PzXFMJl^B{xI74WZw-RMGKn&yjcIO;prC
zY@+!_2L=h#HqvcdC*5xH6S-(wm*z1Rx`)l!F*O6-eCNuB<VZt=S5MIGnX7C)!6wDI
z$?<<u<e4ixumS}OGz<I~QubD_aAicW>iELo!*|vIx0&aPe?NwFjR-L#qpg@Q>&Z+`
zBnsW=8+4Mh7gP5t3E=u5eRgyg3fJ*(kITRDvN45*lSpajG7V?@t4ukZ#^T*jlUJ!=
zNU?JIf;Kg#E<wStPe~?`0UBnzK75*~VhCK4nl**F=;*YLPV4A2MW<!h8^xuC!mVDF
zLTLxsTa@g}f2}JXpTdn@I9Kp;s<)CRrxjw{<&mvn;`_j)+kVP4fHlQ4(E7KtPap5w
zC!!uEvsz4Tzp7<TF||@at(4bXGcomPD}$9uZ`~xr;yxZHAHPoC%WL(mky0Z#vdZLB
z*1n`g8%ccS$T2JIc7&%%O9U{X^V5(39;O_YP@EhGf6Jlg+&CT{t#6966z!83`DkQj
zu|ONiCgjotyZ$nX<pieOP^Kq_p(_*FVGxGSEH)%VGMTObpTbc4j>)_?^_aw4nG8>z
zdNtju!Kuac^Nh4hIEk3JK~M$~GxBz!)ssVZL8tnlRC4+*j!Fw%5t_<;->n^KX~1FV
zU~lGzf8^I{4Nd(OQ)mTwGlTXq@?{7*or^Vs+*x7PELwXY0fB@cn>Rdel<LicIjm-A
zMMn^I1W_I3S99(n16m9$31TR_(F`%SgT25bgSzkCAHaa6{+h4-1yu5(1EcVSX%&I7
zJsj<&1jaVq54~{xS+H=dxpQd?mjeT!(F>?%f5W*OKpm|q8>ME*#bx5pDC6G{@zoK!
zcz#-1&+@t1O=z23XD0_)u>3ighr`rZo?Gdwb0HoU2Ku=SWSb$xENpKE6LT=i^A&V4
zbGh;Amy<25!n+Z7GUzah%GwBFnCAKkUBR1$&fJalu&S`l(6%^aeOoN3_@Wqy1xak^
ze+i)$(Ml})Lbm#eL&r9s1&LhT<2}~8J{1fxD?sm{(gjT^7PgYFVAoHq>C$s3%_Fb4
zdn@Lt0O^7eT0b1IKLe3%_sw4#b77K2fs+ptiLP&53*S;rLHhUMWVsxk(F^%*78q#S
zlC2QjPJ!V3Ahw+EORPcnz!(X+?Tp0ff8r-_vn;q2Pl^&@t(+%K=2wYhu#qk(&BFx{
z)pMx_v`esplmCJWiv#N_45H}5_Wi{6lrdk3GveA?U4#zwokLtmeC3O|GmS5nHok#)
zY2^ABaM+7~Z6N7-nCoiUj+fPyd&p8t%Z)`IAHvuNRpTicOUc`;(g|x8Od%0me=E~p
zq3lncSrFz9!pktAVn;eh8FT6F5{hZuTP_m`U}@G|;aAjO0Ey(R4QFrR_`~P-pZ?=m
zjp?B03E$hd7qUtVVaj1(y^rVeSq0|bdbKwiftzlg1J?Kz|Frl#u(tQ;VeMEDF#wEn
zhMoWE!^ycB3_$Q0I#1iyufo-Re+c^Y57TJ;b1M^uNq^Ds6yI3?Ft*h{sps!Cm+5em
zp^ELcMDnscT`f>momoMk%0!89urc*A5i!1MUZPESyL4y4#Zts`7f(wyS9&H5&7_BY
z1#V2w#Ui<Qno)m-+zDPUxN(V?jjZud#4FPTQW+vniQR=GMVqmF-{D<cf9O5P8IhJq
zxNIj@JyWn!zZ{Nyu+H3BX>J8c3~CZtQzyQ4(rh?NN$L(I(ll@;ketmta41Ng*@=+m
zO}>f-?*j_T3M_O`W`U>9wSD6TT}z_JqHBzOFJ#V3IY^y6g}4;<)Jgq5+AeRb&&MB+
zPCovAaeDmq<oK_7TMd9tf8j@KRtNf{alJ)-6CsV@XM7!+<OcOz@f}oJaGqe^3w2h!
zoAF(z4rwl&OhRHyo&d+~;-#wUb)tr-YooBAHNIyvq}{<lKPJCZjz9mv7^6-cP$t~@
z#fuLL5($(<_~j}-XokFN+*4?iT*84x=DTY+^!V}@r*Sjn_#DW#e{Jaz0g~{WJoN5p
zEA(<Bs?Bh7j+~jh5O4fRIygt{*`R0dUP|YtZA9C?PP7>rNSrn)0%j1-wGd%&3-^zk
zHhipRP+K=J??<HfeATp`G*gypGX;+z5lEizA!(eOls?iH$#NNlv9>r0kBUTG=?cpj
z#V+1;hf!tl8^~^3e_T`VM&i|hWh-ITFi~JCM$GjO)&X2ZPJhTAK}@YNjONDK33$dE
z{*A_BihXXraZl<=f1nM$BQ=r<j7(drZsy(p-2}>}quzd;dP|Wvz}So^URE+eQX1gZ
z3OVhR0$k>_yqomab;JYm45QSh8F}Z~*&*z7VNnh~Y#|~ke^=~NeJe&dJOon9YJ7<5
z4Hn@oWcwx%B8HNRcum}OEZRT|#@nx|te)vqTV2t!$^=wG6j58#5{~Hf`26HF#fXXk
zq5aWlJqlC|0<}cw&<V=0%Uo$|&9DCxIHw|Cp(XMxVkRoaC8{&{NG!lKFXz@^ai%Nj
zmZvRZ8Q;+ke}(MJx}$-}lL)FhS?V;25fjK-vY{|#W2=V&@X|&+m1AGNmH)&Ylxkq-
zI&=18=By>Zxi&j)P4k@1=f~+gvmvR)TJu^k7)_VyTk>KvjfftR(#m}x+SZ>nYfb+o
zZ5-UkfTxNJE3ReBnFGX&ikQIeAgdodZ#&4UgRJu3f3&_c+rDD9QF?c8Foey_Y!eT`
z&^9z%%@B9}IUh`o)5#;-T{UacPlo`lMSzTWN+LkUbg|Dt<YK8A6v6805JA6fEYM4x
z1u984CL(;7lI)E~1L0YT_no;ITQ!Zk=-{B|2M4u5Z|lj6WN9G>4EQYH1gmTn;Pfq7
zJyk3We_^4-<6G&=FfN03x|V$@-ePV~UC)gP5kQ~mHgu_RR<KwmbWV0iQSFhU5>2pU
z@q{^_<V(*6{Yu%NsiV4HXNe-_lrRY^zQg)AA%=)<>uCc;RJ=$INmB~e9Y56ZLw83*
z9Y3^@oPK~GDlutoB8et^IKx$HDla|^9SRfQf0_nD%&H(}$1q+F+GUC}f9Z(-@#9V8
zS`QOlEmQQmDvf9gQ&gFN9>Nrz9l!tWBHN&-h%6E+UEF(UZ&U}Ss4}4gQ&b*^jJJ1o
zU+nE$y{rrQ#I^Ve#q%tgqsru2#vI9BBdQizug*c$9U9M$ORD^Mxr<A>(;B|CdOI0&
ze|TV}*pkZDw9iI%rm#u8Qf0sSWAjSIJGLPi%-WMn#nOGt#_(rjOzS`W<<DZ8ia%DP
zn?9#Gc}o5BT_N|%XVbQ}62SSCMRN$dj(+Osr;dJlB>L%%^d%Mdq<-?U83Jwy?{q`s
z{4(?XnjzwjcUsFkmBeX<<kNWo!?-!|e<z}2aZJ-mabTXyZKI%G=@b+dg4M8Ipu}Vs
z%}g<v931StnRbsaa<7`P(Q1Z9HH*ruDH_#UWv(X-ljWs|N66t)Mmhj80iivM^^<$e
zIz|H#iiuN%@F$)W7|Zd3)C}iZ#F_X6Vj|`V{+b3kHHSW#|8HVr={9tuZ{1A6f7(G)
zQUh$AOE8on*L{f;E=>>=50S4x5FO;yK~6tKWF6$RnVfd|G!I-F7jBql0b=7p@y%qN
zZ0z1=&`<+<B=DWgBjVJ8GYFfoLfo-wPx)scRoO`?OnhjAD2%xfER2i6xvY3%(!iK|
zcAKb&0j?Bb+8I@~s0~4wsuPf`e=*yIqt@1vOb?r~X0lA%>zgNy>wr2{w>T$;F~+fR
zMWmQHE6`lRmPo3)iE=Fwu&n)qnpHYHu0m6Z-T(-|tkv2P`UNeK!h}2_Lkx<5C@)*L
zPdemJ-(Y*?v{(<1r0F1dMz6r6KP`w=q1oPi#$capa?$z6<R#t*d&vV^fAw*2AajR7
z0M!_sl5-pPntm4I){XeKp19P3)<+qFS&OV;twAN6OQ)p+c@J<D9!VpS$Au6yIxi&A
z)VhHkesc#u1Xpk<!>!q*t@JV_T%iPR2)}6FY>BT3vjaR=r5W@~RX+=|YKG!<<WWZ+
zHHSQ^IT#~Jn2d!wunc0Re;J}~2_S<3B1DGK11K3-?~}W0;Dv`<t7w=VV?Nl9bR|Sg
zZin-WWf;tpSq!;N%n$v3OtznY9$CH6xpYFupFv@Y^fI{QE71+<v{Ew+<}&eTl&x!s
z`05D4v{8@iNj8`S%#PkMh=)i;jz^vYtdzwoLd~3P&V0~{%+nmTe_A(j%Gh3Tr6O~H
zVWK32-+^Ouen0vYZ1&^BPn{cxT#$m{>19s(WN}&~;+$|~5<J7gd^kQj`SJmeF6u)7
z4Ib2s<yYdmGc`kiTXvzd!2Fg7YKHUBz1gHZR13{&4mcxZY|nWl9VUe+hX%tywE$&c
zomdOFxJXJN)GTWxe^5DT_->)SI4GHNW?SF<;5O9-SLv*HKhG5(Nx%k<FM}^0PTe?6
zC#czxjDQ&u7Alm49iUU&dVdG#JOt2T-@im;5RR$a$^{}*;(WAx&ohwf&I7O~cz}=P
zHWE;oUPVAS<@`bo^$-T!fs5|IJCSdZJvDmHi>ns{YjXVif63X!@1NcuZBT)!hvBXk
z>={?30f%zU*Vg-$GGKwjUdBK`6ZOW1C_U~u9Uj6-o>7krRGOzP5>+SJ3^E0MJA|;|
zGwumk2qPcHhUn{bidHCMv+VhB0pG7#MGjp-`I9}&@Sz8)8o2$$!`iA_lne>CQ$WIH
zPYr0kg6B_xf3=|Kf%Z^KB#524E+Y5Jw{f>aUtsH<9Xb2EL&t}Fun5mqOYy%*2==0t
zFPz2Lo%LnWkWOLB;(q=8>)+>x@6PSN&XfQ6_tWug@#QVIGiZxAAAxDp`|H+_XRA!O
zMQy!$j;w@1X=y1$HJ2?ju#C~aqw$xWK7Ydw#Lq&Mf2AG2dcvZLhb(eYw}(6Zdw2T6
zKu7EGEZsHkC)yGT>;A&d+M}o-F$J+<KKlw8Ez{n9{B(XX5rO#R{l(|gPe)%4&*|sZ
z?X~N{Wd~=87fm$--zK-X41iTW6zl;^7HaC6OHPLF)s+(#rwUVx5?$L%N52w^ORj)I
z`8w{cf8WEeW8M?o!Y6NWS@aQu+4cfky!-G#rCdzHS30w+Ocu^5D_9v+6sV6nK-BT!
z`gzV6xv$bMq3`?b_fZxg_f^~|ZKjXPqg1Jv*U!Ejl4sB7F4Z~HZyY2svY3%rK@mpJ
zgo=YN&GYiCsk0KlGMgYFRG+GJbA7r5JV@InfBp6F>c<QN$1o5NT2mV&N3|O$-TZcP
z_=#?4L1drAkqG3)JBeQmdQ$)QfBo;sie|y`5%cgJId+G$*$hc{)Yy;7@06qCKQO4M
z6EK#EZ+`LOgN#p^M&`d<#RtuhH&t?>)x!rn`sUP0X?2(IuGk&9VHx*xa^OI@^(RMk
ze{SFkaW%df%TsfR(qJXEr1wF#(U|sFGX(z}kjfqD*8!JuBz>Y^?8WlHIs~-lOd&82
z?LC(D3D06AZH%5{zZLTm+0t0sAj_A9kY#yZGc|@i%`!FwMXMQ7*$rL%5$Ux=XY0wg
zDSQ%>LWjb@y0JCU(xZ8-QtQT|`&0zhe-mL=w1mUV5~iS<x<<COuswJiKyT#pq8HXV
z1j@qF$M{@5cME-Bu0lDf5y?!<aBE2^?E}Nuy_9{==E1EW#i3&_RCq7GK-ZG&$;rw@
zD3l-Lz2mvYS>9d;)-^B=3gM#s{1{hyyRd=Tj>Ik@3j-Mz@%~1o4^-SO)6a~Fe>t!M
z@y)_pmv7U<^5dH`Tq*Z~8l{wJxrYhPrr<fP<SHj({jR`DfF%P!+xBoe9IA+^mO|yO
zQ*;)L#B~t5e<vgK&Jn?2XtfHkoWSTkI4X2&jO}qEJ#k_6%;X!@CiyXyH|Fgs<lI79
zHJt_7yZ6o4e#S&@O1ZW|u)B2sf1H)g%&kFsCw4uL_cJKvE&Ou|w?%wtEl`LdXh3T#
zM7ReVy|_k5Ra>x>3Ik?3^%r{?L<d?Rj{ojR)eRPUyi?gy8$%*@(nch-diScV&`Y@F
z7pGgWfTG}<VoeUz3dMiIf?%sdA~b9dOI5j=MRra2tX%(>o~avQEEI=He_B0N(Hp-O
z8zVX2pBPiAOw=Z(V&Id1Jvsm5)0cCUFUeaAA9w+{9g@`CTvgroR{eAxWaJ=yotDU0
zn?$C(JRL`Iu}6%qu7#t@cnu(uqQACFe5O=#!mu1@r!J**cJlkj$@!Pl<BQYdzkE44
zJ?4Wq6|(akk{{Ht9pYZ%m(iU86@O=*IG2QDohGRaj|a%KcayW@{oOzP=}+wR5Gn``
zc*ah27Gfg{!AZhL-3A3YMx8KfiTq1<!bZt4$z*Dek(e>x_(gmMugzOP7mOqvJ;0^+
zue0s1EBeWx+bch?SGG4eO>LIF%y*j(4Fz-y8-Uz!h1Y#3!xPN{v20#&<$unexZz_R
z1fHf;QnAhhC$faOSK*887nmiKYq}^I9+@JYB@`4Q%4O5Gv#8X8`LKr67;4SKe&EJT
zx(Sj)a!exG+%>q8Z>;=rf`ID>b%s3R`|k8NDt+3X7u=$ffMTXYceKw|jSRDQJ)}R=
z5Y6g1(~dK3hWzTwnHs6JH-9p>2Dqt>CmUssz)ky?yO7l8V5o9A-hs(I{%%8oq<%zd
zir!^BUK5JTGHn_|r^TzrOAPn=P7tn6D|d|Pi9<+FNWY>+E0#aDn<3S&smpnqc*5g6
z3~r$8T_e$&jud66&B$>B=cpO0QQsljy0~Ra)0;?3ncT>h^c<~32!H4{L+qykX#PYv
z%M(2LY9x2~YHzR#mO>{Qk+P+@sAfp|S<&tVEc=0cENvmo553xK#J0B0iV*h=EM431
zcABWIZXHPC`VC#J#L|Yhvi4uWH4zGs_eY~4{CkS`F0~MuySX)ED|Mv%Ga}vFr@r+>
zj}`RJDQ=Y{17TxEjeq#wWC`t6<YK{9aQvwpYb_qbuFj!2rbFAmf<D5kxq^l=Lnbb_
z&TfP^-t8m~hIDV7K~ooot4Fc0zFJ>Twd{(9$Ns|b)L9UQ*zJ`spGWfBr)^=b#czHc
zc=OUO!)Y^Xm<=9Kn=g2esW@uvWJ^Qj#V0P4rX&#SkH0G|p?_>4c8n(Hf)RIE1)~xp
zm10YHhI6RX7>g6>N=DPVqm|I6g@o5}T(?pU)+z(W5~}4ow--)qUt9}EE&}c2h6&Iu
zg0WKFJ~f5y>oE5YbKhKcfVulcfIF2|?(7MbV(^0$d*4P0PaSBWi!Hrd(hGNo=T<xZ
zjT;6&T#~`z)qi-aY%6k{xp8J;$<DuWeaGqvgG0xVI9@Mf3z{xNQ7!S}J{`CYovvsP
z!91NF|7AEDZD))jTQ1kQLDmY{@Afkodk%(AeD2F^^+35@-`W{j3)fGCo$M=<&p|J=
z0d0lc*5L0Q`2MI%Jl@%<YLO42QQ{R{4|K2{lQj<#v45;vQJhSb?w2{j%H@YAX@-Rs
zKhi9d9jloU?!w6!r<4<!@%Nz<C$evp&t+P!C%(p0;R?M=TyL%$AjxdU!4F(dz(c&;
z!y#v==nhbYt)MGgf-f+AwZs%+e!{E@P{LBbt*;r#Jo?wq-&^2`w{(AjuD7*B)Mx2j
z8B^U;A%9`kIc>v;5MWEB!(`q@^ke24fr&k~OI}JQRLm&kKn;wV^8#6R+Kpx2ik+R$
zpHDx1m5g;uWt!2mZ2BZCL+U~h6X;2|3*da0nHX+S*|H6tXKPuiEL6&XU3hMKfWx^{
z_G~z!#IG`S!ixn`Km3{=4Gy60Z9?c$f6W_PD}U+=I^B$vd=|@a>I}ogFKFC~ovnq>
zGlRycdM-rzsq$7KI=cI>##Zld*n-2xOLdev@8_*^OXRAN<Vrxg6lGCop0-oV+f}pu
zuFUff;i{pUgdydtiWL#u=cNx3_6G7FHxYb%Lo)ZZhRXk1RM8ov{#p@=Emv4g6GM<(
zS~C4G*QP&vj36IAv0!rzVRH@DO5+y^E>X9#`t(MbIIA~z7I+od#v+3(8>zRMI@k7%
zmky%=90q)(qa<&HmoTFN9e*BKJzI-K2J1tWW(fUR5w-??bw84J!~K<Wz6Uw~x@AD^
zc(f5vyZ8FFiYbnc58t1B6p;j9YqcYB_5-2Zj4jiVv@IfOpON0y6JIp@Mk|al!UTmi
zb-dsfvtA3=cNfWmR!4!Tlwbw)Raj;Zr%(~%Jab&`^P#$wX$!{iYk!n1fn$sGHqZ84
zc!H5LwCQxY7H{XtyYUK^O?+q=?Zcglh3zMR?cyn5L6TG9vyk$H@J5^-gj_})H(MXY
zyAL<3iyswGgD${A^xPK?)TPB@gRjuPo0nC#L<eSVLq{tRRmZ}1ENo+0*y8rZt&r*i
zpjbLb1H+7UU~4JZs(*KR?wU7u^y*Jp;_=RIRf}xWtD2$MlE^$jtW3!l6`s+ayah9&
zwJL+xm>jA!E>GPbu`<DC`eAECgfaA^VE}1`;-rZzM!V(05#ef5wS-AGX&z|;q!>18
zq|e4p&z^;-jn1AW&}d6UaUWU~HB!+R)gz--3r&T*1{W&h-+#NnP=g<Z^h))-Xw?E;
zt7%#Sp;)v!D#|&tCq_hTBfnhx)pgvhiHVx8D8oc`7&MU3bW|A>T91?Dz9i^qR7(=H
zYAsGlQ0Q*Hjs%rxU=OUSOq2KZi((mo&m=w}F>r%zL>iKFZV2%y<hn8GDNjp8J&$Ci
zqlooP)5m~$=9fyP0c0p+L^da~S)dZT3`6o>zZ~uZ|AMbbS)`fMkX=$UWHWMRN$AEM
zviY!=)};YDEPL&G4nrC=^$M9yD~S+I;E!|Xz-5V#39|s`=fjhsh-<{d4u2BzrX1+p
zjh8&80URi|m|G{FDRi%{oG{Y6;o2U9oF}qv7JD1U7(9eDWll`#uTpH=3*dK`fTjT-
z0l1f-rU4#*?$d^}V>LTg^QSEFcxSJwMNV1G%{fh@jVO4&4z|5aFE88E067J|SY<Y{
zDu6g=;F&*d$-OdxXBf_>XdBuR$)2#sUC6hhh*bZ|v1#U0{p8oCY*R~Qcjm+<2Aj3`
z#nv6&uT5B3t4H9hW(s6CRXkzb_(>hLDkZ%E30p}y`_#%LQVPWK^;=1s6tbTtyqU^V
zB~PZI?a!_)=esjYo_MZ7^)k&<J!PFMQ_1Nwxo2%TmG6?*otJi}0V02g_7YEB%!|YU
zU$|0(yV3^BB5<8~j_oJQEgTL8GD?N!2i9d0ikF5ms~I|R2uXQxRDH*p>+Sww8bL!6
z&kdnBWx{1+gi{`Rh;XXBa^84tl3vCRp1HTkp`F?uhMN<)Mxf15hz{HAu+3)3ufsNL
zxf~s~*)(jk8?fHtgAZ812Ol^@J@2Cp3@>a@;DWV>7(D;?kHgVR1O`uhH+F@_TXAUn
z5jRM4d@NW(MPL>rJ|-R)vUM9YF$*$Pb*#1bmbUPY;hNdP3T}OIT3)-$hCo>zO!$nK
zZ>Rwxf5Chuh^qrkoxm$(Wi(xDh6AVK;Q1B_JNW6;vZvyy7A$aNiEpq7d}lRW1UK*r
z4hN^1?v8(){Qd_*f=fvEOg^7jb|gNIz6h1JZUdSV316cr;duSQz}(JM{GT1i&SHs$
zTUYLT+t~R@M7=)sosVj!k}IhRSU5#(9{&bcf2n2PQ6Z~=)KGZi#Fv_kZexT$3@!~N
zZ3=wRN_g;GY}vUB>jtZ=_AWIsd}DnP|CnIb4*vFTU^({enl}5*9SGr*Rt~FV2uViB
zRqEU9Vsb!2W8`w~USiTa)}QmP6++tSTZbaz*y3Lt)A%GBaVoh!G|!09WdXx<8zkP`
zf5PMJ)`jV+9(GLDPrY6gSeLfz!8s(}VV*c(zLbkH;G{7kJ;IUP0RMUhLf#cZK0EzQ
z(j!drFVL0fxtG!h#483GqS?p#N+kAg1lJX`&e6~{0Vd3grC_7LkR9#(e;>lf4bNe(
z_tAsA30!>rCEPfK-;LL(9hLw|#i<=Re^66o8R;jnHn>;A7VQP@2&}%0q-YmTIJ<_M
z0Mxaj!xuML_wmktRV%M2&*1J)dT1hL7%nWu@e*ZdO@VFlxDES?EY~oa1uz_1df(Jm
zNIOpC_WS+#+=`OL0&XUYeXW#9t3We*{<Ib7>g3NNAE5Dy!$i0;Sk0nH2y0p-e@Cci
zDT)4bOFvY&rqBMec0z-_1oszWrBuQTHxhA?@P(#MeCt40bzI^onWDdpqrd4*TCxZ^
zc#k5&RKge1)S;lqqZgwQ{dJ)1-Gy&2By)jb*#~|g_e2E)LVEAR@#*0olaJ@4v3lNY
zMpa_^!QSq8oMmOCIbJx9I3S6ff4NcJ722|Ow3+JqStZjAX;aq>B*=)I!N$R=w?u4O
z%QC6+Zp5)NTyx1dq|*1oD=|GkFl4PDL8+14s>*Y}8H*xxehY$aQfzSA<fYNRPSN=4
zmY^J%-I6tt9Fo#U+VM^p2AmS(T`tZ{*)uX_mRve-2`R~pBsY_FTHp~Sf8nM07EjD`
zR(;OC8%RP6lSN>%wF?C5XUdP6CfpL*I8|{>$ei3J4{b-GiD`*w*`QER%)@>lX#m{S
zB!|)w50yy<!<pC<Dolysc`!>Bbo*P`gKy3%%3OnyHiwcE5ha_+tg$WQ6l1&AA!DL%
zg;Nj7O`4{Mi<C*STbSYrf06Km{3rUO@;O;q>h3={^JNa|#XHkQm9fP;J+^>15ntDL
zZb5H?5C%92zf_J};*WIZy6?2bt{6=!(Jr32U<_AQ;=?nqT4UG_2}^xrozTj?`|tny
z-%&vbFCu{mD)TR;Ht2VJaZ%#z1=w^B7JbG*u2N>_!r|lDF(z(ce_ogEZSf#3ej%LZ
z5j2Wd{HwN;&G(woN%)Aj_S*}{VjOAM0`nxpR3kWgbJ*1dMO57{RET-n^24;wR<F$A
z>mz1+rXRLbc0k>$>sV+YxtpYt4zxPe&yEAFbBXZ@ePnM>vldEyOS%-FDJroF2NW2`
zc6jBethUv=p&}<;E~M9A=3$-Tswo{qYR~E3nbT;7oI6VQ$K>}+DBZN0K#=Y%3NPsi
z7w+W+V~A6iHLU?HA8!N1qWOx?U*HqYj<c_tryz*=g1<~k@;Ts&bu{uLmw~MT8V(Lb
zP{Z!z-0@x8d+{$5m#M7*9DjQ+#wnd^TYq(?)@OT#`;C%#F&qU<MZeyNiq_Wm%a@ZQ
z>%afc|FTZyOsvmJ4-W1IBU{Ewzba>?3(7k}KoN{-a2K}M8;=GeY7rm6x8{2dYerl%
zGFnQnA;N0{8U5TfxSn9E*>JUB4ea@~16eaJC}`R2l7$(-`R$M&uzx+A)01ejd<324
zaP++F=T2oyNO{21Z?L;NC3Y5cf8F-2ZA-q%(i7i4VupGd2C;Zug#JMcZ<gu?ysczl
z#kWa9d$!sfp>Bw8(Lh{Ur{|4~)WABCr@e(ZmQXh?ZIK=#ooH$ta7{v=dceAy8q%jm
zkf3R>vN}F3-woCM#(xbwq8%L|=9RK4MQRG})k<J`l2X$72CI}D?z*co8GSA^90jE}
zoy}fEAWvJG`UMq+Bg^sJD;M@8_WZclb%JLgyeu)DwxpU6K?oC7!r<>PO*zs=`(|W?
zq;yI(iN|N?-N0c*2dy$Xt%0OZE{T%{9n+9#u*O>9ZlLs4&woss@GeLjv+-P!X@_d=
z^{qeq!L2{MDPomr7N``_n=IPr#RqS#@n~d;ABK?$^x580{8jjQp*!Pe?rdu;->x+m
zCSemP*W-AsmWF;=Suy>G8C>mp5nW~wcFZ_T$<Z=5=B1UE2>RyKa|azU$f!Iy6J6OV
zFxYA5YuBYn?tg3k@5SravccIa-g4rQz6`iMFSx3|rr}Z4*9OyPj6p4CtXH-Kxpsb$
ziF2i}7Eqh|Db0l8(oq)x=z>(gkRU+9@r`xz@$2OM$<f8+!>2DF&$VuJ7#G|A%mFZ|
zD44;*|KjOc^(JkO(F;kJcj~^ex`UGLZf|E)Q#hqAXn!N!d3pik%nY>#^+(@I`KGC0
z)6@=*vq=_^aG{wxw?X)=v+m^=E`*?^2KRQdsSE3y<18^h;(2V8*q=j9?=*W2?VrZB
zrupuHS>Mj7_dU5U?Z%2qG*Si${wA!?95~XJti%KLUaGzGT|C2ESz7K+s6Ji!LS|hW
z^iJP(OMhOB6p~t(V1=mw>7>+><miq(HCkL<G$hgDQ(`9Jx@SraXUSbIMZn=_OwnNk
zSO|XR%;83LD&Lc%r~`f<5%`^Osy=m%(Y{F2k;XmpI<6Kr4Zxil53DgcHKC)l9p5BK
zw0zqzbUYe2l{+~iYN<<B?2fXO{1$k;_wPp=Yk%mk9D)+Zp*u}tSq#DYnf?uX)L9`)
zE-&4gi#SH&&!a6IXviHGoc_Qf4=?9TfJitCoL-RCv%L+`;0_J$(BLM>uS0`tx-j(}
zEw3GCFlG3=70qn$!o)G;`WB{*=$I3aiXX`EyU$0E)k|HybOybaEo{d6d`*wM(*$VQ
zLw_bm>$6Y=5s#7FYlfgZRJ8zAEnixbS~b>Nfvag^t!1F<>vB-lEJK1>Q$@(eA$=W`
z`rM(^=cKLmL<Kbf)yat4bNnm3DgtF}8yZ;Hv68=7AP2aG6gFkH6c(w3FZ~;t<y8Rb
zvRHAX+~pViiU`}Ms%nz>To;Ha>ioM{+JE#ua5rC==K<9Mv9TW&!oQq|PlG!%kO=O0
z(>n8}+_x8!FmRXO)I3b}u=*uS$iJ9s2Tf|CYiy4>O;byx1N_F|PKa-@?sa$7Et-PY
zbo6OQpO(w&f%IuBWK#~8mO{71{aukfX$SRK432I<iMB#IdwuJj+4+_e{(#-B-hbS;
z4W#PsDDQz!-W`s&cgnguz8Y`Khq9Nx`6=qQH~y<BCtS4v>8r|0rn2RX;T>IoPeYzD
zaBQ+3m+^GC8phhgb^p*=I(R^iC5(}M=dt$A@Gt!xOW$j(u^ISv*msL8)d7dOay+xi
zgMHevcV%n%E^&po`FH?u9_WpnIDc8TM4IK;iy1(?E!Z+xXss{QRhdjTp>u86(onyE
zs<&<JipTTu(pnCN;xb!x;gS*;D>DQmqtUr7k^94SdCa7jY%r=uMDR@%?q%7jbw;fp
z3M$H}%VlU{DrhJ;fUUu8QVHKxnY>S(A>SD0=-UTw$SZ7V{+CInp*ciVa(_gCYL^?u
zt}xe^iBCsjr_R`qwLqw4SYmV?+{*T+%g_~eTq-*BagAN-;!3_+Ze#*Ld3=YzB_cjC
zr*&Dk4sdJo8040xk+rk+a)4cH*S4(9HmrrK5-B|`d+4T5=|!|&nWYu$g#EcO4RNg<
zmopJ%rfW6}!Vs?4FCm2vGk<Glj+~l7)Sb-8w`3_5Y+Bf37G#~anZ=ky90azaOWjL#
zk+{Q4i@x<^;H8DNCOw$NAu+7J`mF%53O=U&<<6uc6HuK6Jzcj;J_)?2O<aP_*wIOL
zpW*(L+cC;-YOZ_C?`{%nPPS=?=5<(ThlMslejOHC(}k%o7Fu$ejDM`29RvIT{3p<#
z2s;4NfIn=8)W6mr_FO{*HABW7=UKpcnyY$7B?yD?{GhLNyKv6&Xak%x+cpMv#?E#_
zQMnH6Yz^4?tn{{?be`E`)Q~)et<VJxruOK|pw)dL0%ptuVq~#E*lvP7pWsq1mn1@S
z{Y3F&na6`1mghp2IDZILUL9xk6@NNIqEWJ32BG+-=}_jB5~bm3;x`N<9$hD%HFG_l
z+ei`oEkLY}y@0y4c&82!eNq+taX=JaZrBM;jR_Go)UcQkJ;>0Z=1VryNO)&?zeHw_
zn!?d^q-aNqmdmP)6s2)m8ZX-Vj-(v`xegD_0Faq!zBp=e9e)V9{bFZ#-8}5SOhkYf
zgwCBKt{)A8d<M(1C-!#A-eC#l$`RWd{PMXYJ_5RkMZzkoJ2ylJ+EIcHHyk%)kFP0b
zUA4^U>#7#|ce$#XgLEPM96M6QHTYN7x5)sblW~sn+_&E1bz1p^$@s;K7xa&w4A}bp
z16k$f@IctVoqz48Ejrgs^gAGW_}>DN+smcnOT_y>>5oDY?zCBiQ+rPGLT7EAYi>f%
zjLZ*Zw?B<icH@*&qz8vje;8CKXJ!w72uscy7@^2@1`#Wh^(K5RVYPYu;6X_3&UUp#
zZPi+>xL8TZ=hbzmQ^_@KYyk$dzJ=#zV5~3_n<q@3g@2qkR!DWk_3l2qI)(jlg*6DS
zRJ1wYqMiC`U)io-hH>YvB&uf0MGSYaM1L;QZ!(=6MTNAnT9nO|yB2x(W?+^sCp(Lx
zKbhH1iAxilRIlC1JpIlV3IIpyZzB{W7Rm*`=Gq+l25;RA<>*Mrj)ZK2{5le{rVG;m
z5>nW8&VN;j!=*<Iq&O;41XBDvXYETI-DWJx*9L)-P}tN2e_$Xs%@B9TOs-=l#R3-*
zljV!vGJJAej!*J6ugKaR;(Rab<m{6*ezm>3mzEWKJh~Pv7(cBcI9kmxO5eG%p+j;*
zgx3U&@_FlTJy|w|Qz{AbBy2`O(5T0O_$SuRWq;MxE?OgrFanHp6~MJYct1D2AE@J$
z+5$3KnQfsd-)1<qBXI(F!If~dApfNrWm+@Ojw12>>9CTG%Q_UY&L|}2k5`dcK_U++
zNki1GR0ySvq#0W0RhnJG7%t2mfjp?x%BGEy?Fhz>U@VtaM=)+ArjB4-C!HTA7`F>s
zIe(f2<Dq@&<es8RD}R|BPJTNcbsS?U$0)*Bm|=||V+0J<BJpB(>8Tnkoq*i1gKDPS
z-SyYBj5rPE8+1ge$H`YI&q#rJ6$}2@{S#3wrbR7U_0Ed+d__L<lNNrflk%C?xr=0y
z^DDD0X6pbXR41@|H%(OKOz=2993FDe_<tb4ORh~N9p>txq#3nTJ&|#uGe$H`nB-h5
z{r%DIh$T$T4l8RVC{10Jb$3sy>z-8CP9L8}ANM+a%<1D~SE?iPIT0osDOcPn=F=#q
zl6Xs1Q=<;a1uebUx29XH>}VhxVv?7o3mIufrVcyO@DWMFT*Sb)aUf*ag2n3_Eq@)2
ztueEc$SLFpxBJ#dt?rRcbNAT27)ZN5fNT62%1}Clko;bc4M+U7)^~e^9Al`ag{$g|
zUYO&~xnK&iPCdOX^yj_AjsqEGhf(W`<zr^#JHD~w8-Jphn<2lBZ>;IU)R%Ak3WoVj
zLE`I#Z1$UM@?nq<@CG>_yBVwUwSNJCqdYP5T!kDiU>!=X;!r%X8Itc<$0F8Iu5}UU
zxas=0413%z#~x>ih>rZ(iex%>E^QG_;Aq3c$q{9p0}+x5H@O*mre>g{99d#}4G~`x
zP{-${v-PCY%wCZwRf9{r6~;U}uPR7l<`v;N#yT178hWQZX?z~c5;zfr`G4l6R4=r8
zVnO>^w9)mo){p9`!pP4({ASpsGQtpEyk_ps@Q_h)IE32MFt`=J=8%6ObN)&Z1KBG8
zAe%CQp<x8%%ns+*fj7@`kQsebZ6O1BuRd6krOns}bTml&bahQzLdGHWHL@eLAJdi6
zLzvFt(6k*`dU9FBgZRCI4SztodhjBxBqhJnXzM&&8;L+#&DW#2nz%@-M*(*~rQFb1
zz|zBzr*;s5+kI=|>wx5!FDFNI22j+>9Zz9II8MOMNmv$;0JWSGugY(?fyI0V668_h
zRzQPp<wS88PA*}`5GEplx|H&siXiG6OblA(tQ6>8FA7w<knF&t(0@jnLA)C!uH^xj
z_@U$BiU{KtZFX2a1JUnNMqY{>z~3mjymV(S_zLN^o`GM0S2I|Wur3RrLr`7y72whZ
z4&}Dc9chTwua*)VSET~tuv<cP$0kxxZXB`H8_ws$bHSwNBPSiZm$!HMIm|8(d52G>
zNtjOnkw9+0TfePL_-9V6gaCg;EeTUj(38*=c<7%#oSd7E+8gU1l$OcU)SLmrJvb;B
z6T*+vAL#C;X`cyam2x*_%@=(*oM5hY-+VeJn~djT^;v&bmdQ4rt;lTs74y^^H=cZy
z4S>KL(L?{#Mm!q+EgvGd2!3l6Ep4ZzZ}U_};yg4M721<jZf%K-zNUXeMwJwF`kg>k
z-Foqp6!~M8t6L(rL%t}GsnuVG!NQQG*+P^sDJa)J?O@d^<#fNfw>|882ghe$-c*}|
zCoG<GCH-LqKL>Mrm7&c5s-|J*+PnUb|Jk-({T>P~*oPau*lg}fI3)0CrtYSK%!U^{
z6PL1UI9=HFc`!@VmZN_}Gm}M0W)Mz!hDiK%cJ0i*q0ozkJ9nd{XRo3yIhfWwzWF`j
zmVo$kICuPD;rjG(bd?O)LRHO|3#5#7Fa`RkpS4Efy;`z<y~$K~;lrhfglR4M)+x3s
zw;%$twykLbmz+U>F5GhlXWn!?$-xp5qrZ@qA#24efDQ1qt9gH>&-jx5Z7hNKg#$H;
zSeUMX8o@5V3aOHFZQnThFe8thW~E{93^xc{vYKjKw|hw&3cPv8zj4FB$GWka{{-cL
zFtWX^o50292n&eg0~oRyeoJ4g??{N@<YaG{u`C=R08ZuwgTI$y0GUC}>E;JS<oC^q
zx4b~Cq#r|{1~z{V+`JhEfnHL$IJM*1wR~Yyss*(MOYgz*sd|)YZsnF#F2$NlSBRXR
zmmIXh#=;@#z^m`$24N2lVG6S6z*{;7ROtaLWb?j0=8U`_sG^A_QjI&1L;V<7iSNjz
z!&V;HKtwgdKl%7|^8V!LV)EhBmyhQI@nNS&7bhPlhv$DMUymgZOO6z$I$Wk=Wo*?D
z{q3Nc0%*omH6~|1$$A;kGP~R3mr_^0oE;6U<1eSesgUZZ4#(CoGrQ%?OzsZ890C{k
z4opFmDIeHnXMbEwj=oMl9*Tdxo4kj=T%4ayKA!z{eA<i+RWqWdo51=b((ClOrnJp5
z6Dzs3z?Oea;B9~-ARcwGs2XI^8Ao{P7}|)3n3Pc$N+kIL?-yl<pnA^y3Y!T<*hMT)
zzCa1`Mlrxmabp_>y+9pF5iM?d`0LyBg!ZKxgPPYBn(7Nt2eVbS=LNT{9WT(8h1F#A
zg?ooNwg^(>6K{aL*E@!ZZ<_eue4#J&SW~K>9rJ&3Kjx(scz_7!J|UEn#amk61Pp-{
zt_z_ph}tKH-M)3U87vZChmIqG5u?UI0o0E5-5Phi$bAxym94tuMedtgG7*s)bd0J@
zf?SI?CR$}(lR_8*{fvU%d9Za#T1`|}#;;7gT%R%$ma~!?wK%<`h_#}h`J}Yi*AfBV
zLqC7@`1WocwR&^+@>2Mj;@?_%sH{y&r@MFQt}gyge;=T~*^Er5!%wcm*(K=o_yKx+
zdi?eH^lb8;^|!|<h<@iW+>>aLxtm<7$Uv2;4~_;;THLlOm7=co*fE}qjItqe%S3!%
z_zlE&qk%>kKvH(rGz;8Q8ed>G459}j1)_he_C-1N73$I|4M;^{`*H89wU<CRl|7{k
z%~xru1eP;<GGNhNHNoo11E$aE*Mf1%2qa8Q3#uh(^R)xLL!HrN3xNhRg^V1*Cm1AA
zR9d*<SrYnJ&Lqq5GaI5~9VJje3FP$W7*^hBu<?&gYk~i487{C_jtgj)J#hBg_TGP<
z#Us9DF}opCm^u{TxuXEjM_21v`~6CVblFwIXj`Dmo=iB;W6AZ&5UVm&BeG$g+(oh&
z$htp#<8;cGi0tPM@?KQpCr1EK*Emdkp8XZN(YFnX|2Qxs4qZq5r~?6hA_#DT7rj-N
zV82*NXpGl#>A?Qv+vaNF2gtocpHzQ_c|<g^2ttSMipzaXL)OdCfOPk3M8NjmKK-yM
zg{=++=um(T1=vh19SX1s3V^C{8>}G!wk_d1bp*hDa(O$I<?;}$OaOMvcvh3M!;=%^
z$c+e{KZ27{F17e8wY-^d=bQ9k)ygQI<6l8Pd+Mr&cL~KSpEg}unTR>{e{X-rLKFR4
zlsWhzob%salk=}88(o=rH!o3L2qBhLq~Nj2s!}!C{rem4{{3|K@AK||ckkW5-x3ka
zsUAL!-uh81u-{pMyUKnjrL`r#h7|a!GYj`D@PSLHwX>km9WPyM-pZmSqLm#i@`sOB
zCDqNYP~a#IgzLSfuBghP<=B7VZA#64t)9wPXqFf2pe>PXY5_v-3uU&nfJsQO-B~fs
zGBR0K8aZS2rqC$C4rkZ!RK52>5^?1Zp5HeN$`b>x)!7EwqkuXM<n<WiLu}Vb&&+ob
zz(xVoAY>DhT8m6-t?TlWTrX<Fgs}g`9&TCDolqgnZ$q@7-nWNdAliT1aUFiMPuzb%
z8U8$Nm0eZ?;H<y=96W!tZ`cf#>dNp1Wq4hSvRCy#=ry?mJ^8N^|E(&#zdt!UAC9Q_
z4yTEkj1#{Yv{J%)7B0ZT^{sK^N|{~R{TY?rpRJbGv&O2XSfo<6q+k_F3BcsgSQ9x*
zRIUiuP}LmwF&*UE=#hW1F?b|Dv*L!X;={MNlA(DdyAP#3e)O*?JAZYT@~f-GTQ{zA
zn`x<NiKP|s=t^DKmzfruv_%9YQ}Id<ORG?A9}m<F2`;d6E!~A~bDG)=pkU8Wk*#;2
zp#!|@xG80%uHN3&+c&SblU$@-g^n{umo=hVsDG6(!LElR4rYHV5lF+%SlHhj-DXmp
z4K8;pq$)ziiI9mKW2^bu{c@JAkkD@5`ZL1urM-snT1CdfN7&5~CksK}=L>l8Rvh4;
zAZZv;Ef4>$yuZQvk9T*QlF3Jd<ny7s6u<AniS;25b*M2_Cd_q}W+f9!e1QB?si8D)
zu)9#pM0ObXmu`P3d&hJA0>vSmB=NbK$iWoZ+qWCIea}No_uHob4@zg;ZOig)87!8z
zzAaJbAX3e#SoT_Nb#3*VrG7Od52{u_vT)knL=uuw|A2Xll;2YQ4C6eNP)``4S;{%=
zjN=B{IUKL&V>(SNab`pab)&ZjhmeUm3_NH+aCAoZEfIfT2?dt3ur2&9DkX}eHLafT
zxMivYIE4fggc@HECE_pQlPE_j-j>2$dh2Xg_lD#{Yh6+QD>$XNlwyOZ{G`ld7WUDn
zg~95$c~71X0^B#W>BuwTL!n0}0++hyeXf#YjhrvS+d=^_d3Kq2GT|d$iF0b8V*WKv
zuk)2Q`2~Mqnw9G(==$6S;kS(XG4VngICp&4_J+ab5ai&_92^s|usw*ES+kpxY<~{5
z^=&HZo*SfHuB<*DZB$ps=bren1O1LwMO}{E6Q?C=VGGOW`z7Ub$YNgwP$zRe*fNC8
zL^J{0Yz)ziEm5;Vx;zkVuOZ^AeJTCfX>2`<rR;wNMkU4bvQ-GyH<uZRe?$rLPFg{n
z-UEJ!9!7e_U7L3!PI~cach$@7NPK<#hD|xb8(1%wch`C87b~Njhn=ZlW}eg#8du13
zCQvnar;<wKE~c|L7^1&S)V<Ad2x^jcPu*x+-(6O(ZH2BYp5G~=vf_CwetE#5)p$PY
zf%jXc92j8B;{Kg3*~xZQ5+u;7z&)m~A;K%{h2vgYzT?bAJlYC5@BRo&Ks%JqVXT=p
z#^6?472m6BwR<N@yRAcc4T1U@s67Ka<35))%dZ{h@4r25zO*ti-#3?T#sL-sKmKQz
zhsFUP7*{d{Y~20BdWm|GdRvC9+9LA@@Alu0yO+Mk0UHbl>!8@Wr@tS+n;ia^<;DRo
z7lp%}r<S{LIn-IgEfl=4E*qG27u27!mn+8sIsxLBX2$^@f2YU4effBViafARKAs<+
z9-p1Js6+hZ%lRMwIUJ3#&OV{j&YIiN^)!HHoAR=0gwTo`%E=&<;^u_6u;RwVLF-!l
za!%Nc9aOWzd*sZL(2ctr><=sbwNQcUS%g)W+o=<Hc3rk+us93b7iJSXlBDazsGVMO
z!z<@2UO}w4f0wKx=6?!SlJC4v#ZmMv65fK%&!M^%mF}#_@gp~OZ{U`YZ~HSBdYap@
zT~@T0Th*FfJK}A-%Kf8M?lrLnejEng09rk(qv=TP>|gAK2oA6%^oJrn!o~=4(-$es
zi<AUixDi$RLoWMci+g$rDHpz*<~lAz5ry!Ks|cO2f5w!RT3N@RSQH^-?|2iYfdMC$
z^?Tw;PDnA0R2rkYPmMWjdU`9WuiMo0YkhJgN)`*~TO#)##a{O88rzkzX+|+S{*4<3
z{^E)I_}1hiyf|dEdkGLE2T5FbW}yml6g_u5cj|;9w((ZVFd4S24U*ht+yXbMbSZfB
zAos|FfB5kRdHP@qg*UZ_Y4bwa*bl;mIN7~Gg!@*He~#&bg&lpPq?CBDyF9;%E{u2g
ztI~!u*h!liCEP_HKNW7XdespslcsSKjYW`6m%)Q_+ey)4qDCbKxf#mE)b@k}?QE&>
z6c;p}LaW;Fq3T9>v!yk1zOU9AD*Hy-d_DqRe~|4b>(z@^zE~j<Fx9L!R%@Lu*5^)5
z@2RHpm@QV<U%dDLAHN`RUZCFoaupwRntC@wq}l;xtn0wan%4nO0lL7N$v_1=G%{%*
zdsJOukE#o?#9F%r70)8fs_HO!F#?xZ^P^g_D!2(gPtFhjz-<62E3pUQ5841Uh^hx2
zf0t~Fe{4-1FYvFlF6O)l{Sq&P0?oPDOe<>|%(I2$mhT9|b}J)n7W0xNqSLe-2Khx(
zBw8i6&2$!3u_%tbOZ!mr{3faFJK^SpTacfIp_iCf1eOuYk{Hb6=!01d=}x%0b`iu&
zFdg<yfE^5MkNRgrUu|D+TZId>I~vpHe|-}FxD=-W;5_oSnefVGHYRiyh@qxt9_@~P
zt)(gX>sq4}Dx)k`&@6Tg3yU4a2_QplfPpZ~-ug5&d$0wa4z!&1qkO<l?gNUn9_KVl
zH=4sl={goeBN}!>AJrdNVS>#y1KL9NG{L4(;>ou-P=qQv=?yKoBI1M*UiTAQe@L9l
z<T6E&;irv+2ezy+JYw#?!#&pG9{U?tawt6`>5uV7^vA^W3M#($t`@cj|2UkS9-W;}
z)Sv==!Ycb!V*f<Bk?Wjp^@6J_LbL1yrjJ6?tfq7fs2BHv@@t6XY6g9@M`!C<wf{=Z
z{(<$l4b+Kh;f+_ZGMAy_{N33~e|-AO8@V`y_^BB}uvXeAB)nX4jd_V1caH7{z6#5V
zg#Jnst}P>T9#OJf1|hU{SVGZ^5I~N@ZLY<^2Z)ab=3^$_5_;*IpvQ;fqmwTm2=(}t
zKSbyb56WaJW$rA+d4s<!Jf<qe0k|to@u+J~gcQy`KxGo2CH0D^AW%3pfBJw`$Fh~~
z#A;dwWF+58(?BCpQ6uEzsgcNN7>@OeCA=<Mj%m1RQ>uooq(Huwb#o|e;Gl-EpdCXn
zq!o2`oFFIjnMlbX@Ipg`d51uflg?0Kut9`8VwewEPE~s=;qF64z7=u<(nHaNS-T;p
z_j%UBfe6%%7HB~-NQ?}Te<4d0;<1$;JmQD~trTy5qi09?G!!omSFMn<*$yHDdh8G9
z?v-n%)8sxT!V5(X`7&4r-|@DhIGJ{|#|A4t-hElsn*Z+j$UosI^gV49I-l)4|NIor
zbT$8ck8ReeHvjz2(dT<lo6N3EqMtV3H?w?%)q~+9Liks3H6N}we=e^B-`RpRv&Z-M
zXm@Gi#yv+@PM^49P??bLQ89qxpY;z)J<-oOw?%*a76yNJIH@+EKS=eBXMtY}djM+d
z#&fl0&AkAArk?-LdKDlmTe%HO^0blz%Xe<M%wDu!vQBnkYaQi{4b>L0{ssFmWt}74
z(16ovhcE}RP-++sf5I!#-;wyId;`-+@z~;aNLH(u>jF}$O3q@MdfB=`Y)p=;$6@sH
z2u;OJtpO^SR9_EIV}G5ev44jrvELGjDNjNeLG~uJ<EA_R?>zsx(K|y!krPWhHnnHp
z;71fhlb=9p_}0|F?x-fq2U1a^H1zBLJuSa%HuGmy#k&F8e<X*^;76Fnr+dc`qxUIY
zl69OVf<caf!6{Kix+SaC`{-QRpw2^lh;CrPfz`LjIWV%VS72G>>Hhz>_pQ5)BgvZo
z&r=YK!9Ye!CCQduRW8(G)wXNKGrk>Px@XQ}Ay8t<<`gCBkd$4TK?CR4KER#@_Rqe}
zzR5hvW<=zbf23@=+HI018v{&P*3FTTk&*Fz@r4$1pbg_B{tR}-+zTHpgBr39Wc`i+
z{mqk6ijZX9owA3TEQb<mxe)-3cHC6-5uK50whEqx5R#x_1_-CPo#?kb)UQ#*F;_s<
zu2lXfBwjX6+)4qTl$wwvmdQZYuuBRAUTij>WKqJ-e__zkVUu$7{f2anRA#<~Or!M2
z?5)>cG3ht-jz}f?A~Sfsb?HOeX68zR%R%rj2mKRX)gtg_3slv^iI006|AsZCj7mA%
z8(;vv+jefq@`&7D2^#emiauQxh_>=nU^e3c32(WgR9&gSoSJ-qPx(xMI&y#Z)^mT5
zK^5m#e+OGa%^nox<nN&(&0|6}_EO0xKx3$R@T9UL#;XDg=q-D1ISCs_FeinZ9Pax5
ze6f^9m6tBWI3e9j(SkHpCnl*ESRD9j=K7fHcdw>!V5Z?MfkZTpmI>?N2X)2g5?2^9
z5Jfdg&3VDHgqrxdPVMEMSWYncuOg{J6=^-Ve{*rnj^55Nw*^@TlF(zifye^IR@X2V
zt^T_dL)~;H?3lo3#ftW0Wvoi_MT8SGW332S+>m@4lF#!<KE&)X7%W*U)|}yE3?c#D
zFKGztW=V5A_54mEBtV5R-EYpFFH@}2`3u!^Ycu5KI!%Vc=AjrxbKtW!0@9&Jh~NA8
zf7K2ze<1nBAEMerykHXoXvDd3b$L~lSY9mg=R>&>l<#CvtYby=w|54+f)C-eb{)(Z
z;*#lV6t*NeQ_G)HT9(B`Z9$r6To4{unCaw@@;qQjl-XNwOl*cerNAf8j~9V!j+<D{
zsoGi>^BTbdBZ9HN&7HmXo_=sz@0+dtf84E|@>=C$IbOH%ZRt(eZWHGla_5u22bWR)
zCAr1Rrr6ZDUj=QqhR=&-4&dsNQJ>`NmVvHQ#x0Dr9C0hoT3CB#PO{l-?zN2CM`^RP
z_sK@a_D%uSTA@lRsibOv^{}quamaoco_*i3Nb@n|JR&N$+uV*dT#d}?(6i~^e-){M
zmztenSEtQr19vAy$#qjMjgl>?`_{Tj^}k@DPoAchPD>uFlI4GF8HA76WNZwz3QM#M
zKr3#U!1&{YyB33+$sE4Yc(rh2!h=MSex^n_&fEb0Ac4WiVtf*2I3h3DRok#L3TJ1S
z{w63I|NOuIiJQT~aKI^$>cc%Ee?N1n4_V{n{OY>X8z52Rl7YH`6NGWnjgv57a}9O#
z2jda^sSe{ukOMD+GQrjL`N`3l0=?xB#cJ%TlJPX=g1=f3<CTo3Q8(u;CjhU;^JtS3
zTSL<v6fkNp6|5e77bPt?UI{)a3ba8op5j;FS`uADbkRv}haB5yaXI*xf4pZP-(^T6
zx-d#R;CX~rUcnUC@gsP46#Fn`0>}HHox<qrGzcFWE=Q4E4(%(m6{T`6`dfmaC;F43
zb`UVPGTf0r*WUl{oa3o;OanArJ@Qe#f_TF5if0KkIs6CXg&?LYItRLmg8Zuj|20&O
zhRX3gDu+eV0LSMc^GEP~f97=$__h%RQkWbN!X^Q+Oyoepw%te%_6^w1W^@Q$74#oJ
z*3klP*+l8k*KT>Gew^H4;&bxItcPVE;d97NB9D1uQ&R;RY^9`+{n^5$G=U0P2^LDc
zC6iTH#TeyY3r{n1fvQCHVo4nzi}H<25<_B&Je3*4VMKBXf@5Jwf8ggT%8Om<1|ajh
zlDoA#!T4s(4$qRbUbik>n5lW*uz+&m1te2>3>u2}9ZbwJG#Zs%S@f9G<Ex94;la_N
zMW*5Tc{0MJY{buK>jm4r?Y&NKr?cI^?)UclyZbx6f6K^?7*~;4o>$00grFhr5j9z~
ztK}H_DGeO7To_Vee};J+AU1n|=N+2<Anb&l-UMa}O$!!9Jjg8ERS>#fP3@SIv~<($
z?5S>cZtk=5Yn>Lwm=giC;)GMXk2>SJlHOVjE2-$+{E`tEuEsAKe4D89q}G#g`H`jh
zgg>yvZDWyY#J~F3oGEB<yRA}H5z0h`nRh7F8bTb*u-Qf+f8__<4r&Vsho*W^8Mzfj
zdoWgBmx};zRpKUZF{sd<Vsgw!>WYJ7aNil8TpkS%|2q2d<ow{zM~6;}3U(r`<||=m
z)>Jt#Xlv#a8~*XH%(^Jd?uvE66AtFI%ssvZ&1ax*fvb`V9wHx65d$wg=1uu-b?dV^
z6QO7kxT1BEf9}YUi-m4&e))(kZBmiqcBv^EH|aX_daiq_unf!#^{UV5bKBD4Fvu1Z
zxZuy&{JbGLhN)g8wm#06TXQ)kSF%R%Kuo|0kslP=5}Sc<$3KDOb8^nLW}MFJ(KU7?
z9RTSXCjwr%BDgMxqOrXZMMHc05ukS#J>wtX#BG7ffBaH63dZg_3WhOsLdcE4)ONlz
zRwLK*B7iGG{!;`U%n<F(s195f{_U%=Yf47PnDXl+8N4FqD?cHlHm+PwMExf{PzOpc
z8b^067+tOwWf6$NZ?Il*D2g<xoKm2FuzW%j$?^Q@lu>zJybDfN5oH~oUS{bP|NM{t
z?JS_ie+D!QH|Bp(mGXg-vn+6-?!v&c$Q8mVvc!ss;Sj;f7>DzG=kR00G0-W+OJUd!
zf7~h$`m-7HKz1!y=`tZsIX2%H#xzatm<P<^s-SfZ2gBrG#C-iB2W^>i73)mGI07wl
zDP9AYe1EQ*df|R(lP|V5WwyTo<Ls>G0zgF&f3+PpC<@lXR)a0)YBlFOh;KF>nPsS6
z5S;6QN6~cXi{s<1wj&1XCJ|#vcj70jF2?)$gmo9(a&9o1gr1t+TakEMC_7@eS6IE=
zh_#UH+0hiw($vtS{1NU}JxDYf0TsX%GjCtHI$oSX51wF+q*!qVql?Lqjs&Ht{|x}-
ze{QDuE#8yoRkv6M<5`lyq;p<7b`@x9i*9n4B#U^z+jSTII~N*wur4|YXB(lQ65vNP
zlu$Sl^jTX{r7V-S#PQX+^I@;ocW$l^92*^#3v9xpgHEr1-QV8d>FxI<JZh}4qzUjv
zeqce+p|-V}tm!c!pgH%3F%qm@x_io_f2tMB<7;bQ%kjX$WNYm7dXy9lWk;zL<>9B7
z^~~##=L|_`JxQK!))UXq?C0o%&wARhKXm%Teg*^2{C&3CwD8B8EIPKrL%_tHoX<i6
ztla3)u8C!i=g_S{lo*R+1c6FhD2@1OXKL(Z+Q~$<8Y8VSk_i>p&PFYx(;PJyf1z={
z6UzV<yEDxO6x?upOkwRv-S@HPBnwjGl>@g6#~5{Gv=0%!8*45FO&Ci7srUi0o-JVX
zyh$2_q`Xm4#6^CD=Oc92QjKm3N{v{@kK-j%%8^xRPb)Qo52a`e=7xQS%PCStOgRN&
zPMtH7@@1wq>FfaU{Y!JZs@Ls*e+PEYz%$ff8**9I(D;269_77V62X?}J+K1s{i*$j
z$e2}ewFa|ahuLS+*K<nG)%c6^b(kIAUj=YiA3Xo!_)Nn2S1fV(kGd0G)V65~E~sar
z7~?Xz>+(mss`ZP`;fdBCuSipR$sl|l{FV{F^;N`pB?Iv5=Dg(uXqBP@e`XLdOQ3An
zg<mIBKm^@5KT4KZvOm+)DAY29Q)}g@#0$gGq<Wv!P$DFSdPyx#9=tD|=2{9HUbKk9
zaJmMqhwMlyngCSbBVN@&_rDo*pBZNXODiRhOb5WL0Nzy6ix1is#Kn-_HCs6kY}^^U
zP`~DG@JWl$OGhx@Iz8{Ae=2}b1Hd-`{PzLy+$JO~DK!raK)xRR__or4Qi;UC0#H|O
zk|0`elN5Mg3xf^#_5Nz;ES6(_i*~-URhJ*r(F%_jXU5>5_2Zf2-t&u-D^Nck(_s=7
z*i}54k&NboTT+5ZEk(0Z9jqvE@ZiTnTlNJn<8K+E?-%77FNM%ce<WT=S{WT7Q>h)I
z=c2uCwYM<a9zctr%y=-<QBq^MAxa*1Sn{<`NpV0L_NH(rD<xoYF)BuJ6ix9-SP*k}
zt5A67MsujJv}l4cxPXyfjW*rGZ(_X^;(zl@z<(k8JEa~dJfJjh5qjkJ8JFa~veC39
zHE*G^8Nld1_AN0WfBW^()q(Qa0++ZZYji$K-7O47c!OjCJ11g+fje2R!NMf$iSg@$
zPlcII<KQ<rF!;Jj1vuPc``foIDOfb)w>fH?6J1nfO~bx5v8N0dDr6gWrKayT-_{QX
z;m5Gi=S-B%cU6P90r6u`OnIq^i63{_;+Y$T8D>MUU5Ga9fAid6$qIwp%Wfr7g!e|I
zG*~Ya<uDQqk&9Rq<VnI}yi6q6X2mFy;-4Ebw=(s-2RU4uq}ap%GPJ~X#}B_TpkyAu
zqEbQF%&25R(ABdcDpKSvHO=5>s>fP~P{{Kx{(VWB*2HPj3pQpG7d#4{r}8YBD<IP#
z@9jkeS*S2&e<uFqU6<&q<WeHgA??_wCqKYGN2<cHa#t)I30Y@z9z_fONWricFW$0X
z3V5Ly3xULhig@2!U>*$63x8(g&W{o*a9TfUSSoj_!)EjY(>I@*>af;5YsNm<v)Bho
z<j!LrF=BPc)wf=fOuf7scFu=K7fwqk)#6K#O2RMEe+lHfu<P`7xEedFp(DIOIznx|
zxtu8U(L7#8j7rsVLBt^~8yu9Ok@Tn%1u^hlt|yIjkSpoxG^Ne|<t_1Rvu}$KK8`pI
zb4e=D#aTFw_%`D?NNn>GPLB?cZ%&b!p!h5@VG{bCU7s!}@E%DR0%@%x8ARDh3NrBF
z_KU)xe@!F<SHjJp2m;JO{Fl%jfUOSjA$ZFJ8#}Olc`m^nr!9RApCc&;`EHa72<H6-
zJ<Rp62ES<;rySr|!&Ye63JqJ~`|PtLJt>bFWmDtw?h&=H(ZFJKNOkLQnT*3FKeORt
zf29sjNj{KT&Vdi7evA#9RB0MV;R9?`kKMzue;PY~9A4r{9wEyx{I-JXz#Rl+9=~Vw
z2x51)%Sb@h36>c6KOk`spAm$&P=9JT4IB7Uf44AiO3jZp_uF`-WIA#ocoHeakq)xZ
zXx;WDLZ61?GZ;HObEAULo3QwS+&jjO?BI@+d%4B8U>7%97j}_3<0u!~k*`B037#Zl
zf5u<HaB9{@dGebuti%}IY|Ry}m7XYki9Yo0oq^B~$gmO8&(M|@HBKBQ5UiX*AqZn(
z20o(1T|o+jSfrBpg}6hCW5Ay+0&F+Jn_e4kn-du=^hJQ5UNDAG@DAlg6^oK~%dl~O
z#UX_}$By{DBc{q@df{raE;PUXyNNhRe*%HKA3q4-dnu}oTA!`9xj))8_g<eAWkQ(?
zTLcq76#?1PSy?I{GqF68npsXSwwCa8{#x$iJlV^HE=!17EFm4b%W=K;#CI--c?_6z
z5?$|dT3~c;Zzg)nV>or-x`x*hv5c=w11yD^30@@Dz#3XbO{~&7ldV<Mf-Smof3}?K
zXeE;}6viYke7Iwgb-d}4Y&Kaz;Z2&2N3w4GZDz3TQ^Y7k*FZ%G;u#yCjM3-b4+Eh)
ztGWVbVgS3W+Zksyf`{@A;=6Fk!_}0h@>cl{5n$1rR+S#}Qu7QBWDL`2iM-qMHF$_K
z*^yCjbxn_IStklC`9NISB=0tJf1vou7LpODG^0I1I>C2x3WmnFlHXn`Ay}-+r<esA
zYannz0}(iH!?<A)|DYoN*f0+sWgbYE$zvTHsS6s9{Veh);-dCx4G__i*O#sOP!X=K
zPp><@0dWza-aI48$n*d#Z^=d;cD%qiZGJ_VEqQ+AuHfk-;5pMVRE<4Ve=^QNGsWOn
z-hAugx8;P7f3imwV9IH%2$qHk6;?UIn5V8!FO6uG6sR&t+RK}mcot7{1OJvf<RGnG
zMyNdhh}wa25Jb6M6tHa64t}da1u#OCE;+Ys4y}xGcpNMqXdy&w!hCs6Q9k1_o^S@S
z(FOv)7apS49+On=CFnxxe-b2)el<xvz~3^|^MbP;6T(S2TLiuf!W&fk@(JMZ{21nA
z0avCffK|gYcm~fvj=QZV)j<69z%~E_D0Pvn9cy74lHQX+2dsj}7pi{8lK7_MR@#SJ
zrYg7`x(Ftf!Q^k@7-zCD2AC6%Qf@ui8^BD!J3j>BKOE6u2Vu3ifBO&Zg}-!__4(uG
zO8oNu+7so7%Ei(Mc8Xg1JZS_g=DvVB!s`}~3p3@h2Zo%kG$+H1RGDBzJ>9TdAkcJ0
zSTefBte1m1otvBE!<rZqWhEdKJqnFJH%4LV2)mn~8lu_DX?bkwE`!AR)7AM|z92!(
z963E--N1xR^BC7Mf2h;SVY}{vWNdj5=>9E!<*Dff?tTMMQ?>z@0x6<c+ih(@L!>c{
zxh!+3ibD-;B=%vR#{kwCE|!5S)GHEaz6^pcKrkyKhWTc*x6II#xdjeYFKa4?YE1Zi
zcsx(pAH?v{C~#U6r%Wb5m>>%6c0HXGul=aFf(hmpHQvXGe<2H{4)d;^1WgU{DJ+G|
zo{S`v?lA&&<n~2<e=XjxOI87Mzq-{CQZF^g4NGqokn`00a|(*KD8HK8B$0re$cF&*
z`d7%^U6DntK2rStUEcs9fA7u~pPU~>IpttA35Z>!JV6CcIOQd5yt5H(oZ}2_wchnX
ze=m=I?(}xVe^mPioM^&hUIef_Y%>U}*O7bA0*JFQDDs6-%bnq!^Z)%Hr(cn-+y?Lc
zb>=G>-usqawVc4761b0q=~0st2l!4P>4o5(T7?BajP6`miZ$!eCNvI(@qmtt|5yfa
z?vl78G@^GV5%YM~JXyv`IAc+~2HW)*|3e|D$1pk9fBaevzWdwZyEFGIW#~EU-UeNI
z=`IX3Q$5KO<q1~ATo4so3BQmp8rcpqV=ne0OaZB<IX1%au)`;Ka97-0qHwXmTNeZ6
z0`w)ou@;qSI;<szi*7FK*J9?YaF#h-$%H1a?s0{Qp4`=>s}P6J6;cp)q(le6!!3<B
z2K>Qrf6JEtj=gJRToI3)9vp1RE4ak$CXi&-0;Suw`iBKe2fF6;%?sroa7jjD|K4Li
ziUc1lqlu|vut<`yVJuKBOuEw$6E-&%OuAQ|CNA@MT+5P7R{-a6nD#;-f{mFh(r7Sj
z!_8Zcm|rYHJSb|}Ul1XtdSGFIT45%<B-wfNfB0pDMNo>sscjNQGFgJjKs-{5-ZT(Y
zmz1EKDjK{Fr=?47i!s$$zR$hvOH@5|Qbs~NV`P7qSMGx=Y-uhiMKRJ2Gf5G-?PsUo
zd-w69b1*!l!nK)?h-Msx>ti3a@gC}YH6{_5ny|)G2|bPYEvha%gJjNfauc(fJPn}O
zf0#{CY%z)!Kojx=GEoD*J04u0CQlg0mc$R({QeQrg(O3dUpL7ta7h&N;yVZy*@p6(
z813jAQPWcaUCnKXGyM+QR4OzVBFbHypM|r<lBX0*0$W&PK*b4FGmv?rvFZ0k{edDf
zRvj=tYkR6U)Ms7@Z@mdB^d>ATkZ#lGe=M&Q5!J{te&7alTHM%rlr{pS0+juM|5mLI
zps>`&Y^+L535w&Z9K?vJ^H7%y`DxkjJ0UcFyfTfW;1pv{HhU`3ka<Raf>5*U;8NB&
zME9_E>8`9iLBEO!6RyarKRH65c1=J*6Z^8hZH18@q<5-Pj&<yfQsGimp-asWfB1qF
zfSjT;XwG6RZ>R09msLHN+TS5oWex%Abbs_?p7$y0L#)r(*>cW8hk=g27y>LqTX({6
zB0CNekcAE&4^stoaioE`1n&9RAg3UFA|SG=c->o|Fl=kef&oKaBC>UP^sk*>e;Xky
ziDC|EiJr$_81l3l&wzdDf<JuDf5F)5!(_M^{<YKFMJB_AXb@By(qni2b!2ouDdkZ3
zMMvIBaO-sV!hNmGH1vko@axQ1GG0S{9JieC_D^;ryF#}Y>2-;hi$$;!zf`u*ELSVW
z<80l!+442ZxommjFBl&Dk!KJ=5YtPSbE?S7S3c6<uKL>V>5th6d@F@de^iI}0G;aq
zLWT1HWRb_9jHSIqvX)`3RUuab)NTNJ_A5tt3=D@{fxhz82jLrjmj+hzL^P7x?o<_I
ztCnnr2Kapr@j#Y?!Z}OFPh}C&hb;|-#uQE2vVROViL5QBPDHagyB=-VJKxpmFD4P<
zCHL<v3b}tKZZI0V0jOitf5LEsE$86s@{7QeZ9Q@<5p~oQMcKvK`b!61(z&M1>`xsw
z=TD!|9i2pto1XP&l?8W;TK>1!vtF1fH*2%DB6WJ4snG@uZCn~TfTJRlUrWjR)GtQ;
zS0)@3W^q;1mL3}~XEQfibwvPov@U>DD&Z-oBug{p&$10h)Q$w3f5SQpKJWH=?|Qv0
zlMX_k!5tm1CpEFT958Tke)U~~0>aiY9lg@>Sbd{%-NDV(_4%nN1E!Yd^Y$)Zgm&8F
zKWBD;UZzZ2+q3T#Z(`Z>V02hFCAti2Ftp+}gnRRRckcL&jYV<MbcDhzC%fyT{8`}A
zL47MXZ)}4EpvfKcf0hCBRF}BAyR`h-jCnph%o9!gHBk&awh-Fj+!@1}kN3yA9B5D2
z6V!giu`}Y^*Po@VS`#ZhHiBNZy<?bz`ST!6laBdMPmz~H$<sNPZ_YqaSmP3lj*RY2
zf}BCc&#EAgrN+C5RtcJB8A)kOH?u_933+yL1SQ#-ClU~Kf0$X_^D0@;(Y>9DW;6gM
zZ$~1qeGZC9@CDOf5B(~(9FOOuV{?eS@-U&(LYHg!9#wItw*X}CIH&GcxFbkhDo3P!
zun}6Fb^(wcv!&WE@~eQK*7$JEaP7SmuKhP8-1&37ymgoJHTV<m@4@!AbA0yG@Z|V#
z^yBdC&!geNf5G|9*>yGcQOOYQxtQou5#yB>->#1XmlM!52g0j*1nHyG(qyv=iC{tp
ztynIk_=;JRxKx;Y@;nN(0%!&;R?wG1d^?KxD<+}GEZ}<@xl70@sP%~7ccO3!S%Car
zkAU5BJ2p-JFAH|-sZsV6crlj;m3{g0NT_@6s2yy&e?-cI+NQUuk?<<%Qx4>XlO;Tb
zKele`lPgsPSZM(91`vP5Sl=hnF7}IAp?7|Nn|%80>_VBo7M4Q=ceqP*NQF1aNg;BM
zEzx61%7O7}&VS&R<u}$#9_NT?WyLV%lfGxPq}0N~4K`i|Y<#b%<$pWf`h}U$YJj!t
za4wFZe^t%=F-xEWWX)9wv4Ip^F78i+?^10R!km(o6-YzCEms$7--ThU3^Pijq+*V$
z_^-3g|LY8Pc6K@+27^Io*Z5D&S=Gk_o--LGUp#!`J9kkVe=ZjN#@r^0ey>^Y91NU)
zE(-$87izO)FO7V|t*kK2tuQM-flN|y1DpNgf80B3P0Vx&DIuHaq#4sh$tb$_T}e^W
zIx~u^l-ujgyd?q>UGBC^M8zj4d*e}ettKCc5lpX)low{`T>12b+f`TM00w?CG)}lP
za|`IYEMCshv{B-_fk@b3g{lI+l^e@7#$c*&ikjxSjMiOOL$g6zh(H>t#R#;YAA3Zn
zf3YmS`LWzBxT`XI>66-%%Q;@~=<-G`gBL)tiL2rfZxW70?}2i9{5&)k94>vmSX0%1
z#HVTo!M-;kSj<;d2^*-%{Ni?ce0F?#bJ}*Uu7}r0r$=Yk++HWcvxB3yLrHDh`Eqk|
zA|C~s1H@a|-B*#;%?6Qudx&hE{kfbVf80-YE3$b{mi5#)jg~Q<gDM$StSu3iE4zoO
zgoM}~p|6fR8~eA*aH(is(25EpZ;-de?%aDnj2^*X?^Ta+gTTHl0&BM$BL;h%X*GsE
zWZbk9Dto!um>xz3dX66RiMzu}xxpfD&r2A#Dh2rlQ*AKSM~wB-nCf<|Fx5xef3u%f
zBdLXz8eFstxaj*gfQy!-XSgs^K7o(Q4qs`+NBSH!B3BdBNhr?Ebca~jnt;ywaD<^v
zb3nJ7vp=7m|9m#O{_Dk&fIi`w&+9VPStW=TE|b{z2&d*t96o^HCVOQZy0E1|$n9ky
zQWNO6llrGxxKLbv``foyMnnoTfBF*$9mI#ZhcP>r@kC56<Ht7y892QyKW<_Dvx|K%
z-5F1^p~}kRy+2z7jBed^F|H0a<chhWW(|z*d}VBb&>gB4qd8-Qr`E?0epQuuQBA`K
z{OM$C6SptA3%#tn+wMXyMEt%m(>&4+Y;7ytt9o?y#Kk(FfaYnd(ws&5e>YxICV`K2
zK@bcv<yw6Etl`h}70;G^b0<l#l7(ct+bn0I0BJRU_;Uk)_IW^!_%D+x$rhFxY`)2>
z`Q_#anD2QZqZK4{SZ9`qI}cURSA8EcG^b8YbSOFjw$`*8iwZU2;Ck~?>oDjlifXkQ
zda<t19WixfvOG)Iw)v^Pf1JneR5zc%fcS`LB~>X`zexo9yBmrve>;NMVs#V$<GI+?
zFEvB6KUfXLLiK43+VgI-+IME|H%Vo)tD!B?0fuGK)bGS_S4gHS0{xW?%9i%8i1Eq^
zW!Ki3%L!$w!Qn>lr&O6+E?~MHE))*_2AGqd=Ihq0jeQPyv?m?@e|8<Y#0EnVvx>j*
z9JUkUENDe&G(d0ojZACup>6fXn1eLX_HPMolae+z6EB1uc52l@!zkT&JPUEopF2-&
z+Xl|A3WC<a*{=j=%a+#E*=Gr4x1Bt}&+U435;v&#Q&wtF?=qm?ABtN3w}*NcX37mw
z?<di2v~f*rcBoXVf9<18RS2aoN~LQUK`NWg*xbW8X%K;Q;F43D<sj{SY{Jev1#PtT
zUe1E0_U+oZt=0VdVm-c3vJ7%Wu#wErl0X9vYx-t14vHIQ-Zio&OQj&hlHi7g8KMH}
z)rIe8IZqh(wcS4|z<RiZ=WW8i(}Hpf7FE{l!Ec2A*g>0Le_DPAFRzKA*YCzB$vdR7
z8>Sppv~SkLe3_<l3FKk-YF8fe=Gm?-j8odc%(AT4k;$fd8=5smg2wPn9GwewNLe8k
z=7x1}J<q2hmj>+)vVe*d2TP4trz*rWJ2?r{#S1$Bx6F&fhUoHk<}+?_X`{Sqq6|{v
z1N&Rw2c7S1e>qnurYK9$u~~z5Tp(|Bfd~;ra8RjQraSi+a(wW3B`(fja`4R0&&_H|
z;d~8>orhuzPdsE3f5!dYg0jVft$we)%@0?8|8aiT#|uf07t{yEK0CiY{?g%F6L9RG
z+4wFDzv}s{zQ?0>n6UX|HTud{q&I#)a9X4jXmCF(e**3`Nc9^+s^7l5mJ@sY$?mC!
zM2{cX{?w;<57J<?Fsi{iy)Z7Imtu9=BuxZg(OWJ8s)~9n@cGfcaw0$eN}|`Gv<*)(
zd5-#RotW`+KJh2bOy}1}qQL{s3=eRQ0K8z%#0>)YF!;Uj3Ds)7h{Aj5Yf*lXb`m(4
z1JajsfB27aR_WT{BIvBoV;$*6nD5Ev`-(s!wFIz-6VOV4^;88>E1+~`K#_H31M6~H
z$aaQnq^wPE3BY#2eQXioWH1BN1qn2y+k%`YL?SgL2k!>Y0MXun@sW*808@IbOyWkj
zEI~}tT#Q<nWydf}z#_qqMMR0;Zs#mmOQ)_4e}Fw4`+=VT$%r4lQ0{pM)wwU~aB;d(
zBAo`@3u-!dF_EDOW?EIEb+G{U$HL3q&e)B4rZ$%iR?-2aOf1FWv~I8~{_BkSf1SZ(
zGU<HqJg>uy|0JfRx1V^iCZb;+4G;e+pC|UEc+&CNXn1iUe<vCaM*vvJcLA1#l<<rA
ze_ed_PCh&48AZfBTfNnnbNZK2kq-jL9<3H*|3o3(QiXZJ70d2u9t|X6L8bR*Thz|f
z{jfXT8+3Nx_uqF0yL;Q6@y>M8*`9pd+nMg|xl?y9ZEYVw$z*cJVwEb2Xwl*;1q8Rx
zgIDezEpF#Qeq^N6a;IfcNiADWxQ9N$e~WDGD?!ML8NUX4TFKg@yf8q3ZIN|pVlqIJ
zmh2vv-e)>CH*m-8ESJ6~dj8T36DVoFzNSL)j%u{r+m8A;U<as#x5O#y&$+C>4cjSS
zP44{2OP!`7J2%F$K!r=lLQ_0+`klc4%7km~jotU-5B*-}qvv{^e&6eNKJ><ee@?GA
z=?$jdV5c|vka1f1PU0g5buqnkTW~^dSG4u_yRJO1M6&SO*UAD7dC5Al#OlMyzxCmQ
zZY2h`TWg)|RQSb<7UbE^w!Hu}SItQPCX6A-@~gZqAX-qOs3!6|iVvu#ewJ)=4d>YO
zU6(8Zn~4a^*S1i+9$)Hd_de3ve+cp7!<&nf;{%?3j}SD1e;%Kok*4C><-_f<jG3`}
z*f;n{STJt+-?&&;Uj~2#M+n!?mf+<9qU*0F)UUEgbbwU$i0HotUq~EP7i+O#gwb=&
zeP4yiwt>Zi2Z_WAD*Q?0`U3O61pkrx2k2xJN7C;e;VQs1RPDcyx~|pce{O^hxN>R)
z0%-*m@yP1a0zSOkwxNXIyR*e7XNYSed@jyo3hZsf6v#ygEuMhb4WBf}WSwW!jwG;c
zkpvXDXH-ZHbrPA9rs_3q=lrLm%hAd4>G5?%K-h*e@CG>pwej9^g2o$D2#|Cta~K0_
zS+i`9$hGGT*4Bfx-#OQJe^?XaXTt<P=>c*O=FUXWhgsTS0=$k`xem{o!zs(uzSr>(
z7SK@xWQ3+0{#7^#8Xg8V0*iRkDdgW3OXXho*hn2FygvG|`cZq^y%PWDY3kIE2nAHk
z5^JUadZw9H%lR+ElcURP6bVJ}EA6Rwejvq|z)qCz(l4umjMb9Ie{h}VCfvD1tlo&+
zkVj+y=YdNaG}%d{6)!guVyy+-Y_JprD<Mr*pvD8GY+xE#)tSVR{?Xf>Y<uGmoo#n8
z=?tdZ(~jF8?{@lAc;G$zIPLddwGdP&%R!^~w`>kta4@RO=f0)N0tQH*zCA5a8U`J)
z76u!r280Q}#eVH3fBp=8%>aYZ0cArm`rjvLcJbJPZ(SrRa*vD^`Yeq8qC~_uOnKPr
z6_3fRp*;NQ>ildi?_raeV{sia_YTQ#I6563pKM5JKySSF*#j_YGV}%@Hnh`Q`t$FD
z<P)Hn_k+$5<-Fhoij@lY+S4lqK!b-bU-fV*&^L^7x+<cBf9Vmm=o@0$sNfkJ;;&Ku
z1j<yswJl3d%p19h@`ajMH-p?;c(Q@t^D|6X9GYxJI<Iz=zPM9TwchW41i$~JoxXAH
zHLktWxb_RV_B>6K*x0Qptb=o-ZwsCH*375bbIUo*9iM~|+j`3F4;r^myFJ={HxC)@
zt#kC;@#Xrue_s>(rS%Ygop+~_AxAnnV1(FTf}j7SgC8~yp6lT68wW2ga!X$Zb%Yi7
zL1=M%(vy!GPtNt^kFV>=rKrl6nuKy`HG-_a-=f3kC+k!?PZ3hoLPBHU{-#MK&{k64
zNRM;v%6)9q`YncUD#wx!=O0dO2RHPV_4Nnx>!+r{e;YpcFIbaPLr6f)*@F>a`=FrW
zPQLQ9bi)4_gVW|lW1k;{KvY4X3exf0FaoLQ@d`tP7%{P&gS^V^-2b};XneBq3kjb2
zB4AZ^Uo=#hC#W!npXUsII03TM#qh7-*=^_I_-u4?e(>j`!?yF~a(Ht%`f@V-gNcS`
zpz<0`e}WM7n4Nrjj4Zej8VFUl?$5)^v*WWrbPq0%ua6IgC)L<d4G-om^I+bLo0gNI
zurcAqA`lpa7khoy^IQaz1?4g%y~$ZbK2He}Lnqi!(ZErrlI*CdE#d(ryo?#m7`x@E
z6Z0BoO9h!N%$?jB6Ci~%-P2$WYSfs^er?5jf60<v;D$O$ep@A#hM7`+W=bva{zud?
z1mUFNlr)@@UuUqvmh+<<vlOZ+MFpe^>%LhXF>hd!7eI;!`NRM=Sz@rqw@^fYMX&^#
zO0>cXx;PN362yyTq4bM#maC_U7<7hPERUzk$wMk97hXdy%&cY&xu2~eOC8)&gV-hT
ze@WZ(#O-lIwngK7#HeVT??s$XmMk_TJv838hUw6F-!r^VB1kC(DJYN#n0GUVLgS6=
zX$hnSTP6-d$-Qp^b-#%lNTR_*6oQB@zjAC!Gicm#J-6Ux+_4lz&{7i#?1E+N5P4ms
zm^5!hANdi}(=1x@7~A@_%z>fi3S_>He<%Y%q~|XZJ8lcVi4q6Wb2Ti#$)f={EvSOX
z3!N^ps)ki6zHU827Z5A~e-58+WB=;Q2kw~RR4-?|TDY+U3;5sc0j=(n3Mt~RH2<86
zICaAUc!C9>oFRt;klJK&gVhMxKiWR(^ahCQ^MCF;C*iF>cmDZ5|Ce(-=bIcVf17+K
z&SRI>3VtCO^TxyOV!_-9g=uh9rSZGi0Tt?M?4^?7|7@F8#BL>n{u@s&C)A7f_EE$l
zZwNU*(e+F$o*Q(0v2dQfL=wx5SQ7b+^hfV~7hz-`hy8ixC3k$`LSwdTS`32-f)UJf
zh`hTn@c6f3JX_>%5A(IcspHRPf6U7`(Y+u00t*r|suy9DxWW1f9UYYW;5)k_=|zc&
z1AK#n)p62_UN@c`gfR8MS|@<vxO2hiX$5prPHjqDJQfGmPO!BCgcN9#UHTCV*u6VX
z91rye-TCbcu6siwc=<6Me8p~oGz8fp&f&noB%pA--_U)5hbe4=fcvnxe;UElf8ZOt
zH~4St8_!?^_HGi+oUSu-<F9ZjNw6*f*N}%W@~Ad}Bn6-=#Y<*E@W`R!mlysLyuW}q
z!FQ<zV$AQN*T$4?FjBmn^8100Y%VpF8&<)m0UoXs&p@<(!EZx%fHt>4(fU5*rX2LP
z`3>~y=F6AkgJWRtez`e2f4r&<Sph5w;Sq{D5H9D=kVh+iYNAGiWv3l}HMl$+9iI&k
zu8)5@s)vaNTh2j%js^J#<Oxhm0`Oz}E{r6r@JD_mKtqCL6@BGN2(kwQ%r&k4;dnWY
zf#iYj8w8b+H7b^OP?#4SK=9DR>iM#FX;Fz<IO8Gb^O^{cojq%!e|*8S)Qhy|B3X(u
zWgL%;y#gm$YQKO5@98eavu+r4IP&L3O>iiU4?dl4qHkIuYG1}E069$CqteL|JLZkI
zkOSKL+wXP;K&^tqlYi3Ooyqo1yZ{`8(<x)l)m^yIBWJ{O)zBNLEu9`+9{jPty))QV
z&znp}pg$;{wEIC#f4sH6h|w^5al_wZcy%P7=IPsqcm}`UtAjp0OQkRjr!cp9F1^Au
zI}q}KC8u(#k;thqsBzE2wX2CCasNHzw)foa2R4NeID*?C!jMVmxhv<d{J+lWY3C5p
zalS9Yr=9`T=Fj~$P)SGl@9o{%o;2(D9XakE|M&kvy&zO1e}a?_=WfzuY*7^ed$z?x
z@b9{Wkt^=Gle@IJWF;dNG$wSsLsTKl548V1+%c5IaA~L&d`W(WL-h@>(KRurp(~`!
zU>2CjB(3o(W!f#nbMJ7J1c9rYpUqStU319S#QH77j5~-KPwv=+NW<J&<4L$+{Kogp
zQ19Nl{KX)0e-T3ak$o+^W3I;{Q-nbc&H;p42uDqqfz!eXzoe&#UGo6jSELeLYWBo)
zvgZ5=Aoeb7XELI;kq!Y_;#pPUCq57YEf)NM_rM*EYJ#A`sY3^13vmkAz)>Y@84}C6
z4YCNl#0@}d0n{5D<&Nm1Kqg5$s3MnC#7nDBhuD4Bf5!;E`)-?(k=Xh8&;R((es3eT
zgNRJAP>Khai62ALYQ}Wf)l7#AfQizGu$th6GuQcpKeO>wIQhyF2Ut@!sKhr+H8w@V
zYh7JsSX5j0AI=Qj1Jd1+LrIO)h;#^20)hjGbcv)KfdN5MP)9&I6p)k<MY>T!!Arx?
zmqxn($bH{?-~T;d&N{#KTYK$i?X|z`v!1>DP<0VZhpuv-4sGa0ZssXzd>Pa{yl=Uh
zAy%s=?6t85GGyFX+{BgDh!gGBuVTEO+Auw@!wpWAOOpCWQgXjQ0WpN5tRj5Pe-7Zb
zzFqaA#$@`s1TA1}sCeA6*>#%*&`qTK^?$r9@u;`)UgwXfZ8@}ja|ldJw<5ewb9C#l
zETPbTYf)UQq#QXiD%U4hyDl|1O$trZuGEpFr@3uY7<yZpESwC5XUZNaYWwl#JC%7l
zA`n`V2z@vNtf(b^)`f;Tz3STN<YqEc^9;{G%@v0aJ;HoyPh<XucMyjq&8+nd+hT9c
z$_iurZhYXr_t{GJ{q*~Q#n8U&FMK$%6Ft3j_?cjLRGgCfH=&VP>-Z5dsJ4M>daaJr
zn4OA(^~FVpcaiyU?)G5GPte6iM@B+fJ<z97LqAh+fXT=`I`h3OO)FE~blbTI4gDi6
zfXR6VU^_}IFLRclt1x&z9BJNp=F`&_&bTEI(GFLt59Co96V4r>sf+a`@;{<yu9~))
zuiR0mre8UkSz7hse@O4}tEe>=Za4Tr4xAOObXQ}GDjVR;Ear}fHtnPyO_hzgfa~Fu
ziH~c4(6mU-h<FoYsM2I}ZF(8fCz`Zc<qquR0(5TFt5RhAf+d*RrPYD^xLNMpBxk?y
z45X^;MJG5bR_pzMQ)#;-m4>PFA-klE(j_;Faw)9KuVsV4kP=n?8-mUTm7+UbQH{<*
zhX6^cuYtrT(RPx1t4E1{GVqs<fcJ-M`pDQyfQ5F0CL_;I&z#7od1kj$h+Ipf$m16g
z-PZ;*9eb0NEv@E6H7Y{U{KIi6+PA1~UQ_m+*5s}Qmm5T<>NQaMwOa>SW3P}pb0S1z
z5W%R9x0*VU{*`)!p>+BZhfbUiG*8KKb`>$XD}~V{?Zm?9>eenYrA?LxV0B|u3tRMZ
zA^|Jx-q(vJk`A#ZWV%bp7pALWN!vv^C}eC)p5P?<JjnRAqqgqV&Yv?fB~Fp|CQFjf
zYY??>%X@MgsaAAohUj4lHvMW3G8k%(e%ihXFTO_ZY@T%8nI+W!YIRe}Y0O|KG??QX
zHv04=keb%LJ;C~^f#vH)ZxDx;eCi_4Cy=hRcjYs8EZne#@1S@D7F6{Hho;uh4d+y1
zfBYnY17zM_;nzlI<&=G(F6a2nx+gP136V*g!!b&8v#&b-YQjdAH$>M9H@fq3UNrmZ
zR&dOhi3T8b!8h#oom}2UL~TaACi3x_@tWx&5K-BCv>ZbXZx_3D0Q$DaJ2R}Zju{}t
zTc$H!m^LbG4w6mw871nleK^*L@kv@H{Iy<cMhb6H=HnWS&Qx>bym{^V_#qz6x8sB~
zoh?$uytIVFAHg0At3P!O33b#YV&F7%t$WpY`sUw~blcFU_Iex)Bogpp9{i-#>1fW$
z{D)@O6p0Ebdxi{%3PHil+q!ZjDX$^CzPGIT%}9!Xl|PBAl!L<S@tBtM{=^bNelGP|
zw<mffWC_F0SVm)?%fd`+KY3A0jpdQH7HG%~-R;<RKfOWl=GJTBGDSb}I>iHSRaTo1
zACD>T9a(=WoszmEFwbFai9%S-^e2A`e)1-Uq1k^f9vd~@#gzn70q}ki#FDGbjSzB^
zx&|2m;@+AFfihF#Y~`k#L0lLlJ*R85jTl6I)C!&u^P1TrcEd=kM~Y?Sn(Z4uuIlNH
z0`VCt@xD^AYOQ`g>*4RokDJF*ml{7j9T@e=D)IMsYFT+jx->#?Ya(UXTfpl?^&Rx{
zMyuDrJ+WFmbfEz_y8!U@8tqJW2?khTO9IA-7xNci$=-P;Q;@HuT3Y?|$|FzS_EC}?
zi!Gs|`?U8ve_qKCnIZG)5=~7@8Z_3ebe8=7{YvN3eP2!{CC{(YsljWviSZfk_e%Zv
zE?qvv3&n*yWZW^dNuc1+R9M~iejwEI&`Y_7y5l73=v7T?G?-*H(Jf^G#sk(@3t#6E
z{3?%&;)WD-U7w_Xezif&8dk73OKdZya{#G7XN(@%c~M>X4#l5t46Rb6`I)*i|3FW*
z`XJdCo?I4$U7tSb!=F&43^;2$RX!^}2|gRnpW<S)L>2cJ4nJej7clRfb*&3<>oy<}
zD;7-=tHQguy}?yM<j%B+I4o=9Wcu}YJP}o+g&Pm)`i?$Qx5ncL?~*%<bSEG+X@}C0
z?5?T7=8{t9Uv6%TG47zKIp7%2W?y>-kEE*Bh>?ovf!ABwKeiYZ^SRFA`4<U6Mfvyb
zH=PVlWH2*-eDm)it{%+>s7r|LDU-vWL+UX$Lr55Y4cG!~g)cXM=J!viuXUmw{vi*A
ztrymIho*Km+|+p-#jGQnNvXK#AJ+l-^%T$LN*AqGOn3BJp{Y{!8z@9YH}=VKCkw28
zt@{Q^-l9H4DWnFL#^FSZ&#pzOK}3&Ov5X>|L+>{i6#@i9Y?*`*>FBRAk#+CaY>{;P
z>@tylAi=W_cY|q<qZT^|Zv+SLrdU5`s2eCt=knGVzrH{L!w+no$WqbCiaU8;@<QVU
zs{)nli#c6Z7uimn_;`g}t7)#K)m?Ih#g-gWx0jlg%_{Nxh#V>r0+}QH8vh<r%`cQU
zuLuM6WW>j>G%6lLJKd)tr(Y(}<#TT#hx;!t>aVrYtx~<p{tpS^xf_Nn5kY^f(kbHD
zc~-y>W`1s#SMoC*5q`~&+yhI0Fh2}9T{+teF6}tqch3vqC$Y#~RNde*XEo0=I|<=+
zV^&v)KVTORUfcVM{({_xxT?8yOAa4mx+^@|#wzseS6B$nn3Wuj+1xqiJ@mtRP2b!Y
z8UiI>VWg5rz8KTwY!@{F1c3GU93d9JaK2xH!{t54wKHbgjd-*#?I#y;!>4}Qv#+wx
z^k5vsu8R9F^|S?H?p5FNf}as!7{g9}^~J>K^7K$J`z2bHZ&e-WzSi^#yKQ@Ql@q$=
z%i5QL9@mP2(W}z%)?yCz50593?@svLB>-pQZKQ^B{IZ3&tKP$@Vkn|icGq7ruSF}U
z5+klaue^H}o`kpeO`d@_#_Sf&nP8rHQ?%Mr-?B!dWCVRjHXohBWTL#gN;;Q`J+v0$
zZv<fhQ-be8&l(^H?voH&p18mpdFhozn_YdK3V6R7zGoiV%Bkj?q+AzVEk26ORRRYm
z?TPXNqLZg^$L6?)xRTKRc`$0{`bnsPD`fw(_eQ}EFsC_a7!v2X7dl}~o_-EX*VilC
zcjHLeIv(o_TaGp4Y1?H13mFmTO|XSFj7KH8h7h+$lmcN4KEC91??V+2Zz=njsUkLy
zr&Q0)C^#@bzWY(KEf<xem@?0FLA>4FM+;sv<s;RBm4)e5D1XlKGefQo+l!jSvHqjV
z!x2_7?(1v(S_eIN43UuQ@q<8(3X+#^Cf#y|xPd&g*Ao8zr|tI9B-Qq~?}C$vO`Bus
zvq!fJI0MRWSrM+ZjEWeDP)q3;v3^;ASsJM~y?OxWW=1mI(HJs>>+m)(fLl_cpTfoQ
zBmgr-3A91I^PNTQXyR*~C*Hir&iC*>l6Ci_GitcG#Zk^L0n)e@G67{f2Fd&o`#wiJ
z#wEqMQnnp}-jT!IrJjrb*tjCP5Uuc9{d6{1K};{Z4E;3yr${JzjW6T;p-=Ea<$=WX
z6AicfAL|1z3(`WYuX%tc1oZ<`V?u<9brf;u2E?-UX543mYdbm^HeY5}mACdTwGx$|
z=&MQeXV-QmFclC2$CpOV8!gA)cf;Im`5A7m#NsQp)H}?XuU2j4CZ_1zZDe|T$AR<M
zaCF!)E$#l<c!r2WPWb0+1Kw%RvvcPb6W43^R!GxM1pL=-3dzlb6Yt8yNh^pn;Q|7t
z&H<?JTN~Q#*1{5p(Jf-Szm&UL)P?*Jgd;_@(-oRL)X+x|)7;NgKAr6SrScFpjao7~
zh4D`E`cvTG+T5tg(8&6Ong=fnmL+df?;B|vFjE}w<y>jgnI_=PeIqbr!s$dh@C)Th
zPuF$ydZKn;vEj~j5HnzUcAevSN1V)7;NjZ@F_CeB`<?2o8F{8|oVQE%ivwQr=9C68
z?8_r{kDN)JOBCzHrK(cvN86&L4?G*!i=Ne(u+xI)B^#E>n=kGvdzcfyaObngc(lQz
zGj4-{xAyJrrr?&?r7!w82IGr%YlX!<)aZQrU<UsNG&oT-3v@8cV9rk;9VWL-FNpbA
z`?%h|D3m}(;Al)`U}dd)9;S08Leaay@W*G%Sn0;YjR`dd&`=xSoT8ZSR8`FU=79JY
zmlc(LHQLEzHtXHrB^=|GHg;XZX+ijU0!f-#eyB64GgH^^bk@(2*{ughLtbRY)@!`A
z3G$BWTy0t0;9y0^`pJrXr_~~3B8Q;2IY%g9)eL3I|C)Fhy**wa$e<4`k(oX+n*KyZ
z(S$L-Dc5MFs4ynb@XXAM3PTx`G{BASFwo^F^}t8O1<2w0mDtkWoFnD0D=H{{kt-&o
zh<y?)C>%?+o!S_zz1!RJK^|_%O;hCGUWFKg+}_XtbJ-ThaRnusw|r05VW{0{M5Bc@
zq50b86}xgVH|F;R4G$?wL>nHK-1~sq$4}ihRb}R-gt-K7sN+~Du_j+%)1ZVn<{+CX
z`JaQgB^Hje>+B_E&uw|9Pnu(f<vYgX9a^bM%B-|#zh^WaU_T@acYvTnf#nl_qNC;>
zqEUQsNE6ocE+E6Xg2lAI>KNlyEbG=_OLTGTV|c54`uC$-D16-X!t&9{?PZQ!Juw&S
z{IKFM^`BmU2BJMVoogf=EpPg?2;!|84v(gk_2?1HGOID8W4S)pzmQ&-UMTZ5vQ3mW
zPETRT-z_zO(eUaZdHsoa^DbIcB>LnFCyy6^KqNBP!tYgdM(gk+>WC}>pwWFM>{sm|
z>~M}~;wl%*J2->S^8oqu9|B7^NcHO_#Iiol8A+w07Ah#W^;<e6Rj~qQ#UEMO7tk6K
zNJmASbGW(>{YHDV00zb6#&1@ODCNyYGKRHte;rG2gv0QptA!qgy*imo-WZxUHZ}mi
z8rrU>-nVg-V!OB5Lzc2><<q_^GE*VIgnCIE*dl&quEFT~tn)I3IA}PHL+)>;H>IU`
zq7=usz~F4+QYunDm-U;$OE%XPwu7leUzNY>>H!{OpKY6%pxPY+zFAY7OmS}Z_=sYn
z8Q?^f2)G5i3#QmQms2vf#RfxzBL&aKJA#mX4J-In`+;yL)5M<RxWRtSp^CD5YHkmT
zBEnPZRcAxpz=hJH@^4J<PQNLy`S{Lzq2H1?b*NS+1kyj7ECkqk|1jwf;Zx`JB~G>=
zRaZNxe2u(q?Z2bG{PyXAg-%Lil0eKX#gl}%ETW*EZ1sR)VvV<y@H_J<2diM^u#9ga
zQ4_2638!{;UVakpT1;)5FAY5-#|iOd<}YpGgeXS2Bbgl!<BC7wwudO`tBUiUTGJA#
zeQxuFv4ej8Vs_|}t8qcu@8GzDQXQRJGYpR30uQh6AbHgumyiI1Pfp2)&v}OR6QkoN
zDOY}aE7>Bu1)zuCA{b{nbOi`Mz);)Xt~E_rGby9~LcL!v#ON@K(3!!cc2aNVO71q`
zt$rLb8KAgd$NARrDkaB>iO0ps-oeHJ`8&F3$;^A?Dcl;=DN}q_8nzzPdp|r(8VGZf
z7;T9k3CT9B^iVf1XFkyu^$m>PGJMHkE!=&cRi?VaCjd5>62E9baBG2C&WsJ;nWNP|
zI)wE4D{SD0%%!|12|d-+dlOiq)BKv9Rf*mDeCuREext$!=>LLXeyif^nUL#7Vcs<9
zV2L-0N$Zu-@F=T#)%qZOu<onP(jFPq33oSw-c3BaJ?h}@zC%n#&j-XEM^mXO7PB}f
z7Q7(%p$JIn*-_fXWmy55MZjF{omF|>^LzB5E$ng7C{J8|nuOyimP>Z^<&)<|@+cR;
zhOVz&;H!&BY@eH4e8xhjL&Q&89t(8P8_ccNmej{+BW2ne_3qRYxpup9dq)Y456)FV
zP3|7K*z9}@r-)XM`fmKdvL~syN#>&i5id*Rveg~&FNkxle5q%kIT?Vgm=b=gBP3<u
z!;NFv0RZDZdZxqN!a@w~kW}-o4(S(7N#f_fWSkOijW%8lY@8danMoLO&<OJT!?(BI
z@=?I&%1n9^)}*?~iC8~sRDFf>mgGQbv$tc5qo4d6!kp{fp^=BCG@i$M%Nyeols1AK
z0-NB}7Pt|d32uWA6EcLyIqto<QIe4$PG9p@w1U4GA6$Qu&U9Gg8+GQ%!lx<wLn&-z
zSAU21;?#Qo3+3jl6dBEI$C!Pn(%xK0nux=b^;!M9vWKX-7SATJgVknzz7x`o)!o*V
zZlz*U>n01FlHL9WczSN24TX_FAP^$RseG>GBI5kHIkaYv0tkXaF956$9N+<eYt#v!
z^2p*rAYlLmLVdxvbGJ3{a`*5Svvv2f7xi;>$xF0yZbr~XoNIMGPOUWN&nqq?FXbc4
zck!c7%!!a@=Sdy{8!DZQ7bZlL_PbgF^(=ZRDx&sm()tTk9aRlr&m2Vut5u8Uk?Gl;
z{)Muxm7yf8O<Cqv5=J1x6*u7o{YmO^Yg51!VU(4&pWirK&Z@DTsQiw~t@7pI)0_!3
zYD8uN=p{<FAx`&NzPgSnXN*~TKj&hQ!alYG^dh7<RQ#X*;Au1c8TN7=7p7RtnYXD9
zr5w<f?I+|XD03al{T3*-qrdgX%vuh+G+p5sE%Y|_&6Tgf?x@R8p({dyA=rb33JV)l
znl(n(9k#hROTI6&;z1fX@HkI?EedCr{#3CxL_N#JlW8q6XhE#BN3KvZQ5P){*Y!X%
z{h6>>`wu&*?mw)m6grFr`*_dnzi2GiAD+e=odf@G32N|Yfi~jH*mto4oWF&dHCBKO
z?@~Hp13E7yYzGI>c*%Ok3DjTew7G!ezjVqX02|g>9H7Ed@B_Y=$}JvX?Jp&c56HcQ
zBKd)De~oH(71;V)$%6eX0Z?Q8h5lo?Ed*%&J?z^{m&+mm;!<E01+HBRCZd2k#qTuX
zH#<A<X9gf@e`1S70r5-alqkRq2(V&LL;==IfJF>omMh@^{z)POZ9IS$@=qTAJKHW2
z?my2E2i8LjVCVepY>{VP_BAmCaz`8w0{<`J@{QyIu++2w4fxN%kjn)BUlzgNA5<3-
zOc;Pzd)d2qi~VEs*QQ|4Nqn_%!RWn6ebT>eehUJB+lc<Q{I_9d999(pFaR<lSWCoT
zYl(e=xCjOyhE4k~(DWN<6T?m-0Jh8Moc{(Q5Lgy*fa4NS62Aa25?D)dK<E;9_8SnE
z#J&{=*e`+S5&$!lMH;|v@d2#ZKyiSK<9B>?GrGI8F7~W9{$G3cpSib4V-XSn`z0$n
zLaw##g4Is+Z&s2F*8PI@w+rB@9JWLP5WED&E_?!_^4J53|CuH<PyxUi{7yepNq~xg
K8+j2j$o~O>(69vn

delta 134243
zcmV)HK)t`Ug9+{C2n|q60|W{H00000hH9OW4Il%CYMqfVCIg0Qov~Rl0S<?1om^Nl
zHW@Pw0syd>vzP(k1Akz5^b(zl7weyzMHs=8Brw2mACQY$1j>J)?JN8$T#U60`6rFN
zsi)qVxqiIPizr#gd@)P5cNs2EFD{*v<BL;TY%fm+AKn~a4)%u5KmOxCoeyD@z+4);
zptc{+-#C$Q!RZ~tLx;C8{J&maez<VlVCvA#rp~SBIw!B+-G4i@+y1)Z0I&IRUu0r%
z9)7b&Etzi*8;F^<T@4W*`nENa-;>tW*CL)o-V*hrMk4<tB5&r2*h%KXnMEPkUXbsS
z2f~Zj4?!|_6Z%kgtvxD^8#^klET+$#%Q;-KjKTzV1+kOj+T%_zE(G7<doBlc>DI3A
zT?gQYd&!)>A%DAzGZjleTv4dnjV5ysZ<a>lnRA>b;ey=nL+9=3>$8t<!TSBbaO;0f
zJ@~OsAQIU8-Rxez;m3#9mSF&THV2yxj}ngY={d0btQiVL{#8A->Ns{>XW~ZFdFZ2b
zQw;vmSdOFc4u_t#rth4=Wr5>|?$lJKSWIA4{Z(G+CV#lkiWZKSpuU0A?7{m|<+Rep
zOEE#6o_@P=++HAGGLRo4L3$d4I>+~qqV03M@#5rz8@bn!yPWew2I)e&O8%{{uG`b^
zolW%?SN;I~fp4zYYku)?hk_f92yQ*FIW(W=Fmz#>jKdTL+Cv`@=BzRiH29z>aEH*p
z70&B-7k>_TkWycs(N-1p4Z}Y75Bn34;7Cdkjar<L-69FP4u%q=Ku@&Z$vg@dV)t}<
zEq2(vN>iJJPLu`?%rt)&b1iY~w?cILJI=chOi2XF16u<Jmju$ci6A?Qi`3^88W<7a
z$~Sd-plNJ!#;c_p$6~sJ(sO-3ypt;jKA{V15r2m5;C?a*yE_q4;=lsx1+5V6!H#pB
zY1hPE;^LfNYh$M;o?SodYZaY}+awJA*m=i`w3E1F2SkpV=?u<xnqtQ<60wY(%h35C
zBFtJorYYaAYRJ#QgrGI{!|*0ut~JVJd3dS__8nnDNoyX{WJ(-gxM0!3KsaX~9Ctc}
zw|}?r#h!o+&jPU9ayImxz`gaZ(J+BjFuf5U?(S|OQgEK!YeB9Q`_8bKX18UR3Mb~B
z8wK$6tq|;q^cPLfQz{nhGQp?^Q*Q#I#&wf@PU&odqZtU=%R4<koZL7bys~3S98Ej8
znfP(AV2SI20dwI7^zA{?3i*B{zg{{IPJetg@jZ0qaJ@u_7VZdt?(~&7QKQQ=`S9Ri
zzo5;5xDFE!V|TQo;?6Oggqm+^g?!J&4E{Ygw?;I{3&xaOz=?ytNut+R<YJuPE_P2Y
zE}SuV)xL;#NJZn6yy{u%!xn2A-UVnh(9c2TcSd`AyZd{vl*6a-i;Y#e6+-_Rw0{?W
z_pg_4-{{x_MH0Z_?yvW13g(y$!9+OW47a8OX>4H2ns<agd2ZkN+u+2V%thZh`I-MU
zxPU=T<Gyoz<HAs?5AC396nhKLcca#fhvglZ%KpG{k#bu*9_V$F?C0Q~#A4wF@J({o
zw8^lai=_aW%ix$2?M%*$*j)%Iet!zmxv=$&Fs8=V%338sn)qa6F$cE>#S3Et62U1&
zpT(e!4CJiTe4rtqVNT;+^$c@2xJCnZH}`y=U`hed&c!lP;K7EiB_jkoSPq&=S?jQ^
zil6tTGed9;7#18CaqCSDqm+q$7J)~p<^c}0n@+t%#tIq|5k3991TO;waepr2)K6*@
z5FPGpcIB-|JBQcxivRIUI`u{{RQdOY6S|xC@Z)EH8SNmNqC8nIHk~TV37}hpo0U@%
z_=KGMGT_hO?os?6t_!AvBpkqhp8aKi2c>RXUS%)j4}n|n;@V~TD#``VG*RUbq%p`X
zqq}Sz)MD6&-?7B|s{pf%_<z%yU6P~t>%XR9a%5*J__c=U_(hmTAdC}_gMKyA@xTAY
zk>Z6N6FnUNbtqrGkZL$|&VnQgrz!vWS9h^IaxPY|CM=xyw-`$kcYXGANAQOH)X4c=
zjGg1<()al0&asgIQrGi0_4Sj8&oD!liTxly%QV;F<~fP^qjQ*)iGMTvvG0_r%wPU}
zz4Tf3PlY8I5le9V;Vete?%s~dvxBs(<CbmsY~NXUfwxE(&6ry?!wHl@Z;0?}1`|AW
zWvyrC*WwARA=m^HhyYxL35DV07?@cUT={W$tlTd11mKvY__@f7Z}2h<W`G+%1t%&=
z+{sNWZy%=!0VI(d#D8e(vuG%~C^Ii`gNf(*yKaieLF6JgZZieHp8fJGtq4op2*Kj9
z3_XMp0*+3>=42Yr-5cJNL>)%(%`k$1w1@+X3Kt+f%A+AL!|_TzG-2SgFImI~@RK-d
z${R)<TL|<<@g1dsO8X3tvMHIU_7VkA3frBCQsEN$Q3wI%n17aD&c}n{y*&Bg931So
zB0r1N0A*U;Ti5f^5+8Dwl|nW$jBiKpWqKS9FU=Fo)NYZHeFDOQ9qqAm6TpfBMt=<3
zj?A_!U05f?XZTg5SFm%Pc$jR{u}8Ug1-FCNlwCi(_5uvt>Q^GvLwL>|y_aV@gFj&z
zc@%&FYlQJfGJjC55cvV<r?(JJyb2~bH_;p?#<a$GL>NUfl>}elO)+#}rs4>;_=aom
z(?tdjsv6}IWT0r7H}L|GITtFE(glLJ;OwybBGViu6Ht&@&f3t{W+A}1Oq~z!VO#I=
z4aH)ataiPCrjLUsAT43LJg?|`GlNFHc9KQ`rU`=(jenhq)Xrcz0mt}J7lz74rabFy
zWw{GuQ}+~iWx_m85>!YO8tnn)W_+ZU&;ndANc?zsHQL!;%-QCQwD=Fs5m2fxKvf>Y
zsu3=hzDTxVhM%s?_wSMU{>}!`Dham3IGbP*r`I?m0t&|Vdc49}?9EpAwbFRU_gQag
zVzt$cWq-0$9&#`J2qtwvhw0mKCB;3k-0={<0q>&+)s9h-d1^W$l!TGcJN-;g!P8!X
zvmMVvtiGT%-wXwy7*z_a6>>Wl10=y2dNI9?{B);KObC0DAZ2QkHFavm^YEFB>|&XS
z8xk6;bw2qg46NdSU~qM#Rap~xrSxz<3`XN7B!5Awhi+X`n9{y-H6eY_9t|w22*>9Z
z7P+?XkiXb>reXnRF2S-1##B`CHyITEwsE&EH~Y<Uvs>j_x7O13WK_>je^H0C&t(vZ
zk3;IY*Bk8(+1E-U@A?{13UVe?<{OD8pN{^_V3IXsZqzKd+8x#YT9=_Unp@A@m`=1}
zAb;kLhXHeAxS563K9Q^nBT+b3ksJXtb*TX<!(G!MpM{&i&L+<1*<ggxi3Y0;u0SyH
zQ#7j1jab2z9&%!#HRLi;t5UFGFb=`!lPvJ)B0UBy_~bOiCc!n8%3|q{(wsHPS=#*Q
z1T03786vfheB-k=#G|Nra+Xw2!gVPfUVl;vT4^1~i{yABdXEXE+&$q>)sRetM=?j#
zsw~(j$!t1PISEtHR?=zI084F4bpst#X??mg;PuV*3^Bcy1|IA*`|w{1U{J1yr@dz+
zDb@A?-~JwSYi~H%+Z+Dh;<Jk}Cv+g&k&#q~zOfdf1Quit49(r46Sxap5d7ub9e)u1
z;EUiICg5oBe6Nq65?A5uYV1YG?1Kyc*X!iy7152$IUcMyeKve?(0AfExbodNIdBe~
zsdw!qaUU*^gt&rVvB1fdK5AT~(hRUdm~28j*|?W!g>dY%-YQCj^3ryka!b<O_i%l<
z@}_;uXkR7ajR?Ns3GY93H9lT?&VQ-&pK7!c-=7dv>v1#0{44w(=Pe~JYb0e%p*BN)
z=Q4WxE1!|5kql1=yiW#PKhe!#{@p*~EefaBO1eLxaXV!f#Chw+H=<73ng#r3UKA%+
z=o;9OxnqQu+<XuZ*Zq=<(d`gXA>xOgntkDV7cKu`ETn?<m~(;1B-#tE|9{&Dd~;8|
znSIFeVeC&1U%uQMz}F6+7rqIdn=4o#$Lc4j&wM{T7`}M^{Q2H+Z<zm-_JVR>Gul7M
zUurl<>SFYfHU%?lwfU%$LV8}6|DsBR!se5AA#&rP>O-v8WGgMkb%8Ji3%9=Y!ZZfI
zTdlX45jH5cm;&jK=^a)kU4PimF7eQ`Ye%1!?n>5r!=eT7TFfyl-)BG3+|LxUkH1~K
ze}}@p6TUw{J$+nUqcT|%2}T50!J*5FBr3_~g+>^cjDk(V>7#DkDwEiILjd+}1hdzC
zT%1Fu9F+pyi=+bL+BbFNW~CDr3#+(gYlUPe#=f!zGYtisdwp;jk$=i43M1qq<-b^!
zWWfl13>sscGSKc!-1u>6$;yOyE(UQrUU*4XIzr(k%4YTGRa$;`@{23T)DMGen4b(s
z#U#d_iVM4b1iPG-gz*UqG*9`E^9#a;^+jbxsB#2<x+U_bLJ`uUk$8*K*>RDecd;@r
zS8&5^n&<j-pbl1V;eRg3h0!HztjIe?-3x5sii)NLVK5-zxD~QK@r4_tOVCCHhh%mN
zo7a)nX$?f(r_~2#Jr%y7E$}jpu3;UAmy>*L)MW^pwUyKJW?4{tM`ch{84z<RL%3Bx
zi<qPxboFhZD-Lh69g@YehJ1iQX1PpnmjJ7CYenURsfh2Hj(^Nm!Hu!P=l}-Ma-v;{
z?`q#KGoMC9JHyVwEWA_4m3lUGb-$4`v-$F!^0b>aAx#PAHXqm8e>QZei^sX4ACk{1
zL@7%7tTo$;6Vii{46j}~ol6CHY)aF&jOrTMR2QE$K#ChzSR;c5n^=0fX3UeCp<98t
zrmAfX5nf%vt$!z?ob`lbG@WHF+~)Bk5<4!YWL5R95|3`+$s8PszC@taI&DB$SVd1&
zrBt;Eave6{n^WIS!f3TiXLCFk;q7G@(-DdBijge5H+ZXjfLYxYZnMBH(fHvFq*WHH
zV?dm?zIvmqIjn|w15H4!n6ZLgz?p-k4=pGo<XP)Xd4EtN%OfB!kuh#H?-goC8*#xA
z3S&g0belqo^~hgz@YF-#sZnd;sbkpTgrMh<ZI%^~7|99X#35IYv7smF?(+O;OGSnb
zf!ZLPas<lExRk7mtZfZh6g%RnBc2){zm9n7h^PCBr=KD)$10R|FY<K4o1up=PX*8F
z5tt|V&VLt!(cTv^PlY3#YnZ3!FMjxO3+9Q2w}YOx@K|0{<*{rHJrz{>A<)xfI)9ak
zat-06w$yj9%@7&bWNt4o5Wh_FF*n@M>rH&k(5K3T{7um(rL&{GVJn2U4F#px6`40g
ziiN`k^zshnHjSu|tn<}g@n!kdySX=+OVS6$f`5h4=&v1lrd4KoU1y#y++cv53hkU1
zU}!Nx*OUL)p@`lx3bDXOJEpa4FJp!vxsi-v61m|EohL?^x-h%d2We8@VGYh}Z2m$T
zt0=1;gBT8-O3$G|I*#MqWrd|N3BGcsDK+0So~9L}k`=XbiMvvaf?4}d;>^+x=y}mf
z`G1sPRGp|S=uFoP>dD!<tE8}_D{vX}a9t*{A;Gd*lS}7iPHG_`St@-CW6GG|%qw6Q
z0`8ttGZrwr^a5IJS`l~El7|hdIRt_L8#f!$sZUw_PFkJaHB{8^C67t#LyuMv3h&=}
zvBKfNpi8eC4^6{YTFyGwDv-5HxO7QhEq@Uz=c-bo*Mv(oL=m4T*d(2;1eNDOkdvt{
zKZPNJk<LH<3qc)OY2<AhQyEZHq$8an1+R>R(K3i>KMyf6?s%~G(m8#5eD>z*^lxVu
zmltd>WcWZ**jWgm855-=o1P}w^mH}0o`8zg^+$3hx~C5doWqR)?#h^3=P@dBO@A|R
z4-$^oXhtfd8VbXvu_tj0w}@fy#wixfFZ1`wE`hPxe^eGXW@iN}#QM0zujid)LsIG7
zbbWrlE#G9YO>S17+K%?QYWi|VfHHl+5>#1PDKr6Er*y#3P&msz(8zYsQ(bWjgq{LE
z$B+?jbSQxs$`bUcc=)<NL+uaL4S!pSL|vkFRT3pJVl+%012M8YSWIwDAfCdVyoaO1
zOphDH?9iw>3g;nc6s`5}9otkDtHn~<QBfTg)d2Z*R8&Vr-A_fG!1}e?l8Jh)Hdha!
zqRKt2M?j;71NiRYm!VPnTcS}f_l5<E>d!9+_2;HBXi+}FMOkGuYNXKShJURg@>FRd
zTF)-X`>ByYVT;_59dDJy-Vaqd(mLt9*_@UKL-3fN45m;qZR~p;26mMKcEm|X`5GNB
z=}kk)_=S`q^JWJ4mwm~j?v*PWhYa__gLtJy&C*z94dqA-jFFIGXM|XEijotP+a3sc
z0z%w`^VO+vS!Dux2(ou0R)4#+Yc}iUo6BQ+C1w=qA`0)m>PM<mo{UGhk4x!PCcATy
zM5|(1uKY}-H!+ev7IXI&TT}PUEQ(q#R0gFT>w)T_X{`jDq~N34CSG3*I>RMayg858
z7s!-6zKB<P+>K53GTI7Ic><!BaG9R%CjTuL3=N*C+Iv<aNVczOg@3SQNwPy{=DXnC
z1uN7}f2BkGT!$<I4-%&H()q!vNtRV3;|gRAiO<#=#4D5#L)F|W(_JhlX2j2N_4@2i
z5*S*`2S8@-U8srZtj^!Yh75FCMU$**66xIffFDyX7!A>ir%J_<5}^*n4}#)|j#<OP
zuworrn$$81?qCfCH-8#Azn>oe)76LLi;LgipTFj*tD={(4fbcud!hfi5J@v8M@Pav
zX%g;<YHdAnCQZYY$(MQ|5*as@z3hz2Or=a54xTJ44gYs1+#7x4SkiA`vQtFuRLRc7
zy%E&tIr8Eg3<63#4u2<B6cyOyceyg}^ROyk<Z^TszW&?_Uw>RR+s)L7s5c$kzy@&g
zjDprKtlAa#i(NnQ5R&ZaU9bfm@K#rd=4+~a9duQ`wyg41W~IAoUmeo+ZICvMEpLDH
zvli=QhqrZjTLa|R;cb7uvy6>~Ysa+xZf=1b>EgtPr63tK<w=)I5$#ed<K1|*7>7PM
zN@0jc(4%ChuYVdMjwe$wyPkW0+zgEm^9OdGITx^Jg5QCO*eLWj5^7CxsjDPveynO8
zUsnTbz3W`p+E<l{@Sg5|G7X9yXd)1f6|ztpm9ojYQxiU>GPyQ|kEu*R58-1BAN+yw
zjwc|f6RXmZDqbaf3{cl1tM*2olfkNAmG=CrfoYShq<=DMDhX;dTN<aTZk03jW-~DV
zL6Wm}6taU=!k6uIvg_bm5+|JT2&GvBXRR}`@L~cCr9)CM2o+Eb)f!61U}%s~=mRbE
zGLQ))seT+<L3Re43b~QiSW}Xst2|mQHtuJJ(dcq|>0mHPBHzZB<TQxcN7f^;!AHKA
zcxuHE<bMlgsT7Z?%rXMW@g+4_66iS6ef|*bQBaS%h~S=%;rVlmX-U=Jl%>gMXmSA1
zXtXukV|y|Z?onw!8h%RDeJSNrYDb$=;i3b4Y`_N=whwA3@6kue`&io59^mKA`(Mu9
z4ZtTx<mXLz?FE{bQxnytKY89@5xE)MZLa<lpMRGg{C(v$CAL>D*hlfpuHO*x)eQG(
zfyUO8+R&hnl>IFA9iIjRwrZ&;kUV_YggUqJnL969A#CMhZAyvqcvyYK<HD6m=!k&x
zuPNM$%30!lcxb6avDKs34PuuU5+T!fo4}r^(5bH}3w_-|o?K-jEJ=mC8&D0*29v)C
zUVndtm8rpHn{umlRToW`uG%zvwf4{qR#lF^eU`c7dHw{Rr%<+v`*M?3+yvoWVCh7U
zx8UFF?ZuAX<gKsB)CwF!7OzqkP{uaFzrN|}Pj#?PIjm!+3~t0~Yd5JOD`R8P9detR
zA>)qQ`8xS^+)h`P>hJefjv|Bb&ARC|rhoQQy=w)H_VyaGxu}wCdRdjza~j0henXeM
zrTxXa*`zie>JXBS`hzdY`;e0QKWRX3J!)>QGI3@o00(tce$>L8_y7)X=Cc|<T9`$0
z%xK|9ZT(sy$`Y`NWx7qzKCn8i5K<}JlyObQMukf*%S~@Ez(OQj<aM9Ch^*aPCx4?-
z85wcIOhEMEV2eTyPe43p3$VPNn+Pm|g8f-tT;LLRyHwnqllT$$2f~o<PXbngNJj7_
z5Tim*ak^Nz(F)f`eI9Ses0ODq?1d@3rk^2Rx5UTk;qrTstNxS5E=M+6F<e&DJ(j8K
zB;dtR1l5wL9F|2m^=2z)h#e#&7k`FTwlUSjS2o-<{$>-j9teB)U~eBAg{4@`3aL6g
z4S4HOK86O4M#n{3#~r7STPm!wVUU~>%1}8&(y~w#jTDu%*u9ftx<&Ff#^eNiAZA=q
zV@~1B%$eEQEgY1FgxhKjDZP>7WROPaNfk+>tX1unu~5X0teFQ>2(6OrzJFRA&bW{5
zaxpZWO<kj5CQrVGjQLZbj7Cy9{tAO}1iNG$iL*FP$*2`@qvu=UMxa|ZJ3}*jJB?}`
zYBVxXqpV%o&^dee>G;jr>#LLV)7Pi(F3*nNTrihsVYSVeC^e&ux{^X)BfY1ss`X?^
zG+qP?bQvxZiOg{=>urXklz&mg`9^tZfa`P^dH<FXMdYJV5V5RLo-Y52gmJdUtNJqV
zse7B}btQxzt%)A&a?sm`7jNkprEz4*nxTE^(3>TK%BOb+7S)w@*cL33R>U}qi%M~5
z<_JcutQk~75>3(w&*}Lq$rL%gnYhCc(A*82=LG7(#W-uwesVSFxPKi2>&T-G!g+9+
zpsqkrM;UdLQAZhdlu=cb(dgln(eF)$jB4HBtz_fT5V6*q-GWVBL-ub~vRlKws{BT?
zVoM&}8kK=t#pdRZ>0ehTs63Xn1&-wgMhs0E^ma(=i^;2Yh-Zs}Qu1v47X`$gf{02>
zN$Gk5QcRmOePQ&Vqkl9{L24#u6j7fwo^}N*Rf>ud?cyb>AWn=GarO#5z>J6$$9VA;
z)trK>hk6#yVP~b!9?CehLUz)@(lvy}2!q_ph7ZB@F035{Tp6W>VvrtYd_1mPCW2cp
z3IohIf%KQlFhb8HaeCNAj3Y2idME;j5%nN+W@$u4+H(<9N`GsK&tj7DiFwDp4MDR}
zqr>!33B~G$C0`UuR*74eb=68<OusfHpx6M8itM&6+<Y6iq0Ls67jP<bBV-vTo+nPv
zG*P>jh1$&w6c=xzIulbzW?;pX&0a%By(6jCb!LNk&Suz3_^)?FTgOlB8~hZ_%(p)u
z%UUT@3FyX7xPRoTLe7f;)&6!a-@|w;X6_Y^Ni*h1%^<3-RMXeVuLT-gPdY}kR3^dB
zISlQ#QW0G>0!rvye%x_mldK}jnKxf?VKgOZr8p{hXE1S>oF7-8!E!(*Caq64(10_p
zWujDXPhX#Xd`mD@b|@vFdn+BHIG|Y%O5W_6%iY5h$A7C}G6xTah%dbljRmYRP3hs<
z1pca^5UT!@Dzfd`(_6-IZKcdk53SY6Ky|E2L=MO6K&`sMAp~k=XR}R2%Uln_z>4o!
zm=>r(YY{EUWXWikHH*{<uS~c&<;FtUKMFB85s1@U2&Wg%-H4(YX#9*edU$+6Oz0Fn
z-sska?SE)HMBG7L8-#;US6QJkw!%3mo3yhb3u=dQbtqTe<=1+Y>j~o)!>TO0?gEw=
zenqKAQP^aWchQ4AU4niB^^jHhI#?WDICPKr$Wi5UKxaWj#%AkL9g6BiybjdheGq<C
zNx>YFdWoOQ)hgr;N^gbqE;jS>)EM64`SW%Nx_=prM`hyKzOGIuk6aO*P9SkrP(XEN
zTS5W35apD%hg31;A*F3Bh((pNX@?-s#ZtJ5T>Qd?mmpJ-tzEqvA(r@xxqrk0HFj&a
zySX4v0>!OQ;Bp(em{v>EKT!eZBRrp`3bweDBz1k&AC5k=jKXO;!3syWp19MM{`fd9
z_J8qOiV1cL%DPWEY2f1#;VcT?no+c24084OaIH0*X5A*P<c}x=W4f}`iA)QZIhJzZ
z8WJ^V0I#9TX=!IukCYo5A$W2VGZRIbouG7REV!f8eb~U0VMtffX~pt6GExcqifKs!
z9W=Xqc|)}0$#Wf?fJsn29t3u14ZKJq{C{EZOVhpHET0RI8rV9@<A5j+6?nynE6g|i
zPUpGBI~nj`Fg1#l>^sLNC+|PLyS#ey{^XxdUpwF9Dh9W?a+79ErJCU%xOEf*YBc1b
z>NZ4(HG@FftkCt$-CJ~s%DQH1j!qns$SUbW(?AYfL{2^~-1m-Ot~?L(p?Cq0p?`y!
z$r$V7NrD7+4Bj>MjUGoS%sX%mu;yfvxTH52HRBpDv8>P|Gs%*b#`}So?gvR^w^)37
z>(``AnM~!492xO!h!;|GR3wlCDWYAfA_{&)GVf;tK&Wxnid8FAJP%W!d3Z}(O*4W6
z*Vl#JsrnLsih~<dRpqB(PBLd%n|~E{TwyN??lgXle2xw=scWh_Ukj)}o8*fAkgX_f
z=3QPis1^DCVo9K^91z9T<pj}-K`#hdzW5mUP6v&2&<H3IPQEA&0?8vSWo-3@BMmB+
zmCm^gIQ#H#G};lR54})=CNkw{9#jRdr6CJ)hnjS#N!{hwdeo%Fg=cJExPKuMt$WRx
z{f6ulDutjb^H5GoiV2{blAWWc@|RiL>e9jmJ#_zkFOZ2#%w1$>zvudpsyyDRk95aa
zomR|daIY;~n5Q6a;&d!;&-uTG53XBdWrx+#W4;TAl&Y>&QY-n6STfs+v6G!4yZugf
zUo5+WPIg}`yXRZUjt|XosDE37F<y+_ny#-Y^wl#U7`10U!u)ESc)pKv@9XB4uq@$a
zf%u%j+hU27fcge!;jYN#USYH+q8N{7)c4`oD_;E^9$Q9W9~Y0Q)%d+YI+~D%T)_;g
zhhY!tPT73eH<vTpFK>rb&jMNTWnU|9UkfRV&1bFq7>`D<W$8w-pnn*g&L>sCLRTia
zW2uBvC9knInKf5!HZekHt30=gM+JQ|H>WYVI~P8QppJY~qHz>yHwz-Uz8~J1EFK>c
zP~XV`<d)cp6Io(P(2iARBPSuq#S18#Dz_gj(p~&qLhM{#s6BVOpn7ve>R`nq91U}@
zU}o$%ahO%owA+(~jDJ(YeY2s-rW9T=3vu8E>9Qe_)mr0t$D8<uzP0tlym%Dn^6bRj
zU1S-^T(q2%>)R|Gh}~W0jA~XFPHRBlfII0xG0yxu+|%+mqc1Qf@;UOlrge2e^1is#
z(!Rx)A?|7Gt5!5weaTj;ex^6Aqw}7dJ?zkg``&_9H%TjvUVl30$Csy9Z_eJHUBY@w
zGm}bTUa^dO!##vhcF~+K;qS8#JI$C)HKX$2A0F~QlZI3XsvD2jMis6n7-evHZemo$
z(QUa!KoDGkr32Xy&OVr9m<R9Vi56^&2cxRje;QG1jO7Q_5bL&i)H7NVf_C$}IE`j5
zV&PG^uu(k>;eU?P*u!W=<j(Lw%@P+Bc&Ih4@|Kw2C*ogq#zWU+iuiy@>2a14e{Mq@
zkebtYs>PvP?ePmViAO3J^XO(h#M7}4qj~nB&%Pn|zD}@oEgvMwDQGgsb0MKWWsjHZ
z^*f7{&V_?+CCJQ7r=C0zU=@QhDN??#n0bN7nn;0Sz<+kgp!c}o^mXb@(K+f^y}A-Y
zc~%eW(7FEF_I<`V!Ct%yKo!6S?erb)drxVjS48zi{@&0;`dWcojf%KcjKN7fv8rbh
z&0^QV1FZ0KV>-j*i0cUBH?V*p#`o^{68{O4lFj=xjnrNcmU*!5twH<Vg|O~nRNdDe
z(tuZ2+J7<8UOl4orMSYWV~v?K=`0&;tb_~0@?sCGUxWeJ#<75RROb>5sJB9(2L>zo
z@%&8&OCEkDDp?QfT`57aU)7+h8Yj0@k<PAjQY=Z=+hC*nIwkVz6W$Dai~YCZX#e2(
zj;!^_tcH1@KE%)mtq>Id813z`H^LbKKMWo>=zm|?C|sZs!9%@!1GX_Blwca(QSc7L
zez|9LAHWsCIMbjPhcNQ4IT~#{d)lJ4M4Gs2!p4>=%4p#vVZOSI1eLXz3exYfV*+aE
zh+6?3>HmJN)_@(Ohy;C@Cy<;vM><7=Hu3@OQJ;eNX%j3<O3}~f_7B+K!Hd9>aL9oN
z#eeERfYaZok`(6}8r_IhJ=>pDCTX)r54(ziGaQ07H8sCP@s<BFFVT6pO?+fA3N6)M
z!J^c$3aeMf=w<7qVTGMaI*jQKAs{f=1A^9>VX01BW`(LO0L#FsF23i&78=j&-U?aR
zqi6CFf4xqQ9B>8V)Jt?a_@S|qry%Fw6@S1WYdC3f!d{m*y*;8EFsE+p+vYB=$iBP8
zLM5<#gY$X0hXF8eGRFlTM*y78YZ2}A83QJ(itGOZ4Q5%1I`Uqv#lIaxV5mB%Y%(B<
z!RDyUib6fL!tYp-?QN^i^t@-{Szm=3iC>FVams}ozy#SMs8NeRa;;g1-&H7B=6@q}
z)R#Lz;ie7S0hG;y{Q9VJO(hnPDra&wdSm9|FY*+tkrjc*h$rDP;~mdF3@{)um6(I{
z+u0bPN-7^6-jL;p_&nk+U)py{o}T<r1h008xj5Fx+np$-iZ*F-NYaQYGvaa{q*yzF
zHeqNyK$0%`TO25#;xFQoXl_74@qdCeOk+Ho8-s1fN2ap|4N>XtU}SeNvhMP$`$4nO
z%ZA9Y)<+=C<)j(%Jjb=|4Xte#6A`$uHq}U;r?lid1xSP%t;(fpILv2zWn9g0ylEw*
zFxlCMW{eBx``yHK-n#Kkt(5$WV(`t7`cua|`|Mzn`Q#mZ?*qY}JKNEo$bWNX&aiUG
z%P6ig2fJ^2*X_YQ&rg3oKfU;Mus0;&lSf2uHMQd(h`VA9Xlp;}^mImDQe4x9uyQrS
zJ-Z&9U#Z}&Q{Z}XcQ))PMNMD9<;OTEsKzO)p^Zfejp1^#;o_IAPxLW9fbCZ>2FxLq
z+#n*LCn3*BOjCqQRge3*_kV{wxp5*dzCn+Tvd4_q8Q;JR4BZube{M^4HY7Gtb8a)=
zq5vriNo2}i1q5JNGhV~Q>-EfnG#{*U<U{26Pj!KYHA{?1Q%IkV(_F`C-WGbc-@|Dp
z?c_9%jS4ez_d9oy3lzFU9!UAtbIU^IeP@OB*YTO$+zO3n^Jg@>!hfX;yJ?<}I~mTS
zcG{1hk*|{Dq$GePC_E7xaDIr3Dxml=A4EeyjR=<58-$|jtq_wc)>u5hEz2(Q!fzE`
z<P<8ma0nMm7aRployt?<ST`xFc_bUo!i#ZZ41J|Y=RsAPu(q4p8WWF7u)(Gu*~KkJ
zdwY+X;I2%JC%RavX@7XuSYpm^_TmIF0XNr#>}seB0W8EKj8+98HmiftF4<Ze)-6SA
ze&%Y}dQq0lb`s65^4MwC|90{I9SidB9Qd;oR7M&3KY#Ue?_Ld&JK{J0y#{DtWui8a
zmn`}sl{60!bP^$L(<tvfp(*M}^te?ND>r^t|3MXs$=SD2QGZrfk6L`Za^1>_1I#=3
z4n+T!55rmO0WK8e>Usfjs9v&q+yX^a%PXfVB?8O)CM6Q<J5z8}0(iqsG>)VrkL{3W
zPgZ=|aZJqK3&?@SB%F$}j#sK$Y({S796s~#4ov$Mg<Or^+O&yX-OXW?^e0s;ped2o
zT7!-EI!NW=`hUWzZuL-n$O^~pY{nse6^^~Qle8bEZ|!D^b2qpaRNBj2Avr)FZ$c9D
z&yLr)lPHXJMj&Q$5KqDsrXzd~bXUi5d&NMo7prH)I4>Q6G6G-n+NO}Vjl~o#b!~>M
zJ6!P_8Pj^=ieL(xAxG5@<0mxLrySI(AJMhdo}4oRSAVwmh7R2o#Y>DmdNYRR6Z=uP
z@|?pO7CR^5EheXGG%mRnnEMS*j|wUHX)`4L6zIBr$#0!YKZPl~H{mr_(S8t2x5*_u
zTbnZHQ{Uy@Vp&SOg_zx_1hdPwO|cXDdBO2<ouX$6TT`lYGXPJvA*fQ#Si4wE(g=3+
z4G~_gNq@W6=x{x8DUI7n!46pNnRH>3yKs@Dig8;jQ$p(eUva>2Z>vXCmCbcaMo?E!
zgbi>&H7k}r_EV63jJ;Wgab&lSlh7AIhtt&or{keLv%5m&7|4+5e4~6~63Pflx%SA0
z#8_n68H<TqcBQRhO@SslI_?|Naiflo`wBV^yMKpy)M9oWCYQ@)w5GD*B^_xmkqxpY
zF>7i+L*zL6oCXBOVP)dhRW7_#b?juJT&k|=&Zu${ktJE)My703c@bSwgv(g*U9irk
z%H6=q(GhW54FB+XRpbBlMBK<G;%+(DS_$k?nG`nwaXDhE2*9;NLff%eUrk_j+GlHD
z0e?Lz=-;R&lwf7jGZ6+=o(Xn1bi!zp!gBwyahe$AE^&*)(*I^GVI>@4WrJZ*bF%iL
z7PlOl9&SC2lX@BLYL{8sYl&es>+0<dA6SO)^8G)ZzPpkQO4}i?ll$g%Hk&cS@x`-w
z)XnBhH@%qcX=zPcUGUDCr4beXk|%BpXMeOU0q^gqKH4TD)DFRB0N!iaj6J7(yZbC0
zBR{9woNR&K-9;W)+W;*D9%|a{c)M@jG_fq2-d__?g$+5M-{Y|BRL&awX|yXZX%v5$
zGwrHgpas|Ep*U_`YP8dI?NaJ8X_KGC1teDW0oFNR-<yfaY64rtO@tn$4nj;BWPj%q
z`MhEwg%F89c!13eQbUxpW9>TDu4C=KO=&=|dA%?&Y)8R(HYBfH@7jUZTG9-Gp23o|
z3^4+|a^6Sa2#|)<u#Vty7INUE>h}CZGe+X6qjg_dxb9sZqhsgn$WE7Mx$+iLbNd^L
z)8P_enJ3Or$nqEH!}<~Yo-#+W8GqBKX4G6Du3hZG&=BF(nwo2k4%d^4GK$n?XS8(%
zG2UWoOeqgV(N>#UB4SLnWC&>+F8Mf)vBc((vdfwu&e+)N(_n*Fu)wFu!`2VzG2D=C
zan12L2}kGxbgt>PStF=0c-x2LMmDiEl{wynqeabv%`U)Mb-AKuZ68Cf2Y*=6QFGsr
zn%nQFxpmZ>%m(DxFQ+tl03(Ex@fJjjE_*8kxxZ83;SlwLr3UM$rVBdC3_CT81;z!)
zy%7io{MB8C@sVl3_!W(VDc{hU%*EuU6*5(&<>qb_;Npw|<)xQ*g)xQ9RKT7yvz&|F
zwyaA%Y<Q(`+>5G4_v_)f{eSwvag|B2F>qX+^z0GfIH$*nc{ct9(LZi&pz5?!l5d0@
z6_2QC-P9<JRTWyH32Ukwg6{$g=rRgrQ8@1MtL`m(eQ$IA<ta#7MY`{Y>M{h!ihMi;
zvaT}eTlMIqPMa=@7e6{PS1Vc6oR_O!R&L@1p<T*};#j%b)4FV*Y=0kLgc4Q5Ql0I<
z_CL-v6kMh{oJ`UPiz?+JZ!KAmdMDUMAoO>f_e*XC0}6OAjQphzf=MaTE+y|HAPH@(
zkUBgXCmuYK>Q}?AFAvwY{W+h;VC6YHH(0I3?Le09Z3rTQ58b%e-!OpJUYhRy>UF_}
z^htpkzXzdv7iLf}H-CqbC>=$G?JzCbv6zm-nMQNhwwM^*SH_ZB<*=pPT+0qq2OMNB
z`AIT^AU-F8dYGtMj4(mNF|KY#GNB<F*dcQrGS?w<-wK&)h#Wg2uH&#Ck;B5p|J+(g
z*8v!1-a&h)Ecn?Mm+#L{RnO4lG|{PVih_|dgU0WD;II151%H;=!thymgRDgleG_&*
zJRBqNiGRCj2&7vx6ss#>_BGOLk>1vms<H4ZNl4H@#Ac-`wEJ285j7eMH@cB77LFE0
zE_lHDsu&qQ>~HR^dqF>4!BcqQ!b`ksKB@G#iwn)?z{A^6)!Wn8XCL1ZRwe73#?Ckj
z@0j9%Z=;99JAeLmF_8DC%y(0^Rdq+M?!?$cXH>N^TRZwnJ&2(i3u7|F9o&^BuZj~`
z4W^+cy>$j)he<DNBFk}OY#fVaZ=|a*^ZY~>!@=rJpjb^w?Y9%pQY<A6rlDwRPtSka
z+j`b1is&iTp>WYu+$Le@liiZm!|5@+^}%;ncae8JPk(k#R`>+lbO?L`A|Cxo1RT%C
z7Is$MFX>^)$@`giokolbQ&USPLsYQv^V^?~C7^|kK~era_zP3g9&D6Y{)?G=HNkz8
zH-j(0z0)=wi=Tj04=~2+VP78<pBKa!XwY5;9gnAlUceHs5?X5NW3EtqPOv8^!@AG-
zbFgy23V(z<&*KkgT|>}q#((%jRSNKa39I-0Hh+R?p5n-3rMpNB$e{7TcT$|)m=$2h
z%&1`+0Jj`kxxlxmqRvufqLz9k%~LXu!t{D>I{zQf$TVfI{Nq3VPb@E=p<yFWE`inb
zT131_*paBnJu8Il=FY}$>BjM07)>(}#K3+6_kWi52DIxa7R`l0bK5amG%=LIYX=9%
z$8d7Mz_E_|UYwcDSR}OKlujqOdKYh!Pnm$T;EP)~pc54+^md5(XQWKri82cuU_{}`
ztR1D1`pSmj)Q}e<|BioVTi^s{#yF+sYb~)TUoAYj#cQGH&e)f+t(&yN7@6*8j!(8Z
z7Jr{<2ZJ*|=kst4!LsI^+(5A%LN!sTynw(JU#3Y$ImzC5#EV$RzcZ#vz5oxBasZNF
z82H|ekaA@oH3*er2QGrVu)u{AkA{>H2qV<#VWr+M7M35PjL736R+Wv@CA$#C<sFaW
z5o)FTZObVkck_PePMxV6&&MGwTb6srN`KECwItUY>pd8m9xkrDaD$YPF6xmm=W_Zg
zya}5O3CEeELuPHfGB+PB87QkZhC9_#!3Z13ieX_63aXQoG<;@7Qz>1pZUsWlLV)d%
z;hXT<p$1Ucj6<Dw+d(sfo0_O}OKa$LVb21B3~$AB*K81?4uC1tD7RCV+aVY>aevp4
z(0HwxH%wjaDp{LjgPu28{F1~-=H<kMvKi~TB*v^|Nawxs3z=TQz#G7I#9X9ytz}3C
z;=$L-)|d5En~{c55%fXCIq$+^>cuLF!<JG1T-ktx^{pYQb{=Afzhf9E4ocTZ*FG3g
z+aB)J=Al1@)yGP~z&GM}Wij+-h=2VF;4scd9GGJ}S;|Pvg|rTD-2i3+MT?n+IoOVd
zxy%UH`;+5sgkMGl_=S5{-^%rlC58j&%W!ZrrbWlNJW<BwX{cvCX$1>qF_OvJSCaj3
z?47tR|31?N6wOA@iXtf?5i01!#d8?I>0l~uy$RC?SOUn8L+4g^UNmbk41ee$6}UnR
z0Ef>FZOB)8&K?FE+N+%v1>hCKzLt>5`}#7M2A4I&4XZm0qbwn9(xTAsoAC)^UyRu;
zefiy7X`-CU9XTO7&1;#rg}c&)sA!A#=Xlp0-coP8B}@3Uf(iJu&=o&!C$>@oSXfI9
zt!}(sQ7`q5mrGyMpYGTxq<<Y-f>GIgiY#@7lhmpsNxUmI<5N`=RBT9wt?yhfaZ*rH
zKVNAU)(lrxnp~lfWpZ8L88`MARrO|0oGx)DWT9vdXm@<e7Wy;%v9jo|n+B8lT7reL
zM~pm>x4CI~(Dh@i*^AXJ7faAjL<3X?aO}py_X6SEh!r0V_g!=)r+?mT_PD8w$^>tu
zE@GHtFb0;`P%yhPv!`7v&g{Y0FJd)y&6C4@yVyeC`Qt9>gM$XXe6%A=j7`F5nu$N+
z9wF_JI3_wgrmr)gsDKCMS7FX|<iH@U=!hQaY+lb!7W(i>xcRQm2f|lVUa2J-ZuZS9
zUD&CEOt6wYXWZ!&gnvc`L5du7za5hLRAM)ErI}oLfWjmPA^!IJrAYxq?w#I>F$AF6
z?LIEGTcPSnb<4SpF1NX#PCYK1!l!Y}Y$o_YF2+pON#8Ecu$u|K9dcD*M6z0fk@NHL
z<0SEJ(G~5PE(3@!OtBzLx>&f;$}oo*<mYoU6BjdnDm@<`p@08~?(2XD=)Ubh7JGO=
zBeJJ79=e$HKsx@au@-y&(pR_<VyRt!8Z05be#xFFuU=Lr0jYYyE!@y(Gl8BW$CofM
zyKsX*`4$fwGD0)jF-Ru$WrR(2Pd5dA8<AJZedptG?U0uOQcOt4QYS7grDNyPR%ex!
z)LOU<<7D8|*?)gp7s2I)$&wLOO=$>MYu3aXnc|q3ik;99ae1(w8XON?7#W#>HGte1
zdP^5|Q=JK=&yIKY0vujgH&l7C+(M+Vx(HlPym4qxBdI0IDGDZ=+74oVrEq#vaVO<J
z9?uuc#ZmqCvEU_cU9Jtgnl^<;>A;9@21Zb3j1?ho>VMnAOdNmsFx16DjJPfa<eXu)
zy|!8bXV+c9&is4jUZ`@rqrG86YA@7`r%)EPDU??2h>F%Ja6MDv265qHF;d(ZQb9z_
z$KfvD7^fZ&)DFH!oCF35jQ7oPQy4!Le$u<m{BRl@9yy>)-Ez^?q3rsE$Fn0Zp`EmH
z5I7DVQ-3aEDwbHGF(m30tKaLd<1<Xub{RXF#OZk9(YJM7pB|UGD4hRfJuvz}(byz1
zf-EfpdY%-2@&e2>sWK&)m|MZnFBsQgZItEY%k}Yoy(3M@dUTUwH6<h0PBP;jv;c?L
zi*ss+dlI>qVj@H8o6ht8L`fit-*dd?CJ65W&VPIm)A2p%(lESf9f81Adu2GRWOYC*
zokkG|oAMY~8RHsHIp&LI=;F<<KYn;~c5-}qdIg>>{p;-gyLR9RstC!{O<W9OEs;qi
zK}pNUO^syMP17(sd2#w|_~O7>&ci_TofFuBO+7HN7!RPG{}f)8sW>c8f>q)1#dgRR
zQGX9u!7+F1d^~@HF^I_=&uSeyo9YZV#n@MhU%aepP>m1-rKivbU~@v|e8&ocuENxr
zySJj~b|^cKGfihv9yMBAnFK$ul~D#p9kHcG5(b9H7Uu9Tj^hj*>|A%{i)+`v!jot!
zbn{ynO+mEBw<21R9g{H_`V1|U>dH0irGI%n8L=x6$5=$_W8V)ChA*B!f4(=|8=BX`
zkMSfVc;!x~xVjuVe~*($h(vZ~81C&k|Ad0ONSxngAj+9|$?8yrouV*ELiLWakMiC3
z@AMmFOR1QXeDCe^U!CD^FJ+Ghejsmpg)t@d+#ilFE<U_Jzcim2F0p^y@$je7$$$Rq
z1OBTOx|eIql{pPq;RkkWSrcHXoxfeYe@CiWag(9SB=*VZ9+LGH8a;Afp{jp=RNhml
zWHZOLDY-GQ^YP=^>w%9hJRYe;gNA9XV8DDGvmTENc+^yo_7*rNM=h~-Na})*d)yZ%
zKs3e<FXe&;c+lHAss#I;sTbe0M1SE-m`y_td|=9K5@wWdnX*%N%crl%I|B~_196y(
zrW*0Pv>n=Az(~-UDwXGjYcc-Y4$1aZ8!H8t>^PQBH{y~VV=9g#3ky)?p(CsDR3MPj
za=~*`daR1wp!%!27P@1bdw<Nf9paY_s-*JCz%dm85>_oyiTA^Lo%G?2Sbr6A;wU9%
zIR`p2k_(@xiXam|#FJvO9t(QuQ5s}Tue`+)qcE7S$8<PdffeQOk2^1>jS+S<3Oq1N
z{CV0cEfJ<kgO29-rrolN&aBl63tcuOGtR9QSQf3?A|GPRL!72lA}~H6_yLoe`OL#Y
z7*47h*Ai2W$%zJ;s*sZPC4U5G=a(^U9;8vA(=$y`o<=shDyUL3WZgBo`bLJXo{g?X
zO=)y>E<;*Bp@lu=Xp{5Sjc;nz@JjX;&4t#i?xJhrYkf&mVSvrLeq)qPe##89SsyOO
z+WM;dX(8AqKPZ0!$K9-(l||q9KNy0uF0})3@*!n3&bm;?<m5G3V1LfK%nr}Vi)DPy
zy3h{NWfzvn#tzkOK+Nhi4VsS~9y}YWKp;XH9~1>}W>Ns<J<48e2Ook>Q{RB6R+eCW
zk1Q`ryHJ*Y*0=qpwxNeys!3%iZ36~=Z5m8rTX`rY>MY#P4%&ms+>PQR@QVMylSbGk
z8D4G1RH_+ss6^Zl;eXYPIBb#L){_I%sG$<MjLnb5+`aX}h{CD);qgUqozQ_Q9>2o^
z{w0SkU1Eep4IJ!SskH$SU^IYkuuA5976DJUNVHJ)IE$IYNTM__*fEaYP;VGM0FgNC
z5hW{iLR=oyUxO1Ke>fZX@CCl})2HKx?3|km5}r}8Lvn<Rm48E8L{Sr|9H==kyS+ua
z;0`}{_?+~sPhr!%W=YNA@F@BbVyX&*s6wiE2M@llDfCE(3T}xC9?2^R`-3<29&3E-
zwj2G+1sm6seq%Ailo~abfLS?kWhIXu9q_utdLB!VL?RqMG>adKRXuGCwU0$|Cot#6
zA8bjfBD>PlwSNc%$!IFDo{1M=hop%vSP;%QLaf$FT>ns=VKZ;6gRPJoa(})rb0RiI
ziK#8dn<OR{C)gmzokSsKVWfIB#fDc&0P+v3Vt5M#;2MK$k$~m&AKH4dWsf>9DwEs^
z>U)%ek;pmMS7a@yCMKB^ZB6`D-jSA-5%AT&y2~&=I)CQ>7}r=`JUm!dmFphk$J!z4
z?LfEOFuW=q7Cg|TGrG6dsTg-f{Zo4EoWQPQG8g%i4&3LLKS#0OT^YmO^`<-3Qgzi0
z&nL6RjLgS+MxwTDLclPn7Q`mJE_dkCXiya(+=N-oUFEfr186#lx}PfJCs-|ySKP<-
z=PDEUsegt*BEeu?sViOZqZQ$<1Pd=R*%1rO{qwu#GB~o<L3I-uxq{7c{KzLjYPsSK
z*ROcP(iLwgSG=Ddw&JzKntZDjZ@9&Z*DYJcW$U0Vu2q>3Y?_%+(LV3_`i_D{doGpr
zE8$Cb`Wf<!w^i8bB#ihQrn>NVJ}OP$;q>@FuYX=S8*=(hA*O1L+a2eREtOdnWq!>q
z3~lu|!E2Wm*i>YqNVxuG^uT98gGNN>A1u`DyAPyuufDrnYb6#f4>07xX#A)By&DQM
zg|I;RD@uF7ZI@}1HLZv}pO5Rx#0Q2wLETrfKb?Gbm_Ws6Xi8m#4g~B#z@~tJKdHRv
zCx1SKSsxjeTe(9ru{}1hJM1g>*laYUCQtp*OD_6O;(i6vKBD!*daWUJW=pWNpUEZs
z0wgUz#V&Y*`j7wmPv>0KQF?2mDX=iZV_o9{&u350UbhWN+c%Lk84tzOJq1NeLZb2-
zX{DTn7t@suF;_L?(Nv4Hh6t~oJld02+JAboM0VXfH5O>eC$a$`ZlSW^0AocsB836N
zx7Q6?UlC^b^a>u^4etV2Jm%igiI-tG!}nxq-(p>*cs*OzRjK=i3Q-1^aT3j&IcKm#
zCLDufnz_1%e5B4*MZ&N-kH9)u&MXS~&@I0Kmo8R?UI0|}zgX2yPIgsC5d_y1K7XNO
z%(g8@=f-A79n9j;pT`|wwtZ2#;*4#D#4y}vSQ;!5hvLH$04te1(d=S&svo7M+y|9~
zRUH;>9sH?vI=B@-)+3g}q56AS^(bdFz%7}qyjNb2PaZ`BA0u7#v#L;z>o4an{2Tm{
zN!J5#8wD9wr6CrArb~%h<>)BRpMR?rTD0l9G1^)_4L%DK){Ez2`lyqyGTEw9CT@9w
zI$|fZL5oGAd46flvQkeQ>=@j~13|fZn&;<tJ7m3mIW|+eEd6?<;wuwfd0jS)$@a?g
zbS~@I<AOI;i|3(9`c?^tp#iXN*y*}(q~GZoso!ktNX&ZVVn-mVe?K*eg@3jwmzxkn
zXD98c(!W*ICYCvNZY_iI!g<;*du5hmi|;f0)N3v?{xPN@6l{#=;|%A97#Yf(;X1s@
z(`ofOL507xsFX{i8=ZUwk<tn&%9?A3iZL!L%V3ma1QRe7zDNXDP$TKDE4Q|}3O#k1
zq7EZb+L+*KtqHE*5f!&m9)G$7<Tg=sd;pq2Wxp3A-W(N;AIwuRs`rZS#;x++h3m?u
zaUYpNoP^3z+VgVPUUAfNv$KK5a`|UX+<*YA(r|Jx#kfGgTNJtJQRmL(4kjN)bd6Zh
zb}_J8sBA}Pb#zu!=&YKvLI+JLPVy<+C!d2|jGYq%SZY<HZR?zTGbG-jSDSy)D<1Ar
z;Oc%AXd7{LU=ml#={neZxyF&E?rtTCJ=e$Hz*bJL8I!4Fu$~@+)j~C{Cxl~AS(=8?
zCAt={sr9g?>m&>$6i_lGu`^!D0aYQ?7#uge?R3Kc)3#9#bCBN|mW;Bl9~LIGA*D^*
z9d;>2frQb`3{O16wnkh>xNm>MEh+^ZVrQE2&4tmAbRFf@H6(o`)XS(NR>FG~T8qkU
zxZI-~D#8l64bGJXT8(02ShxhfBw>AQ3J%Z_UtdOifh7Q?Y8`1a+5zJ!fr+`xlX0u1
zRfp&hzL0Bo&wD1G^@+Yjxf6+L+y(DH#v)=glVwu`484J{ml!Kn?KXc}Q(O#1ubPSk
z9E#-5F`H6D$(;u~NRCYE+>ou>Dn!`|IUelftMO0)Q7_Kb8Ixs0^OfwHV%RI?yeb>q
z(o$nZTV2~qW0eVRJFv)IQ_d=P0<Q1a=uzLXx*p4U#zn0(UTKh(Rad#HY!r;#GpHu{
zp6qbu8xzR}L0rqp&TM~O4U0MFtH&*AQ<?mJ2PF+t?ICbG3$%ly-F=eEoxH#eR;pGh
z=v|()&~=*bpAd2zQ93PD8K;sJ7agch$(5K(wH!A5t&;}^IX2OEx<CpsXt>KQ4T-c{
zZkkSDb=sWx$2nSv5wt^oCq`?@F!HWFOv`MumKfYlgzI}?98-TmTo0%6LM*~)Mc@VI
z2r;|{-!h@#-y?6>Did(eZuYn1oXCx9RwjF8E>*<Q7#m=ULxO%%b4hi<Ix31!GLr1g
zo|f)(fkP68K2^k$5m`1X@D6`AoS97osVQYUM(A7&us^3O%b0H@EUBfZ8n|8<DUTR!
z2QKG3C||Q(tB`+mj9%8zZ=*1Ec^OF#J~bppTx(+OGIK2y0j2}O(nnKK;PnGh@J1v=
zi|g>=nsxUtGCrnb!No<1<6tFmX*89&*S?HX(<hoFsV2Ws=U`$F|LF!IOykll49IG{
zTDo9h#%NV2ddGc>o1&c^oYui<9h~-!;Ix+wkt1!8sI7mX5^0UZSh`*`L$EDj(7viG
zCAtU4+a<y_IS{QP(nf>5ArWcEhQw%?M!9n~e;dFhg9{m%pTkce%04?e@Zt2`>$7*i
zT%DhOIy?Q{`QDj%lkjSZQE6}5j9FGQIBk{&G<V#FfU<SN(>k55KdC0iW#$ELF!5kL
z@Ur!Qa_fI%jNRX24QSl8<GxC+B8B6sR8C}?9ak+I-CWJ`tR6g{8dm6BI7?J5F&yj+
zgZS4}q+*(<*A$jS(6fB5!Pt%IFAV5RxWZM|6O&Fh`ktW3#6-ZF#jhoiJGse<oq>oV
zox<SnHlM4b-fBX<fpUhVBpQp+{jtfK&<Jx*%TRw>?71oXZF26ad=@03nk5=}Td&$@
z>f7MUM#gz<mBc`y$jS>j<3@<3W#F2ES+tX%)4GRxN9$S~BLlE1D&fYMD)tQ-qiPiT
zwO4#@x+>w0c8Y6D8i>zJGVeW{gmQ(!i3Bh0?>P%P`5#QfyB*0Yt7HrYJt?0ZJHOIA
zJ+yykZ!1KK++02@Lg*rCEz0QF41VIL5SY`^`*H>TyREMOzN_tLds=qNmE$MjM#vVD
zzAAi5#?bFUAZYDUcxNvC)sz*WQqXR{vg9!(6?UboxI*`06~G8$huh3Gp)r<qQrR|{
zd>%|aw*HzcGgT?WW6+&M%$2Ks;Vr_*`!|2VfQ^;7k#qKOr(ktsa3A_hJ{wDRsbXH}
z-BG4;O&%%}`xdNO#jA8>lFv%s8Q|9_SNM)g?kxRqg=@|gd%mw^Wb*XQ&sV2!KfHPW
zzfNW4|GsmLJ&mv2AV^(sfdg=*#H$~l@9ph9+uQ3q3vi<6{^|-3PrVxcC|_0N{MCO{
zjFYRSOWzg0+JDY($6j!SFf)E8iBge`E?Qd!s)3VnCwzZ^<_o6PZx@e@5LGsg8>rU}
z3p@|)v9v>S2P{q3U;X5WCIa?ur0F3;JC@^hNY_~t2d}qBhyE4GUDUKCHqC&#a+Uf<
z*g_>wO!8ENciW@0Wrg}QCCC-(q|kqq`A>z+QrNq0e(eZ1?P0|37hjCas=#noFnL@g
zwazj%gA-XG&r3M^Ct@KzoFEJaNSv&Sf^CN^&&7Z?o!afsEsh~pU0#H+dfMgc%Hm3;
z1`!9w3sOOQH|}6%1<s}4vPVRX!e(WTeY~P0#iZh}hJy<fKQ4?|owI0=X&QgKmZ}b4
z8-imv@zW_tRa%erCWFsMs>|)To$9a2Q(_{rIB?fZ^Ba(DdM??jPT<+Oy(ZejdAMOb
zi6vX}X=`kIrG~C416xxl?7{A5Go;;NVP7Y|bGck{;I>Xg*!qnRhg7ruOn<9gPqW73
zCp3?ze3aCA>&7>=!p#1z>tcW9;tn}5sx17#|1AkZsLy7x2!4f*zU8hl-!~%`>U|x!
zP%u?l_(EN*q8R+Q5z9~)U`WH+Kugt0fojfqj=Ca*-%OUJ$u>=C92pr?;!D;cKj>vO
z5BhluxadeZ+K9CLtjUN?ylCG+6w~=(D_j(Jr$1-$M1qWtEb2!BH_Cr`w>6`0sYTnM
z(NR{$aFkV*MnbC?ZC7g?6~X7XVacK{y;Qy{xNgRzsu>;Hl`i}m>9tFB>xtB92-KGB
zSfDc-I}2EQ-2_iCmyZrcef0oYSf^R)UXD}7XX>-Su$XWID~)r?N{Qr6^C98vOSwW3
zwIm%2ydkxb@dDj*HpYKV6<*m<nU79oYS=;c8CFF{OtLucvmTvM|FfbtC81+Y_Yk>E
zOEb4BOUMP;ynvI^+%S?9FoQcu>zabrba3T8a3$rJsfPp)xg9iY1&B7vOH9h5Z*Y?~
zQmLp&u%E4_A~UfSYh4oYBZ~``5>|FSFq7MAh4>D1D(1^MQEq>8=1%6iaEdDLXrQW1
zG1Zk)kOx(%LB8CeNkKCEs0sIb7)N9N;XG4k#U6DsRVKzS1{s?KD^@36YCxGzl2S|&
z9MXgfHI|c#c9uZaO~K;m0q<kLEeVy|Yk90kDv4amHNIHGH9p_WHIDYmxyE*k<k#Se
z4AjJ1V~bzOD?Wd6F~iD+WIeBVfV`rzL>8~uD#;kfTqRP%NS4JAF*JlPsjh!FVilKB
zL=GQq#VEab!Z4o9#R68}d3eV){n*q!F56YLs4aYvMH&g}EI5%zd{sQ45QjoAPRf|V
z1toos4bv{Mp;pNDXYaGc%A=sB)52<}xPI;aoyvEevtWN>t(`YQEVo~9ks{SNWug59
zfs@j*w_`XqcIOR3#}9*RT7*<vpgn16;snH0WJF1n_Y;pjBV|kV)?}eSw<8<BWtUky
z7!Qjmxt3zO`7li$WZ@9JRlJW0NiGppB)n;{Depc@%A@Kb$c5@~gH5Eed{ip3%u19z
z+em8YG75jWItX^<2JH?o)2#Bq0}k{LC^f8~e~HBnqi=XnvcoSs{IbI@JN&Z7<MAZ$
z%LkK}FLLB%DOvga0c7Q9uOlnF_Rfu}pxGEPeyTs9YWvw5Pw{3YY{DyzCNx9*ZQ)O6
zS<mbTv8VRf%huWNmogf3zNId-4LaR7q0^F;+8KX`X)tx8)uFQtV~;DrVm#CR?7Zy1
zd`bWJ>}5l0Dc1})RkCe}@al=1K6$0BCncD#Hd;0e0`0nr(Hkv=1NcYeO{g7Z61m9T
z9Ae1<;{V3N9yHnQ0c}2f)EvGdW6G&?`R%t@n;>Sq)LSgEBLt=h7%iQOiAP<o={u(3
z9X@}Fa2Ld)rM$#;9k45;PIIm9oRLx4vrN|{rVLZuTciue_5JV;+wxN74;<q^P`S`!
zHLp_zKB-awF-k5S0M{BwpYP{e;LzYxg@)J(1Apb%*T+t}#E)3YT7jrLHub@5D$#+8
zRF^cWQO~VT;7wKX+FZ+%yHWZ+6`7`*3N3#x(zyXg?O4+sYl;$5RbCJOj0&aou(6dw
zrO&Gx@B5%q0~#%>z-sEoqt1`Y1a==j+9XP}G9mtydWc{VU*&s&uq#{YPT%Wt@aLzO
zXXjZ)!-6_D5}oBd=Z+kPQXlr!Oa9+h-r`djn+ta5_0Xu%0Eg=fY0%BZ)@Yhk!f}6A
zCSu7ISx5$*=`7MB+to*VSTlpCAi}rd6h%n;yt17qXzOr~|Mv{5^U+3g>0+~B_w$Y{
z;U{;lrG#6jpexNYDRJd=vlL=Fa&Gy<C0ys)q;or@x`ocNvYNpTTUR@+?6mUnwQ?|g
zmWjL5!}{rAE#lbqCVp{^FLm#YaIk+-Q=<f$eL#`ZqEm)M@Y-h>?)AY>=}TXw^dSxu
zKF$YPbTNH;CVh<J@Lp9yWO(g!(AUG=dA|Rt&(RE(?l9sGBknNb4kP}u@%Tvs56&mb
zKh|kHC`~HBPG`}rBUrcpU=GvVI-4)&|E6`K8DsIO{+wi)^Zh~Y0*?xq44!{@cTSEw
zPVz}`l4WE6T1-4VmGzJR`p=A%yk8;O21_2St<Y)2`7u$2z!HZ0n=xZ*Mn!f-IKM`E
zPfk1QiK}V+(dh0ONP<y(#y>$XR;qt`ArFY5E_pIG%Lzy{aWWT^8|2yKP_8Y*=>{u@
zYSqg&OpHTn=u(Zi>Qy>UBjJChg+}Zh<X9`nQP$HeQyh9Urw7AHbu@8I$qCrms)*)T
zOx%>ChNKn>w%tk{n?lyKoL*dCGqZ?)Fc{5<V=H*G`?*D$7q_0<0gD~5_!z}8n_^Wf
z<rQC4HQZlY1oKhnL}gNXN|0i8LR3x5Z_D6BtelR>V8ItWqM}=J51@ZfJ97bkd8@Tx
z<HhC2*Qf6;H}&WSqf%DO^2PIw;3K{JxCQDe8#f6s%JJHQKr~C)wL?TE!C)1Ud<e_X
z4pAM`PP>fPC=@bjhd?ARWR@w!vsgIg%#ao?(vk32Yp|hi&VA9GJCc!~P9N{l$NbVv
z0hLY_*YoGa(z$;IdR~8vSY*9HwUXQbeP?;8$uby=hsD6Kik5+Jw32U<B{0A3ckP#d
z7f#6yH7dUfw`+zXc6eEbmvwkqhnGEBq{+1SW@@V$0`8!t&CrrLx<7@XFWkU}mELa3
zW}2DIRxwNagS}zKEbXiMIk3D&FoCDK3KB5_KcAhvcc@RwiywdYGM|WrcjbHZNebOY
z(<|6Wj74;{ph~sPm}51=oMve-;o^i15nmlar<SX9Jt-HvG~B-4b1}d4;r#ul)7RNJ
zjU!kn=FGhq*hxGIBat<9!Cl-!BsL6H3?ytZvKo_$(@64L%P>k{rNY`zQ!ifn?n+@@
zpi}Thm?nhDa-)9}I=+Y<c~EM6Pv^t&J8EWZ!&GliU!Q$^OY5P`&R`Z1!){UNQy~+s
zImTqxE@`X!F3{dMNyiP@UN(rix|@f&hO@EkIGfQ|v60u=mpZ34(+{t`iL>G?n`L3J
zL|r5%0t>-u{ni@qVh<P7A=#{^6-clnuD*!4Ds5jZePMsA&oQ+%4pD7tmG-VmkoN;w
zy5JM7=A~3t))j5P6+%NmOXl{;XuuLRO(zLzky#<j>4|68&r~CX<I`WxF0Oug|3)6!
z*kSmO);|6`XfZ5bVA>FEp>AL;lIg*YbD8T;3=?;WZb1x&9KK`W1qeG#s4pms44;4(
z7RyOcJ63=615i)dEA3h9#Ey(5D>B>cM4bjx1c>l)<Pai|sMu}r2zKc`xbF;{k#E?d
z>j@)dKUAeyn-H?hBdHTdR+*?yaz$5r8<?`4CP8I2k?3fhL^mW`cFYFVxV>Rf=5pPI
z!Pv6~qq2fwl?ncoww7$eW7zvHchPR+@=P_PuTy_?Z{o0E`l)QLfG<p?x!8Usp?!<m
zZl{4!QcQiNt9H>~WyEZTr$c!8@$%kiI|fPBh14+$qXlWsv3gbRM6rkJ{N%>s#lb)X
zlW+>-gE3>ABiDgT>faMr`VV=dkNbW){blY?fARk~`}y7SUq;X8(_cTW{^g%v$t%#n
z;nsg};YK%fJm@N1!jrVba7n6iOLJvb*0Zv6cKO&s@9!E_hpbG}<)GN89v!}`mP#?Y
zsA4+GAjrs01qfXIWMhT2WP|f$XH9S`yP#E4D-i^SwfSG1C3Sk!Q1B6LiDx>){lV}h
zAKRRy)MR4nU3*EqgFUn-VMHGVzX99%PQHKPnWFZBak;#O-Beo{0lm?;tbpFr8?K%X
z5$J3NL2>7%Wi6jb1hlQYu4Gp6e~++XI7S>PEg?QH!&pq4(#*Trpc*?P&5(2lsePUN
zI!LXa<I#*(%DFwJjXUMHn!5RMwwJU&aQ~LFYkK@mhHunWq5F1bs=(|>7Ub!HI!}Lr
z@7z~@G4d?0)sX!a?Cg<q0^{Ob2%j(Rv&&2!w@udb$E{dT^t3m|JPj9IIp2LtRr)1*
z(l+jMRKk5OML>m<i;Uchy}f~j$VIT96n9r5aj)i}yA3&a(IK8+C%#%Eo=;wT>&ee;
zqB-RWxxxajf*?~d^8zs7G)iO2mzaOY?efF49h&J%Na8N?sB&5)W+IB<qQqNJAE^$)
ztep})0)#1zKq-T%^ppa41+A+<OdV<2k(Q4r$d0u90-<e7TB2CUR<V>egO{z4+!ynd
ze5gY%=Q*JAoL(1Hazn5GB9fa!Y5lh)E0L+}V9GC2svoP;s^-Czm5J)f!jykCk?6<-
zBaPyo+u@OIk(f+?lOZ;@SVTjX@Q(_8j5GG}!A76`lMVPIec?98tDeFbd?U!Qh%kQo
z<<q}SPky>|f1jrR>u=}7$>O7Y=ZNZI<-tXo3GI;i<IszBz!obLaamEZ>UqVg#c?mM
zD5D@1;EMGVO+E;ui9}K+?23OZ7RzMyxcjx*h)FYuGGb~cVr7A0eSBc)g7F%!RHqPl
zFza$$bjKvx_vcQ4SQ?$6_h!xtBu`b@C>rZdj9p@!PUc*&<%sJW-+Ay{d_yYlf`c^?
zvRO(vD-I}*qnZE>3E(~*DAF=DYUgcJkvb=^35G1hYKuVR!c9O4WVU}mrif%3LaS9z
zM}ohXw{%V~kCh^C&mz}COFBZbBP5$4zmAZs=XkV{kX*lGRUggoS=HyMq+CZ&cJySu
z=*bUx93~G>HWPyBNXdthlG{Z{4F_Gi=KX?xw2hG5FCipBOg<4yC1nJC#83Au%FK;J
z4E9eOQf0QoBfn03wZ?xVpSJ4O6KmVVM!r5hd2{w|>q?hi?2LsU-f^~U4qt)%Ql6L8
zqn1M@35@dGAn8;0Vb==?O_4g`%;7dZ7p$7XXYf4>uY|S3EPSax#^2}g_jOEV&6Mvk
z3R_CUQ3_RR1(#H1rkfSWr~@iHpz;v~*#VVbAhd5&y0R6b`YL~dQZ3(Q6)9gUFR^DC
z`0cpKrWp20`N)@5=}hzZ$jU_ZWckRNNVGwGWQ7vDkB^jIdI=V}g(<HY0$G`u|1<>h
z{FhIEjDPXdf4TVS<G=jv-5!<QxKrge+9BL;#X8m!Z>&tJ^~4*i7RSAKql!ngX##HG
z8+ACQ7HDH_B&2`QMky-T-pJ~CxEgSkYl~&XT6)yAPPfZ;Wl2UV!wAkEtSG@m=xU4+
z!F%8ESaHW3Zp9qh^M3<$xK$ZOGoFdi;kz)WDO_EK6$T^mTxJo=Yuh1od3V{xxFK56
zF@_yu*bMn~jA1>;qm7K=<}G2z5Oxe<%^1Sh1!klO5jKAe6zTZEFQ~M*E|h5a*vh-^
zn<~*ZWbnX51|#u@z{Yu0_$9dBUAR6bn}iiC<gLm92>Rmemv_gPAJ0#(&QJgO<JtM?
z>t;--nn8nsxOTA#LPLaCPh_wqs#{NPD-R8d0AxRrK%T_ursZv=0(T*d-clIP%MB&s
zb=hd@OJjc?O#FrzygU4U80#nsBMB11<K2oNL5c-GgrC(Vtz_O#;RhH&jKngXdhFat
z>@T(v!C%jQ`IXkMB|a%0@|7VqxL-qpAPr*wIO0L^O4h1Ap07URE@I}KM*31v-?B_g
zFuw?n11ZNUPQ=1lq;VocS5wv;ax)HOGJ+JR#43L@g%9b#zYhGX68vk0q#jZ}F{RX%
zS`a(_5Ba}rzM{Acwo6*%FQd2WVSuXy^!E3v8q}=-y`#F&dDY1&N9P^Y61A&~cqD39
zFRHFO;jF>ED7X6%=4+fL1?M@F>2DYB-=SH~DihIMZHI^-0s5+f_o_~yC0%&!ofarD
z(zAauOkCJ@JwEVM`TP!O=6!pp6Ye`0Q{+Wn*3;YMog;O6&b`L<nawT+WVn&^7Ez6-
zFaVvhK728ngi$0WNvXP;!5OTanuM9>M~Vnij_|3hUD5h#Hd;;FA!4bHjCqli#Z(K}
zC}W5K*_v3k)AODQkSy4Yi4fBmhd`5NIx&B$mZYXsiK{i&_f`h0P35;BzXJvNkxe<g
z&zc~|_qH^L@l|)--*G;fGts;;ZptSUu}oyxN6u|iiQHg=9yLUbIuNh}0h=Me4g{>%
zc$|_qNMwpyi)u6`O-*Un9L_uF;Jj}pOVisZ&F&AVBW_bQxdZjK2ldc#y;mKiQ@el8
zoox@L_uQoP@>N~2C#j3)v(Q7Qr{mg480<}&(oVc)OkP*W?<<{=C#<UV<frls9+yO5
z1aBHnQY^SbSUe2?F$#sz(RKXzc&NvrCTv;nO~tfOpf8BMIKfl6GEHX}<#TUCZ;B`h
z?6XCH#2<Xizzf#a-J1$*b`U!uJqUkA!}VE1F_~lJtMJ6|E8vk}n-r~Z2|D69BW9zq
zA7XZhc&1t+G$csTY*0^@=A&$5e#k5;FP?`fC|VK;H*qiz5lgEuUMWp&3INg(cpZWF
zrxAE$UD2X-@ZC1>U5hFZ9vCGB<YLFoo4JSsEc7Cw({EW#CbI$`pYbnQSbKkP7gsOr
zGvB@5L7(k5OHRp}OWLF8W#|a?(4z0c8o;pSyb;r`74a5ov_Gs$j~Z8MuR2lXOYOn5
zP%^2}YE~EdJfv`5JLIzo=#v$B@cSM>{p9cpBd*rxDO=`<w?o*ERnP6Qan#BLdKTbu
zyM$bTyyrnGToze4GIrp7RaJk=OJY8#)egZO(_z7)rzPpKVl>R@WkN#-?g6~cQ;?UO
zxog148TqF(Y${=ub_M}rHleIpx2$OemwE|Tn5M8+aUyehLRiJXvvI~^?%sM~)DEF*
z_{>dM7Y%_)mJdbQmnVDWypP1prz5*0W>i}%h{(heYyt4&RJtr$*jInd!yv@H?rp5L
z6OUWWwL)_`D_R84MEpQ1<5k|$_US{s#d7r)%POlWP`R<6FpVWj+iFX!K|<aE8p9C?
zfx%jwV6@wlGpiwi(^^A<zvGN58*XXwt=Om)z?XY$S}u91AVTnWvUY60I0ak0dtlF1
z+}ML=MV`1tjWJ9oFUx;B_&o9(_SZb}CUe?%xIs4RmY&O5x~F%Sd*r6jryVxfVS~+(
zUxy9Wb3EEuKXCo2j;?lKS39s~cw)hK`Y8;3;Req8C9^=zYei4sV>CnVZG#ed6Jr92
zKWqggK5+0`MIc_B{_|jONDSgBm-do1;u8<#BGdk~Ov{k}#0`JY{~rs32^fnRb_JD5
z6EBWoQMA(|&6rR%BNg$)su;kgK8UFTd_#m-GhVS%>w3awnrh6q@Vg76n;AA2*0lzW
zp$j9}_~3(#SF-$|CmRX!Fb!y!a>-db-#DSLZy*D1BV9@`Oenrd=j6ea57T52&Ia^7
z#9J)Ga8^=bP_ciK6xP9C6xp>AH5zIDG@8-Q!kx^$Ky)PtD<d1RMX;RlW|QGjmc@qg
zLqbF~l?1OgR)zq1xUmp{VJSFMYwMi8j5V?ke@tAg9VTG-K@;F!RJqVHImEr9=BaMS
zd@s7NpurW0x5Fp5#V26`V{H!S<M|s-l)$JH#b%I`LI!^w9q}1{W_-A9E<0l_S^>h1
zGCt5QEoTBsMO08zaWLr~HOE&iNU7m2YPNeV0uhn0K7KrVZ3_ujMYKnRgi)uh&l36v
z;bCnV>L_ZjV8}jMwLOONe}j_$r~cQnT8Qt$!b%}Ni%FWu)Ekxmn1`__P-UsnlS!2h
zcibew7HEG>vG$cRmX!_rCdLxY&wY4hMk-{+Ocm@vouLFTOz6k0+f<o2Pv#+JuHC{6
zp^P_9E8eW36NU#&kT39D-5@!WJsQ28qYO*37Y3C`Z--F94<qbF>7R5$WUn_c>)?cj
zD`dy7xK@@7=YM>6`u4+{_y6luX9ljLFpjUle@=g0|H=!nZ~LqLJ^0_Vy}iD(2toS(
z>MBC^^QC-|))oxGO~p95g73udiC+z$^V@k`^l?F`>hv6@^uwJ#=l8SAU*CVcBt^E8
zX|lSTVNJ5#X(eR}E0e5IYD;lt<c0si8J`~dJ0olwV}doZL>%=Y<#q*jKSZ(~?J^qg
zFb;pi-itD?%P3rm2z<-&iq<6jz6~wuO-LL*7gN9;ch?PSRo^%Zq5Vv`I@*`^<uM*_
zp_=gGGqdg3Dm!0s@zbiUibaz~g?7f$jPPpt;q=|>vv<E-ou7U>JN?}t`)A%HyjrF{
zte}qzL{{e{^G-%N9$c9;ja2}*Tvw^MG1q^PN8*j`h`s1BI%jQ5<%I**SXFDXQ`!S*
zWXr0bo?cv>y?=Lg`nL~R9Tp~q3rAR`cpDOzt~EHSCWD+C_vf6-{g}Qp72tTsN#xRb
z{g}4l=<ds`L>5~ny!04<flh>}1O7vGB$*ZjdzR^*Ol29CzI7NJOG;*qcrruD)h&P7
zJRUyCJ|eGbo;h1<3s^+CLYl*}LYigj-VlXuHn5txDb0{}2d#dc{GI}|>hvgpCwU>*
z``A{8>)TL~vw%$RPBVr^J^v{dq*yr@6A`$P7uINq&ZL!RyDp2$j0M+~L1z)%7k3%P
zN2;a<mJQ<1@awb{!X+SQ@EbBf%}0OyoD&!pFHr?$=*8c~*!dX|kDiC^7@ehZs&^#V
z_hKus?{tey`jL6?M*36vRDBre1OFIbF3GmX=%RrI*nieOI&hR#C>&|es$@p3*(=D2
zxhrR7Gv-~*NWiX-@YhJMU8-A80L!BNCcGk;WL%zzQJsR_z$vcmHdANq{Pce=)hLW;
zwtvZj9~kBDt5(AJW7EKu{vdx@B$mFrf`2cg@H$f8GLORan!jR^`iVE7^~Zc5WEVTO
z@6p*liww%@8r{u9$MwNmq!KJ8RqP@$5gr|w&4)B(t;1~yK^2t9S&XtkWnZ7zCO=~;
z0y|A58=0GNx}3FY3JTIr@XvqJLt;Oag(9efn4TVMhaX;hfl5IJluTQbL~8{*HQG`0
zGMlJYaY<x6Hf0)lg{LaDHA)^<i35_^p1V<i{IWatd@orc_eX8jwO?cy9v2Lf?~REW
z1c@s<hRFiC4BP81=U%*^G<(<zDIe@O{}hCG!Jy!ppyth@aFIpx%R7Hb>(dJe<G>i;
zZg>IOzXh~f4?|xm^S58sz;8&+Zw4PE447jdjA}ZMnwP9lex;xX&6w;!PnKUdrABd@
z!hX%DsAUyK!Qy2tktwAB(@A1x$jU6X%$Cz0hYrV?qU3I&8lvP+*ok%d0Zy<F_V)G^
z<!ucUxXn{<HUs6)hE;#^Jyp^?l?~4t1hd%qc^!+HCo%at5nTnaV#sT7%|8h@v6??T
zSF9!#U{f!b;G4teoB7Sr8h$gc1u;zTnD+mCXb-VwJk9;MJac8^eu3`R!znI<jZu@P
z1dhStZDrmURdl11h-M0fC$nu!c{`ecOtIb+w_|wT8<H@CMFf9>dK58ipCIhgpR#&w
z%n^xKU&T;71xcNY0qvnExrBYS%QjQ^=B=!2U$*G2+c&M5o*cgBvsxG+$_l>;ML5ar
zGVde2I0JCJnGv~S(@S&^J>KKe_LYs91mWB<?7IfM)8f<L6r_cv8C#X;dH~?u%N=nn
zK>MfClVSgIZFGMxzwqIn&yT~5*vh!5uZ;0Mg%LTyGA!xx5M&!;b*fDqXfFtzSsGEr
zSf<<5sXE)|gv*Q`33iVXQ2E50xtLh!v5nugII|t+j!PJ#t-}TgsV*;I5v2;(YfALK
z2?V5NIi<9BRnW<vX?eVlh{khkz0xqYYBZReUI-L^%-nw~+4H_&opYE^p+)=9>0xzD
zp^!`&=1n{<jG6x#GO>WS$W^_#+R6&oLYbZblk#k&w2o8={k-@=C8coWZDlFRQkJXU
z{Qyaw2D?K|JJhs8P5(^Plxzhbswz2pRg!=)PGOydSY;>~5Uyk{C%b>dO{o{wkQ%CT
zG04Z|<g$NI8l5vgB13f6<yN4M|5FmJlONGBJO0}Y+{r79cg+}{d{;&C)S^}v&XbqQ
zpdSBaME2y{7~gBi>Q(a!ui!;AM2@sYrGDT_q%{&_BgyXb5G&;#!^ZWPwx%_b=kXep
zs)t*2Z0-pw*D{O}*C)QEA!i*jAkX<(xUt7DM2&yMj+Ef~r{QOLI#l^SQRSahPv^2S
z7Fn){!eo3#1$Ni_d(OfO(nK`GtFIYMJ`U4h>PD-E2(M-^c`G!wo}jN1ea!fW5jXTy
zCDzhG;aZxqRgxXG@x7U#G8k%7IB;1uT673No}cdPY=I0K8dYiY_&3uIutV_m7s7MG
zVrhSK;cri0pM88wWO()~@M)-*Q;5}Woe4I8au#mjEmNPr0jt?^$2okA{k;J{ZT1^L
zWD_qI{ua<nE!3^iaQU3dy-8SU8-g4I++mvJbQK{9eY#O)i@3*U>0LliM=uYbzqCK7
zi^d@sK&pI*Xj$34ooPxXAlXVa1vTuL@^ybqc}J0V6#1VaPb?~%f#VC<I#CZo-(6z0
zQd+KJ54#Z>HA`IlyC(@}S1o4@KJ$Wxh-R*1J@t^Bd&;iSaa%H9*uSG4m5vXxO2=hr
zAS13w5K4}q9J`|w`GYyTdf4|$QSyVT#{FKDyo?xsR79jg(QH=^FawM&U|dyxRYrda
z?G=c0v2-r?oL*uckHNPdmxQWJsER|DMushpEOL3c7Cyc>ee?6xHnm`1?v?Vz&r2)B
zZsd#i_qOAUy;!gI?HIu?B#LR(c=vw&KDl;KaAgv<S=jqZ$VxktCx|uQw@b_LE*PH}
zDU(W0`cx*$-(8rZDQsZ;GQSZFG01;)^il_1!1-h3GIn~Gd*AQv9g;`5Q&3P?8n3Z)
zIn^<hJvQ1R)2}fArOdJF0l)T$PG=uV?L&rGX9xH;7KVLQ*TS&X`FKS9W~8+lPNhCy
zNM;*FDnU(kFNHwd<$S|Y(K#GhzF-pD{-AT&5?}frJ3O>g6%@{-@#tL+(F%XlZoIR?
zUuK0z+nM24C3@T0+--fb;^7J{t9#Ea(J30t*XcBh%KS71%x(hZuaX~YlXaGht;Se`
z_p-e34%aYFz<2zfe8av~9eBfxdPsp{dxb79N{r7i{GKf1*3U3<X0GSQ>y82y4=Xf7
z{hrjhfG_PeZ7bVFLg$D6@n3)c>71*0EVIdnwt^f<x>v2g-64VQkU)1x;LnlYPilSt
zga<b31YVxz91x2|Ipl<y&iiMFekpvrV<gP7x8#|Drg$(<@BD@=Nwe#YsWQz{9$xK^
zZ#=RGu+8y}vi!z<$1-%PW9_jF``kv!$&77}W$f=gm17yTN3j{qTmOGN{4~vnv0tAb
z|9m-s6$4r9lVVj~7Y1q&yRhR9CzCXa9dRpQU3#&n1N2Ggpik{zBw>VJ@-%{nZH5-s
z49lLS!GzmOG(>zg1GC$vzV+l~tvcWGkWfjvZ$x|08S=uZY*daF5@GQ}mX-zqhh`jw
zcL+OLLnJwFqrNxnI^loIT_4NYO;h?okr&@M;mn!3i3=Z(V^zw-sM!r4j#l>r+3F$O
zY|)~?jrCAo5HDpAfoOAYAqHbNrUoTlrSESHV{80+=5hB?6;LcHTHje<Es%jK;ZB2&
z>S-X;%1BI$<^eP-XCT~6LF1556}TK9io^`QVNMJ#{3F3OZi|1FE*{?$0I!{ZHCG3c
z>F+x+R;H_Pu;b$y;`otR*T=xHFJ$A)n!l|;SVywxv@)BZ|1eFdw{n!ky1HeuvgZ|+
zLzXg!ZT7VnIK6q2EaSu7U4HqQE3Uan)HB#zJu0VH6ZBf80XbFSPHh1y!=^g_+QLNU
z-B`eqFeJk%tH6JL@ZHrNTsTj5PgeN#aXaLDfN3d$(hUq<&2L!3Bd(Fh<(i@}0f%?$
z^xWGJD{s1!o9hT8bpyBsU+zqNcd>*={D$$iCyZM^uPlwc6oIqJycE*z>s(mHJ3O{|
zuTFMYvM(yy?xM*tMQHoVv0MPKq940b%6Q3W>Elw^m5G1yg3x~4!$bz$WR;3n{bgju
zPHC_49FyaVYq$uD%E;8?Z(%eA-xF6~1!phkVW8gret0l^@%;Joz2VE3Wwp9*DI0<+
zjsq-9sDr!X1xs+R<q@98t=C-H$eb+}FyB=R4BFb|wgGm*NrcccO<u8CkojIZVhK`k
zRw8kFvcG?`vBzK%t0gK=1e)>V>ClGiLJfKjTXvcT`*f<Yq!KPsX0RB;PAl}MRq<xk
zDdv63NI>Lnx}4HcQBx;L3BiQih}AC5b=bCg(GJp;Y<1PSc5{)V8?-~TZ^J282S$U*
z@W-v$C;^uE07T6O6{d8~rjGXZ%517Mp`fdG91(w014H+2hg@mOy8)j{G^YO6Guv^m
zUGH%lMAUbFQ|QxPX_QVSSY>+V<HxBxA?mZ&E?qm9F*x!@%S2aj;ANyPR_+hxRN<%7
zK2Vi#_gx|{I7Z0A?@5=pU@Pq=Pc$TPiuFY(7z|fQCwVO9?yVO_Em`+<q3_9;Y#&OL
zJ`#V6@RpUH_u~^x(GO^#s8_+l3ussx5_PXNyL+7J_Fd#9Fgpr~Gx|2uyn`oa#@(%n
zf=L<9z7WPsA1zrSW})wgclc{?^Br^J%woFEw1GW>gt6|<4&k}dASl;{Z35mkmNOsT
z*`+Cpm*^wJC128GWu$2>b5#OQO}M0Za5sNEJKGe_>ItB_o7&1hsEPdXHc8^YPkMiK
zmtlNlY6icu^Y2DdXp8pnb<%?x7oq%+6`0)B8NX&owZoh0g*S}|Z+cB;JVQdVGbNO&
z#S&j!S{u{8_6pDgJ1_$c1lM9NCN~W!cv>^Q39M-f&O=vr@{6R`I_<3|fpQvP^(%jq
zZu-Z6{GYhYUo06a*!tX<r37_P&Jxh14{oY=O;yPBKGZ;-<XJZPjmr>*cO?_Ul7QkX
z;A8MCL_=W;_-_{%Ht>WshY5Eop`5<g_s{62hWNMjXPB&tenv5E%`~~CG?R=uI16{B
zX1>}41v&k}3Xt&eMGB$_(5F=&AWwgf52)=*Xh|Md!>EQEtW0aNlfQ9OGTW`>m<*?x
zI5bnu>>`K~B7qg5L?7{NL_29E85=Ng&Tv+YR&7EDS|PUmokB{V0(%&&Pxzb~*R3m!
z?X^Ng2Rmg4DlnfOOB3v2D2d}{euyE@IHcv5oCcyuQ*1PdZUe|Oq>`Hd_<w)?zbr7(
zQAS%R!2XM>G+;Z*2!<Y)SlMcnrVg3!eEeG#{2dECTNc|E`%#k!l?hZO$CR;-%ktl)
z?zN)$ZatoL`7IL6GEC5b<Mp_SvdTpHMHCm;StNF=9a4Jd-g?*QI;py7B@`e+;Z(XK
zpe%+HFR+%Yy9m=Dp%W<Nol}3xL!tzmku7&RrGyFpJ>1)42jwE!#B70jONb)_x7sm8
zd7!9}@Kp<{IwT}{tH%Y|DmR(yd7;d|5GA-!JEU|0#&9x6=ie68jaacp$$3U55?7Rg
z@7+jD2rD#W7BR;5Sg{y*cqSV*o!+h3Q7I;K%dO@)|JT}o+i(4Gm)L(VSS1MTx40aE
zQA03e6Jb~l^U#j*Jf4D?rlYj}s;>b~=|SnRs5e7TYl;;HWmsiLFM=`J=)zE!i<ZJF
zRQeVE=t+-*!Y*U-G$vtqLvV9em3{H(kaOi0NChvSu{dl)ZF^~WxP|iU7_$8B!hwO3
zGInF?<oG`DR~Xi&8_|E<G|uyRfw8^9@zkG?1JM$}UxEX7ZGaWo)^Y`Vb<}!vW;oQy
zz$5jVarw1uNj-w`7{s_AT@R%dCko9A4?UrAd+g38%1Q0@!W2w&>A46n3oh6yT_Vqp
z#DYi@Z{|+6S(9rKgReEwWC@;lF_gTDrE^e5PnakTVveWlRE~fAh>YZ@F#7Iqzh6pY
zMr6}vVP42BfawtQ9m@&Wp}8Z=1rd;BJ*)EgL7UJ!;TnWvSjPrS7gQxm@rW8|&mm$g
zf&3+OC>87SsGkHsCkU;iVRr1p&K-i(Zm|Z9qq^MBJU@we?;|rxvH&cOk@?w<g?cO&
zYTx;Y;gDlH^znaJcd<NjRCUd_ZUAF~3$TQv4y3E1q9{Ag_s)ahDyK)2WoIkM>M~p5
z<x&osrWWQtelhm=P@WPdBspc3Pd;^c)t}Pi*GND%L$b9;tlH7c_wsM=RQ0H{031h(
zl|^n4tJ7P{Wki@ZFHW+)u5rbchdmAzFMq`Wwmz*)SCfBmDw?5<H6yLMN>X3DWo@r2
z*Atqts!HjRu!hGBj^)P4MyLLN_TFwcjwL(Pyq~AY1KW)%xJqPIk=hakqCrtqH|;HH
zo21m9<2fL*s-nnjWo4H0hZMWrz_~JxZ#@^r0p?<WIr9L11^a#;qMu}9{X}F$W)@i#
zDP|@!X}Ev4NY)=$tXQ#rzF3Pq@qrVkD>(MxgU-Y2AWkCTF6Bvx4HySdsReG%;~Urm
zJwYOv$+L#8mXxDZD{y6?Pk-0?>2a|s2MVWfIS?H~+@qAffQCJWGVt78yi{nYh!-2G
z!=n^1O-G8d$zF!pBx*l5rTE@T5UONiF3oAa!cl*B+`hLxLtMvwiV;x=n6`lWBn(o-
z7G_i7hfu=cI;UHZUMqw&={twg!l>D8susY)0{d}5qn70_-bdjdfS8125aw5}y%<MN
zCXt6(FRm&;@*DCo0Bz7Xf!4HEI$*hh&c*3s;mthAX=S%#xty-#jO>ePgsF($6gyif
z<n(`2RqOl-=WuPYt5j-W?FBBtO;Q79uF9lBySRi~*YiM$r>#L(CdlJCSlq>pg1`(D
zP1c#9{x$Zwgwt`I&!3Msm>u&Rgs0}&x|YMIrU&t0TfRt9FfjY$-50wsl~zR1<s&%<
zK!+zqp+|feE*3&Kr<dVMmEHAYy}5ei(dmELhoh6j-)?VjkMzT4GxQbtF}truWA&?9
z8bu<Q-I%{WJkVox&5wyWA|4v}S-!);>5+QaJag9h5r22UUasq-B9%Y^xzXU2@d1^o
zOKxf#?KGGSqxamOwu}Xcvnx1CmDZ1C+ho-GbC97m{*pZ=P-UFuy1m^lAy{L_r!apB
zL)R4Ts1g;2>@$oHetMR&&Z5c(+=j4RM}A--UF!<E+0<HODjU&W#X1qgIGrxNBm=k9
z!H;()mT>8<XF?U;T#6@z_8m7+M8_D7S|u?&dwOzO?Bhiyo>Gc#wjMn_Rkn}KXyO>#
zoj^$*?_Iue<{=^jlnu1rTr~mW0jz&&`I77twPOi2H{&hH`8C_|a-KGJAOp8_qpw@o
z?}vG8>U?E5eE=mO>l?5Ggw2lQH&&ERv)XOT3{eVndWv#c-ZIx(hp-shMDFaXlt)97
zytU?X4$5--YS*b@oygXl6sBw6qZWhM%o&<h9@w2z252c1;|ja9+ZQ6jc0Yfx;L_a0
zU}2E9zmh5jmjqyHS59%jnt%fO;YCv_0L_PCc3+ILTC|JQ$}coWi}VMUKW2vI^+xOp
zjE7Zv`9>wJbi=9R(@)N;-B*)6XM4MUA02EK%2N9gpLYgv&5(09-1A}bYy1Ss!_$-Z
zL&W8*0g~Vv>AcPK#+eH>$*_MLCHce$5gG1c9+6KC$|mx(M>C~p&6-@3Sj;_5s)hBW
zk{lyHgA<L`!;N$!{m05VS`W=KkHx<Z(vQ}Ib4f`0kCBPA9$cP}Y{;pnePuMur!*J7
zKB_1^lV-@VF(9m}^@i6$hr)I!?D{{d9EBaPM`5MbgPKVz2(RGDAWMJ76VcH3Aaj+*
za(nFll`~D{fe<ljMnNw;>Kq?+zVO`(2gdw1Loqul_F>{{0u|dnt*$2?X#ui&QHCXp
zqMfm+T*lcY^-|{`Bg=qi^~_k5HXwvmvlv<&;^Mi;`vh|u%egT0!>XqubOzK1BwQHB
zq>smaaOPs+L0XPf=k9+YtvsFxF27;Q4f|~*p>xS)flL5Hc!wdYBwTRyy1s@#0?=K$
zUlGm?O4M<cLVObo(u3HC$%Fn4D??l)#Ng_s{O~>%;#oztVHp%iUt_qd$|qxsmTwRh
zd+=6JN1*%U#@2w+LC!Gkp=D|cg4UtF9qJ3HZ-E`_$X@EAWY&Kb;rKyp@gn7MzAQHE
z=v%NsYT7eCFiD`mo-0!+^Th_syw1-i%Q!!^^=gIucWknHElHhF&kA_&!-JD|=f@up
z4$qFi9Ce)zH(1@ttE!gwM8Nn?Xf1*X##<O~m0w9?_yE5-x~+H<r%QQE-(XkbVnyEu
zGz#d@(_=!FN&kOf{(HE^WKzS$1pqX~^pa6NybRQ@RYqnj)t^FsQxNI?XnXs`_O{%Z
z?}~5?J=?r6*ACeqy8bNnsnlGo2+)ZktsT^8SbT6a@R5*(#w_;H_Rb5aA{U91oxeiQ
zv>ifKG<V*uzl-B0@s)$zM>-JwoM3`<J;{A^diwe7_~(CHIPRU-YTV<G<G8aAY(yxm
zE;Z-6D^r|%bKSMUxGNJ`oiOgog<yfUYq&B?XYy%GPmeICgu_3k@>6e^LU^`<EHup$
zQ4~hHBbLd&x}bAvPyuHspSE3Jg`UJJfj|`Wh6Z(%@ToHbW%Hn6(O;;B0k2MY3Lu7V
zWf4){Gzx!|yk8aPtES+PUv^VJv117KopJgF<;B4d&JmyRvQ42m>y7#vJiQ`&b)0x>
zT`8W4z>U0cBMz9BxHPK^5b(zk`orqm$-_koU8KoEp$ae`Odrfs=^Rx+Fg{h&Y6%_c
zTSR@2Zd1FSj@SN=02&APJA$_(csqjk$J98Xep`P#^z)XK7)@EkTEe_PSf8DM$2Maf
zI`;9A>~7upytYgOMnZ40p3qay=+5@oIsSP1`ThIj!{eimXXo!fe|&e!WJ=BgG(!bz
zM&bnm?#o>@1o&zMhxdGSx1O|9#@kux<VZMkG4l~!E2HK(!HT&-3^6g)iroqe6+17s
zB2!H2KBy6dVw$p00)>zjahQwLo4b%?gID-`?99D*<-0eVx38qX#i$-mT_0YsA(3u#
zs5$Ojd8`PNTtg#wD#KA{c~exD9xN^7Sh=*5(tRj@cMmWQ65sOp_!_`;!?J_LfO%RW
zsE%NJiUQK>s+Lz1Y`O@<@R`-SQqxuSBF`$5+M&j03sT7QW;7O+s57RWb~Bs|$a{lA
zGv!+uQ&yQ&%bQu=*~Ai4k+*cQJo3d%u14U^;@i7e9{qfDcv}<8pC*sm#IlwMQ)P?a
zT!g8AGLhYeFv*yvT|!vXClIp@y#0zX9{s!%)Vdy&gz+YhJcVYLe91B^_iTZe9H_G`
zJJs4DPt1hfP{Tu<LAZz94Bqvnb}o2g=}UfdZ-Kqk67%#?E<xcC8kbEy2LuFXi<()_
z(iA87<j(YF<;G7u^|d;e>|P|)di)95r-tNz_nL({!I4xBE}@a$E6KqjsZ@M?QQHm2
z8oQBt0fca5uYAZNZ+$*)$f9<5QV~zW46RWUaEMkjdJyhPja#cm#dd@p!PF5<9l`Y2
z@_QzI>?onIQ6sxzZsG1mcDXdeZGG&rjKdG?W7iNPSaU2(9#IXEBi7#!Ay1%0S|c%k
z77y=cNVWE`TZ@{}?QDX&P3$ri@dp4TAWe|3aWz8;JKU{3xZ88o-+H1-R*N~S?+u4!
z&Q!+3Ut@a|bDYiM#Z^J74H~?8vEq{qC~nQjW@6>w0q`2<^n?KvhOU6wfEE^JNko1o
z{3v3+HS@z*(9`0(yU4k8TtVgp0En4?QSirlX6{1^J>db`%{3&i(j*wpTLA2)^aeJx
z6nKHV;1%NJ*IQco{@~UT(MF57Nc^50YKGwQ7RBV>4E0l;5>*|cDSStV!gVNIhr-<x
zh118Ec^c3Wpj!Ntxf?l~1iv`M1F7FuhR&P`jf`?h!46vI`Qpl@p%<pu*}+(Ucu|~m
zK-~sQO@U<<Ypur_>#gI)aX9nb#Jn0|QFXoI=r(NQD|gB&^6-DdD|v2(f&8R)MHtUz
z8r!8c>M6HWb#gv6ty7tkTJ(&HUEiRe9yRODM5;iVOE<Wvj>4->u-`}FjqZT(KJYK@
zm?M1~e)sydDi%Il{I1IF)KL6?t~!z3j^9n%B?L{Cm6CT>VEOdWT^+?^M$|mQSanUa
zAiHAj#X`pTY-3ui9YQT3@6@$HJqg)7yLhw$$S`uaL1}Nars1dp?9AMVofqlRstu<u
zX4nYz$1sS1JG`Daz2SFi$(k7W9XD|+MvfdMmh}}Y^T1RivWDarn+D^5O>T$rES+D&
z;h8op5({7<(80dU8e;b{^VR2tZOD3d99|iRH=)~rrAePM%^8?V(ouIEb=OgMtplSb
z4UuE5!6?hBHbbDbXQEow0Bm<X6~!^pRQ~VWjc)ch{3#pk0F$}*oo%iekD+nOmxG^=
z-<=<P`1JW>Lo8;^I4LE6_l5|s37k~hG`gN#%NKwQ<kA$-sq@_WI8o{=ASHJGAfgZx
z0tz6cE2i=0oy9Cf$_of~Sa^XO%%I2dDvaSb@#c-d8WOWMhjFqYB||lGjk?zFTh<Ae
zZYl%HagCZo{o-UuB(ROxQohlW*4#r~qNfiW@l8ZCFIEW)t%~q}Y?v!GT)Fap^pB_F
z(!KJ+4Umv}RNp(?sl%N*+^HOQx}%|0E5wjvl8n2xr85j&Ze*m*sOfESMQZ!S_GrTf
z5cRN;l@dy$s#ZP&Jf=8`dL89a#&Wz>$Kl;P$6M(=zpI?*fO$adFc@eD9tTfan5%5H
zk&`O&I@qiQM=sre6a09yhWdzka?ngj>(CO}-b#RspR@r}^+LFv0I`GW3J{RGZNMR(
zmO7$EXaVi9vccWv{GpqZuU&OId%r_t<n(apG6csuX6|>&`bf%Zcetm^6~t>45|h&F
zR)s$q(5<3yCg`88eA1;1bLV1#{rJN)nT1Os-Kd+D4EB6~|0Wwd2lotg*L^bv;46pl
zW8r%jo(u<`mSn1IDUKJ8y8_}~%mH4Y;gq+GLe0&cq-ZIXBIQe!TRgk69n#YrnA9wr
zAitJTrqne|Hn<4}iv!r@A@KXfiJvfAJaTgLK6~>Jw*)0-ovYA;`kKzoIW$rg9udo}
z0k?MNj~I-9wih2;7eLrZ*_fLV>ONeixkB1(tsiu+7n-d5K%;ErF1=u>+0-drsd`es
zpf{s{c5$=jC`-qtm9S}Ysc$Lo8NK30lYY5sb$nXKr*(YVW6MwH48LH-u0}FEFbM%T
z(B5F>kBW(V4jxVXBb-2l4;nQ?>UF0ArL_h(56v@wi5`w^_2cHqx%QA-iyD8uyshyU
zx4MzO1K#XCkKiHHHOZ_#IR9n8IiqT82C{VxzaApJ7U^w05hdN|OP)Z&y9kC#z=ajT
zD{IInsRl`RE)OU3<PuqMn!B8O7ikE&Y4v8aFt`#?tlHGe0|j~%bgWuUShd@fV{rS*
z6QyW>X^Q-1xb%_)l8u!7r54Id@<a7S)Hn3Xg(qWcka_;u+~f=Iq#BLBz_VI<F*0w~
zD>Vh!=%BU^YU`l34r+TOs4d^n6HTnNs4EfqH(3dx0GL2$zbV$SQk<=_HQy9xyI<3y
z_kZtf*th8Y-+wqdIsEMdNVm_Y4<Oyjf`BJ2HCDFpe@8(K&hI*Z%2`C=((;OM;8|Je
zHmRi7Q)PmC#9mJovKp0%&t^49wNMD`W%qyu7_06ws=|F~lSp_+CAgtF)E1(tTT2ng
zQ17DJWn08~FwezA`=b|=U1?6Yo!(1lF3(`RzT?ZM#eL=GAueZ<a;AEsG$}ahcJ=yQ
zO(k~Qe|l0jqbSmD$FHNa?hdY<p7%n$7?^B=^fBk@j9!qRGbF8DNH-NuH9Wjx>Cibl
zPs?3ZCgcZlSM3neEv?U_7inLCzHq&uY?CYh=+53}*$h#fQ$BNNm-44qSjBCLQW|Z|
z@EC_9TS08!39WJd&{+s*kmk=)pB~27Q>J3(f2J{-h8w)AqQg*Vyr1DSlYyEGkX(Y(
zn<l;&Y{F>PBKccu+U<AiiYxcX-&zi#w)}BA14_4#Fx)-gMrC@{Z9C;9^$Tyj*|CHi
z-PxtSD~0S8;J(blK^-ENn^ykVmzp?>!WjOhl_EIN>cmcuiy5&|%8<dc>1i}YDW5e}
ze@E^`0x7V2VRg11zGHX%6P9e`KTgy|J0QtRboq^XO7GR+WxoULI>4?2>>gWw&tvTB
zXrrmCYx1(UPhBmhXm1<3nq_P68oHV#Ztp#Gbx>kml_2<FZ;F-d0Jxd}aPLo!{%*KE
zLJ026hy)kt8v?4}d(u~xC;LV6X0&b3e~y!Z#LI2ymXpmG9KUwpCC`uk{_yDN-4Xev
z%Y}QcZ`UVL+7#HUUZkA-hukJ|O`0OUnz3@7dN&HFLoy>sydfs8tTa`&da9HD6z*fi
zX{0)HjYf9$7IRuSOY`OSP_AeSz?~P&!)q(*&aT$$1WLXDLk;7&i~v|(C_`F!Kid!Q
z4?5oNX?eRKhwhZ)cgxgIJaBJwV=ZGQ?~WnIf%l+6<9KXFsk-I*%;AJJXOTvDbvif6
zmGUtw-<x@mlO~8Ke^PpaEy2ykQdWUU;eGym{Ej9<c08WJ<Ea#l!R4uL3Iw2;E(%V7
zOd{{%Lg3j)T^!JS#L~6-DsppZ<nxa|o_>D+{`m0t=;PV>`_CWWojz$@rb^BakFzKZ
z0x2VyR_euZ3cdoBz%`_=eFgR|d^iuhrS=&9{4f8D9Yg6xe>~~nvdV<F+jkh93PK(*
zY3U(zQ!rAJwU;M8`_S_x6PDAH&jfeQg;O=Yw1!$Dso_F{2B0v8P)kUc>U4xW$0Lpn
zf5uehq$(v*<27+jXXqS7Vj&<ACY)Yk!%b?~&*!s4++5PyEmv<;<C#4t*;WPpx#n&Q
zzWY+Rpp?s}e+G6c6!G@}I|woMmYCh`?>Tp6Rp~!4?5sRfT1c?|EJGo*t*4ja%E>28
z*CbefK0E#Gr(ZV8uI`LR8)jFt29V#IU7csqj`d&&0!Xv}f<Mfk3~klTkrapL^c0xl
z0CMrP=tE`dd4i>02h5){E_y3}F_zmn3e$^A=PzClf24yP-C%&0X^7MN`OE>maJI)U
zUTnX{BjKx%FQ-rExd)BdXNe(w;m$5~G23bjBbTHdl1IZ}2CaWF+E$K?ar}l0Fsyc~
zRw;G0BT4il-uJiZcRQqdyj+So6vp9dM^VC~@0ReWT*8oFY?*`uNVO#y>r5hGUJ?#2
zLq^5ce~UyYP`U(Vj-(k&+sf2d(2B7ZLPhG?5-8ebNJCNX(pmWK#jQf-quI!E8+S@P
zX_86k()owvcRNIUNHg9UqxwCwG{8er=9qdWLWOoK%T`Ci$CO4dV=-}x3HDp;m#qPl
zSv%XKt)1<O{QvQm>O-n0YUXl>+1t^!AV#nqf2*PpBM`kvq8oDukarM5EV6`QvuwKc
zBl5w8u^hy>PHAj1*%@uCvYNnJqvQ1EVkwt1iS%3>tUAdLwWJ2J3ZI*26%6_iO~K%5
z&1RmJ6@(N5ZKy#Zyv%hNe2oYuyjtOqGMWK@bD=%pp6V87>4WAcZ+QXJ&hC*#{oi&n
zf9f(1ih?mO*26F_xb)(g@5V6|vf%o6mROY{*s>}XTURuA3H~WRMs^E!kp}a)KLA68
z8OAih!V4DV(1J;ihlp>bx}@AwxDD$rF@d9ecI^^1r2y99d>zi$1o_pzbKC2N$g$S*
zT&=UD83HAOz)jrx!KInS+>`DBeGSL*e``3AU&9^wHQY76-juWhkk5pk#t5ye+~uAF
z3ClNji-0}HN|H8X@t*bNhVO0}{Q3@9%;*~Ya<^aV2M$WSyu0r?kcgiVb~?TVJI$J`
zvPbRYC2r;3vYWD84R@MoEb9fFb~A<_r1qU!*Bdmo1`Qhx{)4%Piw2qe%lm+*e;chR
z775%)*f%cS*v#7@jwt3GPFfe7bl@DT{)kiQM*xbIgi;6K)|7NC(v?Qn7#|JN<y3A~
zP@xh{D4~$yH;`JPCK)P|VzcJxNep;kNiOTF%md!Yk37`F1x~hx^ni1L_s@Z%kbmW9
zgPLePIGT<q?TFI#vg(M^I|MY@f4sFJR+KP`QECSGDG{fNld)`BD+IXnG}vPtau2Eq
z`4yey$6u3o@E4<22wcX?2Xq+}wk{$UhFA5&2;F*|c9l}2J5??D$t^r6XnwM7QlU_-
zP24D<<z5Sh!scOm^hqn<l}Yj5U}z4`lLqDofT4Pf&waqqx9{o&hL&-je=SlfOG(D}
zCEj>3$7_kgwn}ocPLiFBw2XE-8Qm$P-A+b#%IIY$qdR5vQzxT4W%R0((Va4S-O1<y
zS2N14T+pSt()sSM+aW=dXCG|?G`;46fR|(iGX^S4>+h<)GPSUU#6Mrw+FFG%WL(r6
z44jpq5EE8nDi?9K$z85me^gs)&Ey{VexXhVeb-Ai29M>|`vF=EEB&Xgs2{^XsB#^q
ziD>cSTXjIQxVrSGN5W(3O*Jyjn!=QnTe4~)1vs~oA$$b|Xx@VipVb!t_8eba$QN5e
z-u2SExOCtZt{@lYCU$d@OGqMy)Ucj9`et*<6{cQZQf!9mcGzu)f891gel^E#rL}B^
z9P2yod#y32vW}Zg1Mk0axM{oiCT5U}hEn?|$!;dAzU$N<!HpZzC$6JFe-H)QD&q6!
z<I^+MXcVFlTW)i)aHWrm1=aI8cdzFuw$AKk=5yJn89SzC9OohpW^^yIA>ykU$@$#X
zwVp&CffuorIq~rxf8hn76oq@wdQChZNH?ky&-G+&YpL}34P&Zy8VKdh$wN8`r8g4K
z!j-`MOPsD&VT6xEE(YFnix+%I3x4H^>)1v%KODU~{`>)<O+AzSYY<+;%amw~(Je_8
zwmH0LNZ3|$zSHav3af>brJ-HC?7A%|yK_85CDR~k0~+7Ne^L(=7V7e{)4hMcU@>rk
z;SKeK$ub2%{hZz?U2Y1v(qWo+V4AI9x9l0)$YO@q&<bmM({c#&Z>7x-)^GTnvDe=#
zB#NHU3#X9FR6}ajtFalHK|hj<G@=Xq7-25FZva41*F71i`ohHq7`b`Jl<<aj01GC>
z>0`BGaUd0Ie@cc92U9-cn+L?9hU%vRhOt@evvy&7F(zFp;Fmvfv7Ol!Upz5J3F{e}
z_p$xYK>RlD`H!jKmMzxNDL4_V??~u_xGCpjrC{f7b#+fM-<qjDN!OuM<PS5Wx96Ol
zLqTJXhXZf2l8rS$Yj$=Xh--eVwp=BTHpx-72i1;-f7g*8z>6HZ1qOGrs5j{oGozI)
z(4q8Io!=bYua{^L8le=(Q2rnZ@!Q(;3#?3{JZiPrLT%+<cmZ9|`6_PW(pF!(pO+!?
zfB0`GW61jrRrj!^NL*Cp9!+A!YaBcYl&4oeZM)IxEDSX9&WQ``3YiBPvq^7L3MSgh
zX(#_)e~U}q+R)8gA%1JS2(i3;iwKSKb0@|VF{Ebl_b{i%bdXpiIypd=l`pP+y)|;^
z4DMmLT)FIygNqR%>H_kFJ6AlkI+N;ECiU#6`z7M-=kA<nm9|z8-q`>}ynu{&%(utM
z%<y1d^T%@Qv}1YrZjUi*cuSvmU}fBN?j<fqe*g^daQuTgQU-F&R?m=%gAA!|4j*4q
zLN&yR#U$cv#i@1U4bRCo6ShOl?#@|dnsSA{)=(E1zk<hTMQnxc+?1TipFntUV6#O#
zhgyum%S<C|OWbh~QLjz@6aQttzL5i2|H3*{zvYFwU8AZ<Xs%2K{uj!RURS-qc8)sH
ze=HR|#dV6j_$z3(G+!Y$TEtAn5bpC2^L2}csB%pqugy>JW{A0-jF*&hGsO3-8rYQ?
zwVuio?@4<+emUIU8E%i>80i@G^T}|u`^HGUWRD*;1T%XMB-5Da8SCJpF8B!~0+?b_
zBOLC)n6l&R9sG}KpY0&K^b*v7&!xRGf7NLrzcgOMFHs{W;J>K&N4^eB>88_uM|wKP
zAHN*@eEjbG-ND(>`N_e@-yD$-!PztCSAOy)JNuilqiRMv1>!<(o~xz^ulAf%Th+Rr
z3=7YkfQvHn`)C*gm2#!qw(He`$%cV^0LB&BiY1}Kog8;L^)Avdjj`qi)0QC&8^ffs
zFWj%vN_V~Is$-L|4hnCvyvfZg_7={ulhKkCe-~34h-x6(m~4@yftyls?TDm~Na~2B
zTiU{9)CCZWMd(72wibNBgvLt#!Al`ON^6?HeU62Wi5$)=L(A9L&esuB5N^n(JOk0}
z!rfaMc_pJp5nOpu7~s8{Q2HN{N8_p71o7A*-%-`xB)TPCceV`{c;{tRD=ZIEEU+0m
ze;yloA5-Ja-)z6mqc>i#N~Lc)^TAoUaboFN#*3RZQNoi}$10O8Hip<d-TdpUVwo+#
zuV8923vs_x`smQ<svGqee&X_QWfEo{2SpI$?Ob$i3u8B*xD`otyV;Fmv9^0g5nFNt
zbBJI&Wb{Shx%8J~D0BtalFceK{z?WIfAVv1Dz%sfsbJ!0WkNH@VM4^IyRdNcj$C~=
z<eShWN2Pa$fT7(kA#+0IB|J6wP7T-&17FR!T)8)X=+2)Od#m=`(7kW%XkNv7l=A5n
zkBsft11Eo8jJEr=L5V6<VM2*m4%j<fQ1fThG@Vl8Y#Mcdp=*e0=&O;9GrJO*fBvpw
zQOZ-N18e!zE^0`Mt=4SHiIwvz^*VF&KBZFt2+GN3b3Th}iGaz+uyBD@Su4w$DIDI?
zm0MZ`&3x?RK63-GvNV5_^TK9IcuI52L7H|-m~P3El7Ew*P=;k`Ame=bV79moQM!&I
z=_r!=i?8O5f_9qHD5&1^Ig4jNe>0?7-}X!Dp#FWz7c}SY&6;wT)5~03I@k^Owi)a2
zT=}Fzlcf#uB=C{fxN2*?t`<T`lQmG12&7jzlOe=PMCT~?rTb0Fe%tBkre)387&XI;
zy1|$ak=}Dw)OrFYm<9*R$GC<H_m<=$Kxr4cKq$c*kPw*UIQFiD3RsB}f8v~oaqkHd
ze%T!dnk6<BHz8fHHsKPvtllzRc5qR3a8V?Z$P-sZyeMmbbPQ<)omQmbmarMUL@aTS
z;vxPf8^^`%iFtKZOQblRLDOO9`qJ}7_F&cweh_9aunT}#frhAd+qTj)rAFLgM;&(5
zVMm)yqtqRV<d!TnQRU7ce{lXlcLT0wP&*xLqC>3@gn6RrBM7xmooM@`r!DSQ+R7-S
zy1d{@?l+_hY=ldn^ajh-3i%MLbRqZLwR^L*io$O<jtfa}c$fQwZS^>CDut4Ms%j~D
zCM$Q>f?`E1$f*4JU;f{MImx$I;|UX3x0B0l-)u6<c35`43VrE^f2jVSMuY-TlYG{b
z)<!E6_&qxX{n|9XNGQ=awJ9=JCrH%5(ryxP?Og;H$)zDB`T-OQF&NI6lO#-B|C~n-
zFPw$A&W5{h51eV57_H`IIF&*{n>NSOLK2lpI^T*(w^zd5OV}dF5WY40F&PepZnVVx
zZQ3EY$Jy)SZm(~$f7kJFLX8}kZhLu_^)9?C5ulf>{9k0ImaZ4zv4w9_m{*h;h?YqE
z`_*=I%Mn#AI9r|dR1hT6`*dfF1(8SlTuSuB@gnsNXb(vjR7ELZN*!6KsUC9AEw<qm
zXlj)!e-tfUA58|n0!`Z3R;_vl&Ri@heaUxJFnvt-4i+kRf836RI;1v8v_$T8woGVP
z3?0WG%*6ul07f1r@QPiPpqWx^wl`<l&K*QyIb|#;v8%%+`Ofltc0foi;Ez<xhKt{j
zOm3|iHuI=0@1&%Dm`~bzc?6fyHr$2qIq3{4rcU%LW(N+v;w=Zxmf=|;1ZU|XZ+V^Z
zHFvyWNeshVf2vP!NK2(`JgK+3f>g{MgGm5$uqjK2FNF7(V($-vdT+)~kKepc$(30o
zT(E`IPZnT0>b#BlYc_5T(fAIa>j1j?i?6<jl4UJnAe^*0)N|i5dp$&$R*>+92Q)+K
z&lO1e?uJP^{dX*n7Z?DmTPD5Z27cq+H_8KTA&RuKf3`moc@aC?6X*S>lefq3-W`3U
zJ~1jS3umt`lR;6e8C#@gXi_X@Y2+mxn)FC$((_f^dg3Z7@erd(qaj|sqDrv7@P-AQ
zBDi9*OKAW__Ao*Ze(uFHKct&n3u*fUH^6=cH0>eoXrw2mk^J!DLd=IUCWYOi$E~@E
zjO$hje=K8hej0X*4ot2BGgEp<o79$EzoWSbwC1dBbi|j!vsOnyDL19~+e+H#>^g)E
zoyZtGq4E|eQA|@^_MlTsbb#v#|9aaBvSHlkKO3={wo+FUle#*8>r90oLWdq{PEZw4
zDLDD0k86}$E5x%?Z2ENH(LX4xU%9I=eiOGyf3bG^4g)8aeo0lLoz|m)QkWT37r}7~
zC>7t?4?*{0fZF%*)7km^PoF=&)5uy=PMk_{qgPcafC;!lx;i^!Xe48)%{8hk2c`<p
zZyoo_^?b-bJZYJ#G7+l&Ao(3+8REA<cqZw}xWI1qrNDq7zVuek(p{~v5)nH*UrtTM
ze>4YQwnMUaHjz4io3rI9&X2H+xvim>!kvq#UX}35<hyYTsYyHJv0)1-jayaNLaJ(=
zxnBb*on5M+Z&bC`tI*15?{<TBu->2*&faR-vkK2!yP1)Bj6y~&2!kP=y(){znUd0c
z=Rh5^@EI+K)?{zmAz3}r%uR6gsgZ|7e;PpgB+x=#N|qUOkYq`RvtqM7`_+IE<a?J5
zNjugWo%xyj85fg^C3_*)2WoPkK2Unol(m0SnQEme8V+S$ksnA3WiA4(9=BjCD(aws
z0{#|gkb(E_R9h(gc21ql(xr$XfRT^8@^CI;h|m^1K?n7wbfi~)k-`lu*!0@^e>OxJ
zJF2ClTIw&p+P8(8G(?WIZVRQ4gk}iyB=lw6b|4+|1M~@NBuV&aP8vWTg9PIQ`zp23
z=Aeh+KwlLV@uEZ&#_`bhcbl;y&lSV^{=QHXeU-dGUlbg%_F!1=|9-eVLIUf37zyvf
zg1()FfT_v;EcGdLb5|=Ln!=1;e@JmIVdV0P+Ny<4&t0N$|MTCV3(O_lzCQ=&u_4%E
z&6uo38qA0iY>4=3MrE~Ind=GiWSkbqt++z7G>Swp!|)g{P{7JaM`H3<xM0S*K=n|r
zoylx@ff^8_ZsbEu`~L5N#FEPvi*=;d9PS`3y#PY|nWYt3AxXx(F0w({e+4P*!`+Z@
zw(dxm;dw3Hub45wyvpIhJ9FC-qP3E%1M5$m)+}7E(u8iX;lttb5a)Dr$d*!??52}^
z8+Z=y@cf;mp7GY_>#P9$1gu6=YVfV3zSi}aYANe<{|-|mt~gyRycynh(*S~ui^SY}
z((HXrCf~^uBk_>wuv`n2f0R1O&ar&=U-rq&z@;9ZzG)eeRtRs$$bst-2CB>pTE~`r
zo|*A@i>z*pl|3(_T=Z3Txm;+Q-a~Z593h9NgZQ=zV`0Di8D1}iH=%nxnB&I#&LJlG
z-#|;0NO0E<x?&2yf`8%18NgGhgoCf}q%Bcuz_D45G}c_fXY;+Kf2VKc2hya{RLD#D
z0&ujeE3jKHx23Ozw3~YsO7pWbe(k{Ih-e{T%QOa`t`uf_U6mFbUWOr69i`n*1kdH$
zbBeAKcFu!4jh|27^#``W+aJ9c?{3R4qoO%=>2<Z^PY&0<GaB#0>%fN9dl<H>z*H@|
z=TBNYu1@ys>I#+if6px0zSCoIqdQ8%)xIeT@zsl;c0q_HMxtH_`4Ya+LI#f>-wwGV
zMe@t1)BEAfP{-YK{z&P;qWW{nk^Vz#!^uhd&r(2CDqlTtm%@6m3|TQ=`@oMVf0{SX
zJ?X<}Jh2}-o1yz*J#P2aXly;o@>Hyc%6)4+(%QlHpT`Pke?8n33FJksXZ-T{<nXr#
zr$^Q^=2?K67l@AcrC{iXf2s|oQ<>fpONV_dQib2JgN2tBXzV(<^yKPjuSP}3U_02i
zp}<*nJ2cPu9ymbcx9SkV&V_`L&f%CF#l&yrk5Xx@xX*|5{djIvTNX<pRRuZV2rah5
zrB)h^bL=eLe`I#4coBHk*qMu&w*&;RM^Aj(-h7pblKDu}z<78!hn3r$9c({F*@pq?
zGj9SbdLvz@c2eyS=X(K)l@|mgJnwPCr$-avz&rrp9VA=Sx}smc7?5z6Ap&+5VydYf
z!v10guW(P*ZtW+9xA3Jch_n8(W>PaBsA|zFGR$bee+AFg{<3M@Jqy%ohu9B&;Rfky
z4?=s8j+rRX&3U1a5XG*)1##&BT2_Tuv{0B_FoY&05AfTy7sJ?s=qumV;+pb;hSCbt
z5Y6ZVIC`1M)ow`rpw?{WnNdM9x02Lz-6gE2T*SWB=giF=5J+mCS(St`hls)Z?6k&5
z@re5Me~~a=6E6*e2Xwki(d^kl-MuOhK#ZQ1;G#vFQcSh!zf*aGhK1O)^_dqe{1p2D
zLbWbjdU33Wh$h6)l%+)>nv$>PsPY|s9<vTN6<89&8tt6Nln!I>F|XRUktV%I$lDA#
z*ApiNF*ieghsK_(Aqe?h>8@r-o(lAU^?z{Vf3LNYdS(*#oDqKw$MS19kzd0d`8C`%
zzTP-Sj%v@L#MB$x^zS*JPi2T}onw1?A)B#e&w;9(XwuL08{W&)+b{+9gDbz=eQ6hG
zIkq@U@Ry{!3Y}@a7+oA_j+_W+UKK0n_FO(nNzu!$_%vg;bWG*L#8*?M^7$)nJ*hdW
zf5gXtH^LI2orUx=6yjyPb%hyHmEQz>at#A(ULwTqPr5f2E-AFX!^*+H5rI4P`7U3I
zHvyrY0d>unPg?oz4F<UIZzxhq3qOa)uYoS1en2$|O4`oE78N0NyS#?Pb`3%+BLO!z
zZMssyu`sq%4c-*OqH+s5qcmfa&0eS#f5joE86t}E1Fb#yp7QmT3d)zIrY!R3IXIvx
zj7SGtcCh6mz?L0i=@#z@SQTnJvH0hI`M)9b?~@>{a6=ceTOrLI%4S<xaS|yNA?~Q(
zXMASSxVJ)n8S}V?bA%9>rbwnZ2$U$)Z(^1{t_$;gQO4cv%4&j}ql~*mG9G<Ce<>ju
zcWxmWGicb^cYYeb*hP-<Dfdo=^3CIl(s=B#5dQPuoNda~j$e#^+I9Z?&;M#X&Im49
zcqW=CpYaM2ZJ6mnNVtK*7y+i!qo+C35Xx5WHNP2zDdQnO!^B8={7z;SW!Ta$<0bL>
zAlJ~^v6w%ek=(r>A_+;#dlHiGe~*rKbMH`!NWOmkdP77~8ib7z$(<jKNb1mx8->;n
zm8?#E@7;EglM|qM^NPKn>ZHb?U0GxgB3gwquJx{jgUzA585`?7x`>0<oF^TqSVxf|
z-T-<w$EM<wzk+EJn^i~@n?a*onKR)z<kD)6<m>rDzR*k_dD+3H%vQg!e;^2(h&VgX
zdg8^!ivgajPs)&1zE0L?(m3&aKWohfzk@k`(CgfapopvXL=>+lO)HrBT%9maL=t&I
zv2s?hc@Ktk4Jj(67~L3jFSXrE=UyV89i~$s?w5st7qvs!8f7H#&`i$KVCPW2=oa#a
zn1IdSi<F*ofH7+cok*iqe;Sf`Zzhyzre8`Xux2-6i(ukO!A*hvW*2J8d==mV%g^w9
z#{*Zj+6V)_Gn)%y%V<bGh+OAC{{1g=r;)o_Md2#K6dpXacsShx7jk_H(kz$Q)pARE
z85j6jrrt#wrm=tXMi&_9rmt1Pf)^m6$f%J=D>O#CJ7%zB2Ad$ie>1h&Yb3q@_;;{F
z4Uyk-BL8xb-_hrj639>GOLLeYW@nnQW*z!hj{e=rnv`)u3<+dcS4*o+?V$rtKYvhd
z7=I(OOGR<IT*3hB?5Zz$k5ktN>l+WaN_>v>sR0ig8R%wcvzr-CD+YfeKIdmOW4m?i
z;KRgMGj_1k>KcQEf0!5ZIJBI*@#Qphqq$xuLb+&-a^3Z2VK(B9yCY_8n;`guyQ%PD
zd6fo*9%6$`Ey|YJ5y5;wO|)>i?;5;|Q(@%!(@o%gME%H3;LYelJ%=}3iNMw#YTFp!
z#Pal4kRkV9T;8zHnB1lo^k0W<z@170^D%^}DeATHQadtNe>w9bIM8kiu+eda9angN
zuCNti0f3NqHw{)*gL@$oxe{e5@m9!XCzA`zdHxzmWl^nV;B;m)tbC{~ZH3Rt`fizy
z*p}^Z!Qf4#;IIIJwIFyV6)y2Ef;W5eK5bP(gZCSi%%@OO4xdVC!BJJKYESXqcz7>O
z*NTKYM<}3le^ly|)-5X&;GL6Z^+wPgA^tHH@;k^BE#ulSOqB`ni)tMd6=whCjJF{x
z^Nv+QE-|1`=w9Q6uVomB1cY7z*i=VR=Fh#&WZ8PLncl%Vk+oh(%GOcj+KFk6m^h$6
z$AJD^9vk<uXY(iSr(R15+V1)0;)6ci7b4n{f6KHje}0Lc$ZL{-vrDmb8K}C51U0hi
z1tE1U&GMRAYSFqU05{AaE}FS3>7hViv@mj^lpCd{R-3ypwa84?nz>TAOo6N_r>FMv
zZquM}_~*+HwgDd$Emgi0f$Y_R?-y1dTEUvz5bk3KseB-Y6aid4@l{o1k@}kq^u@{C
zcGianf1<~V?z%E2{=(Jk$OJc)_uccBE8m;J-+RR-29ruFBk9PmAwR|jyl^cvx28PR
zMgdVXBwSCDsvG9}IC30!eYu_r&UyJ_gy@IL*PgOrF3vk0ZN%k3s^pXl>_7g<YZ<9C
zUQ6n*pK%_EYd4Zd{#-0v=`-Q&AN-(HF%6}df91As#^&l!oQH|80VvLMRNH#86o+B3
z@S-JO<H(8K$bG|nQnd_N$>c`J<~j`298~y-X#jydUXE8UhcB-OstRao0gqgPt)C?r
z|7Wz%R9w1OUKrVg&4;6R$DcnSW5dx*?1WSJTPTptzma+s^Gbe0f`z&RI3?K4Jj9za
ze{{{IxQqEhPab$FLvujAZt`@OQonFPMxZIh%8r!jNSTh5Sx3s8ts8}r*>!1NVAO@S
z?~u4+<1*h8-&QUjGiZczHfKMHQUUl!oW|;yQa8<W{D|%W8O!I)AZ6;zy#)`1j4?C4
zT={}*Q9H(M?)05sY<Q7zCUpf<`E5N&e;xioL^uguicFs9I9+q;ezm1YYx>mH$~s{<
zWhWq~Mx|4vsDu2`i9T3U&bvzCoXXbvL2!=FfIMlvt1?*~ZVaS3y%1a7+54ei8xp5N
z5n@>{s~4(y*7BfIWu^l|O!{XI4CHB#lr~kgU*|ms{8*iyZK7vyOZ4n*yY!4Fe`{vD
z3{HSd7F5MY#TrJ!M<+j~RC~O|<ygEc6#6~|1vzyzPmD`(gD!BEd6cm-1eo%J>oyv&
zUNp(7m=<ZtntcD>hp3_3`gx^3bb4iil9BBN5I@PS=guL|g|w6r!Zzr4sUs`C@jVwy
z`J5zj^^jl{yJg8pOzlxO&JD9cf6rk}eu3umaCJoCJw4_toX;me$If4CJ017g=s>@H
zV?9<;7{dHXH_4{sE!|a?T5m{twAK{RC(u@S)qEUx!{m*L)fm=A@iitYRF>9&47}PA
zs*xU!C{XEcxx}UZjMGy|R8HXcX<}oRfV~WZFrrs8(*N*zFG*`kGc5A+e^AS#i`0uR
zF_o|9Ch!N{QtzxY`*+QBjMY#_smL=?lHFI)viL@@ke^L?EdP`=c-6KxAoe8kU^b;Y
zpL=wmI$7mO25~;_4*csEzPmw>w_5CwjyCFOqgspa`BE~3IAclkewa+&&c6*qXp884
zTCrXFyUZrP(FHM-Ma!6%f5}?rMFe<W#8_a7hJ>V=tv%r5?Z_8+|LNrI@w<0NADgjV
zYR0|D@HLIRq#>rd3DnDTRor?)47$q<i<r|dKq(YD1BKFK#}YO>q;Qv3_Xpxz>DpDq
z-oV+5V7i9M2)VE?q_Zu(<*7VazQzvT!-X3&z6{K~E6*45tdQbze|Z8jGz&56#sa&X
z(>3-xI?r?sXC9Y#334TRW2Rm2GpNSfzUE+D8SgAtoO?5FH{|t-G$q8^cJ_LI{_p=Y
zHW!^<{-8h5eP)+w4C)qW^MDyYj3dE3K<Y7v&WI?2{tDq^j;rsWnMa3a&aOk%BZP+&
zg4Kzs?7ruKA{;n9e>@%_#LtxE{GgA^4v%<C<#>ElJ2(Xkt~o!T$q-a^Mbc&}{4lt{
zRAR_N<c2Ipr;sgbM}lYrm?CLOv72)%Bsl4_>Rh^+?EdC=XR2z=c7}@8y)+QtRvtng
zb?7HiX+Iljj&au3=aZjFq1+kfzxJHVBw59KTU+kRd*O-;e=i0T|6&#{x30!bvBH(2
z9FwZn)kZmD-WnxLhqWyf6jinz-Z1$jD2r&g67U#I1`8SP_i{7{^(;)~Q(^F5f&@|g
zw9`>4TZBWb0Hw2puSM%B2iEj%+gzoo#q)!VDM@4aq<9eIoUQYNY^C6>3T+eMA?=Vq
z_R0a#gSeIWf6>t-mA3VKPn{IM@{>2XU(RWBoTEy^_$6}>WDDw10Jcgp7WP7JyK5fh
z?HYrz;%e%zm94-hLtN<G)BQJe<MS=6-|)P3hvtIHFrXbWqM>RaiN87h^sz8qjU_0f
zH;RBLF`EtYX@`)EK~p4#D;&WkcOXow)Y+s=Ug8_{f2_sIV(TPisgR7J1&x2<lR&D{
zjT0^y<E7*OtGJ2zq-JK30P}m^bM0FOk`Nzv+8!-E5i8-+X&<{w``nqPSg{t_bfN;M
z$D-5A7l|dF+>jBW8QiG)THD(p)E*Ythge{rU5eRP8M3JCloGUcxVxIyPn<}ez~Pc&
z=w5sif5>M@pS2HX&&ro?l+Qsp*O#8JX4qv;)>{od8wVN$PI_~3CuSEh2%bDoTWJnc
zNia|5sHDbR=h47HfJG)3&B&T_CLQmS^t1x#rKda{5)d<N655ayX|0(Tvn{(yMcO0_
z8dN<u47cN+u^$0M`4|?Gq@)4F&GhcwIzS||e;0i;rOJ0)r%l%FReV!lxL@6irT|eL
z?$O~MwHDtAA2Ywj@Uc#PW$qivHbdSuZ{{P9hla=z{l-HGx|K+4B*uoZ04Jd@&;A4H
zxE<i8s*xn&qwU>N<;{v}s=y2HuT#Lfk_#ofTw1XiYx8`0yzlK=1);+krsQ>~0yV<q
zf6~*dTkvDs!{HqsoV+_dJ2+FL;@(F>{6XNJ*>iq5I6M3;XDs*MN8ulYQRgr^LCmND
z&3Txtnz2jjhT%yGiy_WAM0UL)LaZ5%*ACUKCta0+cqo5t3OmL7BOv(F{wPGiP=*Pw
zm_X8p8;5ZFlp#%g#VRV-O(^S4RV7-%e@|z>Fpsy2!bHFwkXafh;S!*mDddsl^YJ>#
zaw+CGLOd4!Vu+1NW~46;kbG-sJR8I#-9flSzOl3LzQN7fhNKsoi|1WmhM+K+eo+pI
z#=ag9ZKXO(GQdX`0H@F6<U!IO>Ep3Auv!_v9L~K9FEPylx3pp{L0pehoI1e?e-8-6
zHTSfHdrR5tH-!#qC8KvhI~Z}`-l0^FPZSeyYaB~8?x3ey0ZEPfj+PSbL)cSLFBmyJ
zC@u6gu!@__i|rlC8-zA$D<lT(+H<xA&I>xedWM-f#|QNh+M5cvCK|`7fadCk$dk(`
zOfN2tCVLp1!YjfN83<p&kPzOme`>Zu&O3eQEH{R)tovC07yu^UV6y0}&}BzmsURgE
z7)E~Jq$})Xf9@uaSaN#C1mI3ps*xuEv+Z;T1!xpGD{SmkncTRYENqns(_<K(?inUu
zjoRhS<SEPU^k84%A&Q$0HYR(>Tlga2BBiUoS?PzNDPnHFS^A{Fc6E}Lf4<j>%9>PF
zAv1I<77723xBjTt;!j(82o#HyFabSJOFgh15<L}(mL?&N@hyyFk#3Z_pGeIfVuDD~
z1@OGB-^Zb07}RS^eQuv%kpUpWgYqksE~U7KbFyY6wO?>|XsC81Tq#ujY|P%^WNrB-
z^h2iy%d|h<-331<iu<OTe^U#q744y?#Yrn%26nTR$AT+jK$6v?ww1|-`M)A%8$-mN
z$%v7^Rtd!hBJ-yMQKZz~l#h$*InsKG%t-Sva$7Wdrp&l(PhL-!*>AA~H8hq5P!zNx
z?7j+DDYewY8ZA_2Z%mlhTS`0UE?1jF-?hlNHjDNvjJPYc7G^kHe|q%8s%DFfOyD7B
zg@W)J@<FN~lW=I}1#`~%PH(JWn>_~%46<%p9BushpZ`_8(tUPVEfk}sq#wBz#Xv)a
z8O;!GJt04oZ8HSeM9fd8cM7QA;Eu4aS!?nZZ1T}J7aHI>AKdtBtx&c<vR_2z!X|O-
zQ-c0WF<}02C83~te}WN9+Rqw|Cp)_@Ic~g#+^N%=)*SC_%&f*QG+!3*v6B?w#KZ7P
zM77!&DtM62xbsJHU<T~H{OOIEEy+gw_KeC=zZnbBU^G;BWYIBjLuCFOkk7I683P6i
z6i(UuzYpfg`|Aky*Ps8d|I;~9yC}ce5b8nLNNNJyJH8G}e_<mLw~+#+F{Gb^#aft7
z(KgQkrt3J+#}H!8IMB8zZ#_Xig9K&z(*#1(Kp~;->?<Ukc|q<ZL=D<=kc}Png>;X+
zB^(^k0X(F(is}%TPjzW>*FDhAj_Q2OX#D|Hr;#Jvgz98PdIYMoNObaRyIJP~Grw7Z
zxI56Z13iC;f5_H@p5yy~o|_`j&p=`w==pS@C$}6iTQoXu(lu#(XrXwwszq%$qFI^T
z?m{%jC5R^bQ;29b0LrXPwhxCg$D2Z#8(633AkpUzW!6HlYoJUDUA`B})TxwaV3`#z
zMD4N6%4Ab#EVF8%tRdvqVwvOWvCMjjY#o+qn!QYBf9wJQH^wQQipb1*39%zHpD&qd
zpZ{y9Ov;^8F2cA>e><9~`zi!7T*WCTU7y8{zU=7BhYPTyFYCJ|&808xlVCl4xhCf8
z_{*nX&W^u)R9TvR<;l0YqrpQng#VnF%W=nCR?1v{cb84rUi=cge~b%T{>@!Gt&ON9
zO}{=ge=ru3hqO+=$2N9eK!vX?NkIwT9VzSMk6#XcK7Mz8c5?9X^!V)f(?@EG=lkKc
zlxX&ph6D{YBQXPU;exx=5aHE~!0dFo34mrEqNAh}Et4DQm7+`#!SQ-3GF6Jmi9%LI
z`qA*J=9FS*<;zzsSv_k?M;hp!pIh?Z?n1Zvf26mJH)1y%l6Pt>s#zF|Z77HZV(L}S
zO}Zx6du~m+-nNKJQk>0g03<6fQg2S9h-SX`sJZ8k#q3zjibb}b#hk2TF_D%cgDv-K
zWKHQ5)}iZVNAXI&Jh6sOgu#1n1q4vA@Gep)3NS3x4xv9T&e>vC6JZ}W3Sj@j<&T-W
ze*!HcYmVo3mX5)(pWJklj)65czbW>;QkwH+Rm<LRnzJ&wogi;XezYPkO{WTm-DReK
z5rs>uwWb<XO7rkaud*8T`W(}#_T|&UNR^5D;c(|<Q@HbKhc{OyQD6|CBh*=$Ko289
z2@`|sG-g$Sl_*J~unkz-m5a>=_=-%1e=F-j24bM&uv;0?A|k3L(H1{bp1!IS4Xtp0
z)E*73Og6Wmp*toTO2Iw3hOLr}&FPVAY;lgobV;!lWi^~=y+o%G$Ff9{!8#JcXpoK+
z`5FEbhAEu0Xt6-`EIoB>aJ5f`aqI<cW#zstlP-lT-$p}6`c;7i*GC47>YH|Of9Ve!
z@?8d(=7)S2O${=nYo1h^_SeX0ma&C=$=r)qzIy|SsHGRj9)vA{_?B=R9^9Ws#Q;4Z
z-xn9IZxtsRq8lB1`U8dAv8NA(i8}VQwrkQ{_H@(EpLYe59fbPy>$=kv2({ib-iz*2
zGo<>Z{%9|<Lk6v4aR@4RrqGl!e@AxET*l}*!M~FZ{%t1w`(rj>8=2spbxiQW_54_&
zk|SUe&fgy#|9te$Lh)GC@p&Yct{2FU-HaVoGx|3cvo!LOn}!Il{`Bwj*4}yootpCn
zen|w2P@Y*h9yjEctaQz9E9LusdnVHfbp`^K@ac$fLbjJNV3SUO6*T*3e->8}a(vL(
zE|GfbOrtarL;N)Qp&jD;G#QlJyRn)@<}j}v+@e);z^f>{0`|6CX9^8hZ{>hTs6$lU
zGE4*IlCk-3L8Y1kf_0#82m0PAvh|?v&aI$tDeC3)xPyn>Oq6!(!*<4&*#eEZM^`p*
z1Ogn)h?~hh`Q&YIDusMYf9+Ng`Gv}(q7f0q1J#BP!@vy%Dckr(|LzZ*i&RP^NQ8Vv
zI5egBuPBT1q(Eb>@LxuLlS?<Tyob3rHysQ71gz=4Pt7XhbQ(hjT)HkO#-Z(7$~93a
z6P1tAjo83))Z>Jx6czrdDivusDqNY|%1~k64n`tvr|b|w08lr6e}$H>78G0=3tX8j
z6$^ZS26$&v26(3(l6<ZVaAg85V}LEUS?>J{p}RZZ3IBSF%v`8(SVDgM^}S-r<uqB~
zqNkHBkaDHKZ)(jVHGu4`Og6WYy~c3)G;rBoNMCuL!l_OZc;u<R(FC4nB&<7O-z+y$
z7s$6>BFo^zVhS>2e|%k|qbbICHDG%y^e2b2OELSp_P*JUp1%doO%(b*+z1Y#S~pBr
z>g180lsvH55b{CwH3+YRVRkNHSBL;`*xdL5dDhM0gwn1&CM@{qK?5s&2;Y-lggOs%
zK_h#^mOrLq#DE?%C-+w$f)w1RG6M0<(PE$<X}pP%u0^i7e`%QUXameRR~srx{p!xO
z*=!3?2Gw>76V&EB-R!FS7Uy}a1|+cTR#9RqHGtFwb;r7m*+Iq+3%NSTxPy#4$hgjH
z^1LA9wV<#W$9ACbBVm}MhRCtjpm62@HA9-G3`;quGZDCv7uHLbdEf7iDn*q9i7H0}
z@rUm%y@UfBfBBOOX&mFm5J?@OS|C(Mj-d=@&9@MD3`$g^JuK?apH9z)Qd+>Fo(O2n
zNYRfU#)<UOLm!5B%eDJTRSpc&;@PE`<K+OkUwoH2vz`}0lojEH&W51fH3Lx>X@J|o
z^&29-nxUxeQ{Z}%hnhu=a6vesh|-U7VZb2s+IY*Qf0%pH@cTDvoizDmua#@A)_@r)
zH^GOyGu`IUSVTD3rOi)gkl=As$n~y50HbUI^~2G-<If*T7}Ph$t9d>+Jxlin(~|Ni
zaYS(CMPY!t1Alr`x)n4QS=BTusg<+5(Mko!7%0{0*{7e6J`Rk5+Qgw2w9HnrB=RmU
zm_&-ie-L{+I@e+Jb>WBC19lWuGXm3Quy(?)<|0AtonBA6k?QfRo35>!O#zlVq_sm@
z?-bd3q;+>4(h50z*N0*d6a}2Ouqg$4>WA`#5F6*;pMmry3{aW}3U^75xx!`G9{JND
zo}s!L$~|~`Q<CAiHGBiVk)~-NB_E4(`NvJAe<rs=t~-6_cu_dQ10kfauFyrHkaSQk
zdE<hFMWu!-5z!54bU&`c)Q3w=s+knMo9nA$Y3^o)Rqgb^Sq)$-L^P987dM5|11l4z
ziSkG2V^HJ$nb~(Ao<0v}DSY~k3{E``mP$$3S5@g`!%5i6<aWqACOcPhXGrk?>Dk-?
ze=@M^I^%+61=RM5fvw8KsbN^~oA1NI?*3`ZID_s2Vt3mi&F2clR=3;N0kKl)qy!=3
zN-0{1`xG5F53LS`;fhje>>kymF>Qr9s_<3V@&$Uea(1;c!Q8^Gj?J#L+@!KqLW#=f
zkKYk!AWEJE8wMintKGQy^!R5a&79b<e*>*%Q;ENi_`-Bdm*|Ch4u#E;ScpgjGhuYB
zH9VRtq#Ro%+1_z3x<kCR@2Jjlt^u!d9?l5bXp}vStIYK|kaBk+M;OAGdq^a6EVmA5
z1Gk862Od*v?^zJ!$nL#$ZQdec4QD@>GT}H8Yt}CR0qR3?+{ovks(WWKBRA%yf6(!V
zMU5Q-s}b07zSFLzUpG(H$mh(_D^z`SSs9dJppGh8Mq2(#l}zTy&i*3(^r61+y@xMi
z7RNZ54%fsZf**33YNuyp({&?g?BJBkjK}VhKVTAOx(U+;sAhs}tuNd_?nX6k+?l(H
zOZ5{Z(Tzk)ls2XfNL>M3@b$|0e_JDlYleVp3gJrmHbZ_LgInJ<X$FI<LvI_k$|CTN
zt9=xCkDJnf_e=d-#cG{(g!HDIKZ3Fj7!vr?8{5m7ic9y(3uU-kQs5W!W~|9`AVDVz
zL_`wwXU2t2(OXp*=y)Rx^ti|t<&lrL$a^@wlcT>IZg2n8f8iXP#75hwf6%c>h1wwl
z1vxw0ubqRRPmT`W{qN^*fBtm%x6sCI!7^S~mubdEsu>v?hzl382n`WlJ-N`9sc=0J
zKh1{DQ}WrxmZJ1weTG(60^XYDbX{SZiU2?}4YGEP29A3bdULwxF;9cJi)=>D*2g+o
ztv?TR#oMGoDP{WPM;oeCe+<`~8<MhUJ_gEw4pF|i!`&kLjp<%PQP#6&h1R9m-<I#P
zzozA;+-c5WG=;e7P|gnJygU3{i*mj+QO@j#8|^I(<FrGF6DkHw;avHA@-r3H-Pt9S
zY4&dAZCW9oTRMj7igN}yHpRSF3N*g1YAqWMG*%`zW&)rLW_9Vze|qMUc_s5H4M@SV
z+TD*TA{Z-^-**#?FV_%^2w%(+BpKTw!sm)DRwmGmu|>*2=iB;K3MN*lg|~u<HE63@
z^%+s#R`a!Kx`Kt=gDu%*w>N_{8fijefDtS^V6RI*&3cJ&?Tq)Y;^uz0%Z%L%W87yg
zap_J(65V7VlsX1Ne*iX@c)3dt=783i@^6F+V^(+6?Uf-6S|VxtREeh!+B5oAzTTj3
zWqu`qwEGyYyBp5XGx)2z=@7tf5ck>%>@Cik(DWsvZ>3I`XGv@?@Dk76Y>Z1S6rrQ!
zI!dnA^6MzM`mRZ%DLFIX>o~bb>Oc9qA#$vB|H+&q(+rV5e|OBSr19Zq#2ds5hbFsn
zOG&QWlWiO1HdzO`!D+fmV#jym<Q%6PoTqq&$2mUz<h**hJ#s#u9XdUA&$uBS<7x)B
zO+!F)qHgx~V}WhYRBh`CDruMvC#<T513A&tm>Iw%aA_39#v_&Ig{6Vov5Qm_w<6-^
zg<fz4!$>c<fA^5L6uuXTZkl!-n6zT2OW2c|R8tw%J2oY)e2zmSt>Nxp6beCQU8)b&
z(&;*<>b0qowu{vFZ<<0*bYNNsrrjyB^<dghoAekgc)_g@8h~i5Lzbn1PU~=j$WS24
zAZx5T4;*vU^>};ya=5)S+#a2cCVM-(dz0<|O227^fBbfSAjnq_+gl~I_Hw(bb!|4a
zR-N4PZTNnI9U=YD3)OCWs(O?{13s|7c3rD)0&j)!eN_-_)yeX^3AUeVMzB>U!e>gb
zRk*+J-*^u#rXASq-{m`G61KdOtEw7URjI)>r{Ag*O^qA#RW6h@@LP`2szGbGx=PA~
z*VZ>If1HMN#j`z9J3$xB%r<Rh7AT;Ug@C*zKyA{$gE!A*wXR(w)hT^I@}engNf?{5
zWBtM=UZlRtY~i1UN00sTDsS45lxDNwH)&WYXPM7b#&_kbAKd6}p!y-IZgM>20JEB)
zQ>+)<*6w48UKvNEGfy!dq0K9GHC&WrUy;?MfA)w(<iQ`(487`Dx{jr*wfs7kuD)y1
zXqGMuJynw0HthDJ*9V~;hu5xtb#ECpalSw>R3{O>Q`H#qK=yK|#(y2g>0;r1gW4c%
z*|afDh@L&EM|4L5C4l>(dO2?tbl?nh;FH2gOeJ`O*F{P=koMquzZ`#5gNh;Td*ww5
zf86ntKc?Ujrg~xM0ujc_!(pI1&fL53l32$U_zS$~2V^DA7llwW44?_S4sn{XwQ5H4
zb;FAvUd!l|x}NZt#rc_w1f6T9I9rUC$qQC#5<5#l-Ryzmi)eVUTos&1pCwXqBaGqY
zunE5##7i#$hff5v=w`(&`FZT{{DpINe@U;B$P-F+G^G;t^hQ2MzAygy`1wNc7ruGP
z%@%(gQjZy2LdCa&gKh0NWPZ<>@_t#no)ylU2p7)D>A~>R!O<`3qc-O*Vq;N54HbgY
zxnLM9jZ9;L5O;=XC7d8#O68q#1)!Iy6y{dd`t=7&Ey<AJq=wA8kg6(*QE?G3fB7v8
zYg67sZ{rG0J&>3VN9=IKyTjhKIO40@a75!iPOAnSALMKXoP|BZaGc|>`|^yDr<joX
zL<|;W<)d(kVuYtCFkwN%XLuae91cEs$mz+c)1#0Ga?oHxx8#d&@zdxx?a<G%9(!#3
zQB>-D$j%IXman8n^SB>&0G8CKe_{bmEMgI0S6%i<w~S+=DF(h$=5bV&Ml_sxtW0j7
zY{{6h6(nU~GvTR;6RogruFVp8{Bi0+1rltQQSi>&J~$y>a%k5M!5&_QVGQnMd=p5)
zNzFuSM4l?y>d|<zlSjrp?B|R<oBSIY4J!|~O`<zuOP-ff-jo}0qdFtKe;^STG{D|K
zN4?dhh!XKFQ8xl)I51B^ht)hmKa@Z8U3mJpq`-na>7iPk+%>cN`F_amt3PeY^RWh~
zZe@~tuBdKx)^i=I%Z}MT$Wt4FY=cuZ+wj`(fi$`?vjS4j342pC4n9Do9_clVBW%BL
zoY~z8;m!bODAng{$0}uffA8md;=Pqgrp|b8)k2BN=Weqo_M9Y=9uj!%=?ZT0&ClJW
z99pGxFZXf8>~h+a`6P`4Cri2pZnSbVr5D0*{E^iuAPl67n=b&ZbA2J9B9}Z%@fz9P
zjY>sUaRR31px`1e{tCJNYvF#~@&e_$V2w&7bmyHeq(eah&kI#pf1pZ(mptN4^j1QZ
zpUas_xtPt6YfV|o&mBtHp_C6?lV+fle0taf5-d{`yXT=RR_B@Tf4&H#b4)47#j-(5
z;}m)5OBv^m{ZcP?cP8UehiE>c7BmLY{8Ims!paX@=Y+jkLvZx8Gxny;8GB<nVk&3X
zj8%IMjOPwQg})Qif8kpfS|oyZ+xwDn75)3cok!oT9W4Vo$E84LHl1}FzCZtPeEQ+w
z?C`e~3YptS4=uobq@tu|?3<baoZXD!he)rTDqK&1&cZd}XWk4F<-bQ>lJgd7dThMu
zf?$$Et*U)-G@DgujckyC4;04|*UzO*TzS%81OQdsO<tA|f0nxV#%xDJk}J(8E{%c1
z1YepP9&0a_8hHx@0TM!(lp6J}FFhYx9(lgc={ERd4EL{p>m=fBb0CaqS(-xMba-Wl
zSKb}6uEi@~cX;L9c%>OkmSL7qV^9>=eF@7}$n-XRQbS5{ft-vyAi_cgNjAkKR|-T{
zw#E$yA}f;{e*uwO+%WdG>mYd)gwVYz8Y)#LEQTDD>(For^Otj^MTz&6hj@;Z-F^Y>
z!!A{se`!4|OPL$Gc`0uAJ=-B_1w|qNQEH$K;aKZofKU89g+I1Ka^H(JzOD<_SefLW
zE7n+@z1#$AH1;bX_^QHK#2RxCL^F9Gc5&&&lmwD5e?0d#y8x3wY`@<699E(B*kWap
zxpgM@w$*XdYEIWG>Dc_DF_Jsx`k0xwdeAiPT4Xkxg(~ipqKdkMqLotQPK%l#l}1n=
zQ(*+Gp@}pO44$!X&pF;Oy>4aB3zT8HYKSUy1Yt)I)=+#ML0I24=?KERUP`&`9YI)?
z7VI>IAguSWWq;GRYKA<&)St*?!X}H=r2>F^sV*z3LB|$_!?pAGpHAfW%~*=(idlaD
ztm}uad&^kM$wsUtiKcMr3?#dbd2Yu3sTpqBO}>7J^jfRM^#thHO+e(5`&kwZJ!GP&
zJtd==l<9+C`69STF1KcvZX|yM^OU8t!NetDn?V>1v45MT=LWh;hlPO>7E|}g#Eep`
zuC7v@8j7vNyi5g=cXUl!1aS()r3_JGFNW~anFD#0M8aL-r@WL8^8xE9AGy7PrkdT{
z?WaUD6*vdl!J}sIw`-71m}MkadwEmZGLr*J#Gs~WqB~-`+Jc~R-(f}w-sJvi%x{7U
zTNAwTV}EO)6SYq>#D@K93P03Jr1J}LL6&AJ6@p@;YwBrl^Wt!808g|!oQhT;ENq3T
z@WbE&SS#E!wuFJ8eWRJrkDtz3%Y5eg(v_i~c*>P^!gPAj<dJ3<7(E_!2F>Wwx%M?$
z)=l$Z>iJ%B16rv-P<1Ta(sT_w1k#m1T$ZL-^nXf;&`DLxtT?E|v`qV|%N~CX$MS19
zkzd0d`8C`%zBuWu`~>MfX6SU89n)YW-{_G(v`h6)dJU6pXCwEdAVFm-p^76exns1$
za@{o%QSZ%M-!HXKeV*&Nf?4CG?K^usPiN2QqqzH$?OL`t+_xVZd5Za#!OhFPEtjz!
z3xDz(5r_!Lto(&ExezP&#t&UGb}n2`BT*~!2%{G<zH=tJQ<0ivly#KUOTc?*2)>Z<
zCbyS~jQUW&w5_FA5z|@Of*r!XxF^twKmY|N0EO&1e=IBhZM+hLbv3{HzCy9oSKP3F
z%9b4iE5#tSW3}_(m6yRjnOxSil`}%mjDOBDGvw_M;iFi%-Aydq&hB^FxN&FW*4emQ
zP1$!CvGIeASn(A)BlZ9zW?p*kjMR4-DYo}GyCDpQDr>28?zh^kgPrd(S(DCWJ(bCt
zJlJFvU!gNuKh$KISNi0hEMnGjN4~gtF>tsAe=L-TX2I7RC*o>RYpOLY{~j(XxPP<D
zqVaU);`S!G#<Q#ch17{Qr$+CN4WN7Nf@jsxJDqW-2dZE~Eq&cVm@`FC>0%xq9=%>?
zG^O7Z<*6xNf8P+h8N%+E`v-}yiOhXR+E++X-rMJUsK@tx{$4ZIyaVbVNshG#>YK!H
zzh&qX;E{9_ROZPfc}x!PUZD=t^M6IKKj{xj(wF$FUE^0eOVBf2;x|O|>6V7g1~8v1
zhHrH{W;7&$I%n7U_=nK=J9p6d6Zw>rcjs?^{&e`aNALI=HRAwz<f$1ur)B_t*YEft
z(rc6A){~4rVqSecY>z}Vbv&M3y1|9uX2)jNOxKU3RlHHlGT?<&xJ?GuyMJcTxHSbL
z2Xd9AyuFJDP3*|SMp4-wfb{8-evMo|B>e%zchfn}nChtdx={7E)AOJf=FZPpXU)Ck
zx4F{;#h`>Z<yC>H0yV&!d+@hqO*Q-XCg>-5g5EShO(8BjhQ4Fy@6XVG4?f=t*-WT`
zbg4C(3aMMzAd{$D`P1lWCx3@m39>)r-asp4w0jTOzbU6nr9A&mRV#TaeDE9Ga-iSk
zui;dF4QKLeIG0~TVSI5u>kg3LxIgLu{6}U+njW@02KoXviTegB=%0B19zXU;kFM&L
zrWEimy{hyhDE@ZHn0u)zp{cIZ;A)pqsRopyj2?Q~8Z}G8yC{6C=YLbJfUoKn;o%(q
zcVYN;`>pRJ@ylMMF;G}#OJ33=7Td#4)}i=W=-Lhe9bhWQjM%O2ux9wqMu}@i?GVq2
z7$y<<8nL^~<vd*Jos0Mq&$FIBBf&kjPDRSG!5k8LjjZAV^_^~e-f%XFw_zlf2;xC9
z3B|lt6ML#p2xm5j<bUj8iE|z<y#U*wK$kRJB5q_0xzd(+c83hKYT4?Bzg{r&Q@Pm{
z=c<5prd-QOMYFYVN4oyVw$PK?2-P)oYH@?y1*59P*Xp6Ppkq-x7PVthI~KKLQLA5-
zjzw)1i#lnD9Ba*@nyyeY<k=3C@%#G=Pq>7buOD(_;iB)`27h?*^z6ggaC?OG;)zHi
zPh1I-%Mx2=iiInK9jM+f-NgBu(@!6*$?3W?R`wKRO=G7w-rnvvW8>6}WL%^HZU@(I
zi1=#8GPYHX>&d2Jdd_38F%xe@izKbO;GkPA5~41+LWr&Ll0o}5rp?WTQw&-8;sJ9s
z^?V=kN8r_=9e-RfyXn}(+Odg|+O#m48|Wwa6c^kc!(3WO=Z3nSuL4_HOXT{xOOe3q
z9y_so95%$92@l5{%B`H`sW|(Nil%Z_Mo$eW^Q~2^reGo+gxEod_lFSWA0DPb(s798
z9O6N#Sz<|HgIEv`$&jp!ew2wTz2>jsEBQ72Nq!Aq%73qt{-doB><%}O7QvMlg#pTR
zCeMO79R<>cU6QTV2E1qH4-4tTK2eXqynC;o(HOH`Dc!eQl?EKo!JaH`O#7oY%b34%
zeR^@nsISe~zN}OZ4~*hVZw0<3AysDI-Y2c@)<EdDyItRBx!4>^$Bft1XpxLA{nCvf
z52N4EXimr5zO}$9-M=}y11)1o##?{P_Q{{N^g_v>n~U}*=Xb|vzy0+23_ug|k^eCj
z(M{$l=hzVjoZ!UgVfF10emUedHv6qw=M4!*_4bnClknRZf4^ymXbeaRe;CXJw3+4F
znBK6!RT$hZ{WA#@*FTR}(mW`$O6d(Ru&E~ycqh&`?tEI1A<)tCfyp`a$Gi}oAU6@D
zFSYS}A&MFqiEAKF&SkJ1bh6w?mP;@2mg(|*<=)UvPm5xeKQk>r>jiq4_0pVr0rc5{
za84!byjU}4f9l+|j~)+h?nLPfuA0oVoIg-(F1`}Yf@=z(R%`z7B;PT0%pEe{apgrX
zO_tBUCC87{VOeT6m+}89ZsI-1K0gPJabQYcY(5=0dGkMTlx+j0F^$>4DcPw5M{Ui9
z=t>h|#(M@f%~*(ff{rrCY=-!r2k3Ypf3ixNia6FBe|H-<rS;+$8mbFrsFTzev2zHw
zN@~Tt@i}}XJw4~siWn5<k8lnTz+w8+8x2xWOs~&j+wp=^8B>3aS)1mgb3eTp;ohWb
z)UVv->W%Z3(TBsEnU7$DBIYI=5p(y`hPEMd<8{cKjMpHzVCfnD?Y{hRGqytq#63)W
z^#|gfe}R(L6L&J(_}xmo#p!AlMoEn85T?m0<#pgozz~Xxz@4H6hspI224iI`3yJWM
zouzRSE}>9kQEeZN-W`AbfLxo6v^gt3jX9yR1#ix!j4SP*G$hDv8T4js(7Wk2lVr2A
zW`R^K`QLD{VfCdRNJK}nbtGFyvUMa|0|cu`f3}(LDTs}aR$<|2*{D7+{IfU@v`I}x
z7tMns-@6E0sAD{0vEmssY%i-?`!+Ld)eHU6xV1d3qN%iY2=s@5Xur<f*Lopmm5F&R
za@MLp|8}a*wU5jazHT*N82zuZST=3RW<3s|sXuj7UwDzU{L>q3S+yu)Be=(|Nbb_I
ze@*3<4r21`;IYU=C{Kfp=3mJl=8a<Z80`1n4mp>#8B>@EASEk+A2C1U+At_%3=y_O
zUC4tZHuM#rg+G<zY=<CEU9(}L48mOUaRYa$2T*4x2lz5C<Q~uKAU;Kkeuhm^=S=nl
zLl|)Iw0Klyg8Z}+!Ilm!)CRutT%GcXe_}MI;6id<(3(-q&J8<`@RWHt!=WA-IF(b?
zh#G#0$GijCQBwtK%KXJ#_#PIDZ%^9i!bkWCCOg1HQAd2U6Jlo8Y22{+h6Ko=*~+p4
zy1Ac`IG)iPcCFs(M@Rj-Y1Nz#lzNc(o-ZgR&;DjCLB~lwjvSu>C)Er=chFM@e?8q3
zdYY_*p0at7JI=>XXXo!feg4S9BC`j9W0~b>!^l~BF+|19*e*4LqPlsf50PFwRk)t8
z3?KONr04GX+?V`P#;<6~aSdFPUgIEDHw)<TGQf(!Z*GLKO#OixWeSgwkMzl=Vu{QV
z-&P?`dZIx&3|y_Ea3$STuHi1Ff1m1J$e(wO!)nY>*;PMmJE3P4Ak+Zb!Kz~^2(k`K
zU9_cvrLdeltrYBn>Z-p(SrnslzP1%jDb05*RmW0wEY%~kRF>^YV>T*!CMi@ZDC;hN
zBZV~;%5&JVT?)SKZMMNuMNcP^5)YTo=g-IQsN{sV%#)4@+CVp6{#2E6e^k!|J!v_t
zGC3b!hG7hD0G0v4L{TBDgaq2=ui;334ebR`U*#l_vF%{18YsRm-*BrM@~SeC|Co+d
z2JEi-0n}l@S!GgQH-B)aReyf8W{_2Wgq3#3pB_1`PDUqUh_eB$(SkCv^}U&=x}NXb
zeYm=f1RE(E6u3hPfJ~j#f3G^VvejxW$Jr@UPMNgHiWATG4XTl}tW>dJs9s{<*=h<_
zQESwuWI*E1cMM3(n*m^FK87WnjMbeg5OU*)h?p8~>lMfsHXxd&EOHCjnPx0R2h2Q3
ze9sq{={gHN+9181hRCtjgY@)~*$iQ}go-Jdqqi9#1J3QKRS#dte<O8XT6tBY^>SWQ
z8+e)Hk9w@$F*l!-(q67oO4!1?AG~{u!BpzI6j{A<Z{l+=IOoMWr^SLu;^3E)X6&At
zK{8$Epa<42TBN%5q#!al#?xy-J#49_$jgG^s(<4Ew1V`4u|T|JzntKDl&%!C8j8~h
z+r`XgDHv}VzFwq0e_C-Kp|`fb5Vrw@t19v%LjPQ7XrL$Wd4c?lR4y**h}4j{x8|Ts
zk&JP*{AaiqO>H6I;cF0H2cRhfP>#WE+5sw+@1aa|j9hxx*CY5q-6G2VI6ct8|NJ*p
zye(()a<>oPmA*k!3fQeAXO!zm+CyMI);Sm6H@G3VWwHvof2$eZ%cS;Gxi(f>?bPw0
z3`7sLG8SSkY)df<qfL^a&p_NZXVbwow>2s<NTlmasQk+)L`41#y!jQ}|CeSl5~OZ>
zpl|!5?d|Os+uLaF_P1Y*UcY|r^hU2=yng*x{Xw~9+MhgWH-;*k7Ja#ckSptE__&~4
zJ&b&%l+vrJe-z+U5YHY99|&xhOuRAp7L0QdV4Cn(j$Oj;I_irHTZZwsJ;Obi(U5IU
zcNOvG95{2{ll+A98Slxg@+h?x8Ys|FWbS)9HpJ7yPn9j-A-Q%?^QV-mjuy!K$9AOh
zS1^iuu3R<gqp{S%Gh>68xoVSbxy+-NFLox|qshzHf3IFnGO-(h2fyLfleb){OxP!o
z@Y-TR$rb>d)nge4&Ag@j0MwsVipq_=7@9A{goc{rm?Oh297@iG!9D$o=LL_Omm^yS
z{pJyTq;{>sA&lsLboi`iUhnJY2#2Tc%~Y9ekG>_)nh?!KeyAF%DNWbafP>vv2xG$7
zVcU|)fAHzM1ywG<+o#W&GR(xJxq&uqW;Bw<-(IkN(y(f4hgMMMyiAkptbF;(aVvGs
z=ul<)>Z-9zF!R&7hzlK-N@q^yM$z>Iw>4KSgBGbYz6I)~Z}w+G%7t0!b}YaNx}4di
z4{_zqaSC9M0lF>AV9s2B1{qceu;NQ0l0JFaf9c#yT<P(8$xS9tH%h#P)c4ql-7Ar`
z`Ha$lyT>;qky>j??6f4twWu*@vW|g_Ih>9;GPYduq*Ny$Zbi&zZDm<6@)MQkt=ccG
zGkeA>X`h>30aE?iktd4?>a!-%@sRvRE%c@X&uX#|9eDOQ_OG7MQ)Ai$9U7-+4XGzx
ze>vaZG|AEou~Qus8Yg^k<FB<6d1hnxH%UtltWv_hJEi{{&gQfEP%Ok^xINk)4M*eb
z|C+Hx&w*eYXT+MZ&#@oa{ctsNA8uZdZW*UG&T(pn$gv3vpdH>~A%7brYfvA~yz^c4
z@vE)L_SQst)P|SZjNMZ+f^7<kT{pUEe~9pE%dfRrrR#|;eJPS{GI)Z8xs5196mcn6
zQT~5&IrK$vAs@`U#KY4e>-B_0z!tQR#Blln3>z01siKo94xv@_A-a}Nk596x9xAcB
z6ecn>SVN=9ZvyEXK=-aNBJkJ0As((=pJ3p|tAX^w34fc6phh<r3(sh_0q?6-f0Q?V
zQ(%UUSlgIbW5kH6<&m)FY@$Vio0?JR`(h0ysSb?mOPEdYRfv^Br4{HVUqQa;)274g
z$FjATV>?5=Dq-1TZcqmZBn*t38jtF0?L*x`SZ2IS83j-*;$_A=kmFs8@G9L57uw!U
zMy(M0_mOQ)vG0|_YOkwWQ-IaBf0$Iu7VmWYinfZeLk8CND96dhugtQg36ec&*|IWe
zu4l(!b4a0r*!G;BGCG*X1c4e^6#1xqXXmFEuSeTEqwUwbuU<Ptpgyw~#b1_?OHU6u
zR3>QMbQm-h=JWu)v{{`<J_CMM<dLXr4bvuhr??$rW$polx~_bR$|p5gf0KFrDhZLg
z+06;pv@yz(#&b*BOw_CO`0XrbGwv`CSmoFqy_ihKyRRm%rHx?ofIsW30$GL0wgu9y
z(dC@TI`x%7`@Ph6bbs|7f%;BfZ0}57{<J;$>E%yKec@-F`m*|tHd0?(WGzx(KBtyp
z5GG*&$wkiX%W&_~z4D+_e*zq0aC-)g0smu!epp_fM#I-=F7WCuWX+nAg{(COcI3`3
zOYb}7SuiBOim6D@X%SnuVu{hil@##mdhN{=@}Bgg=lkfaK#V@$M_Uh}y8I{X8>gob
zFCE_y;spkaP%>Te@B+Al8N+p$cwP2WKZJ5tX0D2w+1(>$RSUK1e<-n<EJR0%J&t+o
zD6t30@vSnmUofFlBN3M4xLI<x8S<?;g(r{GJ(YQq=jombp5%eL=kSTT?lf)20(7uf
z2YYP{d;R9*;P6PbCHqYz9}X~!7tUq)JHl|ePpu^3E_k3S=KxfkXD-Op_1$15&R4Dn
zS5(j8D$srsrA?Vce^)QQtLsqqK##7ST3k<lCqud*^t~{bM)=-^N0-{1C?)bHmSHvC
z;JlzVV>g>DQV#GEu61u}xPS^fy=Qzk?3Kg2oQ3aRP^YqaDu(c<Y|&p43BJilXOne-
ze<>1ovzafoP@N|6U&l^-8Kyq(<4DYehm-!sBe^&?wua#@e+Rt-{qVvxHkODL$+>o8
z2b2jG5R~bS<1J{WkMYAnQF{?CgU3yUGA&IZ1X@jit);#IvQdPMlU#=d*h^D~l%I=5
z0tQD~j5IO$Pp}sXt%1zk2KK8J&`rmF71*!rYVm<?TLy}@sb7MpQuZQm@BJe9_mvZ7
ztyqH{=p%RSe`3D~RXVYZywOA-j)Dx+Q(gk)@VSQ%!@==QEQL;_Ihh;2FHrOkwxCP{
zclV`l0Yl=XIK5yVUgNpL4u~JheIl1=T7s~02?5_7Mo6ZfZy<zSf3*#i@2Bmmw9l+v
zo2Fn*Uo|y_Fn4!x_{#V)`>JhfMT(?bc7#2p6{v0@f3kYDu?qKtu@1^ntaixn&|RV4
z*bQV<%tYT{V<S_(#U@A75Jrhr)+DAn`Mn3(tT*plYG3N+F<>DKSq>CnVFy1lu#rA0
z_Clf@2%a+X+xuGv)j83Ahkg0N?O365Q~mayo>pgRODyf%ds^DJou$2(rG493+DEgr
zZ`WJee~+KebcT5<X0CL}zsE3GuM62FZNb~IKnF<zD3ozGySOIM`&{)o%X*-}N}*oQ
zfL>bLC9NSD*;=!3zq?QIWMJzwv<l>HB6kftCdkZf{Hplp6<-#Iq;et_sJFME3`P!*
zdr2a;H-&uyXSa1{g8L!fZe7u8Hbjd$^sOcff6<|Dk7Erx^zA`%<YKHwX`Dl7gi$Lz
zYfbSUi+$c=lk-7_rOheYcdVB2l8?6b?ZLNxJ~%sif20AfpV37TLJx!^&c(e!iE*)f
zPM(Z(nJ!==6OM;-gUrSGYv`RVCEtu4)WKU16JO2Xtrlu<J;9p{-160uK<pMnmkgVt
zf1|a5->T)wFfRNwSQQ;3o-<8>lW?ZuCN!cdW7gy>j3UUgY8BY1LsuT!$~WiHngOv~
zsWLSrqH7YVC6DaoO{sd2R_H}p`Dx5Mc95G@z^s>w%w1H*b5M?O;r!)f7dze*+H+}*
zm1=l#A>Rt{!lo3%J34C}orMD=MR9!Oe<N@7XCToIwkjDInQ4v5NhyulA8(Ie4!3uP
zqwV#|lRaqS^t>11#lXQ!{{_#ZHT=|<u94P{Skj+HRjsL6>fUtZ<1T;YsHEX*<I6;o
z^mb7%knKJCzE~+&PkGWZScQv_Y{^q?;YG_eu}?vA6E#7M`=cVHY!1bg4%nRmf0NVG
zuQz^D6IPw5RjaeC`@*G|ecdaOO+n;iV@6i_Dy>-~>!J%Sh&e|yn0wTfdb8#o&tVlb
z7-GBs_d`Rh!cfJCNM(|=#|-9%wrwz?@h*e><lTAdB1#o`)^$>2b#me^MmjWSO`_-=
zZWoZqC|qap&BaOtb42I^M}A`Ye-bl?=I6q#n!edV%jJBKyM%4u4w;_1s7$<5d8!<w
zIur&|O1LCp^t3G=t30>KJ(7-0lBu4jfi{qp>&&5Ne*pS}BWk^1-7L%=;3HnJ5RsH%
zerP2Jj19>V)|wsKWSpXb1C@JKr6KpAV1UTrAPkhftsZ)6rHb@ZnTljZf5~sahG;;?
z{nTV3I_~FjELq3>JV=f;Z^@)BaTaxC_WiHPx@Vc!@tZZrf{~lu$0I@;bvg)|u~r=s
zWW1za!F^Ti0}kjOPC*Mvps`H?sl3*n6NFh|^cJduou`Jv6g9(vx><b>kzQMsxSoK=
z7ps*MC9s`exvMaKV^$UDe<xW!9SRb9$%r3<1v8nSG)}^$i0F<61mb1zm;5F4N{A^T
z<ljKzh+vOc{?7NqYXCrqFOp0B2+$DxtqqCzn#2X&PV}kO#T^XDLP?-s%J^h;6TS?z
z6bZ)m(qypnpxp_^in`WK^=Aw^IH-ezng$1rot`pd9U0V-L65qme?L{Wrr$#bz2vVP
z6g1p6zM4n|Rk#TECWFR#$z{d<f^}+#5PvB113oPJu2@p!$jGc`!!Nz$rX8Ywc3@9s
zl6-z(PfbKwd$6Z6Ipx6~4y-vlvxnK7C@Iw4acCaQCzFx?6j+R{0Pg0(?v4=ok+B9f
z$^7$w|DUnt2<BUAe}mOPPs0fJtb>d{5|{d0u_{N9HxmTDSdhXz6eNxKGQ7@K#bp#L
zlUpDzq=c^oFCfTzg_*f_2=Gp}3NDuwCh<K4xT-~t@Y!=g>zvv_!Gft4M7>yw#9PSd
z)c0=&U{B1p?qpQ@+)YTiie{SeQl7Lv=1M>yR!SV|k(>&Le@0_&<i+wi(36qgvN3AY
z!9+D#hz=%t9P`(~L=Tc<edp(`%ZHR)b0Vl*h2r|K?<Tx8j}hu{pfVij<mh**DbR_y
zmPca@@mD1EUH&?f4zTZhI6QP<R#NON{4k7qbiD$HoA(_&?i+$j)QtJ*S^zyXW%$hX
zwVs>?CVM=je|ubr!e|jlu2|kNmLZAUAa+s93EEK&dvz>?>0TA-$f(LsJP5fW%uUkz
z^_>WgT}}wCXoQ;s9SMgs8C82Y&W+yRhIxK_{F~n*%5(6`@o)}MP{7qAAw{wD0=V=u
zGn)u!iH;8F`9VO>v9ol)0)IhjGK7NfMJV0GmGo6Ee_iO<Yn1>n^~YLv&LjIU_>RN^
zON^{})TNu+1(V(w%6D$r0J{1PS+VR924;qX;G{l4#g;PwgtD<>8%nCG_gQP9rj({z
z2?*h40bT`D&K7Y1=H?Qw0$w4H@K&mtz*4n{0ebl=f>r<-V}M*RlWtV$8Fj(l*Rc~`
z8!fate-?;xL%N>^i%rQ4d53J208Ru%+oSIn>e7W_je70De-0AI7l7u5fi$~e3~FRZ
zLKSyx2}&*GbHn=snS8_P=&b~dQw-;+JRRT%OKHU6t~ifpEFKH{&S*S&v9s&+4iDb7
zL-M<94KLwDjblV3qerj7!|MIb>8Fo;W4|efe`BTG)}*p>myq@y7Wy$$=D((u-$yOL
z{U<&2OW3#Ur1L@hD?fRIrz|97Dn>UdTY=-;ZSrY2zZp1~Arm<tIA7eZVmwb}a>DUE
zcxJ+IOqhL>uB6#79v;3IC;DX0EE=^A?++X(<0gPE818*8ZoTu+FnedI-XjEm(7eqB
ze~wMnA!a*PNRe|w6;l!tE(dG-9HQ~DOJSM%;pC_77n5E1UjFM1&y>qv>FK$e>g>TH
zYte=m6kIQesiiXZX@d-kuPwt+_}+yFBWtX<ma58zRmla@Nl0?8lsl}Mh}}8W?%`&U
zk-{3NECW2pi!z;LwFbxY<mm5)+d%fSe>u5|ode%@LivoS&q*(p*Mfj5PM5X?(TNQC
zn|7?hA#14h*C$~jrJt9uRMs_m+*SoX5knYoCXc?AGjhD;Qp`Ph&iOd3S`Y#z^*WY+
z99@CRlAXOEbb>G#+UZc8Y@J8mBI%oCqh&YJV0P&S7f;+rsyZd*k&2Ktlb**`e+JQN
z%B#n}bB^B)GBpLymvWA7Dy<4IW9A|h`*aa3X1p%!4N63jbq}+gfn55AB&r)vm6@a8
z@)>C)&fc@1xyFxV&yZZ6L6)`-<Qq;?(ggz3N_``FM&pKEL@rki0iDIoD&|A!|I!Qg
zb8W10o0i`J-Qjczx+u@Aq4_cMf9dqBOv8T{^vH))ek9b`dr-=<a!o@tv!f)8m&}xR
zPpQIR@0S!(TSiEXEkZ&ck*<FYm=G)ep1MpSw<$hkYbHEjL8Q&t3^ijUy1pn6^9`T9
zzSgt!{l#d3Vn7mx-xsU3fC12EJQ#>8!RI<0@USAi{y<?5@G-q$!S)@Fe{ZtU@=XlK
zfOm~2)&UW=$1i_<Nmm<VO!jAqvV&ia8*+#@j)Pcc#Dj7Tsb(dW##l;P-+>J!ApgMn
zGmpX*{?>XDUDoNLVo8V0h3o_M@;6zU0CMk8dW)QNHE`mP)K%#eH`xKw234Yi8){q5
z>)?hCZuo(4!^SX!0-}=Zf3T#OA9ME|MN3F|!)ml*hq`^|Q}7){rtKG#ofdHkQxX%T
zC0SG(*5Y2ge%&H5?MQoHpknMUE7k^vi9R9_kv<Moo(pm}3~97NaAn-fEMKf-2gnO(
z`h=9Bzd<#j9==bd?8;76%i6IkRj<Hteq;tn?SAkI#lJM;r5!@sf2?ExE<jd#CgXHY
zK*hPXSt?13{(=ouj9zSy;k!`*rf8Rx*EkibFe5#Pf|RjrUlcNW8&b%lzV)Lv3t16A
zShv>_JJ-O^$oXse|NG9k#qxoSO1!Q#2W8zd*;NcSR3@;aZ%|zH=z0zI4>EJ9N^0`-
z`1t9}nK-@cOK*1Re_Zn%@VQ6l4rjYCvkf0FTsUA3|NPJYI)=0t>{|S{^nu*~x^^t5
zUVz7YzpQ`Iq#d$9k$$g~H8@nBW=r67p6O{?Qj^_f0SdW7?h$9WQyVO6UL`>&vz93E
zDR3NFub`eueO!mp*Z5M1L|Vmshaq)O!C*X`<9B6kg;pX$f00r?C6aF?t{alCZwL-@
z@XK)#1i|IWDZb*b0R$;$F2<aWA5Ps^0DO#%^fDX}9Jl}cw@H70WWW?)pZ@dTM)HTq
zb>v=IH}X<<A;E+hl|0pw%IS$07cT~6!8S;c)Ivj^1(vZzIOs${7&{w57zb9F7Atn8
zWx@797^i0+f6fjL4^^v*Y=g=`K8@Vj%^vVfC0Bm`;lK4Y^n~733>h8V!t!MMkAMHm
z?HAjlW^9O>p&4EKiif%fE!5$9R_LiyW^5<0u<?K?Z#=Js1y9P5LJU3m__Cq|`oghV
zCU_S22#~Mp3;Fn&u(%Egi-VaAQ@9lcxZ6DO2IkXZe{}7|ak`f30B42r7uhT5x5`>u
zH01nm649}|xlM1VTLmqy#<y96(91U~q_EPyd!uWlZc@0omfQIRZonIAR6K=3k5spK
zC6&`zdI5$9X4BlQj0scWL{lmp9o^B<9Ua~AG;{}X{>8!$ByYo5Sca|@(&NIrWwOyo
z(|jatf8FyY8x8Z7>-lc}3XiHp_k@R(o=srF{Sa(-6>ZRm!TMAS&zFBOCzgR8q)X4O
zSfyQBCHVu$x#NgFHx>yTx^b3h&)jIK_j3;>0;;awieth97KHE95@8x8xr~IZ0(;H~
zn%NJWG5u$Pt?g;LFdX#z&dY7=te)M6Ha-FWfA$d*GtU??*sUy`+aU%OuRyLn2Hdf9
zt({aiuAnkWS<`f|2?m53*6FaODF)y7`%XPK-{RLWAcY3rf%c+5aW3C3N~q=iawRo7
z|9iQJXf%6(q{pHxBG0$?@D>U`o%f47gMwh=WBtQ_tE5*-WvZZN*a&x4icaDfo1B2q
zf1!~d%D1u?c~vngQutC7eZCVjZ|VBI(e_~6=e|!*UF5G!*b0J>Xa0Fn)__6$fB#QO
zg0HWch{~EjR4%f)@Do=G=%3cf?$7_@Urk&8Pg-X9%ytOtfItY6)t~?6f58Z)QMM0Z
zI8QqS@e5VHOFJnzy}}s*jhF`3<{FR?e+Q;jTU&lFtGyclbvs0^8;vM=fsfE5Hlz<h
zm1aYX(8j~DT@dolv*x-W)=Z?jkBId|?VkW-V!F%?$zC^vZ`icmg_-67!~vpfcN&L2
zn(i!g{-^a7ti1gO-2fAYAvV$tM`{BbgR@{l8R!8G;wbT7yg=^hnBgSe-((+`e?lZ$
z<y0A@A?ov-;D_D&!4K;-Xn((~{+U&{xE|6%Dq_5biqHdV_Edq0_9~>nK~`hfU;s>B
zc_DP=S0c=W+KlZ|Gc=;>TJaF+wO5VnS?&H}H?uH15#;8w>h;QOGEBJ+<U?oRcH`Vb
z;JG0u1Fz-s^36T@hl`bb#tl3Jf7(;bc$PybPj~4SP{q#o!)y6twY=9}Fb}V78sfvz
zyW`IvkcYr3F>oE&WGnQ2t^_z(=%W6yVaoLwx|xh`v-IK(haA^JYw8Y4L|*)Li<f}f
zjBpDK6N6Zb&(KbfIZtIA|7!2^ybzodY>nka;CzlHFz^h0&y}yLV>{|-e_?1U^ffc4
zfaGW#0&g(GMcTPp;8%}=O-D?0#6(9-JU%f|Mn|xN0{6<L4Z7m9vo&zUfqB^K7VS`b
zXPNboZxCWGfB){Sv+%xQTUB`^Yx2ZE81WUB;av3PNdW~6<l)vvh(tVQXGG>Eng#u_
zD&$jXezZ+Rd%Gl$KOMIRf0tO-6oGOn)G`9o?d&-%T+fGv!;_pIgq1tY<}~D7tQ2H;
zS=DNHAVbwFaFXK|*tsoGc6MWUbcmJds=z!|DKEwuw0MU9KYRbS+&Gq`3&QvNDbQxU
z%cw~*sbf@Tgr!X>6^cw%$3Z12BD>~B29iq>N+7@nKq**lwXLqkf2?n(uiC8VZuX1i
zlZ>C%2?Ql7GKwGs_CNowNQnd~U%veGeeN!71&`C9334?O7uJ`6P}|{Y0>UEh0VMSg
zpR3aV&yRx0flxiKA%h}{eks$3xT76HeuQ}75u=<L;EuR37IJONGIYe}B)Ko(A848C
zx1vREhtMA3A<$$$f75Riyg591dmeNsY?MOnILvNo9*eHb3{^|??QP14q+9YFsRE+u
z9MN<eQkD4%j_wJ0Vas0yp>XW0A2RUIAfBh)6*8VtQy~puq8)-iaz<C^<OS>>FZyAk
zf|RF6Q)cL!(qN~Q-^irqw9qddM>(%aaKjPZ^v8b4IT(kXf5N*$wIeg^aLI}rQh;7-
zuET}9REW<}9H3N>5rkGFO%%`&gCz`Tx&vLZJC%(<Nl;zTss#fz43Ve$6y5`=k!3wl
z=54r3-dfmFRY{TsMo%7~L>S5wvvSPFs(G-bAqv)FHpGVHaC-P>J@(-pZjLuAu8^=t
zm!p$|^&Cwhe~P87EJ()@QjWI_r%7Ijm0KRMe}6d$V-)8lT)qg*Z$kj$HRCyKMnL>F
z`L$l3*Aun=gj-P}@WJy(V<sw5*}HU32$%6u(Xl9Js)U*GW&HaRXUMB#^#}-|*V@qz
zK0>`<Cd358TpSEx(y{!N{Sx5-!i3($?Ej!o)WPi0fBD&)AQi@Mk4U-%&p?ROkho#p
znGthKK~5mm8-NPI@3h8Y0FX{0afTQ>x|-p)@YT-aKS+9AAejYgJ)x__GWQ!yh+cdg
zA+rL1EUFh6)yq@(GK>S+w8?xY#LkC9HQDS0Sz}ah!+}_u1HmF7gGYb4onvWx_Dx3u
z?%_mee>#PK5=TDx*B-vLcR_FMl<XzEh6cH6IvU=fcEHMz+-`U!56EYK3+!%kd+7*?
zo0fZVl-$Z4#nk@JY9C$Z4gn{KX5ssL8q#WqRvl~wN7F2`RT1sGKz6qY=oN`ghgVV(
z8Q!Eh@)Y#IOfLEa<M4CvL+LT1puhgd{|^3nf9Km}AnEmRaJ7;deqWb1bPh`)>{dYh
zhSLw{Ujzh;-sHhACl^0|_;}&j_HHmpM>D23_zL#J?g4R#^iQeea`f^1;={Xc`H~ZA
z%s1SJjP?3x8lU_ZE~%CZ%;cgv!o)F21+9Bg!)X>3GgC@jEuK=F0(`yG4sKL9!hm=Q
zf948V30E~<&M{jsj4vmMyl98CsAld<ZRaIJJPbX;PV<muq)uX79^sKDJvE*bj_e?V
ziFIhv4*7kOm916vg6fec8)=pAA<My$)?kXLXdL%-{bqtG(|8h7w9X|LV{M5v0b!Yy
zE3Rdq5{;D}kLj`b#CFK}L>C$283?L}e=IDqvj|>~!)z9G9-dt$FXK*f#;b!N$9X0+
zqk0(a(TH*aPm@A@E*5aE%5ScNbXD7VoN<KU6m4{&vAk{IK@Ne_h#lUwMVDpyg<J5V
z_`<dh;Y<SQJ4ef5hsPD=yh9jOyDyMXg`(!7ussDZ-EnLSvQi@$v5CqTsJ404f32G3
z?NV$W)l3`9!+VOX4SNQAvlJwHSXT&#x4}ToQq1L?QfDVkVmHF*&ec*Y{VI9`b7GVN
zpy0RM$X$ME5==Q!{)SmP#YqI(@}XlMz}IO=6@9Jg9ltz?!*sn{?BrLvdL4B1#o98w
ziZ8-y3{7PI-DNZ{p^ZlH(5%oCf1u}L3$iQDdJhxU=|ICgR6-6EgZ$CNDsj?coe;jX
zoRZ4wBxan{uPI{EIj3LU6yHp}xuMNEz5dS4ijmdvO7@r)5eBEMq)!~SQPRzcY>@9b
z@$42hXIT^}y3&f)G7ieF<)GNx=fZSzcaw#xQTzE~fWG$4xGfv<$!`<ie>##+TB*qE
z$p{dBvP{{SWGT39+Rva*<K+B9@ZF2;owEFSas_$gxzjY0HqiAW4TJ*Zxg(@_Ir7Kr
zQnpQSlgm6=yn3WJ%Az}!IP4NCR&!Am9)w=W>?PmONmfKBk#lwkB|PTe@$d5kG&njY
z{)nZF(2M47zNayUG$N&3e>eDsFd6>jrhsW1w#bGpvVbk}smvAeSRxBpA*~S3hVSv!
z_#Um02QoQs(ll2UWewwCOw=<HMl8f0rmVWX`=Ymf(AzoKsvv#*a6nr)I=}wM|3)4M
zy#jj`J-Wwc>BbTo^84@VQjxEN?k_u!Vgaf@%(E-}HPb&{2LJBsf7#1}?K$qpORkMD
z14Jq@<;yRx@!25ywf;qrms)-2|NdLeB!b%1;?qM^fl^fJ!nDF4V0ve(L^WR`e^gu~
zB;71ot$?i(VY4U~wMpwt^`wcxV5J&SKv1K!ZmaN^6J@{tf-uuN8KNe6si6XdNlF{j
zoF}y0ATmE4yV{+kf84+M)%W=Y|F=781yQIa$Dlq32?}FkkUHE>@GEybg|vz}fg>&q
zxV9dgiQ1%BLBl;P3Us!9-DnPr)$L7QbS6c^hncZu7VK*IuC+<}xI`eSW*ivul}hr6
z8VJmc5yGFnvRxIUAxWM0(j%FXLM#ie2!74pul5oc&L6xQe+x6?^12S<ADlhLT#)L&
zU993ilp{Wd9@NN2hV*@iRxtkwl~EB@3iX(oC4=p?P?hJ%2#^?*CRYC@cED@=e?Dl6
zfG*6uD#c$I`CYk;ftJw(_J}5+WiLEHyTD)!w~G3T>|A`5mbW&q8FyvP_yC)w8^1+*
zEzsBXL~cKsf9)D2>M#gC8c)aOD1xw%gFsLI7sP3C=lFdP70%iMIV3vE^s2OtQ$G@N
zYWM<o_?o|}EbYTndgA-F8elk2A2dqulN{#>j4?1kxQ{+2%hD`gOa^eiwV6B7kPu+K
zQGR#(N;f$1@cNPh3F|{2dWV!}OHx@(qI7c0YUI4Of6GjD(j=o2xK5+U!UzlMv|1y_
z#q{x4oFTS>^f!?H8bbQ$?lxHd2Fu@I`47nBU~7IF12~{qg*k>Tgv945a}lY=YD1ZS
z-v0Lc@2Rddht4;}x6}&Ge_z*`e?@Tq39a|t2N3#K3lRF9uMN=Gjl9=(<^nW%4NDLc
zx|PNXf55%vvZ<<(I#S{~X**<OZAQrglx{5fgpQNtN@}vz<;t~tmt}&TcXzuLq@Ou@
z&m#a6s_*Wq7a`PkGDp&MPot$Vy`OIt*F&h-VKctxK*sc@C>dcam}U+&q8$P}Q@tXq
zoDTGoW1Z`eCOMmtiVmHD#?Mo>5!&KgTYZe4f7GwS;f?Looo}q22QZiE)U{G=m3F%8
z4~&U(FS13FWfgAd@#_|`#KJ*)WOxo{jaCGJEHY)hM&B`%QAV^7Q~rF2ACmD}tFOCB
zw!KJtsr>naq?iwM`#)ixHsR~@pFkI=GH3`!YRnbWqM|NuP!(PQ;oix`%#ILuU}AOd
ze`*^0+}C{ib+hFS#=bI)y`)nD*aW}+_kY4AlQAzIiu1}U&#S5dmMw$Z_dU4X%M~uQ
zY;lO9zU%v75`H{>`{9?%cPH;p-hF(>0b9jensJ-f424hBb%;gJh6ry>QTX<$@p=NT
z$Fjn~lqwb<4D%wzhnrDhOrz$^c$ki4f4Z>v^Qy;`;_R*l>hbS_kP`fdM(Azwh|kQY
z6CB+}9rdvaoxKq_aeVaPjtIo-^}Ti0_R$~V{{edNp-I6Y#8I;z?V!R%+wMMz^iDy1
z-;|(ay-|O+w_oRLw6QEj)eK@nY;VFO7|*J-3W)-;86s0dMaL{^f_8*YmyVlsf7G`t
zdMs9@(o@jV<;H&;z8&1tunGEFO#yE<#DEPkU_%Vp5Cb;EfPaKM4rB$VtZc9=Ejwvu
z+f)jgGsjkkmpD|pn>*qtIu{VvVBlC`=c(L5SoQ870vggUgC0Gy0xo-?UpB>O)k!#D
zji?Pg#Pj|FzJXB@__@1g`EUOxf6tWofhO}WJ1L-EXr{gsI8))M@^aBt^mo?IV+B#+
z_Dkz#--A^zo3BrNr?_`FbD<R}`<dO-PAFd?Wi7J(Z@>S3>s651Dc`c-h9B1sVXk&I
z$d}NL=$!tcyrccL7@jh>h9F;4hM){qSJb`qbxr!(*Hv(pNxhyK3Fca+e+8h0;oytx
zd=Ak^u<IM}7K>Oz>x+>)2dwKPY4C4THFX+(8E+qL)d{NCC%wl;2O!&v%C0@#$>NQw
zbw`Pm6ED_cJ_@#^R>aQCOZT`^NK?oW4`!1PT(MsZyW?gptd3SL;fj(w1dOlwCDE1L
z7tCLBwJZ8+jC0^mjq+lie;}dh5YDiD;y|eCs1g)o^cyB?tVLyctvM5>?Ne^t{SDlt
za&U@)$b(>%2}Qgi1mtN92UcA4d~Nw5UqtMP_i1U+7xEpHWg|Mw2_|tqU}77hGtZJD
zL0W<UL;jl>5(~AlO2aBEL2Y74yzg!AFhk<-JvgC!5{EM$?J>yGe|xO|>wP5SFu&zn
zg%dXa5BNXl|Jm8y+i%9zSu;L_UXaod;jJ4Vq9sbZp1|`bGn(M^=mf{Rgd}hL5TPmD
zt3iOYgD?(0o*?jJ<`Ce?AtIE}LO>)g@X8=PP>6VK-syQ%2laW9(wwXG%7wn^JIH6h
z{_xJ{GrT)~eF8BBe=-{66LR=geRv(bC7+06x{E@iMWK0jL*jyUXDNs-5UzX|se4}V
z09leuA2SmRNH5^Dac?o_VxkMEH+sl(jJ>1#U;wV8BHz;IE{EsLyuhD+L<$Q&Ps~Lg
zTutMc9>+}IF-4)M$hbi=j>2W~>-7M8T24^Fg%Wvmodn!Hf1``NtZRO~*K!vUgDrBE
zAkkR^y|fK7+!Yzp{d193yjJ@`C!Zy7af)cTg|zY;G|v0G`@65u_HsUjR}zgl$IB(>
zimzS$5a2p#4?oU%4Hm2B#eiYHyGYYGFT0$Sby#n;HSQ3X*IMArwUcC{(qzRoz&be-
zq^c^pi?TGKe{3<zxlitzmJQNc4XgoqQj*oR;&nRoJH2lB4$LKT1VH|yFuxh3@XM7}
z-|A#syiZMx13HFtJkvxLONB9f2<P9lKN*WZxHvUIMujb^&^q8rmR?0)vpMM*lOlHN
zI_?h>l|1eg<CKDSiNFi(T%9iT@J`pQ<yx6*!)-@uf3(s8=Jg5mJxfAqId~=q?n)?C
zQuDin*7>5vvbm~YV^)Ur%KK<^tqK?DDL)~<0T<m4IlB$#+FHBPAom#N#$S3o5`q_H
zl<fqo*IDvdoB|;aeucb$ou$(Wt=1EHuNIZ5P2gwI^-a+m#?kOrD(@7caHB#j{5gnS
zwsh5Ae<xSYsrUdI20C<1+Lc76B!flxa5Rc!TC5~-?GW_23bWyjkx=KT$l`C_p#42&
zF+(=X3k(<_fgmTH=E2VHuYdo~o$pyz5bylk6rr-5b)8p1VnH{KZjH`+vsMs;oF*&H
zZfbUWeEY9)^B@5x{oqU?`M`wFHrW38;@#UIe^0^*-1x$qb3RR++CvR90ctb|>I(jS
zW5vj&l8KVhkzkdlaCdd$BFoA}T9rm2Dom+`U)BymO27#h^y3MUyD^HwXggCq)<E`D
z?EiIeP^8z_F_IgKd!<alBJZPQb7T(~rn4I{fX%RB2C8fu1%4jh;q>|p<c9Z|I}p&;
ze~zZ($)k%oFyYB@mV?u&M<H=GO@fox4Jih%HL(CW|8wY#Q@%Ce0Q}eoafm*KOjvYt
zkCmQ~aBv}R*3K{C=!JGC#BtxV@62Mu;KaC6-`xh`1neK&S6XW=&O^sJeb0+*5k29Z
zKq3?7ykJ2nOLGic*|@Sz6*C~lA*XLZe{GWydMOQeZ1@SQ;wOCf?M`qm*lh5-a6EYx
z90@J}f0#^OpioVd6%LjnD=b7T!6a3{lXM5ZZ5bh9mk0@OG(N+)4PAzDR1{q8yUHk|
zfILEWNgtk`NOi;RUxE`LdSw>g<C7XPhknCQct#9`)@t#3qR@I^14SC)@K(_{e<$~3
z9AH@Ld*+Y^Gg(}Z-wB5zXxb`=mvU|igzIT`YtL_#dR%WgM%kCur+@>T2!s(+`ePA-
z&WEXtt#mjKL~e*xc#BgLswXw*&(;~4U9J#x@C$!q+>OSfD746mrUVx2PH@o1l4oJ0
zao1bOz}yB@2CZ#Y*;o&>&dD*of8rQe;!}CaIGjOFXx4Cj3jr<!%aosxdPYj19A8Co
zC&P4X`>#b^OV-79cP!Fl9X)$tGwNnjV4w|M!t1>+p`;E&!eK;k9_;c1exNkVr3thG
zJcWGna1h0K#c@)r*ja5=^__w1eRUNLgU-)~XWGJ2MOTEJ<C>ghSY^*Ze`0$jiGjV#
zRIKj8ge??!)=5fRV@8qm){wGElO@m9kcya@2OuCmO*V2Gig{jUyyd|cXxXrNyA{%|
zqDtU(9w~S{a@}*dsud+#EbDS<TSj4<AqsgqRt#v$A>g|%`CXUtAaDmGHH=WFZNn3&
z`^OUvX|_W62cYWk_g|~ee|?QPQpcJ<7DftP<gjnTED?4Po)BoODLYwwr{e)X%yiUV
zxhYP!R_;Y@3h|a%6_2tK7qTuaKVZqzehyMQFT$*l;RX2M_a(3DRLyi6<4)?=ZxhN=
zJ7ngPQc$n-SOX%YNIn4G@%kEshF%x_a4rpcnuTrNLz(6Rmy5J*e|HbGoQ?F>F?J$h
zQA<RBOz|Bz40Bxf>)-z?H<CeS6`TM>g3fFP2n&%phmPS|B`U+_!*)pP9P<zS``w8H
zn6hGcY@A;ryP+R&f*9gm(bUQD7{d<9Uun$0=&tS$O!OcP{$D46;U8?3XcBdR{Pi6O
zj+_DggSeZ5^DmvBe<b$d%O@mpy(`Q>B~~4-*C+i$s?f3V5DC(tsrljV$;>Yu_AOLd
z(sPWwO?AeJ@#`HRQJaX5ev4KwGZk#3%C0Kge7stbZJ}`{X(j&#zYF9-h>UP)oER?2
zY))$>>&I0an#9qN>h)SPGQcPI=W4#D`@}C?nIbS4pK=A8e>P++q)+5T$?z-FQm8>v
zXerw4R#$hHK~#u)@xiH{`vndYBXASp7R9ZaWn2P&UYSpjSuqZZ*AUIy5Hc1KGL{2q
z+eE=QI?*#B4nZ{7!i~Nzx0n@9ZVxWro(DVM?gbru{p<7d;O&lXtHx7k2ui)-T0A4J
z#q(F!^+diue|e}g0p0m@FphF=D=fzl=xOP2@V{yFH+~&`KwxyoN^wS1eOAJl98JOQ
zXHkBOyz>aGbcPEr;1m0!^ge;md88hn|A3!*1JBEEa2Ao%lRJs0$OK7-(w|cLs~Y0=
z*PSlm&VwM~7Q}SHTvuP@uEz>y0)@IxiwKLIT4{*1f1vL>g>EU$TjY6PWB@QVJ1^;4
zM=y<S3X0NR>Vk`B5*r#W@1sqv$mT+pm+-Y(fkDbx2hezTM~7TAgD{yE6ZpY5MV#;K
z{Xu<(pgLA4ymp|qNK7zQddKt^X&U>8tqAMr20WRv)H#!mOu|GFbEcnWK{`=Mo<pj9
zIgF9Kf8XVe4#?N~JYyG$C2$!Jil*oeI|F2)QaUZb*s1VV>{L6BV&CJ4uqVJx$FT}&
z7?6n_$gaC!77>-$wwv*elGvx$QNnM)x;9ZOX|FgI`=-TBpI*=y(_brqzE_uGP!}if
zqOzc`jGds;w;f->h*09-pbz;6zfXCXCW+ksHz*f%;;9H&1hZRJ<0Y0>JqNL$%p>ew
zGHfI*WA}=1U<QI1*7~*bWox1}Br~T)I!xpKFq+)pm+27!8wu{%zQ+F2?Cs~54H5wu
ze;j>Qqn;i}K!^=|0@X)Z6Y<hJlWrzUEh&5s^8J`A_bNLMls8C{S2lcKoS8gA5-~0S
z5TA>k#_`JqQ6<)8^Bm4>^pYCf^#6I|PD*?d9vCq)CHWOc@ip2An!<s9G9QDM2cCrV
z3gIu$<i{V+-eO#zFUB}|xB2;2dD{-+e;N2DcuzYd`!VNH8DL*~U??cS=SW>^aXEqy
zdJ-Q5b5eb|zrPpsP}MJYx4LFbIwA+S&RvZ7uB|ay@jGQFXFoj8g2O`@c+R0?%)cgA
zwZ!QEqmFA2j!VDJs|xwii#;Vh<Vp|003%6G`VQXHj-xo^$sd@B1m8LB4D&MfWM!!9
zzHy#fm2R2rXds21FyX{-c^?^Us8o>qPo~8dgvDdXXNoMOVyM%XgRnXJ<6fp>vI?3J
zTZ$r=lImI%sMneiaq3InHmcy-5p1KgV3SvpzSAXX;VBqALe_)pBSI#`8<&R@0U&>}
zBO1+nBIB&CC<nX0!IU~QwebqW*D-%cKUUY_aMsfa9WV9{Xh#ok@WZCn%|4BFq(=mu
z_ixS+;kW48*3&2xOW>?+<4f?!iX-G&3V99hLv)qlb}Hh$M!7UrF+IvKiV_?i(~MiP
zAxk_Xvcxmj)%66ueWnDBcf?}=vz&j;uvt=#2k2;r&e`BTiU4CkoWDh9BYrkFCuG)Q
z*c})PCrfa$)XO2Qd|<SMLz=)LSELd1keS}t(GYjvBw7T<QJLM7Aq!4Wb@cACu_|uT
zQQy%d%bWNp`!w)|V@E$JQg0CEL~nG|$xg(?BQ|p?CUH2dplmxURvH4IwURk;=%O-z
zU>s=toSdCYsNh2_Ef|=_BdkG@{@H=m;mBE<hi~Zf|M27yj!=Uu%yPJ>a$dk4Q)aF$
z*0=B&;O{}!T`R!tB^enln+aiej|j2e0t;UE-r{lHSE<?NBRff$+5bxC-DvbO6%xI>
z9jdl(w~!c|%<do2m$3idw0R^7!5b=nK23z_h;BZo0o5CB#1d!y-F{t%z2tBKe}b()
zUcf{9YNa~VCdKkLhbt8#ywWF^$!x7OjujSdJqOuw8Y{bKe<EyGI{I|9g?($%YUE2=
zNU1#Tncf~HlWC!6g{^kFLu~>-aWH%n7LX<CdK(8E0pSb-SCnDl=1r0)h3@KqBzO?!
zHOL$TFEPemLF_)}_!rxc^+E%xq*9y<SBYLipGYMs_A@xwm;XiYlQ#9$qHpVPSY7Z6
zcn<;<4sUcyN{OUHXOSPLS%jc9k|^QFQ8wyL!mOC}WoBLGq#IOAC$5E?jz|dbaP$ay
zNr5yXP>94eWqOWOJC5kkV$P_4wK#;(QZ$?aPkJIzl(>6q<d<}ZwA5*^oB#i8mH2Wu
zAf{nK^h+9tt+NWM$>IHDJ)p<7;~0=UW9-^>oDRHDig$eUkH({_Js;$q;p|54whx|j
z;RnNb6z>18Vtj?!eDjnX{W%<f&kj3+L?Df2W5qO~(VTP;GJSoN4yTlV#A^9t7Lrc~
zc|pY%k@~+)RW>^(vzKOvaoqV`I7xH%5&X|B-S%v&Vg7NjKQZ1$5C2Lhy;$8T))C!J
zP0Mek)<TbM<H?nIeZo640hGHw<DRM%365fbfHla&JJomCQE1`pVWiVyfctL@mumSL
zYR^H+Cr)ftmH?`y$lX(aUUmzjp0>=)rs<W2rpa%k(I+|}ya(Ju$GCd>J@?nwF;}NH
zc@yKql6J`#7}5vPo$=$?QRcxn<$1eRFQ)kyLt3=6TnM@r)%LaKc(^bas%V64)iIG5
zq=H!mz8LN9N$wV#m?!tcQoJ$}mh#qD@CG~s<Glsemhtgs??^>|5gu|Fg}WK=RFD2f
zJNJ7_#$c5DSG#lSW-htC&jdEm9cMDjf<Z1F14Frx62nnfQA|801gs22q$!HKVTC+}
z6|xMV+<62Ja4!X;%`GC5oE@JZoxFdohi}j}M$GEq9q`ekm%;1fx5pR9fj_M(8vQMR
z;3vJ8WmO=yoqf1}y0aYYPG0nIh&P?K;fNu~oaHysB)C$l88>mwm?w5FKtsg0X55pF
zYBz|ef<rcNFKm(a<hTOj;d8sL*C&l!6?}u4BMWIS*?mo&)yGILl9Mf>F`i&DO7HFR
z3Hl^v#M-rOH(`c5C`-q@U=_*)X)s9Jb#|bTp12X4Rv`R;4tW9o@hi^LZZ(4iGw+);
z#{92zb0K%p>Y>Ho4Njybp4DqGGacKD>_S&mMFsgRFO;)c1;S(uSW8NR6L_%%t#_1K
z{b~xv*-`=vftFffgu&wMBC)eNgU-i~C$DAm!`!_NazzejXOFcoyiS8og)w3~)DE)1
zE@r=A2Wi)Trn?blqzBT2gmE*W-UuVi6>l*I$j=-08{9xNt+G}KaIa!EO+KA)XPDg-
zHW!!#_aII7W(IRX*J*}d>Y0~)cyUe>*D+Dj`^xYM;JvPSX$OuT*ZnAeI&6pL?t|u@
zpS@uf><`oQHli-dbbuuc3PrH2Pjc*mpp$F8v5m)n-Y=SJ+6f8Iis2SGV?dqb-7sR7
zP>b&lYJ)=EwN_%o^rf=4jI{*mu!b51YGmu)vvf+~2u(xx?V@P`TWJZqHhG@$$Xy;j
zUS0%YtNj+kM3YvyP8o+W2t6P&{(F)|g!h~Lz#RZ!8AxVAa65#pr-F3Q75wQ?Ogy^)
z!XX1=ZPLim&>jvMg~a7x@F~+QgWo~?o1{*NYuZK8b71D|Ot+A;GE+v78V-^7Q$}k)
z2jQRU;UQR1=bS@hWDdV>`N8o^uR&;scuxc}(AXpPim(gka53ooYY+dkcOhV5o~J{X
zd>R273lpvXlPpD31Al2dm!TQ~D1STqJ;=Kxy=sTF9bT5%tMd5z6#DQg$H->@c0Ep$
zYZ{j-UD*RQ45u==$5vK!F-48~d_JqCVbvz}Kar<Ir)hV0^d(!;KF^58$ZG=0S_-)s
zBfey95W4~|?De&9rxiw)Gy`L=M7)|$^2kmhk~&qU+`aNHkF~f08P5)R%zyd>;WfnO
zzWFxAV^ay9a8kqjmQ!N%m~wH-k$s$jW0{F<vIpI<DD+GDPIx@@s(iJa-um1CtxgfA
z*f&<)P*wCbG1Yr__7qd(m3J>1QZrv`9?C)h%-DH6mN4;(=kT{IDrkzsbuNZ3Z6f#N
z6yY=byKdQeSU1Cdhqj{dQh#W4^LO^e9l2qBYgEbZ$_+NK&{c{-L2o+Io(!jsOf$s<
zmG^VjGcpyjzGN&^fz0UWu!`^eWrqDCm43s0X@*|5i)M0m{HNab&I?O#IAg_mBHN_$
zzTk!V8$&?@<=~Qdb)JG8w~=(RTS+>xgXuUheGN8cXTKTuYRyO^#0ouz5WgY9TXV`t
zmr)!6Dt~-I;1LRk`2a$LH!O}CSR4}^#P1wj*^S~cn)#=cMBA&1@!!JuR(orGpPPcP
zZTJ{pg^zLIq%Y~TAnN#rkg<r6F%M>Lh#A$yj1}+$+M$&DTfv2296;<`dhXov0H^%}
zb(IQ^My8@eWp7>G*2Rnsk79`<|L#R?b=$APqkj-PR07?6yGHkIrDfOJgnG0*2;{IP
zT+xfWWsgb+L98$CCq`N4(*Xui^ZUr#Az=;TORV`^Q2W~CsZo0uo7aH-9k!=iN9pbb
zSD%Zrr?eXBVDa}Vj(ccSSBy>8CeJ70?<MMjDR^kWm-lzrl$uK*CRuKWOpj#M4+?<U
z3V#rWO!blmfwrW_)n9$WBnG7g%RqwVq-l_G)r&T2ljIqM!b`g-Pn3BP!Tao(c<rxf
z_C3QxEs>!HybUldx4lDj0ydrbmh0c)e{=X#l`X7|y}4nLfA<L<Z-*>D@f;85N*W#`
zRSDG96-{MJheUfES-s0}4ONnR*riOewkS18Oa8)zpSL{ewk2vxqbU{>0Q9&CTD+`F
zua0&$q`KNnyx+a;_cxay9sxstR{`F0=eBO3{AUd1A8TZZwZhk&7D4fpWXbRcDqm`*
z^viOk(rzMRkp(o>1%6SHsWs!`tQl6nSuOILa<Y~w?|LG*W`qMB2X5*T6A%Ai=}1z@
zb$NC=))Q5dPcugF1-93V=`l#CDhBcBU3Tftz7d+V*h7HS)G;82yheh5b{6Hg3s8TA
zVGN-UF@z18|5ecZq*QvxN#I?aRUHQ7Fph>14jrY#G9er`z-G}k@j(4RP-{f!0Bv2p
zp_egzx!q0`t0|yQE1~^Q?p6v~Na3P7L8r1RzU9q-X$2m-i!6u*F3q2Yqj~fsOlk8!
zJ-j&jnX*0vBOv9&|KY-a8rLleBID7_9>9YSX$Rm;ODmbsAi|-wnJj5($)C4m0*<vp
zLi->g8NUSb$Prb*p?R{(UVL^3IsW4?=?_1iy=59sigR?O2-y@{Tq^+o``YTr9suuP
z?Q$_Z)2!``*luvZWegq%edg2|h5K+uJ(}sMjn+y_p0!Ez%g}d!$Ieg-4a%`*biFnS
zYIHpmC+76WKj6=nMbt^lwR->Y{KNZTkd9{BZT>q~f%utHJ>vg)lcj%EQp@V{|A30;
zro6@f^QS|JQ{fAHua$$oOpA&4hMnEL{eu_$@4u}U6{ziiPiSj2jkN^xkm{l96$#%w
zoG)I*OtMc>?|tom5Fp|Eyi35jAU>dv>5;B;x&Xg)2<uvi&8pfVx}{)zvIywy3{pjX
zfP&t)MNmuou?|Rz5($wd%@M<VUuP&D5M73PG^}dX*L@ZwI@5$-xmxm0ZGvZj%gzSy
zo#0?<=c0QCll&iTYejsSn<@HH!hViPRNnM=`Bje{V|l%Qi%@>zJar&6j`4IKh3r_M
zn?sLkiTBbLWUh_flW5z_#c@LGpy6_d(@|9P-7Ag^JY4&lF>q_Rd`7cuF6n@?0@zX@
zM|#f7gs(EC{;K-Zg#XbLz;>-U0_T2}N!uD-d-d#$LmME_AE)ta{~(54WB<l*S3&>!
zLlF8eovEIGX2O8~q4#}gxwKd{$I{JxN6&P1jWX$oXE2+Dkk{%0bVHP=U8q0pi8$c%
zIyI=$6EXioBn&Rb1?lrVZ~?ncDl(DQ(F1lZJwW=JCTScEXTdoHCFfD0e!vwQL&GMN
zNoQUkQ{Iegwc!LjH%`EF*Vy$0e+?0!)Xm7Jk!!hs&z%Q#aF3?w*@(~)<+q4N#nCt_
zO7OlMEJ6`DP0<7P-yOd``S^~YeKG90em(g4EP~WYIolJ_&<}Wrd0%!^H6#pJbNt`M
zcDuoNHm3(VgA|4-g>@yJfcJ&B_|*_df(TQF>dg~9avpn_;Y33Zt1C4MH3f!hB_-gL
z6^2rOixA>8Vha}!Zkulf{<_O^|8b2qq&;zZjW&z3AZ~ibE7l50Kpyxb+iJVN)nJps
zAvXY`E$rjaLCg=dv7urlRw(rz!gE#hj-*rHuF`FV6!&G11o0S#;B(PjhA}Usw0x3|
z+3US&pI_oQzx%GP^Q3*oVK9tUXkr;8U|vNXx)Uk9i>|RG<IEPXvZl81E54hT^`>|5
zJVZ&(SC{xA0U&?tcqcQIgA5G?Xjs;jkgSh^nvoj!>Ez0RFC7c5;a(>G7SjxwYAAdC
zc3xJCpPcj2v_sk_R!_UyjRhDxm2xjv);>O5&Wu>bqbQ%m;cUfNTWw;L)=!;$IC&x?
zW)TkHrX01zeJZ6it&*0$dYOvVU6>Ti4Rq9vq6w_OkHdfL7Vaw*eAyxW3{L0+lEQei
zw6k8JBYQzKtkxx{bCgnZx2_xv)C`-Q?{OJPgs~lU7Ooa}Todo~Ucy-#(jo=`6%?|B
zD6v$Ad0Xn(*-{-Q$~CCl4uLvT<D(=hBH}=n(E=J(K#*nV7oueT2xICgM`9Qe#1JvP
zd&?jNF(H3P(bbj0bvZ$rMb|VoJCw27SS`6y1(<E&8y}vY2!&R2A+(<(aJ2{sau*Iy
z>HOMpXfA=raGF#Bxl3;P$vuT9G;lz2lab}_F~aG#LvGZHpF`585)e~C`%&krqvZ8+
zGk?FLugU~u`4bj5twq&ztr7Us>WVqudK_R`RU&^S^t~cf*6g6Nbzd04aD5b^_M?jO
zs(9eYS*+xL%b-J5dxyCJ7Y-};*Hnic%zQMaDTIv;*8XIyy{vIQ3a3%G)*<P87D?CC
zFj-87oD`nD;ZIP7o0R)QRvo0$Ob>0wJ=%cl&kbB}p%Skr*vgzs>AMG~%j3~Jc0*pt
z?8|?hL*q?k-Z}ZrNFI4Egsf#e;SPREW8{sT_s3~M?7#F*f2$?i?{W1`M1A;^Fj@l9
zS_`FEa~Qs=4WI5Do#VpJ;>CSbrM7$4Hcg@PD03WYhK1X@B~$yF0w}c-hyPUF^XV}<
z7BuMlO?K^oQy=Wmry>qD*2C*Lm!Qt^WgCC=+aba|ufx35eC$LUT#kQmTQ7^1Ds`f+
zT-4)wTz{;JFet+7fE3zc3F7V<sT56+51vuzGSbB&ciV3(j%5Ff#v(MuuGdNw_`bGE
z_rf-R9lt#=Sl=}DFVzjW(rRjL0@Xe0kB(XKdRLZhPv_f5U8rBFA^jWvtf#l6x8r{}
zs~f5-4ozbUy7>_?%BnW0M~ADoL#{qpqo<!6aMEqDZihfVJQCq7S_tH>JBY@UnCiCG
zL5fwqSvn=+D2`%rmUqx6wL{!zs+a4lUC~VaB%|zJ@0av@Iz#;Z{Nx4RMB`0fXotkz
z8&4^Jo|on-@Pzcj;d9-pS+3)E@t=R)AW`?1?De|Abb|XLN0;GhL-0DK7{@Y0$!3%y
zA=7Is(-%s^7Z%Q4AV3#iNNcz61CAf8>Uu*NkP4zQS{Tq0SM^ah9~(IhX1dQv%m$eY
z5wmoc(vEWew^UO7aN!#<^wqI}T#$AM_((6J(8{VU08{vR+dJwjv6-h6W{`i<3tz#T
z{GkgCDG{$V=U}dOwS-&5c(-zla(OJkh4#4KLkH=?C%a?0yeFG=FZc>EO6*u&i^co}
zR2|TqP`2!tArX2UfOG}o(-+PJU}yxtt%GeeMBkcET6jTJI{fU3ws2rXznsz_6ox$5
z*&zjb!q|YSIRST-`%fwAtJ;5o+8(OI`SJPr$%prPtw4#-q&`pR;_)1iodd8T331NT
zE07;v*SqFm@*6_K^C2`mV?A9@WO~tz09@FOMKqcQ_t*hA69Z^i098$<38FW+D98+R
z@R<j1Km5{jW(2?|!k>oq0ihmzJP8KsCcKN%>=o5bs4r<8^+JA#MxB3jqg`m8%^gYL
z*lwv%lclkjhBYL3SaUuDb~aqAQ4jpBH(&rHePUUv@Ohvm79NzBVx`e)lQ)%s$P9e(
z=^RhYd;<Q!0MxQ6=vFIP3r<V3?UH|_;k6Y=u8a?GtHX2lHp;m`bUj5bUr1#i9q-Z`
zI*t*x7PuWyxX(@)tB`+Y96Ej|L~jM2A)W;tlxW7yJK<f5_+2=>z0Pp0VPM|Sp#h0S
z+RGHAruj`f<VchPSqubPMx1ilF>YvL9CwvTYbAEaD9mpLDcs@BV1gyi`}^&>4*ab#
z!j2E7mU$u{B=ZMNIx%<3wp2>?9gLOu<kjw`txu4Pdp;{R2Y`QE46oWW?35b8D`CWy
zTA})cd0wOwTwE&3B(WlKnb9r}<7jxB_aXjG<G6pTX86vWEqY#r87`qBBR@ASLk~QS
zMyuUTRG%mhi(qHFIyvhGciboLvhxf(J>)w7U>1l6WHz#O4x_LLA$%WQD^OF2?W2Mn
zCQT&iifc7zmt23p!tUong(K61o2Yx5*8$eYeK2mPsn{k?&uzz{9qHY;P6RWBAH_@#
zK-J~}Tv#qOQJ)WPi^j{gw%o6ra5Aiu=ynLzX(D&0?YNo;F<@bwTi<#&gl;p13do`b
z7ifhoj64Es1EgQV;ecckU53EmJySiuSEC&w|6ue{=H!2W#8np~h#-fuOVG?g;4b`(
zI>VhB0t%1Nqjm_)(a|9@3#@Wt#9$}}hJK`LTnjh{hR`Ns69_E-c(PSZd%L3Md>LB6
zl@=4(x8nfLyo*Zi4>genT!PEGhUlT{=EM7oG+QkLqfQ}t17J9#hFdzGfZul}7j!wt
zPG+RLs9b+jnhwPzqb)N9!f{D+<z(vt8&aHIZzjQm)%tD~q0t~M!p<w@cUW^p8o{Yo
zG|2n9m&Oi6;oE{^fEK$&Ie)7VyjWmv*90z+M(&A061t0q%7zJkHpl%Yrsd&8yb8nw
zSTx1BAxhSK`oNP30x#g@e5My%5q;v!gJ0C3JVJlmfC&%YiZ*fsc0FzYg=D)umQHXV
zW<>iKrz7~~KwYJo(wW~ioJ%uq(3+70uBOS57wt7fd}~S%c#f*No=C6Z2RJbUBr6yb
z5<CF56<5d?r9;>?M%FnF1m}kVpGg<%o%kGhi>z^;z(-M_d4GfRa=9EdR*D#b+S6-#
zjf+=_J<KbBWR$4|6x;CEBih)K8Twi%M?<*)g576os4yZ6m(dcrv^qa^<5tL(Ih7bI
zVbXK`%&BZP1&7)&12)V6j~Q@2PXsWNW5S|3S0;<*Un!42&<dB}D*+aNS|PT5yXHd!
zk7&qcgl|c!CRvoy;BdChO);{yg8e&no$NxeUqjT`hl=HzMY#V;%bT@{>D+~oW#2T}
zjv*E(6p@IG89_XHoPz5@9GcJ~!KGIV)z>C0#Fuv;!IwcqbG`^OwIrCi+XNE0i15pg
zC+(2jVvu)duUeoE@=y|gC@)u7EjnJC;68DV#?k$pVrf6c<JL!Hy@*329ir^0Y@?#Z
zE7<L8XWtH4zFtJfCV9THnUtfXdOmT21SNC#+aa&RqEsg?QXXJsjh+jvYOur<IUrG;
zJ&CUV9E5hJdYsY`z=UHiz*-g6<d#ai#=vXP`CryDw#2<&+<^9fpiSyl+)-av3+f(b
zUIUWmf?xms-`el|`uG1ATQX!oPKgnq->eC9675XF+`RzpID=11vE+nPB(vATGK(5*
zCR4Gv;JAPex@n;Q$28E-g$ZVV(i3Zq1a_ZXS?fMZRUR<LjJ$@C2cpl}{T!`+AZ(~P
z@EO5w_u2ADLzU8he}!|^yANI0j=<$P7+9qbNd7XnmTsOaAG{g;|7>CKkE~Zzc7Fm=
z)*=ubO!4{KL){;bhI#V+K@fwPPKGmro$}z<|M>rco$kT*b})v^8D_|Vo+cv_tvFN~
zmrbPQX56JU1H>m>n8Rz(5c#bcBHkLsT~F{+7b$WxX-*%1#9&G-6N8!bDbffPI4CoG
z4a0polrR{ntB7Y)&mB)UP>H;sr`XYYzA|P`_1zHvKJYLQ@+4&EhsMb)82T@5_3AS?
zCz)S(bfQ;UGZQ{d<Dhf<qW{Nts%TEku<n3498rOm51VANut*6kPZah1!f8`nKz#Zk
zx@eaap3@zF=kU|H_;SnBEC2E@y!Aou;R8CP6!nBxH3j5pC6fM@u4cKJobD}Tq@yW?
zoxM1^RR#{WlQHz>b)?$10_)_(0DL>l9^~B2&DOooSn<483EoGtwqEL9WZ~6SG;D>u
zDz^Z*L$+8}R+N;2_C$6lEPfHZhTDFw;`BaXTfE|b?$&yH>|=dRIh{|bCSm5#=$hT_
zi!E`vR_N%tF=KN~d{Yc^t*Co#=Y6hXT=^T8eXTz;)>*kV%`u;s-Lr;A8P7~CDB7{q
zlz+dI*3574hTyHVj9c3|=uH42buNq1--Tc(pCw?=k%4OErx&b_5rH5w5Wdp2Yq&Bd
z>!nG5Jfq>g-0nOKhtwxMh(f0w7au|$WcgD@O+5#hpJ)b=P8!(MvvNy{pTA^Z(AVqg
z3dmgGvw{>uU7T_QaZE8aTaBm}7aM}umuz{Uk{ZE1;kgQQJ!;r>QJ=JrG{28!4e{Pp
z6swoP4ydjx!@P^JUtZu!_%O>N6m~{{I;9GK_?-^6%?i4Hu7*_C9_dig4itFhtiN`H
zNyJCgYSGQwq<+jPGHAG4O&#~9lOUTWSnJ;fVNP<F=mI9;FSt@6%dq8n0@3(tv9#KS
zMHB-J9(T62&_q}VC1IIOh`eGMRkkiBYmGNsKtWr~!^OS1koRmrNSh>iR{7O5HYKHh
z+;BE@ywNVP@jW9G*GVA#-TnM|3(c9vyioP9<DJ%Y8X-ry^sU~2KjO}L>|u5WaJS^r
zo-tp;+*uSCIp;B!pq$MG;8HkIas9#==R;#s0}9#>c^zh;GJ3SaltPmf8KqefU4=OL
zq64DnA_NV$crfMNtyV|7Ug-wc;bFjky2TqFr=v&<xgiDDwPpsq5xe+6nLX&ROX^Y_
z_30!1!_biIu2r|@8u>^Ikp_;f5h|G;U1FuT{Lerv6r_2wHdsH^7VWid8i)BUK1pUP
z<Xc1`U_rCT#6Jkje$0s+W+^U@yQeFQ9dn$CPGzuGk%dVfq1M@tYD!)Id2s=Mx-JcX
zc>(W1E#8<m;VN#xZt#{h<%yhtvi5qa+aBQm;^L$<6(1=UxOMbIPcg$}-r%Tvv}<wy
zr)J!b4Zi;y<+o<|{xek3^+aVW8r^^W`+wzTX)(nJdKzEVabN{sc8|~~vk@Ff;OM_*
z1VA7yq){vZOT}N>v+i)6PRd&~zOe!JCXGi}hQzVx=>VC0g58x`-ko-LQ~Q;XVZA|!
z+mqcdf<T1shnM;Iv9hpWeiLFHvzH$-0Um$(P&>34&=gK4!9c-Js3W*i4bRWcnQ@9(
z|A}xtu4O<H4#v^Vu_G0Sje(b1iTBUVji+gJV2mi`hOGTTok_v21Q&15TLHZ4Df?pr
zX;fd2PRyqh6i#mJTyX<txQK;mok!y-M#gwAnM{=!l0Jlt8jX7!UEkoP$yNUsH8>@O
z7#KgS9gsF|bbI}t&@W0&vHr~kGf==-Vbe&OC}|eg!zMqRm*Fx26MwZrl>1wd=vkmq
zXcCcGZ8kEcT-kC!m!7h{DZ2B{WIBj(m`+ITj(vK+gHYauS)^kN8Y232m*zcV0>NJW
zupUi+M%5t32sMR}rBc$5Ddr2?k1)h!{7-fssW3CcV(H%Xabzh?GPa9njoph(4~c{f
z^od-^Txk)vHmU0=0Dm~7+>MdhND&Ay71o?HP5L2k>vq_g4j|4Ue!h73RxBVkW{gZQ
zM;Du7GyEk|HkS&(pThzC5=MnFb|?qRy1<9fVB?P`kdCOBZUJ|Rmc)x`8ISFy9`F=7
z8@TH$nQf6@G4o8Q59*KSkcB0q7^|)D#&$^f$ZZ$3dhJY_$A3#dLU#8U0;cNhwgWNH
zmOGiicySDlh(?1pgh>Re1<Yy_tRCYXV(>VLmAk?sh{g~bMZAlMCy%0_=<=i0u>3CW
z*oC(;9~(h}IJk;bOp95}==8q0dYNQUYUI@>KSN7YV99{iX49k5$Xunvsm=Fj3vX*I
z%<*Rwcs~#4v41*V%A!FUJRpYLeVVj5SPZ<%1J#|Uz{UA^_O@$BOYmH5iQnj+v_sx5
zj_d@lglozmh4d;o;Mkx06AHbZ+Qu_h(wOGbp)tgTb0?jnYKKgZ!g$E(DZ9x$?;{w9
z)Q@Rg$f|p5-(9numpmqm(|wu1n0w!Dx66K?P@F)jg@1q<?lgB~&^77*&xdFI0_?i7
z*uHNE^pCA2V6%;966UvdOgf~@@XfD64rrtzffECkn!2?X_13k=`ANT1Zm$<3BYxBx
zmu~5<RH7^72rBLdqWl+Ru<n>jfK{cw`pnfOoOoq2I9_w~V7k!NU(HF&%(v9}f$K!%
zRucu_LVxEDIO;%+k?n~!l$lo%4vRhqAanLXA`t3B<A{Uegua9%7>1`vGILhkKtPUr
zbvJZ@^`{GT1D`JN#e?*#u7?Xdwun4%esuWu*c}>x6@mM32DUseh~0D0-QM2DS_>Rm
zhH;Neu$D9wc|iDTZqdzfPZH!^c{8rmhGFm<<$t$k41;!R@p>Z09tpuc7(}Dwa5!0l
zAPiqQqOf6leKVQr2@lSp5of`j0F)^RXx#$~e!jRkC1_@v%l02LpdcUKsBtKHTh3z#
zyl%DyGX+f3WAKfA7-TFeW7Jt@4#?0X9y(y=3p6CISbNsN!tnxS&BAJSh$Yd*cb>Yl
zIDh(GFg3vLH4!D8sPGmeQW{V$p(Co?bW#|dSR%_@4?L=sjDtg7lHp*K(j~9KacK+3
z8F#!Oj~n~$qA)o9a4tQo)8dA)$yT7cG-rSW=Cqh%2PuK%R4MRg3b<lLGrLr)Z!09Z
z=Z?6DlB+C)%yv4Yattb;9yK6F%ZpBA6n{>+CCK+}Ar|agGwFYhK132BZkU6YF$zbE
zC!}4SnHjnXk3cwF!NM*8hYZo6K{zLj5#Y6>bU5V|=JYVCLckX(zVfP_XG}lXuMNy{
z_n{git}9pJB=XBvzIB&jwWwu7P!xO)d{tW{r6?0y>)pG_ZsU^N#!3s$waNICJAcw#
z1~!?yMy+;)Xy4PFdbylCV9|Sn9`vXdSHKI-g4>|rgVQUn077`q(ck4Dj6*$H%*->m
z#N%CNf97*IE}xNO(;5t!qhiV92@xMQefVT|5&fEXTWByBEP1C-MSClo?{tfPR~iZN
zh;AS=Q!CyLP}|8cYsWto-tLw}1%FN*vK9PAJ>~;NU^;c07s3CM16l3zpZWy&+G|bh
zN<2iZkG7jUM14(0E~SaU6@IZ3O+m=uS(QJYe|R5E!VDi``_$vr&gZD#%FoG3S5(N*
zmV|1c!;<~&&Kcis!2f$m@tau&f5}yxZZL>qM3F9svmv}k;Y<%69H<}Jj(=m&QvsyV
z(Z?T0L!A=n(F&S*2DiZNW~Z@mXs17a?(cv8tb1&UxYG{tofqk(Y+(sStng8&(pdZP
zLJ~7j;q3IhtIdGpu<Fdk>WnFPjE7S&w{(sQ>Zl11tywl}s*)VJUhq5GP8G(OtSGj=
zUE0Q!r93ni)tSa&5k-&1-G3AWcdhvbh`%quP8P>@yyhe?WTb!0f1WvLT`o2EL+Ylq
z<O7)_+N})I5kdvTa-~uoxm~(@W(&Zrn&Gqn+%H*jM!CUnJYCfG&@WVJ9qJf2PamW2
zJ3F*3jYZ(MH<sf*f(YWC*b0ZqjID33^?bw?2Da2A$s)}jM&C^EpMTqzIG14wFgi21
z1h3dW;T6hp*@^oH4Z{RSC=4uK#S1l=3?a=H%aMWC;y!E`4cmLc`4A!*Zf|+|3<P~)
zX*ID1)gA;qTSRa;{CM%fCpqADh#cfi`2z2@q152_+y65-I{g?-3pj_r+UdeN&N53%
zbokng`?Y5D2KWbvSAT8T4PRc?Y?b=1Cnjxp4J9ZiTy#1<#{tg?VhfeyJOm*{%8SsT
z&mEPXykwq?BNu2zQUI|?LYo)lC4y1QaK=SL6%rx`)0c-(181EU5cYh-l|4N_fx;aD
zrqT_O;j0iC5{JNWkMm#4S5{BtpmrArsnXgai?e2sD2=gtI)6n4(psmG&cK6ysoh&Q
zN?AHRs+SJP;r|a#eZyK<Tc8tJ3z~{hwlq>1=5xiurV_fgnEOgsAm&4stLfCpi6M1S
zsTDZ#u3+-U#L>bTG`F<AcnDXK?hV_)EF4W~9Ug%ba1+TO7ZB#QhQV-%piErc^!*v|
z-U<LpWBI?hTYn#{+3+@ZX9rSl+rd%TPXGjkyo1nRJBCy2S5cOjl7t$_EF6cHLo?!+
zAJe`bHoaDA!a-d}>roTvFok;N;M>MJo5Qa_ylE0f&E&ND#P}o6ehP3P82B~i+nq_4
z4ph+DK@5}zi7aJoyvgvo9Bt(752mhXhj?w`){`Z&aDO~upXk+nvD;O<gs$s8A=&^V
z{=)Q|Nu$05Fp>?06F4s$`I>Oop2u9E9OXPGLH53zaA*|fH-i*uJ*_wvGYtXH#m+%k
zlviMx0Ce{zy1r4F&&t5J=yvg<A7*ejM)>-6$nlr37~V(~-p}JX(U#sqoU0NM`2}os
zf0B-{8Gja6-GmSYjYev;rBzbi-XF$OoM0ePw+k{FWI%Cju6nd(dARcBHnj=;wXJK=
zAKwjbm13B-!kA}M+5%}sNI%Y<{qd=EgajV0gHnZ;V*fIAXTVn%0ID5Q*31C|Jy{m9
z7noZeWRS}W`u;}23o>diKluDv%1c2y98Q-g41YZb8UBowI^G3DIbRt9B`SdtpzpT8
z$<dex+;YKF@c$~kN#){f_JnPf&q1nZBpH_LARN*VFdfeMGQ6VYNCU-eZNGGC>S5Xt
zNEzfw8!y(Pdb!r*fWtW_g{i+mzQ3rP8FV1P*fJvs9;|*lPE~v|_*``tjSx+ujubin
zbbsp7^t6{SSpQZaqltz$X%64nwErQd|IP-I`q4oL|0=pz!8fIE0O=O|OxzRiFW5q<
z7zzNfjf(=MFw&n(DIE_kXoy~JK>FVV(l3SC<=j-#CTRZk$%TgHj~ogpT+9$cwH$e&
zG-Gu<o^rb`?UA8N2PdOTgLcFy(RP|~qkq;6mM6hBL~?6}$hS>%*ArZICJkVRN-~q9
zpgmvi3E81*$=va<Po^+J=0NcBuw+E6L1`#*CS5tJjd&_yrXYGBLXLTdOOmh2q%X1C
zV3I|5QLL`Hq%Vk{RT&w1%eV{1NEB6QEIFcaP@$)M_V1+<se|g@f6dAGZHDr_!+*!4
zGMIkopMV@ow@TxzK_K=XM3HPc=9JKwiio-qK@}l{$WwFX2>;MbH+neDQYOSG2W8Uu
zFNC#NF+VwN3Ov+K$lvR@*X{J6ShNJXLbLP$5}6#t14z6(KgQ1HOqVdR88#e^;YFBo
zr&m|eQ1$f=75FJGaziWG4xCjoPk%^gvB8@zS1}`aI=hTUTU|X+Twf%6|ALPEOkPLx
z%4rQ<G`S2%qYUjhO}E!ro}3rn)!QV!Px>}ZET|fc%!Ad}f9vEFoS{pzK98o0SJ+4p
zb(jrr`u{dXFbOv_I0Gp%`~m0Vm=SIHj08OizBDqR6$0Mh3XX8RVIbo=aeu+}EE(Q_
z45GjC#tH*MTuzIjtgVRhRMuFGRfsO=Y8p4iXVgk5cu^ZT8(k-4_H)zig6;DZPoiPF
zzeyqGz%i{{eqeJn?@Mga)hVDky)!zL&@&IjOiD3ZTSF!$a61rNO>{=;^J@F-YdefH
zP9tPuIhv)D(?B}}iqz>S1}C!n1lhc-tFDvKvrM%lxo9{gM=q1ROEc5qL-2kVhKEHP
zVx_gd9hZPV0T+KtGj7FN$`Np^bQh`nlEC#E4EQq@qULuv$hIAV7UQ}gAeH&VB_WGA
zg&Lw*=m*=|+uv?)<0W_@|3rsP5irRe1Jjb+E!u<oUvlTxv_trRq9ABdsDvtxDP=^h
zwJ{}=8t|w%D~_Ayw>#kLrxPrEIFto<Efz8%ICbSkCaZs?LDeRFDm3ZgXMPGVDSNKH
zqOY|)klGnKH%7*ZU}NN^Hv-fGbV3P~l+CBCNC#<gqbqVGR4Y@~b)8zd6%gZ&H=@>}
z_Tv9XG&aJXq2S}iQK08w+JT7^wnNMu(evsBCdSWbhs5;?9Wc1#bcDhOYdli1D)fdG
zG|bc}UOJbRKmic~^(dF9KmjEIOqb3;0WN=~_C{UDs&*Zd+VxF<UD80|Z0?v;xy?G4
z(+e9s>_oFSOl0y>t0rR_sC#|65TlgzQ3Ex!Q<E6M^jGPrDianO{@onX5W$bjaJYAv
zzRoiBoVC!}4U=MfKR6_fxyZoQJ&{QP`dx*s(9L+7o>NcVeE8fV{>3lHKmPpT!@qxM
z2FCjo%i4VMd2p`=H)(n+u05Adq)9kq=0Dv`yokA-o{~5Z(2*P5^ym(~&1KjWdck@T
zGwdYthKO&?*cltGZU$*Xd4jelMJOh&BIC6Ud|-MPw>~UySfjVI%mhP*`z|SCp3>-q
zynvW&EEOfwHBW1W<&bBHIZbi6=7N9q5ECpoA}PasRl6IaAwkJ{GcE8O-D?~iC)ZJ;
zgluub4Uk$j!WcwvZnV_BM451Bgsdut*SigUF5BX<3y-REBASwMfsJbm3-zWU$XP4d
z78j-M1|L73yw)WT-N?n|=1x9K;6EYhU;;T8x678R6|geyg^;oV((5qme0+bpx@X_}
z+P*XLlJFdUWtY@;sQ!T&gdN_`ECCG<sN}943>8ST&js-yET82N3D4_JPv`Y)6zw`x
zG!42#>%<B@erU)=ppm-5$$_teG>K<+Y`O*}*@Z1t40;9<rdbQqB>Fd8`aM$PNlFU_
zFK^Y148q+$3RLgt7}>=V8kB!+iixk49P#_Qj`t_MTqQK8Svq8aCikww?+&hB?Dr0S
zzw`Uv{=tjg-eB))*xMa`|6=dz#f$JNeBoe`5#2M<8&4-zTI{Y(t`IOxXzYkPuT_U$
zlsxGYq;;@ej?gZtbaH-icyavh`2EG@+414)KX<8|lc@NIllPa0r>B42U<`&XyjGWk
zbTs=x%1{NIB<*~mGHE!PN#!WWanb<zBzX6m58d(^J6*%_4Wr!o-Yq#X^wPX>+XTpq
zeKQ^55tmncR2M<0H<s7+|B|PP4>Rbz4EcAIVcSJf^rF=woV7{WWuZ`NYDa_9Nc;Io
zF71%ZDQ-{@MX^JWXGniq!z<|C(2US9;-IM&uWzqSJc8DibJDz=k@|NI-Iov1B7YkJ
zm({MPSU<730r5s=%gIa}urmgUe-MCWhwtNBd9dw-5DGNIE}Q?|4k4Z+SXo&vGIBMQ
zWl0ruOL>XU7V_kHco3EkO#xH8Q}2-!XL6$tW#A1dF|IXQe_?-Xg!46Jx9}|IY2bI?
zkC}setc2M03)T9L5z_89d|@V`QTEJPPUM8!dVA?W*>a?*dujzj27y59o*Fhpcb)@g
zzU!B;87n`eV)ZYqd7^T|l&}j#r8PGGVkvAKb(J4zR1FD3RD~XuRkB;sM^V8Rg5SFj
zfZv(=3mhP(_|$){<)p4CS$%COP1*<PpS=Hc`1a)W<>A}ovy01%Kc5~q<9@9f<eez&
zo4#wvfcj<t-YwDO^~5kem|LHSN+7U6cBi8Dk<i4`vI@u?P+y-8hk^b%$~$<`khf!i
zXS|^|an}Vz3C9jT*p3^H?T9798Xg0?^(D2a_i}a5wNQVPhT`4PRd9kEK56#DG?5_`
zYE*rjyPmqycmdWPtXq@9P`t4(w2ApEPs;=*!jLd{_t2p0o6P}h3urwIY_|f_TZB<B
zE_b)NQGD-d2xu#0vcDC4B4=p^j2qMh1Vp@_xzz`@f4(Wku~ta<ySmQyaY)$UxhB$)
zYDzW!yV8G>XKi9T;<09-kMdG9GM88A?r976a&_V3`+s@=;g|OmV(?G4g8Q2&Ry6w=
zzph4s`M1aK4o}|lKY5A~O(HIJxo}C$9u3vTBFul{xW`j*+HpcpLU^muTbgU7R=wAt
zKAkS3wUr?4{)$1``V?p$r1imB?7A`iW{KpPbPIpmAt0xz*2%F2ADhpjtl(?~Ul;zR
znu|~IYq|4}sR3B4O~UWfdp$ril&v8phvSmHUElKd@Z$LL^zhHfDRNwf<DhggMZA;m
zYTg|Ft9T^$)O<&SgeRd^w&OI6NAXW$<2xMR!7jrCYUlk2{rbsQp115Yq_DQuDDTJl
z7*&5pwqxpVPKg)JTgyIwFa-a8EE$w9ebk;0KaWzzkLMPd&{&s<Vqaav)s<sv%7z@Z
zAxg4=bC-d0QGY5l)<J7Xv0hdvRSQwvy$4WSgS5D8;$R$p#^F;a%`6W(1Kf5MX0xqk
z+@UptY_;?nBD_XGw$D***AsIy_^c=CSS5eg;J$GWWRZo`fX3~9TIMdUn%=1_r+J(5
z3=RfWl4E%2?2^>op#gVg6^r|dM-WD5<0yeQMnjYT;D^Xg-G;dPhJvjp44D$#>gmOF
zqUm*T7o+iXY<d@2V_q42l(fQor7UcxWkG-8NSTx<Ef80gMpK$>vH@4u78lxpt6zTz
zuC^3dy|_;wfmVgZgQX?gWZJ<Yn-hULKy)o?#T~2SCMDCz-gk<|u|S4Wj*|t|XXG1+
ze?E}H%E9&y1x4^HT#ex(vrRFjwL-Dq*H%L_N9?-UOFCCvv%&{&&OM%)_*afvO1Uy2
zOsZyPZXCSWsphiM{BW>hG^ak{>N0;iSB$hZ*3l#not&3@GAf&@%N=J7@cfj)+REa!
zNw%>-Ykj&{4YV$(n(LLr(PLwt9&5H~iEtNL(VfLs)N`1fh4yo&%6{&&M63&7NIQNM
zi?<VB>OagML4`rxooB0%k#2`z8-Oa-ZYUQSN$NISIC;TT7CP9}O#6;UQ)+(#@X8pd
zw`xT0Km6Pdxt@o5ZoC$ksnodQ&E37yPShj)xw&>dxEv{`5%X*n!G>b+beEIOY)Ex(
ztr6Qpb5Mk&R+VQL<OJ>n5@+$ZJK^)uxB*e#CBDIY;_2SNBCwx6P{VMV6N8FxU+xwM
z2?{>eJI9By3N!e-@|*NNw<Uk)D49$PQ8dYVx6Ht9t{?vT_y5X+QFL|1Ej{V90Q0$w
z>0AqaYzsKdyA{3w7xq-}oTIv5|NB4npzTrc&P9k`1(P_W+S}&>vE!dF-o3T-^^@1_
zfr?LFAHO?&c-FNOp}hp3$&-%ei+0+8>~DV`y#9Fl_T&gzXYW5;oV<U*f1Z4J-;Ara
zW*9R3Bf|A8!%gGwS45Fprqk<*GgdYL3v`@2rxLp38}v$;@=>`ljNkH$6NuqSg-sM3
zaB(=z3y1?CLZOkXCcpRURSTeKZ1{D)1_UxU;a!CLa`S-Y{dLRi8$5bJ^DnN2k$HOI
z*q=S*^nl~9N?Ox(CmDYeu#NPBVIeyrjRG3odcYDi1y0!@(;H-ZgG@i%@{1k@{*DDb
zklxT^whgqgHXLSYo_nQ~c4!x&(|6v|5R*(X+1n2Da7eo}q)S-48({irXT7t%UDs)w
zCShb^EVv?IWQfg0_d<~9?+3f1-QjlF+a2!j_x1-nSH17m!LWa~GuRGyhdWo_hdbMI
zW2AY1nhY1G=dJQa)hOli6luTH%XWCZIXnFL`tr@&!=G&1*7>{h$|2FGctW(B`6>&i
zBMElYXl_*W(b>rbgf(yN*1Lscqt^)auJg2>G(oy^6=fKY@CLxGH9~i46rqcQvwRlx
zjA^J_Rx6eY)-8XL)`_#3+9)40z$no%BUZ6Z?%^aT=m^+2ua6sDG)U~j!^$BoY>8-W
zBYasfem}h51Mh5JX^EVqAAY_UzPfr~1-Gyjw)%~$?|`rKUdl2t+RlUFrx1wCpyhpN
z*9zm9q7l5<Y|+(NA{G1=d73H(H%+KfGLpg&?K6I|2U>rNg5O$0+!rPYAm=tmbz5o&
zrI|-92T6~5*cEyogtfkMukwQ0AA;2HQ~g1-pdrt%rt$pRJI3I#fi+g6YiI4XEjMbf
z+p#~wp@tdn@5Kjb9i}}Z@HLx4t7r?1{absSzYkt7#H6IZ`5|x62H^UabB$Vq)X&r5
ztt#wJJTQO#kPGYSb9e)BIY5%js`e{|g{UI9&v7juyg0@k*z>#jc*tinuGX5t)|&;*
zzfFD{rEUmrtp#0WhIkd599quZu{fJJjA?MNUb<U-l+y|BuPkBD?~Y%ee0)dfvlQKO
z=Yxkx6ye1v6J6?qKslU33^P(i7{wgFLSTX%I)i_Z%ZS(Wv-2*0O})eMDjiOd`I#pA
z4<QVxe*+(p--NdtaQkb3+o4ekI=`;$QHJjfiWB8H*vmQNG)W{Dk$&sRlwO6YjaEE3
z#5tuBT7_&yVJooA_{a6YT3U%(zn87Qvf`H#Rx^t^n}Q-_s07Pd{Gjvt{dw>WGGB=|
z8|;7Y@3o_OmI%w{2K9#FgbcD+%OXvE_)+6k_aMXqYxX&21bt=-1vg=qz+tpQa@eN*
z_8j~J`U=`^X)J#br`N`s47py)$?WoLl%9cv_P2tQD=xm<I87Wg`rWR<bO<0LS3Fh-
z)J6H&Q@dBlWuhI_;B=90p+;T4>9l>CN?w0=daHG{H`c87rWo~l0rZ`^bmmOuX?$lx
zN8e)8S~4`%Rp#EQue((ye0hdXo#G{3Z85kuF`gt*5pfk3jg%i4Rm=7z_`C%o#7EeR
zBr}Z?almmnTkV$K8pZmN=(XWoTG7?`pbVf$h$p#h^x;?5#r5J8A)1y<^|Fr>kko(3
zuJ~(*xP7P*ew0zCl2yfdY(nN;dg=>*L2!N_$)?29EG^Pu3h5qgX|x_iny?~D==ixU
zku!K{lo3;kFzp8Kij(zOAFb_3Cn}*Z=Eb&@^Yaoa#FrvdW196%uSb*sd~XnGR9=n}
z6g_Q?gwJUOQ$V{4t};YdI*6L^RY!kOhm?~-lw(#jZMnu6wDG!cUuR%9f?kp$N^oH#
ziQ67mOGJApme(}gI|>^mxEMT)V-<7A5GK3}f+cSyOuSUqUK6;ZIJre)IL$J6dA!n9
z&vn{eyqR>ND{Cv)xJ#JoWX{rOR%NjtIbUuE%v&`_y3V_fJ>%9#QJsm3Yk7ar5&zvc
z7x+ejThDUo$c@JEO&;nWw@fCJQhhvo8z7amA?3!kht`c?mn<E5g={+%06Vo)FI2QD
z(Q$&4sYG^I9Qcg5W>i!JBKRq~kg!GA{Vz9)E7SI|^i*sS?|}Aib<5t{^UAa^5+|aC
zkUv>>PJe*7pxkjxx_!&<I5&R-b^IL55M!$@0le-?fi)fK<&pF1+z?G}E?^Hj85~X+
zM91?w%pf#Ix-$mb12F8MtuYv1f#&y?Lgwc&o|nsBA%tw+RslWjf$WcWk2Piw|9lD7
z@fyefX2Gxj_x}^TO|K!6!GE0>;1hz-IXkQq?a1%cWS9Rn9gM+@;17TH@WojQA$>4X
z!w5+-&A44_hS{s#O^^8(32vj!4FT)HYWIq?hl%PCqKwEtn7@FtOR$xk`}m5ROkpAq
z(JVL3V81uEPUc;S3TP`I(oCsvaOFNs^AU3<?Ohh>t>U1;E8FCF?o8|BO)10>#23zM
zfkQ#R2`6eHF<_)7R9AmX6W&6d#xXv10FE!5_TQWweb6|;mo<5=g|e+XqK~{_JzGEn
z`k7dWE@Ed<!p&8>wSp`CsB%4c&7?{{;k2+94&GnZmBZ81vk#w+Usvc#NB^iRkG!No
z>hNC>qg+DbI8fQ;ILvP`=xzvZ)JihIMd_m26b3TmOq5I39-)6?k&c--m9rkyLSZBa
zcVrm#l!P?9y^7QOpyT~GDsmMwDjDYRDVWnvlNiYew&xGYX!u#}fW#p!{gExHzF2Y%
z%ZAio<JhxsP3Sn!9T`m_qari>yX)dr@Z!5|yH%GSLgy(Y1Ox-~VmcTg*PA}qT<tA<
zp0^Hz*k0F=ooIi1(25h;v)$)p(^$kb=D}Y?jm6QQj(O;TyvU5nK0N;E<oxod4{u*@
z(P>~L7VNb`e*0U&5mz=*V<)(=1)Eb%U5?~7$#Ad@dZzs4<8cnRQE+<#Npgv~xa;9s
z>ZK&qrUNE<;mCz75Skt{Bm{{oeI3AXS4=)jAZEcWJfnZG2=zrm3-%3UlG{6fP@hAL
zZLkp1MZ#eU-*^Ik1f0zXevl`ZahMnTKkV%8?L#nh4YAK9TC@CzBAcqMxwhXO{#^WW
zTJ2nK#k#lJ0(@-;#tG*95wX|j5n0SU;v++L=ol<vUmrk4Q#FqkpxngCS2A@4pL)|O
z>2lJJ@^gRV?+%-?t&-U7EAoC$ZzMq?cyt-7>oC4d!m;YI`~yhX7^A1B!;$gCY>KRM
zjO`~kX`&=B$GGD7+npD9Jw~I9NT4)g0W#2$9ikHHKz`AcdCXw9<XBI|xADag7xkz!
z!*BrdbSVU|5A-MjGa7gy?WMw{r$A1)qAiiG)Ubc9q9ja)5w<$>h1q@R!u-20{=fB|
zx7#8M4iide7*$_#`+YaK#v09Km?TrUVDL&TXNU{>?qGX+``hj9t!^+*!AHfjON6%d
zuXn!Fzoh|S@che>8Wfk4kUqhLgu4gwGBBo>xN!%5NuG%lcSbdXf9)MkCcSgkm>)dN
zS!91=`A>KmoF2b_ee(XN%d_K8C&$0gL&2A&mlL!ctDa<0W9U(2k-Ag;p)_}gb7A~~
z$UVBU(fyWO+!$GD*cpC@%cCly`w|iDCe4vhGM_i-!9y)M1-ZP{E^qHiH#p}<k*b#j
z3s>$kkFJxDP`EG;ehhQ<V!x*nY?g%t89Xl9C`dwkm!<o5{CzrzemoxRew0y0c(=ps
zR?+oMC-CqjNa16_kG?WYf-kwEEtiE<0YQJAB&85DI6Zvdl=lC%=f$|D&y+;X@FP=z
zXWPcvfCQ4nnO+9|;gCqyFyOl$uuepRF_*Jy1cp|wmlgu>wm^BRR;^z|cacAyHP)yz
z!be1>snE)f{4f40;9s#1Hd9j6=LzxSSWTVR=@{93jtr}6h!!`O6QhS%><34TF1ddM
z86?cSAqapK``5q!=iU~xWAfky{MUC&QDjh)s<0~r#l{F)F}!sTpN91{MnH?gj!#_-
zyMEg;s?4sX%2+<ZVVOw)uVLB%qQ3aGjEC+J$nau&yZ7R|?JYJKnE-7-lE1o()cvI@
z!pj@b<GdMHZbOuLMnsvG>+*V%77R@WnJ069RY^jIJf_0lqbvod2rZG47u)F3vSCq<
zaCrF>)^+5BgFzN1!y7Xx3+pHF#YiIt_>@X*czke1$W=OlRS{)HhO&pKIv<k5*PH0&
z%UDy#W{IH4qU&o}XFsR3{Jk3z)~q|DMrLGik^BTH2TXo(C^Qw?D5}??!aRgC5`K4o
zY?*PZYvb}gq^)B-vgHII@$6g6M3;}qhiL}s9!4cPnziFpP+jIXOUMEVqa0HGbK~_n
z9X69$`~<xzU}`IQI)^Ui<|wVKn~;fugar{+Dpmtr+a<U*7c>>RAhs7J1~_GtIabuf
zMT-9!w>o6gc(v1c>m=Y{j$z!AWmC!?s3YyV&{n4dOkm9rbs40>*|=VW(ZAcZG^tjI
zaIcr(Rsj}&4`%MD3wow3Pj*8$soq+~6P{z=D>-xF*YV1Ia?|ituA*4AgJrfqzpurW
z5v0WA8`wz=WtE0>l8ehrrv)v=TngV@`DTUMBzy3+*<x@$w7oQ0nlrW@&beNu(_UTY
ze<GGEOYbR?Ov1b9TD-+gQB1Izi@kPfEDK&7YAbwyt?n*ToUNe8a~0vhMHRz>N>+LU
z5d1nrP9}aTcp4l>y<7v}vk>=N4%2NeXc?{;N^^vrFCsE6-26~3P`j+9u1{G)n16!#
z-et66o=a^)XZn)(0r1P{KWHq-W1J<a=~pxRN`xj|@5S@{2p_DM$Z%-O|Mf_KtKZ^L
zp7@7<-|Xz~yf`>G*xuRR(Jxy>fs*Amhv(;~AI>iHs|_hiLzFu|?jG&E-j@huo+{N6
z<#?mVN*Vl$FH_e95RXL+rI8Z1YUZu{L0sQXoN0+vod&*O*X2Mxdi|DTKvhv0UIzc}
zoy*_osAvQB1Jo(G4#)3K-+uVBM(n%tI+c}w@AgruUs1)l`n^!Cx&h4`(Ld%NdE~2|
z19{;B(iO9<JhD}QWUIOv8ntPZED#Zmns<5LY5G(${@EO%?3G@b<o=K|F`RZH;{;nG
zUiZT8eZegimXp&6TFNFo0+US`41KA@gbJ7CLVfz_(_cqNKYkkSewvwwF)?HjA8K=d
zgIso#slZ01+v8jtL!c;EWM2iErkJFL9o3`Zob$`?g3hBYm$ne1(Sv0{gJ*F>ox=g-
z0=-FyT)`VPyxj`UR4@1LroXYJ6r2pE61s+nJW*cXr;h3}vqn5<^{zeQd;W#FNuw#{
zg8E^cJeUYbYKIdgEn>TU`X3?+d8My^QOa$T#Ph-8)wSN=qKC!t#6QP>Z)jX!fyU*r
zvhq?Ngs}k}vp&`pVdz)83+Pw=^Voh=v%43#<lr8GC9)Otz^X9s5g?WLTT79|o^I_d
z<Z8ez1BkxD4XuQ1p`Hu6<y%CO$`Uq^s>yH%#q|A;eY66)dV=*7^kn@oE(B<Qwd0hX
zny7z4tC}{*G@E<g0kz?g_=6dOD>%S`Fl|DwLE?S=#6d)sxhdE48SvA--P0OvHz~=W
zrsY^@sQYI)giG44rwN?teHNhxm8c|^LMa!cJ9iCQ#yi`48t)7Q2!XRZsDvf_yBNFM
zw=G*I%u~$mMol44ZAfSBBAq>dS4Cb=QqP((&fqJgJ<))N2xmx7&TrCqG^Y$-k#P1n
z*UbN>4T(&eOEHs-l*e)z#RFYPr`M(v#I|=3`zr~&Ja!R@4C7vf>7yTK8$ElRN%s2q
z=<UgSzxBgY%!VM+8@kvMbTPU3mvI3eX~PzKOu`$s*c!0K9Q($e)H+drmm;R)tPMwO
zsdFiF#J-IE#e9k>&%z&@*;hICD8jGWF#>Bt3R??O*nVB-|NbkGz*2)Oxa_ah;yASl
zP-tF@=20<(^I-V$7}d+vsMnI}Rh!_CFeZ7F*Ttr-OzWy9biJ0$a-P#gqpM`Eq0QFm
zcf#SCCvWZQM@UG;6s|IVckA`p$*1G9^UJp<N5}8aj~7w6Uc>KkSlq#yaJXtb_2rma
z?668iuU9-ZZ^rB`2d-|7@D^T~hqzb^@wsXm7VCQ@muuZ9PPLuH*QYqOL~u`0;RnVs
zEg&aJC4n`VSxFvS$)h8k{q*TCgP-E*|8?$Bk~TVB9;qbZO9_mB*R{K9H2w)Cyk{Z2
z3OdlCT{;>i@FDQx!mEIXxt&~tG(LPA!vJBi%={bjfJkA`q%G-fGiZ>20oHx0B-a}|
zWhI=Mc{7UgNgU3C`QbQ}S(|6dC0(k7v=*iN=5l`4kmcir4^QUrENL<pad%AZ%_s0^
z+~A8CJVe>Ka4!viU14)AXi19lwwln@&_l*$RuoY+@GC>u3U@u>DQ6XT$qa9GF4cyf
z(=2)pf~CFJT3^aYyJh8Qb?>^$-5y5H>D$8#P07K+5|*j%!NVYB75>?yOR3nd{c`xG
z2iL0*f*VI*RJhc;4Fe9{_IJPEYQ}9@GZGH`BSM!yYzXy#W8JtoE!5!k<U4$l*`-3T
zMW^eYjrx2O4Wc3soD-09iR@l6>TYx9UpnV$gC?S08m9eVn&ri}5G%mx->7(!>&FHV
zHy1P!P~a9uws@m8W(7XI=I4{2ekO9w1VeFhL%g8~lVC}9W%(I>`3B9GTz8htP%n$&
zekq!KH61{IjO}U=@@H~h2v0|j>}uN)p9UBfDBhqe@A&oa|HTF&u-TdvDvgS2_0078
zVUF-!y_1?z$C`;Q1QTP>3R;e(*J3z^r(3c*#?nNd`Xk0lfB9ET**1Kdug<5@c$^_`
z7(g$aM04AD#lB!k_BuA{{K;u6Q14wtz4028ew*!o)Lb~><z<<gVCFW8v8DJf#XL;6
zFY)3__&(Dl53hvUq3<1H<hX|}pkHA!xP?^55U%1#a3k55#vcl~=#|hnLw-_kcoQbq
z)WIyT=@O(KQjI0e`A*_9;H1;349Awz%rI7AGM%*I6!*;ft|Cp@BB#N%N)*}B(6~Wf
zAeWneH5j)q`on1!gJ(=9TiyU6@}^=(DYt8d97}YXG|N=%4tLL~=}*To9bEPeG8#{0
zpS&Zk#_Z9om+f&-*GZrAmJnn0iLU`BO~<Nkq#>6jOlE;Y{1fjIp$(F9vBQp&+a!I$
zIPixG)kGiE6}~V?(xeCBNjXraMpCk*J6hROR!V29@m$_`zBuPP*~w{_1IdGJ8$g20
z58$UmiUFl&$h%)~d_5iI{Y?}r8F)ZmBplwbWpi-GRRb%viS~nlarZY0=X5wmjaec#
zi6arAUXG@hI$r@AD}(34BU&QcBXF=$GF4VoyZ|IYwo8N=To?yC+eTj{m!WQUyy>Oc
zVJQ2dmw#UY7Jsgoa#o)eFVYEF27Ia!3XOvfArE|E1l|^TaJDVhQ(w*SI&{aVnM~RO
z(}>W3*GaIm2z9R`+kf=s=d}7BehQxHCd?_g&X(F1{w(C$`Q`9U->H4+k^qH@TLFn3
zsc%~1dKyJKxQo(h4w+Lv%_q?i|3hy&!HfvL9JQ{6kbh?-(KYsLWMC4gLz%EQ$cUU3
zWhV46Yri82H0I7$$1a079p2`YcVX*%?kt6eXWPBhTgJ49!ve>y%M*1}`)zQ-JHTx<
zgtu=Y_KrX2Ev%LyJ&42MZEui%Hno(N=*oF`S1wZJdJS3Lr^#F(GIbY?Xlg4>UNw~{
z8vdedPk)^-Hz;RQkj=H`2z;dInmr|6!LD_y?(H@4i;jcJ)k9mM#Qy^8sS-HGA>tR_
z?IT*j;T3I54(Y{R>!qZF4<c8S9dslg*a{r`>y$%rIXtACJu$@izL7Abhbde@ynRF^
zIE?iLW=0tCTfp38(O_EWN~UWjjAePKP(}#<dw(3Hp!6w&Rm$NH!<}$QCyuPbqFHlO
zn_Mg!n3H6LFuuyNH0#T~2pm;MKtaA&Q?$Ohcs_1?a=YOVv*AsIZVrn;gJ~SALc{ud
zOTqe>NdLsA_wwPgD<U^%i)--hf%gy3j(+ZK?-0B%)IqcF3Osjo9VKW3*sb!+V!8Fy
zQ-2=(@t2F>M~ufZ?o))TwsX)ML-GLcqHc&;fHes?UvMPNxKV3{`9m53sc<oCi15}7
z@!u%*TGIgZ5RUn=<yU%6Fs|y8#&k^*bPmXA20|ZVMr_bb4Yz?>;v}B7Vdnz}`3*c<
zPF08jkdsXDm06VE(pWA%!Y}#@Bo_1;<bOBxqccUMTMmsDj^WUn_6@(QCyFG|8J16?
z)ac-bEbw*60&#kMtwuc>0q;#{(Wk+hg>(U($EMTbI>nb+o8i{e;mtFSX}vZyY(1Q_
z8_viVF(lj|NKg)bi#fC6&TxcSlnDqt-W9*d752fAfb<)tNsKxk28p^CbtK*Zc7L#Z
zO)c6`1y(+KgE7%W&w+7AN3;SF-SrSr1mE?gHQmqDm4O8F0`#AW7utd7^sW`6s+^Hw
z3T#{xMC;^wL~*)~MM6QgLR^Tom#2PN{z<B#Qo}uQSS8f(#*7bacH@6ZquY2KW;2=6
zmUFFxCy=y52@kycD&tLchrE{ID1Tz=OejIp(7XVFY}DbKFiTKL(~K*~<^^~vTS1;`
z*C!kyT`g{kudA2!@S-*d7{^vTINXB32tH~Po$)}Oin$j!N>R9Wt1a%=CP0~SA=Oif
z7f>)0)+0iEhcXxrBTgRIM*|LZD64NFfk2}$zZs+;{S`xLwMp<qLIr}gn15_Ga+6LJ
zuTe0E|BC_yUy)|fUpdQ^Hhi3#FHM^^v5*8HAKoZjo#2ob)MsopllSr)hw4=zliG*r
zgf|#+5D$Oe6v;h!+=?)R>t%>t&*PlNV>ODv_r|;y!<oMCxokW-ONm0HIp|;>_VL8{
z4D8Q?@CM|5rHbK=k66~z8h>7!SbsrY0z@m2Lhif>IPc8C-GU@k98M6>0WBUXlSby#
z5dX8oWO=RNPVJ<ezP3d{FPurJq?g9NvKBHmMj{|06(=*Tl0B&zrHt1&kgE)pqnO7G
zFrruYofyd&DAUq{Z@~HR{%#5LmE7eL9Uo|SnYK?rd!NM_o~fQnD1Q`9z<Gi&%t3G|
zxaUo0?C>BdI^HdBRwLG3+_b7C;&ZQnul?04PN;gJMtRWDR(DHx&wvDxZUW|pI<VU#
z!-vOB_@2-BIkS$YG9<~=nA+RLm`G*X<pyEz1gf@acR<>{V>_yL(v-{wTa2av<ZDd}
zad0V3dNROA3G`SLg@5unE`&rJBFI8NuAvA5FuL>DiDl@8@(mzxuwT7Xr86{h!uYM6
z-4xAg*wf#~H?r_uyUs(!U}%rJ&{TNaTC{>M0EepguS^p^tmHqvDeB!^{)e9Dup2zY
z1Q7<v?s5zeFqsRXUKjSE5mU>7I9m70!ETF4A|EddNd!$$aDR=AFQH3)pr7o1yIrzQ
zM>qrK4Yrez{7(Pn=(rgdYD52cM)Z&8udeF}zJGG&JLpJ;I_x=*nj$Il2}jZ8&RPms
zz1LF1BO(D<LK~oIroLULPZ&QRA0aGpL-iR==})GiZnz^6pN52w$JeNc59!4aKg1e;
zBx*j+7~pafC4cWvn8Lgks<iH84g$xcBq}1NCzCEAb;HbQQ00)17GsjORp^*eFEk7s
zf18OCQl7;#rB|5lh}?2IN~&m-Q11;IVGqUJyCLe(8$#0z|H*TW8-ri9ldEBYO`RFp
z42^9Xg{f|NS=)lV?>3H>ISj3UhIj3P141+CChNfoOn-N2g&eAQ8a#WD6^dP=NwWJw
zT@<Hg7r&qYDV%Y%5L<TcBGVME`7pFweYMb0oxF|<JA{IZU(Vjv`Ov|N)(lqQ!kGyR
zC?}j`>E{`hee-BMrLhcR!uwG|qZ)>VA7r#b+y`2lKSPc}GM(T?o}%DMnwpuVMe8_0
z9h~JwN`FBeBsm%Gh|+7TrI(n_=u*pcGuL7XW!TyNeO>CXB*TM-;}|!nxz&p|n{@Oi
zpr2haI#ru2kK$-}D@83Pe#p38x>pndmt$R9!cTae4E(HbVi1m42kKhpg|Mf=@VF%s
zJxQF&5xyr71J%`e1X=RPI$4_<l+%J959t}Xwtr1L2$?Q$E^(|92@L%oUBc^cQoVlM
zdMC#h3G8A!vvE&K9$+(LYc7J`!Rl=C;Xo3nLZkMFLe}w7M`3*ouwlceOxaC7NmWFk
zT@bRai713WBsNZ4ME=1Mq_e}m6pLylCA%`!0qnd$U%A=2C0fZD%vWceF$B&<GBLn{
zOMlU-JMoc`+r%kek!^w?HRz-cJs#_xSu|2x1_`zVv$=yDObdaJu`Yp8?Q~LAKBK$v
ziiaZMZ^!9~$GgjeT5<^PEiob}i5A;+@&`yaeQHFni+WR==+1~)&(mGVsxt#8p4p;p
zIL3as<k}&V_@p$$CkaIjxj2|h$5*iG4S#I43G-nR3HnGi_6d|FhgaN3LmtUu=c|;s
zWIV|Tr#R4aAE1V45>->s^R*_2TsS;$zpTwZ8Lz<&q*3$K5Grq9@z&eWakr&nG;u>N
zs%#dqH+;Jfr(RjN?z%)r(kK^G>9gZu)`wj5F0xSRh9ljDCJu6&jNj%a#(^%lcYpbX
z^Fa;`0`UcL94NFXtimAM>a6#LY4>bHl(qR(k3CxJNXqJH^Y1_xUIns`CU_Sn;Wc%@
z3iV@uY3hg5DlT;e##_D+0RFZ;6pypxpL*K|#PB$yrqoREGfbCxJ?9-mx&(`c@#H3?
zn47!dA)iH|_71j#&LExQl$}{a27e>08QnumuOY%)GrC91bay?m`cM9D4+_jP_h8H@
z4(Ei1JmZYOtqvVguY5#uIFZV?+y+w!D6q(mF+bIViWv_CBhDZ4Tg@EVe3nBz@X#U;
z<PKV0A*^yk-uOD?4eXO}RDn+g!8Pe1KpscvCNBIc_Qw8I#=*3D#7hhw8-E?U(GAj=
zzu;OqNF?)UL>bJOCvniTaL^sw0El=q$Xg%~?&3#Eoys|XjD@F2`Qe?Vs?3|--`=)k
z7U|)X(0Aecsu<$TF$5tH5Htn1Y9+Jd%(qO^W#Mm;H_Av^L<oALC$E>l{8qreMCO>J
zX^hF&G>IS;<t^+v%172G#ecE@l7?DN69bFj5556;UL}|R{O|CKlhNP)pgxCK<VT3G
z9Xy3SONTK7I6V)k=k#)i@gy`uJa{k#kBDL`lgooJDFV}JEoCbtxi1t1(4++JCys>R
zJzQRIBQrk5PSY4%TrAoO0Uh9a7TQLG8_qENO=jLGAz6+(BIkS=jej^}M%K`+nea+I
zWqldlK?4Uo2Gb;sqv4DzF8cOw$Qny%#m@G3b?L<^n-v`Ytt}AS5zh|MT|vY1GKfPR
zfk{bc3_q6244Z%XMTLdG3|$+q-!y@ndXKeZd0>%kC)fXUia*`XM*3BlNnEB^mxCw+
z`^P`s`TqOu-u4dse}Cp#H)*0|E3mxio1Oig7Y7Fi+dDhvWqF=l;vcfFAGEutt4jf#
zpi-A0+%Y6B*>uILIcigcBXlVX!ku#Ltt)N9Md|3=*?|kp@@voL;z9|??Q(5ogleJp
zV%O00yT0<4RLO~}WTCe?1_-+jwz-ZmP&h)#CNetAl9PJ!|9|oOD$a9rI?JAph`w}3
zcFHov+_CzO(9-iSOe8mlV6Vtd^%dEi!^$tiAJaX39gK8G(REa8E=3)O(K}4$j^k!F
zxlzgHJeIF=bG0x^c(t2X3Z%L>NkwYXG~?Pii4M;K<CjoHv%H1k@bqNGbfDTKdBzNq
zQXZ-cy;R0`NPhu2<!e}5k}az`FXdEJWphP2$xj<n$6sqkilf40b94g0^As#<gLS|m
z)}u@bf!9u&?10{_Puh&y^YZ~Dr!4rugYBn&A`wuWr)f+{A>zLa+1~((j|babCO?vu
zL-AFi1^%29{94t<(o~uj7|Q=ab7*Y^M$eU{3XB<0=zplX%y*<eRrX5aF7u|U`ZM6O
ze7nPpmJ;xcX1(A=Wlx~6IO=&`5I*+nfBz>9x1n<Hy9j5cpc>}5|Lil~0{JhCX}65B
z^80zp3Wq*pL;wdWID2yx9PI7x;x!tF)Kh^M*FlZx^$h|1*Nm)^C~PyjQw<T`I+InN
zv(~OBD}TY#RJ@WmOFA!$I%iLtBTGa#u4}$YpW+2L9^##h6?U@9!SS{_y$Meb9-$sC
z8oi8v5(NkOhL%z*Ed}W(MK+tKo|N<emny>(a^+2k)>AOG@*w5JPHJ4l7_sqTr!qin
z42HHLjy#1p(hA%ea<?BJ02aTT;6S&q6(Zc*aDN*fC4YS6a;InrszxW@;>nI44+%YV
zmc~RyYK3e{ybrxo>Wb!DSCBra%%-J;HMXYso_hHk->)$o!1Nxz8rt6Su;4km2K``I
zWN{@ak6+k4jDLL($2|bJo>3xErG{maH24FAjboZNPs0r$j?6rNIFHn{M7RRHc#-tl
z!GBWCP(A7AWJUXfDBrT`MlamR`ziANg9sdp%JH{z7Iq{0f1K#i&3*grC@u1N&$f~K
zKUVJF3?TBL$82Q(8)g3n;&<X3*s_!~O_}Lc!aGPtG}Jzq(|DM1uwtq~ZQ@%%H8AS|
z+yv-BjzMEF*R`e>=%$zw{85<VtBdkm;D6nwB8>Szlz<?q;9a@2?=1%TEr9;sR)9Cu
zUd~~dtGp|-ujDCn#2_gw^E52%IYhzIs|-b;vSUNz5OcXZmm5*lOZ<UGtL}y_;6Ihs
zriv->$-hPXLcU9{G(!+atx!L7%NPUS%`*l}Bg!~RqVaSb><G<*Zoe6xGo8To>3?It
zan>jHYCoTi2Wi}l+p}iWfz6zY-xkNTO?}rBLbe<Na|pcr;WLh*$fhw*D&TEXsPQ~5
zP|k_xv*BC;?a7PqR^hB7+C=h7&)&*|dllZAkI40E=Q6nb%kkmAT%I1Dpa1gV>@|ld
zkFg3EP(pS>LxO;&@CoL|T*!!ve1AF^M}>Qq$Q4J<2($IkQ*$Qbt5H`jGCoe*PEBIn
z*$M7)xb<C^lE4uxcz-*WqNE@g7$UuuJ}L?m=UX)e{Mir>HpGK@;=xC+2gdSs3?hta
zkd#eYA(Op-6d6Msj8;f-`B@XV_W}zKVs?2+S(JE%1aRxEklGg!5uAP>SASC*<CkhB
zCG2dkEizCV`EVHS{8K3ZH_+Jk&h9t5t>Mw!g~9PTykT-bN^hS;Wmswby9ozmLrV%!
z38A@<a^<W~fJY7EkX)-jb-<pgj1%AlXs$oC4D#&mw&WNzg#n`Tc?tvhjF*0_-V(Vy
z)qaG||5@`9ke%R-5TtpJ>wg`ak&WP&Hr#U~LrCysrZ<BBhkDF^npb%}mYqi`Y$X4W
zid8DCjTXHdj%;NAkBk$w<cZG^&rGp<DcQFt(i5h`Bf}KD<Z45BSZ%#{XDc{0WnioT
z>p9h>+Ap^=RMH-Z&R`#+xdRfscYYV+h`TM>*CAV@X11hbMjCJ+zkiSi@sPzr&clW9
z7N(g)bBJ;p>W#NL!HbGd>ELFy{q5~7(lsB|cz7H_C7oe24xwTE22vx^DXNJ*iSA&0
z!lKy-+7rAAb~qC4!apb%z<*G1g#Tby-7?n0_w%d=f3T+RJU==A5PbJydnfoa{9o_g
zyWZ>9oV~+2{qDMW^?yUK^IbEp(}wWyTnP`)U31qH-nLu^U;e_;<lw@RP*ChD2BSNG
zm;@pjS=eB(Ya76Shv+qJY=B>Z^Vs=r%UjV!KgGvsmIMU|Ae<+ROrT(9giFux`{g(h
zlKz&4ga*%q_24T`l+cz@oNFRPCHXJB$*fg#Ll&5_XgA2Xmw#LLJ$jvCR~{X=1ZFk`
zPTJ5MHZ+HMngbaH_5ZW?uFGvJS%U8WehQpFJIE-~5_Pk;bR4H?S$l7F*_KO^T|GT9
zp#VuxLKy@&xJYJIR7AhRi8+5JVxF#_<m9?!A`=&il4Su9&@oe67Oz^la^<>wxz=}Q
zny6E8D|Qzcd4GNLgFB!5e}3nv2_f{v#}UCe2N+&29A@7Up&wMUA?{3K$C6!fJZ$a+
zG1V{jGKh}iU}mrAM<cXr&Crf7#;}w2@+5nk@gxs~NsQB>6>{AFfes(VS5Pb={*A7J
z*W+NTmXjD&mj7l$`~K`5T4v1^UO5PEUk7|C4NNY0N`I+Oq{la0cX#LViIKIly>l?!
z-W%@x3P#?C&v?7Dz5RxMM_F>-m};XI-`bo7lhK>C6vebWk6(4-y*6t*dQEFOuyzmj
zgpFI#>h=O34%(Hq5+Mz-++z2O&?mFlyuxw?cehIxyT5idc=Fvng{fz5AyM5LHKBz>
zb<(*g34hjr71uPAjKKEZ*3Pe6LOr*+Fjt~!o12PG4Lda~RYTM+*C)Rblrg%omvXWJ
zXyI_QtHwfEJ^9Rqkm^l;Q!7Z%>lUDN0U*j0&gla0$S-v1<4~^4?d?PSfB&)GCgkMa
zqjss0^<I1?n4Hwr>354_Hh_?|Ubtai+WWy=yMH?MfT&J_Ohy#I=V>1Z4Us5HSoh6%
zx8o*$PDELr8_fA8Ma3V=IzSmB4X^YD5<MB2^bw;l-xI0l5dU<%x`ByiPuMbglc(wy
zp;}RFfp?{SdGp&azVl>#DmLjV(e;pcR;{k4hlHtSc<dTnh1yp=?I=FN-5~3(vi#C6
zqJLtvUC>8DA3`d{bMk5=;{Hq@f7tB!KtnqC*Nmm;=1%;W1Jnwgt!KIXt8D3j4u)1U
z&y1fi)`gFMd<pmfKv4>xL|-O@n2=$wF_!|JTWA!4#d$fq0v(4l;Y8d8;kUUL+&yFv
zh2eB`tt6fps#t~rTqMRC?9>itH-R?;mVfaM()y>FF%>rK&;R<*|Ce+EwZ|gu8K~(L
zxV?EdQ%5opjEi5{`m~d@ky_F03cAoNv^AN+bh4(@nOX@@&_EJ~B7ncTiQ{E-xV2?3
z-B&hf4`>zCbGB}u_2y-j(8LLi@KOAO>MIB~)%JwEW-GO|AV^HWw8_L3B~3i{8-KkT
z#@vs#huhmDy*kz!9O5&V5p644;X&g<mOpJdFWXY_)rMSWq&Tqb+dw=Ot_D<g52{Lv
z;`k;AP`}JLOvn|UMTfb8xG9mrZ?%)yg>!u_G}fOs#wb@?{I6`;(_Mq*FnI`zl`SdT
z9t$r{=)w?#Fw0&pJ#J~b^|vVS5r4&+yWv8;6R~hJoMk1PdC;ThP3=}D+6yOEQotM-
z%8$%ZI$U#LdA9ly?f*a-tAV)_2UZmMSMc<`f!K1P<6Hqk9K96|kdsOtYMT%qk=w;=
z6ZZ5XH%s&H=^6~$zZNZu5zT-NOQT6XQz?72H#*qg-yiMl?qx67dX)QN5`Xbe^q+pZ
z1W>3796H8D>@uavYxD_xHj71$#b5NiLrAKWJGUDwK|*+=q-8jGuFjpo6)jaAYKhRk
zrl`3JY*`$_tcnQ86qkC=zg?Vts$cECYB6S7UJHd2pDC~NX(l1tl?OyiX2JDMIWw`=
zQZZ8WotAfPd98P=?1}^E<bTYClgE@Uy;Gr#TO!+YXX)5x9)uDpK24)YC7Msgu?qj`
zPowOCwceVxM6{X_jT}%w<5IZz;6Rlu?Q3B$)1FerOf#+v{_bs=?P!T)kJ;Pt1Ia9G
z<!2mF06@n!Y;MP;@hX`M`l+hg;=dwpw1T-<Gl)m={9?1PvBj-LPJg%7)B+{sXhwx9
z+;bORGj(ew{t-_&H;Vge$KX<NfwyS$Xj69RM|_xnd(VN4gu<sFckj}&!`PkMQ`MS*
zb*-1G<p5MPubTY<ggzkHAc=+EB@rgK<@*|R9|coTx@d^*jhC)<!uQl_q<HB5uS@-!
zaX~X=t@imJ;t#Vf@PCM{k<7)$ZiXCNz{6O-i0J?5(OpM$b6nJU#H^LmZ4KQo?6-`I
z8RfYcl|xg2fh6+wphhW9i7B;biL9Q)EgJ$E)C`R2nvDF2^xC4d^<*9t8Ka16mAjzU
zbm@w4e=}_OM@un;rlWW%U92DU3792ls?FScU`5Gt8H5z}D@X)Je23xm#+iN-zUNZ-
zrQj8d-<N<e;Ki%2*g-GP1idi5A|AdK>n4_7QwPe)ARQ$_U%5@^!nMil)FVk!VW6?g
zza3cn>L-^Zc>yDT`&a4jDi&rmv~?23cw|!g$h4L8%-0Pm8P!Fj!(~Wh1$i<hqf7v{
zJsOE!E(GUBfd`ixj6;LrnWk9iYI&L6%5vU#FG;utlMPzVly;hl95h|@Qt|>cej`J6
zJa09jGRXp&k!}bf9lb%{P!kpBLi93M1a!eh_xY**)e@0^7V!hvr(={#C4E4Rx8eJz
zs@a`6v$`FkQ~Mk)iWhF~ggRIk+$4{(nhfnEhZDyO?$TIIDRHO6kI`XSvRz-SO$Dc2
zGjECDo?e6PNpR~FXz<>Cr^7!_hx5RJTA3<ngO{PtdRj&5@wjs*IyL_3LR2kN^hQeq
z<@|5V(%b`o%rqncTx&u`Dd^j5#9@Ln!k;GXR=YyuU=)IqUrx!j?DVtg<0$JM4)Uk%
zK*MNK<0WrPn%$#{zSw<$&bqA%D9&%fvce5b%EU$1EI{0yKYtCSvjLdX5bf<4o9C1D
zJLz_Q#SKy;abq6v(Atv)*nE28lpwN0RpiM>f9feT`}w!o&ppZZmN#~p|I&>0Yys=@
zAhahv0SdXEl4}1E)}r&Z<CbAQJ9*4Up3v$HEcQz0m-u=CL@(;Oa1lEK0);RS;S<a}
zIr>QJz_SGB+xE8X#l*c%f+X5>co7f@aE}nMla4NWLYHfM0Udu#9XHoQ*ht*m)0J^x
zMO1<Na*C56Zrtk|PyBy^)%4b_aUcgLHKlaj!9^Whqz^5UO?NnFoW+QCaxHZX?5Gv8
zdITZV3b`l@C^v=B?3B|gq3o|=qYx^<2h)I8XUZfR1*eQW=IET6I5+mK8-z_cWvT_F
z_NrR^pVm-FIoW?W*VBn_f*D@;+}Qbe5#oK9xMDBZW@90$ykTRS&3g&y+wz{yLNmv6
z#k0igy_FS!W15Lu(soAadZoX^d-jv(@BCERBB^FK8+Em5iBR-D3|dQ{Y$F?^iB0=N
zv#y7aR<|>&g4!*5y((zb^ja*+e5-+5YBhstbCuFD-3@;`Qm>PCtf;9<Wn5XUB&?d9
zF#}@OzFFwPC#IjuD&aY#p(PT<<HDAX4CidIccMDiwZoLdQxe%&gkJPh-<l-Q7X1!k
zC%bgaG>5y!yNHz=+Wrt9;diS6=Trv`H@dBv9mXGHn+xo6o{Q3!p(O%8RyQAPob0!0
zJ0UqoI@N!5Qtq7FwXr>^Mc%sBP}E00B{Nnf4&Cc(xS6V^CIZ%^^3V70ng_KC%ADMA
zM;G)&jUl7&WZ1auF`gbry4ibZlOY;#yjiaytsn!vh8*kGwPk6>$n!TuO*{Ij>oC-H
z7^(+#^vHffV7opR6r6KDW4VQH17q~z?Dx}8!|i_qq>MfU*KS&hWkE&kdBg$td)9_F
zu*1!xPDGSR&!8qvTZ#WoIPHEznzeM0(F=l%TCK_T<U$l<<l)*lzL4!y4%<TV0+#?&
z1>jN7Xl{wVNbI@}#P4Paem(Ga!10{2D~rx2IMxn~pF!IX{fcn)Bufh40l1H}enY`m
zl-OqwNR{J4{DQ5po5b~#uptOEfb@ao!G#mL0{wC6`dg|bs57`ju{n2MMUK+T8<>RP
z4J`YtAV~yCJsix+!?+kPqB|abR<&eT-_6Pz^{CUflLpe&0q6cX-^D*!5m<i!fI&O7
zeK415egPwYH;&jked&!OH1Qc;vmMU<FLi&U6%yR-2(?1GNShF+jlu@2EW*TZ&|_%s
z+`$-|8)1$2(Ew|g@}BS_-AjgL_A9OYn0AvKKRV0F4wDtwz#3~QQ_vT#Cn+mbgOW~V
zg65J=TF%+YmUGnYbsMM9Q`Q!o=(%{xjr^zceF-st(v|zneQ@fkp~C1GUSpB6@)HU)
zRZ-~?6gE3OEzr}w!d^`XhiFrC+9jRPoIqsEjX3@Eb^PJ<{nhdL$@`N}m#5<o7g@M~
zE-yrQ%d#bcyKfg;Q_rzO5lYIOj!O2Bm`XVTIi+aT?cOXJLwOTL#>gPLr^0HEqQyzn
z*S9!-R~B_fj!twNUS=FmTgK^xl}X6ZJokLO%H+*cvq+VVd0CqtN;~;eDP4;;>MpBY
z2!it??2{y2C82z%XOX68`Ln4d;*!V;ZcE(TQ8Z6H*2NygGuEijQj&7RY@LKwvUzo5
z7?GK7g&c3<YcEKXv<=Cr)*5N~klK%;g~>L5`&rXdXT#V*Yy9&;w_O>tm6^`PO@=gP
z=Flp2cc?`VH;_;NqOIHkFH;4BjSm;CvM?1tfhOACFp87;9Il?@(}xRJBV8Jzq|F9e
z(DF1x&?o4(AA@Tn4MUCOU9hK`A=Z}wx9qS*q%m2SXnIcNF_`bIv%eAMLYA(mug*t*
zaK?-4+^xe~UTb*E%(-=^4t9YSM*>s`zkE4;Z{6;Z`w|MV2|3ZTpxZ!j?c;15tH-m)
zZdF73hVTG2BU`%JSwAAZwkmNwsf7&GA{WEfmtz5b=uBTSOwI#nL{X@G?k)Al)Td{a
zFC;k35KcvLfVMvc92G$xMjQ3M@n=?lPAMAV);57>0oAyM_ZIpw4}*pHH7%zCUGS^h
zp0`p{x0J3NS#GQ*V&!#;8`&&9JBD8})`Uv(cPFDgkooXj;b5$qQaSDLmHY9P*9Nl!
zdzr%QTeGD}M`7%A6h<MM!W0H-S|Ntf3PJ2~!=y0reIW?2qf>i{?d;69V(4CfajMwo
z+XGLSseH*O%0X3&EBm$-RSAuGR%A5M#%?Lo3Cpa`W4_0_zrXFg+1uV8Iy=8khI^yg
z-q3zMIvDQl9UScM?}<mYw`IviHVqL6`8@Ev;4bymmvD-Q!YRKMz8W}nzu3zlI@+WE
zJnMkI3YSN<6!COuzXrwD$|TZ%bfl;9oi1yohDOmIM;<4$#i6~x`Yk?Mv&FO9cSQdg
z;2C<mr&YjJH?RuGmg=|nx{X~yx1g$b_m7|yEHrh|#VM>{w?v*BZ2IixM%rhXB(i}E
z&qc~<Xd6$RC(_FrLp{}+LVK-(Vh=h<+Vmn9Cm(Tgs199gs@6;?np9YSQic$(MX~F7
zN>Nd&(rrQ|i`YP_fmHAn)3*{{mXx)1cjJ1FOp3y!d%CMQqZZcqy*6q1SBn&Bt?`t<
zf;^2iP?_@qZxdcn&VMORg}h;cNFEEQ<Ubt@TjukzDbL?Xggs`)`efnK^A`JqktG8-
z<qQ<nR4>v_o8rGLRAs1tq#GCL;xY_kC?vxzNXqIC3u*$GUM?;KG(%ZCOy!vbUGtGs
zauXg}n`Bzl^eC*R<zH1CylFG1Qg^T!tJl#mB{WQGZ<&ZWlV+3^>gb;Oc<acRH%P{W
z&ccCa$yW;p`yz|;GIpQ?10SOd?OtAffa>(_wl%X?Q8V^R&ES`RdE!q=B^x5Xn&B@m
zSX1lCF=R$VDd}5t&%U;%H@1K6WThXw3uhPyLk|Y^$l(UsdJNL`Eb=CAB>Z6<cnzsk
z7y>obUI{iE3X~!UxCy{Dw%p8Er;jJ^PrrObxW&h4L8-wOy8bJUp6!Y2!90)N)U(}1
z1f9WR9F*eUx?$jd!%!>y_Jqd-UQ@=kHUWf5CqOwKEIFmgrAk=~hkjwrNHaJx!aKAp
zp%Du!x(O2K*oHfv^|5@@0~~Y8nE`ucMea4+Jrf>>7YLON6+jg_L%r3@CKo5`QO)h}
znEUaVHys|cnP@varWlX8%$^R6=z&qY6J{mmj<~A=Tf|L&dR5VO;l%dLj%`Ty1m9eT
zvQn!7oI)-fH_+@C!y{p(@L0OBLth+>&q@MR$>5Cnc!t4yjNe>1@$i_$bt6J2Z~}VJ
zDfSF592#=$TawLDlBSH9T!4<#*<krcqt}&|M~Wbw)V7;gjvfr)7qfao1$c^&dZ>St
zXSt**!Mgx|*Y&)Gl*%N`g_KMdJ=?#$mP|=yGCOyspl^A1ldR4bSb7;;K-CB=jxj-G
z;Xst+M#BHN6)KF+;-i7>*9pmV>!baBIOcK3=4S!rZ(loonBDTu77n!QJ6Gb9Te1eF
zmVw49l!853BSAC2I&08bgF0A)$U0};{Me?=%xY(U{_WYmzZ}FL;Sg4&dtj#vmsq!c
z@I>aHsA@{7f#>E)Dw8C;hZ)Ogpf+0TTob<0G&7S?Max<P+@xv+l@e40LQh)CzJVY3
z&YfW-`9Z@@YW000ogoE<`O#U%j=-?y2y917gnjHewx28yMa+9k*AJ;BXfT1}CnuiC
z3R1)wp!L+;+tFbP`P49=!YD#i*Pb&>B8S#&Mwb_c0Uv)mXkv1C_UDsNSKMTwA(`WP
z^Fh>&#xziaf>euU`}GvCIAXQK7&<wVaWwJ<DqEm+t@&Bh5%dCvwlTw{4S!hz9c_ao
zKFs_{N`V<0g2};-P*+eq?oFv{EWKz2Me}S+9qJ?4M8)h_pl1?vN0XG$Bzm>;T@b)Q
zl>#Lv8`OWDEq4yANsGn_ouB-6esb~0aC;BA5?Tm#EXy%08BdfZ+Q}KUT;+py-wkO^
zQ8UD(n;i5*D%}c|ttTpAuqLsw5Dt3+`rIHVo#j@rJmyr&#l*c%f+V%qYCa74baI|h
z9NW`x!u<>9_S8vldv7uxNOe@X?b@h3Ej=<7-Y<WQePVuOYJ1)~6_I2Im1-$qGyHP>
ziW6RFf}LwkoT&|QovBO6|C5$ArF_^<Fr=dw3Xl#$WDtT<X_9oTmhe<5%_8;~5iuD%
zD$E~)aGZyAqfLz33lN?}KbXKE5keIT=MzkV85~n^bjV^7Wk}Q6aNJm;6~an~`S<}?
z-S2-Zn4X5G<P`f_xjuC}D>$Z`VpOYTGTzjy#GtpOSC+%<F}hVUHDPCa`*}0lm5J_H
zm6;3cF7g&I+Y7L@o*g@>#Z|Y_wGJ}E8`=2!>5C9zaqk|p#3fsdgFnAg26|=v<DXWK
zVIXY<`l&!EjDuUJlNO2eB1=!#tT9Jrf+>G!fH22#q4y3p(K>{+L{{0R8yQ`qJ*jO)
znNig?qM2-^{}nryb}<d-(e`S3t@-x(o9A?UwQhpx_UZ$b$kzOdf~^XIED8ZRyuphz
z5lnvBsR0>Mwbo@kv`wnT4**1X(zJLt;Z0k!1ZU)Ms(C9lgDUq)UQB4C9mZj)`h9-|
z>V49XL}aaDgmYT$NUlX@rvQ4+pgJ62rq4+kM%6#W$W3PkBFXHfk>7UxWfCKwFfQDt
zPr)nP%P8<QJk=Bm2H|M*lWd5BS=w9@byF9+7JArh_P~ganj!F)z#!~$x%-^YS7H%9
z1lO>eAI~7@`>0^fOMBRY@#oK@;r4$%f(0~$&RX6CzH=qq0K7oVZSqfEjSgg!d`zpH
z32TU#^juoNW^9R?Q3c)9mLGD#U%tN9vwp0Q0+{FL#)MLmSfvqBL;)>?u|_;<gWNPV
zmL<DDhC4S4?))eY9eaV#n>j#vhb!gQuOSFhaKN%7@dv<9O>y08&Jg&P*5rRdIJB$>
ziYgFcY#1|ItLezVTCDEhwJ}VK1%DkD5uZSVfY?>1r>0YXB<d~){-nL<Y3*54no=2S
zC2sHq>go{I7+Ten<#avT2kg9{eAbRj{W~Zss?I<N>?*U14T5Q4E5Tf*D5<vxyrva$
z+U*FILasp78C2RMa(OQAl|6r(g^+gu%X<2rLM*&IXx|3VNf{GjdAr)Rf!JWpN26b>
zTJ;YECox@+ZTF)yH@cZkD@D~{29=2`Um;K3muL(98j_`OJ8y!}{X2V}?;P=}(E7zQ
zlY+lo>qBekW;`5pk@L*;@yY~><q{dN>EnTPKad9r{Asi|I@sUe-yVPM?8<2%=<d;V
zLo`8mZX|0fWTI+NL8(l*1*2_7Wut9UJ(g25xl15vYD*-Ro`8`fwxv={S$yi@T~ur4
z&ga5P`f-sT6@=QH5PJ%@LySlmw!8R8+%Hx1yqZHTgH*j918%Cd7xxXgX^AXy+k3Bc
zauwc89mu;H3$e59YbSq|-G*@JOOhJZ2!s-ekK**dz7yrB8Y!XH?J>z3$@GblmqBS*
z@>I5Z!eI3+VX}s)&FVI0W@Dx|#IyU5rb5H7-j*w(bQ0lAG0y5O<DA9`8B~RaO7c(0
zZ?%_6_^KrsjqM<-{u~T(Hvnb;jKvz5UX?Z<<+OC4MG~&!W&?lQ`r8*O6nhQ#tJNC*
z01_k$KA46Mv<lJw7O8a>WOC;=+&93~E@a{HbF_&*Y(g5Mg3ZMda-nE51g`cxbQ%>7
zHyF(t2_E({6bey?k8uCZ19dJoL&VJ|KK5RXWGn^+yw6S;VP}X_pX>~#9CO&m!A97J
zVR8$o52O5aR9JsCZW|bKpo1Zt8h!<ZSO>}s->s3@CDR)l`Ugvvp&^&`I}+sOksvQh
zLF-xeH@Zp4e6BRou4bh3YvC@Eh2=T^wQxY?T4>ECW#NfhjJv|ojHWlv0ug)hCbn?X
zs4AtgAmVq9h#3j#C`UljPjjND9Y)b|`Xl8%7}4NH{@H)k=dx2q34*!Wo+7XiN^~Rx
zArViQk0?Tf7!XIqK%fdE;j_s{)IiCO{AgH3x|IBYCBCsERj1ZVYOSc%@AMT<hoFZf
zJK9cloUE(6xG+sPxW>Z-dkx)S`&TDSDTcl6U#<6FK7Tkp9$%hZ30D_?Iz9W;3IS>a
z$gPgdfv|s|3y{2g%25$(Ad?_eYJl&PPmm3i-JiPgYCxxfKZPhQh+^Bjg1eLh%bi_8
zY=l413!7q_D}_hsFRMaf7#^u9B~qPSj?ptsrm;AogugOW{))wZ4_&ynF2I@L=@gVf
zNK3wdvVMKdQ`^S$pNKFAo`6KY(%VsMgqj&kQNov}jR6>cv~FLItRCv#pLk=xqyH3d
z;ZaNEckdQPPeY??&^v>>zW4>wL8cplHF;Ao>bCpiX_0n`sQ?c#^(jj^INzZgDZT9Z
zVUbF0BD#2x_XCYm+N6rdtXA1WMC@wg3`s?ax7Vj_5#YHq#9oJ-3yW@oP&-lBJLJsR
z&UPQiHL}cqRTEa8T!1;Sh&>#7NtS<Abiz7_q#=3GTEillOlRt@V>*kom1@e3cmY8k
z@I4*|j+A}Sh`Q<O$xj84q`~^bDUu>Hh#bkMz&wqC88HbFgH56ojFz7bZgENv^^ilj
zvmtue5hKqm@OQFq^A!_RHIn&9`}<q1v?%v^e}E-_3I46r_=Xf5J9uOrJd!cLMfk`^
zz24k5Qsi|JDFSI=EW;l(wF=*1A}<#cX})&W6ApMVBO(`~j1c+ei1#q~5O8x{-<mmd
z9A}8$B+(&M;ETh=XMkBF0k~~n2a41W6hRdz#Y7IuD3OB=Ad!QP5ovzSx?@B-Mx<jz
zUH~J1LWgu74-_k+VyC8<;c9V^QB}H8a~z~Hx#(r%1Dysz=Z0&>#|H`p5kC>}aZLZw
zT$!T!@j+YU_%H$lg!>kxT5tTLGHEsz|ER}49+mFnk<|mWljO(ya`NNgnZb|x?%baO
zey|0o1NBj#U0!SIqiQj&p*}#FvdjnMu{7d;1E)ORq+?H7BD<GDfK+Q8)1HgkpcvbV
zS4$Y{NJor;3SS0c;KzYHT{J9&r;l3H(gA{dn2B;LVtlA>bwJ3&zx7iBA-Iytb^lp3
zi18^u8wE*iBZ458I@KZdIoC_XX#ETw&er#}k=)1zoqTJdiyaiwK_MCxa!|yC9CS#3
z$V)~-&<2+QAqOqxLEac6W%weXD#YzzRBfGJoLRf0gM;A?j#+HRrs$B6mxqMBC<U!2
z381JD7J0A87WdP^F%V{|W#J}sX)6$jgLpoSYF#M_5m}VLVF**<fKG%f`c3Z};&|@0
zJ8?a{rA)2wg$bYDIMZ(tK?C!|o4cMw2h$!)c#$Q1L^ojOxyTW1m`uUgAs#q$Dq`XZ
zfaR=XMw(D5Q;Ls(jw$A+x05Tt{0&hRJIX$DSAXU}O{s})g2bE2m;I0dJAWDk--O-l
zTTvkO8jYI6$}V2g3M65NuAWd?pkVSCb|B4S9fcEcdiM|>?U*9O({Uzt<XB(MKcr)F
z4!a>ad$J2~W@JU|ES4UmwNz7nvcaC0866#2%V3#!sB;iJiu0i0916i7S^^Xk!#h9W
zMW~kyzEq|a*||xXp%If{#(xZ}@E*M@&$+g}E8kwo4(gYnM4|PUF=rQaU=O}$nYGfZ
z0RSfdNm#wn_M3lozS}|@9oUy#9T=FXRoOU|K^DN`rX<_jbSz!O+2>)3qo5v<K11v9
z!%zIU|JB;Ll&KWi^@kt)JifU2e0F}RJ!*XE@#x*o@$UOQPB*thzke>A0xJPPBJ10Z
z&LX6OKKs-%DM`rSf%$FPo5w<X#SR-{8pmjL{<kO~s*Rj|v6<&#u&~J3jfT&9@>M9`
zGp*{affOc90ODzhJdU}LRWd4w(g#qxjg@~sNn)7oRkE3PwQYQ>P1rd5bSdWmrGclq
zk<=1tZwCK?ZYIka9)FT8QpJt8ruEHPMQJ<x2VQb{5wcR-HokGgC)l;4vR!NJS+QBg
z<K3q1Htln7+FIn3Yfa|-2B}fr({D}JdBB5$VKrt^3QL*mlQJ~-lG4EF6n>sM;wgs=
z>0{%gbKIu($xcKnQZnU@>e#M7!{{+vLBR)&STbwpIEX~Hr<XL70TzFw6W;{0nu)a;
z@~bacMX6ZnR2^p09<p#3^^a637=1BlG<BGdt#*r_jh@?K)~RD#*Nhcx(uA!+H(~4L
z5^?JAE~4T}%H4dzpM4rw$K!t6aJgR%Tu#fSBann80_)iJ#aFg{NyCgsV{0@XHDlv+
z)Z7cC=3bzl))R)x!gGI$l2fv#wIEYUaz|JyKVM7BE#NdQ$8&|Bw1R*OZWG}c+NlGK
zg%5AzxqlZn8=5Y499$hZxV5C4SpHC~UhJ);4v4iYR1sTtBK93S94=e}X2dHZs|Wvr
zzX89BwUv$rhxZHp^}w4!wy^=Av;fXFwhMAwimuSSLGj;Z5;uRQ6G(@!ZG^D3f*pD?
zPOTNv+WncNmFAy32DW+u;@!i(X~OKz#jkFdIEq~%E2fYOfFtopBvdt;ud;*^OCG8C
zhFIomQMKKw*8K-jwU0q~Ej)%NLe+kK1gf^T7FFAksM`3}S;MNG#j$;7=TJ47oygXJ
zOhoPd`RUh_^NWA052wc`pDs?yNVWH)lbzpof3Jj8t4zHNQcbh68myL$0`;2tpG8Et
z{chAUk^K<1RtqMrGU2VOp=aA+r~)LE99trvETi@y%*EWlYKN)~nu!RH(wOm?`IZ{&
z-I6Vez2}N`v?U_q&PsY;qznO2So~Mvk4iG6Ns5+8E(3q6{qWWme~PuYe<1g6Hha?&
zsdihoo?EsS>E8NdYU##)Ti`O6;cA;>X+`f}_V!SyFQDNbOmyiLiZxJI`qgqkTJBpL
zwythpyBT|-!_hh%t&Z}ek{k?s`DjPqoH_{+6V`_oo8%+wlnz4tjrhgDVzbl?L3h+x
zM~&5k8q<HGnIdp3lTkdBU`fkZvC+29ipiX{Y+M!i4opmv_p1k1CXGF?KA&G5kI&yX
zW9M|(*vrGlUbxEE6C=tJWa0r~VqseIHE{Ai)O3ZJv2bN%ZP@dIJ1DFB$-)WA$frOV
zG-Gq47(1}Z7HT;6K!Of8BL4L7wv>oNWwW+Kym)`PgxTjaYZgos{9I<w#B)2ytnQE*
zbO}<LA-6IX_XZ07f<KhmFl`*)(K>X^H#CFacVM~t8=0-GyT)hD!%;?k*xwp95G#gE
zHLh<3mt#O;IvwVG7k^Glg>@X*V>mDz!2`foYN1*Pew`q*1FRv-^2bL**28XA%XIBk
zwWNOlkw9+0n=oCyqK$!1@0WB#&0MC`$1`ry)5~C?{^Q?|zm9fxD`BB3TNYrUq?J)c
zShK$wS7IIs0JTJp8}-R}ex|1~d3=ee+cCOGj(_Wh0Yz!>jCgD6IkulHX{1`-kLdBF
zHJD=#lk9RPzdt~fAg8&7*keY4J3a06v}!%&oKUBKpPhczOh0X3p)t1_^!y2XOOHQX
zopwsQvC`I|g<WMrc`Tr%=C^4m3+rb?Ql+&AwB&Xd(e*zHI~uRMLsD>n{qu*BF8)Su
zON`Ca!%_6U{IS|tK*(#&W-feV+p{891dq;q?m(#lqgPDZLkmD>6>zg%SqN~n6AGeE
zI<(Y(H*1LUc0^T2RMk;_U(<8+Jn^7;1XTWNMOK}NGghDSG*1m%Gi2Nlm`bng@{FRR
z4y}55Xq9wRa9<fP)j#gXE&kayuxgY6t2nnUIThPm-q?sjxKngY7WQ}HsL9!`s_Anx
zHcm%Yy-2d^MeA%m;hECrT<LP8t>f|f9<76ayAVd1X8GykETcF;_H|)<Z~zEfefpjP
zA@QVdj`)Zo@~UI0>Y@%0V5w3C;bD{+t>}rJYV2TrK&AUo#%gDzz1|Xz9yI_9{9(yw
zbo5oJ<I+ebq@%Ao`s%0AS7;870J~agb`5$0wnBm(Z}qdvFZ)$3>Bc>@){Qo#J_BNZ
z{lnrNWA#egQRVR~;}ZBYcXFs~8JMqPg97&tzT4R1wA?w8>5uWd(a!Pv-My3F_78sl
z<Mo@<fBSX23O21m*)@VWt4uy=*_j=1Reo|K*-&bpc+_XgUdGr+*{H~Enbo*<i0#>s
zigeS9;N=mUy^<DlHQ4QS?|D<1h@KdKsUZDqiR>!a^>#izK}c0kt=G+JDc-2BjKJ|w
z&AD#Lx^&yVuG_vAsnRB}R3y;1_j&D@5XI8P!0-mLvj`tWPu=?+R69&gq!!L@d@87l
zzKw=e6@N?3+F8A<t$eoc*NlzOaakRgRY&>Ncktpz`#Wc;s33JHENkJA#hr$KOn0hr
zQ?b<VMGu!?*=XeppGA1d%@A)x=r=A^biCV3<lT4^6*UkWYrfHuLBh0+blcHMx7++g
zE}GV*d5nebVKa72%|JKbxwauW(h%X*6LfpwDqBymNpWs+{GSwg<_Zt2K*0h{13!k8
zz11sR84;{HzA*Ukoi)I1>bc^7KSR1kgqV@hR!o@nWGW{Tg>Li>I?36KiF=&{aD9+I
zJGu{r>-e{)<==SOm_oxzq_lIHhO_-urW{UV@ouTft5h(gSUG(`n;KJ>pkUaiB$LPh
z4YOSzKFw4y1TIO<n!;RkbXrHJb#$7d(=zOh;?hFlR<BB-v?J^-O7`V{&J~YO;KnYT
zD|k88TS=4C3Nh~S$ks6NePGgUKV=%gn&KH~{oBRar-$~5sE5g{7E?Q@YFSfEtrSoz
z<u%t#Onu(UU}e%<H_5QLkH_h!uj3E$T77Gz)Ci8OGWnFXFKN+65??uT%nG|5;c3zm
z0gUPVG$eqBDTgH#C&$5ma_Bj?j)zC<VR4qCeG(%djm#_-Xd~H#T$*6lUna4fz?2)x
z^vp1HWg<Hc!qAz<hGa-4lNI1o7;4`$nfJCHlXxqW;ki?<rdu^QwU~aMl6DCv5fe8E
z%0Oa9-Y&Fya>y>|R3DT|PT$2*X`w4ZQ<?9(vm-4HI1C-^&D@ZG{93J{slQ?htsrk^
z&^|`K3_+($u||+PE6kcjYY!wKknm&khR2Oky?Hc;)eNoZ2%?T4s-ygB&Rt|ci-9FU
z3}rW(A?9|l7kFe)_q~S$7_ih|^R>T#N<MU86rM1xA~1G_+xsbju|xMmuUvl`EF5d*
z%x&RvU;woJ3aZ(EaP9_BM{CMPsTp!HPy8um{2L;^IzksOPfP1rJ~z7w?U3v2<RA-{
zKL_)0m>SD-Cw+A;#KXcsKbL`QGlZCh?M-1~4n}#tf-a^mH(vd6x`kDEH{wnP9Y#@E
z8zBtSTtA^Jc+=3Cxv?Hr6}B1L5r?dAiv<;56a%p!i48q}A=DyTiDh5NRzGp**ygh!
zk&Ao0$6D8?f+1!F=p9tLpee<|R`M0>`iV7NdJd&|<P~>s#XJ=tT`)rHha>hEAhMml
z`A1_eOtL6&@?j#;^{pG>TdFBY|2`Zqm%|HsA>Yjc15I196@uF>5S$;xmh*jyHRv7~
zBO$llZE?DP_zB!B3+CcUQ6j9B^Q_7IDsc=p(gme?xB#MhF7<$R3083OUr}LkU|okn
z6kXZApV*!<<_mE~+<2?2(1E^lhzp6Yd^K|>@zv7CHxMt4T>lCVd-1OgBwY`4T`k-3
zy1H@?S!!vyvB={?82hMdJSAf(d7D)_Va<XGB!X*yW%?_W{kby@!rVbP4+AQ8q;r%p
zm)<U+n8v;3GLZn5X3Z6TMg0YkNY2`D_7+Y)e*SRw-%iw+4tk#Oy?uKjtF#cN90%5i
zcqX4!VE(N)``g>#rkm%0HG0FpEj|ydoqc*(I~GI?0OOot=bwE%y)=UX2p&V{dE5F`
zxVn#jL7)C%8jXK$Wx_D&FB+cWq4f`ATm6%I{@!qz4mTO9*j`H{FU!-_0#((S6$GkG
zln4hKQ!f({<E!Q++Jv{cI}NUuBA&Z?UaGm$GihihJ?v|6V|p$Y$;H!*`ZMHC@Or_m
zOT=tsjfNs#nIw?P5OGTEE*vS^jOF_d@8Uv#??KLpv_!&XJF)7Sf|dH^aO8t^=FUnp
zD@bBclgOGl@tu=q!%<37cPNpjfir>RY-WK&LGsj2gfwsSRWx`XP*7H2p@T9DJaKO9
zTQ}%h5<L}NW9)k&b6(0p>f|ZJrLd<?>i5xhIkY~Xe0qQS>G!Mildq>If6d!!0CWm}
zKU%Xo&>xNKE$W*HX#_vx>(C@OsOO6Bpwfb~1oK{~v*O*1?>ccvbKztX5?k^FIBpj&
zRaLJOHAGz-h5fAYJ)0rz4hH%$`JHq8`3J@rb>e_B;m$8!d{mG~pd`XC*YQy^<Xz*Q
zLYw3gjw~|YUBjWLm%liTn<2-SK(_6FNRJ4Rgx}<$cTZcP*Beo7hMV)=nYs({#%I#O
zdC#5=diL&IIyY@2+75K0&B#FFv`G;#gK%zy2!lJgf84a;V>N@?x`BB=BE6TZruC$m
zvQ(QXcm#<+@_Y|T<J_e5k+w*d%OH%k#Zh=vB;ra}SjH%J@vb|JDucg3cH82AntC@9
zuMR9*39E*Q0#h+!u79u&;39JRL-q(_YK>tuH_lGLGv4rTG!|3rbMuXRQcwB=ZRj1T
zkxXD@+FErp@BZ&5P&OU)_T$uBio5~FW<>F_k_nR10IycaX}1*MGN<L;rnjym9*}1k
zr8dpTyUflGVW$g=a`0gb5lOj!VxQ_;F~Z>?kXlybLsW0D2yY?Vw}B8blvKoP;;v)S
z23j!Mc~fQeOsCrFik?*_pc0~p+M1SdMCT`$r{^g~R0IeeY;Uhefr>$(mIxg>K^b<L
zD{Za$^M3;8ROBnPM4m;=M8&v7bp{`a1(@dL+!-v+WF_75v_&lAJKCXtkbPNqG!S_b
zK~*P9ohC720$EEo6sBxs^)LWl+K8ue?8~?EpSgol4eVTJ&VJ0Cwd60?X2-2*p0oM<
zIDKa}B(+#;UJC}J=`wvwUTmfj(GyZyxer9!`m<)O>7S&HgZmWlRB>U&wQM<afOt_6
z6WASO^@Hba2U&HHRsNfQ)^}#xSIjm_@9q#o*v!l}@emAcL$lQkao3;o!PGdNJhI(Y
zvnKs?2+&#t$cU#T0%S}V`y50rmYP8ktey@L^xMV)z1CTvl4N5d!gndj-e`LuJS*|O
zQx{{arcoCi9Q5+wpf>1jJ$aEVE#!a!pXQrjm8}Atz9p-tiiIJ6ER=YBD}5QpWzbI7
zvghJ0X7<GO+?Wsn^qKBLml|gUi)BLRWQP>h9w{o(1UnW_nDI%z^lZ?tl>M1Fs_S)@
zC}K_tld$4DtbY??i0HPSHc&*xi{y|rrC{ChLmfYKe>BwbLmSEI2l$~9lh!7ZXv~K*
zT&1S+;^WYvF!8N_Ng%|m3SxE)<K>`Tra1GLj`$xx-bAkTFwxaAMZZ?15lvx=DihFS
zn4*i555HYy8x$3hMM9;Edk^hz*MTXjOz6NAl?NiDo!z}x`v+Dp>q0(rExtnWyh!G#
zGI^FUN3z$5szuhTb5M1M#*5>UDnDNC<C5;RhOe#OZpIvc9$6{2q_Q>bvyq)CY!a_j
z*<b$Dyi)OwZAb>Q_T*Brbl<Wu{Mi`O`cHrTvzVshkJad=&uLDcQvZBc$i4R2w5_cK
za6V<x9Kx=npE~-fqo1CLema!Cq~e~`Z(cV;zzyM@ZfTrfX1-rDMBMRCYk8-VIIWO;
zx(r|#Hz)poM06~UX*wy6%yYSI6x17?f}%pO8rBPxnCzmNDF%~+gPk|i?(s$LRWmkP
z&CsZ3QJFPGqgt!X^@L%vycF>WIb6y}2S6quw5PFta<5s(Xdpr{af%TB#FGMJIbM*O
z;oOKg6Q4j##4N!-(;%m2&?obMCN`FCLpS=?%@nME9W*61z}C40Lm6`2mq_8#1VQl-
z`3eNlK~5dy^ixFEK~9^=X}3@Fz@>5FhG`ZcHXan;OxDT9?tKOgHK0cV-^n~8PAxct
zun8-~9h>%)e*sdJos`1Fhc<}9m<z$exEP$viYF!wjCo+UiFz2|N)e{r?Wz{FAqZ1-
z0+Ka<X1j3I+FFw7aZ}bzmT6~w^Q2K7P^an^=hQI9I5w_`6f<W9noHOcNmVydt|bDN
zwSQ2vN{7c)Xe!Yg00Ee_T026&pe0fmlP6?|K@kw;W$X4yhy3YVY_FUa>*0|!9R$zl
z6`1tr1+gkL+ndiA?2}C{I{%ow#QR{cd0?x5J`N6K?l1_T8lzKkZsT6lFGAe95#P}h
zmpah;BttN3ku|I}sDyLrv~(cv0gl2WX(aNv5Q0XRg(R9<H?YHp_wYk-1&1=+noZhD
zFH^!5O5ld@i{{Oi_=+$)z;jiaLBCY>vmmQxC|*Y%b>vZV$fKHrF_MJISg0e*AZD6>
zA?lU@G8iC2WEeeyl7aO;y}t%tc(}EShS@ddgY8OJLd4{DIJ;Vg!7Q1^klV!k(C;T?
z`}y~g)eD`u6FUAB3R9$)!JMx|H>A@_%`ljG;!i1C*AVg55rk=@9@mp>FbSAly<-p$
zk%}CTJO@}Qi&uo2IoX`~pcR>=Icl|kZsL@&z2I6!<^aP)NeF)f$L9Qg^eNcv$A{lK
zw-C7?1;f+Job<`!v`EA`;m9O-hK2cf^8WP8M?AWy4*@iIP%oBWiR;eP3;}N0h0X%=
zTOz0#&O-Nglk!k4G^;t_jF7QC<B@cj6rvm&3<K2yl!0|>E#TrJDTPq8tdT%}<)q=e
zh4$j8WXhRsee;96R2N*Ov*P_cS9~M^8#ulUzIZrs<1n3|W=AptW=L45P!e{4PHpS`
z9ia0VK!<(*5|KeTrfw@2h)jv|$?`ofK&rcsz@Fd%K9<`^KxKLr0pXPM3pLb37;pzJ
zx&!Y-zD4%b=sB;hUk$AB$?vCs7gxWZeR#h?1*RT`yIQbkRFwuC%QatH?^nuz1rB=|
z0|8Cc8ylkZxaV|u2q$?)J+4q`p0`L;on$k}6!h&7!iLXyAYdVkd>9*|uhS`7p@_}0
z=i>$Zux1rGbOq&4_AtYT9;s^J&NB~dt8P&;B;0NR370)Jp!o`(KLyr*f}#i7LoJaY
zcILW@+-u*)-41<$t#@|h9PAApAM(K>JX<Zr{~{sSi&nmH7GrnXmqkN5g(-{s_4luT
zpB=xuwEsFw{@cHwkEV++Z@Ha8Tg3SUOq<?cw}w1hWx_3L>(z5)B@9YSOChS6Y?*;&
zjQ%~1zwGq+8+IUm5uz-A?fBIb7F9fCk&C)B-0eTO(-#IhT90Sxu5mxnmPlCl7k1Yk
zMFoi|hz;}ESIB6Y_V&}+<<(dO;^PljpU=<Ue>uLS-&=P#t_PPLoF!f~)eL-_+~P6-
zR{2n{2QXQvscSAd8M@ckPFS2OOf5=uV=o>3N+>S50t)5pxVL_P55JCiPjCyLyv1eF
zCk$rW3vBW3!vmFaF$rJk%&sz7IH#;&Wl&L|KI#Bb$A|0ZIb-C$O234@@3Y@WS%BPE
zaig@EJ}Qq=rCwe?`*KL0J)5~y=S;tGki^JhMq&j;7(Ep#4!$(c%d;lVO8m)ef`m|g
zs?yE$=@RfDZJYFe&%>)9Qw$u#Ks;zoY>*t)ZlHAY+v)Kc-Oz%_K8Yg{$cuLpe;D+n
z{;&W1-;otfgXI(E;X88d9%r)|lJ2OnACuoXN5_9)P*EpfEEC`S;>AZ9pE8Zif4Pp2
znjvqh<U*^5k9PFUsgu&`F5!K#J95J^?&svdk#g%#-_yB&fh)w-_+~6m%^^yImDG~n
zN7+VW+GEWS{7XP8ccotkT*`at6a8W@mPghxpfwi?fq882v8+#c5hH11^c?%Gn3u?w
z#@Ys1zAl6;%k!G4G3;rUu^}j0&5+7&=;Dt^uO&KLPrgmzlb94b76#Uht+AFK&102X
zHx}KeBCwu+2(zLk9A=g<1=Z9wvaN;f!P@|OBcB(&vMwP|7M4E7=jypz=mT>d%1Mn#
zW@3h0OG;@U7{=~g_C1>gcYYLyj=fOfz4!uMOR{GtD-)qmevJ2yXBuaDcN17Qz&I#`
zi}Ld$T<M*{24=ewyM!zZWLU)e8<jp#akorAGbZML$O^<a3-4UMO%KbDZ_aR~+y`ou
zQl{k|CODgd=d_Zm9E<h41}g!U3;=E0!|8CSBBojjmAgsNSuheeLFoRSjL<tr1cRZ~
zD!_6Kqxayb(5*4H$BFdBh1D~YZ&aJ)$5h^!x2uqI3u)DK7G&?iH(&c16S*nn+6uw$
z(fxCORyH%Y2I-yH^*r9spp<v;&k5WX@u9UqA%>s<t*sE@K5X>j8X;9}!BQ#=nCaAC
z>}3!gX@NNYyCYRMSm@DiWlL=giQG*ak<jWrsIo#Y;gVmRZovYIf@_L3IZ!JU|0xTC
ztqzIMustkQ<!Tn$HQ}>z{a<>fZiKN=942Xh^;AV~{90^`<a~c-Or<hWo0y7$PyY4v
z@{hAGmndJ7w-!F|0&qJdskynTy6>&}={m^BLHar^k+C+3OnG@aj^bjE7+qZpN0sp!
zKqN&!wo81bRC2<w9B8L5rF3!n`={~cm-CaW^OL`PIXyq&gEtkj^Bs~O)UX}mUg9d3
z8LR;mf2W=}mxN=TCaDaM2gtN{<BOAny?_1Je`TkKP(g6OGj^i05F1$tP7*%pHYmt3
z>V#2C<X^fIHcF03CR2Ni#EkjIFXA(JZQcU9U?kz_0WQ6No$h>H(QgLbUipE&va`Wy
zYP0NRzT0$YD4<)|0OW=%yzWC8o@g3~W%Gh-e|P%K4Ik?u@HC~8iggw^ktNK%3SVr$
zz$~F$(?!Yf$Q0=;p`Z{^E}OQUMWqhRhc%?eP-`CcBR6K!O^_UtV-m^cuECW&wDQLZ
z0<Is`8S;ehyW8KW^l5uuaED3)ikS}G(LP%>GR)rfkp4_VG^^uGJI=Hj@~barYNXZ<
ze`RhBa8nykHp(1<oAxjFA*s#5P~~#G1Cx95-G%~5{fN{Qy~}vKCKQ)t+BAkvi&u@8
z81D7GAY7eR?gY~l$B>?oenpK|EPre_L#kg>m-9UFgvWUt+(OyAMxr$xDaufrk>du=
zQ8QMfzC*Niam$vbw~>}Ixs@&HIa-Mjf6#4)*v|vd{IPJB$9VG9Nbc~}4zUWBLMIxL
zvZc7FW=Q%)(e4E-`;mMsZ6VALz1eKUwzkcR5cdr%UEA<>ny9UA9Z2H(kgir@X~SDt
z2XEk-2nEOo+uK9<_XO`<Y9TUrb8E&{>PYt&M7p<6ed~!HE9jk5+$u>1!p4jmfAPJ^
z656ZC#e%Eg_**&FT0DkbokMX<hqiwWeS}qW1r23}Ok8fA-3V{I+esV@>E1YlrY;Ou
zk78kcwZ5Ke*%b|s{e|JF(;y77+bdr_kL0&c+rr$4zx*cfW~E(*(`ME%8$6&kU+^9i
zan#t!mWIfSPh2KVNg&oAe^**Uf7wFp7){OvBkr&YMkPin#g_04XHcgx7AMk`jHY!*
zE1^vb39sY0ZlxNmRR)YDRLgbluAJDux)F|C1lq?96QElJW2L%%Y6{!eVeTE~zPaoG
zbN7n?cPg#i+Y>6q;0G!8zJn5;IM6^BTY9&o7w#_4t#<rdHw=8ZB!k1N8Sz%xR^&J{
z<IKX6oqz56j@1(ehmIj}yv~<EuK^T)pZsOGy}gq$hHSZ9;|5tPWWU$XVC*><KJmFP
zv(*FTc71Di+giAOBJ5;enS2g<p$%v&<hBNX@4)vbUE<O1ZdHqX42=@6>3X1p?U<}t
zkceg7isEFVbid3IRxUq0Ni!_8_>pFr>{!i=a2HO-IHjD(l)n$1IFWs;d@j>}ay|1k
zo(fm!UE+E(-2h2uI}U!}dIBEe<sJ?>Lq&IhDr^N^*%Ew#>8mBC5c3meRe%zf`fYv9
zK<3fEe*WG9PrRl33v|7$C8EAa=gOGso(c)G&S@J)gaBJ29VYWOq8~HY2u$p;UGh>g
zp<+fM2Wnu{oEONl({3#DR_yG5eExiX_Ej?0EtP3T&$8*0tPH6OK}?`0-7bLhU1nmq
zMP<u2be^qcsj^Th19s)P=>ZPsPT8~Jh!TIw#0jq!Nd53@dNeqIy0;0TOZ_!(Y^|s(
z=wvfe@<lAexibtCzo2m|cD5Ei&lDP?>bVf<r^;J}=;$828Cku*VG9m_8!y#S=DeS`
z&MlFvMv^N5=~9$MomtvWEpJ!N_Pa9AKZL7>Y7&N&uPRnVaG#exMA#e1f80j!@eRq`
z*BUDSYf(jKkos#yD7IW-HBAgba%uI$T$}#vF@k*f*n-V9gv~WnD~(?yn4@lG_32QV
zIIA~v7I+od#v+3(8>zP^nK(E0ts8_*X~W&Y;T;^_4Ec3%crBNsgTtE!hkva<#{6DK
zNe+dVcd-E-f8Mrwwib&F)`u$15c-QEYz_SCVI=K_`zz;s4|4u>%YfR^_C`SM{;$8P
znBx7(@rTn-B9h>1t#%~Nejt>av1K}vwnZfE3)0(q;)`bAXoWFGn4qvGju+fv)@$MV
z?jl*x>L?JE60Cr}3d`)_6e>cTr;f{gK2(=7ZNV6Re~pqQaBPv@=GmSJPcU+ZHk~dv
z;_W<nH(tTAi4P5<eYjJxu>AzET|5OWNOCHC7E+!N-iXtKkjtp!X6vJP58-BY@uLE2
z&;?kCp8Lvyy0lnq@D=*^^Rmj8=)kOP=x7C^>R8y0g>5VgTim|56;gc!6ier5V3@HE
zY%K*_fAucUUGwISUi~RcJlfr>YLQKPRWlS@5}5~xl_~k6!ZX^Fw_rxJR%P%SlS7rp
z<+=MKRwmd?KWvSNFou3K3?QvgoHUWeXt!KAB3w<XmN4li%_B{K6vIZ1^x3%S*^3ah
z(b=;E8f}Rv9zu(vMk@NEdStX}p{bD9;6i2me|sMoYVf0wUa6iJty-XKHBCz(6pL0z
zMLB2o%!p`h<d<u|x{kXwF;VjsWtgZAg9Z|sjw*vf>v57ilmy-0t|bXtwHBu&D0DYp
zM}kT;um@IErpf#IMX?OPXA+-~7`VkYA`QtoH-z{Ua^0Bpl&2-4p6_L)qlooP)5m~$
zmyfdnWhf&=HpjAApc1<bL-Jm~9PR`Eg0Dzfq^Z-8T~ae-GjgU$=*Atg`M8%Hv;jI>
zcjI~vLmD*o3YkqSi4aZTk8@|hWr>dovjFJl<I|ytYsAA2e-iSh9O&GSZ31Y6pUBx1
z$YlyifDHI7f_ph|g`gqHk_LgBcbHozo+)&%ubnW`yW!d%gPf<Av9tjc0dJSav;iLh
zx|im(0UlZ&(uTBSH9J=Gr!4VkcfYDdPFc;(IZdODD0sdOw!KU*FWZv<IR(C0Wj3-Z
zfH<e%nLlsIy)uDk7|!Qt8`=`dp0dYX$hV@1RR7A6Y35V?<kzNbQ%hub;g?>u0UH5X
zmwL4UA0sBA?N4tk=esjao_Vf8^)k&<J!PFMQ_1Nwxu<P8mG6_+y_dYT0V03L_7YEB
z%!|YUU$|0(yV3^BB5<90j_oJQEgTL8GD?N!2i80Z#Y;n()eN0Dgrqz;s=njQ^mhL+
zji4ck=Z4UmGU2i@!YL0uL^xGmId8l+NiSmu&)i$&&`xa+!_A3YBhY3jM2Bs5*k&{2
z*I}ErT#gRgY#O%N4Os8+!ACIQgO41dp7+rPh8H#{aKYL`3|{{Gr{VT%1O`uiH+F@_
zTXAUn5jRM4d@NW(MPM42jkW<A4(@z$THd(JhCo>zO!$JAwYC8wf5Utwh^qrkoxm$(
zWi(xDh65+!;Q1B_J9u_(*%R?p3l=!C#5Y(3zOx!Gf?N0mhlA5hcgH_YfByp^!6l@7
z#-C3uI}#s9UxZ3qcLB|bgs;(*aJ>FtU~XqB{?CqMXR*Y>tt<DvZS4FcqF$f+&PO#<
z$(7UuES#b?kAH)!f7G(?sF2k_YAC#M;!90Nw=u$B26ID6n*v|75+1x1TXyEcy1^=|
zy-Q6D53MiaA7jkg!B6i7mSazEXtUqmgAhJz<*-VIkYt2hrM}Is#z!PHMlNUW9FyL$
z{+xHM5YlenIu;Sf7XRUx#wXE;Q_1zAc}9#b3mB%mAn|4ve;#LdE=*VTuw$}*>h+?)
zn%k}i=a6`ZS>k~CQZCAXlg5bj2uE@Q{Obh>c~1!W;`}#Bk1)x<Kv$yY&ZQ5CR}3^n
zvyb(aNbKJTt}AGrqoHd8Oqdr-!A5~0JKFjGK7@}OUcz4QqX&5#xcK@x+&F~4jn}9h
zmH<h`i5)pme^X=`=_j!^xL3m#?FH@#tiEhZ(Jq{DdIL8BsB1-sFK)2zquqn5R$fn@
z!QG$q&_v2GTv&?ZCCbp60Ndno8}=1hu3<C{U^uk&zNxK{cAUuV_xs7E6(x%W+)Nhx
zS}BuOfoAsnc`MM>$)80&K;spMiEw4GnnjTi*0e~De^Ad-68-0veyDIwpZ#U+ga&&F
z?k~hjse~79B;q3B3r(E(&VjD#xWrL1L4O%Xf76?^WD#=k9z}$ygs-HjLqU(WUu|#G
zj{{}zu6%nTnF|cdKJo*(Cn^{a(t96I&X4~Xf4bZrspn0nR3)Zg?C*_6Syo1x<Avjh
z1Cq#@e_PdEp)FfSo2jm!RWjX>Hg(NFf{e%+Y#gk5OT?zNER#C#MjR`{HJ6M-Dt#}!
z64UboL)Hoslp4vcsyz3bu_!|4w;<Ri#RjKMUK;J|6pgQL3Ce-lEm;%EAt`;N9q)u;
zz$r1_<>JhgJtI?Q$))p_kdn+uax+<{1s+inf6m3XcxIln>T~wpKoVM*ECQ3QT_8}u
zQ+~`O;g-<GsfuGlX5=<`Xgdl`OiM(|28DuR9`*xC1K_U4Ih2lgs7x{#&cvQjVM+wg
zf@!j#+uzC_d~;S&<{FH&Ih34;DA`PAjcpmH7~8cD854acoO(!Z(lk9>q)d|C!W2)4
ze}o_8KhYnR&&kSCcmKheFLO|@-kC0{j4j^ju?4(|_`1Gx2YM5PFu+OprE=U7f21?h
zeWxvU#b{EAcJagoW4N*sAD(&L8pC!>Sn8p5N-Ov7zy9-oM+G6ghy)_2%)ge}px^Pu
zMTxT)VADBR^ce%WN|~JthmU8+n7Dy?e_gh>#e=x`g>afj&?sK<ui8#F-)l-I;S=84
zZ!aK=ain1j%##dLjo|3bU{@CuQFXsiA?9hz57RnZy)uWdkC^R+e%Maf0d=o$VxfWL
zZjwqm(CSn_JC3x@CB`T8k-a_7S}64`=~8^AsKhE9P+%O};kBc(+E(wDikx(jEna__
zhjoVQrgRLcJ*RtbPNNxe?kL?Kliv%Wbkk}ALAui@oYNDo-1!w_h!dB5y8$gnUjxLV
z`HIh9;1e!Rvagz@Ac*;bzl=-rIpB(QH1ZSD$TY4T<(dVPfm?-U4gjZNh}D-K3w#X#
zn~p?K!|vqF@m<?{^)F+W@VfyVfBUaSDV=Lue|09-XM2VFjgojV90g28|GE(st*!5u
zFQ@OV|N1}w%Q}}cu|6w3IJzH<Y#A&4rks^7DDMaXMKGqpUD#f4v^@|}i}(P(HQ#Gk
zGvb<&(NcO15ndC>=$Ed+^#ohZhN}f@V9#zG$eM9MLCa>BEX)ATZ-@MVf1Tlso<x)7
zBj_xLqvvHmcPd*#$^)K$i{0HRv9qB2>$Y$0Sn^Glp7{0=Gt|p4h{fw7^bcZqvs5?W
zZ6yOMzD*L^)79n(bwhlM2IA5>J#S>B2G*%O?JdNygt~EQi}VobL{sB{YZCg@1J>Qt
zkUlkn1WkjL)$wWhZm90Je{SFr?dSk8uas3OQd4lRRsz%Gl#<RjSf%7}*Ikv#=u4sD
zC@8(@Z1y4odD_y{FQ_maS&rvkyRav*=f{Jt6TAT7Wr^vuCDoV+LYSx$27iZX%8@qO
zHzO+~rBkX&JU&J51`aDaXqC}v4J3U!Cr%o4Ohcl<8f%5Sfznq!e=}*qyC7}M#&boc
z9jdwCxBl!0cmD9Uh*hRppi)GKS+viKkKS6N?QKi^GK@^1&-Rw$N8#s%?v$UoyQ8su
zd)7>tgiWMekK?gg8v1o*#q=L$aJB12beTceG2<{LN6Xxpb1N+o^v$W~4mx6xQF(SI
zy0TSZu+z@hu1k^Je_#3kUj6#3Y;g95x12bn=K;6p1y}V?X?PU%wZZfmV^E73>y<4*
zuAN_G;#?`L1=OZ~N;6@&bkqd^x**jrBnXgjJhV<feI0)|eSbCnc=qMfrPhrO<6_&N
zIshgW1v6OqUpzmn-lWa3{Yuj1ow{$V?x3W5J3ATG6i%rNf7(cQo?gK?GefOG{n58l
zzG*7hG_`}{Y?1{eTxh1wT@Zfjtb6%|3n6H!!M)vV>caZwI7`frcpe)i_UBO3JI!80
z`=_z3X})`4)^~F1{Xp(ZyRo7Yjg&!xpM>?90Y}=Bm3XAyOSN~ti)VN%OUvB})u$_8
z$gE3)-s!t;f60rHLQ?AztS}WIos?RV9Nm%UMvJS9h9p{iPRt}+_e`nbEV;|22sr$V
zDLRY*3&BsF8QiE&<$L-*>VV%T1b)Yys!v^Gv@g<hq;ZeDj;n=D18`?X18YQ1P3S0X
z$2SQQE#Ec_9goIM<xY->TI!M&yQeHAzXcxe{fE)Ue;WELhoHo9=uVPY7DKRprhmg8
zbykRy`P`klh+`!FEZV|>hTL(%=?^UO@N&)sh=jAi=>=Im+uINg?$F>44Q_(`IyAVZ
z3sc|G^4f6*Q-;4=(bNVnOdLb5Z(-VqjydtD_=OC=`+Njhz0}o9XV7ce!e*?`*YwCc
zPk@#^e`a#DJ_}V4@fgXyW(c}NRSQtn@})JYRb#ysxSA%`S_Z2AS`Mn3Wk@h<stDOQ
zq_2ZgUpkcflC-s+sGtU*IvH_$j(?3;MWBprLjwytR`M4M<N&vj!lulY!XlOMrGF!{
zyb2&)7AuaFyZnM*5n=mORZS9~>jDu)oqrcgf1BP1?&b^gJfK=2Huj@J_?J`hX>ex-
z62TpBT4&yr`}RT-2JZ5knun<#R=;Ek`4>~|ph-=1gY7XVX=;gdfZrJ03Gpq~z3#rc
zMN{yajy~<^({fool0I#PY|7!%Qs}n0zbld_?Vuiu!O;yU(N;)jzi+)WJKu7`AF#XC
zf8j&hK&tMJ@*ep3-SKE=x2(J4o6(MZD0}IfpQ3Ji<G-46!c_~9zNxHaDqGGN-q98K
zG~^ir$0qA>8Bd3+VXQq|_Ya+=g9qeD!Wh|i9%=6k|I**F^u0zJn}J`4eYeO`9dMW{
z$1|He*yk;KSGI=l5?6SePX_?!f!@f8f0JcPq*;!=m;uDwf-QrE*7`zSmC1AyI@g9R
z4fPACdfV2Xcsw63t>s`SF0)k^E-7)bGD9#j8lBq`xj$Z)M@)Lj2BT_31m8sAUY4C&
zXVm(!prV|*T!tp5f`)<v*c#j>mGE7a$@|<H@{M7RzJ1_^yuy~|e;H>QnnP42e@6tU
zcDYgP3UfVAd^!?4b;f?I1wt*u5~G{oPPRW?hOV&VQqiH0YwS`NSMt?zBNG71<2(E<
z5%H-xt;@P|fLoKtAh$e?tlh2G1MFJ6wq<R$VJ%#hNa<<WLpOa&FQWCzEUj24?9Yv9
zh#T#=oQfzjU9)KrhH$-p2`O}#e_1ni<kSqJ?qo*3B}=Jb)50FJAnUZvEXE|_Ag~o(
z>dw_g;tnq@`qoc@mloEV^k5c;#IXA6w*tf}_?Y&WJClk`Ky?=MbloZWB=Dj(aS1kK
zN5|QHhWk@)$0)z4x$ZH$ze%h)*`^_y*I}U@7TN^)by#Rk7pA^gXvt}^e{J>b7~lus
zKY{*4*a4UZ{ADww{<Z$F=NclY88YrT&jQZVT-6IIK^TPRM}4K+g>#O!H^4cwZDU|(
z?CvxamFvLH)_|QaN^k2)=b1f54asBJ3SH1(YLC7QTHO~SV8%QkMivW%?Izgs3FdOS
zBoUhHCyF1-JRan*JQuRWe?h47>Nu;f_|q8@jgsXu2*o!|hcc&>C=E{&e_<H$=sNMN
zsq69FMvCC?0Ah9Q1=Ov@J9U8Qv#Q{a1ETP9!%k>wOo*tVhQ);FQHBmRU$U7-!aK|R
zB{F-|6pp4NMLSZoTvlbID2>z7c+u8(B<%pmb$Dn7fXqzu#Zimve?Z8cSG#-b=3)P3
zECR$JbnYE-{bUg23s{zYvA0w94ofK4j@Z`Vm(LvW5zs{}5>`>&xgk2xjuLFR;kY4t
zd`&s)s%1uht!klvm#eBdNLRwou_IMngMVdxn+z~I9_1*{1M4kbr<G3_k6yicMgQo@
zfUVy@l2vXF4}|^Of8BZBqI1nezYC&=|1A)?y<9rJM7;ll{!=Kz-8PGGV$Vok=&Y@C
z%}wZ;k@=zQ_NP(GZk%$8^x*LM4}%Kj%<SP0VaZtoBNVyLAYx^*-h{6utTvAyJPN7Z
z-KmzSty-%U7b^+*yt?joD!GP@Ex=&bxA5Eyj1@*=^MuKZe~|OW3aO5`-u-7+r?5Y+
zum-`EiZ<t4v{PU0Yuok9Fz(!yMAb~Wh~W;F=+8y^O{UZLQ6X)t7G-ngu0`Ix8JMNZ
z$<CtaPiD4L;?e{s)oXV%PrtW?0>F{_+Xw}Tg>u24xi-hX!CN;&IXV)uBO#k0zm9~g
z>B2OCgcNq2e{)shaOn{PDUOO1ffWDFS^E-4w;7A_wLzdH6gD-%9~p>EGsN97lk1pC
zvA{*dWci}E44)j8<CA>NE3)>6IN!@Uy*RT*Z+7<f)3RcZN7sS{<EJ$QN2?h|={wgp
zbVzQ9@S1>8zHI%iC(EXAN+n^Qgv}@j8ud63|HRt4f2_LNMQbDxMu3s71GqK_@8_oX
z19hBITR=uDvn@2`+YBdmBu)S?xE78U<iAv-Ol#`dQ6#=U9age&S%*T_8HL3B@hTE4
zNaP_UX^7gD3ZaydG(+pWO0!EC!-csckO!4o*|brz9l_WUjODWG2*!=X)Dev9r1QfB
z<4$2Ke@ByGJhtaf?kTFY@|W@P__veoj$<t47)2NhGprG0jDVq9Bwp+;Jym0+6ObEr
zP|cLPyZ$LHBTj<Z1|3oAaq?BlGg4q)#ezR||3p-aNl}Ydy|bb{TanNFtcBm|q<o=u
z?jo7w{K{;L**X9T)d}puO%qi)6FiQO$HyEre?AKEl50~*hq-zvX+|woPh_0vj1f%}
zCOOwie}A+)VhK~T%gR~_N>f*5-P@Pyx-ZqW)5qu0$Nf$pbNV>mlj_KPPK3!u$`yBt
z`8<lLB;Hch)Tl#pK}#?8t?3pkI~vG_nB-;YLPnaAsl$#md_vMN7cuZ{90(b<VDb7!
ze@jPWYfSAVatisuoxb%+t9xYA+&y+L2GXt%;2M91GL#M>B)`{V!x4Y2_1zvJ#~7+<
z;i~$g7v{KgE|`L>Q%`RT{dwouaUi4YFlv3Ve9DY`$2WF-<4+WGGvwFtjWu1E`tprm
z!7v{dB)(3`W*=sg4}*MwH^}+e%~+MMe+>W}<%yZ+D&%kh>sWFX$Kr|2kbK8F7O{?U
zt&2d%P1nC=*yBz)_Bc&MbmUK0B-5EQw?#C8qYaP8?<wmXh>%RU$<5d^H3J>x$P(LY
zi1?a-I=(cWttXvk_KHNQ8eH0)Fy`5LRY4LnuL#dE*2!Sk&^zTx<FjCzz=<Hte>X3s
zdZE=53);`3jjpe?epF8tMt<huH^U~C5r**MH8XdLhm4BDA=I9P!JYUshx`Yb^H+)(
z$X)>e*^~(k4I?0@b~w8Uyjhlm%;=kH3mM3J^}&)XZN@&Jqe0rIt83a4G7hP)ksYD^
zn5>i@!gLOYrtQGelglC=#P1bse*n_egBNKfDfyK~Tj$~0NCeVqz8=NZ#6?;?3b^|z
z<%Y%rmL7&YwSx%U>04u82PD6IIekxO07b3b@f1dc;{@!Sgk=E<P|F$ds{D2vSj-n7
zK^`S;1vKbZP84_H<PvraVImT!ODXS(2%^5h#GqBqN`db6qCm9^$qqaUe{G~0#Jf@A
zS{`tTA37ech%j!^W{1@a5d9uy<fX^~{Ed?N+?~4ME2P_c3Vs1z&0tBwx-5VWL3Pzv
zfJ+xRl-ojgq#;(nT1s$Kl?sT%ZVA;Ln@B;qal}$@IG+#C1(TkSoOJA7-rnWsFuOeD
z9X^#NVLosDwld*gII$7}e-O1KOgTYMLRa9SpM5;NG##}=>mQVs$<x%F0m3~vC>RsM
zkJEq9-A&UzW6mn&ZpxZ3`glCXT<wARbWS!I&&BGq{;VvMZ9H3%+4?JHsW)ys`F%D3
z0&_$U{Zkw9X!y5$h~Ogltx>eJotD1MQyGc#&|p+(Pg1$HB{KS&e-0T{Qqbvl0#$YE
z#ZOY?k6Es6iP(<$qClorKM#Y2AxpD`C}C1iu7BRas#VJAVRLVL*!K>O&%V5=HUm#s
zJm*^a!wP;5X7(yWn*mf!!_KvL{qO&yZM*sd6kM<mH+Zqx+?8-h;L}XqO$C_^FL)*{
zW!G@Ju<P?+mZ&X9e~D%$i;~PBobn8j_;GsUOuwPfi-kLLqorrBqAfX?);zxXJ>iys
z`0sG$_`$;U>Eq}s8L)+_nlBef8S7vI^ie-+jl_GkWc_;MiSWXQOA!gvTJ)`RY*lVS
z1Z3@4lLRg~g8*H)=M2ug>3EWZB_u{akd+~8#Vddf@U^RXf2Pm)n*MDpf%t<1HHui6
zu7MiCF24$?l5=C<I{GjpkDX?vVekw$2wSq6YFxKFrws+(yyM@xVc=ukSj~TeazGf_
z-qvm4VsnHA#PI<P*$ls>uhn-X#Bg%5H_TWTjt~GRvx33j%P@e<pyqV*10wSK=EPfG
zAXd_kp-%%Fe+O>f41+-D6fREeczPpW*pzBPt-;a<uzac>Wtv;LC6!CD=F$}+r<WxM
zt+26hNILN9hqyu5gF~2t>^bn3jsaDAzzW%{ua7w+?+2=AVu@7a4&+cj1y<raa_O*@
z2R0B<jqp!DeI0)|eSbCnc=qMf<v@Jc`TMKWPvhguf77ogl7}Tnic=jfQ?W9(YKZ=J
z&`bd|W2zdHGiS112DHrH&giw&l`j|X2iD1#bKz7-bySCAYnYk6a%LuX2VV|>3w#Hr
zAj*^v?6QkLuEy`bjz1lXf4v)jfFG_d&&QuGemgmD#)hgHQPWLe{SoPP`dm}m=7for
z+*)AEe<tuYz!4CSx>!^VvgnK>Jar6h#6wKVs0$^Me1Z3ivO`ckXLgOvgd*%BmM34J
z1bM3%;HJ2-4TD~wj--edH$D9IZF)-kQjI~)>k3Wvg{XtsD%<mdJJya@=*q%sGWx>3
z!yH=#De{T8K;G*e!^AgD{BOR{7kaEI)z6N3e|Z@5(h594gmY&IrDXAz);9q|V1?^K
zXbYnDiD9pAU2F!6#5bYiNMOXMaZmuYYkjvy9WU~bgkxo^E_soMrj|@Zqy`<MDw81B
z;*E(`S=XcxhCn}~pm!c@osw1))s^up6ED}NjD+R1q(&`HFDYWJ=x07DE%voUfDh15
ze?7jvUq`Lp%$?7LpDF&Wm50jOq;$G_pYH17@AUT(`kT$jbUOU(I-FgCPLCg<$LA+s
zPtGsKA6S2ToPy|g9>W8P7MZ)rrHTwxnfl;p@TA3Ut5PZIT8|y$xyUFRBDYM$4~5@A
ze772CgaIUFXHB!fJ*DvlX2T$QAW|T@e`;TpV_%^zt<r#06t<uCzFK<;gmc+by3l-;
zmP%kbvnK-<-BlB;o;+asoPI4Br;I?t*tDQpf;L|}&^y!_O|}qdFjL6L5uCvwiK5cN
zEzgqBzj7v7hM(CG9qTB80!kpKKPRyAMuUxiY+4KaXUlMb{c>DDyX=9p*LL>ze=Q#I
zEsNO=nZnee052T{csaUS&)V--Dx}M<8b;d!UG`+cc^*ryPli~Pp&F45>*Owy#X#2m
z;Txw@zC>g{bCCC<5<fWtfV#$E;`8jU(2c%rQ2fV%8FA=3;#VCA@Do9RQ@rS{x&-^h
zN<w42mP-frC*L+#3qL^a9r~m)f6ODIiA4}PbXQ#NYZ|g%h6bd&Un2r`_7CWnO(|@3
zC_sk-bSS`PV(CzTO;7+-jk{nC0kC5U->D-29+J!3tt^*^U}XZZTgI~*UmTyF8b@wK
z==^&)8Rb%oAF1Wdm^<I32dh>_@f`me`q@)gHM~nGUirM~(#k~4ss9Hve-@hP-=fUH
z58<5u&YGNmHQDIO#JhQk>PiT)tRe-ERaTX%$?iYcaQ7diyZ?Z9|GNk8{)3i?SWflu
zY4p~QT7iSk3fx!rLn*B-@inBtSDjgSV1W-@Lam(zh3<IiV)IrOEfKBkV39w3v?{4?
zc7*~*aUfjpEp<gz4lTz9e{U0N_G|T2zCyFSSO;y1WK#<ea$hL3r3Fkvg6+<VX_k@6
zveL*It2cp033fQWfv4)d50Z#0fAIXiVNjkKc&*Mh$Q}jMX&|r17$0K0MtWwxivTtX
zpavnEnABQiQfpn8ALn{e8zzMPFZOWDitdC8VSXE;{q(*)^a9b|e~#<$n|<QJBg*iX
zX{+qA8USbg<>%n}qkY3>s8m;mFDS$7T9m!2|52~W9qGw`mH2N};r+wu#pQ6Ditlim
zn8`Tthe0bPtY_f@EL`6jHLjG|mEB)Z+5N?8X+3MKYKlcFWlIWHp_Bkj4vjUDvqa^J
za1B+>aUan^u8kfUe;I>E@-r)L=_)>ai)$I0N3#1++T%z6nzHj(cPYQRTD*1ZI(M0t
zik4Vf5s$9ag?*W6u}ND*Kr#`p^suxF)%MXq&5+;%JJ-@(=r*UR%>WAa{1n-G2O2uS
zyN;StM(XPAUA=wtdOOKQ+EwT{V{};~s)hPj2@~vkIO1Tse-eQ-?2Lu|&CzWp#o6F;
zw?e8SR2&PLxG}bxpFS*S*$N5m^{qc69ADaN7_U`iEPRCB9C5M`^nJd97jMM@{ud+-
zBdX=$-<9__SpU)9UQ;spXpnq9beH1qT{y8m<e?5Vrpko5uF|YzLWvKMUn(_}<}G#?
zYMIE61Ap#@f3kNx*Dp{U!buXJn~5Auk-dGpf!p^o#PqOj`v0JGM%}h7-<H8*Y3th(
zbq*rcoQh?y)mGP5zgg;6GxDHn^&<<X-AyDR8TAjCr%3rN)z2`_QwjBi5t^l(!_GKv
zpq<0fdOoJp#1dylgiyD7dvFMun8Uz>1_VcEbl(#3f0a;RISbpu@1jzoI9k){36EQ*
zN`O;HFhQvC1yLe?5T8UjQt`GF?$TRlySg_dA6n~*`d`5*#ibM*MCB)C9<#8IJ}nGZ
z$IW~4d=TKip-o4g2_FhQIuW?kJ?nFo9Bbr!5#AOGfXTCY;>m=McqPuMfr|OpG`-GO
z+T<62e`!{(pP=h=7lhw3>c_+jY2eK9UE3Q5^C8H=ojN!sVqtp_FSBMhCE5NGYU?{x
z)V(xFyIfg)w7pSX9iMyZ#}4#6Ruy$Qa!;I=sD&*opC6Qz&moI_9YCGT^<c{oHWSeV
zY_l;$Gqyy{3hDAdw7rIiulA+%7pJlHES9nte;Ab%&&yUJSl?V`ApQ|0$UA8Tae5E<
zC3+a?6?bjkjX3GWr`=aCw<GcO@f$Yf2ybA$T;5&hrC+R!avpZ3f|+?zLugzf&zV5g
z;GIe;k-M1A-e8FSGEw(7$04Xm+C6onZGCrHy|xv)u6Ta0h{}rRt@z^shgReHs0ZF*
ze>pI~mc{)$U9ywysw7CDRe^g<Uqggf*bB#<TfXDWL_FFGIq&@lOF%o6&S9*XHpbvq
zTNU50YPEZ(O1rINc@2U38K^x2JL4gjHOsFZ=kLEgZ@#oLF+VhOFCC+|`8Mu#$l+He
z$D#sfxNcs3^xywSrXgxOC5F?T6n0=hm)q0<6F*im1#H~?!+ME&k$PK(tlA>;NALFE
zPP&a=zR^p_1gp2OA?mjvf4|byQE&a7Rt;Jrz(?z#*t+MxpS&9%|CcS*0WTMW!=0y=
zyKp(wS;8$8ys$1Cm~|J_pR<>9)d4yI?3b?90Um$nC%=99^d1#?V4Z%tJUKtPxNK2}
z`0<y^KmKF5J;FNsm`*!uW=A)Z0Ge&e%cc=RD{d$!gHVc_6W+p#8xseu8}Y|EVKa76
z%?j_4GfhG_?ryL@uJqSJ1+HfiR$XqVPT<*f*_y)QENowxP3%aLt`nnndd&^5oUeEV
zvEF}PvWl4hDOgFq^F9$r(YHu=3pPK8>Q+>`vm(cj+}OQ^TSC6=PhIF~ZpU_6(Ozy<
zYkK2|x9uwTPg1$p#2WZ<7<dC{^{kGj_iAVVVlPB+fGwdv7U>Z-Mv$AnNMT;3B<RA8
zsM;TL*&kcn(@RLX@ZB`maT$szglAku=!AbYrmWP;I{w(A2qAmNn=lOwII*nX6HjtN
zifN?M7}b4h%wf~hTTy-8p{8H!lOs{GSU}$rx&J8kvZpuLu8d7HirMjR-7xSM&)mni
zCKutwA*0<(fFL<Y;=(fvRgk0Tnd7+=Cls-bw^D}5uw`wK<R0S|xKX7`!J`McM;?E~
zkGIIv2NNi~sXa`a7s|$d5H7^Y?gb*;w|e}0OcyNd=o=-a#Dm@C`Au|Tw0BUIHeA3?
z+RP~7F8Xv<xXtQSN2pAi#!WO9K{j0m56W#PMT?0Vl^En^C|48P6ArYqrN&cS(Rd22
zYQu-B8{y5C*2wvxT5G86p|tsY1iXJD+fUZ37p;7;LLy+QS#7M=I$f;Koti#SP319L
ztggR!@ew|LMdG|dz5V4nKI$~}euhZ31Ik#}ft59{1D*nOg*B6b3U+8@(m?j8y22h+
zS7M2^b_*(=MVM99Ven!EF0tlEwPaOr6MP<D9{+*c08&<B55RwD1JEF<9&~?PvMv6#
zHF3Pazt*~#^CI+1ybuaBXJRw0tVuA-7Lr@OBMjTEjIdeEOO}XE({dQ(7fq39mE1Pd
zSyaWMIPyO2L&@`-q_XdXn-gw9ej0{eVqOtgMl4HWFpr}TrZJ>D;pW;^5HG=W*tY?8
zFt9!9pACJreZ6fJF3{fgh(3SsO#EXmP6NPs<ZUzImCI~Q=qwOJP0c*o9sOEMQ}Wlf
zMk!QAS*)O0>=+gnJBkxPhS~rFVVJ%3X=wIf3pyQWIqfI;fZf~&6lp!qX_Rg>hl$d4
zEC6aimA{5YH0*>vsz0#81e<FHw1w<Rf=#2ulkae#2vu~_8(MHh#0ew3?kBc?kT{je
zWr`rfPa6pjY*}M?!rXm_d#uGh4mPgjP<lqvAES-vkFn<!RD2&?Eo=||aXdbMe{nfh
zg9`KstL#^a{S)Ozu5-H83$CvT&9W1iJ_=2<n$j_#Ufc)DuOX7F8T8Q}ovmlp{wp>6
z2iD^*P$#N|H(tfc%tOcdyR(&l`1He}TpU9D)C?h5D{T}KUaq*oyu__LL-zw;g=IxT
zf29f6mXSG+C|NFp5ZXE{p=d@3Ajjc0*W%y<#76`3F%@qKz4T4c<KxNu(=Q(h_4pHi
zh|nD#l*v@e%vp-_2LD)iOjU{la95h*QP-RZDV%+P$|OEZ>J?Ezpm1t`^Z~1mWh>o@
z)wB%ANWPV(fkvXDM##rgBazWC9P1ZLcwM#}({R<MR1I56fqX6N=1|zcK@DL+JBDCL
zE9&exK~Cl~k&;2+g@y?84uK>mouR^Dg9v%VFdwp<s`ggG-G_>NE93^GhoT9yc0*3@
z^Q?sf5vUt2(1K);7#SjeLzXDSV=Fy)#1RErDc<~6&yMnGC|(?{S|Mk%9YhB7I2g{{
zYu8Mt$$d<O7m6J6Wv~ps<84K8GU;fK4OV=#_qwVz|K0JCf5K7d``RdUKHGWz`8k~F
zYX12?+pKeK{`tM5&-b4<nO&Jg&o<vT(|m;0gW)4W_}6eXAFellE^h+g*@85)$M^SW
zcWL6rJx5ngpSfaCnUEh)F@WNq^$$ut(eF98MgRFN4F2wLQf)y0A=NjY1%55;0jRAT
z&()SS_X7Bxdj3D_Re-E)<u)wI(@G93-?`&5d(nEyI@y)2b(A+YR9nRQ7wp57b&hmH
z15T$M!W_gxsbM&O2(LtcN8+FI4NN1&V~g7%S*>EO3rMLdIg4rPW$PBPF*&XthtbO;
zG!-|s2B=_CeLXylgLR(9!9AYDK}#g2JPBb0*_+Ugo9_I-_x$HZ?+gt^PAu)%#GZbG
zUr`WEegdiCTT}nKqna!qNJWj((69gZwEVK!%%4>i?*?dplN>gKA7K`s?j1vn-lud)
z)^U~y1~~=>r$iO$maJCqlXGo@IuG$7x`71;R^KA$z{s{<gJqGYd)mx_HjEX!3)mI@
zEVwfSs<m|>=?}T+ub+&v2}$nV$$MzYa;QcvU${V%DsIO5@XbgyTLn);FiCJ>27puC
zPV}fS^(7sDar6~Xxhv)Waf_Et9k*JPPihS$@iJ+ZHM}JS4PH!|Pg0bya~!zQVL~}+
zd_#SWlxN;Y(kS~e2j#t2bo_?i5mBPwqz9jFUHXuL?zz(7a%lKhQ2k@A>QV8g4_(!R
zsf&9Y|AvxOMx&JN1rR{5cC0TXd92)DFh>0wS)VO`Wr+GkU0^ojfLL2D$W>QeU_R<R
zz)>*?&_?#>pq%|df+{M^4)(a4J#>_lk3&XU*o0>6rJ5l?6Ucc8r?Mf!YXSxIlC`&<
zz{Uy8Nf9E4Sl{)Ri4>{~y0FFx?p_89N>QDNTD`#Hz*p1PM_<2NHH8B`jadQ^(IiY_
zXNVtvw8fuGtT1>W3N^~idBL=Vn)q4P?d6szCz$-#5LcmzSP$-89J7;dXPDc9)PV$g
zbTwcvkhgkT#-i1Kl_Au1Wx^X1_^e1_KZeJuTE4J3(LL6N6pK5^r-OVR2Kf-#qY*55
zDYl&O(FTz~-!CZ$BeJA9p6UEf0ums@n7wa*E|f2qtV;bC%ICIb$jfCGhQiB35jM?%
z&)TSv4tIn^+$Tai4E~_yoA?#w9-^f)r2-9~8yDvnO|j+Gf<JHST|s#yK~Y9UjCOYS
z_L+yUdixf73{lPcYE-r)1yjrK>$EJBiKzr>o^eI>z{*4?hm;o;hB(dMgJWW|>QknF
z_%w5)rDyBoCK8{rt!)vnW-QPmX!~2=*$1!bA6D;mx3wR-wKH0)RIEVjHjb8FgzPp^
zzOhg~se2HNiZ3Z7Ubl`-o%%IUb|pM7ra6GsC86HS>(&9+spA$#EQh1wyo6KDEO0iv
z&0R{=uEl0)?~{zQ?VTx9ryZ(fCzVWp4zL~4RUC)B4<o$q8z)S83^|X8((NYOQNn8E
zR)?NVKQ|-`UTZqT%uegp24W|L<k}gP#+EIac&jW^{V$m4lc%ZCr=_T@lIK7A8t@V6
z#Kt)7!V)GP^omPj7=IiK)p8&*@!=~?R!cjgdJre+7iyH_!uH?~;u?%h#>YW_juCmn
zTeTgXQ8}HV>l-5)|Mh?V7j6clh6750sE^QyV$Y>Lu*Qe8i_78m9)cR@4s<uLyda9V
zqB!szKP`2OUq)B(r&^9Uf-HC$qzNuA&pw=dQblh$M6nsWs%D&q&-`jbgjX|8qixDt
z&jP#}&y$LrXpIzeP=!%*sbKYg;Jc{Sf|C{Vq}ZShobe1_fon;)2H&ESY=<1%XRsXN
zOWr!rzDsM3Xu~LNPxujO=M{8uEjNT`hmi|YCUCqD$|(rH&As5RV>zm1IZ|C&tjLwK
zQQu-LdZIolw1WzBD@`56bItw#$~v7}r!+vrPDehfR}d#0t%R4bki&m}&|WZ@u5b=i
z6IJqWO8KutIXaZ%VJL?IX@KGjllcyG-<fS4i*3URQkWbNz$SranaDuFw%w>7><f^c
zNpx^u71SR$O05M%*@SeYVYdva*TWrpeNG;k?U3vmo<rUwnmIGx)Rch+S*g~??qX?^
zn?Q-I7!xJ4#F1H8MT`o6t%axQzCcr~dbLo;uT|;BIW<Fa6g-t1!=YJnSp>(#5ZBL@
zmFHb*d(h^0C3oxA6z!WfJ3J3*J#SvPGEob^VF~HN&)`fI5j14)hv=B)FdF4u8F<Xc
z(~Hj^#>Xe`4VXsw=kXOfWmn>iHeRr^y>l?!-W~3YE=Svkqy58w-R=L#wHwhwkw~6b
z$RL8z;5ecsi*}Jr;69~R2d!5PsWQQ=FA(c@fc+s&e_%P`O>Zh@a!(5<426+d+AA-x
zXDyXufzz^;z0RJw%`U|K>FhFfiz4)iptNEIbMqc`PIV>TS`C#{^=^Jj3k;$0lN#U7
zs@&V_iB<l}==p?y|8Qb^fJv$=@zp2#OhJw9Hd0kpbSA1yykps|A;7^5n{5Q@{D9j*
zZ2?wj$_Levt*BaqG4q-%J&dY2k~at{lqXM)`IT<P!7+GfjX#{9jNkvat9KvHj{kh}
z-s(}pj@@dp5~gQOnF9@5)2G;okAG(BqB6NF>Owdij@8qD_jn&JpFw{MT$PORV1Gne
z3=DYmNcm=U?K-~0rfBKee07py<j}@McPf7Q8?&`ZLz3IIMl`-;^UUR}dnU0A<b`_G
z+w8e*^x@E83o=~rXKa4n5RRdDFXF9_^W{o{V^Sq!1P|B*v=GHcVIXTW@a@DWQ2U&M
zbFCYv^L)5}#;(Kx5ZCy?<&_I6*A*ZdI~ySyskWa$_0GUE{sBrn;Hu0&+lFB5mmwJ1
z&<Sog0#n<?&RAX9vsnn`ia`7;gd5CY?RBdTEQ|Q|&Db?H!!hO}oFsuaM11uJGFqd`
z^{l9WO$X{g>LsnC+eR5(t`>O_ScTtUy`q4VG#Q_NlB<8PeB2Ysnz{42L+N>b7o4oZ
zX&vES=JAUE`p^H*T0)KuFbg{pe^8VBftphmxKKBNH#6W0R*F1WG1U~pTWRBP9<Cg2
zq$vg}CBGDg?TFtS=|Oj~aAweU&0D2uLY#7}zb}kwn%+1wAcvb$t?L*JoxzC2`hySJ
z)8{IGwi&`WfnMaYc?|^luCFfjLVRe#7yV7i_7@<W-EtNHGJ@FKVS}V#D`d6Tw=Pz`
z*g;~mrIuNm>LrzPXP{9u9s2X>X@6kxVBI)$oOo;M#;Yx~_x{w`S_;Y8-qkdisoA{^
zvA31d5&PSf<;yi&3(lTtP4O(v3_U6y;cn!AgZQEmpa3?{ynW{Ecy$6jzK0sgP;na3
z<w%o`fYRLk4h7_`T=JXWQ}|Wam<AJGl19>5&uzOZ6t#hy+{E!RI^5c_m+mVYF7RMp
zbQ&x+s)EV_KUPDj3P%lnN>i%jWzv>7y*RVp9BhxQFPF!bSsj%Ntd~dkhTEgd(azz2
z?)KrfERSj{EHMGG$ajwC4e8oiOV;$1Dxd{%!vq0qn_^FSRP`cxeDx30c06z}nLT#4
zx5+6O%NwP#DUUe4jAvd3!e@vB<4N*#GoE<%$$U<F@EK1VkH*$$Jj&I;bAO-NZJPD5
zC5w(%;lW_yPA;a9pjNKk(Qb)kPJOt4tw2bO!5D#|N+p!7_@&C!$w`-!Ue)S^R3aq3
zRNOil^|YJj*mDss&JQDLpdx#b(tyl{<L^|h9npOkb51fLHCb5@U0B+vEA9Fa)pw(m
zrJxC8nL;XlK$OlF(C)lR3_>DrloYX%kC?ewy6dTnZmN_TIzu;#5=V88Y|8b2v|3m2
zAr)<uxnZB-a<Z$4E+<#a>E?_?zI3-H>m6Wy|6Jd$>UD>YsNFlD8EUW%sjRxt_&9_|
zY3~*_!Isr~paSsy>G}`Bm`zc&u4Z3Wv(LG&XXKu%@fT-hH9L%7xp3E>dj99rPqLhU
z;l!5sXL=KzbK5ip7rJL*GsYx;zS$DL*-}@(=p3G={l^<}DZOSTd|~{OP(*zV5njy-
z_-#|(dKPF^M+NjCA}5Bl;TAj`QvwnC#<^jfV9NeeI*mdtLohd1j#9iZ98GrblRcEE
zl0tV$4JHrXmrnDv6*jzR83w_;q*@Q&k?d#!r2-f0RbA=+r<Lw=<1Ao*X=TeJT>&r@
zz(^&#_|V&eSPZFMi<NcfOokI1^4CHQj?(7yQW5mG&d$4NN<pYAz;^}s#}(j(OsKV_
z?0KLS<lAu{-|Tdtx<sO3fl^nYlfYMS<4p0s6$0B6;r+$fS|$?_MO)vT)s{G>!xbJc
z*1~~<){PdHeJcVdo2!0*!luI{Dv&Eb*`YR?OCd>FMCvKbO5I?^76*53#Jy#oFc^Qy
z75Y(Cs_|46dRd9*mR8!0kh$y~lFmhY-fVAWvOR_?g3{wbPe-*HD>PB^xWkmMc}nsD
zsmYtnoy?Sg#CcSVVifh}ldvHA?pCJo#twbRu=HqxF{ps%UR`Z}x`$uHdZ~*4mj@R7
zm-2q6><0?JP(5$4^eEyPo7#Qlt!Yp8yoJoB2c!F(@3B_0FSo81q|cVP#4TB)vqdJh
z&^p3vkOl0V(DAgolkpl%Ov0X+Jb&@2GSQ`V@Gk{r@Ulq-INV|9`}e+VShNt)99^5^
zTT~=XO};IWr!*IT%4BPDrAyxfv90ek;760u+nkjxR#gq$0Q+&kQ(jsk;`J(9J-Jbt
zU^XnabJK=H;Tt4QW##s|ONlzd&#tJ`V7o+AKqP2QE+S6IQwxhp63b$nVWX%Ozpu5q
zm9FP4w8J$a#clk*9F|yi{D_DFTjq%nl@h|bM<o-2b~+n>q9IA%T4M%(rF^V$2nE9L
z65p3v)9Q7a?1D|4sSO$h&r^Pu^c9daD0+L&AafU{+{B-vaEZQ3ArgTKY1+PY@&oL1
zL={ezx?<vp+dAv>D0=WmGGWax?i*zacp;C4Kro>p+V>L3gFV#3zdDoQJ6S5QdSBDB
zRN+*I&F}+%T{rKW>QJhlEu#+(4Ei7rZ9ftgBT_ML8ue1k)boq+@N9hY+3InpT6_tj
zBqE58!QX{lmxja5*jXKp@B(p!)@pM-tI#KYl!OkYs^x<4AuTUBC_y9is2l|z_%7Fz
zMmorqv{N@_Aby%9__dwy%K$!(m<C@$1!-~?P9w2@&4dpUnOwrhllP}zJ|dZ*coyj}
zasSROmjV=ck2nYbT5E_0QFll|8a~{9Vc-o2GO%U289IUhIfy@T-vQX_P(B20xpO8K
zY+vC^2*nvlUBl-{<e*rMG6q49Ur@vB8Rp<OP2<#~IM&e$9j(yO3XhY|uGFL=GRj2b
zisFcWR>)}2AUb4s>mZ3IK_bp<2<$J^;VIz**~{5;;na`t!sh?q-nZ^HjwEaTKTkm{
z1`Qc4S&}Wgs$8hWs%_V_XUdo3OV{)+76L`4ERHErOHy{J2Mz46eSqB``#}39=Seo>
zlF1}R*>bhpq)avjn6h<sWMtgFFCwVYGz^1(2e_!NxCgfySwHtL(UXVBG7P>gpgJ%H
zgDma$gnonA-R(SN$U4RngZu{s4*VH@a0~UPn$xg`E_L?`)27V+X!E`e7kW%bE(A|Q
zN^zxwDm13DeTC3x;rJzt9iF*XLFi3L{7~H;<3_gdMyk8qkXNvc7p)Dq$lP(1i|wd?
z*CCSxJ;_kW7YN*%wN{+`CIqW6MtiyD3TdUwg)i<y-`VZ){D37kLiQPnq`Ah4s|5Uo
z)hh&HEKI=16u4_hfe?#K5I^G_lHGtenfcgmgqdCwvQ0->izE?{-V4?cGVf3&s#ugv
zw+tKkD=sONF?J~Pj)*Fc*@LUdxzPT9`tK&<APEF=Kj{eIdughTKA)|oc|V%8_df9y
zWkQ(?I|LIyWrOS{QCTJ)GqF4l%~DFwSBo`WzE<kE4EB~xS85P7A0av2`LNn|;yaJS
zbOR=xB&l~<4G_ANx8UCL2)quYYnYbsF}^YluoPk@c#&8GD`*uJkxJuCwN_Do3pRJ<
zY+2XgLIq_w7?ZT{VJyOwdrL~P%fSi`-lW}lG}cYN%>=G}h8ShcHP9A<c*e#jqxHG>
z0-xv3>aM^EFJM=7JHuBac&OeW8V7S}u0}GHPnGWw0p{kkP3bW&HP7Hs*{}pHQMtW5
zgNJA-Ix-5bwy9B#lt+Oh?{U(9rg*nY4#kVNkc>d3nM4zm5_~78pl^ID_3hOpgcPgt
zDP}=}H4wOv01>!v!^p6Rf3P9?STheEWgaM%$zvTH>jX{Oei3>OCu$#801*w9zHC*8
zig0y(dfn>uh>HOA<_V3A%r3xk=VIVu#|x~}mMOwyF5@G60Z$(Q&zanR&}Q7Jl5q~|
zEe3xu^R0^BmJ>eyCB3o$Lr&vFury4lu#ORiGIV|VXt-69QDqouuQD-ymJD-!@0L2`
zAgrB-IC=h&X$M+C5aqUUfMq@H;LloA04qc($+;C%Xk}E(<KXaM7D6Z-;i)u5>x?U8
z!0AUu8wfnk8lul0gH)-1C8$C=31Zi;H;McBsK9w%;Oj9Ubb`su_iPxvLA5WB01nrS
zU_TacWi|z{s(A*_;2EfOx7DN?@LvyX0}z0oF0w4gN{EI=?<u1LQbG5HQ@<lcd`s+B
zR)-qqRB*L)5k#tt$v=Z3?qm@HFehoH>}s$#fSG_fKN#V^9@Aof2bNmY{#T-fzqhsY
z<?qdt`2G85Pn5$d7fU19E$Zm=MkAzb?h8yuc-`W0VWK>7L6D<G!pSf#)siuyo^H4;
zU})NGmW*z()XPDf*3HeyQALD_V<o^8JqnFJ*G6IJ2)A2$4Q}?b8m<`Gb3eBJc6EN1
zKaikeik#iAZeYTHrg)6B4C=IM*{(gKF}BhOwEr2s^49bMZ@&SkY1x2E!6>3Ak=x3G
z28S`VxKiTM6^9DSi0@&Z#sJnB%;vt$(<@?YI`{oHKrjo#hIwYQw~ElTxEY74mNd0O
z)gpX8Jf1h%ABN$hP{3Ogr%VMv7$EZO_GCLLru{f^1p~}~Eo!`vVq+|ncINGL5HvE#
zr*IT1dNP7g%3~OHl=8*-{>kwEq-5m_`_A5+LF%Ojx#8$j1?0Tx{W%52^iY1iwMiiX
zIhGFr=+&=Kw|helb@P$pciUY9g#5vt%syH_aXIC1;rPTZ(wd+RCwO@U8}F_K8|NrP
zQ=fNr(BI2{<FBpGE^oDez>Ox-=7j*u!!-l5dL7#L!UsDW!9>0wY}gabIsf1PwYnS9
zm0RPze@uKO!+YPds+JSj(*y297Cp}7#09<%1ifIqGp8_<&S-4IQLH$RCZTaS7!T;U
z_>Z{{ewT(jLL++1356@8W@jG7!9;}73T)RE@(%@nqaMNLT=Q$y`0k&F?@sJHiqLb;
zy$N&amAVL+nd&N@s0^?|VZ%_d1?z=+(IBlL6JcX7!U&Lh+GE3thaEotgT0X25(cvw
zW?cd%7oaWyjy2nuro&2NxTxl;e$6{ySy`r#lJQL5q{kIDdP-GOszMw-n@2&6X%Za(
z54W^`-Wc!)LoFNLw%Bf>UE$xH9v*I~6kK6;4g{H%K<Rc;{lm=Cfv&kE^TKftcq9Y9
zzxUXWqQHlg(0HpD9Fihz7zb1dk?z*Sg!P35o9?xyaWaqYT9stl44g+nRttd$HWaEz
zlYn7sUfy!p{9+N}UQx&Xf(S9y0}BJx3KQXfC5@d&jh}~D1SJccxh6rVf+g4tBrP@f
zroljUMG4BOqQUEMTe{-57+a0i``oL(MBP)T#z^op2I=qe%6)K!9nA%WC`Q;}1}Pld
zezLlq?GGQU!~PK!uFZIan{hO*kA2j}duab^Y$7mc!WvH{^fZ)NR8?*UjXBGSP0VV4
z^2mo`<8p|S9!AjsXhL})6E%>x<H7c5^Mv8H6n-G4_m7Y+6d8K>x<O`vN1~Y*-$Afg
zZYZya(2l<mH9cd{_1=bPsox<Hl{U?V4CO9P&w|NpE<*~TfGw;s;KT`CGf;7&ap@1Z
z{y-KPs}5+N6M5=4OnhDdZ@msG^d=;K%SgAWb1AK4i)us}KS}{w4Jqtol{NyT49fl}
zAJwM=C@i%x8>bRcfMR(%1~F{vG)T&Y(pz@BRsfA3uT0}8IK-He%$^D~RGg6?AXF?m
zxKuR`?jBB5x~(ct(67Q~!se*@qs8-SR~Qr&v8U?WDKpZ6@J?6Cv5vh~C|rtvDs-tC
z0-uorkW+MqnX_oin_0Oh$Eu%8?eAc#mYe`}x<C3c&-)bpA*s*U-LlRCOTZj|UIMI4
zTiX%1ksTKas6vOdhna#pyEGUsfp<PK$SDY)FhsT~TK5(x3_A&B!GNJI5!t#t{`Xd=
zyMvIGLNWVvM9<?d^krC$KHxxqso;;Faxk{)Fc~iTzqUGi$Yi+S20=YTdT3AY21fUj
zo*W7fv{Y7tSEnTp?rvkYq1U{IKPJAC@fxb5xaEYme@Qp8Yjk^-J(p-coB0cVP|JSl
zxEc|<vsLGo9$zz`s+K4Dg8t#pGJ^2^h+aCMQbkt1@{tC2-Pe9kf6Q8c;9DtlVsm&8
z(76sER50~nEb<U0V<lRmSj%wMx{#{?YTJi-_6v(O29`rEV7~ImgTXg4mj+g|!;PeA
zb=nkUtCDPn8u)z<@j#V>f~m;bPc0Gd!&ZVqVRBQp>K}tkqH4<-k7zb$SEKEE_q#g%
zc@rTfxxa}pkop<h{$OZ-`!F4&5`yb(S%+7bpBYb1&m+eYQA=-8R9&2nf3)Bwt!ui>
z-pCSD`E-YJbQ)@0_pCpwEVx(H@xQ&E^}<BCUYm8wQfJqh8g0PP#+4uk;3}5lYc=vd
z^T43{%7lZ$B(7`PN@Jt>WMYSlHXCp&nG2vMmB^4&k)?&!XVnIO!?h!3bEJI1r@c;R
zyVKb+=^*qOQqeIzsff(gf`N<ktM3{pz_O0W^(x6@^^MAPhc{Q(=cil-%pA?9ojrL7
z&8)_MTDk$rF)g*VJv*;>6UUY;Mu&6LLzm$U`YF2&=HB%0)>vk2B8-ZrBNQe%)m<Ov
z?*dl}>ZM}yS~f_30CL8{o%_PoUE(@-X?T-~a6S073^eg!q8PYh#<RhtG6oY5^T(<<
zv?t^V(|+0Q4CM9oCK;(#L`sjXpjU10Xy#!5JdCEv+We=t$g8E~*_g{ScOYo2agIet
zL3tCCGpP8vDad1~@$P=A1Wmh))M!k5>4=s$<fV%vIFem|xEz3JXO`-o*TF(!-J2O}
zMhjr_ZX^QR=P(fozF_w2p<YEP#gj4V&|D&~HH_!9P;w35V^h@WEdbfO)~S65IfBBa
za)z|`)<UbZDgdL$(xcih@~eO!SLkrXaP9pJuKiCW+<8+>-rDo&3j7K0cW-CMIyw8L
z|K;Rp@KgVP?C*pA;o<qs+4W}Jqmm)qQ{L#ZA;K#yzFi#!E+?RAE`-<h2%3*hN3$GN
zC<GHaX!*F1;>)`x@u)EPlyMZy3ZNadSV5oj@a-^^uW$laq=4^HXwM<4pw=Uq?}Wh|
zq5$>19s#@6b*!8GUl#06wnnA5!1G=noa`%)M?u|xQ%m1qQzbGQ)HJnCuY}h@pH?6@
zaOUt7`MXtDpHyj6fR!2$uL1E#g!O$R+WEei6?*H3+xX)rYY)owm5>}xaEDx?MN@d=
zoDd?%ZE=q!O%99}Q~86Gtjt(1rJW<9Rmz5Go%CFzC8ZJ)uCehlVB`Bm9sk?u)-Ozi
zsRr18bREvd6|}mUKN2x?fUHP`5F5zA<(xkezDu=PFmrmWEF%rRlw4J$Jr06M3ucf-
zNqLVd|JT})|FwF%ySuITy<V@iXZ*)|RulJter9QsFFK!SY|kpA&&8tO7~3qP-z&~L
z2LqR%D|{d0g~}Y+OC#Tql@*4$6(+?ekVz_kZeX)tl$*0wL`;_u5(*~?nlVgNjG}wb
zRurXV&Wz?N<@S0DcaDHWTdM6GQE>;y-ni6Vn~)E91=A}d<%J14cYJy*<(gFD00w^2
zG&)k5r38|?EGFkD+A#KPp93~Hp-lnb%8lh3YcRDr#hK<w8LhplhL#3t!2%^nEn1*|
zgM8b=oyMy8=0)nZ;H_G^OCR-}oKG>qqvVZL1`|NO#G9fKZxW70?SXQ7^gJ{c6fT=y
ztf=ZgqEi)vVBeV#EXJ$4gbmbWnYf*voSmHBoHnhi>;Coe>G9dMl-HO3+2L{1qM){E
zeZKkfMg10N4q$Ipci)DzZq|tG+e2i3tE|uE1mS*3w<4Q)vZ|*>S+q>Z7*vl@#o7{K
zxvG1ZN=S&^5&CM`lc9Gz59XTY1+A#C@&<WZVr<`gLHG#%darwoYXtUX5!iIQF=DVM
zORdJxhm4ojp|Y2ajp;#Xpy#MDAEi1hv>MFv?!1CwH>Dt7W2!Z#`iQVz8dKeWsT8LA
zNPG6v(?}{Ir5YD411|dR4d9|B=@~9eluzKJs>4?a@sU2q1d*$V=oA!ZFLj5cur-Fx
zy5Pc4ra7S7&Dr12&cB`wu7ABaX6O^1`MfUEB&vj=h4VP_T*9g45eE-2a8tZ84qe#M
zAmsKk5UC0Dr-S;ZTDWky{LZ(3Z?BAq6ejd15IV3AQx|P^r0fZAE|cyXj0|}1lpZ&*
z{@KR9m-a*k*-&Mb_THP!d_h@vRfL-u8&btwQ?mlbx9)_PA#{gRi&2~r!c(j5hfGyf
zTvSo>0e?El+QjXP?m{o??M`>07c%_5Fws2H4xGAHcvq9v*^Z5MK8EIh>8jG6Mfx`;
zDUR=9T@VI_nB!W!w6BrR^fb>_e6yX{U#LPd<u>yP7a&v3AKui!pFL?%L-}C5Nn;C3
z4L0B8)%<c}1dR9GK+p*iI-Eq7h&%VS(bs(+$~0%ZCMpzpfUOnn#$2H$96Y(a)H)1v
z6}eiimtL$YbcaHxOexKON^0BEtIwyAJxZESU_pFHw31CJSHDRF`@0*8Q~Gucwk6d~
z{IBO?SHD*b&3>P1DCVh8Lzq2phl>MiVt-RqwsbYL!5v^&7R@}y%UvOu-Vo@oWKgz}
z|Aq*!oKSXUmARZyrd}Lw^nR)-bMqN&x5I<N#oqvPN^idEyqeg5=YXy~ZppW6sUtQR
ziWpV=Q^v5Z0Cz!aLZbnC!y_uJ$%nS}8)FPoL)(8Qv`v$=v6*<r<FGTQ4l|6hjmMJ!
z_x#z@%(boI>`g(?YB>9q;B3{>n(=+90ohF}Z{X)nwK|Dw)cYwZ)u?wFQ1ACe9sk=y
zy$ciNnyB}aXgA7#xFRw;(o?I`u1r@5l`g7D*RX<AHJgd4i+j?*0wsn^ZEaSIv=6We
zJI@QI(bjvl3zpiqE2Fll=HD0V@qLnIkTV1u$qWqzG~lwPZ${%FXP9|uWJQijLx?58
z4GR;*228Im{64FF!g#OK{i6)lLlT~M3A<JU$}Lz_S#bw{zY+SAHrg_2`3t<fB7$Ch
z8=oZa(3IUEqo~}zSrPFqHI*wM54%^}%E_C)J&`bOX#+8<vR+FCoBC~N*AxvjhG*jH
zT&P2;3Nect&cSwFkCt2-v^$6bHl#RMYP>pAA*S8QagZ%ukpJH@6Nfd?<(;L^xW%Il
z^Qwu;Nbv`McDKF{I^W&0u5g&5DnUnP4cfASywL_CL>Pjj(zQ%`>dn;p;NgN3XAn7P
z=BMXIHKkC#8pX~-u~`$3gyT)5zNesU{$-=vY3@kpD)S%fFI`MXa<rg2DE8U;^~vX!
zyqbVxe-*=V5ZopESv^-;?I0FYXEC@F3z|26-?JKjG$+vDer^c3S0mML2&sPi>RL|h
z@t1T@H3WLnVS6Kw>^+PIql3{6*4cxx0lnnYY0_vS_=@g)=2KPF6}~53`@#yn=#GY7
z!=!C^lF4&S-qwnQ^z*Uj)H|JDABhGHI5RZBItK7USdQ)c@L}*c>x6E#o`u0Z^tEU`
z$SMhcIA)*b%USZrXnE4L!9_@-K3BAq8ezPrn(sFR5~(DB-FIMC0-UEVh^7omTNxBp
zXEv}dtAT81NF!BkdW!+unbfgah?~I-P!~p^A>9_nd4eU<OL8zbcm{~}2854nWCED7
zYh_|PycIEGlICGlLM*$6SbPyOKNb-sncYr*g};(cT^RtoKlFSr29l9<y-@CX2(;hl
zI$V@(l*onw_e@QfD#j5SGt)N3S{Dmoe<-}%Z4K>6Mru>lV5Jm5jfo{YoShqN^M9?O
z{IAt>9H;f(b={UQ{!^G%a{c(l2@(DBxPSDkdLG|Pe$vU=pnq|p9^;0?0RR^2U4UhO
zp+@+HG8bQLt7k_tq6npC>$m!RPX970^1g4SSF1(XKT$}xRAE|hC6;frv<8Z>pu>B!
zEoygUzuz0}_gZ`Jy6;-Oz5SimaChXicAO9UyQBSmdt~otrR@PI89QSU=}?iaMMItx
z5ZpfXUb%a;xSI#@kr7U-o3@NfCS%Kg3HL}mc#*ArB`{f$kZGWsOtN+<F7y##n=Pv}
zF&UsqOLdPc?K2fy3b<vr=5x>Gp1&-^1WMYkKU1N2MKxOP(~9~yU<as#JI5{S&q>zb
zhU~Pi#$zvZGv1V=b7LI~RJeF7G}%L|+w#3T!K%4GwBHTicRQ^QuI;wEUANnRdfyrL
zTAhy5>5bgpZpV4Qq_pat_#=8%5xr7dP(mqJl=b(kuJTtLEWCDFS)d><MJrNReGq!L
z9wg|gz#y&G$(-$s`Nc#F;%sXteE_sq&58jgjKIjsR6Z#nrl3TwCdwSe1JpBlmTGei
zrr7jdl_&z6i3rP2WTAOIo|>nB-T6Rg!^4Y@ZZ5u@9Lnf>fS?il^W^-DW-6{cKD-|D
zNEo+Ae1ngK1Cx^flZ$oLWdJB}gmC@k61;LCN&VG?`gIhE3Xq8&5&ciV7aES56l<|y
zgw}IKzOT(>)4<|EgE+8)3V$5h9%KHOpg(H<0V)~Uk?gyNcnYu$HPPRHM^!h~=5Ck{
zNI4S(0%-*sqLG_V3wXc1lZFz0uqU&RRv*uVbuP+d3hb}N6v#ygQ#=8_4IdMZ$tumL
z97$j&MH0~9o>3t+rjw|UG*ho>TIatUUk<*UoSs~72nbtq2HqfNpfcK9PSAL53IUQ%
zRSaWbEh~=gk#X%gi?x$~McUie^%!en(l<ExNe>W%2z$atA9iVj2rwN<#X2%-4n|_B
z_PvUSFoTX7AS2Y>@UOx_NZ?^$BZyE2ojm?svsCVr9vd}>3DZX}(my8JcCUy3%P@81
zg@giXW=U$N0BWWgR;&Fl{V&It*El2;!LO{Qjy+!uV*)u*xJwUzZVED1Ngl&>mYXoP
ziCDcBxgn3p0LlYN8Z_A{q!p7J1+i8FZZ=p7%u2|T6{zt*Pc|?Gtm{nd(m%L6&W<~L
z-`cTzPOCTC8MW;0aIe)J!7tv452J49RSQ9dvK$f=|5i+4796Z9^Q3O+vVZ~7XS1gn
zj)p-+tc1XNx&gs|ky-3rJN721YX%sM3aA>2QU5+dvx_Tc^6DZ{QEFtQ(PtL=ixLsv
zFy&#tQ#>ZKg7WaUtMjv!yoYscPKxWWly@k8!|`eV<jb0r2GquTPdoslW{KVa#D-?}
zN`Lynk3Ry6dEaaGahw-;ph!>QUg^Cu05oX${8gP(fx2OTl+$$)9Yl|)Mb{XXjT1a0
zWB6;BzkxDSZ*8iQlW+%itaYIx(p^ICQ+Tq0-%B6H5{D*R4(IiaN)mSps#fd$PoVc7
z6Q!?JdxdK6)~fwNsy)rpB-U1IGV7q+sM|azzA^D=_uPC6d&iw16kAWJ{b8;4S+z&G
z@8uz*omGl|p1Zz0N%t!vzwA7OKc?N8V8~KR4j3W!m*D3=so+Pog6AsuyIR4Ev)oFT
zVLHM>>L9eZJ*mmZwI=6k@`u;e<Wf}SOHD$#Of`b6&TmoS^MiFNoo5Is`XHe(@L=7b
z5@;)#Z<MTaZL521)cR8l-%O09ex2`}nigK@t<=|l@2Rh!*#>Xu+`nN>PA?&WY0fUJ
z06TyQDz<YceW@e=7=zPhheJ;~LLjOjPzB-mZ4kn!=-~oQ1h1HwPhq^u?bQ1%1!#Os
z;};4%^Vnc*?7gU|Fi%in3_Z_T{O|?HQWyPSL9?6I#mU*=%lYBokB^$x=ga=h(ctr!
z{$EXhG<*pvuh1q4rpN5&(_>V@jnF`-y0yRdFV9ZS{@OmgJh?tO?0?ye8&&gQ-ZBs7
z&8TTP847C?UQz@CgYc3*pVd4UX0qV83`K9UW}zoTg4mc7Y)sL>Ri=vUm{42z7f5&+
z3feJtD?=yY*36a-WVQ&~85<iQS()x>F$Xn&YD`tXw&uMolU*P~b>csFl1j}?DL*r%
z5_tb3(=nKEQgcdbPRSn=SZ~Yv$&N$@)l@?T)D+eOvpQmCV2T$&6A$u<0m7N1vB$U2
zM1Yw;2bxN_zzRA$giSHx#j;SkMJdbG(?ksN;VG8KQ|077m6HpvAr~fAvxeMVt|6;`
zIk=?;u}h$nY0cy8aZR>Gt$f6&sFm+Uluwl`)+9aD+P8w~P;1{av`-;OnF&%*AYqty
zJ%&Q9jjL%1Gz+#&9E6f<p96J2$MzM`;2{iPh^|aI)}<NL>bRO)@G|OHiXv#Ki3I6_
zWn>X~okL98H<GygP$b(d8p@4r{ZZzBKtJIMEPWj=1A(QNFX9`wh2KOE2TJy8r1U0_
z24FRy3ZfFaq{ONlR;l>9^$1;nSpwb^K0S^7>o4!yLxEeptl?s2M+z*Ef3pj;x{unV
z@Ly^EIUAzXH4ESg7JycU91cL{lBo+;A!Pq}=eX7BA+9g~d0>4BZoR4XAOGure_JP0
zdC8%&DR1I5vgxeg0mYa%er?ZY!VYmT4X&y*9*ZoPLcJMxsbu)S*by5dw~|5swI-Jn
z>P2~bIK(1v3Ayy>$xbX88?-z=I5&Mn3d;>e9D0K0kKTJW!pPDNd()+tjOD=v#%|Z_
zFbpCHhOo~ebjN}3%5NiNv?$+y9`<VmBg>miguA3f_g>^N7Q{QMXF(X-{^|`KEgbhD
zZ}x_S7bPYR$O{fq$4x8Axyj%lfUO6qa{?GnDi^Gt)<7r4)aHnb$Lzq$4Ynx*p$4?6
zF8xsW;@+OdmW%TT?dk0co_kFqc=<IQ^2Ba|Gz8Hh?%_bg#85cqH<T}bNHc{^5ReaZ
zY6MUJQC{p$@4tv|GJ^HRwi8UOwl%S%J4i}mtV=)|@(_eB)h3Xn0Cc5jE>aLYa;RkT
zB42{}3uqI3mr5YUG8erzwseD#qWMVX2OhGy^ipm(1&<bZ*j6-wq4hJF4UGY9ZoowA
z`#_4a*V&O7=+({V&nJg}C&1qQd~<emRT;7ZND|B=6m`H{POZMQR?=(YjE0n)c4caC
zc{DgV>mOd9{Bm3k5%spLLmw3j;tz-uL^2XUy76%kDpui7(j`Dcf?^fj$sh#TgFeQZ
zss7<;K8%3mf$!`48#C6ZSl&TlT5t%)BUx52kG)NYO4P!MG&!GtR#<rK>{(&u3*Mz(
zq&#QwoXeC^G%)T8c(TlW0SVqyE+(UHSadk>rbTUVD2)z29d4p-rcBg<vQYqXn6k%7
zCv)tWH{L=mXz%W9@AiON1<q4`($t=)_DxIx4ujE12<vJb%#xKe{9L{C25L*E$Crmc
zcXxJsd-{2fGl2PjgZ!ku_j==P>Wdf+qZc>wJ^EM2>S=D0eeg46ey<&Uc9%+F7*1ho
z^IUp`DRv;_0ZUHDR0EEw(5Okx!n3Q0Ao2b^BinoK^#hrL2^>H+h%jUvxc0*ORsPpH
zJ#8H!Ixg=;@YFM)+We{81S;tO|Gl$USx>Wy-;ty4(SQ4Y@6-!IMIs34aPKB<#^$O3
z$g|16f`3=Vj9f|0b;en7sY*u1XgK8F!K#qtdx`!%j0KLwuxY6kd`aoUq56htbVbBz
z%oWmNFbhm1lE!e65$%?txno=<LE!58zL^T7E1Y~qq~AcyxP_RpGZqe!hNZGbPB0TP
z<9nv5w{LBK`C=Gy5kUJ<IxQRv+ZCZXgh4OP0fd?dM~&vb)xZtEG*1z`<^i_fkV<f=
z*%Qx+n)5e+q;Fw!DI#hb;Si7|o>dio;se3ZV!;o14^q*nCJ0kF6Vrj%LX-hEa8=1l
zhQxfD23Z&{v3(e|0Mi>Rt&XUpKqkp5s3w<eh?Z`DJ{@9jyNeclZ+nM=k;wY+AOG|J
zbUSOY9oRBOJSiSjCVC7_s~FQ^FJU@d08Ercg!Kj|+_^4)`Be<B0_RS|7O<w$ppv{W
zn{g>>Uc(#WHB?A%%ZWQ{76ZC$eAf)z43$gt)lFWFO2>nkRX{v}+*2`5Z52}?6t>^O
zsoXbz|G?xdLB1nv5=avtgg6cfFdk@kOfeBokB?4nPLYei1HB{TGaZ6KkhqC@<OE?T
z{1@(huPR;Pd?uz+PYiJf(<%FW26&BO7`gh<B;HF7!2#$mm*DYCPJ;|0=^QDEx8tmm
zhQbl@b6lmAv=3%ekgA%Yu*6Wn(+8r<5Yh;Ly{J3|!hove09}>9dXeOwrU5}U%j9?D
z5e-sBagCpY<*kI&c6qwS*bb)vd`I&c(A=cJ<PYpL5@UvR75T_PyA93?eATuMI*amh
zf(huI+C0Vj%H>4Mo8rtX)#G1{-7me=Kndk@g_>=%4BB~W-ICPeA(a@>_M6rnI0sgL
z!*JlZ)d4L%fvQAn%)Bjvvg{N13|=ttf6K&$-I9RD32_0PzG5uwnT&;HsE9A(GGza{
z<>JDGcpO1vi5HC@3DDLvY3U8##ybQu{ELiQu)nYx$wv_v>-^&Q>~%ME7bo(o*bZZ4
z)QhQn<2JN!g)R+YBPWnZN4W!L`i;DQZ`f@%b%O`RzTEBb@{DN9JOUm>$4(0NjG^!L
z7i{O?lhx`mwtR&+pYj-xS7e>M+kXGy5z@&uyuyngA)H+H&#q3cJDu(dvPrMo?fzl1
z$=55&&B2!Dl1*M6YA;Y#$U|hJ22JZiEm8=4A|;QZuxSfNMps2x0jyo0i^Rr%sWjU(
z`)Qvc&6O|g2r78m4q0{>O0yJkrHRn?ipcO}3af16Bq+`C3B=V!?t&sKXm&zcQFAE@
zEMx<82c9&N`$yjE^6iTh^hgR%I^Cw?VIpsVWdo=rx=)js5J_vDH3SVAWXjV*(31Ka
z0>_z$N_BOjf_4Inm<{&K@PmwhfhIHDIP8kBDq+x}A4DQ!6_ThiWkX}~hbqNB{BnME
ze1zUOnCs##_Rnw1RN7Kg3YKf}YgaXRnYV4m{|yZ8Y3(viV2F}P6Q?gQkYLb7=$;r^
zed96C!d8=(wXBGq6C6Ug8MeWS`;63rL+OyF^VvauUIfLPA;i}K6c-$ScrGM1Q;4P`
zg5u@x?yx)3C?VBsf<K#0AWzHc&t|@wsnD1H(E|tx;<uqpKSdnz9EIJrhy}~n;b7hS
z0C3ZnJUpXf<b(Z$eDFCG;y3Qg0{m7Ha<aIt%1M`cv&aCz>jy-3-;4`YGZEep6QQa~
zTuyx1pe3l@&Lm=lfbnyG82l!ryN1QyQ5p&+W*GdF;tF^N8JfZSxq2j%E7E-=#<{8K
z2P*g1tObQ(AQKVlMbIKQ<CRShW6u}dybsaI2*2P{vlEv7v>&ahxV7VqgV~S>qr`*-
zzTRoTQ&sa+Q!$^viV2vZpe#X}q+oIrJYM2$jt*P44?OB4rD`~T2x?P6sfuzG5@G_B
z+_}C^uoPAWR?`zIf%x)#0~F9$&o5yB*67ZkM~ZT=L|O2?DYP3SaR^ems&Ww$wo4m`
zQ=wL>{g&(9da*J%gCL$^eej}xefTp%9U!x){Vx{%@9o!b8ZDG^kUw05nJ!Uajcm_H
zPDTXgJoJY1SlwiQjwE=11au4ZIy*H{V2u;+?)OT9^Q|BX>~927pkN_BVM3mZkT%)a
zGvG+KO97Ihu%lGt`-sA_1deQ)HjbZ&E%^I-jW}4$^XrSP612$|c64T+@Xk7O;KjpW
z<+)JTyz<)cy7>%xwqdAlMdaD%7{3tez}_|=7dd;y4dAVRLbaMROq@5-dv|%FcPi<s
zww!QpdTxoMp?Q;f`y=#fyI5i8lo)F(g0kXQo|;jZARAX02C@&bNiOU8N$RR5+O=tE
zDFrgR*=?}KPq?}I(y!bqp#j4spJqzBBC@&^FnHnFUP}!aBnPBuhh6E1ww9Sr7R+tL
zHGf>+a_5+TIHjvwOU>5bGl8!ZRm@TY`B=xq6@b*_9v!e{%J0i(Bh`F70Bo88AHert
zv6xLyY3hnPbmFCIpsCM<^QQT7v?pP?_?hR4Ojy26Ik^0DVQ!%dJ^!2^s6STb=Z{_b
zEgFMsOe;)PY&pi`Nfyez4HwT18A_q0n~UbF*#P^0+dEc+4tR@~Aat!CEpv20gV2;I
z5uN#2AJ&5S(fq)x;jFm~DT73=_T=ek)6~m~q51C;H2+dSKNJBXeh|g-RtCNlS%WXk
zRtg@CgiM-F&hU5I;{WvJ{P6F`N1JhxY83wsq4-r(-g1Ji>7fE4o(V+{O9!I>d<DVk
zeFz$VZifSs2i1mmkMkgX^VG<&XXgwMxU2UnGdEFwjfnaZ*Vu4CAABz399ID34-42f
zBvL3bD$mz7IsGW58~_L=)CkB&rZC_;U75(B^zsRyC-9aqCx{wFL5H#n5`r1*I@iMk
za<O~Xs!aidDi6>DfVzy#*ND8T?V~;B{KxixLm7eMu9u(qKFRp_kjT%kUh^vwgEt!1
zGh_~hyGK%ipkR-<J2Z%C)KUJXtwtoOjvcTzdgM(NWZ28$G2DtN*jJ=nU0(HD=l$ag
zDHSJN;G)NS*incQgN%MAW!`WDn%)Pi3TD1MhFE-y71_Q9<kwJu?*3k}Sn^YV{JV{R
z0OU&|#4OH0adZm;r0<&64e_qoE&N4(kgEUrb`%eAS?WN#4SvE-XJ^0F>9soD>+a4$
zrz8LOUrPf|6n03@h2A+>9i&RJ_=AY;Ca!iK$UkEE+U=ReYI&{$ZG>VZBiN}!Wm!n^
zwo+a><%fa)COxf=;|-)7@-*mt#Z6Ry?PSLik0vv_w<;oZnHtPsA@IdbzHyo1v>ZAH
zgpD=CCLh7!{b6Je0$a=m+KD$3+>-0>L;zCI=5t?ZHPnRQt)_X@PtkxdVo+cHnU=A(
zWXsD2o@7_7off|dF)414ZY+g6WT5@F<$5EuTd@(~f@z{4moWd4e7~`&)wSk-EkXPt
ztfqPtPgG^TMydn^t3x7~diTnW_QknS0!(?K0#&haGr)ma2cv)yD{8E-YBVNjF`NG7
zITG-U{>2H`#3IX`Q|B#=r-*dfKpjBd768i|WuI4r|1SXkn;C$H#PN>k(31`UKKU7O
zCqVvJ326RUjIdNIU3L}etNO@)NPnokD-%lf7BjxX_e+`6nZ57>TmB_V_wWlswE@&`
zY~NGq1;~>)O9eW{#S3;<)p-6Bcs?n?{&tU>@w+?EgX)b^B-!;GeX1BR|K0@Vc|$nL
z21Y9*aEUhugarjN;LfyR;O1Z?gv_fR@P-hPSS=s~Z)v=TH1(TtLu#OZ{!Ib()mG+m
z;<3wZ_bAn5*AB&n#QMt&c^`Vd58sB)rzw4RG!K()KVd9i4!}SN=y|9QxCz5kA|mdo
zBX(pqfOF<zf3X^yPx6LH#=a9fnFXvl?VB<?s?-oYUsT(|`f#EaI4u!om}WY9%?-Hb
z9EJ3VCSKX#($YezmeRm~RMLxq4CBIESQDTuKuSjj0?K!F>wIZ3!5W!=?#TX1NC1*S
zmF$^@<mTq&NUbi=8$L{f0z`(P5DBpCS`8or-3Rj3y-v?MJHH-$KEF9TdetIOsW5lv
z=|zxQ=<@gG0sKyhI3U(`{ONC3=Vw+!9s@3jlwyYT-4!Ey?#C8?JXpi=Yv@LIf4>|^
z@+vs~{YJp?#R~BcU8iRv^myCo3R(^0%9Wwjy|7bw8gH+bAhZO~Nb8t7(LT(d^BR0>
zIl(eocgXyVbe@qXvDe0vN-8pyfYnO1N<!(Rw3gE<IZeE&H<?ccGkZa%is5nj|0~T_
zWiDakGkJa-d2NS(3$^9lsIdhzk_e3?&`@qN(;I@0|1lTx#T?0B9DS~X2MQiOq=E-?
zk-gpvu9`$*Ua$kWBIQEVA%92@wE&7x<1$2KNg>zx_6y+K5NoHZ&gqW!6s<B-eTFLH
zK_&=lg0pWvT2Wjw+%O3#$4WJ|iP}Q6{D^a54%UZaY~Oo-GPQaL!aMmrAdtt7H-23G
zDWpp?JB$SK5%FiGm0JjvC-+vrDm6x5>oDGRc$(7J2G(3Xd}C;8H+8j*8*A|6fZew#
z+Pe9m_`B_{b!Ea+$pM1ODxiG5vGrN?j)U0t2RMTG*}7ga9Q{Lrqo3M$z(rXkpd&d6
z^()$V0oFi&deS-c3@3iWoToOleOpE<11WA#UfE4SgKHH1?V#w@R^@U6rW!+^*mu<Q
zu1;eGaQ=fm3!;zus36Lr)1n8GBU_s2m_4@Dp!+Ng?mbtY`eY(p4>B!SSu(VpJK%&0
z6%_It%BRV{YMr+D4T&R4jIUqKhfwuRv?Lc&r`eHzNO5TKwCtfhy;}vjCvk=%h^kl?
zh@e21aDj%YqGb8vJayU>jHd?IYjFK3aGeK-V8E=b9N;dWtQ{P`ideGm2M_X+(Qo+1
zP)#7Oa0M`qemUXLKOKKL|2jB5IXgMMIjsf`jevf}EDa3to4|fU_s+w!S_)Dl5$k=%
zl@MEh52oJHkb2y6hh9A)MU7?d1WWb68DQ4eLRLF`1y$^eng(m?AFacy%g?QAxa`n<
zA*S+`&_*c@ftcQVVK7DK(ujnxB4`DK7yw>Vch|39#(Y<lwyX!|f7l2(zc3*-&N23r
z5iyu6Y?tCf`V$!cd@@nx`0wv5RR=H)V7~BwJcM>Z?TO$Rb?<XUj^hftcAuDB%kK6&
zmJldM%_G*)ODDfIrXU>NTwR}^syPT5?}hEl<k(v1vgUKo<->)jJsnBoG3pGf1h7kC
zXKTVPyCvXk6fKAq6WNobtQLn9NBTC^B3V)8sfb`2{|-ekE@7gVlqQrWb!}OfqBRnK
zu`|{M5apyB=*#&hUfa%Q7>XhQ{Kg(kK36kAK3Y6?iU<d~1V&w?Zeq`A6?B{oo_u9q
zLUF+-H=9G`asc~JbzN&XRBIbvUWX`Q7+c7gVaOq7&`=r1q)pMF971UjyU6K7G&zi8
z_TEn4P_3E@g|>}h97jYo9kA_+sa=szPU(QHbYc^G&1!%8`thyndavtV_jAAZ^Q?D0
zKh~f3UFp4)U21C8-|fj$bU#oa@5<deTixp^FtaMkl-L~7<-(5+xU9FoD98Vf?$pz`
zVcEoDji;10g8ICn?z5_%DmH^|=A3(_Rx>rY?^wnS65N|HQ)y8Xf!X_gpKN8>6V1Gf
zC5gK}<<wSKZ=c=Sk-adOo*=QM>ECII>w4J9Wov8w*Q_^dvM2HRMeXmC{Y@t@kH<Yz
zI~cd;Jv{7%zb4#eV!WQ|z3FK-MRq%4WMj#z_s#G!dCVX}gH#rMO(%O|&C+0JEY<Z|
zm2^|Q_3F^ay0GF#iv0%n9^nbqqZi#N8_&P$u`o4Qu+SdLIpSqM9Vru9+iC=>SpVT>
z{arn4(AxF=Bh@$lt@UXNo3<ETG47%sjq=F2uTYrvx~g$$$LClKJNvLcUqxp3L!cxw
z*9Xsje#61V0nw}UV_q!ww!~(Q(R0(cs8O9`v>=zphhgNw42obb;(Ql0lFv%_CDqy8
zv5qcqeEImCG6P<R>?mfuRnL7OX$p_^^AbxrKBO6$wEPQGU5@oegqmgFdc)(J9pWb1
z|H5_K>M@druu>H=3rG0NJNd;9rnX#dFW!q}ow8GXVD@r1em}cGseuZL$$^bVpN{{K
z@Y|E9$Xo4)jPLZ5Wk(H8>(s9+YIGQ~O3@N<2L^8BS&eVHdrDFmDIHSG*3&Ljchgh&
z#j!_2IS=o1_$*^U>CP}=eb7jC#Ht+|R0x4nUi>AIr*TG8X$o;~Wzx@Y>kTbCyiYDC
z1!O)t>b4YdNY`zNEzGEp@iSgH)$T14+N_Da*Ty2r68DaKC{5+ZOby0#66MP$=Z;5z
zem8&j=z)4K(A!Q{KSYm@BcA;|faO19u_wif@XI?2SRckK4``%@9{8So(&lEGZ&wd_
zWI~nVWiZofg%Ocl)1o*Pm*yv~M?ajD9WLAv`8**ikIAuTw_rKua!-Vdj?>$grwoD>
z72brnVDo%~xgVIT$M{U(;POhUP9epIs#!{|qbMiF^&B5Or(3M<o6iaR>0_Uq(2Xl-
z?9@;1>es!^7{Z2|Gkpf+_dFX2O1x1#EOOrcz=UFdiRL$+X5)R`Z*)lW-CNDFmY1)?
zx7LmOFXal@n`TXAWb#Fkr`<0<SFhNqJA$2%o@*_-Z!sHES&1vF5MXM4@Fl{rhIr9m
z4r|SiTShtH_^b~+gYgLq;!tEfui-w-yNA<ynd#7pB?U&B9N5k*nsQpqSwN1a3OC4=
z&wA(I=;))wSqu#mMAjx37O<e*5_I}f!p7zHPetq{lbiHcK4o@kWQA~&e!#s5*YF@$
zDU10*oDJoDMCZR|$H+g9`4=q82f8L-BF(>|wNGBn(sraPY0`%79bBv{wf!^9Rw7oL
z9WD8y_Ts8Px9QJ~3bVE5Gvhy5CtiN-dgSKbD787oKRz!MFVozdC8btF5F`s_g<jbI
z0{ILSY}EqEl9I?R+=d54IWfN>S~=Aceu)P-c3*@Lk3GRGAL%G>%<kWj-Q9eQQmFSJ
ztY0g&v_RD<#V2W@uhO$LzAa-JIXTf~A0xhXXY=sYP)6>K)1^{5hs(_;HB8hR-edG^
zqjXshG%EUVRBpYKw~_CvnVP2IG*G-f|E<Rpjqq)J>_L)c$(8#$0f8-{7bXa}|7h$p
zWhc*RL~&lIR1>1QB|F>6O{EyEQ+slp7ACoLyz~i~O=pJ9x@Bz}B+h?~*Ou>={?+rz
zzLxAFA!mq1N%MOg?6;+)j&_6jPLLn)(Bo{fJ5Z`BD-lX4@(wx|YShrZ=0@w8{x_4(
zbTVqOT`xXM$DjMqlFoa5O<7mc3|BSQYro2>i+H*`tIwtT(EM!c8G_gNZQ@;R(P#+W
z$#?wZNuTp0ZMAXFH#>i*yLGL4gPbOpxx9Hw@tb89?9>6b<<J$zYy<=`5KuM(c?lG4
zHvwHJf)z>NI;s+pKnEHtB!h)7F^)MXN2x6qVEPMXNC9Oi)k^_)zj&2cfwwEc^)P=6
z_z_iDZv{>(J~%j^4wT?#Yrv8`fxLBdDj=gEm<lXWP(%fe3gSNSHn&u_SPLNj8RTDt
zz|2p~iF?LJ5`xUI5TuB7(${NL0YLGQ(Ltn`SXNkYjOnrPFgIrjfQ7^j2cZr3RSZFL
zD>q6AI;;$*+5olxX}^m$Ko#UG!!0&ITl^I8fDO<D?^WPWHUN(j8n!@F{i+s#n9;#u
zF{H1_(C&s^kT4k5f{)k&b-cLrlDxcft^@=jo5~=SmF!|LgM-U#0RdHcv!3b{Alx`I
zzE!p2;pd17%`Hbm%##SPJ`Lc|Y3G0H=G;Tfc`^{BEcRTvY<1uu8o(38C5Yk|1>r~}
z0U25=3NfG(0esOM;NV?$Kpu6ZIpyWvKpYDYN6a_caUwiJ`)5@!c1R%)^<h&xV1!n-
zPfR3ifREYzqu`1OXG2)<Ujm&%GloARQ_xHYrw=^RLNeJS@Acc-CyZe`I>4i<|6jX>
P37kR)B$=ls0IBnDr~$@T

diff --git a/functional_tests/roost_test_1777467397/roost_test_1777467397.json b/functional_tests/roost_test_1777467397/roost_test_1777467397.json
index 773f931..8b9ffe3 100644
--- a/functional_tests/roost_test_1777467397/roost_test_1777467397.json
+++ b/functional_tests/roost_test_1777467397/roost_test_1777467397.json
@@ -919,13 +919,13 @@
   },
   {
     "type": "security",
-    "title": "Get account summary enforces owner-only access returning 403 FORBIDDEN",
-    "description": "Verifies access control on account summary so a user cannot read balances/credit details for an account they do not own. This blocks horizontal privilege escalation via account_id enumeration. Automation: HIGH — pure API assertions.",
+    "title": "Get account summary enforces owner-only access returning 403 FORBIDDEN (and no data leakage)",
+    "description": "Verifies access control on account summary so a user cannot read balances/credit details for an account they do not own. This blocks horizontal privilege escalation via account_id enumeration. Improvements applied: stronger negative coverage (different identifiers and query variants), explicit header/parameter handling, response schema assertions (no leakage), and logging/rate-limit expectations. Automation: HIGH — pure API assertions.",
     "testId": "TC-SUM-03",
-    "testDescription": "As an authenticated cardholder (User B), when I attempt to retrieve the account summary for another cardholder’s account_id (User A), the API must deny access with HTTP 403 and the documented error code.",
-    "prerequisites": "1) Two active portal users exist: UserA (owner of account_id_A) and UserB (non-owner).\n2) account_id_A is a valid UUID belonging to UserA and is retrievable/known for test purposes.\n3) UserB has a valid JWT Bearer access token (unexpired) for Authorization header.\n4) API base URL is reachable: https://api.aegiscard.com/v2.",
-    "stepsToPerform": "1) Authenticate as UserB and obtain a valid access token for the Authorization header; observe that authentication succeeds (token available for subsequent calls).\n2) Construct the request URL GET https://api.aegiscard.com/v2/accounts/{account_id_A}/summary using UserA’s account_id_A; observe URL contains account_id_A.\n3) Send the GET request with header Authorization: Bearer <UserB_access_token>; observe the request is accepted by the gateway and a response is returned.\n4) Observe the HTTP status code in the response; verify it is 403.\n5) Parse the JSON response body; observe an error field is present.\n6) Verify the error value equals FORBIDDEN; observe exact match.\n7) Verify the response body does not contain any of the success keys for summary (e.g., current_balance, available_credit, credit_limit); observe they are absent.\n8) Repeat the same GET request but append include_rewards=false; observe response remains 403 with error FORBIDDEN.\n9) (Abuse-path check) Attempt the same request with a different random UUID (synthetic) in place of account_id_A while still using UserB token; observe the API does not return a 200 with summary data for a non-owned account and maintains owner-only enforcement (403 with FORBIDDEN when applicable).",
-    "expectedResult": "1) API returns HTTP 403.\n2) Response body includes error: FORBIDDEN.\n3) No account summary data fields (current_balance, available_credit, credit_limit, etc.) are returned for a non-owned account, preventing data leakage.",
+    "testDescription": "As an authenticated cardholder (User B), when I attempt to retrieve the account summary for another cardholder’s account_id (User A), the API must deny access with HTTP 403 and the documented error code, without leaking any account summary data.",
+    "prerequisites": "1) Two active portal users exist: UserA (owner of account_id_A) and UserB (non-owner).\n2) account_id_A is a valid UUID belonging to UserA and is retrievable/known for test purposes.\n3) UserB has a valid JWT Bearer access token (unexpired) for Authorization header.\n4) UserA has a valid JWT Bearer access token (unexpired) for control/positive call.\n5) API base URL is reachable: https://api.aegiscard.com/v2.\n6) Test harness can capture full HTTP response (status line, headers, and body) and can log request IDs/correlation IDs if returned.\n7) A synthetic UUID (account_id_rand) that is well-formed but does not correspond to any real account is available (generated at runtime).\n8) (If supported by API gateway) The API returns a correlation/request ID header (e.g., X-Request-Id) for traceability; if not present, capture any equivalent header.",
+    "stepsToPerform": "Control / baseline (prove endpoint works for owner):\n1) Authenticate as UserA and obtain a valid access token for the Authorization header.\n2) Send GET https://api.aegiscard.com/v2/accounts/{account_id_A}/summary with header Authorization: Bearer <UserA_access_token>.\n3) Verify the response status is 200.\n4) Verify the response body contains at least one expected summary field (e.g., current_balance OR available_credit OR credit_limit) and does not contain an error object.\n\nPrimary negative authorization check (non-owner denied):\n5) Authenticate as UserB and obtain a valid access token for the Authorization header.\n6) Send GET https://api.aegiscard.com/v2/accounts/{account_id_A}/summary with header Authorization: Bearer <UserB_access_token>.\n7) Verify the response HTTP status code is 403.\n8) Parse the JSON response body; verify it contains an error field.\n9) Verify error equals FORBIDDEN (exact match).\n10) Verify the response body does NOT contain any success keys for summary (including but not limited to: current_balance, available_credit, credit_limit, due_date, minimum_due, rewards_balance). Assert absence at all JSON paths (no partial nesting).\n11) Verify response headers do not include any sensitive caching behavior for protected content (e.g., Cache-Control is present and is not publicly cacheable; if Cache-Control exists, it must include no-store or private).\n12) Capture any correlation/request ID header for troubleshooting (if provided) and assert it is present and non-empty (or mark as Not Applicable if API does not provide one).\n\nQuery parameter and header variation hardening (must remain denied):\n13) Repeat Step 6 with query string ?include_rewards=false; verify status remains 403 and error remains FORBIDDEN and no summary keys are present.\n14) Repeat Step 6 with query string ?include_rewards=true; verify status remains 403 and error remains FORBIDDEN and no summary keys are present.\n15) Repeat Step 6 adding Accept: application/json; verify status remains 403 and error remains FORBIDDEN.\n16) Repeat Step 6 adding Content-Type: application/json (even though GET); verify status remains 403 and error remains FORBIDDEN.\n\nID enumeration / existence disclosure checks:\n17) Send GET https://api.aegiscard.com/v2/accounts/{account_id_rand}/summary with header Authorization: Bearer <UserB_access_token>.\n18) Verify the API does not return 200 and does not return any summary keys.\n19) If the specification indicates 403 for non-owned accounts even when the ID exists, verify response is 403 with error FORBIDDEN for account_id_A (already covered) and ensure behavior for account_id_rand does not disclose existence of accounts via different error messages that include account details. At minimum assert: response body does not include account holder name, last4, email, or any balance/limit-like fields.\n\nInput format validation (prevent bypass via malformed path):\n20) Send GET with an invalid UUID path value (e.g., /accounts/not-a-uuid/summary) using UserB token.\n21) Verify response is a client error (4xx), and verify it is NOT 200. If API returns a documented validation error (e.g., 400), assert it does not return FORBIDDEN in this case and does not leak any summary keys.\n\nMethod hardening (optional if API supports only GET):\n22) Send HEAD https://api.aegiscard.com/v2/accounts/{account_id_A}/summary using UserB token.\n23) Verify it does not return 200 with content and is either 403 or 405, and no summary keys are returned.\n\nAbuse-path repetition (consistency):\n24) Repeat Step 6 three times in succession with the same UserB token and account_id_A; verify each response remains 403 with error FORBIDDEN and no summary keys are present (no intermittent authorization bypass).",
+    "expectedResult": "1) Owner control call: UserA receives 200 and valid account summary data for account_id_A.\n2) Non-owner access: UserB receives HTTP 403 when requesting UserA’s account summary.\n3) Response body for non-owner includes error: FORBIDDEN (exact match).\n4) No account summary data fields (current_balance, available_credit, credit_limit, etc.) are returned for non-owner requests in any variation (no data leakage in body).\n5) Query/header variations (include_rewards true/false, Accept/Content-Type) do not alter authorization outcome; all remain 403 FORBIDDEN for non-owner.\n6) Enumeration/unknown ID attempts never yield 200 or summary data and do not disclose sensitive account existence/details.\n7) Invalid UUID path results in a non-200 4xx validation-style response without any summary data.\n8) Repeated attempts remain consistently denied (no intermittent bypass).",
     "apiEndpoint": "GET /v2/accounts/{account_id}/summary",
     "httpMethod": "GET",
     "requestHeaders": "Authorization: Bearer <UserB_access_token>",
@@ -939,19 +939,19 @@
   },
   {
     "type": "state-transition",
-    "title": "Freeze card: PATCH status=Frozen succeeds with valid confirm_otp",
-    "description": "Verifies a card can be frozen by the authenticated owner using the only supported user-changeable status value and a valid OTP. This protects customers by enabling immediate self-service card lock. Automation: HIGH — API assertions with test OTP fixture.",
+    "title": "Freeze card: PATCH status=Frozen succeeds with valid confirm_otp (owner, Active→Frozen)",
+    "description": "Verifies an authenticated card owner can freeze their Active card using the only supported user-changeable target status (Frozen) and a valid, unexpired 6-digit confirm_otp. Improves robustness by explicitly validating response schema, timestamps, idempotency behavior, and post-condition via a follow-up read/verification step. Automation: HIGH — API assertions with OTP fixture and optional GET verification.",
     "testId": "TC-CARDSTAT-01",
-    "testDescription": "As an authenticated cardholder who owns a card currently in Active status, when I PATCH the card status to Frozen with a valid 6-digit confirm_otp, the service must return 200 with the new_status set to Frozen.",
-    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_1 (UUID) and the card is currently in status Active.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel and is not expired.\n4) Test environment supports observing the card status via subsequent PATCH response fields (card_id, new_status, updated_at).",
-    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm starting state: card_id_1 current status is Active (via existing test fixture/state setup); observe recorded starting status.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_1}/status; observe path contains card_id_1.\n4) Set request headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Set request body with status=\"Frozen\", confirm_otp=confirm_otp_valid, and reason=\"Freeze via test\" (<=255 chars); observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body contains card_id equal to card_id_1; observe exact match.\n9) Verify response body new_status equals \"Frozen\"; observe expected state transition.\n10) Verify response body includes updated_at and it is populated (non-empty); observe timestamp present.",
-    "expectedResult": "1) API returns HTTP 200.\n2) Response body contains card_id, new_status=\"Frozen\", and updated_at.\n3) Card is now in Frozen state as indicated by new_status, confirming successful Active → Frozen transition.",
+    "testDescription": "As an authenticated cardholder who owns a card currently in Active status, when I PATCH the card status to Frozen with a valid 6-digit confirm_otp, the service must return 200 with the new_status set to Frozen and a valid updated_at timestamp, and the card must remain Frozen when subsequently verified.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired) and the ability to receive/resolve OTP for status changes.\n2) CardOwner owns card_id_1 (UUID) and the card is currently in status Active.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel, is not expired, and is eligible for a single status change confirmation.\n4) Baseline timestamp t0 is captured just before sending the PATCH request (used to validate updated_at recency).\n5) Test environment supports verifying the persisted card status after the PATCH. Acceptable verification options:\n   a) If GET /v2/cards/{card_id} (or equivalent) exists in the environment, it returns current status; OR\n   b) If no GET exists, the PATCH response is treated as the source of truth and the test validates response fields and (optionally) an audit/event sink if available.\n6) Reason field limit and format are known/assumed: string length <= 255 characters (as per existing test assumptions).",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token is present and unexpired.\n2) Confirm starting state: card_id_1 current status is Active (via existing test fixture/state setup or pre-check endpoint); observe recorded starting status = Active.\n3) Capture current system time as t0 immediately before the update request; observe t0 recorded.\n4) Prepare request: PATCH https://api.aegiscard.com/v2/cards/{card_id_1}/status; observe path contains card_id_1.\n5) Set request headers: Authorization: Bearer <access_token>; Content-Type: application/json; Accept: application/json (if supported); observe headers set.\n6) Set request body with:\n   - status = \"Frozen\"\n   - confirm_otp = confirm_otp_valid (exact 6 digits)\n   - reason = \"Freeze via test\" (non-empty, <=255 chars)\n   Observe payload prepared and fields are correctly typed as strings.\n7) Send the PATCH request; observe a response is returned.\n8) Verify HTTP status code is 200; observe success.\n9) Verify response Content-Type is application/json (or vendor JSON) if provided; observe correct media type.\n10) Verify response body contains card_id and it equals card_id_1 (exact string match); observe exact match.\n11) Verify response body contains new_status and it equals \"Frozen\" (exact, case-sensitive); observe expected Active → Frozen transition.\n12) Verify response body contains updated_at and it is a non-empty, valid ISO-8601 timestamp; observe parse succeeds.\n13) Verify updated_at is >= t0 (allowing small clock skew where applicable, but must not be earlier than t0 by more than allowable tolerance); observe recency.\n14) Verify response does not contain unexpected status values (i.e., new_status must be one of {\"Active\",\"Frozen\"}); observe enum compliance.\n15) Post-condition verification (choose the best available option):\n   a) If GET /v2/cards/{card_id_1} (or equivalent) is available: perform GET and verify current status is \"Frozen\"; observe persisted state.\n   b) Else: perform a second PATCH to set status=\"Frozen\" again using a newly issued valid OTP (confirm_otp_valid_2) if required by the system. Verify the operation is idempotent in effect: response is 200 and new_status remains \"Frozen\" (no transition away from Frozen); observe stable state.\n16) Record any returned correlation/request id headers (if present) for traceability (e.g., X-Request-Id); observe value captured.",
+    "expectedResult": "1) API returns HTTP 200 for the PATCH request.\n2) Response body includes card_id equal to card_id_1, new_status = \"Frozen\", and updated_at populated with a valid ISO-8601 timestamp.\n3) updated_at reflects the update time (not earlier than the captured pre-request time t0 beyond allowable skew).\n4) The card is in Frozen state after the operation; verification via GET (preferred) confirms persisted status = \"Frozen\". If GET is unavailable, a repeat freeze attempt (with appropriate OTP handling) does not change the state away from Frozen and continues to report new_status = \"Frozen\".",
     "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
     "httpMethod": "PATCH",
     "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
     "requestBodyExampleMasked": "{ \"status\": \"Frozen\", \"reason\": \"Freeze via test\", \"confirm_otp\": \"123456\" }",
     "expectedHttpStatus": 200,
-    "validationRulesCovered": "status enum {Active, Frozen}; confirm_otp required (6-digit OTP)",
+    "validationRulesCovered": "status enum {Active, Frozen}; confirm_otp required (6-digit OTP); reason string <= 255 chars; response must include card_id, new_status, updated_at",
     "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_1)",
     "sourceCitation": {
       "location": "Section 6.2 Update Card Status, page 11",
@@ -960,19 +960,19 @@
   },
   {
     "type": "state-transition",
-    "title": "Unfreeze card: PATCH status=Active succeeds with valid confirm_otp",
-    "description": "Verifies a frozen card can be unfrozen back to Active by the authenticated owner using a valid OTP, ensuring legitimate restoration of card usability. Automation: HIGH — API assertions with OTP fixture.",
+    "title": "Unfreeze card: PATCH status=Active succeeds with valid confirm_otp and persists state",
+    "description": "Verifies a frozen card can be unfrozen back to Active by the authenticated owner using a valid OTP, validating response schema, timestamp integrity, and that the new status is persisted on subsequent reads. Automation: HIGH — API assertions with OTP fixture plus follow-up GET verification.",
     "testId": "TC-CARDSTAT-02",
-    "testDescription": "As an authenticated cardholder who owns a card currently in Frozen status, when I PATCH the card status to Active with a valid 6-digit confirm_otp, the service must return 200 with new_status set to Active and include updated_at.",
-    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_2 (UUID) and the card is currently in status Frozen.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel and is not expired.\n4) The API is reachable at https://api.aegiscard.com/v2.",
-    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Confirm starting state: card_id_2 current status is Frozen (via fixture/state setup); observe recorded starting status.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_2}/status; observe path contains card_id_2.\n4) Set request headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Set request body with status=\"Active\", confirm_otp=confirm_otp_valid, and reason=\"Unfreeze via test\" (<=255 chars); observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body includes card_id equal to card_id_2; observe exact match.\n9) Verify response body new_status equals \"Active\"; observe Frozen → Active transition.\n10) Verify response body includes updated_at and it is populated (non-empty); observe timestamp present.",
-    "expectedResult": "1) API returns HTTP 200.\n2) Response body contains card_id, new_status=\"Active\", updated_at.\n3) Card is restored to Active state as indicated by new_status, enabling normal usage.",
+    "testDescription": "As an authenticated cardholder who owns a card currently in Frozen status, when I PATCH the card status to Active with a valid 6-digit confirm_otp, the service must return 200 with new_status set to Active and include updated_at, and the card must remain Active when retrieved afterward.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired) and permission to update card status for owned cards.\n2) CardOwner owns card_id_2 (UUID) and the card is currently in status Frozen.\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner through the system’s OTP channel, is not expired, and is bound to the unfreeze/status-change confirmation flow for card_id_2.\n4) The API is reachable at https://api.aegiscard.com/v2.\n5) There is an endpoint available to fetch the card (e.g., GET /v2/cards/{card_id_2}) or equivalent fixture read to confirm persisted status after update.\n6) Test runner can capture and compare timestamps (server ISO-8601) and measure request/response time.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available and record token expiry (if provided).\n2) Confirm starting state: retrieve card_id_2 (via GET /v2/cards/{card_id_2} or fixture/state setup verification) and assert current status is Frozen; observe recorded starting status and record any current updated_at as updated_at_before (if present).\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_2}/status; observe path contains card_id_2.\n4) Set request headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Set request body with status=\"Active\", confirm_otp=confirm_otp_valid, and reason=\"Unfreeze via test\" (<=255 chars); observe payload prepared.\n6) Send the PATCH request and capture the full response body and headers; observe a response is returned and record response time.\n7) Verify HTTP status code is 200; observe success.\n8) Verify response body includes card_id and it equals card_id_2; observe exact match.\n9) Verify response body includes new_status and it equals \"Active\"; observe Frozen → Active transition.\n10) Verify response body includes updated_at, it is populated (non-empty), and it is a valid ISO-8601 timestamp; observe timestamp present and parsable.\n11) Verify updated_at represents a change: if updated_at_before was available in step 2, assert updated_at in response is strictly greater than updated_at_before; observe monotonic update.\n12) Persisted state verification: retrieve card_id_2 again (GET /v2/cards/{card_id_2} or equivalent read) and assert status is \"Active\"; observe state persisted after update.\n13) Verify the retrieved card’s updated_at is present and matches (or is >=) the PATCH response updated_at, according to service contract; observe consistency.\n14) Verify response payload does not expose sensitive OTP value (confirm_otp) in any response fields; observe no OTP echoed back.\n15) Record key artifacts for debugging (request id/correlation id if provided, card_id_2, timestamps, and response body); observe artifacts stored.",
+    "expectedResult": "1) API returns HTTP 200 for the PATCH request.\n2) Response body contains card_id equal to card_id_2, new_status=\"Active\", and updated_at (valid ISO-8601).\n3) updated_at is newer than the prior updated_at value (when available).\n4) A subsequent read of the card confirms the status is persisted as Active.\n5) No sensitive OTP value is returned in the response payload.",
     "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
     "httpMethod": "PATCH",
     "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
     "requestBodyExampleMasked": "{ \"status\": \"Active\", \"reason\": \"Unfreeze via test\", \"confirm_otp\": \"123456\" }",
     "expectedHttpStatus": 200,
-    "validationRulesCovered": "200 response returns card_id, new_status, updated_at",
+    "validationRulesCovered": "200 response returns card_id, new_status, updated_at; updated_at is valid and updated; state transition persists on subsequent retrieval; response does not echo confirm_otp",
     "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_2)",
     "sourceCitation": {
       "location": "Section 6.2 Update Card Status HTTP codes, page 11",
@@ -981,20 +981,20 @@
   },
   {
     "type": "negative",
-    "title": "Card status update rejects invalid transition with 400 INVALID_TRANSITION and allowed_transitions",
-    "description": "Verifies the card status API rejects an invalid state change attempt and returns the specified error code plus allowed_transitions, preventing unsupported/unsafe status changes. Automation: HIGH — API assertions.",
+    "title": "Card status update rejects invalid transition with 400 INVALID_TRANSITION and allowed_transitions (schema + value validations)",
+    "description": "Verifies the card status API rejects an invalid state change attempt and returns HTTP 400 with error code INVALID_TRANSITION plus a well-formed, non-empty allowed_transitions list. Adds stronger assertions: response schema/content-type, immutability (status unchanged), and guidance correctness (requested status not in allowed_transitions). Automation: HIGH — API assertions.",
     "testId": "TC-CARDSTAT-03",
-    "testDescription": "As an authenticated cardholder, when I attempt an invalid card status transition, the API must respond with HTTP 400 and include error INVALID_TRANSITION and allowed_transitions to guide the client.",
-    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_3 (UUID) and the card is in a state where the requested transition is invalid per system rules (preconfigured fixture).\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner and is not expired.\n4) Test harness can capture and assert response JSON fields error and allowed_transitions.",
-    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token available.\n2) Record the starting card status for card_id_3 from test fixture (e.g., a non-user-changeable state); observe starting status captured.\n3) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_3}/status; observe path contains card_id_3.\n4) Set headers Authorization: Bearer <access_token>; Content-Type: application/json; observe headers set.\n5) Create request body attempting the invalid transition (e.g., status=\"Frozen\" from the current fixture state), include confirm_otp=confirm_otp_valid and reason=\"Attempt invalid transition\"; observe payload prepared.\n6) Send the PATCH request; observe a response is returned.\n7) Verify HTTP status code is 400; observe client error.\n8) Verify response body error equals \"INVALID_TRANSITION\"; observe exact match.\n9) Verify response body includes allowed_transitions and it is present (non-empty value); observe field exists.\n10) Verify response body does not include success fields card_id/new_status/updated_at as a successful update; observe success payload is absent.",
-    "expectedResult": "1) API returns HTTP 400.\n2) Response body includes error: INVALID_TRANSITION.\n3) Response body includes allowed_transitions, enabling the client to display permissible next states and preventing the illegal state change.",
+    "testDescription": "As an authenticated cardholder, when I attempt an invalid card status transition, the API must respond with HTTP 400, include error INVALID_TRANSITION and allowed_transitions (non-empty list of valid next statuses), and must not change the card status.",
+    "prerequisites": "1) A test user (CardOwner) exists with a valid Bearer access token (unexpired).\n2) CardOwner owns card_id_3 (UUID) and the card is in a known starting status S0 where requesting status S1 is invalid per system rules (preconfigured fixture). Example: S0=\"Closed\" and S1=\"Frozen\" (or another explicitly invalid pair as per rules).\n3) A valid 6-digit OTP value (confirm_otp_valid) has been issued to CardOwner and is not expired.\n4) Test harness can: (a) send PATCH request, (b) parse JSON response, (c) assert presence/absence of fields, (d) perform a follow-up GET on the card to confirm status remains unchanged.\n5) GET endpoint available to read current card status for verification (e.g., GET /v2/cards/{card_id_3}) and CardOwner is authorized to view their card.",
+    "stepsToPerform": "1) Authenticate as CardOwner and obtain a valid access token; observe token is available.\n2) Retrieve current status via GET /v2/cards/{card_id_3} (or fixture output) and record as S0; observe S0 captured.\n3) Select a target status S1 that is invalid from S0 per rules (fixture-defined invalid transition); observe S1 selected.\n4) Prepare request PATCH https://api.aegiscard.com/v2/cards/{card_id_3}/status; observe path contains card_id_3.\n5) Set request headers: Authorization: Bearer <access_token>; Content-Type: application/json; Accept: application/json; observe headers set.\n6) Create request body attempting the invalid transition: {\"status\": \"<S1>\", \"reason\": \"Attempt invalid transition\", \"confirm_otp\": \"<confirm_otp_valid>\"}; observe payload prepared.\n7) Send the PATCH request; observe a response is returned.\n8) Verify HTTP status code is 400; observe client error.\n9) Verify response Content-Type is application/json (or application/json; charset=utf-8); observe JSON response.\n10) Verify response body contains field error exactly \"INVALID_TRANSITION\"; observe exact match.\n11) Verify response body contains allowed_transitions and it is a non-empty array/list; observe length > 0.\n12) Verify allowed_transitions values are strings (non-empty) and unique (no duplicates); observe type/uniqueness checks pass.\n13) Verify the requested invalid status S1 is NOT present in allowed_transitions; observe S1 absent.\n14) Verify response body does not include success fields card_id/new_status/updated_at (or any success-indicating status update payload); observe success payload is absent.\n15) Perform a follow-up GET /v2/cards/{card_id_3} and verify the card status remains S0 (no state change occurred); observe status unchanged.\n16) (If response includes a human-readable message field) verify it is present and non-empty; otherwise mark as N/A (do not fail).",
+    "expectedResult": "1) API returns HTTP 400.\n2) Response Content-Type is JSON.\n3) Response body includes error: \"INVALID_TRANSITION\".\n4) Response body includes allowed_transitions as a non-empty list of permissible next statuses; requested status is not included.\n5) No success/update fields are returned in the error response.\n6) Card status remains unchanged (still S0) when re-fetched after the failed request.",
     "apiEndpoint": "PATCH /v2/cards/{card_id}/status",
     "httpMethod": "PATCH",
-    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json",
+    "requestHeaders": "Authorization: Bearer <CardOwner_access_token>, Content-Type: application/json, Accept: application/json",
     "requestBodyExampleMasked": "{ \"status\": \"Frozen\", \"reason\": \"Attempt invalid transition\", \"confirm_otp\": \"123456\" }",
     "expectedHttpStatus": 400,
     "errorCodeExpected": "INVALID_TRANSITION",
-    "validationRulesCovered": "400 Invalid status transition attempted error: INVALID_TRANSITION, allowed_transitions",
+    "validationRulesCovered": "400 Invalid status transition attempted error: INVALID_TRANSITION, allowed_transitions; response schema/content-type; allowed_transitions non-empty and excludes requested invalid status; no state change on failure",
     "rolesAndAccess": "Role: authenticated cardholder (owner of card_id_3)",
     "sourceCitation": {
       "location": "Section 6.2 Update Card Status HTTP codes, page 11",