From c2c74dec80a99d68a22c924e328c8732860630e9 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:03:04 -0700 Subject: [PATCH 001/161] Create a spacelift private workerpool --- modules/main.tf | 21 +++++++++ modules/spacelift-private-worker/data.tf | 25 +++++++++++ modules/spacelift-private-worker/main.tf | 45 +++++++++++++++++++ modules/spacelift-private-worker/provider.tf | 16 +++++++ modules/spacelift-private-worker/variables.tf | 17 +++++++ 5 files changed, 124 insertions(+) create mode 100644 modules/spacelift-private-worker/data.tf create mode 100644 modules/spacelift-private-worker/main.tf create mode 100644 modules/spacelift-private-worker/provider.tf create mode 100644 modules/spacelift-private-worker/variables.tf diff --git a/modules/main.tf b/modules/main.tf index 855aabf0..25178d29 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -60,3 +60,24 @@ resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id version_number = "0.2.2" } + +resource "spacelift_module" "spacelift-private-workerpool" { + github_enterprise { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + + name = "spacelift-private-workerpool" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-935-vpc-updates" + description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" + repository = "eks-stack" + project_root = "modules/spacelift-private-worker" + space_id = "root" +} + +resource "spacelift_version" "spacelift-private-workerpool-version" { + module_id = spacelift_module.spacelift-private-workerpool.id + version_number = "0.1.0" +} diff --git a/modules/spacelift-private-worker/data.tf b/modules/spacelift-private-worker/data.tf new file mode 100644 index 00000000..e374b0c3 --- /dev/null +++ b/modules/spacelift-private-worker/data.tf @@ -0,0 +1,25 @@ +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +# This will probable be manually created in the AWS console to prevent the token from being stored in the repo +# TODO: Some more work is needed to integrate with https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html +# For an MVP this was m +# data "aws_secretsmanager_secret" "worker-pool-token" { +# name = "spacelift_worker_pool_token" +# } +# data "aws_secretsmanager_secret" "worker-pool-private-key" { +# name = "spacelift_worker_pool_private_key" +# } + +# data "aws_secretsmanager_secret_version" "worker-pool-token-secret" { +# secret_id = data.aws_secretsmanager_secret.worker-pool-token.id +# } + +# data "aws_secretsmanager_secret_version" "worker-pool-private-key-secret" { +# secret_id = data.aws_secretsmanager_secret.worker-pool-private-key.id +# } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf new file mode 100644 index 00000000..dd35818a --- /dev/null +++ b/modules/spacelift-private-worker/main.tf @@ -0,0 +1,45 @@ +resource "kubernetes_namespace" "spacelift-workerpool" { + metadata { + name = "spacelift-workerpool" + } +} + + +resource "helm_release" "spacelift-workerpool" { + name = "spacelift-workerpool-controller" + repository = "https://downloads.spacelift.io/helm" + chart = "spacelift-workerpool-controller" + namespace = "spacelift-workerpool" + version = "0.1.0" + depends_on = [kubernetes_namespace.spacelift-workerpool] +} + +resource "kubernetes_manifest" "test_workerpool" { + manifest = { + apiVersion = "workers.spacelift.io/v1beta1" + kind = "WorkerPool" + metadata = { + name = "test-workerpool" + namespace = "spacelift-workerpool" # Assuming it's the same namespace as the helm_release + } + spec = { + poolSize = 2 + token = { + secretKeyRef = { + name = "test-workerpool" + key = "token" + } + } + privateKey = { + secretKeyRef = { + name = "test-workerpool" + key = "privateKey" + } + } + } + } + + depends_on = [ + helm_release.spacelift-workerpool + ] +} diff --git a/modules/spacelift-private-worker/provider.tf b/modules/spacelift-private-worker/provider.tf new file mode 100644 index 00000000..b6449817 --- /dev/null +++ b/modules/spacelift-private-worker/provider.tf @@ -0,0 +1,16 @@ +provider "aws" { + region = var.region +} + +provider "kubernetes" { + config_path = var.kube_config_path + host = data.aws_eks_cluster.cluster.endpoint + cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) + token = data.aws_eks_cluster_auth.cluster.token +} + +provider "helm" { + kubernetes { + config_path = var.kube_config_path + } +} diff --git a/modules/spacelift-private-worker/variables.tf b/modules/spacelift-private-worker/variables.tf new file mode 100644 index 00000000..54e4b955 --- /dev/null +++ b/modules/spacelift-private-worker/variables.tf @@ -0,0 +1,17 @@ +variable "cluster_name" { + description = "Name of K8 cluster" + type = string +} + +variable "kube_config_path" { + description = "Kube config path" + type = string + default = "~/.kube/config" +} + +variable "region" { + description = "AWS region" + type = string + default = "us-east-1" +} + From 84c36db47c58b3d62d65da39ae81a0ee8f3a7cf9 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:06:27 -0700 Subject: [PATCH 002/161] Add the private workerpool module --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 79a93569..7360bd0f 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,6 +47,12 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } +module "spacelift-private-workerpool" { + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.1.0" + cluster_name = "dpe-k8-sandbox" +} + resource "kubernetes_namespace" "testing" { metadata { name = "testing-namespace" From 3c08ae6758f3b7beef4e9ebee94cf9df73ae5e50 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:17:48 -0700 Subject: [PATCH 003/161] Allow conditional create of the workerpool --- modules/main.tf | 2 +- modules/spacelift-private-worker/main.tf | 14 ++++++++------ 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 25178d29..155ca0aa 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.0" + version_number = "0.1.1" } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf index dd35818a..ce6354de 100644 --- a/modules/spacelift-private-worker/main.tf +++ b/modules/spacelift-private-worker/main.tf @@ -14,13 +14,19 @@ resource "helm_release" "spacelift-workerpool" { depends_on = [kubernetes_namespace.spacelift-workerpool] } -resource "kubernetes_manifest" "test_workerpool" { +resource "kubernetes_manifest" "test-workerpool" { + count = var.create-worker-pool ? 1 : 0 + + depends_on = [ + helm_release.spacelift-workerpool + ] + manifest = { apiVersion = "workers.spacelift.io/v1beta1" kind = "WorkerPool" metadata = { name = "test-workerpool" - namespace = "spacelift-workerpool" # Assuming it's the same namespace as the helm_release + namespace = "spacelift-workerpool" } spec = { poolSize = 2 @@ -38,8 +44,4 @@ resource "kubernetes_manifest" "test_workerpool" { } } } - - depends_on = [ - helm_release.spacelift-workerpool - ] } From 324ce7f6d12c699cc5984b0b89fc5f2a5a41bc38 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:22:34 -0700 Subject: [PATCH 004/161] skip creating worker pool --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 7360bd0f..940a7948 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -48,9 +48,10 @@ module "sage-aws-eks-autoscaler" { # } module "spacelift-private-workerpool" { - source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.1.0" - cluster_name = "dpe-k8-sandbox" + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.1.1" + cluster_name = "dpe-k8-sandbox" + create-worker-pool = false } resource "kubernetes_namespace" "testing" { @@ -274,6 +275,7 @@ resource "kubernetes_service" "management-ui-service" { namespace = "management-ui" } + # TODO: Update the security group created from this LoadBalancer to only allow source of `52.44.61.21/32` spec { type = "LoadBalancer" From 4546b7200c6c15b0ddf589c804476c4f07a152fd Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:23:53 -0700 Subject: [PATCH 005/161] Add missed variable --- modules/main.tf | 2 +- modules/spacelift-private-worker/variables.tf | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 155ca0aa..7bec64bd 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.1" + version_number = "0.1.2" } diff --git a/modules/spacelift-private-worker/variables.tf b/modules/spacelift-private-worker/variables.tf index 54e4b955..764e154a 100644 --- a/modules/spacelift-private-worker/variables.tf +++ b/modules/spacelift-private-worker/variables.tf @@ -15,3 +15,9 @@ variable "region" { default = "us-east-1" } + +variable "create-worker-pool" { + description = "Determines if a workerpool should be created" + type = bool + default = false +} From d224c1b79e02c19c0625642e7020542d40703336 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:24:53 -0700 Subject: [PATCH 006/161] increment workerpool --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 940a7948..27806348 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -49,7 +49,7 @@ module "sage-aws-eks-autoscaler" { module "spacelift-private-workerpool" { source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.1.1" + version = "0.1.2" cluster_name = "dpe-k8-sandbox" create-worker-pool = false } From 0e9324b1f3071f4c1f8bda13e8fa95a09d7abc3f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:38:24 -0700 Subject: [PATCH 007/161] Correct version of helm chart --- modules/main.tf | 2 +- modules/spacelift-private-worker/main.tf | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 7bec64bd..dc1d07aa 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.2" + version_number = "0.1.3" } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf index ce6354de..de7d2f51 100644 --- a/modules/spacelift-private-worker/main.tf +++ b/modules/spacelift-private-worker/main.tf @@ -10,11 +10,13 @@ resource "helm_release" "spacelift-workerpool" { repository = "https://downloads.spacelift.io/helm" chart = "spacelift-workerpool-controller" namespace = "spacelift-workerpool" - version = "0.1.0" + version = "0.24.0" depends_on = [kubernetes_namespace.spacelift-workerpool] } resource "kubernetes_manifest" "test-workerpool" { + // This is being conditionally created because of the required order of operations + // The CRD must be created before the workerpool, so we need to wait for the helm release to be created count = var.create-worker-pool ? 1 : 0 depends_on = [ From d3d5c24421b71a748d100963670989fae39ce48f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:38:52 -0700 Subject: [PATCH 008/161] Increment workerpool module version --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 27806348..55c1b16d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -48,9 +48,13 @@ module "sage-aws-eks-autoscaler" { # } module "spacelift-private-workerpool" { - source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.1.2" - cluster_name = "dpe-k8-sandbox" + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.1.3" + cluster_name = "dpe-k8-sandbox" + # Deployment steps: + # Deploy with this as flase in order to create the K8s CRD + # Create the required secrets + # Deploy with this as true in order to create the workerpool create-worker-pool = false } From c928d8afbcce977bcdb1cb1526f22962373e1bb5 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 12:48:49 -0700 Subject: [PATCH 009/161] Create the k8s worker pool --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 55c1b16d..9c6e3c15 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -55,7 +55,7 @@ module "spacelift-private-workerpool" { # Deploy with this as flase in order to create the K8s CRD # Create the required secrets # Deploy with this as true in order to create the workerpool - create-worker-pool = false + create-worker-pool = true } resource "kubernetes_namespace" "testing" { From 5b3941641ed4bb0e442042685dc6377d80137df2 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 13:27:50 -0700 Subject: [PATCH 010/161] Add warning for drift detection --- common-resources/policies/main.tf | 22 ++++++++++++------- common-resources/policies/outputs.tf | 5 +++++ .../warn-for-drift-reconciliation.rego | 5 +++++ modules/spacelift-private-worker/README.md | 3 +++ modules/spacelift-private-worker/data.tf | 2 +- modules/spacelift-private-worker/main.tf | 16 ++++++++++++++ 6 files changed, 44 insertions(+), 9 deletions(-) create mode 100644 common-resources/policies/warn-for-drift-reconciliation.rego create mode 100644 modules/spacelift-private-worker/README.md diff --git a/common-resources/policies/main.tf b/common-resources/policies/main.tf index 54df3933..c006272a 100644 --- a/common-resources/policies/main.tf +++ b/common-resources/policies/main.tf @@ -1,18 +1,24 @@ resource "spacelift_policy" "enforce-tags-on-resources" { - name = "Enforce Tags On Resources - cli" - body = file("${path.module}/enforce-tags-on-resources.rego") - type = "PLAN" - labels = ["compliance", "plan", "tagging", "terraform"] + name = "Enforce Tags On Resources - cli" + body = file("${path.module}/enforce-tags-on-resources.rego") + type = "PLAN" + labels = ["compliance", "plan", "tagging", "terraform"] description = "This policy ensures that all Terraform-managed resources adhere to tagging conventions by requiring the presence of specific tags. It denies changes to resources that lack any of these required tags, emphasizing the importance of consistent tagging for resource identification, environment management, and ownership tracking. The policy aids in maintaining order, facilitating cost allocation, security, and governance across the infrastructure." - space_id = "root" + space_id = "root" } resource "spacelift_policy" "cloud-spend-estimation" { - name = "Cloud Spend Estimation - cli" - body = file("${path.module}/check-estimated-cloud-spend.rego") - type = "PLAN" + name = "Cloud Spend Estimation - cli" + body = file("${path.module}/check-estimated-cloud-spend.rego") + type = "PLAN" space_id = "root" } +resource "spacelift_policy" "drift-detection-warning" { + name = "drift-detection-warning" + body = file("${path.module}/warn-for-drift-reconciliation.rego") + type = "PLAN" + space_id = "root" +} diff --git a/common-resources/policies/outputs.tf b/common-resources/policies/outputs.tf index 8fba8ce8..3566a30c 100644 --- a/common-resources/policies/outputs.tf +++ b/common-resources/policies/outputs.tf @@ -7,3 +7,8 @@ output "check_estimated_cloud_spend_id" { value = spacelift_policy.cloud-spend-estimation.id description = "The ID for this spacelift_policy" } + +output "drift_detection_warning_id" { + value = spacelift_policy.drift-detection-warning.id + description = "The ID for this spacelift_policy" +} diff --git a/common-resources/policies/warn-for-drift-reconciliation.rego b/common-resources/policies/warn-for-drift-reconciliation.rego new file mode 100644 index 00000000..6e6822c0 --- /dev/null +++ b/common-resources/policies/warn-for-drift-reconciliation.rego @@ -0,0 +1,5 @@ +package spacelift + +warn["Drift reconciliation requires manual approval"] { + input.spacelift.run.drift_detection +} \ No newline at end of file diff --git a/modules/spacelift-private-worker/README.md b/modules/spacelift-private-worker/README.md new file mode 100644 index 00000000..0e483adf --- /dev/null +++ b/modules/spacelift-private-worker/README.md @@ -0,0 +1,3 @@ +# Purpose +This module is used to create helm release for spacelift private workers. It follows +the instructions outlined at . diff --git a/modules/spacelift-private-worker/data.tf b/modules/spacelift-private-worker/data.tf index e374b0c3..e536e61b 100644 --- a/modules/spacelift-private-worker/data.tf +++ b/modules/spacelift-private-worker/data.tf @@ -8,7 +8,7 @@ data "aws_eks_cluster_auth" "cluster" { # This will probable be manually created in the AWS console to prevent the token from being stored in the repo # TODO: Some more work is needed to integrate with https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html -# For an MVP this was m +# For an MVP this was manually created # data "aws_secretsmanager_secret" "worker-pool-token" { # name = "spacelift_worker_pool_token" # } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf index de7d2f51..e1a5c436 100644 --- a/modules/spacelift-private-worker/main.tf +++ b/modules/spacelift-private-worker/main.tf @@ -47,3 +47,19 @@ resource "kubernetes_manifest" "test-workerpool" { } } } + +# How to create a K8 resource for the spacelift secrets: + +# SPACELIFT_WP_TOKEN= +# SPACELIFT_WP_PRIVATE_KEY= + +# kubectl apply -f - < Date: Thu, 18 Jul 2024 13:33:00 -0700 Subject: [PATCH 011/161] Set to private worker pool id --- dev/spacelift/dpe-sandbox/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index ba53623a..4bd9195b 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -21,6 +21,7 @@ resource "spacelift_stack" "k8s-stack" { terraform_version = "1.7.2" terraform_workflow_tool = "OPEN_TOFU" space_id = spacelift_space.dpe-sandbox.id + worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } resource "spacelift_stack" "k8s-stack-deployments" { @@ -39,6 +40,7 @@ resource "spacelift_stack" "k8s-stack-deployments" { terraform_version = "1.7.2" terraform_workflow_tool = "OPEN_TOFU" space_id = spacelift_space.dpe-sandbox.id + worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } resource "spacelift_context_attachment" "k8s-kubeconfig-hooks" { From 63a6868a4d6fcbf0a72f5b68b9ab22314abf3edd Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 13:37:10 -0700 Subject: [PATCH 012/161] Enable drift detection via tf --- dev/spacelift/dpe-sandbox/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index 4bd9195b..aef280b8 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -24,6 +24,12 @@ resource "spacelift_stack" "k8s-stack" { worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } +resource "spacelift_drift_detection" "core-infra-production-drift-detection" { + reconcile = true + stack_id = spacelift_stack.k8s-stack.id + schedule = ["*/15 * * * *"] # Every 15 minutes +} + resource "spacelift_stack" "k8s-stack-deployments" { github_enterprise { namespace = "Sage-Bionetworks-Workflows" @@ -43,6 +49,12 @@ resource "spacelift_stack" "k8s-stack-deployments" { worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } +resource "spacelift_drift_detection" "core-infra-production-drift-detection" { + reconcile = true + stack_id = spacelift_stack.k8s-stack-deployments.id + schedule = ["*/15 * * * *"] # Every 15 minutes +} + resource "spacelift_context_attachment" "k8s-kubeconfig-hooks" { context_id = "kubernetes-deployments-kubeconfig" stack_id = spacelift_stack.k8s-stack-deployments.id From f6378bb37fae8491f400927f3e0f745cc13eeb8a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 13:37:50 -0700 Subject: [PATCH 013/161] correct resource name --- dev/spacelift/dpe-sandbox/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index aef280b8..fc0948a4 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -24,7 +24,7 @@ resource "spacelift_stack" "k8s-stack" { worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } -resource "spacelift_drift_detection" "core-infra-production-drift-detection" { +resource "spacelift_drift_detection" "k8s-stack-drift-detection" { reconcile = true stack_id = spacelift_stack.k8s-stack.id schedule = ["*/15 * * * *"] # Every 15 minutes @@ -49,7 +49,7 @@ resource "spacelift_stack" "k8s-stack-deployments" { worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" } -resource "spacelift_drift_detection" "core-infra-production-drift-detection" { +resource "spacelift_drift_detection" "k8s-stack-deployments-drift-detection" { reconcile = true stack_id = spacelift_stack.k8s-stack-deployments.id schedule = ["*/15 * * * *"] # Every 15 minutes From ba2dbb42d86f88ab9f90495b24c415111d9800e0 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:12:36 -0700 Subject: [PATCH 014/161] Remove drift detection from stack --- dev/spacelift/dpe-sandbox/main.tf | 14 ----- .../dpe-sandbox-k8s-deployments/main.tf | 10 ---- modules/spacelift-private-worker/README.md | 59 +++++++++++++++++++ modules/spacelift-private-worker/data.tf | 2 +- 4 files changed, 60 insertions(+), 25 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index fc0948a4..ba53623a 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -21,13 +21,6 @@ resource "spacelift_stack" "k8s-stack" { terraform_version = "1.7.2" terraform_workflow_tool = "OPEN_TOFU" space_id = spacelift_space.dpe-sandbox.id - worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" -} - -resource "spacelift_drift_detection" "k8s-stack-drift-detection" { - reconcile = true - stack_id = spacelift_stack.k8s-stack.id - schedule = ["*/15 * * * *"] # Every 15 minutes } resource "spacelift_stack" "k8s-stack-deployments" { @@ -46,13 +39,6 @@ resource "spacelift_stack" "k8s-stack-deployments" { terraform_version = "1.7.2" terraform_workflow_tool = "OPEN_TOFU" space_id = spacelift_space.dpe-sandbox.id - worker_pool_id = "01J33GHR11YSYAEN433PKXBGGK" -} - -resource "spacelift_drift_detection" "k8s-stack-deployments-drift-detection" { - reconcile = true - stack_id = spacelift_stack.k8s-stack-deployments.id - schedule = ["*/15 * * * *"] # Every 15 minutes } resource "spacelift_context_attachment" "k8s-kubeconfig-hooks" { diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 9c6e3c15..f7701b14 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,16 +47,6 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } -module "spacelift-private-workerpool" { - source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.1.3" - cluster_name = "dpe-k8-sandbox" - # Deployment steps: - # Deploy with this as flase in order to create the K8s CRD - # Create the required secrets - # Deploy with this as true in order to create the workerpool - create-worker-pool = true -} resource "kubernetes_namespace" "testing" { metadata { diff --git a/modules/spacelift-private-worker/README.md b/modules/spacelift-private-worker/README.md index 0e483adf..2e257f40 100644 --- a/modules/spacelift-private-worker/README.md +++ b/modules/spacelift-private-worker/README.md @@ -1,3 +1,62 @@ # Purpose This module is used to create helm release for spacelift private workers. It follows the instructions outlined at . + + +Spacelift private workers are required in order to use `Drift Detection`. Documentation +on this: https://docs.spacelift.io/concepts/stack/drift-detection + +Also to note: In order to use private workers you must have the enterprise plan of +spacelift where there is a charge for each private worker being used. + + +## Examples + +When deploying the private workerpool a 2-step process is required (Unless more time is +spent to figure out a 1-step process). The process is as follows: + +1) Add the module and deploy it to your stack with `create-worker-pool = false` +2) Change the bool to `true` and deploy again + +The reason for this is that the `helm chart` that deploy this to the K8s cluster needs +to first install CRDs (Custom resource definitions) into the cluster. Once those are +created then we can create the resource definition for the worker pool that specifies +how many instances and with what settings to run the worker pool under. + +``` +module "spacelift-private-workerpool" { + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.1.3" + cluster_name = var.cluster_name + # Deployment steps: + # Deploy with this as false in order to create the K8s CRD + # Create the required secrets + # Deploy with this as true in order to create the workerpool + create-worker-pool = false +} +``` + +## What is left for production +If this is going to be used for a production use case the secret management will need +to be revisited. The helm chart assumes that a kubernetes secret exists. Here is how +to create it with the kubectl CLI: + +``` +SPACELIFT_WP_TOKEN= +SPACELIFT_WP_PRIVATE_KEY= + +kubectl apply -f - < + diff --git a/modules/spacelift-private-worker/data.tf b/modules/spacelift-private-worker/data.tf index e536e61b..e00daaf6 100644 --- a/modules/spacelift-private-worker/data.tf +++ b/modules/spacelift-private-worker/data.tf @@ -8,7 +8,7 @@ data "aws_eks_cluster_auth" "cluster" { # This will probable be manually created in the AWS console to prevent the token from being stored in the repo # TODO: Some more work is needed to integrate with https://docs.aws.amazon.com/secretsmanager/latest/userguide/integrating_csi_driver.html -# For an MVP this was manually created +# For an MVP a kubernetes secret can be created manually # data "aws_secretsmanager_secret" "worker-pool-token" { # name = "spacelift_worker_pool_token" # } From 97f041209f2f7b6a2b41379856ae0c59fc57807d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:14:33 -0700 Subject: [PATCH 015/161] Remove note --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 1 - 1 file changed, 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index f7701b14..acc9af1b 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -269,7 +269,6 @@ resource "kubernetes_service" "management-ui-service" { namespace = "management-ui" } - # TODO: Update the security group created from this LoadBalancer to only allow source of `52.44.61.21/32` spec { type = "LoadBalancer" From ebd8b3da8d5ba334b35da3bd4638c2dc8b780b26 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:24:41 -0700 Subject: [PATCH 016/161] Comment out already imported block --- main.tf | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/main.tf b/main.tf index e7a47f63..1c4d3973 100644 --- a/main.tf +++ b/main.tf @@ -1,11 +1,14 @@ -import { - # The initial administrative stack is created manually in the Spacelift UI, and imported - # See https://docs.spacelift.io/vendors/terraform/terraform-provider.html#proposed-workflow - # "We suggest to first manually create a single administrative stack, and then use it - # to programmatically define other stacks as necessary." - to = spacelift_stack.root_administrative_stack - id = "root-spacelift-administrative-stack" -} +# After infra is imported it can be commented out or removed. Keeping it here for reference. + +# import { +# # The initial administrative stack is created manually in the Spacelift UI, and imported +# # See https://docs.spacelift.io/vendors/terraform/terraform-provider.html#proposed-workflow +# # "We suggest to first manually create a single administrative stack, and then use it +# # to programmatically define other stacks as necessary." +# to = spacelift_stack.root_administrative_stack +# id = "root-spacelift-administrative-stack" +# } + resource "spacelift_stack" "root_administrative_stack" { github_enterprise { namespace = "Sage-Bionetworks-Workflows" From b4517eca8e655f80468f53dbfc5071515b181d3c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:28:37 -0700 Subject: [PATCH 017/161] Add module back for 2 step removal process --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index f7701b14..6a7910c1 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,6 +47,16 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } +module "spacelift-private-workerpool" { + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.1.3" + cluster_name = var.cluster_name + # Deployment steps: + # Deploy with this as false in order to create the K8s CRD + # Create the required secrets + # Deploy with this as true in order to create the workerpool + create-worker-pool = false +} resource "kubernetes_namespace" "testing" { metadata { From d53caa66b15c57eed6620ab642c4f0373b0547e7 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:30:35 -0700 Subject: [PATCH 018/161] Remove private workerpool module --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6a7910c1..1113bf14 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,17 +47,6 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } -module "spacelift-private-workerpool" { - source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.1.3" - cluster_name = var.cluster_name - # Deployment steps: - # Deploy with this as false in order to create the K8s CRD - # Create the required secrets - # Deploy with this as true in order to create the workerpool - create-worker-pool = false -} - resource "kubernetes_namespace" "testing" { metadata { name = "testing-namespace" From d60047a87be192ccec93d6a35b9e3a7fcd1befb6 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:33:15 -0700 Subject: [PATCH 019/161] Leave helm provider --- dev/stacks/dpe-sandbox-k8s-deployments/provider.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf b/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf index 170af74d..b6449817 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf @@ -8,3 +8,9 @@ provider "kubernetes" { cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) token = data.aws_eks_cluster_auth.cluster.token } + +provider "helm" { + kubernetes { + config_path = var.kube_config_path + } +} From 910b4e57f99459b77fa749a5966d23b3d9305107 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:45:12 -0700 Subject: [PATCH 020/161] hacking around to get the helm_release out of state --- modules/main.tf | 2 +- modules/spacelift-private-worker/main.tf | 114 +++++++++++------------ 2 files changed, 58 insertions(+), 58 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index dc1d07aa..306e4527 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.3" + version_number = "0.0.1" } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf index e1a5c436..764d01cf 100644 --- a/modules/spacelift-private-worker/main.tf +++ b/modules/spacelift-private-worker/main.tf @@ -1,65 +1,65 @@ -resource "kubernetes_namespace" "spacelift-workerpool" { - metadata { - name = "spacelift-workerpool" - } -} +# resource "kubernetes_namespace" "spacelift-workerpool" { +# metadata { +# name = "spacelift-workerpool" +# } +# } -resource "helm_release" "spacelift-workerpool" { - name = "spacelift-workerpool-controller" - repository = "https://downloads.spacelift.io/helm" - chart = "spacelift-workerpool-controller" - namespace = "spacelift-workerpool" - version = "0.24.0" - depends_on = [kubernetes_namespace.spacelift-workerpool] -} +# resource "helm_release" "spacelift-workerpool" { +# name = "spacelift-workerpool-controller" +# repository = "https://downloads.spacelift.io/helm" +# chart = "spacelift-workerpool-controller" +# namespace = "spacelift-workerpool" +# version = "0.24.0" +# depends_on = [kubernetes_namespace.spacelift-workerpool] +# } -resource "kubernetes_manifest" "test-workerpool" { - // This is being conditionally created because of the required order of operations - // The CRD must be created before the workerpool, so we need to wait for the helm release to be created - count = var.create-worker-pool ? 1 : 0 +# resource "kubernetes_manifest" "test-workerpool" { +# // This is being conditionally created because of the required order of operations +# // The CRD must be created before the workerpool, so we need to wait for the helm release to be created +# count = var.create-worker-pool ? 1 : 0 - depends_on = [ - helm_release.spacelift-workerpool - ] +# depends_on = [ +# helm_release.spacelift-workerpool +# ] - manifest = { - apiVersion = "workers.spacelift.io/v1beta1" - kind = "WorkerPool" - metadata = { - name = "test-workerpool" - namespace = "spacelift-workerpool" - } - spec = { - poolSize = 2 - token = { - secretKeyRef = { - name = "test-workerpool" - key = "token" - } - } - privateKey = { - secretKeyRef = { - name = "test-workerpool" - key = "privateKey" - } - } - } - } -} +# manifest = { +# apiVersion = "workers.spacelift.io/v1beta1" +# kind = "WorkerPool" +# metadata = { +# name = "test-workerpool" +# namespace = "spacelift-workerpool" +# } +# spec = { +# poolSize = 2 +# token = { +# secretKeyRef = { +# name = "test-workerpool" +# key = "token" +# } +# } +# privateKey = { +# secretKeyRef = { +# name = "test-workerpool" +# key = "privateKey" +# } +# } +# } +# } +# } -# How to create a K8 resource for the spacelift secrets: +# # How to create a K8 resource for the spacelift secrets: -# SPACELIFT_WP_TOKEN= -# SPACELIFT_WP_PRIVATE_KEY= +# # SPACELIFT_WP_TOKEN= +# # SPACELIFT_WP_PRIVATE_KEY= -# kubectl apply -f - < Date: Thu, 18 Jul 2024 14:45:49 -0700 Subject: [PATCH 021/161] Leave module in to remove resources --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 79a93569..53404206 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,6 +47,17 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } +module "spacelift-private-workerpool" { + source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" + version = "0.0.1" + cluster_name = var.cluster_name + # Deployment steps: + # Deploy with this as false in order to create the K8s CRD + # Create the required secrets + # Deploy with this as true in order to create the workerpool + create-worker-pool = false +} + resource "kubernetes_namespace" "testing" { metadata { name = "testing-namespace" @@ -268,6 +279,7 @@ resource "kubernetes_service" "management-ui-service" { namespace = "management-ui" } + # TODO: Update the security group created from this LoadBalancer to only allow source of `52.44.61.21/32` spec { type = "LoadBalancer" From 3ada360369229e859a52c01aeb336a16c3256192 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 14:48:31 -0700 Subject: [PATCH 022/161] Remove module --- .../dpe-sandbox-k8s-deployments/main.tf | 11 -- modules/main.tf | 2 +- modules/spacelift-private-worker/main.tf | 114 +++++++++--------- 3 files changed, 58 insertions(+), 69 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 53404206..1113bf14 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -47,17 +47,6 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # semantically equivalent to all ports # } -module "spacelift-private-workerpool" { - source = "spacelift.io/sagebionetworks/spacelift-private-workerpool/aws" - version = "0.0.1" - cluster_name = var.cluster_name - # Deployment steps: - # Deploy with this as false in order to create the K8s CRD - # Create the required secrets - # Deploy with this as true in order to create the workerpool - create-worker-pool = false -} - resource "kubernetes_namespace" "testing" { metadata { name = "testing-namespace" diff --git a/modules/main.tf b/modules/main.tf index 306e4527..dc1d07aa 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.0.1" + version_number = "0.1.3" } diff --git a/modules/spacelift-private-worker/main.tf b/modules/spacelift-private-worker/main.tf index 764d01cf..e1a5c436 100644 --- a/modules/spacelift-private-worker/main.tf +++ b/modules/spacelift-private-worker/main.tf @@ -1,65 +1,65 @@ -# resource "kubernetes_namespace" "spacelift-workerpool" { -# metadata { -# name = "spacelift-workerpool" -# } -# } +resource "kubernetes_namespace" "spacelift-workerpool" { + metadata { + name = "spacelift-workerpool" + } +} -# resource "helm_release" "spacelift-workerpool" { -# name = "spacelift-workerpool-controller" -# repository = "https://downloads.spacelift.io/helm" -# chart = "spacelift-workerpool-controller" -# namespace = "spacelift-workerpool" -# version = "0.24.0" -# depends_on = [kubernetes_namespace.spacelift-workerpool] -# } +resource "helm_release" "spacelift-workerpool" { + name = "spacelift-workerpool-controller" + repository = "https://downloads.spacelift.io/helm" + chart = "spacelift-workerpool-controller" + namespace = "spacelift-workerpool" + version = "0.24.0" + depends_on = [kubernetes_namespace.spacelift-workerpool] +} -# resource "kubernetes_manifest" "test-workerpool" { -# // This is being conditionally created because of the required order of operations -# // The CRD must be created before the workerpool, so we need to wait for the helm release to be created -# count = var.create-worker-pool ? 1 : 0 +resource "kubernetes_manifest" "test-workerpool" { + // This is being conditionally created because of the required order of operations + // The CRD must be created before the workerpool, so we need to wait for the helm release to be created + count = var.create-worker-pool ? 1 : 0 -# depends_on = [ -# helm_release.spacelift-workerpool -# ] + depends_on = [ + helm_release.spacelift-workerpool + ] -# manifest = { -# apiVersion = "workers.spacelift.io/v1beta1" -# kind = "WorkerPool" -# metadata = { -# name = "test-workerpool" -# namespace = "spacelift-workerpool" -# } -# spec = { -# poolSize = 2 -# token = { -# secretKeyRef = { -# name = "test-workerpool" -# key = "token" -# } -# } -# privateKey = { -# secretKeyRef = { -# name = "test-workerpool" -# key = "privateKey" -# } -# } -# } -# } -# } + manifest = { + apiVersion = "workers.spacelift.io/v1beta1" + kind = "WorkerPool" + metadata = { + name = "test-workerpool" + namespace = "spacelift-workerpool" + } + spec = { + poolSize = 2 + token = { + secretKeyRef = { + name = "test-workerpool" + key = "token" + } + } + privateKey = { + secretKeyRef = { + name = "test-workerpool" + key = "privateKey" + } + } + } + } +} -# # How to create a K8 resource for the spacelift secrets: +# How to create a K8 resource for the spacelift secrets: -# # SPACELIFT_WP_TOKEN= -# # SPACELIFT_WP_PRIVATE_KEY= +# SPACELIFT_WP_TOKEN= +# SPACELIFT_WP_PRIVATE_KEY= -# # kubectl apply -f - < Date: Thu, 18 Jul 2024 15:16:04 -0700 Subject: [PATCH 023/161] Update to specify provider required versions in modules instead of providers themselves --- .../dpe-sandbox-k8s-deployments/provider.tf | 5 ++ .../dpe-sandbox-k8s-deployments/variables.tf | 8 +- .../stacks/dpe-sandbox-k8s}/provider.tf | 0 dev/stacks/dpe-sandbox-k8s/variables.tf | 5 ++ modules/apache-airflow/provider.tf | 16 ---- modules/apache-airflow/versions.tf | 14 +++ modules/internal-k8-infra/.terraform.lock.hcl | 85 ------------------- modules/internal-k8-infra/versions.tf | 12 +++ modules/main.tf | 8 +- modules/sage-aws-eks/versions.tf | 6 ++ .../sage-aws-k8s-node-autoscaler/provider.tf | 15 ---- .../sage-aws-k8s-node-autoscaler/versions.tf | 8 ++ modules/sage-aws-vpc/provider.tf | 3 - modules/sage-aws-vpc/versions.tf | 6 ++ modules/spacelift-private-worker/provider.tf | 16 ---- modules/spacelift-private-worker/versions.tf | 16 ++++ 16 files changed, 83 insertions(+), 140 deletions(-) rename {modules/sage-aws-eks => dev/stacks/dpe-sandbox-k8s}/provider.tf (100%) create mode 100644 dev/stacks/dpe-sandbox-k8s/variables.tf delete mode 100644 modules/apache-airflow/provider.tf delete mode 100644 modules/internal-k8-infra/.terraform.lock.hcl delete mode 100644 modules/sage-aws-k8s-node-autoscaler/provider.tf delete mode 100644 modules/sage-aws-vpc/provider.tf delete mode 100644 modules/spacelift-private-worker/provider.tf create mode 100644 modules/spacelift-private-worker/versions.tf diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf b/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf index b6449817..37d8a400 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/provider.tf @@ -14,3 +14,8 @@ provider "helm" { config_path = var.kube_config_path } } + +provider "spotinst" { + account = var.spotinst_account + token = data.aws_secretsmanager_secret_version.secret_credentials.secret_string +} diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf index fd5e5dfc..5dd7dbc4 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf @@ -33,4 +33,10 @@ variable "region" { variable "cluster_name" { description = "EKS cluster name" type = string -} \ No newline at end of file +} + +variable "spotinst_account" { + description = "Spot.io account" + type = string + default = "act-ac6522b4" +} diff --git a/modules/sage-aws-eks/provider.tf b/dev/stacks/dpe-sandbox-k8s/provider.tf similarity index 100% rename from modules/sage-aws-eks/provider.tf rename to dev/stacks/dpe-sandbox-k8s/provider.tf diff --git a/dev/stacks/dpe-sandbox-k8s/variables.tf b/dev/stacks/dpe-sandbox-k8s/variables.tf new file mode 100644 index 00000000..2db286c2 --- /dev/null +++ b/dev/stacks/dpe-sandbox-k8s/variables.tf @@ -0,0 +1,5 @@ +variable "region" { + description = "AWS region" + type = string + default = "us-east-1" +} diff --git a/modules/apache-airflow/provider.tf b/modules/apache-airflow/provider.tf deleted file mode 100644 index b6449817..00000000 --- a/modules/apache-airflow/provider.tf +++ /dev/null @@ -1,16 +0,0 @@ -provider "aws" { - region = var.region -} - -provider "kubernetes" { - config_path = var.kube_config_path - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - config_path = var.kube_config_path - } -} diff --git a/modules/apache-airflow/versions.tf b/modules/apache-airflow/versions.tf index 402cfaf3..00cbb0b3 100644 --- a/modules/apache-airflow/versions.tf +++ b/modules/apache-airflow/versions.tf @@ -1,2 +1,16 @@ terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } + } } diff --git a/modules/internal-k8-infra/.terraform.lock.hcl b/modules/internal-k8-infra/.terraform.lock.hcl deleted file mode 100644 index 46ad8f2d..00000000 --- a/modules/internal-k8-infra/.terraform.lock.hcl +++ /dev/null @@ -1,85 +0,0 @@ -# This file is maintained automatically by "terraform init". -# Manual edits may be lost in future updates. - -provider "registry.terraform.io/hashicorp/aws" { - version = "5.50.0" - constraints = ">= 3.70.0" - hashes = [ - "h1:OE1Q924lUL15OytvxwkdIspPsLRe0m2044W55j3lihE=", - "zh:19be42f5a545d6712dee4bdb704b018d23bacf5d902ac3cb061eb1750dfe6a20", - "zh:1d880bdba95ce96efde37e5bcf457a57df2c1effa9b47bc67fa29c1a264ae53b", - "zh:1e9c78e324d7492be5e7744436ed71d66fe4eca3fb6af07a28efd0d1e3bf7640", - "zh:27ac672aa61b3795931561fdbe4a306ad1132af517d7711c14569429b2cc694f", - "zh:3b978423dead02f9a98d25de118adf264a2331acdc4550ea93bed01feabc12e7", - "zh:490d7eb4b922ba1b57e0ab8dec1a08df6517485febcab1e091fd6011281c3472", - "zh:64e7c84e18dac1af5778d6f516e01a46f9c91d710867c39fbc7efa3cd972dc62", - "zh:73867ac2956dcdd377121b3aa8fe2e1085e77fae9b61d018f56a863277ea4b6e", - "zh:7ed899d0d5c49f009b445d7816e4bf702d9c48205c24cf884cd2ae0247160455", - "zh:9b12af85486a96aedd8d7984b0ff811a4b42e3d88dad1a3fb4c0b580d04fa425", - "zh:9b93784b3fb13d08cf95a4131c49b56bf7e1cd35daad6156b3658a89ce6fb58f", - "zh:b29d77eb75de474e46eb47e539c48916628d85599bcf14e5cc500b14a4578e75", - "zh:bbd9cec8ca705452e4a3d21d56474eacb8cc7b1b74b7f310fdea4bdcffebab32", - "zh:c352eb3169efa0e27a29b99a2630e8298710a084453c519caa39e5972ff6d1fc", - "zh:e32f4744b43be1708b309a734e0ac10b5c0f9f92e5849298cf1a90f2b906f6f3", - ] -} - -provider "registry.terraform.io/hashicorp/helm" { - version = "2.12.1" - constraints = "2.12.1" - hashes = [ - "h1:sgYI7lwGqJqPopY3NGmhb1eQ0YbH8PIXaAZAmnJrAvw=", - "zh:1d623fb1662703f2feb7860e3c795d849c77640eecbc5a776784d08807b15004", - "zh:253a5bc62ba2c4314875139e3fbd2feaad5ef6b0fb420302a474ab49e8e51a38", - "zh:282358f4ad4f20d0ccaab670b8645228bfad1c03ac0d0df5889f0aea8aeac01a", - "zh:4fd06af3091a382b3f0d8f0a60880f59640d2b6d9d6a31f9a873c6f1bde1ec50", - "zh:6816976b1830f5629ae279569175e88b497abbbac30ee809948a1f923c67a80d", - "zh:7d82c4150cdbf48cfeec867be94c7b9bd7682474d4df0ebb7e24e148f964844f", - "zh:83f062049eea2513118a4c6054fb06c8600bac96196f25aed2cc21898ec86e93", - "zh:a79eec0cf4c08fca79e44033ec6e470f25ff23c3e2c7f9bc707ed7771c1072c0", - "zh:b2b2d904b2821a6e579910320605bc478bbef063579a23fbfdd6fcb5871b81f8", - "zh:e91177ca06a15487fc570cb81ecef6359aa399459ea2aa7c4f7367ba86f6fcad", - "zh:e976bcb82996fc4968f8382bbcb6673efb1f586bf92074058a232028d97825b1", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/hashicorp/kubernetes" { - version = "2.30.0" - hashes = [ - "h1:wRVWY3sK32BNInDOlQnoGSmL638f3jjLFypCAotwpc8=", - "zh:06531333a72fe6d2829f37a328e08a3fc4ed66226344a003b62418a834ac6c69", - "zh:34480263939ef5007ce65c9f4945df5cab363f91e5260ae552bcd9f2ffeed444", - "zh:59e71f9177da570c33507c44828288264c082d512138c5755800f2cd706c62bc", - "zh:6e979b0c07326f9c8d1999096a920322d22261ca61d346b3a9775283d00a2fa5", - "zh:73e3f228de0077b5c0a84ec5b1ada507fbb3456cba35a6b5758723f77715b7af", - "zh:79e0de985159c056f001cc47a654620d51f5d55f554bcbcde1fe7d52f667db40", - "zh:8accb9100f609377db42e3ced42cc9d5c36065a06644dfb21d3893bb8d4797fd", - "zh:9f99aa0bf5caa4223a7dbf5d22d71c16083e782c4eea4b0130abfd6e6f1cec18", - "zh:bcb2ad76ad05ec23f8da62231a2360d1f70bbcd28abd06b8458a9e2f17da7873", - "zh:bce317d7790c2d3c4e724726dc78070db28daf7d861faa646fc891fe28842a29", - "zh:ed0a8e7fa8a1c419a19840b421d18200c3a63cf16ccbcbc400cb375d5397f615", - "zh:f569b65999264a9416862bca5cd2a6177d94ccb0424f3a4ef424428912b9cb3c", - ] -} - -provider "registry.terraform.io/spotinst/spotinst" { - version = "1.172.0" - constraints = ">= 1.161.0, 1.172.0" - hashes = [ - "h1:2saeakZwIWW9/OwYfujf1KIGDpu51drarzRgj+UERnM=", - "zh:00e1b9ec51d26baa7bfcbada5d6e8a18bf06b1e11cdc0f867055539842bdc3db", - "zh:057488eb2d03ea8841ff868d4a64807b6c6553da2b80f907076307a503fc7d22", - "zh:142c8103f3c0ff2906cb639544c3864f269c18e573f957959444a0c0dadc9f07", - "zh:9442c1bfadb26bb18fc2804728679a1867c9cd9519f8c073fd18ffe1a280b56e", - "zh:a33dbb9fd2f4589aec9299845b2ede445d660eb657a5a6a0b2ffcd1f7e46a2ec", - "zh:ad792fcaab97a3bd010377d441bcff0798c60f03a367b1790d447bba28e080a9", - "zh:c313c36017dea551af4bdf3947bbe09a6db808c78d17768f8c3e41cd3e2ddbf2", - "zh:c8c8bfd199b7ddce63a799e02f896a713e97c4ac25845bd571a54a310f5839b8", - "zh:cc6fe6175a585ca95704cba51676b3f99ff6d9915828fc71915ad1c69bf2e80f", - "zh:d13560b0c17c5fe37ec9d1618ba851bbdd72c406a3469439759d601337c8db09", - "zh:d6477874a1a4aa1c7d23915dd8f193234d0d4080dc26691cfb790ac8a427d56b", - "zh:f825cbca23caf89d8e0bd893eaf4873bd9517207b26db2525f5b98d19f8b6597", - "zh:f97092d8a733f0d5ec1512d8eb260e0bd6aa1ab9d2c2b5353df8e06f34eee60a", - ] -} diff --git a/modules/internal-k8-infra/versions.tf b/modules/internal-k8-infra/versions.tf index 2e6eb8fe..aae1e3f6 100644 --- a/modules/internal-k8-infra/versions.tf +++ b/modules/internal-k8-infra/versions.tf @@ -1,8 +1,20 @@ terraform { required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } spotinst = { source = "spotinst/spotinst" version = "1.172.0" # Specify the version you wish to use } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } } } diff --git a/modules/main.tf b/modules/main.tf index dc1d07aa..6a606f8f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,7 +16,7 @@ resource "spacelift_module" "sage-aws-vpc" { resource "spacelift_version" "sage-aws-vpc-version" { module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.2.2" + version_number = "0.3.0" } resource "spacelift_module" "sage-aws-eks" { @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.2.6" + version_number = "0.3.0" } resource "spacelift_module" "sage-aws-eks-autoscaler" { @@ -58,7 +58,7 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.2.2" + version_number = "0.3.0" } resource "spacelift_module" "spacelift-private-workerpool" { @@ -79,5 +79,5 @@ resource "spacelift_module" "spacelift-private-workerpool" { resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.3" + version_number = "0.2.0" } diff --git a/modules/sage-aws-eks/versions.tf b/modules/sage-aws-eks/versions.tf index 402cfaf3..cba4c144 100644 --- a/modules/sage-aws-eks/versions.tf +++ b/modules/sage-aws-eks/versions.tf @@ -1,2 +1,8 @@ terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } } diff --git a/modules/sage-aws-k8s-node-autoscaler/provider.tf b/modules/sage-aws-k8s-node-autoscaler/provider.tf deleted file mode 100644 index 36f44424..00000000 --- a/modules/sage-aws-k8s-node-autoscaler/provider.tf +++ /dev/null @@ -1,15 +0,0 @@ -provider "aws" { - region = var.region -} - -provider "spotinst" { - account = var.spotinst_account - token = data.aws_secretsmanager_secret_version.secret_credentials.secret_string -} - -provider "kubernetes" { - config_path = var.kube_config_path - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} diff --git a/modules/sage-aws-k8s-node-autoscaler/versions.tf b/modules/sage-aws-k8s-node-autoscaler/versions.tf index 2e6eb8fe..fa3905ba 100644 --- a/modules/sage-aws-k8s-node-autoscaler/versions.tf +++ b/modules/sage-aws-k8s-node-autoscaler/versions.tf @@ -1,5 +1,13 @@ terraform { required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } spotinst = { source = "spotinst/spotinst" version = "1.172.0" # Specify the version you wish to use diff --git a/modules/sage-aws-vpc/provider.tf b/modules/sage-aws-vpc/provider.tf deleted file mode 100644 index dc58d9a2..00000000 --- a/modules/sage-aws-vpc/provider.tf +++ /dev/null @@ -1,3 +0,0 @@ -provider "aws" { - region = var.region -} diff --git a/modules/sage-aws-vpc/versions.tf b/modules/sage-aws-vpc/versions.tf index 402cfaf3..cba4c144 100644 --- a/modules/sage-aws-vpc/versions.tf +++ b/modules/sage-aws-vpc/versions.tf @@ -1,2 +1,8 @@ terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + } } diff --git a/modules/spacelift-private-worker/provider.tf b/modules/spacelift-private-worker/provider.tf deleted file mode 100644 index b6449817..00000000 --- a/modules/spacelift-private-worker/provider.tf +++ /dev/null @@ -1,16 +0,0 @@ -provider "aws" { - region = var.region -} - -provider "kubernetes" { - config_path = var.kube_config_path - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - config_path = var.kube_config_path - } -} diff --git a/modules/spacelift-private-worker/versions.tf b/modules/spacelift-private-worker/versions.tf new file mode 100644 index 00000000..00cbb0b3 --- /dev/null +++ b/modules/spacelift-private-worker/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } + } +} From 90f38efff47dca35fda6185c67e4e05a44f25ff6 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:19:16 -0700 Subject: [PATCH 024/161] Updating modules --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- dev/stacks/dpe-sandbox-k8s/main.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 1113bf14..6e178c66 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,6 +1,6 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.2.2" + version = "0.3.0" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = var.private_subnet_ids diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 4978f2a7..c9c49a10 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -1,12 +1,12 @@ module "sage-aws-vpc" { source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" - version = "0.2.2" + version = "0.3.0" vpc_name = "dpe-sandbox" } module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.2.6" + version = "0.3.0" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From b20890d2eb0332da564ea6613fb680064711321d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:21:34 -0700 Subject: [PATCH 025/161] Remove provider that is not actually required --- dev/stacks/dpe-sandbox-k8s/versions.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s/versions.tf b/dev/stacks/dpe-sandbox-k8s/versions.tf index 95233f0a..402cfaf3 100644 --- a/dev/stacks/dpe-sandbox-k8s/versions.tf +++ b/dev/stacks/dpe-sandbox-k8s/versions.tf @@ -1,7 +1,2 @@ terraform { - required_providers { - spotinst = { - source = "spotinst/spotinst" - } - } } From a6229bd8a47be76d5335f428785aa98600fa9c56 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 18 Jul 2024 15:21:34 -0700 Subject: [PATCH 026/161] Try setting load bal ip ranges --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6e178c66..28128211 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -272,6 +272,9 @@ resource "kubernetes_service" "management-ui-service" { spec { type = "LoadBalancer" + # external_ips = ["52.44.61.21/32"] + load_balancer_source_ranges = ["52.44.61.21/32"] + port { port = 80 target_port = 9001 From 589de1df7645e16b2fdcf250bc16feabdd6bfafc Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 13:58:27 -0700 Subject: [PATCH 027/161] Capture flow logs --- modules/main.tf | 2 +- modules/sage-aws-vpc/main.tf | 29 +++++++++-------------------- modules/sage-aws-vpc/variables.tf | 12 ++++++++++++ 3 files changed, 22 insertions(+), 21 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 6a606f8f..3f78adf6 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,7 +16,7 @@ resource "spacelift_module" "sage-aws-vpc" { resource "spacelift_version" "sage-aws-vpc-version" { module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.3.0" + version_number = "0.3.1" } resource "spacelift_module" "sage-aws-eks" { diff --git a/modules/sage-aws-vpc/main.tf b/modules/sage-aws-vpc/main.tf index de73bcba..1580dd97 100644 --- a/modules/sage-aws-vpc/main.tf +++ b/modules/sage-aws-vpc/main.tf @@ -27,26 +27,15 @@ module "vpc" { single_nat_gateway = true enable_vpn_gateway = false - manage_default_security_group = true - - # default_network_acl_ingress = [ - # { - # "action" : "deny", - # "cidr_block" : "0.0.0.0/0", - # "from_port" : 0, - # "protocol" : "-1", - # "rule_no" : 98, - # "to_port" : 0 - # }, - # { - # "action" : "deny", - # "from_port" : 0, - # "ipv6_cidr_block" : "::/0", - # "protocol" : "-1", - # "rule_no" : 99, - # "to_port" : 0 - # } - # ] + manage_default_security_group = false + + create_flow_log_cloudwatch_iam_role = var.capture_flow_logs + create_flow_log_cloudwatch_log_group = var.capture_flow_logs + flow_log_cloudwatch_log_group_retention_in_days = var.flow_log_retention + + # Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time + flow_log_cloudwatch_log_group_skip_destroy = false + tags = var.tags } diff --git a/modules/sage-aws-vpc/variables.tf b/modules/sage-aws-vpc/variables.tf index 7ab03ea6..4bfaa963 100644 --- a/modules/sage-aws-vpc/variables.tf +++ b/modules/sage-aws-vpc/variables.tf @@ -42,3 +42,15 @@ variable "tags" { "CostCenter" = "No Program / 000000" } } + +variable "capture_flow_logs" { + description = "Determine if we should capture VPC flow logs. When true this will forward flow logs to cloudwatch." + type = bool + default = false +} + +variable "flow_log_retention" { + description = "Number of days to retain flow logs in CloudWatch Logs" + type = number + default = 1 +} From d1a8d28ea7115e32ca53c1940c1f67d511d8b82f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 13:59:23 -0700 Subject: [PATCH 028/161] Catpure flow logs --- dev/stacks/dpe-sandbox-k8s/main.tf | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index c9c49a10..564c23b0 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -1,7 +1,9 @@ module "sage-aws-vpc" { - source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" - version = "0.3.0" - vpc_name = "dpe-sandbox" + source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" + version = "0.3.1" + vpc_name = "dpe-sandbox" + capture_flow_logs = true + flow_log_retention = 1 } module "sage-aws-eks" { From 113e816d2a9c0212afe8160902f34881079e496c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:03:49 -0700 Subject: [PATCH 029/161] Add to documentation --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 3 +-- modules/sage-aws-vpc/README.md | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 modules/sage-aws-vpc/README.md diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 28128211..98152bde 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -268,11 +268,10 @@ resource "kubernetes_service" "management-ui-service" { namespace = "management-ui" } - # TODO: Update the security group created from this LoadBalancer to only allow source of `52.44.61.21/32` spec { type = "LoadBalancer" - # external_ips = ["52.44.61.21/32"] + # Setting this updates the `Source` field for the LoadBalancer security group load_balancer_source_ranges = ["52.44.61.21/32"] port { diff --git a/modules/sage-aws-vpc/README.md b/modules/sage-aws-vpc/README.md new file mode 100644 index 00000000..76143163 --- /dev/null +++ b/modules/sage-aws-vpc/README.md @@ -0,0 +1,18 @@ +# Purpose +This module is used to provision a VPC within AWS. + + +## TODO: +- Create a diagram that shows the deployment +- Add more verbose examples and links to relevant documentation + + +### Attaching to the Sage Transit Gateway +Attaching the VPC to the Sage Transit Gateway is managed through the central IT +repository using the following documentation: + +* +* + +See this example pull-request for adding a VPC spoke: + \ No newline at end of file From 200821a6a7ebe918b898be95c2e76d30c5f6f0a0 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:08:26 -0700 Subject: [PATCH 030/161] Allow cloud watch logs to be toggled for the EKS module --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 3 +++ modules/sage-aws-eks/variables.tf | 12 ++++++++++++ 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 3f78adf6..7db48949 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.0" + version_number = "0.3.1" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 4649c8bf..08c860cf 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -95,6 +95,9 @@ module "eks" { enable_cluster_creator_admin_permissions = true authentication_mode = "API" + cloudwatch_log_group_retention_in_days = var.cloudwatch_retention + create_cloudwatch_log_group = var.capture_cloudwatch_logs + access_entries = { # One access entry with a policy associated diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index 7d7a631d..6448fb13 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -44,3 +44,15 @@ variable "enable_policy_event_logs" { type = bool default = false } + +variable "capture_cloudwatch_logs" { + description = "Determine if we should capture logs to cloudwatch." + type = bool + default = false +} + +variable "cloudwatch_retention" { + description = "Number of days to retain CloudWatch Logs" + type = number + default = 1 +} From 9f7e20680e47d13f15d2b1d63be5bb06d252a161 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:09:16 -0700 Subject: [PATCH 031/161] Set cloudwatch retention to 1 --- dev/stacks/dpe-sandbox-k8s/main.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 564c23b0..757c02be 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,11 +8,13 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.0" + version = "0.3.1" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids vpc_id = module.sage-aws-vpc.vpc_id vpc_security_group_id = module.sage-aws-vpc.vpc_security_group_id enable_policy_event_logs = true + capture_cloudwatch_logs = true + cloudwatch_retention = 1 } From a9cdfc3a1ce6164555638492ef81676301c3af5b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:14:29 -0700 Subject: [PATCH 032/161] Set log group class --- modules/main.tf | 2 +- modules/sage-aws-vpc/main.tf | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 7db48949..f1ff1257 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,7 +16,7 @@ resource "spacelift_module" "sage-aws-vpc" { resource "spacelift_version" "sage-aws-vpc-version" { module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.3.1" + version_number = "0.3.2" } resource "spacelift_module" "sage-aws-eks" { diff --git a/modules/sage-aws-vpc/main.tf b/modules/sage-aws-vpc/main.tf index 1580dd97..381c6ac4 100644 --- a/modules/sage-aws-vpc/main.tf +++ b/modules/sage-aws-vpc/main.tf @@ -1,5 +1,3 @@ - - module "vpc" { source = "terraform-aws-modules/vpc/aws" version = "5.9.0" @@ -32,6 +30,7 @@ module "vpc" { create_flow_log_cloudwatch_iam_role = var.capture_flow_logs create_flow_log_cloudwatch_log_group = var.capture_flow_logs flow_log_cloudwatch_log_group_retention_in_days = var.flow_log_retention + flow_log_cloudwatch_log_group_class = "STANDARD" # Set to true if you do not wish the log group (and any logs it may contain) to be deleted at destroy time flow_log_cloudwatch_log_group_skip_destroy = false From 00df837ec058684c72b62477b25312918509f8fa Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:14:58 -0700 Subject: [PATCH 033/161] Update to use new vpc module --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 757c02be..1b223135 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -1,6 +1,6 @@ module "sage-aws-vpc" { source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" - version = "0.3.1" + version = "0.3.2" vpc_name = "dpe-sandbox" capture_flow_logs = true flow_log_retention = 1 From 59406834bcbefd1ddc7ae922044c608dde2e719b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:17:47 -0700 Subject: [PATCH 034/161] Enable flow log --- modules/main.tf | 2 +- modules/sage-aws-vpc/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index f1ff1257..bd893fe9 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,7 +16,7 @@ resource "spacelift_module" "sage-aws-vpc" { resource "spacelift_version" "sage-aws-vpc-version" { module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.3.2" + version_number = "0.3.3" } resource "spacelift_module" "sage-aws-eks" { diff --git a/modules/sage-aws-vpc/main.tf b/modules/sage-aws-vpc/main.tf index 381c6ac4..4d4ff3ee 100644 --- a/modules/sage-aws-vpc/main.tf +++ b/modules/sage-aws-vpc/main.tf @@ -27,6 +27,7 @@ module "vpc" { manage_default_security_group = false + enable_flow_log = var.capture_flow_logs create_flow_log_cloudwatch_iam_role = var.capture_flow_logs create_flow_log_cloudwatch_log_group = var.capture_flow_logs flow_log_cloudwatch_log_group_retention_in_days = var.flow_log_retention From 788c53142f21297b884c668919ad7161afa2e50f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:18:05 -0700 Subject: [PATCH 035/161] Increment module --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 1b223135..e7418b88 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -1,6 +1,6 @@ module "sage-aws-vpc" { source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" - version = "0.3.2" + version = "0.3.3" vpc_name = "dpe-sandbox" capture_flow_logs = true flow_log_retention = 1 From 1946b29b8d10b4b1500f1c00572fd7096b7cba43 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:35:44 -0700 Subject: [PATCH 036/161] Change which port the frontend is running on --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 98152bde..42c5a9cb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -101,7 +101,7 @@ resource "kubernetes_deployment" "client-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status"] + command = ["probe", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status"] port { container_port = 9000 @@ -145,8 +145,8 @@ resource "kubernetes_service" "frontend-service" { } port { - port = 80 - target_port = 80 + port = 1025 + target_port = 1025 } } } @@ -180,10 +180,10 @@ resource "kubernetes_deployment" "frontend-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + command = ["probe", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] port { - container_port = 80 + container_port = 1025 } } } @@ -240,7 +240,7 @@ resource "kubernetes_deployment" "backend-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] port { container_port = 6379 From 67d06aeb6f34951c2117df200ab84a33ad3a49d8 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:52:20 -0700 Subject: [PATCH 037/161] correct which port front-end is listening on --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 42c5a9cb..0f139614 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -146,7 +146,7 @@ resource "kubernetes_service" "frontend-service" { port { port = 1025 - target_port = 1025 + target_port = 9000 } } } From 28d01db3cb53b6c631ac49f2568993a3faaaa945 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 14:55:43 -0700 Subject: [PATCH 038/161] update ports to 80 across the board --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 0f139614..62d8336e 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -101,7 +101,7 @@ resource "kubernetes_deployment" "client-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status"] + command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status"] port { container_port = 9000 @@ -145,8 +145,8 @@ resource "kubernetes_service" "frontend-service" { } port { - port = 1025 - target_port = 9000 + port = 80 + target_port = 80 } } } @@ -180,10 +180,10 @@ resource "kubernetes_deployment" "frontend-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] + command = ["probe", "--http-port=80", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] port { - container_port = 1025 + container_port = 80 } } } @@ -240,7 +240,7 @@ resource "kubernetes_deployment" "backend-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] + command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] port { container_port = 6379 From ffef0b2504afec79602a991a0cf8a0826f80e238 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 15:14:39 -0700 Subject: [PATCH 039/161] Add security enforcement for pod --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 5 +---- modules/sage-aws-eks/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index bd893fe9..3d867a0f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.1" + version_number = "0.3.2" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 08c860cf..433492d2 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -70,10 +70,7 @@ module "eks" { } env = { ENABLE_POD_ENI = "true", - POD_SECURITY_GROUP_ENFORCING_MODE = "standard", - # TODO: Turn on strict mode when we are ready to enforce it - # POD_SECURITY_GROUP_ENFORCING_MODE = "strict", - AWS_VPC_K8S_CNI_EXTERNALSNAT = "true" + POD_SECURITY_GROUP_ENFORCING_MODE = var.pod_security_group_enforcing_mode, } }) } } diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index 6448fb13..279a658a 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -56,3 +56,9 @@ variable "cloudwatch_retention" { type = number default = 1 } + +variable "pod_security_group_enforcing_mode" { + description = "Valid values are 'standard' or 'strict'. More information: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md#pod_security_group_enforcing_mode-v1110" + type = string + default = "strict" +} From 2d6694de86ec9d0db42edf14a02948f15c065c56 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 15:15:40 -0700 Subject: [PATCH 040/161] Leave enforcement on standard --- dev/stacks/dpe-sandbox-k8s/main.tf | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index e7418b88..5ef55368 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,13 +8,14 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.1" + version = "0.3.2" - cluster_name = "dpe-k8-sandbox" - private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids - vpc_id = module.sage-aws-vpc.vpc_id - vpc_security_group_id = module.sage-aws-vpc.vpc_security_group_id - enable_policy_event_logs = true - capture_cloudwatch_logs = true - cloudwatch_retention = 1 + cluster_name = "dpe-k8-sandbox" + private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids + vpc_id = module.sage-aws-vpc.vpc_id + vpc_security_group_id = module.sage-aws-vpc.vpc_security_group_id + enable_policy_event_logs = true + capture_cloudwatch_logs = true + cloudwatch_retention = 1 + pod_security_group_enforcing_mode = "standard" } From 169b977fcf5d4a09e63b746788870cff7d78882f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 15:47:03 -0700 Subject: [PATCH 041/161] set enforcement mode to strict --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 5ef55368..9aa4aa49 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -17,5 +17,5 @@ module "sage-aws-eks" { enable_policy_event_logs = true capture_cloudwatch_logs = true cloudwatch_retention = 1 - pod_security_group_enforcing_mode = "standard" + pod_security_group_enforcing_mode = "strict" } From fb6317805f9f600b9cd95efcfd3446b82d5760df Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 16:01:26 -0700 Subject: [PATCH 042/161] Create a security group for client --- .../dpe-sandbox-k8s-deployments/data.tf | 4 + .../dpe-sandbox-k8s-deployments/main.tf | 83 ++++++++++++++++++- .../dpe-sandbox-k8s-deployments/variables.tf | 1 + 3 files changed, 87 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf index 2d884fa9..f6f5e8fa 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf @@ -14,3 +14,7 @@ data "aws_secretsmanager_secret_version" "secret_credentials" { secret_id = data.aws_secretsmanager_secret.spotinst_token.id } + +data "aws_security_group" "node-security-group" { + name = "${var.cluster_name}-node" +} diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 62d8336e..1f478208 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -2,7 +2,7 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" version = "0.3.0" - cluster_name = "dpe-k8-sandbox" + cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids vpc_id = var.vpc_id node_security_group_id = var.node_security_group_id @@ -68,6 +68,87 @@ resource "kubernetes_namespace" "testing" { # EOF # } + +# apiVersion: vpcresources.k8s.aws/v1beta1 +# kind: SecurityGroupPolicy +# metadata: +# name: my-security-group-policy +# namespace: my-namespace +# spec: +# podSelector: +# matchLabels: +# role: my-role +# securityGroups: +# groupIds: +# - my_pod_security_group_id + +# resource "aws_security_group" "frontend" { +# # ... other configuration ... + +# egress { +# from_port = 0 +# to_port = 0 +# protocol = "-1" +# cidr_blocks = ["0.0.0.0/0"] +# ipv6_cidr_blocks = ["::/0"] +# } +# } + + +# resource "aws_security_group" "backend" { +# # ... other configuration ... + +# egress { +# from_port = 0 +# to_port = 0 +# protocol = "-1" +# cidr_blocks = ["0.0.0.0/0"] +# ipv6_cidr_blocks = ["::/0"] +# } +# } + +resource "aws_security_group" "client" { + name = "allow-traffic-client" + description = "Allow traffic" + vpc_id = var.vpc_id + + egress { + protocol = "-1" + cidr_blocks = ["0.0.0.0/0"] + ipv6_cidr_blocks = ["::/0"] + } +} + +resource "aws_vpc_security_group_ingress_rule" "client-node" { + security_group_id = aws_security_group.client.id + # Node security group + referenced_security_group_id = data.aws_security_group.node-security-group.id + ip_protocol = "-1" +} + +resource "kubernetes_manifest" "security-group-policy-client" { + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = "security-group-policy-client" + namespace = "client" + } + spec = { + podSelector = { + matchLabels = { + role = "client" + } + } + securityGroups = { + groupIds = [ + aws_security_group.client.id + ] + } + } + } +} + resource "kubernetes_namespace" "client" { metadata { name = "client" diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf index 5dd7dbc4..631d0b8f 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf @@ -33,6 +33,7 @@ variable "region" { variable "cluster_name" { description = "EKS cluster name" type = string + default = "dpe-k8-sandbox" } variable "spotinst_account" { From 45eb37a8d35803394676150ce782dcf23559627b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 16:45:37 -0700 Subject: [PATCH 043/161] Leave security group out --- .../dpe-sandbox-k8s-deployments/main.tf | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 1f478208..8e4a37c0 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -8,6 +8,14 @@ module "sage-aws-eks-autoscaler" { node_security_group_id = var.node_security_group_id } +# TODO: +# Requirements for security groups: +# They must allow inbound communication from the security group applied to your nodes (for kubelet) over any ports that you've configured probes for. +# They must allow outbound communication over TCP and UDP ports 53 to a security group assigned to the Pods (or nodes that the Pods run on) running CoreDNS. +# The security group for your CoreDNS Pods must allow inbound TCP and UDP port 53 traffic from the security group that you specify. +# They must have necessary inbound and outbound rules to communicate with other Pods that they need to communicate with. + + # Anything beyond this is used for testing # resource "aws_security_group" "allow_tls" { # name = "allow_tls" @@ -107,24 +115,24 @@ resource "kubernetes_namespace" "testing" { # } # } -resource "aws_security_group" "client" { - name = "allow-traffic-client" - description = "Allow traffic" - vpc_id = var.vpc_id +# resource "aws_security_group" "client" { +# name = "allow-traffic-client" +# description = "Allow traffic" +# vpc_id = var.vpc_id - egress { - protocol = "-1" - cidr_blocks = ["0.0.0.0/0"] - ipv6_cidr_blocks = ["::/0"] - } -} +# egress { +# protocol = "-1" +# cidr_blocks = ["0.0.0.0/0"] +# ipv6_cidr_blocks = ["::/0"] +# } +# } -resource "aws_vpc_security_group_ingress_rule" "client-node" { - security_group_id = aws_security_group.client.id - # Node security group - referenced_security_group_id = data.aws_security_group.node-security-group.id - ip_protocol = "-1" -} +# resource "aws_vpc_security_group_ingress_rule" "client-node" { +# security_group_id = aws_security_group.client.id +# # Node security group +# referenced_security_group_id = data.aws_security_group.node-security-group.id +# ip_protocol = "-1" +# } resource "kubernetes_manifest" "security-group-policy-client" { manifest = { From a6b5ff7b5e0614e9a7f83f8c86facfdb71afa609 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 17:00:49 -0700 Subject: [PATCH 044/161] Leave out SG --- .../dpe-sandbox-k8s-deployments/main.tf | 44 +++++++++---------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 8e4a37c0..6c2a040d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -134,28 +134,28 @@ resource "kubernetes_namespace" "testing" { # ip_protocol = "-1" # } -resource "kubernetes_manifest" "security-group-policy-client" { - manifest = { - apiVersion = "vpcresources.k8s.aws/v1beta1" - kind = "SecurityGroupPolicy" - metadata = { - name = "security-group-policy-client" - namespace = "client" - } - spec = { - podSelector = { - matchLabels = { - role = "client" - } - } - securityGroups = { - groupIds = [ - aws_security_group.client.id - ] - } - } - } -} +# resource "kubernetes_manifest" "security-group-policy-client" { +# manifest = { +# apiVersion = "vpcresources.k8s.aws/v1beta1" +# kind = "SecurityGroupPolicy" +# metadata = { +# name = "security-group-policy-client" +# namespace = "client" +# } +# spec = { +# podSelector = { +# matchLabels = { +# role = "client" +# } +# } +# securityGroups = { +# groupIds = [ +# aws_security_group.client.id +# ] +# } +# } +# } +# } resource "kubernetes_namespace" "client" { metadata { From 33d841c6731ac5cc653f2da557db0be64443ef75 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 19 Jul 2024 17:02:17 -0700 Subject: [PATCH 045/161] Leave out SG --- README.md | 8 ++++++++ dev/stacks/dpe-sandbox-k8s-deployments/data.tf | 6 +++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 04b6aba8..7f7b04fd 100644 --- a/README.md +++ b/README.md @@ -95,6 +95,14 @@ scale-to-zerio capabilities and will dynamically add or removes nodes from the c depending on the required demand. The autoscaler is templatized and provided as a terraform module to be used within an EKS stack. +Setup of spotio (Manual per AWS Account): + +* Subscribe through the AWS Marketplace: +* "Set up your account" on the spotio website and link it to an existing organization +* Link the account through the AWS UI: +* Create a policy (See the JSON in the spotio UI) +* Create a role (See instructions in the spotio UI) + #### Connecting to an EKS cluster for kubectl commands diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf index f6f5e8fa..2921550d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf @@ -15,6 +15,6 @@ data "aws_secretsmanager_secret_version" "secret_credentials" { } -data "aws_security_group" "node-security-group" { - name = "${var.cluster_name}-node" -} +# data "aws_security_group" "node-security-group" { +# name = "${var.cluster_name}-node" +# } From fe22b739afef48c34d5f42a5a9d3ea83b9256bb3 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 09:56:05 -0700 Subject: [PATCH 046/161] Create aws integration for aws dev account --- common-resources/aws-integrations/main.tf | 8 ++++++++ common-resources/aws-integrations/versions.tf | 8 ++++++++ common-resources/main.tf | 4 ++++ 3 files changed, 20 insertions(+) create mode 100644 common-resources/aws-integrations/main.tf create mode 100644 common-resources/aws-integrations/versions.tf diff --git a/common-resources/aws-integrations/main.tf b/common-resources/aws-integrations/main.tf new file mode 100644 index 00000000..995f0337 --- /dev/null +++ b/common-resources/aws-integrations/main.tf @@ -0,0 +1,8 @@ +# Resources derived from: https://registry.terraform.io/providers/spacelift-io/spacelift/latest/docs/resources/aws_integration +resource "spacelift_aws_integration" "org-sagebase-dnt-dev-aws-integration" { + name = "org-sagebase-dnt-dev-aws-integration" + role_arn = "arn:aws:iam::631692904429:role/spacelift-admin-role" + generate_credentials_in_worker = false + duration_seconds = 3600 + space_id = "root" +} diff --git a/common-resources/aws-integrations/versions.tf b/common-resources/aws-integrations/versions.tf new file mode 100644 index 00000000..ca249ecb --- /dev/null +++ b/common-resources/aws-integrations/versions.tf @@ -0,0 +1,8 @@ +terraform { + required_providers { + spacelift = { + source = "spacelift-io/spacelift" + version = "1.13.0" + } + } +} diff --git a/common-resources/main.tf b/common-resources/main.tf index 821b4fda..f6fbf709 100644 --- a/common-resources/main.tf +++ b/common-resources/main.tf @@ -5,3 +5,7 @@ module "policies" { module "contexts" { source = "./contexts" } + +module "aws-integrations" { + source = "./aws-integrations" +} From 41d926f6be411c2128fda0a125dfadac9fa414ce Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 10:05:51 -0700 Subject: [PATCH 047/161] Update integration ID for AWS --- dev/spacelift/dpe-sandbox/main.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index ba53623a..7431eaf9 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -111,14 +111,16 @@ resource "spacelift_stack_destructor" "k8s-stack-destructor" { } resource "spacelift_aws_integration_attachment" "k8s-aws-integration-attachment" { - integration_id = "01HXW154N60KJ8NCC93H1VYPNM" + # org-sagebase-dnt-dev-aws-integration + integration_id = "01J3DNYVM4AWWSDY3QEVRMQ076" stack_id = spacelift_stack.k8s-stack.id read = true write = true } resource "spacelift_aws_integration_attachment" "k8s-deployments-aws-integration-attachment" { - integration_id = "01HXW154N60KJ8NCC93H1VYPNM" + # org-sagebase-dnt-dev-aws-integration + integration_id = "01J3DNYVM4AWWSDY3QEVRMQ076" stack_id = spacelift_stack.k8s-stack-deployments.id read = true write = true From fda882c0a041633650a74d74125372fdcf1c2119 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:10:17 -0700 Subject: [PATCH 048/161] Allow setting AWS account in EKS module --- modules/internal-k8-infra/main.tf | 3 +-- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 4 ++-- modules/sage-aws-eks/variables.tf | 5 +++++ 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/internal-k8-infra/main.tf b/modules/internal-k8-infra/main.tf index f72749ed..5955c301 100644 --- a/modules/internal-k8-infra/main.tf +++ b/modules/internal-k8-infra/main.tf @@ -1,5 +1,5 @@ module "ocean-controller" { - source = "spotinst/ocean-controller/spotinst" + source = "spotinst/ocean-controller/spotinst" version = "0.54.0" # Credentials. @@ -13,7 +13,6 @@ module "ocean-controller" { module "ocean-aws-k8s" { source = "spotinst/ocean-aws-k8s/spotinst" version = "1.2.0" - # worker_instance_profile_arn = "arn:aws:iam::766808016710:role/airflow-node-group-eks-node-group-20240517054613935800000001" # Configuration cluster_name = var.cluster_name diff --git a/modules/main.tf b/modules/main.tf index 3d867a0f..708168c3 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.2" + version_number = "0.3.3" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 433492d2..0edaa45c 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -1,5 +1,5 @@ resource "aws_iam_role" "admin_role" { - name = "eks_admin_role_${var.cluster_name}" + name = "eks-admin-role-${var.cluster_name}" assume_role_policy = jsonencode({ Version = "2012-10-17" @@ -7,7 +7,7 @@ resource "aws_iam_role" "admin_role" { { Effect = "Allow" Principal = { - AWS = "arn:aws:iam::766808016710:root" + AWS = "arn:aws:iam::${var.aws_account_id}:root" } Action = "sts:AssumeRole" }, diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index 279a658a..1252f59d 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -62,3 +62,8 @@ variable "pod_security_group_enforcing_mode" { type = string default = "strict" } + +variable "aws_account_id" { + description = "The AWS account ID to use for assuming any roles" + type = string +} From 93ead3101612ef97ab66f207aaa8586b8264a006 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:11:09 -0700 Subject: [PATCH 049/161] Set AWS account to use for EKS module --- dev/stacks/dpe-sandbox-k8s/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 9aa4aa49..f29b1554 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.2" + version = "0.3.3" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids @@ -18,4 +18,5 @@ module "sage-aws-eks" { capture_cloudwatch_logs = true cloudwatch_retention = 1 pod_security_group_enforcing_mode = "strict" + aws_account_id = "631692904429" } From d4e3f72a5817e84df798295b32e55b3952c2fe17 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:27:35 -0700 Subject: [PATCH 050/161] Change which spotinst account to connect to --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 1 + dev/stacks/dpe-sandbox-k8s-deployments/variables.tf | 2 +- modules/internal-k8-infra/variables.tf | 1 - modules/main.tf | 2 +- modules/sage-aws-k8s-node-autoscaler/variables.tf | 1 - 5 files changed, 3 insertions(+), 4 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6c2a040d..ecc412bb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -6,6 +6,7 @@ module "sage-aws-eks-autoscaler" { private_vpc_subnet_ids = var.private_subnet_ids vpc_id = var.vpc_id node_security_group_id = var.node_security_group_id + spotinst_account = var.spotinst_account } # TODO: diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf index 631d0b8f..24ec8fe6 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf @@ -39,5 +39,5 @@ variable "cluster_name" { variable "spotinst_account" { description = "Spot.io account" type = string - default = "act-ac6522b4" + default = "act-45de6f47" } diff --git a/modules/internal-k8-infra/variables.tf b/modules/internal-k8-infra/variables.tf index 602be796..6751b0a8 100644 --- a/modules/internal-k8-infra/variables.tf +++ b/modules/internal-k8-infra/variables.tf @@ -25,7 +25,6 @@ variable "region" { variable "spotinst_account" { description = "Spot.io account" type = string - default = "act-ac6522b4" } variable "tags" { diff --git a/modules/main.tf b/modules/main.tf index 708168c3..8c43fabe 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -58,7 +58,7 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.3.0" + version_number = "0.3.1" } resource "spacelift_module" "spacelift-private-workerpool" { diff --git a/modules/sage-aws-k8s-node-autoscaler/variables.tf b/modules/sage-aws-k8s-node-autoscaler/variables.tf index 29358580..70877106 100644 --- a/modules/sage-aws-k8s-node-autoscaler/variables.tf +++ b/modules/sage-aws-k8s-node-autoscaler/variables.tf @@ -19,7 +19,6 @@ variable "kube_config_path" { variable "spotinst_account" { description = "Spot.io account" type = string - default = "act-ac6522b4" } variable "vpc_id" { From 984e83fb3b2931d4265be79d578a16b43583ea5f Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 12:54:45 -0700 Subject: [PATCH 051/161] Apply pod level security group --- .../dpe-sandbox-k8s-deployments/main.tf | 86 ++++++++++++++----- 1 file changed, 64 insertions(+), 22 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index ecc412bb..8b071ee2 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -135,28 +135,70 @@ resource "kubernetes_namespace" "testing" { # ip_protocol = "-1" # } -# resource "kubernetes_manifest" "security-group-policy-client" { -# manifest = { -# apiVersion = "vpcresources.k8s.aws/v1beta1" -# kind = "SecurityGroupPolicy" -# metadata = { -# name = "security-group-policy-client" -# namespace = "client" -# } -# spec = { -# podSelector = { -# matchLabels = { -# role = "client" -# } -# } -# securityGroups = { -# groupIds = [ -# aws_security_group.client.id -# ] -# } -# } -# } -# } +resource "aws_security_group" "eks_pod_security_group" { + name = "eks_pod_security_group" + description = "Security group for EKS pod-level security" + vpc_id = var.vpc_id + + ingress { + from_port = 0 + to_port = 65535 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic from the node security group" + } + + ingress { + from_port = 0 + to_port = 65535 + protocol = "udp" + security_groups = [var.node_security_group_id] + description = "Allow all UDP traffic from the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "udp" + security_groups = [var.node_security_group_id] + description = "Allow all UDP traffic to the node security group" + } + + tags = { + Name = "eks_pod_security_group" + } +} + +resource "kubernetes_manifest" "security-group-policy-client" { + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = "security-group-policy-client" + namespace = "client" + } + spec = { + podSelector = { + matchLabels = { + role = "client" + } + } + securityGroups = { + groupIds = [ + aws_security_group.eks_pod_security_group.id + ] + } + } + } +} resource "kubernetes_namespace" "client" { metadata { From 3d84150225e90494d50bd400d6c10e389b2419d7 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:37:17 -0700 Subject: [PATCH 052/161] Add security groups to all pods --- .../dpe-sandbox-k8s-deployments/main.tf | 191 ++++++++++++++++-- 1 file changed, 179 insertions(+), 12 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 8b071ee2..19ac6cb6 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -135,27 +135,93 @@ resource "kubernetes_namespace" "testing" { # ip_protocol = "-1" # } -resource "aws_security_group" "eks_pod_security_group" { - name = "eks_pod_security_group" - description = "Security group for EKS pod-level security" +resource "aws_security_group" "sg-management-ui" { + name = "${var.cluster_name}-sg-management-ui" + description = "Security group for EKS client pod-level security" vpc_id = var.vpc_id ingress { - from_port = 0 - to_port = 65535 + from_port = 80 + to_port = 80 protocol = "tcp" + security_groups = [aws_security_group.sg-backend.id, aws_security_group.sg-frontend.id, aws_security_group.sg-client.id] + description = "Allow all TCP traffic from the security groups" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "udp" security_groups = [var.node_security_group_id] - description = "Allow all TCP traffic from the node security group" + description = "Allow all UDP traffic to the node security group" } + tags = var.tags +} + +resource "aws_security_group" "sg-client" { + name = "${var.cluster_name}-sg-client" + description = "Security group for EKS client pod-level security" + vpc_id = var.vpc_id + ingress { - from_port = 0 - to_port = 65535 + from_port = 9000 + to_port = 9000 + protocol = "tcp" + security_groups = [aws_security_group.sg-backend.id, aws_security_group.sg-frontend.id, aws_security_group.sg-management-ui.id] + description = "Allow all TCP traffic from the security groups" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 protocol = "udp" security_groups = [var.node_security_group_id] - description = "Allow all UDP traffic from the node security group" + description = "Allow all UDP traffic to the node security group" + } + + tags = var.tags +} + +resource "aws_security_group" "sg-frontend" { + name = "${var.cluster_name}-sg-frontend" + description = "Security group for EKS frontend pod-level security" + vpc_id = var.vpc_id + + # ingress { + # # TODO: If I had any probes like liveness or health checks I would need to explicity allow it here + # from_port = 0 + # to_port = 65535 + # protocol = "tcp" + # security_groups = [var.node_security_group_id] + # description = "Allow all TCP traffic from the security groups" + # } + + ingress { + from_port = 80 + to_port = 80 + protocol = "tcp" + security_groups = [aws_security_group.sg-client.id, aws_security_group.sg-backend.id, aws_security_group.sg-management-ui.id] + description = "Allow all TCP traffic from the security groups" } + egress { from_port = 53 to_port = 53 @@ -172,9 +238,39 @@ resource "aws_security_group" "eks_pod_security_group" { description = "Allow all UDP traffic to the node security group" } - tags = { - Name = "eks_pod_security_group" + tags = var.tags +} + +resource "aws_security_group" "sg-backend" { + name = "${var.cluster_name}-sg-backend" + description = "Security group for EKS backend pod-level security" + vpc_id = var.vpc_id + + ingress { + from_port = 6379 + to_port = 6379 + protocol = "tcp" + security_groups = [aws_security_group.sg-frontend.id, aws_security_group.sg-client.id, aws_security_group.sg-management-ui.id] + description = "Allow all TCP traffic from the security groups" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "udp" + security_groups = [var.node_security_group_id] + description = "Allow all UDP traffic to the node security group" } + + tags = var.tags } resource "kubernetes_manifest" "security-group-policy-client" { @@ -193,18 +289,89 @@ resource "kubernetes_manifest" "security-group-policy-client" { } securityGroups = { groupIds = [ - aws_security_group.eks_pod_security_group.id + aws_security_group.sg-client.id + ] + } + } + } +} + + +resource "kubernetes_manifest" "security-group-policy-backend" { + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = "security-group-policy-backend" + namespace = "stars" + } + spec = { + podSelector = { + matchLabels = { + role = "backend" + } + } + securityGroups = { + groupIds = [ + aws_security_group.sg-backend.id ] } } } } + +resource "kubernetes_manifest" "security-group-policy-frontend" { + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = "security-group-policy-frontend" + namespace = "stars" + } + spec = { + podSelector = { + matchLabels = { + role = "frontend" + } + } + securityGroups = { + groupIds = [ + aws_security_group.sg-frontend.id + ] + } + } + } +} + +resource "kubernetes_manifest" "security-group-policy-ui" { + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = "security-group-policy-ui" + namespace = "management-ui" + } + spec = { + podSelector = { + matchLabels = { + role = "management-ui" + } + } + securityGroups = { + groupIds = [ + aws_security_group.sg-management-ui.id + ] + } + } + } +} resource "kubernetes_namespace" "client" { metadata { name = "client" } } + resource "kubernetes_deployment" "client-deployment" { metadata { name = "client" From cf2e616101ac79b39eb4c25b1711463c775efe75 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:46:46 -0700 Subject: [PATCH 053/161] Single security group block --- .../dpe-sandbox-k8s-deployments/main.tf | 202 +++--------------- 1 file changed, 31 insertions(+), 171 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 19ac6cb6..8aa5e39b 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -135,75 +135,19 @@ resource "kubernetes_namespace" "testing" { # ip_protocol = "-1" # } -resource "aws_security_group" "sg-management-ui" { - name = "${var.cluster_name}-sg-management-ui" - description = "Security group for EKS client pod-level security" +resource "aws_security_group" "sg-stars-demo" { + name = "${var.cluster_name}-sg-stars-demo" + description = "Security group for EKS pod-level security for the stars demo" vpc_id = var.vpc_id ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - security_groups = [aws_security_group.sg-backend.id, aws_security_group.sg-frontend.id, aws_security_group.sg-client.id] - description = "Allow all TCP traffic from the security groups" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Allow all TCP traffic to the node security group" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "udp" - security_groups = [var.node_security_group_id] - description = "Allow all UDP traffic to the node security group" - } - - tags = var.tags -} - -resource "aws_security_group" "sg-client" { - name = "${var.cluster_name}-sg-client" - description = "Security group for EKS client pod-level security" - vpc_id = var.vpc_id - - ingress { - from_port = 9000 - to_port = 9000 - protocol = "tcp" - security_groups = [aws_security_group.sg-backend.id, aws_security_group.sg-frontend.id, aws_security_group.sg-management-ui.id] - description = "Allow all TCP traffic from the security groups" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Allow all TCP traffic to the node security group" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "udp" - security_groups = [var.node_security_group_id] - description = "Allow all UDP traffic to the node security group" + from_port = 80 + to_port = 80 + protocol = "tcp" + self = true + description = "Allow all TCP traffic from the security groups" } - tags = var.tags -} - -resource "aws_security_group" "sg-frontend" { - name = "${var.cluster_name}-sg-frontend" - description = "Security group for EKS frontend pod-level security" - vpc_id = var.vpc_id - # ingress { # # TODO: If I had any probes like liveness or health checks I would need to explicity allow it here # from_port = 0 @@ -213,15 +157,6 @@ resource "aws_security_group" "sg-frontend" { # description = "Allow all TCP traffic from the security groups" # } - ingress { - from_port = 80 - to_port = 80 - protocol = "tcp" - security_groups = [aws_security_group.sg-client.id, aws_security_group.sg-backend.id, aws_security_group.sg-management-ui.id] - description = "Allow all TCP traffic from the security groups" - } - - egress { from_port = 53 to_port = 53 @@ -241,131 +176,56 @@ resource "aws_security_group" "sg-frontend" { tags = var.tags } -resource "aws_security_group" "sg-backend" { - name = "${var.cluster_name}-sg-backend" - description = "Security group for EKS backend pod-level security" - vpc_id = var.vpc_id - - ingress { - from_port = 6379 - to_port = 6379 - protocol = "tcp" - security_groups = [aws_security_group.sg-frontend.id, aws_security_group.sg-client.id, aws_security_group.sg-management-ui.id] - description = "Allow all TCP traffic from the security groups" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Allow all TCP traffic to the node security group" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "udp" - security_groups = [var.node_security_group_id] - description = "Allow all UDP traffic to the node security group" - } - - tags = var.tags -} - -resource "kubernetes_manifest" "security-group-policy-client" { - manifest = { - apiVersion = "vpcresources.k8s.aws/v1beta1" - kind = "SecurityGroupPolicy" - metadata = { +locals { + security_group_policies = { + client = { name = "security-group-policy-client" namespace = "client" - } - spec = { - podSelector = { - matchLabels = { - role = "client" - } - } - securityGroups = { - groupIds = [ - aws_security_group.sg-client.id - ] - } - } - } -} - - -resource "kubernetes_manifest" "security-group-policy-backend" { - manifest = { - apiVersion = "vpcresources.k8s.aws/v1beta1" - kind = "SecurityGroupPolicy" - metadata = { + role = "client" + }, + backend = { name = "security-group-policy-backend" namespace = "stars" - } - spec = { - podSelector = { - matchLabels = { - role = "backend" - } - } - securityGroups = { - groupIds = [ - aws_security_group.sg-backend.id - ] - } - } - } -} - - -resource "kubernetes_manifest" "security-group-policy-frontend" { - manifest = { - apiVersion = "vpcresources.k8s.aws/v1beta1" - kind = "SecurityGroupPolicy" - metadata = { + role = "backend" + }, + frontend = { name = "security-group-policy-frontend" namespace = "stars" - } - spec = { - podSelector = { - matchLabels = { - role = "frontend" - } - } - securityGroups = { - groupIds = [ - aws_security_group.sg-frontend.id - ] - } + role = "frontend" + }, + ui = { + name = "security-group-policy-ui" + namespace = "management-ui" + role = "management-ui" } } } -resource "kubernetes_manifest" "security-group-policy-ui" { +resource "kubernetes_manifest" "security_group_policy" { + for_each = local.security_group_policies + manifest = { apiVersion = "vpcresources.k8s.aws/v1beta1" kind = "SecurityGroupPolicy" metadata = { - name = "security-group-policy-ui" - namespace = "management-ui" + name = each.value.name + namespace = each.value.namespace } spec = { podSelector = { matchLabels = { - role = "management-ui" + role = each.value.role } } securityGroups = { groupIds = [ - aws_security_group.sg-management-ui.id + aws_security_group.sg-stars-demo.id ] } } } } + resource "kubernetes_namespace" "client" { metadata { name = "client" From 1b8fb87989e74320f7cc48887648de1f27ce3856 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:48:37 -0700 Subject: [PATCH 054/161] rm tag --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 8aa5e39b..64484e1b 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -150,8 +150,8 @@ resource "aws_security_group" "sg-stars-demo" { # ingress { # # TODO: If I had any probes like liveness or health checks I would need to explicity allow it here - # from_port = 0 - # to_port = 65535 + # from_port = 9001 + # to_port = 9001 # protocol = "tcp" # security_groups = [var.node_security_group_id] # description = "Allow all TCP traffic from the security groups" @@ -173,7 +173,6 @@ resource "aws_security_group" "sg-stars-demo" { description = "Allow all UDP traffic to the node security group" } - tags = var.tags } locals { From 41bc5d9d1d8d154183e48c0aab33cb283eb489f6 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 13:58:52 -0700 Subject: [PATCH 055/161] Allow all ports --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 64484e1b..6431941e 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -141,8 +141,8 @@ resource "aws_security_group" "sg-stars-demo" { vpc_id = var.vpc_id ingress { - from_port = 80 - to_port = 80 + from_port = 0 + to_port = 65535 protocol = "tcp" self = true description = "Allow all TCP traffic from the security groups" From 72faf179bc3ab80546b3f289b62148ba65894615 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:03:57 -0700 Subject: [PATCH 056/161] egress from self --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6431941e..534a3593 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -145,7 +145,7 @@ resource "aws_security_group" "sg-stars-demo" { to_port = 65535 protocol = "tcp" self = true - description = "Allow all TCP traffic from the security groups" + description = "Allow all TCP traffic to self" } # ingress { @@ -157,6 +157,14 @@ resource "aws_security_group" "sg-stars-demo" { # description = "Allow all TCP traffic from the security groups" # } + egress { + from_port = 0 + to_port = 65535 + protocol = "tcp" + self = true + description = "Allow all TCP traffic from self" + } + egress { from_port = 53 to_port = 53 From db0fb394ebd9c96e2ebee69d46a28fa13566f302 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 14:09:32 -0700 Subject: [PATCH 057/161] Allow self --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 534a3593..46103ba9 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -140,12 +140,14 @@ resource "aws_security_group" "sg-stars-demo" { description = "Security group for EKS pod-level security for the stars demo" vpc_id = var.vpc_id + # TODO: Allow ingress from ELB + ingress { from_port = 0 - to_port = 65535 - protocol = "tcp" + to_port = 0 + protocol = "-1" self = true - description = "Allow all TCP traffic to self" + description = "Allow all traffic to self" } # ingress { @@ -159,10 +161,10 @@ resource "aws_security_group" "sg-stars-demo" { egress { from_port = 0 - to_port = 65535 - protocol = "tcp" + to_port = 0 + protocol = "-1" self = true - description = "Allow all TCP traffic from self" + description = "Allow all traffic from self" } egress { From 6d51e35bd636b60657a230a210b02d91e6aad6e0 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:43:17 -0700 Subject: [PATCH 058/161] Allow traffic from the EKS control plane --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 46103ba9..26cef5d4 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -228,7 +228,9 @@ resource "kubernetes_manifest" "security_group_policy" { } securityGroups = { groupIds = [ - aws_security_group.sg-stars-demo.id + aws_security_group.sg-stars-demo.id, + # See https://github.com/aws/amazon-vpc-cni-k8s/issues/1695#issuecomment-947607971 for context on why the control plane SG is added here + "sg-0a4dbf02d18f9131c", ] } } From de781ffdc424b8e23a3e580e33448c57ac9acd51 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:50:45 -0700 Subject: [PATCH 059/161] Test allow egress to the control plane --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 26cef5d4..f44c0b18 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -167,6 +167,14 @@ resource "aws_security_group" "sg-stars-demo" { description = "Allow all traffic from self" } + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + security_groups = ["sg-074a65b7f13f170a4"] + description = "Allow egreee to the EKS Control plane" + } + egress { from_port = 53 to_port = 53 From c6036407342223f6c7c47aa5ceed51c8055d89a9 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:03:25 -0700 Subject: [PATCH 060/161] Update to remove some testing --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index f44c0b18..b801df5e 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -167,14 +167,6 @@ resource "aws_security_group" "sg-stars-demo" { description = "Allow all traffic from self" } - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - security_groups = ["sg-074a65b7f13f170a4"] - description = "Allow egreee to the EKS Control plane" - } - egress { from_port = 53 to_port = 53 @@ -238,7 +230,8 @@ resource "kubernetes_manifest" "security_group_policy" { groupIds = [ aws_security_group.sg-stars-demo.id, # See https://github.com/aws/amazon-vpc-cni-k8s/issues/1695#issuecomment-947607971 for context on why the control plane SG is added here - "sg-0a4dbf02d18f9131c", + # TODO: Replace this with a data lookup + # "sg-0a4dbf02d18f9131c", ] } } From 80e63082f4b592901b366f803a383ba09cdec904 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:13:34 -0700 Subject: [PATCH 061/161] Allow pod to node port 53 for DNS --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 40 ++++++++++++++++++++++++++++++++++ modules/sage-aws-eks/ouputs.tf | 4 ++++ 3 files changed, 45 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 8c43fabe..c742c8e8 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.3" + version_number = "0.3.4" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 0edaa45c..fef0e7bf 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -41,6 +41,29 @@ resource "aws_iam_role_policy_attachment" "admin_policy" { policy_arn = "arn:aws:iam::aws:policy/PowerUserAccess" } +resource "aws_security_group" "pod-dns-egress" { + name = "${var.cluster_name}-pod-dns-egress" + description = "Allow egress on port 53 for DNS queries to the node security group" + vpc_id = var.vpc_id + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + self = true + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "udp" + self = true + description = "Allow all UDP traffic to the node security group" + } + +} + module "eks" { source = "terraform-aws-modules/eks/aws" version = "~> 20.12" @@ -95,6 +118,23 @@ module "eks" { cloudwatch_log_group_retention_in_days = var.cloudwatch_retention create_cloudwatch_log_group = var.capture_cloudwatch_logs + node_security_group_additional_rules = { + pod_dns_egress_tcp = { + description = "Allow egress on port 53 for DNS queries to the node security group" + from_port = 53 + to_port = 53 + protocol = "tcp" + source_security_group_id = aws_security_group.pod-dns-egress.id + } + pod_dns_egress_udp = { + description = "Allow egress on port 53 for DNS queries to the node security group" + from_port = 53 + to_port = 53 + protocol = "udp" + source_security_group_id = aws_security_group.pod-dns-egress.id + } + } + access_entries = { # One access entry with a policy associated diff --git a/modules/sage-aws-eks/ouputs.tf b/modules/sage-aws-eks/ouputs.tf index a67950b3..59692964 100644 --- a/modules/sage-aws-eks/ouputs.tf +++ b/modules/sage-aws-eks/ouputs.tf @@ -9,3 +9,7 @@ output "region" { output "node_security_group_id" { value = module.eks.node_security_group_id } + +output "pod_to_node_dns_sg_id" { + value = aws_security_group.pod-dns-egress.id +} From a11ac3293a7251715ec4470b26a20c33a24cd8b1 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:17:59 -0700 Subject: [PATCH 062/161] Pass along and use the pod->node SG --- dev/spacelift/dpe-sandbox/main.tf | 6 ++++++ dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 4 +--- dev/stacks/dpe-sandbox-k8s-deployments/variables.tf | 5 +++++ dev/stacks/dpe-sandbox-k8s/outputs.tf | 4 ++++ 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index 7431eaf9..79251b5b 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -69,6 +69,12 @@ resource "spacelift_stack_dependency_reference" "security-group-id-reference" { input_name = "TF_VAR_node_security_group_id" } +resource "spacelift_stack_dependency_reference" "pod-to-node-security-group-id-reference" { + stack_dependency_id = spacelift_stack_dependency.k8s-stack-to-deployments.id + output_name = "pod_to_node_dns_sg_id" + input_name = "TF_VAR_pod_to_node_dns_sg_id" +} + resource "spacelift_stack_dependency_reference" "vpc-cidr-block-reference" { stack_dependency_id = spacelift_stack_dependency.k8s-stack-to-deployments.id output_name = "vpc_cidr_block" diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index b801df5e..adbeaf48 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -229,9 +229,7 @@ resource "kubernetes_manifest" "security_group_policy" { securityGroups = { groupIds = [ aws_security_group.sg-stars-demo.id, - # See https://github.com/aws/amazon-vpc-cni-k8s/issues/1695#issuecomment-947607971 for context on why the control plane SG is added here - # TODO: Replace this with a data lookup - # "sg-0a4dbf02d18f9131c", + var.pod_to_node_dns_sg_id ] } } diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf index 24ec8fe6..77cbab9b 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/variables.tf @@ -13,6 +13,11 @@ variable "node_security_group_id" { type = string } +variable "pod_to_node_dns_sg_id" { + description = "Pod to node DNS security group ID." + type = string +} + variable "vpc_cidr_block" { description = "VPC CIDR block" type = string diff --git a/dev/stacks/dpe-sandbox-k8s/outputs.tf b/dev/stacks/dpe-sandbox-k8s/outputs.tf index 1eb9381c..1e5ab5ba 100644 --- a/dev/stacks/dpe-sandbox-k8s/outputs.tf +++ b/dev/stacks/dpe-sandbox-k8s/outputs.tf @@ -26,6 +26,10 @@ output "node_security_group_id" { value = module.sage-aws-eks.node_security_group_id } +output "pod_to_node_dns_sg_id" { + value = module.sage-aws-eks.pod_to_node_dns_sg_id +} + output "region" { value = module.sage-aws-vpc.region } From 14cda29d9a4d9107e321f2374cd5ea0111cb84a1 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:19:00 -0700 Subject: [PATCH 063/161] Increment EKS module used --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index f29b1554..19f483af 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.3" + version = "0.3.4" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From 6fbb4441dd8ddc0e658ce22fff29e0b8b0538c4e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:23:34 -0700 Subject: [PATCH 064/161] Set type for node SG --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index c742c8e8..299e3999 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.4" + version_number = "0.3.5" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index fef0e7bf..579e44ad 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -119,15 +119,17 @@ module "eks" { create_cloudwatch_log_group = var.capture_cloudwatch_logs node_security_group_additional_rules = { - pod_dns_egress_tcp = { - description = "Allow egress on port 53 for DNS queries to the node security group" + pod_dns_ingress_tcp = { + type = "ingress" + description = "Allow ingress on port 53 for DNS queries to the node security group" from_port = 53 to_port = 53 protocol = "tcp" source_security_group_id = aws_security_group.pod-dns-egress.id } - pod_dns_egress_udp = { - description = "Allow egress on port 53 for DNS queries to the node security group" + pod_dns_ingress_udp = { + type = "ingress" + description = "Allow ingress on port 53 for DNS queries to the node security group" from_port = 53 to_port = 53 protocol = "udp" From 092901b6c128f9b747569b3d4108cabf609468bb Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:24:13 -0700 Subject: [PATCH 065/161] Increment EKS module being used --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 19f483af..093836e8 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.4" + version = "0.3.5" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From ead32c0114ecfe3f6bbdd1547d82c2a84c8f1101 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:46:24 -0700 Subject: [PATCH 066/161] Use private subnet cidrs in DNS rule --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 6 ++++-- modules/sage-aws-eks/variables.tf | 5 +++++ 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 299e3999..158b4a85 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.5" + version_number = "0.3.6" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 579e44ad..89ca76c0 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -46,11 +46,13 @@ resource "aws_security_group" "pod-dns-egress" { description = "Allow egress on port 53 for DNS queries to the node security group" vpc_id = var.vpc_id + for_each = var.private_subnet_cidrs + egress { from_port = 53 to_port = 53 protocol = "tcp" - self = true + cidr_blocks = [each.value] description = "Allow all TCP traffic to the node security group" } @@ -58,7 +60,7 @@ resource "aws_security_group" "pod-dns-egress" { from_port = 53 to_port = 53 protocol = "udp" - self = true + cidr_blocks = [each.value] description = "Allow all UDP traffic to the node security group" } diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index 1252f59d..1ca0793d 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -34,6 +34,11 @@ variable "private_vpc_subnet_ids" { type = list(string) } +variable "private_subnet_cidrs" { + description = "List of private subnets cidrs" + type = list(string) +} + variable "vpc_security_group_id" { description = "Security group ID to attach to the EKS cluster" type = string From 8ad2b53fcb718bb983ce88927b91f0c7495ef381 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:46:47 -0700 Subject: [PATCH 067/161] increment eks module --- dev/stacks/dpe-sandbox-k8s/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 093836e8..9d3b2b2d 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.5" + version = "0.3.6" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids @@ -19,4 +19,5 @@ module "sage-aws-eks" { cloudwatch_retention = 1 pod_security_group_enforcing_mode = "strict" aws_account_id = "631692904429" + vpc_private_subnet_cidrs = module.sage-aws-vpc.vpc_private_subnet_cidrs } From ad16193762da6375f1d476f176059e48f14a402b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:48:13 -0700 Subject: [PATCH 068/161] Correct var name --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 9d3b2b2d..bc0644b4 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -19,5 +19,5 @@ module "sage-aws-eks" { cloudwatch_retention = 1 pod_security_group_enforcing_mode = "strict" aws_account_id = "631692904429" - vpc_private_subnet_cidrs = module.sage-aws-vpc.vpc_private_subnet_cidrs + private_subnet_cidrs = module.sage-aws-vpc.vpc_private_subnet_cidrs } From c9e6435df5b5c3bc6f659bfd73e247cfeeb71fcf Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:55:23 -0700 Subject: [PATCH 069/161] Correct definition --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 8 +++----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 158b4a85..b34bf712 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.6" + version_number = "0.3.7" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 89ca76c0..32b59617 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -43,16 +43,14 @@ resource "aws_iam_role_policy_attachment" "admin_policy" { resource "aws_security_group" "pod-dns-egress" { name = "${var.cluster_name}-pod-dns-egress" - description = "Allow egress on port 53 for DNS queries to the node security group" + description = "Allow egress on port 53 for DNS queries." vpc_id = var.vpc_id - for_each = var.private_subnet_cidrs - egress { from_port = 53 to_port = 53 protocol = "tcp" - cidr_blocks = [each.value] + cidr_blocks = [var.private_subnet_cidrs] description = "Allow all TCP traffic to the node security group" } @@ -60,7 +58,7 @@ resource "aws_security_group" "pod-dns-egress" { from_port = 53 to_port = 53 protocol = "udp" - cidr_blocks = [each.value] + cidr_blocks = [var.private_subnet_cidrs] description = "Allow all UDP traffic to the node security group" } From 5e48a57fde42506695ed3d43205a61a33a0c456a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:55:46 -0700 Subject: [PATCH 070/161] Update module --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index bc0644b4..5373a715 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.6" + version = "0.3.7" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From fa1d9f2c5f8c43c4490b533bee5b74a3086dbd6e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:57:20 -0700 Subject: [PATCH 071/161] no array value --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index b34bf712..3402192f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.7" + version_number = "0.3.8" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 32b59617..892cdb3b 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -50,7 +50,7 @@ resource "aws_security_group" "pod-dns-egress" { from_port = 53 to_port = 53 protocol = "tcp" - cidr_blocks = [var.private_subnet_cidrs] + cidr_blocks = var.private_subnet_cidrs description = "Allow all TCP traffic to the node security group" } @@ -58,7 +58,7 @@ resource "aws_security_group" "pod-dns-egress" { from_port = 53 to_port = 53 protocol = "udp" - cidr_blocks = [var.private_subnet_cidrs] + cidr_blocks = var.private_subnet_cidrs description = "Allow all UDP traffic to the node security group" } From 99a4e37c896f4ff583d54c6a5cfbe676c8296f4a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 22 Jul 2024 16:57:41 -0700 Subject: [PATCH 072/161] increment --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 5373a715..043a4570 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.7" + version = "0.3.8" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From dbb64038294e2cf63bd8d1e12b622bc67004947e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 09:23:42 -0700 Subject: [PATCH 073/161] Add ELB SG to pod --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index adbeaf48..04edeaac 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -229,7 +229,8 @@ resource "kubernetes_manifest" "security_group_policy" { securityGroups = { groupIds = [ aws_security_group.sg-stars-demo.id, - var.pod_to_node_dns_sg_id + var.pod_to_node_dns_sg_id, + "sg-0fe24d1b5771d961f", ] } } From af78ec5c338c54e4b296b5a7661b0eb5b0551a28 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 10:31:30 -0700 Subject: [PATCH 074/161] Allow inbound kubelet port from nodes --- .../dpe-sandbox-k8s-deployments/main.tf | 52 +++---------------- 1 file changed, 8 insertions(+), 44 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 04edeaac..1e01dfc4 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -18,49 +18,6 @@ module "sage-aws-eks-autoscaler" { # Anything beyond this is used for testing -# resource "aws_security_group" "allow_tls" { -# name = "allow_tls" -# description = "Allow TLS inbound traffic and all outbound traffic" -# vpc_id = aws_vpc.main.id - -# tags = { -# Name = "allow_tls" -# } -# } - -# resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv4" { -# security_group_id = aws_security_group.allow_tls.id -# cidr_ipv4 = var.vpc_cidr_block -# from_port = 443 -# ip_protocol = "tcp" -# to_port = 443 -# } - -# resource "aws_vpc_security_group_ingress_rule" "allow_tls_ipv6" { -# security_group_id = aws_security_group.allow_tls.id -# cidr_ipv6 = aws_vpc.main.ipv6_cidr_block -# from_port = 443 -# ip_protocol = "tcp" -# to_port = 443 -# } - -# resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv4" { -# security_group_id = aws_security_group.allow_tls.id -# cidr_ipv4 = "0.0.0.0/0" -# ip_protocol = "-1" # semantically equivalent to all ports -# } - -# resource "aws_vpc_security_group_egress_rule" "allow_all_traffic_ipv6" { -# security_group_id = aws_security_group.allow_tls.id -# cidr_ipv6 = "::/0" -# ip_protocol = "-1" # semantically equivalent to all ports -# } - -resource "kubernetes_namespace" "testing" { - metadata { - name = "testing-namespace" - } -} # resource "kubernetes_manifest" "security_group_policy" { # manifest = < Date: Tue, 23 Jul 2024 10:36:06 -0700 Subject: [PATCH 075/161] Test allowing traffic from ELB --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 1e01dfc4..6f2ebbeb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -112,7 +112,15 @@ resource "aws_security_group" "sg-stars-demo" { to_port = 10250 protocol = "tcp" security_groups = [var.node_security_group_id] - description = "Allow all traffic to self" + description = "Allow all traffic from node for kubelet." + } + + ingress { + from_port = 31969 + to_port = 31969 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Test to allow traffic coming from ELB" } # ingress { From d15aa671c9d81d7819a419f537eedd054e72eb86 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 11:04:27 -0700 Subject: [PATCH 076/161] Try allowing all ports --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6f2ebbeb..2e1726fb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -116,8 +116,8 @@ resource "aws_security_group" "sg-stars-demo" { } ingress { - from_port = 31969 - to_port = 31969 + from_port = 0 + to_port = 0 protocol = "tcp" security_groups = [var.node_security_group_id] description = "Test to allow traffic coming from ELB" From 40309d25b734d729ab344b3a003758bf00ee6361 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 11:21:05 -0700 Subject: [PATCH 077/161] Swap over to standard enforcement --- .../dpe-sandbox-k8s-deployments/main.tf | 116 ------------------ dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 2 files changed, 1 insertion(+), 117 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 2e1726fb..194b0dfc 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -92,122 +92,6 @@ module "sage-aws-eks-autoscaler" { # ip_protocol = "-1" # } -resource "aws_security_group" "sg-stars-demo" { - name = "${var.cluster_name}-sg-stars-demo" - description = "Security group for EKS pod-level security for the stars demo" - vpc_id = var.vpc_id - - # TODO: Allow ingress from ELB - - ingress { - from_port = 0 - to_port = 0 - protocol = "-1" - self = true - description = "Allow all traffic to self" - } - - ingress { - from_port = 10250 - to_port = 10250 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Allow all traffic from node for kubelet." - } - - ingress { - from_port = 0 - to_port = 0 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Test to allow traffic coming from ELB" - } - - # ingress { - # # TODO: If I had any probes like liveness or health checks I would need to explicity allow it here - # from_port = 9001 - # to_port = 9001 - # protocol = "tcp" - # security_groups = [var.node_security_group_id] - # description = "Allow all TCP traffic from the security groups" - # } - - egress { - from_port = 0 - to_port = 0 - protocol = "-1" - self = true - description = "Allow all traffic from self" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "tcp" - security_groups = [var.node_security_group_id] - description = "Allow all TCP traffic to the node security group" - } - - egress { - from_port = 53 - to_port = 53 - protocol = "udp" - security_groups = [var.node_security_group_id] - description = "Allow all UDP traffic to the node security group" - } - -} - -locals { - security_group_policies = { - client = { - name = "security-group-policy-client" - namespace = "client" - role = "client" - }, - backend = { - name = "security-group-policy-backend" - namespace = "stars" - role = "backend" - }, - frontend = { - name = "security-group-policy-frontend" - namespace = "stars" - role = "frontend" - }, - ui = { - name = "security-group-policy-ui" - namespace = "management-ui" - role = "management-ui" - } - } -} - -resource "kubernetes_manifest" "security_group_policy" { - for_each = local.security_group_policies - - manifest = { - apiVersion = "vpcresources.k8s.aws/v1beta1" - kind = "SecurityGroupPolicy" - metadata = { - name = each.value.name - namespace = each.value.namespace - } - spec = { - podSelector = { - matchLabels = { - role = each.value.role - } - } - securityGroups = { - groupIds = [ - aws_security_group.sg-stars-demo.id, - var.pod_to_node_dns_sg_id, - ] - } - } - } -} resource "kubernetes_namespace" "client" { metadata { diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 043a4570..c485c471 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -17,7 +17,7 @@ module "sage-aws-eks" { enable_policy_event_logs = true capture_cloudwatch_logs = true cloudwatch_retention = 1 - pod_security_group_enforcing_mode = "strict" + pod_security_group_enforcing_mode = "standard" aws_account_id = "631692904429" private_subnet_cidrs = module.sage-aws-vpc.vpc_private_subnet_cidrs } From d70351c1c171d2f3989f223e6fc6859df9365b65 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 11:49:17 -0700 Subject: [PATCH 078/161] default deny stars and client ns --- .../dpe-sandbox-k8s-deployments/main.tf | 97 +++---------------- 1 file changed, 15 insertions(+), 82 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 194b0dfc..52ab39de 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -9,90 +9,23 @@ module "sage-aws-eks-autoscaler" { spotinst_account = var.spotinst_account } -# TODO: -# Requirements for security groups: -# They must allow inbound communication from the security group applied to your nodes (for kubelet) over any ports that you've configured probes for. -# They must allow outbound communication over TCP and UDP ports 53 to a security group assigned to the Pods (or nodes that the Pods run on) running CoreDNS. -# The security group for your CoreDNS Pods must allow inbound TCP and UDP port 53 traffic from the security group that you specify. -# They must have necessary inbound and outbound rules to communicate with other Pods that they need to communicate with. - - -# Anything beyond this is used for testing - -# resource "kubernetes_manifest" "security_group_policy" { -# manifest = < Date: Tue, 23 Jul 2024 11:55:07 -0700 Subject: [PATCH 079/161] Add more allowed connections --- .../dpe-sandbox-k8s-deployments/main.tf | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 52ab39de..2902520e 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -25,6 +25,51 @@ resource "kubernetes_network_policy" "default_deny" { policy_types = ["Ingress", "Egress"] } } +resource "kubernetes_network_policy" "allow_ui" { + metadata { + name = "allow-ui" + namespace = "stars" + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + role = "management-ui" + } + } + } + } + + policy_types = ["Ingress"] + } +} + +resource "kubernetes_network_policy" "allow_ui_client" { + metadata { + name = "allow-ui" + namespace = "client" + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + role = "management-ui" + } + } + } + } + + policy_types = ["Ingress"] + } +} resource "kubernetes_namespace" "client" { metadata { From f3d4875b79a3284f7e5a05dff65e7d62b0630da6 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 11:58:18 -0700 Subject: [PATCH 080/161] New policies --- .../dpe-sandbox-k8s-deployments/main.tf | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 2902520e..54781525 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -71,6 +71,70 @@ resource "kubernetes_network_policy" "allow_ui_client" { } } +resource "kubernetes_network_policy" "backend_policy" { + metadata { + name = "backend-policy" + namespace = "stars" + } + + spec { + pod_selector { + match_labels = { + role = "backend" + } + } + + ingress { + from { + pod_selector { + match_labels = { + role = "frontend" + } + } + } + + ports { + protocol = "TCP" + port = 6379 + } + } + + policy_types = ["Ingress"] + } +} + +resource "kubernetes_network_policy" "frontend_policy" { + metadata { + name = "frontend-policy" + namespace = "stars" + } + + spec { + pod_selector { + match_labels = { + role = "frontend" + } + } + + ingress { + from { + namespace_selector { + match_labels = { + role = "client" + } + } + } + + ports { + protocol = "TCP" + port = 80 + } + } + + policy_types = ["Ingress"] + } +} + resource "kubernetes_namespace" "client" { metadata { name = "client" From 1c7cfdd53ccc225d7d24e3fe87a6f0ce8f605145 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:12:13 -0700 Subject: [PATCH 081/161] Capture CW --- modules/main.tf | 2 +- modules/sage-aws-eks/main.tf | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 3402192f..61e7f756 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -37,7 +37,7 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.8" + version_number = "0.3.9" } resource "spacelift_module" "sage-aws-eks-autoscaler" { diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 892cdb3b..35c3b580 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -90,6 +90,7 @@ module "eks" { } nodeAgent = { enablePolicyEventLogs = var.enable_policy_event_logs ? "true" : "false" + enableCloudWatchLogs = var.capture_cloudwatch_logs ? "true" : "false" } env = { ENABLE_POD_ENI = "true", From 2f5947b8695eccedc71a8cc104680d5bbe4b1c47 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:12:32 -0700 Subject: [PATCH 082/161] Increment module --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index c485c471..65d62069 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.8" + version = "0.3.9" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From 3ce93d599bd0463c335999a53a08a207cbd08136 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:24:56 -0700 Subject: [PATCH 083/161] Allow cw logs to be created --- modules/main.tf | 2 +- modules/sage-aws-k8s-node-autoscaler/main.tf | 20 ++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 61e7f756..05d95ebc 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -58,7 +58,7 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.3.1" + version_number = "0.3.2" } resource "spacelift_module" "spacelift-private-workerpool" { diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index 95c5ddbd..8147dfbc 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -15,6 +15,26 @@ resource "aws_iam_role" "work_profile_iam_role" { ] }) + inline_policy { + name = "allow-eks-logs" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Action = [ + "logs:DescribeLogGroups", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:PutLogEvents", + ] + Effect = "Allow" + Resource = "*" + }, + ] + }) + } + tags = var.tags } From 106f75a4e3d955935754deda2816cdfa9a22617d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:25:46 -0700 Subject: [PATCH 084/161] increment autoscaler --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 54781525..78ae3fa2 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,6 +1,6 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.3.0" + version = "0.3.2" cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids From e8f82b50d92993a1a216491465f171557f7e4f4a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:36:27 -0700 Subject: [PATCH 085/161] Allow kube system traffic --- .../dpe-sandbox-k8s-deployments/main.tf | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 78ae3fa2..f79ae8dd 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -11,6 +11,40 @@ module "sage-aws-eks-autoscaler" { +resource "kubernetes_network_policy" "allow-kube-system" { + for_each = toset(["stars", "client"]) + + metadata { + name = "allow-kube-system" + namespace = each.value + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "kube-system" + } + } + } + } + + egress { + to { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "kube-system" + } + } + } + } + + policy_types = ["Ingress", "Egress"] + } +} resource "kubernetes_network_policy" "default_deny" { for_each = toset(["stars", "client"]) From e2301d287578d4350442622d461178c8d1398076 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:41:21 -0700 Subject: [PATCH 086/161] correct port --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index f79ae8dd..09530262 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -282,7 +282,7 @@ resource "kubernetes_deployment" "frontend-deployment" { image = "calico/star-probe:v0.1.0" image_pull_policy = "Always" - command = ["probe", "--http-port=80", "--urls=http://frontend.stars:1025/status,http://backend.stars:6379/status,http://client.client:9000/status"] + command = ["probe", "--http-port=80", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] port { container_port = 80 From d573cf7e24e968d332ab1d7cd12e9b9b3679ad57 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:49:52 -0700 Subject: [PATCH 087/161] Add egress policies as well --- .../dpe-sandbox-k8s-deployments/main.tf | 34 +++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 09530262..7d5856e0 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -104,7 +104,6 @@ resource "kubernetes_network_policy" "allow_ui_client" { policy_types = ["Ingress"] } } - resource "kubernetes_network_policy" "backend_policy" { metadata { name = "backend-policy" @@ -133,7 +132,21 @@ resource "kubernetes_network_policy" "backend_policy" { } } - policy_types = ["Ingress"] + egress { + to { + pod_selector { + match_labels = { + role = "frontend" + } + } + } + ports { + protocol = "TCP" + port = 80 + } + } + + policy_types = ["Ingress", "Egress"] } } @@ -165,7 +178,22 @@ resource "kubernetes_network_policy" "frontend_policy" { } } - policy_types = ["Ingress"] + egress { + to { + pod_selector { + match_labels = { + role = "backend" + } + } + } + + ports { + protocol = "TCP" + port = 6379 + } + } + + policy_types = ["Ingress", "Egress"] } } From c5294f2da832ff7be2a949f8e155d4f4d6fc740c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 12:56:46 -0700 Subject: [PATCH 088/161] Set egress policy for client --- .../dpe-sandbox-k8s-deployments/main.tf | 48 +++++++++++++------ 1 file changed, 33 insertions(+), 15 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 7d5856e0..87571c48 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -132,21 +132,7 @@ resource "kubernetes_network_policy" "backend_policy" { } } - egress { - to { - pod_selector { - match_labels = { - role = "frontend" - } - } - } - ports { - protocol = "TCP" - port = 80 - } - } - - policy_types = ["Ingress", "Egress"] + policy_types = ["Ingress"] } } @@ -197,6 +183,38 @@ resource "kubernetes_network_policy" "frontend_policy" { } } +resource "kubernetes_network_policy" "client_policy" { + metadata { + name = "client-policy" + namespace = "client" + } + + spec { + pod_selector { + match_labels = { + role = "client" + } + } + + egress { + to { + pod_selector { + match_labels = { + role = "frontend" + } + } + } + + ports { + protocol = "TCP" + port = 80 + } + } + + policy_types = ["Egress"] + } +} + resource "kubernetes_namespace" "client" { metadata { name = "client" From 9707f0be7abe4c1b2ff2122bab565e49ee7f69f2 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 13:01:02 -0700 Subject: [PATCH 089/161] Set NS and pod selector --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 87571c48..3150f0a9 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -198,6 +198,11 @@ resource "kubernetes_network_policy" "client_policy" { egress { to { + namespace_selector { + match_labels = { + role = "stars" + } + } pod_selector { match_labels = { role = "frontend" From 11b58488858934057c267a4f5af40446bfecf0e0 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 13:05:37 -0700 Subject: [PATCH 090/161] correct selector --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 3150f0a9..308e4cd6 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -200,7 +200,7 @@ resource "kubernetes_network_policy" "client_policy" { to { namespace_selector { match_labels = { - role = "stars" + "kubernetes.io/metadata.name" = "stars" } } pod_selector { From 045e1437f00c18513965552f9624018ffd471cb0 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 13:12:53 -0700 Subject: [PATCH 091/161] Correct NS selectors --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 308e4cd6..2e4e7703 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -59,6 +59,7 @@ resource "kubernetes_network_policy" "default_deny" { policy_types = ["Ingress", "Egress"] } } + resource "kubernetes_network_policy" "allow_ui" { metadata { name = "allow-ui" @@ -72,7 +73,7 @@ resource "kubernetes_network_policy" "allow_ui" { from { namespace_selector { match_labels = { - role = "management-ui" + "kubernetes.io/metadata.name" = "management-ui" } } } @@ -95,7 +96,7 @@ resource "kubernetes_network_policy" "allow_ui_client" { from { namespace_selector { match_labels = { - role = "management-ui" + "kubernetes.io/metadata.name" = "management-ui" } } } @@ -153,7 +154,7 @@ resource "kubernetes_network_policy" "frontend_policy" { from { namespace_selector { match_labels = { - role = "client" + "kubernetes.io/metadata.name" = "client" } } } From a307ea930aa1d43deaccfc2510ac6a3b0e12a785 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 14:30:43 -0700 Subject: [PATCH 092/161] Adding docs and pushing changes to stand alone modules --- README.md | 84 +++- .../dpe-sandbox-k8s-deployments/data.tf | 5 - .../dpe-sandbox-k8s-deployments/main.tf | 474 ------------------ modules/apache-airflow/main.tf | 5 + modules/demo-network-policies/README.md | 65 +++ modules/demo-network-policies/data.tf | 11 + modules/demo-network-policies/main.tf | 472 +++++++++++++++++ modules/demo-network-policies/variables.tf | 26 + modules/demo-network-policies/versions.tf | 7 + .../README.md | 62 +++ .../data.tf | 15 + .../main.tf | 374 ++++++++++++++ .../variables.tf | 26 + .../versions.tf | 7 + 14 files changed, 1153 insertions(+), 480 deletions(-) create mode 100644 modules/demo-network-policies/README.md create mode 100644 modules/demo-network-policies/data.tf create mode 100644 modules/demo-network-policies/main.tf create mode 100644 modules/demo-network-policies/variables.tf create mode 100644 modules/demo-network-policies/versions.tf create mode 100644 modules/demo-pod-level-security-groups-strict/README.md create mode 100644 modules/demo-pod-level-security-groups-strict/data.tf create mode 100644 modules/demo-pod-level-security-groups-strict/main.tf create mode 100644 modules/demo-pod-level-security-groups-strict/variables.tf create mode 100644 modules/demo-pod-level-security-groups-strict/versions.tf diff --git a/README.md b/README.md index 7f7b04fd..93c6ef3f 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ This repo is used to deploy an EKS cluster to AWS. CI/CD is managed through Spac └── modules: Templatized collections of terraform resources that are used in a stack ├── apache-airflow: K8s deployment for apache airflow │ └── templates: Resources used during deployment of airflow + ├── demo-network-policies: K8s deployment for a demo showcasing how to use network policies + ├── demo-pod-level-security-groups-strict: K8s deployment for a demo showcasing how to use pod level security groups in strict mode ├── sage-aws-eks: Sage specific EKS cluster for AWS ├── sage-aws-k8s-node-autoscaler: K8s node autoscaler using spotinst ocean └── sage-aws-vpc: Sage specific VPC for AWS @@ -54,6 +56,10 @@ configurable parameters in order to run a number of workloads. #### EKS API access API access to the kubernetes cluster endpoint is set to `Public and private`. +Reading: + +- + ##### Public This allows one outside of the VPC to connect via `kubectl` and related tools to interact with kubernetes resources. By default, this API server endpoint is public to @@ -78,9 +84,13 @@ Kubernetes nodes and configuring the necessary networking for Pods on each node. Allows us to assign EC2 security groups directly to pods running in AWS EKS clusters. This can be used as an alternative or in conjunction with `Kubernetes network policies`. +See `modules/demo-pod-level-security-groups-strict` for more context on how this works. + #### Kubernetes network policies Controls network traffic within the cluster, for example pod to pod traffic. +See `modules/demo-network-policies` for more context on how this works. + Further reading: - https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html - https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html @@ -90,7 +100,7 @@ Further reading: #### EKS Autoscaler -Us use spot.io to manage the nodes attached to each of the EKS cluster. This tool has +We use spot.io to manage the nodes attached to each of the EKS cluster. This tool has scale-to-zerio capabilities and will dynamically add or removes nodes from the cluster depending on the required demand. The autoscaler is templatized and provided as a terraform module to be used within an EKS stack. @@ -103,6 +113,13 @@ Setup of spotio (Manual per AWS Account): * Create a policy (See the JSON in the spotio UI) * Create a role (See instructions in the spotio UI) +After this has been setup the last item is to get an API token from the spotio UI and +add it to the AWS secret manager. + +* Log into the spot UI and go to +* Create a new Permanent token, name it `{AWS-Account-Name}-token` or similar +* Copy the token and create an `AWS Secrets Manager` Plaintext secret named `spotinst_token` with a description `Spot.io token` + #### Connecting to an EKS cluster for kubectl commands @@ -119,3 +136,68 @@ aws sso login --profile dpe-prod-admin # cluster". This will update your kubeconfig with permissions to access the cluster. aws eks update-kubeconfig --region us-east-1 --name dpe-k8 --role-arn arn:aws:iam::766808016710:role/eks_admin_role --profile dpe-prod-admin ``` + +### Spacelift +Here are some instructions on setting up spacelift. + + +#### Connecting a new AWS account for cloud integration + +This document describes the abbreviated process below: + + +- Create a new role and set it's name to something unique within the account, such as `spacelift-admin-role` +- Description: "Role for spacelift CICD to assume when deploying resources managed by terraform" +- Use the custom trust policy below: + +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::324880187172:root" + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringLike": { + "sts:ExternalId": "sagebionetworks@*" + } + } + }, + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::{{AWS ACCOUNT ID}}:root" + }, + "Action": "sts:AssumeRole" + } + ] +} +``` + +- Attach a few policies to the role: + - `PowerUserAccess` + - Create an inline policy to allow interaction with IAM (Needed if TF is going to be creating, editing, and deleting IAM roles/policies): +``` +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "iam:*Role", + "iam:*RolePolicy", + "iam:*RolePolicies", + "iam:*Policy", + "iam:*PolicyVersion", + "iam:*OpenIDConnectProvider", + "iam:*InstanceProfile" + ], + "Resource": "*" + } + ] +} +``` +- Add a new `spacelift_aws_integration` resources to the `common-resources/aws-integrations` directory. diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf index 2921550d..c1724ceb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/data.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/data.tf @@ -13,8 +13,3 @@ data "aws_secretsmanager_secret" "spotinst_token" { data "aws_secretsmanager_secret_version" "secret_credentials" { secret_id = data.aws_secretsmanager_secret.spotinst_token.id } - - -# data "aws_security_group" "node-security-group" { -# name = "${var.cluster_name}-node" -# } diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 2e4e7703..ace5e2f5 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -8,477 +8,3 @@ module "sage-aws-eks-autoscaler" { node_security_group_id = var.node_security_group_id spotinst_account = var.spotinst_account } - - - -resource "kubernetes_network_policy" "allow-kube-system" { - for_each = toset(["stars", "client"]) - - metadata { - name = "allow-kube-system" - namespace = each.value - } - - spec { - pod_selector {} - - ingress { - from { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "kube-system" - } - } - } - } - - egress { - to { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "kube-system" - } - } - } - } - - policy_types = ["Ingress", "Egress"] - } -} -resource "kubernetes_network_policy" "default_deny" { - for_each = toset(["stars", "client"]) - - metadata { - name = "default-deny" - namespace = each.value - } - - spec { - pod_selector {} - - policy_types = ["Ingress", "Egress"] - } -} - -resource "kubernetes_network_policy" "allow_ui" { - metadata { - name = "allow-ui" - namespace = "stars" - } - - spec { - pod_selector {} - - ingress { - from { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "management-ui" - } - } - } - } - - policy_types = ["Ingress"] - } -} - -resource "kubernetes_network_policy" "allow_ui_client" { - metadata { - name = "allow-ui" - namespace = "client" - } - - spec { - pod_selector {} - - ingress { - from { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "management-ui" - } - } - } - } - - policy_types = ["Ingress"] - } -} -resource "kubernetes_network_policy" "backend_policy" { - metadata { - name = "backend-policy" - namespace = "stars" - } - - spec { - pod_selector { - match_labels = { - role = "backend" - } - } - - ingress { - from { - pod_selector { - match_labels = { - role = "frontend" - } - } - } - - ports { - protocol = "TCP" - port = 6379 - } - } - - policy_types = ["Ingress"] - } -} - -resource "kubernetes_network_policy" "frontend_policy" { - metadata { - name = "frontend-policy" - namespace = "stars" - } - - spec { - pod_selector { - match_labels = { - role = "frontend" - } - } - - ingress { - from { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "client" - } - } - } - - ports { - protocol = "TCP" - port = 80 - } - } - - egress { - to { - pod_selector { - match_labels = { - role = "backend" - } - } - } - - ports { - protocol = "TCP" - port = 6379 - } - } - - policy_types = ["Ingress", "Egress"] - } -} - -resource "kubernetes_network_policy" "client_policy" { - metadata { - name = "client-policy" - namespace = "client" - } - - spec { - pod_selector { - match_labels = { - role = "client" - } - } - - egress { - to { - namespace_selector { - match_labels = { - "kubernetes.io/metadata.name" = "stars" - } - } - pod_selector { - match_labels = { - role = "frontend" - } - } - } - - ports { - protocol = "TCP" - port = 80 - } - } - - policy_types = ["Egress"] - } -} - -resource "kubernetes_namespace" "client" { - metadata { - name = "client" - } -} - -resource "kubernetes_deployment" "client-deployment" { - metadata { - name = "client" - namespace = "client" - } - - spec { - replicas = 1 - - selector { - match_labels = { - role = "client" - } - } - - template { - metadata { - labels = { - role = "client" - } - } - - spec { - container { - name = "client" - image = "calico/star-probe:v0.1.0" - image_pull_policy = "Always" - - command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status"] - - port { - container_port = 9000 - } - } - } - } - } - -} - -resource "kubernetes_service" "client-service" { - depends_on = [kubernetes_namespace.client] - metadata { - name = "client" - namespace = "client" - } - - spec { - selector = { - role = "client" - } - - port { - port = 9000 - target_port = 9000 - } - } -} - -resource "kubernetes_service" "frontend-service" { - depends_on = [kubernetes_namespace.stars-namespace] - metadata { - name = "frontend" - namespace = "stars" - } - - spec { - selector = { - role = "frontend" - } - - port { - port = 80 - target_port = 80 - } - } -} - -resource "kubernetes_deployment" "frontend-deployment" { - depends_on = [kubernetes_namespace.stars-namespace] - metadata { - name = "frontend" - namespace = "stars" - } - - spec { - replicas = 1 - - selector { - match_labels = { - role = "frontend" - } - } - - template { - metadata { - labels = { - role = "frontend" - } - } - - spec { - container { - name = "frontend" - image = "calico/star-probe:v0.1.0" - image_pull_policy = "Always" - - command = ["probe", "--http-port=80", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] - - port { - container_port = 80 - } - } - } - } - } -} - - -resource "kubernetes_service" "backend-service" { - depends_on = [kubernetes_namespace.stars-namespace] - metadata { - name = "backend" - namespace = "stars" - } - - spec { - selector = { - role = "backend" - } - - port { - port = 6379 - target_port = 6379 - } - } -} - -resource "kubernetes_deployment" "backend-deployment" { - depends_on = [kubernetes_namespace.stars-namespace] - metadata { - name = "backend" - namespace = "stars" - } - - spec { - replicas = 1 - - selector { - match_labels = { - role = "backend" - } - } - - template { - metadata { - labels = { - role = "backend" - } - } - - spec { - container { - name = "backend" - image = "calico/star-probe:v0.1.0" - image_pull_policy = "Always" - - command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] - - port { - container_port = 6379 - } - } - } - } - } -} - - -resource "kubernetes_namespace" "management-ui" { - metadata { - name = "management-ui" - labels = { - "role" = "management-ui" - } - } -} - -resource "kubernetes_service" "management-ui-service" { - depends_on = [kubernetes_namespace.management-ui] - metadata { - name = "management-ui" - namespace = "management-ui" - } - - spec { - type = "LoadBalancer" - - # Setting this updates the `Source` field for the LoadBalancer security group - load_balancer_source_ranges = ["52.44.61.21/32"] - - port { - port = 80 - target_port = 9001 - } - - selector = { - role = "management-ui" - } - } -} - -resource "kubernetes_deployment" "management-ui-deployment" { - depends_on = [kubernetes_namespace.management-ui] - metadata { - name = "management-ui" - namespace = "management-ui" - } - - spec { - replicas = 1 - - selector { - match_labels = { - role = "management-ui" - } - } - - template { - metadata { - labels = { - role = "management-ui" - } - } - - spec { - container { - name = "management-ui" - image = "calico/star-collect:v0.1.0" - image_pull_policy = "Always" - - port { - container_port = 9001 - } - } - } - } - } -} - -resource "kubernetes_namespace" "stars-namespace" { - metadata { - name = "stars" - } -} diff --git a/modules/apache-airflow/main.tf b/modules/apache-airflow/main.tf index 8c9451a4..c0a25a4d 100644 --- a/modules/apache-airflow/main.tf +++ b/modules/apache-airflow/main.tf @@ -1,3 +1,8 @@ +# Additional networking recs for the airflow deployment (To implement) +# Turn on network policies: https://github.com/apache/airflow/blob/main/chart/values.yaml#L225-L228 +# Enable TLS: https://github.com/apache/airflow/blob/main/chart/values.yaml#L162-L170 +# Test that connections to the airflow pods are blocked from the non-airflow namespaces - Except for `kube-system` + resource "kubernetes_namespace" "airflow" { metadata { name = "airflow" diff --git a/modules/demo-network-policies/README.md b/modules/demo-network-policies/README.md new file mode 100644 index 00000000..4ed056ab --- /dev/null +++ b/modules/demo-network-policies/README.md @@ -0,0 +1,65 @@ +# Purpose +The purpose of this module is to show how network policies enforced by the AWS EKS CNI +plugin can be applied to pods running inside of an EKS cluster. + + +The use of network policies is recommended over the use of pod level security groups +due to the simplicity of it. However, if more strict networking requirements are needed +then a mix of both pod level security groups and network policies can be used if the +`pod_security_group_enforcing_mode` is set to `standard`. This is an option provided +on the eks module. When running in standard mode it will allow east/west traffic to be +routed according to the network policies, while traffic going in and out of the cluster +is routed according to the security groups applied to the pod. + +# Why use network policies +K8 network policies allow for a kubernetes specific way of enforcing traffic within +the cluster. Also known as "east/west" traffic, east-west traffic refers to all network +communication that occurs between pods within a Kubernetes cluster. + + +The administration of network policies is very simple and provides mechanisms for +selecting the appropriate k8 resources you want to apply the policies to. + + +By default, pods within a Kubernetes cluster can freely communicate with each other on +all ports. This can be a security risk, as a compromised pod could potentially access +sensitive data or disrupt other pods’ functionalities. Implementing Network Policies +addresses this by enabling control over east-west traffic flows. + +# Implementation details +This module implements the [stars demo](https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html#network-policy-stars-demo). + + +This demo deploys: + +- 4 kubernetes_deployment +- 3 kubernetes_namespace +- 7 kubernetes_network_policy +- 4 kubernetes_service - 1 of which creates a classic Network Load Balancer in AWS + + +### kubernetes_deployment +This is responsible for creating the pods that are running the demo application + +### kubernetes_namespace +Create the namespace resources to deploy resources in to + +### kubernetes_network_policy +This is the key item of this demo. The policies that are implemented here do a few things: + +- Allow ingress and egress to the `kube-system` namespace +- Deny all non-explicitly allowed ingress/egress in the `stars` and `client` namespace +- Allow the UI to connect to pods in the `stars` and `client` NS +- Allow `frontend` to connect to `backend` +- Allow `client` to connect to `frontend` + +### kubernetes_service +The service is responsible for publishing how pods can connect to one another. In +addition the server with a load balancer creates a class Network Load Balancer in +AWS. It is connecting to the node where the pod is running for health checks of the +service. When it is healthy it will route incoming traffic to the node, then the node +will route traffic to the appropriate pod. + +# Additional reading +- +- \ No newline at end of file diff --git a/modules/demo-network-policies/data.tf b/modules/demo-network-policies/data.tf new file mode 100644 index 00000000..546bd8a9 --- /dev/null +++ b/modules/demo-network-policies/data.tf @@ -0,0 +1,11 @@ +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +data "aws_secretsmanager_secret_version" "secret_credentials" { + secret_id = data.aws_secretsmanager_secret.spotinst_token.id +} diff --git a/modules/demo-network-policies/main.tf b/modules/demo-network-policies/main.tf new file mode 100644 index 00000000..54209138 --- /dev/null +++ b/modules/demo-network-policies/main.tf @@ -0,0 +1,472 @@ +# Implementation of https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html#network-policy-stars-demo +resource "kubernetes_network_policy" "allow-kube-system" { + for_each = toset(["stars", "client"]) + + metadata { + name = "allow-kube-system" + namespace = each.value + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "kube-system" + } + } + } + } + + egress { + to { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "kube-system" + } + } + } + } + + policy_types = ["Ingress", "Egress"] + } +} +resource "kubernetes_network_policy" "default_deny" { + for_each = toset(["stars", "client"]) + + metadata { + name = "default-deny" + namespace = each.value + } + + spec { + pod_selector {} + + policy_types = ["Ingress", "Egress"] + } +} + +resource "kubernetes_network_policy" "allow_ui" { + metadata { + name = "allow-ui" + namespace = "stars" + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "management-ui" + } + } + } + } + + policy_types = ["Ingress"] + } +} + +resource "kubernetes_network_policy" "allow_ui_client" { + metadata { + name = "allow-ui" + namespace = "client" + } + + spec { + pod_selector {} + + ingress { + from { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "management-ui" + } + } + } + } + + policy_types = ["Ingress"] + } +} +resource "kubernetes_network_policy" "backend_policy" { + metadata { + name = "backend-policy" + namespace = "stars" + } + + spec { + pod_selector { + match_labels = { + role = "backend" + } + } + + ingress { + from { + pod_selector { + match_labels = { + role = "frontend" + } + } + } + + ports { + protocol = "TCP" + port = 6379 + } + } + + policy_types = ["Ingress"] + } +} + +resource "kubernetes_network_policy" "frontend_policy" { + metadata { + name = "frontend-policy" + namespace = "stars" + } + + spec { + pod_selector { + match_labels = { + role = "frontend" + } + } + + ingress { + from { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "client" + } + } + } + + ports { + protocol = "TCP" + port = 80 + } + } + + egress { + to { + pod_selector { + match_labels = { + role = "backend" + } + } + } + + ports { + protocol = "TCP" + port = 6379 + } + } + + policy_types = ["Ingress", "Egress"] + } +} + +resource "kubernetes_network_policy" "client_policy" { + metadata { + name = "client-policy" + namespace = "client" + } + + spec { + pod_selector { + match_labels = { + role = "client" + } + } + + egress { + to { + namespace_selector { + match_labels = { + "kubernetes.io/metadata.name" = "stars" + } + } + pod_selector { + match_labels = { + role = "frontend" + } + } + } + + ports { + protocol = "TCP" + port = 80 + } + } + + policy_types = ["Egress"] + } +} + +resource "kubernetes_namespace" "client" { + metadata { + name = "client" + } +} + +resource "kubernetes_deployment" "client-deployment" { + metadata { + name = "client" + namespace = "client" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "client" + } + } + + template { + metadata { + labels = { + role = "client" + } + } + + spec { + container { + name = "client" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status"] + + port { + container_port = 9000 + } + } + } + } + } + +} + +resource "kubernetes_service" "client-service" { + depends_on = [kubernetes_namespace.client] + metadata { + name = "client" + namespace = "client" + } + + spec { + selector = { + role = "client" + } + + port { + port = 9000 + target_port = 9000 + } + } +} + +resource "kubernetes_service" "frontend-service" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "frontend" + namespace = "stars" + } + + spec { + selector = { + role = "frontend" + } + + port { + port = 80 + target_port = 80 + } + } +} + +resource "kubernetes_deployment" "frontend-deployment" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "frontend" + namespace = "stars" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "frontend" + } + } + + template { + metadata { + labels = { + role = "frontend" + } + } + + spec { + container { + name = "frontend" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--http-port=80", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + + port { + container_port = 80 + } + } + } + } + } +} + + +resource "kubernetes_service" "backend-service" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "backend" + namespace = "stars" + } + + spec { + selector = { + role = "backend" + } + + port { + port = 6379 + target_port = 6379 + } + } +} + +resource "kubernetes_deployment" "backend-deployment" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "backend" + namespace = "stars" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "backend" + } + } + + template { + metadata { + labels = { + role = "backend" + } + } + + spec { + container { + name = "backend" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + + port { + container_port = 6379 + } + } + } + } + } +} + + +resource "kubernetes_namespace" "management-ui" { + metadata { + name = "management-ui" + labels = { + "role" = "management-ui" + } + } +} + +resource "kubernetes_service" "management-ui-service" { + depends_on = [kubernetes_namespace.management-ui] + metadata { + name = "management-ui" + namespace = "management-ui" + } + + spec { + type = "LoadBalancer" + + # Setting this updates the `Source` field for the LoadBalancer security group + load_balancer_source_ranges = var.load_balancer_source_ranges + + port { + port = 80 + target_port = 9001 + } + + selector = { + role = "management-ui" + } + } +} + +resource "kubernetes_deployment" "management-ui-deployment" { + depends_on = [kubernetes_namespace.management-ui] + metadata { + name = "management-ui" + namespace = "management-ui" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "management-ui" + } + } + + template { + metadata { + labels = { + role = "management-ui" + } + } + + spec { + container { + name = "management-ui" + image = "calico/star-collect:v0.1.0" + image_pull_policy = "Always" + + port { + container_port = 9001 + } + } + } + } + } +} + +resource "kubernetes_namespace" "stars-namespace" { + metadata { + name = "stars" + } +} diff --git a/modules/demo-network-policies/variables.tf b/modules/demo-network-policies/variables.tf new file mode 100644 index 00000000..9b40ad60 --- /dev/null +++ b/modules/demo-network-policies/variables.tf @@ -0,0 +1,26 @@ +variable "vpc_id" { + description = "VPC ID" + type = string +} + +variable "node_security_group_id" { + description = "Node security group ID" + type = string +} + +variable "pod_to_node_dns_sg_id" { + description = "Pod to node DNS security group ID." + type = string +} + +variable "cluster_name" { + description = "EKS cluster name" + type = string + default = "dpe-k8-sandbox" +} + +variable "load_balancer_source_ranges" { + description = "List of CIDR blocks allowed to access the load balancer." + type = list(string) + default = ["52.44.61.21/32"] +} diff --git a/modules/demo-network-policies/versions.tf b/modules/demo-network-policies/versions.tf new file mode 100644 index 00000000..95233f0a --- /dev/null +++ b/modules/demo-network-policies/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + spotinst = { + source = "spotinst/spotinst" + } + } +} diff --git a/modules/demo-pod-level-security-groups-strict/README.md b/modules/demo-pod-level-security-groups-strict/README.md new file mode 100644 index 00000000..f6784416 --- /dev/null +++ b/modules/demo-pod-level-security-groups-strict/README.md @@ -0,0 +1,62 @@ +# Purpose +The purpose of this module is to show how pod level security groups can be applied to +pods running inside of an EKS cluster. + + +The use of network policies is recommended over the use of pod level security groups +due to the simplicity of it. However, if more strict networking requirements are needed +then a mix of both pod level security groups and network policies can be used if the +`pod_security_group_enforcing_mode` is set to `standard`. This is an option provided +on the eks module. When running in standard mode it will allow east/west traffic to be +routed according to the network policies, while traffic going in and out of the cluster +is routed according to the security groups applied to the pod. + + +# Why use pod level security groups +With security groups for Pods, you can improve compute efficiency by running +applications with varying network security requirements on shared compute resources. +Multiple types of security rules, such as Pod-to-Pod and Pod-to-External AWS services, +can be defined in a single place with EC2 security groups and applied to workloads with +Kubernetes native APIs. + +# Limitations/Problems to solve if implemented +Granting pod level security access to a public LoadBalancer is not a fully solved task. + +Background: + +- When creating a `kubernetes_service` of type `LoadBalancer` the VPC CNI plugin will provision an internet facing Network Load Balancer. +- This NLB needs to be able to perform health checks as well as route traffic to the appropiate pod + +Problems: +- The order of the creation of these AWS resources is a classic "Chicken & Egg" problem. The `kubernetes_service` resource does not directly export the security group that it creates, and as such cannot be used as a reference within the TF script. +- The pod level security group needs to allow inbound connections from the node security group as that is where the NLB is forwarding traffic to. + +Possible solutions: +- Create the NLB ahead of time and manually attach the required listener, as well as reference it within the `kubernetes_service`. +- Don't allow anything with pod level security groups to be reachable from outside the cluster. IE: Only use it to control "backend" services. + +# Implementation details +This module is implementing the stars demo detailed [here](https://docs.aws.amazon.com/eks/latest/userguide/cni-network-policy.html). +The demo is specifically using Network Policy K8s resources and is covered in the `demo-network-policy` module. However, +this module is replacing this to look at how we would control pod->pod networking with +security groups. + +The following is a guideline of the connections each security group needs to allow: + +- They must allow inbound communication from the security group applied to your nodes (for kubelet) over any ports that you've configured probes for. +- They must allow outbound communication over TCP and UDP ports 53 to a security group assigned to the Pods (or nodes that the Pods run on) running CoreDNS. +- The security group for your CoreDNS Pods must allow inbound TCP and UDP port 53 traffic from the security group that you specify. +- They must have necessary inbound and outbound rules to communicate with other Pods that they need to communicate with. + + +All of these items are implemented in this module by: + +- When the EKS module is deployed it will create a SG named `${var.cluster_name}-pod-dns-egress` which is then added to the node SG inbound rules. This allows egress from the pod for DNS lookup. +- The SG for all pods that need to allow networking are all given the same SG. +- Not implemented, but added as a comment: Setting up the required ingress for liveness/readiness probes + + +# Additional reading +- +- +- \ No newline at end of file diff --git a/modules/demo-pod-level-security-groups-strict/data.tf b/modules/demo-pod-level-security-groups-strict/data.tf new file mode 100644 index 00000000..c1724ceb --- /dev/null +++ b/modules/demo-pod-level-security-groups-strict/data.tf @@ -0,0 +1,15 @@ +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} + +data "aws_secretsmanager_secret" "spotinst_token" { + name = "spotinst_token" +} + +data "aws_secretsmanager_secret_version" "secret_credentials" { + secret_id = data.aws_secretsmanager_secret.spotinst_token.id +} diff --git a/modules/demo-pod-level-security-groups-strict/main.tf b/modules/demo-pod-level-security-groups-strict/main.tf new file mode 100644 index 00000000..5205f91b --- /dev/null +++ b/modules/demo-pod-level-security-groups-strict/main.tf @@ -0,0 +1,374 @@ +# Requirements for pod security groups: +# They must allow inbound communication from the security group applied to your nodes (for kubelet) over any ports that you've configured probes for. +# They must allow outbound communication over TCP and UDP ports 53 to a security group assigned to the Pods (or nodes that the Pods run on) running CoreDNS. +# The security group for your CoreDNS Pods must allow inbound TCP and UDP port 53 traffic from the security group that you specify. +# They must have necessary inbound and outbound rules to communicate with other Pods that they need to communicate with. + +locals { + security_group_policies = { + client = { + name = "security-group-policy-client" + namespace = "client" + role = "client" + }, + backend = { + name = "security-group-policy-backend" + namespace = "stars" + role = "backend" + }, + frontend = { + name = "security-group-policy-frontend" + namespace = "stars" + role = "frontend" + }, + ui = { + name = "security-group-policy-ui" + namespace = "management-ui" + role = "management-ui" + } + } +} + +resource "aws_security_group" "sg-stars-demo" { + name = "${var.cluster_name}-sg-stars-demo" + description = "Security group for EKS pod-level security for the stars demo" + vpc_id = var.vpc_id + + ingress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = true + description = "Allow all traffic to self" + } + + ingress { + from_port = 10250 + to_port = 10250 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all traffic from node for kubelet." + } + + # ingress { + # # If I had any probes like liveness or health checks I would need to explicity allow it here + # from_port = 9001 + # to_port = 9001 + # protocol = "tcp" + # security_groups = [var.node_security_group_id] + # description = "Allow all TCP traffic from the security groups" + # } + + egress { + from_port = 0 + to_port = 0 + protocol = "-1" + self = true + description = "Allow all traffic from self" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "tcp" + security_groups = [var.node_security_group_id] + description = "Allow all TCP traffic to the node security group" + } + + egress { + from_port = 53 + to_port = 53 + protocol = "udp" + security_groups = [var.node_security_group_id] + description = "Allow all UDP traffic to the node security group" + } + +} + +resource "kubernetes_manifest" "security_group_policy" { + for_each = local.security_group_policies + + manifest = { + apiVersion = "vpcresources.k8s.aws/v1beta1" + kind = "SecurityGroupPolicy" + metadata = { + name = each.value.name + namespace = each.value.namespace + } + spec = { + podSelector = { + matchLabels = { + role = each.value.role + } + } + securityGroups = { + groupIds = [ + aws_security_group.sg-stars-demo.id, + var.pod_to_node_dns_sg_id, + ] + } + } + } +} + +resource "kubernetes_namespace" "client" { + metadata { + name = "client" + } +} + +resource "kubernetes_deployment" "client-deployment" { + metadata { + name = "client" + namespace = "client" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "client" + } + } + + template { + metadata { + labels = { + role = "client" + } + } + + spec { + container { + name = "client" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status"] + + port { + container_port = 9000 + } + } + } + } + } + +} + +resource "kubernetes_service" "client-service" { + depends_on = [kubernetes_namespace.client] + metadata { + name = "client" + namespace = "client" + } + + spec { + selector = { + role = "client" + } + + port { + port = 9000 + target_port = 9000 + } + } +} + +resource "kubernetes_service" "frontend-service" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "frontend" + namespace = "stars" + } + + spec { + selector = { + role = "frontend" + } + + port { + port = 80 + target_port = 80 + } + } +} + +resource "kubernetes_deployment" "frontend-deployment" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "frontend" + namespace = "stars" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "frontend" + } + } + + template { + metadata { + labels = { + role = "frontend" + } + } + + spec { + container { + name = "frontend" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--http-port=80", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + + port { + container_port = 80 + } + } + } + } + } +} + + +resource "kubernetes_service" "backend-service" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "backend" + namespace = "stars" + } + + spec { + selector = { + role = "backend" + } + + port { + port = 6379 + target_port = 6379 + } + } +} + +resource "kubernetes_deployment" "backend-deployment" { + depends_on = [kubernetes_namespace.stars-namespace] + metadata { + name = "backend" + namespace = "stars" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "backend" + } + } + + template { + metadata { + labels = { + role = "backend" + } + } + + spec { + container { + name = "backend" + image = "calico/star-probe:v0.1.0" + image_pull_policy = "Always" + + command = ["probe", "--http-port=6379", "--urls=http://frontend.stars:80/status,http://backend.stars:6379/status,http://client.client:9000/status"] + + port { + container_port = 6379 + } + } + } + } + } +} + + +resource "kubernetes_namespace" "management-ui" { + metadata { + name = "management-ui" + labels = { + "role" = "management-ui" + } + } +} + +resource "kubernetes_service" "management-ui-service" { + depends_on = [kubernetes_namespace.management-ui] + metadata { + name = "management-ui" + namespace = "management-ui" + } + + spec { + type = "LoadBalancer" + + # Setting this updates the `Source` field for the LoadBalancer security group + load_balancer_source_ranges = var.load_balancer_source_ranges + + port { + port = 80 + target_port = 9001 + } + + selector = { + role = "management-ui" + } + } +} + +resource "kubernetes_deployment" "management-ui-deployment" { + depends_on = [kubernetes_namespace.management-ui] + metadata { + name = "management-ui" + namespace = "management-ui" + } + + spec { + replicas = 1 + + selector { + match_labels = { + role = "management-ui" + } + } + + template { + metadata { + labels = { + role = "management-ui" + } + } + + spec { + container { + name = "management-ui" + image = "calico/star-collect:v0.1.0" + image_pull_policy = "Always" + + port { + container_port = 9001 + } + } + } + } + } +} + +resource "kubernetes_namespace" "stars-namespace" { + metadata { + name = "stars" + } +} diff --git a/modules/demo-pod-level-security-groups-strict/variables.tf b/modules/demo-pod-level-security-groups-strict/variables.tf new file mode 100644 index 00000000..bd131b04 --- /dev/null +++ b/modules/demo-pod-level-security-groups-strict/variables.tf @@ -0,0 +1,26 @@ +variable "vpc_id" { + description = "VPC ID" + type = string +} + +variable "node_security_group_id" { + description = "Node security group ID" + type = string +} + +variable "pod_to_node_dns_sg_id" { + description = "Pod to node DNS security group ID." + type = string +} + +variable "cluster_name" { + description = "EKS cluster name" + type = string + default = "dpe-k8-sandbox" +} + +variable "load_balancer_source_ranges" { + description = "List of CIDR blocks allowed to access the load balancer." + type = list(string) + default = ["52.44.61.21/32"] +} \ No newline at end of file diff --git a/modules/demo-pod-level-security-groups-strict/versions.tf b/modules/demo-pod-level-security-groups-strict/versions.tf new file mode 100644 index 00000000..95233f0a --- /dev/null +++ b/modules/demo-pod-level-security-groups-strict/versions.tf @@ -0,0 +1,7 @@ +terraform { + required_providers { + spotinst = { + source = "spotinst/spotinst" + } + } +} From 63c5804e77e64192a3073d515c726650373e67e4 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 23 Jul 2024 14:47:52 -0700 Subject: [PATCH 093/161] Point to main branch --- dev/spacelift/dpe-sandbox/main.tf | 4 ++-- main.tf | 2 +- modules/main.tf | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index 79251b5b..cf38a3d1 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -13,7 +13,7 @@ resource "spacelift_stack" "k8s-stack" { administrative = false autodeploy = true - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Infrastructure to support deploying to an EKS cluster" name = "DPE DEV Kubernetes Infrastructure" project_root = "dev/stacks/dpe-sandbox-k8s" @@ -31,7 +31,7 @@ resource "spacelift_stack" "k8s-stack-deployments" { administrative = false autodeploy = true - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Deployments internal to an EKS cluster" name = "DPE DEV Kubernetes Deployments" project_root = "dev/stacks/dpe-sandbox-k8s-deployments" diff --git a/main.tf b/main.tf index 1c4d3973..b7269a01 100644 --- a/main.tf +++ b/main.tf @@ -17,7 +17,7 @@ resource "spacelift_stack" "root_administrative_stack" { administrative = true autodeploy = true - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Manages other spacelift resources" name = "Root Spacelift Administrative Stack" project_root = "" diff --git a/modules/main.tf b/modules/main.tf index 05d95ebc..e8613459 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -7,7 +7,7 @@ resource "spacelift_module" "sage-aws-vpc" { name = "sage-aws-vpc" terraform_provider = "aws" administrative = false - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Terraform module for creating a VPC in AWS" repository = "eks-stack" project_root = "modules/sage-aws-vpc" @@ -28,7 +28,7 @@ resource "spacelift_module" "sage-aws-eks" { name = "sage-aws-eks" terraform_provider = "aws" administrative = false - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Terraform module for creating an EKS cluster in AWS" repository = "eks-stack" project_root = "modules/sage-aws-eks" @@ -49,7 +49,7 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { name = "sage-aws-eks-autoscaler" terraform_provider = "aws" administrative = false - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Terraform module for creating an EKS cluster autoscaler in AWS" repository = "eks-stack" project_root = "modules/sage-aws-k8s-node-autoscaler" @@ -70,7 +70,7 @@ resource "spacelift_module" "spacelift-private-workerpool" { name = "spacelift-private-workerpool" terraform_provider = "aws" administrative = false - branch = "ibcdpe-935-vpc-updates" + branch = "main" description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" repository = "eks-stack" project_root = "modules/spacelift-private-worker" From e147349186340a9908002f48a04b2cab6dad4c74 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 25 Jul 2024 09:58:33 -0700 Subject: [PATCH 094/161] Default to standard --- modules/sage-aws-eks/variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sage-aws-eks/variables.tf b/modules/sage-aws-eks/variables.tf index 1ca0793d..e3148030 100644 --- a/modules/sage-aws-eks/variables.tf +++ b/modules/sage-aws-eks/variables.tf @@ -65,7 +65,7 @@ variable "cloudwatch_retention" { variable "pod_security_group_enforcing_mode" { description = "Valid values are 'standard' or 'strict'. More information: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/README.md#pod_security_group_enforcing_mode-v1110" type = string - default = "strict" + default = "standard" } variable "aws_account_id" { From 07d593aa4de99cfade3bfa183a81122006a344f3 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Thu, 25 Jul 2024 10:32:18 -0700 Subject: [PATCH 095/161] Add VPC diagram --- modules/sage-aws-vpc/README.md | 75 +++++++++++++++++- .../sage-aws-vpc/provisioned-resources.png | Bin 0 -> 35718 bytes modules/sage-aws-vpc/vpc-topology.png | Bin 0 -> 683977 bytes 3 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 modules/sage-aws-vpc/provisioned-resources.png create mode 100644 modules/sage-aws-vpc/vpc-topology.png diff --git a/modules/sage-aws-vpc/README.md b/modules/sage-aws-vpc/README.md index 76143163..c0260e2f 100644 --- a/modules/sage-aws-vpc/README.md +++ b/modules/sage-aws-vpc/README.md @@ -1,13 +1,80 @@ # Purpose This module is used to provision a VPC within AWS. +## Resources provisioned during creation +The following is the network topology of the created AWS VPC. Some resources like IAM +roles for access to publish flow logs are omitted. -## TODO: -- Create a diagram that shows the deployment -- Add more verbose examples and links to relevant documentation +This diagram describes the VPC deployed to the `org-sagebase-dnt-dev` AWS account. It +is deployed to a specific CIDR block across 3 AZs that contain a private/public subnet +each. + +![VPC Topology](./vpc-topology.png) + +Terraform resources as shown in the Spacelift UI: + +![Provisioned Resources](./provisioned-resources.png) + + ### Attaching to the Sage Transit Gateway +The Transit Gateway is a planned feature but has not yet been implemented into this +VPC module. + + Attaching the VPC to the Sage Transit Gateway is managed through the central IT repository using the following documentation: @@ -15,4 +82,4 @@ repository using the following documentation: * See this example pull-request for adding a VPC spoke: - \ No newline at end of file + \ No newline at end of file diff --git a/modules/sage-aws-vpc/provisioned-resources.png b/modules/sage-aws-vpc/provisioned-resources.png new file mode 100644 index 0000000000000000000000000000000000000000..9e96ddb11279862c5aeec9d984fe66afe9673320 GIT binary patch literal 35718 zcmeFZcT|(xy7nD)Axjid5m69usfd6OrFTR`meP9@P!TDiN-s%JR79GJfYeZg&;keq zq$MZ{0@8a8(joK^0wD?CjBD?G&OYTk`+djv{_&0R{=rZfJmKL9bKci|UB7#V>+5Q= zv+=M&AQ1N3f8I2NK=vcS$KBr#g0H;v{bC3H+2>`bc>_|^es%$T@|%O2jv55=G3GGs zJ`4E#kjI}EUJ%I92Ij}UCimQj5J&{??VD=G{x-|>pm)aPs?}ZO4t;CKPP0m*i%;X( zA2(e}pI$yM&f2EI^N>@<wv@K;;7v$GGDJr7CBIR+?ca(Y0NR&J_uy`_)}E~Bt+@P8Y=|yTJv`X_=b(&KMO!0 z*ZKe0J^+DyzwjG)4v>Ine_gbO@;d-Ye-gC*E$aTtXuy5Sit^8|;hYBUzC5ySXNN2C zO4^B!HRpTKe!UTQZ-N)SexSmsXIB4iuvWRLtSQEl=hZ8>m;J9{%%9{~?^f%1&wqE> z@5Zhu+l~A8V>}QMhco?3Ni%PtH=GvYOLnKMeBn5DTDFTYZJT%1M3D7cN3`&8A*ZxIQ% zV2OFnDiFwr?sK7d6*%H#yW;BP+G2rKR$9-hHosS6q(#L;b*~;nUWJ^-?^}bpOJ?{$ zIqlRyf-q9lvUqWIzF7#F@EAOvQjJ+Ct1^8v*y?rA(X(==C9;OQnQM4hd1Af;lIC3r|4Clf`lZU-&POJsb8$4RA|B+2vl;1#Ym<58|>qW z`V4);jk}+yi@F)sHLaQBEyLwbuB*#qHF%p;4#+vm2X;n3M)Z*EnDJRlth2*R?$f8b zT=uH)kAZjz9^LFb;~BMO;z(e{g@C(cha0vbNeNqh-B?&g8&)CEc4S9oSe2oXlwY_o zm-#rQN5v+shZft>)6})|%}KyjKvi?BiHqRdo`M!>>_4Fj6&To&LC~~|Zqs z8k(X>0YS}ubC`APwn~y-HJ-rED`RP8?q7#}+-G9;BEc5%hs*G0uw(a!+r2^g#3G`z z>+NPz|9*%*r&B0?hs6D?Ax!nK`imn+Ifce;7&Es z16Hco`*SjPqIqTipe?&2IkIlCSJKPzjp3|C3-hhkySYke?Y8&VDhC4^TYX|L(R+v6 zl5IbldLMBmwaM-kdSh(-|F||6&dI6vJw@Iti#+1m6)f$(OsEU0eC5SOxJ6I2iM6Fo z?mK+GJW7RQOf$Z1M@UPhs0hD*fo|9j!CNws_;>bt;+H5kAztt?0K>`qA5_`rtz220m5`TGwld zhFncG#fX3Oooi41`}6B7NOx%qvgqW&IO;W|WtC9Xm3M9h*r?o1F)^=88i!jC~7*RaeTL zD8ui0f|}nx-%8uBvkuFd`c^ztHJ1ikb-01lq$YRy^y7Hc?G^+$^5*@ih4fXe-Jprn z1Y0jdVeF+d`fY>`O-y6Id9#HccL&>}6H9``!S%3yk$DzKdQSI2q*cW`%c0iRvT9*v zUE2o;=v#?Dsgph2#S+&i)ld@3)Jc9Nxi@FlDJJKQ7p^2j3Dz~fRt1q}DNoVHQqZ>B zleX2ky`K$Xn6|HB0+&j~`4qfMOug^gznN6}PX3Yn)Q*Lfjg4zf_}E&=+H7)|rD$M& zPiv&51ia)z4{UNk)vYO-Bhze%G!=O7JmXyGQ{*~q)?TZtw%WH&#!{`LR?J)2?#Vr=$7Ue`H? zsZc;UQdz`;(`v@xXco}QoXmBv*d;rG-s%X?-aZ%yska@IeV2* zYOe*eRw{cN9EsdXxY-Cr5aOZ>Lc|g!)D+O+oI*p@MLqAYWi45XnU{Poij#Pf7QV3* zd#8>q+Q(JF`*I1+c#^VcAE>kV1&vDk@s8>_HKdNb`lYzawoH~V`UvA_Gg3j929I1a zqPl(EYXhQ?%CF3Z>7y5{)8V=ptIE>;9T{gMc*O}k+9a6XBD(i&_~E+t!{DQd3ciuH zy{wR48|-J>WSIoZ^voY9)uHY07h*J5(>_dS>_a8&Y_2`MJb0Wel<>3K4_f-RI4z}j zV?N6(lhI<|YAl7D&AyW8HaWoHA+FS{mQi-eL>Q(tTqHweqGm3wxgX8S;mwaAfikSJ^@x&HzDWg<8@d8t88#uo{Ci$jUL=fB?RPm zSCc~IZ1(pP&|3qOPjV0)dc^9q_SWX+J@b8#bG%MZ@%_Fe9Io@^G2vs0ve0!Y=hEXB zUSawYl34?W33%-~sVgmkmwSZROqJ>l&zMspgmXK&o%1zTor1@H6o2G;xy?w6GcL)1 z2Ev_)t=9HB@G2NBLY$hG8nM;G;Ask#h}s>rP3P8gpa$BFqA?_iGf$x~O}J9wFuWXK1veb#g;zOB%5KBsyd zHxK7i&vxXPewU{WHtyu2k40FNRX!|-P(=!}IJqfe^?vaa?j^s<21IubE!2VB9cfys zTa@_FF0gTYx%j%)l;AvE^&76&voYz-+ix*=*t~R(aEG)uItox-$q4bEBQbf}2$`0Y~f`PkM+rrYY@2=TbHeujW^Yyf$`H;SD@@ zhtegY-y8dVs8ijH?I_tec*6%0l0W}btqM7u*ZeH$y|U=FXa@33Ri4d3q@(%C@`a}O zIJGUpXiuFl+gjP7S*|OK4!ZB8d(}CrDf&aV?9Y=q9k9<_a8&}p-dMR#_Mpx0f6 z>kS_1?n{1}9CaKzHfMNAJ3E-AaEP`Uac60`X;qIUL>mhm z=pXLx7MuAzay-bIlZ__zV*CAforjE&vU4Vf6jPIy4nV4Hk%J{&U6x~=s-r=a6)wyl z15DN1SuYF;o(xBSNmCB`63&^p*L~w|PmWH*OafAsDPJ#(+@XEoea!in4E`lL|8<4@ zza^{x>7wrWk;h#y2&5BIw>{Z-)o-P?B#4scG5Iw-S5`5KSN7=gh%JAPcGZQ=g&xI4 z4e|3pr>E~5DR=U^ERGYjEZ{9L6=T=Xki7}}F3lA0Quk!X<*wG!w-htzTr3$SC7N>h zZ!BGkLpvMaxiiYWwFc?yMILR^sSR4txSOlz20S`|z-1rA!FMssrh{dTPf(7wEHR~i zt17TJ$$ts=Xntj9*N9VMg&1}Y{??Y3LJc=?8>Qv`>)o&RB-@O2w)R0LydCvF69VR} zU9>75{dmvC#-=cYgHvgj7ct6F1=so-os_FqwFAk07~f#5Lvm4NQP)t4mW-EqWzj_- zxo!P7nh6@phggrEJ!0219=}2A|CGmkS(op-KTr}9daBB*!F2M#{odT48K1VBx)jkd z(dZeMp=z>^BF^&R95>#-ez+@3(_EBo3+%jXf`T0y%5mhyKIOaqKUsX+ni=~b?G?2g z3>*LZp;$b9+3tRO3gOu`yIVsFy2aGjK0o?{R$VzzNQQ>vz)ERnjt-1ybhYwP+pxz< z)!Yl9H8IdQ96X}Xy7XZc76M5Ta|%_Bt8%N(lPh=bYrkVD5)){lWg9$RT$<3s9hAS3 zkYI|%Y?&lp2^iIuypWU-gEl4R<>FxjH%4@uy07^hK~2Gm;m= z#bL&^$QF$|p5?_Ayb9jt+1FC3!9b;^y$UQqlQ4_!z4j7K-goY#Rc=)it1U&_l4Uts z6QD^+OPnw2D;x}djD_q+Phwht-3n5_;ViTWS8$WB)1YXmrjzQ)w-n>&FO-jiQ%>JJqYuJ2wUx32PNZCZ$g=*rkN{&=Y@onRwQpW7hkzeaJV!c?3IkgSXw{8)GX$UW|^7PY<6p5`ihAMAReX* znrQ{37$ogNVBA`Zs1=UB;s>Qxy7<<$ET6{y=Tsxr%EcGt-(Jf_C63+2L#N@!On4y%d>h&PX953eTR zQ=H(=Mi@o1Q*-?4+<^Yuxi`)7X3|i6kqWM;xF0*O-1W(l(lJuGPSF_ICe$NoP5X!> z&q-9`HqA#nDsRB9F*0VnO?$&(26>prDmWUq5{x%S*^8*)^D7D#s}<_dERgn#dwXe3 zY1?+GS7=C!6|Ll*k<#q)%uV#;#1^zI1{-jLDf-efu$jq=Q&Qaa-=q>MT#@&@1~RWC8YkR0&Y5S5 zo~j*0OGqC#f_=(&X*=C??n*=0-q+!|G_8kQro}dPi3awtxSd{~^&=B)vK-j01`a<< zUTA>Gg~B7rXXQM;TXG}y&+86p)7gcSs~o#lv&MgX*ySb5H@0Fk10Jc93JzCCGnZ%I zK_uHH;~T~kJwO$kiuWXVm99@USrjA>nH8GbtEKU$=})9@<)XLsnTzop49v}qmGnhc1$Vkw|`UiZ%y<+v1mUl4F&x4y#O`NPhw__@! z+3CBKG75Pou(>k-oOo*f{vxJK!PfXLw}{BKY`T|=&#zXCKjifWjc!8sZ^-b%s1CJZOkngK~ag^@?3asl`7i$zIEu??0=HBP?yTNgXHX%7oO#-^g zo4z_HYj^5gt1Bfq%N#n&({=WtS2|jyAU~$vd*|NMb}kA`b!N0!v^-2}i$u;Qo*!X_ z-$hok9LJZGV9fPi@QB&jsA4;q?Y`^NyFBxnD%gL zk1Flz{TmNx7G(%mJr8G_EKQ-(7*EQm0+h=`rr1aK142K-* zY)!VR>|5je-3W{fYh;Y2-4y=wZ>ec&2O(0yOr?9D*|mPF@?K!8ad#iDt?H_Y zi#l!Kg29a{eeYrL&-*)>pL_gHjc9&Omw4bAc*11l^7k$owj(r^TWDgs z#0OR(Ru04i`r%VQ%7~fw?$8B-*9?Ze+Kn&G6$U784L11Fy@Tx+ln&>0{6HPtdR**( zy%;`8IqUp`o%hZa7}}Fo)*Dbzj=}){z~nb)wxu5H1Z~DGqc#Id6xAU=#B6n;tk<)k zT2{g&-l#n06h}1Ot8Y?CYYa=o0_(w}LaN(HpoXGY@LQ=#7kLj+U;D3phf#N z)?TxgTOuPVI>+YJvPyHP*Bl{ovEns_>X$`D5AVq!Zph&^mfe(@dgf;g@;x_bM^A07 z7T;x2Tlo{nONed~=$%?=0f$sMs|k9$N}Kv)v;tm8X;+c86--O3@*S(Y=8})j<+YyE zlXmB2-|QSH{h)2*Ly62WjDF4ig!!mb94ITP{*Fhh!hjzda!_~Q1gD-7 z*VfVyr*6u&!eX25|J9NIALvNK&OHlpn_4N$R_$LxQXBR^3dv%eoVAyc{s&JEV8)Uk z&i0vAKH99Bhr6PeiC>BlWRLd>WSmiBPoPOtAkdZBqpXk+>cv$_B-@=dL?B|DN-S>3 zHE2-xT#w1}(-q*;(}H_f&sIF1LAj0|U_Gj#OitL}o2_N`>@c+U+~#8681-Erui{q4 zRqy$dHBiH>Y)hF^GiZT_-x^W71G%Bk5OJ36N&AHBoO?U&F-H~qu% z%}mFBn6C05_od#b@lDXEi^Dqg43Cf0_#ypQ>y{0m5D1wmy~e8Fdi3ag%P=YMHC;3e z=xu%4^1>fkn}SZi32&ZJhhm(qIzC*CDPU+j+Nh*iV$hk4BJ0DhihNp4z1M=Hi|b6C zM?l~3xgUNsR%oyAfvQ;b!FA}SaklC*(eA_Ks-i$m{&MWjR*UK4-FMG7h}qX@fnPg% zvXkAbtDFkA=dxi&ebO-`;?j^rn+4IP5wo%?I+P->XOfZ?jk+CT(l=+D`Y-#s1mI%N zcGw;}D!{mM zkzbNh`_6xolZxJ2j ziGJ7zXY{RKCwFT>vHijjZL~>&R^eEc7aBASy^7Q~bBnYofxVYDg0&kh@$UHDu?U=) z$f7%O#`fL+IpN5y>W*h93~Z;s5ekIuKpzqp1{O|&#Ru~%m*5!zl4f6!!%PwBS*cWWofU#4n! zd+TG7k#EAhlN5R3!&xq^vIJUBseP%-kYvBx==Ni|xs=sspF=r^E+cIP<>Sm_C6)Vz zu&_!jpCY5va-ElyI-B_;eYU$|nZsqpa#JdYDHSc4%dFrsx3e(EsZ75P6=cbEpcd;b z?SF^f>f#d(r<<6>hN< z89r)?wqB&&3TRU!>DuIH)$0lBLb;vSOYPyuI5yfZLWdf;IV51`d+^1>-?vEa{e@1O z`M&uz&|{F0GGU#ygl&tX_SUDwsBr(a&rbL2LlFJkvW}gQ!`t35sFkQ5?yAv1qIqlW zcHQF(nrS~4=Ob(_u1Do1&kF>5RJ$fOM{QKA>MIcin<;6+S|6YYmeiJa3vxK^q|F{9 ziRYeS90C@&H7S|dkCz6UZRL@qHrK9#78SbGH5&=*(BZ|dtWL`@S#IR(&vV_? zKB6$|OQg8%(Q2RFfq9c$Z$9k2TIkV-#B8E5i7sio3EnhnhYGtt7f&qO)DS&njEwAF=bX zUE7cS2H%Og~>a@TOQ&pFgL#jB5S|0UX2P#EySl6rjBRLT! zzF0$QKeUC|*lsxoeo4v|_uAhI*QJV1DF>gY?yh-xj#MHYU0dVDnEO0#XHP|6JP`hB zwkW8?{Fwts&{Q$dcV{@#^`YIEetT2Uq++;p80J?i|UZ6A-(p z9%~aB8_*WibKO)0OFYgWPpR88Wn}N!_%CGZ`~{*2`0)SDSWJ88Lf? z{E#Dgzn}6JNAB(J9Z_YhA3OYEdKjiSqI}=Ij_m6{6(y@~(8WIU1ST{>sH|D3hAn?u zttF+A{T3eU>>vi7@hPg553pr=NAJ<*_F(qQ>R~Eks8$Nbb_%}zQ}bt5jPKCLy%FTD z`^++-K-nR+)g3{4*4EL{A^g49(|4IVs3J7xzD3yEjk>?k{ro4MF|g-6@=(I|wsfUh zC`0qK#KYIAp#tiA8Ec}&v@qo%xEus<{HD5xDzxTmdCXrFMAr?9`BWlcqv;X@(KDsUfvt=G^{%UY)c(M z*SPM#9Mm&5l&kx%!##%V`EFQPSZr6WbAH(obEd3KCTQY*N75QPsiLosO(udz1W~ zw$G%qE^jE_4OYqlNztXIj{T)@?Z}Jv8GfraT|AH3nf@nx%KmzxG=Gt$p)#Qqxpkl3 zNrJv|PVWhdj+Q+@Nn3n_%jr}L>x!2#0|`j*v#OALRrPqRtwKeH3= zWcs~^eVSwT04@X^z28@K$zrNrue|uF=1`3v3j1B>FXvS=h96s@5pk-&{{?FdFvEXw z3if~QOml7zVinGQHZIj1+I2^{I{cTfQ`AzD0(1@$e zuvvsnL5E<%1GqJ1c?ZT9v@wku+U*-Exu1o7{(Qhn)Xdt)-hXF?`%8{a2XGjZZq~&~ zyN{3VSGV7LtMvtNC=TlXY(-)shd|yy}x3M>mHVd^;?Rv{ZQGX zMRb-q+;{BB@%gkf`zBtV*qvP#Wu@Oa-Y6!jcxu@|nk5D(HFmHE>YkQ%{i&mb5pd z$m2gsEG`X6VvsW}s#c1Rr?0}yfQ5x|8K=F%vTZ5xRx(8p5Wk!-<@CU)kR6DB(@7y^ zXi(ulkACvxyrPAUOuUl~EEfI;FMr9UmTHXo$Cjr`_S2i*h5Wv2Z;KONYOF%<%0V}m zM}(F}t6Ez=GP7lGf{j9w-UbjG1@mLoU4<4s^Crv2KDOr|kov@Tm$nrjVoL37MEI_z zqsZSD@=RHRtD9B;jicZ@hO{Qh#W zX<~!7Uf&|(CIOAyyLrh_&@olrR5eP;kbk2Kpswrkj#TH4&vLHm%%$g*l)`fh1+%uj& z5Nk1iwGz}@%^E!UpPDAhS*gq>Nq0P?H*^HP z)S#${4E7o|CmQ;e02iC3Bk%zaBt%k&L!*V>!(UQS@u=fYB&p8~1?Z~SEhj>m+UHb8 zuA!LpA)2!m<&sEN-tL*Qs?`pZceI1@KH${=L*~(Pg64_JM}041egcc7uXUnWC2&52 zbxEbc1wozZ(No11+E$0@gN?;{7z=~B0{m-ZV)JK>A06}{`FGq={QCD^6-U3!%C3(RvTAYe6I zTZNtzLc?aCvzEqcIxMFz{Z$IHG-E7BGBpmvU=5*7rKJ+Tl0Tkwz|fh}Vw8=fhrpwo zPD^2DoXm~n3$k+T%eR(Wt&M1iJX3Z9rJ`Coz^quqi%arWUKal;&nqX+42bA@X=A~I zcl3WOvt6^hvU}rpv)9j2uMYOV7qYro0%ARawGbeE&#;;Iior6hvB?A8%dhyTZbmxNwa2!a3*pT%As2ZxkRX=jBl+mi7?+~@x!3xSE#UfF+s6&RSq3Dh+5h1 zg!8ZjKr4ZC%ke!ZWFi;Fy^TCI03g?Y)X`9&e;&85yhx(gz5(2tq zh8fJlNpu}y)b|&N7K>c&mUmPXv#vQc91z}N(iB6Q`r6c2Yvh{D&S%y{sdBVQvQ4R2 zhh>{mrtA%Gi3K7zjFkJh5~x#hOT%Qud}oF_VBfxcA!5dug%AQszki39)`r5L zJF7yo0K&K=&MaBV$z?{3@<(keStIk2_0n6d?DyhXh?Iu1cM@Ro+Kz4Jg!c~;rYnIm7Qozg%7;&O|F3aEFG!$Cb1x8^f1&92v zWB*YQK~4vUq2RvRQ3bvPT#QIdoQXk6&T^^^EYBG~R3`B8%1=Oqz0in2xX*oj*nA_X zV>PB`XEvjsdRAGVOO<=wE0Um>z|P`XilFl(hs|cyn~;*3WZHOb0KU?cu43!Dn%KU0 zRuwTi9L)!sI2onuKmKvI6)wWqw^<1eVMld-3({2!m2d#aK;=?gsT13|cS9#Qa%J3t zyhSzRIx)=?Il?GYD=^%4*k``{30hFXELK z=}=LQXEj~dPEpN$yuEfG2FIYVE?!!M72>(@<@Yo6`GBUMEOMSt&=2Q*f$;jDyF*ipfvjK+ zb45V{-*yFUUKHtqjm|1)$$Sf6t6KrIG)*5og|N#f*DjOL-G%X*`~gaVl#BMSPOb%n zNO(@V_KRFTNiLAOTQzF&P|#M{q+sTkgCMZyXD zeKWJtkLl&qUsvTdH0~voK4}@0cSY~+!$u)Yzb>G)-^m9peGC)bFJhl)e2d;7aLRNP zokKqvDO{GbyLXhI_LUlobsKAG?4pNlFbgd4Mu6M7NkfPAGTVcP-g#NyUFbD z^_nMze>dsOK2ai(s!LH6;oWXmbT>b!H^{wjzYe> zGWb09%3}}33^VB<-3CYoAYSN6y%eBfg& zVp?%6`CNNw<8+}Ipq;IKEyDCoO;0ggY0m%`K0G$e#KOM_>|KRQ!TPT(5%7|W8b!B3 zz9Ux_xOur8^}dS(CR#IprcrypYFAxo3(dqtMo)vX>x9}?ehmqE0if!N{`hz|VUF?W zL1L2r1p3<7rkif(NdpkUgeXY^5cNRFC`5zr-qpH6Ai_Dkzn7C(N8Qlw7@v8F3p!-5M*UvA9p}*G!`c$g0cmt~F6bQagjf1*F)H1zGn_^NT z<@LvbHIJ0%r73SuNLc{}pN}l1{p%+?(W!HV%OjQFEy2C&UltA!zYF(4cNUG=8@Ssu zF;`!(LxY|$genF$vfY26KrILsmQ<0Jw=G8k@DiHsT5;X5j?hi0NmG$~V`02M- zA&^`o5Iv+h=u+0zgj~;A7pNyufYuLDS^l&a|3Y);wynglX*i{`U~Z zrJu?56dL}A5N63(wnL6yz0(+#`~@KM=HVnJXHOoWu({)^FqwKJ%hHDd<(iMARzO1H z68Yo+>oY)*gsFwTF#YXYQWIz?zkooS0z`?&$gQSm_gEnM=~VV|`Nf2O`tX7!*s?{K zrMK`VuK;NQjdWjT;> zm-&L{)>2|W9;A5~KKaM*u?1$uA5CT45#KCXg3^X8E0)f{!Z`NAvHUJdyGwU?&6aU+ zfxb_X$!=-7XYxTP?vfnFA6QQXpe@mes>B&D9JTx9FwrHFDMdb~Qa4dOZ_Y@bAX(rM zQEdhzmpyu9Bpn#TD(fV_c49+#-8#cT9Z{GHsuWA$1%oAamY@E$*FJ1gA<4!?ePh6sR};h+h_ zX799}>-%!=5Ua=8zV5AsJ?~#tyD!p~Bpqebr)xrCVJ?;nI%|I4E$y+!ImY1t83#EC zT1bU!Z2>1a)|3O$b^~J6KJ`}QX*(kLDJ(86`<;K>+<9E>YGt?)T&^)Ikvg~VE*O&;S)f|RrELgtu z#q~@LeczT#JP%xf>npi3+db|-b`Ja|(&ij6{iZ3)PtUN~U>~YfN5b>L`Rz5-KBgrQ zrRCUeVJs7uOyk+z` zc{VdlQE4hCOw1d>ZM~_SoK?|<4R_BX=DfwSmj0qiJlV?09|N_*%q2(Wz9vtsK#E(Ru8E%6ff?W=uZv4w$0r<%q(Gan}{e zzO&dUG?75IkhQxSE|?gk=V)j1i_7xO^>v1^T8Ty== z$vE|J(Fq2*PM;*$QS`KENgA$gX>q6L3W`9vdxgpnpoxZc#qbEj8aC&_RB3Jg`TNB@gvIro$$4W z7g5pui!T@rY;{4X;Lc-J&;Kto@_&pyhTR(vau4zcFmadVBj!L}Kjs3Q19DyE`_Kf) zvBWC`N3NrB>!e&!&P$_bz&xJWI#jt5;L7^?ox(F88)HzXLFTn6ybCP#7eYXNgmb!A zX6qztW$|CGXA&9nz=-Xv4e%lwT`JK-2|Q=I@&FBfP8JjuXLxSUCL>?i(ieZ`0$)VR z_@Bf>FGow7@Pq>IFU8Cx16oFgA5pTt-Zt6EDPBIQ-{9IE^Q-E)SAU%rkLT#o%qdLK9)bw10RJ z&UYJiWcAQX{V&)BE85gKl<&cT*-93M^UAoC%NX(a(W%m0b6F(Qbo9LqW~IjgK$8QA z*XEU0t)q9Qm`2u>mn8a$IjONC3lqT^yQUK{W1{ti;Yaxt%&mGRc$uv^P%ZId*{0o_ zZ-FTkey>Bg;KSRD{XBck$5?J4ViNyW{M#lzhZiQ`i@S4Lvin%n6aNG^Hqk0+r;{vG zX1dSlv26tyFF7OAkuIEds^hD*pS2l`12mSy5366WCHb(M+~^08>;Yaw6ORhe&~_CJ z%Ohz1n_%);>L!zry=javZoIAcI{!C$P^f-}eEP-68ZNxzD!B69sN#+VH10;-G*R$D z*Y08N_OcTTKwx}{JR_+NaESaLE+#_EQmB(86>ihVZmpQAxnUUhs4eMMu`{};0}K@R zLV@$G-Y;TR0a6XjZ)cEidl#Gxm_ENArBfIZ%e48=6#m`j-#j) zNq1K{+A7Bt{%|zWqfuA+@@f3&$JLGGkKYESvVH9V?s6G~XY5)@6U9E}r4KV$L_t(n z^7jB>h-ssUz-H9awkQ*gAOV2fN>u6UDPi0!Y^iT?5x%^hel_5>kNZ6t(ht*o`R%tW z4hHX@ZyI9S4fK8!J=fbHxWd>)x}DKt31>T^@g$?@`HDvGj-##pF|yR-jo8|D$rmS} zsl@RcQAE3l;-*!_-qDK;$!kF8{rr`tf{CL-Vxr3RV)>c%x-)~+8x}WM zB6@PhtQgejTv=t72n`Lon14TK57;al@J&o=Q#xWe2^a+JX14H0VvqGeqOC7k?Ox(F zM=U!EhJu2bu18B3`2L@ztqRXdOH0?>r-Yu7tS*Y&lqUZ-js15%5&EK#_vTb*BF*gP zD8QI47gTNnx9q#)>a#15t5ov`1t%*?NP)qngNDF-9+D?9&r5dMFyJ^$PE{J(n9FQEh^6MJU_ z)a{7ZT>Ie~ztuxRx+yO~knzcLsuM?_x!>|m5jgF2SvJ$>|FZ1C`VX6&w93R*e{}Ba z);IQ6FMn}Y{nre>?^M)*h7or>=di88F}A}&;JM#DRu`KJjR`(}N2~JLn7}IAz}+7C z+D*gTn@1nBQ-00TgHD$)?Dkw4c6K{_%Vg~`@I!&v3jd{Imgc*%`oR+ZGCaIC@v*S* z$6v_-*T1X6<#k&Jz@`Q=0x)I&z^as#tx(x_^QuV2{g?~$euV_r-#c}~T9*HvNm zz>@t*EXE%N@%_s{-I)=X6_BP0pn1U0x>x57-cb?p;yUS_fBAxN=Q_i`s;%{D^UNhM zo9|5cXy>kI&m7O+b@c3OGYZxfu?je(MI6>_N>SQz;DRTa<&a*+6kHpwpg)OgPl=uZ zv-6UCR&zaA*!}+9+rheCvq~nOHat-It9{i)PsS;(-S!@nQ;Kb3eRFv(h8q=`Q`GhD zyp=L?)n(E}^{}I5WYMBO?|Ok4AXwF!yRCWGDAn)Mz$J#flZ}Gy9Ec5PMjV&65ew0n zfkm%z+rD+5v_&sm9bjgd+^A~|zmRIIrT|=SX>i^2G>C^6<>TB}cMm`oD?zoQ?HvB{ zvjO$|5A}mqiN&{L8%_6jCq&*+Sxg`kQDvs_P+O;Eko{q};GS^C4tE9!Us}(O1(Uur z4?39t=P3S7>f-Dfw5=?t?MA01XX8D7KIb0fj&HI2j}`)RGM+}=TDF6;y{MhekzYvY zlJ>UcFUoVdc^c!owX>agHJl~pM8!7FT@ z_Rn2X;J|R4-M#<=(Zm91s@s4`Qx!+0*A`UEsPubv2$tHdfa$YycR}qPxrHPcp~uY@ zlr)+aJ2TQBBs1yK!F4*2o6hAvC3G^w%Dv7G6&_vp3q4@4hHPp11gD}qENDu7s8>%N zyBuZ&ZM*hNr-*s;@MWQO2p2?O@Bd}w2$?rR#SZwE`BY86t>{Nq*8<`*!HQKd?hN{rZbg~?8;Ofs$S(q!zaB? zxT1n1^S{n*3ha5FTcmG|T(fJmLa7}7HMzw2%IW259cyw4K-**ePrPY!iw=X%qt(;_0BYFKco&lngR!i zm>In4n>=GVH*iVb=+xeoZ+mG|v@$=?8N}E;@BDC^6E-y!h#IL_F76LJWTiFNK44|L zF^6him;CrQz2+N9VC)Z}7J*jb$;&(US8=;IAAJc-H5A z@_Z-^BO~LUp1miuKt#VtRJzXR4-1+XCEJH++Ersx(7c}f*WiB=W9ksZWA?)##tGHr z3}_?M7t`}=ME&N?bVb4NzyAWiF#L8a7>&Xn>3DhE&ILaGJ@yPQJWmvsaZT1W5LcV( z_D>Q|XRX>y41tOV5^oynY0Y7f{-Iv)$=jzFkol%eeTVt}!~Vv;*ced+G-pLM_LuvR zCcF`Zr|~OL7SLf?X6VKKWn1R^uue+5`cnqxvzJ!-m2G0uqB;NJ?hwC%@ebPNE=|F| z-y~6!e&MDaRoWBb`s)CKgy4>`g^8wq!k-&+#X*;0=MjuN|1Aoz9Qz*?#9BbH+aOD&8U7Z8w?b4+HSJ3Y0#VPyH>^`3a1Ou99Sjld`hk=nSG%T7-9}@ z_w(Wp*>b#_KWp-+_pFZ?P3!KNYYPNqNgedpjFa^RFwx%ElhzXXh%lCRkK#>K*b{QLG zOxbk2n}c%2Bj6a5gBD($zHfu!(tCiihd|oGV56#J-o`Cx2i79wj4Oo(Y=dMISNT<+~K5Qj{;=6 z9J&Q&BnG*sYXid37h`u4s&Es^-${>AUr~$3kSuM~d~4roC7A73dx}fne4gNZn>-WO zrc}msY(DIsH_f?|t*|bUwf_q{udd2%FifFZSs4HHCP(DS(~Fk#HaAmawoDEhB#N*M z=gm%P1?vvm4w>0Mhu7TV$)ixTF&x~o+#)D_!Vdv{Tm1`*K2iY|G7Nc^IWM%(RQ zd8{+8+QDtU^N+4mhms;3`O`l41{%T&|Ts@kkVZ6^s z#SdhO#f*pjK`^1sE`hwR?ETNMsR*GX6~okrjP0<142!Zy_xBiIp~~PCB6=Qoy7+d? zBL^x;T#j_|lW-7PfV*RJ+z`y#Uv-uEX{i_Kys~3s63kZm=>X@jq%iz2t z#;p+a=9??c_APuFxtG^t-Tq=M zLCO~NKb>0juj=l9I_m1bzv#~__g0N!klG*EoQ&XY7_B0GSs7!VBp{Rt`UtmCxpH@8 z0H9-|JJEWpx!hGRe<@}c;LU?M^?2s5Yl)RQ$u)ND@8=POjQLO1uWgO2KHD-o`RvOV z{-3l{+&5Pr&b3~!eFn}rxKC-S`64~weH2<}e4;M&ZUZx3l)AUOwOm?_5j!&&k$KoRbPk5&`Mc1`4e7%c2 z!K+9;129p#2ynb~Qv7SgT!-)SkU#i=v#gjA)Xp4D2D(m(b3m`h{JO*xwG7;M2;slt@Uav=Q`10}0red2$f-9*SjXx~Egc95#M?9-fUFMq zCzUmJ-<2++&ix3;e}Jr01u0#oGUwY4Gq2vef@7oIU2+IldJ5cToz$}qS8P)!BI^3k zg{a)V>Qm^BONb+TF7z@}+mvxLB<<{GRZ}Hq#l5w%FQ^&GiG!OUMZx(5RzYJv)|faz z1BT7Ca)(*hjB^0g^JSpk%r|R#OR{9wa#BKdWN63| zS*Mv14YDf{vM*y-WZ##ujO~7ZNBi}=?(4q)yB_!B{=cd5HO=S!dA(n+=PUU9YcRbU zc>ij8l>*FELtX)p70#8^DVnnGz3=a1>vatVZnOx`&=RcWd^0-S1p~OH+vwLvTI{?^ z*FXeFYGivQMbnc6XHV8*%OT1V7WS#Q(as?dVU^ad5#F_ZUzTK=BY0Zp8meoe0 z=$RofE@R7`7F|<@qjFco@2v#3K^n$}u+UoDd2iVuZ@xDQx12s5Np~XA7u0(y4rds( zCO7PB%p#DoB;EC;J1ti^Sk)i<|7|!wA0*iS5VC4e?dYU>dDiS|NI0TC+1CE#V7I89 zAR`qu<|o+Ol4V{(jo?4t*M|(hjR^)2=h2IEzW$EW&|CiEd+lLoeMj|E3xW?vqWri} z3216#hC}HTSN`TC5?;x&M!H7EdsA1*tlbHpzXqpXKVN8_q|J4PVC+}2)!sd1Us34R zjYuF2^ubCSw~W#(x6odEsl~<5_FB}g*SOS^XhIX`c|W5+=Gr> z`2zHScPK}%;+B&>?DW>^&U>kDkuTL}GvZ#vRK8tFe|4F!Ov51bUEK`Dd2w!{pA%8S zD1}jZw)(pD+ex9Kxe7ZEdoRi&);vA~B$MBP7^)>k;Xu(3{wbE=zaZARD9)2cm7fBMQX{kURu&{}!3?9UV3vvCnxf1M0i50_bEovenSKv!Yeyng!= zRQTzu&SEcn^{!f_MhN-qCE6LjY^kNz$!#x}Z+|vEft?)eA0wxuL*OfJ4-7fHsRo!u zf3BsDNYZ!bRNhtRs8HsOUU>h!Ox(QA$2~|~Yq-B0V&8usr!BTlU|8f}-!3m>|i z*usUXrxNZ_keJqiOCN+h$TEz$RYPe)aCgZ)^+*%BEJNKcR8?1@%Tux-iI!9nxG-J! zwuZ39efqS*PJ&xpST;&i{=$iu6m~(a)T)<0E8d*5BLnsq3U8_4B=hmhcEW_jrC|N~ z7@srG7c`u-<9Er2EJ;*TFY+@nT~md}%_m#Eot!H5!;Z7})S9SuI~Wq^tz!(=vu=d9 zy(W094n?netOUzLoi(vAfc3^&5I!d!Rh`n$=i6Mvo)Y%Z82e|pHlZ;Ev<@`!MGODIK`W8Um!5B}m2~QV)E|)yM#0*akyg~J#`z=jZ-uOL ztLBxI5S2{xo0z)U-CZ9a>NeGTa?GF?&(FdHo6z1Qyrs%{@q~9vxOCf z_ovORfu;pcYLQVL^hXC63B$>BX)40_o9|aT%EB8Vw{)N-t(T*~w&~0T*IIFQ zILo@F9Q9NPC{aFi0?Y1%;((RONUYbI=x3Mz=djWswt0KvhSHvKje7VDCssLW)4(Vj z3p%GeEwwuPdQ92hZL2zG0@JvkU?i)@%rK~>p1ib62{1)`nk>)fM|epboDrTWY>enW z_`UysUg`fduk=idVW&n$M9K#Mt{iw_a%vv-q*8mvfHNo}b?HNy+_@xmxx5hHb3gzE z$7Q$3a@+uyggG~iUw6RA1*)Od;+)?nQg(bK;@nU4aN}RJYp1&-Qf*_TIK0#}feB`a z?;@=>z5oHV#%twDc!G4;82SPjPe^WQr#FpoHZS@ce)z(8=YnlKhH9~o~^wmG!3&Fb#wUQ~jdI`j}HJ==iybS5B zraab12!zQl4Zu!~_lwaXn#$X5k`6KwqHQo|hx%FOM}Am)95vw<~xnOmt!)Ga%TgG;8{2 zT829<3=z@Ky6Epai=9_k>pE2-m=**o!@2`SB{YrEzt`i`KOk}D9l-7cf%_C0Qdk3s z2YdIao};*JxzmZ0)(k{a_Qlf4lnd`fHcUD_3}xQhUNp83^NS7L@X0}oOZ`nR{q0Ol z%;oq1(#4`IBJA!rrJ;M2P@uN5$BrdiE-w@>6*n~EIIDuaqVthp^P-kqMq(|1xPfhd zCu*YLjuM;1JaRc~(daz{)6v34{cDY#H;j1&`T7MQzkwv^(JgT1CuoO#9D77z-TXB_ zkBj{5ROTvtw%Y3gYdVENwDrPTPNPag>2Wl&MIR zx4W!6E^^eUeqL>H&7COJnGLlHU-BiLr)-GyW12Q#;^F zW|qMKk1B0o>u`#SRAR$2FDd0{^gW+d$uAT{M7)+{ryq9D1$Z61acX=;9M_4TyzMMp ztaA!YlXrj5*_iB&^X)#o43=ZW+b;WTb?)-J%R6}MfiUbrcTh2%<&tL|7*i8A1I^kH zw4Uw3^zGuT{qAaw{Lil%n$Jr#?l)f)l+R1onU}}kl0qa!UQF{5Gx>_nzPKglUAPqe zbmz#LI_a6aR(qG-T;0w}Mm&B5XwDCo4%q?aX zfus=Ef=88QICarcAH9^=VH`?-@DR0x&!efAc=S|Hb#3hmrp#g?W@CipB@z66QU%E@ z`wfzBYrn09l}Y%by}3L9+u~+6#pxTl+cVA;DugH8lCJo4n@uV8hWlIJZK4Zc4jUnF z%Zj`|b3@-LFxPgd$9#gxw2w1iLbC42JCr zL+7fB;3&(YepTk~bQKzc-!YKl%^4dU`m`@9y4f z_|yQ_(};SuVYC)FoHtW$sW0VW;yJ{)IB6NtZmsD>_F!)u^yM3VypRw&c&!F!gnl)=O7Y3ncIwvM#T(_h?{W#h)(Y*@Mv zZ`AQunT{U(t4tT6BXLc$CCXjd+T9ffIPVk2J$ft>VC&1hU+YXVc|BRxXfQjqzZ7Eh z>_v3pusNUedn2?_OZChrnNe^yL&TSo4qQmLahD=<>fg+$z&%O=*Vyr>dSMo?fl)S% zI79?b2IukJO+361q(;)O9l0JVUxAZXS(&0-yOL7CW&_wtD$wC!#lpQme{q4awbs$; z5^R6OAV~sj9@#bjUvudHy*T&3f!D9T=%16FA^zqNxc-?O536qWV-T;I4kqlk zO)oR<07U*1VvvJ4&#~6ZT>4<68c2go^}oaG0F9I?4CF18Y%z#ow$QyHz4EqP zB7X}QtgsCFNli>AGPt#Rm}KN#AtI8|NYK7=AZ#!tCcP?*QhRjx3-lhViWAD^NY)6R zCHy_WaW6^Y^~J#+O_<&ECpGvE*A0iv)Wj@&I#diQp2$ptthZQh0%Y<=>iSO2m@AyC zR~pnCB1f1nc*Gplq82UCjJ+C!zoqgv@+llJg&ksz@v+AOnlXlgoLuJiBfgt>zP^v2 z_T5&g$iDj)y1D^z1^&A5uJWV}8(qee!|nO3_Ej;4FcB~7FEbeaphf)BvCQJ?Jl5$P zG(id8Hvj{CVG{T)*B*Thp_cBLLSFB-y90Jzmk@Y5QK>LF=@yK z$EF7X3mN1;-wc*uo?n9KwV(etLG-`Uf6m?IeokV9?$l!NVG8q=NN_-=xF#0M)jz=Z z`f!J91AV%q!SH&j#{fslrDL^CU_?xUm@?h#Pc*ckz zG~ETlet|w!V@ltk+Rf!m34E>+1HZW31Za~l$_Ngu8czJ-w?wh;&;kaJx@Jjk)fr!4 zl6qU~=N8Lxxm@uxBkMvCam6XdnUnlR7iz zB7kD`cs?zL=S_yS-swt~0Be)e!^jy!!V9c3>M(Gg)NL~CSAgTh@5QA!7gInb-{qQJ zUhun?E|~-$01EKoZS2@&gsvKAIo)Z`I1GS?{`Rty0Yd2pYwjZ?@U=n`oBSn>%BKAy zKhP2!^?z?X&dHkErF_Oy^}2nuWUxr#{o)4pRMtNZ+se*kDxN6JZ_e&JgFk5(Tkv5_ zIlv_4Tx12N@cFH`Y)W(QD>Zk@(S{1SM#u|HoQp1lXxiId?O96%3asv58Fbx@mW=ln z_jK@8}hKl?Y zCZ_qgZ!xxXMvN^w{-CMZgFeS1ypBY9-X^@HTl2E1I>OC6>Xg6C5K3C~nyM3ZVqx>t zKWhh@5>DbLr@yAI`!?*o_t*GZrh0T|p2{b@Wys%^5#-H*JW)KfOJopEz`AQAc7{+s z0lh71AFulY7ZE9hx%l6@ZX1tUna>|`%2D!iKb0%X{!47$TKoL**pq=j+2iU0SIun2 zJnMWjI=uy7<;U#i;F!n$AxeeFo%9wjO+aMYH%8cads!=4#am=C+o}0 zKj0$f&vv+YV7}Pet>5L#!pC9h=(u4Z67fP9bLJ^)V!`}$1tH*gFB zlLoISkIS&DsF?Be!Z>X67(f@u;-{S(1E6!t$d8tH8Zce7XYJmpdm<@0wP$6M05|-5 zpr`b6P|^&|jxq*QN`&NV+4oAv+mj@ehI)+q zqLA!7vY)Jqyz@*myzvvn@qIy8Ird9T?!$*C2kX4|m|6f&{R>#ofl=v#?*|vz$k4R0 zKbALTm<`D;#n8XP28&_uJ2KbM zemt?jzAbY-aP8P-(jUA8&1L2Yx@2twQV-LDb~5cG=_T+Ri;9~FF!%GyZ)-jZ657l! zF?}^pB&P4(o+0qpsm*CFv_a{{`?pwiQu=l#Vap?5x`>vG9~)wt;rmxhRNguu z_Efo8wcb@)F%Q`wc(1c|81r+DsIv{Zb}fvFrt0auP5CA9?{k7ZBm%9$t1_ls1GeXM zCAjaKXkRBrJczTf=E0eBG9_!TBt;}Ic5P?-+p%(9>z%XeE{iO$&HC6)-G#%e3Xw)D z$9BP9awGln*~7YT8WeJ503 zr7LRz9gX8d@$HK&|D-zh?YDV6;Ha~kR22v31p0%C_PCn<)Xc(cvf~hueK?K!lmi`q z?aR7LwiSTL9ETFoiNlXj%}HW?c+a-D-T)3MLJ>8wJ+9#+7&dW zD6i)v9ux|`ca^bA5_L9aJamPiz87(;nYy_6ZP}5N`s3smSpA@}br6QN1f@h`LT_)` z;N0T~Bz=-6tJs_bmaIA99cRY>%;=D7Ox1)9*-K{-bZ+rt*GONAv6XL67Z-L@YWdSc z(VfGXu+ZDJ4;YSZm+Y=xg?Cbl;h444tuZyDlBmXnmxr!nK;^SinU{g6f5c)^s0Nv` z$_ji5zY~NND5{=VpuHwjGOl#W;D|iVHRmnM;H;;F{3B6>fU7;K5plOKC}ZcOkY z*>+HIRwG@>?0O*4i+1s4uUY$Tk>#suzyn-z*3eO10xzFsx0PS$Snfu%@BkqgZcP~0 zZ7tO`6-e9HLKep#2Nf)iw0X}IvfTEWkRa@hmdJ{>zsf@>+JFdNM8p$hWBe`Yr3Aa26@Om-DvmSWin3kPW@Uare((Z*hn(i7n` z9n4soW|z>_PZ68Q-_V|&IG;OJ$%7l!`Hku6k!3Hpl~?Ot5E(lqn1qt@svO*b_FCzy zaoeAM`ewpPy@tr^nUWD;9?d1IylZ#FDLbm zsFQRA42(`=Q3O#o!Ks9trSrR)3Yvi%C1sPZ5R@rRkU8Yr7cgk8Fma^oLn7q&2Djt7 z^_8kVCt$wB1=Nv0|Bdr(!r(lgsoO!?Uoypb2^Le2Dx+f;(&P}P&6$j8`D{jT@B6s$ zENa70d$!>#-@3pL{F1tlcRzs9tuhaqAKpk+iLH;2$MA9=Rsx!}Is7V)hwi7IjW!7F zCK^+M3&uA71@0JN3;}QNzgXmuG7r(}Th%$FRu^gCOZz-ndAOymIfxB>-3=XI!9&LG zt5eN?C>EJ>rD|<3-ytENV3YGx#6ZjaR|HY?9zYPO{o(h5vm4tt9k~4sVrHt~Sk+U2 ztW314iMd0eJi8IA^QX)C9Bx_OZdD^AJOvN6BZL3Ub^vt~#-mpuJMG9zFr@zWP4qCy zaZL*J_*hVwC@4h_Lj5#9?Qh*3v!~k4(qmNLi%)tdAzeTtQ!0Q@k<^75jByKG&?K>h73V3drcLl28p{bO_es8gE7 z$(vZ7!Mx1|(djKnX`NSDzw?+m2a-IeOGhE5RoXuFkXDyLA27qb&2q+f4sT$3kJ%(J zS6(8vU5ob32c_ree8fQDdx9{yW&ueY!maaf#A`dH12j65^V9uX(*y1EL8!M`!<486 zU#HD~hhGsPp|4HqCaP(5@Jry`+$3LLO!o3J83{Kng9X(!LuVkkW7U6EOf>bm8orAq zwgDu+*&%0vS<`uEosg4O!B5Ve}O*=$52j?bsi{P1k9l8bn?k>@8YLfF+yG!3CiM!&>8t)VUl`~^Ad8CJ= zz!gQIt2Hw%+G7OMq$9S?L4Oz@dN4-za=yZPxvMWe|1Tn;lN_Z0OC6h#7po5tJCy;9 zLvs1UhWg6mP(JBU*0-Z?%_KDLCB%I8=sy#)(W`V{=-)`A0X)R4lVSdK@b?F;#WFDk z{W|k$t2oxkudTw|%t6Uu;Ws7}=*-R!`0zt=_#|}y zNQSE~KFPzRuedTZeU1V>GF4Ip>(;Ch_c9agX0>?%(=3U@0g@W@Ycm0NS5umWC6Lk- z^UEg(MW|iC|9+`-F;B1=p(fF=qs{EEN3%$v!S{qGK{(f%82SgrY1A{9)-dCL7@h&E zY?pHCEv{x@J5frfUkh!a_8};2kzPf(=goM>PiY-Sd2!JLwo5EO#wp+i^r}Bcy&K8s zv>t&14>89$$#{Mf$NI$+K6+Zs21h*SQYdA6@6Tq>_3?%dNNWnV<`Y4aIz`rMdF^O9 zJ&5M(e+M6>L%@B^Y;d5x2EOlglg=UXN;buT?*tT-AkvxF9zxM`7+I|nzm2S+SL6(t zq66-x?nTz@Oh*gv{-B$c+~UG|0hTJrfvZfP7Uz>SV7ylXn)L2>RG7z8vt*{-_Es6G z3rOOlm>+{PG~M=vS|rcmE3A+!6jcjmUBm#pWRl7DG(>rx;7FXZ)I;OieHx~9wuzt3 zajwyQaxRPKr;{f;-4Ngf?S^b+Cy?MoAX!?Zc&hA>o1ggd-WVRR0IcRpFAVq_Fenm^ zUnvq^2Ss;`PvX@cwXCuuhvx&wvPwj~S0X}r9^X!L4Jpb{RdI9{$@eR+ZSz9JHsSI+ z4HF(&d+Th(Sub@tPI?R?)q;)lbF5_?bHYr9F8kd&L@W~?mo7S0a2CN@|E^u^HNpeJ zwz$icWrJ22+`N7kmqekpiQmfF0`*b`nu44^n~k0|x#Xz1Z`o~c`Ha1&312@i;K__@ z`eIhhR2QG^M9m_sYtacf)DpG8yLIIrHT2=FO}I-Gg~|8bHQ9o~qR(z<7v9l$`sDqz z&=)+`Q$tuG;(lLE9pqm-BEf?o%xWf_Zs!#1mugQ@ClqC;Bq|VytX23$cUcvr9k5mC zc${OMv`#5{r#N6Ojmqb?JAq5D%*7f8eHiI4%U3`s;G>$?^^PNj9ol@D!us#iv3^)X zPMu=npZE{jcue5-{QYz>4$o4>*)~hI`!yJ%@9TLHNFF8XeN6B=BpA4dmDQhppq!|b5WmbjY?;l-K%_( z<6>JE6*FeDOBGjBJ{=ZMSI{l}Y)^^N#J$8f8SPreqU^W#?4N?%K~ zt`3(fwu`P-7_@Hh7Ya3fUntq___Gg@%sEzdqm&zm^xUtWM6HcwGMKGpKKhi;1@@AP z=j<3Hjk^=py-tClnx6kKc%CS$6VC0>o+gCuUC zzu_~^ePWP3xw+pSG4Rhuvz%TRGjA#` z?-<~=hb5g6i}$f!2J7?De`})mjn8u5%B38!h{_2Dwfd6pFWG?^4w*yN^+Lu3#bQG4 zSAaETdR6QE4|Uq(6Ql^PoCEN{sjk_m4o=eRct-%u2lYox|BA9cdK^&JxGmd^M2pKS z2Y4h9T$53_@ULvp<7-aEo)~`PDt%S1_%T8Wl~NfueE2VJu~4_c?Qs1G&Dp#f1+EN6 zGQdGe>)A&)LPm}-XBaM&i7=`W^)lQ;Sy|A;Fh77Fb+FBuTF=-<%1ZiJR@Z4)W$a`3 z-!8G~=b8F9C=^(osRgxi6rF$qOq4K6ZA%ya0nBmU1nyz?{+c5sd>^7mbFYW7xC~Lr z>%sJ+1SH`@HrGM3gbTo%^qoKW$9C^WXkH~y?3byFuTc*b5qHlICl51bo#q&T z5#)ah`#v8Oj%qGSNk8@Qn2mEDT*1Bjo6`;;R|&*n){2RGD0v&fn2tjbq-+!u>B9TowtW%8(=H)xVpE(VEIska)$9!i6t$L;`5X zB`vm^Pi2LX94pTd5_pCr>-DnZ?7%D#%HMqVElgoZAx^;qFSx&`jQzf0v-C=cxCBY4 z#M*3)@$6{3NUxAPQDrH~wb}*pv`Iqqd~#0jTh#Zz-fIdTV1&_Vw+Pem*)!Y;N8W#- zcYTBi2fI$jE60#dT>jCS8vVpUM>lr#v+)BVF`^H^6Y}NGkdO_ z>WZdPjr6vP67?)&j^F{~i{)!`GZ}1+W3GrMq?U_XnQw2Lr4OxKv1@}BEJE;NT8}_I zdeH{xGu_&uBH=jO#W{z@LBG0HfR|WUS*-i`cYv3|hGdt~HhsQ=ijAvX(D7;KkE^-@ zy#cX8eS(}tvjXSoOYT+Y%ua6}4xXP1y5i~A$%gm)I+TexV4`eVUg0T`cLHpn)*S(h z?A`-)Cz(|m%7G{|ZXbI6zLh;0Uq-C@VZaEuFQ3$hCe@EskG z;?>E&C5*cl;Z4@U%i(M(b8orz6@S~BFnkU|xUK9NErwIIUcO;A30kNZe*|-EwC2er z^Q)8YKN#st*!bM_h%`IvD2L~u!jdpXTn?q!)CGp2=`mDOS%W?<%ej5u>*+#$&F9{Kyl)Ui`?Ku1+E61Au{d5upx{Vx99QOm^4gzQqjBa8o0S6CtZ3Rzhs zAf9lJ;P_0bQAL zEwwZJi7@u0w4e{Sv40r})?PNRRQ_Oe#XZ}tvxc^g-;*O(4^Im3-9I6j+56na37Jh^ z4@Mpf%y1qm$Eg*1OT<|21wG4@k%NOY<2#OBab4Q=GEQZ~!Uf?nBOQ~}>nCytgwKjW zmC>5)$Q!>ieLk#sLugjpqo9R>3EAA;@L_;^j3I5ZTSd(%@^G{b?9~;Y-!fNqfDOb05F(!;8nCZtcd7IRywZhKApLP6vC_9A#m~d_TCp7qKy= zdQU__Jnu6ZFlELj##wO+XJs#tZI0daExsBM8c}y7(x(`o9E!#473%lzEDucz8(jw+ zYA5Z5pSPtmJIFKB{Ga;~@h^lApYQ&HF>Wvw(EeW;H~!lIBKh2|P<-|Y%G*xb;6V_9 zVeO;spL2wp-zEiWFbH~9LPGr<02S#1!p9d?4u~L3PkDdyG19$}aeZvL8X7*IK@Oxb zA;28grL1snZC6@Z+%V){=hCta4rjKZMu*#CK%4jYV>xyD%?6$qNT7$3>O3^W)f5P1 z2!wO-MM-0-1Ts^Ur2bbAQjZ2s+7cX9V@Xd3mLNp;N~vbaZg6VkY3K=%z<6Pf(JR*6 zA15$%Fi7fhSnRCLu3RYNwoLD*aM?Xp$V(q(H2g>udpp6BEVF*F8wQR3yToj^;7z8R(=O=;nClLTVe-ZR3e_4 zd%7R{jdDOFHSriCS`eL~59vzNs{uD24Dr_Sc5%dtjpwO}sZQ?3`aN}Ev^y~tc?dBZaRv+9l0cLkd(Fq#=>H0z8i4FB%OsdDTB_pcIJe z8O-4zYV2U=0ed9li6)Ag;LO5)#|BiO0r+}c`?=^n}#}+u{=HqSl^yL z?LiFm?{pN(^X|c|T(A(5#m%wF7|s@`mOMbcn)wbqV5$cZ=u2M)9_4dw=8KzX=V2Dl zWuEIl2FLFH30>Q%LFC8}4U_$`jxozu8socXH(T4XBqWV;E<(>D@gi}efv%75;SFoTN znh{4FUB8jPA_2o zasc~>4N5H!{&>f7baj5wnC4{%b+x}4Wfu0BeNItTvq+}kUIkx}RYj4-G-F~}=c z#VeBd;4pW$dLlkEEAQZWXJH2+qYK)X(n|Y{@!c7s^Z(VK=Pwz9Bu#zS%s>3MpS*RJ zDB6mc_=@D2v;V~(MtSftA)>z9|ILR^et|K#_0E6yQ{Yqf*BOJOSr|L7{+MnX*KVjsbF!I+O__N#m6Gr~LAOD1rzre76 z!pL8p=>Lysgpte(wKJ+DfO$KU=zr6|{aFO3PK0z&w4gPnx}w;kUru~)@|<>|vBEq> zsO3{NWmx0Y;qNrN4)r8ApC0b4rJ8oesO#!J$kxh_c#*Byx>0+~#f{qj zT79(HPO}@X^pi>2uO+W){XU0QUYIBTpw*#UOlxYLmd~7VA>IW!kf*1^svN}#5#Ki+ zt#KYPxkdsSXQWbEQgowp*QoO5I4Y)WpO(QGWM5TV8_WT=`5O?~L_$xm^#do*so+7g9`T z9kr`ZBkX8CWYnJGl~*6GrBCyG5V~GEX2augu&o>;zr0#=xNb@q%z8n7=XgFAHv8_} z<)=%~sAQSVDjwZf!Sn~6%Ex4&MGxGuzNJc+XNSk{l` zH4EHc9#q139+pqTri*pO3GrIHQA}B=_4wVh{+XRusdxvz`0aCEb~xV$*OlBdIighB>*MzA zoJNN|q4Z_oB%k7yxzo~NNZ0x3%_)Bd)6qYY;qavNz*f$(3Fp{F#0WKofb&w{-9F`W z$XJ_73q>uD!yW#u){-3UB010fxtk7!CZ+WqD|uC_sv>K}7k!`bM+w=CKNceF%{asp zt({)j)!hW1uKCv#0c;|Xh-eH}i~3B%%WD1j_pnh=_%0Sv+kwQ*{$xYGWljx5#_WSL zNV9fpV^42U5u6Cytj64TAG0p&d@EpQD2Ix7s&ZaaKj^72rsYu)JR?S;aeD8IW z(S!WyFjzE6@~ZqSQF> z67={osyfL_7e()0Icep(HnC89xGpjRtHl>uJkdMFj6qy`dUB4re{+t++YwXn!*xg5 zbK$f(53;Y{yx9(sz=x^Jo{Oa2QPzU*uE+0`PQ#}S)5?;NkBs~(<|=f=@!J|gN52|b zg2XmkSo$(G(!-`6=#(l0Pmpz>O-25ZDGOPvCLFAETGx=1lWUAFwtmJR?nWN2SLG8e zXR1s$WFiRr>BTk^!r26uaXWd}xo|D@QS)Co5EB$#MY)27tVj8%`UWO5sZrr5_#%Q9 zE;{v|N(Sb%j=46m_I7`BE)6q~snH*ZdX_AgBsJt#V=2j+OU z_Bi$Z3g6@14&Lq*YjnPWgwV`q-Zu$oorsm(_I8fu+YZWB_clLqC?H>9tt-P~8XVo$6$*s6< zkqyy``4}iO{$!MQ9_Up%eth1}SDil92$Dj|xVo;$Aqb`# z^Lp!v{m*;)Wn6|0{acDE#Ul+oU7PflTN68D1%n2T7n6f#Gm-;8t+8+gXL@x>`H-48 zb|xh;_x>{Rzf8}J!wvMsJCCxL27##9ES^5~QY>`<*`Ymj#!+Q^duUcI4a4JcxK?%( zWgI+FHTZzvs3V9+GIJd}nFg1qfk zn6f4hv(Q7qam5pN>|2<4?52P4)Y0ogb3S}9SrHbh86e9g}~t=o3NUF)?|7$ zb#-P2&%JMa(4hzFh|U;(_8^l1L*>-RO4TQ!WG-DbeQl*zl0B1Zj zn^cw{vDLv_wDhU+^y8mAf2GA(Ht&7nm{&n9W~~mv4g5;i*?!-ltjhC+JiRNL zw>hpd+Qyx>crcWG;;S{I#uzKMP@F3xtL#1+4zEnr+1`F3=3ByimrLzn#4I5-&hJ%7 zjfKytiR{G<#$fFiT1Z!xQ`pewPZOc&JbUm+a-){F)L=M#m&is+T-)32Uinxm=Jxxo z-$Zj`^Wu?h8HSaGimYr7majE@zS`{1hC*gPumqmJ(>Ip1verAH-W$q^+wP%*RXElSEqVh0E1QkDU>F5Cr6wALy3%jK6VT>Pywu>(=DDcQ3drUgQL7bV`q6 zYmf0T8*P0i6axX`~4sZLb>DW@FVp(0CghGkglw$(SBs1u;X}L_VuBeRwsSexf{JYPF1qf2ujgk zlE2gdHk-}PuTi9t)-K!Rf+9eJs1;I0W~Rf&;7qC*9-?pvKLMt12gdAb#SahFHRU|5{#&x_>bCeuGY_7xa5wnS~q z^yfJ4VsJvY) zqcg2qFb?p=Y}H1Ml2UqECz8iRan@CA;+c=P&7vx#v-)5;n+3<`m}%HS?>x-3xpy~G zml?ikTFGP7bO}IVO5{*5mRiS(>7bVroM*JTft_q~1`a2qAm*!nF60DJDaQ-rU?Z%@ z``w7yIESu}x^5sW^nvg?{M(#S9U|a#F7E_jrdt9~S=1r4$hquK$#5q#*hz)*09T=e*8 zs}MjIdAYZnt!(YUYH39UUe}!wS}&hrcH(OhGVO@sF-xoO0=SP)ec?ToYVdcXX3`)r z{C0ogM$MtzvM#6$`l?+WdNl+lcw9G)M*x5`%Fj$Ut1M$hE84NyFVDa?XUVy%8Q~Yr z(@aJRO?b?@ZugEQL7#5s->(#?l(W$;GW}xCs0k5J;kv17E7fLQD{=HoTIgUgxt-o# zm(ii&{RMlFAj8Kr&lSUYOi$3}GH|+Z9>>L=$=@K@wqV>g=reagN^SqhhJ3m1lyO=h z0Iwl(&vSn z=_yq7-PTI#jewDV8333_JspJ4q$wq_=zdOG8Bii7o5#-f{TnPXQ|_)$==fctxhB$N zIhgekb5P~ByRMy&`E-Lr2Il5DYLVUwfPJA&g0)XMl_D-;PM9#eSx?3gr6Dz8-$)_Y z0@9-1x(O~~YNqK+z`!BE6td{roFumPH}yK|SL{s#LLbdj7l&U1Lfb=p1^Fr7cCn@+s3<#}KH{e1wt6mwsdcvr%qFbcv_ zYsk_kOxi0SXPe$J(+yDH&3~J49#a8uh{jbPW|n6tM)3=EOgNmUUa;wXB!L^yV2?c7 z?uT?{#@H+k<;E^@7PsH0pydk|+ZmPyxki*XLD*^8xVjh)bwH)MRE{N>jXx8*(Jj34 zpklppg}H<;3|@DZOyf>knp{gScHD+j%MLnW5&&F%1(DplXiR zX+!5|Yh-EVbN&4J^ScLtlnPO;WqHQ{AOnQU8X`a`aa5oSDyg}^kiXfUU+9ZhT8^No z3ffcd4khp2cnd&Ps`XfDNH0{Pi5jMS4H(f?dB3q2$I*t^^l~OVkpDYU;K-sIE z8%TNy_d|_>X1O(()=wGfV()J^)sn;YN_7sf6`v~0WqrObKLq%8atfS|KG>$brznZz zBMlHE;(KkUiK1!vKWC;Gz7UgoelDqXF5U$bB49l#bB8rp`TA^-u@^5H5=2YWPp1zHBMK`*ha^+$3VjK}W3e3sbh zj>q;hp~XZWX8dAn%!x^;ZUsQci!C%-0=jXzqH&Qd%stUUmXf zz)~r0AyLXly&=ow3v4Jy`vz?d<`dy}GlO7RMgp&yYP84p+L%_C=vK$mcyJOgM$2FZ z-=O{HPsjE{@gUeanJIOjwhMG0-eF9u04*idEeBHq*<`U8zsT8&8=AF=erV_|3gWvx zpmXH!B#60{TGirrLYh?p8xjU5r+)BZeDf8=*a{ea%EVRq+e``Wn+k2^+oj{(qFbLA zGb7Bk3|8(5x(aayg;LHmI1?kvAolY) zjPCd(^sUtFj6&HXQJZZXCW}4aXeij$Bj#vJJr=+D%j^aSLwgzXFg$w4{W=ZY+J!%k zA}vM`$N0HcwuH~m(Iw`XYS%P9HOkZXguo0g*AQ3vB2UFcaYStKj_R|T=!%Y{>QIV+ zPoIpJ2Qov(0-?c>M&I?NKw&=sT3*WD*9WdckEl4^_XT;AU($k zkJeB7!Ky#)%Y{p{8*uhl6I+;ww%)Kn=NsGmpDN~G$q}|UrD(ozyXCVx0b!` zE|w_64C%l)0U;BA;X@!Te-^V|59#U4zkSl7Kz1r-YP-_InCv$+p2Q|D4q#@|*{7Vq zS?d={^+Q=zlv{Gk%OCgc0Qeb1F+8GpQo~u*?9Yb?&_;B0cL#|Ml|Z#zK?$KQmnVg~ zBL`=1^h^GKWTMy2*aB?s59DI49&g&ct zTBq1N#HwO0V*ZDMm}?(re>wzm!8U@wxm4DPn2d~-vH-3gaerjQBO+%io=czi|F<0gr<`}9TgzI$#q?9LJj60uY39N0kF&Jsw)q=r4rC%C0N@=ijXXU zdoc=!Rx68{aqw4*a&*?$Ee?P=#JtOOQ_RpjA!F68+A2+T8Mn5&B_gFM#rVd)Md%zC zG+qt`RD#U%66Y|EdbeBR*u7#clw*-|5!j~AGnTT&S3v;KuMo^nUFjJj4461fLnK4W@rfm8ay*?A@X zJz*zDTB;srGH#77S}u-jqZJ?QSLS60gtqDhv4}w%U{VnP;K^iVe2mFmOJe)JES?3} zu#^=chxrx>!tbCQZkK))!RUVVi6kZiis-+og%YQUhJq{E- zZs)Fj3V8Cx+<}RtDYbaB%FU(p1VxaNSRe>cMze-RTUZQch12AtepXp)Y2M=NuW8Rh zCrX`*er)%q%_(#&=jHc?@ituv(^rlvPSz7i1_t2hqn$%upt$rZTPEv$G)9fx+A=We z9w%^v?Y%f)d+l5AMjG?8-aoCVXM8959MD@LM5o08uUltPpiuuN&C>lqzxpLWC@i4z zXdAZjr*{s1WYi?Hyu$edm(m8xbfMA&uXAK=Aj)4oj6)g^=jm1PGy@jrjSV`N&9PDz zQsxL7MA^?NS^!|bn%iw%MWy;!YQ1`^E6kItaxp1P^3C`=+|J}lW*7j0ZF3tCuf~@Y zm6Ui(bDsVLRx~=Eg~~ZWyeZ?aYO105K`&*BqCk3)A!7N^cEBZs*nfqN?}7UksCQj! z8PuTQwU-rO-I5Ny{^q{p2B5mN?L=NNpJMq|bwm&`T-Yk$qC;pf08jvCzRXx`#RcQq zOe{3PV>xhdzxMdBcDM#4L?(D{d6HqLxW_@5h+p}bI-4N;B=+c(+05;vvccC2+qpvE zw2COej?W?8)<0TfbF_K)HxS1hRqK`6*Qu$~23mJgdhN-g)1EZ?QOp4c=H3cZrm(U! z=Zo#Da4>TP35{80d$yG$ubes7rZB4td{uk7-OQT>9=9DUD$zlH6)tclQQIqMh`@+( zXxIYZdshI3TL6R&9(M!z5Dm7{rN0S9x{HO;6wa1)0%Fk8Ff zQe`1VbHV^cw1%>!Z)>TkF#;kW7m&|vb3$T5TcHqfc9%>1&>=pLMeDZya6s3^zB6z& znfW3Z0jdt}pVE-=I6)Y4Ng4th(1~3E5WqVf`5|-b0|#6L2da^j>h`>n1sFKDVz#Hi zbb|^3DlqZLE$1IRlSRsaHd*TV=2QKvf&6=94{i@^lq`f{P=lNQ`WV1Wy{Ic%e4kw> zy~x@?2pXCTUZOkIs_%m#78xV%Q7M$k(?90EyMdKhV~-p0BjYz0dh_GMa6cC>u1A9( z5C^Np4qe3wRx5z{HQfXttyw?>+!XYSYYjOO@+8v&70_??eodJm544fJ4Zh?iC&3bn zI7U@xi3Xj1a5SLo=(zI9^0cFSAwLQBEfSa(2hUVtLuho%Dk!}GM9P=RLOS*-Y>q>d0T0bv5to^qZgiQ3=SQ6PVnmI{VH?1hGLWYoX~mXmRECN>7WEF(*@U(n}FWYG=B^~-1t4yY*vlDQTdeS%l51i zMN28T+E~fs?-;3afoT_;KO3^PIK|~oAoda{EDA+VrKvt#Ee95q3QFktXux8(Yn#P~ zJH2~UF{Ys^B+G@`R(B|z;_Vh?IiXEtAYYWVXa#K^u*KPWU(gf>B^8g;^1x?Ev*Y1_ zC!m))rD+@b`>%4m+TKAg#5n|B&>9u*$CbG6+k@-IjEp&~$F<}bKt^H4k?w?}{Y^mV zEr_PceWCrBml@G~$4%L^D^B~_(8UssW5BB`+;RUU<>0ni_{k6EPeEtu-2{04+#a0y z`_oU)gd7l!{->1`AQ}%5-MxEPJzrnU0-YCsfn+qPzFiRWRvHv@tRSDrM|<_>a4Y(} z^g23n&orp5(GE%u6uzI4Y-k|%%<1Q+8?5i6*FI+0{!OTN1`c1el_YR#IzP>r{{31o zGq@5`IrU2D^doe;c-s29?3wkI0xbsq5pPqU}<8f ze&he)0nh)lw7+iIKd1I5oBhWi|LTeVU;A3Tm|Cs#w;X+xoMz;wocnq#+1C;xS;bii z34a3$|8#gshz--ND{%Br&jEAxw6nnhg>a}APZkqub%PVkORsl-aK9Q`g~NHDB)%yzMs7>@-9`kp%2)QECal)F{!?Dos$FJQh52>S2AraEp_{PNor9() z#>y7+mdjB>sk;SE<6`CuSJrVo0waUl3EPz%*@0EZYnbyp2}MDTVoL@hQS#;JwbAnY z*2zZ;hmw<5Mx?ut_D6ist2Lf+{I&)O>(EET$5T*~rs^A;GdXjcGaV*8uFlh2Kbj3Z z4W7-_aPt}xU%6+Hs7S(72GiE7EXF<+-l%@|%SUQohCpe1V5XfGp6L&Qi@>i;xGk*QZ&Q;<(36mKtYz5+@UT@V3M-h_#w5~D%D#8e;{H6Q-%9p4FgeF;yETI7t;Jnj0;D%La@ z+ZFmt&1>z)NEaupC*w%g7_#5pI5hUd5ZPtU%RH#a7E_UgGczsQWSy%uQ7QgXuh?^6?nI-vZiT$uzi{p~|h*Oc#LnWH+xtx;S2+uy;_LHfYTQHc?-eJ9t z7A&xS=z_QMRMa^B`Wnln!S`F_+{?vVXmNWnSkYs*!LDW4K7 zS5_-W`CYvA?|dwSB_Cp9tM#B;9`&wkZ_(tt0cKP+ekuqBOuhc4(f#DhJ1^hdHeJWK zFbTe#!!6Wa#@i9k;0|?W5XXu(H!n372ju0`r_envu4S+{XfLG{KdG8mlIs$bluR1J ze)8BYU)vY`jZIls;8-?rzKUC+l|kbzyoW(3=O zzf7y(F>`(9%<=OaGus%%+_$w=$|3?~-aZCWL74G$Lq*^NASqvV-D{5fiz<+K@|44T z^5QSYg4glpi1PwQ{AAw3#|_im7)PJW!2wwMpeIJ`dp(;%VpCydUwqThR2V3@^0L?YIA_#RCH0TrhgG?QJ3vE(G>=uP&($K%P$F4IBW4N;? zZm80JmYA%2l`Vp2JFJwTcw4IA!PY$pt}@CeCgw@b-%gM6g+wRk(=IhThZa++H)VE< zNDRDPnIh9X`dyh%byyKup)m5Jo`cQ(zPs3CjQ~ChRn!H6&&Ry4%XOy|tG4VUD4RlW zd;a2#?__XaK3b*iXdg)|)ql8N*Om}kQFAQ3De}v2%38I|<01dnuF?9h$vyv7J> zY5m|9d67NgC9^{xztbgVZaOncVy17C2dW>M)?vr~?qi6@a&BuWlV56ItR{#29uayB zwXTk@xVsT#OH1HrjnD5ln8igEYI?qH+OMH{yU*P)>+uHvrWxjr4_574X|i6ZEiu%0 z>|OCa{OK9Gtskk7MmQSZV6vOBGeCNZcVUCNR(i+Mrl6V8#7st0~s; zLrh1SS6n!^@IUebuuc1#w;h*j^po&Ebmj5P;!~3io=5w`wJD@VA820^SFsRvzos13 z7TGHPCf@vG)E8>HB7dBtLMXMU75sJee<+-LkUBTY@ngI%;lTpKFx8RxlLTG~Ww(uf zsK;S1LGuTJ(0fQ;f~QaOfMLYWGz$f{=%d}0@u+lsyiWyk4Sie{A=bmThk7q!im1i} zK{4-8*pg8!?{M>~XhUtLoM-b&i9l!>8MUv`Ch4>u3%oA)&`oS32GfmM*RyNHHovdk zDxPsd>}GhBS!k+Ia~p)VT)ClGA`@{>Z{Mib(segh!eskB2`fTI>Wo(wdw~=gj}AX) zM0=3U{V{7zmcmK{)|w@}uuH1w?r(;VjPv%|h1CP^?~_w0v|A2dOu6?v!BanYubW)Q zX76W>Manm|-NogHKbG)Q#!u2dLY~V?CmtwR74Y@;6ypfvTN1m{X&;?g$t~}cNvV$^ zZau&uw=e@e$JGL~f8ekWOV`$FNe32=$VXj==Xlrf3)S5ymoq5Ww?@Ck_dNCt#`gWC zMhfx-5gT9lDVk`dc}Wk`3U*%()JKQL$Hqr~$Gs+UK^(fCHNavCO8s@s$7tjFS8u!Y zA%+I^xAnA|(Vr&@_5_B0=#IsP?ksfj#zhJmBk~Azq4TfOJj#)+&AwwEM%cQGI}sJ` zj}2D7Pt{(GX8LzM@Z9w5AyR$w_EDM7Q9@_68GbkGC<{aBZgT~_#*(q3%Q%WzQDfLb zI9`fnyYqoAQiL_%Tf#4j+d-8%K`HU@5-69)^=u-BSH{6 zxzBeanbJRASjdN`wQcj`_8MzZ2X?IQ`tgRZ0=7IUyggp&I@?4^!>=dfE(*JDX5*vp z172WgjjI+i{zT8M)V}jLW;tRT@VqDQk92?i&ecE)t86DNg}IGto(R^M-cWi(c7GVI zPj`q3+@dVUi!;}=;-LYqq6a~9jo)Lts_mkte2p#;LhNH2>AizPkF|DwtwU82T~+e+ z-_9%GWgArMA0I)yDG5xM4r)Scny7Jni9iv802eYn|}l6ayh@iqui}w{p)Lw_!2b4r#aqkPvaM%SFX^X z;SBkXAH(&n^WJA-aE~+!VeN~f+R!S}nrga%qCPZYky}roz_vK{@+EjVk1os)h#h(*-%~NExrr|bCLJxfV zO0`2)%VqgOjnjX1ax1Ak+}aOXP|C!}g@RJe|atImDz! zglD5$GP>v67k`t_#u`N4eG=)b{xXW~uI!+)t+G$lbpQeoBvy4A^0(d##$#71*y{Y4 zx*uMjBzc8TG@E7{f4H4Vzie>J`t`7G9cAJ{y?X!9Q13$H>q5M5I@(}*;MLYmCc1mL zCz9LK zE2Tgu^}bV!JU)Cd}S=>c`ORAg8XAc|1R!-4xm3uT)=g%SqW;@&6Fm5hC zNY8JJMLd04cR})Pquu(oDPl=)sXcs5c63d(VA%LOsVk)4jUK|JU2k4q5i;WIc2n^A zAnpj%q5#4~I(pRD}^Jn9?1ibd_mdG-z=PcxVC{ zwv{g^4SZG*xmro)*5Fnb>(UpeEblofn@|Q_+nvg*tr4UTWdHrS_WU~LLW648t<^u& zA9%3va+w81OUCrOyq&O(?{JTkz2q%lkGU)@xK1cpVXz^B1y$uc9Uc_t|9U-c`q@*h z1+n%Xx*F73!&p5*RWo!Bam*iHDB%2rQ0b<__O_E4t8uhJw~nz#4|+2E)<;j>DLwq@ z)>4yJEnFWXES37Q=yeBXgPhrryC}lB(f?3T4R<%pm9=k~M(6ZG1u|=w~T`CF9|8l0sXBCG1>>)4#PMj7+b63JBWG z`sXzn1iO7RpL1ud`pa9>Z+Hl7DG}$_$S>nEVbj7=m`S^`Zkcqc1cLpZM+{@G_?m8e z&G(zS9B(lavTYSLH-j&GrcV00IHjb4(G6j1?XgI7UG_AYxt@QDPz*Jz+Inrp9o0_8 zJp;JFva$D27ymfHdvvImCL0E`_Mss*qQDMQMm~tEmN419NTAg@ww*ZY_AV)gg^@XY z?C8y_trhGTvLosq9o9ZKmMM0oBalBXvMhF7;G5w9r#-opM_cuNTruSl=iH8&W?j5= z`C2uU4EiR2m0N$W-p)~qG7W$+hZ}(Zh4rmc{4S^4foW5pzr9}Jh}0r%5o=( z03YVYlU{`#3%Om47ZEs&xs*1!T02|edK@7XmoowF+Gg?L?G~B&Sn50#XErXDq7@Jw z#IJyqZ+omh^mFiYo=)9@b!)+oRR*0#{y>XsOD!u+6*WHtF1HRSI)7QK`b@?$L+R$I z^EQa}#U;e=FdmO8pRcxkgG!ZQyx#`Cr(WXNge!Uo5JGM>4eXnaYM0{16-;=7qX@iq zt&T5EF4rHI##$ICRF!_72pdS|{qQOHy>$odDlgaf7x6QKGe{Q$GQ0eu59 zTe|iaU>|4*pO?OI_K9CtibbSO^v0@UZ2E^9{Rg!MD$-XB18hY|f-2kR$herXo)Zi4 z-7H(qT$5kKP2-7_CpM37@zOc|fVq|r*% zj9t?kLUfV?#i7NoM-~sh8I|j(k5=JF*qrhRuXN1t=5RZ7U9IFMZo zmB8asM*+$5uBlgV{V?8d+ph+;^QruH7!|IMwdIUcix+&hk?)$OgP6A%`cd;E34N(% zM%c)4*Yj&KYz?3K*y2GwGz#*k+b%CBmV!4wEw%Mt-PgHm1H;&jy|P~nbfR)upvcF~ zRyoYAM=s>V2J~|fozKxCq66I?Z8ouOS4Gg5gBfUJAK!48p2l5_uRr~6=}&a#zu!{l z$F7FD2MJtJlfR6u(0o`AOXm(HCp%_VipZZAn5UaBpNr} z_|$;Qx_J45X_7%D7{~F zTHDv@s<_Py1KH8s9##BbzpS{jnOvqTlazD+<=+uoTfC{_ca`OxWHb>SU_yH0mlYG% z>0&?D9L&9;*_(Hdp#PuJ=F~6#^WF4IZeju0bCm-p*uBAkO%u%Yp#4zd2+vlTgb8lB z5BJ9X66oL<3alf&+ETsynYz#+J4SAHo6M~B=D(6x%)PG?UqgNIyq1Hl%-NI?v z@>solkQzY<;bk3rG_)~7{K`uM;`<(qMNUQ6TxXLyzbur)B3s@)Lga9lem+$s^*5`0 zNHlnH(|D3bB~=yYu3b>fXQw#-VBbj~-MCQf%5d<>Z)_!Tsm$)7mSg#s4#zh(e?r;? zQ*ee{r&EA`y^jKXf!F!lB}&#pcHGBd9lO+REJlb>*#Ipo#v&uy^Neas=c2iBHk=eI z*W0>l^S=f##CLu=tsCU;wr(X=QePh_>a5Spo*BVrfG^a|^Dxcph(f(a-RAIla>i?w z^3d65I+m&QDWj3j>XSS#qIv3zqw{Wx@TR*4{ z;#^1bp%P^VZXV_y`AIu$U-w2~*_6v$2VaH|ZHG}AMt8Oj1rl<8FV99VbiD4UUQ5Sl zVP38}j0Pbrj$403e)O+~m&)$Mvi33eVrfx<8rP)xBTMh@4P25pyCPoHbli|@Bo5jB z);%(6D25oHuYARA=LCzvpb0Zj<#V+qyB5FVXuhLtZ1J`|>rvI+cxcok-q+RLtKCMREWX3L~{Fhy(4Gy(8l{&Q3UNhEb z_jstVX>A+qwkDV1-Nwc?*bnN*NC-n*Di6jtUoZzmhPSm1+9mHpJ<3mOz5Yx5dGTVh zkPDY8y|Qe2z&0VMp?PyC6eum`6>Wf4(ef8XzaTxqUac!&3A&;fd=` zs02qbPb_~HtB92*vvur^w!(1F9+h*jkH?BCx45r9%W znjG`a=C+h=T&jso&%V}*AieoJvYxoL;f>sC%0Lp6I!syrZAVa~kW}&0y^e%;DCc4Z z>+3P^yIm9ZC&*^($13p_l=^3eI55o*?`5}B4G2Cq#PhG?@Luu<-@ge-uty%mi6Azn z(*hfBM*F*p#~D0^bl3aASoHNjaYt$IWx{TDi2eRpWERKz?MqS1`j$;pAALOC^Gh+T zyM}aQAB7KFJZUR5jT7#^a6Y(fwn{2#?R!c8{G*xkE>C|g<6M-~=c3k8{&8myu;dL9 z`V<>(-eX==a21Q07bR{(SY)4L@)Pay;^)hn+`$Z{xxw;O&B%P+@b-M^qnK@|d(;e-gcVoA`c(Wa?#OXLAjub;S)YIi^+_xLw(Cp4J@VM3A&wP>mRPj^x&z%=p>}@5wL(b(MB?|s| z6Y8%jsTWW?{%laUE~uNz&`yo^*i8R~dS%3JXXTz29n|eJboWIeVK)tnjuFUVig(Gm ztE3gt7WFXzeJsWMK;+e)}rc zj1l;nsuXE+#liU6`RB4;iu5g_8$C^Z4p>stiLP6ZmF79SxYR1P=I<81=x28QRU%Yq z-ufx4oX|mYmN+X)Qc9|3^)QIEP=4ha&1RSPeF3+$fWJ8BUmvjUfXQ}K+-dGZJT$sK zZmZ{k_E)sp<`#Je8uS=X56!JK^E|ppTu7ZU;MIXx@0aY7$oU@am@hxy!tJ1CN>X6G z^=1UIvTQ$>EMYbn*am(;(uDf4723~!_;SgdUx)+87T+zA|HSgbHD6rRvKnRUgnlT+KasHf`blIo|P1p5Cs#gkO8k6`E86N;)#_9IlXTg9yv zQ;vTvy?|3abS1u$@ro$kIfqThMqOHeZ@W8--_Gx%W8PYZ&%OA^%ZJUxLO<~wTV(R1^x#oB$;}nrJIVT7fQwJ*(o}) zwM>+Wde;A19B6VwP1++~jP5_OCCKYCH;u9b0i zr#YJI=`Fvw>AHw3JQod`|J8F}@oQH)S_n);YL|hY^RJPSY)TQvF0r^0fiuDYVch5F zaq2!$S6BZ7h7a11c;QU-(C+^phP-O^CXZBc#>du{QFe|fXyx@A=&x_sf`vdl)&BnG zCstgQ6zqL8`SSzG`6_f-c!T#R5}w`RtjYm)eHLkOiOVtcO`6PNAS2|0%22M37WIRd zj6hZ&0o2=al|YYrA`}&(eLLF{l7SMbnX>=`dLJn!I9M3?&+&pjf(5u6xR_DG8iiewH zU#~2Oi-L-2tNsz2aVZq7%2l<>!+!t%SI}$6&dJH2ZfqG`Xi)2UqCXP){e!BLJ@RBg z%LVI`wn}>-_K6DRJDJiFE$oza!D43vizVg(0tmwsfsZny15mM><^aK>&k@ico=Ck; zBpaGD={#UDYFE7w>tkw~dF;Wvthp!+1P9OM(f`2w8P&o`#;JH_h@xZU5B3)lvU#pL z$S3w)I5{^F{Fvf1L*xbO2_fMs$@#9>$d)Fjt=W1l4VZQfkP^iN&jLxPg=+mk!7P*i z?Kcf!K+u44JvxyLoapRNrn;QWMmYkl>k%x0j~m_#c8l%m(nxq#$2kpY+n-1hgPEk2 z>FI_CSbT9%3fS_($s1C~L@(U}69dxgJ|6OirDl`Q`fOY<*6g}rJn$d55S@43J{g;h zHm0k}#1&{d=i0*ORZ)Pb%@8FD7Z2Wdt}Rv9<>bEl;1zRO?UB6Z<`_)#L9F0|;6u4? z#j(7Ulpk?^nM_Jz{2Gwv+h9e?Z} zbMgLN^6fy?Ia`9(KOFPRz}`HO>*^xFkPgJyOI4x7kOwc3Yz)UOnbn9fW?RGmz?<)L zzdjcYPngJiRQ5nC5oi}lT&8n3U!P%AyKquQIapx@)YZdas_-iO+^TBJxO4v-i?Ig= z>vzK8Ptx*EWEv@8LeRf_5VQrS0I}CR^*oE*=V1Rk@TUS;cZUj~vr>7y1;z)2lihhM zssDD0gsOaC#+&S9cE;gO_*{ErY(Fpmtu(J3(5Tw>sQESvaD)`0yAD9+3g#3wd@gMV z({)dPC(O)zjLZOs5ik4=`R z+&b!r<~`{ao(q(PJV60-@2I?f{d&~FK|XoS-Zc5rV7At(^(=SI-kX0l^4lK{U9^P% zswZm)D%%v$x^MsUhL+4wr*jg{5x@QX1qFUtIE6!)YfY&gNWY;6%31@G%{o90F-T?gvZh-=PdHk0`WPc0ZpzNBW^=exWO#gY34g`Tr4#$ec(B!ZUk2`VMN%SO-Y@&o#uZ$FYm(gz zn)kI|2*_kJwrp8CX;KG^!4fxZ)5Vgu2#i_rQq@%hfvWPul^;|PJ|K#9h4|RhCiQ7N zg5!+R{+IdL-dOgk&4XNG=pBDD=;{K@Voy~f;$|C=lZebE`dt1*5mhm! z(r5^eb)>j4n#5)#4m9Fvxm|NW14~W8VkxOAZE{dS@z#>@nNLXTH)V>i;yc4epz9hn zJduk(86sj2hUJ){4nw8i(c1JAV)&ud+o@$P65w6^$e|2$X*!c-GEh5cgYN#KVxx-X ztn69PWl!!M)p}#_8QL6-F9=EBF75{%>HVTRVDJQF`}!czb;~ZBe<-kh%8u34< zM*FE$`h71LxTGsCuvkD-k zf>q2>7v+^M>I1>IM`t80^MLCgk(Ev>F^{T&SlAvns1;d-p}l_u^d&l`VtN}Vqpzyd z#wV@8BpBs0uL6d8(O&q`H8pgDANQaxTBR|ovaDng(}Pasq#f4GPH^hd4`f*Nw!Sia~f`*R!tv-DH|?{`f^>3hm{Rl~k<3zvKY|pjAEj zw%w1b^LBXg6e#kxfQpTyTzV4^N61+QiEvtI?rLLt^gkf7IFF3fIvGhBZ=Y5mF4(RId&XlVx|6a8lRJ~#oze@q%}asRJ0 zq;BS%H#ygpHEAW?0;O}l@IoZ&Mj0uM6QEe?q z7Ou*T-j&B+14uXc-YrC|`G@IyWbV6LB;rV0H z;9P((14RI9epyXkafZ?6)L=p7YM!;E@cp2&Clrc%uE%Ma zmoFq3W-(@I`#AJ<-cB-B-m%u=WLA|?WBvh3p1vf`w&B7ikUB5$#^2m9UCHr-N`2$u&zO_f20S|x%nYfovH{GxUXy;mh z_eMG&!SAP|WXt_Fi$SLWo8u^BDl#R5NrDqz1rvMpEC3^Xa54nUBJZpaO7#mZzw%QE ztluWU?*?vLoRc=Ne}{Ix$RzoTz*jJMs(oDZ)fc{&taN%)b-ro~pG09f5CvtMlhJ6X zdGDAL0;se@gqL%_Nt7+_@eM?|$2y4NHNXH4A4}UjFl)keZ9EBxaC@?;#X5UD^9-uI zIvne3%U!EZbaqV>w1)t}P^db7CU?t1kzNNXO3eu!o8HhnCyKi}eQJpmGeFWwn?-8o zly7-5Vqy+Vpb$*>e<-`ou%@zZtq3S0U>QV$G!am`^j<_j=}ME15^5kIRl114DAJpB z5b3=`ARwspP9Q)CMS4f75X#;08^3$MxpQZ{KX@M6IXP$VwO4u9TJOU2zAu~xL@^0% zmt*uhe7Aa5hjkyOtpW6Ng~JwZ$3TQ#IyR<0nI+g(-l53Qry@g- z>VwXCS!1S=sA}mcto^c&C{q|`d0aM}^sbs59#~5&Qx`~>qBDXIVg}7zAJ1?za%T&cv&&J5tbv8bdSMN+LK`mbO1)yIF@zXD=0fX zaEIVr6#EZ(0R}KXNtkgfvQ24rj;c(Iu}sd-y8l_ijT-NJKw#{yR8qAK)C!MLpmIGE-{xdU?G|Xd)_8B_V#^8E#kiO}^cL|Am;t%>A+e$a^gXeS=V^ z>EN(-*K4izLaxcfNTH@&Vr1(6Yyg~UKt65XzMW*mVWn((#jJobZdf#tMMLp*0)hNN#&$U@oSe zN{X{5TQd5u(n=fBJWjuNK%R1`Ru8Z-M%GY12gHUdx75_?1_lncwWmSklt>}~7_;nDfas7NSe?>1 z@;9nBGFGLApq(Z)ao2O{t64VzM2ksL6I-AzAT>m=vrv0JVP7>Mk&jI{go zQ>$!7`ZfDB2zU4!l?me9m$Hyr(MnaXKtg4nY$(sKH|USlzD}VvRD%9&a~N8*)M``W2%MU6X1mflZ3!*%?A1 z%-yZCVgTF0+39jqwEkPbdxP=Jsrs&MLGxlzzZm0{*#mp0(UK`QFJ#q!lh3$-5Aem6 zFK4OYTlXEhMdsg$T4#7@2CeBB>R=n(OEZ(~;*$2&%rCd1a$Sm8Q@X8!ow=7e(K`Y; zS=D$tQkm2t2`d4^;eImc(t|jBfX?!XVkye?Zl<==-n-<392r|q$OoJL53g%zk;v7$ z#Q;`@T&< zD8rvK)=HbFkM8$7$HqH!MGkam4uO7?OJ9Oow8g`*DYQL!s0tg zrvxQX7q25q7KzU^o5U|-XP93-J;#iaesLzs;F#gx=T~nAJL@eTvoGMP&HoKs0IjpY^%&=-{^_h`;iG2 zw=6#z(!=syZ$*V=2QV0V=xM35?^}ITlJ!RT#}c8LN1a6+j|hvVc*vS6<}z(z*EBJz zSd_vUU&sZNSqBY<4m9@nZREotHYnyE0gmh`9kM!Gz)a9+rAP8eHUnYxPVG$jA{^ma zljn{obrjIdR`LfNpS8Qi_6!>Ap4Q(r^NOscJ|zU)8Dy$BpUtIGprpAh2pDB+jXzZ( ztjq?&nH1zl`zDi#{WOG-h2uR-iv;hdOq))RLtaC*J!AluY=$ISE4Q?+E;3-EM8TCX^SlKD- z0=&;yP@I=A-r_D*<-`;=^5}Mm?0@EP|Lo-c_^ZhdNup~i2^9XpS2=Ppj$Z>p3N3~1 zFKuO+5o!lYuYeS#alNk-r%{EpIl761x*5EOJ zR92%bS*#W1CzMKT&d{kWIAph9eW<;1jv%fpST2v)+Wz4g|0xDT>xu_dC>xu7hXQCe zV~>*{S(0@|pJ|9lvo>zP`U7OhDM5P%aS40&KAM)&TSRnZWW}gff1h2Om z#03!>2^a{QwMR|z7?$GEs;X7kph`hhZbAUtj`yG>tXTU@_LRyePlP9un6*Om1FiYn?TX_0HEq^5(@&YAYG@kC>fKcffV9PA*H+9?^i}zJV7BvkT2rOhD z4dUe4{g;MfD0vgkLyuSOe98vpoHfJ>1alpyn}!Y$-s5hI8LQ%Xwuf?6Pf3$g6XOuj@v!JkeA7 zR?lZE2mQ#KI+D0F#b$|G2F|*t8t*o?jicM;LXWQ}W}SXeP@3JC4Y&h`1Nxdew6dIi zS;&VJ!}M)R{4ZSN`4~`QVAc*AEA`<)LW*)HYOWgTuqf? zV88QJe9hu|P}t$Poark~c6bC@mUj<9tTuuc_$_mg1oW)!m#;&32VNwT#x8jSRak?t zqHF=U!r4I~?7rT&hkk)7wxh|!m(~%>TpqMo{-{MZgQcw?F2sF2omnbL!Ev^hq(JLp zu9tOjAJN%QS}X#?S-!GZl$NY5#AIc(A}=aB`hk^|Rc|5Jbb*q~a%Q7&MXxP@wN$j% zlxcN@!*Up#?41=?^R)L90do+Uly#~GE-M7FczLCez+9LgLYKv5aSSLG1r~F}%5BN^ zteM*jDo5Mt^33%v4RXrS7oN)PD1&WO)~tePAcT-~=lN=uk;0k!De24rDS_>g;kg(N zwAZNAY686QZYGz7)YH%B#MB`2gVts44Mu}DuTT@eW_>_&Q{&QWYf|aFQGlXK{K?3_yc=uJKmqvL3fV-h)6Y!7?zbG7McV91e zs&PQBQJ>w8p;r3rIes%Nu3Oxm<5$F`;Pzw;2W!|!d~UhFH0Jzg0BbhA+sROvH`pH| z3@Y>zL^5}5IWEnPok6tkQ?Qw0 zf>fej3;{^#Hbhtn3kQTdsiPkxT{?af8jJ-L5b92G&RC}!IGIvFEJp)iT=NUdfXT{Q zLhd^%F*g8TUGQBlC8faU>;&SEP9$rYm4Gy}13>mBu35yqfPlf4hQJVzQqoqz;T(8c zjDmoiCqf10aR{rO4v%%DQ1(SUDImtI&DjG48Ggm)8b|#fM*-9dXAiPo80361ZZOPK z=jo#1t6Y${58$z?h01ehc?CY=X=@6d3I(9q(UQ&s`@N|P?Uev^?dCEoOsFh4tx9$U zCZ|S*4iG}FJ9z_fOVB`V4nZ-%tu6bA7N+?$aZ<@B-3OLvoxBJI8%^;!xkpS7I2;awvk!`)GT@|_wksY1$ILSy!_`r(iK+#yS3 z+=~TT_vt-WN{FXX`-6_oq=6zj%wZ#A*8|z1f|RWnLN##9xmn4(@om z3nb8*xnPA_gaW5>22TS-{mJcuS2-tE7d6{~q+mbS^tOau(}Ts(xlU3EFm^ z01R8b<~*Pn2q-e{2Ccyi&GlN+F@VU$3}igWx@!ShlTEY|7NwL&qzdwOPW!G{{`^d( ziohy+B00l3!<1#u?6Lqg=R$s-EXQy}l0*A#!Be@623RNE?NG^sR!MSh-9oQH$toym zkBliLZ$(pfeW46?LqOm$0`Tq)qs#B+XtR;o;aO|m(g=0e&*X|MMQkAsYv71O1hJ2X zP=WkXzOxN{aSxnzG9#e&VlLQaw5$Lup|U*(9!$hrVV$E5AC%7M4x($Y8R7M)(^hkC z&Y6-W`>^!RP`JS2(+6q1=|3%{hjP6uvGX0}b+ljg%9wm-~8C^~rV5SRu-v1DfI$Z?b#VA60Q5^o1{Er*#0n zs@lFg4Irh{C_oN)h%r5YI%;?+0&;KQd=vnZV9*h#0{$E&9+;M5mH!#t?Zr=CL(HDg^?Bxr5isN=sL&1zzO@=yeT0B6Golry<1M7#no@*Lk|vLB}3TiK$UA z40-BIX=sQ$&;uOStH?Y`>A{C8&LN+k*d@&a@-qI>0(%~PieCGy09!+|;h2!wS6=Sz zrAyb{PB85;$xYAxl#Kc7AA8#g(#cog1aanrqX_pat%-6BWzk+%`fkJXz$^b!{wuoQld1wkDV{v_s( z9RsqPOS~BP1?z0{sb@JU0c3+}>@n60s#Vci(-#6+8xEG(mm?5~H31{2hrtF6k1%B1 zzO+WA24`MExGsd&=G2htG+j8$t0Rbpe83N1u+6wnHivif>FP_Fhbkb8fS37csAGp0 zOjsxOz$I-kH+gVl2zh~+V0Jk;myoP4)|OE0;yR1%k?GyIJjY&J zOk6>e_d*QX8pe>HKfgSGhKwVtHh4HMR+F`K7F$FD&4jgl`|CaZ&pMd$n2+@2OI)?K zk8cUEgzeK1#1(u|6gyX*gO3(_3`&!?S7TUD;vO>V95Vy&!7GU*ooxMfI-QL!1D|uI z6SYGDT@Irp)e!1U2&4(sn@XJPRI>o)mSC)37L-_>Q}>I2^bf!Sg~;w$TRw^(qtNx~?<*o*1WK4cdU$lJG~(aTUXMrU*Z@-D#<^8{O) zFKr-?#$CV&>wO5^kL6cFWKYKdmv&`*+H$Bi1jY7dNfJPcwFaIV3EGq>>$jsVzz^@) zf&{$yq=>XAZdeba~NaMSydP#swuZRGbxHEwGX+qgu7- zmCAS@%Wsp5cIpTXEXtwOtZ1JFJc_njT2)p&YOx&X)RX{{1U8uhazM^BGMF@^g=R*$N?07cH)x z674n{>w)%6kc7`JaL@Ja)EWuFq-Wg()$;TwhV^V&j^w`*Y@9293Fuw5r9Y4m@+vdz z`gUe<8>t;Q_e655Fl=p>pNSK2=qomIIR2D(wbf?11~nUDm?2B%XjRPREV4YS-`;k;ib@^*DA7i-zEZUCpq(aC^P)L4CX~r)i1}BGmD1S@S`k%(JPc4(XC)1!?c20o*&GUc^OFIU|>kNUc8aIta{ z)4`Aa_5VD_f6hqs9usv-4HNPTF@%jATf|>-x%nd;upx*8^n+DO4W>Tt#*S z9EQBHv!$%&na*@SVvJ{3h3zqGyw3{=+>RqNp3xC|{YsXVVTgb$OxI9{yJfsPVzwk% zSv2$ocP}s<6P<-IeLjjscg-KF79^JI2vOq{2;%CPK+V+jxs_Tioe@jv67j8vaxK*S zV1fU60~tOMatT)_tdz=xYbG#vgd+W<%>z^@uremmga9Qu93Wb5pEOFE!H5hxES`Lz zY8~@Rze_#FsRWM~wTRvjCIKJud-@AvUW&0yO_us<;Sg-rU(yx-S$~$30w&wlrx0pF zf=fSE^ZD^b-7MF7Pq8X_uA}L?^31)BRi&GG^{Q*npTYI!pYeb*by3GR;=QUvlO*!P zP?VU@ltv6k=(2df-9Jl>?{`uIp7Pq2Qtvd)L6(_nF>|G?mzQtfTDeR;e7L`525J(& z(Q`0Kr}~}4OVVfhfYz{z%~=oNHVSu1o1XxH0fSVUt!(HHKf%?M`YF442F67*M`ZYH zr+aZcvO69KZ9~@`!Gpwys8%Iyzf2suZ0mY?d2Jg=u$50FQ^RZHb|G~1OXWWM?qV-{ z&66|hp1Kkj35bhZw$Y*%_JixLxwZMcKe}_lJW+Qy-D^a=H&jImJzW>qYkH`$0$X!) z3KNI1`z9vZh`@WsO9w}Zco%2o9>rSbCENcW6P5mScB>~%uC$JQB;}eOyVfc`BtHYXEO#de4 zRez~U0GIv=Z-R%7)RLs*ThcR2ch+|D^W6cq>oL9zImKV(ANmbrx8iKe=Se1E%wz|N z7(nl&+hTn3aqo*1WP^5x)x-LBx`NwC`Q$M}-Wf)$o@7xjgDTz7Sn8 zB+VN&%BBhLp_wwt#$0Ombm!jJ4)$vLwv`cFMeU$eNv#rvu;~6+G2fL&Z=ezvx{;WN zL_~XUFlnc4NEjwrhm;NqnAeryuLs9hcIt9$Lh;jC+OOcQf4cn16S~ z^6Hw1pi@ZwS_oNp3DwT%ZXqSSWnH0|+wHAb_fC(X20fg0gmuq-Nu*Nh_;J(faAv3Q z%Wna;kBs)j%b@B#;v=R5ToKVpOln7YciGq;mN5^J~ZpPrw(`D zav7=GsM08-dyXh>Y{D+3)=;LppXCyAw@#yflwZAdXqR9rHFLL_I8K&PjjGbQEc(I* z3yzLt-MvcgqEk1o-6VtN7{mQUaqYv@@-7|NDG`T!!6l*`mA#b*g1^~{*0=F zBIxHbDL9KcIzGDkw#NtSAGG6)DMZ%M=MJ?DeX51ue4Ds>w%};8lh5|_h&K)5>Sx~_;&7)K%32*7H$!6UbH;x z+sO#Flv}F1D10j`U(dhus_?UOzvN;3%aHY2V*EdMnzcWeMALKJRx4zyY{K|k|1K9?B1wlG>1}X0R z@Q0xf8TrVCXuaz-W_0+UoC_xDYRPuTEXldKWyKyDi+T9*e=i^qt zv6w0U*_`~@WdGZsmkap@1;m|?Tc&Jx08Ybw;HKCObUYW$#=9vLiO5PD(QI||c4vm)X16^wX9E4DH#z@Tn zqo0u1c=GEL31x;dpr^0!ek~m7&q=*^{(S8{QAwX;Pu*(!Cvy}5bT?kSpu~e%<9ug3 zuEMC=R+uX`YXeE34#vOy^kAeUse!|NijgN+f-3@$lJphHgfpZ@z)xHer!Z}4e)FQQwT&~6n|h8_*o0^FE7n)FAmnB4WnuwE7cRh zF|t7`4`}cD{qlY?^ez#=+csylGVjho!NsCHWH)+=@$0TCX;<9)Tsh$jFi+&K@8BY`FZf>a6d5P1e!e6px+dAqT+E9^#`@k4eCNooJi z3&@^@tG|9!UJ-JMe5hS1hBNvqubn3x4acvr>!C}SO%=R^BRe~ik1qADxfnu-`qv8R z@r%5w{gH?_HvW7Z>m$Z8Y&YMT<;Opy&wG?%#2fh(v~{VfHl#?Kw;;TzIe+<4zx`H? z(rg_Y*K9RFG!gQyCvzs9SNxD#tOVr&Lo{OjNvWD0Uu;8s$#3CLx@{JD1nm%aj2wt| z^$Fr=H?Equ{_;+KR%4)U%@^|R)FtGd7V_V|=KHU06g5j-sg`-oVH6WKu$IvE+pmlC zDFSM4`^62q(xWhf93DzuwfA?;n|r8e@1-*TSQ>{-=@GY2mvu|?RaKFp%pLl?i`V~Z ztkS=g$A4-STXvpNLf)zYY4Z#c==i6ISz9q016tpqOL!G61Lm@Dm~|}AM0t=vE4yuF z*nfE;7>Y%SKtX*Dkh=Q}j?Rw;1POqP2K4i5Rg3x2 zl(TI@PM8RwBEQYf-m#t5D@Ay51252t_Ftt(Y^Nhqow)garN`-KyAKrc(JT-sOHpu8 zD8W}Pjd5wBw0UOFjU!nGHoQovuwDqm3N3Od>7Y7ZyY@Ww{uQYH4^P$iEtS2mauu)r zAFlZ#5RSJg@}j>>-@`8ljRJX?gy1SiNA6{ZCTI-D{PAB+2m6!P`}5YFfK)zi-|-&B zrTaSgn|)&4y1?yW zHzdcFw`}&=kVCf~VRvox|8YNKu1SJ8vuF~L+2oO?h}nj*sH+z(VR&%*I&kTd%(i!mC05+!<6IR=h1NYK<>Q(y?&$Daoy*TYjI7F*qqv=YLm z*G$?rI~!&fesV$mr|AEsEWZ^g&mw`&B}khmkwClC?y^)760Az&7Z(<~%#DNh$>lCD z%?@L7!bZr~9t8X!r|N&-TDlg9K_@dym>VeGagmz1P;811%G|n2j?5Z3YwxSrA`j=t zfx4NlG>iJ*m;aR2KfS?ceUp_Z5@yR4TmI7Kb@SolOc$@>ZRpa(cH~hNTlA=CxG6lP zZRP*dXHLz{vs;Xx$i$!&1AL6V5~y3V+BKkWh<>cEo3hmY&QQjq*oz_ug1|+3=Scp` z^aZDU1+P|vEvvc_Hqu=7arTm>AwE_s5=Nw4uU5%Hq0t@TkszhzY)7H@E9ESI$n7Ab z{r(g%>+jCT<$a0~ykyCazbm&?ZqfB}Tb(Pdzg=nlaMxTPd*6WS*OiSPUU-9IS!c>U zEPjU7RwlbEBagJThc@L!fEgauOr<5{#l=aR=g5hF)h39ubr*W}3k`8UAHp(R8surr z3F7uHwc1>QoMjA~!Y^@%NNLIiY&T$-@>ed1Y76*3_WnH;p#$YJipTARpIav=Da*qywvN1S2sU&A7}ZX6HbQz(v`Qo;(L%USi?cp zWq*1tXn}BQ%57uuCGI_d!FI-OlKGE1GG5*iVN~*Ij@F2sI?0mX`*|DRL00?yOA=;z zGW(^Lx=Dw-^&&ub9AsNj`wFn&)v4u`R`JgiP&zM+at`e5$mjR@m#N<&L$=$fZ+Vp- zC{3)KF4f+ZzTL|9xGgxXMES_{*bII*XGeEV>S&s7SwX6LQKH|c(Zk0>A--kzu>^K? ztGgFDUXmu|UAwF2URjguk&hl~Y2&MV@U8G`Rd(RQvx7Gi0p2MYNa}XagK(8Q6zn%zH8#}D=V6ghSc2+1IF1YF_vQ1%W_FVIN*7^eB(69xf+W2?7VZf9S`r)k9=gINMi#o(( z45!sRjvM9TPv~Q{Qj+GVSNH6_TdCspj~gnE#upkap@%2;Uxn_qaU&8&SKG#@R$Z*A zuMxoH89JJ~x9yJV^ZUL!tQCpA}Agv3^=gf;d?K5Ar> zN!$avQ6Q>R4YQ|L(L#vaHd5SeZHO@%u=`T8$lfN2aItX=hXwQ~Q=3^TGoGfcT`rl3 zg*Iv6rjZM@vwGV-=Rya)LkG}ypIO{pc$8cuUwYm4`qoUR4cBBwNr`P$_B^1b{UyUnw6PcBv|z`13Af8GOSO%C zR(4cP5(y5=bd4#pczCpkpbxzNh%v8@-hTZ7;G(=Q9Z{Y0;j^&>{Z>d*Q=d2p^QRnce)lUGdL{dnxW`ubS- zC~vfKHTtEX?ADWcwwX%^*E&~e#fH0O>s!pB-&!V{*KS7GKA(0vQW}49?0k4!V|Ne1 z9#{~W(&mS3ydH?7p@a1gHM~EO^@ozSJ#%-Jc7WMadQ6Bk6zijeK+|5!u|VBA8wU2O zX!d|+Wv3xDrQ9i<)LcOH%G&rwgAQ$Sjmf<<+zoN!btEL&&z@e^)LG}k-HpDyYI@$A z>y1$3bk~USp5#&q)^~d-F|Pbp(|F`%X}ru@q+67eWSK3-wvii*-9s*hA0#X zS>OaOV+?}QE-{PILd+JdjdUU$FPEUC?^WyE_ENUGv#*s+;}5{fG%@%s!CSLiqYq(&ojU6saMUSog6b*Kg+5#ZoI&=Lv}TCsj z8smZw)x}h9Vl;bherW6ZIag%$F~d11mjEU2dKQRMldS`WeDTSFy6?r34#Ocv3|qru z<`0~0g{?1##*GQs8IOz;-Z^Vggs}{yVwr18{CwedH&^(g^MqmuG(qaXHDtScjXkOB z(cISZT>G1Q(NGIB1s}0~O_|b(tK}1^s5ke=g$P&k<{s|_tF2dA> zO%F~m{iI9&gy#Kd`XmitbH0JzX*j*U)122iv%05Wio*^flb=hF(VC__9K22EDuDcf zJ6Wox%7_bY`h8`%^E94>p4$ETD+w%xZGte@x%0Jj%njP-r5vO*_d?FEk`zv_m&68n zBWER)j(LV9DCn=!+Bs>qB{Ta-FE(`ri)B_`mCViY@-BkpKxdCyMa?urDoVT>XCWfo zUuOmSQ94;`h~VIo#Ue|cQq~1W6jMfRc!$8a-m;Ixk&^z~V@pr7+%DwSqrEKoK`h0v z{-|pD!ZF1pja7Q%RB%d>MS!f0${vfmw>6B*>58P3oANETOQI!DLgPKYOr-F(we={g zyzM*2-Mo(eJ)~cb64L!{&`SF97*m?zICnL_fI=`b*}=*F{);}7HuugjQb<`mVu(HpPr#GSm?{FFJDnXwM}pT*Is0)&vm zh{FB5gC1Q+PoHgQ6`WMqey0k-Hpp!YY^5CC(COLr*-vleUiFwL`u&&}Q5$pg6nk>? za%Km~{>qznv`~81koC}YqhmD9*m93z+v7KQThg+zf__=-Zqb$ex>-Y(ecH>k>0XU? z132_6+Go$TIB+`+m5aL7-lHv*G;4@t&FX5I;-%OVCDOJ$1&m@ygOR&g5%ZA)PAMz@ zkj3tG`+?$q>4DFzvDSJAdeB%=TQ&H;krr(1Zuw8~JqLaJf)vWd@7p;*0yXcf>%Bzi z{Td&%QPGY9a<$vZzMb{v)SKy>YSGRPg1>i8ZGRRjO@)Wl>EIA#Pqhb&HoU*bv|xOg{hMDW(qS*fGmEQulS zE1xO+;{{7KUZ%D^&OPR>J?ZqGV1!(7E+F*!=9kB10vTWTHnG|h=#Qa#yW^L$Yr;*q zOi)0E;bkIuneYDmV(5nlVN^gRogKNjiZubJJbRZc6eKibLyFUD6-y-PR4k9 zY{OBE-g^>VL@-I@mawLeViVzOWNK&#=5DyWJ?6TJn`{1Uy9+0;>+t&O`q`;Uol0Jr zg_^Prg~fxZTnJ%@{J!btI13r4AFj{nQ$otjf;h!qutZj5zR?sG-QA4SPMA=@8SQl! zuli$l@|p>~x;OTCuz!v_QYAI$sGMXuZ zG10{5md%w{@IwRjnb9@9gAy5g)`iy-EvQrBu8(+QuH1XR@>_u4JtL(y9<^*Uso}_c z^XsoN>$DGdH4d_hYQv(?zW3kWhU`A5oOZvqm_nxHUr4Vv^$FG@#eVL3%}_e-k*u0F zd-+!dVYX;M7U_PiGXY(xZ`Md^;%~wAPWi;>!3b4NVbbH}NCT};3XaxkTKAiLv+XU} z-&rJ-o!?`13K*Z?)tkzWtyR0r-oNm|&*et@xbTr@EZVNBFbLN2z+>-);VQFJ5n(7+ zkzVlCRfLe&bSri=mHXK6nvvB_Gv_GO{x;WCaNSh$QD#HOX87f_S z9!lprZ+qUg}2@fZr&F{9Lww?+MwNmDG# zi`yhe3R%grX04sckKF^M=gw7E=X&!E_?Ox2Y>^^PPp zft0qSTpwU97wOy_>YIW_M&SFSDx4|vWaxE^*5(npVA-;z0~0lsUFLoZpOn2T(Hln> z<9kfp(}Rdc`3!s_get+vR-f;5-|Px|$My&MoTQG9nH_ryi;j=hoQ2#KF#0$7GbdwN zA5qcntY@VLPpUx57aC{|_X77EaD+ z(+zLs%Eg1;?;~k~kD6nC+YKf09=?W9@T^5qtVxX7yK43<^4r`&uxd##z`h=nO;D0C zLzbPMuW9rcjeOe;zHURNPm+T9KHi!a{-mg`f@MMHz+t(ny0k;UwE`uwJ8FG6*jyOt z0BxU*w`1*Mdig1G{rj9pw0mGyND&e7TBL1zT3c3d#net8W}uj&a3Xk>q8aMK;!{UY zYc;bod2%MANIt8{2Pq>&1Cyvwc(|PUy4P<~>7{+kQA?i^qEgoO;OtE)r7Qy}%^Lz0 z7DmkR*>+2mb;#horjxdMDOq>rM_otRQu%aNS$#DmDYM?$>yoj|KF=o}hen)mUy1+3 zz%z-sdUfL-u#;_*i;TX}aF^jW%6)|G%*u|;(R}(aS=PS(B zc#g;l`xj_uR7yze_>T+E%iFcg(oP36IeE@h!s-IU>Gsp2q(7aw-*BKm*h|^ddt;zJ z^5BFsqCYkOx#e!{cF0b+=Utr~<)iM06Fnr~4EFn|>LAHf5ys?uHAV9J^Jlb*ySEPZ zJIT?nYjAgF>2}u3q?=C+qQyHJt5a1r%gh|O-iJO~7ow^x#o9WAL=YDSlC9@$+^Nr! zYG|vyUo@2;`6Pa$wnt2mzfe8p{qb$|)Q%W&a`>%RI1*{Ank0TA(3ukiOWrNcB%yZ~I zj66Io%l^IG{mM>-n}cR!PAROBP6k7-Vhoy_m(~vP;5!Lo3s*1S`OVXbJ(&Kbc%#Xe$L?vqy{G-Gp@CmG~ zuhymNG1GdyEhu=Zh3<#c;9Bj@tCo2s=?Li@S8p@!r;w-uTf^YkOLQ2w!L_=+c zI^>)pdc^aErh#{mYcQI2<@<(-fpQan;NPidNDZ7n05G1%_$mP3EQ+CSXX~$AbN9ek zqdTH{D`wtd>!jyMA}u;fb2~3U$-9ko8Bsus0{rp6KK?=H`ERkdM|>!WkX9 zrE*yXtIqY=N9uIC&oI^vEL8vAIqkrYgDhb+am2hGpvtUKF1;HcgN6y$tos@2eZjQgH(*ESsfAb#@=~aCO z1&7(Oep2Xao%5>nM7Fn)QTDM0j*dV54rA6#msW>WrzF#z-rF! z#7yrlJegnp;9;&LXEvwRI>zPdDpEhmfoa*(t^-@A=2VV*`|TfaTaW}dbVPL27;=Tt zi6B=ZW_7s5blR6=%k^;l{~iaKPjVW}>Hb%ekHJypog>*F@P30>an<#PEUH%V5klS$ zKAtc)?Wt=c3>F%gmJTYzTa>Ri2PKNi|6}UF{|2U|Yp)LHmHwHvIv*`uXm zg`PIE|KneKj|mGU+c|V48H~?CD;sLe?$Q28RXBn?&LwaEPK~uBCXiv`wHCz9UWf=f zZ&&Pf@L@^Tt?p~%+a>y>e}I-53JGGJY99dyp$c^8?$?ywEa54XO`G`n;irM_$kZ)8 zRF2_Tf8lyc7XBmqo@~no4cTUgCc95u*Dd8JBZv!hf!y|R5$zopbB$GtD9UTF3EjJ7 zdiVc0oqqtGCc&gD>cv6VbsQp)Yhunt?R?Rp`QIe%|E*(8w1^7tQ1S|aAagz%-KI;? z9j;2m{78M6xqobBq%0#p-$skO(G4)i2H^8o;>&2{>?>p)bB9{3T_s2rKK}HIyHYP8Vz)aHRd`bIj>xVOFb*ej3R#o*>!-)F>WF!BkptFinhWsTcyeB(N!rbKT% zn~>+)trrp58h+p&4g!=mULS|fl$Cs&wyyR&J*BJDHe16U*y|7Nk}WKj`PxWA`p{k9 z%o|2vxJVwKm5I#NgZx)D^2j60lmzth^3FN04?atEq3&9OaO1rc zFu&s{?`?SV>m?}B+hFHsszaZ}`L0ShxId6_N#juBh+c=)KS*~b|NBxvkZ59342i~) z?p9)}`CMOi7Np!(>X=KgmR4f|kOJn%}ei>R~Z z`bj!5W!X_!7S&j1cl!>(TbAJ*kGkHheT)w_RDziCAq}~}lNRWGRHB(|`1lCq+MttF z({>lJw4V`Xd_S#sMv_c>DKpC|Wp(a^Mzp3!s(E)f$asm}$ddo}5XB@!wS9Jj9UN;j z@_s;Y(`}G-(|xwXs^<#p-%COSwTe#@X}XJwaEUY1{o888gFO?}&r%SWp|XTLo;ud!XOvO?=*4%!WHk zq=@MvkNh8Y`}Z6We0PJFEjtHocDlMKNbnG!a#F)oWhEl)xW#h$=-;t#v0L+*hq$(3 zbVAytzUTundS@k*-{==OQ^Xp$ zE39~I5m$v0r}#g-dIc#FgxV>sxC79Wpf z4e(&9*r^OT%w98FVVM%*eE4_UAPk{B9t;Ir!rx;_-qHv^Tq~$nv0mn59m93Ve;)bU zHO5^XuCwowmeLT`OlWtdYzt>(J1wsq~Ukrevyb;N6X0i+3BL({4mhy zO55(&`17QQ6TXz5y9~6=6ECgf*0Xr2wO)vvGZx(SLzMYPpteGNnS2QziFtcl1 zEmVnSwR|-z+WVPvdF2SfTduYvX(m*0;yCRbrJL+N@c!jnBWV-V5lID4l#Y5nbJ?c$ zOLW6G3_`z!Y=!ihA|0DT6GSJ(%(qF829|sbDCopY5)a)*rc3!7r8=iY1ON85L}R2M zxL8o5z24JqE3mxXe@S8%P__AGky3T>vHRPrf4uytBB~~kHN&1* z<%xVnocq9z*Q5Yjh~gvPAc$+=OL=E*q0Zpwm)JFv-_&6`S8*tVqO808e-YFSfnsd!EwvZWXFLqlNu*3T@w}C@{b#0Pk?qxVK6LJ zGSl0w+O+IOhJWK`H)e2l9;EGlb@~sWK-!$tz*U)hB-@x(|3!$jxp@yIQZ_XM?<6J{ z>rjXQbG-Vz#|v86sh221$%`|mhyspcxfgD^G;21vT}Mxpd$+nv)b=*O?K+}rD1^>I z;h4QDndlAy%J%EH{?s3W#J%cMp=@|;aa)Pw_4369p}#xNy;Fqp(MC65^9Afd%T(Zgu{$H{$j@Z__yrvCekELbu2~{9%obnES0z}uK;JS~Mf$6?@7}^z?LS;TA^&T$h+j)I!J~EeL_S>7Y1M%60q`Og&t$F|b z9{DqISc=#JTq1-+cl`0KvIzuHY0ozam23P;bIL_ArTZ06-^cPkFS~pDR(FgL-R(#R zsdpp&>T_B}7aruDJd^m|))0v%eq{Wj&@SnZ!#q>#tkrJM z;CQO8rOT+r&L)~jdghO7eLE?u*WM+UK5X!e1CegBl7DAs(k=G@VD9nnSEWE9vc~{+ zZ9lXplAa2x&ER;q%`^gb?5VfI?Uw)5mp@Y;+Vj%*ft;6r9b!W+hvcYoJOE1(S%B`B zHg{;-+?b~G+L~?M!gVO^^+eXNyp7XaEbR#+5LxO^-rVrtvK>^GsA5j*gc%uf;}w7j zO{>8Zf;eYTSNBhfD_OewuDPji=e_sZF)>}s&w1VghS(oYJFoU6Xi^+gKNAt?9-Sc*2{fug zQj9T=S@I!|R2ds|TyyjHnFp*_S`R@x&^qkf=LKI}f)7u3ZUUnnrzaDnb;TvyrVj_D zDOWDA89}PmUy!P85cl3u19pc|nd-C6wf3C}QB5RE%}Z8Pu*$nV_+-Kxn?Kn0!>o#3-h&;7asQ@0P|02eqd_h}|;lzt{j&Q6{n zZrPQFOMhFmEr3%)Hg4H&P*)IBp?U1ybKTCEFRjylwo`*;H%5U=uNOMowLCGL-G_4; ztA567Gt85dmlp{bt&Fd7SXQH4(S?R)OQ;+`o_zz1^L(B7teLv901yVX<9kEd9W&tq z0s`-+I=LGT`{@QA*SdE(-QS$ujh}7_Ra-uC)@{g}&1pXg ze{=8CM7(kyBl+JR`HPQD2{=ihTisw-uk}1a_uC+s8nV`^)3V7 zbY=kgPaRgFBqRb5t*evoS?4;+-3IgCmWZm>rF~~?>tPGy&XtS~WM6x*eEBRTMXZ&; zL|bjp_!|I6ExZ3t-@2V^gitqsIBy`bk|@Iq)61yCb-tXbzZ$^1Czg@$?&@r0Y|Mi% zFAs=2Vncl#Bjs@?C=Io?W*R%2J*(bLKsIV?KSqDNaaLrtd|+jH!gDM5y36pB-EV-F z*6j1|mv*1Ixz%9Nc{<$scld;ageABmUP4pxi)aea9PzMuP!cQ{^@kKK!K@(ONTgUR}Nx~Il&Y-zt zF2$0EhZ^bLqDLYg=f*JK@NLgzGb10VyYC|Y0kzGpB~5UU zq1S*s&Sx&p;=c&{>bR!Y_WvV-lmZ4Kl1eD8L%N1Vg8~C4B{JzwX=Y)zLuJL5g3^- z-3=UEBeA^tuT>2<0UirGclA8%I^fmC0b1_a9WctT2I$h_Pp_L^9`QyO&YsIs7j*o( z$oh94>c57XUslOJy`Tpzv8MgO>Yx^h&wYx-XE)Pi-T4rfWUpZO_vnglAe49Q5ZRm- zDfP?cG0n@wK1~4;0WN$2B8ZZz9Y4f}I=?Ywj{i4SF6_y5&Kvp(^O zuo}-66sc;xV6?uDvsrI5#HIQApFgotJ(bsT){k<0d>jinU_|&XUVLYUty%3;I}Ny~ zq*lQkHWj}KAnZ*1KpguHod7fXB=+r>@jY2O7Yv)Y6wO_4!!8}S3^gIM%nEtX-*zC|Ep(0e6JJ#(+J^2*&$w zOs!g*Bh~%30egB8qe#g{njVfsxn2$UJl`tbGM?}S>8#1nBDtPNA{ftEkQ8h!4*b{e*r_XNJoaJ zzn4`&kI*n+@pUS1)Tp+ulHz{){`YZ4zA^geT$ht3a1uqL0w^gEw!RcY!B?J8uMb9c zyRjj_plgpm*Mg9@4DhHBUGb^Q=QB;<15#R=tVPHHiHRA`$5Z^4;-{Ns{XR+)+W|Nl z5%uoh!K3x;A4OLhc`2%tRt|7!CXU zu(WxFk-)=5?$@kj&zF1GUg!GQgjhP`f|*-56NA1bAt+Zn}}Y2(Wr9gZ6qG4pxE} zvyiICET_A_g^gE|ugk3sn6K&U>*I(7+>L11LT6U^_~c~&%*<+Az>ZF<{H9%2R#qq= zOi}|BFe00kdOf~?ZP{?eSlWMtyCTK+VP~Ae-|5%`F!xVavB^bi9Bl#?XP^B$hK} zUP8a~R>}@~#V>7ZSOG`KeLmB4p#ac3q3x;yB&v3oB%1F>U#r4}d6g7)oHM@P{7ou! z^+HYAoa&}2V1VQB{fRuL+nS^>{FE2K7!9~>UdgOiBS%0r=^R4EiyuxLrkDMKsB)da zhsHV9!U46pJ4-{SJphp&Q?7%&>M@)lvP9)O`2sSM{kk+Y4kOnq2FW442ZHn89lr~41xxJH=l;~*q_4hT5{QKO4Eroq{f z6U=<<{%OzFa3o8_x3mU(-VXAkHRgqg&xMbv@8_dj9pI+&{_gMn=5$Wt2j&Ck6-)5O z+h9)!7_y3?Mm+7uY$x?g^zSbSp9?5n7<8mTw%3L}Ig<*LP<2duB4Pf5IaUO!9IAgdQeP+m^}7lSED z;Xp_)d={Gv{vf&?MpNQm^(BpS@PWxG9!%8hN_LiP6L2hjFJi=Vr-ZEY)#7a5waa0C z)@qCoT28XO7c}H^-HZUDlm)hH{d6E=W8kZ-V6nj1Hd}1X>o%DMS*h*ijyY#qCgBKn zIqz?cfRT$TN|;{4W%hkz^SAfrb828mNQLYYUbMyJTK`s~!j4%;4k_$d?bn)UP3ZsO zRoUqUNPz?m-a%IZ*`Y;$E3P?QU^67Tir>L{)qw858>0i6!m=W-z0i1qzY2;Yt*^eE z+&>;G&5;Ik@YnKQ#BgvBNT`LY(X0~Z={+m~<~WR;i}T?mW?b zCECSvJ+;{3#r8|OFu1!YVeW?Gb$$dLzdRJ|DZ^X2I_9evR;5z zGUbSbf=`Y5O{2@VK?h2O3xfX87FJ>Tn+v8YF|wST=e1IFs3!(0euh?kC)sCum!OM zW;rIAn5I_;=u?RR^v}E9b#$%9T2y(2Tklrs>IrHngBZ*ByHVvzQ#5~3@%ro(jJQIH zy9$#mx=##}Df?kU7sNA2{psnkaO;kAF-ZkhEUTDJL^UwRLX|ho%-(EmF9bvb2FCs| z%+3ZV@aJY`qVkQan#Y^M@4pl({TXE=p_Vk`GDRQ|T1pe5yHxVeI3=hHV@i6>{|unO zC>cqsT8;j{*q}+#(OnQ70sapmow196h>+y+O&yK-_1VW@*y@cb3L-|~z8>e&i?{u0 zh8|kLuYu{r3+e6>v)bhuon1XxHQJ;QatI|D5uNdrk}hQRs(gbV*6K4z*GxP&W8ZZ{ ze7K}@bq2R4fM^;x+v~CGK&&qjWqB;Su-=m|G#vnp$`9@D`Kl8F1=Z)l3K##B$$Y?| z&eD$v*BF1_$bJ%dwsc%HaA<1&{qv}(FzMNI4z>I<1aY?uJrO+oNJfM$?&x#Lwlw(V+Z5|Ecq^} zS!o&n(&a`;C0i-L+sGkB+s!d&8`M45iT8AlFFhMR7WFaA2rXv+B-cRi!i>Z1dr4Xq z6Bn}Xm~dnVPYDJ2FDO-&{K_A4Ze$~*hHHiaba<8B_opIo-PX%S$Lvi!2i?WDNHn&6 zHc?Y{JUl!Q3;Y?Wan!Z*8P=DUkd*AGAP#?nC=t`4QQj71!UnRed5$1a@{5)3&xsu? zALO-{Az?K%Yej4o=hkSl@HW3h&x3LHO|Q3<2U>KB6V)^r2;DqMYAOM+$N*2mX zo)Mzo8+!6Mc8_#tZSd_&BcFICEbH3r)%DpRby|cb1c@I4zA=v)p{Z;;FEL+SakSOg zFfnG=i5u06aWZ9YU&kVxh)lZ8cCwvQu=?W7t8eg>^1Y&a#gdsL>Je1}4&l=95~!t7 zqXy2 z%Re@rkfGAdN8Xxvlr$fyw>#$jQ|vG=_ORLlh|3zH;UP2S|574Jq9thn!*TkUbW2oh0-}iaL_ftImw>H=7Q{iSJ-|s@LC)wP8st>fqCQ6JywgMIM1k= z5RSVg1xb~+{Yyh8?Ttbu2RS}`MEAUI|8Bg=dq0gJg)DI z!r$P7Q6SNWwimavJSG4 zAY=~%Yp4?)j|A<(V5koR7#QUMv^HdbQ^-t}`7l{Km=85p=j<>n^xbl$C5&048Q-!P zU%BmVxfaP`lirkC$kJX(AT`76TE)vQ=z*pU&R~UB4wEPA;OwVZ>|FNV>X3# z0`5bOuv1%K2=297K7V9K}t zDnM_oAY+#V#(xde&n8??W+p}HYXika1D8O**3hq>8^nSIh`@DEm9OMe;e)3B*$KjB zf+`}YEc3n^CyuO~tjG+eo#%00$EfUXmA{`g+_3d3CAQg)*cgG$*Z&g+Oyzige8XNFh9k`O8igyCEEH)sOx$O+{-Du8Tmui4m-u}na+_%D$Z(Yhp;Xw zJ&Nt!___sJiAp$Dyb9t=QVl)y;h2t_kOGJN>cXujUEf$@|0TuEMivywx@Q^U*pno> zb+L8^SYWjDgJkXZU%D73~`fM|;NR-K9o)R$ldsI*(!}9GBi}PPa5xdM|nE zeU$as#LsxE>(#_iuEsoub($}yjoVhXRgbQITbg}8VYFtT&^_b2ZQk0&keU;0onzP? zhtVieUkK6rSbXe3;}42QJu8xH10hkd+a`v*%30>eCN$i*2U87(=XFB4-ftUod4#w2sMPXQ`p)f+c%SkONnIu{7tltxYT0FrZlG0?MFWKe62R+WBvoVhlcbe9x>Qa3peiwbzuo9ZB zcd{$+;=eS{Y@U{^1|=`rfcumxoJD?ZV*8Do$u(3US>*<3(oj$fAGBV>*AIKrV*Th| z#Y%*t$5}_caYb|rWE z<9qKvx&=j{jvT+;47J-m;_*^dx$H&qz2v*eMpZKJD5}D5)s^=+9FMSI^5|_{PjXH4 zvametY1#W=0^RoA#nWTLOS8JIs5-w#1OvED9F9wZD2jfO65{x(N|lBi)877qW{F$G zvdSOgA7gGqZSk+T$qLkA1L3BecGqr@NZ47Z^<=n zUGk+1x15S5SjH@JXwVdq-C9rZ&%C(}_E!J|GnH?DjB2laLWek=1)Vs($esGEF;3TE z2&`<1tge=AEOnhL(0b*2k4BDIgiV_|Terl}+94EiRu*b3PF&?k4W*!~Y`HcpO42iJ20*|1yJfVkcOhvG+PP+mp;Q6AOnS#Z4~AU+%rnPfvPJXHjG`N2rK zM^DEmn?HDPk{fq=20myKoTHhAxJ12i7C+*&UMw>sgsl*+et7@VU)8ZqV~HNqSQj$1 zECW@!5+@kG+w@RJQ8sv9k#QN`WF~$MkqYih;G^zQ&WK^>N1@Zn(E8Fg4(dn#XrTW( zR7Ms52GDSB1N6#|f?wzC5HiH=i?vf;9or`uXOR?Ay~p7a?MvlDOn_4h#@PYVoV%3$ zgijpt?uhmA$2n=P>RKuy8sQcFREV47TFfv1>^w6)k)oZUgh$&-QEe|_Nc=^9M7NCe z;eEeQCrmw%1#oIMU=#x{jgu<$jTWq6K9oWA*pIVFE9knH(?dqA@5rY);)k_X8ib~5 zxoTzoa+rPEl*@LhKz!i>{@~dD*U9Tslj~#0u`c@dLN9;oLtP1(C!J#&8TvhOGyQ7C zRz=>Zit_OgiL3!{P)ip83rq9G?wV1RYmg4UrvC!=(@B|FKd+ykj(Y9-ShB(8Z&N_3 zz{THe5=R$pyOhZ(hQ$oyX{HTi8(Dbo@^D&%%)FY??O+4Byk#$xMkM}c) zmo7AtER+?L2vhmpo5r9>=9xuTEl&p9yX7DnguDYKM4<`giE#$z%$Yh`EhI+1Fy)F)ey;~J{Q>&^ zXYT$#G`jOq9a=+|Qxv2N<-WA@>>p2OIFu7r@&1-@fPc<|6WaA-8vGJ{eI>R$A|eHe z7SJ-Vt-6O~L1u@#1+>)PgXB>*8QM_>tjACTJHjIchv_P${ceKAquYNBVZd_)o{$9p zgq}zVnarj^f7Zp0R~%$NgJ=ixf(0E@f(3U0wR!<3YU=0UJ#VT`^*W#mjq)uKWjm9( zT)0MWOO-YQMyw$CTd;V?cGbXz@sGFs7ug%?_^xqZMl9<+hgcTR3L3;|{pmn1+%-{x z&Hg=Qnj))i7KfF#P$9YtAT?ZH-tE0^cY}bICNOmJrPnDSyE6b<#XLs03#1nyqAi+W z{lfO&2Jc__m#aR1eFUGnM7S%0#8dS;L_ObgX@LSDEmwJu1x`*z*t3%N=?i4#TEOkr zUeOua>a#}TnSm5z#(%jWJT^Yd`v1oj{@1&`MNei4Or_!ubYdm@ss%M8WJVD!yzdE; zg(>Fs7$N(0`NC{$nvX+DAE>!TNym*j!Z{LWivwu`#&M=B*N(gu$3l$!^V8M{_3y({F z>(q!W7!KWXu}E}w>Ew{!$TWL@6_yQK=l`nH%cLX^BjLjCS-s+m~l8@;#R$e(9g z+iw;9pI`vWNM^}noD7E0?#ZKbfS=Gg7d}b8|AefE?bNBp3MIjZ15M7fr1M0 zl&XQSe@$P0kgdJ49hpV1C*L8VuF_#46O$M-3P{pzB>poUEh6}*X1Jd@<#BB8>g{o|e-UIG z5vNiBf1taeAdzmnfK51fStszax4`19DH=36ghewUlp)jfkUsd7ZMz`BjgKIu6XcVj zI{fW$>aFcqw0MQTXZX+oM)@CN^z0T8ljD_(g1=k7k(W-FgCA&k5_@!v4KYondm4bc ziA14MLK-fY2HobLPlnEkKaGulONORY4J}X>R!gcEefB>EX8#K-oKC^OWd~xePPhY) zs?C>mMb*r|bbN9yGwAEzz>5i@SD{oS375rjV0F##Ot6a`Ds#SV+*3@R@1z;tTo=}e8%fQ&%=E`k zIz(>7<>Wwo0>PRCw3xz=*vLdp#n#*hv@9ghSq=+?rW<-jx!))xDX5{?>u`OMGBUJC ze&0C}-+5q!FD;Nyariv@<(uZ>yzxufzuQ3OUvy=K*GZG;Bvt47ZYn@?;68w_Iaf|A zMfI>Ku!2^5W2FoF^I zEm`1Ck`JS&dp=u_#jlZH;`+CD=44>SRtx*5M`SW;`WV(q}{kaQ!XAgBS!RJoQ# z7nHWyCWlib)p|K@;N@Bh^oxKKgqIHh1Jbq_9I5y| z2)%9`4^&+~i6x1v`yV}R?mP^PJR8v>s_s@hYGS)S)AlRT)p(Yj-5(NwhKyw*y>4=% zrfyPCVTTT9F%!_XQO~Y5s5j4H+&t9dD$qmbH&4#_MazB%j@{Mo+X|-^Y}?6kK&oWd zb_L{i85SINBoAru(XX?tMZ1{E*Ju(QuyT6#txpug_b$76$Wf>6itdHLB76&MWXUwKnRG z*@Yx;wzMJ9r1itM!1gh^7>KNHp((TVrrbE)MhKAj9w+{V93v)Wjuaun6EC~m9r$kHADymo>nrkv zzPz#^&Avw*xWEuznNeRlE$}{XGv-oy<}KbmlGbDga#dZ)BCD~Uuw7gne{t5sxc`Gd zk;bPbwLs+cB>=Hr;w+jyTX0Fikhm1@J~|{U5>K};tDJTu-$D;eovl=%tle7Zb1nu! zl2CTmpYd8dD}Y+>>**zSY6nq3YM7dk@0DWLTa=TyKg(w)|KvLGtgWY?Y4%-{^-1DS ztO?F^dCTK9rJc=R6M5Pq=dEMKiMVf9{gQZidgHdcXt%q_VK7A$EqFGbYUnxUfyW77O8BA-jcvDaQA|_KgyI z`WsgJ?0l*wY?II0)}?KU9w_su3nXC-tE7Yfc1a>?&t8qb*ex{uE14jqciRrEqV_no_s@O>jD zoU+@|BX&7*L=M;}nw)OU^+k9&QN25D>`F^U_4qZkScy%n<84*F*n+T%ad2qnxB9vP zwU>oFn>{@|U{vr##>c@$9;C9(x7?8D|17n<76Mtr_nv`^`v8&6g60nLuETG?t8Yr8N zf1%f>$)%=M5r^pN0Qn#)k|-u4Dc+8Sr}idKjoNqhyfTWY&?{7^(0ohuyz*21%s)HN zs7yg{@x96u&$=hXNM*)%htUdKIv0Ctt0QU9p&Oj<9Q3J4a`5$}5Qj0yV(qlm&e#T8l=UK@Dt{6P}+- zr^57`LtR6c4>#P||0zINGq`x1N61BM-Y%Q+Y`>IAsUqegUhhi>k>mE`Z_?Al2DX%Gm~ z#fLIj{YCP9-eYeG;T0e?QPxWYS+iqxdQ0atpDUQsy;c|+aJs+oIcx@(wccX%J2wJC zfX+uy^`+J@U%YRJtICjg@5UlwLSWDR)tw`|eYt%)(~w8Jqy~L!wXsKeF)E1_B9;C( zC)-{SA*o+ShuC-`7k%WQ7oh%v>!@&!%Uf`I^E;PCe>?Z{w>cTGTUF2rLDexVQQ4Qu zplF5!_?bCac+@6VF0m{Pc}fw#D76BNS~%$|B^V4%pYeAwVEC=E-}#fT%1ggu?#NAn zD{fdysO&Tpd~z4VlcH9qyugeb^u2RGy)67b_xC8T`iL4;>7D*(P}mt+cL{*`z--i% z4oLcb#}X^=rE%;7k4&XQn^@w4F6UBZ0+^r3g>$X1udhhbR^I#zS-A(4jnpFqYd+8* z{D1ld%l>==%{g4{Ius2frA@ER-S(LJi1fI%^lATyFbU&TRom#$&TFF z`}(vZXI~tDp4J0{w{PF3x#9FjH@~wtY2uEX@@3(@N7B{y1#s^qsa%n?peV5oe(_BA ztdR225+EPFCpMwye!i0~tgetIQS~EcC30RJCF%Rk8_#|H!-1eQg2G=7T@K32cdOUM zt(p;A?a{B^BpFRqsIG7YBpG>$gQ93?*5?%ssh9^_g6*YA=^ki!Z6IoVfo{ zQGP|CVOivMK}x4>l7Z>U+Q!+H*X{|s-mZBYv|_81dK}a2a+m!=YI~O7m~IY>u5E0t znp&<{`#Cf$wS9P%;SXOb+@SScND7}4xD@PHunk*73}$SWbx)WkZI~2%n(k02Wye)# z46hdS?)u#o+F8I2+OFIc^9kPR(X*UZ=qB6d-FPW>VOL{E?%n45`OB`|OC<|JENOHm z6fIKa65FNBTD#G03+X15LpmaU-IjVwnALU1qZ|0j{>u70dEOT?IjZQZ6zs=!#6*^F zY{>bAY}dG_)Yk3fb}I19Y!tS2uBERJufcn6pbK_3SA=JL+)N4iIt!80n_VRnt}`Vo ziR?Wa*_bkuepjKA4H2RD4L{e+@)5;^?--AroW2gn2bNex} zU=o%~*E4c10)jW*XjCyt5vgc)`=XaTL=nsCodyC` zOa#I)tYtx64_O~epB2)q@okB-$++xlwa;?+Xzt3+2%1q+^jtagObbmK{JUru-ZtS( z;iLP~{uWRAbDiMuXD!p8D#abj61B?-lqU^~3zo8$6R6))B%8`OvFe;&74w^MDs*>D zreE^!_3@TpoVHB4+aVFQxd!1=-~HS`$iY#Z=sSvgZ!TcZY}_NiKx> zwRpw{vcfy+QoK95MLIq9Nj&{(@nRU`fX6=$?Sp+*5r&f&G}<0CJZ^W{d7uxe^-68f zSU|P@!D}Ufv;uq2P25(bvbdgNv*_ly$nW}+Ffvl9oW=|cP zZ1!%moD9_mD}_7KLn+=~QPU5CS2Z`My@z3q9)w$L^sk@44(DZ~iy99OQc*X0IQwhL zi!p5IRuKJJW2xJm{0&_8ny`T2nbLW`#qITKFE~o);<^kmLGu2@fwBLMSgyRNd(xD0 zKcEfDr-zwnFg78u(hv(%IZc!Py7o84=vmW|(Dy#dMZ8~$Eq%V|DoJBmYQE9iyTZcd zdGMl}#HID!hb#eQF^9;+PJ%OADq`_bE|%VKX=8Wa^k!5EIc)De}Wo;pm-|r8q zOAa}`txkW}q;4sZIs4E>@IJDP9cqsr=3bAh&3A5Vl50Z^2r1xJhvhRD<%~c;y&}Sp zmhD>l!?`-uO+m3esx@!-5c8X_6do)tc@OT)bA=UY`kES_jM3`uwsU{z#YS1j;#Z=+ z*YEcCZRNw_h4xY8IiN7Jhp zYhvo7f;qr=&`2`s?Z)RBxUbXP^XGeiHecFx9uxbdI^|c3*jf)o6y$h4E3%Mt1ur<8 z4Rv#S3jCNUKYyFKh~?|D`9@nRqr3r=MC*Q zB>sf^`R0|yqU_l~kXo;Dq1^YHok`%aH;U3M$B6hPPJSI_nNQYfrg%TmqyL-12()a|nxoc?8rg_~x2V!FegWzX$)&s~b1EoSB8K@ zKAQdYojLU3QT@D^pLI_^Q?U{Tjvl))67po!aMyX{d^Unu{~s>{UMs5336zRRwTrHT z3TJYNm+=0pfI1QqIuYxO-c+qTC<`x&*>)>~uKXpYPe+eK>!`}lqbd+4^v^?Hhqd|R z!uy9@KtA)wFP-sUzlx5oR?q3H+-W+^E_dL2l0T5Eb}AH?NUmQNHEECtQElZ|cznfU z+CSy~jD$#LxN|_B8wV1Px>#`r>3!VF^;cKe<|d1FY@>o@C+)jW()O;+R~g@}y~y=3 z^$n0Wb?|^27Nr%JcbbV>NdM;@1wuc8E<-y5$D0Q70Tb_?M^zu0i2X%aKp95CbtDuGIkNx2|(5hqt;w%Ju!f^fYyFJiu* z5rLA^{_5;gyWj)lI+r2p+RMo5@tdIkxDWr`TGqd>T?x-v8fEhFI z0w4_Lhd&Q8jW76>M6kH9hg-Qv5}7~!ouYw(exLCsC`eW2Qz86){XA8kg+ws|3`Pcu zxU&572&oU|6cEP&|JQbWz2mhR&-PQ8fq`5Us-3xSWsZef9L|VcxA%99J!P3kZ=IjD zsf7|URS>4=*Zar2NL$68a@e?|3K7_S)r|{u>&qk)qK~`aT(!br>YR_Y3>RqOaUBc3 znZWVrpT*nPLYIs{%K*5B^DDOOz&H)jHS7oY$g@dca#{|49dM;6j^hDg@n-^pz33c3sM$geN!Stnu=QJJon8mhAsSYtRkSya zth$T8M=sUtYoBS~h+U1l7+3qifJU@iuTlg|dkwEX8vo{}8Q!hYuj;Ww*Ben`GQa*M zdjQ@MRhkWL*Ly0y8@t-#PW3nkibIa2AvPVgi|3-9jLDYh6qC^#OS13#RnFIHFAA|4 zPiY1V(H{y|`_Fj3E)sNZ7+2&S)=?9@PqpE8V%T;H*`U5TAnH9hQk8_2w4Pa ztUqW_s)uR_%!hx(2k;N-cR(kY58qUdj*=q~3KCHY;=6Vm%mZ^)%$Fa$7})C0t@G*9 zcm=g^zv|2WoJ@#PBjRl_M;iConzE69eO|@7zd84trQPQdr=L0YK31J+Yr%%Ut^TqT zA0m1E^g)ofr)l}8&m_uff|NzZwE1b!%%QJWp%*OZxx!U9`ui@ZWRQ)zPw={X1;lUm zY$tEt&DfJn$&9Kii_)SfuLlFvE@752y@Bif1>vuG-msl)F8X_ESf?J85;6u#@%Nd? z&@D$a!;j$>BHrd6i%h>A4o%O0)m!$7)9YTZapb%fF&)b`DHQQFB+JH83=DYL2G;W& zzwm_^*aV=XAz#au=x8_lb6SVekZe@1@irPBf1$RG7k2)l5MN}jP;aR6r`Z3zyuS`{ zT{?e1e);u6#%RnFm%~W)M4EjAMs*n3*f0kg!@h!6GLWlDcSU%enPt|wo-BPx9}pdY ztReS>>o}%>iKeZd1P}t5IXB{(5|>)!2S9C_g$kj!rcRVP@N=PoAm+S50m<7HDl~f! z`V-FHArxCY5{_C?bBG*`7mBoig@Zg_$AYL*_zYKbj!omLR7>^tyywdtV=*M&=6N|M z8O0qoNevqD01(aw+!&eWa%^hxHsyRSr+J#MiD{Vl97cw47&z{ADffVW=lA9Oqg}qvK3m zfprXO;1J2E-#m49R0c@A4yhroyT*S}YC5KW6xHD1KXMelw)k2* zK2C3{HWskloGHDPu3*0H_$K>Kw4PkcA^`^blKa5V9f@}stbD%1HZbHh$;QX`^~4qO z?9-Az>kg;gczJr_)5nijy>_?Pa?;L9yIGCI<{6eXXTx%`Ycgtut>hj&9p5g}_3hnq zz3Im+lQnF?e>dsd_9;dz$XJLJ_#!G2Z6|mcvCC4{-S`7{`};(!B$0(s3uHFvu5Ctw z^6&T6M+XUzWN&06j8hb>_gcASgoK` z64Ihg!bltDjgpi&{ECghSef>nJNy|59)eEtrT4YN~O5gQ=qE`?k@e{qe zk6Bn+$L~yyi~%YI-j__#1?kfFn@=&zc^AWH-kE(G2eY65qKPoX9Q4;{w$v&ncw_{>)* z^_AKSEG{l0)mB8a<%*GVWw8$3?AL^&<1xC=u6XKbIDW6ZblR%VC+5nOb2d#6fM|u; zhta*(Qrg<5`jS@6)IWCq!)72|$dFt(KY*~o*51a0PRn?(&97tKr~c@1Dj3P$dlpRb zW<9@*B-Xq+-#NK*Z8R7LNVHoRXdx3#m7|y$SILcoq&ztp8JOyj&roR|0{zjS-WJtQ z3LI0(T>qet9bPcuOM7zv+|8=P7bqY~ug;u{HugZHW9b(B7C$q!*ZTSNy0*z3{(gNM zO;?)$-j=x3rVwX~*&?c)yxTeV?h~Ep8_bJ2K!_49Y+M;rrX{<09bV&I;1h6QoCNr&qO+gM8LUJXsrWh_z9*J zsUEYe4f!na2YCbH5%o*A%VJ4s$emUL zTH~dV&@_K>z_M|&+!74qPDphq>TUb}2>bykiyRWqv5j^u%%m55?U^s_cd#gM>)1?9 z%E{8n(3`ny`mWJTU!`@S;Q6@BOlsg+kwDsOC#=%RR)L+>>D?d;P0+=1qnJEl`DV= zdES_;PyUrxe*mHiPjU6Tulv*_*rMWPy!7{>MlGs?gzTYr5 zF3R?3Wb-8FH`k24q9VV&tmBGi!*(ia)#z6~%ycNtpiA(WALy;lxRxhwP-{`uPzrg)6Z}?4Sb&aEb`PM7Q-X?gmL`W^3qZYpdV?qWI_t z%&VU(ME3j!bBBh);SKbcE>ZWDuZQU*>mJ+8rJLGj#1@w-nTVhj1S5Wo&c+(GikS(2 zQHNpG0YL#R>Im2nt$IG_`nSWQD-ko}I?<0HI>}$GH zZYx79#&A5UC)NWv4>Ku^%+l!AbD^_AgTltud}$`;YW(vfRp$Jp0O zhK^3UWO_%!-Zp=}y)a|z{pakP6-B3gTX3fGe7Jzko+}Iex z$JbOX=QILsYHGS1d1Y?;vGge>-}nl@T|8R!{;!|kCk%}fwAWG$oj6^8j(ms=mgzaC z!j{@8Bw20%<_#^A{D2Rh9?PA3mpZ=&$gCng=K9c=mp9ww*5av6j!5{qmHXLM(%H<< zUUc3}+?=lxVMsq}Qm|b?7v~Qsv5*W_PMOPqN=K~m;S5be<){@*=$k80VkFnMIjDuV zw>PIOi!Ubsn|077g^eF6P{t;og_^Pf1MlsP7%$`AP6z40oDiBGdrPD`n?;w8PMn4Q zsV=06j2rVnh`fVIkhuFV7fYC|mgIMGSMEv&#+*PfE7QmBmjY5|&#p%k1L`|17Cz1; zT4awp-)rm8il6LCdVDlZX?SR(+*UM8?$tA)mR*QuI=QI7T|7sOi4wBwno-&tbmvAtOWE5MO z-1xQtw0%g|qxf2~fL`vU$nyYY=!;^qWAinw3lu3Y0Mi0Q^8pmFGug zwbG%$n2`QwqDY%UTL2_a`$5WMHUwQcz_+Erfq9iwoxta=v{I zL4%w*Oz^H+0dar~Rt9Fr3f+^PhN`^?>HTkS(CU2E)_3e|p))-~3E5m*5CI4+vO6ne z+~nO|q?dvus>15)`KhldL0-GNI}5vr!Akdu6%yN0<-H6#-ad_>lkUp5%Z#ZJ(_
@SPg^SGpAS{Km`Y;6_Gv!LmI{Z8N7?v4AnlG1YOn zc4B*XXAR@>fr2Tf2k>b{00`Jy-QDQ@1C{3h>ZNp%)9GuIfHy+4z#XMiU|0t1xHh1) zLQJ)%!SaI%(Kr+jH6g)$D?}Vt z^%UeWz_1c87#$%+qMv!F9zPEhAVU`b2ssaWF$RYzTn5jBLOuN}Iqg=W34%RH2I8oP z#CMqytuBET8NbVJo`+l!Aeo$=3Dj($>|7_*Lbtg1j7!Z{$+rz052Ilw*ey0k*~EPK zDJ~tqLaZlN@yG-yRS0{gT}_|I(jlft`T-FOnV;uOx5lz_=c+TI@@-1KNfyaWTPj5* zc}<{^45|5dGeZd7LXs$JN~s!?f*(JPomj-}VyK6E?e)pfAC#gfIne$jo*RYTEu9M? zcD}yVQp7fUC--z zJ+J5MeCJh3Mh|%znL`S?8dhy|d=7_{gxyL0#JJ9y=}pDG6A%#K$^h3Y9MbKN&0+;L z@fJAm5Fp*+;9Z9o^I)=b~ zlr-$xDwRbiSQ)O^yb&4bwGxd=36NzLu|*fBzMHGSXXaUSHr;8-OVd@4QhlF9-8AVi zPB@^24&xFnQ|&A_`=1cwN=nAQ`kgWU@zHx!K(||Eu6xjPn=$z*gAR+Tew-I}UF3VS zU*@Znx$kspGY7INZuSm%Zf}Z7%$7q9+#f(aec7U;;cRVYTIyun@JuRh-A;mh=1l-P z%WTS~r95ZiSDMpaX-xRHo21CN;re!G+eM4s&yihseoDL?A?w(-x=x?*2BxbY z5xDKONjlvGwN#)VfwByX0(ga(wGrtx+VsgOMUK@^o&yjtANPTKw-h|&c@WHD{3*~{ zKcbg?nyAfgJ22Fo1@7(p+lH`8w~q}!{0%7;uLu;$jb@TTW|G6pEWDy@r#mxOwy5O1 zx!g%?sNn9$h-k|?DmH!Td#9QuEK}jxho6s)&b+<;yiVV9(^!uj!rAvOP?%EnrFy+x zAGc*JX;pkq-z?d?0FG*^GWn~gYL`0aMO;n6Dk?b(kaOW;}|Lo#mH(|3toHOC2`BV13N`HdeEVLZF6~H2p zCx7dw{+FAGR?;(#$9H4muCn7z2T_~~(1J00XLR@Aoz@wWrK?eB!8AyzAr>8oa8wls zkGw!h>?~s4h;D*I>)kaNM$CG67h!j6+R)bDDZRU-RKPk!$|wDm++Pjtn+j5>rwEfy zB`}r8edc5=Z3|YE+eEDTBUe9xb^6VouHt^t_pHQY;{ zOZ-7z_pORXLwc&jpCK>gqu&OL-}$T0(k9<7?xI0h1kuttI!Z%a=n_PN#ak zTKWF-!{(&X=jCI+9fua)`S1pXaA`!y$G9!XP7GF7I+y2S$8(J972c>aFG}A3_NGdb zlpNW7<=2t5wXxWG9%<%;%(?cMiHV7wQqURVMU-6=f5;_=FZCMw?m{;9#niugFxAoU zBy=ibpBYk(fR(Fo$JasqZ&lKMRfSO}qszWajoB=-ceF8*m}O{kv}L~Sx$!5luos20 zwhmzn#grrwE8_AI)9#@Zv!SnGsPlt=4#~f1G}!`kn*-)%bF)$da7i#yuWP(Yx{H=N zueUPqH{EV=Vc4PhA-gl>oB#9I1(LHI1kC(XQx_dz@^GPb{aW$*mpV1S)2bc@eQ#}H zLIL-&A4dsDJ-tQQsL5wvX;-xgkf}I}0=)v`=Rt(tW-$v-4-kGyN<=sp1ID5#w>HZ) zqs3-IHmz5y&Xej45sba-s1dTLu-9iRAuA<%CrPBu?5!Jo*<<4o4r%8J^Ddv7gb6f)-%ZA@%g_(J4rPn&FR1FWaS5UTxmb^>oPo+dpPD!o})0%bXBpfc7e4J+W;lmvhF1l{0=Lrg z=)>^gVhXm~VD`vUlsh4<7DE};n~WOeChkJNQyeQINB%>!sFnr z#CWrfrFsbPbn*glt;s7X`JIrNxSbapg^4>ofep>6W^xUmTh?(PZG5GuQ8wL`9p_y7 zb5o7#thkiB4j!B&Z%rU|S?qwL7M`0j7;QJ1f2plUi|%T4$N;g~E8jc8NsLtWIiEu*uw#u67fZ|*2R-@HWTYU;<3#LC zir41AlXZSG6{;FN2Rh`kU1C6Vr@p+LT!Uz5hPFm#DWS$bkmhmHi#TapGT`FGqsi+e z$m`wdmnsX)0tDh^t*5$Ic^K42%wcYE?Sg>&{+A}8+b%YY52(HH<3MMw*{W`+scqX4 z@@H*$os%A5-%$f=Vd12p&11ky@Bru)C1%Nm#lDge1pKyXa`LgGf#qE@@t zY-5?C2j6-^U}4mcy`O+kA%VNcDn79m<5M8cCWAbgzNZCvl#|zCVDjN3Xj6iXD~j%G z1oxFI?~?;2Vy=7_mD^0uZ3+Uz>>iR~3QEex@1rHQZ~LEoidYF>?^={}Uk|4-jlBGz zp}b_mULb+D#FZu=sENT1KU?@(ivP*B zv!uK#Aoh$4;9dpLHGfu9Z}sES{s4#r56vO;Rv_QvpbWkBJ=K@1tf6OaZkPH2ja9-F z0cyiHF+07ZiJYb!Q=dm`YLI~K?;>(5Vd@bE0h9yy`uED`s>;LAGg^e)4ZRv}h|h*B zn28~s#p|#W9qzK^I+$zM^46r<>lDY_)m5uGB80^S1)URpk>d5JWCE*WWtEv{-d^{V z+@bY{h}a3U^HAVAk)?S>#YqQT{&5wbyg1RCR3FZ-_FTsc&j99&A_H2&_^zc_7zN0j8T0;~WQ?|k;nE{<%o*xI@D)$~F7Sr*s?UC;0nB7|?im?1_LlU-#RN;5>$pyKj>WiUj*E~MLc!B?0f)nx`Ri=2 zPh}B@5u6_(D$p-(0>8pO=z)Jw+`Am*!1f)$QN*ePsiLlIt5pf7@pEd%REO`)-kG*q zYOT^AS7-Zs#l^%*Z<6acd~1<>rSn|ZVWbV(F;%%q_zp+PlibOUlA}a)5wnjLh#{K# zp-dV-f80v7g$NNiGC7ue51drHtOY3dB(giy6h;@EeTyj{_3hu{;CBuN3^ZVvoCieQ z#z#+`04*s&_w5m|ixOS$dk|t zBHayYrDTPQk(Y6(DX6NB9daV`%p}G_EAFl3Kv{P~TB^h3w+!m=$<#2>wi3X4D0Y&6EcvV7PZ^|1n&=6a2e?S3nG+gvBG=qU>O$TH7k~kL6l`|=kX66F{ms%9NR*;It^_3+SKGZ!$DF_K8@(&lfuI2k=GuzbK5i5}A zKJvotUxl#K*PYI(y06BPTL}MOl1KkpY3~MIvIOG2fDe`uj^ye)+(zk4~=+alh>~e$eJYMo%&cRPj0o*d_t1#qcj7Mb(Erl zN}@qA0}>nOt2La8N5k2sq{`&v?x@wj0{*q3UOAjEBT}9EatHeNNTvHlKF_rqAz_Ib zoY=gOkxza?69TU-?CGRSRT8OxO&FlRP+;FKb$;ud9D2*R(01^eF6Mh?gJy5>cwNxS z?H?t|Vys%ao}!PSEw|!ke@lh@G+c3!Te9_O&F+B_x$^SX_^b4M3G?`097pk7Xe~OF z*(@~lHU-Ucnw?DoVc7Kq5pH(CM*V-plPr|JO1O9;96t4m38+rAl05HN?qE{=we2Yi z=Sx<9&(0)jh+u@nz|5n+kphD@(dX-@9>3|EY|F%8sHkisyI96VqBPD@sjRk-tzxm*|lKiozxM$i5?T|bhiYdIU6CO)D93nbxEbL=2p&ok??ETiMT{k`oPW0tb^-Guc#S^y--olm!M~CAz=`5$hSZK%y;u1+$S<~(`qc45S=F`}9013YJ>DzuItKR&hl0?;@M^;2UHrPqjHr9(y+S~u*> zBJImDPb(SNFQ6x8CgOgEi@=F^5JC)Ukxw(^=l3OK%S4py`QXKHk*=m8SbLx=k>ZkI z$Rp*o?Pkx$2%(_ZSbcX>9T;r!ry*zve|(9Kx8n)``w|!d&-LdX6n4b={#Fu*-2CnD zIt*94pUs|E*q3tm@xg(VPKA4aVTK=KhRC_$|JYYVm60CKstbi%DieBOjcaF1Oyt1( zZT3&EacfX<(9m*+^Pv5>I3^MPAKKDuqb=E~3ML~c6GOegVdG&D>xKV)LBe>?caEKo z_y4CNH-pjv7_$&~Yc81hQb{;Na$1A1y^@lgf_O6|a!f1&bxOWz0#%+(Y#i@Y(mf&# zb1vjWI6wSnfxYl`jP({hrlCKeNOsGOW2r9U*yje7WB2c1ct4%2@6nK^t+8y=y;Uda`*13KuPY?7@HHo#@lI`PUJ|Jr9*>W{_M$`K6aDGzH&uf;%5S;31$?P zRMlfoMfOL$Pf?7c5|aimnzf8P;^3(X^0W3m;!Ib{EUDa4?*8(`u*p+5K4HXT)F#E} z&tK%92Qy(aVjDt}FD?@++m*vf2!@m3Z4zB!{0qwAh3$jVh}PwRgOvN*lyHbKp2tps zS;A}vCwf$-pzpYFQXLnFcMk1srpLh~&=?*B2rZl@3G*0ar64l zTH2SI?dXK*zzYZFPRAejVIC9jG)C{4vrh~Ff!FFY{4)t=sh#J#JZuA3RdSaDW{UJH zxHe*mnTZqk)!CAgbLB>8^dPXsvT%0cmtxOGYj$H~ylqqGP%)+m}fTv)eI$ z+}M6{@u+R43?@wGE4!;zF5}+~2N6AReT|>yddl%O(*KWNm#3{G!e=IiD z(X6s#ZmM~CwL^%1QvNk7t8iF+xj#}4CnbL7m=?DRYyQ+N@QN_Jn2fEZ{og4y@G&9i z25Nup|FYq^-wnf;fBN|xC&C%#7%I?$D3ZWJ{&}s`5|<&}@qjDHOj(o*TkO=Zg%mY> z*8QqFmkDc4xuxy(;K%X(P;bylYL5_rbqiKN2tYeny0fJ90_PvPnFqYtJT7t%S1!<< zQ+><--7x1AElulNWGuDc8nMxb*hqs!iU*Uw6AwR}yp(ji}*el{mLYK8*@m%_2^_}L5t~DcDmQw z<)RYhH0v~}Dc8-OC?>`Y%`a05^joeC@^~ir<>s8u(G1RBC8-P2FVe>p}-p?fv)Xl_T{+)Iku>^r}`Ms53{=;E7KM%KRuZ0IcI{hjp{%ZQqU9W<;eN(MwLyDsofV8j$ zb4}itrRaY#jbK%V&B8-zqNZRkvG;f#Fh30aRuX|ZysQ)5B&NDzri9pCBaCMm-)Rj;(e6VXL{rH?{nI7q>=)iue}duki-f(agmHy zRx_V!yZW(ec}p_mp~K>;(L&%>=heBe5ytv!0V~l3MKPU9+6e(qz`^&H$!|Y%Te9!W z)a_nt`f#tWP5!im06o43{w{hP*5Z!$;}kl#_FsSSxz}?Xzp0TM6US;E)DwGb5ir*J zR!fY;;##TkkFK1mbjB^UO`P+(SLwRNty`T>pLh`!JGN`Mm$zpzk`#O_AC>UDQq&@} zHJPnm)WwYKFj8A9F_Ds9QOnMrPZYhtgCtccITA8laXy_HGeQf9b}a+}W^Tw>D)s-l z%rCU+E(8lcf9|n|dq56z>G&ZMq$iADR^}@LIAI$IzH3FArjZr;@#Du!T6C)aA#zCj zj@3i~t|fTyIl`>%NAT+Csz81fYZW(Eo_-`#!Lh-a6MIE{pAMtCU_gW;u9gc{s+KVu zaP0om5l(g{60?JCCiM{ci-&{q24z~a=W=DweQ^#UgK6p2*}p~g4mkU99x7|O-7x=h zETz&?=T7(;NuPU(d(dsj9AgTv$pjM9G2mO6iEx<%7ANUNb}$gQvz0?ky?*nhf^(l{ z_42ZBzs6S=QylwbZTjgi0 zZ{|CF17yGwUSDN@>WN};nMAl>r_nlOJ3a7ZW=vaCHLw!&xF+{lMX)&I(y)Jf&1AEy zm21B&A&hN2eO^`c8fd2ONR-JVOZwdXpUw7r8psA;zfihLn9Ljm<3lD2l0F21TfR=a z8sy&NYHW8iTfwalMCYq7CgMOm6KOh&mZa-XEStCkUj~Rw)ht+Lmm5D> zm0OhIX>hqy!FiYNY5=|beiZt8;*xae(Fla%il_?RZTa9v>j3M9iCrLF#Y+)yFRB!@ zx~fsL;r2@Awo(EU+=Jp%)3<9uwbx5CgGl3N$!x@`%ZyKgKn|fBSW7U%1e4`Dm+vWncg z5DcHdhNV62snW0mouR?Q5e>re%?t|M!rGmAI%ADVA87VCLqqnTou`AiBb^r9EU zUeCE-lvdQyjf|jWZX0G&s@Ly#jH;*zR%qfNK|f#L|2`@GAc3izWA41YJ{yA2&V6OP zaURT^%G?l(4?%qMLG^DfDEQ(r@Dq<^gSzHzIBL7kMGoM)5WkRz2>S}+ef;dQXHc89 z??hh`5e}>`Jl;&u{rhkq)d8<`SuxV?eX4t;F_Ed@g!giHN(R2$v|ZK5{vGWPxNMDj z0OEF0f9dP~8QhLa!L?KNum&z^w0oL;*k_};f0-ov^xmu6q(jlglnhq}*(2<7!RFI; zS_gM(=dqUIyZJ*AQyoF+9;*xu%XB&6+bp>*(wTpYRze6`rSMgyL%L2<;3U;p1Y#&~ zv;Ag!!ANn&DKZvMP?7+qp2t$CQ}9F$Z8V5v8o1zLAgP%wNVtgQb8M=)*X<>nqc z0A{aH7o?o_4#GDS5zJKA!V4LyK)j4RjJ}K&|3t`@%jdB_Yqe;(cNkNNEnI9RVp3M;Yqsj zReU%dWdh!=NVXrR7k`V#F2|>H|7i$0dfaEf02n)b7reBgl6+3UKHVF$f-39_`&t0> zm|_saPN-_Ti@1X2;7at#vXM@3O~Gm!De>-yik**7PvNT^%`5TK1uO);UF(B(;yH~? z8i+V`ATSjIzMZ<9n|WwwOfZw55sezV(H*188OPi+p3Kw7l~}5vSk%!lu{NEAHr}$8 zZVag1gAtEi30=oK022vQ0%{1mSFZH+b%Zc+h~}aO%i`h$81>X)8h(B}UMt)D@&Hxn zJ_Eb^o$j1G6^m4K`D}+4Y2IgKo(5DcszQq3zYRBvx~=%)&fSWBEVhG#bLHQm;d9W7 zq+c7=CGU%tTOHOSGjV7srleoEfk3_BBZLq`az`b6#*vDzc?3%1DkFbFWiHfl4-^O*G;8|cBpm}09d05fH#8|yYZLrut_l1GaiO1(;xeFWG z(=_Da%AVfPCKrOo15{Up>IeZrEKq~vh?HA_#Y8i|+gH3=*@4;=55RN&s1 zm_)HbFKfUnQT|%#2N+$-7iu6ls3eD=&JDkFM0*B{^{!!S?OtnW+yox3VAT8HE9p@!d5Con|$ z=Y}u*&vz?^gUJCw>#THWsavTg)9xqBq>RvUnuEL3G_r7NvFcTSg3`)~W2 z^N~APoYP#BWO%quCOu<@A6K${_)}aUDGatexG77|9Nn9Bs%j*H4;cnSmPdo$F>cp{ zuJSo9+G-NK1^jTV=XG}qd)U6!jrujGcUZV{Ux6QWqnM?T@&S0w@wLCY* zSx^>rgoCqzD#IxAufTp%cF5Zd=nI~lJETa0orQ9py$=iy7M+J$7krC_1EZd(6#tfl znfC$S#9*BugH7VWpHX9IvjKLh(oeqoI^Sbl2H-vF_L6lPnxr_-`p~1iFYi*GBxKN{ ztBB%HKY(AV<^ED=`;0IgoW~7QQlFG^$^QMG$r)9j;rRPPQ$$;8c7JB^8T})WEEw4% z7EJ+lhEaeJkl6PHs-FO$iVbeKiWEuH*79(NP|iB2BXS=s=^@Y0ljYj^*u}tE2$=Gq zpZJ?Gldn}#p!FcnlFMboQ^1Wac25Y1*;j%|n`=-bMHUCHa@Bki3TUQ`za2{{rbqTGSVcI3ld+1*yV z!J;hygw%GWqB(t>;VRh=(a!(iyf!5map#5HH}~$E$qY>~<-z9!q$J|`NQ|MS6^CiK z%s(@d^E9%tpfY0dom<4}+fPgf6Zgj~t>`YnrI)Y4T%6tCQD2PD8~rdZlu42QciXgOyg!dJ`g%q-ZV zF0k*?cq0Pl8!sG*;TR|&PPq7suY2Jw#oV`@81YdZkg%Ou#|5PQDrn=!pGfqwqJ=FT>*J~PPj=) zfOGGCZbT6P2;`{;06_97&`rKqh<7Ffi)0a+q)1gFjKZ?1i-%Ui2pxT>jFO9gWN4$- zzftS}<}{@O!2VLeCSUakv+q0W>&FLuCz!jMUwy)WxTQffdk7tq1%*s-JO~AvLAI0Y zuoQ#jnm?JVpEbrC6ks=)mR26OZA)A+dr&IYfd|`9$#d-0m(tdL=0}FW^^moCdM>5#L32E3j#4U{P|66{a*; zKVgfD*L0aGlaMzIeqvty*0%1ie3jBc_TrDn*5U~3H_HC8Ru{XwRE`}rT_OkJNCembVG1J3h zK_UrOLMF+trV1_J!k%x;I9J_QT=e|n^}zz`1r$T9Lz??yNCdqgb}cb(v>Ls)yjA5y z;PUi{3T?%sXuOF2;!0oYl$}nf}=jDj|3Hob7Qub@toACOq%j= zvKV*(PiJ8odS{4N%x8QStY*#}#=p{b0cPhFz+ICP}H zuJ+5nTNKcUsd@dv_nw@xJ`GMJmcb;=YtlA zMIIvDe9`j;28VCQTSgd-Dcndgf zyRxqa%jaI`VV_*?2^*Q|={!C*aW7$SD}4J!ge%qOoY*XU{WU1oc!WG`>5p6Z&QV2m zlID=lu{w)IS?~?v<$gF%oiGNiuZn`)ng zz0ZYGrbJIa#G#jZuYqqHymU)U4E5?xp>>xW8eCJ4t5f#gVh4g^X^2cmEMO2h1Ixj7 zx~7a}IKoUbh9-c>XBXWgtVm*{oUqYT{7%rUW`< zzFo1A|HpVq>!uRS9{{xYeCzkT=l^GK0npa-5o z*4EU~E4!$(hm%sClrb_ofAEh$?*=ir3juTL`rc7_lLWTsD@)Wio+Ksu1cY~3`e;z46%-6i?qm1N z%w{~2GxhkTiVJlD9l|6wXG%0imLs+umsO(vmf1IWu*KCQr)xHX1y62Y-BnDa?8W2dj&2g{}AhhYcr`< zXk`}gN(3Kx(t{d@ig>Zk4Z8C2#a~3|kc+_-BNTJ2`1fVH_y{oE%;91>d-8ACVZj!U zf!EAx!0DPc3LLWvi-4qKBQ95=!z_W7O*Ut17WK-5RX%9TNYZD#e!Zl^w1T?Kq(WG_ zntuz5EQLi!l_3i;rAqz$Z{^z*AJW2`B{!264J!(>CMuuItx2=VrZHsc7pz;S>EoC3 zR~{zjR47|pN<}`ztTs4jNJi@#xK%%F>SHtsxd?k_D;=zl3+tEN-BSv<^-FqMVBcO; zCZ77YD#hF)G9B}S*btYXK#X$&2MCt^0p#bD;ZkRut)>xT^+)e(&hA{NaD$f+*At|v zf`|)Ofb;3?myb{B23y9mc%tGKvF@gs=$_7z{GPCLgN!%-#;2)^@L57&nY;wkH}qa@ zJFSW8`L)I!yTnk1iMit{=bolK>6W3A6f5?OI(SK=hlw#fF;N8EZcX&h zkMDD;#DkI9Gx}4-E&)RpqYkv;g0Y)MPxK2bPr3~pHs#5>8Gn7KHiZ;3b=?l2_96$7My|S~j5&r>|RMBz#PmkN>x$gN~R48zv zc{MjH`6Iq&Xx;AbFC2B*jV*f*g3>ue!UZjKU!R$KLA$@hT864djpFSf9*G$T1%~j& zETt=526Ykk>({SOSBVZ_9vvg}qc;MHM}{6Oq_0WM>Tyyf=J{UtKMS#k5n_+VYGRqn z;*;wpUj_GK1>zV9a64I=dOESNm9jo%mXkhgCFGl zqEr9tS$)Fuk$9#exWOVZG~R6UK?j2+J=1+LE3GF}r&>>ohs#qHFs-KL6|xI=zJLC} z&T2L;RxvYwW@Ke$Tz0f#-6Kb@^Yyl%noKZHfk8f|NkUSX&&%v`Wsy1l$Iw>cImm-Jy} zE^)yuCuWTKSC(GH=^~|7agiyH5YlD81=R<^8+SVqQtg5=YCg`k_5nc+<{~B92-i1c zNT(%or184(&op3E`oHQN{kOXPsXa7ZMwxHCb}<74>P{|JM~cHsB5cjf)BWbWk*<3w z$;SKf+Tvr=YU(@-XHP3X1&>l_33EAy{>NHEfcf;y{I{sPJD6+49b1m4SlcSqFGR(Q z1J<+{ThZ&+K3(G``8`&oW51!nf1;*u$~*&GoFbSG{!!8zUw=2vR<{2r&mF0{mh~vO z*UR)mQBhI0Y^b@=2R1DUn-q`!ceT|DRISElsl2MyR1yUO771DK|r#B2WtC1Nk;iC8SEm5;jvuH)S^^TM$}y zc3v5u!-x4OYcY?fNY-6i;sdJB$CXXwye0FMcFnaM%Kdda@HZIJjK}lKAlqtaIn-okL&WXxy@U=!Ve4#mHDAp8!CgW ze3|L5aUtzN7Zjgf>d$RYXQenu`&IC5gJKyjNA+sviTiYo{?)BqX~SQFCNE~zd=om1 zKKhLUCq@carFEiAs31_E+y`L0je|IpE5a^;3~5dAQdQ$RA~p;p!IHjf;b^%^EDI5u8#ydMP&9H#`X_2yyW~UcSr;oIdso+MzrRL9j%z#%Hj51 z(@%30=l5#_jMed)9%;DoN)TK8Qw%A7M--A)6LDE_MqWtz8})zzXa}YGy>8DKy8@>3a}Ycw^qJR)abi* z-kaVHnRwg(xq|g`C6w@g2Cu8{z}m;CbBFJ%UUqhzMwFt7a4+)~)7xiuw&oj6 z{Kr6oitZd(bE*evWWpFoY~0bQf#5LntzRpqua@_9BVMpv#Y(VTvYQKY@xw-Ny={Ml zAeEt>R9WE>sykoZtejt#73buoh5ZsIIeyLHj{38+t(5`3-5k$N6-~wN$RuiNealE zg)hMadcUjEBPnoJeeNB@CWM^YEN1`sZ2t9%{v_JjR+LG!9q?cF`#9z9{P%a~P}5ozLepa7&w@aR_HSR2+#QslE5wM#7E7!=}bZCYJ3W?Q()Z`e@O zEq z6dA~oXVcGT`Xp0b_4SgSMK6oh>+Wx?gLE}Lt7P*h{6n7^3&j5kp1L&gr0S}7x2?|L zS=Z695w(S(cgDI!6iEnd7g6cS;krSx6}kZRNTF&!A35Wj4%hF+*&8l165}c+H15~K zt$4Zy!zcbdBsSTwBt8KC$+TGPywz*UM26+2%;geNvIo9UaPN35!&&T;6hk|wJT^?nOW8Xs5vCfO5>KLqT4((CQ^9M2<=q2}LM$0l0(kNKV(z{3 zPQSCY;LzfM(6UG@mmoN_6R^Zbvtnum&pU%vaJZ^nqqo%*?GrR}p&&gA1 zAUcG448V2N4TM02aB%l-`Gq||l+u&4A%zKr>y~H@K55?jNRR@F+$6?%Qj#H=zoAV0 z;5e8C@d}%Q2U9H6iJEY)<>IF=*LLXv8^SHZnR8F1>+cOzUX`kqlMO1)Uq(LsFqwfV z^>Apqfp|#jKRzhE)zZ67KbiTR6K7|BhL-+(U5G2*`uv(0IiVNls}k_zU%ZGtL}aum zh{c%@;p!oe$=9&8=7=AQA?eu7bSSq&@rn0gnCz-!4wSM+&EafBfrQ6)UcnF#GmGK3 zQFFuOp>mpjc0DqQ7o3Mr&KWsc#kOxM$D}x)3vxF+vRC;czVQ$ZY+AKY;LZRGHUaDZ z)vDO!ozC!(o}Ng7a;EOAE@fDKdR^TOP0^_v2IUmPiHUU?X98$8eJbzN`l|HwdRkDS z{R>UkDvISm;8)N?myBg#gq<&NjH$cf?@) z*jy!*44KqZ?5@5YD6YC$G{to8x7=Ff5<` zO&)rpUL(OcFsAMb3C#->LRc{kZ8e+~wC3y{te|)2f?{LSnu89B{CFTs_hvy*nJ#bk zY9i=8EDs9*JE48>Ib|L>(hSPf47l}gcOl+DyUY0qjZG2(vYKw?$DS>;c-#M0m06GX zOGpz(Yh=3T=SSKFm7JsW%ds`B?OW!!v-`Uh#Z6L%w?GJZK5gS$larGy6**aG|3$)o zJcLJjwKm&AWOdA2rM>H0g2RZJ#i;LVwAu37^jgMxZCJei`06O#Vu|uJC78CSw|j)3 z_4x;Tn^#;HE4D>HWVy@AZsihpPPMR#)bbOV@CDl|HwMPLnpYGIl5QCf9u;Rc3Ey_z zUZfT8Bssg8716oGygjm{!G`I4(%ISUz{8``?!{8W|B1YoIX4$AE1%Y=Ae@H zL&0B&5^$Ve22Z`G?t@D__0CWJ4R?q@(x%2Uz-&n0_f~+Ezj5}x58DkZ2zO?uYjh^wpiF|czK_iSPxUEj!M^?V`^b-f8!~T7;bRQ~@cp4u zc^85SZH;f+@~gMy=vMB4jdwrZPmOM#o-lLl>nIkMOb z4i~d3-igqOa&B}Bj^|MHtZH(jemb?mA%3P#{_+n|fvTu6PyXLl2z&Z)Lsy+#i7K;C zkt>@k2Bw#2PV0m>I#0T98f~tcN!2r-$j=IY8QHv|ikP536zo`{ZX@}D#W8Pt9g~vh z*$nT4KpL=ls za*@-PHn~^uhpKeX%3h71gTGeB-bko-Qx6~gRX}dLIs0LVO$}rSX*cvOU7hj5uLODF*F719 zEArGQ9rW6JO3HE)D_pII-=!I^_Ns89^~^Pf@c@U_Dl-d2iEz9g3P3hZ? z8nq$9-7bAdv={!Cd{J7d1>91uZ_3wtp;+GTx2;_|DHp*W*ZLI3ZP^ds@1+@C; zFn_5(;;rl(Q&*hI- z`A*j~w4z3X`0}rf@;t1Jxyua~pU5)xzOO8ApJJn1_}D^sY|!zMNy*vdgSmx1^$E!( z>L=CI%}Nh@j`KWv>Q8mk%}0q?+dU(?!kW^dN2B*s1f%}ybBfLH*CUS!{t(}+e!Bcb zjo$0v2ZLwtc@j?%yk(M%!oTL8lr;aNiXFoEer{)9b0A@-C{vR_*h(J~}SA_Ms(24$7IzUS~>`Qar?d`ASRL^@d ze51lQp58s1FPwmMp0Ds~V8(pgId~C~OVue{yez0N` zJWlQ`@T;;Kg*8%=9HGfiNv*NwC^=-ez(|LT^M zxj9fTmm1%$-x3_>^|)~GBy6XKil6w)_K4OpjqJSR!vCfZ6oLgpOeK`5pMoj?3yXv2T8@)PuhZ0D}FSxCAXR7^)ja@6O$FZ_x13>jAId6G5pgeM~-$K7AUJR)+W zpN{SJU>GgUILATS8gY-B1DYM*5V5cS(>qomHtIT(Y>2#aofzjph0G{e)KBN)O$+>L z@}!Y5y4)SkZRQ6GT&Fn!=l9Q_wWa!ZC2ax@U=&uT*|>JuVBp`xIb;{wM2Kfp4x=x8 z^w0fzV<&P9!%+YBOn3ckcXt3!7@INSsuS%MK|iC!nx$uaBlD@xX-B&6?O*mebl~8e zKD(UOEKQ2`5)LYDrz+nlDQ}Bs%Ry8E63EiTs~5IPF8)NBc#%~**4BrrJXqVP{MnKW zi}DB!USTS#s^@*^`TQq!$j-mdBywh8u&Ev@N*a<= zLsI;rwO^~U**VBr>jU|eR(UN^nTsI#h;tb@wLc-S^XX^lukd-69Z_UtsdtwjVNxEi zj8dq#U6mqF-&KYHW%)ZEAhIQ#)Es?Ckun5kW24f2y{^`klnAFPh}E0~2^LScDx2E& zTEP!4oYwNKc-K#WY4%v)XwoNOu0ALgoWpk*eUr##JJ};BHiCODq_Z~I=cGl#ViQZY zknX3vi-SCT(xGj_HA!s7hSow>eOJ02I&~Ak2rKCI>$b}kYFrOG+S_ZvE5f+$H3!mt zed&GYy#qv3=Rh-DePou;XX=cxiJE2aQ~i<;Gz@__mfTeH;SY5#vhBt8;tIXCv<<_* zcR&IV25T&4_cfbn_jL?ApW-E_jouc(w6jVGf!oXnI(GHXsHnq)a(gX$OL7fA5;Vc{ zT2LA86^j+NjuEtYei=GhFOCu_Zsne&*bP@c&-w*^)v)?^$4xh-$4%x=$jZwFGf?T* zzfL9p^{dt(bZ@^8QDCNtXR&QjA5>QHNh<3jH#E}C+LIio!moGC;uw-v)Ee3mj(=8OvAoVeZ6=XhWqI6;^FK+|Ksh6TyVb$#@{aZ@c< z9ou=n%3xb(wdl4E;o>`z>&DLb4cP^!(!QAS$g2nem#a;GaV=qK3&Awo9#5Ssxx3JP zY}iaXWb6^bT*gFZxv|ho9zw(9rR!>l>IyVW&Wag(Z|F^?OT8}@!Sl<~1^~{7-Y@2} z$IrVGd)fQ*9R&Wd7@%;O$&()E67>6zwYpaSYJ3)-RF`pny(?ufJ6^#gEcC|N8q4o> zp?EWdouhHSo3>tY#|Rjpb*^k`=9;`rd9A6{Gw`#IL&=cvFg9xBCqIh8aKoBcy&ImopT1iZNz!+0r?-LsLyQ|! z(q*BP2jiSFSz;X1rm4v$|wVp(u6ww&oP4uUOECI(|277QC+1XK_>Bpd4Fj#hueErZ_6snh0UF=43y@Y zbDD_zoU<2OK*-ol-UmHqa=Dq00SVJ-V$oOrlWsJ#vo6s=erB#IgG4MJcL-fzUbR3& zh4#3s!zrcSp6;Og9R^MHk|DH!?^YiTjOH2sjL@u*s@P zi`(YPcrhVP&5gPAr()zzOKL1%KO1tyM$X7V%{n>tXS&Ak=gUQ4WZ3?KRTg{n&6mH-`%t4+Hy?E{#* z6lkC?Uc!x@jX0r&A@Y$t?tl?88$ObbU_uSL-Ip5>m7N7Z00W@$p%y{_&r*x!#~Br0PG2MP+e)^U36Wn3HMa#gMa2a20Q2^TSG`8CQ?f)EQ}+JG_LEyY zmVc~@5iUCeE8;P1(2d|y9lg_8BheEf4vP4D&{#ZPlXuj&FhISg zZ$=KE52F@#9xuWV@6#rPb-HqM=*dPs+Gg^W=BW0$RTrzHB3UI7D$pQuYKX$^DA?go zv1S52^tsQbKm^|OV#Ph9MllcjqAUn%9L4F-LHHiZBLhY zQ2H>M`HHMcF4WhHp0HfKx9#kHqD9G&eC?ql_3!R$T6HW2RCq58zcbD$vYM$(8SJOy zDaE@;mnV&*zG7VCL(@z~sRg1!u{$5oGY zQ_*8+9nslIgemI52tT# zf|6b$TZI_s=ijqBRd!SkX!KD*5B8&KN{(%P;rmookv0PVrZ#AD1{78wAIzSp*~q^U z+WuNLh~vzu9}lm={W{;We9-@W>e=?pDq3h>pRBris2jM-5Q3Pu&JS?x z-~(6UTq7lkbW((dm@@i^oPi@a#n7-d} ztW3R#7OcS>7{FMw#t;m;ULRo;ZL3)Qdd9j2Jf2Ix)<=7+PuOnES8MyUwcQbGN^;fH z*XLUtYYr1=x^i7kPHuWiHBlk(K|%M0;rximNDbHWk`gWO^GvdlH*>873r5GxkdP39 z17rHKIIUi^pjpro7>S89Dff1L{d!Z(IybSWr{~3NbV%rh=Tx(NiY2qkMtwPMACp;- z3bAi-YV8Xs*^v0L;mpfp3#pIIs`b9?Y$RZ?KsI%Ie)5WLphYeaP1=D#d7dv4{hEGzmz@KgY)w8o{G2snFCuKN9qs1RtG%`7pW^up5Us_+9}+i6IVnm+CZQgXYx>I za(;2S#UbNC-^iIGA#ZUL3lEI*#qXRJ#r{9GzC0f4z6<+Kh)T$9%bqQ}21&LlMfU93 zD}!V!YqB+!v{=SA45G!7vhO>k7-lRHvP5MqBzyMvjHUPPdEY;tKA)$jhu{3>`#tA6 z*SXGh)Psm#r%6@E#~XiF9RX^W({=SkYi1p7+C~~ zk6&K0T*b=;F6=`{fPhUQ7`$Pc%dIOL9I@bX_fz3`hw(ocjCAG+eE>no6nJ4&uD5BX})A4DP1xKO#G(;??A*C=m8n3A3~W{tokF4oM+82adm& zIOF-_QBEhqocypFspPMjYB#TEZ)^D3`(8II`nfF${z}J7Z zajIm{MPd~!EeSpL$sDsxY3(T)CmjwM*tQ!cRE|G?>?H5x9#=dfQTgjky1VuPcZS)6 z#$nPn+Jw3DVVAh)R;O!XUxb|!jx;zGdc2cA^jvNe>Q^&Y!0*#x3bS|}8`_g!{xP@h zUOKR9aN~Engd}0Z$*23Fm6L=?jOV>f$=cshkMptHPsWvB$G9K1Gy>eNcc- zJi6wS`CL_DV6rn!11`~FP&dx?k>Sinitk`Y^w!&s|Fx&XLIN42)$Mxxz&7fJjs*m& zoYu^UU}bL1_g6G_$Eig~^~v#yMQk4FDm5rq=?6f4f*kD}SmhHGG6}dE&%0#OACpVV zc3>Cfd^#}9?w6B-T8N0Z9*mv+zVt4D?1oo^Sb-Fj!Cy8vHK5o&+O!{MbN>*A+WoQ9 z#8?prDGnZ2^;PV+w%RC|To^0EC?=?Th@(qpnq;lx)vvrUL%aO5VtTkmemc5pX`rv# zt68QS-=V8q)jO{m#_k|uL9(yXqQGB>;Z(^IV!Z99c_!;N5!MK z0teTm#6+jyYN!&OFSlPh*B;jWdzK)?GM3!ldCKmGftch+W+XBF>>9XJeXi0(=g&@9_ z1(ikQW@dCU_M|8V=NUfCHwI)CsKBN}MmF3eb{L2A*U^)Ar=vcClgS*xSAV0qiaMJ< zV0q#QUcvPfvg~S0YdgCdTFZc94zL8xLn()Lz8-KLoAiAH%$tSJNQ_BuH#lxOozr0W z==Za14Aqlw`!%8)@zyY9vO6c)d6UB_!==|bp}RS+`9$CO9IL9~tdfEKJ~0m&1dEGU zWlvw|u=?y5H+1KKI7W8h=8LIH8rl8}R(><*R;#E(;;+BRAUX&Kv?MDlfAh?ArDIH^_$A7a0oT^7er6q9f2{1S zY?rya82Xk5_ZViCpT8jX<2CLAAUr=ge}cB5)xVjT3UW3Hy`ft zYp+g*1?zS@4akZWYQJwLxorOMB;Skssv)=Iix=+?w!(V`%uU&n?;0h_O(dI9wuf~vRX5j(h>@f zKIeq}4Xf8Sz7o3@s{u?a`{jyexkj=Y<$=O0_v`iVL+Vkw1mTg4AC&5ZCNt+(hIl8z zM&NWQfKP-~!y|cP7Q4I`DNkI_KuTiDK9*ekIj427Oaq!2pZ%~wTL2Boz8`ffa%4to z-zQwni2^gu<)>#5RY8%XjpK#!K69h$?(XjF*%%>SOx#vYSY+TTH_bf;ipO6%k!vYu zmdj@Lm8B!*B{mMv&DeBq6A#?E)fByZaU?I~>IMIb(wYt90gtk)=bu@s6^aqGFW23u zqil?u4xpN#J9r`f*YgZ2*33s&b)-9wXd9h3pt%9Onxm8E=NW+yln4U@17{;mcfXbI z>26Iz>G#0SAxZAm{MA*fhDV_S#H+nN3E_}kKNatt{#{LNAAjL1IEjnI#6+02igmbU7e7#}0bd18jgDl)6 zY~h~;yLH7Zj#OfA$coiz$Iac|dnlJj$NfoIaM|G3U@mcfetw?NE*P5z^H8_8)B8Nj z2P4!tg-k3xWBkPoFG&p#AN7OsepBYk1JO)JjH!_feNv}loeL;0B!B|2Fy`6J=&F@K z6N}#3F~ZP5D{_klo}+VP{OhZW0UFrES@7{T4P3iGM#95P2T?7c;|m7WM9p_mNuI4f z_LYVKw>NJ#lvAoEaWS)XSL};KYZM$K|K(%W(CY|Clzm&gcQf}Q-%hD{QUw@tkJVhr zYZ8+X<4i4?W+?QfF+L!qDn4UZT1S3No28AMx%oqT`<0p#IjJcyX#Sb}i1yWX!za>v zT8wBJ`YYCE2~&hVmkQ@n^O7pAgNOe>>&kGY6?`$3tov{9%&hEkv`3-v_z2z+QgT7> z-PfC^ygnaABNbm~=-m&X%*1>U_|y@wyDqdLdEoXyT{U$I%yU~GbYG#2f0W3p8j?H4 zLU@{yG0y5YHQ%8d3*MeLv$|!5v@vreW6;nOz4$O1#?gaTC~erKOw?kd)YjFV_E458 zVbD4G=Dw`c17x@~#OTg2Ex zF?R|LmtPj1Ny?yx*37H-hJjURSU6T)|bm$k78K&I=bu@ zwofSB4*4L>vCJCHcf3>9`c}VE^X7UM0|EgfG^@1<4WTaVNCaobku-LBpqA)Ke1y#9 zcL&5vYl|BWai-lGsb2jlLfQ`HR5?@sge)X2rg&KrtzeMaKC#eCm%e&`*VP=Ev!t>TswB!@VCCod0Hz%r;| zs63)zL6M1$(lV;A%kTXoM&}qw*fqhyD({ua(Fb+eOT8Dv5Ec(rERxWgR;s#t-0cbY z@}0)=Ta{Kby|QOGpxEs@qP?Kq@yfr`MjNfg@NNxE8=bj3$hEXDbsBz?MiV)_KD{yC zv{;~`M09^t9Z-<4vl{(mm*DK=xcKv=7WZ5<&3%msO2nA)`x6+SzIt9h-DDgsv~}3g z#N0kyr=ty!%UOZ_nda|IRJo-@kNl0DpOK3bYb+?!4q^GL&$-o%g<%}iZGFxt9u{TV z*6XT~sO9-ZNjdUzQ4&bI42V~f4qpjlEAHSZm5A|-{a0WK>!YpQnDVHvywWsrS1(F+ zRs`dVzZ;oo`V>tpfhR&1rVIA}Zb6eMAXQTy19L3UWYTXGI)2Fa-`F8RufEpFHdE|K zG>0C`px<0*V&KN|SMkp8>-I@LX<5ys(2f(f^-_S-ev(x=pwj<4)HZp0RNei+W3;`* z)tXIIx>F9)lu>xi+K7Z3Y-Gyzaw({X6U85^7({!7>r4<)xabKfAm|Qw@ zzVQS0`*f@!{_#R{Y}fRE(YM1f0wzQ^}=aa^)zm+2L=n+bLI#I(orhh`u*Xe2B7 zPipRCzkYiS>_QhONZZ`%Ls)HUtYp?$6bA1d*FM(4o@TWCF~fj2-bNC-tZHECzDWPX z#w;X(>DQ>cqvPu=C5JPwIKqJz*4lvO8GW$>eskJvR#TtI{6N9P^ZIcTEP!yUXSM${ zx3N07SxjLlZ&e|`7x%_7O9)d2|2I5@ReM+0u4`mfuZf9*9Qyl%!Z#WxMiVSVuEjh5OI%U#x5ioAp;C%s$xQ zee<_e=@|6Qsf#}ETo-gH^Ei-app@8rjnQ&_mg2Map7l=fvirdf#ZZ`L{H8)`#B%H( zd9Jc*IwO({GTAe*MMI(!Y3Is@7i~wTZ9HS$T_Fr(l<0mHuB~|vB2|?Oo>i;q# zv^S>Se!V-Kh{=OoP9h8G)3m)v^uiOM|X`J_$pe zCe|^qK2^Qlocs~2c`x!(F2~K38ud#* zU9&IOC(xyrslnzNenCOC`v+OuPXvQg`=g96P{q#7J`_yKwNAM9BrSgYRl}DzcSit$ z=Sy^Vbu~dv<=E}qbvfI4@ogcW>{mVaIGF)Af>=H<34NZ@($b$Uy~xPznUS2T(`LKj zZfIzThl|Y;u^vwu1j{s*Y~DSfUp$<)Ug6-g2^-dWrbE}EW*szE_k4SgdiL!BiF;3? zK+wf0?p|oQtSdumqjd}L@@tx>)mU1H=Sbf>gvvgag&oCqGX=#ofWS!M76t!l)+_LLC^Yh5B5N0+LVVOxl{!@pfexn=i;m#*ycd5E}40uHtU`ZR(T&R>yy)vru za39^sBY6r$;0L6g_OKYCIZGUH%*iZFPv)MQA`TrYRQ&S#g!N|RjiLIUjQB^730Sd$ zJ?G{wA7Xg927g~}##pbo_~}KKWihoBrHHS z(G`GpuJ^r%?KAyUm8QEd08LZR2p71 z7R@?XGF7=drLi3cOZC6Jy(1zG-A5*%=i!QF_uDXSgZ0}9Kzl_1ePH`3x3*vavKXB?Tx%7Pt&h#m$!bK1_P&|OYk zE(V3_9VB7)fDG&|wdHo7%-!SGlX%pj?fOvfp>%RYGy77Xt1_F87C=M*Tt3Hz7`&=|NZqN(a0hkQnTo73yl<>HmmwdFZmFv~A4PlbZB zn|QhUgb||o@|k424bTu2k7Z{Zv4^tNiBXH;g7j3cwv4uW-0~n~7X<9Y)G?584}{D{ zYO)u^}?mNA1JsXdf63d&I^eBP+1m_W#L*SDd7$ zL5)JaL_>p8n*90RtL{f}V<%jVK{?`M`7RD&_2R>GI^_&#KI0#%byUYCV zzlA}oT8=IZnIS2iH(gv@%xzWOt!!=mj7O!6PAhVTf0kufgQ9f$zTmZWtG7g1dHKF# zBU#{4%F=#~_u92H;WJ?|k+YKsYM`X&n0n`O4KVt$(8l$@l)oQlBbWh5T{!sPemnXe zBXoOE|V7njHGZz6G6IFa8$T} zfpQTmR3jeo-qUe&Q!gF-$jtceS_)nNsmg{Afq7Y_U%?-)#P`?a=bs&L(SS~7T)N2X zONEq(^_sN#=5lQjR11v{r5M3-*{13Fe^EO(8Tv7d%KhVPTK&@VnL=EE30?}m`+pkg zcIvPP50PG~k;ZuTtJ4cjvYoS^)EKw*7pm#2tqHOc&yOBCj+2%>{SW9ie^Q}b;PUgX zqlpt%!dTb9huJb$E~a|2U%%0n)h^-lbggUcu@>09l!YZG?pk!|Q4Mo$#PRv&r<(1> zF#@^TXr(O_&Z1%9>CqZFO zdyTu}vRd!j3LRrs+aY zpA6U1!)muHX?#ZR1}Zlev=-+fatlEc>a{Kw!VtnIU1i5sVl{>ntP^2@`E#OqO3j9I zWl(cX)6~euqTAod3d|3Z*fYd$X$x2TN;8#&O!zv1=(Y8LA-)p17dHaXiuQ*Aw>492 zW5{e#$y7Cv9jVpTR)CQhx~;SZ6v=E(9N`%>>eSHFo;1V4x?x(Fg>bJde13MoRhtA& zBASF*pxy2|A0F>t@mpi;p2A(Q!CLM?@&ETT(mjC|>3Ai}u7jYW2qr25dJTJkwe7Cw->>8HQXUY23>;yMo-_>uo^mvA2l>=oFEvN;~o~3UHDSmEE{1`s9~$;Jh|a!Zsr!*Uy)IBX4IYV zcw~q#oG(2kGfk5)>lGP>)*8(0JKHpR-|t8U=KEVNeeABHe(O7WYx^W;Z1KRFoUBUyA<?rb`Diy3V^Zy4-Yh_z(MW;V=ugvBU;^(7)xj zV4%dwO8!lg)SB@x7R9^{pE1E#F2@{RcC(s%Rem=A^O*er_g#bgjo(HGN3gSwN9BT! z@1A#L2?UYj0M>B&>vMsrSGqpBl%*v|v>%6E^ppsZ7ck2sBhyIl@2jrj_}b4xU!dk) z?s`GOQczKrGCFz~)$_^(%`Ol9w^_os1@9MhCM14|4@Av4(2_rT{ATy}kYWesHmOFt z-eHQ^uF-CYVxpd*i5=@=1TaCFQ3a0(W70lE_s4!^E3O-x$j@sU8I*`85I8D{6Sn7@ zuA8>!Uvv?#coh7{_vrx+3C|ftGS;iIaY+kd9d|Vi080IJIUQa!=XI>2baYw5{r*SS zCQz#9ilmp#Qac6P+-AGzND{4Q~oBivZgTU%``VnZ)$RFx+T zW7F+6bs_e+`$3;6nab+48G6_AcWAYAG};AK&MJSe`?i^wnG@GK`s9nRI(li+5xpcm z!E)2OrfprlT{d#6=*}4bLr{<3xA(P8RtlOucP_@y)QZty#)Iar&Va{W-_}i0F>I^; zRZ~uvy@)wk%-bs0{5rn^!AH?8hkW*n5$e=uckN=f#4DvnU%suq-p)B22@2z7^1}$o zq(vk4FU+YgGH<_Bs&^42DJua4T*5HEc6BLEn9Py1$iW@xLo3)sKQMbO!%uIx5IO1z zVnH5|HTf`rIGJ-N5ra6{M-3FxM$k~7&o?9{G1bX8jAeO2s}}Ysk6xrf8LP44rC*=m zIm?iu*%@BtJ4V2GIM=aLwfEe9k~XGK_C}5&`@sF5#4(iiXI!`0Lczn!@fT7aB3D!r z1S%a0JdaFDTmNq8d4S^n=s=bv5M*EPNG|cKyzD;f2(AALZ_KEf`r?8SFZOlKx8%EJ zgYn^X_7tNot>3R-`xW4o%|R=#bh5%|x-($?(r?L|dIkFf6^>u$Vo;i-GoBB$Cwn+$ zPaaIUH-xD((IqN;Z;Y3&@YNaZeMS>b`1wM*FEUIV#XFi5FNchpF? z>nPk{r2ECzv=>LUsTM8z7>Shacc1es`#B9crKHMOIC*`Nw44mr-FSfpCGKc-R2FN^ z`hHRJ-`)A}i?ZlSUM?7py>AFZJ&|DKMSKF^s~7m2m%%NrODa&J{9T9JxP9r-x|1;P zk6;>)A8Oq5-)VV%d_q#3oy*F4%5p57rSks65egBJ`0-@wfMOGaLgqZeILqCGs@y8? zCHqvpZ@M=R^#(avNynK@{?i@c;ya$*v2e$MfNYay>2sp>ro0pEMKg8UAQ1DRlIft# z50m(ph0E`dmkJeY$7u;Gbs=wPJ@W_mwM<~B=Yx5gC(sGxt%`+COVK#SLA2jjsL@%9<%;lyZEnJ+_NkQM`e?aZcmObSo4QMfHRqVGJ( ziNt`gzH@rFy4$tiNm#O4g}6IEe+txI!#>E`CnWCY=S;d^*#;NP!+?(2k)z1mMk*)f zvJkJW4?(}|+2nq;=FmU(j1?5KVYkji7XGm4)RllNe8XF!n9aBZfM_cujs~K&xQwSF z1Ag*;>UC;zb_q;O{nFf zK2Fjz_e0ZPmK>ZYVW3c#!bckSL%vqFM1{ifWa&S4$cjfXfghue3USh) zs-gTAyoEY6Zu4p;}c0vmG*O+4#Ixx1BmhL0q&iUgS~Jw7CT$|jpCQ;$UCC_}Mw zF))buFekQ2P+9J^?Q$IPwe8I&up?XJ-gWvRlHNNs;?mR?!X-4`vxA22#3fl8R1!T5 z)@CsxCSa&9EM$p(JpVTA{Tg6>iCG?QXPhl+V4F276m_+4Y+@6lSS4*pNtAzQ0vcCw z<=g+4WF@`(?0-vP*nuSPhsEi%FikwdS#WF{xcBp6VsWD3iKDIZ^mvbsmVE445)bd* ztvuYQ-9S_5>(jtyJ3A9jl0AgMJRiu1Yzb~<*-mGkE4ycM?cB*L$J#jYeqhI8CKhFr zMOFc}Qc`;XodX@E2ovlqzP-zoI|i zQ$VHU{T|qD0X&lZz_2YGNkgzAuru2zIdBQW;8#iUHB6&Gj!3J9=16 zn(!ZKQcG=vEX=)FTe)|V1vls~D_<0yv2%+zT>n*R*y1m|CBdA+#sW^Bo1BNlJRy#l zzDbYo+K+>6>?ox?RH~M4>wY;;VN`JeXvw*d6y?7 zAQidc6S@qUG&MDCoCMzenR*7>o?+Y6tFRY}W2Svx*xA%d2sdy>eGcVu>h;T)=QlS~ zDKtT#&OidD-Y~BzcIXf)Ddt9y6Q(>Ox-c`^u}M5MO6{)0&at`8Mm`%JV8$mGgS5Ms zP*wqhREll+Ynjh&^#?C7e#ISB`3HTKbfIDy3G;j)02J|R^2z$Y(DPBM zLL)F5BDl4tU^E3VI4WH-#~lT<68S6?qt_)d%g_T;hO&Z7zCo1!Vg*SkDi7aC7o>!r zB~8P1(eDUpyB-ssKQY{viFxu$cuxgHl0q)U#hYp~UKs}^)1TX3=hJCFm@h~Cy?!(=? zw{~EdYc2#Z6@17{N`y>eW1cZuajszaA}!i#(GE}dymEuLU6EQJujkAKuo$t*I=7Oslh_rDkrG%WC`gkgii zXW)HXkC_RF(sW*Ky$nauLz`Px#%M2&cd{{DLJZhpFoS^J_fj(v$bxEsHK0Mp(%~n2 zI~q*?i&$YISaW}NM77X5>KRCG&6nalx6%0*0kmHZoUhax%l5}W{@gIbRyg>YYLabT zz`FV}#EkXb$rCyO6&3@@=0h*V6nTdb;EyM4D`x9v)N?K@o^8kR^q)Q62f**ECQ$X& z{9T(VGGCzD49FM}x)Npr+BEQ@aikXw_e{s!SadLr9)HmO2~OSuDwN*KN)Q)IZ|+8% zZK~AKNdw)bLCD z85)!Tgy8Rs`J&rTY9WZ^?(j5kx&t<~kg{E1riDt=~A#rvMQ_HjFe-OU)5Gbt5Dy0bE@U08Stsd+koU$+k&4#SG zv>Uq!4#|x`^EGZJDBm-cTXM))dBfE*e6gT5fWk^H!#bPedQ+=rYEj-1adNtgx@5}^ z8EzA*ypx^j;vx~O4y-)Wg@vX1e$@-o4^LJ&+5MCRRzKlMk?SES0Gw9i#Q%!QNH_!s zF=Z4xf9a8cM9Z3Tp5kZ0XTrq@LftyR-`ughM0ot@(Y!=-p+}#886B|x)_c6k5wahV zqv{X^mVjY)Zh$5XoPgw%CKDkB4e^UL@=cw)Fbw_lcCm1Y7-8XM;%YPupf?DF)CRyb ze+n{)7`Rz@)=#@-<*||zH<`=fW2A%!^ape}?e1G}qKRHuB3#FxW3;HI{)+b|3cM+- zVua80QE$z5DHPI6<355W?9YxF5b_`C?xL8zdJ3k)@@#hfQr}s@r<`mq<0Z@6+MzV@ zp$zeT6WBx$2QOpm;Gm~i^ChG>iyMImQWQEtkM||`?qYI4iy&YROhu?U8rLD5&arGO^?1~h$w>XxN z>cZ2RW#nf1eOb?$?(UyAEPjBGAMl?2`Cg@YYY}mBhZIH$(fi!LtJpT^EiM=U{ zEAOD#4_tfy_0lJ!HU!O)ijVUcgEU(oc}=^Y7litkynt(O`FxZgZrh4`%i3S(q8Kb0 zM`6g>FJwP1@BNs|PCTb80{HZ@@#G$K>DGxjK>BWg{sqRa`w0_Xi%T%@d>>R!7Hj7v z)pw#0A0|*YvN$%{P8gL9+mIjKJ}&`( zZ2*7$f}nviHd8&%M24FZB}Xhb?)vg=|I{vV$va>h?N96^;aln8w#^hx=eUuqZ8ShHzapt2jq0) z`AB`Y_+gIqXvG@0#UXeH8H8?)Xa-tgB6etH^wY@3MDY8_Uhsw2TTJq-w|eSr_Nu@1 z1C{Sk16&IL=eY?OnCJ1;+Y*U`U+mz5Iyr>LAe8~OqJgT$&ZEDbQq`PWbUA!NsX>6?O zX(>zFLIh>aDtJG(!W0U0CB5eY3Qp|A=dBjR15z-Uw@ciW$tVi8X^Nnf=s@IW8>6sn znz|kH%3c`i=|!B>nWf#;0&E0DVv`b%d8__|eo3mz*M=Uj`+OlGZat`;e&j;>Yj2Hh z?kL9IvaYhQaMLkldv|H~H$Nqi!K6JcIYI=^wG1PoPM`BRaL4ozQ7Vn`^WZ0)$-0+r z{1ws_PU0sfyeK^VcOHpz+yzfk-MQVNa;l+mFwTpnb2LfTY}p;bA^mi)kBI}XCtuut zT=nv7+}Hr-F>F8an?7E!E%dD=>4`oUCS+2ey-0U-Q&Pd4Q=xe<-;Z?tCQ6Z`K5)10 z!~O=J-OFK)HVhx;T2865e?JM4!cVSvDZH+NqgTXyW1s=TN%EFdoHe)tA3b#LsZ9`3 z4I7J}{MZsWBwGsJvs3aK+)`FaE~5|so7)xnC7*pcwS`8u!CqzhB6@WfXQD`wX28G1 zbSUOn*U!t+qZ=W(k>>vMGBf&zThPx9)f&+z~h=J&@V8q zSEqCsC#M4G`mB75EZD1Ge)B)6U$D)J6bIirEA32=Kp}o>ECs(VxKttqp8LUU_-Oiz zcekDwAn;ctw|j2`<7~SJ2ou6}xp>XfoFzi5Rm*aRMLAV>4+OUWnYs{br1!_6MJvVv zl3h+rT)%9RD`^H^F3lSvM>w>s%1$K3*7eh0FGQweM?{)X#*YMt{Xq26(k_RQGd0Hs zGPJ`KVpzaDZg)mvD{W<}p{awQE8kN{Y7%kcz{+|1yY+}d0`aE=^+AGk*+H@v`s?c4 z9l+K6t>^e7D*x#tn^eA@XIl;}>9?X(4;a4;tOniK`xJx<=#4_+iW;&f9%sTBOE9&nvlP=72_@cgjw`!g9Cw=$8XU-#kHP~Q zilC~yIz{-2K57e%5xl-z?$Vpfyo?A2yCKu7;Z*ZFnlWs$M=nn*+S-;8wR8^1(VAgP z3Q%^m5U)8ln1Ln3yA!l`!2>C`*Y=P+3yfj-5}@~@%W?Ugb2<(tG}F*S6vQ;n-G;?5 zB!207u1Q+rNDgNCV|vVNzX>S~IjxxHYxjn=zltEvJ<|1V?Woh($z`=4$kZK7BfZ}l z$~Qckh8Lf2+HlpASXZQx=CE>Iff2#WV{?$qk_mc|iX=xPU32UKF~SSA;e)$3WlMVu z`C7}wRpRlE#hWKt6&M^X2ZEh2OoqAmnqJtdwd8JLOwy9Td-U4!z*u2OPE?ppM=P8w zoo{nRO=bM)at_ysyAHw@qL|?sje)NQllw*Nl#X`JS$WS~tFU(ngc(SZ!oe(U3#yU`aju^i%{f-Q}h2KCq|e<1kq)y>$+)LnljyCnCE!7 z>X+-b{b>>f+T>-S^jx1TOj^&^H^-W&@0{v1v#nE|mPiHarFUDwdgqXY%rM{f#+bNJ@ctTU>tuXAeSr<_Xh+@w>wbn)+h z1+_!Vc7gO`ipchSpto(jf<~l3lr_pGZsoirI`v7Z%_?h3~s!2&%}1lwtf)no+7hdtf9H)xMXUs>-H&#IoXwxo3Cr&uo7& zkuFQU%ul|j&(UG57=0-!p5K1S{pe!unMoS`+w)0UqyD2hM;m`)SLd^Q<-^JQMONXb=hgUxS$I@4#(xm#Xv0NxtMm_Fw~ z5WZs^Gy=R@wdB&wA4NL`6F1vX=OSPgG~E;pm}HOdG14GcnCSp-%7$pR#$d_DlxHF zyZ@oOnAdMm!2aMmHq(phcG|mV^}r`^@&m$ISB4V7oFx<`Xlyod zS*<^&-MyQ1&ghf6_rYpL+R9+Zup%}LUMbcM>!B&eP+)gthd3aw~LJf zD?TyR1e-&1%{bCA%bFoLK$zt(07+G-`=!|B7WhwCk&qjVpBK|crSHsyiS>~CSm_0bOXhcIe2r(3^L@6w4(1MS2| z-4hbK`lN@NP0_>}2}!<3$~X~5<;sVT9@hHw^31jN@)TUm@h|1GkK&Utw1G>fclauh z`jxqcO0yq$IzmnfWrd?SWI9;Hyf0uJ51n(v{YXDbc6ckTY(&kzy zURZy@&tYqe7L@)WHp5PS>oc z;#MpA@e62imsqX-8@V$r4F?F)z+2C+d*J))VU3+i_%VsUDhw7_%E5Z~oK53)@H%;s z+dM}!xyOSfHrSU;UhE>f^{k8Mv18dsP#;I%hc^vJ#B}|@_}l@J&b5OmtAdfk8J#u1 zch1#6WFMFw=>CA|{^fedM?ksCI3Jo*uRme4tA@Cwi#`b~)CmfN za*`OMvUtImDsSoQ&8xx0I(V62glGlI^E>%kLA9IvJ#O$r zVh`|%lH*eRWnC*OkJ8xwj;h>rJm@s!XbFwnY+SGif%jdL^bTaC;|IN_-W^*r@>8a@ zOlaZ&IQR7f?)yIE=JVUqkpi(9aWjlP@n(wNkBMR{fzIkzI^yy>t*8JJx1GI(?zlp?+RVS zPzAn(h7FEKsoZFdGGl7O`-!ZADhjsk?#DlSCJxMhJcKJaB9BrkD%VP~G!Smg`26lk z+{Y_3AoR@ISYpmukbSqG9$8D53)TqWb#Fq8I59sfIFkR1gY;37ZWgmg{${p;$+hLt z9da3|M*WW8JBC<8acU1tFKhdIOl!&UNu2{Rp$}x1wl?vAL<3)yT6EnU zy3M&@YJuD zdA7Sq`6~MNuuJ4jNm;$)W91|WWfIfl{O|f##k&sS_Cb!RG|RDAUw8dB(^cQkc~O!q z?q&rs$2t=^wwpS11gPq5%5G(H zpr^LZHdHneq@xO)av$mDRjyjQ#f=?%v0v7y>Wr{IW8w~t1zhP5GO@ilDfpen9|u_{ zBuZ0s)7YaUj)E_&Tk{fJp88v-O>0sq5dBa?9sjj&B1t&A?GWxwtY$FLS)3dp=AUBv zSG9Q&NaQq%N41A{=_?d^QXC>C``jU%oSfXZx#crSv1lspwlcC}C_To1M8sxuTsdD| zoPCBV^Vm;|&dpn^Gd~O9%PpMIrAC>(lHRrOH9zn!9i?7B;~t{O6bQw8GAO$l*V>gV zhigMnJ@6OcuO5G6#+|$u44XI*f|~)h%Zqz)W#$?Sfmg3}zjm6tPJnjK3}YsBc}b*2 zwoi%nhn`*UldWKMkN>(_33ViWve2M(W^9Avfjdg(dgZ2-1Le7+wvvBxFAaJWz9u+u zV{lla3q@~~DTRz(M?9fJRRSew&QGZk-6Wfkh0hmn zrW#5|tK~c={;?~Q-cP!v{?aPKfoAB?hqWXAa*tBRTi6jIS_J^RA&vi>tddo zVE1iYvUKDC)wj#*Gjqta=?U0Fs(jGwD2W*>Bksx)w_=Aelu-^NKXP{ouivg{t6m;= zRhwX#S5BlQpX9w%fgC*y4_E*Xcyfu=t#s_-(8qqmn=#R{(LH12c?>(JIX4sO_sR>u z=J-^_F2W0+nWB>Bkd-~&cWzNr7i$f{q;9F^VLIA{I_>H~^0vZSAu$X+x?C=B2_Yk|?zg|(g;NjiIeaQZI>GPP7A$!)> z5@z!7FI*eObxyhTm@G{R`=$yuhIcNw5olW`G3wj}LoI!a1H+d!V1Ig|QUNNIlMTunpfRs`Su*7zD(qnwfX)WZ2SGli*j6<4BN<<{K`dcB`9dr@N!PuuC~ zHbLuwKiCkK7r}5HXhIpD)105=eod6xYraN#TB=+)O9HEraLY2&L-^G%kg7yk#rIU-iOvs{gj)+EOT-o zv~>j_-5&j0+EWMF=hWIix&GU~=Ze--Z)WK911PR*Q?bkj~_ouD&w2Evd1Mo%SWi5k3FYuWjbe@hb4%}GT_>4OHO07EM zRg`=nT-vDvE+1%4L8B*`+rXQ8?Uak2X;J2@1FU+R2hrcD~#X02MV*5iP? zrhhR39%;24p9RjV`lVT!ZWO_PF14jzxAn0%e&D^UEO6h7i-RIDV@ktKZaP$CUUa#Z z-0sVTJnBApZ0FYRb%G!=O=`|H^@MofikFu z4upg~G=Q1zLL~z@$`bDG(6=$Y!=!^^Dv#1}oWzs?6#yk_d=fMU($4-hQ~=)5{XN<_ zqT#I=_UZ1~vxm`I!Cd=_x94JRk5HI-;DHK)u!+rKJ#d!$U(%uOFkl#IPS|VmxhjG}2DruTpD}9}f6?;5aj%sigIw`C;(lUF%=$ z+m=Qxfb5g<_M6G$Z%fy_qa~jnn>Q{9^S{P37sbf3s7OaSKJpmB#R0bBf%aH7%hPr_ z`LiJ5LsB4%ZRv|<NCQ-agyKX5`Ps>5>OD5n(hI&gS!9_dS*TG=<_VO@f5kwO z6I^fJt4ZqZTfe%0{`-$ehZp&wG)gm8554fBu{+7~#FMBfUL`IXnMvQnpKzbaofz;I zuQ(7x-_8zfl=3CsZ;cqii0RBJFt-x(m za~RG^N7mka6!UtWlJ&J<;_5iYq5ggA3%)O~<|2_25zP8X!tf(rzH{O9Iroz2ADeCe z@=vlPKx;pQF=XVwr2{hf0Mz`A=0ub@0={`NJ&M*cRW|X1)6Y9J z_TTsYMG{?6{#n9d=6gO!$#f6nJuWWv?DX^V1lvsDia1YVmVduGY+8vugv&EIXB+~> z$){r&IT(vMI_>f@dY@GZG~TGXsok8~)$eau2FW&J?~}D0{eyHo(ZA=FAj}yKDF$)r zU|(4eJYJEvS*P%Z`bLcgl?@h$An4AsYKgO~0VyDiowq=NSDi9g#t09rSfDP{6X{6| zsXYnz)9Ua0IYtc(kyUfg@ts3XBF(U`8+z$KRd2o9erdzQ-?CWo3jOP}axL!pdO;PB zU9e=XO7?&De+M??Ll zKZP+B5OOg6=H_cQsj!t0lbdBeagr_4=Yl`h0$cC{c^(~OmzR-3Im~9S&IG!xTW-XA zJjzS+edH41=bDt-)o^7echx45QGW-8;qvXgvbQo(P}KG&v4wug{>d55uM%~5gkh>n zHs}zJKHB!xb@D{`YDtEmHr#WaO{Ywajo6}vyfrg6Xtlpm^?Hj!jnV}>j{YN1L88cu zp-=KrguqPsr0}^%!Obeq2p^t;KbLiiZoCg-qq2No+}Av#)L8{kR$QGuM%G22tIIt{ zNrNi?hBDHL(F%Y85YI4{9lu~$b9DGY>$nJO1L#T5arH~Y)Km?cYCgm*4M@GLIH>MM zP#ft)ER6Z7&r{Gocu&0Fo7*<8$2Ztp%k)7FKEy|5T|sv*4wp|=W~PAJzSOX)a=Z7< zfKS1PoFh^H{Q$RVDC#{E_%dc3@~gjU`aD9W(TEVSJKqf~S<&+CjQY&o#&;#N}nlPpHO0&ziBPU*X0-P*u6bN(EqScX4xxU-f3Z3=$vg`CXBfoN`P00Aoo zd;qYW_<3vDhZWBTCh7au6^vnphB_-EbF2j+>TCZ!rl(XCuE}PFfsH)d94+@kmB%BeYt=ok==;8zK>=&a#UZk@y z{0nhH7>I={IxPJvls7H%(=yHMHsT>j8fFgd`@J_#Z7Sf-Oo?)|!=mXD;RtWsa({1- zor>6;yCAg0x+O;wjx-%yZ0yq)py@YtX)6Tp4+iUiUo8#%WqHhJi;2vbpg)HNVh&OZ zYzsoZ&*t6S4utF^4b}~Q`?^D0M?YpF_E!o*KTHx4Q;tTnl}VxDgpJkFuc-n%0ee70Tr?>UQPZXNG;=u^XHvnc`Vkxf*(W zq5g-puLM2b26CD!qcKj>r!Hf=qc!5y#AwDu03}p0&1P`g0gapN~UaQd|=-!ko3~Mi4-n z>upOW(Jo9mCE0b|^#^uyGJ2DVMD2MPWmM)CYw5S=zZ+RBBuEAX?`i>9;z{Z32=n#Z zbPrhf^pPX1t6d)O3D!668#HRX7fU*n?>rON6u)~6UFbLQ2nL_f$GE+3cb2jsxxFB% z+_$b!SGje5@N8_Qi7~%>VDk$VyWjWpe6GB^?LSgJR4-eBtu(9_xtL=q!NnA~k9es& zay3VitE?`GW(jVMI64;rnailf(G=ZkqrbZuf`xj}HR3_wHa5D{a2c9Py3p$T?Qm&zJH=eIerk=?!X#s z_uSKaHY4|jr9$$xMXNOf zUT^Z>;YSJYA^`4E&gb0y zJzJD~eC;$^3z+;UCQ3`->0TR!E^J@RFBa&4&j5;h04tdMfJz&R4|m zxNd^aRp0cG-*Y;!3E+bWfx+;XHrzv(*`0{NS~yx-}3Z6|1`dmj~?QG z6+{1!dHu^0E2FMI)Q+lJ0s)p1yT@a4#MDKf#qE(kq!WoFQ343X44jl5kEsmVCO;|u z0~xLbz7J~3h6F_kvx%nJ2x>LL!$y17`6cFXz$dNjXLsKza9z}vlo~5~OKj6U;0)_^8vo%zgx2yn=`cI5K`qz(c9$5Rd=)ciU!u}9KJm|>`$#5sK zB>J{TIBH$U)+@?vn|c&OofXUT&&s2)ni^)<(*7hS^XA4z`s7yolBohNawicIQPZGo zO!zEuQ3T_2>8+ld{%lQ%igd{Rggm}Fr8pdW%goHq zu{!4OdK-Q2`}67h`2BJBc-(jQgZKOOzFyaOUeD`!O$XhMO~NB@8|!@~XCE%PMV3b= zEP{1zSSM_`wXR8)2f}FeZ?Wxs5y?T$DZd%5BBTM@(sU1ZPkW|AaPx0Z9)kpr;(2+{ zKC1JjXT7Vx>ClDwL0Gs6^W2Y0aFvzjhlgGoxCg8ltea59-uQ#d)k}LnN`*3z22lS4 z=5+Y5)Kq6=A7cfyCgm72GS;SEsu_O#lAGA&B~Kg*h-S*ji%=VkUJvD$KD!p!l8+WY zj>&_moPhx}7U~$lm*UL3gBvyS*-tecQsig~`F9o5Ckw%uRzO^TOZL)-e98Q_Z?#tg z=P4g$T;o2f)VunI_QTjLaA?eb2b1|{oAsKO%+)&wpMI?}H0|=JK zG4&3xC5`t`LFZCWk^1Z9KouwEJgXX}9*z8?M{$Sc83^x%e zy01Ut8VVV-_oG(j%hT~pT;>#SL2GZ{s5e;I3vHY*`CIoJ@*X(}=Gl*OWqW;yZm88kr;&e%55Res73qiuDo_V@9Ne4FEARxb!TW>NxuyY zRV+=jI^f#3X~Oqj+)wJfuC#2g;alwnZ`J2&Cf&)X3w*i8{ryAPU#MMppeAPZ(0*mC zQ+&7OG%DBbPILIL=ASvSI%dYG`5N`S+YLWIln93~g1Ca1p#+)->?jAG7LSxhY)X|< z+~e)#{4n48%Jt+nKDUwVMe^QN%i#-Ri9TWs9X}>ofT z*Fi+J20zp-e8z6%h=n1l7~+MR1u{;2__wlvwXxv@e=mR_k(P3nqf21 z9`|q)6KTh%w>xPY$4^6zT&puo?oyo$if9(VbuThc`zfmZ>ZL2(*jF0VoOY7*X@5wl}QY)aygw-pAtWL zm;9dMW7(RsFnc=O{Mz@@uWrO;IhLj;|Q1-o25Qg>G{LR-7dqdyO39cOPP*6}9w@^;}H#U1ayRReTg@4szGedHb*mZ?R>CrIjS9$v=V| z2c;-J149nBjh>dGRfESRo5bWfE9Vu4sBttM5coohWJi9?V&yL(Q+7zi6&qKv{cjI|;-7$03 zmoTtB%H{bG3Dy_>j|(x7&k~PsQ)m@;K@4rRu6g|HhqZ_K@}(H*ZmX3tbZpr zTqOb50JVW$I=jaAlpl=h27#)B^_*ET<1kvwF$L!T{xyZN51u;-zWx!Yls$(aQttn^ zpJfrM2X(QkWvpcI+^ws7AnwZ?wcHw+qJgUn4cSv!{tQrxUcI49O)_}^!Fe*2DKDo9 z387$0C<18$o2;C-)2@dH_Qz*bgXK?ij4F0n?FRTgPp8mGYYjsE z)Vd_3kH+zGabkLp6rrhoUmRdo5G#m=#9_(*2=I}<{sH%q&~P`m6q5AO87Bm^&LR_G z^<-|}ngDHOJk(y6;$0n8eu1$#Nhi$9Kxhl35|Bnfs^Z#$AJt1iu=L1c7jk=n3+M*8 zM_HU+-pp+a2i%GbsNp7^#E2E3pILr@-=C7UGigg1Gz#hD>4VwsVHMFAy!QZ}{?W$M z=jC1LIo4N2c(G;%Pya*$0^GGUf$4X^*hx(YH^*B%V9P5^F>S0bU9TUkfQ{u1>)QPu z|1flpy%r>kW>OIDd2^r#BP@uau<=N?@}J+bUqFDs^4VSEFB%aa0sMon4r4inWL{h* z6iU&lyMkf>Z53d|u>hgCp?v0*A>lrd;_dpbnc%m6OML@L>XgLg@B0S)+N@D7P;|>6 z9r)(uE@(z)K*FGADHJM7^XUnG#6Lmm;?0cF7;)j>py_z^JTJKj@5DLX{CvYqC=w8# z(v)`MZ~dEBsRHYb1*-7>9MpV>T-<*Ymk+`4R-rtD7WRh|0zkK?Mo$0NOYg>kGq0op8IU_by4F1IjQe5M|c0>Si{k?O$#Q*vdLh&K~LwI?P zi#wOeM1(;NWuIY%`QNF~0Ca+*o~amEzRZBmbRA$PQ03;|5C}evHE& zU>ByF##rrkIa;FG)02tn_t;}4EbAw&`s^L666;Zdv(G-PH?y#ikgaPn3WC6chqjMCxt@fRZz<{k-lX#l* zPoPqE0#IzfqE{I=Hv@O1K)ob}*eAhF82b})$dy%9U;K8L=GDk>BD;ARseOEf*f>_R zx(J4zuML(jddEIXcU$p2d7oarITs*lJ1cO@C0@$7YRnHmfV0RslbFK}naC zWFG?h*?<1IQzX4Wzql?f)FLXqHFT%|a@E2(S+mhA#7sxSi_a>KZr^uV3zA(>rLRk2 z0EZE6;>p)bx-{wjH#pMCq+;MV*iKKnm~a6GFOyR1w^G_rse+&zani) z-yWer9qCv(Grv&G(2>2Gr3ye^X2#vC3?R=IS+E5%l9PY0POVyA^|8_ijVOZrWIT)F zR(6JvW>TXHE`5)lI?!TuZ_K_3mLSQ(Y0LK z|6ef4NrAi3j(~X6VxxgYB!3U*_v3Qry)EnGgba?!!7RL%9{ECR@}y|YC&H?&{cAsu zYT!yt?=J~3z}V&4=CcVza7VX+JLu8z-{KI}&mivviG<_8H&E$YEy(RRtxYct9kRDm zMymiJ$v(SY!LRGbrM&U4*z&#?WA04ft1hs&G#A0u`Dymnk0l;14Z`{WHswjENYQ`$ z61iz0W(4;Y8oP6MP4mhENVnlQ0twWAZM4|5M$RU}853`+M@JBUFS!T3v@SodasIWz zeC{_`QtXB&PtZ9u@0@N4;>9w%V$b?*BaOiOsTYBS2pY)whO-^3Kdh(7uxCy~2IOdz z;hyV|^mUneqIhz>!+7bK@z=#JNsP-@W$?9k-{dYu$k%KqL8$_FxflAsZnu$&;B6ic zw^Mksi8&=j6A+_MEBy2J-;W`i8kYu^##6v2K&C;BtlQ1yw)bi0an_+PW?S%a=_?XB z*L>42Oy0c_t{B<4Gta*!?!EQ!z6Y$1Y5;-K=VRtj5yT=D0o-w#!@#HxtqrWZBV#R> z;JnQy*-NEX+F~z?lnyiX!#Or#-v!6ZB1&(>6hJ6f0GKxpUfOxw>}fF0mp-KyI^@oe zVY*^uut&`O&D_G#Dqe5~*B}i#0_p1i5&}f z{a{RV7eT^674Ca2PB2XElQk#icJ0ANDsi;W*SY04nU8IMNbN0)nLc#(>e5k|V$XgA z1!d^Xf6>a$X*QnYVr`DPsLvyl|dfSi@ODAV0AZ;P;!;U5{vGDD1P zyLdG0PNm+yTSAB}Mbc2>>W!?4rWUUaW}ajN+;Gxbji@%J<+EI7YCqJ(OoDaav-JWT zOC(bh-ACusJN+1~JePSOx#wIG_WvOYJI3tqz=zf1h6;0$*!8r#)1kAY5j-r^xA@a@_7+EAO0uCjvuAOc|%ZTqG}pKeB1#$1ek# z9Npq-dIRNf^+Sz3gSyW29=e9OnBbs%N=$2F z*YZVHet{-PmXGa!4=r_)w-VLSLY@ zAQx{)aZW ze=Qm-u-p2`R|;Z$7?<(%osBY;T+!f=IKd%NKK@$^1WBfMY$wwvc>ts=rv~;7)ioqg zV;SedSzURnct967Lzlzed4-DU^?n!)*83zYor2hcrccuDhSlR-NR$mGdtiE>F zu`~Mi-=(pnQ4>i(MFdhyWMRgoVgYD&CS=m%cB?f4j;9a&ic%_cE3l7wjvYWKIFQCo z7ks_79cMOD|No(S%4Gt$Its`<{tSAOifqHzmlIb_E2K9k&n`e#&vI~)GVk2HUfKFd zkQ=(l5p1(9)O+v#{iHT_IL54*xEg>eVUQuw)hj@shjz-^FK<2P2r>U9SoMqBr$G~g zVuGKGVyu^R;bfS;k>T-P21^X|+=2>&`~$x~@Du;3&UD7k@8r5|@S0wUK5B2TR zk}R3ygr)?#rwwl98a1#epy+y>pH4yc9l`m{pbQlL1h#goYsyY(Y+fOSP1x&Ft9D6m zPyUSLpUU8P9}tNXR9HoN^NsG%l$`M>uOy`afN=&&4%m`;?C>)hZq>-e_&rUE@}6~p zwCJU>ml~>GSA0yTEm=Bbb*krsbP5}Oo2#sMt!HWV3WP=+^tWDY;K6iQe|baS^?_9c zVJW9U0_^^Og^mA)Dtycez-Kk-p7~dKAOE_|*l{Z27?FEkWa&I&nnw!oFF%5K%Tt2y zP}$hxxsX43Vl%lxk;2c=p^dWXl`9=k3Zx#A=!6A;V=Cc;wi2uJsvL}|O^e&c{g#Vb zs|%`Q#Lo>4_+2$?ssOE$srH!?%2Uu-^E#0w1?|AehR(GtQQAqU)sGVMYx!p{Cq1O? zGSK97nD6;1z)@}nd_)s+lf3N*K(LtlA0+g1RdzYHreZ*hWQk_nMpW7XUn%1m*hzNt z0%C!bwUfLB3s8(96SI=aKj>a`stBnReb#LX1}cCYN0a*ejjiE}@4p!a2kLBkSxT)l&PD zYAqpU{VZGnZUdC{>br~!WEb`#2_uYvJ2lCgolnpa(z~85I}B}?-H$k<1l%sRHYZcR zJ-z!snHDe9IjHm%@dW;*R1f;^E2B3mt(inm)N{^G8Rt|j#>&Guq~`1;3XzC>6KLLt z%(6=s%bQoP8>PzljnbJe$v`hHr9mYt1-_D1sKsjDxbIx>TfWN7^AhM<;KlKY{2%qU z@yIGPx75g6j%{EDMP;$uzMD$-{B>R79KUt*K7@6w{ej8?lv5Cbg{pLX^h8fDm;UAP zpu>=`4f6q;XAfl!q93aDMwOQq zz-wVwHVmxJCNtnz_U2?61cG?BGz9k+(CS-MF{#+RpZ6Zz zFQ|)xm*{b}{|sN)jJutW`ZQ_tboBo(u7ey8hfle@8}Q$^^8_^da-l0henG!RX{5+?+HC$3i3!sYBqcQ0d8P zIYSFw_~Gc~pp)h7<#WCwol5|$Y3H>@7buWoB>)xb%%{Mj^ce0TL~!tuG4{0BZC3Y& zaZhmFEipnx0qExSJzd-Amn7>wlc8Ah#=exCy10(*g|T0gOYcH8-2;qk!2K;*QRhh3 z1(EdmYu0kr6K^GT%?6H;I-98VzL_AM%#0caE=-46zBYTI8Dx?gD;v~^q=zrKF?s%vVewEchramyeU;D!+tkbZV(WgzE2{D$}8x z;+Kev!#M$i`#dxcuz$;$RJ^MljEXWPpCb7Z%eK=CV?5Nu581zzpF^!%l5Uzn8fJ@Q z+Zu(Cl8grr-_d1zLVjd#4B`oUoU~<#1J?r%=)ffB3z*jg4x-qnlbE~@{YofQ_7Q~u z8vOR61>OC37rT`u&_?D0dDlD6sOwaR4yCl%ENTXHHOqjbHv<`G7^iNx4M6)|S$~JX zH5agJeX;8U)A#enB23kdH14ce0)5GAy(8ba6$h^5u*vsXuvxaENf`<4G=W|?r1j$B z^Ksz-1z^GBpW^h~){EJ=@~Q}NZjQcmZOf+!B0eP#WT5@)z%;eVQGz6&5$+C)m$q?- z{oSAt%`>>XEGQ&gjG3T0-sw**kmw8zZ5!Kd30qKWp~+pE;J!^M3cE#H5dwq0T(4Z3 zKuN|-6(Pd2=ZK4`{I#?|2IIXntRkz{YkfmNhgd4oFgu~V?l25wgGnImi~xoHb(8DR zo8nAmy=U%etRnGH@%{a~1w)*5h92l|zCX3~3#d`r6BzjAIaqdfl8fLI52Kp}0C8Hz zoyZfPq>T}Jj*kv=N(%SY;QG&KqZRTwpqMkVkkn82lZ|8Qr-JL{0V67hJ-;6(AA(SB zc5tkYtD7^6=(cJfz~cD`@gC(ewfr3)x<$gPf`kv^orvRdhVMoZI_^a)W~BQ89oi=7 zj4%U@`hReN>*|XzRNxn`R%9{s_kR%M-(=vGotI)Y1So|&qa}4PBhml9{E^P?3I2k(cw7KNQHJvGuXzyA zMSaHEM8dqY5P@j54bS2O*_ZJOwf9fMq=Nz|h6Dv>O6bR)7f)ha+Vs)$w zQ@ZXAQ2+|Pf=);qq>(9rBj)rFMv1{E87VlQc zk#}~|I_9RZwj?iqVvpaI`Ip<09D8rc16}u&*Ql1d8b?;kY-Wxlj-|659+^Go(hYK* zFvT$%XxD5&FEEAE4gW-gH-jR7^gR61|ILR7lf}TAL3ZVr{U0hWgZDx2YEw7|8gX>_ zjZ{o>Ky?oLQzEvo4^URV((7aTQEEkQFHbP60)aWT3+)4KK&>R)%^MFq@RGU47$S z9rU3M_e>aO5`QIbV-X=b;Z+D4ac49Va$jK7y@2|@1cDvR|1{Y{{QloAh*I|%OoErk zwh=3AA-F={w&>cjrPL%63#uUnYU4KqOc(5+u&)gr(*8hWAq#U?XQ|N(ppE#fxpjFk zx+%GZGYb|kA8sr^ob4J*AV+Bv_1wnGXSYA*{e=4k>z+ZbeYz$FpCjP3hpGsz^$S2# zWPqzV4J&it5$7A(t?>)Zqh=i2qAVKmyVHOdu0U(PM9YEUS-1%tGKJv4LZPgx=*9!0O!|tApip z%YMv7keSlfV zLctw2IO;S3VQ7j`RXzheFrZNh01&o%AWPrQgeH45@b&%=fBauiX1WG@fS*KmLB?1I z{uvsE9k)3!s;~zB>&Wc4_9?fUD!7 z!uZ2WqU?VVweKWTYn0Gm+OH17@bW;x=Ndtj?Av|}efY`OS&fdTrCfs8Osn0221 z2d`QN^cxL5iiX1Gmi@;B8&1Tn+emNUG1-sg`ym#D0JUzmHy3tUg5CmuLyuSPEIZU@ z%3gHnVE|lDckx-Cl=jdZTz|w3&g_K`bWIuOrv=^2;wpKdl>pWf!FJ$p#rl6W(Mwf5 z_GinP(V4VB1kLDoXlC;~bLE*}8TsqdAMc6pZlg~HIiXs~roNr9=Se!R-K%>qyS z!((bVcnLQ9y=SR!hCXy0cJUIx%`nwxwBS*!sR=BhQ#A7`H1! zP^?)WdN+KuqsqxRaQf$V7UR-BpZ|+&RyxQYLMe@-LBte*-1kmv*q- zh;Tw*H99ZXiP5C*B|9PZ89%_>9fuNz2t+(nU&9TknIE+3pe0w zwX_o|HO`K<47EN*oBejJnjF>e%SK*12@dMqt8Ez0dx1KalI>W+GL$mHp-Y)6ldl_F z>vE{j(8AGz_CSVfJhv%s#ojo`2d9dbz?yc6Wgl_So zb-WxbWe?Q^9^M@LO<>8*Yng4U?QMVo^`9ZMNF0i6+sfi)3&`~-M4rR9qlQw{TAN4q zP1DAcPCe?e`)cjYk5_ZK9`kd01T`GoQ*SthdwD0>9Mu9c2|}N$zw2)E(%X?S`BPq% zhZ2PAvZu|s(zE0M8w07I_W_xz@kFYSGd%Hk;aOL97MYg#o#v}IF6{cWzh`nDpVWg1=Rb%tw@uz|8(Z>Y&i&$0>R1;s@ggbYYLWS=KWk7RAWm0I z5>NIHDQP*Nj>h@tiBX{)Ju6ula4EGm^7Z;Enta>EBKXR6 zLu4p&5zeu%gk5KoIWlhjD0J(X@0*Z00(@x*F-gPb>=+cfWFl#+io#-ci@+&}SLr_L zuyoi}oA@4lODeFL^nr-{R5niQa+&xh5SyMY+YjDl3UoD^kFWnL=bL%vuC;dCk~F0 zJSC-rCQLZ#ziUnD}and7L zvke6|(oQa}>-9;zZfBF`9Y(a*#CwZjLiK~yZB~Ob&$S2*5+N8 z%Vjzfcs)UFmavDi63B=-GTNXh3iAJv8A^$FQs{A42xe7MSjcfCTJS?eK$IuXWl28U z01tPNa8l<&Z~prsTs1t4QL2EARx0RX1Wgm(=jRJtyzRCJ`Ns25AkDHsk}C@-!}B&M zv8&$v{${GBjxuZ`KF%nm4hqg!&KV$Sn^vkNnHef#yr;#T7kf}wPYNG!!0>~?`GHYH`RvXU<@yz2HmzO6{hU9_?z@;t$=3a?-$gQY-WM7Yelx>` zZHg8g!L-V;NgCu`oa|8e?SzdDob1>Sd+x#90Z8#pBUT*u7a}i0yUS}` zE{3G$*ai&o809e%0P?u51J?9nV=Tl@b8mV8GUE}>8X@S_eQGaG(yf(;FKq!8ciGw|u`67xPPYzZ z*QMchh-Ba3+{rr6~NS0f`J_Dxuw{m79>-wMJ?q@B}hds=HUkS|h9;DR# z^%oAhE{D;6sM%0HrFzqMpmaa?fr9nl7Yr$VU}~Zl#^=5r|7y4QR>a0*0*o|pSOOg- zC81N5lnjU{s8Z|#XS$f!6KKxQW}~0&{AbRdN{++!*9`z(ZVo(MX_O+}POPk% z+_NjVmo_YEi;2CV=6H7de^ZK~aq0rpH6%YFqcrEie=90DWFoYBR_C}yl|()|%$eQ0 zx>ooh_%P75nJxq}Q{D51Efd;ENBRVyj;u`-E!b4bETtuZdeirKCMDUL4sw5$UsQ&b zOf$e7vjOZK(LIL2_NjzD#nSj?r=%M3)rH7Zq5iz{J0Z+DfH_joD5ASinoM(n{h7xTl2d6+ z#XAE4HCx`Fb$&a-A(im{vstiui=N~gVPWd zZ-a1^x7qeU*)3o&o+>1@#Xw5_9;WJtAU|<&KsnQ&fC%*E;5md}12u6+3INB@nTx6m z9pW4~`G@a>d}>Q!42KYSTkpbP?A}{1+%N5`t}&+>1@G6HG>A~8`n@tt+h+~cfOt4{))1?BvGHef(AVl57$9j zA88FL#(typ@Wp`35eD~3(S!_U1#XRDQ178agVCFWzli@lBsYLx(S8VL0H)stXvgo< z+aBvCvJ%*``Ki{Cy{X8(iV3ItEqU19`N8-`HJ z4Y!J5!~ir&r3FO{q4hOtm5^)OFT9cM@q*bpCi1v#O$IO_6oMxB={bP+F+Da9|HO#Y zUhiUDtDY{Cr3#c>H;OtCrVkSi&h(~s!xv1fEE0Qzd7-2DeJ$eK)>i<@(SA%Bw`ufq zztF)V*SF3|)Pm{9$Ay0EfQM~`s&Z^uk}sjZ%5Gfyd1!}x-y%Q0Xpfz_tyaAiL%5cb zsl#i-PhF`VdvTVG>~vd$jT_PXehs;SExZ~3U4+D8Wn}qjQxyKb3Yp{dbYQ3InDvB@ zY@EuosFgaoqnIcHpRP| z$)}Wg`Z##~$8VTTzq$0!qDJDRD8v0yHs7ev8BYF%49SjmO~gNV!JQcdrAXKx5(b%8 zoD4>cZ-Db@!1M6zGt>A1Q}6MA;tB^YvDiHV2Ny8&tV>52xfSTgA~~TFsYGrv6%CT?yl`wku(!aC1S)){hkss$Z!h&_UZ{92q0{ z_GgS>B2Fi)x5pV;M}R!baRkeG-xu8Q1@K_;XMu&Khv6lUMdTB~TLr!G@&Jj!3Q#!e z$CvSJ)hPM0{qFI8UQ3$JjN2PA8E zS}j=5?0+G+%FqbQ0=eZ%1JqP9eW~?UAt>bybJjTrab4** z*MYZ7gBmaAuBnS6t5(mzb+EA?3^IHPzGzla{$KSz#D2Un>%9j-2I4C|y!d|+64M{b zf{fy2II~0d^ub_Vhs++-*wm3GA!aiz!49 zn&;Quz&Fkt41SeOxYQv@yS+)5W3R)`x^ymXmo!0*NX1mgfI3+kQC7U!ddY;iXK$+t!_`|Oj6)@ ziMZAgm|2JhKlz-!D!lL}G^BXZ)r>i77k&l53V?Dxyy=fz2x!N^=5bR%yvv{s{&pHW z9B8rRaLT6((p7g5XqAa6M4B=`UL$|FoZKpyHl0Q!ci*~4?nWjAc*`SNY_0f?tsCWi z=m4TEa$PB~u%K97{gmsa3l9puS%a)C#dCZRs~}Qc{b0sPBFrj)Acpk>V82Saq>`U< zh?<3T7%+a%E!AhZY&oZ&hrGYu@Cpkl5;|=Zwn%_XMPT$LW5rK>h4-$5OKafX1i`%x z_Q{&HS$Cu7hIBrDKwDX*xX*NmqX-22Nxd6kR`SRTXaS$X+34T>9rIm~S9tara;NbY z?LBZGXxI)y?OVhB+6UWVz^3OrbmzR=;2phX<3h*3ecwx^h4?Ic+G!zkmY26D+^R3E z?wLD+kN~4k>PXtMp>&or1dts|V>?Z^>E0g^m7Y^zrF+0!zjcAShbWk<&3cBcXUbi( z`)88e=um{Ig8k8$bVFgUb6I!s2VMGq_zulHrpsQ%oOKg9dGcD1yG{1dTm!rMb$=?0 z+HOTZfVm`(PmktT7};gaSQ;2aCNJH4{d=T{(BF`0_w8BwuwQwfSESvum4QKx_sVUl z>KYnc(*njqO}yRg{yN{PBjMKagWBw`|E&Jr2#>YhTi`IuL#|y2bqnU1-hl^*%3Uw_X?7fc8krHKxT36~7(iH#S|zK3n-3*8Qk17a}f8nZ{Nd|k%2>zoTA&{r-> zxRDgrRm2;)U(0uxUX#%X4-c*EeIa?_+4E;dR=>Y|38L7}rk5{|@u4bePO}lLUJ3`5 zi2o$x&RbcQmPGwKVz82RxoUJjN**oOmWJZSHwaSO4cA~P3@!5oZnKB98yyErkUDIE z7!Lq_3F<6{2tpd>Vsp6}R@=6G2{FXm(~&{Pa`xav*q9e*&4?Mv=L&aOisaj@uMrwE zhsv$3i>CBk+&V-C))$>#`8|Iwx;E{?Xn1tZIzS~la(;Yhu4FyMkYtpJiLmfJ;QiaT z=NEch;?sx4O`65*hUVK2bE``9c!^*!XPqcZ> zhweUf?rNsn;@LG+iX&dqy~HCnGc)s4cn9A!6jy8#f3pf`>nFQr>2JQv1V=q=CApX; zU<~=H;|G2>=y!Qnm*wM8l;n^qt=uTOnVDWI(lYPTZKt+msq{iEtj+jULmNNM=@|e?ZC}gJrA$C%QojT*Z!h&A-yY2QB zte6N5+Ma>r5^`--?(nu*5{fm*78?bbe@(hKrDN?r*Pr33_LXKy-J9G*U>( z6ZAeH>;CQTZ5#pE{8lU$*XRR|oE?6bcV{*m#Ah-t@-Gwou(R#f0wMY}kJg?%aMJkX_b99NXUC#)vO~4X?u;Dxe-PI}|QBAC{0)A~&4thYey5KW^OW z$up~LuKTZisE-M{X^WPi;@5Z#^1V){tbOereMfV;B#!-x-#fkT@H|h5>Y6@<@h!)qPmHfTlQ9$=QE^&Q*AezTe z$%)BSO!neF%45{e-1>W-xzRjxvpIlHxWYSDH}7DhY4G9PHQRR_4jjiXFm;pXHx4^Z zsp#$Bb@X=d!f=<)$}(w?Tb)$&h}g``P+de_hayh^J8xR?uP+pfi(}pTQO-Z)iE9xy zgU|Mr)zsO~5(dlCimhqU;*qLMo|W8 z4j%+}V|k)`g_ty5Buq|DZubLgj{6erNu57k-Z_nlc_E>y-qiT2H!UqKdf0QK1Mh`cdPOJP+iH&$JLo#)4m8r3xKzB5DmDU2>gKBm8ia2^K zbFg_6&5`{=Lq;yrdrdKn(GKnMMff;5#~ZSbyU_{PS=1+rXGhKB%03)U4bL%hvx>PF z%;qe+Ak`;(@`2yOoar|AZqet|HK~|cuir+stY_FwXF!RG4(?!( z4{g{}-SW>$^ZtDbk_06{wm-AuEU$W3-y^{?3-EJqqHu4J%|9vO;r*5ZZ=l@#=pkMu zw*32rK#3lR$7h0yb#3x8cT*rA&A4ZfBBbiS`4vYufB47Ovfo>M6KSy{SUQ1sa%Q@} z*^XnxDv<@Jy)7aoT~Uf*BTf^?vPynEE;MpoV8Y(5VC9@t6`K{v8y=4EShgUFh+QB* z5@FQ4x)edwh$)C`Fr6()i>nRvK40rseT6tzFfE$fN+mC}yl6bynHJ6T{j|||Yiekb zBU`<@6)aZ6*GcgX*s!;_duUw$_})2tx5Uz|grt-+Wzi8f8L^T}6Io_2o2i~pCFJWd z?`&u->|$aXb|*Dn>~bpE%`9@U%Q}a+u&Tj>H=&biepPXF0z(D<~*Qjx_i*)qdaO{@Vr{@X=FIu2n2kqZRDoeDviJ zGIWeM_k~JcbYrgVaJJKxm&X)X%lVs6_IoT_39FSXB@&64H3=mZho2@NMUNf-A{ymN zWEjmUqpi`=(bBG}FIs#?v_BH5T43y`7ce!3vlCSeQ_O_{MXpEvB3o(423nXNEBk5; zBi7K%X`ec_A>eG4M|W&9r}w_N|7VHIt1ee}Mf)l;5&GLhFZoF#4%WxX4fDA6? zQi?=h1Etqi@l5x7t@kP&2XXI~$VFmqiZB01xwJs`PIQ?j$E?AunEa_abx^|;^01AT zeIWIQ;~QU7&X{HG(p%GS1S=Hkf!5xLQ3?tX|9$?Yu?;6hn(^cFRX-zaf<%p6xPK1Z zg(j|o(Gf18f-9120lUX?Uc02>hl1+7B5l?re;u1G_4dCy+(nd8x}*2Xr7*{~I%kHO z5w}}1b0vwKrpEduK3p)EYtgv3< zU*n4F6r;%4(&4Y?7M4rW;8>@mTycllJ&*eD*^@c$=uy*2N{Y2Ns|&LbVqyxKFJ51k z>F}s4s{YmAH@S>$yGV~)`SeTY*K|*qp`jRpH{jTsxK)gShRw>gB$> ziCe9$G>MK2Ef43$YLbgo08lbMZRZfSQpSEFZT4Uz=P7|hjDP4d@XYs9$R3bj*&NV$ zwwp`-6T`)DMo8 z!kD_`dZFK82mR*I$291(Qe5eBah;Q4b)LT)+*^NlDprEGXC&m&NfARP#GUUx2Yn}j zZr+ z1>qsW0%5wr$lzbg9Ts3S!tJ#AIK53XzX$6E63ULNlad^!z6HIl+m|Twe(f*@a(I-! zU`bkfYv53fNc`ofQ)-?`!XcE$d9oO{knkPexin-HBH?wCa)t9Pwq9mOWH^AprI@n- zJYr4n>N+a)Wq{pnyjGqbxHoxxwq)I?R?4)UqVr}whLccg5?}+!S~&?;0Ykt?GhVW@ z%M3Zlh(9m4aH8S`_(X|lPoCE_)bG!;hD(3wb>t)s?_J5f#G)EM(c#6LkZMg_9KP)E ze)$C{1@70WI!u0keTht-!-THb@FV&famS80wIg1S^-eD~xqYC;=2`RIz7-;Ym(#aL z6J7PflVlxmg}v?%X|aOe?YcIFBDeevGtK)XEt+E@#iqY~SM^}SCDWbbm! zUSYru;s`2l%|E2~ns~T-SFb}x#|y$Dj$>V@p4AEarW@b8ohmf~q?zZ9Ue7dZnE6&# zJ)`ch$uShoU7u8w4t*eG_#pp6zJU;NrGhw|{g{Ta>UITd!DkPtv%LmpwQHsBUUMp< zmDM^%XT8{8D;SC zh0Cq_cC#%ykMFs!5E-lM%?zzlCW;4Wuj%tH?J@rVZ2<^(MhZYD*0AOLSK4qD$rIXU zpNeO$)L^JtP}XHN=eKq|=_0dT@{B&WIqNU)1lWuhz6I9`tB8&3jqH{DE+8CtX7VT( z$2?qtgm;l1XF2p~$Z^a6KDo$Y6~XoOOrPa!<4{@>EjB95Y3cc(%TrI4d}_4xD0t(7 zOigJ$t2!>c|5Ts?M}xC}{ts7|@$9yDM&G0Kt+<6tR$rVxd$uaoBWF*337=%goSB9W zu2eS8)_oC4hz3rXo$j@`_iY7IFm6Gq?g{I>PDhUj8MoW5osCIOHpKBdnW5iuzOSYa zdso@ec%AWDt5jsK(qc4hb}zC$oo{JqigK=E8pY2L!9xEB|-@nH(M!O#gH*`L)%pRJ)_&NhijRyCn3*eTr zZ*}_kC0MDn@83?#pS&^HAW?4kv<94~zbHxUX7IzvlC0)j3D*ypyk6@}0LS$$ttBY1 zTPd~?=ljb@HM%vtVYKT?&YCdH>vI{VM_!jA`(1`>{O9&mSgi z(=xk%X84roIH%i4?)&!*{7zwyr~2`ML*qIiTzF*4Zurj{9pt60xG`}r1fqY+0QJR8 zKVg<-%M5S%m+oM|6#}klL6yh2Q+dNndM>)>{d@!6lsgQ#k08dRFT$&&Xs(DdSTE?( zx6R=eB@Nz|_A4T5%n?&>q>MB@n7uOJq~%-9Ttw|>dqzQEs>2HM=x|8pq#`IpBpk<% zPJ6699<6_MwI5To7&aR4NP5bBZLt@xDlu&-9m9vgroIqZ|Kf$tvvtq0ZC>;;RyZ^} z5v&$OKI@?vAzEaldA=g$(-hZMu5r7V6;QIpD7V3s5j<-tpUnVL-^BTm(s); zzMq$c_KxjC3EVfzkyjRu_~%Kc4I;o9orcU;^*Dy;3yGGgZ;`zJR%usXOLDuDjW2a= z4HVnspXPiPXZ_lVU!XgbklLWX>=JVx(Zu24q*VaUTAF9b`8bC@P9@W=8 zSQKhFMS&7Gt16+TonReeeluzk%a$%HKYYJY*`F<<&c7FEE#>-h(Z`jk`$W8y zWZ8uF?LxoQ2uQAD-PdbGPwp}~E7kN3&tkJyFs^-my84*kKF1NH5$#unq#E&-4 zsbZLpHze30X!tL(f}V!zlYejXs3jSND^KR-TP-XZjayC?m9x_fO}kn$ZS(OIL-tns zdtV+BI6XAyOA3;c2kU`3lMMAoV=w1yYxuLFaIX~lb0?t66&tr69sDWa<+_F$9RifO zFo0=0KfFNo-pVb68Xa}pQ~f;&)*oQHso;@MqsM7O!`-YL@~ZXn)-Fw?i`sowAotsG zv+3GE`OHv5v7ai|n-hO)I$+Lq;O8$NAD>IYHZu-ZT58XE+kHe`TYAnVDLT#K2>m_^ z47g-k;=LCDV!~FyJ)*|~wyy?q!@M8SUsAJ!IC$E=$JkjKip!h}>(ZbM^d&`*ev_Fm ztK+>>KQ4g_FY#(fB~C6b6@SI>ERvUrfpO9;u%bLW@!vA@SgS`8Pf94p~|vjCAW`6h(#8xClq4(Id_93ef#V1tvf{RcBFEp5Jgjc;pzNewv( zDK;4DV zD*HG7rxPX0s8ES)*&$@aX^711P30J66(QScsf1%^D=S;}ro}NzWo4I{U1s+0x;e+U ze!ti6kMHyPKF`y`eShw2ys!85zOGMh;?v4w3v2^*7=@cpS>~=e(c_|lmGg7)17o0aS0g+)$M68VLy;T7uvQcqhV`P8ImbNLL*T2-a_)5GAB zdK-x3;)9fgAH7|t27;TeW{QSwcMuZ%YCfH985%M3fE^GYc{E{S6iFlN`WFy`$0EKiLiz9Ye5*Zqc02jP#Xe02HD2`sFRhY;?MM^F21~JPs zD?Ntb|h{3WOPW!$dy?x9x;uQ)AU`&968K>m*1j;)M=@lK!rhjhcX|GfK?OO0 zzZVxq3H%K+btQtwKbGvqUZh4GBngJ7rl~M}8;Y;j)&dK`JA};c9cFh4t3IoQQG^wf z7yme%B5dqBXv~~7BgBJqEz_?B+X0^LkQI4x%F^OEd#q;2@Z7BE?E7lD9|EI}3}nY; zZJx(?{l>%|}UOKNQ1AKu#_`!Cq=DgW{ zg>YZbcF40)tQolSQ;Mhs7`|2iXYIxaN4&dCcxQGoe0c4u^A&x+s;lK02;?~R<6`s` z<~ja0mN^%gM(d9GO=Cr|i+^`yqA7p)vbP~@{=QIqcPzL^W#ji6M@VB`;fJnS;>Fmx zrRXxrJn70YJm?r{rXJOUNgBf?AnAHsfda;K@UZ|M^B*GHkI4qM;WvZ_z@MbS-hbAs zCSc;c-H(FE_aIMGV}cU!H6#^Ijgs@8j!Z;F=ATEw7)D1`0-@f>(-Rt-? z#3C%6tuaF)ucv{cwuk!h6~w@3%10V$eOChbP9#cVHmqL5l%ZunNcN}cywFL7R3Eog?fqki`$%xRk7q^KVo!HS%?R9KJoLK2g$B_FQ# z9X$6gyuiVKlh!vqNK%~%l9&`I2Wz{rU$+Y!1v0EL>Nrl;f*LA5~aNSQFo+LYh8XL#Y&Zn?7nrh33ivz`5 z5-a59N15l(tLb4Y=V=n|b>D|vk^3Sdu%0bf9SJqQQ^8!ijMEgDzGZ_aYri5OGIp3h z3$v>~J7n4{>p+E7t_mjR*F6Z(ldrO!qx{+&%kyyJ=5Ui(u5Xo zL_ga%n|@PY_d-HX4G;+LyZv@9x!C&Zk5Jj{@J)T;O|^ZM=|MVEa^U3AE%U@afPypf zO5+C%&0{^}1HULAYHageg%7;y_S&O5N$mQAyQWsqq7*ZGc1NwxDBLx?p?BD9U|peh zN13$I!s7UR95;53<5|stv$N)Ci>S31s7Sa%GtZRzafS~KzTyg_zRVe3(LVQw^Gv7*KIoQLOyyvsN#P0S3;(}*o_RTUU! zPex7!)51-jjWgbIvj4fjO)l?IaqOu^6>{PtB$Y-`Jx5bUUYh~|7{>sL_}?SVy4=^0 zSr`Omh!si#>KwAll=CN#uq_E>Z3w`4AL-IX1yg3nwWfp1i)zr+uaF$1?BsJ*;-2LT zc>?%kS(wn-Mz4{6Es|0-l8U=2W7Wya<#(51VDmGH_uIz;rFo{=N>3-wI=stKI#_Wm zCD5mk6k@CbmZt%_u@*J zz7vSxD485%2adtZ@D$_G`RZFXYvRrfIt$5HC_e7M`j$fRPm?kHzN3~3g_1JMU*-G~ z%Od=MB9+|5hI4&Fj-fn_iX4{`f5O)I4h7g>>HWX+8)n#NN&Am>Uwg{^D{_==xn{vx z;Q-uD(Z^1BKA#UH&SPN$;*3+)GA_ly3S{(WaIlq!oQdT=C&JIiSMaSVk`hH`qliQU z?E2i$qeKsg&K}@E^oD%6F(wYfr1@a&1H2fcPTR@<%}q?B#=04EP?4$6oAnnPE&~m} zG2(q@{#vZ?@Ha~Rf!}WC@88P4HU0#boqZ-pUS*7~*F2)>w0^oIMio|{>U~Uri~9h? z@dWTu`GMN#FJ2Hfem_eBekR7I9qvLBYgB!){cqU|YS2*q0grY*hb2UwITWFNb~`uN zZUnX(!AX4V;ZC9pzauZ+^B;F`3R-(NGxsqH zZE-J)sbyRHyKTYPyA&i$`hWuax}I&{PWT_{H8mMICOxx7muKRlZ<8Kgcn@ld7aCrU zn~aXbDP|tF9y98;9@Sd59$B-qV8+8oixr!P`tr(dCqLt_Y~#^1VrE+%yiLR8TNn1=usJv|1nVO601} zSlCy?rwlsvvF63OyZ_=Gla@5)!)Lxr<$07!=Jh~5f9)exy<=l3slCB`5k}RH3Np)Ffr5)bNThP4) z6t9xHtA#}~qAi(HiUR1-9{alErOVF)MhsNlGL%O)sy+!%+=SHC>gi__mRA^hIx}3z zT-?yYPMH}0=V@WL!+O_r{6zQ>kh3mZ-s+>2!Yxvj-OWqliW*x9Mtis zNK@a6Bfce*B<8m?V4)Nn*_MbMg#g&F8WN(7JZC}}Q zWd`hj2!vU+iRUe5f<}a@Yq^%pW}AV0xM}e1ka^X6iDeb=Z!qMn5*&(Btv$ctH91A%ibe z{LB?TUs&djLEhTCP-&P6^@u&2e0YS8j*<$0@67}1AQoAo)%`10`S^H(QnJfsDs5Y? zioHk+=|a^b@!|+Sgt?d59CMeLx3F|y_bA@B&gryu^rBs)N10WuxlUI%j+H(GZE=DY z&u4!!q`NV@xT)tkaX9fOFRp#&A|xkFevP?ce1iQ8q0GtLHD!qm$8d>(64{7`_z4hc z;v!y9lO6oUE@9pvW~gA2r|G3DA1<34#0E0$Y)dv=eZ)UkdQg8W0Z`yfxLucwJqil4 zi-tlYerOB=OP0nX*b)Pl_JR%q+jJhdAbaTES84RULPf$t0k-ZqqlW}P$f8jIZXFu? z>NH?*3%!^-c;$mfSLFWBK5(i?Oi zcXYqH+!jh4!g<1%+pQx|x^c3<-qxj3pVf5poNv=b6Sa{5bO@3n&K5TYb*ue?LI{ZK zc;rS{x$Ft^=+>#Em#>X3g_+b*?kGhD1i-f31~wvZIG9ld@CBL#K<#3}%qF3qV%yzP zaeJgpa=Aou{`C-va7Q=nP4bGrO+3l1NB$-c<%|C23y&c$E)3LXQ~6x42q7#3Zr>|_ z3sz)F3^)^D7fKG$JU^i-ST%|CSo14{F}hpET-_;)Aq}Ay9^3WzUuHFoeU z1;Ra_o%d|(`2UK#%n1ml^{0>cN`Q=7SBv|`5TQw?-Am}zGXcv}_BGU89En@yfZvZO z?G?^}w&xTKEle?7s@(or1&Ig`@!RF2Vu*FwY9OC!h1N!P_7gAatxAg|V7ljAz~tm= zm9ci7&cf`0bx{8Gah$|0`;lX^!L2Vw`}=MG{_P^Lh7NTOtK7VIHfW+3=j4bfj$FY66Db@nPDJ${#{ZOL&OVwd+(_F}F|%8h_>*F^+@lA;AfSp^_=-EIF{9VYe}W z4GV4IVGSPiyBHK^1M6MqmAeXjCC0xL4Gd%6w5&=lC- zA`SWQ6T{Fipo}!gtrJ#NJ9O%5-sRb*3)V&;`lwaqqV`M zFwS2FA&sJd0ON~d>C-m#y_0eBWx4&N3qKp7VA=|lK5dX63_Kq`KS6*GYr05_?i{c> zKkyD>`%ngC2$oTShSTT_ZuztCu<$AuQijzyg^^>XFEVTT#kUzzWEWX(-KsN^Nb{R{aQ}<>L{jFL@-OAOVc9f+ zlI<}Oj~jcnXQ|3NSHShO9!;{p6LNd1m{XGcEK>jK{Wh(4R zgm;$EUXRa$t1Qy*&FTTELL>$2-D^RWhP?7@d z;ec(Zc@8i_TDNm-ijBVV*Hx_jNR|`Mxvr8_?0`J_$y>iidNHGu`?>9YHGG>@iMPvr znWT73oaWoJUqJ>&BMvS=hmKVl(4F0iWcomE6zbVMB{DI{BV$h@JV`#NAS!WeP_3O( z3;jV%S!4yp2pws%D=rZ2fxHQ2kE9`I%m4*O24ZQICGcCLrP(+}jlBv^W`#X^Zmu3W zA?iDD_rF~ol!)Aigmz2Q7V`SZ`Ky;^Q1vR#_#Eqw`d+1Qx!YV3tUl;7*osh0se5$X zh`FP+^z7HJE|tDK579b%@m+w%ip&4}GukrAhnvC&eOY#iCOP45(Rdt2wE8Gpx8WxG zJdB$tKQ_M}Om>k!L7iCySOlr){{lU_@^%TZ&L zhW0GR8X?1iwC`h5P?6DY+8wP*`n1@eoNTZOKK1V~{T~)85j+MMlr7gpzl1e%$_2D$ zRb&@Ak-}`WuhXF;t%|J?(aE^Ly+G1+PLY$LWqz%0*262oN^FLV**pCb1D4On@iz1L zJYC+J4*k`+n;lkpQ`e&QgbI2A&VA}cVe;l1o|H$uQ6W*lu@VPc@k>u7y8`gm?Z zp25wV6NVdCK2Eda(mL;HKm|^CCU~&-TFi~Wl8(St1u3ug6E~CJragk>duU3R91}T% znqom7xJIYbVd+K{dIS+Kbkk8_;-<>9R#GWLB^R2VK13AM8O$jY4ivc!yQ!W3?zyL$ zwYHt=!m*TTb8hBM1IZd%n%!mRN*Q)Vliv*qPI@yI{KU|SX0Y7cBh`*OBiwCaFvX^5yPMbdrn-nZF|9(+XFZp*NF(dWN5I6E$)-HJzwSwwy_FeZ zt#qmA`f0nJVw?4lLjMmf2!Xc;pnDVnha_CEX(W1**EoAT&a!IN+9~$gdcJ~2r4#=# zzi8^*d~_kXSzH^38s(?PQ%6k<47nWJZV&x1Y1GwyRQ_HkzFfHM^2Uo6PfSlhpWM# za|ie=2qtX&VQ>L2%0XXztMq@__OTJOXPqXyXZfHuOpTEWt36q}l)eApnKZNT<1@0? zmow6jx!%%GV;9#_Iv9KS8#mcS_A3#gJW@jzjfESx=G2^+Tq}4yiuDskQogW+bhz!( zy`&4|NXJsGAY7Fhh2~rZg7h!rw>k*Yy-zwY$9;a_GfT)>;@UeM8mLzSqQPO;|L3rJ zdU{r2+#*zv_|OP36adYV&J%bKBhW`90^O$hpghMeJ17Xgg&GmF=xZ7)N{krLpw<8^ z65WggJvuo=J{}*4Hwct2$ukPiNee#Q<{1i(VFTR&Gs;iRVSeQ!&*|IJ4mEIv=7i+c zs+`caGcqhJ(n)WBNM+YmFM9^JoIsB8I+TZ0fH!on@c!*5r}u$edqSJJMTI$}mzc`h z>Ao356ViVZKYKd|;NL;G_t-?p!gss6arqg^t@-KXsSGb5T>A^)O`a9_nMcf@`Ss7b6NLyo%{bLifH~u$zrJs6a;T zGi5r=f=g@ss_{<&@gB{52A3AV=Td#bK@0jv|3$M99*CI}ywB_{o|#Nf6%7Mr;rhbE zO`kY_g~aRN8T$1{t)!4#5a$)NUzvf=e>^_psl1*Y+bI@;5qwsIdF08C`EQhw!kL;n zb2SuNd#ha<+Z*mZb-27J_I?BV>@oTt+3AO;&R*soxa^=P+otYpW%p<@D$Gvj%G5%G z=J@m3w=4K6uH(8)Za;uU#?#-s@i)>zmy=&zC=iZtwnlx!b%}xKbB1w6OWgD|_Q@;O(H_uEB2oKSaHz8SrT`!d`YBDI1or zmgm?9C7sk-0!KVISfk@CWj>TNAL+WQ>3?HQvi`{XlCGuArU+M+7Qtunt23f9bHiPp z$+5p}WBHG)b(QS*D(a^UWkp}4xG8iqVv*24!ju|Sm}8o;+^$d)?`HwkY?)brwasFmq3eh zhnNLR$_-iYS!8;eNW61~c-IT@Ze>oSUW4f_XDtn^)xR|Jn`2DzvO;NM>T~AaUeQhz(%YBRM{V9eTt#e;n z_lUkt37S?LygS=`Q+hUy+$`H)`0)+t=;`MSo6vw9lBN2;^D^|~q=>QO3(%>YT~CEf zNmvgdBHB_QAEqX7%g>-fzxf(H!hM6jAz_|n1Q{==l2skvLCo*fm_1WlI4Wm^SV8{+ z`{rw@4E$qq0)$Q^1l*jC90=tPX8bDB$<2-79lZJJdppf5&0S5&ahI0m*Fg}gwBeW~ zFU=nlC*ND0en*93rhT*MJ9=a{Yew|}{X25%$s0$sh$Q{?T3Rc@PTiZ+kTq>MbM4eC{C7LNZ>-6#E2DtGXD&F{`ji5KTKMh2@qWyRIj7n@t8 z6?;nh*9vnEna$;_+aA5JA)2)5j1m=`ZJU|+egtQ6z-s15=)l+n&VQ07RF@+ErvV04q>_4ED$1)FlB%mx*!rSp#HZDl#6;yp%VLl1W{_Q}HQcnH zv&0UH88e(w+kDQ@HzOiCf?*Pw$thkQ-8}j(GbfF6F7C6b4{l<>TjW6C4f&&RF&0$tmFTO zVv+xcMM(rmm$G@kT&BY+FYX~EZ}xi#<*3Io@)$jje8A#fKFw*Vx(=4PPC*_>=fEyg zDV3x5q|V&cLbu$FT?%BuA-n$T)#T2@WIydM)`7mEo z8(?VtOHhA9AJ|9$6;d&Pw-Zo<#>2Lcs%UJ(w)-nkBTA%i9ZEy19HPOIn#`2GBCqbj zpaMzSV@Pg3TPT|Wa8*A<13SCqinT&uIk-||1>efN5<_4jc0d}xv9NnkSGkdm2QD)Ir`6lI;M@+s1{vU4ts%z-{HIC*y@ea4v--^v{)das=zfg4K; z8qSGl>aY~Ln~QcccsgWReib$=o4Y}%@i`Iq8muMPA0+aY+gRPMsbRT}z2V566cN^AxEm24QdP4^Pm^OT zfTp5%d~Nb4PtjzpLDKubVGy>4eEk%1_Un?^sEbOy!tc8ig?)O5iG8Rk!S7vTcP>x3 zKf4PnTpO<+k$+yUbxK6nsc8s85CeIpzAl&c#Lf2;a$Fh^w}TWBhU0%m_Dvno(sDL9 z@_pQX=)Sbh$T3VQT>MD*BUh1)%XEg+DfiLOkaFLy_v{5G>1LQeg2tF>t^u>if>GzY z!axaGSUK2Lxu1xMqYvMjy7LH{cL;}GG@*L?6~@BNK=@6QvoR@?9qq0}HVc(3`F5=i zMKiX`O;#NrvY=cOb-`DdLNiBTh#G`eI^h#U-T<*h^j@ryd{s}J>>IveHjsQUwuc@g zpc`Z8c~A2ydpgr1-?!W_Mfy(F4Blb8;^h%cyfE_Q#wZ>)@A;A2*wEogtNTQz@YxX} z-i;zJSpk?^bcs3N0C4Z46m3o&eMR>@Si ze$FuqDz|-5prp#;T#f6KHAb@vC*l(Ah!~4)m+qzra5r%AsqIkj*SgaW$^2ELRB~#s zSe~&@icHWI>odnCCK#6S*t(n6e6|1eo&5aG5=73PEpFy+ejkedWkz7M8s1g5-f0b7-)atB%g8h}nq5RTIkN@=Eex1!16uI3)y zjtC>p!oFkWlS1Rf)|~S}sCC)_xrsE}r0W0DL!KY2his(}V;}sVeZq)K0AwpCBkh}n zW3tDxK(Vat$ee%C37;9%6oa~bCg$8jdOEuC1LvH`tPma|U$mL-%edq!j)o&yf zMrO;_Kf=0<)=9&Q65B7Or*+knSrdddA#9EOWy;FP7S6|dHL))O_+&%b8rk*??)2o4 zA~rV+nR;M^pXe-w}U2BBBMwPGYzTJROeM6QbtY{o|h)xB(uSL z3c~;=cWrs3+ocNN1+b%cXuw@dOQE894)fpEa7qO*fLWIm$Ff>Rd3xz1u%Hc+GX}-Zj4uv$tf zJPNzgocl${wml!W zZ9R+OiUZsZcgCSF?3yc)8m*KQT1bQ$7 zIVb3&Q_;g>g6l&Ta6mP}VA1^fhj%0e$di)roy3j)1oimf$4JjBn*orH-r@2yw|$J1 z_bRccc2yj{xwGNz@j^eu#ijvJhit$aPLJwKacl2k{)SCcEo`?D7O##tkj*Hv-A=E`hR2>N zn{CZ12Ri||@Z4okvKK>Zy^bHW&yQO*htM5Y9A$eAV7Ai)6nl|fW4I_hFL zR;bZw6-yb{HEl<}y&JV=1nGrH(&9Y^ZKAEOAor-_{vhGT`#{>i;f4!Zx?V-khyy0S zX}(z-Mi||;s*?DFxD&{UJQ9x5V#T)bRpEWZ4e_rh;7S!zVc8l0GIqpe_s$^1>7@KAeGn^#sG>WQ?<>VIb$(=bU#%;g^>)lWbQjbz zzCiK5fjVa@xkJg-OrL>IFmNkqz+a@0*7DrACI}>co&?QYopv(k-*M$}7`iGk5xS!> z5Px9rm_ld18{j>Y>ygerO-z(A8*fG8_my!3bjy=)-tzToDnXPJKY z@#8J|&IOHj$Q57v_j3~VvF$-+$2Nx*$oO7{-%;_Htx;4@T@fCu9C@r&$^@^!pXFO9 zWZ^|3=fxgXW71s)^XRT41$7k~e6kywyo9cSA~zqOa>3W&|W~fvo0LBHL8g-HHJir5cA1D0fe-mDX+Iv?qIVJ@NC1~PTi>V#5SDR6`%V1CfA3qChCZ3r zF>8P~A07V}L>K}P4S(NJ zN=$)*BfmGoXCE^){Vuqk8Fc=xkpMq!AX4BRpq~Vg%F5BpticYVY1?i6D|>cQN)(Av zc?@V8FYLqQaUe&fLej&7i93~5Uu68?xKQ9mw3-$Is~y~|aBv#0=2z5{gk+Pt`7{83o=xBrxhHS;{J zUO!9zdBAdURSz|gYVhhI$XjCiRt-Bc88{p)-M%|_oI?#~Ya^GcW?T)cZh0Pdh-t`U zT>v0L$KrSh{zJrUp__FIZuaB-Fxw(qNT{%XN`Ur3$W!1xix1iZ!3-njl%z{PIXI+z5DeR>k1#1okIs6e{vSA#L707_9L@ zG<;-w%1}*xpnEX(4+c-(!gioagKKfpNUsYM4mlTFBLi8eaSb8(G547h0(~xlq6r3k z0K5c2RH#Oh&~uLh01B3$0?{clrp!D94ygf^jU81on0fJ4&oEmO6K6l1CM=G)5tfXk zN8eDPk0qpuw~`{oFLdq5Y&J~ikzE=*__v#(p<<%^r0QVZr>$xWwyFItO&mJg{#}Xy7|!$4hY-Di z1LBUYk5Amz?^}bbR|{1gz4W=3DlH)$Y;eohtJ{HU{QUA%-rIbmW=1(;u(^74*Any= znCGY^F$NZLTM_WHBp6WE+#s>c+w!5$hVZHSCX}4EzsCO(*F`w*WAforu-#!$Zepm< z1@r|yg3AgLl7l3U%_@B57oHvqf4#Z&*vNsGke}WwY~30(Y=0Z$YV`Uj(phz-0_eU2n49Gepba!Cid489Vr{Sopr#gndb~7rmDElb*BV2C3xlgDPnG9{ zX{aYqUV;A8Umrn942N!6+OxRsRh#uxW)ATu_RqG@fdq<3%mpF@eYtNExa9~MXj7X* zoB9FmXZYd+!@VEIsFn5zFR92F1=OFZH^P-S$TvDPS6`#|-I)Nwwu5xQ#-C{k!HVsN zAPQHCUb{pv{jG#@l@SYMtRcYAIuhoyA2?T-xZk1}*H{QHL-!rj1pG^~rU%Xd;8Obxyf7V7@j7 z2v4YR8vgD{(e);JES_W@=GW3uk@c5nkuf3U!snc!3&Ve&T^mVPh7h|YnS8M$ndC>X zG+)TeVgak)XL`0cyQ>G_r?uO=T*#jV}$rnJLC(SN*1<%!e$jJ7W~)(GJEfe_^=X;wg`w3ZiYyB zQX}JO?9lnyBmWpGGK!DK9NCoxn*iKz=w4QG))NMXXO3EeWlqbnMMdBQ*XG@g>$`Va zZMSJ}9XKv>7Ucs2ZkteEh6B_c8PJ-5bL>G zHvARB;(DTq32<-imn~GWXO4ej4te|beD^W+GpHvg6X3-omC7!=DF%BiyBGG%g@eSB z61wq+AZ~IG4-VTm2Vd+FY}y`-f?$hu8BzRnnn(a-rM_jk6k2hAMl5Gu;JJXttQo$X z=P3`{5q~9O*x5GNN)ky4awwyOEY$DdTdi%=_H6%iW75T5RYL{-c{;*{TdY6D=%7;}hf(1<#+gKLe z2q>he$-n&XbEsiL%FEZEw6<@N@lizz@CY~-Z)=G>qg2uqx^8j^A#45k>;YAfwtWy4 z{_TITkuM!kkh2TZNiNH{YoBfyEML?g(6@5PB7~1fD?{a#OWb2f0S_?)Ji=utr(xB12*k_Y* z!S26$EmZnQkLzc*4QLQ=1KT>e0t1AY1`65hm;>O%tQ3p?2=DYbsK%?ibU66JY||G| zZxqt5j~oR>>*oF{UOa`_VMuhrwjNqlql+21JLVl+EO3&o8Za|>!Uo_pIrcNVAt zZhizuZ(H&+lvv(weK{J6JI>C)T*yavRBM9f@hEg0YIpd+|Fu9Lm;0Dtn`i(TIpB-E z+wp%Qk$qRWX5L4`ox)2KT6m}7!TJZQN~96gi=^#I{_lNGB}sNpIM|HN%4>0;SbR?# z;+JsQGiFHxR;3H`{@wtkQurq-eQoIQ?P=3M5zJ}(;i+R0>1{;`ak*}nDLCG0&MpuI zF>QSo2z>cqJ2T;}_>vCD{l|xTOjYY)vCB+Wi9B7$CSBkHhNx;nC+H_|<2p;SFFx(# z#MQTN!6xIHtN^}dYe{5z#7jZ0xqnRN2(l-qAEZOoaOupmhdZP9*ZFfzkr|sepscjk zt-X){WER9Tz;+hEWc05mLyH%NVM?PNWhF%CY#b|RGM=-0w{CXzSvPO9BEa%H?pn%b zgJ<6j_g9WksJMdNG9Wot3vym6t`O`;%<$fMB7jAXlo_3X2B-}~2KihBmtw{u!!E^@ zT6`3nSz!c*So<&?9p@EoWdQ%kV~JJx4VA>st_K?&g~3g8oerQW$|V=WTJk;#jo$J8 zfLX4L+tf3#z!EFaC}b-B&NXg;g*$nD+sO%E1q<}BV~R)EZ+!@LjZa%w`^YX0?I2d> zD%2_*1KT>Ri*eV7VMWls=bTAIJjo5h14NtsscSH`+jj#rl)D*M@nia z#J1}+3ic*`0KiS-Ji5gRF#mwElymK%#+Dk7_?P$U%)junF5}=FK~XOVXT^L85m-Y@ zO#%GH%6k`R$pR^7cwFs#*Z#QpKXXM!QugifYgqPDDEKwQL%&H)WAS4w*jru#65 ziI{-LIr=f&Sm?5MN5fBD1R{67j);kLsw#a+rL7$H)(sW;yT6Y}cDPfNxRfh6;iUmD zEcWfuf*G}A`$`kC=i2C>OcXR7_~G&wY=0iI-}o4`rbyiSb?bHbM1gy#X-?!(vm=Pqqm zPY_4MSV28$q{}B~A6T=6NT4?gR-bn@{jQQ1xxPB|BJb%o%>V5w|3Se=9%DRITk&PY z-@c<-z_eVJNY+3whB4ej-H15lpv@-Pr|SCVM0yEWU$hM>4nU z=(+K?8$ibBngLA=DM{xD$NWprGZtULLRD~%XvQYwDUf&p6ZR26^U>fjV21ypy2v25 z!;AqpiEyF5A^DE6fjj@-2p8Q=4u94j@Sq$p>dw3F9z)$e_?Zu<4>W%LhZA#Q8m+mj1IEKAZ`{EfLB?5HpP@F{dax%5V7=WD z5cv-$zD8OGi!B%&W=@?ro#Bau5sj#RO*s%ijy@2kW9UJn;O<|C$`GRUZY+}mdaolDA(DvBfP*c;xa12~f z(PypVw0IDTPuF;IjB_E}I^~;m&cS5y!^reXb;I7_(Xtbhg)Og$-NY`V8i3^~uq)(a zuPZZrC~844hu^{GMg$bJ%>W>al_@h64s3tTot39kY{;AUiq3p;X@n|!9P1-h zTs*{h=FRcXt0IiTW?YR5e_Lw8eeiKcoghL#J~yIfS2v`(y~9y*kgrXw)e7B^`Zora zqV>XK6~B}${q2f`dC#xea2`)eqnR??6rdN<;clr;R3{Xa*Q}sNcz{ZB8XwsbQ{hTb zM}bUK0>hxk{c9LTq|kbFg2cEV$ZFm*_X$>m&Olh(C>&^8k`S1d57nKlzL%*wm$)>L zFcz>f+u__|@(AbM3WrBcIjf(78SY&s@Sr|2U_=Z0N?UZ*emMKd-G84v8bthHWQ>G! zz*!+3nP^iZ{)dg@>>{b?l@A>n3b{tOf@~E}(IjzfviH;KkIq zPJOWn9IJO`X2e9iv3aB@3{xxgCmCbzE}Dw<7AdX z_TUisg@hcbusFEU2QZ0Ph+5qZpM+UQ9URZbrMq3M%30^^>G~x>I3woIJiC?>f`Ypo zWpC(}Yv@#ng!;24ItOlJ zC(U!M!z?>$#~Q6R-E7Q!{)NTS@F*OU?sG@C^l^2tUCaMpQH6chlf|)A^PAHr0)Rm; znbtp3&MZhu&W9*42b*AHi98h@(s%58343#3PKeG_CJ}2gI~G`+Wk1$v-NIQY2i(E^!M%P zTeiN34lBwut%`RoO)i_i5e();bMOUF3^Cu(@uj`Qmou42JO{<2owwS5>r1#UqpCNUrjRg*)xf<|y+>HNxyn|{UJ*VBhveSLHgfUY*d zUMZQ{(Eov{bljVlKmSVKqr+o|4&yzPo$zb__8lM?p6v*O4tz}&>S$>t7{@*tpLj06 z;ydRQ_Ja!FCGg6Q9fNT?)BO)5JNHo$$Cg;hK${5Z}GMD4qv{>_rdx!N63IVBA94pg9}ejh&Cf$EYT1p?Ei6{|$cOvZ zXA@=AtcEq>IM;VCHI|={M+U8aU(%%TtmXnve{H%nXlgD8F;1k+~{FP&e zvb@q}2IrUJI<7kzuIG;>cCD-(w>DY2k+JfATu988_sew0$LA|mEA9(XE=Fhfws9GF zPTeXkW9sdDR@>Vql;=r zvcgPCn_(u#N$Tub7w`VpPNqv|Ue;+1K6koXYtv@-vuea?$w+SM_42XrVF_JauY5mv zXjhX*88%6mxT!MN3mFLqJU6pbV9p=yDJ8baw(`pZUmyF2O&!q@c-_nKE3tRAU9qd; zO-6*M=Tjp_cjmfQo{`sscTEG2tB0BSV=wJMRJzhIR7HCF_8*NQad-NcB8$di7IdEPA)Vi zS9O@G?82*72Wr^P(~WVDo36MUr)kmSKbt1Dow<2fTU@Jp#xA3Jsc3GI;yqVzmsVjx zgM66NtlC0G?qykhBV%X-<@1Uj-D%DtA7hg9v$zhaFe3okqMXdV+sH_Y;&>?xn=`3C zRF;|%vi4KnI)>OtezsLkg>!O#Mhl@JM80n<)o`ZH33k>a)Gh2r6qdc6N!W1D1WB_~ zCBlpvx43Gbr+vSot++_^eEdM z!?`~_eE5LtxY>aC9yzDyEezxH4=ydN+Wt^uT+`Zhg^{G~x7wkN`8fl_lUhr?M@~BR zH;NmLFLz3biwd5VI;11I)cdEhZ=cKeR!`ZpIH?EYlqKUchOPOXNpbOR3xy`4X_`*P z3y$rwGCC_9uT0}|qDSmybL?=sjW;pcp803RdQce(4$lA*G>eJAST%(WndXk2Blf2R zUA2N%=Tk=sQJf47$>l$V)90A?liJYXo1hN7%MIv(7x?(&>{9r`G0i5n+3O!YmhInh zUHemV%AEKga$$$oYoRkp1%)rY!Vf83-Tr^dmdEAqjU;W3}ZLO<=2)zN#w zW8o0$da5e6&=xMW&`er$uU6ruNG}_3ezrqrZ-WfbsSEjqDKBMYv?WOARIS6CX9_&rhM2P1oxdJznblkK|_t=rjly7B_nReClJi zDv7z3Q&RN1I@2yxydiyfDaznUh=umUQ@Mjx<>vSHKSfhf{Jdh3ksWiCk!{_5A^4rv zskxuel8W>zv~_srp6=UcH&sN9?=d*H@^|^`6HD5)S9m+J8QVc*bBo>Vul>}Fvfj=+ z%tj;u$3fE}`_>b)yg;EeGv3ezY63M!%<`yB z=WFkKhjk@~XSpc&^WO+q#_V_S54C25xZo$+oJJnGnfI3l=NohrES4rGPHL~)+nn%C zN=s~5SkP9vUr~CFu~C^i-@WFjC?Dw^w4>I|D5F+!&Es*+4aH9W!q&E>1qXE~UDZN_ z0Sf!NLqUAr0*|}%w;E!XA^E%?BXh`c@yNo;_KJ()Agmdd$tTUNXvz>CXv#rZ{Hao){?LU6AmW z&bph;iwmwaiuad~QPc4o!fz`|=s6gkO_E7*iJd=dsR zZOa;eruEzf^7iVAo?_9lI}yy*cY!tT?)PyB?}x|#u? z(2n**EKP2vPbKUp8^wRxJ&;_GE+??=+lGpS>k%B&U8%!c1;E<_`Btx-5+ZnZt}ogU zNrlFFFGTj3*DpT#ZIKzF#53eSpz&nj=di$QbLv$J_S%b${ulNtns~(MPfmFs#&;YL zxP3WvoxcAeukxpFCffKI^GkQKN??7O_b(|)Y?Hu6OM($>r$I6XK(g2JwUr55VMwH* z5O+OHotx?d#Y1sSIDg_EPW+>rscTdFfMn?F7d7GpDp#;gAXsf&wqW$ohb?g|JTpj9 z`_LAUBk0sw95WV&*ZOWacv$2e9TcUl^~idK$*4^fK?R*WB`u+z&G5CKukuyeT{vOHn6>h`leM(#eO$*t!j(BRSgju$HB8M&3b%N$>M$T919E+k2E zmYt`;-6UGU(J?>Mps>M$*HVJ)n_&&Wc#!v&`hhAQn5llG{u({TiTFe6*l-m6(BLDg z$#u+YNy1@&8-dp@x1exVQN=Or!9=~$X%)louFjc?!X72Xk{v$7Cu00*y1P4b?ZpDa zP{?=+nHHI6J=}9&oXAD2qLI@0n`we4v*T+%m5rvEml+Kdt#JFq{am8(J-5Qgp4ss! z@YZl`_pEy@2@Tmr51Ur-(XaW-|n8P}`nb~#@%&SN%bBDw6f%v(7<8I&Q{tq%MY`&qF| zUg_4M(H)_-y;o_F)t3)!&omNcHOTv86G&F-C~c&&rrT0JRiO{2pAfFV-J)kQhu-n{ak8u01XCLf6_f z)Vsaf-oIXmf@siL=&xQK3TxlL3}nL1P2-&Q@ka!~v?Hf;BHHl0%MTCAkv_a4G3M(- zb4G|uN%fPHZfs>`t_Ix1%5o?HPEJ#&k2`yIW_>Y}?-lv2i%~loyDdPvi0nO#uf%X{ z!_$jT(cr9e>E|t2;69#)zI;`83MdPffm=D=qr{{2u*r{4hb15RS}=2HIm6}GM)-L( zV)V?o(gnj)+4henpMP$rwjA$E{1UofXlASiIW|G=FU5lh zf;K)=gI2hI5I=jBW-sUa2F42x%Ee3Cq}8Mo6ddit`<;(;xnR+umd{?DTyl{twyc_C z|I@T&yP4eQ^nciT?|7>J_kaAAC{$9CBw0n7A$vyID;$!YgUTv1gieDNj_sHYlr6Gn zsT_OnaVjgj%lA{3jAu{C>coBZ z?i!Ycsb0e`=p@x=Jt43Vx#hcUSn%v|Ih^4w^@d|-11cR{@~*34v z*vcCa?IR8`1MN&Aj61E6u=UEs1)uiZKXy9IC4IKDDh>KyaW+|Mx79=rcH6i>OBvuI ztITcgKX4IpM4c$j*2au?Qg^I9`^H1lj)-w_v~yd1Ou3eP{cZ4DW|iLy>W?G3ewR_qDzJcuXj1<9K@6c&Cfmxt_H&?_{QHZThiN^BaAOsB$as!quow z7l&5Y!AQG7_u$7xrJj=gZC(f0OTC-dqde8-+DoRF4NlX!$gFGVhD!9jEx$9G%kLtK@aa`gKElj`O&N>I(o%*xRUo0OveecsRlRC4 zZ#H0*vDWk8jBW39@}g0G_Z`jL<21kfeygP3NYft+)@$@k3fwTEFKqKn_c-C=6tR(F z(&^>QFjurvH8z#$BQR53C17fZ@*%`aWlEsr`%SAJmf9J%RiuwF9SXaxi>cC^E3;4a zaZPcHiIY+b5H98^Zxi~BU#iPrO#qT*&k!!UU&nyYrtOoOBx`o+Bsb*-NH~>} zm^xZ`^cNo0o$FUg+UYoL-JpJ0iVG^u6zp;#p;$L;LPmZl)5f*(=((N6x}=DPOzB({ z8#OxuAO?Wp^90)$lvnB+;WZ31jO0-TPY7B?R(*FtvCPSHqJ66s9}*|@smn;JR|A24 zc<>fW|NW>2Qz#D`&EQa=uT|k#{z7n5&xxN(MY9Cn-#R#KV$7DynRBnOnMtr(i>OBzjmfn-sSvlJ^ixMhy8o!hG*-SlBCVv)-SF3 z?GN|#PpQ9cYVBMv-4LX7V`4nx>@!1g)ZD`Ux$K&;eQG$UaaV5 zI};j2*y+!CY8@#3pyq=T@#39GeHcF^w$pjCAwQ90lWpV} zS*d1KGk1Dc_2r7-X~j6spI@cFshHNMy#1JhN=@T8M z-;6UUHHnISSVQ9b`kU~frVHN$QTML+32z#kw7+&LxT(d|%_DT_scvFJFQ>5Y1+k)% zIXk6>z6&rk*Lwa|dSogmdgDj_ZOaRd)0TnKqJ4kXMs0obAHW2%2kuNQKZIo(b+>vE zqeL_0`e}%r)mc0lbw(&fZiMV;Di$|*;*5w@(dO65`Xc?I^`d-|UY4tWGA0YiFZLhO zaA6?u$uFu;ogPk6Ar!=SDjC_RRy>FeisoUW4Z}aJ8NavMM2)dKd&|t#cXCoGLPVv; z!})mCD7q%zF{e(7!|p9DLDS%pOKF>X0RK$0vcZ}a;>>kHZAW*xl>+mU5lmduSWm>n z%%m6#SM|%Z0{vuiNs^{%oM>Sk7C}c_;b(IF(;YV|K>;LL>~c@7 zzMy?_(-5-jNsL;m*U?BKb)H9~G_ZN~34`+s(bNv*Z=Qp;`DN2aO%Hm9l{D_At>tH% z#2MwAydselH_~T_d6BZ=Z}_eJrmvMqqSl;U(1}?efZ;6OMZE zCt8<$v&EB_mSZlTZk0KUsl%QW694n?;GW4oB%cQzohGboBJZ{fC+f_kkm@BKq8ck` z!@3Og4vmp4g0Vs9>DB#Hr(M+39S7tgE?VU-Mnnr(;YO#@d-R7(S47y>yDipqYgj)Oz-`}gms zWMpK1lsU_q*^uUGDu=(GE9!Oe+wlc(L@OWE$DfD|VyByT^69WYn;BB0=XGo4OKL%y zg7di$8?YW!i~D2IwMFs2aKbEN>gdo0vvl4J`eAdMr9V#)zy3WTQV2So&~eKo6-a-_ zUq^yTM{0bh*(V0sGg&6u!1aw@<;8ZxIF@zvlt=NjkbC~Le|n$z|FA+d-SvHFy%b8^ z44iw@sO4w^Y2gjCq#NG7JqKoOEWcKXR$Wr8MeUwNf3M-u$M?C9##;6j+!na|`8;i7882|zM^9DD_Ob+pMpH)o=1?sFPu#9#XRm|>8V<_D7m zz^jtx^X|FJmkh$^3kf3-k^+d}u7VQ+RC+c|-EK_A7JzG^z-1GDUWDC%$+Af<8?Mo{ z^c=VbZ%3yj3GA{)|HKF#7!GYwCd^H-B+7tKOH#1i(4>OC|L!DdUO{EvAF=j5re!Hg zQ4_ll3V(*+OuO!6*&-61iFKc?=BRB;*6AG?(pD6jptiELP5U8h_5OI3=hzbP5vNtd zxr07GqjS5WXm6jP7B6kQ*ky4LC*hVs5Z=WX=X>bvIj~F$>;{E{REze|Q;gU1<-VsL zXS))PvsZOTy^)*4L(vcXBaUVHf*)$ zk)P=NMz&?wAnH-w?u103WeBha=v$0V0`(h5aKMX8Aj zVtP|lv)_&(3GO_2|DXe45JYo*n(l^f7?(tG zk+^Jk``{yX#mrl@$5Mcqe5o10J^hUm=b7{dKfHV8SY9vJcw$rcFF_qb6ZdfY!Z(%P z;W>?lzRSP@nSXJ)%#u^<_3v2jM?*8&Ni*QhK5%~zOQM6Km~V~uZAzc`CF75VG2O)C zuA+nTH~6o^hvFo`8LF!IkaBNzcXF#NYcBMHAW;Xju=x!RNk$E#%5Eby^L2$*tpvF1 zBCu-y`|gTU+b=>^PQ@45k>l|E??~|Fs&)!{VJXqOeG zsR>qsRorea_p(!~_TBt&p2`z51>&HDveMzt-?L8|*Omq77AE+_6^^Do6+eqA5A2=4 zd6}jDdv?^x*oZKP4r#1=w9;^+_Zve4Ez4ocb0S0vV*4~-7($)ux{vDtQAH;!vUQSB zabMEKPb%2^D!iyd7~KHZbK{dfVuGEgO&VY|DFg>+mOOT z#AtpoNwx(;bIQA7<9nJB+oKuaZ065K@}Dux(|jI6J03aItG5@%cnvp=3TGl@64H_j zTMb>ezhGNRYVQJsqyW+HkMqpu=H@KBvn`FiqSKGhVCAWTVA-pnf{so|$#H z_(5fj(2&))vR2!9otJKY!j3#CqEq=27p9I!>L6Iyocgr7b9<0#fV!GwH^h-&ag<;u zL5ZtP#?n^@?zY($A~SQ72K4h7@JhFtkBH-7Gs+}=$VF!AEhHw!E>AVUqCBtcX5E)B zja^t$VlZYA%ss7WWz~OUddYlUV%B3yRm#!9en*WFglNs)m&PY^q64&O1@zxi;_@G9 zvCOfeZv1>l&_%U;Nz&kGYTs3(^(9*L_Ny4r>B8@hg+nQ+8Nr(yOXZ9so^6*EtJ4f} z5>Slg(yo(Nme=MQdwV9cDybYhjop;vrM*r`OP5W#Flux2@kOl8l$)Bk4~M-F{x+G@ z7|!5O!v8|r-`_vG>ZIpyyW(E^;%fPWQs{xy^mN+NfQF2|J|p+FUsaZ0D=NYr%#>)txgwfUbC>U z9B)h3zIwGM!}RLasJrvciihdwI?W}$Hhq2fEDr|Cpuaq)pM`(!an{VqNVq6=Nh<#t z+^rvP-`-obv#XRBWOURZoDi&Q1B}`KsZqk)o1*<>>CtKfh)eSQis7|Sdq1Oog%Ips z$c=PJ$IkyF7{7Jo=K(ZKDTz)qI}u5wS$Lln2I6wQiJDl&Ps z-7T->EylNM%J5K7P>fhJ25@t8hYpl_s$RSH%3a;>5G)lGD*WclKr-+kL{r)TGPYgM z=FiH5?99oPPs$=rni3TKPBhAF-YvJ_Gb+$h@IT(ZH~_!$#>dyuChIE;G*e$=om5qy zrJ0tSWM^leI(<6Pj?wh)uSaVOnLa{J&E{3lpYNZGi>ty1vGw}$aB+oXT5Tf5oUDq^N}Ql7|In@8nK&kBugOe-IrGhJDee+JiVQUv9SJY9l)Zpv^LbHfKL6t2~k{-a)cpNs&w1*o|+U zsn4&Y8mGjaZLlpAYF+oMU}`Vr%4|ObvdTR>BPq6=*t=ivz#R8In6&OQg>JppZk+Y7 zWp%L2qghWouQzT~r)3KZEguTRQK?cfinr}wjVNEcRJJ@4O_eV?mJot&h=J7@1g*if z|fTg&nxVI zcp$f>+a9c}3)sNfb$o0{`k#mxKr*!(_iSilh;NGa~s>T3-ya(aMG{Rf3I@I%VsNy>K9FKP%O> zE}ITK^)K=m0tja-ch9CXBg`T|EJP9L-+Ubl3y2uGK|jT&da;YiJLN_ z-F;?d7I%8b%zpf;V&Y5H&$OS2iizQl_gchJnCj{3;^BIBnRh*)5?4CuImth_Qsgo* z^y78lbkj(SDxXkQ;e^ebSXavHv1R_k=_6xaGb)-?OBwK< z96aZs;gNCC`?VZr2)67AJjJSUlt z?)0cTkVPv!1AQevh*H26=jjH=Vi-lHN_%f`nk{-?ezK<3?_R+j`rq(~9!<@i zmEXSrM@O5x_1cN(d~;$q0?xd zP<=hDIG0|*ucZaj6CBFd#rstKgfwN=oe>bLzEFq6!W;$h$mMT-OnZbz3kpP)RaFJO z=3`0*isat3j@gQYXWUO-x?q}^nD{DCbg6Xy(5y#*hnm+IXOg;@TYQUMWr7QhVB4d?#?x-c`2^jkkfHxjqqk?UXvT~))MQJu!p zC-qjnKlDQv307QzHP}j5$GrlYP%5I%v>uL-&X$C}thGC|jMFw{QTV$b4m(*KCf++U zQ;a`Y9BBXEAYJ8s|4d&PB#C~2Hy*%RDspkGyNavtS}OX%U42yRSe+b_b8s)8k22sT zrwayqP=WIUs!W(EDdAp-J}jR#rI#-X2neX<2-$StpVD%v75pk)8t6^wZ>ox&_zzCS ztCUt?;a6XgTp|_k_;_HdUV1PThA%5ieGfA6W|qu8buWGKLN=ppWjt?rb7OVJ@goJt z`-Ns&X_q_Ne#{FfUENcrKI^##(NvCmJeGa+ssfoD0#pw!v{Z$c!>>;&F25P=u|9yk z>F!?mgEDTV$EDL)J*+`$sV|4;dAC8krjHZDTNrU2fLc3eWeESxfGQaTL&>pV>=~1; zZPc-BeO7nk)>K4HZjLBb>1VZgO5C@iXLWz}HX;X7q-usu!MdlvksGOn%-{&ZINqCI zh`l=uFJjwr3A_IREY+HXBi1GpaC6-YryRiTkgLS1vsWPGssP{)&wAuiyiCCs;;#jg zwC;={6jNxi2)<{G6%tkTU3eN{2}GzOIi@be>BQ{JcY$SgysVXmM!iwiv2NkZbEEl>HcMKHURl`LrQiManNGlETvx|k zAW~KT)!m;T_U3n8V!9x0{_!Ezw<@lT0=bNmS(R2(CNgQ84sIvzLg_do{r}o0ew8|( zR`=pA$bXfvRNB#@mqX?Cd^JHi2f(Mog5t% zF7ZrZh9(lbw#TqDTR0@~?>b&K0z}V~j@o;6=m`6x*Xi&^F9Nvv?1Oa`<1Svhl;3Z# zx$MiU`vHpeZ)}JrfmTs$=x1!O|3>^wJzNKyQvxoq6=)1AhFiiFdiDLplo-iBs{6Sd zc}`~=C4AIjUap`xEMn$!TQ391&?>)C*1QjC)(0EHUzUDH8`!<>d&mBptyWW4@tn_9 zZFVkBiGyq&yF&r6vhR-!9okU6w9;}xf)U@Us9iqSATbLV%Hc9gsO*SPrxBaaYA>O# zYc$@cjN7>AeWlm@?V%-tPdQNC9Py#WU=*3|AD1I7XUO!-YbXfXqn!%vkwy0lGRkZ!q6$Z^yR_ zj2?9j4Z`ir3;g{UBYk6+FeC5f;iMbZigxkdD`Ns)E6%M7e*Dm%%TaAK*n6I@;44Yt zP_U|+VChj~bM3vV3%^D+C4W8q@n6DB;_kq~FaCl~1e?rK^gxOGh@G*&j{fle`IZYR zgr9Ft>YJ`ycQn4FZ7Q?z`*nh1UOrlC_}(tL&^ zbfHSGD9M-FT)HbHySaE!lx+@uBYM9#W7WVwo{ZfBxA*O&WcCbBGGFQ9 zZqkq1NZzRpz+>4I3sd*SLTSTu^Zjn*NgBIwl9e<(Q` z@CZ!qKndC0ys7q+m!JP#dM4E-nMbVGVz=X?0-@^0`Qh0De2?VFjs11Tv)H zJb1;Gmf@l~7YxV2Qu{{9x##X)P~kiF-L6tLF^T)ZoD%17`}Vu}@%CEXyKNujq$1*d zHVTcIofap%?Wz*@X0vZzL?h(j5*`@EQt{R>@E@JPde;D7_B0aX$yH{WoIud-| z#jq^oVuX`5c3B@d zmPfLEaj~p^##@AcIO807S^w62sWV>7Z{2y}ON6Pn*w;%FX2Y)orEm85K+XY(Mwnlj zZ`D-4uDw@rsoR=~hFfy0XF9>t8wi1TH6O@ zpH3ho_`FsZ!y4p*`){L{J4gj|bad2nFMD|b{&O6`S=%>z-%$xZ5eCh^48HKthrfC9 zW>WSH?p+FDY%lcz)@)UR0^QLjq>QqY*Y6jYtO5pp(GX8UybRm@83wXFRR@A@k99^% zl(fB9(mUldwqy_F)faWM>%?nAuJZMFzxGh3UsAL*4c!qK1IYokR9n28t)y~#VPSVn z!k0hED^XE&=3$V;BA zo4otpUZ%TQZ5*}`IQx>hfk-lck z)Sga|fKrqs>J{=fJ9sxrEs?g(gz9MUqj(nb;z3 z;764^&Q`Mt*~oRNwz`^saLh$lU%%FSb*j@`+L#{S7N!W?@K24(__Jrvei?9METd_e zYn$#dHHAVqRP3ggYUkqFYR4-x-0r;P*3k7jFveGja%qT$VPsFi>-&7D-+F5Mu7I5IS219OV{Xh&!9W8mFbhhG1RJnrJwbFaK05FO7j^NH zswli|w$`J%f^gkJwuuXsn*?8J+(Kycx3hwa<;Mznm_=JR0b2(I`<7Q^e5z?>LktCsBzB(;o@b20p3bk>{ zF!6iiw?yka#mQ3w&n)Q`w7skbUJW>x=zO_^87UVbEn_h#a7G(NP|_}1^O(JTJ~veM zD!P!PnA9^efy?REZE2>gbiM%!=c;Q1G)n;oNj#w#y^#0KFhnjt5tuERMKKnZbVW`RWfH-VR1vWU zSdj;#*M&T7g&ZXPd^G;uyu5;Y{HoG}46Ha%N&Utg% zaWC-(KEA$nQ#Pj_w1Hq|6JK2`fbt8O1}8PHaVjsg%cMhj@!8ubFgylkL}MN@_cFhL^{& zX)in@i0L0C&07jLJxBBRGv7sepZYqOdA!AQtT1CekMp<>jJWdaB>{(y&@I8)wz@ z`TK4Pk%qNJ7a*Y<0TVye!AMF&rTC zz=^TavBcfa^o?#`GCbD2@U4*Q-&vnWrOmiylW_yZ8;PK9?B-2|T$QY+zr#=}U ztn17$wi!8GmkYroM`3@k5$#vwo-Woon>GCpV3Y050U6sG-quX-d{_-!@y1+sM+_vy^aO+vP-Zuv}!!HRn`ZoT_9kR^a zh^8pd&Iuaw(EafSzIo{p@XeVH0g~n7rh1(&CI+o4uy#dTPcJ-qe=;9qMOtz)#oLds zGQ!8C*n5W^ao#HhledbUbJb>oet0m7PbT|Z`Z#<5-JpNr`~1l?teD#>OE5hhS3K~y zAj8-tbrbsP*Iw&|1$MKSTPOwW zS9=`R*nX&HDV^uQ3V!z4>S)biYKPK=2b)iQJXqnv?%97)zL(<8ZWuS@34MOb?MyyL zhNpr(NAf%V*?8Zh2HF#wbJ}_+z61Uz45s@7Lnki>OIt-PH!ld$3V41O8~)QG-D>hk zlRSVX&uwV(r~;jT8m8nLNBD`=Cadn(hy6N3n_m*5K~DU<$?u+J?-rOYPw`P6n=dG9 z@Omo?yWCEu7x1_?!>rtok&A^AtCyWt8;@_W?X!vNKC1IAj(9n#FMvn|y7T{mNX34c z@d0d%ib&~!{@KAauCR;Nw@`=qn7S0FH^xNH+KfwHgml+s{L;&f629mhX!~>a?#3OQ z7S;6tkw^LQsNwdjnUPXLYaP}a)L`{c2Ih>(wnfAH_=9sgivZFr3o#v5|% zixF)>vd-X&soskC%r}x`oA+AGIWYX31JcGXn>8QD-Cce1uIwy3w6)j@$rX%{FEQ{} zV+t&6a*}U?-OGCx!srQ`oI*T2u^MK9Qj1uepf!|BIz!M#rm%Z8FZbdZX&#i3?_zzG z)pSEkObOf$?aM&vhj*&zJj;2ecYLD~+N74tCvKxQzPnuxBSU>FzoNI@8Ar|s`L{os z$?gBWEj6ys2Y1jWo-LpZLJ-e_-MCSJYw3?*mu-FNP~2oyU7xhW?|4bmIp=)aGdpd| zZMnfqseNw9Q9zb^pK{@(5fca^svoQ(3L%wewX{8?KOVt=jO{a7t5C{o8^*wwF64pW z8N{|Pj2)QpG4P6)uS~&zGHV?FTl#XZo)jP^co&#j>*XelxkKAlyPPYHvoXKBW=G&l z{xG%T7w6!-ewa%O9lUN6yaEoS;*@YA?%zI)Iew3W!56Z?AyxGULL1aZOa{F56pjvy zgI4yYP)|6K3M@A)g*|G@7C7BNmNJ=Z2ksQl!}(GC6HS!!38Lxx1o`wH*!U}>r( zkq-$$e|-EwVBrnnG{46BK;qsESbumIPlLa!{)m4wSq`_6aTq2vV1C5ze0BHhPyAoJ z(1pn2*4=@e`8(wWlAtl?fIg#Fi2kfgyu}sdNSC{gFI+|?>NK%MBM0Pc_RV(APcU}< z9O(&{$R>W#oYlpbd~GI4PR@raM;x2Xg;q%RDYISEJ*q21s}M-B<=KY(5w~FGjlL(N zKi4>5J}~e=At(U?bd{+iB#WbN?t3})U#Z7cS$%xTty@0sX6hFL`^C?)D@+s2C7jA5 zY@&xk_JAtpD~I(Ayc8nQNr=!BaKcB0f7?vdm=Dl3N_s$vJCxneO|w0&XGjj(1YS_- zTmyHXt}90m{X#T?ahaUxxXENV9X2xUelwWz={E>ed9U)$r~NmsF4J4!JCpQ(#5&`J zClaYgJi)ej5sqUM)eenghEvT3Ol`6&XGT<4Myt!8st(70X1G7DYC-C8)huFOSM0S9 z)3UXD;@TC4zML{4C-o=(L7s|5&}e~+Qx4SUv)Y>ppKtgRI_>H`ic=gwq2CE{^>fg$ zvE~14pSOb928ld${EusbJ|9>C1^@?}>Xu~Nx2VhLD=Er(dQ(y{T!*D~B)WcuMy^fyoo2w?}9g9WY zrt9Cwy)oBmqZZu8&ZU>9<}4Q3&9fU{Ydgk2&SyR*y&~oH_VI?vCe7fD%o&RT{nhmH zK>y}))mx?>qU%wssVl?Ugo(_Q@f7+?f%LS4%iaAZGD0iOH-x5iYtKY18bwFT*kDhL|gUf;bgELNkFbh>u3wvpGThGJ`<^3*|ftrLH8eY(r zup)ldtyn{CMN$TC1keNq7oNx|=GJW%nfdSDF{pCX!J4(cVSVA9TymPz)oXOd4WiA8 z;RMKdEAm~(44{G12r{1k!;+O+KZX{Jtub?}=ji2Xz(R7(F&s=J)31s;8SGPxy;P#Pd_EJ`^qNAs2o7aw zzr+0itNlxqF8f+LX;RuuUG}%E7cF_Y#pijxohjX=G&R|FcfhM@#KbT#w|j4?o82yz zcEV(0Rp(@`^^D|~m4<;%$=>1N8_|A-EjEKD#fv|4>z`<1MRaL9!-QPy)}@A|W={)B zYm5XOvz=Zj0o2p1%$##eK9_>usSp`Lw1&bXb*%-W$Auk3jqQ`W7z4uD$Gwh6w{fm) z7ZN2`dCXljk+=)*mipTCJ0!S$H>29l zlGJ-cjLNeHg2bHZNchg=>DIHmK(YS`V-i?$+pcim@X$cvjYjf)Q10GZgDtQKemlnf z-~}+yk62;Z8X{1(5x5SW^b`0x52b6bzeDs*sf*>RWl}F$^xz^BdL^efYBc5g@v@cFn-Jg*!Pw61BH7X4x`hWW>rKw`TK(avsKv zg}h4*iFY{%)goFKmH7>we+`mpo7hkp_l-m>;b$d!NpPlsTL*jZny76NM)0>u9)u8G zU(f@>EfHt~Si&2{T1wqjB3u5D6eoT6#f^Dgm)B{wH-GiM%+h5v&=_tOW&n_zO-u;e zKL^tQk9^jd*e;PRpoqz`e!52ZFlN;g3)?Tp$I73{aj-^M@jdbV#mLK37CSW{lKho$R+^@N!x?nAofaCYIpEXgu&!Hdx*)L_-P*_ z?sc~f8}1XiD^Cm!+#5Lx~jJC7?%lpd+YQISq=HJ=RNK^Flb z_mC2;XP7ECGG(x&DyPe5(EMIEF6EV6l9#kX8qsjehVng`KrK83c>ovFhoOyF- z2T5h{VapoV_4@w;0h={K&GhjUmY$l%|L@ahmLto124KJ$ge^tu+}j8plXXP&_Ce^a zP&Wn*Hy*7XZ#fEc(#pEJ&b=O@*^=D(;mV2yTRfK-Gisy6A*#DYb@TG6L=;bWmq~=6 zMuOM{``RK+k4vX(o_?{M)m?ZU9?1~0gVa`$K?OSprY>GZkE*JgDljitT3|@fw~@cT zyBTZ?#A&;v#V)fSxV=|^2@ID|Jn7!O+AKLz`!H(Kx_{@td$ObOfDb?mc0%pJXZ3x^ zwS0Trra&GROpiu^DbTj>)uUsNn6`4S9W9_=uuTYVJ{v{ zJ*k#liT~|$s$eInhH^sG3+=u<1FfV}cS(-ifi*F4AW_}~OE~EZ%!0B)Q7qIk6#-|J z1-x&`w2pbhGh5Q&M2|%1l8I#18@?HuWFPZW6H0aFiAGG8`)8hV?Yot;{JLWH??b2v zlwGC7fdpNN_0iQtqrqUUzGSrg}Kgw?l|)oslZIKEmnwU z!)Hc;IY;U>kg#QCC?iz)vJ04;?%kOT-}*ePmqCiecDvJH%RdUbqdd2Q0l<;K%Kq$gGWrNi-FhL$bE+=Tg3`JZsnL=>BTlJnrJo{eVd%sIOs8 zWExti%weUNI-eAaP~G5O-hKol&&HY}#o*V$ z!^KIovr8#{caHAF7>qrlD>*(R4@Ykc1(G7I%Pe|h&!4B4rFiwJ5r00BH??nFs>}eI0xgA(SB=-wx5pWW_<(>OBJFJAXSjE*A z792>Uv{)$`lA89sf@uV2&MY^Nr$*uxjQE(>(l(zpA_#e4LYR{s2$^idd0jw9X>Tyyry0UCfx^xRuxW@yLpY+D_{%!<4vpM-Pp}+EQ|=Px{UuEnWJ#s%xp%y~J+y(XxZVSi)G7(!-W3B5 z%~6hSFz=RGpA9#{;a_Aaek_L15?dm0@%<}G&`&3*|~gBaeJ#VHN) zd_I`KTaCm9ACG01Iq$_4i0WsWw`%^gbcP(fqO8tcW$2X_05KJ8BhdlbP83_MynF&3 zi6OP9sGxeo%mfu$1G*HcFs#`m`2YK1q2JNuZ@t5%y{oA9Ou{ekE#B8?3=V_O-GYiGQ z;8p;Fs(KWZN}ZBArzV82aACnCmrD7WMg$Z1Pvkt6Wsg@Qz8gPGFhdX6m5nyNJ{xRA zAMq9~^mMR#-OQu|Vt$}fVBo0{++3O)vX5|4oQNC7=BxmNBNE!KTw2?1?!hyDZ0>vZ zaV~Yw=*C27a{DSRFnN#a8ffL#kJb?X1mdN^#2xL@fMLLJwp!1q*wvjbgdR)<^ifI{ zv6`9h@`NcGm7qC=V%6mUoy5DH_Sf@BOJT&QC5E|Ga8$+Py}b9$6_b<6MV^I+WS|{@xk}e97rK*V`AZ@s0H|_{y*) z=NWZ+Mk4xVH8C3u8rH?{A2GjUd&L1}Mid6PGQ+I*sZyZ#JWzyr_#>ji96B1c^#bV} zP$2QZFI5VVwUSl)7d?~H{*=mId-P>_*0{#8{4i>G`4H!)Y+{72xCv=3J&&z!FDBy< zQZXe+X%F3(@1qsS^vYA}2)znu^ag#ts)CyDTFcsNNnLlh&PnFie?oICGLJFUeCO^R z2j##gL2kemg7Ab0M>T+6(E*kb20W7DC6mqzNhH31bySrJp0y;^-{BpB9w0Vt1e%Vr z+#jZfju21w9*R^$k7HMSd9`u{ApIv#pV~)XGd7L|_4^l29V=jWsqZ1kiDMeaN_TP+ zCRXB2A)dnM{4x)H{u4HKxT|Z*Fr3D9Z|Wt*POzsglAZlgeYn$s>2~-g?;|D+O0O5> z6U)DU8qwmPhc9uC4|S7(v1itlb)nR$7nPCXq1`FdBIXaa`k4XIK~crU3I2;E_ zx%V`Hw>IZ=@i8#IdM4+blY+Io)AJg&6_*9=U0Y#ra3 z@P~RfYp3Iz^yK+qE99-4_IW2FLd*j=I~BuMVZ*ztE^NrCAH^B`LtY9&_`Yhv6iG&W zD5S83N$?ieRaR;Zgl3(FzJmq41srfBGq78808DOhP;1!KYR;OG(F#dsRqNX8fKKQ+gQWDWy2J!v z+BgMTSIj!OAsG#k8E@D|1o)&3q(7u)h8#cJuFCnn(L&^86D$F5%e@v^l zZu(EaH`Q}HK;;|zS3WE*yg9#LVEq3UdVTiQj?FKra$bfU4TZ!Pa$2~P0UrZ|Q8znw z83wlo%%2qU6SY;;S(!+5UtDB@Lw=fqU3PU(mjn*_{6)x+WEhx6m^;IWx3vp9JG>zu z0XwT$0b0ENGZ?pZKb?8OpFqsCOx0jI|2E29`uWb4yLTEn{A&!6q$I|?NZ0lqR7dYP zuwu)F*9=f-kZidPUMy?WT%4U@Hc@#_6Qa8!a~|1%WgDy1edb=GDZ##Ky{yqSam zy4Rf(EsZF_UdSc&FU2fe@bfKsi`dU+hb`Kwk17p8@)%AC2n7)dp@9>nnnMQMu9w&&j=fpNZFA$_A*o(Eo?Au zGC>!PZzStT!Hyk3XV`BTPbbIFbWt_$7~xZsUq&wcEdW#uz+F6se}6nLXSR=Ibg@2& zA4f%kyC8iQ)Ur^4Qql@MIFj(URVsOx0TjHkZV|cLq0>wgzUgA0zTTs)hXd$40v_8y z*4vBTHTinXb1Tosf*D#B_40`?p!dHopqIzRxKj#>PpHskT3VdHcx~1kYIcIQJz)S& zm^X|^qcAa;5_kt~l?<@0=`m($%>~qH1GrX8qUWCoz7Dyd$0yK$_;R|^AVKmCw4w*` zj>S{_6Hn9-ETnk4+ENi68C!Dua`IXv;rbI}7qP*MQ8ehM7DYp!7lXj`%UuMcraF0m z$S71aAh)Hr-<{1dQQ!G}iHRN?-%(qniem$0nO3n3zaa})l=tuP^D3L=4lu9~@DQpH zv%f#weBbY4J?;NrM7H&?0L7$r!Mn zsepj=u1hHVZ^67QyfnMy>{=%2Ayk6&>nbfCOc9!n0An{o#yc6$wO6bKE${TK@9Ho} zuU+h3>vkFpw(U-xv<9;z9w?lJyx-`-lxEmj!9Rk}E%FX#Fnz21fg1QV;tlk5^JDArJ*jD!gWaH!-i&)s4aT<`K~ zJ1zy!H|x|fWF+Q8#ZwYU#YHsA+CsIMdZg_p46J&xE`A8JBeb`Hm*xH9#yK!3pv|&_ z4OT!aH{8UiRn@nMzzcBiCM(=-E_hH8a7)ZY zjYbY$u#NiBdn*ZftkewN%_Ts9<8NoUPTP^Pq@FEr8Lc&dq zAwwyzLCS>eZOR7>q~X|iYW>55w zqQ`2aBuVU6!y8YfEUlOtPq10q4V-%Y}ly$hy=#- zp8>3it0!2co5q7_Mc?1_)_<7CG{;_o%_cNS8X=PeCUdPH*9{w0j5)Ax=T)_#j46VP z?*tdWuj|b-w3isIKzgB09VO-~(&Co9gAO)wN|V5fc_}BS8Cm3lmJX7^gHxu^dpV5X zKdqc7v;(Vou##876)+H{4<8u|zT*cE@%eZVlUKF+$eT_1D9(%Du=!;cTCe;h`l zKG0z{lJM%6=yG!D8A9d$;r0VaCs!!1LX|td=1E3i%ejj;p}kUQ^Wu3 z#&cl0aB5XaEfgPoKxp5Clh8081Q~pwvVVoH2snZUfhGj`p9Df|&$vx5C$? z9Q5`B`)CBOf20F*tKtiqt%%+ueK|vlx0TyvM3n)(JibTOwq(1Q=oHV0xbRLs0dK(U zRD%+t0bSSjS9`&L1PtHRHN5oU^ddO+`alzMQr26;6=m6;SF_XXt_K&xW1@eIvj;** z>+C<-TlN&?etjsi;oUuDFJ(gvLAJ5?^SA zI5e;ohg>qY8B0=OW?+#k4kN_T$#bmA>?h*Q&8$ncIcvQg-jiknu~IO9RzTEVf&>@d zMa#ZDcX$uMFur+JjSle~&6h9Fg1D>gu#FYb@ST}@faJ|o2&*+yr2SF&BTANn zyV<^SndQL3F-mk%Ab0$F%^ri5;#_zqos2jhSoncaTTlwtoko*&2mFKLvifyqM1i;G z)12p&xDT?(7OgWd6K-@BkaIZ9iXD^eVWoaiA@pFS8iWYT#y~v4(Aut)F}7L}J$z_l z>nBuBhl45PqL7w4N> zE*$^~#}deGp@3?EQ?8Mr?~m4|WhYC95^wiC*?goyQkYa`!hIPw6@@}7IIjRjuK~sepcR-?8bPc)=z18>othHitFT#xQ{;5G z8Se#uM7HO$E>sd#|5g&R8~|wD&l7JgbKjN)6|@0hPU>5pUme{pALN~#mf*h39*@xM zz=eC?fCt(>7J|OscdPp=cNlJ1CaunPh1f6qdSP2N9{UgkMY`n_?`qYg|c<$x2EE%+{I06Hn z29M@93Nk_#oKXzSfUhy;iabX5n{@a!pT+6jk|~_)gTGZdv2~D>Sk}J{C-r&s3%_O@dD^5_7TNKHVBt-tnNyMGdkREw%J$0* z(yM8z(_%|8jhUONLMOJw!e7=@UykIZ( z>B2zIl_DKiD0tA!U&(g?^Wn)fAe$6VQ;^;F6yW(;k?KRgj8COX%1_snbRXLLSe;nb z-gANY7nQ00{AN&Lk?ITi5yA1ASs^0>`;$S3gpdhiW@s^cgp#8>eouTR-MP^Sg8OQQ zX`nE+j9F6f`u{k4?|7{L?|;0cC|N1W9!Yjxl0C{wR+2r-b&)MIJ1r#HbRkk9TZC*a zF1xa_D=RxY`*)sPm-p-a`F-Bs+xz?d<2_y@p3legJkGhF`?;TU0y1H%+>grz!aL8G zz~OkECDcg#OQr*KZaRfZIxkd#EuEQL9|M&Tv5?4JXCbfs92JHLt{^#} z&wrw=kF@v8B|pk9(!D4ZH52iX)0|&z;@fe(~!(XSrjU_4qukxYj&id zXLk-HuyiknTa>{yH?hi0bgX6F zGpN8B&-0tV-1z}*;d_`+O&@DJGPyEK-?ou_V{0vE;b7*Q4^g`PaK*0N(~_@`95@q+x8dfI z4D~Z`p24!IKkqRx;>y)d`g!5L&*eMS^+j9WR%ibAK7<6M2+SRgX2GA65^QxYu}z!A z@f>p)?6|N8_MPP0^_*XRo~K33$od1|{VWsBaL0VyIL2crgb$#8o_x?cW|o~Z2vy@% z!H9Ky`?ubCXsJa&af-hKJhYT}TkMHZk{mw2Yp%Fn zWH;GMt(@4LStS+w5)J!?gvp|U8ecq^dLDz^Ns>@qCX}uY?1?Mv;hLGe3>(!v6cyW$ zlyMK_oWC!?vwRe!`$#}w+qCspWQ*<#%-qY-p1ie1Op187e-r-u-tj>;+N)@@3c+s5 zrF3Rq1+y(82;FWDrl$5~tW+=@-y+p^{mqvng#$foLYNnfC;SdGq4+hA;YT#wncsF5 zw=O=$J!;Ng@JCi8!PcA+>Jysgdv&20oyprE1=ngR5BB&JXYe+Vf%C~?Yx!r_)g5PK zFA_Y&d|6&RXV_S;P<8W8Sj>yBe&8eJG`1(VauUQ0Q##Te!PUO|85wZili8|Wf9}CJ zx|bC+DK;O@y5NS$2%@<{#4046FRDr%!`Y@&dV9L(fMZDg=UGu;lS#Nm!^B{inOs?E z)Q(rBPrUf>pAWW&Xo*G?_4DS5!3ya=TN6k5qmzK!$_>oIE74+M8H9`e`>q@tVnqL* z&lJ&vp!z)Vx9;1Eal91924RTXvivxY{;Ob=ucE zM(KicaVqR$*tv4e(EK#^SUjJMcyvDli`8Mcpuz|88uaP)AgDFg%zcf53UGDJuw1HGbQPbAKS0=Xc;3r#K^=sJ=C zWKZU$8DgvCY^t|s{NMTFfXBo2P9GB_cRe(6Qz?MR7|Xkx&$Q$0jbP+;>wX1`;GCmy zWb;quXohmg;>R9%1ArMQHez)K`6sgyYiqQr@cEr8zU&lufO8HekX$DLBOw5n+a120 z(&IT&{yQEuZ|Ht+bzH=fta+E%1v58#U!TaoCuNOIg7IQeuz@>S>04_?(rprTign;} zF_i^;|CUr|u{omGHBqOA5BQvg+Y=I(cWCE1sYLUtA8bfES#4F%xIQ+7@NN!zk>q@f2zpw#hR=vZ;laGam>Bke3SBQVH=}mh~SLatPIkpwS*xJ=T4A z+2couRsP6CY*yi$GntUz%EEsEZ?Dcc!QJ51H&x{1A>>w}bB6qJh#USF~pj(s3?4oGMHj032Rq-H93wUw%$ zXLbV{QW5yB1N*s4z&swevQ9@uwQ8py{CD>=cr zG6ULnHw5R?E1^>g^{nu!OR1KsL$d$4j^7z@jn`lqd5T;r_2dCSUl_20`xzaHUx}g( zEF0@5>I(OaOu8$F>ciyhS-3qD&A^_IG0){y9`8xH^DTso8 zBX#B1`N!E@Dxo*Q9b4-@@y?SlzOg<$!j(Tu+H$4}qhl)kINkMqLd9l3y|Gx%15}|{ zVd(h*9Oq~tZS&ji0H_+VyWkE>fq`T%*D*UCc-Nu>0zTw(1gvik^>t?fww1QxoGIHs{f`a41dCUbt zJfol&EXsv_tZ%<|-cQ;2FlHM5uilHOc*iGRRSZ!5xc@K(dKFRzs8W3N4EM>?3eK7P zj^SNwerj;rsU~=EVWQ4v^~CwxFZyq3t=+udnCz^PF&0J5q5*om{F3JSO({fvD?ripnt+0fKPZ<|6O!2y?!M!vSo_@lAfOuqg^S5R_1AOdymE4nc{`9lqw! z$#EobaQ{&-trT^BU=!2%i!2>Z_Rh(195V_6Vb1 zK8)qPC!Ulclj2(U_FFq>6!(1wosnnYLA2t!!+zC&clJj_uNv!1Kjdv-x~5sQGouQS zi@^9qbn-sQRmEBXOxMS1n`2})xq@qCXD7fOvb6?1flrMJWFWJ}_>-!d3!t$LZ zNYRhLoW7a6gP#d{!sh}A2^VS#9E@Sc8Qz9 z3b}@<=EoBsDLY5}HfmZHSPZgNQp=!m3~cRNo&u!6^|0iS$4|lxuW{T#L5_hSaSJ#a zVYg$`KiI(-1bEIHx<(^j@|htgZbNRLZcK}5EdPwRIjCI=;qeVGZ=|5a%o8#x=;H}< zhq^%pZ`CgelkZ|D$z&6tOIa7>=$Es**_`W|8M{Evf*kra6VA^gVwJ{OhGE{pu{dpT|(|H@*oiHV36nn~Cv+kJh!;%d&#R!|~1IUT4<9KDc zQF%3W(^YF#ua+5R#cyW=dx$y!l37(!)V*13iyr1*^oR3XYj=@vpQw+u^S&5k_f)%; zn^Jreduv9eA?keoY+4~|P{C$BnH#xs5C~WX>*wwzw$_tK+8qci-a5HawOV`xckXcQ zy?=VbABW)ma!w1y@5IGwO$3x_tDnDDZGxaOiNe5G5<#0B2m7yOVsjn39q&?`cAU5F z?T0G4pM0<8YzlMx9IoBv00T3?^5)B#0ieDBfJ&D(j7vS7!zYrfw?U0yGKG((?Ob0z zgd1E!b+b%)x=h6_l(Q!#NEKMVHMP9y3ns($)`7E6st(rXd;Z|5e|GIY>pBCS+8k42Xs5SI`%79x5A_MTn7AAoqCdO zcZJG$(1058uM;}%Yf>+vjIfbK;yMG)I^u1@lxA`6sycsI`hKB_)xn3dBY)kpQvyVk zi;f*@Xk3rT8#2;ou6G(2;~47Te)*}DRcAeAe}&C{<4brE_PV;j| z_m#P+tWLXZ$Q1g`TvCf9pK%C#yl}Xnb(XO27}89pLoR@uzaH~%1ZD7wkbk3i)`48Y zA#or{+~@InCsXWghGGhOgPk}ggkoxec5sF51SCu0uB3~;&@;EMYh804bkJ60^0P$I z6*s97pc>5R8-r)JTahc1nuOlbrHj(7yQX1yoP)=KGkb9F7jWs6$)Y2Dv1 z7oKTEdp&GyCu!3mT`;W1B&iKnk(~G#r=XD0up_{2PHw$ zBz*MmLZrs<$K~_Ce>TeauDyI%aF%hmD8t%KWK07D2*YpC{|a??Hxg2sa4N`V7&D2m zpbk^K8!bll+Iib-&ufGQ2*Pk&I@qS|V2~|mF(>@3%-65oyiQOgH8f}bSHT`Uh;%GM z>~)cx0__TuO`%d90*xbxy*inYw$mpxNYHf$|ThAYio{+M_I96`RzluwS4OVQKwv$1O_@6LGR3cF3!53mEN_4lu+RYy5?b0)PZPT6@e>Fk@cY!dwo zKTqjPI=u0o?TV%7FtZ_C#XA*nz};oOS@;EGB9P&@n74NoFzkFK{c=ec1?LKTmHw7+ zkxE>FJo&~p1L34UcV?@nbZ!#5@U8+Lp|_%lm@(Y&qRb`?B#-uwxaZA)X5B4_~u z8Wkj*hd7Xg+vd!T?>~Z2wqIOV54+&9_P!#2_(YQl<&_Q_&$WRi8Vj>}cO&uqzRx{d zHP!Qm4%B`Z4DiGXCd7~SeEC^s`RW@)Ql4(H@43ih-g8mLs4KY~GU#K-EoTcJ6$~Hn z+vvNIX(2{<%{|~<#P;F;3g!tBVcjy1PbgGBMWPZyPW=S7hXgFSMA(-m0~O|x4!0AA zV_P$!3e~aRc;b7H|4jtE3&sPBM8>lZYX$kKdVuQuqjnakhnS5%q`;a}*l|}}m5cyN zjglI7Zaro8EwYt5lBk6ScW$!g9%-BWk3Sp~u>~y>h7Uu^#c#%?kj2(z1z5JDt!s8c zHK{z{P>cH)uml$Hg@B{7Os-Myz{{!t-iDXWO=MKBg|`h3Y=;AGVG2BZ>1QIWoRqFg z)hBi(!LJj45T(*VO3(cSjy|tYYX7OvJVwp<6`o++ z&!@qpI(*3W_Tv57Q%GN}nuF7*^MaA%o{Ilm_fnTQ=PA;ql&jAlhV_nK$dtKcI`9hm zOs{SI`k&}e5fF0{z`%E;A;9O}agk%4?=Ip`ao`A@JS`C8Hym?c>H?DbNZNtz__}~d ze8B1H0e|a*jIC40vEB`8PDY`F3$p`$%lCTEPn};`95u}pX1PcBsC$Xoxu_U%Mtm|} zm6Q@Cg1o{`f|yhITPpkf0GN)=o!TqJe0&H5FH60Jny;5-olmE99%^sNf^frGr+ay8 z_1@xQUzD^?eOuMvU3Tp&bbni!6loegZk###cOa4sz!Sd6}WQ z;1a)iBs=nmTx@PGt>gEhUxLAO+{#hGk-1@e;eyni7))tn*|e4>OCXCuvSH+xQ*1+> zKy3+h^FTO95_&Sm^OwjD)!W|Z3#Ai^C(xb90lZWdGmZ}ep49a!;5eA;j{xBXdMh$m zYyH=un6HnGDAvgLjcS!oX=Qwi^opvYiAT1aTg~}h8(TZbm?DmTlJPsN1XvnBkP}z2 z=ik_QOQTcZGBNut%W|j@3d}B2)MI_T`dB3I`PHG}?2?$%L$LGk+c4_+`=HghQAfKdbc4gxdU z9z9%j`*&Df5TU4JgOqO&|Lxw&*4n+_+?Dh=LQEBefWZLUlmmXo4;C|fXwD6z@_bpt z#2{VaOO{K0Z(eVXcga_nz$K5gXPD?qBR9R8{>gJWi#=a}Xt(Kp8|EKU5s{O_SLH6F z8v~rw#zkse*3SX-@h7rJ_gggkTvHbxKDj}@+Lm`1%H>M{$FpCaY4!GVw^{%<$%FnEzPF$1u`I?Rau8}}q4hYZ*ILWZ1$qH=ogAekQq>c3wEBh#8# zXP2rjZ22egHrV`eXL!g?<>CKo=p+c}4vl?zbMIA3Y8}>3LS}a+k!w85jP^i zX7qC_;f$7vVi%TipEt@^FV^ruYG*`*bu~Sva|do0P`b8#qUwpqY2W3qkA;ZMed{QX zBU3PY2se=mGC(70TtdvPXOpu5TOqZiP>}-B@5$9W2E_QyL6AV(Uccr+=vR0LYj9InN@;LMXAjTE2T0%or>9oy&0}*P z|1Ebtn@n3T>1EOKy0RM#F4I6HmL~4ir6R!SbWAAnBrXR-&_wHYu{oDs`k52UPw(wnHcqK<-rZzoo}zFj6A;eIj9%P z)I|@E{G>qLxH76WoXF<9m}Z?hk9j4c*;N6Gdo(&1R6LO||0eCN>U875Et2+k`I2og zp$Xm0Qou^3=8xbd{dty7(>FK9E_*EaE4^G1A0YsDVyf5dNGLp6b=#M8VzA-z=UshL z-hF_pDpCFltW>uU;9&?gP-h--bPkl(>G)`I<*Z{z#FF20ds3%a8VM?Feh8$CI!MT@ z{VyZTR#_|OoDbzQOCK2H(42i3J&lXW#*STWnGq0JlKh^-CHntzF*%&z!# zEsdTRTYfuly|!3RkUCO1W>;$->_bPn->uv_284jI7u9#soe*&T$eAO!g%$6JxO$e; zZ#4Dwd5C^N2n&u9#Y#vzVpfCzSd{~?8s#!&=jwnf;?P`v;ZOsa=w1A^yd&F&;HosK zlLFB4x^K(N33i9g-&s3xfwh$}g#p}FmbUXs4;yzxrZ~DE;NnM;`?9Imd6?y&tM7kk zB6cmc>1jsp&wMh0$eAj#0c^TDU0nm=;P#Rr#W=)+CP9U|nx_EY&Yggym->rn5z=di zMESso=*b<@XQsMBorX(7ePUj}t>QCzbyBlgrBqMd`j5MhS~0r!^!`n6m8?(&eAK-o zw4GYnK(RhSiyG$*gPmo7!u9xc2Eu!sIfAmj=`;;R$X$U)DEyrF=*9#fer}{v zMKVOz_~2Ws9z_$=t+>tAl293LvQdGo%#=SS1msk$O{4@_P$z&JZDGrTo#Xm$jO4Zp zzn(=*^KO?tdtS(;_GLD%_MJx1m9s;Zq!>FD&Kuehl3=gIeDAB^p`in5;}d1t`%&`; z(WSEzwTU~Y0{|EvB|W~Twm#uw{KP&WlPph^HEGz!_&hkA0WqIm^Nc`iF# z|3~o4KynC5{8#^EtCWL$0OxziPR3x)e`z;Zq)!?|&K$Mo`5hr5Uu4n%oTa6MzIYg8@*$^voyipn3?GPzvU3q{pcoby$U9R$eYSG0La(PLR zeQ+qIYn*!pHPrJqe4N9+*f<5&*4F}n*RKLz?;~UE-n`tIGrc%?R zyo948W)wi;#A|W%=5e=LsObK^VCIFt;g=v*g*^IvmHG@Da;1SoGtvY9@{fM*H34fx8RDh*Wr zy6)B40)_Bno<%y+b8);520wFm8i`AOC=g;IB#L*ckT|zZ)}S zNf}>4u9XF-%E%SB9?jceeAT09M{scmsYZ1dyJay#G6V1ndz3d=sjzK%4aV#kS&hk# zoCEFJFPB{=Mib#K63;`-0QH3sd^+93Ovw+p3aL_-PVAr+lPRmr=0zy=prGWl_RQw% zAKk?(sk9vkqO`8kVz|Uwpy0gadHQFKJEyx;{>Vc=UV$oEWF_%vetZbHD7p-<#U z6OlB`{cEh>3Yw+@`^=Ueya`u-CDPu9E$h&Tg&iyX_VVXD`PkGgSUOabZ0vcMP#kwN zP6Z7`59bd2#h&b3uFntAz~z${P?UbE6)@%Q>sgErk;#reA^1e%_xzd{@)~0wC?sE6 znU~~Yv^FfYKrsLal+BC?`|#;)(!C9cP*#;&k1)vNojf8F04~PwaG5hy@5HEV@dN)D zNR7HdLb3+ip)REBu@j{t9Pt7$koiEoWCBo*0-$VpZe8Z->ZyUY2 zDeS_yAw(BK&9uuI2d)hgDvP%duq*_go|IPf)T}53fbz}YhG1~r(s-`~V{4#T=NqEO zM$}FXA+@0L5c&x@2u-?2J@O~_fzU+K7$!PuQsc@c=4tCrQ&yPdh%2CX3v5)dqA7L7 zSreR^61WofR-Y}erg7aE4Vj4xVo-sJ&>e~_uw0Tf3zsPT%@h2vDnsVwgR_NKEL>%v zRL4u_+nXM6E=I**KS2KoZPo|FfS2UId;LE6YfM7ZudV6ZFBvkM@lZFfxEiMKG)h+8rY}6)9n~@#3H$oI9HQDeexQ&$6A9#3I(&l(Al=%4 z%PWAtX50wudzM0k#Z0e}`^NfIeHYmI*{(3%yH!#KD%F`JsO{=$n{+{EAFrUTF>TS8 z?!uAQ7EjqK0b??UCq_2|Y#d_}ur4{3m1PC?z`FG%$P$7yD>7`Msr7s)5Ec{;Ih0VH z^QhVg354s=E%7!d)?is>ibfzxA0!%51v_XVi{35}!sg$L2aSdZBYHlrXmfDcCA@#&!`x3uqah0DKMyJ~0ja zWtE5T;ozZ$7axzN5$NwM*vi#P?`n38RNerArVkIE&A;IdN?bCaSqBVsW0E@lsEQT* z^zbB~sf%M9!<4ZbYmDs5hnEm4&+j<2mRHH8>a-&|GKeMRZPErLjc}B;T|?B}2ZWSW z1yO)L$dF5orN9bsOZDJu$3+M}dteoTouSis8FOK67D?wX2RQW5Vjq-Ut-kKx=n1ru zf#6WQ=}5z`<$Qk4YkvCWmy}HPp98z?DtZV!vPmfj5;u})@t2?G5IgcwjaHhBj zLDaYHyfX3nX5b9#H{BRr2 zN=ybMD&1=etjq(>In3AVj|vDCo9)jYA`SvTcK#pVWkHcMhxu7XI}z6Pek z>dFe;g;7@_uX%60C*Az9iRxNxmNHE^E{-^16b|ZCe?X zWsQ^_*;FTo#~w)A7xFv)SGWx&q-ZnRx-n_am=ZR#nPje@w3++W1;qd5SB59@>I`k? z$lFFgP;7Q~1$Qx(JCAwq3Gr#&@MG(6!b3pf`?}mO8*uBg|7pj=4gcRr0_&jiKb{FJ zbT+(EJ2A5w?C^4t<>d4v8#8a+9rpr4gvx5 zj|Zsrio}2>V3lJF=yN9cLVI<|(W_9;Dl~~VDP@B=FoJYDu0VRJ!NZ<@gMmR=pK42d`qL+gS#^s zh0gjzOY53MBk&1p!ZRbv5kXV?iWwy1v`%jE^OJd8xTTDJWjU&}^!a>JDD8nYf)=2u zXBrJ&3{pQN+fDRf_Ssb&O$xe zmX{x#q<`ZTz{lZI0gVr3-y%rC@af7fQZVy3r}4y*&ggB>#U5(}!FAHdBhz7YweI+xJN(3qw78?-*Vj|~ z%Lbsws8B!V^hHcSBMtq!n!qLcjNGy7?QHXYfWYN_^oVzmfjT1JugnKz(8Jd1UDyOA zeXHgPGYxk&dsY$Go0&4m#zsHrz(0f97zHCg3z0Ggy4S3*SM#U{u{j9rI`(Ls-HuuQ zU`476chA-F{0UCeYMgCTrsn!3r|S?=GaXz)E#A&x5lFwPKp5wq1%?M0NN(u> zl)J{(bLk{@{ONOh_=a)IT%h!E_Dg$+2PZDd)~B_^55RXX%Dv>v&rRl$0LkLrL^nSg zhooDpl-?zp)=7mI8FaX`L^r9TKYvdl7pDJzY`zMQm&;Ek_?CxTHuD>U$=0VhSnJR--#POJt{ zsX%QK7ZE`9njGw}Fu74;mw2jz({`dK&}fs(y1SiWgL83jN)m6MFOgH@r;nnl8xd zENUMv4tIQ{XlELQrp!<<&}ZBZUhQlJ?!(cb>m^S{fE^IA1r)O$gaHQcu0p4mzNp6L zpUop3??F;}nFZgM0b)y$;6xdj4a8Mtmd z9rVc$lmnWjxHE#CA^#WtjyDH>4Ml(vW1 zypKMCm5$3enI#x22BiAM096KWCEyOW55H*J8Mr|FW&#oAwp#PJIMPT%OYWy_koq?0 zlZ)&5fDR_-CK16pXdzH^CATL6;FUS1u$npzq-FO~-*Abvwv z5suhygSezX%Zte(2zsIAKvK#EG}M1cYDzgFgfWYwOJDU8s1_wsBk4=f1Phpw<5Ary z1o*s@9TB22RPnZz>iTP*+~_R?eG5ympM#@LUWVPf<*xvn-Cnvk=QWlaqsOw_w`I8v zB|1}Q-=IeSjI36#r0eGkM^a!%j-Ald+6$U5xFFk|D@ae94dld6)Ij+9GG6{s!Nr^Ugro;ew&9H6?d_T+fzJGQVc z)LD~hu^0F3OC%jaz2Bsr%i`6IAt?Yfzy-Z1Zh;K`jj#O_JoXYj1lLWU`s)HdK*+MP z6V*Z`suS2gqpNW979MW-h??qH%lFrw+`aZ{@P|6Ch0T)cX(5)|4r)H|yzzcKQA+)J zIv^!mB&qu{l(`UjhIiC-&hQ{CT=nJG!)Lfir<;&)@Ifg2OR!I1VbYInM}XttqHL<1zdq{%riAShP3f-An_Q! z+t2Jn$uT+;HhIxCQXg_|uQ`0qZAcgQxlA27&or*LF{`s3lVM%On|n&mc|7&SLE150 zR`YNtqP#{LMMml820UsLMoi?5f;I%@oyK>3}B2}62u4>TYx*mgYloL zxOmZwAUAt4#71lliJ3+AnfW7xPj8kh>&QB<4E${Fb=Pp`s_C?|rVW`3$|L$X=0<*VEYJ?R1#v(34yaGZP{}9i`5ki;){yd{N zS|=d*+ ze)l~5Ye`v?fOJ};m?)Lht0AF7+ zCoPbJ%@S&ZHe?_YqkE;SjtHKzjZr!Qci8sU?nmi9aR3Qi4KBv?(U57b{@^3!9TH|i zeNr&iE9Wbj5Z9>YO34t3oWd_Q!q>TIGuIK!V%fdnPN;_*C(onK?i z>G+v7H({XXWv&M?OlWR@@|hh_4)V;8Z8*tkvQOY9qrYq9{5jk?aTb_-KlZS?Vmv2K z{Ni-jx!ZA{ipTgd`Vhoik>>HzpAO5&a>MstZ8hxcd<@jcLVk2IlZ%d#7d>sl-#$L1p5se#i zwPG*7Q3uT$0#w?*>qHpIC>Ft^>;u=e1joP&&5;_b7WJW@;d?Ua?lx2i5&6M^YB8bG zF6&DPz3f}D9elUl&*|X%^$FjKC`X?wRpNEu&Z#bI1~$FvbSdmZ(vMv&C+zm>J?)rKn!iq;!{=^3)`g!Kzl}V4zP)iIra1kh z9JXeHfR2hIX;bIqa#h6jpt-e%UkaCxaEgYlz?hBA+9MO@_zpqVAF7Dkn&^h;JgN&I zBn?xi1YJH&yr>tcM1W3e+B3Q4pG?2fsxZ02K0y}zF+XK`sXeMya}cnn2n2dDwl!WP z*?sJ-G!@^(YNiW6&n=sAf*`^wgNXgsW>^nj3z$Y^yZzk-&Xx!UEKzlZiVFocX~X2? zas{H?m<{q7;%T|GA>Y*Cq3U~@Eo^Kum#%ClQN*V-loV(SaQXK0k>9-$lBeN=V@KOI@dR+gq8{)@^*;VK-%7;y`K--WTHj9$Nop)rR_Q zmDIwOp1wXqM?p>GcEk}Hr|W*}M0`7=C=G)PW(xHJ8kvJCfRBsvl^$8Ms9XL#&^?xw zN027x!MJ9V+A-w0W`DPcT<~6Y@>Y@sI2~0nIT(_S=v2 zBLk_SQ5Ku0#wOA(V{iNWOhi(+!+#`(!A?~1c5AQKz3fWUT|sJw+;#$8C$IHAgoq_+I=!=?&!|DZ&!p$)GVl!Xsa zW>v4{P3iQ;m>oZFGm*q@1KSCtKh;`s+?{iYhVKIh<}0E`Di941(38gy;SYG1u! z4k3+pHB#jp{O^LxzL$s~D1+nA?aq%Um0eRdAUvBQ^^`LpHPGJ?UbBfZUwr-q4xxiu zGMBLSr4z1_i``fkUKjaq4iX;jgN@|Vj+vULkEF2Yby=!0F*bMK{#ZNhZ@E0 z+OhRuAB}pE&!&$58e07N;I#v&21H^HDaB9%&{V-l+yv_s0fi8o2z)njB1+e>(;itM@{M1j;6Jt!dboN0GIo@gkje(3ePT^(${(p$P_92@UN@Adh zoe&As@~~Cc-1Sv^j*qut??ndNAG25rr%T@Dw(t=wm*{Yfxac`2KVb{^k+3L=G-an; zP5&miC>G&e(J#Rm#WNCY3Hvf^kr5XM6mA6J?TPB-w(s@@-@UQzyH9NU?sOd6ojW1K z33NEduNUJy2eVG#RImA~YQRF}bIZyr)|5;ry9MLx_&HPG)mg2+TnlpOQL4}Ph3J=l zmEOFJzisty3dT&uNLLXL>Khaeivxg7=Jrv%cjJ zp!K=c#^nc)^Zx;De343yJv@J4ld1;{71COV>nDDPjn%ZiClvEjtE2B#IGG5BR*Di~ zJF=)Vk&g$hGH_~#z3)-}g>Z8uEz z+jDNn17hLnva99D%_r)*U@qq@|24s3N<^ge9m%AEGBB}pcw%#MwLp=Ce?u~pJ|AJmxi6#^Qg0VXdS zdty8WPpP4M$wdzArKO{55Ha=PwlVQ)lH}u{BIR&grk+aCzH!$Z{0j()=*2ny+neW~ zc>o57TjW>1{5kIqy=)+{V7g{n^veVR&Z86#-27K>49md7#)DWziIb7{WqIdVnjO}` z-&=n@-AjX60{`6pugTUShk{zVH2e(mz)na((x9-WG1C~c>^5`$Ouc?6}3^o7iZB}o}#pE8?kEAJEZ31_BN?TBeu%d1W>7d`D&)>IWD!r#1VIx~2 z%!RSTSXK#8IhwH+fcmqhZn-BIQ{xPvVxgY5q3jeR2TUniG+(?nO|)`@66#0Zwcqh{ z9V}uxcQXToAEBj4BJq{|WKCP-@H6P=&+W!?%uM%VTwa?e+6*M$D_>ZWc(@!H6USru z%sb-e=<>4JRi}LKzg?rNp=*ro+V%DIhg&>8wplq12U1@(FyQeCmA=f92C3}EPo<4q zmda%l{fc$&kMjzH@8f66wKiwg$xgoU-Kc0?+wff(TbmhvL>6$VBxpm?+{g9o=u|*) zq#OB>VH<#4mswk{94u$jpwVd2TrJpa>I{w=diWTRxc^Hki|Qzh0T)Nper0R57e-f* z-lsuOShFzyD-4It0aWN?8H1WvuLsU)B@LI54bMv%ibek;@Bx{ergn|3a@ZJZ^zCK& z=#3l~1bWNI%TY$_c4l|F->O}(n%gXOT{X3Nc50$M`0JMQr|)l^Hb2wN^o@n`T)W-n zG1_r+lsQ+oe_%B|DmGSSCPyhQZes3wC+=0eLx)^~!P9~{A&Xz~VlNuPoq!?Nk4>^P z^)eQBoi2AjXb>oza?9N6%X9xtnxN1)cd7?Vv&F-R1DtiscdR8Jz&KD zAl~Vt@vJ{HbJM3dm~5oJC~DxtbT2U1N2u{S$~{CnhDw9R22 z5~y#J3UvaYF4!*d>M?!`A%tZ3T{AIM9QiMtd3}CBTSZB8h<{^|-EjNj%=iJRvh`!^ zy}DWxH&^PrUBA6krs2NYX-_%no8a+>hvO|ptU+3Xk6g6ksXkNIR^0cSG6mxUf-12u ziHs#WvprN`tnK-_#g&sf#s_7_MhwvaPR3;<%>S@?y~|UhX4fk z-=~2s_zy2Gb;PT_JrRIPIG|Q=swzA!=l}N-2vl!%z`s+bdkuA1W`F(qdaizsg9g-{ z4p0LFx$p>Af;z!XNa>4aslEf=3ArG%X#f{YkF(H=dl=;zM zH#Lv;metVWOC0U|&P_JCb=i>)D9K_P=5i2`Q-bGWQK?5Kx>2e;ZOLhrmWd7s&N}$&J zk~DxfEmO@g?rx=^T7RL<>oLDU=~B+!sTSrw;9*%6#&1|0Bhv3>y5-SsA4l07$GJ~K zRFk=4OWI?s%Tlg}r6WC(&ud9+BV(GOhFDzpX0kkgf*#(X+_*+k_m$?Hwp}FB$LYu5FXthh$4x*=<>tiFnp$w;Z65S+dN+$&T9qALb!5pN99>CE zN)0$^Gq>`mphcmqdqcKQFv)LF?JH5nfbU|okyVc_N9mq_KA(<}ao#cMEkdcX*%Pt<5=?O12h6U5O`W8!>%~x9~9mZM{ z`6V->K?=d>>K`HYLcCqUi*46yk~1!X3TTptLIIvwWC9$4L=6GCVdvnphHh5 zH)d_7+z%~W2V&2| zn9@jS#e|(l7ABXbKmk5CQT>7mk(?$!z!>6#q?taz${2ofGCViqzd>pwEUM5v6`i#e z#oHiuid0kysUXzmTC>?9DIAFMjqD03u*Q($#xJxMpxj|TgYQs6MH*XH7wijA^&~@6%}szNK$x zzH9m^lJS{%PK(VoX!uj5E~OtvTlWbU3dFDZJ_gmm%A87x@51T2y5^1m8zw=or7_<5 zSV7A5nXwcV%*ejw2|u4a*^!L2m^zN-zBC!H&V7`RiYTXq^!5vo9XfP3rgQPPIeJ({ zaIETl-rB9J*Yu9(Z(iECh#^tqr}A_fkk<6kebvEO=VAZ*i@_6R^#~aN*|)%OZvycB ze_)4M%1TQZyHA?<_Up5^>Q3d$zv0d0%k5^HA1hDEFNBGC zfX<4C(KoWs+CzrtQ~{>bK@!LxOM((c@jIrwK0drWyS6dcV(1XAYwCUWcP$AS+C;+l z?qjT|<_vw;^6!@mZ^-G-g@u^|^iW zC*CL_YgrFi-<-%5e%9eO$W`RP-zTY@pZ(UzV&pz$!}3`;gK8I)dJpD)1qsOylX&hQR7`ODXlM7C=x>?^n+d$*>M+ z+-Q3K;9Rk7|4Db%c!BQ1fi+(WTAXcbQFeLhrZKl5Z)CrcYkL5Q&?<}FvQ-n$NKZ~! z3Yze3kdRZ9PWP&^&bPAoww2j6`z}!Hi~IS0cfY9{WOH44if8GPpU%b_W~{d`v+}@{ z^K6%8L$1tLyYabiGX-C$*J&_TCNBPT0Mqj5Na0mC5bPE-Xwf^=*YVcwlAI|FzT*3?Z8Tm2s=+ik;;fReemzKyOxg{(9bD4)l%sqtCXmy=g;(Qt_g@ zv3t7}SSQrYHCE@y%Olt=^_CcsZ&|ZdT$#m@;~^Pv1wUIRhObS(>s$E$D0}OGs={wu zR8a&00Rt2zm5`Q}MiG!!8fhtMq#IEY6{NeR8>AZyq(P;mQMv`B>&*pw`#a~p`|dmU zKXbG8x8^rv%rVEjhunnPWU!G}=dQK9Vy*2SwLgq=go!3qANS?z^l<5AkNqsNrlFmE zf*qm-vr!ktv{7r(pN^U~4Ma#_jpAG3`<`c*KWmIc;jxz&Hyj$OHM})-+-Jr1`J8w> z#VH09T+*GWbK6)6j4r=S1x1Bh(k*(%P!mhc)y<4TlgIMlpuo`;ng5W8Q$x=L-If^J z`l4+UW*l1k-W$_)!jrzvXE+unFnME)=+L*u46aov3x%(QZrxG-=OTt{GRh?9F{;cI zl2H29DpBo-K*T?6<(Xf5~n?m|{_{9L0~?#WgU!(-Kg-t@8W#Z)y%fEjhB= zA_;>46qgANQMPLo2eR91xr`0QD`+%{;+zI*m<(y^4~h{i%knZO0siYwu#(_xI|fl^6R#) z&j=12lzc-Niv}QAL)=3d=nPf74OH_xd-ALr3;}{$iSt#DRT{{@gFcMaMA%=Ox}g{` zADJ6E#bY8<_CU|PS`Ag$y&WV}rS6~|A2RKWN}S7dH{?$BNjx{`8dQ24u= z4tT9~voAR3GyIX`BLMte0s&}XFc;)S`q}bAG)Hg3P_qia2q0<_$I*&L$pHK2v@ZNY zF(BVkco^tcqL`AR-JY+_y=AH)ykQp+ej)vnQ$Dn;@+%8O(|QFJaH&lbP>HZr*ZP9f z*00r1F;=s`K96Vx;9b=riO<<~*ZbOZhz{+a($r5_)#bu^R!>B^z|$B5pTn^(5{{UBQx+WBiR{J%Ee zjz4?@VeV5v01N?ujO;f-#5DyBGMjh+C)>f#*tdPLRG`1#yKvgpkr#Du7n%~iPtzQ*LC{y4ja&LO`UpSC|R4Lcw0Rd%) z@eir|nIVM>kLQ}rAXqZ807a%)9jWMPwX$j7fAOM=r7R+TRkyU4-6Fb2cV zYg+g2ov-?dtNWe-n_**wQRUJ?jgG5C1Iz0gE%zQ*W>uger_jY16jd#^nR71$i*QQ^ z3r;##N477;+8Wh%zM-hubDp|jTXvZtA*fR@p>!p#0kFG;Q zgCRffrr+XqZXszb5?8C5l3DQzk3S!1T7UGBu$xB?xlL;Y_k2j^wKu#2OEI6uUdplz zwer{sqRzBvBDh)`vCZ_*-rsHQ1wpDt06F_o(~XHpHhtyBmJd@LWPW?U2CXK47j^p2 z_>n{h)E>OKNZX`OAoQdZi-2sn(lH`F#>%q8V(#1Ut!0-#C;Ro%$pu&uB285+0NQ;AOG3m*i|&6)O`8?>4#Dzun$o2s{ATageF{zusJvdz1g#lmye zTX^Lk0TdzX)u!F7(ag*HQDn-Os1tl^!p~_*y)<-6P?Kk^fOnh?sJ}h(B zE`^DB$qI?AteRYF9%IexuJbPdAD6NQjeR@uhw9$RNC&pEnhC8h!Gwq;JQvfGLOn>q zLwFEaAbk6X0vH3Mu>oSIqBLkX!)$_J; ziz_^@R#c*8y{wiz?qbgPi|KR@v$fkMi;c)M=?cIBz?DsAP;sK<__G~lO82ToeENf- zvr;JD-9#8tPutGE7_7IoWYubHF991L>0gX1y@Qtj~g1U%+4;25mU zor+?GNQpZeNHVP0f^KKN2C*O`8S~Zqqn5#8p*Pq1!drbARlYi$@34ujr}CkAU#cuW zG*js?Vy`MGB^3@c<`2SIwdQWW=+*xAVVJ-5PMmG3iq=+A$-5WcJBXZ~5?x^bfIL;7 zXrcw2W@#>~>c7rT@8y{U?)!4HPFc>oR3(Pn?4?Z8ROqkdi|a=b#O$-#$zBv&A3jN( zPuwL+>4NypMu(uRl3ARz09gJaz!I;2?6+g^izkr(X zeFSiE-*#}}Hu-Nxbtbb>VV&x;Ug6rG!p13}2=Qld+N_-m+!i2X*V@K=$+|P_ogf(j z?1qUkRgDCK`7+lk^OBLIH|pkpz7O-YQfb+w%C*k}<>H|-9T-ec_+&`C8vH=9uau{M z16IM2w>N~=0M)!nNYWIW4UO0srJIZ_*6;D9(Ksd}4&0hX$U+QD?l;CRomXULWDI$Z zaj@U;c3oc%+x&jL^U*@V{u|2SmwTGk<<($=t=MWf`25K1`i;0i(7nQPu-WMSR2SKbALns(wf; zRjDF?rBP#rdwtOG>SO_nbCOu+Ao%F&Lh+Vt(;>N@0%#ct;QTB7%+Z(o0As)F3>cAO z+g-Cr3sAtF+ReeX2;D8Fj;o3o2HI#r_+UP8mvbi5CRn6d&riE;{dZ6bv+!ila7 zbLsfcL>o^z;scL&?$Y@tO}n)FTI0DR^QP_!6(>70EI+{{>Jwy?D_6YP`(KKf0ar!5 z;R||7wIHzmG}zwE4s$Ea2)zGvi|91>Lj*s%CO>n1a9t)00~TI%L40lxE(^r9$-714 zTJjrnyLjh?EE7dK>Y-0yTqAyhZ4k~9#I@E5V~UfXZ9Eh5f@5N-DK1B}a=<5(&|LdW z_~b*q9)q8A3Xb92cy$uP3Kqt@ygM-I51XKvJ=$)c^eP7$g&(6Z5BiE+Mraj!-_=nH zjog>92@K@Qt-O^o&L#gW9GVg{+`+zyv?i@?zb`T$<&aeg?QSLs0EuR!&WZNPPqB>c zFE$@d;;z2&5up|KM!BtT4xl#I9X_dnM+7x~9$?8_e`|oh4E_6rOR7y>$m4R6o;v^J zef>w%s#X2&(#f52;6uz~8*npT0VNMn`=%UIJA6oA3=K|TECPAEXgH(dJSx?u)J2>T z<^P8>s@Aq|8oFcOqzU;^ydKcy1rfn9SZ8JzK%0zuNxF*QD!$S>ZE|a+N=pU10cBqv zRurELDk6M+cdWjn!bWqm!)QVbMgpWMi`2O=qS`O8oj55CU7}(o-bnNSez^$b{J3x1 zE*zVyH3DG!5QR=sK43+9PUjjOgBE$D!@}T7;bp@ng#j4=XxabfE7!tUcWvhjwB`hM zF|f7Tem;S)#~Ef50=ND zGyp2lKP!R@8{&U6YF#&*PPj4h<>f|s?&30=Yc|Ud4rcY*o4J7!;f013i?}TqOpLd# zvuemK_4l+bOA$3OLF6+B8DMVdFMtdpnrjM^y6mVsIELYM(&WYDguh~&6h%(-jn<+F z&WgFh$9yssV^4Ka%$1*a!GM`tzEGck@&PGY`yeUk0Pp??lRaIXC9ofg*L*H9m!ef7 zAoG+pV2+cVUl-F*6B?CHTGKPl}0Su4DO*Z*s|hMNG5@XS?lT_ktvO^ z{1&Wu$Jlkw4_8rVT>$!KZ9iL{W)Bp)Nkb$l11kmvHnbH7#LBT7uIW;)xxh#LpS_i? z2o}KUzMxKUlS}%z_^W5bxF`XHltZSX_?6Avz^sAO%`Nx`hg0ugh@|PawBOaFMqF7> zBk;2{(wZMZtZIi?#UeR8Q8+Z;HqMnl$K_l%XK`83l!*wH4h8&u4?opn9j=#$2D+x2x$P`{-AO`)cXSDDE|T?)qrI{ z(1K09zV24wO_04L047z(z#r^G7=MDf23 z0DD3($dH*QJxoKi%($*Icm&hdRey7J%k8^tcTnc_1e{y*=Vu_eh`6ucGj9Dgs#x@S ze_KPbRMnD9PwKpV%_GZ4XAha|wf5MNJU7viwQ9pR+id8)6NnZ?+s`={(Pg*UE-Gb@ z9Ed2MGl3*1Kd?krG~uTWg;p*^QwZen`u^{u>5zyK)KfybxgtiOk)!>PqRB0N?p&0P z7-dKT`qZBAd;JkH`d&4C-{OKsxJ0tMR(?mJh0EJLrC&k3hfKaxm%f5T6&^;FU0Y~W zjY~9#6~sbAh+E2d1O_chBo{K)IQi1^dg;QjUf{cf?p&gEe07Eww2kVC-&8W)@f!mfnF;kbZ&^gRE z6$}#Bc*abPCHmSQG_b71WpdtS64LdoJ;<3xK+oUhw)pjLcfH~Y*(YO1;QSU80+=$_ zcq%dA%LT(M&o9xh)~A0nK|#=gIktgz`+Qzr@Qy>~%9uP8P5mz!u$ufx%qg$8=Vn6d zDdf--f}oJ2x03TkYQ`#!F9xkGEh&l5JUu@cVMY;Q$Rb33=k14asXEJ?^qF9NSTK{^ zCfgQ~y=uuG7McGk5*GJOOrwjR0c0f0yxh^MOSv+ITJp|2)x5p&gr6**)UheQ<<$GD zlh{};x3`t^8uqM~_4Uof^7U{P6=Wp!n^hQ!I3$SDm~FoKIB5y^e{LfqdC${OSZ?|o zl6#H=F5NTeZ^h!}W#S4Ko4V);M$}T4U^Z&LJ`dv;D80Z61fa6#r5cQ2-@`_pzCS1~ z^-#q`0rI+#9O5RKmXK^4<0y=o#g_HbNmA5@J`>S6n}d6_Vy4rmb@k?ZilsqWK3W>7 zRGjDSdyDxuJ0D-cz?RnZ%|delij{P&9VB=ye3z!ch`-MoZt_A#M;G}K6eB`uOCcVU z#L*-ZJ|RHN=6##sKeMq%FbXN~y*~I+0;mm(l)4u1&wBF+ibN?@kkpJ-kX`4DdC#2| z0gouB!?$W$kJhUpoK;9x0N_!0{MXgyycNc(981x^8R%EAuEqhK9w`Reg;f40X%5C_Zo9o@MLdp<>|xD-AS{FnBTvDvU~xXEqLf98RHlsXv-%R)XCZx<`hi| z3r2%!*aLaBEY!7!o8B?EZhsW5M@GML6>*Kwi0l%QB>M9eNgeyuScF9+*<-+rorBQx z)*i!Lf6A#S;)TGdxX5ITsIn{W7*TsyQ029V2J#}cwxSj*rETs$Z`07A%Finh?_2+= z`WX@q#j)qP+#!qX922bh@=Gjcq)gpKw1Fh*Rj+|E3)s-7M_`BIFON2R}67j1f3yw22-SgXX#(|Gkh}cLebHwMxl#sXHh|&6fjkejk_a1tBTCKsKh+-a)PQ3v@h&>--bGa`=)hQX-%rM>038d zMLK!aZgXqRk8|vo<{|rEy-BId3YNZ+b-4)5=HErQLZ0Vl2^tpRXTNMxG0sIo(jLHV49iEZk`%z+9%fd2Wli&qAdeHS7UZg_Cbd;-7$6XP1G z9HlLptO4bk-FY1VOU#rTAIiV+!GcXlObBfrLrfP3WsYMEUQN*EPzdb$dzhf8B9r)0 znc$2s%Cmn0Q)Sj9O?y=jd>e4-UXc9~lo&cITZq^<6@T@70H|E2)WXfa>0!&3^@lxf z&dF~@rf3DKV$s*U9oqoXaK*OpN$^U}YH1Fg;X%A43^&tCnGe@lGjV5Tu0S*{epS!q z?%Hf*lDVqWL$c;Uo@Ho+ul|L_H~u{SqU}14-p!Zl=#bL?v3Y+}V0?bvHaWXj$s5hTAzgSat9f zBTg~cu-8E&ieMybwZ$iX;2gViR*izDTv;RG1G&-f!4-o}YZhZ1d@Bw6bzf+!;n!&MFrCHOmuP+ z5W~#%p4*4}$DZytf(gQEBrcgfL&&u8HNqPe{C0Qk!iFZOx2q~uEVpc*GDVD$o+eb2 zAA4;XXJ{9p30huAHZy3w+5a}{5qP0}Zg&KB1R=jLOjr#W?DYjO#dVw?&2LwQSb`vNeSJz`)#;5WM?vaRUgd5XB z^|JjQKWZ6D64pnLJ!H_j0I~FeynoFBJ8V78?mHr=VR|91qN7x^N6$IR#->khikN^| zi(V%zylir@oEyXca?^dOU=3x*w&E|Rw?EHExVCbS>=)j5*VY=hua+*xg5*)-E4)JS10)h&|*bKYW|aP_w4%?#$&`3pzs<8NTgrzF;2-KI0n zD8e~CppBHawov!!K`94gzm1^35)~gw#WOiAWd3Ro^75~*WFR}JzPLGWJ&>VqmgA*dX2Pj@YLI; z3#hcPUIl!Lg)$2*dL%*$nv?-2F*=R_?S&U>23s2t+hO>4T5Vju9P=3N3Jhc^T7^m! zGoD~FOp4EdZ>{mI@^MhnMYLyfRekQLlTGZk+qPpKZge-D^Za1%JU?qg!-Fj|loNy3 zx@ZtySul`&ppo&^xN)6Kz*O@ouZERR6?6+Gi@IpW^jmFs_Vx|NG}sH2*E&`x6L#kiaaUHUzHs6*0nlHJ@Pf(WrvGKp$&uBk4E0vpMhkHWl5;3;0Ao zlSHHa=D&;W7@heXDcwyxxf$Ab--42`=dEfU^W{3>$`22Bg0`u!51EOIwH(JKOB!@uDh?PXsndq(4 zt=cpcb+~1rl|Zo7?o#R#KzCJ8(`~Xfb&CwB@Zt~oXy{rdH6|qUi!a$$94e_af0kC2 zl8npeV(H`}w0)-`Lv7vKTN(*z`GI#2B&W^rwCTx6uD3p$e z=H^~OpuK0r4fJG?&iTdnv)^R=NpCBgtE$b)6wE5sl5{(U3j4NdqQs*tyv}x&IzCAk zg~y-ojw%RKEcb3v)7-c**N{)27y9UV$GhsnUDCW#CgFx^iY?d^-c4}n)cMyTkV4=7 zXsdztDY^Ca#qVtt8s8Z0Z>o;aGunV>-_Xy|dK-vc8Iwmc?k+rO z$B&{vn`vX_aVxOmzI~Hh5TsOYnn(t9^xv4zH(hZFhXlt8Ue4)UOno}LMaWqVxnn=% zRH}^VXqcC>Pm9!_!{D>2urPYnAM7^hXV*`~SkC1^YBqF0RxA)hzQ~DzTj`LZipe2NK+B#?x1&)YUW@ zghMgQNc-a0_zkA-)wosaTShWe<j;^%_ecv|wIJ(B$x!QMkYR0(c|JJmb?Q_`)*ZA-3X6N&nn=TplUUt!`$*VKk zRr=`cc(xmh>|(bn*`}N0D_55;jbJMRKDJO$Ba*g>>T=RM^M`FV+_x@6E4S|J|!i ze_7Mgqlb zzp8`P)7gDhn5aJImRNtWsFiYUW%;KIhv&*n7)`2*&Ki`)F{_FvGJ{Q)dNcI>vm$Q5 z@Ig<;Od5FOhGPpSXpnbcti{x=2tlZ&?irlg z==g{qrK7|eIL!#q>+*oL=kce+G6k~PrKN0KWvR6(WwPqzb8K%7HVDgWRjzZ%)DaA} zyUEH_oPMxgY$X+pQ?yMjxnE_Pv}BM$oAKFk$1DkFn`TZo9)H2RCjYZ1ZGrJfUmuE1U%y^>Kd z8Bk(R`?8{UIbu}>TPIJLpX{rqqJl|ft&O=FB_J!xsloOQ*8?5}s0z^7kxcUbQ~vuu zWTVcbpzn@n6f0MmE@C=&fd;`cf4_bEHl?888wsuv5q9}KBo&?Aoo@2r*We0_0%6k4 zD2aJoC?T9d&TOL5&+ynE5K?$O@R6y*H>h)peB zoL8JL?#Qjxc+}NO>p$_sx94_Kq1Z6rYV*^%{1?wtxSNDs;B@7|^n2@!+0*^s#C~w* z@#!5zQfY4o?7y5RLtz+v~wPRf89PjS4iMq4& z*;nJK_b%sI)Sla~$kP?L^;4MR=S2>umz9=tlF`Dai8quT$2lwR3X-jhSj^l7!f-{D*V{`;yOVK zwG#JxE$OflK6(THCqkbZV+9gt5(>v9ba9IobwMe$E+7Lkd13k^*yftZiFR#vhCSpr zj#Q@b?6Z0JPUW}9OFjeItWlQQHwlFbS>lqnNh=ZSnJH(E0V;EC2>M*si??6l)myC*R6 z;2~$D6^b4l8#XDTNyL_FKy?iH@>(e6E!6pfJVm8+=fWPA3<#{KQ+I|5e;ohsU3Tu| zcXOZkLZcGm=rc`SZSYSMzP|KLi_N!H;CF79yC828R3rbxA`WOI%PJb-yFiqnFEJzo zL0zaG>;UIerf3q->#+IoX?fWjk~C&~V@Lcm>~&e%)Q4H{C6*|JRgR?#MFw#UfP4n) z1I#rhZsx^*rxLT_OOs#=hMYx51dB~tiLj^_=kUFe=n^SlAG8|bg9SD+{kd>7!;hSM z(d*q;E?nu>%ZQES`aX0}+rn>X*ilHEuArhxm``t`gGyXPDDNUg{;D9Rf|dkjh{WlW zbO^2j=jIQUy@@G@k(`&4yH|N%CZxa9kp4OiO@BrI-}(wrWse0q?+y5_7&N`Z>|I^h zMvoFN$xz{AlxQa?Ihm%W^|tm-#LUQ3+Fm@#OXlSO-MRjbu^}|IO_LR2DuGs7YYZpk zBs&tACyqaz2_-Id9lJOSNtqNkTZ2wHeN;)$vaW4+Q0OKJO77 z3gh+-D1}#P0}jWj99b!Do3rlJp!oa4&`=a1h9#61vtP4{j8O0Qbvm4c)0{0zaE$P^ z7-A~HfCs%|Zq?VDAU(}=G(??w!*(KZ_&FJSBc%QBfPd|1SF3ZOM`yIxjb1)N*t7!c z`Pu*Ixv>L&pXt)NY6GO?%q(}6LhXaDz4s~N5*Mvz+4vF%x<7biaB>=*iZHQz^XHFg zHMM=>Q&9;;=dbIhDi8j2kGs&#JTRD{BqhnmDO+^6-65xss){qPyr2d~+vVq4?{0{v2MKZ2h>>>ED2>a^TMl zp*wP#h@eH!r11)>CQ;CB5#qJ6uG9VchPl;3{Vwf0kq`uz%sV7tl+P`JIcHA(UnH0it0Z>~THo&%%Jj?C8hb1C?2K!F zdd4dDCB|s#sm6g|aBSf9QE0t~oMs=_zDA3J&qLr_@l{mjz;?+YgkLEj3)Hl$Y=GH~ zhkT6AMWSI=n4UJuZHy^-!2*v4bM>&Q>gLpNqRY3#p4p>sLHp^ng>0aY#=*g>aHsi- z6d?yM2LR<~;9R8-Ro!JUg9c?a;AA0_KG9YaZ&rPxnF-P7cfv~z^RAbSP6GqIUhAqF z2`>WRqW4a`p(G3g6Ud0Xg4QgF@>>U@CFKvT`2$E4 zRqzZ(viJlNR-zginqmGzR9^j6Z z?&%Tq?|tDx)w&@B%p;9-USJ~%RM(15z1#(rCH-93KRDePR{WB4+i}qm-Y6`0IK1%* z@3=TB$QSvl3k;v$-M4i%VVCN7frH~N-Q0%!Ekwx>tdl2Q5elMeO(ZkQ=l#^twf50t zXECc*Z>k{zT{cfKbXTndA#=t%$$NG8(nzT|l)d)8OhhE9r}uu1O^pfzACZ(>1ATOX zB%wfFkf>~hQPS8jVF^BJyTAm~+6al(Wyf#HUlh<+*%X81MLN95`+)8+;;kW+t;Y~Y zNN$j(QxVd^Av}FPjqcx$A?&a`W3>(j0f4?sX@kLU?3ai)a9;gm&TFF^ zuAW2$+JiuSfUtT{HHGDzvnNFUPa+aQy+IfZ=6L!GtJ@PR5Rd}wItcpyVtcjXj(JCc z%_N=V>9x~@Xpju`(24Gtui&NY!%H6lX=>srVoqMK!ry75R-^qkJZP^Y@=}Br-r_Ot z8u}}4;k((g3_gB$#@JO0+In zEN5B^qdw6(2;A6ZqL|d{&z>=!zK#)v3uGQJ8zOJxAe3?$+f&rPEy%17grq}c>NJNd zMie*m^{!*OQ@tTZ`cljdti^Z}75D2v9anJ=pEp2iK>3mE5K`WoSDFw3E*eNbMnWAU zQs~lJJ4=L{ZWzL7!79OJvtyS`IRf`^T zsX|XOMEs`;y-o=2m*xDBw?FQZ9@{0DpENRtd5;7j+*}rfY$XYt1SQbpgb_QHN7*}>NW3ZSsuo&>d+VK{_NtUC1Nx=DtgjTAGKI?pa1u?{Cu*=qub&WBzFIa$p^oLqbHaohkp61I9GkLYpNsn% zwc1PzW96VgYkuUeE0#nuVthYxC6;P*yhhd%H>|TDGi!RR5k4B|>0>}^(9BvQ+$;)A zreseg67&!&GtqsD96kffT#)1iw%IjEoaY*ykTXDbROPCipF*c8N6&*=dw1(H>KnX< zg;_?NQhs;pJ&?e$1i8QHb141DAJLmJx;@R8+6tfKnSeC#x>sBIW$&}covtx7Jrk@6 zCC;dh5@$UA*2M@}2>0U^H1hcr-ZRPOgWo4cTPhK*Hq5 z!U_uoB^GpXiv7gP?_;|3T<`98s*pxxrpp>xJLq#M*bvojJ2C{37;J!@tyDF_^PkvJ z0Q7Ou<=;oJ;l%Q>OW+SMcg4E@9>!Fdmkvc>PE|$*hTu=1K3!R^H^HVPBsggdV@Dtx z)0zv2L1pzI!a&&0-8h`^D&$?s;N3)DnFwrvH}jygCLc0q5Wy6Cgeu?@HT7>iX&$nV zRoBw}cxj!-GdT>E#wa~AMA;R}WUmol`Jor-*M8ON%#em8Wr#7_5OY`w$(u;iF`~4A zDa3k};~pgr;sFpcW@C?IQ|wNYl)9o3$gGw)mr136G2af@yj)TDH}9s@7j&mXgp%6} zhBcrBsRd3MLcs*borBa|d?mWH|J4?C1-+BtHm5(n{+XR>5_xfLL5LN1fH|+MbZG<9mpbM zH-q*fkmO63#@l*O&q=9Cd8r9+2FCbhFUnsKI{IQr4Qety$F|vf;l7MaXiCahUH8_$ z$IA92W8=`!OY1%+J?F7cr{v|?A6Q%2*c4JzQ%BCvna!D5%>_lK^d?- zLsR82&roF489W=3E?tsd`JMND#T>6`S8t@5(nWpHpFcLeZ*MVNk$5wQ#G6tk);9I; zGjkrEaY~`YrN6Z*&|008gjMyKP^jDi7B5*K$N7Q`4yE;FQrw9CZJ za&19}y$1}NVZ$ch8=sq?v&xI7+0V#_bmvNd=sTTK2p96huk#L)F-KMTaa{7kRO}wT ziuJ)1Y05Z_-K~F$!S~wvfM&Y+r{Y)c99f?;Ixb5z6)STwkF}S3-AltI65Q_<78PB~ z`(U@Cz`Ht@oP^Jx=V?o}wAYv2*~0B!X0nx$Rw<58;+%0Qm-($p9(-KuLX6?)!`-(Y zWPEwGe@&go!+2uOJs5EsJZJM~=7r(hR_5w@#3*O1ut6sk`@DY)H62g-uNq;GLq*!y zTX(XuvK~h>(*3&yE08^susScHJE0$toKE$1Uj(Ik|L}DdRV5{AZ|^;?V6}I=1YS-^ z37%QT*f$tHufLPbXsB#5ZzuIL^!H0Ebr1WI_F&+r)%6{~kX-vnXsZosvEUK0%kK{G zciV5SsOE+R^Q8Zv3YkW3S^-kp#as@YZDdNU;;G%8Eyzf>-InT)oiu+PQJVtV6|G^aL5#%jL%oupJ?n$ z{7Dz(fkhJEVO~EK<<&e8ppGQq{(qowLhQ4w3%u8{K&4|mAqDCgS0mNti+sUWLanBaNCN%t7U|r zAD(UQ!_ONLC1$HZ<=Za$z0{#m(U2>2Lu}sduK~nP2(P!~nJj#gg+X>_{8|F7A#nRU0acxrS?i7o7z)Ff`*VG)2>p(Ekz_ z%vU%rNobV^BMZsj?>fDuYvjckc6Eqw6!I9fizO`>uYc_w=h4f_Yw^`&s%9Yi5lP`Z z`9o$+NAJC*KCAYh>E!NGOXbeP__UdsnX5gWI^3EPK3w)sIHJc_rpZHwcNS?=X;KS2 z1KqF5N#4I7=sn7EYgk}?<@+v0tFv+J<#rmwEuqhb9j6?lKI|^rKg&_CN&8jJzZ}DS zL)`y~+97$>Ig3l=T$=}S!~7hIEJD+dqYgJ*jrOp7M|d>qM?Jb0SO1Q8a%yr^+opNg zq8#2mF4Z&t@oEr$NS1NXtr)^5nNS*rzhxso>56@uHINrZx_mHU?-vZJ2MSe@crp)P6ADyKyvj)?17aFgpB?Ox(#w1NHF zJ!3+PG=u|r)i69IjyI70t901aF2u1reDGJ}GqN*pM@MgGR3B*COGws~l#gI&I@aTn zRgO!R0DaX$sqGi89gE9D#MKoy zinS_6{57ql$@%aF_XsNvdgpJ*39r^C8>|TX-WcI`{w-;<)G!^rY3C?2Ov51%$hS0e zak5OugCk*nz3#BzH8=vy^j)8}i)>!S!oXBo^EB!rJ$pujlmSV2|L9qdD6Qw3NO_-> zjZyq2<0%uVKDdWa8J~J5C0(ayVlw}zOaf`)3bC~v#s??nitRr7hFrGkOTNRYG z{E#^;gD?E6qVP1~)@2?2VelPNI+n6=BnKCgZ zc@9oT{qJYvDf^Q2M}K=^O7Wm&esXeJ$0XcjFLcFb1Ct{)FHi2wB4@eYp08C6rTfmA zGKRxhp9F(GkE)hJnpT6q2R=NmvVtN$y!IJvZdI!fvHXKIriUJP=xjCL?OIWwa9yWh z2@4Br*XHSNUiDXZY*GvmwD?L#L(`nJEX<)1Hg6eApGp69;^mF6P0NSdg1@8RFZLbo zjmz^c6^yqVcNxn?D5lGsbSwYO+g%Q>**w=FpYOWH%oCyGaUdqgw=rQf-Hd|T!Oi0! zh4WzQEn~4{lkI(bg@;m!A92zv(d!HDiOI)`yeLz9(_{Kb2>OU_Gm+c7QLnprDrj?Xmmng-&ls4t{8`BH0ZanGgY)bELq^ z-nh|zI;rQ|y}ji_v+|VM&OTvJ!znhCA?od4RTS;UNd9+k1@NuIj43X3bjRVsaX62{Bg4tKuP z@SI8Fmz(Pd`8Am6Q>ihxxj|B$KV#8Xx4(YvVxS*4h~{|ysr6}Uc^+od^G>xnsF74J zja`2gZ+owZbs{ccG<-?0iU+>Z)8R>*zbg_kyo+Vi8Lv*vjCTssR;>@p#(Pd-M%gbi zaU^tlsu_^}75rP17AvIw*I@+!j064pe_0VGhUkwCm`YJ>BY~RsL?fynNccJiAWGXD zD2@G@TgO#!E&ZVT17k9>?dLQZ3q_~Sf$G;~0G$;v* zOB7bWD*bm4J7MmaW3a?d>%tZBIqZ4zO^>=PqS}uW83sk8XohKI~Qa5{RWUbelP6e>X-4;Em2-w`- z$+2FPoBj3}?2eiC-z?{AVDh!yzWi+P#7TeZF^)Fgp42#`8O-WGQ<~WmfI;=U;5Fk#WTE z-?i-_V;OZiv~O-}iNuD+BK1(gbgXfOz^K26S zVTT7Bqpvi)F`_Czr{TZz7hxO-rw2l6};s@Ki6ufhZ$uTjs3I9?_ zV1oaEar3q$(KMR3AF0vhC<7ewLpC<-lY?iGSbs}ejy&E1=jp~p@517yYnw?g9h<6| zmicCbf65-@?J6!YycabZ^8Ji5b8FbwCWCc3A{7+m8R1AP3m5XV?ErI0@c5f~_Ws;> z?={O1;{>W;Zc8r(W9U2Tf;%{vO^Sq17GWJ=v$4a>C$a%b?!b-%J|RV(2OQ$9nu84VX#4`f}vR;(*d0#ok$73Aro6vbV- zu&laWOQm*u(o7OOc#n5>JNNv~?Wu42lb)Ujoz=bXvk}>+}tp&IkX@^ zf^H;WtKHEBe@6St*iLcsnfJYKPj0YPnX zjnTW9(6PMmho{mJVMPb)Zuy=%S%o_j_#Xe-+&8@$wY|>AMY#?$*!JJMe|`1hKl9nU zos2+WZ`^>KUVZw6Tyl+SC{Snvc{V5iD5Yh>86n3Y39J}O~ z$#3w=KVrIuT4S^S(ZS9*EAK|Zcyvt~`JdweRil?P^4M+QOV_p91gE*vyz_fSZJWDz zBdSu;((UsBwObEt)@*K6dc2auv0uY;&p(yq<0qh`LY!k>zLY-dc0G>IJ~*n&sO5RU zi^1Ig#37U*HX9nFR?`_P-nW^k*Wzd&)So84A1C~9(oC>znh~9NHJE2LR{d-4+GMI{P4}OD;+oPxP*Wau z6V~nekZasOJ2l6AW zOz0OEw5#6g#r=_PMX^0z=h?L4lb}07UfK7cVl&89hOXn(D~g+DD*129Rh?cddRjL- zN3>K~VV3dq`7GsR@|(|%Z+&lUrKme3>Cq(l*HZg}3^P|V*6*XfWnwCPOAUsvPNx^B z5Fq^5ev!f6>m89P#cYG-Xn?`412`>h3k>askvc<%S=pxv*ZyUl(>Mlr0|vAy~+Nq4gaYuWk1QjD#q((OzbUg?q7iT=QsQ+}w8#TlFaA|&Ck;67i9V_;H= zSm9`Va#Cd)`K6I|oBV^%sfC4wzlH{SP5pqYpn|$CJXQ37PHwng(Q(Us4%=HIf?10tS>m1L zm8AUjxvKo8@S0N2!6aD1!;5l-Cr(x&>56n}BpnJTdx@awObD6|V5S5l=r7^?V9K%L zC$zz(ZSsRGB?S$h4hyqaO^6!{Dd*t8`5=iq6BQwj!5M)Dh1DI{FwOjs=%_dN1zD-- zz~51v{|sNN777fbYb)TWCJXk(V;<-`$dx+lP$(-av*(Ozzay>~#vg2Eb{uBnpzS0i z6Tl^ z2!bxru$BVF=7@cQz`?iisdeuNotqFHzE*oodaF)UGWOa}<7tg$UCRsAau^i*nsAHi zdQ*Rev~g73nAXM0?l=azj86OXZ;OsYa^&tC55cc;4~EXeXzKe$_kB;DHzP}0j&0p> z95H;K_ygjd+9Zu)wd?SmOnKa8uJTBFY%NLb3JJ9RQvmv31vLO&U6gLZAOr#{6zHFU z!1@^aGWG z0W6P+-&X}Az5TYVoUqxW5Mq~W%ZmOKtaW>P(qE?eGPc@Tbz(LdS{Mzs>T7NY^=bIb zGk>wi{*bAU;6-0Ejk$Mbg3>9%4_@rVZ2Bxz`gHepi~D`Q)7jS6Mw_3>Z?wd3kaAWj z&(m!)W?)Ivo1UU_lj`CWp72t&RjJ<<-lS%;Ig#0iSY*t;hwA1+!n@C-*gaaD)T@kg z{jQcCo=Hfk-V<=P`sH?U$b8Oex4mq#aE*0(`yU&@9MQy3nSA^&T|w;b3SxH>SnQpy zX%7zQiyu+0L7!#;qQ+r{2rU_V+_pYiORM0O$k!7h= z&-NSk=UDuI2>Z*ZD%YrO7~UdCC>ThIgd(7%v^0u}G?LPaq?EKYsDMZc5{pJc8tD!} zVbMxABHhx`-@KINeLv6lj`#hs$B+RVu63RBoN>%!9+N#mP)5gkiasRregCJ(!9k6( zAJ7bdTAGqo!G{t_Lgq%3Duh;l5p!+_R!{~=N=m-FC+fnmYdZVwL`Tr*(F5)6I)?AI zKUR}{8Pfx!n5TXnoaLk9?E_i86`ldT7S>C3aZdirwT>HC8Xw5o$%gjz+-@%{C^)O7pP zR@syBa=q@B+@61!o^e~TKNTJK&|1HREdr^*_qGCP86Q@`B1Kb91F;XB1oFf4Ln5MYas> z;SV?(Y5&{MtYCZRh~X61WA~ob-^FSQ8AzA@!sLe#M}ytntsc#(2iE^7$UxSH5yqU^ zVIb?s2!w>l06&$7$voAPyB5r4qvJtjEytz?Fd3YBI6$>Z$xQrl1>=9&0MS4du~EX| z2g=YtUx*!p+_9z}1M|N*^etqphHIfYZiD8_aEzGYaAw`{?|c3~eN>MMY->23GY~p5XR|OX5&!(z52XD`_0K6n?eZzy z9q6ezlf0kO9(&?1vb0x&`9F%e-0^8GC3!_j2h}7HRH%p9l~Nax@oA8=QB#KjE&x57 zAnvVFOe-Ge{-2O-Y(kfiq`v?gFy_!Gt;?F>f|=96(fMB=_XE=5t0JMpBng+0?&CvT zL*V9}hQt_Z4Y~A{V8`(SueClVOVjA0-%jJOB@|tDhgW*^PIw<{n5J}&>1xp}jC$j_ zH^3-2EL8MI-u>bgc$w68df~?p^~aup&I^njpi7}D^1t8xlRL8dcVL$>AAe}tPjLv~ zgMYl(40-~N&s=HOuR?K%=y0vuutl_mmb`yiZeT6lRP=w%(zyP(D7j!0j4iarKaJr6 zWJo7Z7Tr(`GxIh1tBT=Cj`Vu*8o`fZZWwq}0>q`b#R7f1pTC7FkwPjSZ zG*tcRw1(4v3~c2ksRDHH=+iUWt`aSa8`TX}^3==-z6=NI2`XJUoCk3iZn(z6)WIto zWQ7hi3!snBaTC)a__m@^~k zjAw=6+e6%N5w^p=XFE>~%!mDms|_5*5dl@J+|$R2Ozj-j+(|%wt8smGftmr*tX(Z_ zyMQj?z~O2u=!gHK+#(;J; zwA9pSA@&*0fvaT^h>}S3T<`$V?(p%z<~Bj{*;^_wxqc0{PD*%$(Rp~(gHspCN?`fN zxkNGr4HdAFOlxb7V@v!WC670+5P%zw2ZrUa(_{JjF)`A~u+=GN zEju{+Ek1N}Z(+K*xCnf&3)7L;aM{D5L(d$dbU{py`*tKpd(+^_C>xY|dID zJK*cTC;5MwX`2I}1dY7?{YF8IU4yWu9vI$^3s3E8ylzzxR|xeq}aHj}`P> zFFS{|boJA$PscSnI&o_E-}q$9Ak3&3e$j1u!uZSF9Rxm|mGx>s(H4nxVo#C&WTeec2d*g$c;@(os z4PexBgh$kT(s0w%p*-97#@QQMnfC4XIt3jm!46yb25 zUmjL00EWwRUwA*T>CZp__#3HDrJC*>2cB96q&QQ&o{F()gbCwFju7Z?nL7haWkFe6xgnIW{`dcwF8wnBNgr$ypm*~$;&Mpf<`rXIjSzzf4*#O#Ey3WE z*zcj3SyxpLt;l%iH>S%-lH&E^Ut1*nT%-VivivT!;-g`16qiA?+#212W732G;e;5C>fD0 zI~Fj+E7hS*I=TkL8+gY3nPs8KO}>{26_%=lUj{a$bCGj zkfnXYum<@onn$Hn5jI-pnbF!50eoqg`_XFv!&=J5?gT0jXf?HfNGI_?{;+D#QzX|E zdkXCunHp?T8IzE--U$+UUtAGrGb4K(Pha%BaeN&-GO@kw`!&HaHf1?l-~h!-#f9{5 z2i!vzUg%)qa~VocLxih5?9h0If1(ydzL+3Li2`@AqqSPBSaOcp)YWvd{HL^|*uRb) zFQjqZ}7mzhA54oyWoKv4Q7?8!^3kg*d%}<`w!}IdG0)eqV=?&~zQ!x>!_) z(?LWB>qHIu6zm;W?v=7rx4WqJ6b}-?B6yr)(&^pf-{c{N@T}tSj&H`NKM3w3m;}yW zlQ6jWm#{bz-r#cndC?zBwSN#%K-A22uWFtil2Q}d;nSD@(zb=#TSXum4XgIs6Qf~fE3!%CZ9jtq{qfMe2f>;^-QGlZoyY)jE-*4 zE>-EB%z4IrqNYZUNoruNz?Hdv5g>FfX&L4-vRl= zQcAztwZ4nGi>)6q!|4BKGtZdEQ-N0L8m*^1BcJ0)RI^4pTc$;kv-K6QQEl*#i}o=X z$AtIg>Zgw|U!hBbj)APx6e3R@8lz$MEf8Un^5guB&~IAorq?@l51HRb(_A-c%zw^| z&8v>oyyFl@29TySP$Z#)G883dm+_2js?!jre$vRFGkK zm;q|#8ttpfS9R06eAG_+M?FwA3%;*?|=JE&Vzw!Y~sFh{OcBfU?X=5fb^S? zd;oh2njWzV%Dvx`#a_Cp9k71hPZ7X9)xEIG*B0^V>BzQI@Q&`md6%$+QJtgLn`50L z_~Jf}28X0p2J3lIz9{KmbUa*}vJ<8cm9amNp$EoaG!4)F{?P?%b7sfMeZ^wH5jNn* z4Pk8D6s)bhc!T8_Qy4-U_v8Zt7A8!^wN2sgy7~jBW8i+_9?a?LPG$qOD(k1S3mfX~BTln(B*%#l}uyQt6 z;Md2-%$sp;x#N}IdGkV>s9oM$_qD~`d&U^C=WC+YUp^6c6^&i$+UDr%8S@!c8e>ei zdAWky$mgPBdfJsH>Xmv>bs#mFebtXk-4#qix}@<=alhi}`YcQQ zgL@@Ymv9BArtgIt7sKx=U00fKujV`OU8mJne!n79dipYVQ+R)V<@`+a`h_oQG%)`n zJ`s5y;?txUMBT+W(1LN2b!Pp-8%75f`Gy(3StW}OzZ7O)| zVQ$fOj2t4i1{1IYV_>{Mw?2G|m0lks-BXA(bnH*f*y9z3B0du^p!H!u*fw)>!e|cj zRDD{z1Y=o;QkJi$99}5Pn60yC;wr&NaPkq@&hqI9nDJ?V`OEGosR&qQ7U~Z$2&*_{ z=Fa*0h9q7HrkFpFn>V${_k9@kD+2#q^iSCByO22^hrZB$IVf9}{6ZdF?!C|`M1#k&x+ z+eK;4L+uvF&v#3NTj;94=GXw2p4hMAClUt^hGxH*QbUc66@ot|b{W-^^CZNv^_z72 zKV(i@d2y+-p*$x!(bSuba`E}#-EHMfw_h4hv=zi-)nsQnAN%wusCD1vG3vVA(<+)p zXWAe6MlN^vQtGQL0g2d){@jf#k0v&oYM4!Xa-Z$w<==m{Q9t zp(iHbb3n#Q%8b`_Y$KkAIH^k!bbBjNCJg~7r3ANJdUZ}gJKtNmX=x8&nN4&RDGacH zKpGH-x7vc&iCTE-_$rIv(T$ETyfY$ zeRxEB@MliN@1N{M6{W0;Y<{F^no%;tp{VT`8>3Fi&_WctwaURQq9nShwMwFTCYk2N z-inPGY{7C%^_Qgtg=u;y=i^-MvFI=s-G{F)BcLJlRK=@R0H#eiV0T&h+LXlzS8MM0 zXt;RfJ-bcC-gChjVy~3bGn{ys+WMt&cw6Qv_3dP{@#%S~E3)ceG5PjCzVmALz{Bpc z&Fn!#Qna||J(~@i39Ghoqpa;qqFjvvKGl3nuLIpJZfH@I_st91UM^a&XC}7x^T2n= zcy5?+81uw>*bIxt9^O;VusWsklUAnk0 zgg9##-Yq9K7qjjhNO*D9+{g`gc*`_W#|%NK;JwVX+u*|)(090GG09T^q*6mHI43cO z#EUe)=`NOB`Em2aHV!8plfKT8b>hBhUR5BAXi7y!FpBqf^UD-#_3<*IA+|GQe-Q)h zm}|itbJxNBJitK&{?^g2(}MZ4CBj=5Q3iLk-u1b+Fd3-Z6|tmegr}(Rd^m~H0%XJG z1QojbbF1g5EkzjW3NaU#tOwWHT4poKl1!~xlPOX?yQ_z&8p??mtK?31;K5|j21b~C z@|=WcD%ANYv?Y%8>0${w&C+Q%Ng546*YB@ac!P}1*^AZ2V&wo4{U(!myKt>Q{{AV* zgc}S!TSF`2*(N%9L-V0ewTrJ`4thB1e}n4dvz~Ve^tZN?n>nf~nn+P`_xHnkc-GV< zQ7$^lOeq;_^khIs))k{k6uFJV#i(!8JXyIcTQ{(ax8AouwdQiW?CBNj#VGfjo5m4#-*SJ|y8hdUHf`7l*R@A<9nm){jXGreKsDZ9$j)O~T`9Nh}j< zTr4$>0QHqEC%DW(&iitgk?Suhwa+dl*}87mb00fEwej+_*_g0q>IVAVxQJ!amy&t% zb=dF$g??hGU8?@84CN3J?v9;k#UPP-te=t`)KDn9*K=F#)=c^hgYk#QJ{Wc& zfVO4yDmIqfx#zmHHp!5Sk!J)0Kt9&b66~m0QiJ}z;j2h}JyiN&=GK#-o0v(R=V@XM z$#gyMrj+O(uT<;9!3G8yI$2KY)>mE9e z0iRocdY^JMwo7-(u0zR{TQ^drGU-!GdC4%cUV18P3{Qh!wJ(Da5I-Jvw8i8gR6rdb zxB~M+Fk}SwVZqnQJVVo8?=ki}L$~^{ifQ@xI}%R$Mf)h32V+`HSX0)%M~kIF0Vgm; zm@^J%F~BBP%Y^!eH<-2CDU1)Cb$taw_VdC_C-?HDw%M+8iT~$Gbo%mWZb?SuKviC> zrW$EepFumm!3FfC+qOgO|^fZmd1upXLF9(p`~+lO0b5UAa?qXJ@VCx0;}DR!PJok%9`^ zA8r;8;h(MbtN>1!yIaF$|8wZJVzq*E4^{(vB*H6T<%N8XeBi=UD*pZ9D7!Ve+g7;m zUw};81(nA~I*!)Q$2 zj~-v5gbDbzpv8mJc>ND+U7;j_8QLBKDCzD@gHl$^UD~cdQ9}P?ZOsV$7mQR;TV~ub zd<6uCl{f;__FBFFHs))i!smK#hF?X<+N+iWdAuq-uTP$zn^N`BQkxo-Snr zI{fooE$*HSYwH$Mx1FCQ8M4f_t5k4jf>wCd7@*^!lAy@87C-P+xC@hCUd#7Tqf%dn z_s7=_z~g1L%j(r?f%0;*p!MitHl?wXoW}hwBC?FmLkt(kDfMGhK$1_C>S0QT{%B=J z)+<)~r3q}#ir$Fc^Rs4fyJK0UoH6gQwgJa}ZJCKHKkz0WYgXw!0-Ii5XWDaV5o;kX z*D(;s2~A|Q$B0#n{T(=hR>s8L@OgUq~*g@itMa+ za-}~=j3Zjtk576I95^*m3tP8VM6k2I*UfllZu(yE@TSU@bp=*LwHWw%H*m3+#Nw=Ped}4@q zl#>%09Zn)ed(M9*SYs&~B#k1xZeRJ90Vx9SKLzS@2yZ=aGnMby@649g-f*5q>kxCv ziYucROBq>dACvv@SU~*hfD}uJcTahst{|lwJ97%w)7bCuKR(t{E>)~G_iT0Twwh}6 z3S_Q%{GIbgR=P=Fd01a}^N%yR1RohB^LJCMGeVMeGhfj{`m52Mdu_Ao@R@7e1xNWb zBRik6#^y2&_K=quvER579omehMK)26@~%lMCLC)i%lI|9@#^k8@?G95r$xX2u5x;p ztnqy;`gqh#Xw z`&-$2_^yWciJfi@yT6FhU=oV^rhF%a#$vvv z>!o#KjUvHYrsU%4&-S6Pw5Edoi5Q-lGL$lunDOFsZxF1p->C}*qW(H1Ex4tPgeE6W z2ofN-vgc-y7H3;VjO`F5vW0}gVf(Ro)PvYY|B2E?C4HL?)p;}$wq2i)A15AcWX5Oo zc_CBi5UjZ~t-CveZXe1L2b@mw5zOJ+ujOc9B~2^Ok~ zPF*|N4wqcFIV{KVm2Bs%{ts^E%Y;6cd$<^6jIrDk&rN#A^Em2`nOYDs@{4=Q35P0t zV!!&OWPG0&O){TmG_gM3acS(d*FCz4cvyO#(8Ptn~;>D}wyuglFo_w1H+ zn#!GcuhGGqY0q$!#k+{SZcz@IUwB4XG<0h@wLn)i9DPVhkxhS7?RAq=Z$ks`8O0oT zsoW_BJrpIISOFpV`9*&`zxkow60@cFUnBz)QY7Tm30U&xG1`X9BkH z%rf2NZ#gQ6uFqDb^sJd`zxpkmnOvTlBiv>;zy(gnKivEL>;jMIT63w$|7 z7W@Y{d|OVFqrp#X2wMxVSL-whHsOAlYsg{JcY9VsfEtktXYDLe4O4rj?A2ORXdYII z(X%^e>?77N?c-;(f8{D6Y?9<3T9pVNU92(BryfRJ(SGihL;ru@Yt*t-Pqaq+^&L4(&cEzr zAdwYJ%H1l?6A4y_l8&*c{|pFO&#zs^iiO&=U|rS(6Wz}JnfTtqIJH}{Ke~l&^gDb} zhW!PkIf{(tDN=?dIgNfj$O>CO zEib(|(ztjWXcDAxKt3$BkDi2+@ptFc+UMSy3E@2JY!~H=+C8;ZPLomqZB$m-$13*> zEa3fQ8^PvYHujWmB#Mv-&k0Z7;Fjp9zwv6U#3)W?#q>bL=HA1U_ouSzCrx`+r*OWK z6i1%&l+k24`3e*@zyOD2z6SiW$d7o7X-xXzeW7M1r+|o1Dgabs*&3Jqf+|R(V_iec<_7N1zqGT~8LxbiBkYQy zKeXUfMt8tchq(*N65$cI_R(vs1(nw0wOR#wef!l~;i~r>F0XX!l&!4_)VSy>POqsL zIayrzy-*z8vO0D^E6kZ)L)Fq#gf&s%V!ie4L~3Y-RL11??xsZ8(9|qwzGzqA8dG_; z186!h@S)HLQy-auqhk=n_`$zI#LNvZ&KpM~NvP(TRrHk426ut(FT-~(8#V?**UEq8 zpy^tInnfNKubDA#LUqpu`$v>Nnqbo9GYF!zUN)eJx_UvzI<>`qK!@Mi0~nzDB`NtC z<-8fbGOCSXM_M{J#x924-Hhp&2~C8>oNq~(lMA`aGh!aveQCohqIW4fj*qUgt!nVuFl-#MFsCvp2rHY6Zk@H(!4D#dJpIX8=q$a}xckNy&0 zlB1q^S$!1$8#hMHD;DY9c3n5YJE4hRDj00iLV#j~;N>3TwAoRHV`E-KLH=*cmUOM) zLn?KV+f?c~F9qp4sHSHLP|o%p!Nhx0kvIY~Gos1K)mJjU4mQk$5s;+0u-80K>Tuoc zQ42|~do(WXbF*Ge>Maw;C97=B61h?572&djtszab_2f{wkcl8s9k-n+GXD9rqz{+a z`REdG+R6FvjyAIguO+8CpN-8SE_LdDJeSK9;-))98}y!skSAQF`+>TFY@gkzcX++0 z%)wqc04=Y`OK8vOLgZN8{OE9O0}q7YYu}RT)?;`15gCHsCE#?!)*yWjvQR&1gR~se zRIb=0W(4oZN2{QPIQL!*3>L(4r@6P^xE1D#sd4daQDV1()0xvr1cidj+%3E>_cQ|A zd3AzD@%$Um7~!a=OJ_3L*`1#bJ70JD(?pF0emRS zJ3r`%6OLByIU|}D#0Ol%_r--|ZCa&#R@i};hjkCrvcl=@GA>-}UnK3B1XF60wlqW_1|_#+J! zyeNxvZ}Jc?7EQQ;R^iGbKskW&f)6k7sS=s=Es~gkDIjV@7IR@@Dpe3;BiE3w`o^r7 zp#n&X+S$|E99>qqQjiNZ#YX&LaPym_FGKmM^<7E^9s=IKQ6!m~Rl-qX)7}ARD0y37 zbM@tDGc&7Z-E4d>AI06IJbW#9Ae`i9TsZbLR2FOVmv*Y|d##k}U47o_F`92<;gGHx zX3hRA@s6RDdYH0mqouGlV=L)c>D>JGCfsUUML!16%FkDUtIG@JwHYxn-*M&gAJ+fe z*uRgickSD?;IhXl*rA=*3N&*Ws`d`tnmRgyzQ36TghD_ZaccPBt?h0F?*MiD@Nq5y zNf|C_Nuf6W4Zh`*7!ajT8T&#AY={eilxtwi`)N$Ifh z`Tn(!;SR7WDrKbiod;tD*$LL?h4AC5DNOpkidVQ)1@+{PbU69hC7Qe4bG1kB&=%-W z(d1_8H!NI52FrKvCAcCXcBVn;pOrd;*%qq>&R}3K9mGoMhAlP4ROvh(h| z&@_Ai#0l483>BX(n8PYO14OY7S{{h0pkwA{=~}iIr^AT%G(q{?U5DlC=69U#Q^~35 z*DUcu<+cWy6(0&tzKXFKfM z*&1q>3Rcbfq0w3Ty^8~D2|>8nc&Y!9D+WQ|t6;=d2*a|nLZ;^#UzFcV@WX+G^>Qvi zy~G*8j@uRY);=FCf`gIU%FE9-!o|;UZ)ZxlV@S4Q8TB_9(I(8OBm2n8`aQNd$!(#W~(rR8*YwBGU;r%_&R$y6U#S+8FZg-4%Efg~Rqk=CaF< zzsG$HI+GG`8n6Ql!(b*P0Nu>m z7ktq-b|cuPRQDIpq}x6Rk!F^l7?E$#u^%t$XDJlkI{l!!J69ENfU#;u4wdyM292 z@^gLX8hb~6SKnZf=~TiiqL8(3!VOK7kMZI%z zT}h7r-r-tA4L5YWR%)WH3T+RTEZsv{i~B#UCiP^hNk4lAGkXRHUzuHZ4&3-RzKOTF z6b?)_g|_WERYzM^m%&7TG>oKkiH>Ese9zStC1$DG=#);$RuQrLwqCV8%9Z%-o*!vb zp-C6-eDPGcW^<^#$N>4{?DX_^*~NnyZN2aKbZ$CDRz|HvbiN3CYSxz)d+=@bE~l8)wPJ4)KZm* zKauAaf>QA3)PNgo*?l$W43~OkU=h7G0HM=9kpQ)ewsy7U$3U*M-$ESuzGy;r;t$GW|5u_Bh5qr?ByTfk69`!pHbdw7X8 zU$a+79L9J~5i!a{K3@Jl-d1Ka6V8 zgzY06bnumFXR7^S_oIX8fSI(Uz>w2yrL~o?@SLv&az^T&NV^{!-jo)>)WS~aQmcte z*>))kR4gO?b`2CpXh}w%Y^^lr*!kv<-*qB_sIJK8-Ux=?^!Lu9y+dN$t*|9!o)H(Y z^F-M2r+zQsy-IIkMNptnq~Q4T)d0b}uL)38PbSr|^&m;+GVHefH;hE?8CyAzUd#IS z4tClMkR0ErAOAsqLiFgG_Zu-m1hGJ5N&8@wal1$NrXT77;{_>!=y zS8Ks(`F9=!51#*v?b=s9Ro^j$SY`_e2&HaR3}5NTC*{*HPr+@gY^OQ03%|`_NGLd6 z{I!5gTJFyJOv|gYBK6+wweceZMWZQb~96)R~(rvMA24%7Olswvi9j zMr5R=xhz)-yW|wLw1ye#p3^GP_~Zm#2-@nr{Y_qECwX;t_1AjIu(hAiR{vAksIDvB z&wJ#}^TzXli#f0ccayhW7nhSS3(ar!^Gm~j`p$L1>bYnxu}HWxEhRsoP1M9FDM+1 z!)athLqFu0^_0GYNtuK*-M*_hwpsi5aLyHZL&mJ}qyNkX+*G!y6i zR%F__9!i?CqWjN@TV2Mz$OiXUK0u2whdZ5F?!NQAQ?k0wOFaC)YEQ}%`;oDSpCr1K zAZgPfdQ|C8BRX2?0CA~>OxNXmmY{3Q4nAWH?a@w$`(2;An!673zas72$#h;kQ5NrQ z3^mnttt_+Hi$B``h#xxYx;YBmX?xT;cSlR@3Kg$e3}+m zy(e@i56AzdNac4DID&87zTsx*ofO0ppN55s@Ww*%vFcp$W6Jn&m2y@xB0HaRQio*P zY-!M{k;>rnOB{ybG-et5jc4-C?>uFwu694E0~80OF@-mR7eCb#O>ez@OYmKVd-L5G z64krAZ5Lk{Xs0ORo_2?q+AvY0maSpHBsy;zB)oM~MZoS`LCV5X$ym7ON!+L)BL2y9 z#2SlTAA@$>Y7VwSQ=}t!MeJ9><(-e@D@EWqY1MAr$>NZ3_jp(!9$l0`hCK|zv0a3j=*!1BaIGYk zEGRKbJq&tjSbr9KKBe;7m}Hk;7RJx$Aq9Oa4)eVbNcp3~90_#YYIN7ucecsMEKjCR z-$DA@65G-dltcw?HswcEdX6*B(04I1pt>RW!hvH#@Z%3<6NRJy?RS2}-W0DSHbSNP z#q)Q62jbi4#WFo(ORfk_xLY&VPol)D<~TpkgyD7Wlz;>*ncXLNLU5bdv|_981IBgCL39HsCBCf6?X z2yL{Di%q9ecYBJDNKB?=YKv?S+oTRA6IsoB{FLPz(P#3QHyy2Xlzka9H#fJ2rVHZE zyq-RjcrvP-Q2SnCN;B%+f&D!g>}iZ&@W^PKc(=Rjw9^%Tcx`X7AZYk`J)z+vf%i^Z z14fo_KdssX5j@cmc1v#6E!GH02V!nX;OL9p;KO`J`&1U_s|dn1cpo}*{=o~dcl;V0 zgs_a%SDxg^gc--J5lrXE2k9I|2A?|jDFrDplK}E+09UGlc4;&uL0)kp;6YJs&*eUA zku+wNOf@`Kz#N;)2|hR%XT`~=C(sTHq|co6S(`oVY(t+3@>fo5^-(GM+?(^ z_BSU26=j!WCFcmGzw#)T`nfihtv1wswwN&(6&}uTbhuq3TeEw88Jum^*YWv`cN7#9 z(*^j%4BVrkpuB;E;cC~t=G(Yb`gc6*ea>3$Yx!KN*~&JAN$YtAki9c20C*uq*8$rQQUdAqsha5Hy0(weHdyAKd6Mv2Q- zcSG}LCq8cqZLn+eD62(X<}#ECb#ys8*tTBGYm5pulvXps;p7{0u~9Nm)`f(iD7|~2 zlSF-lTj=BPu-49GsC?^EdHKgtV)LqeMWv~_@AZ?TVWva7c-wX_YbnHW(O+P?;vuY8 zf{1YYJ;S*NNQct5>aZ2VKhR_U6zbrBdS_QU_rmQ43Fp%qtPM;d_8sZ=srv7of9~zE zhlO&5y~o8+$itE!mmy%PK!bNW5OSj#()O@jT42EKr`^PCi(~{KefrJD#WJ^2ApDow zhV7TIKr#$K`WY$dca7l|Fx^qsDe#)2+P0r#O{2sjwi3K>wl{;_3(GOrZJy7K#xGxt z(YN`d9&Fyx$9|9)y>0{=-<)S_v%8?j#b@lunRm~{S~f{Bl}qpZqHiw@PYw+GTwR>`E1IZwHC&&ZfDM+j{T_3JwV+3EN#))^*z7?d%b@ z>uH57*0NBW3a@8eNt>UWk+E?&vp$hA?uDLTM-eG-fh1ioR}$6S*O{7{;&k1$MZ|j6 z+%!+3kVrK9EMd3P=FCd$FQLsnqgcD}%Jp_Z^R*VJ^tmJm!*JEC&qzks3e2T~(54M6 zSZ4#2+AA9tw6$a;=a(;ePRm`2GGTD28~;h^@MiaOdgzZv#*%(p*?ZZ_5yh94ms|6` z!Gd}-;0{iw29*92QJR&3ql`_L)Wn3C)9`hkLh4y;J@y~-V$-i^F1BbM`7WPbsL;cI zNjQJjc|j<3jsgx%4mmWE_R#XjE{C+a%+r$5$G-v=TXwt_r+@nMiJ`*Rj#dSUaNMtN z>-bkLMTN8Q1~CM?AjM%dG0bb zn)5mJF1vlfSHz=SR5dkCGw#p-N+H_y%9Nasw*A`Dd*>A^p`p@~7Nlk)Wz#aIM&Qk< z4}NT%xpu~ixHQPMY*A6u?#VI{P6g}lQjYD8Ai6!D5x#rNiprLSnVFbMYOyajerLaY zA%~c%`AkXnNtCYZW>~t^K<`57L|~{*JHJtA$pTXpgs;f5l>olcn|~lOsUv?YC1%urEA^N#luj8W1K!@k`jZ_P6=Z0resacJyvj#W|CP7|xF{)-_T-z72upXW*fo&xTJOVFCI1DwBD*4Ss=#i~YQjwE`OhR|WGzVj z&NuvAT={8$P@u~~c8P`kwQVJNVR}uAvJ?{=@Jtc((&3SPyOE0<8@5VT))h;|p|CQ~ z@L-qip07jDXD@eU#$Y_2l>UIJ#^1iXI%Kn2)9wG;V<)?X^$JLU8YB7r0S#ATB*Q%8u z=O`@|+G^38UOV3Mhoa%G`WQpe09H&jQ!u~aMf5(dqM|iNqfv?nf2R&8ka4` zK*E`%H)(hbl)h1{&1BMdswd&3qDC*qM_qI9Uo^$02Ch7N(iwe=K4DF)jF(d_nHp#7 z?h&JhpWpB%q+}Q}D+s`s&v}%02SEM^(v$DZ)$96noMpYw(pXr;ay<3k|2+{TOWj4n zSKnwZaf+9&KBzo@vSOurD63+7%w2bPtLXCfkfo@4xvhz&xBkob<#$r!hD7!jyHbsi zN;9r&Tt(Z?ddR%QT-9}LDnd8>VbXonmYl%cwVjPFdD+NS@WTa;@-zj9-^9=IEXb=Z z59|4{w(e1$60YZSP^DGs*xnklGhU|0a zKjqzTZ=ugyeCily|33(6NX7t*EKjYr<`~nAu0)ZK_IEJFngT>hw z9sZSy4+&l{B8w3Rrqe@=jHK>K)#gcrZ_7!B2ui5mu9Hv>Yw36^mDJf!UsCbDuN%FP zsd+^CnhIb4K2N0Vu#nytyzk>u+IC7bUe$Zc71ENDzK&8f6C)KRn-M{56^ooULXN+i zo0{H1@Oc1`TI=dufl-IW85@hD9#!j!0KR6A6DM1j1hQ_K_Ojrg8nS=mTKeo`PWjGH zKlUh*jl7?bjs!@=EZEz`MYP(4oHhG*jjLYUyqg&NnS#>J=FJBo;$cVqMQ(l*vQ<$C$7e`_l9^25h zWRs9et4AVZAu~lRRb*EiS7Nis`1@59uenA+DuM@DR&9nm>iXC_44L!U2<%1o<3y?VJj)&t9uK3q8c60fFEh z5WdP9n7nF*sBi<+4ys|)NK&}2cz2nqr{ks&jLFbQfUAt@)9zJKZ5lE?t&vhFO{;YF z*WuoZrBI!w&xHt9O~bnP)Ip8@M>Fy6yiXblU%e^koc3jmGhY7wq@}Y{(Z;__giX*T ztDNX*JBsV0dQo%0QXaZFDtge5m{E>f!lnk|e87os;Y_aHLymh(C9}?WZDgi(bX6d*NKOW-Aim-%1j-|NQ4hPblk zLjg=2h4VT$yF4=sHwGWYIEBjJt^X0rm7Wa z0|g(2c4w0q9yuNE%(NiMO8`-NNqR6paL)UR9A<_3h&)>$_xl7b9@tJu1LBrMx2bRc z=lK9Kwng0Ih#*E=4AdcsJ`&q}HjYl40**B|Av>=YUe|wUg4(x>$Z%)8)0k#_g zGU`2G=eD`PGa)Ff@}iQ7Ea#a*&zOqgPJ;O)>RG#*K zP8dmwe{I=YcMzZOq^fhWmo7_eIthMXc^ek0i|cHtHfL(&sy3{!0fVGkeN{*MH;h03 z;Nh@uyJ{gabf)Szk{#Jw&~nk;xE>UchlT3MR%cwf2;C5&1c$hNWkm*>DM9Aoxi7Ab zk%AJmnkv(k#>3CcoCl)XO@dViuRVvU*)50{E6?VqeAiNY6zU0&Ia#txc3ZM#Knoa1 zF7y$LfZAzMQRmWerUy#82nMHwxn2J^2A2j23MpLdHF+qoG%KJB2d%*6C#o|*?1Ub2 z#{U(wxPb`_t>jaUs_2ae3UTD7IGnm#O0<@w7w@HTfS$k+K&J7K$utKDd-w*@nmGsWdP~8pwNZrWUEiSrG<2a!aLARy zq%hYW`!(zM|Djz*TDc4mdb*%<&%ER2XigW#rukA7K6TA6vZjcKs=fYuS2;aila`ux zz9_R=B~YOWXI91H3#4EW?oylr=>r#-+05#n!#&XlW?{S3$;oki=|80-GFfhO0gBy8 z2?GyKdOF=;Zz`EPLk<<+A6vPGtiZXeX*C^v9ig-lEu)wmE)O(jjXi}z&XhMZn4i@q zbuljQBgNQPFC$5VPgfsqU0OdrIY3=rG|*%L^NOR2RMa6-nZ8GG3vCT2CI#ziy0vuF zRM>QNG|9uJaUlKjW9~zXCY`aq--FLb_pJ%5!=l71X0PP}KDMvEJ*PQz>0mn75p2c_ z4Am5}=>Tj|{-Upr-OAlkb|!XN=vmOL_%oNggz-FhUsMxJXxAYgnH?U9LhpKrClSNX z{Ug?GkB7B<@wpxCx)q#-3UEeZGO$pg;+}|RM8Qk3R6+OrNRq#=g7@4ne?XX6hl$ZH zdNS^k(sCh3N@xxpeD+(s$N^65)-ugcekS zTGon6lLhkvjygD$n&p2PtyfYf2pqzX`xGw;d9FflFaMP7TQP31q@?dZbuiBPe;Dw8 zukbld1U&TLVWz*qFUwi6`HT~&l>k9NL z#HN88G2G%G1pSbqN+FC`HzgT_%W%kA!-#T&cV;8qe#**)mjEE<1$ZIqMiZxlf@s;I z&pky|-HzVdwOd%4GxiZTs+^n0db0`+9*uC<4mA>mT7YV_FZ`K)DO#IYm?r$n8q6;N z6aNgb^GLQ)>+ce+mX^t5tFHCN5_D#4NmMUrLr+I2Ug`3d{t|rry~ih!TY`UlOK2hD z(-7&q!Qqd+Z*-k{NoaD_j+!el9pwXSOh%_S>Aj3H2~evvy2G9r_AZ{SuZP1h_o{`} zYm^!>WyOTlioY#$gK5|xn)6*&Qt8)re~%iWk|`5Md3Om^4D zb~kO!?0)}xwjg|fIy5>kwQ-+y9YLoqbF|Ix-Eob~O}t;1Yd03K!WYCKr~3rCB2E0vx{+}+@Q(k zS$u9zrXM*!dxgg1&!yub>2C2mkQeA)4IbzjE)4Qmfb^`~%@;*`eBt|H_ikz%>Fe?1 zP*KZ(BR9e<4nHKKP}q!8Jk8!^UZ>fN=?CG#Osb*(1pilHXk8qEx5OoXRq4-Bw-fC`=mcTjDlh-iWc_zMR}G zubJ4OK(lLSEHiE-Yux>;Y&DGNz>6+={8y^QmCGcBB5Grq_H-v-GB_K@`M=O{A0rnD z*cVzmQ2380=6ZKWns;vr6%nPz0qld_boHsvR?S^F>HBUR-Ec0$jrSr5RyS#M@U%a7 z9XtQ@Y=`*vQyc?vPmQF!Lk*f~e;3OG;qjYkMR5y#nO3fCcUfA|3Rx-DA`b?CyO!D% ztlWXE1yzX&^QFM|uvrpN*LrxPMpaqTyOHij1`~_gA~tD;SSk@Lae(t+2&NEx;dG}K z(L>ZO|0ILqK${_RMa9zfwa1qufdsi6gvXbomO4HEN1BLXQQUsAvd&>S%Q7>W`jvHB zSiHVl2kaSGRB$-qCwT581_x(5Z+rpmqN9SoXrzX&v{a^<%L%-2=u`73PNN6X>j<$f z;|lD$CtbbNL_V6DdoE8q7Up9pE3laER^*uy2T4DsqcY1dA6ZEq+)hbB(WVmRS$|di zk+VwoC38^}&;vCfp^?Uqo_n4MH8L3+lM<$f^hY~sbM5A>V~=Kh`*98oL*bHe4p8Ei z${{(`3CHyOU&ec(Owg<${fO&%hJ6~#9_drr5Oma-+N$ZhPVrw`XBpK?boo@f#vGnO}D@L#@ z=GrGf6Zp9oo^ws^r0_j>7*zNF++6}YVbjq{4gZFS$wN*Lt%e^99Rq4*q5EKtn&r*oId{=?Hmea zh$o9^u4e}DYP>hm1p9*O4*=!6CBD{V1LkoaEz|E>`{n#B3p_zAy`dZZ0KgGz z^Q}03Befz(e=PGFKfSigfN<2AZ+|hZ#4jS54G+%s7b1-?&yt$J8OTHVZ*YG0B8b^QOWN}* zaGU=?CLUspc-;8<;Um}oe|)_OIMnSIKU|V5Eh1!%Y}qriWo;rmMF?5S*s?DXLdsGJ zV{eeH5JJelR+hn7%9brV*~^;!f946l_j=#=`d^o>>oHHweCNLJbI#{{&bdEF-u-xs z{waKY)Q?q0!Z(iNz||enqbAq!wa_iFn?a~GS^)HnSp(+*UT%RA;Qn;A?8{^FA_LSX z_pbm#DR!9F69{M~v$W9w*~#GR9@zGiq1)vj?k?ynLy^`qQk>a@^JplfJ@5uqaAGd> zA<*uClhj$!R_VcC?~wn%kHIQBxCy}wfXlF=ym{rrSG9CEkZlo!`$qgn4sW7$;_({C z7z{II!52R|0H!{jhv~bp*ggf~(C{#7;dkvH%|3j`m%|q~rR}fk=<1J~Ju%hjkf>WF zkQI4cMfa+!;d#hQe`qnYvg<7{h<-V_kouBt<9%6Goo{_HlEYWkbAjoGzicynTrch6 zO8(!jOM+vS9@Lsh82iB5oCu}3sd;KFPEv8LRjlUKVrB~2yZ64N7}xF3CaVA5uH;&c z(3&j3VN0Q?aGDS(!stqDVwbGpo4f-8;f@hku>cIR43KJKApaQg1W*7C^aA+65rBbK zeOB)0$q4>Op#9tGVH2>T(?*g3|KxaNpF$R*+U{@BmqP;$AO&vg=StU0s?0|cHa@5x zN2rWdJ^vhVCG2V_Z9`SnGt>oRF|>O!1hg?}X`+8e=Ln$o-yz~RD-6mw(eA6mcWLLF z(TO~nf{FBDvoXos|SgWg@b`Du`y55d2&bSfw~nXBCCA=GQQUPd}Ha3c3k}@P?8}zPZ@04v#qRH+GP@ z$tJz|ue(6e(P&xb8QFi}}R~d5EpY)J9K}n(w zXz2|Ls`}3Am50D5z%~EAaRuLd`lW7*p^59#j*M{;DEG1UcmRN7QxA9B@NkC=e^VnwAqzyU4SIbuwgh9)fkD+pE(& zf9d)9?_URZ?(cFB7s*b7JOzH*<{mhjSx_r*=|S*;2W@BNQ?sKJ>O47Y1?$-q;ER*g zW)U)-yAl>aN8;`DAm|SMvR7)?pJ(qZ2+1vhPG~gWM@awO1_x$QwJp~6YUSHkzyfup zALNXdp^y!)z5jEPV2uW!U&Vokv7eHiJPLb`?xpQH2lu*;`KoU1y}pe6w+r!H(AK>% zdP|e)y^D)KE@;y&hOf-5X*83rbYb1B_3pVFkcJge{fbK95Pik;pnmHvT2)IU|QG5r z9b>kHvq*Jx3;h6c2lc!8#*?>&(yU+dgCBV4c;UhUEIjH)`sl`@0IdO|HHYr@XqYCW z!&=w`2((VJLHQg&lrAOKWh%`~hq(4uQZ9I0{6W&wVIAu36G!W1LxOL63+~@I4#>F# z*AU@-6UG0j17S^!pVJG0y^J9GAP6sEok|CSc2A>7z z3fc$emkMgc{sjhyH$YkxKtVE#0mLnHjYWIQJfnGYbHcK`-y+jyMR+NZ%&i1FlG9Et z?^(>xg#vX_jgLGz@y)cGWh$X`V&+tNYC~XR)YdxZOQPdJ?{R7N}V$ zfH$ZvI*DT9qBZR@{%s9>SZS7qHL(k*lHhV2Q?>WsRyIl4*AT(cyaM&3F^MKS^k~Hw z^J1d^$n?aPyr2W1g_lR0&pZ8!0B{f9&=jEG-aQ3;ygdA|2NtI^#$KiuFh@nJ59R~e zhxs|-RH=i{s3E?Rjdll!tH*UpskK%qJSo0Q)S#%jF}h2*(5W{iwKbmjEvP84vo<=3~imDW~O>edyK$o9h5bLrBk`cR# z%tA&g*Q$w2@H&sy(cv%lP3_5b04-Nh$>;x@5CxTe@wOa{ao2eCR(59V?t*HRaBUTh$Q0q|Gj~t z$z{R6AA0on^i zjI;s-MKtH%U|6Qk6u@f1RUMcSTx2Xn^!&*nup50|{^u|3CvGKp^^ks@$c_D2=M4+A zU~Fps`ZcVa>Bj}gN45a?cBtiwo-<4)z+{(8ht7|$yF(2 zwqCKId3T6;YIj@VB0rb&jU&GN=gvn=M=S@Nx-2!23JV2gWTb8E4Q4_7Le*atI+zCk zF|;O!Hev#e>ou1xju~WTclU20qWSMqag`TQi{k#C!j+QA`8PaT9DiSZ#?yV`b*xo$ zOlqpz-qqt%%ZmaemA773j1dmdfWL%Ge+ESd0uEilN$I(T3S|=4{MpWIu`B1Vs%vk=5h%+*SZ}d0 zK9>yX%yFp$|ShYp6^VMQnN*3zjS7o;aUh@OFB1cF+Hw)k{p-KG+q#b`M zg;2RnrQCP=nA0h-ueNsYA0aMLGb#9>D(-CQBb2?t-j#n_d(3t^1qp{TVS~9HFOpc^ z8Xdh48ISlz!>P#^*gp$3R`9>y6y1MC<6HC}@6c2Y#hFn2m8A7ol_>qmlLc2rX$-lt z=*03XYz?9g5^ZLEAdAgkkbzQFk#4|ThmdaOv7_Si4MT4yhP}c2n!F{TED)M_#RC0| zuJC51d^{+oRQTJ^S(|&CiN)l=Xs%Pgytm&b^u(IbwedA?hmeKAo}sR5W#srqTnpbn zRgoSX=FoQ*fbm`R+&M2rkWGU3^#5Fv6keO0+pOJfK3 zGYwhsnCW|-ruO0-Tvc9}i1PBBRLUkrwX&moh2sKr&MKPtDh(ngK7ED<76He3jakUo z?U4MtG8Ui3BGq1zq4An8`G`+aEpd2_2RJMAY3kQdYFooK| z0OY+AX!Ct??`Dt@O>|!H4(fY$0=5qN-)(>-#miJd8?JNen`4;OE{bgzyP%GY|1SML zpauyi8+`XLQBV!}q2c3KIR!{1^GQ{IoS(i2$G)1aDSlmDry)@UK}kbqp?s*sK)(4J z-nR}+Sc5qt@c?)HqC47#l~Jh|;e1`Ma`z_7^78~E@g&^@!p_I)n?or%*WLn@P`u-d zZ!FJv_MwB?jyoq@_|&Fb++PY6x-WdDsj(lK|OWzn(qi%)7e2=RE1@`OGWB9|v8@~Mt@1Pi)R2Qs`O06aEX=hhE9 zmfpZ9q5@|Is{=*0`=HP*k#rw_=W6IrICE^~;j;}RpHrO*6*`O4i}F6& ziApyIO{?DL#_DWk8XsLvaL?urC(@SXd!I=})a8K+ncI8}94`i#fRFFT%fL*-4)p2&;?3h7? z1(kpH|2G2iqo-9gKxb_$u6J*!nrD3EOi(|^H-9&ICOsxvY(@6ptKhG#Xx3Ca4txw2 z?_)TDzRP=i3==q>)`+XB#D%wR{SnQuV&|PG64scFVwYN@|bh{Zs@KFzr&B#iZ=AU=f6 zk-Y!pPh?|=AKh4Br|plo>Erk6-SEX(iCa0{kpYv51(TUyBE?`#J(b!j8x%ta14a8U zoa%b0S@lC;qB$u0Wzk8lF zN-;eiA>GZtJtu9oDmya!GGsy@+x8*O{MtgQZ$`IUYX{}$<^Epo)-?=6bQ=A77(UIB zQi*j8sJA`EFL`&?$WW^DlUaSXm>T=7o!}WM$=sX%x30JUxZ(F=)t8-d^Sn=+f~;{_rpB)Oxd{!`9HC zCwUdpSU3?cb736k! zemCP^Q?BGry3D)$Yl*4zRXlucoYyB8m97 zuAs)ie2Vh2PN^uBHzhIWg$V9JIy86uAR_%=8^RW3Cw<`T9`l4Ay@*V-I4cCakWqS+ z)y{p1g@cj;ev-w0b3xZ>nf&df_}k(YiB!>7$I^#Vk=mKg{av=Rz8tSG(Q)_EbhPep zS>Gnt3KX<9bh+}Wznkyu)Yvq}>M5qujp1TxoPiGu|Kn`$HJKD2@%h;J7*^*^1MNow z5LkI^^nlVy>sX^2Q~Up3FoE#2HhFldgb}ajFDR36qb3I*{5?AJf_%1AWX5*7eVQQY zWm{M~;GWfg4g#SQ;;#1p&OvGu!t>_2%tP#mQB3Vp+9AZ+xe~J=oATkOA^4(}A9puf z5;{vb_x{cn=a04|8dfS`;w1?4116QK8(H5CEwIXIhPS+H+AY_Qmin98`6D^jnjW+M z>zkqWNFj142E0>h@G;CaZ5A!)Bd?E|5CKLLzJ&MM%7J$J3oiIwu;-25zjSUG1^cFM zBvl_GJB$BPY3Uq|9X@&7pDK2SNZp6MJV72u&{PzIp@k|Mq_+=mW5-YISLO-JZZLb* z8jbd^p*l+FVSYxItodKDkpgccD6g&>9-|4=Il)++z0&6sKV9mfR=T}}jnP~h>l1tB z2esttC&e)uHyA4XSAINvZN+w{hq?K}UuDvt#+|!2O#hB2NI8vv^o9g1Xq!rt(dMW7 zKq&9f+@(LkQi@O&axjH^%#6Sk_a2pGI;^$!0n#a8w3K{`@2ds6-x1Gs>Uv*QNNUDs zxvD^2cFfab2O7(>fW-3CYnM>A11?CW%*N5`KuC+i0N?f_2U410od$KY3~ublpXJ*Z zpA+|xy&$ya3`rA33~2I|wpr3XURpCZ@;By>FlO4-oZ*>eD86y>yzj@F;lUeCL4NZG{sQdLPl-EZduA9fxV>^RN>|I|n2-RFw|65^9t#a$lG7ri; zc#-vO?qCBhV{Yp4#zNmZg=;m!(T&7qF@|r9|26NlRKdGsP}8sc%a@@~z1Kk|l2)P7 zb{F%lIK6a&0327LDYJ7570(8HH% z{&T{k{J^yGdQGrpWd4yTLZ;PkJG@CS~Ne##&yET+z7(;c#q0Y%@NhD-GK#Qt2&^gYnhbiT`JbC zf(JEe>-`D!O8O>LHn^6it@su&|LH4ayAFEaM-q!cX*G>fH(2n1Dv7|STkfmpCI0Qf zq3x9$<00d12;3qJSm;<-EC9}h5zdw#+;1X#X%8vl&_H$bYnFW^Q!CHxRRWCy=~}8o z;5rr}qSzWv%~?-6Cqw)m{!NP6nX+N`O1C$kTy9p|Ll+L^zHF9G)*>v^Oj?X!^Zh3KXN}21F=Oc6?IV(W zC7TWaWbU>)-C-&r0?xxZLT=!ol!l*hVpVYbo*1!9IR2hpS1dW?-ybX~x-!gNj*xx${Nz#wcK*;SHz*k$1FpW-MlBCV0X?Dxx zNFU4_SlMey2#NFQaY!SyG!Y%C!*7fy(i^IyO*Fr!F^xGBGH_kC>1LyK8GakptUl+?yAa?}RgJtw)Bb@Z*M$S=IFatW zAG<6AYpgscn#NlmPc~kk%8iUX7y36pdr#)!-=(dc@WjNSkZyMnO&ev$^Y<^Im_Y+o zV4z>u`#>xb59`dj<6ur{k<>npLxU7407n3-WQ<;@jReSNUcfHX2 z(&J*6TPz*XDh)~G|5Fd#XU<|s=VArrPd7^9a0^A>XH!1~R`;s@*P+SMKKz}p=F>m$ z;t&sC6}V7B0!)a37||=pWNv3CnEsj$fx%g=KQ$LbY73!nLJJ|U&eYk4o6-cM4SvRh3aQ>Q`Los>Jt`30 zxbEhy`VhyzL6US!g5;I7ll63Y+j)|1VXRN6j}cvy_52k{q38^+rSTdgDY?Yk-mcK* zn>llpi#zLO|Bnnbt*FP<8%c)1X7$(AUq6JnRBsyJITX2Y4vwY|e( zcNjNPXn<03c7qa4Cv*w(cpGr@WWAxq&bj@d{%$`>t!Z$F%Q*gz(+U~=AHQO^G`93K z#qiyz@DD}?)!~}qot`sUyGE7vRWpkb5%Ra?-B*3mxGlmr*}Dy9t3?yDd^)$dV~Tb) zhhE!v?Gbj(vh8^NeOR-}`@VWc^w?(HYVNA%=O-RoL%9oiRYVt!4AwdP6VAj=Ww&Mb zbnA8mc~|`@ENgJFskGlD$t1aRtUy}Gw4f?R_WNefB-5(bqwwJ6f}h1iRxQHjF-1Mr z6m(C$Gk#v4r8E*-E+y6B;VZZ?spa)dnp@TQxW08 zZ|}&`6^mOom3xb=&04+=si^5;I-_IiTu#!@+IS=;IiAEn3xMfh&Q+Nrv)5nLL)3<3N11f~z%&)YZS}a>Pm?T) zvIr0w7tl%mWJ~mNFK%L~dgFpZ<>sk}tD`N=kv}EQMC^J7M=!DaYwGH=`UX59oY9sQ zT;XX?Lb^{rygp_z(w;(cMPKR0vQKyJD$5O?N3^6Dp*G&-dG!a)>4yQw-Xvd6A|ahI zP(9L4N)TIP60xX# z5N`Ty%(g-L-AEDKhRyH3*uk^jDqL`=fmL(mJy&ONUhJ=dLVb zQc|Q7!Y6le#@S(fJAn_i%jbu?;8eBM5_Tk;w)qpPv=qJJOO6P=BSe_Xa`2AKN8?Cd zlVFC3S%mcZ*_->%5d|njX)_qfcoSJfXxW&Lo@Sg8ctq%3M>e+7C*!!;{7i&TNjZk) z;n%Y}CQ|YJPK0~5;sKusZJj<^jrH>DXugl)Yo;umnduL)R>YiRCDB%KlcHT#KiuLV4@*HFIbsV%f)O&6skz00@@VgPVQ_FF z*DsRaREp%akJiq=ON?oxqd^!@x7NPDv_o(IlL9%(b&3?jt}mDToov37$@Pq3x^l2V zKkBOagmkdOy{YPwiuK6C!AFcF<4Q^OZ-Yl@D4shHF*PmsZ5y@!9o)M44(WJz=rNJt zY$#n|v!YsEOP1gUqqOnP1pxy(wutC?)pot+jRONN{?Ad!A^{A_9 znN{Xy`{nwTm+B#}HyLyPMZV@9QSl!!5jC2!EZ@THG+iVLw6B-y*Q zD(s)%pYk=T*liEuaIO1S;O|^i4E*+O(+^jy5norWloOFMR~e!FDda|~psn`$yhb+p ziznTj(aJ0Z$k4Kqk{z}j#_hJB>>n?Xj5Cw}{CJVBqVw!l{o{F;tEV^~A}w1SYUel4 z#6<6yiWrYZHDgsZ+&1Z);*#8Y9b9;6UlRVQc-%YhkBe)cXRveR;d+sw7}D{xM*}sGMKv}yUNWi>OG!z&t+ebk(Uc4dFYomWxs{`NGn(QI z9!!r4N43O>nu4re!qM-~Tt~u?ld<0>ZYrL~$XqCU5nAnB?1wW)Vj14sC1dhBp^%6W-b{by%_!|fDX_SxOjGNmi=!0UQF-f9QDRIt(+@;fm8|==tSevFjScT78^%&zMo`Q zAC1)*kYLUs$c{*-AAGz32l>s6%1e4V8aIQsZm^*^tR+}FZet&>kBi5bSn0iXnqoa; ztxNmutv*?~W}vM`&PS^ZO)RgQ58vILd4`;A4-o}pQjEyRcpV3<40ljwhNn!|7a&XflQJk2h;cS(b%KG3wPcVn<0H9Xm>j`RUL! zz>j7Xf?Z4yU|dm}+Jr+!3qaMk@4zd$_qPfl@y4@lMezogJviZ z7Ij|FSu-ZhHt%{$IJh3VM2(9k{HW7Z$Vn=-7+!n2*S>jCOSK|EwuJb9(%>fFK7E#wth2Xr5k=$X3~Jxa^YNE|E&K#E#K0A=~gNyxaZC7%>tAs_H**NNOZ?~^y42$~+hc#i3bjbyJ#33|^bqZja~jm1`iv+1 zRiy<0ll-%wcqL}$GRBuzE+nTt-@37dG#{%`t+=UVoc}mq5i6PY*$)@an04{NBb8rr z1Vd|8MPwMWtJ>G*@_0%|xXZ6$@iM0VZV?DaD!9j^IbRvq6B!rt`{;C=hw-y2qTusd& z2?Vuu%F)e3OV0-nossQ{Ow(|k{$6MEttZ#G0kjrLxUQ9Dwj@Z=gDXz&T@k!^WGqa9 z=^7IGG%I?dYuN*qLYWxj4MzIa4=3RV7eJ#yv|@pkL4Bt`%U;$l;qW8f3Ag>xv~#zR z<^kl0RT7NWu2kUL7kxZ>Mwwc|w;B47Y)8!REBHwG;XFGym>>ht8WHh1!9 z7czPn&(^Vqp&0^$@}>k$JNiWiUkQ3@kry-wD+P$~MbbJ23pmOgI& z2ajYo)qc62E*5imi8hQF3uhGNQn+}O;$s{vV)?hcLrXhC@KODU> z@~U91wnUi=tFt|#Yu`aM3N-pITYYDvS8!^bI3xWxNxAOi>C+ z9H2BN<(j)#1`g$D<8GJ6C5fkqKboJUS)5J5at#=yO^n%i|`PyWi^xK`{7N07x2$1_d) zh_gGtT@fO*hW~QdlOi~CoogG8tA}>k$12OB9a&WT@2@31T^5g*qA<>h@RY2#F;c z&fzI0x){}cUuL8Zr*LcNh(VFfwY>XvugEGN{kh2G@ryX8HdbE$(aoasVJl9gh zgv2ZbiqRkz?T2FvCc~WaM~h3VV7Fx>d1c;x4xeC`(7D$6Tc`cSh3`c&W}e{Yqp8r` z%4ZX|{wRjT;pkYFvzdgnt(^2y1~kjlz1?8`=kDFaDK%9VAq~0M(xmu0waD0mUI4`g zUTp!2^ytB4*vO;6#D0A;4v_e!Yohuu?@e# z`~A@jCym4NwV;ak`-!J}ZXEjk7qEKkRRSQ8=L?z(bTsaxwIq09&4tQeAG%f-hb~+X zIO!W28oH@^;|3Av;IuAH9Cz_Z;6jo5P7xpklk=-k8=thM{%Aa1qd`7~Vrs>8Ev8|mE2Ddn2oe|{5E(Yz}%EmE*2+rVP`Xq(H2E4N-=WoJL$5W@I%`17-{*RL%fKbr3= zR325;&`=0G%}7o|6Jtu7TeZo(P`&59s$Ru!Sav=)%#1qa?OVQ9uBo8l;JT(L9zmbo z#|46r`n`NX$(i{FwGlv%B*JCwfUwdf&3DB0uV|lDdamnNJYE`av>d9cEX%o>jGUn> z6(|h>t)!9SA@62ux;Um7>kPdDj>(p|K(DQ}-p=A}L*cV@h7?mGO!*m!QZ%}cWQj4M zaE`2%#Fm%TgRZ};ZD18<`I#`X++|@|mtVsA?ow;Ig~bd>u=7YT(slQFMf zLSEer)-mh>xY^K$=?)gZoG02`B!nB&7cZ8R#S+1M2InZq;Am-32`+ zo!kc6*vE`G7yAWwf<9w>BHOGGDW7D_GAAAFmoZeP3!~efNPLr#^Lgt-Eqcr+eK%vL z{JF#dl%{Y{AxI;^I1Zf#7k)hSEJ8+d^}=b60g8=*r6at&+#lX3Vi~%WrSh}eoZ?~( z^X28=v9pbRh$F-7Y_5JK6R1d9<1|y`A_l8IJJB2yn46pHIHcJ+*Of&R!X%X`y$(7o z%$F`HdJU94w7y%Nu-u}JN4|6lB3!5hnOuQt&}4M=^Y@=tEPXI zWn5W&1+*HQocXQ!pTB(h1*EnjUzPdnc`NP~eIj-1L4HFd|6Nqr5f>}aew0*1j-bD| zx~UeQ@Tqz9b`Aw15Gb24azxvU@QDlKn)%x|9#hzHq>EF2vu!w?HFU;5Ye->}oS?Vi7U_GLg zh&OI-&ZvDi@Y{*N963n@*7(2x`+*)E62qf=Gkr5m5xcGOj0AJfmWS2jlOpz<8as+q zuq|3A^P&8^yBc3g)fAju3er&S*Vs|gAn=V|WQtVVMSIM2a*cVUUfEbEU*sOq6yf4= zo%?ai%Ldw-ZTmWTr8+Lx06dR+&eabp-$4Kf-iNCBqamcmZr2Yr+jD@SqPgY!d7OnfsjPQr~J-sYXA zpjno77IieALE5G=msYgDm@(wt4xXnmY?hM+a#hPL2Qq$62n<$&#GnRe=@l>u8lPZ2rKI$Vfyy>A@S< zLxt8;hjG2+HAE(w3rEs94|3U$7VJHS5Kl*G@e*_-1m zqIlPjuoS?^X`_t$;Akn4X%LW9K4tqUzwLi-V7;ZqlhphP#zZ2Q3gzO5;)NP7i?TT1 z?P+{|i78|91Dz3BgTRo{kt>zv^SgCF99I;AH2nLcctxoY>1uJ&Z&gbeZl;+Noj8$| zM=xsk!TWvGbckkBB%dgYRy55b$eER;X(US5e;+C(!35MbJ5Kz~-vJeKZgwpZPd`X62aNprbz+u<`4V|dQR1hfpuwJ~>S}6knQr0?Q9rc!w|q1v_Vtr< zWD_&<37t(LZ&R9*jq*(5fjCpJ<3X*_kYGmNl&E4qE!}pfB`Jx9o#c4l^hZMHf=7WP`CEXF-Ifk=FLAZtoxpX83s1y`@M;qVl^i`^C_XONFZ zZ_E?l%HNiO^g5T70%6>!jNKl``TS*72i$chPWidFx&X?K63Jn64xv)~0;&0m98r8n z0OkF+R`Zoncf+LThX)vaOT$VbYTKUXXTAONez?<&S4|)mWvbXACl?0GgUu@Au2`ig zKacayF{<>y;&3>@MUXUqPa$Hq1)6(;&XcOEc^N0UeC|{^O}x|_>MgK%t41%i1%$6j z?enuUrm&4)uU2o)@L&;V@|DDIE5FWfBvj*4(bunjT%nz%gWigu$VlEU%|5}VQXLo& zkcpVk+#D#fjoWyE;O z+uxSIF8^LVB^P#|y@jaCb)F8@Yh!PHJ@9m$KN-#MIvV41*zP!CYxBppD(Zhh)%PAy zbH@>G*VHa%^;NF*S=Uda=-!V!%z3K+tQa@ei=1?1L3xiEu{Y12xbo!*c_mt0gBWuH zGLUBH;4QX)rtM3>ISe@3-;FTR?%Zh_8AwG)74pZ{^K-(wZ^&m*A#c?YtK- zFX&+#tC4wbmOq*dyZs)#3dI8y2tyWBQys0`bv^EFkkA$}u+Pv;jXcMditL@~&dz#= z)PmM6i3M3@W#tgBCX~uXh+HppoCnj3UgYLh_A(+(4lq{7%Bl5ova!{Qb%S_$U`M(} zR`rwub{mwUgRM7~ngz6{9eO?1=B(VfoD3FDbXcFNm=HMOy6`Dp64U=fo5_}Nu;t`k zDTmgd)7cBUyV7CkUIPvkDT{N8Cke(hh4ogs<=J>em4;U(@#_f#?`Bn^g;+Xf;(}?y zpU~rR1W{lO`yoU1hzi&kqlW_ny!#>R5h1(~9r_2PyX(IAlXX1(~S&sBMnkpL6H!`$IwzK8CBu zX&}=Wu*}3w<4q%91L+&Uj;_M^i~GDUE?cxRn3C9Qu?Q81PXNjg<4}uzS3mph?TOPD zq(4ZDP$4GHG$Hs909bac`tqB@H_jr|RH9W#@*n*feZZ|k@}_lH(`49IzkaY!oX5@n z$OT89`niYR$h2Gku`s~5z14BJ#{fPovCJB2ehdN0TT=;=|yZVd)_2+#P-BQ z^BZP{3o-W6U9n7hr*R$ZgqoW7&M=m1;K2t#wJ88)AE-elzz9Rc%!>6BIeF_LRcHU& zl%gohGAEV5>xawYm*F%FsDAXB_h$B6BiZYaR%u^o3yovH z3`1yXJ@E1MhMb(=W(g3d&qG7o@-#4ydduDHSKWKpK{j*76b#K(H6kLy5ybz`tHkyL zDG)yH>+3rcxIEpFo;9s%_8rO?qcdGkx5VX0lMsBjA->@tFn!jDZ;3KYw<%?uFYCU9 zdP&&SF;;BA@Ku|=+4%jr7j&QH9aJR+EHts7W*_$gzf=Yfkp<1a*q#e<+O&=Imc7ijvsx(uG_@XV~)Pc$d0n>FFFOP!?(xcUZx!XlX|HdY3}c7 z&2s4-F~9v*&vbKeMKMRFq~nS2qY;h|;yt5yeU#Y1hDb09njL}?Kb;zvtR0mU)s>vD zrVnrsng*lF%b61^L^f#1KbS^p$5Q&ow*+ohyF$w3~92Z@^*&iBhW9_W|l{x z-szp7jm`so)W@J&?S3Y*nM&BY`*veo0BGbV-dh+bbq!7T56S-$|JbnkrkVPZC#WcY z`smW~;TsrJTVS-jg9*zVJY2*eFH3=)ESURgEm7>#zj}X#{7Epe?nMsC`@54QNU%%g zkM8~M?1y^*o0t8;57(Q5+BnJ=%}awcPvvECo_f-SCC8i5KxLQXd^`KyzBgL&1@c&4 zx^qv9J#e+J)a>6{nmp$=H!CteS#hI)Ts{thDxZ|Nw5qhequYB^Tz}uJ* zt4sG-hF>XeS#-&r8;ywJOvHsXkRR|I}Ux%G)pXCQ%15SNyPxcU8!B0x^R7gqAWpUSP0$VEbQ%~1AGr^8(vR<3( zeRjX@Wyb6>D~fK7BSP%d1)1HyW3NGKo6g|nyMPNn3l>YEl!Q(dK#{DUq8AwksDvX^ zNeGRD0l?*M4PmSbOLL|k*Lq#G&uZqe@!MTB*OKw%52;8e%3LX>v?4)bA2$LBk7m=n zWIwK|P-r1-u&GLpG&f^G?M8%$wAF6%3iCl#jSO>zJ!ZB4%d;N9!sChf-UXp?;zM`C zW7`P9h+mC5Ab5wj`T1;ZWC|84knb7V2&cOCk2Ty1@LQ@ zse1U^L-c}{6(KlEWdPXc)uzq%4M>G8?_yWf>iWAvxuFYoj))Qf?Mwv zX$<0M2l@k7k0>DTPuA%I8@qtfOd)-(H_O#8Bz-vBt?g4BiRPMUglTE=><0A>4LmGb zyO-@^(N-CWsRFzKm8X~_&r7%taF^T0{^U}T_;4rhqQW}VhgmOPM0(+AoB-bRupy2H z_XTk;x*RE_xm=bq5Q-;vw-zkDW5O-=u;uXG$KNPwsD7>%D2qXh=P4h*&CTFfEsva( zJjDr>THLb8_;I$ICSY^a=O3uc{g0G*iH~3Z+cte*{)K!vsTmoAy>~V<_E5BT*UKOM zNx6lq7(7|{pz8~0DBD%Y1=uq{+UFDW{pMn#&n~U}%X7DQc4462ACO&+%a#@w*SlWs zn45~PLRl(`pCemxRADJlmz9#FL?8!`lZ{Odhjtnd%!UjDuOo%?C3 z?;?GGSkPIGYPr%20Sb@ZKSB*dh@|uKE)adz@y*PrCZ~yfo6=-qyMa4VU(v{nNGY>K zkR;9sG$?%F4?{j^@NvsW#^o3Jc*6G%+wv2fxe}Rv zQ~6MT$u@r1FG}Y*afA7|g@f8U-}kdBivR4(l>$AKKEBSgQQ3T9WJW_KaddP`H)*pX zxp5Ye?872N$%Q31_Uw2l+SxOFGEr%+c@C@tH!0ii!9DJb&!)6!SkrIbWBWrJ$}%ol1}ma3QGY{IYS*KXuXOI zpdovV2Aw1lsYi{SV%3U`>zE$?87dkp*_`qb-|S^Y-SE3{k%e7aq0~vd{Cg8CQQ*Y|kOv$c0Y>=BR%dZ1nkfVR})+pmApBDh&RI#{q zJ?A432~C<8S}vW{A>fJ0`7$obN%OJo$P`by!0 zhZabR_XQ2%(N>{L!jv0{k1HG7b#je@f$p9lKP_rE@cetKN>($<1Y7%plChjw^n#jB z#1`=7_T|bO9=hh{X}!W+TwFg&ozqDbOFg<)jS?j8uYtb?&NQer8}3UJV>VY}ji)1(tO%DkB(;?@jA(CfZ|WGXp^f!= zdi(Q~;xM=G2`Lr#FceL`0@diW61MaUCIAIMl`2+>BbQOa^#jFKHI=;nFZJIGj~+ex z8u+DmCET>AAycEVz%IT(?CCBC^Lb-;!`Q_J*7E1!6BzVYKZLp@5CyIt z%{-qk_kv<(l}oQ_pnYv&FpEIAHBrWXdjL-}<(_Kn@rGfb3RAq;V1=mZWEd%_#e>`J zi%Y&ZFdyv$#X0RY!=`MTVq$y)m>ec&S?Dm`%}P%1++e3hikSdR zd~5z*Pm-{*azU#6`hzD01|h?-r;w8+IT2@X-8Ci{=q?)j#qnXV8hgL^btTvHUeman z4`#PDZ6foNZ8S|Hol+xD7k(fAKU}?aR8-slKP-q!sgxi{4Lzg`B`qZlGL*D*cQ+`Y zh;$B(v`BY@ba$tubV|pwxu5I(KI^xZ%l{0{+28pp5wEjJhZ``;ag2aJ#|od_6kK*jm59TIF!1mrtBl5RKtXrv!hDEq0?e7ZK>uH zOU2HzBt$(wox!wp$TfIjb-q3_EsXRy35GaXg56aPJtecQ6i+CGD&?cOjeC;rdNRp> zbJJZ<9;v3K!6i4Wdh_w&<55v~d)@8L<(=Rxib3_s-F-N=NV4(lw!3=luiU_(tdK27 zqEx7@^&lER?y2Cy^!6_{SsFY*{CRP@SJR7!ce7$=ub|>x+gb!#7OXGd1Y|9xTB0H{uHxx?f{lL{P>#?(+o*Zb ziRa((I6th@J0>FA!r$Y=VjhN&k31o@dpCE!<-x1htVf(hcl!zLM&Z%HfzWEVvVv69 z2BRu7j^(tYsIUide+sYh%({k`8~mmYwt@WKEu zc}hG#KQu8xpjGRn3{SJ*b=vm%(S8DMPI`a*duY=>!gi*@vYsSb`7&0BzNE|@pwkfP z)&x$%9~6iia8-^<@M;%tac}e=i-xKyIiijL^=Q>bqQ>^jt`7@-tzh50+q=>>yg|4HfR>Gx6-Q zGoHJ|gOP}+#Ppqkn@F&Ti7gID{HKh;4NuNRUe|6NGRYiLL+I3RcLLjARiDk=d zZu+NR8<6`D#fXG)%e64pdfl*X;kCzep<#z;8aHSX5H`%pmG|g~bK`Do@QLt!@`<7r z@tA%`t=CQLV)&ZYK*Z?qB+K7v!m4DL_a)A{M&{YP>$UaWwdbdAty}T7u zlZZWV1N|KkIP>tRD32fBsrm91a+;XO!B!*G<+A5_EE%FYObv)v+*&T|!CWHs|IQ^Z z31BI>!fS+gBmkXMOk;|2iAVFf^rR!doV_@Kn>f{XnPCh>ZHgA{_a_TdJw--rZjd8T z_E=V`>eh1f#xZ{tnS=8DFf%2E48W4#w6Orc)FUA;Kj63zHi!qR1)8?KD{AR@&=()n z@(R6s5mdgH zWDR82a$X{j&wC?3+Po*r6gEEtfL1_+=LAq~hQ4qIV7&_`5>)SDdO-y1W3-qUr^F9z z65~lKxqYBW7_t4xEs_uBTa|$tb#t*4ZJ@+zvp_2K>WImeNCjkT9-bL&am(!gCBL zZ!YF`Phzc`idzLJfHFFwYXdZ8+MpxDjI5=#u@Bz*a|vVL-g3T0MNrh+OMY8DR*wZQ zc|nKDz{yZJYh+JJ?lp1PY$_S0Tb8i!=fRqph0`3-WXkb{aX3Xy1 zUYQ-L>8^bZ-t)2_Hw_ruV$eFNx^V=Ol%{N?WodMzu-Q~9TQ+cvtcX{qzofCQOzh9b zamMugQbx{=+Bj_aOR4EKt|QChhIn;>WB@!71Q;z`e6FCQoYVoq4&sN#qS1r^YTRNH5>np)Ke_>sxdsR6I z1ctc=y?{DTciNdY3oiM3Za=`kj=wdwNda60pCBRusQ^Q6XX=dV1rV&Mqx89YB~ZzI z^aDb|panVV<$M;+Td^)MqrZ7=iHSBuYrq_s5~>4Fy!~d}u#4sN-)R_RM7l)>y0le< z@Y*-~*rMeC07!}u#fXfl^5nXk4GcO;1eY>FN_{0J_-d{QG-qAmrKi*cyIv?)K@ZaA zX2pxGk5%_s&xNK48JL_^l_3V4Vp$Ste5`AR$28m0IISQ^;%(^L#T4#M~16yN9!~eqdF@=t0k6fw9AvC z81tBgbvtvJ9s^;c6Zdq3F1X9`4%B35Nkx4q5Vxb~_{e{8T4!b;)bY!4qfCWqJOEmk;Qn~qr&3VZwwa5Bt;>V94?=IZ9v= zJ!PWNsRr!2qT=Ftp9or_9+@~uHPq9iy3+>enXH64*(CtQGEiEvVsSTu`Sk~;Jpq7>~Jt-m(Tn3=0J z*w+i$?mT#G-+frIxv);Ly6t3W`1o6}jK1_RiEo-xew0KeW4uPBUC1^=q2vKK2Gp^; zUK8(Ij;Wd!m~h)c-3;^5?tFT*@x9@VhS{OJf7EnRbmI1BHdK)bOSGQ#>1~CNwKLv6K^H0*%Af-ZTO76-jM#Z2TnsTBeN_3J~cWhjmnKgMG za#O9S`OGGjJG-4J-#`I7h9K7YPZi?fm9a|LyiCFb4V@`5K%rq#;8$icO(>W);6wQsmEhk<;W@ldq|fn&<$Vj3_JkK z%PWM>RXkIpKu=-hRKj?-S5JKuo?dRI-PWOdLKG}>anCYXIP0eM1$*6n4E%hbJFQ|Z zqx8*TD}l{&yQ6h2b(PM)AB>GV5OtBbi-M`+XX$`|Iinb}xS-t%YR1=U+vPW$t=Qu~~R)N--Ocas=%2Oy@u=jUp_KXT0o15+JL2tx&?pbf5N3 zt*UUAQ0FY*!=k~HcK%HapoV*U-h2;|c6T!*O!%q69D$admBsT%>4;v9IkGRqL@(%= zuH#s|ik>N1LoZH9uUER0y_W^@d^}#OlRZOUU8=wLak3C5Xx&g{`?#Gn$*G zj2A=;(~$Q>v1r!etTHGmO{(O-`_i>nugfI-f86fdCX^Bk#0}E7ZgHEqDf)LMe0w6{ zfpKu;ABx!_Q*A(h-NkVZ&(c%LS69|*H0;5T&glY-2btFyM7`Y1kl3a_kvopdI(eDK z<|v#G-g#y57Uky$&x1<@UR^bF`>ObRK%#?janrvy6RZPZ$NYZ~HkJj<=6rry2phca zC5#D(imw`_C!J)$99561z==*J*9udiJJT7^&##>hgD#%8kw=y9_4fB?jdrExS0rYuqEXNQ2 z!5808CWBVE(%!F4Um`?a=u4#Zz>NFNwm9; z+RlwHxpK*oPtcUkebGJMO~qdAB*ONiPiZA1Y$Hk|<|8OZCO$q_7plb0YEi6(8=P^T z*P~5Nc8mv3T`5@`gX*&h`Q}yxqiAzqPT+G{?G65Ca4tK{a0DX6@7+Ny-cw69V;0dP z{0o8x)q-~)pnLTjX}qfy{{n$cY@ z?*aJza{H;)c{ae&&$OT-CQe?X)7e2H&J8aXunTKK0aEf1p8*H-! zp!Hul6AJ1CmAf;lIx?!Lq9Uw+`}fvUHi~w0T>8mOHQI=>X0&CZBKoVL$_09DuKba& zMR_3xfH9Ea0>WYnshCdydUFSLf}Tsh6Ff}Bz|-CCQZyM4OJp~Jc|}V*n}z1dO5?^g z&a2f^9dde}?yB7s&Rajnym9@G0bb%70&xt)!!*{~qBzf?0HvOu8bg&>mp<9fug9)( z89y>#XKCRdXj?I93wY+2D7 zjAK#vbbO!DRr>(!%20!v4f~Hhz<2WxbK8geQo0kkF-q3_d+{I!Z}RMiK$JBy6Ja26;=RP{im>)^%8k8;?3D-pbm8eck1F`4AE|_v-yR&d7u? zwPxeGO?tx=CCvabVWmJvHT2UutC}`lsKJ_8Lg=0N(`N_8PP#qHw6#R08eckUT`a9i z-nerQI+aiv#d2x{VPpJ3#pzM`%-2__%Hte|bjP)k=C&R&!QX#3-QRsnO(S<7(v4`X z!^Q`2k1G!Rkj)b2YCH5zY_k#2AMf}VCyVtDCiO#ew+z+J?r!hhY^WP_L%zfFSeuUl z%Km0;JT$eBfnTE&59m*vOCwg5ug%}P#DrDz>0+Ny?+vddwJ86eQk5U+Rs!g~-lT*P z-p(BfcV12CgO5hL>T61YnY!-Bqxj9MBr&q4DM|-JpUuCq8Ba^P0VVNLDQv_ukwtabSGrD zzJ`)~Uj^M4PbNC9+KvRkWY(wi#888W-zZjGrh0r5nB{1)q7MjD1so+Sn`pS#fudig zH7Ykcz)0dpFH>f(HmHfrfLU!=odmpBlL%TTZ2p%(y*-uw{I2_l?9`VTBE}2y+NMLv zMc&r zoAV2x>b02P8#4)Dry)1!P}V@JaslQ5ltfwbZ}~t7ED2ErWM?0KwmlF`KH^}Y933Fw zjT|ZFWNllT26Ol}uitW{&pK}0aXS??TX%(Bmz0c``4=ND5>57Zk_bD&tjylkfQIv> z7eCaBA9`Qg4z68u0~klCg7@-+fvYOiN_)ieHBQKM**p*c$KFR|>8?fpG!am^cZ*Fh;YQlq8c#X54;|em9}NN=Y>H> zSh+06R9ASNj!{WHTlt1&NBR+$e_ikL6ff(f(ZB_&qL#TG$4C25QH6gkzAR3qLG&-gXBQbFur}U*KjEp7?;3lSz?wrqg7_TAaHhemLr|)wh1NXaiCk! zxARFv0WyL6IyyRknmWk5zXFEUg^%X0KmpGa@P7>eX5X?owx-8x;(vC$Kc-*}1#A-{ zY~x@6W)=2tY19;L5-bUn==6~6BfY)GkZ7=lkDwv2YYaS;@*<`OU=RbVv2S5&48&s# z4dOex3-&sYb9A8j=I4KvAB6hcPsU)=#=;ML86$rCBund`NB|e5#f*lCEu_A=2k_k?Rib&s8lH9hP~i*lo=BeZ2s4%T?l+_BZmj48zYZ^yMjX?4)Eqw z0_O`rDoNrrU@=wl;EoAe_5{>+9ItahOZ(dEN>oOT3QVB9S50|kvv@DVVr!$1&A->z z@GX7o(?r{?_{=aT zE{!*+2(lOcy*?@$q&OsaGm$6yK5HrQJ)Wo%T`h}hAcE0g+^mpJ6puKWGrGDl$6kNg7=m! zm*5-X?5H3*l){DrTv=uB>kTg!p0c+CLEx5`e1GY(}JWd2KcO~!o$?mAUa;Z zU=^BU^DMDJQXEdxqyDwd4HQvIksH=%5KF zn{ybR7pJT-o)IrDcW3tYb0tvto!2xAE*+x65UM2^QDm93aRJiwVk2c*6PEB4uCL)5 z-_^le69U?g?uL>F>C7-cc2~7ZO*EkZ2RTL4VRCqPb)>DzaX~81yvzv8V{;gjr4`oe z$JglT@nPKe$21S^1KvPJD3i5kfuEs(N@cSO!O{xSR zga!PueQY?AuG}n44ljeRNW-A>HuPc_K!%aAW%YT0=k(J1WG~;2e=0IMsVytD;}7_Y z<(1qftJj~NU0&)B>?S?Gu(W3aDw3s;`ccPL#v z4}%Q`8?19Zs^dLCPe23M&jahm>x#|Tn3w>da+&4}80P_;EffGRJzy@zgE3sHwt*YU z>6wT#{3S$2)on^vJf``CT8KT-FdnN>8RGfs3s$7Paa24S1DxMJ(ygwRy zq0WuI%=6Ja>P@iop0f9X;K>UrtuGU^q*d>6I-eqa41-d@Y#C$yWK_`*WE0;%P&D`h zw2JOm)ZCh6oVBdF9vAr8T zs`p?1fV7~zn&Y|m26Bn zn_n*M@>Fwny@A0j3B)K$bF20~S8MVIaDf})%*Wdgl`n8sH7c(@7Y{tP|HEqI^>Bsu>L14DOTmbsHK}TKo1j;{M4`4u!D1iHhkM~tx9;#nu$eTXnKYJd0oEDL7hE;N%KN$UF zbgqC=t`FnoB7kF8@k?`r`EXC?8cGR`48K4=+%(^?6+tiE(1#<}rzV&V z*jUYUfZj50IsI#yFeR6b@N~)KYQO%*-|9aFDw5@$CE~(fz1oiYyHf5qe7oO+5Izu3 zQlJy{DgQNkA>4zb47dbbCZE__bpX{bLb#KW(jUkM&c7r?GZwC>K1l!4m?5VZjRkX7 z>^wfBCFGL$7uGGHSkwWvuVReWpxwLhI$||TcuflE4J3om5X#cu+M^0KWlkE;m?Cb1 z?8kPRT_u~SQGRLw%fx4QbVLfk*nfgC#2il4(10)t5ADH)y*L*CWwvB4!2?1FW}85~ zM508h>?P;(msNs9^FxELdNvfZi!HaDw$Ds?Pj;sETBk6qey`=n>;KM4%b7?mh(F#J z{KUFjeGul(!H$mT=Y0x()9(of+l;34>nsdu$Vge2gRWW(Z=>v&SQz5fbH^lR-L(pp z>R6Py24d6Rid|V6-X2lI5t_&h5^B%s8d77;y#fji&Ov$O+pzD(0zpY+y@X#&)xaX7C!=C=ZD9X`*3sA?U~A_0s;b?aJ8RTfO{Hu z7}@3k;)Q-9zy*kS9)yC{WyC8}+a zp%<;5vK8=eqm$Wc)IH#e4E$U;4#&a-2I7%lm@B~XX!gXIr@fGWF#!WRyL4w1bq`b2 ziX)iNv&-|y-_}Ww)cf}W!6_cJ7EBe5Xj73Wvx!aDPZvUcKRzO_u`8RBD%7eE*b&@m znqo7?wqHdr04S4IppcmqJq`|zW(`9N3*1tz^=P?cX}7>RkJ;U6w>b<+BzUeAFoZba zXu1~X;4nL}eWmId?Y1koxLayc4Uyq-n5P>|aE6}el^`IWC9u%C#GtyqPX$}CKN_+Y zZJ$l~gplVtCVu+zhHk1j<#<90UhOo730k?h~d4 zkNt`$r_a6qQG@l7tk7&PNfCT4EG&U|Uyh2CU5{*4slqUjfa&AxbKjuhrk&;n52O@m zw>^v0s0_TeD(>j-^A!ptYsmhYVraT-?YPNMjlZge>lqtmk^PKZ`NXzxmg+s5AsT>h zpz>vd(qu!2ggB#%B$L(fQY16{W@9_+I3p?pg=PJMML1@Uy?B)I)wJ*)J+8nt)`y=0 z9Dd)_Smgy^=Zf8k6L#s$9+GGpvjI2axsDnC-k3fja&GRfp?BP*f2HO=xOX`(6q+vr zl3(f~*EnuvxdG_(8&Fwp$^(`2Z{Rs<4<4ztIwoqoNDYp|Qo^8X|6 z5QwEVD3H|rk|YVT&(6`>>+jg7JKTZ+?JT^E76!YR@Y=6iIIC@REwzCPcqYqZ zT|eYB1GFRs*FB}`{(q*%ZSqCc3b2FHeosCSboua)Rhwb!mLyXFOt-M$ za#9>%0{4NHrPI($-~Ba(9PYa4>1NjOFf=Zy&P3&G`YTV5{d53}#YqdVwdEZwX%*u$ z4kPnK7Cn^dWF#L=3_zKU@c|kUsZX(QHei_wr7E((u~NIEZe3Xv;LPsFIKZs29sF)~ ztR!+$I^d#KhC9;K*rJ~{%r9MPP4^$$aXt>Jkh$MQ8LLJ^6l-Rbsd;2qI2gU*Mkh4> zZGa&Cwkse0#dV`Xr03=aRdu;@R650C+3>6tqUGH39q59}a^y#5ymZQp8|^H^1qKj1 zlq!{4cOo=hNHEp)+S_U?;2?Y<5=l1o0Zm3dryNV5T(T=a8NjDZX{5I$vTj!+tsLG8Omd+w#cjJCRhzR6_BU{en$di2vz zu~izK&6_}36}!K!JB}R1(|0WE{x*wgGTnQ{DZjn)WS$P#rOq+F;4=l(yF2N2E_%t) z^#1x6dIZ^rbz znil9kpGl{ld;-sNBJft^=f+k+4gV_^v?{;X8*9%L%w5bmP7lI0z~GP2Cn=y;6R5P} zI6!9H{|Mp;QfluU3JzV@J(A#me<;2<|7f?ZXh;NGO#uFwDw37bTjC(M3|UPZ%YP6UAK59zlCR-MlQMiuzHjchNvfm zzmz_6_)sWOTt;O#eP5_Q+E2f_8vz%HcIRXoVqWLYbDvn-V9YeoZV8zAlEx`-m+%B6 zuKg6@Cl!XnaT+d9ct1Vf0ou796-!qAHNLjJ$WVc%pAYPb+avD(TXyfE;bDRk{h(!P zTFveFw=eJp5VG8^C0OqR8S%TBqzN_h!5jrj5bic{)(LRmVxT<_HC_efh4z~AZ9!Eb zomw&=C_1XHup9|*UaP07i;FdyfaCs_OtI79e8>jrFTOeSPhJ=Bkn@v6*Z_Yw&KboR z+WeGtI+74Wl`%w}Odw~sc7ew8)0yG~-v#N)8rZFThx`1(xGAJNiGhF9feQx+ql_S6 zN=*u5Z6ttaWv+2j_ka(h3v~We2r|=5S!?9=WvXl5TD$VzTsc7`kSKV|U*)AG+2sE3 zzfq0-?tB$}G)GyaE3SutrDJo|9Lv6~y0A}zRY3|7K=YtGsOEta30y5D%_t(B(G}G4 zSW2;XQeVZy;Vi{`EkAW|ySLt-?A%#5Ph$}B;+Ecx|HMykBCq56l^0+3>usze zV!wZvSBWOmJEimE{JHxq>Sd^oo1?5JDKJBHkc*>#>M}oXJ74E&GMMW7^G*Uj3*6S) zzO8KjG72Sii9pIC8pW8hXawXeXJWb*2Z5Vw>a;kpN??{|NH&?J`ujC}@bOlI7*vda zA>NuOG|GIMSxp-RIF*7?l!HKjzy6_rZ|Y%M&h>%Fri_>8IWN@}7^9yJJnrA%LCysG z*9>UQt`rc(iao!t=lmcT&Nqd&O*R`%asjuq18{r)3h7o6T>{i3i3+1i-39?5d z0>xLP3ggC~)nJBR!z6d(W;?rVd(=@^#9DKXxiV4K6;A?WcNViY!efaosY}!B_$aal%uQ&fV6_$IYU%0IH#ex!v0~e5zm+u(R@NREi|6?ss zrxiq}@$mL?!~2!{1taP9H*ft!3nX8pGn+LB_NsIw4~%nkHD+9{f`ul<`U@WZG1fv3 z^Ya5Il9^wDUiCv6YPhAA+cWj@bN3glubOpd7--=1L6;7kA+!%VfkuWKhbcd4AMiI< zUU<7BmlYIQiGq(~!!vj(1bFfcdh1r4p&}2-i9tIwl1zyiXY{`liLOaN6hmS?_p{xlo_H9c20ZqbgCwzS;ewer zkTT?}{(mxFyq9-n7IU_H17wT@PZ2Q$R`J&$ir~j~Uk@hA|0cQNTRvuQ!O0Rs z=|bOSkVU2gB<|JOVQTZ06v-@Uw}wMCtT0SymSV!_20CSqS~$- z&n(W|(q;9#gJ>H#k@!isbUl!I9enO+?)89>>YX?e9>=#!8$&JP2fsx^bIpTd=|cAW zGN2QQ^^(vZVj_F4ww-JDi%VLPWcQS)bN4(KwM$9Y`x9H@qs@!oM6tpz%6)IU#Q5JQI@@OZ&e z?Co3K)>ciS3HRwdf~x-u6Dhlkg1JndN)`IJ55&dK37)@r5hPCLiKkk4Sk7-Q#{`4n zfDju+Ym{h9puK<2wss=ep}|(5QgC1bIht%!`l|8E3Jvj0tji7^q3-&@Ch6Y}4EAv^ z>_0#U`DI%8Dl1T;o<4%;_;zi~fPq=cqc2xkGT##re2pWiVTA8EQ5*%vFc6K6C-;{^ zI!q23t4wf;VqfRp`I({w2v=L}HNp|`;rcnfUmd8l8!Yzloc# z0d5+AHSlOVf!W!H!q;pp@B1jjd5TOT8@n2j%UH?SyHdSisie}(uHjr5$Jf4d6a$_$ zu{q>*`BuVhinn=kvW!}#N?mb>+<%5fLm^^WstaBZ%D2V? zuTu0tI5?i=#T5M9T+JJDey>BV)Kg(S;Dxzsp78tpXY2aVW$yg<+k%~1C3>T_-(Os= z=Oz~S_6ku3oMfkGT7{%E%^S4xFRq+#1bZ)BI77(zL!KJRC~w7nTc7+jAo2xKT`tS( zEeiVhL01{!yO+kkdew##Mt=BDl_@4m24eO9lqmle%xS#fp_$2z%pTm)zV5I%rzBUD z&HTYKC51gcXfY{!S zA)H0sJThOhdU$^F`AnU{u(v2e*QkR$B@f;@dvNqbBeWxH3oyJ@l~_8k^+u6@)ax2W zg7(v8Xbj9=*L__si_KP>-9VY;tIQCiJ`@!DUm2>p6J_qY&{vMLyB-=iY)=ktuOomj z3?GysyFLHf=1tCj9dps0DZgr+_d<@=cM7|IJ=7>MMFSg+*Rc{|6wAgVXFOQXCD^tB z0Pnd(Zy`NxG2(l0N5cO5t0)H8Vi85AIPe0}ED-*|N2^8fTmjS3XwzHwrejNx;v{Zs zfo~-v-|ihwkpu|YCIO6NLI zGbc00JPUj6qcW=rqLkk2cUt4Mm$Frz5EX-$NX)ym1p|CV^^3rYS2Oo>D`tEHj(}X?G`C~sS*@Uvb{-Y~F zGHUL1k_m2EOZQc;L;arQKD$sBE(_>6RJl->Unb=;5>IP`d#T@$6getJLeJhDWl!QdC(XDX4 z&8Bu&nTd(?I9DmG96XvMjX!=t6x(WjvG;+4VPa|6UwW-N?d#Vibm6tzi<6Ga>roQi z{v_UyT)cT2ukBcoXqr&s?%}>i4w3Znm$_`T8m+0bT{afHpKfpnI3N9^wZ4-^mlyf_ z*(qMaz=O+P%JQ!09ca#d@b~p&LiP=>HQFcb}$0r*a_zC0+jhOtGvD}n_-6}=0&v8_Ysv4@A_v7>uQ~4 z*;_5<#eBXV92n_8ecsr83j$NDAuSq0d)F#XO=wQax*im-a0TJDYmR&HUqMDx zR$R5gPlAVBSmypfl8wlyroeRJJe4|{$$D&utgzPTlMVG!OK4L zB@SD5gkH2~%#Hof!WCpmzK=upV%#DFTYPm|fXpYk-o4v)ceWvDT-HJ3oiV!*SOlYJVRJj~@sIVR!{O>J-BjQ7X{T?zB!u*Ctnvhiw zhAmwP*x+ety}H)qo5aJKz}oKu#94BH!h zE04ugGhLA6Jy+QM`GVftEZUqOs6z~P^&lg|XRaQ9k0P^l)0AKDJ!QVNS5;vfxbZKZ z8Rz=R%#=x^)(JkG+aG|;g&`%GDB8TDx8m?Ps0z2n`I_PC}0$qWyr+w?LpjOO?`aWa*S`Zq-;JCBN!T3ZcF+F2DQB#~}0^#2)aJ%)% zi|olD`GwN{0%0*zcIVlD??tAm9p$1DQ+NcudWD`xrW%dKTIcNi(bf-oFz`Gj<&!?E zJc!V8x&YzosqW5y67-`$1g3z%Qb9&bnPTMr5I=ib%95C&6qblJ}mKx zoS76%Z%^&izD1nMKu#X0k3mZI?uwsGgDK*!5N@E-ZMcS?QWQJ^U&tNP@Jfl52Q4fs2CBamn%VmY z?{wHUO<%2(J-T5hbZfly#Y1ln)KF4^pVBM>xZ`hv$^0jH>gWkvmZu-%c{RLzvd!<~ zRWHb1^LvRpNWZUr?6AtY=H#bf$4xky;)^5G(yVTFDXHQNm4#x~Vw1PaYPBo94;RYp zBl*N@skzHp=BxBSS{UD~9NFA2znnGB)lHmR5r{ruQ8HJ;;}`?ZI^BBS`HWqXN#mQt;JF$ zfbnDB(@O;pnCPPBT(f!orHsVvAELS(?nJ+Bv2TC)t}A`>dkFn|eSGd=UTsU)UBq9k zODZkMUp$m17^vj1N=~`!BLB3gm-mtIVSV?8zKE1r%@KjnW}yO2v%r`y4Fef?oh%J! z$f0C{6-#E@=HEe%-#1}@V=c$u!3dyG;OtN4H`l=^A2v$_WHp6f?>dMH07hXiE06^6 zfFA>7!THtIHMSMtHU3_9E>zplUN`-xC4ysDMT|5sDAjpAOjo@Zx6=at;6pUhkRS-K z>XmW`uYu$x0f(wSm(?TjRc?}%np?t368ZkP8)?^1GmI>8XwS*9;PqJaUeoUc?7Kn$ zZ4Dv6iUR2)37~_up&>kOVRt{=FgE!?p2c~|BqU<>_oKcTdPP4OGQLpq$~Ab_sQjA| z>)P-2ayu0j)B1EBaq-V3OANFt1NOzKA@&zb6=n}34n!ZJbumRPy)p0YK4T{hmR=s| z7!8<+qm#0KP+R^?ed8#;I%mus?_~2wpuddtT=^QAs$|k=3{yg-MaW*37eiZDbdSo? zruRffnWWy5IZLCJ1Ga2DM{^WmWaj6|)Ee~)O!Ox|FY>n*Q)b92t>@YY2O54}t^PW! zHZ#n7K@#cLbHC%Xhe}E+F=IvYdv%cao8V~RXSGZ(3^ZOy1lr-q`pnF z1tV5ZV{)Jp9pQ5@od%?_WpZUorW2Y(sW z>)B;bwtv5fqE|@9K*X0p^WMsTDPm@mHw2_kep(UEOyTY3Pki1;5-MLBW_loxlH62) z>Ze4&)FY@|$=JweLJMEop@aZ0ABkX$Y9*r%@Jcz`gNqI3xayvR^Qam0+DMot@RhG{ zYlcdB)U+6KU_+SXfGb4lQG9Iz*LNq0Y`n(aXk4RMr7i<>5HlC4%6nXL_=f zZ_DBnWt9+2Gwi5=MohA9ZwjU(@`FGs+K40x8qHGEay&aaj>BM;oddUy308;ESP&Cc zSmFIFy^)Z*tw%NfyT$~IdNEdXo=Obzk~xzOZhn(zk=sX}U;TIxMPA299BQaqiG5}N zncWH&cfhb*qNv35$6VpH3QrB}2o@A+e8#rZ1&>f+e+*x^+gzJ>sn#oR?4%jT_KuGN zZwgQ6B>|P7PMhfje@yraC4tK-oGfxt@|&@P5nm>a@y149C)5L%~7+>V~-en9x!@gbeH`bZi z3FI&I|F1@Nl7bpp+R;bazX`JN+)j5NlO5ETd1(QD2FP|$0u%bxL5M@-C5!U+sI^O! z=`D~DI+!Udd2#>g$M(U%>Wu|+T==!o%|*GF^xwbr zk_CwbV&8#E^(NWrx1WqL7Oeim^;=gfTGuqt@%FC!)43laCEXEgS<``G8+*IHrlx3h z=0N;SS}WVR{di$G-#44}?auAwqL}<=IZ-{CZ~C)Xby9cL-Ur+Ph=!n|Uv*$a{;LIm z!;I=SiQ#h*uTA4FfGRSFO8;R^c^E8L>ob?>{GnD$BNfZgcbe&s z_O>Ry_`tCwIRbkbsm1Y-s%?#NlBq~)!N0www~X|M%j#L2rYMq2h`T^ zJUdV&{^T>C>75bSL8H_`kq(4Ymw?NRE^W*xNy*4U-ITX_99mY*Vjko~gNQX#?ZO93OG_|3m?WH<(?RCi>@j=J!fg)A#mQb! zt@G|T<>m3W(?3U$j*R+RAh>XcK1Ng5mJ`9ZMK(fcp#qJkd;DQqv-tdlajLda zN8hQ|CsV3kNLCNi;$~)LEt={jicN$^Hy?dL`2~_cD7{Ude|g3b($qwrG(sle;j>>| zT4b^D^9N>6$3JcDpC0-|7_60#s^20Q?SBuZnT%uwZ#Sgsj8mVt+zs zVE%X|hxc~z8|x<|y~7Q$ z2hyjpy}?zze^<@BV^fXh5}<;|)Fa-btDh*_SqBOmB}tK?YbqA3WlVUj%i4KyD3^Dw zVVjQ>x5ykBGA7z{I54apGXpTzjJxxR$ODG{Sa9u2L#T@_sOhh`ko1{)Bsnug*~Q%0 z#X2)s!J<`Rmc=*m7HVk|jE3mGVh<=$@q{Q!{^*r_p@kzTiw%1=6$R%nAK{W5rcyh~ zGW%jQfC!X17dg5E0s1}dr@D4!B$Jf@fbzzhA%f!LLF3a~T2(>EC3eQdJbb$-s^-${ zfu%mK8p63G3IkGJH{y|OxsJpKrJ1iJZ@nsKY7eib9id3p6*4s$t zu|5CQr|BM4q$20GyA(DI`m022D^_TUa%?@tBh6Ho-@Tb} z)T_86JcGphNYW9^GeGgbJ@E%{UL`dvd+iu$Q{1wY{d9=CGy>O|RG- z{h8Q05&z7LP=m%xo9_`7%w8>~X%=y`!Y`d!w+3a~3|gPkLc>6WS!q}p!vCxXqGvA&ftSO@rZ&S|&>1qE075(q$4oDgu2IS#*!M%uW% zea4`2mv5~W--3AR1cxY=F%Inc_nao{?GL+iHhK|OG8#ih)(Ack{4-pF9iu4_?KilN z2P_hePm;nA8fAi-{8Ul|r%!U`A9CDr%VvhHYmnV2Z?H-W+8%=YG>X>qlo0bW_Y^UF762DzE>d1E=E@K zK34b9dJP`2H?ssohGOKp^ZC|%wsLtO>fx(PJ2|L!!_Cu0eAVNU_bPcxsugyb6+Nx1 z2ltB%7LFrekVsEK5)w*Z-(zeZ>pmGuhFjP(SwIGmxYE*t+r4jH}qZU48TjMaO{(d=Thd*OOgaq=lr!nk2WVJjO zV@E(E^0C4CXgD7(Xgn3~Kyk9jbaHHWE2X*hGk&B}T71YNXC;c(B?_u2H)ii-=O0!S zM)E3Q#074rGj-~~#qIv-K}zK7EIHk@Gw?o`XiF)#7foL5EYo;(7Q>=$+rb{h&CbETO3{->T#N_zU|MY}AeNELybqtxuA;Mu94h`!|Y z6Tcqk$GKPxIkx~$}=I7e4`;7)>ulpwcwlNZ2voE ztaa%_oHyNrKCu4+#OvgH;GkWu_uKf%%T)O}hg{De|G8m@hYo!6m6L5XO+}e!D<@{9 z4Ay(kMOwm`u#ywNfNYB2X`-Ly#Dn&qy=%o9(WwGz(fkk@r>VPC`;e83m3({p-tI!T zVdw5~9OZ-0p@Dp^hu@0)Q(wd$#?Lbq??h)>zTes`O>x+|a3eUsxZpB9hqCEbb^VD$ z!30;@;6iPtj8+50gT@Lk(lYTgaK_gZ9L$W3rS=Ae%3kUx=Bs9rEwRNX75X_F&vWS4 z-dkir4N^+{cvpJb9TE3M@iSfr`A5sMiq5b*hi4?hm0Kv9up|L8OR(ZS1?pv{9`}x2 zv7ooyeAfx_O~Ac)2_j`%Pvb(v{;1Bv;!Ih2@4*#ShmjsuiWjd&8Jjih9Z}a~rqg}r zSKJ?V$1_FV08WTG&k!=`eEO%|hHe`)hx9$>>P7QzJL7gMzl{*vS_g484F`QcUU^(~ z1)LDtJYUhbLqw*~ij8=J%_}U*_Vy@M!5!qkZ!ymM;sF4e-|q8$iw-xnH*oh>#j#%-!}n=?l#X6&>kx;yJ60`$`K7$c*L0@C zt8sc4U#H%7_)kq)6wAsixNp*AvXbLl6!gXQ*F|e&D&!I_1}(ZyZ7TY?R=gF2`BR(h z40bi-CN286janqz-u0*si1nVksa4$N&p7oMAlN!sOB1wT|6Ht5FOgINSIyF+>WUXf z+>Lk8cUBUUwp~bWbj0wj&r652Tj?13ZBxh2j_4h@!AmDKe6h*w=Uixp~=8pZFMTJ#Nl!V?N z&}~alIzPHOd>MuxihhvvS+dxFeI!A2M$$+6pxC0{7BKUiwawcuf6tc%@zbnuQ@O{s zudroJxus+yQK9gG^qgp*b|!Ipo)ay{Jg{sytQLN3nlDcZ!!KvZDlSb3H?`0`uXDgr z$yT`mV05J`{wUcmYv*Rxkw%BN$k)8ax!AI0{(~DCnX6T*JE&s}} zO5|9&B7(|hzut2z;KB=#b^!IdZ*91?xNIlw?K|CYab`9^Zdx`)==RjU@AYe;Tu0`d zrcOgPWG-As-6N_r=t&PBy%d_^A(x}T^q>7t#tooh3q+0UDlb&{11y`m5Uc3Jf9It3 zyVoOUb<88Imh+bsphHw zJYO_BalV?qdHn6je|P>G9vxfFc=91qtDw?ih-E5HDv0zJZW6a=91sL4zDv%sbEKMP zCYGQUbN(D^DLe->2e$cAtmLWoXyq@WJUJ68yQ$+gZ-hU7^!a9JjxDx!h5l~7-!c1Y zTQQ~b=VJ>M*bV!heZk!-jw#{!pgDb683RRAZAVrC*scWWfdqjAO7h4&D@cSkF zf{{?|F##h|!oBHM2o&FHNw}58eaTMEU5PiF%dYw+jhD8gJamiK)_7Vb-Jl-Xa4Qjw}7= zh0l<9-zl9Ve#Or#(*R}{`Tur0-ndQNULcxHP%ZLv2!)@o8$ie>#d&Yckq-SB8m~Pn zhA2;6_D6I!&phU2Q)B#fF6_cjeeTg55z}jKgeA!EB?{!1@hg9g8VEthM+X0LJF*o~ zSG(Ou28#`{?`YZ*2zr!B6<>M8#McBCBn$JG(~g88 z&rvEdA!Q~&%v9G@h^v`m6j&i}c4jVIYTDt1@lQ&Y)88Jx5W9d)Nr+SJGP~k*g!ujh zOxmi**8G}JckQL*vp3!-B2#%5*TleuHg!F-C=RMpke+euQmmzSZnchmUUE#{U9~^+ zU6P+pxm*OapaB&l=ge}7ysu_mHlYXwl5Y{kj6 z`q#NxSN>oIA$2;+UI zE6Y`(e*KLs!$;{R4R?Y_*l7`}$))WGu(lEw;bKcWxz8 z%`U@_mC|+HowxgXSNqCKv2|o873{hje}ra)N3>9+3FX7lLwc^#5}B!o3jjyFVTGUC zo-)KDO3vcrOMaTB{}2~l#vqQ84u0pRSi%^Pg=&Y>um&UsI_ESx0rYSS5tiOUvwWUS zh!ag^F;R#ALi|jwGwf8VAO(OZMHUXzsS0iOy~{mO+GT|L9E1Gjth;*YB6{$|A2w(^@grxI#5kEn73hLt*17z|+v+7eVWPd z1rV@Wq6o!*o0~Vcu)vAC0ekfw+v3^veS|x;n}!5I8FidmF`N}vC4s5taW)c5TEH^a zaXU6C3;ADwMdyRJ$@ShJouu%GFC>=0Qli{uNy-v?-!3=9&#EP~_#JFD@GOT8g~`j$+cR zN$=sEJY81H*DJn_GH(8PeM-LZ-mt?(KkSI?yd*i1hJPEH=7)1a;VhPo+(e$RcpqrT z>q;x-cu2sfO9fo?xI_qT!|Me57r4o-S`p@$n80^%!;HXa1fJvRSs{x~R3H2d%nKt< zPKQfb`>nIHZ_3;kjS`71F}+EG{&$XOkU|>CbuJIcAIBODq}BQhOT5^dztwLg;$-DD z_V(Cw;U*XYOauynLqg^E6-+KAo%qGB-MKR)Io&VksO=Q=T@GXbrC|r$X@2I=zRIoz#NBNys zT<;?m8^3cqqV4^n(w1%aa{P+Er$TV^5166Wp6l2@^`J(_QMS-&L zoT-v?eh^qX2SjnTVT`#P>Uij^tc~v%bfcwCHYaQhvtO{+c_G{>mE;ZV2zg~)qNLAh z@J~kAXYlsmPi9w)x3@lG7hg(3qFJPvUteoCq`JP$KIxu^vNAPN)VnU``b;a;S%7bm z7~u_Q*hoD%5iM>MU?q@x5z^?duGn%-JSxzGs@ju>?i_j!!1)eUTC&NbZxuKFmLZ56 zT6X^hZhYsXIzLLdlws>{lyrDHwBk)=#qZ*%m62C%2v%E~%CEbE<7vvB@n2PC>?3(i z*)M5rqQ+5-Ih(Y1-3BvUOTt%zQ@H9F8Q!E|%ii650+lD?V!owX%QUw?y4d)8ChE%A zWoJymhKG+358YRX``jQ}^P|17$V#{Ve!YxI#3#9uGRFe_TD=Cs^%TP^idyKHXR=?H zMcO>^|60Gt*9r^iSr;vaHwIXWK*%-9P6CwNF1k4Ao9lqu-Xi=|GyvAo+B6!NPfFwI zzokz8Zo~IxN%E!y|sm|KSS@sN2h+ZXW{Y zI>=|6VFIhh9)^vB-KaK@C{Nt!G<5>B@{0~FxeKQi@qCiT|LD_?-!YE)XtZhGJO3A? zlc#@^8*aMl>^{j2YRK-?HRPIsi{e1srK)k1^yk=^TRF*>YMYk{TTJ+%c2V*OaD_dG zFj=*%{kIuRi^rK}ausa|MI?lncC5PAo$jMDLGkz5$G7GEs3?hoLx1bNn>oSvCB+#O z3{h5scTLtAl;$*}-6`?V3~9e_{_jZ%L%!gkS&EZG5mrAi6Xc$k--Ysmf`eOp?x3CI zzC~?p!$8@PrJJ3USOV*%ILeBAyUsULk6ARPgiwC+mm>eGXl(E%I{k+Wreb=Egr#=D zpl11lK^u3{w|J^f^z}yU=5G6-`1;R_W}q1I4k56iy%rLX*M<}A@l0(hBO(didTVCd z{6Jnv9mt3fbvt}kbajALPNus0XD$sE@NTb_UC~}KB2%t%s25f|!k5RhCmyyPm)SKX~#GNSlCnb-|0n(Jm8*iQh8pRvNyP z4Vm%guHJJv+}8vk%{{O4Lm9=azQkUM%(2(I&;Ftqv5=>H860vow?1Fg1YAXVbqpxF zs)?zIr#L1awsi{Hmz-Yl-psj~_EXTcjmcZ#p*D9KrLd)a!Ozv+h?CQlkW{@qZ!&`miC#k0ZDD)fm38BlS+*$(0Q^B-{6QT8{^$=tF*9HzapJbhUn? z*tAC_zg!GkYIO-ptQ2`kv>y7)a51lY@b7sok@5EHTDRd|WFvzqq_(sHDM2_DR^w$c zQHEUXKw^!dxi1OV(biZ>(i}{rjjG{VPPcplpjQ#89#4V=pqhd7AN*z5Tk=PXq&FUw zM0>0`7C5wSj8!u#UfOlC*%gPIk_C(4T;Hxu892cZ2%>J~1s(6ere^2Rb|0C10mNve zYPa;|lvkPN|DGDa^ay;ztC>t@J}1nJ^^wB%K)&*nkiFsL7Eq4A31xP^_us1Rjhjw4 z8&L#Ss-8=W^?*G$lTWOut+Efz3993`#Wz4CwCb4#MbSrGjeuv{c(;^H-xCW?fSo#- zzXHM^E^UO^7ymNzVmvVfv3x^j>5$lHZ8n-iXT~hhoUk2&xi7CvKoDaSd|Cv|R zkSn+bxG9_z;!wZ@Ojvyv;lBQ6Pab3MgKYF+TxgAMZ>y|(px6ygUkHJj88yR)07(Xp z>(Ba35jQyLskEFU%DxJWbvgo0kgONR&J7JBCmQ9X{l}~_d(|~yGmYBzLtWI5UUKQ9 z%G$IwZQb_=ovQX0gSZ_XpBnFAR{e}1+<7g>&i{OUiYR3n9P|ew?3d`(Gl=fpEYc{L zX8S_S;(2ZhcA}p*0`G6Kew!oMQ~o=Grg_k}O94ExMA$=old9_N9{mnhoHs8nwmPZA(iaBXPK*y& zJ!wJ%G$No`E(XmqxfCM~g!|_cGO&hN75HW4)Z6!uj@kf&uT*KJTfJ0OB_N*yyNMxV zFI~!5tp5AI8`FK^M8;dbp=P22Fu+OX^*Kqz&YsE?9FKggjrgLCM^!CCy=+|wjgVdm`bO;D>~l$gftLykzarG zpU0b`_UV|2!)8j*D{3W$yEtY(fF0@DREchXL_bpmngdqfz!ct?7dns1h;w#U5U>B1 z%q=~|%#Ph^gWs{<^MIW%V-t^gj@i|YP|~EHNM!V-03O#@$-#iZ#+Zgu3Vu}54{0sP ztLzeF5BsMdWVz;v{1g1-*NT_W;2}Jvxz_OENI&lO&XH|W7)DVl%>Grp>B&)MEGWr< zUq97O?oRyQ3#5YnDMR&rxp(DkS;OB@ISmXI;V^T(B=d>KKW>-WVQe2iTV_Ukli~;mF7t~pZ<1S#r z13V9SMHi(6gkR#I-HHS@Z_Pz>f3SFflf&WL^$Hx)Uf@@JLnC2)g9b#})Wl8pOF)p+ zP7ffZZbzHWTlGf^HGok43@H02y!5K)#RmEZ7L(+ei6tP|$+y>Wy`lz4lD9F7c&|7) z4`NhVfN1j?;>djR{?ss#j5Tm=vPwy!@yNs5?4VhZaq<+ajp(`vIMWFVi$WWMp`)k8~ttvaMl{`9xI=3cr%T+MBd zCbjosy8EvN3HrCD2yE6ecStm9LhTiUM!LbuAm+B|dPDxNUo8^s6VmXOB^W_eW60~O z<~Bb^%c+9Ms{PmHH&ASCe}570d9Y5g=raVBa}6Ca(SGvcsOMsp_aE8sJIn#Dy4lm? z4TQTk<(513-)qVNH$0q~7aO1~HB>hKsrXpMIyu0SxLqU{Gfg!%cDf zG$~6@i>z-@Zwm0AJ=xr>PW)MV@}6P#7q)~MiS*A8Aqxx~*W%rZ@M^Hj{z~9;_*l8Q z`t|;i$mNT(Bb&ueQU?$KxkrDG`j^v#Am68PNvAeF1n>H)K9KA@8a0btdEl@*{5}7K zdypzBGV)_(Z5`dupZO#iVwV*z1^ozM)mJJqySNv&x4+*K;YEO1?oAd8;-C3rY~K}p z-#M#y;uyKjcss>P>xf>&b6)^sNY1QooVa2T?2NP?@z8hbg(^H|cH(iF~*HWLoL7a4kO!BY)l<;I#ex=ud+DHPCkxzu4u98K>g6D{>-LSI?FO<%ZIi!SXz=75{)QDlc;pjEbp%!OG-#zFY+wW?FZ2 z&4HV|eX#6R-3OgZ&nGshKq6SesI>u4zp~rw-*s2VVjWD(%y8SFkboB*1N7<7;70QM zlN80zGtE8s8^em7M)h3oUraO)-n>>ItluhqKtaMp0|MP>xV(DK?;XABi1XT<#I7L# zx}Eo%T`p*QEr7@zpPqE?#c*nc2Fx=WnWl_k^)UXcc6ftD2ATDHO7h-K-DEwnjNM5U z2o2Id_~C{QRp>CwSg9+zz4q<;76bXUQH~!_J;?YxE0cka88Sk9WbAm`1K>x_K2xHS z(t+Z?-R9!r{;c0?UjFA!dd7zvoEftSq({Z5oaQDnWn)V+*mqp?*g0}(FwQ%P@ET;! zf2XOJ>?_}2QrDPN&PD+8RNHwVQRC5w3ERKz-2Zh>8Xvu7zzz{@7KtT(5aqnu2SPh? zaB+%W>wMK(YnNE+tejn10hihffd3!^UiKQoZq(9;7a0?(Q1rbn-1^;wlYQ@V7#|_b zezG}P z<1?b5&vhaa`Sj?rzHN3Vf#0Gv{8b~53){v`f+PVZsh{A4eRYT$iO&*p-0&`v_M*SK z&lrPQi4XCDN4x)xA++1zk<$ngsuyvQeES00pGj>PPv(n$5S=@~VXQ80?C5i>&iKYq&wG>(@W4f{%WdLJs)N;e= zu6dQ`fop}pE_?*?h23AnM0zydPdmDH9X;B~kE)*A%z6G*8q zOA*73$P9U#YRfp3=2;CMBQlUC!6DH#%1=Ja^XFW5HPMYM5?C89;EG^dz*|AE!3N=O zr=y_rX^1}hwNxbzCX}A&P5x=te+m*fU2mkYsGrjV!~gRhidxWsv3~8f&oyJMY3|0{ zTn6dBc8maju+?>@8i9lt#XNwCD_#BA0?YIeV0vSND&xq+y6P30H@wsI{PA2X#$3NV zOzaegO31!X#C~a}6eoo$)H0z`bNTmpKigicKZZv#5x_YVsa^$z{hR z{6d~r(;~k-kg@Jot!3zAm)2fzB(kB!kt{+ik3!6N`CKX!B$W+6EdO}F@`K*qVxnVV z@BI9HdwEmgda>SH30kX}nh@CHPyrO!OZ``9ExGfge$4lCoAsAS`NZ0Y?`kGU6KTMa z8DAIViC7ib<=WB@E+OOI1Xpi;mw4oQCih0I6eiyPmOkG%|Hs7>uR~A}#3BHtFu&5F zJ4y);e{!rV{j-x4`5WYx)5E`LA6b1!NO%k+RQ``gtuqs>5iQbv2Udgm1t{_A^|1eB zI4nA?-9Jsh*ka4pRA*^@%KGNv1i@@X$^f3I35`o(rtPWCi;(lvWLGDFt%MMuLUS$- z_!yPV)zI3j&fr{l?&zu{t30BhPiHJhgvcO;qHGd9?wJ~(3ezpLntCsrC0gqyd> z09Q$#(X-{*6)U5f*odp_fb=s+nWqCloO-ysvUNC5wW3{S3kWoWV+p!UGE--x&$oi#tg?ew) zm3mR!^vURZ8*h-wYDUA3!3#ij^k-0Mw?i|BYR;$hw!Z3|*v7A&_ZEA7bG{_9n5mn} z9G#AdB6uW(Gc~ixfOzCqpEEJ8tf>y}fa29K{frjPystI4L`dO&LyE%sm+reWsO?{6 zJukmhe9Rmww)4U?hf<3Liiu8hFQV>+DYbs}Rg_!pGIQ7*d8i*sNqh9VUI#x(lv>2* z8G{Oo)IE92ZpBE(q&!ZYLY+pU3=C=@cr3@#Bw{=2axFP>TyTAF?$@?kYmVAk=tlGg zW`fV$KY@QBD2AuMOmna=+w?{0b`Oib*t9$LZneV${qkWfSga9l%e+W7FFX0)?v4<* z@5s$>^7bm*MX?#{R|D69O4}0FyXgJ$n1&^@QPE*#=HG1#tn8ST4-a#q2p^E286TTH+dUmhX~L3{kL}l@ITItu-V`3d%Kc? zj``d;XyzT9A`OYnwg~MQbFkDDjQao-5w!A*(8W% zr__i_C!Trj8oCB!M6h><$v|9WRyiBZw--3*oR!-Zz)K|Y)o<_50Ki7)07eSGW2RY1 z@bo#<9Ymg!)?Xgo$HGd^z$Be7lc;fMGb8Tl7NBCrwXY@vd&N(F%pSs3pav0=;zXC( zOv7(x$#3?jjcUs(C`5aSh>8}!o2HdVKOJV0HXHVsJ@#~&ob!=+>bc+?aZcge%E>D& zCwG^xa0VL1t-x#+>$zX1#gVO6QNx^-F8nDHf=9yU{eN0e)8s5@=i8q_E0p?Kwz^Py z`iDtbZMCA?Id3E_R@GbxU!{meFWaw7KYSs5FM?*!5L&VM>(PhaQ?E>Jqdw0W&UYMt&~<(o`26qKk6Wkkexj{IRb`A;4(4(Upq*z1?O zIx+OmR^psg3S-6IYUYXvffF_YeGtsI?UeTw9XY^dotuet!7T*l-UlmjdN_mMY{}sI z+U<$Q$a`;hGrZ`)=9l9B-htnx?#&u=z95AxRSKitR|||3J1&Q%A;tOx&GEym1>dle zKVE|lvqISE*Q3ecE}JR4E=T)2t=|1R zdk!+wu#g;nuV-XFesUh#U6fW4{_qdAuhMs*<^_kN9bi301e|}}sMo!CDN&!PX2Y^J zIA^gyULzC`e)6NlYI_@e)V(mkeSR#R_9UAj?}+h~sOw5nzF&>Nn7nM@afpB#F;vYw zFKc_K*v~_%b-QgbZ%>59{o2g~LN22=UbM5VuZ1XO0I*F2f=sr358>uwPzp4M5=B0Z z)BQ4X7_NCCe^`C4Yh)Oedpfgb75Wun>g zVG?aYCNz+Q{o{q(;e4~$MTk}MwJR}4)+*g`;#A7ArnY=5wB0QN%pc3tLN2eVqo^QJ z3j>Y4)X~cXC;KlgroU-=o&%l2&RDD&+;%$O<< zs)CG*z=qr2rZ^ZqA;es1X>XxkmSd_9)d`u3^y@jaBTUp}E=Ae=es%eFHD}$2pX?asYU{m`2zq9NyRT4V2#kv0?GKO zM0-A9#A}t9|M2$$z9j@C*LT;bCz=@km(tSt1R7k~b_+C^W5Bwh$|QJuT^N4ED&JtJ znrdtv?vajORn;u#7`->H!SDOgU@WN-ERZDV7&YP*^D4%=$RSjD5Y~UG{zV zx9^|IwL>9bDl}amDNT^|TKD~i)l2j~k|^q%@#3SCo?8;x$d88x%v&7eVk$bs6AurMj4IiK z*~^9JMtX?GUk9j7PP=D=)}t01u8ygPH9um{m*DKv-FQ*^ibHmRn6fGAMzsnC)N zTHA0an%-MJkKk{!(E$^YiLyYY)m7uWEv~cnZZkC zfbc!g!u$^E);7fAkn|q6LY!GnxBzcpYNrC@isau7$~S=z=H}#0E+OZSb?(~p zd~a{!p^a;zU9OE%|BThoQoLnebAdpuNP@P_lk3!Jo3Fm|ZKN=LjY(4K%jv2rSsb*s zMmx_UcWeu$X`u#3Hitng@=m;M;1Y!yzhYzfOHwa$JXBy8yfN68eBQ)CC*HfI%U_}^ z9b1885NDxCTLlMwu=t%^eEPm>;GgEN>J{%a3+a$|Q+HI9OTOce>9wzeYz8%uCJ5%Z z|M-{>k;BRfT+;?01CI(L=$sXoCjp#qa1hA*tJE&clziYj2=BKezAHlh$nGW2>&h`VJt5lWvsAJ7h=Z87yrw3eR9Tjvb8+^ z2@A^w=ZL=P(cM;sM|lP>cGt#L8{z%jk~;H1%$_QdarcQ}^nf^AXtCrK)+gVtciDb# z3lj;yR5T1ts{=ckU29bDbsH^)Lm}7EWp-w%P6XTgdIM{6=&C-Gq$3V$B=kZsFC0Fa z*}f;mWxS59;*uI)r!wf380=zaBG_y+FZy?~wvc<{`vCSbbIBzp6rN|mjIdM4XEz$D z?*Q2Z(_e+-yuS4;OCga^Y7yr*gT185i9o8G|99F3Jg}H(iB$%K)c}HsF-3D`ld8>dvlg`Md;^b%%s;W~_gDNBBZ!dxG+CI!~8m zzgl8CM&RhGC52U%j3z4F)GPwE5~cO*a_1F02SPxBIsT}@#FvDp8piklq@dcGN-X(> zRRmE8pFM!3kmI81P`>iDR+`D&5Ja^Qw5xpU{1a-fY;6*4r%}DGj*efEk0ymg4bV+E zS%u9Re)=%L1V*JGkd+`u`G5Rb0ZF zBkqekImB+6y$PYN_LBu@$fWwn0+yED7SFbhA6 zGAg=QLGP-R-lW76Q^DyK;V1tsyn|CizDe+!W_Spse$|Kc$R!7YrqS=KBdHU=`R2l^ z%6n`WcR2os+||;}5^8`#FoSXUxrqiD#RNb^Or?`SPUiSQhMGo4$DO2-FQwFnbZmx5 zwxugci~1y`qEn>>ItJ_5xS#AyE%R~0GMvJ6volFq@os!(x}CD}lI2$UWT!|}(1X*r zT&S~e$s)fcydq@drrSsgK1E%V+mSsDpLE2;S6AwG%!XG}M@J{llT~KQ_@t>b+*y;>po{CVW&S6sBX%as( z!n3o>WQ_rF8?2sJw`^=|vh@p|f2so64rb+STW5~?zy_(^<8a($uv3=L_x*RnPb25Q8txls^iOFcv|@sM<&_Sh zMy?AxKFfCBw>h+Nl5hFUCQlG-{^nv)wHHw~Bo24phY?*hq(?Azmv}yYiRPTvdeg`s zvT}Z;X?g0#B z9h9Bw_7eX)>%S+w)=TI?kkd#Yi{|i%z6D0bBA{#D<+r-*2nakK^;KqWPOgX{LP|^h zHU!PJqzh%QGM2Gok$3_7D>)bJfWsB^FkP=t)pCXvqATO&ld@z0G35Al1zkvCY)_e^ z^v1N>&jnd-WTn)63eWk%I2JZ;;smB|zZ6b3n&}1?;oBY}znHBIq;M!NhDVPT%D(Zb z$idQgb(G%{Y4KUnYlk2fF)0MvN4dAeGe|21XR&YHF=+d+p{xhRg{3L`cA-!tL;0^+ zF^H&R*^&&${zQkoy6h7Xm8CC+W~%x4W=2-|?>5TrY<#WQ0;S@n!F0LR(@1urU)DcEjP-b9itBeJ2v3jWz}hS`B^fP*=U5Wc}H43ZR)u2x_;YnLE=FB{&k7nQnGeh1PId(ge`0{Wo8=3Y4+ zuv;xmgcATQOw$ce*k1iebu?|v#AC~GeF}+$P3@h2ua$=^ zn5yGd$EytB#I-t-Hm>PI*Tq7r@V(G7Eaj;v%`iWC#daRY=Dj`nrsscaV$#P3yY7_8 zsA2Ow5c3hHtrv`|2y{1uf+rK{eH&`*CHg1dTmL;<>es;iua68F~ zEUB_Vj!Ks{JuHIVk%G=-l-0ZEJ==G;e=Zuey*Es&kzyl95*ZtBbVT!X)k@fxNfH^W z72SZNpLcM698Y}AqBU<>RPI#gk`;7WMt!A`c}%MNPuqBZ5a$@U)u@yuk5F>6 zHru26#}b_2`*W(9O1IWY3c!_5PlTJX$jYB(sr|`e&dFAK&K~=aMJfggk3@Flla;s9 zuAo}vGsM;}ActF`UrvtFX&An0VvLm?(*^J04xa8^K6QKah|e_JMWZoE*oHA8ddXV3 zmN{9(g*I%;$%6CUE1JUc;9TLIgc?u7Up;nP)6hR1>s6qrJq})o? zmn=S|HKTgp59srnC#P=(#0|mJ;k;>v+%L`OBAApMR7)9*3W175q~*5HzNvhC5VE%x zcp9rwd;3z4!Q}S-<{rtlS_9>MIr>2BUcKkQ+B;*_XLX?iqZEk1Y3y(%SPAoTf^BfB zZ&z?n+Nj5=5K6N@0sD`+k7NJnGr2Y%`sYI^-U$p>AuW<CN05dL?{z;6T@;8PGnLJ zWAo}f4}|nQPI$WmbMTK+YWX@)UH?a&F>Em8KZ_FyYmqj?Tx@@Tk+dfps&mj*#H3du zz!Xuc7#&OuyRbVm-0ByFmBWN37!>3S`g5d&hC93zQ%y{!JeW2*y|gcc0U>HRKnMJE>IeOawCMk`Na&GnRNB^N-Bj3@>rZf%B*2XLYgJnX7j2$)>rBhOvY( zu!P~MKgtPfiY#^iY5@*F1MC)+-xUqM^(TF6+My%}!7w!qi-rX>B)8OqC$M~$&Tm9OHVJKdp%W|gwN zEQ;ft85Kq`+nLZGD|TP%Uz;-8mV~2+S(~m)&Fnkud*vKiqR7M3SG|wrMtRDdBFRZl zrXnp!#`GF_t5XF-GIUt1jr%-HKXO;FsQ&`9s%C+!LRUhgyp_iy=gXZ9{>%&hI{GbL z>V&^&*Jn^IaUh7nlF3u$%vaSvaHuXaLqEgc8vW=G`mA|H9%(K9V{niEmR30=$5Gf% zjOFssTnD#d_~jGziFhH?_*cC%Kjw=Yf3NsW1QMUh_o1}i$?oL3=LhGB``aq4bXT0x zWUnnea(_1RaxdI*wwpNB|kT z{mdk?81C{Wi}o5rk%b`DiV+a*uv*#ndukxSA4IqfD>}T`G5%j`dIqR0Wa~!4XWz#_ zxYs6{9u*6XT;}+E2KA0C#Hj1x?cC2O}*|vEjsC{ zJYv@{@-V;;Oj|!&CF>X}nS4D4n$D$V9|QW7SPYst$(tKqI9xKxLO$~;DvlOO28jB# zigOP2YS*8Sf~mOFJmq0aj6UMe!}P4-=x>G-ipN_6UP860hJn#cpJWJVR%BzZ6(O5+ zwF||-RPp1iUaT)M7Icct-pUEixqBwPX&7@|?sOCwdd7R)TwPbo@UuQ()Y-y}%!dl% z%P0KZTwFekJIAu?tBILp(+h0S^RTIGCJDS7y;c^SWK#*!>#_7Uj_oPjqZX3QG&}^I ztHSTxfhBj~^`H>?!y2`D58>BUOx*gV+uU*??zCW#IcIC33iVbDX z4`O9Y90ta#?HHL1$|U^mD%QLhtXNExFm{6=$pBo-1*)cru(>9H|4p43X#Of;{!VHO zao&m&OAT<@I-9;?Vi*Dd{C5@mO5CkvoNq1vSR`$;F}wgcx`_<6H&ogTQOIei?6!M{ zRuk4aFYw1uCZ{V>tlF>ol*P=qOXXV8Bn~bM@HYrrPy(A9flw;VeHvY&2%>8qne==e z%T|@SXy%nGg`Rva3hz3GHn-m%oeVtp6pye3IgMNqF#h zIF@L)IIS%eKmzmvF>JcZc9T=WPW`#X2C3SD?J6J=K$Zxa^NziYAwxD8`W%IPoeNCO zkXUhy<1A< zbn{MQmG#!`cX|2VZ7m( zb08EDbGl;PIS)-`DY*}9T&ca+K_Ij3pl+V?Np;#Uh^`fh(mfnRAx&kLX3Zpw{X=zk zhTl6xy7yKJ%?)*UQJ(DXjQ>^X@j<{1eHybE6AQaJWA^dfXC~Y&Q?kpyl%LLc%HX6p zbE--&5QK3=bzvrTAJe{nBaDw}Y2=*$?r%paeSN z_WBfmpTV3N%1j#P2h9WB&IxkP;lCpe4;J+esqm}=lInF0Mv#uGii^Xkud`{=J$3er z;zS;1lWvY!Sq|O4-{E(qcJ8ybcIA+sk>F5(Vt|8!DCko~v0H|_i`%c#D9cg5DN0i& zqh9ds6aDK7YhC6H-ShTs{@)ew_I+^R0Y6m=639k+{Nz=YN!~wG4@7L{VE5aKaxwI) zT66iFF+AsF5|GX0R}M6kmKvDMDh^O2(S%u9Q@_N)zWh1n}Kv)`5Q?p#7f1(c-w|PPxgMQ_=CqoB(16mXf&6N+c*!2b`KS?Tp zUeZf^FZjBb4E5d>%C5&!kAQJU0?S4`QMAH^kV$P`>;+m^q5U2ntG9x-f0q)ab=WsO`5LK;VwG%0_><`cb;lT;#w8WS7+yJ_Af5oqX0CNlV_qt*3|DoK2sJU z%*4st$nC^WOEuxq=gj`Y))1Cf3_q% zHtM(=HIhatS{&Ex#a&5_XqMsSLWz@9yN zx#*_htHSseZ$-+(gQvi)u2+G`5(R82gqXW}J;htlPhP4lovak~1g&(dru;wUmm}6^ zmceS*6kSBdj&jS)CM{!B3*78^VG0u6PZ{{mblsT@7NSe!%@5i-PN$ zgUQ4*!B*~NLzdRk5R5@rU!53c+8Y#8D3Kwj`pu+Q(S6{`tMHt;*X=L4g$()+E*b_w zaE3(QMnGi`+V;gwBhwGt1}26Q^G`HPS(6>JVUKKwIYK@n&f57FQJ-AWj>2Sxyj~WH zmI{`Q8U~`^^ZxRGa8p)SIoNS)FMl>ef;PmMOTQ;cjn#yPx(~>(`}CztaO`mNf0qnhzNE070E_V${a z{RtMqdJZLjtQB%bWNv_fk;KyWAtYOCh&=2qqTi%vV|^N7Ec{BleIHEPRXh-GT2DOB zFkPbx7w0Gco@nrUen~kK@dl;{2m&%^RbE?!8MG1W(Xs<4-(G?l<~|NM152+3+Gxw@07HL+G{_8&1IvFm zx9Cgg=bp1#O$DUefTJKjH*>8Tv$}ra#Ide!JZ=1L#8)5#DZ@5K1c2u@h?Rto{_VoWFzvD{p_;$7X z8aBwP@~tLeCxembtvzLaEcaowPIw9hEs6SYdA_a%wO{}GcSwSKZzwxumVCdD=$7_R zJ5lQyHK5T1R+b*-Z06{Aa6#G?24TRV*455nbj#Uqz^%qLbk~DLlEA>glc=4`gQczj zctpny7|zhsiEvG3&YPQ?Ps^^E2?;Or`v5U{u5LA;y1ThNj2V%5B*%w?9NZ?~UXB$g zkr}k!u(@V^JX|IguqQuQZe`uRJbw2KS?&DK9G-riZD5?%^>Hti*+hX-ijWHfV10

o!)Y2Jn;_>_lyvVnm4*p z+YR$URQaq^#`t(k+|DIlYb?}FXoadBK3i%1K^Y8pnQvo?ipA8P-ekjUYRHutE|Q-hDT`TZhG#s&o&e!jFzA`LjyC-JyjJAD1VYPh!kv%wpkuyp z$Rql&u=1wg)dA-{7RJ%N50n@_cC z>?pb@Y2xQIvhjq>3+R{_8>c`}h}DI+z5M&@ZXgu*o;!x%&rdHh`eJC|mJ3)SmN_BI zwG#-{kK8@aW3)MTEoD^?l__bO>JoE;h$bx|a{-Q{5D3kFMdT@#04X(1KJbYVDE}br z;ScF1u1!l@ofluh8fMWmVcK<(FUKyy&h(;zZM>;FXR+)} zc65RUgf;ZY=BE9RH9mw5Td)_P8}S0!W_(awekjO6%Mlv#_b-=%omh(HASD@=90K_Z zO_#AgC0cnAGe+65-^mxeUNE;SR23FI!F@;k4lipn2}U2im6a*K+gLnR23_|BL}>Nx z(+LRcTxSqq25t-~fNSQ^N%k>u8zh)!f^>Qz-`8BCmrl&Ra#ZxV`Tr62-SJfS@Bd{K zDbkWcBxIMFtyC(j%x}MkbdS2HxAa&yRd}qs0&C9*B5vf69z$h@eQQzHpOj}Ft4}i#`$F40> zaBG!u+=t&n%T`-RcF@765G~(-_XpB?W^i!u5#KRx`HEV^cErF015I$Zi;VT5==f7< zS4<*RU>r=q&p>QVvkfrDm}o{i7`NbpAY*46ZF&-l=WrE>p$Cklldf!1p4UJ)0*UV! zZ8AOHpUKL?h3~GsSp~lblLLxeB~JdYU;UOF`Ikat)2;Q}BZ{zN$FT=Li*t}*`1-im zAzI&DTIZ*i>XcyoVUQ>h19ByT%1s^$nNdWGj<*KkNY>b{YhYtM zgAoCg6v6VN`L1PF{2`f^S3Dt;WuMJql+1%C-XOWM`btSm?4qWxJA$xcl@0R*n~5fnJb~58+6b&2buSJp$Ne{O@<%NhCOy45`};YRUm7^ z2EQl8zZgnU7+Pr_x-N4DBHTcrHbyV%)?T6gdjmm|UBCd+fIm+Wb7}NA!;6!e4a$BX zM|lt^&T#<1<)$V${QHAx4uCG-=J{1`KmHv|8AEpxB!}V9Xw|Exn~f@)5@mm32SB#N zYx6Ia!BeBN4}c9wVXMlO`RFP2n&pX%C~)n!dNok8OA^Zl9srEfz@yK1!#Fi31Tr|Q z8i0Ci-w_~m7}9jYZA5-fT2o)Zxo9z6|>seySwJZH+S z=R!18q2DL;MsqAES#uU!OHD)wGKiTK>_M+t__Lk6w|NyKRqm+|o;zN} z10rsBUEIs96<$b0`hO@x^^K@bc(i?jc4!q+#UYmF5c*W}Z*V*{ButJ#xRv0ZFjV{V z%QA~@__EJxJtbzv@B=g6d?@&XElR?4O8XO4sKq7!JYB(}T!BpM&`hu4)`c*DE z9tP<|1F<^;FmGHPE7aV3fxiCOBP|GNA;;{TCOZt3d2ucjcZGM|hW;ejmY#(M8b}})`vpV3Ib{u6=>Z)pfLF$ zzo)@2q0F;??;?`HEpw~F14cn1#t0eC8x6+DF16EOdM!?uC1)e(?eC!>4V0W$Z;o!6 zVVRzQV7eA3kIP~qDY}vBU~x&fI;WPh6GTk_w-WacQtmSKd-g_9`oYh{fsvDe{|He0 zmhExx-u5?rM4IecL6cqY;?2H94LA)pY~LHSV&B;8^*>$9^x9Fgm~^F;FFkcsgliR_ z;qxmM=kma{2=#Wh{Y;i0^FjB$|lCO^=4T!w;i5TDLOw$_q0f8 zcQ=D}$vyNcvFc0!Jyxk#e08={H6wQKXA%~5(N^u1)Oj;}6yNP=+}puKk$Q7hS2w1*IEc9of3B?>`k_@+tsv$4 zXVC)Ch=4y4Hrh%NWLVu=H~HncD(iTh@sqi4OTwM@}x;Pz3>FBj!2xVQMg? z?K$_@jrZ|cmf%L{V8D}F;NI~awe;3Wb*sWb=~|x-+4^#Y5&2i{58*?x(9Gx4es7;> zO?VfI01+XRS~!p;ME_|b=AsDSmIW%ZQ5t0wza8Hc!TAd1(HZ#PeA*J3R>+(1qjPLY zmQ36;RidZO3;E%3AnZ>vSREyrL#U}GkN8I`OW4np1I7*Ah0E(pMBa2FsEXJ+tVUPC{-0rZNKr+DFf&*n(XpQ;E#Iz{YRldl;)&p5YfKnuo=UV^PeysjnjcoezUn`$~(*+ z%uAC^f(bBrmhSm6;&xxh{y=eD2!=3>YiTn`^Xk(G+G=xF5|M5R$1+$N1ya7A0|im zfmH#SPB-+Y=P$c~n{Be=d>u9!wXrl{cqyn5vahl%*OHOa|UTAXz~^=JUcxY z&89FRJwGOFQKOaS`LnOstVevbf%xOB(Sx^&R+&1F)CnyyQj@2;-UN`PnZJz&(XRtI zg1ogIHP`k9`@gg?1w^DY1X7FyJQz`!L)Xo6?@JOw#XIzJHypWLr;xXfVW0N0N)I0r z_87-nybW)4jR!w-odlD#di&G)#be+I;#MltL6{@5=?GFzaXI^tVQ)hCS+Q4xrHPaj zqwCd`mVf??gnI#g<3XL5^+aZ*%-poh+FfobvJ`!s=Uv_w^X8z%J`Z{E(z(}9<*&Yk zj#|)B?*@~VQ~cAX&uSw2GMdw*^UQk{UmrO-G^FKL;}9!>>oxQWR<`QA%a~J}Q(wbf zY7io`Fc~t^mCIW&V&~}97FT-i{H42D6BsY!_sO`WJFG)FL;_XWiMwwf&yB4l32BCL zd}C!bUJPK&cKPP2Ju}~CKf5&Zc!h+71T~x9G3(W)$EqWId$Msj`tX^oD=`U^nkm_B z(QAX407f=mUZts`nSC0x36H|6tg}k_7>geUfB#NaI5He4am1eQ+&1hOEu1RJmb$@@E$n9XU$$N`Pr45&tk1rh`_m*ZUUDymx+7Ojz9Y{}?UUVz=S<>i zUyIhbVfoBU+`N}eQ%Xol=ZODfyU#!Wu~*H0`poC%y?bw%Y@5Hn^P1?(>g!vZZ`1gj zqwvYODprC+$);Rs!?op)c`DaXn=AQki-^2TO0GX*Hg#UU8dk(T9%}=qUSw)2dG?m- zW}P>mJay5tq}$m`q4c*Y;rbyfmyDDtjIFU$O8)@wcw;uo%sif|tzSA*b$4+16m35i!is#5fPYWTRP9&c9ZYWDi%>fb;6 zLpZ9tJ95~B*{*FAX>vL&70figcX7aod&c0SM3gp`=S6$YdGs-z6V^CAJG;K_`U7`t z9v{f9RZ|emI_LKJ#BUvLyUFFjZ#45yo%<~Kbn=!jW(BQ1Hi5Y!TkRjRoK6P zfKpE??d_<537RA}CFDi_aNR6JrYe?K5HsYL+b3YL(i#%?)?b)DKUAj+R@MT+KM?3`w5lj1T!u0xaW@ljVb9ZFYmpj zpY~dNNoRG^KEa*Wwn0c@G!4Pl`*0 z7CxBLE9EUt;LEUD){0jpkIAP24*Xy z{O8RcpnoK$Mh%7985wub86N9OBpUM3W{@PFplEsg)+g%~)FOAivp6nw#@arsCH9P{ zRZ+L&G|cLcMHuQ~1n7@_iGIo%9tV;`u`BUU71(p?(p;l5X5erHI_@U!~%9^;K42gk^g? z`+(L-ZkXgXEilUT4<(9EartVVv87NC`k%`b1;}(5=N_?PP}1gYBK$O+58Wq@K~-7@ z4~{%9pltu{5zRP6OHo|g-O=;r3D9YDAN?bw95TnIu!b@A^c)se8N-XMcry7%n( zVq(qH>EC{zGPaoO`Bh}5^cfFjst{=apGyCYE0A<2xK020^2-KkC)o4%5pgVlWdiV9%+HQ!cWR7)PKr=v!hm)B?AE?kT- zoSQalBMp?~l9Tsu^y(=ZTAQsm^g8axc$|^fC|NNK&>%D%@{;=g=vUa`GyIFat_s2Y zfw3Y=Q)T%t@G%0~Nh+V!En716FM74F&giCfz9`T9`g)-#vur^JBkmT^%V$vh*+pii zg4A{VkxH3~p1z^`v5G~AJ03&s;S71}?lubrv2cg-y9BnUMR?0oK^f|lDlg9K(8n>m z{))Y8)Bey3w?Ycx0`$5CbxK+c4`lUa0R!ZB99x2)wjVvws4GKH^;#x;aVWjIRi`>oN42AcFl%HyZ}NR#{}Bun#9-L-Ycz=J;<19u1f(z@*X?V;Ta!at=pCG&Zb4Vkfz(ptMaJ4d|cf)(i{t_uhXPR@EddsgGq#?szoU~fSN zFF-a)!iLRZcT)&S<$F&-IhMtRS_jxr2UKCzqzu(|fZGEp&Z4e>i-u&DM=w}GkE=2v z%u?(po$$8B;wuJ}F8X~KVzmQGe)&X~(+enJsQ3kLkWm@G2g;SMAOPA8&~+`q2Z+7O zAg4QuR-Ammr@NM*o@Su0nWe{RGxvutTK%-chW8$qG?g>jWfN(So4NqRxj>X*KQ*E4 z@@v$|egaEdU027qh%jjna`)NmMfO~rP2$n2qvSQGlh>$HEnv>-`>AJTl<<# z;7@ItGV%R`z3RNrp||C$xn$kk*`?G-;$NN8CJZ!Ea595Vvw1_Ud^+J0Lmvd7wBz4T z6Y6gv7{fq1SV{q5^NhhWfh zbw%O3aCvggU>L9)E`^4qqo-!0%K8YeO>lL78JXQ~Fo^_x1-43z8d4)B$VRQG(}YB? z$Cs{nhrGM7a%p|SGOB|C`{udW2w4)LF5THwnt*Yr@P7B$o8mmzfqlomyPK#O&Od(n zOZ_&P`fbH@vM}b4AI(G*-P4LqBlMlohmNKedksulMNW++m#Nsr%dM*qxflmS!pP2y znb1TuR0!{+pA8#{53%FoX>ZWda>5G5InItIr|E-ATE>q8r?9c)8{@oy(T!d;m!`J#weWkUs!<5N!T;Hzuu_#3F1Ro8Qd^g%# zY5U&p+{$IQiQeI6f1@9Z^p|eOMTu)LsTbdM8p@r|>#BKWQ)Wy(LrjjZ5vDWzo*7vy zD>XLG`AK%T95Pzs&|jZNbm~9yvK!eIv57}ps4>zQ6=uQeSxM?`#z7oWy9kC+u!W{}Gmja~NL(E=!J9KQna7g0JWoT?R~ zwN3G!LgS-FxPzq}a)y$Zz5UikO>e4I$rn$yoW#1L8qZ;te?DQ1^E3jPz(~9nx{fwu zYU5ixb%@&;&-PWKSaJ*x)o{IyW9{jtzL2tLE0bpeQlq0V1fs*fLEAL1U@9@c_jN{I zho*_=YOtQ;FCX6C;`xP!f1dI+HEXw3()PRAl9zx8(+Rr6v5P2Rf9TvMPF`_XBpzWedRq9tq92S-~=i<_6% zW|P+zS^bC-wTdm})e=@#>vOz74%(1H$?s6hkr(fW+fwrv4OCq#YEAqb3KOoHhvz{D zQ7v^xvkcqq6y?qX@m?cq1s+CK0wrBZjajf@Ilh(R=;uPei+PA~y2!vH2#u%&qV#(>WU}XRZ8cwU8Y~vOLIH- zT`V&D^Op5GmeVxGtjv^wMcShBU^NyWB(>O~|k+(&By?V$X+3PNQ3GH&dlu;S}|8{_)^4FkeEZS zd-a0rQ0sVB$VRIEd5LA$wOD84ob|P#lBRWbLiuWT%VaGnrYi0B0KbCn^!dod$1kR9 zm-X!J?eU8$VhblJQ!D-ka#vf;efU?|H@s2eUY*FsIxx)#V?EB;=@w-&qwFW=u4*E0y;-lbqT7HWmj`L%X@oshGW<+$Tg zLlu^$&y!n*UqAcHj6yLy)Mn-I_`0R5r^d#+O8B@XbomPA1jGm>gzqB+OdCE*OzjyB z{n;T4&FC+UGem{X?l9b}Qg#u>cKH-M7$9nswE6f-|%IeowUfIpL^m(q~ z-TZW_4wfsGMM)$pNEnI4Kfm)$Q`d$!EG+DkzJT0t*P%nL?m0Q7!=^^Q%B<&g47F_P zaJ*RzExtD;?xMTefLnunmbIA_VP`PKRsg`jav}5KyQN0=S;u|_7j_|kRvcr420J9d z!4!BqkVowo=v(^ApH(}8wI6Yc#uVPHfV`;RoRG_m`8amgxqJb~+BDzE;^3PeJM{W- zTJ3UNY8=RX9J)WZMskzrz%_0zk~#(%ZvA6FrGi|H%8zt#^Xq!5e#!bIQ%Jzh^5tD( z%RgP^zS3+RRZ0E2lD3c0#n{9ouhS!kxOV+d&P@B?06$!=J{?xW3upD4x;1zx3xabF zGJ)cN8j2lzwS6CM9zCfA|2Pv=9*~Y)-u}yw6?HUcWOy65+;*p>FD%~TNhC+$B4+-J*INS4~>Tq z0^q0d@N;iB@(B=(^UIJ%I zN0%Evr&PZQp<~ch$98gAc0XKDr#-I} zXg>yfL!hP&Xv>`^h`8WhuIK{uG6kGL+WhJtn8J|C6y}016w%=ded(QpC=`p!@zi_s z5sR{Nz;f3B|FbUDwcsJ8N<$2UCNeJ&OG>J`xsu(p2yF8U=(nRev%_+@{b?= zakM(cB>-Bnzk)|Hv)6sc$_eJEv6Zlt3s!4*+h~&!LEvGk@U6)oB-3 z`;coz&Py2xYY*=)>wf540QuV2Kx_(f;w6E!Q$2StLN>_`MQqPz<5d0q$?3?Y{vbKj zpXb3Q)#Ej|#H1vXgdyL@mmPfZ8)ft1u}PTMItqe^}v$6)G*e`eGIY;q8z^JjuIvct{) zM}FZP$t2yMuvj){q^2ewo_3bVVXWS#q+9PA76MP#bC;GbzHTJ77V-6~W2_Dyn)zg! zFxF45ik<{rM>RKZQvD$#Lw5LR%e;WhVQYsA(4tXvSb5hH_n^O1rbAu2ngmMO*cbo( z4h%xyI)?9;;Yb+{)06ByL>>brx{z*9)C3|M;H+v6wAAZx!}SsPMaJDeo4?L1^+6iklVB^FLwrmVHSs>0<7SANWTC<(cY))mymvlG~iPG!7xn$|(ty z2;3ezzJ^qhmzOK7NTOG=hw?H+M3dKmh2#UYm&aD&zS}eCQhf%+X_gM}FWaB3g!ell zb=zmMgqWsi!{!>9k(JJv_OCuvEgN2DD_6NqZ(N`vi(x}9=G#sd!c03gCaXRr*i^a| znM}V>X79A_GkhRQ&#`><@KURG+KUe6dq!|UM68(-VX81Y`DYr`0$d@J4N!_n|jz3evI8d<4fBIe&Yj-c78f5aEXNT zs4Xby&U5G|={MrOyL&k0N)m2r)ZEjRycEOI@J4H)uGg@xMyAhw{8!D&U{$}fYqLCb zNrkDP+AtNg9|b>Gd5X_Lj=79PclgmzIIpPSeh=snQr;#IRG1&ibfG!@qPX+>8@2UT zXVo)*4lX{Kv7$}bJvx!X^6EXsQIFTr;c3e5ksK;MNiVa0c8!@kVNsOZ-|5XqLNp&J zuLp9fQaqs2p02>P+?dnIx`UHSe z5=qg1fh;xo@ag0Lo{d75bNT#w=_zN8S^BBb8E|ce!N2}Wb=5v;xk3>-l%_`KG`9eE zHJ}B{v+K;!0aSjRu|Sl%%qo48bP-o%&KY=&)D3LzbM>(YwAfWuMs4XpR$Rzvea_(< zp~$oTQOM*n@w+#vMaHxZDKUz%MhUmT0a08m4(M#ytR4nET<@J014J zfmcA9=3BM!y}ZVpNYXXDJXpDRExj)X?hZW~AG+|wcN>T781;vW_dGz24@GH!Qvzn} zcEmg9wBNWe6OhO=OxEPJM8&}28-B>5*jz>h=FeLA;m!hH;=y=J*L6@EL4b=@2CXpiubj*N9=LIf?AKuiRi6FCtuxlyG z$J(Vu<*iTtY+IIk1@Go;(CBv&L5^K!25NYWT7rkf0H@fT0yLCYjR>ufhrXY3FohKt z4~u|Kf0zA@xiaaH%c<*GB+Q=V;0NAgeZctotx)loC*6haco4Chu&nT#^a}Dz7+E@44((GN(FR*caWoi&fRicM+ZJVa=2uINLJT@d^UgS&#HRgqb35x7BFJeFzR}Z=jevM1|r4X-C z{VHCQqbp}}7WBMi$Ik5?$9 z;mSKFEW;0KjIzN?eCTLMqlJ=>ywm+xBYJ4cp-SuV^IC>EOmx4J+6@g`K@Bu)$zY3xqc{u1% zonOBwCbWY%B5bUoeg-0EpgMWrT(;cXrjOgR_cSG9T!6y~AxCEc>c2B{Jg?Wd#xPfB z@&cqD)6eg;#*N_$0{^K38?~{Vs%$_6=p5T=F+9YFkUeh4jj?hg+VbHt8)ji8vls*U zaJUre%5@Sw={8q>+$D;A{;r?q-*NWMC*bh?qvgyfn1320i+*Axfm%NW7W52}id*0M z5-Iafa&+l|*`e&(jPgOJhy$q1b3q;CO4hr9?%^AG6_McG=fKnEN!0HQ4yvOZbdiE? z{Z_BRa5y{zm0bYhx)=EBg7(+L1lju9^w(OZqd@Lsoj=5cTEJl9jFYV8Ps7Iw*a0+a zA^rA@yD&l|nY4(xk>9Y+_UBhKSO07A*IA}8iC^*9UPkf-UVOwW(Hs(tQCmyR*p1J% z0ufotJ!WLRy>1Gld*y12-Z{v>Y+mg)@ekux)k+8`O@wl~e{FijArfF#RQ53i$NXcM zW(MH#v?hteR!k0YD1eRzj?}Af5;j-PsT{GtE_eO!-$HsY1BC`?{1Xqa(4!72g5$-> zzp07B%?oE3oIbzM13p9_gv=d|a^Q#ddXNL8RPN3$o~x+|k`>~L;6L9)_qyh=En1c! zJA4UDD3=rV;pH}%MgDJ-)X#vPN8^dJsQx?99K(!Pa4X!a2qxi$ViK^PtzMY#kxKwC z*chlK8oh6_KxbSy|CMkQ_IO$xi7a z2bm=&n5%HBga=@*l4Wr)&^G1nf}O;)Vx94JK&MT20C%X5KU~PnO}=bU{hQih+x&`5 zVxhg`hBW)v(y;k4{@~m-{zvUBO+DjJJ9gW$A~?Y2T*2m@Ho;bugT`sBIDQ*RNX)UP zk?l=JV$hB(AvyLq1XBZ#(I!lVTL0o4$q)~>p-QWp4<}bHZp?U*hRhP_bG5*WLJTr3 za#!i*xkA6aw12NhUcPT*=@m-;@f-vks^>oHXR16q_{UUw?MtdFkrP@*T+8VH^zVHI zs~&r}AOZDw&}DY8tHRyoF{6M43zm2Ldx8|vdf+U@PheLUwQ^?#Bv9-j@un<67m&Rb z<*p4~sUN-nj}*Z!u|ztV{k|>ZsV$(i-Y)^Y5mheQFqT_~^3d>)|Gc0Fs=61z6k;yv zLaRA+GnEhw0e2U_!zJ9sLMVwNw^z5zR8LI^<|o=E4*IO6$S06M&C}1m@vvXIHYRnR zTX3!^ksEEcdutbt6(kIT@x#L?dBjlA2JqyYo=!QnV>FiDx)hgmA(Y8k!A*2?gYO;Q0~7?u39S37SJ-S8zv`mzQ{Hg(3GA#4F#wi* zv^Kvovsg*fN2|zr=%NFe5Zr(iZMpN1X8z5E>}&s(c)f;VYz#q3p%vR$w5KY(%8~rS zNhH7wiDk>TY3eKag~aaNB1jP4;i&>~%r+d@GF>+^0lg2p5`?x**`Fx*|4gEtC`r)) zcv6MNfr^DIiU94ZWI#p4KMyT1!X5k=A{do3IIfaXNynUcd@Q=x!*l%NVxQC>RnudAxw;J3^hmzBum`#hrV$pM9?> zxGa-#J^gcwX4lZJ<+!@_Iss z2_Q?hSLp2m*PWG$96PCRA2{fCV6eENZT3+=Z8fJgqxoN$;edYj=8&m;^|o#37edGI zz~MtmylJ_{{V?Dchw(U!eH(o%HAYS5L(qn2qBe7rb2>xFidIfp!?<|b+DW)g}A zz&xpiT)(}KgyP)Q3Tnu50c92klvyFmdASo=v?@Yp3x9P!eRKgze=YC!zw<0bmA`Y> zKKi02((&}VaDls{M$JhNkA>jZmqju4fpv^5ssx4TT=mQw`u?2Xetp?x;Jk6&Y|N~uPl=QY zIE`R2ukeHx-nz`{oL_a2F}x&JyHeZx$ERDAgCUVWof@@HhIkxi@k={n*d-j@cJ~;h&9{Lqg?jRyy!?HAO zW{-otMUNOiM%Lt;ovUt5a(&aJDu8daicW2=c2y_WON!tUjA!a5xce& zE33vVxa2R{dqLa&rALO}szw?cL+{^|!*8}l>w8G5k33+)u1>GIy3D+q5ILj7EU3-+ zON`>Xd*bAk0hlzlz(B0K!>*sG!aQcVvBm@9Gv~Jq3+{5>Am~Y#^M;cO@6th;e(pTJ8M4 zQ0Q4!>E%?`lrD`*_VEw_+8c;}dVhz&3~NRsYu;CHUD#odvoo|V*wF%*uq8F8-n)C9 zSD)4Kknryp*HzzCvC`V+Rdjf`Vp-UHhR>ObJ{>HKdZwg&=~w_ZHCH&ggzpaBM>&&s zDEi%YDG|70=5kUL7e3z$PvoN2fg|r2w7FA zyE$9Mz#SxJIXSO-G{vb}z$l9155P{f4W>I#VfWCW0^)w7Bzd}#nnEcm{7tQ=X9bL} z`K;d6?sXx9nGom`Bpx|AgP(hQjD1TO2qQ8d{t{Rjh!|w0rv`0g>R7dj+!iJ2q+n>sxS>4R zQkoKHsPTt*|9EBktLt4F15u8iluy4-7KzZ((P9;!avA;a32s`Iy2B^+-v#h29>Y2# zX(lmfs-fM>JKDbvMeX`mI$ z)9B8G$jfp7013Cm!+hHjSh_uMw=_G|5hrA z{_%+7+zn>jKrrbmg7Iy;x0b(ZtzB!}951`1iTr$$V$}Rm~&WsLI0Cs%cn@3$f%z02l>rAL)OUjzZ2{b<7p`XPr z(s8ddWw(KS{;@{~hTPyH3qi1`MZj!NPZB{m#~4F?e$P*yaz4XNoZQ?Yx6h-#(W?rO zOdUf2N+55xaXTddl%wmpnkK7}oigVwbyR^|c~R&U^29@v+2H|ESoKWHduiuP4-O~z&Q^< zf_EAiaZD5hU^P-o)U#_1={66DEnGp`(_h)DLTP^@xrjKAw@|SDJka|n3C913*r=Jk zqFo$=#$d>*-<+nbaqfI}L8fvIDGR5Tmzu5r@@n+*;$CU1dXH?P8r4+HanZ7ac zz@j>%o))1vj#`SZ!o4=`d6mLtsyP;?+T5RMKXFtV2%a|KO=TZY8j${BcIu>~Xx$G6 z4$XWQuO_Khz1m0dGdW4OnlG7zwL1KBylS|_Q`s!(%XFD&rfB@}w7$y^cxOpX{BqwnFjP4|R-xA9-ylmCih@zwR@>V61OXzu#%k92gR@}`*T=C!wlIDHS7!L_%GZJ>C-(B z;8DTQwK2M;`e`EMsU!#H$#5#ZgSHTptrn-^gaws(A33j=;VarmLfTcm0b~ESHw2ke zdULJ>wd!BrW9zZRzc5hw=4~*o<-r5&4qqjy(2?G>{X(P#&q;NC zP@eUT&8I-_BRN4*7qy-A(QVnNcV&b-bda+G?iLLR+ZPSv&I{TnG_{O&di)cBm z%nvWySn0Rr**iA{um|Kt8qe44AaOM$zcER4oP}XIn){%G3u5&8GTiN(3~%8p{k(F3 zmQnMHiPKiJ^u?<=)Q4U!lf$3sx$Rjf?sQ@B`L*xo4%7dg%ujs zjhQ|gFPhWR?4UuCc{g$JR-=?E%F`hJxkdM{`U8J{e0BeH_04>W_Q(3wJne$4i)(E> z6Q))l%oy%77Izi(9H7jbpTAD}wDnG#|A6-8Zz7fE%i6e){}_2U;A`oHze}I)6Ww>h zKOr|`CYrIl=g~oD%c<6euJL#)#Rdum5l@j}bB2xHOC!V6n6}la!eQDzf1|3n^0I(K z`&naW(>f(z>(_SOeKuP2ZYIZ0(!I#F{_Yq0u~NnPIHI=4$^C(*sf+3Lm5XEI13Am> zs^q~I$7c0%2}3qqJcTuv_Dfyn?|~3Xh!VyAq2u80l=~%FFqNcH*kfBS(>55khE6y- zrRY}0eY9fM0hEpes+U-)gINnPkU+&nIp-amWkR(&e}hqK>KlKd87^`G#~SvhLN4Yz z#U(MAgEBONQt-5P`sXhUccY_fZrPvsE=l>7QB8C{G`4v~$ELO$jf${bNJW(#bA37J zTaiC|x1S||$MnY*nDh2-h2zh)ruo70(+t7Qi+!COa_b0`o7$)`t~*=mgk6n>A#i?x zRt+66Pg`U_Q6x(PKFxIw%>_8)B8f5$>XbRgysBdAN8yXTD0MPD_IndAp+ULwV-_i| z^55e*S)m7u8YXT%q?QM6%tb(d=k9INFkpiqgk|1-&i6Rb;Ip$JymBbD3OCf$WPf`& zx~wB5zj@3WS>Jx^fsoSyuONW{T-^^qZz}aN@(VcWpL%v};f9S5zb6z&KoVs43az0< zgni}AK-q*Mr)pIs;mRIJJf6IakLui)VnJb^&kd?2;1X-PX^&(O6KktAGe3-7B5~f{ zqMeLjJG8M%%IK1x*@i#L%o2i1amCqzV$=Ch4V$^4*j|Y6+SHvQ@|iMu?Gvq$ZEaY( zSEuLx=xxeFW8$1MCq@`itq&*vb-30AL;J)C)25L>R)?OK*YGQJtv~UQN=-zv8E=e8 ztSM0d>~oL7>@w%aM@rfKN`?l7U=%qWufx;=LuotW-jgR+}Ckkqi2hQOk_k(#y>7 z<-BuHkx&`-5K~DQJC8I*{}biiMS`i#^-I9}>kAU>vx}a=Op{ADD%vS?%2-g(E5|Ct?N%c0-G$|r}Nh6S4|Bxk>bptg}{MENhO!?8#fs?sc z6Bzr@(hO#OlAVHD15poiD@7J=3Fg_Z^>FKF)K+S_y5d&+9W6=(JQoQItwwX4Cl4yf zT{!pU_SGvQ2k)(WW=>L~t~ZyYX|;TgcrpHOFASHQ;p~OfK|ap8V>lYL&CsU`xz}nF z7Q%vFE#{QIPpB~$n|4BY2@tV;c3Awth(1IG%%jU+YBBrTJD>^7-*E89>!!8^519@b zGP{{hC;yJ5Eew!lFXyBEdF#!`54WXb=F!?s`p$k4ba5`1)0WTgLyiiX58(aBh4=MJ za-F9ez4|7rwm~9}%JLL@>iV*>yx|O2aYFr&s}z}^pJ~)`mAkNsM2o=7F4tD0C?$!3S_8YvBA=Uz($ZWEd4 zI!cu3dq@PXM2eOZ981AJ7uTX|YHH3MJK#9Q(ha$cn{>98%npNT7K7vQz(vKyI-@6s zdH^oPkGJWC&zTS)NN+EwNGHbM)N~4$yf{ROc{ojKi%z7QIOjtAi5U;(7os*mu&rh6+_|J4WM>|vj7zEgFUIQF2B8i@721} z5Y&C!)1~;-_iK=ZltharmvgR(jB`(y63V)5TMkvbT~I+fl^=mTzTlUNgOH=T35-8R z-I{54OO^IpZ#aYK)j<&RQ7$PXN`5yS;DHbC0fPSBgvXOZceAZ`4n- z5Xv&r*P+>O#`g%SMeY=(N`P1_wsLZqGusU3|Dce z{0S*Y!W)3MbXxmOx(8CKl`16)h%MzbRO9nyv@Hl=Q-$uR%s=m=!_oK^$nXn_OYRdz zHl~Q;(aIEeBB{;i8qC&{V(G>RnEA5BeOX-}y3ymrbvX@BekfH2(D- zJhq}E)v+1i-FwaT`{K@HsCY)6-PklpOk0VhD^Xw$Nqh{J5mH3m!diT5ArJub0-^8( zR!^Yf3(?P62wHv+dyu!h^5U!KFPQt!p$7tFl&|+0Px^_C_U<2i!Kre|%oPuQ05WT5 zgT#Qvia3gWII4QDlj719xYDeh*mJwgAIQxikxju3{Mn`_m3>SmAlNwQ13jwPpGVxM zy@5eol01l>e?SoZlTH)&^|v#k!gOo)C#R1}p4>|&!uNOXl}a^V z@$^~Ga>D?rxl1YO=}!^8%g08IuVhXTN-SSBgjT%Zh!7s9w@MU$XE|pwBSMS33XJiS?vvJJKyC_x^fVw!;E+ z*&GD`Vxb)lH!G!r#Y^(;RJ?n+c284NT=+_*t|4Fy=yt>f7dkUG!5T8c3Kd<>GNAH2 zOaNtNI+&~-yM+7+Jxt;cG66t6YGT%%Yo|hC8q~<@jdml5({NayFNd7p5zIu9=`d)oE0s!$auh4YW@igf`dq<6 zmnkKLOp}Dx`TR)8vLilvRZ-1 zR-noXo)mO`J@z2%Ab&Z_dJhUDH_y{5#OPvJ+j=jxGdK)a2@bua%JLguI*3^Da|*z5 zXTNuW9-Qao-~bKb0R4v(Kn_m-TXIM2vUQRl11l(wV|g^uc%Lt4P`AFF+az3ik@t9C zY5ib>^k;Rj)0>Zy609O-kNUH#vZRQS4eSzBsgw8)!aFGERCq{*Istm5R%O-WDWP4h z)D3UeLgBVXA1N>%thKKhO^%Exo$FQ*ux^fxF7jDKPHz$p)x7P<0f4o96i7;{Q0e=I zMOwqzU(eOEQb)h473>IIwl5uw>jpR2E^NMC9$89)88w^z+Tx+;?F<}bDHR$cp^VT$ zGC)Na!mD(wUu9Qldph^v?xyvH8mGH?xXwFVtj7iZ$;eHh;s+w#u>Y4CO?3t7{wSaI zk=hOH$LMFTW_(v6T-dX>nBwz6&=Sgr*MC+RZARKGeMWrqyMMm{c*E^Mh~j<`1aSM? zS-?{W*# z2@^qQz|m!5&3`=DQNVsu$u)h?|Ksbu@;ZDGnrZ0M95ak9+}6M?45D!@w<-E=hgdnyM6!Yb-TTkbDqz~0dFsM+~ljjc1l>3g8fZ}uilQmmL zmA|4uqY9ug0Ggr~3+uf0PS!FCjL;Z1h=%z-j*Q{3+3#Szd<`JMKdPz2p}7!VWC9(? z3=(SHC+S{VLP4itFrOerb!}}x^N>v4Nf{u(mE<|6J2dVL(~!W1b7`m6*p+;uM`Usp>*Y1}Dt1WMjx6U2eT*Lzg>@f=?3V3ljoP))hyng; zBR=uK$G)OGHsaB(x$XtHrLeLw@Yw{v5&WPR&{AO7Qscn1UvAv<@b_tPz#}7gx4L0K;BaRfHCgXB1C9_s-$yRh!cX99V2uW zkJhoASeqPrM)mxROqko!VAaAr5o68AXlHgb8Xf6IY>#t?Ruq3uE%`swXAg^OZ;W7? z3Tg6ct={c3Ifo-IE;Km&%VD}t?OrKq2*nohTCy;^$F%4@pZZJ7-OCo#wRCiIK>H_C zQ)8oXE7a6YLWwE!lX2el{9GvS#}nCjVHzL^a=-_{oa(!PkH`yY_g6z0&Rh!Tp{a%V zX%w$yV@c5WlEm8Q!0s2x$r=9bsp{H{sTf&Z?!&j$$>Fw*5kh zP^q~Be#(pQ0_^D6*Vx^|CBtp`h%rQ*-n)7oCL9t6CJqWm&+_naC28@I4ng+v;n- zu?|BB9^fM%!keccei>)II`ftURe3bX3UCPnoO_dQdj79_!}ZP?53rE#gI(^1cr*+U z0ttBIIzCWVOutU;hP`=i?hzuFsH$;0yVMF{zaE%%+)nd_R8I${tiy+Wt5}J)1|_>5 z)*Wt1cM_WDk1MkEbzx7c$-Z{TJ%~6yp)Ry82h}T~acjnlMCAj-)QJi46bv{AV5^A> z1UTrge5X4vBC~ZlX)Ka18|J z7ZsntKPMB@3io^UcGba(NIyLHQP}fN-B!m38k`opr@?{=^6r$rH_FX%$zIguBuT|? zUbt15oFV|X>IwPaXtrpvLS-g&Smz_T+V-G3sP;i$;1+zfoL%*26V7BXc|l;f#Y)2E0gI)o8IEpLFEA%c8=YqaV}! z(A%=-HGey61ILN>jmIqsRzI3`wMva%hB41e`yH{6AmrgVgalBjg#H&UDu{5?pDNAx zX?`OM%bQ_*`7eX*HBceKWOX440_zM;?g@^X;+hI^Z3I1H$gKVear||hL(d`O@}peF zAwTzP<&ytQf$V$VtVmF*G+ZzlH!Aq}+vo05xY2&3{`4p=0Lz+yg&st>?mA1Gu(SW1 zz|WiRgFoPyZ0)M2Sy*9P#GXG2zy+Bk@2i;nP&jRB5>Jx!8R&rv*cq2gPHX4#(-ghF z9={Tdgmck@UPisigWmTQ9Er_hE=(9t5ngEGdj{fPt~--BUd7ug2#@SRrB0lW+rJIT zXYioxXWk8-l-=ze9HY~@;MP|Mk#ez&x~y6xP<98PM;O=KuL8MjU~I_Zy?tr242O%& zM@Ou&{4za^#Km{z%%kVxY|JU=ce;(g`CHyd(P+Oy`>g9<+XnH=y)voM>kjdQuDC$2 zuyQx?VsbnX5Xo9X(Z?*jCuU7L=C|?SV@-XylpItqfU(5cy|oo7(h*)KE%*8|n0n$3 z+1H1gtO**@jKC(o$9~uAt<=UDU}x=l^3KoTZEw?Bfeq}G0X27VyqR$DJ$omfP1p@% zLBPUL2XD>VBAcOG`9;AeD@J?V59pM{o% zsz#N6+6|e0qTL_-&`;2I6w*AUb0JXZ3yutwAG$4z*JLS?`Vtd%9$ z4l;{Nt^Z@Kn1G|cc?;;K&M09R_)2aA^H6q0=R3@oHl({uLkf5&r@W&JHki!Z4GWRqPWKN`@sQ&oj6@WHukxgNj|5Xk> zc$k^s-v^b}pVwkw@1Zt`!dRDCh#C&rz9Z`ykPL$+yLW@wm!4EL%|&DHTg9h7j6mOn z8PPQg9ugy2{_$Wq#J0;MeeIV?3=qiyl7R-NfK^cBj1Nm_w&F%1AD3B%$9 zpD8S%G0pd-^^!T*ZzIt!I%l6j6zfUtt5!xbo#;yWh<);bO6i_QFFjiF(XH2z<=?!IL2dbwSYGGp9|cmMd#Y2zwT_;%F_f)Y(qOb>9j zTW|9ti?Fo@h-fS0Jsx*I;EMOiRm#2o7#>9E=10Uicl(|y4d4TN3iF7^5Ador5cE^f zQ$>ClIk1(0`gMHNG}gxB?P_T5d(Crn{*!6~|Ak%;el-(xZCTEWe*a;{nace~L~Py9 zlD{g$MN*-3>gQypA41&$0`3^l+mk=+<*XcEa~*T#J)x%f%1!8RuL=1hDW(!jJ`k%W z=PHRIhGd;>nyaX6mH!7UcS(U>vmfrER2G_^!dUAlXB+VMUP&^>1RP$`XjLEaIIe+o zG{N(99Y9d;I^4oPD_nnYyR(9Z;<%&1jd_@GuBiaz$UGc55+@AiIG8jb>fo3tK$S(?Q9B9X4=+0JVv%mG><2_em=ktN7X}T%9c4GJIUIXwS_UJ*S z%prFan0bXn!6qC=vj2KGv;;S6PH!t#Ywu^h;6YnwIG?UvRl|8MPM-?_60<0JP1oA3 zIyMUL$>w}$GFuKPN+?&oFhE3A&8kL;P4b44)b59t&%<%i4?JXl^)wY;uP~)g0e1BM z-3Xb=6jDZ4y z%EezvLT&WD2nwo&nv$Skyy4sSp!kUFkMrFLv^@0`B?%9;4~eZ$?8 zmhRwfsQJS<_C4&rl184o#|RTZ01kwUXz}mae@rIfU7PKSVNz=NUA-_|y?Ba%VwW+k zCPP)nXjgwyU%x(Z4jFQ@JZn4B>n5-&>N5>BGwp>1FN{6GOp?ivtg-&s+zR=G|vX2FVUP zYajJSGM12zruuI9hw5ZXY!9=IY4Upblg9-M-ta5ZOnl8I;q&`>z+d=pcL!m-IfDA1 zuYsc%&7-|{X7amtcu2BHBV)!y`~|3^Ny9ktIaQoEewCrFyVf%%dx2{q|CR_5 zVhmzQshVlNzcNj|8-W423;ET5gh!7|f&OsMQ9wb+pldQ;oZg+a&TPPt{Xc35?_?|Y z3;YcPR8iA@T^wTO`}zUX1&ZaE_)brYQbK@@!xd&OvswSL6DRSAweH4W2V0SWid_{I zUlaM0ppg1L;%6mvqVB)J&kKHfoyY~>Qp{!tBwxW`6zSm7|E~{r|15X^ISCaA;^r;* zz-u@!5jCEv#X4xo^fma>UvBJAaY#W&cS=qC&KnuzI;idvU_UG$uU3OHi8U_X%aq8w zcf>55^)LX0x)qY6x(R{jt~PKko-GYJpF)C4bjGUge<#n$N2OAUJAuHBT`RcZ%}2g# zE&fC6{g0XQJLj(b7FvrZU|Tkt z_TD6d8%%1~mVq7dm)qqS`w#%3NyF1)yc=u`z`OTM*|L83Nj&j0^6?JL_Y(P&k?zufM7cFacLlMt*H06FzlKv17-Cm|ZVX3w zVvnM5ZG^a1ubUO74uy`!blp|t2M1K1NGN)9E8$m?Q^V1%=w9w%PQzPmtC948EJ~Jp zzzv&q^2_~84GuVGDL+30+M<{J0$OpuI~?1Wd0RDz>NE%o7!PmZqB^?uP>L=i&gix_ znc=xW++*~ZWyhzwjSAKW7^Qri$UmDzyzd(5IQ9bv`YvtumrrRyPzpay)x&7+|9Fl^ z(KwV6dQnG9KuyI3GY-`B6lpQy-i%+epvsyoTp@u>$j2;7(X;NWBsiU2M9Le?ahIs* zQv2I5HuL%kf9PTTt-MnY=VSz^g~e$;iv8y|y$fV^n_@_lZJ=el0q)-n9;7=Ded^z# zf#-DKJ-@wnIMCqlnqZ;VB4Ghat+~z89#(JViU3$fGIlq-9a&ZBGI^?z0tz8Yj~|u* zBTEbk5E9^cswmr4EC043YT;01SD+(vlAyA0zy*}zmAc|5pmwIxN$P2Mly|b#17Gh# z7L}!e@z(!69LPNtAsn7QMJu$gZjz+%@QLKnGOT_~IP+j3RvJDn%%pwMxWf8t94FdgI>q61-40`F|t=7jpa$ z^Mdk;gC!E(olz|_01$zM$wu|U&9_vyn8>qw+LEXbV@QED?GOv?n=7>U2l^)04jey0;A+(&KoFIjs|tm#aQppiafY|Xn~lowzjJ_ z6{4Zu4=-RugC0XKymBklBq62B=}v>~XK%v451rf#;aC-?*^8E&LKfa<>4>Vqke$|N z1&9wls2s8Ab~i5GHqq9v>Q=%BNBvV6SF$XMw;nNlol^F=3N}lTXT{-Aic7E8L-XHD z|36{}Tr)k4|JY=}Wy@z9kh#*|9@xE`#N*39cvd<>y;7(rwNrt4A9_`LhdBNo&W8A( zw-3}61Q9icE<%M&Nkhj=O0yHoSzWU*+Hj2mHaYRSFznTUo;neX{HjX~jm}^&d zp~yJ^(zL(LcW)g+qZ}L|7nKJhwpXF=u)$8wOljoN1CY@@gE*f01VH>n4a}RcOmX@R z+X_q}n8ay7Dbd}33_is1xYlV39j+5Ff+52!mS%|HWMAan|+ zkk%Qr!e9javFEd(yJ?*Hmf910j>_Td7==<%R4ir=hg4{mSw z%YWhhRg`2>lr^g0=-I|odrxoq6k<~%et!<8KUZ;TA`{)MYd0OvR;K1Lyif(89UtG_ z3q$gZm)0cUS~Q4J3vUmKgaPNE6uj0Psj}8X_d1bnVo(%EK6#Y`{kVp5?6xn+%Xf6FT|8+Vfq_N(f!;4=7C&m#_- zt!aWrC6Ag}NC;MUczHA_6j~4C5=5UhZTqfLrI55V;+oS+5K1-?8eEeM{(srh`8_g(RASWIq2QT_Q=&jm_%Z_+DVeqFag;|vNQc}+mW z5?v5q{{&p=YggvZ-DE0xB3~n6UA)G%Qw2^e7&=5wJz;>F7YQz^C09T4*BtMPE*&m+ zJ86cZ*!z7L3I{v;x*JfsyTzR^t%Y@YB{`_BLO-3Yc;It6RT9M;AWlF%C$_BYyUkQUqC zM&4QhCJSeHQ#}1{G7|aGKGe(+;$JOzMY&ALMBcj>VKxsRb&Dsubp*X5@1uM7U?c^> z5``=;4bz%TuNl?I&XWk3d699Wy_smYN_Z95(W;M0`q$mc`hXx0UxD0b@6lcXk)wW9 z6F~ud37lWW(1@X+X>g&gJLZ_HaWGFM%iysZkkHFew_n$FA(=hKKfZL%~ZLe{&-eibuy#t_%9l z6~e>XM^&k~wa&R8+Sy^d#(n=D!EfBqq|ql(Ad&-q6wis;T%{?H%;WZ3Fide|f<*7Qe;NKvBzRK5zk*o; z+u*NHKwkaqitoN+xo5zEPNy)fu*O8=u#1(5F5M$b)d2}6*RA{b9O*TqsArkucU;|!q&H}V_5bMI)cMbuQ*|tvFi+M4TE7&fN>e7s*0z6=0EA1!lLV4UWx-waomdQ%- zMwgP-Ly6?nA1v(!whg2O)&v)`j-*FXDK{kRsRfo_JhR`dy)Pt^k}~dqsKUv>#9khd zhN3QJ)hc#n9PTa*E1&HChXMQCcG2~;&fREj59;(wv8T;Hvv^i+jJi}_87=7$s4VGdO0zmUcUdBJ z2QmBDD!s7r2`{T4aL{4v;&TE!vPOzuzL%HK>~Mt86sI3vGPhhae~ z-(6BmCyPYW&_Ir@Y`z~K@jUewrOwH`Y?I^TtM8+nQhV1BXLt3p-TlwsLcNhf9v1^! z$QhnVQWLhR_{~fJW`G`z0&6CGAs;JdegxTO`2jfNi%|JFG_2eg$YdkLhS2 z?3S8#v12f{#8_$V#}N{J(oY&PW`q*;>BH#-BxKq$-aN?Vj9bff2+CX6(mkad-JqWv zo{{6)u@tptGqq8nx;q2A@h8TQ=K{CWk&rb#TNbf+uM~+ zUijY{#OU;^p3yetZ|nE!^WQ2-6_>gDwBw3vuZV{ZJ$FW_&?LXx!(xl##}PaXsR{F| z)_jj>r_j?+ZE~=q%HxyXl?nH^>P1-kv}iks4J9?aEw-vV``YxkXYSf~wp8lgY85p+ zlWn!4JTw+IDb30h@u9Tl&RjS$6$DS@Hlp20b8<}cA`FjLf6nh}p%a~idDeYoEh$@3 zJR^mY_2=U;7zVrBB6i^Vaq8;+ofOCKNTKH~NDxkE*vA|`y}TrHAT2)?-KjIxucA_h zYGL{hrB@w!mito}QZlyW*C5ZAU}|v3+)*!+weBrTiNOsk5WJO;&7K{P;~_+B`*!sy zB|(ckq&=?yySSIEgMCROn=@p>X%Vtna8Bk3)haa7Yq~slIA&WScTOw1LM0&VvBzXc z$C0%1Xe%Stte>0GTlLUv=J3mtwo9}^Wk z%BF=${i(0td6`OGXUB%K_t8s6+Bvi3g3G2|T*Hs57*rNL2)*Kly<-d$*Z(9hj(Y1? zyL>ufgVDh94LJ>sN&B_x3>gb4l#%*&Bt1&9Dt1_@x1ER#W){n7Gs0R}Iwoa?ml>;_ zUG&ZsSkQ9tHq*Yw)S8zbXL(@wc5`wj-28G%#rgyAn5hwuSFaD32oR$xyMhPFWp}&O zDR=r+*Mm{j-+~X*tQSMnK=pE?_EmtDVdg-Fi|Tfq`2V4|HRQNiT(F5EBM-@BV{-bt zXofe_Xl%D5M{0T?W4laPnV#`C=^%e<=#nFLM8tm$H1l{)is5D+wAs<#yZqO;2!E6=$Ul0m zfC58JvM&*xl8{gE#rSY(gnNCS*ZTa(p8#+AkJ)oO6&AcioU03jgeUW4way2;FkT1- zxky$52if#*+p>B+et~fKTg!vDVyI376Mr!rS_@7;8JX<=aa-mNts!HGMs3l^=>^)d zHHAuw-!y`h#0d%VKLgn+$3`<<7D}uiK8`Y-$lZRan9!|j^Pbe8F(o6v{TL*VDY~cr zZ2&o^_ABurjOi5uau-xqc%TlLB7S1OLgn5_T#TDg#BYxqO+h0udreXXXGs~axT4WGsrmE!(qK2KgACzi4FQ6{YgK%}laxHyz?wTzN_ExnETu@9#s@mhpjQ5T zq7aSh^J?h4FxdXu^ZCv7gOp}BVs?**I8Z@E_{0Hkf`=4mF?o(vx6uFwa#PV<2KpRv z&n=qyafzqa51O?X)n@=j1I&uvuysdwqp(G?d$Lm(`?Y%GEFtX zn@{B{NR5Fx?TflFy<`1lC2H^0K}7%~aZ|pkA4Stc)7p95W-^l#Wu+^1k;Xv~FOT}t z^)TrxIrF*sBHx^42Oci=Alou?9>`U@;A;UE^VhatKMrxS47Y0*>>#tr6z(o50@Wc1~W)^NBLQkI0{wQzD z^zx$`SpRx2{=sT%49{WqSxKA(oJanYcRUqe2LnchuNUnOccC-j`5?4~8*99iW6$_U zS?w`nRrFH76w?RllTP@bo*kbqS@BUJn7BRt>^N7_{mj&i30EF$MY#w_mQ~6l!PpNcK+WV z*rc`8N|flz3GHy@vQuekv__U766{Tbu&G7r8NmrYa?eu}_z9k=meZf)m>qv&h4H9q zj|>Jn_qHxlS}Dbf$;M;Sui(?I65DEiM-q;MLH&EjGJeUOQ3xd==zNy1GwWs1>s_s*zV8^I<%hvZr)RtAuA^Wg!?VXB+%54O>Nj{np|g znKcvIqr)Ye-+mzv89sgb6|Yd+@QH02*LXOa)!>7Lw-szT7};o>qsWUpCh+!dR zsORs!$3KXHo|2l9pfZ5xbd>~k#8%+U0qItY_1969Ye^fMugiqly=-jm!ylwp1*`aM z>GQ)31PbI?P$W;`2?#sIT$Yg$5RT*no-I#QX{_(9pO`ZGod93X0ig$5xGMMV_g$Ba zdBD^PW|__72!fLJ+wi<=B%7$h%Wrb@2si9H`91o?SCYR7joX`glOuD6gX&SK?`Snf z>X5U&Pr$;r4)wsf&xyZRhXui&{-|cHQ>v2< zT5NBwS%07Ea}oJXdBm>MwVqj)pe2@NBudvwyM22&#lOgA@yAfIK=!&cOwEL{VlbVi z`S5k+QwO$s*G7>aIt(84c7w6QQ?jtb_YQj;*wj4IHdq{zCdaVDQrJ~B;n$_EHY>xF zg_j2=;4+JL3&ppQF*U`48T50XE*lv+#Tg!iFghf++ahR3RUGYlrZd>cc3;$pY1}L6 z5e>&tjdQKHvSV3cu7avz<~>TpR0XV9zWM8Sh9-ia`^Uwxyjaq;q8J?=0dv*b)J)cl zjSm6hPl~ZqTCn9j{RH7(N4aaK+)w@d*lr+Wdm4BqI)s0@MtQ`=qJlE9Z5-Cflhvk2 zX;)b8f5siVlFv9xGResW)eKd0w+a~jhv|kPhS(z}e8sb?ADz{KUoswj?9HAhESJXf zh6&gytaU;=raGSWQh`G#Q^k~o?fOE|wb-QZ(wyaY$%)C_`{zF)a+K^-JI88M(iFp9 zCItUZLrkq&Pxb0?8yk_Wkpp_9~ahjL6!abFYuQJgiBeK$!(@ zD%m8PjZIv~Rc9jTYCk`>UqLDW=$|`w&{gsPFn)UMe3?3z>l~lsnuG02H*YRGc4Ea9v*I$qjcppAOF5CAeb$RHv9fL8(Q4Rs zx1-T>r~G1#hQ~*rVHF2j`;FS@Ce1V4jQXhiMQFV&#HLD?u6_=)h~P#$4KNtGG?^5= zEZ=|^$)aZYwA z?M2NE( zYszCSn|m!1L4sO$Ltgrqt4hv=r`lp36!FSDTOF$Q5;7q~b=k_$OpXfxn7MIQC0zve zZ}^Wemr%beb|EkY2ff~Hdduf%=nrrnRZz=Y={}5LMtkJiY^!a@IuCAs7cY7hb`U@` z7J%#re6DFS=SSuZ-Q!Px>t}p*fIB*r@jEor+xh+8rk07e&LsvkOuNl&Vw&%zM82~ zpYW27SEP3km1d>d-yK-NE_Ptl9b3mfK1=N|5($~u(kkQUzNoTwEU0d7Bv|DR{kx2y zzzy3#-Ju~A+FNFpGdT?z@4aU5J2~gE>&WH`&^LE9|JIZC4vgFstm1RCA5eYRvl39m zAR^C-#;Ix(Kw<%8s0=`^-NM_Mb7W@B5#s2=+~<0b(Zg7s?zxYzY4(i4{iLT8?)8lq zU#&q!aB?c)c=$-gv)}6ScCTNDG<~c+cy3?XIO1O8IOb|vQLV&fUOxwP z=qX`#0lf$YU#~TNhwu)YvekQ57{}of?=>?=pYW5Hbbqx(2`_xC;4n!w+0-(2v<>R* zD+?7EeLJGI;L;v4e|sVT%yOpov#+Vb^afbEfWnl{H)4-q(hN-3Mp7s6NAH8meJv4h83V%rp zjg1Se*Y{b!1Z9%(q$u`vyf8+fL%PG88)0Qb#fJ1z$x>)xWIsh(4uMTem`JrkRPp;KFUnPbItmr*<8d6;`K zT=mDdcLlfBR+7%vE!1CmDCVdBKSRA=;HE0w(Y6}hOW!2_99@N)JC{vO96+DPwoe-z zA%4{f9^nL(+d(TbL)B|bEW%;bBCAsknjY{j}OXW@2x=(NQCHA|NB;`xW+LuO%T zlD6P$0ihex8%E%p&mEgcydL~kzRqB9@_4#nvwJ;0#SohoVRe63RzZ8y1Z_n{MS@1A z-fz1igZ7I)S1l+Rgf?#8zcFXNfPRp?x-nqP^6lGjv)H<(jdRgAHb!+paYSE&&!r|_ zyVV~t3Dy}+*q~9-{`9FPodAJfc;nc=xD!Gk+d8FIZd5n#^=SB>VL5(-@}ikBWbS$*t+1PrS`D7)bFQTiw@(uKcoK^YcgM|c$3HYF-qp|FNnS(Mt zauG_mFdDv9T;gW^KKfTdc=iZ_o^gPSjj)WS70_lDXj71uW*{lwF(w43VQK#YQ1InuG`XT708Oeza6P^>(9WoRwEW&0>ysuEY;usC$22bHQ zOP5WP7~92*Dcer#vNj)EAHNhrAL3(YPi$U6GpV{oA9Y`*Is+!SxQGLJ@f&ORMthIT zz-HfuTm&g6Z)!@2XI(hMp!#T1K=zxInbMDO<}fo@IlK74;q6C-u3(J6mU-0go3=ZY zVA_m18=a-D;cT#*&(y`q&+=>2O{5OLO3dtUElm9en)VhPc(K6rQ3EANWAk0P-46^T zlPw|3)#HBO<1F$I)k+lJlsoDskSJxi^6o-GzI~!v&$D*gVb7KYb>6$dlRxcM3{y6B zbS_GS2AM4uSd^|wv)rvJ>maz$Bs@kZJmkd}4_e>Br;QYON<&X?hQ^pSKvOTX`HdL& z@?l-anli!R*PJXZb3DGltc_DUR1i}rZO&_Uwm8ko>0D+ORw8vq4Bl>ryLRL6rR*A` z4ZuM@H)$a#_e|6Eo8{Ein|1~ARIa57k7X;?GVgu5u9J~?{M7XyuN+t)RDh(T)X_zQ zMC0S__h+i78S~1#6qXrMSBjy~1jWNnSM~ik!ae5nBf9EhO+rM2aJJ}q5tZ4g)|zbH zFNSek{fb%HgDm5cqcxE#BUP~~YY70T9Iuj9QVRY0oJii#Fp&#cs-vE+WdJWKU(WYP zi0mcN-CrJuU51m}r`WhIcF&>fCkEt2ZpzdIERZ^+rQ~(ZV=Q>EPP(OshYEpLL1cq+ zD5rYr{tsAn_&Fi_$9^VVR;TL1_X5_)A9S~>Us}7 zE(kMyMcj$-TdN5m4clSN5kbvfB&yEk7)mq4>U0e)=m)QKDjXE&C1c{?zGpzC`VEh( zZu@Jx*F)@4T*l+Kw%YBzU^bt3RafwHih9-S=%6t6w{PW!-RMtMn?5!JX6I7I$X5PL zztSx7lh#B1hg&|EQ!VT#Xs9_QLWApCgBeIH5>=-?HdT_%#8bNlv4Y1?9j+2m@elO_ zFN>wTHPY1kRrtj23LgG`1an~1_&F~Dx4j5(t@Zc0h|GtAyXw0Ki=E+xqTwoAtRz7< z*L}d^OoocI4l(X1GoRSPzzEQ%S?<=i7w)B&8r3lbMyF8aJA8Vwrxp++cAj*v#BsPh z>j%8yYUK$LV;C4Eaax~45d*1F zT_1~vEZb=wUf%wOZN;xetRK{!<2EdIZSbkp>lInAp1e zf^8(lmqcWK$5sIGvWo&bAIb&Y>zCTDtc8kX>mV6-fZ;s{?zflQ)Xz({v@vBatfgw$ z2nq}vn`bWX%XvN3tNLzT3g5!^i`kn}fCD4W`-Rb*WsItHg{<(+P@(?unooyjXVZ{Do=RK=jZ<6}@4 zQWNdAU7$L5EW~qe!0BoIy=5kZDU|C7Ei!{P=iJH`r>ca$;!GH@U6fdy%71I z8Gv7*u+Mj;;~=xyxN{PVAtv1 zZdDA>EmRZz80B)ms$vJtv8hv#a))vUAyZuW|5NYQKFSZS3I*|(Eli!gLk)4VZj^II zp>E!?wUemzb!p=}bed5S5nOY{i$3FJQ*MvNx0YJNBS(+&7Bk@=Ip#M4y=(R?+I0r7 z*m2sdNn)pXX`;1iyabscpXTvs35 z0-G{EKEB?wv~xHXGX=pyP)bUQx^GE3ZJe4+ZO=;QP4jh|m+?eQe!>Y#LKB&lTdm5> zM>*f0K$$}hi}o(k9qs7|#T}K9ZoIW>poS&NL0b(dg#Q)NEKfi{ozhry_T-i+2t?MS z#h4Fs=VTVlQ03!R)T0>#0_Qk}R5PnOjV!Fl^EkMaW_1_17|5-nuN(MYR@(nW;w;G_ z$x&|z-zB_2y#x?C3^SN63P*F7C};J~JlH_<8MPLdrsLYFXw-lc%8r#8kiyuCkoE2_ zR&jJLOU(_lZwB0U`qp(kH<$QIr#iGPg87<6bG9)eSxIv>HS^o<=UgTvhekq?JZ0PK zCaLy174x=Nat1e?d0`K2NLJP*hd*D5Mv^~9886H>MqaIxVRX5>Q$WTxTeh>^&=Dh* zprMOa+gf?^=1qKYu}-1=oZgNm8l8K(wyko#PiVk72U}u!TBX-%t|a|VYN_oLYwTou z2PQc=IUpc_1?jehj$5%f@wk2*}wHAG7weMA>z>%Q7gd_wn? zHZ3`h3$(cRM3($!Wf{gffaNk9{1#@L>zNtZP7jN@(06MqP75^PcwII|8ewDq8hiqg z>-SY4l%;}Dwg^)zT4jo}_z16Ei!Y*pejzdU7i0r$-L!~CiRpgfQ#05yH!;7kaBt2+ z*6ojkC)Z{cw$EL}*&j@vSOr-CXP}Ixl$d6rq$~Pl^|Yn^kppuj&x9~J0gXJ|9hecu zFsSVSaq#>kl$z28xT2FlOPnUiAl75AA#MLL*E2&P+;cXjSMRu)OElSqNuGf9mOic~ zk*PF8&z~|LQ~KYrBUj~|Lv`)^h5DaVkZzlGf4BzEm>K=0-LegK~F~W zEiHRT(bZqi^EF(zR$O43$%;**@W=Khfnuxrcb5^?!`0GFlZS?2g8{8e;`5+Fr^F~v zGG7L_&G~GHMZ>A6&dz%UBO%(u@qvojuIW-?8?!|gfsVEs4L{yeYe!GnAEUdH)gUkc zF_`)jRnMz|0RfZI116az-{Y3sIxro&B53a^OlE%J17o+X(hpLeTD}u^Mwvb79=7N4 zX{exHC`=4!k8fK@$eZ}re&?Oi~!(mnhH_>Qf$coq)NJY)|(L^IO$)i z%vi7I@*MfwwxvapbOO)_nGiSJ_LEZt(@giHB@@>v&3Tby$5ExgWA{A^+s8OJ?-#Jt zY|yqV1&MQ&6}Wz?*nR+;i1%Pt0=(n+VFu6)V|d52{zg0YPtA5eSs1TbCl@2tXK}v? zWqOJex8H<%tMRO{xb^fkw$N_5UQG7GwZ%PHjM0Dzh%X7@6ybx_gx{jkM%u?!GNJ0Nzd;$ zMqt3Vbgiew#$G>i{A}Ckdl#Gj^{=Ba-<98Su4JWSAf*U3Ix-?avskvXm1#TG0Sip+ zPqs66MHaNQz4w{IsLtw9y@SyWV%DhWVS<|Uv;ZQI>(PvIXsgp{A@a?sO&O_Pi0m>J z{kLA(sd)e4$7a7_o7ElUg^?&Z)sMdc;3chlSHUy zj^S=1)t6Ev&=@Y1S!1()Z=ORnQ5Jd_+8?*f*jZSRcC5GzejmjPN_TJ<|GoMAgm{)Y zHxEyq4;cp2A(JuHB<*!ZS;B(;e#E5**8`btsc)ObRD@BUS2VR_;HIDIfA5GD6Zw)d zFsJ=?{L$P_!Qhl^_aCtVmzBtNLRDm_j`izt{l4&`C9$z+x6<*alc|}dS_5A{=L(p) zAf**PdrkJ~j`ASs{m8=N98q=KHLtTPH4}X7`FQO6S7UN!z-k}j<&!VGE%|Ld|5zU0(6M|G7?Z~Mcxj2v=j4dQkQ zK^Wi+G$}oG2o4lr=o92aza<$YDq3#KY*ErP(BVAewboBDZ;Nb{P4OM6?} zJsG>HJHNrOu&1i0ck3nhY;JGNmGSBp*`4;RV9xJ%OhspssZKUw6N=Dw6D>FU!M_*| z@Hs7;3S-+;)8{5;Lm@CB@4KmjEW}ToeKAqAAQu zcDRQCVI%V6?KUHaO9>F@lyDYHXw$NQf5JGm^d;Mg>ge{e9yfcKZ?Sium#)WHF)bcx zXI@m&7ePrUXZ0LK1NlsFw9ctV*s+*7i3~M+mXa-5*?(blJ+VqwsMvn$P{OQVXQ~Eo zD*lkqi?jCZeg)}Jxhh^%6kZz+Om8`H<<}uAkw}V@Cz(|NM)ctsSZ^7udG-vCGi%~1 zMG1F!#-MUfkE0@E>&#KD_1U++zM+6TbW92+KYvr$&miVl-D6Q^)|ZVHMQ6>Yq-F$6 zWtIWsXMHU;mc?NtSYy&xz#=)yhZvQiQ=pwRt5cNR~}eMmvd+lXY!_{%q%EHhJi zLg&nRj9dAgZoH6hTD{`nFymn+K6dm@hHjDi(&e5~)>Nz%gRjg*PR?{5Z{FfR&zzUL zjC#^Pq(cKte`eXXaf$szOM-Rxi6xf| z{B&Hbj+GzqA1f@)EM2et>m}k(iTTFIpA(+{PI=RQr|nv!M<|)0arEZqXi-$25tC}> zYdzX6H`MC0tWvE;ktwdJReKi!>Q2-2d7s{o_+h}8T--jiH>5@i0FRthEyGY6NdIAi zg@k3qP3?_7TmRbIx8I4G`v#2!&k;*B{ZB4R@Tok$4T$+&fs%&gnar?e5qG8J#<)b= z>_?cz1>#P2zb93(RRrfMpsk3xc|crPbPC5j(g9{~>&9!@$u)9})aqE3ak^D3Kily0tTc$3S{ z)(W^)sdwuVBI8N;4yF3Z*xMqqNmnJrmpk>dO}nz$=ja8DgLJ?!bc}g2x_)W@ku4C) zEBnQ2NLqM(JTBY?)f{_M{fr9H4I(nSFAbQxq!Vi9omtm>gh$Uz3A>=a zkkL$%g&)uC?bT_1AmuXA_+I3crk2)4B1UIRlSE~=CUDOd6PV0stceRj!K`4)4#Vl( z5hV*f`#zXIFT-fIShBvImd0hmP&AVlj<%40ptw~M0!&;n2qj*B|Nfo-tP&>P_Z2cb zenP^{g3~Ygd2Ex|N(7e2KI|$Y)Zy7v zVAcYZdy&L{$&%_v$471EZL3XlsfAd`kKyH!pq9rYn3}wnjv#jCWIRO|A5UGyN3UK_ zCJV!_@C`Z|SX^ecV_Bo4skNoyd7|#n!FN2RdNo-L#N~d}gCJfNnGou58&pBY1RHSC zzmQ6o25Tg3tNu*9DW8t5W~NDA_%eC!OFCrg&O_cp!(B$v!RV+^)-;>Y{KJJQuuKj|lY;rE3Crg?-( zALGR+&N^da)cXY~N&3BO?$l+1$xf8V$xx+VO!96dDTWqaO`Hwr3gNs)$mVI^=;s-d z**~gpCj4+S!lu!mukni1l7Fwrbkg%@g>|uWE%cYscPzR;KUVL|$i>9@ieL1kw|j@) z_(6^2lGt9=kCVZ!EQzf(7I}l6m;&pT%1u zIgRSyHK%0T@%steP2VdReQ%O>8PE>ZW?d;44K1zr&hQUAcxmlIoEIB}0K2gJB#xn% zMnAEhN`=kd>%?gKfWGxfSjY`ow+oGgt8?I|rL$`y=Hd(0tP6iCP6$m+hKK91_6ewY zqU}fJ-gx?h0q22vls}N7kr9e8;F6uA$*+mIS1OX@A~MW2|gzd z z3GUix>4P~ieiQ)CMsOJ1bbBomecHSl`)tyWCgHj-IJW?d&`5rAO7*0%aH@$>SP{Q{ zcvCK$U)P_T>(!54AeXn!PD7UUPpTB4?Hf9%oO`XRYI+N7(tBu+@VGQh-MNp+&`n21 zK~BE_3I09g6j|WnXhTkEN2EA!(R4Pu)Z`)9!=v}eWqYYrsjg(Dzb7Tz*>q{KK>)PAw*9{o#S+)B(yu*!0x~`17p#HAc3&R5a z`iBNKOBJGaVzGU1M4ShKpZT2CqsHMiwYHSlJ?ngEKA8IR0Jl45FZTP1=dZgQ@}1TE z^QBtxcN`->fTa`-px&d?Z=86`?&$S&=8=UlpkFMFh!xdNm#LfDe6r{F>x#N6>nS3! zF%6_E8~WMS4>e;^PK{?DE>Cw^PbPoVLQZAHiJSM@Pi&x*E;BP<6J_v4(-mZ@>KhxU z^t!C{SywZA-gB4i`=o0Bs4bF1+h*eaqoydabjKy-+4XmG_4Nw36cj!eTCelC)PI?6 zOy=DxnC(u^YzP;EQFV09s3Z?vgf34gu82j!z`%oa!3LjWW7E8*=yI+=+*lXs=(Eym z<4b2#f4M_6MeV1$CnGlJIPaDieQcYC_VsvfO_=?d9PKm~X`g1EyxxLUh`91;`-@$P zhsdSWu|!^auXcJl`{g%eCjzf7kMrj9>axAQ+uBSkneU%n`^lG4W^ui zr=tJV_#o!E1ebO=&glOB33pzD|G!FHrB8f@>wcW1;WJW{BMfx_6nW1BJ84w(mhzQhP4>iq=I^^PGi7Tx7bYw7(ABmgsl$ch zeIui6J=+yL>;wpGREv8B5yO-6ZatBpBz*7Y=H}Sv!RsyVwGS#h1SYN&tn@q8$@7-n zE#syq^E}VDY; z@@}r*NY39IXpwPjiV#-K&dD)=SOuG}p{}kq*!<*{dOyE5;BbV( z%sm|8b4hmo+Exbv0NM7CBY%nbRKaS)Ov4TP*b01W}J>H`c`M-C)iOS7gZ_;?^Zk6AG zg_Bfu9|H`4Km?U7K%Nzh3)Wq1C`RT_0xXm1qQTDViem{pXY~!Xp(w7B?MEVjPO8yu z%zBw-|0^$PFlEDXb=a0x3<4h@y^td0SaWBp)_G%EQ6Ip#uYcJ$LdacJfy|*&RXq37+uG;)OTZ zG;v4g36;6C6Zhj>UGw|wOqSlcHmNF!v8|s$(_b;0crR%7zP;UMdvgt2RhVzkcziCB z|8c<5Ob>?iEfp12-s;(zc;7dSLgqRyLJ9*7;M(HGS4_e0$<#esE+}xCxoFR&&281( zz^K%c@!SlX-I{|K{+?!=tZX7wkQLkYp_WcfMP0ew-{AA=>?#ADCIk7C|7jq6CV3xZ zei>kBZ-J?i{x?0q^Zfc=d7rfPfd>d#JnFFJ77&*YrS$L0ZWEY711m;AnW3lC2Nxb(`&9h-flc@o z6UgE)OOx#R+XXYTL+peIECJg7hnJU^v@SE6DJ#KJU+R?0Qh}=;vakqs>(;ICdW8Z_ zM%|2}=acfD656D(@BcrxzB``kHvIpgBdbDIGCKAqN0F5o*?VVH2N_XB*`xKKI7W1= zmXV#E743r~6_MRALMSt{-}T{~zTckj@AbU;r>As(?)w_=>wPV=(h|*{!l@+(#eWKw z`~zMb4vu#i`TSw(*t14%la0X4ZUs%F$z&5%G21&NeF?Z!%lKw zBWy-~`no<_u?qEzoy8qKTo`rgvI*?Y-1>P?!D6xWB=O+FPEWqk0|u$(Uvjizo)S#A z7lOo`4wc~CmutCC3(gj+CDRFHWhMzOOSBJ;Y2ewQw8Y`%E=9Xfxr3{%epB-=1W$6S zSR^gqxnFlW>wX3&E1ryke|3x$KPhS3wyLrTHlPHef!UcXGb#zL^X}3GrVsq4gK1KH;0quX8KRSr<{HMpHE?e zPq}HcGv?20&?qa3+3!95%mrRk?%{cHN>_S_9Tn~d-&gj{snN{cb9&MwR|evTJy6Qg z3CXWzmSLeOkM4cuJXgt2+(>o54m`BZZI}t8J}jXdAA>W77$i5+DHjTxVap22?Zc8!pWYc^D={*Y&P{^NEoeH%xru#w_N*b{QkQy;G!0 z`T99srE?jUX45q&%toW?K60}%iOsQf)|k97!PILn*IkqvEbg6(RM(7JDbnTijUEcz z-$kxr<`wwy{W#RG2;w+2^xs%$0<9ED%+j4BjDlTUee4?w+hpM@d6)vrGt$mgTfQGW zRznC{Ry^JMfRXH?YPQO!_Hz+JvVDYG{*6hNj?o*%`=|F+?rXHbRal?MSU=sqDyQx0i#@fbN z1t=mzS#Hb@P6F3`MQmKv9^fdC~f*1z$XP4?7^oGaE|a$LxDVdEV)3w z8EW5JwAGr!wm#^cxapYF7`*;VX^km}>I){&clwoF0#`zsKp_|F+_5mz^sKM0C<8Vc^T>(dr2)$shgvH>K0bJq^Wfub z{kbuDEQ;B66Vam@=+4=;XMbzVKa|BVN4l3zz?RH|zIL&EV&GU6MX zAhLUo5eW`2fZm4z&?1I~2?2-u{^$w|DolR>c172AVlFjkCaL`@Z{sV2AxFv`oo3kM zu4xUG`D)Mn6+1h6eh@7b^7Ms0yYdS(bK5HS;8ox<)IqH01`p*I6FvDx&Ie~pln!+G z?)rPR9GVfCb`j}F0n@^^<*S-b8QQvZ!D)?+jm30Mcuf@|$yrJP=XA9($I!%)Nc{#V zpoAwed`^jft(D0u{OXSDhl@I&cbE5eF39iRQAxdzJP*rDit$!OlfbTgSdVQD!yMXy zgy^YH8hN4BS_3!#^(^!>NguT`YH!8G1Fs(HlEYH?HB(%L=iQ1-yj_po;?+&Njha<) z;@ZWj;QqCSnclj_dz`4%A-DPIXA1$)d@SUD4rB0J=j_4Ro=MrN@rFpfMf_rw&GNU> zMel{M>0m1XjnF<}UPq(0mc-Xq#i{SPALgj=xN{LMKqYQx&CW_>P~wt}>kxU;z_#80 zXyzO;xeEvqY3MQ?oy3T48-VYkKZpb5aQ4jLs-H^7 zYVhI@|E7n94}YTlGxw*rjM*-qEscM0QF8x@Do4NB=R;NbzjJ0!Pwi<8@UQuBbELkf z-gW3*acQwr@a)p2ophG`!ngXiWn#*PNsYBcblux*pVBTB&kx>>9&Ja5~0 zUp(+DtXQMLKT~jVJgcti?VS(TFBh*hPIU?j*>x*Al$RCgg;}Z6dlsJ9dvD1XU2>Ac z-Pb!H_wd3YxU85x_(+?buSm&faxxlAa|tSX+pcD;)0N@vG0t%tK~io69*J=ZCxqJoD^@^}W= zKlSfjoqy8LzGrdp^KS0R`o+S~RM!1P^a9=8S1J72k2$^V;+(GFDWcDiqfrP_t(F>A zv5#visqaX)wn&wCov0t?JnZ%B+~wu(3v?^m^LwUls>|Js=q_l^wX}86>#8d~YA_j# zpLF>lq!K!4JT;6REF3E0nY${m$UfB3pniO6;|XKoHIt^dPj!7nq<#Czp{(LK6h{sB}`$HyvyeKW31Sx>p2Z#E)@ab6Mq(}|^yE+~YFJm>u4C7KGY za~EQ6Cf?EGp8GMmc<+$_k%{5~RU8zr%mcEL1q`Zp85xm%C`jD&&xGQwi2D;lj)V!j zk*m2r>P8~<^a3E^*?jT*&M6V0unQFM!d0;Q#$hM;W;eYcjJWb}9&58sYZWTbYLu|o zxXe~5(u0gTt0`~pz$fK2bU_7;Uy$qZJCDz-)E1rKv8#GoJ=Oezk%lc2$wXouAFz~Z`TAs})#mrc@ zkY`kA+g38FIlBSQ+yja0Jlj&ywbDQsr`U+e_VKD*FD3Fal-$=Gds8Cc!T+d&QpYVD zJn2w)O`0uCddkXmOQBvOK=YDP{VQeiA`6nKw{(Wig$a%i*ZJF~>zawkuqCj}oOD3j zs*crRH-%v)+T#}nq9`hOdgXIHEVc9NM%{a15KYK2 z&X^pjrbGvbD)6m$K4xveAlCKseZG}XJuv~;z7}if88nW5Vgm!lY^Bpo4?6neWke3v zC3Sv1PrCGj_K@K9gUay|3^-F*yMuVx-y)^Bz*=Z54VH%zK^m@vEHU=cOTQoWOMpqM zZP7_#ChWQ@*~0agWJg-jpD2x!n0=WrTD-2d^P9V=(35uJzW-52(C^UmkaOq2&}+*ludhzquQ&s)Krl3|U0WKLNOd-w_l z6P>tjtD@MUO2~aN(tuU&;+Qgto>pj(4eTpU>;qah~>gYLj0u z8ZL5qEbj`bfu6=U@}c)-!OxFcx+PkN($S-%h0p@Bt_{^=JP=wpaY1v8?sX!1*gM&0 z2Ut=$8?D^GnanE>n-@jRK}SLbI~q-A0tUorIer=nY`d@J35^S}2hVPQ(hc|$_klzc zMoJ|~#FXJw%tyy68XzWHH%nT?7Tnj-T-Z z3?B}&8B7?R1!-=x=78z*A5;vN4F0_Z!vX`@BZ=J-qRVJ-TQGb-IW_ffjiYf(F~%LhFV14Gw| zkJQF`-&wcvp4Tj16=J=SlGZobT%!Dd^e?FqXl@Vj`nlFz=v9)@PO&^P`i9k0!`0!o z2xTtaz5|5s{#UYhbDjSAA*?N7G;PCgdOQ|vu z1~{~{jx~!Qj~qXsWayfiaPsreZ^wHfn{GJ@Z-FUM8uL&PSUOjjtGn_bTYKXrY_Hpv znO~adx;5u$)vf{lw!Dk_NukWAk-1-QcySZ)l27;1c$t6tcY&o=M7XWa&C2v@ajcz9h{A~^8=x*p|LU_NF)XoE_d!217p?OVD=blA<#@P^A@@9g6D7oRm4?9?( zWi_ZUg>bV3SL&AbcGkS4@UV&7te=W$Dw~ji>G_g=(nMa+4*YV1gUGPN;X=)^6`7va z$g=A;iw<{G?{8Qq%Kz~gk~CWWsy6GN7%Tc!DX$*=W8Vz}89&g5Meby}&)_+3nhPtBlH{Q!80@jp7SF39*{ zgAsJvdAIfI%n^oICTnsn0Mv#fu&o6izyw)lvj<=Ep10GfKk7W=85oi;l>WyOZ<`CW z4HC0VwVKLri^o0jAK8;Qe1Rf>#9f0b&BSS8!~~tE&TdIgf^_9_DR_5_WcaU zK3SWWGAgi}>jYWsBbreAFA@&HSXAg`pq^06MHb7Q$JRD2QGG?fO;m%w+yvQ|!f&`1 z@4s7^7=O^+u+&LeHq}WPub&?=qUOf*vXg$S^Aki><~=}ibf6c1GscvcvL7jdoBy@r zy~|t+KvKU=2Xw6UZD44=e3U5sPD)|J$X+E{t>q(HUl@MEP^n;JVEv?3pQ58`xVAkaoBfmcMYb9^q55lxm&8s)T8tyn4jLGrghJayn)G z)a$rCW#%0(mz6c%@4Q(yWU7z$%aaKFGqZl{S|6o1e`EnJkPp_8_`4k4{)&&bFzPSU zI<@v{0V12id-PJHg+Vqeh9z(ZtkR(SL|{p=SK1ZV)dkfW6i|P*5qWxO`|qNVnlis4 zP%U}zHna+&m?H{~-Ilc@xjA5V%5?TIM_!{ucJE!)rpCluAhqf(C`@lX`B_L7Za3Ad zTmxu&d~$(+wI@fdZ;=XuCV;ccoxHMVx^HSQeN2f!=7=>VNUM%o;Vb55j@KUYF8a=? zVsfHN3UBsldhFT%wwVR5?17nbi0t7P38R}I_uhzX zmZOR@Fb0ZO0*3ru-IIT&4{c7_4|BbQ?Ek(ywYz~3R+r0?q6qXyR2J8}V`j{JFdX<% zG0Z4?TfTLD2X0G!HU0q`P^K3tR|0QAlq4P7=(rT!>r~*8iK%jy2>vrg;77WeMaOf2 z&!47>f9efCG2*(#c>`E6Bk+;`LLX-%NHae-W}{kqA5CNmDz5c-0)2U7B#|=)uq97t z9AL|qng3KhpK)}Chp!lzc&v+z2^p}N5J~n(Rd0$XoFW+%wc}8tzH4ICZBC9Ak<_ls z80^4#_ioJKYS5GQ@>U3nQeVfVHlAK$&VvEAu(_u5fN<{iy++`XDGIZ|AzeKgN&L>D zARy={2d}#ug=rtqvS2ksYNBOfD&DhCYPlgwwjP;OhTX5B_uAGm@OUw2(ti%i$ct-{ zBEf@5XJ)|jzhRSlQ#^m$<+Cdf*&|)ILJt^o`MMkC`i4n5g*hN@C+0D2x%I*mvx$7% z1Vnw7|D)upsQbY@Qa_>i_?lR#+YLIb_aQ*SHlTbapioIrZnl{@#jy7k5Xxt1xH1#O z#@#NK&)l|!BBrXb0LX!~Sp7%&&xo9JXl0pz5^%bKbeBD#`!L;n%ZW0g0Hj=YP7q;= zl-mOBuby&X#%uukr#rT%4tFDpg9*6*oueZDh)0`?>(eW8Qq2G3DU_rb2chMOp@1Iy zM8ytPGPFPpyAMu!4moKXaK42BA@`L5Nlf#-J&04#q{6_oiJA^3TsayvYJYC$;1|zQqK#9)4#OwQ%_&~VWU7!z_ znP?tEqe(8DFFj?11Ujl-Ei0RW8Cr^KM;MbG|6xoFSRYHdltU;;&y6v3K$AgKq!6XC zW0GY4&(Cx8kp=w&NJLgnMy%1nUZ(TY)j`SYlJo#bv;Nr7{oWi+Mu@@kJpWXIsz5zS5LM^GhRaA zXore~d5OX+NMfzFrH{_;c7;D7=biR_e`9^}rI^v&XQGi#fqx40a7_PB9=6!Kr|wOf z51exk-UyNuaTYo$2cV3zqqHQ!J-m1q-v8u%n%iOrCHM{Bw7*%{thYRQbrR=phn^P! z`A)WU(&xr_p71`;f*L#SZ{BmOj$~Fzbi4`UzCwsUA=!|p=_*nrM=I8A<^i3XE{h{l zf?I(cYL>i!xi;76ZmdzTdxgZ{8K_pWSl`tv=n=sZ7&DUcEdRR(8UHl?s%NriG zXu(8_`oE+i@-52`e}V+Ec=9u0?(F~ySvU$`5{X8FJ}kXsrVa8nO@8JQ5gu(6#%+9`k$D6d9yr@&1 z@5iryr4q9kd4Jp6^Dj%roT;AN3ZPeZ2&$K7Cr3vhe8f+t%#k^Mvm(LF1&yqt0k7?& z7lc!M&)cLrS2199D5;nXdue_d!n~*oEikS(>9Inc}fb@BvlBEVd&{1G%&z$dniP?jG%&4t`E9WoL@jt zp+3U$8hA9J0g*=jwH8<7tO3(Ym${er_>mnUn(1GtxW)3=z_giS&+PjJ&0v77p~5^K zASgTheus8nKc+5XEGElN`h~)^ZsO~_-N9^3c^&DAxZdEL| zEO(-$p7bOn%Dv^pltQs*L=gpfX)_52=F;7OZ(Ig^#tzr+MTyUqV)iEuiGpRelz1;{ z)b}mmKdN&vF_vK&VAf`@vaLC2{`~3{`)oI?Pw&VO+AqeteAwueHtCU^i_{Ee9|(B= z5Gj0OwnGUEb3k&yeL*<>lVfH#kXlx?|f9Xp{!1ysRJ^`JS~dTf~` z^lhYtxYOg0sYQ~A-*=Es#QGZBa_qXGz4)P}Uc>T|N3SwI`0BL&x?-QBgO%>Jsc@W; zc+#8EM;_)1dx;qb$3@`X9MJQ_{MpYe&j6~kh5=RA;i+LHPMA36DVpiXJ@d4TcM6>a z-Rpbs%*P61(g@v;2fmmLs?`2vF(FXacQ%;RnqaSm44Um-MeG|$l)tqLBk^WxCUnZV zV4gn_=I)+QiqXC+h#3CT{oT4!N4kI~t8*#Jl$qH()jL52+ZdcV;BbLn>3@UO z3wItsx-$E)V}2woOoHRShT|gZ37J8=eb%BP8PDi`(gO3@2VB2>fqjHMc-qFe z#IDF8SSuqB*uRDJC}bAO9`!0491{z4m6Lalq2iISsy}T%e(j`I#nthxjO?x~T~kp? zUMU2@{E(>q#0W_1ov}~i&6hAL%d@+6@MX=lU)85qNk9IRapboruaB?a^(^MqA8N1@ zD~ttfJwcC60sX#2iQgR9f8(lJ1*Nb{PMfIdfdm!QBS@ctHr~!O@>`kD+OF--MkO+67KgAi1suo3npSnMx=z1nNs6H0nGj{a1_S8_E%2Sz39Ek{ z1{~qO;y8)nW1v1GqBx~iH(f}AG5@>eWsc0r9=b?Vv5hI4l_Ou5O!9H)GR<+q2swK$ zF%4&G#NluShPWvNKdOOksjxT1#|G`^@htPbAV$ZkXQZ{^ORv)76UyY87Me;2bnfuM zXwGl2uo5@{D}=Pg0C>Li0dXh&Jt@MB-)JJuyUvg1Jv`m!?`AN_TTv^17s_XKbSEhu z6qS24;YG|WyRu*GPqpWg>>6TnZP>0fA$wu9=3SBRM46#W1>RmZQ zyn=&cEn>+WEHEI*65V+W-T7%+%l$8nig2QW3L1Ja?VR6WiF_!z>ot;_=_63tc4K=9 z156rO>di+e)=(JZZ+vb%x6e>GEq>f7>U)X!6iW1bXt7ejLe~@XZ~m#&TB3Yc&n5no z`o!7xEpNGdH`WRQ78^=@^>Dnw+YpM-6SYUHPyFWmpw+2_4O4+_AhGFpf#O*Y)xP@I z`P6i1x~MUOkY$A&2-B-S*WPCh9R6C+oE$Rr5nz8Evr^l{|qkCwW~MueA-anKlu9f%W$A8Uwt>fHn&?QWHrfy)xv6L0@&ql{0> z>Z&`Rb4jy%fzp_6fqt%i6(Pgo%rC^$w+|k-_#;|d_!*_Ewt=EtGoU% zx_oMAKb@{iJ1Hu*gf`fWUE%Cq5L#Ax`Qy4d$Yd#@H=x)CwvLS!W2pnDmrCxEH#9!F zrDo9dRlxg`Wp{?&(Bl)^iKGBXf>vtf11>0oj9b<6ZG&@k8DI&r9x7tHySiIPp2fHd zo07881_$pgze@~iKJNJ)MkxOOBCCC%*c%{2kSFr-fqf%o7WHYrmmSQF(f++Q+9r#qqk7ySo@Cg-(W4b|?awQ5k z?Rms%dtCefo!E{tBA`N021&kBAf1HLNqQG+@v!a`OyfPx+?L?zJ`K%JQ2gbqk#{KH zv@_FdWXrLh7RKoRgf* zY_&ZK!yna!e^H;kDAhMl(WxUDOq;yWkhD9~M0w?^ao}TYmgp^0Sm(2K%qtOF5#dy- z{?&ej-2gZxJc)!&#e+7LvlC{RPq!IA;>V0+PXBC6to-ihNB{j(>l?^U#Y52+f{{e8 zT_hy?2BI7=GXgab4mHIRZlb8xJx;L&0a^rBfUkpN6|fEM!A@}71Vd3Z}c1+g}yc-0)@c{m&!gJE>zMTnBZxugb zHhFF*wrp>Zk3u;zVak^BKU~5MR!B;He{Zsn^w^bXnAumnHM5VIkO86p>km{I>5wyx zM+%WLth9BUz*WIEXpL=qmPq}*Ch0a4=`ZdRXYBl~72W^ax9~|~4;WWNbmzyHW>;aR z%KGFLD1h+-{{mD}g`Phlqg&%TQEeyYD_qocL_)WA{)TJRam({bhR+j5BY!L0rzBs% zHgIG_c(Iz)4%`a^AKBDv>@chHl*>M{!?D|I1G*k?UsH$^MPZNRR23F)cqs(<%r;qM zs)jc{_SglnNxquvrE-b$8)ES(Z)!dWox+gSxfXKbQws)(J; z1mpEX)%YF{M6~+C99eiVBZxM=vFLf2G+~0pOp(owbA@N5)#6aG@5PYktks=oGc76C>Oo%k3*py+*4pPb-{GLCNF-xQg z;?1uRu`kHJII)cv4mu)D$fw|s9TLa&0v9h!gI$%|3o`oq_|*_-9XG$`mL1&*)iB3c z+og^>BSj&*){SXdNd||cNUq2ae; zC=lI0i}6f*S?W-vVUkb(vk}e!{ zLI?CD2?jLj7i;Km`oj_rMVQO~$pyBP|9T0jOnRtAM^}{hQpt=Fd==ri)Ys_#0+|$- zQQCs>shjWWb<3b?Ww#xh9_gEb&6Rju9*Y&!fi)tqhm9WzZhVx5b>cp%4AGsMRLeC@ zh0%53aZiu1_b|*|n0TOlONYEt*x4uYHbvg?fhVapNg(T+c2E+rzW*wyeAIUd1u_0( zt>6P}g%U}8c7DLVPb%bqt3p;-=g+t`M^UUh-Zz$H10pU zKblu?V5AoVvrCH^UT*7xvmbJ7h?8G-OTc~JgRt)y6oK_*Am&sUUYdRELL$_ooA<>MA}*Z|)_N1z+yI#x0ad|-lfVS6zz;n-^dC=fDgb~{D3sBD33ouh zu}cO0&{q^}iROql%imO=`9JP}eH7cmG$Fc^8gm`uj~*M&oFz|0E`a5Ox_DbEBK}j0f!z63)J3R_yxpe&G)@b_%oV^Dts9eXdgLVN=+{RjVxN z;P>Ah)cwguRXh?*y=--frt8l_F`OvU2H}kKDRWcehtyp20bM2~aKl{Uott@A{v)Nb zkhx5&m9ikGq9h^Tg1v}#R^1ZHCbZ6;i38FlX?6kRDjA+yt|b&a`t@NRAYC8C(yU-yY!tC{h}IrNMD!GRaae_$a!J|O&(x)Y z-puiHqM43!oKEy?CV69=^$Lw+C5+x@nYsUDziwxOnxy;d=K=&8VYA zP+lys--!}`{!3BGE&2l($ev1%+R~bbhdM1*tv~oaarYw^3mF+NF`j`H!GWV8`MYEf z<0b&rvM#9&N86&z(XxVaW_zY@Nd>zI>nd$->6_Lyv2-M+909^`oMT_L-iM*%O?2L^gJF$G=(j3U1`2mlNv|Caj{% zjN7r_vZ;gh7xjbc+yaW{KCC_S=Qr6;(T2iT)b%9Ob6(T4(~euPx$x+akks!Yr+`Ni zCiW?urL!100)|sPw=F>dO+pJS;*9T$Vy{%uQ6Kjp*8=o|Cl-n*10EVw zk+3r!?PnCf-#6^?L0!X+1jmkVtk_kz>xA{&4QE@M^ncr>sC>pVAM~r^0UrQQ@HnCUA$k>(luMr*ZBEPr3TbB6m%i)H`Rss%&#<;z|Axen4i2 zK7Z@_^3=85TchwR+rED?Z~e@-*7ouXNv`J8#&-8gsqvxkbIO>o1+@71Z%245HV^L& zo>7~R8}+te#$*~0x|V+bQ$|kcY_rA9?UX3I_s;PPB)ete5$V>IGJ30BvJH>3^)T2I z5g|mGLW>z+ED|06z`&Z$uM;HQEl$`)q`ejRPM>K1#FPr(MvFNdxNb}0x1R7a_MM=@ zOU6^<+h$FeF@BY4uxSfB_K+4IKD}@=eeQsDzCF(U#cg^Y&k~r>H&$@-hwn@sx2uV* z#TDCuoc6~hEu!k<1O7@bZ~D0HhJ2hDFlzi`uMf+NT^o#ke|n*R~A^IUa%TyzVWRIw`yL z7|SK1XQ!^|C92rZgwEis{Bw4zECw6FlkoY{rVJ1RGa&tK$fsei3cmx zxTsp?5?GSLjG68gBdn*>;uQ@EA%-uLR+41c!|PvX+z1phmx*0<E+JBQ|rTIKv?)!N%-#seS^BQ zGjYS$$i%NKpB8U^_N!p|DXn`hO5b(A5G7V;FE)POZ_7_obQ^uNDq-Nh5cbVUjod14 zDeJEl$hWdD?t9k8r1qdMkV@!A@wCTGL5=+J5>NcaGoz!!S=nAJ|vG+%X?BWU}+uX`sRydRu z8d%AZFiDX*DTSkmEUef#e!{}S?$7IF*|P)L1C1(+)W8MWi48?W^w8J{5keY#B;75Q zw7!^ExHQiP84`B2$EDcH#I|2Q)p+_Q9cFkgjrz(}k|mB_`FH+>p>E zLHKT|pzSSkK+0WgbN}Y@o>^+?QPyva*!@pOauZTxe%{d*aYrTPWZqcuNr|0GNwV}X z%l(NF!tPJP_y?|l>2o@38+H#w^ZRgYrbziD z@^_v~YDORCt;m<*m9?hAi-OrWHGYU}Hs~m#h-RODnxYP|J~F_qj5JndA1h{5aBWM8 zg#A|7YvWpNH@-EX{W8DO+qyfIOnhx7hX&0tlvL`jC3KjZl3+)wp0q2X@Lx;Lpie7x z%V&BAP6+otQYtebvITfc4fa{d#}6)*`BdT)b#ZuhERSizf`p_n)=|7{d=DX5h!)c} zQs1KfcjD5A6-`*^R(f5x{o6krBJ)06Ar^qV4pK*m*JMZdM-jus2t^!xI%efAKVs{s z@MU6z6HvW4#dW6;?RQo1fRGd&=@u4P4pxiHS4*;=y-YlFn78v|xw6iTn?^31eTvWi z!06h{OSZ-(hlI|}WSqOY^3t|$B4U?At!=Dy0$ArA9+pY;r}#!6ts1=%B6NMhW10Ta z`hO?|nb8CZJo7BsSA?SIqKG?eG2^m_Epz_0K5-)B2-luawsv4uKdDjyijcBUca`NQ z7+9%~?QM)A5;ErIjxT7;Ylq;M@{9C>ufP72eL0t|cAE~PNkq%)fY;Nkr^PoGYPBtn z@(CPPve#a3>^v(~mqqAg#`v7Evvr*6?i-P*W|F^8EDsqqZaGw~RjTTF);6o)#p|U- zw4ZZvfp3^WG6@T1r*8p@8++61=58`A8XFLZmdu!|l5GwxZDoH4V5MyPSY%I}wH?wh z^G$R~JKLaTbwlKW3JFWBIg~!R#71s2a1_NIzCVnANDcB*`_h15P_7^#IcS>_uU+<9h_FEOf6SeR^IbYjhpBq5r0}uazE@1xpqCD( z6Sg1uS2bWlpW*P5p)|y<-Qh6NPqSc1*b&`}`R>vvgw-CmN_ICjPBVVX9v45Vxfa|V zlJ;1Pi~-Hil`it&aHJBG1a;eH-@|9v3u-Igq8BD8Z!TO?Bpk{;y+2_D+>URXzUr+N z+0eP_(WIljVzEtw=40c^gS0f5!hB%m_FzW|4I}q!)OZQXgXS+f{?-+gGVj5Ic2xMM zD16qV@eHyJ3jmPdHvTG)@vUt$Mt$r{WL3`jD(BuiIKk&m@1VTdz{mx^f8+5AS4dX1 z-BCUJ{CU}@ePsW0it?W1EI3v6s?)XRiK!Pmr3ei*9yd;Ka!QHX+RinnIIwl9&bR%% zfU9*M5j0bhBktnAsrH_`G?Tf6k)N1R@0~}qt$)s)x8C9R3m)Zhz+r_B8VtNiprR4M z>u$A#k5Y5P^;*tZ_VayogB?Xgud>(uDw`5zus--N8@5cxh^^~MuOOrH2`aXw621?u zRCM+!sY8kU=)19qe7RA7NYJ*tjCG1Kp9vrRSL(@_;weAzw&aHm=y}=KI^}(vPpqa+ z{|WxjM!vNYBY1Tm6X+M!6+g5K^C4xl2ONcYh8XPC#Z640JDJaq)IFWfarq!ZvIxCj zosI*nx&9D6e}WY|W34{+z-}i#(*oB!9AX4Ax#@qB;xF3}VFgcMH@Jr+*I+6b!BkM} z^-*tbL&Axps*mFiJ=`l0{3R1JX9=cYuGVt&-b1Rf2S45WsOQR7<)z7&(df@t1qg?f6`!Jj=bG3`1$7;l8~wCM_vu> zx&8}Xf1`6Bb0S;zi-%2~>j#j^=GKX2xi*5vG(*>3N)xiC10CwN?4+g?min^8^e zw;;YK10ihCYA=^vURq^zOmZlEatQJ}0q4TVKZ{g2B+Iz(ZWPf~j9}1S*22r_BARc!CX84fGiHn`peLS-S1r*dib%L6 zy&LugiS2BC!;i;|-F%Q^e*R~kxUM07pF)rFq>j7z=zQe|siQltlLj*+RSwG-ru|8LTa-F4Ud$_HpL++r{U&;h9p z$6FVmW!0(hr)e?Be=3{lts9`8?mO`cVuTAUwLGCw#Ls+hx->kAtwgrqhQY5X65DT2 z20CiZji78Zi(_7-XEzCo%v-ep4+3{SA*w)0*|!DZ{B0caZFxzPhg@Vxlgg?nmeO=^ne1MEcZ4oot-Q*!LLf8yFymx;RT;}`kp z`SVc*@xu&kx-R^aA^T9U;rGiErd1ITcG>U@RSCfG;kj zgOl_qI>E##^wTKs20sC-Ap~;SG~lxEW^D={0&^muP_pgL+jDJmgq=OQ2K`}UAI810 z8m=5FJGsd1?%P)Shh8MbJIx&1bK<(~y0=8DWe_X!*8d0+EEvqUPMv;7`aEZq$h;u< zscjrPzLi_zCY(m7UcG!7{oHgR&Z?XFa}48;FhrJ0;~y4k|JvD_vV#LNQGD8N5bsgD zi1q5)KQEo(d2qf@i}i$OW%xlGGF4)ugDyJjL+kFFM2DFMeaIP18NFQi@*yli ziUa0HSzU-3gU3z$91hV2_mmDdco8)4j)ZI5+!dDV*=|Qv%B?`29{HL5WfPmlAsB7^ zB3E{t^xH>tKj}gsa4iku@Rrk&5&nn+lH#^CE_i_=IIUqu?y*8ZQ^dR561VbbrK`cy zNob1O$!?tX3%MFVEjaR#-`erxUpawG14A>^M}^k}?xL0n>#FFoUOm_soU%v>=I{!! zJnWUx#dT`1=k4%I34Ua9oVu$f#IfmL0doUw{IMl9R1Ed;Rh;bzSz`1$IRmHI$XPG8Wp}OJ3*OI zp*^Hvs7(4+DYs|nIPF(Gk~eGqN?AvZUxq7`Hn&eXV5vTaLfj07xASY08@#0woR>bf zw|pRp8NwnrKS2n)YXzo7gZpTyI!pzyWezLK|PUy*A`;Jj;Y zAT~6Eg>0OD)u@HxY8|NXvb2~$HO5C*5X8dzU{d$$!+%yz`&=^!wJ)W`SLKx5xRK#; z^q^1P6Vc)9(ux<)pC2QeqKhB}+wjPj7m1Sl@E}m)(*D+PVg3?h53&wcNSx^*fL- zav^WQW;I>h$o{(wSw9Rq?#(~d`A{r6u63~HRP2ub13r694j1S@tYOJMRgZ{rrY^C)CMX4oDX;S>O{CQ!`TpSY&H zUgD_k%H1S{;X4%*=#$#-lzKC6app-!26^^Phz)vuAXxD6&qeU?roi+}M-fkcI6a#9 z?Vv)o5cVkH3K5fztMxt??4JKjN4!BOwA>O1)jXoq%bv@`cZ(i+oitHIOmOp&gJhey zZG6@6w7?Wj1F$$FgiXO8q9#+K*0jpKg)vs2*oPDwtUp%?q&tmLn~+J-XgOa1g{trQuQ|<2uN{h}Neu^y zH1@1@S&62_m!E$;qG(PZ`N$=(_b5LX_g`=D*7B~?f{8oRfZluG={ZLA+>)ATav5c_ zE;vW!Jv27P2m-1_EwZj04ZWQ1Bb!GCLQZTnK0QuRoB@ET zlDe)K?7mFgU-q6?%wQ?cjgTDP>dool6S%WA2>jjH#2u8=aCt~kUwK0r@G14OI#l>L zzNdS;O7q-~7{}Z0oc;GqGYFRR=$~10+tH~YYV{bHCSC(V<%{+aK9V0~id;v}AEo3reShR;A1w2r$Vnpw`nyOBG$G9sLE_QOn4t&s$!@|oZ$7X$809{w)4?_KDkdM zRI_~+3a(#yNv4l3(q94M^eG63chG%0%$g_oHtbE`_eaGnmU7%$yTU($yQ=s#%gKxx zoDVhy`(g;Z;5AzOjQY3)Ne9UgLyGAeyZ;?JjD4(%yrodyjRZmr)77}CN5avvvh9N7 zU(w`0ujWoggV7f!j5ED8ZdOzuy96xIY8!(R7skyp%If{ib-Nbazdy&)9BU*K?qHsD zdW1@lE7*%98N0nBt{iHx^5vpUoZI{dl+^TaTMJdfy>hTy8LzGwR7?DhFXdOy4Gt^a zZ{3t~h>qb_F_1PzF3_j>qPnr?1!3@r!3%e3)E1xh>siwbkNO*OdXIF(Poj~V@0NAv zo%y%?@geoxJa5!EiNTEAOV5Z+xg8_V_vtVaud8O*I6b?36D!*p8URzMw>2i2^$2a-oH z&?&zI^CEFT#LIT(viu$W>LSD=#0$yc9yzP7c-L!=g+A=LLd*?2>*D-k-#l;7hoz|X z#GjX44v0vRHD!UBMm78{N*-WkpNy{U;p0sR&8X~TNVwsb-Nvu9G)et!jFkz?#$be- z$hv+$WFrkC$RtUyb`?kr4v~SJ0pUVNXS419vgC01*}cHMm8`w=AV+{B(OE#Xso`2G zBDV8jVaoZDS5PZ0ug>nl|4w+LKIR9=xkayov4{LxY4lf|4jzx1a*|XCILtf0V?ziV zS8VI}CU#fCAROR=5EdBO@Q^z+aC7PHC|0bTiTc>E7$GDMF8Nyqd9ViQV9kPHzNAi$ zkmdA~HfWpQ>(3JS>vrZgH`(%-5fPer0(cs27o&$WbDAd2{2xiW+dW#1T}*Q1__5uhX&4~L^(H6(CZ7dB*YoFZVgT3h^IF;y$@}M>*;5vU2dAd6r(h*DclE>>l*pw&0)B1op z@Kf}*4V$|{-2Ggu{QK1sLH*)E9;aVDgZza5+&W5G5GEBBv#TQx=;9^})yH-linraE;?zIOdWvmv^()TsT4Rmvjo%ku z#-ck}WAaqB!*DCst|`hsZ6b3!Uhkbw#NP^Cy?pDb65swI;BaO=c@$F76}zq|K>0rj zsUSx3QzPZZ{p-hLKglJgqzf_R+(<+Wj?}A@#(Ujd)0Q0t#7O{}LZ4Roo&H%{$D<~< zaqjv3tuKE)MxL)jSU&lm@Px(iycXs=j|27^yWdG*+Z=Ce{2T}Ye6rifGSM(cMc@wk z$Ds5i7{i_-3;`?Pq5DxpUI3@e5WC62Z^a$DPVB2KebM9cK|V+yVjs=3`11})QT@(Z zsjn^&Z@)z!mZ>=Lv{V>CQL*&KNTNs*2%+&t_RgwoN1KQ1In@&3u#UHFkrs0uvUFE} z^X^A%Zqa`fUQHf&hQS${DROeXlU8}Cu)Is`fPhjQwr$~qScuq{mnoxp<|E@Y-vp5y zWP9??FXQ9FP7oC8LiWmPlU?u5kF|EC-=|vnR`} z;H`=v0auxhgT24-@1gzb2YLMhWOzF{qllKFeR%VO#_}8Q zY2=-N+g`s%78Hu)e`Zd;2UZ2 zf=|jC$Q6zxFHHeYbl`Ez3DSI0HfA7dUV4k9UXIxNNDIfo!zSRFJ3@tb+QbVPhnHC6 zdbJ_X8%K@r$dO2H0%BriiL792sAv5QNuTOc_2Z^-*&&B40N43W)4f+#wyB2i;8D;0 z#)GXc+Aj!Xfc$|^iCQVzIQJ{~lG~63naCQJpSw&{m8}>#X0M$fEC^P(@zZ~uwwn;> zzpG;dCkf>#OaHiJ3?bB2bZa_hv5;wUyke)dYz^^UH)xe zfc@>`8OF2g(vV~b9izBo7-+WnX1&v&di*$9QJdXSe0>b5ck5CC%^+;~$^AR=qfqd` zXaC)O?pw*m(Qs9N226cbu@t?My!@O5x}^ zEOTd=&ittAv|kAD?nwS{^9WXH+ASt{hx(XpXXZON)@IiHVYR?pSssZ>EHu=3M6lx?%AvHIr%Nk{x7Nf{5_i*cBDI@ld^A7$zB;$NRebuDakf=gDfSAERlT~C5&B!Bum!pW#7GLWP0A7 z_xH!|57%>D;qjf%_k7N|&wcK5j>*)llf>^&amf&0^-U=hPHKrB?JBP~i)tmm#EA?_X}Afn_Y3=F8v3s6Z(4#9Qa7Vt=Wir`nZ)-A6&J8?@WEDq z(eb-WkF@>#n*UJsgAwX@^Ta1yxX<#qla=)Gsur9DR@L0n@>*x3E#r5LKTi#nj-oCk z-5m=Z%ZAP1U9|)J{$h5+{m6i6l!t_7mA*LralxtU@$%ZneBnLBN;L{Af|RiYj~-S zBYx3rJzjd>!bl9QRb^LJ@KJgRJ;s~Si_Ge1V}sZ26^=KmWemhmevy69$h>(O(o`_ROLWK%NPoYSFhGxgM=>%OfUPOTDT;r;UID0*Z9bJHybf}WQ73k zB-;?E=GwCyTuL%^Bo=alyP<$;<5zO0W1sWsv`h2W zQYv__C@?ro6uR_^vq0!TgD506-$OS8KR@}Me+(O#DG>E@;VskT(Q!9dZF9q|tt9*T z$!-CYKHtFoG8)~v7GrU2T5$rmjmrv5*aP>F;yydbmXN9s>@47s`vh?;S?1`qS5TYK z(!p&C)bIwbu;eW_^S|$OGeu*3H2Cxy-y9!Zpfj7mU>_kCnwne2=&7aNaCNFYtl-9# z>yZFNRpWoqlwY#oNyyIk@Q*j(pE<0**`Dyb5+KHeoom9>5(z#GNeDh}=zX!ki>h3C zp<}V5nuAyfzdtpyoSQhdJ_h8sm~xt!XHoHkBtmpUnlL zY{C$#a_waJ{WM;bH_lI6tjtT8(U%i{ZMrfJ^ERq=N{Ib@#%@19b^zS9*8ZFr(G>Zn zrDnZ2AoJwqLI|b}FoIJQDo2MHP`prb5Z`*xR0q*khXgag*E6!_r41>e%`eMCyr|Og zqF^=PhT&US_(=)YhfTFmw~As!je+PV7LXq4!~d9>1)>d9)6Jn@5wgx$mF64P{AkrkgvNX;(K#D8U5SSmTtd0{bbu=c%)R+RPIW8>> z$Qja!xN{>K^0MH#pgvGkBKkmkMUMVI8Tij5U^tE?hHnVnEAu2r7GH7Vi0qN2JiRQ}9HHLq!ul278#dFsNU2r0GC60Ffa zb`eFDK!}bp_!i+rQd}`p@e!wVsBGrMn&pT8EY+!EB0pm$sr(=#2?%i?pg=7EWnOvM zU?9M+RH>mI9kaqN{lYGPD4rY{h|PotbsMq;pZ7F|6oa8kKNY^pp8jp&ge2t>Op+q-F2mr>y zFNE{m_Vdz_E=uX6ZwYKvZZXszFbr681I46db9Bk8E7q@Rjv}T2-5Fs(oHz7z=rfm5&ac~+>Ji3f$X#PJ^T_}R6~)bGhWOkXHUnC$D_ND&wNmkI7_FCo6R$ zXB}~Rb_3%8l-TLD~7b5?z zeXN;TPJ-JbEvcyHGxq?m$tj86YYeJ&0hjpZmtRvnPnwI^f~GUz^;>n)gr4}{5$ZB4 zq!l)gfu;7_m0sOuqKZeQP8IYfy3GD#M4;Sk1wndM%i0+InjOippuKfZkw}IDZ!QMn zr!Cmx7*UnmI#0`2URe0hyXahIEa5mQhD%6XO=fAdnU4suJkaI$8+2VD;gnI}R=!}W z)%7+je7%OdUf)M7=ECAYtDD~-i3EqZrVh@GK8ah4nhxb|hn@)W_eXTFHcV27Nn~(E zserw_X#US@AT|?#K%=P>LXe=$f)M78KXM#jwTBzn`kH}5YqpURX}KX|d~rJ!aDv^# z(uO4t^QI*oy#zR8tJ#Xi1VYWp(*)LkVSH`SCGh^Kfvy$3e*P>c(dH;614@(&cNp(7 zvhgk>%RUXLxID;7>w<*c#3f$fBG`1^1&Ryx%2Td)8*?%P)4=uf-#Xnca{fu=+Yh%; z626+g9mG^Y94WRECJ+f@11}1Nb6B{waU;e`RWkUekM9gXGm?&zU~=B*MPE>yVnA6i zE-FqOc8V{l^rz=lKdoEtl8DGAj4ge~_+w+i~-5s)5iCE$y>5EaV*-H_YKS8eWANA z{~Vt|BD-0mpXWp-YV9W@uuN65sfO2VoxM8f>a?!jeW2zj!$+Xe2I!uYUwuk^@wz~d z+Rl;QIDb4dqd6={H#sMk#HJI;;E&nJHk5p~M?`VE^fzNH_2O?dy2 zX)#vngk=&AH^2APHmzD9gxeqLZiF_%J;ZfilBnVZDLDKY?g)foyvK*rdyhYeC1INZ zkA30lY2H?HqKkM|rYG-as+<(R7|twD)L7wbsu9{vrOn()2PXmxOL>DLQWMSy$*Y(V z{=_v=n%gz!$urtd=Y?$YytdTs62*BIXj~xwwGa^+%7c^jkKO$Yj8E~Op$GgHP`vLT z9;!Y2PoyR*K0SB_jRCTyUksnlvr1N9i3qv_wbHs1gk0Iz0AF#4L+?i&4v30JeU9gs2m{X z)B)T>GBF1}t3d|039M}NmV1>D`#PSo=$4;|$jV#omAAfoh{4;0_uP)BxlLX7R#iT5 zDGVX`NEv{^l-DMF3xH`HiQ1)S6b7>7dHrib78{9aCc z>!p%1nkh-dQ1PeOeB15Yw})=!3PlR_NgpAy7Qh2rormgfX+Gf1p-`fT_vQjWZk7m+ z@H%@@*MuH1y{T#3Zy552^-18QaT`4ehybjdAJg>E{L@u+y_QP6W z;cpCwQ1*4}7CX~>q%n7GYHOZ5h_t24G~{0&Jpyq{2|gqiKC++)(jUh|lN_un*;3t7C%jWrM<)vaVKx6zTOAglaqHxwyEMU4FSA*e zn(cK7pq2NHnntLO4qI#2olHZmuV=n_pl#_YA2G#;YobJA;bkHF_)yvGuO4XIru1r| z-FWrn=KgLHc*E5ubmKk+vX>TRG9K;3vj@{HF89krsfdLe@@r`j6N~s@OOys^;1;`i z4_|Z3b3C*VBC^d1?I+hw`YL)Kc+^|Jf7T?Sqkfblgr%Y@o#DuzoG6C!jD@^8k&tB6 z8x^d^WT_f-acy;WipsO0DqUA&J@1_SG}=AqKnkLaO;#=({y&De|1{+hx2VDmo&d?D zzZR{~?^_ju9G}{?33R1C?NU0o_yWsSkSB9j_~Yx0c@5g)*H?-=Qu7B;ldGx0t92 zRmW&~a%rS>lw}xuz;3R5F1-2|8!=6r5)e^iXQ9tv(*kVTFp0OJ6nlpfxd8+xXil zK;I+TxqFQ~G^=91ZeZ0uaR}#~?X9c%J@;XRyBICrs&D5Xb$e&)60sSeM`yh?07vIa zyb?q8-Y9m8*~|V3>b1`=LSF#!Hy#>LC@C?ZWT-cVmzVOvpsV+9j=WR_;x~p>PSElr zJ>c8YsrYl7Zl3bEgiPR1WJobOATUNcp0-);-VaIWDs{QFOu~@*kRGMScJIgk82tYg zOGBNZ0`kF;t9V!u-H+iy4C>*cZ)VT=T0P`e z+Y0=5=a8uHD?3{)rM1UH-#`kNvqXX9BHFapcu`J{(V}JxllWCXd-c<@9O%!n62zFg zhfRRCgaBWZ|;Qu_t*{L*tZ}PS%5ELNLgd?`1W1Z_l!tP*q+AKP346GV2-{XI$dA_KhBcOr4Jb)zSrV@=h{VZs52W&U35koN)|by$9N^ zUgA#`LtA$bo+%a2do6BO|6k9do*V=2j}Da>#^gwl4YdN}>fV)<&!v9^4-91sgTjng zpq{j#s2LgDi?3a{{-lvsT%{BLc=Ca^#UH*wmV`6snUL@36p;C9@MNC^aY2U;qHUQk zN=jSE-a1pMc^M=tX|h<>vq_*dOr${Wm!Lw*LS>>XUP{cP0?5P|kw*EQtp8p}n4E}l z|3-R|Fm;HBF&5;>lE-;bwYH5T)SH2u2vE^~i*V&keuzI$A(NVhrm{>-VyJg4OpnKl z7gx|JP8Mxv$1aZ6Mvwll!=!-2Oy@;)(T`WMf81_11HRA+#2lV-I8W=HD{C?*YMz}m zNrXD`LJ?kt<)$;KAq_fg#V2q6BitPfBAI`voxWb}F>LraANsT?=Lxk4kd=Y11qdx_ zT2yI#(gKG*^fi(pbL?4##7lt#T~JU*&uxDa!cEg6wObBNB8(?3UxXeKh+zJ=pU8Iz zT!zPaqN|{6UGRXz?SQKcwQI{eo{jS{E3DCu;beHp@s2s~ZuGlg8ZD;R%s>B_MMFL6 z%`{8sw>PhNi!|>vvW=DGcT+=eWIijq7H;8V`GZzi_s`0lU39w|s{~cLwUV*u zQC%iA^n{gbQseK~StUy{)^BbMZDZkH8fp3oa8t#T2I6yThH99LkiJ9Bc z=$=$qIap%(^?>=c?dE|Ws~hi3nE!a}DateEQkEnbmyabYvTq&lozDa^T>rkXJ-Wzx zjSlV+*PhGP05~-cE*)Oo0Mv;)Knb$O7yh5I8f1~@lWor{LfWDP-2Cx=!k9!hM$mz* zid^1DR&0j%(*+Jz)?c5&WwXuEM6(q*%@sta!Q{q$Fe@v z=jH&%8b`fNXRrRy)Ya2A0k0dTgDcrkEr0@{$+qJecn+JemQs6T$cAhz_f!4W_3Xhq zvU_+GEdW|Y=r`JJf%=_Sp750hZcrU>63-e7O7Z;o0+b=J5N02PEDX@}G&54u9v_?JRH(=iYjqf-VF`W`XVyOY#1M$;v) zkpkQM*#7PG$RheACC9P-N#Y~ZO7It~ml@bV8oa2TRllYh52^+|d_$twsZ&fuXUXnC zwOtRo)eL_KLiJvaQ1$-py?^T9AzJyInZ)mURKGCr3C*sd1zh^?@DCN=BE}bSvy~Fb z?j~j79ozvPfnDZe97$o=XO?)m*yB%a3HdwCtxQ;!iQEsoC(}wns@H}ebUDqS5g4PK z=M!%s^}<5YY^i4uMRu46-^vCVMoya((Ad1F>J(>$8h`Ssr-oF!timX8OKQ3|{PgbEF~S~8GUd4SKA znN7CO13F_}kK5=~8B}3rU7sxNF~bDAJj{2C6W0XnsXl%hz>ln58j1eo&%*=;nT-ga zMFt1q6>Uq!9B+vBF_HnGEMNLSf!r=^;H`@+3awA_fcQ`PSQnk=0&bG$EJXWS zDdBmizg3n8O(g(=pMPqV=ayulJT};-(S9nognN{`;j`cEMC{a`DCDV$Sg(CF#D3ud z($$CO`hfgPfEnv4%E-){{h+-4I1{62e_g@FvG@}4ox?xV5aJ%@KEGBPML)()+OWINl1( zL1lQNXbj|=*VfLh+4T-AM`t##B#(tl8#aKu%{lxO-D-w~g= z7}jKN$1}5$UO<6leoRsyBm*$os*D;pcAgiNxD-70kgQmJ@Kf3nx8!ks$uwE(M-@M? zMKa-NLE|22QJG;3D{n@<16|)d+k#5Z6kf0RQwHd`rbySnr<`4+Md02wJR6bOyN;~* z>sZol_IhsDKDI!hx*iRFtld=2x^W*ADpIaQyi`^)3}{v04dvEde3l+4L`Wb-h@U%J zaBtH_@i?c0+iL@v0Lu~K(9f?g%QO#ESZ?bAVR3}|P~gw&`y45dK!7p9UGHcWVkGpK z{yv2S;Wqh6i|dR|DI>2$8tb^JqwuBF`$!hadiA1x1h+|cjpI1Js0Y;`ky(;JrK$^f z0I}n$an@}xO*5_j3@AA}g>fuwG8ZOEB%`f*)U4fyxQ+T`L;e(?BGnP=(Y7BI%fnIA z>jo?XV(sAl=^0Q83GArZuY5keJy(m*NJU9;=szY}Qyx12x80!`KkFm<`@^b~Jyv25 z^N1b(!PW`o9}sVVB{Xe7kH$~7Jk(zKM<@C6X`67Md3j8uH@5PnTmu zg;?G_U&#I$suNpRI#O>caY=`JU9#a-KsECPWD-o!f#m8<3t?|s1~6g?2$IF9M0Ks=#pU2aFx6)C-p@# zw0WPl>FDJyt&vaLr)+~!pkVnsfc=yKi_9sr7T#Omki^JOhNOqa69t&nuV#B9X@bTflEf*_fX9m_2R{f)5f_xMh z>+~SGYldU3uj50t^pqGCroZ%{78W{N^&H<)5~fq8t{qsWv(+TFp{cL*ojGjRJzV)D z`_cOUx?v}@w9M@%XD);YFLv!FI}V6H)Q|~TQ)OoO$&4eyq-4l~Vs;o{VYGY8(ye%y z+|AE+ST!-Lp~h*U{WydoUO;01WP|VY7E2ljpU}AFUUXY9v6=hEx0AYdQ%U0X*Xp5h*U2Q$O@|J#`JTznaLl>I!cRQjWcRp; zY!Ujx!mA#G`J;t zl>2A}^no4b!xM<0Kk{dxMyi1lrpQKl>_={o0atS2bn924g>bg-*9p7Ph`$NK!0Vzymg*miY3lOGsws1w-wWqc(`OZvAqRsx%CI<`&l z9c&|bx@p?QnuqDm%rC@3Cs!VyMGiRQN6ir#`y^0$T{n%z>r9b5hi?o(k{3bN8hy2ENcL_V+gd%UUh&T99-5IYT`Rqj`@u*Zx<2NyrT`sUVt zZvIp1GOja%73)hegJ_xsTaAE#_KEO79-&N>4~>AFoLO2^qR3RYrvQ5ewmqxWa=Sjd z603Pk%Hf9Ys;5^yUFaK*oz$>%=kg{4CFtmx?Y6_euP#t4s@G^nr7FKr9m`?r{pfnF zv;D=?;^%tE33*!G{`TL*njp$HHc?g}#G=_F;AbMBNgy22(YKvI?VE@9g+1ew4amVs zinP|P9JXk$UpyP69oG9yKA+(8QxuHa$^_wysGFQybeV3W+ny=>v(FHb*4Q}2$RfaG zsz_It76bH9E6C;FN;Jk#d0qm^lIKa>CPJ)3xD9P0%oifwP@~A1j^+A>EUy5%BJZLg;nN**0ZjGWI@Ms;?%CUIy_>Dot>8;Jpkw87gu-kP- zPOXYzzorx&dTwkRS=|`B&(>#Nd7zK_l@Hpji~?DP2?9Z>qRyK?Ccb-_Zsp)>?h)}^ zFCrf2T9AzqEQV<)6FAOz79-_)nv{GdtW zd#Kjgorb)QwNN>XoKY*E?*#%(wLcx&e)Cm^zit2p(2;ki}nHn$klDyc8{umdN%9k+E=p6p304z%X>6< zaj~Nve0D@u`kygYG3E4jZukcs6*%|l(-^9C(@535R8GM)MA&CI_<<#5=o56;wjQ-;wPcAv;#%bb`{#Z@IL)>HaFD|2&?8?O%0UGK_!d9*_*IOc8tNGdnOZ3RIg zqc^weUEi6uS|HuqxnXUhQ%{KlkGS|ke+JFtTWzh%5R5;4EoK^bVimiy^N^Yz%;spYAhh(1}@ zIG?T26~)+3FW-_BVX;2%#}#+(6$G)LIK6(5gyArQGj>O`x-KZpVrzYT zYp2a?1GmB~d01x7ZmwLY+2q}EpRID<;O3p_{-T_3iZ=G|-3$!Ec{-y7-;OqD+`Cs? zvQ$JHc(XUJ#&ak4+>7(8(z$JK>FMc4CaGqcEpskbJT8Apq+>;N?VQ+fX`+70_>|a| z>l>4B)BfV?hQ{mL8Jy`>$8Jwd%~kT%dITL^Y@igS8D96CdFcf@YhVLFd0)9~=2Stz zdAr#sfW2Ah7+3?L#)X|@QKz8t$D=$fzxOkP=K#Hh&O191H=My!H_1~O>Nz2!I?2jn zY|$?Sz!yYRCxtt0GvGDEa?i?>wQq8h{=pzm>7PtMHvtgq+gp{VyghUvH9id#-2S>E z;iPh}P!`-zAZ?^J*W>*%$itYsa$>%3Z7{eA$$~d*I``h@^5tad&bPyBGaqBsua|da zypH(v=>+&g(`ah;Hp}I?UOpJgck*iOJ{AA^sw>rShg=$)^Sq`mo+zB%9&9Xtu<rF99-h!dc7>CO7tyU~LuD~wdXKRvDEY|S! z1!@5i)1v4eJ-I8o)Dqbx9XyQj-9}$y-iCOVZ5FheZ6kiZZm z&(QUNB_Y1v1fRy|BXwqX&QtxHT4^K3d~yOUm0qPfx>>gSbV4qe1JFqh5`a8l%d6C& z47sz$=q!T* z`t!xq%}Qe%IhldYIZDQ+n3zQQU*f~vL5Mp`r8!Of&OLTHnBKgyb%`sJCnvtne2kt} zedBg+>SDG+a5szI4q_pd9AoDW=KAsc7f%!RRX=nSlq1`O2*rvCbN~K$W8tlZcWDrMvZqqZ|v*82?rV` z@-M_UkQ0KoZv@HJvPuEEqtGy32|Rvf3P3Tcb61ehRr}9;@Gq>Ze}8b`Tb`UE?j*~0 z#mp);X^bb3u~A%4&Rg>!29U3;`{xACwYlzkWt;8jQSbyab!s8Zj%-umg$}xyW71on z)JE6i9m7;esc^wYcTQ3>rKR1=KHnjn2Ws|hn2o}ZqDLl5+B+kENe(G zYrW5z>E#_uCL1`h<)QNVmqg3vHP@zE6<^lPn44{rU^g2wQSW~RB(9O_UGQmNoWDC> zvT4?Tt4b~YbHtZqrJmT?NQUL-*a$T`10JD`&xmgG?jtVk(W5P58|s(;fwnE{)_)P# zE{y3TnGFDv&mU0y>`DNEGOHrT_w%ADkbE?#`D=*F=SJA#$1?j78N^9;8{YS=X?PjQNFfYa)b>@6|0+aVD=0wGUQ$f^v z$qm!_uJJ@6K)qwV;dJz)8Ow}`^I=j(m0~(A(&=q}O`9TZ9jsK+cYY?b$UCLBy}r?% zC3GRmWu`Q$ubcP!B{23Cgy=`ofrQ6)8{zt#u)T&*Yleu*k3&5|a73KA+m zn-_OyO1fap{{x1U2D!n8*+}<5<4;LnCfAD~@_YzI<=$DAsk6!V@Q2HFGn?1dB0Tb+tm8EDgFK~A;{<+Bc+At^4&+l=Z zY2406R6-=Tk;T3D0$6+PYybGl8DA%<2szq15#oj36urXL0>b%0JFdV#gZx2R!7-a6)k; z07WoEcXdBO|3=ex8bknry;Ynvw_f8Bc39E*2wBkvN~DLF0>7j`@STfK#<@R;8EiML z>R9B;&$Kh+2nw-(d^^ZL_OC@hu>|?X0A$oiD4|=hu<};#+9M2-sQ<1#&<_gUL(D*4 zcl32f_*ldt^6iSstUr8yZL{g-I&Ny+8!a-n+@~s60-(Aiz0rXr9hs({ZIZA0{Dl>T zw}Ycug8lX|wcA8bjg$8V6&|@kJ%mNt`@x;L4mAtQyfbX^;$?#iYsxkN*HhEdG_R>Y ziOjk5E3#2B*9YraxX$Ia{5qXmoNHM7TFYdGifT}#2Pw5=(JkyNm&|;b$5K8&K$-kcrFr8qoM6)vM(!ptvu)frZm~4E;U3wRp1oYKYMl7$+$GVWIY4>P zZtAH84xA2pY++ibF7N@NtE+z6dc>Go#;cuiVlN>9&l~H|v!4EWB~RJGiY=pX&ih)^ zQR9lqtp{^W003V?@)AzNF19sWV!AxnCuD4FOrnTg&1)Q~AGhR3;-r`vA16w zoaiVU6t}C~u(;Y76#*%WURn^l(bzz1i}?;;k?Rz%{LMLo>5?0tGk7v9FR8$c3OjVq zh3D}D*8SK;F?S7heWer+%x>I2H`YqeM*zTkH?vI(tSV>Y{f)gCF}O(70p)=4TfWRqJ^wMX+OGWZIEh6=?$Ja!xBFa%PM)Ua`sn%Y-laA=EYc>>2 zx45@jN5`<@ohPN!Ewhhw-v#;$5?M7bNNAT=6uB?yJofaMh(~JaWXg3IU5AO6zuYSBPC##kY3ZHP!oi5zJGxey>2G;9UOMz1cAE%{F6SP1{ej4l+bI_| zJHDgsrt7v7>a!)Xy>H(<1e?YRS689=OVrx2h?T`zE-HT&(d!+h=f@XnsaqWk^cqM> z8j4B}V46Xg5rpVqP7>+*yZ#qh05hkIDV;s{4)#`o(zahywSY8o+Z@YDjkTQNw#n}? z^STiNG`02asoKX(I`xvc_44-T|Gb|nyF_+yey%407sGw&^hkG8(&%WUZR3xNPM7xn zk4nkce7}_SOZr^im2lCaCRb8ndQD)Gr$M5R`*$X>$SE|1T|NlK57OS#MncZ@YfJtSRj)G;zU_cPx{!~_Sqhu!wdF7$ns^+C^@ z$<&|O^a*p0k>x$*#8|17ATQnR`?QJ2_TA9c4LLa7Q(fK?VfpFAiTR$#!E}cYbJyOT zewI^_wtL8S?5M`Q<5R}NA^Byr_;rXn2dOMt3E5};0mRy9ssLR-P(Z|$OA z56>)r-dEq$E`&>9{FO(%PSPmGq*$L>IKEiC05z@OzwD`^RC9aGPkTvo#|i_U5QcmH zY$+4OoxG~cHMzNx$*nxrMyjfjbMu%K1FuSP8A0 zAz9rAvru=%j$-A2(Il`7#yqB}OEo0nvZ08gP zUu3i^geZ1s@shK?WE2ow?%yzZ%kjk{=M~v=va5CdT^6}7vbPFE@=8m;7ZaA~Q1x+rz0%GYU#*1xga((}{wa;>j+*6@q2wcDdHNAx#a>lQxFtxU~@ z_W39V)D7#1c4T9g=7rqvo#@u0G+v(W)Y3gALO=ca1IE-b*Sq>9wY-FuWZzZFt&NS@ za>Lo3@n`GZy6J}5M#=_REoNdfu?tppEP^SQbF)rL=dhQ2e>^`zDOPwYx=Y?rHhL>+ zJjpR;9OHmyRy_#o7i34cV0lF?8a6~3={BCrxAqR^+KZ}AL39ah8U;Roqlkbdu|~%kf%?V8`xQY;RgA2UfezeKM3ZcqXjq z>61Nqn6}>SS?_RIMC&QT5QSf7eyw?~OR)R=^woZL>YQM7)YSWS=9^d*$sSK`s=uPFh1(mvvQYCynF=6UZmUT@nX=SEc5382B6!*Ggq_I`Oe5xf@NKaK9 zJKNQJjOck>?;LhZP_M=F%=Si-w1N4B&MxcRrlm28-JN?f@jZ1PZj&2563OS)Cg}6` zqF=HLk=g8l-><7TU)Cma1Oz4W^3hwqa9JOy0ujb-96!T0&Z*F-p~v_gS2`6v{A_zpsX!{N;Ol1>d zNfB)mfPhfCig`KH6&kRGXsqkevykEp(i_U!BIwr@3L&0|{0E^&GZdZ@+NuI6Pnoq_ zPYZj6hl#Pr;5K6p9lj=^sdn$(DgP1;E_*$ zl7&G?rj(!sFt&&YuNV8`6pg+0{q*asEQ#LFun_zKuyTln2H2Zw5r0_A#HChF+XZ*B zy)m0g2rK>5&!Sx|tYrSq&l6lxYJZN`Wna2!Da&%CLgP=PP;e};_N#K_(MfFI@>i{= zM7|ev-P#5@49pBTbFlMyo=a=vk3QztIy-=$8=BYVk9JOY+4wMAJ*{h%$<7(Jv3IM6 zdi-4pu!H>`@0Qn*vcIp{8-683$J5M)1Pb#i*lUy-GRx<2^Sm(m(%gP(Y~LkT3;rx&W54bV~i`WdAYaf^=7V&iC3MD)b$SeNA7RG@5e9)MOkokJH){r2IWVOJd`G76p&U|w`- zq=O}?R?4r4eD6Xz1F;Ziwca@Uf{0Epb@YjBa3@Cx&&?8!pHC{!&-o8T`8-0_#VimC z(8Mw-Rbz`96IVb;L$@|W8?d9Z*Q4>xNs#?n0$d?F9etNvWga5nu8a9zW`3S zffg5Z_5mGv_dBOEq6D8sEOT)%H#iGG(fysd*x~exfVsb||qTt^SD?TN$@V2!Ewbmq^kzERt>gl|mfteoSxF zz0pkt^QHAPSTz}Q3*{!8C0C8e9U~G~Js8adcR%Jj>VHZsPVpU6YRmsKjTH_t1Wqg@R@(lJgd?K_try4 z@V1h^LV#bGC)J`mI6Ca@V0-JkU6WnM zVXA*G5B&LqgkRnhVA;UN+|^TX3tw1B!V0rO_s_p)Jt4K9Np9 ze&kBUho9;A-DZH7Okru*SpWw@-fJq`Pd^@fqj8<=@Z%~ML3B?CtP_p&8<4RmXEVxw z6!2)6E}Md}_Q8q2w>19ad%%}#KWq+bK7edBP>bG(-@%-qi&QT@AhCBFm8xjqtPj0C zc-U8|40_JcZoT#Ut>dqFzs}HVs9zDeX_Q>R`sPd5*=*rbQ+6BORUJ2p#SdSp>bD5T zqm)T9-ESZuy~?q*UfMbv^QATaP$!3T;C(gTrKz-T*U=oGhNLSps6zMKB{aTNbhraZ zML4g-hvv&dbO(nrMO>B# zvJ5$A;M>#;%b_@9BRklR?>?w2tYI@8kj|g7i0GcODC`&gcMRy$~?afR&g)2f1M(oCf^!!g*sl^^tl!@0T|!1fyo zR2pnU8$Oj+t}n^E@V8Ge;ZQ>4GpL&pnm!)W6<@WdX6g*3!aO!P{8ag}2*{gp zc|Di0!kHQk6Vyzw2C%csFpZ%vTdV^+wXN5$&;CbS?%P6_yHTo9ue>r9ni=mJ`q6tM zG(`q=^9>Qk5H{s?Z!O1cny4Z2^Op~_Dkt;6#DI=mwP<=AYT=JV`E6P65Vy_@UV@dU zy6a^u#x0Tr`~uqt_hTAw7$SeUnYM&8ikk5k6cpIRQo)#O{2VCQm?D0lp7)_=-g#JO ze)19`zpNt0Yz(V2VDI?3;`wPzPTsG*kok|VE`9DsnO42;%0w$=YnkbDY=r}u9Y5AI zjp|2sx0DJA(uV`xbKT=1DMwp)l>``qBOpgZ_|i~u#c9Ja*Nso3nJ%bhsofyEm*4mo z%J4l+f9)7f&h)AKS{&_1PUQeUJBr}PYXk#SCOJlgQHCrbL@7-jDkYP#*NrWpQ<@V9&q>@z(_Ex_uP zv+dPaUIwn$^&kW8TiaaN_5Da#1ov}eVBV0wX_Di9?l0LMb@0AmB#OSOr?QKCnjw+bjw*|1nL2~Jw?XfA&9;pv`$Cc+$pJycru zk8e|9{B6SS*b$@4>sRDaFSgn6ac5JMSWhjP6>r6!KN8;ODJ$j(n(j@OYEhJu7o|~XFW4Rg^@(#%T znJK)BiH>K$%ElMj2VDrfrWVm5Ul28*))v6vb(O0q@S(Ux&hbgm^l%t9x^8q+E#}w_ z^R9xG2#sy##W)KpdA>P6Tju|T?(HZ~5mmfgy|0bPpRJbVUas?aOo5_WC>fdbm0w)H zX`HKHNewHWzsiR9V3d<3@cZ!MuJFA6Be33mFn&33Uyq8$n)dW~`2d$sZcrE~5;gCh z;~5ep-aWH74mo`vR)rT1d;6wb)?!pzVYMO4G6x}=w_PV%9&$-V?f6W#W^Vkr8z8cp z1a4NP;%3QR{WO&^2g)P$Mep^~dwwE_X>cO9mVUmU#5s)%h6+omBE-QY5)l@mnLTHo zr^KGQ!72P7l%V8G&cb#|wQynfO{@FW(Vn5XQ9E9mKw=)cY=PrUX@p6Pstm=aS&bDm zW%0{sRn0jkPbW9y&sD*Do5t9YHB^{Cw9$_*2w_|UBDTPf6z5v%OZc(WaHsdssZgteSIR$-ooS_tQ0#&~AhYka<$j}L{r zT)_QWxOSS2TGcs36U14$On(n_QA#!^iMxxFQzJoEG}rQ>d$LFV?3lC@XrsX$OtT(x zE+G{X5{j6doGkF9E8@DZWDBw_SocGsf>L)3-7GvQN}qJ{A|gM@Dp&ib`HP(Kg_QJB zpYKJob`EY-gcpHWrURECMvr^5F?b|kYt0wl!b5;;>k#ao`G|(++#o~cInd&Y?*H14 zQPcdjZgr;p4z6j%;`2Sm>m)SWPS97|gnw;MoBchl|VjjoBPG5@%v*8+OG(0ThG8f%EnS(6al4B;%4rbt*`ZoRxWV7kP7dTt<< z2*b_<55tdDgSe5_z4G$|&%Cm=&JQk!wB1qNW^<{5mO z+NOtV=3JyQPaJ!yk;>c7p>Xg&vX{#+>IYM6&MZiP5#NY9>K4(#2k!YP@yZhKo5J&K zYttW7+OcJ(-hzSkJbKJRXz4E}%vu(7x?P*Z-}8-B<2<^0N<_R|fQ0k1i?5bH6`DgK)RR%G;bB3EO7LSc zR2m(f`xG$|=HdXl>2KN8wTD&3RVOBK^Us!Kc`v|PXb<=JK34p791|lc@{Q8kdke|? zA=S8x5LMwq^Wo7@QhagZ;>>LLTHsaWD3cWl(*KkyuA~wcB|W>a5$nnFEI$3^*xS9M z*MCA3BKk1(UQ+zxYyWN6haVYR#LW=SwaJOdFH@0@53ZDWy&rf~tlh-4Pla5YrQK3> zwPN0xlgHJFxfq|Lsmw6{Awqs5;2=cXNtjAVfpU+FItw$kgw7t?`&(#+VtfF+G>66j zbnbQf5E&Jv;o>53jSO*_ZuiNt_v9x!I(Y`fg6cop27`G|Ub1ZYrPEnd{bumR{Ou91 z2>U|~1iU3gcB+&rdZ@zjb2_ZXe*BTq>qfECSkKhmuxDCcd2(Tq8Vf%8M6%9GRiBB5 zNtdI7pKj$T!5Ua86k>s2z+y+AmI#y9Z+rNUc4^l$-SLCq7ou;iO`s#x0Z}=ZP@r@X z=$^38LBWvv;EkkxgX~g2Xi|2}(_tU74LquHU*O2AL>~9xVV_l<)AihxQ2%f{e9F11H1Dj2(h(j* zC#$I2vVb)a`5_SQiVg3b{OdYimh*iJ=D~U@@7p~}m9u-N-1b}v;0Iix9ayGqO0rLA z*QOg@R;Stq$c)YBywdh*0mS<~A-@xy?ZsO#{l5=+OPY^{JuSgKs0dJq*N zWAIchB? zNr z1!>VJCBGo%rJmrMTJxIEm&x0_$;AeqH~&R+;%x#j{LLVCPzJ#Y-x&z=-mI9tRQ3_~ zt+f<+)UYr7j(^i>le=R#ZsQHwvdq5t4&|wlMiSbR$r=h3k)HJyospAsHSRj0UHxK~ zXA~vQdmSct`>rFm7LW4Qc-RnOQe1PQ@AbsM!`>(`m&h$UxKc7&q;8hIHcI_gS>zexmB!F)C^b(&DIN8wj`rxyv`L3LMn86+zZIS@N;T_@ci33#KqSC3z7<}il4uL zG={MPr*UCCg9?*qLjpX&7dv&A-zIc8uIeO2H;C6MBC-nw#ds9$sLd*B{*+~YZH~5N zj0c>G)E#@?^i|%;-fK3^Uh@~G#RDA$(g=Mfs&w#4AS8DG;33)Zc*%Xl#{s7__Jys+ z=~C!@i}6)$@mecJl6-6MB;XHVL8t&bJ+=R8uFN1%SQ!#<^PAUuMUf{ z+ul|L6;M%9MM_dykWN85r5lv)?zWJSlo(Q_bLcLEMi7aik%plJq=x$T0K+-H=R3di z$LodoUeB|iy;t7rUTZ@KQi#0fv7{LHkfn!PIec@`IWigB)uvCQy~=BAdqa>IN8Zib znlrJ%mv_D&XypaADy)y{vc`h#FXDG@r3!Bg{U_)vWsnC4SebV~XRvC3EDH#DQNwNx z?0|o|tWVx9YHu5Z(o3VRTVi}^7MGt*K3pJ z?PYoq?+@SQ3(!QFod@WNb)4@TSJfBFE>F~ho5~y5t;jdClA9b9cRGt^)fqMDeKB}E zKI12Z+-IV;8~gqEXYWd+{+Fj!xy(EEv%{|}Rqd+Fnd4)t@Ido2AI{$!FAFmBUi^+H z5hz0`X#kHSEnd73rh?mQq<=cJjcuaJ;g#E%%iiz#!qGoDMIh0JkE(_4Bxl;j?OU$C zUo)K0Fxg~1zt6qiuLMR1GQI+$y9eDWQtyuq28B&rGj&(>pcQ&c`y9_8d-D^`S29G< z8L0|2r6LjqK7U1p6of_vh_uCUO%2O#t5ca}&28)xt?9_PR7Vf4b|ztS?EaLOC!3RN zZuESBBV+Z;34qq1{tiE^gNE!tg_f&9%{)tWw6iMd-n@W1ba5O$V(fFkC))q78{w@l zny$U0Djb3`soz#e)d+D#(87^&vukxvy}U4^reM8~p3r7DutW&m%rO`NDDG z9J6?H6X068Af!eEz>fxAkg$RENoctiA2H=HXtWyktZK^{V3ea@s$Slk7SPtu^t7;v zA~T$TuEg7)zvzd>#d%(083UL(VynzCL(*X=47Vhc+NPq+Bc!X=t`J7eetGK$*`Bwq zY{7o2EPtDZX-s3uO*%>cr~dbOd=)eJ=4vJ@YtwuV^WkMW&PDH@OuHA+g930f75DxV z%w2)+@DHLUdNFST&KG`iQ0_$J;gB8b52)+=%uoGqo|tBdT~@LbUQhlWmC7mqP2T{&t1=f6cwYqruwDjs{CMhmd(4p z%#j(~9-nfZq_q#uUu;@*Z&cs|>_A#f@u;lyg`x?CwbtD5BAS>>fUK^q-yb_ZF}}2e z40s`jPbkcmU>%ffjS(q7RqEgT_pvTvb7@-b)O&3YQf|36HKH zT%Ef8Tp&aUiy7iSuP%nL{L*n{$6RI;V|lbYKpmOI>H~sjXSm-gTRSLF!uw|_+)eDO z+?4hfn@tZ?ff^0S|0+FNY9C04-2CJCF|L+O^AK9rL{JtfZNC1!%NJC8y&RL@p84fd zrHK;**rTRe(AiX0VR8oH0NHIcw1E?)_R(-3`z&QdyO;mPb+(LNqgL^!97bL`*PJ^W$4SZN#hT!fp{oTRDZ`hjDBClmgY5 ztNP8T*!J`gIvMRWen|rCm&+T=srAvOv=ZN$xurxpyZ-dq7p9Kg36ve!rb4XBmRI8h z!_C!?BaaR(CE&U1DQhAQJInN<`JLqjV>5Q$*&cGPD*7x9O}_sKI=03{f?TSfq!`(4 zKapZQ9>WJ^|M8U|ZwL7lCHoxth2fP>y^`M7(4Req+{| z0Y0rwTtIt60ARg)P(YsG$mJl!l%`5-XfQL=;KxE`X|-2xp4#&dq8PGdtxh~v8{-@h z;W_PzzP38Y5U@dfuvNA$#~{54>wb2l#|ITRbQLe7#<-#1#jZqH0q{e9z*l8|Eif|g zkpd7h_beFo{PyA}*UmmY-zMCRxnlY~x2mEeA+nkq7uhlYxYW#k^QkiuXi#9OVT43x zTBL4NAV%Y18}WrtKIIAx)N&Z+w{d`c_{lp@6#jVppo&g>TeCxXV zg8Pmuo&hfDO!=!ltF0mVB-fxqnMWQ8k395s6YdCXHVoH6y5ak!M+RFHom=oIpQIy` zLxxRNn%@;unOm^FEBmFlwix<$5c8di*C$Nt341)aE!5Nc9hJ3o;fVJL-u(K3H$Pvz z80L6zI9zHbM^@I2fWhl#q+ts}z2n{EnKrUH`(I$>>GiiSuNsw`&sLs6if3k< z?iz?7Ul(YsKy`@q-^_e=MXHV|Y~11Pyjxv; zLQX+U1DRMFE7G=s?P?;2uMGR;E^c_m6f{TVic8Gn=o=L6< z)*#%cANIjKem&iHr`gS#$P^OA78)k@iMg&~;!`lLE+v_NIiH59GmE5iwa~Po`#=^) z)nzzz@^LQSk4y0uLQQ3UnbNKnkL6aDUJ=fyJX1LI6xh`~PDWI1v#)rr%p(G-g)$1> zW%ip|Gjf>89&33j)X;2}9VOq@-q%#w*Q&|v(d$yp9oTaS?`C*er*~&zCkHCL8v>p?yE%l^3z4r=Pq1Yj|jOy6)z#7AUO)l%H0nvEh@aO?jRf9Zf|1!DWd}$#1Es z)Zx?wydb!Z$E^gS6S)*25;klXVpjXp1Cl*SQ();c2d0k4#2<@`*|G~b)n4){Qz$c{ zB{3QxgiRWk!YeXxU_*NQ_vvtsVHyn=SC+@sZ`hON!dwmeRf}2I)oEEChM|n32q8Em zJq$LMK1>TeGM4Q4*WjE@V2%wwV@7H4n5udNUC%IY!IWxdq=Uy>rKO|6EJs6%wRc@{ zo}yL?mPSKaq9$LvmtbFF1dif=o9D)eVY^yr>tS11B#CXUW^TFUBBFnrKcXPZ3Y!2~ zqnuvZ$E>~qG1$z2OI;>KI0SHlDu5(1Fr(PSXTFz)=(aLIA?iT{@8xXd-rJCtCC7ra z?mC7W5GBF0P*6kcSFxxED8LISk*N81nqD>1GS-DiJi`XQOmn%UW4VK!giZgDpN@Tk zLyg=~9R>*h^SA5jiRq!?Vr{Qq*GoIT1Z$Ir8Idul=upt9c9wN#e*c;Hg3C&RpB z!CO_=9fr5;=7hI;ln-k?Lsuar7*J=~&U>EL9Zn*hK2S6V2y@`@I&8QH23advTbfvE zG0QCoy1oX}&z*?k@zLH-9B9cAdQo#UxVl`2SRX}{LAs^-A3w$BhwH<_BHZ=)Vrq_t z5o=|=&1Jklhdtr-o%X*VI4g)w)0KtQ&bZ+%Ef=NzyhGs{k+m3&W5<;^2kX4%L%iPH zg@rh^Byz{PKa>65oQGHcbebX77q(h5mRd@3@0W^pl?Zi^eox+mU@_)+macvpo?m{t z>_Mx9)QeudiSLg_l2n9pbOkJ$)>j!;dwG+qOPBf&Ay9ThQ<3^DU6rzV^D#Bz`feww z{u(GJyc(`XqBsWkj75z0KpmX*_VqEhJ_`Dh$+Ro29BgxVQTNr!#9o2@Ufr(CcS<#+ zVx2OO!fUnC*APFGw=)_QBRNQ>(1Kg>PmKi~D=<44<-cSr$kBm^X58YN`ECvfbu7Mw z?_0*%!O6MqTx1*eey=wXlCxOMU6e)6Nf?FlYKB)UFR#*xjU+*dlsDm3kytUB8KN1S zv=zM+0@Z{ZUkAQ8YO$8YVp(h}rFd(7c&eLDMx8HcNv5T!#8=2e{7Glsy{Y?d03-XF zsmS{wXj%83K<&`&{Sf*A*+yNm)jkhrGfy=f3k!ewGAP@c@t2h0ogrw6XH5kb35%)_ zROxYBv%k*DQp1vH+(#E)Egft_=3K1V!>o-wHvdkJ5!+D|Kl3aJd(rq2q+ngwN!VHd znX15~H$&8fVi|qzH0<~n+&~zA{R650BbCoD z2-A?bwmiwJc;olIk1$v3*+>1+ChKtZ*9_;@*9F%OXIScBBoro*>%Mi5pjF2zTR4Lg z8Y2Q(dD6;y6~EMvuvte>mv-1RwN{#oSIxPVU(&ht8lavjMEFhg=9Qkv@$k|{f2B9Yp+SVNJ{TOcTD!&e#X0};r@ zq(D5s<3L8WUxfo(s>yK3c~2XA+jJ`%1;Q}0{30za!7@tD>@Jz>F9DH2_ADA?c(imn zvrHb+CC{HTx{(loNm%RG!)s_l1Q4drwsIFxUwmph2{D@SNhtXCTwoIoX>hN83T3|7 zPm94fAXcEJbz0_&1Z6(T{L5wJKLn9ZZJXY?ts^!s(~|$#KA(TfA0+KZU!C7BFWmta zQ*{+D*OC_b#do|E=W)A9k$0G128X~;}S#@s{ux>8|0lIJ_*K*YeWlk zS+&Jq4NI1%vIZcS3>=fC@Nmd} z#))w+u$g_U1FrepBV_d^FL5QxtbN4OOR=dB7%8Qn(IESkEv@5lQBU2f10~I5t(Y~A zc~pf+Q5bFYb4{RcLdn)0*ueynU)32&!bZ%JZ4vW85a)9z+VGrg83{&dL0mM)vq0L& z6>f|D8>-bsyv1H_bFCZkL$oqd5fww108hdD`U4w93?X0Zt;!-e9;`3tJthjwk$Ij?8Zke z)X9|jnf_j#8kuACzQF-aWX`U}>bL?{9M`e<<16H1!${xK;82t0$66hzibeklZWPlf zOzE(#KcphZoo|`meIzK>kf3F7ME!1RcvvmYKoixycf`DJA-bz?giQb*G;u$CC`kYE zIl1CYA43{HBFiL8VT=tbB$}&Jts5^iJG>S|1>N?8K^# zyUmoMw}Y0eY`#oJgx-EtOPk*6%dN-^mIjR+rD$>bFs(DWY@9+{rSN>~yTrbwIZ*2r zpZ28#8xV%v+{=C^_1X}Hjb!^)>V~>#9yU)lSs4`Bvpyu|m4!NOJF-P%3KS$t$@T}_ zRSy;9tQYEc%Zp}~mFXqBz23U$;?LDcuEjO5+(EN7@dyE_>%k~TK#5x2$G1T*@ zb2!!W599zmC;Z07E_Hf5jMR3E6o4w$%1{QjYZH_Wlq@@pu+$s>_;(%&jBYH8fxs|t z$8x619aIWe*LXy>ok+4^T-JL}vZYjsR&5OD&NKj!WLH0W2KwgqZq2JTI0dCqs$vkg zT46Rw#eNglY;OK6F7hs^-r3!N7^Ac{lN2jo!K>ij<$km}k8t(F3aJkj@46p;nFY1Z zLaaVi7I^yT+seOweEJHCkph3FnDeWJom;Jrh#U-&;7~KKeRo{E3d$BIQG~CA0|1G= z)crDA5+yj*Ilp8ZcM}ns@V#%Nciq?V07@-U6ZU>=EERD4m>VQ5ln*XK9m_ctPz6%C z#*%TpsS!31FaXI1X)otxw5xGCfUJmQqLkg!wAtuSL$$4(?Ws2?wv|I^Q&ALy7EsDx zb~8){b!24B!jly%VWP|Z#MN`zw|`?J^K%!c&g|xmKlhkwsa|_|Mdi|-haGzy2#303S zA)~CR-05AaDV;*gmI+`iagRe?N`G6wk==@H-P%4#&uj~uR+5*HD%||QI2Fu#(ReMq z*xVvxuxlpOv;?Rz%4un>Bg^m;PjmJB%8;`V5Q7GAp&AJj7tfNzix+u~vNBQgUl=bsMay;bwdYHBq7{rz((jO@Z6girRZ2gVSVn1Bg}ZcJFXuV4d-!f{R^ z=c_vY2;-`n;wNZLlacX17=9jqCcPq!?9YAItzACp$!u-5WDA>+kN_?q8$NiQCB0&G zAUvEWlTE zdT|41q|Xag@$ZBHHs6(r>`1QqM*|VRKswzXT2S}LIZnks^xMy({(Q`}a{|%|&96J4 z9G3t>IWEP^V9#o?AEC1u0yDsKPcwN3<0A^FJeBfBVKg~DBiz&oQ&;ihL4j68+kWnpkK(t7frLSsKt0Zv0&)@U-O0IeG}7WEa!989^mfcK z+U5f0EOaxGex%B!cPXK8Syn3N`1g4wl2_(~SqtVAydvqS@=X7PO-v^@@1fsZxam*I zr%#crM=Z^&M!7M$$CL7yyhL>2&OdlZwT%>F0UgZsvZ?r?j9do}Psz_>1v(H^v1b9^ z&AyXO)LWhD>hdQ{vy?7nyV##v%;Q=`l;)yWTk%`@2N z>B83$s-qSiG>Fw*^qZ_@jl8L3_yL*0l0!9-M~gj)juheMaOw=Vv*_Ve_6*)(#9wBk z%@WSYAJRb5O=3}WlMk2B0mHB7eIj4(-mz;BsZ>Dc4L?&!bY4ZI2m2ndJ6q5Ts6)p* zHA>@qU7*V#Y&)4+o7eUIdqnr^j;@8qbR#p=tH=ZVdMR~pcq;i)ZhTk9-CM-~iv)FJ z)_lJ)<@-yaKHSR3&~8b@n(urfw!dsI^TXHY%5<`&mej)Jj`_Qlch0_hgPe8m!)kH= zO(;61(cI${iTghup6ne@spKlZvtNN@OG5OvTb9fK_jQ2R|<^6saemkx4o z((x?#6alv9pNa}<{xusk$TGON2CS*31@Y4nmdm!~>zRC9{xnmHBLE9o`Eoa-lpB?^>b+jm)Wg6}4TT*oKF^(p)KBOdUd_E*@XlN_QaA+G+I?h_0zs8YifC0hp+iuVYH}k4o+Ka;iO1NKVPiC z_44HP?^MgSzlC=7_R|kbYV$$9znDGD7u|`1Uv)UfNRjux&6SY*TMo~?=9yNnFaS^C zEdYX4$`h-y^4o9JL&vXNiL+$E4 zl}BnWn=9%1?hsJrXzih3C&iZGPCL?R`|nD@b)UQvsuIisWA;ED78d z5oWyfMCyqnT^%i`{vy9dIL7GG3eypjLO%-!?v(w)kG=NNvY_= zW58fdKwX^KNn^L}KW4P_Q4q7~r$d)=RW8d3>CU1=?w!XiIt^rU;X3?5!-l&crQQ$L zphU6h^X|6ALxpWUy3|B%Y29jh=6vo6#j>ZUI~Vaog%>}D1%210D$<{b%;{dG23&QS zZrNLfA;LTF6!6!6A8zfX%_mbwTJ3fFI7dGVl$eTv@SU^a&K7Hy)Cf3{8@j}yjG3Y) zOMR7CC|25A8d4~ zWsW}l4j`Um4_i;(zKS{~vtVI^*auUfs3oO#{D9!N9Cs~Gx?!F>Jurag-YFO?$u8~&1Mpa&9YgJk8z3S4@PDVw|S07z< zL=vAmBCMp zua-VVnrZ<~=7`)dc&@^Jd~8hHe1pV@vA*^jCvjXGY0~?2G)kn$xab~RP`(N;j_=p|`uAlF z7eKWSRGDf4Sv#RSLO5eW6lIh@WRWYZ<9rao5Y~y#2KD$T zQh)FjIFs(*diN<4iKU!#q?z>v1DVcij5BiNg-a^-1to!LU!#j>`jx4NY99-aTTFij z%NLeGOFwjtYUDIsvd#4M(J|`b%l#((EfP29>czhaE#!)RXmV%}&?+&M%7fM#=Ew4X_k06!)LRxsvP#HF=~3^xX;3++oB)-{0eBAV~Q}EwN=_* zlft#X`cc-9@wzIxALwC9elOWpP80-CUWluYyYx@&`MiPba(=q(SJja7&a~5fQus3{ zd@xp0n|?W!p*X!?Q%_f7>6luU#XX#|oLV52YPu~bmL4kW9l+x*Gz(c?9nnr1eB^9Y z^^US5zoHdYa1KURZw6nmk)Xdvt}?Y^`F<>Ec|m<#tbjJN5M#(4i)YHZeS`bsOPv43njqg1 zM|S7eN0EO_)q~Qaa`V{Al;;j zx!eU4l!3{>Gvh`Q!!xw`u*5%5BkerSaCNY(;3H7s+>ov6)HeduE4K*(w$_KTF*HOS zWzoHZf#-@oj&ZNa8%akMyT>fmBC530BSc;Q8!xbC8CS-!({`NbE!s^wgNsZdn#G?d zr${&o9#b6dsopPZsF0?vWTa}_g}+S5zZ(+#mxBiZH!Xmxon*w3DhZ4$eyuQP_#IGh zC;`~muboR525tgj-3+&`Zch^(=uw}J%5Ns11<=}0iaU2UQ5SGr!m7No`kn`O&;*tn3`pu! zKF49-+Sw*E)8th6*_j?BV43AW%hueHuUcU;aI8#ss_U5|t8W1@g3i-`YkGq|H(V4mBB|C3UJM;-?#|A!G1!!KV1ThahHdWv`~f ztPMm-Pmh^^fM6h=yX0}>my?ev*HwquA^R56GTUci)F4Zf|E6C5NN4PY$ zEp-OKPEVd`f^X+SMssA{b<0y~;>|`>hi}9J)RAf())E=i&k2dyZfQ(ww>5bgKYVds zOCt(t4}Pd!R9_Tc-x|_F)4JJ9pkcpXtU!JE^(CAue&BdWel1k9pxW@~ctw6k;}%K+ zPu}L2jxJ90E<(V|bIGx~)*@0;VI@V6!@J4w8D;=I6NfDgin2LJ0N{gW040Ow&pBNw zdI^KqNJX7?S)d^bSfL6}IAwOrWaThAO-aW3RV%+MXKZ;iv2NrX%Ebk#5wXxw^`8O%6V{8NUqv}?RGw*zh|OvwIej`UCC70^F)Fx z-%XQ~x@e4vlRxSvWT&qLCA_j!_eybh$xya1`Q4fMrn*F^yDN2aAAwEWUEH(T zJDhCpX6EunZpkvM?AFt1&%4@>GNich2M6gy3%@k1ZhVjHHnnFx$H83mM>&aCwio_$S3!f3fqZM_(&_XsIk^iCAWWPKz2&dws%E2(}Y; zBt$Qr?>*4cBe)a+@05hko3HFIOC0VmzCU8nA>&JuHxXAzXG_`IS3fM~se|vt`C;i0 z29B)|nZ|yef>-%hdgQaXD8y!P!4B>(Hkby#_pPpemQbg!ekaE5n}#o;)h1OX%59y= zut7e?-79RFAe_nUgWTpswK{dRNq@pgKbU7FvYT5`PzhAH03$A7$5m2s9D4I+5$I z$Y7giD`sSUP%BX{>4I!Mu1|c)iF2voZ3f4UTPC)8=D(XMsu4f5qQX;Mv`aqd_FCzg z%nam}Mx(d@&7Z5AIr@bZ6bg*dY~`A}A8uQ$08`Cyb>U*SY&bjK4;3={IO~!c_}7N- zK9pvhOHTb^_pv8%HMjTf22wqj!c=`Vu%Ksip3j{wwJ=5)RD@>5o-g%#`8c(f4#cw) zpXz!iGw|`^p!_2XXdU|Ua0y`|q_xaSs_CfOH$Hmg{Mk@uwi^p+i?%1|mIn9RQvxSu zV{(=TT~J!(_W)g*Yfz7hRrt8jJmoO|npymF7yLlLcPDtO@>b=TZV{gHB&ScpZCxu` zxg@c%*(=jI1MwN6@)lDOiqIxZoBMfVU; zg3<-B=kWsWo~Qd4#oR|jz9oOkp$xv?e515;O>gIL{;O+23%78{TIpwvThoYqgXB}+ zTbT;qK8BL3kxl(s(9b;dZX(RJ5>!c@j@I^&pNkZKoO5qy@NSo97wPnb8e{Tiw=dDF8C%N)}B`f$ln_KP>A?)l5K4 zr>hrOHg%RrD01bP&w9j%6ip!rF6T^V>ZNY$rJ63;yqoACwbNx8->pMf62t1g&~0`$ zbC`NWnD{4jb6F-r+JlzZ6uSD}^W@a*?GIJW)N{cO-?eD0JC`42j955-ZqV5;U8k|0 zT#63!hE5pDC66ss?htrr(ZV_-Hik1h+vbPXI8r-z?m#=s5HJs}!Ok5>>TpTQ3PJ0F}%^4TLszWVJW@Gg$56rNy}@R}4XEoOpj-4E3ZIjhlu)twS5hkCd4eqx0W z=;G=SMjG);1dI=ib*ZAx{>*+8;(<9SMHt4sr@zMs7*i*jhEaxw-H9)#uyo~dOaUFZ zo1~ieu^B+~M{Vf>;i9>=gpb0({R;IlMLXgU%rgwe&mBWYFm|^l>jDi6kkLjzw3B=< z#98FUMF<_{Up|VC&i@jaFDT%>zu;J3>+neuI_Fyy2{>~WGN?@D8jD>7(0C+P+aQns zR#+Q}A@V=lA$33qdB7b7P3LeQ&l#5pw^S^guf%VR{243NWMvqondqB`56zi8jcSDS~CI>7Zn&Z&vR z5<%UMbc{^Zy46D-?JR+0vni@v(9gK`s4G6n!}Tu)bWr${itRDI$VBdtv@o`zMa%n4 z#Ng6jef@Kab^)hC{34WE}XZkm<($$e9vxn*0F*|6Yyhvw8|#Uj;=D!QC5Cy$9$3s6TT4kKoPt=ZOMM@{ z;jye^9-itsz;?3V;~#%|FCV2--^-Gmor&TvG@_LW zxpLywC`o=MQ$Yyv%Nr1kda1bj#gl#UUQ2fPVgvRi8;3Dw_AxMiP`YYuX)9eLp99aT z3Iu1b^-U~PAcn35Vr_^^fG&_)vzBXcmlTbzo8Iqd2@NnKH{$)qEY@)%#Wj)stg!+8Cq*V~>V)B5{}dZVzs(04n3v7P{gPbo|u z#e`~oH^BoGZX{xH2as1sHo&YVo)ZUZ+Mws~rweSI)DBY&oEN!uH%4j2lo%(P>LadL ztQryjePCxNf(+cxv`P31V1zDTPz$mAItE)<4vtZ>odTp! zJf2J-oM;FUpr`EAuxovBk8?YkU&B#dP-b!n^}v5U`mdif)P7xP0B~vpR8T0Cv0|Bx z{o$$jGE#$n2U)-cQR8Wc;q+k@GW%g4+k$GX1xTEuO5+` zV(nBc)KI_uD~GGLJIh0^zt!?DlZ8ZCHfZepjtvM}M-_a*u&P?7OE{?eb2zW+I0(8s~?gRG;|tPobNY-X1-osxz++Hdx~i zM};N-@xIf4V9jnk0@9`qGIx*urpQ%@6=&25u9GfhDv8=H0}g-8D^AfX0ehbgeP9T9EkW@zLW#)edx**X~(!@E5E1JN{q(dL`}MPe;dND<)~lZ z{;TSLZN3)BgwkVU+s-l}DSym;0R7rEd;_6~6B;B&$B;(V4e31e0ME=2%tDYDtCF;x zv`m9t7YhsOn2Tijl+v17hI2dnk;UKE=RbC#kqs1DnM&TD5!3x&fRdsntIYQ&*pkSt zl?uqC46uq?40nG83XfpEQ!VxHw81`KLJ&@j{U>y z$A5XBpBVb~78#xAKF$wQN9QeL+_hWgoF%7cC}z_6=*cE1HXO*5lEo$!mB@XIsIw#8r zU7-YkOiu2*D(7eO@UkiM-r&_pFnnb1;ZgpmvbO}o>My|2ImIGTQTsptYL?qbw?pF~ z-8O`f69&`3k%aacTcK~9&<9HGy^R1~wbd1;6(E~hmw`Wa zU%+aq)wV5VCbT^vM2&RoAI|)re>K4Lzu5KI;aRNAR#ok)o0MRAw>2jVkW>wevx2jq zF*@_80w7s^p#^TQGm`BV`Zpk7ivc?kbzBV5M$$&3E6q#cJUv{Z2=2?R6Kxm{%Cluw zJpb!!!L~DR7qHchY#~}5No+f`w_ynauZ2ynG_q5jSxB!m1gmMFmrp!;>1iUULV~iU03cmtYO{H@vAyA35~c(;pU$ zCQ4G^O27itq5@{;(_qa&&L0~X2@*h7_}*l!hH>)peu~to z!X`D@>?i_R=}TmXZaNwyY?d@!*o04*9UU#{1lSER+;3whCX~@-qy|QOAkZn_vrn-F z;Sg$@xWSY=hGRHvz8zeWP}t zkmgjWQ_Y&e#Ee+~Z@ECnQfjg<}8M@sPAi)!T{ydvk(X6IdWIbs8fH| z2rj{8yI%7MjA6Qq^qua#n1{vz5f`&T11R3L+pT?Sb2<}`?o8c&P_}3RQFE?Oiz?vI zW3@qXNB`S0{6qY{=aZ-=FNUH<>-ZjqdY2!-9`eyD%gx^3JwHv+tBDP^Ttnt*3R7*R ziQ8_gk$@R>Q%3C8)lw~_@z<8WM?Uh7E)rgymgqDwrKV8J&cfg5{c3qqP|NeAe>0f|*67RGV5rGaS-K-F&#-64(b#5a=8Wb3JdXrzcopZu zC~Drv$^*NjdR@?|+CZi9bxoP9`+zzsTHmSFO2NKa<)-X=J1~aQr5w)AMF1>9m&G)6npl zLsta1lV?*=u8JxOu6KST52=L{a=BWIY#yvy}mhm%zvPTzw_2uOs`2o$_}fci+6ewNRU3 z*S_`>5Eb0sf2n!KXS(daj^qJr1$4d#oqe~#5VJy)zPF9=6Gy&Z3MM?=Y+%fnYKP$5 z;R?@Y`i42a*+0=fqNN|D`B`FSy7fw~Hre?9uyPl`s4Gqd$!{^3%w|as%Wgo1mpEF2 z*}9K>f=xcg8-oc-*OXD43UW~3S(Px@6aX)OXA5*64vQis*t7dKRl>E6wn+G^#I4_v z+pLR)58v>LxAWASU!R`PbFMo`-Yxr@+|u}8VhWTvYbZ4)<0jM;JhRC3pl!R{CAYO^ zYp+Y$uQW7O3e0;O$>+4w?PN`F-1P=Vf9p_$y!U;FM97{l6fi!uD&)aD7o!OR^Tfz zag@~Q(5W*^_c=a2Qkq6p}Ji-MXOknl~?hoI$9 zdqGs7r9-};Zj0lXdHbD@mpiL!0#u;U@qb7QYqZ~Y62c-{V}X{-4&`fXb=%?SvwE<6 zrBsAr0bCWS(dN#~bV!imL=(xofwkMLy}(cEf8(U&@Ui4d+vP*=jh&5GA-;Y0{AI04 z6n5ldz*K`R>U>$%RxokI$Y;6chQ@PLu7k4M|E9|)k8adL%E^FZ0ZTx3)S}18K0L~^ zc|Fd{_SmBgFF%`68J4E*NkVjPjYyd6k^xhg2s9p=nKVm$P(~_pqWh}Bogo;5uiCfS z7cDU^^y9<)dEW-aLN^j0fZ`{|wM~l!3<#c&qxG9vJ=9127aNnuWT4O{=I5C$1rugF5yds0PG23EZ#W$a5{yDIe=~`I-#=d<*f9=g*%^AXww@mha_rP_LfK{5}p_$~`vk zRd_cy>eZ)um}c)S2eoW_sv7S3lfgpKx!fb~O%0ptqn&o0AD^TZIdo*82Xt9HDQ=bU564 zxKOS$_S{&`M-F-*S5VAez;lZ+FYlm3*-lDf2wXDwI)AY!fMSb$R`l5c`t{gpV ztjZ@t0QwOjjxiT+U6PVr#d!qL^Zd&1xKh47e$(k)xH|JzA5v4ta+S5oK(`Suqo%N-;{cv;b;#-js6aI0RC@x=lE84hw z^Q!wj?u#2vA{Pv=K73^$>-X*Aa`?TY&;FNaTllXHe&7zhbQ$fkNau*lTjNkFqqbY( zF?m}Bq)YwFtIP74dKK{T9Ju?k{F=P$akIqu;%bg(!+y;~zE2-le}g{0@py%gtJ}=M z*GWSn(yF)1xA|^89p&P-R~zNp4JmH0U88#9%N#ryF9e&=xQ-UALp)O|bGUN~HfLBE`dYGa0?+p6-Y=!E>R=hdaCk zyocE$ZME`TVb)v91~;WR=cTUAdeI0i<}Y75>hxr&ap*oW_kXa*|I-uZ(JP;@nQ+_m zLfb;_-rYHsp`U}4);Lnhu$@`9?6u!dB*$hmC~X{y1fC7?I$83Ma|p0Yc-YKUS@~3= zye4CHWb&`X!IYftJVK*vEDG$^6<(Vup(?O zO_hMYdsARyw!KJFveB~>>P_i=qqr)m#9_L6z1~uYXfrzIcDif=ztE#PCw5o}wBgI< z(D&3VkyG&wg4zoNI-1$2Ej8w}%ZkbTD1s^?4 ztxKAF+Hd6g=x*Mpw7OT-m{jk45Jk*$KY!if;X5+zHgi6@PV4-qian>)o%s7mc)8$F z%iv{+KzQf__Tg_Sd2uwWm9iD>Z__GBZIX$4KP}~lSX_6qHi1Oor(e_mc%4vTL_W6Q zt7-7(5?PFgW4uE6A$9V3I3h3aS!EjhiD35h46bV^&&V$;{yHa?VP}g*ek^KKD9cF0n*=OPiDHR=f07nvWk(%`ux4 zLWzn3f}G4j#QLA8+|_i6L+u^4yj4^9biZke)JKad+g^!&`Hf_n@5@6lO8KM+g7 z91)9a1~r_!+!;o}b46YQ)h)e4p()B0VVp&%V3%Qr08mTw`cU^29I$RBS=K6o^Y zsM8+y-E?bGx4n~@Gg{D*pSIGRh4+Azfwy3u98zIX6G!mBUVn)YPXJeQ&Zy%^5)FBS7kD* z;WqA1^jcx;_)e2=%AIZKJ+lNihuOg21^uqCYSh<;x7i1V7o(mXCI)}9BJO;HJSt(o zMp+DeqptVr)93|n8%K$Zjyfy6q<7yZ;Jn@!a$)w`?G)(t~}^@1diqoqr^ zYdCB41wmDW$-_^%Gf92Z=(xuQdjvUY&Ys#S{VPG=-g`HfFnnDQ#CnoSfLx3_=EOrmA@h}sx7s@ zWyI$`riz7-jG6p!tWZ5{p%cbGkq(XC=QQm8X)HayMKZ$BGtZ~+eZ+h}Y*w!#vY8RS?*KKa zk=rb^wA5nGP&aE=SLAB_-f-DvGm&w`3TBr4d)h|Xp~NOL#k6YJY}{0EY&$hZ%Il>U zxQvU8z4?Btqtoqv16At1_j5-s!%{F`+bZ??y`pEs*XDP^Bodz_eH&@wF1N^>-JsbV zC|EBd;0#NWZS=_c87~}(vB(Jk%I|_=rE4|?NTALX@8(LXpDu;g zL3ajy0!D@f&25IsWWriX`cu?wr|-5bI_mE~cP+_s-PQ0Et1;hyHzrgIt#Z>+Xu$SC z*ltnw*dAz;zj2Hg|FJq!qq4maJ)a<^yc#8-_bASGVxRQ=#@+*MyRWve+x+9(s>ezK z;|Kcir*%>0H>6f7bKI)!TPBt&@xt^*`=dD$nt$GMY8jj(QD=X4$o+E{?(&>L%Cd>- zT~lJ2>Z~f;Dkq!@u@Mwi=f2>P+oGZW(C((OcT-QLt;ukc+C);zgwEAMQgtp0ch7#C zhh6;5Ic48!Euj$>q#X#Uskb|@r_O6WHREu5^?FLgRizsX z6DI{5>b-P8WTaN2?8WqLG8OjPl*G-&ZFpvJ(tPqxQ^S_8x?` zRz9~OtV%vA9~&8$i*5Z<+yA4$%2DBY=u&Jbh7+i`Z>ewH-nMJv0jgp1ebtA}5>eu6 z3ckEk*|h7Pw8g`9Q&*rxk~Dme-X(>|c*ty6Z{8t`SGT9(5n^1v<6#qHIvwGnX6!pX z=RT9Ymo-bs6H_qpxY;(+kYk_bHLqO5-txS-GR&uB=zVAF`h(XfE}R!j2mjuMy)FZ06m_c9Cl6Wo(AoxY!NuJ+v`ODlgNmGaNNpa_UPJTsD!| zaM2~iS$0dA`PQ!zOf`43?vp2MnQ2UPC-9$^uCV|sjXKl(;*yD2it}U3L(njw>#VQ7 zs_7#cLHIG_b)k8W#Q`hj>IlJb%xkE5gcY9k=3{B~w^~H40~on&Z*xA4Rde$+YkI4_ zA7dAcss2p{ZFN0V8`-&-riO zc$2_ob7Ni&7R>Nmkl+Tv#1-|UwI6A_(A^z_^@iR_yh%KU%rDu$jkeanTsu;29!-Mh zF%>McE&UH!#JcOxB$W~U`D2qkkM(FFNQzjfsw5&Fl&TPr8nd?fn2_uAY2z55!Le8SGK-c`4i1i zKYT9~CdkD5SDm-!gKyPp;3%fF}VBFZmTGvz^Q&A<$MSK^M^*At9eO+nqG2y zkgB(;;b-6FfaTRo1Wt;D7neqiX^w%wh}jhP_SP3nu|FN6gr#3G8Q}%kU?20(qFbG9XR<``c??vaB zV&7%|I%=f%ZrH7!e?tr%B0Jjs%s#ngD^yhBWJ>s5+PZ?#6p(Zd~~sXN9M zWv-_Q`Rx2+orB~bsyukBM@zE5Hnakk;Cmo8#J z*oFJ4{23ULAGU@ln18brwu-ZM{CnuP_nO8Z2BT2Zj`ntow`5oI2w%sKb&C&H+I@8E zfHW*R-Cx0iR_iYNL||+4(vZb3KW{e+`p=U@{w7BL*Hn<5scLNvfiGi*E@smnbgEXJ z@h8)C;Jg@IC^WzOWpslAO~-CPjJA|V;^{-;u7JgDvdTQCDrEPsVre~yUh~nb+-|M^ zU5}H3IdL3nTqQEsMKd(;f645>v}KveU)^_oYZ6+wAnBZ4rhfEo7b7>6Oo&uIQ4z1K z!bJWNdImO9j*btK=L0NnK;H;e`!dx|CeeQ9_&?<4-~Va5R+zDs@zNnJ7TeB&7iM^) z3p!HiVD&rhlMAZ*U&zLNX=>M#az0nEFP8sbdi^hz|J9CFiif77-YC60wx5i3yhub=qZEob)AaxTlrz07$EYu=6qzFe|CQHSNg9xztgqtu z5c`Y&A;YA=PQhz3k5~qyF43QXDB1gaIsZ7r#$s#`Tx?%sJrcu@+keqHap+Irn*U$;{+~-FlqF|s^_o?X{bFR~)e=UALo5IP+Pn5Zrq};p(kVqk z=^~d(R6_1|Qc23Cj@*u1vXGd`{W?k7A)``m!%hh&x4AVjHY~U1a@@6H&23>bjG4{0 z-#XuOzSr~p{hWV(f1Ukld%vIe^L}2h=XqZqpHGfs#dE2Bajge`RUL)hTk<(#dYMj= zB5qc;=AJou@_)7McQ3l%5k!;rB1GMoKIX;Cn{;^IVat$m!+EU9KvCswI*FDPT zgdx_$?aDVwM3cje6%DDQaZ6lLL;@|Uz0))265#jb|ElM|nNNv{ z>#d&(V5VRqE*<;|0|$vuu)m!5+L;v`Jnq)F!!>r(t`=g$nZ}Zu zr^qe76MJW@7}TSU^iwZqOmTCp0T)x)Uz&vsoI?GOe6J~%Z}3lVshIB z-v64Mw#P>MGL=+ykM@+?v^emV%)6DgMnOSFL(}}HYs>^tgx5iGl(D7|Z^j7wj6a19 zp96AnmfxnpBjNmoiAzbW{zl%svg}^bV zadF?Q2D7SDAIomk6N=+FOq9(Nw~eN3pREDsVN;%@ZlJq3m^B2y)yh>aM-GG(ng|H0eD8jIkGk7hQV}F}sY*)ekq(-E znTcih-j;`q|L1n|hkrRA6=zd-M;yE)JG3*4w^6G=O63y6;p-DopiIlQr&`{!1v0z$ zk0v%!pBSxBQE&hGekk~=kB5=P{36&z;cB}FRFOi1aR+5W*c}pc}0qfYQ zabg%ThSZX%=^5m)$&VBUhS+wZzoJ%D)lPAGAF+iG+mX77tCVYB z8)c0pz+a>lL*1@F{V(+U_c1?Qj@yw&CzT=U%I?pE(L_n@y!F*bUAtt$<#G%hZUI@x zFYpBizW+xqS=(b!8_OIQrcF+9-f=4|?B_Z?e1 zcfAyr`pMG!h%6odpYgF@mo1nRVNd4IX2CdPzX4I>sRdSWHzlv>qU2rIsBSxwNGvaX zX|C4A&O+KG#CY>7!iW#YW(|~L(W$MCx!ce7OZB4eG1oP-kpuw5p~Prn36~Z?Ye!CO zOhnN{(mH1y`o`)HI`5YY&=ZublB0i#iy<*!h<%8Sept&>kinonddA4+36Ei3qyi~1 z-kM(>PsBl?77tG0paFOC(bF>td(#5YA6zDQBC41((XH1JzFLdXMET8r7w4%`1OmdQ zVPY3VfTsMNbiZTAqpn*F7-n^L$qpVB6E$LPT@DG0U3#~)Age1qJZzUjOFVZ#@bBo2 z!=0}9o?*vv<5c&LohC{LhmFt<+E-EW(k~kO*)O!|ZFu9BPx92rU(AKe<{A@Ko6k&I zTr7?S(S8IX9$N&tt^6{G_BiQ-ikHLrf5J3KhX+f0vK2#@T^!iq;=#>gim#br^;We` z#uebMA?h^H_4soukE54BNrCWUsDcJ7U2S@jYtipC63QXSAtwmE!He^bZEeHUTQeTo zNY_VgnxEw-#OB|SoF#c)ZIBz@hIIx!0({RcS_};%uyyd+#!J8tW1z**N%x85KRr% zdWLwkpXl$}u@gH6kT{j|gV*Q%;MAHCKMl^|@rL-!s%9^2UgT;=p!eH^>GJ0M8FYMt zp$uRw?9}HwHI2_N{~Y@HL<;Eyt^MXMJS`{y_2FbpI)!W-YmFkzq_pPQ&g!8lhZo_r zXDK0>CTAGG)QuZ==QB5N3QDe9w+~LhW=+NX*b{GS3;Q$sE4{2O%-0y*ymj(+HxX7Ad{cuoLghOkeSTOs2WoS_PY{a=QhuD8>0KQ7=5^0uq<_q9Q4dG z%Z+~?1ULx}kElLwx5<6CM+HZ&SRt;Gza>)}s`U!dL*()OdFx#)7#IiVEywMj;Buo0 zKHFvgRymriN;X#%+pbFfFV=Pkjz=StH){r3PcIHXp4EW49}5ia0V$4WAmF>$uc#pK3Np%uaOIZH z50GK*+sY9|Bbd(FxzNVL*C1WeBVtqH>4AbH7o?)rWW26XPWh~%<pTpA_{&>qt z8YOBwNFU+jWGe0CJKkG%M$xW1$HzZ73EOaV+UfnWmzp8~DE=N^1W+518UJEHo8FP= z)xP@nX7;+%Eza0EA`odSA$33F``VNjiPq!>yqpDvo7vx*Idg3wux&W{`)BPFtuGf8 zcD!5BQ3wHXQg_0NJYu@84&MQv(A{|W26PBi9POs(TD5nDQIa8P5U1AenmgtiC(b?F+i8jih~h{O|?H+|la%#icq0 zY1-1Z@wwE}=P9qV3MS!|3RQKqnH$*)PTe+0ml1Fa;rdf~A-35z?CPA6jl!}w#ZszZl7&`nS-Xm*| z?aI%Kpft6Y)Q^slHi6@Zk^Y!&PGAvNv42iKr349=@bT`x9oC*++*kk9YWSYc%-WSk z{l?0SZJlY?Ro7prpvHVIeXXiJWOMKmNZIa~mH1scOm%3&BPi_;Qpq?ov9Eg!2j29u zcC^f=^*WAb<$OH7{!VtG2l$blZ8H&NRSitP4bvB_KEJ^KMx)dz&noSBqJJ1SRFN#>blteoV~!ka9H@falPmy%6K7aDmKKq z&cUD_S@yHN_s~yeC!WklM@iY|tW(+zt7xhCE9NKiLC7>_)w(&A8tmoxULj>i0f!4`u=c59@v3W}8d5 zoPCQn>BPm^0{VNx2CTKvn(Nud^OsA4l*^xIBdet;1l;pb!}l>85FXI_{l-ypLE>>3 zPl1QOoTR20G}e~+QOYGd=*%kz)NuXgJDN?~NNEYaav9WiJGFs*X0Pf+8R6K4QzHqgJlqH*-{OwfAm+xg(>w|@GJJI~^22N~hcy4@BIj!5_|Ptg z7E-*~adL;y7bX25eZ~I>-2NzObw>)Ab>CPnn<7=(+}`a=)^3^8NL!k=C1cZk$=Eu2 zS^%~$#!k#@gD7IYZUdbe53_0M<=)xd`1GFt5q9JHg!94fZ*jA+V0xjPhIKnPMv0_k z!VkbaW9RSzY$#pL;*I>TmOPc)&kIyZDcC^0rzAb10y^1=jFHg`ypkK@Ijb>O@!&cO zmZawgm$9EV2O1W?kL0XtO;Ja-4^nkvNxDa4gS-PnTDT#0bjB3?aA+k$vr=U8YJdh} zy7-};o6~Ix^6~?E$1dr&N64P?(D4PTcDtF{*FV_ZDYx)i zG1e(t-cg%8LyI9 zNah}5Z5+NZEBdVD@Qci1OtBTHNb2o7__VFmr7Dn=KiaU^3IY#$3tgKH|ER9ZWo?aPE^9d&gMi{7I0Q|qhub8YX?bFBPCw6eQz@rpk5Cw zM9f)XB31Oz42Nia$Y(DL_xQSwlp|It(CI5$FM}H%M8be+H9(2l=+kv77lU>_R>^Eu zi%Rl_IW%^b`!g`t&PQ>N5MEz@7R`;C?{uShr#B{KtyM_m7v|mqEN$YIv(A29P3n&a z?=r7=QOL{5l)X@;N1)W5D<^V2uJ1c9#fdkc94XBXjz?rn>|1WrrXL=<==V)@Zv-=eF)PisIK9pdGdOZ}}rQ=MP3Y=RQ z==01S|Ga9?9WYQ}tmm?h`rri_LDhH_6aQgUVeegMoneDyU={Wy1gW8zU%4(xyeh{j zR7{%`c4ld)7Y+2pK~)fiWy+9>coF1SFscQnsTqB*x(`^3ZLA)5&#RUGK}EyP^U#MU zR(}0oB{@LFoU)Z-o|Pm3Qc!ky*8{%??MT-RO`u;r_Y)!|8PaveW^ir1GkyxQ?@1;q znQXpZpYL140)7e_@dCV)fmNBZVh#X^`wu`yX(*tIPjvMC!ed7!+q$tF&@L&Fy3wLB zAoIoR4~kI0$J0=tpXd={3%cC-S}{e9SUZzB?ri&c8h#J>J}r@uQWj z8v=3Pk7H=rexQ+^Hbfch_T>uQ)#2(hnswCIChz&2u&uViQwKpxz9xbTM(-JzI_0@) zRGlt7Jm_J%e2y^vupUS-xF%ZxN|*|ogRDg(rnG-Nx6F6YUoGqj?r3mV!AcW@$ET&}y46OTnc{NCROc{l@z9GL%OT-uOGcgU*ZS2k#cDvzh*A zfMw@T#cn0Hfu+SjkCfn>8KOnyLm{#_HlBg{u<&K!HjYp>; z^AzaEMADFxrVaSosUA^Hf3eJ07c57mk-Rv_MW%`9lO?W+Qj%^jC4lS^_{_wqs#lrA@EA&QrE)84>R~z^TZVlz~NxV0av#(XYrSoLAz~oVUMd@G0O!J zwChS~5^vWehj=$M_HH3+O((ey!(EXGnR-w}9|0M-#lp&{n}U~lhi?=_(L+mO`;AlxbL~)9 z0&EuaW`gLynpuMaIskk|CYIiI)fiq)+206o^#?Cg$%i){e7IiD&xP-HrH(|fG-=oc z0J}y{y0`rf0T5wt1k$unLzf4_sBL+&^cNlMDJ#jgP(n}Y$Uu-%RB>SZAA}~q=dw+w zc7J>`P?cD^twx_Xe4tr7A$O*(%Jlg?x}%FN{ubfX`cP|a$U~pz@Gv(Fod5DDXO1Rt znEc&82NMLqe+!cDMrJ?_ZhNciKO3arSu- z;`COkaq`@)bvvwoQcQ`G@F4Xg6@YT73_B;_zXt}ZQ>sZ_t;J~|FTEu9MIHjE~Z^N?D39W`)(hP9N$_| z?>s`F#LS3njd>J}0>pfM4QY92TZBZ_QTZjqlLFUWo;lf95hEAMNFC2lM%~qaZ2Irz zvp)(S9yY1(HQZdnk`fh@aDLwcfknaedO3|A`;E1k_7rIts#Ajh1o5pD=$@VoSefoz z`kJ4r((^F+anlQ-(;a>an@c1t2}$sGuA0-iy(K+@F=w&`teuEk1 zgzmg?(st)3`kb$?FR8L!X0LZoP8K`JtdRdyPU{P%v)Wa!qXUy|ZtN13@moJ_^IiI` zj@7qc4B>J)BN70*9~!z!sD^d7+CD*xbc+)lAfPqk&uH`mYXL%$3MU_6fp zI5`}68h|4#w`k6^nt9~jbn?}t9V&Htrl}E_Emes)0tswkwziF}*4o4;uD7j6Ec&0nX@|Ho+)#}h?1$7F182P$sk Oe=N+bFPC3*fAl}vRp$Nx literal 0 HcmV?d00001 From 525627e7a92f5fa9f61408b826a47b1c759f6a27 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:47:48 -0700 Subject: [PATCH 096/161] Create VM and point to branch --- README.md | 17 + dev/spacelift/dpe-sandbox/main.tf | 4 +- main.tf | 2 +- modules/internal-k8-infra/data.tf | 55 - modules/internal-k8-infra/main.tf | 128 -- modules/internal-k8-infra/provider.tf | 21 - .../templates/airflow-values.yaml | 20 - modules/internal-k8-infra/variables.tf | 36 - modules/main.tf | 56 +- modules/victoria-metrics/data.tf | 7 + modules/victoria-metrics/main.tf | 30 + .../victoria-metrics/templates/values.yaml | 1146 +++++++++++++++++ modules/victoria-metrics/variables.tf | 18 + .../versions.tf | 4 - 14 files changed, 1272 insertions(+), 272 deletions(-) delete mode 100644 modules/internal-k8-infra/data.tf delete mode 100644 modules/internal-k8-infra/main.tf delete mode 100644 modules/internal-k8-infra/provider.tf delete mode 100644 modules/internal-k8-infra/templates/airflow-values.yaml delete mode 100644 modules/internal-k8-infra/variables.tf create mode 100644 modules/victoria-metrics/data.tf create mode 100644 modules/victoria-metrics/main.tf create mode 100644 modules/victoria-metrics/templates/values.yaml create mode 100644 modules/victoria-metrics/variables.tf rename modules/{internal-k8-infra => victoria-metrics}/versions.tf (66%) diff --git a/README.md b/README.md index 93c6ef3f..9b5b7895 100644 --- a/README.md +++ b/README.md @@ -201,3 +201,20 @@ This document describes the abbreviated process below: } ``` - Add a new `spacelift_aws_integration` resources to the `common-resources/aws-integrations` directory. + + + + + + +### Junk notes that should not be committed: +aws sso login --profile dnt-dev-admin +aws eks update-kubeconfig --region us-east-1 --name dpe-k8-sandbox --role-arn arn:aws:iam::631692904429:role/eks-admin-role-dpe-k8-sandbox --profile dnt-dev-admin + + +# Checklist of things I need to get done: +- Why is the service not found, and why can the demo not all connect to eachother +- Should I implement pod level security groups? +- Should I use k8s network policies? +- Can I use the 'strict' networking rule +- Connecting to the application through the TGW instead of through the internet/public VPN IP \ No newline at end of file diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index cf38a3d1..e0260360 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -13,7 +13,7 @@ resource "spacelift_stack" "k8s-stack" { administrative = false autodeploy = true - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Infrastructure to support deploying to an EKS cluster" name = "DPE DEV Kubernetes Infrastructure" project_root = "dev/stacks/dpe-sandbox-k8s" @@ -31,7 +31,7 @@ resource "spacelift_stack" "k8s-stack-deployments" { administrative = false autodeploy = true - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Deployments internal to an EKS cluster" name = "DPE DEV Kubernetes Deployments" project_root = "dev/stacks/dpe-sandbox-k8s-deployments" diff --git a/main.tf b/main.tf index b7269a01..9221a0dc 100644 --- a/main.tf +++ b/main.tf @@ -17,7 +17,7 @@ resource "spacelift_stack" "root_administrative_stack" { administrative = true autodeploy = true - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Manages other spacelift resources" name = "Root Spacelift Administrative Stack" project_root = "" diff --git a/modules/internal-k8-infra/data.tf b/modules/internal-k8-infra/data.tf deleted file mode 100644 index be8854a8..00000000 --- a/modules/internal-k8-infra/data.tf +++ /dev/null @@ -1,55 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} - -data "aws_secretsmanager_secret" "spotinst_token" { - name = "spotinst_token" -} - -data "aws_secretsmanager_secret_version" "secret_credentials" { - secret_id = data.aws_secretsmanager_secret.spotinst_token.id -} - -data "aws_vpc" "selected" { - filter { - name = "tag:Name" - values = ["spacelift-created-vpc"] - } -} - -data "aws_subnets" "node_subnets" { - filter { - name = "vpc-id" - values = [data.aws_vpc.selected.id] - } - - filter { - name = "tag:Name" - values = ["private"] - } -} - -data "aws_iam_roles" "all_roles" {} - -data "aws_eks_node_groups" "node_groups" { - cluster_name = var.cluster_name -} - -data "aws_eks_node_group" "node_group" { - cluster_name = var.cluster_name - node_group_name = tolist(data.aws_eks_node_groups.node_groups.names)[0] -} - -data "aws_iam_instance_profiles" "profile" { - role_name = split("/", data.aws_eks_node_group.node_group.node_role_arn)[1] -} - -data "aws_security_group" "eks_cluster_security_group" { - tags = { - Name = "${var.cluster_name}-node" - } -} diff --git a/modules/internal-k8-infra/main.tf b/modules/internal-k8-infra/main.tf deleted file mode 100644 index 5955c301..00000000 --- a/modules/internal-k8-infra/main.tf +++ /dev/null @@ -1,128 +0,0 @@ -module "ocean-controller" { - source = "spotinst/ocean-controller/spotinst" - version = "0.54.0" - - # Credentials. - spotinst_token = data.aws_secretsmanager_secret_version.secret_credentials.secret_string - spotinst_account = var.spotinst_account - - # Configuration. - cluster_identifier = var.cluster_name -} - -module "ocean-aws-k8s" { - source = "spotinst/ocean-aws-k8s/spotinst" - version = "1.2.0" - - # Configuration - cluster_name = var.cluster_name - region = var.region - subnet_ids = data.aws_subnets.node_subnets.ids - worker_instance_profile_arn = tolist(data.aws_iam_instance_profiles.profile.arns)[0] - security_groups = [data.aws_security_group.eks_cluster_security_group.id] - is_aggressive_scale_down_enabled = true - max_scale_down_percentage = 33 - tags = var.tags -} - -resource "kubernetes_namespace" "airflow" { - metadata { - name = "airflow" - } -} - -resource "random_password" "airflow" { - length = 16 - special = true - override_special = "!#$%&*()-_=+[]{}<>:?" -} - -resource "kubernetes_secret" "airflow_webserver_secret" { - metadata { - name = "airflow-webserver-secret" - namespace = "airflow" - } - - data = { - "webserver-secret-key" = random_password.airflow.result - } - - depends_on = [kubernetes_namespace.airflow] -} - -# TODO: Should a long-term deployment use a managed RDS instance? -# https://github.com/apache/airflow/blob/main/chart/values.yaml#L2321-L2329 -resource "helm_release" "airflow" { - name = "apache-airflow" - repository = "https://airflow.apache.org" - chart = "airflow" - namespace = "airflow" - version = "1.11.0" - depends_on = [kubernetes_namespace.airflow, module.ocean-controller, module.ocean-aws-k8s] - - # https://github.com/hashicorp/terraform-provider-helm/issues/683#issuecomment-830872443 - wait = false - - set { - name = "config.webserver.expose_config" - value = "true" - } - - set { - name = "config.secrets.backend" - value = "airflow.providers.amazon.aws.secrets.secrets_manager.SecretsManagerBackend" - } - - set { - name = "webserver.service.type" - value = "LoadBalancer" - } - - set { - name = "webserverSecretKeySecretName" - value = "airflow-webserver-secret" - } - - set { - name = "airflowVersion" - value = "2.7.1" - } - - set { - name = "defaultAirflowRepository" - value = "bfaublesage/airflow" - } - - set { - name = "defaultAirflowTag" - value = "2.7.1-python-3.10" - } - - set { - name = "dags.persistence.enabled" - value = "false" - } - - set { - name = "dags.gitSync.enabled" - value = "true" - } - - set { - name = "dags.gitSync.repo" - value = "https://github.com/Sage-Bionetworks-Workflows/orca-recipes" - } - - set { - name = "dags.gitSync.subPath" - value = "dags" - } - - set { - name = "dags.gitSync.branch" - value = "main" - } - - - values = [templatefile("${path.module}/templates/airflow-values.yaml", {})] -} diff --git a/modules/internal-k8-infra/provider.tf b/modules/internal-k8-infra/provider.tf deleted file mode 100644 index 451c9b98..00000000 --- a/modules/internal-k8-infra/provider.tf +++ /dev/null @@ -1,21 +0,0 @@ -provider "aws" { - region = var.region -} - -provider "spotinst" { - account = var.spotinst_account - token = data.aws_secretsmanager_secret_version.secret_credentials.secret_string -} - -provider "kubernetes" { - config_path = var.kube_config_path - host = data.aws_eks_cluster.cluster.endpoint - cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority[0].data) - token = data.aws_eks_cluster_auth.cluster.token -} - -provider "helm" { - kubernetes { - config_path = var.kube_config_path - } -} diff --git a/modules/internal-k8-infra/templates/airflow-values.yaml b/modules/internal-k8-infra/templates/airflow-values.yaml deleted file mode 100644 index c89e8e99..00000000 --- a/modules/internal-k8-infra/templates/airflow-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -config: - secrets: - backend_kwargs: '{"connections_prefix": "airflow/connections", "variables_prefix": "airflow/variables", "region_name": "us-east-1"}' - # webserver: - # authenticate: true - # auth_backend: airflow.contrib.auth.backends.google_auth - # web_server_ssl_cert = - # web_server_ssl_key = - # web_server_port = 443 - # base_url = http://:443 - # celery: - # ssl_active = True - # ssl_key = - # ssl_cert = - # ssl_cacert = - -# service: -# type: LoadBalancer # or another type as needed -# annotations: -# alb.ingress.kubernetes.io/scheme: "internal" diff --git a/modules/internal-k8-infra/variables.tf b/modules/internal-k8-infra/variables.tf deleted file mode 100644 index 6751b0a8..00000000 --- a/modules/internal-k8-infra/variables.tf +++ /dev/null @@ -1,36 +0,0 @@ -variable "cluster_name" { - description = "Name of K8 cluster" - type = string - default = "dpe-k8" -} - -variable "node_group_name" { - description = "Node group name for the cluster" - type = string - default = "airflow-node-group" -} - -variable "kube_config_path" { - description = "Kube config path" - type = string - default = "~/.kube/config" -} - -variable "region" { - description = "AWS region" - type = string - default = "us-east-1" -} - -variable "spotinst_account" { - description = "Spot.io account" - type = string -} - -variable "tags" { - description = "AWS Resource Tags" - type = map(string) - default = { - "CostCenter" = "No Program / 000000" - } -} diff --git a/modules/main.tf b/modules/main.tf index 00a4de85..4cabeeba 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -1,3 +1,25 @@ +locals { + spacelift_modules = { + victoria-metrics = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "victoria-metrics" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-1007-monitoring" + description = "Helm chart deployment for a single node Victoria Metrics instance" + project_root = "modules/victoria-metrics" + space_id = "root" + version_number = "0.0.1" + } + # Add more modules here if needed + } +} + resource "spacelift_module" "sage-aws-vpc" { github_enterprise { namespace = "Sage-Bionetworks-Workflows" @@ -7,7 +29,7 @@ resource "spacelift_module" "sage-aws-vpc" { name = "sage-aws-vpc" terraform_provider = "aws" administrative = false - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Terraform module for creating a VPC in AWS" repository = "eks-stack" project_root = "modules/sage-aws-vpc" @@ -28,7 +50,7 @@ resource "spacelift_module" "sage-aws-eks" { name = "sage-aws-eks" terraform_provider = "aws" administrative = false - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Terraform module for creating an EKS cluster in AWS" repository = "eks-stack" project_root = "modules/sage-aws-eks" @@ -49,7 +71,7 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { name = "sage-aws-eks-autoscaler" terraform_provider = "aws" administrative = false - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Terraform module for creating an EKS cluster autoscaler in AWS" repository = "eks-stack" project_root = "modules/sage-aws-k8s-node-autoscaler" @@ -70,7 +92,7 @@ resource "spacelift_module" "spacelift-private-workerpool" { name = "spacelift-private-workerpool" terraform_provider = "aws" administrative = false - branch = "main" + branch = "ibcdpe-1007-monitoring" description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" repository = "eks-stack" project_root = "modules/spacelift-private-worker" @@ -91,7 +113,7 @@ resource "spacelift_module" "spacelift-private-workerpool" { name = "spacelift-private-workerpool" terraform_provider = "aws" administrative = false - branch = "ibcdpe-935-vpc-updates" + branch = "ibcdpe-1007-monitoring" description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" repository = "eks-stack" project_root = "modules/spacelift-private-worker" @@ -102,3 +124,27 @@ resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id version_number = "0.1.3" } + +resource "spacelift_module" "spacelift_modules" { + for_each = local.spacelift_modules + + github_enterprise { + namespace = each.value.github_enterprise.namespace + id = each.value.github_enterprise.id + } + + name = each.value.name + terraform_provider = each.value.terraform_provider + administrative = each.value.administrative + branch = each.value.branch + description = each.value.description + repository = each.value.repository + project_root = each.value.project_root + space_id = each.value.space_id +} + +resource "spacelift_version" "spacelift_versions" { + for_each = local.spacelift_modules + module_id = spacelift_module.spacelift_modules[each.key].id + version_number = each.value.version_number +} diff --git a/modules/victoria-metrics/data.tf b/modules/victoria-metrics/data.tf new file mode 100644 index 00000000..765d5620 --- /dev/null +++ b/modules/victoria-metrics/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} \ No newline at end of file diff --git a/modules/victoria-metrics/main.tf b/modules/victoria-metrics/main.tf new file mode 100644 index 00000000..65358498 --- /dev/null +++ b/modules/victoria-metrics/main.tf @@ -0,0 +1,30 @@ +resource "kubernetes_namespace" "victoria-metrics" { + metadata { + name = "victoria-metrics" + } +} + +resource "helm_repository" "grafana" { + name = "grafana" + url = "https://grafana.github.io/helm-charts" +} + +resource "helm_repository" "prometheus-community" { + name = "prometheus-community" + url = "https://prometheus-community.github.io/helm-charts" +} + +resource "helm_release" "victoria-metrics" { + name = "victoria-metrics-k8s-stack" + repository = "https://victoriametrics.github.io/helm-charts/" + chart = "victoria-metrics-k8s-stack" + namespace = "victoria-metrics" + version = "0.9.25" + depends_on = [ + kubernetes_namespace.victoria-metrics, + helm_repository.grafana, + helm_repository.prometheus-community + ] + + values = [templatefile("${path.module}/templates/values.yaml", {})] +} diff --git a/modules/victoria-metrics/templates/values.yaml b/modules/victoria-metrics/templates/values.yaml new file mode 100644 index 00000000..2465d718 --- /dev/null +++ b/modules/victoria-metrics/templates/values.yaml @@ -0,0 +1,1146 @@ +nameOverride: "" +fullnameOverride: "" +tenant: "0" +# -- If this chart is used in "Argocd" with "releaseName" field then +# -- VMServiceScrapes couldn't select the proper services. +# -- For correct working need set value 'argocdReleaseOverride=$ARGOCD_APP_NAME' +argocdReleaseOverride: "" + +# -- victoria-metrics-operator dependency chart configuration. +# -- For possible values refer to https://github.com/VictoriaMetrics/helm-charts/tree/master/charts/victoria-metrics-operator#parameters +# -- also checkout here possible ENV variables to configure operator behaviour https://docs.victoriametrics.com/operator/vars.html +victoria-metrics-operator: + enabled: true + # -- Tells helm to clean up vm cr resources when uninstalling + cleanupCRD: true + cleanupImage: + repository: bitnami/kubectl + # use image tag that matches k8s API version by default + # tag: 1.29.6 + pullPolicy: IfNotPresent + + createCRD: false # we disable crd creation by operator chart as we create them in this chart + operator: + # -- By default, operator converts prometheus-operator objects. + disable_prometheus_converter: false + +serviceAccount: + # -- Specifies whether a service account should be created + create: true + # -- Annotations to add to the service account + annotations: {} + # -- The name of the service account to use. + # -- If not set and create is true, a name is generated using the fullname template + name: "" + +## -- Create default rules for monitoring the cluster +defaultRules: + create: true + + # -- Common properties for VMRule groups + group: + spec: + # -- Optional HTTP URL parameters added to each rule request + params: {} + + # -- Common properties for VMRules + rule: + spec: + # -- Additional labels for VMRule alerts + labels: {} + # -- Additional annotations for VMRule alerts + annotations: {} + + # -- Per rule properties + rules: {} + # CPUThrottlingHigh: + # create: true + # spec: + # for: 15m + # labels: + # severity: critical + groups: + etcd: + create: true + # -- Common properties for all rules in a group + rules: {} + # spec: + # annotations: + # dashboard: https://example.com/dashboard/1 + general: + create: true + rules: {} + k8sContainerMemoryRss: + create: true + rules: {} + k8sContainerMemoryCache: + create: true + rules: {} + k8sContainerCpuUsageSecondsTotal: + create: true + rules: {} + k8sPodOwner: + create: true + rules: {} + k8sContainerResource: + create: true + rules: {} + k8sContainerMemoryWorkingSetBytes: + create: true + rules: {} + k8sContainerMemorySwap: + create: true + rules: {} + kubeApiserver: + create: true + rules: {} + kubeApiserverAvailability: + create: true + rules: {} + kubeApiserverBurnrate: + create: true + rules: {} + kubeApiserverHistogram: + create: true + rules: {} + kubeApiserverSlos: + create: true + rules: {} + kubelet: + create: true + rules: {} + kubePrometheusGeneral: + create: true + rules: {} + kubePrometheusNodeRecording: + create: true + rules: {} + kubernetesApps: + create: true + rules: {} + targetNamespace: ".*" + kubernetesResources: + create: true + rules: {} + kubernetesStorage: + create: true + rules: {} + targetNamespace: ".*" + kubernetesSystem: + create: true + rules: {} + kubernetesSystemKubelet: + create: true + rules: {} + kubernetesSystemApiserver: + create: true + rules: {} + kubernetesSystemControllerManager: + create: true + rules: {} + kubeScheduler: + create: true + rules: {} + kubernetesSystemScheduler: + create: true + rules: {} + kubeStateMetrics: + create: true + rules: {} + nodeNetwork: + create: true + rules: {} + node: + create: true + rules: {} + vmagent: + create: true + rules: {} + vmsingle: + create: true + rules: {} + vmcluster: + create: true + rules: {} + vmHealth: + create: true + rules: {} + alertmanager: + create: true + rules: {} + + # -- Runbook url prefix for default rules + runbookUrl: https://runbooks.prometheus-operator.dev/runbooks + + # -- Labels for default rules + labels: {} + # -- Annotations for default rules + annotations: {} + +## -- Create default dashboards +defaultDashboardsEnabled: true + +## -- Create experimental dashboards +experimentalDashboardsEnabled: true + +## -- Create dashboards as CRDs (reuqires grafana-operator to be installed) +grafanaOperatorDashboardsFormat: + enabled: false + instanceSelector: + matchLabels: + dashboards: "grafana" + allowCrossNamespaceImport: false + +# Provide custom recording or alerting rules to be deployed into the cluster. +additionalVictoriaMetricsMap: +# rule-name: +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + +externalVM: + read: + url: "" + # bearerTokenSecret: + # name: dbaas-read-access-token + # key: bearerToken + write: + url: "" + # bearerTokenSecret: + # name: dbaas-read-access-token + # key: bearerToken + +############## + +# -- Configures vmsingle params +vmsingle: + annotations: {} + enabled: true + # spec for VMSingle crd + # https://docs.victoriametrics.com/operator/api.html#vmsinglespec + spec: + image: + tag: v1.102.0 + # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) + retentionPeriod: "1" + replicaCount: 1 + extraArgs: {} + storage: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vmsingle.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmsingle-ingress-tls + # hosts: + # - vmsingle.domain.com + +vmcluster: + enabled: false + annotations: {} + # spec for VMCluster crd + # https://docs.victoriametrics.com/operator/api.html#vmclusterspec + spec: + # -- Data retention period. Possible units character: h(ours), d(ays), w(eeks), y(ears), if no unit character specified - month. The minimum retention period is 24h. See these [docs](https://docs.victoriametrics.com/single-server-victoriametrics/#retention) + retentionPeriod: "1" + replicationFactor: 2 + vmstorage: + image: + tag: v1.102.0-cluster + replicaCount: 2 + storageDataPath: "/vm-data" + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 10Gi + resources: + {} + # limits: + # cpu: "1" + # memory: 1500Mi + vmselect: + image: + tag: v1.102.0-cluster + replicaCount: 2 + cacheMountPath: "/select-cache" + extraArgs: {} + storage: + volumeClaimTemplate: + spec: + resources: + requests: + storage: 2Gi + resources: + {} + # limits: + # cpu: "1" + # memory: "1000Mi" + # requests: + # cpu: "0.5" + # memory: "500Mi" + vminsert: + image: + tag: v1.102.0-cluster + replicaCount: 2 + extraArgs: {} + resources: + {} + # limits: + # cpu: "1" + # memory: 1000Mi + # requests: + # cpu: "0.5" + # memory: "500Mi" + + ingress: + storage: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vmstorage.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmstorage-ingress-tls + # hosts: + # - vmstorage.domain.com + select: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vmselect.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmselect-ingress-tls + # hosts: + # - vmselect.domain.com + insert: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vminsert.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vminsert-ingress-tls + # hosts: + # - vminsert.domain.com + +alertmanager: + enabled: true + annotations: {} + # spec for VMAlertmanager crd + # https://docs.victoriametrics.com/operator/api.html#vmalertmanagerspec + spec: + selectAllByDefault: true + image: + tag: v0.25.0 + externalURL: "" + routePrefix: / + + # if this one defined, it will be used for alertmanager configuration and config parameter will be ignored + # configSecret: "alertmanager-config" + + config: + templates: + - "/etc/vm/configs/**/*.tmpl" + route: + # group_by: ["alertgroup", "job"] + # group_wait: 30s + # group_interval: 5m + # repeat_interval: 12h + receiver: "blackhole" + ## routes: + ################################################### + ## Duplicate code_owner routes to teams + ## These will send alerts to team channels but continue + ## processing through the rest of the tree to handled by on-call + # - matchers: + # - code_owner_channel!="" + # - severity=~"info|warning|critical" + # group_by: ["code_owner_channel", "alertgroup", "job"] + # receiver: slack-code-owners + # ################################################### + # ## Standard on-call routes + # - matchers: + # - severity=~"info|warning|critical" + # receiver: slack-monitoring + # continue: true + + # inhibit_rules: + # - target_matchers: + # - severity=~"warning|info" + # source_matchers: + # - severity=critical + # equal: + # - cluster + # - namespace + # - alertname + # - target_matchers: + # - severity=info + # source_matchers: + # - severity=warning + # equal: + # - cluster + # - namespace + # - alertname + # - target_matchers: + # - severity=info + # source_matchers: + # - alertname=InfoInhibitor + # equal: + # - cluster + # - namespace + + receivers: + - name: blackhole + # - name: "slack-monitoring" + # slack_configs: + # - channel: "#channel" + # send_resolved: true + # title: '{{ template "slack.monzo.title" . }}' + # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' + # color: '{{ template "slack.monzo.color" . }}' + # text: '{{ template "slack.monzo.text" . }}' + # actions: + # - type: button + # text: "Runbook :green_book:" + # url: "{{ (index .Alerts 0).Annotations.runbook_url }}" + # - type: button + # text: "Query :mag:" + # url: "{{ (index .Alerts 0).GeneratorURL }}" + # - type: button + # text: "Dashboard :grafana:" + # url: "{{ (index .Alerts 0).Annotations.dashboard }}" + # - type: button + # text: "Silence :no_bell:" + # url: '{{ template "__alert_silence_link" . }}' + # - type: button + # text: '{{ template "slack.monzo.link_button_text" . }}' + # url: "{{ .CommonAnnotations.link_url }}" + # - name: slack-code-owners + # slack_configs: + # - channel: "#{{ .CommonLabels.code_owner_channel }}" + # send_resolved: true + # title: '{{ template "slack.monzo.title" . }}' + # icon_emoji: '{{ template "slack.monzo.icon_emoji" . }}' + # color: '{{ template "slack.monzo.color" . }}' + # text: '{{ template "slack.monzo.text" . }}' + # actions: + # - type: button + # text: "Runbook :green_book:" + # url: "{{ (index .Alerts 0).Annotations.runbook }}" + # - type: button + # text: "Query :mag:" + # url: "{{ (index .Alerts 0).GeneratorURL }}" + # - type: button + # text: "Dashboard :grafana:" + # url: "{{ (index .Alerts 0).Annotations.dashboard }}" + # - type: button + # text: "Silence :no_bell:" + # url: '{{ template "__alert_silence_link" . }}' + # - type: button + # text: '{{ template "slack.monzo.link_button_text" . }}' + # url: "{{ .CommonAnnotations.link_url }}" + # + # better alert templates for slack + # source https://gist.github.com/milesbxf/e2744fc90e9c41b47aa47925f8ff6512 + monzoTemplate: + enabled: true + + # extra alert templates + templateFiles: + {} + # template_1.tmpl: |- + # {{ define "hello" -}} + # hello, Victoria! + # {{- end }} + # template_2.tmpl: "" + + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - alertmanager.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: alertmanager-ingress-tls + # hosts: + # - alertmanager.domain.com + +vmalert: + annotations: {} + enabled: true + + # Controls whether VMAlert should use VMAgent or VMInsert as a target for remotewrite + remoteWriteVMAgent: false + # spec for VMAlert crd + # https://docs.victoriametrics.com/operator/api.html#vmalertspec + spec: + selectAllByDefault: true + image: + tag: v1.102.0 + evaluationInterval: 15s + + # External labels to add to all generated recording rules and alerts + externalLabels: {} + + # extra vmalert annotation templates + templateFiles: + {} + # template_1.tmpl: |- + # {{ define "hello" -}} + # hello, Victoria! + # {{- end }} + # template_2.tmpl: "" + + ## additionalNotifierConfigs allows to configure static notifiers, discover notifiers via Consul and DNS, + ## see specification in https://docs.victoriametrics.com/vmalert/#notifier-configuration-file. + ## This configuration will be created as separate secret and mounted to vmalert pod. + additionalNotifierConfigs: {} + # dns_sd_configs: + # - names: + # - my.domain.com + # type: 'A' + # port: 9093 + + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vmalert.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmalert-ingress-tls + # hosts: + # - vmalert.domain.com + +vmagent: + enabled: true + annotations: {} + # https://docs.victoriametrics.com/operator/api.html#vmagentremotewritespec + # defined spec will be added to the remoteWrite configuration of VMAgent + additionalRemoteWrites: + [] + #- url: http://some-remote-write/api/v1/write + # spec for VMAgent crd + # https://docs.victoriametrics.com/operator/api.html#vmagentspec + spec: + selectAllByDefault: true + image: + tag: v1.102.0 + scrapeInterval: 20s + externalLabels: {} + # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. + # For example: + # cluster: cluster-name + extraArgs: + promscrape.streamParse: "true" + # Do not store original labels in vmagent's memory by default. This reduces the amount of memory used by vmagent + # but makes vmagent debugging UI less informative. See: https://docs.victoriametrics.com/vmagent/#relabel-debug + promscrape.dropOriginalLabels: "true" + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - vmagent.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: vmagent-ingress-tls + # hosts: + # - vmagent.domain.com + +################################################# +### dependencies ##### +################################################# +# Grafana dependency chart configuration. For possible values refer to https://github.com/grafana/helm-charts/tree/main/charts/grafana#configuration +grafana: + enabled: true + ## all values for grafana helm chart can be specified here + sidecar: + datasources: + enabled: true + initDatasources: true + createVMReplicasDatasources: false + # JSON options for VM datasources + # See https://grafana.com/docs/grafana/latest/administration/provisioning/#json-data + jsonData: {} + # timeInterval: "1m" + dashboards: + additionalDashboardLabels: {} + additionalDashboardAnnotations: {} + enabled: true + multicluster: false + + ## ForceDeployDatasource Create datasource configmap even if grafana deployment has been disabled + forceDeployDatasource: false + + ## Configure additional grafana datasources (passed through tpl) + ## ref: http://docs.grafana.org/administration/provisioning/#datasources + additionalDataSources: [] + # - name: prometheus-sample + # access: proxy + # basicAuth: true + # basicAuthPassword: pass + # basicAuthUser: daco + # editable: false + # jsonData: + # tlsSkipVerify: true + # orgId: 1 + # type: prometheus + # url: https://{{ printf "%s-prometheus.svc" .Release.Name }}:9090 + # version: 1 + + dashboardProviders: + dashboardproviders.yaml: + apiVersion: 1 + providers: + - name: "default" + orgId: 1 + folder: "" + type: file + disableDeletion: false + editable: true + options: + path: /var/lib/grafana/dashboards/default + + dashboards: + default: + nodeexporter: + gnetId: 1860 + revision: 22 + datasource: VictoriaMetrics + + defaultDashboardsTimezone: utc + + # Enabling VictoriaMetrics Datasource in Grafana. See more details here: https://github.com/VictoriaMetrics/grafana-datasource/blob/main/README.md#victoriametrics-datasource-for-grafana + # Note that Grafana will need internet access to install the datasource plugin. + # Uncomment the block below, if you want to enable VictoriaMetrics Datasource in Grafana: + #plugins: + # - "https://github.com/VictoriaMetrics/grafana-datasource/releases/download/v0.5.0/victoriametrics-datasource-v0.5.0.zip;victoriametrics-datasource" + #grafana.ini: + # plugins: + # # Why VictoriaMetrics datasource is unsigned: https://github.com/VictoriaMetrics/grafana-datasource/blob/main/README.md#why-victoriametrics-datasource-is-unsigned + # allow_loading_unsigned_plugins: victoriametrics-datasource + + # Change datasource type in dashboards from Prometheus to VictoriaMetrics. + # you can use `victoriametrics-datasource` instead of `prometheus` if enabled VictoriaMetrics Datasource above + defaultDatasourceType: "prometheus" + + ingress: + enabled: false + # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName + # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress + # ingressClassName: nginx + # Values can be templated + annotations: + {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + labels: {} + path: / + # pathType is only for k8s > 1.19 + pathType: Prefix + + hosts: + - grafana.domain.com + ## Extra paths to prepend to every host configuration. This is useful when working with annotation based services. + extraPaths: [] + # - path: /* + # backend: + # serviceName: ssl-redirect + # servicePort: use-annotation + ## Or for k8s > 1.19 + # - path: /* + # pathType: Prefix + # backend: + # service: + # name: ssl-redirect + # port: + # name: service + tls: [] + # - secretName: grafana-ingress-tls + # hosts: + # - grafana.domain.com + + vmServiceScrape: + # whether we should create a service scrape resource for grafana + enabled: true + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: {} + +# prometheus-node-exporter dependency chart configuration. For possible values refer to https://github.com/prometheus-community/helm-charts/blob/main/charts/prometheus-node-exporter/values.yaml +prometheus-node-exporter: + enabled: true + + ## all values for prometheus-node-exporter helm chart can be specified here + podLabels: + ## Add the 'node-exporter' label to be used by serviceMonitor to match standard common usage in rules and grafana dashboards + ## + jobLabel: node-exporter + extraArgs: + - --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/) + - --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$ + + vmServiceScrape: + # whether we should create a service scrape resource for node-exporter + enabled: true + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - port: metrics + metricRelabelConfigs: + - action: drop + source_labels: [mountpoint] + regex: "/var/lib/kubelet/pods.+" +# kube-state-metrics dependency chart configuration. For possible values refer to https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-state-metrics/values.yaml +kube-state-metrics: + enabled: true + ## all values for kube-state-metrics helm chart can be specified here + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + vmServiceScrape: + spec: {} + + #TODO: selector override for kube-state-metrics deployed separatelly + +################################################# +### Service Monitors ##### +################################################# +## Component scraping the kubelets +kubelet: + enabled: true + + # -- Enable scraping /metrics/cadvisor from kubelet's service + cadvisor: true + # -- Enable scraping /metrics/probes from kubelet's service + probes: true + # spec for VMNodeScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmnodescrapespec + spec: + scheme: "https" + honorLabels: true + interval: "30s" + scrapeTimeout: "5s" + tlsConfig: + insecureSkipVerify: true + caFile: "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt" + bearerTokenFile: "/var/run/secrets/kubernetes.io/serviceaccount/token" + # drop high cardinality label and useless metrics for cadvisor and kubelet + metricRelabelConfigs: + - action: labeldrop + regex: (uid) + - action: labeldrop + regex: (id|name) + - action: drop + source_labels: [__name__] + regex: (rest_client_request_duration_seconds_bucket|rest_client_request_duration_seconds_sum|rest_client_request_duration_seconds_count) + relabelConfigs: + - action: labelmap + regex: __meta_kubernetes_node_label_(.+) + - sourceLabels: [__metrics_path__] + targetLabel: metrics_path + - targetLabel: "job" + replacement: "kubelet" + # ignore timestamps of cadvisor's metrics by default + # more info here https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4697#issuecomment-1656540535 + honorTimestamps: false +# -- Component scraping the kube api server +kubeApiServer: + enabled: true + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: https + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + jobLabel: component + namespaceSelector: + matchNames: + - default + selector: + matchLabels: + component: apiserver + provider: kubernetes + +# -- Component scraping the kube controller manager +kubeControllerManager: + enabled: true + + ## If your kube controller manager is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeControllerManager.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10257 + targetPort: 10257 + # selector: + # component: kube-controller-manager + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + serverName: kubernetes + +# -Component scraping kubeDns. Use either this or coreDns +kubeDns: + enabled: false + service: + enabled: false + dnsmasq: + port: 10054 + targetPort: 10054 + skydns: + port: 10055 + targetPort: 10055 + selector: + k8s-app: kube-dns + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + endpoints: + - port: http-metrics-dnsmasq + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + - port: http-metrics-skydns + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + +# -- Component scraping coreDns. Use either this or kubeDns +coreDns: + enabled: true + service: + enabled: true + port: 9153 + targetPort: 9153 + selector: + k8s-app: kube-dns + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - port: http-metrics + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + +## Component scraping etcd +## +kubeEtcd: + enabled: true + + ## If your etcd is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## Etcd service. If using kubeEtcd.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 2379 + targetPort: 2379 + # selector: + # component: etcd + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +## Component scraping kube scheduler +## +kubeScheduler: + enabled: true + + ## If your kube scheduler is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + ## If using kubeScheduler.endpoints only the port and targetPort are used + ## + service: + enabled: true + port: 10259 + targetPort: 10259 + # selector: + # component: kube-scheduler + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +## Component scraping kube proxy +## +kubeProxy: + enabled: false + + ## If your kube proxy is not deployed as a pod, specify IPs it can be found on + ## + endpoints: [] + # - 10.141.4.22 + # - 10.141.4.23 + # - 10.141.4.24 + + service: + enabled: true + port: 10249 + targetPort: 10249 + # selector: + # k8s-app: kube-proxy + + # spec for VMServiceScrape crd + # https://docs.victoriametrics.com/operator/api.html#vmservicescrapespec + spec: + jobLabel: jobLabel + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + # bearerTokenSecret: + # key: "" + port: http-metrics + scheme: https + tlsConfig: + caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt + +## install vm operator crds +crds: + enabled: true + +## install prometheus operator crds +prometheus-operator-crds: + enabled: false + +# -- Add extra objects dynamically to this chart +extraObjects: [] + diff --git a/modules/victoria-metrics/variables.tf b/modules/victoria-metrics/variables.tf new file mode 100644 index 00000000..93adc5a2 --- /dev/null +++ b/modules/victoria-metrics/variables.tf @@ -0,0 +1,18 @@ +variable "cluster_name" { + description = "Name of K8 cluster" + type = string + default = "dpe-k8" +} + +variable "kube_config_path" { + description = "Kube config path" + type = string + default = "~/.kube/config" +} + +variable "region" { + description = "AWS region" + type = string + default = "us-east-1" +} + diff --git a/modules/internal-k8-infra/versions.tf b/modules/victoria-metrics/versions.tf similarity index 66% rename from modules/internal-k8-infra/versions.tf rename to modules/victoria-metrics/versions.tf index aae1e3f6..00cbb0b3 100644 --- a/modules/internal-k8-infra/versions.tf +++ b/modules/victoria-metrics/versions.tf @@ -8,10 +8,6 @@ terraform { source = "hashicorp/kubernetes" version = "~> 2.0" } - spotinst = { - source = "spotinst/spotinst" - version = "1.172.0" # Specify the version you wish to use - } helm = { source = "hashicorp/helm" version = "~> 2.0" From 62bb601b42c798628bfd6c2b535ab8507c4c4082 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:50:26 -0700 Subject: [PATCH 097/161] Delete bad copy --- modules/main.tf | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 4cabeeba..355eea54 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -104,27 +104,6 @@ resource "spacelift_version" "spacelift-private-workerpool-version" { version_number = "0.2.0" } -resource "spacelift_module" "spacelift-private-workerpool" { - github_enterprise { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - - name = "spacelift-private-workerpool" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" - repository = "eks-stack" - project_root = "modules/spacelift-private-worker" - space_id = "root" -} - -resource "spacelift_version" "spacelift-private-workerpool-version" { - module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.1.3" -} - resource "spacelift_module" "spacelift_modules" { for_each = local.spacelift_modules From c8e3906414896fbab3719ef39290be06b4d11eaf Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:51:31 -0700 Subject: [PATCH 098/161] Remove notes --- README.md | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/README.md b/README.md index 9b5b7895..fe30a568 100644 --- a/README.md +++ b/README.md @@ -202,19 +202,3 @@ This document describes the abbreviated process below: ``` - Add a new `spacelift_aws_integration` resources to the `common-resources/aws-integrations` directory. - - - - - -### Junk notes that should not be committed: -aws sso login --profile dnt-dev-admin -aws eks update-kubeconfig --region us-east-1 --name dpe-k8-sandbox --role-arn arn:aws:iam::631692904429:role/eks-admin-role-dpe-k8-sandbox --profile dnt-dev-admin - - -# Checklist of things I need to get done: -- Why is the service not found, and why can the demo not all connect to eachother -- Should I implement pod level security groups? -- Should I use k8s network policies? -- Can I use the 'strict' networking rule -- Connecting to the application through the TGW instead of through the internet/public VPN IP \ No newline at end of file From 4bc40657a0a8f4f55480064e6403f4ae68b8497c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:57:31 -0700 Subject: [PATCH 099/161] Set keepers on version --- modules/main.tf | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 355eea54..5af075be 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -38,7 +38,10 @@ resource "spacelift_module" "sage-aws-vpc" { resource "spacelift_version" "sage-aws-vpc-version" { module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.3.3" + version_number = "0.3.4" + keepers = { + "version" = "0.3.4" + } } resource "spacelift_module" "sage-aws-eks" { @@ -59,7 +62,10 @@ resource "spacelift_module" "sage-aws-eks" { resource "spacelift_version" "sage-aws-eks-version" { module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.9" + version_number = "0.3.10" + keepers = { + "version" = "0.3.10" + } } resource "spacelift_module" "sage-aws-eks-autoscaler" { @@ -80,7 +86,10 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.3.2" + version_number = "0.3.3" + keepers = { + "version" = "0.3.3" + } } resource "spacelift_module" "spacelift-private-workerpool" { @@ -97,11 +106,15 @@ resource "spacelift_module" "spacelift-private-workerpool" { repository = "eks-stack" project_root = "modules/spacelift-private-worker" space_id = "root" + } resource "spacelift_version" "spacelift-private-workerpool-version" { module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.2.0" + version_number = "0.2.1" + keepers = { + "version" = "0.2.1" + } } resource "spacelift_module" "spacelift_modules" { @@ -126,4 +139,7 @@ resource "spacelift_version" "spacelift_versions" { for_each = local.spacelift_modules module_id = spacelift_module.spacelift_modules[each.key].id version_number = each.value.version_number + keepers = { + "version" = each.value.version_number + } } From b8086763ee865757bcd05ae7acd554d94e3b2fef Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:58:15 -0700 Subject: [PATCH 100/161] a --- modules/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 5af075be..3c19fdee 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.1" + version_number = "0.0.2" } # Add more modules here if needed } From 706894a383129f37f5b1a515155904ad439fd36d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 12:58:55 -0700 Subject: [PATCH 101/161] Deploy VM --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index ace5e2f5..6c33d35d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -8,3 +8,8 @@ module "sage-aws-eks-autoscaler" { node_security_group_id = var.node_security_group_id spotinst_account = var.spotinst_account } + +module "victoria-metrics" { + source = "spacelift.io/sagebionetworks/victoria-metrics/aws" + version = "0.0.2" +} From 4539387428658ef47141563eab44b885f67cd3bf Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:01:49 -0700 Subject: [PATCH 102/161] Correct ID that changed for some reason --- dev/spacelift/dpe-sandbox/main.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index e0260360..2a292195 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -118,7 +118,7 @@ resource "spacelift_stack_destructor" "k8s-stack-destructor" { resource "spacelift_aws_integration_attachment" "k8s-aws-integration-attachment" { # org-sagebase-dnt-dev-aws-integration - integration_id = "01J3DNYVM4AWWSDY3QEVRMQ076" + integration_id = "01J3R9GX6DC09QV7NV872DDYR3" stack_id = spacelift_stack.k8s-stack.id read = true write = true @@ -126,7 +126,7 @@ resource "spacelift_aws_integration_attachment" "k8s-aws-integration-attachment" resource "spacelift_aws_integration_attachment" "k8s-deployments-aws-integration-attachment" { # org-sagebase-dnt-dev-aws-integration - integration_id = "01J3DNYVM4AWWSDY3QEVRMQ076" + integration_id = "01J3R9GX6DC09QV7NV872DDYR3" stack_id = spacelift_stack.k8s-stack-deployments.id read = true write = true From 75705d62e012b637d298c13bc9c81474a71835d1 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:16:47 -0700 Subject: [PATCH 103/161] Comment out other helm repo --- modules/main.tf | 2 +- modules/victoria-metrics/main.tf | 25 ++++++++++++++----------- 2 files changed, 15 insertions(+), 12 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 3c19fdee..7be30557 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.2" + version_number = "0.0.3" } # Add more modules here if needed } diff --git a/modules/victoria-metrics/main.tf b/modules/victoria-metrics/main.tf index 65358498..e8ffb8a6 100644 --- a/modules/victoria-metrics/main.tf +++ b/modules/victoria-metrics/main.tf @@ -4,15 +4,15 @@ resource "kubernetes_namespace" "victoria-metrics" { } } -resource "helm_repository" "grafana" { - name = "grafana" - url = "https://grafana.github.io/helm-charts" -} +# resource "helm_repository" "grafana" { +# name = "grafana" +# url = "https://grafana.github.io/helm-charts" +# } -resource "helm_repository" "prometheus-community" { - name = "prometheus-community" - url = "https://prometheus-community.github.io/helm-charts" -} +# resource "helm_repository" "prometheus-community" { +# name = "prometheus-community" +# url = "https://prometheus-community.github.io/helm-charts" +# } resource "helm_release" "victoria-metrics" { name = "victoria-metrics-k8s-stack" @@ -20,10 +20,13 @@ resource "helm_release" "victoria-metrics" { chart = "victoria-metrics-k8s-stack" namespace = "victoria-metrics" version = "0.9.25" + # depends_on = [ + # kubernetes_namespace.victoria-metrics, + # helm_repository.grafana, + # helm_repository.prometheus-community + # ] depends_on = [ - kubernetes_namespace.victoria-metrics, - helm_repository.grafana, - helm_repository.prometheus-community + kubernetes_namespace.victoria-metrics ] values = [templatefile("${path.module}/templates/values.yaml", {})] From e30b6cdf7dabaa32c67ae720001499fc46bea0d7 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:17:29 -0700 Subject: [PATCH 104/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6c33d35d..48dce819 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -11,5 +11,5 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" - version = "0.0.2" + version = "0.0.3" } From 6c0ccaa072ca317ffac9b180ef1df5b84bdf1f8e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:20:00 -0700 Subject: [PATCH 105/161] Correct cluster name --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 48dce819..876be7f9 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -12,4 +12,6 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" version = "0.0.3" + + cluster_name = var.cluster_name } From 6baea65499539c22d747bbf4f9b323c49396147d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:23:23 -0700 Subject: [PATCH 106/161] Correct ver --- modules/main.tf | 2 +- modules/victoria-metrics/main.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 7be30557..f67248c9 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.3" + version_number = "0.0.4" } # Add more modules here if needed } diff --git a/modules/victoria-metrics/main.tf b/modules/victoria-metrics/main.tf index e8ffb8a6..9e1fb401 100644 --- a/modules/victoria-metrics/main.tf +++ b/modules/victoria-metrics/main.tf @@ -19,7 +19,7 @@ resource "helm_release" "victoria-metrics" { repository = "https://victoriametrics.github.io/helm-charts/" chart = "victoria-metrics-k8s-stack" namespace = "victoria-metrics" - version = "0.9.25" + version = "0.24.3" # depends_on = [ # kubernetes_namespace.victoria-metrics, # helm_repository.grafana, From cf9d591955704ee5982e4b1bfd60778f93b8fdec Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 13:24:43 -0700 Subject: [PATCH 107/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 876be7f9..82b949c0 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -11,7 +11,7 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" - version = "0.0.3" + version = "0.0.4" cluster_name = var.cluster_name } From b0bab3eae55e08737eb1591f833f5c41c3d5f468 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:28:59 -0700 Subject: [PATCH 108/161] Allow desired capacity to be set --- modules/main.tf | 4 ++-- modules/sage-aws-k8s-node-autoscaler/main.tf | 1 + modules/sage-aws-k8s-node-autoscaler/variables.tf | 6 ++++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index f67248c9..30ac62a2 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -86,9 +86,9 @@ resource "spacelift_module" "sage-aws-eks-autoscaler" { resource "spacelift_version" "sage-aws-eks-autoscaler-version" { module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.3.3" + version_number = "0.3.4" keepers = { - "version" = "0.3.3" + "version" = "0.3.4" } } diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index 8147dfbc..0a92e260 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -102,6 +102,7 @@ module "ocean-aws-k8s" { is_aggressive_scale_down_enabled = true max_scale_down_percentage = 33 tags = var.tags + desired_capacity = var.desired_capacity } resource "aws_eks_addon" "coredns" { diff --git a/modules/sage-aws-k8s-node-autoscaler/variables.tf b/modules/sage-aws-k8s-node-autoscaler/variables.tf index 70877106..26efd91e 100644 --- a/modules/sage-aws-k8s-node-autoscaler/variables.tf +++ b/modules/sage-aws-k8s-node-autoscaler/variables.tf @@ -43,3 +43,9 @@ variable "tags" { "CostCenter" = "No Program / 000000" } } + +variable "desired_capacity" { + description = "Desired capacity of the node group" + type = number + default = 1 +} From f34dca647fd202ef674aa6f61969f513debd97ee Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:29:35 -0700 Subject: [PATCH 109/161] Bump capacity for testing --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 82b949c0..297290f1 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,12 +1,13 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.3.2" + version = "0.3.4" cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids vpc_id = var.vpc_id node_security_group_id = var.node_security_group_id spotinst_account = var.spotinst_account + desired_capacity = 2 } module "victoria-metrics" { From 3fdc6946f3e11d78b69826ce8e8c8b8f2030e8d5 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:50:27 -0700 Subject: [PATCH 110/161] Create otel-collector --- modules/main.tf | 17 ++++++- modules/opentelemetry-collector/README.md | 6 +++ modules/opentelemetry-collector/data.tf | 7 +++ modules/opentelemetry-collector/main.tf | 28 +++++++++++ .../templates/values.yaml | 49 +++++++++++++++++++ modules/opentelemetry-collector/variables.tf | 17 +++++++ modules/opentelemetry-collector/versions.tf | 16 ++++++ modules/victoria-metrics/main.tf | 15 ------ 8 files changed, 139 insertions(+), 16 deletions(-) create mode 100644 modules/opentelemetry-collector/README.md create mode 100644 modules/opentelemetry-collector/data.tf create mode 100644 modules/opentelemetry-collector/main.tf create mode 100644 modules/opentelemetry-collector/templates/values.yaml create mode 100644 modules/opentelemetry-collector/variables.tf create mode 100644 modules/opentelemetry-collector/versions.tf diff --git a/modules/main.tf b/modules/main.tf index 30ac62a2..fa544e55 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,7 +16,22 @@ locals { space_id = "root" version_number = "0.0.4" } - # Add more modules here if needed + opentelemetry-collector = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "opentelemetry-collector" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-1007-monitoring" + description = "Helm chart deployment for the OTEL collector" + project_root = "modules/opentelemetry-collector" + space_id = "root" + version_number = "0.0.1" + } } } diff --git a/modules/opentelemetry-collector/README.md b/modules/opentelemetry-collector/README.md new file mode 100644 index 00000000..2d370cae --- /dev/null +++ b/modules/opentelemetry-collector/README.md @@ -0,0 +1,6 @@ +# Purpose +This module is used to deploy the OpenTelemetry Collector helm chart + +Resources: + +- diff --git a/modules/opentelemetry-collector/data.tf b/modules/opentelemetry-collector/data.tf new file mode 100644 index 00000000..765d5620 --- /dev/null +++ b/modules/opentelemetry-collector/data.tf @@ -0,0 +1,7 @@ +data "aws_eks_cluster" "cluster" { + name = var.cluster_name +} + +data "aws_eks_cluster_auth" "cluster" { + name = var.cluster_name +} \ No newline at end of file diff --git a/modules/opentelemetry-collector/main.tf b/modules/opentelemetry-collector/main.tf new file mode 100644 index 00000000..bd42b5e1 --- /dev/null +++ b/modules/opentelemetry-collector/main.tf @@ -0,0 +1,28 @@ +resource "kubernetes_namespace" "opentelemetry" { + metadata { + name = "opentelemetry" + } +} + +resource "helm_release" "victoria-metrics" { + name = "opentelemetry-collector" + repository = "https://open-telemetry.github.io/opentelemetry-helm-charts" + chart = "opentelemetry-collector" + namespace = "opentelemetry" + version = "0.100.0" + depends_on = [ + kubernetes_namespace.opentelemetry + ] + + set { + name = "image.repository" + value = "otel/opentelemetry-collector-k8s" + } + + set { + name = "mode" + value = "deployment" + } + + values = [templatefile("${path.module}/templates/values.yaml", {})] +} diff --git a/modules/opentelemetry-collector/templates/values.yaml b/modules/opentelemetry-collector/templates/values.yaml new file mode 100644 index 00000000..0006002c --- /dev/null +++ b/modules/opentelemetry-collector/templates/values.yaml @@ -0,0 +1,49 @@ +exporters: + # NOTE: Prior to v0.86.0 use `logging` instead of `debug`. + debug: {} +extensions: + health_check: {} +processors: + batch: {} + memory_limiter: + check_interval: 5s + limit_percentage: 80 + spike_limit_percentage: 25 +receivers: + otlp: + protocols: + grpc: + endpoint: ${env:MY_POD_IP}:4317 + http: + endpoint: ${env:MY_POD_IP}:4318 +service: + extensions: + - health_check + pipelines: + logs: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + metrics: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + traces: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + telemetry: + metrics: + address: ${env:MY_POD_IP}:8888 diff --git a/modules/opentelemetry-collector/variables.tf b/modules/opentelemetry-collector/variables.tf new file mode 100644 index 00000000..54e4b955 --- /dev/null +++ b/modules/opentelemetry-collector/variables.tf @@ -0,0 +1,17 @@ +variable "cluster_name" { + description = "Name of K8 cluster" + type = string +} + +variable "kube_config_path" { + description = "Kube config path" + type = string + default = "~/.kube/config" +} + +variable "region" { + description = "AWS region" + type = string + default = "us-east-1" +} + diff --git a/modules/opentelemetry-collector/versions.tf b/modules/opentelemetry-collector/versions.tf new file mode 100644 index 00000000..00cbb0b3 --- /dev/null +++ b/modules/opentelemetry-collector/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } + } +} diff --git a/modules/victoria-metrics/main.tf b/modules/victoria-metrics/main.tf index 9e1fb401..a0297653 100644 --- a/modules/victoria-metrics/main.tf +++ b/modules/victoria-metrics/main.tf @@ -4,27 +4,12 @@ resource "kubernetes_namespace" "victoria-metrics" { } } -# resource "helm_repository" "grafana" { -# name = "grafana" -# url = "https://grafana.github.io/helm-charts" -# } - -# resource "helm_repository" "prometheus-community" { -# name = "prometheus-community" -# url = "https://prometheus-community.github.io/helm-charts" -# } - resource "helm_release" "victoria-metrics" { name = "victoria-metrics-k8s-stack" repository = "https://victoriametrics.github.io/helm-charts/" chart = "victoria-metrics-k8s-stack" namespace = "victoria-metrics" version = "0.24.3" - # depends_on = [ - # kubernetes_namespace.victoria-metrics, - # helm_repository.grafana, - # helm_repository.prometheus-community - # ] depends_on = [ kubernetes_namespace.victoria-metrics ] From 1e29e369556f341b32a583411f884fa7078d121c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:52:36 -0700 Subject: [PATCH 111/161] Deploy otel collector --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 297290f1..2eec71ee 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -16,3 +16,9 @@ module "victoria-metrics" { cluster_name = var.cluster_name } + +module "opentelemetry-collector" { + source = "spacelift.io/sagebionetworks/opentelemetry-collector/aws" + version = "0.0.1" + cluster_name = var.cluster_name +} From 2989cfe569a1f0d2e5ac88bcf693a79fabf812ae Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:56:14 -0700 Subject: [PATCH 112/161] Correct values interpolation --- modules/main.tf | 2 +- modules/opentelemetry-collector/main.tf | 2 +- modules/opentelemetry-collector/templates/values.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index fa544e55..78b889bb 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -30,7 +30,7 @@ locals { description = "Helm chart deployment for the OTEL collector" project_root = "modules/opentelemetry-collector" space_id = "root" - version_number = "0.0.1" + version_number = "0.0.2" } } } diff --git a/modules/opentelemetry-collector/main.tf b/modules/opentelemetry-collector/main.tf index bd42b5e1..b00479f1 100644 --- a/modules/opentelemetry-collector/main.tf +++ b/modules/opentelemetry-collector/main.tf @@ -4,7 +4,7 @@ resource "kubernetes_namespace" "opentelemetry" { } } -resource "helm_release" "victoria-metrics" { +resource "helm_release" "opentelemetry" { name = "opentelemetry-collector" repository = "https://open-telemetry.github.io/opentelemetry-helm-charts" chart = "opentelemetry-collector" diff --git a/modules/opentelemetry-collector/templates/values.yaml b/modules/opentelemetry-collector/templates/values.yaml index 0006002c..8c8e623b 100644 --- a/modules/opentelemetry-collector/templates/values.yaml +++ b/modules/opentelemetry-collector/templates/values.yaml @@ -13,9 +13,9 @@ receivers: otlp: protocols: grpc: - endpoint: ${env:MY_POD_IP}:4317 + endpoint: $${env:MY_POD_IP}:4317 http: - endpoint: ${env:MY_POD_IP}:4318 + endpoint: $${env:MY_POD_IP}:4318 service: extensions: - health_check @@ -46,4 +46,4 @@ service: - otlp telemetry: metrics: - address: ${env:MY_POD_IP}:8888 + address: $${env:MY_POD_IP}:8888 From 18c9a50c408243e18c6498110c8b9481e31e8871 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 14:56:30 -0700 Subject: [PATCH 113/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 2eec71ee..3608f2d2 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,6 +19,6 @@ module "victoria-metrics" { module "opentelemetry-collector" { source = "spacelift.io/sagebionetworks/opentelemetry-collector/aws" - version = "0.0.1" + version = "0.0.2" cluster_name = var.cluster_name } From 971cb39c30445d95ad6f972a4ff4cbc53f6d2729 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:15:46 -0700 Subject: [PATCH 114/161] Update values --- modules/main.tf | 2 +- .../templates/values.yaml | 621 ++++++++++++++++-- 2 files changed, 575 insertions(+), 48 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 78b889bb..2271cb45 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -30,7 +30,7 @@ locals { description = "Helm chart deployment for the OTEL collector" project_root = "modules/opentelemetry-collector" space_id = "root" - version_number = "0.0.2" + version_number = "0.0.3" } } } diff --git a/modules/opentelemetry-collector/templates/values.yaml b/modules/opentelemetry-collector/templates/values.yaml index 8c8e623b..9dd18194 100644 --- a/modules/opentelemetry-collector/templates/values.yaml +++ b/modules/opentelemetry-collector/templates/values.yaml @@ -1,49 +1,576 @@ -exporters: - # NOTE: Prior to v0.86.0 use `logging` instead of `debug`. - debug: {} -extensions: - health_check: {} -processors: - batch: {} - memory_limiter: - check_interval: 5s - limit_percentage: 80 - spike_limit_percentage: 25 -receivers: +nameOverride: "" +fullnameOverride: "" + +# Valid values are "daemonset", "deployment", and "statefulset". +mode: "deployment" + +# Specify which namespace should be used to deploy the resources into +namespaceOverride: "" + +# Handles basic configuration of components that +# also require k8s modifications to work correctly. +# .Values.config can be used to modify/add to a preset +# component configuration, but CANNOT be used to remove +# preset configuration. If you require removal of any +# sections of a preset configuration, you cannot use +# the preset. Instead, configure the component manually in +# .Values.config and use the other fields supplied in the +# values.yaml to configure k8s as necessary. +presets: + # Configures the collector to collect logs. + # Adds the filelog receiver to the logs pipeline + # and adds the necessary volumes and volume mounts. + # Best used with mode = daemonset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#filelog-receiver for details on the receiver. + logsCollection: + enabled: false + includeCollectorLogs: false + # Enabling this writes checkpoints in /var/lib/otelcol/ host directory. + # Note this changes collector's user to root, so that it can write to host directory. + storeCheckpoints: false + # The maximum bytes size of the recombined field. + # Once the size exceeds the limit, all received entries of the source will be combined and flushed. + maxRecombineLogSize: 102400 + # Configures the collector to collect host metrics. + # Adds the hostmetrics receiver to the metrics pipeline + # and adds the necessary volumes and volume mounts. + # Best used with mode = daemonset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#host-metrics-receiver for details on the receiver. + hostMetrics: + enabled: false + # Configures the Kubernetes Processor to add Kubernetes metadata. + # Adds the k8sattributes processor to all the pipelines + # and adds the necessary rules to ClusteRole. + # Best used with mode = daemonset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-attributes-processor for details on the receiver. + kubernetesAttributes: + enabled: false + # When enabled the processor will extra all labels for an associated pod and add them as resource attributes. + # The label's exact name will be the key. + extractAllPodLabels: false + # When enabled the processor will extra all annotations for an associated pod and add them as resource attributes. + # The annotation's exact name will be the key. + extractAllPodAnnotations: false + # Configures the collector to collect node, pod, and container metrics from the API server on a kubelet.. + # Adds the kubeletstats receiver to the metrics pipeline + # and adds the necessary rules to ClusteRole. + # Best used with mode = daemonset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubeletstats-receiver for details on the receiver. + kubeletMetrics: + enabled: false + # Configures the collector to collect kubernetes events. + # Adds the k8sobject receiver to the logs pipeline + # and collects kubernetes events by default. + # Best used with mode = deployment or statefulset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-objects-receiver for details on the receiver. + kubernetesEvents: + enabled: false + # Configures the Kubernetes Cluster Receiver to collect cluster-level metrics. + # Adds the k8s_cluster receiver to the metrics pipeline + # and adds the necessary rules to ClusteRole. + # Best used with mode = deployment or statefulset. + # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-cluster-receiver for details on the receiver. + clusterMetrics: + enabled: false + +configMap: + # Specifies whether a configMap should be created (true by default) + create: true + # Specifies an existing ConfigMap to be mounted to the pod + # The ConfigMap MUST include the collector configuration via a key named 'relay' or the collector will not start. + existingName: "" + +# Base collector configuration. +# Supports templating. To escape existing instances of {{ }}, use {{` `}}. +# For example, {{ REDACTED_EMAIL }} becomes {{` {{ REDACTED_EMAIL }} `}}. +config: + exporters: + debug: {} + extensions: + # The health_check extension is mandatory for this chart. + # Without the health_check extension the collector will fail the readiness and liveliness probes. + # The health_check extension can be modified, but should never be removed. + health_check: + endpoint: $${env:MY_POD_IP}:13133 + processors: + batch: {} + # Default memory limiter configuration for the collector based on k8s resource limits. + memory_limiter: + # check_interval is the time between measurements of memory usage. + check_interval: 5s + # By default limit_mib is set to 80% of ".Values.resources.limits.memory" + limit_percentage: 80 + # By default spike_limit_mib is set to 25% of ".Values.resources.limits.memory" + spike_limit_percentage: 25 + receivers: + jaeger: + protocols: + grpc: + endpoint: $${env:MY_POD_IP}:14250 + thrift_http: + endpoint: $${env:MY_POD_IP}:14268 + thrift_compact: + endpoint: $${env:MY_POD_IP}:6831 + otlp: + protocols: + grpc: + endpoint: $${env:MY_POD_IP}:4317 + http: + endpoint: $${env:MY_POD_IP}:4318 + prometheus: + config: + scrape_configs: + - job_name: opentelemetry-collector + scrape_interval: 10s + static_configs: + - targets: + - $${env:MY_POD_IP}:8888 + zipkin: + endpoint: $${env:MY_POD_IP}:9411 + service: + telemetry: + metrics: + address: $${env:MY_POD_IP}:8888 + extensions: + - health_check + pipelines: + logs: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + metrics: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + - prometheus + traces: + exporters: + - debug + processors: + - memory_limiter + - batch + receivers: + - otlp + - jaeger + - zipkin + +image: + # If you want to use the core image `otel/opentelemetry-collector`, you also need to change `command.name` value to `otelcol`. + repository: "" + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). + digest: "" +imagePullSecrets: [] + +# OpenTelemetry Collector executable +command: + name: "" + extraArgs: [] + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +clusterRole: + # Specifies whether a clusterRole should be created + # Some presets also trigger the creation of a cluster role and cluster role binding. + # If using one of those presets, this field is no-op. + create: false + # Annotations to add to the clusterRole + # Can be used in combination with presets that create a cluster role. + annotations: {} + # The name of the clusterRole to use. + # If not set a name is generated using the fullname template + # Can be used in combination with presets that create a cluster role. + name: "" + # A set of rules as documented here : https://kubernetes.io/docs/reference/access-authn-authz/rbac/ + # Can be used in combination with presets that create a cluster role to add additional rules. + rules: [] + # - apiGroups: + # - '' + # resources: + # - 'pods' + # - 'nodes' + # verbs: + # - 'get' + # - 'list' + # - 'watch' + + clusterRoleBinding: + # Annotations to add to the clusterRoleBinding + # Can be used in combination with presets that create a cluster role binding. + annotations: {} + # The name of the clusterRoleBinding to use. + # If not set a name is generated using the fullname template + # Can be used in combination with presets that create a cluster role binding. + name: "" + +podSecurityContext: {} +securityContext: {} + +nodeSelector: {} +tolerations: [] +affinity: {} +topologySpreadConstraints: [] + +# Allows for pod scheduler prioritisation +priorityClassName: "" + +extraEnvs: [] +extraEnvsFrom: [] +# This also supports template content, which will eventually be converted to yaml. +extraVolumes: [] + +# This also supports template content, which will eventually be converted to yaml. +extraVolumeMounts: [] + +# Configuration for ports +# nodePort is also allowed +ports: otlp: - protocols: - grpc: - endpoint: $${env:MY_POD_IP}:4317 - http: - endpoint: $${env:MY_POD_IP}:4318 + enabled: true + containerPort: 4317 + servicePort: 4317 + hostPort: 4317 + protocol: TCP + # nodePort: 30317 + appProtocol: grpc + otlp-http: + enabled: true + containerPort: 4318 + servicePort: 4318 + hostPort: 4318 + protocol: TCP + metrics: + # The metrics port is disabled by default. However you need to enable the port + # in order to use the ServiceMonitor (serviceMonitor.enabled) or PodMonitor (podMonitor.enabled). + enabled: false + containerPort: 8888 + servicePort: 8888 + protocol: TCP + +# When enabled, the chart will set the GOMEMLIMIT env var to 80% of the configured resources.limits.memory. +# If no resources.limits.memory are defined then enabling does nothing. +# It is HIGHLY recommend to enable this setting and set a value for resources.limits.memory. +useGOMEMLIMIT: true + +# Resource limits & requests. +# It is HIGHLY recommended to set resource limits. +resources: {} +# resources: +# limits: +# cpu: 250m +# memory: 512Mi + +podAnnotations: {} + +podLabels: {} + +# Common labels to add to all otel-collector resources. Evaluated as a template. +additionalLabels: {} +# app.kubernetes.io/part-of: my-app + +# Host networking requested for this pod. Use the host's network namespace. +hostNetwork: false + +# Adding entries to Pod /etc/hosts with HostAliases +# https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ +hostAliases: [] + # - ip: "1.2.3.4" + # hostnames: + # - "my.host.com" + +# Pod DNS policy ClusterFirst, ClusterFirstWithHostNet, None, Default, None +dnsPolicy: "Default" + +# Custom DNS config. Required when DNS policy is None. +dnsConfig: {} + +# only used with deployment mode +replicaCount: 1 + +# only used with deployment mode +revisionHistoryLimit: 10 + +annotations: {} + +# List of extra sidecars to add. +# This also supports template content, which will eventually be converted to yaml. +extraContainers: [] +# extraContainers: +# - name: test +# command: +# - cp +# args: +# - /bin/sleep +# - /test/sleep +# image: busybox:latest +# volumeMounts: +# - name: test +# mountPath: /test + +# List of init container specs, e.g. for copying a binary to be executed as a lifecycle hook. +# This also supports template content, which will eventually be converted to yaml. +# Another usage of init containers is e.g. initializing filesystem permissions to the OTLP Collector user `10001` in case you are using persistence and the volume is producing a permission denied error for the OTLP Collector container. +initContainers: [] +# initContainers: +# - name: test +# image: busybox:latest +# command: +# - cp +# args: +# - /bin/sleep +# - /test/sleep +# volumeMounts: +# - name: test +# mountPath: /test +# - name: init-fs +# image: busybox:latest +# command: +# - sh +# - '-c' +# - 'chown -R 10001: /var/lib/storage/otc' # use the path given as per `extensions.file_storage.directory` & `extraVolumeMounts[x].mountPath` +# volumeMounts: +# - name: opentelemetry-collector-data # use the name of the volume used for persistence +# mountPath: /var/lib/storage/otc # use the path given as per `extensions.file_storage.directory` & `extraVolumeMounts[x].mountPath` + +# Pod lifecycle policies. +lifecycleHooks: {} +# lifecycleHooks: +# preStop: +# exec: +# command: +# - /test/sleep +# - "5" + +# liveness probe configuration +# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## +livenessProbe: + # Number of seconds after the container has started before startup, liveness or readiness probes are initiated. + initialDelaySeconds: 5 + # How often in seconds to perform the probe. + periodSeconds: 30 + # Number of seconds after which the probe times out. + timeoutSeconds: 1 + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 1 + # Duration in seconds the pod needs to terminate gracefully upon probe failure. + terminationGracePeriodSeconds: 10 + httpGet: + port: 13133 + path: / + +# readiness probe configuration +# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +## +readinessProbe: + # Number of seconds after the container has started before startup, liveness or readiness probes are initiated. + initialDelaySeconds: 5 + # How often (in seconds) to perform the probe. + periodSeconds: 10 + # Number of seconds after which the probe times out. + timeoutSeconds: 1 + # Minimum consecutive successes for the probe to be considered successful after having failed. + successThreshold: 2 + # Minimum consecutive failures for the probe to be considered failed after having succeeded. + failureThreshold: 2 + httpGet: + port: 13133 + path: / + service: - extensions: - - health_check - pipelines: - logs: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - metrics: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - traces: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - telemetry: - metrics: - address: $${env:MY_POD_IP}:8888 + # Enable the creation of a Service. + # By default, it's enabled on mode != daemonset. + # However, to enable it on mode = daemonset, its creation must be explicitly enabled + # enabled: true + + type: ClusterIP + # type: LoadBalancer + # loadBalancerIP: 1.2.3.4 + # loadBalancerSourceRanges: [] + + # By default, Service of type 'LoadBalancer' will be created setting 'externalTrafficPolicy: Cluster' + # unless other value is explicitly set. + # Possible values are Cluster or Local (https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) + # externalTrafficPolicy: Cluster + + annotations: {} + + # By default, Service will be created setting 'internalTrafficPolicy: Local' on mode = daemonset + # unless other value is explicitly set. + # Setting 'internalTrafficPolicy: Cluster' on a daemonset is not recommended + # internalTrafficPolicy: Cluster + +ingress: + enabled: false + # annotations: {} + # ingressClassName: nginx + # hosts: + # - host: collector.example.com + # paths: + # - path: / + # pathType: Prefix + # port: 4318 + # tls: + # - secretName: collector-tls + # hosts: + # - collector.example.com + + # Additional ingresses - only created if ingress.enabled is true + # Useful for when differently annotated ingress services are required + # Each additional ingress needs key "name" set to something unique + additionalIngresses: [] + # - name: cloudwatch + # ingressClassName: nginx + # annotations: {} + # hosts: + # - host: collector.example.com + # paths: + # - path: / + # pathType: Prefix + # port: 4318 + # tls: + # - secretName: collector-tls + # hosts: + # - collector.example.com + +podMonitor: + # The pod monitor by default scrapes the metrics port. + # The metrics port needs to be enabled as well. + enabled: false + metricsEndpoints: + - port: metrics + # interval: 15s + + # additional labels for the PodMonitor + extraLabels: {} + # release: kube-prometheus-stack + +serviceMonitor: + # The service monitor by default scrapes the metrics port. + # The metrics port needs to be enabled as well. + enabled: false + metricsEndpoints: + - port: metrics + # interval: 15s + + # additional labels for the ServiceMonitor + extraLabels: {} + # release: kube-prometheus-stack + # Used to set relabeling and metricRelabeling configs on the ServiceMonitor + # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config + relabelings: [] + metricRelabelings: [] + +# PodDisruptionBudget is used only if deployment enabled +podDisruptionBudget: + enabled: false +# minAvailable: 2 +# maxUnavailable: 1 + +# autoscaling is used only if mode is "deployment" or "statefulset" +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 10 + behavior: {} + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +rollout: + rollingUpdate: {} + # When 'mode: daemonset', maxSurge cannot be used when hostPort is set for any of the ports + # maxSurge: 25% + # maxUnavailable: 0 + strategy: RollingUpdate + +prometheusRule: + enabled: false + groups: [] + # Create default rules for monitoring the collector + defaultRules: + enabled: false + + # additional labels for the PrometheusRule + extraLabels: {} + +statefulset: + # volumeClaimTemplates for a statefulset + volumeClaimTemplates: [] + podManagementPolicy: "Parallel" + # Controls if and how PVCs created by the StatefulSet are deleted. Available in Kubernetes 1.23+. + persistentVolumeClaimRetentionPolicy: + enabled: false + whenDeleted: Retain + whenScaled: Retain + +networkPolicy: + enabled: false + + # Annotations to add to the NetworkPolicy + annotations: {} + + # Configure the 'from' clause of the NetworkPolicy. + # By default this will restrict traffic to ports enabled for the Collector. If + # you wish to further restrict traffic to other hosts or specific namespaces, + # see the standard NetworkPolicy 'spec.ingress.from' definition for more info: + # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ + allowIngressFrom: [] + # # Allow traffic from any pod in any namespace, but not external hosts + # - namespaceSelector: {} + # # Allow external access from a specific cidr block + # - ipBlock: + # cidr: 192.168.1.64/32 + # # Allow access from pods in specific namespaces + # - namespaceSelector: + # matchExpressions: + # - key: kubernetes.io/metadata.name + # operator: In + # values: + # - "cats" + # - "dogs" + + # Add additional ingress rules to specific ports + # Useful to allow external hosts/services to access specific ports + # An example is allowing an external prometheus server to scrape metrics + # + # See the standard NetworkPolicy 'spec.ingress' definition for more info: + # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ + extraIngressRules: [] + # - ports: + # - port: metrics + # protocol: TCP + # from: + # - ipBlock: + # cidr: 192.168.1.64/32 + + # Restrict egress traffic from the OpenTelemetry collector pod + # See the standard NetworkPolicy 'spec.egress' definition for more info: + # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ + egressRules: [] + # - to: + # - namespaceSelector: {} + # - ipBlock: + # cidr: 192.168.10.10/24 + # ports: + # - port: 1234 + # protocol: TCP + +# Allow containers to share processes across pod namespace +shareProcessNamespace: false \ No newline at end of file From a6ef47c9356a7879f6b4e89132ed5e25a028f605 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:16:16 -0700 Subject: [PATCH 115/161] Deploy updated otel collector --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 3608f2d2..8301caef 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,6 +19,6 @@ module "victoria-metrics" { module "opentelemetry-collector" { source = "spacelift.io/sagebionetworks/opentelemetry-collector/aws" - version = "0.0.2" + version = "0.0.3" cluster_name = var.cluster_name } From 588d36e3e64974d8b6905ff6119d9edd217686a8 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Fri, 26 Jul 2024 15:57:17 -0700 Subject: [PATCH 116/161] Create cert-manager deployment --- modules/cert-manager/README.md | 6 + modules/cert-manager/main.tf | 18 + modules/cert-manager/templates/values.yaml | 1350 +++++++++++++++++ modules/cert-manager/versions.tf | 16 + modules/main.tf | 17 + modules/opentelemetry-collector/data.tf | 7 - .../templates/values.yaml | 20 - modules/opentelemetry-collector/variables.tf | 17 - modules/sage-aws-k8s-node-autoscaler/main.tf | 3 +- 9 files changed, 1409 insertions(+), 45 deletions(-) create mode 100644 modules/cert-manager/README.md create mode 100644 modules/cert-manager/main.tf create mode 100644 modules/cert-manager/templates/values.yaml create mode 100644 modules/cert-manager/versions.tf delete mode 100644 modules/opentelemetry-collector/data.tf delete mode 100644 modules/opentelemetry-collector/variables.tf diff --git a/modules/cert-manager/README.md b/modules/cert-manager/README.md new file mode 100644 index 00000000..b47a4bd9 --- /dev/null +++ b/modules/cert-manager/README.md @@ -0,0 +1,6 @@ +# Purpose +This module is used to deploy the cert-manager helm chart + +Resources: + +- diff --git a/modules/cert-manager/main.tf b/modules/cert-manager/main.tf new file mode 100644 index 00000000..ff27c9bf --- /dev/null +++ b/modules/cert-manager/main.tf @@ -0,0 +1,18 @@ +resource "kubernetes_namespace" "cert-manager" { + metadata { + name = "cert-manager" + } +} + +resource "helm_release" "cert-manager" { + name = "cert-manager" + repository = "https://charts.jetstack.io" + chart = "cert-manager" + namespace = "cert-manager" + version = "v1.15.1" + depends_on = [ + kubernetes_namespace.cert-manager + ] + + values = [templatefile("${path.module}/templates/values.yaml", {})] +} diff --git a/modules/cert-manager/templates/values.yaml b/modules/cert-manager/templates/values.yaml new file mode 100644 index 00000000..c4310fb8 --- /dev/null +++ b/modules/cert-manager/templates/values.yaml @@ -0,0 +1,1350 @@ +# +docs:section=Global + +# Default values for cert-manager. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + # Reference to one or more secrets to be used when pulling images. + # For more information, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). + # + # For example: + # imagePullSecrets: + # - name: "image-pull-secret" + imagePullSecrets: [] + + # Labels to apply to all resources. + # Please note that this does not add labels to the resources created dynamically by the controllers. + # For these resources, you have to add the labels in the template in the cert-manager custom resource: + # For example, podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress + # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress). + # For example, secretTemplate in CertificateSpec + # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec). + commonLabels: {} + + # The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). + # +docs:property + # revisionHistoryLimit: 1 + + # The optional priority class to be used for the cert-manager pods. + priorityClassName: "" + + rbac: + # Create required ClusterRoles and ClusterRoleBindings for cert-manager. + create: true + # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) + aggregateClusterRoles: true + + podSecurityPolicy: + # Create PodSecurityPolicy for cert-manager. + # + # Note that PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25. + enabled: false + # Configure the PodSecurityPolicy to use AppArmor. + useAppArmor: true + + # Set the verbosity of cert-manager. A range of 0 - 6, with 6 being the most verbose. + logLevel: 2 + + leaderElection: + # Override the namespace used for the leader election lease. + namespace: "kube-system" + + # The duration that non-leader candidates will wait after observing a + # leadership renewal until attempting to acquire leadership of a led but + # unrenewed leader slot. This is effectively the maximum duration that a + # leader can be stopped before it is replaced by another candidate. + # +docs:property + # leaseDuration: 60s + + # The interval between attempts by the acting master to renew a leadership + # slot before it stops leading. This must be less than or equal to the + # lease duration. + # +docs:property + # renewDeadline: 40s + + # The duration the clients should wait between attempting acquisition and + # renewal of a leadership. + # +docs:property + # retryPeriod: 15s + +# This option is equivalent to setting crds.enabled=true and crds.keep=true. +# Deprecated: use crds.enabled and crds.keep instead. +installCRDs: false + +crds: + # This option decides if the CRDs should be installed + # as part of the Helm installation. + enabled: true + + # This option makes it so that the "helm.sh/resource-policy": keep + # annotation is added to the CRD. This will prevent Helm from uninstalling + # the CRD when the Helm release is uninstalled. + # WARNING: when the CRDs are removed, all cert-manager custom resources + # (Certificates, Issuers, ...) will be removed too by the garbage collector. + keep: true + +# +docs:section=Controller + +# The number of replicas of the cert-manager controller to run. +# +# The default is 1, but in production set this to 2 or 3 to provide high +# availability. +# +# If `replicas > 1`, consider setting `podDisruptionBudget.enabled=true`. +# +# Note that cert-manager uses leader election to ensure that there can +# only be a single instance active at a time. +replicaCount: 1 + +# Deployment update strategy for the cert-manager controller deployment. +# For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). +# +# For example: +# strategy: +# type: RollingUpdate +# rollingUpdate: +# maxSurge: 0 +# maxUnavailable: 1 +strategy: {} + +podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + + # This configures the minimum available pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + + # This configures the maximum unavailable pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # it cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 + +# A comma-separated list of feature gates that should be enabled on the +# controller pod. +featureGates: "" + +# The maximum number of challenges that can be scheduled as 'processing' at once. +maxConcurrentChallenges: 60 + +image: + # The container registry to pull the manager image from. + # +docs:property + # registry: quay.io + + # The container image for the cert-manager controller. + # +docs:property + repository: quay.io/jetstack/cert-manager-controller + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z + + # Setting a digest will override any tag. + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + +# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer +# resources. By default, the same namespace as cert-manager is deployed within is +# used. This namespace will not be automatically created by the Helm chart. +clusterResourceNamespace: "" + +# This namespace allows you to define where the services are installed into. +# If not set then they use the namespace of the release. +# This is helpful when installing cert manager as a chart dependency (sub chart). +namespace: "" + +serviceAccount: + # Specifies whether a service account should be created. + create: true + + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + # +docs:property + # name: "" + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property + # annotations: {} + + # Optional additional labels to add to the controller's Service Account. + # +docs:property + # labels: {} + + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + +# Automounting API credentials for a particular pod. +# +docs:property +# automountServiceAccountToken: true + +# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted. +enableCertificateOwnerRef: false + +# This property is used to configure options for the controller pod. +# This allows setting options that would usually be provided using flags. +# An APIVersion and Kind must be specified in your values.yaml file. +# Flags will override options that are set here. +# +# For example: +# config: +# apiVersion: controller.config.cert-manager.io/v1alpha1 +# kind: ControllerConfiguration +# logging: +# verbosity: 2 +# format: text +# leaderElectionConfig: +# namespace: kube-system +# kubernetesAPIQPS: 9000 +# kubernetesAPIBurst: 9000 +# numberOfConcurrentWorkers: 200 +# featureGates: +# AdditionalCertificateOutputFormats: true +# DisallowInsecureCSRUsageDefinition: true +# ExperimentalCertificateSigningRequestControllers: true +# ExperimentalGatewayAPISupport: true +# LiteralCertificateSubject: true +# SecretsFilteredCaching: true +# ServerSideApply: true +# StableCertificateRequestName: true +# UseCertificateRequestBasicConstraints: true +# ValidateCAA: true +# metricsTLSConfig: +# dynamic: +# secretNamespace: "cert-manager" +# secretName: "cert-manager-metrics-ca" +# dnsNames: +# - cert-manager-metrics +# - cert-manager-metrics.cert-manager +# - cert-manager-metrics.cert-manager.svc +config: {} + +# Setting Nameservers for DNS01 Self Check. +# For more information, see the [cert-manager documentation](https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check). + +# A comma-separated string with the host and port of the recursive nameservers cert-manager should query. +dns01RecursiveNameservers: "" + +# Forces cert-manager to use only the recursive nameservers for verification. +# Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. +dns01RecursiveNameserversOnly: false + +# Option to disable cert-manager's build-in auto-approver. The auto-approver +# approves all CertificateRequests that reference issuers matching the 'approveSignerNames' +# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions +# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +disableAutoApproval: false + +# List of signer names that cert-manager will approve by default. CertificateRequests +# referencing these signer names will be auto-approved by cert-manager. Defaults to just +# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty +# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, +# because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval +# +docs:property +approveSignerNames: +- issuers.cert-manager.io/* +- clusterissuers.cert-manager.io/* + +# Additional command line flags to pass to cert-manager controller binary. +# To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`. +# +# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificiateRequests approver. +# +# For example: +# extraArgs: +# - --controllers=*,-certificaterequests-approver +extraArgs: [] + +# Additional environment variables to pass to cert-manager controller binary. +extraEnv: [] +# - name: SOME_VAR +# value: 'some value' + +# Resources to provide to the cert-manager controller pod. +# +# For example: +# requests: +# cpu: 10m +# memory: 32Mi +# +# For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). +resources: {} + +# Pod Security Context. +# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# +docs:property +securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +# Container Security Context to be set on the controller component container. +# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). +# +docs:property +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + +# Additional volumes to add to the cert-manager controller pod. +volumes: [] + +# Additional volume mounts to add to the cert-manager controller container. +volumeMounts: [] + +# Optional additional annotations to add to the controller Deployment. +# +docs:property +# deploymentAnnotations: {} + +# Optional additional annotations to add to the controller Pods. +# +docs:property +# podAnnotations: {} + +# Optional additional labels to add to the controller Pods. +podLabels: {} + +# Optional annotations to add to the controller Service. +# +docs:property +# serviceAnnotations: {} + +# Optional additional labels to add to the controller Service. +# +docs:property +# serviceLabels: {} + +# Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). +# +docs:property +# serviceIPFamilyPolicy: "" + +# Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. +# +docs:property +# serviceIPFamilies: [] + +# Optional DNS settings. These are useful if you have a public and private DNS zone for +# the same domain on Route 53. The following is an example of ensuring +# cert-manager can access an ingress or DNS TXT records at all times. +# Note that this requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for +# the cluster to work. + +# Pod DNS policy. +# For more information, see [Pod's DNS Policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). +# +docs:property +# podDnsPolicy: "None" + +# Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy +# settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. +# For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config). +# +docs:property +# podDnsConfig: +# nameservers: +# - "1.1.1.1" +# - "8.8.8.8" + +# Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks. +hostAliases: [] +# - ip: 127.0.0.1 +# hostnames: +# - foo.local +# - bar.local +# - ip: 10.1.2.3 +# hostnames: +# - foo.remote +# - bar.remote + +# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with +# matching labels. +# For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). +# +# This default ensures that Pods are only scheduled to Linux nodes. +# It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. +# +docs:property +nodeSelector: + kubernetes.io/os: linux + +# +docs:ignore +ingressShim: {} + + # Optional default issuer to use for ingress resources. + # +docs:property=ingressShim.defaultIssuerName + # defaultIssuerName: "" + + # Optional default issuer kind to use for ingress resources. + # +docs:property=ingressShim.defaultIssuerKind + # defaultIssuerKind: "" + + # Optional default issuer group to use for ingress resources. + # +docs:property=ingressShim.defaultIssuerGroup + # defaultIssuerGroup: "" + +# Use these variables to configure the HTTP_PROXY environment variables. + +# Configures the HTTP_PROXY environment variable where a HTTP proxy is required. +# +docs:property +# http_proxy: "http://proxy:8080" + +# Configures the HTTPS_PROXY environment variable where a HTTP proxy is required. +# +docs:property +# https_proxy: "https://proxy:8080" + +# Configures the NO_PROXY environment variable where a HTTP proxy is required, +# but certain domains should be excluded. +# +docs:property +# no_proxy: 127.0.0.1,localhost + + +# A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). +# +# For example: +# affinity: +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: foo.bar.com/role +# operator: In +# values: +# - master +affinity: {} + +# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). +# +# For example: +# tolerations: +# - key: foo.bar.com/role +# operator: Equal +# value: master +# effect: NoSchedule +tolerations: [] + +# A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core +# +# For example: +# topologySpreadConstraints: +# - maxSkew: 2 +# topologyKey: topology.kubernetes.io/zone +# whenUnsatisfiable: ScheduleAnyway +# labelSelector: +# matchLabels: +# app.kubernetes.io/instance: cert-manager +# app.kubernetes.io/component: controller +topologySpreadConstraints: [] + +# LivenessProbe settings for the controller container of the controller Pod. +# +# This is enabled by default, in order to enable the clock-skew liveness probe that +# restarts the controller in case of a skew between the system clock and the monotonic clock. +# LivenessProbe durations and thresholds are based on those used for the Kubernetes +# controller-manager. For more information see the following on the +# [Kubernetes GitHub repository](https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245) +# +docs:property +livenessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 15 + successThreshold: 1 + failureThreshold: 8 + +# enableServiceLinks indicates whether information about services should be +# injected into the pod's environment variables, matching the syntax of Docker +# links. +enableServiceLinks: false + +# +docs:section=Prometheus + +prometheus: + # Enable Prometheus monitoring for the cert-manager controller to use with the + # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or + # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment + # resources. Additionally, a service is created which can be used together + # with your own ServiceMonitor (managed outside of this Helm chart). + # Otherwise, a ServiceMonitor/ PodMonitor is created. + enabled: true + + servicemonitor: + # Create a ServiceMonitor to add cert-manager to Prometheus. + enabled: true + + # Specifies the `prometheus` label on the created ServiceMonitor. This is + # used when different Prometheus instances have label selectors matching + # different ServiceMonitors. + prometheusInstance: default + + # The target port to set on the ServiceMonitor. This must match the port that the + # cert-manager controller is listening on for metrics. + targetPort: 9402 + + # The path to scrape for metrics. + path: /metrics + + # The interval to scrape metrics. + interval: 60s + + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + + # Additional labels to add to the ServiceMonitor. + labels: {} + + # Additional annotations to add to the ServiceMonitor. + annotations: {} + + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} + + # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in a error. + podmonitor: + # Create a PodMonitor to add cert-manager to Prometheus. + enabled: false + + # Specifies the `prometheus` label on the created PodMonitor. This is + # used when different Prometheus instances have label selectors matching + # different PodMonitors. + prometheusInstance: default + + # The path to scrape for metrics. + path: /metrics + + # The interval to scrape metrics. + interval: 60s + + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + + # Additional labels to add to the PodMonitor. + labels: {} + + # Additional annotations to add to the PodMonitor. + annotations: {} + + # Keep labels from scraped data, overriding server-side labels. + honorLabels: false + + # EndpointAdditionalProperties allows setting additional properties on the + # endpoint such as relabelings, metricRelabelings etc. + # + # For example: + # endpointAdditionalProperties: + # relabelings: + # - action: replace + # sourceLabels: + # - __meta_kubernetes_pod_node_name + # targetLabel: instance + # + # +docs:property + endpointAdditionalProperties: {} + +# +docs:section=Webhook + +webhook: + # Number of replicas of the cert-manager webhook to run. + # + # The default is 1, but in production set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1`, consider setting `webhook.podDisruptionBudget.enabled=true`. + replicaCount: 1 + + # The number of seconds the API server should wait for the webhook to respond before treating the call as a failure. + # The value must be between 1 and 30 seconds. For more information, see + # [Validating webhook configuration v1](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/). + # + # The default is set to the maximum value of 30 seconds as + # users sometimes report that the connection between the K8S API server and + # the cert-manager webhook server times out. + # If *this* timeout is reached, the error message will be "context deadline exceeded", + # which doesn't help the user diagnose what phase of the HTTPS connection timed out. + # For example, it could be during DNS resolution, TCP connection, TLS + # negotiation, HTTP negotiation, or slow HTTP response from the webhook + # server. + # By setting this timeout to its maximum value the underlying timeout error + # message has more chance of being returned to the end user. + timeoutSeconds: 30 + + # This is used to configure options for the webhook pod. + # This allows setting options that would usually be provided using flags. + # An APIVersion and Kind must be specified in your values.yaml file. + # Flags override options that are set here. + # + # For example: + # apiVersion: webhook.config.cert-manager.io/v1alpha1 + # kind: WebhookConfiguration + # # The port that the webhook listens on for requests. + # # In GKE private clusters, by default Kubernetes apiservers are allowed to + # # talk to the cluster nodes only on 443 and 10250. Configuring + # # securePort: 10250 therefore will work out-of-the-box without needing to add firewall + # # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000. + # # This should be uncommented and set as a default by the chart once + # # the apiVersion of WebhookConfiguration graduates beyond v1alpha1. + # securePort: 10250 + config: {} + + # The update strategy for the cert-manager webhook deployment. + # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + strategy: {} + + # Pod Security Context to be set on the webhook component Pod. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # Container Security Context to be set on the webhook component container. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + + # This property configures the minimum available pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + + # This property configures the maximum unavailable pods for disruptions. Can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # It cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 + + # Optional additional annotations to add to the webhook Deployment. + # +docs:property + # deploymentAnnotations: {} + + # Optional additional annotations to add to the webhook Pods. + # +docs:property + # podAnnotations: {} + + # Optional additional annotations to add to the webhook Service. + # +docs:property + # serviceAnnotations: {} + + # Optional additional annotations to add to the webhook MutatingWebhookConfiguration. + # +docs:property + # mutatingWebhookConfigurationAnnotations: {} + + # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration. + # +docs:property + # validatingWebhookConfigurationAnnotations: {} + + validatingWebhookConfiguration: + # Configure spec.namespaceSelector for validating webhooks. + # +docs:property + namespaceSelector: + matchExpressions: + - key: "cert-manager.io/disable-validation" + operator: "NotIn" + values: + - "true" + + mutatingWebhookConfiguration: + # Configure spec.namespaceSelector for mutating webhooks. + # +docs:property + namespaceSelector: {} + # matchLabels: + # key: value + # matchExpressions: + # - key: kubernetes.io/metadata.name + # operator: NotIn + # values: + # - kube-system + + + # Additional command line flags to pass to cert-manager webhook binary. + # To see all available flags run `docker run quay.io/jetstack/cert-manager-webhook: --help`. + extraArgs: [] + # Path to a file containing a WebhookConfiguration object used to configure the webhook. + # - --config= + + # Comma separated list of feature gates that should be enabled on the + # webhook pod. + featureGates: "" + + # Resources to provide to the cert-manager webhook pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + resources: {} + + # Liveness probe values. + # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + # + # +docs:property + livenessProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + + # Readiness probe values. + # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). + # + # +docs:property + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property + nodeSelector: + kubernetes.io/os: linux + + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master + affinity: {} + + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule + tolerations: [] + + # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller + topologySpreadConstraints: [] + + # Optional additional labels to add to the Webhook Pods. + podLabels: {} + + # Optional additional labels to add to the Webhook Service. + serviceLabels: {} + + # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + serviceIPFamilyPolicy: "" + + # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. + serviceIPFamilies: [] + + image: + # The container registry to pull the webhook image from. + # +docs:property + # registry: quay.io + + # The container image for the cert-manager webhook + # +docs:property + repository: quay.io/jetstack/cert-manager-webhook + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # +docs:property + # tag: vX.Y.Z + + # Setting a digest will override any tag + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + + serviceAccount: + # Specifies whether a service account should be created. + create: true + + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + # +docs:property + # name: "" + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property + # annotations: {} + + # Optional additional labels to add to the webhook's Service Account. + # +docs:property + # labels: {} + + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + + # Automounting API credentials for a particular pod. + # +docs:property + # automountServiceAccountToken: true + + # The port that the webhook listens on for requests. + # In GKE private clusters, by default Kubernetes apiservers are allowed to + # talk to the cluster nodes only on 443 and 10250. Configuring + # securePort: 10250, therefore will work out-of-the-box without needing to add firewall + # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. + securePort: 10250 + + # Specifies if the webhook should be started in hostNetwork mode. + # + # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom + # CNI (such as calico), because control-plane managed by AWS cannot communicate + # with pods' IP CIDR and admission webhooks are not working + # + # Since the default port for the webhook conflicts with kubelet on the host + # network, `webhook.securePort` should be changed to an available port if + # running in hostNetwork mode. + hostNetwork: false + + # Specifies how the service should be handled. Useful if you want to expose the + # webhook outside of the cluster. In some cases, the control plane cannot + # reach internal services. + serviceType: ClusterIP + + # Specify the load balancer IP for the created service. + # +docs:property + # loadBalancerIP: "10.10.10.10" + + # Overrides the mutating webhook and validating webhook so they reach the webhook + # service using the `url` field instead of a service. + url: {} + # host: + + # Enables default network policies for webhooks. + networkPolicy: + # Create network policies for the webhooks. + enabled: false + + # Ingress rule for the webhook network policy. By default, it allows all + # inbound traffic. + # +docs:property + ingress: + - from: + - ipBlock: + cidr: 0.0.0.0/0 + + # Egress rule for the webhook network policy. By default, it allows all + # outbound traffic to ports 80 and 443, as well as DNS ports. + # +docs:property + egress: + - ports: + - port: 80 + protocol: TCP + - port: 443 + protocol: TCP + - port: 53 + protocol: TCP + - port: 53 + protocol: UDP + # On OpenShift and OKD, the Kubernetes API server listens on. + # port 6443. + - port: 6443 + protocol: TCP + to: + - ipBlock: + cidr: 0.0.0.0/0 + + # Additional volumes to add to the cert-manager controller pod. + volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. + volumeMounts: [] + + # enableServiceLinks indicates whether information about services should be + # injected into the pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false + +# +docs:section=CA Injector + +cainjector: + # Create the CA Injector deployment + enabled: true + + # The number of replicas of the cert-manager cainjector to run. + # + # The default is 1, but in production set this to 2 or 3 to provide high + # availability. + # + # If `replicas > 1`, consider setting `cainjector.podDisruptionBudget.enabled=true`. + # + # Note that cert-manager uses leader election to ensure that there can + # only be a single instance active at a time. + replicaCount: 1 + + # This is used to configure options for the cainjector pod. + # It allows setting options that are usually provided via flags. + # An APIVersion and Kind must be specified in your values.yaml file. + # Flags override options that are set here. + # + # For example: + # apiVersion: cainjector.config.cert-manager.io/v1alpha1 + # kind: CAInjectorConfiguration + # logging: + # verbosity: 2 + # format: text + # leaderElectionConfig: + # namespace: kube-system + config: {} + + # Deployment update strategy for the cert-manager cainjector deployment. + # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). + # + # For example: + # strategy: + # type: RollingUpdate + # rollingUpdate: + # maxSurge: 0 + # maxUnavailable: 1 + strategy: {} + + # Pod Security Context to be set on the cainjector component Pod + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # Container Security Context to be set on the cainjector component container + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + + podDisruptionBudget: + # Enable or disable the PodDisruptionBudget resource. + # + # This prevents downtime during voluntary disruptions such as during a Node upgrade. + # For example, the PodDisruptionBudget will block `kubectl drain` + # if it is used on the Node where the only remaining cert-manager + # Pod is currently running. + enabled: false + + # `minAvailable` configures the minimum available pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `maxUnavailable` is set. + # +docs:property + # minAvailable: 1 + + # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to + # an integer (e.g. 1) or a percentage value (e.g. 25%). + # Cannot be used if `minAvailable` is set. + # +docs:property + # maxUnavailable: 1 + + # Optional additional annotations to add to the cainjector Deployment. + # +docs:property + # deploymentAnnotations: {} + + # Optional additional annotations to add to the cainjector Pods. + # +docs:property + # podAnnotations: {} + + # Additional command line flags to pass to cert-manager cainjector binary. + # To see all available flags run `docker run quay.io/jetstack/cert-manager-cainjector: --help`. + extraArgs: [] + # Enable profiling for cainjector. + # - --enable-profiling=true + + # Comma separated list of feature gates that should be enabled on the + # cainjector pod. + featureGates: "" + + # Resources to provide to the cert-manager cainjector pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + resources: {} + + + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property + nodeSelector: + kubernetes.io/os: linux + + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master + affinity: {} + + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule + tolerations: [] + + # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). + # + # For example: + # topologySpreadConstraints: + # - maxSkew: 2 + # topologyKey: topology.kubernetes.io/zone + # whenUnsatisfiable: ScheduleAnyway + # labelSelector: + # matchLabels: + # app.kubernetes.io/instance: cert-manager + # app.kubernetes.io/component: controller + topologySpreadConstraints: [] + + # Optional additional labels to add to the CA Injector Pods. + podLabels: {} + + image: + # The container registry to pull the cainjector image from. + # +docs:property + # registry: quay.io + + # The container image for the cert-manager cainjector + # +docs:property + repository: quay.io/jetstack/cert-manager-cainjector + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion will be used. + # +docs:property + # tag: vX.Y.Z + + # Setting a digest will override any tag. + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + + serviceAccount: + # Specifies whether a service account should be created. + create: true + + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + # +docs:property + # name: "" + + # Optional additional annotations to add to the controller's Service Account. + # +docs:property + # annotations: {} + + # Optional additional labels to add to the cainjector's Service Account. + # +docs:property + # labels: {} + + # Automount API credentials for a Service Account. + automountServiceAccountToken: true + + # Automounting API credentials for a particular pod. + # +docs:property + # automountServiceAccountToken: true + + # Additional volumes to add to the cert-manager controller pod. + volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. + volumeMounts: [] + + # enableServiceLinks indicates whether information about services should be + # injected into the pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false + +# +docs:section=ACME Solver + +acmesolver: + image: + # The container registry to pull the acmesolver image from. + # +docs:property + # registry: quay.io + + # The container image for the cert-manager acmesolver. + # +docs:property + repository: quay.io/jetstack/cert-manager-acmesolver + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z + + # Setting a digest will override any tag. + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + +# +docs:section=Startup API Check +# This startupapicheck is a Helm post-install hook that waits for the webhook +# endpoints to become available. +# The check is implemented using a Kubernetes Job - if you are injecting mesh +# sidecar proxies into cert-manager pods, ensure that they +# are not injected into this Job's pod. Otherwise, the installation may time out +# owing to the Job never being completed because the sidecar proxy does not exit. +# For more information, see [this note](https://github.com/cert-manager/cert-manager/pull/4414). + +startupapicheck: + # Enables the startup api check. + enabled: true + + # Pod Security Context to be set on the startupapicheck component Pod. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + + # Container Security Context to be set on the controller component container. + # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). + # +docs:property + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + + # Timeout for 'kubectl check api' command. + timeout: 1m + + # Job backoffLimit + backoffLimit: 4 + + # Optional additional annotations to add to the startupapicheck Job. + # +docs:property + jobAnnotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "1" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + # Optional additional annotations to add to the startupapicheck Pods. + # +docs:property + # podAnnotations: {} + + # Additional command line flags to pass to startupapicheck binary. + # To see all available flags run `docker run quay.io/jetstack/cert-manager-startupapicheck: --help`. + # + # Verbose logging is enabled by default so that if startupapicheck fails, you + # can know what exactly caused the failure. Verbose logs include details of + # the webhook URL, IP address and TCP connect errors for example. + # +docs:property + extraArgs: + - -v + + # Resources to provide to the cert-manager controller pod. + # + # For example: + # requests: + # cpu: 10m + # memory: 32Mi + # + # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + resources: {} + + + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with + # matching labels. + # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). + # + # This default ensures that Pods are only scheduled to Linux nodes. + # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. + # +docs:property + nodeSelector: + kubernetes.io/os: linux + + # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). + # For example: + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: foo.bar.com/role + # operator: In + # values: + # - master + affinity: {} + + # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). + # + # For example: + # tolerations: + # - key: foo.bar.com/role + # operator: Equal + # value: master + # effect: NoSchedule + tolerations: [] + + # Optional additional labels to add to the startupapicheck Pods. + podLabels: {} + + image: + # The container registry to pull the startupapicheck image from. + # +docs:property + # registry: quay.io + + # The container image for the cert-manager startupapicheck. + # +docs:property + repository: quay.io/jetstack/cert-manager-startupapicheck + + # Override the image tag to deploy by setting this variable. + # If no value is set, the chart's appVersion is used. + # +docs:property + # tag: vX.Y.Z + + # Setting a digest will override any tag. + # +docs:property + # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 + + # Kubernetes imagePullPolicy on Deployment. + pullPolicy: IfNotPresent + + rbac: + # annotations for the startup API Check job RBAC and PSP resources. + # +docs:property + annotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + # Automounting API credentials for a particular pod. + # +docs:property + # automountServiceAccountToken: true + + serviceAccount: + # Specifies whether a service account should be created. + create: true + + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template. + # +docs:property + # name: "" + + # Optional additional annotations to add to the Job's Service Account. + # +docs:property + annotations: + helm.sh/hook: post-install + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded + + # Automount API credentials for a Service Account. + # +docs:property + automountServiceAccountToken: true + + # Optional additional labels to add to the startupapicheck's Service Account. + # +docs:property + # labels: {} + + # Additional volumes to add to the cert-manager controller pod. + volumes: [] + + # Additional volume mounts to add to the cert-manager controller container. + volumeMounts: [] + + # enableServiceLinks indicates whether information about services should be + # injected into pod's environment variables, matching the syntax of Docker + # links. + enableServiceLinks: false + +# Create dynamic manifests via values. +# +# For example: +# extraObjects: +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: '{{ template "cert-manager.name" . }}-extra-configmap' +extraObjects: [] + diff --git a/modules/cert-manager/versions.tf b/modules/cert-manager/versions.tf new file mode 100644 index 00000000..00cbb0b3 --- /dev/null +++ b/modules/cert-manager/versions.tf @@ -0,0 +1,16 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 5.0" + } + kubernetes = { + source = "hashicorp/kubernetes" + version = "~> 2.0" + } + helm = { + source = "hashicorp/helm" + version = "~> 2.0" + } + } +} diff --git a/modules/main.tf b/modules/main.tf index 2271cb45..eabb3419 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -32,6 +32,23 @@ locals { space_id = "root" version_number = "0.0.3" } + + cert-manager = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "cert-manager" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-1007-monitoring" + description = "Helm chart deployment for cert-manager which handles certificate management." + project_root = "modules/cert-manager" + space_id = "root" + version_number = "0.0.1" + } } } diff --git a/modules/opentelemetry-collector/data.tf b/modules/opentelemetry-collector/data.tf deleted file mode 100644 index 765d5620..00000000 --- a/modules/opentelemetry-collector/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} \ No newline at end of file diff --git a/modules/opentelemetry-collector/templates/values.yaml b/modules/opentelemetry-collector/templates/values.yaml index 9dd18194..77a1d63b 100644 --- a/modules/opentelemetry-collector/templates/values.yaml +++ b/modules/opentelemetry-collector/templates/values.yaml @@ -103,30 +103,12 @@ config: # By default spike_limit_mib is set to 25% of ".Values.resources.limits.memory" spike_limit_percentage: 25 receivers: - jaeger: - protocols: - grpc: - endpoint: $${env:MY_POD_IP}:14250 - thrift_http: - endpoint: $${env:MY_POD_IP}:14268 - thrift_compact: - endpoint: $${env:MY_POD_IP}:6831 otlp: protocols: grpc: endpoint: $${env:MY_POD_IP}:4317 http: endpoint: $${env:MY_POD_IP}:4318 - prometheus: - config: - scrape_configs: - - job_name: opentelemetry-collector - scrape_interval: 10s - static_configs: - - targets: - - $${env:MY_POD_IP}:8888 - zipkin: - endpoint: $${env:MY_POD_IP}:9411 service: telemetry: metrics: @@ -159,8 +141,6 @@ config: - batch receivers: - otlp - - jaeger - - zipkin image: # If you want to use the core image `otel/opentelemetry-collector`, you also need to change `command.name` value to `otelcol`. diff --git a/modules/opentelemetry-collector/variables.tf b/modules/opentelemetry-collector/variables.tf deleted file mode 100644 index 54e4b955..00000000 --- a/modules/opentelemetry-collector/variables.tf +++ /dev/null @@ -1,17 +0,0 @@ -variable "cluster_name" { - description = "Name of K8 cluster" - type = string -} - -variable "kube_config_path" { - description = "Kube config path" - type = string - default = "~/.kube/config" -} - -variable "region" { - description = "AWS region" - type = string - default = "us-east-1" -} - diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index 0a92e260..31e2e669 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -102,7 +102,8 @@ module "ocean-aws-k8s" { is_aggressive_scale_down_enabled = true max_scale_down_percentage = 33 tags = var.tags - desired_capacity = var.desired_capacity + # TODO: Fix this it does not seem to work + desired_capacity = var.desired_capacity } resource "aws_eks_addon" "coredns" { From 96c3c7093f05d312df1b59208b80fa0b413255d1 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 11:23:58 -0700 Subject: [PATCH 117/161] Create trivy-operator --- dev/main.tf | 1 + dev/spacelift/dpe-sandbox/main.tf | 10 + dev/spacelift/dpe-sandbox/variables.tf | 5 + .../dpe-sandbox-k8s-deployments/main.tf | 9 +- dev/variables.tf | 5 + main.tf | 1 + modules/cert-manager/README.md | 6 - modules/cert-manager/main.tf | 18 - modules/cert-manager/templates/values.yaml | 1350 ----------------- modules/main.tf | 17 + modules/opentelemetry-collector/README.md | 6 - modules/opentelemetry-collector/main.tf | 28 - .../templates/values.yaml | 556 ------- modules/opentelemetry-collector/versions.tf | 16 - modules/trivy-operator/main.tf | 18 + modules/trivy-operator/templates/values.yaml | 783 ++++++++++ .../versions.tf | 0 modules/victoria-metrics/README.md | 11 + modules/victoria-metrics/data.tf | 7 - modules/victoria-metrics/variables.tf | 18 - 20 files changed, 855 insertions(+), 2010 deletions(-) delete mode 100644 modules/cert-manager/README.md delete mode 100644 modules/cert-manager/main.tf delete mode 100644 modules/cert-manager/templates/values.yaml delete mode 100644 modules/opentelemetry-collector/README.md delete mode 100644 modules/opentelemetry-collector/main.tf delete mode 100644 modules/opentelemetry-collector/templates/values.yaml delete mode 100644 modules/opentelemetry-collector/versions.tf create mode 100644 modules/trivy-operator/main.tf create mode 100644 modules/trivy-operator/templates/values.yaml rename modules/{cert-manager => trivy-operator}/versions.tf (100%) create mode 100644 modules/victoria-metrics/README.md delete mode 100644 modules/victoria-metrics/data.tf delete mode 100644 modules/victoria-metrics/variables.tf diff --git a/dev/main.tf b/dev/main.tf index 0b2d4aac..db35d921 100644 --- a/dev/main.tf +++ b/dev/main.tf @@ -8,4 +8,5 @@ resource "spacelift_space" "development" { module "dpe-sandbox-spacelift" { source = "./spacelift/dpe-sandbox" parent_space_id = spacelift_space.development.id + admin_stack_id = var.admin_stack_id } diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index 2a292195..f6b822dd 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -41,6 +41,16 @@ resource "spacelift_stack" "k8s-stack-deployments" { space_id = spacelift_space.dpe-sandbox.id } +resource "spacelift_stack_dependency" "dependency-on-admin-stack" { + for_each = { + k8s-stack = spacelift_stack.k8s-stack, + k8s-stack-deployments = spacelift_stack.k8s-stack-deployments + } + + stack_id = each.value.id + depends_on_stack_id = var.admin_stack_id +} + resource "spacelift_context_attachment" "k8s-kubeconfig-hooks" { context_id = "kubernetes-deployments-kubeconfig" stack_id = spacelift_stack.k8s-stack-deployments.id diff --git a/dev/spacelift/dpe-sandbox/variables.tf b/dev/spacelift/dpe-sandbox/variables.tf index b6b4a9cf..48f5cf97 100644 --- a/dev/spacelift/dpe-sandbox/variables.tf +++ b/dev/spacelift/dpe-sandbox/variables.tf @@ -10,3 +10,8 @@ variable "tags" { "CostCenter" = "No Program / 000000" } } + +variable "admin_stack_id" { + description = "ID of the admin stack" + type = string +} diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 8301caef..8f9a65c5 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -7,7 +7,7 @@ module "sage-aws-eks-autoscaler" { vpc_id = var.vpc_id node_security_group_id = var.node_security_group_id spotinst_account = var.spotinst_account - desired_capacity = 2 + # desired_capacity = 2 } module "victoria-metrics" { @@ -17,8 +17,7 @@ module "victoria-metrics" { cluster_name = var.cluster_name } -module "opentelemetry-collector" { - source = "spacelift.io/sagebionetworks/opentelemetry-collector/aws" - version = "0.0.3" - cluster_name = var.cluster_name +module "trivy-operator" { + source = "spacelift.io/sagebionetworks/trivy-operator/aws" + version = "0.0.1" } diff --git a/dev/variables.tf b/dev/variables.tf index ae2a3de0..ca21c16b 100644 --- a/dev/variables.tf +++ b/dev/variables.tf @@ -2,3 +2,8 @@ variable "parent_space_id" { description = "ID of the parent spacelift space" type = string } + +variable "admin_stack_id" { + description = "ID of the admin stack" + type = string +} diff --git a/main.tf b/main.tf index 9221a0dc..5c4f8d61 100644 --- a/main.tf +++ b/main.tf @@ -56,4 +56,5 @@ module "dev-resources" { module.terraform-registry, ] parent_space_id = spacelift_space.environment.id + admin_stack_id = spacelift_stack.root_administrative_stack.id } diff --git a/modules/cert-manager/README.md b/modules/cert-manager/README.md deleted file mode 100644 index b47a4bd9..00000000 --- a/modules/cert-manager/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Purpose -This module is used to deploy the cert-manager helm chart - -Resources: - -- diff --git a/modules/cert-manager/main.tf b/modules/cert-manager/main.tf deleted file mode 100644 index ff27c9bf..00000000 --- a/modules/cert-manager/main.tf +++ /dev/null @@ -1,18 +0,0 @@ -resource "kubernetes_namespace" "cert-manager" { - metadata { - name = "cert-manager" - } -} - -resource "helm_release" "cert-manager" { - name = "cert-manager" - repository = "https://charts.jetstack.io" - chart = "cert-manager" - namespace = "cert-manager" - version = "v1.15.1" - depends_on = [ - kubernetes_namespace.cert-manager - ] - - values = [templatefile("${path.module}/templates/values.yaml", {})] -} diff --git a/modules/cert-manager/templates/values.yaml b/modules/cert-manager/templates/values.yaml deleted file mode 100644 index c4310fb8..00000000 --- a/modules/cert-manager/templates/values.yaml +++ /dev/null @@ -1,1350 +0,0 @@ -# +docs:section=Global - -# Default values for cert-manager. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -global: - # Reference to one or more secrets to be used when pulling images. - # For more information, see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). - # - # For example: - # imagePullSecrets: - # - name: "image-pull-secret" - imagePullSecrets: [] - - # Labels to apply to all resources. - # Please note that this does not add labels to the resources created dynamically by the controllers. - # For these resources, you have to add the labels in the template in the cert-manager custom resource: - # For example, podTemplate/ ingressTemplate in ACMEChallengeSolverHTTP01Ingress - # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#acme.cert-manager.io/v1.ACMEChallengeSolverHTTP01Ingress). - # For example, secretTemplate in CertificateSpec - # For more information, see the [cert-manager documentation](https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec). - commonLabels: {} - - # The number of old ReplicaSets to retain to allow rollback (if not set, the default Kubernetes value is set to 10). - # +docs:property - # revisionHistoryLimit: 1 - - # The optional priority class to be used for the cert-manager pods. - priorityClassName: "" - - rbac: - # Create required ClusterRoles and ClusterRoleBindings for cert-manager. - create: true - # Aggregate ClusterRoles to Kubernetes default user-facing roles. For more information, see [User-facing roles](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles) - aggregateClusterRoles: true - - podSecurityPolicy: - # Create PodSecurityPolicy for cert-manager. - # - # Note that PodSecurityPolicy was deprecated in Kubernetes 1.21 and removed in Kubernetes 1.25. - enabled: false - # Configure the PodSecurityPolicy to use AppArmor. - useAppArmor: true - - # Set the verbosity of cert-manager. A range of 0 - 6, with 6 being the most verbose. - logLevel: 2 - - leaderElection: - # Override the namespace used for the leader election lease. - namespace: "kube-system" - - # The duration that non-leader candidates will wait after observing a - # leadership renewal until attempting to acquire leadership of a led but - # unrenewed leader slot. This is effectively the maximum duration that a - # leader can be stopped before it is replaced by another candidate. - # +docs:property - # leaseDuration: 60s - - # The interval between attempts by the acting master to renew a leadership - # slot before it stops leading. This must be less than or equal to the - # lease duration. - # +docs:property - # renewDeadline: 40s - - # The duration the clients should wait between attempting acquisition and - # renewal of a leadership. - # +docs:property - # retryPeriod: 15s - -# This option is equivalent to setting crds.enabled=true and crds.keep=true. -# Deprecated: use crds.enabled and crds.keep instead. -installCRDs: false - -crds: - # This option decides if the CRDs should be installed - # as part of the Helm installation. - enabled: true - - # This option makes it so that the "helm.sh/resource-policy": keep - # annotation is added to the CRD. This will prevent Helm from uninstalling - # the CRD when the Helm release is uninstalled. - # WARNING: when the CRDs are removed, all cert-manager custom resources - # (Certificates, Issuers, ...) will be removed too by the garbage collector. - keep: true - -# +docs:section=Controller - -# The number of replicas of the cert-manager controller to run. -# -# The default is 1, but in production set this to 2 or 3 to provide high -# availability. -# -# If `replicas > 1`, consider setting `podDisruptionBudget.enabled=true`. -# -# Note that cert-manager uses leader election to ensure that there can -# only be a single instance active at a time. -replicaCount: 1 - -# Deployment update strategy for the cert-manager controller deployment. -# For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). -# -# For example: -# strategy: -# type: RollingUpdate -# rollingUpdate: -# maxSurge: 0 -# maxUnavailable: 1 -strategy: {} - -podDisruptionBudget: - # Enable or disable the PodDisruptionBudget resource. - # - # This prevents downtime during voluntary disruptions such as during a Node upgrade. - # For example, the PodDisruptionBudget will block `kubectl drain` - # if it is used on the Node where the only remaining cert-manager - # Pod is currently running. - enabled: false - - # This configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # It cannot be used if `maxUnavailable` is set. - # +docs:property - # minAvailable: 1 - - # This configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # it cannot be used if `minAvailable` is set. - # +docs:property - # maxUnavailable: 1 - -# A comma-separated list of feature gates that should be enabled on the -# controller pod. -featureGates: "" - -# The maximum number of challenges that can be scheduled as 'processing' at once. -maxConcurrentChallenges: 60 - -image: - # The container registry to pull the manager image from. - # +docs:property - # registry: quay.io - - # The container image for the cert-manager controller. - # +docs:property - repository: quay.io/jetstack/cert-manager-controller - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion is used. - # +docs:property - # tag: vX.Y.Z - - # Setting a digest will override any tag. - # +docs:property - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - # Kubernetes imagePullPolicy on Deployment. - pullPolicy: IfNotPresent - -# Override the namespace used to store DNS provider credentials etc. for ClusterIssuer -# resources. By default, the same namespace as cert-manager is deployed within is -# used. This namespace will not be automatically created by the Helm chart. -clusterResourceNamespace: "" - -# This namespace allows you to define where the services are installed into. -# If not set then they use the namespace of the release. -# This is helpful when installing cert manager as a chart dependency (sub chart). -namespace: "" - -serviceAccount: - # Specifies whether a service account should be created. - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - # +docs:property - # name: "" - - # Optional additional annotations to add to the controller's Service Account. - # +docs:property - # annotations: {} - - # Optional additional labels to add to the controller's Service Account. - # +docs:property - # labels: {} - - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - -# Automounting API credentials for a particular pod. -# +docs:property -# automountServiceAccountToken: true - -# When this flag is enabled, secrets will be automatically removed when the certificate resource is deleted. -enableCertificateOwnerRef: false - -# This property is used to configure options for the controller pod. -# This allows setting options that would usually be provided using flags. -# An APIVersion and Kind must be specified in your values.yaml file. -# Flags will override options that are set here. -# -# For example: -# config: -# apiVersion: controller.config.cert-manager.io/v1alpha1 -# kind: ControllerConfiguration -# logging: -# verbosity: 2 -# format: text -# leaderElectionConfig: -# namespace: kube-system -# kubernetesAPIQPS: 9000 -# kubernetesAPIBurst: 9000 -# numberOfConcurrentWorkers: 200 -# featureGates: -# AdditionalCertificateOutputFormats: true -# DisallowInsecureCSRUsageDefinition: true -# ExperimentalCertificateSigningRequestControllers: true -# ExperimentalGatewayAPISupport: true -# LiteralCertificateSubject: true -# SecretsFilteredCaching: true -# ServerSideApply: true -# StableCertificateRequestName: true -# UseCertificateRequestBasicConstraints: true -# ValidateCAA: true -# metricsTLSConfig: -# dynamic: -# secretNamespace: "cert-manager" -# secretName: "cert-manager-metrics-ca" -# dnsNames: -# - cert-manager-metrics -# - cert-manager-metrics.cert-manager -# - cert-manager-metrics.cert-manager.svc -config: {} - -# Setting Nameservers for DNS01 Self Check. -# For more information, see the [cert-manager documentation](https://cert-manager.io/docs/configuration/acme/dns01/#setting-nameservers-for-dns01-self-check). - -# A comma-separated string with the host and port of the recursive nameservers cert-manager should query. -dns01RecursiveNameservers: "" - -# Forces cert-manager to use only the recursive nameservers for verification. -# Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. -dns01RecursiveNameserversOnly: false - -# Option to disable cert-manager's build-in auto-approver. The auto-approver -# approves all CertificateRequests that reference issuers matching the 'approveSignerNames' -# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions -# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). -disableAutoApproval: false - -# List of signer names that cert-manager will approve by default. CertificateRequests -# referencing these signer names will be auto-approved by cert-manager. Defaults to just -# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty -# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, -# because eg. you are using approver-policy, you can enable 'disableAutoApproval'. -# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval -# +docs:property -approveSignerNames: -- issuers.cert-manager.io/* -- clusterissuers.cert-manager.io/* - -# Additional command line flags to pass to cert-manager controller binary. -# To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`. -# -# Use this flag to enable or disable arbitrary controllers. For example, to disable the CertificiateRequests approver. -# -# For example: -# extraArgs: -# - --controllers=*,-certificaterequests-approver -extraArgs: [] - -# Additional environment variables to pass to cert-manager controller binary. -extraEnv: [] -# - name: SOME_VAR -# value: 'some value' - -# Resources to provide to the cert-manager controller pod. -# -# For example: -# requests: -# cpu: 10m -# memory: 32Mi -# -# For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). -resources: {} - -# Pod Security Context. -# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). -# +docs:property -securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - -# Container Security Context to be set on the controller component container. -# For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). -# +docs:property -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - -# Additional volumes to add to the cert-manager controller pod. -volumes: [] - -# Additional volume mounts to add to the cert-manager controller container. -volumeMounts: [] - -# Optional additional annotations to add to the controller Deployment. -# +docs:property -# deploymentAnnotations: {} - -# Optional additional annotations to add to the controller Pods. -# +docs:property -# podAnnotations: {} - -# Optional additional labels to add to the controller Pods. -podLabels: {} - -# Optional annotations to add to the controller Service. -# +docs:property -# serviceAnnotations: {} - -# Optional additional labels to add to the controller Service. -# +docs:property -# serviceLabels: {} - -# Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). -# +docs:property -# serviceIPFamilyPolicy: "" - -# Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. -# +docs:property -# serviceIPFamilies: [] - -# Optional DNS settings. These are useful if you have a public and private DNS zone for -# the same domain on Route 53. The following is an example of ensuring -# cert-manager can access an ingress or DNS TXT records at all times. -# Note that this requires Kubernetes 1.10 or `CustomPodDNS` feature gate enabled for -# the cluster to work. - -# Pod DNS policy. -# For more information, see [Pod's DNS Policy](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy). -# +docs:property -# podDnsPolicy: "None" - -# Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy -# settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. -# For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config). -# +docs:property -# podDnsConfig: -# nameservers: -# - "1.1.1.1" -# - "8.8.8.8" - -# Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks. -hostAliases: [] -# - ip: 127.0.0.1 -# hostnames: -# - foo.local -# - bar.local -# - ip: 10.1.2.3 -# hostnames: -# - foo.remote -# - bar.remote - -# The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with -# matching labels. -# For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). -# -# This default ensures that Pods are only scheduled to Linux nodes. -# It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. -# +docs:property -nodeSelector: - kubernetes.io/os: linux - -# +docs:ignore -ingressShim: {} - - # Optional default issuer to use for ingress resources. - # +docs:property=ingressShim.defaultIssuerName - # defaultIssuerName: "" - - # Optional default issuer kind to use for ingress resources. - # +docs:property=ingressShim.defaultIssuerKind - # defaultIssuerKind: "" - - # Optional default issuer group to use for ingress resources. - # +docs:property=ingressShim.defaultIssuerGroup - # defaultIssuerGroup: "" - -# Use these variables to configure the HTTP_PROXY environment variables. - -# Configures the HTTP_PROXY environment variable where a HTTP proxy is required. -# +docs:property -# http_proxy: "http://proxy:8080" - -# Configures the HTTPS_PROXY environment variable where a HTTP proxy is required. -# +docs:property -# https_proxy: "https://proxy:8080" - -# Configures the NO_PROXY environment variable where a HTTP proxy is required, -# but certain domains should be excluded. -# +docs:property -# no_proxy: 127.0.0.1,localhost - - -# A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). -# -# For example: -# affinity: -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchExpressions: -# - key: foo.bar.com/role -# operator: In -# values: -# - master -affinity: {} - -# A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). -# -# For example: -# tolerations: -# - key: foo.bar.com/role -# operator: Equal -# value: master -# effect: NoSchedule -tolerations: [] - -# A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core -# -# For example: -# topologySpreadConstraints: -# - maxSkew: 2 -# topologyKey: topology.kubernetes.io/zone -# whenUnsatisfiable: ScheduleAnyway -# labelSelector: -# matchLabels: -# app.kubernetes.io/instance: cert-manager -# app.kubernetes.io/component: controller -topologySpreadConstraints: [] - -# LivenessProbe settings for the controller container of the controller Pod. -# -# This is enabled by default, in order to enable the clock-skew liveness probe that -# restarts the controller in case of a skew between the system clock and the monotonic clock. -# LivenessProbe durations and thresholds are based on those used for the Kubernetes -# controller-manager. For more information see the following on the -# [Kubernetes GitHub repository](https://github.com/kubernetes/kubernetes/blob/806b30170c61a38fedd54cc9ede4cd6275a1ad3b/cmd/kubeadm/app/util/staticpod/utils.go#L241-L245) -# +docs:property -livenessProbe: - enabled: true - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 15 - successThreshold: 1 - failureThreshold: 8 - -# enableServiceLinks indicates whether information about services should be -# injected into the pod's environment variables, matching the syntax of Docker -# links. -enableServiceLinks: false - -# +docs:section=Prometheus - -prometheus: - # Enable Prometheus monitoring for the cert-manager controller to use with the - # Prometheus Operator. If this option is enabled without enabling `prometheus.servicemonitor.enabled` or - # `prometheus.podmonitor.enabled`, 'prometheus.io' annotations are added to the cert-manager Deployment - # resources. Additionally, a service is created which can be used together - # with your own ServiceMonitor (managed outside of this Helm chart). - # Otherwise, a ServiceMonitor/ PodMonitor is created. - enabled: true - - servicemonitor: - # Create a ServiceMonitor to add cert-manager to Prometheus. - enabled: true - - # Specifies the `prometheus` label on the created ServiceMonitor. This is - # used when different Prometheus instances have label selectors matching - # different ServiceMonitors. - prometheusInstance: default - - # The target port to set on the ServiceMonitor. This must match the port that the - # cert-manager controller is listening on for metrics. - targetPort: 9402 - - # The path to scrape for metrics. - path: /metrics - - # The interval to scrape metrics. - interval: 60s - - # The timeout before a metrics scrape fails. - scrapeTimeout: 30s - - # Additional labels to add to the ServiceMonitor. - labels: {} - - # Additional annotations to add to the ServiceMonitor. - annotations: {} - - # Keep labels from scraped data, overriding server-side labels. - honorLabels: false - - # EndpointAdditionalProperties allows setting additional properties on the - # endpoint such as relabelings, metricRelabelings etc. - # - # For example: - # endpointAdditionalProperties: - # relabelings: - # - action: replace - # sourceLabels: - # - __meta_kubernetes_pod_node_name - # targetLabel: instance - # - # +docs:property - endpointAdditionalProperties: {} - - # Note that you can not enable both PodMonitor and ServiceMonitor as they are mutually exclusive. Enabling both will result in a error. - podmonitor: - # Create a PodMonitor to add cert-manager to Prometheus. - enabled: false - - # Specifies the `prometheus` label on the created PodMonitor. This is - # used when different Prometheus instances have label selectors matching - # different PodMonitors. - prometheusInstance: default - - # The path to scrape for metrics. - path: /metrics - - # The interval to scrape metrics. - interval: 60s - - # The timeout before a metrics scrape fails. - scrapeTimeout: 30s - - # Additional labels to add to the PodMonitor. - labels: {} - - # Additional annotations to add to the PodMonitor. - annotations: {} - - # Keep labels from scraped data, overriding server-side labels. - honorLabels: false - - # EndpointAdditionalProperties allows setting additional properties on the - # endpoint such as relabelings, metricRelabelings etc. - # - # For example: - # endpointAdditionalProperties: - # relabelings: - # - action: replace - # sourceLabels: - # - __meta_kubernetes_pod_node_name - # targetLabel: instance - # - # +docs:property - endpointAdditionalProperties: {} - -# +docs:section=Webhook - -webhook: - # Number of replicas of the cert-manager webhook to run. - # - # The default is 1, but in production set this to 2 or 3 to provide high - # availability. - # - # If `replicas > 1`, consider setting `webhook.podDisruptionBudget.enabled=true`. - replicaCount: 1 - - # The number of seconds the API server should wait for the webhook to respond before treating the call as a failure. - # The value must be between 1 and 30 seconds. For more information, see - # [Validating webhook configuration v1](https://kubernetes.io/docs/reference/kubernetes-api/extend-resources/validating-webhook-configuration-v1/). - # - # The default is set to the maximum value of 30 seconds as - # users sometimes report that the connection between the K8S API server and - # the cert-manager webhook server times out. - # If *this* timeout is reached, the error message will be "context deadline exceeded", - # which doesn't help the user diagnose what phase of the HTTPS connection timed out. - # For example, it could be during DNS resolution, TCP connection, TLS - # negotiation, HTTP negotiation, or slow HTTP response from the webhook - # server. - # By setting this timeout to its maximum value the underlying timeout error - # message has more chance of being returned to the end user. - timeoutSeconds: 30 - - # This is used to configure options for the webhook pod. - # This allows setting options that would usually be provided using flags. - # An APIVersion and Kind must be specified in your values.yaml file. - # Flags override options that are set here. - # - # For example: - # apiVersion: webhook.config.cert-manager.io/v1alpha1 - # kind: WebhookConfiguration - # # The port that the webhook listens on for requests. - # # In GKE private clusters, by default Kubernetes apiservers are allowed to - # # talk to the cluster nodes only on 443 and 10250. Configuring - # # securePort: 10250 therefore will work out-of-the-box without needing to add firewall - # # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers < 1000. - # # This should be uncommented and set as a default by the chart once - # # the apiVersion of WebhookConfiguration graduates beyond v1alpha1. - # securePort: 10250 - config: {} - - # The update strategy for the cert-manager webhook deployment. - # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy) - # - # For example: - # strategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - strategy: {} - - # Pod Security Context to be set on the webhook component Pod. - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - - # Container Security Context to be set on the webhook component container. - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - - podDisruptionBudget: - # Enable or disable the PodDisruptionBudget resource. - # - # This prevents downtime during voluntary disruptions such as during a Node upgrade. - # For example, the PodDisruptionBudget will block `kubectl drain` - # if it is used on the Node where the only remaining cert-manager - # Pod is currently running. - enabled: false - - # This property configures the minimum available pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # It cannot be used if `maxUnavailable` is set. - # +docs:property - # minAvailable: 1 - - # This property configures the maximum unavailable pods for disruptions. Can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # It cannot be used if `minAvailable` is set. - # +docs:property - # maxUnavailable: 1 - - # Optional additional annotations to add to the webhook Deployment. - # +docs:property - # deploymentAnnotations: {} - - # Optional additional annotations to add to the webhook Pods. - # +docs:property - # podAnnotations: {} - - # Optional additional annotations to add to the webhook Service. - # +docs:property - # serviceAnnotations: {} - - # Optional additional annotations to add to the webhook MutatingWebhookConfiguration. - # +docs:property - # mutatingWebhookConfigurationAnnotations: {} - - # Optional additional annotations to add to the webhook ValidatingWebhookConfiguration. - # +docs:property - # validatingWebhookConfigurationAnnotations: {} - - validatingWebhookConfiguration: - # Configure spec.namespaceSelector for validating webhooks. - # +docs:property - namespaceSelector: - matchExpressions: - - key: "cert-manager.io/disable-validation" - operator: "NotIn" - values: - - "true" - - mutatingWebhookConfiguration: - # Configure spec.namespaceSelector for mutating webhooks. - # +docs:property - namespaceSelector: {} - # matchLabels: - # key: value - # matchExpressions: - # - key: kubernetes.io/metadata.name - # operator: NotIn - # values: - # - kube-system - - - # Additional command line flags to pass to cert-manager webhook binary. - # To see all available flags run `docker run quay.io/jetstack/cert-manager-webhook: --help`. - extraArgs: [] - # Path to a file containing a WebhookConfiguration object used to configure the webhook. - # - --config= - - # Comma separated list of feature gates that should be enabled on the - # webhook pod. - featureGates: "" - - # Resources to provide to the cert-manager webhook pod. - # - # For example: - # requests: - # cpu: 10m - # memory: 32Mi - # - # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - resources: {} - - # Liveness probe values. - # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). - # - # +docs:property - livenessProbe: - failureThreshold: 3 - initialDelaySeconds: 60 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - - # Readiness probe values. - # For more information, see [Container probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes). - # - # +docs:property - readinessProbe: - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 1 - - # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with - # matching labels. - # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). - # - # This default ensures that Pods are only scheduled to Linux nodes. - # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. - # +docs:property - nodeSelector: - kubernetes.io/os: linux - - # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). - # - # For example: - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: foo.bar.com/role - # operator: In - # values: - # - master - affinity: {} - - # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). - # - # For example: - # tolerations: - # - key: foo.bar.com/role - # operator: Equal - # value: master - # effect: NoSchedule - tolerations: [] - - # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). - # - # For example: - # topologySpreadConstraints: - # - maxSkew: 2 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: ScheduleAnyway - # labelSelector: - # matchLabels: - # app.kubernetes.io/instance: cert-manager - # app.kubernetes.io/component: controller - topologySpreadConstraints: [] - - # Optional additional labels to add to the Webhook Pods. - podLabels: {} - - # Optional additional labels to add to the Webhook Service. - serviceLabels: {} - - # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). - serviceIPFamilyPolicy: "" - - # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. - serviceIPFamilies: [] - - image: - # The container registry to pull the webhook image from. - # +docs:property - # registry: quay.io - - # The container image for the cert-manager webhook - # +docs:property - repository: quay.io/jetstack/cert-manager-webhook - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # +docs:property - # tag: vX.Y.Z - - # Setting a digest will override any tag - # +docs:property - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - # Kubernetes imagePullPolicy on Deployment. - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created. - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - # +docs:property - # name: "" - - # Optional additional annotations to add to the controller's Service Account. - # +docs:property - # annotations: {} - - # Optional additional labels to add to the webhook's Service Account. - # +docs:property - # labels: {} - - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - - # Automounting API credentials for a particular pod. - # +docs:property - # automountServiceAccountToken: true - - # The port that the webhook listens on for requests. - # In GKE private clusters, by default Kubernetes apiservers are allowed to - # talk to the cluster nodes only on 443 and 10250. Configuring - # securePort: 10250, therefore will work out-of-the-box without needing to add firewall - # rules or requiring NET_BIND_SERVICE capabilities to bind port numbers <1000. - securePort: 10250 - - # Specifies if the webhook should be started in hostNetwork mode. - # - # Required for use in some managed kubernetes clusters (such as AWS EKS) with custom - # CNI (such as calico), because control-plane managed by AWS cannot communicate - # with pods' IP CIDR and admission webhooks are not working - # - # Since the default port for the webhook conflicts with kubelet on the host - # network, `webhook.securePort` should be changed to an available port if - # running in hostNetwork mode. - hostNetwork: false - - # Specifies how the service should be handled. Useful if you want to expose the - # webhook outside of the cluster. In some cases, the control plane cannot - # reach internal services. - serviceType: ClusterIP - - # Specify the load balancer IP for the created service. - # +docs:property - # loadBalancerIP: "10.10.10.10" - - # Overrides the mutating webhook and validating webhook so they reach the webhook - # service using the `url` field instead of a service. - url: {} - # host: - - # Enables default network policies for webhooks. - networkPolicy: - # Create network policies for the webhooks. - enabled: false - - # Ingress rule for the webhook network policy. By default, it allows all - # inbound traffic. - # +docs:property - ingress: - - from: - - ipBlock: - cidr: 0.0.0.0/0 - - # Egress rule for the webhook network policy. By default, it allows all - # outbound traffic to ports 80 and 443, as well as DNS ports. - # +docs:property - egress: - - ports: - - port: 80 - protocol: TCP - - port: 443 - protocol: TCP - - port: 53 - protocol: TCP - - port: 53 - protocol: UDP - # On OpenShift and OKD, the Kubernetes API server listens on. - # port 6443. - - port: 6443 - protocol: TCP - to: - - ipBlock: - cidr: 0.0.0.0/0 - - # Additional volumes to add to the cert-manager controller pod. - volumes: [] - - # Additional volume mounts to add to the cert-manager controller container. - volumeMounts: [] - - # enableServiceLinks indicates whether information about services should be - # injected into the pod's environment variables, matching the syntax of Docker - # links. - enableServiceLinks: false - -# +docs:section=CA Injector - -cainjector: - # Create the CA Injector deployment - enabled: true - - # The number of replicas of the cert-manager cainjector to run. - # - # The default is 1, but in production set this to 2 or 3 to provide high - # availability. - # - # If `replicas > 1`, consider setting `cainjector.podDisruptionBudget.enabled=true`. - # - # Note that cert-manager uses leader election to ensure that there can - # only be a single instance active at a time. - replicaCount: 1 - - # This is used to configure options for the cainjector pod. - # It allows setting options that are usually provided via flags. - # An APIVersion and Kind must be specified in your values.yaml file. - # Flags override options that are set here. - # - # For example: - # apiVersion: cainjector.config.cert-manager.io/v1alpha1 - # kind: CAInjectorConfiguration - # logging: - # verbosity: 2 - # format: text - # leaderElectionConfig: - # namespace: kube-system - config: {} - - # Deployment update strategy for the cert-manager cainjector deployment. - # For more information, see the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). - # - # For example: - # strategy: - # type: RollingUpdate - # rollingUpdate: - # maxSurge: 0 - # maxUnavailable: 1 - strategy: {} - - # Pod Security Context to be set on the cainjector component Pod - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - - # Container Security Context to be set on the cainjector component container - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - - podDisruptionBudget: - # Enable or disable the PodDisruptionBudget resource. - # - # This prevents downtime during voluntary disruptions such as during a Node upgrade. - # For example, the PodDisruptionBudget will block `kubectl drain` - # if it is used on the Node where the only remaining cert-manager - # Pod is currently running. - enabled: false - - # `minAvailable` configures the minimum available pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # Cannot be used if `maxUnavailable` is set. - # +docs:property - # minAvailable: 1 - - # `maxUnavailable` configures the maximum unavailable pods for disruptions. It can either be set to - # an integer (e.g. 1) or a percentage value (e.g. 25%). - # Cannot be used if `minAvailable` is set. - # +docs:property - # maxUnavailable: 1 - - # Optional additional annotations to add to the cainjector Deployment. - # +docs:property - # deploymentAnnotations: {} - - # Optional additional annotations to add to the cainjector Pods. - # +docs:property - # podAnnotations: {} - - # Additional command line flags to pass to cert-manager cainjector binary. - # To see all available flags run `docker run quay.io/jetstack/cert-manager-cainjector: --help`. - extraArgs: [] - # Enable profiling for cainjector. - # - --enable-profiling=true - - # Comma separated list of feature gates that should be enabled on the - # cainjector pod. - featureGates: "" - - # Resources to provide to the cert-manager cainjector pod. - # - # For example: - # requests: - # cpu: 10m - # memory: 32Mi - # - # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - resources: {} - - - # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with - # matching labels. - # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). - # - # This default ensures that Pods are only scheduled to Linux nodes. - # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. - # +docs:property - nodeSelector: - kubernetes.io/os: linux - - # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). - # - # For example: - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: foo.bar.com/role - # operator: In - # values: - # - master - affinity: {} - - # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). - # - # For example: - # tolerations: - # - key: foo.bar.com/role - # operator: Equal - # value: master - # effect: NoSchedule - tolerations: [] - - # A list of Kubernetes TopologySpreadConstraints, if required. For more information, see [Topology spread constraint v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#topologyspreadconstraint-v1-core). - # - # For example: - # topologySpreadConstraints: - # - maxSkew: 2 - # topologyKey: topology.kubernetes.io/zone - # whenUnsatisfiable: ScheduleAnyway - # labelSelector: - # matchLabels: - # app.kubernetes.io/instance: cert-manager - # app.kubernetes.io/component: controller - topologySpreadConstraints: [] - - # Optional additional labels to add to the CA Injector Pods. - podLabels: {} - - image: - # The container registry to pull the cainjector image from. - # +docs:property - # registry: quay.io - - # The container image for the cert-manager cainjector - # +docs:property - repository: quay.io/jetstack/cert-manager-cainjector - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion will be used. - # +docs:property - # tag: vX.Y.Z - - # Setting a digest will override any tag. - # +docs:property - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - # Kubernetes imagePullPolicy on Deployment. - pullPolicy: IfNotPresent - - serviceAccount: - # Specifies whether a service account should be created. - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - # +docs:property - # name: "" - - # Optional additional annotations to add to the controller's Service Account. - # +docs:property - # annotations: {} - - # Optional additional labels to add to the cainjector's Service Account. - # +docs:property - # labels: {} - - # Automount API credentials for a Service Account. - automountServiceAccountToken: true - - # Automounting API credentials for a particular pod. - # +docs:property - # automountServiceAccountToken: true - - # Additional volumes to add to the cert-manager controller pod. - volumes: [] - - # Additional volume mounts to add to the cert-manager controller container. - volumeMounts: [] - - # enableServiceLinks indicates whether information about services should be - # injected into the pod's environment variables, matching the syntax of Docker - # links. - enableServiceLinks: false - -# +docs:section=ACME Solver - -acmesolver: - image: - # The container registry to pull the acmesolver image from. - # +docs:property - # registry: quay.io - - # The container image for the cert-manager acmesolver. - # +docs:property - repository: quay.io/jetstack/cert-manager-acmesolver - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion is used. - # +docs:property - # tag: vX.Y.Z - - # Setting a digest will override any tag. - # +docs:property - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - # Kubernetes imagePullPolicy on Deployment. - pullPolicy: IfNotPresent - -# +docs:section=Startup API Check -# This startupapicheck is a Helm post-install hook that waits for the webhook -# endpoints to become available. -# The check is implemented using a Kubernetes Job - if you are injecting mesh -# sidecar proxies into cert-manager pods, ensure that they -# are not injected into this Job's pod. Otherwise, the installation may time out -# owing to the Job never being completed because the sidecar proxy does not exit. -# For more information, see [this note](https://github.com/cert-manager/cert-manager/pull/4414). - -startupapicheck: - # Enables the startup api check. - enabled: true - - # Pod Security Context to be set on the startupapicheck component Pod. - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - securityContext: - runAsNonRoot: true - seccompProfile: - type: RuntimeDefault - - # Container Security Context to be set on the controller component container. - # For more information, see [Configure a Security Context for a Pod or Container](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). - # +docs:property - containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - - # Timeout for 'kubectl check api' command. - timeout: 1m - - # Job backoffLimit - backoffLimit: 4 - - # Optional additional annotations to add to the startupapicheck Job. - # +docs:property - jobAnnotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "1" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Optional additional annotations to add to the startupapicheck Pods. - # +docs:property - # podAnnotations: {} - - # Additional command line flags to pass to startupapicheck binary. - # To see all available flags run `docker run quay.io/jetstack/cert-manager-startupapicheck: --help`. - # - # Verbose logging is enabled by default so that if startupapicheck fails, you - # can know what exactly caused the failure. Verbose logs include details of - # the webhook URL, IP address and TCP connect errors for example. - # +docs:property - extraArgs: - - -v - - # Resources to provide to the cert-manager controller pod. - # - # For example: - # requests: - # cpu: 10m - # memory: 32Mi - # - # For more information, see [Resource Management for Pods and Containers](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). - resources: {} - - - # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with - # matching labels. - # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). - # - # This default ensures that Pods are only scheduled to Linux nodes. - # It prevents Pods being scheduled to Windows nodes in a mixed OS cluster. - # +docs:property - nodeSelector: - kubernetes.io/os: linux - - # A Kubernetes Affinity, if required. For more information, see [Affinity v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#affinity-v1-core). - # For example: - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: foo.bar.com/role - # operator: In - # values: - # - master - affinity: {} - - # A list of Kubernetes Tolerations, if required. For more information, see [Toleration v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.27/#toleration-v1-core). - # - # For example: - # tolerations: - # - key: foo.bar.com/role - # operator: Equal - # value: master - # effect: NoSchedule - tolerations: [] - - # Optional additional labels to add to the startupapicheck Pods. - podLabels: {} - - image: - # The container registry to pull the startupapicheck image from. - # +docs:property - # registry: quay.io - - # The container image for the cert-manager startupapicheck. - # +docs:property - repository: quay.io/jetstack/cert-manager-startupapicheck - - # Override the image tag to deploy by setting this variable. - # If no value is set, the chart's appVersion is used. - # +docs:property - # tag: vX.Y.Z - - # Setting a digest will override any tag. - # +docs:property - # digest: sha256:0e072dddd1f7f8fc8909a2ca6f65e76c5f0d2fcfb8be47935ae3457e8bbceb20 - - # Kubernetes imagePullPolicy on Deployment. - pullPolicy: IfNotPresent - - rbac: - # annotations for the startup API Check job RBAC and PSP resources. - # +docs:property - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Automounting API credentials for a particular pod. - # +docs:property - # automountServiceAccountToken: true - - serviceAccount: - # Specifies whether a service account should be created. - create: true - - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template. - # +docs:property - # name: "" - - # Optional additional annotations to add to the Job's Service Account. - # +docs:property - annotations: - helm.sh/hook: post-install - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded - - # Automount API credentials for a Service Account. - # +docs:property - automountServiceAccountToken: true - - # Optional additional labels to add to the startupapicheck's Service Account. - # +docs:property - # labels: {} - - # Additional volumes to add to the cert-manager controller pod. - volumes: [] - - # Additional volume mounts to add to the cert-manager controller container. - volumeMounts: [] - - # enableServiceLinks indicates whether information about services should be - # injected into pod's environment variables, matching the syntax of Docker - # links. - enableServiceLinks: false - -# Create dynamic manifests via values. -# -# For example: -# extraObjects: -# - | -# apiVersion: v1 -# kind: ConfigMap -# metadata: -# name: '{{ template "cert-manager.name" . }}-extra-configmap' -extraObjects: [] - diff --git a/modules/main.tf b/modules/main.tf index eabb3419..a9c544a9 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -49,6 +49,23 @@ locals { space_id = "root" version_number = "0.0.1" } + + trivy-operator = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "trivy-operator" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-1007-monitoring" + description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." + project_root = "modules/trivy-operator" + space_id = "root" + version_number = "0.0.1" + } } } diff --git a/modules/opentelemetry-collector/README.md b/modules/opentelemetry-collector/README.md deleted file mode 100644 index 2d370cae..00000000 --- a/modules/opentelemetry-collector/README.md +++ /dev/null @@ -1,6 +0,0 @@ -# Purpose -This module is used to deploy the OpenTelemetry Collector helm chart - -Resources: - -- diff --git a/modules/opentelemetry-collector/main.tf b/modules/opentelemetry-collector/main.tf deleted file mode 100644 index b00479f1..00000000 --- a/modules/opentelemetry-collector/main.tf +++ /dev/null @@ -1,28 +0,0 @@ -resource "kubernetes_namespace" "opentelemetry" { - metadata { - name = "opentelemetry" - } -} - -resource "helm_release" "opentelemetry" { - name = "opentelemetry-collector" - repository = "https://open-telemetry.github.io/opentelemetry-helm-charts" - chart = "opentelemetry-collector" - namespace = "opentelemetry" - version = "0.100.0" - depends_on = [ - kubernetes_namespace.opentelemetry - ] - - set { - name = "image.repository" - value = "otel/opentelemetry-collector-k8s" - } - - set { - name = "mode" - value = "deployment" - } - - values = [templatefile("${path.module}/templates/values.yaml", {})] -} diff --git a/modules/opentelemetry-collector/templates/values.yaml b/modules/opentelemetry-collector/templates/values.yaml deleted file mode 100644 index 77a1d63b..00000000 --- a/modules/opentelemetry-collector/templates/values.yaml +++ /dev/null @@ -1,556 +0,0 @@ -nameOverride: "" -fullnameOverride: "" - -# Valid values are "daemonset", "deployment", and "statefulset". -mode: "deployment" - -# Specify which namespace should be used to deploy the resources into -namespaceOverride: "" - -# Handles basic configuration of components that -# also require k8s modifications to work correctly. -# .Values.config can be used to modify/add to a preset -# component configuration, but CANNOT be used to remove -# preset configuration. If you require removal of any -# sections of a preset configuration, you cannot use -# the preset. Instead, configure the component manually in -# .Values.config and use the other fields supplied in the -# values.yaml to configure k8s as necessary. -presets: - # Configures the collector to collect logs. - # Adds the filelog receiver to the logs pipeline - # and adds the necessary volumes and volume mounts. - # Best used with mode = daemonset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#filelog-receiver for details on the receiver. - logsCollection: - enabled: false - includeCollectorLogs: false - # Enabling this writes checkpoints in /var/lib/otelcol/ host directory. - # Note this changes collector's user to root, so that it can write to host directory. - storeCheckpoints: false - # The maximum bytes size of the recombined field. - # Once the size exceeds the limit, all received entries of the source will be combined and flushed. - maxRecombineLogSize: 102400 - # Configures the collector to collect host metrics. - # Adds the hostmetrics receiver to the metrics pipeline - # and adds the necessary volumes and volume mounts. - # Best used with mode = daemonset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#host-metrics-receiver for details on the receiver. - hostMetrics: - enabled: false - # Configures the Kubernetes Processor to add Kubernetes metadata. - # Adds the k8sattributes processor to all the pipelines - # and adds the necessary rules to ClusteRole. - # Best used with mode = daemonset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-attributes-processor for details on the receiver. - kubernetesAttributes: - enabled: false - # When enabled the processor will extra all labels for an associated pod and add them as resource attributes. - # The label's exact name will be the key. - extractAllPodLabels: false - # When enabled the processor will extra all annotations for an associated pod and add them as resource attributes. - # The annotation's exact name will be the key. - extractAllPodAnnotations: false - # Configures the collector to collect node, pod, and container metrics from the API server on a kubelet.. - # Adds the kubeletstats receiver to the metrics pipeline - # and adds the necessary rules to ClusteRole. - # Best used with mode = daemonset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubeletstats-receiver for details on the receiver. - kubeletMetrics: - enabled: false - # Configures the collector to collect kubernetes events. - # Adds the k8sobject receiver to the logs pipeline - # and collects kubernetes events by default. - # Best used with mode = deployment or statefulset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-objects-receiver for details on the receiver. - kubernetesEvents: - enabled: false - # Configures the Kubernetes Cluster Receiver to collect cluster-level metrics. - # Adds the k8s_cluster receiver to the metrics pipeline - # and adds the necessary rules to ClusteRole. - # Best used with mode = deployment or statefulset. - # See https://opentelemetry.io/docs/kubernetes/collector/components/#kubernetes-cluster-receiver for details on the receiver. - clusterMetrics: - enabled: false - -configMap: - # Specifies whether a configMap should be created (true by default) - create: true - # Specifies an existing ConfigMap to be mounted to the pod - # The ConfigMap MUST include the collector configuration via a key named 'relay' or the collector will not start. - existingName: "" - -# Base collector configuration. -# Supports templating. To escape existing instances of {{ }}, use {{` `}}. -# For example, {{ REDACTED_EMAIL }} becomes {{` {{ REDACTED_EMAIL }} `}}. -config: - exporters: - debug: {} - extensions: - # The health_check extension is mandatory for this chart. - # Without the health_check extension the collector will fail the readiness and liveliness probes. - # The health_check extension can be modified, but should never be removed. - health_check: - endpoint: $${env:MY_POD_IP}:13133 - processors: - batch: {} - # Default memory limiter configuration for the collector based on k8s resource limits. - memory_limiter: - # check_interval is the time between measurements of memory usage. - check_interval: 5s - # By default limit_mib is set to 80% of ".Values.resources.limits.memory" - limit_percentage: 80 - # By default spike_limit_mib is set to 25% of ".Values.resources.limits.memory" - spike_limit_percentage: 25 - receivers: - otlp: - protocols: - grpc: - endpoint: $${env:MY_POD_IP}:4317 - http: - endpoint: $${env:MY_POD_IP}:4318 - service: - telemetry: - metrics: - address: $${env:MY_POD_IP}:8888 - extensions: - - health_check - pipelines: - logs: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - metrics: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - - prometheus - traces: - exporters: - - debug - processors: - - memory_limiter - - batch - receivers: - - otlp - -image: - # If you want to use the core image `otel/opentelemetry-collector`, you also need to change `command.name` value to `otelcol`. - repository: "" - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). - digest: "" -imagePullSecrets: [] - -# OpenTelemetry Collector executable -command: - name: "" - extraArgs: [] - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: "" - -clusterRole: - # Specifies whether a clusterRole should be created - # Some presets also trigger the creation of a cluster role and cluster role binding. - # If using one of those presets, this field is no-op. - create: false - # Annotations to add to the clusterRole - # Can be used in combination with presets that create a cluster role. - annotations: {} - # The name of the clusterRole to use. - # If not set a name is generated using the fullname template - # Can be used in combination with presets that create a cluster role. - name: "" - # A set of rules as documented here : https://kubernetes.io/docs/reference/access-authn-authz/rbac/ - # Can be used in combination with presets that create a cluster role to add additional rules. - rules: [] - # - apiGroups: - # - '' - # resources: - # - 'pods' - # - 'nodes' - # verbs: - # - 'get' - # - 'list' - # - 'watch' - - clusterRoleBinding: - # Annotations to add to the clusterRoleBinding - # Can be used in combination with presets that create a cluster role binding. - annotations: {} - # The name of the clusterRoleBinding to use. - # If not set a name is generated using the fullname template - # Can be used in combination with presets that create a cluster role binding. - name: "" - -podSecurityContext: {} -securityContext: {} - -nodeSelector: {} -tolerations: [] -affinity: {} -topologySpreadConstraints: [] - -# Allows for pod scheduler prioritisation -priorityClassName: "" - -extraEnvs: [] -extraEnvsFrom: [] -# This also supports template content, which will eventually be converted to yaml. -extraVolumes: [] - -# This also supports template content, which will eventually be converted to yaml. -extraVolumeMounts: [] - -# Configuration for ports -# nodePort is also allowed -ports: - otlp: - enabled: true - containerPort: 4317 - servicePort: 4317 - hostPort: 4317 - protocol: TCP - # nodePort: 30317 - appProtocol: grpc - otlp-http: - enabled: true - containerPort: 4318 - servicePort: 4318 - hostPort: 4318 - protocol: TCP - metrics: - # The metrics port is disabled by default. However you need to enable the port - # in order to use the ServiceMonitor (serviceMonitor.enabled) or PodMonitor (podMonitor.enabled). - enabled: false - containerPort: 8888 - servicePort: 8888 - protocol: TCP - -# When enabled, the chart will set the GOMEMLIMIT env var to 80% of the configured resources.limits.memory. -# If no resources.limits.memory are defined then enabling does nothing. -# It is HIGHLY recommend to enable this setting and set a value for resources.limits.memory. -useGOMEMLIMIT: true - -# Resource limits & requests. -# It is HIGHLY recommended to set resource limits. -resources: {} -# resources: -# limits: -# cpu: 250m -# memory: 512Mi - -podAnnotations: {} - -podLabels: {} - -# Common labels to add to all otel-collector resources. Evaluated as a template. -additionalLabels: {} -# app.kubernetes.io/part-of: my-app - -# Host networking requested for this pod. Use the host's network namespace. -hostNetwork: false - -# Adding entries to Pod /etc/hosts with HostAliases -# https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/ -hostAliases: [] - # - ip: "1.2.3.4" - # hostnames: - # - "my.host.com" - -# Pod DNS policy ClusterFirst, ClusterFirstWithHostNet, None, Default, None -dnsPolicy: "Default" - -# Custom DNS config. Required when DNS policy is None. -dnsConfig: {} - -# only used with deployment mode -replicaCount: 1 - -# only used with deployment mode -revisionHistoryLimit: 10 - -annotations: {} - -# List of extra sidecars to add. -# This also supports template content, which will eventually be converted to yaml. -extraContainers: [] -# extraContainers: -# - name: test -# command: -# - cp -# args: -# - /bin/sleep -# - /test/sleep -# image: busybox:latest -# volumeMounts: -# - name: test -# mountPath: /test - -# List of init container specs, e.g. for copying a binary to be executed as a lifecycle hook. -# This also supports template content, which will eventually be converted to yaml. -# Another usage of init containers is e.g. initializing filesystem permissions to the OTLP Collector user `10001` in case you are using persistence and the volume is producing a permission denied error for the OTLP Collector container. -initContainers: [] -# initContainers: -# - name: test -# image: busybox:latest -# command: -# - cp -# args: -# - /bin/sleep -# - /test/sleep -# volumeMounts: -# - name: test -# mountPath: /test -# - name: init-fs -# image: busybox:latest -# command: -# - sh -# - '-c' -# - 'chown -R 10001: /var/lib/storage/otc' # use the path given as per `extensions.file_storage.directory` & `extraVolumeMounts[x].mountPath` -# volumeMounts: -# - name: opentelemetry-collector-data # use the name of the volume used for persistence -# mountPath: /var/lib/storage/otc # use the path given as per `extensions.file_storage.directory` & `extraVolumeMounts[x].mountPath` - -# Pod lifecycle policies. -lifecycleHooks: {} -# lifecycleHooks: -# preStop: -# exec: -# command: -# - /test/sleep -# - "5" - -# liveness probe configuration -# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -## -livenessProbe: - # Number of seconds after the container has started before startup, liveness or readiness probes are initiated. - initialDelaySeconds: 5 - # How often in seconds to perform the probe. - periodSeconds: 30 - # Number of seconds after which the probe times out. - timeoutSeconds: 1 - # Minimum consecutive failures for the probe to be considered failed after having succeeded. - failureThreshold: 1 - # Duration in seconds the pod needs to terminate gracefully upon probe failure. - terminationGracePeriodSeconds: 10 - httpGet: - port: 13133 - path: / - -# readiness probe configuration -# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ -## -readinessProbe: - # Number of seconds after the container has started before startup, liveness or readiness probes are initiated. - initialDelaySeconds: 5 - # How often (in seconds) to perform the probe. - periodSeconds: 10 - # Number of seconds after which the probe times out. - timeoutSeconds: 1 - # Minimum consecutive successes for the probe to be considered successful after having failed. - successThreshold: 2 - # Minimum consecutive failures for the probe to be considered failed after having succeeded. - failureThreshold: 2 - httpGet: - port: 13133 - path: / - -service: - # Enable the creation of a Service. - # By default, it's enabled on mode != daemonset. - # However, to enable it on mode = daemonset, its creation must be explicitly enabled - # enabled: true - - type: ClusterIP - # type: LoadBalancer - # loadBalancerIP: 1.2.3.4 - # loadBalancerSourceRanges: [] - - # By default, Service of type 'LoadBalancer' will be created setting 'externalTrafficPolicy: Cluster' - # unless other value is explicitly set. - # Possible values are Cluster or Local (https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip) - # externalTrafficPolicy: Cluster - - annotations: {} - - # By default, Service will be created setting 'internalTrafficPolicy: Local' on mode = daemonset - # unless other value is explicitly set. - # Setting 'internalTrafficPolicy: Cluster' on a daemonset is not recommended - # internalTrafficPolicy: Cluster - -ingress: - enabled: false - # annotations: {} - # ingressClassName: nginx - # hosts: - # - host: collector.example.com - # paths: - # - path: / - # pathType: Prefix - # port: 4318 - # tls: - # - secretName: collector-tls - # hosts: - # - collector.example.com - - # Additional ingresses - only created if ingress.enabled is true - # Useful for when differently annotated ingress services are required - # Each additional ingress needs key "name" set to something unique - additionalIngresses: [] - # - name: cloudwatch - # ingressClassName: nginx - # annotations: {} - # hosts: - # - host: collector.example.com - # paths: - # - path: / - # pathType: Prefix - # port: 4318 - # tls: - # - secretName: collector-tls - # hosts: - # - collector.example.com - -podMonitor: - # The pod monitor by default scrapes the metrics port. - # The metrics port needs to be enabled as well. - enabled: false - metricsEndpoints: - - port: metrics - # interval: 15s - - # additional labels for the PodMonitor - extraLabels: {} - # release: kube-prometheus-stack - -serviceMonitor: - # The service monitor by default scrapes the metrics port. - # The metrics port needs to be enabled as well. - enabled: false - metricsEndpoints: - - port: metrics - # interval: 15s - - # additional labels for the ServiceMonitor - extraLabels: {} - # release: kube-prometheus-stack - # Used to set relabeling and metricRelabeling configs on the ServiceMonitor - # https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config - relabelings: [] - metricRelabelings: [] - -# PodDisruptionBudget is used only if deployment enabled -podDisruptionBudget: - enabled: false -# minAvailable: 2 -# maxUnavailable: 1 - -# autoscaling is used only if mode is "deployment" or "statefulset" -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 10 - behavior: {} - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -rollout: - rollingUpdate: {} - # When 'mode: daemonset', maxSurge cannot be used when hostPort is set for any of the ports - # maxSurge: 25% - # maxUnavailable: 0 - strategy: RollingUpdate - -prometheusRule: - enabled: false - groups: [] - # Create default rules for monitoring the collector - defaultRules: - enabled: false - - # additional labels for the PrometheusRule - extraLabels: {} - -statefulset: - # volumeClaimTemplates for a statefulset - volumeClaimTemplates: [] - podManagementPolicy: "Parallel" - # Controls if and how PVCs created by the StatefulSet are deleted. Available in Kubernetes 1.23+. - persistentVolumeClaimRetentionPolicy: - enabled: false - whenDeleted: Retain - whenScaled: Retain - -networkPolicy: - enabled: false - - # Annotations to add to the NetworkPolicy - annotations: {} - - # Configure the 'from' clause of the NetworkPolicy. - # By default this will restrict traffic to ports enabled for the Collector. If - # you wish to further restrict traffic to other hosts or specific namespaces, - # see the standard NetworkPolicy 'spec.ingress.from' definition for more info: - # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ - allowIngressFrom: [] - # # Allow traffic from any pod in any namespace, but not external hosts - # - namespaceSelector: {} - # # Allow external access from a specific cidr block - # - ipBlock: - # cidr: 192.168.1.64/32 - # # Allow access from pods in specific namespaces - # - namespaceSelector: - # matchExpressions: - # - key: kubernetes.io/metadata.name - # operator: In - # values: - # - "cats" - # - "dogs" - - # Add additional ingress rules to specific ports - # Useful to allow external hosts/services to access specific ports - # An example is allowing an external prometheus server to scrape metrics - # - # See the standard NetworkPolicy 'spec.ingress' definition for more info: - # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ - extraIngressRules: [] - # - ports: - # - port: metrics - # protocol: TCP - # from: - # - ipBlock: - # cidr: 192.168.1.64/32 - - # Restrict egress traffic from the OpenTelemetry collector pod - # See the standard NetworkPolicy 'spec.egress' definition for more info: - # https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/network-policy-v1/ - egressRules: [] - # - to: - # - namespaceSelector: {} - # - ipBlock: - # cidr: 192.168.10.10/24 - # ports: - # - port: 1234 - # protocol: TCP - -# Allow containers to share processes across pod namespace -shareProcessNamespace: false \ No newline at end of file diff --git a/modules/opentelemetry-collector/versions.tf b/modules/opentelemetry-collector/versions.tf deleted file mode 100644 index 00cbb0b3..00000000 --- a/modules/opentelemetry-collector/versions.tf +++ /dev/null @@ -1,16 +0,0 @@ -terraform { - required_providers { - aws = { - source = "hashicorp/aws" - version = "~> 5.0" - } - kubernetes = { - source = "hashicorp/kubernetes" - version = "~> 2.0" - } - helm = { - source = "hashicorp/helm" - version = "~> 2.0" - } - } -} diff --git a/modules/trivy-operator/main.tf b/modules/trivy-operator/main.tf new file mode 100644 index 00000000..ca705548 --- /dev/null +++ b/modules/trivy-operator/main.tf @@ -0,0 +1,18 @@ +resource "kubernetes_namespace" "trivy-system" { + metadata { + name = "trivy-system" + } +} + +resource "helm_release" "trivy-operator" { + name = "trivy-operator" + repository = "https://aquasecurity.github.io/helm-charts/" + chart = "trivy-operator" + namespace = "trivy-system" + version = "0.24.1" + depends_on = [ + kubernetes_namespace.trivy-system + ] + + values = [templatefile("${path.module}/templates/values.yaml", {})] +} diff --git a/modules/trivy-operator/templates/values.yaml b/modules/trivy-operator/templates/values.yaml new file mode 100644 index 00000000..996fa47c --- /dev/null +++ b/modules/trivy-operator/templates/values.yaml @@ -0,0 +1,783 @@ +# Default values for the trivy-operator Helm chart, these are used to render +# the templates into valid k8s Resources. + +# -- global values provide a centralized configuration for 'image.registry', reducing the potential for errors. +# If left blank, the chart will default to the individually set 'image.registry' values +global: + image: + registry: "" + +# -- managedBy is similar to .Release.Service but allows to overwrite the value +managedBy: Helm + +# -- targetNamespace defines where you want trivy-operator to operate. By +# default, it's a blank string to select all namespaces, but you can specify +# another namespace, or a comma separated list of namespaces. +targetNamespaces: "" + +# -- excludeNamespaces is a comma separated list of namespaces (or glob patterns) +# to be excluded from scanning. Only applicable in the all namespaces install +# mode, i.e. when the targetNamespaces values is a blank string. +excludeNamespaces: "" + +# -- targetWorkloads is a comma seperated list of Kubernetes workload resources +# to be included in the vulnerability and config-audit scans +# if left blank, all workload resources will be scanned +targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job" + +# -- nameOverride override operator name +nameOverride: "" + +# -- fullnameOverride override operator full name +fullnameOverride: "" + +operator: + # -- namespace to install the operator, defaults to the .Release.Namespace + namespace: "" + # -- replicas the number of replicas of the operator's pod + replicas: 1 + + # -- number of old history to retain to allow rollback (if not set, default Kubernetes value is set to 10) + revisionHistoryLimit: ~ + + # -- additional annotations for the operator deployment + annotations: {} + + # -- additional labels for the operator deployment + labels: {} + + # -- additional labels for the operator pod + podLabels: {} + + # -- leaderElectionId determines the name of the resource that leader election + # will use for holding the leader lock. + leaderElectionId: "trivyoperator-lock" + + # -- logDevMode the flag to enable development mode (more human-readable output, extra stack traces and logging information, etc) + logDevMode: false + + # -- scanJobTTL the set automatic cleanup time after the job is completed + scanJobTTL: "" + + # -- scanSecretTTL set an automatic cleanup for scan job secrets + scanSecretTTL: "" + + # -- scanJobTimeout the length of time to wait before giving up on a scan job + scanJobTimeout: 5m + + # -- scanJobsConcurrentLimit the maximum number of scan jobs create by the operator + scanJobsConcurrentLimit: 10 + + # -- scanNodeCollectorLimit the maximum number of node collector jobs create by the operator + scanNodeCollectorLimit: 1 + + # -- scanJobsRetryDelay the duration to wait before retrying a failed scan job + scanJobsRetryDelay: 30s + + # -- the flag to enable vulnerability scanner + vulnerabilityScannerEnabled: true + # -- the flag to enable sbom generation, required for enabling ClusterVulnerabilityReports + sbomGenerationEnabled: true + # -- the flag to enable cluster sbom cache generation + clusterSbomCacheEnabled: false + # -- scannerReportTTL the flag to set how long a report should exist. "" means that the ScannerReportTTL feature is disabled + scannerReportTTL: "24h" + # -- cacheReportTTL the flag to set how long a cluster sbom report should exist. "" means that the cacheReportTTL feature is disabled + cacheReportTTL: "120h" + # -- configAuditScannerEnabled the flag to enable configuration audit scanner + configAuditScannerEnabled: true + # -- rbacAssessmentScannerEnabled the flag to enable rbac assessment scanner + rbacAssessmentScannerEnabled: true + # -- infraAssessmentScannerEnabled the flag to enable infra assessment scanner + infraAssessmentScannerEnabled: true + # -- clusterComplianceEnabled the flag to enable cluster compliance scanner + clusterComplianceEnabled: true + # -- batchDeleteLimit the maximum number of config audit reports deleted by the operator when the plugin's config has changed. + batchDeleteLimit: 10 + # -- vulnerabilityScannerScanOnlyCurrentRevisions the flag to only create vulnerability scans on the current revision of a deployment. + vulnerabilityScannerScanOnlyCurrentRevisions: true + # -- configAuditScannerScanOnlyCurrentRevisions the flag to only create config audit scans on the current revision of a deployment. + configAuditScannerScanOnlyCurrentRevisions: true + # -- batchDeleteDelay the duration to wait before deleting another batch of config audit reports. + batchDeleteDelay: 10s + # -- accessGlobalSecretsAndServiceAccount The flag to enable access to global secrets/service accounts to allow `vulnerability scan job` to pull images from private registries + accessGlobalSecretsAndServiceAccount: true + # -- builtInTrivyServer The flag enables the usage of built-in trivy server in cluster. It also overrides the following trivy params with built-in values + # trivy.mode = ClientServer and serverURL = http://.:4975 + builtInTrivyServer: false + # -- builtInServerRegistryInsecure is the flag to enable insecure connection from the built-in Trivy server to the registry. + builtInServerRegistryInsecure: false + # -- controllerCacheSyncTimeout the duration to wait for controller resources cache sync (default: 5m). + controllerCacheSyncTimeout: "5m" + + # -- trivyServerHealthCheckCacheExpiration The flag to set the interval for trivy server health cache before it invalidate + trivyServerHealthCheckCacheExpiration: 10h + + # -- metricsFindingsEnabled the flag to enable metrics for findings + metricsFindingsEnabled: true + + # -- metricsVulnIdEnabled the flag to enable metrics about cve vulns id + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsVulnIdEnabled: false + + # -- exposedSecretScannerEnabled the flag to enable exposed secret scanner + exposedSecretScannerEnabled: true + + # -- MetricsExposedSecretInfo the flag to enable metrics about exposed secrets + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsExposedSecretInfo: false + + # -- MetricsConfigAuditInfo the flag to enable metrics about configuration audits + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsConfigAuditInfo: false + + # -- MetricsRbacAssessmentInfo the flag to enable metrics about Rbac Assessment + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsRbacAssessmentInfo: false + + # -- MetricsInfraAssessmentInfo the flag to enable metrics about Infra Assessment + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsInfraAssessmentInfo: false + + # -- MetricsImageInfo the flag to enable metrics about Image Information of scanned images + # This information has image os information including os family, name/version, and if end of service life has been reached + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsImageInfo: false + + # -- MetricsClusterComplianceInfo the flag to enable metrics about Cluster Compliance + # be aware of metrics cardinality is significantly increased with this feature enabled. + metricsClusterComplianceInfo: false + + # -- serverAdditionalAnnotations the flag to set additional annotations for the trivy server pod + serverAdditionalAnnotations: {} + + # -- webhookBroadcastURL the flag to set reports should be sent to a webhook endpoint. "" means that the webhookBroadcastURL feature is disabled + webhookBroadcastURL: "" + + # -- webhookBroadcastTimeout the flag to set timeout for webhook requests if webhookBroadcastURL is enabled + webhookBroadcastTimeout: 30s + + # -- webhookBroadcastCustomHeaders the flag to set webhook endpoint sent with custom defined headers if webhookBroadcastURL is enabled + webhookBroadcastCustomHeaders: "" + + # -- webhookSendDeletedReports the flag to enable sending deleted reports if webhookBroadcastURL is enabled + webhookSendDeletedReports: false + + # -- privateRegistryScanSecretsNames is map of namespace:secrets, secrets are comma seperated which can be used to authenticate in private registries in case if there no imagePullSecrets provided example : {"mynamespace":"mySecrets,anotherSecret"} + privateRegistryScanSecretsNames: {} + + # -- mergeRbacFindingWithConfigAudit the flag to enable merging rbac finding with config-audit report + mergeRbacFindingWithConfigAudit: false + + # -- httpProxy is the HTTP proxy used by Trivy operator to download the default policies from GitHub. + httpProxy: ~ + + # -- httpsProxy is the HTTPS proxy used by Trivy operator to download the default policies from GitHub. + httpsProxy: ~ + + # -- noProxy is a comma separated list of IPs and domain names that are not subject to proxy settings. + noProxy: ~ + + # -- vaulesFromConfigMap name of a ConfigMap to apply OPERATOR_* environment variables. Will override Helm values. + valuesFromConfigMap: "" + + # -- valuesFromSecret name of a Secret to apply OPERATOR_* environment variables. Will override Helm AND ConfigMap values. + valuesFromSecret: "" + +image: + registry: "ghcr.io" + repository: "aquasecurity/trivy-operator" + # -- tag is an override of the image tag, which is by default set by the + # appVersion field in Chart.yaml. + tag: "" + # -- pullPolicy set the operator pullPolicy + pullPolicy: IfNotPresent + # -- pullSecrets set the operator pullSecrets + pullSecrets: [] + +# -- service only expose a metrics endpoint for prometheus to scrape, +# trivy-operator does not have a user interface. +service: + # -- if true, the Service doesn't allocate any IP + headless: true + # -- port exposed by the Service + metricsPort: 80 + # -- annotations added to the operator's service + annotations: {} + # -- appProtocol of the monitoring service + metricsAppProtocol: TCP + # -- the Service type + type: ClusterIP + # -- the nodeport to use when service type is LoadBalancer or NodePort. If not set, Kubernetes automatically select one. + nodePort: + +# -- Prometheus ServiceMonitor configuration -- to install the trivy operator with the ServiceMonitor +# you must have Prometheus already installed and running. If you do not have Prometheus installed, enabling this will +# have no effect. +serviceMonitor: + # -- enabled determines whether a serviceMonitor should be deployed + enabled: false + # -- The namespace where Prometheus expects to find service monitors + namespace: ~ + # -- Interval at which metrics should be scraped. If not specified Prometheus’ global scrape interval is used. + interval: ~ + # -- Additional annotations for the serviceMonitor + annotations: {} + # -- Additional labels for the serviceMonitor + labels: {} + # -- HonorLabels chooses the metric’s labels on collisions with target labels + honorLabels: true + # -- EndpointAdditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. + endpointAdditionalProperties: {} + +trivyOperator: + # -- vulnerabilityReportsPlugin the name of the plugin that generates vulnerability reports `Trivy` + vulnerabilityReportsPlugin: "Trivy" + # -- configAuditReportsPlugin the name of the plugin that generates config audit reports. + configAuditReportsPlugin: "Trivy" + # -- scanJobCompressLogs control whether scanjob output should be compressed or plain + scanJobCompressLogs: true + # -- scanJobAffinity affinity to be applied to the scanner pods and node-collector + scanJobAffinity: [] + # -- scanJobTolerations tolerations to be applied to the scanner pods so that they can run on nodes with matching taints + scanJobTolerations: [] + # -- If you do want to specify tolerations, uncomment the following lines, adjust them as necessary, and remove the + # square brackets after 'scanJobTolerations:'. + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # -- scanJobNodeSelector nodeSelector to be applied to the scanner pods so that they can run on nodes with matching labels + scanJobNodeSelector: {} + # -- If you do want to specify nodeSelector, uncomment the following lines, adjust them as necessary, and remove the + # square brackets after 'scanJobNodeSelector:'. + # nodeType: worker + # cpu: sandylake + # teamOwner: operators + + # -- scanJobCustomVolumesMount add custom volumes mount to the scan job + scanJobCustomVolumesMount: [] + # - name: var-lib-etcd + # mountPath: /var/lib/etcd + # readOnly: true + + # -- scanJobCustomVolumes add custom volumes to the scan job + scanJobCustomVolumes: [] + # - name: var-lib-etcd + # hostPath: + # path: /var/lib/etcd + + # -- useGCRServiceAccount the flag to enable the usage of GCR service account for scanning images in GCR + useGCRServiceAccount: true + # -- scanJobAutomountServiceAccountToken the flag to enable automount for service account token on scan job + scanJobAutomountServiceAccountToken: false + + # -- scanJobAnnotations comma-separated representation of the annotations which the user wants the scanner jobs and pods to be + # annotated with. Example: `foo=bar,env=stage` will annotate the scanner jobs and pods with the annotations `foo: bar` and `env: stage` + scanJobAnnotations: "" + + # -- scanJobPodTemplateLabels comma-separated representation of the labels which the user wants the scanner pods to be + # labeled with. Example: `foo=bar,env=stage` will labeled the scanner pods with the labels `foo: bar` and `env: stage` + scanJobPodTemplateLabels: "" + + # -- skipInitContainers when this flag is set to true, the initContainers will be skipped for the scanner and node collector pods + skipInitContainers: false + + # -- scanJobPodTemplatePodSecurityContext podSecurityContext the user wants the scanner and node collector pods to be amended with. + # Example: + # RunAsUser: 10000 + # RunAsGroup: 10000 + # RunAsNonRoot: true + scanJobPodTemplatePodSecurityContext: {} + + # -- scanJobPodTemplateContainerSecurityContext SecurityContext the user wants the scanner and node collector containers (and their + # initContainers) to be amended with. + scanJobPodTemplateContainerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + # -- For filesystem scanning, Trivy needs to run as the root user + # runAsUser: 0 + + # -- scanJobPodPriorityClassName Priority class name to be set on the pods created by trivy operator jobs. This accepts a string value + scanJobPodPriorityClassName: "" + + # -- reportResourceLabels comma-separated scanned resource labels which the user wants to include in the Prometheus + # metrics report. Example: `owner,app` + reportResourceLabels: "" + + # -- reportRecordFailedChecksOnly flag is to record only failed checks on misconfiguration reports (config-audit and rbac assessment) + reportRecordFailedChecksOnly: true + + # -- skipResourceByLabels comma-separated labels keys which trivy-operator will skip scanning on resources with matching labels + skipResourceByLabels: "" + + # -- metricsResourceLabelsPrefix Prefix that will be prepended to the labels names indicated in `reportResourceLabels` + # when including them in the Prometheus metrics + metricsResourceLabelsPrefix: "k8s_label_" + + # -- additionalReportLabels comma-separated representation of the labels which the user wants the scanner pods to be + # labeled with. Example: `foo=bar,env=stage` will labeled the reports with the labels `foo: bar` and `env: stage` + additionalReportLabels: "" + + # -- policiesConfig Custom Rego Policies to be used by the config audit scanner + # See https://github.com/aquasecurity/trivy-operator/blob/main/docs/tutorials/writing-custom-configuration-audit-policies.md for more details. + policiesConfig: "" + + # -- excludeImages is comma separated glob patterns for excluding images from scanning. + # Example: pattern: `k8s.gcr.io/*/*` will exclude image: `k8s.gcr.io/coredns/coredns:v1.8.0`. + excludeImages: "" + +trivy: + # -- createConfig indicates whether to create config objects + createConfig: true + image: + # -- registry of the Trivy image + registry: ghcr.io + # -- repository of the Trivy image + repository: aquasecurity/trivy + # -- tag version of the Trivy image + tag: 0.53.0 + # -- imagePullSecret is the secret name to be used when pulling trivy image from private registries example : reg-secret + # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace + imagePullSecret: ~ + + # -- pullPolicy is the imge pull policy used for trivy image , valid values are (Always, Never, IfNotPresent) + pullPolicy: IfNotPresent + + # -- mode is the Trivy client mode. Either Standalone or ClientServer. Depending + # on the active mode other settings might be applicable or required. + mode: Standalone + + # -- sbomSources trivy will try to retrieve SBOM from the specified sources (oci,rekor) + sbomSources: "" + + # -- includeDevDeps include development dependencies in the report (supported: npm, yarn) (default: false) + # note: this flag is only applicable when trivy.command is set to filesystem + includeDevDeps: false + + # -- whether to use a storage class for trivy server or emptydir (one mey want to use ephemeral storage) + storageClassEnabled: true + + # -- storageClassName is the name of the storage class to be used for trivy server PVC. If empty, tries to find default storage class + storageClassName: "" + + # -- storageSize is the size of the trivy server PVC + storageSize: "5Gi" + + # -- labels is the extra labels to be used for trivy server statefulset + labels: {} + + # -- podLabels is the extra pod labels to be used for trivy server + podLabels: {} + + # -- priorityClassName is the name of the priority class used for trivy server + priorityClassName: "" + + # -- additionalVulnerabilityReportFields is a comma separated list of additional fields which + # can be added to the VulnerabilityReport. Supported parameters: Description, Links, CVSS, Target, Class, PackagePath and PackageType + additionalVulnerabilityReportFields: "" + + # -- httpProxy is the HTTP proxy used by Trivy to download the vulnerabilities database from GitHub. + httpProxy: ~ + + # -- httpsProxy is the HTTPS proxy used by Trivy to download the vulnerabilities database from GitHub. + httpsProxy: ~ + + # -- noProxy is a comma separated list of IPs and domain names that are not subject to proxy settings. + noProxy: ~ + + # -- Registries without SSL. There can be multiple registries with different keys. + nonSslRegistries: {} + # pocRegistry: poc.myregistry.harbor.com.pl + # qaRegistry: qa.registry.aquasec.com + # internalRegistry: registry.registry.svc:5000 + + # -- sslCertDir can be used to override the system default locations for SSL certificate files directory, example: /ssl/certs + sslCertDir: ~ + + # -- The registry to which insecure connections are allowed. There can be multiple registries with different keys. + insecureRegistries: {} + # pocRegistry: poc.myregistry.harbor.com.pl + # qaRegistry: qa.registry.aquasec.com + # internalRegistry: registry.registry.svc:5000 + + # -- Mirrored registries. There can be multiple registries with different keys. + # Make sure to quote registries containing dots + registry: + mirror: {} + # "docker.io": docker-mirror.example.com + + # -- severity is a comma separated list of severity levels reported by Trivy. + severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL + + # -- slow this flag is to use less CPU/memory for scanning though it takes more time than normal scanning. It fits small-footprint + slow: true + # -- ignoreUnfixed is the flag to show only fixed vulnerabilities in + # vulnerabilities reported by Trivy. Set to true to enable it. + # + ignoreUnfixed: false + # -- a comma separated list of file paths for Trivy to skip + skipFiles: + # -- a comma separated list of directories for Trivy to skip + skipDirs: + + # -- offlineScan is the flag to enable the offline scan functionality in Trivy + # This will prevent outgoing HTTP requests, e.g. to search.maven.org + offlineScan: false + + # -- timeout is the duration to wait for scan completion. + timeout: "5m0s" + + # -- ignoreFile can be used to tell Trivy to ignore vulnerabilities by ID (one per line) + ignoreFile: ~ + # ignoreFile: + # - CVE-1970-0001 + # - CVE-1970-0002 + + # -- ignorePolicy can be used to tell Trivy to ignore vulnerabilities by a policy + # If multiple policies would match, then the most specific one has precedence over the others. + # See https://aquasecurity.github.io/trivy/latest/docs/configuration/filtering/#by-open-policy-agent for more details. + # See https://github.com/aquasecurity/trivy/blob/v0.19.2/contrib/example_policy/basic.rego for more details on ignorePolicy filtering. + # + # ignorePolicy.application.my-app-.: | + # package trivy + + # import data.lib.trivy + + # default ignore = true + # applies to all workloads in namespace "application" with the name pattern "my-app-*" + # ignorePolicy.kube-system: | + # package trivy + + # import data.lib.trivy + + # default ignore = true + # applies to all workloads in namespace "kube-system" + # ignorePolicy: | + # package trivy + + # import data.lib.trivy + + # default ignore = true + # applies to all other workloads + + # -- vulnType can be used to tell Trivy to filter vulnerabilities by a pkg-type (library, os) + vulnType: ~ + + # -- resources resource requests and limits for scan job containers + resources: + requests: + cpu: 100m + memory: 100M + # ephemeralStorage: "2Gi" + limits: + cpu: 500m + memory: 500M + # ephemeralStorage: "2Gi" + + # -- githubToken is the GitHub access token used by Trivy to download the vulnerabilities + # database from GitHub. Only applicable in Standalone mode. + githubToken: ~ + + # -- serverURL is the endpoint URL of the Trivy server. Required in ClientServer mode. + # + # serverURL: "https://trivy.trivy:4975" + + # -- clientServerSkipUpdate is the flag to enable skip databases update for Trivy client. + # Only applicable in ClientServer mode. + clientServerSkipUpdate: false + + # -- skipJavaDBUpdate is the flag to enable skip Java index databases update for Trivy client. + skipJavaDBUpdate: false + + # -- serverInsecure is the flag to enable insecure connection to the Trivy server. + serverInsecure: false + + # -- serverToken is the token to authenticate Trivy client with Trivy server. Only + # applicable in ClientServer mode. + serverToken: ~ + + # -- existingSecret if a secret containing gitHubToken, serverToken or serverCustomHeaders has been created outside the chart (e.g external-secrets, sops, etc...). + # Keys must be at least one of the following: trivy.githubToken, trivy.serverToken, trivy.serverCustomHeaders + # Overrides trivy.gitHubToken, trivy.serverToken, trivy.serverCustomHeaders values. + # Note: The secret has to be named "trivy-operator-trivy-config". + # existingSecret: true + + # -- serverTokenHeader is the name of the HTTP header used to send the authentication + # token to Trivy server. Only application in ClientServer mode when + # trivy.serverToken is specified. + serverTokenHeader: "Trivy-Token" + + # -- serverCustomHeaders is a comma separated list of custom HTTP headers sent by + # Trivy client to Trivy server. Only applicable in ClientServer mode. + serverCustomHeaders: ~ + # serverCustomHeaders: "foo=bar" + + dbRegistry: "ghcr.io" + dbRepository: "aquasecurity/trivy-db" + + # -- The username for dbRepository authentication + # + dbRepositoryUsername: ~ + + # -- The password for dbRepository authentication + # + dbRepositoryPassword: ~ + + # -- javaDbRegistry is the registry for the Java vulnerability database. + javaDbRegistry: "ghcr.io" + javaDbRepository: "aquasecurity/trivy-java-db" + + # -- The Flag to enable insecure connection for downloading trivy-db via proxy (air-gaped env) + # + dbRepositoryInsecure: "false" + + # -- The Flag to enable the usage of builtin rego policies by default, these policies are downloaded by default from ghcr.io/aquasecurity/trivy-checks + # + useBuiltinRegoPolicies: "true" + # -- The Flag to enable the usage of external rego policies config-map, this should be used when the user wants to use their own rego policies + # + externalRegoPoliciesEnabled: false + # -- To enable the usage of embedded rego policies, set the flag useEmbeddedRegoPolicies. This should serve as a fallback for air-gapped environments. + # When useEmbeddedRegoPolicies is set to true, useBuiltinRegoPolicies should be set to false. + useEmbeddedRegoPolicies: "false" + + # -- The Flag is the list of supported kinds separated by comma delimiter to be scanned by the config audit scanner + # + supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota" + + # -- command. One of `image`, `filesystem` or `rootfs` scanning, depending on the target type required for the scan. + # For 'filesystem' and `rootfs` scanning, ensure that the `trivyOperator.scanJobPodTemplateContainerSecurityContext` is configured + # to run as the root user (runAsUser = 0). + command: image + # -- imageScanCacheDir the flag to set custom path for trivy image scan `cache-dir` parameter. + # Only applicable in image scan mode. + imageScanCacheDir: "/tmp/trivy/.cache" + # -- filesystemScanCacheDir the flag to set custom path for trivy filesystem scan `cache-dir` parameter. + # Only applicable in filesystem scan mode. + filesystemScanCacheDir: "/var/trivyoperator/trivy-db" + # -- serverUser this param is the server user to be used to download db from private registry + serverUser: "" + # -- serverPassword this param is the server user to be used to download db from private registry + serverPassword: "" + # -- serverServiceName this param is the server service name to be used in cluster + serverServiceName: "trivy-service" + # -- debug One of `true` or `false`. Enables debug mode. + debug: false + + server: + # -- resources set trivy-server resource + resources: + requests: + cpu: 200m + memory: 512Mi + # ephemeral-storage: "2Gi" + limits: + cpu: 1 + memory: 1Gi + # ephemeral-storage: "2Gi" + + # -- podSecurityContext set trivy-server podSecurityContext + podSecurityContext: + runAsUser: 65534 + runAsNonRoot: true + fsGroup: 65534 + + # -- securityContext set trivy-server securityContext + securityContext: + privileged: false + readOnlyRootFilesystem: true + + # -- the number of replicas of the trivy-server + replicas: 1 + + # -- vaulesFromConfigMap name of a ConfigMap to apply TRIVY_* environment variables. Will override Helm values. + valuesFromConfigMap: "" + + # -- valuesFromSecret name of a Secret to apply TRIVY_* environment variables. Will override Helm AND ConfigMap values. + valuesFromSecret: "" + +compliance: + # -- failEntriesLimit the flag to limit the number of fail entries per control check in the cluster compliance detail report + # this limit is for preventing the report from being too large per control checks + failEntriesLimit: 10 + # -- reportType this flag control the type of report generated (summary or all) + reportType: summary + # -- cron this flag control the cron interval for compliance report generation + # At minute 0 past every 6th hour. + cron: 0 */6 * * * + # -- specs is a list of compliance specs to be used by the cluster compliance scanner + # - k8s-cis-1.23 + # - k8s-nsa-1.0 + # - k8s-pss-baseline-0.1 + # - k8s-pss-restricted-0.1 + # - eks-cis-1.4 + # - rke2-cis-1.24 + specs: + - k8s-cis-1.23 + - k8s-nsa-1.0 + - k8s-pss-baseline-0.1 + - k8s-pss-restricted-0.1 + +rbac: + create: true +serviceAccount: + # -- Specifies whether a service account should be created. + create: true + annotations: {} + # -- name specifies the name of the k8s Service Account. If not set and create is + # true, a name is generated using the fullname template. + name: "" + +# -- podAnnotations annotations added to the operator's pod +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +# -- securityContext security context +securityContext: + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + +volumeMounts: + # do not remove , required for policies bundle + - mountPath: /tmp + name: cache-policies + readOnly: false + +volumes: + # do not remove , required for policies bundle + - name: cache-policies + emptyDir: {} + +resources: {} + # -- We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi +# -- nodeSelector set the operator nodeSelector +nodeSelector: {} + +# -- tolerations set the operator tolerations +tolerations: [] + +# -- affinity set the operator affinity +affinity: {} + +# -- priorityClassName set the operator priorityClassName +priorityClassName: "" + + # -- automountServiceAccountToken the flag to enable automount for service account token +automountServiceAccountToken: true + +policiesBundle: + # -- registry of the policies bundle + registry: ghcr.io + # -- repository of the policies bundle + repository: aquasecurity/trivy-checks + # -- tag version of the policies bundle + tag: 0 + # -- registryUser is the user for the registry + registryUser: ~ + # -- registryPassword is the password for the registry + registryPassword: ~ + # -- existingSecret if a secret containing registry credentials that have been created outside the chart (e.g external-secrets, sops, etc...). + # Keys must be at least one of the following: policies.bundle.oci.user, policies.bundle.oci.password + # Overrides policiesBundle.registryUser, policiesBundle.registryPassword values. + # Note: The secret has to be named "trivy-operator". + existingSecret: false + # -- insecure is the flag to enable insecure connection to the policy bundle registry + insecure: false + + +nodeCollector: + # -- useNodeSelector determine if to use nodeSelector (by auto detecting node name) with node-collector scan job + useNodeSelector: true + # -- registry of the node-collector image + registry: ghcr.io + # -- repository of the node-collector image + repository: aquasecurity/node-collector + # -- tag version of the node-collector image + tag: 0.3.1 + # -- imagePullSecret is the secret name to be used when pulling node-collector image from private registries example : reg-secret + # It is the user responsibility to create the secret for the private registry in `trivy-operator` namespace + imagePullSecret: ~ + # -- excludeNodes comma-separated node labels that the node-collector job should exclude from scanning (example kubernetes.io/arch=arm64,team=dev) + excludeNodes: + # -- tolerations to be applied to the node-collector so that they can run on nodes with matching taints + tolerations: [] + # -- If you do want to specify tolerations, uncomment the following lines, adjust them as necessary, and remove the + # square brackets after 'scanJobTolerations:'. + # - key: "key1" + # operator: "Equal" + # value: "value1" + # effect: "NoSchedule" + # -- node-collector pod volume mounts definition for collecting config files information + volumeMounts: + - name: var-lib-etcd + mountPath: /var/lib/etcd + readOnly: true + - name: var-lib-kubelet + mountPath: /var/lib/kubelet + readOnly: true + - name: var-lib-kube-scheduler + mountPath: /var/lib/kube-scheduler + readOnly: true + - name: var-lib-kube-controller-manager + mountPath: /var/lib/kube-controller-manager + readOnly: true + - name: etc-systemd + mountPath: /etc/systemd + readOnly: true + - name: lib-systemd + mountPath: /lib/systemd/ + readOnly: true + - name: etc-kubernetes + mountPath: /etc/kubernetes + readOnly: true + - name: etc-cni-netd + mountPath: /etc/cni/net.d/ + readOnly: true + + # -- node-collector pod volumes definition for collecting config files information + volumes: + - name: var-lib-etcd + hostPath: + path: /var/lib/etcd + - name: var-lib-kubelet + hostPath: + path: /var/lib/kubelet + - name: var-lib-kube-scheduler + hostPath: + path: /var/lib/kube-scheduler + - name: var-lib-kube-controller-manager + hostPath: + path: /var/lib/kube-controller-manager + - name: etc-systemd + hostPath: + path: /etc/systemd + - name: lib-systemd + hostPath: + path: /lib/systemd + - name: etc-kubernetes + hostPath: + path: /etc/kubernetes + - name: etc-cni-netd + hostPath: + path: /etc/cni/net.d/ + diff --git a/modules/cert-manager/versions.tf b/modules/trivy-operator/versions.tf similarity index 100% rename from modules/cert-manager/versions.tf rename to modules/trivy-operator/versions.tf diff --git a/modules/victoria-metrics/README.md b/modules/victoria-metrics/README.md new file mode 100644 index 00000000..ddcd8744 --- /dev/null +++ b/modules/victoria-metrics/README.md @@ -0,0 +1,11 @@ +# Purpose +This module is used to deploy the victoria metrics k8s helm chart. + +Resources: + +- + + + +TO IMPLEMENT: +- \ No newline at end of file diff --git a/modules/victoria-metrics/data.tf b/modules/victoria-metrics/data.tf deleted file mode 100644 index 765d5620..00000000 --- a/modules/victoria-metrics/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} \ No newline at end of file diff --git a/modules/victoria-metrics/variables.tf b/modules/victoria-metrics/variables.tf deleted file mode 100644 index 93adc5a2..00000000 --- a/modules/victoria-metrics/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "cluster_name" { - description = "Name of K8 cluster" - type = string - default = "dpe-k8" -} - -variable "kube_config_path" { - description = "Kube config path" - type = string - default = "~/.kube/config" -} - -variable "region" { - description = "AWS region" - type = string - default = "us-east-1" -} - From 93d03ac074f078c87ecd5f3c3f3c0e1bc0a87ca4 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 11:40:32 -0700 Subject: [PATCH 118/161] Enabled trivy service scrape --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- modules/main.tf | 2 +- modules/trivy-operator/templates/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 8f9a65c5..e5679a3d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,5 +19,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.1" + version = "0.0.2" } diff --git a/modules/main.tf b/modules/main.tf index a9c544a9..50b38baf 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.1" + version_number = "0.0.2" } } } diff --git a/modules/trivy-operator/templates/values.yaml b/modules/trivy-operator/templates/values.yaml index 996fa47c..480849cb 100644 --- a/modules/trivy-operator/templates/values.yaml +++ b/modules/trivy-operator/templates/values.yaml @@ -216,7 +216,7 @@ service: # have no effect. serviceMonitor: # -- enabled determines whether a serviceMonitor should be deployed - enabled: false + enabled: true # -- The namespace where Prometheus expects to find service monitors namespace: ~ # -- Interval at which metrics should be scraped. If not specified Prometheus’ global scrape interval is used. From e29e9905276d9ee596bc6e486b193bf7e4ce6606 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:00:50 -0700 Subject: [PATCH 119/161] Create a service scrape for the trivy operator --- .../dpe-sandbox-k8s-deployments/main.tf | 2 +- modules/main.tf | 2 +- modules/trivy-operator/main.tf | 23 +++++++++++++++++++ modules/trivy-operator/templates/values.yaml | 2 +- 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index e5679a3d..6d41e8fb 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,5 +19,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.2" + version = "0.0.3" } diff --git a/modules/main.tf b/modules/main.tf index 50b38baf..3576074a 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.2" + version_number = "0.0.3" } } } diff --git a/modules/trivy-operator/main.tf b/modules/trivy-operator/main.tf index ca705548..729fea79 100644 --- a/modules/trivy-operator/main.tf +++ b/modules/trivy-operator/main.tf @@ -16,3 +16,26 @@ resource "helm_release" "trivy-operator" { values = [templatefile("${path.module}/templates/values.yaml", {})] } + +resource "kubernetes_manifest" "vmservicescrape" { + manifest = { + apiVersion = "operator.victoriametrics.com/v1beta1" + kind = "VMServiceScrape" + metadata = { + name = "trivy-vmservicescrape" + namespace = kubernetes_namespace.trivy-system.metadata[0].name + } + spec = { + endpoints = [ + { + port = "metrics" + } + ] + selector = { + matchLabels = { + "app.kubernetes.io/name" = "trivy-operator" + } + } + } + } +} diff --git a/modules/trivy-operator/templates/values.yaml b/modules/trivy-operator/templates/values.yaml index 480849cb..996fa47c 100644 --- a/modules/trivy-operator/templates/values.yaml +++ b/modules/trivy-operator/templates/values.yaml @@ -216,7 +216,7 @@ service: # have no effect. serviceMonitor: # -- enabled determines whether a serviceMonitor should be deployed - enabled: true + enabled: false # -- The namespace where Prometheus expects to find service monitors namespace: ~ # -- Interval at which metrics should be scraped. If not specified Prometheus’ global scrape interval is used. From 3e2f867012d73b7be6816bf13c393af0efaf210d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:13:25 -0700 Subject: [PATCH 120/161] Create vulnarability dashboard in VM --- modules/main.tf | 2 +- modules/victoria-metrics/templates/values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 3576074a..bca3323d 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.4" + version_number = "0.0.5" } opentelemetry-collector = { github_enterprise = { diff --git a/modules/victoria-metrics/templates/values.yaml b/modules/victoria-metrics/templates/values.yaml index 2465d718..9984fc14 100644 --- a/modules/victoria-metrics/templates/values.yaml +++ b/modules/victoria-metrics/templates/values.yaml @@ -794,6 +794,10 @@ grafana: gnetId: 1860 revision: 22 datasource: VictoriaMetrics + trivyoperator: + gnetId: 17813 + revision: 2 + datasource: VictoriaMetrics defaultDashboardsTimezone: utc From 7b62255c25efd222183ddbec03027fbeb35dd95c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:14:06 -0700 Subject: [PATCH 121/161] Remove stack dependency --- dev/spacelift/dpe-sandbox/main.tf | 18 +++++++++--------- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/dev/spacelift/dpe-sandbox/main.tf b/dev/spacelift/dpe-sandbox/main.tf index f6b822dd..c2b97a63 100644 --- a/dev/spacelift/dpe-sandbox/main.tf +++ b/dev/spacelift/dpe-sandbox/main.tf @@ -41,15 +41,15 @@ resource "spacelift_stack" "k8s-stack-deployments" { space_id = spacelift_space.dpe-sandbox.id } -resource "spacelift_stack_dependency" "dependency-on-admin-stack" { - for_each = { - k8s-stack = spacelift_stack.k8s-stack, - k8s-stack-deployments = spacelift_stack.k8s-stack-deployments - } - - stack_id = each.value.id - depends_on_stack_id = var.admin_stack_id -} +# resource "spacelift_stack_dependency" "dependency-on-admin-stack" { +# for_each = { +# k8s-stack = spacelift_stack.k8s-stack, +# k8s-stack-deployments = spacelift_stack.k8s-stack-deployments +# } + +# stack_id = each.value.id +# depends_on_stack_id = var.admin_stack_id +# } resource "spacelift_context_attachment" "k8s-kubeconfig-hooks" { context_id = "kubernetes-deployments-kubeconfig" diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 6d41e8fb..ed207e5d 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -12,7 +12,7 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" - version = "0.0.4" + version = "0.0.5" cluster_name = var.cluster_name } From cde5502a31a46d8d90aa27fdb6c476405f0ecca1 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:19:38 -0700 Subject: [PATCH 122/161] Exclude amazon specific images --- modules/main.tf | 2 +- modules/trivy-operator/templates/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index bca3323d..86d5e281 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.3" + version_number = "0.0.4" } } } diff --git a/modules/trivy-operator/templates/values.yaml b/modules/trivy-operator/templates/values.yaml index 996fa47c..89257f0f 100644 --- a/modules/trivy-operator/templates/values.yaml +++ b/modules/trivy-operator/templates/values.yaml @@ -329,7 +329,7 @@ trivyOperator: # -- excludeImages is comma separated glob patterns for excluding images from scanning. # Example: pattern: `k8s.gcr.io/*/*` will exclude image: `k8s.gcr.io/coredns/coredns:v1.8.0`. - excludeImages: "" + excludeImages: "amazon-k8s-cni:*,amazon-k8s-cni-init:*,amazon/aws-network-policy-agent:*,eks/aws-ebs-csi-driver:*,eks/coredns:*,eks/csi-attacher:*,eks/csi-node-driver-registrar:*,eks/csi-provisioner:*,eks/csi-resizer:*,eks/csi-snapshotter:*,eks/kube-proxy:*,eks/livenessprobe:*" trivy: # -- createConfig indicates whether to create config objects From e13cd422b3b381adcb1ba866f1c23743097ee1fc Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:19:56 -0700 Subject: [PATCH 123/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index ed207e5d..52464ee6 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,5 +19,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.3" + version = "0.0.4" } From c889cbaa3276ce20ce8a487ef07bd1a0e648b2b7 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 12:25:29 -0700 Subject: [PATCH 124/161] Remove var --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 52464ee6..81838252 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -13,8 +13,6 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" version = "0.0.5" - - cluster_name = var.cluster_name } module "trivy-operator" { From d0027bbafcb2f3b1b452ab158eedaa934243f27a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:32:51 -0700 Subject: [PATCH 125/161] Add policy reporter to view scan results --- modules/main.tf | 2 +- modules/trivy-operator/README.md | 20 + modules/trivy-operator/main.tf | 28 +- .../templates/values-policy-reporter.yaml | 778 ++++++++++++++++++ .../values-trivy-operator-polr-adapter.yaml | 107 +++ ...values.yaml => values-trivy-operator.yaml} | 0 .../trivy-operator-dashboard.png | Bin 0 -> 230183 bytes modules/victoria-metrics/README.md | 87 +- .../cluster-resource-utilization.png | Bin 0 -> 166225 bytes .../victoria-metrics/grafana-dashboards.png | Bin 0 -> 127747 bytes .../victoria-metrics/victoria-metrics-ui.png | Bin 0 -> 143676 bytes 11 files changed, 1018 insertions(+), 4 deletions(-) create mode 100644 modules/trivy-operator/README.md create mode 100644 modules/trivy-operator/templates/values-policy-reporter.yaml create mode 100644 modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml rename modules/trivy-operator/templates/{values.yaml => values-trivy-operator.yaml} (100%) create mode 100644 modules/trivy-operator/trivy-operator-dashboard.png create mode 100644 modules/victoria-metrics/cluster-resource-utilization.png create mode 100644 modules/victoria-metrics/grafana-dashboards.png create mode 100644 modules/victoria-metrics/victoria-metrics-ui.png diff --git a/modules/main.tf b/modules/main.tf index 86d5e281..5b20a2e7 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.4" + version_number = "0.0.5" } } } diff --git a/modules/trivy-operator/README.md b/modules/trivy-operator/README.md new file mode 100644 index 00000000..0b51d219 --- /dev/null +++ b/modules/trivy-operator/README.md @@ -0,0 +1,20 @@ +# Purpose +This module is used to deploy the trivy operator k8s helm chart. + +The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for +security issues. The scans are summarised in security reports as Kubernetes Custom +Resource Definitions, which become accessible through the Kubernetes API. The Operator +does this by watching Kubernetes for state changes and automatically triggering +security scans in response. For example, a vulnerability scan is initiated when a new +Pod is created. This way, users can find and view the risks that relate to different +resources in a Kubernetes-native way. + + +## Getting an overview of trivy results +Results are provided in a grafana dashbaord that is scraped from the operator `/metrics` +endpoint. The dashboard looks like: + +![trivy operator dashboard](./trivy-operator-dashboard.png) + + +## Viewing the vulnerabilities diff --git a/modules/trivy-operator/main.tf b/modules/trivy-operator/main.tf index 729fea79..20eebe19 100644 --- a/modules/trivy-operator/main.tf +++ b/modules/trivy-operator/main.tf @@ -14,7 +14,7 @@ resource "helm_release" "trivy-operator" { kubernetes_namespace.trivy-system ] - values = [templatefile("${path.module}/templates/values.yaml", {})] + values = [templatefile("${path.module}/templates/values-trivy-operator.yaml", {})] } resource "kubernetes_manifest" "vmservicescrape" { @@ -39,3 +39,29 @@ resource "kubernetes_manifest" "vmservicescrape" { } } } + +resource "helm_release" "trivy-operator-polr-adapter" { + name = "trivy-operator-polr-adapter" + repository = "https://fjogeleit.github.io/trivy-operator-polr-adapter" + chart = "trivy-operator-polr-adapter" + namespace = "trivy-system" + version = "0.8.0" + depends_on = [ + kubernetes_namespace.trivy-system + ] + + values = [templatefile("${path.module}/templates/values-trivy-operator-polr-adapter.yaml", {})] +} + +resource "helm_release" "policy-reporter" { + name = "policy-reporter" + repository = "https://kyverno.github.io/policy-reporter" + chart = "policy-reporter" + namespace = "trivy-system" + version = "2.24.1" + depends_on = [ + kubernetes_namespace.trivy-system + ] + + values = [templatefile("${path.module}/templates/values-policy-reporter.yaml", {})] +} diff --git a/modules/trivy-operator/templates/values-policy-reporter.yaml b/modules/trivy-operator/templates/values-policy-reporter.yaml new file mode 100644 index 00000000..4360e55c --- /dev/null +++ b/modules/trivy-operator/templates/values-policy-reporter.yaml @@ -0,0 +1,778 @@ +# Override the chart name used for all resources +nameOverride: "" + +image: + registry: ghcr.io + repository: kyverno/policy-reporter + pullPolicy: IfNotPresent + tag: 2.20.1 + +imagePullSecrets: [] + +priorityClassName: "" + +replicaCount: 1 + +revisionHistoryLimit: 10 + +deploymentStrategy: {} + # rollingUpdate: + # maxSurge: 25% + # maxUnavailable: 25% + # type: RollingUpdate + +# When using a custom port together with the PolicyReporter UI +# the port has also to be changed in the UI subchart as well because it can't access the parent values. +# You can change the port under `ui.policyReporter.port` +port: + name: http + number: 8080 + +# Key/value pairs that are attached to all resources. +annotations: {} + +# Create cluster role policies +rbac: + enabled: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +service: + enabled: true + ## configuration of service + # key/value + annotations: {} + # key/value + labels: {} + type: ClusterIP + # integer number. This is port for service + port: 8080 + +podSecurityContext: + fsGroup: 1234 + +securityContext: + runAsUser: 1234 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +# Key/value pairs that are attached to pods. +podAnnotations: {} + +# Key/value pairs that are attached to pods. +podLabels: {} + +# Allow additional env variables to be added +envVars: [] + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # memory: 100Mi + # cpu: 10m + # requests: + # memory: 75Mi + # cpu: 5m + +# Enable a NetworkPolicy for this chart. Useful on clusters where Network Policies are +# used and configured in a default-deny fashion. +networkPolicy: + enabled: false + # Kubernetes API Server + egress: + - to: + ports: + - protocol: TCP + port: 6443 + ingress: [] + +## Set to true to enable ingress record generation +# ref to: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: false + className: "" + # key/value + labels: {} + # key/value + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: [] + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +logging: + encoding: console # possible encodings are console and json + logLevel: 0 # default info + development: false # more human readable structure, enables stacktraces and removes log sampling + +api: + logging: false # enable debug API access logging, sets logLevel to debug + +# REST API +rest: + enabled: false + +# Prometheus Metrics API +metrics: + enabled: false + mode: detailed # available modes are detailed, simple and custom + customLabels: [] # only used for custom mode. Supported fields are: ["namespace", "rule", "policy", "report" // PolicyReport name, "kind" // resource kind, "name" // resource name, "status", "severity", "category", "source"] +# filter: +# sources: +# exclude: ["Trivy CIS Kube Bench"] +# status: +# exclude: ["pass", "skip"] + +profiling: + enabled: false + +# amount of queue workers for PolicyReport resource processing +worker: 5 + +# Filter PolicyReport resources to process +reportFilter: + namespaces: + # Process only PolicyReport resources from an included namespace, wildcards are supported + include: [] + # Ignore all PolicyReport resources from a excluded namespace, wildcards are supported + # exclude will be ignored if an include filter exists + exclude: [] + clusterReports: + # Disable the processing of ClusterPolicyReports + disabled: false + +# customize source specific logic like result ID generation +sourceConfig: {} +# sourcename: +# customID: +# enabled: true +# fields: ["resource", "policy", "rule", "category", "result", "message"] + +# Settings for the Policy Reporter UI subchart (see subchart's values.yaml) +ui: + enabled: true + displayMode: dark + logSize: 500 + # Refresh interval in milliseconds + refreshInterval: 100000 + views: + dashboard: + policyReports: true + clusterPolicyReports: true + logs: true + policyReports: true + clusterPolicyReports: true + kyvernoPolicies: true + kyvernoVerifyImages: true + +kyvernoPlugin: + enabled: false + +# Settings for the monitoring subchart +monitoring: + enabled: false + +database: + # Database Type, supported: mysql, postgres, mariadb + type: "" + database: "" # Database Name + username: "" + password: "" + host: "" + enableSSL: false + # instead of configure the individual values you can also provide an DSN string + # example postgres: postgres://postgres:password@localhost:5432/postgres?sslmode=disable + # example mysql: root:password@tcp(localhost:3306)/test?tls=false + dsn: "" + # configure an existing secret as source for your values + # supported fields: username, password, host, dsn, database + secretRef: "" + # use an mounted secret as source for your values, required the information in JSON format + # supported fields: username, password, host, dsn, database + mountedSecret: "" + +global: + # available plugins + plugins: + # enable kyverno for Policy Reporter UI and monitoring + kyverno: false + # The name of service policy-report. Defaults to ReleaseName. + backend: "" + # overwrite the fullname of all resources including subcharts + fullnameOverride: "" + # configure the namespace of all resources including subcharts + namespace: "" + # additional labels added on each resource + labels: {} + # basicAuth for APIs and metrics + basicAuth: + # HTTP BasicAuth username + username: "" + # HTTP BasicAuth password + password: "" + # read credentials from secret + secretRef: "" + +emailReports: + clusterName: "" # (optional) - displayed in the email report if configured + titlePrefix: "Report" # title prefix in the email subject + smtp: + secret: "" # (optional) secret name to provide the complete or partial SMTP configuration + host: "" + port: 465 + username: "" + password: "" + from: "" # displayed from email address + encryption: "" # default is none, supports ssl/tls and starttls + skipTLS: false + certificate: "" + + # basic summary report + summary: + enabled: false + schedule: "0 8 * * *" # CronJob schedule defines when the report will be send + activeDeadlineSeconds: 300 # timeout in seconds + backoffLimit: 3 # retry counter + ttlSecondsAfterFinished: 0 + restartPolicy: Never # pod restart policy + + to: [] # list of receiver email addresses + filter: {} # optional filters + # disableClusterReports: false # remove ClusterPolicyResults from Reports + # namespaces: + # include: [] + # exclude: [] + # sources: + # include: [] + # exclude: [] + channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses + # - to: ['team-a@company.org'] + # filter: + # disableClusterReports: true + # namespaces: + # include: ['team-a-*'] + # sources: + # include: ['Kyverno'] + # violation summary report + violations: + enabled: false + schedule: "0 8 * * *" # CronJob schedule defines when the report will be send + activeDeadlineSeconds: 300 # timeout in seconds + backoffLimit: 3 # retry counter + ttlSecondsAfterFinished: 0 + restartPolicy: Never # pod restart policy + + to: [] # list of receiver email addresses + filter: {} # optional filters + # disableClusterReports: false # remove ClusterPolicyResults from Reports + # namespaces: + # include: [] + # exclude: [] + # sources: + # include: [] + # exclude: [] + channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses channels: [] # (optional) channels can be used to to send only a subset of namespaces / sources to dedicated email addresses + # - to: ['team-a@company.org'] + # filter: + # disableClusterReports: true + # namespaces: + # include: ['team-a-*'] + # sources: + # include: ['Kyverno'] + resources: {} + # limits: + # memory: 100Mi + # cpu: 10m + # requests: + # memory: 75Mi + # cpu: 5m + +# Reference a configuration which already exists instead of creating one +existingTargetConfig: + enabled: false + # Name of the secret with the config + name: "" + # subPath within the secret (defaults to config.yaml) + subPath: "" + +# Supported targets for new PolicyReport Results +target: + loki: + # loki host address + host: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # receive the host from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # loki api path, defaults to "/api/prom/push" (deprecated) + path: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to loki + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional labels to each Loki event + customLabels: {} + # Additional custom HTTP Headers + headers: {} + # HTTP BasicAuth credentials for Loki + username: "" + password: "" + # Filter Results which should send to this target by report labels, namespaces, priorities or policies + # Wildcars for namespaces and policies are supported, you can either define exclude or include values + # Filters are available for all targets except the UI + filter: {} +# namespaces: +# include: ["develop"] +# priorities: +# exclude: ["debug", "info", "error"] +# labels: +# include: ["app", "owner:team-a", "monitoring:*"] + channels: [] +# - host: "http://loki.loki-stack:3100" +# sources: [] +# customLabels: {} +# filter: +# namespaces: +# include: ["develop"] +# priorities: +# exclude: ["debug", "info", "error"] +# reportLabels: +# . include: ["app", "owner:team-b"] + + elasticsearch: + # elasticsearch host address + host: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # elasticsearch index (default: policy-reporter) + index: "" + # elasticsearch username für HTTP Basic Auth + username: "" + # elasticsearch password für HTTP Basic Auth + password: "" + # elasticsearch apiKey für apiKey authentication + apiKey: "" + # receive the host, username and/or password,apiKey from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # elasticsearch index rotation and index suffix + # possible values: daily, monthly, annually, none (default: daily) + rotation: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to elasticsearch + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # https://www.elastic.co/blog/moving-from-types-to-typeless-apis-in-elasticsearch-7-0 keeping as false for retrocompatibility. + typelessApi: false + # Added as additional properties to each elasticsearch event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional elasticsearch channels with different configurations and filters + channels: [] + + slack: + # slack app webhook address + webhook: "" + # slack channel + channel: "" + # receive the webhook from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to slack + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional fields to each Slack event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional slack channels with different configurations and filters + channels: [] +# - webhook: "https://slack.webhook1" +# channel: "" +# filter: +# namespaces: +# include: ["develop"] +# priorities: +# exclude: ["debug", "info", "error"] +# policies: +# include: ["require-run-as-nonroot"] +# reportLabels: +# . include: ["app", "owner:team-b"] +# - webhook: "https://slack.webhook2" +# minimumPriority: "warning" +# filter: +# namespaces: +# include: ["team-a-*"] + + discord: + # discord app webhook address + webhook: "" + # receive the webhook from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to discord + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # filter results send by namespaces, policies and priorities + filter: {} + # add additional discord channels with different configurations and filters + channels: [] + + teams: + # teams webhook address + webhook: "" + # receive the webhook from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to teams + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # filter results send by namespaces, policies and priorities + filter: {} + # add additional teams channels with different configurations and filters + channels: [] + + ui: + # ui host address + host: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # minimum priority "" < info < warning < critical < error + minimumPriority: "warning" + # list of sources which should send to the UI Log + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + + webhook: + # webhook host address + host: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # receive the host and/or token from an existing secret, the token is added as Authorization header + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # additional http headers + headers: {} + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to the UI Log + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each webhook event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional webhook channels with different configurations and filters + channels: [] + + telegram: + # telegram bot token + token: "" + # telegram chat id + chatID: "" + # optional telegram proxy host + host: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # receive the host and/or token from an existing secret, the token is added as Authorization header + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # additional http headers + headers: {} + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to telegram + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each notification + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional telegram channels with different configurations and filters + channels: [] + + googleChat: + # GoogleChat webhook + webhook: "" + # path to your custom certificate + # can be added under extraVolumes + certificate: "" + # skip TLS verification if necessary + skipTLS: false + # receive the host and/or token from an existing secret, the token is added as Authorization header + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # additional http headers + headers: {} + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to telegram + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each notification + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional telegram channels with different configurations and filters + channels: [] + + s3: + # S3 access key + accessKeyID: "" + # S3 secret access key + secretAccessKey: "" + # receive the accessKeyID and/or secretAccessKey from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # S3 storage region + region: "" + # S3 storage endpoint + endpoint: "" + # S3 storage, bucket name + bucket: "" + # S3 storage to use an S3 Bucket Key for object encryption with SSE-KMS + bucketKeyEnabled: false + # S3 storage KMS Key ID for object encryption with SSE-KMS + kmsKeyId: "" + # S3 storage server-side encryption algorithm used when storing this object in Amazon S3, AES256, aws:kms + serverSideEncryption: "" + # S3 storage, force path style configuration + pathStyle: false + # name of prefix, keys will have format: s3:////YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json + prefix: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to S3 + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each s3 event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional s3 channels with different configurations and filters + channels: [] + + kinesis: + # AWS access key + accessKeyID: "" + # AWS secret access key + secretAccessKey: "" + # receive the accessKeyID and/or secretAccessKey from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # AWS region + region: "" + # AWS Kinesis endpoint + endpoint: "" + # AWS Kinesis stream name + streamName: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to S3 + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each kinesis event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional s3 channels with different configurations and filters + channels: [] + + securityHub: + # AWS access key + accessKeyID: "" + # AWS secret access key + secretAccessKey: "" + # receive the accessKeyID and/or secretAccessKey from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # AWS region + region: "" + # AWS SecurityHub endpoint (optional) + endpoint: "" + # AWS accountID + accountID: "" + # Used product name, defaults to "Polilcy Reporter" + productName: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to S3 + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Enable cleanup listener for SecurityHub + cleanup: false + # Delay between AWS GetFindings API calls, to avoid hitting the API RequestLimit + delayInSeconds: 2 + # Added as additional properties to each securityHub event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional s3 channels with different configurations and filters + channels: [] + + gcs: + # GCS (Google Cloud Storage) Service Accout Credentials + credentials: "" + # receive the credentials from an existing secret instead + secretRef: "" + # Mounted secret path by Secrets Controller, secret should be in json format + mountedSecret: "" + # GCS Bucket + bucket: "" + # minimum priority "" < info < warning < critical < error + minimumPriority: "" + # list of sources which should send to GCS + sources: [] + # Skip already existing PolicyReportResults on startup + skipExistingOnStartup: true + # Added as additional properties to each gcs event + customFields: {} + # filter results send by namespaces, policies and priorities + filter: {} + # add additional s3 channels with different configurations and filters + channels: [] + +# required when policy-reporter runs in HA mode and you have targets configured +# if no targets are configured, leaderElection is disabled automatically +# will be enabled when replicaCount > 1 +leaderElection: + enabled: false + releaseOnCancel: true + leaseDuration: 15 + renewDeadline: 10 + retryPeriod: 2 + +# use redis as external result cache instead of the in memory cache +redis: + enabled: false + address: "" + database: 0 + prefix: "policy-reporter" + username: "" + password: "" + +# enabled if replicaCount > 1 +podDisruptionBudget: + # -- Configures the minimum available pods for policy-reporter disruptions. + # Cannot be used if `maxUnavailable` is set. + minAvailable: 1 + # -- Configures the maximum unavailable pods for policy-reporter disruptions. + # Cannot be used if `minAvailable` is set. + maxUnavailable: + +# Node labels for pod assignment +# ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} + +# Tolerations for pod assignment +# ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + +# Anti-affinity to disallow deploying client and master nodes on the same worker node +affinity: {} + +# Topology Spread Constraints to better spread pods +topologySpreadConstraints: [] + +# livenessProbe for policy-reporter +livenessProbe: + httpGet: + path: /healthz + port: http + +# readinessProbe for policy-reporter +readinessProbe: + httpGet: + path: /ready + port: http + +extraVolumes: + volumeMounts: [] + + volumes: [] + +# If set the volume for sqlite is freely configurable below "- name: sqlite". If no value is set an emptyDir is used. +sqliteVolume: {} + # emptyDir: + # sizeLimit: 10Mi + +# If set the volume for /tmp is freely configurable below "- name: tmp". If no value is set an emptyDir is used. +tmpVolume: {} + # emptyDir: + # sizeLimit: 10Mi + diff --git a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml new file mode 100644 index 00000000..d304abc1 --- /dev/null +++ b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml @@ -0,0 +1,107 @@ +replicaCount: 1 + +image: + registry: ghcr.io + repository: fjogeleit/trivy-operator-polr-adapter + pullPolicy: IfNotPresent + tag: 0.8.0 + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +crds: + install: true + +port: + name: http + number: 8080 + +livenessProbe: + httpGet: + path: /ready + port: http + +readinessProbe: + httpGet: + path: /healthz + port: http + +adapters: + vulnerabilityReports: + enabled: true + timeout: 2 + # apply labels from the source report + applyLabels: [] + configAuditReports: + enabled: true + timeout: 2 + applyLabels: [] + cisKubeBenchReports: + enabled: true + timeout: 2 + applyLabels: [] + complianceReports: + enabled: true + timeout: 2 + applyLabels: [] + rbacAssessmentReports: + enabled: true + timeout: 2 + applyLabels: [] + exposedSecretReports: + enabled: true + timeout: 2 + applyLabels: [] + infraAssessmentReports: + enabled: true + timeout: 2 + applyLabels: [] + clusterInfraAssessmentReports: + enabled: true + timeout: 2 + applyLabels: [] + clusterVulnerabilityReports: + enabled: true + timeout: 2 + applyLabels: [] + +rbac: + enabled: true + +podAnnotations: {} + +podLabels: {} + +podSecurityContext: + fsGroup: 1234 + +securityContext: + runAsUser: 1234 + runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + +resources: {} + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +serviceAccount: + create: true + diff --git a/modules/trivy-operator/templates/values.yaml b/modules/trivy-operator/templates/values-trivy-operator.yaml similarity index 100% rename from modules/trivy-operator/templates/values.yaml rename to modules/trivy-operator/templates/values-trivy-operator.yaml diff --git a/modules/trivy-operator/trivy-operator-dashboard.png b/modules/trivy-operator/trivy-operator-dashboard.png new file mode 100644 index 0000000000000000000000000000000000000000..e9733a0f4830e833e25aa3434c463f92c7bd4ef3 GIT binary patch literal 230183 zcmdqIWmFv9x-N>l1cC$)?hu00Nbmr`H3WBer*RD$oZyn+(zv??ch^RPyW8nx?PdAa z-sjwL$GJc581#Umo5`$M?|kg7`m7))iH<^u0tE$yF7;ka2?`291quqL9|-~So6d$2 zF32}%MVrN!=kHQt z!YXb$2kG!jxIMFdqm#0XbPVqq>FE$)C|oG8T^L;qU*nx20xAHC6}YG`4C5xW_a|$ft=?s>t|Po{yiM2Ok>&LCuMsYX01hZ}>Jz8p;2UuM+NlEm|<<>dU*! zL)(MffQIXz6`Vdveq2LB^dM4x%zr(ZUq6peAW z9gFE6MExb*_}~uIQ-G*9cak2_@|-!8%8mbYv%x)Qdi)rPEquJQNb$N~W>ZviV%O*-{Z6570ES97j1Ki&*LBXr^+ zwqf4uwjxPrKam`G{h0qUD*fr;6yxF$Nnz|+n&)K9(d+TcL+hmeu}t#SH+axucDbXhes%c`>82p#7(f5@4*!NZNI_ZX0xOhF%@m zv!gT9$G`3QDg0RI`oQvGc{2xS$)_F4 zo=K9#nZNmB{nJVBeigV3K<1A@GWVG~`K*m-ZAy7GI6u=HK2M08&kBTA^I}Tes{~co zM4M)gATWZMH?fVvy=VyW6{o{($)TT2D)&-tpl3h{s2XprK#yKyQYhJVB)fOZ$sfn}9j zAQLP;MzBUhwc^F*<9@~x{JKDp(XeY?@Y4n5;uscmH>|CHR1Sr!tBt`b*ET+jxrX-B zM~_wGvQzM6$XK%TdeE~S&&$;jb?eJ?>*1m<6YESl?r`DI?s0ko(d1Vw2g+^RY3B2ve?}Lq zxIC~Tgcxe@>6Yk;`xZeIIV&_hf7x{rHBYt)nx*9crkIJ9JK9#4@06j;XX!Mg11uR4 zc$I2{K$~HQQulQz^%@tA2uO( z)4XfJb1;^hrJT>Ql!%hJabZLPa9O{n%>>e<*?ZJu@%_2s$wgPPD|fFzil?k6gC&Sr zc{W%j-iPQQ8c$6i*3j2e!A)yV-iud!P$;i49gIW;fRA|XDbqoq{-aspHhn;Q3ioJW zdD~s`wEJtTic^E)5ogB?zt#PFk&p~6S*e~*{IzSL6~D7Hfh^@{zMG9MMm_CIU4`?> ziZ|zH0&Dr4P^s5sP#`OMqYEBnzRN}8BDDn3Vir$Alz#tQg>CP9^n-@J6(AWvErrt( zLH>hJ;BkKC1_t0TBFK;_>qa76x3SfP=T9&SXX*xC{ z3Qo0c4J`R^KWZGkd>y>BM0~RvKbW19leTj{F6pS(M{+3lO=VzUz`a%Ii6?XC2<}p| z)~f%|OtfWEP6(RRXPw+;bO_Yx+NeYU;`3 zVPAWQW1@&lKHD3&hru^)i>Nu;0#fXN*Pc@k0@Km^6~k z*L6X=oGwgcJ(Vb5%DF#`Svt$obbxSs3m+VkRK$=egom(Ks@*g*_j2tgeq7U0V}k1$ z1pSy2ufxlB+l}<{2V1U}`z4Db+Sbsbx&CB^pRbPMt+yai!N`v6T z?5xAc$b5NOb>W1bQ{cq~QDbiIw$fo*qIpTf@H60bmxKrfpR=L4_P7G4Z^@Y$Yxaj$ zJbdO#ZcH_T_Y-Dkg}uPrV<@Km10;wid%?BMcM&32PT5?YLsd7Qbe*ss8W@>P5m z-?YSA(B32?cqf`Pfb;f~h|Z%BKLZK>^^)?JuV0ZNY>Oe_ap4~=m}afftfHpi&befU$*tZz6X-pk!=Z;fWz{S>tuqh9SeTHe=7*Z;_V%wF)*o`skP z{OOhb`kNolOMTBfJMdqc9?{=y2M+3`XX;KTf$~c5FNACbiQW1=L5BHl`W=#^Z@MT? zrsK**N7fKOrl0F~&*^~H6J)@ao2aUeTu?pJmlw=Ruo#g1w^_`SRO7mA3-_i zaIbhz0X#R&0p!Q2lHeUqsA)1S6kTQ_q%Ic2OF1BH@YQI5v(G5!`b5`KgKm2$EM{<8 z8U*Xa`6YN)y|{l#o+(XYQv8BG_&M1$5_Da!OZbC|d%>}sAdMWd*;gHkVk4i4u1E+YtdY~n^FhQG1IxKD zLHupTb|3eFN^7tEc_Nccbk~O2M%cYpbqu7Np5s&-n?Q}46 zufiWL+9EhRUn=P6ASCJVk>Wi)ywvU6908C9HaEl6-)FTPPERL{ zjg3KZFTKGPygBhI3*yW4y82vmg|yDpg^`>a#TO-y+A9LSUQKG(^?5{A*Jb~_h=8%w zL1^r7YaDl5ZJaA{+;v@%YZ@oZRdWEqBt+RscV#m&GCG0Ze!kgowdpDxRyx;dvSChh z-ge`;0Acatb<`NA8OyaSEdg(~Q(4!F`jZ?4h7M18_&W8af=7V{8i(pDTIXi_Z}&br(j(0zWjqAlM8L5M#<1cT7s2(Fjqy@T*E#2#43KQwlY-I`+S9{6rkR=9o031TTeds}34>{dJ!zWr zjN8wJ8UTmo3~}vBBmP0tF_PJQ4mI#@zAsq)O*)^mpMc9M{*%rXKJa4P3NmZw*%b)( zIG=Qc91~G@9PpdbY56>IyyCHwG@Gxab~*r2qmlBX1!E9kRIPZlNIB^d+qJ(pYcuyu z=G^C`V`k=*PNn(!_3MG-Vye#(M6vomJODLnJg6^@rV%TvD)q;*I-0wRi;4z9-;>QL zx?GIYcE(bN>-U6hftFnsMX8Ig%iEqf`2W;VBAF41r3<|tPCgK$wHCM`?-wNW4EK^I z4YpXle4D!_|3d?EqsuPB^|B8wKSUA+yPgesoQwV<&$T^E8UkvIg_=dUqlSB|Rgfh-wf@SA081nR?(3NG+gz<3}mi5Kx=!feWh8qf~4cV1;6su{skZt z{`OYklRB#Pf)(2JiYKCqsw$yke@sFG{GxRo?B?dCh?EpE8Ob?V(y_kOvyN0jTNynZ z|GD$JE%h3`M6)H#_D?_((=aH{e!JeT2!c3jp5x|8H&Yb<c#K_F$~^a7pYj~H>?pQc z`!8r9&ICCd(85p*P7l2tE$q*Y=I@f+rjnI&!FV{mS906^z60(+Joa_+OLMi^JjL?(rJ%!yBFH5sY6Uv*r{ZWXxU!ucZ6HK&iH1|9TiI3+vcM8_~ zsHljwI?~?{zIShM2eyfZL;=6aurYe>ZkgV4=)odbA*#!_#4IXzjNqhspv;ndW!pf` zosx|v{nP;g*fj{>LXwxN6&&L(mw9x-r%hNv@o5amLJodFK$|0dx-}(uI2#;Q^9~9U zKe>qLTZ@wy3~aetz%Q%UateFx#@}@CmN=!(3>u<#qNiI>ASaKYSz`f9DH+At40W}< z^X}*#xfs90QAtayvo2Bs`J7<2r7~2CBqPN?W@)j1Xwq8s;Hl!V$H;oL5ljBG4jS@(cM+{CUR-INI`!1t? z6vy%X`~KSJUCi@CbzQH|uIt}gXG*mP^Mg_$&f!S%PyFV44^SBqdd6<8uSaH?i^^r< zn(uye5-Jn&f4D1tpm|g>6n2=DPuhqA5L8yag;?-Oa9NYh)}+U9G8>6niB<=|Aq}Eq z*_zqm^Pd}cRu&_bSl!*>TldX@x6?ZhB!Kr{Mg{MaU6J(j;r;K1Q@QITYW2L)(VguM z>_a+5F_#C=Js&T>j)Nw0rGzLX{EGN- z;Tt}RN$@rzb9AP35j1L+X3n;P{6{n?LS`N^kOFb8+o?x^EZU92Ha4UWwr4eCrJpeA zSXtTmmy#(zD4CBp2UXxkj-)qsLNca70Kx}5*+i*07Qd~*XHIFTJIq%|eZ-Cwz~{%h z>=~sF3@Cz6R^#Jy*dKh9N@^+>Pg-v7v(iJ(qQ21Pg*yzD7ZnlG=sJ@u**zXU7`wEt z@sZL9JwL=%P`8f*bb+@77fX%!WEBAAWSd388SX69v?{l$5>2S^3uG?9`N*Z zsjho6iURP0Kzwiha*DtX$rAy^T!r5b8o((QPBQD^Y7x8D1jVHQq7XqIiK4Qy%q7}Y zgeeIe87Z@y3WKx311WO`C%(tEmI^*QaiLc~~#IkpAp zz5ZpAEj`$WSe>F|k&7P!; z4Q0AWG9Lu8(=RA4Ol#k05U$5$OdVvF@j8+}21tv4~{*6V$ynO>a$0ww%DNr8iVS)ClK}^)Nxqxa>XNK^G`?T@qh!^Y!9be zYAipPMKIjD9I2NzmbDx)Bs)!0F9r8SQR?%#9Ke0DnI~v{bYUTj^mjg}J4VX5SMQBC zkvco=BWqXJ^?^n|aO@j>ijgEUa`zr~`1oU%8UddjkY`bar?;zL~U)8KyxqI0iwHJ9lRl6-?oFOYbAB{zU%T9m$#c+ zTOBv&;8;2E4bNKyK$hKMY~8ARKoYnh-ny2c9nfvGUq#hHbI1iI zvGuyQf_=QZ+L`=1{Pmor+GaW>GcIM%qLt3a+uIK-M(_j~i)bsF{eez3x(e`*%Z21^xK564SG4XbV-mX885gg7c z7*u2VnD5((;p=(a1k3006AmJIS+)4=-^M2;br~mV>$%n6u614OZx7+$<{Zp5Z1joa zXAa_*A5VM-j9#zB7?RV{;@h+wBCLSd;Q;EO04V%idF>6jbI*$k#4O3^4F0x4Wt+|Y zel6EW96|VxFX|;wU4E>spKUiXd4FiRLs?PuC85{A&k)rj_F3R)>ay4_W$0`n1wXEZX3^ zeVYK+RWHUVkyGKd^}YR>(jeo(Cobt&a(eBl4x%fWBo;R53DIyo<}B?d*;`(hsBa%v z*Gx0x;?PsAYvCh!>~L7`?K?0}*270nu-FHap1TGo`mYv`;ksOxyXG9LjQS1S&ITqaY#e#9Y`5|Ht}QaLAeAOu75f=&t9LDwl(v^?JOA(2lY?uCib5@YoRT{ ze|34?J|zDiJL5la5OVl`ujluleEi!xD|S%F9L-0AhIFg_)o(Eo^#u%1v&L&KVu{eb1lMzp`hw_$O{ot!!V5w z4+lXAZJtgl7{UyqO|_}*wlYcY#KnUY7o2uiN)aDg4p=p+Od=I2-i)S3s6r50=$VQA zYDNh5&KA-0sDkz3@mlw!UDTE6yA28oie5M*{5ib5okt^RM#aHRXtykHvx*l(6r$XO zki^FEGpEa({tL7P`!^+w+KA^nK8Wb(=%8^4BGFlvWqt4{svZOxgk@!Gz_Nd6+5)5l zg@&V)Px{5A0{VAx(d`?PWL(nXx4lF)LAlXHmhn_wb8M3BF%Xv@MA{XWiI* zw!V1sa|5$eSzgE_9%<;DW~1eL)qmeM&ElX`7qWDS*DIGu5BJAyCyx)d;NH}7HYTn< z5_SxXIUgz`Q`7Uug#}Hw6R_tRgw(h0Bl|g(ZT#gRvhSzp)yDlz-PzWxZu`US`AsXv z4FUNED}P+ub5grprFJmJFI@^H#H`g0Q2wAEZ8!n)4va4t_>U-VyeGiF`pQTx6$?l zjXvq!{M_K>cRl!Va|em^ZVdZQ6&WLkgIgIIX56Vf}%jUpBYt`?61CgpfjZFSvmr+Y0KnlBzw?XJ@?MR!KD!L_N!U`l?{ z#%HNH15~#3c&XLa#r6nVT|fK`uYf*Y+Z8hJpW}(>oI@HVWasUv2WCRgOX2PfFVmE) z_MUA5cTAcGbZ2z|!xLQ5u=#CoFKM-$c$UK_e1<_c&->)M+Md-nFiLZbdw; z)DiHMIY;uuFiLK9J34NB6!t#CdH{~Fk6^WKn8r)z%W1oX45neOY~1rq&(_S!yF~7_ zH?kp4`B>b^Gz-#h^LA;S0#h4;ADcQxQEP@P_sd%%Z4H^;T5OUx0|%qh-R7}ENV*1N zG6e2VDq*jP%;Rqy-%Pq6fK6{#Hz_d%&;duFDt&04-R{W}N4IBz=nz4K?pyAFzV!#< zN2d*t_4DCc-D)Cam-%o?&zV-cOa5#dc7ZfQ3GS~WNDLP-UYW)JQTZ?QA?t5sYQoQlgC-rjS^nQHN z2e}+--W=V#tC8|B#~ty$H=g<-3LX=U^5C%CGwcTFyN+{D=oe?(3gJ+-)>i9Y#Ll zpE+KgP+oUka?3&5Jd8ZYR^y*vZXcVZdOv;~NqDpIbytnx?sbwbz0*qCCBvxKX?a_F zrSaem#Q}|H)hPD9`)Wna8Sf*92sCDgtTe9X8vpecf4_^kjZ; zC$C;KQvNZ5t=#bE#_OO1s6e0tmUR?J+WP$TiDxf#LtB0>#CW;U+3wiO^@M1qjpY_T z@v#a`r&|uwP)KOC^s{Ac)?p!me7k9;56U9OTt*TmSuJ3-PoufeXY|qa#CH( z#dWnaH+p&W&~=4bLRt)5TrL!%BhaIw>LzG!e~&4Y(RD4Gk#Xv_>8MxPcjVczWZSmA zL+Y5}FpS&W3VS7#%o-6r8AE=<@+pl3AUo2u#&Kic0eoe@Mkm;5d}nBIf##nsTl%RE z+?b5I9k^qbpDxA{;7U3G_%bwlcbA&i*%iIgXRWVM<$`{U)H%wITY~wq$)+^nUNRF1 z1@SHYDH&z1<=!VfNttKXxZ*wHKq?IX@FV#Q2YO=r>Q{b7E^Dtfc0TT8pzWmX96?1w=1&W5Oj~L#(a%|M!!6wj*z7gN5;WiP0 z#22@rnQXb3JE$#&h+%O&JMC~@>Ab9;uDFl+=Ydtjk+FJqcXY()ZyhcK?M|t8Dj#*h z)ygC5xqK+$VfC1D>c-oXb)#I(FEKi>h@T(sF;^w*PTdYPkYv2HTPkodh`$EzIIOl{ zZYme)n~sLFh8K3I03R=tPWCKWPsgQr;PK^dgOq*ANBOx)S|9e?%#m?Bw$gu%`5 zG2ts~CrCT^)1&~obIl4yM02uy%k{oxxs>0egQ|LX6#BtIvcQhErJw8h<Cr?a&&>A(Sw-n_cIUc~dhv2Wc^qmW92y>Q-+ zprnNKV2~Nr%Q&Q`A_Q*~>NnRJBL#fjSBHZjdnF}$d(I@)x^$Ejzu0x#;lkd~-QCNJ z1P3=v4j*n7)PWxx)kef0qU-fYeX-B&D_?juyXq5sbkn#|_DQe1!?W}2PDFsNk2YE# zsaMV=fnmr5G~!{0uxjyAChwEi@H5y`P@Cuv4}cW~S*#zhn9Jxs&yV;Q`%RIG{`>5};Z;`xzO?cR zdr0T>tcGRXSN?J%^19UHV$;$9DC9%Rn)%$t-x|I3BSw;V6d&Gp*@Lo`3_;7(a5#k% zXnz$&(oCuHpm8z@d{w`E1;l}N`9SQvc^XVj$itUynPdYDW6(mRN}w8nzB3qsNWMNt z!Hw#3x7(pvoy}um6*aZ9!frd}7inr}LaXDs7+WOp$1TrzL$@c|E8_u;1<|)FUOQcO zNAm`d&kUeQhOIS7+;=0Zccf2tUua7`E<+j|5tgY#w`{ zPOBcbk}@HhP>2A}H%^`pHp63G+#8Ljar@ZVhahpyuziE9bwA@_i5x#o2--Z$4W#>M8v2LwI-zw6L2+1xbtU)&)9iPD z1+eWL2?##nXsVOdnpR{c|H@R^imv1J{SKzzJ zVmsL`nT2#hd>RBoXIImZ?+;qYqI-f)pS4?uKyZ$e%(G{goF{oaa;U~-LfE)z>!|q# z49v_y*QRZT@e2?O-XnkSl z6QgR&)sB`h=a*2DfVD=<%AN^(u}-{H*EQ}AXW?ZRYwpiD;mNt^c8b^aYXzaMtDb{< zM(=u~cwwUWA2gCV+$jd_y(xB}q6s8HYwv>!oc5;Ri;9cCH@xN%ft4)&F@l=Gt|i~i z%4L4kaISyjdfR5#|9yvu8m#bWy~ei2$E7%uz4y>JuBxb^0r!hOB!zKtLd|C_EQ<8$ z@6on_Cpr{9ZGULoXWe$s2AL!#^Ar+>XX7Z|J2*k>S%|j?m>lKn;56u-&o(Hl5e_tb z_QLenhV&93O)HeRd@Z@1Q7Fm0&7GYtNDd5(j(#Ek$9=IP_*J6fmIJI5g2U39?Pptq z;G$>Qiw|uz2ghw|O~-9P)5ROIsaMZ2c+8q7imzr@d4l+qiA%Jbf}`JOkKp_}Vuren zA^p`WB9WN|{xt>=d;cFDoV7 zKk`^vO&$`6PRti-bLo|_LTWrGOaJLWSi2^n7m!!L; z5J#u#rtK-eVNybTru)t;YV-2@e|=zaTaGy|Z;F~njuelWwy&=@{Bc9%xk*f`iO`+} zE%ko*bxz)TnrhW7Ny2mI+q=R7H04 zdEoo%1++Y~8PIln(*sT4e?*OL6Ul0=CB++gAi^8ITcpdj#3hRU67cV5;8YsBu7B7) zx#_m_u>MoCr#oHqgKVLUT^c_Vk6cuAB>sKhqfdjHdxJO)lXm4dEXjg`C~6!G=-S;x z<JQg~C+t%m+^#C#>Guj-slx!2zrlIl7zFOo-?$-${xm7vCkuM-Y=%I;Ox;W4xs+1B zhoq?gGc7*KB4Nxqu(!D2Q%HH+)Qdx;oH}|itaI^~dr3K!FW96dc_&C;!)$sRpBjx! zOhxLv7709I8r6jVIgRleX%sa@m=scORV^qskuL0pFgV9tOWcm;J>jcRt2dBiP#UtSQr)bY2uKr#$i>qoSdSR1bL}&rRtU2@hL?pXu}u!L~!uG zDW%$a2z6RQCNpJ-*%F0EpE7Qmyqx8~qsc0d!Akw-~z|ib2C4h5_6oN=O^FKAIBdNZsQ4$*{ z^MpH<8sz9Z9`;VfH+E0OQ`GeXRB-r;7`~YyT4hnWr;%4ru`pOVa5Yion7|0+%_O>t zio8$llO@@)MgN$I7{u)7XrhlxowaKpUPM5mJ55!LIyOXPH#SwqBD+)8 zAG2v6Jf_rCP|`nt5F45@Rd$mFQfyieFSm%DhBq@;O~{!15@9vb;C|7J8(21BHzlJu zx=5vogDp5QJK6V|6{CO^$d{()Dl3fKh?4zan74%z?Gvgr;jm<{hfAdvB2sV~1ppdt z@@e^5B((D>5&JtTxxpbiiZl}ZbWe55fibeGlJG)NN5}PZX-ANb?IRG8In1e~F|CrJ zu$ZU`!$cv{F1}eWPBC(Z*3?w}zQaL9NhI98nB6J9DV?LDDwAUUC$dlIJHD7;#*zKN z*zc5soh(Y3#;#aWMEA%woss&2t58O4n2Ja@oW{(tjX-QF0yy%548WSWC{`%VJ|Oc!>!fDfp33D=#@YRw9!TEKJ(P-&>jx zu922(pNy3(h_QZn1U9m!2uojw_I*W38XuD`(4;mm?jkSw6w)VD?K?D1n~Xnboijxn z6=(9#;`QKn6Nc2c(;RW26RP;jN$I!g1#sJANIM^JiW#KaWNUV40%iBG730cOfeLdJ z8SFjry2x1rQb|-b6j+CFmWw46&-IsYhuGkosCZ?GWK(|wA~Uos<}S!QHcKT(6U#gv z2ZmvMfIKEpl_JvGQY`j^VGEfOpCIbzVTQBlTo-EiVmfHq=uZ#?o6w)65-t?0p_rhf zhf~Q(5T!sa79(6V**HaEL5jvI%3s?cd7bk&m>_L%s6@z98lA$xy@doi7`Y6_1?-`Y91Iw9p}erH`Izzxl%Tg4!^c8Y{?Yx`x>o+fLWCtq6?wT6)f@+P^JQqr%D z^)oIsG~i@6A9tCr+OZO*Q}WKkLbc3gCe{G%exJdk0!KtDsD!nL*&}hBGT;lN z+4sa&QRnej({%gq>7ZG1vujqO0T@vM)1_S-WSZ}CX^t4K@xL>aUM#A3+Q3+~ny99= zZ(tFht-kKx`0%dSUaqMKuThOn@vs3|Kdw=1>Kg=44MM-!28JcXGc6Ej3HD5bT2}}z<@_R*F_nhh*l&rLF~#rSaBp4Luwd0(bg5vCTV+3MQ6U4De@ zs1LIA44)_szQ?rNgJkPW(PVWUL3vA*5SoXmuYc0*fGni=fT3FA{tb#v6j?6fFAi|! zB*Xqz9hB$<$b(X!RU~6SOI4>F*jug_QHlj+J1X%Nsfx^E5tirJkhDHQFqJZNB`*+j zs#N5Nj8{=u+6|P_NomB;NU(n=na#GRU_hNUK=thpX#FkrqRLd2K!2Q3qZ-y&O<0v^ z(ER|cSfPYC!|XG*6sajvX`Y>C*H+evbXMQg!kNwc_tC?vDZzKxJf?VRivB5hk+$bG zH1h-S@2NGEjj;R4Nf0~#t02N;x9)T)`Zv(Br*Y&g>xpr6{*I}zkb3yM`Q^gT4T7cL zu9uLV|L01O<(65@wBAJsp~9Mn!Ybv99Z;PgQ&24flSpW>SS8lqt1 zOj7%pgY(Ki;?_aOZh|>F3(ZkXGZ%1QqNiGN{}Rp+#ySieVB`v}w;@q_rg~|tDK&75 zwOjvEa72Y-Fa!lhuF+X+M2hllb^gC`st3yW-egOiQIiZz?)Novasui`=lX}Z4`YzE zj{cMtrWyT5NlR4?Z{R^xe@WOPl+>9WA$W=-s7ij8frgN4*5;QQ6&r>tQxyvdE5g_i z;8=i0iJg*8sV2^ED<~40!`-n*CD`e({KZ5x?)HbvUtUaX+bj3oeiEJ85!RPkOZ%uH zj%-%6M2NhK6FbEGPNuksBfW~FKlt@s|M&=Re}I+`EmQKZ;pl1@VJrum$jQGAZ{$Ut z*9Di1LaxPO7;7s%)z?qHiE66me5U5H=zcjS(f#{Ge70R|)k2d02Sm$-!K^(`HTk8J z;e824;TO88QqlP-dStTX54itZy7l#^s)?mx?%QRRo@MwC)0<^zy~+DxWb>PMchkO0 zalsv>u=lj`lPDHRbN;4NsMK;^jmeD;REUr&u#%0SQkH#JOrO@!PFx+Q0(Zkf1%XJ# z-w^pX6qMp>#giS|_GS+)Ah=DVU(-L+P$aAwF|zs_h(b`KF906`MT+w&ucY!)eASeB z9Q}CBXbX|DTzU|LB7f=A+HZ>qFUYY}YGP($jCwxEsE^F*%Dg`;NmYIw+lIN!#{}^^ z|DfB#Pa#XX%GB)w8pGi1k2RldG`cOS6=q@-V6-GeEnCQ3iHSQKo!uTpQO%~hwYQ#f zRK6$tCU*!&{KG1$)Y3@A7D7-RXGBX6V?l}m24ZI*v-!=e*o|sZE{b<2mk4pmYEv(% ztsJ7=QdoW=>9g1^Ew z#d5#BQ24Bd!D6bq>C=(;MoKLqS*`h;<~lTgw-Z9S;S*&>&PQ;(i#C=A{YZu8dPzTf z=Bdo8!g4IP$z0)Z+en7$*s9H<`;Y-DzEtRU-i@a zEa`|Z^8p{f2b)R0c+{i@X4&96JpcHNqSP5MjYCSVJU*!LXvt1bn2SLzMe`*&QJQY< zAM?)j)T95kRXmok$1bueIkA!R-d(rDY4X;msm2hMF&myrltP}F!0%M8qWI6IIL^TF z@UHJW7mYjO5hA=KS$`d)t~&_>nOmr>Cv|hmFljU5+f>egMj!R|#yELyX=QzT`s}MR zb#~XEdUQM+Mzsmhs;sRr3DI)+2ro(3Bdd^WKa#Sjx7F(jge!Q2`ov|h8@<3u^M+Y1 z^Zx8b8Z9(j2M=~IzZw$#GF^*2vJg$Zmg`*U|gc&g{ zChFhKezwmhd6{-34}S3Qqsa?Jc1Zj0`C9XyWK}}2Ow%%Xv%)2w3_Dfz8-XbpRPhgj z{o7W-s`bx}3Vgsq)F?|}ZHB{*=BII?`u6k)DG0R9ITt?E{C;>>BQRZuhs2S^zkY$4WowSh%F2 z2oqUDR0FPzJ`pIqJ@mNJZb5x6V@Z93T%_YB&cl}4R-_-pcOyw}E%>}5UYM8nd#1Je z7CrK-j0@kwQ0M?xRx>n@W*X^%WATlU{oMt@i}zN)^ji(%`m;&X#Q7PEAo-Cnm_dQSUM9%Mr5&Ks|D75Jl zeG1-zaek((zmQ(=JG8Y5`sK!=H*velz{g~dTtq8cfwNFL{LbHStTZP`uXg!h8msp( zn9n|)Ru(l%Yc%hfCRc4*-|Ur-x_^xn^|ki65M3jpt?z-$@s ze7-9~!5}eQJH;e_p)xr%*~U@(Q&arK?~v)N9&%+2W?v%` zdg|;w-{Ma9iGXd!sj(U$hQWl(**f+u$X$qx8S)sD@VsBLPbMMx}ar$TI{W6-FnLW^NhP4b=sVwY*crR+J&l!}quuaX zI~D8L`7#Y_C1L2zK&v=@G5*)?$jL^X{1e}~;$BZF_`l={5%jm}PHE6|NKN2GT( zisKRz-!Nn0Qr7JyNBcw3$X_&K1W~&9uNBK?KQtpw+lysx=nb5t>YMc~XL(f(XVcY% zwrS#42ScaYV45EDK(mnYe?CSPF+B_~_n&%E+WK>rVWqwG5aHcwEv#PL`jvzf$0oh_ z?~qD{*@S_G7$U#!Vt^zJ;t*pu5m99~Htu1#z9!XWf{+Ub&hxRf+2f_@m!?r2iXU-_+@nj`qOV<# z1(Fd~%J)#+@7H1F3x5@|Be!d&K=yS0u`t*eUv%VZQCMPs<^kFmn5_ez&le7#%?R;V z?uM=9TG6tas$I$kh#u)Qu{{btBvg%(CNgs&zt^BD+!Cc!!TJ&Ggvn${baia@1LL5j zPLV=1A+QZX&CQT|&sE+kRl{;A#PW~4&}2wTi53DM&xvL%t6xU<(AZvsd-2{)Tb2`j zl56H%pvJ-!G&v?Suy*IB`qsB?E1TE4r#`o%_zBe+)yJ=hHj`c2c+P&BT_-TO$inQ# zlvhRI35~JBdLDr0o6`g-gM&jv5VkGLH2W%!^HX#3G`*)ZEV2)p4J6O1De81W9+R#t zDxiuL{eWf8!y1ojsgBRyh91m8Vv3;ye7}J3(Ye7BM0T*;Gi)WqKsB?@WEN;mDK*># zF^5q4b!1EyB;D`eR|}cBJJvZQ#_)mB7nc`oKf=4F)wR{pg-SJE+-T}tm1BV=Z#K@m zl#r-#D_fJz8#)awZev1AL^lseSo{T=4lqA{orgTpjw;0TjIpA1f#Nf)eMLP58YP~$ z$Xyw_HfTNcH>Y+fK*@$Yf00$RF?7hfUEcBOz#_i;$GK!viJ=)m!2Q%qYc$`=_FtO(xTuoxQ9>2d37}8&iVUN z#&|O?N7EL<6Ugq>nZ&{9s=XQpoTJ@_z`H7{=kAT{&Ak2Bxz0qb(S$XtL!3IRXIfZ5 zP|-=QYx3@c0=hL3Q%m z$C?F7dT_}^LBAF=mhgyOMEu_(s=xW8=F;uud4mAX54VOApRG~dwMO2tU3)E0tY+U0 z*WK14s`52b6((>HHo!O1*rgfc%lWIexCGZA5+hvtJR8Or6*fP5YfReWYp`EH6+EsJ z<#OKLK8-c6KLSC_npYJ2zTTm3Zf3BF{>9;sxmkt}}Iqe;;sXCMwsZ-zpu z6z&Hd{o7h72GV%>3N^MvQjKZT7bT?4`1fT`VM*|$5|n9G7wH2h10&@*XW{wnDXm@E z7wx&!*0Iu)ASrE;?*8App4s|v;7&Y6J+}XCX`b7`NZNqqfL>?GIjnAZVcvc0e`RQ$ zQgu;3c+JIvuT&tJ0Kb}Khp#MRCs(RfUtLn!BRWm97uSb$FM58iYwxEPwG6L7S+Iy3c2p?|-#9A`<;W0*&H-&VbM4-wKDQSt@WM4FgXJxB6U9APE!RJSBEZYB=mjX(vj{=tm8rC9i8V91^2E9{9 zFMS8BjxFhol%BVCtYZXkEWP@bZ^|wsj8YhQ@%_W&a%dI1@%;@Aaeft6jAI;}rub7% z(UV@a8vh;7)H7oS+~B=gYqWLZUEc zD&+Uw-xZaR3d9&gIH-wr)xN)&&XWMVeG*>y`#<0dD?v@PUZ#Y8SimJ#i<%mFOlQBZj%xkyAz})46l<|ksD(@q#1k*r zO%)E$0^W(0W6=I?L@52vo{7IVo5v*4)cjZ`t2ww`P+b z-JfyYI4+X~_m~*>pwyqAr)HISkgOihm@qz#=;Knk6ey7^7JQQ2^pqjwq*e}sbS$E9 zLe|o7NIN>xzStmmtk5(n*7{W6DUGX1{Rrd&UpnndsB4ky!N#OZl;PQQ^7^rZpWfbesln z>A-J8zQNC753vMcs8TT4_J2=mWs&=mRO!WP*oqw$J-|iu|6}j7Kop+7Vb`Peoj~PP z{A7e8?O8oUlfpMNfmrotUYC$Mznby}jDqw6xZqGm`GagX?wD|+1v~1jsVh{0hekj4 zs;Q?QD_=>oCjS^5OXNO-GI`lW#CYt9G*H&sfzBD z;@Nk@rn(~2kI@x|&#LkE8pPY22D)m|ZUZ@cetlUF3yWEL>+WBgh%5_GQQh1H!izop zw{9nhfI%7C+e*b^p7FD}y*QPa#s+uv1qH1qy@4bl?6t#ElUDej! zn-F`?DzRfLLPRPyC;fcSIp6Q^_dDm0T=^^4_0DxA_kF*f<8h-J9==zTgmF+bT(4W+ zng}=wrRMpO!sPKMBxvez(YA&(HAhJ)z6Pu7MNB?-68cKHBnB%0R9zcR>^!a(W}#x@N$9V;ehMuH_PNXx({Do!I-P*2}0&chv0hoK%c#pWn^1G8gNqIo1wD zd=GxJT|a4f+tdumsF*O6>BbwBnV107^1a<`e@Ime+70ArN3(VE$$$qxZqbWBz(^E? zS$P0tpcA9R&UoZVB*U(A9L;VVulSwv(5ks%iD`eQkD6FYqncqYdQZDNe*JJJl2Nwb z*$1%5{xO$1Y+f$?e4-zhqE5_dqSW^V)kMz=stWmk(Bpk?KScfLld7W?cn*D z$!lvCS4;JBryi>Vr!B$-(i1g_bc7CujPmR5mYv)PC~5Wdz+XoSO{l#JWQ6V1bb)&n zWG5J8nd<|nijo4G`Oay|Onr&U3aF@B+593I30toYd0jF3&@4Sky%1jU%kht)cgD{a zrO|$=1rE*L%hUIk(v~erLg0BdD)_J}aw-0J2o!uGM8~a%K*2qSu{7rDOym)8*+~5ObllXmdj_VqyTtYz)>cE5+j%3Jl#@m< z`u;A$P|6%i^03$?n6iOyf$&!U46uyct|J3cKa=-osy>|DLu=g)-CT1!zcx{EkzKcjqI z>4!4f3bisimuU7kzKwaM7M*zCr)Rk*R^+{a8KTP^uu%Q%V6M(@aWUYN@7O zjj2i%pP`Y*hdq=WIB9sQNJULws}Wzdz%TcO zb8JUD!;oZg{Fkpk=<@R>C1raTXu|xCX1%fhthO+2S#P82D7NpqB9&l~(BPnG#MN9k zp~wdt{XvOB&+;RA=B}TDvF7N{&Fh=r>mu*nXCtN%7LqbYSKnR|%DVC0-zksmdGz z7{CK8;AishIgWN1-8s(W%JPHp-VeqeaM8L3%IPVuxxZVutFneN)g>SN-Nkf05Y8`l zyVdV@O>6u!Itq_ZVwvxbYhUd8>kFVcO0IO{7#ffcJMgg}7^5e(RlOrEs_kpY%|NyP z(en}zIn}8G*xgq`)AwjEX*Pfxc;C__ktZ_SXZKD2X)`jAfn79i4Cu^^h~iIbAFR5^ z(}!?mh>b-{3H1h3Qf>-cb^8@dPw<8@Sz1nKVQ*8Y3nLUtz!$1PHyd(&+w}bS9wduY zuY{I9A#8um$sC?Z$(*tZ%zH1}g2$r$NGcL;(0m0iaZUyjK7u!i!^c#FA|m#mmRud- zazO0xC#keX7lM6;0LXVk%MCnMH3v(V+uVgVJBIMKO&3{GWPZ{ZkXHK0ob^I5#k<4Y zs9w9?G5HdLT=(@cnpitr5FAMcweL?1o_pN$8%zj?uLBIB65gH=Td3`%?4g3`aUfal z4gtc{252{V;HY0uxt|e*%eGI&7akK0t;GmMbS7|1ON^rfW$pX=hgp5LoM6Udw6t%= zHYMPheu2&wBNdvYXNuFst={TFR_J`}$XU3urG}s3@ao9XoXUBv zkF;C9fuRd0<;;Gg;8r3H-ngy!!&X^bS)2MN$i+{A$OOr#j9n*o(*vy77=vC-&@NAs zfR!ybC6&s+%?7|VVuLnUjd0$|=b#5l+I9AMsoIvP&;EKe-|@Kg1N;(yQj{Vaa`JlX z2tsA$T$`20x->!S&6FyB^=Nc9w>+g^QBy8k0`<~SdGI*gMO=G1lzL#u-MD{h9 z#)(@Jn?N9@*OK!4L09zq^CUieEEBV;PF#z4w*AkcY7|sFvXL#6j$`|+6y(N2_p>Fu z5_^~Oly0L3rBPXv^$2M4wW0ublalR_)Sigl=>?{x%_92HNj4ku8Y`wcAA4b`W;qUF zhB$DbLN-sa74m%qwA_ z^1Rb@1y*AJ*?J!OV{C*G@yds@8cNl{iA>|>W%??Z=hHvV&GDqxmUFeiiOFt<49#6H zcVhW%u5HGJcAMHse5sopEbkJ4Kij?#E!RK~-Tnx%%V37eig_D9o-d~D_ubalM$I5c z11gZzl#jJqKJ7FE&H)d-oM%^J`cIsfTuD-Z9mE5F#Fvj%L+lTi4w+i~n+;p|=4=Nx zS@!gZ+tYobhLQp)OH*}XOYPr#P2%A zQ}F7TXDp@RiG5Gi!VPeBoh2MEuYU8n+Z>uowxH>zkR!7HX*Gkhf43smL}=_o(`|in z*bmQ9m+MA%4M3*IABTB!RJZ!j#&Mdf*Z$w_7+d)%kc@CuX3Or^A$-`{n)pg>Cra*^)#4zalgryq-aocyvNDKz!i zOfXzwNZU(b?ldt}mwxXZhoZ`l?SDu5ia3g@Oq}d29c`>)Rh7OS*}^l?ll^VD=o`?j z$!Tt_ys2)w7ZIfvr%$u_HGQ!xFJyW}`asXLe}&}OTjw~$-3K4MAFb$ZMe8pR$T~cK1 zxQQPTf}wz36w7pP?;;%^m<8+2+lP?6ppx>Vg4~&ioIc?IUuxcd1j?M=_DNLCr} z5t$EK2NMLpV*3);T{>BNudV@(P*i~G&Ucb(>|T{D-5O5bB~h=4`2QIf(s&*!jtJ@S z$e&)-7ov;9L4ZNK7gk%00k5snQ;!e#eO5OS_Wipe1QVipQfVJff0nEJulB1WhsdUC zEO45wn^rOx4qIRF;5BJ@T*c3+NP*hEd=}I_f6d>SgPh0H1dTR=3?ByJZNnwwCS45# z4vb4cR$|&67KxPI36yjlp+pqK(2Af7A`W^V;^1{5-qcvr8l2sNiH2*}58Lo|cB|9< z?tp1-mkwOa2u4zt@0UDl$OdmG3IFQIySc>s^Rtd$ zJQl;$gZ8m+%d+CtSS)3mo|7ASvB8K(`ZF>+#xOpv&hq8+W$tr{7=XW=IU1Hkyt=8{glw)TA&JVD}=F zoNOIzI&il$Oo_Ik%MTh0g1UE=dE3lic{TuqWQs26vx3K%!Fj!M>*WmA&JP3DQ#9yy zO#XCLUI#FiULkGg7?i{6w0PGLJ1Le6OX#prZuq1@gW}{daOmydw+y?KP*h*S&2_z6 z-6WY~3Re|4c{Y&!R}flIsU+X$l48|c(CTymmuxHB0IPXjZDn@c^pVaCL+HrCQRw0V zT;MhDacwLbrJJ&T;*eBx5Y%suN7cV2y;`0TR{xX2q*< z5Y*kOdD^N=>qhepZ!weZ4V3C-{A}PMZi?S^+kPWxv0_?+BwY2g{#dDOYy#*CssrhY zyO>$OBw_DukF`ZkGf)St=@ywgRkOAvrgYOsbTfCr!I1M!E#I|rz{ODN#S4TuP*QC< zy^+>D3G@bb$GT`eww`);OdTjDu4(>3wY8Am$8sJmSQ&wF1uPyMGnA0Q;@oa#o&W zj&yL3PbkuJ!&Z4*7OXUV%(Xv9x>x{^2Ru+qHTmu!(_TWS<@Ap$&SgmWIaMV^7fZE} z0t@_OctxS&ChFipu_Ol^8>)y|VRgozI1^q%dC7~g+{vS0?l#^Ou!GaF48AhP&`Zc& zgkVwPTJ=ee7BolOoL$3rU>F_P-n?pkH@U{DxgSIc8T5>dvd_j@-6BwxNH#u$4-zw_ z7^m=rpOm|X{!E#O_=(~pEpn$84Fi7aA?S<4W)p2c?6I|9hgz2F%Jx_K7@qYwtWrUv z&ee6-`%vdiWbntF*&Z}j*-a(wp@>=$ncA0Vf8|T*VSy3X^&g zw-w%|B#GfL)cXs%<8@v-Z`b_9#b(LJ&=>H2L^u*PO^5HAWo1-9G)!MFHCcqNcRfGF zH);MgF1RQRHv(+G3rd{%cDbNec!}ICyj9~bf6%!p8Qj5kn=Y;|_r#El`Cp5qRs$U- ztKIl*;eQy#g#q{C$FtS?UkcF~upC$`oS>KEAt(mmf<+If&SE>~Ln?nENs?z*C;ANQ6?sw$w0$#S2D-#d9O&;IM}77BMFPnrYJGY% zOS}+W@vM)gL9MI?tlOUFzMDj}$&FWWAtQjJUF0@dao6Gvamc0h#s-rQqyroujXg_) zF4{R1Rp;NfvBami@1m#N8V=dtiT0#;+nqIt;&Y(;VF3Is^7r{`+_I~G_Ns>O?*wdLr1FRE%$0**Nc>K?Tj|(~<-2y)UjbldJ z6y^I#X$x6N?DYQE-21xoEF#AK)p<`W`zRIv7^6VUjV!q*mY(EI+*?Vbz}A7OK=`qV zAjq|(<<1;UeKz^tuWa6gSi zoX{~*gkhvAcLcRbzi1m(%Bd2=E1sdo8m$evAg);T#7;F0<~C)ofPdyTKb4NGLj)pw z$(C^8+8H5-va-flj*Rli339kLX90-b(G=LcSnQ;5^@&PoJH>#u$7BaQ@W@p!E+aGI zRpzz(;5;m2*A)M|tK9jj8rNqw!(yqv;TVD@t5ap?h_FFCcK!^+REpuvH})wh3GmjA5J z8d074AXr?EvglTKspspyQ>UF>_GFm%EbaCXpb9qfUY!N{0gTRfvTDjKo;Q;q`ho-i z=EI50`;V&(we*OZgM(O?uZOjLZIQH~hN0AjjBZxgG65|`3~HkfHGKg}uMhI0psc)% zcD0NgOkHsaF9&wqNALT;8L@lJct0$xSu%AudZt*#|4s(;-^k+<8Heg1Ovg?r)Iu>I zNDfrnT4DpZ@)KUVa^>sZdY`h0pc*&VkbWdx%Mi#X+Z`$5O_+FA0pB;R(JHuj>twAW z3Y?DF$GF|PD^k`AU5`HPDPx_f5Wkvuz9Zs?mIDiH&%k!Oa$=8-OdhyizwmJC_7De8 z;$0^N8=nd&-yPk*ebvo5ly7x)etC(QjMx0=yhyZ#;O4pwS6Y<}o4t7jYKJSG!_P=E zZ~JSk8qbNQ9W4tCsJ-6dL3KPY29^86Ww{j%q%7#0$W1=HJtRiTeQlQX*=iTsbNjIsN!7Vte#3nKKTvhMuYJ>>LJG+dh`u7RM?kFsvVZ z1e7?X)`mz$8ZUu~9TgazSA<9T=O$kd3yYZ_2dyuXD!kb~JTo}!sgZricrH^H#~GJL zZsJ7@QSEhX{pr4o*{CK_dV4LNeuMaT@d;3m;@Hx4We){7t9;~3E(GY_$bczvBO-VR zV8P|mg2nY?wa2pX8}^BsHT1zlk@wF6awI|RJ81^$LN4OL!qrM66S*8>mh=4E^!|^} zlyDUCv?0e_6@WkFCH|LkLDl7dsDTxTDB@?il&$6$_#E_}pS`8ZKO4KIGWZfgTs9@! z;X|;zEmPm85QcT=i(=)Eb@hDV`!w+E@Qz~>{r+#Xm5%9Pt?Oc~@%?EWF7_4dZFn1Q zwcc^tclfbDR)XE;O9qANOl_3_YOd-|EVH!C{3kGXM$=i6`U8;Z^_|e(hklZ!0Zc@s z>faF&jk5BVE0f#)$gRV6s$id#`wM|?*`#P|R8~N~gh4z|@iQ)8NejXpD*lHpO-+JZ zsIKmu?pk-;39Hypx<-RTqCarcBs36|&Bq4y!)HM3e$97q&9kyz`~k ze7svhW^Zq^5FJ~sRRJg1U*DUmQ6)^CT>T&^M;Xfcs)ke%XZPI;2>vdQ)v#v&=S{QIZ2a_@W#bY$q?D^2L*LCUDm};%}!8cD? zU8C`*Uu!qb4pmEKbvw>&%EYjZA2c+Sy?@1r8$C2Y?j9aF^|OjMIc)jfyAu(L4=pb5 zR~Um&4#CFTQee+WGhEzbIe6Yd@bAzW4(3yCz1q8g6fOybjDE*%P>p{z7UtrQZhLma zSYF-LGp1jl{6+cN6ZU)yst0gfiT0$DyiEqV6ie|J9}j!mX24p4vv;Q?sV28l)AAed z()d~F_gYbXs$YJ2gOf&z`-uS8tLPlyn7lO#gTz@6C)K>^;Z{erNyPMi+t14Adq>Y1 zbIH=cEyx)3Ku7KA;K8TX&HmwRXJB|8L6sF1XDR9(D~I?*#sdsGpn{A>A(L|itM9ER-D2M%qsS@H? zQZr!DHeLQ(D@)A4_x;0a&y>#7gu)w9j0L=?q5J0iov9jQ7+BcaS}^fe8qQ?KGffrmBB!VS)M!F z>^yN466v_39Licii{le~luvBaj^21Us>U5;HW(}g1J-@D5C#7!YH8I-HGII@^t88` zlrFEXwpMpE7q%Kc8AJthR9(H?_I6B-R_tOwSda1Hvl_hRydyjo0W|!^jy#p5bXh)N zXz@c_t)1T%w<=WC;OBbNO@(0fzMtF@~I}Z)NX9g-4`WAn&x_51QgTq8V@;(e%!#k18Uw zFK%cNH*F`w!d;7DiJ^j6{jy$cA`<))6QOG#dVG1-*<_7IK};j=hwll16Lsw|jeN;% zQn@hH#(9~6)1F3gcXm+wn{9dSxjsc>MqtNe@F#;v!J-!y)W5*?5&A? z5$b0p)JiEuwSZFb0HShEYxpmox zpHBb1os8*rSdv9D&1I?GJ&lhbquY;C<6sqZ-Bhn8*VbW+1DW%pt&wRGt{!vg7W4Uv zHYA$__Dy$QuR+vX7Dy{6AXPvQ#9K=) zECmsv_ujD06n9dT@)~Yz#{a4J`Auvw+`5->NdLzc{l6RFe=x`BsP#h&?4ql^+)!4M z-R*aRyo*Q4>a)8K0lbf|O-2DzfY54}X^Y$U&uszjs0YvhPROh+!-pS@F3U8a27FaA z`_P%-^%U!Zs_}lFF>?4$GB`1EdZzGj6_3xvrL+noEC}Oy^s>t}yO+ zQtAeZ&eXe^+(}J(^@&6BW?OFl)wdaulFxXyqe6?%KqZAI36b;Z=1O?gL36%bS;l7D zNBr7O#Zxu&H*de;TqQWYlux#4AQc{R+F%UJIJNqx$>_8N#L+NJk^Z3YnL>caxb+mc z?Cy3QD1JSD1A49CZi0t7`Pn(v`seN+prqi_j<1d*?qa2$l9(u-@3`_y;PN^pYJsx; z*s*pZMjc1ivJm4qz8zrHXby(6O95OS%ReFkyr^;c24h?LpcTAe)fKvp{-wz_&uIya z0$F%P3{4#7#F}ikG8;C%tTN6l`c3@=d{!1v=|rM-C#QdMQ2N~e@Tg6Z9JkJP;M@PR*8v=kBT zbDni&4;Y_yhhy+p^g?7aS}3u&m>ROdmE`&$H~MDyv$y?)6ox{dKDy9z1)CF~lTtqZ zyFDhs0A>=INc=j=7dGb!X)uL>@SHny2*w$Ml6)eV8d05LKS$Y-&LJNJD01anwz4_F zGkuAn?(8+Nunix3Ou7{1Lza74hQ>v%qzX*Ahe>hy?9w_nM zZA&Q46uxse?pww}qqico4i~k$mNH4w)=O@#-H%9f9s%oq1tREmFvJP*+(^hY_m2xH zCUc;J_15-@2B(cl{b&7{bY_L$psd zzZ2aIiSi2yp#Qkc%%jrlsEGj$Rt#Tvtg!@^Uzqg_$x4ZVR{o>!^%T#Zv zxC@QCgyHg^0ft~BzJ9haL6HqkPP%=4WJ#dFdzP&?)=K${t{qg*G9ReItS6YW>Nn9- zP6NH1)e04dW0V$LPXZXaO9nH#sm8cO5U)A%f%LBfF7MkRk+f6Shg32ut(p*RVEsVV zB;9IutHv^)6khgG(Awkox2tUwSZ-}6;}*-daFKZ9zPS4rRJ2y8r)Fw zxG2z)%%qlf=t`BMQ1aH7s~`|z8WoyB=JLkt4l8m*Wax) zznas&Xx8>RH~hAR9*3EJpr>_?JgASZsW<^Le@r z>7u_&NIqk~J`~^?!^4h|eKaI8Jy-cH7RR)?ilusaP4+JY4KTOs6mA#0$__UiFbBiC z=e#rGVj_Q_IO~!^J=MY~O(!EZ0$d}&mL#^2D>>X2LPu?X7v9$a`$5A8lD8vElliK` z?X;3_nG)!WmtO%KJb?4W+2j7{#(K)OqPb&Lr(lxUoHY*8TwUtn{hy@oO+bX%9Y}Ia zNmIRTKEO_!QSVU&Zv4Up2gb!Emtqc330n??m+rg_Hh#rrX;P0(S3GAQ||EwA1x@S87bzGeeQ1K(-e8n z#(SO)<8&+foi>@E>-&$-OBk^i#zQ&6E{9|bVKpr zD@D=a?XN{4n=_VN?{yee{hhPM<=A!QV{O1%O5i4RC#dtp zm%H13clj(UxQSJ^tX*7aCj%QH@Ak!v_Xh8nUY+#g{Ggj2+ks1OCmn!T&93!AN{;s%y!NRrTovemti-ZJhl*8R^3q z$$y@{@yRgYV*}J&=W!>SsamDg?1Z!?27P+GT~NSnD%B?M=u1&N8SrbC|Ku3DU)rf0 zE=X}=ucS~Pd$OyqP|uIj%Lgd#G!16;vY%Z!vj%dBa1K+DM782we$ss8b|zrCJ2C^4dbkU5 z=Ti1Pc;T2wVT84v8N`lqPT4R@2B;d$wOR|q^sa1H_ueg1Em@z+Usd~kD&+9knvdSz zIQzU!oh}OLAey{AZV~J$<|xK)TCifGo3^Dhs$W`pX$@U653t;diSwfK;j%9eBOt&u zuElQ)aeAQNPRN_gNJNL{|5cp-3*U+4diG3*Z}QVgBtw%4X1pib=`}t#+gtPm$7TnZ zK@Q4cfs?2*|2+zQiT%eVEqcn|qh@$0@^!}N^zqiw8mN!}RXBU-yD7`LcD_ak>d4m$Ij`3zR zwyJ^s-eA5*XP-RVoN=dA8|1dPM^$&AW4UjS_FI?u0VYcf-55lC+JS*_<)Fsq;>QP) z3)Z$Kgo5=pu>oFiA1O)YG=M`eM<;^K4tW@$emzzBGnw0Exv7QGR^HRyd2})oew%gi zSyiQ?B(F;6Pc-KSzMkD)ygFW5>d5dv#i}HC25}kU(0`Fk{>4_B_)VVjbn{16s|o(% zi2~zTKr!i=x&mc!S)E4mGYbmQ1VoYAmy_hZZazs^$Nt(@lZ^mFC|CnG2Bm{(-Jq!6 zoQ}G_9A_`|S{AKwIH3Pxo<==a*<++#KCMCT@fMRvqb*|yi0H^C0?ppA?BolV`fW<+ z1GdaK0J|O~Sr<*2`(rH&>D@t@TLs?Y8RH>ZUmRXW>RZuKBjmlI-4hy%YBC8i7IZ$B{(~ zPma#@ryOk@+bsCO_qdT#l16bq8Sg|q{a=aRy7S7k;b>NiMQlaoR*`p*8Bc?= z*eZ3xFn1+jj(Cpfn>#{nBLLA{yyX2d24umgn68vsU|6mBV;OGNV^?mK9gUBL+9}woF#w-5xK$#dLCDA_Xfy;h5ZB7zal5TNNyIeRr|?NII+@ z)qfA5GXQaaICg%EmwAT}=MZ+uwY9eCoufUC818lb$l%=9>sSf`|H1OT+0}bs%6KC= z7?ni2M;0GaLIQo;da@F`);w$RiJhT5ZX0uFQBJH)n@K&$BseujZeorx5D zA@D=sD8z9$LW-}oop8On!el<=u_Q0z-c`3ie*LcWhU7<**6iafBXN>wyz!AMh7cXB z2$>6OtuHon?VvVZR5rI`>^P={)l>V`sTU2u117DX!Of%v7EZ(#fMGrJVg1%PJ7%VniKKb zvlS<8cltEJUImP-k?^q&#V*r-=khW8?0R=sZMGr5WyklR{)exIDi6z~RuXYe&ZYGL z*{AuJsvYqiE~kElD&YN{?-Qk*`{j9pv?F|0Qa{j=baQ`}=(*TTMyZYz>U@^65{=x8 zhW>I^(g3Vo%N+moab%;JZ7P|CyOn?tI|0r4~ett+I zbNgeF(@ zjbi@!p^1j$AfQ`NB){N}Tsg>xRF0dw?Uq#|iP9f*s&;B!J1@TpF)E$__eg+OGaJEy$2LmpB?PI8^6x z(LP+}f$T6cF~(4y0)menS8r;3)Aak!QecP4we#kbNgh_ZdQq5+@%!~*jCbP&f%>2i z^jHTuL^~i>l*`EeMz?jtO|xZg%eC(X`4MFw_yxLa5(1Du>>=KE?CV5RX^##k=^M$m ze82wT(y?qQ5fA5?@9k+Uk6G$cJeksL7;ym)UlJuaim*wq$ZWzKLYm`;Xqe{g`T~eW zG+}3_MbzPuXOs8|z+D~GMaH!R8I)Xfu2}ZQISSsJ z^vu7ioOEOuHHaJ8A{n9g=73T9N_CAC=ZAY27m$=k9uaUiGd!YbUU4=}q34f)SQ

MO~o`)1Ar4ccAD|TQP52s@Ak7evx*GW=- z&b7w3{qa8CZDENaf>;r~Z5o3HT70%m)&;!_o99j8$s!YvwfuI&FiA2(eE~N${btxY z2qR7@EN&I}iNjQh5v@Y@FBzB1OG8FVXEaTkl}3I@j{{m(vmrKr94YYbA7wk(W3X?3 zlS)_(AWYp$1Mfe3yrgvO?AbgHlOTut!7TGF_BQBWn6*F$vI{mJ*wAb!%l90cG}$`C z%D3LnwD?|IBD^!_gC2?;@SND%f}8Ql>$;Dwe5I12`1NYeQzQ9MU+)*O#iJ%Zff#Q|(k60=e_o00bvF{F$TgtNhzT__^;Mi7z zROo%)t%TEory}QXWYA4@7pZbaM?-<69dR({3T4plCM# z2`gzB3^scRI*Dv?k1E(z&DpD*{2b#_#(VcEA!T#wz2;n^{veOscJhBf%Kjk=VK3FN zei>+COlzH%R|g@($G*mRuDO%p>|niidG%#&sF$g}<6N~0sDSt3Rj{3uG+i%$2_mtpt`;6ir}{)G9tij=$bw{>1VZZ1fD}krd^mOsXdWQ#>~#OLwfpkkd#T-QvkS zr_aAC@miQ_8(afm9n>A~mtheo^5)AmXS@0}Lk}8;fNiFRdKXL!)i>dT?E8T4()>?VKAd4-Je_DYloI~X6B%XX}Mr@=J&I~$$dScZ)RD
    G0t0c>dOn9eM z)yb1=HvBOc;{f|bKgjJ7DTYvoYc|i*QE)hkwo^m0WLL53e~csM`UQ#f51V1qr{!O@ zu#4BYTJKbSCOFT!-n&2+GIt27)g-Nv7FOX@fQjXiRcqVY?w|uPTRV5l!Pzkit+&?R z2TtN%FPuaU-p4Lf%amUf$lk7_ACa@uq@n#geHjNDgbGf@8?J9HIl%A-MSb+R)(Ka_ z360#`2vFDl8mGvG2>LEnBn*>D4x=>fAb3s!BQ`KT^!^-M1;Nh_z93EoTS>Vcbc2Bv z^#}cO2RXrLw%2#>ydEo-Qo0kBYT*`dC>jJ2nwPX4XxQo3r@QVJc##KZXozgH*r6}V z)&H!;!$Dqus`>r7O#Z8NkD_n<@=aEbBI&<76{@OYPM6w}@xna^zJm%!K^p@P&`+U3 z2bmd@#UpKq;5CGSv6w8%wxH%Iwv$Lqu?gOV0=*3pX~R3F8>Z-y0ESPO*6_$+T{d!) zR}A>7KBm6ga4_qYMJMg6nAnTlBya98sHo!iov=hdtcWc}%-u9JMemgHc_kQ6H6$6Oe!{V{ID z1lcC)d}s;fnw4#Ktq3|3*W&BH8dhxxBiz<28OlEy2$_L_oefzwvL0nt(EhK!xld9`Dwy0^IM@_7lKy_a; zZCIDuklWgfwgoQG{60C%Qvfo>(XwT9+v5x$Yv!ZeUduLpB-uI(FTG+aFQyJj?e8qF zJ?!q^lsFV-zlLRs_J7b#tV+u82uTvKVV2@~MX@l7(bEx!UHnoBj%GCP>F>)pbQoZAEr}wq* zH%le!a7`~sNdc@>zc`+t{+RKriZvPS2j5`q@f|0wPro+c^$OM83wNRr3@DCo=D@ndz^P< z*tmyB7J<3bQ(bwF#}F71-L4#=i&J@i8xXsq#admWe;*UO21%nvBUD0El;CX|yM4}T zk;FWGGj*i|n~>{G6sW9NJbh^aVEjlH&_*TB(9o|g;@)L{EiaXD?50ZAgb6=@E+fyK zsQ;2>W;SL?w-))YIqn_i)!6E}uiQ3U-3lE)9`zs)CGnmdXFwiA3Y zJgB^|I4Kon*~u0)bo~Vte1e;GHmR4Ckv6CxLO&HqSRg+>{AE0{cJpz;&0?9(ah5x= zATjf+fAe79oM(G^dKAT|cKthH%RplC7<0S_6G3$=Ue7uAh5wA5kcxCw8Xk^VHgESe zxrj^%xA9qhD5qyU5qz~7$QN`sDvkbld))z?<|{l35v}GqNpx2`)DgRVQgY=Y2^%2J zpsbddM8sOVa_@H?q=wE6N{^DjB9GbVt0-bkFVTw-XK z_|RFuK0CvbJ+|WP^!xcfDA2o@_s`fqL+Z1H8{Nv{=Rs ztG?0&MFh3ny$0Q?i!eLED|bZQ=|iFH{WAzNL<@1E%56U;CfwOxd$0@I1kFR=@oLX< z#+}MXs>){&Cv~Lw#4`uarThbE^9(d9zi!iTJas6jT3LIxMJ;reBTcAMDw>-=$h|Y{ zV~&BIJ{O$L$RR|_-LYKtP?<73nlLpDIyiJ1jY@fMdz@o1k4iALdo?zIO-sCNB4P1@ zfDGRcm;PQqRCQ-5?MwpO8oE5x^r>Tw(GNLuOv-H^=jrKdQl3`uLb~8`^7C^q+*7y^;1zmkD=i6M`hN^^x&Lr%%S|ns* zX3jOc%%55V^$*t_J6(Umvv4m|UV=XOjhh893x4Y-*^t*9uUJqA?(~CbIoq7Mw%}|} zM`jIa)r3Si{7x8#_F2USl)0)piOLxKvRyOAx@cWj{PG+lV+Ll~uwn{qkO>dJm{GyrjHAGCUrx`&0bUz>rKRdwQThBeNCO*X~aq{IYXZJgqzS(oPor5?;&>ZNFE?yUEqVM0Q)J;if7DRzLJ-q%H zzK503c}rqpKY<#uDZKZ3e{|$I4B^_-CNM}FAcUd+$V`8W2CfX8@y_L#2O`pY+T3kr zEBP7g6o(ImpRyX>(*=@IDY(4NuMB$P4i0QXQ+7Hpx@joDqZD+3!mdABAd|U=qh&`M z_726e46%ITyW|Ie89Y}3RY{Wf3}gpkIugesqw7ML+17z2=fw$B;B;xn~7iDi5R#n&aZ>u1sq;xk@D&5^Fu-TL%-3<~FA}!rW zDcvn0p)?3cN_Ps3h^>$;=t`|-hK07z)7>C}r(fRNVqc6pCH`-Z5Z99f@HPK9|2d|uKGTB-( zX=y7&Dk!BsX_BX~9>HDfUY0f}%6r@u+LkrwJ0ni?pgS9}m_51H)n|;i5apTV$5kG@ zH1DJFlTmN_!J!x?Cm1&)t#9yBrAA?{^clbg92{&!f!cgL7{;kM_@&MHbg|nhYZT}E zwkC~#OhfwZ`OQFNjDZ55<3|^>={;`m={tIKEqBgcO+3JNYtof!rgCVjAiwK5dL4Zi zE%&>DUn(naS&GggYwjWYgxB@DmT%B(Ji+Ein`h8&ipydN;d2t5^_wgPn2$$q;$=yx zK?{99&D6Yb_9b67BdPkbW&8LXQn=b`n*-bec^rhMp{JC%W=cS`iu+2YZ`UJhJzX3Mr?b-UTLhr^(iZOpe`9MYmo3b zeskQgStE`Au*5t%y8(w7l$5LU^BcYV5BalkDt!C#{`FL`TR#H7?h!^(ImssQ6dUp= z{+z@5{w$FPMRDdk|Cke`j5ZIsICk&rW4oWM#_Lpi?|Oec;>F?k(%*RYsms>0H{8Pw zz57_9LM$)EF9170*fTHyibdRwylTvivfa;uKze@d`Xq5WZA)9I((+Q%rr+a%`%%GBpxf9p&XFiX$C2{dNcrThF>bWSI&HPjSrnx@ zqYozzYpD;nBThWy#8xR5ui@2mA=e`Mv!6eCN(dD?qORktjke(vLOiqGwe}$yW%BQF zVXP(C{Qi@N-)RKDwC_dbt+0LN=M&<&KR(CbNQ`utBURcFvP&sDNy|yw^LIOPVrY9f zgPb5xC;Id7*7$B<16g!3Tzq@xexXCa5c3IY7h1Dt#&;HO%q;t)M!o&&Cz%X5t|_Aa+nY`pQ-Zz4v{W_k9X}Om+Dhe;P|gBB9G*Cp;0uK!ScM zcW+`}!wbicDf&HTHr_g!E`y=YsoXMPY%ZSR zwR=Q1c(3WT#<(8IJ|sgQzTeQ)(7O8x@!PJSjtdyhw&+B3?n|Ur=*#-JI{1rkXk4Dx zj=%24?wj5i=^R#ZrSb7sqSKGd;xlEOgdFY`$O@0ieoO|NfP_A!hzqkO;_Ty{+Z(Us zeJ|p9(~F&XQj?(Mv<9F1V_YNnrrRvbh-nDXnf7%sOU=$P`zWe0oc|VV?)$A+W_U># zc^nbeJfzQWlvrUPfon-!#4qUB{ndDF?S2HfxgKEdv^(?Yq_c{025PTsx^H!4N68CWS+>}1r#oBRIDb9IxT`&~{F ze$>4TDrVU&xHqWyvxCSJRN(`uV{X^xndVqu3v9rMW0(SPo%7vA&u`N;%tExZQDd+*Qo z8I`ovd)DpRUqN3rN6!i{Y|4w=b93W=-=x1Q*+39{f5W!17jfg7y;C;#Gv{3<*m;-2 zytjY|ZP1gnQNW}e7ILgJx^8l9*VtXFycfXul3Q@KZk%8^uj}6}V z-Jb?vLm_QvZqg5|)}n@-*KQ>l3`8|(63s^^lqR?mAqiyxu9d(KPaZW6@#q-|;a z!CW(}NfhpB>b1kMy1XQb^E%{W%S<*a;v8~l8qQ5YStI{y+(xsPxB3Kgmthc)Fqrte1$7zqww=p*GE>3AUBh3`Jw%6V(T_{z2kKk%imBZFX zK~9m~Gw*#k&tOv%u9HIUB6#G%zUV&pO=&zWr>t*aOCC9#_f_I6{gm2 zcG%|Ki_z(C{Th+N^C+chalHK1x{zXHq%G95@IU`anpDCi>&*)4rx!q^A=>^-w+g%b z!+L1To1+cV>9n+31am>`TT-slz+F9>K}Bx%|1df}T^C4arJ132zQX!lVySw3DN@NI zTZ?Uy<>%&!h+4|b`|E8gdllg*3Uu!0>YVUx%jZ4X_%Lqh7BE;*8sxob zJ7%DEc+Y*)`$Q)WKQxGB<>%cGiQ{}$AMxP*y>FNvInsM#jo%8EL+)wz+vKuA*Yv6K zt3_{kae~7*UV{30 zenvs=xyDE{GXY&cS^R6{Zv)4XL3(X#bl4X4$^%t*M0isQ$UVDz7PcI_wb zQY0o-jA@d&_$mw%_XShrU%Y%m(mjiUM7FxVY7l`}u)hD3ZqDcPYock=#64oh_A%Qq zC4$2!4StfG)8+w;%^)tXlvnp(*u0|WO^S>WKdIP6Oyb(UHe3lUeY$B=s{1V7Ot|&j z?cJTS4xRP0QeKzjOjQ#vh+d@;kF(7O943ujxWZzso5AV?=+}47`F7(h2dy7{9mz&K ztvHoBvg*;_4)tsZLLFMZ{e~=T?yF@;`|(*y&CbJdogF&9-Usm~0$f|4a_B$xbOkiX zo%_~&dcV?fpxA?)GdS@cz<4L}5t$wzQ*C!Q?OUe*;0o?AU#n5p8Ot>_=;-MUFyfc` zv23D*<1rDG2YIgZgYo<}lcxb(pI+U<_x^g9TSw1^Zye!;rww_a`K(DhA|1SP(Vzjd z43(_W1|r_x<7c@}S;Zr6r+;3+9$8#AjPY{oXHv%^E^9Ab zc~<=9v}qzYhnu&Ma~NCJ(`#p+b7jv# zJ+PRH9S}RF^c}#cJAogs&*@X%YEGfwdL`#{ULP@D&kW|h5TwLaTQ~L5za~_)d1u_) zFQR{dG{dHKf>#%Z331la*xKTLukL5jMgA>#_etzCtEiw1<9F~akU4U&dC+*J+|#CG z%Fy8X!@}oh50wrFDHkWCc6pA@CU198`4w8Zib$4I=9;WvF)(C}KE6PfXn%NYc{{14 zZRUdWle4L z&r$CV&oubfxE%vzWeeZmK>mOI?elOjF%IrKI5$zh_t+AN^=K%pZLsyuP^`01cgnRz zrMd-x8=<#Bz~mS;sEc}ohBHt9P5q_sD3|W_pv250R|e|$v>;Uqhlr-ui7S<(OwMB7 zU01?H%7K;WZ~TOm{v229nCo}M53~2I4Eji@WcDIqen&S6Y*WZ&sTW;)#PwYKye<~r zpAp6PWA%+;1}{fx;-@&;G+sFV_L#O(^CZ0OfQ%_h{#3zVE+VHE>`9pbW`_2cnO)-U zV3Ym37RAk^0Z6EW8@+p(aUCzGUv7>ov+~PyL@FR)N1A&|B7FaToNaR#WX&PDM&|7;6&s$M_6OSIFo-p8aPVZ6N?N-Wu@D8=H6(*Gyx zWTbE0d9)VH4%dmYlxD(ud)d^ZH0R87@XxGK{EdgY0OtIQE<&xvy<$5s^y!$FvDXh@ zp|o($&>-GT`-2HZhw8=m%5DY)0$U*h%f?bJ?*z{We=AYh-cuVBM;_KJ#^TxHmWHPq z#bi+8ULC>Yp$qNke$}0PG-S(I+AyurP zlk6R5{@4GT#iA)>GONv~T@Y`2)rbcsvd<%@Db^;8Qz8dun?}bi9^gTRq8BfPac2Ss z217n=(t_zAg%v56V{!wBp$92;74>=KBMD^=65pqCbfHnA!Zcbune_7qZxCZ^tsI{1 zzP7bX3&dFX{he7(61uSY+P)RfriSd!MqZq}Wu>?%@+~YXJ)NfRAacX-#L;%fVRQ?b zj7W4|7M|ue2qH9BcmFfrH0O{%cgQLUBqF}SxBTXd@v<}nMEU{MI_65 z^6?XQy2r^f+14)|u}<9$buj zk&PIu5Z)o%nT2s!M~8XE_Oj(EpcEU+gl!`cFWp_pO%xPI+Le%FT(g6p{146}Y-(|{ z8s{17U4d2N+=Op}L+9TShf1{Ro>&rn0xkjpBu$?@eku*8Q`@KFnX6x+NnrD{FJ`~F z*r_TY``0~*33q<+(%2ZybGl~C=TDlVYB~Ws9RPwsrs?0eKp0RH zFS#jy7FYKCaeE0-B@1qrNwxby8$8+{H+Mye!%ngo6|(-oPD^j>#^p_WKMdm|Cg-P? zItr1NsJ#!?x)(+3l4A5FWsffLVekvos46!!I55 z#-?D>0%nQ73aGsEWU%h8$N!>U=Kx?zObVO_pf3GIpvcwU6&YL7`^91nn~23mx1f7( zJePjpUne^dx)XE4DBiqIRC-N9LFF&7X*JT**i#SF4hI$5=q1^9_E% zcU7ChxS_?t@-E^H@pk$F{XnsHto>iI@%Q}%JhA_BRsT0vLuR+sso5f%Nj62+g@Ws^ zhjqoHwAw*MrX#6>msSz%$)gNak|3|ey90nXCQk|=7Kcl-~j z;bQYt=tL}gRHl0(M1n9aNEk3pK_nohngrjX%_h55!iXi@Y_9?~C0#+*q?#}B5?L9S zH;p?-H=NuZC)3~b+iDekRUP#MEfmrvR+ctMvq2us(`4cRwWznxO@}f0C}M?g{0p`P z29{X-{o??H0<879c= z_6+_5T^#bNA-d`oQ3U%=A;TnZ^fj#X6R zAGzmM!>)%j{E@1HXiInIKcPrF zzlnW#ZlZ|zu;ZWoeOC;w3wT?8C(;9p$V|1*rc1bACy-W{JaSaBHma2Ce)B}dho({| zVt1r1WZs%*4|7YUOD*uooC#8b$m2nx>%k%#z*It3b1xaez4T*LNCJMQ-{>3ssqaoN zlCcJSqR#vhQ2hRrQ0Ek}R+*6)($|s5rLc-Oy>aChp|Fi9B9$poT?%vISRro;S=D|hS#p1Gvwo{ZukZF0}AbOUfr(~tqL z5c*geE8^u}5}aJv#i&PgKP-P$%ojuF;;Z`dz*k9a1~vY_f0(|>b~Jbo2F2>`7J(i5 zFN(Ra9jVpgJaFamchBQ%YMSrxDu#*4sdIL+XO^O16^JoVqd2bjZ_1Y;li}B(;Qbc> z+gHi)GYZO#tW31vTzVRrB1wtZ>I+07P{aQ}%abNZ!-95O{Vlb^IEQ2uonip{NS|zX zPJA0U^w^r_Wd|B^St@f{L)d@4U_e@S3GCm~p8)3=@+kLX*DwOB71pG9p2yX*6Q582MrMvB|FV629hJ zBEyxllN-}=1+u(^VJo%$l#<@VxYKWrVlpL!*h1;3WK?_^H~=W@q2r?&;zi89T6X+s zP)R51L-z%{QlVqy<%)dPh{n|}dtOD^uPEsg`VpCykYV#KaY04C{=fV(Os0XOz1+Q? zZL1PO{S-2wIDJuS$%EERXvzg)Zj=;!ZM$T_U~^3~S;68X>U3iAbSR>O;_Sdg;UO<| zJ79Of(_V7qM1MGZG?khQ{9K?KI-j1D@Ojoq^_gU48@bGQcK&copnI}YDlGkrAWdrE zK>cG_`*J4-~Yk<=F`P(5ptCav1Uy_5y^2{gdeo_Hw$U#&tD)#D#%~sKeP{ zU!)r83j3N%sxbhU{tLVe8@QO8WgjsXk}j-?2Zo{yq({KcFbE<%vlI51ADoA;vp|vU zhbYZPmA_1gW8^=hkR6CsfDm#PdIQi85(gLp93JvGfKjOkOG7G1>~~VzcL#^uAW3Wp zkD10%L%aty46Mh43`Yzn?|%hBU#(|ng4GeulK4+Naz$@8tIC^tYNoFxlf5V^#(kkY zwm1yo7r4nkY@A;}%KhX{0aZJ@m#-KDeuKF$a~Q=$D+Vs@MDWyCtNSs)tYKdV+{b=h zR2MYizcA25s&!bTW(YFbZ52T z>S=q@?b#C!cbaJ(19N2n?Dejt!l@R`8B*+$eW3J?OiTuV`kpQh2~m-N*aOsCo+N2U zC1;0%YTs3^70_NK)BjXGD)SFT*{%8VJo%uqjwrh*j`?Rh>r0?6h}a9$;n@YO0ou{j zG6`P6nMTH3BJ+w1^XpJO_wk9U@)P&>aN-ARwkPY7vi-6=se(OEW45p|vfZhHgQR8* zNsB$TbHljZb~nKI+!!SuqPHP?9Exw zA@mFFdr%Dv49cvq*r#Ku^Kc?1WhhdyiikhIDb4qmtk_*JLU5@580o?w8tpC@S;>@ni6Mr>scm(ZI;{Z{Ra|*#sIIKXFo_I!%Rl09;s{H zwQT{ehsG@*YJOJLe|`^h)Vkt?39!(CkNjo{sc}WhgZWj^Gj{PMhPSv#YJRaEFDRh- zQ%_}7J_TH87vSQWtDj1DERR7Yp6$W{t^%=HA(Y6q{)^mN;d?cQ-7sc)b3YF~$uL9O zI#Q^*@;fvg&pe6=OmQ1XGvb;W#bJ1IE;$XqhQd51E6#L?rn@1xKIeR|(06iuC=Bb8%vqZK0Ghe zc-!AMf-^h`Ff$3?3W8$Q<&y^`sq7#*^m-231ldb+vqWHrBvzRZI3*xOldA`*Im46L za}hHIjPw627{WC5kwH`*yr~&9HX9Q2(vljJuLGyoS=E~m+{h?XugHSImzT)BztYuW zQIK)~%HASbdQ1heGqJ|az~MBE&w^VWGJfdt*(jB=x+L^yO+0@Mtl(F^&I-Cb9s?>- z0TSn8lMes@Tg*e1fi3_rvB8rXHGXwLgeSYmUEAKZQ$vvZKj$+jh{a!Tuow1pBRCY$&QBMp833Zs9k%P^#28p2DdG>^ry)L z4%g@RQSxzSt6j$@7RY(89UV}__YTt@1$-f6c#!D|-W)~Fc`7kCLeRG8k%#-8didqp zXGCe&H-A z=`9fGr)k;`NQx9PMlXD3o3!BZ;&(7ud4Byqhd7`2S1Z{g;c14Yv&cI*nZAex^!%dP z>96eWe7!A4qc8fo^eORUgX9NBG@*vDAmOXle=Gvz8L6>irY5nA2)c`H$Y!-pn

    J zvMwxt?T8sckbp^G91Z3pIhxd}i`pWEzK7uKSh^}?5XKjk&H!FS88Y4l#s#Irb1K3Pxy+cL>ESd?-5?<%K^*y)4SY zQUYg@KvN2%Oz>CX$0JHcB0^fU2_ICuCjMbdkS$P}lhTLX(-FBocYs?COSm?ZXn zdP^coOAy3VUUwTxK*UCa4hf{Ox%G1!%WhM$pzp1WHYoG~4?9}SfQI}(%j$FSN*<(D z+#u>ocT-=68);4w!hjD2V?O3rtGWvkkOX3Y!L$6c2|F5mo`bA&`B+75qoCGE`yeo>T(G$(DPe z76p}{xjfRE)GRZuB(pc=2Z{k?v9Em?h%RaHoS-`d7?RY#|5sqVuT#v`B>25+Cd@?- zwm>t8$xlgzVqMN|u;=ra5+dR#aYH!qiZ$KdK$3jXyJfuCch@8EsaBRyR14t2Bza#h zVRg|y9hj~%RLCPqwMcNW)ie}$At*)#5Q%~Ui}uC(VX}JJ$N)iBlr$RbpjfDj3hQv? ze@rk?1StgRJN!h3ea}GZ@N&%F@sneXsmj_(Zm8s+OynPw&KfCx1weQEuMhsB&X<cPV<|w& z&IG8#WOhn1HwF+>ky;36HSyeZgHOxBC=&ctBxk;fj@)^7ps3|bilH}J5lGu3^%ySn zwTFu6A2R=6uM0#SzeQHr0j^#RnG1kWXHRJDt)qksI&@Tr$u@%atNlRaSvgLF$#LgM z%KGolV8pj)N@G!{`V~Rx=DbL&af(+>A8APQssK8JBN?dhVSI$0xrEvgQd39cQm)V< zR|K6(;g@Ob1b4+#qiA_ClmhZH-b~SSrFUpXkQ{1vT~=r=^v1fh9a68%Jm$qF*VGlO zg+P>uvL1@H;J7G$ru4X|r>3+LOH_W%o48RK|>nCHVFtG90^{qK~8vmWn=2+QP-N)q&-1_F%w!n=M?F;kzC-j`+7%+6w5 zSudfsp?1-|(R#v8|FktU1!c<(>Y*32`naeGaX=>(Y0x z-^)m=oB@#;n%?ihJ4w;WV^YhF|EOJ(b6fk+b+$;uYL~-}#F=RMcl|*9!(D0Y>!rFj zs3DW4rN`>EM&pB0j&!LY$oc-+BQz!qd@Sd^+IG4n<9m_yRr0j0O+Y35LG}fFXyBDx z0dq0!G+kPw9Q*Y(u(s2$BsM#;qmnwF6eK18)2H)}ju5234!syVtBsrw%q%3xeEJH1 z(7A#$^obPU!LMXKRW0x>rec300jrE=`I|~%{I5+vN?K}Eh^d6&Rx29q8-=Y%T@STL zPh#zYOkI$5t=h>6vxSNm(=;8xgqJf%L%S}&0|OvlK?w*Gm@tLHXt8JV!+;<@;mRC| z5G8a4D5F{8n4K0DXtu$sexR)fq_@k)QXvT%lbS6d57M-B<7i%!Rl3Lt*ofQF^;IS4 zR#o2j3h6zUq}87;)S$}^u+^{)En=-F|ET|cbK|`&{{J(3$pKZ+5jPSn1K@OS zL?iGKjX?#~j`%8+5M{c1>8vvsX$ows#bpr{V22iEn(2QulX1BuabL>)KT3f0 zZxjPE#o8i~C!ellb+KNI5xa`@AKe$&hc!9<|->l`kLQ75@`!>pEe{5JmKO8>ahW2b692`7-CwTkL;ya#mZGUO) z2KPXP^(Y8LF4#&1FSvXFn~2?rMt)SEEpao^72PeFRA_R{DNC69%dLAHnZDR+?Ny8{ z29r2<+#+wx35m|>~Kf2mM%5I;-yGpm?zntAe48u9uHaV}MHx(2h%CdasdB|c6C zLWBE|mF!wE@&TiW$o*&t{~bkW^r=G}ErXw<)lpQkZ()LN5@U{ zD~0q}GLw_FB+^ieg(M;yO=2*TO17l8C3NA%5!wey&(~D2Hn}%v!1dDen&OnF|N1z% zHn^8omUa5Arfn^z8Wr4-<7O2xMNE4BS8B9lkH$)n>{WpqF*{(#KWK?_-})jxHXZ0q zh;@^W-hEVv!bDTWMUnZA>bQ58G%{A{7hzwN6e({v+U>+l;m2)>K97B!hmqNDHn_{i zl!y3a*rusvALitT*mLKsr$W2e^z-wXNz&SALN*KVg)I$!Fi3`|@rU?J1hd87XX04G zj%;=?Gx82>PJm-jxGn-g``F6FnK53R=OPaGom=4MBsLdQuV|RkO+{vFq)JU~IgN66 z`chNpr1znp^70&ahnA*}Xu-X+R#Z5C)d*o*Nn90h=Lk-xH|dXI+$n-$nm7NS-vu*= z>rJ$d4(44A@NW`ttvX30`LQ{sO2jf6EN}3z_n~hSD|$U&JKJ{(fBIdVBrsNMYSUbS zv~>v8RPVV=|0@dA+`1M1a&cC9E!y0@C?OLo1+5w*68Kymmu$jZa?uK6g_)pVM$kq@ zSo(35ek{9M&kon#m%-NDPAs=)O{+Qai=3B4-6SvuLJUh4uAJ;sxw*U=jLm|teMPw>$8PH>4T+=Kj7i50nTla1na zKc(RWA$IP6zt<(u&*ukUtltx9S32tJGUh`?JPpsjjWCouG)wWhgxVuM2Uiv|G3y0R zaT$%+a&?(UY$`(z(He*2GpQ(rb&m!J*6OC-KNqvRoUo`x2qF+7G^$p4GInB`C=P1GflHjYpqo zvKVHqlQ_I@^ib{n%To)|c51!hhlnLTqcFDQi#o&drF$Ze_-^v%n@r_$WK~P4IDGvX z$bjoyrxlIJ;s|FRZ$gM=ik5wYlE7Q-)5`0B>`oPjyJx*Owi0qVR-2%vJcc&^$E5&2 z(RK~2L_KYhV1(R+`&JLfOYoA2i9qgQG1hP=&G@kBuo{M0bVeSB@N6#kvx`>Hh}}*M zN-8ma(bnzdjM6^QKWf47MvI22Qd+-v>C~Bk(h=DXt2x`TGcT{L1s9dgOjg^0_>9|^ zecUH|BeV_IWYF!wvYdanoxx=6?M@7z?1kk50$mosNA)hND%+Ip9&?fqWADzSckHoS zTh!g*kQ3MFM#&T6_)K!&NFQUZm<5+>GUl@bH}%tEWXD!$vIBPpgNg(G&q{;_f+HKq z6kHzt!P$&oyJ7RD`O5$U`k|n_Greg#KH79f7bDXfgp+kL7}Zj zovl%SxsmUtffeu}EZ~nYU5{2F&m!!TAX?i@3~51%Y@K-}+gE-T19Leob1^X%&hp9^ z?#WUK(G-$BzMOAy-Wt0yEvx9}QRKYDo3SI%`^F! zx^OX7!WwI;$FnQ=1KPi8M`OP%&~S(dR)WjL>OG63s%b=`35vs(s#ang`~iV#T{8*X z%pdMe-ER%aV>Zh}MQt1F9=Wj>`pZo|g?aSN(!1B8c~PnKqkd4cza*sR7%6pO`PKcm zM%`vy0mgjInrg@p%K)gjPRVObN-bt45z9fhvBiTJ-RN2#j>>!BuVRcAJhY>A1L5Oxi~Kp_lhuy9Zs9MjCo1tmR?J4D#y{63~PvrvqGv4 zGKxIw-63M&7rhj;tc14tFFm3NB&;pw(%ByZkGNY7t{of6M3Y9oj6}^2h~%YDHrKW{ zH#aL&SW8@dS`yy&Caw8q6|O3A#p$44B>N-Yg}hGNR(9A84C8D=4QG2qvQJOW>CYi2 z?GJn#myUvGNPhAvlUAl`8xvf(C6K+Td_NvT%iiXZOdyqJ+@{Al`yNcHuy5k2(q?%v z2I2w9|M@eDM+MbVgaW7tKTBy++;}jZoYPYg^1Y)yd*5d6oI-%Dyx+&5*8Sv#6w76E zD7{UrLVo294G&92AUmIO#5E07%Ebg5q7L-@ZStza zHYbTjO*Np7Y$t3ZZ9HvAJ^L+gGm2heYXn^83iMl%y>FV8w;vV`Em*5t?2%_%3*TyK zNU`?C_pNp7Ws{>8>(`eJru;G|Kb9H$XhgG7;7*^a9gbEQ?RF~tM}1k`qyfuORsQtr zZpm-Ft>TGdIR_V*KH^!R(iCd)htM$0_n3RInU)5S=~rZMa+5 zmKkC88Tj83Jl2+VQ4|FF{i-m13@XLci_stcrH`f9A%PWvmzq?csGu=L48>A`xd2zA znZVR7LMr8%;7bokFSUERuZA;jZ|ZkCG|(rbGzIr;`89;*j{49;%n#gq1fYM4o*gt_it2o8j-alw# zfev>(#F*)xdgU@~6D1mplg<6(PK zHVC+gCyV<#=_&onvBd+Zm^G=8ZNu4JqoNjjsp;wV7-_HE;u-WrYNDU<&c5c9jQJZ# zmjAPC3a@2d2J$Eh(@OW5XQqiv903d4OmlAnwW3KM`^AZUZ+B${&pxEB?Jnu}2tT;q zXRM~NU|TPIFyk^v z*_8D+d?|9rA)`6Z=u(3wW8=#umt&O^C%jBoUGCYf@g4X9P4=&{G#alVkLYgCGa3RQ7Lip!ufQ__*pgLX`)GHm5t#qsC>m5PSj74_Sf}$!T{AJbvG$sS5w~~k^+~-lk%h55X zi=d+zAAho#{kK>yAlDpFHwt|IDkB@l7oB-y<4jc|R=i23i$$kBRLf|MtRlB5th7T* zT$+bFCkUzRi?FbRX~+zRj8}CK2VxBp#|wt}4KkjnTOms6rZRTEw<=jb2tkcvT6m_F z-#)cAqI?1r9RXt!ct0=L^S;asfcUbjeyJ^GV7^ERE>%MBzMe|*h4>NlXiVMpb>O98 zQs67BKXna-E&)HaG&J;CKWV7vGCOc@iE1>Au3hFn{l+3T$KYmAcHv)!VCr}@4qW}s zW}eqraoHqlo|bi=UtH%&sbYi18ZV^%iwz_UX2Orh)A0c{}3*1Hqd>WVBiInY_w5 zgK_DhA{J^9g>YuZdH%URP>IsKW(0RD)~z?1`1bg>PxRyj5A7*8w!}qHRd3RrCmYGk zALry|MLb)fkZz0!tG~P*NCbd2pqP|-;X-@AKE!H%oyVa$ zz%P``gXNhcEcGpfs4^S-P}=0-eC{Egnz`M(0*+@G5U$k!aCunS%SxxOZ%(l(TYUB@ zSn8zsr`nO~Ji0Z<6d+PSqV`b>Zas0eZ9(}T@_P{)ZfAJJCY$6Q-BSf2-qK)F!3 zwM9Ntd<2XkubRb_;b;P1Pu{2gdyF_ejYd?2c|>wqhqCphVDR)Fe~ZMKO)gW|j(iBA zyi5jJsbOgYkx#aFNhoGJJ8<^+DyUIxxIA4}7uv}2(auVJO2FVk<(_o4k`HMcFj-g8 zXRX*ue|-!ITR2`R`d_2`ilAL}$USKu{#&2@DYT5bi4Y4Kt$(i`SpQ{=A1VTA8f`~1 zNCY0>-z!l54sE@Tb9n7$aDsT9x!s`gzC3ku#REFeq;Uo&EyO-|fAtNQnB0Whn2T5_ z6)=?>C?Xz+yUk*5Pm!s~3Jc|LC9~4mCuj`BA=~x7)2^&GD}P3drKlAj-Oyu+gInZd zQV%>jEcVjAkeK_nT@qsV1pdfd-nBX*s4|VRZIpfYE4vJ}gcAtW^uU$Gd9kt7;W786 zvAB+kBQ2%8%kM}L!$AI#$Ee)Px^;ZY@ToZ?T}-WgPs4nUsqDZ1_(e2hspF>zV$}DI z^bX2x1r@(l;A7uN6xBX~!$eP-Ste2v)om=~WGw_)X}y~sAF>znvd~*vkE~*-n(asL z>*)V>fqSV<4Y4YTqA-Hz{YT5bOcozOUS!_j zkXq`~jF&91TG{k_`4q#p*Nb<7p_eDQv&2-jpYU|=*apJxHKWDqnvlGZu=ChFtVz*Y zL9xc%-Z!SDoZJdOT|&{|c4G`v74h$yTYV66_cD@?_>G)6FDw-ef=Ts2@W;}0;hxv( zWxsr($q9W~g%BJ+U>PWPWP37>yy_F0995F{zV zz!x^BUj#WI;-xXC6>F`AAE$j42a*@>j|4@x`^tR{rOEKZ)l$C?aHQ6b1f*7d-c!>4 z0;i;{Z}-AZ;M%md67us0lE!_Zp6A=l_z7I-Ykl=d-{?~OPG;YDM{>=ETC%3&9={US zF}bb(sm3@;>T_pKLMmS0+>SE=7W-)YF4w^IqkW|m(}awozuXEz($Mh7wu~^4jvFM4 z>JE0fu7Q*igwMdnyuMEq$Ab&IN1-S>1_~1odk*KFj5Y_=LZ5RPj6A@AZ)Jfco8qDz z^T+)G5T9XfDrx!16TX}6ifW@FKG9F_0n_Fmt;4-kH}K7^O1TQ530${8+f)oA6PWqb}{=Nyp!@S z#n)u^hci2=&rgBGUC$Zw8`J)U;w%?=OPXCOgDlmEui`zHNP~?{Vk)Im68K~`WIV)& z$R9i(1R+H_z+Zpod0djt1^jt9uQ`Ktm>r6j0^@pKKs`pyIIPSh44MJ_y_QA7E5<3_ zVc$l)CW7Wy$b&^_j!0BUMsM{GU{+QR1?aiVywBy?Tln;V--2`Ke4qIC&rM|f(`mBw zUE>A99bTL$3jN34meFLr$%$Hc{Jo||E^j~~^rYG)CYAo8tU-H@ML+3OA5q0gGipm?7oMnD$3=q>yG5f@Fk4?*ZVFO&Gt zPkI|Dtu0zudd9NR%RjENjHT-hkCc7ONp%Q*C}Ooa?7i}F;fTnOIHdbEddvOyx5dKw z(Zm`&@cng8bu3L8=&cBsF}%jOxu_`ygav!xVNs}axu3$R3VJSgt2y#T#IUZsK$M1& z<9JIM_6{)gm-Qz0e;728n8op-jbmtD!$@2^X~h z6bXS(Ojz)KT^K5eMv`Prep0OK$c||xcMtD124)WGM|OiG!EWFebc6lBRc(nK`gO&~ zq~}oG3CMbt+qh$J?%RY&hV#?dS2|j4q7@6If2&S3hu32pdA>P=xStRN2M+Ze`kWRb z(;R*1>F&O6+GTf|IGQ_!d}2C98hNCmGYEYO?yAYD1oNcc2>!0<7ke3M;;Z(fDYBL);>>UsAnu@AQ1aS7X$ z;LnryaM}LQesItVv7-YW+l7lVkxzz#UCScj$b>8-{PsGRcQG@k|C)J$sN-jGy?K+R z4~M#6^GtMiyk=V(QQrkBe>~=p_LsNYa@`x86;PBMtGM@_+an%S^})?fTD0_hHLb&Q zEj6cZz_E24Q+LZ9|7evX-DgyvdL@yb^w$&4*eIwNy&h}YNSc#Q@X-H&1#*7yK=svQ zm4o(<&(7n}2j|@m;w1zhKT6p}Bht>ga}13<);?&T(_fliec(1Yy%_dAt(iA0tVm-3 z@k7;3ilPlRt=jyvhHh6yqB)GV9u`H4s!*Xb{I5Uvnv~sc$3{BO`Xvxq(YfjiRDN1J z=Ei?QwWyqK46^KXfmPG5Gh8l3C4rCTSnk-!Ioy$EDPD{={%2%dWbWqV=8>MrOK(CtaYKk&rVgk}au;!PqRK$bd0NFd4#%K@ zz$_w6ym-}-a1lIsC=9noN&rRI4;q@K$CzE9F-(4Mf%525b6h>kgGTgaf)d{SoC_;m zMXd7AqP>SYEXz`|PJ7~WX!)?==R=pJVZ^y@n@lq9^;AI}mVRO2x!31X^WX4TM6 zMNoz)#a)a1acq)DGWF;YJgCvo&M(Z-r+s_JKhVJ=E<8!96o{~4$B?*d*ioq7S}!~L zeX_ZAu>NMO1TH4kX}7>UQNQOW61#wT0YjKR5nBZjk&c!vul0X8wC+F7dnoFt6)c!U zOz3?gSJKqj<1Bi9|2aKE(m*!_LGy}9b|)^oQQyCv+fd>7eosc4L-?jd3BF`@--~CD zop0&F zY1m)suXJ8aI;*#!eeM>;mV7gZFho(KqAgAgRyNv@y8$p9cq`=-Kg@l^qR$sukUDj@F_eO4E=!-jzCkj~W<8XsGDVfgb8se(6I|E({-D)p zjxmKF`QGFz!k9@BoNj{5r?}@2Xfo?E5J$96?${pCDf&B9{p8uG&?@!NyP=J{fR*&p z5J^kkOc~|V0K29+TH7qF@>EGHP>sS7aJ-2CT6ACfFUn4j`Pk-TqIEyl2r(S!2En&P zRk%Xk(8lnxr`#CjYmXVe&UoaEkjNvietj{)z$m;ODAly&$q&ES_v8AITF`yw<@2eh z@AL!+5R*pQAmzRuI0WTIRWlR)Ws7R*>IiQfeqSyjT~8gCJVT1Yc2oR)5Q;8$I6m_oLf}*n4MhX*RWZAC~Q*X zF>~wTswTYC6RZ2xwm%s4`Zx$@RYFCC9*NqaXJ+^RSaJ7dop<7BZ7IVxZ&URo`zu}O zi|Wfh)a`zCJ7JOg5Ngg?0uR}$#c@SD((lg;9ALFg_VI29p}r}D^`5YcObN0OF9`sh zp+DHl+}T()^2_o-5=vT~a*fvYT-1s``XrZH)gIuRg>1?5^2kP=-NoE4PPa7*o=ZJ- z#RBowQ4N8bLf~cpD{*meqoBV5&F4$H%3HO=Fus=~_*=TS)-8xK`1#4GvZ?mLo8+@Q zntW^V9zUGF{{?L2|Soc(84h%)4W4Fv*Up8Idho7wnQbX#TFZ7MYB1Z6>l{y zwT(WE?x}Pzfp6)GCOywnsU@;Z^7=~?XClmpX>QoLo>~silzsBRLHHgKGC;ZENq5o2 zA0Khpn}0AL7cAB16~h!wD}1P|^TO`k*==*8LZaI{g~9U3u$rF5_&B{}InBLepvf*_2l&qO zt4ax4pK0hSUh-CcSx!oMgFBg7%u`&wiK2Kt3T22mQpiM)klE&$C^<*Kd5lD+&kF~% zAxw4U!njP-eg983H)ionGKca>^ecWQ3<=ys)7)mX?aH3@$)c^+5oFQE?YW^j(v9;$ zUU65R8>+C^rx_$3jhj;#_;|k;j#9jL9*T{N4e~&_$9tZ*u-yv)$=a2f@)~{d;SXF@ zIzdsQ}8hq)sNd5mPdkeRyx_^CGML-&9 zlu!_m9=bsqX{13~8U&=f8>G9tq@=q$heo=)yMKF7pKqLV-s^h*0hrmd*IM`Iu5}Yi z>&Hu=gkon@u{(tM+l7F1Q};t$6_5R5?&GP7M9ogC9>9`S*WXYS-bA7oBm{UWY<^NT z?5Jk&A)acz{?%!K9Tf6u(6?A8L38D17-_g-Xb@b%Cd>gW0PlH(MkKBU4#^;c?i#&M zb~J_JC1vI>A;ijePX)TNoI+b&|57oRrQrz%=u*tvy{vtHZWMGH9_)NVgK?6lC2Wg0 z#CIg}UJ6z)s}ek(MRzuab)M%`qXPiVyfM=IoCD!x3M57S(akXvJgPa2qIz5tgRW&u z25*!~zF3zC$JQ6#dLku*AU{zRboe8(ZGs2OfkXHJ`&vPLmEXLVl*esAaY`ttda+S^ z9;Nh;Fn3tQ?w-9EBjx`s+QR&lvIljYT+dCh@Chq|)$p>&WW|wC$z~hMhsm72`WSwO zDXLi$h(>r=W&QQ^W9;#;+VII$gHRVPIaVvfs$&QjV{M3z-4;DV$B!J`ejlBn(-^r@ zgXvFai4Nj{G#cUn0Q~r9&=_pJGL>*ljee3bohWiae1^o&Omha z>I3N?$t2)4mi}9G6}2xi;8$%T-`5mC25Vw3g?)3zr7k<{haLOVs5x<{_0p42nZ?>W z?VpGaS8V8O-BxVy?(tLlhba(kN4mn@uCr9C9laaQ5Ir9H?9Ju7eznA9mh%BnaRt4r zh1ng`zqgB0?-x*4!X%c>Wr3B+5ulcyrVSNazQFql+>|JQvH>}8W6Q;**GOCkf5n%7 z>tlZ*ZFwlpB+cv9%~l`K>QQn{^%tc;d>&PHnzt5R&Fv`~&&RW30l0_!3N4>}5N@4nD%`Q)wp^l#CfR03|=$A0-z zm=xz7#Bq@{8a z9g5ol$I3RyqtD9jCqSSqt_F|a%z@2cF0YkV2USybk}5j7H?uZ%4`vOZVy)(Mhf9CuYkzs0qu{;I-}Gd~#XJCb zLez}SfA!gwM$v$j!VBRA9Q>G*&g>00jAYq9?3{9BN%>jIKaYnBkm_GOzRLGFO||W< z7p7_2=1zEkLF#Lejr)mA0CINX4RtO}MKz9n3Tl1a=B%^oCfm+)y3mdzGZFV5i2e^i z!;xA|i?>*68PjMnw<#Te^(AUH4iX*Yx(dv$eS`_45@95g7e5M5pT^qt(Wc%YI0_Y$ zXW$-Kn`iEbIksJy6> z?KLxwiqiEd7gP4m`OVrPmB?!!gD5&PPBBe}e=q?f99yPp5s7S1guAKR zoziY&z8=A;R53MyC`E(LQQsEMw5(;1hK&|RF@+JP(pQ)VeO(X{hq}5~x}B^*YaR!D zy1ifMj_)&cc7j7aDOgAHwflHrkT-q>hj*pP=w<1jF6@>#mB8YbTDUlp<80s0(twt( z#nLK&QD~PW9VK$K#e2s@;Mq-tEk$OD6Ljqd>BfugHEz(N(5ED`0YnwRJ8-?-r6=kjk0La zUcD3EP)KOLJQ+l7pmH)!`s5aD|A5@4?X#b8PKd8jQYO*v0lcyW_#X&LHElZKv>8H7 ze|s%e&vkBl$7IZ}#|)l2igX&hJa0k=5D1Of>Dx(V4MOP2658a$RM87^4Xg&#Yllw2 z%U8tq{iM4-NO1BuT~`Y6hOiZ?`u!ID`p0#DZOvRC@BlBV&aM4|@4Oj4p;}<|T`7;* zqn#zM5WpzHd)X;`U0pmxLcdV=kuj)~F9Ka5!Wv z?Iy?mp}7Ob7YXJW*6wUTS-f`AYsRmWDE9NxmESn|CuxQArmctGvLTp^7~R-!Jbg*D zQ3A7xSCZPS$Edm-{!sQPE9Tx%H2C5@m;HJpZzZjZh|m(xgq%&)e<5Z;!kIhbc)OII z({<;T({`e;qaE^S)H$4SkYvTkr=+EID9m=A@P6dP_no7T)uBsj^H>dZ)oN{TgA9U~ zghvA?c0#z`T*}%69fP=$2~dWsEt?qFiw=~~lIlzm=DPN29c(g5LfEG~KR{%>fRc(Q zgWvGV&0|Olmi-_m6A|cqvBn{qikR2HZR1-rVo9%^@kqJM#mY}gOEeR?Dyfi9oi++U z`~Afs@eFS)C0R&;O_jhJ#0$~j01Jgj-S_`SVHB)a8&qQOLp*}i-u)b!6&(|9cN5%) z&i0_JmdIqmrS6cFcMdl7gxam>9r45~n#FKOC68>2!8}sr`#^Cco9+$8aPFWhD>U_r zXNy$Bya=|2KVb$AJ5M5L>To(!E}3$JUQ=s?x9b7N%%gP?As&CH7-6N+<#wtilC-v| z8ry2G(R0(g+nCg|(3%d1;ajvexV3+rNzwcJTqSw~GZ_Sd$-tt&o08Llx@B&ojA{>ft*)o&i>sf0PRHRs~d%UQzuRgJ2mPpR*9(xfIHVF1%+ewAWfCC$*V4xJcDQ zQbb)(bGHNfTD&-DJd4z-@R>LYj)QtN%1$39mgS&q)7%NdC)USBX;1GZE9e=``e zJHiV$@RWWEcC=IITq1nf=5vN}P~--JW30z3aeWJDF;fD+y)~bdzLRSG2gAYU%k*Kx z4H_B{D1cpmL4Z*+WK`CRI?H%PN>D$`%Cs^MN7>F?^(i~R+_ZWTx*j+?$I()^+?>rv zeE0c&*2d7gHs1B;tkN62m;+`qt}cAUsCgTETK9e}6AeKG3$yV?X$KsLdq&b$QouB; zG~wcUv^=?YB%Tmqk&V&|4(` zXpk5i-H-*?alprgRz)GUnQW}Hx#WoVUM`0kK#YwbyS-cOnFS~>(Z(p5tzSE3pnD&L z3{Q%T2%=;ig5SeFy`iWkGl!uSH$Gy+PZGjXJV54r*Xt=< z6dOWwW-(=Y<}4s3_1!niKanENyzbTVk`jEOc6=3WCRH+tVOwmD;-HbYW}N6x!05_4 z=^S;`MTnjh_ess9d{4M~fc7meQ6~xGw8wfo!qC^N@ux!TgPu#%mYSDQ54?9NQY1WJ zr9*TVy%G3UPw@sa0&)ks&5eWKa4fdQvPliXucl8Lm59dumT7fIBAZRz&(=s{UcEH^ zkC*$=7qi7oiax}RUJIN#r=1}1AD&r|_FY-@r^#EKO+sk5k1QI{6-^yxCZq*-MJ&2=@C9w&{;6IX&)sD)I# zKj;ddg(l;*Um-?yIn-KRUCVB$F zWv@cZnE|cYsu17aNOBohMpS@?Mo>AwGUVcHYQRXonhN(kW5cOF#=>FU_y$HeO5oUG zX$+SHgqDVCKAD*)Ye`k6>q3$j!5L?-*n^V&yo_2;1QlilTetJ=T~Jqv0fE1Hs%Jai z!aRKNjqW#y3@W-z5g@4EuCy@&&@M19a}f*+E6sH&{A z&Mriu6jz2*Q2!!-xtLzSYo>3nXs}7R?P*DPN5FYA-_-7h*mz74*3<_@WIi&)I<4~s zC2u2g7)<>wfD2z29m5s&>8I@G0kA9|AaLZe4NK??Y@6T2JP@fI95_d9qG|Bl!CCz% z`;PM(AK;%cHk;1Ar|N1j+|f_3$gLh(EZni5?qW9b(1e6tA*9~#T7pie7PL0OO|6TB zgy_+vjIJ*#m=rt*nG`+02Q#~U4=I%0UbDQRt%1Qxbo@9LEp}p$$mb;iIi-B3S56H~ zfYm*CYO5Sqi6dUUrT-*?EFf%xj@}ujf95zaJ?Aa3#S(lZOVRUC|LpFlp?fkoxi}u9 zF-RZ{ml$jxj@wY8DJ=e`C3$a|PT0b0eKTTxk1vWyTeJ5$eOhFM$VSK}P zP=HCscxgV=YYHXzd19js(rF9AuJarj_q~NaK*`a#`;frq|Ye1IEC$dqSX>xY-a^6 zC-$dvC?edc9>p}}9C~Wo*M2@1`*FP#&h11FuZgu%IlFrZ)uj^I>X$4hj_?G|C*8U}e2zNC# zAc_VFzGLF}f=+{+jHcqc+7Xsd2s5Sg3FYP~rZ{RJ#!NZEW~ZA0#GF=XYH=}`;(fGm z#Vkj5>;fYLbM!QdLr_YX-PStq(3&pd7kkw_B5CqP+qd~q6r`5nl?S(b%3@!4SOP3h zk)-$yWnj~8g`(o}-A74EFjKn37H{+XU}~r|K^inVyCOinG;np=1ee7KZn0qL~cWP!Y3!ZzMG_!X; z8cs;pL-j9w?jv136c>5HUyK*xtfH)lQgE}_aOJtYdrJ3-YANp_YF@o^ zQtzbY3dU(BYCi+TZ6E5KYGb$M@MoAO|BvDuPsRCXclIc`sFPGAmH#a2wC=rtBR5f0 z0!mGG`u`seh4Jc?h5^Bn_Dk&pZ>Bm|(%H)~ro%%@lub%z$+p``ocR;oobhvy;OH5u zsn28W26VF*t!jW(+U2c7rTip%hX}+*=-cU@|2|j=oxP@A;CpG6WzdHsTVO|i_Zg3q zv2$w4QmDMB@f&ZsE`HO-%kvm&S+6y0nK4#kRwQ0a)Ttb|lvqN4Z7_Jf7Qk z*NSO?w2yfmH@N7G(soLHsI@1w%9ha0`YaWanmo7C)4D-+&ZE^24!As zScxjd+bB6-Rgmpj5nkJamvuJh7XlTazCd%TV>lvD7guB7roF|fK6Qw#8g22$6A#O4 zZtiIEg1*5+IMY|h(7BaUR6(vqMsC7Pu|!s(hp^)O^D3FF)x$5I2gfV@oXUn6DZa%fXm2)ycXpbpg&nDv%$)4w+*}YjDv2_XWF`haJ5Se zLNVW%D5m!btJ`v05!OqQ!^-+-*yFG7-Rt7iAJNdY2H(t*u-a~;#hL&l!DRTJXlfUA zo@cyg18H!oEi!Pv`p37`k@97hkpVoxdj$aA<`om6WP8P&*Ir!JE#*2QGZKo^c{uv& zSARabNNHsu+M3+NH9y2QV>4EfaL$36j54X+)5B-@a4_4|W~C4#s9<(qQ+P)b{#6&76kj2u--d zS6c%DA-;!g!_fK~R1V}ySs1NlviZhN(x-N~aU6tLc=i;hDXt_MEx1-cm!?4o=j^Y1 z_8mS19gddnb*4wixMgGkf9<$dG-N)_h9OWyyc>*=xpmUCyhX@sbt zxwFrV#^JUfKNd;<;mE3b-M_Eh@2P3&QEDIOeC!F&<+*293qS20GrODY^QEi~8|6Jq znS^VlcaQtR|Cik~8ZIBt(t#rp4xPFzcMJd9!IE!lrm@S@3e13q@S*NuRI1A@5|HD; zoz`VAONRk&rln#`Z@u1NW$JX<0YQ43)SY*X*5JJ`5$vZ>c1tH1=1bo$&GSmfmc@gI z_nonM@@X4lw;FG3pcA-WN56}$*+>xPx1KgkXHl{Ek7t2lh7K#|!K)LbCjOiA2PN=C z<;eG=_N2|{9YF^W-(WZces~I5Qhx#zPuqD)6{Jvh zF6KtHIvp0PbN$u5t&+uDS*^{G0sSn-)Ja@o6CmI5YSOls4VZTJ(!0d$qD42XBu`GOrK^3SPk$25Hb@ca%qiL2A zNP@*mFs=_|v2`17TXysut^&TL7AuPz?aaDZZgSl{&lSg^6$&6`S90wQ(QN6_4+um3 zA*nIDUgTC3mqet;*O3Ra&j-bop9xNR=fxpw{4?DiSfuan|1ByqhUeg#9?5=ns@dXjY~}%#`11*~gm%b?qz%Fwz!((o3=)qe_H zYTkb}vIKhQ;(1BD)>ie6zCoDaSyTrWI+r@k{w-4fybB7>_0B?v2-X(`0w8Pl({w&f z!_$4nmD-_xjQRe#T#lB$75iA8wM9yb*Ggjmd@&&Jt31m4lk0%!z$(*$xy#%j%q`&$ zkd*p2SQe9d34Y8_2w2Y_@~%c+)?+aQRRVDWSqq(Exn>iR7A23Z3Nm(%wKCN}0u;fN zBsBH-tn;IFN0=kf&r}qwL_5+kLRWf%Q25ULjjFSULwcP02`jY;Co7X{Ixw1mE@*%k z2uCFj{v57lZO1(d4mNcNaf(L+uzFF_kR)6lRjZv(FS-|a9*yC}AgxwlERc6xpt@!)P>M*t73@b^M|qE6fb7)SL?fWhrC zc4s_blQrG8zY`ckPxr!l5+^XhRCJ3C4~=~?GQ%!r_)zGyfI9ktJCR*I;SN6Ws=F#P zVeqx_$g5jY!u_#Q+2NsfGZ(mjP0_dGkqCbx5ehpS!ODC8 zdY}^A?QU(lAO$~&4COlMk}rB5T!T*4%*p$2ezABW zD~Pf6^IX+|>@?0tj;`{oY(?XcVp2 z5A2XO%o`D_c}#<0re=S_UkB9COI@UqWPl_`R$kjJ`ZpCG2QKcU3yk{ zMRGL7Fr4b_0bV*99G| zRf&_6+O^fsSmgDqBwxvUKF^Vvp1v!D2p{kzH?o-WkT7?b6Ohk}dJJne(9@-KI&YwO zU$n323oSUBpA$Aw;)@@>9SXR=U%N^7q!9dkZ@lH-*NR-QPvh_%l{7+s-T{(g(SPU$ zo56@;Q0Jk$MCmTc7`ipi`5kt5DQnjmVK#T)LW2(a%e2mygagAS!l{p0j9O6#ZXEY(7<)rv?1X=xfcnR)Zmd=^zcq{39(HH1bIA@hX!1xGwN@J|zxp@1NIp-qla@*C!p-=O8FtOn0Mzp$L|Gy!NEKX|{Espd%S z&|AsY`X;P7Pd61v_lp-#E=`l;t1={$V}fq4RpZKJmshXRO2+AC0;&h^hWSHU7pWz3 zVnny@w#9*18OuPU>=0}$lklnC3lt&i-I-e?t|}F|N7zKU(_JsF$x;hQ8IQS1=0{KF z?Xh4b5WwADp%6Pv^x&qqtgPvMPW9x;!|6u>UO5A%lCd~!82{&z)KDauAasH^)jQm= zWp~`5(@UNX&FOZ^R1H`Y>t3~*uq_77mX`}2jb$|cu$iZ86U$9B)RjQE=d*DoB@Mw< z+PWV=JdYYw?A14*h9N&2WP^BZNQCVcA~CVZ7x^pFxG$%5Hr~U^1~C~T(J)B&>=$^! z%Ddd$CZ%`v34Omv0{>oQfL)tSEX-hJIg*LDcS$*v84*mBbCipK0{24*mWsY|i|f&K zaamc-x;@nNg28qg3hT3jy)3lu|#V-aaO^sH0!L#ASN^3gRkI3P{>ItlIHFM8rqiM9=u?)vwj}mO%-Hp=GjPWsB_% zf51?pr`2wYrgyaeU>mkw9}>u6b;{;Ao~Q#!H)k~&5vuk%-tB3&K7ybuPlYQ6IfiWF zbt4LNvH%6i>uUjGfe7Wlp7!`Nl>5PnJ7pWG*N|A=?fE4LSeUK-hAkxNvLs3 zJzjELa>H!)(=XpX_t~$EDt^2$U(!CZ5NlPSWOD(LOTeVWSGmId*%tLm6uhJtsI=}*{k+>K!`aDXqk#6W93SvJI5ly)@hvbC=>$>J^I z-BPi(TU??sphN>wJL%`50rL+XG}#x2luMtNk`Onkqm0 zNxS!_#C&H~Qu?6e*3DK_I=08yR?X4gtP4V}_-cdwVe3V5}T4M{bNBv@rRI|P=rU^ILqU6G zIWYkVw(`2gd+O)A!#|Ft()fp=%|=$uM8B;?IVK5&ZINl6d*{(+_sx-RRlhj8HDp+m<5|7g;(f3-~X ztn=Er<`sPPV5=j*S+Gl1p7&*b&)auMS=@H(Ddpo%`4x@W!-jh5#{SFiV>srcZ0lrn z$K2$mA!yT=`f9e%|HGU=(6B)dj1a~Vt#RwP;7q|NYlu-oDiDis>1m*G@@35?TPig( z!MmXuG*oq$-Q)*)SAI5#KeSCa`nr0v#tqvj$+oklQPR(si?tOj@d1*-6}`hJx)UAo zwKs}O?WN19@+55!dX(BN=M}ZIH&djV`}b@-+#Owrh2qN&H`@NpP3hA$0U zo-H>nWDbbd6p;L|(QBtol=KdM(;8iY0@jl0GOdpuadjvU^#*JDmlZ5&2a$w<1T0fj zoWHZj0C9ge%`x4(%6GNUX>Y!0x%pBKxXh%M%@+08hETL_trGPZ@zAMC63vU2wX?m zEI8?ptPn`XMuL#*7bJ_+@2!WNtGNw?<^D#2S+}eFC>uCqgm7Ip@WDod%SwUIfW$T= zDelAsMWu&aFAJLRX;2TDD3j%D_2f+)dziN>G|1EZ;Q+A%YcSNu^md;V2XLc|%X7a` zQGQ_!G;k!2?qmR{XAq&TXuhqA;8Cp!jt2gKs`c`7@E~Lc^?YCge7wNqAi?~n3Io74 zXr4_E=>5|xnmD&@I@<4Y({_m%%X#6@h%GnTJY-#7AV_k{27RH3tkqQvS=0Gb1cNu3 zzbCq_b#c}q7WWud?igUsI>keVOETsI8XP9^W`6vHvYMy`cIFs8PLw8R$%d=CQqsZ} zYZ&@S(_ZR_dtIv(Y)J(TlYz}Q@(kDEx9c&Xa8(6w3BG4ZQ)XY^eE0(?jOy&gG{gSw z*;W4>l*DzpLyA4gqHU`$8-JafqkMT>lhzZ1s8zxGD?WaFEgHS>7P0AGZ*-d6NwbWv z^tq3I_vFKg26!dSILA~Fp~aGKe&<6=c>AgCbZH07aOs**dQ3{1@53`-J|-*|X#7M< z=s`jc%qSt%egNMazoJr69R3ilagMidZp0*`MpeHm>Egq%uzJ?{*R~o^8dnIty29C; z2!sVmGb=ZDG1i1WU%lVijr8krx*&kZt-n(TQ^1%A4ZaAwZn9qxk*l@0?VW**mRDSg zq|Oz<;xsOx8M+W^y1zw8AD8?7PgB!|O^5H{jO&IvT2dVSt=_daQWTm|*at?{ay@{U zbGy26Az|mx9Sb{o8xEMEf{}klSf!MMBg()2-;Q1+B4g^BB7-A~o3c1D42Ms%0i9m@ zxwkh-WDv$^aV!Ti9ml^B_i>%iCt~sitRI^!Q2*XLV!jLe)EE(DW zqd8%GRJA-WZ)MBWgBu>qq;q~1SQ8nnS0f*pxmu_C|9EJJ)}6knGuAQd*3XXY)_{u{ z19hn38!J7Q#MN3ERjNP1P3>3@mHPg44W$7FU$V&j&^JbtKT#}T_;*Y z8bDwWdF~Q{6G&Oqwh|>x65{L~53^^mQETuu<8oo%wjt@D)%emEJ6fbx_VdN4F4c}T zjzjuZe<@LOHov!Q-v>ByA|DMGq;s#A?`6*wPDUHzmvfkB|v$rNk54fHrlg|um1 zcC0hNGQ@vk5$2|K+L#BD-Dq^jKg!BeIpoN{#uLo&455!aKFytDMQ(m;CHxv9xD~by}f)njDH{fmr3OND}pJ>Tr9v2RGP=R6psl{Y7t} z^(Hrnxg?H^m5oh%ycJJ7;oquXR>$%|a|;HmdzT-`Hpbq)XjPa*n^;ID(s&7+DJ>qO zgFg0TiKIe&UnETGh$4!y=t;~Jw_UHu`e#mF;9Re)XlKSTt6)=U{OOos)m@?Lku3<4 z*BVOuAJpHUmKY3+hv6}lKrEDlL08y)$E61WT5kn9ApP)-sxL*uQJ~x|S0VqfG>h5K z(oQnxedae-W8;xt>YX>Jb=CU4YO(^U9zY0H2}%xD$In+m^bfxYX^u(w?tp)NQ2koZ zq$bHBjx1lH1w#Rd?A{?DbMk;7}$ubXy)2pxzO1I<_0UaZji3f(?#{mMd z@HU7_>5aXAoqZIS?!&HsNcAMqC=g2pYH4~a z4b82JA2!%xZ)*5cAFgNG{b01Wy~6?dg69A})^*r_OP7dFrB<(Ti1=SN=717=?a(p6 zL66?Y4}j^)&DY-zpn=naz6TW_mP;8EDW|16tp1@N?`*MTFL1 zsRl4v%cWVhmqrtP9J!nr0lo_bh~5zy@$Tf~p48msN#v1lmLzn4w)-Xl{Yc8RunBPI zIe%Ap`g{2MGlWp2B zQfVQSG53AE}V2U-@XhLu4{V? zFQBQ+&5_hd!oeKV2>FKhgNHT^1RSG|R59>BI6c$*T19-i;1Yw=Gpu()RhHOj{MBvR zks$Pn4R!rF&yv~MM(X8-dTolQS3dF=g*||gOJqxzdH%1ZP$myV0_Se_h#anPUG6bA zZ6L%a2Lb#m036`NDDy6BsqF5UM$yvZ^wurPUYed$f!#l zOWjUTaB(=0_t?b4IfKc7r3%#h%rVv3&dC73@a^?ZI%a65MX_LZ&!0*~;9s<&vC>K>^kms@emYDvV z2=>^F`$<&CabnsqVsgNY9>4NSSHs(-hn5N!6JQ@9QB6uhVt#AzvD=>th5y99-Id9- zdy1FSXeNPm_iRNIzr z@>1F57(TtDZPe^eww&sXHD*;hc{U#HfE}`W%1Qj@QOS0Cu;bVwL)l;ZeCssN zw|Ce$Y5x&ryS5?r2o0$!$B`T$+AaeDygTS7m0xRriwBk1MnyV1E)(ZR{$J9Op`^DR z4mfm|CKFKR!N&gN2Mi#@h#JeT!c?7=kU({pR@!(ZuGFR&Bnu($H{-*|&}^QV#-%_A z2#TV#in}ws+b;#l5iVjGNVueq^jTV2uO=P7`uV*g2#ZyWM(cX7q!qxxb~d7>D^h+0 zD96*}Q}Bl~KKg@Lg}0e3>%Gc3z{<$>=?xDA4#_s!2inUN>A*3;Z7Xp5=Uk57>*T5GxNfogV=!DS)@7RVv#PN*SUY|GQoAassKiBGi!+ej;y^S^wKa3e;6t_vg4x z;Y?8du7O*1UmlX=rRd21AZUQ}AZ1HYLKsDo6M%(6H7Y2;&U~8-j3y7nHb~pzZ$Dut z7;;R1YbM`G^{!)7#uTOs*Ao-o1g6`ouhATrn>rGPn-%ShKttW%{~|h7gxGY1)z5W^ zv)S~H^TmEHWUnM?Qx+{#aK?f8TKjr^??@NN2bd;77Y`kW1U1E_W8>DIfu z)NecinyfGap48F9nPIn2n9T}l2qkZMm& zGWi8XVc~{`g>*?u(W;lDW7>%A88%I@FfpX)^4wG4>klS#EW@eL_TRNl#aa3}=3kxA zDSBYl@Z_>-;G+zuS|ohg*EF61ylFI3K~ZUd!G`{qPO6E%9HwTy(8bkNKcPM~?sK`@ zjHlvRCaS!k>>oipn1xP3rx&U=MFAbP?-EgD;bx)$h7YBzY8J`o{uKeIbqLU{*vKpe z|EmZxV}o#Babd2`?XD zZ006gWK2XZ6Kw600~IciBwd<)+@a4_P(7MSns`4%1fXKgrSfsWNum0E4wJgNfOUE)^n=>@`psaF}CX(gqx&k275 z?B6gBUe~ri?{tiW=De6^NcSGgWV#$^c1_SmaWdY24V*p45sDbpDD-Q;3WPcFCi@{A z^0{|pN7*}5CALw9PvQ>ZQ9$z)kX1jIzy4Z_3(OzX5UY`PyNqn;_u=JFpafdPiuYd; z8nV;*Bz(&D88PIj)H&{wDm~?;X3tTEX9vNL7JR$#OtjF zwqLQ|<$2z#T)ovWPSzSg^Pg3Tee(6Me0d6q(?4NLKp*97;w7q>gqQ3Q6TZ0X@Hm84Dpq)#F|sH zM9e292SGf@QHElElH5KEJ&qF?%yhGQmGFTREesmKs<=j=4ODm`!;tnOfehMIu@$(= zB%?L9SbmjC5Z(-2o;dPt0>~mF5^pUHj*a|xZJ<=Jm2k0mzrF>^0Hhj5&;ctL7AKYm zxH-&zjTf9DI~$Ol%0}O*sMqjDg;PACq}-tAa7b02%EXj-Nh#^Sd>=e7M5Gz3KN)>; zB5yGjxU*kgpxoe`F&Ze*Hvd}^W_pUNWc@2#S~d8HVN5Y$pSVC`M^Qg4#eGZWcM^U4 zvay-RZVrDtt5HDZ$IqXkMg}sxl7?(Rg`N?6Dw^Yt4u~Wj(lTk`99T{7e$?qV26r(>U#cgs0 zcb2(faq9{#Hwu*qhteD+Sf2Dlz^^rX1GkYH-f}rm^8Gvz!GF(zmMZ#joqe9c#0{j@ zk*s55tg92`AOyzpfM@_DvevS-{MNg735m*ymB22{8%=$vc{?%1I8J}SZH93jUz=EP z+4Eqm1H`k)Fk+!E-~Nf`bsv`MGGkB^%qPX{v%G@%H1rmmBrFh|wAL+wS6;49`L*yCVp0(8n_YEDos=M8v6k%|MNvWbS`w}%D z(?Nn@MQRuFyROtq$P~ybiCg)yS6{uj4mqySFb%T)qZMD{HJ+}dMU}UHj@8#w3xF=Z zzwHB=pA`$B*yFMCgfWO9%@5fU_a43xoP6pSK!6`T&F*KlU!DaKWNH*OFAWEiq)nbd zLuynX+vXwt`;D1Qn&WSnk1o`cSm~~lVh+`@<||f9AZ+pLEZ}$0P<^dQUOZ4>OSU19 zc^FLvA6@#QbmVvd!U8h11)mM-&?&^;^tHGJ#-X_ zR~f3;^J6V*Ay38Wqj7USuSsHx1nZJ=P6wpJx_IDRzLvWo&wxRi(8qn@R?^C9u>z+s zafl%>vS-$EyHt8>?_~pU!l8UvP{s~ShF>vh2s1MH$g4Es0pwXtP+{ekd7Xn~$Wy(U zJ0yY&XgVyZXP0bGG;U}!E7yI~jLRf6XIZ3zTsl*ZOks?&bJgy7!MKKqoP81rpbxa4wH<{VYD; zq)h^IQr5C`;Dk4`?{i|LGr+wREl&Mu@-rE;=W{YLVMdkx@ptmrdsuHC!^VqTmf4&$t zDeH!EYkbAJR^Eq$BMqNkZ6^&82=9~2b4A$ZRiaE(8O{wQCSwZdfE>ToV5^NgKn*4b zqhFPiXjxa6>scyN>f{;YO$|>OfpJ?#uVB0*0iPK=4JP<9;qp_DbmC{=h(}@ zl$P|Ndnl}{8Dh{?azX|a4G=A)ACclUI#Mq4yEqBEBBlD;k&?9h*^ry+qG6|lC);fpqS0ko$anmAdCfOMsdT)hu`2Z`c?n05k zFr+Cv+b;NrcrwP_y5^TbPVh)tG0E(`*GyW^#q9II+m$fQn^RWt>dVhKwj-s(C*BPi zDT5Ns9^b7e0)V$*2%8)G?v%h;Y0(i`{JQDQ`4&%0B+nfT>1PKTE5Z_5mr%g3y#?tH z)))Y`bs?^3`|xNjxguPJa-itTv0V@_mjm*2y2)#8Cg9QxJLCkm!2g2YvXHA0?E93; zeGm9E0oH(%R^?TBN2lkiy`$7DSIN@Vc|8k&zjR5nE-1?tfM#aJkbm8lAQ~x1%EYmH z@+Zho(UmxltluioM^y{jD~R;fNdlUs{y26`%Zt%mipI~_8pV{n5xKt9?$+R&V3{a| zZ}u-?dqPC#%|D`Z9kySxC@__DgtEQr%qIf+2P3it*eZ>5r0E2q7)vqw6$r)!W4WE; znN%6gfs&mUD@`_3;x!LnV~-PNv~GL4_$RYp^Xq~aB^(M#>o?^{#UcGiycYy@&Fz#f zfU)}Oy?E`B=q6j}K}ZemPKL0H-M_4?Z4Pe{Zl=kRu3c?R4_QFMr^lnEYd+vGX9h^S zVzU`CjoGn7qqBfjvv1%vzpHy#)$#l#M+dj(lYbWbG9i*CMPntiXW1BO;jeH`mP`~} zm$p66utC#GFMl2$o~iv?@~Qh<#wp}IJkt=06$fu$SbY2z8w>EJTVHj=cYoxc;`eh& zpnKm1?_co+aAdE$i9(k5L<2mLEVW4VlT?27tbdg3c}79BA_t|P_KF(YJ_99>8L0eU z^H{g`izhy^g}0I$s+KVpwFt>vAHG4Cr`lIOA!={}J_>E{S-YyMPCN^(0kYWBgTW21 z)Ss8thTwzfAr2IY*8gVeXmEMKi`&_#j^vHtC)ta}#tf`t_=2OIC6b<;QtwiM{kzk7 zr`qYp1{cskd>T{K4Mld8$*z}Wz87v>@~8cLK8g)$6-!sMO4{`Db2_Gds-SOCPFetn z){vP4bhSCE*#Lzl^mrN*eeYMqUa7H?x;tCnSB>w zXy_|cgo`z%`2AiXIF9nNcKA?XnX+Yx-^=@XAE$+7CxvyXh=%G*yD>DRo58m_kV+eH zg<9HDmJlM}9Fx#I?)E<@KgD()f;lacfE*ML!?j-QKcEN2 zY*B+ldz;1f_pi_X-IqEuFcYUFUmUFa?(v(nRu+Fk2DtyPjh2TM;6sI8WuS0i(CybN zLNqP{nEQjL;Pket^cT_Z*e$!TUVrF{e(kUB;zMwcfH-g8wCNx8t5#Gwj1=)IUF!$d zBYP**));WVa|VE)M3v|46Y63B-AOOyY8bhn#0?ekaKIdEcXW01G#F1m?GnwUd%Wgs z9ds3KtaV&C$vYXn6r5Qi*k!6$P-1}3d167JE9ry7gf6E#1lD+U2bl%VtM3ogUJ#ox zB%6X~pc;5s)3#hF97=i`l#10Xtkx`dl1YRzb$mD=)R|LC}dRvly&Hy{ttE z3ul4R;?{YFpnJy!kDjImBnR#Xwh6HynOvGC#2}6%O3+#{%7+8;E?#Su^M1T9VZuj% zM%&_3Q^NNH5~OMv3RPIV`-#_Szl^Ym8{NX-`}F^;*DYH|p>3=L*a}~-UVELf(6f)XLm$L4)5V$caA?FV_Y zR)wGih4!$kUlav?3NAv~EZjK3C*CpV@lK;mAfW2}Ll>;#_s(DLzg`uzc%>wv&mpqb zkaAU)1DD$%MuxTq>$wCXuhe5l?M z#{?j8_yV3u<-TlVzY9qB($%b`85cWHogq#ov#4h9oSoi`_Wp_&R9 z9Z=t!^6d{v;Fb+s9ncGGU$2Ro#3E3#?TqmOC9amUo4<;NQ@4fg6FUsb1LBPt)KAX& z{{8Zgd=&0-9h4qjTZiy$`pKmsZ5*!y{g@H zmWkL}WnwT1sfXIk0!uo#Flj*W!Sp+?SOIEcq|xY$LhK=@t`p`%2#f2#*B%KZ+HBMXBs z_baC+lyD>1d?%*XfAEivc}%P!^Yg*w!P7^DNXVLy)UB#Qx1JfDV$OPK)Np@F8Wz=E2Z}na`Wlt@Py14{T36xkktbbFCVL9 zNuQlTlh@v%PbJ;3YDb(&=%h2%rx|z=1aSH{F3Cp~CoTiZ32@V(?w7aHfZIMlhW$CQS`Cf&u-A;r~cs8vdz=jdr@U>{msS3 zcWkXfAp}5pAd@`Duel|`uaR|XB(Ov?PRh9ca$;JZdl=%y{ywjKFuVG~9A3Tmshp-9 z7cy}Q58LHzedjag4K=kK6ZT3TV1K@c^^6ChBl*^W<)@#1-=P45dU?k?| zz2tci(}_c2`cuthM5}!Q^?|NHso4CrCv^kX^ASvd^%|*gOPMwrpQ^4@w5=7YoBZOX z=TBF5&B8;!qDjL~>Ts*vIm6DP*j#Sf4x1T6HfRC!@n}lBwM4u^U0&E#rY#mr3U$Z) z_)goH2I7GLd3o1f2C#FOCOIgty=qMlUUUXgA{wJ9$ZOj!#SeA7kJgjttDL#lF@LSJ zF4%GMQ&2tYYk}c#L~HeyCyIcHI}V-F`5r3Eb_V>tsqJC?3^$FYH# z4bFF+q0FhDn1X#DH`{_UqN5h}s?Ku7^smiw%6BwqC4I(2c4wXZq#M7}@-}^HsUC~t z!vTSV4pxPqtRK2LT0=PhHkJYV>t`!5X1|R{>cq$GrB`T*_#feqakO1@)Bxd1$@)aw@>*bNk=x<_Aa?=5FG#JI41VICwDt6Fj&85eGkr^hyU8r^!6Y}R!t;LI4PVIsxQXVuY|1% zM!~mCj0-{-km{;>>`rS`0s6hw1%I1&KU;-L3lW67@7&My-~1#u&-ry+zuRW_{S=b> zcrSgjCZKEbVNhwmEyVxGBD4u*tf$cbqg?GZ*g@o6pGmAkjGVhkUzrdQ$1CIs-yBe< zLwZAfmjc`INf#&SbguT$mLcx4?>c05GE+<%%y@_je#M@dP9Fo6nRCQKtiX*#tUTtn?0S zPjed)Q((VU)x$A4uzICAUBLcRcZ7_)Cfmowzi}fm0NglxDQJ#t~-K>h=&ZpRJRJ(+dgUb~&bywGO$IEBN zQ{~_M@W=9D5w7K2Nl$kibnmWw&UIA$%YUq_YsBFn3w{9MX3GZdRi&A?BWBP7JW(w5*-atW4_xP=8=X`4o9FimeHBmi z*BcjPh7d6?${qCEHK|&pKX+Hf+*wp50sQSc7-?13Ux^-JRN|azql{Tm%fTq_-Hp*w z8q(=!2RE3!C!GD6y(nPI7rP|xh^EzG#%CPwC46BCg$Pd8z!6BXGDQRjE@MOZHa zy%YB^DR@J)*q~UwFA>9Gj=R-3?<{+rY6F|yNc_?fNN@yjEG3P|piBLd_wrBgKzvkf zIbpl^Sv@ORp~vdQ+Q9A>NoUS%kS|tWd1l;iS>FWTcK{HUfiUAjIB6h z28rvZy6+f|lRX6?0xFXCPZ|ZnlHwm_=$7FhY2w+xNr8{})XHCeKG{7{_~QXIR0did z6`>(rLNPLDt6f3c`Cn;Bl`Te#r8*@P;^mq~1CM$-0V|A$g9T6Z?O5L3jIY|?q&7oz zH0+uubjZ}@|6bZxjK4YCm!#i`ji`~A2J=ZzN^H@BS6GY!Bd-9i(}mM4y2SnaYBItf z^`L0~(c)DT_PG@@u&c-}GUWTw8Y?Ngx~B1(WsED(<9jY!#d)m18-c`%T7>R&9k)ZGde z(C>Nqo_glg{90l@=uRa-`&wO8fnq>^0McIo)~~djQKlsLh(8Bk`p-tb9hBrn+mY0* za4~!BWdZ~5c-s%r7ocLHupaBO;h6E%mzEK9CpIM9$7MrAV1&GDuvZ38q@3&(j#Adh z4b~WBmRa2yBG(A+=f^=2V$gM&X(_FBLxNR!*1Mm*NSXnT>Nwg}&7ct#^yJ>sn$y0SBaz#EEe_7=%oIE(^TXAH%-exT&=w+*+?G}}xy?>;Tu zG&2`+g-XcxgX0!SEB_U}7Jnh^dK8{9-R3kS1#g%AiQ?D383QkdT3qhYrE^31e{=nT z!Vnj=mLD@0LlZ4O_GKZy4VfDC+d+lkc|Y^i}Rpq1rg$`%7AleCUQYO#i8K z^6tf<_h7|UxPfrsvb{v}?4RB~hQfz$`$c5EIWJ=Gg&ws75u6#M*$cIbN@uFh@vGtKa28qAPTy!F%*!sJFqI|?*7%d&8<@*0d5rU-iYrF)u6jpLqAqKEu@T@1bBo4=5DynUeFtD)!= z7D=-wvBATQwK}+z>f}wI7k%0j2)v$4BUnSwa#o263sHVzYVkxaC|Ne-*B(Ih z^(ysuHd2VP8>tg~t+DYPHk;9CGhi*A2OM?u{CL-H{+mLc}X$8|e(T zvm|Hra;7d3XX)z(B`GVRJaBOw2@P?kmUPJXUvwhD2Ph)IQKYfN4icqg}V>Qb;XxCckzsY z`y!C}j18f=38yjSGV{|VGYaGiZe8dECa$qhgxUFKwnY(TLI!GrZpj->d)Vjr1rBh= z%EZd20=GFCXZkB(7sK$~6nHg{6Pj@oJO6Xk>3+~Mnpn*o zJp~)?nJhb+|1==h{9OucE^nkLDQ_C?sEtj9l&JZXIA7_XWx%;SAeDg_0egPJ(|`@q>xXq!tJHcOu0*Z99Rrs{t#0}7%lV$zt0ZsPk9FL6Py|oMX&Tife{iE*ykgt}?c_b>a)V1wK0GdCwsmu#BHepsXl|T%G;b6%Qqk#8^zqid=>7L; zcg)qD8yx)emB-B2n?#WX$poI8jf0S7-KOiuX#Q|lBHfXp|k6u7}(|bL!x@3YJhjZPleWk>_EJo@(S?h6s z)obgD*>=qa%Gj&;Wmy58&Q+7TD;;ALuTU?Q>evM+^$=C98OM+VGacZb`LyGR^z)cP zOQ?9P7bgpI2Pt6g=(g)BSdss#IgX+$Ec;cH(e78N{&&;y?eV5qM*H*Zhi>vgfy;im zNB>SoMGfT{65QdL&pfBpXalp|lk#NaBq!-t#GE<12MxUf;c~9;8QYv|tY00pFCD%n zEUjvNaSaf8=#IyuQ%oMmqb@c;~<+4l>J@4heTlyB%rtHynOtLZ1#N4ayWEfYmB?zuqk^Y;p?H{k<7r9(JQ#}&ajhac`w2dug_Oiay8n~ajEX21` zqvZ>Uj78hy7}m3+{<@O!a~74kk!k9A6(0qxU0C$oDc`Vs$JzHs0A;T$Z!9Ah9XMme zdt2}1;m9{c7YO)tdi!$-`nw17?+Gk`aoMV#t(WJ}S>1MVz;|bqq9xz^(iPYG?9!$h zZuK#w?};N`T*+zxsLDx&=9I)uJfkJX(WZp~r8X$VxFCwGs#7E@*^*M9HXW7DvXO8q z{fSAj0klU_EefVktk2+VK-cLX?oxEkKkNC=#8_@rz-eiZaIE%(#*~M0keJYrfa4%j zRX+JHPgNxY=m)gne|qj0peMjX0_{AUqyFOH7C)CR9jY}GtnUW}a90y!y2H=43gY>W z!f&X0UpraEIW@5`+in%L=b}M4*fh1S!B{1)v()1hONV?XsYgNq-A>X~U0jl4qV4XJ zD!B=_tMyvi^B!VnRJ*KhZ9ghldWi0LJpYcqcg9mK?)!>~UNan?*iD`nqJ>}!dgdz0 znM2$`NneJ|g9y3QXAJGod0hHcs9Wf37QF~ljUPqhmmz>DV@}GrwEcNLBn7Q;&5f2b zZwq()`|#MH+oF?ROD0!qwQdre4#Ey%1;{9V+mW@JeLU{?5!-Vq6alwr=#yOr>5yO;a-u3qdE8TUGOn4XQqar zrTHP8+EZlDd$m`9^-bB?6luWi_4r$~ZzEp;2f0-|M_s#;o&}l^$5ng4vzA5)HaO7! zYISYQUrD~dk4w0#J4h;Ahc@HidH>i^G0Bq!UP@_8lxTjMvM6=?rLRZhwjtZ-zHTB5 zt>k<%{5k%OVlK~9uYQ=s@+r?b7hyo4|91Z?EC)hgs?zMhDfH|280ss%HC10sp+NUJ z5aM}U(@>2!qN@4&gE1!C(2IwOMpsiUiGxm-)hS@1y54`4etWKzfk%F5CVQ9!dm`_H zl~VBr%E7KG-p>DZby+V4S1|EWIVO&73Pc)j(0TYcLO4fsou$>^eQ|&` zw31aYRxdn?D`_4ZbUHa1%2Er-K3iZ4QiZMJ#i@&6wE)>{U#itH@pq0$YzLFH&k@5b zc=U(Jv&gvvb7W7GE^*?{_fZG!r&tCL@=m0h<4GPyQHypu5{d0`2>H$NdBQ*DvnE5) zU=4lhPy$E1!pYEvhtL~oQhXJO9VV-oc9Hl_bqf_Ged z6RV(}n9wnPT1+7fO`%w%m@;NeJYPrCzPna973oP2k*{-QD zZwxrKR)_Zc73w$_eg#4-Svsq*Sadi_ye)m^yjRnb4 zzBL|}P6GR-;7P1*SpViiortxwP1J=+Dgqnl)T2wA2Kf&)%_Y1?jc&NTbNUKB_mi%b zaTAf28|*)=yBI*ts33GhLNsPE_^C{(j;mouKNS57F)Y?@0}8Lx1$)yM#Fo;1V0@Kc z7d&~0f0mdk)_EG%^Kb=LYvZ@MCF#($80B|0=}Y>Vn9)=>vYG=v>cyLemYwb-itw|k zO7$FXZj{@_mvQwsDT7W!IR5j7Sr+4u(|F~bXcaBtcmLFOpPOGUB^F8Cscri3u{Y6n zU%kr|!&F_i-kTT{i5t<{D$y5@&4LHjM|Q(TL0G_R9*w zdmGd(Um5|)%Pp(2<7>cMfwl3afhN~*A#6IO_+2GUU{?w)#7c%IPra61c%9>S16Q?U zmvDcLokLUmP#!^@Jg2bz-fFe9^$AxmU zocha`aZ%ufv2`OdL-qO^Smu=UzX`&pe%RQ@XE8nN{H)an<8_fxjYz#o@;ByeJC7Z+ zu1VS?Xkn_Y?e3J96Ta7x#DVwca5R>h{Z|_9nCpT!^n+KSdm;}0MlF#OgTk8$c!L`! zFSnL3awICUC`b~9m~rt$N96AcS-Bd5DlgVvKV++#hBN+F#Uck;kkVUycGWbq{34(s zztFe2^HxT1;*qDwlRBa9ZGp4cfk!W2;R!Xutp#w^2%&+kKQ_g+a<-gLiXj?K{k?De zFR|sS4-DdLr*QxPPPJu8k~ZI1`V)tfWyyWeN)-uxCZ-FuE+n6Y zz7EiMQ_=M{1swwzs)b1hgc^D`;+k~Cy zb#!PoC;3JM34TMec|z)`Rdt~!>rDIE#UvT)0(j$9*(E7yJI(r-b4EDNs%?Y;Mo2j1{%?4J4qgbo3L&D zDsXd()F;Jaz^9*S_o?I*@pd|g!NZV%`Uic?JtZv~M80GDN)R7!zFYLwR8QRA$vs(S z`nuTh%fu!(poES0JoMh77dGU3<_S!&9;cdQ_PF^UIJ1B`6tqNEkd9x=s9!M9)y70; zea3b8oFV$lgCi78dyKT0-2N&Qvv>9R6P7(U6R~-w zLO}bHS<7~pvLG-{A_4=lxD>IA!t{xILVR%aALduDoe0PsjI=u8w_47L`U9sr$1o}O z6k4uY-+8PY4SLLtw+mm>chrq#uKjQ)IXAarCInicpbS;u)(OA5%&vGvFRtQdm)ZVC z9*mO5{U_Z>ACx&=C*3x|Q7N>G(eo=A_s=2VIVw_KX9%A)Uje9I;WQ34e+9Q}6N|~x zRN)V90P$={XgFV`xYPUkbA^hdCxD?!=P_N@kh zd^j=I*`)m$FppqsKqTBQ_LMdSb}%~isH>=Qv^jW0{{dO*v8M}f+Z=+t2xg`h0)5vq z-nQL%+UCy@X*Ff6k~#FQ6&eu)s7Wa$kJrcVYd!YVI^8S1i*A>0bX>i=WNIXkoO4$@ z78Mt?lJ>N3vXT(ay;J)g9ypg|Jb`umSu3qp>AjU8=Hqjz1bI}?V4VO3oTg2$rk-G} zU$s{NFd*ozSQj{y%@{{{WfB^}+B0aS!)JwD!6Eq6m7l%;1&gY0v~+t$d-PX}fdSz? zxE#rWNEQQL!HQ?c+7OCdhKQ zr?Xk^#c|lFO*B0Kwgrxitn`mzOi}Wi*~z=Dr~bQ94a8RbT74k8jUUg(bV<7@$B0y+ zqV|5SX8;31rPm@%015HMi*VC&?v)cg0;Eb>YaVtMHW2o*o-$1VztN@B16gvF34_92 zIW`64H_sdTd$8pwtG&6ojyuOuy4q<0RA~Qg4*mbST+NHRc8Ac?Y9IWO z*3)(?UlO=M9|km&E!@}4HYyBv*NTyg)`8*ct%}u0bjEbYmTl_=6RK*naTmh!DHqz% zC;V}&x3PGlYn+K8m~Y_j9zbg7A%(0hBIhp3cROaF0-%v>#rdbd0u*yV8jYu~>5mN; z_7@5cPy)2SgD1b)LyN<5c4d@*TJGCn?Zf#SKH40Q30AYdvo1|v_h;@E5dkkacaB8c zccB9>G*phAb0Igh_%#spLdsvQpZt`4n|b)-emeY^YsT_j(~NrNN0he+sk`S}b&Gr1 z;K|9rz3?XPYA87))rDvm?uc`e`ZB)uwy=4kpV?-bNo0N~r?qLo6Y&J$7KOs5UTd>C zX1{^8Ud@w~M+wgDsiZd}VaJlCsX-K3+3tiRB^C6G0tif~5o}tIk7#o%(;IIeUlujI zJa*og!M)13r)q)~ZY}W&+Q0OL5Q(lDl>{k1_sL)QrSf1#!m(+ZOhhn*2Bh#ua2$#_ zN!RuTd}1~O5&Dlug!j3PcQ_76U;?dW`Vd!m43gF|t$kV^10)sVJ4Vco_vRc5%Ip!Jx^0s*vyHES{_R@0_wAncJu%3cTP~#a9YI6f{=M$ORxf{VS?l+3 zogPBGO{{xtV3r+G^nTH+QL#JmL-$gs=zzrh7>RPTD(@e6cU{U7+h@_{2-s*xbrlO# zO$3H+OD)@7i6L(sYjX<^aC)d74?cNA3^;+hedHh`DVzvoYJPmg(&yQK=<1~+vH!bm z3e2wyx_slNV!H%FgH-L(l=Kr!o@NexRj~lJ@oxO)Ugc=uTj21rgWQ=>d_HB(Ih<4*lv6044mR_x_0zeH4~eY z1keKD<}WZ&<{U^-0A&9=f(9>d+F4@fQv?-kO@KxM3zOX&N6h+bKi$h6Xuf+~7@GH* z*;H<7kwko&cqW8>b`-gkL9lbOP0e;WzAw21M{rbU6EklQ)4DUW9 z=+^eum}&LK!%+sfF_&Lh)pMj@`H3M5#j!%y+K`huIZdcUtq+RE^dN34f=jt(1b3Py-%e$0LfNE$*CO!)o z3812`>*HPTCrZKxfFg81Z5)+x!h7eXuP~IkT%%*xqLd#u+OH?=lgOr;7b?Mf_k!;g z&vUo98|m%dl<1HNe}+0kJ7mH>r?md#^{z7X*-*9dD)5r?Yg?EfgtJ}XV}j@&X~c`f z;&;cj&L6)%rfy@idHq*QsTG%vLIyGPt^OO|w3Gj)X~tfujre@OzeRlxM1Q=!iT2)K zP^Z9yURvVbi{sbD3*S;jZ*&J@>}|6$VO?MF!kBO2xDPP)BpCGx=n6g3I}{)4kuDDR zFwtS)MHQE{(orvIs3d=K7mo*vxR7b;FY0rutw6D=lBaXB?@z5J--?}X^^dD+V47PL zkhv0aN3c>uRj~1Nt{@*J!Qp6I@H71rU#!VOwmidM^#p@wVP*Qa)>17CJ7>W|D7Q*M zrhe#+=R)g3JEH2vM~g$0%^~heFLgX9*Do*0GR9#(Sgams2M3gJqsOhNFMbOXp^sD~ zB80}sfkkA$m-;oumclI&yqAa9$m$ovWrYw`*a6<@?vCf5vQf=h2B)?OrwY@2nEQv9 zzdu4%!bLmFqVb>j-?A4iv{b_HGllIl>q^#9AEw*){bGj4DNfSJV_aXRZB(L^dhDPL zrBwMK*3BzYAh)NW(p*CN;3Ex0Q$Qar$| zoIBEc$L5Oijnzb5e9i=aym#k2IVS2dy3eXks#M1N7~=SWxM6EFd5Q*3c;c17d3R*^ zy)_}(tRtmK^i*4<*QnIMfnm`7PocZ~VxUV(*a&g>M)>V3aO%~aLp-WHhe4UW;bY15 zWkx_Ov-(wVmbQ1!mcExetpBUeshvhBxz-Z#F`o^A@*OAD#*>$5Rfpg62!FZ|`(ci| zcUC~`?UJBu)~UCVL}@C2Zp@QPoazyR-uOdnwd3Ck_wVJa;dJ!pT(o`zcFnm% zKVfq;2yN(dg!^m6K;dSnGfMApObR4ykS%n*_bdX9`aC=`I*U#2O%!@rrWIoD^dNuW^3ckB0p;P0A`-yrQA9>d!0bp@>pe3tZ29 z^YsBQ908KAJ6wj2XIC0zZc5>3v9*Utl;gU zdqLI9w=Iqzf1858LOnCTdC@K69IwovsbN1r(1~#6ISkxnH$t_l<-NsnvG#p$BWcAq z4J4p$RyR}0R&{N;)%PJ%84sm^X|rA92jVnbFt$#Iy?Xi)!Rn0lgF$XS31kongZ30Izc`CbjqtQ*yYAj%_9`k8zESYP zqIjOnGcLE69)3#d0gs~NMt#-%_#GAX9DR!{OLPDcV} zbts`Urq~#kYxbF@`#WoF5{8bDSS#qc584=tw=UKaCBesgsMbe_6%gr?1CCSmgo zo0p%PtRMg{W+Uw$@e6Oy&D$f#2x!nNI9hXN$6THyJnt&-3Q(R#@w8;idlhwSUOHvO z1V8V{;K+(S%f12}bFuQ{=PS&8Y#IN>jHxNlZbK{=+Wd!ELT77Ufw9Fdqh97tTMRDF zKtuN+DFnv;j2}CI1d@Zlm;)N0R%E@TL5EmJpQ@G(<2qogg5cy}>Mgu))wSd?Av6Z! zt(AjUNNJW0Jl#;;zO5=HwuQhCj-JbqKW&Y_p0`vA0so{pjnO+=B|Z~sH{0_v#u zIH&XcUi$5fEbvb|z_l1P7Jrh>K$S@w9sKDdD@T&ma)|jmWhDCi)Adoq-BR~XlS|H+zcjNaT75wosQRw58?OPt1>c}!?__z2z;Vd+$kn%lX~`Q5`CLE1OC+BGb*uihu;QSig&mX?fiW&lVvn z_BFSn+0CJ0Z3xt|Nhf6)vmq2ZPuuGa7D^4uD+w07i!n8ibRnpoXdrR)r>& zu_QGayn1i*J==L6v%P#|Pj#1>CUUBYxHdSJhk4OLad{X|OXkN*2}rHQS~E@G)kJQ* zg#ZzFG~ye4MV}CrEA)g~#j65p=UQ^&eI`ZOPk}Dw`&*aZJ%|d~bMRe1p9xAuOXLLM zqHVDtD-=A6nUa~?2_b<}LDkA0{t=}8|Ji#3rw5YpaMMO1%cGTg8i7DD(X|99@0%x( z?Q4cbxHs>-{DxRDQPq`=(hO`K?eXp95TcGdg0iNYBhu_V!e8wC>Apm{ZzMOVe36n* z2v|cSfG&L=P+X0xD9STOi*EryD;l;_5&G*5QsNPjnm9F$?*lM*w5h~b*!x~!yEToF@ zthCl?MH8Ta88|caDskRAb_>bWI3cZ)=&|q(eedd&2n`0-j3kG=D{!5mFJ3p(lgD1T zC_+aW>ntw|L_2roOvW9lYt>vs-0}=-&4!AF+KxH(mUcBuh3r>N(2onZsw z$r>193!0~1st?yI2RRt*-Un}8=w?`idj_&C1iI_k3~7f@aU=avEnnWXP7Y(D4lnsQ zNst7?B!%<)(^z|6kS7i$iIqLpr?FVq9SFij2QAu<7{NhSqT56^+3o0YLAdb1i)JK? z68X&z=#&XAj-SQcp5=I7SATzOKIAoQHqZ0@DR@t3o-KrGvWkczxKR$(V7{qx^O==4Ksuv?1`J=Rq;Mm!C5QVelL#q<3sg8;G{xVyF;sGjSHCixYc z0d8k$i*hJ*a03Mz6mt{0%UlF)E-*;`m)_M+Bd?=oVV5J-NC1iecO#ijll6CesF!Qy zK}hc>tQcHIl3#4fuf8P2LFv!!v=%-Iz6Df&+Y~`so=v!^ytlH%Bl@K%qLO8x3WK?B z)?T@N#y~YUq7B91_Z~-mdXm9U^JCxVpAD8Qx7-p(^v$El;jqCHaqE zU?QeD7jZ?mIW9*`*QCQtpUU|7VB`&VcM@RI!$WmWXZ$xYFE3GmC}d!zJs+?`Ljp!p zDCsPIxu&6*dPMd1{T&eW6<10!xu?Az*xIskJ6T>L4lR-KW=G2oL*NkG1EZ0AXZF`)Q1 zxvymtjEkO38MeGhM?zB(ph zSk1BT!T)nRd$eH=^Uw7x)vk}m1vH~=ym3V*G1zcL$NJ~OT$q1_THf*Nt^|jcGYwlE zBtqY39UI$&&Zk}9Qw(s_YCNR^ARU+?HZd(7SO#+9H%O5+>XFc35L77(pz+v@X9h8Z zTfZoe$2H+;&;wMWbG)sWD>6m5hctGm>XhJRnj!~R<2Wx;9*^-S|ATFU%q2XEUVvTk zJ$D{L-IvwyQS)sf!RlgblmGZZYF6njVI7FgR*!qb$IOn8Jy`oSB^O#otow}vcm)rN zJGf0!O!uFpW|6M}>JP9dgyv8k1yVZlZ}nP$NeMrPtS*~pl5rD{e3)wOH*%mG|2yc% zv4RTSU=v<{V%wX?F3`JQ6VKgXQXx3yy*kn6F3$i%B#MXyXaoS?-@RTprSeyC+1Wpz z%Jrq6^C4H8WQ=`5P$L7C!x$iRP@eFEEoe|mU$dc->RM)W*jO`Z<=mhk-H#(QutXes z8Ni!<`KQyI(U6BNPhMfeSJRCjJb~|1meKvYm9u-S17Zsr*LjD`Bww?AXN9^AgkUX5 zlfM2+3X#mmp{FEOl%`{j{rPE_nC%ONdjc)=DGu)Km0{v|OwXen)Ml9+(ZS8j7LpaH zOa$wHN)B$P-D-z-t<0P)VS^4;p)X*+y)xEfPg1b|Rj{E5kv+v8a0g{%xL+;4F}R{0 zj!w$mjdR@EC{4EkD$>!i_S0|N7QkDE6z8Ed7J8n)dRShHln#}JO|O`#UilR~gpxAn zc|IG;O7XL2>PK*6CG8SYyqpXD?Z={(I=DVk#mVC#yk*11*gaZndK>lg1{Gphv+F%a z`_wkNy)%&svfX;;$0fXTHxAHEJ~29AkS6Nj7l779{aX@>vHG>+++QYsyG>{F?dp@ao~!MRwjCQD)LQ zgyu#K#DqJ8lM;#D{ST=rxDPqG=up6aEUuYUu}no>hKBWp_qbUA)M+RQY#w(n2lM=b zT7d3izV1b4z8>+C7`P72joX7X=3h}AS$=M3JjmLUiqZC)H|^485TfSEB#AJdExI*c^Q)2tR-iOv#aepHnKf$hEj zTkh#7$OoX;K${z(^+x;LWgNv1mw&n0_;0@DAFqAv;>6oK!!7V6a~Xc3xo| z^y7PXfprl#ou@KtHQzUT6N*&t?=nCF*4Hr}ggaoe(CjI6J zPr~v9R{Fe?iZ*piNj4G_v|%kOL1zkO+-07653s9cHaV&7^EzWJsFF>O!V(<~yDOiv-lbgBLxW4yx0 zhewS(Ma{HlUjElfsKH_=-hdDu(x!{lroyS=DSLj+8wkSg#%BY5MYC=}>+S1Xtjp_E z#E&7TtTZgRkt5q5<*T`!WlV1(sR>ntP>MT$kmNQtn+^;;IsI_!g#Jm}M(~(rh;UkM zXxUg+(_GA8$zLd-zkmx2=X&`Ll-C<~3e)@r9(lK$vP-3N_9bLdi1z`vN9@O`kcFk2pFEH}#S^Tnjxyu!K?ni0diKU!|Owja0L)s3U`0*fng|n_J9V!?nS$ zDd1k`h(famAFU2sgFEG`mu2R9JVpccZ`Bn1$!1p?@Ka0>yFLm&BcU{v(V65tNIe7Z z2oEVwgaDF@{B{2)4y)R1T@)JtSo5$(051imLcvoU<(J8?WP)P7TH8)`sW3u&{$F9Es4@!@J$8t9{jBTqCBJRM3` zmd`sO1p31@3wDz9hy2TeX{=61^}e{kr!zv?CjAh)49SbvDD&TXFEd=dWH44X#lGtN z0}RYggOCRwE0%N{71x;GW!L87x=~3m#NA0o5}L!k;G~OezPv~Lc5QA#wkigUA=f$IP=-Xp*hLT4%ufY2QISsY zlISh8$3y%{`43TtD59|z7an2pbjYJVO%qwao-*NXHJwQiO5|_*BF8VwPWq+R5abaZZ@~OVrh`|f zXd!Z#oVpJ$z7*Odw`4mUjEGm!1B(Gj^DP&*CLy9d>xZtKk1$4u3hf<`J|ySz)LD>= z^SWjHW`ROuMa7XS&Nj{O;)c$EQIfij{RB3ntVEJi$tC zDZTUu_7GAR4?^=q^Jh+YH~c*4XYYr&BKL>$exjcAk_=5aUE2zZ< zhm?I@oKMg&TNJAO@L)xcV@A8U^WNvsBAjHDwkbsh%`eKhYnuoz=-gp-tyM~2sgpml zSLFK2$LLvXj-|S2l*i?&rdKjL4zq(p6Tan;EoK7Q>O=|XjRtoMA+gne_&g{Ust@6M zYV{b>QO$>6DeCO->aeM|6C^^vFdtyF*n4w>zgyf*e*draEleS?&48O&xihFa-OP|^ z_TZd5iUBu$fJ4c_Fql6AGTu{7dF~fMoHhwgu$0~8Q3;O^FQUJoAC0hzM2p?Tn}@!M zTO)`xO}N|Wegdz@_mkHw`IlqB?Qo{@i40!8w?H^Rcj?B!%sDk`DuMLTW7HUzN>hT4 zCyVDvsx(8msB7bv^NBwVPn7frml!(nEKoH9>AXfu$g{QTP`A3;K(^)e5zAA4zO37G ztc-DSGE(dq!~ACzUrbq8yc$gXo>Vv&X?&RV4ZPG%!DbYs3+43U^L=mp)2N^|H_$#E zzkF)Zu53*B*&{^e>-x@2b#ndu(WQB~Cniq05~1J>$dNs zWUpJ-(N;Dxg`JTE^9aw(-U~ysR}_fCN+uU%FT; z05v}NH?Xa2dxDg_Q1~MIx9XrP5u9#I=hdC;(n|viaPZt?bjCA2Hkwo8gWiJw1CA3# zgFqHpX0c=%jz6si7PS}VxFUR`8Qvv+juUFMa6SCS^Z6#nWg~ ziZUsQA`RqmnC~a#kkJr!JP@!{f1dw)Px<#xg5q#k+?Vrf*q7tqo#^9xDm4Vke9&T~ zyL;dr&lO^ecwhLj%LbIj8tFG#^r46hF;hJ+)1Tx0ulP#pJh=Y0ZB-JF9ZW#41ch8m zfY#c&!igoo2Av)4xnRL0>cl3NegYicsqOQ(x+5;!S5o21C-|V7WdyOYyL3O7z1T}# z_J@gWmP#+5P%uoE{qM!@;un?EmJoL^g<%W|)7PaWgO-qEoBpvAn)zyWm@?IoI06&l z_7$;`l?p=|rPM0hYI&mA@N-N~Dg39vzE*+bvKP#9&AaE|?@`=18AZFdjXl2>lKLC+ zLZ0A1^CMI-M?BQ(6<%nMl##~lNv@gwbE%O0VRU-|!)Y9>xIWC^4TdAw(e2rw97NK% z&1C3h6+KOg<|VV-hcZ(<*1z5vU3qzMWjG>KsUsZYOUIYF4t7Dq8GyRLQ23NvcF;7M zMGPz&6U4vxzPCpk!Bn&BC%bE?{D34Mpw=FEqwQ|GNtj_IrlfOAE46Mk(L^C1|vh0^VoO> z?TT(i{}~3PmN-)YBO>xNy@f;w+-uEC-ObJcG8b7F&y+3mpK+kpaLy~=Oj=^KqFY=g@HRAkc%;{6_W1aq5D zDd>$L=w1AZXf?}sGnJGhQ|lxM)kAITPPk?m)<=X`{p<)J?Zv%yr@Pot-=h%aXtSwZ zvNBXJo6^h|bC7O8cL=D6E$P+GL9%AkEGhQKh}j4a;b=`oH%2PGn}YzgAa34T$GmOV z&`tZ>F$&!n@>Iwb|9CrwYg*D}`g|0tJ~bGCxt&PXKgjE2sp9f zw|s3Op-y=GHeX#o{8y`7oA`yU{Sj(iiXyp5b)1RWcr;d1^?_^8J%!C>pLAl!97jFxMx-38r3oxWZXl)! z0Jh=^f!QD5{9s2Ib`G+Pn#Y@1rkZnuy;{*qyw)g+{tp*Y& zqDTLOu=Y4pueNlKU{@EdW#r&{4OTlhNXa}He@G2Mc|`?X?#qXpquj0c8CTzbkQ%J$ z{DFVN7O=n2S;ZwFd+h9dToJhVsdE6Q{xf?;Hm_K7hYSAm>nvgItV!2hPPL|Lu=9yc zRWok5H}CfA=@7DQ(#I&RCBMdmgpUTq4_@JMnIJI1alqq|uQjc}DCZB&>ouK}wapDd z{Dc#?`T_;1G!3ul3ZWN`{YPamUJ7cm7U=%Ih<94bW44{1&A@x~i!EmPwTUQm-H%36 zoW~>}vxmUEpI9 zvH|Cs?}=XbkJ@2m?l{r+G(-01w{-|gFdv`+-gs&=f*=ddYxvW1SLUvF3b@~x|G=b; zv`&2MVh2N=ZDLIQKpS%l=p;F^*fi=bLGE;vO^1pAB3qFLStIInM{b#q^=eUnErNiY%r%hU%` zNlciIXTpyTNxbVk7<<%b5@c+b8g^E9_m8@qR5{ZVh8KYK;B|ZM_J+;7U{OMq|}%4{Mo-(LG@ZqZ4%HuyU@;ovR)zzNP35P&(LF zB!EFqr^#DP=VGa@Kvn4wjNqPjhI>z(|BnwX)0{zuo8q{eQa#>ZTqR#9)K_!P(r^ zMlGbN3K!w-5E|?s_9!X4iAN!9Otkm|{7C%EwS;p%INq-&Gr1gD)qe+b?=mh9u;vr8 zY%WY!91Rxa+sEkw5=`&~UG^y&0=LrqM2zRP$6LuO~H8(I9OdpjyH-EgIBtG;20Nwh@mz8#h zWVCk`Qqo=0(jna--QAK> z(wh*F+;k`nvMCAazH6iBJm>knzxUqzuOHldueH8w&N1g0bIi4ItHzDODl!$~QQ569 z$Oy1;!?lv>xqnho{!9XNU5>LA_10Jn9~LXcE*RHgJUm(H%e{qi39uIT{wS4~UkDyp z9#vHRX7MX2lo?1qc)oqPPf#%T9*`6Tv65I!Cbin=ne*K9;q-#}Ff=B&pqAv+j|=mr zEs_V>&tq!P2C*o#a_@7jPR2X-ETvz`s-S9O-~!h3vHVy}xL2LDLY$V*(L_gFZ9tHW z%S}?{{TC+%-8*YkrZ%v6+Kn=!Uzi<e8P%O!-XW-6;bFpwV@?GEj1ivZf;Gt*Gw%#Bx)l!two$S?G zIv-mRSq{8)FIH7k=4X0U3<>HA=9j20_JD80KU(15_N~-NzwncsJ+|zC19KfOs9J+du+EuaVp{jk)ERKi_e zp`Ha6y|7ek?=Gg^qHJGEZQ+Orl+uT!wrkA121f5hcl|we8x)=-a*yG@`3rbN=iyOZ zc5hKE2bXoNjiBYE$@j0B4zi$@ZS57;1#Do!H5TcHtr>*ZXU-U-T#Q+CJYuzit8Z$n z!=ey3g_zZ6SdG0qka!O5jl$obW-{t6=-SV)+b5Z-3 zm-}HP7aWq~L>&-Cq>)zpx}H+$s5ts%KfQ)U$LC_sr*CKh)QTtDtin8XqyE})pK=yD z0c(vP1s1guFQgp1^0F-sfDRoTDQ!nMu!dLdU>ciQOoiQ|O>1gX*w~sM2I+K>p)|d- zYr(!rO_p8Gq2Np4)@C(re?ZE?>@R(CuE+7{w1qT6Ktrx#Js5ulSfNbvv;ZqSJ8qsA z^!>$4&J?bBvD^mC>8{#A)z0GmQpn^cP+#lmNew)sjUZ2Xa2XZ z8ZMzurB)$WTTfL12ds}y+1~c3fPfiTn;746V!T;(H2Ord6lJuHsDK11B>McPd~^*f zC0tw)-z_B1^ye065Uo#~{lig1d{Jp~a@43}^b|x$IU#nb) z-#SkvETiy0TMrd5_Gq)CcSN^crZD>=q@)9@q`!AxKfPT`MqJ1E8wabn)XoI|S)yWt zks;=ZfK4&Q&iN?0b0q0~*k~JZma0P07rOGDNWCT|iqssw*R%F;{do>JHA>!7*R&8! zS{j))Q2E3e3JHHxMbD5(fMe>zizxrt^@l}ZTyA$E6(6KYr5PjTef{?UJ4?x5;jPn)+%1@N15$qxur4Gp?M>}ZhC#Z zC3PMNqQ}K3oT^DTFWzkWJw_@j{vpJY!Uz``;5uoQWC601F#ekcG0T|68NB*y!1IFj zdG}2vjG_f}R(2-WgG6R|qir7`Un-sG$ymM60lAL29h&WIp10UC8**^X9vsM1#r1O6 zwGUXdr^E8Nn~>Kw<-g==K-pZbnB2Xtwr^lBNW=~AGbcv%$G|0jh(JR|{=<7#MCxg~ zRtV^GkCE?-Q;)R84kRDHY{{UM8@qN0EBrc>&K@uG$#N9eX8MkDPqgT9l^LSd$vNMKl(-YmGxTBnxsycQYMDFXK3R2;EgsZ9%!gd>I^DGUwFmqr-{Yu}cSIScW z(!2VBGYWt0BM-%xZ+cc>CF9#X_F@scUbYT8KqqJS`Q?Y_z=#f}p&|*OazU7B)WjDN z-39B6l}srFIB1%$U-APJCle@2*J$+15fi-|IBTm0KfKUl$mz03A6W zwch9Eg}mN0f~IJKI$#ZV*1I9llbnoY+rKqxv)kH?nA~8@T|Hc&jRQ(PjY4q(#CHER zhWZXpH*NQBIdJFb&^;GVM3h(8o(pJ+g-O>SgFP)G%$%*rk0xl0<-r970|UJ^ihGJM*$$jIf#!hI+`hnl?Y07`edzs>)`WA7G(vq0$HxibhM)IVvi?-80;3#~g6lN` zM{QxomrL%_xnT!OZh^aMt;2Exv*pcKV6Xzb7w8@A4NS<|+)D8Mo;`sGs+X0<)Xt~wf0+;NZnR>26Y)si^rzv7UKR_n_CqgN zyUqBBMnI^$#P$~6oP_@2L&Sc4}#7H0BJ=DGsx?_I2L0piwB9r})_u<;?gWle4YC=`-qiNQL? zX`&(BM5deXp*ubZ+w4`bdihM} z`or(85i=nbnPZKurT*ae4^7Oq{I(6zxq`gz9G;Fj#Vos4zMuOEDL_Est*p3q z0|q{kdyne4@2Xz`SQcUIYcbRdK>6&jzQG4SrjUjZi9)o`MOjV(mice%#*Yleg( zFc+W03yoc}9?ef^zW_UjU0xIU{}ceu<=5|r-M4H$=rYSg6#ETx<+&*$O3M8ugv#53 zCJx)ej#?9@X0v)}pdZ}@g)ny(RW`4nE8^zD$#z7+bFQN%k&o>WUR#w1n;o{CXZ1O*c4DR z@deVKSPhG|@z{WlK}3ntB5o@28$c+E0EFU|%rSKR_rcapKRKiC7<6lrvLg7OsuL*u z{#2a=A^}OudQra@S1S!LELB&!_uEVyve2C&xmMd-$xDQ1S5^}v((nAKI?JB@U31c5 zPBcJk&PIgWn&Z99EEq~XjR)b8UP-nkRIP`T^=4CsF56}K4?4vQb#jLq{8#EL%)kr~ zX>KPDg~zcy1X-X(TIo}1pjPhpiyk#G7VXLZ% z!)k9TBq^eVV1S|%-6V4}-u0KYQu~qYIN+5H)X<*vzK96+s0NbHgl)NRse%hTN^_8w zypKDS?XW0bq}9uw*MGrkA!y+?!*~w8ThDLBggLT0fZt!`ib|cD^aF!c1vxSfQ@bul zyTfdf@1`B(sMWr&9#RmniVBK08Ej1&#=c_$B+T%VRu>0C;sD^l77^_!Ou9?85M^MG zH`UbvkdB7T;R55a4(a|~2C%}Snndf(Meq2hi*sP& zQ$)b4MzV^QT=gxZ^t>818{b@b2++Zh0Q})yM~_6A00A1F2%XJqqKhhAG)u!@fur+Z zE>Zou{Mc#Dw&PvHzLDl4!+V4_VwC^hWDabkBQPYzRYP&|f0%^YvZa-gP zmT-%oT?8cc)<1nqR50UqLWf%cJV_iK{g=9FF8^v9jpkbi0}F8?zs@alGf_5QjcvO; z1tzq7kot4oL$`O1uh2%qOErl!vzz#%Z`SyL&&R3$xmpFnAlZU_b4;v#!j=w{Dv`Cv zTtMxM>#3u6RbwvsjzdZFLwBp0Pwkz0OxKy*f|(fCRSh0Br@vp3Q|U*H8}M zjGA|k=RTnHI)w6#*~>uT4-nf$-%wpBc^<{7Y~)YM0xe{&fm z1xB|fm)A=gN>I_de*-ME#hVaTaDr0q^)6dK2si90;bx1K9;Zo>1(m`R2%rsJ#S>itvwE&9ap zwHhLVrDHE*A(4M1UjST~L5+I#$-8C82x=M4-Z- z=J4qfubqt#%Ilf1N!lIS(R~)&H-NtE_8xn}mcY9>0 zH8Zdmq7Mmhr)Bgd)T8tIVeDT&_w?N+Fdiky1*zKuN(W7Cpb^ejYH?({`pdBUYhY(H zSOL;06dAQRw?d5yZxUnWQvP_x zj_un2oe;1ejuyyTz!<7R^RLp3ASPiIEst9;H~`QuV2c=pQrt?qD(Z1zfbpU6_|Q0R zDrh0?gBoBJy_cY_9#s>A%ork&`@q*JJYnTD1PN@z8vDok=D#*EKC-Xk>W&wkcj<=R zM@SE!Q`&^QR=eWJVD{LmC^YgvSpLA!Kdd;4FBX07)!xnl;c13|_*{e=7$0YM$^_rWMBOHVjXN{!M3!PGru1l!@A!AvNCk2?W_XbytX&scWpAe@-0u0^0Q#NTe=0?r^ zOJhWJ34}vr%vzxlaj3r|bi&x##)h${9}Ij5E=C9uMj5v>6LlIB@Gg1SkQn$9+@9hP z?Hm${$k@zmzaI*&2hk&BSbvmeM9s}z`1skC^3*f!sPK@$85)Q#;$&n$m_uvq%i9s? z21SJ4l*+*pJ)Fl}CAR`{#~G9lBS0{Ug6E zPK(x(DYX8y*H8mimTGe0Jk|X_m6uIq;U8>cL7-!z+r4b)MAA{-5Y-+9TxLzJ;`GJu zSFduw=NFzf8>E{odPUT~?IhUhq~yQ1G+rocW#@g&zgH-h=FFO!wo2bTZczN!Q@?t8|A#9LhsS}VcIx15iH;Xa4f(|r~)szpVZ47m65^9R!OEKRbS+DY4L{W(8 z=PnV@JzNu%RW$?>9S^iVBMw7``Yprn>|ryqXG{%wXWkEYyJJnSthzax$Qp|<;Po54wNZ$-pEGAy z(o2)z+%>{`M9H}&8ZTn*MEgF$%~JT+E+uB;Og8Xa58Le~oeWrj79E~W?-noz+G6LB z=we^*a+tKqQk#C*Wf05 zn`44od3U4qKeEsKtrvXR*iWQ`n5*b^(M)a&BwXX~ZI&H@%e3i6X&~qg-Y}lwKdM*< z?pL{jK3>0}tEQ`Aa)xUY%K4+U#a44Hx)=iP!7aQiWu1d@E-Nq5WuIdAg8-zIw)Bx( zC;P6IUpQeC_AW0^Aa9Zz-kf*-6j-|m{|gAR#z!P9sW< z0DRl(wn$KNyY`UhvN!rgjss24C2?z+k)(DqVt!@6T*|VP-T$)cZ*F^aKU!e-?V1jg zqgl)qH;`nF{t_z*~^NQO(RZ)!I$i@zX=-AVc$Rru@wY@cqB{c?C*C^59I zlfYY#6!f*!N*Iq>za3HsU>BpfhS*ulKti_ z8ty?0h8M`Yz?ry~y1eQWQ#9z-j_9HOQ1Wfxk1tkE!57=)?HdLY>Qo|vV`I|7TJk_m z^k{Xm0SL-}%a5dN)Xi&~Il(I3dwFYl_&LRs{u`qOT4>2faAjbB3}CC*q0!=8Z0N39 zL*`9JRS(WB3TBZ)>xmbU|E#r2`jEG013uE6oSPY{xv=lRgKr z!(rOJmATOLQibR?2HaEYuMZ1%@twBu_<;+y)I5+}PG|je!{}?Wibb zLG%+5U7=^3LX{2WO%MC&m&4xhH`NMlXTDwnG zgkQx?nq+BS7w{iVoI&$nBZKgh1~0=^Tm{FNtKyqPp3!K=1lQ* z*XNPkoMx=$jAI$zkBDx08)cZ;f31AKfA$%UIX3ZX`x{~pv9}&tTV*Su7)^=Nf$yEz zvBM@9lCDH>bNljm4E7+oR-~Mx!pL_1!3aCQ47u+tI9nWrw<7$af-pPntBkPkqjSJAVJ7p@Rh)f$#D5r zG<0^5sQDwh;ezXQG0zjtf%Z@@h_TtR~WSWOTYAi zxN7v-fPDJwzX}gp(<$Y4bX^)p)G2S(3`?`JV={X0hjSDj0E6v^cY8iA!lCS^6{$B# zROL?hAzIugQC~PsjgFK-$i4S2$Y|GNsZ6P`s9A=vS~-uS4^5xp1!&2tcv%>4}s(W(Ew5Mmc4hP#GN~O;62@FRao4xjNP&&LU<0qwJ zk}4A<#UVM-0T%cWlCiIm^CaIqihCUpejG9Zj!NWwWi@rzX^mF_$%*bFn4*nqghsbk z$8C9DbOrC~e|!$Dad0Bb0$msyff_LaGaTn##c+3@8Nj83b1oG>b+q(WgS-Rd^Na$z2MGC?cdm^Kk?epNZ zNkH^#qcG35gNIb$!=y>K;XR6oGU!8$**7Q3w2Y8GNR*_AdALJvT}|z!O=#~-JguOC zq47+oolt%fD{^`gt7ui_b8ueR?cP|x8+#0z=U3>iXcSpG8TmDBnJeQTFRqZs??8~t z1xjDkR^#rD3;N~Lsvv#dN|#0X@s`E9@s|FN?2a2}`7UQOd8U`_)f3NLz@2Hi%M1nD zdyB!|6ev=;m#(cpV%jf4%Mdl@7Z~d?Z<;(_z+VY6t6VxK3bHj)bB9n-D?dGnz$EUo zIzpE1>QeT3M#>|*QZzVzGxB8n>dPp z4~+w2-NEBq9o>BA>?g8CbgFp&m&L)a1-qi2eC1=RUMgkj)r@2s1oC$bXu_MO3k+HC zsrTqxx$mrbCoc;8rIYs6!VSQ?>doqjVRU@nn@%W(owN=N45C_1{MO|6Wzxsj?2HwT zHjMP>b)lNDSw*k#jt5gr>s(@3RLC7PC ze7_8}Bq2l0W`*|wKPv)t2HmUqmbbo(fVIZ{8u>U9EVjKeAk2=(F#=Ss9fv$JUR}Z?| zuuH;PBP4*apM|7@mS6kyV8zpaxRR&pE6L(Jtuqvdc%3b=e}nf+ylpwjJB)ehvzRG- zu9!Xc`HgEe4}~BCy1d_N*spp6!B7nAQ#N)DS3@t{k%u$GI#u|-y^&L4JS(5Y{rCY! zpSoxPu+NL)B<8`icW2K!fyCftBXgM!{=A6}A1lhp!s8mNk0E1lhPbU~Pb^9&b-gtb zuwW=c(MsvbSzqSpfssUYF8nS-L^-B^V6?oZ1&#^BH$@^+F-#br!~Z$%u25dVVc*V) zKJog8QWNYOJq`+$c1{ga7RR+boT4Wei#yBeE3|^^53FYI&qx}@1 z2Er^2Pl2r!j?(-Zp7z_3jD>I`%b$AZ(|wL$+Xp8Dv(j4OuO~*@=V_+cjEfjE30Pqa z$N~c_z;Q}>^`YaNM@(;}A#Kdo0}W19e&l;KT9^}T>$FCRr#?@V@uB#`< z5H(PusA@JzYy0Tf_j{(M?oficd=HgEb#m_rPCE-h8t>W;;h5Pksr|KHBHDY#0AmVG zo3o`~sDJ4fzk5M@BgF{+%F}{M1c;b`4x-b@GW(i2?V;v-9kyy{w!qX#cM?jhvAN*D zb2zw*aBp?LA06r@fSkpKSa@~>K65{-P)S}CPwcDAo#em=+C0+{20sw)xkH!1_uek$ zpES37-+Y3mLBL)S4ijw~jm<{_k8*k<`3)N19__@aYjFK~h6)9mjW-1iWxfNya3SPdo}BimZomYj$({hkN@) zC1HV`wM#^G=UT8{WRiJ2@C?pwb=68eZFahbq@ULW&xPyA<^P~J97=ei5Xo<7d_1j( z1ghW;$~Oq+F?AKYj;v!{KVQKU_Lyky8 z#TTyt<$OK}qYPP~&lLx)YNb7tGS}afq~#DJ=5l^fuRjJS3p#E~`+Rl$s&1^uC1kwd zKUUGBdCqnIFeWQK~K@;q^oQGKKb$ZH~ELFP#nuTJt; zB8%cHak;9J8I_wYLl>Hnn~mg!aQ1GDl98)(<$OqdX#%!imAVb|l5;Ymy4>;UO?W?! z>srlNX5qb|;(bZTKSRv+QjH zu=!eq=7l7+Be;!d619v|-K9WwIupJ|8xgrC9OrX!v!HRU4Ptb`yfNlgqpEpl%pry; z-@HH*r+#ThY^W$R$QE+FJJi{Oqg?;j&afgjcQO0B<@So2uonOEZ1~1Yj)#O{Ot@ zO5bm7fZu3-nH}$ECimlVysG}yvuU~ZtCUTr67wVQJ7H9^0oVI+Ber^9xDq#TtnOV_Mql)&x&|TNndN@GOS*{M*}xaUfZK6eBlxKX%@$ z^Z>V5=m+2U-HI${6v?y;)ssw4a-T;KNg--~K2sS~nNwH!2%S8voFAdYASeIm^_U9B zSpaPyLE^TrH;#hXwoBBVIKH0+;B8SZkXE3*zi8$~y?ZwE&MnfBso?lK?qn)ZSIHo} z382)tngs(ZDB(Kd?l89~+$4A>^YlI9=HQ@tefMZaVPq1!!5P_8Qe31{03=Mhbyxk) zbiXh4%D=VMm7UhHDw!%LBgVh_lucC-6%TvzyLDBJ`zf8^#cb$Qi4A3jLNh&4wtUP z@mmGoKM~{l5mwrJ3%aMNm-3;Y#x0h}3;$s7kn|nyr?4Vw-mw#K=jf|zpp#s1C_tQM zf1!>#HYZp%d9rJpZhltIe$APr`{=vicY;9hVxR1RfqW%R(DAYnv)nNdRhH>AG2re38IyGga|U35vf zsP8)_yfqs;8Ebp8mF1;mf%K%~-a1fl^qFQ@4F;K)YUt%yzO|vxx4r$O`=AS~HtY}s zT$jGtqeI4FS1iYBV>Ir^Eat6zjzp>pU))V}@@l5H{aw6>g zOOds+6KR@-GBfRGT@aIt-#eHW?(P;;*Ck3p3x+o^t`8^GBL#-XA@3;DT`&<{Z{COpWILr^eHP>kF{Eg4H-z7(yXWGFC zUZ{ykMO0~#fgzV=saYIHtyLe(k5_V-9YE)@{z8bX_0W^Qo@LARqU*N)0ro`6NXS)@ zIrFl?{#6bN^l0IU>hx>XKi>ojiuyScQ7yd_vs+*D!z>rJ&;>EEx1X-zbC;6*$6i`? zFP^XsvP75UA_mQ6h0>I0DoR;%s7T2jrt)y%R}GfF^Zw^e>dbh}{>jD}Iww1f4&Ovu zglMx<_Hs72DBntiI5;EYLLc`5j!?vF*2L+mMysUrD`ttpTXF@bCl`8`A}(qv_0f_> z1c5&l$m3pf;J#L*+2T2Do=Pgyp$J%fY0UA?`iK>0<@Iit3R_Rck4?G-zQc>u?#dc+ zOkedgO!%ZEaB!C~qNt5*7`p!bOZ_r-VDJYI>HC2p zvM2aD*wESXUSx`eU4h!XKHa0nbh^{^wmamaEcv%`)Dx+&lv#t&{<|wnbVp) z*HEaMf9j`W+Ca10>mou)qRO zs?!B~k_ahFZ8+YjS@8&MAgH#BwnKK4wo4B{_Xp`?@%=CABR3oI8ZXS^Y6H}dDlC0S z)l@M2FGnAGbS`qyC`UZS>RG&m&khP5heX7%FiU=)XCoa%7`qsLbwv#{iEWbECju`r z3!GNHdZa(sS{P@}sy)`UDT4F73SXup72D2Bb}Fjf2p4a#MlLT2p~Vx|u!)Q^+X(1@ zAnh!ow@*xsx0=6)9u1D?cSzIXxUzX>p%bDhHu{l3@W(=0N!ST~ibn>#eW%Z><<$}4 ztsC|mdV0x~k@R%)i2{c$mb9~u-0rO0tc>WzSr*xP3j+^%7N^bBT`?hAx)jfX6sn%O z3dckqY5dMB$UX6v&zbCPWpZESvVmVjjlc~BjL3ypI`Pu1LVxeT=vqcybd3c(yDBR zpGCW&ilDD9tAC>#t@>coH1x`7bsr-K39lkgXL()ig|xQ}FHxi_^6}(j=1Jy*7~!R< z+f?t^4(?(6^^%NIxo!rc=DJ%ja}sno$>z{LH~1+(0eVdCUr%jcW^a`j!!Z-KwBs1i zSWty%*0w)0Qu}g+@=ACVmhZ7JbUb}&T+%KW4hU33*!a?ay?@C66&(aZaTx;)SXw2z zHW}G(_Qc+|h>3F5KTAs;+9D8#Z`+`=jf~vi*b>~mQj=wi_gy5bW*ok>>F?Z3Z6Sz7 z(yhjEVQV8P`FVo8?bqID>N;W6t$)#d3Jg;dEM9`mHgBjSHn?J>P$-3j%)1VREDHHq zG%QPzo?L$kLsQQQkSA%Y8QPDdggF`Oz`M2>8>@_Z-ci#Df71C*-YtSn7Vp*1mTQ;@ zUWJ}U{6^e**C$nedJ$y4nB}GJlh4wew&#q`tszH2yHO~1&+9=aE@|&B-7iy#oX8cx z(Ln&bC||gQ$dmJ*Qj3~-obRO1QnQPoD2aTr)5!n9YWN*CBbY<_hqm3YXS;eqp%*RM zcl7{ox~5P;igFX=&lSnkABx`?O$iU@jn7;fjhXSEEmL-{7&g1bH`kyDZEP)uDFy81 zf&$}g-@JLA_0iP!zkwYlEHxfaesfMOmt406{;}U#0d9Q^lJ46&rg)AK`IDdzx{4Lp z1AK=CuZ;T#FhX+ZbH-Sr7?zgUAL{mu`;~Ho4{j(1qs?~>ZLtw^FFzO$ajilxphEx( z@_wb%yoFKhIWI_tW9l@Cs9Ap=3X`Gxp>weaY?_Lh?l*4Celkz_V#REc$M}0p=OATQ z<%T~j7sw0k^vYm;7>fHI)}wN>In5&M@WSpzg!=GQj*%s$a$anyhd!}k(mralH9n{B zgkR!YX_UK9mRUhmH}1Cff8UbJ-|DIEyFn6cZpipCbB+w#i-{cLmFs%F z#5&k-BuQ&rFGsr`xTJGEmRwSM;|}>rmUFHwEOeTU5QFT!&nS;N9(>4ie3hMK$~H2L zQ)h3=U%dagw(x;-G!IZfoCnXnz^e=T!XKS^bG3<4DrngNHjL zeg5Q^E&GPL;fDWZUlSo?!lCgJrYHuN*gbyQP1FgODe`az>+VfgyU(JYY{!eF$>VF5 ze|~x7vtNokG;1Q=LlPW7%^l)!kN)tUk@6e)R+cZ!sbXf14k3m%$Ytz~RpIVPlsz{$ zd9vs2fxuUuMC6MZz|kqILF?-7%UiikMdtK1MLg?qk6UJ>H1kOG|_9lZd?ZHqR+hr(@LB#{{!Dj zk#iYmWAwUT4t+8J-XC-9xKUU7$U5mKuW6909h%_p3<@{R5Y?5Mf66s)emXI_ZV!O~ zzO~ApFn(@x9F9MxQq5BE_P+@ZoV=*?icAV&wxL7qb}NY;_?QM5jY>^V1+NQ^`N{Ut z=9lYq`XA@$#iv30Fd64FFM>esrD?wVm>`S&8=bVfAoaY9QFqQ836uwla~4qh+&&vc zY3G+V^HGJ089Y@lBq%I4R<)r|FLKK%fgitoEMIDBTwl<>sQmro;j#Ps9n=MpNH6dFixw@Tdu4w(mvccf0zI|P<9GN|tzTCQ_5vUMlWg-M#*H)rIo#s!Y~+c5UDobiV7kbu|*d ze$zso5W&!>0I!xS*ppLQf?-H*c9vwmmnKQxdCBeX7K!$}mBIt_6RGO9XX=Y*CbpN# zLjNmvLzcaFx+8g}S)~n@lJl-aD6fTKhGf<9fAeGnl!FT6C8=p4$HKQPwa-L8AP2cfu zl-)Eg$mpD}6H!E2cxrj2jj8t4ruzfLAkDKY)o9i-4hVbmz5;t5OPW4C>?-QSIA!HU z***ab#T#d8rjW5C3TnOta+PC!h6SKj6Dj> zKf^M%tQ-+L`^@e#0PbGg@Iw~C6zLNy`i}3$D}S+KAJl?K4(B3vqrcsG9Q(y4qq*EV^eSXtGHZu+qV&emZ#S6B$0bpZ_#^b6Ie! z(@i4Z!Ic_`3a8-Cr+lCgm8R8R$oR$}2jB-|EF1gfgY+L?NpnFNl-j@rwF}weoSvUO zC^f;0oU9$YQv@d-Tw!FnUbxo{dtcQkpk@UciZBjSt2dMHUNsgeMV+KR6;Pd_j&Mp( zi(zai7|S$;f{CcoE$RpTVg%|+9VPq7Je_ZPjyE0bCsT%D#NIwQTXzSXy$k1eXx~3y zPD-VDe+ywZjq)`*|LhM7R1-M@JZUL3-Rn?Pfh)}mApg%c>99aSe9-pq2JAGw)MgO7qEgd>fSUl(t^ZATUdKi7*lW$uSQt1pSzK3lNpM9? z?``G-`bkY2qp#$a@1P3D)Gc^UW79|3!N~=#m0$(E$wPJb1oa)GeQfX;-Y1 z-qh~VYvEFm!CNXcY){y9WuLD{(`b72HecS~xd*@q*}-RLR>P5-%9zjk<+UMRFMCn~ zWf7W}eJie4uD5_o(s5Rs$tX(Hf1XZB%fXHNiEO{*c=B5gSXbu%^D1KTO2GAKja@yZAaa+mUjZApesW}{p$%Q0J7G~7mnQVqaDUobAtkMqfR9$=Lxi%k060}o)+mVweQP?Q~Fyz2J7E3d;X2qx1W zE!#9TBzCQrQ<>kl9`a)4hVsP)F1RbO?I7Ta@1FT2X}nU$=JkylUgu))$S~tof+7be z5cW*Qro3p{$DAK|FhLu6<5*7|;9$xjjZd{MafdL7GO%Pe2xoNpO^EnTajy&!?M>Br%S6houxlq1ps2PLtG2>$SpkyKx6oe?J zAkS$~svu9ZhTvraZRIscWb}^KQcn0pSSXltP)U)0Tp+^*_JWaX7L3(##kgLo5}I z@oQx{{r~s{(0b)h=_A_C(V3_m*`R=2z6WpUmZYF1Z;0%DPyK*{SI% zJY2+#>(JjfN{Me9V~xdi&f&vUD9m=@Eb@qYvF28m6v8is!mz>0#_fu38%Sh?HplNI zVt$z2{LH1fM<;C&CAn}KQA0rxqf<@p(@y!zmDk)vK7fx@mE7n*Pi-=X&*(dA!l40W zAPi|0YIa3*P^__JBAZ#f!@H#=bl)k<7vNVl;)l3kx|ME<_c;SOV_9h4xv(uSvr~1+ zd5YPg_l{ol*^_PSCHoAZY2W-~P{XIL7U8a;Jo%>p&Cw!Jr4-@~I`o(IzB!lZE# zwo>}yc;$Fg3DJ(Lux$b3iqL~lplrtqJ$7LA(uI?02A`Ifxt8}{27hV-TuM%19=JJ$ zN5-uBEpO-;erizcjHbL_ii`wAe%MJUh} z=t@HKSLdS146~KBPkCGtpM&+|;wrt+WDVy z^To?tX2#PNwFu}33D`IxmqNrJNhyw7J!FBrgaIMi67kt_`S*#g@c9XVJpy`Rk&g5) z-ALU<FI~+LA`GRC@ro6=; za-7FKsmd!G>5lc{wR{g54g4lqJyuib9Z$vnieaY=GM;GNE(e+K;8ra8EF2TTC!ikE{pI?k(}?&gr9HoEf<7eu$t_tm%L9 zWm&q&S4559iLxAcek9O}W8y_FGi&7NUy4=V71hJn;XVteM=BF&N&t_yP9e|YTty_$ zWN11b!cUu-JCP-i)l@?*y5KD5Hp>P-Bw&GGJf}ufoCbspoIm`c5iU-2GMqUQUO*|%d;r8>Ke6Z0)PHIP#wXH?_xuee`*ia(fey-?qCo5Cx&>|#|eSx*c} z<`=(GBY3zF*DpYpaXBLqOLv%1u1)|Rhs%|!-d zZ7>b6gj*gnfLg*!h$WJ%!~)QBeE&P>$D+(tX0FNuF}i!T5R8w0+A>M~|MIud($(9~ zerkhoLVvb~4_LI~0`|RuALF0MW>$$a=%T~*lc1EkD@zpU^y$Ja1!uiac8rAtY$FJ$ z5mc9@vpo638(i)oAVP_QpJ@Z8i64N@wv?m8slIejw=57&ffGmYPmz|z!DD-Dz4Z4* zJ8Lvs;E%%KN2SgFoRj*FQ~v{@WCerS?!mk!gpvJ(QIhOeQo|=@A_N;INm!ob(|Tp1 z-4g}S`VY?%EEbfiv|r-W!eBgg>?pQYU<~)q|5gAF7nZ0oQCT?}^0dYzSk$--TnJ9a z;Q=SE>Gv>lp!duk9h4{UJYCi6C9-;yOPuHIWAi$q_?<0^sjEQ)gCQzTyjir7Ez&Uu zDT{UEUArVZQogM=?&e>1=z79l2xM{AX3cZMG#x-cVLRik{74FEnx9Z5yRVjY0HAYt zp=d6bSCZg&jx6a*;j6`{dLoPuoGE;BL*worKRhToUTdWA;qhM=vAg6f?`bRdtVY#Z z2>cUkWy!f4heRR- z#ffS)STXn8^%aCLy`I96jz7a;ObB)rWk;q4(oAT`;$y#4q1l3^Hd5(0;4R9|ap_38 z`7+fr_<|YW!XQ7FlDti_a4hg`W8~j=&`So3q;C+V1Vq_Wnd_LLe3lderA%AjvvJdE z^O*V+%{D8HSTi-${xbfVR`>go#@+GJ5h#7NCJL&E>hYm9m*Oit>DgCBayXM$UC+Xg z275>doGJOjY==14GMJ81Z#nnY!t?O!$qg$-r1ZHOwQYFtKdxAkMDRa0xH-gpT)vId z1I;}fuNs|5kpjOgukeL3i3;*rD#3ROAGaVduY`mhW+@7)({))IGf-v@fo3EbR4k|n z#22HZ2?z>Bh^A1bq$_t~&lnE?fL%3ef{neI9Ko)!Bd{~aUzJ$b+#1!M)VZSSWn3My znHpDOm%}^{8sEL}3{%1BpZ&0&4Zp~2?5$?1**(kd=jx30Z#Fm1%a1i9qMTT~B9_tQ z(>d0=(P@+N8I3Z(TfQ%9>*5-^5_*5;d z34mj?k~hZYruFf~j?fMj)lyRt;YZAbC4{Bqlbys1jpv462THqt1!HTJ@^m_RR30)E z!3(@`pIgu2f3$G-xr_%9^EkU6hcfC+J8nFZ!KTd3vENsXwDG~AN!E%AV=qi?N$Wpo z4tL0D3zgUbMY^LWJoay5a`>x? zq^yzR)ECk^q~|!1pR&q@6 zR&&L1cGUx~JM{Ru;|n|KzKoc}qA0E7@Q$iB$FWm3+<6~Kn-6rPQiNH5ZUQ2}Ehz<7 zbo8WJlLvFmfYKCzp(I$by!Wn%R3^Hf8TNgorSJA}LxB?ZH`4h>+c<(_pqp}~1)!^h z(&B6%TC(1(@bcpP036M27upa}Emx^ukD;f!$nh+VcK7X^oJ(=NJO+HWHzz{I>nvM- z-0HH|DuTDWSNEB?=_i-)EP=;5P1>_Xqf95 zN(y+c8tgF@f76iyOnU15o4x8~p0hWzq&qw?p(xT zNgUSoPkyToEh|Ota~s+C^is|y1+!p#bh`L4w-NaOX$}qu`q;%`FR-aP3<>%)8t8Io zfBun{(aVO|4uyB_1JAvC(;z8a0E{qO>7PUJ>Ek7_if5jk6zCe)s~>i8s4)=D+>5>NO21mj!O=DrOtyetI2CXb_KhJ8yb-D7;>uvW%KdX zMZ+^7I>l3Dv^OZI&)MjEFg^b+oVSEK=04>FcN3n(aPVE(q&T8gB+BU4;)$QBsP~># z2ffta*nmRdK6*47Ym|nFM>$ivqatx)T);4p=XiEppl~9WS@(C4lvG5YYr~*>_qzd( zpUWOy#5hhTYL79O1Qb-}3Zf$OETtYGP3Pd#7pwsZ1e&}Sr1A-{6E+MXYS1FHa4h`) zJK^O3zB|tG!^~?uCInDw)j_=p;47Nj$$;|>psPcs|9?NmEcY(KkWPdJyTPPsBdQV6 z{5|9F>XgriB2DE{IngP(FaI2asnACS)(6R+9}(NFwK*k$0-FD(BaMDx*;&mS5hw* z<`_m9EMt`uQ_Q_y)#_m7e8G4ub|*O#B5A!=*}_Y@Gkvi|yanzH@UCjaFe zcE!73Tn;sb8Yugj(G=4$M4?a#2lIEzx)z>V8Q%1KgvU@Z-am=2L>RGsQt>75Z>zsh zsDE=eEP)m=9$FFe6u#9(X-oJu?A+#1dK~E13;QgRy;O$=AQxKc6pkMPSZNdzxW%7d z{rJB!OMN2PZzRYMm#pMzm#Qto9qr)fK3y$w6O@tUpfgUP=|XqYd7wY4xw|@$3drIA zNBXOmX|Is7i|efTUw=rOd?btMkjr23_M(!swU_}w-Ux2b&!hM|`9&Yj%Ng27mZjrv zL(xOiOva3I(k>L_KRlOpv4U9Z{`LE?|J-zW7AU1O;`S$q0u7y`O5n}-eF&gj&c&fK zci4ZZkSV4AGwmtinMWagl)=$ku|vJ?2<_Qf!lmZ8Z#S2=Lx*@!Z1ce}qH6s=XAdLt}OP7?CbR(s7hYHdy(x9MpH;eA>?pPo#-QC^4xj@}+_kQ2+JLimX z{y1k0|G~jp%y{N~#eLn+97HfPT(ise!#(d+6XKDg%$?t`ReX&R_2~4OgFnD~Xu`j+ zV-C*$1NHvxi020gWW_M3Ia~VjWO-`gn?v#{UcLaZV$^j^@WZh9gF)jb1t+{|q>XeQ ziJCPNX@Bu{O9!G55)^xJz4)8l49j49ppcAIvXx{S0z{1PS4vNY1M0nAm@VRM2#yGwUA77E(YG27&&sAt3CLmbjZ^ zk}bmBBEOOsd*B#k$2Nxg7cJ&Di)K zqVX$r0%(u#^@fOT7z$lK;Jh!-)PS03tgYuOi>Ef3lpEWwg=IMi=xR~v?xnUHrjJ@q z_}<9A10FqqtY=ud%j`=%DghGfdyy|517HBW^Ms2y@*zAV`wHTQjx(l%8c3cQ1fFIr z;3bPCbO~akfJ1ddAuJz%RO+^I>OcMh$Olj_GQ?TBRes=NY`0ap+h8x13_q(u`IQf_-nbAcJPlJ%29PDe}ih1~+;@30fi+ zt6%wj<*C9CGwEkeH6VrR{-M1z*!|B8g&#Qxn*u%C2wPC0z{}~zPXN*yS{7~fRYJ{E zx6%O99HK05ED_9FeZ&?F1thTtsh)Vhi33s^9aE$EP?S2{lfTJ>@uBpWpq51oKj=Jwu%;kkj?bAwBun}zz_j!{DX>*6#wBPR#Ovi#laScL5&1O@BQq| zKwNSmbdS^V#LS(G=l~)3zj3{4i?DCgvW}>&$-T@`2Id_unMk^HVQh^)M0Mi!sH4?x7AEksq82=4td&;$Pj#^1hU$0{Ve2bfQ8* zj30AIn%m6sQ-+TAQ5yaw96%4$Nq#EjkN$~bEx#WD-~htkh9ZFg(yC!R!yv?yzJX|{ zl4mawJzIW5$R9qdbvA|e&aFJWSw;sUS$IV;!bmSOoA&R=@5P_i8KX)J9& zs!)*wc#8=Q{HmMUGm}VLcriC4*82iIJ>xtBRbF3i{pC@|LXpw>8>pmZ@*Gc$)09{% z=5SQD%r|L05zPUb>jR2LEg`6aTPgVwl`IgT1Z+A0Gy5}JX$|`YLNg6<=h|TbnX5#n z@VsT2b^`S`6Bp>*g)p9HP95CGQa}lVS7RLCZTT(;Z5kFO<+*nJt4?;KPT!72+`=Wp zVoO_wT6Y+xT2F5|iEQxu`?;s~_1{py(IwshUa?012a~Lb`7Qil%0WX#n;5vjh`gIo z!p#w6sfV2&AYxXzfb_=f4TOhfzA zQNFp09p1;-*wayenNvw9#6dptawXixDKHY~il}mUY`zeY324nG(I}{0C(o9j2Kvpl zKQ+^^)me=|GvUCr+M-H0J=qV#N*s{@@ zRNf}ULHRj4{27R2m>h{|*GAp=L=gDpS+c%m?%5fDTl8104E$kOnJRW+$`;8W?hkbH zfDQ=K9#KJ-g)0cTgsCu&oFH|H^QBpoAueVs-dDUCCionecw6|?4xRrVlq5PNP>}5; zdSi6M0C+&u2kNPwzuBeS5bY4+wZjqmdF)lP8t6k5&~k|fnR|(&FHv9*L3CtPV}A4C zw;MP)(mX=5Gigyb367dFtUY-SSO=GDi#KZW)_9K_07fw_+7%w316f%q+SeqnLG^-N zF+p}TcU$^G#=Zc~Vjn#gM0I4(Hd5T`ZewG^~F#Yo9VJM5uBF-|w5UEv$Tzv40 z29Z!Vq7VFrk{+yG9a8A5mQlyXHB+XbdW-B|G>%GSprss5~AREI!*Y{q;6wZVpok3*EKSsOP|v`318eZV{9GHyZ4 zpKd8Kuoi@GGf_4wn0FNf@BUT~fu*X=n)Cd0E3KD!IcdUXJMitYVmh0Y`Gu-1M^o>+Q^A-NDSU#(|4QD@5 zh4bqaKy}huL!1rvWTjpB<$-nc1}h7rZ>t9Xc)pW_#|65lXw}l?S#wmS3Q;gaJ&8{0 z2eBF{kW5wDZ}Z;}!3f-LSc=$s9RY{zRvImRQ%)f{+-FIxA zBLfHy8uyq4Stq2^9@N8ua?yBIRhk60<{@K(Kad>Pk6H1{C^ZKf|6?3eRL1B*h;gQn zc;@_9L}@2TZVVUXX@hb+Js4@Qk^Uknwode^-S09dzN@dNc|Mh zw>3{B5wO?L2#w`Is%K}J9IZ-?3|K-FfNfgz+?u;k;rF>eSkHnNDX``D1+u1>2?fM( zUJ3fyVw>lAY>ItWg?ZI<(%-@Vr#47$;$GACl}&Pcnxo?AGe-7nu|qDz&%O`~)d20J zQ*4VtdBlCl*w}9^oz|-^jZ2nqA5-Bo;Ydb9Dj>~2Kv{N)oo z2fFF7X5#4EeStwfxBS~bfogW$U$mL&pd#qw8b3Un{!?Iy+zJTbzaDqpGl>#lu}h)! zP1O}h|Ce#Rooh)8ndUIrHb?d-d9kuA+{Xm38mtMn?=wI6n?3e9!n0UyOL(q$9waXm zIfuWu2!fB2SGgyJps6YJI4p6Snkt>hLrY-^a(jO%0KLeYV-63=XIA8n$_$d=Fpm6q z;q35kNeSLCti z0)T6M&k<;DVJ%}oQfJp$TEycOykMO}h0I^9zifvfGVh@Vr-3~x9dN7Pb(&GclcJNo z2k^rv!2|2;wOAtfrws+VYJHm?%q@ifKahmk0S6<#tx?1XNwBtt1S; z!s=NhYsLZvg!^`87(r2soYJhA{GJ^te;MEX&w+COKOQ-?be)7tgACk15ys$thz2IOF+x+2ZYT;Wso+qSVAx?C1M_P!AF1wpzui zn%1BBj!LRC36Qz}1hH|is1ZpiJRiEv=}gBb?-B93e@VLk0%8As+Dqw+$TLuS6SdOu z-qv6uu75-gYr@NE`KSIo@4Sm_H1AfXo{`_?Z%b+;Y=S-NAvtxLZN}7aH~h4LL z-ztLij9GKl;E&$FC_RKy{{)c%M=5(I>3$9|1QH%uiG&nSfM0qAr93aj6HgrU$#LU} z0L&nqG!G!;l8m9X-GQbJ#JRlmXOdn)=C-{hA>oI=_kv31tMw&ct{+0S8G+d$yijeawtf%+|zj0@@5U1t60S2PE(8@g}T3rx2rC-Cm5!5a@OzmT;=?hCMkNYkUi ziRww_8dG>*ASs4y^Q{Y_iP-U;w;nGVxS}9c@j|* zTKrL;@LoRaoFuCpXr<&{1d49VR;oe!Xnh-ZiN7_lQbKa zQQyBcSbz%#;>JHb`2Ki0=q6nViI=^ZVfNJZ&G>1ZrPpXHxWNKy4``473)%)-__d0O zLvA}1IbF6{H=EV%(DI7CBl}|9in>5O5R{Qa$UoNe$)~U+Xks$&r-RgfK@ebovdGX8 zs#LTuhVI}oB2g8e8BQ5sy+&5BDyRRyeLOVz@riRFU7+Fp2n8wiK7;k!9phSrzb7YN zX9spWVgMviciC3p_XRhsSX11FZ0$c?(Ej<~P47TA=F{ zZ#uog`+M=2*a;cd%7jm1F+v&IXkoS@NAcF|QvAp#a+Um^hrM-^+NX7IR3Vjzehr&A zw7rj#$f9b7Of{uiUxQIf!D@hIhJ4Qd{Ezg6uAf4Lh&>HD%eoN~96*`0e+C_a+b;uo zlz*h!K*0Pj>RML_K?8*+jFHJ?5-C>#hODT6X% zB&6AKkmVUdaXaDkmr__h;HHEGXxndgZ>e9PnUQ;&_}0$oG%S8(B>GKiH<(C4GV_N? zYS3AP_GQh_*4L+|e_0&prmy%cK!Rrg9?t&!7(K8JiS@B?tQSh6*T3$k_iq`((SU+o z-UJgnwiHQbqms$${$Cs8-9#y%4MH=^Z0`cf7~|)k|1&@q_#Vl+NwBNT>9ooZ*!)5l zCb;N!e>Vpwhj++_Iz;-t5DV;kyK+}lMnO6LuWYn9rsM-LpsM^BtU!#vHNb$fBC@_Q zLrk{Z>%fYi_Ih+g;WR0!elVb4^#t&Obx{88m-C;)DgOQA zkZ+^yyNmVb*FJ(rvU=|M$KQGc-w5^pfv-igdai#wdGxUf<(%mgVU?2sx^`_KvAHZ; zVbfgMxQ(~jVBM$#E|VVR>$5b|8E=Z1_BJzQm0nnUv+g#{v$>I(PMRxN{I?MSFY{l6 z8jAmML5(y&qNIPq;l$wGUv1K=3v}Tw!rUl0*O*{;xyX!cLGhnWdf797UDiZLqKe??wU%TnlE?oWS1G6+A>ad0*53j)|Jf5ia zeAhqM3V$&@Kb+##ZXmw))rEcjW+`zmEzG#Hoye8ly6fB7K!3dL>U}nXo!!9t{x&C` zBA=MkECnra;KrTfX;*q;dOjPNQKMujt?md$r*4j;(RcMO=i9v{|9)=Wk<9pUE@ucT z7A+Qykq^9Bp2m=*3C?3_=lhn)wW9oc$F7%_fM4m^8$ah8oV8(%g7Gj3Ky zSoW@BkcbHSBLy#8o}`jhM-+Y*X@tn;}CP6}tQuI!mzCmizv_e5ITj;`f7>NwUzaCcY2rEtW#&P z)<8`dY2H(12CEf@^0hU-{UUzey|2zQ6nwnC=eUx(X|Xno;Uf-bt7%%DAynMg&GFYv z;Ht|b*CsD~vwM7(9aO4Ho!GC;piQ$2*j_vLEHY>}BIU2=IyPFg#eT6@cr$q^1E~Bm zZ(7B z`)RK2>gc`)|ELwaazwIYmSAV?of+~%Im9YB(RG(c`lHg9#si>+C(&kcs&{w~5;qgd z%HV+0t?ZryTY`C@r>`3r%^P40o8GzXo33nZeEiHNxvjA0Nl$>{?98)sO7Dbtwd3tS z8=~L}TQ;$0J8D*x>x*S6r>gtw$4$gjk;m5q z@v-%$E{j>-z@AO)PIC|9=NO~k)w0H4tJ_Y)y4C<2iXZQ`5qF^G{=LEi*FuiC6PkL% zYme`ImFj{Py|wn7=*~3n9*4^Nj?|O#&L-4pRGRF39hWC9!1I5fzUD$c#L>NaXU=jA zyZ!)opeQF~Ncq)+rJiV1imMA2mnPezyrHHS_-`ADaW^)Cm^S3~Wq40ydHIj$f6#sJLno@M6*q0g!nd7d;<$T`TLtV+n>+6s zj%!_6s;|zPX$2Ox*{?tIZI!Nz>~%R$I)Y;-u*GF;WlG5hhK68jYHG$PJ=MRhcTf;} zZxK09d6$i&=T^_bo=h0>f!k1dt@x@Bhu49tUNxu^Sz)SLx>;>58B(h%VE9Ga1FpSgj~nF4&@Sv^N$B_P0;?i{?Uf2`Ni(EhsC^-TXF#K z)L%3|n29uu>#SzlXx%qUyKcpQ2NnIc6s9|#4>k9E{beM3YFgUEu-EU!X5&bQy8N{5 z&o|2wii(0YJF^bAmnp99NT1AFT$rH{R&5tNtg{-XK$!?%&hPT=iRGf$$IdPpt{hY9 z#52w9A&$43W4yu%UXGKYM>tw|5Qw;cx@gSj9e;TNH_@izu&RHW+EcsJBGYv3tV3VB zHH1I%;Lod${%})jHBB-WYMOV=)cj-wWuD!!Y`2{hwcd{=!2NJ!93HsM#QQxKtmanpTd-g4|F@t+Q>)ZtKZ*+M)}BEN8bF9Nec2mWel${RLuOXlv2-ybXZ`l6)v?un8#4Ro zJtYl$?&+udz)|cu7H?E-x7qRKM7h=;e7^wg14~JJCwiaW?VZy+4y2NrRV)rO7F#=*OzaZr+tFQ`!2Yy6&t8d7yZu1-dTBPTo*eY4^A6MY?M&` zQS=V`84WrX&k8p^qgaPkkbvhmtp@CmXaj1WX>d=C9#+=2*kCdUeo_;xdZGHZqJY8q z%xYfs>BdHIfv)lg-v^p6TMLRzAoU&uG&03y{#+US5vqD9>HnxU{DYpmL7M;gWwd+$ zN~;9^|Hak>AWV2D{LMd>AwL=}505j0?%CkNwABhu)tue4gn!ayIqm1l4?p46U{)Wt znp$k#^bHL)l&yY1{Kty$fcdvC)pq;0yQq=?P5sZCh`sXv^lMk}c;6q$ z6uu#+$zeeWBd+4UkIRG!l8Fyfjn?J~`6BW8D8BepZ;xNShh zWwr^xDlTuGT=I(s>UrhR;rP|OxNKG1W2gxBcNzv#+UrH%{AijMI<^h5c_OR>ecx)( zwSLA&J>NXHu(N2~XE2|6uAS@XypWvVxJOgpJfhK)gfv>|v=$uio-qKbFE+m1w-o*R zBT&H6c+4sj4dN5@+&rn-VR!XF0``OK<=EuDvfCPaxKCImRRq>JZ+eJwZo&oy01q!1 zHUGqXfjw|>-}tiX%rDv`b|g@S!*|4L_6yj>t*wk%gwUSbY3>@utHB+vX=g#$!!1Y9 z)P;C#KiTP$eM0L2@6&z%;9d{X+M`V~MaVa~6JPHvnCZb5Z80+T_!kUek2g}Fp3!cU zH|27BwG+%%d>!ZL1@^r>Kjchn zDi3XIT1LGTUm}OSdCLs>Mmd+oZ(Hycy*bk4AZVN`Q6-eE8A z#0F{Ux*vgJZ}T(T#61_=e$5$B-6h=Bfp?Y`nCEELrqzD=0=xF~v+fBlqwB?G=)}Hg6~e0Hk=(5sa!d)^FfF)K%ZrK z4Wc%Pxg_Si>aP69aoUJ3dCIreqEGpjXyW?|k2TJB?TeR+u3fIf?S)3q^6f7-DAM*U z>8dZSFUd#(%KfYkL5hej4oH&`3?>aNx2u@*xn zES6oh7TV?V*PlA-VSl*fJ#%$(zS;%X?K3(CjGCqjo5p3vsexCI>(1w^^Y%;w5*=Mo zPe$EdhZ9a{@gB85U2oA*+XXJlYhxbvDZ7CS!}&D6E6)Vmj(7A5M;#jT*)rHo8q@cc zqCcy0cj=DPN#=;Uo9f=xkY`N7jlZelDPy)7)i#Xab#`F#PGjB@fm#*%!JK;GaXN5sP_8@K zX8>k8zi)rGN-^sne{I5hjBR!a+W$lM#n&KKL}uJ*JC= z-PQXxlFyZQ+q5&JV`u1_+v9@)Qc}0J9W{_`fFh6{u!rL^+Tt$oH zSUUz@vY0-_?vCLkUESuI5czvm=08c~NqBz+Q|BddWrt1+yjXc>a^Cfxvc?hnY~GCR zq`j@(P9oe1KdKEvy1$DpZ=Lapcj+m^Yinx9Oj)D6&{864-h+?6YwQ_%J(@9qNe zUbVlgBd?@`ZBYLH#iH_)dfd8aFgFA~^}`|q2pkbdJfR)#W}^Ps@30LeWa51K;Et~! zK*jvyg`2K6ulujvA5v7`c~^VrumlqkcF>6exG~`pClQ1RCv9}>jXcLwk%JBqVEfBM z_PLT#{%9E&2Um{EZq1!3BH$IbfLuGV$l81TLRtA?%>KIn=@DZaaRa?+30Q-8{&ZR0 z9DAht09-d8UTMRBsejTc;**X%vnQq8^)tr1Gi4Mz^zTX@i2tmi$C^IF z+cIoKc7wQ4udX>yD|Zg{aa_tMk>frGdcy!r{3xiANFV1GR6B5FeW zJa%?M^EymZdOc`b10^fFP;H5-9N4iiFo(o3S4U?pax!i4s|c~jjoU+BrvmIzk0yhC(YRIH-<5h8b{gPrg?Rp;I~>_C0*=zh9UIG ztxtJ|lhU{*-87H#s=sw!>`4It6YJUdG>{DtfaQm!uTBEaOGY%{S_9OHt{m&G?h_K0 zMzM{$5!g(Joo`inPd|^n)ICnyb>m6fz|h2hSB=XD?LFCL_$|ejiJt5EVVRp zo~x%XcQ@Y=w#5&C32h!ZUDVf{Rw|F_&Cd~0Z3JoUFN3>YSmYmeKgBAYzU#QdoHM%L z=J4bXr}3hnNLKZIcaZrgiDt)keB;y4C1)n4_51WG$30qbB&8EN_$s!sho>i&@t2S5 z+>YcWQp0UcCgJ9RP=?p`{dcj4^;^kI1_wdhaSd;Edf$d!Ww@ix>MFkoAfS331pnXk|48v3}wkk=Z%j{k(vcB<3XkJ$0x_>`M%+Du~9E?KJR{)ejVn%HfR z>m~FybG}!G!xU9~Qb;z~h($Gfon04qFt|)T)z$oB6Pt#K{UxLxjyAv!qjG&{MmaiZ ze7ajQRk^+|;mUJXZdZ}#n^)6WVmtkYUd1@oB7d9r+>nU7bXmD2MJ)KFf#c}x4WS-w zQ!kM=d!C_byNh&ZxMfql2F>D#J(2?0+jTMe0>e3*-G(#Y_DN08=D#gkimN%1zR8*o znsff@y?&F`mp$y$A2ct|!Y5p(-t~S2+>1MDu?}o?3w_sw=4cn|(`EI5F0kNppB(p4 zf0|j%9CHc7bKd2E4c>EcUV^!h^jN>PvBuW+p2UeEoYAhJ8zrwDRYe304G*sEO1h#< zs%gQ+Xb}SBZL&i!hXij?N(<+5?A@Z}?vK-&PPp5V>T4TOrg<~GHn^Gg`^!z5S5}0_ z1zp~&T80JH*H`Bkt=k(~1KUq4zD&b;=FpFmTmcML|ErnzC71c|SlX_;P&aru@^DPe z6_yLhbJNW5SVlV^T5Kc8WaB;|@oSSPyV;iI88^7=u6H`%;khqh=daU(Ee}geH#R_b zp>DZkvhBKiO4eV#lg}Gi59!;5Q5;^XHWxS84;zR5a zM^$M6f;epc{UF19ce@wN{Wc%^ZIMBb$3FO!hYu;!FJqZcp9MkuK1lUr<70$8dLdTTg$FCO3nchqGf&3i)G&8rg4E&VTB?jONxkjvl2mx8 zitO1$%RxfVsoi(yaI--$3JHr+zQJE*NM zx}cCrrWcKtXuYq&@>6U(M~-`A<|Nu2>!v_-e zp5Xhvw0Fke@)DL__bKA^g+8h3?IVAxbYBoxSvA=+^B56HooD^bo~Yu^o$CWJA$~~p>4km0^p3^onI(_xWiG~{lV^zo1G;JNNW5c*4I48STfvdlL&OV8 zFk%>**SkB+A&p1gViGjT@*wE>=RyqqkVeYrgR}2>I9Q*wvCu`tPy$Pytkh*Jgh0Js ze`wJWM&2RDj1;6hG!`@@+dL!QUfto&DJ_IcgR9`4mAk&~oA@#}0xifm`%40tZ7nRO zwcL-LI5L={^2^kgMuho3*Unx}FcVV!NvJX)a#V4jaUHrwPr9i(A^E#wyAR)oGoDo; zD8{iq9v&Y@0$**zL@>R9t>(3O%q1u+_a$1-(L}DUiy_Y9|Hk8OQ|{ z2aLnbCo)L1I^>i}hAmcxLQ|9ym(s@vpW!e9JEn(IKYq5GG4Ed(Hj$;ZyMTG5lAKdeTYSEo4*CUS{MV|-E`hJyX=^|a@HTGf2 z`^<;CJbA09Eo3ih+&UbmuU^Rjzg$8jxmz#)4e65y6I;GFyn?8ZQ0NS&7>7`(0K=ie z2Cj6J>KB6b(XS-k*)!?eA74=GcoO6o5Vm0Aba5O%g4I!DZ?QpH@nAi|js7fe2B!ee z?cdb9)xz(;q8VkUo_}0>IIK>CZ%luhYTDc%hYD@|o_j-FS;(0j%aONvO;2S)I)tTq z0m{LrpSMj+w2Ve0{8KTFOM<)vnKN9~r~t5E(#9CoEC-Eu>6b;+TzD!}kmwWdIYeAX zrInP81uQ2U4n)qYnkZ)I;X90J3D%k$6v43(YEN<2NnEkNTjXGWcj)-uwlV4HX_JHT zx)}E56!5Asg>D}UX;sxPuV6-avx{$P9m z(z>Uh1Smu?Na_>l6>YA>g|d<(l!LSYR3!-lJ&Z(<{}Zls`BvZ+Ko+AGQ@LtF*8+LU z1e=-q$rnVFb@(P{M!7W}DJsc_7%2|lVXXrEc!)FS@lPc#g0e;r`s8#iFFA`D+x86%59L6ew>OkmZ za+>Xq&Ilc^NwSTas2HhWj%u{v_p#;N9x>Y2veed9e{ksINP{i1c!|JBLj?W83Mr2v z$xIS@vNTevlKy9tJY`a;W9h>QAf?opRI7xf%fnCl?H&V@yqO2lM{-Q4LNQJ9MobKJ zIhY({sd}opC51!Xnu0(q_k>dZ($K@%Q|2RPcJ|BtX%&w%3 zU-P-H^2PJiFwrv5mPmP`Fz!s*f%@5Ko6J+vPV7iVciyLR!g;oP)3YoJ7bE zo{d_Up!2RTM+P6wl*1Z{S9)EYITKQh7C4NZvGdeLuuM7@18am`jXsfZy`{M>E@Cyso!aaCz&fA@dK0%3UQ*#1 z0c)}LT^=p@&joQjDaLmnPzHCjn>bu@gi26%7!dR@wU6*t-gOi}4qE!+_dtF6Zk7R| zFnV8rC9o2N59kjZTHJ;(P}7ax$CB%IllJF#tvt5s@H)A;W?Hg~yjcY z_xeCQqe!;NR^k)t%T-58`y^hO_boHlK7E=-sI5*JeAdNUhY`Ue{N$P}mlb(}?lmSp zV{ZP~Lzck&0FwWi8r|BVP9Z~XXac%16hBiU57}vkP)dj1%^9Ba3!xXMuqJ}sRrP7b zG@`J{qy)ddSYu|8qN=Zs`z9+4m78)$25S$xnW-BwiJjOpyvN*ivuqtjKFL*8(IzGu zsJ!s3EqAeMhxb0FVNX6lAB*GmL9aZ)TlEgYC^<-YFf>}i=Y;&-6AhIx6)EFEB}yg3 zy#@?XH+Z@(9HGOfv26oSdC6Ah6om3P!;(i=je80=+O5+w>**!LzG(ur)ig2~72R-Q zM6(t}j*CAzXN!}9xEh5l#ALOICJt{I^NRKfqT6MLqpXVa8i&p+xNz(Dz7{Q2am#om z^A|ebRJMU-P^0AUz(YZxc@A6+R`ozq7(ZAFLdAJM8BIZ6@$cxV23jPNm27MYaAk_# z>GJTPSQhMH?MK01hZ+xi5Xs*a;wnl716z&rXJwePsKw8!q6Hg#Uc4Lkxfr*2o}g_m zL3k!{Bm%F6ypFrWbUn(bKG!PJS}%`N1Ed4?UbDOGP4_tpl6d&?p?ytXW5B7!Qkt9` z@FZZX51rT)cmi)(ic(HH`keaK5yAV5kti1>fgg>H$!HNbh3BY!g!1!+g_8wJ1~Ak9 zi*1?gwTf@rif04IvU@m79`Wum=#?l|q-P<*i!TnKLOEwE8RwIRtZE`?*G%<4@n6vv zL#~0B|Zr@gWb`fO?6pggDv2!cUDFp`41Cna&$)Hx6~ z6%!Sigleo=w7g|5s&N~sh$3N`j4S~^h=InaI;=1v_qDFEAx!}T|4lI*LP>#BJc(KG zO~sz{Af*?2{7|*uPcd%^HUCd@(EsC?S`|FCE)*)OYeB&3F zph>C?0v`OeIXXMg>P`^S3Q6{*eCeYUg`rKqk+!VZjgXE0 zhk~_5Rw+a=dMSjMD5`$3ct_cNVq+aNCmZIN?=Ku#4Pmn}bfo#$zkFF5cRWl^F?QF<0Ou9J|p=9uD(2${YKza9l_HzusTGO1g1W5H$K|QTB zZYxnUS|>LpF0y@y{k=pyy$n(kgJCL$nyr@zV&T3sGZ3~Hc$tZ4zrg_&AlhfTdoeZ_ z!IAVRkWzGo>mM{Gk}HVc*2OcvDh0RchXyj~{1~3$G2|VYs)*(}bsQTUnm}3LKEP`# zpfs^wo1&U8S$-~`-S2=P&$IdX+4ud#XSHAJn&~V2q)-XT4IH;Z*{N4H(2Wy3LSH!K zXBRA#HY+1sMz$jW*ulCI-eH5XS~&Mr@#o4&Z5P`8m8wBC27z~?A*^B$>)i@LK1VBxj(oCN)=kkUug9MU4F}~!1=Ymm7!u&(s2A2-KIz9e zqCxL}wX8)x9&zc8jRF|Lk7Yp{+c6OSM#-XhSx_c+f&bG^pBw;c)*NM%xn|}G$6Yhry zZ~Ch!-n^uLbq!j67z}a@RH9csf3Z$ptXmUtGV*{q)=IX;GC*A zXlIvL!?03Cu>t6j$Q|R6+5#4%hXVP}T$*1hXy+w-%HQIqE!?9669zCss^Zy!VK;hK zlw-QDxa%2_cw9O-_%)*yq0Z|$>T>T5Ip4wfXKMKl-Bea6lsEX8JV|X_=^kKbV;7T+fvloCg+4p zDNrkYTGK1;Qk*6bS#^k39l?S4tI*~WldbGmDEr4~IJ_d^!=57w8L4{tXNKZ))>HER zPpEi;i_7G6)-`f>T1>Kdh-Z00WE5}ZPf!Hp2A4c*pxUgd>P%AVr`^}2+YWKSDO2jL z*QMvZd^K$8v^k(wF`rHT6BMVzf(u9?XQTp}j|0b#|9tQwP63`c5YRM;NQ*gxWjaPW6mqV<5LHg-g2jSMk%;7oDo$CE|kyd=I(I28qScI${ zah6NT%Ib-i1%{`5lD77v8paO1p3ymbw<^R@T!ar{M+fu;ab2Cb)X(|>Onlb5EL2RR zj(!-bxKYWVEU-^w*CD*c|3W!I@1elKu1TPK?T6Of6E|_XuLp!1I!L>R!0Qao%-Qds zCVuPH^SoH&)T6RlQ7t-Ki+9#&F!WCTGC!TgIgp$6`FS^$5h2DmC&xUO5G&-%78P&V zYNh&&I=@2jvy-_3m&2IU2Y{ZWE6LS6j8qV+Hq2WY7p9prp`SW5v74kVGz~@1(I`CH ztl#|H>XQarw~*t z9&<(>s>d8)fIETWd{N5)5ewy<`hk?RVoFkhNdQe0sWL&oM5@sMD1(yAbMm+pXt9C> zhx7#&74iP3Ny!l57<+}GS>L4b9xIyYnRxfn1kF1Z8RXRdAUVfAU)7Bu{EP=@%wHd9 z0Zw4w!@e9X zEMy6c6qDXoLv$7R;J8+5CMXA>6xOCiSVrMQ1afzEHlKVBR~b$CDHHh;f_PynDUtw6 z9I(q7$zzX3%56<%Wdq~W_ua^!NGHeQgF1YFTNV$>85Ex5%CiMQ*Vvh3emxf>PIB0O zyF)ASNOdRC{AQ#T9SKSs2el$vuJ?qQY6#y%&uI1tLuoDdNLrsQoE(Jb2@Xn&m#>;6 zb1yHrkBm^KsbQ%LO0N{5MS-!PMqW<}+8N@cm=Ia|jTQKZF|{sNi0BTmnN$ITUl(% zddYvag!}!&W4@~x+9)i;`9oapgn-VseZ6l90Kclg4!}gzInV*ZREf1OU^{hXlREb7 zG65EgV%xeaxsMTq6=eqySE#*KrE3M`8s(lsuyi?W6`DNoWGoG3IO`hsJ@r_b8%J^s zkK2cUq1FEX0u03`-5m{EMKk!|)B`z(EJ+=Zqtv$6XUa=idplC0+n&byWGo5{)F|-S z8s$tFw>dBxj{tk9!x{FFF?{|!?)ke`7`~UsM_%yQNDXmNBOYDtUS!^VR5QdPdRpX` z)$tjVk9q(^{D4FB)EMJs!W5zF0*(z2fD~d=JR8s-pwpmrd@)xlBqWllYzZyB$It(D z<2x~qh$HX)K6C+YtB|Ltv1m{OxD6QS4)uwY?NVzm@NN)M%bNCN<5TehC0D`l?uMqY zd{?aomdPlUfBaXHrhR*HtlijVp;wa@(gL+W^(%$#9g718Bh7-7(gZU2N>I5N@;PjpJ`lPy;#g@ z5T(?GcJyI@5hMFm3Nf9$f+SxkA&s!p_)I03L@n&#w*MzQq(xD?7uT|C-5=R*5d9MH zomX(;AN1#12@fjE7c4hL9jH^L+UYqyNxhfi$AOs91mOsCaMUG2-)!^!>6%9#`T}o3 z=ITXEOf9_F31FoJ1fuECu$1&)C6IX^_SoWx zKi04)dhc@-p}=F9CKMCd7oYr=&QjcB^$xouvm*V|R)_WxDX!chfmZ+@576e&2sDA|S1TfJ&&8bO}g|sUS!zNGgmFP#S3l zOd63ArCVBJqni=ZgVEjHBSy#08$aJZ-`_dsasC7zym#N%^?b$673wtji*$k&`TXV3 z&(+27wbXmrEDO@5;r);~(!Z8Qj>Xip-_drKcBgW=51b3^+=m)oE-do{#O!UX`a&puI2Q>GW|_m1t$TFpJo2>`sXo!P z@S{NzJt8#4wYa{(*I9mQxka+2!@1uwp;>NQzXv`UzJ}z!s7>Oc*~$S z@W4P$I^}ZhchN^;taqYVf-~vYW2~+>4LHBZ$>A8#_KRYQ5)vs@ZDx@{LQL8agPsM7>wJJ+$k}dn<0s z<6C}oKCFN5t9*a0TyAup2S78&3iXvHTt_#M-3||T;F5rkLgm(h#PF65RLcOu=VPG?y7}qahJy) zGrCAH%07#&7s(we(Jc*p0T1b$@gh5@eo#89CNy6nGVR3c1CKV9(m)@AKEjSJ z383)hKRPO_gzZdGJoft#;>P5ag5e_qFF;l%NwscSbI>ngm> z`Are3J>YT^T;+oVWGDWx?H`nN1z>-fAq-qK$y*ZZuiUqJg_rtRI8Sx?Cyv zMmToh{r6u$>M$2YWE2oJw6M~9DpTEOGW4zX?|gJ0c}u1w`dxD-uN1FqWY4G2;}*mW z<9n}xpH!hXv~L69d_P?s%`ZXe`tvb5XlK&*=NpnJE|)FaU@zCG*x@X&aj5p7eMVC@ zHVc!w@a06Z{kHV*gO-q$K~ROWf4mRCMiSO4Z`Kkj^UR}s>058-+Ntm|%p_?E36#G3 zP<2@LE5Lp7pRg=OH=*YcmG_{$&UW&@;(_SU8X2SdlJIr20w ztU&jNfJaPsLg)>CFx?6lFBA1l<{OHlH+f;fpqNY-q3aiyX05(%@H>2V6!I%@<#$#n zft8~PkC-mP|dfp$vB#Q6xa@ z<3svG&9+{1PWq4`vnRCF_yQif#;#XnZ{Ab>2PG#Rx5#sNnsF=qZwKJRHLjeIy$71? zO><5^(`Q*}d!&O8#8jSF>Frd#PuJU#4%dCSDlyVbGq?WL0IfpYsv}n7$BitD{cl&F z0r?Gk65Rmb&%E~7yR2cUV5_?21ouEYr=Yusw_8B86upf0zm_+C1PW1|*bn5JsBi%P zd{Z0$wdUskhQtE(`LG}%t|d*X@>|`#t|=h=elL29HYe(q0cX}>hZ~~)E+XvduI39a z3jt9|962oUf4dyuc?Z|93BK1Hq;Khy0M~@+5!p7krNm2*z?{E?g5CmM<=4~7tKUmM zT&{orf0_{hMZzvj6IXQVg1NYKk@Z|fSL?88W}E7rW(>iBcaF|TTw&KUIug90Pnj>r zf3*6DQbKX1U`>g&O%>i&R!^ex-t(MYsnRQ(M zvtEQNXuV-%jD7k<8o)w-=Ag`^PN1EY^*+y`R(IS zg%wA{x;eA^5L$?Rv%!wM=W-L=KNV-0snaxhGWcudBv0DMHz^}6Nm@_HK9A-})~gyb z%&0VK(5YAVauS@z{sHE_YpfR2A8LJ_@@T2v)b<>L-xPjMjAPq<3iTJf+W&*%FC-T8 z#yHQ6@}qA3wGLnfh|>qFEJi34-H|IM+bs>Vu1|X9lP;D%Co}9^|7-R2W7Fh+$gL~; zL22?l$7GRorBvkA!Mx9-Ed$XwKI716;5U&fu8-q-CIfBPuyng*L+XHVq+|d*k@$3Z zx6_1~9$)h<0ik7`yvVQ5D-E|xSX6sV#76wWuQ1@H>z$hRr08A$k`cxdq2#6a>W<<0 zRml6rx2cd5{QqQSDxeQb0|G`bR&-6GEf<2`3AivktO*@K_3zwxGYxX|} z0nk{HxaPa++9#7U-Y!?2?5bjNxtUYs0w#Sd>u&l!Zm0m->2wUvdp z?oIm61CB7S0`eihx>0+BlLrvsW$|QrhUdR@&9=RW>JiDFlqtDXG-vZ*{=M<(E=lV<+cD#(cpy zqr$J0#Ejys!~XrrU1e7o#SerRRa6tzRFcJ>uM2Nop()<|CLkvr0a!zzUC-dsOTyT! zE*p1-lEjzXcJ+fj0QXoqzVC`WYn`3QM5}$im%SS; z%Teei+RPn|GETJWbCrbQl5SWYYx|E>E<~RBXDb1mb@pQUc?C45GFWbzT`-IX^4`B&tqdFj;hL-NH@0Lpx+VjkJV1aY4wsJJ*m?rsX! zdE_H62oZ-;r`wxEOfFZpYW702*PFF}BzMxJ`=xQ@S8sXT&`*9+_{m>^5w2+YA9~_? z12r)vv_0c%k-%I{u>rPgxMAk}z`sCP)2I6z^AWPZj;kRB4iOinLv#6fZ0XO$NOzJkm<-(@DR8Uc2_*eCg4@Yo!Vf?O~#HSZ} zl!=OP%0w;}$5!)hY-h^7-mC!tP|&x;5}%6|#Gu9Bhl#wKdsq7IFGMk{W3wG@Vvtk# zb{W@_Z;zl)-YF+AG^RkM*Q@YV|X7_YAsj6}9bZ=98 z;CLcC<#Ohq^Yx^7PhPq2w>~8%POM~XcOn8H|2pH3_Ax7tKe%mQKD7|<>7y4lmjv{v zF~nHRpwQRg(mFXGwV+`ZMfr9%*+w3kVd~3O2M@&l0B5pcIMG!vbH_L6D zjQK~ce5dzkM>~kMU%3rHpeS5t1L1N2WZ_#(qn;q}B>;yqC$1dGikb|$a8tkwo1a-2 zvTp&?fuoh%#|$@N(HRH+7uW3qX>*Vu5N3${q4oRUkLl11dE4`rxgf<@rg zW48sdj?Q}{m+$AM6;xa!w5}vzT3#r!c3hrx5gOib-7$%Q9t+0`n~WTW`OVTMMM^S$ z*XeMmp8!J$YB6<`9(zj-XSup^%~T#HAN9ar`5V-Si0^LzJ}8@oD`{upp9ga0L#B64 z-s$w75J*`k15;-Knu0Ldk>99odxK9y#z8H|C)uaXyA?)Si@{N*IO92hp&F)LuevXn zFv;Nu4u4kgQDP6?n%fHJIk%}blO1hYEE$TNx9*;*r*4cE6Ga~fI(G^`y~v-EI6}v8Yhuc5`|!E(xL(w^h4( zTpGS6`{BQXYicN=ta_*;O2pT2t@`J{0JV9Z6mv>U!Y^8(D7&p^WDY9!USDUa{Z_KO zxZ}7fB(gsSNWB&%J+;Vt0z87c{%2D8L#>Zr(b_Z!DF=j21lprN1EHOUa;Uxsc_wW2 zdQ8>26#r&DnhhsKq<$!VC3CAt6os6(X6zR*B_osAH(M3KF`@H-Y=-*KI7#NF{e5g5 zsQvY$$<+Sy?KFO?(^`WyStft6Wqs79dAL(Ek&2} zURh0w*O7_S=VAyu+atAY8f}^>Qxx^86q;(wn|&;fe7_m*&ckmsWZ{s1>*sKBjhSv~ z(UtPJ?Cy#G!HLDYmLMpgqYhzJIsa>V3cf&Zy_q@m8>KQ2mziZXlW+VWn-oe#dP<>2 zJErlqUK%cNiBkPt%(7X|ML`5PNlrI`#pxBpbQ@&ua*M2{KteiNR!xfCl00cLx9a$~ zE0(3Ccw38o7=`N2$YXHu@uLch#oLA>&Y^STFJhpR)QOWmfofBa`+Q7zSj$=K6jsnO zDgcnqxwI{XT@c2v9J}8sUwBlUC+5~ue2{Y+B)4%F6u{}qdMm;BV!6d{N^uBT$C5xIbtu*5VrFe3A!2QM@aOE1>=E^e&f@4b;Ze%3XYi zjG+MO1y!_Y7MAK}%2IL*1V?>rJ+1_v|M zEyx=WwEgA*|G z)^bd5kFX~_dRDY4`RMN9evRZ!Q`ljaJ9LI(ydm7i{hJLMIh%ZT%ivQr1OJEUO~alB zrho!v5tQYXT6FF8y@KO=XsYb98)OsK7IbIr_$d}mj(GkQvt@P8?9zt}hxIkcclfoK znpP_l|HM5~x{7fMcj%hiU_5+vxY%#R8>G)t$fbAU;#lzvBHx@uxp*`%m%{A( zk(~#4X$`>nt3_n_*O0k;;%3?MJY}(G5UzXRHjK~6sqzQ<}>$NlW1+cD~Dlm zHswE~jx61pPNs&)*Kgb3tr(qchfdI@7$5EC7;X{uoG)YmkB8skHzSIet4j z;k)#|?wA88(EseNGVp0q05HUS#qp&SAGO%8_`ZA4F554L6<9qB5W!cYT8*J|ddt#Q z%+bNTGXv02ZYw^WwEf#=rcfeuVLZX|{H?gL*70@sBV*C+O|y$rDs7x}JM>K>X;=cW z>eRWON$t({(@x!ZCi2dZafT{F^5rtIeto|$XgxwIM$p$Vjgpcm2Bbt@;i{-1YIl6w z4uWxav6-{l#@0>;m}rgN5g8XsY)!+RJ*+uEDjtg%7lS-IEzt2ocNmYxTLmrLm`_WK z?~NjNke#!O8>T0NQ=-bd0qn;@U>8Ql)8Xif{M&o8KK;ez(@MJ#`CZYe^XGKcV^aJd z+KTvL-PPMm_FDBq&WxSLbn6%_7hUzq1%Hf(CKeSis;>Vz`g>$?)v=9t;4;ILhpFf=eJ^7E-e#rk4N(;7BoX-Z(GGY z|NXisu$WETiBl_~;zY+`*S4>~tp1m=X23`LtomW=6L)ho!kk7B(R8F|7(ICKd9fIO z2IN6H6Uo8Xz(Zy2oy7*~whE3~qI4Dqe9z*um4`|GT*=4wraU7a`?ZGEk^R#U3~XNN zXxSGFl48|39`Fxn)K!F&f@(pweR`{>S>%feENLd2Tm}a(GE;+mgNQZ2IJlqqc(#t+ zU1P2(_xCDAmBpVQcifGC(9Cg5&qe{T?`&9`<*Tclvj)?Pk?6-ixv3(yxPUTVI-7pi z2DEOR*;Q;ePH$Va0EH?s({C=8kT`}Zw{_(at3!~%e2AzQ5ahN$<$~9cl}|g}JHx=x zyLPep+2xQ*5jZ!r*w-6fO|`o+M2$C=J+8W>rpXrvvywKcq5f5vX~~jWY5}(FJ+?3NjaIhAv2vi z$5FyrQmA57jnw%a``^Eo7|k19RWi2d?R7=-FxeA`q+Wmtf%xY z`9wsiL!+s?Y%sEuB9U5bVL-zn^eKnj05y_ti24+767}Pmbd>yNJMzJ37gnRTe0P*N zjb6QbdRG0gsp7roh5?BWsGw@K++eSkZ`poIEO!1^JbgpCgapxU{6g3}C-o5*^mJ3z zcygotn+hoyFQ6x-u1=*57rQ%E43VxWe&5K8y_Q+{Oz&lzIpO)Ej2D;g+dn=t8AJI` zgYV4S`Yw-%2CcFqHe}^F;#t!X@>~1qT#K=2zx2H9EVwN+ujL6m9wy> z;L($lnECXv_55-v`ioNdo)4>d34oF4UfAJlk6P=}eUZu*luofASA9_@Z>!aOOUOKk!Er!95;;iw zcG;@z_y)ZrwonZs)q{S0{)6{8<{@jp!&VpP$^RC|VtAth2FX>HIxk^gsgAaeLe;?sW zIqWJwjsX=3oQh&FxH%DGzkzLg6(27N>(=s9HdX)1XnkTKN-*J)J~rzew4Nrual07S zP~Q2l3FdfcF0&;AbV@@Pl`yy|Y4nyRCQM%bW=E&P8XitioT}50nD3PN2~4`X5y%rB@S<`nZi3 zExlZ{I_m7vukW*UiuQFKX1q43dO>_*iX=_6*d$HNU4t2-?(ko$5;-NocEzIXm#2?d zS6m-Uw-%y?OX&z(2*Yc5*Xv0BrWP*F|`rNV2`(xZG zM%8evI;?LD*=oJ( zO%Y-$@=K=!u+Yz~5f{@Qi%dPk!%fS=)@ks@Tg=qaI)J53^t|e)TWE?eHIk<_p#s0- zlNZRKue1;kRFNTm8JF2iFN`6>k45z|oiGM7)sjqmTC~L5&hHI3-Z@OV=3H}P6C+~7 z2_{`^ns@THvC=!Ki`(uPh(4O%W!Cg%4d8Arf6KpWmljlXcM!z1kW)(p)jS&1K`)vi9UEVJY@l| zjVvvnbdngcL7u1P=90R(xy{T5FnV*rD-taD^QWft=>&{ez>k_JB1$Ue55^4|yb0W) zd7!&*o0a63=gNlX_Mq3cd}#ls}e_|H~VVV{A%Ieb&p zOSnVB(zv)pwq8myv+yY1Z9OCWf3>ZU4YW6mQ7Q0B|43rVu_zrZ!UM+bDAiTr@5BAn zTl50-Cz&b%tEY_DgzB)$F&=Xt`PYfS=o+`Bvy-ba9(}7lqO2gj5Kz%h0?<3?ii}oO z)D&1TKHU{kqywpfiPX!-CECGMG!u4wD6u{Fn6h;|eq0&06E-Zn-ZX=zZ!3RGHo|$X zxHTn@X$r=tQ2YcVAl<5=rJ2C;#q19n8%_zYiWe4Z5N>Ths7w3_rP*-WS?+UFA=b@a%P-$ljerPM8FZt{XAZc^ z=ZU08p51neg-aAn;OVc}7O*bFFsC>p(UK61F&UqHTAlSBsTI zD&FIK<9GGlHZ18xejO#2DNwD88Ra-0dHs<4KE+o1NeCG{?4h;U1~s*Zn4WEIs}yM- zvh5`v4K$zCcS^&?nb_W&9U_V~G)Gr*-6hy{PBS5-K;D8n>QKp|7MPI#??y^6=@HgH zpn=o4FVTh)d3=Q)2WOt?$ik6@)$Z}19emrHmBWeA=qE-nJ{dJ?wldi3i)A}RdQ!sP z6TK^Af}9z$8qY6^1ibcXt=}LhK0>CpL;FOyY?57qy32Gp&V63Aq}gO0P6!$%Qnm8@ zBJjjTg7BEzjs5I&2ka*lWrH3AL>6$s$FLze3vS%|9ToS`lFhQyWE6ZE~-a3E`0ki6x z?hX2C4l)TR+0|+6+_c>sn4Pn1@0%c_BmMg%t`n{CbrT z{{0uW%Z17<37KTm6fV$HSaUQiES{j%vm5tnF2=`&M)*?d&UIvQ3!$+(a!`tFE|$GTigey6Y`ruw_$9hgt#ytM({a3zT$`;65o zftQZVkG;RWY9TzhVMy{NF#DDyJMo_+lBYt1A%MTED~(QwJTPca%I>OUJ*#J^BuO*D zvx^;4gJ)=W&zbjG8pVq1EQYE|Zr3uq6mi<7n;BohRfZ(-1qjw@Pv}zo8Iy5hMnCj+ ziMCZc78Eq-`AN+#jO=!Y*hjWs0z|2UWdFs#%jrAvcNFTV3sim5Pe5(lu9Tw|qtE@4 z{Tj4QN3oXWG@Lw6WyBH|>5lx11L|+JVtSj*afisoTueHmSXs9;T95aOWel;VSW+V8v=1a;bNvy#^wWG<@ z#x4Dg&&2c1wE8n)oEP7*8C9wZ76q0eBdpEWL7Ut51F`9VpYAT8BLAnOxOoEkF4iit z_x6xz`oW50)sTwK)lq=5X5c?Gk}Oumtz;Q4mDiDyZYfWX=px#-X=3eYv+;TSm&Dm?c`bE?7rb;29UXwrS4mYuic8&yY?6gQFCtlX+ z@z3)mOSes=DYkU}+ypL(iAG&to(QEz{h_k#&bGyTsVfaHI;)esn+vDb(OJkQM{@0} zL#S?wj{>F}G>C=Ww|krIHXRV{T<+TEC$wGt>^RCPw^c$b3{y>_Ir+Uv{d?8TD}}2n zbp(5vJ3_BJew0qZ6ffqw11mMzXi)OFU4*X9#l~EieP->RZ5gW|tQ&e(SZsd7~Ptsh38$mc}LWx_s!?9APc z6KumJu)SZ+FQY}GSsOR~fN;^O#sEXSyTr!8o5Cj_gqz>m{6Z!R>JkyOXm@8CM9+wC zr>HIwsqS-izxBUcI|2qdF#I6BN%eiE8#V3(RLc$VC;RlvYah;hJGb~ zLK%0JQ;a-Ht>o(p5cyhj$wL07-9}uJ=Kz&2p*Qp6J7VYU;WfQ94ptTVg3+_?)z02) z8+1a0qli-k+3`iW;fSAEeIOUF_czLkt4%mtm8FmnYaSk__K<;p=AHmISe32KhIhyH zbqb{yn)NEG*b=VNgk6slp`}2Lzfw=;l(iTT`Cfqp|Ecq<6O8UYm|HJ*6OREuYG&L6 zlL_nXy5ZJ#vK}9mHD|x~gfZ=i?LpdqT?GDDNs`bezDcIUwf~ z=d^Z<$4W@l`qqD%Kcp^cfuB|`Xa(?kYBrOGeIrL_${+( zzenCtC2aSdSIok;ST4<#OS*~~uvbk6M9L2QUFD`V4dtUIH61T5q7%v6HZ}wyJi|fE zT1#PJwfi@eViJ<%M~VcbB(2Rn@9?)2V?gapj*pgoW3#U+x!uieyT0ND7z~n(x<48j zNbPcSQEiWf4dM4b-bAQZN>oq3j5UWCM?)AXE(WrWy}oj&XKn*`tN^u!Rm)26Do8^r zMlu#$mVL0lQH)+NtK_c53Z8vyaDyIBVktiWrAtP6rA{YAUpCbAmDbM>`@kt5NAJvQ zGPW|YE61fv;=g!N2_I&AScjo{ef?OhkN#CJvFQPj1w;H+G}t7$ky_eI1EN;OdWP2- zB8qtlElcpGqrM;x64cy##8*yNb!)L&A)v`oe>VL+=^imBF*>K&RsNHlYJ(AitcDph z!*5JvU+E5EkJzVcPa$p#l~1R`;u;yZ?PI)Alss9#@85+dsc;knzJn+i;=D<~Ejw{# zG2wnlI`ZN4YvNk_v4VTX44-<=Sr^uClzv}0H^Xy4x-0Htl1I}nn4&^cSG!;ENUev@ zl#)(f#;wDtPPl!+U%z-SuV?#J1#EZozZ|@}OdZs@5h;)adR#qbx9$p$WM|8FhA7&o zfX!F;zsC2o=OJ|6`a3D7JU>GiQ7tJCR-@lIp(9yat@F=CKXL4vkPw<3OL3RL{T526 zRp5R!U)^dG0x>Wr>f}0q)5PU(e{yKuegl8)Z`aBouWmJ>In-!l$)MVwzRbz)f}%RB zy7j`hu*N@Zp5oBNqPx&^evwYzz0&2oOnzQ^K1Yl7BPI=7uA5GbO+W>F5FBZFqBVf> zT<^rqj2qsE?UCuJyztCUCjnIcQ5O$F%6g3!nJggn8P4!c<0Yw_Qht>V?410lfts+| z>r6#r6IH%$G=fMyD|C$d@?~oao1!E)1o;}RuR!^!oOh?0PLvl!g>aNd4C})H0WE<+ z#t`8n7aR?t!P#bWtdxc^zah2r4=M-`&|4K;Z_@`{BY@~IxN`y_emJIBU__Ox-m|CX zCeCNPt-lmcv25NhJ50FVkdj!oj5{Hi94HbM`*Lg3u}Qlw2d+H<+<3KJ-|aQ`g1rXXR(eVm8+m>y(ccp zPshRz-r6noadO;vQ5f97G#bk+Etd|tIvsn&chP2>BMLo{iP=7?9D?z&;xbhQrYTvM zbcL0JmkFgMhQ7*Ur+AX_3-;IkhroevMY1!`wXQaTD(G7nf3}>)u8-IpL=P##Gg&!Y zl|CG&m}yp5qbXi|yw7dgwGjd53VZ2HRwp&-e*6034_0PtL;h2E->ZZ=@&dM({_F9# zWo)EK_~PezOkS3JEc=sY?*&Cug0VN0lBGgyFg2Y8h~Acadz<1b>h1^Q`o1(k7BOsa(7^N2vAnmMqCeQ5?`q?yCpex^fo}}7M>p!uK=kr)%+9$kTGLc6MmD={b!sW?kXnQx4%Dk zYrf+l5Ey_t9S{RGO@*k6#H0D3(O6E>CC@83Xi7yx)fYe)o(m&gQubrVJQ+K}k%BJ5%5U}!dZ(0W(N*?Fu|8_K#V>QcGVRDp>^UisBYVH-N1=R^4z-0-nRMMyvzBbTsq8gvPdHBe?&BKUg#B@F-IatDqWxgYAMV( z%0c3uOZBEyf)$>7xZWn)H9bg})b91OSxRI;ymigDWZ}kcO|g{}pW{(ZM}7}ow;9v6 z9<0)BhP(@e;VKW|Qg?hO(_2KRm&f)qH!#Ra9-inl<#%{~af(@vUNjQ;&aS$2z~DS~ zM-##f%I>m6mGc)r!O6*w42$I`cOQoot1hqTH4J(fSz>18B{ zAAJscKCHV+dEsq_f<1dQJLp1MzA!c1&j*aqdJ08M-l@}|TZEQTjEgEf3_YdRC$vvC zP(O6!=+Wi5j-!jnvquiUlcirH?#fppAMO}`CU-zkuCTltkM~{_9v0dkR}Du%S(+Y< z%?rOqk8<2JW5X_IuNPB{8k5Bh=?+|G(&5-D*YoD}qxoCXt-GC`Je9x*>x`*c^K|Mc zp-fr~Yii9SmzJ$yT;PdGS}cwqIBAR$wXw(#$@9_$&(bUey(AG8#qxOJWqsN4e4ip8Inbq^ zc~CiF8c(?x{SZ1If|b%RnQ9w)e_Ytvq`;Md+|#s)z?nvs?{;uCk#uGuA!U{#E6X2d ziR{|pzVCVB^eJ)}tMK%^$F{K1N6)XTB#%d`F^ZFzCb|HaSOs2K^?Mmis_1^qUpEk$(Hk;6Muq_;)Cg@%?;jFg5MEVDVfGlQuV!ksqb zg@^PT0XX28l_jlr?UD|(s*D~t%XgE|}HEAol9bhKJaAtk`=pvWfFxhw8rR z6p&}+bWNQ~!tjHR^_P0eh?9XG4-v)73Y=nmFaD5?#Bq!Bv)2djRv)yCmHg!wYb_9+ zEi67BeH1(>a&`-hX#6l4Je4t}sG5N0V;G98VX~^3hYRMSD2OhI4#du^Moe)?)2JWi zZ10k-@bUn_R>boyLvw;L>Q1?$$fvZyQ*YN*2rF;t^Bt{d6OoY}2f8ONZ$!)~Pv%Pv zj9%RZ8Z)lKSv&CmH~W55JySHklfdR(_t;V*!3_&*=dR0D$@M+}y5I zRRM~eT*Jyb{4*=X#We@sWzro;zavXFu&zj9r|9#+fe2CMiojpV@00192&| zWbG)2bD~87A%6L||F~W(bcZR`xew|NZ4-^)!$CklZ0sYLyc>u%NTurzt)$))MU2$G z);$5KX2J-F^%D6Peq(m-4U`)YY5OOhe@$oF=PNJ`x@b<8o~%JQfjY=)f&(9b-;BlP zh1VwWK8&iBNtRZ+53Kx&N%AVasmAai@xQPA@0!g1N**`RosjAT96O)gaGREg6>jJn z^J&lB<7=$1?e_AjPV8WcK3e+PBj7}};(-%mq`I9Y3`ceUsWD;{Toe0~%QG&m7xS9~ zLD7s43(CF^0r%@$+$W`V%O8cg?!I6ZDDF;Hd~dlyG{)^TBmU@s#A1VTd;=;RtSty) zj%n!DH573=Xis5{Qt%|W_rq0f%5#;_1=m%5EFxiB)O7))>UPlin5fz?#8i9B4N8wm z(=r@`t~%z+ahLL1!nQ&D=9O3_T215clYG7!B4Ssoitjxs$N#!v0VjO5&y4}uL0fag z0Los9bOJ|Z9+vx9mr5rTylgDeaV za!!zf*o?u&vwPOFj)1_pKZ^ttwMgRb2cMlr#ttiCBruJ6#-2aA{TS%P)-3o>zEm3w z_~86|!={O)RWI-y$QZ8nOp@Ds+R=pB2w;jVQkP>Lh!*NM%lyCL>h8))*(#o3hAa$c zwj}Dk-(u!GofRzjB*~YSW!Q=ptuOg*3Q%DIq>@S7Y$cqY0bZ!()Q4PiDyrN-Cxd?S zMX;EWhCL;P%nCXuATBxU7`TX*_+dW)`#n`{K|AtR1w&%T8~ld2hK@OSu(jHpiD z(d}jItILsUh6%TNlv2v{C!dNB3|ge+hR>@BnL^&6!*;t?@7Sok-)GA{tuMvMXVlLWb*X@lvslhKf=p3u6!dBP z!xN`!suEnN`~^eZ;5QwI4toq3KU!)B>Uo^s06-cd4bO7iqHTj5jtur>#(V^tkAKt< zB}Qu6bWE8PYjV3}4Sb;KHfrNUNHVX}T>Co7Lv*sC4NK>&QWFW*e62ECL?Obz`Z4bz z^PfT*Xi#L|pPnw)s7T@?Jw9DZ8HrD`en_vZWEI#@byd|-Ly&POh@uUmkgwyiT4Z>|u;7w1?V$!b|F~DA!;NFWLJTS4DnO zB>GFxV{)?R{OCLXeCPD%QLs2iu^>Ix?*{bjY#m2YjFzN5F{Ods94TEpvh0*4asZ#v zp^knV$|Ku}@WK2-*Tv;RXTpM$h~f39rZB(bVT9=O!epK4BVGsa_H{JA(<+=L?A#dP z!%#ksSN z0}n5gnUWAWo&k`rv;VVSmtmxLrto0k6s=BT|0|bhu5`SF-Pnbor*QUlo6mLD%R0-w zq8Y)IZdLv9E)0W>T z`hGD!R}&$*PeC`{+0#y6%A|ng2|G#fky_@&gKBE+b>PomLVt$pSNj0>^HUlq+M>K^ zW8<^XR}T|~Hl{TI1WFKEG*MH$@sJCSbEM8Q;Az0O4KeuHuboiGhmGET!mqoW?92;1 zU4)sbJ?!JEePc+ZHnNzfBDK1F#vOcN(CAA$J7!U^WY&f#{z!3pM*DL*{i38_Wic9O zWEPIVXOs@0@MDd7$(IT;JFxV;zj%nm@i48sY*o&Y+=QD`MAaMsYP$bUpJJ-n#cay3 zRA`KDFc3o0)7-N#%Xw9#6YM}v_s9LUYtFv)hX9|$udxDkK7UGF)Lt^69qB5LGke60 zt}z|3+B_oN8f5S*Te+;1wFVKfcsK;pQ`Ew1DLjgopJOEQ@2%^s0sYjDj`_u!KZ|cV zfOlE2br*!#8cBh#eSnQxgptrPHm_kV_bEmZzU%WC#7Ar6{_sHmcUA)e$;8JG@Gfg?H*n;cS!UPx8KpA!-CjyY@y#oktkWJnmBlt5%&WWfz^`sWaeKmkxFb(q z3f+sA`O+``C=aOB8qA;%F!y)t>79kf)~WFXbgOv}KV#x>=~)l2wTI?S|AKLBaqXlr zv+v5yyDL1J=LB8*s1bO(NtXKON4_ z5cST`9HC)DIwptT8>8)KjQw!9j|w={SI4nB#rC-IyyKIg%hx~nU~HJ*YCBYv2g;mE zUA_%FE1gx<7*16kWKmYWIXuSwDlJduP6mGmTW#He);dWGA}BD8C7@N83OoJglLB7B z{@054oe>Lv@~mqcx8?G#cT&7%9MX4VaJe{No+({zJ55-i_Up2H*rDAXbN8L29z>Na zzbIawIE>1BKUTIYqMuG{XNlSVR_onHe0u#;R$pytquB_bi;IxCDNyxhjYrv{>RZfx ztNtnX(#yxc6!~h&kf=e_9igMq2WUz44SZq~LmfV+sE%E(yeoUlUGs;*uE!>a_)Mgo z^wNPj&DsOYuEVvIjq6nG;`FcN8GlDq5t2D&C^GT6Ry<>ZU$zW>ayKtrxo)kP=bQJ< z`k`ZqY8~*T;BG21lr#Ovxf<@WvB$)2o)&sPO*IH&^OSrQcMt*8rTr|YL_j3 zN&6;;W^5iVGyD0eWB&7-n)0s}($ZMEa+^ ztDRWNb6sG>`})kn->1a3gd+RHR_af#1)vM{uat9YR%mxf>c57ZA&5T(A3)IR9|a%1 zd07WtPtBZLbsm(wiDH_vQ(D8Y!3~c4;4*DHn8AcQ2*N-yf_!Ojt>{Qyw-BHyI#~n~ zpVqyiyKKyV)FWZgBSl;PSs59l^CG6!-jC$x4V4tXzM9Cw>*EQ0p4A9Cj6x zg0$pIz=Lo1rVNHl3_rQ)q!1W*r-3WtFyPfM6h{To<4?^|88%DMEBFDd{=9S*rymi& zQ=J>?8DM03xtMmQ<0pkeuxW3dp7VMgorkAGF?WBM`xW>IOxvj> z6}Po{#_#BW;lio_VCW@{kAA7dL;D|zX~+A6Aw4e# z@WA0DuukgFq=HZHs%P^3Po`ja&-5GYv&{Zwg>AG~`LOF~`wssxtDZDWU^w+~A8ObD z0TX!?Pb>RYrxuWkPy zL)D;8sOm&1$w}Pr57Po`&Oai48B{t^V)&2Q5yg`%po13g!g{!G)GG?mnwM&Q(be#h|__}?$4M0Ua5VZ?@KU{a`vT)F7mH8NU(2YM8 z`t$4*Eml5_osxg>fW?a?{WX3n^TQX>Br7kzvE{Ulw$LDQ9-<6E|BE@4*dm#&zS5?(jDI8P~xxa1m=u_!R5UnY4k z&J%h3&E{GEK6A=`mqgPQqW#hTMcG@%Rn_fX!_wU;A>B%Ey1TojyF^+V>FyBe4(U=F zY3WXpMq-0>*SkQkb6w}$=YD_B{SiNad(XMX_>Y)#y+E?!QzcnWt05Tb-_DJv^S?fw zB`eo?rO~m*H_^Z2*qh{Kx3gz6J%7@eUt6h84c;M@rd|E4qaj~*VBYSBD=bS7rP7pw zBZ*;}U-EuDk+Pq%J;scD=nA{Z5%Q%qyhw=~5{tjC--{@Zb1MYgcCa*LMv`XEUWsk` zI<00o;=b&$7BypWtndNSJ~a=7m@8a9ZMi%>h;&xva&2%-p%H)EJ_NYN0*vk=es4WQ zfgl9|_Tr<=T_YP0&B?f5Gb-*P{i2#DEV(h7d+@yPWw*s{}9bd!7>_;FSkd3L!9He+$_+O%P6f~T`t;gqNlmADUdl*laFrs}f3O3Q}SE7#F!nc{%LsVuTEozecz?OF zw_aGvG}%sbt;h5po^s^$P*bf5lz6723MHc&C-iYSTZp<_C;;&|6(6C3$)uasV~Oh> zn#(f@*24nGF&LI_IM8|Fbt#`BEl3gAXV|lKIi(otn24>`7ZWS8r<07{UTv1!%*YOI z$TmK!_OcCh#1xm>TO`YmKBSzjlhl*VfQRCJC$*7<`MhY|ST8{8nGu?t*Ml4*bBzIC zEKhJHf~(rbXy=)lo&FA(;m9#*irqz?Lnh;`j1)OC7zqa>DP@BtC@rEqsRq9S${K~s zQj&1CsMiiwAQ-Xw`Vx_-w4cY)_zUU=@0U%7&Y7=goVpYli>@|es{LEZBW)TwSL~yA zj_FylH5IL`GvP-rN}=jLB!dJ*avfMX>SbHq*{e8C9UExMl7{Ts2E&$Ngw*Yfy7I!g zL&rB<^3=Eqh2s@|uFeKL3US9Xi0WMKT@8plxJgk?M4O+~bG&y3wip`!Yy$47t@tWQ zy)sl`mdGBdkz81dO;r(c^>K}sxvZG4Bis(65ft7iyn6ng-UQ=Cs^2tKDUTK=qOGfv z#zPY5n9Vf(6cdLXCnpQ--1BubxBXHQrg_{_M%x0lC^*PVMtgYXjO$Q!&ZrXQXZ#|9 zzjRy|oa|tSu;uNpd$P``{iKBBG=WHOa&gYspiVRq_#kycHk#(BTZ)=C`r7kDJ$TG$ zcA(2$pr`SGgT#)iu9ZU41-cM&MiaA~F0#K;Hot_7(S_w@G$PwnDCtpIq}CjVnUq|Q zP1AT}fNJ-FK?xLdydP5&EVqPXIO%CRQC`6gt%K&0ZFww8k`uC|=GXw@H5R@8owlN1 zKaH-Kyyw*Bjm5FT?VM7HRd$!SU5v!M1Z3HdXCW%RrYZr(uRa+Hbngihv2*JYo_!lX=#H#cKgPVJ|d8R%4K6qG4J92i>j=H1* zijBsHfGtoDE%_c4R?C&*Pa{&A4N8J&$hyAdcE<=OZ7GC^r?lGGvPQ%#_>h%n8}|~v zV6De^f_(ur7Okwvt1psm$oOnt0t*JZ>dN{ky(r5LJQ+#{7tjl-9lNL z>z_a~3sqwt@yJb{YDA)hPo>-j6haxC)^3ENzz~KpnKVT+WXDB=70F0xxhb=qS|*yT zRl)6xIzJNGZ_Z7Fl|D3A1^c12Ja5|SB<^g~;}H#9Ev{PXN7=I^xqmt#&}XfA#(?W( zdN>``B<=Z`#U0=~L7+f8T##0>L8lTevXdH2oY8dmwH<4pT1z3}FxNK}?+ciGW||;# zW9E}v0Y4~4wqD*-b+MHRq#Z=Ut*7UpB)yVrKwTE*3?WHHM;QVWc;qX(q6hA@G0%$! zFYq2@R>ocs(t}W(kwbHbI>)6Z=Vrc!Ny@@PZW`x^`qd$|KR2~3(yii&meS6I z<1BDIslvvoN9H8bBQ@Y)wN}Yu4<4bfB%{JS3$qE0;^J4Zl>ocg+ouD!U-Yt_9ktSx zcBDr#(tji`R`eyF_%v;dgFMp`s-W~y$sU?FMI$oC{lbn`{qeV}+#nt4m0mJv{42`MSO<>)dqSJV zV4zxwmyBZ*w?k zPfq~ltdZpA{Y!*L7$|CY-@_n`cMD@dL<|#o#SY27?qDUh1j+lzic-W#zag<>p3V!R zxyHs2V;A{5f$lIwwL5+R`@B8-V!j-C7RPfJeUgl6YhpR+4a`b_6;-mh^q~p;X0us5 zo;7Pk`j|CvTe=Yrm9X)JW_Fkof17m_En@soZ&9wUaTU8I&pk3q^>OA`x%bTD+?1n~ zelv1HHa4=)9o%MDYBo)Iom#SKcUoL%iV*dzt`Ih{klc^8UD!`9)DISC1H^*q(bkZA zc%!-d>@>ajnX@pm1Y$U8WZ@AqrC)C;r%`3ELM(qQh^s z8!`um8N9uTWvo-1VAE=TaZ)W-2wP1e=A@-0tcP1RfcwnzU-tI(+fgr!_nwth3*tT! zqKY1zylspr`djz(If4y!2gyO#C`;!$`m58DvLu1clu@b-@A5zaRKyM`d+%2^_RKJf zfg07BSOLMBLof+~-4ROAM*o8cwJ1$Q|AN2;BOYkuwe|^jr8XTuM4Gqw3GI2x^IU!7 zz~^2mNjIUw%u>RDkp?CJC}PG`*SIvs&qoN68$`3&iZ5Bz1Byw<(cG&AN&GUL)`D>* zuL)e6pf9ea8z_w5@lzgso>+(#`*jkA&3*ng@bH~bzIEe{m1-6Mf()lZL;cpoe4TDC z<>uYaRA-G^aIYgZgi6~2Yx;TY#}7HQ+MNXo*6q#J7~5z}htl4WDjsBSl9Z;IP8)&3z&o8dK^;9(w#TcZ`g5Mho5O zE8U6t*-y1wPSOA%DtsIj#EK2P`nZSez+3nRy0PRfzhA8O^c2Yo6-}A!>pb(;KRO0Hg~mV z-`)m?^08=HVXqyf%4|oe)K^5fgfh>6i~5IXVC}F((qqsR(Zn?I#I{|Bf*AyD%^Dg! zhow&2OqVmXcxeFjtJnx-zT)$DU@ZQ)NdaEA+WG)Fa_nwn5dHZ0i);BjoK%0(!z?Q& z6_23DtKa9i}Je?Z}WEfsJju+{5lG)s5s*r{P1Lnk-T zs0~B-2Vm(i$nb>U4O;uh7c#+)Kcy#e>h;ePx_j} z&!J{*>@pNOwK#wnS6E%{hsE>(J4$Dc?gREI-J>pmNzch}#JDPw<1H{#x`!~JXSe2l z5(fVvDFI>7z2jiawonle@mg1VR;bOK!Hkw`}Hly_u=NCkx1|O!6r~UzfX777OdG)XnCcceYE>H{iI{kPR z(YePRRKewq<3~VcRmr58Et!|;y#Q}QCrv6b=}OPY2?A8XpRt(C8*@~tKQ?g`>yT@V*OC@;`sdv(~xZt;6PefQ(u`V|D6Q2GN1>dq~wW-TXd;F znrEvWqf(egDgX&y%IK00RdCbLFI{rYm-}(?uo%0gJ6EOo#pH;T3A91>S$m~VG0!VC zO4V&T7+VY(d?a5~?gGVIAdVl67Z9Cr`<3|uAHQa($o*GynO;bZE`vOeXB#E{n~F*^ z2Zf*JWVv{s9_2tH*0nJ?CHixXVSR%Np%@)AEa>l}@5PJzpMPU-k8u@Qz)&rk;I#ir zYuxIMjj_b6&!+dt{{!l!A~!1B1`a8fo2|?fa^%%cAsak<#fw=~MlnsvJQ(E7fm)%$ zbw)~|;~hgYoA8C;u8c0c$u5B zZ(f(pbaZWRQ#yu$j49%;1CKiK^F9^ipFDFVxzll|ojBx3QRT@}aNuJ5Bp|Ps;6iF3 zUmb;)lLuyf$Nh7%r^$80T{YS!$wk1z&1M-ufwB|25$_N6CgUT-+)d@l>IvI6g~`q1 zd8zSK?2u!r1WKvl&;z%yFsx*-1ZuIf-BR0EYvG*-+$B(BPPvcL5TB0LpEf4_F$q89>hhw% z5nZF^t*C`I=!0g>sKGc&b5^kjiwe=IL;;^LJs4*SLxIU3kbd!sSpzyds*m^=H%pHo zkp{NWPETm0@)7*Jn6uf z&Ry8aq=?gFu}%0hhRQrh7$%?|?Zu6l5;u9yREJo?>uty>2s){?pJHuIVkK6w*n%|T zfx;+!Jl|pI&_3wkEPNQa3I`05`S&-0h+oXd#YA{{=`Sp#=kger4ZsZ}w_NUe51}_vPg-n6TAej6iSP$!5{6n1HFj}V$b}Dwfx6 z*WHj_9j#$8x)l%D0)R^-3kX89j8SZxH@^w6c3CJQn<@zckUPifBupY0fwO8|mNN0C z@ql2!pyoT>6w{hQ4^%k{Hm+uFgybhUL!PYBx~(B?MG3K!I~avLi4! zaVY^0ty9m6%RQ3{34(wF$Jz}0R ziv3DWb(u7N44sJU(SDE;osCI*tmKxK+>H+kE1 zfc$HRy%}I;o`1Pz3dw5{0Ael^rb!s2SW}S&Zmy#NXPrF?UmeTL8({WZc$KwzAxQF} zzHfXcif9@`7i|#1ursLbN&b;j2WBPY(T5_Jngb9Y8s#B>V=Eoo?rzP4^n(lP*H-?R z9EB02S@>57P58eg;NPa<b7^ec`u1FwLsvi=H#N)K>W6 zz`r6lx_BA^+5Kx(FCj<97#;iL9g908ui(5&#)>yrVtiCL1||M1`X(q}ELXq*r5fYW zPql1DWwdkXsT6K!Eum4(3a;o#pKwQSeJ0F!=Q5`I`ZWFJQnh7`PbmI+6SBicMaj~# zW3m{tMACw;ktkXw91Z;zBNo%wM3skd#J`LGSz!S^2#mn4CJukK? z!7>62LnD`$(!kBYKSB1Gu+%;1pX{)>G#iK! zPAW=_;Ip9czd6v97;0tX?FO$WO`fBT#eRr#3yqGF{&d6?VLMdRB*u zuL1WEuth;ZQ6Ff@cPC2*Kc90ws-6k2ZzqLBv!A+tp3E$n?ejR#)gRkuDmwhK;BV(z zXo}0@fmCGxGlb1xCpQ~?V!#l$3Y66wnwT^SCcuC_`b;NkOs|iXSF#mRirK!Ek18}8 zhA4#BZJ3`8-)TuODuh{F5GME1@c=Qc9KgT|`)C)K@(~64EG46412;Y~s3#e0(~6bl zIDS}kxTi}8h$BZ&_5lveh8kIBcn5{%8KHPKP-wW!_=}X6z@UUgjF_)?Ijm!c7gZSY zJ<<{sAg_&=hRN<6cor^p26$mkH5CvjkH|+t)BN$#6U7V38ulQTn|SCBRtky!|^rpd9v^Ss;R#p&VH=wF_Gw9Zwy2 zmQL=YpdUyMpVxnFEg`$eeC4tVxM60=%YEd}3F-ehqLCg8N0^W(MCj^D$gxiU9Z7c6mflHdPd2oe0oVV#874PEAr?9K z9Bc`20pmZ?BguZe-o~=zBI=oU|71X%Ao6cgst|c}((%%OUoMt%Lg%~*{hI)BjiI0T zZ*LOwrO#{vv@v^ze1S-_5?})W$`@w=??WH!L4TY%VqzEf2N@J{Wj{T)udH>djIcb9 z!N4N}#=d@zI8mmvExYIk;{njFVC%faip=O>!fD9)^nWz@|d zgG@Dex#4Q`0SizOX?WHE5CN`(TPruUg9}kY*k4`h)1Oi6Zrdma=odfwAgT)65n-`H zz><4~VPe$ju-Ker5iqMo)=8%emz0^hq+kL-TZD6OV9|wXPpZwf6W-m<)SYSgCB^ZsokLu68|Ido!G}_upP0>`4agcw+@0S2upbsT6u9uGoJv+kLXY+^xtfZDI3}%G4i(E*BAMxAn^OY zet3jFQcd*8g`z0t%9y4{%UXj%0|Bq6`(kthlH#TZs>I|n)lhQS8B&Z9TSvhIdkrwZ z=xh_$EGWa6%b3)})Qsc%uYYZ4SpcaExvWeg5W)U<$zr?5S-d$$^b^tg#><14Z z0h0T|${{q9hKZbw-<&3>9XA%#Rwii(ge;%bWIlyK6kD?X<3F!;aJQa-ul)Zv3CfR) z3}BCPMX94GbbibOmF3)Qg6Pv*jO1V<-+p|%pusWXkXZVg08={}v)8Cre_~K6_P=nc z=7H|1!ev3B;Eo{BO(YRQ2vZY(ePrw_@K5vuGQp}Wg=)#y^PizHvzFxI?O9={m0`4+ zUntjY78c19A4}C&j6t!`l)4-;XL%!3OFa6Y5iV6dmc(_tvb1SsP}vjD6zW1vc|0GME` z>N#D+QR??$%4rwFpWUP8&8TZx>xjmUbvV#x((5JoT{=k(SI*%ap)U5^>vbB6Vl(xc z$2;r5X#7V7Obl6+4`Ue0uf0_GnS6Oi1Xy5S@22`j`vEI-6@(H?DNP}$sTxb$dP`&$ zVQO2fC6_AE47u4WTZ>-PTHxRJB5Pkm zefa2H$MZ(O5!IAm@Pnydb1ks?7OA6oL??~VNs32zm7-QDfBcY^^@JT|Tn@{bXk zlFMayUMZrf@Qjg499^d8btuLL;;H3StsH>~}&X1L~G#Y!&tSw*7cr#3H(uEGZ08;t)B;@Dm1hDTN5z6-fj{e^hwJ z&?{`pnf*U`@c%grqJZ3z&%?6G%jzyjM*TRg5N+`ke^}*QU4x$nz$BzaomVvP5%8{c zrn3Kw`Grn+mZ~ui-Jy{R`G@^1Y4V9#T<8J*izJ`3<7?BG>k3SdVKKPwRyB>Hg0lkerm+@Q)QoV&}R6 zdXnRY#PwUL?8nqHZE_;W*#xC=L3bcnOip!@_(Y!7NK}nUII~2B9%S# zR*4kLI9nLTT|P1}lc@rbe+fL#_-W{$>7fV2`2!=e6(5vzc6A}N#$+v*!iJ-2t;o%U zI_HQy9Z;jOW4;eWbfV25e%%&3(}O)A-j&q}I77(J4d3?1X}?Rw`suMJQf1`A_7ga* z&Ou=<3nt7$KawEDZ7&mGgK1>|1(8&Rg~X>y1V2!TXwZXdZ&SkfKSV(G>hnXwG&2%{ z(tjyHr%QgO-+mCUJF=#S>dxT!ZNkIF9Pw#gm@6UI7tU=kOJ zf&;u@%5qkS*E(beJv8h=W=r_W8s>=yePByhPX8qU)J9l{$je(ev2XjxWisRSHVPx& zctKKd_kp&tWaXww>7`CZ_4h_44Y$&5b9&<1f`89HhWz5cnxxj=6x5T2EpB1aIqvx( ztdhL1pA^#vp8KXNw{H~FO(JOB>3|bT5ve(AEg`4*hX-N)od;EU03O_2`(2C(DVJkq z7}S-{2ZxABmQMZ@eer>@RRj7l6@RDQj7scU&X>NWntlVMLcz3B#8KlG-c;kMog$oa zMhLk|C@268qTm+PqO)kIruWF-r-aWs=RJpO%!y$XB98T^v{QIO36)9O5`mnSH*xG` z%{S7{LBlhE8=%S62MA+H%9xwX=R9m=o#InKC+45%_g6C_?gtrNzK|?WIpBzPk04XH z*cxDA;JOY_!90d0hlFL?iO*D7BBG?62gDf5-F~;rz$Po%ZBsMC@PAogwyK)BEQJ@iIeX#W=Vz3 z?J&JS^o3>npTy^pr}n!A@t-Q-^|nqUW>Y-=_dG*F659VT!q)d@NWV|JrYTA?)Ou|Y zZP%U1LOd=xQ(yh=-W56a^20#WIk|EyPb%1m+mBRNRdm~2Il%0S%2)({cx?8G`JD2Z zC<_ljKP*J;w!hg-z00=|X?12anEt6hgzIu}Qto2Sq7yoJq|Zfu z2CuB)YR-USD|J(@*=wE;(E;r+B=n651Gw)vct*}vuewd| z+9N^WEJXb)1uTv>vpZVJ2{UjIhsb#>HvAU7HTOBT zvBawu^zE*7gzM(fI%$BeyBjtL^KMP7%1NjjfAu8eZDuFfOI?ZN0ZSHCQK=KdFzFo&UY-uN?)Rg&lG7y zK^`&91JAIU@J&5(w7V#pW6Y&7tYi6p1waN3SSXM-PtjrTO zj1ltQFjZA2Nt^fdQyrn=Uwz5UhdKOlf}5ZbN~crR{zZbDEK*!a2ghg zW{<}5=Xhovjm>$oPjMi>U$}0|feJ|`PBXemHXEyRhq2Yaz%6@y&t9hEjP^WfrMwlq zpsse@;|1(~0P?ce-z}g}NFx~zBsF*Yv}#H^@k1MxeLTR|f+3I&v?Ich?~l)7CncJ) zM~J*1-!4nrewSeR?d^?8p{#QDJ+DAMI{oGxGK}B$JEi$F`Tb4JDf>->tP`H{tP^u zpv>RYSzTti8f(SRaq(QM$<5)|Kb)4djxDbf8t`ccFJ>3`3U%3U>G*gx5p%Fo(C;B~ z_zBDi5wOqa?C+%eM18i#^NXNLg{$3>Y;Sg=^4BTsH`0-E#3_fW;iv*MN z5gIPRkOZRiklg8}$g?VsK!@ob)3RFE(2+&uP~>Lz^SC8)L~YjQgl--)Wvj(JP^!hG zLtW)~3RhIr_1lQQX2a(2dG=<|;Qh}JKAKHmF~82pXd};%>%w&tTv8q%=5cEXdr$1i z$@Mo|FKm&18SEqFTr_xi(QPehbVL2VU{qwa+%xCRQdX!skgU4C@c*b?88DYXfU$ug z+UAtE&L@T3&MMp*3}!yoxQD^9(nTh2FRQQl#%VYQTtIo=kX@dp*b~qBfC$!1~WgoZdNu}$v&qkP-${TyHR?Z;g z+aUlu_Wf7Q=h@XcBu-<)2FE8l;iTh-t0sb|z`Fyu9h^^Sv}@mh7H>w{rDG(@o)aFW zrY!0j^x_kUHQmD`-nA^3zuRx;J+;|JQ+MZF_WS~R8$?Bj*D<&RKJVF7WW&=EgLYBr z38()M<<<>b;1f1pOoOI^5(2G2u;qh1poytPpi=DFg%|@rqe!I7Zo*UyRD((sB^O(I zfU9B7f4mc%^FB7kXEV1bu4HP}o(L{1q;@-K4LZEGsq9cyEMort9>$^1Wi+iq9_Ay9qrJka*w>lefeXR zqk!kHFMZYAAmA+Y?u9GaD;M@zQS{!_t7t#<>^QM)U{2OmWh6aLf(;5FV1!UX-;kS z>!>u&Z{I8#>N1Q`Ql&Q7)&gZp~5XoxluQ7Q5huUx4>erE15gq80>?dLjn9^qiA_e+OrU_^d& zr*L*)&UhTj35x6<7;X@xv3YISs zY*^RiRjli!*K2*ez#JCVp+T(;)py3N`{q@7bn@G4VNT%9@42#)TBR(iqd}r0ZgA$r z-f+kSE@ISps$REzcfq56&-Ir?+Zym)=fMwg7%bYAMT}=Zg5x!23%o{LT-Xc$dlbGW zV2O6QL^jLQnqn+ri>p6ruHd!ZZtF_Og>%0Qq1kbP*7V|>#NGb!&m1@MA@6a(M-%&! z-yW_QbOzmc!AYFI5S75Pd2!>>Vkqr02~Cd_ysK>#&wDWd zqutKX{7ui#2%iLy8S;wXuQ!iOr>-OzGp1cp=dP{KThN=bnxU=D^`0p$hiH8d(Y@$U zsy*P$Icn)qs-5Kwo$hiQ-q)Bs*OFTAPrp^npUQl|RU>vqdC&Ra+BKLVxVF2}DPwoB z9>yZ(Neta5Z9yyo6qKNU5l3M6ZoP=mNBL=!jkV(#G)R@@TUx1%r9jbooZmWQeOW=% zWn`d>+&p}RzLF(H?b+e5z4|L!P1t->W;aItbZ_gK`Ypstd zi}}e~eBXJ%?^f%D6h}L% zkF{C-WD&lI!is*0637rX)}?PKHcFZ*pkqVJ+uI1GFUw!P--#fKdcQ56e?TneJ#jB4 zaA9UyW9DhEo8il`aeHxv_ObG6@lMHm=>I;ko^y#}o^^p|l@j;#1ZCwg zavWW=!6-RG+U3hwhEcvl^sSqWgL;c9!1p4GA0}q_}p=D=kO) zXb5|%e&>SkJ-FeYd#J7Kcpn#nX(Q!Xmc%$+kx4NlOqXSn_hdLedukwe)ZAjSklm)+ zt0V8TAXo5gcyJjn(y%sXlUBxN^4W3l1h%{Tm>+*UY=!cj_=Tque_4MC^0pXpu|NK0 zfnG|m!_#OW2K#TtgeO&&coN*k0MxQ{k4RV_&fegAH+Yvtpyk-w|!ZzZ^&Qo6YI*SRl0?-(EbVB{uoj6%u(K$gxO zNIkx>_>$#QFw;~Qw2sXjUKez*1>uFp30WCKvk`IOC-q4Jxm6KY=aH;@+;64Q3x?pSu&A zwPrTS&27n~IPLOnvzam((<$CY2u#MbVo{T4$xi5R>A&$7ocKga4mL4CdL5C^Gu-*7 z0R7bdLjW4k!VZ_QEF=L8XxD=H^Pbq%i5U8EDK2Z*ti8JSo|QIe?c-@TaUDe>132xU z10+chW{IwCQrHdYtBo}RWBwd3qlhe^^uw1gErAEBWCFRoG($2RM=4Jm@Q%*jihSCN^1W)TKk#a3G#0yKiprz*+8PD~1KzPPqf znegV-YV5n)uGyQsig0565(qD$I;#0t%S+;SBSjOvvXxJw=R77 zUd|x-?~XszDlAv+3tZNuX}XSRya;x|-?t_g@oxzPPd-krOwweEz03#z%3NJyvi8E_ zl%~MfUvY{OD*e1fCvnXdSBzHB4V^vnY`!W1l%DXaF4TNy>8ZgO+>Vn)!iv5-!WDPA zfS}yp6zlf-IfMU3F5<*zLZLTeso(*MSG(f28xq=b9KQT&>epW`t+_VGYaZ0XLsus0 zi};b%^ESUcb2{3=7P#K>`&Rq2?m=X_ZqzejhZL{Yt3}5NV8^S`#a}M=l`th=`fX-c z=GN%Vjn=7vtSR$Nfur-3o<{61Tak0FLkp$X%O6f_sKE6qSEq+>kIr`ba)6Prd!l-q z-wk)qdm>@%-JGp43r)F60+8$L=tY!`x)3s7|L%eR3NDEbkZ73dVdlpv96Kc8d#I)G zg<}iemwve^Qf6Nnrj1Cvd}6K#DH-*krtM2F9%yh9w=Mu*RP}E?nV#^|=`i_G|W78ulelO`3 z%r?lx_afKtcURzmDCT!3V00wuU#AHC+FFl*vz4>$>n#*PBJ9I*r2QWWPGs5)jT__`ihH)naIYz z{y2GmJdLQvYjn)^2tR{~6;<3J2w8Ou})M3RC7A(F`}4#P~08-vniptpawnc%BcU6R#emMxQ8acfgju(~yx; ztuNezS+bm5D-k)`Uk2voxns-pho`d(->fM(b>MucK&oxeTte=rd_7-PJKH*feq{d) z1vlaWUKCR~NO4=n*bQgO>t6XA3aFjLcAnXm=OH&7=hmcGtJZ_R$B)!<;RjMRE@``Q+t)I2`GC41KYykO;O5tRfGZ_ z4?&RQ8FXqYWX5 zeT)M~I30J&tQgZC`V*T1D$nAbTfU=99sTUmRjXd)yQt>JZModVx<_mz>k093g}jZR z&uXKyMVirVidK`;v1sopcpXytu9aYDR)}U|6Y+y=n|8JWao6cryJ+rW{Z!-4?K%_w{5d34)1?X z)P|<(0=&-L=0Uo9LSW@_<34B0{IXTR{OMvOf7TtKRXJy6ak#66$vkDn7lB{b-tj*c z>aFSh4Ha?5#n~RzUu+62D>1x*KVTgO3 z;v-`UsZpBxuvZveoeDE^6{1r(SEVd5l%z0jzs@w%(XLiSrI;ARf(RD?qdk}h+3}Cj ze(8D(^BN(@Ez!K?af}QY=)t$!2nJOpsi7?6S)-la)9%{hsfJ&ol?rZHA9xiu;@zNIByV&nM?Cn=OnHVBl>j)f5H(Qcscd5L1bQY=cE#Sp{Gei(-H3&aBMKBMYQp!WW( z%Eu<&GeuUrav8RF;O4MlLyzA>1P}AK`Cpj&`}_w---K`MO=3yLb_F~FYKjx-UMuGv z--Kf;mlBz$V+0%;g|D#_M+{WJ_A{G>JVr2yjvEgPA!z92OnL4(_v4Xq&F=vkQ=nNo z4$r%jQKkCtfmI0*LDM#dcRnO&yy-6RuL#a=#PsAJLgRtN5I9gtdA=3p{BToADoEGt zIg2|}7Bmd!6MPDSDc>RWXNlE*RoPN+HxXD`U+y{-9UV*6eq-E zwPGg^bC@Tv`aIdse~s zmc=SbX&1}+R`=>MKjZCyk7n29jsZ=pt=sB7o6(W~Yk$|qvguF+;PR=EyWX3lgZoYu z*%Mr?W?ROxn?vonhFvPH#_boZm?~u@2V>qjlI>v~ZyG(&KEj~zOBSlcjQaO61@@fy zNO*Wn2ym!Iw?V=FT6AZMJ#hoKu^DaN9xiSf)n-bo2^1|UHD!a&JlCZe9;wH4*sJd= z{g@QFv+S);1sxvxl}tdVFv^E#B?gc(+_-L2m+LDDSPFsHyB@|?zDpNAc&%&WNYYHG z{8w6vh_f;H7laO^=`8z;YD|=Gtd^kPR%W8Tt#rrIu+vAaEIak-I|;+#FdK88E4jc2 zq&ye?`rUGQ;VEx`>;mGO!w;IiP);BChzKwvDD+i50(Zj#AhEl;$xct4Hx8=f&n1qPO#V?cqShV13-k6|!DA;_RJ`~PdqU4vT4+5Xk@wj;MW=x#2{0f$? zgcyqhMIzIg{hm$-s;6b_Rdr@{)IK&s0~HKKF5v>7&Il^a^?&HC%tAV|$ii@CC2z{^ zXI?zq_n zJ-B!1q^A0^Bs=N375Xn%$WAM=(k5mQg9;Qyzt^_=fBten(TmyWe`qOW*GWSvxGwi? zzYa}k>8Nn41~2FAT?m}K1I&x5YiVmL11L(Hk-mF>#K#(&KVN*PR^;4Z4-Af`fWT(< z^t(gkl#_nA9G-Q>A2>|Kz*!d7EKz|6TxT#S^>mL8TgT`we9LI{M9?4S;4Vb#Ds*=j z@F*fvF17Imj@Y+G3Fq5fU~Ug8Z-geP?+;+LiPBmX++jWNeaMRotX|pbJ)rIsMD|~_ zLHB^PZimne_sP#K8g(9a?qLD=(Vt7Ky%kKDjUlX7&TVuVeQ?wxaiP)q3pD8REmWkkQUNq=R58 zFrEjl0uF*|3wSvfTC`udK}po7kTnZmoP zzAEPDdv``#8GRxG2j}EDNp2dVIXDG!ld{0h;> z*1F|ftGUl1>9)&(AldAkP~`l|p1;i0^l1$3{0^quJtB&^)~_t0VYKJ)KYm?PY!K9V zhhV!12hq#u3nD!p_5?1EsYJ-iHYvpV8qPx7-sfh(jHf1JP5uKq9R=1spYzjPB6=^< z`ZoNhqHjG^I&eCif^IzQUf1m-Z_lPbpTDv6xka>e|L|aE2Ky^rW=TCk0Hq%8{_BkZ zPpsA+9s659V&6MxY=M^80ljorC-E3#a$(ba*Yj z>?3))4-T;p-J@ijUewhMIm{Oxw0y_j6YE0Lg{^BkPV~ZUli9}b)%c%zgj@aj*5)yC zxvGoy{KHkUve&l;`e^pO;9fk~AKoUGb?7QNY_3xrr#T*?Fk8QShxT)^<@}Y~-BD%N zZVwt}1b+EK>xt)HnXKVZWJGr1$d6i_WTs2D77vn#C^=vk-nCx}Og$H<{F(Re0i|-u z8*(RUOh*w-Z9n|L_cK_DGHHP-o3YqFvP?Q1gpYxy3jYJMJM@WrwLwC~l)t19bh zdSe!ov20=c0Skp7<-EmKjBi^xa3ud9UvC)@^|yC@s|YA5A|c&~w3M`Tmvomj(w)-M zsdOVC-QC>-LkykL&CoUX5B#5Vu5;bb{k(=(Gqd;p##*2C4R)`3Pep?AfD+*}1J1Jx z|Jg^ugB{j9p(zriva(p?+Cm1q#qL$0af_eKi@J9eB$7hRA6xnHQhv>KeI#Ddr21$8`*;%t(B@BCp$ z%@U}rDM4`jx`$tHj$-2p{OkK*HCQ07G_%(Rx1}&yZsR&#(si@GaAhpn8PbrD z72xc3Q_bjcfS2GtsH9eTT0VO4O<*k|$j$m*0?c<2@~5Cc0$EN9N(Jr!)-1<&jD^+j zW1RS`iq@a|+Q^`0CX1l{T#sjZgVZV6o+rnN$#Cvf>fp)T-TGs~^Kc#&XWpHiPHXpi zT(i92U8eI_2JVveYiZ&Job7u3{=kcs5HZGYtu5y_%LYgYV<{e~_-QbV+tb8Cz4f2y z!INpcfqO3%5#txXuNlb1zGFj;F%T5g6?tBPFhxkyMp}=hG-FvjnkSdOJVRD;Wc~Xr zvULdwa(AhrR&PgHp0s9hnNC%|Pwb6erOoUPgY%sWtIs&$+97yuO|F+mlT`QkI{rvb zMftaN@C$md=(^SHM5+zl#9kxEb~XQ&8T@}hB9#!Yoi+JpId1PiDes3TJ)%FxlxGo` zeC30AcXy_yUK_n#25{UKOW@nl?y|K5mW)?C za9wG)-#s(UYhxwk!uQL?dsIDdO-9m^S4+Kji_-&ZaA2S4JZugpk&oHt?%l}RsKmT& zAnbzo--%;npY2rZH?ERNtN1JfMZ2os72cL`gVu^&-@|lJIw5+59z{E*TSEpI(Nfp) zK+|JSR-5xWlI3&-=*-KYP;1cH-hNPf$7Tr{!{YR3Wo`7ei^h=C`RpX!uYOl~G|9DP zhX+->IIGV!LJkc94R;?`Itsf^)>e*<#&i1LC}l1|EetxN&gcyY5x5sGH$liVWuCmZ zONvW={H^a{3se?$yTW1VDK0UUjz^4Cyyy3DN2$FnPl>H`M2otWQr_1E^t-NQ$FFFj zdt>Qn{yq-=ih5g5%yxd6LC+Wjki!t{mko~_(IPD(mjK(>frZ?!kC{QbYlN$Umup$>+qUmOp$`~+AO1A zvX!3ZexVF}P>NYnR`p*0d5K6%+G_(6M$nG9@VP`f}^{(jyA#S0)eN z6*P}f)1#GNclCZ?&f?6QX8=0cJ~(j@8q7d)Fr5z}fKm=K^hK#kCve8CuI^S27z)Dp zpXuey>@y`8`Xpfnvug#B?OnBL6piM~{Twr5``heJ+`-Uy@DXEm&bKDgCd=RQT#JK0 z^tL9PocQT}LtnZ#8Ff}^T)y?%{Y|TPPrk`rpAYt)(9gk&0sgmXH#odjgQOheG&8rXPb%AL- z#`h=`F0)bU?bJ$IulWAlIom*KIbKVBFOwa4Vl2z=e*WG?{8)=l`!;BqnCE&er`N9p z<-cw1qOoV)s&QQ_E#yM=R#8sy^!QYAiO<%04<+54E^!n~VEvJPCb>BQrFXHrC5}!C zMqsN(c#vs%=HFdPIu9+iWX9v5XWf_@ZtCEH0rN{R4#dtJeCRa%BZ`=nWH0WizIs-F zeeL*WBd|lcpP4!8lp^IQBi^pY%!;Y(szJzhIWAw#E;BS|nt8WQA}1kA&tas#Rg_?6 z_<}EWb<62_dv~1Xc~D0#n0s?|d9zKFg8r+;V&FbUV|{+iAwN-pu~*`$fhnQp-3%pf z;l-(4gA49fF1lYRO<8p7y{%nMDJr8_VPWX|#d#>AjwILf0>0sDwuIPw1^aJ+dJk|bZ{0v2Wz$B{7Lu45FKQIde`H_v`cW7@rVBs9w!R= zPSs#v_Tqa77N*rbnq@Ws>7JC6&TDrvK zDLY#78U8uLO(>}G;*Ci5<`-XzQ8mS9h1=@SgR7u<3Z?-SZN`dMZE)yzCvDEKXF*c$QjXpmK(33-4%bN}KX2Y^HTuWx2 zye&o|al%f>bMBDI;FTVD5eYfP89l|RyIg;YjA#_fC%cHgUv!FjO8k@L3I&+Li_C8P1uJfFN*Zy`hsp@t&6d>)qs>}!; zrjb9gtG@Ex#*apqpqD zuV}D$!fi-5dXx^=mueL_r;5wFpfbA^Z@vEAUvqoY1o%kdkR{*xcrI5JDgLgn^xA~U zR-S-DgoVB29q%VK9Ftzr*oe4Di(0yo{&}D#Gh{vUU~4j9NVp}{dCn)^k92r3Ks<8C zK7U4aAZVpxlP4XPeG?XtO0NqOAyRYU;3>Z(1=Esh*@YTLqcnfLPha_ko=(ndA9#+7 zh8VHRdzmz1s=y^h5~!HdR4s@lyU0}H`&^}+6pg|^r`py^N<=CGwjIZ8=tTASf!uCK zdS@`?=7f7ItZyXWKOY_*?lKtJ8Z#{7|F!D-u-W;g65aJnMBy2LYGb3DV3PKaP7y(M zTJO!0s66(ye_Ak9dVg>U@&w+(o4eY)SD}Q!NmXz7*GXM(X@HKDaUl#}@H`uac~0DP zwuY@uSih)yq= z541*=-|?G#5~xT#G$8y^Mem8ELDVoYUfIYi?bY@?KkZxu3>__CWagHTwj(Uabze#+ z@ZkD&w0g*91;sKr-F_nwmR@-@e<%)mW{qlh(5h6bF*WxPcEe!LFV6#wNEDjegdqOPeBwXqxf-L-QXlWZ0?o z+4{_X2Je8ZQP?TTD&7;WpeKTqm**=jzb}2fN6_isSRoez*Czxg`ry>JJ=+tyCr0_R zGq>oo9R+M<`$b8PCUf6gMdJ^*nwrDj8#g)eMCyde7?^VCL<3fxh=7oAj@|QAbQU zoiyMYisx$eSP?5T>NN(l7^+2LFgYGcgQ1zB;citk&mNgdDj$6H);Jw808dSA_>?TU z7?-Qlz-sqlXR7mk=&4}E{3wvmd+3k;lYx@gz9)PR9+*1GxM77jR6`V81SlJ!s?zEZ z5`;B41pZ0l*c z)7Z=SYR&ZPqOgWrhPkRoX&Vu~X2l4O9u2O)h53sGpz@|`6_$RH{q~xxkW8=qqH(U4 zxcLQ<+o6tuZ6RZ~)cX6mc0)dd1#|bPG*0Is7_wR7nz^h+ZLtp`&RzWJ(2RTCeKC&6 zyUjNrmyIKi(LAv*>P`uqbDkgu-9(^hf32)$v0Wy(G0D5Eooj&Vo_4>1Y!$&;?;R1V zs%I7iaskmY8s8szu%aU8g>Bu0B<4xTE3CqQl~8^@5BMm&E!+^a9X!wtxdAk0D&X=tdp(h6IBZC+; zgBJRlaG2@$Ie*^v<@Y1xKCCA;= zWSEyiC8)d3)s9x}@9l-?Xqs+p8fve>6!|OrH{zg_`OD5w`jbhvI%m4iA3d6PC!?nD z{Ogn;W0KrUUFz`yO9GYR=#k#X%fG}xZlNye-O+m0E^o^LGd}gW0_jyX}B}rm# z#tw%Tuo7wM{ptmTSnRa@WPX&E1}+?rXY}0{%$rwlzNE?_;4>;rNK^gYWW0l;^IF_q zCGmlcp4}|ga?{}YLpu>HKu0Ob<7<~7ps zyWz_>>`BKzq{x5+C?wKiHJqc^Oxh?XR^@rgQ`JK5-J4{i5@-+3JPXhjoD)L^p0eA% zI|(VLFR#hJb1KWgp8atPC*c(W+z9JF;Kttd?<@;1AikE&OKXIkv#9I++t-(p#gP^Q&j3d@P3mxFp^< ze2xtG{y%*8uPV)YMK8PUAsy+ucf93qY_m&4m1~5LzUyR*52oDUEXruGc5rdRnH4Rs z9WKdf7_&|}1p(?K5jWDmWD={5OUKWDl`fF>+{{i-vB2}`kC04&N>l;6NBp$Z;wb?_ zfsNC^Za2T?K<;@iN8zT>^AE@K(1%ifdkLxh1^Drt=pccmvw*YrzrkJ9al||?@LF%- z4VbdGYdM7GLVo0I7H~yJxO029G(z(9YgeIuh@TeXWhr@CoNn(A7nv`=pU&cp4ON#R zok#VAM!qB#;%1>cxv;7F{jPsmKvc$#)F2BFxH!}OU|i+y^5t@azH`6MURu2BDZ?mm z{ch^XdDY7q;Q>3Auddu9Z@d0+%wunO#;-%y0dqjIRB8nxdQ;`{D2!|NDBsa_v}UL3 z*BXio`Lw4ZafoM*_*=f-?NE5VSH*e{Rj2%?kK_hVw8bd zrl%>=5127YJpf4c(9FCe-3M?xc9szD)f|Z&qlePhaaR)L0yP7LLn%XXI=K&-Ig=9zOx+(Hx~_Ecgz}CPpkFU*-%n2wUe>hO1kg^r^Q4}!$|jXKbYW2jX|+enlW}*-)&n z#iQ4!a^hkED_2;_u_c0YJU6J*^JQ;yL<~P7KfC&h;F|I*hqlr6QFgn*Gx}siJ(Fi4h8D7+Y$avmgc@Sz6+zYiK_M_FxwZVu2>Oip&DiYJGjH!Z(2*ZCLlE1X zihT}iH@!KNPcnmk3bO+-_`~Lz@-1?2$F@ch9Ds+Rjc97#Km~s=bcqC0yUeEC@Bc23g^zHCi3akDLHGIxcWTqHxpf9lIT5iRe=KoTJ8 z{a~}9P{FTxAO(Ob8bi+3OMt+3lguCA#*ZKax%+uKi}8W^ct}|f5(6mV(Hx##IswBY zW3@l&!sC&Z7&L#Il;pJNz!gz5+|q>Lb^4b8sGqU;fxZo{Ii&%AAm{L41WU#w5ZV!* zG^V5IUCC~DoZvLU&eEv$fL_EXZ23j2EBYIinFT9Uyqix}1Hn0%9bcp#fTVAcr`mc8 z_{ssKWt0+O=32JY>=o6%C%jqW@%?UVkRz=Q3GgbeYn<&_U&wal4zKKkQc{r@>vs&i z=4wkw=y^B?=d=pGLv&1B8>{IpCYOK+7t!P9j_&gIC`Z1xmP8W9!&v~yIW|O)jWvfM zkWDR)sN4V=WHX7m6xg`fz`IqMv`WWtLTy{jSy8(lXq1Uc-2lY6tPP?LR z#!ayMtYu76+kurPm;FiAl}_}|&5^{_((tVs-F3GERUNT|WdH|6Z}rH>*GQMmWGed) z_-24T3`k2=f17B6--#GVHO`r8n?G+Z|YsKkA{S?^+&OA**zl}yB|0x_@ zDA072v<)MF<)B+)3X4=^=CxEDSnJQ96s1AuDm<$&n^5JwX6jRh#HPKamrAFg$9ZTr z0xcFBCJqQ`ulSt2aYOTG*MVVN-VqT@|Ca&$ z3)}Bq`fYxfWdCsbM-r51t!1rM`9#O-RuDL6c51YA#lxBsQZiFedkKwdj`Nv-s-rhZ z#by0tA}vLcGE=>8e?+bgC3S^ZoimtXROJ9*F~VyN7mUk{Z#X}Bk(cTY30&;i?lIA% zB|Gt?S8~^IZ#a^cHb5rb8|x3-7%(kH?kYum@_j3+`a1|8#yH(Ja!6Tmc9V2Qj2&Sw%_7!M&AJYv|PvfPRnq$iJ}Tt+*k)Yf|AyM}z6#kdd5UqMUhcPdV(voB=9S+po;P)|u>So`6{qC5Kb58_Dv`-HR3ZLzTF;3~<7TaWO}F|ICy zEJ^tB%nS_6BEY!=+?1}J1dQJ^18)Bakv`;Bqt+}OafADx?co*fpIY=b^P##ssmP?G zu!#|ix*@pq>fMxvT-@WV?~}v{UG=ayRyoxscV-7x2kgsq`OU_ce6m{d_wydZ)NWI(T!oZvMvNh91mJ z4zZ^DBsW5hK5Ad#(wo(P{nFsnyo?vR{!j5wgs8Q7ccAZuoM&`6|8fv#QN)dPo9N|F z))Qq2t046JYy);UEgbjfizmaE@a@|I3wNOGCrsY=vQl{05?Rl~uAYuuqhZ-3tiX~u zA5JtGN0*6GcIis(16HCCM`P51@o63Ri5!i(U%W;pqB6pZjcb#kepldLyg=`$VugKY zweJK5xV6FKy4BqWnD626`u%PQWe5KP+>=5`rX^WA!X@E72fq3>$ffg*)>`WVoq2!E zN#mqy3NRb(9KdqIaYIBSc+u>h3_DP1r&mui9O2K*Qs!Ex2oaxQ(82|VXw~D}=fkB! zB_$E3N38sp@Am3gyjqnM7UTLp65q7={{d=ECjFovXHVp&(9J!SqO<8+}kd_gFs zL4dL|c<2>!5xL-bi+l*8q<^~u{U&88>j59}qY~}wAf2`9TIpDqT*8R&r!1Kf@@=jM z*}BCr&iZN#G*fkhN~vSE!xK1`$-Qb_<+l!FJdJ>TGVs>$`*T zg~OKamz;xRaEq_Z(h3`(gQ{%)gm6w>X{}kxjqqpKAbB&3Iav)42gm>x0NO;Nu76F2 zE5ob%khntS{eq#xyQin~Z~;A@*MW~Nvh`^YkiU|2ec7=^o^-+7| z6P^?~SgXdC1}HuimEl-|_NCkm;_Q(KY*>0rV;>0grXO0+*ii`&xIe_r^|(fd{N$@V zpGQ7%ZKPkTU8-=;*21Q9^TsesTqzy+OXBq6bHUk-;X-hg%(QD_^)9O zQ9%oas8+@_0^9X*M`9hIJym*G$H&y+mmDiYIQ0zAN|b;DkY z#iW421y&JZQviO5GOnnP6ux?Nor`)DYEl}&KXijt{tCsMiEi$#+m)0KoAQSB0o3g4 z+TBP&$+JpXA4aTi!Dwdm(+e8CCJxs9_&<3@?LP?oTl`-2>sLhIGt9dAiK0<26nt~% zM#glGjrcTA?LYKjNI}H=y<|zoKbhFJh+}V;pUT_sPy-*zzV{_!Rq^SeYH>OQ zrHJn@VmMSZeDsxl66krMj2z!3=NQJ6MOHb@ZcIlmy7(Z%16|A`#dM*AsxcBKxb|(C zT^l9vZ2dZdl#m5!7sq1$1bBSD4@+nYRG}U6J=b%cOPbFBwsk;(-gES^zT-%|&sL2X zJ03bVwt6K!bBLE;!t9N6G|-LSkp+Q$a%25X!1xld9RiUw3m4n`;MJ)TqHdGet&Pge zfz>H~8T@Tc3q4>6>0pz{7;5O(E>Y5TxcP8?w0=Bhlw@3%!G6b?@Vg|Ps;SWohp;Ya zwaZZFw=0{;(R+qfQ6ypaPs^7l&<)!UrjyazUt?L{7)i>L9Hb$}m8xXSzKl&5cojBQ zHIPmUxDghxs%|yaXUg2p%+)HU4=!SW6l6U<%h{^v(;*w%V;Y(Fn|x^6^qaM}F{@Ty z8-FG77fA~x4Fq=K8?{8Ht}B$&UgJyRAVf`c?4p)g;GiIIWsyFWxVWZe^w$#N1%7*; z$86Kbo801&@ak!t6wzGieVs%9HC^o4rd_cV9{4fg>QAKp^^Y5~K5C%F>WjQxy%z_d z_ns%&=%n<%Ut|Z6+_3nM4Mg?#1;MWkPq*XLP`uF)EE+|%3xP_PzlQ!1fZLC!Hc35Y zB#LsfMZif&tPLLGu!@BG28|_y!Ab3CT0j0v`d}3)Dq{6wNA@GO`T0Wf>Cu~q znG)nS4v-yhbM-+!Ji58dY5@g=c>baZ!uAS{rG;;Pyf2vNJu2En#hY&)tEjXA&0; z_WV-7^a*xnW$Gz(`;C70iiY$pu;TnTxD-$z{lKvVx|f#MvEiTL1AiPb&jSWc8;#%? zE#5m>oWDh|@TO`>CZkzm>@IIo6%XA;9Da+*bXmqx^xl2hBA!}Fy&hJ-D#hR#JL9jg zgn$&x-;-Ym4a!*9wcs%D&Y0iQZ&Gv|55*;HBsaid0-kGn;Lb{~bsm?y--8mRh8dMA z43X(9^uzX8u^?|R$w(hXadf%NQKZ5}3~#cxp+)Chp@`s{BJJyUWe*zzrNAt)4xk1;FCP>MxCJKm`haS#ysTN$SS88Xjk`Wn_~CCQd(a}djC zxH=JjBgJd14<#^j$NuCTWpWv-8*B`@*jjpJ3o zdk*fmD0}6k(W)B4SC*LW#|x#c2q%6Bui(X&*Xkq;bZT%z=jHt;!|$rxIaN8Fr>$K!l%jrNHu} zs_CLMSKvgPRb@~*9KL=d8dy^c7+#B2ij@SpVXB&-)qAZ0XW}Q7sry}ePUi!U6aIx= zHzbqk5F7k~8e;L>Y}?R-FR>`Shl@#=*?@74v&$w^L0F7-*dv=N1);NtND7!PHA6-Q z<+Oy|=ol;@ndF<}W0K@cTZuTXt?nw(L}~OEOMz73o8I*ax`yf6;>dEz&Lvim{P9+j z4+hs)Ojp2n)oQQO?t`=UjV8ST(TVd90&YvMsxRy&obQ<%+6>F3MpgLY=3LoaxpRk( zt_S-0%??+>@redI*b*4{c_$RNrbKT z0NA+TSv1D}bOR?Cz4Z9~M4EMQ`9Mf~Fe0(@XvsMQ7oZ{o@kkm1589yT#jB!~zF~HY z8APmo2ZzfW8^$ij0XPG05w>Zr8{R-)xWwlvUMMIA?;fG_<~W#6QGEKl`m%n!!jRYO$M@3CD2eod#5^8k_w*~YumzadsPzPf zyrQ+!Zc0It)oAh3bKHu#w@ha_Vt&YUu@Nn(ZYW8jJYA-#$VqyjfGXP<+T$C}|7jl` z1yjftl^TmAS(Pm30+|~u)?a4?HH=YAUp48oWIIOX2BV@`I@k;RVvyrUROTFRds>Sd zSF4iW(U0Gw)OJb6aqaRk>J?aledH@ZcouOx-xC3*htp*~Ra|H_=(&e;pj(+a5g-F9 z;(TfqIGo=B#BUuLO$*h}gun+`0mA_Lkv|^eN5~Cw*Dc;u1Z*CMC#=OkpUXrUxov}f zX4`&3D@fE*E@C3pId_uTv}H4TS^t#mU!^spqTXxesAymXy|WxmtNus8(oIwyg+ubI z3ZM+aG)s)OAb4^`I^M;WQ*|{cbpAW6fF{o!Z6mo1_~H;HH*?(S?0D&5PZk=ISk=H+ z4oC-dYi`yIynUnoT5^q{@@mtZ;!|y3hO=?Y8LTFUZ4;@7lk$ii;2aLI8uy7}=<%`J zn}V8`7M_2pUKDXSG4ixbS%;1svQF9W>BI{O$u+ubFuLDG=1}%bYA8cafk_?rYn;r` zE2qW7_X(aOlGA5pOM({y?k=sNb1+M(Rb9Pp{&U=f^F$N9jknev%MwntQ!;B>Q9gsz z$5U@44ZWgs0|DP@*~j-o^5niD^`x^wxrnyQItqKPSr$9lWvO{CGGjuVbjjpfYVX;Yt|#kgpr zC)ykvE#$0#gsQwUMeQ_ykRNy7xsdVSWb*v|1%?|0rEs>^Je|3LNWDSICDLXmK~|Z( zcT+LI9od`T`e#tS8Y&L%R8*@*sL?(rCj*LX`st=;jR3E%$?NLfYgFdEE9tV?(?5Rc zn1uSxRCvi1DCL~h#ooZq_&1*83$yJGU>pvFdAOjS0RB>XZY1SEbg0x24P^WTeKed_ z+^^>n)3N*-pt<%+ywRODa29}f+wxLc03!aX1WNp{X3y$D2cH$hXt!DPruUYebaO93 z!wImV3yDa|A8VAPyJrp(Q`IY+OvP1fm*QAEV?(85EXR%QL@pT^gz zKm4dtP;SxyphS`@sS?D*89yX&(Ga*8y^$+hj?hp}%>mZTrZ0C_h^!ru8X^WD@@)9e zj_v;zCvX%JKvvG=8;aNKOI4i*sbg@iwcv^bx<_2P1PWS(hpbX`gL&5>L;w|gv*o|5 zaKf*ci~bQAlZ}xx)M}xYYD-V~Gb?5ed?h2(cqIz$60D#-V!EV#A^b!e9X76ol9puc_s*~od<*VIp*n#+x0|^{|l)8 zpSomPb{VL;$=|pU2}VBd^Czl9Ox10Y^Ts9JjDgL5a@FfE)o4To{DlCnhm4-v?rc@J zNM0;+E6oS~1~FB4n>&+mQt_iUTYU7Yp3^LW-A<)%={*eyOdLTsbsd=4h#wl7?UHeLNdc?UTEp6+)6 zy1rU|S3Q!@Y*1SS_W>oZs-uBz&RPKh{)a*VJLxF4z6HQU__(DHp_@SszP`n?Owa!O z%Qo`t^rPu-YM zbxJxF0b3$lX7!-&RT1&-+JqwU>aiM_CfW#|h{I&OJTidrNh&f;%#F^B@Fj*>30CAt zl=XDixZY@;A<$3fhD$9so0O9A@|9SW7BIuy_2;ewM%||^6C8K!NA15SbHLZNl^R`d zGj@*Bm|%t`u#Uhxf5%$b;}|6~l>k&To2g@QZv;e>kZ@%rVx&)Q^g_srW=}}X5-ShC zbLOn;Gtc~uS-eDQL``|^^r81(mRNZB2MR5CbPolXav$WV$jG1qt;6CNi&BMF>2UHM zUnY1|&l#hja$I4=6J^^|u-n`#OD{*ej%j8Ff8_3&5~$6R2>fQs`rB94`|qa@^+T6W zQT6lBBnLXq=f58z5J&vdH>oaum`0{EBM(6@is(q5Pe?GB0#6XFafBVOujzd}W9xG8m_v{;JHt z8WjLEw}ucDuGsocB1?3p%zvEOUl%VPf%vq3=rNt>{USUfQESl4qG%9PT7F|Q?bss% zEJ>3=y2y{3B|^B=YCG546fRKV}!UdJ)z-|m3z}h z!?a%4n3219pP66syJYvJA^JV%-gS9$aCeFwcO)~Opl+z(so@gN)^dXk{mXsFP8iHBO1NvFL@|=R+zUJ$Kqy}M-a^c=0>kf;4hcFnNXLqpn zE)RlHpAqx!-OdSew>6RBK2bSou}^0AQazg5Ws#jW?gWgtt!qS{?IQbUsM?@ zlapODPMNSf`hEX6`eDlBew_zM90+UYR|x%9xqpeca=)lq=T2?8#62N(GM<)4^x^Rh z)36$-7*#)3<|a|lEf4G%hzEpO1;@QnKT({fYIZY#07=;P8`avI*FMR9$>dAt_n0|Y zpKH*w7*`>XS%Mn+cMiK^8XogSB~-p_swG0-rU$Li4pcvhjTuelOoa(q`|l)K0cygt ziu$7iDSmQZ>qLDR{lCt4pMyFixbCdWS=H#ts*Rm`^v#W5QA5+^s-C zFk~r`&JeQiHU()==n0Tzs;T~-}i znm=yIOBXF?kNfdf>SnU6rc~Te8i?nvMbxg*y-ofUWYK@0<30e$bbIdYgMmDj3541} z@mi>+69f6ry_PyoB7h%6GpAaAf z`q=eNM+uzOSJX&4d#<$VcuAf)xtYzjTVy z|5s!t*~0B0N3XXki{VIqr#LdYW?r4$cFJo%cl30)wd>WT>aQa5epQkP1Ddo-D}PW8 z-|KnMb6k5AVNpC=Z^+ag>u4XxW9_@Yve<=CA4bUEH$g|{fDTEBeD!S_(GMt=SiRXg z?^`g1u(pux<3_wPzrE!4v%`X|n81F@9nj$G-vG$2?DSY23S^pdI#LF_0)9kh;KVlk#~)@2N>^GKbySKd0yYHD8Wc*Bj!U;U$C=WNE1MH{nTAF zT~?tdVMzKDGo)udM_;z2_Z8RpnI2oaiK*N6HGAvofZ zA^;cQF{fw5I==b_WoaJ;m-Egd$7H0z$bQA|VSefXRx3QXql#A9%*zC+0WgMLdx3yT zk0e1LzESZ1;x(JyPrPc~kLU&b5tQ`yfoJnCBWBlKz$|Liy~w+Rgw=yD^{HtM>}_~b zzsW0RhDkqwS{`QArx`U=nGa#-b(sYN2g3n#HDAf;?Pu2r>}@gfof+>qCV;&*Au*77 zJ;uCDjB?9;jJj8z`FZ?PQ0P2Sct!YgGWX!X(v)>i>JKor-3V?N96e)`uv_ZWJ&o7g zEJdY?&Li6@y%|>}h?!^I5OFzvYw;llyYgr1kt-Z(dA}^aa}M_k{b(~E$Mj(hWB|L# z5KQzIW`4c0e-OJYU(9xvQa69J6df?&p*}X>5Zgmmc2AXai`f2k%%Ei~J0-?P2GO|w zg?*97OZ*kS-8QC2k@;ZiThBw`%&d;6Shb5>iC+qb_%NlGydL5L$N{6nx9oEG5V~*i z#H~@MYFZ<5K}C>pAS~zLz62y|RUv68zWsLdJ2E{MC-X&zMS(uR5(X;dZh@@4pMYMxm>ZA_0(2O7 zPy9c%JTkB2~7Pv!4-k@8!v z`Mj?l!5ANlDKd=imm~%wcKXv%?;$-lP}Or2<&s{ee9jH$D5>p5X#FhF3S?Oq4k+~S zYFw~z)5JtB?QOihL@cLV0}~PiQ3}ib`jA7F^a(01JHBWH zehwI+x9YL63W(tvn*v(Ado&I@fKSGKCWwN^R+>f(EKv z^|2pYe5QE7H^C0ZT-%$6+SnezuO*4RTwq;uRr3dT`7rAcyvTOS^7coQQN%6QW1m`nmT4nS z(wCU?pW*a5${kM0^MN^;&c+t&n-=I>Lvo-bZclx+u6Om^Cxq-4Vn7saUv1T{jKs*9tlr`{$Hi^-J_-NgqD6#HnbiNs>hxWM*CTH2pRiTQ zm>fPB8IUs3b&-;$d(LV$!(4HJ`_Xx$JBONDT<%9$VS4XgDq5glui9R)ngI|#@BoW> ztc)?LLgdF~Dv*c>Z7aFcoo`y)Q3ySSTE#9(E;bVA-a(*(yFapij12TgKUTzzcdf{z zd9KPaVo<+GL8wq9@K~ri8V5PTV?RS(;(>4@_&OJxj-HIhj-GtK7_^j!YkdWj#N3hv z(@l>#y?;fize`O7d!h^8c%Vu613HiVghk6_-NwYKy(9j&pPf&MNtUc}3^4SXu4r}q zWh?#w9lry1I+g zHtWG8czIK)i*rJuT(7rosL3*JtPPvKXt}*q5wUJ`!vC*Q+3Y?DX90PT127ag?JeX$>iU?m!a z!QuFOeCuN~zf*2L4qQ3DxsMCo!Nl4bU?9adc=Z+c&FcUS(@R#bHLd(4rZnJgP$~5( zR;5m-CV4NZCwKQn5h4_yah}%>yzgha+?Xeg5tO_<05~Ocdlp{;^je|+fl0%v;~{;C zJDaHAdriH|19w`?6H#P;c&RU{AdYByM{iKr+PL1_-35ctS8#leP&6Rw_2? zRF>LV^iHizV$$A1)9YiZE&&td8MA~1uVOEEtM*1R(~UXq$8%i3CI=(B8krx=kSGsM zJg=7@2UMo>6^4UBWjn)~E59_+{p zD0g8J&nuyEPViyl-ADUbRbYA~E;p%H%NMlof#P9&QJFE~E>ny15Oq6Sj6@9NK!`ln z(-Tug^4JbJs5><^?BI?uEcTVbtJP1cZD-fLi|lPUQ*N6d*RxjSR%Ysj{+)drH3tA z&2O;QFuD!ZxsM4|d&i8gi#4xto17rjE89z9{#O@iL|PQ(D}FeoL9X62m^wF`y^8f^ z;A!h;VTtzi+W~QN^_%~{MK+eNaLv`B*DkwB`sd>r_sge8#dqF)Jo#zGidyv!vR{q{ zSr~lRs8f>qsTHRlwz-1xewU>VL=Wrlhk^DVlUL6TS&L6@Y@QdfamMZTxQYO)hb+Lg zD!w)k()12;(29*txp9;rk(94+Zrri!V@vW@YF!VA*SnGNCT}L&X?l}_DV(Dh*g(|q zyqX_%N;Yyr*Ol}S-p~^2`1Ptq+1gL;FWX;)i~!#h5O4P96ZJPh7nfoXXnXC_XxSyk zw?lsV2|ys?Q6;w$={Gf~uoyJxc(&&$@l|<$v&Mj(>sH&B_+Kj$D=j^f7O;c&mHXv! z0+M$hI`j+W(1y=u5pX@=A2Jytqr)AEoa(GfY6ew zcNV=r+hBCTg}$SwET26GUbzbUetvA?veJ1<+xJ%8dxi4cV4m|_4!5}0cHt32HjK%5DaFa$z& zdh_NvMzlwKQF&WVvdb*JTQK`1&mfS({6*tx#~;dAg~IU9L=GyhsCXaq zEWeHWrp>xX_uZAQ-fN~?J7GbQF%6>KDq1fnp^jZ9~ zOm|y>=_UUmY-6whC7tuIo2}_eCo*mJE)vI_FZI@1>!2|%dGc%r_Zt+mmwLew)weuN zyV=z_+DYy00LObhwODLrbn%j~A9pJbr5~0l)W7#k55TcrAg(F#q%Hg9%0TD6F6we+ zebcc4v`X0S1?COy`FAB`yleoKgzSH*S3^jea`7HQvBGb)=rDhGqyx5^rV2Zv?fT5j zTns)=07`ltrQ7aBjwb!aCw+9Hon;xe?~R(mdB(G)K9{UEha9?eMi*&>0l<@)M91Cm z2%cID$I(DgcSXU8o{!4rwN<#_7Sar_oJsuT+pz23R}%+$#zwJW%=USILAZ0*!vZ(P6^q$>k?M28|GH|Q|>0+Wfl22 zL~vAljmLq5={ClDG-9Y5qM(>x@*;Ta;rBSbMW8AU04MBd3rzu>19Q~oF5emUQZ z6bQXW-E3{T#-A?pB;2mg_Fj8(IZw3NA%_mb^w5ul>aTvI`QlHhzA@d>*dfuF`jnsR zl;dbUF}_WNLOs zX^Gn{-$UB;QuQEQZ#Iji3b(6_Z3kR<@7c<^jD^jAR)oiU5d!;rpwfHT-`Awy#+;(8 z43VXW5f*l<@=NB6oXI*1OZloJ~Uo>UFXcxkM*PDSa)t zmtR&ze6P<($xh)jA#&Oi6 z_qY6XnLjSd46tE*F?9XQ{SUG_53Z6;nv{uXH*lnT27Eas9%t@TBonCjY>AkNsgl|w zR3&WY9cD}pLkfT_wEEXeozxo{@LKHIZ3R`aA$f-gAIx9?KzZ8P0Z#oV#~X%A-y8=w zUWXl6P4i_m?R+@0m40V&+#jUFk&MMxZ zL&X0>)?3C^wXN~O2GSu&NtYr>N(l%^2}ldljdXXjkVd4XyFpqym$Zn4bT7KQ7QNm9 z`|NYiz3(SKZT;;v=a}Pp{zalZ82N4RuJ6M3wj7)GzCUAcF&F^MR#JuFz8(Pqk+t4SMNH@HXEP zRYSa>=c#QBbW3q^8@Zqm+|*pLSl8%p_+M_-n+j{WRuTeNn8evtnNN+YQu&v9eLr-qHZGzv0E25+~JHbM1CXiZ%5{eu?y6oA9 z*FLU<>)chBoeey55q}5Ml!%{RZLPls`dW!wqS9^vv37l7;@z0viDCVDl!SC+C9p?h za-J!D)s21_WINnujM9T10YZ=>p_b>0+HCRraKbbz+2#f+gqBP`n^iCXfW=Vxv7^f8 zQAjcWO^No6m=^)1wX$A!&D}6x&R1ti@=V^S6mENIgOM~J&l%Shr!l&Y=N@&zlaWv& z1Yey&YCn4*)d*r;XXL$y#3*+}pX{~j>RvK$Bvt}@@{jep*ltStfAD=za?4|NY1_q} zB7=<=q&eK6?{v&@YfMsu!1I>(w;x@ku3L$JQP^%^@ZsHe!rZzf@uf#=7f>&7mdRaU zfbUOxr=0q;pI2BUv`GESi;dxD!G{f%-4dJq{KK2XoUkLweKz-}S?`If$dx*30;zQ9 zq5f;nLImaFMN-JVB{b zoDc?O%KEl&*__e2`TkdhJWdo+ZyZ)(u!mzTG*}!Hzv-%znw$aCU+PHS`>o16&3h1Q zuzB1R=%$R?X%gV&SNE6ss!hCPv{ri^z30xYibk9F&gKo?d%-h147$IAR4$vo=5NQ# zpBnDEQ(NeB*`enybz6ub= z3N)e*E_9XUNwTy3a@L$mcC~XN)Jj_P;R4?^(9*`tcX~Alsu{6e36P6NUERw6mwXmL zlEwjYD9%dtW{uM(*QeK&c1KSZ4!Y9|{%7g<@IOmOqxLCQ z0ZAy-#5AfVma;WY8Y=3pO=etp5-xT9OgHd*szfwJ+MTQa2W3F&TMbs5kc3ow-1A0} z4Av`S=34#|712Ltf)pW0a)-PV-!d|3i!DYbz8OjW>FMEft7>tg=M=Ip%rEoyv91SB zsls^`U2*#pFR5Oi63VDR6bFg})zlvs?8$~CW_U&Nm!5j7_=}64=$s9Sun)t;z^Q0k zfsHwJ5-{lpA@A#1@pPrCtUMIkcB0tH^4SJ zzs2tg3KyL+trCGa6_${-BOCr2(_Nz+6A6S}cO;=~kY*8(&nBd}x74Z6uWgIJ@MTK^ zN|>q+tQaAzp~KQfe#?+@nzegf}JWyXLRD)v;)(>zi-; z9j=e$hIq5Rib*e923wUpqa!h<&Fq6DN zSq4?%eRUn=V8&Pfx4Y(ci$Hfu8EpUbaG33RajRoEqd`OT#p0x=4Vpx;mz;x&|3|5=C@S+0UUC9{Cz^|2Cuvyct+HSzlXibFno6enTv ztzicI|7L{U31yQU8?OxhvB;B02t4Ayxz-(W2wJJ)3^B^Y`|=~-unf9g6luW*Q#12k z4)Denmvy@%rC!sG;xs6n?povbJGN_2plQes}H`=&2O4|fJodle?Ng!)h zbyY_U@E+dbY&*DI=WM}WhNVLv|TrLm!#xnB{YiYR-$bVVqj>31jeFH z+N{K{qi&RwdZ#KsmlA73|8<`I&+KmIGYLi4p7g1fwV3}+&k_h9gNib($XjT>yjrP- zwJCLmGJMkbSif1W|Lcb=WdfzgE#CMV8UY+LPcZ1!^UkLeL8Q9X_v(_K-8kLzrYo;Y zKw$~pQoOHBM!$aq)WG^?8SMP^FcS>?Tm zJjobu6&Op5d>{^QsFV-*K1&a7jkZA9^6T&ELF7_cXXha_`|mx=FaDcaeL5nP8qF4( zrM<`*bn7q^)uQy5@cW;f~=; ztsSgWoUWiuk4WSoHLoj@AwK9CekB3PWmMdw5@Vv{iKqNJ55pXMdxEbhqIMLAQ8ZNz z;R|fmo2r0o=1GSV)>vKm9RK-SIJ?piZz#yj)UtM)zfR`C!+A_B%;andYa&a7UbC70 znDksy2=9J=DC}J}udmsNK#M(*rl1yZaNlvHGTTt%?(U)qsl51~#>vX@_?I2;n)AGB z=;}h%8&J6n9}2lHChu>f$Vcm(|0r>Ld3Cdr9>^hN6j2{Fpjz(MAS>qlktX#`O3b3QU15JKE@oo zWKRfl`lgB!L>4@#`1TaIo)3>BGFK?mp9jAF~`zCD7H<7^!l4cayv0YbU>=^272H_Z>O9oOph)I9%}Lp?A6@`Tn%qc)Qh+ z4O*J)hw$R59}h~sH($BhopW?7;wGzn?B5+8W@UkVsfv`0BXmd@4B`yGb)5OC^jOMi zC-m0|??8V1iEH%(Sr@XrWvY8X2|JKN@X`%(sroCLX`n(cUUD0cH1nS#l$gJuK$au5 z>m^Ho)}D^=wEvi@Zcv`?b=vWw-qr>Zv0TZnrmmk>SsGX>gAJ-Ut}r4w~NR9k&JM<~);d#-G+f(BF#JdE%<@I>MiT5tys<=tUZ{ z>e_s!Pp=LQ)}tY(NOE$*l-lQ078J%fH%^WzTK!-S-sSlJ6Y}wbJM}6xuY2>|<_@Z^ zLKy^5WN8KXHEL`yS@Mc$2M%q4ZS&ho#ovyPEnItZkEVH8s0BDS-NVpZj0J=&ZZo&+ zH_y#oJGI!(MMrQok~%_8MvEmEpQ{dz)KZ0EipaM9yxzMZZ9#NAD|c+a>=?Q^8<2Lh z-=MWU&t7Z&($^c{usN-F(|D3cPAVylb$hCs^uIn|+S1D&(C~d?qe~#oYm?HLrB!X| zcJSzuM+BS9)GjE6MqDC3#! zW>A1{U4m&x%mU;q+0t4<^?6J+=^CC%y>7gsYn1P(W+zhS3@0TGw3sEr)shGfQ| zNI-pI^zdlS8@0CS(83@jDnX^p{m8}FhTE$qH|&VDz2b`_vhDw zgNJ%&rB0)K%OuP&?aEc{q5TDu>|$RB*72r*D$I>eHws~<_|tQ$?-8CWBAvkkiBa!* zBeeGhXVm_|4imDpbrS^crilL>v8{cfx1u~pLD4p6>jbV&ySX{t^q~AZhjvZce8=H1 zMvgVF$rGMm7|Os`ozE*op}yvT_8b<7V@p)+dQ9;d68Sv-OCS7kGN&? zO&5=z(0%So3YVmXDkyPG3hd3?*KLM7y1M=qNYqsWIiuuP*C#?hYbhJ=t$GM~go@=l ztSaal9llGCWKJSdE~wJjDsUc(#-&E>GSygtFQBSf*uNN;T>ldv~ZP zuz8GfU4a8_Q=>0<U2}V3 zSa9#2ABL2euyQ_SppKsj;5os4#zT3DT&$yY(Xw@TRzEUyKUN+DLo82BD2!+v^^*hn zP<9uG(-fEi2&LFEKj^lTw6TSvbx^-5PEv!(uKv$)%Q!rnwg4vG;;ZYh)+3&O(;)s)%*K4Ul?J2(ee<0(!23|T zh(s)hiXrIzi{HC*I-u-p#QRWkh~pDGPdqR{NFptOR(>vBS zD@qeB41-e#Wy6^p7m9w{8F0KgYC+NvbIJryUKt^-1+EQ9aWY8m8eO@4) zNR3B*`KxgdEP`_sx_*BvJ}M9?=4j>_I__`}{l))Kmf#IQe+{g^tYm{K@j3hdE!HMhI#Z7)MT1V5hQ_ zZ;wR(PJb{GxW#i_Q=PF`HDuTj{aC)np);1wM`jAjq)}_j478f zm(c?kCv`kWPGSvh^$~xgAtKLW9X`@AmSfPzgf&ki8V7f|m2lpm_u&Z1x!Xmayw*f< zC?){6COpt4&B6&&gTft8gTjq(Thjam6yEIf|)6 zC%@nt*UtR1ayySGU#eLGj|;c_+JytSVVKM2Fs*vigW4{{6-=joA|S&*e&(OVCTE_v zVCZ$*n6#ayfAv{~q};QznH3)qFsSc%DH*YR`IVaaO+fV?$QB(@)T#~U#N6Nx<^+AC zKP!^RG-VSky-W2y-j)Ju9?zo+B9~kli$7Duk>y?VXV3F!l zI;8>5&Pl&P^&-yUM*!j9Wv1uM zJ}mc>iELQIM<6>gzxMdz?i39Hc@{Qwx2jSSHGjVL8svP3#~}>cf66nlAGY;7a7}W? zbqz|1jpn}30?8m1xIHQR4tlhXoL43#XGCgAd)JJB7SJC^K!(ZE&;G)@B1h8NAh}aW>1pUKH!fXpnHIjHrSTa4^KemN6JWx2oh+K7O+j>ybR__dQd> z5N^o(?HTHvaNAd)4kC2C2j?l0Q+_fGI&IPoq4ckbZE`URIdnF_%uAtsbI)Avnhuy! zJogL-YkajBu+8U*qCrTnm@{2q8JhEm4E@_>Jkj>faIpvU=l{Xr1w?@dFXWBfm=uzW z+^w9k4!efqZ&<(l75-Z%;2mf1eBq5k?u=}OVUS+MZnUm!-dAnG#w(W;Z2k)?Nm7Hb z=@QkngyL5(2?T4dWt8ms+N-^j!Tf{j#$Z;B12lJ%VDOQV`!}~DnD0S$&xQFr z=^3_jesmDyAQOj05GplnI{ub_(;sV-`&-q1@#J$@dCs9lpD+;iTJ$_7)H{(^Lk+woBeOA@b7^dvPoA44D)H*tRn@9kZw&t3u6dA6 zix+oWjrLrG{#KJKayOXnZ)cWtQ+nU$y4)eJl4Y=*MGlA~9I_BPoCPrItDy4VTrkflrcclU{m^e)5{nv^#NA0_xg4qnD(*QSQ5*P5K4Y!f6Y;_ z4yKNzCd}BevwD>}eq(-dI&(ekP?!*3N6I6U(K?bDJaIcO>Xix=&tZZ|W@TrkE##T7 z1V2$}qmPm%BPRvr-k=@49QRwN9`lf9kpF0C;mw4TLUs3A$bBj4C);&h5ai%@+h84L6~=U1ebsy;f5gch@$?N-VI+OT)8>|;!BIcu*Rf^Vn|tlg{h{#_ zi@GvympurSJ?OrnLFV7W-q;BF#$~0Z)zmd5s>4LvW2?b|MVhIpTMl5(2{dy^HlD^< zzwi=qy1;QJ*g|@ETp%Zx{tHyWcyFn`HF%r~vtjW4mele2^i~}yoY1_&p$RM2sLI%mS(1DYK|c^Dg7vBzuv&3(l;b; zD=C+vB=zD3gky)oFg0L&$(`@aa8WqkwHfCybvgVB0e^?k{b=Q~xAvN4z)IJm?fz}Y_m8vA^gM5N@p$_` zYth9=^>oRGqAxQ}zTN*4%7C_ibnu@@f;>7YlJn_gTe*}(P-hC#L^})PP22-SK-HM>G=?H(73TZrH(l72DuS z!===shPAfR%CbPk;eHG(?0v96a=||gW!t&!8hKGyi6Z+l%D)E z@c$s34mqrJd3#*L{dsK*b8=!N4$(kvti6^Fii6D-%wATtW{2)l3y{d9-f9SV?QUB{ zguMm-`khWje-lj2%6e&8ZPV6@mF1q7c{Yn^`*D>L%)0+0WcYZv|ADlimb zDF`O)xf2#(IbsH9{b_so$#>dNhg#GU2lq*Y0MQ!{gBRO0jt^pfQGRx$^&4}E#FGDK ztjH&=w|qD4glcmV0Gi6xz8j|+Ru{rfg*UPfL?Rs+i(LVX&=ZCrHZucn9_Ww!I;l9Y z<4I+vUS8+OFNBV=rij}-Ihl4&BQiU$8_KI+z}Ni_eg<&jcLQf&uRFTI z7)JyAN%V=^_M7xYE?w)R-j(kFiWwtMmh2TcwGh91-`?3gYt595eCK^Dwu!mI{<+N? zP?~ZtwCy(eLgXuzYKBC18qLnHG=3176|31%Ymyf^lJO$q!BQ_3YR%BsjF0|FDfgSN ztiNx|+@`~&jSc0V4!oVVayjA`Jo{9UDdc@snq$=OfiY^cy0z)pHI93YM!-xS6+_!- z`|9bGI17O-)p*5^Z3aB1Qqusg?Qa+`-SZ86O}tm(%DM9nw>-LlXeX2L%XbO02DC&G zvn0XUPiS*muKI)gv7UgK*`0dbC^@w0?1|IuvSx?|@DR?R&Iz>h#y+K_=aQ-UREq07 z(C-_!bC2~V(b1seu$-fdoIJO->w;liSQ0Sj$%}Tc9@Rz@{1984FeMl2JF@l#EuR~@ zv;rP+EvK3ro%r!dj9)1h3qEhgdE*s4v3!YuU+mF*Pv{i z&xePPBqzn>SsResFJa$bS8{(`j$3qAtI5$e|2o#7!@@_?sXOwboU5+5UVBZq6?^aM zFR%B~X~Ubkgy`OnxS`}PVK?-DAnRH~91_5aGvIVf?&a7QH#g|t1Aa@Zo#~v|>#OBK zuzrT!i$7u(F=NDgaYTy$%b(a(L0IPrt^PN;`*(9|+7kjFmf%)NVO+=g0$T8qi&r)E zywLpMcm2J*9B2Zk&hK0{dE6JZ7vFvIX|0{7=YIc&g#VVK?YpVzH3)z5T*lw~`XVar z=}XmODlnER$dzRe(JQ|ok1FWsC;x8`^8GO#YA?oaI#Q;w$*@rJ5TIx|`nhJS^|8t< zU{KbwDyLfRyj3aF{12`|HOC&Jy%15fbj`jnezo5m5{=xNvTdA2E<0A{e)>$M_L9*S zFwPLB;I<&vAYIuWRblHxsT|t3<@#%jo*&F*1k*T~)cV!4CsHOzY&jeNXYI>nf>wDu zlB~}gtMD-v7VAEGrcRN}&e3w;5Z>_TlD4z2^V>%NJL}x+_1xlb4g8iwQ$2^mK7Bd`h39@t6w|*VeVOwGbOS5Tk>}2vuQ6 zr?(;Iphqs6e{6vk?&J4^__vu7hn#pXvvfQQh^IX~_uT&)ZEtkp*vn7r%5?qnYRvRM zRi2mF%(K!WP)>SVbRW7030zFjG{c~4!NFUh70;b!F(-4dIlzpD( zMY)%UU%su7CO9gOaLgQI3dK?v`^(eBzvknnDU`?8b@`*4X&#?_XK;IG+Te|}(IaI; zjyI+zv!g!X3iIfSp@^TRj#OG$A4SdX){HafT89h_P`YKA{1X#~&*hvL_#?s{u zNPL|LM(FpkGYvqQW^4?-OV9MZFhILRYRVzIuIUd^M`{5{t-AXEGjqRfFJmYa2A81X{2!_OXKrnoW!ZJULe zuZi~8!j9h1T+|Qdcqn7?WIbOcqfLRj zBm_zHFT6>B^|P6%TkYFX!-IkamkK1%!7WZV!A06Ke^2*j z9XFHGf8IGtFLEAjted47Jq%PfcL~KVCcRMJ^rIsYfbJ6=U0tP zqfqZVxP(E`Ng88skY6phK(Dcw)Y#IGkL`FR(wPP@FjE!(oi*vxGV!SJV*jTh+K80k zH}X0AC)+ccLOm&7vM*v-`l`yrW8rTb+@!WNO)4i|FlT-AlcI=dbH5Sz>eMrO;{SbC zj#>as*vq*nB&;;)<`L+MqX<}Gt%D}uDZOZN!uc5&n`0tbwh)-yGolY&}z)VZ< zw;8egXDweEE<6lw^E|9jNokz%?m(OppD`um7c6;nKL@%)6_6IVM%j|0=@OS+?!DtU zUJ>h%A+0F`v0(2`UU|+po{E`*5_4SWUa%kdaGJyk$Z0$)sG4$!Gz4BafSSwu(PreE zrA{XN?qUuvuGaB5`8ZK!Mhlkje0jxJS|*@Nwgafa|}RgRkL^W7JmbBqJ6XmG8q^gHFTqGpAJXX# zZ2f;G%>QC$+|rg9k{xA}H6UY}c*^i~{SFZr-a7P1EH)v0My5E;@_9#UTP4zm&bkSF zqM)?Sei3w-`}kcA=(rCGl1gV3QqO?IwwHrU?l|yOWQyUuEoduE(UHO7w?Z&8Wx@Z< znQDLl2yDD`5O18;@n0RQwb9Gh;+`zF5{#_#hplG{cd4rdHaN_vsXzVqiKu6fbDSQ3 z-~ERZH>il3=0iBYu!MpCDdjLh|EjY(*T(`7@{S^&3!mpe zb6TD7q=qlPQp&=JaU$En@{=H74bU9CG0#1*DkduIKxWvg&1F=YfO@*eglFHhAPxA< zHN4U3!guN)o9yqJM91-x3MOnFpG{iaVb4B)HKo4&S3m0eRo+Mr_3z+E^72pZm$yOV zADPM6Pt}InY0Dx(UEHQw>*s92cfjdevnf7=M^z}C-Gus;)$boB9QO`he!?oS#v-gb zvE5}V0KcjPzc8pP@|_MU{ADf*fnFQ8M^cLdYTWGzAC}(0roG^V-*l-y^@Xyh2tf1&y>n2(W3e_+k$=>#5&rvZ8a$~RC`~Up8 zS7X`T1Rx=?QBvXkHSjbkD5@1I7xBazOKiQMu1EQPXr&=7?;i5rVIj~CI)%+LKluWb z2CK6`qTgfZrURCx?&_LodHsYTt9kr&cC{OY(c-nW@nH+GEA=m~S8Ms6ulG!V>#xL6 zG>Z7=^2pI$;oD)*JZ&A&ZOba@0$Mvmf~&Hc|F#Wbuf!{~>QCaE;2Rw(ZTcPY9P;Y+ zH-Z8Om4i?_DsYilTLq#J-XtH30A~EZ4m4g9=GKtfBqe097^uW+?1Vt3%eXAYfZ;TV z(izFj$j|Z`J~@69#!u;err#*UpPMz>Vw;xfOU2Ea&7e^nTKS9_W;l%YnAv(|m|-XA zEMcF$ilaUJ_vOf+ zX@xx?);s9QpgG!mjzv=QN~#38yAYptY*Z`Nk?KU>!gM_8rP|W=ncG@~WYHcV)y~Ud zyp0JzjIJ9&UEEHxAQhp9<5=rTy>+xr%!(D~^>i^7Z0XIAVUN4FAT9iwWw~ezEGo=J ztJRkknH9zFXtg#C64KC>OmBl7_0*hw0b|x-+R$SY+JFvQ+Q^M)9a}BQY>o8Bx?b=P z$&X4Ce7BW@I+eR8HsR9I3Zycc7CJ#rve98$Qdk-eB62BCL>Q*h(&QV$RsJ%adt5IIXrLG&n@(9J=%-u^uJJNhlkT0}Gm_|QvP`y(+JX%s{L zse`eNn$A|NiTWAa?90z+p?hjd_GKhOg+`dr1O<4*zH@RLJ;h6gsuwFo#i`nW8Wj6k zWZ}Mr@fZr~gqT^GDgbJJlocR9T#7*F55yOAB}DI)CQ2+I!Rwa7IcJ(myGV3-oCJ>D zRhsUDb@p$^rdlcT@59n`cANWY$T4b4AG#hRB)i*9`_AjsP>}x%xtRZF7N!TyY5!5N zJG1AS4S#UGIc;w$b0<>zAqXG(1OLnK@-}l2t5eDUu5jKyFT?f)ph$!Lr9-PS+x2%@z5UUMURx5HqX+Jd0wIX zyd3xtCHK*T{O%G(Y)Ga1@r7a(Sp{&rninn)!!#Te_|1BP|HlQUl-JCP9Sow)^4=WJ zKOCHyk#S%B!>fmVybEGBe{>HBfNE0k8Pkp|mZy*mD5FmgG*XE_844nrDtyL`+2-Y?E_zH*h# z-M77rm+baiHUJIv?`>0#$Aq_YE3pmQ*5`GV$v%Tt8I2&AiaXZT{+ko#l`}>rKJO2d zyJQ_|YoYqzxz?6VGT^|@8?=^tIpCj*VNETNB(t_wA}|07G+$jOK!jzr;2+2RhZ#x8NqX@f}MV-LYZ`L zP4)g&*~lJ+td;j%J!FwpA{zVW*P?Zp)1X`I{Y6;mLp;CrD{pDsoDn+g;`G$LOVW}$Dv3xrrFsJltr zi=hZo`ydy9>V;woP5ohJUc zxP$>{R{+ujpqq}}HgK1tbU7@zw6@!!e%5)3SW+4(<#6<=n^Xk}wW zuuOYo(D653|G<#n#@zWPjebEM;LJMtA02F01q#5)Q8!kfmG~(*Nn{C@kmNYDMf;86 zq|sU3`t3cA_o&AW6Jjpdx@pF3$doBB`N0GV>Qft=6S8NRx0O?m9{U|^n| ziug5O91Z!W8J9{zNJ5mXBDntJ%I&7_qd!H%=)=Swv?-_fe<7hzcciqOtVlfmllWQ> zos6~NM70>%jrZ7eMCnf}#QMulCqC#6!fB>=6V1v&7I(uZ)mq|Hmukm`^a)fl@-NclRmd zdn9qdk!PmbO9`io=+$Zm6}&tgxc6yOnK3qa@hF4_-}xdm=ogG2Q!w_~IH~~Pk^zw1R<+5%w3Fg>ai@qlfH%V|(6t4U$ zQhR~G$Jx}kg3B3JDG8TqBUki>wZDh)8T)gzIffF}We!vjpNrYJ2DU9Q(eIY;-IIA8 zeaz%`sqbUN3Q)XLwFydc^suEI4HN;?KRY-^`;T^DQA@F%3jdnc32?9o z91<23?#VMbbMlk~#_#cBamS#rn|N9NW`KP;uT_Jc_L@u_m$e2bE>u=%jg_`9KcNh? zCQSdsi1+5}&9jsCbtQi8UwgweDWgPB+Drpm{)u#JZqcIV-sIY;H1fM`u^oU1;7F%u z)GkD_OSEpM;tjB|Yl+RWf!jtndq+s%daj{%{uTjAlbZa3nnSe}en)LbP%JlS#69-c zG}i-u!y$BcCiN!bIZucC8z@H+f7RJl~b1M|<7jsv^v zKXoR~sJHO)XeB5y>9fQZ`PRvuYTPu^*MO`-RTb>7J*oY4j|vZJO$s%*`~KGRJuvu7=Q-DpZLZbc`Q$u^jQm2R*M68UH9&^Af07Nq6#P1M zX>SmcJwYwws6!(t@mdK zT-7_tw{=hsa`5=Pk!B?S2NJoW4i^8*E~*c9?`VWK&%Z`08`W(*Wu!5-i0;O>W@#8B zkARS(1HKW^{aNpK%;2Kl9W5PM5xeLrl%515o);=Uf!-Yka{ApWrp*YNAyIPi`^e~^ z?`{>5?8pQ_#+yMK(cSf}kXFn|Cj0aYuAiTYQ0i0mH?8iG{yK^dw-bbu0XAg>Xp=rm*1t1)QZ)gkEMWu7qh*Lb&$*v|x zLnN!jRgrDz&R0h3l{rgr=3Yn3(4tTkYb8x}u+c|{M*nYmtaI_ePjH15W21B+8|RqU zZG;rO4_2eSMHh+7c=P9#7>^Lb?x)M{*g;bZCHBMrURk?Nz6+Ffq6u7p? z%9KQlovQ>Ow6`E*GZOL|(&;dRxW?YqtDku|QUhr-6!{{%GYDbpwGL7GLU1DI48G>a zUTzNGixCpX#Ga^oFkdTd4b-LknVt=+}s8o8c0`-WGkuSvG0I4z)m(tSu^GHWw=;}M|CfW}g zQ*9|ZkDp32offg2ZB#zw}2$jno0mWx~+QEKjrln z3*lf~9N&=NRMJ$W*Hc-2`1#BA5Bg9?+f=F>oF=s7d7khiKqYfMUZ znNv@0d~4Ola7ZTwq`wxnY7NU4xyZTZdk;FJo*muJC`yY1oqz5^wMw_~Fhx>^OSvMK zWw5fckenAn!pc#eW03#u6bTaf$@N-&Cq8)L^t+weGuUxeYHyTu91 zbmD7E?p-(Ozlzp{8UfsO_x^W2EvRwV>CBjBHIW4A6#keCvU{v!`2|-w+y&&`z z@s|>Oc6*XA3@~ql=`(D?2m zL~b5lH^=e1Ayz3xr*-vqw^TQ7uc5qt?&S zHn(l|6!2eZdR1Son7&|2mtYEsWq(a?|7hXw<0rjK5~^Mo#y;9Rd)j@2t0mCd)%^=- z#(uxwy|v02Fl$hc6qU!m$H6+kK}&8^&Wvq3talDB%PKV=Lg|78o)&lcQ5rHcGTo{4nJZ?>oU5pQ|2YnhR| z9&!x!E-uWl&O)9uY1>K<_5%m(6i81FW#EWtCcX2^5O{Kzq@WC3JC$YZTunqeK;lKM zeKKR9#Li@uAhc)y@3hO$&06cAFi<|CB6u)$8OD!|Ecg16I~ELfSuqu)HoKrJrm;T| z(f+Q}YF=Th(C3iaf^w}x*BvVQ*jR__bJem~((eZyP;C@CArj~A3g5QxbD5(kDmAY^xEYn4Wd0iRYb)_jsvDt0m+n(PD`9?K&N2Y1k zc$77|jIsCta~qcQ7_0BNO7pt<#^%+W|4od(T3M=|WxBThTFX+VgjJdCAp4P^C$cwu zNM16cQZ70GBZv-L@RQmCLFTOk9!Sx|Z@3l1CPVmE(oKZGwk<)HbcWRUAU-)s zP}}Wj%%8Km|IJZoKgBUcH`KMle3a33BiD@$aznb`I+Xj#e;_#3**D|~ee2h!9GNz- zmfI(|b~3Kx2cRB!PQFAvg+zL|efVT#-dH=ZElLxyhU@;%mr(Te(|Q3C(Adp+$Hh0e z{UMJ&JCZCGEzB=`;>hKNw#!oR*z0*%6UCVJ?m!#3?*QfYzz63RRuJAkCc>$JOzJ4; zcM{KNDMXpl1-6xT2ua=6wfj47`ufdEGpTGP?mPmW+bY30p5RY(#sWrdTjjSXK%~r9_-->r_6*t9Tlw6 z|FmD`EQ7hg_iKx}tG+HHYYD_!(Vl#Yi+kK>iQ%$j7?~RPXgD&Q>Gixr{3U;`EZO|*a zGC>yj&Ja7PZslI;A7Su46m(`PDs;wqpRA~%*BxR?%4SU2A&_;-!h}fSn1nBRc)j+L zyi_XqC<@t%A*k3sKEj_&k*jH)c?L1DXtJ?nhk;=E?2I7%BAGwUPD3^2zRo%|)Rt=i@#Gj;g*7`afpvscC6?#CP?}IV*dT#W}ImGR|?- zZ*)ak-xx956mT+AR991+mIu{Sp8rKGP+Sc1+5AWwMBrW>tqn9rcpslWe(JhROS!TO zL0mSKdH_4}yp962z$vhhD-*L95i?Y}Rr ziD!)SQKLV2QF`JF8wF%ze$)1;BMlei=gCT^)tpQZo3x1vi1K;l8dYjMvF7X&+JFHc zaadi1tcBZ5d)j}Z^=3U+oIiFH-hcWO!moEFgmhs$_tcVww|-= zQeF>qn?vXK;HS})s3`0k^@HiDsBLcV$r9JbvX<1cGbFbM?4#971_unhKj&UEu^%OC zVd!3Q2~Et&u)lTK(RP@`xq$L0#SG8Fw@?JP?RKft;aIy4(8J4_Z0IRUH^Qr5^-WJV z<$h$hGK6DgX}o!8yAPi+ity-?6S+i4WQ;DLa*aA(DT?}6j=B4FQ`@I%j{W=zNIbkcQZ87J<4rPSfoAibUwR;U8DX?& zL9qyfY%5P9HxREcj}ZHAyMGcns6PbVV8w*8H2m^fAo5l`h6<`&_I;}~8E7DCp}M&d zTXHy9E+o)kh zkfI-d?_>G606w&@bvWu9h8^cK=1+`SPY)=bzf2@Wx)R7CNa#w8M`%t%^MBBU+qhTq z!-w|JB<}epzZwz}i}(w7Jth*`5t6EOIreB+X6T=FH9~ciTn!relul%bmDUN-kxf*7 zdD^ilycqL&F||+sH2c)hpio?YV=jIU#$qV=a()VWSp#(*Z$9mwIXIy3W=-FBsfD&{ zAAR4$mT;dKZ#aMpzkkS;W)WrFnz7Dm%Eo|eDkeTF8ji%QI)d-_L(oG$a~_LFdzGd6 zMn1?-pdFfc*dpXO?sc{K`2H``R!)che{PkQZ^u~{RsGze{Fhb6SVPPSK1)Ig_ka`d~_~1aHkb@@JPg>3U z8DY&sMYsZ`jTL5Xko#C;p1I-9jbeWJ zI@|C0y&r8xX_Hvon5)|b(vj*l3UTg^Mf6VPZXk?%>xnv`{W1_1fAp9{QS|OT&(Hkc zy?g%I0*k**c;Tl+fqvoJWUiH?>C*T1&ym>cE+IW!_?FJ%iWMp8xr6~;d#NKa8&2cv z6|Z?}bxz1!u1V8>)Y^QXap?A#z0^HnZC6a=60FS|JVaBE!M{oCB_QkLj8{vQS~^p@ z&xM=adF6p`Y_`DwkA^q@Y(5(6E7P7rxsabdw#jSSSnU=4L^UO379Nmeok;gY(jLpY zzmVYG{n0c+Jyn}X`|^<~qtd3szTJ~D53AQxl%=lMTQi!li#S`ceC^9OW8cL;U%iBi zSuvbuk+$dX;k7AOXdbueq)R>#jIY+kKeMu=uf)>j z7{)M7&en(0ow{wj;vh{#TIZH)H;Zd+!ZPl%CTWJ>6PFsEc3=44EK;D8ORZ+mP2*Nl z{%&F(=+U`!s;u2^ZcQ;+m_qDNd-u&A$LUTr@_fADQ7UaYu6e6Q>pBNy`-t)_T zp844l-RR*x#Y6=|x{>@>b>(CBdRapPRew`_5hgC&-$o~I-nMceE>ved5T~;XrnMU| zne!O9AdeeIKs#Gj+owc7`C+^JKODK)b?E-T*4{F%s&(xfB}G69DWyxgL%O?DO1cH5 zCP+*|K{}| zKHDf_HesvWcoj z^{WT1Mg>Y_h%%(jmGEY7P@H!c_v||@c2PdeET6`Hx!_U@+dG#Ic%Z!Y*63jPYo^^X zp3>wM@JSdPjR7Ba_uzZsruj2R?`wIOhzo-0t42R?nKv6j@7Ye>-0-%;-UZs)wEKEb zs`G^2b?ffwx^BSsGiQ(Ghr4=%H#*LKr{+DwgK8f%N&_G_=a|EKnq#bAT4N4ELLjjIK~oW?1x<`%D#s?&FUB_?+&wSoNU`n#yFOSJb| zD?P&1eM+>X05apu!7x-q*(bcVT>%;g!S~S)KBD#27)$9VZ1n~&F`tR@Yp-r3ww0>W zCAcjp3^uF&;O-FT8X?)#-;mt(C13(s7@SZ#yMLVVdRI#+HPO(K4Bq|n)HZv4W8l5R z>VA!U##JJnl-C)kl>n=*!xuE5cOJZvNQ*U0l%ZJ@V!v8#Q%277MHYA**6F+b`)#$~|YcKkjf**IZOE-cK7)OJy;R`S^?3(O0kVx@)%Q)Lq94^lPHL z)K*%2QFjNgx0Tv$v$xL^;U5Y%5zx()P#?|mw<*GLrC1b3#*}wYS%P6Uk0P~TH6#K| zXzAjvJ}J#3E~%hsT7-YIVa;0`C<`8p^%L_8LuWk{NaT*i#IhK&3W;y{-U*H?d^|(? zSeoc5Xx-~-A|B7Pj<0qj2xAhKDG7u(du+XX8Jvm@$2vra!2YpMMSf!LATf0zO#j*- zscy}LtQ!8f;d-dic{lWi8i7i>2$bpfhRG_qRAl0&;QL7W#7Ib11LGBq&X1(eu^w}C zOiOF}E(2m~tF}V>Y>)vwfgz7g+c_-qItwI}eXd-H%GO~olhdHr_0ja))l3fX z-+>Eh-n&Tw&seWC`t4&_PI&fhKg21Fcp^oh#X_8Q-?8cGJGA?_sUq^dMx@Q@K?af) zr!RvLjQFpIo5xt2vzj%igV(Xwc!&O7 zK{X4Z16KoIc%6y%KO6wKWRVl6z^xQ`?`Znm&0Ha+r3i*OH=Uc{-rpG)d&4fifSfKE z;(mz_0Ghi83{bwU}x0acZXPkw3GuQp2Lu zWg;EMB@Yf=ty!3Pq_rJLkr8&Z9HO4)PY95!N|7bKJ@=f8F@rNRNE-SK2Km-X?N*Uf z)DnUXxKNhxc*|zLM3=ZghsYdnM zC)zz__8K5ct>Ht^Y-@1lg=~^I@7CP3)F`zuS4&8n3y#m1j|osm59WR&k!wGl%5bp& z#a-oI#WCzy$dne_oLKK%k<#d1M1w#h23KX^i=)PY8P}sNjSHl$!5L6p-AUxl{Pn8D z-16?#DJPi~ct@ooop5Q-C;A=(1T31V%|dgIiZ3sVfUlwgiJ%ba#o=uKR5&=RrY>CY zbw`cFUI`4Sk@h{WAv&SY!;S9_f7pU+!3*GLwz;_7uaeo-=<=v`MNbB)I)Y6V*hD_i zyxMD=s~}i&+^s)Sgd{c|G+q_M)a`w}5Ooxo1`i7CnlXC>UL;#wSM61n5?(m$D9tKw zpfu~qe|sial#OoAfYBKnYx+n0Pm<%2hGoOjJ`I*4Y- zZiBiXkQnPVw`V8mN4tyN~ zvOV)yOF1zcXxMQjyC0DZZ(DT^LKgP4d9ZtJ;P4Rfx+oJ=l0+h5{j#yL?6?r$vC5tZ zlB(f4DED{xxN!@^gk>cnFAeDIHQ;;rkGO*~(k@T_8!A`-^b2u_)W zy_y0VY3q`Yh?V7F;0P6b7)vBhR_?tFtF-!@JOQ}$7kR0d z_Rj4%#m;L3uWv>wJ zw15LpkY5asx@}8Wvzn$leTPiVzzmGhEWK+nMw@Md#r%~ghT-T~VNuXDOUa}VclMZY z(@9`n-jV$(Z8w|C;Ye6OxBBFf^9iJJsIk<+{RKqSdV@d&Z=fav{cA_^MXT55K;wSh z^g(A_Ba;Y=&`^$A5NG|Cb%KX`w^B`p#U+LFW%eAtAW<1d!x};A!nCcY56J6!8G|8e zmzy1atj}I=b~F_Es$Bq^H?mJerYZyFN-G5`C^m}(k-gF8L=N(GuVhub`sC@vEVa$0 z9Ha=(BMQ8BV;dz7{{my6>k->b3sQ64drJpWPC~_ui^K)VmjP7fS^xODTs_B!{+z)1WtJ zjRyPO?5TFl4d;lv)J#{f5ImCTDW$?+J@4F1SBZffHZZ9~EK%`VZZB0_M1CL3~PEyRb6Mg@n}UL3^3jwK9ik$Ai1_^RlVT=(y( zcG8f~VttLe4vk?SyfD96?K%4*^y8)>#)?qSt~2#CqRy^;WV&YVOvm}U{bq`2?y#uD z1#Y_F4H_=;0KQ#|iiC{QOiMo)M2! z*NN9&D=9xu4D5wmC%v3L&h6(IWrehlujQIX7>8xM5xj*_h+0ePH@7j?v{|>d)OmK? zsIxUz>=^?-jPe>5fYf-+7kxeVfU10>u@pekyM?a_?D6d8c%A3eLv*|vH0wHC3PrX? z`@^q?cUN3B`Sa%Z+r-~-PYLq~3Lc^_^V*}NpclWlEDP9r3j=ygE}nc45hqj@*vSZ` z3H&6AgX=zhi%UicLgM#%RZyZ0z6CToVjp7Fa#u%B1ZrG~2nw0ulAtfRUp_Smpzig( zIIcGty=(y)$x&_ zyIX24*}Lyi&*WW?2yxYS6M4<6I&XG-@x!4?Yji}9*UMXdYw?sm0KHFn=f-Rdv59BC z!3~BacX5c>L)m3{dcSndC2E1nnnYNFqJId~zN#@dB^xDx1 zf4&!aWhBniwGHCE0ZtQsOw0p8_u8PpoM3JIF1+wCrrTJ>swIMe4#ihOPyJr8yhen& zZkh$aYWmhX-qy&Juv|P@m(zGl=A;2LT7KE-rTDg>JfU2I0fL-*HMUFQel7GSeCsPZ z|6=;!8}#ZM_*RtgYun0c*SXG_pU(PAMfGPtcYRV_yjX~m${Q4=57~SvS4wod@MVr_ z@2kp>_W{UjNmn9#ggzn2_(Um@@z|gF>biff@p5hMgmGc0Nyj$gWcx?|ivW)yx9O#? zZ2}9(N_Gb4r=4|Df`=-*>A_4W^!&RG5Pir{`0Q>`-H8t5E2Lp?#;*0Jk=dvI6s1J% z9--Ja#agEVeI!VQjR z7>hHl{U4O6wL6ZQaTY2u7R2m4PY6>mvM>%QM4^m!bV!ie?ed*`XH?MBrlSX?rpV)6 z9Tsw}WMZBEkIzyR_?g0wO1ae23tJvyL>y#4-~MQ}>Z7Tsk;!GzRLj8^bbpnlKJe`x z0z!Oi-rxnk^QK6+Lk`JN=zxdL4ZMc)ir}UF?x+MhsB>+wdg;d;ALSe7!!W^14d+Ye zFLg^V=3<A%0Rmt~rUaDqk@Zw@X?|2_0*?y0D zI`75oQkala9q5a^m&Kb?MT$5BPc-SqNS@=WGZku`OG4URXs2*Zj-(jw0&7gkr!&is3QoiJo=F+mDg-yx?)@}x; z_hYAWm@Lf5Xs~5eoTc#3vwel#^`k>H%{i%qC+jDzypErTU-ClsgNYXeA!OkPrAm!+ zIdxJ(%cz%2e6^`rdxFkiyxf1xki2o8g|I@nNId+76!(YUTYHH{C(=$c;EdL-h)Rk_ z2J2!lC~)xTlV-bGUW?)WOc==S$GvFPa~I2cd7zasZbE#a1&K#LlZSj~K81rkNj-Q% zh7TGPfK;Q;xtG^%?bcmRJbHc2pMWdB@DN8HBQWD(^wRZ^3(Z8J+P=F>R|ILxd!}<46vUu*5AsxCR>h?EFY;+ z9jG&;aSxi-L4MD?cOXAAsU{f7zY5OY4fBCbXvludcAI0$u~<|b$P-pm&7*KXtnAGJ}8j z)ik+OCJ_hbC&SG_D%SjF;p!{Q!BEZgj6xB69?A#W?bE`MA89FRoqK&l0w}patjbPD z6KeJMv*ASYol`eJfryqqFW7OWqZTHA8;DaC;@fX8l5}(VaApH=nBs6UiYn;vJY?1;^hQS^G5J3fYNANzY zY$mI|*76!`S7|>jLvyznrV`hg&go*iofjvHMq}l4O(*5og3^|xiR6Tm>Kfl@ zbnd%J|D{q^INKY&RGAF-Xz2{OqDfVu#JQcX3pYRC7DJd4XZgML#fA| zU$6ZT8ABFllf(Sp*cCqk-i;-{ZimNFOY#C2xU^9@2MbD=YMv}uJMxif245t?)#a^` zCO5aq@gW%@Ve*FVlMgQQD=avfvHBw%rrdKrAXGlBiyUZn@WlS?0Vy|~v#8wjRG%u0 zg(QmhuH_vwDQ{HAK@OZ1xn%GeVPSc~nFDH4Wv{d`h??8SzgYbuhD}oO^MX>nJ0g!8Vw)Sl@&lDhJV1)pMX+A< zTe$FIlME5L9D5^ZiB<8DAbTLs(YRZNAqqjU1wZ2pMa+nOFSf#(#pv=BJQTz|g4pK1GG!6@aatXe^(3k??;HFJ)zQ{Wn*7c-6sVx|(GLOg zt!R{U?6{5RT1M!tWaE!9AY_tXEwI9SU-D{cJO{E98G*Q2QfZ=$fVSR=_3S(WyvcJ@ zCA+FOX!RdYWFxNELAhfE#wgzL!K*B)w)d6*>ok&d#^`gmq1L%dMFI&CaLE^f1<>2Q zRZfS?YP;@V?D!9dRO)3LEs4WB6bbaN9Qk-b3O$D?2b(UG6$&bsg%+befHC@v03ER@ zWOZQpF**m?|jqTe(emJE}-iz2d$-r7j&(7QXu6XLI%{BR`%P9Cw5k zmxBazfwVsROb~cDwOvtUl4RQFD?3`?i}rYvOulC+uxUa&gbci4oG3xUUhTwvgCp-h zy=L{tqS3k7mGXAchj?hbI8qZVc4GkNlvHXz!FWklZs3+efn}nIE>@&6AwuPErg`|D$R4YbQ3$E;_!n>Z*Ma-9G35AcRlO`j0t#XVH{MQ$V*OL!Ugu8IJ^9D%L zrG)Ft_=2qhuuS%34h$G%S9214sz>0k^x9Lbobcf5l;D<$-k999r+0AU{Di#UTg2&x__K`W;0G8`jKaYlPbq4dOQp1GajIs3W+z3% zPJkAjTGx>JYeZU&mtk#mCtwt4xOD^5X#4}PRQSl#bNSJcC)q{5M#t+RMr!J!79Ln0n7i7TeI>!voTESp2Hf4h2O3V^Fua6)NBWt=Xv zjA2vttg4qx*Tnx*rTM8>v_30d`G?5&B`*%NSlQ8ZNyXZvQ!&C{luU$+tZE+wifW8k zVQg;gynoBp$*V<^!a%S^4P#G|pSvfr*piqMhl-?YQWm*^{#nYJp*F1a)Dh)DgXV0} z{Yh_uu`|b@g@N?zfZFFL(bPK(BL$g_rS~SDD(0Z232C4&9#PJ{tcsjO&qD15l}!Ln zJ|pm8mzQs{KL`@B3rMAahD0{M6}v7bpvf$dKt>aq9N! z*7@HtYvJnymAF0Ixr4M}o1`PH0u7V8!n0cL85uu+(5s~-t8+uY=lnjO+LAt>VDv>1 zmt;q9yRot@3TA!_RK@1S?5nmz`<{Q_J1&o;t*>buUF}EPRmMR{l5NXrOL7_?xYTwU z^W86#41Y$kYi#j4yUAvgN7{nrV0eJ+h0=7C9Ug3=QjX=&4(z+>xp}4(coZ+qc9cw^ z-ZPbolbOLtkJPcR7usceewmHEo;n_?@XJxq*)vSLZTV6Ib8LCB2D$UEGFMHo$h(e9sIwA0E6juxv%Zd^@ldPuy3 zzXVKg>V3hqmXl5tY{2p!^w+$9jwwyZjrr?t&u==K#*)TuaBNRSVTC;Nj4OZ5uk#a$ zEg73T?B+YcVmF)89ObTvh+=iHV|QoziW9HW zJ&CN3%iphPx-b>lYk-%i&jfQR>+lvN{n;{T5#!Y#PJFRX$#q13&5^@myIxK}gQp(R zm(zzkd5sX10H>zd9q}U9@FXIe9TDab;A^?giGb&0Vss%$V4Vd(SEZFYjk?pZ6OAhK_O8V4JjLyRm?&InN7xH1;!)d%%ai z$+o2jMFZY_`rA>wYz-n2y!koC-%_jmUwI6ZBoRpHQ6g@H3;OFc&}Ea>gi(SX z=W+QQ7_<0j2 zF?46RNRzm-;w_gt21Ug?AVvxTNWSr=DRgp*AZ8=_7MIH`vD~PL z@PAU0jzdiIjXo>RS=*N*xA&JrkHfl|peFs}b1de1w<=Y8C2yj>b?oS?W&s$LK=co7 zp({A~F;`i9e$*6x-%@SRo)LB8BT9T~G)Dg_Is3AT?U+JSDa~@Hjs$tJvUab0DuLt( zjQHMc54-9aJv=$1>50>-jB;|Oof~joLM<9wUV^?*F$=)g^QR+>W2oTrkr@~^=O{Rq zqj5kUaK)IOKYW91;xpn`5BU6HpAEc-&&lOs1qXek;B(%Ws4e(F`A@jf68%rPdI9_yb`w#op zk6_=jvf0aZEh|@)iR-U}Rt27mdp_`yvyA^SB!JRyCH3EC1Bse;MSF{_DYh!_&6qbmE6%{Qht71#rO95~6@wB>A_P5Hjw@ zKdIL!rXcn3^Y}0%xp-me-=;r~LMejLml;$@TBM2)xRlv38+KL;O3#+f-xm+F&VB>fd>^HbnUX6o&FUhLxyI-3+7Vg;0fSNQIg_%0=3-*_U5-d@85qcKh3c+i zd#_lA8E`bkwIDa?hQJF7KzC7%K1TkT_kgLek}&RWpzULyK}>oOaVWI|mQf@K6_$2f zq!Z+qIEe5_DBMtTQMiZNP(NRb*hYRcG5~ucuJT*UFjZOPs?-mVy&gZla6ARi*`&KM;i77)d-m}I}d_2fUSI!1fd-Hef5CH zIZ^+X#K^Qew}j;~khBeL6_g_l$HT##ZPDtF*7YM#eARH#82nH^r)DApRU}X%OYgP8H)dMnkRtJ`Uvu`aoE^w?N>mdZhQURI1o#eH=B6K3xv~4{q#_Z=P@G zX*jd?R!5g?d#8^<=b6g)Gi{udBfiE)MD3fxIIiPXOl4c%pr|A937!erQMlyvfw2x+C4yShrQgW~{qofR zpt)iQR11g2g*o5(N?d`v{Orkd291l9=4l+t!6-O0Y*Os~E6yBJ9!hAr7JJ>*NS_J) zD`!bxzxt?GZ$GetQGx%x_)@jcg<&j(+E`%lUa#aL6u07dgMQ%_J+a5Ib~`eSZ2z|t z(tMyE0-#ptPpr4MstbGZd)d=+yo>4;)2AR%$ee>t+Duh@j+)_b+4Yj-8pFfe6m4OP z{5Aql-aKK+(>U$~N{36`b;}y%F@2siV6*;=Cj6^h?8@57y^F%w6BCtRste1DgfQaR zrUvMJ0HSNi;G3Z;`L}?eT7N=h9j0R1YmamXSg?``Y+V|{2hp^E4BAuy_%t#wWA39PQIJ2XH`OeK*YF@41+eIfal%CSrb- z{DS3BS>4EX4kA;JJJxhU6R)rso}eF8n}RQE)6_a#iCOl<{+7nkxU5k$=#YYz|&19wtlIRW%~Zd$D>-og0KS`sgi; z)QBN!V3(a`x^CvotJm9)cHC9~Hku_fr#v~OPt~DoX&f0S1$e9`;{ z2is4bmu$^lv*>CFi%{ovf3ck_C()EW3c?l2yX^2a=to9d`T8v+F0u@Zku5iMr#KE8jjSrkV zl^fhDPUl#Ig(<*fHN0)1W)QAGh^h>b7g*k#v4}8?wduXOq^6q@Bj~5?BRJo_2L&%z zFp7aTc2H0Pxf-ueeN}hdKk#b@%XjCBI)Sr|fOMyWC%n>%v#NJ^0&ySt&y5EvdN>T< zBeMnUES>;jLk+3nEpCVuEzU7TMD@N5ZGk8Y4i?)M+1#Tly6_9Br8H%v7abAxcBx|# z3^82yjqg%cXBXDmO}Oq9L#`b{7v>$KE+9UgJkOP!qYt@rlSq95^|gD$IUV(Wk?=tS z3(Z=~p*yG0i(6hUmDS%fj_zGN2N;G{$4Qpv^0)_kD){z2{<@z;hkTerH+_wl%K-KD zXeyg!t`EgPKvDpjULK@S!oYDTq=24*tGEddkFy9{LXUt!w*PYCak$<@(44YJF!Wk} z`-D&@$${u+WmDnA)H_r0olBN1jPTp2(ewZ?-n$%C=ee&wHTQ)ljE!ru5)J$F-ea6c0@x zn5GYAy_lQRAZoDZvpIlV?Zl6jD`HQ|+n}loA8M6S+?%5ZE`RJYVv@O`@q-Loj!hTm zChy-W+Rllsm)&YVV3chebG!j~w!a}xZ33;DqSyGMqzFXZHsbsPfkqsyz8XD$!CF^n zO$#xDt<|$CxnJtUjnqrbx6>sb?-zDmVYIxbZ-bhIm|f_F>sT&;^zvTOG?%NwTqG7X zQVmBQUJ`qswj>tf9&XRC-EoKmXs;!-C>)50VWA3mke4gsN8o2m>W>?p$|PolXV(gO0_xE<+o7e?Y9*a`VV zp!7UWqj8^&o@{PNlAn5tCvq{a%;wJ{sB@V4g$Ps54235l|MTCwX=K5%@(PK{MUUA} z7oS^l4Y(Hm@`!yhDqY188Ob|3#e5Z`$-lvVMBv4bUJ0;Zeyg;Jl;~nVRkzESP#H`zHeWElc5^qbsjz>rsaXGkU`)>D+Rc%@slb9h@|qHa z0Uc;a^e`$1u5?k=rS+nfhx||>=A+U_bxfVw3gl)neXv<2^i93SXvW@eN|Ekie_ovs z;V+JDP}5o|4B!xYk^eJH_u@t37%<*^{&@Jll60p2~k03`JN8k*xwv{P7Qe2wXTIdag0ukNhab7O>M${g&$7WFktk5 z_md)d-WRKC{fvwc=d6x;gH9*vHMTb2T^F#{wC%rW;;MKuRh;ONh(iQwY^k)JC(fl$=$2PNZbrDG~M@;f2Q~+OdKb4o<|kB`f8V8z7@EWlytZ^V#wsaqL@-@ z^*-`sGEpy+{$3^7?ZxmtyIu)m^DZ#4?^Ouz04!GNt#ZC{4zzN$Hd%ctwM4dRgM%KzJdNtA2Dsx- zVk9%eRKy+FTPD`uh!){OxDel{4T|vk1b%#j)`CXvh`+%1rQ0>3Wvj;+4H<9{cNcj+ z?K?j&WD!!L{U;^Q7&fo0H+X$2;E3Z(9%h~(S2&Pqf0_3-Az;Y(S^%ZI0{b77y!j#- zNrfq|B&qE{NjQinf$oM_Som|dnK?Hh(@6W*Y0`e9Jm7NgKw6-XL= zpV? z$E_7lhOK`-8|t5K691R{Bkzco2*|qhOKcu}F3aJ6X%YV<_q^3fVU_f$OFO_2zESKl z7r(G;hlPA@N2Z#B-Asu>x`F# zR5pmGEESDrzgci8Gv$(Y|4=)%l2K7J?3q(b^PUs~I=*kaWZQ!8*|4`%Dq&YaQZ2_Z zY~TL&i!FYv9Xe{_5)X8Dc8(p3;FN9R6i!B_6H`g32vBJN53)SbF`N$2K2`sg(){1o^P#-*Khuzp7KqIgdq6{n z(@l|sohtYgLKDipBF3bgw%!bQN}{DQ+P9|C`zqR?)Sn@4%H7bY>*q5V*aWIUp5H+T z+JZTR%#srr-}&at=N_k_fxE&1?{nfN!@c)p7^A&QLO$Ak45=3hqdtOK4CARoR!4mb1=lJHxTHRB5_r<@*h(zCtJu>) zm;B1LB&}2hHAn=?15Ekvf`4*d!FPBeCbV*8Sb$QDXTUqedH}T+?#9|z@5x|~X`?b@ zJCM29X6{T@dvUcl_>*&Nzx+AHI?9Rq8u}0gss1q!hDGme)MBGnbe|F@l6?*$Rc(;K z*d`Oz9$b;?N!v7+S#j)@Gl0OGgi}i>?6MSmTOv&X!v1q=;-Y`aaFl{qGfVQNJA0vIN=9Q)EF4L+n zFL6nx{SgZeJ2coecM$@Ol+8z!9^05GJ1>U%=IXn%i*ms`RAvfw6N>+KlH5~z)>kpU zg8p#wdygI-rufO;6mPiFZKLed4T!j=&|rgEI);G~o2<|xkIvr`k(P0{RLUd3Op4$T zQ%#WDriqHxB;8aK&U`>5sjOgVq;f-CW|Y*mQ69I2#T_)gogymnrEf_7)=hf))@>~1 zU)-c^jEWPS6KeH7N!dp&HtiN`(<)T zJPX`4l(}+PyFB-U7Owdg*7cQTLy@vgNN=HH+Ti}e?D6)8%YBg4sCSW$kjq^5rS`jW-s zhs$l~M{7rTQ_9sAbtl0}+~IG6?}=mN2cEcHX(c?NQ|(h zm_I@DgBU?9iYGWP_R_2k$6M_JIPbN2{E9--6w5-^Oz0(`IX>^LnRKA9$g-~VL##^h zmzP9agd!;Ib<8umIksCPBFc7WB>}PvVF#_*t@T>5gdYnaq(H74+yYqRbHHu?q8)gQ zDiJG?8u3SX?Ych56MmPDWPm?L-v;OE>*B;e{Nox_?0aLba7h1G82@6$MLT311pLcz04HF4_FXKJu#lBxFf&7{09sFTi)eG+>vj+ za25OPGumsh-|;<_zRS;7S&JzMd~rjxG#5T#nDj>^5%a?THwBp;*+%@Dr& zlj6IFO60(#k;pj(jeouPK&oE=JlUVmSQ|BkwSZcVbvYa9u&8;X-{JN8016X%AKE2Ew7zL)CJI5{&? zfzL^HrE-37Y&nQkI=kv1to}Cmb%0^f2|&)kSC5yGG>&C7`2^oZs1m(K#|1y;WGMx< zxNtWqfsM^y(B&dnrD_T#ulkziM;M8b?e_RH7Vis6QfRbM>=FmQR zfAE*7lrP`ulO<1@xgPgK9g?_k6_l+7C!}A|l50ot2=Q2!FPuE`+C9{TocPvJswF!9 z4Pkd-$eJG@zy$Vdhk<~%KBrla9|`-qC91^>+!nRbOG5gJzHjDN0Qm zPX?1f;bw!cJ|suS9si`1ss-WFW=_W0xHaI5zXxX6GpK3JCB zv)gs`aQ6f>4>*TLQzQ?vtgi>`fVtiMYnDMF%phJdi_~@gKDIF&%~2OjR#R|LOR z*OJhQpG#Ta2v?vV@bF>(2At7K-)8#On!QcSy-P5lhKpLzKk)P9&m&4|DfT&F>3;4aFfTuq^Qcj zL*tLFVwEI!tmzr5fvP8Tn}7(s7{)Vv{@x`z{ac`6#}KL|;3Bn*v8I>t2e!L)^|@4W z5SkyZonlbTl?Qe{`P;2t;*G)?AwbB>aABsFKBpLbC;7humm1L_JB+5x)q#0$?||5l zm8TyB%R8*q%~PrxaYEEwnrH@LNJdns+?S;%%J&X#Fk5k`_Mvp9I8HZs0#9 zAW>!vBu23Vg&Io$b}4*UgwNdqs%Mq9l=EZdG0^H+!)^5p9s?(Z8s!$b5(i;Z9!Rn# zLR0+dFeBqoZ}M-c?S$h9X4$wPA)`=F%78Ve+hS$xc7I`nwb#T6*C>G#(ZB8+LeW@j zw9)_7V`_(UhShU~FmkTC9OWTK5RmqIN`Vd`L-)^xQF7>0duiW7gZnDq6@`8v$py5v z4q&8wg9X+I`30tq#0%FZ4JV}up=UCvNnzfVk!)hpm3W~mgn3V`x3Jlct#|aR6k}o_z7IZ`O-{{%dZY}%ZN8OSP&0u6Jc033 z#WMeUxuKd&pfCm9Cb0vhWleqdDI~B5aa%wFaog{aI0|65WV;~6iYNteuGQUX~w7~)T+)Y5&+ESe)7*{Gx_(CT#d6SG?4g-oqB#0 zodT%NOfLbt8_q&e$4vI`Hi{yEW zQHFR_@XJ85GyiQM>E!_i5_{OsyKS~dgZ#yHV?2E&+rH_Qz#@5NNyn9nw#gntV++VW z^rGB!V>W~E0MZOwW$;v9;Gf%RKwC^Ow-(Zx^5@1-_7z=ahg`r4{vCfSp=#& z4fLde2IUZ4TmZO4e_*dBYA+OY<|4&BP-U2nLJ)qN-3=Nr9|W4xDV~Aq4>_Kf%5h0& zX#p`0)I%cl#_iY`pyE%;_*+~0mWwMFWe9o!ZzLj;mK+^GS3>~^nG~6j$RDflH)ySO z!amLex#y+NJ{TdkG`=I_U%th2nF++>@2pq;)ED6aRU>&=5I*8sNuh+6X`8>_imj*i z=)O;2u5fZztq-*&LgA*)X|X@wo^G=>u=Vc&h!Ep1rDe5enm#8`;cRlfoc9_g_X|*> z1yxm7dxa~_^MK0yr$rG5iKQ)2V3zk<+W?(~U7UxLG6q`i&|Ml;XEBqJuisbuE60tRc*mcXhviTc_$hwIbCB2z%5Fo z`n*|uoc?9}9_3L~pHb%QgAOkoaQ>K{{4ApG)18+Z+PT{1#RLq%W`BQpSQakg(JWs5 zIMh+I=%xcR-ye%p0Zx}7J7Z5o7~z4I(Rd!_@n1dCXN(*LO2vy~2hz5D24jj*4 zhyaK7P?SPLf^U~%xQy`$&(i*eV1MgTYsu1I6VRCuYX}3k9*)RP<`cYky9LIGL+;ZD zZpusGw*<|$-A_9ITMl9#^u*~Pi);3s&Li7p$)9Zr*fSjmo0CERY9vwGFcd3)=2zMX zTj(~#E=RuVUSm-|_j(EvrUjg&vN$og^6c;M@Ie|!Tcjxzy|c814jSSKsf=T8Qbku; z7FjCW}5`!LHI1`BG&#YQ=E+Z zA-#FWJ5gt@0#PDMVK6zXiGc%fjMBfapS6PcGp2Kx>Kb|pCF7^m02lu_yaSxO^0)SxEy{LwijU(x zEan};_eA3B94(;M<$v1(q0@*<&B1y$@GAl#iFsDA^2bnm=J~&%SKC2=Zfdjj{6A9s zzcxXZ+1LruUe`&F39E&Vp8dT;-P_i9h>A!sPDz|Kf3}YT-3k5+!!*vh4G|5fsMLyM zsIWqoJ++=v?26svCFa(52hrUgngZ;Bn1qaXRP_G?#rhJHrL8j z+_{G4pEl7aIOBby=W!qr@gm{XjrBIom0eo4EJClDb)nyGbI+MVU`tagg9PVj7Ioqr zm~s`VPd}s{Ui9ghoAI`i##${hJ-fz=*-Z;w#a?~r@dkdy8zr({z_%D^#3E*23gFPi z31n`_!v++J*IUj%qtLw&Hv-=TW^1^s8e|OKHV<#NLF(M~9@yrFxH>Us7P=u?S7qk< z%c!V_2jbi&_yQYuiy%PFSdN*L!G{%^;2Uwb;ltmy8D1^g*W4~MF2r~X!hB_Go|jzq zgSM#a-5y&GQ=y^X=3$e6B~G{yogUfAwofw#R>J?Fm_YwM~S(`IwGfYWU@fcQFUY&UK8HQEuik}+GtJ%;ald7rdf?Ied< zsQ2*~{*mHKLC>}ME5-K{u*|~$0SyJ91?o3xDZL}HbB-X>|F8@~?a|B~TSmz@BxV%b z?La2f46J?O{1otY0j$DSdY9|?rHp--`E6e^yn=vVICem6sdX7dUybBuG1&(ISZvm&HTG zQ>vwGdFZV3yDef2(J@z!y`Tl7b*WnfNC${NLl~noq+)d zvQUOYz+(u1aEAH$XKK*&f}c zn7FAx8Pn=eyF1?$jeWpz?jpr$q;&=Xsb(ZTIHx)lO;#~HW}NP- z7W38}_`J$hQs602H^n!xrwh5-Q<{T3cK+d!%IB%X@8sAcFwdI0s%Un7PSZ_InN{QB zR1pbX!G)%GXVY<%cnqsoeZF6H6aT-jZW@8KaEaMb@-_|`*m(F|zc +## Description +This deployment is running in single-server mode. It also may be updated to run in +cluster mode, however, there are many additional considerations for cluster mode. That +includes the need to run multiple nodes, a different data storage medium (Preventing +easily swapping from single -> cluster) + +## Screenshots of the tool + +Default grafana dashboards: + +![Default grafana dashboards](./grafana-dashboards.png) + +
    + +Cluster resource utilization: + +![Cluster resource utilization](./cluster-resource-utilization.png) + +
    + +Victoria metrics UI to explore prometheus metrics: + +![Victoria metrics UI to explore prometheus metrics](./victoria-metrics-ui.png) + +
    + +## Creating a custom service scrape +When adding more services to the k8s cluster you will want to determine if the service +supports prometheus metric collection. If it does you will want to add a scrape config +that instructs VM to collect metric data from it. For example this terraform config is +used within the trivy operator to export metric data: + +``` +resource "kubernetes_manifest" "vmservicescrape" { + manifest = { + apiVersion = "operator.victoriametrics.com/v1beta1" + kind = "VMServiceScrape" + metadata = { + name = "trivy-vmservicescrape" + namespace = kubernetes_namespace.trivy-system.metadata[0].name + } + spec = { + endpoints = [ + { + port = "metrics" + } + ] + selector = { + matchLabels = { + "app.kubernetes.io/name" = "trivy-operator" + } + } + } + } +} +``` + +## Adding more grafana dashboards from grafana.com +Within the `values.yaml` define within the templates file you may add the ID of +additional dashboard you'd like to install with the grafana deployment. Add it to +`grafana.dashboards.default`. +## Accessing the grafana dashboards +Access to the dashboards is only currently supported by setting up a port-forward +through kubectl commands. Find the `grafana` pod running in the `victoria-metrics` +namespace and start a port-forward session. The default admin password is stored as a +secret named `victoria-metrics-k8s-stack-grafana`. -TO IMPLEMENT: -- \ No newline at end of file +### Future work +- Update the module to allow passing in additional dashboards as a variable. +- Update the module and `values.yaml` to allow creating dashboards via json configuration. +- Implementing a backup mechanism or move to a managed instance of the time series database. +- User accounts for access to resources +- Integration with a secret storage backend (Like vault) to handle rotating secrets \ No newline at end of file diff --git a/modules/victoria-metrics/cluster-resource-utilization.png b/modules/victoria-metrics/cluster-resource-utilization.png new file mode 100644 index 0000000000000000000000000000000000000000..a5b156b41fed5d06b3f2baced070f66fff1a48b4 GIT binary patch literal 166225 zcmd43XH-*byDp41Q&CaTDm|0a zrlPuNN=0?<>K_+@zr3n`efq^2cWuR|RHc2lmVuM=Hc!-^P*Hu3q9MPy0G$8%`q^`L zDyl0jr$1-fUGlA{s7`W}xcC#_yY7 z%b8fxE_T84JLh8EM|J&hdhZr&ZzT4?1%i}DXf1JOeO&>Vjq~FJvi~UPyf1d!K z7Uyg|&iv!N?2KsrKTfHBP%)d9zd@nc5xjZ|P8d@aRS0n~(QSdZLrSbM3X9V}cti$$$-=M9qMfY;$!6ud$@61bImeRnUdKm2s84AB z{m`{uS<(8-S@l`4JTB_OUeQNTiMw=BXYE(Fzazd>yb{PPx7N|W3!{vS+7H#sj1=mH zm@SLEVHUH`+|OSB$W^Era>aCHG;kRQf9SdPL(M6t#J6HpG++X>GF^mGRvIpQVL2}G z@}PmYRoJ1g!E^P>#OK4DLzAz8+kyw@tC*`aoN^-gw%vX4dd716xEVEimZpMgwx;y- zmz7rA%!h6(j?5>W_YYr@F4|94$4(Tbfb2MXlbXI)VwC0>Mv$pFhE-m}e#5Yxtt#@k z5vE(UaCn}-%G&&(f+O!IR)#`8_pkMQle&3_*>tM2wT2v9bnoT2w zjy+o?;a$Oa7{6|4sdf&pZkfd$qozfcLjtyBxVAI4(wE?E?=n%STdLqR>7i>(muuOc zU^@(L8Hu;f$jI28kEI>f&$K~0KbCNr(KKGJSZu^l{Mf_-W|^d5_qKF*9I&JcO0t4_#+`^Us~)vCRvJ-Fw?pr9a4LIShaq?h1em!3+#LjuxXP$|oL zAhR{!p+>(PPTG;*JzQ-mFD4r5OVz;noshdXZ3rTa7nfG_FEYY(io);qeAmoT!FGs zrpZXVc9B5KV7TRmo_>GWrkyX`Bh_dZCHJ;as9nh7{zw3UyNcaAd7`N)2+93i8>i*O zQN{cyDg4a)P%lY2tc0Ciy(xxt*}jl9&o|6Vu5^0&Bju=ITG5DYb3MIY&tB!0mQvS{ zN0=1qcsO4kK1BL4QSAiR94QnVj^7~R&C+A@)cZ$@{92dms~}wyTYZ!4{flatA-a^4 z^pDpuFkXQD>eD>8Z$JL!Fx=0s62*q@Z==NwVj;&$6*d9pXtf0ioOBdJ^qOkbw=|j{)qoF;% zx4W@UWw}XrJXXMSV^2zQu6k2L+nnq+7GGR^L}PhAyK0(fFj3itgR?v_sr2v zA?lsS2b4~Z&Ao3;w`(QN6H~d(nq(FRb`}X18lL8l<@r`=gOF$B=MDXPZn|vd`g5S- zJeqN_rue~%fad7Ao$UxhW!3YFyn!X6Vj+K~NS;P?O-;hY-9o)0fnyTh<;JyZcPG0s zq~yEzHg$$Ld#$ANn#_>wwOUSB_3RD>s#pl9M*S5}Wc0kt7nww(rV4|7J(umz%2hHj zbAruzNDUdbh!u1PrOpm=;06VaDe>6MSG~Jfhc*-!Iq5rb?kHu`(k`GhyZyjq-k(HC zrAv{rj`!bS1fMwaMzBghai;UNJWtDVcqKs6GxC-osZLl0RYL~7K6e`)zvKP|WkarO zN5RRAv~76k4t8o7%n;kXf!6q~wC&F?GMoBo?)8;)uK%#9oXxsfDcyW|K_8m$W6Zk@ z4flc>#WbgtCvPM$JsaV>9^_~zcL{rS8YdAfUYwZv>ehfo;mpdP^#oIq!~MX7Wn9Wa zzAeJf$nQEYt_eayr9ES56V2eCv@B3f&?xvzqNCO)CM7SgV77gHI%I0fM74${elG)# zCuWsk(sG}!D{3t-(NsM|K_9(>3qp?dq0rOGzE`7!g}NsQHd=j=*`{ zgWrskTP}8?Adr!gA_M)3iK^9s8JULRo4^i5)ys>z&D%0XzM40d&G$yB&(F>(T?ePB z;$RK$^h=BsYFu#fMI_?JG(W<3ebO`c&+Bd4d42rL6MIFwoweV)WHi=&?a5@C-4TP> zrDM9?jNnJTy(4PQ7|5YzCkD%BT3}49*3Gwgu`=eJz9w=D+!)0S8q#!HHgLu@`o{kH zHK!LE83mpF=4(H_c;S#ta2+nNl(3&J3@F5}|N8Y*KI~$2Q3@X|3s@5x*&Hh>i2lw; zkc7ZM;~VIz*4!n4W!&bt$N~7Q4g$xIs_yt6GGtIk z1a|~DMwlB+rGIPL8!3Js;FGE7;~>`CzSgG{sA@6(0|~M$C{Wmf|{0E zgisyL|A*cs?L`P&Sk+`hi+C(11l_pqo%|F=PEtLmk`@qBT|x?+vX9JgqqWx*aJ#2x zkfNLH+Rh{TJ&;vyV-@kAtnmnHzGNj|*~n zFHQcMd2or2H9c2tSCX@~e4xEOr1|-0x$4*=10s)I{v*HLho%i)2!#k{WlONX;<{Sl zYz1}*jiKD9Pd4F^dDSC5_~E4)4{0t6*ZtS4JoPk9o{zP6x2necx?M9fGnc38MBL!+ ztE1@Xk0o_GaWW*`b5gG@1SKUoo8S9TE*lsy99oeX>*0{6eKtq?PP%Bbm$Eu;#0~il zlACqifb7>VB+}7QH*BVzMC;dt-nFoZyz()ighIra7kH-RdMx(vAYz7Rni`ghm|}Bg z?SFo`qg!H6>$kctF+8(2x3p=leNa-No2kzbTI(L|zk|s6B_=&^T;>qhV95Wm4oU#g z7Y#)7O8ABd+&V-?I;U|iU+5Ccybj0a{aAu}?0rAsp5MXfRw_G;6Cc(Z1i8$VdmJQu zyur?()?VG4d2nFMYoY~5%LSV!%uP20ynTvha{<%aYvQ`xdIV`8Xl!41&QP6wG3Y;}vwc`) z)XhV01;In;_Sm0q*)=+70iW(5SCrnNq>}(F)Q{p}B@r6Q%MjSp8#9p@=+ap}U(OVeL)%b}) zz?!}V$y^UHtM}eS)+4Ub9aX&kDj^)#TZmvOuqqI?*SL#JSlmq-8qRU2OA5=i`WRFB z(t7Y>7RYy}vrGcy|LHU6XpJzxfmD&tzCn*@3zKgl1qE@G$l;5oX-(`pX`ir2kTcVW z!5$&EeueJ)5^Os4e%-_UB0bU8@3&!yj1*8ZOQ{iHOV2t<5vVz#Eb2)e%yG@r8^$qX z_GR>(O6lh2mzGq820p^^wLhM@d8r-M)!ZZ&S_o-*TlfB|lE|r8%}U}6V)?V~tJPw$ z-Qc;m=1~tgIg@wrDw3c5<=#_L=ZD9_0{10vG6a}AU2Scf8UssRH*T_wU2Dh-fV~>M z9UAvifHUhW-|gF)i^0O)hr3EcHs|0oNfL=k61h3VI_-K7rovr0y`dNh7qAi@+nUfo z6q*h>*$8KG8;{|j>Cl4;2$+F1a83vMgO?XkBH_?ZM%sZ<{~2akh1?+a%|xL&HGEr* zsUBAL)w275g$Byz-_md$kOqNU>BiC4Jo#UT+_;E-8d~YiAs}Bzk|mAZByqF9z+HVl zNg>TF+12@6fi~KpV|D(oiHh`d#{~1U3p|8yuO7_u#PoMdDFfRlK~3rdVx?nYQCU7w zcW-=Q7-`t&(!<7w_Ihyqh@u`_$$}W7ws+T{Db_xp!?>bi!!Xj*<6`mZPUZ?38?BxE zl=>+?kz(VT&|9pm1ut6KbW5kMR~~OdMv!rtSy>(9ozI<~-=uFv6x(0B6~xD8IrkFC zMzR#6vRI`lxvzRzG`sb&L(NSMBgkwYZc$`HFnV{VVbslU92j+NRB;r=mF(0=e>v0l@Og-3o z57OVcPQxRv3>8S-Qy#Bp&C^n~dgNrj&CH4upA^M(_5KXdEmWtg>vbP<8wmeLlDUD@f{`{Hq)44UuS+gMYr@Vc-|y~TCJm(FUl*@kHbr!N3ZZQiNsX# zXc^H5a@1K+K0LoLhBnXn)jE=@p&Wg;mHUw)`Z2ZuolwMelKyTXr6UzgmY^*hOm;@9 z-13TmHocbG#2W0_Ew9In)XsKy@+{lvMt_s%5m0AGJ|yAONDsr814{k(My!~@FF)Cl zj*0v+eW);%1b$Ulh%@;WdY>ix*i^RQ_3Uk?S3M?g&t4eeXT@xUXWU@lC&X{hu}XXC zhProiLrI|D38qh~A#Uku#nKmILuc04vEjw0d&9Mkw}OgfGD5tEj@?@FNAhKd>&<1| z#EPKxu$4!3qe*hCN3h4UcCGU3IsH%#&AnO0f)VIRmLEsy;P$%z!uGX^njJ1TU%zOt zo~+^eq3a$FLq{I(q(j!smAG2EG$U&Iw2q<$wRcI`25ekX&$#pj(v3M3wI&A?^QX7G z=DjR<(x^E?DXRe!-X-E<9FKcvGog6+Kj2Iz?gra90m<+;6_l0X$Xp5L@+ftc(_$esf2 z{zarZ3|PI%6w^M|Zm>Vz;E;EcDFQXnCd^J&j!~Wz?tJ5>Zh~p=PdB;0MXre(aDEp& z+NF}(Z+BF}eclo4GH67qW}f`|gj*gi<%o%@lTL{0AJKtpXEhfUtY12@_vO4I;l1!( zze}g_N|ld8h_X_pX?H`T*8^~ZU)rmFikc-i@2~2K6tQ4hXhIw8(brw1?LcOUswQly zY)0B?b=2INEqbspZ?scsI2g1=+mpG_gdu zA>;ry(2ga$M@Kastd30B7_v#iR!3Q_4bfsan5>IEntsl+RXIVx!T!Unn2XC~wO%#* zE@8AWgOh}phE$_-v9XiC&6fr4Z)9#O;_j0t9><4bN|nX;>wM%iRpoYOb(CWoFqh5YsJCg_tQY0PZ#x)#N4me)h%Qe=y3JNo5QlVQL34RdJfti9``x!-|x>> zLL~<;&H8(7&e$c>1SRFU=Ddhv3-}OnduW5VWqs@X{B`irv;C1$(=iV{QX*Yj=U;Z~ z(xS0W&X<1`eTz6Yc_Qh5&@lh==k4oH&Fek1_O~C}cVbgQt~2knJzE(RbDg=`{B0W4 z3xcpwFMW9{BW!*a-;N(GF?IuWpms!l-T7L5C=h!`o z#_z2h&!Wx~h)?vJ&Da*Jz70Z~Zg3BMLau?Mnvc`tln21L+PtueqMp?l<{2#EI2->2 zGS>saFv8myQTK|SCe??Dh%r^{i3Y?e+iqy@&n1$}(YB(wrbYS;e5VFi-5(}c{cyo% z*}e7Jocq9|Me+p^Ygo~95r+QHmM2Ml5m+%^spJ{IRa#%#g`KVRodwiw8!oP$-QDco z6p6$>#Ph>OH43Qgg)A;3S1qOUuLux4o`i?0s;b6-V&E5F#fJn${01u@-!%vbzPL>l zArMs);^fhp?@!w4HazLXGd`m=_f3=bp3&v%)}S*u>()>q2s<=QT<1^Z|VIc=Mwyz+$E^fFnBxWBJPkok(X-st@_N-6ef0_B}&v=S@;O~+^BUMNWRF>MvtH~@@+?iR@=XR;oo=q zn_N3s_+f$2w|0@C1AO3Vu?!68g38hQ@!mDR_4CJ~C9b)mwN@8YfHZ4*&<|B{iDcrN zh!v+yDXp5YFA_#A!a%|hi-3>gy^5yk~%EL9gIubu>uHp%H*6y>;yBW|vy z5VrlQZ)_v07f`NImy8<~euKfcJ+DyCkg|h&C)*W`$sL`YPrM#0n=mo4-OS{F!7Gp7 zWKZXRJHPfmQdW}QKy#+fUB%eBC@%c#5ucX*W>)Gho8ONyYN#%n!M{z0&2gLg_w?S# zEspV}Fax~Ce;&6jdss|gj|>0jU#R~70L%YzJ1R#&TK{=2{zl<{8ms^3;~c;67zm*0 zMx0WLG&8PwZjPo%RcEj*om?Z?1OVh5P6uV)cGDB=1&-s?@|F4mJE#n=Z94wVl?N63N>uy{Og=C|{F=|2~U%0;?NQ6W?HOtIL zTy;y?{$x1^Ns$#5EmP=L*0A-N# z;{9gB%LQ$zfWsS}>w_(#s!3sCVeU3{p!X&}ttDb^LGlO(*refJkK^jX)?kj}Jn7j{fzdhqy| z$UaEO0qB)-)8&ta9$Woq>izaY9T^18-c3zS*$#eZ%FWUI`fYxF-D%~;H_Fkbxu;6I zjOG5?v>H7h=ngH{E#q=4J4rM9!u(*A4H7o$k!mJmj;MSZ6xMM#-+7YnvApBf@H9x- zgU|ot9|xq4R0n84z1i0r#o(S|N7c8^mCM?l$4fk?aNd$&niKhl%RtXROj5h)Q$#k8^a}ASD30^!=lyZl$ejp|Rqo76Ai+#ftssV5vZ6!lHTIzHEp480pFTal zr+6iPwmN2xjk7(HHHQ~bG^nE?{5dx00-^Kx!3fptd^|>uF?RNX} za6!ZO*MWn}B6$TyRm>jyYfR&d3OAj9%vQE2USo;<$8!GMj+s?pa7cx~BZKMK<-UHk zS+2t;YuA)ES@lk)_8s-QVsCD6{90XA0f0cQg8Dkbt9}>Eu_}OtYYgS}W)XoD`@@Gn zn5Fkk>0gY8B2=uNmHqf(c=)RI8Y20cM0z-jMDnk>U-OLq#q~hQPX}?#)+>rH;LbdE zMC|xvtr*3o&m+gB&K4`m=6v}d<6_e|^}g4J*Hyp9{Zv6mnl$rYc;!zzNkGKYwe|8J_os?t`9I0!e}4ae+h6{7 z?)vo>T}Q$fiN*l`%GRjV)LT}7M!(^3b^Y_ke*`ET9C7?qRG+lC&A-I#nz8#holfqt z{xeF`@QA$rx8eUw*sxL++ud==AdAe>=QFU;~30f%mq3IgMPyhQipW&fdsN{bMbN$^}Lx$iPg=EcftrV1}( zyAga0hzDA{t=qBPDH81T0=jb2@$A!e?#4MQ;q6~k?2l*|1eC$x<{LL}7HWHNRL=SN z`Q<#bNwwK=FW)ygL$wy+e=|6j{6KU*yS(*>O&m*|n{T$!m4{htO8o3|LNoQAIyv`$ zx#c~koSmPak6R%G3tyySW2ojf562GAqiRx-(%#4$xZ@JUgpH6DzY3bp!JMTNj%QjZ z$k~~;SSDJizx216<*34SOD1gx2$yU+p002Yup6Olk3NvuxS^3 zJWwITeH1A$h=REx-I~?RGevCF2dh>MI9_dk(<{gRz ztw4$Bf*n0d5YbeKWT!~;m?A&bEYy({Cx0?$z@B}>e<)urP zr2Oa8l}CnBFh63NC$~zJI}?Y&VRsy49J5q*aK7Y8*Fn5UeyfU8WhFcJ@HdC3=Z7)} z+>KKu60L2m0}(7^dZA9)`%uZpN6rK+(vv1eb+!geO2kDpm;3k?s^sdwG%LzeW=0T@nYgY9KgEz;N znaz2G7rL=PkyJ1gB2& zMs*7A8_1W_7sYq=a}?;QlD*fs=>^U1Dsfn31*O z73s@%$(gbEaQ6#>Qv~3~uxXIxKFc5(N)5;T+!?YU!{)}QH*HKt-6&*ZEVqqflZe7T z)1Y74_OT&!-P3{6&_9Y+p+xSJzPq|LybMwi&6~Pekhr_B$$b&F(aRpT zO-{ru26Of$j6Lv$k(sht{DFJi_eI|$VdZZ_RsCV4 zQ=+>W!-S?MY-+UOrpV$a0TG*)WN(|mi_J=Vt1@apz#bDqT0PC5)>ML-O?|>ATNJP4 zm&mchg_CD|2zphB;gC%@@3bSBYMcm~RlDB4aD)Vb#a3@#=scDd2Y}BMWdXepHx_gayrR$IsB1RVp^0j6y z49MtGZJF^8*_rQ?WsiVHacUfg^Twg&Wa^300igTp(chlLfSt*gZs=Ar(z5Qvug&o} z98jkKwN4A9Kj`R&kmwbl@Zio7iN*%d8{2W9z-YfgmKzK`iEQw$n?1E*=bNDpNEOqO4CKj3hO6{BCfz zN8qNeQ#PhwGlSj!TAw(U*xMM7G7@#UccgRVDB4bs_OyrC9c~~6U0~}KT9{8^EVFez zvsg6&mjg!GkVgKa+t8nwOD6#dXv3GMu+C9e_mHvE)w)Lw%1Ip#vIQ|YJdX~F{Tb>! zS1&e^+MW%y-e89x)WyY;y-yZXTD4)-E|c>6t}|p70bX8hffW6uw7>!yVScH5bENp8{=W(f)!QN}ecofCs|mAe7&E$clto*2W9pCBPf zcDrv}I;ym?st&JBqsL&CLqm%(J8I1u}FF1Yeosd;R`n&f&I7X&`l5JJR`GO-HkHCWz>7Jpm@pZIL$x<3HX&<#I`y{@+-5P6`L2{Yp#r}uW~EXAYtV)i(MzcB zWBW62FR$EQi1VlQkQW8v%aAfITDZd}kjo{y^;mowpBy8qd-h()yzlIB#o`h@&BZt& zDvPMI=iG*fDP!HO1~T=Sm|uii(-d_efO)prD4`3U%*7_E+VmlFZIA;jJwr#1^U4$K z@Iy1Oi!TJO;MOY2-rhKfB(MoPQqi(fl9k^o^1C4Y2U!py>3oLipOmZEi0TVtG$+&T z@cj&blpWFWjZApo?2CfNy|#QdUcPXD zdT=#7>g%^}E!hkL6$`87F9PxNP;9o~tA4-(-;sfc+mmvLr?$^-@ZiEav;($0?g)bW zJM)V?EFK*T!*>$e8OpQcaXsVa%E(c&%;h@wRfZRAkQa5I=a%!B`vrk23Eyo?gL*34RYXYx zyFOX7&`jpwlL2BW<=&L4xP_gCu${owiK_2>@ggnZ<2pQd?!0Y2a7+e?6E-^hTYC)5 z`x4q4Y$?>d`o-_FMJP`?t{)`9Nz{MVWjSB1vom)j6UxgcfjCs%bVYssI~*BSlgc~K%K9g8zUCTA?dcG|U>T4Wb{ zlBx{5J}?d4{DgjPdEK10&%l_u2W5U5%C0fN#r*&p|Bb?Ga}%o%%bFFfbj*(6!( z-PV8g+`@6p%-`k)qmzh1hvU)DX7BQH1T13p>`AVcAH?u>8;iZG<%?#L@mmDwaWGpq z?8uazv(#rhrd&OWghN5#z((H2cWP$Q7`)dj(ViYo-0nt0x<)wsJq6%O$^ruVCwHyD zuVmoSzo^CC^@{FC>UFi)ZJ%#({9dNzc3}g$8I>LHl-zNPfAmLA>7$Lof)D`Z@T7xx z{wgxPoXSNf+1A~#Nt-p4r%@;)7adKkBJdYhdys!jPfaZak0(5E_ut4-LFgGv!PjYc zX|90tM)3t>d}#&7QPrXjeWJcSWJ4xz6}slvk!BksZzsHLIq8FfAFX#YofwL`s0yPW z&Iuwxlm{9fw$1n1U(r(Cmj0Yj-dYAge10~=niE^cQgye1T4Dr|6kmEntpi!-B^L2`d3 zh)or}?dCb%^%lT}XJ1a)S+McgTcNj0eApcJJwt!jQ@K|U6YxvBWX{u;QjozPXvC3+)Wuc zxzbH&$KIQB|M};^*>igtmQ+;b_W(B%GZ)Idac8_hR$_cH`1mY|MwzJvalP#u>X@9^ z!}9Smbblje=AQTF3<7^grkdNb_63UX7O7Cb^ykB^x-G`JRPQ}|vE_)bEhB8Kr=g2C z4F-7+v8q?3tHUD)cRA5%-lSs!J*{RDbG(Z}PhEer{ZN)%*NsXtd9~|9qF0jG`s=aD z69?U`ovG)9#RrHyReP}DgFY62Gr@OX- zIE*6CYf{VIG~9^DPMMQ5J=pt(rlF{Rqu+)*PA2~X;$?luXzIHR27}!| z@k~H$tp54r3!C3|&`mdhpvlYGyhl!Zhcgf>921s-_b|TN8(g5-k**!Qu4h$XeqyJj zL4$8^sdIyc6H?GJW|R#?H0BZauq^RmPRpPx;DVXn3AYA!sfs-`oxwm4Syt9DkecIk6887&p>qxfcsp@qq z7-m^|dB2;uAQ;T_m4IBEs!9VQM1H)a)z-6RH}Y)zp)bsX1~$8&AigeCOl zed_<~&~3+Y+@Rh z-NS@aWNPu(;g?EGi<*}kZkl_Lwz;y@@Dk4CBafp#e%~vSm~TO$9c1uDq{b&GCl>kn z1G5C|ZC|QP&VF_j*S5DemIHt2pT(ei%BB5a`I`#!&w8f$$%My&zd5sIa#EtxusS}j zzxlOmtE$oUDdVmv^ut-c*TreKAd=vH1YbhTWsXl;{s`)d{q6GIz7%X&gF6>|hE&&q zLO+hVNPo`!MNh0a3#Z0>k@K&Z9-c1--?v6Y3#QqrzQi9;chTUnMI~`=ZsR-oGPX=D zaFOQ1qn@NVda6b1%LyFhKvamI2>a8^)|aWQE*K{Wj{d~zIa?^LO9T#B-Y&6p^KFqi z(LQpl+O4CZYa3j>Ct}7DZ+KYJiMdlZ7Fg2PKDhco?D<}OtpLAk@Yli3R76^Zj z6@)kWfVba&prU%-tDSR6cKjveBCUTcfT(dcnI0(j*|2~#032}l@KbXxpY$23a_TOI zvhRbd=g@zXh8?_iV)c&}x)%2C;I{S%Sx{n3lrR||wc{xNY*W-B-VevF24x*{`yG~Wk_P;%7 z5vP)tYQ@n%1hC3%jHPlHsowOw*}3rGiN@cgZpW3umF1X>kGub1B&cqC{`c)wr|b0l z_#a1W{~rS2A4e{nc88s@0{>%BZ{%AGtFrX7_O%AO_;snHff9`S5o1(QPv_p^x*hs^ z?>)|0TJa!j50X5)jhdTMc*Xs6oNc_@pd||3u0VxAY)xf0!LqNj_&DX2&A->a>>L{# z+e-ZL=P~zocjVqys*Sn2z{dQq4OzXEh&zg021@Q8ZqcDyX6HcE&d4+K^K0r0$PKji zf#4waOe&4r-{q^5X2i?B5w6l%l$u9)Q-GqqS7|_+b!fG5V zGWCqKb-z0q5w+wes*CCLY#)ATJQq693WsMyz26n+Ph#_56>WQ*YymvjNJmXJB-_^0CI=nD+@u1qwaNIEs zxwZh*Gwv832yI(7?BcNV^nYdVUrU=L^0Q7$r74dtt8>_U#E2Sbz@KlL$h@bHcX|*( z?=M{^3yI2O=7(gsY0zcYr!{8>LO9bPi&`q1E?rIf{)G6Ptx0@=$1(T@1B3jASslmp zAR$H%esqb=%yAij{j`hlswy>XPN!Jt4Hgy^K&EoRP1o8@0J^{I;=e@d&6*1?m#%Ys zBvyHJC0F}{^6;8muOeA(=56cpA_>mTDXhExIWjQtIsniY@Mo%=IA!QaC*<=}b*pch z2}F225tHf%3WEoSzRm=hLX>I*+2Y#2N3BmaSJ_8JhAcY#@a9<9=~7{cTB1$tf97aQ;Z=I9D z+q|k>%0Pqi#Ec@pv|DQJ;db=Y&6AjMzCwYKN~JXQhw|rvtGea-4C`XqV|V7yGekPZ zw|hW#sZFKR9-(OFkZfc_I;W(^16s4ZdImLf2_BT6e!gZtr8&b>K(7VGge)9{dsL!b z&Y%L<*>Gj>C34pAcH&zXEHR(pZ$k$kS}yx`@`^in2sx6?TwM785T>{n@!)wfCyYX0 zVoW&aG_l1}^1MzdIE=?g^s{kXok^XW7N!~9nMk>XrHLwm`1C&<2RPBFOQ$^O=`l`Y z@WBjHVd`}C0y_ms9S=nsMNBBt9+l(*<@>;F+fR~JGR7ixCg~`MPIQ>T=CeBnCpyqG zgWj+cBR4m%gy7KBU-OaZ1tHhKS8gDX`FP%?4k&;J4e%nk(l*s*>Qn~bvV(KsqfKgO zf(kV|Cq6a}u6@kGEbk-GS__;mS}DXUgJH6;ybonX|DlindyT3UK(*ZfFtFe^&#R13 zshpCfUtWSl!!zt+7e#G<{^jQ3kqOW*IwmHU>+0(}zfA(oq3NvB*Nst>OUWfzQ z0GRX_M@v#}T)(ac^jF=tv9USa{DBeOS(nhQjEw4bl{s3ntU5#Wc<~o@i3UHk@h-Id zG=z9x(#6n`^q>jscIa^L_QOxkxcZ#xwXokVV~PUwh~+}P1qw^T=U#N1Oo5hR2cC$t z0N?K6#vwt6X+J#vhLR+tJ0I5Mfv{%-dK)-IMz6Srg z(BVv9meblSNv40B^sR@q0^wY>3V}3lJZm#%UE!E5n@Hb48t5=KOpV3Vr}%io6xzKG zkZqmGo{m608K(A{<9a<%n?nQ`5|4!y>$-2_jhU;2kL*LW+nYln>=-`FLzaX6w}D6V zUIp6L0A5BV$?*GmfbKKUO)c%X)yxRbhmwT-hTFBz+`Q$FTog>rx%&|)Oy*jRz@Za7 z-GDuc_S^|AO>3xDFi^A1yp?PyWgojhJW^!e3+W5Bw0r*K6rGX~FZn@EPZ z5`joGvZQTFaU7`eTy)fHo|jWEWz((igwFqBO4rs7y@Gkt4nKJ8v;c}XV^197IQmAu z`Yuu0z`?TcC#KN>zyMY@s zB~-?uqoM?z4q*JfDX86*MRnGO?!QE9nVG154wQRpFr2FOm($7KpK8dli0HHLF7N2) zt8{pEy$V4v^b1JOQ`rwPWB7ZX&>Q$Z)JK5E^?eXfBMQuRW~lX5gg|)vH2%*hY^sc! zOCzaJSxwcv!s`ORnXq{d=dV~AIt@QDVFS16CKmOyhAMrYkKtrZp^H>ow&R7`m#qOF zA+bV_6mz}yh(5E6)kX(URRC~t{;`RRGo6|sRb(~Olj_Pq+5?rvVbL(Zn^KwTp z;0?4s{^BT*Cy4VRY=Jbn<1pt{Nr6@8pxfjZ%T>703+9r;SLeiFlnV&u8?3DIK(xpc z99Ljc0PMcLtP`NS>LGvYtO2R0GGpQxgVhZDkGCv9p1O z-Jp2u{QA_M#Bp({Gmy%(pF7n#9}}MiepyemqiAy2m;q0L%7-Yen!g`{n;E zLFu48E_@w8d5dln(D}9lx2uR>#u&pm0e9SVM$g|%J zOxkU|?8)a;4ZCI0bP+3>$r+I{P;|~Lx0*E>=mn>1nre!gC~_ERq^0M%C1-}5;pM>l z0!12Ki0(iT2&7A`bWhgAeV@yCS5@{)3;S*U+2=Wny^&-*Lz7Gi{GI4LU>_)KMHI-F9lvVLsfo> zZO|7W|F{Lf>V99g5c7)$Ljh%_Pc*D86{((GvuVxnoOMs z>&#OQMZNw~O{TuUgmCZ`!dwcm<0sx`=~E3ylTQ0aOdr0z zeSwV{E7nybGL>(=dY#py?y#FCQJdW*Bia1=c3A!Ka5&7pI9crvn7&&uQ=KsaoTLv`Q z|L@i zV!G?Fv)*b8$S^wHq8c`5k2!b#^0m*ubz~oXf=Xr6B>ASrdVoDpzv4i_yn* z<}y4yaY6UJ)XcGxhu?qsTFD+A&x7bd1co#~n`F9;A8NoCmCq$(eqo&FN-I{6nI;Lg z)9LByKYvcgpzIC=?WXFp4nebti<+q*1ebn34>XEGtlDJwVk;uuUppwF$fSU-tYAlPoe6=!2B2qVOzBw1`;A41(xSq_-^U8{;P;s&0PquUb(Y7QlJAgo*Ci## zePhY*)QhrYZl^@|!rfsm9 zUFYci5p&{s>QFe@osbckMoJ4}6+xN%Fw)&8@}Po+?-gzpzpi|Z+T2;qq0!;&ESuSz zgGWGgfMavq_#MpQlgBBvru6_MAzI@xi4<$?HE$~Z+GO7*sqLgiiaZh*jl3>B1aJ7L zF=+9`yA!}5O~uRnB{Vc( zR-_fxKAp-F6uJ_hRL6QX`07%t43u~iARaJ>eWHP69pULsW^8j*V*Y{_ZtYeKH--)a z5O)LqQci;t^034q9X+4b5ZE=NVoHgWH2Y%r($wu}Mvs-@U$420(ZPkoN33GJTGEkl zt%pUpM>%N5X(l-gd5{VMR|I<#af&i3PRN^BTmVV9Zy!EC-F{o!reD0KP_=#*)xZGZ zZqvZvw}{YvIQ7}~=LU*yTv&SG9{a0!{zsg~Odpe;-~t0{jo(|TeWJ4Jc4QT0#f8ON z1;x>rQ7>$*;ciw`JG|3DWrN>;OXSy&do-Fr!&B6KFGSvJ*PvYC#2g+fEfU4YY@#$c zzbadOeMC|xiDnjTtfCNPmSHO7x)sF=ET_o{lfOgTqFa@Q0K=%wgcu|RJL~ByK9X;i zqM0W7q%~^e3eWIVf~)k9w5S!C1yQTUs>e`M0B+}a%i=^v7XTozU9ET|NC$$SMi zKb`SQL%BUUVnHY_GHTGdUN2ph?b4L9@&--1Mi#K4QOoLB2rRN`FD}?Su|))X-CGPw zO*E2DWP4iTbF@7tzYV|mX10|i{_+ruwzoM2$Hw|-rr@n2@vh=N$B(ZTmwS7Ax&0iG zv2IR1UfVNBYIrZ+K9zg%$xmQi^0N8jlr>G-LvcCm_n9$4{Q8aSzyej!?e|Y66>D&r zX%3{aF-BIl7}%EW1DaQXPEMg4{*V{uJ^Z@rHqU&LArX?m9jAV~QKb6{+2^~%xbGohU zTr)zMBORuSY~SFq>HbbR4M!~n-ea@-ganP4iyonfC1>Jhy`J0t$~zUI5B$$Wp)Ly_ z{2y8U59Yjv;0r9ou`AJVxO`x7`QSD%I+S*lsy|5ECUAM@th z##(WmLAyFVww#IIE#hfM6_s=*w0Q(Sc_Uz-Ipo#+qy#X_tv1d@=?9Q5y3O`u?OweD z5P7mkAsR(G;ZVtKv1~ogcHoUd_KOBaROWx)!-}-ka}&_S6MH7b6Z8XVfj2sLymp|A zH&-{W`u9oPqgVq+;M2Q=o+2lKzeZ(q^%Bq3W9Zf6c`YqL8ev(@`9peY6q zOvOy@v9nsKA?bi3@mfCG#ca}#Rm%}NY90nAe;xgb-TpYXqOI_}XVm9h$H*+GT!hFr z+S#Gy?Y)LC#1-Wb{PZ&tw8}vdgvSzofyp5jo%&cOSGw(3jJdl{Usg;)Vulf~vkUa& zKxCPD)gt{7bOc*8s-8;n{NL-4ZlyTUBAC^qT=XmO>f|l6dpg4R*ntIcbtYE)MY5G%0I6kUV#7f+H^ddMdG6RvW$hEs1}=8IfClIyu91wBI=wKQ zCEhNgQ6uB)gvxhs`B!)2*}`f);2=HzzfqIZ{rwOpYieLi1dunSE7lu`% zKzV4?!Mq~W9-h34Px?)?58MFK#)Eq za|zj|Yl_bQK!tJLPzsCCq0zom_pZftTg}P3HH@aoaieGRudgC~BXKnk?DgjyHoc$A zZ;vQ3q&)H}@A=vr4l;b-_FfUuqmNWs7?$LH#!vG5rc`yoL(>Dhsy|rZ zSt7(g202%;hLI$B;a>B0kiquH?@+DMjz~B>k$VH*W5h$SwX9ZoBa@>@meL_m1TNx~ zcg=Y}oyV+<69i*RjgZl>gB3LZCpDrQ@iK!0>)*i`1$)acr?&uLMS_r9K5Z=Plw9w`hnfK*j9IJqZOM5*D>UyXtyVa&3-CrIEJmIH; zrmkc;ED!BXzaV@(w-b)^}+gERQ&0ui`@rfzLEFh*HsJ9we|4P8de(`FcS zixJkv3Dyp}*A?uM&3%KI`%a?YEAP=PFBH;g)Q;+-+m#&{h|kZm+o~TK$id@%>X1Rt zUZ&l^?0tAU*DI-(W=0w_-=fooZhIq)vGpoN6v#Ty+@^Zs;i1H+c_b%kO27bP1F6yJIx zhat@5r<31=2=)b_V#v1b1VVDt)zB4oIR@)=JnS=OR#wOqI5*I5{h{`!lGW;Zf0WCx zyi)zTQ_obC&v^FIF_#Az3{C>GOUz=ZkmQpFZAbjCzelNW5g!Y>oKvu?4gw-R)2a{E z;g@uqsjNQV$jcUf#-_xW1TxSw zDhV7}*kDrSDb6;2h6+AGRulTSkjVXJ!&C9-mDQMwk(`y)F9^Ps z)lBq47tW!R8q8w+=ReX`GC#Gg-o|V1hsCm&3y&7;k`Qh|F|}|YSO^Yf;y!7&M+!`P zvunc2d@kc>hjNJY?3OM*t5g;V&czANZn}+arD=Xa^(bxirwtzQAjaXkWDI&xY^YBK z(G>Jh04+(6oaTNi`8l)FH6r|L7J6tO!AA^wm}$bKx%3pH)gu;UQRN!Z$gD*`HL@Xr zL-pf<)!P6+T%U;J?Mh6&FKy~DG!)38&U7?L1JKX1*zY<#`L)@Eb6!yDx06?$;lcCI zfp|J_t+lA^CCS}73*rxviI65lgLG<*$4l};qLG)&fqU+cum}4`G^fwlJo_rl-luvm z5ziie-WIc6D4H$;m#8R3GQsi{$w@xlj@H+r`QOY}>KcQSCpm)Q98&HJPc)8oj5Xxs zuCuqTb_YtICQdDU+ieSMLbP)7fZ>>0>9 z+>3`ypojEvh@5K>GBNMv_^Cyj$Y0H8 zELhR=qp-2##e{j>qeonjVjiL5(4j8U_l^@S#au$+d+08~*2%pu(uIOIaOg!0HBLX^`odbPw0!@_D8CbcqnI7-yB+`{9?V+@;t@QF>&$dkNwhIB8 zVPV|=y5rzA2oHbT8SV=I}xM4tk4l-O9wW>|FgR0^!A#-QKBBYLtM;iJbxvqDi6X(cHG zj7|o)woVH{|1e~#l)pZ87DsoBLPddMl@YepYT&1sExM3B=6+O~i9`<#lf>)ek4<8) zwqj6M0_!IwzzI(C=4L|SjsO?R^PZQ=7UifxC zt_*LF$g37b7ruyC>WtuBJ8mo~qg2OVN6Jd|Wok~%&8IyZ;u%}@?f{oj zYK6=^G9^ow4UOS=T}<6g$)cpxhAn$@pmHP-?ROeGX3pZPo(&J#uQE_)_{KY7o@w## zP0CL;#xdi8^I_ML7FFB}j~~~F1>Q3i@l4B!N%OSr%xU^l2D9u_E?^KAHyhQ!a?ET? zmRGjbLs3RNM{h$G$2=JGU5 zCrN5wX(8_?y<>14UF%wOr;#iaDl)t;FER2c^H%_g(UWO=Sshv_WUI|>J zbf%RCx|vpL)%g$qtqx($+bFTW7jn_{`349Z1R;FEXB&+@ij7ouIE%)0_6~s(;Qipc z?b=Jeyk^}Vn>3dy4mCC1%2{Cz)az@dM_uzOCv^hB^g5m=%LK~dv(1>e?lD9`qF!lCbb`A7urErBo(wV|m zmZO@(8b&OLdWbMKy7rCat@mfI)B=Tu7lvG5waYJ0+K+6p(~zw}H(U{2{&f=q7@7P<*yrtV@6&0$?EQS@PH%mI@gSE#g zZBJ-v2k(jq4SyPf`tZ_KmPhlzS^216N#erHN_S%XCR$vJ#G_>D8UwOsSzq~ix?H^X z5)8ow5|$b@PWDhsCwrzP&aMo6b{e zK6gp~#Y#GOPGz-vLPOMxv$`?I^NKPzQQ3pj@F_AliZ>DvP!Br+W&DZEXO`9jrn0*0 z*zGhx+8{}i*CWr-;tH+R310s^{0ak0u7-1e@8OQBoXYj}VUEN}SyV)T*c(Si7dt2S0*{PMt3T9FVj?JEDH5>Jrlvx6{{->U_C_fS7T0 z<|fz3izBtKjTrBPeyxad4c-IZs(0_%K(z2B!JZe19*)%VYGr z$>Y^)lMVAA$29M7QD48;e)+mi`u~7@c*!aCOJ82&GMI(8l+NYl$h%|v^sFsUPOCQE z4m_WoEcGggOi{lXELgM{wlNLQ^x}*9;EVcNNh|*i*D>E+tNz+52)!3L#>LlEuHd95 zj?ck!dUX>cNYXgHI+tPUA3PX$hsJiM zi+&H~S3m|&NzXUp<>xZ%N^_bE&zZlWImFx?hz+qgvb_lB7TzSNQCMh{#m1|Z4p}qb z%B$Zvl}b%DWmwtoRF?EINnc-n7uhWzCF0o!h8<+LkM)P_(Xha;Ot~GV(+hUOURPyP*>*|~W=9o!l!7#% z0=q6#JD5z$a=tUSYle9_^PgOn*5+SLQKx?&U&;3Rwuq4Mr3Ps@w(I60gwnIQdPDQ2 zL+DUOk+42b9XjicH>WtYpf2kBLs+XsYF5{D8+%RV-)_=e(QS4GYsc7F#Rac)rWQ6? z-j|2a;=>!@?W8RCwQHv{l~d=mOUHd&TD-hff^THOo3}7sy9bp^NFQVP$Y`#CG{T}+ z{@U;PIL@*o^NA{H_0eS%q)00Y*wSN*z7nVg=sE6hHmeB~iiN)G@B3g#^KAbE8Lguf zF5$qV$hjj~dIc&=EEhlU&m#G_nFdFtLXywVV-lV;N<-gs7G8$K0Y(4Q#@A-J;OeT2 zmPq~a_g@Tx!DVIqzNej*Mm5W~ubl4@j08?xSG@SrYQV9>`9nIwh38e|65aXfhhz!g zjL922zpt_x)KF#`b0x&2T&*;ZgLXpy!cYLWYzg!UT{NsgZw}6K%&L|DVX~}- zz@wj^C|Ro}Dxf?4Pu*Q&vUyK`n0GFOe{k$oNp%X1{p$kK3=iSdpETK5d>DeS%tp5R zMx2Z5Z)H`-{&nN0ykW(;WRuYGJ>ta>V|+}<(2&X~6skfm&a&0sIoU63b)!}w!?(jx zdiiDJfZ(U=E>ddziNwoky#jLg>Ew@11=+PoE~p`1m(Yp1s|} z^DEylTUUYbBeV!KJ=x^4e&Ee(p3hJAaCs=-Ti9{sIG>g!?Pu0!4aB{n;B6|sB95Km3jv>kL)h2ye063e(1W=H%%fe?6HM)$o` z8uCQ(#czOvvhSYoBGZ;S+o9a*DyHLAMf%7kNf zsu50nDyePxk1JkCa1evqo?9Sj3E~;p{l;(~$^dn*Yd_@y(K9QICi58!iD*O2hfi^cCr3`5Y+n=U~*l$UjKBfc;$3ZMvTSLcpELJao+5;V( zYHV&e{*fr>^T)4CY4Jr}Vx@C(R|ybBy<}G?_}Hy`(M8>09%HS8H5v9*Ag+PK-{0Rz z_>vxI*m9$3V4s~%_(T2%w~=s19CI1QcfYRfc^|w?2Y(f1W|P!-L*bX+5Xgx6>1kO48G1rhfo8`{$hI?au+;t4-vJUDh-Wu!FlN zp4OUW7vUoHHWWQiMMSy$u`S5l8AV*wIVk{})h@dvFmd&xbP~)Mw3E*F)>|>PFv&N8 ziZ=@|;T)Y(aGVN9T}HqzJh^hmguh41qpK0IX`JA4Qa^C99l&|6n60WYMI5kkIl^+c zG!p7l_THz0eM~^af*|1vYhXV&n!r0v{RF9)^;a3icK+zHxcggqgji84qm?9eahD%+UjGE4G&D56W0mR!OJIy^?iiMEOtyRj^tihWGgY{(tL##)y z13bv{8a^;!jCHCVBqUvzB^_Z<%B8Aq&}JUD zsu3L>?eg&?w|7o^8$o1i0)ixf9!!jeWtUE509P9w9DE_w#h4KLVYc|H(|~ds8AccxFKiX+LrgJEf=Vw&p2!b{pMf*#$~VcY-u3H8e{X z>F`b=_k^j6l8j-Cx-isp##5E%wc1ykpqMe|iVHP?vU{LZr9r>l@0eG{q%TJ2+rNs< za`7}Vg83Vq*4WMaCPsb?UNR&&BdxJo7hJj#iV?n`s>C&59dIeVIJ5iqtZBWw26J^vnWfnIKH;fR^Sp6^$<{ck$R}7RRmQc;js4uY**T-! zimPL@2wbM>5bSPh1HeYAOmF9Ek^F!&uTZZfLx;j}GV#rae)yG3wja5~v-#)S$jZ#L zOfw`adgSC5ouRfr=X5$*n|3!+WHVvn6K@c(w7PSVi6-Om_w~gN8~j@DO=rxE;y%jJ z4x|^xwvas~FZ{)AWktk%SuC%h6#tk2Kuj9JGFC5ty6v>#(dPYX{xS(W% z020Ef6dsI6X|N zK^fd&k#LB6IQ<{V_Ztn^w-cor*gFK?f4>la!1|mlVTv-3K1~{Jxit8oqm{YD)V>Fw!^`37W89Hu+HK5QmOt z1ms$il-qG{+kC5C4L={5DvFo7lneM)ftqhY$N(&|h)QO8KnR zOPBu}edYX=aV~=67d~?(%cE~Fhg2K;VoyD*visXGZIg+9wt(u=;6hMN%_C)k;A?;m83s+MTI3jL zBRhRF1c*&jeGRNh_3mD|ECz?Pq`6zeOl$vEcQp2hb3?G^ScYJ8XL-rLcxT-M=u0QU zfO(E;Lc-K2ke~6l<3zb3S7HEvY8F7)*^zfHK3|3w7-or@HoCoZY9@@{z5+eyWas5K zcT2O3MC{ch$7vA$Hh>!C;dvc6QUIdU2XL7uChcD)2~Ufp((T-d6w%m>q5+m;-kk z`3gcpLSw6PZc#ZspFc4TmR*?(wsA|6v7n&hG|`P5+KwO7xyPS?kiDE%y%OIEj}8ul-8k5G8?X^6W0oww zv*5hGSYhi~Hx)cW65=ZX!JZ&}YM>?A0lp`G1em19MR?==6X%n50QlV1As#r|LNt*! zyPzTO=s8(X+~}G}_s~otrNQYLpAje#z>t@q1epsSz(!rYQ6W-9Z@QmpthZ)!Q$lOH z#~$SZUOp2kTABa*LTPjvnM+&omgEzU+sQw(t=X^AhJ(quU(afdg0&2tR#8yV)YO?& z%RS;!s9wK@*=Hv~UBiFumfkV+PlM7rXQtRY&BJ-^9r6M>PRgbV*fx#4+J*1<_llxz z=GxyTr7TY)Qpz2*_9>na_t@pF!rb3De;shbKzZ;SAx4PzP&q9v5Q?b?v)({L;x<={tGqzBR|LQF<#kHv7q}= zV+0^TC0220AD9DduNFjm)^}u`{Las3@%@!OQJ)cfr!hY-q0))E_X->fNU;7JcM8ZB z;;CDq6lIt_8NyY?snVI~bz)LD{^K!@cQs4rORf9U*W~j-)qvs*KDaS{L}ti(HnK3~?JTRsXXNg&H-^M!n++`IT$nD1fu=0&9tN z5ZRb3772BBQ;psKi5EYCpjBGo)yu+$;mQhA!!2w<+zRZF$k>nO#nVe}eTfzl&SsU2 z6zQ~gNkpG}T0VIb&%{bTn)A~fKE{ZE3ko?z92V3_tsw$r8p}%?FFaZotx^)Brl2u^k~9Gih%KBP zM7efxNg@~+7(2Aj9Ir5&TIk4Xl>Yae-4Op=;iM{I{0c|mdDc$(0TmKrk5MJ-EfI24{>R*{}fqokYL z9>A>wl&e*;Zf{RjY^8=)lQAjsctnX2B?-l zu(0oYE{5~8J&pqXTaaynvYCy7Xu_H75oIXGvd!3W160Wz7(UWUu^0~OT^KeWfcIh+ z7312*hx_!lxX&0UEUE(g^+>ho?vaoOdi(8|JS|p^qSt^JB){k9jWy>q6-8!v?@kxF z$+95qMh|ig!@36sJi=Zdp-xr;c3{H~b9QSgxGK*J!7l!SxrI-K8wiWWNRaR>< z84q9>`zarE@W|lP#VLe#b0TT{S*!Hw`SnywS*?No8rH4$f+k>vmPXsOjFV$7m+}Oh<2;9oc;Az%4)Fd?v8oH{eisN-YN^%_AV=|$;J`{ISVjf?O+Si0 zUe4rKD=@KYrs>|@ZK0BDgp^K>Pz?L3Xj}l>)n^Rn^Vf-zi_a8hB66{`*7o=?58l<0Zcv3a^7+I;9xPx-&BpiGmW65;`Htbp<`KCmrmGlxal#Q%45p zsjU#8n#68%R1?w~`smO}TxrCZItN9H$Y`M=+V;byL=P=R?Yn6>WjyDbZ*Nz;u3m}l zu?MsS&!z|LX3lBR!Xgy#s72StE-@MXe(+Wb3jnwTJ!aKUE3)iucGN?Kc&(9f!nUbc z``g5yMo2OAd#M(qM&ZA%al+GSyWep^B>c>INIqQ_d8*ETuA$4_}K z*3I)$dT-x7o9<)dN?_vkeD#~;^)yUc_6eq10vz|WEc;8%G$qFjrus$?T;7qpn8NHqmLzm%DNBi1%#~)AKBJQcsz}{IG2VZfaw1Y8HVBKF+Ld&{QJYhfHaqBQfB$^ z&&0)|K`|#IB>+2n!$}VJUR~N}x)0O^3};przQ<3)aw4mhanbr;>8DKQvlhO!xft>z zO$01WB8sUCpw~$}-6EYER7oK-ieZq;6#ejVpqJsfg4!+TJl8Yl!v8QH85kaSi5ece zyBOn{vJ7WxfP9#q&6C^2=c`c#dEr&murskNb{M2*-#6%cGnH3zAb!G|{1u+TOHmeCCYJeu4)Zi5L7a7T#nGHW zcK6}FBavbM>_g*fbtu*rsuJ1nRVW^!K|DU)F@KLtRa&?MxE$z?X1&&CPn+Emm&jNi zJlNfz7=ODqct{JB3&VK=U}@h!OKS}TIXf5Rzmh*o&wN7E#AZ&Y&`Xb&G;*F0ybM^g zFd{u^?uLE8X!U!hzkbfM9UiDC_j%req60!Pm^g9~e3Kq>hDCEMntZj70Ui3c_77BE zSmD6@DMLY&px%F0&wA{V0Y^cRui(A#>d{tlc$)#B?5}S1KCAcLWm5QuP17^oWSD4R z$TJV}?6k26E7>_A><&rwZ*%}64j3q_l$RW;X#H)QJ&*2a1?g)o`cklB;9~?0rlM*I z&OUK4?~U06-!%qxFWVFt!pGS7_}E8=EAr7%gw}`e;*r|$Ib}S?egOV1p_!VSjDJo1 z{lxVbq91nU;&?KiOs0%n&#DP4G4M9AH)&$v1q3WhNQktlr2=wI?9TF4A7xKr!RL*% z;B#71@YV{L)|DNu&eda&{wl=v&wdp`Q7}C8E+7tL5LLLa2NoI=EM!7l5R3mjH`_Px zP5(Jx6!urJ1B=E1 z=_{;xR@MTiQ5ezp^hrps>F}G;gz0-IC9ePw&{nuKeJt3c!&zZNkIMM@Gw9w>rHM?L z7FO?Bhv{g7i6pa%LTC=N$9$>`hy0+qQ+YMpu}NHU7?m1>F^Cu6w+d#VCRdd`+&Hn} zdZ#e`h&M9+o=bEUdtU$gVss)`vfoC*Tj^@I=zR+f3V8GPR#1zr!MHmbu*pmCkngQ?*FGNtMTG+eddYzYeY*<2G z#RI@SL0^Jau-knA-EU32RCP$nuwoz8>mCDq72Qbf$=$3i^q|L^gWUirGH!(}MBmc# zaz4gR_Jag~KSbmy^UmqTYU#k|(VeE zs)~{NF6TOZ#JrFWx?$LB$_NeV$1AgRglUl;ZMzDkv)Le?6#ol?m?>ZoeMhN)e`*xX&&52P+T;5WM_X-3bob zod1H7IJ6j7R8cS@uYy!8dj*N4pjXm1+Rz$;t2z`tnO<3VRm!lwrhMOshg_+>Rq(?N zGK|ylUTvGZPeoi?y)C}`L{i-Lq#cTa@rczIC&5DN$#IG_PRjE^3{J`dk?AkAxtt~* z5^sM?3o65Uz?PR2GQCjLmcusI|Ce(MnOUIt<@iB)Li2Pt>*kUYXS|y;E|j<_Q0SIyx>{F+rFEW5GLvOB_WTRK7|LuIvST3 z4X<`gC^JlOVP3pw9{^fZ*GTmG0HO2o;(r;M7c;OL@&GK71Ng8k_iE3&786TvLh_g@ z(vHPfB*@XE66Nkzh3dLuiySa(6b4+CwbRS0jApv*vC)8qO&Ke$IQ83C=TY{|a@P~b z#H&^q1OI}?(LUns20i8xw;lxe@kGu~g&_A*;>nX#Q9z?qrlOJ)hHwJ{=-~J-k=tR_ zC4t%EGR($|b6?}nQgEF;%-|S<&ctB$H=nNtyq)pi84iYW#nsE(aO7#CT+b@tq293p z5(U|1K659AE0k?SyE(QtW-4(7i0d~z0h771M;9+1gmUWM1*AsvKb&o#v#UkKQl7b$ zqh#dWVP#ZI0*`*q?q3H%o}2Cq5-Vg(xlEkz@sHsz)xs7P4(+GPMfXM)zj115g1y#| zr{)*6Y|Om+dl9(CgGCH9SrUjI07hc77|m?JYDH(tU`o-90gmd$D6)P~fy-}Up-Rw1 zkEdYDL;#JGoD)?J=hQ3%Vapzma{uEA1R?zVcg$I_O;sufrg>v}FF^@ZDBgG4^WC)4 zwr@K3al?$p&6VV2PSrF46 zq{+2xu72^)+bKMNNu0^mDCx0+yyPEU`3+CmfltJ(zaOnn>J*>&#^8$bpgidTezHWF z)5)(QvSZ?#L7b6eodjKEBQ3IVv|q15E5^X9b}t~=yJ6*MXmss(8G!Sy@Vw`+`i>*h z&E{I#&F+l$N3KALodiUopZF6Bgrc@lflTUJ!J~x=cEOc$rW(WT;tBRS;qzdC>M`ds zn=8u(%Ub^H*%)>4FeVU3+X06JkC6HQyK&=T(WtG8v+TIozhIgGMbYMv%+7(hnSEH> z)7RmKNoe5KRyQx+e>_-y;u(|3g5+Xm)f&25EiHR>`8~R;ZY-{8%pu`d*%j8GXmMQa z<)FSG^~sqYgLjPsdG#VEDJZk9i;SXf3+g`{nnBxBT6-zO^A+Cml5x4J2-x>0Vr&gCwb^JXMB`7CJFdIz&O23Rujk?A74_oS%K%oDKlum5UE269W8S z$av{d{V^n$sjvVDoygvDuM$mPI@p*q0|q~7(M^L( zb@)vS8RB{0MD8th%Ab*Mj7091G6a+jFbjHSb4q(`frS0%c_y3v%QnOufb^xN;WddW z1!1p+dy^<4|Ec@T-8yU&V9i`wSdhD9JWG_JJ7St?_J_c3gfkp60bLei`Vi6@0!V>M z`=k3tRj@}Qj@YZNx++diTUX7%VMk5xxU4%OffgI8X3o>CpEXj?3yR4gKB5tk=iXnb z`3Jq#me|@Y@R(ZbZ6`0{Q-4|Y6v;%t6P(hiUxn|%;rzC9wDu9FKk5soOd_q=kKr+< z%cyrZbVDy@=jso@Ll(Y3=Y`OakPJ?U-_t4b7NCDhQCRU`eBM_>{uPK!EmpnLLdG-w zdjU`L!hWnI#<$KDpR+b%*ZIR7v~TdTcN5*z;Mve6tqq*8 zpPFMm*G~4hWBR1+!nwyJ;HvRlLqDR+w1J5EY-k>k5mWB`Kj{ZuRA*Bj=L#65;E{z>JG>! z)r0}=v0TkF6RuHD1LWtjquf0lm+DQj7w!uy+2GBcsA?Wj9cJqufI}YLIbIv((U~ca z6xsd!xell5Wp<04PSbU{_q8|ABI2)&r2*op=A#Plx4|1r7P`RSLqBS>$4P9uyFX_gaaT^>Tadm z2}@ls-hJy_qOR9zwow!4n4rN6L=vhc^l1%N+}cnAwJceL>l- zmEl#9I5=Vt9!8{QS;J8eDO`dtjtL&|F$e!m$RL3?Sa8cA3yD=7&k{bv<4vX`H9hc@2;<$Tcv z+0oY1&DB zWnDseB|>J>UMliS03|(@>z7;r_XI>GxvHbenwr_LNGhJ!U!A4_d2lx2|2)wW@EKVq zQ2Z_Ajk)_RKmW|d8%PrbRu20a?~m8E?DXshLSj$#COUUP_mi6bnXXH-tC!|Egl!#u zn1$NiA`VD-JQEiFN6u+3V?5u$WxpeNET@E~u`ibI!Gi~TN4|es;5~Jc^grwKGdS~Z zF_xdDZwjhN{P6>i{H*}8j80E)p6=tBe$2#7!!J!m+uyseP4l?sjq7=vfMG2reEz>4 zV3jt&1AOg|-U#_0(Q*n{bZ8^LFStknFcGZIVY*Utxoo1&UP{{V^3lZY!@x@vJqnUn z&BPo=Q<|x&r5k-DAGjCaF*i52@VCQZkawL)z0crqci`L{kP7nBiCOB9|B5iG>sC!UFf=M6 z%}|20f{1{0=aAA}QiFm>hrrMw-Q6`KE!_ckNOM*2GC)88%LRlpVlc`1@#pH7~~%sc;dN({(7^*OBIdg;n_Qln1SeJc+h_DKL_X&5>5 zYDcD}cInW8%+0phVhfyXiIh4DfgLx+(h~Y|bx$a)}j* z`uSh(Ug@Cl(@qJDasOoGXOQw&LGkT4PYC~QpVljzU`Cdp^H#B!tx6W&Kyr4 zaP}eM8WQ!kzo!15A*yT7@bu3oMkJo~Wq%qm!ld=Lc=&Shzlv-QHxu`#)@#1HllI>s zM7}lv1;DC5YAGzuni9Y);YTo4*@eFK3VJn@(bDnce{oMhKMu2$hE#A!Snl^b-0Wu( z$I=Lq+sE}RHymH2l3z8SNe!K%X3bmI>4s-Be-wxSU7Te9i+lm7r7_Wk^c`LH3UTcW zOR=Kp28El%TDMnJ=Vre%R*L~mPCz&6mt)Rcpynsc8CnlOI}>iM5@<%ztUEL7iqO3# zzs7`_H0SM`V^EdzmLW{P^7zNStAl55dAeT7zbvLo79bJ1edBkVw3U1u&^^=_FPa7* z9>&!(HsZ+vtH_5o7f|-=16?wBH@+tKsl$w}pW1I~O1qJ1BDxNjLQW_H835f zgZe4;$iTXiK)4@Q-#Xo$WnX6TEs<#CP|f^cgW1fLJ4T54sN@4Z`Gf!7oSO*1t*w{< zWkcBt<4gj9M`(O>URdAq_O?`d`g6

    *Hn10)rl32BL!$egRbrO90eaL6XGZz@`Te zR4>-gQLZ;Q$Oa|y=5nNXMgiuH#X5*YGN_0Y%DX8Hu)-3VT|hq_qyWkql`fe8Gjea9a_5G|Zq;qI=DEug3w` ztqNYk9kK5+Pr>g>N^G64F1-aYNJH&1b3R}hzRa!%OlR`}8)3BfcUQUZ2niX|)I;o%v}jN!xI z2fHl&UGjo&-S`8oC>X{wy+-VQY5E0RVs}j#hve{v(S1q)SPfig9P|1>7zgNjv52Gr z{L_~5CivQ5V)+&`SpsqiZ~S^->w9nn$qZbM?(|~34Zqy&3`%XMW}komKSMo6tCAHidw(UQ=kYA^t#Er-ZY~H{X_niL;IU*PBp=fm z7#$uC!W{2{9kvlV^zJsua=97=0AQ@?FMV%&plnq?cuWz!3Danl*1z6^N7P<1vzvC- z-@G9_pjh({Jois=mErTz=obNGS6;6TruJBEJvgwd?ftN+19Mt!#Zo1Crs z%;#Mq&lxKQ=(Lc=E>&8n!gV`T8Rgb4;=o$08gxnP7NO|035QUptN)=gN_)mT$)W@n z3ImDh1oCQ}V>{=ORg3&ujC33UtUJ28x|>TK1^@&!5;tXe4)7SSqeNe}2K*_TZj88u zt&+8Fvdp(G|H^0*GzM>EmA9ut>UEQ*!KT?}(CO$n*^RHL_V;tYP!K+4;1?rPvR*e$ z-R5u5Y+W8B2F!^p-oyjU7iEBzXfgF46;hg~tF3AO9D~5Y{ecsb34rhLk)Nv90cnHq z1k{l(0v8JO>Y;~7je$GJs>+eI-3J}M#hKrhjl?AvcL9$zNPyr%+eyjxw6s=(mbQt7$k{x zfA?_E(h{n&d{}>w20&=GIi;%h;byDslG(D*k$uBH$#GeM2+C$MbCCuh6)=Hqe1A0JxaGq!4(KyI5~56+tN_`2aK_)lGh$ z(`RbMQ7m9x$&)JKwo;~am|%5*3l(r9ES&J7&-5oRP%C_A7eQWJN8c?6RcB!XK_0?R=iK{pL)CEKHSW9#0~#G9gf$G|)y> z!K%aG@XPugK!^N2!V0-Da+pV{_h#r+&;bxup8YRWdsgB$d8rCF>YZTbx3~-SWXr&l6L${a&Js*p7mI% z=E{2~fM2t*z3jHbkoC_hVqH^KUFD%R#hNv#&?_W(tU$8yX{I43t&89Kw`>0gneNM; z7!Ij4FJUDPlVXiC=~1NJ>fs(RfhQbiDRq%5h+UOy^#F@<0HFQC*AQ0n!%idJpE_0M zkwrYdtW$MHEWkl|-7;az{1hrA?Qth-mGks1iVT0&>hs{WaGHkeI+>gkv8Hj?03y%s zDlU5ob(*5HvbiV?@S-!G`$>%~Nfy#=pzi=?nEw-Gri$+be1cG)TYX~LJT3cg)xzKn zx{pX=`Dgz`3(@H{yGl~(PR+O!n(uUFuJA3>;)EM+fQ45ozWMYPY1Ie8b+A0whfeAj zLJ!n7uQL{^NxPpvNH0?=40avsHNz*p7=)-qck~X=&Hym_NqT}i(>epBG)IkC! zVzKi(ywo-BF39PEa_4U`$h*=pNT$2~x5uI>3^Z zdD&>YpM`!o3D9a3 z1mA@-%=<6D`5Vs)&eRmS<#bL^C?zLmKEixC$HnpWWh}&pm+&^PG*-_E z=n_X0cGOjP9plsItHi}Rqk9-AxbHoC?e)&c^2^_;Yx^Yq2mw9q!JFGda01*#FR^7W zbf0rq_)fDx2@imx%wCn97(NEC4+Bm(Ci=5g_TV@GCUYqG=OMtlUX)3nzuJkKoo{5I zu{!LV9<3D!JgUe^Xz;-uotenSBvSI%j3jJ%R^lYNbRGhH3?>xrLJ@%GjC| z(|T7N3yfVSd~2*gDjOd`rwal3N+~~S3!Rxe|mj=0k{(}9pKTyKK5yPmU zKOHyMpES8z2jtm>DZO6T%4Fttq$q88k`ydn04obS{Iaxo3soH_YgxB=8kT-L53s%( zdFHu0r{$6D=2Oj|tQHluM7jmvx`rw)@GiogOf=(T%@*$(QRWNsued9-eUL630N!RSpB0tBb}CQ zqf{9CKRG-URiJJ4caYU`bdM$_yP$U1p8c+nla=SSydEhjDcM7LW5EGfHLelBU%fxN zx(NOokk;M$=e{KeB%(32>@Jp*(P+}SIbFcgR9*5BjfhA5<;*2xePd&<7i{z3Qf9I^X~s2_l}W+cLADGRd(SW3zQ9^ivj`W$^ZVH|Uo*MLvQ+4#Uf2U(H`)s(D^_+1% zr4TaM`VVreUVptkL#=%PzT?BIRt@?=Ac^X1TxmLQYINRB@3O|oUk^Rj{~LPGmf=EG zF-A)nv#ilOqiHKg-%4QP-}4+WBneLSsuc zfrKaEx&my$4Sw?UC5(4dtH~awN_K$1P%z%BYWV_c&>L3-dyqlO8u!xu2H-@Su$1}qkB8@%?Wl=y>BhW8t>=cGz(e0;Ij)G5I5Egf){0mHO~KQ}+G#?Ap& z^rEy^qJ&>uIALIopQ4of+AQsTfP4pNIf04IL)_h@175a1I2_{Ty77Wg>zs#zgVclt2O7BDr9u73yxS}3!D?hrBEa-T)78HoCSq4dk6O&IuwMfquC zK)-;X;y0P`u@7qpho>2hi*Dnw-v0+FWF!H}YJ^iOQ$>(nabN)17z4Ju85|Pw6De>F zyCS5T?70MNpt6CG)D6$uAouX;`&b_sP9?oH=_x2Fcty10&Jl)Gn%lk#n+%BdyZtjd zn!pB!1asecO6LYJ>sJX9n6i$wrf91VyF)0ax(3W$poUC zqPcmVj5OrKU|579=PTmM@5_7N=cEsGlf*hbA3v6Ekhpono3HRz;rBY_dHy^V*ch`OjFhwtW&-F5(&A9lJ z_q~hIa;=Co<=$Cpx~|z-5W?Zcv-_7ti}z1>l+BJfE7USW*fmuE0QrpsR-xCxr2u)? z*PZ9hhuH>;8BZx4LyVTA!f`|bY5%9US*C#veed*}&j6D3phtq^?sVC8HOd(fJX6l{ z|BQkFI7Fw2?$81dbrGI5s6~@Lw=g^cGPW9BAmQHylDhxOx(n&q>N>&y{sYLFfE^2) z%wC9P1)V;SXaD;kK(~=W{&=)ei!WZU1UMe?@W$`I*FQ9n;xl^fc@1pp8W3FP2SD+s z!>pzCq%=Q!w$122&NfJRof-HvWngmshyT6bzdwK9y{;rVNC^M$hKrHq1Jxe6chyJH zm5l@f4R0P@#r?v8K+$i@e{wx-+Gf!ca8xlO(0Gvb#N{x`i38;5IPrp}YU&OWSCirc{>s}spp~;Ouni#h(8$lONRij?jgLIY?Tz6Q+UTd*p5c

    zM5f>D-cXRA;S(Kr0l!-59&5P=JgXyWg(^E``x2FYjBK$l&>Ro3v~;L<6i5WzLkr2- zIS!%1sNtnc5qpipqO6XI{5_lCRdr5y@VBF;(vIC3TKNDq>+ynA)lzs|d&5V#v~jH+ zLKdHRE_!N9O=Ke<-JlNnYdXGZZ^&k8ET2Q~f+!JJ5$TgZ+WmU{PLDV$t1IegzIxsT2 zGimRhKQDh;aCkgw1mJ+>u5rMr&vP`T9+W-u)G<04RQE|cHs1T*A*=ff0M@dEjkm)JhbX1h#fcm(VpJ)g>5>+>sxZ~ z2+*O{%vVLHi)K+*qDlbbND_cp{r|^vI;qJ^ks?0jrT;T&;ynIIpP6uqF-FT zBz%R5RMR6{)yo>7?sTafH}kd7is=1GFixTV^A39}@zG%U{ijqkxgDJ& z08osf=3VK?%I;>7QMDIMHC_L~dj|&(_)l%PkC%5aB3|;E&oQ^~q2+LZPu)t}6KPGy(!R~R83)iX@wb(bKDlht~DMA8{kJbTj z|L(TYpSr5>aBcVj3zD2236Nf@K3_6y&6M77_Ykyj7yOvI<}f^b|EU9iI6T2e@^EJu zOy>@a9+rtW8YS_|Q=Zy8QD_Wu6$W(&V8%hP4|J&d;B}|*Yr}W zi__>K%xT;>%xmv&NUp$<-N-METivrUxu-hsQmm}mHr*{9c*r(j@e&^R=I(-#NvFEf zMW-eX%Yn313X9r1Rg!KmT{Xczho=BUb+wm}`Ql6_R4#I=JLF{QC)ldotHg^)Uiv6( zWeR`+)g2STIAT0H!oIP7me&uCoi%-sL+80v5zKBNxkE~tG{}ydvQkpzv%@%al}dG^ zD(Z^^oAZrs&yPklXY+rCodEbp`IoShei&3Y?{B>N#4J5-YX4rn-o$9|lqbuCL55Q$fn9A-c7xdXjX)agx2ZoIq)mt0t!apWF?^^$0Nm|%*GaM%g z1NTFQdqKd~|HO_{{84i$>~<0;IhRk{-B7=V+?~>tAWmW%q#GklKq_}7@`YK`hnS2= z=E~dqpy`rAaV&VsfSr$t2{-ubX#HgH*OKIDga}npS1eQFrP+3Z0j{#zDSiG(4ZswM zfWq_>pcnzHsX5mT0^^0_fK3klMq?Oq1hY30f7*P2u`f_+=1UQD@r7&Ee|NpAlsIKb z_n!QtQC>0gM>sEZ0H_^T0yRsMtl`zGofQ19dXnQ^gP%uPnP0wr_H9V$ra0+iRW_!3 zUcB#~=KCHKy=ay&SI*M7`S|f2;46Q`lOX-&^Y4*=dw17_u2gnYuzzQxA_*J2(SQNZ zTA$rOUo-aar@wuTXKwu&KWp6`zFec^fGXQ_eh_ z-u#X2oK)zny12~!Ekvn=+UwB5P=`4Ho&zS!T8*D3BBK)14nUbBy~IDV7Q(-SCU9hf z->4BM)xRt3&Sr;N31eb?My;LBzbE?H5Ty-ym6J{8cJ@dV>&T@**34{&%Ts!z4`yzk zW7cja+^*9#8X(Zw0ztp~i_ru;9!kaHF@EZF=rewGn2q9}#TEqp-zzCPmGv)@SQ6C; zc!?8)u-gMK8xIywAM)J*dEycUUAEpgqR=XWm^ulI!TGav;F2YJ$|!i8);?jn!;#qm zbnah?aQ#1xN?(S)>!@Yy^4zBj(fxmdVdbZbiE|;3x0WtB} z_(#W3fBK?S`fiJuM#XS{jxx>nZKMT`N!CSO-NSTRvT_28GE!_$_>(`9JN1xL?ipg%42MPNtC*}8%tdlH+%ktZFBi;->vOMQ&F66uOeV@=vn^vx=a zWrKa{gVT3@>gBpj?~mt>6h=vX>fVnmcSU3dk#vnJ%bvstmq6<;I|~_brCnFurX(9! zBsP8J`ZbAQBpalFcp}*_0x$fQ{lVA!bT^fxSr>XjR{=EW| zfNbLE%yG7khMKZr%pIiZj=%5{=a4&cTwh{;EYFI!)L4N=z zZISI?jk8U7R9zn#*~7B$wGD3DwJ`+b+E`lX8^1IU>EkHK$0_ckXX{_j|px zW_qf9F*b%ag|3n16YKOihBlZJ9EHgCuxGIyw#J^5CUG_V^cC(=glGlz?=EMDTm98& zxqjGVeVB!|GmFm9&Er{#aBkUpX!#k`c~Fmd#P3Y(1HZl-qYZqzwq5kg{s-r?l(W&@ zMwFb}Jb)HL!KE0&Sj{dy_QYQL{ArQ8w=Hd|zCIyY4L8;6d z4LcP_yGGkcAG{zvRwCUXQM5_jYB1o&q*EC%Kx$pgP&EPX5`Y{(A8_ZYvO~6f_-_#+ zd+j})TOdQ0RA&FO)@kvpBqMP9)gztLrB~R<;tEc5;1zEfgzFv@an&`)V5$wEF1KHu zee3_`I~a9pO41g;Rg)NddC!WP0BRU_V`9rf@A-GXq3?09io8AZwaV|&c7jeHLD*n6 zxS^g&wo-H@bSDf$nnuY@=FWD9vbWmgx#AA9MmHnA1)XVM6<$cw`JF=QI|yb1#DZ|l z$!o(!e&aaGy1Yv#b5Lan{ysLRaX*#B9bTZhkX8fbQ3_ z{F~%gpQzJpw5zOUQyW}S@;Y|a?0U}K0>_7};E^j-6TS_%iId=FOeVwCG94;X#GWRJ zD#^Bjfv|b!mLPTx*~^|MFLt8Kj9ny#zOb2hSnnShsIpMm%%hi&_Rw(6| z-h+tNp<>0%s7|+w8^6K4yyxxbY5Wh~Jk=)O8qUPmb8dkhGJqz5&<1uVzPu{wP&&V| z^a#D|$lzrw(RN=|+ng!1%_%HtYGHf1c|3K1m$#-E&97I1$ENe~&>yVzySAwpl=w1> zKp~mK6qnSpI|(Y`M$~-uufj6lDU9O?Zh0j<8{?;7-+7C(9x`vTFPcXz$7sE#;BD&i zT}}T@xT!-}Wkvd8GFPBp6xcAN=^LAA0&|%_9Mnl0yG5NEmtkG4C$I#qE~x?6o;VKd z`pUek%f4pCE!w~@ybi80T)iSS`bex;Jo*@O-4;Y1ZU@QQXRKh?t_!q$|TZUdG51- zAxpB8jJP=3JMODgxPSEc-hntirL(2<^%0UQ=%*fpZCdP8+{vY6#p z5Fo;c@LG)AX;@aM{WvYh50RxJq3I@_)<9Y3EWwBW|zX?5>hulw)FZKy^? z?T@cW*bckM|NZl&%dP5PLM4D}hK&W5ZttU6vdaTh*{JJrgpcS)M%pV+RvbnU?bfyL z1JcX0HTnfaEY}+-dpZkDC>9V?jt-9UnDE~q}GJY1VPpz#g)le%< z#B{Ga8*RCWR`iHJ%Y`_F(rDis7*6BDO(+{k1jq942Hdi+5`lix)u`;8l zo;?-P-kA?^w+FwDMW4!~Mz=kiS5Qu>!;CX+n`4Cak?TIiV(S7^My#4;J%7MC%w$1)_JGN&y zIvwe2Wm}LP+)B!Nu81AFt?==8fUfzx3*Rrq#R-SU>Nv;(0ilcW<~g6$v7uirSx@zu zQGVYhiuu~$I!+uwcru*E?kmSI>63Oz97g$Cd<0UfARD|tbOE{aa1%U?M}7>|39Sbn zrYMc`pVEqoAENQgJ~tn~cpo@Kot|yJDT*`ii-Qd9FSfn(K|=P@c?JZvMjqKVZq`;E z7jhpIV=4!mA}_!67gv-wcdQ{}XN?;6=c;vVo02@vw&VgX*O=;`khHRcx%dq)WlHl} zTFa5@N8vhqtbKZQtt3d@E_MM2*&)Sy4NJsvLnr*YHUer9yCNHvkJJ9dX^@#U_g_iP zUHxvh=!ud3{CsOP7c7@5taTZ&NyQaX7%p(Bcs=#lG*q3gP)SWYnFM+@<}bOf3OZX! zxgVCz`%Atu^X7U`G`rZN*26+96na#pw>(C4SD0+AN?$_MRONi-dVG`hlwMHXTj;N~C#rD%DQ{D;`J2njX!IRM`=_M)mIn3} zj>kRim}=rafsdm;Ok!uyR@yrw{8UZgUYEa@KuFD40D-g}#1{0!W4v#H`WHbyL>^fD zBFpM$6`88Y3-XU-H@%*_M@$p(bDTd;Iv-xJFm)n7aiR8woR|7Qzjb#B(Ok)BwzJtl zy0|F7!wSm_;1h~#mAN(<_&BW_RbPW1a9e%1Sz;U^nh?8N$(!Q1U>lz#HkA-!{MPSxf1O#pHKN2q%z#l;7XRFZ$@T))(t6;ayam z4#xaYAQi}G^sYJ%cAkzXpwwSh>F*o6upM|hJWR& z4w19FqIe*3)yfmw<3G88x32#|L)U|S{wNpUytsOzI;uk!7Vho8s`0COQaj-C%L%*l zy3N_}L076JLr5H_`~uHgmN}LhZ|tepoKH3@7@==#5q~M>Vfdg|TrP@DMs3qbso@zz zh!mNbV-ow@ZgJ4ax#lM#GTMq+7r=oPIUIruSi!H$2yADClx?@~ffD$?)2R%A^_Iw$CM;ZC9*Xd?YJE$^MBaOL`k0Pn! z)CKyO?0)pRVe1`A#Nqy%GugP-%Mv5D8!zKrj~?S{>TzcC7e=Mt7Nn_d zpO1tCS>K3VuFz}eAS)cJ2@cItaYBm{=`w=nL*APjSk&_*=LpeLVnOpOhIK9RIvAxb zYlv~zUFJ)>P#t`Z`>mh|BC#z4(cKh_GZD963SzkLr?Y3zSoP|zbK}<4P`Kg>fwHDt zlrULh8D;GK8WRT@vT|OO*Q>?QYJa|^DS-o6`rCHv3 zoXfvIofeyJmOf=P(n%){EVgZ}P}>5Q5AW!}qimEJ+svIL>}kjQIEOl~$muWN+%xN1 zL1|Fl2I>I4ak9yY=dpxrnYSU<>e4^1wL^07Z+*$){92ZeVl>Uc+I(C6C>7LtjIU(OyC|U_T6qn zK2bP`gU+KkhH(0eO3gfzX$b{SPH*ilN5jH{L}Ak>dOn$d?`Ecp0;fF48+L+2%!^-7 z{&YO2QH~1=%M%;e0BToSKTeFzXIb^oYZomE)h* zO-&g}m+&koF6Q#xn0G^Fn5AM%SA$z$oc-_%_)|NOo_mS43(^y5082Vqt!bAqdCAU~ z9)G_)DV18`Q;H`kj|`uEg{s-s=RWfnKk2sXc+kARpOzL>DVFUMLbVy=33RLLa1PD%I`GUT8*BNg}*s()ok#+qwdGS(QVXNsT`?5 z9wo^JEfYw0k-;sw>N%Er)pXx#M#uPb4Ggj#-H-M8EerYSkjB8~RX<60*KZv{T4A#RabROooQ zLnt_7E2G%XtB!&_>O{h2OU=ud%@{Y2Anj(YJp%Tz5;LM#oQlUu<@;9NkqD>zR6vyy zb>e4xJi~r_i;zEgtO_e}xp{0_At;++a`Bb(gMAJhjhB3vrj#;O=gTL+X@j%&x6cxZ zOjn^Zv}Hke7o;XYOxA))3~RgBny-)+U_yH%;B?q^1PT-t612@ScbyMtwukI|!~$I} zIx3zF)Z4NPx^GyX*h1MpreK_hf>?*q{H1b;bJT++`~%6_Qn|)m2>SN$8gg4QSHIk& zc`=YjozJm**nyFnqn1nB->!Di^`)&8EpfisTAjou2r;9!wZQjE|3{Ti@5E6c>#76R z7fB2K>gBY%pGlOF;)dfA!A!L&{~)fy$F0R3Z{LQd!bJ9g!@+AF=XAs}dTiv2I_*%Q zJLiCf*CRMC#PM7b*A_0!+2}triBd7Y{C>s7>$z|RQLU=|F{F*9UH2Lec(ZP5`0k{g zCU;~Ar*3_{i0=2rrh_1+0vW5ZI;n!LJMZbGyg$$p(!C;>tVOz4ekY<4RPLYiB6&q> zi#;0GFt+HTaZR7p_na=OSJdyP>$C6WH2?ke+hO({^OZl3RW&piZ5Cpa>R56<@9Ls+ zE+c%7RnQ}?i^8B9E2MlXBgq5UgQV|Yb{~~+{u^Y$gRO)PGgzp`vel3lZW32)0d?27?Tavj3KXT5^-m?h+O*@`K$ zE-bD|FNcJcC$4(z`kMi{!$c-_7tzHg2}EE;LChbLj!6cPK7+>O+c;fUTASMWQzHaw z%`;!8cK1*?UO|*be%8xOs63N6epcTTMVe3YAiFi^@3Mlh3_sF7u1SC2qjlR-`Z3=t z2OWgxu7~1Zi7U^8`ijDSG7TJV5o>Y0p>)VbMJ>kXjC*k4UkoIA99nWCk}o0cQT}Wf ze(ZYhqDUD`SE<@sLxM;Q{FNO(r!Gw|#c;^fLptu<=z1q0UupNMJ=TFuIz$fCG=yK@ z98wmfKz7)AD26JWcxF1VjMT}^D zV78hQb7I_DzYl$7&NP-WX2uM4s4PKmKNVbAD(z`qJ(G_*#Ej)iy+)ly)AHJ^2`37( zBZM2G8eA+TSkLUFn(GIQ7^!Zrh(w$rLfeu%#VGKtpO)Rc=^o0;t?m%1y#M1}6q#<9 z^Fe^-me8*rO(FxXyXcE0*SKRmXkTfl#=>;?3n~9-y1l}a+kE%sftp5a9t{*8+GIzE zK8kZb8hU)Z{(XUJ4)JJ&DxPc_uF@83XZ2z(%2v}I}^*`c-S3NRx!qZUP^%>H4KFsfe=`py^ zP%uhUq$ce5db>rlayWE+-h|~oDtXy4o?FKrPoUw1A$ETNI3)d$lZM zzm3_8gd9ojs!k9>eK-NPr+?z1XN|pc2YgS{?Th`vzL3 zt<}SmFD#r8%VwsV@$xt~BdbO=T zR;@y+=e&L=@pV@yX%$*9Wuve4m(JHU;{pV`f@l=`b=` zL%WThAw{O~RH2D_ za$0h2jz8&PjkRavq%>aqtHt$E@U~{E~X5V)VMW5^H~c&4j_V z>|tpxLG&uE!l(qw0+u$e-fJJ-%iKO*oqwJu_(Bw z^{1%-S#(zaz3kNqUofA$RzV+xD& zyp|R}Vyav|bAma(S{+&Lv0-Mls6->xFf4qmocHMwGPoD_XdYC5Jkcs3^nP6)dy0X& zdF;2YZixA8fEVkUJ(RJoCkRI+*LGVGi-}}+=QTN!K5c}DOKDE`s56i0aUJCr!ue9p ziNs! zJZGrVl_cpK!-p(*Ku#1gGBsSe8mkZEU77W;Dy@a2z9_f4j=)|Et|q-DLqBU~^GmhV zgm$Xg0KjGVUvC@B={5N{+i_lROG4cK6=uYpzeG|4i4Y~kjW!&Rh4&#r$k{TxW5wNuvYM*UwCH|~fo@K@O1 z;bT3OWJIUPupiY4>*({Vue=HyGy7Z#|6-VM2!Eg>txM!H0$qEvSKIYyBnm`!U(T$@ zKqTr|w>yJsL`xF3zR)p?&)WSWky!-aAd3)~mhF=bMl57N$dnAebB`cU(V9?Vo~?oilCH4=$MvMw4>I0BNq|9s&k*=U$?I8rh z{#v%)eNgqxrEHjMD>~u0(mOW$$WA|rNXRDA`j>$O9u@bb-hTeif*Mr8O02P7Lp3Zc z!8N(_?kAy|GBjq^#~aI^xq*sU|C7^) z7jVqQJ^7)~?H8(c;}e~aXj}eGbc0R8X7^OcB zcyn7(*5U*ucp5qSBx4N30QK9czDq*i7)Qm#T(P@KR> zJheBhl7?K`n#)e4t-}#u&LkkiL0C9_ErF12n%hQR8bZbiM~7MFemtal z$EaJzqUVJbiC9Rjv6vrOwnPoMXePXa?a6k(ajfg(UXhPCTe57Y$ zeZ?1ZHcsLX_mvPV%sZrR`hqoJ(0b3)?S8@?{_}bOddp#dNvlS_&+%2*l%t4(<+2S} zb<|AXt-REeOXXOt^jhNIbYmKO^4ivs9k&RVc0MMB3bXc@)o&_{XfvEXI<;7OK z7i*EtbnHT9B=fEv_cH%?Gy;Q?SFB)bx-hNis)*D6Ss0DZl>~RKfbG5Ny^(N1d-JaJ z2EEtg1NqqkJZmF6n@$!3RRYIpArP|DfG*-3B0ZQ5GMn9psVIlCY}Cq}Oq1xUY5%pM zo3Mk(q97L%&Qpn+<>2~EHr zx$gxJLXs-PEA+ul*WFh^y#YKBWS$ZQ(vuVQ4iU3ZJoH!Z>-H8K-qARY}iWc zxb^H{T5@VDG^GXF@(qF6iP-$3g3mn~+u*xA1owt{u|A%2{``nTNEU(ma*@v(C{`AD z@Jnq@g=&Y_7%Xg+RfZ6%M%ee%a3PM&1uIo@$M5?LXr&Q&cINj!m<+4u(3?@j-`%#} zZL8XJ>1%bPNr9e%oOhXf@A(bEBJPXw3{0sE3{Q6WGoFx^2s!C>FjhLPapj^E3@^VQ z9aBX~C}?We?e5QOX$d24K^duhj{PyH?%oKs8hq?d=gpArCAS|H`<^QukYUSS5U7-O zvrVbtyxF5$+>OC|zrMWp^*0)u9q!e$_uz4S)}FEtdS+~ zgsyUNCh2gR*N)iqCgROMQ|6$Jfv-KR7%2qu}z8eCp0A&u0zY@&m4oQQ+^Cyk!oj%Y!jM zQGMBXdw10;E$>DeRh9M7oB_}f|7$a^=p(!mZh_-5*h}wmt+XM}((U-akz`rn1hw>S<6Kkr z^|+oxfyGE<@k=T}1>t?tdADBkNd*akBMJ5&wIB%fDV0 zj?+#ii7Euf(EIFg%Z-zRux7r3g1kLSE1ewlShWs+B472Uv5c&;70NUDNV4?Jx+Ks$ zGh9b}eDsmQ@YBQV)#E5X{Yoe23T%_c2IBP|U7ZTc*NZ!?Vfq}R=VWEE>#Xy1InuVl z;3i>+hUQzVS)vfV2F|-=1X>aLCP^HO28N%s*g~s~$wGjG?LWfe@XI$Hqd0=UZ5t41 zHZc9@U|rpS^zX`GY~)U8D{HQ`IMavZ9ARk z-{15co^IH547O`9c|OJ4*!&J;793&S6J2# z%PC9M){Ndp507X`otB?YEDj0p?MAh5;8Mcr!@BwPQlZYmXBIJ9y)Ij%g}pqw_AU?k zbfG@0lw;M6qG{GMF_eNwoXwP`yizgHaPxNTQy96<^d9mT%5GBB?C2w7ERVU8G&QcEM)&3#`}$nDvbdAx`J@YY z10(JDitbXEJ4*~n;Ju`1!??ai0e%M`HmCJW~wl=+v0htBnH-&PaI)uajEpdNd{9sWre_C3W0fbCl2MQ1hsUNJBrNNd+># z)jiBF_l#0aslE;b0j;A-2lNNFUUi3D+K`OJykV<8crsMIuUZO2tufmG?moI>c@}s` zY@r<0ZH=}ADn^V1o1R&2o8Y&B)M{kmj^TP={=GHJDkg!nL8)-dGkP-BnF=RGkn5a$ zk)4ck^jKsyyf?Em`h1>tz8z`WJ0v2Ok~CFixI_~s2oNgLBu(6bdp>Kmp2Ok?!z(ov zlSN#3XA?w6%(g@Jpohm(J_Y4qlyLfRAMQ8veSj+pqBi9{Vf|HS%LCc&ADfR>WACUul8h zX$n7Bd_WtnAYDhlvjyr)5iUjC{7asbR>YBt$4?g`R39)3&x^s9{e}*qcKNpN781la z1w%5C*VKG>N5D*jw`iH!KUjQ!Lh7&u7i1Ri-A;dhx&5qT6S5?2gb$k?hP|i|gmpWM z=%Y^u;3-}?A+98D#mO>3T4P=G`E}wTVbZpfX}mx1p2yy%-VW4we#jgjB+9?V#%sRX zpFq8rO|RUMZp7JzmJfozNX*CcYZhc+<3$KL&Fw(c|McJ(ym|EDhT;vjpBD?*+t>qm zgli)8lFt>~4Po!nr%UMWK#rMcX&&+5GLXqCUo#q8BVFXGuVZwNfX)=w9g+Lxrd{H_ zQ$3Ed>7&B3WOiYUgrA0_fSwgcxWIPOyVw+u&?wi+=lL2b1(1OAtOUZtPwBIp8aX19 zV|@⪼W|V$d%&cUrk3~AD<|L&_-NO)e&5@_A&XYI--Zd3e8c(T%#k>AG;=4U|W=y-(P|&?aZ2DR) z7@wn%(hKDtr;1(MzUM$o4OMDW(RNrmHX>v6rynI#K>n$7)B5ok zaz^`T<$GG0T|wki->%izdp6(`xE%QdIr6&HFCFNRN8s7eZYJ^%EwB`ofyF%7Y?j7x zt-88&TWd^jF;G21ZEPQv4Id3Dg}=~JF{OG6x^8!mI8!d|PSNhqwa*bCwvV>=cJl9M zSneBsCcAc(x&JO!YqdY{8t$Y>CbM00;;tgTBkYmZLgA&g<*y|hWU|4?s)wru+46<8 zSUq4B_b3E<0?4E$d; zTV8C_%YNqQl-f^lW(E$%b|#SK){OTLC>q`0=gRclRtl&EDHkwjb|E9!Z?SRKbJhGX z_{dqaOT)U4W%vFJNrl@k)cWW-hBb;o-SEE1< zw=RK3?r@{8>6-Lq)2h`MnlN<5u7}h9e7$R;FF=Cy&2lLGjP!Zz$jc|J)h~fVn)cFW z=_1|B6CM@tqDKFJydw?Mo>B|d6C>4GO#GsP#DsW8&t21vC|Qo}Iy?IP+BjC=qF+5r z*dVV^L;_FfU%+54KjA3J%V?J4UB|UPo(S;dqmdw6|ywtMNBC zsaj%3Ugq+ybR_Zj==dk_Y&O&Cu08UFp=FCE&?ysywRr1rliY5duj8L_W!Fte)z3#A zn~f#qXAg*@&62;~vZRVPzw)GZP>=(8 zaraD{gHvA9ElUM#6@-rqIirH92wr4)nTivDjc)`(#c#k+E)ri_=aPo4+)5ITc(2|J+M|MW{Na1@R5#%Vayhiw z1_4{>tLuZm$G(H}3PmS?r`g+%GQgjVN_>plhAtXq!M}p&T#dRCputjYfrdm$vwATD z@GpMTuTMyg&fd~SG5bt3(Gt%>{UL|^*X>H{X4CIg9KPqaZDCaDr=;whhi!iBwk27r z^vfa^Xl&Gb=_AQMevN-N&p3}eP&(B9MF_}H?nf>8Js&4~4&3qmNN&{9UWz|VH2M}> zs;tkU_R$jS9@Z8JlDY`RwSVjKb`L7LkpIT`fo=;(gIg4SB?{%kRY7+k%IM3>AF)ojGXyl~xqa4!>5 z|2_FIzO?b((-g*iScr!FvV85aKCJGz?P_17s)8nvLA2GuUF+E zAR^_X?oC7c>G@<)BE!-To*A$9o|#{4y^~&3;EMqD?3tirq9<__KwE8>jGV|GBhbk7 z0_2ZY*Vw^4ZGKjORn#67=Z;_Q4FISGs@@HCTdYSi$oZj6E{aV^qnNG_m+1e6`YOgJ z5t0bcQY%a2q0y@Ph^5hPRgLBes(w&Qd!^;`FO{}Nx+GCmTT}go(GXYfDHdc8z4KTk z5w>dKU#t0SS6UGMiVOEK@*28hEAl~yMYQrxZs=d_Yj+6eYoCy6)mGGoQcHAI^eb#{ zsTstOaLul|;}5?C`8YM{a6d(}yCpbBrMA47WBf57Dh)rF{~5yV;HbXQAJ9JjP90fc zPI(r<=u2n4)Ygt01#O7ql^9A@{~Jt*QU0CE#!GHXGnSJ*2LPB;PpE zIxynw;)xGE_Z(_r`j*B5CAs2|zF{=SjWHE~mL&Xl(IJ}QA0l$YTr$hxhc1=+Dx580 zUHXJ83YpEf7b)+{&V!NY25Q}`0Y0l!&98KP($gi2!?aM+9h9Fm_z<$cW+*dHwS;Eq8hOyl zP?FVF@RFv$C+iYobG?uXL6&F=blWtFx5z)+n20RXVzpq{H<^C9{crUSMy72$pi`OK`7kx74KR>Y^WyP znBK3y+Y&X$4_cvY*$@%yNknuR4$$&K-_%5Bx7@(Rbw_HS*Tk+F>b z15q;5%#P28u>1XWjGyxFG4YzvOo9@G1#h1y50;_(@&bhSRJsofOdU%|PQGd!e+_uy zYMMmcHz(B)E?Y`)8k&fBk~u zgiN+W)Ru{C#Z}4qD*K#!qaQVMq0?|H135fF7TQOq-cZ-he(`|j6+!`K3pmTVp8tYI zGV5`;9i{I9g+GJh+(q(u_i(I8*}>~jC}HTT$nzfcD_!%5V)0LJ#Av(?jL$)ZhNGeE z{GsZ#U`W|JpG!$DbBr&vLZpR0)Mknwu`yZhj<^ea#R^@ z>0vJ|OH6<^mq_*Vbs-{;C!q=E_6aPjH@f(x;+IPvxPWHpxNVVfr!VzAAl53qj$z;^ zXG;Yy+B=C2C3s6PyO}_umnzJJ_Jo5OSR|~9N0T{<}_PSF`+KP|ACSv zs^Rs77sS1#`Q=cs-=NJIYLuAAa?g8s=`hMb-@eGBIRYBh4d`qO%Jx%@@Fn{lN zBc> zWoE>36Zj)wG_o@yq)b;c_1Xr87kQPs0X-PM)%47?FB06l3HN8mp_b?#5<|PO1l4q2 zm2UJ_Se7e(V=_cUYX3pqT%Y|)s-path6ol(9T@^s9Qgf^sXYgAez3YHrFv4Oh08ZT zR>+j-JVJVC@!L91`$Rm!sWi6hLWwQ@apY4sTPK?fMnekSXYEj&nMj(II(;6R&5Nkq zz`*Cs-3=4{x%`DrHZ=>gd&$G$(LC=Y>s`kph-ybh@=Ix9Vq7~#5c5G5m$RKW3j&&D z)o79q@Tj)Lw7&}YakuU!kp{-!v@)^Z%<(Wb72P+8FJU#tI;`rAdw5T3=|Z`)A#K}Y z=8wO?r1ZE;vr__oa2R91hwbzF>xR+LW4gy*=x@LBp>wU8sXliqos#f?x3=hVup~de zi!h4XDNM!8Fw}p>%3QEDfrRd!5eHexgl-G$r#q}_-v}N+j%lA#D*?(Ky}8e6Ic@PG zO}^zYLW3heY4HsE0VeRgn#1R}%i}r7*yZZgbaO7)GY%Q|m_2}U`J`KpbiFfKTKimI z9(jLm*P=yobJ~aG!CJPRU9s||Q~KDd%8c0E!ufqruU*n!OUJJK^*km#3mD7yo(HX6 z?f{jt#~#^W!JE#jL(NqudTfW5e`C4P+d_U!jq}fq6(Tnl4MYHP1Zhu)w@xKwv(a_q zYkPBQ-TkvF933qUY0_rBMe^eB5tqf1)GYQdx5+klOKifqcsOl5adT zI*o#Y9vzs#4=?A21K_^;xDDn~5wl-hPAqZ5R7q8l6(vKU;^Z^jpt^s z$k*!#5c((5`J?n(5`%9kK}=apP!E7OQ#$?XxVre^jPd`JaF|(UKMeo>g!z|*UufrO zWHD+g2+&XtHyL%c&{o~4kUWbz1&{TSuZtb6h%lS*n;%Hgc$_r9~3`bESU=I3CU{mrA@{!hA~JjlnFu4E)jJ34Io z2o80C_x^}z3hxru;wlXa#M54luR4EWB{_)JLFPg&m}~z*+`M~-2221EQB;CGfl+|6 znXpLX5$8WeB<2?^=-wc!VUXj}1@?oWqR3$S=uSGl#NZ(VS#%L2r(d|B?v(ewu%T~} zNBNSvpM86g?Z6T@uRMBnvY^@+yECKYp9N6dznUIQyH#MBr>pvUqVE3a+G4*Y*Z&vm z4{|Udl==I)=p~u8Fq-8*O?Xe(+sLAlqcg1HRuu~@UdQgFloLvGYPfI#vWibVS<1AJ z#%Q;4Wv+UsFD>+$#nP1>5d*Vx?UxRR?u*xbwA!E1)Hf(>^AiyCxY0M>d|mplLr<4$ z_J8=Vnl~WLO78M04C;=-7nPWsKf`Id-Osiw#IzdxZd)=gs?-Tp=Mh>+r!To(JkxJr z+;9igt8rd;ok<^Wf2;j?5hkHaOenu;jl(8mnh6EpDiv;U>$RlOZZUPo62FcILjWD^ z?xpE0p_Y69-jjZf2($CECK-JZ>7e4Y#@+aH4Q(N4-l>~ReV?w(g!s-ywMB3?O5u-K zi7;1-lxQhQ=Tz?c&%{qu^M9MeSagu1P_d3vlVtt*9{Pg(&WHZ(4Y*PrzKSjPv!d2) z`oYXnSAr#Peguc?Ck`w)?4~-s+*>Yr{Iq{RAm~x8p7cY;I5yzDRw9SNwi2u?s0LFb zBS8=Aj^x|j>DvSswF-cDHvR_~6uGteZGO(!g4C_V5vO|G3ZQc;?`sARPrsF*<@_Nw z={6j&!%3PB?QZpTdfqe5g+eGta`JYU{o1C#asP`*!_kuyy7f+WsL0(F`CW*4YoGqN zsAge}`oLBx6PrFL!+4|iB|#dii}wUWwWSM^gSF^f#!zmi!RL`3{BwZ-v(Nk3p>1~L zjZ!nTrMYnbEaXr76SkU%BGPbV!3)mN2F@xi4xyvieF^g-WMgAU>Bm9cx&Bpd&nzK7 zvnF0hKLM8hs;vV#aJBf)9UMwqmswnm$Z#U8ojsn8IegkC9=zs#r7G2h*Ro81iFN9)nsnd|@8MT1?5ZK0C@x$*rF$hXI`TUpR-91%XbQ(Zm0A7* z?j=*>no$}L1begM!H-Dm^@1D#ziJO)W3{Jlx^^Qr|EvxV^Eo91h7dCRpEZdd#SA;cW#uzlsifG}iI?-EUt zkm}7f1<0?Ki z%BK|~rr|3hFkRWOX7Q#6bS|H||BD6~P6Sy$8>p`N6tc`6bJ>r06olkH0PCZkghn2X z@~M4~Td-^y(X#C@_y$Z(HJq`K?#h#x3D0IK-KY^$*$_)c{X*44oSrK)jkbrOQ~rB! z$($s8&CYp+m!@63aA|td#Bct-Hi4Y!`xgpYW)yB)m;Mpe(;xT-Jvg7lK0G09=cWr= zTA!%JbaqNx^W5q_i!GKmrWRViX)Q#Q$oa`UE^1BtrgIjhI(})b`dq-|ao6IAwA@eB z&+T*;m>qbMUkc(O=Hl6y4R3&5N|>H=Y2EJD<^zseEigmsX5W{-9cUup*zk|fLZax< z9C1M3JJ+KiZ@2xZL-+x|8Qsst5a1BK*go$pQ#CI4r8=_o+41*=vcu-18qF}HIZ1PE zgqBEk;KG@R`HEvJU$Dg2|FrjyZ$sxVP>80DdFlDCIpX!*r+2Rtt%6?N1;~U~6S;*_ z>yFw&R}hipNmpQ7syN7PO%g$%L2;{#Lv44W0u3We8FU4)#aEFL8Dr9wfr3oQU!nVV zI*OuQhxw5a@#+jh#t=Bc7ZS%ziWc5mM($~5-PiE!7)lm^us~WwTccBKxCL-q!saMAoM*n zw`Ux(bV&X|=yT`(WIF5qbr3Yevfh4))YmS4F-g`nN#wvC%|0{#R3yZ7rbdf2r5975 z>I>m3_ba?BYF>JKS1!Ij75i|^tBScA<^ukxrO5EF`dcd_uH|>F6FG|wd|~t^;bnk)!AD7 zmoJPiOcl;Af*M_G)%4ZkFB4*Dh2eIqM-LR;+H;UEN=i9U-^#bOK##v2?+sp3zDBFL z$YMSr+EU^l(;>=b2LB~@3-!|m3~BmC3U*zdjL-gqxr~v(XB{&jj46}xITxwb6DGEN z8L-8z(Lk|jBXQtjsH;t1W^l``n0h`9r*BVd?VoV32c9=;k!(z#kWh3}cIyzG&z5L( zsa;D-6;G4_KMM8fVh~vj1;+N`-tp!!pc}*s?=97nHLR08Ie~0KW&Q2Q1|;5C`y&1l zS8|FIjPaE15H=-vg}vr)unGOF_%&cA}2 z!@C0-R;Z$*GvHM@DBSP2I#wjBo|NeCogtC;k86lt^6vLlJA2y+m8O5ZAL26iC|S7i z=RAGtyZ_xbE(gUunzf7bmnT0X++PIFxY!Ft75SMYyh$*|?=UEnjS1Ct<9~QG`PY*~ z{yCOUxg3TT_}P;El?cU23+eAg)njo$B2XT+0Z1VorQUv=(7jU4DZ70z9V-9t{4rnC z#kchIQA_3sq9-lc(KR1kvwPO*;w#4DBn$!^QDguCUFUbbMl;I`-QG8SdUZw}|6I<` z|E^H*8`sRLHL+^fD+u_a=(+7R6c@+wT|rU^7B?7ALbd@vyJbooe$rG3C^w!g)1RN8 zo_?D|$Z5wej=BE|rg1-E0UJM8;e^YDvq@GtL&9?NKkH67Ted$$0Qb8nYv-s}8n69N zQM@xjI$9Y`s=}VMIS}=)E-+mF|1>`0K1y0bf7j77X>e#d&nCvmuaVhaTvKvMuddK4 zVNrW{W72jkM%U;3Bf$_?Y z9i8eNjmh{d5J&yXNUUV$3K;&#EjuDhx|~nDv*Wq4Fxf6b&;(UAry8%!q-P@J(+n6e z*hQdPVowHqz?Dg_F7R~BPfLM<+CUp=5^z^KNAH31J={Dv{Wi7Y-)zULoQ7Cm{vM+5 zB+sF6q+eo{41t&Rs9o{ZrcPB=BGA%5&$gWO(&2yGqtUL03}vgscP~0_g^uS<*U7#d zkC-gVEE}s>do~$w6hAbIr!PBOe#A%8fBvsF08LrZaPCqs@e749fnbW?wLp4ELLw~a8 zbjDs2*U@iRwW=**10g>N`$PDXj2T5~p&@L4Iw~80c&Vic0Fsqyz+AlO+kalPF`F!Q zf*RJ%MppMT#go4h$cM;|I%f|6J?`aYF?s4=W6|p81`JToT-rCI({Z|!?=+ndyza#% z+<>9)*uf9v?SHOlee9pZDJV47oOUu2!l`z{Rq~yw@*#u~d;T#m3Zh?4loHt`b9_$l z*ryJFBl}*pa9Y&1jahGk)%0H$)puQRAKUCIH7?dvIR0kUnfzRKqa@VeHJek3Si=_D zT3FA(q~1Mxw=B1!^-JeUOmtTo5LSnr#ELSTN8-!%Fw z1MHtO3^8{pE@}B3hYv6O5Vn=U$CTRw%DHSYOUz3Wfup1D&GNfry7UuY3P28??tlS> z{L?Q0?kc$wDdw$8zTeUs&2MBkYe!f&xYnI4rerZ(T)+N&3E_JWwlqF1p>{HB4D&6V z0D5wIPn3x9Y*{bd|7&jr0Wdbj@aWPOMA{ zL^o>i3PghL_{EU2e+$dq*VOkv;zlwwqeLf95`zi=n+&C$c+P)h+PCE~C9M?n9=YjM zpW^oz8roSM7)-X64x3iY4sa52+;Jpk%eOLIBv8& z=RkO{yjxM2ja8&V8isNA+0I&OkHArnJ3?QJ0D_70w{c*Bzx{g@_o$c5<5Tv(SgN3p z4{mRYH=2iVIu3n@6QdEm+>r`@Q{FB-Zbk2tW%qLGp;_2CL39~@fl)JlH{i^)NV0V@ z^eYL^g;p$-y?vkfm zkvUPieatu!@Xq{XvQ4QR&VaWI+5dC=(S5ExC4Yow3{Bz$Rx1WB#~Ib++x5o*t6#uw z+VK~(^>mvX%IPN}pKujd>qJu>9A0I{)_dSIHqn$~p)G%@byzKN4mdYsjR zddc|(qFE=N0;6Ys38S1VI{>xz6Q{K+?{^DmJ;|d^5ABCun2T`wh!iyp`MC0SxB8Od`FUDv zwk;A+cT0}fjQW)qEdy9)+`|amiDf`(is#~|3JTI+yK4KLD1+z5#HcHeEk)}#ad$Rk zQ_Ua9BA+HX)}22=Gu?>^{QZ&s2ioTFx?_zBvQL0566X2!K41yctebyUu<#l5$95w2 zb)@3#Gx70zi4zI>`vIT(sFvIYTDg6(Xzef`#4c~<9bHfSP#7jU%DtUsRa4x%t2 z(25kSX5SK};UIa>(S^Yj$*t^XRm-b+3Z2Hu34gYP60GaOI7qyJEkmPgX9oS-M?dL& zPgYRemF9`lF=&1+=ui1;wRX-buAp#K8`HDJFOo?y*`@MX{ozr*)fhYenFC9k=NKYV zfgxBMiVO(l+mT=D1c77Q4Sj5iV3BU9Wu@fZzIR}n>;|9i>GJmRfUCkz ztu3H!%gO7{?hz%7#p@b)>m$ild|YXz;lc9MX2825GZaR22(qiR4ldEUGArU6maD50vSy)EG}Xfo{ee zhZ}g%voqlf%%%(xIG`91w+C2DEYC-V^mh9B?RljLRp<0f_~VHZt!_5kewkm9oZxV+(mp3iDC@*3!$EEaD&@5?QHTHl z3SqIpaZPio3tsTI>)R@GLvPYwG7hXKiNF!$*EK)rKy)=3-gmS}M+0Mim(GQQxb6~ulG5*B8!N%d7R6)nb z4Z1_MLKRyQqU2`u0ShH@W%|Qv*LGda^lOPAgdF5SiYMmzHD{0CMb#_T-+|kKv>nxp zGSmH!*RIyeWWFAm_-R7pTwvqiJmG$fDC8N|rW{urpFhVz7`I&h;3gXDeuC6!nV7(x z6exZ?@)$=r$E>c!+X$NC`!}Us1NWF3OVwxRJv$R*TeN62Ib^mD3p$s!yryBHsoopt zxONFbfhbLqT92W9k(w;I;y{j7ZvK4rIU~Eg)IBowX5XJzH1MY_K`e-;UX(*mLyy71 z<{U*uzU!9m=ogZrg(Q1` zaS}+UVnb%FAMif1H+{WP;Qp)dwz;zuZotjv5KH|>L&_6v-Ho9;BD$|M4|l{PPft~! ze=m`z1%8yjYmfDK2Rl+Vphvd;toS)cD_ebpyc=x;r6&(qIq!`)-{hTsYC~pzH`1n3 z65#}haKEkEtt}Lv$@04JlkcgCNs95+op|(=aP@S4f)Tm!V-dPR`1n9YF$=)966q9o z9@!0}OgzU0Srm+l%69DBu{tN4EZujBVdHUC*V+6Sg$B|yBOAB2fqO^N#VN5O-vE7@ zf}zg}s$w>nt>3K`7vk(tgS{Ep?IB2SC{Z7UkpNtrR{OF-Gk=+tTf+Bxx6HMuTRyxi zaI;&C^Zz=Brof`QyE!X%+6q)T9Xb4F%m>hvohYxOnz_$=Z3UvO-tfiI9GhB5JL0hK zb;{eLO{{7bu&<_Y9+AMde=tcWQCz-eCu*hd%U1Xd;EIql!N^cQ5yIt>c4cJTZ>e7H zUC|R24&S>tuNl*8Uy2I~VtqlyRd&bm!?T=`HIm#L+ZWBZo|1c-2=Q`(AsUso+QI>n zeh5IpRk1WB+gsj!thWLA*uHTZv&%5K{d4|@*6o9l0Lh>MwweCW`we{UYqrh0EPd~? z-bR&iE$~N#44&Prw&w{G%9-PzyvOjpNbS1Z7yt!gBhCOgqA1{qlY-H_0nMsaICPit z2aRh;$;}+kM=C}cnP(CG_MQdM5K}<01W@=hp-`gDfP#^2$03%Q0!J9^jlj!}yUWOCjPof`>hUdo9qbbRYx0cw?!Pw>+@ z6mCTLuQWwQzBr0-qJS}WH>4f!#3)7Y?|WZS5+Hc(R*I6 zC(*u8y?Vlj>KKdk`qT+KUdn4(nM?N}-S~6-dX?Yl@LU$`LkUf!FFR=8?c8aEeig*1 z4A-SV+Qh1VpPni---9I374Aj5{(4%QI%vz<@2I!Oro^qU=Y21z>3H~#t@pI#!s4f_ z?yW{sj5WAZMW^nROXQ^ww@4Dka`V5N27IpewWae|n+nM0tFEzCxBKUyVOsieS79-O~0W%eU$m4MaiY0O5VT1f~&XiD51!xZoNYiKE)aR?;l-+76jAM3apr$SB zp4-jECQQwso{>_qDzUE7+thQET=pEGM7m~CMAb#BNXkfeTN|@)686DaZ90=xV_GzP zK>rXYTdkQk$|H?Be}C5pj?PM_e{Bmxw;aOu3=fUs1oJ&NUa%5I4&##iI}1{j=BFs} z*tW`npSR;K3%`zqi#ObSGWa9^Ghv9~zf6)F`3%)}X3I6TLA*aDDrV1_zekIK?}A?= zsuO)2z$#Mw>c=~ev}=M&XV1;nST^xqx2r?-s>cU2qZ743fT_P;wz6@CgM=i2@&#M{kC z4XCPkU8~?!nK*60&->A=%HkN>YU7jW z<>VQ!+c_HEku-5e!sHe(L8NO6yX)HSgA(zo@I$iTGxpPe(*9RBB<61%4`-};rU>Z` z#B_tJU*`_mPW@Psb55sjy6QaoEuvR|82^~FQPdRcE$3g#ty>L^Ki|6=#b8ddk(ZlOum!dsm6dLt zh6DZGGf55c&&LiC>wv?WQvGI?2DWBKZ@p4 z&%CV!>So4}-%fHZZ_-bTuACfbgQ8(s+=`?QS1j;PrInEC4A&S8>GhY^@!ek80z+n|7|9ad(- zvp)RO*O{|1>Dv=?FIsrGZr~py3&Ae$SG#s=HgnbpAjtV&JZOcYHeMb5tm0>q2<<(S zOky@OCQXS>;X@UP9GT~6bZk~O{oc1X9vt!2=x4G|n{)+c)&BFO1hC82VXN4dds{d` zr-uh?U!&pm(0?+NJm!7%czlCj2gjK+l)dMFKYmU4k?K=ilYspU#J@)Z-&P4Jwhi*d z@#9}Rk#<(<*}#=#(I_8^ShLpw1k{5gAj!US60NWdU9WJ^KhI@(rjB7@OArVV$~=k_e?Lv-Dp1P*?n`aXJ$obQ&vV7QK>!=BU;;!Cy-fDZSBfmkF={ zIqA8YK1iQ6!tlRHl+acBJ__I-DoAee1z0dz!3?1mCv!ZJ>tDOrd7XOTGJpmxSv>@0 z&@w1|!9W=7)pUNfVXUg6S9CKof0bZ$Ng`>>0|V5I{#k>~(@cU2N0`l?C z`QsjCuWQG=)>PKkeRMLqof5b_R;n)))sO4M(fqSsfe&`(jkur8_|p#oO3t)=ATH|? ziG|+NmGp{}LtvZylQl$5NQ{>@<=@JM!?8|@;;;{|@HEweMu#MReUSn7{KS7512}}8 zwzT%@e*vhTJ6gk#Az(j}aW@LC6RwZIzW#TdEFSOld~?eG3Tzt#duTaleGP-!y-4f3 z&hA70T$FW%z8m`NSaKpjX5V1+q%?3H&?aA?pZd6g+J%q3`Lk&C>K6ztGheZLf*{$| zzFbb~Z4*SQ4x4(2n|NSptqjWCf09G~ki4GziIRcX{ZAr1z;w-ivfduE{vz zwVq@o;NW+^JQpwvb;`>w0PckvK*6X1m@L$^ps4Obihozu9+3_CYFK2lqi$h&K)Wlu za>zId6Lz!wcLNI`(PS9&&Y4_pGUw9D(ZEj=_Sa7I9RD7Tm$^ZCRs?sSm0%N_u@U;t zz8brwj?Aye%+s~o&{_iy|<~k%;UbBQ2^ZIi}QLfe?shu zWsEx(GTf^~FL&F;!=o~m;ok(W-suhBm@X;Y4~MJn04kBjhOCd?s9k%U*N>cjU_l?m z9QPl$z3MkB+x+C`DjaTiJBt$R<9Jn|=v_XX|IE}wNE=VNke?2IeNeNiL+^&v7fi&l zR#{7h=K+@idqoHF$7OBaISbI>v!aVtax!%l!ea4NioZ{;w&;VJ#z~-Lb zS-mXaAiHh!2I1?(3b@a^n@diliNoweMONcUV;JIRg?F&U+LgUAHgTH_yln4KlHhPx zB$%k$D33pK_rZoI%(?yXNwG=ll-16Oz^-3W(4%;p^EK>cmn9XCf32D<6!$3pGt|pS zNqQ`bl29Az99nrcJsxPVmo8lHXR$5$O*;d2FdQnr><{h!-Z^aH^vrs-QDIy>MEn*Y z*6f;?7wt}4n$|%W6^;UW^^c=;i{j=vo%tCprVxU>rQYV>iZi?CtK`YW4oyiGbm$A& z-NhLyV8r8YSXxUZHov2IJg6@2;3@bQdADd~Z=xij0^63dqGIpSODNbyuT6}3KctAoyXgF}9Y{LqJ>eOwQ>KT}@dZdsK$nt5#Kgz%T& z>3!|v8CcrxmBm#wkWyDs#D}3-uShf`F12VcCv@lZR>!R2h(}%lUA|1Z*Srmk!{R+J3iRRO(1C@0}oGggf(jrzl!$UpX zmi&F?^LW@nQC8e{F2ZV7;eoJui)NZNzvT3z8-~t!+<2rioRENR8yuN92hhM05Veq7 zi*cRAm$C^)2eEC?^|^@$5z0UE_R(BGQEhMvj_JzUS6z(vcmvN93EO;tE}5=IAnxwA zuRf?2%GwPIA6}2Ld*hThTMM}c`_duI);iIsptdMff|Qedy2yNSx1G<(Jtv|M6%jC| zfB`U_PX-9^(7d#zcmg;Ezh6);x^=X}*L{<1>!3QTLs+i(TX&3a+)~`IH+vw+7%lEt zc^vSyETuz9{4G0t_3-9iS!vSN(FbWI1A_hT znIjAMVRfhIHzQPaUYF7X`s-4uM)$!Z6J>{EAnO`US&^_|GYY=%iq9;Er8oSmG?km~ z$_O2^TX46i{g&K)sRVE#y$t<8pCz(0b7^YH+e~6{$leU~HhL+P-qC4RdOl=rIr;W{ zNs3?s^-okv*UgUNPtqBUazAnH$=jbwzlrP4O9%Y=?1s6YB3^d*0T$QEalyd{Cp@B^RxZxU|8GHX5m0w#Ud4BR zqP6WjYt$PA(V8mYnhncWS_0c&?c&l?s5UoF|^*%bARDO|L1BBq4Yz zpn!I7%WL_J3>B&Q062Y1nZR(^hkJ7cKx9S!HETY0QZ#d!Z|PM8$c26(PiWN0bz~rg zlx&aU{jqdH9jROD_WA~C{R+KeX>9lsNV*)SHSSy;0wraV14vqIg3$=q;div8mu%#Lh%y1E$7{}(7ja`f?|#9;cnocurUv2^D+OuL-d9MfZ1`(V zvEe>^$;9jaGd0Jt;Q_kiHutKS3~a$8Agv8U`)83IP&RuO7d8cj5__kKrf1(hq*93I z0~E~MP#h$E>yM@ywd5~O1E_{nw%NB%N`=NuMQ9gz>)6a~lfb7p{dCODRs95I-_9T1 zPGpNM*-EMgKV{=x{}L|Sj(LGG43qP7c#v7{oFq2+=fU za$M2z>gDxnP>1N`nBDzyTP~pr>^sXx(tC~(vd$>SIU3Ye8Rz37&>xsn182FPNW+hx zWs#fCwQI6#F(mvAg_j#+R-IjqpOFF(h76?HD>}z|RyTYleMGy-c;N)EwHnOTVq9kj zy#^BW5H4f(C5^k*+9#cz%v5MQ;4NAjTyIcbkUm-y$I~LTj6c($t82?b2RKNplJ#4#2jSiKh=xq)d1nrxfm**hkq^@gw&-NLRy&q-UQ#ht=EW~t!&Ad(c;5~LrN!3MMttW>AVKK*O;==*&0 z7v;sc@aS4d|83s+%H}_o9n(As;vmh%_p0kw#v4(GSq*XK9e)68tLllDOYu;1)QsP# z+!@4#XiWWmFEb~=cgvE&&kXRSX+U*R%@qU&(RbV{-Yld6*|N#$cUiJe`EcOYK=!=5 zXE2~Gg$rdI*kZ?_m%5l)p0wf;W1!;)-*i2?yIn6FUte|ex7!7lp?23=XF0AnIJer0 zNCmg$j|4~5yD9@tH?;@!QtfD&GFTG%QoGxSj+Ch=L^c^VZ z81w<#hKkCMcn7`7+7G5xTHh+W0Ttw($ zI*O>{ziNaVc?tN!cRaWtwlvF<#3_<#UQk6Sm0I*D`EbiIag6E6mBZOlLKIF@IQHi8 zH%qKUFntV*R8{&!z+S>6a3@1h5Ld}R7sfDuH69TbB;qZ#tCY&R&Y&%pP*qGI`enhk z*Z|EJ#aMP?;zrMH;g$~1k^|+cA#>R=Nd!Y*TfXRQkO#Wi?N$pECS0;Uer)kLH>@1q z#NTGprCKXC1-MzC1N?IFKCZ^eUb9Jqxrk%hD1B0z@eqnsk;YCEsz5Gj>f0Joif56?G#*E3bo-#|KVU5cQ1-Gxs|wqOH>E-ut*#B-*uU4J^Zq|fna~KFam4VoBi^%qu-$hZXN^U~mV$)wG>VOl zhz789n*2VE#<#HfZ`1pK07oy7cLTS^6PfBqT|Qv(>8`jADqC>>88#53Ru}2>t@(VH zX74{oE?-=j9!IDx<+yV`l2%^$hZGgv?Dhl!nJE-n9y$v50(=W)dEHV4u<`#-+Ja(Sdg)? zt-(e^8LJ?Dkl_bbUl2{8b&a1%I2_jfce7x~ML^Hy-?ZPSwXIk_Am$KZg1;27&)AN2{6ipfsj6G&sN z&wAAo!GV<)EACe0dLDVKhJNcj+icxC>5od$HSzGMZO|Xn1v0zJH@sXKY*+oIFphFt zc(+f7O5)7lwpN(A23~DEkydyS(0s>`$$dK`7&pH26llrLY?8PIw(E zVTR_R7B%7jdIygN3us3Qd&|1v_)Y;7rs9x zvAZ$94Zx1IAvN2yBeN>^ucF5w>FowFpP-gB{(2)?ar0qM*Q68ix7P%hN?+Yk zkc#vSn)la2(7Y^8CMb z%&atv|9MuF?$cqjmM#48O;fg+6DH$@f_VvjxT7}*IW_`k)=W*kpChIp!HAv;>GQs| z7Mk98do#H?K~tmt3&!3=QlTR9t>U6WKcNyuQX-AINc<#9Eti&cr5`6pZ>!dLH*RZY zAJr`0YxgLV4ruS2e=?p0che;;?I^@_-ehkV`v#VmTt*WGhzm6{+T$(=S7Xd;i{=mx zO;0+3vOo4<2>YJGyI6g5Mfg2Ui~R(0(ZnLEXEPb=I)967zxK9Oc{3@ZX<*|%x%6HvkUBHKOS;)5qDTwb|<`LT^l>TRXz_!+TPcX}UurCuO#<1gC> zpCs%hB~%*?4euIpjezY>_8+JyNU@GkCkXhfdR4Lasx*c4Dg#c}(hWP1-xnLcLjZHt zirsF{=sf^kwQYV+JpayX3KmM-+fed9T$=>y*fDw9xxiIK2fye2HK8cH3}8OJvNtnL zQB?wU!A_V#YP!*in{9V!s11J1X?Buv7N17dR?bBUJ#?wXTzMBuTy4)%nB}*o@d#%^ z}Z_+5LENp=MlX^){wtkjM#ht}Z_ng%SCZ8so&K z;4p^`N$507G(hfub>+&w4tmnw;~F!r4bcMg7IL&*-|@_Rp+BIqj$`{1MF`T-7^|)* z<83*g9aH%Q&!kWU#{lH)DU@NY&_@G9KV4p&+cp1yu+~){#m_Jgqg6fT)@!=363xww zZ97rhX?;;OSeC+VgWR^ZJ+`JOFW)&mhh+8RIl05ec*Jm<@y7W5ug+br>!Gd*-I=fz zz_IkJWzt<;Nt`{#aGhLYpxqV>aHR3sZjYOGLp!LB6dHjWnpi$W*R8hjDumw~c+B=m z^KJp+uybwhIQ&8Uo}gu~N~jt!ttG?ze)AW%FAx0g-Yu_fh856L8JM|@Y~;9ih~Nct z{`g4?;&=GRB=ydToReM`+^x z#|ZQ%K})jpA*}_am7th`mVb*F0jPetS)qzMAa(uBzVo+){#vGX_*mC3i$3p5SY{PNU)a=(WH!^IVv`5ngQb@+ zjpz!Uw(YHV!zFGENoszJOO-K$3SvzTQ+fkW{eQ9j5h%H4Z#s4rq(}|iG4r5mC-l)2 z^qM`&9lkAAljjy%W|pkJcH>W*zUBSmH$ou;$cO-kmbLydf<7oHEY|YTP5z(rm7B1^ zGf%x4AH)iz@brD3_+7#hkRz5fEGE z$NmC1qjV$m{VwMmRv>RC9S+<`-^0)0A%!stiyr-i^mBq@J0NQwA&Wdw1y@dQVQso7 zzoArOhyI8bGwx%N3+TFG-$UP>B_K5DT(^xQ5)-9M$<(5Hm7mmESU}ngwX`SkAphq5=1hWh{i{wpB~#oJOuWS>EZ3>hI=CWIJc8xpc_QI>kLTv{RH*znM3%0wN3r@$0n*THBpTgML8CEc04sFaCMX$X;wV5Pk3s^Zft~ zrvB}p7W(@E?{Uqqng!z~vP-8p%Y~8|KH8^44%TuGqE?Vmr7!@*c4tv1zGRN}8nxAb zp~hw@8pdYo2J zvK>lM^k|ioBS*9fxG+Pk#QKfsdV!c{zP9O=*W4n|MwE5w2VUs2>O$17>=+f!)q*Pc zE@(e^4{HsL=vsZz$3I(>E@o6$qqeeA9iFg<&4qGT+FtX=vI#(2qThinAl)Z!nY$?i zzu8%0(K|a4*x#2Dj+QdqGWZ-8GFy>D#-zx zy?iTR9`!ts{pNnCUmQI$=pQ>Vh2R$ zM@2yrbfPxp;;CaVknY`WGlMqE;);0uV&MUECcsf?PK^F3QDxwM-u0&+`YLsE$^FLo z4Hn#wcQ?2od03tIUDru>9H(0!SwxVY$ue-Kq)}-7WO(6-3no=;no#*8kS$^>Akeyd zM48g@qU7z73e2r=?Fxp}3HNx%{ew$wo;O1yDGfG>%a_8TF6eSXW|RwB)oW}t3duis z!uj(V#!6%k(J88>c-}E}>k{yz|Ns8&%p>s3&h+y`FNw(8$2p{rx1{WX0Zz~2 z(;SIWg){Qqe;u-`&$jz&ZfsFog0EThUC5}pVcDmS3+b%d4Jt3^c*)da7}k_4`DBju z8cX>QhH|HX{a!5tnByPc#0oLmd#%rRZ0NFc6!5p&0+EOxk1p8nRTN*xE55=LH4uYu z?(ZP*7Nv?upLQ$T=h%l;3~ot5R@$}Et2-GL@dXQUK^4&w)(iV$ z?cv%b1jWtNvQ64qiG_Azw*Ii9nqI_>7NHcQF1?@XXBzizC!i zuoLPe!=-nz0Mv~>vPU$&6?H*mybnLyh?miF~93Uce8+NWTXJ_<5`9 z_)sBq8|M;L6{rJyaI1(#QBfhvpxX^xIQ-K`!b&fLaI;4`IJ@8`2%0PuQN+O*KQ_p9 zZtEq=Lhk`V z3Jm*Qf?(27C%~~p@!T^Q$3{dNn3+R(zhx)r^QSTtLeFU0xY;N8;&+E+uGmWJTaT&U zBzjsoc9+z|(}g77*SxLgrO0JBol~8I#mesfcFuPj>LhSka}XYwr28!@yarHMQXrl4 zGmxQ1h|P81ZFQ3I50BNp#xdoCKMCta-2VgFH>0@ocQ<5bIu}jQWP)xIFR}PTTd7|m z$+00!#QH&}rni@Y*wv|V#eYa_g4erG5~u(Wo7#{631S1Yysd3sWNiwOE_0(t+_p$y zjj}{so_D~`#7h3}AhuBV<$kQ}Quy6(1=FKILLNS$jWaFqb1jY!YT(4?7e-X}KyTzN z=|lFy%NkB6qe1J+E7kEHTBoivmH=7aEj~yhkysKCz3;(|Jl)aeKghQ-DlSdT@%xo{ zNb>xJX_%6EzgwB-xzvn97rZ#0dLy!Q;T)ahOzDpOp<#Lu^68+3XhLwEsgRh2tFPK$ z@O>A=umoOrtQ9`GoSHzxA3N`65SUo7@dBx1@Nz<}@RU?$m~31)Gx!H|h0gU=&0rSnUJ^$Ii#%SPj#( zUv{!+VbCtP^!M6;#Lef(&fgD}{^7PpFbs>^PZ8To<=T0;B`{x4YC0TUT>obr)0P+E zk7hLp+#70J4Neg6bGTJV2lF|8)~ZqGXE4!&TC|jlQYV_kzR7qfJr5D7k>cHEMqJji z@e?Vs3Jg(#W%Hws0&@sMwFep}h_8*nY_u+WkR2tTSZPvgt;J!RfBiMtIXZ?eN$%`5 zU?m6kbu72v{>Y4N{kfN9>~y$h@DlJ&dTEr03h4V#5(dz)uZ>2B!y@?6+~)B&|Y z#0xQS#Rufz#k^^wR-lVGZvW$fFSS@W-&|^HwRDAZ_cBk2#D~bZ{Yv?yNq$Ob$iSy^ zLVdhP#uY%|(ZhRlEtv3vR|rb5VK{v|?N6(H&6gEDIw~1u0YCRPHOS7JPIGudkRT3p&PKlgf$ zb&1eZUczAm)lt}^k#?LO)xcaFn<1Q00hz^w`m1d%r0oau_kCCRL(6Vb%Vn5s(fUso zy9I`QEIj;Y77nfDx;pOmyG+Jw00n4%BPsq_u8|LT~{Ac8(w1$kW#(Ijjc2?nxUYo(zJL#0Z z{UKGAVK%M@v&M$@Tz1JJ&Z`A390KTOJ`P^XfL#R}aq9(?=4k8DXAZb5z1{J)Td#X8 z8PNVj-C3YpZ)VljijNFCvKlxIS|8cspg3O>K2$=%t7n)(OlxMRFYFd6Ut12||G=qt z0-k8OPwICMVS^4iLv2bL7dA*sl{~3?L*q*`CZ(r?0-=l!IJU)5Keei2_tpf$sj0HFPR{7NNqJsWX00T@k!Y}HLZtL$@c!s2>+WBGoeV%6 z$yv)y#pFa%F=P@&Yv2FHGQS>?uMTT0yGQlp1CSAM5B|I5ujJoqo6c2dts{pja9iHE z#Li?G_KD3bR=b;gZv)K2z`G&-Uud_Qje7jdf3w|6UAR$CIa#22n7C>GksY9vOO$JYa-q$tX2}`^ttt zh@`Q74tzclb!21+R}v?jFz%Wn4;-x-3sSBA&L}aSLlg+!* zTUkv5gvEO+L8^rtr$rxlUX5{HG($HV3Q9U+4k1+s5v|7f$V{M;hW;@>`(4MAE>|Y^Stx6nX$s zWx~l)$$xS6;EZJq^>AZzX_FT;kP_i`Q+D5MDrd9%46xCE980fP_zN@<|d4<4KWNYefF^(E*S z??vcUaGP7V9*d=Q>UMy&drAL76EaKcSB?LTd2aC%KX7sYZyrP8S3L<$7GhWJqjAVMIy0e z27mL;oTMtG$ivFwa>Q-cQ8(NxE@|*%mx&tTX2UIeFrg*1#jp68$*>>(qnP!O0E=C3 zE@cZAw#xPIIJ(Q}yV@y$gs4?jvo>n+OY zrXvu^G5Z$UCvHYZDJ5RWN-lhg_NePb998r*LMt3uu~8U|-fNf=es4*xY^Xq(OGO(O zlf85ehz*zz4H!2tIs0>-wr&+^=y}JZFZWQTa6U9aGH*V?DIyyRRC_o&#BjlT z?nKwM&uf}9)?bG00EIl3?$wJ-q~WSG_*oy6Ewx8kdXWz`G_OmqbbE9&z3uq^?NC&d zTT`w-m+>w&(TmF%c21Row1Esm7f^fdbXpH|&;v*2rsJLfu)RBXeRV5~{)7Zx!5f%c zQ2Z=)$bRWpi{X&_4*W??pppU1so=Z9mXDn&pM?aal!+Uko1r`7_udU8w7#(kQEr#H zXQWNM%;aTecoWm-Tq5IFSo7o)ueNbNDZYu@aZoV z&`Ol#e4DsVYz;mR{>8>T(JU~LvgJG?Oyu7B_>UoYGeGfp1%9XmM7v3eq zJi#cRm90& zDR{H$FpLo+o0h^4H zGp?xTPJT9Iplx9E4QJWEu3w}2qy6=N-G4Vei-SLqvz!N-Ga~g*Et8bef4 zKdQZ1Nafp3)s_q}?l4sV6_MPe6g@1oS5Te#N&Dy|?)d+caOceawNPy8OVqBsMGF_> zCVXaw!ektJ{1{!bnRcKLQ5$Q(bbm))ASim%f=blle$5e&2?3?(gqKZuY4AZ9ymimG z!SiH|7j+g+ergDz?sij~SmL7k_;&;@VyFxF8BmHJ-3nsL7>3H6piH_6;(SoaVPBkgI;w@niXtlemttK<)Ww3L(J%zPzY? zBGDzMk2ZQeFDQF#sUz8xVwOq?P z;qD>u&+rT%c<<&`kNk>-nmB`K67FZi-gvvNcm2+ndXOV9%*Hd@fda4Hfmoxy*qCf;00gu#lKl(1^O^_5_ZgQ6k^6? z3Y~*H1-2#VQ?wz_inOX8=lDXD4J1)IxX9O}+uAaGx4K>94Vg8WC!9iO7&5A>)oqVg z?1w6?#8E`iydr$0jr!$m(fNe?ZQQvCwQ3NzhV9`|~?oyrm^UvA>F30m&M);gP3KI0>|p*-9<% z3?MyyN0R1NfX~JG0JZUKvyZY-BAl!;&G<`d<4HR`i2M4|Ht}Rf+auD))8Bhs4r(Kg z4Oi33hA-TzYr5mT?8Dy697Nq={gkiiY(!)v+Xh#U9aMb#s-W_BzT+ zJ-8~fP*Ee?_7JU{=m?CkO8dsC?tM&VVs`YoJE9R@KQkr@*kzgbOk5?)?-x%MIKo!X zPrUPuGob#<^sv81*;lT;qov4y@2kPq*JybTeJB5!{RuRzno}s_M6R(X%__TZA2K~P zcrQCc>p)LS`<}S@&J;%(F;VyXQt)xY5o0g3?Y}^Iv{(NNlov-yVW|UWadx|J*@7vV zq+YJyXC@Kez2j=k`AB~3@PCr>0Hb&(Cb2%4gcNkgG5&m$i5ai*&8qrr>07HxSS@}odVqwo^2yh}EZx4|^}~%%-mheZNJ;O}S5>Bhdo{oZJ_j_D zI;{Jh_|Y+pOATf6Vgl3CY|ct;e3Q+)u3118Tri&CXh1L%unOny0^It{Ke5Le-E>u4b)VE(Q$J3jBhW zIhYkmg<@|*a)|a0sE4)OjWxC(9#KS-dOOMeiuu@|ROOSb(|Cy!0}^z-=6bWhXsmmP zKmHJHQ5aF=&1rIz$Za`B#h)e_ug4X#4`KKU%$J*)OYI1<4pMZG2&|eOr6g28UWb_5 z9{n-`wV(ANRU`AVkmt#w?9!jHX!#_+3J0+|zj^&g@YQ_}pVygvl1pl76v(p=X6g45 z5?2S)&uWLp_ne0Bt0+G(R6l!9XZsA^Xt&)cB)OcA;ZF)#YSWC_en#w%aQ$i9nR;Mc zY~m>QI@99~?!CeEnZtJ{yWNfx&GGW z`zvR<%*y>nk3FAo4{QEIpoboMA3ptWmBi=Zo<_|$U)d^#UK1Fr=z?V(>YEny3Xfx< zuchHz@eYBFe^jWdzXf-&KAD+DS%Y7=aKz8wKekqKxY-t4G1{xT*p$hI=Z7NNX^H0* z7$eoroWelz4HncV6_(k;3rZ2-2{(FvQm~Y*{OAl*`0Z9$%DJu=d)YlpzZ-+j7nxH_ z(4xDFG9;A`I;}MK$Sj3u$=Qn0gsSKkPDifrhnsm#eCj0}nW$6GBGJt+U`5(OE~f5~ zgMq$F@VSBGRpFA80@uWKlZ#LN=x?nQq>F)HcJSOvm49S1AVYrw!%X)2&YqNS&o4j& zNM8!y3Ry%hz5c`MPf?WdrS&@(gc@&W)~$H6jnwTL@la_+A0Y>ybn+}<^JB_`a%VSc z3lhg|3{qw0h9NIAFR?baTA0Kf z2vG}BIi$SA4@kXyd5Enwi*MeP;8xGER4DrOm`nwM0I>}^YVQZr*1v0-c@5#<~Y5(5H0?Mv` zJ{hRe#;V`7?#vZAdYzX69)YoqL=pE`aSr=Qz^gl>gh@GgkwKT^`;+N~u`b4yHByKj zyHU#}qO}?duMZ*?R^RY^uBvmZYn za6JSf2aC^gtonhlmcESNM#pY@uXx3h=YVjc>Z@OW31CV^Fmk6H7oPgHuhAj{aXUX{ zXYFDt|FVG1;g3k`2&v3GZUp4?<-CDfD6PnWM<5j_{Iq6=9^PGMPC42g2ni3r4( z%a)$3{UvfqhZPd6v5aJR*7`h`%;+Jj^w~D0dbBcQG7@%t$1kVz1 zgpCK~oYp_WXm)w8OKjWi6Dw8Q$t~MgPKpvfjpFl`7yg^cNNVJHNciVnGZ%aIH3wtA zqCnOtf1!U76QB0uYIFM0`6$w5LtCUHX(zQD7+|(@c2e(kyL-vvJ|L4^9TFvO8^=7k znU_Gg>|YnA|4{TGj>e;lYO2lQtWP56@y*a=|JjE~T6I9=M~T{&F9P%}AD zsrplE;^MXLFHWdJ@*;8yZXqL65OEZM!TWNXxiw`gMpMt1lxr+ClyB1VAN$b6x+>Y;W@`-%?M~JR zG3s{Zr>fdCN-Fh_W~)_>{K(-uJDtd&Nm@a_QPrWF@N00;F28RoKT(}E4@aiwb`|9e zObu794)k{_Wm$J7)(ClT8r%1gf~fnJ?HRt*sYdzHU)cH-0;p&BCDO8zQIS!bz zesQrc(eQR#xg1u#k|_3EMD6zPY!X%9-8kIWt|`>J;&Z!yZkJT}(N2VD0*(|hm}=zP z4C~>c&y{;>XZt6r!vV;Xksi7y`RI50tG16W@+4iq%10tx;m18sF%5Lx*51isWTI|3 zOVE^QgS@BNk6@zktI*1g2+@u@OxiACMqpOYwhvWyC}k{*(9_SxS*syd@93tm2N2MG z_1npixAnJvcH$VlJmTvWytIEtT{=vFt&e;9b&pzGbhG&dqD;hQ~5u%uS==0^D8 zv!}k?akt|D2FmAIZ3~3t3hJBmz;Ln<)?vdAL*{}SPTeb;cP+ifFwl9*&<6+HY4*geN7oK%@ z8?egwbgC@zLR@`3;+c_?h+1vHXYGW;pN&G-%QI(sc!z#5^kePr+|>TY8~$SQ6T7-K zsHQVG`n(%o^kXsWsh~vtzCNR!xvd$+pU`4yTg86LQkn)T8$MyyH5!Ixq27oT32p|h zDAoRPIE`Iw@S=`&+s2YG=_w(nEnz~}px=52SFo$^U|`Pp#4q7U<+^O#D5F;Nbj?36 zA;#qTvR&sGSU?&<)jMRHoIXUYV$p*Zh_OTGny5?)#_?Nmp=R4v_j?yoGEZ zk|;9RUg|y{{?Ni}`@kr;taULlzH6%B9uXs9(tLqUeU9>v?E@t>Bb~)0grn+u{#Eon zD!wnf>P+}YV?I)|kFE8Pe;$NNAi+fp3d?UPpD6P`_|kb*xBF?z!wt&|Cop+>GljTO zo%D3jy46QJ`Lhr%%RTKcRnOZ4#nRz0UdFhPHS(cHTii>{>FPE z{4o-IJ1V+=0=rgOx(hxNTAqxiC5-m7@bym_pe6e&LL!t!9^~GEX>R6wSx6!HEg%bp zi~4&*M~n9xpRg8{^y#Q$$L3Ncd#PX^F(AJu-G%;t-Z~Smg^jHCsm$eGN#&U~wifbs z#XqlmvmjGGj4@jW&^b#ZpuMbfr+O&e@mA~Z_yINX=Q&8e-G5BWPWkq$C+iJ(*V!uT zARo_6WwV=3iO<~affVC%&gz@&lzGtfRVT&glJ*jfo~u*$_tQc^n%U zUd^N-s^6pkzL9}oXAH(!8nILIb|oX`#)D0-n+^tRwDj9@2}X;qUi&e>3}aI7>t>{M z9nFPU5srlc&LreS{WxX*U(6)T%#infno!W5TE9CVt)!X_vwnIIt20+2Z}_X+U5)_7 zx@Jdy4tOTRXM%&MydP1`neeHw!NtTDsatx(`n3M@LsNncy&H1uP-6iT-M`OgivOtS zpnl$O37(A+X{bW)J^OlzXltYUoR|{FvE6A)m@|2yeiYiSoIglqpm+A*TQgn|)m8Sn zxcTdwo1s{>!o#nl;R&!PCcItM7j)nAMYsex0ak9}1av#WW?1eZAE7}u#U>j){m$QC z{A>nzVP8t6+`qw%8%f0Nb-Dh$@}1+OjEc28pXHo6P01|+*0zlr(-R$BxTnkZ<83n< zf@ZKIvr65^UMk^wB#c6KxUWt~DYHXZw&t0RR#OFg0&g|-4t}>r__t->}^V zI}7P5esHTn*CLcpboNW&FT!?d(KinDldocX>d6%h<8b2V!B1GK2GjyAnB!gL&fVN> zGadTp`^NdYS$Rooac3HDC$y89^N4ePnX#iHHJ#D0E(tI4V};2{jB4+jjbz^Qw^g0XtJmVaRdG{f zGCgOtigJdwkvrvzt|?!t(CzW6n9%ci#WVJU73&JZgFu7jVf7Wu0qb~24vRRdYALym zMx9+!VJq&#b)&aNN_ z8sQ8(=?gG0#yvJ^(d!y?h7xvA=-lE90BDpfwTee?m#O-r&h}VUp!uxjk{^c-Li z99AQfha)HHM(D&~jp4Cl?I>fb2f1%?{suxeznl~~>8q7++lreZX zLLzN2)-#HJ$NE4XrZp*K?y?5s}O zxv3%(y(MkkF-tAMESa0JNM*cIIfUuM%pm6v_Ne$$!(g z1u(b^J`vEVyH4h7)Tzu9dOk$g%IB^SERB#x#^x%2MtBkC8Vnp#9q+A94=pU~LWu%?aenm=jkg*S)t+vHmbu1z`dLyxiEt#9b80;I zrbnymh}dYkwXb@K=n9weo+_JYUe4%`FORe^jJ=IN2;iFb&O@sK8#;1R(p*eniSrRzwZ-a0)!do56stEA854UiR z$xZwGHIC=so{ht^LFO<1`x|*!YwsmXCRw;Kw`-Wn_Ge9-sX7hp^&d!oDFUWq`}h8e z$Zk6|InIBRUp8RkJg)yF38z3y#hZ3XTz*eEheDK;CD}V0W#z>t%V4^&;;M zaBw7E_GqS}wO>R_-}kLB%RkK0-2K@4_qOvliN905{30W^oZ;}S3DIvI+`kQuyv7Jz zcf>uaTrLephGol6NJ6bN-gdZcs)T!;aF<;cQe&Z&V8J~@TqW>Ym)o4Gqhb1`H->7p zUG`+$q4u~-{DJbbExe`Ho$)kYm(P`Q5A*{+OQ;bmPU{v-tkCLFfsu!<`CWbzInw9# z8Vb$Ul>7%mi-AZG6K(eL_Wq63=%)}s5KIcHzZvT`|!g2pZBn8;TD)~=mQ z;&tcIghB4nEGC_om@#uFjCOvg&2jUWkK@GU&~gwR=J;<0@g{z;Ra^bZpyWn>9oD@- z6_2=RRuEQur{{PTl8S`9J$;%YFApCl{xjr#VaypgF+>YMRzfymkMFc}0vl49@KN6E zlT*@8J*YXnQLrbud-zbv0m z^0o$3B3ASU@OEWipCy)mhD$wPO=XhiETM7TUF90kLu%%VS$F05N2RFADIBLe1imgV zj@7)DgtQ&avm}+?-nMD(v|X?u_d+~X2;!4x_Bd7wc9G0p zMzD!mnDLuApNsQ(RhiO`ALysNgwv}12Qcxpl_o9M{`TV(X=_fuo@Iz9Kh0NU+P*On z$;ZgVCiJAR$uR{i0wk0n;@+jCmS(QWguV;L_)_x$Hrh)@>Q6t2Y-|@&i5!Hy{|Yx~ zUGQDxim|x9Ql~&_h&*D!Sg0hRbgmlZ8Jj;zj1_D^{j zIbC^T94%z!9;P6zb^#XH$1c1gktd~!9bVU!7{+oQCoEod2{ zt8QkvW7~AfZ0N$0SGb=U+@i3RNunziQ2}l{1u*F~lLl3+y@=1NGl7mBI7_w`-}-1d z7YgI!Jiaks&4&YYm)|&h2Ms`oc{ds85afMQZ8+-;>;mXM|G;%7tCa~R@igC>TMmw=Vk}}U~#c& z#CWYK3eh^Kp{&lX18hV#vXaAwUbfz+1bynCnLq3;bQE zyKpuPiZ|s=#Fw*43&E}0I&c#HB{t`7Uh=^WsKLDe#)Lts)T)Bg3IURcu|JpmyM2FK zHq`O7bFT%4KChZzJMUeZ9Kl@=TBUjQcUp(!D{DuQB6EgZOt#ee#giHh}>y{gJG++22#$>U+8AvV^@BGYWzg(M;AAao@a(V#nbn{;gW-#lrzK%x+Mr-?P@d zy*i`xK}hR^HzWk6L%`+^na`DA{gfVbRRPUtU}>vL8>weJg&kG|!oMEzr29!D{OduQ zIyVfT%oGftUTTe&(NSlVj(6|HezZ?0?QRl<+TWkwe_mqyETdA&L;aY8UBHdL^iTx{ z$+r>`DRjfX1|*#>hS&gY`qvwsjPl1SeVhm`Y4T*@v#sL zMjVF}xaoFNu+I)08}$jCxpG=<3apnmrCb65hJx;-1&c@R5Z=;j47~@%z84 zI7+>r{`bjn98J4!_lvWf!d&C;>1YYX7Z2@oVm<$i!RPYwgsDZ;(sV_BRmq=X&k3)G zf6wkFnBH(-lK}OTETK7nH5Ja36Xx4}n77ksiK3^V3HzY)&40zk86;yKI>F{nvpP9W zqCtBTJIu;_{8T1pd}lvF-z?nJNXiP;S*1i-aVyXD+RV22^@xl7Mb@M_y;T}}QVLq- z8cu@Y6%blsdJ=d3>DT-1KQ}xm} zRI@Z#*-N5&<{|qkqrnRiv7MB%D<{NL>4!G2%-)vtV~_Uka1ahzeZMeBAV2h6mZ()f zCV*vZavmW9a(E{5}b$No@PGtAtrCZ^8jhG1gq zt{4fr(hhtwGqqBt=yA@^M#1}CkC2x98f)H;bFaPVI{{%{8YXHY9~c?$T5kU`D3`mk zWhDMab$)DD+Wptgd2orj{a7dW^+84zrQ_7lK(B@xA^UP^KdceZ4Hrj8@E8GwBOi(NkFXQGJ^1~38gZkmNC|x))gc{Uz#@CWl-LYV443;p_%YM7|L!*k9vtX+NW~;z)wDl^#9*;ha!5&e(0)&4N-=qirkYimT{xek-I* z8Mjzj*e;wWWt3=!hNetqNTmU7At`=+K9KV7E~Jhprrzzj?LXsMQ#_hh;#cs@26+$i zv~%iP{ViC&raMmbU9Mjr4gOqP@gkJc$Nc;O|A`l*9eE2Q;OA<=5&Q7$?950pf-4HZ z7XoNtH^b&ch_Vhn1aSRGWTYS~>$B6z>f@?NNHmXXNF3KZnbMTacnidAb912dHef?i zoI@w@u5Hq?U~kksB6CP3LZaeTkoT(ag%20d$AjYc_Wn{B4`V#b4^?Uy4g5;AFS8qq z_gFNzOpE5XDU8Wnsk%oGikJ=zw8|~5Rgs~m%;>&FtuAk=hkI)6XEMdQO9u@{^a3%dV7Q}0C{r}-ehGA}P$*S`8}D0uM&Esiv+B9nLbok4T6KICMqE^1rdV`7 zd(8F7|7e`z8*;nE*W{)f)x;McRp!;1%##P#5DAGJ4j?Nq*>sOf41TR1dXRpvCo+}i zaO2@&?m{M9Kr2o&IW2KRf0KGvruV?s-F~?=wu@(^wXv?l{iT-o4pVL8tzfz@H12kM z(E&DNFz+_*%>Su*0cgAQn&7}*cyf%6Tc@W=PeZ zajQx7nu)l8gBxJiI*{5ULL>GpV`aB*wU5Q`R7pnN5M`!kG#DS)U)`bM?ocstYO}gn zhz0?!G*$8f$Cqgi7pzO?^^=^ojOw0!;dKmcha0d!J91lwJWDNM`J{?$L|suwGl4lf ziX0^jPLCiLg6=;^b^p+kcjQV#EG7SgJmC~9ftdUT2|Rq+mXoYzc$QSYSpYaue7T*% zj!wT>1UoxrjQd-8n-9?~#{>sKeEzR+6FDDC~S*Vs~-CTk)bqB&Gp7{9w?vydk$LPWdYx1vvQ_u6q0+iOT<-vi_ z&FQp)wept@b5EtKEXq|*nsPN+5%m4gV@iP?+PCNtUEEr@KMgS=B51C@UE^<&f)KS0 zv{p#Sec2U20MqahQOW4ZQ;Znq+iZ{a~nVv3MGLMI=S7_J`>2 zzef;2l6T~hL2Kesh{!U9-#lA+srrgiu>UUQ1o}mNV8>l^CIH(4-BvL!jI3%h31MUnct!u`b#Hw5Z`?Dp5a1LG!m({&O zA1-Rbz>zdE^zAP*`iO@zH6#IBCcc9JGRZ&1E&*I%3cN<J+0M z6hp&l$Z|DE>#?Adu4d=025Sy#a;J=_d(P7L_j>_x%1~WssdTJcY*oY7{U%Bjp+N%kl#7>J$7YoR|C#t=Uz^(f1=NKLKz# z8^w(B5{m<4owkX^a_oLn>NM37>&q?g*MG6qTRhUZT5UfO_u7c0lpb`@_LdQ9`Go>S zJFW4QU-u6$4bB#^&o1|FjTf>J>bjoqo278xb)mFBogn$+w5F8)`&)qKcLrT!T!oS zLxoU&;$$6PEIjIJ^W4&ztLCHWkv!}w;OZlfNmZQbn!dEWy!AW9{Z;kSbY7CcbIv@5 zw_eE(zK`U@rc?KCjV5_l6eM;fbDhF7niA}G!MBN_+V*6KndZ>)M#Pt$DRv=-{pkw$ zgXM!;zhwK`Q_6FuWq^|3M$<5N{t<0TP7mbSnfcMk@M^oHBj+vC^K~)h%KB~4S?sqbk!8!#6%%Elt91U*XN&#sg$-3@=+460zrXr(c(MR8F}vOu@#KkTx( z8JxPCgRKUjiBa~;UMk2ktXrDW@s$v4pe2<*=wNmI3o7dl5ETnv62D-(MSM5gDRy)h zoygkiIqSwv*F6Eef+RSUFVO-4=&|I;{n|(4x=(pgDyW@=sGo%ImU}7HtMk?da6#6I zUg#y(Z#}-l`(3ONT!3PHYziE@WuViimi5k(^x+^rH`Wzb|wwn{R zTCI6t0$OwYVCVTu<3vDD50mzp^BCU_d+_^MyHQh_(?6}sZ(DQh?JKoWvf*kBJewYW z6x}GCDxOe$@9>ZR6yrId&G&=pR`=8gNL4RzzFW%W@vFJo*z7${RAujmV}@@*li&HD zqMmHAgrl0<$K<|&TP3bcf4v8Z`J!pBuVskKA?H%=YYxcQ?<@eIN8lKF74v-=Ubjgt zj(iqNDTKH-`>%gkLXi_oqU3)d$OwG5=~2DkD5;Kz>wuYVd8 z$Ua0fO56n&k7j|D z?>!9|^CHK1cO#b82<0^;<^_`Tg~W*@zYm&36E_n?%Arc9)wm7mjx)7la_|uLmW`M1 z-P#}OzvfnlPBZCQ#(Q&{bq%)1r45d#sQhZJr$#uQTs@2+RU9)b|ze#-GO^>Mdbic3jYqfGTTZ8TgfIlK7yWqk(R z253f-AGP!9WO+|(1>N3pSXah>jTpdx#psTVi{r*>=U!WImPnj+!~{;s|yYbpJ2LC{5Xw?9ov?ct0bvB5x_NvJ3pf73 zjXKY7SrGSvSHo+Q(zbT&VM!~5a~mn+;NhG94#P*!hsxm!H}U^zejN%8Fz7c3WytkR z8+Uu9I<#Jp|DBHEjJ)};joNxgb|-jnzad14xccM%=7?-KBC=)Ot5+ zLpyEMMqqyoYGEU=Mq*u-{}CsW=-Md#`dD6C!C3jy*4AL({e7QdKJS7E$!N3Bb+5lOVuQ#FxH$4< zx#%$?*>&AUkCs~1{f^P7lLrAvtHb2rqAWd8_s-S8@2}Il znZ=zR%O9}(=wr0LYMW^mG?ep)gQ|7kh^OPXqDnFFF`BR@{{PVRol#9?ZQHRj7QoIR z3Kkqh+9*xB%BU16igZW>1f+y0)c^qz1rg~bN()Mp8tDRos3@T0D*)M zLI`{ZXXbsL_g(8dKUhnMCuiULF4uM4`|M3p2xFi#JsJ{L=7yCGL~3aS)rQQ(=BqLh zVSF$mgE}dZNmMwpm|j^>Iz~UuI%aA+JCw9B>ElE$6gI7e{0z{^fIzN~m9rWZA{!Kg zsFRHT*ID+0mMkJ;4Dv44AU~3%5IF|17hA}#ot2n9<{=|lIU8b|?-xGnyrOqDqC7pf z8|$$^@tqkvsy!QbGmzT2^OolP9c1wLVb7jw$d5eX4TPAzyeD~TZVyh*)myYy1@UG! zwA|8G|CRGgixK;vF_)duKsa8Ap6f^9BfXCEjMRql*55>-B}u6>#v zM~44})%8pMdiW061ylE6$C&RAZ-z~_qu52i{I8PV&x1MStM+~ndgjsQ^;3GCvFx?S z@JsemDlfmRJ+3|;Fk~&k;G9kDp&@_j<||@7o5Yb|wJh`GrXmwsrdXWCi#h#9r-vzE zm!RFWBa-NhFN=F{o$B$OF7N106#*TLPQ_fjA(gYIW7$D_^1yLNqW*Kb#C&wkMF{7D zO-G1_1(i?5oDOVDhM&;-%Fp8Yw=2To`fZ3kV&eZ?>N4MhY!`9`FeROAG&q# zptsOGE@(yzbb`c^=8~AqnV!mrgb!m|Ge5qdLPl~H>n4h4ddz$YA9O8yT%|!i0Ubx3 zb&Q=*6OE4dEBl&iKZ`PilB$Y_z3~peb4>3oT5oQ;I#XXg_ea3=+T>B0f-A3|Rsvf< z0Gk$tstpc)X2Kp=XD?5Bp|Y3j{(ccDwSNQI0Fz63X0Wbd#!k4swjkoZJzRKza;(Gl zoR;-40tthiA_h&lbP@dZ_#UTiL#PoM-CJkQ_;$ou{Aqlg_M9^NSw*Syl+=;WVSZVx@$kZt-uKX{BH@~}(Q4(5cQo;~B9(X1>SE_xxHT1s!oFjxo(CZIf}T@0 zHgJhGZDs_pn@qgMK1(?cll#E~;V$LMiGC_&Tzh=|dplJlF83D2WTv?tP1;Ib@p?5@3D zGU*wxi|wct>LY(n{L7nhPwOMjmH_W1n?hQ1m_~wr8~JiRz!E+wQ@@bPhu@D0&UHrX z8_T3qPnGW}Hn(4QyN9^{IPQYY%g>%yk7&g2H?jZnSDtMq`ACDm%$0c5pD_!lSDkXe zj&1QK9p^Cn{=Bk?yQC$X?9tZO^u^ATHfZ-XC<9MXuowK4$Qd#;=vjOGbPQd6OI&{z zNFrZk1oA%?j)t6M&C$gdNt0>3OU8nE&Eq0PGI!F>pKxy#cMv&dUXZZm)1am}^;n@k z6k}pPU$Ct1dDC`OLfNxOS)!0`&Ax}T*R>T1?>HiO9+1j^Vm5l+;m?#+#aALn-9~5u znJ+4zDb$22_ljWd)@r;zA>){$q4W6s0n5DADYbAD!KZ+uow0TN2XT}@!b00ABlxQ3 zpV`RlNaKRmIyA5s>!)4O?`w!#6~g6lmtFP5T%JaWf9?T*7I4O&N@xA+9|dLEdf{tV z1^*ln;uwnU3?H=CaC%r=q~Z~t`P4WFbt{OJbf%6m)^i29yJ6@+)@xP(xxUIXIA#;B z=~o4gur0$6Hf4WtHIXU*H_K>l2x z@af!ebwaq$QQM^NN6r!mcb3auhZf;(URN>AO@P88s-LNb%wt}(2EGOFf3VgUS`=Tq zK6lIMaI}Km2XG(*8OTmSP|07|X7_XenQlz+K4*Fix0L-Ji-i5&_}cuHg<}3~_u0T@ zcrl`V#GR-m>yoBmmXq5t%c_#RPCx$Ew)w8pOn^p!D!tE` zR7%_v3H22TZyzBXmNBpkZ+|#i0T29S)&s6f0yFxX3=an-!?rR%_0Askz_T7SG8?N^ zMz&F$G_cTvSV9fOjU{br7{Vyg=fidrh}eLY7|wYfLonBmQdXe&5r)rs@SS%Zq5PHC zG20hO!ZM2t?9A;W&_)o|Orkv2;|T(=QBz& zOyCz#q^p3lGkY?WbF~iHEh{L-7Q`~bG``i;{n-{b_KoizLCcgm-j)fR(d>E0?|j2G zyIj>j8!zc&>l*o2tLlD8+|kDB-r?Z; z{5+^|r~Khp8n52Dbu0E|?4RN}h^EBK5*Y#qRI3l{I{qg%CxUuWn`tRc-axeqKrh}* zZ@svFWqQ|>-pkr=&OYDqWg?7f_+{stXK$bFetybz%hiuDt{-EZ_aEAFv)Ywq_s;ZY z@~QqS;`@yF%dO+BW6sJMrcJnw*vW>bR%m1Pc%y0oNl^~6(B#ZvH0h0NK`1{nz>)~~ zeEk_&bmZ~-Y_YI0d>HQx7|hDrf6>zitkq9d?wGs!M@=x7U@von@i6S_z+~p?0w)YM=S`BLPu*87%jd6l(@KpwVfOVtu$$Tv zQn@8-p&7qX(;`rxwtHVR4(jWp=5S><%6k@$2v2iU{HvzPvf&PZzH?sl+2v}>rLflbf5 zrluOJ{0=sj!zNej3^Y-i5N3>@inGUtKnYF22_g_U%@qMOkMPdGLJ$#YpIf*QPLPG= zrDl_2IJCjG@9v^g+&0t3=xm}Cz3>_T3hkASzN#FV?Gty%Aac6FpEgP7rV0sasI$pj{6+NgsBSAW zoT& zY%hPb>5FlMx$s3oe6k90RY$n)|8$DW7NOUtN@S6Yqd56U6&Tn#0+xl>@wIQQm~R@# zGxIib9)R<7aWiWJ5B&6b0wHD{-Yant63XW|iTKwxv zW&$!cJhE3enltkdao=rnH=bFz!1Z56%m=FMpbs8OCl!w@<$GKE+Hsl&kt@FZ953K+ zo=cbGk+v-^xU#{oQ?x#j&FPxtZh1j0zTV|SIb64Qw2wIIzsjGj)mHM&ivZ`A48X)Y zW>x(rjF{BO$U9QQ;p0^*AvqB!nz-Z6@%Li6G?sz^N;y^_^ka{BMyH}knIB(OIivJ` z|3>A}e%OcdB(hKH?|oqN7y~>InlfU7no#tGO;X&q;Mu#1L-!K9+3R(OxtXL!D97`YKH`k}2nUSNw__9mWFPC)TE*Rp#G?NjEGKqF#4; zefEh*fLp-3d&)(E?}K?QYDvp<+TepM+Y-SVe+H)Yux)hEeSx!+IDlszBd*hP6ya?U zELpIQp)^Xi{M{Ds;>y@DFzUqiC&*;PcZA+ za1NK)o~fx>o=qasWextEqz?upPy@8JCb&I#q(JzC9xNqO2aaMsN@F`wawZlqgvbeA zEH!9VDd`Uti|NoNxDY9;(*|+~Z8gR_{KoIDi+l-BA{d~vQ zAi@TB)Z{sFJLuV&FT0!HYf>Zp{W5b~?n$xsZl~NOx1VU~3+~VfS;(Rwo@LGjj*DE= z7v|`QN9vo~af&d0t5Sv}6~bAb!p2XzS{&78o_r+^1Yo9iP^?9+uH z_EBpw1l=*+CU`xQM#Pth>jgU56cb32CAj>_Iw=>xd%}7PIYX?tWKzfVE+&D5n_i%2 zw^V?^j)XBxRQLpsN(*RtO+kI1;%0utxxvJlA@|mwk$ZBJ^mY9WCX1gji#TFLW}p!G z@P3-4SBp0ovF|RtzMR9!be4I@&$%3ep*2ziD8CK;_zo?~x$LN-iE7-NNt)Z4sg8m- z!}!hZ`oaqQ0InQ26N$wSNG>zzr)WXzzXg=QC67mO{fqhVad**NSf>8k05O(6@W32w zfbyp^Wbx&|Ak@$V)hl4phPylQn(r!h(C`iX(T3;A5{o5oNfLS?j`}4f?|kByW1U3S z{Jw`_UWjF*6ZYVk342<_rs2JkFx>ZJD1zrWCtcZe{=%^K#mQNo%RsIRbCnasDgB@u zgweFnL}x!H;b@an^?YrEG7M=i;DkgUT#6i8XPoE>m@$)B1v$z27CVz=%Ymb+s|4e( z;kkD?K@lYLyi0KgFsD4eHkPBy;btn__ZwVXuL~8)j zP(KSB4(HHBorgX&;UQJ|?t|P$FR;Gg1&K>C9-%LBG?EtJF@6d{4BnQrLSY38Ss^td zc3?fUcSJ5)Rqvs_kUz=`qdVg0;RN!l#kz7x_~OOOm`F#w#^Dsocy#_KYqDGaA(S6h9!q1S3AegQQoJut(f7DYEat}PmqaV*9NpIbu6pbG+UjAUz8B5)RDnU^oHaKP>hDjy13nOx|L0r`l zhc{<@Ti2$jLCDLUTAZF;U>g`XLi38gJ8ow0>cH6C5w+Ps#3<8XxJL*!Xc`D#em6j5 z-Wa$O69f(S18brT(D~tD+Y)|`q6;U`KuX`@@XGoJwGB}pwBwzLcf{?~t80CfOE;@j zH1v`?`8kw9jCtEaz@wrCjJ8DylV~-<3*!f6t?v{Pr&$^g+cJqA0%JNoaE_Cuc@}ks zCs2GTvvOlvcN>aZq9td-3$H|V=a%&3#$qeL(#Iv*L@|pW=|dmr(d?c2GN~3V<~8A& z_!YWT2plLPyeG852tjxr-&+$EP_Bs@3uq9$`cQMNi%zhjr(|1rVNnJPt>)62cG6iS z_I4_l?h|ziFBK?O!%0JG-j(!qnh!T*GkBr6V|f-MTD_7IIiyT$gUJM56WO{mHsX(q z{8IqRP&M5cn~A`pa#%t7)4}6Ez6ZR6%Hd(%xP#wByP2XQ?3kcv&elu1_p1nNlaN;% zuv+Oi&Z}l~5ot-`#^EpcCPNp$$kPBb4)v0SrEH95b)GR+X)ZMA=53wkISD zjyK_s)qufRecdV!sH@&e{P$Er}85AD@^fA1<8Ux0_g)%ie~P%h`ZO2#xa0~k%9Rl-C>-UG8j z0MG&K$FE-dHcwdT4 zTLm}*ClM}IhcVx+ST1-RB@hxqLixAnn+9`}3=FVRHR5V$)oGe&i-#Rh2vjS&B>`yH z0!&11`i5{ll&Q9%nyGoWb&N$!BRO6dfpc=CRj z2m7(}e!C0BwE`{CP~My^7C`V#A48fo#?wkU0QjYh6`p|vN^9%E+Vc6@?b;Dxy}I=j zJdiah+lMgo+AEyf5n#j#R~TVNszV!=i>8S>py$YA4^Al;_3A2!glk1 zMjMpisfJDzpW?7*{GofgrB;P-PN?K@a*lgFORR_4cAlBYqi6pJ6oy9(sziko%3=uv z&Nh*GS;WXawn&51XJHHBLRRCUm$2#3kyU29q@2Zkcu?yYy!6G55IuDis*~u+`4(!b zn?*u-o4W)z6yqWe8 zpf-$k+8730&^19HWAQv@x)#_p8x?mReoCBM5}yhY8Y1k zs8cl-J{put4I;FEqzALKlYjXIXOM*pKrGTGiB`ld8kBs@M@}7sz#22Ko#IEZ!gIs$ z{;}KO(FEi=_e(CimXJwdc!TBmq?1&L>YDp+vYvLGe7cJPDv`tpUfMK z0956b9OpaW5+;3oCNOANxSr3v`aK*v^3|rqKohNL0K2#*n9F+2|0}7_h=b3qZaAKX z`tH>fkW}%G0kX`>v670rT~-RNzjjOYe0S3XwJS1vqq@$6?9caXAA80(UQ7dls?Sv0 zR8H+5O}mB8D=aA?cNs0Y7@5?{mfos=E<4?d&RxkhMHCy+8gAIH3U`mx`PU*ze7Agi zsIk$FC3a}S@{FPIg(9CWu&!~TW?q{3MyoF}d7}yu-NFdZjdZB*36^6~DCkVCLW5n~ zD&E_^?c8cvoF-9Gg|cSvb9elCWfWY)7d(KMS`x1AET!eD`czifr?|j_ULDneAB48~ z0k|<=ysN?UE)GViN>fuo`$hkuGkBjf^L#|3E0;y2R3Qg(jdA*hz2Vm7e_UjuS}I-< zYW#3rDI*lWWNUN%B6#-PZRZ2gY;A}eGvmjUaGh*c(~m1>4vuYdGi?Z7FxSYaacvTO zHsdr5muA>cT~a`uWX!=KzVTN1y4Y=*rjPaN=6e0I$oD`yWTzM+6sX6xM?yCUAN?5 z_w{+u)0&iEIm!_^N~eJ~--b%4O`ru`82xcTji^Kpm}*DmV9LiatCnc9H1AvZ?tA2( z{V&lpp?kcdF%C~|NYSBe&#q1*Ny@xrv9jH}vu2u@?bSm3pMI}nmOFY zjDc$RAhBd|o658^j*r_B(R_ZGF5h84IFh?0s>PEZ?!ILG;fR?*QS?RB&XX|rK} ztdg{6(<_345q-B#C1jC)YxeNc=Z#hIBLb=<*6XiE+M4D1#2~PE)uk+MS^&P+#}pu# zf?UY+^_{JJkBg)V8SMD)KUROjNWB<}7D=Mj<6c`XCcOFWIY|JW8F5${Nj^0%gz>RWR0!9Q4Jvp@2u4hraT)HPL>upE38G zAp5Ypwe@>A!$!tt{ubAYUV49fD=+Doi#0uUqkLN42HAQ_DP+#uxWDPgM>aQ-)#JFK zD~GLEH;HiKmwvSuAU>}RmXng9l7xDVPj%08T!Wg_GdgORdPWYTM?FCx%f9U!&NE|W zJ7o)pU~ftuc#SmIS2#6&y0#T$c_=|jGv!SD5x61z0dxx}eLG3wP+|V0+x4V``3>gD z>&JrY!Z+F*+5I?TxAJlAp2JA-rQ+tDqVp{7Q}6l!H#BPVITG2w6m_`A+Y&bZGQ*a~7>zkvDK~+qSV{o3$}>yWFjF6xhQv zx`VAUvC(uD3?$qq`Fl41dwzemW@Ob4>jrP@TX}yZWIOCDHmW=K<(9dPsQZ(}>g2ys ziJY}*wIMWsw(~(|MQ^0_<5f2Xq(ZrIT_M4pv;o}g>Hpk}J5B;al$921So#9o@cE?f z@`IH0*M@%FVvsvgyt&ZRuTJ^guHDU`OJ7e;{~Exh?QSy7*ZtbKp$c0DHhT1H96QbX zgEpcur7mj@kBka$nFN)EUPeNtPMOPnd9W4q`OwjR5m5T?qQ|#^Otx)WUrnmtHo8jM z)milYlL4=CTXfyE@3GtS%In`KGiU3~M=U zDeqh501*k)9qZdUvG%%fw5} z`vwr`c|3E^?pwo)`{(j;(Dv)N(R!as?B(bf|BcqkyJK!{oZDA}|0>b&C%=xHuw?Wt zU-kFzS+3`q*^6|~RIVl)n3mb{NyqI^jsAI6v8@L3AX7)DB=feZoxG?|%uXS@Xs$1P zaq+<6O>z2ACc?@*HBf3JPRx?%AUWukq=DY9eaDNng{LLa?pj2sW0_A zK$cEU5Xt4t-gJEx|mooRg$tsGV?t$ba>z(OCQZ%?bprUG|k+b!RFHb}Mc z<0T#%cJ7*rOgt7-LlhHPG#5v{&3{+-_J4o*2uzS@&x~kvj!9*^FTZ9uXE7=K$fp# z{PMGBd#HoOxCte(^vl;L=0(3`Z}0xvom@iS%Z)KD4!%|6Yo62^to>hOb$7>Apw<^+ zK%m3BL>b#QAK<40e24R>+VlzAWAJFr+o1;z9z3IKdE^16f}U}Gsw~3v zh5n1gK6lS-q+SF3?bo?i7nq*F_$>DyJ{nkR)mW7_W9;hs*bJEY6aU|tXYXx3_N{2| zW94+v*#N-cof_grmyxW9&44?6^YvvUP068qHOMQ~zT;}f7EpDmx9gk2Z$2k*naa!m z$BFz!n`cdXi%x6@^+^Bi0*<{@+g}evl?W{T88oMK-p>I9x>`hf@oC~u+UQo$S>-B~ zvqm=)#Q}Te>+bkxa`Nxi^n6FzSnbz6X1W0+l@XfzMiNwdRi%@*8;}{dJ8zm7G<Vxtjiw)aPn#Z{!Ypg)7PeKdxGw+a&D3kK<;bM=!7R?%4eJqvMAdTJmv!ow|B@ z3&?fPWk4Vf7?(CbYf`#zurTgN;Z5!WA?t7D=<~w|r_z-ky#K^=XQG-h-K^3q6+d%Whgtt9c*`J8}=#$>PcdODVhE2Owf zJaluGSZ@0(GzXr?MUBq=&fGb9bQ|cfg*_Nz(mq}wog6%;ZIl#X!R`1fHd1MC1Jp4_ z_k2VShPS>Kc4HBvE(9w7r&@MTxeDCvT-)Qsq&E|!%oySF^fWgkuTUGvnh(-64>|tr zI+Yb=h$*ddOVR>o zDmi+?w?!gadPalNZMHn>d3%w*vM!ueQ)_ z*zsh50QQcJ#$W} zQfU;$DollAi2BZV`=59XaRv41*gOIE7y@u1k*!kW8>IGP)crO23-EqN_G&us?r`r9 z4KoIY)k1e+swkrSZy~MZuux;H6^BXRT^q=7eYG@WYP08K^>x&}$;W7gRRnTb>dqwM z2j%dM^6)lR-gRHepjBx5_~>3swGnH76FsVII-Zw)?fI`%gmBG{E!yr`3}mlc75S#P zBb8GmN(4K`KLNw>XbSBuny>_i1^^W|kU2PBWO%)4;c>iDm+H#umJ6^6C&}K8quIf$ zrJhDfs>GB=j~hrP?7hQKg;`qpPA8v%z!ASDhFE#~%Fuqzt_l`5!!1!8oSHT>9H{R9 zSuZs=7m7mgsdQ>iZCH=J=X>ix5a>?y=o~DwK~7CI z14iZ^+gM2x@1BxJ51ZaaCBk}HS^CLuQ`tQpZ1ga18oMkH`i;*M#Mf} za{gF#THk@9}YA&uR5(@ zQ?(Sswk^0O>VvwP*7jx4og$=m%3yiLnTdr{fXeU%TIsQvdX-@IS*f3Sg@>=yoXGO# zZeUmX2bP1$x^jF?xsseEgRrw2^NZE&$yt^Xkrlb-J&-=JSN&eEt$)KXa>ieFw^6iqdr}=9+U5 zL;Q(vPBMrK1Jbv0BeKHQNeASxYue=1knNl9Z1&U{vYXS_$#VSQOr-2NvaSRrH}Hzz zgLBtvaw)7Pme?LPtJ!BA8ajovg&gS(z(&NHN6zkQd~)NmnC|y|Euvv>pX@UpYI&$qg&%)R~GA@33JLx!YO?3-S> z0@(v`w>Qmc3YfDmI~u4za6|rpW{bHNKhSiJJm(6F(OdXFKJl&peAu!$dszoIEOpo6 z1-Lw-uk23xku(`Nxz*+`aQui&4`E%p2jlKxN3Yq96ftnRfzYR_?Ehv&a0LBxkYC$)Yf41Q(nBN1VgGSk{Oa<$X!0w?8c3~O&Z%F zs_cNSld&6L@HakDQkqB&R(K<)7M2AqTp;yHmng5nWY24udbj z^v%?G$hrElvP07PMA)3v+lDV8^e(|vcV`|iW+|%QL95X-#1x@2=LNgPAF2#s4pIuN zJejLALzO<`MuSL3yL#)*-_Rz1bT^e6Io6I!9e^(_icljx^G?`80$#0gh*uZ^E(YZX zXw5#c_UHN8eobI=Rs;s45tPc?MW@LPwDS8xHxTmjTuj>-V>J`0VZ$idqoUv0u?-YF zhQ(#}^tzC`)T7bKb#;UOU(d@uwEFz`cZX1Su6N_;p(1GGy#l^7&!9^xjad$BO9sHo zJ<(~OwolUFO~|lf-OD|rbN074GvB%^y(<*G{`^C|K1y@S#>@WYd0vv(7%ZXL=Sc;G zW%G&#v3-p8QgW=TL(;?5eTJ4-*%73lU*f0Uw9!q76P{ge7P_*Pj`h{dW6#gFETvhi z9&!m+EVOeDZh()-HNfrq;afqjCV(jiC@)WScXwZ)Fa|7%xkejNqId2|)?BQpjcQQv4YO zo|$?j%%0NGul-y?amAFjp$@dU`ZZyxkw=u?JxXcYGMBwbU@qrwQK zWnFYggd(}Yy~}#rPO>N03@s-e2Ch0D7>(Qp+GmC~dv!N~A_yAyxpP$}-OKUZ>h~K1 z@3KY6P5fcE#75nZb*t51zuwSVcobdfo&M=QV9TD9YpXT)77bFfvd(oL4@<4P*Jom` zSCpNg;zQY3s0@Hk`;vZZwQ)iW-hr7cK84r@Glz}ErbCVL%kWK{_4`%jBE#GpCA_wL zbOJ9SY(-vyS_36(l=lY&$T#A4fzCQ@1$fD&uktp%S2q^gSnGYM={bsqv18}l=8t=F zw_4;ZJqFz74YK@x<6bN{Qw8#eP`T+7U_k@=n)2yu*COIgDDV4OgV}G$*T+12tVa4MCNNhuL;zcvA{wbuG`syVxm z86jdfnb~$&Arp6SveUjrZI!=EKaC)56Q6J!s4s`6 zF#r=XO+`O~vlepdV2uIavkI*f5+YY`!p`kZOG~qyDXnNLQ3FtY7(msE?VOhZ$;GUw zcJ@%vmPdBKz-?};V}l=5^v@$1Z3&Jg=Fb(Kn}?;W!b58Z%G`Yf?GTw8ho5TfEfrm5 zW_P4a`>R9yze*=Q9cV-%(JLyJYZIh4gou5Euh$*Pr9b{6i~ok6xJr36pxODnHWzdv zkD&$cesdM5{$E-f(ls}SfBrL>TlA;HsjHAHR-sA2mb4Obx(aB_YHET)T<~0QW?h{% zyvo$15#0lmn(?eRsd?UW@u~E9KU8)4LFMsf-242~0R3B;Ftm3Avi;t6 zd5k}?50rnZTV*=cuH1(G+njN!twsNU0wlL}l~!$&Jydg5VI&}_wa~=%4QAsbnf*;Q zDNG9l;u~)gpZyd0TX>3>8Wodc%w6Bb3vjUFc&ZS4uH-#&;Cuu zGjcP|VDSp5;7$-|2M%3mTK$g#azYyaP$0UeYC9RoX6|bPNec9RUs(Y!Z#QJfJV~d7aKfw76PvLCW^0khw0>4Ol#_mZ*crNqQ$alfw{2C4S@0H7@NtVP_jY|7-Qz!NCn{=Oh1-;r29J zw*KNEp#8d>*~xx)lu&7(YW~KFS1UbxCenXf3hKCJuC>48i^+em^&i=CpcBQGo0H^< ziQD_{$dnnkZsi7h(E)0v9mMSE_+4qszF#aq%$H+nKQeNGj*i5f1YNp%1(@W`%fwUz z5EL@5yeZrR`h4tPY3W4e)@Og6N_mqD4EWOQzv4k+S*q2HyxeQwzZ1wmvVbBmL1O=C z5up67J=NMB|Iu4PI!010%G~sWE>0EyDTPLFDu8d3{^#33mv*E>MOy$RW7j{o2~O9S zP~uLlsSw}W851_xFXEs6|NcS#IJGVg+Gn^qGrz9G`_D@NZQ_3wmdjf13o0ky8Vs%f z?egm~WZfl{suk$ci+_hD#$j$fm10yleP#~^c!=HqK7?iFFa6}(LEsn9^!{_h5da?^ z68`md2gp_Y-_PFmgI?PFb^YBaAb4*4&#g_2&c>(j`(J~5Y#cRAJK62=--46NdVAlk8@v9uFBNZ>9^Z1Q;>TCfO$&Yy>mi)nG>07B;J>ZZ zFR}@Y56%4*4?JQR@Q4pwNzU4#h%Z+C#7()fDCk_ z5p(WvmQYdyuR`^w2n#A5U)?i~bA+|EOaCVL)R`OJ&+zx)1<1;mHiYvB>6-(T334>bmrX=%6tvC0EaWYn4~#WjuX%$8a;uE zTr3p^KTcv50mtTw>-nPrhTg?yp5M1dR)YQAs~U5UFMI=b1axdiT`=TmkS;iDp1NL{ ziHh`WJ>heNCe$I4Xz#Y%D&Yfi(8xL8k)B(ZJFml~rIfNY7lAf`Go8ixr9W1mu|aMs zfy1=db)nToI2-t{IbqDuxnV0Q4OsY<3r0 zl@K)M2q`>c{84r2XrV16bsg!f)DoC4d~S5hifI}goXJH6n}jd|eiX4cp`RXaT)rh} z%rHjuxXVD@bCvN9gRkp^2A_;`aW!=5+-+x)>ZF`@mxgkWrsmx4lsfk?a$JAS&r`An zIx2@k$ZC#1%*OkC-4@clD$1lb(K{WJuOVGlltOxRSZ(g`a+}I?095woy#2cLu@xOW zH|qakU4*QkbCGd|5fmY_XZx7ej7`{gN+Z!dYG!neXqI>3W<-uK`pkIMIV|Gw&nA!W zqW+&A$l=l^JG+NPSSbaG7dtxSBOQHgc~N-7k_HfM>kjZti!T2qgzQ)DnB)*ah! zbQo~oLP=rsEruF?WA_GjTMe)G$MPMN(hTMR+0mYnv18AA>THE?b_1Y@8J9W|AM0^w z#A=KKB5mXQ(WbVwp7F>5O3tZl%@Uj~C4B#IL$mNxxzB*+)<(Z^Ut><`+VZaF^hZ@9 z-L*u6{VQf>FIRGo1-~UHCSoh=%LSK`n0c+lx;fxnijALXyT>OE0C^PRKj}R6NMR!7 z+VS!Js%NkfEv=$F|5GpGGyY4k2R#}-c1dlBw=9uoWr`i0F1l)$ZLJ zoLe!D-WC@(@0|;Xe(Vp3q@HixFx-?e%-Cf7kd!zQY9%-KqYxGO>iAo4v&OWYZfnp` z-dmB`ldWYCY}*d~$CXajbw349=g^)g8I{;$;qTRFH&)(zLN~6y5ig=d&_yK?bYTOe z9%snFT&NvOHPw0ZR=JPC440(0cw^WJEk^Gj+EXMjZn>7Mnit*;wTlyGMw>$OM#8JHcr{ zTs8$V+tGXPMlFu&_LimXT#~tGZJFCQd6)5EzO*KI&Ova@so6}Ou{<7vQjVG_uBoY+ zij$M+u5}*w8tH#~b2_0Q6Dbb5kBkc zp0)h@za)>{6uGlmo1$N6PEekvtUpbX-bINd@?xAKdR2dQ0VnPbo-Jz^*XaiUS^iI- zcep3V$$$ zEx8f)rA&GtJnN`>p$QP3$@n@k;6+gbJxPp*kT+`CisVDgWl zyvLc(E-e-o78*tGOgQDIgE&E{7%|tFn`n_qJ*=?4=k`IHL;N|FqBCAcRP1lxi=Nw| zB=e?xGlB;=Dd&2cY$8u*Yd|X&=~x zs~A=8oNwo^-SxFoHZXf{w5+{hU;3*5tCW=YM9XO^b_5-2=(|oPpLVyq6_0ttQf9JN4x&9qO0;({l*oUnDRF|Fm+pGccZhQdbY- zH_@j&m=P~VatH-K73x3=Umo|2 zEVr2*jDu~m_)sf$e@B(6j{EiBB^3UXL-H_bdp9GleFG0x{d?!BQN^lGRfabe!*PEBE zLuXbMpxI`Ea@jvjI37C2WDRH~UKv{A^WB<6*2w1n5CHhx&#iZzo+;#^b0X)T-l}v^ zA88J%9Yau#4<*_bLK84~k+j2b!MG+h!xqBsn2KzB9$4Xhf&<_hGRvL3Jjb30Q@#7? zuf_yXY`UrY=yLV#R=e?BZJd59r$Oaqn``3Q1-{8h!}&lh@%KN4yRBPaX8LPQmnE@9 zn-$llF59nhttKqLSY{5!Ka~pP?z3+VEy66Z114TNwbZG+|7@l9&8$>KY6!g;<7)c% z0sw%=xZl0o^`>a!ZxoE3`SO2O0&EB6pG{3o&CPz^Wxb>9C)hD~w6timAIoMJj%j-H zhTT*~BC%B$7BeK~UQfM`&D(5#pCMuw(r3Sg%Qd|XF@XDYsCkisJ)01po!RSOd3QhI zh$fq@!*6LVxECSCr*oS&Aq@D#Ola(Hmjycqr$p1*WX|B6~C{gCY&E>BP0Xs zlibJL#Gkc23E>yncB8QyrvUhy?6Y&?L|D*-t@OhMY5pdVTnh*@_4XEih_cYHwd1|aS%y^&}Us0GKecIOP|B?3Q(QK#x|94w0 z({@xhHAU&BN{cR*+N-KcilX+CwkS%(z9-t6(o$P((^`w5h@B9TR8=jheHTfpcCiy7 z5$-FUna}U@z0dicbD#T{e`fT^@lNv2b-iBC*Yo+fkd-RyUp23d&Chh#k%qdnos8cr z&6_w;aHy@R%SqDFi7M3&YawO+#HaptBkVHO>k#Rh4G-46r%zqve?z10clRi?m_dU_ zBU`+`j%r(czMbo|gJg-EK9)MK3<`nq5l`tDvM)(9?T?+3@9&kh0~oWm8i`sFC%DxV z>}St&%uTCdz`5i5J#~fgk}w_w#X*N>fZA=wxnAp%>%51|xIdz2H*f-vl0qW}bqbW?r*?EQ^ z|2z%ily8W6BTJ&)gWrW<>@2g^2nMyLWmOZ_0MGzEZQ|U&9C{1IroVTw+^$u4An&8< zRDE7yW}5d^w~;i#pk`Po{{}EGW+GfhdXXK*7A;>otw2|NBtRfCtuK>lzjav zStfTb>p|SzszNB?%+HGOwEyTAA0>J=h2#;}`w(0=wT^H3Iz7qs{v9+8yChQ%2CSC? z3*c{ot1M7lS1nJa_E>FORNUm$^p$eia73{c!Bk&yCiohBTX<%Ob?*}I#~x0doma7s zE0&Az#@F>QJWT!BID2I(g^J$$C;k&O>yBQHZLd^Sn>UHpFg{i%uK@-WG50{#zIB5Y z2terztm`g8hQi1}!xf+z^QbBNw-PxsV;4)Zk_2a5L7HOL2{4qQX~OF56qo*^f*-ta z-8WO!I@gmHK}%usK|UY3>0Jd=)??OMl(^wx9boov`=TsIFF8=rdf0S0G*ZYeaMFil zgH2r_^J zC~2sJ@ot|ebuseOVE%y9*+?JdE}>TE8H_)~^MO2{>a{z=6|R>IRG29v!HYLGS7;pv z&}xTwWlA({^6Yvo#ZkHV^>g)8rT*;>jB=4|rfCwEdcQIUOhO?~Oc>sKcsp@RBL)3G zSQ#%gU4(relB(uM5M_Z57UlAKMTB|;4IC!Yk3ohonmFB-0>Z?@;}mBaj)qD-+`tT& z-C!4*UYhDKD~N=w*$DZ2ev^H#ylCJ*`$k|Q;SJo}O`0J8G!22oCG`7o6e7@fO#C^v z3csjCv2$?nM~IoFz#{Jl;4QIUrN9G&^ZQug%3s6$*dDkbf59LClB16#=`NlD zchpKq(DensA@gryCO)@WS={_1iNHH`aKt%KI?38SmLods<4&X3JAT^fSwHoJ4y>LW zX>$jxcpUMWqw(E*b=_-FF7bkXfZ;khH^QVR3$zvX>jqRF!Tj~Os*i4u7a@h`zfRY> z#`V;S%Gf&ko_*$}KD}MN_@b*j$2<8Z*B6WT7G*9&-72gGzIQX4JF1L964NAADYl^J z&29C-d2g;;lLdUWK@ITQuJu(iW5gAHn(vfHfr41?05#~$6n$2jqg6qX>{q`}tKavT zIb0)n>b7a`ulE7?fx-KrtMf^`z_fTR^wx|Idn}sD@w<53iH@`1hI-aXhxqHEERp_(+Jg0{Ir)|SF>CGGBHWmKP-umfC`JQ199bNsEoU=#K*V@entL|)5 z(l?{#un=wK?f5jz+7@d5=;q7lz7KNFtzUw-tDce9M*4HSmEi{@v3kUvcocOCc9)Qu z6%SbxyQ}{xH|77W*q!-T^5y>^zd+_R7y*~inr!sR9{caA(aoR(8IR>@B6bH0kQ#nS z^w`AC_BosPset*pwr(cLqfR?6m z-SNo~7+nb&p-6SU>f?Gt?$|}(&UivHfynY#pbf9^8sXJ|BgKs^<+C;8?>rf{*aA8y zyPk&VKH%|40J;^-e^Erv)D&&=c=LJpO^KxLk9>C^s){?r>(Zw0RtYK~ruD!5kQoE| zVzD!o$YaXE7#H#|WzW7{8F_*Vu4f@9q*g*#B-@-L@EUl(mQ0n%OpG(899VQ?oh?uH z%%>$*wF=tu4P=6GS+#pzd4~_i$Fd^7B(vN0UWn5u%r@_3&MV@gpGMbl2di^3s@q%K zs|P^=a#k-{_L33B&nyiXzkELPFGAYlpHlAU`7cJr?>r^U@+PE_^+ly3l~ZSb?NU(n z2c?jR6J9~_Q>9&b$Z#+Mn(akj5>jwk`mgF|)w1%!B6V=r^A!QG3(=qTUyTPo%dh7V z7f;UYX1?4Pe8f$H2TMM;?_s=JUI*Oru@`ibkwM6C8eLJgxi8x|)Zbi?r*WK}de}|F zseoLfih8)~bm;y1KmHknWZWyX!k8jiYypmAR%G~;yBw@0{#{Cn@UJ=8*-7wC4deLE zFCGI5RP4uwqGd4Mve$#u^int7;1`R7)q;CznmTsk|>S0yUPVv3r zxHry2iX3%@os9xp#8p(UU^gMd45~O<9fz{13jnGu=SFAqJ#7Ye@%p#;hf}JIL@>#g z(a`}e^s^k<_HCd`p+bC;TH#_}d9<+m;8p)b7#ZumLg9fEBV<(PBPB+_sP(LB2jPCc z84)I-Jpdb~#npWb|8$;I1kQ<`@dERC#coj8z~4eJi@E8+7iIMPs?6!L={;jXirdx3 zE8h*KuCj6$Q|*x%Ut#;c)^Zf}^-=()WX%0->;^QAoQ5?|!Wrj=}_~4z4Qv>t1qu{1-(`3G>1Ss{+wDNorTw66hZteu&L#RHD4lFtpaR4#XzM7cFhD$K1Cxn<~Sm7!|EvTG2CK8eG+;< z84rlqFlVU2NzI%Ja^e8$MJOxPo&?6p=cJRPNLf8;9$)t7wnmpbChmnE~lScQ7Vp` zC-=i(>2OMl%}>HH$q2`-JC+rWVr?JfJ*yC^7PUT+3MVc?Q3!;Dfz&$TW`2L+81E}x z7VY{_#g;GpA{LaXf9|t6+hru}NfDmqH3|CXgDf;8gDJV(v)*@TD@=gq|Cs>z!`cQX z>6{$EKV$Mt%Wf@EY;@qXQ{b+{ml5SGZ8+E)Y0Nbi_d_zq93`^$_4I#~$nPL(KG=cnThkq_z3#hA???S3laM zEEVEbW+9+eGwg<$J>X2d=6?BpyXXH(s8s#AehSopmu-YMdF99kGAhc7cEL_gyAZo_ zj~**{b z*{Yg9PUqW3^H;I^qPC^XV&nVisIwQN-$^e&Xw~BXwUEaeDXbweviJ97{4>ihrUM+G z7T2!VzQ7H_o#gfAS+aCPXw+}}tH19!M{x|vic`2ADPG+AN=(??2Vc!lU7wcg}0o&_O+qi&y? zQIU(YNW*Gf>yL(d& z$j|FH+ouwh4j}xjPo4t3^O@ZObu+z)j|8wfJFMLpsSVhYCwv z+7x{~bmS57RF>=hE%^%Nt*Vcv>@)*Lqf@RIBUDlp@mJ75Dxdjht&r0M#i=M1M8JyQ zpBZBw627lXWpt|6EudX#afEWh4OAR(R+Rk?+nFz&2k7ck_o~CoR2ybOSbE9wx9@F7 z{87J!DB3N+E?kJNS)IHwwIN&(wYYv{@2ikanRnA_UGpf?Gy1HFj|$Bl;Y8SN)4nyM zIGMj2KxvDc@UEV0sg2d@5`fuie<=5?dUxwxmWi?bgArTRl$~2f$kqLLQ@AemkE_ua zbpQN#Wj;#yww1K|*)xTE122P7(yxdJC*Ghn|15)VKVt~kqVL*KwiG?ue(XL2Kgnh@ zf-aE{t1JNJytT(v8@WDI3;FR8OL?fq+S)i<$6G|qfp;?3(A&!fs)8Qp3QVkLaBHJ@ zcyT*x-2XKJnp9+j3b!)7sEUXi@uZ%*W^dU@(2|;; zui@K(1A<1(e32I^@(;z!hby{mnc2tmOOdw+h8$8wZ#Yb^<2fxo=*EXi3`p)XzW&8A zp53Eiq7!rzwYqjfGqNM#lwz@&@5$K|WiXo-zyAf5LHnl0@+#$Nk$d(4(=9pLgzr#y z&;w4mhpN*?tSE@gB8+v1F#x2E;kC>`;Io<2qxTr7o*QrEqH6GnNcu(we8%cRB0=rk zq$05uV0`4bcVK9bPutdMe?R8tl<4K?ZM`1{DO0L}=}s)$B|29M;bc(-RZn9e!VSyk z1qB~F;+Q^Rs%q4?MNELf_;&Xz`-l_N^f+fyO#8^v#3Z>EL@?8wo642wNMo~W|PkxO@4s-<-sESgKKW;WAdYx7FX}PvFimnncb3Xubs6Ut11PhHKJf+t0{L`4fNT~V@Xis|X7SWV>Kh@X5@!FO1w zA|4WQNIO8&Uuv5vQOu_-DV_{$ExO{Mt%LNwlqTyRtQ$fyhs1IC`^@{xn*yFYB?Dnr z%==|Gy8E+-LjIC47WcP3-~%S5{)nO^@d@bs9XG23SeL-XzDA(~^p4DZ9zbYaFFBid z+?T}PIHVd7`k>=Foo=QnBEnO-YCm3>7&;pFs7!+1F8QACYJS zo#+G67|_{t5WYv5Yo&F+)84tvY!W&Oq@-5^VUDvuggey8lyW?4Sm*$XaFPtg=jfd? zQ#Lv|H-a>yA?YTLLdML_;CZZ^kE<&=AFUw&pfbNt>NJwnoVdNKI+{1*Qs8sh!*2Zz7)N_MsASBJBcx z4O_`Jjy-N4cp^;gGaVCRb18^~aj?{hP@w!J=)vv`>)ZCvcj}q!Z;NJSAS>p%$O2dc zFY2^fH)4V|=%Hdn?y*f8 zu;r?6Z>bu1r;i#LlaJPp!tUw?HS&(^g@&1!Ey6#Ya!V?m*l%y5DCK zpt(U^v8TkC_npzA_YI`COqe}1|6vs}x^|(v82PyC=c`S%KTU-cT-TTnho`+u<_a$t ze3)x3U`!!|xS6Ga(){-cj9yMM-Y+~V4m@1FIopZxG{Rx|Uk1*UF+b1ztX|9vmO z2ZqXnV+x9E?uAm0TMip@1#E9udw=EiLH9a8aL?C}Iv94!BOa#7duJ2ma$AlNdh1iO z!bnwH?mn(9g2>*HX?gPxxZm^w~Z>EZRCc9Md)Ij2iWB9`d5_`#wn})d9~Vu zYfGyo+mTa?Ap+2V;d}(Hkox>=lBM=gRy-#$e1ARjs8^Q|`bVhhR6DDOMx<_Sde-4H z30-KD%Wtu?svwBrxVHL~S$zgDe4oGCh30O?`02Rn>_VAbbLz7z&B-PeU9{vj;RRCd z7cQmXt>uD&DZEZW-@x9U&);+OYU+z$>K0FzCRui%KWMU74W_sA-@Ysm?s{f$;Ajvo z7cH?#A~r+aysy;veZ8H@Hyz|W@a<_sEJ{ZRKQJ39TV23sf39m)+pyh}(`0$`@CizW ziFo|EZ>knl>Xp1Gj+dD>ncMM-?Gj8zEZ(iX;Fv534ch#)Z#)U)r|N~(GkU7#+t)us zYwKm3bJBa(>c9I=&}SAFm&ONHxO>0MgiP^#ds~huBCP?RGfu+a ziFMwxOtV0|2a&ekAWrQXx zrJU?z3Y5q$tn$wnJd0JBFUH0+A{Z04a@-vRNKuKC?^`VDGtZXgzD(1mTt3B0$y~Q+ z73Omj#9wh^6k#VPee}275~I}0xDoD31((+y+$|AIH*@OOU}t97`j481_EQsM25K=c z25c7eA`6`dxX{Wo2}y-Q_ZSnaGAd%~TQ`V8=c?4B)ECafFP7c0*`F+><@kHu<-S4- z684lYnJkh?Th25ocRG9ra%wsxfE@a&>*((cvidNS$Hu#k^Qp#+3x{>6F#c2lC9ixN zU^{gcI(fDV_0v)R{|;$5dQ8ry+5^SvtfYp(&b&6%&=q$=Nny6$veJt> za@l}+zk}d!0!7l_4}@*~Nqs9Y@%Zru*XzkPpB1Ku)0^iBm(0uwcn!tLH0`<35UN`N zK7q9scWjS$f2}u(Dq5~ly5a`B1?%_kI>}u_s%~EtwN%w7XGk{Y_@hLAsF~w@I`1pn zsBd~beX%<>v%AW;T{$=DL4j$TuIF?}yEm{A@(FMfr*Tn92)?yU1aQo$}8&v!C@nv33_ZMDrgherIsXd))oR?-yU2?#rJl z-4by#NV|5m^JWkd2*^hUMJ*+5dz)G4Qx)#f0uOJY3pe}xomvjV%=8O_duG3K3eL_L zd=<&i+}l7f1$6XupYOENV#02=)HM7jr(NS>JQDn)OA;k}aV9ud9;eP+Ak7OF60=|x zw==~o>6Rik0fV`H*)#CTWcUiaL9g+Pnq+%vQH7u!`X}v6L`T(p0f`PAIZ`(=+ovfF z*x2LZ)yL4Q;Fz7sMJ^c69TLT#m8!5Jg?PPEx$3T2hsRaK6I-d&mC(adf|&Eb8<8gt zyyegTI+lpaQ3dFH3;v_TN6f25tjynGb#e;lFs9b-O0(X?};vPE0k^Zzn$4z*cz)gq5>jq zb!RZ>=$FHd`S;dFR6vwx{gF8)V(000ROh>dVV`j96ka)d5v4k>;ZS_Aqr&IVT2R(N z$d-sDYv2-MP{;*%CeM5-@wu=zidqN^-f?*Pba?Z!2>;Zmn_EJLFjR^$Y}26Os8mx4panb%m`|mrS}A!mf&>?fO)Ih9 z1I2u>a@a_N!K=A+QYdvo@6F{C>xS-8-j$E)p{9*ye#$Qx~Og;!eO_`}y)jffk<_k?tV zr^pIuLdNV+g*&6S_W?&X5erVYbC?=blXz{4m{{b~10DwhpP7;fHsXHl1}sg=H>&(D z$i9(6!XJe9`p$KUo43T>?L*Xo2(`12HWv@aKBrLi2$@i7@@2Sjb(7e8aSk4ef+X!- zk6lO~t|aI8tQdDOx}t<>qZPfeqOX@jOzXpiM&9)MLm&+sB!a`@b-Nh?WE|%iC}0kv z9ooqa#VgE}%y@`XE61yCqzfG7M-wuLASYOdAIwrn@+EIRH;EWczOuYeSMPXi@G(&s zNF!UN1oX$TW;B=&$T-OU`#6Yu1>spw{x; zQ1%*Z#HvY2WVFcaFL~M~NIUUr!BeU-gRl3XGfS-BQSSaLRbf0QDq2B)<0g3D(DH+r zdPLIYs>M#v6oZ1}tBe*;nzj#lJq^+gcA2MItfvnPlW0&RO_oSsF$IZm1c+f$^g9vboqueRo?1`ji zj(4G7s}W2;R*ubF{SSr#^5CWPs0sh=07s)EGm$&<=N1k*WwU`)h6%lGC|e&%$-fYJ zut*bs(Th+Wxp{$9Vp@|0PfrJi#R7F3(L-zaX_o?@r<>s;3J3!raZ@TTKkr{w&)E6= znQMD(O;6>AjCKHp<67Utcba~K5IkqyU!`H6%NIv)qX*DuhX4}^UOk+A^!?<(XXlPp z>9udi=ZXnaR%Sx$htzg1q05@#gTukqr}U{e2PV3!n!gZ?8B_b4QeD{86QduUudoXf zmm;*Vr@Ta`@xSHpg)wI5s>BRC8%9l~tcW7|6lBsv;9I?jm=5~hwV=8EGQT)zCj^5I z)Q?Vk!PBQEMb2fdE$$2Uw+)x}vycooP-ivgAMSZ4IV^8>1+8Q>U;;Jz3#1R_^#>jg zb{^@M{s2bxm5;sa@+;2TO-j!ie0+LV` zg+HPs(W|CTiGFul3|moKk6%NZsOi9f8i>~qpU*UnH6gMQ2 zH!$%6Z}nb`^GB1qza`S}vs?2-toOkpyw)p1B-U=`XmN*kOCwuT@OZG_$RExQXHra+ zJ%KW0N`76O!R>JAIwB*BZ*1#%1h-|8Xn-8w2JwyBU;RgYwi|AtFDxzuY8!oNzrMyC zU7y50>&w?mljr$DI@O6GR$g^L|IE3lv12A~Q1TqDR)PG1cVFoo6rX=QJvNqB=`R5@ z&=qx^((ZsTmAe;vJDjq*nfF;Wx#B}*GR2Cgl7ZUxOV!&0VHAFJ?2GflMd*ET0^-mL3* zmDF0#bLuG{+dvsr8`)z^QdbLm=vxkRP7QNqD7zAx*57a6Nedp8AZFPFY$_(_x{ke( zsdJq#n3?)z(Nsfv-r1g?bhJ{n#2O`8M0=~6%Bt?n6;x5_t3A}_Ks29eEW_||6SnGO zmPWy);%2GJ+!u!l;hNUsWNEA@82b~e-Ykp($1=PJp~Y)==V;`rsiP*-wJRyGQgcv)(zx}W-- z+l9V6tBU^7% zS>Tg%SV*rzA5?ajksr7-T3%KrwUI%p90MU(HOW>*nO~ndK)O`?NaoJFB&Z7AAQgac zy3f`#UtkgP+1i^l*!S$)no1UG=EPPU>t%%LP;OJQO@p@;O~tF$S&a>whMzZIx?0S; zL|ZOM@1e#_$`s!Iuw4a4BLh`VbpfAD^Y0mldy@M*1W@_JaBOtAN1+UKA@TQqBi;I~ zF;j*n@Ibq$PjBim=G!obT0CJ(A<7`LUfYa%7}RwG{z^WZKyVqXrbN}e+~a!DYCihp zPx^!w7)&R{X#%4m>K9}2*U%a9Yv_FQ@+X~RHkjncDEKD7&ng;jJlj^+y;xUG-Ry@R zh3oBf(mWvr$9;PII3{@RpRXJR|+- z>B(V{@xVtk$fRp@&XA)qNGdSdlQb1f;%y}oF~Lqf&xyPP)F*t+@oH;={!?u$#A17) z@joG4(!*D9Q13L6oiUNXPQjum6Q}r1jkd@m z1?2d3m~LifI!3aUj*=C2Yh)Q+N4-}#{*RT{Rav_+VR-WNOpwjCn8kLA+HKSAOmS3r=)!ZX(8Tln@@59sA9NHIc(yb~-j)aNM^G=}no~`rd z+qjH=*#{s8Fpc1Q$9vt%WCZ7%znJ?n~bK;+GWWIWR zMxE^n3l&3D7x8J(N4KL?GP*jSGqb(bDl>?x**u>`zLk_n4}=020JI0cH2O0W(p>o^gg3*MXUt? z5ZB*;Cf#0L>~zRFjfXnU`{w)hOkj<@-+2Dn1p@rx-8zrC58S- zPvlYf!z$kBxR&8bUF`7+8QIVB+sgub`plfjvq|gGBN^TsYMn~V2AUh6v|<)tPO8`eKqCOjrfi7SrWR)#o>zxJ|ts`~%-~nK>Vkbkt&b>%uiK#=hT; z@{=@{5HL9c!KURI_tJB>m zjldbK)eMjI(W6Jti{GIJME^4|^3VGUu%XQZn>_uycTMEp1GO4oV1lVr_I%JqbU|HS3y2N91_L6CJWCXLK_hq8ZZ|ftg1{RvNvByu`sIH*yQe^kOBRhT#Og{SxR-3sH zahETV{&)vVr`dS|{uP7dWT-SBW!SI^+q=$j*OQfeRze>Jq!e1#bu$Z03ZwxsMA$=R zrqrhgJ)nJA&gA{Qv^CRac*zYg1)Y4N@IB(CDs$<&kL%?(<~NeQu4-Q0b#wF06b(`l zBAtMakC2?+xY%Kv6;S!5;10!*E+iWx=X7Ts1Rk;e5mDlt(vSz5Q? zdAIzzmk^C*LaC*1r(C~8NPm>#ngv)x#;wvjR$C&vbTo?upQcOafbb9tEou$ zLq(ErIN&9@--U$Tx_-Qt7qRJVU|VUAJVIr>oVi*7rURf_&sZAMQ8ymqlFkQTm-wjc z?DNGS?RAY$?Dp8Cest%%sYuwwEdv)XW4@k#K#_{HH9e1O|6n@ z5K4wXFyG&^a(@@`u>Tkt=6qPYAhqY6!fE2E7%&JI==;?#KxJHb>`Evvth4;TF|b;i&d02zovAuC4j5FaBK72s8I2|mEK$Y+7GGrTL2_p{sf zlVR3{ZlGgrP7DlzHQO>@YESD)j#*Wgt1p7T4KJYgU19oYG^}Q$wJf02OdK!4E}lD< zcg+e?>$o%#@_upHtwa(8W1ur1hf%+n0xqk#vSYvDfPv(}g}w-_OpO!lkO#)@d!%(C zHx9df`a`!&Ms`O4ij;)oM(%^6cB`@jL#79kwY5fJiYgSJRJ~(%sIx`1Q!74(C{EvHjK}$>aXS`s_O2F2b91e z+hnd?PqdI4Nk(uG><5qM=4;=}qajI%b<9y|E+*f*H^sOgdYnx1*>nFwH#w<2d27HW zmEoY(?gb*s6gba){q}E^=dP=#6G`5$|7*lv}jJC2(?ByAKaC3o`X{WPLonE7g>N& zlAi9<<}gr@n{;uZ0oqo?_|~fQI}j^M05am;;SYWCYAKVo8=1uHtkt2-;I;%QE0AyW zN=u^G8nvs|CUJ;)SE${Goi?MD*KY%Y7T%*bwn-P1hIaKY2`)i5thckGm2B{v>kuId zhq1-XulM-5KUe40%W+oCsmgQ25q7ZZI8g2;hZO89+kD6UYQTC|lQGpe;engR*JTVe zg3NI0=PIdL50=*^Z2*3_48FqRy=|-$Ef8EQ;`jN?i*Zq!y*J3sx87NzqTamu+ZG4j zn~dLQLZ(5MGcNT5CWeg_el*5yt$O>A^4i_ar7U0jneIl9o=D6P*RUINm!Qsk>KtI@B#^K~|M>U&u=h0`h`x*rD21 zFr0tXfQ`Zytxk0$z#R}0Km#snyEN=$_ny9c=S@@k6BaO#%39e#EnHSlDcXR6=dhZY zNK=F>)Vc`Rt|7T(Wm0vfG{ykKp2vrpD8?4vvH2ex(!Vo22S!8Yb*j z&C$9O;d7ddyC7sVS6{4l-nGBt{RjYQfLzv9-)2tll>VmbE)i7p4#>44&RvS)kl}Ju zg0Ol*O5>&ntMaHwmJTOoOuuBUZEa@lz#gex?1-_Aib8gxs)@q5HX(Tz;Xwt1C{b}h zvXkh6;m+Xw8)ad@&QmB!Al#s4FiHaQ+%%PKQP*FAT=r z>bII;2))h$@0C{_fVy-fb{OPe4$cDJN3DMd8`orMwZ&5WcSP4OAvTmjvb(<+0PDu+ zZ&XLfPPr$#vED*~&*vc!E0~Ei|AX+1>~QRsgg4E?cecW8;=O|?28rktxi?@4so6m8 zu+4PPQ%LC#;kDoENe@NmSm}K{Q*FtZlF_o^NiFO3yG;?&wL-WXT`!@?!yhjvT5}y! zqJEk7aK-}=ih`YL<%4D#9CyJA<4XTF9=-;yJkxdcZWDxN3PU-?J-r6J#|QN!C_` zfnDd1ZPUm>|EaaAN2!wFu9@#owE9+D;-rm)K?!7gieIE1YtvjI#K*gQ+c9b*x1;&)LZnSs` zDrO;3<`q@Hk>Pida$Wt>Ta=Act!<3-LLDY3Nqn|Zh>G=_rnRc z(7s*qsb4KC-)TD<=+*_iOB2~d{|0uDUr?T3G}8a(U!Uubid>)fslqTSm;GSB*+`@0oUU%L(bI!IPVNYjR=TsWm`037CNYGXbkGxbR5>fN{ zeU&H6dOSEcT}-BKtMIb|U824%V!Xt0-=LUU{&=4$-MHD;)?NUh2TxDhAVY zO)#5E_x*@dnc4UL`V^nyO7qzGpsjv9Cy*MpfT8-AqYa!cwqIkB9&+ugU91WNwox;E zmC*+ffCnl)s%T%+1_6s(ov(l*?X9QFrfm8`$bK1hvz(@1DSR><&%Q>T=%28t3_$Ix z@*+$tF?FKp697#mp6*fLOTW1dEC)}*pHq+yL;D7Lpj%x+liMg$9X4y(VLHQcswtoqRo}%*CKrp1<-!Vghig|3VmotwA;UR0^UdS`d<8i_yx#LKxCZ=Sc=LZN2X=$f z=AXy&i@)u)E-UlM2IOJTY~8G1`|xof>ZKb1svj5NAiYb*LTow2WpHZ)2$K;_p;W?q zw%^-GRp;Kl5&$+iep}|UkV2tnH#hvA%|n2;Xl&%*hvqhZ41#CfwD@i3@3#8CE@oHb zF=4NddjE9|r~h8}IM;M|-#_0{&JUT-|Jl*N|NmdV(ErOn5(DVEI#C0na;gC-z&fr& ziJ>*{QIo_V06@>V)?bg(;sCkgCPPV$q&G4IX%IL8SWyIntZ;2EryiiU{(0PVId}*g zZ%Kaw*2;HdQJj-h$Wd`%#gSnx24|#rwC>=9|NY%v%USn^y#PeF{9f{UK7Fx9+kuuJ zXP{8Ke_&64Jcg(`y)qAW8VWbO}v(bzkz&;lN_V#QR+6p?jj< zQ-6FiDX3B~vHQ_C(9$ch2yC^%50j*=Vdm=Bw_5}zx{+LV->gLU;j>Eo3!J&hr;7~& zJ60TRtSOJMYD{ZU+ztwzUL^DHg}pYg?~g%}mAuilfS~Lh4JPgfpF7@s`ZHT#0{Dd9 zt#;6)%%Bsd>irc?*K2IYRRMwd%vh89S<&FF7sB4Xr5&>#jEU8M@n`O^PoB2Q5aZdH#sal(nx0I$>3 zS6M#(UX`Wn@4W(P-^wSgEYwWd$k%}&K8d-twaT|Lon<>g4c@7wt1f-kbW!@xOOOFa z_IS+=>VP5h3~vpXn-%mHof>|Gm$_ORzWSbQPhcO4iIAQZPg)Z?&A}%xi(iK^PdcQW zBPPitL1buB9jXeH;ehw-9zKup*ruU1Y3oBVk|swdKs)Y$>sFXZKs=7M@O#btdNOR&TlL!Y>l20L?dASeaB4l4F{0d>xRaAy?Ac9U zX;Xj#aOXdd!_aVHubR55{F>H7yQ&>C)vF{(Jk{Bs-1uIjh}xA zVQ59Q`x4nvv5etr&S3|>{e{J7*6=vSB>>~<&T_lPm#8ODLH5RXV!pJ4~@SYHO{?G+F&^EXbFDSCI&!oq?QafDTBP}aG2Ad{^okJ~cQmHw5LTD-mU^-|QOovJ>d(O5g zoA-Uq?*}KpBGG9sAbWw{q0bas%%r9Vr%6d!R+P+svq`&>$_b4B{djGx6{Ww$pc1Z4 zf7mWtZ9g^s!8x>*6TRbm8Y*v;o<0Cge`4Zi?K86r{`lhX)u2sTfMmHF=-)gakBwlxJ}qe)FCFKZwX=+dz}nu(pwHMyvxhV(L%!0c_zvg zSGVq-ZDVz6M#X?*FCLFg`Vkq#4)sZkZIU*{u17YVJ63kdqrHY~*UTG|ZCRP`k!_~S z{qH4zO?tw=zw2g8Wk_-S5e)fax*x3k_^U+b1`AxlQhk`!Ir?mQhgzABK`6zoppxye zF{<6NAr6gCvPpT;1Bi!BA_&tWoJR@Bz#FVncXok7EMd(Hb7tF@is;#+X!{ME1GNq2 z=&^L#08t2juTlm0%#yujW&&U7EmDIsyeOV2g6|NrHN_+LBv|5O|P zzx|QZU^2w?Alf*oGZknSt+KX>Xy24wXF+K!Et1@M(J zP<{X#WPkpJ3%a^>++{8^Pe2XwUrzyV#ZCGXX5t?TQk>sxjibaJH+}gk@K@zAAw>uj z82+z!?*B*a^uNA?8DBM$I6PkoF|o$K&k(2p`9XyTS7%mc$`o8jz6!+=p)z{0{pY%s z2J%fV{q%$CsP*KVIM-x2h!O?T7$7PTAE&R<#?1OuG07?R;>FokO5IcnKb@krXzb;G zj$FLK;QsI=k}x;So5K?8_Jb}Vblq(90y?r8`dvBHTq@^j$IVJZfSFv~7=(_kzKtli zcSm&SC4%5hSF+@_rF@#*Mw@SdrkL-K7h%mO$sOyVnPVXTn(#(OFD^{P?@J>4{jv;k z8c2zoV-#?~9~S8ni!F@;){}bPx#@nl93MUDP+gC@K{1Q(n8UNud>Vexu+(~w_My7* z*A3Avag6vl?5oShIy38i^K%jXK|uO?9)8+%(K>*E9ZX~Z3YovHM=CkX;Su6VWH2;~ z{3sy(m+-T~zvp<#FCdJiDkwF1pyf+hMXIw z@W2C$@K$DJ%5hSO8Mwxkx`^Q_Da{XZFllXJWQD>v05~rKf~z3>q8dM4&3=7O)P760Ax#JF?7VQ>N~w8EKGAKEaZ z6y^UYo-R5%l9F(Otj`g#=(K?8k{pNh07W~}rmGM#shliQg$x!76Q^<*d6$k+V-#}g z;3R#xS^`LI;<2ff(0v_d`{0X7Y3XMj0*HCC#W{~P!${jb^9zf=PAK{N&8v3L+QJ0A z7xq|sO!=c!pnkX#2B!grVipl4Q7ua#*dRZN>IE2NY_h$(oYW8&^P{B(!|V`gDvHhR zXY4VBA{M3h6eTLv1om>-97;lN12EE3Xn5{LhJ+e95qvp_C|QCu)a?Kz7;C)+%V2d= z?|d+rQGJh0>Rw!BnE;ca}#z{agjue!uT42&?g;s(f zwT1BKcw(RfW?|=G%204h08BX_B&3?(VyGo+02z^eC-OrXFpm6>GYv4^s?Pm6Ehbz= zl}@%I)x@e|SBH7C`qjR91X0ho8B|KJz+hz>gu_QyoR43Sw_aTUjmc0IEP0+#*^ZMr zh&{t;8e5GoQ)@SnoAy<60~60bUlT@*m##B5e>NV34d(8S=fa9SA$m9ES)p`nr&w@z zsL1L7?FU$Xgy2}y#LE^gG^6sTu$s|tFXV$p_aUT;1>K2`9M$6phA(a)2X{F)ZA9w+ zwdVAJF6~p|JvQlcF4XjiB&Y+?wbr}L+Y}oG@cbB~i(-a@2;D2eRNME@d+a-cuwR6z6%b;*d*LKYF-Xjw@_XmJHWjZ26|n&ZE;9GmQN5_8SK6$`}kz zeHBKMK6&z_2MDe0U5}Vl-RjIrfh}`FS*b=S-Iovj8|CCVq|yWfz)}Z>KD)-&1WIRA zfkjr1HyvHhIi@2#l(5u&ef`34KRQ`V`4Z{n0VOt|_zZGwE8ihM8C#R88yI1vpX;0SwYC`!({ujLWJ1faxu@FjGVt1-ubdzSGgA z(5ED1@BFpdg(FqGY<6biWotWzwbIUeQM@=%a+h*A3wIfZ+)m90$F#gxs2KaEs%Glp z;V}+orU#BM_dlV=PFvjx7|U*4WoLT}v&0M^JT*-mNJ_#>@uy%;4__RU5Knh?8Y)Ab z@cT{XjB%G^7qYIj^T%t-v;;X(P_`RZ&^QA6V>=<}aco_sE?2OPE;SE?hTkZh_qjga z14a~Jigtwau7W02YkNBoKR19X5cXVKUf91gm8v}O=f4Lrpv??t)(=t4@^#{#p1^VT zPf4sf-gkeFm|?|vJhxm$WYUl4uVp~#4KfL5Iv8!t1!o!Ut_{-XV##|>k2JW<_jS$2 zR-#WLobtFRxK=-TceZ1fUMZlJBIY1=%59@8pb z%D|0;GDY7+!oB#Xt_vPNK)8DO_2huk`=ra({||Ft85d>uc8dW9B7!2NAP7pQl(c}9 zGz>7LbR*p@-8nQ!cXtX(r=+yB4Bar)*@Hgs^M8M*KAbOyPX;slzIR-EUF(WP!+UYi z*ryT68+y=}fQ$#3D9weTXCJZ%BY0+J5w^2m^NY&oL4a;{1yoj-n;<)Y=X7eF&XUJg zokf5?1$T%(l_;p;_{YH6SAIV(Fk)Z<>I1sxkLjUq7S5N;9Y?J{kuJ1nWWH(>|WZs@*)zXHlL8Q>=Bp z&`Ra}m_pObI(ipsNI^+nqK#XHVN!KQAetMg%PO(krO~mK+R@Bh*7}hQ^K6_Mk{*4b z1U9Ur)fZEHG7dKSe-s!nIN>S^#S%%sm%B6FzO}iYAvWXT;TPjp`{p6MMMt z1Ko{TJ|B`p2$O$q10T`~R1%zNj#eeA{jT%CeSLUl?7l?U6LqZ+}8xxv&Mi?nxeOx{e3Ip}l{Z+@Q`Nicn_Ltt-*SsNL8xF7~EpHy}USQ6N z0Y>K5X7*<%kPliv;GlQjbL2vh>R>ANL%jCvAlVSa{KUYyE4BIYV%So@mKby(1AU_p zbeS*^=O>XtFWPM28G^^`JV9IdjFQKt&BFzvWbuAj4qHBpYO<;7QIULYo$vwP=M! zdCJpm4>%9^L5B8yhy4fOD=BCZJFb6p9HQ4|Guf@V3Evo0d^_gItLbrRTfVgn;t^q> zwJpt%i`Q(Vpb3`*6Woyw*soO3z8-wz zeQ%J(0DiP?Aaff2{)qk4Rv!G_o#KD%P5ytxg8x4{{qCva_&I9zRpW{r@>z$vYKxDX zCr;Yx+F!et?*`hSiuvqooof?!@E%#5YbPxdpRr$-hK3V+(&?t^6+%H(vUJ=S%qCds zTyGI~ogn3;ubqAjhXTJpa5vQD+11aE-B6nlw~fV<4xaa}|DVzx|F^Y#gbKvWUJUT= z2Q<9hl>ntokIYSSfNX2!lJQ{bmuVKGf}rR7vDQ}_nC1nYpcQ%SHWzX;$*cYen`quK z49n;Nim%8RIuLu1K=xEa7U(CyL4&Wi4)LspE5TU$_PokX&T&D{Yyv^In;)!_w-}L5 zT?6|(J|P;&h2&t&{BmB?(ZW>ujc2ILQNo-CWM)DzxPGJwbdRfOJXzPP1U+J+3L z@|M9w3+T4I^Cz9f{rMYkC5S`ogz_;#SfmNraf59XBjcRmj8nPPvX-r#1;q7rTUt*o zySuV`MhuIU4Dk*@J!m0108f$0Nwl)$!cR@6Xzq+kgs02Foq&8@z@O-m;17^SmZ?0f z2XPd#0Sbr6a5oo+Ya)j4@GfX-CUdFIFemmc2nf-jHyIEzLf@eQjv~Y25dPFUuGXT` zMyhzOGXV$=|7)ytm%DLTv41Eu^WRdAj9I~GYwoUSDlm3lU?Xg%nyOd$|b@{MZj;8T8CYFZInVf5>Q5UxdCv-*#1vY$X(3+nWB5dPLT_<6( z{`taT;m4}ZW}VHLEocIn2eLOLd16mPkX_yjytZn}-?7+3R*)CVTk8u9QZ&@^ZyeG{{<0s$ESzQ%kY$QYrUeRxq!8Ra`G0aP| zCpw&lYLG0lw`xf|3v6zTX0NYue+LXT;=M2{! z1`6{0`7w8l<(qp%J6&A}XJr;fHCLPLX8F+TP1()q6zQDZ>uVK!D5=l)gJ@-#`KNY7p_Lg3l%si6Aw=d{XC_=xn@jQ34f3 z{v@>r2wFpD+L77eb(429rF<)E8dE&8PpuOrhX>|ZovlR#qM)CzPW9EpK`tM@?2^X* z$^IA@5A6zZA|}|~S?Z%kWlok6y%S9eth%}m+5#6%Ht9fLIjk`vqLC3ec~2B0osfg%uw zMS@cl3If`-GREJi#VKr=Q;*x}qHJ%V$jy7v5uER=bGoiJR%fV99gP+9M}jDk*2U?r zcoQ;%$)+-7iSEp{^73UU*L$RxXKw;;$1KemG7Ai}PWf2@ViqcovRvvPf+nEf+7Cgi zU!dY8+hqRb2G9Yv{*Xs|Pr*`W{>YT{UccX6!}&4V7=6Xp*Adbu!m^`OWgH!}YiXAs z##6;Ztn9iiUe% z(d_uB66E}Fm)L}gGTF_h%qmrvc7xVcW5wipPiYeAk%?Cyl8yotsIw|Ab%ALuI})v= zDJiqBKO5pBL$3(NeLc`$3A%P6rw6o1f1EEens+ZEIcYN(D-Kpfz9#f`G?R?`&l4Gr zY5;u)?!mAOG(M#Mx3T6PsCg~LrqoXkS2Vx7M32#uTv z@gg_+So6^Uq=*-Klj@{7U-GYqAa_!T6Qho7rE|!1s*%y5aG*D;l4EKH>E@zH3w9|y zE|l+CNi5(KMd$)Q#&pbf;w2IsrDB8Zg03IQ|H_c0-++C4$SvzLW2x3O>SV~b1cF>8 zeEw1$Ng!#-c)Kkd18#gq=jwIhDjF~15Y3uXtPn~IJqUf!q?glhcKLwguRWy~&Ou-h z*t^uiGXZ=s9=8|REoLgD|AQckyGww&{Uqd|)%6e_T=wzet)0$oyK19XNk-#g>6c0` z61-+*1BL!Tj2gqn+~vu#d`Ng7S_NnUK>#w9eh5fUa`Bdy9k(%)s;?DXx|@C{d;u9@!~R`lT(&YJuVQ`vL^w$lJQmS?6ANITWU zB0a*}e2~IgvAtxfT<^n-1nemH73-lm`RXR(Rje7s+ZOd}<}Tqq_|3-8CxdUh$L6RP za2X7e%PQy*^nwFu@n|_%DE6H2>& zHJSn1kj-`8Yg7wSkFuU%OvL?*V;40FiuUJ&;oZz?oSo(9ik)(9tLlMMug9ZsA5II+ zDpkENN@^S=BnL(~2)A|xM*v#L(oQMDu(nF|Oq?bo=;Q5MPi6&Y*sy=rbs~o zJ2Br8`rg8mF761%S3WuY1UX9-s(nTT)>sqRUnF2c2~1?1B*L~u9T%wX-N8t(X^|@0 z2S0*LbUz=hU{$judr93v_}ECs(WgQRNO7fFBGbV6o*Afe z{s=fIrh6|6i&jZ&=+}=Y{}IcB{8;N~Sp*$N89DX4bh?nXglf@4BU0MP+71+Hhrf@S zyE#1pjBU4R9LXUSZWP39#w^7!=I^fX&R44pP%uu!0vM@MN6tsWT)dtRg^KZdK|Qj7 zlzqg@{AxW%?fcbY`)^YWBLoEyU|5v!Q|{W}x|rA*bTP7h*J*(2>j zNR*nHDHC#dJ6F-`>$O+yX?UnLm3S6%UNF!Zff1)X^wxXm;J-#}7gf-;an(IXFA)=O zC%YTGhKxy2M4_oMm02Y=oe!7wP3dGu8673#qR79$-g6eCd1N9+g@U3}(1yIWk#5>I zS=X^C10#9yu);|{*Bcexi?>&a(ixBOP^c)cXOW$DnRGH)+$YA`|GY}s)lj#c^{k-k z9&#)c)O+&uPvvzj?4gn2x>C;w$0V)aqwp;wQ~TWU#%pX9>T8t?Ga&(n3U&MVtL1$L zABd3?Nn#{F4sW|pw^jzp=PruS&fL9`%7jb~<_j{;;KyCfdesN&u%uEQOW!`Z0PlZ$WtWy=Zz%54H5lJxzM!EUI-Bw4>7gnS#+*ae*WhSc4`EF zzb%?WTGmG}G%$ytjT_4ncLA^U_uXpRpIT#yPDLySQ`Q~gPn5B|R*4^*_W{|bD14Vj z@-}8~^OicR-sRzzN6<+&jgS#>-pom4Kf8hQXpw-Nd{Uwhj(uBgB(E=S=<^@?2y(e4!*6k@6 z5XG;+2NijO@_)e^Sxv06I8Wgt3zs+fmcLH`Obez{GR?$p%WcezvL@Ee6_R0GPeSke5un0AFiCV69x9c@q5l%&>MY)>SPJ54m=a zlrhlj{7ibN$bM^)s|mtohf4C^5u%{@vxo}v%cJscijJtj^hIXk8^Y-pLTm-p7R=@1;879}i53U>lQCk=}JJ^=Xh5l9F7N&a&W*c6T zt0mUI(kJR$|8bp(>fU({Z(}M$Hyai*olT~#G$K>7=|qv909Xd#`m@gA0Ui?l6uWqg z6o+<>u~AJC&>}SxXmB9Yz?YFZ#`V^}4Te1rK_uT9aVl(SRIRN8LY0<>(O#wvE29Iy z^=*hi3XEOTI%z@`==I&Tx7?$%l%oQ23__|b2>g)A!poq~%ufaYKKX~=Dr~mv>pFH3 z4oS_$&=OYbi^~1o?Y?Mg*cB2m8d`Xo2kbm@R@-293GO(210`DA`(d4d<`SrM0NciE5usdr zc&AqV+egYt9lpek)MqvvU$Y7|nrA&3Hm7XD3i0t-i$IarQe|!=4e$|ggd!dLGr534 zG}J!f)D&{edLxzjhbsho)$S7ZqO9?5HBrKw$Vj$YJ#V);LX@$V`#pwl$^l``n_cnO4rP_2x{#Ug-=@j-h4QYv6| z|FBTQiwpf}KTJ-NM=eVd2ms;80YSTQa4X9{>66V9^R!|vH(Crq1x~)c*kK-Na7FO7 zn{`*)6p8DrKG62bG62`cVSNP9o9^AO^;-KTiF)>Mu297aKTiR5`jH%&9>Q)g`zjgg zjf1~}hOlWs@z0TuAP^srL>7shH)=L1P_tgH3Dcfff{vUdo2|f%CC3{?YXYAtn$?H+ zi;|nna9*&PHbSEE@9=WpfRzd_oR}aP#Ss=uU{2zaoXvnDxBDql!!S)sB|~?8tju!x zKB4jtgReq{kG^LIPY>AZJEk7^&wXu#kgN>9=t9aCASnm!?*t>`M{2G6!rl25{4Rx# zCLontXNN^#dFEJOX;e?Z7h})zbKYF4$2ctiKj@WVL|M_UKj3fzI&6~0s;l1QB)!n* zDW4!*%uA4!VlB{E#lYEWpc`Fky~yve8LsZ`aEoq`x!n7DO^}qDOF-kt6}doBVE7;T zB84Rmwv4WdMjP-5fE$4uxX$(Kcb(;o|DjIj(wkG0Er_{^4(yrwxTww2 zfZ~h`~Sv+U^SZqeYio3)=YBA3Kv`qSA(v|v+d`v7l{as6}${l+A!O%jRI%{ z$;xxWJUNT3I9!@szoSHni&10{tp#mu%MJ$a>F5~9V;ewHHLe&ZpYQ13Z@u>#&^-UV z|An@WxN<3pO23O1py(9nSro(hF=9vTf$!xx%A(pn+$70gSHhpkF zeXFn@gHqB{141TOQ9RRq-Rh8fWTP@Di#|xTs&=f*7bzsTS7v#K@P{HbE64sIybb=> z)HN8%OO?F##}}%(_*vk+n$#c)L`74v1N`A_AlRx_ar*;1#)`q$EOx&=z)rL9>?Q{b;$Pf&o_p|OQmyH3*BHDE!bl`O>TDh!nrUa9?1Qoph&SKYTXF@1T>gBLbvRc0V5 zp6)gmIv7yU0FA*}q|}oS-u;^87wNSQ_AH?m`k*XBds!HLg2-N7z3>I$v}4^3d;Xy^J7LkN~f<(l)(9Lr0?x}c!!W>4Y% zO+cvU%FNW7iu8tWDv!zXdw{FmA<}sFHx}RWw>Ttp8KoJm4dT2ioRmIE&=V?kl#3Y= z6$_hWIoSttgP?e2FWWRTT#|B%>uID}UR=}(|ypSENY8$>G`kZ(E|=8B(+mHRIhFm@P64e$BkG!hjl zTo_dm{DqCD%~V8V#zH;d*?4W%GY;p>^KzZeNc8a>71 zqoR=qaMEHoA7|J-a0o@5%r2OK8Z`4RqWPZ)86~qRhL*pS^(sM0J7IuZw5bcub+Bhq z1K5L_!2B+L&exsz+RWrG;w>I9ADhQIt?qeyyTlVrC*;Soo_}3ru3{_E?G93w45`7) z2RjTD|7Dn}ZIT!Z!mX!s^PX{;WU{?d6!oMVPlO2fb63P9x@g4rB8(H*sumUjU#~RY zO%3J8%^Y=^v0gMKA%CyudXgOE@|(z`|+02JYr zyI|)x>Hc9^dNMOr-)_!MAUZ-EK7dNz?PV&0e}hu=PsdNANide&)$+RL1r){KlVqwz z7?F1hza;Elbu)=X-?Aefv{b#0di^zWxNuD1Hos>PD(vumyvpr^EhYzYY^8+3LHkfb9`p21f5NX9)84Kv6x6g}`ql0wnA9-QFVULK{ z+${Os_u-A~WR^+z_h*JtttodyK$4`fbNB- zCu-ZQ6DKv?!O;<(WC@?MtdbkBOumrh=0H!&QF??E^{Vmq-3)AzxdZjf{RU1#S=Nt{ zCK0sF+a2LE6BB(6a^C_V)Ahqgh>B^K@KO{}6!w^uy?3-_D+;M?!w@3sOs> zr+3scQa<8;x7eiToo~5Aq(G~Y5#6&wOSrpMmPu3d2n*{leMhtK*TSU9sKqeV7WOVI z<_>_tuxGY-1rfqATi-)cxD_ic!=Exd`xWlzm*dtIODF428DpVTkW*6@erxS97Wk35 zlT5^yL?AN9#FP~%|73q&6Ct>yL*tr9sumzRuEk_<84c6OHuB$`N&#&cK0R_FB~81; z`2wv&Y10K$r13=Y&Brj#N7!FIv9KnpQTL@lT4w$T8BqFym8yYR>9i#BLcy&zLsNst z%g43B_;E=snZSGi-8ij`tSvdU03o5a91jZ6D?p~_1!D8g#A`4@)8ki*MK!GHIUiC! zk~0+ro}1aHLefY{%jAaMy8W2g=S)g=+og071q)X8IolU<`N{CTOXIS(7^J6c(ypQL z0AEm0vUMR<+!4Va^qf;>^nPGSfY}~&6<4(^>F?XE!_z!bd;^P6iod3jSsZjwPDs;~IL9xcm6$C_Zo54GH-wOeS!oNbq=R!^@J ziCLq^obigprP0a91s^n%<;Pu9FKF3|IZ~*cysFqP0UzT?FhfNymBBCX>Y!CE2agWf zHpgSFp$H$pPIX!?8!XwQEeK9KG;-{8&gF`woh)>G6>QmXaxR5qEk0AP-A3}DnLrQZ z%D#0@dnYKUqu(k}(NletLU1tK9Y7wIe!<#dO+xClvbY`?A5U<9rtpDch>7z*smG_56S(( z4yE@-tw%BIV~Bz?7kp?BxQ9ME_XumE^hh`M=+-(o8E$ipm>_GZ7I;TL^1?rzWjD{5k$@ z4?5RO+=vn*be@7n$w^93$2UWz^o*$H@xbMU=!yN=!oV?a&}(8hb&MP-@X49gd9XBv z1=5PIz0rE)M_Kc??VXe_pOcab53a}1v9PezELR!J$jj#pAP-*C69Twr8qnr1SCX+o}j4fBVYe ziWX^x4PJcq!9(X1B40sg9gBTHUIaI1`29}sNRmogRF?|es3LaSvSue+XVGwO5;Mh zwwK+3UHf6U2V=dK(P`O6dFV*<5S4!S(i;4*!C^nV3`9R$UeelR)O+O0>E#TFiHj>d z(mN>;92ptQb6`_-qvp9h5U@>uFDQ76il$S6y8bt<+9Zxa0SgZ7jp3EZpf}5qUnh?! z2OqRT95pW@LaXrEF01YKgvZIrm%PKeDDuC@M!XyyuA|yzmXn9pFfruqml)JmoBTw& z%4}*H+gjcsdkLrTzAj7p|*%ctgIqz)Ciyw4M| z>q|4mB^pne1oh>j;p#!l_em}3=vqj^Bkqv0@(`V#Iv8bfV1KGvC^J?u3UY9A%8z;F zi%BfI?Kai$MdLm_Q*w~C`B-wn+-~`59-qH|Z)CiQYzY&i%iNn6P1YQ*dTFUMFb&om zX_%RB*-nZW2@>`SJykpYG`?Af0B;rvK~1nlAMD;{oN4<-3NB zd*^!7&dQII?MHFe+3aT7EcrAab&H7~*v%ZLtR_e+qpE%i+{6vD?|(~|HF}AIi?dc- z2LKKBL|h!AJ|slJHauo?h-r32R&DE0rTJ;dbbwkn8TZW5QRl=Ebxr7V;^WfA^6EFd zyY86%Z`&R#UNt>a_KiQN?Kql#*%bRm?@<;ljR#EXZm98{j)tCH(3LB+P2P6*)409? z5{s-q#Mf+M#*PZxl|jT)8jyO;_TbTEz3{&+oFUF&_+_Y0n*7!k@BZ{+UR6ScEPhN_ z&dpat1N#dqTi?}=X&{BFP`5cjwAr9gacK|y(>}(o#Zlw6?gE!jS=7Csp5YF|W07wr zEVAxW?X=jv-}vcFgQ|o&Qzm6fM*0(j*aNf+wd2N%2Hv!nstl(i$#={U=wRa7D&7{) zqNzdW>I27cswWkjECqXUuU~bM$JY5MW zUHeAY?$_yWP2Ca6=X0CmgT$V91MDfuMW)TTmK4vSAHjf7yA7kwF?kD#a{HT|rrV!& z@D1Zguc{tC6b)-TaIvCQgbqZ`MK8N5T_hpu!3eiVl+cEJ(H~^GJh%2haFRS5NBS3j zook}rG;8t&RZULIVci7y^s+vb3{9^|EzzFxiiXD!4{0p{;0N(|5ZRHeKTX-*z|DmCy+MHhRlD}zeiqi~n_Hx>a#n{<&3jWMTS_z~_c zB1du9+x=TBcB~5GgF>VohaMFy8nHey78Oxn^b8dx*4*-Mh1RSTtplOhk`F2kx!_@)vj(s z0)N*Ctv?vCJ;`o5A8i2Urs1^wJSryo7g&Sq&!siJPzx0G5V}d~{sf9Jqhi8C7yifVFaY{YEFuDBhf6O`W%!`y<1f{AL{NZh)O9Qi2o4=F`Ln zzQCwPQ4%VCEN^0EZc;2Wd;oBe2j}^_YDkf1O5D{0i}%c3{@GNc{vF_9 zv=5$q#EWAWyZQ`B+pz`gc_fWQaf`yjhHXaKm|f(3lbfT&I&2NBXKV|!qEOI1}(MsfVY zQpBc*4^hx7B-rl-92Wrjv7RmXyvGMVKibf?lXqJmeB0Z5&(_0l1L-($ou2IHah8Vt zk{)f0wPt?R5|ftp&V>?uuI#gKHhRWw*>v!+WljND8-FTwI?@9%`A z2BI4|GGvL{u#DI>x}4mN@Jqa7#f5xW674!Xv5I%%SKn2oO$_AKZhZE6I0T%s3E%A| z4gWwo?#GH6c8pJxxSPKnfEHG3;=ro?C>0qLLi@HYbF9T8(e823_@7^h^<=?^R6w97 zHOhq>2S-#91-Z`PXQ>yscD1QRv(B|&@^io3$Qgb`Uj=-**R9V&fkk?F`%Zn!Xdh}D z8fD!sv@dAQp0=+*2JOB<`V#BXD4M*LaM$@srFfNb5L57RRzW}56z22O*4S35!35>cr z`1l7P%Tq(4C$`hvVgny618Q*y#>vN|0S;B~ZL z`_IqsqT4A}_UL?aGPpV#*I{@=Le{J11Pq5-IEw#m)ekeCqWRHMFj|F_Q~NWmxyvVq zPyi{2P<3&wq9vrf9$fhCF0s|*_T2B=Z`F_7X5)5ZnO_;>ZE6EAzMk1PE zQrn(%=^gg-MZ7}43Xc~p&WK4503lY@LC#JlyT|>#z2hY>uT&q|`u%$tLKZUNm;JjO za*lD3j_+1u786#`D}>;KcBzB*=WM#^c?&-m>u#goN&l`nICnVB!sau7QrlExY{AMj zm-hBPn7;5mE7_Z(XVgZROdo$uLSUPAS!hd2fAX`%pctFu;L#T^{sj=w zbVtZQ@(`DK)9a#|F+y?PoR%z&dW~1?tMBLwKg@f$ajko9syIR3a~$6^PqYZhc2tAh zzkT~=ep6u^NbD_KnII(^4+%Z{S$a^xrAJk7UjZlk%nx(@>dPMzXlV0+OaD2HJNvM0 ze6jM-?%VU`o}pFiJ}5t|oc?Yr{wmu1uJ1$bo-8VtBGdUlZ>t;14_h17(?U{7MNUui zV`#FDfjzPC9U!Yg(t_x?k$@I?1n3JYhL`+tNR+s~n&MI^@M%RUmi{fzmUc&n%f`tD zWnW-FdMgXt=lMezddb?jm`l-ee=Wt`?3Cx9SFa!*mAor(D_Xk_;+Gb!&Tda|*%sWk zakP7U#JKjwo^f%x8`FylyCgYQ7+Tq@a)NKgUh$;cP!GDcJH8KP)dCOM1Vkg@V>Ikh zi*=8%Y=qkN!dv!IoDjM=6yYxd9~77)Hefcq`2*_UYPNT9th!etl8=Xft9=CfeY-P$ zQdH2{mdjlvdIUx_&0~lu%+++jlQ0@*h&B%0*|~naQHd{=kjUAYVI}d2dt<%P?#~n} z`L99+r@7CP)y-lZ8k!ve!yt|a3?gZn1ygc>FC>+M^;x|NqcL+Q9@8g&k>4*|9%5nH ztaN1)$$+E)-GFoImZy*Jm31~Gm^HSW^hA&CXRrj(9DjpvkC-E&C)qF`f*YewUY<2? z`wRiS#A9OWelDK;%(L{dOX(%-KG*SgtSH!XTFlL9*+N&V){%7W3}EE$U*C%+ss=SY zey(3`^9>fum44wjUuy+sKt=;h21lV6E3mt_+P;Ysi!}Sr*ei&N<8Eru^Y%dNzJGW8 z)g*jJ`%}Z~ri-#C=FQMlH%ob_5r&vpJcDalF^{ibr!CSW7t~pN_ib8%mQFyXkth2q zD&|d2^YcfoTW#P@1~gT8c7?T}Ex&0Yqy5lKt||Z)bH|4k!?QNDwmGja4|X02w%ae{ zFQYjl=19w%DdoDij7|`kt$s4-Ez^n`|c%o$%5RirjyQ8H?7&rC)&8$qKiK# zz5Ptkudf_dNq{t&d!?sS2i7#m$%Fs7;W8XK!*vR}K-O#CP9n6EyUH@N2sj zxGUF_8J1n00N<)9%F+h}@}}|fa_|lY`~;8b&9oY-s?GzLc{4?8x2_Q4b<9L_H35-& z5gtdovoTBv*JnPC?Xkr^x4;1hK%fJ3o^;skwU?6#VKK=8Ih_V9Ql2CNi;q9`n2s+1 zp7U2?Io(%)p$?Ue_Zk6Jetr`Gw_WX$UfXNxm03%{Vl)?WtAvF_N zIK{en;H|%wLLgf5p5|=h<>5BK&EAxe+4!Mm>M$!3+@2ef`!F_i)pSXuXt?2g&R3k_NwNgrAKkIg(@zll;X6d+cUJ+ z_KU0L;w4&!9`SQ(XL5P+o0bUs~J6@|#snlzo{DA6*z)-_*J{&}51N`|3$ zSoUjI^>V1&9UZ;Qm+b6HZu(C^oarFw%|()oq-2%R^1|X~pv#%uLG9O=!e+xcOqpUf z!1X~#|Dl#f3uCXjI1OMlFBfnb?s`qnpcNQ1%22s5u+_hC|L3rV_`(Q{9NGPvL}mE7 zmvG;`H-`v~h0ryhTJSqU(i^J{B`&FiXw*7Wq8MAQF#+oqv0^yuoO zcwD1B!gsr)r9ytR@Fx&5P4lE@n=Ps7t6=~q(}j}VIxH_*Aq@u`O)Rd3eTTdr7l3WB zZ+L(`&neoPu%~+^RBMw*I-a5IQFFHYQ6zaI)Rd5FXLrg0fz4fQr=N+~>?*%Cde&n` z6y(>UezLZXy)i9cw4$3i`nAXI5vi|z-Z2=c3kgQN^RyQi!&BzYf{N%x2N#39^%ntk zD&sZnc6zuMGxj>`##SaeW8_#*LZ>@|sY(27xsR4whtK7|GgG6L6E2w3x%59EA_h5^ z@SN0NkD~Ab4(&n);)Z%E-o8pM59uKqerwdgR&*|K*Y%?6rg3x8;3|>IKh#v?W1RJn z{H^S2ym!}3kJk@8f`X98mvEg?ZK5cf@2%?`Y@2}({8@hFT zZpzMtDL-G$lF5EGX>f>0xw1P@*V;;BNVMf=pLKpKM>|aX_d3ri3lz>Ln%HFhO-d{2 zLr#|W%eR8dVQUSxyO%$ZU(}+*A;+)+IPaT4m#`*&4#CMZ+w(6~^$!+#j94pIXl;URSf+c4!-@K)Ijj} z{@_ge&C+Dt3dH?ClojxZ9eq#J7Lgnk5}~ONZ7i<(WX}-?j;P_-uTIdom>mZvFNIna z;|Eo^;QTzd@<(tR*DZu79kK~32)&$jrg~gE!2)j#8_hOK;TyHkspZfaYc+_fN% zWWcp9o!V;q&=L;91;W7IzHqr$AcC@TTs=3;PGDfhrmPSyM&Ec|ud zM1ESm6oP=}hQ!aDm*zEavHtjm2DQ?i2nw!)0kY}i$|Wb_;Z_3&gVSitClhS6Mxy}$lriKCkGkGmSY z)eqOd@BcXunEUN1mpu0q+?alq+dW*ja%!K{joO0l75|{~hU1HubE}X5_m-Xs_krq6&X)2>dKiX}xB=a+5Bt{suD6G<)~Kp>*Mg z?gzKn!kQ>(P2Dv<<#XOe+O@vV%KSCQ+oJa8yo);>`oi-S;%Sc_Zx^~vS`F`?S!13cJi*UP;C; zYD#b^AsFB-Ar74_!_9A|;M0t~Q&ew`2PW!nT3wD%3d1Dk_#E$p)pN7E@b&oJiF)Ck zrA;TNN=ZSNzNrog3|S4eOt{HZ<#eK>pn-!&f(@b7!6bR0cImHHikb(OZ7(ntgW|A0 zdqZ9AIu`wF9J=lX#S!Gt8@gnxKFK`V9#VYxC9mwB+=}<_l!I9bH~f$<=@+GItJqw& z9X#i&rzVHhbPXI;!{_~K;#Xa`f(rx1WQ$q8KH58j$r@6UKdROu#yftMaW2d+w2plq zX`XIqytt&Izv<;Et*o4@7h&UYc9L3G2X$LLNu+H2cNgyW2Y-fbzc}9!JvOp&bZ|<~ zYTt`t?1*4zL?Mw;SGqDKF*0@>uXL~cV_o<64i5#C4OdxSDBG?PfGw#{ZTRrMT}PkW zbN^qTFr#2Bq?Uec?}H9IHoWKYxa3tjy5B!p8H0=44M>Q;*BtrIx1ppMAa$u6M9ecF zgSi%wjrQ>%gKuM6+H=yVXG^rdL66}bDYt_0liE;Gkt5$PsSlNN6%g1RPhr2kj4$6j zV^NT>ziRssB|cs((I+C6E0}e}`D1q$kDL5aM+#BMFr7auXP?refE^O`pUvsdK=JO= zhg+;;ns!!pn(^kb_F)3sX`(~G=S*{9m*i)4V}Z(Q z5XTr@y7l;=jH};Ze+#WKMh*?LMlP+{XL_@dkS{WiZ-&(t%W|#~9!k~ePY1nFwRC!* zm-N)<*Ig+c;+%H^E*)Q^Z!4}OxOf6Jzta4tkcl*FYa@*^% zbIDn?>>F0==jZVbVt7R--=q^i>9IFBPuH1HGP}6u#OMndoEqZ0UXl`Dwh&RVJF_>#nVe;s=4ZQW+D-5Ly8D5X z@(F;s@ObRPOs8+hGv*2w-EBXV?3Eu>m_Rq}=G^&3CRDTBjJW$_6w&oR?3c!N(-q#T zyLKdWzTJGsE&cXup{ihQ)k8}s;;$A+pGCxO&-=%xW6N*dnZi2@DM$0UoJX1yD!wD% zzAfSNpUepO*I0;>rY+Vf%AI!ezS8`D0x};pJf$?)Y-<%1XZ)7Umo+!Xz3&n(1m}Y# zO`h#2Dk37<^!})QE3B#czPGP&sku{ao*}oR(Q!MDlC?wuVivaj9MU`tMI_&EIG3i1 zX^!-oQR%jzC~V)Ta4@|W)0F6qnLHpUqn>nWdSIWFlkTnf@cqdnVnOngg>EOGkG%&) z)wx_zF2DOMYEG)YAfBDE+1FswL7#=*nZxrHcjK)XUqp2{!+4i&>nuin*GVx}F@Fd< zYZ*O>V{;ErupOb<8>E?N??L@}s{KItjZs_5=pPKZE_GV8mPmXnhxQjM-+1D#R z^)^$W2?1OCdz40A5$_h4PwQLf;~!Y(XK~gI`_^y8D$10~Y-uzsg~vN`Z@UgOlM|6Z z5ze=`Kf!gqEJnG%1rf(v44ujtITf5TX*A9iFAMGQSiEz0oRcem>Z9FGIo~On-`;ba z4Yvw*RZT7iiVaSx3@gdca|gWd`^+4CB3*cY`VnL-*&{+4p~;4P(;~c;Np;#w-%%1R zMS~{Iig_KSFE~y4@wf`O)G=ff|M>YbM9D=vdsf1R{%H20;1{0P?q^S3t7Kc;p4Uh|l2d{81>Jg*un=hYy@;Fl7GC$YIn^+61E-SUO>VPe|rn^Mv4Wz^# z^F%cWsc)kePjjE&Dl_kIqk>NfU*WFxP}niDQ4c_2k)4wJ*?+4++FsZbLtu zH|=8%T+WSNsn?mO7$vdicj;lM@Lx~VD#wn zj(SN%AJ5ZJ$vW*rj*gd|G#c%cDql>OWhqrsJY$RWFop9r#DgT835t84L<&2~NL38h zWQ)hzQjm-kmQBKlb<=67Obx;Vi}u#Nsrua4KDqbt2^Dc$RJ}3Q-ma&^n0DKmtwt1-z}%;Ic{*s&mh$7S~;BeQMa z?5zpO_FCg!$wQ1_j{LwM^$Jo6u(7^=-_89+Lb?Rq1sI#c0AY!;@cb53->UTMx#6X*;Q{ECyx)*RC> zcu79cIW@Z<_~$!%u=V_hgT$KFFEmdfTIAJO%=KpQnzdMwOd&~JkhRliJuRo=ggk)x z`6I>C8!GK0TL!es%#@_Orz=;K;6bm76p<9Z$MQE!X@8D*Llzn#X{ROD^Mtp05lMG; z-zf60{tFQZZ*mUlYbrmtlBbjlAo2~1J=Olxxg6q=0o|)tljL{O>bXx*_Tq{PypUB7 za-0s~xYNJqxh-_y-i5#ZA}{%OZSTuSPDL|A%OmMo9^W)=G$3(5MJW5XmMgaJFY!I> zKqL5|Bicxk9-H&k7(f4nxXjMG3CH$WK977lymE@>XGOwb<>^#>3|is%$p3;LwE|#k zNl@0!nk*X{2NmdggD8*->{S6D&p-1=%R%93rgn?coWlq_vObd&oP`k<bCJMEC+X zw-6yb-(O^E*9qaEx@(r2eVJHPwa$r0{mo#=N79dcseSe9+pG)*3zUy)oB!38g^oS$ z`PHtG5Xl~!l7CcYg`3dM#`wFi^DDD5ixQ$!s=%lUW~J7L1(5xhX9LI6S7QQPa^N(t zqbZGJZ5tuB#s}@n23h;*cPt;bc?E1DOq3&GHUQnidlu)=*mGVg3B6GVV{g*Pi$jj{ zU^RO{nTtsy@qZKHE3>Lwg(8{b@oCSXcLBpH z2A||40@|69r!?Tnu5MCr`Msv~<*AUb7*-EUcgFIw2)3W6C4SYtO`?~Ieu-@=*l2q* zq}9#rQd)ZKDYV(DUvQC;rF>A97)LxY{aio7MPbN3U}+_obX-1ssEo@`3oRb>HZ zRJeVkg~V2_^<*>Ge_nk#5CHET?gnyIMfD=uEA}YHF_> z|7a;E#i))|=iXtM!0OfE#RlyChRt)T8Wyfv+Kdk0z8{qP{pDyrn0k9N661uVIFQw; zt)n6vLr;?!Tv^a;b+6pN&{%}o%Yb5fSC)OMPI~%#mmw*^NB zl#i`VrCr%Y^kWz^9fyIdon!(JKw>Dx`ja!Bi06AmqqZCnWpy%T%7L}+y{Cw^O@_nt zJBiti2YTm;2q~F*USB;x@XG_H%GGNT$kSTRx*Ug-+)n}264r3Bh7{`RN1?{v+Qs{d zdOv-3m-<|uUMEhzr%JATmGA5Rr>RsYXRW*RXm-FmCzKB0Gp^H2#W-tHx>^8jIyZ?h zEy)kn?6`i~WW--nFkT&ZSIPvuKYGuxDT7|99yAtB)w(&Q)&I`u3SLSGYjAzlD+Oqp zu=Dh%TC9Km{PAr2M0=*h?Tea#{7jSxZ#6dXVgz_If2sCl2ND%z=cE=cKTsVUyR3+g`PcEqv{y zcSo~1(FP8XTxpYC(kUim0>Ke#%k`{0sXOP)Gi5YWhXmJCoxU30fhvzSkX#J}a)ujf~ zDnq|3-O%z!yF}-o)7k{Sfv!QU1tqAPSC)e&zgHZ-K&$)U$EM2!YOiB@$q)u<8M(Ep z^8Oid(c`d1V1`>v$#taldZU1NS{KEX_q~9AP}?yXcwD&EG4_{`F#6t_0Oq`K*0*oq znk7EFBwEIaYC!VxlKUm!$3-JB>&TM3%k%LgNCO(QO`3vi5E^|ZG3Fpj^n#0U_Rtwr z(o%~c$}$Q#YTi&Yv(XxE-OHgacp1^@<5}-2?LBHV-o;Bzp=NMu`_ShN<(^QdDIaaObbG4<``a?)O=J(SZ)E#9p%R?4A}ch1T)1Ic-5 zln1;q1(VHx>iT!Skr>A5)TwJna+AUe*oisZU1t0KS16%JgJ?g>{i($!KQ^#O*m0G1 zxXD6x+8>p#(4uCxQfb*BHu}39csXh(bo6dE$%VX}FN_Vp`Lho`7~?(%huE`xK`!v!N|E^heh zQPlaNaO?RJuob+{I2hc#*>v2I;NUDs=AY(kUFgMV%~;vHS8ZO-3jWgi{BVHhb8pC_ zziQxk&>j&UU1x_uNWhP?^X8=6U}xb6B_iilaHYCdaSla-jokX$IJQ*{aOE3+ePRh-7EeFOhyMJ2_Zl3rl z^%PyxnQni%*i!Jg$Ld*Z#8wZ;!G(G(ohgcl+~}3pAcurtHiK^*7x6sqFna<=m$5_r z9{4%1;TAiZIR!z&q4o`7gOtqc{B1BghNwHAhuoFSCnlh~;=bfFtVaR7o}6kbX=)%p87)`0r3o z4&~|l5}$dfmunE;q`H-Ac7sw1q>TqzTdCp<2ArW(5%(AO z4c|>?>v8oT=f6N|KL@f~uB7Ez_f+3#p^PlM8ni+OKRw(`nGiYfDGR!<2(#GWy}{wH z_Wnppyq4@S7FIW0CjnS;t77R1CGtGH{1YNQsAI+ESnGDOmgR2@wa26+567s#v|i0t z^L8wFIcrZPVEhzt8UQM~d4NAZmlpKc@~KJ|GV+ACF+Z}SD+ow-1L}z5#QIc>n!H=z z95kuuKkd=2oNa4^V-N#{amj2kO`o2MBGQCJKeuP34| zbnn<@lm5rBajfW_eNmnn@e zk0WwZDOJTc>+C3FhvA9Y?#ozV*Zn-l4NtUMJ=2NXAPDS8%VljEz61U!T_ zAIBcgpiAZZ)OziBbi#wyXzuZ%mq9M%WL&1kHcKNC-*l>jmPe*k)`P*LvBn2=s4DRW zQC1iQj-%@g#>0bL<4O{P$Yo*!Pvh?>nZ9Dq&Mr(w+pi6)S?Ri5uwzmZ_@`|m96sh; z_FHr&r2;_KZEIl_qe|Obdy7p zXIM;hLubLG{VlUq`BCG-6hhN(0tesT6`r-8&y#M8SKf++CvfRTk&4IWASV2}zqt`- zewSjoxsk!zk5&cwOsUr?8vSjd*?refGYliD!jD zWomh`Aw-O-@Oe>N`4dIju-nbEZl+lXPljUdJM|PKNpL4=b3>IQ0nPQ zz_Zof*wc8?((Q3|!#TBKZs7702Ofg~Rh+nC(Anso^jWU7dVKoZt@5LG8dG(USf-?8PWTS6Z8a`DPr6ue1 zGq1IdA;I4&psWk=aF>mA%ND+Bc3=dd`@YF}6}!z>BuL!4swViDw&#`@Lm(yiJfO7D9Gk1mz(fMED8g7sIcT z^03<0d7`b}PH1npZP8uHE@-a7Xl~7kj*>VuVQ|02VWCf~kM6FKg4rw}~de zN6JZ%R{>q;>(D@fzSx7CJbv~Sf~41<%TQsNould(we`-s7g{*wT_Y`QaiwBIzP7-5 zA2*Wc7E9DQpj~zf>f(~;-7p5~&ud;=qbJ?q>b0@1lBEuo;krtqlyA;f(6{1M@k6oK z=gzDo`PR>)_M;re%tRe`k#Cd(nOI+u`qWG2QWPYzQCrQAND@+&OU-ql_r+oLm6HCr zTWRnK62>h7vUawbDLzO0C4oyQj5<%v+Q4HZ4`32ktj+F2eHK>Je=2 zeqglxGE!6@EUVW~N)fhS>y#I?sGFQEWplu6wgOmFW6i->4?8YSC?e9ATuX=hiBx+Z z9M9Wj%el>!$FvD!`q>nFK);lyVRKcj8TDHK){iu0HG2npvD0p=qL_3Cy9yaGqg_e= zB=iCD5=pa$yT*4QtW1)?yHJZlD0^N<1D;;TXwWDPuYxf6qAGgV06%QKlZQx4n6qkh zX=8O0dK$am_X1Lz*Yfan{TAlmQnM%tiKS*#?R}gT*tVz#cI{7N9vkZUvl;UHKa1p; zy4{)UD2)a=>(xDm`S{#ce=M|PhRj{C`|2*aZhX0Jc?+hb&!q^#OA2zFv!#XHC)*e6 zJ%}wYDI9(G`SepDblXGdHUnwpcHm={N52ZvXAhID5&aK-901C7gW(l}&}uOBd|dB< z@7v~$;F0Ebd8g>Xb`^EtyI<&9qtF`;YCSNNwfY^SX{=CX%CEXB3M?4ql3plnI)sEn zn6MlA5`pU%Wq!)~4P+{;iTuxHMhm-cuJdd>-PS3!fXBzCMfGXqyv#uwh+HWc?c(k1 z`a*4sS)&)S4nX^Q(ZuJf$G6hsl72Q|Ozff^*gR&+JiJ0*CA;bh>f3~Ot^JYi$(5aEL8 z8Cv+(b4iY-jU2j_o3YO~NS>zcZe!RQYbJ`*FF7Sz2VapMFK<44On@EsWJ;AnYp-S~ zKF;cp-0mYw*u@B-ip*E39;HxAS($*IBFy2zq5LxDWDD+r`fBg%TMIaSkFxZB{+;ok zV+SIk=bPaVuApSw=8Z!nAlhimJZuJ83n$1ZoH)?5&9TLeVz_zx>%ZMA@qkUk_(4+h z)wYCV`RV7z$|OG$)ENf2#um#}(RyQVQkxn{TBi{bJo~c!u;#q!%ASCII<_V56?wib z2IvJFqIBj4q>6-7;6;?3@@IddD%WXnTBW!}#T?yR zQFZI3mw0F$1EksU8JDS|LfEO#u9en1#)_)6FK2_KNflP7j@LD!iP%a^x3sdaq4sKN zfS4dbId;DHFNjxjD+dm44thTn+FYPST4lct^WMU-R~#(DiRrHAGM)AKK;9t~&3m#K zY9w;ds>#QHKN6p57_pfo(K4nLs*EiO@C+IWx_Z`(_F@s0%P{Y_FIxCw74g>KH5e=M z_!hDNT)s()Me&Fg^!|C*y6ih7t*QhT(GrYvOa855%`c^ZcEC=M3 zPW%-)OwV!Hwv~k3-IR`uEHfb=R41IM$)8xYNwAD^U}=PlF)vjf)y`BiT%++80Q2NhQ|FAzvA>@Vcstm)u`hHf@NAy$WNNt%6E{{JZH$q7j|%UWPe zEcG$sa4-7_|Cj8CzuxDB@px3LX>`YZkE7Tlr#nzYI4Nl!QSqbWn(#0smDmzfnJU{d zt>DgAUOBZbpTW40Gf0&Y!EPf~+gLLn_7>QaAC>uREiwD%vX0^g#oKhw(-AJoAr@to zF-mQ~3B;(44sw;ognH?xa@kXdXxp|9#-jC{6JPoQ6$+E1Dq5MHxW;h!PQG>cyeAU$ zW9?eQ>eqhy?fdPyd%<;9EYWqT@dqYp>*!A##Wx*3moL^Hwlu$K=LD5ccbwk6HwPvN zNJ+a*C#$WbiFu&5&;m<1_#m^B(X-&%VZdW$P3VmqphYtmD>Al}Yu6@#5>cnx%Z? z!hG5^T&Syh<+^mYL~9kJo~0FKVvR|=RUkHOM4y8n(?bhcxU*fy^tY>sjGOHlpTX)* z80gBcPf4u#xbwruvcu>0g`3r2rM~;M-G{l@L7|5;L;AJnBi1(HDbKf?#PQ7FO@WXdT=+;(XUr ziSc{Z?f%dRHRhU7e6G3VtNj=nUei;vthS4uX{O_FrS0*GOqSQytB+sz2Cq*GZI;iz zQr%ogFP8IS4mTFCP*m9ExMAKRc^dad_VPL9>F+2quk)2QET(r-hupZ$$Cs51mb%Cp zau1DS1xcftPC;p*Z{zzOVIGMCkB*%)5Ies3wEYY?njnP|GicSE{5Qt8!tp4^~m3`_BHd zx(L2=x95y3r8Cp%#nztoPlxQ0*z={fG+mt;eA0<>*gxFE9%s^?S zhxPSj(DLy>u)ec|l6JbhkAhn>;i}oi$Re?$Kw~`VH9JU>{-#^7t3ZO8_zmc?p?V@D z?3zYFQ1InN6-9Bo+n~J>6%V<-+_GA9TQn0SpWeEu#yjuFRv=_O8Fh0`#k^F)PPfSI z3AvkL(qNpNmrd?52H3eEZTmFw<@iHDR7GaPWAtiQw!^SWGOIMkYwi3qnPfR{?JQn+ zs*6jp6(r#eHq(&mI{mCDiKzK3NICl4fwSK3h-;H#VRHTJmQe(r3Z>ANF_lRl+V{VT zyXcR3P7AF&C5uVl>obiHBj>3W3UohN4mA?3>0~{KrC>j~mo3rl6lAu-BTgdm2a-o6 zbo3iTyd&qf8(**TpqofMun_jB+4_5ioj zHO+}Qtf|a|yXI1<<^F1aSXhl72AlnU&taWa7?VqFOOyg`C0y^!uJYX*TaO!vp9&~P zK5V{@?tZWdE$FDyd3@wOT?%ydqOsX+PHC(nW&AH?dUjBDoiUMLjT&wl5>A zJ*BewgNZ0FuI_get885_ARf4U-7K@JQ8;iDPO=-vpNa`d{b?W}g<6nbiGaK~z}lvu zex6``e8*4S9RzfEkUW1IqkR7EL@!~;Gyy2 zp{FgL9w#4s4J~<)fH+(`p4Q(NtJX!|8^<+3uk9EE-SbfKOERh13R-)910nXK5;)FB z0})B}b`!D{VhU=w59850#1%WdPMDO_t(A%I&BDZEIJkY};I=-bPv(nRkJ72O!nXQ3 z1ypkMxrC997X=BF%twM63#{NV8@DVo3Qv&!Cha=HnN?Zkh-FaietogE>P6>=(NOnz zR92wJOIGhMZ>1D4B=08Fd~Sx6jt!HlQ>c`C&o+Ma19<|CB%@t+>VkG(Mt0{U*Ldv?jOLg!V1=K<) zAk+O1?k$4Qq!UQJE0wn?p@qRmjrO%>-Ii>w&bD?1NgarFTmHVPIG@resyxi5#y340 z=ZmkWbPjB~V%9f?j5Lo@{>PzfEScZv18hP7kj!HY(L+5Sw<%kIU7CD>et@*5a(1=} zEAZcsLY}BN2fUI2ef4#wcq9iwl%m@|7zaI`>5|@E6Gm|LI1E5#n-0KR4v_U?<88;? zK_0wmmW{JA6DI1FdwB%6r>yGf8Hl^oc(j;yo9LCz?Vhyqv6@-wSi2LF6gBk^xO%py z4_E(TKH?SCaTE)4T>)qNv18i6 zPr&sT?j*Fn=APy@A6#E7eq^zdOlfHU979kK10&uX76BO{u=2T4+qqat**c`=Z>0bB zH5qA^2VJ^-r_*MYbu%0jd&; z1aoYoY8QL@BJA)Wx88mZPH*}>JV7mmNlIBbR|A|kr3WWt=^}^_-SZNbAJmn&)0*8+ zximEFFq^SJNG)2bNx0b1_k`K08rwwVK{LoWN?j52v0XPwW*Vs^(_WI+$6A0{T33mL zCs0GAQ#6ZX&$tT*eUKn({|$}2_3}LL)?|kox4-)e-;v83;^Ifevd?dpgG#y51*1XK zOMA?Y@Ra@P^aqf#^&&AZ%EzrId7#QpUq6qEGv)PM&!i-=!n!FUxN&*sWfgI zQ3YwBK>>Q+$og{QkA<6nn-`KIgv3|bOJbH==sDSJf0-$cxEC%BMa;#7-0tT`F2oa8XfeSe!Y?AfEuyVfb0G z=hRRD+j3191ubdGFiseVVsh8)SUNv)Iz3XN@{m|n;YL>`E;_>G` z&M?zY(}`epl#2DGn!|9f+@jUNq5G;61nCKQRY@WDUQ$()sKc8J&~D^$|CQTL-v!~FE0BWaz5ywzvQsO@E=M>A^d2hCU2FO=!VBl-f#rGEdGrr&JwQy7Fki%`u> zM5-geVn#VH?bF?j)!%e@np6AwT+>W9rgetNK~6TEu)klHJ1P9voGye(gP+fYoW zeAfk;V;j)Qg=1!whT_mr#Eoe80>-S`iTA?kA z)Yv|af+1mr?h8eJuGjM&9u!I)@6a3xKB*Y3M_WKou}I0I(MqtoWjo0uFrEa^v^v=l z?F@tBVa@?hHk7iR`?Xathobg3W`C;e{%|m5fPvm$?MYvn`QVal7VTbsj~?AUIjW-K z!FMg%mWeqmX44d$Ye$ULY)A;3J-pEXy<8euFsu~0m`aVC?>IW#3_V_*qhywT$;X_t zUSVx(|NQi-A=7hcQE&axncD67dl-lr$LvxN^|CqEWE}NC`@**c-HpF4sFSo+FX>=| z{sPB+n8W;pv-DBKRCf;~p(}X1OZWL5ifMc!d8jhZ;No@6;JY}*fqjB}4f8&JEo?1= zP&)`L|FAYTVC(9da1+fp&2^Yv|MvLfr8m4(ta(UZ^?2?WXJThMa+|)4pkxw|i?`?- zd$nzI&6)01gx8y3O=vam(#&?wK4YHIn%Xd-D-d;2UURCo1ss0EqMVW!`j8#s9<6%x z?#Lz5&96>O-o~sBqr;n)NKi{hWKCU1980s^@x|#%GhVJpvpn)Qw}<#B#LO5LApCaY z?4Q#k51o!QZWgYRYnB@h_Ll7C8|~KCeEpJ%1H{EkE5BPnzSypbh?G{jv?hvO+b6=HViL36LI291-8xvNkLci=S4mCRt z>?RT5(1^MGO}!f;o?~aNavZuO1++R!^HzL2kVRNPrR{S*%L*Y%6UvK6Me?5Cwf3u) z%@*b6hG;vCe$^m5{CVqqgn6v@z2Fg4hDXA~qJRweJrLG4^NZ5kZ=yHDkGik;SMATE zd)kF|0b(6N`S@Jbh}s^qSuI{#b6ctg;5&HXr3F_^7B){=`=5i18Vrok*h4VSdyCC= zSa9qgJ_$o^$ULox7{|)lGcBXj@B(H|WCp^w-l}Big`jg8e8-l>?itcakXhFcroI1W zIeBAtP;pPDXMtgrvc=`4K_eHdVY8RRA;W*#qUzx2+|73Ciuw7YwWq&}H0`Pu<&tgJ z&|*TlU^>XivfvL%azsm}A^$vA!)sdUQS!UU`nN)DjT$>Oz<|Nau0)#*<-C%^M5ocn z4pQ8l`vo3|rq%ogziK)E+LO`6W%KUvqY^A)YN3&bnmK1NhE|uVu%|k7PRao+;5nu_p(e@ z`_njCAlz|Oy4VOSSN)a72I&j|oLth7F_7fY>Uv$^7o*kVmX=o2;0C*CsLnu24svj1 z%zt|SAl4KPWP{Jnbl`U8ru zB*lVxu`7RR?J4)kP!sjZENcWy=ytD>Su>N(O7QdI@P6M0RGfV9^<@CulZTYDis~kT zYdT~Nh@&`}XC)#L$R(x%?Lin#1OIdxVsa{j2zeZ53CYh$(g$0}4rItOF; zk{6$Q$F;mQ=E^e^)6Mq^F-hZvLPM00$3orRtBlM-#DoHTFi?n(pQKfDue>X|eIsZz z;7xb8s&hU-1po`#PY6i!kjg@L8v>T|C!)SnzzVZ3B@R`N5|dP=oO|SjH}IWT1}D1b zra!Pq;*_{NIW#vm#n~pgaJ&{2`P^!WHXy=cf5b$>eh82zz9{06I0X?=4=FyXELxvYHc-tyA{G9g0`@xdM78gku^0n z=hM`wfo588W;9e;6)P70y zZU@?!KUAHVO`7}j>AlIok)a@%Ic#dOxBYc&lZcCZP_X)fO6njXM;P~@g8WBDq(HPV ziy^YnmCw8ev2#i>hf3QbP2(!i0kcBKQRLnFE_#w2*O)ua&unHgn)b${m!w zgP`=iN;9Vhn_o5T`=+GVn&PSWP_G1!Pti<;)cWetk+lWO3|598Eer)-4jLtg2U~3( zB6QSif3sh@MSB%}-fy2Quy#a>Ug#PFd!frPfcqzIE~{C z30&~Sy>r=ajmK|o_fe_sJ*i^Mxb~%-T&5;DjQy=bt5lyNx;hT691eu`VA~@TT@aTfc(Ew2gkkYOZct^e*UZ-C_0df7glK?IrI&Z>S=Dp zGLS=7LFIdT$5SGa!*K-r{5cl0r&yWOm`^QYA;JVdLSiDP0f%6aEn0HJSoGVY&`i~U z%jVxB#{znr6o{Km7!B8X_Sx*|2fJlKZ+2C}mS*Xlo~k#ImNMm zc6DqxT5d4^LtsZzbW$`2{MwQExp$MP@KJN2Rw?CYGVp^q`=XNFQhNfDR$^ax3My4VLY%y%i-ch_tNZ91)v$$l0hHbhf3qCOGlq0h*`42jc56= zuC0H$B$Rb|_HnG$`~!VXy8i;&k25sbtY32Y5dZQ00XvFkv&mQw<7J+4pr%;oLx>KO z2ges5MzX^UymXS_W?njzC(!U+W3~EFDj?8nd+Se(B{1ohDXf9Y9B7 zUk?^!R|poL;ppffOEe_)n2PkX?_EeQAS%UZP4uf9a1Q8z3r>zn^Yna+ZxL!dyF#Mz z75U^FsLPfOoof_8MjMK{?_78(AD@xh*lDYxFyNYiiUI4AyaL$383iWVs;xOs2F^en%=@_hZ8NRnIodK2ODTDjHx zC4R9ajkhJo)#En`u}<#y1=LFK)wik|SPP_MFoWIwOAdEORd-5~H%oZ0H^cl+x>J5} z&T`A^Qt{5|R3|DZ!%B7ogJhr8$&<_m_CM z5_Z1|bU-qZDSMj-qPsh&( zuNr*3a5F{aW(=tZIw1TDw}2EkuH>i(L~};A(op#%a`;dB_Ulj4Pro1WxL65kW8=D; zxI#^bf>l0R@y_(?44&-v8=hskDj=q7uB#|t(uml}AxVwHQ*O(58%@korejv;ui5%Nv*+k)F{XUj+?c~*N?R0{~ zRtQ&M)7tyZ({sOT56&309{l-jr?l?REI5Wqr}DJr>%)f6qP49Zhn3; zMN_&Iw@nQe^2Dhd@iO2>(|>%tb-tseHgGx|BP-|ndKs-#@t-ScUBm()F3$%Q;j^4%fMZnYFC+`DiH( zCw3v=>LtH4;5Ed0?`v7c_AaK$M{S3J(`!jCUEtiYyjw<n645EF41W%}`ZP)5Ar1Gc02>m)lGVAeShly@L z=T;eaf?=joH#$k?zUR{yO1eUtJA$KBEB;Jeh(F!6ZqCHAT$Z&VlykdrIHng2gH$u( zy6-1C&DsPs-Tk~@EsF?Vxzja?z;3iD7PZ2^pWZhtk9Ig*(avn12);TsY}AFO9WO5}V=N-E|DSUR294r(i%ElE*0fZhv3AgMMA(?9lMhnR=P$ zyJ@>nG(AC+wPSfqgODJ;!?oFctQN^*tbL*QIjg|^Hm`e&0K2s|5 z!HHSu-$x{Tphh!@k4vzeY?2htP7#`FsQ}6jnYrzr%n}{ z=GzIx8W^~fx)iIcnS+U>0ejl?sG?s}e2^S**Ws(JkP*hL(a^f*W*;H0QSV8pr@?;0 zTeCJaPdG=YD8jK}LN8ZYmmNna`*A?0OBWqA!|Je5a@N(75n%q-kBvzO5& z7b?d~!7ZgCkx`T{+dL|<9V|vUI=0uFUUk+)H}Ey7Rcr%P1UlFXhG1iS^>nbCPBH@w zkx;I68#3{Bh7sQFEZd*ZbAkqkZX(M?b%$aWv5p@+kP$J)!e>mU%&jM&MG zgpTOZm3EtWvtXLuAoC{FtHPOEd$f1E4IGSw1iK=2@UTp9tJ8boQk@Vz4bXijO6e{2 z5+x2t{j|}?=fy!Mg}9m7)>K>DJLUPg<-yuZk=L@R%{IwV^3K)2sOQD)bPd0Bpv2D3 z!T#7RLlrCq^aeXRa@?c_c)sSI-i6(lqBf)?+C)S}xj_#KY@{r&=~spA#%%9*nQ*qv z(>sY92iBp70?a`XDZ85aLe=O+(oCu;dXVW1$%!3*MrtJM+mz0RxR&y-k+NBI zmUUsUj^Dg6W{dWK{-mU~7gm~MKO<%)X;CNQ)nj}N%WEX*4@CS-uLiCBBqoM^TyZi$ z27}{``U#qv&UO?9hNA*QE!rbF7|&eQN@}ZLeQUlHpz~zkl?+>xKQ`2_(lnEy1smR6 zZ>c&p;aB9Yl$==MTYNToIvw2Vs+RtF@c4L_D5cIu5%AfzwF(HtxvCNgK1hx2yWtA^ zy*FR)9Zh)!5OJMF6*6%Ad)x(4;l!d}Ytur{I0OLmE_0kp_2hX4scb$ZXFHjJShndJ zZ}Sw9Mp`|&YK^t;=&`5z_d$m-zXMAwY3=RNd~d=yUYW7Pdg*iRoA#PANN*IjG8~m#a-Bz-Vu_nr)|Mxoc{eAm>fJP+KahUH3Tx3(ktrlCT3oatP$mBi_zYu69HN zp`y4xj8sgGU1}_%djoCrE~_J`!%bC5cLCAqgjL?@9RBI>9j}Y$skB#L!n@XM) zVS)w;QDI2=fm`7BN`k(okDGRzK?bU2*8ZtK_|!9}M^y@;)TB+7k58}2@sQke8*siW z;E1iFr2D058R*&w#espVcUe{MkCvTvsD4sm&E1v-s0M}Ilq1aEse^w=L5jfxHP&x& zegthj07UQ-as5lD-rO;W-BnA+UyYg&eRjEUfX>+F#gap{WgpLRv2Bl9o~=#L^H4_a z>UG)B=)uKQ{%)N9&`pE>g}PdIZWYu!sUfy$lIVmB`3VE7&9|WSayjc+u=0do8MlVc z?ET6253)x;`GYuorzTl1qN}cC-94@5-^*76R)zgylMRh*Ge;eX@k=PZbwv&qWgV&o zj~E47Ef0<(QU&tt`N@9aLgeJVr92lrq;EJvZ;n~U(Ux32Lft5pZh0_{)?}ylUSgc& z6t=8A?nbO@gn%X%)Vvt7MKKGMB72pqk2SdoEEk+#EF-Q5^=*9 zJIO0L1xH*bX+CnNu@QP(BimV0?Q2n4%mLCw^L7Hnb?n}az{)iODlZWcJ>yTSskZM) zsrRLCdwNG<89#+h?0^qGh`O9)o=pUNebn8KFn@*@Z)%=W=Kru(sp1rF^O`3v6`MXSJ! zcZH%j;boVhpU3-WU9S%jCn7J7t=BWu)gk_ezpXV0=kq@aQe*0vmmfuT(2GaiSgDe@ zJs4l&{$S3w4LT_Xl%|;8^=I9RzI{2?=A*{uTL??a)tX5+x+ z>?14p6P;}e7gzT>56@<7GP<)_)^+fe<4U$oD8IpKri<3SEj2#*D=prO+d%GTJ3rIO zqEj8({b{3ZUn!;+SfXnW{$Mp7tL55{uD@mtu6)Lms`@AHm(LF=uH(*BS*El;=v4bH zsZI~qq&ZwU96uf7ayC#8kjfX+vVoCAJANt}<%7ynqcxU=%z&(+RKy`|?I;g7iLN$n zSE$}=gTg!Ctae4*u!X89bA^j<#|ABW7$yni?Vn|n<-hoRmp9~B1(4kDMkwB??JlZ$ z1(`lN9Of41i?y=FJB5CCPI~*js}}HqI9hcs&W0H_sEPR)Uxk1Fz0%yqK=L?EvZsA zyF1P*9Yfi;k2ko~2y>9OKD-aP{~BV-b}80g^FvnHq2dG2+@BQP@yGM7mPU$q>X&Gj zQt=JSg`M(f8R1v=y#yk{auu`N-&q}Bnm)ulTkkplB(m1jl6&zZiPdB_i0=_WU&ju4 zBu=Buk)x%T>e_aDANO-C8sOGk9hlU=oL6EMLqZg2!q7)!5m=LAXIa?)Nmi*@7ZohB zjc2Z5H?u&Sf`V||BprdgWK#o?KIa|I#4~g~zxTrHj zU|CEWB;|O*JcLJU3n3EOF0xFwXT#S@n%7;XTi)IY&1-yLJB1yKj{+jfhzE|Z)Qk# zu3q)BHi5Ko6-d=&%p{N%&hziduiHC19rK1JyZ=QM0yefM1WzP?x*31)yzz}zQ0U1$ z^&|O9!<6g~VH&EnndfP{?iOU}PKFb?UQ_vOsII_4uuQlYHwC{o0#Kh9@as8B7~sI> zt$(oDN#Gf4^p4vG^p0kCwYnBp+@iKH@$Vgi$#pp?M20py*y7jTu;8e`E0< zdHmb8qfDYLhQPR;?F6~3dP{2WkN;A6M@TUsM{xd@UP(_XC5pja zV0(!>e7-}UlUura4KQ6VH;Xgp+PdRlSp}Qh4-bYmx>d|)CsffBC{yIG)@hjiLcb>y zTkl(pwd#h`TsX%6LXLd19=cq(PYyG*+>Bw8w1CD z3-5z9huN*ACGpgT0>Wjy_mkV(EYrCA%~KzWhC^^IqoO@ z)*avF={B6;2wcZYS7NiTK7r^x;loMAZ+WlTseljSW7*D$84LkwaG2?5z{{gVjohs- z*GbXUuw}n1)AeiJ+qtnlXo)R#k@YndN}*3ugyQp>nOpjtdW4&D^T8_N@$K8*o6?VIT6-=tSxjh>BT_4+3D!zHaxhCUV+9w-jkM?DQJFa6iBwdT&t*2V$e(-V;ek~Ar~CGmP;~#o&q}KUan=O>|FBUp*0dR^3iE*;>(z5s3{DN9MfElr&N#!fX58| zE{KSHn$JV~DFX%JI0*O!YJJ%XgB|@euW&pAsPBN_$VnMRaq%~QmseO*G5h>QyMOaagkgiLnp-b(i5OHdE zx(KJFrw70*wOlf4i-A9jP4Lw=m+zJ$W!bU)7j*xJ|N6f;VgJ!UiD%$%Td>+dLUayR ztlcT%f&9FQb8K!2Q#hKH6`Og)_jd2uds%{#jUBCAd(zYX!b`ryX{h$69tWbVgUbG> z=5spa`!V;wRII;vuzw#QIMhlI+a_B202ls!;!*>~9LTbCd~dn?3PU21R1~;-|KS*p zImcDJjQM}i^VKjo&r9QxN&Zdo<+b93@ZP7s!FQ!y(GSH|H1hv|=Ldoj4+ORThi~No z#YX%y_km_|VHdI~AP}Qvr3Jo&GW*E#_v%Zs+GyP1V@myHh5kbzO|$st1J2bC<7SHH z|2!!vGxIPdYX;w^ge4&x!4xe6WhdR*NqD}GLa&$kxeX6403hRN8Vfw&ea6aRqkF~W zy^D5u55M^%vB-ysARM73&R-fwV;`l)l9Yw>pKRmAiA87}H54kges{Pk{Pz)?rfG@U zBGX?r%GxZ46}jHx8i{1k*4Cywf(v2}O4qLFNj2`+zxfaMZzXRHTa9C-Y_q);J#8&2~Th1<7GH(pXGnrie?m+NV+dNA4 z>zGs{9m^o|2)q;Ya(#8D>Q%kE zU6oX-`kb6|y1%c#?mpeWzXSk@-0-|6{f$k<8^$jB^4zwu#%|+C(U;>78!KWq^X)e_ zm~Lh#NN!oW*vC|y0>N!)ib5WwqoZ3n@=zq>K9`rW95;z3~%5dgq)c_mw^v_*?VHYAu19CUU z*dg=3aenzSQ!y2Q7TP!A7p#ruid)uwM2?W6C;Ly>HcC?9pJx z;HurgiAfE{7Op-$RQ`gyvl;H#x=GlOBesjl4)azL8k(+NPuFGQQmeL$Q+TqCAU@}2 zK{q#3zA<;9M9*%`t6hsrNYi&1dftj*R;B&9C6)qSz+BrtzHFo0K~V+XRu>Ve9$ zmwUn&5zwC{B_htF$S{D+x(m^nqOqW(qqAteokZdPc_FKAFjY}iXTJzpJ0=UU?r)Jd zP7a3*tiLi&>q&y0uUQaDKnQmz+`h7^Hd`Uo`ZPapn+0t+R%`UWB?loG-rKEZFSG}7 z%M%^xDhngDy)t*s+?=Y>?={!%8XO!Xg;gPieFqjn41W6$&;p7hTeEi%kWm8@#P(1G z(|w%M-Oi>P)dQ?R4{Sa()u*YyKR@iId(8ODiAf?~wUGY$4k76v1kn9kGDSDVIL|pa z&aTS`SEABCP6exBlEMy3OWza0tWB(z3!^E*mloq?p-BILz4FHyMse_#oX!JO8t|*C z5?R_=ow_2=QiyY0J2?r@R9qO*A*e=1@hDt*mJ&!k$$yU6=Gv?bYO~b`Pr`{<9BRK? z;jj~l7KwlGXpw2=A5rpPq7{sF*BX^h;>mWam&?lB)9eSfwCaoc-K%o@6d?Pzp97P^ z1PKqmVEgG6qa&4byvUAlhrd35K58%*<!laeg+C^naDjh;Sxmi_05UHtR* zOrl`D$2@e$gNo8-;ulxeRn)-Y<+*MRz1_}vh%qL*B-SS>nNfvEzG?|Nx@`-mrvEi2 zgA93Jna=BK#0&jS3uRrGrIMwIpju4F zgg=S8w?o_}+?+{)QFgfn1a$tI$7Ppp-@Y~fj;QFdeWk991Cpy^yTlMwRF+lgRYBpk zU$8@GmA)(bYo}p>bG+!mBg4x+7Qz7i#>8*l5a&_B1&29kCW67|ItZH$mNeiCsD9XV zx3phyF$KXsQid3581UB_Js#{UTtF0^O0>^+Q#P2(m4P^$;zmJTiMfjKwLksS z`A7AlMAGXW9UT*XaoRz9`b3@{WN^hBXRDH=D=w3vYrkH9yM(Om znV<22+~Ik0$?gQzISB=~Av!AwVM?FyHpx(>E>Iyy)d_iWe%=q!aMTmYQU)Z3Oc4Rw z+zKi$;-)>gvQS#Ix{84q{iOk>EN=nfKW=ycuUIV z`t~85_@l<&7*};x0ASf#OMozh>V(bopYv@mqY;& zr55ezu&l;00oC*|9QGtXR;jWop3iuq^d$c!@Tqop#}GAG#eHl&fOQKc<5<@(;vX?f z(Q}%#G>RuZmn@zrf#p{2;^fKY@zS$-_`#aL*tDMyLtw4t7KwL7Dio^clIyaFF6HN! zAl%IS;OEhcKVYT?tjXhLAUz`|bQ}GwfazhaZe!!4fJA!KSJLg*OEs9+;gXUO=eGYS zm8fagL&^UI4iB&bd3skS@dT95PovHG;<6v9wKO;bT40(%%|3-mkqMh@x6^!5*bcp5 zf(9CouLY@Sa2_8PGFS(BAp^3LABhqoES+$`cx~&p@aO5~LpQn|jfgq8{sDd51c}a+m~xskiFfKbm~bJc!+w z$w;w)g(P_qj3X_A*f-};l2YCjE>A$y0UC;+b~l37Mq~w|D>e0M$Tb!|qaR(;=U)H2 zl@=hWLB|-|Uw$;eo_P_V5GN^-()2tU*lKpz2%nusl92rDt*}&fED@yGdS-M)B*HXx z$F_8~S4%~uDrd`)L+?)(ZaLzj*rcqI-Xc{JTX&h_+IzTSXIr`fG6$jE5G@5NAUau0 zmtM4M>M~eiLOl}FQ0g;HHF~Jr#IeD_%PC-Pb`iU`2Ey)AE-ci!GFf0lkJgyRIPv+R z(j@uDv*fqU4{IjhoRA%Tf~`fi=5%HXs5!yKx(j;zQxyr1WlSc^J0+G2s`Xuh?wdSH zPB#Z^v$;llDM?-L$76fhFqfMx&>@1JMQv%3DT@b zFt*Zc7eOO0s!dQlqjN#6V5e0a=E4b}kjY3|AKvHtHL$u0cXQ)3s}^sDei{NmZyon( zZ6@N-XNkT*hc8u!AaCXo3oucAvTcJ<=rv%l0KsJ=#N+}O;@)J{dBNwwC zHS|^r0a85FG;IBXlLL1`{j=G-XvKw9Bd2@gQS%e?E1vs{Dpn#${7#deP{8xKR&V5?l|;Ie_RPB^u=6!=LFMbe-`?>1b#LQuzpDGEmR`MMPC+uhA-lXc+G@*qv1TFlHN>u;^^Ol0- zjDYFqQSnCgJE@Dx?XSjx(7;^c)qm?h5n;W4Y4!Dv%^;8|lgclPRSHSOas7-e4DB2( z{FhVd2wbIg9 zscTUfO|`;k&z?QzUS1Kc7A7dhF}zwU1c<-dCvEcsPo|BfaXRsIGEacv-^?oO>co?7 zQSZLzEI#NO|Mk&wc7fmZ-va`9fd+;2(3%ICGY)oSCvS!p)~L0=pDG}C351>O>UYWV zK-Uu9YhH?MBgMNp;@q65v#tg`caZ+e1}j$9@g7oyO9eTNz78zzysr;-6TLnXi+bEv z1Vl^OPT(epYo*qH4#J|cA`-3h%Lhsx<^X@LeU$NP6lm6i=3L-Cd0dHj3~&du$J)`* zpk*o}uVR%**Bt=ouz2&+nX=t)N?pu_qds8@tjeD_l>y5=>@{I_RqcnYkPuk-cHl-NOxVAMoFXACVAs_YJYAZ&&c#rg7$RLxa~I zydP)a>lDEfKFr}8g)B|^*%cVvN<@J9cdE<_cpvT|0`P67|ME-)@Y)8Vb9(&V{9%Um Q79c?_E}0jdz5d((0GQBD0RR91 literal 0 HcmV?d00001 diff --git a/modules/victoria-metrics/grafana-dashboards.png b/modules/victoria-metrics/grafana-dashboards.png new file mode 100644 index 0000000000000000000000000000000000000000..d554597913bd345da35256ea299d98c589b90aac GIT binary patch literal 127747 zcmc$`cT`hdxA2SlC^o=Tx=fvpfPQ%WhJNf4G?RLt^+bOWV`ct~{UXJCHgTEY~Xg{H&tBAdHU~~55 z_=3lCQ!pJJW6Qr@r`p|%?da%^3pAcRF??gWLZCOlp?=i9A$sw79PI7ex38b*l@*Ud zL@PiNt=qq}wt5OI@bh1_R=qlpziti2X*~+>EJ%4B!Oz=v3ncU)BKofWU-?>Bk7x>g zx!Jd~pFIki>}*cX$Z+&?^yQu#n-UlIJ$iR%{`5&R{#~3toIk1k@8WT8VmwMOvIB&z zP6G`5ljw9CXO3$;zkx{P3~jm0!imS`bq_Tc)7@OR$IxH>h11S80fQid*#0HNlk)v+@nIRFhnXn2N*Hi}`Jzp4 z=k?{p!*K&wP9ayJ1DEROvW1vR?97C4k>!NiBZqvrmi zUbWk0>}G9oBL$zO-ZfYzpA^&2xrVR&)7#%qpWdGB!SQ|eoD53@&W!3$=eZ9mX9lZE zGrfMz{C7*}=sbSPp0|4ya5t*|S6q^85-|~tE|a8z4T1a%9J!AoGjTIPy~8H|2#_uv z&Bgk$1iv$67O-8TMQIXP zRUBVt`&zB-*B)FTe*3wpNFvYZ%)7F9V8c<*8*J?hx^!uayd%yBlW@4?FwftsRV} zCoE^(58}#iVU5d+wpI9z+*auK$3yx+pqvzYpFz7Rt&5a?m64K>&h}ak$o%p0B+u0H z++J5{O^dS6T)Dcpt+!x?dB|XoaKKt81nF&-aJ~4atV_&l!=e|(XXaWr%o$x zkEW4yWy3ByP6SnD4i|0RjryP$CfnC>)XXO#|C78co33Evx4zU!DH06h$0AEoYz5?V zG42xu>en5Y>W8$chl2_mS*?&EJ$T~a~oP>k{i zQQ;mv2mLZ?!9sDrmup%bzjw#o!>xh(&8oy=p=VXxftu0`6=xrHMZ`XE-Z6HK4L8y+ zpKqlCxsVXL$9N8A9s zzh$r5RogWAYBMs{v~~>QH#9+Sg(XY&T%DO%(^1^o0pYqYzvfU5YkF#?%Lw82$=Lgp zs33vD%cWb;GWz%1(7fJ z+znTk7{B~F{zjpbRn$CyjI-&kNR=?K-i8Nw3_N~xn)UB7_4bnGRARtE>SINJID$7I z)xR*@;7qiuu;hR_`juqvF zpAx(XhM4r=kjWS%#m*xpxulfdEUsNvx7oC+MHrz}SZ$Sw<#x~+Vep$MZ(KDkW?!(% zRW~l^5>pKW?-n!!c`?Mcx10lcY~6?M{gSYF%>n6EuuTDnyFuNe2Zcn94bDa-7ikRt z#9bK4=eH5S)0(;JyqX-$EZv2w9DA{6vVI9nRWi|x**poZL|e#@3%v$DeXe=)?*5fl zB}c>HWNAGx0%~r>`-(Vam`Om4%m}KKiOR1Ejjw$;&%ilTaPN`(GGasrJC_m{y~Pd9 zRaaeSX@JkjeB9VSn%gqp&XwZc82oJ-GH(z4QF6Du!BPb({4VAx`EWh9jkLI&2oV|~ z%2~*60Z=xIeTAExUa0a4?`wZd^X*i~f*asrE5ZDUeYC*m93*}GYhEb8N7^7XFO7n0 z7i59#ev)eTMjkcX)iF9}Ef6&{$frD@M2ZM|Dj#NMz|v3y5>^KZ=u9d2Y<_wKRqk=UON14=V(ItySwI z(70X8#Ha=}dPN`iyOT7Ats??MohRoLH;_7?>VT;Mqq%4BdsIRZ7X6ScsJKrVih=$8O|U30>6 zd&+=gg1~2jhos(`{ez>IhoC2y7)qB~2Zl^^32bGMu=HEsg7Fj9ijY!tVG8LYb=WFO zEH> zrvdhVRoGJequD)iDUD4>c>y_(H+IpGG)nvQB_UKhVz|z7q2(~%oigP&>$)7rQa&us z?V9Lwv)2OWZdmYKEd*&*E(JXTFxXZ^4`-JK zZ3UQv3W|=ZU&e~;JyyQ|>Ynr;QF;8(vH(9b(w8&l~wSKVCl zDYU0QpW;D$IVWol+r9->h)<;vGsjN)} zF@%ieTWSk#1x+uW?b`Af>Y3J2d&l9bDU@WJ9q9n*QkNC%DS5_ks*Njzm-49FhNP8r z4&(u7AwI~6yw>>!va&{3k1%fNk{M|#*a=?NWZQu25EOzfhp*NT)SYGxDu*pqd#xl3 zZ@>Ilm9?+kq!G#eDtGaSmNV(Us0H2MC<>S_;b{N`>Ea~%Uruj2Rtxd=?XNe5JLVTo z98@O;?bauv*57jhyyJM8&X)&U=T-i+g~`qP_*5obb>szo_81*TsJL;-O;)tj$qM!g z&-SZ{8-@HNXiCZRzd>F`@(9ScP)o1tCe4nB$cqoZz}Nbhb11SdG9NsSZfuC~wwmPJ9Ik#pqks&eCdmffrM=1izs9gX^$usPu1i}D~F zqNH6zIc=ykU>1H8`DR-q&hFSP-IbQ1^0AbHg$MTsH{(lMS{K-VO`1+VnIb^;L}w@*repc*UOU4kLevw?tsRBG z*31{rbg$redrbA<9Pz<*&k?-LrFHh=46DoeFN?g$_&8f(v$%Wy?GiKu4IaruxFrF5 z-1fptG9XvD>ghtcPF$@JQzO+eK zvf8A#kOfDSHynxv*z9S#PGscuF3)f!2>xO2pqL<%+b*e2O~KDu#$1 z(G%{DVBXRyfLh*W)4hFfH$Xca=%$@WwkYZo(5`%FV`pVr#K*6NP1@-j@Yy-i77c39 zZ1i2z!=EhK(qI}1>xP)hIH@JlP8K%LPpE$$EHVH`xF$-T!~N0?am2)BAq`cw3`j%0 zQfp<@QwwkP)dzK66lZ)ciEuUy49Ue9G6-Obz9hJ%3Ag0tj3WRP8Qn$SCq5i)u$Rs> zW9Pl@;Gr|Mn4y&vamtSS*PaWQdlK`5)59kL>A%Z5WOLSx6_DVHh7HfcR`bZ9v&{CB#b3k?AbsyK+2L(5m z&BPZx?>KY3ySzwEt@Zed2lN%bG;1~mI9D!N0tthGKbv>tQPt$#xETQH#giMBER#_8V-(D<+V#J&je#q&GM zj{qtzoxr{5be;;IQ2obkXbeyu@Gai4$Yo@G# zGED2a^KAlk+U3HZe(zdz4xGta6hL)xjQa;{XL!RgU~FB=ll>jc69C72cC{;Oz-r|6 z7IGQEyx6Y0iW;A{|1%YAD9Fg%Jus<5Pqi;iWQ}1j*y8H&U`#7(4Gz`>x47z-U$UJV zh|Dqy8g16=OmP^Le{6xVGwO|KcB#Xsf{e6>4z-j=Hb<;*Ly<)z5A~`M=7Lfjf(GF! zE>7@JON2j;F>J2vs!6O#G6l%&ytv=zlY6#?IGeQt;1fuq(P^VALmz6b2MTjdP5M3o z2Mu)fmDPtE^N&(7rf5>W9g4B7R zu&1B9AUc`1hj4I?tRDk9Ml1;7;W@g6f|#BN=-S(gEJDKpD$k+!<2=V-VjOdmcg#5j z6Hg6!k2RfbSRpo2YI)W`%hzjxPTyF6J%3fs#~rx!>zigFh8E{?Ak=)Z9eoF%VTniN4p;OBh>uODs5P}2fo-& zryi~wG?XEx!rw-ye<+;Ts&pfRNFw@)2L+P=OXSG2pOqsNmDKqhr~xvg;n{JCKE2}} z6$OY@4y>0m-MYxKHN6F}Cpdt8$tHe}5P{j4VFUL<#*>)LU}PJCt@^2w!K;|nnEOWa^J+umEQEN=TI;$N}r%YcKOvqT35J7(u`d~Dg?A4~Iiq@g9y z-zR@j*FW(HV!z0JOW&=K-7rhF+xz&loDzp<_s~0Tt6_sak&#KFnvxe+ajWhWBByyl zdapYo-s)xkCNE}gX0V4X|3TEArrCjdX;y4}1+lMTrZdacUikeYX`@}lLH zBoXA<#3^P>{Ia8nTxyuCxvl1$v#H53w-ER`s;cq;4hR?_1B?j-KTXbCl9moF(VSm{`k4MG=X68Dqd3q05vEqJFiN_nj4DU>Pjs1f@ zt5QrJu6BeUfsh#~6iL7nlQ(TGM>u!V*|z`irnlgN|3Pfpx!+}h>|6J`vA{T zh^#zi1yhwPEx8`Z%vT4}(0b)|DRoGkgO?9DDQ*5v6VLfdqQ>DyCbyw&QSt|ApT+1M z;271L#jM?_G6~#Dibht>c((>oL=P)8ujEa0(pH`jD0n&hR{}O`=F2|1z~Pw zcRty8YI3G_4a`5gk|zN!YBsNYDV@Rb>zm9twKVJ}GM2QUj4GB4+jMEMF_P=6Ja`55 zIA++_jq*`Jx*(2|nw9s=F*O1h?f$l%Rh-XXkN%j%@7(n?O2;l-hE`)x)bT)dSC*gl zy$@flXsj`|(AMBVH5ebBCSJoCbB)oe-PFsjQ42En*N(R6*4bA1uF7x8NoWxY z;T4{Eqjt`89~!P@!`9!9-(j4QOvuO%;Ox5higVo8*ly8SUy<~W(?d%J*rnI+Z+F!F z{wLC6zgN12cUvx_!?@1(H@;o(hQ|U{dB(K2sL{k`?JT2_Q#Ivo*z2AyPRbS_MZKzytKJI%R+EWFYG%Gacd5W37{pP4N`e$5h?)7D5@X+ zRLuo*PSP=y2D2nQ)4?`rg~E{a0a5^_bffO(0N_f23D70KKA<^c9=b6;wRVa)Syg)% z;w`Da_!g2r{lXF#*w$&(ld3xR7vRT3Uyp-w z&p7nfgOy^TInE`FsB;f0@8rJw+bka68^mG=TTjFZk55Z@Z#tdjJkk*jZh9iy?o!_# zp^x+n7DtkXw1W!JPG*CTkVJ8d>yZ7WWUZUg84?<(K>ck}^S!THW(;i7s(GOddVP#f zyt<=Jetx+&9wQV*9>{A0{^~!$gYdl56JGJjp9`+djzak?a?dL>)i?MHR$G|WJFH-T zD3Btt4!`ZRIUWJdK)hkwschIcmm@{kWFb*_0c|dV=)i}87Hkzfwo88|9^fQwJ-;-f zb+7#e_S5tLaj?tOG%N#mXF`Kt*6TDI7`PZP%4z&sGt;#(I9NNSUp=#46)0~P z+7=_xXB*s9Dd_8g55U)bV8rcisHL1j;f6`c`l&uc@lMM2D?0H=XVQ30r~%b}Cg(rD5Zxg|y7i8s0w;vHJ+yb0Y zanRjxQc=r>W+%ewR%9G;-l(jFe$Z#;8v8gcdZc6ep5)zzB)Pxp_@y`A3b^4?SJ&`s zm&SwIZ&A3pSW2w9L(af$zcxNs&(ggKAUXVkoz8dL#^1gA(NE~lO|%(CN4kE z_2H5|)LYjS^S|YQCGO|H7~d&60e7qNw#WDAOCU7Zn%+1xFt_X@kNe~97QD~Hk%k~V zZCKu1Z#uIp=1|qM4bxw;SpnbKeo0vx)V2^1wkhYMLcIvOdxxIsjSVMDkDMH%J|ixa z z3s89KIL52z=pw~M#AN3sl02%}{+des#xXzQ{6Q^-tKez~4F)D90>AoiLK*+IVhJ~f zse3II8K(myyl*>XL}1EhE73zFT_son$kogo@E6Qy{1n^Rh>59ZS~bo3%iMq!7?GK` znpuypb&aIXBVYD8O9R!Is@TJ9)wPqA)z3WTh_AGbt6A+!(2bRC@XntHb)4-|h%Xkh z-6`;Q*3^_MenB#D)TLxpy&P)v7xX($oJG_J1gsI;3CiS0LJIRYnae)qh~qG_MvXPC zCEtr0)wHwnA69(`JO^ATdqn)5SW;(Y8=tL{`mhPPg2CW6wi%2`z4s&q9<+}xO4-*_ zhL=o7fB^4H1?-CziuLC22E--nUthjUdQ@0kT3Y~@a&Esvk7N%@5h-yJ97()*9#|9< z$NM1rp^p4(eXNAt=RzHlC{s5TKyt26H}D>-4!Zb2yMNfVLT*O<)zCQ~L(<#CO3d=h zz8Xox#=hqy)-h~=C0r8N%R$)?E^D5=p~ETR<^4HkHF|)G<-Hi42~RnMF{0-teNy-R z?b%#WD*SDa)O#B7P7rWjfn}8&cAHB$W~94xizijtFWV(APZoB#TPlGHHk0Lu7+7$H zB#<}@mcebX*EeyKQ$BT~@6{}Gmi3P0fE<2XF(F<~(rRE{laWlxiM2L}6ZO3;(HSKw zw06f`^+lcj);_KuH2b(g6Z#Ve2hAfkcZ?BSu5+)x=_anfrA%&1j`vm6ilj)IW|%Vq z+Yu~l1A;NN773NST9%J5nT%_??vOQL<5QlPrf5hLGH{}Yf)5Hd{E~NgHs&I6P#Y!a z>c+xSa6U_)v&Q>W2~yY*vPOJPy5ZhaLCM(|MmWC(0B&F`z(rU+0Cs+ z#F$J^Jfr!d&uH{h36a#KvW99fH@nWX^u64*Yb#Pe zs|JG%-r|~<6vhp_e?dN6z66hy&;D>mK4GLXDc~=uM>Xyyft#oNeK~}tR=Br+)S4wY z`#ao{Qj4R>fJSJ2%T@52kzaFrr6z`udh%2@G@<#Un-AXh)}nP#-jrLr7^>-Y)wOH0 z)r#F_god-F&YN=N&P2KB)N)IaM&v;P6SA{R-G&rIoU2GskxF`KG?-j(WdxKw{i0Ti-Le8ACW8whZae+ySZz(kX`$h z2>2^dV=be7@%K7}xL1TB1+uN4V0z+={h27BW|OR@jdxN25?Z6vO%aQZjIA7A!*0Z! zX)h3*64ytma3p-=@7<@Hs2F(|?PQRjVRcaU#x`phVz5y|y%at8`x9@(;crej-o8;( zJl4+1s>_BYG2L+3u2X)pDqClV9L~jRL`_O6ws>TQBs6g7N4g!B`2?@U-2&;R0D^-@ zbr$P#nd#4}`ox(G1hjHgR=a^1ZcXa0h8dH#ES7zow5t4cXJYZb2imTkpn|-GJrh6f z^q;ohcw^l1(zC3F$CY2L^367Idzd5@-bfp|{ge5iT7(4z3&50S4b;#FbaOB7B+=Z)h< zKN_xpi}&A1>Qyvhe>M!oVK;8=)rUKDeUny^RRc>^1R*C4f-*(AbR%$xQ-mILIx_Vc*_J4!om6tQryp_haCHBBv-&DUIoP_@I@9xwU9cJ z)jQ51mb)O6GcXljh7RTG=nDO^^j~m%#xlGd8VVfUtxpxdjg?WRmrb4eRV%lARNf8!lAOsO)<50g zJIu^L8qiQOm9G|l)Hqn58ADc#&#G4OOwfh;z4uBtM$xQ9)g;&YcYk65y>}-64nsL zp^^wjw6c!zK`E6->qiFtXaN6NAEQt0S6f{p9vSzR36~npD;29*U-BOZyT);1;lZ4hrSskP9HT@#NtSQRqqBescn z#y47JA54JQMt*7a>U>3|A>O|SWWC}5$G>@q+t>E&-lYtcqg5{zUe&96$2NG`wF5&FVLA-$GWywh?PpwZ&rM4S z&b>gwou6;gsCwMD13WK)DVSMAv%mog6tRKwM@q;KPsiSW9kFfr^RL$lkm>`gZxiz7-V*mMAfms5C4NKhNZ#4cic!>n&vSy#DaM0&AU z)y|6Yur_ltsK6mH)9W&llHljx?4`?T(&haOG|Sk<|G@mJVhfhIbgFgrp|nwp9zT9} zZ#;n9%D0ULXOSKcJ)}fbZX15_av8|fY-jqWP^7$Cwq}-fHFb2#By2=z$T0!ZgPq?| z_jzrb@CK`!^TmQ?60coClTJl_Bn~Ey4O^?k@g`{QHkRo7ka#7v>Nh{{Y-soj$(<}g zQY5fw0$#8Qh1irrmpNJ>5+!R<>HblC?Qi>h0 zP_nF{4~q#3!4;89rcXimYOgbK2NTLrJa>qa%}EC?@OKpKtcCGmHm2c@wmu@@fUN)wyM2NkP@;&mo?0%7~LB@)Bhu8X)Jm|MdJTl7U~ zLAN#dLa(m?e+jlUkI{VmGIm{a@d}Fz_D${H6?un7Mh*u3op1+K6h!9rQ{}TsXD{k5?KqaeoK+*OJ5Phs zVxV$>y<4kaQkijT_7}`x+yY&OP0mHvI8L(=#;jyLNx;DMH7VYI*kR{M6~AG|_k+?=qrL9ZJy@}=s9ABzpzmFa z#GCKd44;Ss=*>d_WrGiIn}U(%G4j0w#rple!my&oy^1B~@!Bv&5wLQrhMig6+6L%=qB z{<}7%eIHMggU~}SSHcVaqO_I9&HJ5v+5s+l{)2N(`R4xK;l|benW!@{4L`J{$5tL2y~7E2v}aCSoQ#lQC*Y&6ILUsZ#l~$6zuzjq&rk3=!^ghk z%uZPq#{$AmLFKyn#VzJDb=t=p@wCQa+RQgb4o{;Z%N7Z&jHni*#!r&E(Q@%H832W3 z2BOy{?ERULMoe3ZScHju{k+R?#7^*M3KrzGl8pss-#v4&nnp{&n>k<3?b>nhoOv?4 zPZ@suqs7JN)8%-^qkK^`zTCz3Se4(@%Y~q70lECr`&fzivRU=fUJlSRbjLMeM-}_b zVz5_5+Z@2(1oBfg77A(|CL@oIil6Abit2tN31%Nr;R+t&o2& zObnQ!{M$}s(|MkUcHmuLocU{PZfO;9qnw8_i8w)h3Y?qXGDvD?T;KLBBbk7XzIMxc z$EsKWwnzsj3svNtpSjDzoIYCB{u|_DQ6vFfKWI@MswXp6_>5=s*)?PlGdm zUmVT&-@&hGvn|t~o6_|^`0t6I|5q{a|6%20d-S34Y0KxPi9}v*QSPx6(m#EqyOH?z znVNCv=GK-At55&$cTvByue7$W8F+ezr~Hu+9o=nNIk^Y-^WoRN&S28gqmglLqARkKMgG0uLVaheo3x@bl~0+uJ+v|I?p!NPiAgy_K&u4TO|OD2n}T zktZ=-y6L>s{{@JzE|KgTA6MU66z->t2*(!{)k^+H+2-k~4fPNur$Y7*MU6#bV&Xl> zRMWd6Lq&Z9bSepY?}|hfo$T6Z+b#wS}|yk$zWj}vly>+H*$6k--F?0x(Kxy za_Tinx-RM4lH+ zI?3-;><;zv*hxUB8?emZEWrm!Fs^P=C@+U{16eY5Vx$;M)o##lCRlm*^vG%` zu7v{-VL8LLe*pS-_wVgRA1lF?7$iO;iHjAJDmnDwfWg%>Z;ZqO4pj%!$LE0t)<$TR(Y@QDMOvJkcEP>%Z; zcFt1F0(FKX-tWG4nD}PT!PHX_CCfWSO+B^L@lNsaWlW01t0xQl{O`|!Hdk1QR<`fJ zCDTO0OQD_4xg$6R8HYR0ET#n9(g}X?M^jE5y;`^LiB*QB;^mi05lYfvorJ8cBAoJJ zc5g;w$H2gk9(Z`zxfoVh_D|vcrB*)53RoA^2}U?u6gJ*fk1|oO!hX#8IANapz-L^3 z|Mk2yKHbG(_HLWvAG7;C<6{|`NF+4I#@yh-B?_nYq!Ud8fZO2_!y}$Pebejz3+>`SaQfJjD=|VclbxC{0tHpBU*yw!$lJD8`7Ct!M9hDck zNETOX31uAm)=a>OWY=$AoAvp{5mY?;t)6YTu;k+DbIzN|Ux1}n%#i0^>*Vt3ytWhT zYmPV%JFi5}WiPpQJ5%g{L1U2LkSxfcmE{0lA&ULwjqN0ve}M6<8T1`j_U4926l14 zJs8~2h_N|C(rNS+1FM1|O73iTyNF77$=+}PzWig+rY0Wv(uZtqUu}CF&L;2jAs0i- z8LbUFh&V|P%oM7MTE4s%9zm)AZMluDevsqX%CGV3)_OT}75uz96+axH*yjAJf4Zpp zPi8%x;o|#SfUe$ML|s1BpW6%UI!zCuhmiVGIs2!}#P-CAA4T!tzX=&E)5p6!E9;hT$|b z0&|*&7J#p43&Ua+8uMz&yuf6!dedegg!uJr6&CfHp6gIzwriQVkWjjt43FsB z(qF9Dl5BLpH0~S5$Oc*VR;8DJV87_l`fIVPl;(|Lb7PF1n|KO8JuU$JMTeBRRwNAh zYGepPMH74*pNXsaeFZa6%74lOh8$iPexPtf9~Q_xa9J|fCK^)!QHVjtA#aVf2;Ya} z^(JpM<7x$XMYJpr3rix?>i6s%-{=||h1s&XDuaJ`s|I8`(cIz?I35QS%zb>AO$pQx zP%BhcBmBpMWZy|Y@pC~zN5CQ87wl38uNMsarqBruerp9r%7LZ1xkRpBlLz`wy)v8d zz9xvtLuOo6soXAv_{tJC2*$X_%RdA4)YZsU?#rUk4(MxfRHybM2jEm~<3Y?(Sw@Mr zQ9$)$b?Ra9n$)UP&DzN7`$Xam)?(g`v}$EUuAgd@($Sii>!TWOxtZc-TV8&NV0a>m z2KVLTahi$|7T7#_WRYt~*2Yw!+T6kt(MKgUrnQb8rCNSxWed~y$+QW>*}D0Q#9>qI z9W-2Yn9I;ukJA2tkuBTuhc-*2qGfNQ`xK;TxhQFBkO;k?sflo4{1}rbS<)Cu4WhnR zI+lDAzEOequSN#=tq%;`*XsL#Cr#D&J>RoG$}X^i*CMBKUa)XPn5gM|nSd{TF3+;` zR|m~pXGY7bX+Ncv#4YN-=wE~xut;*zc$tm}Y8C9S!;4*i? z@pk&88LC}IEp-zJuVo&z{d70=7cnokSsFi5>=zhXDZazcQ`OKpbIC|QxzN=LUTN9) z3)(n$OYSizVXIn%`Wepmi=TYOwOS=7Xw0TMr2TO;=hfT^AH*_>TbS%pJ$uSeb(=9B zswSx@*1M2dy!1sc%oc!G>T*s}l2|k7_Ftq?^$}7SkeiumabG{3J$w(*JYnY?>8jb; zW#XkD>XrPM<8MQH%pmfKi?yOcer|rbfRU`L3{gEk3Q5S!EKE-yVi2_Nnt+K;9wb@5 zIlO+zoW#4Q2K?2NR&DJ~Zx;KGdbC;DZBSxhMTzCIGn11msUEeo49Zb^_j>-mtATl8 z?cLmS&K;vEsRN?VdcETFs_f|t->=LnD&#Y6Qh>QF7fA8W3$LhKBolX1H=KW=A*TyO z6(~)WQNh5J+ZNu~9t)qrP4?*7WD2OAg2jX(lF~0;Lpq{UY#xkVMO4rBrGXH^`T>O; zPs5hGSg%XwL)884TLpOe)!UiO<~bq~5}}*xrhA&QpPdRBc*YZwjRg>iiPW8!pJUT5 ze)V(KEePO<($X)FLqAoCO8Cmb(|QtYI-01eGL4LCEeJFqJ-w(gZT`kGu!DPi0W_?o zd!A(&W9evPSYclp?2DcSiy;?cwC=L0oKkx3LzPBb#^QXa=qwjoX}GvUX}DC%cVN!rgc3w+b23Tm&*AOLIuGnZ!=z8!2E5?PhXdhGw#IsV_f zGbMv9;hLS5+tl@!I~tdK$o2*}gvw_Ceouec-#YtIpt8!q z0F0E%?8W3)dKn#N24-H2_46)49nqtq7Vg1Fi!k!x34pk7;Yo%!xYV&efW>(wWNoV+ z&J0EnznNM~K_43lt&wJ9r-mI#Osr?+N^Qpr zBaW$40sbWwlb)JRs2wXlj z!0gsye1pbG^a!)`r)r?qF+q|HWcULu(a&+!%cFWq{%MqjEm2a&F{((^*j3*FI`e9n z)~{k|wD5d6`-Y`Mr4G?w7aP!XrmKTLuF`L5c6KegHhQOx*4CGRw@-v6Ld$1Npv8Wc zR=GTVs6s1n6Ar1a3%>V{@KIYgIvxnf!D^@cEtHSeQF4B(xq{_&YLRYegP|f!q8Zrl zaP81<8#iL*)bV+GILA##kjKndiHrkvoc~xq&J`~YQ3cKw_ioCimK`SAe4H6^-m&rX zdD!&<5OO(YGdewA(5=BV?x!$GRX}#3c;R16bD1$HVwI&(ps!Ka^ErA|D+$#2gY5=T zaGB%bt2~jE^3DOD^WU)=l=fTKR!hq2qKkq%%*PU6@g$yuk?K}!!uAvQqod<>>s`TQ z%3Aiu$kCInP(QIS&&s5tw5k=&$Y_({46DTp5!L6!qo}c5w>gFNO7a>5n_NalfB0nwAU%)iRIM!Q$F6A=L?w4xM z@9Mz+rJdu*{HFzVYNX}vMIzrX%y0pDGAq% z(4EryC)12L+w_8Jk<-*<9+1_C^1;BbXxFuH0(Ui``&1Ke^eG|%4sX(8az4D-O##K&Tj!kS;pmCeZEt3K z==4diFsmW7LBNl8bKeOX+U5Pc#5adH2Kq*!90vG(t@32F&(!G}Ls~*&3|~+)tkatC zhRL7v1J^t#L}kM>!tLZ0QJ(U_cB@~2FnidlWTFB(7s%^dvuWIznK2*lkoF0mTVwl* zFWFa`&$k9OXJ{W*&DU*|(V$-Hj($hH$x^ZqPGVV`0AR}6VelhXxzDyu&5O4g*sPnH zt+SDaUbEW%D9&)eA?zas#4%g~nLHYvMqi0#}ol^KInbvKn zrt_d0fyOlacIgyx=-vyrF*6E9z0_w^|F)!&?+-m9Avl}DktZj|z5_^6;Ka-VVy8V1 z0!(p$wbwj6HwCk4bXAs#Tfp2o2CF5~t8ss$#H4t>*iS)3P`ZlpEJwgOJ3--gGcNlY zkU2>HL3^D^^sFk?0PWPR6d+jV6jF2ZL&u_YBOg%tWVRWHg^f`U15`U|58ehH%z?>O ztKU*V}^5rO8Zu(I1K&XOQc2l;?ieW^uUu$@&H8F;=Z8128PRtPzhz@EhvDG()4%NICZv;WN|4?e@yjzYnPa^ zZ=ilty>a8E|Au6OxQXl?GVb92?3<>;hW=L~rBn6)l41G(ae__Zv!0t!OblbqKQjm& zT^vu4b@)AO*uTgn)CvqJFL&GA*!+@F|0k!3j?UWV!gD)2`v=O(eTjPX3|#+}km>ZG z=ga>QLHb{r(?4j*+=4JSJAY3e%vpEEbds6Xl(nm`uj=n@%Wor78ymv_HQNapoVqBs zkj+i6f}$dRKEClDS#gE#zj{&P{#5+`3zwO{;o#(CzBXulL1V+=?=IFQfBc9vdHVBI zLi~D9=_3yhkCz@E#njbkad7YDKCyS;wHKKvseb{rB_8)c^Ch93hhN_O+uUCM7`z^G zTW!{+{szNX{0=ax-#af zEiW(MjYHO_O4NUAK4)rdTz+t1&T`{Ms_f00u93MH8$#D*l!>&JgwE!_CHyv^?n=n5 z8;RhWba^^+r~fFQ;&JEPBLVY{MaJJVs<;1x10?`|{WB=&9_Rg!6aU_r@6hlB>r;4q z!f{}Zv6c$}qsH0SNH+oi%y3ezJXq=9{o6eR{?lCA{=R8&rZ7D{J@NuWoJE1Z;I(Tr zMz3C3mmf+E4(emDAK{ylvIaiT#0%LrxScVQ|0TN@D7(<7Pw`9Z)869kg(WD|=`-)Q zDP5w~L5e>vrzcdj*8;YLy1KiN?#Gj}^Sw9TMO|l8zumI=q6&rgTi4gnFPouq-iW=j0r7i6 z>G-z0o_D;A2e}PaRN4m2CoIDKZww5ak#t#l4n5lQI&83yOEF7}Ne$dG_wf`r5!Be9 zeu6rR!-A=bZ0xDIYh1yq%AijoXh^c1TU-;i!ktN$^T62bYndqMHXnDItJ zmPre~%s#XGZ>?tANO<3#4JEnN90jg^bSzUA>`4zQX^YNqD$lTHbt7^g2R@^p*-4Xi zEWdM_wIwv>Yeq&!^WmzX1?u-Xe+Vtv3|O;YWVG*327<{e8KlQ*Ym-p8Rddi`v`NC3 zFCxLm#tkzOCx7msVNmtVNcmtr1KC@I%gu7=V=Z_%;>E&}&{3XJwGug0y;qgAJ-_<8 zs-N{DG3Up-kNAD9vY2Gk$F>`d7wld=Q>6?Qf3Za##4%MvY2gpNF)r_-KA&+XrRW0X z=uPVD=1RY_4J*igw}zk=3qvo)fcN7Z(60Lr{5diWSBQUCl=tnR^U0yYdWMJdjpVVyKs}a z*r=2aWa;Bo8N2kU0^6gdf@o0H10Z&$_RMKQeS(~3&i(0U+2)WY+=rkP-_eViDW^;*tLY}^4&Ir#`2TqVH+ z`>1JgS2BobNZHUBC{#2ZcI8WM*O(|Myecl?KXIPoHu7|Sc_C;50{R*C2xvwvr5eL> z9oI@yA3c2R|A=Pf6Dyffns;zd4Ya*m!6sRTZb2`E7R#m&FVdgLH ztQ%duvW>y!r2U{`9YPE@eEj(E8}I+a-Frqg*|puGmPb(#cu)c9Dk9RQH)$eWdM5+~ zq!W5TI*NeOl_tHngd`w@5+JB3NN<7A0@5M$5=tPjqtE-k`}@ur=ZrnZK4bql_mBKZ zyVqLRz1FqnoY!2n>X=09(|pkT5*Ic(CBqYm;d*O#1GEDkZMtdP`iAW45O@61r*iUW z?Y4fcCI{&`_TKME{}S0fG=F#aG|nUA)}9;TeN3G^3!rtDQFM79<+obu(3?5Zc)Gf< zyqr}bYHDQk63Fkp=bf6I3|uqNM;92OA38$d{qCp1B>SxwLPA0w8`Esiqod1RLO)IY z>bRr~N#3>Pbpbl4@~!Oz8PuXmNNazOOj_C72y8$<~};*XO?UfmKEKq^~oXLadlhTbvdrSczE{hjk9v!kP03^n##$=<%hcl!m2 zz1aHi*KzE7zPP_QK!JD{Ipmxv2-mEcR~7^Tlt+AS?bOHQq*v&=(l!Pi>KW-(n7B^~ zN!Mcs_&f%wMN6Gt8hz5F1z}%T8rV6`W(F*`WZpF5KP-@3!Lu(~WDM*23+2M|ZE2|i zo)Lj*VHMPAiWO=p4noZ;>Drn3@}LBsfMt1ee;cphNp-MyoT>iGv&h9Tt$)^9GAX*E zsA{woI+_QjevYX>T@`zFx5)67BXXCv>R|JZXyBW`Lp)TF?n4Eot*pob6Wit+;)fi`xuOt10<+EHzsa9w9CLYMIrcTVL33B9%5gH#$#j@ zRXR^nvt9dM8zhw$YbxD9=2fmO(WH5t34-Fa4L&$J64(X+@~c_3eDj|cW&oT;Z6goG z)MXl!Wog)r+GmSomS)Rd)IZsXm&?cOKV$1T+IX1Mu{CoXdSKC8JGR{Z`tk`3rxtjy z0$RfKh|KywecFuj-EdgS&NbZryEm^se@MiNZmBMl%c+~TdNjKFxN`;{%^|_3k-&Th zbloBtwmd`p{`16yZ#r0eZ3s|48IE3BmnScE3#?MZ8w*x1j0r> zb9ks&9442DPtvL@v5nvcO-x`xWCr5(O}qLGrc`5pc>7kv7}A0;o)tJ7A>_79+zc#{ ziYgB&-Z0LgI5gJVkqFt{6@iJ>Ax?jhr%e1^?#U&pX_I;RPMMDt0qIuvbZK?hyvI-Z zQnRw4y=0MPf7g|Ve)TjAfqX90xXhdGYeN+rxr4yNCq-KzSMKYB^ogf{*sI6*?P-|I ziu}`9_8`j|n4E3P?IB?UeNp$}^@HBZl0_!S_B(VYcs|(pWoH0{J@5dLIa**zVRv&; zctw}EJj0l|Rqcd3`_7q(?Zu6SWm-IM0Tcl&{&5=!pP}nkCcb$(nSxndv>(kw@^}nf z-0W}Nwcs_H^y?P=x|JRVVN+8Uo7???vKs`U0w<)vRKDW%0JB`(gCqc+S0H3KSpIl) zm?-#_+zm8oW#(OTzjSrikhun**n)LvqEZKymehZ;4h~9(7wYOEE%vE zJ6%(Soi0(uv&rh??gxEp9Ep9m0!d2JD=Etpd~*y~c@V}SyO@e9pZPV*>;^>rTs8Z^ z8hi=U&RBogXycsLN!!ro* zXen)Oe$t!Os<ua1`6p2HaS=GVo=}t)=5cFA- z{kbmwH9*18z-Q9xPagGUE85;YrX>iZn}H?bVCD|V_#LYIC+=@>gOIlgb%()^Z&5$ zziaNo)`H~6$YWYQu*&Cgl+2Mc`LXG5y#c<4_`uEqN#jeLTj+WtkI)8-PKOHA?)IirsoTUcQT;fegL{0Mjs;O9(1vMoef!js#(Arh z=zEMW*O^6k;f|Vf182Ef8rLtwrcxgIyp(IRDtVdGg|vTX@kyEi)^-VeP$VNEm?k`t z8**ShT4LK=Hv{XNCs#sy;oUSGxt$0>VZ$5!XZdb3?#y~XwXy>$Ft+gh?#xNlS?J72 zrYr%xAtE_4GHY3+ZHUGi(&AtgmEE?ufR3l6H7y>A-UdftrYWjJrW?z;^V?zW!iCdN z-woypL7-dzu3*L!WgmxL1bB5CmX17)>=JohZ?BU?DF7h4oSpKChglJ{5V_(Zy_lC7 z#X-}o)NUYn7R{En37mDLN9G$Qw1iEX&}gfuNF`0bz%y(~(U-bMSSK`7i13HvK5OKK zoK=f|qGNXtc>qmHlE@UcOBg+EwwMV$NfqC+bY5C_Ej@7A=raoNWiQhQf$WB*iE67K z*R}>XhM`+Z-ZJows~j_lTFXp$mit^A7DDs>A9@q=kbE81vm`(_k4@|->x^E_t>w(J zLfiQ})38Nbpuh35m)wGf_N3d`oua9<7IDzTi%5#Um^v~L?`PquZ`c}sje*HVM3QS! zYf+DWDtnVX$Xp!>$);X~2X1w@)eZe}y(Al0B(oy3va&N5)&>yJT4(EoOG^j(q+n|$z)m2nK*slx zxlqe#W#dCvz4@IEj?tp9psES`-hPElF4v@NfhLAoysS&M%&W1hAH8>03%qWjI-Bll z1XXhSvtimBj2fe8v7cg=V_tKLeU7acu?sVS6%9?wcEW6RtbSb@eMFvOChI`eS49Og zMB13Ev&CI=Lu*f;p69McL4O!zYVE!f;K06XvZ;|~6ZRxe6|5tV zjUa9|3GljzYSc5Gv@UO|Fwed^dgVb2ZJ0(B6paAO&%M-lNu6Um?|<_>7O{&ZMo?K&wJR^73{^EoSUs z|9cye@V%J-pZR`&IMdi=gjY}K$w{VFzz%F!Fiqqv^o;05Xbjegnwgde`MmDR)wn-Y zo3&XjC)(`(86~DQn#d9I>WR8dh&+>P*|ojn1<+p6V(xy)*`fU#^TMlZVMC)uHq3_| z6yWX@PtjWqkADlnFcKl5EpPvdbn>?hp@2#kXlFeptPBE#$u%{urkt4`FO&ej?ho#w{TY3M~HPjTR@bvP6O)QqJ zSqfyX6oSKo%%Q#fV`fW^?{#IGuCwJNxQWljF?nikgtLaXnT!i;5CgLpJDaMs6zMxHy*5^%eY@r8*h(LJnRL5ws8# zxVwjoWg%<4$_8(#@ixDN;r`GuKI>+b!puaqsOQwZk# zhMuVurhs#Tx;(CVDmmkN=9bPB%CT`k-fBt>re2O>seU|Qc&auh%=-B$bE$o(s?&;STD|*KCPtxG|m6iN~fyX6|tP*6q*?+Dtk>&EQ<9rlqjRFE%$hh?=7E{ki z@$YvV@^enunWp6@*y_72p?NeLvb=JlZI(@X(olOR*8u#xo3zEN89$ejlFF>WH_9|Un!gcbOvWtq zlx!B+Z!i`r5^^4!-WLm2Exx^%fR0BlN+Fpb$5agX7(Vzw zu@aE}WqR?a5OZFn+l{OO6-nKX)~}&gXFSsx`k0}9+J4SHPm@XoLKW*R11j1N+)L&f z2ot6it~G{PUMM_K!RhOpRptpEGr!JB&A4fO!N|B1X z+D%Kes7(k|hs1yF!i8;FJp%)`QWv$vxV^L z;`LTgzdBQOIgb&A^T7B(nRaJ_>5OZlp*4_@9_FOfD_8VqXuwOA@>J&)O%4ZoWYyMk z?Un?O=!-X-fh$+RB3e=^ICv}0>-_}d)`0&EOyB#9B~Dz{B4@HbEgJdkEj(aF9(Xg; zkmRUD?xWZnujBR}t%m8Y#eO$o4p_W&g>3w{P&w$>ojX|M{{)Vm215L;g3YYA{7qgV z=o~J_+HM3NN|5%b?M}irN6Jn@=q>kCHv{nYEqj|c<+euy>Hk6+79%TbO0}7I6LS!& zb^;b}By{zXt91hqV^dN@Qe_`$JHK?7RYf)^a=} zlsXak**yb0(F1+Jt)URsYOHpmjmb8rB6OUb7k+*H(N2`HCS0YOGO_=?LHUqfd!k*3 zFDC8YB0Vz~?=vV+@s>TkIF_qsiRq-4KVs3u;I7*FW3Z^!pHA;HDj4#w#0Yi1W|pwe zg_|9Pvu88$_)B+>Pv8n;-&jcKf2-3?aS-tMP>!hkk>wnFhfUqf;7}`XID!f>+7POw zc@|LOS8TnaEI?+cvY9S1Ed$nl0z(KkR}#@GH9DJVgL@WoJ6p?ym63UjcynaT;dx<5 zbT7#9yB1vVV{F*lZ*98#XIwiI)m!I_of4KU+ zHnOgt3>-qPa(TyS_N1u9S)qce(@s4VX+RV%o8PzsXG_Y!+P9U-Eensm^*T=V#e9v> zO2@ii=Bt2bsZ>LJsMa?%^22#>V0qB_Zc=W*yeOA(CM*2xfLB17_Z<*Iaqiu}vsm4# zP)TvV6*gg)_D9~GT~WY1)~ye)Mq5fw+XpWNy1btrch5mj)@r|ZHX!@@F1}nci@L~8 z$L><9ov=EwOSD5BCQ|txBV+e}%#Jckhc-9TkynDbr+16=%@FA`M;cdvoVN{DwWP)) zBR{I~MK(>2;))nu)L8(;o>NF-*f=7Mgcwc5fn>ohqB`}YJ+_w5PUYY~X_==4rEl$+ z%CyqOI>kuCPY&Aauv?-p)<<`@Y!?RhG;txv>R=D7avMD4S@Jjj`M7CUO3!2XeOXc=>4$Z{;*2_nKQF~ z;8L;j`=xf#l-m8gK<9{-sHvSOa2`S-Fh^zyG2nB4Jk9?nillt<@U0vhM%}`?c<{U^ zwn<2#Qa*AAGR4gaI&KR*ZIkm(L>tsk5!AE~tr3p$P%*W3RM=Vx!e@j)Th|ZTl5bT9 z?zLjqJVI?4$RW_sF!t}FiMct4QV4daERu$G3_3U0H6J$GH#n$NP++6kF9p@OFQ~qG zk!@l5)wA~$WbeDVkh<((dgg_SkF_|NSGH9qzvD?!S!%;k(6O;eOIn(HsdGE$FpTJb z{z?wL%>xqKi_?vubXyjRUVp~+qR`{_RA{J|k|Ow^v(ZAc%*W*8b*_$#E=W0hKJT*r$35*B=#_M*LM24@F1HomhXr4;AWbF;@Yp>f#q@&(HqeF1kl zr5-)o**P(?w6tBq#1|DskhyK%dpy%Ue}enh6e_r9*nyHU3)|ZKx$F4q?`IStWE#X_9gUhr)qHE2c;;Hj=_JF3xM~vSLwX6%4AtfUh1z}cYZW$XJuNAE zhO-U08wGd`b-SW)t{PG z%7{}fPJgm)qtrs_Henhk@lVb#mNJvd}{=t~{2~inafx@Sqb&)nhLH=0< zXVVmfGdyWYLiyKSZMJnpEyr1zcxN5|a#bg4CrtrQTw8K_iPanDB0(A|4JO+Ue87iu ztCYM4162xB2$kdr;{_2_Q|h(5)>{meE5dqma`VVQM@e#M2;gBx;O0{g)I7?Z`B!p@ zwM44x$~QINeh}8B{oSUwhGh}Rc?rE(S#=M)+O9BF?25=PvEgQGYTKvq?O3?LCb$lT zZdz7G4!1)h0EH56y81uZ7wAgHsXPV=R17YgV_)$LIdB*t+4!Y<-HnpzOnM z+)FGPtLJhn8bQJBf}@v3+kBk}CMAIGi3yh!LTD9oqjUN9M#*vog=BFo#TS6{qnWDL5^SwB@f+xITTBfwl(jFkR)o4Xu2iV^G(@H#@LHb_FSSZOjCXH+>^d8gmL? zpXX?8W=hwjPP{Bz8_)CZZNAlx8`ABM_cZER4%%NRwZpTr6?db=2O+5$n!?>;@8om# zSJ}Q&j&mRqU0E~o1$C_R@KVL0?xhzlFkU8ST1tU|nc!;`wY9g`KD!?3gq+|^HFb1` zs_pDGwUCS458BtVJX(hel)>j(*nnMeRDo$4`fO6xVpUX8lz76s5wYd_B*n}7E+<~6 zWqaH0iv3xk2Xe!ZWQ;N zhZM=R!y_E!D#9#hIv%xZLM1lq*n(7xcjW;Uxb~S;n|b%49(2p?5m?2+S*?keJxI)R z>H(PV%!JQ>i7AzhY=B8pNxmeCJe%aG<-}Rh&BHNc41oR4D5LpneKA)1Z_b`f=<=+Y z+*vj%^fO$7hUv*3Gn`i@hU$oP9l5p_Ay!8p$^L*H>txZ69|+6d*Uf{)7*||1TcaN- ziMC*$F5aqJA2{okHQu22%FS=23a&j_ltiKp@_#jil8I{d`L>Rteit8fhUq;yD}f?M zo-T3y^AnevZ`_uM>oBU?)21AUfrpl+{3sQmsKQ{Y!0QUp2KSSA1+z9p^YfN05=3_t zFwtQPaX;F7*$4s_($+0hY*i{aryR1kAibg08~dQ-dGTlIKo`r_c#d(r>?yB6?tn5# zj&gs4ktNlm_WZl+=HTC?;^jo_?*+7>Dn~GBc97?poumKgFB{lMqqZUa0|&mn^6Go# zsaJjd4f@hz6r++Ss5gptYQACW6A>0Ei%wf#Z*sPlsNyi%gRrchHP&kJ?`uunon%#_ zo4UqJGA0hUliGAEC{a%==9{F;%R^*=BEsq*ASJTsi`G1RrO>ABbOhC@zoGf4mQ{V% zr65#P#&v4!ZvuXktD~8fi>>Yy?9R^jMMp=UP3-H~v~<<;PT@x0sulwQqAzB_ob9%p zlp>o&8Xwoe_qtnPLb|m^ZAZ?gNe~lUqX9 zjT32lQyBB?o2og<|wF}iPcm}SsK>@6r5 zoPD*-DuHW)!8Cu$0&mDh&Ko_wY@8})=pEw|@cba_lEwBJp9*XDfzWg-X8Fd_imV** zp!RD4?qN!jQzymKW<*GCqvHp8%^O2w=7zl@60$RmPh;~=6Q^G-^TB{8@aeG}E_yC! z*iI(xXzr1GM?tFp+9nqQAD_O3iB+KI9pg0V$Jvb^hV8FdlMh~4uEX2?KW2m)xEdK*Pt^e5SR=Vp# zPIn@$eJhu_Ec7ZmyxJ4PM!>X8gjdHQFws37;pUpBqPEC;eU=L5Rfrw#1N}wQ?|(zo z2m6YjHwGM83~zYmdz`;LZMIKF z;5AD)jK(axiYCtb?y`H1*dfvL%BL(os@6(`V9vCGyP9{Z1;$c8{SccvpB*QVuzUT$ zX!0H#JsSpN(!iX1F_#iQsHz;HnPR*SNiamY4))Gc3h)?c_y~dXaK?s}Vf$oJ);BBW zVX|>LMdG9G5mP(&l?vg4G|*CYR2}wmR<~-vjja->5Usvq!0V4R z?8#e6?iQZFd~nuNS*KBO&Is49PoHVhczgpL36y&&t%)F?UV>Yk<#zYUwDj9_x zG)cUmpvIX4$)VV|Ez(R*jgp@__zr!6A84LnV1WtHW0P=m9NSu%Mxf zmneaW0nW`h>eXCIe!f-*`!Y9k5W4ajH4ZQ>eoVEZhujp->F|q5=Hyq6E1lBB!Oztp zvMr}&3C!4Ly{tLP#Sw1H^Okxf0X(ud(BkhqY)zDUBrgcq=>_0D{12q85Rm5mdWFNs zT@r>aZ(!@zn|L@yPd|2^;b1h&6qyock~&?fLWT!|$c&w$-*d=3BuQsT1g`52yAnFHs372tz z^NF_(CFvUY4e^GwAoVVDGj{-w^4U+ioscG?(#GsWaYal zmR}rRohiNbP$2XdPw$q?=|xPBN^aT)-MwAc&(^J>2CMf%zI70hyPn!~poQdg&ZbRz zf^|LX~Ai}Cqzpp1nE(Vi)ye>8`C4 zEmG4QmKau5nR5(|J$8xsNa9=4skjy#0`rGnhhwHCX7K4bjg%W=Lt};wf%P8n29D{` z&B_)`v^FjjIkM@`cCI0&%6Db)CxcK72Bjq?x@4QFjj45SE|6dDkel_u9}vBi(8IB)q>DMsOc z#lL3rD`fx6#g<*#`R4O2N04T1vTnWr^M{szMEQV#WGjh;YTH#+QY}>7y#W0=__mY6 z14Sk6&$UbM!Ni#%?ZAT{V)U%%1Li@bI9gr{zZu=Y9fcpzag6=)mJ|6W8DA&c9+W3id)gPvO-zn zPwY4Cf(Rb^z{O(_3cr(w{H2igIr{e6m?ep5b}(#$rS;aw zc>%Xv2pSJ`#Ss= zxlWKFx^Ey`&EuX#%ag*hlhd05tXKe@KuoRwhPw|uQf4;`a$*%?dfvFKNgd-P)X@e& zZoDWd=y-x#D752+?Xt=NR8rfeD7QV6SzAU*4M?2#EmP@k6_E(U2p$W$iN;6r2Yfy) z%w80!4~33RWQ+V8Wa`}E&Fe89S;6J0EPI&JlV`_FC+t{0#gov`?ujc$m2kk62&opU z4J6X0XP3FYNVf$MH%Tr*&oLz+^!R735>S&%@yy?mC)`f`QF->k)A}cygZP1aX6`## z1Qn#59(kDwpUHCAUAt5HJ~0jh)QukmDQ5xXPghey>FET${U4t}wr-U)nxB+p5>+LO)_qU+&o->tj}&-NNz)CX$KSy zVR-N++j*$@)9!`2Tr|`H5g{yg@N_xjo_@X3N!*3uufj!)WfJX{;4B!S z9iqgbQb^&`Vur8GIHifBy-<>iyF>!yiD|;~SL2A16_)*6cY> zBz$hFF5)qe(V=Wi{De<#zkWY|1;RH~<2%Eq@N;XaH;@O}$bg$R#F}5aHB;uis1&4a zCZ@jQK{G1rL!zHvFGs@4fPr&TTJCGbYcl2s>6JnfOWm9@1}xJ|aPpyl!zsT?HQ}?O zKCv%2fT5%p8=-b@Kjun>~R zCr!{IFdRPunq^qRlugF6Ke?Q01nbQx1Q(w9GZDgm9vx>R50%-FTSYYT6t!#IJ}oj? zVFL+q7pQZ^2`TI%eQnFmFBI$Q;PQ0W%n7}L_Q+LObz3w9YMLzpFJCeDmcRf)&8ppR4btrajp^M-xpb{x z2w;7Z-)}`!IVZNgmN^fR-;PnIb_c+7^4vy-T0;sF>lv~D#g(j_8?%)XOQ_~d09wt# zaE4q&s*@;S6%ZV-)EeDG?bxN!auu1R7W#p*8Bl&0uGzxa*XSmI%jL!%$XiH#1(2Z& zqMvz-JYk}_Mu|=EWb;Vmmo>L4+oSio7|u1V+rpod*`=mQ9lFYslE&+qIe|6^ujYtV z)M3qy5^)dsieTDCCyKP>F>;cijq*6ATdb!YnDN*wq-#&>*pl_irb&m5a#Y&sYjmfb z7W+w7j!c=(ArH!%mMmvf`uA%=&_c(zxy^N{JI9Ze{N<{xLL9zlS^pGWe*$?v-d$u+ z$(ye-vSt_(LiPYk^0G2ROW$N=g}{L*b4D`gNyd`^|HA8*JTkJ2Np1vJ!{SeQR#-T$ zIyDVT7)~&VBxKv3^7wp?4?Hhx*=6xfhHp5tBo9fueLkyQFl-4qR9_=Hi~A&-66{Py zl+q|;9`u_4U&?-tzAD68D=B$%*^PUa)i1J?Akj2!@m*lpR5$_e^P>pm z_tFErE^H#HAOc`ZNCexPRX<%zP<83rNTzqd#YYDM4}=6l&aVhmC9nV_LoeUIoy1x+ zQbsb`u1RaIGHCoDxzeZxAN_K-Xo>wRv(%oxTuoIgtL^k~cWMOpn!<2YZ5{LDnwm^g zrnA*`IAE3=TH9Mu<3Q_LhCy<;q-KQ0$RK+eC(!-Mawq(&|8U~fhpSi* zTUg1T8B(^)L3?Du={1d;=IFGgWc-@m&dc)$=FzFyqef>r!A5?MwVP2C8uG$7}q1SoTs`s z&TG6J>nL%6^7GRd;FX*C1$%&;6_D3ef~z|FWf@ne;+zA-kqVz(al$PbsOe(B&Hid@ zh36xx(Mzbpye#kfk`*4&)`ErN#g$dY!>FjV<5B6!w2#TJ7Mz{8v zL}mUYOO^eq#*TbvjC$pI!{0(%va?cnz0_jl#|$cI$abbj*PpRWC!a-({KTXf3L`7Wtp%wIFPO= zi0`gP5&FERr+gvVm?ahKkndnDTCD#qjAQU4SX+D-Ow2WuI!|q z{z>i-Sr_Ou={Wq-rC^<&AX}OFH3$78G#WS6Gv*OhXYr68p^-CDs@E;q-t_~f-V~o# zSD8AIvBJOHBVb`X{C$}mgI~6K>b8>C{I*btOjQPumxp) zZV35IQuf^wRSnssP6lj}4Vo?Ji*(VwsfLH1z0ER~bkaOA-JLYHV!D)H+Dxe3_wnU+RFf0n#KTeS8d#LW~)GVQMWN^GhIE$+S&5cT(u zxlBPAOuLEX;IL2Ofb~iqt*o@aYT0h77T8Qe3m=T1?|zMGQg}ubR^n(EAFNut%Cm}7 z3alvdElkv|+YGhI8>A=x6bNuwef zTyA^zZg~5e`#pu|ryJ8JlYM$l(mGU&&K^%gqQ$+9JsH*L-TDniRw?5GRZ*SpYc`Xt z3|1SygousBDwoLIlP?xu@RlQ6mI0)0K#!5}6#&6-8dvjy5h0Ca(jsaEc`JC(iClC>~9%iZ?F?SH^p3!jqFZ~B#V>&Va~b- zG~})1KZ|15y1YM<3vfr-sT6U(!_-=5a5@!^wY87%VUg;O`CDkK4#&?1^=D+IGT-T9Qg&&MSH}X|D)jIAC!~Eu9`dsl zZe56<@#Wol|2T4?v!x}Obh|8-p53;za-dQ(!u=C?&>rY)6XO?pN=sVYuwFGM_vMBB z>1!{?Uinh$pDTq@?z%y~?fZg&)oK9U9wkx}xfaLk9@*uNk?~)oDTeNKTrA`3xc10D z|M0J)X2NA;EP6aU7>kC1{!IpC3Nc=SB0QG%U#^3Ar{T@S>kgJL`LUDUIM+GP6=n9y zJms{yx>{*6VgGI5j~?OAy$lxqAD~75BMiK7;eU}x{eS$%e`i=95jM*{niv|pZ#gXe zs()#k$sMiC(IxK#`^}UIsxCiC`k(HEV0-D#xXK%g%gf{cFxOHYl$`9`@4OPs-!SzF z`)9h6d2L%?GClrP>0ZqLt)TWl)z`}=O7&b0l*=FgiMb1walfh7{~e}und0}j3A#T& z2w{JwMmtou0oWg%M3^&ndje+JWTDC@p00lg%&_yXOHlmRaa~YQ+(-{u7gYnx%kEvT zS+1<|irpV5(p{}q5YnR+J#5~&X43Kd9J25C@OKt$9CE|HlF#Pu9Y#sMX!=7=lP7Po zT(dpkMFz)%d$ZxV~@a%-unH0QoU1q9AN*Kp~vcm z>3J#7SBKX%!biG+M^UqsyqcJ=EuAsqHT`mqDprlpy3bA^XN^b9+Sy@=XN?PT0zrWv zuI3%SQf+A0K|Ql;j~D)T@P*f?kRP1y0Y`0t>v(wA`GFS@yh^4(UHN0rN~lX(d^b30 zUB8d}(QO}oIQf7KTrJ=x^h{bq272VN|BW|==yyoliEZ^^YbWh085I1W_j|mT$;<80 z@bliLMK91lBEMg5xZ~}|8=+D?ma-YiQ94_2V+6DP^qtaP-DfT~jy{GF-o`Ul0waP*!Pu`tpkB;1J#=iY zFw{`B!Y&y>_>uMm{OK%w^Al^O?IHO9Z{4t=lzcg2aNE63PR$y|>B2Qee#}&L#7HOE z9Jc-;^yk=NkL=dSBJR!N+A7RM?y8HK+3!+957w{BEe?W1)L0z(faT`~zOSh4-6kuQ zRqEzxTQ+%c16mVXvMOOHk{?j`4~1z_Uq2@!!{_!BjM|}}@gg;IqGpwG$IxKlf_l`vcuq1bnV-R+kb$>Xj&x*!TqJTALN4ZnSC~#=F8pTuq!p{NAbJjwEsH z_LJ_bz@4$e9m*~<1VX{OqQT*^ZyP7Ai-C5F8j)bieb{1w+;&cduZ%)AONZs(#WnO1F zvm!Oq+{zHhL+y2*Ww)ZU_Dp1-4a_ZT0l}0gIC6RZa%#2nj~%~|+1C}LdlTkUmO0V1 zSapESG4-9&6&*Te8PD2`Td=Rng$ss$v%22D9aB$pfuV*e^43!(xL$ClDeV;2^t`Fv z8b5C3AwQ}d#?AzB|250XNV|0S&Q+4;rOMF=|Qk&40U%@XBC74Mlf2OL9e_BeRalEr-a zvw8Or3IR+53yi`~EDU09f8b<$nj*N9m$4PR7hiadba)te#!=IH94s%oN9u8GZ_Nnk z50+m6Z_^ER@qTV<5(f)+eB=4HMcIlRZ2IV#z9S*CGS#61nVdEk{A8r7^;7iQZEL%C zEeu)Mo4aaVBt{k{nV*ef~Yf>quDq3*PjF6rZqn;#xHxgWYe)exKW?xhFJtFDaCw?8mNhdNIsWp^8DFkI?@1!aa{Rk)CN!W{pzu zfuAP4CYmyD0*V}LORA=aI`_Qx3$8=3K86fAr_^g{I^R6c?Y|M99#;YzO3M>0tPFP6 zdg3Fsro@WBcdoM9dM)-{USYnYwFfxAesO)Ru+gQS&7y5Y?0Nw=E!FiaD1YZSLj`<~ zG5!U+_1q`F4ksO)#$iR?0iDnd-#fCp9rt z20R`+P)+_l37(1({Rts!60U(#0w4S(scG`MrnZ&xl?n2D?>kSYv4(=QPxb&RzocEv)`A|OEyiOi|I0pgFvv5QPY!&CKpZ;+%qp9aoJH;d4J1*-QxY~z-RG}({bds zG8OfcK(iZl?j~j;kk8F?lPO>K8{v0=8`24E4Ll)UUi^5TTs%uYSc{FP>T#C}qlH(e z6rZ5GYlQJUG(XjfSMXVB;d6nY(>Z_!f2ZLgVye0}RWNs2^INJI@WxKXYia!9tMRTE zeYZ`64Yh80efvBZxVYW>jPZGTI%shtfpEFI;I!@KGsl%elA>cJo`C-nh1jB{qoW&y z-uZd-7x9qg?NtIxK_HmX89#s)#gFbNZdedX0*uiO&(A|67Ln6Rv52Y{R*DB=Er;Fy z5!(;w4lxQi_4u|DWi_vkS}xQ9a{{7N=;;>z+m+H%3C-@HCcJef zvQCvJK&KoBzx8cP<}1`SfM?^^Y7Av{NA+I$r`>Rv`Sk~-YeiZ@v-KsNRHzKy0vi_! zQ)lY0(2WPzWVeNEyCfB(qii)_FNs4h7En}+r~it1uWWzkp@OO~hg0A>-I*Up{3u?&AakamizrDwY}b*sHMrF)txd*a9a=&9a>w=3g0-BqZMOhOWX zlW-;CY7FY}ux7`O!u`kg#@EnCOP7f5I(nf@A38k7vz+el`SCmOQ*}tS-rfHMz5?Z# z?x+vlY2ZqkkqNpAOONrPttOUf-H|%Hef3&5O&0f5ztc)V!oEowJ$ipYb!w-3JCh~K zW;o&7Vd7twIwsRpyo+ds-vN%Wy*q#FkyWLXgu7L&23mgTHa(b{ODiqup_f&vkf34V zD|y<%#;kWC@MsZw3>q~iLkW@!)83?|r2sfh(S9vy@?c3U zell_F{v)$wCO?_|+x9-Jl_eC0tB40}dw%30(@|%9}r%M!h z+(!tq3o@!Gj$U|BJ;^sn!zz;(*ChzDd4qCVbciW8WLeCQxwl_?F^5ve)AN;d2HDeN z1qo39kk+ZZz>wVlr|Jl_3NI98mU38_E=m7_QDhu=6x-#}I{Pa>;(OKOsRkiIy4d+y z{}+!!17?jc*E#E7qmq5gH<(sFq5j$;wKpkv@pghbfb%~2D!jjT20rzYrZQ&ZBM17* zQgNiLl7F>@;MLFDV&>9}$%LmzTU1YyH?N2HEZbTv*~EtnCyWoT*SUDSH-^6*7Z=~z z9s>0k1+C1G_)MSssdu2HxnGDZh?QFLCmgil9_zAhpX9w_MFDPtf}i}|g1#ql$WI&8 zEB5^z-_j01w*TRrhCLta%*0u>N|$-Of!6jf-QS_DC7yjpJ#46%vTWevdpI>o zd4)Z&3iDIZsT_ZHW9;+8zvlfQII>{-KVz#f?_r77zc~V+4rtNU-=p!Y{`vGYC)Qh4 zkXc+66dy)6P*0(%%^o{`@%1$mmL3^@?ZK+Ft8YTrA3S z9^O#W_3(I}Elt69IQ=ZsG839#)R65I6NO8$dtPq%itzOE@PoIk3U`+;sGZ3~N2lTj zhq`Z#bU&Lrl{Y@rrF%y&_}x&D!nUxg72>>9+4)JzKUt6XuzD;|h80D_?lc5vfIOg> z{WJzJ7JTF0F)O_}muD^%W>>h)A{u!P6bxayk6A!ay%R<%$3m9EZ`b}E!E*RwU&vWsE^xBR$lhEL2DVZi%8!T+qy9g6MTchRnP?(XmL34KGwMMbg8{nqNqQiv|bbp0Tq zWdYl2hY_7AVfP4Ut%n5>Mb~dr-ZC3GzvSZxj#?zOR+AE^&`e1s#rKt)SbMZnXD>#A z6@0yg_gn+g@*;C!eR#ZBUb^8m zGp}p9*b9!V8Z_H3rt7YUdXnl!YhU3;_L*<=2L{?{hs;eGxN8w@= z7!&0WbmII8OE}yd(KIIw<#ci*!1>Y)4nbc`5j6TeQo1Vg`EJY{nt^OGVpk^R*=eCQ z?7MFf{hwweqdmS~AKLzC&u&wQJfQnfe;kr!sD-9lw|D4N1?th&(CtR;k3#?_LoDDU zWUO5ri}*3#XZRe5akvNd^vDEgg7!92Gkbf4S-HWLYSbl^95Aa?@eR`$eA6Ef2Hafv z><+|Tu$zRit%=GAyem7+vsWaLQ`0FI&u*VZm0xfj4C9CHw-A5Ml#5uHInTuJFKCvPaA)wL@=I98E_om~q~&2Qs-E_-p&CvwUI#`E=&REA$pRg0;@fV#McBi#Rw)q@L(wLOLwJ5tb#U9%gh>p2^I?F__}& z>+1IIc7iSRF^eI%L=|8U)6-+W4WlNz0icLM{vq2ba_q=WP()+Lg-W`Ux8p4%5Cpkt zFPv4))xAl7zUwhzr;PV);gOWtS4wf)%8J*msg_jj&U~cpCUQb0PyA7PuaNW48Y8au zY0z{r#Z4>Cij0gN%JGr%O@M!JqHTK#sD}IstrlFWj7C`aoSzy+O4`NfbYn_=(W(%HFm7ln-=deIp&7?p}2lBT=S;V0iyeFp*V&dpAeK@>z#g zgVc+MAX4DR(!Nd^`9Xg}M8**ZV<|IdcA}kNK3#!JSIn&(7jp1=17+@N=DuHaVQ2JB zQlYUQ=~wQL2{$W&gKN%t+?Oh59gTz^$qsqZ;)F?!ad_DgB_buhlsUCjtuA!b0IjiVRr)!ISrb0Tk zPX^R&jf`EfY`zp626sWR)7ffvgvp?M(RQ6TtElb#T$2KQ(TH>C`YA`tvzEGvH#6g*QBg71q>##bm8XxDxlsHR*=gOSk4NVxMt zP-cq>dK6S|bp_1WY);zpNwRtzQs0z(8G+CyqUIF#u?35QGc zKbH`sfMVT1hQKApg20u4|I=*%5uyHp;O-|rTPjw}oDMqV@+O|T_v#gWlM4nJn)@;1 zbCruq1}F9y%*_oEDfOZXmDD$tOX&l`liuindc+E?bQs&$THBEP@BY(2R1^-zK3LQ+ zOgCv#u|Fm>r5}Egcx*3B$r=mo|ERI^=IIcHN9_8JI03lP<}X$MifF)hM$vzTI{wpz z=Vqw=usNsh3{T#-Kyg*F?M3%Lowh(R7&N~N6AiDnHt3q@lyQOfUh(i-Yf zzMDq1=3OLzkh?e|D@~c`_$kp_@PxCcf*|9vk*RiZ76GXWRnVTrXj8#K7^L7nHeQZA zI*y*x{5;x8Q)-xB#)c1gC*$ZSXPf+O6$;O!tjQnnrd_LI7h}jc z>m3X}w>Ak1uRTLQEFB(ACP>moWxKF%!jGn^=SyL!=iNf9?>WMVQfF(G=F-D(Au7oC z2On_O3nAO@?c&Zu4|i(!j&V-8;N=C!A`pzV7V}|OKC9{?+`c0^TXbEXCBc?aFy$u& zj~($>Y-U2BA&!`u(fR8cuwV%Ix``tj=RQveh0}jyVyU^1g30ne@!xSqm}V@i`-;yy#{X_e6Q9) z`dQKa?#*VLsp>UiKsv zup`pI=RQbq9#0@wAH(dB)d|bz@u@_+DJiV1&PukPe+2)E?br*lJ($}(e=fEctANa| z(cg4+HUm)f>F1#f3rx8NtL`~S@38(;bt%XPwM)T4#-OZ$OZtiLU$E-1t`9%j4Xp$L zaF*9ZX~!*;(ETZ)jGmZu>-{zmZp-tZ&3)an>tNylAa$*c|5mNRA^)PXiWb+YTdKX&U}8(ZaOX*vXY^T= zmBA0zkHB2trDsKOM(o9rpv3dXWmSVM^sA$t$h*SoEz;6_Z8RueihK$xnfq`LmNOl~ z;4XwKvPUS&nvT%%XqU@7XGzbtPG*0>Da;dSjbzme1=&grgy{YrRnWREf?(zcZoBXn zyGs?nHB%fj)9AYB$nE}&Gnpko`m^$S$UH#%yNUtb`=CPtR;)Eb7LbSyt0Dxa0Itr% zDa1Ygu+7APLn}G;E15j@EwMIqs~e1O2)gn50c6VWF?X$r9Xvp5DHl31(%SL zyT?zEd^XWn-kQ#bh*Rn~bedDfmmOXluQom#Qz%lcKPP}6uik9R5(BYr&5$!Z=i7;@8Ftch;yo-lel9+unrlH@$~cTnPH z&0u3r3W~oO_8VMau#G_X&>+?|T$@T>NgS?8e*z3J5kBAk^k?o)|7K4Y(Owh~w~&u> zWKnk?ZF_0rX&U*At|DGug8dG*x6`4*DE!*bPH@Y1d*>YuiAXS_!{lCfvX*~cCk7o= z*xYw}P4inFcrca9)|5T{oGJaWgI?UQ>A>?5M_JBFD{eW=GI8Wt=?ypX-?jDHWG}jD zS3rr64csvBj&5Nc`+BXb&e|AR&Q+6Yc5-4`@1a8>%H$Gj2$_(vNW zxh+ECxW^Nx2sRrJadR4{DG4W{+elh1a7Xb9O7>2dVeRsDBDkNozsY+yD_3iY(;=kk zZLHy9Ra@*SQnO5TBzh_W%f=0(dD$?)ccO~d;t_5&^;jMLII}{lF!cq$ZLY1(tYqi1 z!bwgWGaO71_3@^j5|2Y|L(`9?f%87TDt0o|#;CTIp=hx;HkNr*R~iU!u1YYac*YR8 ze~o3ur9|&Jl8~E%>QMmxQUdez#!*)X_%c}n`D+1biQ2(36~3gR`=j+)WPWq;2YU#F zJI|qHyfHiFA3mHgSrm*HVakj)2^aInjiwTiED_WaC^FrE_vgZ;#=xkuC zQG{NE%pDw$+RPeQ$4fSg#@YU`#%q|*WSvy$X}fyZ1CD38zXfcM(E%Kri^@jm=3-Z>2)S*j?J%}=0^3w?8*6^=&x4BU&y8UAvUudR zlgV;sToWlaH7U?aVTm2-02Ok8JbbDitcA@CORkY6UNUZpL-M+>k>~r3lA5p`T+AQa zWIbG%KKnFu(=jvOoNFF+z)jkkDv&?FxJ>yRe|&v_MT z2dyGsgH1gLU8gl;+j)tFAaOQDeirpPqG96%eAwi^pSbQWOUccfcph$J9B@9{b< zZ6KNKb*hVyPBZ5{@5r5baYM&d-irEwGBl1um*C&5mIbE;m`y)F;%W9iH!LD}MS9C5 zS8AW9uQKS-ebzautT`4z{9{BFyfpN3sp{m#DG;Ovwy5I{qTu566-U$9H3*?_2{+MN zlxZj^z}?!;jc96UM}l~4%UaGQ{+4_Kqp}bRSD&p+o%YC%^q|sIj(R&~!`QDm{ zSW2QBF4ZLw>s^(7Z(E=W0Qe28?ir@DS@%{9smtD^Q!P9?C$OuDV>-s`2=kdX#Gj#( zX2B2<_jRu<4xpSW9Rca*87g?p!v*OzqPo^(=Nhy#6LQR!p9$r@5r@c*FE$M>rv5_7 z&W}s&%62ktCp@-*d*CUSEgUg|rcZ)EukKv0@9sg3C8pf{oWTecUln(zzj?c504)Ga zjVMtPVQ@u%jQ1Rbp)u4h#XZLp%}%{Q0oN_{ z&}(oqq-G7eSe)#4rUx92eiA=P8OVaI!J$ss@0-P4mCP6rWWdFCFz@TGM(0GDtd@de zK)9-=X{;197^Gcw-?H-jIA-{i=HWgfXv{asq~g49EHh_!7-?^4?ny>T7y8>(pQU}p zm4MF)-PnckpW*HY{t84C4SkMN>S~W+cemQabwBaS^QeBF`Lod|3GC^+)_F2L+Q2zb z?lJZ(BF%_P4{N`;Cb^$h2b~bF$$fVTsrQRn%)DIo6Y^3~XiXqQAY2Q25E{iGeDk#vJD2G7?oL@^*E$h1Lk<~+cE3zp zKize`f)zJN5M1zc0yFJ&9sMVPA<5$?>YDe!=%IX8CCToJ_tOrIXZg1UqnV&z%u}AI zZ!q4Gtdm_VPo+Q8DxX(K+?giBA?5{qX+|cTtl&zoS-9^aY__6M)*`3Fbl;oOcG(Ed zPBM4T>t9hPe?CHnZ1ulZ^|iYSEwOGl5Uf~8LF6>Z?`=LYP;ao zOQSMAZjM$$*|CwKe1cNjh`CWSCqbfU(=@0+dRO{vt1UvV4{C!&%I=PQtZ*lPXR{t8> zM~*idor!+BZDc&65?3=m|3}@tRlT%3%R9nh3v@y8riR<&F}P^VH$b7=S2Orci_}p# zUW7%NRTl3J+FQO`n1#DF7K}q?lM#J>Nj%0=t+<>X@d9h1?G1K1xJ@Lz7*Zj7Dc2q& z@yr#|EzABATHO4k1$2Vf*Dp>&jf4;-_TsgOn)_R_q_i3Y!w&mXa%s;#tNGP3SRo;% zd!l`>S_niwaMiD5SDKpeZWUkRv&R*TdmB*P@bIE~*Z{y74;$nHbTnog9hh+Wj`%`F z_I&SMyv_py@lqO3R0BQy_!%RB#^a1wuq`xG!S6NZ*c%}B4PaNhCm2)jKHS9HjPjBl zcAN@odli001M>G$(;l}VcJqGIx!}3&?_PO7ZpMWlpCC^xaP_XBu8=8sg-X}u~j(jz=LZVL~>FY%=HOUNxUCg|+5UR?lIRqCn9 z$#kqjQ4rGnk+*$xyxdOdd0~M|ZlNoJc)tr1{bGxLr(999>$LBTc(k|HQ{m*=E1wHb zG*@b&d}Jq5A$F#->1{c7JzeoY1Qw|fE+x|i`;tzlHPI3b9Ow%xzMm{HK?PnvGr&XA z^2-hr_kRmLn^D;#j=2Lf1Bh1HV?$n+X9^i%0~-asZ%M z89+Ar{}wFkPr9feLkP1)j$_r}X+FvGC(hR_$n%M!DfO%R+76-GlNBldjVQ0vRS_Yx z>8~3?EC;#tq<>x#e|j5w?>4iDOwdhef$_F)Dj=KXP#g~ww28PLzf?Qr_k#NIC)o3` zY`%b#c8xo}dRaLOh5qJhxPL%-s_tH#I9Ir8wH0mPWY4+r^NFZ#>lZflO~r`l(O4vr zy=+g%J58C;EKv4JLzicc{1()AJ!Es*Jq<<3*y>Yb3jg6ee$HQplFG>@M5MSBN}>VE zr|uW70W_ghxH4C59x*BHmZ;5P)_DpS&SjaJ-%84zTivWU4uD9)7u}m%UK!}^fmh8; zB7Y5K1J(tZ;p?YE=buZcn@{anNBIFe>p0Q^({LeVL?rdCoV04-85-nmz|APxA5dn-KOkX! z0GZQ+a-kdc9(ms5wXDDqc0cujmaBpkncV=}^bCLxD}cCnbr!vao1})^lnc9>YMH4v zg{C8iuV4BjG?l4ARQ~tlzTZ-AX0|2zRZ#CtVuil67TM+&}%koE!U+*a2C;FoO638hj5>(7%ZYs_0q8nFQRH627E+| zM12sb-Q>khATNK$>1xDv_~>Kg3}j_i(BxB`OFt@#XR_3SYJSG)Cz7(_D zg#~IX)~;jPO~IYYCE&D`4B)F3%!~dZpMIOrfYw54=*N^Q z021MRw~3PFAEboK`7SJLGL9SP;grRyVnfp8K|<4kOiYYaFJ~;CNX)7M)27iXK0Mys z>9v0{3wa3?Grzq-h`l)vujz`|N$`Siv}5XCNRGj;Z%x1mv-fJtMW<54x_75PcuAGw zQi7yJb|JcI$(ocnCJo!5jyg5~QSJ1j#yBrn41+-#J5)IRak_H6V`*B42t{qWeWy=i zpZ1mympgI|qj^K8%3NssC(pmR8eqm4_G|_*pM~R0jVVp4CP95BULdp7S54R*J9D$L z>Uup0`7?;5Dcs(%1NmAm-^iN@7(1Kp-{2SL`3PbU%KD z?S2b0+&lAP>JAfe4Po9{guX`e?r1&ZC+Nr)1`^loK6Kz+o~jUzw~qk;=APh_g3}^r zl>GwMnDXKgL!*Wg7`^qfWt)eNOXVfyi~HcpP)H8#0A>JccZQNOQd)X}IfprO?}Hwk z(>sgCL|a7N4zE+9FV!lV6F8@sV&UPjRhGi6R00!Wz1rzLUF~LctY`}u^mOk7+Ch%A zq_!p93-j=2?Nl-I7v_GrbM5-H4sICvj<9V-o&&0l)e#{uH}`pPLrEQ;P``wWfxrv& zqxNNzI&0DdZBcP??>}S*%H|z2SBtp2l%@5|^mNL`2UM!RTnBj%_O-%Jv*Ped3|<+V z8E3onD?VV$Ll4WYbGT2|&vv61%pb~&bYy8WiPnmgBK)%pRuz?R7onYoAD+seNXToOrSQ_AVs}rjHRV<%oFtp0o?q`oY^oE;up+2$Ihf zUvg>$AH$Gt)u%)9esTv4d_?TQLE?Jis@9e7yZ*_yRVlbN2xPYY2;@R^VT>BeQ0H?l zRk57V-3qmcr&OYrQ|c;5#(HWFlbOg}>Xd5R%O^ifwA)15-8U^{c8I^qZ6l-GQ?&c} z-T%fnASI+bTcAQ(mAvu6AadW3D@Hzg8TqJZwmQfo1Z{q zJw9l2BgM7S8rSLd@=rApgh{D?(S@;uD*Ao&>8~J<9TOL()odxpbL9H=N1@)X!}hY@ z%J`F#l2#mZ;2O33x{I|MgaI63bn4``kKP&~Z(p^tFdUfAp@w$aExf(j%}7u6KK3`z zZ?hHP`mC4<`7;EOWW`MewVA4?t;h5RyCNGcbV43@Hmi8V`0_y_E2H@or)W-`^rL?< zF^T8gCxRK5+>+$MevB)FsBH+^J@j|-zQM++!37v{685)`D+2I25v9e1{K!~Fh_*lf zm^osRr!tp!Z zNmoUbU}d}7gi%m3xkM0;r$>0{>Erfe%1|0pWnM?qV^c50nw%flE-fXFNj2nZ#(kNp z$la%29NF%N{x;ZRXW)_iq1bD4bt$Lk>2yei5+ut4!^DwGDX78d6yhHnr!ef8A|t>USzA-EKh-bhubjI_A( zQ8y{$l7*VTp6+?b3T(aB+l@Ry`vXBSyX@z~zAmc%E0yFBm%&jqB`cVSM@fW*oIsd* ze8|PqvyGud+w?l8%GlaLCb2MxQ?7EbH+>z%yA=2jQ8ZfDuG|`%)KLo%`VAw7q+|ui zG5-(Pfvy;}m+gy$LdEQ<^-``0)R^kvp6!Z$2thhe(}!b6<+GjKR$8X)vu$lX>IHmw z&Ue6i=C?xIA^fFoE9d((R1hjA*1L>m#p}-Jaq$AbiWM*1w5PAt@c2sfSVEM8_+DLK zN7zWP8g_PWaFUP;)d!>3idOLu>v6^%WQI+g?}tCU=ndqJ!tWWVm~uJlR9Z4DuUR+3 zsRtWhJbc3pjmV}zBmdR?G@jI&%VNJBP^5+*;%y7qTx-Lxe0}ae*xrQEdU1`fW$Z_K ziP2JJ!wJvr2fI5wDLpVKM2!=%~g&Y`ocecqo+D1?RVb{V=SnYQS&hLM?3WAFgYFAT; zl1IN>0jOvg=GWh@|bQKv>Sm5wW#WA`dUGQ(t;5U`a31p8%7xLBTd~ zR{JB}Df2)nk=;eE#Fo%QzLRb6fNl36Sxf|skGWIJW2Hn1(^jh% z4r;WRW=#HDFH0+nZ0qlpdp^H+8L3d?0f2ew_HEtRC|p|@2WfxTS+LT}SF^A_*P*l6 zz7V`$PEI4ZcBujT=uw>^GOI+Qr8#UN&0Hf_BH^P5?cvM1*GDGQiVrNDByb{<2TKhF zZS3I#AHJ3@IV<6!w0W_Mv^p}zSkraZ6;~&xw7?r*E~kdUG1yAG!(~_?#Vq-1QTfj& zg{K5=h!usSTKu$)?1?zpIp9#=oV;3cyRLVdz!|1dl)J@YgzS z3|;i4*V*f6GTfyTJX@LBrM)%;3zTT;(M$mfh%?>Qts3^ zOT2V<2_7tO^o7q__cx#HPA*tHc6@~*D(g~heJ+Ku^RI%=bxaxQ%5BY-R~}t<9uS+z z!jJD#yqgLX#`FppJ0b)D6_F2N{mTmZkPP3E;YGXPjxWgO?(8YmseUi8AEg z2t(@;1S}3M{ZP__c`DMj7~GZ5$>Dr*{OWE_*MBCu>RZ~sS#wP;HB`7!6G#i6Vsh~l>IKR)taz(73B$Y_{uN=cYs%LJ1HUl z7Nn}6(n+vuJ>zK+doG3|Nh-2E0U>7QCeE->NjxM2@69XNrmejy=%Lq-Su|6^WKV{Q zd`r4HsDEzGbZ6|_#2i}wtV&Jzz;6+~=W`5{X0}wBKHMwMF3M3xzdgoOn~ow`veAbtX6VbD&Q> z#B=()c9Km;Ae+6k_;(5qzn8q{2FJcLLa~B)gfC4n*>8tsc^h*cLpk;MzaQ>OIL&|oes->)I{pK)C<|IsWCiX*c#mZ-S(vQu7lTj_ zze^wyD8<(*Gn3tB!ioJ~t|H#_-*C;}c_nd(33T`WDP^N3|Gw_u&!Xx7JlucE|4Cn0 z{T)bO4x|3L`y)hF#HvJ%Nkpd4He)==#6vm7VszX5pDFaexw`mhG$XOnxnZoRYfk2e zP~X$z7N4I9|9~#t&-w$mEUx|sZaF$S>aU9>jsEfb1&uEKkr|bS=EvB-(4&Hc(IeU;ORLSvTL-yS1=>nzZGLH=vHV+z@j>ev459FK5L;lp3{>Q7DV*Stg^ z$DtF5sxmgV2#y@Bbg3{pwW}m~7D5?4di4$jB~$-FQ=C$nn(uYB^Jvnm#3Mz+&W?l6 zS)Hi*uPe}iyg&hR5ZFp)ql-lR$lRgzU2zg;W<-U4t`v zHfHRV6)2PX0w1ARf<0K*wle9uvnZKO1StrfbSh_|V^7iC<~XIH(>u12UODbkmmj}m zMZW!#H@5rN5CFB{+q?0fZN><6oBK%#Mi~l~^IF2rP>jq!5bKY3Ei%Rsz8$01 z6gLj8sC8C?P;D4uNm&n+^S(gizU1IC#?qJ!8+qtF)$D7RV~FePu+nNlR>!g5cI9O& z_ME8`cu>$hQrV$P0jj?FHndY^s+x^fvtUho4F$bL0j6_Ins8Sx&+c$@gzad$0kDJM zxxrSmzN}au?FLdQ3Y9e(JZ4?YK48V#QI&4ge~fKHoQvlxiEYo}FykmPGiD(U5*vyGtoR?K*pFdUav_D2vf>DDfij zK#&TXdrR+{s(jaasi3C^$GEJri5dj4tzTRX%s1YBb7nYa=SDPmX1i2fSGGPsX|?&*pwn zhV)u!4Edgz^)|>G?+_H}9=HDk-SS{D$dH_{?RJ)>iBp`-(m!p?`ql~i_z(%{>?NA3 zIR=ZLuVYI(@A?tyr)P*KM_bvKWetW13-!(S&U9wkvJ-k+9tm-AVssGnC%kZT_}D3B zIB}&*Ew7=$>2*&pn=$xD8xq@k+VL0I8L)vEd0}yQaxVJZX5uLm!^|$_sBW_1=GK(* zm9-kr(CB&xajDY;lJcSENvA~(?&Kba#~)I|ekq7z)_-c{dH>|uBfE4UP?VV6Za?&i z&V$4#Ei?Io#|-r)qA{rHix8C&-2xQ-;OGICiZ*9x#t|FKhw;GW==~duJVnHLrq#le zFbOMqJ&I%X6Ntb&-ov)|r2cjqC`F8u4Bw}d(`^UauuM&)A7}T`g?vu53mE4N$78q+ z898MRIH9V61gS|L*&{|XQ#o~CRmcF17i{|;*}vC`mVa6-Ar)Hw5=U;@ikve*pIhMi z4U@YZaCA~3hvnC!(?5MoL&lT?Vy|psm~?c=&!^<%*0EAwAr)r;=4q`vpOWZWgfIAg zdD((=FL1R;2p2!dO*Y9^qwys8)2(W@Gov?8yC*gH4>E~T27tA+oT2?Q#Vez=x9d#J zfB708cNyVG*lH%e-Eony8=aNifi^Wg9n!4<%kv7$&ta$NEtDSb;5K9 zN1dE+H53r|`Dab*Gcw8LBD)Pe2V?HfbcW6xw;qbv!t_sGM^SA; zPx;lL;X%9>aT9f5CFIUv(Tp1Sgz6v_Msh&&<%${3*jUpEcm)brQ}dcMYou_0A{jkvXM%)|iCE)^4(@wz)tu6k${IGgt?9)m2<$6^x_@3Nh)T0I z3lrH8T`{E2+zAS>aeSit)*{>yY|_RT@KP09hmN_$B{BK{Qadt)xp6XhHGA|*I`e(k zV^+VTkhYaVXkvi0!Z#}Gp(~kFvWWS-@Lgn!-r1Wf)8TKyAI6-0Ay%OevWi19&CJWH>LtjM}FIeo8lBTN+I<9&A-$p?w zE_9FFc;~pZZWRTX-GBAG&@Qef%3A+N%6QB6C zfUDgnb-0-0m6=A^Y7r5h#rW8<)qDX;U?mbhtG_MsQ`!nw2u4fUZ%RFCz^+XdMFpn{ zlz9g4(g$U1XW>}6u7QB%wxxcOg!6_^2gCj5T6ij99_ooufi39JF`5c(@lE=!A69ru zwjWI#_j$hCP)a_YjgSKsczU*`I^u-Ffkx$8n}7ip??d@y#~JtvVDky|!p=zBMjA=e zuYaprN%VyN&eg9%Cc%y+jl%fZ-1P4bm8_AZtjr;@n5s)=hN}2^I+$!~bW~K3&m70Q zbd~htRH;GVHSz6oR+W&L)%ucn1TN(n^at1FdR50Ww3^G9hGl+rgP1nc@bI$?qcU|F zYwLYSZDXZPsIsKQ*v1AdoSj(+**%iaLqz`0PO*FyJzilq4~^44(#WScsuJ3dw1weI zZDj(_x)9U-h}!AAKkKa(d>gUGPdibLRtc)_!p@}4tLq%XkL86i1Ar$NLqotD$guVzQ}q{FnfpiE;cMk*NxiTCzTbargVEh8tVB*!-tTAA08 z+}UOmHQL#I5IlOxc$lZhRtZml_krpCgz zG#G6zz~Vz6dZ1SVNV_=z9`hqHTIL-{1ZVNWPjtkyHRnrIb|X&`v^D(nQ5k0h^=Fl* z3WH|m%>FfWlA6BprqB)tZv;W0UFRPag)m4`JCzqeu2y?aCQrEHDY?!|RHk3q&HhK; z^?TE?u2bU;r=2U@d(Lr*&^pq>lyV;@k7tuef2hYM5TJ@|*n5Y-rk2{y{$CAjE!Yvc zyus8@KR85HzR@lsFhw+Hrj~$oqM^#yU?IRNtZ)?C4y3L(cLqM`le6>O=!OGw8kQnz zG=090qYx;}i;fqsTb^pg<_bya`ykFXf(;|+^3ijH`Pv)(kao1y!=T%1Ol(adtEUFO z6zXTn?{Ffgxt{o0zPS+2hh-w_l#r&@t_kgR{sj2fo;Ce^A^`TW(txyI9#= z!g@kUu^UWC$sAZN`Q#AxV_hH9t7oh*xJ!Fu-F#mJ@5TR*#JC-xmp43^&x$~--(Np# zql?5BGJXYB=d6C7`RO@{6^6XSoeZHKFSU$p{qS$(Sz&`k?E54H^U?_MTbCX{R+GW1 zGLYf#j!A7${qi&{zZq}TCpl;~-^D^OB^qAh0(6Yvpd*FPc|wFnlMN0__&zE2l1|$h8(-N0hP#A_+aOaI9PFOgVhs(4tCS!+d9}sQvhy z7{Xr~34gwZpxWCc1n0tLR+xo-)=_l2eGp5dPex2@M(yI%O9^EHlxaERbfk!}86Th6 zM>JDv!@$KS!b3iovUnZQG~UMy8tOAlm5cIvF!BMw#zm*Btve47zK zNM)ETF~aD0A-lLCj-K9P%3`YBsub}rMKUNvw*AIH5a|WR2d&x~`Fmwwxl)hvt;^0h{aoV(?te4`_G zeV15LR%T1B-4ON<)Sr$v1n&{aO2)Ny@?*Tt?}wz`ylrgX0A436l8B(0IjL-p`ezZJ zaDI5PBWw6?7?@dGTbC}ZKRbh`Y+J%8Hq|9?U>1q+%&T1N7Da%9qP5~8cW9~#Pg+#& z&?NypsF{oc!rq5DIGncRoRE_u5&TlsHSn7F_Tmx5UuM0dhTdY7r#$S*{FSGQg6Z69 zbBBnUYH?kttKsdpMJLp{a*!|+aS204`CKXqyMsn8Ih}6NLXj|?fX_5pT{vKW@*vo& zr=4twU*@`aYC^6vNvNtdMGnMmb+(VAiEl{okM(MuWiEY(? zy$d>eW^Dsbn+gc}!4;U*UPDdi%Xq96c^uGTQ^Q8Oj?ilJelMQ|;DUpfh7#!(fbB*a z>q)Jhd>8{QU7eZ2Hk4}QU>=QA;TkjOS={87TbyJ&fL)VMrxBlr+4Pbv47Q%&x7r?w zr(dy|R?EYui2Bdu_9Z#?f`?B`s{CPv6(PL+I>@}jKh2AsS@t*YFH>SR4r(?|xo7ZO zJ(1DPCC3|1M!dEydvl^H(&}zME>Obg9t7nh;Yt5^g?b_^Hs1IFEzQCdW6&(@`HPiV zR(jCKoLwX-HK#l)ag~Zr*1@;QAH#v0#W$85Ty6I7*k9+wxHr$G>~armp~@Q<@cS)= zj*_p)bUh258P^3*l?h7#up>4sfog{K6I4|D2|; zijK^*J}d{t0#d`^foxgRoI!Ewj<4-aL^mzrBDIOg!`|hhxL4AjvEI2W0i1S-S1WuZ z=CpYYKDS~%k#8SmW`_V}T!O*KR3(_ZauveAa)!!kW(B%R1U zL;+uRyTcE&Y0Lzg7x(2Pz+lfoyQS5_<4pxONRj^;_1Mhc5ugx*Ypw=g3-m5@Ch7(2!J24Bzk zNm(cMkC*i5{p-}LF7w%iz@v>O|JdBsU>4T1%a2uS>vDaylavrFgROL@ao2rkye~wd z^EZJbO4cjEV4HTsb=7Tpc|9pkj^E(ccy3BN8H}$t!*kd`E+lVQ_bU@21=z&PpKoVp zM|`Gil(H8Akfw9rT(@~G$o*P2MH{l&4iaAFTHBe-5_VWBX2H_jcwu5Tq^2$0_3p(E zG_$?GkgoM6500ZGV134dZpg6|a`~03n=UPh74i_#?_2MJ$9X~K6G#j&y(W8dr+7+t zdP%yB=_I@u`o?UffFk+wENnpLh~1JMVcLRj^*-SK5}*l@qhDdFt=U#rcdF34OvPKa zJ_ycGX+_3MFZo7W@F8Ab^i?o$K!HQPixE4L)yZj=A&e&Way~5DrFY_gD&k+`TTTr^ zufz4h6VQ~}b;}U+@%tTFY|>)r{iO+3Dy0L`9Yj@j8}I%f<5LHl3jn3A%G@a#_i!1-f3x9BZF8q(240|lHplE>NA2H5O z2hqVnYT5Y_y*w{(`wTwG&Zo&gI-I=+(G8ik`yX1q$`J116O!20TL6@``06mAiZ$1vy|jxp%pP#n{ala7!6S4P{cyA<--4a>+Yo6YgthhR(B-|OCICSlw; zXpteR>5Bw@zOJHveXfN@xK3`zwjAKtTIz1#^>x2lLo8W`;qE9p|e(5-(Lef7V~$?r|br2CME-$!4Rxe6FC& z`X1tBmAQgVVt$-=n3plun=WD+`#ymQBSafGloZm4V2_iLNt00Mwc%a`ac6x0H-_*g zG&-gth$_%_t@z@i8qDdhQ<$(ssBj6f=35h!LDaNuXBMU*#$a?e_TBx}W`0{!jCiMa zBOoUw@BI@N)jQb#1~n1C==pDI0xZpa8&;ZyMJm$;In12gsW1!vMRG1!Q@i)-MzFQ> z2_9iFwx1~z$#{Lgv>!1OswkgWFfq+E!Kv8H`WB~<;ApwoT)pwTSNsk32D_38<2e=C zqXDd%Cu7XS(MN*VfZ%ZbN|Tb(ZVd6Zj9Ub1_5Z)23BE3jLBRkpa$QsFp5own=u`kA z>kv`i2U**f_Azwe%D3J`h((qYBQ!K+f_BG9_-0&n;>FaCJP%R&)OSDhh;socnx9EC z-cA=$PMsLVN}4(iA2IOyNxM-)n+}P=8RWMzy4FGXBLg~?L&{akqj{uL&?_ZJZ;xzc zezyx42@9lb0Mf`YKE+Ig+s{(NB{D@|5}oqY&JN!Hq_b2Z=I5l`>sL+2w*W54uF2ElHKjdTD zchFPkd*k9(?FF%l%`i#CwzI$#0K=^dE??>}@+Td`YCmdOYA3ub)*(-NpqJ^ijZefj#EJ_OSvZCe$&`QaDYWiC*u zwW)WT!_XvgNbF6M>~K-GKE_T%BTHzl&_Xeg@8|t#@+{2utMH`0C8TB= z@>;`TCi20CnV{~mrTCIz1NNR>9NCX`*9Q7Nsm4jW+=aMNGWg&XDy9l&CMQ2 z*!^Bq*jKmR-!SXsqh)Re(Cg1Y+1|Jprhb!Q?cZwK@fbD|iL>Nx-9_M(?YWK;H|Q&} zN6uFTnI)^4yN@JdW>ESArwrb1EXk!n9DEc23AwAC_Ou?}fN{_d)l=>=gh)O943agj zZ$pik21_#SDoG7*geo7+tFPW8r#(teJzrm`liEx{l-IB8`9RHbMdSu5i<`wY%InB}+8egFlcC{vfPd9V>LIKa~ zQoIdu`Z$-Y?yjE5uUnnyAz;UYQ-aiT1QD6V)q(q7a9->kOnvK#rqB}<80KVNlDNR)?1;1Yc>ezalSkaVGByv zhy1_Td+VsUmUi7YK#<@BcemgY+}$05YY6V{?wa7iU4py2ySux)>ut#T)>_-f8ROh< zpS}0FxBg%Zx_i!9J-cdFz4bozdki^(g%ln!GeL}(%cYw4=dt9Opuv^g{4KHpPBzf_ z8sY|cOd0Uqp1mXP39doJ6pNNtz3_#@BXK13`6<8I89TEm7TVh1BF<~$ZdeK7#=h$5GXh;W{Qix#hn+0IJ{175QE4C?x9 z)Yhj07yR&nMLx|-;JhWpzO;rTPJXS%Lg!<+qT;GV@sZl;M*PW!B7gw4XRukPu7h>c z_-BqfP=gfx?=S~3ElPMd_}Hb>D|p1D0UL?%m)w20o*Eb&-6NMUo!|0=3^?50TZ;!r zfSy6}g&VLdU*i?Rft&)sd;Ejt@d5}&Z#sCo1G;#G#@Yb@4cWCdGyq%S&!X^^?jL-Q zXlX!xeZWRR#=^KkcVsr~^1)div)qlFtC|&X*q<5$vee3t!!2iC99vSR3}r{>a<5#E zTQ@k}g&?zd)asL-tLhCv4i&Tqpp^Kls?7FK_R?#Ot0j3rL?kKzGVR!#~v@C0Nw$fE*^9T{FE zm)KCb8~e0Pp9ui@<1f9(D@ViD)>cQk8@_AP);%aj!Zkh+Fp%m0AvPHkzV6Jy^g%lj zf&R9uvG6I^TFfqfAmH#s)YY*VA`vgwS{I--vG_}B@DEke*M8Q!%yd~u6cnXeJ5tr* z-|85G`&yiZo9{cj8oL1{Q9IVo`&f7*V-KUS*ReaVXTos8h6ALIY60!4l(vFLU{jG* zk=DLi5&j7m;_KyeBR3XS(q{B{zv6&Qqob88opxSQCK3ilC`{sXFZo;AiQqmOt=Ewo zFb!6Q{)$BP)=Y6=ub)0l79Dtrr?<`48ig?iEt$=I$p>Rsb1{0u%av&II~CQ)w$AqB zD0M@!7G(^U=o-L+uQWOaei6NeX7j(VZXg@X^ne&$y;GlA#1?*TgCKXKB z-X-rx$I0VH#*uQEU43_wmog9+oHDN{`#Md_(#yJ!)p?yb52YyYC6rvBA(#l8M;wO? zN^*sn>0T!n7&pOM)v@aYq+Dvq{DeeUEB$R9{BcED@yN&xlDR#|gmh zK)|o^_(pTN&yCXZ2`c0rD90~V0=jcbg3YAGuW9sb5&K^%n~C09#iw(QGLr$v!+k1J z!Enhkj}1rlpHuG?w+a_o*LzaCHwJ47PPhNBP#)-~^8b%k9@I5FkEGUGEFmu^FJEqj z04>%_$sG^Scq!AKLDl9zHSR03UnLP@#bGO7B{O3{Zfy_6?D*CW52jF;*y@m&R@^{S zMh=I0&Wy0Hu{hkQ<8nU!WQ=tb4N%9=Fq8;zCHx56>*cy>oRGK-kz+yCyM_0I5m^ zxO>tWdN=F9p0otNAtFfD+KI=p&H?v_T6J|?5TW`F18FBO>CVg$!s&==?|>x#Z=z_s z(Y~=sM01$)U6m$w@2}}QLsl{4YmZ^6Df-)HdeE1)&f72Vc)k?kD$7bWu~QYv(UL*F zNCgExgTKZCg(?pW;i&-lTpYF7#IQ!o+T@-di_Nv~TdL(we@M)!=uv(WJq%P217xSU zC)BS1&p!{i5IadbdE>4!{tFCB_Ewh21n86SG!Qj*d&;VSa?MrG2m^bwE1sGSFz~iZ zhXx_m%OR()$k097y~aELUbr=JH3gqc7imX_3ckYx4Hm1Kkw?WFR8;bZWSRX<7XSNNAb^Y`<1=ikdgQ zp(bI9U*dVbOYZ`bQ&SxHhst4a{$8iccFJkTckS7ISB_PbWw_x~I*Y^@PQ|ycU_*WW z<27utA^Wm&8)gx0!i{tPEC8QrU-eY zHa$5hdRM!3H|18ocZGf)=4w+t==*2?Ui}8w#I%rvBsevRL^}9HuzJ108Mm`sN1yEb zA{6sm_iY{>>^0RIt6^zMQ%vSIRS*5So1?;X*G`Jbd_BQkeyGoEkPC-2Eu7z!uo+za z%*3w>K(8bf3uVQh!_@cHmFeZJ92Hq|3L!h*r9wR3DIw+%3B%+p!4fQDp(J-Oz!f*Lh=?xmb;i{>GA6@3-JyHxv zqPudYGuelg4OSf(0j4SH|0Fg>P5Ah}SX`OaEyN&db=g_z?WRVo?fVO%p-wTQraPAV z(f3mahYo?}EC*hK5J1 zM772uBo(xK@g>_vUpE!E;}JvD+Adx zr7W&smgNe+JlO^oSRV+Y`*k1tdSJK<1z6BzKtSDL{~5qsmT<F#fN|l zcTVBKpEfVdrzAqvtiV)0E9@jAeoD+CyoB4b(nO_2sX%@9EZWJc(s%Byy`>VmrHPt% zxZfon=c+u&ZG@I$yThEOO7>lotFwF_n)fpa-p|`2Mi$?ZyQ<6t5TNX+VY1X?G?sqNK1KK3N%fSktW3$(*0HRR&ai z`?8g}$`-+a0Z5w4M0YNu8I6?lVcI_|3>~8yz==~L&d!c$(f8wZ!%Pzsq95;9)ee+~ zqx|kehU{|L)kb%m_q>iUyfPtlfX`W~CxNWL_A3-acPHa|*8)ZWiutSlK4VV~>(Q7h zWyJ+wnuSf}G-5SjOjUb5dI9qkS2Q$HE(iujf6e;PAk3=L3M9kQ=WIspP(cO_zv^*; z#Uh2Qgaqy3XtsE2?)P!AB_=^7RH^uE{FqcO>}&0|?2|(h!m4|K%~Z2MA)BoN6c!GJ zCl>EF0{UuyEsGB1B>sQH?ZmW`oByY`8W8>jti|A9|t>qnpa^7&xXfN@HK3*j%R2?2FWhx zaAeb45V4ufCEjQ+qMWUEK*p+6!Z3%*Bi5Jy6s5aMuTWOg%&9;xv06 zpnuDwv@_ZSQmgnVA~7QzrwKAD{IfAF@eTv2g> z;?q@jfY1&%;9fL~+x2r$DyLcwMWuO@I6?|3IZ$6{#H9#P$lHek{zg-`!t$g>4#o#X z*2WLx!1czY`)PU5f@0(9pXugiv&dPE8@E1nvkgQr63}}Atb^;FIj*Cs;#3oBy8{91 zpOwL@rt`4Ou=*ltqu@zz>Iw#R4ZYsTF%dWQ6-pH(U4nnW-DlgS(KBvAVQufZEL|7-BZRTBW|F0(q{7GlW8 z488IA+~vCFIBlT~8rPJrjFa$zL$dumi1+r|yHb&t&7O)ie8kVpsi-01p?%0d@zzqk zFiI41dWef^k{r4zN2{j~Re!8Z+#GJsrkr_9VEagUP#J}K5+8!|n?~DyfVGZJtp^l1 zfoAJ)8xpl{y}i@qr??;wn#I^)L3D&MK1^Tj)UM zka)jDH#B_ObtnIsQ6PwA{(fglWBNeuhO#}D7G`pf6V}eg7D)BqDmI`j0%4kB^1X^J z@dh%i!>`A9b(PV~MZoFb54bj#omwI>7IKdDkis7@6?dMp?HklMrwQ!s4IrXcfdRI` za)Y)u#IR$9j$1w1zW=yMKUH`6I0chO{*RuXTqZ>yJHj1d(j9&~JX6I3cZGP;jVF=< z7wqWSxjvsK^TAM6*3~SJvVH_3B9E#aY1K=$UH==pPh6@^R(95EF-OVe-&7zyzy4zt z2>AcL3M9MF&wElLPYC$XFde2Sio(pcAU6OJo)j%E!64*nne>DLT83+JX$kO0Z0)-IbQPNnO2WMi=&nw^g4#Y2w7 zK+>2ZOIH&_Un-kc8F0YHKzEmCi;pnrne| z?-}m|u_3zI?#UwR95li|nS5rPK-4NnN^Obu4?7*%zprZGgNdd#ZwS>%Jnr8KO|vE* zEY1%Kh%?tC@j(M@IDrAIWYbCO5=1YFE~!S`sdc2y^a>w^-8&Kyhj=7S;S|neY-1HF zE4(5(xLp8DNp9XBwq;0O%4;641_JAwWpfjQDp7P+$0X^O8p%CJ@7I3pE^Ec#?c0;m zba9`{v2Iyl`^o&$fFjkMjJ)2R^uYHPo8}7$?=QjA)ccdj;qFsw25u!<>uYyy99|DQ zU+e7LF+c;aX-9~1^WD1?hUS3P>ilbZu^!zH^VAmrtV^jDqP*~)_0yMV9~50n{t+CQ z1=dzZ66l^O_cWfrt3YVVZm%9-ASTQMfr_$*W4`{)R>Ak_R4dR9f1MfXgnHLL$r8vF z^#$VS`w~~X6;i~(dFDAEKqPhV1lH~3z(2Fhey2UQUyEiDe_Ly0OuN)WleP^cM zk1hZzcP?V_Vn>PO$9KQgr}R_J!X*EphQQ?&;kEci5qAwycM_}?qDKOY9+xv>=%0wb z2rXQZalH#&W;<)MNAKrfEU{ZwraTSe_LZjvbf7obVj~ zOl$`TjqhLB4i=MDPcD$gNWDV~QDjEU1)S;i&z0>cO<VB37i-1A=-i zp^MX@y~qj|^jurbO@Cgx$Nh4FP3HZnXAo+l|I0PrR0i>B`_X>|6%K`(L34bPJn^aY z&g=lq9mkW38|s1PC{*T4<~i+XKi~YsVhc81{)=-fo^-y86_Ywh_)$Zv65;!v7e{_n zKHfyDNB<8P?sQn@auwv-OU96~7Rx|dRR|q$ei}YrCj7I@U#4`p`7--6?Wq_#-@hba zlL3aOpe6madC*7V+zTpmL|}WN_TDxG8jBXW$k=okej5h;#E>149yS@=k0q_wM;&vF zq_#524z!+XsV8M?HOOe%8A}#O7C;TWRK37YUW>%ed`q_=F z8JardzThC8l;W)CTfQjPduL+RGVt)9pp<^!j)BEyjrjUtk4BR!4!N<7#%hI=<5Z(? zY=A%Y{WanByii^qEiE8j{D|1HsE{U^I=xG1AAtDy?k43RBS+Yb1rt4eN(M@~>D*MK zMb++h3ck28tZ;2d<-@(SuGKm2s<{khu}N$|t~g5jupl1gz(+2^pXs@h*Ap|q5bblj z(DCd_esfI_SS&a1z745qyBkn!Il9%z`~KSbF-lR?2%?Od;)#T4Q%Qcqqs#=%++Wvf zA%N`|1B%6c;xmxg(rP(G_E^3LKds^ZX|dFZ2jhMXF^KgV;)__UPy}7SSBjaMk|2A? z4vWW{Bna{Lx;ugQNeqwOPI+&rRBPKVs^KgEQt7-e&Kvzpbi`ARxHBDl`P25go`BJQ z=JyLI-(+d{a4nV4yK=~SwU81e&eow$RN7))Z~ST1(jub>He>~9;Lx&77n-C*8H}2U zW#5zV_lvz`VAx0P?vC!52R`H48>XwS0%Rk3nt6?a+X{)T^P{|(xL6%l_m;B-=D{=dP#cGLN0ZW39(3Sq+U#p!cdu3%- z2W3p!se3oVY_+>=6Fp8zo(z7I0?{Kb3)wG=A@@^XqxQ)a_MTH~= zH5MCC3Eu)tY7NNP8E4e|+m01n;Z(Nt25F0ULKHO+j}ApYa91UOsmIhx#(WpIm7*rw zLPtfdOd&Ih=`&OVGmY>}FmtKf*!m$Iq50E#fM*5qsO`S};qo17H5HbZabH8}*RzFy z@9t5P9TjUWpHZrPV)YVBmzGSP#>Vl`yr91DU8Rf_V}nN?t`kOEblkF8XpvfNI4C2l z!X~3aK2S_mVL}r!Y2V#1_LQHNRtV^B&bhj){0L6=NCp3-#!vGYZ4H0SA^0a}LyKb4 zX2;x>yAwhBnyR&(@SMPVl6!c)pc-eq;vh2Eqga4HU8FNxkLEzV^vT*sUf)a|Zh9X5knpikxl z{%MYkyD?Ynkqa~`?iOo}%Mnp65pMg4S3}H!IL`VCRM+Sedzqx~^^x2MW`{vu&q+Z` z7T_7IR{6EXIlST)8;a)9Mi{G!Pvdo!chrTOHbx8mR+f@;K7P;azL|K`GH7;0fCOd6 z3-{ERC777Ru0wt#)X-{ovX zKsR$eG*XwX4rVc1;!yBAOF{adt6yn+$cq$HwX~l0S$78>Ml!_v{#cUxY8SJmaC@W{ z@2jVX%o1htfbz(){otrb>GSO#-HG}OS`TN*o6_TE3)T(B_E)@cijpcxB$mb;{o~kmJCOR{&&F~yDu$iU8l!ge?d9M zJpS%LbEs0!Aq;wzQ%!Llx+Kz4!d!(9uvB?9szH7Og1pI9&P6HK9x-uy<&Qg=5ErOv z091)ppOqWD>f~8}C!Gg(bqn@4gaa1gU!;S;z+g)E?|+d40O*kaxq6m=U2|j#t+91K z4(ZqBcR;a-G|~>Mv^IB?m6IP%e*}OxuvI_o$bQpHfJGK3ntBR~Y z)iY279eeTO5jq)p=xA#bl_D=vuY&FhLG3{W z@$Y99O9zNnN{zyj{kHe_ic= zj-GMGe8ZUP7e-Ee>VN!XzfBuyvn&9BXnay4X;*zY_^G{Xs%2Xq9W{4uY>?npH#*G( zAA&sfptFf59X}u_=xrt~asQ14qqi>!KoKHMp`gj-xT#3%v|n=qup9m;C!YUl9yJx& z8OAkp%Je2^SesaOu(}VDM}7tQJeg7&V;Pd*lRpN6furujWLwn9I|ufX=5;O`-%-jW z#uhFH9dSzuhunm9SKbzgq<;BFRRt7m0Xh5s9Oj0#jXpnO2VsI2SmT?$sew;;KY6V%%jLk;Shd%mV3s+Ff1$O!6$^gsxkpNECg`y zIAEy4Bb?$)hmnHFnOZ*MXLLvQieCx5M!f<#%b95(`2a zZyt$Wu*-39`O2KA!ycN#iO4zWO(^FgDWkTMMd=f zwsO@hE}`07`NEqd?cSr9$kwhZ?H4{NHs%`K3Y%qLV7tQ#ZVxgmy904rW+tdx(MQ1V zY<=At!NAqQV!-+oWCUTR>&f`|G{R~6L<$raa-i2L;_!G#PIDUMXlvDZKc+-;62&Oq z&XY@2xk=QwJW8FT@r$rD4qx;AN^7T`gQbcrY%|yJE_EDg&IowD?o(^9_5PBPQH(dQ z?5%^Cz$JGeprdLJ&8J#Db|R?P+sgj5KfZ^_mBQ^vs36UH#jOm|m?-s|Y^7!l8&aZ8 z06bkezfmfH(g`4IAFaMWz~W>Ga+=bXRh0^6)EM>nioH6HfA~Sl*G|pjk)vW`0DR~( zDV}yS^Wx|Bvyo-~z{$dh^c7I;z(@GzO2N-8^*6o_%oLp|bAE_lGzM*XA>g=t@-)mJqR_!KMi*{o>nSE->4wxIyzkuwpNYL$?7o5ONHb-~AzOocnJ z)AQ1}SWtii79qI8uL(4mO=n_WQaEat}7hD@xf2DMG5yeSW;-mCjrzkQNDWBP%i?;8P}15 z@c=uMw@1gz3VNOHkt5vXaA@m{)>E+EjUR^tjj8G^$i!ky2n4gzta|Y!ZP2_O$U+uK5q`)3r(*l|P{c-Ef|Me1*<5Jtvx(F!yUb}dOl1P5y zA?(tD6?DBRO>@&J>AW3i7u)_~H9^M+t2n(Iu!?u@&UZuwcopUiVox7(sFiMI=X<)MITH%-x*8 zjcy{VhC&q`ilMukubHqpGInsTc&2eE+S zR+$w)jafrQy2IsafC_UU|H~Yzy{Z< z#lAL(fJP?}9sL#TgZ_>#ln+P!Kz~#_iqFB^#@!YCBVmpSEDw7RBbL@-5eK)@P$xvo zljGNw4^7$CWD({|7@4-6Y@s7u+|Av6NLPtKqzX)u!n?Trdezk0l;3C`fz(F&x_`}t?$OVK+@KsB&wk0gPc=9RX zQif-l#<8xA`f4pHpsvl5ORX%;IZ+M&%S0Y^|F?@gvb(D%U`?0tq#8=yHmoZdU_1P~ zxCy1m7_9Q3JA~sb4=d-D+QV0^8-YyKyPhohh@(E%I-M~aIb|DS!L^W%gz#As3L%<5 z%>bO5EGtVa!W(+7H{>1{jD=o1tHR|!53fNmg~>N!>F$E3dT%BeP(qDY>8QdY#w=QW zYW6LtFs;Kfxe_~Sr--kGKSEn$1e@Oqme78&OD}7!J$!2SPMqlHHR7>kMaJn-YZco0 zggxU8lu%_pCzv~lX~7SKPez<=V=Hhvm^Fo2@%U0;7cD%}xJ)%PwE*VU~N1$A%A-nd7HD zTY128FM#-yxwy^bSkU&THR@Vd)ta(~dM~7wGnwVlsvu)BroWZ@i*Bo>NB`zu=ms^2sE{IR#cA3eG@Iht}Lh_7_82NMcTn73md(ajaO%zQ%( zx}>8x`*oRX_k~+8`733r2hL0=_E~a?i5Jd3>2ervBnK|i*}I^wD%tdpqm>yzl`<$x z24TXJC_0d*JXCAvb)jtoBdp_ca=sKcc7L-vF}Z!SI?4U@Z>>(+IX&Bfqqg)jbJ$w> z3d2fa9_^69PYlzSd}V7J%%H2U?0FQ2dP*iU;n4y$u7li~GE!9JPpJe(R{X@nFp*TE%0HQR)`j>Tm_9^&z{@Skm z#XNtGQAdr?DjJ|&BfJQUFYiYpvz+suBxb8Q7P7o!M|J1_Pv|OMdY0W<_05WO-g%&v zf6tfT<@NUtbXjk0I#{-w49i?EP*XElQZ1S)P&{ZhURtQH$)H3=ejk$!LFVEVbpize z0Rb!U@OVN~)5j{>92J!(x}0RgWbTUTx5rlfk%W~<_hK=G7Q+@)-hv|IsPvOEo(U&n zXeP5>y8OTg=IVxaJ!6$Mr!ODc*2{LT)#BQ%n3`FHiVVFyVW^eomEedG88k=}(2<36 z&8Jo?=8(N!C?ZJa*BOd#p9N9%{kWAPaJUe~@Ely?X#CAxNHiF{>9c8be|{opO3{AP zYWVqkg<1?AXmdL`$nkpUtx4e;&N%d-&0L~(uEDR6QjqIA>zL}D4)ZLJGVmr0oU z)2I}V`s=+HFm{{?sB#adx52%#F&2*JBriI1jnTRpcr1t-fs5*OQjNDstrqi1COhrX3O`x{ zHe?Af~mkr=)`;=Fb5wwL(f_FxB22tFd5ja#F8 zo`TmotJK*(wvt|EIv`E<35$>&D?l~?vGmXmwrDy)zwztv@%{kOnvN*C1wV(ejM96# z33|=C9cdYQ-N;~e;ik1}1uhs3OU$O&yN$+5G54h~QG{VF#%BNmuzC^-WZPN$_C-_7 zWb^pCIMMRZ8o|uN#n&SxKaDpRQh7?H|4{*!tEXz_XWp2IBXxzmV48I4B!JX0?2;~Z z;-QnsCFw?_ANa#kR}J2E5{Ay+I{}H7LGa@IT)TDipsY3Ii!uZAd#>Q0ma)#H3uWg7 z{jhc3#|I#Qtwt>MF!r60WeX*X?gw7n^_T2k^-)czD$#8g9Yr#q zKO{%ZmS}1(ug#1W$f00jc&xvnI=%o_;egg_ za8OXPW!uU!OvfiDf4Bh=NUgg%*Vl$$YV?ACSYY^&X#Oj0JB@Xh2-C3*QMz4DcG?bF zT^y3RmkoAzX#`mX!0IUDj~X-6p<3quwUD;sNkSV|8@y4@n_;1Q(}jeT?W^mi_#~sw(>tP>s3RFKsDE`Ix(Xw8QSqoKF=yt z2uns?G6NBpxh7B)OOJL%*+kGeo!Go5BIl9ckZ~E z;$`WE_O91tce1pnn`<2{xD3MW3e2C0Sigq~Q@N>ytDisxAd4U~3wtRt@gy{hvAn(| ze6%LOK#=iO!m(;oB0N}KGd7rX#0j4A;Og#+WJHozjMV_gFY&v`)`UKnK8{W+CP-TM z)Hbb0{{XOn%np6x>X-}YD=m}*)9Z@GZ~u_OSw?MMNEX3%j_etzO!;zwGYw9bsqe89 zdiDh{$G8Bz-U@ba8HlV->-^D*EH&^m>h_nzsUt$d|phG4C{VEfmJ!zA?7**ea zWunv!xjYHIKH&^UGjPE7K<%D!ePKdS^XOtb`M6sP*m|O(($Ly!0j2bkd;yR=S7#%f zt*UaV#dhkgv@m7i@DZ`|}m`dHk#RT`cHHa{w-_8kN3EK(Oz`^OcO%ibp%jTnpISW}4 z&+F)NNd?il$z8k_UQhL{cE*1w#AMcT8+7s)W5-^YPgy7ZN1VCtTBsJ>Fk?hv0$n|6 zXhs)5Y)sfSX}XPW_s3c)w45TB_KQ(Q$7ea1Y@epGvewk00V*w9=$DY1&PMJW{Pj`V zK^v(qKM#vF@A$o)u&5hkncSBMh+9F&-T5mxl2lQFrSuM8yWF+@QF@W9%XT5@wYlqB z=3xO$-BnjBZf;%KEu^Gb7vu%~mUBOj+K`|If^?Mz0*-6OEU9vAU zw9eVw9MDvydXn;UXs}PA>!mlo9C+3bi#BU@D!3EVwYtJ4Dsso>cdc$;7$tswiH+&g z`w2?P&tIxCT|f+E65+S%6^!q$A_MmVJJG%ou;<1eptq3yrTy~;-U790Ea+e=N5?ro zC}->qyEQ8$zR*6c6Gjj=Tvn&_;d%E$yz^&J*rCJI5E}xLVkggz5?eY+mg7>+tJ2Im zHXNLrE|#-;_ebcLMNxmr0b{-t83TUkNJ|EI6YJw*-tEyo8OMUyR)RCvqkMmNV%<`G zi%7~-+f%vsDKU&4+%EgtUPJPxbwBV98(>q8O}#zX^H%k9PWGo?)&i1CD%ZHg-IpH% zALh0r3bC05bhjT}Sg>-#nx76wSH*=+0O~SAq|hNs?(NJM;0oFr0qr#IA3w6VP%cCT zv(YH2ir_C9WyI1)B%8jfDCcqXJS_rf8_eE{X1 z^n5qn-FB5*hw%`2pLOb>X`k_T65e8p0cZUcwVw~_(6SYBbR1_8eL96f>v_t3X!|2i zmf4;#(AHngy>f_utVL~D=#xhOQnl&?zul0!hP#F;OqLIAK+lcNT0kd4SHBkEJ#O7h1?wXKSClKk} z(Lae5S`=XPT(AHM7+|qj5bE{iRM?(>FgRW_#2Eyy$GnvcS2+>U=6?|)j2yqy$T<NYKyEps1Zz4{RGe zYv46z)H;95%o0mR{Ce};_#rtX)ARE|K{!FkLJ1&fov>3-DcYFJ+*1 zijaaaunC^22?AcezeWOhd$ccp^zwQZ5fh7*I~V?2fBFNH@kyQZ66#(>bItht$J@{O z`>657kM3~C;^LrsCVBy_7I=|kzl5~_J|3dt)+RGW-WeGL?z_waV&5;Wn|-Jjn8d{2 zT9v>h@o&V5!Y#|}4XVtqSg6Lv6YYcQuyWBu^MU1J4pXzk-@{~;$xKwWGp=29WqCky z%y-(jWY|G7fblyal{*=Bi28LZ_dfAJyA)Xu`-Jde#ctHFIBZYy$_4(fnozcTft??3 zvX-|FO3}vCjf&^qf{1jfjPhp40VgO3I!82|n;UYl`J#qv;L5E}j6$Unj_|o60CZk^ z(mMuiN<#HfW~f_tEc!VQj|xS>PqU&-OCip5Sd`+qkQn}7BCMeJF{I*fy1G9tlbFT{UT*;cvRglf%=ol- zMtQ9zY)Or2`#=%qA0()en`bVAgRqff86`^G2*`*V$+L5VC#K522JdlN3lS z-_T0k2SqBC1Q>8}B}{aQw)z!ut6;^!CVl&TqF8LNaV87kdNQ<@A`eEIBW|n~`H?Tt zxWt;_LfX(4iy)DXu><023)L{LVPi&}Z&@Z=&5~GM5x*-P(OpE`8Ajn~(e8)WwTuX< zRah=^SiNT^92}i>BSx_mh5Hu&>Lelg5att7I)j*7vVq=y*4u+i6XiJzFMWH*-#Q0r8}dclA@Sj~9s{m!&0a z5!w5x`}8n9U}{RcjwCzGQl}*e=u|f(*=y`k@oD;2G>v*j-{O^Tp{b2%i8ZFJ!J-?M zX5o3?l=momVR z${g+_(~w)5>=t0z*TXf9BJN{0~AhCv3PR^4X+FdTM#B^L*2h{8GGVL%y%Xd0Z}%DDHEwr%faY0ZyOK@!t}r#8sU|d@vgHli zxBL1QYyjSjuKpCrQ>f(vksgapS8cIv9C+~tFGIroUNqO3g3Ss)Op`fG06hR%k4s3aL>W_P-j@o~?I7B$2X@lYD-LOD`-WO6*Bww%p)plx@!8)48|&^&|)`Lphv_8ScA%t2Qdd$%Ca|pFcNDw2weJNSC{;Z zyx0^$jk7WNTD@;^oev(tZzi~3Ce$^wK_wH-n=wnDie>#{R2D14t|6q!S1o)NNIDsB zxo%RaJNyz5$*94eo%a))?*PasK3?|k&PNUC+>#i{Myg&6ayW18=Lx)1Km;gIrjfi= zCXoEWowqW8gwgmXfzAMtK+8qw>$kl;(gTb-_GWXCkC^&CC+>Ogh{+{4&rU!5xRj6~ z8E9RslIf;ImZbsqb>jAIekb!)4j3ulNH2y8Y*7L7-~_=L zhluJhsuOnSy?L*#Yo^~uqHpT91)?=~jAh^%K5@1LaWx&!_1VCi;n^;CfgG-347i*Y zZ~@H2SGVccdB=SOVC;l)B$W8uiWHyfJmw#RcHn_~?SOLAG1ht#MTSIqG!dH{WQ{J? zsI{q@a)?9QzK|vM0y?rhr=@k=EZaIs_=+oJlj;*~R{3L0efR*9ZAk`xV%*tmI24dj z-c1Ls!uO&K*aH;#Qs)OviD3>jL3=R_+R~~3jqSdEk$Utm!c;W~hH17qm`umr{hxQz zCbi#pPY*i(GM{k#sM-$&dvM$_I(i9ep2R{u!0vQSqI@MGu?)clP8u7Fh&xw0+Fa0(1 z??*=ijvpQ})97s<@+YD2(V~<1J>Dh^Xkmu{v0iuI=SoC!r6nDf@}JSduZ>{kb;`4P z#DpVHzA3#%p=X;OqN-V0&Vs%dWBUSVYY&{+1%7bk7(o7&+>rz*$e(?u;Zv zwRK1NQLd%sgHot%c-vSugC)^M`bI-d=s0RH3S%S(Ywz&5C;6 z^csXhv3vr8nU%@cP!--Dt`1wZIX|Q&J0MHCjOKTR3zA2_L~aM?kkCL~A*2GHhj}u9 z3H%?y9ca@PA{06TI=)F6&x>pV2)f*Fr8&TQu@itm1jI#a6qh_;W8l9o36;X_d{5ee zl=twn-x?PJGQn^6L`d8}!@IkG9JQgn^7_pI5#U%+ND#`MxyMmF?qV4ET0(wTkplmFRSDv#Jz;t8S+R3MaWfj@#dzJJOd-8qF6n+4NI;vM!t-B;^upM6G-R&056I_1!&9%|A`2d8KJT&106 z@D9|7wWX6!NI(dWiAgBsZ6yt$Xy~nHOzObv{vrVV?eNjzM`g5Pa;FFwT{E99?M6mH zN@etvOq1Y>D?DK`+TbmxbtvEiU#&<1AHdhO+z?{PNVe6N0Mf4~3SpR8%GXz>)OQlFkT`xGrO^^=q}P`NammsXX< zy#)r7#TwG{`<$;m)+F`dYcXNb4XijL=4yC2@?`ebhzO-#G9cAa&vj@`Gs-LkzCAbW zr`RX0HS^l7hx;MwPE<6*3FMFVg-Xk-;KlyZqDM1>(Ko*<(-)N))l*61OX{@ZMnXpZ z`a4{UI#D8f4K%%D>ZCG%iXP}2OkfIp_O6 zv#9gE`cZ|V$>sV%`z|f$J&ZFNbaIHWk1dSvc*@0!B_< zVZp{ST&G1#sXXQd)IYO$@H=&&BBq=8$s4fYjurfk{ok)gMYHPi1@xrCzcJMm@4F1w zzJEO4Vy!aXI}M15;qK2_mv8zvBGqPXgJWbbw1;bEZlkC6_QciOHL((Kh9-SP5L#)H zT(BFPbOuS^A8-vWdgN`ARoqdlSxh6HSS80N33s&VtY<}zLzx@er%<=Pwxi~ieP;YO z-Qz<)$6(wCI&?_HjU<#f`cd65pO6%RdzHFZ%`%B4(fJb-G2PN0xy=)av+;D`4~~gH z$x8LJC4M1%UGVTM0ctb{j7p~}e*~9Gz3?ew6Y$avO?&5BsWpV>)hq9m3lyUwfPSHY zxAddJ*_6xe^)b(3XYe&*=%}o^v)H@F@*B)T>sJS!A4$&BzJky8cKyG}r!Vme^&6(@jHIs>2aUs>mt}#ryF*iv|Geno}b=YDDG#sN%cY&%I}{L`&`z1ifq}bxR1La z)i(lfSz?HcjEwQZpsoGr$!)(5i^Is5XSW7xv09vJ;~k~bWJkt)f}%^rBbGQk_w8V= zbXL?#n=l3-L}r_+V8&u$Fo6%=dkvNAQBLb_+;)kww)W58ie@){cCY933+v?_HtD_= zbNDJ8Ld0&%W_75jin#|>5DhI|L1SpeE6{$;E|c7TIpIMjDeEP7FY{OwGuiUU8B*RJ zAxY1D5sdfhlM@?ao8I%$7wzkYLj16K1l|Srq#sDL8EAp3ld0(L32SactNeZ>$)y}L zJkPPS(9Pw-&RQP`9KzPpA0MPkkS!u?ZH?~R^tIbxZzmZ(5J|qZjvdFM>784Ke|$76 zR;^>W4j2dB6;yK?rLX7Fnk;_rw9p%bph19W#<{+Iv}UtF2vMaE8FG4ITl3*7HG&&o z{mH?}muq<^`+b2X<2=47zfahIucS<|Y7T`Npyv3v$lMn}(2}G?F+v)N5g3}|6DV7) z3Lmu4n~Wa2TCQ$B%SsSYrf@vT*>PH*wHe}8%p{Tr=uB2Bf5nb+e1fPbOBC1MTxtF3 zF~N?+m?LZMhD^YPEz#N_#_S~_>5j0c$MDS#_+uwy$!c3Gj>oFaV!P*-GOjfEpUhF2 zVvP-w?oLN{h`nD9NT+rYK_$yrJXa~d1xd}~@I=)MT#>1|rSUm6p}48E^sBx(luDW;7u z=#NRJF-GWnyki7vgeMU8I%1%hq`^J!v0O@EmD75;sBjwS>iP4_+&#V4|O(L4?f?W5^ z32i~ban?4{^fky04h*Bebi8M%u{m&}kyq9YP{$h;U=6 zySodqo!sXKj9m@gG%u0&-S7L}M6apdr{K`g;ld|hH^;|~ZFp4Qh}l`LpwQnlfmzU7 zvj^Mo2p%-=OQ8jtqg)4BVvkU5(+28ZPZ(+=^z|IET4Eu7ESIzzf!3})z^AOoLX83S z>8*pY<3p1S>0NyB`Q-;+0Y}=iXC#Q)1SYH7zMKIN%3j6>IR1sTf6t#zsSK&qQn=@B zT;xY`)ej*+SyJ~1k+~zKI8TaWY?63_9XJAlEIz0XE_kql|Ujylpd|=8hSZf!8SQ@oVuqp+>?e(U+V{pMy zM8#*MgJ>u&a-d^tZgQy~T}dFON29}z#1t88-VIb;a5W{n=dYM$?T$|?XyJ0|kI3$I zaTbW}LDsuW_!TGde18i^@DpQTEAw)$@-jWx&E(rkZyI z_{0;bF5V%k^qGJeaMsBnkiLQ$9k@-$@)(k*`OvsOR}U?Srib&&|GVI8f|t>0yMOWd z0NmcVJDF|~Nh>!;V5u44^gmd&L8>4WfoDkZQi-58SCga^+?RZzNYNAr0lU>^idI*S zkTiSzESe7=fq<#JHtMMDfQ!j-1gJJbG44*jL)SWq3T^7#WbE+oao1=uvx<#k{PoAi z(S*P#C0TZeyTJ9%@4V%9p^bVrN@ZE}Ha994eXP=t_zW|yb8;ZI6C4sDxul(MznxiP z65ve}fU44(G5*M3_+yG{Ycku^IhV430ptPFQtcW?r zyghZ{^C}{P@)D;nqv~oS!be-(=)#zO!$}XCR-QRfi%CduBoSQ6b1na)0Cs!d(Xf^T1L)d8Nhx3jJ)a=qLj^+n|p>ZItTTQsat(?w_jA zGhb0DRkD1DQSybtBqbB#^j8RN&5{DZS8Rgu#1Z_2RZaehR`Ab0$ckQ{J@{7Wf4P^{ z7H|JT-l&VHKC_0V?B}~rq>rZg5+Nbch9A+kpW9rGmU+gQ=PSqE&WA(&wuo`*qgoOd z;+5>=JM#SgtLoCm*xkGhq7Dut8o$cAyWXBex~(J$RU7MSARlQG&&}y?$GB-0ek_g5 zF1qedAo()cP|2?R+`dUUFR_rz$6ZM{`_=-XWk3pSHQ8gW*gSux7#A!FA{YrVN$KEV z(!T2}_dHy5ktSGsoRgvsHk8yjgK9dYnVgvy+YT`e^67i;oTrqc$d9ALn(rsJ0_b|1 z!^^xO0cWo)ts@Ys^~JHjuyq+YUpqF4)l{dSfAaIo((!=NIueD!xFewuE#JDXm4M0& zxxu?E>t+8< zaWt87yYaU6Hg9jb;1SeSpm5;b6Gt+Mx7(G@<4X=Bk5p1kITV z+>1~rz@2#7gO}CjyZbvMe^N>Eeg@{=2(YH zSR^)QTJP2b3L8rm7W*Jc}@(LKJSM%(#Z~FhxgV;&E-8+#4Dmgxf~x|9tmvAc)x$WM!A>Hf2-tY zm`jfpBOWl>8xT@neyXu9c>@^O5c2?#7HqrcXO_~@f{csq;Z{3w(+bfxHYYI?<@3Nk z2ldtGozDPGc-~eJX~Ck6pUhD3*6B?0B|cWJAUr&HssPdak$%17 zOkEymE1_*8jRpb}C~s{=QBG=vavo006SuO!CPbt`cp#odz<~1F&Rz;B@kY?bUYij} zHWwKrylc}EV4(swlXFG>VFOg|l7UNze8P*AE<9U6Nr#+$4IDH7n^)XlQO7)yRuh{+ zEOmc5=KdkiJmsqkoL#`m^0w=gEU!d3ykkHi?ohT^D#VW3%HFOGtxomF9hD=>6Eo*5 zmg*A@g-MBMuCpq-lX>==N8t%Wt~DN3f_#L8X00$G??P}b)1KZq zlvR$8k1dr@)p^ z-3?8-$~2MVA(X;qnZlC-%W_&1o<8F*=eX>6IuOr6FytE1?Fz#C+>-Qk>r00rF~ZIa zn4I@cD_sJ|hI?9__&s=OGkFbHe?YKBb|JkzIkFL*(@Ia2GUyd3QCbMA8`~+*@D{;|V&r9eIy4!9%|xaNSX=ePK()el z#9Q(8JgQbIo>%S73|Yn(>3=Z%E#ax>caR0Sz0rP1#R z2@D{!$^se3e9CK?!0!A4$Rs<|y<7zc3GbC^gQe21VVGRoC8pzn^8fupG-nofhRbrZ)= zat*|gekad&rSsMzA@_B^6dW`AErSlv{0x`+uz&kPe5yMQn?9=QR&KpE?OHHqkVSg) zrH1L3Xqb0jw9!F(Aoa4;(V#TaAjp*){r9hOIykXe-Qhx@h?meZJ*doN*x$P<$S1qZAhg&5r-D&f!Txrir8WX!p*_ zG_uecgq#>B4c2fkgf!znb%zf6E#9pqcq^1~!Htd{hIA*MqdctNd@wP=K1jLxM8_h; zE%P(xg>BM@WcQ|=N>I93jM7=ktOUzMljsQkNhsD@IifjR#f^mQv-ZC!DVlmZDB51W z)#n$AM*E9_BvZ5td{_q?^3??y;huO2@TbN)kXwgrulfPZ`11?jj9WC_2SpAJ_(3y4nMOT5j!!R!n&754X*6OG{aleW|uX!wQj7>{; zMb}z)Po1$BvZDa7z1iWt%k{}^Rciz%+Io(>nsv%AXe-sJ;9p%L^UNKAFV-xZ)p4{P zW*(vOxeU|d;tn<=dPX9=)epS(x;RK#3m3bJr<6s#=(uGJD@AnuZy2xl?=6??5J#O2 z&~DfIgf5)-!r01R=CCw!VI+L0+gtDOX$Gn1j_Lj(c9j9P}R~)v{F*GbNOo*;Fg@1%_6ft(X?SG|F0=4ulFDT9LoSnFeP6kM$A$G%wEM4bFi7A* zp*>)4dEVB@ny7odZA8J<*CCAwHe8l3^5`vo*oA0-V3F4PZu;!&O{G^V1B0;C$}jBJ z*V>zh+BQyS(Hm*E10j}y)yl=m#;6TSFxEA8W6XUB8ZO;w86#820*sQT33(K*NDC#V zgSn}PY|slbYJ-?y{Gthd{{_Ov>Qg3DA4F5G+={HQA|2ALRSHr7i3c3qf?%?bp*jC7 z^e#O{^XfR%U{HJJw#0dv~^h zcD5}2k4!hm6)Hz+B&n1u~M(Zj?O2S7Ujt59C73JP59Y8zk#GW)Vdn4@0F zoDaEl7|?+a-pcjXeI<#OV1ZXbX1fMys`bs%ot`jHyzt@+RtIXX)<*C?yE_BVx<*jL z7rVr`72l7)+=PUnNp%80n!I(RfqY-lZ?7zg`zO0d5&bAk9Iwvk_b=1&x$&sChg&}v zue%|JoW}i_4kqrws8U^2t7JtxhS>;zQ-xHx?P=To z5H$QV*xH1aWVQ+)JN(epgd>y(^R>v4T2!^SQBJY znBHmfuoP9CJ6d0~jYk!XL{);27gM5PYCTDZmqK^GR(e5PVi~KFBszMt$d#l^iN$V0 zP@{xH*8)?!I23-fTB1Ger#5~({V}~wAzvH^9~{U5V2Hud`1#v|*Zs>jO8+G=xa^rO z0QUH2L!rDNOGSFN(~c4^DU%gWB^*s&0+1DK;3O6tLsxW%dFQP$Qj0``kJqHyH*wUq zH3%hxQDFrqu$1i|ZlTeFoTYafHg(kBWpo+qAH^!FB!;2WWDn~5eOmi_jz& z)OUhINePJA+pOl(sQb3fW3BZpu{oU?jp+dXGaJ8S0p#C0M23A4v z4bxtsjg#5r6!vTF=Mim8Xc=-?S;gTKl>$f(CpxIW{7-^-XVx1!(hB8HZoOMGuZlHx z-`7vy1vf|9$YrVPTr_^lb=;XTUq6xhQ;H1QMDhG|Gv1EKo|@@Lm}dZ=Umy+_C>gfu z-V$AWyu13Rf^m&gOJ9O&YSC@!Zt`5Om_nn|D~>Zc`J+iHrgJ~iIyS*j?JJ5HZHEK( zh?~rXyQ6xV6q&x{hr|A0uNSN3Nyelw#jd6a`33P{ug5Jb&{fK&Iv)u&woHfR7@LQ$ zkN3hSwB>Mw?}4xpcvx9Er5ZnzO^x(s>oDyOxz)%UQ+a3M^aXv>99jJ)&eSUJ_VnHK z$!Zd~rOPcME;ut4SEO-%i!WUXt^02tw1j$vvNemxHpG=G^SSp<)fW zM6|9rdRR1OqWdRZ@#|3P-5hSuHHJu#PQz{6u?w;^bg36fA|wc``7A|&DsdxKT}J|N z393FZIdTWAMA_i5rgE$jZ#mx=iagydyn$WdWA0tUhw^Kr-T>bn2x_p0((u@vz|M!S z4={*roPo16;^%~p8UatMJ;&4%xI~ct4(N z#Vb`IWXz&qX*w3&_(SRsDso_PWN(=4YiW#5h^lq5I>3SQS@eXW_16`LJkQU&`!Pp&+bR?P9GiYQtGb zW`++73MakH^iLIaeD3V{AESMP?g~(vpLFnCs?~!Rzf+%G9_DyA&}ceo@{J?ufY-(# z6;(ki6E;85f38#eYTml3rp8i3(tGF^w;UI>z?7@zfq|4AkZP^#gubd;Qg>I6D zr=Jb_5`f)zsG_mzsB}0^aDFG=2J7aySmC-d&U~E!CA90@H47?34uI!4=uifC=uK#Z zkrfN-9VH^|zBT7a579*lMo=83nu#2xb=!bd=h={=xXz_`?x@gN21HbcfCn5@Z_o>S zu}sgHBMF93z1CB@CLz3j%f+D;;>rfX@_7={~ij?v&|z%#Fc$Mc6j6 zlC9?pr@{Mi>6XpOgb!iyy^3wS_L1>)RMpR_w#S<(jT6FxNcn!2!qu4CjqAnjg!m(S z4lb!IU}zOGq_y#g!gRnjdr%!26q~cIiOG{ZXt`$u+6U1e0xe^Yt5)aqyna<$atX42 zdoF?gtL(Xo;Mp{fCg)@Ou;k2*<`k?5;Ar};MZBK z_}YX{)L2%_3slM}O_rd7k9n8$Ev_=B;NQdEFMA1h8;&?YG?AZ&ajZ>iAaR+!@r2Sr zR*Q`#pC%pIZ3Cn{V`9kS`W7>F@ldNZ=7Fe9b5>Fktf0IoAVN$?1&!%r1fuvZ(Suyg zAX<$jh`n6%Pw)({Nsdw_)5mK@B=&C&mX*{n(TaEHbI>6CV==GmBxatqWyTnX!Qu2{0U}U;i}(p=}(|U zo{*zm*LgF5JOg^ncxc}jsdVy(6oyEwz}~MoO=&#THM#CZGKh&7-+i{t7Jj6rn3v5( zYZl+fClX@-q2X_2UM?xBU)$e{_IQjY6E^{f z=kV!vg8oT)oYFuy(cnL!d@VG4T}X}N0F50$1=Q5e?BP%YC=u9^H zkexaUxo6!NlPeTNeFf+4?R`k#i9pMPCJi+-=aRN=R@%b)RL?K20- z=@}>5S$APURrjL5TL|PIxxPye10|Ui>|YWz)^)0Svyc`dz7~om@nZ*dWv%C%J|by; zd9uAz_`0l!{<`Z)`P_hkcZ2w;Io#o{)14~4b1<-H0}L+pD@d%H&b)(@ZK{)e4vBZ4 z>_ydB*ob#pPpoqCVKGMo+u88*%>w)hO`|X#9f+p4N3$h|RaB3iAo?l)RHK%{y-Ps5u3V`;qH4vFAL zj$|ZfXZOh|ex52@X3RTv(JjpBz;d{o77h!&el>}a68`~<%rv@lLzR_%%e_Gq$LBHy z6`p#>2v}JxED(9Yw@{73x(5wwcn>k z%ol5J5%kkEbEF>m@Ho<{ZSBa9NY|?MwH66GdagvlG=d!XVm*j-YIPKVJ|cS)r26vm z=!C%ua^Df1&R8UxS7m}E)<8!O^A99JMPf=)1RvvB(E*jv+fJ~byl_#w%q^?!z~6Vd zf#}iiJy_&|v+}qJ!(UvF2=acON5x%@Kv33aFGGu z-r7#UGw~W~qLSRpNd_T%xC~m_K+YD3r<=0iTAo8!=K@Mipe)pEjw&aNkXOl^c~1Iz zVkE!CpWODsoP}%%<;=Q`Oji1+s2(=}z8sky2EV;>f<3E4dslba*n!eBg*aD$5k)-} z;s|#CX1{a4a}T3Xl7=11kHdoQG5Fwcg|TznNvgndK)>OPDN1R0_FeKxtbWA^<Ot$qJ-)Ec_}hXgs58wAzd+AMm z9<-)vCF)gClf$(*-DuZQAoYfT*s-SfHjbZUn%Y20&sOp-tOb{ypdczsk5dg?W+(={ z1U*-Vs?>ek2x2dx=4Y|iX9QeII>I!qR;#v~1sq*gvv5*fIq=-g$i15E1gH_~mh=g$ z$g5=Q`gAR&@eV>?6lNK;!S9jS)ZEIDu$8q93XkM_nFd^ynq7m{`9Lh2ml9xIF4CxM zZB^;3m_V>PbJ2yku(Bu@MeyU~v>y?hN0-U{(KOQHtc`z!r-FmGjAydyul7sf=)PhL zQ8_f2lITT|TQcba$f&ernZunoQ_F{+8v3pIFUjadxlILidxTQ1Ws2rCu^9SS+6jD78|d1Cn-z=36TzHAG)e#|De=%4U^plqr37jle z-A_6QYb+QwI&FsEk@FVi`*?^=BBT+Ts3(yROB#=P75X0jbgw+cFey&ud66z*6A=Y& zZkod*ASC^xn{xNqA<2C57Oc6tG)YM#+&sM*HDSoV>SK?M6TGa8=;FZR^c4xzNYXo> z85ZJewuJIMR7btQ!!sGpx2;XyC!nYTCyBE%E&C$EHC0KQ*L^tFs^v2A4$kQ^Guh#$ z=E`C?Hs7E>))oZpnB1B?C~LKaWDsiy6T3xEnq7!3@d)^qL^gMq8*m?QcmdeQPZt~P z-|el~!`_~#yS9F?We{b-Twu5P7_ovy2~9x-L_uuDrAEdY3x99IjUv=*lC!?i+`Jmf z4&dO^u>1e`O&=UdSGh38*=aBKLIS4|ADrJpSQ%p0s8< z_D+p?Qy2vKI1%W$4QaU4L!vhJbF*aw&L8b;>wL}~e~vX2w-&WnstO~+INAv0O4&*v zegKvLER)|_V@FG@kWwg);p>?-b&p!^DDm9ze|@98^+CPYM-~f{MX1NQQlAs$4qRvk z>H@sB`EOrd&?l~$CUr*B^-$)JO~61g?+>55mtN4o$@zhvl!V5+tT;J$$EGZ68$sat z3X5V@hXmpoc{il}5W$`YKdei^^^9TLL_mylDAYGEADOHt$kX)*(RzRW$0{c=q8-}v z&UEBnSnePb-1!r`uy1FB&Cj1j@Lt$>o8AHk55G*EEz8-sd!kpG-8tCJ5o#^S7x||7 zM`EB_wCN1B-HLEwU*WQJuK_M~nV%iZ=Hk<6Pce!Hay!q>OPAEabm1 z#YeYLE7kerx{R77zFI0_Y+)$E{! zPPu#DY2?6#)9$kLvg&#>%$OG+c%9&O>KPtma~po9Mdn@Ro&YOLQ1+5aoR3$lGjk!a zCrl^==eL!UlW$>OUT%i3DCB3GLt|2! zY3o50#|F<{3RneWzZ@^Kuak?H?q4F;Gz@wh(=`i;n+28-5b#iq3hvXWVlQ9q_h44( z)G;E_?4`fWsRj~_ACPXMhTX+`lt36tTgeH8DW`PS#%d7?Xe2noB~T}svj z%bcKvuIN6Knu(^mz|FT6VDYsu)k@=~fkZB0GcmX&${MT2QovX>?bqm%<}6q;JD`wgQ{erp6&8?{_K}jl#PExes%k{f^faQF!h6e> zeL2oYU+#Gxgq~mPobgkM*22ZfOpHei3_~Kvncqc$cf={X?nEMY*+{I8LWz6LZ(JP< zvo^EQhHA2CpN;O~Rv4Ck`|A8vik}fJkaH5Jtfaxeh3&q%2@gDt(6PqKs**i(qFw8e zZ3)Yg9sHK~(;j&TxPqJQh_Vq-lf*85{l{Aok#v^MoV@Fl2aENzMTd(Mlk@E2wVumk z#skZO(iX&s8#4LXGk)7OWS%}PZJbp(_z=HnG zcgn~QO%cpxbaA-xx=$<&7XX!(>2O#pJIBf0iy&q`T7B}pR~Ak(HIrVhrYj3tz{?YU zvOfEPWu0R^f~|Yxf~8THOqt$~5m?YtPT^uI!Le6aFO)_^-E&m>)@D$$muUVCMuP}P zu)~4%?zBTB-iVRcFslHrwMqXqizP~4sjQNGi`0GVR$!00>5{O!C4``_Y3j^I1z%P} zOztI}j|t^@%4%NLri|n}`4_z509k(aFi*Dx^eL~2o1#B#=nFh^GP9(4lU&KCozpw& z>$Y^OcdY|{LNbyzH7dY~g6ciJ{`v=%Te@mO}x z{p(ud_MrRYdfhXHX(TKAfG7SkT7I-{{K<@6t>#BV9GNQVAcU~?SfdhYzK+Ar`fJ}{ zk|FfAuN;${LylxW+r$1ddFQZx8iaIJpPRJpV@ufpMEf&}tW~SLdjk%b+5QR~-wEzN z?%+5O=~T!llh0xfC~;iL^7iRMZ=b&A*tR4$dmW=^mCXe?o5D4D3&jn>;GI1L<49)J(t07`h ztW{CxaBlNK!qxCgK{!Vudgu}ffHy++nhUxhBkTX3Iz)!N`O^LqxnG{_8;V;^lb%Gm z77*rllA2-R6ZV4dX@r)62l{rpnlMgytbVWGPuAOA%CL(uhFe0T*i)nJU;Xa_@cj2iCky*CjMupD*7<)fgEED6ia_DEH@nCv`-P?@ioDIv-?#+t6_lw4 zRS4|F%7WLU|Jz8hFTy|`E(GKK%~l{0!%f zA&}r$JL2CF{^#?(J%Hzb?t*`w@Bc^b0qF75wL0T>{~Ja+H2O#Gc$;Yw`-Fyk?8gjj zWn)FAZ>$Lh`ti!|BeCCA{EkgXOVehX4ackKq<%^e>&ohI9aFUD>Cw95Eh|EGz>b?#sLcHf0qKmf@IB+eF9%u{Z0 zG1R-E$l(s7QNnVbWG0@s7&-$^$nGHMOie{dajvt~pXd zGOkF5P+HRi>XO6}=@cPqoW~zjC(poPHV|mfL)|+;bIpzGv+x-*$Lwr&p%;0k6v@%UaT5hQ} z#gF{{=hDf1yyZC-O6Hy2-eK8)*2#5?{CxrWvu{mOQmu+aV9YpQo0z7#vxGa7OTfyY zUvv`Gm)T-vNbb@6{@A#?i@$CP(}H|8UAGV}13H(;BZ@84pn6p{SlEy-UmRv;pN=$M z`@jgC45cPJC@#BMn@HT~3qbRCgK%pClrtli(r91;Tv>Vnfrt$>{10+6j$-oeyw6~uGR$r6i z_?m1j#;_?&i}iwMHrMANV`Fsvecn9wHQ0Sfx6XK^yLwF6EV@PO?G+J{5dF_R@0H)1 z9;dlh1<_Rru({NVfqJ&lBUy`LTsLCBJ2&Hz5Trxur#paTh6DbB55j5!LvuCCVCjn9 z09jc*pMr!wDx@H5SX1sFrROS-l}=(Eb(8s-zUQV39pT$=@Ch{XzH++&iT>IR{x~p^ zj@Nu9RSm+c#I+8($dk!aDAQ*1+s?M#5MTP(W-^qMi$7g~Vzop>0UCiK4_9s^TX1HI zdmFH|!KoyQ_Y4-se=|W-Rr85rMAQG(lS7TKOzo^Enl#_xLdLS{1F;e_!(LfIuiv*I z`i5WvrqRV}{FtlU(WU4235RUe^@CXqam?+z#us?Esw>ZdxCCyi)XieR zamT~w(?ZJcNIumAUZ}hf#6i=tXmj4P_72o5CDy-$2mHHu{KYE)RbIIssGHrC#W6xL zybkg=9fp+#yWH=z>vtIRFCov(5#+VHBJyseF;M@+k0cKn9 zuV+Lgh4v>w+vOI_+q+4u)0!9dCsig{zO*f`4D`@qaO zX2)VJU>MDl%Nyp*EP-l96QoZ3eB5w z!{`4+vq_x*{t8{LGtryP+3%VB^Q0FDAHpv@*pEefE?-3~J*pjPxh6+`e(amkdI!7H zHU?5SSPSYnd;BC~zdexid^E!6yo@$HzF~4Wdm3l(dRB#ZlZI9E%?fXk+5_Ad?hMa! z6lmFT1e&VkntpRv{g03l;ZjkiM*2?uYBfEUaMk@1V)#uD?1>$7G|x%@k1_Psxsy~K zC3H}`M@t)4*7$Lj@P6aNy8^!!vQL({Qa1Y1Y+QputJCO(%3syBVng5Gz;pudIxq5zr`T=v3>*etIllw@sNHe(PZu3w zKFR<}Mxe{dEb=3S4x8ole-hlgp4PhDPjh&7vOckfS93+5B&kl3Jkk|B5z?>4_oN@s zHx6PD7=!EIVHb{zgzg7Cl1-yMusv%hK5VWR3^wb&0AFS8kbURHyE}1tQg$rsexIt0 zAj;TTuwq9`eE=1ZxAML)C(7CS0EXLe_SeU9lgh0>j#lfqDi=wc6dU}^MKHd1*csjXK1L+lt?JUgcr027sj{CM0# z{7Pq%27d;1FvvmZjQbXnxnQc}CwM~3$2LmL801r>Cy4y>Rw%?VFY6QO+}6~^mwTVi zbQfWDqwyrhFrJF2M;_x-uW?7S+D$P9eBCD)$|OC}m}Ggo`X8G$iluk|qhF4^VcCfk zk2QY$R)bu|X1m5urMV9}i=DdMPNU6u`v6REjUy?!^zgYqISviqa*W*bj73u&Q45Vs zNOtSM&y!0InY>wvx~SzqxZ$t_u=EcHa&l}ntc&956Fm+2Ni@&X%CAL}U8(OUJy5nM z7hN31g@YW+L7fV~@xO<<{W50`b%b&5=qc_OlI9ThW%X&%tvbb=W*UZN!W?^AlVT|< z@v#9&q&?L^`!Q8?oRSae4C;cnV9!3aEnN_0#}zAf6pwep-Cx6{n`MC`OR8 zw{1}3eGg9{h9WQ!-4KRSZ2Ib>TD-}WzT9vUrp>LVnCD5n^q21W_5Ef+#pO2NxL1F7 ztCPTkoL}C2u`Ug2)A(uPPUi>=&#tVyw=-=(K6Z`ipnt)srqg|Aea07Nfdpmb?lC{e z0%);kJ9ohk!;8ELn37c(1V0AL&iBc5`G80Wz>hg@3U2agb?BA5-`|O*+nHnjDjFCj zdZc>avUmA%<(RF5bl*L@wX044AW3#{urrmvP!;b z?>%Ox2%jme#sMdG!oM4;sUEZ;IIo4~+7crP3ix5`gZaM(!GelCo-Ng238>r#$C6r1 zm5;RX?>Qd6Cp2r@EP}?0JFctPUP%sbw<^!!Fzj818IlfHm9sIuvJd2eZ4LRoC~yG# zIMx;5LGpQ$Z6RI+FXbTjb0Q{ziqFv~GXQ(a?H3koazyX)!$M8BMiycFkua{u2NbwD zvBk9E6kQgSCpV#>+h%il=Lc_UO8pFJTNM2DSR{6U|VjJh$^*H7^Yg<`; z5*aNp&BvsEY+jMlV7(+;lM2^`>UI>-$>-00@8OP`aV-~ZoZe9y+nAG3Dmnio7Ft#W zaoj&R2Gh$e4AlF=Um1A>8AcH-U#;8^FOZK4Y`~{jj_j8$o3p&2w=S^=m)P_S8WuU- z@|sJT!6?hGN7pe5Fs8CbU%AyJJ%xHkh;X7L|6!vBjScZ z`DP;w{x%=B*f|a8?m9B^ax+;hqao8=WlP>zc4LOD8qoxU#--1-cD|FNGK7uo_^wWZ zK5U>>!gY;BpSv``9Ose=t{@VyEYnr|fVQ{y!0Z1-OeDl^w&85~Id0_NkYw({nbDv_AgRadZsV+s3~+Xrbe;;YJfjrxa}&zBML&8iCQc8O zeOjt;=u~wp37uwr>lxC2VKbXn&}=>>h3@bX$d0CU)%X6uyh6BtxP{yyvsd%vpO6?n z_>(OkOfde;K`8R&N1*|YQQ`T<++Kd7@b|%9+E3GeN!*SIKq6HKu3>yA$aksRy)*1U zGf-?#U&4WG6?1IGm)6t_hx8Tw?&Z`pjibwOLM&W4&Sx^A^1T8V%&b40rpYDUama9f z-$D8KN(VS=?_WGl^{8(5&f4}`VYm4sX@gKNK2ef7Ab`;x=8Hl{-yx(9_9ntkHk&c6 zB29Oyp7e~~M?)sVIer}a{Ce15ZZji4SP)aV!^ype2H%g=2Qrr{JhJ@ZAcU~6u(}4A zO8>iP)*E&`seZ{G+|X%TKkp3*xgqc$Pary&+ofhIGp)VU5@BH5x{dI1;K2u7PG>l)@U=`>QAcQ=dkM zcbe?ZS`h|W@TP8?WbXG;5eZ#NzpG`MYH6vtc5nI9u%RJ?6p*U&Jd3)UDiY8B9wKvp zmfWeU^o~}@LGzQKz0caIwtwPwds`+Z*}MP~sipjqlHmG!-rCO@f0G5jul2qPdu-L4 zvz3>|e6KTQvjem-73}>XLDlzx{*TR5(HQfBhR<$-S_o7imDkP>-#Rcj5V?obfV@_0 z+xw&%Z~H6IsUsve_d-RNFV1=<)=jdX8a_QOH{+T^Z_pH(P-|q*8PoL`7V`QqM+Io> zp1Jg+L?A~#2GG+0OSGuc?m~kTeigp z@97V0%D+~irobI}YY)AF7`9m2AeiaL#RGNN@0ani)zgQI)mG-tPUif@Cli3d-zAb6 z&R12TB-ALYEsIDSSLHBCA`;@C7PtN%SbGq_@N%08^S>XWWd4ClO-}>`7#xAY*YarQ|9jrFcbpAD;s~|g#eaEcR=yjN zs1CSgmrTcbhZq@=7E_`h;j#8o_e-aAeg!>)kuH82Y?!g^`1$URA!QI{6-7UCVaCdiiCo~q^-QC?eP4<5Gd%y1< zx!<_wpL1#qdW?qdqN=)jtu^N}=kI|VV}NVDh^(S!J1K{BB%#$<$P{N4{li6~hOD&( za*-};ep`HnpXI{F&dWylo1}ca*a)*_J~Xu|-mnJ5C;hx_^`sQy0Ics%VzPZf+qvW~ z~5B0;M^!R<}1Ox!tJ zNx>RhapR}LGJseaMb)#poXY+_6HR!lvE8mo`sc?`JbU=ss*AnU5z^bge#42J5?b?e zGSR_^2rUN{XKJW-bCAvio`m?ItA{Vgo>{?xej4Wv zg)pymApF~$h`~FT08~e!=Vqb#F=+Q`Nw-LnR)z?1(%2W5JcIWPoy0pO80K~2P57U@ zDZ`CmCISV;FCA0UfUH6=w^Y#wl4T9G_(`FW*q{N!@I&W6!W=i*08iPvpMdy#IQ`fJDTM6$2~Tl zzV6{d_SOEem%SeGwyz2qdvZKrcN2T`V{WoRk&)*vs4q@qLY{Lvn(ZGJstw?K1}Yp^ zi2XY%vFYAZjE}p&6g9|yqY9=J$-+0eu?Eqv^!c>I$#2;2#d~;!-^uyO3tAR+xhH4sbP14SF=5l?Y-()4#od4ojlUGx)RumOl5lKfBi`v|D^~0JKt%^$#reI8~`2v40H*;(1)>lA^9!P*8f;$f5vXhS$g4tpO(I$Q-gqc2YMz5rwN z{m$}t_V2Z2G1IlQ1ld`{15rYcfY=j7(Nfk{k?6j{?@xOWD~zX4MeXf=tn zvoJ9#b9z8zF!092ZcTW{#PX&=d!bLay4cJ(69>1KSsT`8Atb-bS$5-am3@0 zYD6b0LkwbXU2@AvfRL!XXe2*90{86a%g{J}AjPZXe<@7}==lMq3B5j@eltmVQ}WWc zgI8x?jDtQMp~9jx?VCQ%5n~|lDWn_LF%xPMSmfea#E)R0@-I5tpq$uiQ4xw?em<&i z2DljcU!U{$0CR^CWYfsdpCoGeKzxeSKKeD|khMT;B75gy$U6=@w?Bf-h0RAY!8lX_WgP=XR;BQ~Rrb~7{(VlV6w^-&{Ahj;lG*Tj{W4r$q5uYsH z1 z8lwh)G%t-zmF~aO_d@d(9gKCAZSk|&t!;E?~yz07(z<@9FP@fAD3+!`xEh)iSt`9AF1zq5%E-`7fU!?|v; z$1$*ub>&;2J3p}5u)b2^r3QaobME*5cDa04QxxQ+sg~ticfWC}`}=-$pWTj|D=+R@ zM10Cu-%{C>JXYzqj3PCn=%k+4KiDU`D_z5vFtcCye6thBsmEsgXub3{QfxH%F8xZp3xOvRTWWj_#PbB|I?!iq6hoXoW-O zrN8rY>bbbU{fizowP9f(IBvSFlV8>7Zs57fK4@dqTM7dNaJbC}HA@l=!zVb~A|TB9 zuRxtJ%gTl}XUnlg#N9#W0wrbg?U+^F>M59`QxXD+gb_s4cL{E36mVN}T$2@^?I)4R zK_=COI;z9svV;3UI0|e*JB_=zB0Kj6I37iG zwMi-JmH_>Bq?l#rIKW7)!GqPiT7HQ(tTLl!h5aD>4P6>h1DJz?UR z`hUw6NArgS%kQ$urJ{lV0herKr15m&eprn>f0XQz095 zKb6HPd>M-=$n!@p^b$UQNgGbBFxZ2ts-N)vnT+*Q*#b2Kgt$On###w`->i5;a-Cp# zagW?^JLeaJ!>c`pg9ih?Hw*30?4s>}AC8IV3}?_}Rg@I$ckIvYZix6qx!n#)V@DBs zUPp*mykbwFEC6xF1!C;RpS#e?TL}#|vR(lJq^q9z27f6p0@KXiBiyKANRb8itNCmh zrw9U8iIYL(ew|7Qe&&}%79B(+o>^^?q@=%k;Kl8MGEVk9;TFt%(}A=`lM9-bR-@rm z$4jg2!;q^+yOS)-J23oeuD^a#=?pn)YtA!9PaR#8!E;deU%HFG1A6W|wR%Ulm{R+D zJ-y1skbvb23)~q=RMT zMQIVgXkg!E3JyBmbeIdw)o|gIIt8htQ~GPIM1|e`TKxLHl6eHDT8&y)?x!QSfNo@&gGYMttr~Hvu&rZN~PX@dw~&yaXuj_RSpmZyExS}fM_k| zoZwq_I+L0{Fd)qr$9vq&H`1IBXHG==P>xqY=JVnEFg^(5zB5t=^)2)hdmBOoI8$H( zl_OaSY&kUQeviq%YF+X&tjRUZBF<`9izgsAxymaR-+yLE(N}b5kxW&pA*Krl4MZuo zT&05Q33=PLEmPv4f$rInafJ2Qf1#3xpK?pJg&Q{E*gr(wcwa)5a+o!FQqx6jh}E)zD~^s0)`XLr`#D%Svj+joJl<#34g;YxKv$+oN^iE94)eiDX35~_?e8& zvzf&Fjz$e4ciuB}0&h23@|P`7o-!=>sCwVpI@q|r>tg2f&W}B{E{538-zt#`m}nx_ zyo-H$<&VevWh?|Y{M)b0bk6*1dTQ!aJN9*#{juiXa$WL2(I{b!2Zwf@iR0^!T|n%+ z5<){g9$L4$vHX#W*r=XoH^|}luU2QVQugPURFxWfJK6O0EUPmu1tgL+_c z3E*&2EZ0ENemPD-0p=$^s{d+pjjwLXC$O`!iMs(NO82kc=VqkNH#VzZs@Zn6*NLzF zCZ`qwC~IN!iCc3Rhx?1gnAac;I+J<7=GzQGlq6359E}BHN@$;RPu)RNE4hJuM_cWI zC67t*`8;$E*2$nZDQ5{4@;pn`@Q~iwF7ZZ!7DIRz$WyB`zv?h$-K*QJ^Vms-@0qoosm#YRnye^ zoxK66!fPVTannFr9zW*PcNcsSo`i{{+I!aHHkzeJqHPZ^7MG(Ot;CGv{(^C#$rDu! zZfUYk8}5QAwMfcA#fgHb=Y~okl4kw0CkjtgT%z>}7i(EZMkqx&M7L5ypvEnSi-QNU zSLWH*^gYF-+8yW|Ny^-ga~o7ALsFI}LFo7g6lH(U(`F>KALhO2>OpV-{%o4Yj1JPj zkhq>FN?+C&#fy}HYgD<=*{(;jkN8{*ZUPxPrysT`;Cpb}x*P~Oa8w}*L#;o1(!!R^ z2<05SH4tv$dZSs6yWD9_n_Kxdxktt5Eq#P*(B#)V*y(8Sgu`e|1x++MkcJ}3(yj&% zA4>SV`+K8p2k7Bi3Ch*s6WnxZqvi@*&UlBWcuBH}hvH`|&q^LGgQ~bV{lQ9`fA{Qn z{c=?H@T3o&#}!6))Q!%|m6n6bqR`Oq{w{bSMXVmvP;9XxBdJnQPmqV4naNy}Cwp^~ zzz0H(ZafyAGu~3s%^#79vhFMJ8!k7WJ&(Y1Zq#zSwciY;k4SZyV2!YMb6uKQMZB(o zP-uv5lU^~DM8#}wg&}r<+#?rYQv$(*D}7OY3REm}Z&q6M2^UHudc%#^rycNEoy#X2 zlTcSTB^moNxb%%R0Ywh0ol|oimRwSWH7>rMT$dsTEy!B!rD4X}Vd>_U@PG2jj;jTAlp zj=wzLo?{sc#E%+mN<%xJ5`WklzQOvt>g3*Ht#F|Gz4mxVn<8 z!)KbbmH>Ya-0{{z&ab~!A(icU1tp!15`X<$W@GtBW;>=Xi+BhB|L<1W%Ivs#p1Az& z<@@;tB=3+Atc=WdalLVzpOJOdggidb1?C12=xLGX)F_a)yF2+6>yrWh|UCQ}H^F^wXgUZla z_4kHGA>sKt*Xa)3z1D%~T5sFD;R+CMx{;Sh%3WfDc%mz8$E61mxC+5Bk zU45I9Jwh&5UD({O$wZj8E)I|I>+>jz6i{LDk2!Ik3_YW-lw%2|fr~4LTfY}f?@I;n z)3B8gf}FSltxCIX`p?)dp5TZHpmjUv06q(VJWC|RnmqVdD^+~bSy55UuQ_s0HNh{& zWDPgiq58PTHn&lJE{Nn_poR#Z_L6;R+L2-M{p<4xmeprZnHOZ07p%}C_A0_f=&cb& zAJ>R160kFxtc8F2P&%|2Jwj66fADp0C9v>t2R-xr5D;3PMaq>p)F9dZBe9 zz?mKGj0EeroL<+ws}{LuoV1a_^)D|DAKaO&@}3hI@K!@M6elC-WBlA%)*6%zW0n2X zCd@|B@L_PL@i;;u=9w6UQE8<&X#sElc3874%EL#sw%2fMmT#^iX9wDr2I=VSod4}1 zaY94GP-#|5M6YS4URPkfx`6OZIH1IY$9uMqQonphBdMGj?vF5 z$_g%DV%6O=a9-Fxd;2^zB=)zcAuC5UPtM_f0IwBa91+P9tw!Ur{%lHqg$q7D`$0|~ z=3Gft83s#4P^>|cP=7P4D36$WM}V32xxtDN4Z#w`IOwN{o5M$hUj%4&c2=}BK`A*( z*vh)CN=0VRD0qOilgt?fVHlYSVN3{8HUo*2;PVSUUaO~3hy^cs`GDNf2vViyR^1Cz z?;;geUh6x!`8G%DzOs)i-Vx|1#+&stvx+SS4*j4q`tG%gt3TG+bPNN~8d_^bh-gM)=FEPql5 z9ZH<6TZ8hRNle%TTq40MVjst(X}=fruVYG-Q~wBJ-9V-yaT)p5*=y9p8k7a(SecV` zp7%_JCk~ZfFhGve4Nu2NN)Ts=)}B>42sPUR=*MYsdVReGFu(Egv0uTcZWQaC==y)< z%uP?HQMs7y}|X}k>nWr|fsC=IQipWZ}3)ZznC z>p(B!Th=$Rym(kEJlqvN;tr{z1gsOm4znLjg&_(hPX|Xta16KddQ+*i*VO z3-&kj0t@lRsi!fUWEpFR%;i(2yJ;X?gfI04tD(vBwY@f?axi1x=yy_fk)RH9 zLKA~T^XB{?D7Zk&*Z-*C2Gr(Iv9#Jw2${wcySR6rs9OSrq{A2PG}Mr`?YMw}qbptX zMR`p7HEWP(I<(1-MFeEj)>)l~%P@#fPrKsa2B>C*TZ!`=c%TOIeQ!_35ZlB9(j}9{BUA~2CJT>;hjL7^dIz<~x zCx3r-Xg?{2-?g=YOni`>C9&J&-vUR$hSh#Tq)38;=RMkm(MYquYz_(Uub$(&be1<# zw%Lon*|F9xA#e53H*GAcyd11fORx>sAHj`oNRI8{Avng-$Q|gmT=sIxWUJ+ONMzSrZJe)A{=vet_jJb-&Tr9jxAMNX4HL;GD|2k6cYypff|iWtxTI z_DQt`yB5>5w}pAoPb=$h)*=%>+MDc5Zhm3AX3tW@!J4dTs>ne)|H`bYHae`rqyq8xwx z>0e9mDRG9@A~n;+ZUqoqo12WvSgUy-iYo&`Az#oDr}_yrSR#b>_q$y>v^&h4+!%NH z#>nBSO92E;%IyA`@ysV3dlEeP3$z}_XylucOcGby?b-#kK zYQc}u|B>)ab-sx@I|AnumGd<%-*_08k~Zf!nsUE``?E4qXzr4Za9I(R!S`_ZhhkUBXiZre1*gshFLDwD_(oyCoNT-N`cg&q>DTpqnL7@*$(pWd zI{PCezR33yr@!;7<-P%erV2J?WT`-pgXn}?A(oIo{zu6j<^!bCX}7R}iZh5d4Y2(Y z`ic41Y0JIcrBPYRrTBpg32Rvg^KU;88FzKm?i$nKLnPV5#J6-dx_O$AvVs=B3Fm}b zAmhdzF~h<|WN!BOXry|z5mC_a%}>Mbxwfz= zx4KE=U%mH}-9<^gRZU1p$lAk+JSwAm#yTL#pxPsg^$C(&q9)|DIAyIcd%geio^iOO zK*HhFlYqf~usu=`$ZT%C7@PDNXh)w?AtpBM>gv(xh-iUxYp4v7xU;b(abj-7`_A<{y7Tt{n)m=f?Uc2;hQXHoE*cWGde$LZ^^}Ue%E)TOnf0=dIW9db z22|w_y_QROL;YI~q3_j;WSu2`WjB6aYlcX2x}-NjURxp% znTCfR8))jspL|HI;d7~BbZ->I{%psC_RHK8;shZ4*`^17@f%vsMpggihhaY(Vn}I( zUt(==Lfhmn5E&~#kYxq7tP?0XTP|Fm*FmG+awkqp* zjiDC;EzJx56jhLYIHa`%Y=Pc(&gmOpL~jWTM8ZOaYHG1*Ch+jXobO>nGNB!m+b~OR z+`K8KiY8cKgttANA}oiXy_t^!jENsBQD*{>&nM9yFRD4{FfR|K(ClFEYy< zhlO=LC#*_Lq!FGQ*U|(w2nJS4&@f)* zK|xcD?HU6Y?>PngcVxx?)Rb7Y(`OJN^G)-IH@Ue=fcyHjyHE=BqdAL`mJ)AovAe+* zvqka}BFX8ik7{XtMQVlhFI{|rI#pX}2=rS-D_oF2uE25@{s*aj7r3`NUaddRSLonM zq3KHE*ZS+(P_B`l-}K6j>Ug;_I#g<|ANkr@16UwdPRi%FN2{T4v6Y9d2+5*PISur z?*1+5vF^6?>?+JEH8!hikAGZ}KRi&d&xh5wdgx4xEgBv1PlsNOF^uEGANLijY~VmU z*0@?|5^PLqVE+}E)XR5nU9=;OSEJzRzovr~vt~G#<43}@X7t)zLxsb-2cJEvtnVZw zH#y0UEQdiDXYdvVMLVCeVz@pBGltP-sVtT6<0t&kvd1F0S zAhuBr5*4tAbY+S_?*f2acyw*`sYTx1Og4h3yZ(IZtP3@Q9J!ftF7Yul;+*sDlN(R4 zW9*Mt7%YOFZ9A9aIF=U_C&}KhUfS%-UbMJ&FZhCVaRS#duI~nB4H<{HpX!_6a*n%i z$h0U>DwQQ-8w=Lh@Mt6Z`8}Uyb=7%P!Ycz3Zl=q3|?bOi-?Z4Ienk_*U`rn3?+&Qu~c8tn|~wO!m_8iR*} z&84^f4T9s9A7%=3NMIrT?bxIuG6>*FFVzN)&(q7}{8M+TCM9|f1@B*e#N|;o7OmIN zhl)7BhG=}2;ZM8L8M+Sy)iA+yI8Cu1!i0J{{woCrHIckmrxzlFzy;CZd)F7*bM9M| zj;>Wm7q2(a45Cam?;qGfgM}t!KKtaPhLF%!vM4AuNdz(;{WJ=9_SrKRm=>b+C49Igc0%{3s zg94E|L!Dn~?Y)4YOWS-VWfapKA@=pd6%|uFH+H6=bmwX*0IWD*ONg z$^WissQ7hms%v`eK9lJ#4{@cwl8CM}dO(Du)c0%CKW%mILq?qRo}weh2pNB$JwZn7a#@7; zRVK7iFn|Kj{x8Sl8-C*1dX+uk9d|KbkMft0{pS%?)#5)nAOB<5^}b^TgTE~q-k$)s z|C9PH|8qknJbAT^Xn5dbssedHhrbILNt*JEPgG4o+)u?&FG=FmIsmpIHF*FxX+RtX z3d{n`PNH&NTp89E@D;>>&HJ;LW>+v03qP9CA9I92!(6g!-oSzaG}vp{tS{7ii7ErZ z1CV|F{R7BuWEcUqi7_CXeBaZXS*7hsQ zXIO*j{&LO4@xk|*S1%bz6oR=YZ(eR`Cmu9wW6f@Cdu?M69$M~SdI!5hYWGG>ijT>6 zcBSUMfnLoA-kRsv*RyhNwY$$he0)CQgI-VDT}!30_2+2snUWLuf98h-K3M+*Ww1ks zGT5d;8W>0dW$^#JIWwTMX3bk~_6nNG*1xH}cks2ol^WrWA$0I|Lo3fRb*($m;Cs# zuEMM|pW)|1%UyJ0Uyw0cHR*6kG!QSigJDD1JF2lurlKLVt zJQyk*HF92}r7WI5QAZFTeioZYQd?r-CskK=T9(gnX?OIvXn3ar{ny8}8ZJe-kB2J! zG*;*EmC6%)>-eZ5zh=yAgzxctTCS`)^%nkKq^4j0e6#7`wSoTA+X;9?Meo8yh1#KN zLEXWw`1q&%QQt)zj2$U^^KvrbWVw7j#FBaQ!9=5B=c%Kry)E>1*rZle46h^#W7_pu z{$Ur@Op9!}akR;^5eZ0wJ|5~y)$AT^v#UzM4gP>;*Q0`jAv{V-bG@@ZvtsW`p@i({eU$tBwk6w&=NwdG2?>(R>P zGCX%+eIxeWtfi2q=Qm`vjx~tPeI1(lMZR;727eR5B>Czo9dNJtR4GYw`Nc~PK$Nfz zKEfg#mYAk8HWl>=xpqAg+97w<&|(YsT*ZoJPox&%jRjMsL{OK{^+T00$I>N5+)l%h z^jcSkgLmskL)A+0(gnD<0Y-2%4>cyX9k2ksYQ)X;jT)(?vOkYQnnkKe; z$M&bbMK|1t$`UKWuByjWFT$3+x@zYZQ=nlhgVCZ+Nxlbcj=B));@zRY{5Ia~ z8GCVER#{jnt5(IYYeyVTdb4Al)tac?fduAf$I)PlZv}LD2UFT{#F@(g^0wk7n%~%8 zSa6Gvzz87x>cdeQ>Tnx_5hahCT^)$jBZaocEvOiU>w5f`G}ztKAa`=O$#)3}2nw5W zR=o`jHD{avqsHGE0n<(=hwvMzQ0e0c(i@Uz7y710IH?B>ZLnh*Qy3Hd5p0IdhaD`p zFTod?rAxUkyDEpX%~sZdtTY3^+OgSDj=uY8X-`zvbl{}zpYNc!J*pzQ@~V!l1MY9$ z()w3dn~ctVBhCQ!Nt5Lifs55jiEqE>d|b?SFew8|3t4ZtF(hMs_ZDgmd8*+fAaS@M zwabMH_A(-&W**-Lf|U$KIEs(&+LdixoT=c#OnycxUGe_+IA{qXZBj*E3L-Oa&Qe*ERvd-R6~Skb4uk4gX1*m)MdVD znE^-)Qqwz-&>Ttz>cfzDqwP32cGr~K{ce>jZ%sDJY@D5$dC*Cy(E8O78{eQL*Piin z?;y-Cla`$JF?Hrtvi;Ygwez^1m^IExov&N2X~k=SzBg8hC2fX?D5qgNcZRTezSU8) zHic<<#n1`v^RAUwL3*Hq_B=mpMYgMceuQazT^lYF{)C?x582I38+%AO%UlG+Eb0I*E>lAaW4vHjC*kFeBe)@!VCG!4UFDW8RKCGvO?8Ra@UtFLSg zF6j)LhicFu&&Y|pSc&aLT6_kV9K)0 z-FxYzTONuW<;j-j`(l5YE!;y(Sm{YF3So zs&}DI%CQh7!ZAMUd6}v}Nv#2^+%YGc==&(}#uum222=T~Q&vN?knS3xZ^xL#`+

    I{i zlm}F{>|=v=`2=<4NYqx<=)M3BZ~|rL|AhHQ5Ms_^e_a8CidDcB-;f^@1%n`cs#}i+ za7lr}U1aHFa6l9YlrZYfX_mlWOlIdK6m3wTagwq!==LdHCJkg1TktLK9+KvmsK_8e zPrNZ6zY|-{8H7Fk7Q5c#=t62)#b;|KY78#*>H{XuVy`qTj@lYK14BxmGbUnGZ0XJ8 zAAv3rXMQTA1}1rFcbn-ETq|8Wjr}RLzoV%iU+2h;nn-ZxLyCKUm7#@m|8LpFG{&DF z84;p2HY`6a6E1Yx(HL9xzL>km-DvfD)t6FB795o{963g<$b-l)y_gI!NcCgLPs^3B zN7Sx(N|i}2BzT3VKI0C_yB5*ei(`5+?gk5&Kf}n##yeUJfXbLl?q00MWAb26#7()BLesWt zX*b5fk5IlXeOx+wB`z>we;z6&ImmRkmqsZtdWwA1x15S`eul9(GF>Ab#;*=@fvJ}n zYus9L>3{7evrILPKrrafHlSbuda#v8{lV*JS-kO9e*h zY(bF#m=x3AX1GC63pWciofg$Qb6saKBbN-ylc+6!%aE7q#bf-pCDHo6Ht@Z+o#5qdrMm?2g1RwYtFCbQL;EmkWX1g(NIUG z{o`pPMrI(+F28Jlau#hX^^V@j-e8hVyTjaM;3SEwNzp-9Z4KQ~F|EfJ5qap!Hd*+1 z(F3X;*~d>ANwlHSpbqPM6>WcOet0vsZIGs!W8=?}hmrJtFl2T&8blav1TV}KS5hHd za3wuAea2I*$ernLjBeMJUCIYe7lz%+y+e#cbHQZ!Rw~_u;g8Efh-xeSKJhB^^^gtp z7ycy46FKJWyAB?^;^^k?Mp2Xk*u$W+6*HaNNkp$L5qt{?D)mzAZ|XWTc?A8U#?9Gj z;$IC*byjWZX8Y${bQGXcCpgd3ra^k=MJ}6Iy1jbF9<##kOvGO3poV+0`*2}MwEe8f znT6rX$dB9Tt}ghUSq^uX*6E7iT&G#Y>U%FB%HafK4pMDSc7<2>KmQE9?P9OOG%{Qn ztc>TG_>>q>YExp~>sL!aoOl>;bou*G7Zo_KBgF9bV~^+Cvzpz{$kBZAbdVoLvn*1Y z$)xD;YI%tBsFz9{U8&bL{AJ_>2G~-|&cFTAgo&DVX6FD9(>%C(wzVG^&L%p}JiH90U=urF-lBNJ8%FvSe*+W}1nF^=L;3#5olGCvTKzSg6ybzhP_eW>4U zk9@&outIXg?HXshx#XN#w1fzDE*ErPG5)YxSGhY>|3c|{TWW|cZCti_77ZZfHI?V7 zr%nh04c&-4_=2BYSz58O)P1~|SumQt5RSo<+S_v49Epsj`~4Tq)kBH5wc0&9QpXX3 zZ|;=!RO6f6Z24+}QHl^m`LQY~f2E#AHUuL8zQDa!jm`h&Y2Nutm`|Ubt)BqhI*QDYDbZ{|f8cxG!p1K0kDU1l>MD)X@Acm8IMLqRVsi z(-gMAqx2_n+2OCskL~l*i|M#LlVi9l0u0c&c` zM(VuGvovgyK7lJ2qMnAY(8jIJSLU%w$DR$WB`-Xedw>&F?Z$6QfsRHmXQTsrJAhbp zz!@@oE!L4+qj9;Mk%4zu?Qg6aDb>-AlZkETE5VoGoWAHgTbHH?&v>jFQBz~nu1|WJ ztNpEjueVNWxkpB%PWsddH!retB@_?iE(y~f9MZH~ClCl!xDp|2%n{#u!K)7Z(8|2L zQP3w}xYl>RmvxTD1QjThmV3*rHL2<1Y+BV?=F$|q^u;(nK_xx1raSe?&p&>o48r-U z)8o|-K_c7Lt>OJ3(sC;}0o;``+eLLnv{ zOR%$0=H^}!b~q+>dFxn<$N2}zf>L|>=Vy63P10i`-r^|N%Vbd`-F$00PrI}@R9Yg(euXR zpD(&&#~x2(l%M-)L^&C}KFdohRch(cej$ntn=SH<^XKfHLc(0^6|Om=D?{Ze`q;z1 zepy&1Nr^k^DD3HAvXp+4fMwaIDFhK<#OwkL&0RoXFEOfI20g$LPAXGrw78@@JX{@P zIWm7%&JLPKw+qzipV6PPDHldyFDAn99WPd(asxtr!Qx;>wk1Bnk5O0%ef;TqKO(KS zd8QZ5>gT;aCC?sxwo9dBSGjxdf<|)CV>N2*KwoE1@%ME9F1gr}~?IACO7w6i$1$v_4AO-dl?V%V(XNL661UV$aQ6W3XE$fONs zrJCi}Y4MBcm|xXaT5E|@7nrw%bSv%<)2?yG$vLGbW}18BRIo+UJ15Ig z6&hRE-g7Lr`m=Pz@kj&yoN000bCrz@P3+riK-^tajxSAg(p+Q@a~S*Sr<81& z*>#qb3^9ISKjOI$`eCY|^eF?ftBX1h`kPFbDTt@HvxJ>dUw$R|EHdugBAl&t9;3jxmj}I<)*I1*ul8l z8UO_6qC2)dGg%txMS;Po86{rKv&zGnKAssXIs#s?X+$UGn)hZrM}&Do!4<*YW_YQ^ zcZqXUAu~Q$$LG%M%!GXVY>Ytf7UWcJzL7`@kvA{Y{cI=Y8)YW--m8haP99wt^O|i< zb*}K!13w&0D)XD})IRpsDtFay{9fmIg@puAn9Go=oN5=ZLCox}S$N9EY@2*|m<n z59oRRx=5r_Tn|Hf2W?xhDxR9+TLtg3i{^FZSmmKlLk%PKIWp z3EK_9c$qGl$fD`znjqblPcT&2QE&UQyw&xP;KX$bSE!7I705+1SYnj50)AV^FM6i{ zKW?0_KH+azD+1mST+c(3(}4I?zSPVoyN!@9J%sV%>OqC>s}9#i{sNC%`F!Ujgz>|d zo5fo+MO-$tTG5>Js+}#@HZSWjY@*inF^YMYKCkgZag!$;AbLC6if(U6hC|SOO;QGLvnZr5Qpip6-MACHObBn?~3wv z)1_oBXfu4N`gX!`V_;c_9HG`$j>=6<|Hx%LnjyugIcktaCt&sb0^r)=EAU))zRQ(}LYqf}Bk_2M4Z1154WgVI37~UhNCG!Yri}B)7_g2p zifegx9n4*R;2PQw$YTeN~t_B~3K z&o`@-M&r`XzshIE=?mo_mf>;7pZkZ#J-B_fF4p(n&Poo_Ytmfyjr<)dS8PM*?%eTR zSyUWe{;-`#p0v|?%0tv^4}6QYPgkj$*#4-{qgYqKvau~~)jc#BJuY?a{0LUlJ9gg} ztavv+L3q4!%!$I&EpEfyDt6rnFz4AeZs`U-{P@&J`sr<16-fv3EVfpxnGjJ6}tmnzIIJp&g*NXo*bdLAX|Ip1rW~5v{Mib>qgR; zoN;X%#pSC!wW%oQ?atQq>c$0GsMa^tXF=On(yG{jMtCpWqsZQ)tLKYBJ+8s1LNwB& z079t)Z+M5hhD+zoRm7Yp=M7&gw@iEdj^7XXuhVA0acjWzeYl@yg~Y)Xmzgb1vtnRo z-kQh-w1}ol4=Nw!xvmj~Mb^H!fYQW2u5Y1q>+S%NUWKa8>z~kOKJBaW;WyLW-T&a$ zj@$}!o^l$|7t4+dTH8~q=9%_A#C?*Jy+gJab3T;BT`E1+O5G^LA8YnhZnj};EUZJL zqrb!FZI=M=4+Z9dWng#~AJK^KD+Ti~S2sf?kxY!Xez8s`&R`viOKT;B*(q$`sp2ykf%mi&p~I- zCqD6cTr+{+2yW(pMbNqa-lS>+5&`oAvo_!BvG&vYFvM!%BNi$Xq9CFS?m07fk4&)^ z#Kr4b>u+7(Dp_Dnjth7ScHuS_5xSO7MFj4yPblCRNm$|uD8?IZjo$D*xEfp7Uj$OWWQABx+K1*Qji`z#t zW@`VL9qbYIlAXP{R49p5&y-AotBJhQsM~X%7?T~eiJ7Tnp%y=Lu|%_7m2Ymm22C{w zCzN&`UZ`%ED+aGMwNxDC%SD(w;<$A$u7b(8mYVQz6eIEJi5M-H9ND6-bktek1gG|t ze5$^7cn3+ly?yHh%2Gl#n<_~8EoyRd+Mien*=^VnIvm?>K$4fxjW_3**?BexC9l)> zIVDmZGvJ(IE_J=}ISkFauFCFX_R|yTixEXWhJCgg8!H;~4Nty(@e37p(l>64FFFti z=C;#p4xmmNokvSOXjC;~m0kXJc>aOekBD*&UMhkBqlianvQj5zI1Wc0>S|R+Nd+ zy3bq>>bF?a`h6ab8vdvfCaQ6<_MPiN=v0*DwO2;f)YV9y4we@BTFUx8Q?RWUX+?q- zJi0$bS9NYH2iMcz`hI&{-4Nz1e|m5V@mdjLQGh7L8(tQFq%c>q`np=k(^>u+F*c3u zQ#M}DnF)zrzCsdqaD+UDFW+fU-a_&8^`f_*^Zt77tk>}hVhg!5e!+g~iHVETiQxsn z+!v2MLb!r~LW!Yr3h({GMbukS#LyT;p4(|?tVgbP^BNknVs5{8my9z&x0=H<3vtOj z9eKmiak3$}+;5$fc45q|dfQ_!eNuB&nhD8bJtVSn=}k0#i7;D;8S%~biLIYDtgn0t zb|09D7oCs}s$nR~Qu>BS2OqB&(%lY?k}=$~Uke zcW)b+=3Aw7?b--708L#8bdHoO+wFmj)EZgXnOVNoI7eIh=w~iFGIYm!MrWr{xtwq; znI{_@d|V9)dQV}&1=bf3r;6ZS-DUbmp_SaJrbVvBE6Q&7>7Mwsrz7ayw20aED;-;!_(Ud5HU4~w!D{Wg%SaSSkyfK`;SG=8zThIyudIx1B%e0W_DPD} z0zlKlJg%x*37au^yx;xn3|{ws)r~?!B&UbAoeo-^|GHAG`F(wq2$)?Zf1-Wq{3HxP z+S5bxGwzyqco0jV_nD2o+2+B_NV@fxxIB%TMkqS*>yRr0M(!i~S3&Vj6EwgMl{4uz zmpuf61)RQCam4j=?g>SrhjB&09A+Fle152|3ukzk>Pm=eoc@x&RivwhMM_24s@{AK zUs7cSpfGtEXFt+$gP4%<1pJ7^aAR4%agBn!_T_Qx#QlA#4oNV1i0&h74(5kcRI zKeD4w>lLG0* zbzfYuTQj$Bj&>v{Ng}o7J<&TOTW4Ut!KBz0nt-m20P!ZwjuP1 zb5gycr`!SY_~#}A)mZ2!0I+1J@MXx{En(|0NU-`lk`w-K9glEy8_U4_9S$o~eG?T4 z_9*w8FEk3KiF`7BAE&TZF*KHVH6D9S^W4x$Ev10s;;_q!4{ZGrF(nM;rO82=obsj7 zh~x@741aK<&P<@}+HKdyw!~Mj&NO+K$(ko)hg)$2$FYnN@i#~Mzb?ghEOyL+&y}az zz=9A2_bs1rBA_34Ao zJU{PwjF9NPhlf2^E?}VyfG1KK!yEWlE|VWJMi8j0YZ6Dtv_3z9V7}q}{etd}fWKc6 zOeHoFtDK5#t!4xu91}Q5cyt`L$XwfayIV_rJ6i%O8tiIl(f z;ep(!7!beJ$0LonL`-{@pI(JOi*39$B3#X!C^c&TIgE<`AXNho#(WU{pI!aAd;ACL z|6GNC?f*Uc(-8mn|NFo2MU+wH|E;~Zj*6?>+I-)H5JIp7cajj?B{)TJcP|`*yE}vs zg1fr~clRQ=YXKFcaCi5DuDm(#*XN8r!9IvLu2&r4O2e2`S-^ZTv zg;Bwqe7&VkZ^%7GFZ*R}y^TaiD`IWhBdBq`rL?gsnBO(Rf*anPx;>T{pOR8i42%s# zNg2{rccm7?nk0pUS^>g;9ocQfgHlA|6?vk9KLMM}LG2V6lb=fB)!GMTe*((4{_y7@ zdxHB%+MsA5G!xXu>-Yprc#f0y7w<9A5nNdr`ksP++@ZR6oLN9lj!_##n7{GYu3uHC zw_nrErS+rbC*eRgGh7-LuIAF*(q9szOl@XxfURpet{&wh9lPqde~p1v_!vkdPUG@C z3`-cyP_jAv3PXBIkp2Kcl$W<<$m6se#lXkMKNkEb&mex(9c)B@>zwiH%ltX+PADbc zkh@0z9v)kgZ{WYr;T!5D?72$Gru;Gd!w=3GHcBn?r*=%jG@KaFUjRpe$3@Cq1*_@d zvR{jTQ-a60U^K=&zHyw?>v5J!&JQFPq7|`gT5UVvIV3EGbZ$rDIA<58jl$tP`Gygi z`S`BthVs8VWna8~p!qZSKM`cq1ARwPDU9Vg4D=Hug?=CX1*}x_Bm~(*<&(IKxfsCi zr#6$z%9OI#Up;!Ia!imGefF$V)Fu<#qQc3_cscUJ61?0=*)1M8(1i@d zY$@d^n4ubSI#1h`hT6B*z5&&6sFIZ0U}I6VUsYXAc_~+#aC>DjRmiLur40?^STdskeDpN6%ehCM9585 zW3gvXYB8JCDx64~p{?~H?1O2Xc7yBAqoQ(%&SJ-a77z!5d%ny28N;(x7*>6V-RS&P zc|r=B;*GylkLi+-fPGOeg$4<<;>Rq0cnazDzFE(Wgcm!!Hio{m+dF!dql8;bZ*=^F zgX?{=@>VX>_EKjw3enZtgfrih4W&7SM6Jxv7)ax}TCTup#z^H1<}YJQlQYoNhDC<4 zgJmNP&lY=IsL9kcge`mH&ignRee+8h$+Iz2=^(YQ+&H{wCd+|sJ5#kBc?=bf_ioRw zPO_j`*;CGS@HJ#IPF3j)vJVkTO3U^f59Xj0``Z*sV`686PA`ZhGBG^!YZ#b{ywt_c ztpz98`=mDJ-TAyNQeHV7)2n*?VnTu#r^BNW1aefJEp5p7y4Qd(0>Cy~bG>3jq$EC) zoJfAT^yZz8!Kzp+hCr_T)yKIRI@yk6Ew^W0awDy&TxqN#;ni*bgz^AK_*N0Q7U3UL zkXW|_+1SW zR2uCuysP8k?n>4JG08%a@HFgXhCFBj%pm3Xqg9X_d-)l3?T13Nxdm{FR^Hi{Ro~BN zc(Nyjal<{~1Y{j`4G&YB@H4md<;}Y_v?NYnj+U$aH(b}Y&{~fXhs%Sd9zTCir!$%x zi*&uskx8G6cfnQwrG~uy@Ik9kAu{y(%xNF`ix2DAsXvwx1BgJe!o<~PRIOe2y~NlZWvn6Php#}%^h-mK4!B66X=lk^L$705|yuV@iszc&ctgdN<%4s~gcW|=@-JL1# z>mOWyUkL6)<9|aR1v`Mc|83|4*7koN^l@!wPCXd3qI%ty>d>X!5gxEM#8&Eq>_e;* zfYvp|L>X2D?M;neE2(r)7_jmYH0UVsFRt8-#dM>kSz4uBM{5%+K~&eQqWr3eghiv! z9TseLfMSCR2 z$Nahv(5H0UbBoNwu{Hn;DE1%+$H}KEAP4AaY^p}=<#<7Ly=hFfUcz(iX;z1iSbDVb z7hT*V;u50G)1B&?7+S^*3t}IBQ2jtG5Oh9C2Vz~NATpOLe5=;u{BgBM7^gBx6Gj)8 zGi*lTYk@F$MHis@y6mIs0&>HO1(7q&og51>QsDt$Rtns_ajZD6lAxGx%wimA22@cz zEne2BDFxl{S#YV3Gl6-sC`G64K4~F&ljxMgV_DyjXRHsxm=LSYZ5=#Xb{Y3oD`|2v zJkpGXE(?Z;6Lu_~TI(R=?RVc$lZU^EIwk{Z*&JO&VyuepvAi6}QP8zF04!;WgSb{` zYCe;}E*JDojimzqAoWvRSrfaX@dB()a?~HwL2? zHk*ja&9rFLB=^tjFKw}waR(ma9l0He4)x}9ORrcjOLVNwS#{LwbSgaeGYFIB4#kxd z>{)x0auO^MZPN}89SyAq>(7lA){it?B(C<f0*!qiq(w25|Cti*7ymk+Su#5aGbaJ@s~Y%1Cev> zVTh(iaR~PDu)!ns{jpisNcf}+zi7B&2^q;&nor_Jo&v?z>Kmt>$!|K9DjoXr4c+O> z&P5rOAG3N2O_IdY-(O}R+2kfnI!WBZ7udO261g+yr#ZdGTvLvs4H zK%5sdumP=fYsnDS?&^*$_G_CgAlCkKu*VwxV1l5N?HhQLY=legGw`XSY9HweqM z8^KOZbt^2s5MWC4fk=~jh+C#ql+EI?n)X9hELJ_`dQU+y1Bp^|XR)Dl=qX|&S@}XD zHfx?X4PA3>UC;HVcNmm7nSC_zh>*~MmlDGUM<;3KN>m4@pi;m4>#3La=Ia&?J)r}U z<>h#hm;(lavgfb&Lr-jIj1I*X3=)CRviFVv#{&Bfk%$cG?oNom-ZxxzY1SzNeTsZe zjyEM1HmY%C)S!G|n35yI__v_%-`8H}A zAFjS98N8GHriOi_oH>{o-_6YU8bO>l?M^-W>n&SFNF14JMvhu=cV;k^Z{6v&*NQ&~ zOl8{Ir`}Uk`c^U#lf?>104Y{W;@uvTUwfSHXz-OBChf!W90|%HyH&1gpJ7s0bR6an zS-bTkcb_s&u=~D_H^&P9$K0y+E6i_pIut`|2M&s6McP=*=Aca%-zxV&cMzS!t5jstwd4jw}0DbOZ#o0?!%vG3NF=Jd$H^Gt@$M>vdCd^mF6AB(b&E!_L# zTW?X~QqhbJ@5fe4hPl0rO;0c=g${CAu|8XoV9l3a71AzDn)yebENrS?gA|iGU%S#Q zelq^1d3UajWVjq=zDt}k5_D3-UAlL=!z+C)DrEsX@q7hSMtO0fe2d`ge+EzLJ3nFRMv zB)1UnpuIgALWA{(l2~6Q7eJx0C%~s#t;A))?M5FFt;yOUCnWo*m~lCngA^_#J5v!e{Gc_kf)Pn_IoTgF?%kVR;TmzMvr>+t$JNX93i z2D)%lCrNh+m?xTkAiFtRyDY7k&#>;|sd>19mY4Qhnt$y+wz+(gt;g*$Zn zP-v+d?`6g(Z2?FxNIbdpM@m4??>wKexp;a; zpwL#kj2Yd&VYXf|QH5`{zZv#S29_$vyGmmP`y4Nfj>T*su;w2_y{uo}?pxE4CD`+> zNSOgrtH*^uZd}PphTA?=iX52arj*%Ye?qV+iksDk_aQh%Hvt{jHRyx{*Y)%GjktnW2mOy}G=}jKQ&R%h zp1XjEbAdny>5{74buErpPH9m8OM8<}+z4yQtj~G_?0Op1?dgpfZ=90_^rUq*!<%@U z%0Y>E?(zPa#1d!PqQ8m^;Q21w&w``~xJ=1o%h@nza8KygKq6CxjnbC#=`@c!TD5DC z%RYZE$<}VIz4VR4+aR6!y3Q?)Y;A<7v^2>dE1Cf#)E`+fGH)bh?sZU4P1abPH$H+= zYd#OOrL3)K#(hU=;m(}s86S<`53S7wo;431r6>(t(h8vTX#MW>Y>y>>q?5H&E*WVj7Xy}BJU?pW14S8Lgl68{HiV=GN-Fau@o z^A@Fb;Yxh>gg_!)q9W4{;vGNCx=mVX_YcC$q*U6L*-nZPfLi`jPA>c1cdV1YQ-asN zbcU!~mwiSX5JVy##ondp#sfz;o1iZ<#xz#MBNzPgy+V8+s@dj!v?4&w-yVfBKdL`v z_4bLugp&^I(}v0XZp*zmavN>^gMm*{p0jKIBnNHbO@!E^v2Mz&u5~z(5;4T<73wCr0e9V|iCYFjdg3 zBI3?c#Z&&N!{Ub!6H7Nh%HYIke}eZna3=;vuj9kzz5Q(mAY zsoW9T$n2YMqdJWHA)5xsMElTq&q)tamWYUTid^kL{!rGt93$d2Q?tXL0(QvtI=>WsFFWQPj>`joGt~M@$wVY}h z)2d51?R@y)G1-QV;pQfk>TQt>kArlnkU!l+wn=Y!msivi@&V-wsB`xVi74{VUgH*N z&++g<&+>D{DTpV@n9#m3y)M#Dz^f?DbN<)Ki_F%vXxeQl?8p~e6%(*)uONZFWcwM3K8@l(J*j?P#+MV6u)w&$tO$fxW*zcsDKdUd$Daa@dcgax znCL3lbaqy-Il*LeP;kGeBmzkV+X3@M=R1nuDw<@!q>|`eod`AT5YX=(Ek!I(`(QAD zT7DGU30pKU3}GBNiOQEO53C>d*u7{O-ik$Endgv!OvjJ@W+!lgKm*hC%RNlDS1tin zfuzft?d;@(X35;<#?Pwk1E?3q({qevBv8@UB=IRMOYiPh75l=z#*4pra3axCr}njH zZ?L7kYsq5CFETRWQhwuH8Y@EjzOxM`_|>aTPau4LWJ&MY>+)%MEFR4(@n#K8Vd;&X z6TP5jg+uee)Kr*wB9T#d6(7C!5FJjb@oVsF zr{l99&?Dcl+eX}gIy`-qy#~_d40WRC>@MIVad<}V!GgOa-$k7fsivbJHPnjaZ%KBC zrpzt79Sa)bmK%Ks53Ih7gI!6Ss<>nDP1PQ=yg*XD7RIg(kNlW1*raFPIrzrC_dkzeYC^G5N~{mecY_Y9tByDWwv9#Gdy%3AutfhN7< zE|i4$nOXOmp9vblfM$+*mWmRV74vUUH@T^I^_k2+-rF+YK|YOFDXp4-ZaiKq+W2|3 zh_u^~6X8<2EoyA)PO59xIIx`nU^mtmwqE&*FFpm7LvKVH%?=nfW%M%L9+GY;ET>gx zIfKbK7CQ>seaOmF1@JSk%Z4*j7YkOH-r94|`-fH5v<#fIXB;Wf@#?lNU9lLSH|)#M ziHHH zD9`hKuzr_ab+<17M@e4vEevF6dE(_iKE(~3W!a|dl+^;i-zN2TmG4+tBqLTitWnv5 zSdoubp;+g9DO4tn@aBmFa}KVy0E>uf(QOOZo<$N5is~E;r>ED%QRhCN0uc9!BjG8_ zEGa5p%07Nhr(3ndcMSt6UTw3Nb3|U=OC6Ke*->mgG=I5ytRHvXa=kqvWQ!lT3>;qD zA0^W8%BszyFWBq$;9KAc&oZ8qca&kbl!NvS^aj<+KC8u9Q-b&R7fbwMxbEzL#0o?bn9`;KQ~el=!4gA6OXJmda=+R zPzcp0@w(|-;-5)bf8QdrR&QG8b^Opanl)@st%}+;Z=gNAE9WK53KiJgOzP{+-#Of6 z_{Ko^^=8+@>vjsQyWQ0DcLdx|16!>ybF3JhY+y0D@^A9mFHVSMsd2cVHgt*~_n-A1 z-1|5IJhZbRnqVU6bL%8&d5+G9IuKmXI{#40WE!GrZ+&R)I^^oP*1|8T&*$sN5pwTi5;EJvzG6Ts6#b5KdL^$ z_reAhvvhp?{uH}Z;YGO!=9SEnO1|m=^8%S4sEfvPaP+G0bm56hnA{nU?#VlBni!dd z39Z(9Qa9aykXEP4V@v5v`*ZVZq;v*SSvZ~b=;4y(TQzI^3u_EwxzSInS3}$ZR17V? zVy5jPYFGOMt>=0)zYA_xAH&m7KLx2@RiJ*l4{V$LDE3^+ZH0FlrKXX({7CjqMFEK# zV`LM+{X<`ah4X_TWhm({$+3+*?& z`t`5c|0dR`Y}&)GLyu{dj3(W=shq*Oz9~cEM-~B(^uLG&k+aN0rFNU-gR{nU$k~Ok&Do=KOTequ%s0O_`@O}x zP#1z^X=ZXfg-AaSde)f7IVoh5R+LgPQ+QQHC$HQz;bK9;9%C7@W*2VpGpx--i zV7PhrADa5_x0(`uIT`%DLL6=Rr!f8ZFaDSM&_-3At4HYwyoLVOrdSymSjX*Tp#y85 z7{ptV;XP74)SnjRl@A;RlLFN?1gq5eMosfKf_#-S0#DZ4>tnncE-ks`rCW*QwfC(_ z`EQS4Z7j_F(t>B5N!U@2vhXujvVuR#z{28Nd;pGnt&>_2ojcnmB{K5K?SFLT>W97L zS8oNwwBf|UFmoMPNnZLq?TugxDvdR9+2Vt zUHPYT4jS0uuPzIMl<3{#Sj(+HR~`;^Y(c~OyYqJa&xGgH{}R{mhxNaoYk)kyswfXj;!3z`t34m01t(nr zZwzuN{(_f&MZ&Abl5f@o-dTVRgwEnS8aisCQL%v6?y*eg%)TNt1G4@*mp;7D%f=Hy zQAV=BdRrMyhMQA4wzC=+r+r?(Hw;vCr2MR1B_28q@nYa_Dy$&+n1tctYBZjS>gJk+ z!TzDL5{a%77LpW*2%z*gd@M9!jtI?NHG51>82y@OYn0{PWYAKr@Hlbq-cqqq z!N6v*xhSu?Z*VZ>CvO#Scd0}%cQcM|PdJ>gu1K%qEh8fZx5qhiBq@KsP5N_{QU%RK zy(UAP7&3mtH8RUOJ(G7U*kZaQX6tFg#btf&g~mpw=sF&54%XAmGiizr(8at*aakG{ zcO)uXb5(7v@sguI0Q)EC7emd;%QLU#MCqI@FAcorrG9Dxm8M!~KWLLxUq}?*qQI9T z*och;#W~acC~FrElF}@!4(mXeUyk}DmmUeq@12tD|;gfUkd;##4)^fF7^l0E~@Q*Y&IOuJ2PE}Ob8~d7Ybk#w{lY~<5@`^8$ z;Vtm>rpi8hk{{V+zA|_&uD*5jWbO4rpTCR$HzmmQb7^VMLG`k)0nHet)%E3Lb(XG) zmAQ!${6r&k;J0>fyaD^kqxG%dPjv_;8W2Un#B}ktTPNp5=0f8gH7YwS0U0=Nn^ic) z(C>rPrpubVk6%SvUYK5Ijcw0~aRVp~h`C-TH!~(5x_bHor)w!ZwvP70$5nkd@2Led zN_-s|#g>3Y9OTz3v!;>(yWp*wF|!@Jj59g@>smRQ5FpS<9rPUMWnk6a6q=6r@9Fd5 zpqK(Wv01&+3ojpgj>Tij)UaCHimH<4`DM=e$X>sLgMrEu^GFCpIBY3=^dB)$exO;#L>ibC5; z_F_+FohEjxNPEItzxYn6B$h4hX5(&h%G=Hlv9Go?Q7OpfAY_HuGo9?})4`98$hoW$ zeg?oH8eoWKDR^wY#lahf?ITdWVJsY4{1&gNZ4vqbi~(~7HRs)Coi$h z5F_#C-8$D>yj*926POw9()n@M^@7^W5m&guYTYb%4tJDa% z%VU&(2T<&#)?9>EcM#>}0$+19gLtmJ8An1gInbcfx;%|v?yG}hCbnaARFtx|;*mgg zb-6{0(H2`yvXMoLi*w-d$XB`TK*E#!tLv&-=ZFy}t!jpCOpFl7dRfCHI_gr$<_N7m zrss=`YK?{rXV1y`Js!_`tG5d|6yCkVtD&x;SoKC|^Kt_D!@Neo`35fQ8FlM5JzEk109sRmA zqmKLMe7`DCy1#B+o5{~5dsRGAbh3vI3_tiIZ%DaR$T=ioCdBSX)jTTD>ZjlxT1gS4 z3}7N<6P!(FuV~9ktVMlOLtRjUl3?98X_W_bWg7w5mX(y8by;t`dzicPngMc<;(Zi$OWZXVd`Mbu<5H`E4QZF5 zrV91N37Nu+M>@%92s+0TlL~RKyGo8dIX5zDz7V1GC7No$Fz>mVUlM&Q(v!hgZVBh4 z>r*$_$cmZ0|I+zI9!b?;go;AJ_TOb%@kjE%W?C`mUTM9B36KZFoX;v|s*TpLdB%e# z=v=D|oz!n()d3{D5az0I1oR7}lc7zW{h#+ldbB&(=obh#_H{Asj(8;|&y)nZ&VD22K;ajlvN?xv@NE~Ui6UAi?pT1}OQ8$BRibrv2X9j#ySttQ-0 z3PV!6COOwtr*NEkBfFg;+)LZd%>kpNj;j|evprt_HX%C{pY;}$#D zJclaB|H{CEcl!SvSl}wT(-G$v*j2plmhsq~Qy-0d3)6J&@e@1HGIv&?(p=!OWhJY(C#6 zyXSQ?)T$x@>2dU^sB2{poqf;Z(Q~F{z?18q<_Jj@XEK;HdpF{9BjszGr&Yk?c4aC4 zV5zvyu$1bt_pn|zTK`^@z;Jfikt(W1c^r<;+?=7;8KBoDLWXc_$Q2E(i6j=OA%sz8?=Gi2L|KE`P{=(+?oy=|M?$CS1w>Yz6vM z`PByFwW31HGxHJOx#19G*~%tdp?)2CKw4X%!1KLa(ufSzV{6VhWZB0Js5$c6Zr`Y9 ztc#x+(_0j~DiR!CZ|9~0>&=AgiXT)?F2H~KM#0&Hau_WgM-3epDdZ)?1ztYKNa3ZBh@xBm*;;< zACzcw;u99=`V;_L4*obPuQRLgOgWOhvnbb|Z;vr;2iBiB_0m3|yL&y2Zh%0M&a4eAw^ge)c1nFK7hG%xu5 z3W%d*u-8YPTfkCEyq}`M(qLk&T&_X+7MrY=#FYWt1ve^iWnweu944G zf~{<~*aCeE`ollXp!^RT{zzu5I_aS+TbW;Wcnrv%NI`Y6D(vSf->7;|t7%`4xBsEo zBCiA|F55sq2gd6l+yu7&j4Z#U}dKytfoFTmibHIx3(r$v0dHsJ2~xa?Hy?3RgM zhKFUSnU<7SXEv2hGA(Ac+FXPLN{^Fj@y)Wma%o+gk61)l-0}^T*VmS7N}S=0?tOLZ zVz;@UrY4ojzXQ9}3WMGx0S}M_kUg|D#l&6pEb0h*^T}FR4#urFo(Xio`<~eCfoN-Y=d6+cpb;lMdr|#o|^44m$CSWJA0JZ2oAd%li^C z&Kk7#;A4HsEm~DP;m;!&?S)S${sT!jic>EI=}9o(l*gBF-@?U{_h%ABbVrJ(Dc)W7c9P9OvbDHHH*hpDUV8JW{D9LPo`bl4#0Q%trL5-|cGOY%sC2^X39ZBB9gD@tl1D0Nwi*w|w5nF?@ zYw!GxoOJ!I9w6^W`x^?>ST6h30d-vIEfUioyL&*XCbrUTDGUf-+9FX(jUZ}zNthlspwfc&rI*hsfkZUHV)k(MfbL8IbaH!NF~r(EH9v-w=S)SJvPUms1b)pO!P zlk6S{p^;;OX5j6&VJZ&-Mg?j+6wlJzg~(nZ;4b}J(>^m!HOUYcvmtA%1jAuFrNg8jdveb z))%Pml#|71@6OMV+W||6iNBMWk7KYlbFwQaj2fJaST8D!toN{P;9U$`d9U;$m)(dc zW!88q*_V2kZQ&l5CVhnVbc-VL7Uxo!Aw3vV+4sAPrMS(*ISbJe!don>w!1?2}aK2NrH=^elcV%rh_*TxA$; zB5qL9-}4AVmfkn(3l_Tn5rx93h!FQ8Ie!M1N zRxXIJ&Fg|RKXKn(A;=%FsSPMc?cptsuemBbce*b3XDO8{*T2I@0iD@e>aDdG^Jtl& zZz19|?`2-jA=PHw;Z!P5z4~k$$DaI8+a*=Th2aC5GDMkS7?Q%#z}3iD@IUw{$TurV zS+0qpFP`Nax8pYMzC+zq@jBANWyqBLh^&J~LasbS^(3hDCn!AkB!iuxu+Gv@82TeR zjASPB)}ndN4tF?H($?472$iIgF)s1$YVCYSJ+9FOsiW6;TcO~+;*L{MJjv|*k+=qE z>nX=W+fI2p8D%-c_5PjnJx?QuF`b5-jlQ}r_iubw;+;EsVtGPmRVoH$0jK@`YP2{l|_l70)!oZkZ$sV`ltBFKmRZq5hYyUrT~x8??S)Y%u1Ac|M8%A)g{Tf z>G(zwrkYMXl1&AJi9BX^XCbTy^UcJBDoJ#_Oe{_t&O))L`oNE9LJM1JU#g#N z@J+Ie1O|5qm#2k&>Zy7!h{Li2sn?#{9ujK<(`a{vrGrm*Z0a`egliJV z9v{&m?t0e)z-e&i^OoibxqvN5rpUwZS|hM>rw{dxzCWr-^T}zijv?ff!YY(;q#H<( zwx`~J>9qLO;bQmnjT-`yKbgYS*-_GX(YrZU(lKsl{^wyRO7C;sa^X4{1aA5GuQ?t3 z7nS*|Tb7)+`Z`*tAfu5>l)fU#*B@k3n^jAq{pyB(CS=iz&+7eB^3NFmR9m`z|9>U_ z|0yNkQhlFdVV2+y%&Y09F*N+mSb%XQYC_A)lhTj3z$Z`Y+tw}F`960<7kZn9Cm^`{ zZ0~0LhHq$dcych)_0xbD`bJSt;~7MAUVI1}E=|q-68;7sq#rAO{L`A?lv%LN$z)t8 zZsICpaJxeWDtyI?2+4^Uu9P188$)a+UK9T&f28_vEEQ8?9uE^P@zNkRb?_eQAaS5l z4|6L?Z%^rAH|P8LJ8@SZjVNsA6emud-$j3qRJT2P6Pvo}Z~$ zsc2X^rpIwuLaZt}w(63cKtuSpI;rLVkxc&rQq8KrWf4Gxyf0zf^s-@6v{E``sFIKF zcR@35@=j_fcaPuc1>f?p+85n>^_PJ!FK8^i0>V9O?p$fT>o4Wz(tgzgb;7H%3w5Y8 zH8rBerA_0TV>pd$c0n5dp%pKF{YSOEHDCJyAXyNZyWvNr3cS5y(IuV>xcGt zRrsGK7|9)xP1c|8vM5A~ik<3d(R74CB%qL8z?cMFjeVRAgzdT%%~Qd(w@eBnxIF)t nMEdK|J4g)E|9#pw_C1-3N!ODo;acb)@SCKloJhHl{+Is-7StDK literal 0 HcmV?d00001 diff --git a/modules/victoria-metrics/victoria-metrics-ui.png b/modules/victoria-metrics/victoria-metrics-ui.png new file mode 100644 index 0000000000000000000000000000000000000000..a18e41efdc6a2f86164735bc37406c8cd41190a6 GIT binary patch literal 143676 zcmd?RcT`hb*Ds8spdw-g>8KQyrt~6BL=H`CfOJ%Pi*y2nAS$Tz-lPapl->fNB#H`z z5}FWtR1!i9kx&AJgu4Mf=REItzxNyWj{D!u7!FCY=h}14K7VWOyt;i$oAn6S5e5bZ zR-M0Y++|>31~V`)zC6SPd@@GRn+N{e=XF>6Izt(nXBK#Kz(K=6gMpzkhGpyFLE!!2 zCx4lGF)$qayz_5g8>q;Zfnhse=Z408f2)NF<~J97HrAI!P>Vz>QX4PvmwNieCwGl- zxAz^4Q%-+*K0NCD6A^<;mv!%53JtX>e0hEX`Q7mK%a9l6_qRNiVN)!lAcRoRED$2W zplTpqzY4WT=yqvG%fk~9 z|9NZkvBSPWDAP)EcF_l2(+A5nd!OvTTvKpRO8;)DrkkF(*!aKyNn)#<|vs z_YFE{menI=+NtN-S$;349%b8a**^ilE*KYU`@z!8EPO2R_`61zsOkkdXWPHbn4)}> zEsLAm_&d3hR=8Pzy%rQ2lv2Qiq<7fM^m5aii_FRg@M|eI1Jxo?|E%e#E)e&ZPG`=E zTp_&^Q4*q-_6-aAw}tj6%XSdu&2mkp{SW^died7v9*N9kF`oBn7^n9;lC)3Yb`-et z60kSxzjyMm4l9>13MW7?yw#?i->I9DCZTK@W^c-5W2%`n0qUPOcx5k>6;LvOU)kY6 z0_MF(&A{+Qzs>bqeAcVy$>aJst~+7RO??}V`j|33G|kgiq}gXKKWMRCWw%SifHI?p zthtD^`u%M<-f!uNL>T9#dsvlQzN5j3HL%l?>t~9U@Uw*Ej)-m3b6(gZ(5ruL!4$gc zLKoExLw-iT<$Bl|Z^tURk}*BVfi>uLksGDnQ4$8(#8O)MgKi6hRJ+gzsY~6GouI|w z&*(p@yz=CP`fJ1CDqGXfEVKgf>Q}#0E9p^d!HG;@Mz35bc)qx*@`4*-s~c>WzcpLA z;ak?Gy*6^64?ZsdCx@!I>4A{+KAGiIwnf=HYj2b$w@UBbezI|j*)S2nGu2w7cUjBy$x8D_0g`BWd3?F$ zmbXm~1RzZKw%MoGCYiDE z`mlQE6{>HxfU+A_`N|ebv#@>Uj+^f>8aA0c(O7`GGIGD&C8RU_6V(l$_j9aKN; z4Madk;DU?MH>1xA5}=f9 z^4iv_C(&2@KLgu>+J6zyH3@`ZsI z=wCynBst<{lOKKSbG-g*o~4a&1G)0xeOMK!AACEm4*$_910@P7iI>dWFj@AOee|Gs zd@X@Zr*PTAWyl+4pAgor9Rs(PbJy>bLwERmX{(DTZT$jMXC7Ir1~Y@VP+G#v4>Dt_ zZ#;>Uo?ir&%^g2kDB?T4a0ivm5%ekxmp;P%Ub543JNa15UhD{&zCC}HM>`4-MfapB zeG~TxPKW`G4m}FzsmOoh@$;7NEnK44wgkqasxEW>Em5+msl~ROz2WC32adwFRc_Kq zUBCV!20k?j_w1IO9){1o5btzOt~F+(;f?qc9jq;cP3Y?fbqXUig&P-Tj1iR83H-QT zc5-2srL%e9Ko6mg8JMa|mP~iPjDU{O+u1!oR7biaDad$~ZFg*r1C)9R z?0!pP`o3g-XMwk+sAa(-EtnW}dCt%4Q(9xkm&2O2pK@2Lu++fNOCZSyl9Gt3>yve3 z2R2$bV>(;DaxbXRL#?DcsPN6)W?KSp+c4awEpx4?NfA_&Y6nD`Fz8SUA)E}l5%YmaCl;39QjkT$f$8#4_|GRP9+^*TK<=bUu%u5x760Y z#?A{V`mxAtDs%N!nE`l&9ZBz4Jc-YSe}Lo|Qu=+F@8Z6NJl1a1C6@n5i#-#?= zaeQtsm7$Avgp7pHt0H?)_>#_E9THjcO6ogqOy`akmeg(eJi+b+<&Z?{4Bfssxp__ zHiCY+q=gl@lNRY~S9Uq=EzT>|$xl&`a>X!QAzPYKKTcTO2x?BzSyV;Z z%@{}uu1|9|b{JtNrPUzb$X2noA4oCJmc^a{#7|WT+YR|GGWh$YG~=3R#n-CVIt&Uk z)u539$%r9wqbJ!IDHe-01gWi@jYAD9p3QA-`?KSudr*?Fi&$% zaVAfH*6-En8QlKGA(?CImMrBDT>?lp05Sj{(Wt;l%M_3;utp1dD3L8*R6>W z^q`eBvo8zp)(`Qn-go6RzuGj+>q>VfQX=Yt{>U^;qn4l1m>SFE%woCunQ-mdnukLB z#<*IOKj>Z>#%CdJtlbC5ZkhAu6SE~HRhr%D{y#BvVQB}I%h?Kx8sO;-y8=rmi%R5? zqhzZfbRb@nfA~Inb1lLCsbh`_vNxlA1arVbHqT^!07@-+4>)hLbH}u!ahd)6t+Z?7 zH@?;KtqD&tXNXx(q}Gp@j6Yw-nlEEe+cc*v{Wn*JBPXa|dt4nBsVKlm+_@+BWwd9p zuylOQckL8(`ChnzXX3_%^mCUoTl%Qu@ zZ4k)xRLwSKiM*!9A#%vc^m(PD6|$?k#= zJI@E1!eNP|tc#v6AmcTkv*NL1flV@B$(PL9ZgyS@Ea{YFKE$Ck{e;H*!lx69BuKy0y}DQL$3=LxZ}LM;GuzfBHq^4Dc#0^Z zwy+6AIqW(3A`nGHZkH=+Z!fT@e2TozB{&dY!ez1AIkS>$+MuCf%6g2Q$-~n9iV5S> zY&!V@%t*h$X|c&jBBQ!5l6OKF)C6xu<87rEYMdb={+eR2PKPw295%rl2 z^_d1W`yj)0k=!Yms;s7sE2m66oRWsbas<_ol%;jO<>kQ zVHw;XBt5yH)8;0r&99^-QNP7WeTm5Lw9+dn=CCq*C}lqw7Ui@-dj?-mV8TIt^)i3H zM#}}#!rV9NmNOkUX0{bO7x5-09Y6EAyQsZxe?53L?Rk(1TpNwFpAYWe=)Z;het4sM z0@U8d>cuu|yp8=9T3qvuYVG#WJ$WoZ242z)x+%WhfIFY#XVu_ z_1Tw~={%BKKUuQ{){{LK+VW>Ak;s`Bp*f1$3a3Ov`Sv@tunj zay7kSYWyOs19ymnx1I~SaoTfpQtKe(Iwm2vXPz>`vU#^0dg`0Q=VZt*b#@|LFT1BH zi>6%IL}J?uO;H93`Sy?{OCYY&VWIbcOeUmsIE3CbA!+8)I?*kleAOcG` z*&c{qX>w`oL&I!bz&(wv?W%#Ru8cpApT!Mwt(YzTSkJ>c`Ce2*Y}hHz>9KXjSqD8} z7qgO7LoCn=+*eT6)W)V2XNl{JZLH+E@KH#LM*)lmVLRxsEpAzspGKJ0JF+DsFscgu z5rFMyoUQY^QRZ*a7!A)5`XD|+X`d7a&?9lVd zlSY}8qyo*`t?lWAs(>hQ?Q~T7vImz8ZGyj(yZ?62;0I@^3$##VzRZK7GuI|C{UH_h zsdMn+n=53OV*Rfz*V7r~=eMBkeD~Tix@LJ{yh88q-?hp%w|b)2IpdsjSFLd}AZf64 zy77|5P<~n?m*l0c1@ZimCNA%xs|FM5-lxrm;1%Dz#J~1|rhd(+v7<(7Eq!n4A2h>= z92;)2jU7@#^|H34L`N*7{NUz@!b7G4ds2IfP&wsIh>pntN)0KvWsSA_9b%@KBwynL*KwE2|7)n#Cf4_yRq9`k$arhjJ#&)0Ke^_HtZDslHj%%jODt1Eg zARLdzbhpm-AthzDRbL)^v~VomYUTpf^>PoQe*B#y#^4To_@qYuo4`w~>B*5x=07Qh z5^*Y&;k&*8*aK-4+x4WgKDD%H&y{yVXwQ*Lg2(eUo*;9QO=6`kG8A-}hjm|YHBGE8 zk-1&eIejqh)aN#FcW-5g`|E{`$maGRArts?ijvwjGIpCq$h5*EXsutByJA5T8^cjf z5dDVyU4n!>b)5*4kVd>?N|rhCp;t4eTV7+pggBfN^%o-#SC?4V>2F>7thZ8_inyK{ z^Gs|%%Sdx=yxwW--L8d&8q=40ggjdhE2H@7E6J#tNL|JRt`MT4BrQDmyC2Vylv;aF zcBZ&m9bvG>jiB?@ zh+h&T&JhpogGLSc5m6Sa103Cu+5)>0**rvS^1{%XS^w)s2kZ6w2p-Qo{{?;)J9=(b za1n>?Oht9JYS4VH=e+#nS~{&5*1*`hDlteD8&G)81Rmt2&@ta?vo^CTJ-;3dYzJ5S zd9aT&DH5BIDY7<8D$s?I+x2P94~@%-@l&?~?;|`+{i8@3AgF=wgi}cuy}wcaat$5Q zLGZo8SjcR*57WAhn-0{9u74-^y$aA%=c_6FD=a+UM3(W%%LN)@{MeTRgicjud;8RUSTS;^c(TYfR;Je9&5ss`=!O_m)jUhOcGQ z8Xqh}p?faOI3e95nZU+NhuWvsI6E>_6sC`B2%C!PUMYVvjxOTN;HvlDj-pdV%Sd37 zdm|$F0uxQfCV0xNyd$4L6y_hUu21}6zt36!MrR9sz2H~ZIlmDnuyc33cz3Lio}9_% z#6_fCX{YhFFKHlhtO5@K%F9DtYpZ$Xc_Voe;!`F29#d**x&eWgh`WJ1uqXO4uBH4| zQnO!%fV>4wBS9-*QOFP@-e|6Jrb3rwW~mayV$c8n8pc}Pts34o3GqFHj5c88vtdlE@q>BRgb-bIE-_EWx6Q{ zhc`T4!>7Ftc2b~Q*R|3r-A5S9KYiCe>XLNHJn9MJC99UnQ~$oJheyZEgR&j!EL%Hs zG;}uF1|sb6bCaB(&Fll-FTcQCYoq|q6n9Eb_lj7mXkifCrmH)&t%+EYv#hGBF{y;< zmYcYXFn@rS-3HY{bU#f6@OaWSJj0e>I&lmJel{Unm5P*YKf8v|UJ9H8$HY^4C}m!9 zTfT~C#Iq-}2e!uE!;zo)GN$T|X1t;}EL*cH_9YuFk-^kSWM|>LYO+_pF2a1!MKLn@ zUK#PyfMrwk24t-tZ`siF1_`0MMsHWK1*$b83H{LJ=kzDam1;r1^-sfW%5Eo}`;2`^ zxE)nt$Jth;x{y)NIcr8G4&G&tL4d1~8BMWFHroyRb~D{&D+i z(+$%0&`mDilTq*4X*U_0wE4)#qzkS(7fQmiHOfZ-;MFNs{x019%RGf+glkLo(64k4 zP@#lV#og}T3p2>T%E}^}*0awPgccEkBU9TblZ-``-(VVW2_#%V^3Ro5U7R@2PguGLW^@m;C+ekS zN@!XpYdjdbc)Aw*&TN!u?I^QqQJA-f@rE}2A^Rc*Am386QSsfrie4iY7dm2PJ8z}D zmFN@@b6L4qh&}4VmjUxCO1b#7f3tL;Z&NR?nV&<$>JRy&WM|$FeMfct%98X81~wAJ z28z5*XQc-03OjqnIvK=VimIpv&M&?FN@~1{vVRFUsSM3}{?|pEbL@H@`}998q6gy_ ztsKlx+)PQ5khTQC<~$qIyz$_KzhHk=Q&;u0dJwTOb`CrKe#zV zQJgnMNyo1|X>oBCc2L7xOjq29ODLiAbZ5Z#4>efFCkBPdu&eRS7{knGp^KKvg^4zp)?}`)AGT#zghq|1;{7d`{ z3^FGGsd7yM23-q1C$R%*)BgbR4C$=@T9Co?L;tT6e&NSKp1>k`RXWn_J2heNNh%i$Gbr967L+izBji>e@*T+5Q;bex z_&+YH-u&e(4x(A6{3J0_WsXVtckcqI!^WnfvL#ngw;ZNaefUG6nj=B)+Dg*2{#K+~ zg5R{hBAPy;u$CffQj%yV$`_kZFf9C!4lDhq8cyN2L>xLmBsHD!Cl+PhXqlpzplx5p zMU)o~_ZL2drt<3}qvuxFlwjtqvE&`K5_$e%`TQ^XwZ$pjF>wmmXY=)PmR^=L`48yNz@W|_pt*=7=)|QlcWS#v zw1UeNO>8MD3$B;AMK))iGOt7*JkuI`ZB%7D>hjBZa2x&gV-xr=mhRah6xe=`K>w(0 zeD>34HZ?JkpxFpAQXZQqnH>~wE5#XTNc@tGGEZv6<3c@q3^N0BS=XH^NPofmYRu$$ zOnJN^WFAE|&wR%iLIO7~p&8+dq)g?_s2pf=D0~L#Uv9n$u|C%_8Ghnn+D$waY?Wf7 zSB9=%Dhdr*3G9h0^z25vD3jnbl~@0uVSom{-Ifsc9@n6bfensdyX*c2ocso!=k{wU zu`9OFxFoSqV&wCeQ2mzgi3zxv0^M@y3AyURi2&!e>MjTz>SZdi_HN%~o_p++`vBCh zk*Dw~EdD@?h5ZtrXP=r^4^7*Azki3^rZAzs_{{US^fe5!gJ91mf^7P6b7O);N;0tm ze?1W3Qd$|>gie7LSr#FE5Rz`|6Eu(l%T|>|1!$TGmt4+H=~zTB+@p+xr1g@hFD#6n zya=h=S|)nDpOxt}zIK5lt@x08tlH^dj4G+kx+gI8_Tdi`kWp zc9Ljf8?{}nP#OZ=e%UFLE+3?7XqdJzj+6LoV(mxoruh-}H!aR*B$aBv`O}jF0+L;6 zb@_QS;u|-HS0KCTVZqiKRYk*Et_Uto|S{5gy@p>YwR z%`WypfQ3V%CZ;H=^$2kqV}Hi*7$A0po>*W&s7FXL_=?(dd!xBaPUn029%5Pp!gP~#EnH#8iVW+4nZ z08f2jm|T{2q?OtD-mQQfk;-4=?<t}0_;Ta6$SILqHR82> zHfc@UmDXice8fV%!Kd6F2S@<)s^W{0JhqqJRckBXM9asJK~|Crv>QJ*vH~abGA07( zY=KI5Rw#pwJf4^26(D)mm!G_|bKXFdQ3&9faQH`83GvBpU5TM(Q;4db;=gpYDvwuJ z^k$RilLcY}QUvz+k+zw~kVxxP>uXOV8%nGu+nYy>Fll^O!W-oB8M|i?oB-r)=!Yhd zg$M@xqD}vjqxr)j`^{;q$J$_rQwQJ9oyPf8yL@g<_L0^o)O8OUO3Te}oLE^1GA_(K z;sQ#!kPS|UB7S1#f6#(+4+ZqVi`hJv-F=JgYr+uam&Oz(^x&jF`{Q{5Z!+mKB@F8jac1cMHL&RpF=0 z7YdzWZW0ncWR*3Khik}=$UYY-Z`rbyNiUpHU`nw_LB7X(6fn%;8{ zxpkf;xghQb7c&YH>~Xo!(Ip?*T=#p0Q*YA>zdruxEU;RaKee&hoPDta+#?ODV^j`r zE~nuWx2SzbN9OUjsdbV_%AFx8@ns((VfND0!jn-?Q$+IerrKqH^n@h5Sz$najl}bJ zAg`6eznjPBs<_7*CMVj_+bPdPYZuFe(%gnX5?0f_3UOn;+l(rdk+rQUUw7pNcOTYb=!vwBt<*>ft&ub{T>ftp35*Xq-Sfg3G;nO=0ZV zn{K}Ye{R}K8d=Y@AnP0Uvd4{kPqDHlqs$rEAVMk8rH?;%bUi!FCwH{&d0nP{h)Ma7 zW7&QGKZFeTb7Vw0>}Dw%lYG+nI&6$Wj>P8kf~o5B|D?N5TzMAKe-khWd<(gVIr`6g z+W%O4+`lFaN`4!(TNgoq*@t1|&#xX5JJdOniGgp-hfQ2`v@$p#J1X0nm@9Wz;$o?p?ao+x{W* zbmHK2_>{%Y2kIBz;}qntw3`Q16xX3_`_n?%Qume_1v-#?=g*G1xInxH; zp$NHof6=3il-iWfjM!u|H@nNTzB`h#`35MPVX#zl6?bu!Fdq<0(q!9jR_@&Qd^0B6 zZoX-w@(Z7{TVM4$-hFQoE0=&u)dBM|c)i)JWgVIB#CRn+2$$>ecRk%L^Kwm%M6!guSZ!YWyYBQ z%iwM^5^}Tf=~zFbwdC&$(lrvN#;r6abC`EE+3R@n)z8Nx{Zpg;d-CNn9rh?Y(zRC_ z=5W?CH)*t0{h`$w_Hb8i@BFl;5RqMat>di1T1J>TWG`-@80s&W=y zVQ<&^Ezw?(PT7B~hk=Xjzb!Fo`|*2vpy~8_Nc`s|uk?jE_Dk?I$pg}RU+Na?6!H0u ziE)RQq(lma-e{(zG*Cs8yMVVGi%GWh<8tBOWklU>sLWCXWqbGT`$YKQ``hBtUT4}G zcElHA_DczEAb4^bkpXI`T+^70;&p;=7D{&P3_`$82Vxgb;amzA#V&-^j;)-&~29~nPQPF(??R~KI!t%OgEyn!q86t5b`t+umcw^Tr-Zj2L&A3jKbfD z%kf^mC(KsorO1-v8Vj=CkW|KC_!7$_xrD62y=bQXHa-DN^FxQ7Wo;N5zLOnr&#SlR z#_4)l+12B)=}}4ersBrB17GZm2>Icm>9)#U<*k6apS&@z79g=mmd7Gh;qB;Eh3Se? zJT6Un7|yqYXaI-ZcD@pSEq?UY4}MMk=mp)NcO;Q%G@`3P(>V<9?R8F|E-p}+sovnV z_4>6ltCd6ABGej@+p+AUV+RY|fWyOgwL-wjyoDs&7T(RY5n&$eF)uoeuy3m@OX;U9 zF43{|w~mQ5L47r96lYX{6&Q-D?G@3brm>WA!&TK8BW&|DSaI3ha1{Osy1XIZOgzV- zR(&^FnYqZ&`m*QbD~!(a7lqaDejmoAr#P4C-78(bWM}$WSen|7(}z429*mET`|LG^ zp6gXt+eA}wJJUsUtO2$2n_rA9(RpjwmuliQ^#Eho6DU7GRPF%ZBOdJL`jQz?r!QH* zJxjD=LGD)Zo9fj(gdwr^#vrY5TJiACI1KYbV_K%Du@3M2C6P>_HWhH)c(xi@yeodS z{W+x9>ReC=_LC>6YdGA#v4^lsvXX3?8}9B{UF%)AV294{X{U)8REkGm5<%(kncSn$ zUGbM`VnWMo=*10-7o^6bW6&>@*hQql6sDrotG(FkiQbjJZbX$ z@ooUD#fY`RWm(9u8h^Fbo!OgXsnd|}87OY(+nARLgPOGF;-v=ihK?dh zDsFxS!F($|^zmQTAPc_`9$CU&@Tk?Dps{E|ySr9?-jS?oG|!nQw;@H&I&pM85fbFck+g=$i1EA?=D&aDIYW37Cq>*-_q2W!^c#d93l_5+W)KRx=9 z)Psg#IQV|e86j0n7Lu*Hiz(Z`crI>dS#-<6kPGi4V#?a%Xa68JCQCn&;v&;>$*Lcn?%xJ?z3W)n9egsHWuCkkXcC!OiiCbz9y_ zRWq0EN%%WOZ}2;IpEELBiG63lG^QAbRB3(yoOW7!MtFU1eE4`2_Bv>--EG0TJL<8e zTHxtOk*4r#J``GWXf06t3iu%p&#(Oxd>xJ-qI6${&+CYh^Z z)Zl;d`QzM_F^^+_=@nn|m>RE#0mt|Pb+5pWkOpR-T7ZjQgL!dGyax~x<=1BYkbI}H z0+iK;*A1~)2jHmwT~mCcdQLd%*fHgct5baISP9Q}yyi2XMykdpqyuzK6)CG0UrR!d zZ5oYt@&hcWUvP2KX@6l2DG#E|H+Dv;t>;AYkGYdhDE=5G;xQP5gk=ZPqv(xI#%Ld+ zD+BBBn#A__;|?86=U3IXRt?IFsk1w|Ono&SuTW>NVI?~sp}aE)HVl8W6X5yQ^_HHJ zfI)#y%q>VvW^pUs^H-M$zKQ?7x6I5ZRqIcw%52@LJ6+_HPoI33=2sEO-qVV+V!Ydh z?<|J6F({w6AnRGZ37bCMYWu! zOyAQGrz;Q>Mg|n?Gl5g@5hrRN%m|mm29n5dm%5?)^TcU4d!G5Q&Lk*8jNehEck4%g z$P!-_aR{BQL0N6Nx|0h+HXXwN<6;7bv%1A)ThaGz{8FX!duOZ2$7NeC?ci+zo91IyR94ZJwm03~ygHrFZ2^5&ojm zy_N3ZK88SlN||W(G-*V8Zf7F0#;vZP@4UCTz46|wAiXV1Q2KQ%`y6MU(@qFavp8H% zGfarcCoHpXb6fKDw14#qNG3s;Ijj%zQubn?1p?e!MsBxcPIJP&)PU7Oe>{+XO~ZfF z(?Vw`nezcIREW(~mgqLnem(9k{pi`^{EIyoTE!H#!GQ`w{z1D*Rk7a0Nz6ZBN=fm_926&(ykiC- zsx`huB^}{}c-{Q2(pxW_J>C>63=tg^T6Z#euRv3@*Qr;};iTyd_Y&*aI;U$2=B*a6 z%xkodIxSa}A5O;3A4|PVAf8P$*sYmsF(w+51)nP25AaOw6mpI{4>cy!lU>{|2Yf8f zPl-Mak9uZh&DISQ`q1^|({70igj(=o43f^riWgoEI4KLW8_71rTn=Q!DkxEOvf7#C6=kk}| zg>;%fFG2X^VJ~dA{KQ!voSO@`?dUGcj-|b7A$3p5WEj5mBGKco69e+-LDzL(~ z{ucC&UBl|z*Vku6Z3jOX`5t>2jo7{X@FweJEv!cVj55Q|R^NjfGyI3HZ>#SS1HJ1V z^Z!fev!GO(tMPXGw0oDEaKhDl=3@c_O!r+j$augLZE@{!u!Aqd{>>4m0z0p7>N}H? z3NOW}@@8W*zwthFQaIvNcC8BrFg2OZd!SuQV>$v8{fA|yFf<`M#g6di!pQ2po8CsN z6*#|!*ifALS-lOGr(^{LlN&ALe#-{(CvjSkit~9pl6wu@xEBOS4*fB9qC$h6$2&GM zUB&#axx3S-@f*LaNF@S~6V`!W+FD}sRuBO8E4rHe7VLqy(3Q-E(b}q+)W?F=_EB!{ zOV9Cd*B_<#hA&vixV)hhAdv&|Sg~imqdGUU0zNb|GxCl_&mG5UY1(Mr1f*Vc8p52E zg9S90`Se_~YnqtS&qHZXKC|{qfvcR%gSxItEl6j_onz*;o$l1az5?1WfpFrHzcm|! zsGd$iCbB~5)sb5rCa!vJM)5D^*J6gW`Ql{j#?NPr`)2%)_k0^TdCfFvp|T1Ef{MOB zd`f>T{*+~z zjlQzCEB(poD%^6myd656FSy=K!(zBh;1G>*&jX60SYuQ#7b7StY5t^USia(!wU|{T z)e_i>kJ!)JI;@0CCIRI>?r2Vpd3tv+%uUcX_87?_sr;Gl`#=mxzlXx`=q#?FkSAn)+Hdf-E@nLLJ_C0(_i z{*qodap?wU6A2-;a4)+` zoW=pz`SXKd&b_0p^X+BUl2ZN^nVk>yt#YK^Uj^JH2%ZT*3ujXsrqM~srLZb5n)dwK zSO$Yz?LFwA)WgtsDPomg>iFH$HJgv7-op>2ph(*50yKwJ1!e!_itY+7_MEST$kj*B z-yJ6Jx4W?OypKRXZ91c030wuZd>oHjmVo3Vjom{sMm;6*Ss?u3E)}MpY*Z2gFzS_` zU)T19)GdUu#$P;4b_T#L0m<7iTAA7Kb1bTxcQ~QM+Wv;A=mIws2SVT(+qK&}>PeI2fH>GZfY4T_ zb*WdCl8Xjce@0Z{67Sje(w`;q(ks6SJ992`U!s|5AeC6P1{)J>^vH7~ zX5Y*N7aUbww^7DWT3T^J?GX(&7h?XgQO>j87J~=TY-=7EYsqJ@F?5YMbdwA7VW zg(BAJIgcxhy;i9BR~kBjl$D&FGl=#KYO57VKWsP+Prq==^V5?{fP-F=r)b0 zPmEHcd2@QUpYtt4%y17n)eDd!X9w_-G1tyhZ)FJkVZCD9#C^ZwQ#$Q4KoZ*gkeW2V z?QUapH=&+u)DkC6uZRE6UPq74=Ihz@#c6ju&j2N}o7+3mNWmg5qy|0VasRwM2k2eW zH1`9NV9=r$Oh}v2=rLkd+-c0qaO@;6L`3xfI3vbh^5}M#gKfJ8^9cKwr~giJlV4V%c4AFLOn}S6kU1y`l_1jT>F~Lr zPRZJNt;E!GNsD6yK91bL^=W57mz@aTd*-n_m1bQ20DLTz;kIYjS(KQ$J%Irfz>viw z^##4!d(tJ1m3x6Fr08w~(GoGf^ElfIzhybXd4E$LV#9zl5TAs&2R-yFSE_W(%^|dW zHMJKyDBDh5YXW<&pU_T4t{M~ch_#eS&&dq}(27I1XaITw@OCxtCQ2N+X{6e?(~%V2 zfHjVd3!9k%sW6&XG|gvTP%r1$z8a_?6C2D+rABX}pCe&b0RMreT>Qp}^+KO{ibpbW#$f>R-MpA#U0on3ny~98C zUq|&yr?p&uYB+SQ8kP^ugMMU#Q`!F!;FmY&tA0dE+s>3jOXDt&U9JkA*5_Q==+Wy` zr4A?0>;#w1&&LvAEE2Kb0w*7vd&<2DEPLlWY03m4C+uy2>$}^)(P^gZv2`0INQ#vy zH3QrJ+}yoV{3WAE|Lm=Nx`CbYUT8+1 zQ4`ZC*%_a3D_&=t0*$}ee#3(NLbClkBU|D_Z9XUS+&t0>REdui`s`Tz62?-bbPNPC z_e#!$z-ru^Yak+17i#Sw|~FEYbe$d7Cu{bw-Alxz~v zGgL8>gZ$En3-th}Kvs+UH>3U9U!F3o5%25s+e88-P}R)K3$`t+@_%*WP%v4Cukwg< zD32*yoKxY*jz*TwwT}gjN4N`529^t|+&b%bZM#Vf)NeBz8w0gqg3f3Hk%HdbJ}^kcwO>@~cdJx%fM#zq6SSyk zsuT!w-7HjlwLCuzdtI_MNx9L`VEYYB*kyrcO=$vGtq(u8OTf~N@17DK9(r>o#p3*{ zWOh!UwGo)m@5Gr6)FD+f3E7E<?>8%^EeT5@or z+*m&)edBtF!u^xS1z%!@H(euwJKnd~6-r<6-dfHsXev8Q zW`95fk{uyJvZG$K{I?{_OstcHtT*HJf%qh(=$h)*ZHiw>>l&?<+T_Mo>`42kCSbF+ zfZKkeQ^(+wGTgr3I30!+Zx|I5Uz_*k^sU$pd0Q6?3bY3^|IDn>sw$qc9ZRY_Fim2UAz}wG$w!M z?M&R|AoU8n*Wc&IKW@{tpHM={JqSC=^~|12IQ(d(*VlL=F@B;RfYNs|55qUU-D9$& z7e~C!1e2<~RPIi-rj4!i=TEa=OdRyAdd55ke{`6Y?CU+OxJwW+x?A6d>=PQBAf}-* zxTIUh?UN(tNjKI@lEFc}@?a*xzqi4v7SS^(o1#>$wn$G`@q3k>VL9?|)vo$ouE zzb)EsEiS$N4LUWr^GgE^Gl9GP{gnzwVG!y;=1skb!*qKkWjDrN%}#%jtqxh2Fv+wg z#>oZKYTVBVi7Ky2`^wZQdV6@#@7?fKYbrpOrkl0-J#*Yp>>n-0+rhP|HM-}7h2;B*vV-#Ap zO6!zJgT@!@r&qE5wYvi2V%(FLnCfHlhZ`=%hxaq)O94-x2R3Gk7Ca`~A0i*~ z->Fk*#dR3#Km$JLmWN`kKmw(-Zn6rBpJ_7L*}HHDQWQr4wa|HYHlIWK-$5n1KUOT3 zHQLgeDIM$9TP?7a2MUkFBHzgBF&Spqo9Dg-!l$St;(=|i0H@E8DJ)-`z#`e+f6p*U zhwWNyFGr{D4+W0b?<^f zz(T)%J5I|o_HD?&+l-;ffMVD6PHWpOAIwNHUxe!FB~CifM8w8Gx?ndnv9sIBnZXS; zi!}+6>*EAhy_iMtvh7l3TgR6%PztWz118G_bQxUY2`19kvR6LrvrI{LQ(f+o#xDjg zUR?%kJOz1;{POVDW^IzHVIpAO?3m@8rT+#8yC1H<>#Dbv#1ChSN*gprkFX@Zj7Mbv zfn@yA_x?!By8Fuo3BqadT`yph_8GbA@9CwS2o1OVo>O>iQ9rCcYj?Dz_v~I@s*ZA2 zoQ^-L1`MWFTUz=an~4J;q?5bei(2#b${@~MsSD{3ai3kUO>(Ru?Ao#n(=K>>_O?v> zd!iIjr%p}n zNb+R-GvSCw>mKIb65Twn#rW|z7O395=iMRkz}%{x=d(JE zw5I+^3C`b$bk42clDYbrymLO#Z)54Ycwmi*45 ztPcSgY7ZkQQ}kMBW;mYbZFW*Mt?AW}acI+wmNfVj>YX4HYn6C&+EM@j8SK!8DDB8^ z#%qL?Td>+QKk|)=`3`EB21rFOU_^>~h~cH7jc_^a6i(~#y)s3C2$Na==HGz*p6qA5 zfU>>IZLF+ux)4`%C*HKWwT4msP1VD+CP02CN6=`C0(S;ha>HZF?j0GvaRISRJ$pdk zD(S4$m+=pP`^K9#kD~XfNA}NtybA87sqed225+7~gQYcW{1)~sB82Ngd&Eq?lc@rv z!CUI4a7Zc~*x9FN-8&%Ktym6q14sDubHiAS?K)s7LRGxHZ#ArV?L$0wM@krStPYXS zSFr*aA#pw|yc0srr*QuE%SJkFq;3=chF#x-i{l*_YPDh0C{))^!pFNxieE zjvmqbBW1}0;1eUQZT#|6-wunY?)xIv7!0|?UM{6!1#}$WLQuF>&IFTA+4f|0 zK>_#U3A29_0|x!W>2C$GLN^lx!;a-26d4QQJx%P~+GVSB+QX=IS zHJJtM?e!=7J-a`L>j7xebup!dD?Q(}F>e&tPN;*pzI4Z*V zgn=W<7j!Q#ylah0ScH2K^L7{isD2}sqxrx=aP3jv$K?GlGfd#qiP5OBzBsJ#zGiPf zy@0PrI6daxYkguXRf@BMb*UbjF?iN=I9mXeTWchk3G)ic|72c{ZGGWd0D3dhwCGh! zZ1TF}lR4y8m$WF4m7(m0qL8Pr1SA6vcL5B22#9B4c!V=4GquB%T&+{T~xOtNy0W~izEQwG5@io!q7uHhm!+$?BwGaaX#u|~Q*zI+7W#H*zcg63ea9%T4n%0{ zw&8rF!OB^Xq4E9A!>*nE0_9c$>aiS8L#4o(^h5ygJGn_Uk@P)^o8$*3y&w|udcy#p zY4}bdB9F;$3BE7WnEZG3V(nbsOi5lwt6|Z2M|%=8WdehKJAFMAhz2YI?pgTs1RbxF z%5kV+_MBAnyLB?3#ozC^-p!DY`c|xTz~T;{a%JUAz_9MeJkp=E!l#QE%GJ$o(|X4D z0@l;Qof}RDbkdXVDV0a7ZaPv;(DUWZ!ZB*}`Zv15pb1Cea@1>GL03Jt?(;y5Rv(v1 zr~@*G^MtSYY{06KGIQduOBmPCCR_6PmsZzK#_qVuj8>;?xGj0QQ?`v0H~78ED)zSL zolr#bEsx}|-CB{MTPO}?TfM0*=l9rMIxRA7bTqWwSTe;Pw^&KYs_Idtre5{U4*Gdm zajHw2*sQYRk>Q4bA6}oszQAYf)Ha>~_&o;af%J$P1IId(a_-|7i4TQ_Y;3avbQ^+y zF*-GF*pKz+QT>n!HOmvVida3x6{=4DU8$C2>w~$uq@zc9fkve!XmcR`^83+V2&p+9 zJadlId(ddNmD)}LPqFSG2TsUY;keL<0}Y^NBPq#d!Dj%}1T?Qe&o;b{GVI9l>Pf<( zmB*6#(m1SQ(Lm3>ro0GrI=z0IbvXQN4A55XedICy|ecz>lnvqaSqN=)`?@qu~+su#`mfB zbzPs&^}Bs;zy2;xuh(^G`V^4-~k6HTp9F-@mU$=@1G7}I559hCpdC#7rOEEPwQy?Y#>(C15 zO54XwBT{gwGjpq$=r?cP6m@GzI>+?>_|Q0LRx_X`>ek4~TO$X#p|4jdvLU4$5U_$^ z<}qogseSjR=t;K-TtBFpzWTPCB)^8;DkjrGS$io71Kql!O*ph#l+&;~EMWQu-O?~i zy`4U~2;J(l_BhY?cd;vv7CLdEQbZ8-dz0_gAuXFn@QbOD`HukI$W`0b`YPwOWV;N9 z1A0fN{r#Wo%Ff^tf=(IUO zx8LYsw=?(dn*xTAG?=rNmuNGKT=9ck}8;z6s0`%Ah(ZzIz9!!47X z<^yjBevSso!sWk=%={i#=ARPFBXkNJHcbB8zeU%7+;cgLC7<;8#eMTX+R%|YdNkhl zJW9rBhE=5`&(k${57BP`01^e$dghl22aXW{s9g#XYe4 z^MurWujEvfb9KB|(9#V|+c+ITE1`j;yv_fxP9m$brB9#bY$N^{3!Jw?jiQDL<{Wy^bqGMCbdH zNj9I8ieH+dhYjnYh(5w`h0cTGYS7j4!voK}{ewdJ@&zzfJCwy~8E>HCATIA}Dq`ow ze9B1$ovPF!9F;+hb?>f|`#$JcWiuM>!s49%Bt{7RT?E%^!Dx;C$d1ZbzujrF%hqcL90{ZTsab%KUAk0{{pxeEz)+>5Kv8ul0xv^@}0f zhW=Q1L@I9HcXfywK22Ce@|}n{Au1||!!CGEWpjW#1&E8Y1|^*?3Uy3@F3bLjKmm68 znS1ZX%*)3!X3TqA9peVHEM$BP?kxX;Rqibb9%AV|Mn4fo%hlBDN53xQcm%i3h;g7ZEtlcJrXDU?-KmS1no4leR-;>OO~yI3OPsP~8D$;V$8TZ}tlLAs45JS78+- z>517~8=kyzhvT6`-zxxRIMfGa&Vvhu*Dmcl zmZBCJ$r7An|Hcz70N=^u^{}PJHrK3HR}3D%$&X$K z?^aB$K_{y^F{wl16l~Sen^m(#D&s#ClaX_0p{{L8eTN{>wp-U{^B=ld{2z4C@Z$vu#%j zC!?j;d%z5R9%Zu#ZoFezr>D4|+?AyKQ5&E`Nf-Zl;{VAoksY{DGA1`JktMiOu*}CU zAbG4=Q|{!;y7@ww95UHav||^^ivhmud>?E-5$tD6CbgZk#ifix~Up}mYU?W+&GC@ z>q2{eKT=v`c4u-H%?YHnDco=M>rW5*&C<92#e-dWyX%Je$3gY(Ie4?{(-71*=uv_c|w2_64Q8FLe*hY7{7#VTN(Po7n+NdwSx5K3S>WEv z(LD^aZ;^H@LDi|%GYZCuC~{tCd`$8+v_Mo3+=x2pM+3$vuORJ~OTZ%MSEV&3QfSl1 zy}dO~3HR(sucm0d^e#nyt>)D$1M9zEr(4R=l9({>kuh+tL=I23d^*16tu3fgipC~^rUKR9L;3xYWx zkv;Xpvtb^1m1K-fpTw~;`QM2Wa)GsVWdV{X+duGkZSz@Gj-x%X*p%-qm&YWkEc;}T zMwOA(j?ax8paK`Wq{k54&w?M_1>;3LZa!hAznvO7L}yvUk5{3}HG;aUDz=n}Ukf}^ zvW}$F#=$eH`+)2G%PdO@`G2`-@917*4PAu%uRrg^XFq9)-9$3NOM=!pW`icL%=#_K zFnJSXM9Cpk3ku&2q3$nncdh~V5GmoAjdeC~Ssl3jZc`G>Y1))m0E@uKB+sEdlFu@8_kcb9xS!Y889 z0t(#`j2+oJL3)xqeW=^j1GY61=GFVQU&GF~&jC0pS-0;47S=Fg3pZ%y`u<_iz7r|b z-z<2!v0@Y598XJ--=H2;Mo#_`tE3he;-&#)Wp8=vzPH_thp|XK#2}UMsQy z>=V_@-ME4LT&{-|WmIN4;P`%GM3rL%HcclO%nw$v9GkjUtxJ88#%RP5;d=z;0oi;- zF`BrqOB(mTA+8wp;eVWNNBYXq&;lO#dk0C2Zi}BMDvWlmoFT{d6LB$T0I9L4ZE3U0 zg&0Y+?Mse)xX#OZPjOZs{)IlgR}M+EG1~=)C1<3+-Ro>)(@L02f-n32x%2}A9WEph z<#jO`gW!7>xp@h9ZR@-#Oq~-U3ilo@#FAa^FxPr(Nw~>6#5#Zaes#)?K1$HCPE@Im zGkSRQ%b0_M+3&SNo5ix6JYsiZ78l}56T-K6 zbW9&CcRBxhGCg7nCS* zX5})GQ28uUfxqZ7e!AEYkaGkTyUWk|Nm%QVxr3Xn9{4G%oLJ|_i4Du8TL%|^x-{Y? z8(UFj_j44^AAO`FK}0np<3TrF?8C!7J0_oR7i+4ejwS;}DGHDM^=B|q_WAUp%dt4E z81!;-R-z7&d4+|{mPO#{K^HIk5n|kl1yxGhC-u(GN)|1tj2M&vI5Jr9YigagY%YtD zV`uTazeZk~keIbyv2{=?#b$+13aiES*KK!^}r(tHh3CpxITwkZ=-o7?Kg**wy@c0f2Gg$iVPA+BcU6GzEjSU z?8wBq;|O&viIT#}6o&ePwqzX3I?254H!EB{B(N-YbyGaeKtFm-Jhb|o z`a1UG0-!sEN^hriP@91X?m}2$GA272~@t_IhT8hT4WXL)I;Wv+m zt29x2K8PU-q?)5*@lUxos?EhFiY1TH`vZ`SPr^tVKbD%U3XVyHj3^d>m;3cKNhTO4 zdkX$K`1e^`%2i|VNnAXKHVmnf$~T976M=Xv@%c}Eck#LUB`%H|lHZMIZ)(=rHYR;v zR6knwz`%JEYsSUOR_aN(E=LTm<$etSZa*X!@(S4-4$;91?rpc_t?f*^oQ<&#yidJFr7SjLYqwuu0`{#?$t~s3j&>X1{*+=u=WiG?bA)>jlk7#X!r#vOEI9 zDrz?@+OW7BkO`?>QF91b4!{QrQ7wGAgl{1(7k#|%F@H|(0q~3t7*EIIZ38z8^HK~V zRiOKb8=IuGf34pLG5uqqElG?~Lnjfha`2Ezw@JtF9!PceVi}`)iKL zFq7$7qlvo9W5#iik=l0mY|(rn`xZfVU@r;r79tJ}FJ|JLM)~`McV7iORr{sNso7it zVXcwcrF1yk#cDVVcxaL4RM0Y1Kyu?PS$yw4Ttjm8W=kYKZdhp;YrB^=ney=P^o~nL z_u}=xiYFKpz?=pXHaY2^iX$`cUfd!-B8$LT0eAP-duxRM2(i$BHNjhX`f|6j#iJO) zBu%Ioi)0eXv}2IC0;Xu>cAV3anJcfw))x*T(_Kl6Wp)(J_+DtZ=~Cb9GC1GD=`k>b zXxZ81MLn?SnZHFmR#gqdP}!&EFl|F&)g+(M#-)kXxu61+C_E>@iR+(U^_G_VF=#sf zFTC?Zn{5kaUm&rMB6-7)ojorHnOa6$2AO()zhYbZxu!@TM^+W$!m@B8iHf#>mSNlw z@}2YFfq4cy12fYDvRHTk)05+gugIYDe4UM9&przXBfVQ@uRlS5n#mlo!gWyVRkivS zZA!258Q{}IwQYX`e8Q1!|GP&+F@#(BLS# zaK9J9!>F-w5q(MP8yLo@;W;*r%p#V?6*C{d=KkFWen42~R*w>2beKk~H3HSfLkvD| z@*jnQM)2r;=S{5NHbX)MP~0J2kl*hMGNG5*et?&(V$pd#_!{ijDCdWOB<$dklsGm7NQG}!?EPjz#u?k zkkF5Cd6Efs<9tFu+4Of4Fcv?GK{uvHH0yXGCceXtX@}b4m3C&v`E`E* z3Lz0%5&cd1X}g4aCwYUx?o}$kIMPUG-1Bau+ko>gKQ`+#&{O!&4QRL^)v`1u3mhruieSl&q(J`s;xCgyCYm&}H0o$Zz%M`>_v z^E__qZ)4GuF>tEVD8Q{+yPdj`JX{Zk2l?K_G8hznvR17!fARtni(#fVnA52Ata|(# z+oR3TXQ8nE@hjw5#oFj$P4s=4p;B%X1e!?W-)7|cf}+nvW(jH4FGP?qsXa@G(Dwq(+$P=f6`MBg-gUR z7MWL8Mn?)@<${BjwifEWYw}i-=462Sx*xm-1~wI#{^yf9S={X zb{ie#QzzklS+ODk-kRrFQ~0IAkE>F72PKc{&TjHBcnWh>KE3x0umYFB#BRn+e)q!{ z5TF^1oDR*WPv1%zV^$eae1ABctx|g--wjqNu`CDv&MHNV;(jaN13!E6Y^NgneOPEv zvq?PdYX2v5PawADrv*cjF;m|6+9RgJFc19${{cIE>fjvYLi&CSp8{Q-lr8C}{i3dE zOl%+1fXEk4JRgdIGQHR!T$t5a<^D=_;(Cx*Clo0V_B^k0R|M`

    T$uSo-{H(h0%B zNG77>-O(b-K|8!G>#RjpGq?lUKJB-d=U!|LdRefJhpY9>1qYSm7Dmoiyq&7T@!!n{rShcK(w-TG_qg#oT+s=w<>qNN~Ek4n-R z*8I|s{DLmCET&7wZKryWf_SWrs$ZmA!gaCMH0e9sNMf3^^EkVk;zTcpatyOVeL2&u z{kH)p8bdoF0vy^gzGFX+X;!O@NQbcr;)g&1K_8^dc7$e=YS34__F^&3K1X=nRuG_r%uVmaczd3Luw=9xzNZ3w${8Wu_%=~{eK0(Gm`#(2`z~VdG71+8q z+8Y5Dmck%)MT*F^E04=%-s8xvw2_5NlS0;4<8Z0hWb^ zj8qZj5%K1iA7QC`t^}m z7r|ZLD?rr6nv9&=M~s#-e)vb-Yybaq5sMMz^^XKUIU>5-|CZ~5@tUs~RKQL9wtrlc z);kt%lW9r)R@x%}#O4LR1GvevKc7{()y@`ZPak-Y!!S3FpJJgju=xpFDr#`REI=WfF8if&+0^&;5!*oZsi^^yj5lrIx-p*7FZ2Ue>(lN$& z$=o4Xet@u%-`peKgLXAA@_K*-7tK6a&l3JSE=OnZu}3W4^s7x9{brk}v~Kt$;}68Y z$fjbQ6HRCBI%5bjp1=|Sk{J1AOsIseU7OYX)<_X_3ZBJ;RV&^x#CJz#8as9#Q8=Az z|2g;h{Q8%dn?HY&#XR>yfxcQEPU}hy`*`w42-y3_A9P5lV_WGi8ND*Q36?HjmjhJn z6>_^Ulm?!&&f0i7E8{qPk@2_+w6X9xpzNORKBw{HpoR}O#lI0@AKmEI>aLhf5cSJM zf))baX0N`WC<|(1>Zv2xwQNEO10CY$nO? zd}H9!N5?6;R^p|)PI+y7s?=66$bfH}h*@fmuDy+6P+*aAjoak0-in`_i+x9+*egt3 zo88?&__c}b->PAo&V+VtS9TZmX2dIA{tPzl8!G;GN@6`tro+VFbAPEsd z37aI>N&$uX!#}5R^4nQ-y9Zk?XS3U-=e>y0LAPC`M(oY9=l4FJhtNEmKMFN?@Xg8D zGpAcpQf{a3-|dKGs>usXXSBGD!y)q~e_6X|X-gmqz79<1Djv8y$ox?z=|RvpEeHo$ zi|FQRfkJdSi|YlGkIJU$`?@g%F+vPEh@ug(hEUU8lq{G49a{;>Vw{tE{VUywt>M^% zHl^IfhEeeE5<8m@IMWFpZqdT)uc2POE6H70_URRzOUwUpzNm@-nJNC$YE6p?md>&aVV3(=&Awg*myC zo|(vmu=6!#)gKuBe5B{sviQqm$cAR1*&2wW?+G1($j#BcR=@_%$ypFQu`@rrcV7zq zx*BXja5HQ)F8@A__9&xc63wlcC}B2j@B!4IMy33QVZq&MS;9$X{OV)}-e0&oCzet9 zzZ`$S9{#@)x5lGjwjCOQx3Pkn^}Zcp<}n~R@&{631ouN!^qrha>;h)uv?EN+YjQ2D zwx2Nt?o4(E{eG#6w0*(VU%n9(MU$L1@?@l$h?vw)DNF9OkzX$Hn%mo(hE4o_y#)bm zmCeDXl!M&tZHL3vL{JTTQo%Wpn`~iJlDTl8Odis zd`0*EzWVDe1Z3Z*8+g$y=e;d^arokmdQ>+q5;woDfueMhot4B(2y2S@^$-oa9Vef3 zBI2dKz^0K3(l)-}#7Lr9`M|tl{-Cx-W7f}{VJF8=&r2RhBDmMu`C|uN<+>)%dDwG+)~TT9mzaU$XQABJ^Bo;Fx+6*nI4gdDS$+Lc*{m3 z-gJM0O=~Ookl(s#jg=IuzY(uETXiI%;Yy({EN|a6OffU9m-`OL^pdi>0@Ys0k#=uh zti02Br+Mszr+X`Qpb~7xJcQlv53f@^>T{Y`=pBL&DK1W*qJj_264HHAoOj0no`LJi z@q3y5-m_(5jm0&r_v+^%07aeDL(DGpNv#~q3bUzNGt1jYEQ2e)U#6L}f5aogd3D~B zboG8Ub|8TgKf@Y4?A=|zzv)9DsZC2ww}Y+n=5YCNAmPcH(%w@hO5?HyDPYveEcE0? zdS`cD#UCsOY)>cXR@s%uh@(7cewR-D7L=ry471A=05LFuBSD}e&1EY0^^Ict>-(m& zAWv!{>Y2a8`hL)cfiy^RoTe=K?|U=NUl;4u`?p`8p^Q(=HO+;-e+LzuJc>iMZ?n$! z`6i@23#Ief9s8IQRUvTD>Gm5$kXju#myfA)3B~Adh+N*4`2U2i9~XQOg~!wQB%;h6 zT;mg51?m3q(T~^Xr3|+<=qpfRUPXPMx+CnHR`TuR)2W&`+bQu~ziei*=J%>w4z`ce ztgkx?TT};+QNg11iK6b=UPi)PsL^dlSuPaKxoe5&KwAhDFIlV%{A;*xwdWkNT+=J} zfBpGo&Gn>!TQT6>w7gg0QHb&|yKeR+*V-1T%kyaNrWCd^R0*nGAsWYPQa;wPD^n_Z zxc8G5p1w|?f7dxsKJ#5NZ&U}^mw%ngx}!ZRV)E%}Rj~A^-LU2;VZ8v69X2?9H{-4?!utkG{LT&QIXPC(sU#Oo&f`$nh?WeAg$;0C?K{J{6s5e0 zCdo^z(MF?Yk3x*-2jOLhexN3uFnNn9Yy< zs4@bA8B;a7UR~+@0!VH^&V`Mv-B?5TC>~;5is*-%nPD{WcYI-(-QoND!{sVa`ZIsa zyF#A7WOut3aQC5374=DW76t5l##Qo#!tm~XD0*VH;NbvqvvIRMSV@4e$!}eWljuNC zSRRT7Z`rAsOs9KJ{ZfC~gK*7VsFxNxaXM?c4KGfQQEu63%wmj*&k=t#t<5Zboo8q< zEh^rE&qLTS%#}0GENrHRm%%y)?E=2((0peV*z+P?XbU>Nt>Z$^hO|oSla?B!ytv%r zz`~I5mK**sfRV_Z_rBY~9`7y^8*uSaHJIssaf~nf>?3skO`L*cad?Rs?%QKx7F*KPyJ<)TrOLr;2Qc2eFTk30VDbp2z0nP zp&|P1O(ZeUH#u@EXgF+VSo7ac>>PMvOB(kS;4CRPC!If%x6m)loK>I-D@+p_YfF59 zA_$LXmeLl5*{r6t=qVe%vR%7G7RaRKN_fAhhc)N9*dv<@l=IrxM|n!u#@iGvE))xS z<4lnBykiax9KTftBP)#f%5>UAIt0W8-xzK^$tyM%n<3RjEi~vmIt<)nxMyJg#=%(y znh-f5rj8TO==6;&tqi2o4(z6R!K9SNq zb}PUK#Kg3kG^^uNIOmrzJ&~59JYblWxXXnqZmY%Y?k6H{>RkuLeGzE+Bu#~6h^yZ} z@`Uh{3uO8a+}K$EP``=R7QHqutdkB_{FeUeL#^uxy7|J7wDyuQ0u!wRb*p(?+IK*{ zCk%6(dlAB9*)EZYPotwh8@2PJ;Asq&)`qjtIk4}LyMLt%S= zS?CP=T%1Q!Vl72m@xq+0hf!F+Q@g^Udv|d8dJ7j7TZfl7H^N+?7gFZbeYQ0Bn3Kz%IOUxmOt#Ww~63 zhp(tou)D(ZUb3uk`}cdbn8O3K%bU!deaoq>tLk-AdqE0TAuZGWC;MSPvjOD1$H0m zUGcN3&8edHV_H~=fUv16IZZt6#1t?ds|(`EcWlz1bMJ7Z2+deA{jbWmB52 zq1W1h8LLy)clUWf@a3nB^FUnk^uujU$AmmOI0#4dyLI|EK67G+EzX`i0i9SW#xhps z_QVQsAf=dys-jCl0#+>q{bbVh$t9hzeg^vWsD`N&DCxRI|Hg>Y)TrCHtYYZ3Y}i{T znT5~+!u>!cxVz1&+V;|!y5<$9Pnmy_>alkb>~5zS=$u{RA--st_hfY)V=4a_sd7Dh zJGFALG~9r%(aT|SGKDn-XQmxvq*Hz>T{_3y6IM*S`c~o1ob9e^-~XC%-&S16`2iVO z3IdC^UA%ia$MCpd^C$BSxi??v9~rQaB{D_wm3@LtUcx8?l$@q=rf78T<4RFL-HXEe z_!u7l6p=ei`6TB+^F*Mj&8y|4q^(61zn^RJhTQuY@=>b)bq&nv0$GBQ^LwvS=!{(t z5qvkUa^14boEr_;k@)2(QFNla83?l9Q&Y$xqHu$@EUP3(j`OShmn?};0EEqK#@K*0?)1!l1S=T}_y8ITk zZ9EZ5hwv`%ihgUxe=f@=l^7|AU4cv;5^GDPQ)M5L_dX2c4+~CHf#UVT#m2HGc^b8? z)cf?*>ZV@4X0;Waz8i*-kgl8czKcnK(KLD;MNOr*pLnv!(XSf%T_P#KEnR=y)e<{D z`1F*V(T$$zw5{t~wK*GC!FK_Hof;ZOkS!U|&mkx_@KCfyU(=k+2`>TqYi;WWlglyA zI~U@bmA+^M?gxoKB75JApn)5-4g{S%NBbx&q~uI#_M@<~)a!CvXM1r!K1krm5*_6< z^U6h8>^3)jExf~|pYFAmF3&?osw&y~#s&*fh%$SYtocg0sAp+jJG-v@+2w2iG+3LR zS_oJpX{-NkTJ{*xX^J-ZXsP|~x`Uu%5w}zpl;Bak@rT)#DS_$8FAuZ|6QK;I;QbBN z`E0q_moXM7j1}AIzbkK-Ary17in=hM0*BB3lO64@l`on73%EY~R!1Y*5^&TBU(YdA zn^!g^WW*8fSTJ9UELF9A;Q#r=T3Sw*oKWz%KoPfY2Tr+M+2IL%pwz?`Zg*9nB04-; zMup{L2DQ7+NTOV8E>keNn|*oa=TyyrmS-x2quKeFG*#9~uj?ifexrzpismYvRBzc6 z!?r0|#_`rKQx|n1$tgP(T{rioEmtKpV~BX{>S^;@l@V7v1RdrAcdLu*P0#1=fEBJr zulgj&IV9Fu=mN;_B&PCQF9*^HZSg)7<1;#8>-%bjr4njcA{6ZFB}WmLAm3x-8=;vw zsH9;eP@nvnvuV(CzWvuoQiP3_@u_hv8E?eM!;Lf=ZKy2cW7 z=quBUK$opI7b?gN7U&D^J)RTl+`O^dM_%-v;*)`SR376Zu&@e8RpkE)M$K~iBtI@Bfbjml6dC9Eb_A}4?N%MSl zQW8bI}?O8Jgya!N-9(xpUW@NuV)7+p}wj9X) zFSG5sJ~jN_3@$xR;U=qBx24XpNgc9O7FeX{s&78sL-=hC>PYx?H30BF#^QGtZcR77 z2KxKNxm7|cw?L|k?X-tDm5JE4<9CIhBTds8swS-N&E*L#{VOAoOdgrvZ1FpaY2Kx2 zt2sx55c0tPMCC2QJiXkmy~*KgrEk#9UboVA0;6SBbhyr=XEW-}!v5%mV%qu3s(uzya>GD0n)T?tL{#a!3b8d4Xi}f{-q)N=^%k8X ziYH?fN9zXERn5;2Z%DL%*P3d0TNF%9d**IJ_ts_a#&xh}g<@tv;LI-AN$?}z2kS6E z$`YxEPXu+uzvWL=&{xU&7}sFIXBXglBCh_1QH#xL|5yN>m7sBVgmb%JS2Z*AYu<9v zkO+KO(eNQq_=U6PKG5A^Ag9Y29ra~-?af=(T=~0V*H8U@xQ)(Q5zf2QN*y0LqCS>2 zCVyICmd3L9*4ZL|U+K~CWbk{)g{W+}<=(`BZ||*0P#FSt^4s+7F+Y&6QaGt%Dc2s$Z2sN*!L!IrSdY+dY18}E>VN%{1b25C3 z;J;SXmD9z@^i6@Wbi+?6Nr$wg%@&T*QsMN##|ozkINGvBhq3y>o(6M@=`2h%X2g6&Rc2A z%Z=Lo+A3zc!^b)y?KX=ZO^5^1qw$+rNBbC4ojZvcS&?hr_?H(5Wi*l-w*w@=tQZql zc>~~^vM+l0muhK&6}YKBXR@?k{8T^h2gX~yW4U!QObecuOojA{R714H;K&=`oG6Tx zEq9d7XLn0uOrNRfUTA!;vHGvZ3B!W@9XvgHJ#G~Gn7A&DM z!q?QGS6`O&tV7_)N18WLRN&12ccsppKfU_uCxiAykbYrDDZC#IXRbG2o9p|8krJ?D zO2N%z3>~o-JjVrQ0wj_#QKojQ`CJfTruWs^))xX!{;)<2FS%;W;P-aw=w|tV5PD)% zz=cJ%EkejJ9fWW5wI!arF{Hf%{zun5ZoJcbCRixu_~+=_{=U0FgO0L3dTa29Sy&qV zFZT(pz02xoDcP$fr!1nlv_x)WS>+#JcmAQPULnF-2$H0 zc!KUn+fg?6eM8+$sYu1wmUWxhOSBB7{QLoO<8H=6w$77^Sn|6HZSbT2Fux4tgKc{V z-7e(9n&IYY><7H`9YztpAVAia0yY2Vwx2tKnPO3|A zYWJy|3Rn50e38ob{Y=eG#|u2;KEih%JW0r*c^+ExQ{r^(oF9fy7%2sg%IEu8kdbh( z+`Uwrl-UUf7nOIzpqUi5V%?zABy<)d8N& zF6P5J+U5#H&8Y7AzNVN5bzZ^Q@4NMqA%#pa zT=oTsoV)cmR27~tmOHt_>g|symP4SZ?jcR8C5aC5hS@o0NU=&tN1W3QDFTQBEkb(P zQ8?&3=EAd21ZCgwUUSIcc4X^k*twYCVyu>6!Y1)mm|eM$@}V{iv$XvqkHndnP!@#% z!b0y3%-Zo7Kk`jnk$sJXuBL?C_yU_sXAS?{CXdzF!0-)!0kK7)$;XP}$N^vJ(Rd>+ z6jMhvK?PbV&#`V`G39zp@Dc*rm{q7b75e$wrooh4wBOAaqQ~3MgmvsZ<)2H!myp_R zlAq&E=}@{@Oo2yp!~MIhhudwc)~gN3S^bL%MM1v0Ld?ACB-aKJ!GC;?`=^gsn^3v- zD|<_{Szc`E&*-g0bG#tU*G?3{FN*!j7Pek({WD_P`tGa{aRKb^b$ibf1o}(6KN%|A z(}oO|YJKuds#Bh4qmV@gF}{6#U0{z|66rJSuVye=OE`vfMl=q4N~$RYl^u^ zNVB|dfsB|^E1d`puReV)sQo1lQmoU-DV?t)sD&HenLma2nrfE9X_*nEK(z*LYr0#>7O3=ePk zP6h`JESn}{I0Q}fw>r^`SWnF{YkT7Bm*C{H`?##eGe||KGCiUq$llQL+lJZf%X6O| z-z~iL%M@$Vpl+;W9&huZUfdWpCnJd3!5g^75DnLiJ@!^q2P#-@z`s=)bzln4G&KOm zN`M(Tny%-6^YM#~erFx4U4(w2%hoVcBKll;?Vd*+&}SFTKQRGT>srC+Tp7RP|5+;X zbq3dXn%j4XVcWI;A;-^_{I?QFsd3sl9!Lz4Ar zhMH6h$X<1(`)nu_G?`-HjB*O&7BF*(?+8TQ!a8Y>xkV-@ECvO;r>ZLlR5G(V|SQ z)$QbsvqARkqDy00tX%{6(?XB6LHxBf@+LNQ+0)$_nKu2SMf-9-+4Y59K9}^BOJsxR zq{sU=tOuv+K_=F%$W~q8L}ER;e5NdNm!KL53nf>tdxRfZpeQqE zW&+;+Zs_pL(AuK?Fdk$9ZrhDp$zMWhwLv-36Sn7$_zVdx!KRs8az+rUW)Nxl8+bNL zj~@KLVl5*Vre5gFsEmXkFZORg1-I@5@s>hs<^nvphwmLT?T~OvFn*LZ%zEhC12m;q ztnM#dHuAZVUr&72bxaT*APb2&3r0j-&O!FVze+j>*JVm8Fgp26>-9td1gvs5S zA$B*q(M*uU`*tz%=X7||EaQ$9<6?;l_k8;FQBs2nt+C5Aaqcm2{8<*+!cN$UH0RSW z?wz141+i=X5S@W*Cc})PLFS3wMrg3@7KWRlb8{zcC(94GwHko^y*F3Gr`%YPs`p?s zTx)E#&qX<|sTlT?qkL48_}o|%L`^QXoz&P(PrTBLn({{CQeZHONOK+kY3CYOV4SO2 zm~jjIirJc+PUqGra4W6foqJ2w=pH}llN=#-YmXqp==S}Go#yQKR}(?&IoVmY<(2i? z95?=_+~(Kc6pxQ3Xis6Q{-<^4pV#vj$sM(T+!PNn05+Ph_s%Di)T~YjzIj30^o=Y2 z?IJn&QH_HPK{{ zRlaY1*E{yOSJ~o%6qco9dSQv6WC@NZHQL^j2qoRwAfBaV_W@Db4)Qw%7BL?CqWOwS z2yjSvK3DDqDD~l6_yAmF)RReNglE5xdOa|s2T|5kTYINW1!~7O{=G5l&Jx|D%Emut zSL>Ujei(J&$r8*4<=Kr&j~UzSA9LFsJ`=~J| zT5<584;1Y+!VcSi?i3y+NK$zY%VS2HX(_%(xG$vX$ZTQDqb#s9{jWxGgW$Wx0|H>K zII2VxT>y572qpZbAIJw2AePRwzT`{lZ$hv9REJGoF~WWu-6zyMMy-LWs@a8sirLHq zn-iu_6P#L&fn`GBMEcoiSxvRT-)E09D9&0h>lD6ea+`DO=xYsbfAG0^L(1i~QSHtN%X z@%@g%1l^jvR`VW=X&>*_KIYJ~&^T$bc2w?_CL`KEixO;Z>RDOusaQz!wCOp;Rwd9k zzuOi3wqiU1R7FP0Z#-sNeINZR;aNSau`ej#`fSpa_wO>!)Vc5MFly#6cf4wJIMQKC z+h5sg1Qhy5d{XPSzm+T-ID*DBt*xOt(J8snPXY?!Ncc~YHY^u5*{rx=UI+BZVINF;`iYQE+bQ%QOwF%KBfL6ci5jHd zqME#4N6xFbN;ik|1F!BJ_M;)f?!B`Gq^rTK1WCu_%6Hw)vpoJAsa~d6LC>$rX4uF^ zxq0gAm#=R)j_6Q8_0-j1-7O&}w`L1T`9C3%hqF2^pfpm%Ncd+GtR{ zVwAU{wNs0o*X*kE@Y7S3N&@lTK}vI5^8Evh=$(a#j=cGucHTB#xSBWbSxhU`Ic zxgEoD6RF0}Y_l4rF)ufAlS5nja}Bjv*L+~qn~Rmo`!zEBRn1Y?ZgPNZ8c?m{2?4lL zb6)E-g#P6Y5Kq^5nDk`RI{pX3pF|nq{;IU^K+-eg7p%wH)JJ*k8eOkXN8F1jEB*<> zXpMr@Gyb!jv%o%(H<4_&+C1#7@B?OUKNN4&o@L=%?b&DIGnFiAPg#Wd;p+7Veb>>U zuH3KLeAALqc~??)R z71L2%dEpSfWG+I~K=MTq)*Z`1!|d4_-rFfob4DXA;`oc13n|@|-o#fU_n~ zo37>{T!;DbT!zx9^SEg1utbH23<3J+2$iYSqMx2&wYexu)ZWZ6?q_vrpl zi4bdO)iquH6uWR055Dv)RI9FoYl%(@=|D!VSXYQl5RQ2#yh)&JjvLa2>s83`lvLgk z0jc44Vsp5GPipP0y^(h^>An?0eB3)nt>ZlK?oIhYqs+(Xn6-?=uH@LRs<9%83#f{L zw_1{JehVT<{I$oNcavR=dOI7!M+

    TOENli!8t*<7xITsvtu&Q^XNxh%oQ?_6FQZ zcY~c}NzbJ__Ud8l-o`XS`Bi=|Akekc?K< zH5ZE4h3#HzWe5EqzDDJoXNToIAFZQA7~?t9sicNc-i^D(w11*@r=$SC)^=sgpdJ;K zhGSWCyRKxreGUj+cd43vN8DfUn7Mf?{ugSSQq_^BekkByI`xzA?SKCCK0w}R5WfP7 ze0b9dNkt8E>5B^s?XE+=-m6MB{0Zl%n7`rILU?KBHRL`}?K|o+&HOcGbdRfH`vt>- zxxB1pkPKzB%3+`rSb;fzRlqtb_>Ib|JQYOK)2HCFmVTdW9^1{%7T6i>lexhosY6xo zeK}jnFVxUUFtB^MCchg9mCb;+Vub8YRtcHPhTfpsQR7Ki&N zmm)$aSZ`~yRV$f?Rb}7%4-U2lR6zx4dPG~Sz7D>;X+=%W=*z%|q^-4u%9_uq4T?U1 z)ORT|_n++^@<6OTB*jh;eM3vP54I{hns*+`F*@TG1_t_?w?QQ;dN1^B1wRVYO)#*H zUz62JCq{IH-aCgA+}>`hoL_Dpty#D2Z|g!32nMKtpSRW&yqh-?TxMNX7@LzU0!S`C zgwa@`V3~&9{L}^WkHB6oiaKg1tD)v!l&W8Z{`nbgOWgl`zUKQqBcpO9rL8oV(=~U- zYhZoeL|7tX(aEPAZ9uflwD9ZIeZTcR2pp#_K21Stb^#aFlqN`QyN`UnB6S86My?{} z^as4RhV7<{(Z5l_c*5bYwgq!Hmh`Q^CBbRUh4ZBy^2?x5eEQ3di|0BTHp&EswQS+rMw>B5}lK{p}Z4b+C)CR%#DNiS*4v&)#Ju#_iU4L(>KkRbS|Q%cKq zs;l<0BP#eor@9<5r)s%(&F^kBL&CSfv>%E6r6wTF;o2yZ&}VI`P$Q5APM&}|@STfN z1P_B~;CJ=ucPL11?pwci9v^i>rhBM9yGmjZ6ucR%%3Y&6^9##7 z1PY~I{otSNU}C!?;}~aSC~jE9hcAra)USz2l`(p18>c1aWMDpVvOtn_M~bWXwTESg zjTwkFlrTLEVk!rQwoaF=Y}F}A!KG=?NAYgnTLLMfOoZVT@ivO)DrcjUz` zB!J9{ulba;D12khsr6@gkG5E{TF|7MlSp}S)Z~H`7wYyUuCJmjpfZ5zEnh!mgb%I$ zN>Tk=NwxSr@ph-VpxnVbO}Vz0TjLCzcB3j0KbCo%K_bldVq)McSKzpRap#$sqSH4B zbc<4IzmwNfv9i*}`GK+-vNdTtrHcO*mGacBz3r6EDW`#_!_7`I%Z{J}sObKsr=(n1 z(`&%cRxLL*xXj`sCz-)H!gOjVs$u!N&CuLx)xGF#J}D&8#0@W-f%}!vp5*e3j>50M zc)}(iQ*N6%e|ouNHVnL96+=7w`RH;U7jQ-Vg}tKxy5b6C?QHHqBMe{bVzq8B`HeB zpwitjlnMsY4MR(J4b4!3Ftp?_v@$djLoBTRCj7K(Kxb!+En=s=j-QyTIZXFH$j=10Eq5kWKy=YV?R61 z#ciFgevUj!_ZG2ayBIG8l#%xD==l$X8?#kW7pfzPEM_t?k;Cg!pRYS9eXXE>gxqvc zKIjS*{>4dOGK<%V1o&1!$`yR;7uvY9MpMmMI8fav$NWUxD4<-Yi@5?9pyx*MF41nX z{k7e%u5+2Lux53ZYfzRWM%N6{ttTNAY?<7f00+AcP}nms?lF!v*>9V?%#bM+s(>th zT^RlcLN@Oq3B&`u*GCr}BQMfdoTx8sn2^qV50J9X37Z*cA`k*Xn*tk(=d|o9Www73 z1|=`wsl`CUUpPe{PXLkj^qrcrS_&xpt&8oA8twt-^t)Vd{*=8-0|L$YsQ;hbAR*OI z@_m2+tFRfRRug^$Kx9z!AxzmyF7*EKLl;2e=nv$Prl5BFCdNtDaAt|!sAdqi zPb_U&B401veb|z8zIu4Nedu}k!L^p{*J17}OqM}NAuVrTX{xZy6(c9FF!9q2%~e6K zmSoa;8qJhdt=pe@f(tuxLk5oHdQ~`IrDjtn0F~}JImPiTgRJB_)#dS<@eld@pwV<&_+gVsC;|q%t$j@^bbO}{Mt&r0;xPCZXMEnoHio&y8Vnw z>Dcmc2ovG1K3@p19nG3Bgf^emSkJg%oWA9gZpMEU5AY&BGgsuXg$v_*W7Z2&M+-i_ ze4c1hG`=r|-@ksjHgUMq?Bi>;Za%v@<9yT@Q0UFo?$sDbxXi#Un%xb^^Jli zEEK&#jnREtpheA-N@v|DwV%SGr1Bu^Lv?RmsLKNg-@7&cJw-|V0RpJG1V_n2R7P&p z?NY(K8hih%HM3h(qLsAqMTKmGOUUrPYY9Mc>}*b_IfJUtdXb0#F7#J^109f|)Q|Bz z%Scp;e3%eg=O8IjJfu1HTh9a}IXlnS-H=^(4D_bizNvDjl4w0SiyR%k1yn;Oe=|{B z#Wt1A06=Q>5Sn%KBZU6)fDO2!WbQiV&FO#Od6{&CW}gwKjE>q(qa%*IEruNh1qf@7 zq*;n+YQo2%)gA2A3K-=I7)CkmjzwL^cGEC~zbHq8)gKVxD=>iv%ohW$*A!jnrD~hC z_YAEf0}SD65`PEQxVFEMtQD6-Un=~niRtheGviyT2)y6lL z$hCxoxzkZK%a%lrA`}H+DUGpxgUk@zDd9;sX(z)HjV!)3kjwk)1%X2ee9CBQ@(p6w z?YpM(fB?1W`gh$E+07$Ub;7$ z33YSc!$~U>dr;v@REx{k3u>Sx4^YJE`vtg+tbtWGpt;B{KmWrqeaxA&4^xJ%m#gj2 zO9GRF^vKIV52#L6gz$uI&4O}++yipf{RTi{@{LJ{{K)GxNDia1LxLIKq%OQ{bT4md zN>=G-DP#DdS$>LIru;r~i<{$L=+8g2K^*!7faMAAK4U+({HVqW+?8F3o7q6==G zx6Wl{0+(l-VFFd2Ksu3{hjX*`;DbXRO#7p{$V(A=ASPr4#w~_-Tu0&#U(?P4s8;iW z|Ck}ob$7Sfu#E8V6h_8w=|+0X##FaKPb5ZHyDdq@JaSr2wN{-K&Y~Kv-`4D)&bGb} z^l#eZtPGm^zeV+Sh4ZUap47JD2+qQu))28?MU({Bf*ZE}GgF2=j zHwqnvGe5SAwm;7%PbDMwa{eXL1>6Grel%P68dNz-gspmMAgv^^H<9f6Q9{48EyNLz zd0QPa(KP3!2%C~v_X!3vhW)-gFCoHqb?SKDQq7ep&5i4I64uyHguFVS#Aih=icWfz z%0uV}LT;B9su?P$&ShKHX!LFX2NrLiG0Gj^7b0t24y_OEY7ZcTFL9KF^II}W$*-v)aiQIUg_i(O z3{b2i`k;F>W!4yQpL-@?|!?Yn;zf4YxozsxtBD^Am-q9ovf$A!!G z&Hfi2J2y#anz5Vjl;r|{|E^CZVQqrEopTTzG?z|{;6QE7wgH_S_4bm3AO`p#CySUR z@52zc_w8pkv^)846{nn<-aAx~wABbzICTOiA7N@GXhH(Y;WQEWw*_1_Tn$e7Uh<13 z4i(SH%YsZ@pwg)#UwckrG?-&qQU+K@vyN6jWM0%CHnrUYdakT$Gi1N?pTL`SL4_}I z5WKCW9I&6Nh{kLS6^0%g7mX+LH_p%{+3BrhgDGf$86aelkO})qZ$0>ziupqfTskWl zchZh-5PDbiv|b5cjiboR3o<9iHo=_KG{wIQ(s!nfhcm0z*)k0DmI#=s;Ty*Ew2)-M zwCTc0NK{f@{ra`hbH`KBur8(>z#CBUy`+5@GAIVKc zUH6d>%CEHea#fVp`Z=r@a%R@VczIp%H=IuW`J5g*Ty)+{HI`+Ks}H|Oz#-IH&zB(q z1%M_ja{O`KE%0WoL!;&8@oVAP9iH7M#JFb5XdZD$f`!23yB4688W|vIFx6XC`{X`efe{p)SlFJ{2QHJ!7X)wajeZtNwB)V z{tV_33|=GmpqPwt%)c|f3_}`L8Vdf+rweAYS8VuJFqK3!eNY}Sp+|EVW>(qcjJCf| zC8JbW$RT=RPSP#D@IJ%l=ItVreL%9j{pk?M`CX{ulWFtDy7aV{3b)8H!)>&kTF7ag zB}bEUhP<;EG-|VnpiAWAuthzU$6R)eD|T>WlJC0Z==h>=8iLT+2=v9#%+S?ms>OW* zS*M=dpLVKd!6@*mXP*fHMO`2%?VB^N=Wiq2zRJhEyGYRdz4Nxs!xl)-W`SXSz`~HX zV-O-oX<6{ie%i5#-doMQC%{=HEYIW57&g)y@Vw3fHrz-k?;u6;py`&vHlG=#`uhqF zA3OxO?Z23#3$;5yZf+pC=xp9!{5T>-SZ#6+TJR4ye(me5I%E~v0}bD==x5tF$_IJ^ zaP_4ua~XSClBQb^%!3iGx=kVWnadl#%Xe*o-m4@^>_Jq4Y2JCA=&OK1XZKA8Frczt zcV2jR`45*IkB&qhqK1FlmGDVzjbjdw&btP+zojw}=K(RK;jk80>SceCpX-ti#3glg zhU}NMqLsv4?{$H?n!q^Wx`L!YoseZMAi-{6U2q{u`N?YnXPbYHmb)_0JlN>LOo z8R1&=?#K1gk3HLBK5MaY(NEHyO74vT^m|+u+lvxzPbXD8WnyeMErU*zQ%_8930ut4 z07gS21tVoU8BS|-*Hn{&&*%qGtl32XyEoVT*X@duO%A&s3_D-8LbCfbYBX0h&4ziy)k zuYsDycJefy!zxoZrFW*xa6J+T+vqY_27<(Q(FZXZy*{Rq?(6hu2He+x1=k}NvQZ9M812trg5ZU`mcy`AivL*kmv}kBxq@~ns~y~dN=EbHCQc2fg0AXdDI~{SH)ejf#f`=HsVFd z)Sa5QUsR9300jY6{1z+p8DUY4fHDAm$ke#Wd4C{LJ;>(aLCXL}oTJ*I#~hi7EO>Tx zYI#`cc0&*X?a*n3oeXPECq~dzM+G7J4*33OaU-rUVN3y1_%9?aMj$*pR60&HJrT6~ zr|qT00v29xBybqB+bP8e7%F-a%QdrA3|yZN!5TVH;71X5e; z0x1o}9=oX6-kG2NpU>vHV2#BAvX95+OwE>VU?l?Xm#feJ?N~3!&-|51zJi={zII+G zL|fZ*LB^?l5AGk0IvtezkM}W{b3X|2*M9-{TEUEE^-TgBXMH!zym;@?sf>ot0OBLH zbK^=fARkB_C0`ecY}u+l_i-tEnXl3_rZuB{GL~gxlF0>Jk5t$IzEn>;d^S%1wV^jK z!7&279J+xpP#dk`Nc*WGzNPt3R;L0N9V+L1XAf^&Mu_Or9zZcBk{mYqbbz~NK!kr& z3+#SS=-x*f@=#(tos7F9g?G5vA5&TmXnXsw0FESoeS!dNKwI-y^OXpipx{1>lMme9 z-n0Y}{q&CvOv=Z*zD!tS?c`)P6iJ#Ko`N|6nCS}|IA4tg*r{j7!sY;jYAD-9!~ze(=KlkBi96MvysIVhyJ6waZ1z)rp6xx1T?YBXnd zM3gM=Z>E!XHNWeO1Em^{0*-}gDPF7RJIGCH@+80TxWbldYBj4%rZA27MgtwE-x(?P zP2__+2oGcixDnFi!uJkwjCcN$rl!6)$#rr))%Ubz-O)3KwU-$A&$=qIoq~a*47F7F zeZfAU;AJmhXfE-EQ6U)7l&&(>uJQu}2+pey`?~@X`W8r9K;iz zdH2q>@$l;V22SS&qkQ#V-B#i$z2?nWC(#zr`~s?+0c@`t6H~9)1tDav=$a;`Bs7ER zf;%;%;)%v0Q4oosm~dec^$UeO^H0|ZGjfXA<4`O}`y=-u=SZ=@&2>T@ZC>Okv$JtH z$ZVWM@dbH27Zw57De2duu#9`&fp^JeBIA$S*99lNo+p;Cw*iq0qb8n_Fb9eB){>cs zk%ddI%d0QF>Aa?1TW#4h_Wz?rjCW8ba}(Pt?VQ2jgzxNIvY&S}?dL4MbH4xE#9y76 z114nnAmx-szuR85e-Nl;q-w4PA#hvf^lpF@WeTL9g@xi2g1NOd*Sep*B)jPjsGnW2sp9tyJ(X6q4-y&c*)!n@9GrAx5&Nf8h}~pwPh-PW}GaMb@0K& z%$`x*KN&yDIL2JX=suRuV}}Jxu-5Nq6q9i_s~62i<9%)B`3-2G?wjA^Nh2kZlCIf0 z^q7fPJ{Y(1vxY1Obut2p85cOO9>>tDmg|+uhTcNNUn`6?S)D~@xN!Cz_dg?vtQqP4 z+RoZ+=-}kuS~1xj--L{6nw0}c=z1K*Q4;H#ZVI{(c4+Akb$}ynlFOPU{gE|_+^*g_ z>5)|@jAN%}{9ChdpH`B5z5(vx5^CajAm9D9gTI2g;(}ZIxJTaOPr>`j(N}MaBB{+v zpRqc>0?IPjZl5dhsFQ&N70I?8;LCn-A@O5f@sa$MQJG#)hr2B{k&V7Oc(r=c+0s6q zu9W6mOnSPeY`H|KHTCx2-0Ms=^BQ!)casOFuepwp_$&Qtwg>WRD^gp%_lf$ETu3l~ z&1WGf%Kq_U(03GZaj{d+Bknu;9RC{qQ&o}Ff!t&neI0pP#g7MF@QkivK$;4D7$;Ev zuyS3KHJXv%cqTqK(&vSEx!a(2kERD7o&olBn3~Yi!$`zFk@R$`C)aUUdeGdcex@9} z*CTo9XSP8I{*3T(&uU4FixCnAb*cud&T%z0rvVJ;?Am8pjH9hrahcNno&*uj8;XL52j3F;lORSlgJ~{f8vmFH=LD^P zl=a<9U>ftbi|#GCf@7yHUGstqtyyxC#8YA>WTV)hkx9GFL)l;@(jty^96<6 zMtb%4@yT4CoHxZ}$eP8bj@O&)PtQ1uE)VthUXBl^?5)9p5+Z4v`0Rb=pzdYi&4{sr zH->*m0LHk|1n$K0h7?SMhZ(v{26m<;w;u;oT5gv8&LQG$DaHhT}TPZx^c%+4!_NP)Zk+px#u8n_dJzg_t_SSI0L z{aN=>=-&6yz!}H7JU3H)(>$im$qdA+OWrf(9;qEIcoBC~>&!Q;5nd(DqgEV>A z(q0+cRp5GLMJ(-&wPfe&LQVr;6vci9I0-SfY>hANF$yYpa2idt6|XMlZw6z_iE%U^VvJcx}_AXX;M+?L^A8hz#5c z(znc7JQrL)TU?%M^-9d#Fm*Pv8mK(hVZ$x_QT+@jvuWN_dZ{-C-#K5`8vR{r=BQ~_ zQV(yAE>+E$BZD!dA zx=BY-<9-WVMV&Xnm11lCcES^F*|@_)L?0#2THnHV5_zLu+&9MbGklx0>DP^CPPGXE z3IKf+pw*4mB6q9ffec*k4N02g9G9JX2Aqvn;U9YuXT=_YzwJjiwzxotcJz3bg|&ZehpHy^^(QdB*0cX>=!`0`gw=gU!7;B z{Is0vtoj6ZmL;DNRb*jTb)_DYBAju&`4Hd}9@fuK@3*FCrnKb2jDe((-Be{ZjwoQ; zJ=@SY?>FRSe+UJuBxjXx?dpX#tKfDvyc`PjKy6oy8fRF@>Kvrbce6QgQEyegK}~s3 zTZhg!3KG5BW=!72R!e4$KI@;c6Uj#f+|^2H*)DZ{hU>g|YA7!naubKTG^Ih*}g()TDE8Kzr&B zeLUO9dcXq%v{LDJshMvobqnKP0IsU5GB#v@27Jw&uA)up624ASlcuBxrg6R&rDRj z%MlyhBBRHo;a|a;Q`;XsGApM(ZN2fFUWu=5o1O5@FQjvEn^}$#`vJ*;zqqdrf!qN3hhDb@iI&Hj%vj56r>7I;XQ=WlO&)WP9g z&93Ikb&z}}UmLFjWXy`5G>GkJ!-90HOE1$vv?Y4sd_@%0NL;)vLe0No)dm*UCrSn# z8Jd!K2V12bjq1R-7~sJMQiT6PWq|PL9W@{!vTf!+`s{RA+ivd*n-!`HG5f9b@;hI( zn$>WfyLf*hPk*_`yz|$)K*!SbXwZ4O5g6R}n+=sWo?1z+I$xMw#+m{_FfU#c(7Rrd zoS3oWmRd>PYFhX+KQ!?P2cZr)8$;I~&zc*X|Cn>ks0SSS!BYJNLpN+MdIE?yt!`K^ z-wcd4J!l-Zq-K1JaOBV%l4!G88Q7YZ+^KP2Hr_&fF8mXSCZtY2t)r-2rjuQTnC^?&q28<;c)?zQTn<;M}p|?$vtP209284VV1M+XA9T7yQGt z#5#s_wQ%9e!r#T*IsbXyjc7%uYg?Ik>&Yg@9!x#51Z$0YZ@cZ;XQ z!oJihF5}Ng6mWcpTMbSFVa3hCs?vL78&!@!b#|6avMN4YWOTGE{Xe9jn)YVt15f)M zGOe-2%{z_CiT}yav~Fya3@-5U{A4(uLP$Wet?Jpm9Y)0(3~z>64{Zsv!Zal&A$QiJ z_m+fGZGO#p_XABem8QS?w^W;OerQ17AF5G)YUAz*xci`Dk}a@0m0Ydx`%mKSqkGS( zvBv;^%b5m{kV(d6|8S-5r(`k04c|TL#+NBl;IJex2k&%!=!bw{MU3U+lnAHF&+7{ou{;q~`veO=}G= z-usQsX!M}WzEr1ueNm}-QMlk!EY<<#zI>TcdpPOF7kF}UJtO7`EsB+)1@(J|t76k3 z|GnTzXP@E>g?)&GL0rAlDRxmb?`7&!a$A$&M(HGmo0pP@9jg^s_fwjmJZ`^VSe5P- z2Mo&deqlHl)$L{qj6_TpuywTdq2u&?%DlDF@^Phs7u-F*TqVkp;dE*~TQ7b~>TRZ` z{1pD>S=!jUx@=&N4Yj+$^8vnVcw)5j%ln1D2BBfAap@JtjTb!hic5x7GzqoLwjlA=QqM9W%&m+^ApZ>M`)) z(I3K#=&GO=sxnSWLSdHO4b>Jy3DQ!zCOQ5ECg8pMkaSCaKJnX?L=RafA1jOJt85ur zk)SVAyQeXHMn;dJo(9R?054uTMCVS^UYkvf?W>&kV0eK)#d*?Q(-$%KX>s!v0XmK> z=?2*p!F@8%Flxyg=X()v;jNwWADeVbFx2R!<1{rlx;V1)E>R9Bj~dIXuVKXZj0qmu zuMQW;nWnED?{&*V$Yl!pUm>VxkD=LL>=`h+h?q=@Em^&a0$7t}zdC-_?;*)3YBzoI zO2d|@2tc;)xXF5zbC%7#(5y90K#B+obqh9(9%{ehdN0Sbihgr&m!?0UbS;!CyE{J3 z)H}hpi9=QyH>nCFJHZX#+x_KTu7ZbY}eQGmufcb`@+BQOC>7W zkzyr?E!=G_tmrU~U){?#YTv!@@#0yM&^ma$4ktt03HqKZF4|z?ez7qD8g1rThWlb{ ztn%N9v36wK?!5sS<9W9{91Q9sH}uPM9g^$^>sc8T%HY?rc9{fuAvo%!S3{ExkwX8p zVDRuxuE|3(tBtDb(E0rMy#7nvx0^}7yQD$cCjG-*K?la)5IU|sSY7M0B*$MNPp$R9 zPx(Hv_V8x6*B1M6EQ$4Kp#|1W?h^{){;hP!#ml5~x)#f|C9FyQBe}{#v9#aVxa7hr z7l~IZrYUx-T@)o~l(iG0KA%FzBb(ZDZy1IU@Z(Dq3Y1PKfbvwEh=)v^Hm;82e_${X z>BTG`3c#4;Aro8jJTQb*XG=bZD%WoyC`!GxA7a?E57&n7g76?_RA*>li!T>&dAO4Ig~w z6+?cGE1aEL##2xu*zj277RYlO45NOT7^e;)F}c?;4<cIhFqU({cpjDFJL{MVN|N=FdxS?X}?4(C?2NxDUT*zpKv^$gbA|HsOl zC_O<=jsPlcjdjc7J#mIvnhQ{1CX##mcSN=5w0Y12=G@nANJS7b*gU?TtoX}8d%FN8 z?bkMMLeK?7KYYJf#S)@JQ}K% z(ww$T`!r_swIh2NYhV#SJ^6mP{|#36X|RK>rpdKa{_Z_L#w}63r8MGOc9)HYq4E$& zWLK$)Du@cu?4JhofDFED}6L_G# ztN1L8uCw}Xl=Ggi9TMXi8XQ))oDzW4x&1zmCQe;!DL!g2?efAhOid|kh!fer{8~6k zWA!?DF${sADnae_*aeKKC{0!-hL0?6_Q`XO9gm!t`V(h-kBjNG*V|4V&Wx<~F?8`? zv#3%haNcX3e9hUDEpPpi=$`&S_3-yD@d)|(gT8yS+5U8 z$M+_QnOe?>_M6w#;$qmXsh0vsk)%qDJ6{b*^!Sneme8dM=kU~c33yJjV{|>CAXNNh z{3496a1rn&g8kBZjSFZnWhZMaeUj%cs3q!(UM|)o7dgoLNN#=BAOu#77)2v=u*6#T z z*$|M$N#l(gT(nyRy<`8rneA+4%uU&0thQ)>1^ALm^mvYls-JOZ#(8GYi?a`w4h?3T zz;DKtgRC?r-(;X&H3oiF)l+*7vm%TKG zc2SPzw@0ue<|j&(X33U_{XzTIUWSU*RW=I$lClWcYvX;CnU0`e9Wl1aQitGq@5)`n z?8C!|EB<^Z0RqM(1_We+0x6S^CPDbD5S!;n$;n^-?zaq=*pK`b6pS#xrBD19ANP8f4+Y< za#*6*o4BG-Iq^Br&H`%`dF9+4$}k=x2sON@w)|!OkasL?q#2k*Z1MNa+4G@qRE1d5 zbN7w@<6->Irs2E=Mhd`QA+9Q|%JpTOvyL%^VT!Ho19L&zJg(ASu0GalW+aTF#)_=Y zu2qg+HS)8_Nb9zd=S^a_k4eUuD`LJUZC%M=HkaNt*u=U~@l}-YsG2uhsOLW>X;2z9 z6q#_-fV93Z6DNMX*!nuDw_pASdF;w|YqP^%JMoKD;4;0+NDM53VMXx{EA94H1)6Td zkHSikDn`|xIz!~rd&M742tWq~Sj2s-39zv+F)GJ$d{SXS>y5G>uSTt*0~8(ZgR9-) zgCaQ+CCtv16`{}AQoeJewmMJxP|W^w=DO7|HWo|gdd6xW#@qcO$tJ)*PxwE#YCylb zN&qG&&l;_?jUHbYG##^KtuT$&kH4e&ZPn_QJaTcL#30_*k^$5E!{aI1fTZsAoW$Np zq`@_zUO`i+fI^EQQ6a_R9)}!_R$51=LolM_^84mq-Cp$f{_x8zfZT>V*zK-PrV>KM z#|8@Mryhve#7P?*f{XxNMsI0{)DaPgp;u=$bD`oJW7PSzmtZEDut;kilIOj~d_4Oz z(=zcc?K9;`7qN2U*L0;xj=eG?Is9RBxjQbj^Eyb(U3o~V`AFsEMoG~ih4S<5#g6Ll z^l;DIi0iyf!x6Nm&C^!cvnnqSBVXUO)p8RK;}l9+)aO0j(*9w3e|v+e_%DQ9BMdqa(CC4s$aB^DHY54h)!^z0&MtsSr(*m zMI~>=c5FOPhd>;PcsExrI;sDzJKm2iqKdEBROcWq2{}h{spoYKELY#aVEI>2DiZzq zSOs!(#|@WrnX|)t-F=w5n|pTb6WlcKCEyO~IVR03>X7bX?MJ&tZBFT{?IpxQ3Kohf zBeB8^pKzZI-$iG7S6}n_SR+KSSR@E*7;CpL%WrqTv-9$4u;ZVfd!K@*9krx&>ulQN zm>&eK`pZ~N2P1$+idi|jz?B!Se6vcaoVG2{NohDk$3C{VKMpuSrL|lfRTJubaU1+U zyW$!E0Kjs93vgb9y)7#x3x02%iMyfU3mH-Tir)UMt49x}in+r01O@NhdTx-Ue~|j{ zCKj85ure%A+8shtX?f{w?$H*vUL?95qYJ8PN~jrTpM!}G5Yq^LYqcv)na9?7LVJGe z%DvR)i%T=#9Ze{tBJ&HdKcyXP56G=zT2J#Hq zB%Ed_fvf^;ApDD@iJsV90qC-rqqo!s_f6-={g~zb2V((qF}C{UFkG=##~CR(me-8; zIE9k(zCVqbcpS<>V}7IU^7c+`d9Qrg_5ZyZ7w-bV&smd8=uZ4ExV<{J#VKW$_iW9GM7hR;kzC zn>|l|7Cu_^{5#Uy_E=U|R=#VY0=OeGnHVDUtq6Q$31?1YLV^c*KwU9RO0$8$r`Tdo zpyWk_Iv5Fe2V~3Wfgr4x4l*37(&J4ck!!l8)h5ti*R|wE9+|d^rd==;We7q845IX( z|MR#KllRD5wX9%$KNTiEEgB>jarxY{IF&h@^8PhgEb+7$IBpU_c_Niplvyj*m`t8X zmxfDZMqL;@2CMBw;zZWSIymL2z0D34Ewjf;Xbi{GN5v=Y1~X zj+2Gj8}G1PltvDiGXWnDb2nv4F zqD?EM?j@Csb?J( zt#;w&B}!3FR4&UJQqD}>`hljB(wAbMh@Dm|`YFZ}&#eDcSpL69 z$9q8n4*4VvBJ?iCv?fFVcM#*(%Vx#u9Q(h|O(B{fd<{By_3F=XW=J)tAl`jONk*iR zcE~fe1qJhTfb%{Fp57o%^uZKeZ&ay-%n(cPVRn46nP{aryKRg(l2WTiPgzAR2f-4V zRcsa*L#Ck+jjB+eU$nQT_E}zFgBy$XjaMB#Zqs6Lsr)MW)Myb@8SbQYc{(7!aMj88 zU{(}>iti3j5Zh66N0SYLby!e2x=Fzv*L9mhMxzOdwq+}ZiND+y{&~4MbIQpTCLz10 zpwm7v<>rM}4Ezc~&p2^i{zj6`{`>-Q7;JFW5w^RNaFc1CrVt1t|F;r_fcP^Mu0EeE zKmR=}P6BDKuNwUbmx53yfKr2U)cH99REWs93@n3~U-Bcr=%l?5#A5<&9Ct9aMp0Vc zVAsR;wP7Q#8!+X_;>|hZy0wl+sX0OYCZVGR$J(VRJBs-6j9z-3$5y1ee~##NwK92) zpD3`lX~{!Mxb=g{h)TeH212b-=$O53a|wHcdQE>Jm&O$k-z}k^ znKTnJ138C2$DAkYeCtY?kpC$Ukxk-9&O=w9*SRq>8$W6I6S{|FGn{cSr*l~*i&aok zGOv`u<)^YACmQ?T9RG*ikB28`2XqAIM@QLnUb5L4v>1sbFD-sG*cX0AD|%j54Hch? zKY$^yD>a6_Rutnm2x_dc)yQ{pVl2stTX~f*BpwiK(TKsjDQFxO1yAx!va>q(oldYn z%E9nb?wBh?>z9hIy^Kb2iXl(LHz2E0?qNI%B0Kpgvm~DT4C8&f?i!FVIT6Z#V*S9t zq-aF0^izqDD0d(N#)Q*E(3+nC%%+W=Qxa%!a9UuA_AKrWaaMqu13jwX4Lwm(BC_y_ z_Fhub9&Epfmi+yY6{%pgA9@+)pdQjeJXx^Qz+!o@6D248-wPHCVs<7$PB{n`8`r9C z!%2odgUzXnxB=-+gUBO}la3B~_`sMiuP4Ne z@2X}KEgJFjeG}+po%dsEuUnuhz*pO0DFW3I?}}~Pb+KG=Nhs>5hu!aVuBTaAr6kV& ze(d^Sd8?`9JR5`h1c$N&AsB8QO2&!$Gwce+C6&bPHX$Zr>~HRiB|V9Y{hy=EyvK~3 zxhi&I=uC+zGpkc4U=i>=jOFS5;(X@5$o?V=A$8IwH)@R)Xq9(N>@{|d*O+W1dS#W* zzGKY90t^o6(R+y<0Cd3n;XYX9e=9{n)Hlalp$D!3qKJA#+>Z7t#(Zw`ZAVU89E z-*8W;I5PY{BQ)@|C)efYsoH^6p8WiDo|5x=V{EC^SJXoK8u@l_bHaTK3_KfQ!b;CmU9;&^;dy$*Ts z8U@I)N`y(lZJ*6x2&H^)3lY8~B=vHYaJf4JuYL3HUsQ!l=IxwoM)g(^VqP8zIAP-j zp|oVo3o|W4U}9!`a0@u3RVRGkiBUC|<7!7q0Wn|sJEmT+^BXPU?p@RSL-wSc?x!BI z!x2`S*!F_(eNEzZm4{r~^QQ+OujO7)5yfb*vlI73fT<5L9chKHS|GnKxIthjvXP zkhirRhmPhJW>q`G4&}R>5V|?aFHd)WKB(kA1B%K2wPx_z0XnwsoxySnsJ+L0LwR}y z;*#*aZEYju3oNWk*=P)_4K1)|w;Yz`LQSKS1X(Y*pV4ZS0ZX9B@WnRWUaP;0EY0xRou05Pt|a@Rtx?5osC8YdtytTn?xP_LnM{uy=qnM+ zvx2UK3~hau+bw<8pAO4gsZQCm#!j}R+}5~r_bbe&;WRR75_j%?i6WY)b17ahpQO?} z^c(osrWh}4`93%_3L=Kga)%}Q{fR3ZiQHeqGo+Ux*uEPw*M?joNL54SEJEY&tQ@`; zcez75aAbcW3ld6u(1;`?%(utBiFoQA{vz*?RenB2-2KTTZ`@%V&)II(y%3O>)^Y}L zq8tdKSU_orSgx)rV%B4IZW;m{ibIXgJpyXkGmWK(??P6;s6$kA(#q0Wmm=dw+TNO6 z?Z=DuZ#`Y1-xw>n>B!DO!32HV7tb*`?Xyq{$j8UYwI5$z+=Gk!d-hdG!Sdtrq6RpF z-%h0#nbn0?zsNNa47>5pEn1YY+K231YBOlZP;3Zu2pA6NqPT#@mBr!ZTK$(-j$@GO z^Pl=u381E`YFY)P+W={=X16*(F@Y~IU7y5r7E=4Jq$JfcqZ_FIR*&-~*^6|~=k@@p zo>l7~fD_`AS!_LYhl%Ahp|_vX#sIT_2luyRk_$DscTWEXP#k`_Um|fWMTEf>(Ax*a}#d*6c@ajz|K$c24K&&k4k!EH3{2WJSCP@W+{1mH#s41 zWkAtP02*9jZEqNt)GwTBg?-SzL}y){Qg#gjx-Ab#25%~%u~wGZ;)|R5tQF_ps7NL) z-5e$1@+iZ$H-vcwDvef<)iD7iJ%cl-bW#(Q8gW}sYe}e(pIFnr_isjnUMW4SDx4pz zY3xKRZd(M=Lo5v*B>tw)F7nLDTv7oKi*pO z+qcEy=PrFnWY)KDPdEe4Y>O{&&Ko|%(%6#NnS2x^r%y{ZZ%9k}k#WeRMzWlE^R}vE zPedG#ughbnxzp8`^*3d*gkbAbP7@&%I(N>|jn^2Mjbrr>E80fS{+xeyTky%L+9?%3 z)ahfAF>zQl*(<9LWwz1Y^(3o5`#@Q^*s#R@cIq)YTkGkwFKbEZnb1$wbyH7j%A~L= zc5ge$;w615r%+|AVyy(6oQ2^fM7aeo0|Q%av=XpIx(jdl=GE?9dr&5J@@m6nH9fu= z2kIF~8GXlwZHeiv-}M|Vg(`KobqU@EqA|VW!eT@lRtKrP!_vyI09@bXA`P|F5eZ*w z^7M&Vx8qdhSJ#0nE>{Dt%|2Neu^!8JbKPD=#mQo+${+n1O841m`L$%3WHx^yK4boa znPPVtJ1DD>=``KFV7|DcdkPMN>?LFO@vTq|*2ho#e;x-%1$%J_T%kF5@&`|Hjp-F2 z;csQVeV1UdNpA~owfWDXNlvhf^!_#$zrByWz{QutA3p=0^#HY8X517%D(R{E1&^;E z+&b|$$=D__8eiQ8tzd}21p5`Y=F&jW^Wne!XI7^-7Bna9Y?zBn<9U$3_Cta8FbnXF z4GJgfAW;+89D!Sp_lOo~-p$-so)@(zDL9kC457I6*e@uK+osvH|* zVYi2OAwKtOfzwe{g@!3(nb^T|JMYU=9cEOw!0smEtYN9JpM)=0q0yPQqWP?glEZrR zVc*uY?m_xQ2dXxmsluL1dvD%P=ctcsT)2Ujv+XiP6=>26ap_PG%{mtrM*H30BW}vK zvx?W=`-B#V9aJYmE$-i5OEk+QEF2^VOk-fM;9)LT_Tev)VS`z`HLF*Y-ZTinU{I%b< zW9ljuZVruKvj(1c}k86^07>9o%BlkGMCNT!aLW$!d}ELEj-yF8$D`Cisa_C`jIy zm%m2Ir%in3mN^z^@`?bw)^x$o)&53NsOU$6_MM_G!v@|B_usTkf0`)a2xd#MA>XY= zblxnOe*4FfVaaFd`m;bwEK!AC;TWY>$U7&@r%RB__lDv()2ph|;UmI>^Jl5VrWMvf zJ+u5y)jIB#!jMyQFW(O}b@Grk(Scz+Ew#sIDu;PVFaAdV!Y<3eF^$OwM8dRlO|Fff ztSoNS)^u^7&F^|76K7u*QUMcZ-qspAVC#{%P(0>?1*b=S|$vC(b39k`1 zp5a4x1m3Q2CI9!={r!6j1plB>5|Tl|93rwA4aiT+F%spV& zQRKB=knh$IkZ1f)Rgo1-4ufd}LlB<7|M?9n0U$J2 z>I{biR?Ea{I?BMU{%eg;-XzBHy49vQOFKSirHm8S-Xv){*TlWJw3iJ0=%P-*Q)#m1 zB^8O?rWS{K+CP`P|Gh!x#`{Q;%UD=&%p-4iuQ}boD-EyfG6b(m;gx;hMgi~WlkVyn z#6*RG{5nVC;7#yTh914jhr2lQ(>9#drF;vj(?)DV|qQ5cbavPX2Z^zs`7}L4J0)VS6go zQmw`w(i+=D<&_r}*{V~Q%Nox0Kld}^!OhCx%PV?6L=pTrNl_ji4XLAFBw$uX5*^Ns za@VZFtezp>1*A$j`|o)vZRz{Mznd>EtG}Bp@CJZy{^t#FumB@+iq6k3 zKW9JK8wp1*RkdEr5>`DtO#AoIbzF+9hJMZYHD6eSHOi!m7JRp->ixG~e21YzG4I54 zye!npl&SfetKg5haIuPdyAMeA(?0()YQd-=KysC9+Pe9Ior^`SE*aF6WT}%cpFzL; zH?&lNxSGa!|7tlNy%$V00&)tjpjr^L0Qx4d(SQ8hb^fjUhK}!I$F=oe*C}oOW=pOr zyoJr=U;*D5uSqTvoss>|dIk$a)Yg;~*vx54j#v01A z{#mo|qea@N5zT;W$QDenE8*XO_uqng{g7?HarQ~HY7!G+A1x}S(l2kq;$vUwn-<(w zKj+J3>i)ZSFz8#flnZn4-(O92M&9r~@b9bq`$^82k*N)O4hEWR^Ri0YijuyI{2tH$ zJYCL^Y<8$hJs+5#U3M?5ZhEq<*o^x1rv8CjE#isM=NwBY*Cv2=?4ctG0aET?9F zWzS5nr@tW^i(q94pe17xQr)hVsbXb)c(xh5PyT;jxjyUkEZYoE9xZ=&8=g&P)5?`M z-r+cYq4fj^bXZ{NPBu?mm-b!GC8?=r+D3GBb>mZ0xsI9VPcD9HPL-QVqOWEV{SybS zi2iVH=Q&_>;WET&LLiWD7Xe_J@dkI1X|`-VqJv+v=hBlZ8WyD=)dcYu60}A;NH~ug zdhG9cKbLoU@8Gz7wAki8dbwmXb&tg|tj&ryLtej)Mv~>Mb?jc9e~UHmSum@V`@K2e zZ>I4{acst^IIkhp!DN(k&9qzv#iDfKpN@P=%GjTWRm~$3zlL%g`e6lU8ai^(L|b3~ zKgPZ~py~H(TcvCiq)SCWNhv{)QURrvZk6tikpc=T%?N1)0cokhV3fqD5fXDWjL|i^ zd2iIO&-Zzs-y8e^GPe((xX-!Ixz2T+^ZV&c!tAcuv1dlQUHaS}q%S=px)G6&Qrz7# z$+7yH{yt0mmhP{shJ=nV`R;r!+E^PG+x}8yglv;VF&Wla(`?RSRJ|A^I`>Vb0Gjh0 zZdQ<)8CYC`M|#QEhbsTs4*z`{E|a)BIXX@mfDoL@`QzT9)y7fb$`2>18cy9bhbt?| zsiSGFRMqUdY5MDHF@0s+9<{%{LG56X~T!sYlKe5%R|J zPCP!l54?r8tvn`&%}j#f7QJI%NX7u-lqY82oL=fQwqwSZn4O*bnb(c!QAW(xc9@#| z^sY%mL6m2Ynqg|}`Hwmy=K2WNtI2!a=bT4ACVusnBEbxP5gdM8R-A1~UX35g-Pqe! z{hE{c9G2j@vB+kzZy?$RmihHd|16s(8}L^)ABtcjp>z2hWBk?kUN)n@tUWG$bAGKD z_<>$cL!YPnO!lX$0fSKuGu?vx9Un*sf3+K{*%)H-eRuB(H}zEg$#OY~A|z{1mv_6J ztRB#~fQZ4Ab1#6~XZpe3cxBgDMOQk^;Bda(uw*=qwsU`r74T|V;*g|i&V6~~P7ex> zs;IXljQPzmZayA~21k~B)jra*2J&AxQffcmTd5>UcAJteZW>%<@%>Pj9kV}H9dwz- zUO3sY&Z0QOE?1FMLm(lYsJk?y^17fPJi5$R9FSoSTnMeiv&mWni9sx8*;(f(s&Q18P5>mD4Mb zrr@cU`rKXvGkLQw)9bJgIQ$=Wu@d56o-&Ea*%|CgU?!FF7UdqfkM~&WX&b^)WX8nQ z0Q&YEC2~eB+;`_LmtNWHWidg4&k|&2GAZ_Bx7l+!p>aLOqm6&{p z`BAJ!khvY=`I^|aENHm5A;%Z7igOb19wog=-hV!hy)Y*`%Jb;`%q>42GjHy;(lOV` zk?6>j8@lP)gxlfOX2QvkS-A7h*UZN9YxOSYem;#k`YZwuz{HH9K^tQB`kkI)HC7^6 zpCg&=esdPTcp96y$D7O}5z8 zWmX_b))vJD&Rn5zGiou&=z3q_&_J=^AcDeaE(xieRbIIF`omhVajsKQF$d~rD2G$r zAHy<4HLXB;WHzBksD)B2Zx6{;XsCQ&8@`cx^*Dx$i*4Z6>40ZB z4>VpkEoX9@O|MsXFN9snM=lYCGawgv{berFa_L5q7Rc8r_%LVdwCk@@F8rD6BXHfCbaI#({yA=JJj`Nh9vbtZD^<~3Co zJinh3{?p`aD8|$Jp*{~EA>_u57ZD_XEXkhWkQiimCx*2F?y2(xUG3uhGjwqHgz&7# zjBfb{$4=KAtK7MFiKNkNYCw#`^1b4FeB~oMQHACBs*R7w-Q6QW?PA-nVm?pj zb(<{2{b=ls%6-E$7J^ug$$g-F?VWMIM5p`IH4(2k=DDBM;c>t30VSNWj3OqnQm=Xc zH3Mm^=d%84-+cl1h3eTahsf3w^N2EM$2hq5GbK?&X0EVv^Tc{iJDa@CDNtuL5D`<~ z3xc*X6t%4&J$POvr#q{nxCi>p8ZzXLRZtsY=;AZ%AvhWF8azi^TT4`aPo|!)yPK)0bLDSqyKxPLnK!C1nzirQPVU$E z&8vTIQr)Eux<8Aq2Qc)yP3E@?d-iK<2FS<SXTW|JDa;<#E#&@8BYPJapxdwSfu&9?`RCyz^i0(bynHziirx{0OU`p zNvCq}05%Or#2Q#Ft(3=jhf>wlWZbV!jO+|I+5f?5>xWpM?HsUyj>y0Q?LCjh31&kc zb;fdyHny!gK=m=S$QbvS&tc`Qh7TSYqK^Dis>fMCeL)Z^_*`2%o|*}4btdxA#~#VA z6vO;r5`q}^s$BfYVIsfgAnNnApyY5oKAdeBBgOG3Lb9D*gL|7v)v9EKHY(Mn3wt*Ro|TP~dYEO-=o&g0Ynj4QA6%zm%`o^D&zxjaFK^t7o8 zA6{oQrL>IbU6c#q$Tm`Ml@swvbAdnZR~WFLWjcbdj8sW~TlcuMu-^=oyFaPrM;_w> zv-4Qe5m{*op8a-O7Vrkue9RbdGVsznW~J44Uw*KDzcm@x)f>KElP=rkBL}N!Xg@v7 zzjS$TOpvKP*1WR#p*os9oHIG)A~vYg1?JLoH3?0FfaPj^SMvciaCqvW(R7-G`FH-A zo_w}pll$jx@_jRxDFZWX6zpP5h}5zP3*$!|e7A?nRTcFG^+l&yF+bKiy`1T7dX01| zU+wf4>^Eb=ljVXIz1$yivh+ke35?mSfQ5F6fc!PM;>B1y7+cc*u<#!9a1$sp_#@`SO z87t}3Flt3u09ItVU(Rn2=&9e?_di>Vki4#aR%;itBc1O<3!aeX61UAg1#iNzq&rx zolF|Xl@A7JMO;~xCH#|`yr!EK`jsxctw|>Z?2#M4;FBOWKuku)b?0fD{rb%KmK+hiCP=s ziYZte5CYRSJ2;D`^QhQaqG`+~#CJv?!_AgDp=>`s<)d<04z@EmzIp~RI@dp=0*gte zJ3iI7P^sD^*GbuH<1ClXdf|@u;#cFh%^eySzZRZ2@)2vYI;T_#Y5m~J_n)e$*fHrv ztn}2!&7NqVhuSpS#e%$z3EdgRmvahS-WaKKzAXB^2xq8LhQC43T#p4$i58s+wq<{z zMRVLpQ#u3Nch`y26a);53JLrXuk%3-8&T@mT}%}9j(dJ~K1`4OVaC|P$H!5N|Mzuw zw!Y#F2+a=Gx58EDl2gYrXSn1(@zum1b}HNTOa&XnaPUw^JTJSgrN6 z@WzN#;@*g!+_ZNT!f>!T{xroGXGtXAY9n+~X}J(X))uI>AgA;#NW zrsZ`nwdQr}SPCLB4B+76S5SW^nC!IniWrb%9^U_G5|{rqm+TaYMS&-d-D5w8^y}@~ zCoqw$gltQpiR)M81x2ss)>cBg@_vGw#4f?Xmpi<)EA66a*Xat9YHwVMATu!28LO{G z`Ud^uE*)5LN$2f~eT!|M0OLomiWcbbi`%V$AoJwx4)dA+yxqON@(UVhkYGB--w@ku z#cniHthB_M)4yr!Xd%NH=dTXd=oN1@7nOr8A?bKZTflswnwGz3aW4p6*Xmh|kT3K) zJX7sBr-qpflRIakew=6U#O#4%@i0FUSH3+fqy++s9n88#)~IOjTu>61Zc^3k9A3b_ zeI%w$8`*Z=#D`EOZ;!-`k95fB7DIX0x#Eob`U{_mwa70!n^Zltj>KfxcJZ)Vd6Yc9 zu!YHQZ}(des_~35IQEeqT|)J^kS))N zLG2NOPq044QUk94)R{3?ZD2#`F{t)wRCocny7_rmST#UM2D;50mL@KpSpWYCB)D+J z{}<}8W7b?-8yo`G?OwC9VvkFPmGoU~>v~F-&j>6wzo+70X-U?<0pL zAvxyMx}VzVVNGA{w0Zoj3Nee`UI4cz*=~fE-@VElRqH(1!1kl>7$MIv|TeP zabW_qsU_;d)Q`KLkugNkHD9*-<%|eu{vU>y5tAXXxW&xb&TDwk0qLvlIwgXQC@~2Z zjCt{u$?xh0>Gm{t>Z6!`3db(JVv-V&Spw`_OKNPD_{6Y(zh0MLY&s{y)F``uXJMUjpc#*Kb`V{9E?^{ZiD~zm&;8?|DinW$@>p zzkj^G<^Nywg1@!-LGQ1S`AN9 z|90b^`0uxy-?zAQ$?ude*;(%^Omwugjj>QD*Wf9{;J23qCdS4pFJFGPKCKe)3rGHU zaM6{ih>K21;Wkh{YSFETJrIpUmsD?$dRnyS!_w?(b_0D9#Pv&8c+IaYRjt&(Y)(*C zb2IXQx(bMDH2Gzs;dZbj9>yq&WN%H?%GA9f7DXb{W=I&lx?!QU z$U2%jcECEAM%Fg$Fg~=f$Oc=F(2Wq!%i|Km#zg-rO`agNQP$o8$6?k(u>4^w$S>D` z;`k4)EA{c^wPJmei=U)Hk?x3uUeZoEk#$hGVLO+nw$uiDaqy&6=%-PFR3CCa6ph&V z?dAS~e*WJEN(Lsd4}2%OU_MxC@ysMD`N!spS3k=sjEVwN0^8wtWNWcj2NNqmizdSLLR*F`P7@N24mm(SPj zTusAvsJVIA!r61K{x?tZy73w)C!83C*$wvnU@9INRvvRCE-1EyAS&%*VX9GyW|2WbUd1$K9{H*fF1dt`R!xF~{6|h1wweik_Zz zZJ?#PIt6Zex=rkzkdH4PAKzE~Dpvq6=5uOGQ9W?GCk7cG;e?@Xla_rxz@gMNK?B9i*&ca%!(_|=6b#8P}(bBrDdn)07mK;n$^(Q0a zJ<`DIrK48>BI#{AE{@54RjShcJ0UG%CI!{TlPK27k_bTEJ2jn)p47*k85tR1J5f}; zWMYO5-;Iqj7b=X+GgP1wbK_PNw>wWUEy$#2>$xv8uhEyRB(Z9ZIm2~M2=!~L`3*0f zyT6Gi|N7;D#~N;gZB$v;ZAfETs=|0llztr5`rcsg3kz`mSN!QL{zKjA>DTK#bi7`| z-kZ3%(&N)4-9x>Z?-z%EnUsFXU(7h6Ov>?TDZ%av&S`F#O(|=;a6fvjc-`2l#l~*< z2>{=mcUN|>nMDX3SPbyVZH5D=1(^d|<+652*aVMG@t>1IQ7_Q}> zd@f2EvYH^kEEeEcGSm`#rE^jG@1`orLkNMszB+~K;=01rfLAQd8Dxi(G)U%Wg3lEZ;0v<8SZ6UFT^N{8K$YHT&ke9og+% zP70A;cysw8M`VfB0&=hFvb0$y-~^0v{5h zz@Go}b}e}1pPqu|^UBMDtyo9Y$LQbFG{LJt6!P?isyYqDM`P)`ou@X_OYL*8n+_#> zTzrs{M?!2aW>1F9)}~+Bm^`6=(CW9jQmqP(o76$?Z~)Hn@nlp7eRpVMJmNO`;;*v? zhom|=Bor`k*tQd}d8&jY$+_9Nne@;X9PLn=+Y|`_Gk{)uIq3$JitKFI1pgu}E|t1eDtJjDOkJ$yLk-{$3endQc%D(YTx|Q!XI^YGB<0p8w3pIRnuG z&@xZNzInw6C>el67Nx%xcfkI{xZm-iKj=~N?GiBf9bQ)b#qKI!wcU-hgPTRR5|U|W z^MOLN;J)%c-(QQ(X8&Clnw{Mm%OMbQ0VYjE;F(1DLrmK7PKkLKi(%y1jV7 zaVpL@2PVQk#4P=2dmicFis99iF-bBZGVBeF0jBxzCVv|*P@%y|jTBG*dXD5rhH#qz zG;yLomb-!1Y$c#fQ{abj2qq8|B@T(I8H3g20opqw^ZLU@S32& zl%|Zh$Texp5p}?iDhYBbd2XaQ`s0Jj6}Rww5?PZZ{F^uPw0WXQCu9l5u&a5k7p@p8 zs$Wm*V$#E<=K&#+?dpOK!h!&l8%>@;ql)=U%+nvF`tg5O7*&yuwpWyY`N^37&#HON zeRhrYbd@8@#&PZWO#*>YVRBxM-UrY){6bExo>Q4gL>xh<`kgDM1Z_W1O#}AlL`8?4 z%ZKP)#mz+?Zqjz7tcSwX9YCZZ4>+vJy7oRgQbt)rg0&BKMy@ut_j|`BSeSR zu#M4-QLSlhe9T-`o<`gM*IzjU^8C4#gv%4%56w)`qe*(gB>^hpIOsP=2Q)4+U?D>~pBgJzsYcXrDCErk|3Ao4&5#^^c5= zM*zj>E48k>qJ|lAE}^k?Xe9{T)M|}Z%HUtC4KUfs#_1|-hDxEHD2H>yYG;$05?iLq z0Cmy}|0nDnP3v)e+@twYEn!#Q@4Dy~W>4;tuZAK1>b8(PbyAM+iZ|%v#?F zw0o-X*(-Oz4RBg*uzcu$cCBsvtfUo1SJaYB1loF1+7Gn7P+RsR548$UL=@N*4+#+a zNimSP)1A2#ni1cC7nC%WVO3ZAuk`H`P_dlryxm}42CRVO{*{jS>`w);1O=|~h%`N? z1Al}U6cc_?g_}c9&p;uLv?@nid*UGJjE-)lj8BX>co!T4zY~R{Jzud}M0LkR?)i}E z+O$9oacd{H$~O832JAKo*zr{T)~%=yWV;jp*Rx9!;R4dRrvJhEW+O!GoU!$J_JD4nI8xP`T+jevfUWyzM+%FBPy9#j?s^vkR8k5_?=V2TH= z_lyC!CH-|EO`sXLPvj(%SzyuX%19tULbBA!0QOJ)M+^n0^{!x(Q1|1RNX*&-(26v3 zG-#G}x69|zQV3xN&$4V)4O}(9I<|TgPv8 z;XfjhTH8;LJXu;7RdIlWQ$N1|q>S3wh|~c6*j%P~M3RgCt6~^mT%(?5rN+rBttY*F zFXJ(MT8CyThTP=)dl#kL2!?ahzaIJ=Pqm$4!F^}%7ix#6TprA|us;%sjts4XtLlBg zk-BpIHNyBju9f@5w_h zl=X%qi~dZ*L7@uG#-_&N2_{CAFOqw|yo$kfCNj-5ePkKJf@^@*sT5=Gr*yn>VW=aY zRVl#SzdXKHS*1}C!vC-B8;qg$2N4JnoCtI{(a{kRb674>>&|>VV5`Thdn0zRlD4hw zTkF(jzFx_0=w4EuO4agsU7+GZ_9I=W!l?h{o9&wAQRl$~j`*V(D@Kc}Q@c+1i@Owi ztDrkf-Szd{TY@B0y#Yv(TDyr4YeT90#9$fROO<8x0W|Fs zR$~k&-WMYgVV0+%nl4LMXUUz?oNG8um9F4%3r`;qzR=tiIacyy_(V#nzxs#}qI#V< zag5Etb4bBl5nSl-$67~&Z_2UVfL=DZ=sp$7=3zhQkR0No>Ne^XXR5u7aN!yZ8Q53p zOxh1qzwcDUT|UkGx{E;rX{4i*a5iU`_s+|cK%ICV(#w!%cP@>yx@ln^t(7wWFdi|D zWhciafQ{xK+y1o_wc-)P+^y}}iJt<|*HE3`F0VC$1|V4--HN^&SEd+TP)b+vKe4t$xI#gMAdCN$Ac=KyVcOzaK^Ho1ii!%0|Tq=js>Ouju$TkP# z*-EZAuy1cr%7IyywU6jx(59TZJS{tYKlRvs7;ZdE@vPn>C9l!%z!+KY-u|MRy8Y^u zOHLAc3RT8|PEw}$S9l8m^K%7x#cG7~uO^}p3xZ~*nK^@%I*|^R6!xHvz$HT3($T!~ z3v0Be2}bHqcP=l#AfvZVWwOL3?oEh*QhJIK}EF>B(`^u3& zTA{N%XGBH4ntN+AaP3v^b)NFw5>~rVoYT}rcb^9s2gA~ilh^`1oxhU^TdoNO`hJdE zvj*WM4mKvxMUSgfn-ho@Y-vB?X$k*;&rU(R_?Cz9GahU#)I=OG<5Q=OH=aJ0Qe$yp zCfK~Gm8$#6n@mmq3RK%VhmYF(LZ3tJH^9h6>Rl%MCqsJ8c;Z=9SPLHll@H|Vl=^dB zrt>N$COSZpRex54(d*D9I~(Vs1abvj=(J_1luD;PcC7Z%(5!+1^9#`3n!lwA)WPSu zw$t#H4SK{{Ld)C3$IK4*CKAXb{1HhwONNt+ExY=W6fHiM<%k;A1aW0w>zNmM%e-~A{#VGM zWCEapAK_#L!uHF(dbEz4jH~<=Be?Wx(mu4OT#~`CBw>>#01&+W&iw(oPMvyx=ETYS z5!d+9T_9OgDbQ9d>v&k&9y0lYuouGrV_BxUN8IN}{Hy8)c>59Az5%tB00<6DznH1K zG>8PV^;i~SRl1a_LGhx~Yd!rSLmkFfh=hBj1F^b>F0uOo`%}~k6ywA>Sr#K$6GRLg z5|hxKB33)a43m4T15++`qaPrpE<)?q?HCJP3hqP8b2LoXOl4~00JnDw4D`@%bzN4i zA?K7#7jpNClBDFviw2jy`}DQb1yAw|hA9fGwVQvD=TFiA6$LSY zb7D>#eO_xW<>JKiriK+^IYM$2Y;N5r!Z1FeLXW?_?HkZeCjL|~gGK4LqBcsM69kU5 zi$-5+$gsw!xf`x@pWRC|ffsKj5WHz0;3?xmcXW+}cYNJ6Sx`u2Hd`wgsgPNoBR{`d zD#=>-^klKzr%spnYRu3$iDeZWn945&I%$@*1={)NX?hFqM1wwtts@T0oM8v-VxZJ6 z>r!9y5-5(WT!2s$hmB-w{gNeX*tuG9@_dJ)mM}gbhS4YT-+g9)Kvep>^F?R}3NQ&} zN3~kHD0Q|rCm?Kr2Ur5_b1q84O*I#hYudj71>lxG3DStay5)~}&mG-5q_nIJ+Du(0 z6ci9>p|q0V`KUz4AvYTaU8ay~TD1xH37FelF^n;!F=Sp58QhqruoDTmDwD}l$YsgG zBkBxYJ0X0*+h^W&Rg;0f9I0@ZZJQ>KAUFo1cJE!{u|~bfWm-zRAFA_l=&wV(w&bmS0ql;3s5>&CUHI6eG|<9Zr`UwTTvsUKg9k~o5AYl!cLgkW#o_~YB{0iZ*O6auqnAdgO8 zkBLH^@MBzu9NkU|mp8vs*Cadb>~0KwH#8sI5W;C9NyezBBnMa?6~3$V%Mhi0X?(-f zL~BeySzbP!tm@h_s_S{BeTQlFg>wbaODpwCmTP970&2|LQe)59+RiJAF1b@kC zMEetc$1oFu^W138HrvE)bs)DJ zurP>=L!PRNS`tBPm=ysB1u@Xb*sd<+sA``vuJuO%!}%fbNx-UA0Yn^c{5L7%5%on$ zpN&iSarIcyvFU{VS=H=_bBxL{jtVs2nhKs7L57B1LyfAHyhilt5wHr!DZyuG+=C)w z`9^m@Js;}^Wgr~m`!3OI6iwFu5&``w#ON@By(T2!E#1 zj)icpO53O8VKpHqoV2-6jZr{lzEP`_s_1xFt6xq}?Lr{$cK5rMavyhY>IvmPlOs9kHeWINK#yTC%A?!3c(kFQ`i5mFU`HtzQJ-g#)vr zV)iI#Xt7a#es$+rR06-Vu&`}xYr9Y{T-kzjZIDnRr1h#uF^XB+pw3pX4k8HGa;@@uym&I94zs?0?_Mq!& z`s#@1Ad)_) z)X_IAi!>sTyC=%bSLc*pNB~^gI`eHBJB=BRWn`sbftW4d@~V}N0YhcrKxn^;iKquV6zlJfu8E1#T)PHEOZ|63hio1JmIofi{zc?+fR3iAt&{ zT{l^vXudjfuN7yY**t^S=!%rTw{U)d&T{9z&W5^CntuWId!3(fC+!J83e`-X^5C2K zQtevq#zf+DQlxov%hXJ2*WtZ^iiEErk{>XG4fHMC02*m5--rd_#Lkgq4DZ-I~V^%4l2m2DWKz^p5G+`5Sx-;bci%R}Itc}ea zZ9LAyrevLhhrGzX|IDuX9yJu((W(7_rlBHm;62Cn)h>>R7_RScB354+k`!0lQw=bvqf>ehYShZlI}zN4io z@r~!xr@U`H6TAMjE11h>!k=hkseJ6m+n4c(6OC=^+y4)Z?bLN5yZiTx2%e9p{vm

    i)VsI%rgA&g%dHMJA5ICcQ$RmNj@$JWEpqr=xYn7_Qnf!V~&w8vKlM=sXIJDXD>VEO07tHoOf0S17Cy(n*&Y451JDi(eV8leD7S{5lQb)Z>4B1 z)L~2EE{A3>QpkrzcNml|$>(PM8qE7rkZrN%dVx^1uGh3bm9)0Kx~sQYQy|WH^3aGg zJkm33**bU40AVuaPTeKXy9m%`1cj~dn=0i2fUw;vm z#5YYnjt7;E<;l5QyH;?DMs{&rqaBxOWU*|?GzZ$LAMk@6LAABYUA{*b72%6qn8}eZ z;Y{g&`I7=}xC?PVruEA|Ig!>%!WtIW1_J<^v+m~g5kk#ym0EA z^H0V7-b=_)(5|3C?BM9I)D&xZLYOlNW@MAFr)Q|z#tS%a&u+57llD&}4dKb_0ybzT zPmE=kFq4?emhoVYrUZs|4RD!y+YJ>n(S;vbb)S=(xsk$gSDq31v9)ULdhY5atZukh z`YdvlqVMgu3{0)Tplz&e*em38aHJxtY$4{-Hp8 zHhFUD`+pH`PM9-t#haIu5-i4QssRT96mQp7T6TIr+%$Sx@Y%$)FGSXuu{l(>Y7_P#avL@HJ=-VzS62dFEB*!{`bAhrheEIGZw2@tDY*QX&|}x9>?f2P zyUoo@uX1y9N&EWxh;wps2r8@h=5zhdQR(0M&2Cu6>${HLzw7n$E_`N~&DZO;ggoQA z#sP!y_@Ed;1_cm-jUKLyGE^MJY|YUhsd-L=kiTuOB>llYz0>Fq)w)k$ zrUm3rP203XNf{+L<}Ki~G)rpEUaVfa3r?b8Y?L$vK6F^|(iG6>iEDP&Rl)h>M5#~0 zxpd3bVD8(Evf;!9AH9l(gSQ%kw!%d>+x=6|km#3}4+m?gtFokE7g`9v7OaF+TAAB(?mSu6uA0s`CS-&hpN7Zj0qqC>-Q{{LxJ!0k zLM-;p%vmjBE15pWI^(55O3|LvK9{%h0}97vm**VNy5+>SsUA>p1{-Y3gk4NC?P7vO zotkE1u9o9vc7~CjD4IhTRg-vYd>FE#(9HM7cA5<*&s7Phm#Yub+kIIL$>?<%!MpG- zgiI15)vHZTeol-MipzpX;D_((;!4EhJbR|O6PY`0f<`I~$C0(Qarpy2 z3EM{F-E>b~xNJu#E>9n5dy)_89A0_JX^_?k z@!F4YXtq|fHkZNLtgf`$4)0n|v(;OL14gEkS7;qF*EUW<;>O)OJ9dc^MH6kUac$L& zsv596Dh38Oj$(1O7Q1#st0+JpN!GgS>r+x|wY$Fc_ASiD(D%>ttmT*_yP6NRI)?V+>SwwvhJg~G!rCFrs>d`fq|_F1#AN0d51Rg3qNehn zbxomK(gulF;t`>k$nz{-5bvjj0FU3S&zS8Pm=vJKe8w`0fN5u{MeeBD$*~9KS&tI) zA0c%)5e1xa+f&6=hyi@F+{ywcvQ1-|Y_Tv&tf}xVH)1qXeM=K75>^RDHRtm~L`#=G zxhNVe=Ps?~@ppzA%^a|Gke$q-rPt0pBbSFF}_k|cx)M#DkR>rHpC_f9R}R}0 zuS@SvYwd`zNFWbH0#B5>(dD@3a}zOlLu{reY1TM4C(59^WmNzRMGc&t4(-yUYum_c z?+V#QE(;2-y1Zdp5J9%jNA>r?^{IfLiwhlJK)lVR1p2g{gw7nfho@81y|kci`q`Ta z2qMr?IAf&}Avg%=OQ0=-B5r8csdKf=>ZFmu?ImlKT}Dbw=E5Jz`s>Ck|6)^JpyK>w zS9=)Cjp!cofVK|^9hX;AJAm>doiievxLu7}${>c$G$cS@W_R$(!GWjqU7md0V~~L~ zCdlUs##v9(sp&a(hAh8$Y~y{&#N=ljxqv-JiaTbGBCcj?CXVuehq5N#P#w$L!Vz#A zu02p69FTnF2(J+y48$1I2ev9x zJNXH!^gwB7lYt;yirzT*EnAEIYWrmp52pK8&(-S6?iNO9P!vWOW`sXu6!Ur*TSPHU zWyvLNr&p4rXNV{CH@>`9aLzz=^@}XOu6?WN61et-%iICAPn~GIKr3ig`P+A+t!!!N zsl)V0(3kX&|FmDY6&ONiTY;C^g)m>9#K*?R-_YIoDCP;%YREcK+#9!&4XSC#crKO2 z0iiq|?lkiwm6%P9r_2H%JaXx)_3WMjiMMid5d&1Xi({G4g;`e^w zsH={M5>Gw6!_e<*-e;70yqoQwOuR*NZSy0PEB{7lrjl={>pbu4LDO>nL)wzivDEo_ z%gARITRY`WwUqUJ`kt3UJgl4cC^ni5Q;7_NjM5mLN>F+N0hEQh3j3R)bsPBArC?0z zv#Q~ngT<;6y-4+P397CyySYc10p(&H;J$KbzXY4t?-S#xthpC~wHnuY@0|-0EQQLgp!>ur96j=`w z&x3>Kw8iZzhFwgE6SY)ieudS_NIIjgVP%SV%I;|f%&~dSxvilVWU}qb(b~Pul*77-I;m$vPbD6?tFn^OCGkKs9u%4~t3W|`ebL-db#ekVs#Kd5y*5pi zH~}u<&Pzis*G!(d_F>h!ushdiuh7p_hfOrYxZSz7x4P`QZ-~-grEeel=o4Dx&A0w& z9#ccLd3(`hucGKs;8<3t%7JTX)HA|lY$CKU+5O<+n2!#Sk@Gv+gfj^Zt&LmlPlRk+ zv~)H!E>Is)8}hhXRMBj*fAC(`#O#eZw))H zj8k{tpD)_wnC^)h7o4`O-hSuNVOv7y=Ci-8`AizQi0H5yI3`<^@OmI4KJChJhwJiD z{yG^$4fa`dTs+g}&JP#)xgf|`&x9yF3v2wXK^ z;+GwrP;Bod7Xp7P(*ZsCWTWSpr5pWtm~3^B&oS6!=J5UWF9zmG|07bfE#WSK=^rZp z4vaq_nd7-4=xZDTn=zyx#y2Mlb%^_X}$D`Z22&WZdi24 zqB|B%`fRnOHPu|`>-{Ks&PWN?HhBJ7O7~(>3ztwyFLQAqLO4BjmqoEWmY0*U(BLt3kf1#R9?D5iIX@*PUK)g>V zG#|kl&DFpXg<_oX5yVdg&Bhw7Tw}==>UU>yl4}c=wy-Hdx?_eguEwDoMF*@^lKbtmqjX2E7a|Y_La17QKHor#; zS|~2^j_$aaZhccgS0)Fh848NF8os8Xjb)N0g@2u=_y>qKR`ql%|V_<-Yqrz`CtiEhGvvlD?lkC*Bu6UKQ|w?<$3WilH)S%3F##z&OP9eF_dV!S$F3@6Gp}pZF6bUd9#}t1ZsQ8f zc4l6Z7);u3rYMWmcU{_$X!-%(jHuc_>K{|AMitc1G?20eqkyy+Xd@FuLv71ro6P_wR1*qo-2Ds%o6JjIxLf4yRe*W;O@pX2b@2YY_O% zXlk(8J9JqlOa`VUIt^JI<{JB@tsZI$%D@X z65-F>F2#7F=EQx!Ef~N>R>wWbLHg8`_@T+_8-RQ_SFe&Jy!_HI8C30O<{&cGCGy8_JutYIuSiio~EQZuXJsJY7Nxb9jS+&23$tqkQSy z<4CT7id0A6{)tZuTbB1zXgLDxn)QL8hhY0b~tC_pciN-JL;t}4zy-%g?-qu@uC(9JN-Ek z%#UGf$f3HmBuq6~rSJK_j%s zrrf^9`^!~!C5yu?$V&(x72`y5gllY=AcK&4?0fA6BGv`uS|w zi3*XKrJc&#uy72~FN76W`v2(t5i{U4een)6w5@ZpEckJ=`B>*NdP?wwAH`paxtP8f!8nvogOX3R$oK(t)J z(}X8+c3$=6O6J;H$^&f=Mgy#5#;%lQ&U$A_C{)>%1s%va={=k)O(X>rv!qsX9#hb0OD3*%aMsR z|EVtLjm;_q*rhK5tj8&OouzdDtEbs zYEEZ1m@ZZI0EER+Ib2a47b=u<^DPPUNv%4676mX$o(33JE}XjowRlvNqCd)-pMB4Lg>t*L&-<4^KR1zZD(c zjI9KHS#%WWOTJ@!uruP15{broAsolC`J-yYg)Dgm1R+mfcroN(2=4;akXX;25Fdkl zd%b_ySG8a?P`OzUqYjuZo+HOaa6PAB*XR})Ej6{=|&X+qT40P=mX;+1f^I2v2wJKjcG5QARMhPY&e z*M<)KWR4GHV|QK5h@>tb))IX3OS$yx-tN1t0}tbBW8W^&EwYk&q-WCW_-&nhv!Aa1 znaV_Fl&uqRg5Tbk($)-f$gISaQV{s1R>Y}2w0)S&Ch4ZyLA`vZR9^16jsJq!x?@Gz z#Y|UuvGIpOwC09W#E>cT;Xju3=@ z48<7dBd0YPo!CTdmJSVGB(@6?rXxR5`2g|MuU!43@l!fMa|-cG1j72g#xXJqQ|HF2 zc9)qYDYK9>Br*}guLoA$B0}5K?9VAhGGS?Ols6D|=e8!jjx6FQL}Svlv3#XYZ=_=c zQdtXcJlp(|EJIzWo+%7VWN$5)uv@#NDyvurx1%_uy&>SHcVh`*M7GS%YBy{qK2)%J zCb{v^Gw`*vXQ6Tetp`N{oGE2^`%n~tb}~XQBjO)~(+`(e3_cb#c#{$qFCuU4&Q<{C zo!17Cn*^&W>Ql&Xu8f3fJLujv7%3{y;tlN*=7KJ65_#{vDZJEuu7Ge$$dnKF z5hp3ygb8>bxUF#Rpe8dTv0OUYn)&S;I2FJfkx~|-6mQ3E(YDRf)xo2lU`Cy?n6s)( z$ZiZ;ze@sbG)j13XPc)RKfe$+*mPSwNGvhnG8mc07TnwQDR{uPHGlEV8tzufD--#h zy-?>Mg&g`~+e$isQ@cnY_!hqxh2PPxu{_^MAqMjCP93t1x;bm27f~-J1*2L%-uvXj z&8&3f3qRMS+0IUPgXq%GO)rY{qC-^oYoo_bs?-#R1!|VpW|C)g?ZQq}`#CPgiQr)i z=`z%y{>*g#ajdYHYLT-2nqj6`aCCsd1^NT+k*AlpASaSLBb-qlBm zn*rVV&fOp9JwU+I{_~)$xq-SA7>9>5qF4M;|Dug0{Pf}X7T>zV02L#UmsZxy3d1x* zEeb`vJ|S~$QG0RDriu2Z6W231-_?_N*P!6Gin0)6HPBNDbLl!g(X!La3^#6`V~SM9 z5uo30+*;z&FMGRh+m4$FSe7&xycpCPkZ!0S=XlSTd$>){@Acj`jUO=sYeCdp{`-P_ zs45o8k>2)+>hLOz`C&XXni6MmYV4JRPiT|eNwp;KGvEpDT)JLU%_IwEfSi!GO$DQs zNWWdx3|)ea-f&td3H|SlcW6Zjlg^9;1}5ufPDs!uMxS{d&X^isA`H`csXBI962@~n z+Fs`_Wi-}LbiSmR8k)?cjd2uf|6caoFaBr6xW&rrKIzTqgmEz5q^gA z`6Ab%dwl7i3w}RqQ+&Ed<=sv1kfeiKt&@i{B}NW0ck~pM?gdwY3?L4Kn((=SbUo7$ z&~n9Ha{in0>V|t*GzKEEUZ@f2%KvQhpVKG-3x<3+%t2)%IoeNv$1kO3{>u8tOLbcu zT43aNEsJdz>b&^*)mqi)7reQpT7^#q0ek}9LeTLvZ5sf1@z(37i#v2T4Ee#CmxOZP zayNC2aJOY-gA z%}~^cr$pjs3Mn)w@8>Xs@W-eI;X3ZDS)wQRJiJ5DpcqY80(vs_Lr~qI>5!qyN=l4p zainSZ)W{8O#@8xZqyjk&Cyo>ZVLGhCszly`fQz_b#4wZWou-ugz6-$%^USu;TX&+r zI2-gu$Iv^Zj78Lyhl-Kitr$aBHrii~ z&juG&?*XEzh&7R&W{58R#~HfMP^J0{-g}k-@Cp%fF`$=;GGbrN#+HU*>8%P`6@b}1 zIvJHJ_}NLWMh6WsHPYq1!Tb?)eV3Q#auu{iVaGL%*dGpv&eJK23d$z5{fniH6ylTBnt#&oL1Az5;|{Y_+D$rX^FGXxv(Lg2<66|ZA1@*K8fujlTP?H zL29XeBkPjOmLY$MF;(tP~$0mF1V6AUvspa!m(2`Dw&}kVxT;R#`pX1VCjMEP~SPX=n@ZN9<1sQQ0>m+DVfTh z_rECHSF^zu@s@<-ri1?EUSF_BZhGE(-Uce827Wjh1U0JC z;m$mVhm)UcUs3V|cWLr}UPg|JK%+ukb)ryeM7V8W$|5zz*ht|{?tbU@%4@#xM>eWs zOMV?PX*cMrwP?j6J0aH1%Y7?YeRcTRon?N4C!Z(O4IzexXRfO?rglg^)E{9|LDLf>Cr4E zq2Ql}4)|;m<41X(72mAqU^&orzjM=SWAPNOHfACn$tt~@?!%qYEnSp#dzXGjzwz$_ zEcUm)RxGxYD#iZEiAWoc9F(;KT*E>w_Fm(nxhiCK#!_-zWTxV}R``|-cZgQR0M93>{O>&h_x@20vE5@Y@2#<=G5%hEJ78?Tt8`oKEvD)$zdd6&sJ>LS* z@xSX|d~Pmo-+lPa?7}@P9PmkleG#(0)1rkC-@nILro(nic8puJtq#=8sp%4-JYQ<~ ztj+yIF<|ZA4b5Yn*YAmPv~@}PrYn;9jmCgeGQrNnr7zV{*QegbVML~@>LdNtg8MM6 zf6()a@{A@P-IgSjzZhOG0-MP)4Wexha1HYys$1m}Ztk2vPAa4^IHa#n0Ae}5XX~Pi zx_$AWgGW`XBPp!?yH5{2&ZUciQdw?$@mETMmu@2Pa!<0Yu@q-$cFq>+E{b&ZJ9g4H z`u5IC6}ZL#GehL4CMUN@Q!sUU=TwEc>ub;Jn%m2m^e?PT?y0U|)GsAM zwaJ0nwyr>1-|1bTFvUHeN!;!P{2{k2caZaTBehz|`A0Aw6hn;s87pYjpBpc_u{u+sbcvH3(osNcC8|;NlOJ5&1ku}6Qr*>l{LkP&UMug+c9=Na zWoh%B&7N+)&H~gyR0j_IPHc!N^Q%(QE~F0eq~}V3Oq90Ccv`Fz*hCL-I5C1aqAc4% zR2S7cnPRIKaBOhr>LKEJ*1L<1*z^v;4rg`2*uPsy&u|y@gZOfjiDX=}!>o|lJI&ln zPjQpkF~C78-na9XN$O-Pw6|blr^A)avDoL0TV<{ar2FD*N-{^}xc%X0foz9Mgl*7L z`3}9TsSU`hKCxIH-3qVe#$S06D=K4lFNClW&l8HkUjtu()}e^PCRy&_r3qI}UMyEA z>Yc2Dz$f)!(^k>x%W{aBJTdu!Av(*Mg^{pDR4t0km7kvHSh)JR zl)=BoyilXAdkjGM0?5CTg!rN9dkID%qIQ^x9)3}3`*S4uwq-aB#6+7JKsI3@p=PN7mUVH z@WH1xHVaY8k!v5TvpRuVrb?;V-~dAqah`s!t?4;1v5~sCU}t%T%Id!$(w6i3iS(mb>ZBpM3kQ?=P6Fh2}4+_itFr^$Gi9R z19AjGII7)L*aD>vcggk_$Ai}}T|2!dA;ghF9P@BNy&N=_I}PO1`N2Lqt`u6D{!Kq}Ez#1fIX?wqZkVEnJ8J}Xmrsm@NAJ)SCc zV!R7lV;PY4Av6x<0e_=1_Wn|ZOPBmW+Kvi@9rpeq*y7_i`ne#j(8l5T5eA@ZGj;j- zz9M4FoIvG43W@LrTBICIvC^UZluK79*N=|V#~%u~9N(GOzqMps^w46%C8NqfdO+9o zl|WB@f;|O^8*KIUYh_`N2-wA{I}Wzrv0i!b-F=vGI2Cx+Rs~5QsdGYB|F$TYEd7Y%&`>3(n5&+WEtt`ydi_s~we$$$Q53GOJ`p&mPaUQ?EW^HyE z8)Fd2Rv;bSFpAgu@(w#aLswcWu(!LllkD6oj7T%*^o$E8qtLG@Ek)@Pz0g`{!xaMz zX{8Q@Sh90E2Jf#5$;-Lz>%Pd+?&|Qn98xLrJ%=|U1OcO%+Tw{g@^vx^LW^d>@0EzOhwG-q(qk6u=s<8Fv;nigyk=fA>&Izt|oAt|N=n zittX*yFN-(;@TVK;i9Q`jM`1EQjLip5`Sp1Aa1}u{1pm8KzGK}P`mPlv)K=8K)|ML z;nIBxw6tVUn@(mzcPQ#5ikTcA4CrXzA1*Qb39*;l(E@P*pX^sNo0p6kUIdFolg0?6k$5TUptLWubI&@)J|QIa;_Opmlo&-qT{{A#z6h z^A|Q?vaV=r7G+79g<)O6o}2rLEF824EI#llP@=b*;~l`>Iy?q6u+nZxsihp}dUaA* z5h}3&gf$Z@`n!2>-y;${P|g^kYf<>r576i~53+G>xN(W0O%o{th+bNg%7AQ`)l*B* zGKizZpo=x7J|Wzl|9*Ik0!6uZ6ZjWrAe1EWa3o*U#(}Ij!yUH!3nqsS5Vng>E$14D zpEJ0+@XMJ!(9wQdUTVl)HcZMhgSR;H3WaUO%fYr$Mm_x^V3U)cV`PWGxk$J88idMC z%{e!4j0ot)P_gsUD;V++7zQnIL2`@0MX2=P@5TQEc@;-K^a)Q@j`VucNw-y`q^&O8 zV)EJcO(Fxk1+Bp&S-RCfV-Gh7TlsW1Gf{A_S#^V}0xKwBBnO-%j0-F;w|tXLLHBsq z@^LPns*_?KqG_ON4nOrS6ann#Gpl<1I)8V=G!p1sN>eRUoR|doeZEzl_mud^c(V4g zL*{j`&i>DS@D2$Yqzz*siOB*E@3#bg7{JR6 zT^kHZL|dT_DsNt-EoFi0mm(3ml79b z`5n@{TySNQ_<{r!W`w3{IjTfbM#iv6~!NcaqhCp{-VGnj4 zsQ33=U;pj<1~^$1I85c%m{x|jMHX&QHUCV)bW|?a)VC>#&H9XiaxZF9oCe+H%MD2 zboi;*3AA#5SlF0essr+-dyV{+Z6@)hM>ixGK~|a_mgue56W<}R*e)cx+D5hzYJ9?; zUZzF56h+w`f&x*eco&Ww&@2-$_|Kcx_wsSeqAovFb!^%uL*;u}tW<3~yM+uwwSYtt zSi7)Dve?z5B|5GnC1~Cp6xvoIZQV&Z@fMV%09Vf)Ea07#h^$K`&C^d9n>Vurr_SpE zW38T9N9w~NFG~UeN7J9Vw?z))c4BrsCteR$CG=Y-&73f6gTXD2jn!(piUfem89KWW zA1&ye1j0ij}nSw=Z`FgL$9gSp)Th;EWl^b(pa)6t0)Uq$ohKO+dc zIM56^nseK8ezcKK{GbMro=~i+)Go@Y1QO&lG+#jZ;<|rxWFH?hs`fFiM$Y1Bek%w6 z*d#VIGW=b~E)vElBD5$<5HjmsopKhBZ(5fVh3POVKth!0I)uf1R7IIPgJ1Hd8j`GG zor#U%Tv8>v-z?rZN=}x{^JR3no|g66e@B|c4h|JMbgy!VI4#s0mhG>%!34NEk}|e0 zE?3U1fS$(*(y&y%#ftJTrw4t!9?FtHd{8*0eoN&8RA@n1O$39RF~j1a?TEONGx=c5 z<1j@);(g?hB4Pg2m3dh4!arkft#^^|W>Rm9%wEa-9sI+i3i!>s%%oC}&x29RYf%C& zngU+>A#rJoGp(7huinaS?QJ)i@DfCek64|KKpDVXtEB&mJR2fW1^Yb7*nf~sd~>L@ zl&Dfq2+@XfzdF%-t!=qvs|J&sJYNe2VQKSxf z?BRFI1)}p-Glk$jj-;HE2=FO8HnHPqa`gmka8MD%o)zW4MbDX%Xl%f^x-;fr++)_j zC!78A^W{q8IZqzhB@3f~?pZg26w)g}V0DD&gFoKg2*Q3!ki>o`+=16tw!W;H^($P{ zE%Bx#@t)ylEPbmocFD1a4`gg|nGvRX0amh*Bn&=lvr>c|n(FnBZ|Cu&SmDc7&yMPb z4&RU=P6n=8JGp)Txd{Fj1`O+yE(d_0I@}6xzo_4=pXdqtSlxbRqvbCcco~!i)VNHb zSZ^hv1k=IF6;~fmMinrly^JK`=z_9NM6j|6Q)$Q5K08RapX+t{Um)MoK`!nc%>fN| z4ca-S@`Ua)*@?|MX_s+y4^3rIUyP1&*wdnYpMhRBTg@?ut`}GorErTa$S-{GTligZ z2ugyu+*yeDW3f2AHsB!%@`hwv2fRDZ*P*Uzd4HEUT_!8pIUymzl15XTJl*x{fTB~Z zzzK-a3omp>BBobMzay5_{E6En9V1C;t)v6=N4i%5qYgxxTM4=Y1;D9!6EB!E7J^b6 z(3w^AO&9QHfHQSfUnjBRs%z0Qul9N5*}{wf8Ur&n@LwIBSe;U?6JnBnc5rZ?mPX_m zVo*oNJqWOyvPj+jWrKQ`jL7@D-IzOBoM_db-W79;b*1$eI@*^KZwl7cFx0T}vp9K! z$FPbc8_n>mJanJb@Dh~P?pn_61M=%9YIoXIu8e*G_jO9O@CSpCxEV1Zl+X2N^P_V= z>CL@C88PLZ1HBfI?V@+`E zNu>`g-9e-Mcix6L5cYZ9!y0P8ShQ9hOZZXorD*3AXZ^YMG#H8Ed&x@$8TjT5lo(05Zj-7y?-G%YiVx9@g&q}9$2*Mu2b)7njP$60j1Z$hBm(aswZ{7=!t zx$Wxa1o;U;3ic=+ytr^w!>C)x*XD`YyLe4Xs|_iSZjBexJqtq-9;^l54K9*-+N}IO59*J--U^2Ij*TeR7EMNe#KenQvui2I0c)v3LxIHZUs_Wd z7Dv`V;i%}$-Tk;+W8A2@IXSdsc$h!7%S%0>g!J5G(}te16>vZnF~NUM^?m_~6B#fo zj)N+IXFT0_J@Cj}yY)3E**)CqzS%&{m!gktQ4l~YYTN6u~0Oda)?aTv}4Tz?ghCwwd0+h~^J0+5P!z)Ts%=WK>$ zgr-T)6+#KErbIoW!}j~L1sfom&jY#{wi!rQ^0$9 zscbahQ)dm|UPqyuKunRL65Zbe_#SxvUaOo(vT_?zreW#|y;$A3l}0MenwUT_)w}*B zPsPEv#2&#h3E|<)tx`@!hCyRDWU|*J38+wc>wAhkQIeygbo+82yX2=jrn@u{14+cq zB!fVrs*2oP;2N&~x2K3#_n?C|u>PYE`;#=naThyfNZt!U5kw+#Y{>WKHz=QRO-|f< zw)xaUeu4m=kqS}890vDv5fGn7R=4|$i}wLodwS+;@gfoJ>BnMbXF6@OuM}Ft(%2jF zhGvEiQR&6D1(uc{=6NFGx}b*Gq%8)D5PV^~$voDcF4^h^&fYk)lF^aNPtEHvHLv9} zZ{5$XtZl~Sp1B!FaA^O2Z)$NrA4m++Eu9;T#NztnG0+J+ zVIEKWN(zxgHFx!rng_qxf7@KixV7cDE@Z!-0uE-0;BO1bs5w!sejrxVlg6#@YP&)P@%$r(xVgKDglwT1OO*4wgpXtN)80^dtt91Z*}(XXmoZCp>s#iWE_u zZNMITs(R8aPFkK(u6S?N(AsEC_~t*7slV~Jl$+#^oyXm(%F~S#p@C=;Y0wK5jKzyh z&4%J2A169o|KT&77m4d6;de-`;z}jDPMtU?F*SRBp|>pK)3Wa}vq2h-YtI9*gD)HN ze~=*i&1I{%gu628)+`o>EnEj_`GI46vw7^1$8)k@vaZ^}cC+YP^oRffUrfd(P{zJ9 zL1<+r#voE!$J9bA$22Ns?)3G0f_^J`c1b6$Q(D8~tjVa}cR;b?<+v-7^vY83b`vQ( znng$Cme26ZP2BF>W1*tp;Tn_(;&vBE_K55*;A%%!L@RMyscqZi$5&~EoXpD_Tu*sY zjU6S7?rCq&m+Q#x>qR6PwE=s5A7=WI+y-RoLzpx$u2PJS< zDBh*qz>thV%v?V}oC5^mcJW$WhM$i{hWU;q`=S)eFr^>;Xn z%}8)wUtAp{x50H-|Hr|h{lj0Y#@U{MJ}Hb+_Ud3XK~(tjwm6g8UyU-9ASQe@;dt-g zT*d!s+y5Wb1q`)xPG|D4HY*0$xo3_C8LTgg3sCoD>P1)yk?jiIKz(jJ_(fv9Q@kBZ z9^3X0U@w_}(tdHMpvaDu)^&%^ZF_R=0GTSwAs0){OoSEqFP6>!$p}y{7(diL;xzi= zAQ4X@grRc%PEh!PxiFn?JTQQ~Fk&6v@cr!g{=QfZmWXBo6N+t>TucZB&BlKKb9Z!C zPc8j#S5pxGhdX;n!{mSBFXA|kS}(3K#(CalNb>w(7qxBGrLteTPm&DT%C;k|sh!uS zHE;?UIWOnG))=b2q|8dr3aEc9Y3Z5%u3HFUih{X3(Y}J*l4QauY3gFgR`(xcYP`w+ zb6EdyIq5J%j_v0x+BC zwA}o`$Bc~#i=IBRregl*_YJxh_9dlD4&RoHI#EjgT6ocZ@tC><4p%X>cFkPbQ|(c= z&rC>P+JyVv{7T!c0}!D9&^`W>Df&O_?hmz89=V-@R$|J%!g(B10u2ncyFDan6?@oO zLnGLzq53sI)xON+i_!zFipcVJQc3;`A1d>RrMKg_dn3m+6f$=Tw{)H}bIW+TSL;+h zBwZEXfX?;K_kW*ZxxM3t%AkOTZfV{A|NB0brecnt^j~m4dHZMoo~=5Z7gysaaW8gV zH0Q!zYqkwvYRl)+q^k|cjb96x##KBe!d5iK$r+=8c`fcT(c58uF(7-E>n}K=|0k7pDAD2NNLR-iO~*SgY`XmU-Tn zE|w`Tc)BSyzq9^Ze?tEh68H~ntoxz$OaWrwYn zp9*_aKdF2yP?xU!ODg}s3s;I;zYWW;uGR%U3*H3tA&W$y6(of3yhYVP9Qxw1}GD7r!;I+-6H_Fh!ttdR^9|E`E%C8qi6xlQG9XQC-J7Y5I?@M2L z-1yOxl5d%Fv6vtG7g}befY`|0B9((=Q6(gfqcJpby_A)ogl7ELoV%LV`A_m!gV^U@ zos<+x3rM`p5xa&~P8z?T0?86rN=CBOqhbp6@(X1jSAD~3Sp=jjWX+%;Qm@l_(jGH; z9z3f2SjO2ye}7=l)@LimZF{J1CcUB!U-Nh+v^HAd+Jp2H{tIe7%(b7Syw-V{9*iW& z+E73I@r5PKM$~w(%PqA`^vdfPamyxG;lMHxQLDvTil;>3j5xuAx`CxtW8px7DqQ3F zaFRf|;Jfzs!$en!(l0c*Y+40NnK-G}rG3^1Mn{iX=WX3b z3J)nP(eWuVX|U4onB9-oO|@-7`S)pvsvC|}kxi0i;Ue0o4|{@R%7|67Pee$k$w4uA zF#yQG!6h|V#?eEsn6vsA5|eCGe1is^yhz%*(T^Qe{vmi+t+i6b&%D4k{VQ_t_caWr zG2<=uRgO7^w7D~k!cpNO9&X1fqpN19$!}#_AGJ2D)=)aPci;uvI-3lRA`_eKoQNL) zB*JNs9LXe|zQ2W6NQC$l{JaIb=$4KcIqsUmc|L&Xu;i!0gU25C-~?|4VhOKi+ZqFt z`Wln;lmU0+BglvU-z!8FAdJ0dSMz(b=}u()00Ekh<+sVs?kR3VWsR?DCOOMuK_Yf^ zY()80<|7Gqs@-@7o9EopMc;U)9}W-&Kc=9n>E{YnSa+YD{sz|l(?Wm2IO9M=nZH>n z(ZZhN{=(dP$XATsxNAUM^oGtMGdY>Ib~;+zT-jE!yg?x6kg_)WcLSlBoWUVC&O3Vs zGW8T#nD35PSO%W(=lyHOQi=Y{E(dPJGd=8vURf4FiGg!dQ>FkoTv+(d#np9&v6-$> zdW3Yi0?KZ{46z*O$$V4pQ)A^IvtL3Gu*&VPe{yADgnj1`o4K*lcL9ZVN!LShBcmgx z!c3RJM{YLTln)=eejI^@G?*QWDUec3Dp)bdC0d*)2%Y&CjoNEt{Ny;X)*UZTO^n!M zkv!V$dk7ui@|g%GIsI|X4FYwO&kD(ptzIJ-HVB04E2~A1uMp&qjf#?0Q|6OU9Dy-% zev|*_hp`Us6O*V7S2^ci%E}BJ zT0Nj)vQq9{g&BihH`Y>W5jM76_$gO|rb$cd?FV9a@y`ck%9UFk2xYTBJRf~Cw&K)A zyo8>z(KE-(9e{A@q22EXL)FgNb~Y}+*sU*^gz?_ar>s>k*Pn{)y>G9vSpUj@0XE#Q zW1}h{eX!MUs{19@zfJs`V1bGA4Zj@+9N?Lw4(qhtjYb|D!*pg=og4N{MqJOF{P*8? z!Z28AZ%~6JT<2)(kOyWi#{PS(r@kUnR}7EMgi$yR+;nThWHJ;Hl`J}ko&}R zYs_n!JekjoxPEKEK=b)?W`h*Dap$m;*@=Lbz)i{H-RW{b`{__f_S+t`avKFIx}EVr zUITTq{b;FhdR)bRoe(&2W;Y!z`-O~7qUku_QTP20+j;M6%L57nw510HEBLCo2*Ln6vwK@kzNwpROe>n#76pCEnpR-n6wgDYwx!g?uwvo!(XlA6JPq-!?%vTsOL%>SW^1 z835!`U{&glFT?Hmta-D^*m(d>@Qv%%{gr zg|g$l>|h~5*2Eh6a#c4Z2KBIw(*uqXzu0a4#CPP9_xl7~dQ!6L(w~y7iU8%`&Mte^ zkLY^hpRZUP;<&lzA{xiChjWb{dq$?I&@8CVnacrg>io&x-X8LT{*5&Bl{4ii2t!ro zG;xNUWGGYdM0J?CYu~)0+r+j)hoq<1^=9WQZYE< z(aB4)86=;wl+ah$&Vo=nra9Y(vCn<1{1nWsd4R5KY(KliFx*dpY|;m6aOAfhsRJ%@dXeWV!A9X;txZPVW20s#;Gxq>uMtc7H6={_rID|zbN%@?Wg#~6{w%UB-gM5y0l!9dPT^`owmx)lyK+ElNpaHODn=IVSXGw-g=QLf;_sRj^Ek}0#) z+Wfi!7J{6Goa-NG=pWtp>4k|_JQ4B#nN_a3leW;F)y4UN_Ja}^2_lR~dXY!WvI=H? z{w_x(13)U$DIBaeHtIg>?Cg6cZBMuB^v)5<13^`n-gUjpl9IUWd3a{A+?{ds)*;J- z5gdXkbAhZe6RqZ}P`Qg<4yNbKH=jre%}aH8XY-ZrQ%f1bC+Fbq*Rpnzt9ttS9NSS} z&F@OJzPU{EXfD+?+D=izaNwt%y~-?_@1@qAvCN;2>4C@I`xBv8=7AtMk^9(r*mDVj zZQJVB(E9{0rgyAfdzg3qjNmJ)EqNuJSsRars5(*#{kROcTZrw?XSeKGq}W%+70-&? z>YTGn$9=SYu<~b+?7Iol`N)9))n>2Kj;DW7LH`wOtL>u^CjrWdD6iBJfjo6n8k$FeC6- zkr%ag&VTR7%571QW#KTpBtGVqA7Rd5a~^E*a^=9&ALPr7zQn;7kdBh4OMLM#G^Mz! zr3kV32@KLvut1l{aGKr)HqpM#)y9)bZl=Na0Y_UpV$0=y^Gzg7ksP7dy;bJLh~Y}j z;!RLbmu%8YUzyU9CW&tJI-%cyqyqLu6NxoxiP z=&)bMn3DQ;_%{9bV%^dZ`4~of(e!3lBsEC~`?GW|WVYF)B5@=lu>P%J`Wp=fgXLBc zD$cUe9%(O8vW$bO{+frqY&+hdBV?*@c$c@>hsT4;4t={vBPBqWw~JF6P5Cqctj@o4 zX$*NsX4^>Pg4z=Ol_zp%gxyV+PN9c%Vvfm;;0SqW^Ybp4~` zo0NUlPse}$%I|REO(vOV(uW~-q?5sJhh^v=Xq}$C5xB(Qq7fY1uSjahF3WmchP*S2}ftSzF0JgBJvtZB{Hp#p`Tz7u#6lL*qKQ*eiyLQ!Q1$dBH6=q^dZ)$ z_CsiovETaZi}!RV%|gbXG04X2vQBAn8&*FzH}eM<=&u@At3lgtMdsn9E%(0Db-Q+n zR7J<6{}Pk1#EY=1Q%jYgqLi;mMr#s>bGlJxYN6bR`mdjrJb2s?Q+uwVw$+7wjx!$2 z(C$Ia%?B~P7cN{t_Sfmo;ed0-8uq8+nO~94mkSuhOUD$9&=VjgRhUM{3`P3kIrG9iduWAd55y)N*LbqXhi0M^xZ{mPAT8A-#NbFP|Y zE@Ji`gqRNr%K`pEU!xv=3Hv`56W|PKLV)JMY~SUficPSh+7j4C0@j*HIwT#1S<@_k z#%m}1xTbSCQ`NW%_$pQm=A=UE=lq90byOl-^x<5uo#GIjfxO_JU2Qb3Au5T^d=I9} zL-?EKp7VDuY@SjOx=WFH;2{5c&>YrpwSI@{>^caOG%EGW>Ogn; zghg$L?xE}Mc=aKn!y=-l4IDrHq@<-v%|%miVT$Aecu_u3=j{x8`FDwszHjz1s_7x{ z9bscwXR#PgcYkEeq5sDjO{|}?^c9S znk`K^-{I{EaQQSUnp6T1Asa_v{J8-<16Q>_ zfry%XaoH*QzhZ zJ6P+;ja>+-X(F`Ct3s0Gi?C>Fw+t$ssnMR3D zvc433iWcrR<2wh7(`3JU3o3%aTH5(00Qga_vZV|Cruk*FGWb zvD5N4a=*}%Wc1+C*0>XYcL7n4ne%l!zHWw-gYgsd2ua2(UQ48NZmApm#MPq43+--m zrIYZoZuQ#jHJ3kg`V4 zejPlnoGxOy4Ouu26?VD)R*R}(Jpk{6xN$ZFg+cgWbjr7jU%K#C++^^&Lb>FZFtS1I z@cF+aJiu`n?nvS4^lAZR<3J?+Q7NfWH~4H_$_Iy#^phPle)AW#XRiTZVHqTg?|-Ye z!RS~doDFYVA`4J8jjs_jqi>^ci_kiU#ngW1h{TSRELnO5p`oHm({GZL2K3CCh2JlB z$;B`6j{0i}zMT>LnoXM@u~Y;ZS7^O)Tja+9xD8$$Y%g0tVQU#So_!MU^{z$~jO2T2 zAV=RR1+n{)TNy!L6QKRY2Ew(#2+=~>by7G_>-?Z)q;nY72bZ#`?JvY%rnTk1MJr)d z8*)wUoRwP0oOYy1gi)^VuI|eA$Tc;K)IPohaZzI$H&rE54=kgE$E!rh_I_=vnDP28 z^s0cgG-BFDgrd+TaOP_@P5(}>2(g(3YA8)SflKcWTl(7X+Ag8tHf_&uC)T}N^jf#j zjiVwAQr#`I8s13ij5@7zXbv~Eo6r4?(o$h&rDWyel2_2RmFijiS+~K&jIP=U&%TO4 zS=O(&(%InJ;t0LX!OV`f`H;OEab5d%n0(twU(Idw-I~7&mf?lpZ(n&a7M<5tp8&eP zNJ>LOC;tQsJ;7(=k$!5S>CXZJ*pDg>g?%P)STG=1Q~>eO{?HvUlN~wL^Vj1Bsnr}U zX(H(|M$Ur6&Zsr0n>k_f)eW_)vT9{2qE%-Z#p!XADNt=at4ZO-@8@gcGy|zw4mctH zTC8s=8S^);zkPf8m);hGk-y+|X_9Uc!H%^{CrM)MA8E~^jm{V;DC&l`zapv=OdXvv zi#ni^ekK5>1Z4Ck&r(Zm3y=G`_DL17lnJIPfm>_j=-E``T ziT~%ejd)vT1D#x7IP+EMR{yXCFQesdoz`1BM?2#h+S&@8#WYUbrdyUk8t$`O_#2g0k z@~(71uF(T^9mU^HrRUE3v807ISwcnXTJ%Oy#4O|R=w|jK-I;o=*E^6izk{lkbT>vGV^k)? z`wTfhQd1^ERexz!d_5q#bJ5@2p|wUA4B#$bcSSRv_R6F`J5~Jku}%!sVGBZsh0|xw z1=TZ6$2gqUl0;~9GPi*7)4yfRPRo_17rawW`pI5YFR_l(3kz6v)AvCApG?tB`JHdE zb+uinef_I$IswpucDDWR{iuo5MnF`>m&-MNwI*@X!+(SeoDpHcr#LpmajS~FZON&K z5uLp?_$h2%iqN(AbcC@8RY2#*67Tp(z9BdDT6@zd9?>|~?`zAN?jJ8;Ufr`6-yrJ7t4 z;%TH?Yq+aM-VYQTV0EP==yy_hjB33o*5vv3;e!Xe;5B8$ETb#;kYd3MiqEz$<WN+mi6?SK@b)1l)(Ez>8l7`pT0 zhh_S(7=guVc#__%`5lqjv9$cprjn!n-y$A*6@{8ZU8TEE3_sWfIQ>3Ras0@~Anbm} z3aSg%up#yV{kRBIbG?B4vu5 z5^|&8f0>Nruh!NaaPkO=2_N+wKQ$g&msN-rMy{@j!2+UPmLKH^bm!W> znnW3ko-&cNx;&!nX{T|U;hdgd3PpU%CVrea(s!1Gzxp&&nzb54XL&>ndoOdLl^#H_{~t9pHtpD| zJ>&XVeyZX$1%Giz?wuw3K6|SnREJQx+fgI(v^(_j(ZLS&+0nLtlyw00lEVxWev&4% za8=ASkI!u+eGc?^>@)oQCK!0q$0lK5ZWWnMUQ@ng973&lO38Z2(*2IO;- z0mI#$Gp66Gv#;=b-@xwgZ#{JDkJDuQeb?aEpq#xSq@NCP+TxC8}x<+I#;*`_OOM{b^3a#etEAo`9H$YM$PX zj`gL@-;wC*w|^cln@YbnUeQhZv(U7*(20$xux!Y8fXm#atN2%N)pnLRT1p}GrX#=F z-X!V%Zco+xV3~9R_#v?*prH5Bj_h<-81V; z`x29uhRvd+%zQbE-gih_Tkw@qujK832b#IuiTDU{nEinkk* z4sMT%E#KLnFZ4z};T=Jp`}ZG(IyorXJjCww(cK7m&z;p!2FEegPUO67o4ug$C$r*c zdSDS%2EX(D@GH|V8F!Z+Giiu)^l)hG?Qlt*$=fP{K9P?5jHBY zEjy@MH>k^al=HpK{ot;e*n-{-dBvd{!?()u9@!R3wZ{(b7PxyUobRZn%d&umA ze?OkDF1c8)0U9iu<=_*_-Aqycw>>Z|M^|KG8bDZ|0yf0 zecFnl!58IMO5N=H0<%7wqWOCLPjAZ&&bHx01mr1c#6WjmL)rmGQczOdjz@}z_gKe| z=!~^9UhGCOdHR>m$|1xI_1QDc<0!4bp93jdiN0M7!n^eQTjP#4jVZoAr~~WS4gOL} z%H*Yq&%Qh304G1g91m!hA%AT^aRXg(P8Nd?9*~BYalli>T9&?<9L{39L-AsAuB&RZ zD^Tidl!5&G*JQegYZ#y??O7XM(^|%*}j)pM5c| z2J{(lg|LQlxBri>_x@@!|DuIw28FQzGom9>RTL0}2na}x9i>Vafy5CIrA0szLYj(# ziVzV2sZr@Q(tDyJgkGfAfFZPy1PCM~A<3KhuKV8K?w{~H>$CPbXYYN^w$O+Fe*E`G zZ;iu`JND^aoscpj>qAc!;{e3JemhQB#HU}Y*{(^s1gb@0y_ee^vCd6K*S0!H#+`2e z$He&CZ>TTokOTjxc8Sm3GoB`a3%rfVo{S04n$TlnXtY%f6z0&| z!UW&UJJR-;^+Cfg&a$vcMhsNdPKvT>UCRzG=NyfmpD{CztlXdQi9Y*QTCDzvwU3O$ zKk~>8`cKk6<6l;?lgt8UMFQ6-A&tKhzYo}%@>dn1)h`18-?$*YLiZyHls8j%OEf{U zJqQA(WPpLiQ9HxN50_@6sVb-TzcJ&9lQaKc@!;b8(`U`0wUIMOQ*MRCGS3k!?kW2! z4Hq^XLOv-Yq;vOKO`r5!^X9ZqxZLrurLdc>)}EiJVS+XdBAn5Y&n$&3ohbGiR{UZA z5ye|sZtCXpLm>)|eP0Ha=Cv57i_vL?0%qkmrT+l)Zk; zLB-xU9{z6sRCQ`u-}E*k?|jt2vGex_JSz7d+S{%y&M4jc=l>-^tyWFvo=E)QD|U{JbAiC>J!7U~_n;l>T#4!OmIo!`C z=^?TCA^^?*s|CIR5W8{2jQc5l2+oprWh(5cJ<@=4r7>di+SZ_}_?E%{{~u22%eUsG z^}0ByX_=)JCJ9Va#T8bPXZO0O-tfZxJ*4++V0X;9yn;QX^f^*3;5qw9JO-*MJ-d2W zp$^QN`;tUx9rOBcm})_AZMC{+nx17IezInvp6d!&+`3__>OsSc-@l3r$+PCUR30zN zbp5MDQEu+l+7Adu!_tGg8E6thN5henEMQLo76W&-h8%`e5NjtmUuCb0G&MDEt&UZg z^Vh1*KbpJPkh;^=)wSHAhRyx?bGbNj{#^xNRlejMeD{`ev{*C4XzA*vAQ-1SMYo%v zI?BlPZ;!@pPPof*;BAmpABsbd zD%;Y#5ba|j)A$yGe?L%UPH&`@hso{^Op3}K=_RkiTI3zdS|E{PCRH4dx-GFqdDg$Y zF(lIPOfMx@$6TKtJMX;uzY3~;I@Q=U`DdY&8S=A9>_keXF$8@}(8Pu)aCRSc`8tfM}!ip5!Nfs|l<84G+zz$Wcz~l#(H^iuj8P7ptj~ASp{CM!%(f{;fUz_fmKSHTu7Cmps-Yi}Pxqhju zzdyCCSKKV4{!`HYzWbXWgaOYCeYKT0X8;Yf>_T|-CilER%0 zGQQ~3NnU<~R-N$}B#LD&j@Q28E)!3f=pc?&mJp5?2fWqkJqBc@0hpiq{fRaJoG2cd z`)Xra-)zBY@I&yK5`Wgu=Of{x&TWvA=qarVRh9L!GW@4#$dp&L)$5uNuTsS>diiW} z7>sNyxLD55DvWghTnqUt&&s#H{w#jkm5K|D#?#$X1nt--HqC8FRUP#|>)U|%of`MT zh2FWPkwuE#;4#`6L`UaM)S;K#jjIf^3eXr-s;_{pVL!mO)Ys`3Q?^64hJ%w{#a_Fb zW%WgID|($ML&2AjUnZ-oW;C2A$p}^P!4zEC6!g$ZIHRuxFDcspteo?hD)t&*c_>{2 zgiB2vy0>dSgCa3ZQf$*~p7JDDL$TLlYK~1+Ad%~LD2KJsm_o|Uo1h=7C42ot9N<>l zBc_YvS-{=Mgh{g1-ejWX744841u@nvpl@SlQ_6nQBlU-wd#s;ft_A&#Y>kTsR9;)* zq~oJ0eZo)0zdhVrIVhfBU-V<_44Jw)Yf&s#@(_VF?amoY4WBLOTtbV5&A1WwEOyqh zI85#V4eX&Ko|C>AMxzN>zrjoQ+RZB=uJ5QXwCiCrBR&I$KvmXx^EbN3GH)|MXjW zXQTV~H%N(3I-evKjkW)nsSuXkb|F`ZF*QA_M5CR&nUBn*61KXA%hKsc2q@n}6o47wnKrh_SED2BJ(8bQvaK>Q7i#(|F1& zZ~gdP7Kj&CkZazyA!{*|44`Y(sMs@my?Clg$5nMSB|BSmu_uCZZ{}8cQE@)oSlY?* ztu_Xg?KXXJ_*R;lXXYT>`7J~;?EY5FQGY2iPREvS=lg_YUv*HcNip{Y)0s+^NaiOf zj}QVlme=k7Iw!R2I}2od`sU(R<5+DK^<+Uypf`|1U8mG0z=j+`~k@tkZF?2RWC>susl9Xg!sx*xWbx%g8MF!jG zUw?M39Bq+YYKJWjrN>^T3L@UXPl{`wY~j$3w=K@6m#Fw~BTco#qK)9ZebBM3_p0(g z-7)IPLy+7fbwQWXl+85ltSebF_lW}}3*u)#uC`9eUHQx{S2I~QCjCD2Po0)^ZUgmw z+I>q&H(mZ)H!tx0sG0c%lj3HQ7HVXKFCYDvO13c_x_nFva9?~M-`T_2K9<~IXz^&1R!v((bdN47#Zz}D z<1K+ZN3Sj1AyHmUX5M)3pQY?`4&;d^k-7!5`Tb3?A^ILI*^gmwb!sj+#d{zJ-q0-&4Oqt*?dn(OR@}b_tAs`J;gKR@2ANhYRVojWx;+HyOu1A?NDM64;4j~UV_lm@*^ilI{4NE3+@S;{_y~({jUIf~X0cvPo zY7ojeAL50kF0NQ zGz3P*d)yBc#O6g$t zAeEP)YE1}}Bk?O%FG#oj^W=Zeeso~0=aUAoDXBO>`-jlcM)vcYi;^=BjEhNuL|J|C^ZH99)M(jy2HabB^67q#$?uv}U>Tq_#V(Rt9+?k5M%U7E$o-rRbOb0sc zGW4qN+Ua`NMLclBQE7KnKfY+qcjC)IKgwtX0TgpW$wiqBFR| zx57ljX`jy#PpSj@q5=xbhsNAxdG8uQtgGu)120}3QwhJo+QQ9+Ubv|e>pdBfBT=Vn zopqqec@a4Be&Z+nM1LL<9OH48XlBmmD4zIl!$Yns{Q=me5o3I z2#zeBtbb#l@mMoiiu5>IF9r9ZLVA0rH>z|wY*g0e0{cXRf8Sc;^g$8mNV4DXE&Vr} zRXNzCO|Ya>r%3tIhz9hdnHD6cm4|(E2QV?Wkm)>LpGoE_ZB^wU(K8I=8nbv>Q z=fhn$_OT?jvqnnE(PI{$h=A$W=HLI@{Wp1M-6(iz<70jTe(}8`On63%1hlfX{p#pxJBlfSnJb2Me+pYBDV2+g( zzhqmURZ8jsQm!kgN>q%hj2yY;>ap}*;@@5L`25{Iv28iTQ{A2FAA0dI88xEbrLi9k zid71G`KNE1Us~AWoVa%M3Id8+0oJA8Goa49WoqNlH~#y#E6k~tPwW!7&QZoyjfC9up5s(fET zTG*^q;_kH+9nX9~M(XjYv#t?(9j>@bdy3-FEGLZ(mk zhJ(Lzfqo?NqvZaS7FmY?-S}!OtEE|2V zx9HPY&|EKi%r}iJy2-uX=CJKQW15var2Jqs0g3-RtuQL-g`&F}yU4Rl>2O-Lsd=VW zQ~7`qFYu%lX6VK_@!>uu7iUAxfsBoXPWg$m9u3D7j(zWmsLpN<(;Aa-XwmhEt!@*M zzID6`ZK}{lPzw_*Dlx(heS+xvN(S^Qs1!3%qmrTLE2IzFR#aQFGg@)lkA5Vy^g&Ky&tJ<9(1a}C9En$-z zdwDlEoNHi1A9SRAX*kv7I&)ME&Gih=a!y#Vu%#MEV{VxlthP+{DS}J@0cIe#$2H9& zo#=R?50k9ZK$L~~?(~zusj?{E0iJ);acO@y`>egcsGjAqHRRU5x)oIpvD#YlG9>Qd zk4odr2+ZBO_b6^S&tJO$^<;=Scs?R1NvUONVRn6prwn{rsYR z;NvZ`GBxp}Z=1^s~Z#^dY>-uHgLJB&X(w(2@7Id@Z?u0ChEoOYlO0$AzPgGJ;hT*u!rILGK?pN6@ zLBlwN=m{{aJ3x&j1iD`+|pkpV{^N1+&cDp@bnBm1%7RmRF@R zaJ@D;UI3kl6Fw@lO^bXz>{T3We4s{lTqwYFioA9$xZR%%;$2`NBC|E+JyDCwDZJM0 zO;Y;0_iwiLM64)Sm^pjyg22&hA)3omIlVh|V+QKfxoY{*;o1R_05KzyEm*E@zwhgz|DuhiZVjue+*Z z7v67|oQvDfM7XBh&yn*M4F|i}j6?s?8WS=EwZKy(M@Z6T6bJU!Hiu<6wS@m+Q6$ zImVwDoYK`OzfjzN+>7?vw04H$LluIPRfGc3bu$H{S#6!K)803-}Inj7FvNaT(tDt8TH2x9XY4Yzgj*o+v$7(Sd z?br@F(Z+nlc4c4FXFt)?payP6zv7vHey3D? z${mI6?riXMGFl4TH6pq_M&RFG6|1fWgdSn-*mXO+4bCrb4haZ&hhVmh-MIOt@iljh zD6Ao%bFP0CNj=?LIJPKME4n^=0TY)UvtB1(T`oD}E`6Fvp+eBCjLlaL$jg}1TFVs= zwXpNMquNQ?L+5*-==`;+s zJGpbR^p_68cmBnE$#Ay7rbcPEC7k(31eL^Mv2W5vC?}Pjm{uUV#C!Dzu~u2#bStIu zeAn_HvnTt82;c{XSIuslF+vmd=BGs0CO8IkK43+4%oyXEz@-EUs)u8W3`khwzoX5Kreun{B?}oajJ+E`h=0(es5bH|dE+EW=;iAbnYJdqAl^-RSKI$Q zI?rI~p^xaTC{O|&Q<#4Bkqi6naQf}QU>8ErYOvp}MU96Pq+OUYn z%X%j3lUCI7ZNx$<_8~vYQ!V9Y){cn7WTqIGbs9L`^WgkWAX?#;80peS9BNBbI%S)1 ze*udYmC_!6JKMixSuC(;e*#;BM&mcz5cWwLb*c&8R^3eAY&?bf-Z><(u7x|q`*O6P z(Wh~d-bAeoPe?pU#qu7x%nY)rd^5|>Ky4525&mYmxe3R;cFt+2YJtonM(;wNlOh@q zb^9`iDr;O!*jfcMuB>Fzl;O#Do*;(C1R;WIm1a;W8`r8SKnv~F;(zgQt)8l!`5M8^_pWEIMAF2EK!!x=@NNKbS=9W6-Ka=?Lkx^){q}=H1~^;NX2M}Gc9#CR z#X}8<8Gtz_e37u5JcUs+gDJnAAoARL(B(@A&MT#Qt4*S%L8U6^4(T{j1g4LzZiSTD zEAnZ+wK-e_a-k0hXGqxddg%H^m(61I*e3S0NcK&^W|2vg-}m|)Kbp`J#i6=(lbJ0z zXVOElZC!bKxBuqmQh|Vzm){TmVxxG*~fu9i@#i*|s@T_KCKQHM#vTOb-#QZ7V?I=6A;iu>| zxSO!sj}_U6gb31iSF13o$DDh&FXSqJTnO}2Ay9f)QjnBbp_%UDxV185cV$MdrqMt> zEV)dP7TU0c-fo@=Yb%vI#e5&4)^@#w!&fC<1Mw+VzEgdnVQ7l64;pKq<Wpde^|VE=0B|JKa`BbOZT>=|E+mceCfLaWKvcWff#~W5_d~O@o(5melr2 zWPjOV;0T2z7`btpYaLerx~(mUZ`4O_-?~wd{-JohCD;MIS^B7#xwyDFx{Q)w@MrHT%Fv0JvJ`C;5*fnd8~yOGydcjB6Ar zfPYNRq^hN&@8z#e(x)EJ?75=s*dKRD49S(R8``kl5mRaX5M7kq<)jg=>75S$)TsoVRy$I{QB}3 zu=Fa0uEw1t5ht^mlhtV$w5Kc%$Q|@wXgS)Z!YSIE5Ulnuc&kE*21%}3tM_I^mH@w_ zBo+VL!Kjc-7v!pK1GC(J;Rhv46&1z-Yjnd>vrb}e6R!1H8u0os`Ca{4XI>bvyI_Pv zgsPjD+fise5h3vYshOFqyKOE6d>-#X5WMBvWWFZ!vqrQKO9PX7bG%XH{;w0beM zf9;w5e{~Bg5M`I6U^mE^QxtNbM#s^AT0BPUVgY}IB^9HDUp@)iPjP%I5gf~gtyXff zchhvgB1TZ+-r?%r=win~sDr7mFMMTXr>U#%BG2Jq+^xk_f`?repx2)V|-m3SzjBS94fBy=v^K8=w1dzgS zEa-e4>)y#EEI)o{#(SP-JG_{t$Tv63GOa&00B!FCjUaYR5@$UotE(l5J_Ni@E~|Ab zB34+|>)@F$sJr1Do|tJ?W}iP5awM2|?`x4)nFYK@j-n@Haf0Fi80nf*DQh*?+QPt z^s-?!w9An=guWH)$0FdCTSGL;%chzzQyB{lcVbJX4)R|0bLt)v?}=jk3bZ}xGIWAt zegfiZqtULlZYBfy-IbiuZaN8ZM1HCrYW@|B_#Xe(L6tIo{6T^Jee_(czZtF&SSV15 z8aXmCX>UQRzafE#=Yf6*Nz`7_tS-s!!{Nd{fPi&bpv3^Rkc+H7)ym#-mr7(saj1C9vU5budpa7_FLI2I(2?b{UZ^C{fX%?mF9> z7Ej2(uAzSwb!f-xrkV*+8A_(eTPZ00-OP4PUFz!NKlpLX@zX~SD*^D-U7Y2b8^qNI zHH1&?sKkoCZEzmUNL>)A(D^3xxq+pICj55G*&1^BTg64RdtVPGF46P`Zi&`5`B*ne z8lTc$>LYyKTKTKkec?ln-=^7%9 zbo|&i`Lx33N^JuGv$3H*!I$RvpSBa+!P#m`!x|rnYhI&he>K2(G_;HDbL#O0_HjqC z>C4C#?k&ixXDs!Y%KL&tjNaGom@^`VFXq3b91ZKE$TAlh$-3XqrVEp>Tm zvlQ|_C@-Iu5#r`XIN$e8ZLyf~Z4M;G{+V-P3Iev=z8-AWC(H!JW=B%Z`y;mWPxwdM zb_-rF_|lWfc;L0gmL*`AZ8@DipkDQ9>_r2>@!9*5CCjh7*QIq^2jh@mud_Oo9#cd7&`f!swYZHo{9A~4Qd$Q3Mxb1jViD;ADKVpR_H!8T+jhf zRa8p_H+v-D=BEFw3-oV#lZ@%C&y2NjxJt)_HmvdcUpTsto5JtUsyRiq^`C~lVbMQH z>?Pbk7qZss(kkc|vV%g3N%xK~w>+&R$1PKN{Qjk=Ci(03I zP9fIUpPqCx_GtGImf+k6wBZwJUsps{m-(*Oruykzhqz`J3W1I#-pAQytAZePjl9|o zs=j)OvH9GFsLMQihWpj0k_li)(??MaL#D+ju7?%IDPsu)ClK907RxP=Tk#dKHNlPR zGrAg&YJyQ0IIQR_vufNLOcz`ZezitYVA^(g01Vnuj>M>_ZD;!C^|3TZlG|voappjW zS#!j$Swx*SYO`o*VK5J{jjb?>+~b*#Y}snxm2Dj(SEorX+${4 z9G!UjK!m|X1ynKFPS;($huH_z`vuW%mJXH;H`#O>jJM0P(z?n1EKVOl@d~3{^h=6r zFxEa>(VNRA;snqBf#p6Ck3__idJA7LwSP8(tXp*sEO;{?KloawMCLixiIDw>S)YRq ztf~7&n;H2dVLR(jb~lZd?4S6l?$(~&Sv&2tF@NCAVSfN&Cw*3arw&0lQ;>a#-(guJ zs^2Zn$m4~l^2DWPAh@=aF|;Y<+|fl^e+};^o=in8AT~Kfq>X*H>BNor`$qD`K9WR~ z@X_Xcci$L0?r3+~kg{pXv4}}#$o@rdJEzkfqF$E`9tI{t5mQA?6xB0aRpo_ogB#w` zcbEbpIj>QvB_S09BSmkLQZP2%-YQGVh9cGoxkIsu-L(XiLzEjVR}}q%9ZW60@Rc@B znIa3>UmBHx@y#-&8ea&aL2^fv{~fLDyx$*-N>~dueAT44gB^Ymw(}&v%Y&&4g>w7z z{Ooe3>j-Wkn*95ZeV*r$CSGqdlLBp&?04Xq=feGn#bbSVe`09d;=l($H$x-)?MxPM z+uN$Y)%?ox zSH(%5peI6^1;DBMsM`;B(K3Ek&YO5ZnfJz)im!P~`vJKSvU-Td7o8~tSoC|5kbQ_d z{ld6wZOBLV%}I^^>W_B=`*|PQF9o(%a&GdzN!CW-ds7t|0WckR{t3e0nur3zD@&qKqF)%mEIbw;#@se)>7I`JXohemb6-1^wg1$i#%$;?^X=bg0nUOPY=J}Ii}k*(J}XRJhiYXP<$&iGFlkIe9E6} z)#xBBWg@VPEp_(lJ-kv5^k6*z`^CG3-X0DPnGU8Fh_W?dWn<_!ApYhP5R!`xvmQON zxn4p{g5gj#i2>t$yNMybO;LcQT{>j>+##Q9%C!2dmz60*Hh*?!e2TgV#JHxo2(8tX zf=#aP-@XYIdTjp6KHxiBZF+Pvj?f?{7stQT5)5=_ zBe~9%+%{3tS~EWr=TY*?oX`1MK2Co?{~&*tSiHN!Ik51R;k`M}T2wqENr5hoqTu5B zMNk`^vH`(xZ<>To`@;JtYJCp-WCN6UUn6;Sm_!Rflh2srRI2J4Gf|kSNc}*`RTv?b)DLM2jm)=)oq4Z}0arX?t^^Bs+ffoN zM~U0+bq{uh93n)Fev|h%A~!oV{K%F|CE9kNZY2kSy!CL~0`1-{5WhIm^!GwfBh_;% zf_HB|-3FAn^a3Wx_q2j%n>`?Fo0Ujz7<|dB1$$sbH2nFbNT%vi{*kL%LWpGO`rNmR z{c^5;%P_^&*U(n>5^a&>Rqjhly6Vy zkObamYE}l$-7XvKcdt2raGJ-ITXlIe{J5@x9#gBo?6v+jfwlmo3( zy(NyFXjjjkeFotfkzNl4JZ;tFK6iGfJ8nOIXxv@Fw?~oFIr~gKam{C;(pXg+_aRYZ zNaFDrlnEXKP~{|7_E z^&wVt4tulwD3wwNIRO1NM2Fq?3q;22F{(DP!K$x^vrP6fEJ(;S>92Q`5$xmwss^_C z3d9^-FjAzb!br4`l3J*paIMVaT;Otx{TBv)a5}%e3eRKDoOUE;{W)^$p1Fp>kzv=_ z@Y%4`X2kVKv#Yn+;iKeyxhlt-9t~_LDdtZU%DtwuNs^#R)>%n}2?X{g=IC>Oa@+P| zlIv8x)tbVDCq89{Q%s*cDl@xomD(1})n{hG+D5bXC{|kF-Oewv+(wsYyW6WP+Kstj^RqjOkA0w4pfofdXNI)ENkDp(|4nV zq`u5kM{)P2oyI2z7*}WRuZ*uBxwSf4e*nWD{F?Qybjs0ifXGg*I`#NboswsvvXpJQ zR%|#LkMXa;(7=8i9!~L!%9P$5!TjU{DTQDJ87Y!6(c;kch@@J$UV3(sV7`c{ z%=_0sQvf4u8Xb$ILMM!MpkQ`R-R#MuxJPlNXlS{u<%ZcH?ZI02w#YrU;O1xwS(1h< z3KfX{Eu}DVyeD3QSvNJk-)l+Q=Szjz)0|<8^8W!U=*?lZn!h2Z6uTrFeI0>wFL;R! zyF%EW8L7Ntxv!55T%^0KzCT*oGV7UI`MBUW6-N1o+4v+Fqsc*c zDm)gcUEpQJw$K@Kx0DaR7dj})(y*~nF&1;a8a<^$&_g@9ej@T!jD1G;t6#?1nT5e* zEwQ0} z#~lOW-->(uJ5XPo1}sRWS;u>H-qNIi6aDjX+kxxW_joY(j&2MAEZQCRASW_|&CYHH ztlcz?_yg8I3h8{FQ|X0!_|JU!A5GK|aMweUEJ&OI#gd{{C(WuaHE(-vjwiJItWZN< zgwi{`H^(p_08@SlaCBiUH9Slb68%5{@%`Upm?)y{g%WVon34`E;~u6eiCp6@%<$A4 zGiOgw z$xAtG#T`LA$b2n}rynK5Uzge+pI=6HI^>Ve{@B0G!fK6wwCVrH=_&Yp{hi%J;0xnQKVj z$~C%WX?m33ch5x{U$qJ4DJo_L+Db5Y@{yl=1*4fqi4oaI&P*SXgo9$PxtZ5pEC=%C z(?p|4wUI23B{b(o4$X2d+NUp797?axP_0mw9%kB3Z~>g_CpD%dE2)7ft8RC!$?>Z2 z&$1mOZ1hLGqvZt(`TFa4vQBz1l+&Uc$mCb-^3%YbHnCSKA0W5FwT*CFe@_5)z`8oO z19DF>2If_}=A)0^AX9*e179!EVa@Ku&FU>>@{poMuPEFHB&u3q)O+OjmM2$G?BB!e zl>y;3>Ozq{Cl)kqE-=`K=*02g6wmV+glO<#t1qi z+WoQ>I-^$mV%^$ms;6m6Y%EUTHO3{2*O zrvdyhDToGan?c{^v48^{Kk8K__>)|kmqORf`iZp21O`1cbwC)kHTN*^*2?za>qQFHzsE<16ef6NjB)B z8ofn$jLY6WH6*_UtXWQq|MAwA zWtyH*ZK8dHpXeTUN^id8q}Kj~WSiN;Q)aW1w{jFxMVuPNtr!5HK|}ecBE59jO-N%{ zb3H&$rmo*X-tG6^?3`8Y@`pB^zx#m2?OQ=C=vcuy3QjB_?~VR3PJZ0?eUf4Vrcvd6 zorT%>tssks<>gM}>yv1c$O~Q$BH^-K<-a~vyIaGlr#(L_YPlo`la{)O4yEt-pmECN zgD;$cC)2a2^2g@fk3B1%dB&qa6G~v^W4c4UlF_88?tsw-qWwZDBKLQDJ^Q;5cn&xO z^~-Pqa+dRAvJ&~L>-9qrAZ3n1ZvSE-@~c1avJ?+cJmZ-``%f{=y*^*|jTC zktc7%>GK-@}|*|<(Z+Q2&#dBQFoCQiQR0v)n2v9TU`&A0H^J$H1Ho)G_&8a zpk8$rW8r4%t3_8#%BLJhvf?y)-@O{L1jN>$)-WKf4hkRD80Cp;uHfRsIvL-zg{~4J zo5|-{)*(v?Ie!FO0XbNrt(yvKADmIR-nlrPotL1|n=F^jFGa3B*T_S91>qfQlt<7@ zx4v0zMV!4bB`B^I(y=#}ZxPK!!xmv%?ch$gvhqfY%iuD~I7QZG^us!{d-ZF=xPPwH zp!lZDOzP3hN4FHT!Fn^ zV3}v}*%lssWYLp1m=+Io3(!3T#R@Tj_uNGfwKQpeuEi$plW3y0BG3TUResr<1N78X zQuYZfZVS{vNdsC7Vlg=*AJ>7evH<4d@&P=BnHW6dp@BPTR?u##>dTk~c6;*1x^UQi zFsBvEfP5jtHyBbMOJ0$x>(Id?hglp)v@n$_SaKtsPw_~jZ47P@Qz{NM$$kl89wlY! zViYhh%s0P>iM29M>M=MoIl}oK&hNfJl%7Lh%8y!GN-5)~2aSi8dwmQpkqr<5dn6GW zAb!KuG6vAvEdY#xuqeBzT|kAE5u1Gij&{UxY(+qC%OQc7Hf2Qg!J^;M%K6%d=B(WdYl# zxLgGPKEl)cp42eg|HLJt>D1QIhQ)VN;%D8&Q|}T5m%IbBy&$>u2cpgvD}69OUbjUW z%{Xv?-F*bIts;uwrucG(?x033iM#pOPS3?cvnyAp1ovW_>$#RD!kTX~dLW_|5ycIZ z4ItS9#!b`r%<)BCex5L*kxn^15-N&HLw&q5o8K~>u#{lI_|nX({3Zhe%|=V;x*RQHU+M3~;bK<*6*N%eE>S((w6m2vhJ0EVo zHl-Al@oSRQI}w1hsRKL9+B!0H;3?S}fXhp<2q4`qIrd1mRG4P3uz&DJnTQiTd=2_fKL!*LQ7E z);=kC;haS=+fA30CQ+`KLK@1@^;R z*~7IIv1-7`+^SUSODGHH&=3gFF)#eRv#UF?q9MBAA6Jy+_GjmXacA|8560PpP~G`TCQTN6 zsdkm<{jlH%6nWcQ5LnIc)^=#t;-IJ}j;$A#SUv2{U0q3&8nqdnU%vkS z7<`bwLeBuDj;clkM35U2IcLjeGkGB*RGT9{qH8=G6M&C>bC{X5*mVS-bs`q`GUTfv ztu5a`_x1U?3B0-yUbnG;4o@50s$Nj~6Tt7}&b;&Cdf%>d_-obZvLZ~jqZO|d7IfR4 z1+Q`gkwPM`N%EwYSiA~+*C#zG>Q-HrCL}xjovrDa=>}>WAv%ohIje56T3apyeZ^wB z22-R0RDYtc%mnkykCyS#l%B}+i0ect=Nmo46vL+sEhd_>9?ra?ix`9JN-O15ncgU$d9-_R;eA9}@`n5_P>|kdNdOZkFX#F6{(|-JVK# zy^Zl@)FS-)M!#vdmksxajb)U-wIew61f}5 zTaurI?rvoQx?Goj%$E7^^FiD;cfK#t4VSg1nSOF=7GAlQrf*qHnV6EyP8s-y+QhjV z1(JS`rW8jY7s~A>D|&8Tw?1DZd%@Fe)I_(>Cu@u>Hpi3KK`WN;%S0;4bt&1pdm*Zs z{oHU%2=aBUgLb!6jn8j&l;3EkchYG5>4b=|TV|tr9DH$)ieMY;Tgg_men0W_3Y;^X zL)|??`msi&Hw!hiFC{GTU>q8$X0d`k1wh^iBS{Nk=S5&UCH^y|RkYrKD)a8YWp(P|!~jnIirK>R7Pz=|t!e4MP-iPD6>4Av@Tsb9o#D{wXL3f}!=cfl zqas#UN}#mMqW`c?OPI840c;%&1pos~uP_$f^U8m2nbF<3QA1}n4x)fXG z7mCId&7d8pON3fh4@uae8p>vP4JFL43X06L-tI9V>g-kB5Bs8M|DTUThA^z*-~u!9sNYgVf8tE-qzxuS-7$%Z*)=G&6;#;zTs`qN{( z*tM0ZJlr|n_#fQ{e$q36unxQ>hNy)2J{Y!9^CIk5hK2(9xdn0Fbz+A}ujD4uuUntf z$krQ#MX_TJ8oxM-J83W*S}EkN=YH!ZUiSUtS>>ZH3(>7(7bb%MF%__?GN%Jt#$1a&<@!zT-W!?Bw3^VW`T+7yK`v zJ4+6n*jhWa-{FI~eSUA+NeE6EH8tikG9u@Xy2_L6qR!u6ib{Ut5@H2l)?Y3$fS363 zeTa!qqx<+zcC`tbQu&}<6!7>AmUz~oG|FC`p?QuFvFJKx$0rdi?u!q;wL5R_=BN5i z4dFWvOm?rHrOST{21a%@0pC_O=Di1@Zrukx`mA@p!waL07eJatvCZsl5bNgiDW=}C z$SQnyWr+mMt(*r+Cv0%<*)wZq)~xlecV@NIOW(~nGK}#H>%_sPwTwe{*5X#^ zo1D-L0I%eZedfutl%2h8?|#@+;=5xH7B-BC-+kTa!Cu-;*PQI+ak*%5ypi)1OCK^M z!srR?K zqyc&^eY7~U$#IuXgkzAw;1;RZ)O#0kwI{{#zj*t+G>={SN}XQ?EGLSdUu)8jN@?c7zdP&;6v=d!?P6#3nXQE(lhjt7xlaN`WXPlCd%`w{m*WE7RNslurVHCQ z*5`5*J8<-xX__*iyI}vq-NyV;!vr4KIfqKJMXjH8o)%`{QNOq{F~liun-Xz1wnAcG z$?KrKLDbIfm389D#QM^^06A4uzcu|3RPxtJSxk_R2cl-C_ZO%lOV?fF+r>r@OYa@u z;0n5?_<6bSX?-X1mcBn-xZU`%*h;|U$Dso!OWAms{xDH3sOx>g)6_J*Nizswjb;)yGcq#sVNtZOGrguo8FV0t(H_a&t!Ni z()GPq_4dSOu>b9p?($d9*1@qRdb_3B`mn@IpYWSnevZ26#;&JKTvyv%`T$h(G}jP? zXO{n0Qv6wm0=iCumUIJv5*@>9*0V=5Xb+qYz73br*C5lI;o;YzuRnMxjA5nPU>w!6Uv?J zd*iahW<};#QfNbd{qPYMNYNHTaVMq>Y{Bz-F{b{cE`Yl+bn?c@j=0xqmSmR&ISvT6 z7j*+CAu9Gcli$l&S%gJxPxf2i@>5pzvyzz*_ghBwFT2Kg>4Y!a9C+C?&BYo} zbzpQ%$SRjRSI>3_OTsK*Bj3!ienn%VoHfG`&0(#4s8H#w#(rJZ>g`UyS`#!0G?Vl@ zM|l3~ewP0kiNRwEJzSIlT4%Wlt*Mab@vUuBCLgi%0>p zda}JHUa4xPX^~xLB|YvfSmyHy0SEF~u^zkLD|={YPEITJlY79)Yo=a1!&WrXz1^Y-wc=pF zuZXz9us6Rq?iA#*@N>0_%eI|#$EiN>ZWh*bDwjn>VB^XNe7AqCLAn>Bypnz#$IVtY ztA#iOj!L7G?#=M~rMjn*rbzTgr{SA02X202N$JA+;x;fNK#rbn2*gAib}2cPtkbo z1~fpX$*0ryCP%uOPe`7%LJWgGSc&eJW~U%KZ~5w;r18&j_+1omGF`UU4SI%Jj|ADy zCFV1LN8ra6IkHM4(EQJ;^&2fm8AuHX?-ZpC5&a)m|3+t6nx zwt zgia(5&y6iy-19q!4$wo~8#~bfwr$Y|h2?Vu!#VdA+>BI4PG-%wMMHxjk;9SGsLbehOrOmg?if&0Lsz}2xwaNTD^R9{{wp6s%dcdW;ZT%L_}3C z)I&eJbu<0sYUvLEVryHdh>Do|oPHk*U&7hXulK!@) z;xLqfweXO>Rs|tJ-voEL?~jrq$FDgFxfCBLiXdGcZVM}lA^h)Sv9FK)&LtKdS^j{^ zTc9u76r2c>!QhK5Mu-HgvziuKVQ%{}^hBM!zP1)HF9^Zpt%8q&YIl5po~~V-4$rli zQ)Hr)1}$cb4JoiXgkJoc#$a;Ur5DV}z81cJnx%--TfEDqhQHv79L;1$@l{Pr3HJ^8 zn{F3FKd&-g8=|`(1`m4r+(SJ?7BfUTuteKTaX|S;@BCTb=&-WRhqPYV*_fA#{L8D$ zE4goO5v;htyBpJ_TpfT)$_mh4v!N#Z?U9%{puz}Or>ON&)%Ls+@5e$2zV|6PRoRI$ zn&fDujo63SE7xVvQuhi3|I{Pr3d~lufdTDXaWgZZ(a>}1{l*Vz3WavF=+3034aynR zBeyG3;s&(M?XjM!Vm$w{@;-w-mRPNsiO6Ddd@2@yD>*t|=Ra%VhO)8Sm6s#H@t-lg zZX4gk76P|s?z02X=Rc@imAqkcN;%+&n)0?Ev2sjY!RJ+t?>--*CyMHsW6baRE6~$= z4Q88S#JqmJxj6edoC^$2WRKJ&vs%{qhqC^t?{(YRxjz{^zXC)E^cYI%EKy8kynGvf zWe-1f>hXoFSfXqR5<7K@=ThWfSwDf_Vx(Tp{*@~jkUrUyKY}LSYJQd0izsK}Z;U|z zx=Xwwe$l*>H6{x!DdCv8ah2hpg?~z(f1Ca95HO+cfN_Z8C&^ztRhnFo(IM& zU%3}CXhI>r6%#Acv44aF8JG^R&G!rrJ`!os@K7#_`Z!s~mR|Xt! zW@gcqH5s4yx)`NPMD#Po!m}rUBb4_&E&aILpL4;S9zk=82z4^LUMQ&Q)^b~}VFF7l z3)UQ_2dWp{(ED-C_~2^(+EJTSCA#k5iO=@(u$dm^V9_XY|6Z>Qv&O+2&l8qpYiz*P z^_>o|{L!-y<#Hhat#zA$N#hRn{KvEyK2~E8~_`ywomolg(9{vw3ZNx2)ocB z`Z-ckst*3m1v=@VnSvzYE3(yu>WXG7-NUyPMtz+5(nlk%uH`Yh5Fw%3Uaxv^)fVlv zk6|VMy7=^voU3K@*OS}855%u0%4C8q_01O}>*Ytabc`%~X}16njXLv!B&@`+@I+n( ztL|T=(R3KbzBLsfvHN0{Ay_1^r6WlmO?2)SxB~hm*^ytHXA^>BA5glxz-&c2B zc6$f(X+ju$1{~Zkbwsg`jTD5hN_WF&wvNv3Ogj3~w)kJ9ZusX8o(lQ6(~%u}i`5Oa zG3On98xIF`W8}~)g1Nm#zfV45luuD?%rGx`8tAo+z2S6JYRXppjrqD86?a~`hQd}0 zg3fP?{wfyS7MZRLc$vv7(rVyw6X?ZwY`O0@QA}1QHINBI$S+|10AuA#JDWi9by4P@ z<#B_1?bl-_E_G~(AUfw_40i76%ApF7rlRE7A+PXk+d>3igoM9a`=KhDO&-szCF-kX zqS=tO8sPwR%eLsH{gWn)p==g)R4;M1Fualb!%So$>)3O66VsgZ8%(=ntNQ(W()$- zA{S#WUbwKOUu%ctVN4Yt_WQ|47Ca8HWW`%s-&>PFwaA_uwT`EYT zt>$g2=#}%+wszPgs@E4aE@2)kP8HJ$YIlz>0JV{Yr8)ZHP?G`@a_^qpJ>s`ij*5NT z|5HwIl7r!3w|x%QbdbJ<$9Hb_Nph));}f=4FrX74ftuG=tX$4cq+rg{`J0jTA3l5IwT+$LyOxNR%*TRj0PgI0v1u6r2iBKOJpgvE|yB6s{XnwHf zr+F70uCLbN`>;mjqH`MGCVMf)dKK=ahOXL>A;^5ImTMSS>GK6;tCfStO@(g5v} z8KE9Iaf3xHum`d)yG;WYL0r-p#7Suy)pNt%|{&YnHH&o1au zl0g_jr@p>Mj=qUVJA@9w>tVX!(yi^uaRHT$zbGb5MvPO{kmtS6&pAL2z z%e5Ul#Ku#)5sV^f#}0B9zyWSuJnB4fA_F$M;I4IRxPw zpMvq*UC_AK-aNtH^uU9G%F>5R58TQ_MQJyu<9)rZ;RvIoSJslr(IZF`rr9yRUn%SU zQd*entEq!uKF3l~_&LP(RHdRu1H*tDaO)`^@^u#3yQW6K<=3%T>sfn9Y^Rr3Td}Nm z$PN1j(bDF&h3yNhylsPyNoL7W_-)~0N4@*%&zaBf$JkE{T)3<@04HnP9slO5XPnEY z5W>MZFu>HnQJ0%F)J=yzJM3b-k1&*Mwb0}9hN!ySR)Tl#`{|jVo=8H}M({fHkge%{{n`5?Wy& zO~ylv?A$Q!HhU#=1zbVWMw+*A4G*#p1Rm9JNdF`>?D04u-A2)TUlMTOA|30cZf?t8 zVX=m$HxaI9+Tr^MZ#(+~jI-gYNBtf8Tgj7oyvMEvNY4dp5bDdKTY0Nz*`UW5=bd$9 zzNB@dYTF6Kln6bj9084H7Hy%hS?7bq>;6~;M5~aw|tco!0 zGfT~6-ajbK+SZy7@(3#VttFv$HSU8&ih(<*|3NcW<44fY1Zs;de zbmao5Zq#ktgwys|2%BGOXd0Y7iZr=VWoRP-_Ra^F4>>gp4ip*itmgY9W=E+sGUzWJfHnzMZ%v#IN)-PAES8J%eOr!gS zXmB)bH9Z5a{TMv6P@wzbetTvwB4tzzZFa+NbfaNs3xt@Vj2CvMo#cTOEVb6%UL9P= zR99QG+8lQ5Oda-ef4VN}KXhoAPibI`!Qs@cK5vXYfZMsZz=0|;Y2~%SRh`PlGK$CD zqkpWV)R|XkBq^x1Le0J0Y6LA5YP)rsN9bUE{UJTp4v8xC@0~4cP`TfD%E}%W;Xnkr zRw>zLTNt0W;8D}h0sX8eDYCWj4@ovD=TfShfXja#m`4gC4%?9OYO{-Lq~;Ex`?FPs zVW|CcARpKsn?H`4E8k*6Uvh_Mol~h5`bWGC5q&SE5WSoo&U&rSB}wy?UbeS=!!&PC zQQtwS_OL*e(a_prMVn$KrI%BhYbs6-XH}Gs){O`&QBHHy37)Ig{n*#q&L&Rs1P_5) z4>IpPajRMfy;Znx`KA3KSm+@e6?Nx&{`I<&(4N8BTQhqqlTa~Z?qv3ZU9gvo3KwSX zb*5^4`9}%=Pt-qdiu;?co4@@tJ}=XDmakrWH4BQhXsCiJpo>_zwvkU1aF}~Wt-Ke5 zsBWRjbAw=`{f-Q?tu<9K88CS&59-c0^ZY87H|ZFRgwJ0?er*GFyw>9!;faDRqvvgJ z0mIA_6pz|xbwJGPfQ{>sf@9uvlg{TMnMKQ`gXI(lX89e4Lm4xM_7#rBuLe`h(E4G*)ys&9t*D3>88R|Kidjr<7E zRLSh&*+ol;eA45LP_567A1sc)D#JO;8ATy5~&qWA0C# zSz@Jw6nv%Tu;Nrrj?_WN?wdKjzsr&@XZq2B;v@ygq3;|K70}Nb;H8VB=hcl29@tV* zE=_7Fz3&^Yav+)Qevvh~giB)(^?7+mnac%MI*Ivsr-KA>@4~*sy!*hmfykZWVYZJ>2;JmOs zZ-`kvs^2epVx+HFxgIf~w8giXQ#Ijz-d@aNK{KQti~vto_>Wh@WG_Yn^V}b=L25`! zm)p6C)WpbMZeaFro+~cYBdD7Q z2|qs{f?@9L?7ZcHhj#4>>Cm{Xvjji+ME&TKrmF4La!%kjS(bbuL3Vbf695gHLhL?q;rrgsr)TO(8b*1@o|Cw=k z8`}xWRS(yIjWiVFeL&Bq4!r`D{8e7&P`EoH5FZ+PI$k&b)4F-u2RFh9vSQj)#4yR8 zmp1GS@6Pe&HyP9AP-$H315ebQvI{FIgctn&ym3I8NiMS)(e-;Fxe75kUz?4$n&7^7B{?*Co4ug?f@oO{oossTU#d(hh7%lT&$ zw)5YBXqB4Sx|u6u=+TE+$No&MM##}}XFIJ#<=xTth?~TsO!4@Y*yUwAf`d0Xj9^Q5 zD!a~ye9%h-|ISVQ)Q(>S2M>s`D*3h& zN_n9f%7P?M5flMlP97mdu)DrKd~_zG6UA9-q-0_57s_3d&;iAGC)<*dn>4!#ljeA9 zRotwuw0`-B`26A+P@#$0t3-s5T2J;d6Xb?Zp9Oy!OFTYFI(ojEcBW2D?^OfisFGAw zrS&&=DYpjATLtf4LteOu1T_RjT3EkMk=t?xtaVzil7&XuNe}Wz{S|S=vM0&sb&2cG7+Vpn7c;2Nr+yp$(U%Jn@SqCp5L@#0$pigJoeUaBMeFx z2+r;)bE;{>-~Ezp5G=S+bgD|LOFXE?-P)c5>}4Sv73Z8h*?-SI_VE{8u%Y9`v7#S~ z5mfJ_m$v&#BUo>Z#6I8q7Ea1Jmro`yyQZhvCZ+qKLjpUKcr0br^5^pin-m#nO}4av zJ%8gso^_dql-~R9rSZ>+vM{?s-?``(-uJ#=7s zU;@LY(uzFg^s8<)SOnp5dFwT2T3KZ7^UWVOlpQudXgzB%1m8>*|D*-6LO|=-Vt7eK z%{6ec*Jh}+zqR9^i4A@vy8kcaz1o0=TxKFpj7Lu*!mKuWOLh9Lu#xPjmo3LVK$ODj z*}&f;Nw?N|4enR3O@DGw8`h=CkSiYb7P^=$SI40_Q)Hk@iBzo0kiuh(*-SZoH2W4_ zxgd&j3d<4BK1DxgenZ=&PMl5z{T$d2vVFmLQ=Q?-l;Dxyix-ar=H{b@2i2EycN#}_ zZ%%Zc?1rp&hLX@4=Y6KGJ-Q)S!e`&OX7?aLaeu2ioamj#C zLs+F!S;=#XYwB@uO8i?x7{T8_ zM2w9b{I@<2)TDKX*%EOK;!~&YNB!?Z>3)|;`2J@cAtFu|L+`TBPSwp^#UuRICi-0Q?J{E zgY`rHflWn=Q7V_Koe9xO!a^e|vBUh9#(1b2K~7&|lRocubNheDZNKEyQqjMctv3@> z;Dk2KU@U)DKXV}x5><0IqBHRwwwck^TeIG}e%Y;+mjZv6TLSe%7_+md!osIQj=Bo; zg1xK)(;7!@o`2)EAkFwU2a6<*rRBu*hID97u{u@TZ7%qnb&|m?$}Xb@OYijluiEzz zTYM|SwVLMrphl^o*rYIG^&^A3&V$;%boxyU^UFY?pLq>?8;Wz_jAn+^qYnz3=g2Zm>vzeD(3+cAid(m=t zmAfi{ zq9j)bGH_*7XIL>S_OlC}&iRi>ORSCDB_^U_5AaU2s z4_MhUP4=(0&gu)_*J1F*Dja~I&}r|rD=kQ|>@ta*=?SSH_SBDO1=Cyjk}1#MaoTMHXa;k^6^bWK#9TXqTS#6wsL z499B!<9n~>COaUl6#mJ>dMRzRs8-Ru&rYjqp6>+WTZ2QGYsd8G*Z%ni5Q5f_2e{pE zse-yQ_C=8mbHJ|}7 zO4YP%I+7~gYHK)TC{6TIn=nRg^|sbBpB#oLDPviACdbC^j6_Jo971ztGl7*&!4JbJ zE*p3g*yzN{dnL@O2kg@0TQQG-Cfw#g0i!lqSN{fS14i5Z)*+ zv)L+49b-i(Mw}zf_e8P>JXL786Q7n(8^1x-k@wwnCOp=1wsqD4HR4eRo4glJiZG%( zc9YsLubgsT{VI-8JG@P~0H}deQSY8_C}U>Fd`^w~Tw-(Zf}`}Ga=<;+LHvKX;3x_>J5CGP)^t9RD2<*rFKqBdNO`6 zJ8fe#AG@Ye^|e=xXD-|2VaQ`Q4aJ=LB546~r*cAP3Jr|UA!X>Hmd~H>VjH_;W7`yy z4QHtOE_6eZ4IBk7mBu+Q#e82nU-nm*MnTjqcUxwUC#u&d{9p%Iq-?Uu>hK0bs@2eN z$jx-o57A2XnM1-w->jqH_CTtmM=ij)w(1v$9QyK-1vKXQs%aajhgWi*&LcDTvnob& zCb6AujK_UOzyUy)981Et7`3Ekt_gQ|aO9IaACSbdfjr|WRmNi!6*cy15~M%D3sst` z%5^QT(h*vm+{xbiOA}C`!MZcK8CCkj9HKZg&KbVxvB163aogFhvRvo%u4$^xnzkoY z>rr&(Db|ABrp_h~sGVX7lu>Jf|AOf4jR^SuCxzD9pqiSN1BLW#sIm*6gEU|U+y(Xy zJUc%;faGw_^%pI?r>9pwv9YWkWRMZ(t!L10IuTYRPjyQ`DRut|sU_aH469WsPm+qx z)JwRtr>;%uPo=!;{#f?Q3pEq2Uh%iXpiJOI^WGcLj26pnZib*s_M8!7x8@bOyZj&4 zCTQ%^C}Fjg+DelS&s3UswU^$Wz~;dtD>Cwo6YupPt?&dBg}Ps}M1Pzy!^0p_Fe5T0 z4_japQT(3HBf0O`HQZ}rpmZ?8Vu$X}`pF<>(#36@i}qYJz$X)Y*>rCkXk}qqP6% zs)Pv%)&L0lfIbFyWQZ2B=;8x7C^37Z!NeY6?d|F68fem3GwdX+t$>d%W`19MmH(dj4dMX96o(Ham>BAQ-H;_A7FNE$zby}B1(=-$@K3BoVy}?SWm??z z-_(k?|H1a7t9+yLd{5J#_*`(sr}E#nDS+(-*T)hZLRR@>pc8m%^U&1l;}$QCBTEE= zCklOY2Y%R-wPgc%Mx~d#;Lv@6#{5r+wFjYY;nOgV&TbY;91TU2g-Yv2O<#6hmL~Ip zwVPJMXRPhLIFLt(6Ftrq#+NX!pl8ZU7;v(YfKmC$E87hHX(!zxDt7Wq$XMJ4H27#kIMI5`xyY5@&O{qB_k4Nq^|-e2_nCv?LdL;}-kC~H z!DIaFS!RDV6ufw6b^>cVy4AMocFv$R=}_5Io-nu;R>s$+%T zNdmXJrq8qe;I=;9(&ju<$7Wr`cQ$76#dlxfi#+GmwV!jSlumK!{B}4&T1zoy$p{Op z1@%}NnF0N>9=QXt{Br*5i&wUN-Ec;94H33f=Go9!hQ4(=CW z5akGLqu4euN*03b*yD>N-FT!^M|c`$8U#*ylhyM_vhR&))^%Na6r?$VxTg3DzYB?vq7ti{!Eh8%D}iT$7WZ=?FVx_P1!Qz z_xe9lJvMZ_y;r=Jqa=Wv)C&szmShm~?3wmm7kKq6r6Evi9mnQi9wdPCBj@|^1)9Oi z`$rYRnbthnHP6djm)-1~4cZpn*bB;r8(ltcgi?)$oQ1T~(?hL`*Aw3#h6azdI6{Fzl!3pq%pGow(T5?J%u9%rYR3ijZSL9g#;snM!Ky3YG@+RQ2ju-Z{E-n zj8U=5(_6@vq{}?xm6WkhYDof#Q}~+c`=Dil+r4zL7C76h@>IbfRZDSTx1k{A=>7UD zte?)n;K@*J6NzD;kryUyUvDD?t*@ZEoc2U2b;@1sX-X2&_Mm&QcV@<2ZHgl>vr>69 zpQ36KGmA$pT!DP`;eaKqx%P^nKbEpvPg#c&-Sw5XEjc8_sr6{W{CFh=pHXT|G$OQ9 zjOp*S{Zw^;G zOsNS}`!eJ0XkE}-U)vn%4fAfaLh8kDs#5d~!tZb+sGr8nZOuqT7TC|#__p#m?y(i3 zb#HoEKKr)yL~n4wGVRk6I2bOQ%&Xznb7eC#4-|bPf5XKndemY|Q;c_2gec$38GuqK zvn`QM!+rCkB|<%q=V>VWX44HI8EEyJtK9ly50tU@_r$!_eIP+1cVDn7HSE|6 zjT#vy+`9a^9)WrfM{Ako_IaP1t8N6QL9eyZ3`*MtCu(6FF3?B|%P~f31GsJMdTOK< z+4GHx(yoiOd*2$j}{;?A5X(EFSBZ)IShGhUQF- zwA94J+<<&c$e|*pXva^M;#JTyV6Aa{;EW#NtQ{CXTLlHOd`Cxp)j3~3WnAC6^W%bP zp_RK<*pNDe&@L`1GxQ4px@dz--tT?TE2Btc2fi?;2H*yw$sk|F6+H@i58ddpjG092V!?(h(yX~+< z!xjo>9RQK%%6c0Yew3Ngu_83_wsql$=CqkNj81P2O2*O8L_W6D`qZ@E?`+}iRCdv& zPN@;GNu`Dq2tk0Q*swbP$oD-ZN`!x+T8#$<`p!y$0s;nrzzFn9+^?zAM{bKhrk(|y zeEV^Hbn(d-eafO_&FgUc;{AFccHNottcUH0lr%}qz>yS9)oI&f_M?$2osZRZg4~js zzYNs(rBY(ZwRzyjB#bV|I{xXH!P1Tvb!RuNViI;>r!T!MO~ zz9?ibTHB65Zc=I&rHvsA^O4Og$Z}yr+WTQUi%CwbRJ0|88=@)W7J4;;i zj125_1mSb61z_xT@eoS@3>A>T!gF7KlP$C_;|U%F$$JsqcW)+@atZI{ z*lM>hQy-0??ea_YXk|_>*`aMfY?d@`#KYB-jyH9u&OjiFJU^k0gcf~JC?oN0FP zTo!^wPQy6;WLm98X_M_(6dmZQwXRm_d&-v%ONBE!y}fgMwvBsUK_zgHBF&!6+y(b| z%{@ExLt7HTuG0C^ctyI(N0>Hk;)o|p5}?)MS3eYp{R7*S6cB#*o!V`MSD$>QuLK8U2k z@dZ{5&A9z~Bku@CHvL9Jb<5j^eJP-Ylsy2cw|H{}ej_JCT3t{BNlPA96kG0Kna>e! z$ZgHzZLnRWQ*o11|AiN)I@@ky64l#R&*$NkMYpgj`oBh*MBP6wwbg_fyK`!;X*S%# zk$_%QIfP_!9lXVAO+gJg)$P5mL>hQw&lMy^&G9KIa-lgR^~blB5S4cm6WZWo57o;? zstCc%SWN@=)Y4v}Ri`L@6$fuU8?|)WR11HoHXN(nH^|D1-7uf};7eu|+%{Zv!|`RU zT(kYhgFO<`YWz{XZGuR00Pd%=R{4uRSV=itkwba*OwKl z?gEqq&=w}@$a-z;*NK&}hl7?~X>HmwHhm7y%e%#nj;mInKk7+_KxzPI%CRId9gjS_ zab3@HD-3CZr4iKXsTNbLs}!I@MBEj>ka16A!^iw6SYGgD5Xi6DI|-#|oi}egRno>D ztp)GGD2nS8l`EP~--B&s{nS;Zo86|=cl+^HTCYEcyfB9^QSA?O(5Uk!`_5}&q#jVU zQ#75RjMw28CkC>G+KariRh3ey+#X`7D%xrsxD{e_IWbN_%DgMVdWNMMC=U5$x@F(< zsPTK0B_Q9%+30gpUfE$hIm}?QEgCpTCj;3yP1#ay1n=MSC&=E&LJFrFn zJytt`43=52M1o-#>!B~R8#~JkQZ+*g&YZmQ{F{%<%h_ao9mR@DYZKS@-@RtexZwGf z9}UvhT2I`Yzz`9LdkafmVdhR*++_yJ)0Ds&rV$>7BfC})$t!B~mxvsc_&SXnC=u-< zQyO(tmB61EGU|fBv6<0soHU3072Xo?@$4hUTNbtZMkajf#0Gwt`+FeRaTesiKJl2mo_Y8O z%Bf4ljF^2qP!|Z&c&zS_`qFu-6lHnfN9rQ)5}!5QtS#zzY+fbqbm)-|0fOepHB z6cA*7@Cvi2tJCTwO}`+rZV+{Up23qINKvb&Q7*Q+x#;jPvD0f@KpRrvLK`YyJ#m9x z(BHcOi3C&;lh6*ZCaJSP?pGt#dEca85~H`8SWNK<&85$d<`X9|snIo^Zp^*e|I zklJ{;eD!sx%V6#8W)N8IUy+00l30Al0M^Y6AQ>$uR%6dFfzp4!Bi0rOQizoAJke^F zUDM6S6x#F0Vk$_3+%rH00LU=PSx}ZVT615l=~rbMxV4(BY!k)-vxOM@+~GH5RT;P& z9v*=y%0Lj&8tUUTQza%UWu-K_#xp!T4s`+z0~eOI^`lZ4+S;nUm0BPR!9Xhy?!7cpEK$&>$CSt&9PoDCoZVvv1^NL#i) zVw~TlcG*zNKD8QtMxzyu1$rsm!O8wtgmSh^VaMlt)}WELeu+M7JNyR-+SCd*R}LvA z*)7$X**99ZmDKsv)8qoUzo<|00>foIw9NkjAvj*(EkQx0^m97pDJsC}gNNBkykZoP zmD@(qBTpN{^BoA)WYQr<(sKZ~;4MUI%HVVlJFjy>0^%@=$~ydMg8pl#hHDK4e}M(T z-;zw4R{-z*C&wk&Uhy0ih??S}Z@8$4`JlFVl1z-4apfu7T6s6+J_0uv2>Z?4!d+2G zGx!T$7$m|A;g1{|YuSviaMF6K30eHSyEqu$dUHrLMk;1D~*tCHgFlJP@fj` zX=#hJK4{iy@Q+{rR|68ubOn2bV4sxd6~Zg4V4aGES7FtomCqtQ-FPiZ@8F7xCCQ7N zh77lBXjkGw)6wtfdPaIn2Epw$`r}S}rhSyIu&NJF%Oa3@8U_}I{PgB2SG<-dy805E z_afdQ^l!KxJ8|VRuR8siU96jqBPBb%c=bO)e&*jn{-3UYg8WmTI>}B2oqzk6r*H11 z9f5smyY!%B-qDxLB{jgazQb9RB(7a?bs*)of&uiBxKPhS6g zsKOC=SbA#fmsqJ&rT1!4?eZJC74@s4KFZmjylXjF1!yX&YvG7wNOz??f)*{k8zujxq(mf*J(7i`a*S;ruDW#7M^QSG>UTKQOdpH0m z#i#Q?WKuK7nzivA!;Yl64f?G}#E|{* zxF@2y@5Vs8%W^sn%yRoF7iU)mp8!#L$%bWxxh#Nf*X_)b5TFRH>~ag?EovcwJ9uO5 zTiEUT$iyip)9FRe+l+~FQOOsp zc5?zr=Hsbv`bjkRYDXEP9xQGvnTzIE66Z%U`@dx>6z;aV%spNVa2kPU0g{PAbj?OGe-sC{ii!$qI z2cRL(`>6oH+VtZRpzsNi<&`gz`Cn@(fXB_5|3+)0*h{P@EPjqPYi3yJV9mm4D(?#KQ~KbHI!Q*4(K$w-p%^B%R|?ffyS^k{5Y&*NHQjeE18ng}Asu z-A%A^YkGokqih+#g(7a84Ac}I_+vlBC^oPDjv)|=0yt6A|DFAlzsn$e|IZDJj)&H> zXhzrwpLIa|kTFyI=EiqOiaS$(8#`d|Cd?6**Jpr)B4@d57X{Q42?T_^cpWw@yRGqp zQ!uF(Mo_^ZdQbSg#Ts*{Jrv$1KWL0}c2(+=w|>YFf9yBJ$6HHuHj*F8tb;+?ZlX~X z-o9&8N>3vlBOkJcES*2>PopXw0k;7MCVJzE}eOX>!DbO4&DA>gVY0A^ z8t(q>vn?$}&nKd0j0TL%F5}0#A#GK8EYz@;bcx&KT8FneLq_daphjZ7I!|ln)=SR% zqaI-FY0XoT8S9tV(*y^ETjqlXo`aV@G6S!eAZ&sn?4G1Qtpl(X8vY$y;iS01s^s6X z71WJBT_DLR`K$}C9`$|(pJ$E1YBfMzv`TLlLCDYsaC23eTe+xkR#!@1kVvQDB=9!k-Id5X*q zp@QNTZ|&%0<~EfWKJN;5R9C+iH+eag(q4KcV$?o8j9Q|1Q&uEobb^iEB00($@LL&Q zGR?a8{3p}}r+-IX*nflXwr-1YeoTU9LNfYE2Xng znUbv?u1{C74vKBhq3;+89SV+))97frEy!1TwN_gR()65j%pY>iH+T?c;%!!=Y!zNY z%7U6z8jG|s#KX1oWD^grO)vu(i)mpDkB<{Pm!$`imX5GS`fhGs&~sbUEKHG9>RVwp znyY~40hR<(F0)(M)Q!LnqwXAFzv%}Mufl>)zDH1@5b~3g+-CV)L`!`@MsTumo zl#+EW7*6kG;dIECOL6V`7iCwgRaMB=T8bm+&0NA=6D&mX06QzN<-dSQT)yqfQj%l5 z%4T?fVd>k@nK8{*OVbk%)iEe`(W;~_4SGBo9Y~&yL#>%I)_<~m5f>9DQV8XEqD)Vvh6aLN7#-tHrS`MYaXJx$L5;Hc13_~G(2ONFIe zRPJ*nl)rVdKu%n6weL_xAlA~o3n~w>3ujU%c=ds?%a;IjrhQ#1YHfu((HpsVCia53 z2m?6oO$Z%SI382JXHejQjy$2rn`K41pg_Fcq5)<>@?v(i*>O|1{57jXpufV%4zidi=z-rWoUES(jr^l zELXXVySJMR^&6491~kIIeMgmB%flf2!(4U6aFy1;(0GRC#C6C0A9NDy6?Cwb&ovp4 zFRu|Znipl4t5u(qtua?ez`Wb%ga6){{T;TsSGv&|CcO4}-PU%A!~217nWzr2qYRA| z=pzVo+G+|*;5Kb7)V9zte|na{&eUa@e;>mZct`A#LlUx$O_*oJLc?6qKe}Y{>XL-r zmt05PHRn3ko*`dQ_ps+&x#Ebxl0ytO64;@Q(T;IglI|%_6X;lBe_B-e>A5zawKSXc zLqz^l@Y0*yb@jfZLYpfKG}Xj$8)!B0vui~Nv#^VKkT*c*!vRaTFW@x|W^}4F$nYEt z8G00+X;kBIiygN|B8U`oaKe8;BU3b6e)-?CSiY8Okekgh$gKi&-2Dhy%qM_MQmQwr zctj-(P{mAZkJC~fN^LxS9%;`8!FsVe>*RzKyMM(PJ`4~4K54|-GhnG&;1ljj*%z_( zj$WV0RJfqBEAUh{#+1NRXowiL&-u+%xL+NLEv=WuyYeGU2sFF8JPOt%XA()60(!c$ zW-i|3#mC?cCqY9T2T+y3cQy3wqPfMW4Y0t6Fls}y&_65*_iDhvq2&%Tm@rMwv;C`i z=ol3eZ|Z_UT2`m{^n-)2*e4h=>yqptB+j|DC5z2o(RD-INnsdVq&p zI@iGJC-F)oFLbuNG(@l(FigI7{C%hKUy+E*itRIcp0kKwE!B50qXaA~oBWSK!E@)& zh3xge?k2o2@Y?^zeaVCZe}Dd&@%aCn_aOi8=o`5MK+;b->sPO0&R)Di&ARIB;*tx8 z>r3DZ)o56W6==c!OVG$-XWV-Xzo>Fuq!J*Eg841elR`5M>!3_$IVv!3$ze?)gAY={_2feyDIF9JmhkP94zm537+-WAGD|YX6=)Z zWx3Gm#ujRAfSTvn(9ItlQ{W1od5w}?GR$zVb$gyQF%0N+A5jYh9V1hg>%oS9(H5ro z2qJkjL;x%zTtXWzUXvuenp&UfQ|w4+gIpP{K-p(kY#~bfMs1h#%OBw!q(!+Zq}8NF zxLi2ngqh$USON5fl&k%F$}g?7A~^`=hCvVe0G+5Ih@qv~_kL@A~gnU-*wW1v_gh zsm1yk+ZToB-RKaJYehMQ19o=dSI+e$xx6-Hw4iJq7@|FPcC*dyE_^tso_J*`rPk2h zos&{e^M2{vxNl{j3#~!qUIC^NOQMDcXd*JOr?dwp2sA)!I3*(Q$I@eS`yer^A6Frp znSnJzb8P17f?c;24U}(Us}6&P#8Qh=ng`2Hie~tZy7aliwT7#$>yo56nl@b7=wNsc zgF6TCqKr*svD1-vQ88SDg}2fRG$@L;-CRp!b@QfYi&Lp8j<|7JD$lwP;CEo$9(w;=zlc#-C<2-{kqIp7!|OB2vVd- z6Obw$9Tbo%T?kDeAiV|%)zJ~8_aI%RLm(1*4Kqj$Jp_bMqzfUSp-Cv-oq#jWocYeV z-#Pc*=jM+*c@o%rwY}E*y}$Q;7y9ERVQEC#lt)c#47p|9xNLkm5vL!3a>vCw9DwD; zD#gflj+ZZahedFZA#AAP)v8~1lKMAIz)y5d<4o^Pck$b3jW9Te)qy>e!9imin|&uR zxes>btW#k*!IF#FI`XNTA51p6Br(~^^{?s-L6Qk1t%?tZQF>g5u*a;x$mVC@_|v>k z#JhQf4iwxv-_h;HF`l6LB?C!s3gZD|qwJn-dc{-137&KYPFu^g*^qaFgVv8_8Q455 z+)rf3&`4Rt$jnvrSiuGi!ft?sbXhDL$-_J++yahg^Uvkzg)CfEk#0>KuBc-89EqB- zxQuw;R~7lojON#QH}fEY86I*IDDku~Lo2BuI~s+ajq`eu5U zV?;*zc9vv>l0Uur2<$he(UM-lFR&- zW_+7+@<3$$vXPS&|lv#NYeSR_}|B__8joUJ`=dY5q zqB|l-jMvznjL5u`U3$Cs#!9Sa39}%r-w*U!XBUmoc|5$!r?qe%p^ElSQ`|qxD|MI( z%TsNF4%pW>1RT$5fzOpk-pP68B$uZ{5kWA^qktMbToAP2u4Inj=!5XTH0O0R8H-F1 zn;3jB!s}^Uq#oO{mv4`r_tSh z-{3E(tSmALk8+>yGdY@&II?F_8a(k>Pahz^^jx6crqcs2hzQShoBeUWew`tVQ2(V{ z5D}l(R!UXvhI~-{!~sqt3@U!;M_-(Yn_lcC1uc3%w@Y+uuB+kgt9;bwzk}_hQkPzq zFSX8JG8+~$MYErG0nefio}~|0nlUV61mattS2k5kXM(2q)=ertV{5oKkyUT*^+rTa zImxX9Gf)PQMQAOiYlXMJDmY{d>4aSGjpB*+h~_iMH$q8CmqAW3UaoIb=L@GKu0H(q zC-1JJanXc|N`(FX-8=e!S{GI5`{8htwgIPC!+0`pDoE=@S(fNdf`mPzF7113Byso{ zV?<4TlnT>FbgwzeXDQO;q;Bo2}G zA#Jstt;ix8ip*mwx~k>a=ZoZi82Td*LJ@AHr8x$iZu_R(s4#an9tA`jVyIt?PP9z3 zc6M5TY2IneBZ>hGgkqWTrISgl_sg8{LvsNBcm&*Jdhu&?=0n)GRSMu$1h1z}sVXTw zyDH@dq!;p;e2a^V=k>BkiE-qtB-L#=z_?gjt=vT72hzB_9;4!BG$cN0{cYtAG9uDJ zj~t~6y>pn4*c!QyeClng@DWd|>k4Nj^hlz-$%<{|2x5P}@J z0JtJ_WEt_pX8PprCu+yayo5r?9l}Vfdnt71U6EG%K51L1OvOjZ-p17N#%s@Tz%ze) zMw1Mmlo|qQthADD_`G9Nw?~yr^-E+madbgv7D>*KiFN@PPX_nMP~XVG^=vZ+L+{S` z-XrcJKlo91Ss{ouTg3fNM5e&cvi*~$rNpCDw79r8dZE-_qn4Ogoh-UvIqcuxdC?C zxHx76cz#Y=pIU@+UtDWVQy9+`E42j@YrSB@2aReV;Yyb_61~y=5*g?;Q#q*CiF(9+ zl)Rx$v8CuW{yhXlS;_K9uYo&X;g|^|W^!5jON)|z-b^Ya0~nEgq7>;mhX0@G7c5#} z#E;n0+`)6K*J%F({bJUTI!1MZyb-*~tE%xRs^vmhwdoAE_Qc>@%j_XZqbn@~6e0wm ztLq96m%nRR1$}1=5NbZ>u@@|W8p z^=R>lww?|Ozo0HERsj0%FfcYgfEUEARb|C9fVo%FMIz+)r*rPPEbv1DMnDpsv1wxd zRBzjQmF%g{!U$STfxD&HLA-0CdexNU@s#NeLh>XdaHJjw{`XGF9bNBiCZopEq(Yr} zS&gnByt1)gjgE_i>lOX6SI-fJ3x8)`Y_GOwAcIGt>6bA7_@z7bcnlnBxuN8boFxp8=4ZLoC(g4t^8eqrGjU=*q1PFwZnd6)^?Rb zL}~n2DvWdVhboNHKUEkx6qGcZ zw92ycFUo4BJylz`XsrCPjG%|CxDTrgXzIA`8sOg<8I(K4pb2(s&X3ok3XXSL=l_`B z39u*Cyzu;SwGlb+g5+w5t6 zzGOPS^wr5<6Um)IhA7-2H=Xdm0(6OOWL>4sLb6JA&2Ib3YI++>86|0cJUebgjpb#% zJj!-VBL(xGzj*Tp2s1|(#pQg^g2>t-CZ{=g^7 zjZztQec^Rc^8Mf~xKC|KqOC&{L$5;v@gXf_G#N;ZwbgYP6!2ThaQqTtE$tkOGkT$K z|J!T$jrr3P2%`#fn4LUkg8ZS^q)+LpdTzR%wq_;)Dwd-0hAdf*84N-b}_CA zCaGF;wq)4}P)0=gB~KXuBDP3KstXjD@^xEolzO*RX_*6bh+7k&oMK;F{Za4wR={VZ zJq2IG3E2h4RHWs92XmP0bB)sbFF^;7nk1*eK@m-^7-#v0G71fY`3PgMkvsYj$@NV) z0Tc#Efc_sehooGP^7fx6H~x)V#{LtFL_K$8Z6$srH8cLf*GClX`&H?n1JGPe@#(04 zseLD=O`ziE>w~US|4a?I4%ZsjA}wbw&+D}ZwW*S)3MzKkUudhZXdA-2@`;q3+s*V7 z0L4L{HR&)pWb^N;;w^xn=FO~clEDS=oGd|q9W<b^+A=wLt zb;Hs91H6#VBN3hWjS%s>Jy}dO6}gXq45|6Ty`Amg`|^^B`Ep$)+qr$l=`%4y+e41&t=A|1#` z9f;(fAh`)NUPlwmW>N~glm^{P;}{-=30_S;B3}4t>{%ffby}(z!@iI~y=LB9KQlwK zOG*n9OLH@jdS>8J0JOYZa8faWfy?DczF&S#s7|K`kVdrsZ%QMuFJqSN;iU)q2te%T z6=ALP%7oh95V~R%#)Ppj5JnBRWeK+;bIOgztlpR+z*ln?F#6c5=9wf!muRRxDap}*0H1(u4u6y$D9bT2h%D0`0E%dnE3JrnWaGb^QQ&96*$ z6#v*`$mjF8nR!U4B&t;u(cPh=E3_^P_$ggbb+|LLshn8Ulpr(;54LmGXAY=6QE>uH zFPiTdQFRwk1fxY2ok^rcK#E@wm?@&EKB$c8j?w4Dxpqe z4gp{-MXGJE_;WPBE^G828Uuj_j9})BY|ZB%Edoh&ybQ40yVaFc+So~5VruE!fh}0P z15il&@%PCD2kpe;DYnf!GO(;&$p~X*BW|Pmnf=;8}#m_e7;VPJko*z z(p{!+->JhVW8m5!SOCVgHO;|&%T0&^1z-=MfRYTc5Qm!LG(Ja4(Y>=zbY}ea%q_#g zS3KG5L`|5GHGfS>e&Cg3>aXMio@@KUGmP^EV+Jtef65~u6nTU|cIDEL;T0pzLoA?q z^WCNT$W>sK9Z)Wesyj{gGj5Jc0B96(0?^qo!KXi6Km+^i^Atx#Mi$Yp-aRDx%s(U& zsT7ICShMsOGasdl`FgjOv@7}~>STbu@F>*DVdAm<%9#Q;KPi-nr2KDMW=r(zKoaXH2!qyIWjM| zN9qU6-+2vJ@nJZ>cS70uGbwbNh(=}P`9SM_s>r-kn-uz$ zbk^g0O2cHh6JU_n?Kse8Gz%L-kA*Wx3yTJoe@-u8$9Q#FgD#H{JxyZn=%C3wHp_R6 zMN%V|SU`{6U)1@>1*wDmBj42YObNou)$TP=cmkXj|BP`jY)?G`LjLYu1=|3RH%uLW zh$c#$1<1AxKe)Z#4^gY`fMoVnk%wkT^vE_?bL8 znr>;nL%Ri_MXO;;$sYL~m99*xKjyDUNnCdW#r}Sf}};M-F0c zzh~8=lW3-xaP0LlObOrO899o7+V!OGkDLy7uoUO36k(N3U3^|H3i) z+aLZ{jEDbpQy{9w1ijTkkkA~P;;J0!m}_YGRGc@VTH%hK6{@Z=XEb-K>%eqMx+5$ z*Cr4WB|EI9G7f05T7Ey*hEp@ejY)4sEWp~i1NB|;R5R}t0C`N@X4OG2Ty9;eCxW6! z(D~ky0dO%vsskW#SMQ{j@t^_U8S7}x3F4Q?VwQ&^K-3-DsGpdd=9TCUn5ytg4q}VV z7nVC|k+tI*jsX08Ch`@AJ6Ksw1zL1bjBLw*;mtAtNCUbmy0zp-F@iPZ-=G9F4R#nY8W$#8zh6*kV{uziIakY zqS2cE#o`87reE&=8N7p7``jy^;g1LfTK~dx!To(w*)xDUE+nFW26${v0UGt}xYk-z zgYS3=g<1<#8f3QGFM}T22ElKnQ>wDDYfa?Ioyg=3+}5vtur&3$PQ& zIX)^G-nE#laQAZ+UJ`Qu?1f!`o}$iHhLfQe2?)UD`>Q9DA^#?WAwPgi5n=ASEhn_z z_1}%$pUwVFIpK+(l_*`Fs4J8-Gm7@VeDyj}#pWYjLj@jJ6~H&hEKuSG=$Q26?*;n|#y9A78KMKk6?PI9s?E~Tknd;- zYZEA0!TH)h>=#Vj~dh`j(R~DhJP311lv_RA4eX&2GgGNL_*5CahQ4r-zQ+ROFd+DY}Ra4=o9l$H33Df~ls}KW|Dl-am7} z-=>{TY=Y5f0NwF?`FYW{q1o#bdBa3jRxteexoOrS5+Mv;eOj!*u4Skvv9h?RGCf@T zAn~UM7A$B8EYZBqjH$AMkPLh7IxR6bUub`cZv>rhMCLwV{eGamcUaw?PvMZ+@JBJK zaEV0aI}HTJ-O-x)Q=%?yj3FWc_Z!Vi7nf+4&e-U^ZsA_PLj=Y+dv;X39r1eKB(8sw zSqGRZ(kD6pkU)R{2}A)|0ztFca=+rk&B56U^HRX4>cO4v#vP(Wc6E`XCDVgtw3MHz z;O}w7BDzr<8$BLgGVP$Z<34r$$33OCY}55a$Al+?+GAbiMRJ3V!7fk({ie5^`V{uu zV1c|F4YM{pDY}NcLp-$YQ&{!I8RlL4aiUaC3_zoK!>C~HiSN<6Se#=jljG*Mf)G?? z#k`oH#Ju0M4?7Zv+6Uv3vjw>E7u}dOX{^whb%)=VT%cDmihSru^AeJ}d|yG4vG;I3 z0clSC2d9AUh*Pl3OXd_fkvRoSgQ8W`!W3Psn7-V=1Ur`5F|Z34A6y^}!=J1Td~T@u z2f5${x;)2p;nwgyzj1_%v)51k(Uz31crj0Z>$u^C8zE7*hEHEWw=$Cl-xzJVudMkU zE5&L#mnBYbkfZMT7M`L;<ditI{z+t&_(r-AHzKc)PZQCK96_m8P2|eI^EPI^$k=2))f?nJ-F$2DzzAB1HjTuuAf{sTHQ4qkV|0J|z z0>&MX! zB}UtGK%MZ@QItE5xgAO#*=OAkKUi{2e@{(h{2v|dKq)!p?f+Qx{7BX|!_1>> z#f`skMei{C(kE%pQ+9clQfCI6ivcRAFr~7ci~z>~2=?>XcZ^2nI_FZotyS%lpF<^( zV~ig8#3VJPY7xd5^0-?Vop>-S(lq74CGxcy|B^olofs&c=3&iK1r zpw+NwX2nJqN4zO)`HIZ&6u`~YY$1D3JkeoS1#A__DhGftkaV~E0&lNosJ^gR86}pF zbN%O7UdCe(&?$gfH2-5TKXES0O-i?-ZUQh{l=06kscTkM&;KK~FC@qIA5_cR>ska) zUhRG1Os;Qaz<1I8kC4OYUJWojh`9Tg=wAJg=>Fx#LqL(>kR_0NU&h8gt}?U?hYZQD ze497)Xl!~X4gX;hG%8BVnFY;#ypq&E{HK4x0~UBsvHPKCH4rPpee;DUW{58%$HAar}U;dT{ zEWNj2%u@#U^>RlaGEPX@Hl;tC{gJPj7nV2tDY+QL3JAMKT%R2p98CU2zOV(31W&+d2RSsA{a*ed;P7=` z{OH$kooFTpAtO__^FBqeB*b{Oq+4;IprF~iNw;L0Xcog$m22O2)Vc z;6FqT{B5pYYMLiBh;pg`vbMFyaaF3vO>U@{-ZEJl@)_h#+gyW3Sw9o5KH2ybc{&AC zc@Ol)Wpo^zV)3gx-ptcHdM{bRyY3`p^DXPE;$p=fh?|v0wq@NVhb%h{O#DXQf|SFR z3aWZt&0@fc*sCM2gnuIJI~7BlDJ`?({Ev=GrONWw_P?k;Yoe6_D`!A2aCC?t>m4cE z8?QF*7H#_%QifcL10mhp404@vBFN+b**uP3iN%X77kB#nZw~7~GiKC7?SECgG7eMp zH7$%%bs{&Dbe$Wg_B$tkN#?NHa?|s=pxO7 z#Ufj)+y1I;s>fICg<ABNLSonY;QD+&=G5-R;v$7!UScze zP{=2cWW*zHBIq13gorf68JoM6rbd_dJP{4b+Y)mqwcd3udAEN6!xvUGXc@zxq+4Af zZm0KN6*(Nb`L6e!7&QMh$v7uri+6q}d>phrN#qwuX~7L69R+4U!>NU%Cq~B$#3w_l zwLAHh1h)Vm4|ovrW<%*o(v|`9`j(9Bg|*Y#obp!VLFS0cM$*TR3w5a{_J@%- zjB#m+^(phQxU0Cl)6^c;pc2GL54}yW3#b%3GUbt(%WRi+2ONNEeIIlOHG5ZyCGE?Y z2;5?3%R+WP{bLikjIS&<%>R;>uu0RK#iIsj_T$ZI#pwMM^VHVq@W@(kVi z6mV~qr6I|6inXJ$tKo(OOIm8z%LSucsS-L5S6BR5R)d|qct{t%kX^4g{vhctbDCE+ zfrX#9#6@aN@Y(yV>lqbkkEZmeSI7ef_{7zBcG(w ztwzB2?3%-JkpX4#aqU{RHAcn|(Pw;)5YDyMQCr1j+ftWG#H@`q=D>37dZ6=g)PYEn z$R_hXFwNe49P)t+A-}wd?x98|_Mz9*Rftw%u8kIBUhOE7N?Xx(u4a8?dG!4AR3nS_ z{07dnGicEm8|4aC zAOE=JSGJ=%cTocMDP@n;qsL=2wmucGmonjPbg!w(ZZ{I$ZRckuAINc;d8|5k?7%ok z*IbA?%9~(|bJQWQjRzUI)UH`{tYRXNZUO-TK0E|lE5RwDunB$xKIb)KGV_SaOKH2@ zrFgm8s!33H+^j;IPNJi8?6+UxCe?P>6vq+i-?Am_N?hg|4L!B|PYM`S^T;r(texcv zsYWDpekzGrcfI@@_$kTRZ5P-=e^_CPPiUC+*zBtDyOJESydTQ8Y)sl`miG8rKihq0 zGt$#7aK31-OVDQ?2ImgypP;kL$%E{s3wFY}0@cS0wsgT{Pv$l)hBbv($DsCRHUk?g4+3X8y7Z|%ppfob zc}HQSp)jp~Y4nIi+-}Q*kL@&U`N7@bUS$-}zceT@z*n(%M}?WB!s$TnDhYJw%I}#C zD?7JU=$Y`GI%kOWhN3U%ZfUpATV&|K+nSm5h|a-W7Vwo$BY}ji4(twXTokl6c3Y8g zA#qG0XTPmo*aUIe;8o<{{rcxA{599yjcmc%qRGFvIgs}zjA~2wjLqN2vRFhG!K&`b z#rPVVn#XDeU(+5|Q&@wf{+2MLSX(D1f-HL!{D}z|ki0F`!o4Un#x7ry^J8*KJcsQ)O&a3Tg$ki@bQ-eWtBJ7R|{0g&y{;3*p5>m+24<5?{$Dw5LchY zQ0OVyfOQMGTjPdmwNj-s@C$}*#re)(LB{1;x-tnt*VlfB1%N(T4Er-Vul?kNx=fts zG%%oNnjgp`<=8dIr=kd*oz!I*wX&l4iln@QLVPCSFGLPg)but_I>8OD? zZk6DMw7L>%A$^|DuabLXbFjJ^*|ltMZiC*X$u?(9PC2n_EVe}mNxwOh_0{yL%0)cx zUf@1&gN8t_K29KHt2_&rpeg*UIK|e2W?IoV-r@ zPA7Vst_(%9OZay#rR=+&xL!{4>+>$Q>S{7JFOe|51mEgWhe=22MK7hS`DMct5*jC* zxBr{X!(Ev|nyGN9{fmZe8Eb^ai(J33xOMn{_<{D>Tj-hJhJFIT#ok}8j{5iwEDZ#*|3!P&vU--f7vTbH|z*2-6! zB+0kutCyUOZ&ii$4vg$m77QuJn#1++=BIBTG>$${?nxE$|7JP;@2}Du2V83wLBhoR ztgt;-e!szaufx_N8IQx&4?XL-*dYO?#Y?v&c3b`A6%?xS)))JX*DvHAb0)|xD$x{X zh40NEdMPnJRcfREwz;yhvW=J5kRLX|$jGyFSZ$d5&lp(+t(Z;?e-^+D=*gV{ zwc#k^DiM5}e47@@cUZWHl_el}W$I;OLEUv7wsoIa&+NO-vi3R<0wgeg=#FA6+5Ma} zd=9WRxFMUgi?ryF&ZhwJSVnaw8P+Qv-}J3D5pUFUJt)E)@rnC)#j z=M_NTZNlJF%~fuuD?-jfzCdR|cIO$>OcQ84Tq?>d6ls_|gn*}35im$-xU7&hoJ=~{g-Doi))?Bej zamJ~_8lVa>7B`ho0{D9eV@*zVU8`Q#K{ z>`%Mz#Xd3CKWciGj#H^^10&e5Y;)tUw%C9NvD_T9HDpJw5!K9K-y9YbqsR)v00+rE z+&$R+S{%4NG38+PS#gkb$)Ot7Cl7D*Ru~;>IO|av+S^UcXB*0!I9s1J9AqwxKnFh9 z-N~;X=5ZXQ&Km9-4jrism9Eqf-qwKT7fj(pYf0W(O^907%{8RB(8!x*6AOm7rJ8*{ z!Oybnm=SElc@tCCjf%!9BflMF)X|QweG0bl4SX70Txc%j!#ueLk=k@#c~*nlNVbPN zX15U+6wVZ6Q|~Ix5qzrd3}TxtHwiEMihMfrMnuCdK{jtN?hi=RPM2sm4UNZ0_(=P!oj3rF;dn2 zC`{^hX+P^yigc|x6daYhmp8N1BvTKx*6B-TBMStX4PFz+ja=4@rGpUmUdh2^uIx#R z1JxenWIg_)%nPSpyt8K4M58=($E5G9RgreT>%OXx-K{xW4DYn9wu^QbdVV6|{2S7a zaP__LUT3%vq7HCVcM@CJK3SDj+n2ihvE|?ccJ=#8BBIO23ZDfPpgYIvI;^dxQ||sF4bJ95ttieBgl^+&0UKHNeBf?>jcM zM#)M{Av@wSt1Vqt&|PghSAj-6iB_G+bb#i zD)K1U$^hG5>#SqBzcrMY)K#3oS^})}3%2RO;}3u+KDLL&OrcluSl5@7vA%-ZXw50~ z!MSUz2mPgt5SQ91Sshqzr;>50qBa>O{3$y+xjr7!S(~5W*ip;ExyV09KB_~UY0r*m zk}c9QXXE`yJF}+cJX#i+vKbPW0LIP~*`)-!t+L96vfc#^64Bk64dc=q$0da2-(d7& zZtFm3<7#b!^Ud2+Uw>T8tAWG>_OpB+%*Ts=AI!hY`Fk)ge`$oFQPU!Y{SLuykEI9V zbYQ*}dXcbtmT*9*da&3Ww2gno)_}bD!!9s_sVvW>0;T7vy%vq>mSB?JJ}#Y1K1<+9 z4$Z;+Nyfa>pm^hy3Kgwhqq)htZJ3d9=hew7m>KB&6mnRjN2p^#xz$abnI%tt^R2Sm z7&R8yMlWCEC&%(tGL%?;a9UNaNWY5bHYk#Cc|%r9d`N_9_gV4&{_94RnO;U&=^Y57=nAgYWKKqTe8YbN`;!-O`^epZ+gw$_lFh literal 0 HcmV?d00001 From 49718cda4eba73c9223a66b09690ec25067841fd Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:33:09 -0700 Subject: [PATCH 126/161] Increment operator --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 81838252..88a80371 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.4" + version = "0.0.5" } From 9644ea2d3067d45117322250be7f8cf74b75001c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:44:50 -0700 Subject: [PATCH 127/161] Update trivy --- modules/main.tf | 2 +- modules/trivy-operator/main.tf | 3 ++- .../templates/values-trivy-operator-polr-adapter.yaml | 1 + 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 5b20a2e7..6d4b0e78 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.5" + version_number = "0.0.6" } } } diff --git a/modules/trivy-operator/main.tf b/modules/trivy-operator/main.tf index 20eebe19..200eb6bd 100644 --- a/modules/trivy-operator/main.tf +++ b/modules/trivy-operator/main.tf @@ -60,7 +60,8 @@ resource "helm_release" "policy-reporter" { namespace = "trivy-system" version = "2.24.1" depends_on = [ - kubernetes_namespace.trivy-system + kubernetes_namespace.trivy-system, + helm_release.trivy-operator-polr-adapter ] values = [templatefile("${path.module}/templates/values-policy-reporter.yaml", {})] diff --git a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml index d304abc1..be41b669 100644 --- a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml @@ -1,3 +1,4 @@ +# Sets values for https://github.com/fjogeleit/trivy-operator-polr-adapter/tree/main/charts/trivy-operator-polr-adapter/templates replicaCount: 1 image: From ec7dbc81e33c48d86b54054a7ed95bb636448a46 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:45:04 -0700 Subject: [PATCH 128/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 88a80371..00af4d28 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.5" + version = "0.0.6" } From 0daffec5846d0ef6ccc00eafc79ebd0d0beb32e8 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:58:26 -0700 Subject: [PATCH 129/161] Correct mistake --- modules/main.tf | 2 +- .../templates/values-trivy-operator-polr-adapter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 6d4b0e78..9dc20a47 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.6" + version_number = "0.0.7" } } } diff --git a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml index be41b669..87f0b1b2 100644 --- a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml @@ -89,7 +89,7 @@ securityContext: seccompProfile: type: RuntimeDefault -resources: {} +resources: limits: cpu: 100m memory: 128Mi From ca419339ac4cdbb1755e66473929e2317478967b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 13:58:45 -0700 Subject: [PATCH 130/161] Increment operator --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 00af4d28..c6ce7ed0 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.6" + version = "0.0.7" } From 220739a10cf50f4aab62a35240531fbc60727908 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:08:17 -0700 Subject: [PATCH 131/161] Remove CISKubeBenchReport --- modules/main.tf | 2 +- .../templates/values-trivy-operator-polr-adapter.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 9dc20a47..0d6b1c7f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.7" + version_number = "0.0.8" } } } diff --git a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml index 87f0b1b2..60dc8848 100644 --- a/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator-polr-adapter.yaml @@ -39,7 +39,7 @@ adapters: timeout: 2 applyLabels: [] cisKubeBenchReports: - enabled: true + enabled: false timeout: 2 applyLabels: [] complianceReports: From 0c05c798e079f914a77097b2c531abc011ba866e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:08:47 -0700 Subject: [PATCH 132/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index c6ce7ed0..21aeb168 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.7" + version = "0.0.8" } From ed3a8e8dc2cc12263b123789926e051b141b337c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:33:48 -0700 Subject: [PATCH 133/161] Add to readme --- modules/main.tf | 2 +- modules/trivy-operator/README.md | 21 +++++++++++++++++- modules/trivy-operator/main.tf | 2 ++ modules/trivy-operator/policy-reporter-ui.png | Bin 0 -> 62488 bytes 4 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 modules/trivy-operator/policy-reporter-ui.png diff --git a/modules/main.tf b/modules/main.tf index 0d6b1c7f..b72a12a0 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -64,7 +64,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.8" + version_number = "0.0.9" } } } diff --git a/modules/trivy-operator/README.md b/modules/trivy-operator/README.md index 0b51d219..0b5f7d7d 100644 --- a/modules/trivy-operator/README.md +++ b/modules/trivy-operator/README.md @@ -1,4 +1,5 @@ # Purpose + This module is used to deploy the trivy operator k8s helm chart. The Trivy Operator leverages Trivy to continuously scan your Kubernetes cluster for @@ -10,11 +11,29 @@ Pod is created. This way, users can find and view the risks that relate to diffe resources in a Kubernetes-native way. +This module is responsible for installing 3 charts: + +- Scanner that regularly scans for vulnerabilities: `trivy-operator` from +- Convert trivy CRDs into policy-reporter +- A UI to easily view the scan results + ## Getting an overview of trivy results + Results are provided in a grafana dashbaord that is scraped from the operator `/metrics` endpoint. The dashboard looks like: ![trivy operator dashboard](./trivy-operator-dashboard.png) -## Viewing the vulnerabilities +## Viewing more detailed information about the vulnerabilities +Data from trivy is converted over into resources that a tool called `policy-reporter` +can understand. It has a UI built on top of those resources which allow you to view +what the scans are telling you. In order to get access to the UI create a port forward +session to the UI in the `trivy-system` namespace. + +![policy-reporter UI example](./policy-reporter-ui.png) + +### Viewing the most detailed information +Tivy creates CRDs (Custom resource definitions) that store all of the information that +it collected. You are able to view this information as a kubernetes resource through +`kubectl` commands or `k9s`. Read more on these CRDs here . diff --git a/modules/trivy-operator/main.tf b/modules/trivy-operator/main.tf index 200eb6bd..9ca673cb 100644 --- a/modules/trivy-operator/main.tf +++ b/modules/trivy-operator/main.tf @@ -40,6 +40,7 @@ resource "kubernetes_manifest" "vmservicescrape" { } } +# converts the trivy-operator metrics to policy reporter format resource "helm_release" "trivy-operator-polr-adapter" { name = "trivy-operator-polr-adapter" repository = "https://fjogeleit.github.io/trivy-operator-polr-adapter" @@ -53,6 +54,7 @@ resource "helm_release" "trivy-operator-polr-adapter" { values = [templatefile("${path.module}/templates/values-trivy-operator-polr-adapter.yaml", {})] } +# UI for viewing Policy Reports resource "helm_release" "policy-reporter" { name = "policy-reporter" repository = "https://kyverno.github.io/policy-reporter" diff --git a/modules/trivy-operator/policy-reporter-ui.png b/modules/trivy-operator/policy-reporter-ui.png new file mode 100644 index 0000000000000000000000000000000000000000..a08d5430d2c4a7998e75eec22ef9f32b8fbbc8b1 GIT binary patch literal 62488 zcmce;cT`i`_b-b5h#(#jY!np%0TGej6_qAUN)SRoq!W7R5b%hgf^_L6BAt*#Y6t-$ zB1C#kA~hgFAfX3Bha1oN>iOOGdw=}ixOcoY24w7H@3q#PYp%~MYtH?~P+yas^%5%! z3k$op)&nCJmJ{wQEQg=`ah&;0>1gXD^WzZ2NK>5!+08S@yg2H3PwyTJOL^R>U7KUf z>yw^Z<`5Q^)6GBs4&gnD?O0go2<->=OaiRt$4+MHO;6!hmfqS|NIh#cY*nn$7I-TN zt~n#Ve?#!moSFHDGg0w6nNe$x%mq3OPCX>fOP|#yelC7{u>#fHxk;vsLNKit{4Z37 zj$2WDVH5?*xB_KVX)0%@p@$xD?AS5TIp!SxZg(#M^0oftmG}IFw7;pXQiEM;1ZK*4 z5L==jC_AU8rlyLTA3$A~waOl#hO+B4P z`KoM|^F6T3@@x?F%;@1?_p#g+6{!9F6w7lH4bM}*e`6_mJHh??>g&^}b0Qzwl7xY1 zE&e~;5B=wdyODCad22>f(SGc$DjTDD_ri}m&vd2}@3@c3Gp`|{<`wx3$NI%MiTWAR z+PS&8MDad9heH7Rwzv{J{Oob5&IlC*6r+u>24_Lo)Gp<4w}=Ox?;U5FCS@j|H8 zy?gi4XJ~>-e)At6rM9%TQYV_iGZcMGTjTgW&_Uf?!{fnA4a9}Y9#yziLy&X(JCUHN z7`d_<;4~c7Xw(wLwUCiS3n(;zxkIIX3eeB?{Oy%1SML7#=bwJ!HvZ?a#Rq;L#a4dw zTm`*O)`y`lkMhXhQduJpp7K>uko7l(0|=4qm**||*?1LA+=iwL5Peu3repZZV=yb{gB_ zl<)l(RjsJ}qv%RG9aLw-o!4V4!w>iBdmb6+R$X@O2vV{=Yw!X{avYJs?N&7IF@RXY zR$#-B96bHdtJKy z^m$Ims`lRA2ARZmJfU{*v^z*a7wflBX7lkB_f01hrhJ0<@&I8`T{pSgwytzeZKS>I zyBdYB#|s-spSf)1w=it4rZa5UC|Kb&r9q2J3~Z|PSr{fzh1?HYSEf~5+)$C6IR>tg zLEjS6lEF#OSf=^T5RbMX%fEE-`wY0Z#`-%3^=J6e@zNrvdF0=#9qbyT$)VV>?{Wr6c{L=PGFK7Ka=N#jr9H++>wG22vbV|4%q#5PjD1&-va6WeUwpPEK?!lOi$J z>bx8AK}^O-)qVPOm*%&zI7URA%sSZHu%?Zi5YTwr%S0a+->Y)>|4`nUuO!Om%=YGn z%Y1o0=f2-5)$=6I-d!)wXuv%vBZChuWQQ;*NrXyJ_EvwiCH=ts)n%I@IoI`(b&;Gl zM}Vis@~M>K`GV*BS3;JXP7r?#I%H#=2MR&MW|d)un%;B$1qkS!PQ=y`j~P~Xa$`ev z_MDDd;Hur$*47*o8mej_k}A*i4Bfg*0_UeYQfW*CB`VVKO@m$hr<&O$CKndmvcZ*c zGv#_ix0@wvqYr9-p~i&EOl9c62r&eiV^RninrwcB$hsmRdEY!!--TqMOH3rbqRZsc zm{8?xFO_pA@Gba~Aw&&w@Z~dbV6t0gdyc6UOdCT2gJY5~sEY}Nx1BCElDvDPn!z$| z4qwbF$46ToHB4k0p7TT39%BXFicR4u$tr?t!?&Z&9c#4R`A(o`+G_jknW)al%U5x5 zvZkwx7#F@JKp;%q1l)Cs)RUF4G<)w<8)+h&>$GbVgDS9TjwB-H%4yv%vkK)((q9pG z-;zUjy0-HigAkWwTn0b7tIWB9t=5n&FF(yR7M`F%dQ=<{a$)gZAKO;q@blp(-*%N_ zrJDI_GnM?2zO?O!5ZN|Q#&(i=hw@#_o~978*ze0;JJCeh2>MqG-JvS` z2ZecQfAaCUj|rLD+2x0Xgv?vCPGq$9+g(~ot+4N~z{Hxv0O`8+{rTE&B9WwL8o|Dp z@u~Wi*2{{ayR}?CxYc$sGu?FOv_7jYsGhLWfY{F01c6J+0UsNPZEN$qsv))eJLH35 zaearXCrNGT^)B0MbAI6Ar!&E_ychI}IyO-p0}jL%7^k8_0MF=5SLQ}!swKvIC@yhZ zH_l|^J!F4(i+H;=m@(gXN}~R$+tjwhi$Jdy$H?Qdol^nV!uEHGh%MO{N}Ojh$MYYh z-m0b|g-L76GP=*5KkG1&o0A30&G{uGr+Tr$xQqWn^U>NxygRqSes7(+Bk3i9q$o6n z!tEPPevVkM=zkd*X+hqUJmj^zCp|?u@*jqJif=)*0zDup9vyytrIfFsflfby>~EE- zCv-Hqj`LU%WzFleqkY3Pfe!Yc$4>ACFio!0_aoWLgAD4V1R^p-?w-H-GCrx-=#2#ZH}tD%lF}C^B*2YBNZiJq1z>dgx)f_>=SxL*v-ksmnS*P=<}*L zWZR45r+J)?y+7H7%HmG5A~{fdzI}UweFzw;O7}&-z&9aIp7rpN6bZ4gnNj!UQ0(GC zIm}v1;mU$N2Emd|-x14g!muX|rf`#zXX`UExIYU0QNp?`^A?@)orV60ISW46$yZ}> zW7TOknMu(XXEq(&Mry>H_TG}g7k}-?)Z=;eYhNBX1~N2CM!{AYRo&)trHyk1i&D2v zR5}1FyZ)N0;5POfJFu`E5O?TE>8kV9j_qmnC`e1YKqHb!q`DZ7!Q#h6r>v!VdTjE= zK_qCzYRXP=4)eoWzw?K84$pz_r*p+m;JKxCKtX{`x^9Yc4_>%LEM4Pzh{I_zk7y6JFQ#}Hg zxw!1dgw{@U%0yy!(1*`X1>Gc_`Fg8xBw%lQ9kogP>*BR0;D)ci*Qk5md1%+ zY$|DaTj(5_zVNMlsvtpuX}Sc8O>EB=dCF9bS`OrajgkL3^MYp*y8_|2hmP zlA~klZC2R_hFq7%8vrT--Vx|I!75+#N{24?2s8n1hIR+#A_B86+kXyC3QSLUs^_Rb zfF*J|n3xUZ_N~?F(R2;LiciO>y~JhtT3%_VUUrFWCI1?JLFjE;=ghT(pJwVaU5^2` zk+s({_b&)b>w2oox((Zn)p3AacPVNI<*lno^UA`pYjCC7EpBz@z{-3=3aSI(Zv+}K zq`8R+KA~GoTe%TlSCpxyzB2ON;HDb`?+G3GJYQt9{~9aR5YlDH>VTZMY_s3YBn~E{ zT03`Wp?i1o^#MEoFWx8<5V1Zu$I2^0?ML;_-?Hp2Gp{V;i!@MPc}ZAtV%ixDZs)kI z-94t}{is-kQ3MPAV2)X-8ZAeUSsbqJa0zA%IU;~kN8L3XK98)O8?H<1^SS7gL`&fvt`>w0CL5TpAKLi_--c@@LC=j2Gx9=EPcpBQ^Ior{WNSUYx;t zgls-4CRAZNF%>$hGDj~c0wO#GdO;I1AVA9HbiMC3S) zGIuf!hcxRB_eR-N08S4ElKX@az>c<)eEYz*S_IzoTftZ%fI zy=<}5+q$uKL1`OQLPt=8oOAz=s6VY^28s-T0#)NoUFAYTf)cHEW>)kxwdtFrU_A$J zrkXt2r9hoa%z_jbo*Nh&@>x<1+pp(R%~aEO_=C(;&kAi2M26an!t-TYQ*L}6qZwB4 zLKRh#+*$V-ATQDiy|p?$(3^W7AxrN%22q~5&{>|gcbnGb)yl6n%9iaK`RMjY+SN0m zd+Q`PgRr}rPLa8Bq{H%c6ZRn9qfc&%MATBcXewz)!HKO ztxzGDgak;K41{|#bsry;5m$xxc@L~|N=R-?JEK~n%K=FehOQIL0Pj75(y_rz&#O!! zUav?kX{lDDEJiJ2wmPjl(xKal{w==##fulWhVAnY&72oDLs|kni0>SNx-vX0(maPl zI(~V=&#OMOEx8n4)YYy2etx}$y>mQZqIU493H4ZQ4o@bw)D-U09Leq{?%er0&!PP@ z6IR7e-4^i6cq|9fMYS^_ahAD5Yc#s0|3c02L|#sMN1m?^CUU+T8UNj-vm=ndepQNuE;CXp;|5KbPY-dYDH0O8+XE6AEj~9PU5|q{mu(u>i9orB5Y^;eY3F{9+2R)6}I5V-XBs+Wn0|Q7u`Q~9{ddR z{M`}_Fr=T#4SRTDs1ncW39NA~p%UQM7K(oJ#cwzj9?y+s$bic}64$b1(S@;9ak+`V zrg=9bb#U_KK+-!t(TgI&f{{8J+bxD|zdB}NiEsTMhD-YEqt8nW7rYfN!EI3Nx#mhvVXaymNtG3tj#Jw>uJa2oFFo%ltz!iE{8m0C3 znDO6e&0;rh+?a~}-3iN`qnv(e?+4b5m_{(Lj-#e?`D1KWz-~MmliG}4#@}K`(B#X|BHT`&qWn(dGOO=5A z^tegCJMt6@Fhy7-PjG*dVY)WXOlk9D|NSHSg&9)|ope8BnRL>fRAz4bU!S{;7k~aB zFfedP@b~?rqW|+r{ZGSd|JS(i|HFWRrYNhu51`}E;hQ@<;GYUye9OKgMUQFmm@)%g z^Zx`5p92MCWdV|sl69VwFUAsgH_MpPaY1giF`N(0VibdkUs+k1RR1Tgmj4I+;>)d@ zpF@Pa#FovO#+WB2VS|^CQM*uRkWyuO5$ji=CJpbayhK{y6nD;C=H9kVxul}hjbza> zaJP>e;ZgARy!wyu8D-5K`WYg_riA=G;+NESfA`d&r$GPlIOk|;R&2FHQr5|`%G4|( zH;ZQ*Gv0-X{|63Am=my3&D7ElAu_)>o5*~UEji0I$i@3xNQ|qE8Opn1T_msN>lSO~ z=m7Fii7-YY_8+N8{0{hACQe?hjX_cDA|fI{7DR+aKB|>LgoZMLe#;JvmSB1re&Mv< zDRxsQxG;gXhuMaEf*Vvr^DQ{Xf7u00!GG9xessT1OUkiZH^6)i-thR+pVjwixQlt? zJqCRRG&-iEx^=A+RA~vpt0K+>XaBjn_M{8c*h;O&I&4|SKxIu9 zF&+%>W@+dfbDTbWCWbJu=)R z5}lp(mwc|>Toz%QZb#3d# zh&#-wEm82K1k8sSaSYbaiAh=IHauy(0z_$t2hA1uJGf}RJI5ufgPW%V-mI=8+)S^; zc?a?LBl*olMprxt!Bgu)om|6#&Z?8f+kq|yG1k*huz?vVt_o%IEjsWw4FJVb85qdw zpnnkNTWF%UXDyB|OMS)aIyDJ_-G~SX*mp$F~9bP)P%e#2|3S}{| z6rt5P!Kle%DiVXwkGed9jS@6NMO z8T)sUzFlzZ!Uj|aZ&aQyBOm0m(*42J?{So|>syd?%7W=jcVqp5lQr*ftU1F)Zem&R zn_{1RCqnLRrQS)tu^^wO>HDAl<^A;;;|i8rbU3&8^`-ke)iUkwp0D4;R6hE5>-4j7 zgpb6n**O)fb6V#3lyV1HA5F^@b!0D!2wAvsbED$OSz)V2bjF*&@&Hv7Y<1H&4hK zCWA?Ug`=tMvDI_$tj`m0VnqxO>ms*8s}IGj_T++x5_$tOp5P<)UP|}5_yRPbIVHE2 zmhiNgeS^7#(@9l=6qQoa*YSzE`e|xC*x6A1kYbUP!`k<;1jQ_Dt*B*&1SvNM#~Q>B z_~C9WlKUZ|0!;dlD&2*FtU}0`qpsh=w7epsNH-2w3miSd=-4%CKzvf73o^l-2vEg88dgO@om zKTMK&_L+OydDMV;l0cv*Gr$Wq#)$^{>3#8eLTr7@<_WCxyNxrEU4$=-_UlXNJZYaO z`Xb5y3C^{%^c6V`nLbq~w)WXzdo$ZVs{vZA?a{D{1OyR`58gmz{Ga)cL0xjkpEauaPl_~;v+8$yhyVY&{ z7odJrUuuR5?YkxXp-AYJub~1{SMg>z%wQH2%x!qjj;kvbimbJ*DRbV658V2#F2A(2 zh&ri`g zmI~?b>F}?8%sks0G@qKG;`PD7Ajo=sq2}BqYr>R7u-_ahSxS1X=|_|~5Imn+DdY9s zRWC@*KKAw`#VgLw4OA4!uY#(xygV9|YGr+SEpX?ke!vUsXMeNcI#zb7YBGv8wb`+u z)9xRovcuC{+4I0X+bGC$mJPA%o62~CPt#WAtet^007pn&1DZV~y_zd~k!n3uIRKF-@G$@2q7Ma2+B(6-8uKFwoMB$FZz9BCt5eIdqOqxQ3azKAU2-F}SjkU;(SKxN2d zRm>5S5??i_qI-Pe)YnAdXYy0MCDsy~C9^*qe~Q2rLd)#ik@bV=>8kD_V8G|f9!cdL z-5apE2a#5l>@B`xiMN%=0k`v4t7jnWhS5## z&D=xxr8)d~pOPfju4v7|KDvLl<+1~{uKBPMjJ}b;)NP43V|HhtHG>8(o;bEb?m<|u-v0j%7^>y{1K4XNuS}Yf$`eaFB zze|yWw7|o28U6$xF`3Q5AYA72fykmL7sbK|NR@6_b?}ZNRBEkBY(~>>uiJHVSCD<* zA-iTtc4V;+xlVq9f*Bdq=LOP0cyLa~%P@~y2RwLaSj>jyCB7_wQe)Y6ElSm5KB#_d zyK7}*A{`z}O2S<}eNy?nn4=|>El1h$=jz9w)5Zur3aKiFt8sdbdGw&e*S}~+OMp7& z_q)7Q{0PV1O>H|{?z)ZF@Jp5FW-C$qb{2gsBU)W3^NrMv1$XRN$f%@l5+I%9SjCNE z2PKeLT?26iR43$jP&Tbdis{Bv3!lOPT6$!Na^#NV5j53eR}{Ox5Iw-<*Z*$GWM~+W zS1=fU9~B18dJfJmf~zV?-j~Lz;YizWzchnKX`!-5ShUVGi9cs6tC)&8xX$hh(mpg4 zHy5XuxrXn%DQZ|#vJKt-E9m-&Qj5CFAP!qPE!RAf^;nmif6H{PRBn9M3FZF>Z@$-( zpK0>*toBO~4Pkw2!~J&9y5)WA;PA^P6S7<19;Wu*n_6?m5lhd-gD72wN=476ISn6X zkHg>|+k$(UrEaaEd3~U+j}Ohyx$#L1d!3FZnUMVPZI^NbcfH*zZr#wKB2!WgTu4-| zGHCR8g@u$rmRnATsK-uNu`%9H;gp#&jFNr-kCyEl?{$P5)aLdcH47hGODoVm!i!%@ zefa9&TfSZxk1^wgJ)w$RbSd}(~a3GxLl3)$`*H={1EkQ01 zTk5bwf!W!AE?ZC-}CKT>MR zhhNDcXO=1OQcB^GjWd3QqoJ|g88&$zk_(>GF}oA}5}y6tJK5q`xc!Q2l&Tv;5WcFg z&&S5I5m9HQ7?`s^R=aC??(13T9Oi~qC49W$+3TfzmA@s{6Qo@)gnewjNX^d`j}`;2 zIcG=3ni4}|Y32LPz8Fr|=fiP3T6>u(rib|P>jx#Aib;rk+f3QgrygE<2yk&osPVTv z_Da;^3B_PWQHH$N2ccV=1b56u63%_se}fyp4y~2hPMy*^hk+)^x(y-15ZmJQ+y;jF zTXyK^n&*tEwdtMgv$d)@#VFOfec{t9ri&X0dSwy|e~ZO^lgyr2(GuT-IB6vGnOSL0 zb~JEjh>gY0^(Xitw+*O&#b?ES=IaWX=aUIqz9$nj!H%eEoj{ZpW+zG9QCOQ2b1@oc z0~=e#b&c9qPosQL>oerpO;=!gU)VE&^QB?gtFa5BrSo}HRpN@#4G;T|9YqsHjx3R~ z3%%$45wcUnqiX=1a5%5WN{>@VE#73Dt=hP}@%XK`Cax)?rTw|+(eFQKaAnJ}j4iR~ zseb#e%X(RHX8V#cm8~~f0V9rGc`+n!F-+G7RvD!ckN%MxRUv$Mx2l@5oRaI)H3gU8 zr1K4gkMHw%ux2<^)zVlwS}~16@8pgN?#ya_YFeiDIY_l~bjS#_a5b49hbo=gEZ8G& z7_Mt@P@6P1W-$soyy6O6{Xd4ugX^7k4L<^Sp^aNFE4MeUsmvDRq=z26k6BbN`6$Es zE=w1hgJi-!VqE0-5bQ#y)=_XGDBB-X^W@^>1PnJZZ^p_%c6reBXQ8;lbXbycuA6nDZ>_fSQfg237BA1zCa;h5 z3<}|gOq!o0vy&jXw%|1lP71Aj*LEtaIZz=~4q?rXUQmX1|Agg=dlm(Jg<{db$rv(r zR;qz93=UctGnZ2XC7&S0bZGkdS&}9C$wXd#Cpv|>8r=fbqmQxGr0*+FU~iO>r8Ak! z0%~Y;aA5@=<&-8a$gi4K*nW@Zypfzq|K2OE2mIikFC8zPT!4 z)!|YXs96=*bl#ht%2~6|VV-&;;_x}U>M8&`g``yt83$)f>PR+gIE_swJV&AojTqP)L} z*&g(@+-%9|FI?FpkSqlieB3NeXKv<L--<`>Kx)7PF|=vmZ`znnU|oNdt}`{>N(8owSO9Z8B?((VdtmK!cJpn)m3r(_ z^wf254gEU2ihezK*FVqM)0u{mKgX!Pb>Q;0_h81&d)IxQ&}KPv^ZK5`-%h2-ld)0c zL3YP z(2xD0%6K|snq*P#oD`~b4t^IduG-V{uoTL)7%s9fEe0QP+3j~SH#@jG<{%74uDlAhkk`JisFJTgmF*EY z^6u75{qmb{@QZ+G@$VkIHHvR$9v=#Ww+N*2NqEC_UyVN!!r84$LqFn$yU%pVSXLMu zGhGrTpiIZNXI$rzF?{SvAzOjU0u*>c_Z0dxOSg3n%`++30&p4Y3?(#(2G}ZbqC5OJ+pyv zRA0FRXty@&ISmer$qfO~Z+J9F!}=RHGKR@1jX4+aq3I*?pz>hJ*g8wad#t zjiv~|S0LdkKLA(FUj-*o_D)c=0V$(f5@AytbzySD#Xgc0O}2y`}0jY)QGMZQlHUaEyJe~Gw&_qAljl+ap%P;tH` zjB33BFtw*IxWS^d4IZ79X;NoQ)Kqx2PfX?)6E}I69Z$hEysex#Nt)t))2qLM2dWxn zcR8x?S`F}E=X7#l(Iz{t$64;MFi$e(h7+dmm)V#jpA0upEHCz&Chc!DDiUrA!35O6 zvFVpv%FAkI1oU3TGSeD1rpku27V6mhu9MK##>wE?AIhvH2QM;4?T>rL5^8)oC7_(r zlBqEKj&$o=(|pU))w^csKy``e*irX&MuUr&zBIVeyEH`{)=!g4rNzCjG>T&m(~A4Vx+JiLgonXm(jU!)fO6tq}dNo9UBT{!WVkILUWasc`vdtnWaf zxHq5s9oPnN&3}rh`nR!kCuJdn8oK8p&OSJzKVZbjnCBk4ILU+1MT?lJXFtqTUf>bk zDyT`t*#$QzQtDQSmZX+oBz(}6E*wnF^GLe$0N9RQ#AsFbIIvvVV;*kAd#UU{r*d~* znLMsEvuS>hrRQ%(Ov61@*jE@sBfiyNn7W>aa0{;O}ow z`ta_X7gIXr?oLS%A5<2YAZ+f-+zi!KV+0$;xByIsf`KlxckrC?f@pOM73UsU#_r)4 zv|^iP?{*xtqE5xc%(Ok#sJW=n0#fY2?o`N#8@U`bADWD59&M!#N)F_0TW5P)(k>Lq zg?X>9D5Z1@EO-@o7=3x$wEaaP@FSnAbC??=kr-5=9bciSGa{t+o_lOt$@-Moege>X zBXeU(M1fx$5Rq$MoigA$ll|eqD?)C`mEY@ zbCaXaATJMm@*P_WYumnom;0p4K3~|#Is-|G-P?IpIq?RpVl`b8)K;HjHTON>$IF1A zTSiNj7g@gk!Hh%MSt7TLDkvtZJ26go$C^q5ZKsIiFBP_(cO>y{+@?Q3ffB6m zq4g&V&$@FHV^*T8n|K_qhHWY7hs@Xb>Ug_@Z-zWNs08kSxS=X$@h`@(JYKILb32rD7W&dLVE_PW+SMb(8khpjt`YvZgoQqbD1 z;?5Iw?%i?2u8K$PO5Oudp#9PJgHmHYFqw%VeMDyZOLJSw?sW>@glljjqK+|jtl0gP zdraWndwWxyuWBe`<#Z;xcj%%Ul2br5hc4Xn2B0Eoi|O`8<5;l};%3>?fM z!FDSirE+D^p$`kzevkH{L(1yS!XAAWr%gQ364hfXkQ!GIQhTBO#-n)=w=7v5<9R)m ziY?O^;M1AE+EBws&JV?Hgm06&C9;P;v@ONd$VnH@;`L^-ag$rO+svYSi|0BJSCcA6 z195c>&&Ia63+pvPN(LV;;oO%xQWh*^YO>YaiGV4M!dFvHF|bNA$@aYAz4PF%U61vJ z-DHd2hSCt8oi$R10z+Ax3?Ac#V4l_hk%(CQa2>d=E^zZ@nXe^}1z8lioS&k&s6>B= zpYFg`RxQ5EtF}{uZgrf6GSl%bDnhF)xS7!zhwv1A8GkKZ?kzd!{SLHZ9IeB>Db`UE zknl)omUCwtJPG7?&P@-Kb^KVT@4dK@g1|~cpMsJ(+)Eu!h6yrST|P4+*Z~ z7E8+ei3{_jZ;XdQ4dpngWnI}*>qN~{)5@dB47-EzG>Y@nu~k<0;m+;jo<=>v>bUUo zgh$d%zKJTk*zzrc7sK*XwTx$Z@=e zdo|!~0<1b9bZqvLB;x(0(-7tHipPMS-a#BP6G0l6A>qwJ-9I`#b(=POd##bb=!^aU zq0nitN>6brAf>%3(@t&NNUus&DQfU@9J#^a$>I=Zd5sA+ch&y}n@lnhA`wGseJxct zn*W{zf}OIk}aFbz^MXos<2LnG+bC z>&L5#nh&IldMw_Iiv3os4YiodMJKK4kKftByc)FKRa{WIB*sqzp5? zH6*yT$7R|*M9WF*R%8zG(=OAfVnwAjzUy`D1FuuErJZIp6!i1FGoWqB4}~`n5S|fR zs$$E~hQAFNKRCp5AnCDX#`ajN3wpl0^=w+7K_bAd=)Q3N(tbl7VsUdcm0 zklzX=S*a4NeocdoH0%2~Dz>XM3loxckgo9-umgZfJKMhOo)#&Ik3W+vasggUrpR{_ zPF;eI4R~pF2tiTM^C9m#%GJzmW5J})3DhCC)@c^yXOVR(gZJ}N7yA3s%3}BYvcg9! z)$*bvh3K=oHqBN8^J<;=LuMI!mIg7Fv)^7hN#N=6k5v1DtCkniho8AoQ2}`;$RA%{ z99uJt>$8{%$az+w80x`;4+grv3x&~Za^~&~23}47LJxHsx(>xHy$JE1HtjBxR9p-Y zkDDLTld>EM-1WDu$$==JpCT;`^gZDRlf7qOPANdy%;aR+A=ct*G>GQbEDpOHuOnVKebc@Mp1#$Vtc3Mnx&^B)~~Y zYpbvxue~s73vUn(!Jh}ewV=}IE`4auY}i*>!<;8BRVs5V>o}6uxxQix6;eQ&_UI_^ zsHvgip2aPCD=%fQYxN8<068POjBx5&E6*O^pNN~7t|@y`AgwYFKe*6;%=@si^7)*f z9)Q;CpIIeLb;?p3g~Q=~mOGIW4J<9QxP0t{4jnoa_1ZIx4zylEWt3?yzS~bD>ckuu zQZdnkDC+mmOtQao?2sR$)qc|Xfl$5Woac3U+;~9!Rn>A!DK%w{CLZvfc}x?8a=yxI zvH79Y`|o@v`K({3NP<$KM4QNO?0>xO<>L2e2Khh|5$%*8I_&VZmx*_5IhkBcE?QEW z^*Y5Oa`kgTKc=h8g8D|k6g+dSFVqc~a7Y~(;j)}p{m#048#1u*vgRlAS?oM> z!&|9g{A+}QIsGG47biM)dg_M8(r7V%7J_+lb)O09@rPgVK_65fc~nxJp6NSwR@@v7 zinj82uO3Ax@f}zPDDn%=w4?*8>~~VB7ENBxey%YNbu*{_DgU}?0?`)I1$K^B|M*M1KiesX>^1jGQ&F%qny;-glFwZNS>Hb3K^CmUmh?>?$RCVwGZj~ABy2D#1wj+a`{`bI?WmJ%C z)_x8y1%Y++PP)YctZB&ekz%h*;boQt7y!8o_+1Cc!s7nq&T(|>J;wm-RUIp5@p^=$ zzCXKpXp52ar<=!!&LQE#xlyb#fhLDGUJkF@c@si!Jucvbwc(!G2Zx(HTOi4A4V(U6 zF_t#r^l;$R`|eI!t_pIQ(N~n*VwJS*HwVjIU(YnxVD!RHG1`inSdz=a1afB|MBv5^ z!)~%y(%R-$L-+TafZIEF4{-(M<94II!4EyMpGFO6ztuVYtN-|YL2FOotkp49NurgN zu?;y-F$~adw5)HBmeV%wcI(6FL94??%%{tGN5}D>+pXO4+v}^oP!}xb3YAn-|}!G7^XkyS0vQ%dOLf>$?q6ZBZs zeJ+QzU{La{k_=Cr>)UDH5T(Bk-gJzmfyer&wzU0e3mM2f&K6r}&r54BO&gI6PUd-U zByr2=W1e`xgk`b|aT^fA$#Sx^Y&VX5fR|mVwA1$GuQXH^mO0Ssv@0e`)T52n{gJ}h zOctB$*s>_utYAr^hz>ta+sHL=G5h8`4c@AYO2&nL$|x8%Om6HkC~Dk~tC3&C22VZY z3ixqsENAC^?BcF5Yw`OKzq%Py5iNyV^MmDGC$iZ|z8d9{vBF|NRd`A@GG9JQKS`~HZO6>+iPvag*tbg#xUHE(Q)GoZ(S8SeAZ9BFOe zrW6g!en8Yf_plX!Ff0F{Ga6G4L%DA0A+eNB;86RSfAhHV{nKm1?QHBtRw{NoX8O0n zWasMhtln>{td8%+?6U&l@(Tl7rYNTam})FTb5yyK=>4$G^^XVDr(pnc-}c~f6uStgTa#V{J8&G59)EdMIAE=M+`7^ z`*3&&P5o4MK;2akxkVLN0M$Pn=i*sNO~ef-*3BN{-J=VG;p1z5#)79m~DOhk6( z{WE{vJ~ACQP@dQMA{Y!h?dI#6yw9^0yRRbj`FAGgbDvumUyP_k?f$S|cv6i=7TI^_ zhISdY`m?7OMDbEZIu=WYrNaKQ1#yi5J^?9=gZ$|37~a#=&Ze+w(<^t;L*ge-nbc(U zV~&U|)RkLkHU{ZGR^n|*+fuBN&`@|JlbV_#V(m3I7`x@JCaj9y<5`P6{0KHMiP8|I zJ~ua0M^7ht6L(Nhp4jP@6YmC;lT(eb@*tm65qbU##0Z|PvdQ-zVj*;YF*9MH7}lD!m{-!JFu3G_oL=9lhRjeD zVPBEKjs~$8gE*+0vDro|XQsvZ%Pi~0Z?~mxKq$k1fCg={$1y`zj#;D?1$VrSIEUD^ zQ7c}ULCu$7ww+DOB26!KzuCM0U;7lL475A#m~9fcC38d2!{C)R zGarvp9ouRGNSNuGPdO5$nhnC}3`2+(tQ}$r?kVQGtRl3bDaEB5Fr`h@t#Q6$W%rTb zEiRLq=mYAgnqRo^?(iHVctiv^c#{{@YaJFUulq`$D`^RY+ zwK!>L5izV>GLKfsd5X&swGuF-_}?Um;4`8xbI;9gMXd(+R`08cj$e7=HNvy-CZg@c z0pZwml0kVzdm{YfRIK3i$j7888CTba*Y$g)VvghTEjg;xQNFgNZ)^*&Z7Lxb(ScEj zN*lHojvMm*wV*8dm)rP8Tj#S2mL(kKzFfp!<;B$Q@$PLkliLZdX`<}uWfi_5zR&h= zFOYM-eQeb)SL5h|J<5BxGkG8y@by75YiwWB9BR%wDP=fzX|yEz{J~&3J1I=rzg$hP zFE?!Ioi)udx#e-3mGa$SBFtz!MSxeWqa3!u)!)XiN?LhD3Bh$|dA#qJ5H~A0s7mZn ztE?tv;7L~jr3(ng-)_3c8Y$BWa^-aPsSDT?0)%8OeW>H^4Z! zarjEanrX|`8LvyC9o-_sSn1Bjf78fV41Ojgk5zWV{%ST|Y*V}=)tEzGOY!SWK5P|W zj;2V_%l!rtE=~EE4OFZU6=YQ#b;3fHOS>&N5;4(x5vpOle>!@dW`jpSG42&?f* z_q-W9I?5In7KX5D7)A=hYHQ`EyD~}0fAX>N%Q%Jgzm6zvZCC%Dt6a-%K=!{L90#=Q z5;HTk$K@48nS4bg;jBHr+5cV#mh>1(lbh~*!6!*z0bgk^>Qx9rB0kyVE^f&*_g>pk zqJm|82(GieXum_0RFE9P2rUT<)gHe6UrG_~sP??l0oY8t?$#`_VaDiHax>Pv`!%o+ zj5C14bN?+DY-J6qd6pT0PXDt>Jh9Ys@^jEypXS1)zh~4R#U-{zL*a(2tN!|F$>pD8 z-q^-8>a-zDZo3)r_ z8b1@!eh$9cAoXto8_Vb!<`BQz|65*vTf3Mnpl5dvt=gGHDJ}Szn%cni>j6(qX0^YT z-;jjWpqrJInYdN#Zo8vDsK87Nia+ zd*Ym$f9S~Z;es{FhzE|qtorO3xTV44-OC{npREA2Dt_cVr z_^KS7T{d3GEJVV`Zcl=-er{aT-x{qN>HuSe9b&cKP(}9$%}XT~qt~Mm%i}y284+Rr z|Ln{3WXXq^Oxa->=gAkxh;DZiSj4{gt{2KoyO_ewX_lRaZ9;3lZpO^gLSM&~?~LKM zJ)LggNZoPf8wUtGzg`{kyegKtK>as3hclLm(?4sR+yzcQa9YjRP7NB!nC_Aze|!+{&-?$MqxiLT|761d1LLY6@zP9ph3mhWMINy780pUchct@{$vs#55+v@Z6f zHE6-XiybzV1FfL!DcKu0v_M$D>h`~1KJtt8bASEoouB-} z?6-5iI@1Lv#V4@MlML=93C%I{gN3be+^RHY_oVN0JEwz~l__`FID5GztahU!dVldEp6`EHO~mrQzkKEYOsrWF z2@gFyx)>XzuLDIWi`XwML%-#g#h)oP&wor$7aSR?1RJ={n|2%vX2u8pX`X^FMjpIW z-p$Ghmj8k*khmHbH@GGUKF7^n=nLm|eg?B(WDE{G`wVd}IaVaRqg=AHoAs~H zbw!F^YSpm)5S!&yeW7G4oCbdnidkA-wQ(5_%K>4_MkwGxg#(VD^8ZEHo5w@B|9|71 zI&Df$i9)DsAtYP&BKwwgVhm+x>}!UhQY2-~zGYv=%vfd&#*!r2w_zBD?8_JmV_)ve z>GV0D@9%rxkKg>!A09nsuJ>}im*@8Cq?kc*WI4sx3d3q5-i3Le0*7bV{VZCVh)!)I z`w~8Jb*-JN0cKNne)^yCyCq<=7t-4x=0Wxi1fn37#)0@)Zy5%%=RRQO8a#?_ z`89HV8UMZHM~82nDpnf4ZhXu1;X(6T{@}5_)$ZWb>3AL7%(sLmQPoNFVlteRTWPZS z->m1ncfND%*SSR<3{~i*9^U&tdM5l<_TBgpqk607d;6Nj?)9Sr-T|(*F^T2m1m)pN zG7BD8yf;QqLW}@0X@Gh`*R_5i?IZ68as=zO#yMHS#pAzI&*k+e4m4lX+V$!YucEdi zQ%35?GQ9+&FQW{!Mo_BvO}953{#l7;v-JI7$Szd(L)}DY>C43@E-ZuQXQz8J5E2h9 zqnvV;=DHo5!T^@5k{lF*I^#OURi#sL#x=%>w+aG8?gVYmT=^Bs6Fr>V{fDrHHkecS z(&%y5x33BvD|U(*&2qQy{gbMLUTlI;b(@JH-8S61A)yhke?so>t8JBv9~m7 zP%B0}&H(hY+fjqvfsi^yFW*+5Wr|*k_g$l?*Q2N<4?e7YuS4A(@5tP(o-hZ6TK$Q; zP)}F8X(3T$s?}&qCkR^24-J3Q|Jv|yv0JAdW7DYQ(q`jm6%(EBG+6jTNpl=Ede%3m zPGV9xt*;^Y0EMM6JJJ^2*~>;=Oe?tu=!E}?qj@=Pe)dSIbw~K3hD%IbAJ`yoSVE2F zIavp58?-T|Su2UG* z?#<(mdJQAI4Zu)2p|4X9R(xj3-Zphm!KKm;q9ik(LSF1Abmoz2~m9e(m36FWTMFgKh}- zP(m6ApCwY6T&1c@Aho8u=MoGZofDWqLItU3O?!%&&WEtUg8E&+cF=G0#*zDHh{c;bj-=TUBkF-~ zBv!Hl%~el~{K0M}xoS`K*n27%gsT(Qk8DAMOciA7`w=;bjxCX$J9b~hU$a+&@R%Z` zCeEdIF1#pA8rlFjr^WGMly5QPwU2xJ_tu?Z2Dx9Y zS=SpM`9O^D@1^Qai<04s*=vMGDb^)^o{*< zaiLN38Gk5y zW%NpK-%{hi2Zd+08KaSlGs3ijI!)KiC13uNTiE`(#^HFJi6vl7G;JTz*`I+dT3~Uo zYrpSNeQ7ssjSdfMpx^MB^TmHMk>F#Rjw@8DZBWwK2JwYv`R0+M^n^PYO?mr)yvMf?+VHF7Qt`2=2DzM(yXF9$_ z1I_G?#(~{ztG|Z)$3r!;Q)2q8`j2EK^EAzL>73{iQ{?OMz`uv^Ik@PJQi`w13UQoR z&~&;mhh>&XRQrMrUqcS+D~BoO@aC=NG~` z^fpti7s4jaUOdo2&6umMS?J5$f=1a!uvr7H>SahC5^6v6UNYd;OtwmtliCnAR3ih) zKTdsA$*Kqa9KlfJ`EkKiV?x!hoFiMhZfWtU>HO$>Zw zvQ+!D;X-r#V4b{KvH25eiTRzFln+=*%)?Ietj@AVC;39e;-9CAJ;R>DvYq}2a5=ug z-lq?wC`@@q!fSlHt&cfo5}PBO4ptg=^t#dpW1C$8gD&v7@A=dCdmWO1TmiGnyS{>9 z5INtU?^$u%=p}Jv?$bzOG#|Bc`iN^e^J4biv+A!lmWJcLU-I};cFbAftaE<)kn@9Oq-)=VO07by#W zh}^2PomE%-$983ZNnS#_Bt%@uNH54nN*Z%j+A?JS$}Ix2Y;O9FPY*_rBv31-%*e(` zDBOh!Sa>5~O|$dVVp;JL|HEfl1+u__bGLj)-pKfm?eccn*^+EuG@(R4=Hc?ZNWH4OY&PrMH)uH+ql)>%AD&skA_QIJWfWLPAK@_h*atnCwkX&5)&8j%gr`~Jdc$c7r?g-QuI_|ab zqYpIT`TZtEGhY@Rd((WQuM%yp$#ERyxodQKw#{CnU?9-lqx7OClh{8uu4 zuJc^xH?-W8L>BbCRhgl9ox|Ve7%%);*W&OV(s?h?c(bS;hDpc_TuNZO=r{4}<3 z>%0v~tz03@Dqa|Z%1yC7eqb9SFpr{(H!6R4k(?nrqVpzU?j+>^0>*L1>UE^@|D`-$<>bj^?>cWN?;A&-sy!A@M*k-IMUoQv17%e!fx6 z@bwxyDu(SjQS>@+;{2M;xa8iWDEO@yP%^IHcaZJL7~IX z9{_tezz-g^H23tMICZK2KCZg)e%E?=o@I2Wc)8-l`ZMfHDM@k94oCJq>xe-VIClWi z6eqz=1J?6R$)X||;FSI&6!u5K#E%U-<&h*t(&h*&@^O_}d)(D%%hZLkpiHwdkYS_W z=tDi)yt~lWldBU#a=`sB^0rC@GrUuH>eNXS6!Pu+n&SR_+(M#WsN=9gfC{T|@km(8 zC_1M6pbnCn4PZGow1VCt&*X0{cj* z#cu4b%8T4l2-UD*n z;m3ray|-g#{vBh-tALnN4V7PMkm?M;^=0F-e)7&HrHl_>xYpEZgj5n`YKxb*g$;d8 zY#v!fB=X+S#nlsjmVUlG^POF}fNH>`7qV4=FAiu4yd!@NGqoI_P zWW23qLSS!^bbzO*Uko8suJjiha;HKz2{UU7aI&S0FM?r)phznBEej&C=Zt85h_=jd z*4TOZ3KV%$z;aM67&TNZemR+oesvvw8gOi?UsmSfD!MB0H$ENBamVOx-`krvbOuU- z*iR;|fezR>Drhh(;M%A_mCLX+Zo7;bxfBxR^Lh{5GOm!e*8G_k;O>gn7!-;5u^k5m|Z3I#3k z83He57QGV9JhMmKJDavr~ zwkVhai)nouasX8c(eQZSbm-u6lKTeyt!#}(|Jb!6>7wM}8tGE!w6Ww;^WC`1W3z@c zgVYaB1?()R0CiTHZs)0q@Xz^EYQNNeG&j_Ni@n`*wHd*6YPlaTTVj9H6$o=AqS+Y zL-?%Y$Pd>(i5)5OnF;ir*~xCYvXDcxcYvC8R7I5#k}ev`F}T&8o6p#l75IkA=N>=J zVN@q8zXGLPBl&xi=-Sz}-RAVInfc|;P9XhW1b7Fx5bjaFsUN|dEJkOGtU6DRq99=W z3@Jqtn(z6*7Rht>ZXc`NumqtTL4L!z!FrY~C8{wzwpVNCIwJD8^b?(DKO@Ki8u<&# zyKWt!za9f8Z8iN#PuYC8bDlj%*1x6q)tVnSo zx?tGlzA<^c2bG)j7q*Cvn-lK~>76hW7pBck)g^F&?HxMS->=qIRN#&~DHNW*D#{{t z1aHT_IIAu%;orxN=XM#z=>MT|yrfw!6oEtVgAit&i#*Up6bJU)mD{DR^h7vgTu*mR z!V$9i6xp8YR-c8gPjMmkMQyLmL4SO2{O#DbE}KQ}FMxHfZj@)h9Sgtixnb|lsDBH; zQ>Orh$(XpU>vnR+sRod~;ugGg9<$u&_WUwhO!)2*Ukc@K+6&@izDG-nmh577VGg(OCf}0%>X^!qUkWNa6ef z*Do*5Kt*pLfM%F>Sf_B*=8qykdeDH)=R-c0Q)Y@HS(!dUyPGQwRsmkOo5C7giG5)} zs@&qReI^$A_oi`-MS1kKp-dIoWsKzEg-yY1u*UXL)~Y0R4zzIHyNIvhGy}ixVBM@3!yJu%n z5be}D*$kk~0g?x$b@|I?_DP=xZ}SHFU{iUrp1#+K8rj;^S(@WnuRt}+MJ{+yNI@M* zQSz)i|L}IWPfTlr8-(_iJ8nod)5j**;F|w9@iXqo zKjC!P{**U{a~${-w0~LLF}5pR)_wq=dGChact3X{5JBxUTII1gh)iV`Hg~}Nt!Z%| zKHEYo#`&$%pc54r%=M_tIRvbx0^V21Zj7`~Vy#p<2NEH2wx;)2vX`9gJWkcT8R@Fx17?mcxAl&1D@&~3w|66_1ML5!wu$ZN00VLg z2G_O0v6nrPVz+wDjkREZkz}romy4%|R(|D$@3&iKbo!*Cs|3bYb#XkGFU@N>P~4wJ z4F;tjD1oi}iBN1y6A%HSY4TUPs|VN7`=5SCnWca>R_XY9!4_Qm%mX&^_YXeD2+m@> z#z;|N3o{%d&@V}VqLHd2pf9VgBBvogxj{+vUqCCC;kmRV1Fqg=CZsp=EUgMnf^}XT z_-@N|Es;J-FVJj*Y$AiUW=bK|kF_spfZ57a5O$G+A6@0s)&>tQ zWkk;IXtxI%BW*55DMeK^R5}FJP+g$1<(k3En}yxTy%PxOt}Y=X+6AVKTP`v=bztV< znRUnh?%;0~^O6O0<1EgJe{}yFCFLHWayzwH$`Y;$w_wQ&KPMF)6CDS3iNCd|?~G{h zz1@23>Gs9_YaEV=jB}74z4)b7;+sYE;kc)h+%X%#jJ^gAE@cn&zX8 z4cJEE0!uJve`V_E3oqB?y^y}k`!ACgjoKdbz^@L^JY*-M0SYO}Cb2ZwyC=urbq(=| z1)sE}WL)*!UcZ0h4VA^}@ehgJn=`$R-G=u$bobAhEBz-y`&b`V^EKU2-WSNdt*FmS zo;z1iO)X1S*`5NRAmB?@`3s^T+Juwr;UufX{_1gtZxy|<=L+3j@MoUA`Imjmg&v$- z1-^t`_L^(r-Iqc#u)AHte5g-CT7RtxCIZ2Si{4+aW|@(IgarE~&+PJ6zC_5Mau5IO zDasx(tvjUIEUbs0@1yiH`!D4}G}CY(X8ebaz&iQ!DUplcS@B8B=_VL8Yo778jIM8m zM|@-JvU$R78K0lo*nheiXJTUe6UdhVEFZq2ajk~mnL8`Z#+s^Mi+zxgc}5UE-g*>m zA6+7B*P7k^mU$q8PtPnu%~IhXFvRt-@U~4wMEKkO=EwM?2PHQi{CW3?A^qnQ9XVsf zoZg!(Mg(^W$b79ocP#fv%l^;jI{U7Po8Jm*nFu+xSaD}p_*nF*e`nXRT;)c8ui-qS z@_kEoTtu>3A)Q@)I6Ow_pX=<2Psab(s~oWP$hd!hzOhV({`#f6_@mVvi1n_7IyM1e z*3-asZr==uyjoBiX-w(4-Gkzu{0+{Cl~KJCqOiGT_m0Uyf}-S@dhTq!6@nKqO-ur;PfQ>wxd()=Mz=z){fSNMYeE z$}hNYZTPcW!@eD{@6=1Mjpm;?maY@~iUZ0IhL=cK_VIfbbuFWB?J<=#QH#YC`xbkQ zkE&lC4mfQ%!MM)ZzA^nCc_SWP2?6_ZS_!{`y0F@B@5OVVul04?!jH)SH_ZGJ!W(aNcrIIM0pe z_&$o0#2R*C-Vd1KZ~vX**XtZF-3rz-$f#0&TlIRa1a&^D=OjMus@vgxiL&;EM0D}V zospR@>`|l0I$xF_m;YV4?#meBokfpUiMM-NY}84iGCTA}%ka#X>Dwqeda5UEW<-5v zd7ax#HYeCubm(4eq_ivJ#nm5P#YH}>yEI-r56?Pby43FNwL$a!xnZ6A0)RY~d*FG{ z{hu`zU_=>QDmi9Y{7F*I3(05*=cGu}?pVgu$s8OKva6zuamtcWg*ClSl z_8W={f>Mh!IQJZgeVLb{7>FN3RnX&ts~skt^9LEs!^WS0OIb2km5Zps+G!#Y8wyjb z4NOYmi;nf(4SX*%clbc0(jNi@^Q87Gam_K9z;W#1vccvT!9hJkSveT-HcYOO`-o}| z^QQ4YT_!>Y*KM=!Q01WjY6M>ja_ILOl`nZAF-1VE?sJKRaqt%^>gF2pQ z6uJv=kms9lwEK0#HJI{Y8Z@G3bpq|sCd5%eoVvgEIWtA=2NA_AN4#yr@Bg z1;5S~#1Ik6_;1}7nKx_14F*Q8xg~_K61g z=lPk(!vImGV>unTcSQK^l&Vc1up^@j)D{pt&}*CY{V6>C5=$}dP{um6C6qq7UL7$g z9kg6yY$gs*5+)C+G?RL&fHy!)7lOerW^=4Io|Lmt zxX@qWU$0tsPrDxp_mS-$?DpJvC;T|L^z&@ghY>M`fBOD@@lW{o2LtDSaF2x#a#H35 zPkMqEzFphL?0h#v4G{p6P;R=uJv8v;3w6AtnP2(@-_iQ*XNwSUZ|8#{ zyLVHdQqsttm+yCt?^G@49YZTc;EndateA-fWSF>0m()HO5Jo~T8kkjcNkJFr@DnnT zDw&Dp_I{}kYdT>DrjFz(pR={5j=!s7D5q^u!~}9YJ%SS z@R-yZN9`e%*WQ7ukR_xttO1djVnK+CT)Rp_W%5$#jS6nS zN0o+N7WZCnNH|Y@l0Nq8x8qS3~1l0+&|xh1@&gH7`SRr za?X_y5ANY(lbrpEE%23^io;0sqQanA{Mzuq!}PwD_WXS9$C2lOG9l!#lQ8&?M6)Wp ziqBNuL~Midq?4jqTTlrU%@#{HLbAo~KV{C`XcBmo#Ih$|W@q#TZuMcZRe{SiMM7>@rq_4jZ z3KyR`u~kHF!p^J#@Tj;~Sa!DW{O;3nr~d8onh{dnmu1T1RKc*WSBJ$jk?c_f#iLUoNmBUudK_XL!XZnkI*NwENW- z8{DW~XV2NPRVIkVJy98OwUSS2;@_8}t@>M(&y<#55kzVs{v%!zi)FsL^}ahrc;{W^a5JI=QqsA* zZ(I~4)QXN5h?mP7CngOIKK=hvaMCf$m4iRTw5^$j;EQA9`2*+a+P z>4~p4<9(bbc6Zigy=MQW24^l%;R{=zKf?sYakw;m;t-r23MwIPN6$$FjGc$yT~#5& zowLRc*JW{YUpy>?({pb%r?@SDX|73^^2?jH?D0_GNO|UO$*YiiDKarILF>e!8f8fX zKR=n?oa6tyuaBu~JaEBNdId60zp)h2tRAZrhSu*r0L!zA4y(P;sVNG8005ZkNv!dv z8lvzyAK(6GOS7L1=y{ijR3P=@Uzu|2H8bK$ttiSDLmt+$VZvv2%>f4}VG_y}T zV%{fIqcU`y{wQBm54%v}4I5V#(zyq(HG7@GDpUA=&kvqIN0R1f`gyM(&@apNW>**Q z1R#vqKtNQqo^cnd);RSWN7>_)%^H$C$<$5vQ04Th5h3RUuT$HQ@W!Lg5%H{+{l%UY z#?BER-DWlg1dgwBP%yEDbMRohF1=;0Qf@oOG;Rxy)0xlOm0j=WTk~Bo{}~F~plYO0 z4?b!5TBIt}c`7O?ry>-mIJlAl?bjnc-$fhZC1Rn6HGC_J77=aLaqv%vsUHSXd_g$g z7aa64CG+xTcZK4Qf8mM{_xP!+GBWVc|H`9ywE%=QR-AS06xQT$F7;MVPF&D~V4+kL zi!4>ZJ>-mQ+$UDy>MvwimMTm7IENj5+)}w!qbgOzOa+3tviU5@Mn$Km;M_)$dXDhM zwNhaeM{(sTp35J-WV{Ia!um$9%UAlc6Z0J_Br+;8%d6xg0-`dak82jbfJiBE1nI(M z2-r3kR%87a?EQqrw|BfgeC|pFVNH0eksnWIEacc12T*o@x)mN8Min;Y3bpy`$xGa2 zc!Uc9DrtO_1;LBTLIM!*2oPp#i@n(PJ!2i{kR!q{<|E1X8)bUVp6_$`7!D<~zL0al z57n1weH!7n%M7#q=|R?~tk!6d<^iesg!kv6>j zk)#)#i}E?n^td`?3|^b!xolBzi1aCu`M+gT`ioePjK-5v@=`d0ap`T+96cRbBe*%n zV%8sMYnLk$#VKHXP%?|#vk4Y6JgxR6o43(Pc9X1Vlg0Ip;B}kAsXzAGih^ESwFPZp zB9nFMG$~_;0cM9R1nn1*PEXQV1t!=E#Q1cIYjq40oK3uom|@LkD+QiHryU9FdJ+Wg z*6=Z+R^H0KqWpg51E*Q@B37P2CcoL-4pMF^(hal%T4qgO?~Tifls{{fjtUVEBHi;5 zvUZCtq<<@Sdxqb;0H^_EPZe<&%D1OUsmP>$r6O8+|%}Nrknddzo7H8g%ebdU+&Ads4Ho1&|pLe zW%)LQ(xZp}F&yP891-sgr@RZZUoNNDq4;&xq;!cx1Z@`~HH^cgvx}V5tnB*ps7xoH zK%IR~)cn0k0x0)^6pcFekjLv8b5=7uxp2YSE_{f&^~HBdjY`L5^zJm=4ly}bX?JU8 zra?_J4Ci1Q8#82d34cgHhkVE zm8$r&ZuSF}2xx(M`(}9RhbacIuDuA+#aiOY)@_x96;!wvkV5=OsQI=(=*0LiZ$kmJ z&}y)52i`g`b+;Q(0oZFA6P0i1r`)lrvQs%#yteDbBnvGn+1Iln%k28d4_EL? z%3;AJchE3aae3{hV&eu=X>8(8zfdB@0<2BWQ*->TWExc$DD;e$Cc`MbN+g*D#`lL! zW7qZd&8nR1bWi&9O^5FjMqN)%A}$%I92^_~wG@zKPZyn32}3~eJ9vqO#qnf`ov1lg zb*~h+z27;o_#$C&#|KJWtmszkKOw|fg#om$4R|NE3Pt_M%%`r5yDZDQHkD#gE^PqS zM={=w;aCEEnCD)GFwv%>WY#vvO~75xkEKVvDQ)`+LHvGwjq8~PCSU)tIB-{;!*|EX zd+X+Vwh9A&#R`|>kpQgk5pj9BH>vf)STz%&Jn_^f{4tZEV4cKV?QSaT-b4Cre{s2T zW$!BH_iQ=wj+41uTt9xvGvB377G%UV7*~8F4y0)q#k@#*@i_43 zemWVQk4|l&3!P3%13VE|z?5QRWWLmRV3V2s@|8#2-wlSz(;9K!n`A#kxwUAN3x_p; z?IL|<5A5m|F7B@P>n#9P_doz+gKW`rV5<<$s(#kFlPR?q*n9veo<}$3i%xA&3a+`plotgE#qUa7@D7 zgF@xe;S)PP2Z=kLV}qCJvf##L`cV0y@_fx1S|PN;(EG!nZm?Qr9O?5302=w&;&S&) zi8&Z6yKWp;ej58!AxkJaIVqa3ZstSNm3V-QIBQ9+?v{qa7FDmkDP?BNu7TC1G|S~L z@I%{pjU*%pzt3(=Ru7RlpFKD9UG*oYByUfkwyJE9#rx2u^4yxS$l}` z&D3(}nVDClUz_9e4<_8X@ikFbQJ@+^>t9(&51W}enEj5Kia%*>uu)d+qOt$9N*%57 zFCQpV_D$b_Rk0T?_B6PC6-?12tcTh0c%#c*hcODIZoKZTu1M0yDEZ7W=KH6fD)oRY z{b>d(Mq+9urXB9zmbJ;)t~*bQO|^#rk-FC2SQ*OSelBRUZuaobxYO<;V%Q|g-0SGU zp^;!c;L#20Eft|Ck{9s$5VJxCOs;c(sgbyWLZ~5Gl(x;NzqX?LZMU+c^Lgd=9ybNZ z6$+?$a`RV(k2RQQ=JoarHq*Ja-0sV$;OO#)wx{5#oaBa-n-t-e=*{JP6IwgB@*4`` zQ$WgM*|PHbGN0Q*bIW33U}J9jT9u(JZU3qgc$D>g{Q2wpK!CesGDp3hA`PSFMajny zt_eu%CEqOu>XDcXclZEu^WKD&@o`|OPRhWJs6}Gh&SF!mJ^$|D*08MD7ve9oV*5{x z-zOU)6P!%yv}{*uA=MS+Z{yil*$=2t_(9`wDhAwFdy}4kvDn`t z5SK)!FiX$Le?I&6Hz9uPl8SrkM$%Y0KqoAdGaIs`9o(>l^R7B>KouXkr^K`k_|Mms z4f~Z6f#nO~(1*fixt5lJy#kiMR*dMtGp;}rzDuf9zihg8U~5$Vrr|Bq8tCca%eK^h zHI1tuHl2F)Nn87b%V{ShrB4=_ZbrhsFW=Ps?9fvrvRratvG)2v_9tJ=@T4lBT~}v5 zf^2}F|GR%285@P7fj^HWk;oFoP^Os*L=hiAs*4ccowZyn@Xp|1F8Y~NgF$Cv{A~>Z zvS1f68@!!2>tgF*GkOnj&EyuW{O#%gdp_96i1PVDTdQuso<7_G*x?h3@S=+%=X@dz7mdkN=wk+F{tF&tjU8wK{n6+{Sl(`g zLD#{Hsl7^HZc3~_9`{@S`NOrQLDOTVJE3w?V8wacxL8+~c2&l#36Hz^N#*U0e@nQk z=akP1l&tbTymnAFwy>MDOt0MncZUlWt87lN%41Sl<3$RuIm+j?rD&-j0Tb;X>dp^1sn-a#`6KO)~jA&e+lZM6S3d|DBlJvkWO3V`!;M|W~UE_3T+jI`@0)n@p;{&J`-Lp%0ETV zR;Zc$S*qv6Jze`liy{q9-QI3TSqU}PiGQ_50CVuaWJ9VAmaj1-K;4+ZN8Cp>YkvtM z9QC}tF}1a|OQg=JiVL~tm?%X)3wypi7kf`*94BD=E}$6muEn9OTd!9}vn`3}-c_D+ z;wyL>iJ6AZu3Np;;O08>ErlTR;Tiuf)z&!2MB1Nfnv)(zoyA-)#O`c5=HTHK!}J;9 zvH_1}O*(q`4)={J5)X>Wrz54i%sqjGkJG*sB35g?DWy|p3G&#FnZGb?SZ+VKQEPbh zqFeRTd~y8nL5W-@@PakO}zC2N#__`F_h2 z``HjWKfyI&wm);G?#}eNeedrj)@ZqD#zI~)9^n!VIqiDf3s`0^dyU>K3T5CFwzRZl zm-X%Vjf}6&cJ`C7P(b(p=^8M}lBOid{038^K8}`_d8@onFAe^!LQ4Wfa}@qo9IA$4 zu~6Wo+}_p~}`M?K@$AnZ(o^@U`74JdfJw*D>2<#|;d7Ex6} z!*xBk=qa9!mnr_F0m<1?N!?&e>jd^vw!Vy;^fid?9Al%NCdN#eIrasB)_rbsB-ZIB}?*3GWJMUQ`v9q!Y`eL34V3T7BJd-=3L3BTsB_4O0{;^Qt< zd)hO4J>`*G$n*>afDiiCZ7A;a*^?So$%bm;E3D24$bAJl5gYnnR1o`+G{pywxn-UK zd?TIHsHu*tzb}BHn~}Mq^0Dt_i{JN;_s%Ui-+n4sn_jQ4CQsK1H!9aZ9Yg+mD?JvQ zzS$hnHd$r+wDsMu7xNPm<285{UP1c+!AFkH_>4E*@SPdF)w}VBvEa166C$S}5GlIg zeSC;Zu*D&*AgfwWL&7sH@$%xzyYsK4j|NZrh(z0^8TRCA$oMU%k&oMO*b7@2t;F&D z?fiU>c?bLtejsw~>jW4iZ$ZtC4)m25y>dWE`@_wl3;9h8o;u%5Bq6L^@fmNb-ps(} z;`vFA#D3r?j_y6@#5~{n3fF@52y}ZtapmlV|H?y&zQ}G`FUu)K%t}YZyo1j(OuU}*Rg{un+|=( zOeIEo04=uaSU5Nk0lO@oPO3MubSoEJAa}8(tgYSf_nfUbX<|49mNk&Ld-Y#(_PMt` zI$wB~Tw#H$))LGOhv*9HC>fD*#wvHQ2Y@gnQ*4CSxu1xjg{j4nnT_&bt(?hRQ~&5i zk0yzFRFHYrIK#-y!x^LS@6$T2oM-qc&j=KJseQ=o3RaM%Ic5dp5U0jxQLPnrt6I#< z#{6IM_t-)oFLK2Hn=qfSeOY<2OQPG@iQ-3hQz5z?EL74RK4n^^&oJg$#7%(z_Dpzm z*M9cfry~aYpHE+rP{UG!8eDOWoVD8MyKN`IkC2sXbJ=uizll%lU4rC6GI($TCX(AX zz5Y&gj@CYP{;ESF3S-r*iT_ZJ!YZ;rj(~#-A#h3FEXL6nVVH5(wgdnUIt2f@Gn}_F zth(7fH1m+@L$E3SS)7vA$!C(E>+4ig1_rI2@2XkT~!dFciZ?^WX^@Di! z=!O6mRptjC(w0=Yw4=rcXd~!$1e5Q2*|-CIB=-21JFg+u)h2(LBK=Rx|9pIIpqwJr zqNf)H&MTE}GU|4%E&+UB7yA1|qhu>J$1lm+gHX_{m^DU*7cbUr0PWrC+9nRLMi5$S z$YoxM*si)3q@x?5s?1mtXO|w3TD=m+8DtX=(N6WhT~Wm$d$4iVWs1bvgjk<=@3U8kS z6NJg{R%_%l0X2n&%Ig(uI}4%h4Ex)P_VAy=g*L4nF%!0t-+e8DB^c<93$fb$7u5PA z9Z|5tl+Db!QQ-^^y#bR>Ni-A*X^__6S!&UdnXxqPoU)I1aY7i3G48l*8?~4$fUV|k z`*-t2S7LzjHTp3zgUE{uw-V3Q?8q8r!Vi);9JZeW&1B@&t;$9MNCl0&Ic{ourGM}U zv6w=F@sf?yDYvP5Mc!``9Wq3P>X+mBohc9}sgdLs$r;PweOjO7LU>eWCQ}!$xRK{{ zwhHOsE8FjSYTxb+UXyc5L~&U@cui_%0~ytGoWzAO#VhQFaW^W;Ea}^2=(WZsb2V8P z+JGZs)|fV$@vx~>W3wxgrgq#`Vz=FsBzQgK=~Efeeh$C6P>+pk5V_*_b)U2L)y!BW z)tV;#km+Rx4e7TEzt@0xaV}0EgRv$ytW9N6a#pkmgNXCvUCH3wON*(CqbrRt-=(AC zRzu?wTH|-bT%VW(f{P+o(m3LkuDt?SSJ69k9R0tJ9WyR_p04c%npDF>r zHjZQ0L!^DpICQ)y=_;nwN&0g_x1u~p#0q>mgze0qa-6~$plUljBPd)|KA_6tE3cw}+Cbm~)&-Xli3KqW0A=-^h!X^{hxhm9hyZ zBYD^uEPviJ2pFgnMBkL^0DayMl7Cd0wYYTnP)~6u*CHd}eshXq(cw_Fj{1rp&7ePG z$K!hroeNPfZsSyOf3$+DVgtaRK6@};Kca@#8U1L6KHs;NHHYnS=G-Y%*b<6L@d-9{ z^)IFyGgSE>oa6$co@psQqZD?Zp?|fhZ(^qDGO4yT*Bo@`bcKYFDO~qCIJFTL2W>Cn=`mxA~ETf*&``@@$}7-=R+la zLT>fRq5&DIBg!{YKMvkjeeu`q;IDkF`=|V5%&q`psMYDj21xBw(~4)z!jLzEj`*Y) zc3G;v4QdHDgVp+ky*OGkg1?VuI50RzbT+9XPnY}tw4;hV*3B~6)cZ|ba`kKYj_uLE zy?ynzy&4HdCj|PD@*>A;M8IiUQ)z@~&^)?}^=Q=j5@*+-7Kmn_ki|Gpcaw5%3b^{r zL$fyCw>urajDfkuPrdmJa@-q=CxJ_|outZ^7u+=!_24Gf^`<#A+3d?d$+zkV&^KNI zEv8#e!zS#VU{zyb7ZG;IS~4usGVjNa&XkQlqy51A4^9W;on3#*>8(jUw77r;jE?4w z>Mr#%`=|PDZ%W%Tt{r*mEzrvV@>JR8H||3II=2Xi!U$c5PwNMmgLhw5dQhXzy6AM9 zgQCC{RiS!a4w247PslqG&JLYW=ruB?wdS9whP(1^Znk9+Qnw=#?I-%Sy=0zV5i9TS zz3Tf32zd1Na&%`H!&hb-Pkyf4%GdYAe>+O^&E6KcGQNlQww z??MZ70L^{)XMoTN$HawJCs+?cfb)xdW0rSugK3aMOb0@F#GL34NmZq-))yoOfMr3>BdozNTeQayG6Yvrz*PmQwDclABkkT@VfIcp>U7 zDcja?vZWHmQ6VL$q^4^FDtfZX;|Q1vN+ zi`Ua-y$GoB^K<5(RS@3Bw8`^v?>d^+gCy#n$Wtd$2-JU$KkpnPbf4V|FUH}}khbZ` zN$>ujPp3tz>8Jf&w&?@_Y2c6ZjV=Zy`sIA=3dA;N%hf?0FR@_(4!JE3psqs zGX?ht7G%_?3f>!n<_J+BY2Td^x>Mt56ukh#GX%vtke5Hn@Y4L_M*mJBl>Ou>6O%AM zP7pQ?j}>mUmUnZ%R`8*qCtU!9O0(`xD{&ufD16I7&Z4BN{ysX&#jI?s`trxg`fJDd z{!Ccw%C=d^N%*=wx9RZR;S(1y1m!wj!DPM_F)))NPD1&*$RYXX-0}}*WbM~GUlIYs z;i8ZX+K{w9W#5&7Ozi02&Fmt^^s%omcPy~3IrF4%?S2iYKwTxNtq3a=dFsJGRzDS^ z4d%SY`1J9y9){IDkTVR8?Ax1~Ac2-Km;_cx{2eDC}Rr_S=y>?Yw_!hlRrnD|u zS!BK-YP?rggM%Wic`gx2Ec&RMB3G7~GJ-V2n|JkB^?C6AZdFy~w;T@IzEQ^BfiHi^ zYWK=;ZG}hK+oM&4cd#NW)@#wEUd$vmQAE>E{KWI^U8!QnK2F+!GvnOs<*>dMEMt~d~62($91tuFEdh?0)M$bIofonlA zYQW9q3)A^qnOSqy^z{{`Q}Ht|;=-6bz6hTP2UM!R=gk5^^R?PD@yF$!iM3iRcWaOk z^Mm0fPpiob{8o98dJVP%g~EG)ZgWMpy+}V)$2Ek>>}$@KQIAEgYiOhIJO4jo+)wQy z(EZP^NwxkJ#TZ=cycx4TbP zXh84R?~m;UD&(mFx>y<8k)sA)hL@F@ zj3a8=Dv1&U8#SH>SKtpCO0H(L3Th7as5N{fihu7CFcD%CeVTFymbGf#feg$fe0ZP} z@8z7FdjcBjwAaGpURBf&e^L|lQdOiQF+)vsX2~Zk0AT%E%z!N0hd^a;@A;k^h=gEa zi`rWZ3=D|S*lB>;90XF}Y3&nDGSGm`;UUfb4IFLd=xOiwUg6|K-?eRfjBRi6W531B zTKT9TRlqdf`3tAM(Y#+<)WD;2P1O}dN+jOxgMH*-F4?%q%2XwIKSviV)SQ{gao)Lz zl9q(te75chFQ@q-e3OGj3R1yiD8QRbyB!~6UmZI**SaU8SQ3!7@QfX_zN+`Z5)w7p zI!w8culef~2RukK@j!><^CdYvfCsmD04sDkn}Wv~pCeCxc>-Q|wQ(Rq5||6qc}vQu|U88QPQFXM5N0E=^RK4NNtP|MvYQbjwqmXhx7s@wowBS zm2S4dMu_w%i4E!d!aC=5-%tGY{PFy*KgR3Ju3gtRKk@z)4u4TFZ6IeU2lYs0kPTzn zc^79ohusP&$^eNT+vWu$%sWw{u3mOsKzY7m^<$qoaSUajIC0HrgB-P4Ajrqa`+A7l zkAB~CB*GNobQDOG^ZxjmJi}vF<1%KV_^Yc1!&KvlA8|~LGC1i zi8Mq*VViInza1Q0Qc5kzA{}l{o`mK3Etsol8tq#AMXW}Xv`*WAh54LRZpE<7AvGjK zM{9ULMU|6)_)CT|AO*(Ieo?C8`rUv}pFWxWVC|v3ZnM34o11{VV%`Jf#V{AA0Vlkm`b~5Ae-`W@>lWK4ApD+IG06;OXB>>dd;*#2{?rPXvg+tpJ zHgb~r337@n?y3~(?yZ~dj?e4mb7m1?acygCr|F+r$xR~j8A}ZZ}>X=rlAa9LG;%jQ++Q%^)pRNz0dOwRenIAyG)@k3}QeXFPfO4 z?EUps5oU=L!rX`rt0E6slLJU|C7mty=*7RFVcgNJ#GtqCELQKp@?JGlKFZs@v7ZEM z(Il%KzB((CT>Ro?VS%sZe`Tilkv>SQ)f;uH;oPdH=;1WrK2hMl;D4TwN6xb%Gjejz zLd{o7?~~6|{fd3vKWv)+SebA4kXrBhh_aUC2YBBJ88+$w3n8d5(#&HhEG%}`ws+Yb z<7#WGty!y~WwL#~pxna089AH7*|W#XP7{~yyCfUvoRl#~>~48CbPu>Wu}Hs~m!AbP z^jGs4$k0Wc+HtOY)dUIBF$rQ%EGCG}*|$Lwm+yq^ z?cfMMR*}EafD+Oc_2OkYSZML6n}JCD+b=TiH{a^?%JXcv6*(RWLBBmYYSNb;ltHxb zC^nTZu(?;ug7UvTt|~r%Au~AOQL7i&T-vwZBK9kN7RfqIZM?{qWa>6>Q<-m}kb-}7 zdXW5)uRBHdGqSse_io1jwt@67r}aM{Y%qtPA3-R#pwke;8%dw>lA6j(-V1l?1eE4g zT`Dqa6=k!bF}l#5d*xO!+-kFUe+XtNt6>d z8Vbj16jac12A^UpuPg%Dp7|j02fmzQ7cmBcGQv^jyH$S6ZOc|Ig%jlYls5BUqul>1#Fo&1CqC84>Iim8$MQ*d!@~ z;ik$U1&*A?aNW5yOi32VZNU8T&4Yx3uuOz$?X9W}9rlp(#_o7}Rd6}=+2ThZ=m0#P zbJ#OhWD?OfJYi6kuuFK0;UpDjF{wub!Q3CHo~fnXDx=8IQzy(xnB)XyI-^>XcjkAWkjI^`T>@Q5E zCo7a%_0-#-pW{ZdEPbme@hfYHOZ7EN226VjD^*{g=w>RsebV9~I`_PWTnLX=p$_Ln z?!xRHtR^$UyAHvfw-WME4+_P~rsiQs{u~qFAOL;6p#ji!ekRD!TVoLrWXRE2Fa5c4 z!4WE`vR(S}X||B5++fOT`P-0)-cBn@g`k91xk=qkW-8Gr%z|qs!CV$W#;|*Ta!@M$ zeh?xJr`thQU8LC##B&`6;y5jk39GA0PU5pqzV6Ds-PsE6jpFllCN1(Pye=S_>A*M% zMmx`8pqiUj!^W7HRx8~CE?@%%xxC9qU#PfC|IZOR^TYNV8WZsa`|v{L-6CT|m_<(6 z;tZ`eK(?zRrBq(4+5@oT+|wW8YhriGe7abxyGKveP0`>K@hc*#?%8qz#k7rSWJVGA zCr~2a*?i63q6IB>C1_;CL+|?wyoZ?Qixs_UtX)~e7rbUmM%QPPcI>O4)Pi@6TJY8; z>s1fF-JELvJ?Nxno54e12fWFg7Gj7K8VxLO5OHw(_|F@Y z7J2z$o8UI;20MLqe^UTg#PitA;IXqhfxrg*#BT;o>{^I;Bw|zdcGoN?0Zh0?>8Rd6 zWo}T);u?nRY7rTNu-jPK;2;Zpav3H2UN0&H;vwIZuq%CK4yvUkeMRSQdjP3VVwTcP zGI4cAb;3c`$mhFerM0co5a(2&lWzU+(@lUQ!YCjT+&E)i;p`TFjZ_x|M^2=rElSio z(6$-3{MoPqe1Tc?o*w!F)};?+QZ$tlosUhmHI@Q7*)W6zA zkzK+<7ohBO{RTU>jfRvC$^7Bv?_n>`6iwMj4@UojF^>5@sxj%}%}aE;(nq{BZS4B> z&S~yqR$>x|bzi|3JVd>E}1502sg=ix|OIFI= z%Lm|t+i9{P8Thmhe-}EgQ9EcYf$wa#^UYhjeUTUgHosM7Ge$}3#?pQKcB$(M7#_C-` zx+LR{jk==3Qnyz}{Ju#YFtwST2hyWbTDQK>REt~9JM_89c)gM*E`MipqR*FV{@igw zv$}3J=)s(fzP1LNnWn~&7ISgTj7D`a;ZraWh>o;$~=SRy~V5 z!KwW7%rgzXYprJv0huvx6ybu06^4B%PB5cqox7)A)COvShRiJ@1tp^dWqkQyP*V^-AZQJQwv_rNBSZIIoAiO-j>o zTauHCoTIi2IFp?!UElbfx|His@PcrL+c`zz?&?H>*vhw+-qEHg2L(`> zEnm>qfIa;L$ItQQbpe~Qhf9LBJIPF|!gG3Q6Ipn<@>t01ditES``4q);u;NOZ`^5P z5Q)KqLlRit{#mBGR~j(uTWVs-(rO2-Gtlt{m$5?JfL!^&{x9v*2?~evgjx7h(%kU( zr3_&op1v^AiI6{)v$a$+ifFM0ik(UtvAIW*QxwRAr)AI2U4T%#R8_mJyI%NnpT1r& z6g{ZTF!!q6+O&zKB?sD3XwgJ69!kPMJJ^~-cE8(Goyo}B+KSoi@Og_?;}+reW(z5+ zvSTnF%1`}Oznc36BVn8L9P<9#a?1KAlZ72+-DjD?0y6+j0?%=*UJw4xz#Ou0`x&25 zcI+zehDl~SZ$ZP3H4()>hoODZ_*5fuU9UQ;(tAh6Ci`!!(8C`CQ|nIYLF`%4Y>@ns z=O)2VhT{y-5Ue*0#aRo5i^!VDR+Y1@1PK8W&# zWP#+J0gv;mW?%IO`oix0^Zkg&WhuKLR-QUmtbTIbe?ytH7}**T$U>Jq5VJ{F3{#fMiEvX8T6u8@8VG>c$Px*uxUDd5OHneHLy# zV#!cu&cd57M^diAUjJ2#`T-#PJlzbBCIUU+;}}HTa8HdY5oy~r>FITT>=%@~f6v6N z-HtxOd}4UKb=uT=;fF?47dSs-+Q5$JTsfcBDkzpHR|Kq#xzo}h(e+!*|@2bpp zJ@^fapKo81X}G9Fm%{fJM{qCnt&9b2d$nBUooW*U?I>r--6JB%4lfCaHWNhl&k#ee zOxk$N_1yxh;$g5Y0o`-C!O^j;{-pj$;)UY=FL~EHGFW$iK z1-*51<11`G?7(7qqNs}}9OB5`FiX&|S20IMo&=_5pb*0sX-eX1x6Kq?iBCY-ZP~P$ zaxXP%rK?@(r$(LxCa?Q5!D~&s_4UK8Ac@|&*hI>bd&B#QsWld7iy2Giz&&_6zQ=~u zywMT=S4Ph(hdE4(%0*v%LWiG7n?9*F|6aJ_dbRKC5evM*Ng`A=WuSTik*X++)sAwv?rBw-MdTqFaY6b}vQBraL&P zoe3!(9G}jmb*!Azlzp)NyqFX30R!8VSj*i?=g#6dgTVIaUNMBrkaNEpbSo%taV`V_@zrLW4(68$2_wFLoluutF zhrP2@IGMk^&e{h?QbqK(opLro=4h42CE##^BWe32v)dJD^6q1q0h^qXw@srZwpc;e z5AW&fO>@CUlGo;!qy@FR`Ul?1S_kUbf{PNZLv9|BTdzj5@@>~)fe z?y0aTF&*Vl7b-OIezbRg$0FFh@CnCL@K&)7+2{S=Dbe@%{+?M*ZdteGkTbGjsn+E> zteoo!KPbJrGYxWI3Qze?y|NRqb0RXe+e$^XvpeS?hs}yoJ0#!^pV0du+b}0-_fGrG z=>*xeuMn*@+^CQa?}&l}PqEgUDUSFVlswb$UE@O9Lch{9R4GuO%k`Zpa8qiB zFrQHCsx>n&J$Lb+9pfN)og=({`+DFqH%6jH*F8E|6jPG=3Ef?eU6*R5JJU&^^-65; zRnw&qoKbz?x|hJxO^J?Ua5d@q5)%Egd0j5a=BU25V@c6b#A(0_T_Vuu1Tj< zHttADN}BvIU&kE}v92uyEiaoef3k9QMGXzDxLY!f!T_}uB?lii06(F4KXx#=c1*sU z$*p5o*U7QSX>Z-ZuKqCVnh`wnEZTp%p6sdNJaE%UCFHKO?3%$Bq>1;?gUT~q^;%oj zi-m7Ylg1(7+nG1==CR5j_#4oq4jzL0{8iYuA=f36*g=k&^1YX&TDO~;Exh;)Mq;m^ z(wfF}lXUrVUYC3xALnr!)CM$|^a_3i?75;tu=~PAh0z3P>F;jp9g-lN=FKcD_xJG1 z#OFR^iH;Sq_n32l*X39f`+U<#DPycIL$cP`+bTu{s-yk*gGRh9f7f&&Ka>ds*hTrL zug`s-pa*!~U9sMR`1KkgbwY-mts6VY*D7MIHw66a&0mosiXv&{#MGopC4~M+rXGbanKvg^=1v)IY)Y64;*bo|lki~MA zd5lYAnOc%|HpvLC(e}WbL4tvHqC9=AOTHr6M6rNwE$X+D&EC!>%r$%GRH~zL%u2OM zXMZ_v7tQRh(=7+@Cf_F@tBY>E&#EBt%HKP{?plIJ?R=Ke(A0hxA=6~C*nhyE$|=?5 z19b|+xjTYESLUN1;!LVuJN9*~>xg`9)Pz{ufo_meT#AzuRm3Wpb5j8lKE+(A7kxa) z0_nSlPC;k%^uNw)rHhF^>3xQ~l<0gp`;P>0qcpML3%!5J1w0&(B9mFh8S&VCeHW3N zfF;l*TH@`OsFVf6#;9RfU%VnMh}a12+n7@2o7-Xvrpn0W3DW0)6M--(F{}PEBwE7} zf{aFpm=w?{t?+2-oo6ZF?u-73R!r_7PsQvUIJ#P@J>YW~pFw0KAGlLAjBUWSg1F<4 zPmz&uY(eXQ{ZcRUpCtc5gW2Hz=Hv7`NoMOHy0nFbiR2|QK9cs9LV@hu_OeaIR?-A$ zT>vEAsPeLz6SqRm74`}j{j$VtzD5j0lb5n7iwnpDdLxL_e9XP$QaR#gr!kFjU9{GP zdY7K>E#~ZV1?tb0OO8M?K}kU&OpzOFpyAbZ5xl~q7~+f@bLv&I^tNZ3_uX^l!1x5!)45f!4tqF6r&XcU zC$ZQQeyrq1N8p}6fxMBCubqjsDdEd{Q=)|6^8LZ1=I#s3t>hQeC|}GvQdg69t0tN8 z-^r(T7GyPJ!+qmS)bnwHs*883XQV~yVJy~{m)=cvI!HsH zA$ZsI^4!sm2(t}@nr=idh$pjOG;FCm<5;@%)Z7Hg%xg&#ud=HgRFV)dOXFbk_e^=k)4reNv96RGl`MB0Khy3$>eBM@rpZ6V8+z?2`E|ST zlh~lgDN2$}M4zzgs6E`~uvb`dU9ZkDC%UlGL&S4@<|)qU3ze84RMiK*dDDNjLzYH{l+5CQz&Ue${i)7$Oqdv3)%k!#?|dO?U-Cke zRm;pOoZsw3r|7=}JS$M9HbJ19H*fCWMI+g`?^*49V3N2mCL{y|HkR`Str=$`KnxNJu0iQ9I~H_YC7%#T`;XYUTR(uqnBB~l}}9B5wa#m88?M8 zNY^ZxK{`gBTsMk7a#iQrA8kgn#8NvxP+Rn~GK!A2Kw`=*w!)>|4%tip+v)R)|M#W_ zB^0OTDX+S1I>lWfWVe>^2?w6OB>7yh; zy^IRrDWK@7U!xlF%a35~7w=tb*!lZd{bqfXTDwBnkWh)>qv^fGW$~XX- zv^Me&-$vGg4xpdey*=nnY)af;q=2N@ah5*8bv##&Qx=k>x z@{xD8RGmh@M=x$WY_87q~lXiIuPNR>hjtb53n{%rotw z$ZznkcD9#7^mLWoJC-8jWcqMZwK5Bqi4(deByQoYYu0lPzDi|@piu|kT}L|ad8fhj zg5;pXDM3?7aWY=;;+;ncAXO*WaN;oSJYYm|Q3G9*hcl6xPq)}qi#%jAE+qwr}Zwk~L>sn+N^%1~!wUZ^(SBljD|4T35$q>^)by%MElH;vAr_Ut$lqX-i zbV@?cBnaF&$`|~-VPwxys&C7fmrhVoPUL52j|wzCH4KyVMZ&r z{U9m@?)=+2s(r&%Z8`PofvRc0j#w9>5OsdaH&UdC15bVY4wL1OH0Z(k56!Jt;o~8Oh`e4R;+;J73T;*W1($6-@n-+ znt^sdAqI}&E^FT+NyCSpZu#?u}MPPDBrgxXPJloh|x#}+FXO$ z>`$vdM>#iU`0bkFlBa*Q&w}G#Q}oF;)X$D7E?xW4F*6JxO~m>9=$GSe&QPF#+)84fFtk~9is{7a zr#It?TKOeL`7zQCrx_lm37qPbx}d2UlCQl)-$_`KN*9loSQ6h~*C!lCGCNBHQBPtC z{?TprYW?|vW0}_;wY|y!j;g;?r-c-uXngw8G;OkFKIKvk1m7MN?saXh2Gwa(jFZrF z+a#~KYt{&-`V^O@$C~{(A|S>66S7|)t(jx0&AFU~1JW{CAJ=n#>gDUWj=-LWbtoyw z<&^4KUn!n*E8>$(@_m_(>0(B*L9W3m!YhWGBXJumiz^Qa1yfoot6Pn0szFwAhMS}{ z+_*n08;4Gc45lPEV)?5QpC2*jxF<5@kX8K8k|6s&F*wBr!h{(wJREyn6$XE@K+2S?3 zQ;Fi)|JGR+-#`3+uK)2Zlh320dv8IVF(iE0_1O)U>g-y=Yb_u!oS2&9IMZftaxm1c z@&7^{{(t?M3ht_51m?f#il z28O7#qi!Xy;VRo>$*EiHCddB$>Pz#+J)maoE+B0 z@pAw62*&9!iczXG8V131F33R3bHYSO+`qm^=Vt>;|* zu(ez0k+a#&%}1e@c>PNX{$^XpRh6ZkFfwX)L>~181YLK?KSOC{G7SHgvLnilZNaKO ziv3{H*&}rz3iq=R#s2F<+b6G84(IUindR7%Mo<>!N=4_G4j1J3?5)2&2*!sNYT~gGTYaL3a1yArujTy)>st;u%| z8F?i4AeS_BvBrF*L)@z3rxLS2K!zJ8kN5y^-NbpwORDz+B}5f@m{|O^2wRK%IQu2a z9aX&?$-*sPA~J%3I+WWe1pC2OinUQA@63)My!+>AZ51A${b;o9OqC=6D!sq;@7kOf z^=EPu<2ALkjn~Xa7GHtHr@ae!8=y3#zPCFQqF`8>&C4rk!!)gA(0&m5qbol?o?UQn zK${Bcu<#<__%`a$$Yjb@yC|Qb?t4J|m)F2H%&Ro{mVZf9MqyS8Gq-6j^um&en}Vlz z33|Jng)dRWDwPm{VP3mY-$0#S$_IG~LIz^3X!q__wC*9FnOms;`=%cwcRUU~f=5V1 z50d$~QL}voimvvA0sxJRs3VvI1x|JcYcthgwPx1VvdE^~X;_!)I;7D~N_oZnS#XG) ze@LQQ^~Myu-`CNCpi@`caSTL*>*KeS(M=ss>ai4@t4DgV(t4uq|MuE*L&TngL5uMu zKGnH`j+cG=fuRzcvjv&l*i6{BI7~@%rCIbHHIZIVi>uvrf>gp-K+x@Tn6olAqNbgu zdz7zio0}eZPKQyn`)8f*S{_s6PWJ<`Bt=bh7f-i)OO0!k%Sh6(&F?eJRH>l6iyaGd zyV+fiuljDy9sPIs&6?*zLiS#o$TRU=pIkNVH?-vp*}Iy&Tu{|(8=(@Cm&Yb!z0TT3 zL%%#B;qTAWR~na9-QXdXF=}}P0K@He%0jvQ;BZkTr6I&*W^V3f|9}8<=^u{|{lLz} zB`S-nMPE)l_be6rS?>VccI;z(3s}s$+$v;Nb0^2{E~tHh9xa+zkA*}A zp$EP~7Uq*Tmj)T|a=v*N6KfGiiU+e_d-fgskH%yvBd7*=19bf62bvdwCZNK{L|^(h zW|D#75a3`J+IAVxGWdTD%SeAzppk-A|&xst&rGvg?);{ z;r8orn(u0AYW9A5$+3_s{L?DSc3D|rKE={UB zw*PcX)qibRrzCB0^9S#HFfm!ZAM=i7RH&5x&iXSCI$#C7R-x0d|B(013$Px{SLMKPdW$&29E#ax%eO168&R@{-foM?qd;U4sET&!^1zk-+rv8 z(8#INr{iD0&SK&azb__l{}EVr$!v6Z_>t^C8n%#uHr@8xiP&dyFZZ`p(i`lLpYDI~ zgWSqa0P?-K=knLPYJUL2&{G``F9@9W+^_49=s{0p`~8C(p8r`SK)(JPxZ%%LdG`NL zt-BG?fi=BB!9@>LvnUjjo`yz!Q$H@2@1I#%dTf*42;U^de zb43sa5y4{85fzKlJdB~t6uEU6CCsOBj0G#REBOgSB-l$k$#EQ?FRRDFF;-W+s?s&a7zP z`a%X)Bxn6y_lkMMIey_1Z-vT*eEByy28UtIX z8+6C$wna{@jTfwB`)SAnTw?Ru6cFG#8g?a-IWBQ?hnPY6M zU@ODrAxJaX4LX^*%Mq56NVYltYq_og?$)7yeN!KjM?QR^ioB1!pYr{Bhz4H?OHa2C z3Rbl6loxzjn2v3um1f>!zEwvCf-APTW#+bxDhrvvn z3Z$1+GiOpSsv4HR$*Ahmi>g9T6bI-84AA3lg?tp=aewZY-m%EhSO_9+er};8d~qZG zreFLgjrb2XoAjiKRG~9CDaHh}c>>})k`l%Y>OoN3ebAPh>ALp`S9nHHrAx&a5q}_Y z#w?Q>!e|%?64*_ugTq7ra=K%#sP!V$z?}WmWt%3YUV$DW-`3mU?meH+xzFy$yZ2l9 z${2{1tX=Yq_cPAER3qf<*soBNBU|%;*75@kn=z1{VdbAVeF#}}f;xyHEhY|dV}dmnk9y%*GPXcI)Hk5{~VA;^w#PJ8}pL)#4f zz@i374J%!gN>$W7XURxBz=NS?^{!Oixr+yBVT*<6=DMSWhpZs?F>9K}M`yh~QnmJ7 zN%pTBFWv*O1PmO@2BX54u06#%PPiU{bqZ8S(}QJ<7c!HOGvy{>1|xv=hw1>*e4BuH zgaK737LBf(eX>KR^H%p=s8HrX&or70=7Vpj$4~hF7VsYd^pN3oJsDp((jj8TK8|`j z&Eg$gJ>IOr$T;%W4+%B~lQqHuQJOEj&?0f=5&Rk@;e-#iDyw}4d=TQ9@CmG;J!Teg zSpL~hhJ8hPn=m&92Q_-WTgU)JM`7Q&t%Bi4!xyhqFXcDREMt3P5G2(zU64S|$1xk(A zi|3b@bR3Db?ekb+a!0>o(@v@rA{`^DE>-}^8HeKjMy8^xEWRaF$dscqQEDx?=Eu=$ zXma8r*5XNr^3+`$jLW#Fy1H-D8irJW!`4R9VI=J=k(9 zLv7u;=(#kq@JV>%oQQ>W1_(^0`{>PKKwPx?$&$j`ZeFrl3!O$7$6-c1-CJ=uW6ZNP zVLeVSJ%K7IerK*OrTD#)idyjM?A5^+)3x`wF5T*vxPdTf=_9AYRg@QFO2R><@^vuu z4tM;AiWPYH1QGw(TxonLlY>p159T*1br%gc(!2@pqNx@0*`62X)<7Pr zgVn!b2yrfed&?oqG6g!gvqD>=E;v~~qZ&13ha-wV>+<6w`{_jQQZyFDq9g8jJPf22 zStEZkg1OQHC;!w{q1LQzC5f_mz0!L2aP;DiMjOhm7{6D>yVR#1WQcvUilLBU$1+(` zYJK7bd=N-v-zltX907w{C!h#?5PfkY9CAynH@pvC82l`)^Pn%Na2RC&M7>IBVD;E> z;)+?c+;SRJdE6^n?K#S@1`#EA*X??*)cS_-0x=vjIQEp$;++8;RW_RwAja2q;kAUT z3gdC>VzZ!~xN%k3IwNA(Eoq9`C9Xzw=+_Ag)dp-Fq2-9{uSy)@DWl`8Y z#X3i2mX` zQSpg!XO@-!zWUk4_=DFUIC_YyeUj0~*>=PSa$cV43bSCZ_NxPG^W^WBX!4xVQ#i9E zr+Z&yX{+)%OY1j=SOtV*M+#BqPIeR8r)HdyC#I~6%z4D@lF91%2XRlDD#|mw82eOP zx`Lt>s=7*5*U_6|odJuJL6a7uRY{P@YT+*e;YYN5qX3ujw@ci5+nm1C3kB21B>WEK zJdw^%$1T`Ihdot=c|Z!!bYKnk>I>VvWdmzc$Y-e`_&jaN2GVYZR7# zS&>)a^3HCXyu_~wW|Ie~;cKm9A+DfiEgqQZ@beWKO=pC2H#6USD;*1canVQqX`u9C zcbNQTTx7uaHc6cF+CstXE#fQNcUw9KT7$cxHkdW9S83d8-==OVXRb9YJX@Vc88#eC zQql+t;<-in7#oo`YynL<1pX4|i}}D9tePaReUoQ551V7^yk|CdpUZd2hf~U_Fm~=h zP22G00H<}xrx|QD#-HO5GZ!*h$_YF_P|A6x|K{#`WKVU@tbl*QC_bpndI@`D!}LGXV$bcJc#xWKXZ}&r z;hJi5rJ**FnxrlUX8(TE*&0ZgzM%D8(1+?#6i$y)@sN?sO^ zR~K~lj`!PRrxX46?oiXSGB`N`t`Bd1=!6uoL?SI5#$VTUOgtrHuN&6ODc#_&HxXg% zf!2(%iU#@K1*;`Ct?A~1x`bAE4$-&^y1j2I|JorF%=-jK)H6CEiYJFTF>@fFOsC6| z$6jyrSB^KJ3bZ<}9)f-?J}Nfo2r_gy9#)65+mxMt)M05{gOAtB5OCU*6a+T&_Tnj2~ajbrr z85OMA20cyFnlQAAp^#nSTTJpJ4#YlwUn2^Ir$DCj;ot6Wi1(CJ`n}FVxk?HN<e zY&oCGiTSA}Zo};7lXIhBG?>{UT&gFDA;%k|RP5+;iT_70EMNn?5V=Rip}A zbVnvJ1yQc+u7@+gWyG7mvL3Lzu4)(F$amIn2Ak0N_w=Dc2gQxNHfV_c%;o6-t&j{O z-akB`cVEj+jOdB^=A1W)GSf+%&r#9g%zYO3LUFBwV)j&1Qj3i@UA(FzuzDgv2c&A{ zwq+%7$?s*E5BQ6mm-kmUs8!6%v2F^H+H~7w@LM7OsGG?~8MMzvTyG_1E}zq+$1OA1 zGCsQTlhn$&+^vJ$)59Y$|$wio-P#Lvd3wbq+d_q33=ViU~n{@N}= z#{q)!#ZFS{!&=yQ7R7>Mt$-=jV;#08*}A&)C#GaN9OlS5XR9jrv>{n9acHGMF)m?_ zA8h*Zl%Tr(nUlkAy)YN6i|Ma=iY+H&Y{|jzJ)ckzD@9K1T7P9ijC*W3UDD;U_?W&i z(`P*s19=M2o!%nuM>=;O-@M>rT=b-I20Ht_MA3CG=2w5RzU_06whlw*+}ok|0SV#S zgz4<1vzl|NfI@%Lv z4rWiMIX&M9E!hm8d(s$4T2qi`DKs&RIfb&@h2%Odt{R!UrP7Q?T&_jQ_?qJ3TZnX! zs4J`(mNsFguoFIhhy1HQ`riPdG3#hjjoV9I3x}epZK=yRtJLrL&+L|a7`r?*zf_sy z_!oF3&UFkFhHvu_Ep@i}4L4p>z@tloXv4Bc?8O+(Pq*_v*!+Wi_%2;fhbsTd6t=>8 z0C=w{?KAZYVnQaYey=q=nE*_qc<1Ff#DaQy7`joJO+ z;Ja#tDmyY_3T1lGp*^?ZloSfD=>%fvBUUCmvvo{-VO_p>80vD#Z#;*+?(&|Uh5eZN zsNB;}G2!mM_yJkp$Jt$>i`5iQHmAV2y4r{LzsaC?dL+TC`s2E>><Z)BGeUM3LdyxR-D0RX`%m$&0^S@ogu9#QvpPid z#V&L9oS2mQvnYd30R(1imL_=6cm%;&AY0PB=KoymevWha26TANyQfW8>9yX2ch=yA zq~n>yDR!w9&k4_-cTkO|KJwav3)Us60+R!(DvaD)PZz!0?aROPO2sjmXKMmuO3n*DN%$yAilf>T?s5kQcYF9U20VP8?)TU z6ag0^;x>z|h5rV9Ct4*~c&=%A_Nv(hdvXiK_P}tt0iUy)^|bDEBj**lrv38pY?LA(jWS|dtIBn>E^^;CD$;GM13SeVeRA#Y z^j0l;ar<>e^>bbOdYf%}58ZEJfwWO;@7f8}ZaJz8v@9gwdv@lI z8{}hqFVlE}OGx!Mx*CRy^Xyi zRuewUZ1DIqW}fZ0Q)-Gzui*}d)>wP0bzTA{EF)?^BHnxutE(4j^bK$uk(oP5@H)D3 z3Mk`EE;oWI+noC3y!dXtH+*Js1gx@h2|8L~*7d-S4o>`V=BZiy5QR?XhZvZzuik`;XS8?2XdQulCt)P6{`e z*Nv$|E&FW_L`@s%+D(B6;BOwy7niB5J5PkGf*V&J=$up3ZhW5HloS&v{_HqGSw)v- zGU7T=a<(a?nxF{YG`)bGw#7Te9x2Sj{L)=-EbluC+-=9=>U;R*=d#^tF1%hAr$;*W zu8CL;IHbK`?6X8#p0GQ^YSP7_+TAJF#4#?;TB1;0Zj}YpE6D*I=>|d$V{43HwMxCw zD@rvsZE8LS-CxrLu159eW^vFOioIuZMJ!2o(ldC_$$&yu2Thf)#*v4=^0PLfmLKLi zD(_T|h`M-PRxAsjL9)j_AS`I_4Hf%54w~P|+~ys+SQ6JM4>wlty3A4DyO^yA0_fq3 z`a9s+$=p#urdpI+!XQMl>?M$Cj+ESE=3mbCQ{wR0D03f8xLD9%lv#R;X~E%cr)XXf zi-aJk9mR3oZE)9n4BcvtPQl@f9%MSv=F6uf|LRNEa`Ij1b#M8!%`Rn=ZE-D)gjp(8 zW}Q=p%poD@-=cSf>ONxv+fB{2dEaKuQ|96jTCzW8 zQOhM5KlyYe*u?5cCxNK?Xff?+Qi*icI)qHe5ndNr2UOmL0mz9c^(9WitN+m}N7R6; zqEsJ%wiz5mJ>opwAKh1m_e_4J-F0447k*n1xelSkEwpI>BKnbahgX~|dr`wyI&n>KB{Df14J0k}RM50x zC#Dp`Rr`{}cfo_R{5lpV^B0cj3DHsZ7ZVDyi%b+7JSIo zVw?kNIBbyN>BP&bx@q?2X&xq}f-GRjOvsvHQw^;|d>m7KIl7|byd%vIwqa_ayqBpD z#n2+hEna)bm`K7uR6P6|3#R1aMt~^JMS^B<)ZB?Cb#%lM(h)WT=ld!SA`|5J?ZQ6ckBaj2FNVmxGh%|H7;wW{(7=X$=*{pLc?jN zc>2*}3S3+{%C=h9r%K_3-rzlsIDP#=@Wf@9Ovv^LPkljdYd}NP{rGW)75NLB&iej; zVQKnp*WhGK>pCyS1iu-n9D{7S9bV|!-8;eP@uJRrtxpte-GdM@Z;)05$AEsxU<`5+ zGBPG^Zt~Fu4uBmh?yn!{6gye72?G<$7Axy1#3J&ZV`ZFlXA42UQzNk*-(RX_&e`Ox z?KpsikDweTuz6ZHRFyfBTH+ebocqzGU^9nH%kR53KZyK(6XU*RD$YaY@j-7JWnZKK z&q$ehw#m7?P`#`tPAq-hk`0{f4=@f*PN8ZrWI=_LfIa;yr>NeQF)t15^px+dtYSHc(n3V_v0tg9&3&6!P7_BPp;IGWoFU77Z)Oh z;_WKN(C0B#7<5M3*|**3Be08f)WUI%H^2!ytx&0~ttFsRB*Sds^5rd_sPd~XH*6mu z9x@Et0Uy7v&|3R{8-OFVz@#4%9su?4viNC{ z2l@~iBPeUOU-00+wsy&tpLJw`@8g67wyvK0r{$Kmz}Hv*dX4?|bPD0;=br^qV9`6` z{tQX;FTlzUe*lp&@&PtEU>1Mq0m=Ov=lFZ;GYB0syk+5}PT|~Na!_{z`lj=543|MO zW#}pP=gOYXmZ454=W zH0jS}xnIor&-FjFIM4AYwR6&BMi1eBuU1ewq z0i{D|f?^wrQWQc65Fn5cLJN@u$f2l!bO?dO5S1o`B9R2?cQcBfTh9G+@1J|WfBSiM z^6b6#+G~I7{oeQeAb4uzm>XRkng;ayEsArDrFTG|Lb-_$LZBfW@6aB!YxwD^xLrbp zgAbIG3n9#w)mfk57QR!e237D=+%&h|oMaBL6zn&_KxFQF+ru4W`#ub03DdL0=3wh9 zZx&t&;T1$t;}Jy#K>Ft05=g3I?ldrdkae3ycGUB^R&pElS}=gF zmmA}ABcPdK$y~ZB+U9fr34pBfSHwI`0QfBB>0gTmCe^CZ&SiM`cr@2|-%o+3O zqe^e>p3g>}M_5UUMFg5)bHn9AQ+a?9AlcOLn=1l9)jzy>i!iySS1k<2;?tRIeZ>;# zta96*k^PVkrkUEUVtVRBxDB=F2EhS3=#Hzlhu@p}dVdWFTvL{@O>v$>H= zsU6pE$ie&im4(50$fckRhZn@t?3HV@YD(7^7c6{cEK-V*{3iOw)*V~7W5bX)&ooH` zE7CsY3u_*wkmk<1R_PNR3ys`Zz7vJhjj3t_8O$AU*KFbyU{2Zi9xQ$rrQ&_N*?fj1 zIYQkmbj6GOgx*8+3X6AhiBMSr1!$5gWjx}BGb+AQ;( z3b|=KRx%L4x4Lh40M;ZzC3S_*dORApvv#@8F<5S0*W#+zSox>0W0FX$syUZJ{hHMa ze@3{KA2*X#5&=_tZZpSs&rJ-Y9$f>OA9i)PK-*1>=4x+lA>qO!z75Qq9CDjLS-T|= z?q=9Jw^S7jPQlmf3r1{K-eBWg>}&P)riVTKIAjE(uxl%|wA6~oq~*N}8Sc|*AnsrK zlnzXV-v+K;(%aS3Voq+EXzOE&iWTT$-v*fh^n&HiBjU+^v>ZH+U$#!cSjTq0$_B?$ z@7May;agJ>_ABshR}{YR>nUt(ZJTTsc-r-#ZLyWBE(=!?bV1TNAnkm~%||g-4dI?% za_kQQ1)a#^`y>0t-Um>_EnJJoE=i<-Cjya`PL<0VRvoanVt%tK!vpu#kwtUdhKjE4 z^O~ksp6yRafw0$A<}+N*Ki1!Vz%-Fg$kud(xsQ27UVMofMmb$wjLIfk;Ez80_&b_~ zfQ17uM`a@K@Tc;NSC}reXH@g)ht~bseUu7gXVQ`7#PQMheC#4Jsv2delk`f?&O*vE zm9YNVudvs=?^(MwM^+s?KgX%kg;Eop^epy+UJf;vKvsIFdI<{ya~-f`><{()}X&P8D6l zkjZqabrZ#xCJDQBahDf&Qr4d6`#(qt81RaXWg^}xuTRkxr-K>SyokdLZzN0Rl%{WFsCRfl}*U1>yaT(!^Di-(x8rW zp^qhzF!67ToX~b9XD_NxR`{Nym^-?!z3umk`2DuI+&-MYEl>#PgGaByXGq0t`;h~F z-2bG z())xV;!D8+lXjx^4XG0jR*X=VW7gB~XhV^<-5xXQV^n#D56xAjNsiY6W z5Z=WKpmTEa;lEE?VUaG5Vx?@BbX8P?EnoSg#rrY_KmG8K4`Qt2R~nWmnC%}Bej|21 zFTnr7RuU)GAvxPx+CI}cZ0i+ddUbsFg$)_4VS_oWbCSB;`Tkz%~oK)$a(>b!Xr zQS2{3WEYue=&&2LyYJ9z#!x;f{Fel)t8KQ8%4uhv{SB5#5&CdHbx|!js9|#iw$R8N zAvH($Q6-nH=dz?eDpub0y)thY!ZciQsgO}ogGsf%EgwnAd~w1QakJBCEW#G+E|Rdz z9@{njn0FxckkX#1Jad&b!(2y^spcg`aKZQtba4UcaO8~P9fQCr;crh=-soo35aAMb z!&Hh{cvaYMqkr-em2YD8C7iw4rspZQXGeeSBWmCWMKiAhMR(j@LrdVS+igr&uV95& zpb&rerGCZ11>Z>(nnKV1T3BHz5m}OXGAtAA88}r`*PviO?8?GUN1hWbDGvm8d-uuM zm28yF65JI}%vv_DzKxoC>2>9kc!roafWBI8)O)XqAqIY-XwdFW*{d=&M?74;s;g(c z=*9$S_JG|bDLbyLFnF;vQGAg!BYcZ^jJ89{4m*ly4FT1M;K6t#*n48z_8{+47MB6R z%W)WcSbfUeK9@U54m-B8`JLwNH+5O0wSrvuPDCin#TngkleTNqe5|Ha9(lfFE^RD` zl(vzfurG7}axF=5VWzXM8a)gB^lq@~$+Mp@yp5W>QGOyj!F*r7xrFl+X52=nxZHk4 zuyBCzro#cB+q3-g1R4DEf+a0g&e3r#e9;aKitMi(3Tm~HITFC|ejJtot{a1Mzcfqi zZ42^+-L1!2Ok;c%i|ywQ(v@q#Z;t1=JLs-%Q(rHyN(3k^U^F4am(N`bpVVuW#>*{K zYHQ0nz^WyxI2!ccIO9&DpC!O8+n-}q6M5+^8(xPj@kO@^UPnfc?<$tQw^+)`(T%>g z#pk;4{=vgmP-=%a?J=;yk*|TkE&J_RU5`4{PWe#tFl5D3&FwIBE%mfg#ERPr1wT7H zqc*helt=p9l(QPG3;@WDv0f-}*wU|&MX2i64~HcSlO=;jvkzejQtjOrxt3TTgna|7 zokB?K_ZfBIuGe>$d8Fl6_Bfn|rw8SfTe=!#j1Jt2${aO$>GjI+#@V=3Hta37{^zHd zp67>cNXKeK=^lA}r@Rp8NR}iI&oYHOAj@f$Y9TM9WQy`Kg&nbG=;*>O5GO}{?Z}%Z zLDn9)L#~(r;aKp%OLQ!Aq_K(}?8*v>&Oau{N$%KTh8|Q4b#i6;QvY~h|3Tnp&^+V- z<9FZRa3pqtR!q4xWI-Yw{u;&3Q{iZSxBEF30BjtMOW`*B>Bj*i_3;wraNA_hFiq5; zhF#^r(1a4i9UWebk=f-mdSW{tNqEpdVGY4XXW=(y%LEgc79;&BO?6wUMHVA1JDXSX zuJp@u!p_61ITTa2hs0QIL0523OwC^H(34h@ z{mSEs3ZU|mwv8s~r6x6x^lg9PnP--%H(Vzv`IIXQ%H4VE;oA+tdYXi|Tzh-~-GgKIF4_ zVc<2LdWD~I3ELLhn#{mP50_=2V!7W5)-@LZko#WFaFa8AI-WW8$ACw|H6nkn4k`G9 zE)IA3r9ni#osGvQrNa1A49x-LV!gI5Vy6fIR_u>;?pwDI*|W#0 zxk1%`5r@$RNgDt8xMv`_A^h|$$h;IP+&wHTT?O;S%~3sM^mK>&iyv3f_|4aO>mP-} zUT?B9x59FhShaQV{}N63@6eL}0%?#_P%z?i8D!}9L6PYLRO0`{>27&9@I$^0oRw+{ zIH8+w{|k}({-ggh62Wg$zh7fa{)IkADCgaanwnzk0%IPJXI*eDn0#5ZX3>p;r)0CuD+y6Q221v7g;{MW6 zg-v?N*8tQHrb#}VY6w7Z{kbV3asRIXM*TGaEN7s~Jzq)am`eME;SEB9Iq*_`kN=g2 zl=B71F@N?{?w&YOeNsCduMtsy!3GV*Fb8Ho{8Ohsp$p~vPJ5NFlLcnNll|7hFvt_E zrx@L5&|3Ej4NKblJ3y$Hxc29dx6$%$P_%pYcn89OP0$8pzo0t}ndfpImMV#2QHnsR zBhk#Z(nB;TB0LW={in@gG(yeCqikDb$&vk{--kv>3&(KLcXMH|8e~tSuo`h#>}Qw#Mi^1a5f6vm6m=}xe?s?KGps6%-}Zs}0gVNK`0Pv#_& zl&yWpFNwWeza4T(Ehu&UH5Q|CuDmj75LFs7tSTKG#}{x_CUfJ{QWiJ8=c`$@=YpTh z*738)6NIbS$Qj8apnQE|r*#>eQ@c3avtV_H(nK+;z}sRre(5-iiRoB>rrr8}?@u`k zMH3iYwbcFKNEy{m4VyE_s+F=CY=|)X>09elKORc*@$sq;PxE=2Yyv2x&@{1DzcM@e zqQwHbkW}q3wj;Y&6z@b7S=$LwsH? zQ)rA!6?4_LC033bT0s|9qI64B(pWePS|YDb+gwMZgb|N6$2rYZhnLtXa=k{-lyc^8 zYbri*)#&7tbei4bx!GT1tY3}bU?tWX`$Pj9PX4=b9o(oNcBNWOlopjz<77XgGKfGc zkPRDXJpKs%OiuRsPQcdpVS`|Ajb90~RF93rt)qStNaul&1)A8dUMl+TBrC0Qf!6fY z5iCV7pEC;%evK8^3(u47Tss?<>bG4%_V_iwyAegnnz3SgrNKo*7rawcHwqK_hAkh= z%opC9>)Q^tBstUrg#vkl;Flj?%oy?=XTg}!bQ5)o9od$=cD~kvBSYT5$x8YbT7&%g z%essHW%Yv;S8QN{Z|xdrdji6&OHDK2ASVy%k=V%-7V|1p*Kp*pf=Gncj=GYWjYVz? zheXFQuCK8`VBUGa!f_z0;U2B)V?Njy(&uRR(L#bvsEr5Y+o4K(epD`6 zKDLmT{}7xImKwBBQF+v>Kt4&qG+pA+(Wx2AK@p$L>L$zTs8B52P?aCiYl>LC zUmu33b&2@!8{yn_nxW8z`oGb+egsBOGmj^{)2jKy?eKiCBIztkdZbG0_+|b2u>uaQ zM^161gtcGf#~59UKxgHJeID*pWOsaI{$W@@j9c^cxn~Rxj0@&|{LN+^TkA&lW>t^Q z%-#J(Lic)nGsMnabyd*Pwfrf1N1$~Y&{R!x9=S)7zTH`Aj;ZOOltvd6_lU1WXr4I? zDCAFi+)k$a=~P&ETaxG9>zFdp#fYdhnBjKXP$f3@${O0Y&f(Dp|KM7_SL6~K^pXm;`#fQ&&{9oX+?Aqs ztGjY%c=xHIL)d`%YAO2a!bQKzIT=#X4H~xu{-}3Ws}*aMyr!XxK9a9&2AxE^y9Etu z|00y^(*B_VN-s$|t5mIG;)R#!yS^R6e2oB8tBknaI9F6>URlh@RRgt9zA zdhHWeZ~SPilj`+4QNjjD8*IyO8e9Qvdb4hVfX{pU(&}ln^u64FwG~*X`j*pOXt*5^ zU{he6Haa#|0OTgcKs&?%NkE9}S!k#s4L9>bEH8K?N}t#Pd7YpuFAG@yTfVx}|8;p6 mhQDd&wnkX!KPV|v7dCdBhyFHy)irzb6e9!k%cU2u$Nn3~m5wg} literal 0 HcmV?d00001 From 18beeaa232dfd6be47ac8ae4b40229dc8c6b906a Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:35:42 -0700 Subject: [PATCH 134/161] Remove not yet implemented modules --- modules/main.tf | 33 --------------------------------- 1 file changed, 33 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index b72a12a0..394e6680 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -16,39 +16,6 @@ locals { space_id = "root" version_number = "0.0.5" } - opentelemetry-collector = { - github_enterprise = { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - repository = "eks-stack" - - name = "opentelemetry-collector" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Helm chart deployment for the OTEL collector" - project_root = "modules/opentelemetry-collector" - space_id = "root" - version_number = "0.0.3" - } - - cert-manager = { - github_enterprise = { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - repository = "eks-stack" - - name = "cert-manager" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Helm chart deployment for cert-manager which handles certificate management." - project_root = "modules/cert-manager" - space_id = "root" - version_number = "0.0.1" - } trivy-operator = { github_enterprise = { From eae8e080b60ad7a36283cbea10462f24b94d6177 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:37:36 -0700 Subject: [PATCH 135/161] Set default resources --- modules/main.tf | 2 +- .../templates/values-policy-reporter.yaml | 18 +++++++----------- .../templates/values-trivy-operator.yaml | 18 +++++++----------- 3 files changed, 15 insertions(+), 23 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 394e6680..bb32e8b9 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -31,7 +31,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.9" + version_number = "0.0.10" } } } diff --git a/modules/trivy-operator/templates/values-policy-reporter.yaml b/modules/trivy-operator/templates/values-policy-reporter.yaml index 4360e55c..6a235def 100644 --- a/modules/trivy-operator/templates/values-policy-reporter.yaml +++ b/modules/trivy-operator/templates/values-policy-reporter.yaml @@ -79,17 +79,13 @@ podLabels: {} # Allow additional env variables to be added envVars: [] -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # memory: 100Mi - # cpu: 10m - # requests: - # memory: 75Mi - # cpu: 5m +resources: + limits: + memory: 100Mi + cpu: 10m + requests: + memory: 75Mi + cpu: 5m # Enable a NetworkPolicy for this chart. Useful on clusters where Network Policies are # used and configured in a default-deny fashion. diff --git a/modules/trivy-operator/templates/values-trivy-operator.yaml b/modules/trivy-operator/templates/values-trivy-operator.yaml index 89257f0f..34eb4db3 100644 --- a/modules/trivy-operator/templates/values-trivy-operator.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator.yaml @@ -659,17 +659,13 @@ volumes: - name: cache-policies emptyDir: {} -resources: {} - # -- We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi # -- nodeSelector set the operator nodeSelector nodeSelector: {} From 71cd4f548d457b7e74d3da8de3cc890004cbf869 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:37:49 -0700 Subject: [PATCH 136/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 21aeb168..2d1f88b0 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.8" + version = "0.0.10" } From 879fb4f3b7682323a6dcb93572dc28c6bbb1054b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:46:48 -0700 Subject: [PATCH 137/161] Bump defaults --- modules/main.tf | 2 +- modules/trivy-operator/templates/values-trivy-operator.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index bb32e8b9..2a4c129a 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -31,7 +31,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.10" + version_number = "0.0.11" } } } diff --git a/modules/trivy-operator/templates/values-trivy-operator.yaml b/modules/trivy-operator/templates/values-trivy-operator.yaml index 34eb4db3..f7f00537 100644 --- a/modules/trivy-operator/templates/values-trivy-operator.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator.yaml @@ -661,8 +661,8 @@ volumes: resources: limits: - cpu: 100m - memory: 128Mi + cpu: 1 + memory: 1Gi requests: cpu: 100m memory: 128Mi From 3ef7bd727b2b5b033ebdb79c8f1642c9efb2d507 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Mon, 29 Jul 2024 14:47:03 -0700 Subject: [PATCH 138/161] Bump up version --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 2d1f88b0..3a8eb0ce 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.10" + version = "0.0.11" } From ba6caf6f07b62fc36dd8e13de92500014db01e70 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:54:34 -0700 Subject: [PATCH 139/161] Turn of alert and bump up scrap interval --- modules/main.tf | 2 +- modules/victoria-metrics/templates/values.yaml | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 2a4c129a..ca6b74d2 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.5" + version_number = "0.0.6" } trivy-operator = { diff --git a/modules/victoria-metrics/templates/values.yaml b/modules/victoria-metrics/templates/values.yaml index 9984fc14..34f6375a 100644 --- a/modules/victoria-metrics/templates/values.yaml +++ b/modules/victoria-metrics/templates/values.yaml @@ -436,7 +436,7 @@ vmcluster: # - vminsert.domain.com alertmanager: - enabled: true + enabled: false annotations: {} # spec for VMAlertmanager crd # https://docs.victoriametrics.com/operator/api.html#vmalertmanagerspec @@ -604,7 +604,7 @@ alertmanager: vmalert: annotations: {} - enabled: true + enabled: false # Controls whether VMAlert should use VMAgent or VMInsert as a target for remotewrite remoteWriteVMAgent: false @@ -688,7 +688,7 @@ vmagent: selectAllByDefault: true image: tag: v1.102.0 - scrapeInterval: 20s + scrapeInterval: 60s externalLabels: {} # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. # For example: @@ -914,7 +914,7 @@ kubelet: spec: scheme: "https" honorLabels: true - interval: "30s" + interval: "60s" scrapeTimeout: "5s" tlsConfig: insecureSkipVerify: true From 6fbc513f3d46a3901ecb4dc6b5ade2bb460740a7 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 30 Jul 2024 12:54:52 -0700 Subject: [PATCH 140/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 3a8eb0ce..a473130e 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -12,7 +12,7 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" - version = "0.0.5" + version = "0.0.6" } module "trivy-operator" { From 7dc8b31147fbc90141c372116e6a5a5d24f05398 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:13:53 -0700 Subject: [PATCH 141/161] Adjust interval back --- modules/main.tf | 2 +- modules/victoria-metrics/templates/values.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index ca6b74d2..64c8b69d 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -14,7 +14,7 @@ locals { description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" - version_number = "0.0.6" + version_number = "0.0.7" } trivy-operator = { diff --git a/modules/victoria-metrics/templates/values.yaml b/modules/victoria-metrics/templates/values.yaml index 34f6375a..3c22de72 100644 --- a/modules/victoria-metrics/templates/values.yaml +++ b/modules/victoria-metrics/templates/values.yaml @@ -166,7 +166,7 @@ defaultRules: create: true rules: {} alertmanager: - create: true + create: false rules: {} # -- Runbook url prefix for default rules @@ -688,7 +688,7 @@ vmagent: selectAllByDefault: true image: tag: v1.102.0 - scrapeInterval: 60s + scrapeInterval: 30s externalLabels: {} # For multi-cluster setups it is useful to use "cluster" label to identify the metrics source. # For example: @@ -914,7 +914,7 @@ kubelet: spec: scheme: "https" honorLabels: true - interval: "60s" + interval: "30s" scrapeTimeout: "5s" tlsConfig: insecureSkipVerify: true From 0121a378261074ac8b3594ad8db64de95d6f4a93 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Tue, 30 Jul 2024 13:14:06 -0700 Subject: [PATCH 142/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index a473130e..1b467c41 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -12,7 +12,7 @@ module "sage-aws-eks-autoscaler" { module "victoria-metrics" { source = "spacelift.io/sagebionetworks/victoria-metrics/aws" - version = "0.0.6" + version = "0.0.7" } module "trivy-operator" { From 4183734e37eddb5e67f8d9bcd9fecac9df298486 Mon Sep 17 00:00:00 2001 From: bwmac Date: Wed, 31 Jul 2024 12:36:01 -0600 Subject: [PATCH 143/161] flips accessGlobalSecretsAndServiceAccount to false for values-trivy operator --- modules/trivy-operator/templates/values-trivy-operator.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/trivy-operator/templates/values-trivy-operator.yaml b/modules/trivy-operator/templates/values-trivy-operator.yaml index f7f00537..0de8324e 100644 --- a/modules/trivy-operator/templates/values-trivy-operator.yaml +++ b/modules/trivy-operator/templates/values-trivy-operator.yaml @@ -101,7 +101,7 @@ operator: # -- batchDeleteDelay the duration to wait before deleting another batch of config audit reports. batchDeleteDelay: 10s # -- accessGlobalSecretsAndServiceAccount The flag to enable access to global secrets/service accounts to allow `vulnerability scan job` to pull images from private registries - accessGlobalSecretsAndServiceAccount: true + accessGlobalSecretsAndServiceAccount: false # -- builtInTrivyServer The flag enables the usage of built-in trivy server in cluster. It also overrides the following trivy params with built-in values # trivy.mode = ClientServer and serverURL = http://.:4975 builtInTrivyServer: false From f683b1350d7cf2f41b1c16bada63669162f4c503 Mon Sep 17 00:00:00 2001 From: bwmac Date: Wed, 31 Jul 2024 12:37:39 -0600 Subject: [PATCH 144/161] increments trivy-operator version --- modules/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index 64c8b69d..0b753f41 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -31,7 +31,7 @@ locals { description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" - version_number = "0.0.11" + version_number = "0.0.12" } } } From d037fba3e446b4835806988cdf45204631e648ff Mon Sep 17 00:00:00 2001 From: bwmac Date: Wed, 31 Jul 2024 12:42:14 -0600 Subject: [PATCH 145/161] increments trivy-operator version for deployment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index 1b467c41..cf55e1f3 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -17,5 +17,5 @@ module "victoria-metrics" { module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" - version = "0.0.11" + version = "0.0.12" } From 97cdff262fdc9eb3ba95e2039d8850022448bd5c Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:21:40 -0700 Subject: [PATCH 146/161] Adding apache airflow module --- modules/main.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/main.tf b/modules/main.tf index 0b753f41..d3abdbb0 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -33,6 +33,23 @@ locals { space_id = "root" version_number = "0.0.12" } + + airflow = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "airflow" + terraform_provider = "aws" + administrative = false + branch = "ibcdpe-1007-monitoring" + description = "Helm chart deployment for apache airflow." + project_root = "modules/apache-airflow" + space_id = "root" + version_number = "0.0.1" + } } } From 89b641f54e3844ca685b62c9fd2af32f33a3c3c8 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:23:03 -0700 Subject: [PATCH 147/161] Deploy airflow --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index cf55e1f3..c9b8b256 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,3 +19,9 @@ module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" version = "0.0.12" } + +module "airflow" { + source = "spacelift.io/sagebionetworks/airflow/aws" + version = "0.0.1" + cluster_name = var.cluster_name +} From 59ea85ea2c2c8096650a573b581b8a6e89bf2897 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:49:05 -0700 Subject: [PATCH 148/161] Leave airflow turned off --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 6 ------ modules/sage-aws-k8s-node-autoscaler/main.tf | 3 +++ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index c9b8b256..cf55e1f3 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,9 +19,3 @@ module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" version = "0.0.12" } - -module "airflow" { - source = "spacelift.io/sagebionetworks/airflow/aws" - version = "0.0.1" - cluster_name = var.cluster_name -} diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index 31e2e669..151fa817 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -103,6 +103,9 @@ module "ocean-aws-k8s" { max_scale_down_percentage = 33 tags = var.tags # TODO: Fix this it does not seem to work + # `desired_capacity` does not seem to force the number of nodes to increase. Look + # through the documentation to determine how we might manually scale up the number + # of nodes if we wanted to. desired_capacity = var.desired_capacity } From b931e5f92eb44c459563e60d55ebc42301a0cc2d Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 13:09:39 -0700 Subject: [PATCH 149/161] Deploy ariflow --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index cf55e1f3..c9b8b256 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -19,3 +19,9 @@ module "trivy-operator" { source = "spacelift.io/sagebionetworks/trivy-operator/aws" version = "0.0.12" } + +module "airflow" { + source = "spacelift.io/sagebionetworks/airflow/aws" + version = "0.0.1" + cluster_name = var.cluster_name +} From b2c577c9942bde61e590008e4f55ce5a4936b2e2 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 13:57:51 -0700 Subject: [PATCH 150/161] Update eks module --- modules/main.tf | 168 +++++++++++++++-------------------- modules/sage-aws-eks/main.tf | 1 + modules/variables.tf | 6 ++ 3 files changed, 77 insertions(+), 98 deletions(-) create mode 100644 modules/variables.tf diff --git a/modules/main.tf b/modules/main.tf index d3abdbb0..ff85ca10 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -1,5 +1,57 @@ locals { spacelift_modules = { + + eks = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "sage-aws-eks" + terraform_provider = "aws" + administrative = false + branch = var.branch + description = "Terraform module for creating an EKS cluster in AWS" + project_root = "modules/sage-aws-eks" + space_id = "root" + version_number = "0.4.0" + } + + vpc = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "sage-aws-vpc" + terraform_provider = "aws" + administrative = false + branch = var.branch + description = "Terraform module for creating a VPC in AWS" + project_root = "modules/sage-aws-vpc" + space_id = "root" + version_number = "0.3.4" + } + + eks-autoscaler = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" + + name = "sage-aws-eks-autoscaler" + terraform_provider = "aws" + administrative = false + branch = var.branch + description = "Terraform module for creating an EKS cluster autoscaler in AWS" + project_root = "modules/sage-aws-k8s-node-autoscaler" + space_id = "root" + version_number = "0.3.4" + } + victoria-metrics = { github_enterprise = { namespace = "Sage-Bionetworks-Workflows" @@ -10,7 +62,7 @@ locals { name = "victoria-metrics" terraform_provider = "aws" administrative = false - branch = "ibcdpe-1007-monitoring" + branch = var.branch description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" @@ -27,7 +79,7 @@ locals { name = "trivy-operator" terraform_provider = "aws" administrative = false - branch = "ibcdpe-1007-monitoring" + branch = var.branch description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" @@ -44,109 +96,29 @@ locals { name = "airflow" terraform_provider = "aws" administrative = false - branch = "ibcdpe-1007-monitoring" + branch = var.branch description = "Helm chart deployment for apache airflow." project_root = "modules/apache-airflow" space_id = "root" version_number = "0.0.1" } - } -} - -resource "spacelift_module" "sage-aws-vpc" { - github_enterprise { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - name = "sage-aws-vpc" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Terraform module for creating a VPC in AWS" - repository = "eks-stack" - project_root = "modules/sage-aws-vpc" - space_id = "root" -} - -resource "spacelift_version" "sage-aws-vpc-version" { - module_id = spacelift_module.sage-aws-vpc.id - version_number = "0.3.4" - keepers = { - "version" = "0.3.4" - } -} - -resource "spacelift_module" "sage-aws-eks" { - github_enterprise { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - - name = "sage-aws-eks" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Terraform module for creating an EKS cluster in AWS" - repository = "eks-stack" - project_root = "modules/sage-aws-eks" - space_id = "root" -} - -resource "spacelift_version" "sage-aws-eks-version" { - module_id = spacelift_module.sage-aws-eks.id - version_number = "0.3.10" - keepers = { - "version" = "0.3.10" - } -} - -resource "spacelift_module" "sage-aws-eks-autoscaler" { - github_enterprise { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - - name = "sage-aws-eks-autoscaler" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Terraform module for creating an EKS cluster autoscaler in AWS" - repository = "eks-stack" - project_root = "modules/sage-aws-k8s-node-autoscaler" - space_id = "root" -} - -resource "spacelift_version" "sage-aws-eks-autoscaler-version" { - module_id = spacelift_module.sage-aws-eks-autoscaler.id - version_number = "0.3.4" - keepers = { - "version" = "0.3.4" - } -} - -resource "spacelift_module" "spacelift-private-workerpool" { - github_enterprise { - namespace = "Sage-Bionetworks-Workflows" - id = "sage-bionetworks-workflows-gh" - } - - name = "spacelift-private-workerpool" - terraform_provider = "aws" - administrative = false - branch = "ibcdpe-1007-monitoring" - description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" - repository = "eks-stack" - project_root = "modules/spacelift-private-worker" - space_id = "root" - -} + private-workerpool = { + github_enterprise = { + namespace = "Sage-Bionetworks-Workflows" + id = "sage-bionetworks-workflows-gh" + } + repository = "eks-stack" -resource "spacelift_version" "spacelift-private-workerpool-version" { - module_id = spacelift_module.spacelift-private-workerpool.id - version_number = "0.2.1" - keepers = { - "version" = "0.2.1" + name = "spacelift-private-workerpool" + terraform_provider = "aws" + administrative = false + branch = var.branch + description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" + project_root = "modules/spacelift-private-worker" + space_id = "root" + version_number = "0.2.1" + } } } diff --git a/modules/sage-aws-eks/main.tf b/modules/sage-aws-eks/main.tf index 35c3b580..e8c7c7ca 100644 --- a/modules/sage-aws-eks/main.tf +++ b/modules/sage-aws-eks/main.tf @@ -95,6 +95,7 @@ module "eks" { env = { ENABLE_POD_ENI = "true", POD_SECURITY_GROUP_ENFORCING_MODE = var.pod_security_group_enforcing_mode, + ENABLE_PREFIX_DELEGATION = "true", } }) } } diff --git a/modules/variables.tf b/modules/variables.tf new file mode 100644 index 00000000..86d56d73 --- /dev/null +++ b/modules/variables.tf @@ -0,0 +1,6 @@ +variable "git_branch" { + description = "Branch to deploy" + type = string + # TODO: Migrate to using "main" here + default = "ibcdpe-1007-monitoring" +} From e776195e15fb4b263f61df42b30d51280e4b183b Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 13:58:43 -0700 Subject: [PATCH 151/161] Correct var reference --- modules/main.tf | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index ff85ca10..e4dcc411 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -11,7 +11,7 @@ locals { name = "sage-aws-eks" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Terraform module for creating an EKS cluster in AWS" project_root = "modules/sage-aws-eks" space_id = "root" @@ -28,7 +28,7 @@ locals { name = "sage-aws-vpc" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Terraform module for creating a VPC in AWS" project_root = "modules/sage-aws-vpc" space_id = "root" @@ -45,7 +45,7 @@ locals { name = "sage-aws-eks-autoscaler" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Terraform module for creating an EKS cluster autoscaler in AWS" project_root = "modules/sage-aws-k8s-node-autoscaler" space_id = "root" @@ -62,7 +62,7 @@ locals { name = "victoria-metrics" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Helm chart deployment for a single node Victoria Metrics instance" project_root = "modules/victoria-metrics" space_id = "root" @@ -79,7 +79,7 @@ locals { name = "trivy-operator" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Helm chart deployment for trivy-operator which handles security and vulnerability scanning." project_root = "modules/trivy-operator" space_id = "root" @@ -96,7 +96,7 @@ locals { name = "airflow" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Helm chart deployment for apache airflow." project_root = "modules/apache-airflow" space_id = "root" @@ -113,7 +113,7 @@ locals { name = "spacelift-private-workerpool" terraform_provider = "aws" administrative = false - branch = var.branch + branch = var.git_branch description = "Module for the spacelift private workerpool helm chart which deploys the K8s operator" project_root = "modules/spacelift-private-worker" space_id = "root" @@ -133,7 +133,7 @@ resource "spacelift_module" "spacelift_modules" { name = each.value.name terraform_provider = each.value.terraform_provider administrative = each.value.administrative - branch = each.value.branch + branch = each.value.git_branch description = each.value.description repository = each.value.repository project_root = each.value.project_root From 0bd50373d6840da15cb82fd2ad23f882dc3a86b8 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:00:46 -0700 Subject: [PATCH 152/161] Correction --- modules/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index e4dcc411..539cfa9f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -133,7 +133,7 @@ resource "spacelift_module" "spacelift_modules" { name = each.value.name terraform_provider = each.value.terraform_provider administrative = each.value.administrative - branch = each.value.git_branch + branch = each.value.branch description = each.value.description repository = each.value.repository project_root = each.value.project_root From fdeb6f6eef8ec15e791482aa53c49b539a407af9 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:04:11 -0700 Subject: [PATCH 153/161] Increment eks module --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index 65d62069..ae4322ec 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -8,7 +8,7 @@ module "sage-aws-vpc" { module "sage-aws-eks" { source = "spacelift.io/sagebionetworks/sage-aws-eks/aws" - version = "0.3.9" + version = "0.4.0" cluster_name = "dpe-k8-sandbox" private_vpc_subnet_ids = module.sage-aws-vpc.private_subnet_ids From a154a5f195c0a8670a5fdeaf5c310ef2fe4c61cb Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:07:40 -0700 Subject: [PATCH 154/161] Increment vpc version --- dev/stacks/dpe-sandbox-k8s/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s/main.tf b/dev/stacks/dpe-sandbox-k8s/main.tf index ae4322ec..39362d66 100644 --- a/dev/stacks/dpe-sandbox-k8s/main.tf +++ b/dev/stacks/dpe-sandbox-k8s/main.tf @@ -1,6 +1,6 @@ module "sage-aws-vpc" { source = "spacelift.io/sagebionetworks/sage-aws-vpc/aws" - version = "0.3.3" + version = "0.3.4" vpc_name = "dpe-sandbox" capture_flow_logs = true flow_log_retention = 1 From 862838ac8244f2de0b3f53681e68657065afaa39 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:34:58 -0700 Subject: [PATCH 155/161] Update the autoscaler to use nitro based instances --- modules/main.tf | 2 +- modules/sage-aws-k8s-node-autoscaler/main.tf | 11 ++++++++++- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index 539cfa9f..d64c5750 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -49,7 +49,7 @@ locals { description = "Terraform module for creating an EKS cluster autoscaler in AWS" project_root = "modules/sage-aws-k8s-node-autoscaler" space_id = "root" - version_number = "0.3.4" + version_number = "0.4.0" } victoria-metrics = { diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index 151fa817..d63e8cc1 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -91,7 +91,7 @@ module "ocean-controller" { module "ocean-aws-k8s" { source = "spotinst/ocean-aws-k8s/spotinst" - version = "1.2.0" + version = "1.4.0" # Configuration cluster_name = var.cluster_name @@ -109,6 +109,15 @@ module "ocean-aws-k8s" { desired_capacity = var.desired_capacity } +module "ocean-aws-k8s-vng" { + source = "spotinst/ocean-aws-k8s-vng/spotinst" + ocean_id = module.ocean-aws-k8s.ocean_id + name = "nitro-vng" + instance_types_filters_enable = true + instance_types_filters_exclude_metal = true + instance_types_filters_hypervisor = ["nitro"] +} + resource "aws_eks_addon" "coredns" { cluster_name = var.cluster_name addon_name = "coredns" From 51c5318b9bb07bc846a4b36d4f6525aac012e114 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:36:33 -0700 Subject: [PATCH 156/161] Increment autoscaler --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index c9b8b256..c3e1fec6 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,6 +1,6 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.3.4" + version = "0.4.0" cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids From 194975575a0e4c5b2f3f5c089809ee12e97af55e Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:39:31 -0700 Subject: [PATCH 157/161] Update where filter is defined --- modules/main.tf | 2 +- modules/sage-aws-k8s-node-autoscaler/main.tf | 13 +++++-------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/modules/main.tf b/modules/main.tf index d64c5750..b9bdaf6f 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -49,7 +49,7 @@ locals { description = "Terraform module for creating an EKS cluster autoscaler in AWS" project_root = "modules/sage-aws-k8s-node-autoscaler" space_id = "root" - version_number = "0.4.0" + version_number = "0.4.1" } victoria-metrics = { diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index d63e8cc1..bb6c87ca 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -107,15 +107,12 @@ module "ocean-aws-k8s" { # through the documentation to determine how we might manually scale up the number # of nodes if we wanted to. desired_capacity = var.desired_capacity -} -module "ocean-aws-k8s-vng" { - source = "spotinst/ocean-aws-k8s-vng/spotinst" - ocean_id = module.ocean-aws-k8s.ocean_id - name = "nitro-vng" - instance_types_filters_enable = true - instance_types_filters_exclude_metal = true - instance_types_filters_hypervisor = ["nitro"] + + filters = { + exclude_metal = true + hypervisor = ["nitro"] + } } resource "aws_eks_addon" "coredns" { From 7e20928b60d3bfde778f2a26ae9a9f3caad33fdc Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:39:51 -0700 Subject: [PATCH 158/161] Increment autoscaler --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index c3e1fec6..bf6040bd 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,6 +1,6 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.4.0" + version = "0.4.1" cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids From 3ad49d5410e1e17f0a398a86748580818d45c131 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:46:36 -0700 Subject: [PATCH 159/161] Set required properties --- modules/main.tf | 2 +- modules/sage-aws-k8s-node-autoscaler/main.tf | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/modules/main.tf b/modules/main.tf index b9bdaf6f..e5f027b8 100644 --- a/modules/main.tf +++ b/modules/main.tf @@ -49,7 +49,7 @@ locals { description = "Terraform module for creating an EKS cluster autoscaler in AWS" project_root = "modules/sage-aws-k8s-node-autoscaler" space_id = "root" - version_number = "0.4.1" + version_number = "0.4.2" } victoria-metrics = { diff --git a/modules/sage-aws-k8s-node-autoscaler/main.tf b/modules/sage-aws-k8s-node-autoscaler/main.tf index bb6c87ca..10980c99 100644 --- a/modules/sage-aws-k8s-node-autoscaler/main.tf +++ b/modules/sage-aws-k8s-node-autoscaler/main.tf @@ -112,6 +112,24 @@ module "ocean-aws-k8s" { filters = { exclude_metal = true hypervisor = ["nitro"] + + architectures = null + categories = null + disk_types = null + exclude_families = null + include_families = null + is_ena_supported = null + max_gpu = null + max_memory_gib = null + max_network_performance = null + max_vcpu = null + min_enis = null + min_gpu = null + min_memory_gib = null + min_network_performance = null + min_vcpu = null + root_device_types = null + virtualization_types = null } } From a55a11dacdbafdf5ffd191a668da6184cb777634 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 14:47:02 -0700 Subject: [PATCH 160/161] Increment --- dev/stacks/dpe-sandbox-k8s-deployments/main.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf index bf6040bd..8944035c 100644 --- a/dev/stacks/dpe-sandbox-k8s-deployments/main.tf +++ b/dev/stacks/dpe-sandbox-k8s-deployments/main.tf @@ -1,6 +1,6 @@ module "sage-aws-eks-autoscaler" { source = "spacelift.io/sagebionetworks/sage-aws-eks-autoscaler/aws" - version = "0.4.1" + version = "0.4.2" cluster_name = var.cluster_name private_vpc_subnet_ids = var.private_subnet_ids From abbe4127987e8b54b2bc20f92cd837be6d6a9d13 Mon Sep 17 00:00:00 2001 From: BryanFauble <17128019+BryanFauble@users.noreply.github.com> Date: Wed, 31 Jul 2024 15:45:25 -0700 Subject: [PATCH 161/161] Remove files that are not needed --- modules/apache-airflow/data.tf | 7 ------- modules/apache-airflow/variables.tf | 18 ------------------ 2 files changed, 25 deletions(-) delete mode 100644 modules/apache-airflow/data.tf delete mode 100644 modules/apache-airflow/variables.tf diff --git a/modules/apache-airflow/data.tf b/modules/apache-airflow/data.tf deleted file mode 100644 index 765d5620..00000000 --- a/modules/apache-airflow/data.tf +++ /dev/null @@ -1,7 +0,0 @@ -data "aws_eks_cluster" "cluster" { - name = var.cluster_name -} - -data "aws_eks_cluster_auth" "cluster" { - name = var.cluster_name -} \ No newline at end of file diff --git a/modules/apache-airflow/variables.tf b/modules/apache-airflow/variables.tf deleted file mode 100644 index 93adc5a2..00000000 --- a/modules/apache-airflow/variables.tf +++ /dev/null @@ -1,18 +0,0 @@ -variable "cluster_name" { - description = "Name of K8 cluster" - type = string - default = "dpe-k8" -} - -variable "kube_config_path" { - description = "Kube config path" - type = string - default = "~/.kube/config" -} - -variable "region" { - description = "AWS region" - type = string - default = "us-east-1" -} -

XdYwLbjB zi!pPrQ9I?>y#8r)q`+RlQ&d{V$vLX?65OW!toTXmSopd?j1i2Yy^q+gR^IWtz*9ob zla~R46WDaVm*dg5ri^WQowMn9=_qIYw#4wyRN8BXsLf#2xsWtm*7FFY^rw~8j6r2< z9og4gF823emMx{J>O8nO@b9a?3`q!vE~`yW-FIwFvPcH#=93JN@8^@}hDJ$3b}cX= zBB~eUd=gEt;!z958tq}qL!qd*T1FPpg>+Df$}2CEH$5+}Cr4*~kgHgSA~xhet~a%F zM~htqplT~MRi5)!^Q-xr^ncZ;Y_cXg25$KAs8FlddC2jgt~N_-Yi(r$AyZ6B_PJtc zGG+DW1bKO2U9|tqhvN-{v+PA$NPUWIQ|sfitrq8yjH2PM8$%WVt$Qe^hO7 zG!1%B9~KXQyz$sKR)ZJ&3qj+;i8BTM57%-9pR6l)rpxte5@Bi98)bEqy9aQ zr-prISp#T-V@2`}n(mDWOqYzD1UF4nWe z#{nJAz~42A^6(5sGX!@flQV(bBkNo3eXpo3y~T~g0u!gJ_b!;pxlV)h;5ZMdV#{Me zPW{lmWZK^isP7onYIsJXi{fG-B$52o*T;3%Ar=NQA%lt!*?hraeCn~%Z|&To62Gh1 zjj3BrRb-C$y)NKRy%PoU-LPVZ>aFv9Wp1I|xQ!omYG0+u&E{|Kf#Lh#;jgzY)eCZW z6xd%@q)zomfEl_dsJ?f_kC;BGDjE<1D?dZz0f7b^v-wtuCd$Z&c7!^&i1M##Mwbb% z1c|TOA24_QiSZdX)pg(W=hbaqf4E3=VSMlAa0{yC35IVr{VYIpL;#LL=F7ZA_+;&gn8Ba-Yt#yD@m`PR_1|MGk*s z)OcUoGpqM>cbfvi#H5-PfX{C;T^9CLz@cAb5V*u=2AIX2aKD|)b7B%Z`4RNYxePcb zKQQ?gm+~vG)u)B}snwtaMfrW0Tr@fJ<5InY@!iAi;fa|YO?;dXbCr5~lyDyeI9WbX zmb{@5$EIDTL!%E-NfX4$$jA_M{r$qod!KK}DLXq`(Ce%yEpvJ{>lGq%G>gsdcz%TK zf-;}qoyXl#7q;^~u*xIou1L}GIxO?{@-W#ZJSvKhqAi|$2OwX#0P>|;oo2$Ak;Vn^ z3^v$#S&!=w^h6&06(4*PK$w4RvG~yUre$ju73v9iYZ}ngoJIq?{D)bKkR61##e^bLV(KH)AHw*O>98-B6Un0 zjh8(b)M~Sk4cP&zY^U=aPcE*b(evDpT`h2e5+@ELcphIu<=_*Nfeg&&=8U|M*DW8;m z%~T#ACnyieCfxdAZ}%d9K3Bd@V_JHAOMQ{YQ|YaU(LC!=@fV?+VxXSs-P&(m1GE$H zxdZLlH*A{y#%vzUY?GOLqBYLW8D`7bMR6eZb7$uPZ5%1Imm=dCQRPzv!GkdpB%ePn z-)BlsG?|+%wwm1z2liCpNsRn;7hps%zRzr}4sh7D&ArObH$uzrUP@oZ5MK=GawHK? z!=yUkU-T91@@;5d=pjB(X4Vq8X&v$Qp2$;Ln2bO3yx4mauRYQ#zp&vya?DW?##ZRo zO_TujG!n=wGQxk=nSUa)?RnIE`!|n1URZ6n1mE5wDqAm2>p8zv&KwH@v2sID-C?}Z+Rvo|6+aPk z8n>~*E3!O$_6(vx9~k-6+fJ2cTQMxuJ0!o@0M_TYf#f+Pi(2<*uDbB94XCc;6g;-E z>*lrAQ;xS6c1nYd{E)d)ZO%WlRdfatcGU45{mz^H^4m(aHy8U6rd=U@4d;<0$SD+R z*5tyz3a4=s7PGWP)xgg zH(tEGRYXh7*0bN(F+h3s@XBLx#e*E=van!k`5e;tyR^d@;jH%p1cBlYt1Z*9z9nUgAX6F`c4LfTP{%7|q963YA=bhI@Q3Dz`zP=q5eHgMa@Ac57I zzm2Ns%*r9lYFftMfaUqwI=duI7;C3O_}kaYY*nb0NpV6eFgJed^B_WdoRdz4b>OwA zxe2JL2D!-(TSG zYJW^6)JaRJd?qUJ_dCk#cwV^%qhzBUkgDnx3*2E44t}HM7;Pk#gwccmE%hmISddAh=tYK@ zcgT11fn5R;8TdW}fIkM6;Ro}SSqmyCdARQx;(RX<(L@ua=Nx(qK-tr_*i=S<=j zSKu>$QAhrLo&@*NcQ}q02R1dKh?B4<8%k~_ymB8)Cw%a^k%mc$a%L6erNKgJm6Of)lo516DNETjpgd8dO?;d{D8sNQ3y*Pi{nXP~cZ^^=d?)TxL zE7{b4w@mlLy%Vvq(aybBwZwL(J%nx`>J*~RCio*3Uv4=^27QS3ssCtlOWZ!~i6R5; z@I5+`WfdJNLP33&PT|Db5pY9Km(^TgEpB^Bk-XXpE5Q?lgoL1*#opd$Le3iyrP{#3 zC);%3-pJ~7ju`)t63*JZ49+gFEt~kU)^33i>AhMkUSUK;M2k{~m5GT-L)8?Y@7)y+ zGCJX;sIo~>X(_7+xIiIU`B;f>)%jb!Y(IW>v`80Oa~2p&-{<%`WLN=rCDnL=W@7j? z9JE*}K+zZ;>;-~Ybrw=`rvDpzT-L}nfr^~);G3_45GcaK6`enS@ijj@n37jBbkH-( zO1W<8#Ot-pdy)MB5J&BBe=`Rh~ zPU)?jaASygwJt_Dm%w&E6Og##r3xIVDX~S1KbF3FcsO!@gk*s>>adYPL_jP)BiGHy zx;X{^O`w*nFDR(v6C*MZFu<}Zoc2RNSZ|Joxm3X*ZPuuAX~F%->HLuVvEkfqUb*yV}JI6;+G6srz55 z4A?%0Z9n4++V?)DVnB@_@KlaBlbHX+9_th-Z1vLEtbV+AdgIz;&nqmGD#G~(rBsw8 zk2f>4JoJ$S`667UaIoJV1N>d8z^NrKP0X7R$T(Qf!1nVs^6SL9l}2JOd`Rk;3PfGD z1{+*=aGAyp%7Ncn7SM679$=$`WeWn_c^hdY3wEdF%`Ape2_Du?iS}tjNA7P4h!&0g zu95ZY?Gx*nb3}nFoG28Lz@2v!z~Vf$?(yyvd%Qpi-TB<$`^%jNd+Q`DC=29T6Aqdl zi2rx(F<@k#Aic<5xt zO?%Zm^CRE+cwvmtt3n)#OpK{hYL&uq*=OJ_r*B;la_HuFA~fn#8boNp1OEDXH9}bc zDr<+N#T|tx3TRyg5U>Hi8AWY)FFV)Q!OxdKRv*M0INK;YSOr(rIG%Ubyw+O{(UorE zo4C9QH{fQ@Nc;7!B9BB@x!1R=ART6$_2Qw;lOkQXW=%ctpA4WutuSp%i(8-Kh#<~J zv9?z79QHC)5fh1|SG6Gj3)+akRe`}lZ!P1I{Vrgl$T`VGrRq*-tXkmm81ju7if;TU zh>)pXFSR}=MVQasjF0}3X~KM{^4s9AND~#~mP#?Bby`wmRR%<8CGaT>#G1_nh5?&- z2#pj9Dk-jGQ4&8y{@pVE4n>^?^=XX6LkBQ?w;twCstxUbhAtk0;I{0h`ADUL8UdU8+{B@91y zQ$+Cl;^$29zxnoWsp)7S;1Z$c(UDFff^o>KumlWBF`$77@g)n`;i2A-UGYi+QMWI{ zS9j04o$)@)b6J47%rztnn#f(kE|m{gh?#@J_loYOy@=X$mcL}5^sKN;VZwvmUsCf( z3W77nn}7Xu1h}1m!4+Z{?*rZ!Z5R-J@~;EGNiw|R!rvPr@J43J(Oy7}&RJeTsf@hu z5JmV41}w59(Gp&lfcbJ4Q3GSnT*CasyWNUk6c~Q@`6iX|hUOgtx9_LJb)M)zdlzQ3 zmolM>^B-f3+H>?T#npnEYD<6ZlhL~;{Zk8E)J*oGePM~L*ubXB(e};MY@Hk4qC`Wt zS40<#CZ2Xcru$ifRk8$+^FBF8umAA?$b18#c7UV@c& zF}2$LvU0`tUY^~NkfWGU_8^P>TV5|UmS{GC;oNcr=s*&C7jS-_FJck}^my6+xC%JH zukvR#sfFw-bkHqr9~?vjLq4mUa>Hgq0HMa2m_6KGpQF7FSa0z><+2>5j$-}b8lZ?E zgpSYj!rs>T$e_u!xTXD7c7vMPzgmDGlm_R`@RnAeYv=2GfViTsDXz3sa@ij4zB*oa zI@yp{!sAQzohs3!e$H2%1mM*Yse;f$0apWCgV;^}K3nc7^9<3I;Vbf9_ev%CbKuqn z@H+mBR7F`$Vrj+FcG)4-9>yu??H@iUF3_lxJw;EbBJcN>4giZl*$Iq*m$?cG6j^m; zr_K5EztAH1;Z?!m8IaC!Tc8F%z43mL)M1ctW@NsvqRhBR9I9kw>NH?S(59MK4m+Ri z5ti&p^^9$nVn({TTJOu6@JfcxN^X7P6!*ZtQaYSBYW7vquu>TYoLl zYIA&k6qH$LoKq3c_~8jEQS+mHMh2Pj5MD+Zz@vb!F-)KSR#H1~;|=o?h%SPA=HM0g z>VpTiml!6-1DjbFCi^E&_HG|uMj_LAbRxwYaau-2H-k@{h(FUZKgINWHo6kLDUq~T z?Ubpy7_n1}oa6EDZL0P8A)}Z{wm<)|M`g_hmSyauE*LGVNx-5d`?ZcDe~V~1bBwpr zX#H6viGWaAb7E$ugpY5_@x?xwL8A{&1mSR)HClRaXbgF%T7G}$oDg3dvVRwFNvz6y zhTnFX`1H$)yt+k><=Fdo6TPYI8^7?~G>|}R$2_uBN zGnLrRS9!EWalhW~f3L4kwok37s92?)wGt)$I8$K=yis!GR3sB5!)$?rrcs}zER^*< zzQ9hRWr=j{S!o9Vw4Yx1yfWdx7{(CUHDE9T0oacO9{ug{SkL#nxlQ;v+JM2X0yOZj zHC*$bVUMaqtPERT2}bEp7%o@mGl5LZ;a?5d>B3pGGtEr{6;%eBJ%IDe)mI-s4b>mL zLz~B0iGFpxN~*)BrK00dHGHY{>^+~XtH@pi2Vj?cma2R~1wes~YW?1WkXwY)bDK?X>- zo0whnh4G7*Z8hnvnxo?g{3wCRri@w?+cuLi$hE2trZp3c z?<}+3Axot)b9Il*3F&lv)8<`^bg^SVp>SYwGNUX8+2@JEXgQ%m_n_j5?HmjCrHB$b zvR_jJM3$=5LVIexUX_rmmM;CE=|9!=!{KIG?u4lfeH3Pqpl7DAW{=R z3;<#KTOO*R@_PB7miKSY{TYKm7`^jL!#|sR@wQVGX!PduC_rw3iUROpzi6t}HP6XA z95dIh{c?rUmPyj z9R-ScZlR^6saf}&UtCO|xj8xEaD~}h4}Er`LprO|tP^s15GE%lA8VHTV9;Pf+OGak zdq@m2AO2(}hi!V)VT>^yMn;;6uz|mjr>ihop>F)aX(UskyN;c#O4H~1`kJ)nC>sGb z_)3yNQ&bYlY~vGJhK?WFASa<5a@d-j3Ug2o1lh3?d^**jue*!*!hX3#b~_>UkplI@a1s1f0a8i3ZSM81;c)0u-&U0I>(1 zVUz24*ms3wjwjyrPbSFxEeX-V#>UI`%X3YmuIGO=URfaUpl0M{UTYw|#v%bB;rvLN zltl)iKD>O+`2hqOEijU z*JtDPp!5(S4MA`cL#SeIBwIaB>}L4V9?3u5BY^&0Ta5pb7Ec8^8~+==qy-u##Ofw? zv-q>rmRgil!43ix*Vy#NM_L>nQEjWfyh@a>)r|P{Pdpi zC{eI5fQRD8KWKD7P<8Y4?N>~N)frHTQ(t&b!$C6;VB|SeFpQ()z{)E}8X5&MSQ^l= zP*qD=yzU=ysd@r3FO=a4{7kLZRNz;BeK^ABu$e!wI~E{|8GLGe0(Mv>v68Wv$PXP0 zNad9)C&WEE>{G@>-QqwHc{O%}?`m*}{m=Fdg=>FA?P=#0Qwu!S9#XshSyVzBE0tq} z>={YR9IpUY9M6c) z6clbUNKh(Z9WY?0FYx}jvk?IJKMhrCXo`5W4;FQr{YpPG_7ztv6xLlW1T?s%N(Hk# z&R64^$zq00qdML!@}Y*O(n5sHZosxW?ZSGun>{_naPW0XsdbX^4D7KWO_m|rK0f!o zElk`&pVKYPya-0>cybWm9~1Id&?M!HHxt>UX(dEKc7cP=m@2}9ftQ=NUgxnbKKMy)>3stjqx? zi;l@+b$TS-yf-*V$jHI^M?f-+6>_mab;cbnHUz4BH=q^H)8ERL3f=Iq77`Iz2YQq5 zmBXh>23%vU-XBpNaEXfv8!d3T8XZ?(52kQSRXTcK{CNchnR5XX12(-HCIhlh^fQ&l zoIi$krwE8__j81pUW?giEul{WC_Y~tU!kJX>wGsDzy$-LC>X>6m}GIwE(@Z8gCWK5 zgp(;mks))Y$6uxW>rkHQ!o%}BQ%v{SaX!{8k}COh0K{9*C$!u{0{UF!d{!+DM&QdiB3fcKd}G9?U<#Alhpf zRXG%Gqx3t%yK(*-;{SbcAfhGjm`y@kzP;8vhN=i3I|!=|dMbvm4KaUOl(#9e*8J ztvV(e^>}D8X)8XICZU0suMdrD?3P}3asye?@$4rus`|lf9SI&| zoLXziZfdbVU*kkEU1=CLQ+XZ)l@g7hmCLdRd)lUfP=6|}6pE*PO+Z}IV*Onj;|NPb zdYqx6iv)Jbd!C!?<$Vhs$f@|&AJ4rQ_RD{ryG?mH+Q9+;vU&D36a(Cb05H|3UQ$G= zs-Hb(o!#8Jfw%%}iz`1?op~djpW|%d-LL=@Ev}!ai~5xi%7c=f&vruz>b+Vjwm(7^Cfro z9Nd~wf0i0qF_0@xJ+ZKcYJgDssb_`*fpDn|>n(A7I63cr`{tKAEdG`8J?U)55Ge+B zy-bBI?^498guC}Om*7DP(A02@fkdKY031ptDFMWaF+g#%WWp1G&z+J5+?ld1{Qsu+ zCu$nV@*PYB)J*Ze6j>s`b>E)X5q1Qh)Z20;z{%w(3IRm*&P2+7ZwobDJ^2ML|it0Li=Csk<Zf>Gm3FwX&>h zNf7`WWG4(QecaE@*4=9G{Ea)Vlxy#JCu!6ND0moD3w#61U~LVIWju|RTSxfODU@=L zJu_zhbiXuVLKVZg1lM+G03R9c{*BNcT9=5{S&?zD7dg{!cBJQNa3I33YQcAzm&`Q~ zyLlJhgO*Z=@B}@teWh+?dNv_eiG!pQ0H^2DN#g=A#Hrgn5g)t%r2&Zp5eTt5X{rO) zAXfI0TNVJ%%l(d;XQjr=5w`znCiGx+wdo2TbbGlI%D-m)i>^23{duO1-LBl|23cu3iim?OzyGWoBOyfIW^z03del8U`vfZ8tmuXWnbU%U zQnq;rpOr210kLQSe{8YV@dpheqzwmE0ou5*(=ejGf1mBYOl4U>9l-svSYzP6(EeKY z_HNU^{;?Z|6LfUeXC|(Tp^;@(twqdj-C`@|_viVa`9?m2k$nF$nVoS!(26?mbEzyq zVbMQ1ca`lf)_{IgYH|K3BYYY*p$!3m6S;T|m6X5wIG1upBLZV#0?4}2w3XCrUG*Gu z_fMK$lM@b;<(p#3EtKPj)kv#&jGY`Sm;EgY4O$S)+aEI>MQfi6Fm#VQ%zwkeZyqLSMCcArmTtaCf2S$=!x{&p z*>aUU9p*&<%i}+R^}Og;JoXje(3wgHtZqz6zj z8D$jdv`K%)bN{o5*^U+}T@u^%%=EEMtVp-CB7kHYcFPb+7ML#5iJ0x=hJj5kOrK7S z8b>bfDp?cK`cUr-?{Ug-e)M|`QE4S-g`oF@U@u=>+tbl6ivXv zD8~7|3Ld0cZW$N4wsyJRi=8X^qm$Y);q6Kzm&GEO*LISZyrY;Sp@#a!{{8L8BE#yO z7VnMUVV2`H!7cmS+Y$Z`jbUUnmHnqx%IPR?pe%{54*N&yE{koxto>pxh;MoqGUstp zbfxHe*|Ya*Rv6!4`qPCDcBq>0Kjpq3Ww6t2NmMfw-}9d4Ywy*%t&}uQ=zCuh=dTBl z%g>8A&I_Nj7579*e(`>9{K7LreTlEnR4t4MCD$G1G$;#zGMP+E7Sulq)aY9pU_txh zbxmcTLp+za@#{ReAyy0{^vfv!#-E8Rn$B!tpn6xgv*B_w66AVvGH?(M9&C|#J9pND zDYqm+mcA9j#u)y3F)b>n2FjT6T>DoYqSsjt{U|@hte6P*cZ6Nu)(91yOBv36mtUV3#>zEpK9?O?1`LpvnrgbHN|QUI1TBvoAw0C2VTUKX z=}u>}@(9y5v<5HO&C7hscQ@%pOJ!r!3l9tz*84XjP|5@?lrE@5!_G)Rv|L;-j50D( zU&W!PjE}3$q&sb$G0(Qy#TO_^OBSGU#Fd&ySYRGq4B5;v0)z1sz7O0?2k963`R|!` zJaj93WFT}e2^yv2^j~Ur^(b+>8(2CI0zozQM{YAkHP$c6-!}TA!%EgLb|NM&b%Eqo z4awILVv)AsGBY}!*(n&Gh`d>chIm`?)(N^V-_ZYXqX(MkWLHWt+z!VQRF^S&X z+2o;I9N639do-7mA|*WoaHNCU7~qo#LRJ%oCms*(8A$Mr0X)75-G{dsY>jZB#NVSX z;)PXHHoic+S@_=+q7#@`6u<##RE2{wDlXDYC)aR$BOLrdUh+2@lVqi94FyU3Vxoe|d%}1AT_7Sy8IOiIUXt+<5QO{wM?yxjE+JQ_bu&05< zl!xg51loTea?KFPb6pCGstZRr>n3(~<(?1|kTbg|ds~|i{}6h{`Yo76y^cJIO`ooi zWVT&EnOp+!$XcXQNMfOD=QPX-SQb165E`mnoAUP|fRZs~&Qf6cbZl$4Z*ur6%L$Tq z8;ZFTBlYaEkAIy(Q6?xvqJIGgKGUi8QOrAr)`f5r;i`zG3^7lfx>~BR0+%U2=gaXo ztmvAL&Q$sSa#2^9w-*O-b}H$u;Q)^N?6PHvc_z=rklt<`%L?v3>E^52EF3XJ?EW&6 z#*OS>p-(V%vboLz@!UA_!yqa9*(ImBvD;{VYeYgN{+~|7AQ|(kJFS1<>jsZia<6mM z=-XkjQ1cd{Mq~amW2sL6c|Pxh_Zk&yhRZTsANt;3Z|u7eJ%*&Grw{AQ-%pn?! zFuj|_nXTn{SX9p)?@pj%l+$vy(A+zL1Ygx1hi~2fehu9bo|4{*WjBAUKYi#VJIkZ)<($*CYL`zwDS9|Biq2lug*?ar4;+4Q5MD zBlG|Z7o#8ZJ(P79*#(%qNr2blV)wSN!4st{jF!R&*`Xr``GYJ%6;~!^*ZL$2c0>(5 z^8eC|Pt1oEv&rf&v_h1(wh@=~6VE{DGT`et2<#*Z=yy}Xguz?sYGl#Z<7-1>&pf^f zpG9R{i8hDhvqTaqr4Cenld*@A)!F{s7kTXVKy|{=R*v681l_YOuSHEMkG3Db>p=nU zx{&z-lqCL?Jyt#f^dS@ZOmHo2nH~B0MB;fG#h)?| zf9EzkYir@d5|@&D{QF&e4W8?%0iw%4_V2wL8VY^@gOmLAtj5Il_V(!JT$)=E_Y>N* zboBv2`|wRI1>~&^QNPax5+O!eWnu;V5Ry3q;1>EDxJ)9B&jnvBFQXi&)q`&>qbiNt z;}r5!+*uys{1<`dcIafL;sFsDzNQ|Y!$TL`50a}k@LQE}{@hsao;A`YwMIv-9*h@9 z*?vEZsbw;}@fP**pkhy*PQIiN_9CIX#L!Awf*A zO62AvFChp{40yT!b~9=3`x{fn8RDxgIs{|?PlxAnN6i;+77H7yN{;f{&RJtv1NUxn zmh9ecNbe#WZmx^pR<7@D*oCVXO*hJ<+mZk%i41wHJB5TBLg}MHgo1WwFPqE-FHHbfsImWO zyLI==inN<~-+|~dzkbaP4J4Xz9Ve1^lkTo_9UrmG&fJlS9{d<8?;k9*Rh~H zssQYw6;R@G5pOULY)dCf3#Vs zLUlZLkN9wZNo6}%WAqw=6k)AR1V3`|U>?xIYAfnq!*3#KMgVK^KjhG>wX~Fs8D+Q$ z7#x^+i08<<_uCHyrZjsLF|@h<2h->WREw(BH;>@2%IVGP$!&<)O(quo3CLgTV+Tw? zsHV~BN6nvk7*)uFo_NT?hCa*52Hl#qeyfZWIH>-|KT;J2p5H8{oCni+3=cEjCbC4B zvnGt(p)$F-y8i6v3m-7n3Dw+(*JwySPzSV`?5OEIyX0Yf;ThyKKzd{I~leUgCGA|#`FF`9tO9eEHBR>m1H zDC&NMBe|s_ivrd|qjs?XAm1xNusx9e%$}}}{ufBaYj$)lBP(MjmfE%s!NC+M$iH+W ze}~vaO} ztl7fc^EZUmFxK!t3~$B(vZYOLIZ~TAe%d-xlA*g@9iv5W3tvAY|JADvOI-}V%$8%H z4bRqX|M!AmLPAN4_7~JH(O=a435oMQ+5tQt!@NrpgRoF4GSN0MW$zYL8)1tKH6Zr};h@pv2 zoW@N7luN=t7fj!+kM$8$1EZF)R7N(4?pgDiPOE!0xfHU_Ip%EcOy%$C)|g0VhsCTU z+c{ieQE>a%8impf(sp~mtkA70-#J;Y& z*@{Mmc&<&F=P4$l0qCxaGL|>5GCY|nn4pv&7Fwdk67{}YA&|Cj>Rxrx8@!j@t3j=9 zCkJO;DSrQ%%u;OUOEF>h*LI&{a=;ddA4U(%uDg`?ZkM*Y?mILo9OJxXkx|40{GHc~sfl$fab2Zeil8L7(C%S+nZjiuvq^Yp`H zg(j-M{X7j_V=?Jud5CtU5s=2nfCbZelJ8&s0=T5IaqjOk-O6>>K7Gb(hy>{EX1j)Rp|m_~8hD>Ez- ze!Ys|-DwGdv24Q#rWoCDeC2m_^5K{v7-Yds=cIk*?IQl@F?xf~!+uS>Rp<561%Xc4 z_JcHP!@F+Vi5k@X)37{>CIm9F6(jI39QT$RC;)aWltfuWfY+tGhd#M%#=TeMQyfX?C-P#Yn+=4`$V15SR5jb=(?<)1D zH@^z?cxHu2?Ka@4!w%IhmuOrb$t>? zytVIJKb*tz1Oa2E>@`G~D{2wKc9!!MiZMx}GQ`?7d~L<$7HeYXWYHoq(ox{NfBxHx z@AWSv3z`9ygB>tOmihTL$+wyrN4#1Ze2oq$qR!Q$W=8(MIFna}x1)C1Ep$3kCZp^? zM>`8m?hSoegykT_fabb0j|VUp$%dKYzMpL8zAFgs{lhoB|15{GAl1Za#9>qBf=M1`fA5V$BA_Pw(c-@YDh^w z7a>Hi_eOVAr0erd3_sf(^!?!|7<>V*ol-0|OjUn@Mq#DEbU zDNlh4*38HlH*$1F1NDN>!=1bVo3U1%lcS?_A;(hHNlZ6zSz~%f&T*?~4DVI%SL*e+ z?h_KPh6ckg2!Q2T!pP32V6*}6gXMed7%z^H(;&{ZW{8O$0Xaq>Q?a46szvs_nW-@s zt0>2E*F8T??1kR1Y~>Y?Pat*~Y0nUOi62#Z?;07MyIhTZ;Ea(YFfrj(p2@^8NX;c8=(D6_=FEL42rDb5U>Ffv$UtZ4@@o%+GlKsxpN@g8|l2EG~z z^lVxo>cn&3KiJ-P2P$a$4Eea=w)UTu$NU67gY#$&SL40ZyV`wzI17TP$v4~TL}UvKaN|ChKt&VfUO z9@E;yQBHPt;sR{m=XmwE6ck&-&}hEWB)OuY|8Rc|5trlETC7xdm{!YnA{R8?(P`fg zdoXRdfsV3u9nc0)turc1oow{s5EFk%of-%t7sD*B+ZQ(dMZKA05{?$bq^G~417JAh zhzH5*N6k-P7rfy;ra#BTAOsc5xQwM~obPFL1G+xmnDgBwY>AJ1^sl4{{7SW(S(aPg z&6A6G;tUTL2isUe;3(OTFNgMiPreEZ=dYQrSPAcxX`2X$4>`;I;uT&}=qci6$)3(! zTl(GcG)>4m`!knZ%pIopquToeB6i*2!-0F1o(h2?ZA1V!y58K2+eLq&t7JXQ?X}i= z%xr1(>%u}sH)?Ps1X>!bdg&?l1j;X{e{5hGLsd#47|_vHIV#lZ61UwAZq)k=&v-Ij zM2gn|UB6#JWk!^Plq|G;#C;I4n>k0*n&*Gf3=tV0Z}z4Cf%v@_$t$YpNLkjV{Ivv= zz@c96N%Y+RjL0AZ713ZvK!O#>)2m*9!xh-ZuiI3hUx~2PVr1YK;W3Cdx<@Q9 z=9e&Ff}@E5QQ(=!$6f9Nb^)V~itCu6Q59+U#-@fhL(ENSS%doZk5g%LH)-Tl3&XOK zpswXJ%v=2I`+$JNPh8KB5M%F%S24?8Jexa{od(Q@~tS^lceFm?5fjkQ!3V3b-o0>LqE_lxC#&Qu!4 z?gO@2VKh>5UH$!NfL4WITZRIV8}#+|`x#S4Bv&NW%V%Oq@Fhnl?~H%w$mwRKw=I3` zl}C`Su7U5XjPtvur}~3(&LL-b5Ho?08;4E}!o|gfa~qXRnwa(m+Njg5ykv*ny!$9` zo|*La%5Gvfv^#4gIF^0%-LjSeHD)LXJya0vhby^72M=a3vn+cll}=N8Ftg3e`~hR1 zfe0|noOG_5TqHx_D2yMwu?u!@(d7f95&Uy2Nm_c5R^BpLP@n^YOPGn!FY917mW?lHla6d28s zMhFOgB?zwkN@Nr{g$=&(_Ut^|n?YK##*xF(%~-;J5_T$%;sr69Jq?}z%ZfjdmGNo; zfr|0M1`O3Y2q#Q>dTxDrDR$ut(Pe80u)JetTHlFjF;XV=w%(T}AcUspUK$Z;+|Bok zSON|PfHB4VC^ft_(pyqBKpm=+ENeHTqzBjqwg-@wznp#J_PA_V<1j=1;O8f-Zq@5E zfruoorr4l|l*M7t^7_;_sA=kGcS=Djsnn|4d58g@RjV^g9DhZb`#=K<`tai-{TaAL zFfh)~ukD1#--c}S)c+=9zRmkm>%*V6dw;3WXo-Q_-^9o$C||g3dEv_Eb)tj|4^itD zt8QNas~m+p+w1G>w}9v^w6nfbEZ%^(@r+e+B%Qf4nAiW|lQ1SAXN!_S-}>E9jdk;K zxe`MyK(PeS@&;o^qKC1yM>Llg+EDj@4gjf7USa8Oxy9RDwBF)!3J*y^zA)9}S3oPo z_BtC435GH>~q_fE&9u4?{3S|YLrBgs%K(?G_2X_3^Zwz8P! z7J?wH;nmt}wzlCpGPD%y-bT4!3D;fPPYR)U<2fDpQ`HVYed9Gu`+bq}A@GN#*rQtx z6*I7IS@bwpL4yTt+pZdOam%TU`763{DwRyFu~MyiD+3;Z8s7a#KsoabQ6%}P>9Dgw z_4cfnl<04^LoE#OqR97bxk%}@pB#8a6CD;tPB=vNX6>h8l{-PfPzHyJX|uyz?379v zNe-|x=?sgs3J!iT<+O$;tH?whe}PNE#Pg@=eW{&djJ(0+0I=Wi2N!k*tT*^k3snUU z&Kdh085k@URvI~CuY3+s*njtT zNg?dk-PYR7Wr5%QIkZheDzj1vDojSu9lRdT5E*NiqYntEdVE&7fD^sZOwAldfO@#(-t08v1y6%o2U8YtfXrplpJ2l04TrShE zQQdGo-olmWxx2fA7}AGxzsdAM*ESst+DSJlyqVtg^-dkpV0=ZpFyBYQ-|&2CacCilA|1^%vVDW`mqUUD&f5>|8XgI^J zeH0-!P_^yoFwdk`&*`g`R4zH{DlerwGi z7HiFV+|Ryux%RcM%^I#irb)SXC$;kBq~0^SlsC*szS@Bu514gI?Pm;!r}yW}He80F zf~{VJNy0vS(AmHI!TY9(g(J?~G$!G2fEGU6fbP2juy?XfkYJ%NU;g0qkzv6A#)6$J z{$%}MvHUA$uQ327npK11acfaf2N73Sq-=Q7v9hRCV*9L%0k4p`1WVl$@=8m?!*wexlfN%5F80jL zIc679z7Br6`L^s3OioBhx^=?v72G%#5x{9TmR zP!%UuRQW%(wFf}`s(!Vw#v0N(GZpg)7Ar9nu8IhE4GD-vA_`D~&B`NLE^h#G#T%_KCV@2Znq$NtT;V6^12NU6CX6{3Q~dk4D2!O1wA7YDuy z!O*4o*gvOAUX#5i6%43K4>0H##D zLvcKVMZ|2_@LJI0IHa6Ml1{p@Sw4WUwbSGKvt}H*1X{F?&d!s~2?B1-;O58iI+?P- zVxBMcscDMOZyikxK?w4od=fA6twcJ5mE^ku4#JuF?rNEOq6 z@#Suuk2@!hd-OUM4BFnZj1nDwABgS!Yb3PU_FX3CMpwAcB~y#*mj*12y;>>*9&Ipi8Me1xXc zz&w0pJ_mU@_y0xR|2Mh@U1{W%8@+hr{1L>Ier-kBG36bS$;SMH+L#IxtM4CYNZgmD z#%b7o6PUf-3|sgtG3q!4z1jMcu(5dukO98|tIalSSS*C>hmu)N3IktfMsY@^023TS z&87#bu`OpS-D*bxs{@iBfGX2tNQpzVn%Pa!N!?G>pYB(saKQ-4_&W>HwK%JkL1~#3 zF?(8$brMDQ^81(IaKKH>DUoq;%oTAc`vl|z$Vrk&oh^A$By)gT04<92TLI~KOCbSy z_rIbD&gG|-+RdM1UOpY7Cr!#za^CTsgIJ^ElGi=8v!jjRtUl}!XOvBqMKo+Z{Sqk8 z{60tA!U!P61LMf_W8%j2tnUkeDUl2^qc#tj4U7D$_YFi*nEWp5SYuhj(SVHR##!k& zW1EyQFW@=SKcNu2m#t3k;UZvQ9m)m z%p4MFdzuwx-h1Ps>f~|aRcP#72yF52`u&z(HOH{Zr8z?U+O7znPm+i@@7C1oi9=-} zH3{K_Ctl>)zk%+#<0?`ki46)kz3jO7iF91rB2kJ)iFpmX^CL1Ng$D)H)otCiPhI*qT?R$RJijUy0<_A*jh0OB zFF(?@| zAUjF#uaXv`r8|{&AWjPb($^%Oh7e}XvVw>GO7P(lU-ZgzV~Q_G$gnlKVIYBz&do*6 z9H{~~-DX6v&z;9GF;C?y8E@)V7{ZU69CNQ0IURPExv-kP?IqHVP|uOG-)r3;&9>+b zIS}f(W{bOJgSnqGCk>g66Zzt*z@}xF7|x_;5>T43xZU9`vtHbwpV$6%-Q#6TlOPT5 z%2cX^zBF#=V8Yf@F|Sq->-$Yifc3dxf&?RqA%$lhwrO@D`}AF++@Hs^eu5_C8gvLh zmZVp$mL%s#a|V_HrE$66nv|CiPoCF{>;t9f*Ed8pHALbTW@pIYDGVAHV?gHtpwE>m z6TvC9UaItQuibeeLpZ=HH1+TAQFd8>z4@YETerPw(!HmulwNL#QK7vUC^*TWQQ7ho zto2MDfK0xNV2H3ED>RSHYXc+T@phJU6(*%0C1Bf_5DN!wLOlwSuyF%qhzh{rav38r z5jF!{g=k}o7+~l0Txd;)Kcfu2oXHw&f_c(7bi)7%ZHnn%l;q0kf>ak2bMX_}z0>z8IE7MWn{K%xnN(V6FTy};SP9I5VBorNyQ7nGGx7vd zf}f;7IQ;SooV#zk`>oV}VFuw&y{Qf~H%xX`8le%A(^i5LRS=A_TtW~(PhUmEGA&?3||6m%n`soQ;cYFRtQQYQ~ZlcuN zqE#Ez}Jiqf*%7z$|S(a{W8i$b6*ER1Twh zO%>&;Z|DAYw$YObyhrmil%qKXMrVI(Uygmed6>VI#d^tu8o;LaftN%9z-SsuDL7+@ zkOlsI*|z)hp}YBB=CbN=Z9}Sd(ol`1#%xXkGM=C@^&21xfcLZWX6L7o zE`#CZo1cT20mO({;58L?Xmaa?Riie#AG2UY%=E9@>0Wj;lIPuikxbvMJ327r zqezDewrph!k_JCFyl9WOpkj^Pv0Y68`by#o9tkPAC)F8(JM zO4%iA96^SU{Q4~fGWk`Xo9ezeTQr`4n5A42;KQ zcoo%h6d0m!(c-1aG??DaxVS|FWTXG_LPTH^zEVd&Xs%3RjbNpz2lSS8yX?t;(s6VAl}lx-;&y@h zOqA#8E=I<*oi*_igl38jo6aE^80AMZG&G!W`04;~N;!5-*{=~`t8dJd0=`JeG+)ir zQIbkVdT|;L)~ZE>{_M2PcwW8s4mf!GMlk>xq7bg+hqqAxkP74rLp+9x;LcGTr3JgE zLMTJ$U1zk$c_X(2Og(~0&%3DZD8_Ht5)Q^{OQ@NLmJd#!2p{mvX6Td~Cv!Osjd)pL zvZ00`w#GH^hl&L1j$TG?l4*Ru*<|maZV`lFOXFB)+FPmW?u;@Uajje$2EUKu!BO_- zn}3`=26{%niGmDjQTnR`f#LEo6nMikzpz>7ql&j;m}`_^qqmUOtNcE3ivntLV*mn$ zqO_iE_TO%uC5TE1F5LIrg_B+^eSYh4`ugL^as-gyCN`i9+GasdWw+LGjw^-%J_l&Z z9X^c=UIADooQz(+E-$LXl8eC-}A}yTivEL;V zYh&@^ZH1%QnRXM!r4OTqq`7NV69E|m=?(&TxzQ%v3LPqMXL|4pHt!8_0J^s_p{sY> z&yAIfK4$(&A;pG;QUY_qFnJD(IDp#11%=I*Vvawy#u!TiF(KqACn?qMu%GL&B@4YN z^7B=2THQoOH2a$(!&qk@g7AwKS92*I@}w%_oSL+V%5Q5`l0M2_f}v!V;f2HZSpUlf z2zmxg5(lBG2O_zmOqA_5CL3#*86ci-5AIeAO4V|`n;;DUYs~O^$Ep(QQG)4 zj0k7$V%eUONd~1Vm~NQhoo!AOk(@Z%2tNF`!4g>t=KQBgUwu*#RA5+(9}@LYb!`NU z6|WUi6a2Y4(*$l4ZYTs7yDmtl4gD-d7f7Bt&bi^s(=dIVzZmFo= zIMHywu z=+T_U<<)#F*KP}`OW|*JU@ih+g#sOb6fOZs39h&WFVMk7EUz^J!(M?-|KxAn3nT-0 z?sd4oeg32O+_K=Z){d#Os~)|j*9ES0lk>r1~qh?Y^sUm=0BHH6H5Z`LyFwgkp#2Rs~!5Rd7FXbh-I zTOKT@J{FWg{9597t@yK`dLZF*bad>!@BS-mBP#V0Y%^098D}I!YgQ72j)j$6)%*P^ z_CVVB8Yhj2^WWF%0;Q6BlIA}u98}-ni)F$Y?1sbGb%h-wZ@n%L@=R*I5&LpKO9~g| z>a~?88q75y@N|j#5@RFpgF}lPY+%ky#x3s8#{VEIZJ6gCoPl4E9RT34^%}Rjog>)=qWg=&z1aD?&hll+4K0hQF0+PS0G!Tywz|F> z+D}d}ifgy;&GlFc+`j6=Ob-W!R~WxKVI2TQ>Q?)ei+usajoh%qq8l{->b2P~SIvj~ zHp;N|LD?5%FPA{AkJ)w&3Py=IIFk@SAyTr&DFa8afS*+4Ac$AUkQ{DcK&KQ5tbqsh zLZIDedNB5kJ-hzeA)T~+${O&?SMcoD)ea-C?Lvge&3)9YH|3{OMO<}uvFK(`>w12D zvyXh(&poeog+r@Jlf?ULq*W4L#mL7exLBONK7xg@^@=hJ8KTjbb%uLrKf~H9Z&sc^ z(F`Anct4^#$hqE`gZSNLo_4Zr9qP6ibAm$9Y8IEe0s^Qef4ncys+lMf9$QwCz7~JZ zftT@qAM-QP`xLO&$(G_K$99sXl4SPND1(Nszo>-`B=$yxK~+YZG*iv8-Hu4>$*?4~ zc7MC88$_Y)#Gh{NWJK4S)Gx$b_66nsCd!iFCt=t~$gIE|-syJ^F%z+?YsC6~u?^|@ zFwJN~1#eZaM_>0;r9grsEne5F^yr+5XZ9N zKQJ3>;6~NvdQcGJtN+F}lDIN+_>zYbtyjJq2mkfv-dbeJu=a+IU^9f)@FXk*KNrFhc*il%NnzacZbujiUsaxk|P9 zOMUlblKJ@TH%|qex1iPG0K>G!@rYIio2smS+9=$eRw@jurl~d+SYGP4cCZo6^}T<6 zM1IS`6G$z%{(37HB>qJr6lu3!utu(6wf|vVX47%AVl>+Ka6W%%(0rm%?|$0YrF_Hd zdAHBAuT>F0duUK-RGJF~Ybgkz-rW{N7!R*X^=rrAA6}>}o%?@a1wi z^RdBnra=R1q*LcryMKS#$_UJq0}NCPnPHldu_V2tf#jeOL#a?H3mBVY`zfWzc7L~& zMH8Fegk;NyCfh|ymbdhA?k|PBC@Grkzb%|`8OZ9=XqcS4yXNS92pWmF#{Z1y_hv#@ zkFo3H(Ij^l*54@IBsmu}lR-6`%z+cV=?pL%{cHNXybB z*>$LBvC)sO{{=P41|1a<6t>8~gPkitzcyVOpKE%Rhi7_Bz2%$T?jhrXY=Hk(qg9FM z$Ks57kkTYHupnapSGLc`8UFKiaufp$$C=Wtkg^T6YBiA;S>AU;Zm6iJc@S74x$gPw zsKLh-bua4wzG5&DOZVTxHBuZKp^kiG$pT5ndAFaIo&js@6q^d?JiK4bJnN~(r@85X zovm$dq6YJ7{Ymg=OyFkhwAdL;lZ}%i!BZl85NfhpX6#nY(|I)Gwr~*+jWpWRP!4a0j%Sm2{_srPq~(72g*+yfD)mE$dYMJ&H9fv? z5l*G}aHxh`O|nOYeJaRqmwM?ICIPfVsM9EuO{UofU@YL&+u_{ORZ*8_3+&NIbi+xL6Wg7P438aTtVp&8#`~|fqB}s(ZoCE?#%)A`LCGypg)r(D zj2FZA^XotY%nrR;e9Jn8%ksn)5xC^T_ilN#A}tcf^Q`t!z($)!5K~vTG*BZ6H(ZJP z30Mcfn$Jr1p#nvi>M5g9I68n7#PXF3oJ}(iSFp)0KJ0>gH;eatZ7lVrLEjwjySHAp zQMA2}1T(Vr{6j+Abh0EcDx5xI!sxBq8x94GoQN$$!1Wrg?L_Rbn|fa+aB{YfJkKsh@CX6#?wmUxuU z+2cvcoHX(tI{kOW2k1*_Tzg;jj8AcbQopxiDq<@%DRshW{%l zncDAWQJSP>I*g))4od>{5+xSSuSNG%DEJID35J7Daj5C%yw`UzunxtP>WNXD;7;}8 z`M3Ct#q(}aIPvn*Xpk|(*90@x+Gs&>FPB^s#mn7aig>(jYe=9fiq^NR&Q3t8(0^FI zdPe6@fkEv+y@r`a**$)5Bp9I1p3zP^Ov0Yl3=9gfRQVm47|?${KOfX+uscn1O)aEF z|M)wZ>$6^a$!(YX&k~@llvmnZ75$e<_38#i&<@Ys%miU*(tkcZ4IM_Yb_l};k!&QH z{rOTh{nLr80tQ(nYaF#kIwao^j zk1#2JZHHJu-!(Cg<1AW|J2jpw zB72Gbvu}Q7(`T*35DSuVI`il z_haSbL;OA3qfURdqo}-EHS5P?hnASRA)9z_xbGpK-cKtJfzAlG)?0MG&#q5ZMRSFL zjl5@({nR>tgQ1vRTjsOjo8^AnkZ{MbBI(dSSs9I?a-|DWO6vfd!M6_^7I~)r zwZ0C;sp{X%ET9kMjO>FLu;hM3Q_yKNP$gE|kic_5b+^OBg9FFx4Mka0A^j=z7wRzS z^iTZZy*1{pAfyTx8}@9KNObQ9q$x$7A2NpN1UE#SvX2F*=)PyI3K>FVB7wU}#J6YC zt{me0WuxZDX4(xnZx`$1$6l-Eiu7$CqMF)=mZn+SmO}4gjUQW z(l0K_l7|8d8*Bb}M0;E785$?Fohp)9Tu<66n5f9m%4tm^B4hU%J=paj@2y*zcnSFl z(01=rAbcVnuTh2#v(6+SiKk0(dG+S=0xoB6_q3~s=YC+I?3BD?u{vyMO$APrXE!$lU8D_&-YoTGnY znc_-BuTkM0?g(;kkHaToD?g&sQorc41@!{kB=aR=e?*fFdcpj=0NIUD{3sW2iVe9A zrJ&n8K|3lDSHe#LTFZqE(ZGwXcIuPAw${QKBl|%m9mp)XJ=-F(wJ# zIbipRmk3Zw|9bMDnxO*dedtL;y!g{(`_8!tg_HRjP5a#Jhr`-%i-^t3{yrDVd1^gP zWiULd4ilxv5{7hW@b{nH`5p{0R}(bX z$9y)D72dDFq}1(G{ig#Ee0YhRQRXw9+MGL+8JIT*B4Ox%lB}2eD7~ySpN5nZOBBI} zHbMwjVh>aj!qcX+RF|8M{`3+)>Ctl)=CiqD5AdN?f&EV~wA2izvZgThqGBsl) zA7A%m_~(D#N(Di*Y3n-ntQWrDTw`9X@Bt+{f^TFfTmHzhZ`h;dkAPG5et{FSYsNOI zA=%hgUC-U3;&RSQG4bsZ9*TDzAGrjMw<^-i*$_eB+fF`m83oMyFWh;5+cxkX{dru8 z-AkGg0|k7M?BSEmrTh>t$$xMDKit!WBZC8@D^oJ=dAcf|=uuB{nzKHpj{Cce zU-|eepeY@G$kRO|3L!}U_O8pL0@7{)u?gX&<3Wq=JU-+&nwnn7aJ{#Ga9*ylTd#o=^>pveia}E#32k3K^B@YURy*r zKGEs{foN^;a?JQoeu}yyUX)Xv`z8w-?))+Jobdm2rN5>Vy$e#(FJuvip_&l4me6Z> z8n?v{9HK_BydQP#o|bJBz1X@tCizWZ;!}ubt}nO%`rezns$2P)a>K1#Y}IXj_F+Nj z`Ja+1-necziC4Rhb8AOOuMPR$e|4l5C5?HJwstfYxHi^|{Aumzd!?>Ho=j}&aR*bU zRYsBK$IQ(0fShnktD{a?{~cbvC6oK=WbW3GRwG6a7AsK)A(5z}j34r_*e7&JT{FHb z^qb4?>V!d71)R9=aFC-3!51bqO0fpr5Jb!yV7=B*D#vq>%Zm^t4F{b5XUI=b+HsBx zzAV%a?NH2qq#sVr4?;o@3>3hxsZ#`njPN+`Q*%@jN^bkttH4K0DP*|MAPEOtmLTpl zT(FTIykk>>FF-7Zxmi2Xl;N}5U6||o3W4h_WL++IsJHbCZ`z#pVp{SnFC*lszF0}x zUm@n{eZPVl1qBdy6S$;yb0R#h9zRy1ATYLM%J8MayVNjiRd@(6q;iSckAjR_gM|_W z9dsUQZ|)!VFfdrcWn#A&D?kK}wrL&gU9x1L#@7)IP2#IP%`%t)&%np$Jn^rC3U4A6 ztAV-8#Oq5^n(_EpsMr0rKwV>F%ARFba7jaFz+uAKgerWR$dg}LNz5p*dM8;a)vRTc zEiETjHCi67dCjI*LVrQ^BieaqP?^n2ke?rZx~5>zXxqq^S@A|1zNxAFi@>Z>eMaF; zz=E)s+!}s1)a&mencjXX1yh$(tKnVAA5YH*P^0biD^Y&O7wCaV=)KY6YqX(OcTH}m zi}(md>zmcnUq1KEvi_rqrlIRZFRphcHw=Tb#Ax1CecT*xY(3j9vGZvrr-#gz>qJ|O z5aCO{-N4^o%PnBUJp=iVuko5qVlC2$zAnpzdVPHOKrY}})MF^~2eWVWp&iHp{7eXA5Bqy&$SVvO$y>?oN&0l;FyJ{N*n{GXx(caf@0nFi zYCX|LbBhtZ+~ki(noftz3hbq9`hgA$l7wS5(STeK^>eQM14;zoaBYU>C;@yexYE$g z48s>xb1bWpmx)ts$3iM`bANd$Z;{U~&4EIXnE6$~j*G6S-txiYa*&JP*7%j-+k zw2*5tFImpgGH#Gdl>@E_rnIDm?Jy0y`eYPFP+v&nd0r18e$pm!SYmbfGJ)Nv9N%F1-L-WF9A3YxM}Z9 znjBl*`HetlE<)t^_>vdpvuS&YCswt1V4Ph3w|kSN+`Bm%+`vE_)9|(o6Qs`Z`+97x zcBO?@MyFg-IesD3%LpCzmmI`hGF$FsSD`$$W3AxPKh4k80<;l( zCoOD4MkHukTU_2cbCp^Muzj=;P7w<(kD!G1z48;;^L%0(mW3Ag4z3> zvvOGguw(|$fc3ip{?(cVbrWt`vACEQp-NjGNQU=W!+ETS>xa+5L3J+e$9u83)B-=J z76sR<74VnRy^VGBXgca|FM0 z(Z+4~(?JQdPKBN_{CEAPE<1SxbZ2RPUIvbqF)WY;e)A?7Xj>M=46;{AZkIG>eq8K@ z)2o=9MgbAxx7YrJJl%&^d;Pcm(+&0-h^)l0GD8xod-*PvM@|E#WpT1VsdXxcCgU%k zyprc2NVyf?Ym!I%eT{?iL^u>m_6i>?&CSHZJ)F*)d~~zu{HuEBuvq8pFB~C6G^DUV za!z|QV%0$L)zsoE!biOcl9WimrT0}ytKzeE?`D!%gp2S~wnE1Tae2D4Eb0b^k(4pX z&}D?A9PD*x0@YXHf}dCD0lJeRN`Nyo20}GH z(NFAjOmun&lq0LXMD^IVh;_)4 zswZ~#7}O;@599hsO3SN;@3L{h2P8DzvJQJQF^V!f#J_iBLHF{kh9nAmN@CkTI=W~; z8d}X*j89N#-ZP@E(?U)Ylg|W<61Sj)Eb2c76`3}zZIY|W?AD8D6=th6!#g@Vwh(4a zw@RZ1HbbSrhW3Y^p$^2^Wa`fV_{OzliSuEKqRwYUpIF?X! z?sz?~Xs+9I@%AsJ#8|d_OZ(^{uZq7d@z|(7{JbB3k1pL2!vRXFUbBhiDK-=;^{FEr zjx3%?Vbe*JcT?Qlzgz(F%>?JgsB5?5>YtfcuX}iCkWgrFbpY>Q#;LWB2}|QJEU{m4 z=ibdQY4^Xk!`d?$W;#8NL|pcLe~MN5@N)8YtVQmGw&5?1GDBi+SX{{yA8gWW4kq`m zfXlf4*lTI3_zI|i#XRX^vro6gO4^ZO@}OE9!{}6rqN1z{RqBq+rGF1K81OP&UR{5a z&$P))sn5cRuSD`RdnTQv0evID2%QaHvpgE%JD#9>N%)9;5kx>$|4<%=_V@M+yV||& zCb@U}U9$U_9+L-SGcl2ApQsYOu{Zm&YM0RXyY$=={TUsCZo0IR1cnhr>olH;izFkH zxwEN-q$1$xfF))XnZ!&%fn>Nfa-e!(&7X}7I;`@oWXY9yfqbUFeW=6xZgHoTso_x`BzDmp)&gp#rXPBqJ~-I|&y&H^_sk4|rZ6 za81#Mj1-R>PY5J@HH#aa#0Pufv_J&XICL_)M_-=StPt)Tt~HE~fDQ*)gu@BJtvD(} zN+YSHl8obNUZ{GVF=w|I!%Z$GI4><3V0jtoUs{isS5ojLE&LOp2yJ>uxh$NGIb;L` zSUP2{xc9AE5~Og&*fR>EK)?$;F0N?UQ)JvLwxAYFSky;&WHeKp)mtTo(3A7Qsp(P! zlTRnuls{F;xXqI%m4F1ZNcbDO&EGE#H-9(~x_H8FoZ3aw{`Myw3=I(f&G5p3Tfs2> zCOZjEVdHm&8L^FNmAc(o3aKnC1Ml_Jy6L_4>WYi!zXdDSdyno7ZZMs+Ndew7WpeLD zIbWU*r->|?S#SE70GJQ2=@UJvO!cD$8F`G}f|M!9FA&g(UV zJh`G?ukcwi$<7xlb@=xAS{#y{cbtg8v4c5)y7lRk7t5|m*#a-lRuq|}trUG&dI2Ln zUpn|g>i54~fX_~JWy;~aPuGDhe^<*+El(exNc`(0`gy>24A_{=6qi?}bt<^^tyj=b zF&o9??(~LGVV#HK?0Su!FPpO+9alPPS%oY@RZGEdO-oix=63I@xX&jxDup4eV~S!0 zM6GY8;ORXc!n=BNtzaH*<>RNPxs$p>SRIaH62(gBfGM*d@;p6|??Po$hyN~3f-YD$ z0dd?GLXHlz+DQ-*5Qi&ut$66RDqxJH3uRl+R4`cTbQ-=m^*Sz`gqiC9yZMSJl5p2X z8o*a(%fUw~lv` zYum7rtk77D=V=Jnlk@wX$8une!LB->o?MoL3#Rs(8YWAN^F2a^RD*AqsIy2Ysgl5J49FFXo~@krrP*~k9GRKgT-_Cq-sUJNe*T79 z`@YHL8Ts|pJH%Brz{dO2L)TDj+1N4NU3_L124 zs|%RvcRObdYzw?)x?s+_dQy1XqgJe(!KF5o#HQ)&bAK-2ByUvABFPvqYVOkRzAM95 z^%EMdn93m${dUkZ)zMR#?Z~lA-(E`QMgDQugSO~wN`|iZ_0F=BLIM~K4ehB~{Fun@ zwU%-~7RTjAM9(Q{bAMw7bigHkp7yKP;|uxIhuZZPo&~nSbXqvo;WSqJME;_1#Qbbb zIl242KO*1n=iI8ko6Tg57x!lCT(x1Tik;B#z-`xStA6@&wTd=EzT;o5tSe$Idzi56 zvi_mGPa&j>dgukqF&MBijna~ho%q3xfcx5P#+dB9Y=^#AL{>egh|>d`v}&~-_m$xR zHm9*Hu}|f*pI@zTpZ9492?+^$Y$1{HEm)F@hdU_3J{FIBT^iqY%9SP@3NGH3m8pCUtFskF@GzPBpZ_U&4bmHG zl+H>nP!b(_U02)`Bk(*^y`QiQmO-zitYFc<@r$EG|`e*$HvcNj&N*29e`slE=SHRNY5|}KuHnuCzCT-=Z z^q}+Em39wX(i7zSP~r#EgWo`7xI*!Gvj*}754f`5fYcV){i}_K0ZY?~KE?Cd`}AU> zG$OZp)DE!_3Kd|Ngc|}L{R|hZRUevV3*+{DeG-sDOr4-^BBOa7rMhrD|4l6kI(S|=4D#a`=KYceZ-zBrELqZF`3u*bpm_(Ot|yf+HL>lLVR57Nat7715AKw6 zp@=9@+?Q)M;%AHbhUM;rZ)KB&psDoq-r^NL`xP1n zt!-*bLN>(W!je_rkF_VV@RNy0??}UfLCCI_JZo#r9)4S;CEMn8SK|966WZ!FrJZp; z4Ebc`2W&jP3|c9<^}e;3r*7KKk6$#mQC462?$EojFgq!?Iyadk1&5m1@4@As zzgQt#p~`G8*nAO3fqsjMaZ?u;OpwTU4Zt%t2D0I?nk*$*X^ z5weXdxjl^za;at3^G9YF)^eLVNMpyT$1J#s3k&#jy{R7)xGqxK>w#Ps9ds7N*LiIu{a6;7EecZpE5F9^=j$w=Z;hsfXYhTL zh^H2fOPHPQG+--2P-gCQ>Z>_w$X0)fW`X7j zvugd@L6#3}yd}zMsQ}I|WqB_`utjNf;=CDOxcj3^YH>rWTqhsUIhw}g9SV}gp^B{A z_rn^B7-(_qB;Zf6J3UU?13;gN!_4Lv9F}{QV+9NPEE<;~AD)Cot8WEN)io-bd%4*w z$h(`1<%pf-0hG`p^r9u*qs{3iKnzjZOH_7@@_eVu&K1zsB^Pmx>G3@!g3DI$R?=Hq zjy_vU+1}b?kTz8LB=uOr2Nf}XEx1hxz)9-P72_#i&=nFMPIwS<3jz3_ALY71>pW+l zd!{oQZ51{cV+(&Sc}%sab-xuD+e?Vn;Y_6_Ty0pZGqD+Rci!j<*!>yn{g*p=??Ldk zdDkXOyI-?v4R!dNG^R%OkehkHb!>d)N|Q<#@7$NXvh|{+E5DPkwRe&us)|735BBWd z+F)~Y|GmgH{yTfPY#j!rZ5K|yu_K^Y8)7hNFDSylFfZ(Lwv z+ZZT7(CbInT@VBu@Wtu7A6qnM&W*Jm!ask(Jpmpve1 zx-HzjxVFQTJC)N~E{>mMOYK1Q?<+c-&SuV7l=qnt#BJb6;*2?-FHP|AEIIrqBp&xAi$}=8vO1PCL(6Lm(3wzgLMG*AHIw73bY?WmEhP!lNA zQ;W5RJXi<3a(qRGli1GwWa)`dtM0`dwq1;yB}D98wf2Lp?qn_?!3$kRH|F{!iH`k~ z7GYRqMW2TlMp|wK$N7p^FYi0!H~UXj7BJ2CZecE_U*4Ubo`Q#hcD^2%Z!hQ8_WL9< z8j+W)wLdlDcggYf^%Yw(@oilde5{%xo+GE?#dg}C*pM@^1JfI#i$|iD_kGp1z%IPv zhP|oDJ{OV~*Y6jmL@I?+Dsb5nmYOiZk(zjp~Yj?T`B z8*k^XL;`oTDva3$J05Tm(aB@umAN+`WK5oe&hLLd+dMd+AUQ7=B9ScFZ$c$_^r6Tz z1iKG{)aG~$!-&rG%vMF%SZEz4OFeOG^Jh|~zih_W5pR``-DFwLL-~r2mm((rT75qJ zZng?OeYnY>FM3@!yr}})c4Z2`&FEf2HEvO*5*vA-WvSOg$A2u~N)1SuJ_TB1=#~JS zB*5%}=wDs~K@cWD_n7g))fgZbh7hG0f0y^BgV9I4ByCh?DIvZrasRgsLcFT6?>@*@|L<#6eTn3SJ-rq${l%aM8 zsOAUtqhmq-OdV?ZH$kd=Vk(w>MQL(T_l&Y19NvpN2*D zy|{b4#sB>Y%s>~1Yfjm}=XlH#fvkrRlw@hcqR!Y}%v+Yt5(@=u%yFo&3~zC_k$vb2 zB6K|BK-~GI+}?Yne7k)@^iw^fjAdxE@OQ;C>uNu4H=$00@v@Bsbw(zLg^>VFPtk}4 zCL1qD4Vxb#m~SJL=EMZRl9o zD8wp(NgO338MHbJ-2+I1UbjU6=W!TtpmNx#Uu<6jp!d_(>94Fdq0rW)F9cwh1wWvU zWo*rn9ygwprbdTZx5pcOQ@~B*n6sn$n+adpR{2s=&IzgeVRbji6}4IBdOr3St2P}` ztjsQ1;xB0NdB(?^7BU;cF>znq(RF?;ypoo$)OeP7><5C3sV71A*zmzTxtlpV1oR;z zuL~7Jp@?D+q^idd_TQhNUOFTY_sM*L<>T*bG*Rx1cZ$D&GHN*OQ|ZlzE|__S`hdwS ztHFNhjfs#b_3f;vvO%(a}LuGl~C@uE9e zg>2Dkmugs-#n-E=U}3B1KtTW&_>g39{p0E8-`b9zoSS(=#-kM(daM3Yr!q%k(G=o2 z@WBb0#wB@<$1Id%6E{cgrlGjR>=fn9m0b~Ly$xDv&pG!V(<;1DQmYdVz_cVUp@&Gq zZzq??=RW=ST?Kv)ln1Ws8w__W%*Oy{p)8IG1JV9gO#cK0_i4){C0k_<=_$bC9yJoN z+s?9b8Z3}Cq(%iB30NezZ!QMlF4x#1wLI?fuu-YY^ou*f+`&SKm+$8_a@==f$ipPy z9Zb-aXN!E|VH|+uFZf{#=m||+K!+Q?kzl~&oA5}{QAMSYBpK~-fL9q!|K3cts*(q6 zusU-g317CFm9#MSDZps$N<4r)Y%&;~NDVqS{%XEvfn~i%z&~im$fxEKfc11CPHH9{ zSPlM4sxP$@YLf@A{>WQ{k{C2nmE9=POm`B0r_P_cv#{cWXV@WQB$C^JoR0qbVK~pD z+5Xo@mme7&M%>k-OZBgRgA&xmdG>DhM+5+nf_Xy3=*%r(bDy$?H&aS$llKJd+S&Y$ z?v30Oel}$J-fyjLZ9ZIHL{zzACJq$%dOb&n$-$LEj$K?aP)cYX^JaFPat+P1k_G#t z=a?^UAec>yTrWaL764R(SaO>P1OdEpQRb%}37X(X)4}{_I^wc$thPFpTSwbp7{G3> z2>;UIYiMq3?R2*HP< zt?GYQf2q-HNWa!P-1cAVJq4_{8UPW;19HwSssstZAc+4OY-kxPWX$h0xC)UE@j_VvV=TT*L$;JxZ?1(7oB;YXz zqU|KdDk@(4c%j#mr5c}NjHxzBlzQ%aoDRu%{;zAYKoAJE`fCt@_GmETi3GaXO*A_#zY z;q)yu33wMHA%Q84fD-~T&S#N{TM`z=b;8|r6V(E5Fkmh@o#&&s%6Gy9F_ZHFn0WVa)lW#G!3rhBr-%vYiOXa6Oz9f7T z;nXb;dP{D=3iM~4w^El+@7|??wJkwsvA{!-8Cn0hxg;b{Z&+DDWMzN!tYUK(m4i2I z3gO!Pr=j@&xa1lL3V{51dDQYgnwA_Tik~r%b-V+zq6v{AC1l!Ebw)Zxqju&{#8b5v zW&^6*6_+kuR;N=ZcGc{G+$6v*z4IVm>%J9*I=FJqD5)$Ez?ZwFByIu0=(glrAkF(Y zpl_YAQT1UAxGY?FHFZrylG_$u`l~Z92z`B?`PG1~i|#zlltexscp^VzCC}w9%$m*` zkc6MB>VII(|42^)O7bF0qSq?`0@E<_*gQInjoo{RiXoNhf+7v+A(2=`LgwZ!Q8d=* z0AD*89QG#KIf7xz@^3{V*)F*RzEd*+3KI(@cri={f?T6ceu`g{ zNxS$q#m6zM{Kp0O+p63I2rwNmt>fnA2L(W$C7CEZEDZnQ%y&cH!~RZIBOp^DC@6zI zKE%4PKep(`gZjs;vcbl5u@AWixu`cOP)6e;5Z6}K+1<8O075tM1Nr;#xJ2?z-=BTtXyNl#+&_V*qJsMCtApl%WNrMY;r}hGys-1O=p| z!9a3o1Zkx~0U5f#XSna@`91H?@4Ds>F60_#Ugw;>*WPQbectctWr1D#RH^%M54s`X z-lE?fEq088#TOq^^CS#D82|zofv%z4N{3LpF5$am4`w44*a-xpn>|mRuJ4AyDUF*C z#)+_d!h(Q2g-59yx@0H6=w=s&GLE+xQV&dqibhCG8m*((dP4#=x?xyJ@@fy5p{5`8|yP`|m;4v(mVBP1P7scb&B$GNj)+@&*N=I;4$3~CdL`0!CO)+ngh%5%}>Q{s^xT0|; zTre1di`DX24hf=~HlSV|3t-27DRb266!c*6Ye-Iv*dX#qpSPtF!505V0=DA3b zEg7IAeF1noH+T19zw79P*x1O#c)P5O$-GyO&;I^n5>GAo$2kISUKCo zdVl|OSVZ{f7{RDrUndViC+hQX@B!^4&u9wG_vcxb=LLmfm@W0osDS+{e(>TNb)!iB zkR|-#Fu293yTipC){9@2=z<@v&ZL4U|8mHhW~$jdZ~-&~uOPN0x!eT?H30rh&R#S6 z@Qnn+p!upBmRUfaOSU#1r zdCJaBooUXz57Nc5R9@m}L-I>ZGSz|jI6Pt68JXTn_e$*yQ{!FkUr#XGn8~6M?53Ux z-|H)*A=T~o$>#5uvLJ@Q4Ep7_UE0_N!#C~B>31W^tZ`M7ZmeZ(kKsact1aS*$B#GQ|O|&^ySzgv%9mp!l$rfgU`Av6j(!90& z6@o?sIa6mTjr__Oxj-Y1sJEzbwPe2PyDodT2UM5?qo!opm%{_*xYCQ^P^?Dm(WnqJ zNG4Zq^78WP)jrnFkhZ0+lI+o0`H^5{KfiTOAg~D3Xd_!+n-}(*au`Wv+4)I=;8e^^ zS)iB$uRO)PiRhVy!;b@KWA#R-{?P7-yYU{Zk9|}gQx{3fFcItcmiftzrmW;8(or4% z_(3Utt}wtZV6U^TYAiP8d1RsVP92-}5u&0bzu(%x) z;HAnT_)Q<9LY&W)8JhnNdPp!1K_?Ra|FYtOpnb_-+GKV7 zs1tR=-X+`~TDciL>b^H-$ShJ2oOYTTJeu2LdWxrwMT8IczgfGW522b=WwPBdM1r#* zuv1yMHQWXr<3`dUa)Ecr6)G127sE_qFVC)7cc%w``SRth2SmNh#&0?fXPQ&7f_87? z8@Gd2;nS?9D2?tIUG{(02^#Y$rg5~?pw+}pKXbwfX*_D9tE3e9nd{i|Z18-V1Kdg{ zklhflkC*Ge8P9_x@3sodhs zMQZ)#dE9{xD)H>{ zxDN>8&I#mUXd0qu0U7Y#{Vs#|t-xCw-MLeI(|r0dK4L;tXGk4jnV4`Clg79Zn=fAD zU#fV?HH}XZMzUJ-oIU#8OWBbcy?a%SYL$Pyd;6dH470uuQ|j=uy=&c4n8Yu3yo)$5 zgRxqnFSz7ZnlmfA9e>>_oX-p1o*U`PD@u6*mb7g`1$D)sk|fHSg`vK^qtI@Av%K_o z`AupG+%k4e7imVt#oU|2msN9rs`M7E2%Mtdyr|XYpH{BxtK$V$;rGKF8mezJx}VRs z)u}z>Hwc-Kij_ETvt+aG$&e>h$tv<$oVt}E6j1FK19+Ni*ehyzHrdodR&zIxsb8LL zFYZ~*L&)gq{V8v>r|vq6*Xyeq4$mMuzw*D1r&nNANyGGSdnP9lbM3yGnG-HZ84=1< z@pvaWHq}CNUypp0vA}3oJj422;Gx|ZJQp_KRIakml`NsjYtrhco>h+={3MMbEhg)o z`*N5iZZQbPR7YKkzeyg_EI3#m?b2M2h?~9Dx%R!C{oH*Icecrudum6*V}sGhFU~WI zJvZ_mpidt+tWjf*J2W{6$U4xB)&achNm#6H$&)9#peD^6-2~WarPef^8^0qb$eIu# z90oTw)2%kkmRnJSz>p+zE1sAVMDU=VdjR+UG#y6oegN$zUKQ{c32>j$7E*y|@Lq)= zhH3g9Wo-rA-wi|cf$d_02I9>&(t;!bF&=d3S1xcn63dtF76XmW+T$h4;=?5_D}k`H zRxYjAy<+RLw;(WHOm#hdn*ia;`g#|WfMp-$8TTQDoJSrUH+U6`S9dshIQ`2f`ZNI5 zg$dR&AY7}@oJO1a*VdCt@Y1$Vefg|=v!V_*rxdMTUqa*gjH-gbNH@k&k!fKk&7^?b z$Hw7MdlwhJc!0G=LQjd`8m7(RS&!9k&C2fSkubukGFot6?c6Klt0owA`Fv9jAqB6cM|@~#NGTwh(rEa& z{-Xt$vTC^<;9~W(R_#}{LM1}Tib>dRBxtWve^(tBqTAmb+K8!%K_c4Q>n`Rrt}tyf zRU=nMWSpyP6rn^gV5W2+jSxkMyP$><>@fgX2q^J;0N3BCV+B2inBD9*M6!$t1Yl3X zKCRJ%%25c{Lp9Yj2yTp;%n0a3DtBjrs&HO-B60Z<0GcWw8VQgK_*{a0^Qe5Tk7N!C z&2YEE6727yzG{C6B-X_A+$Y?tkX`2{fb5>AqD}lp*F-YKA@2DucV>xh35wU>%V}e4 z6^6hv$Yk(91MR*Qwt9wWzC}q)8uwe%VtSvp9ib*_ATowEmY4I)wtMHAh&mTaZJ+hK zqmOO&Ge(oTG;da1{vNxGB;}II@zq*1QD1TeO5?69s0|OvpIBiEHgK>ZmHJa3TTMB= z=Vr8ZW~oK&l}K&X;3aE=kM1fQ|2X+hv-U_fNX?I1zbQG{!-&^mIFD5-VDCqaH;FFz zP)ZfJMmc62EZ!6&#yatu1x38gv|{deqPNeQF1{>Y?@t#>a-MHeU-*^?48@OR;?A_$ zZl!UP91G3{TixJTG|ZS+Ui%0fQp4R0irT$;oc0s>+341w%t2p^R?OoZ@J{cz-zqtojiEm`J1}L=2 zBtx}ST=X;eQi!pjIrU+wD2r!%v~^NIzvd(na(s1OP6+n=a=5EuVnu4@k<|JfWR|th zJ95~bT{YJ55gUP%pKd;6G{A*E=|0l{B4R*>2fF7zEPby#x(TPL?eKPfFG9!;wj&EK zD1M{*?zIAplpYy$l>eh{(?IOy(0)INI+@04P(I!;ls3>9=>aueDBQk)hWqL3SdHGL zx%nS-_ov;K%?c#T;rzOIl0TF*tc@=2RW`jgRAP!22xjIb3~#q{VP0hyd+t!nP7 zBUXWrXj<-3jHOX_5`V0c4Lyt@85!7rCt7q(w?PSF9FS&BMd9qA|Gr$kH%7Vpxn50G za%98$n_Q^ZhDsVhW3|7#H5M*AOFWt~4(_^x`a-D<_doSa)YlXhgVd;4ixHDr`-d`@ zBCnn2Thz0sJW@FmnwjsZ8>O5QCLMavFo~%H#8}>FN4y4weUDY-+i( zv2FGoxuy?nA?0^^5Wk*gByK?6oagF{+bDJ;u#diC&5%_k$_G+xrhEh%s|EC$O6Gkp z?DOL;uVd@7vC_4pMk^f+^SbB4{n`9!wAr-lW6OcdJ1(XH+~c0?y|0W&mJc~+i&V`a zdxxbpcC)>n+7$?KU#{;?T8h#onUr+PEaU-L5Z&<15YDS8(@UTP5&WS{7=cGpkS>uZ zAWW04r;Kn~59-}c56h)jNoAMR-NVOrV8rxZMHAqY_n9E1a!6`tK@=A5m?r2LogCr| z;)3=FG2qEQj{c)W7jcKwgxwKP1pQTAdg;Pb29&NtUsRadWmGRzMZRHLptPRlAJcXu?Z!joz<*)f`F$~%9 zDeZ2<**xnc7JKUP$x)*IV-uio;OrhA*6xL>NSw467PM^McWQJCcyd?3Q(kG7inGVQ zX~b$UK&sU6G6yY`%HL=vo;LN}33~S7=xaHc{4Zk)qYGpZQ+af9 zi~pK15K(T7l_&X0BNI0*6sQa_Rf6oo9jy-c^Sx)*wd?LB+QnrlMU?jMTlWK0d8j{* z(Nl}Oddp!w7YyWQvVHgLaaCtO?hf7V&0%ha%3qu&&(}p5CBlpoO{30O>jrE7zFg{f zigMUV z`9$~Jf%>zaeb!vh@28C(lV6sjYO11!96d|K$Ds0#le@Lvi=2%9V~6Ge(toV*uOIoa zepy>1x$0Ydq9xe7BWGhkA<+1+H<{rC&fzgC7b`uUMdr$ZuKJ>tR`OA1wvD+$|0Is` z4#wKhzvGGPj)!G+-r!eu!J{|fDEj|R2BjEcC^q$HgYk+1g9JF-{F-4SR4;_!klKd1dJ(DNnZ|#{g?r(}7A9b}oij>#1QoqY(O!!PJ z($p+Wt+?p^d z;glOyCQwLx+|9j@sVKmk3&bQo~6n!yM zuil%KIdS=L-fQblvCuIClf9rtu-_h-DN|-x*XEVwu|C>U_tMu#kt%cbqvfRE@n@Xb zLk?+9r>0sD&=&KdE3xFlz+)lrs1+B(vm7Lgf5ulS9LOlG7lAuC>DRD4@2>4gmZ)`) zm4(9v)VZwXfMKb$!Vn*Yhr6JO!6X&m&EINAB`5ZJ6FmVy6?x8D7z{5>hJwC72|i+{ z-Pe^BpM?>m6asuwa}bB#z6r7>K#YSv4&$)~pt^|R@X|8hO;z?Jw%R7>KApL4VR{b} z^0bRkp)YAy{K4{W9bCClPb}lLY;c=g_j`Eg+!OzYbE^8u@by1{MpIY*B;WSXLsSU0 zmfHGvPk7y+>8j8C*ypR3#fgUle7F%8L!e%!rMwVYXX3vyi>v`V!z=zOwP)|E%w8`1 zh%(|AWP`b7Sig92f40rl6pRGfN2fdtDIW1rlUw;hPV`nT>{FqVOp~0=SL#?;&kL*A z>vR;J1KDDlQWB0N!m%KnEL#JHSbYEYP_3BmvhZ-RcPHT;jVsEVoHSCo8o##%{!VVwog z^bdubt}ahBh1h~20QPeujZ?cumNze9N8X${MD>%St3w&fj@>3j!k6y98lVvYXWM~x zTH6nWthPML^ea=zczwM$nU~cxjCl=n*f0V0E0%VZJ5w&GyZ&r4PG>-fez? zT@@1Km>y@5ZgrOJbrP^sDM>i(R9XT6CKzwK+;K%PyJye`{ z0@81_vXThcvX`9Ra=ec99ke}4r^-KffYa0l4{|gGqNn6n_)S$Hh%yEoUak|J3VmNL z*8MT`;eAFJDoU=~4;M13XPRKQ=%!+`0zUu>e&H#8Bb1-5?-Z;UB{n>Ip{t;B&m`2S zJEr0oPMrx&$+Zu(39(%fCS>zjfW$EP=FaIRKlf$J+=#Xh(Y&Bt=1*b z<0hs!9VYo%{oX9+yV39AQub__cXzFxIlO^`?i>!}Nn6~yN9ZC*B^ZPNkOHI+9kb3#J zJfn6TsiBcB9Zc;%s+IY&=L>suZUixH!tw|){e)i3+FVrxnff8aEPG|SR!aeyaLV`x znT9SLR>&AU<#fNC#J?y8>Yv2KYZXxwzgKjVsb|HPn^FYkwJXwA6_VG+H%|qNKh@dx`Pkt_ z(`uN~noYZOaJnsMuQ2$O&C$jrQ%)dkYj-ujpaHW0asve)Z8{5nM@W!7A;SEzoXsN0 z0&zsZV)DKsObuv-KwIS$R4vdg-7IYED2;1!HU-R`*T5rWWBNJe6@6qpGbIqFW@}2F z%9G6^wiA3u04G%K@qXWH`5tuo@wepE9;u`0nS@ItKeacV)porfu#>r3ENhp)`_N~- zJ~qHFloS84r^BFjyW=WQRekKC@pLE&1U;!;v3`a@i0mw$;p``uU5bUii1&NE5Z_U9A#Hc9e8PCsCE8ocz<4GO%ra~6u) zyDa?frumE>d|hQt*}L4vk6~2;jEsy1Nt6=5Y!Qj2e6S0F^?MG$g1{+q;r@pqL)sM& zIF=Hm!5tr6tkU1~9MhebbrCj2X_o!ci^xFQ@!0Zj&b}m6+P1x4_#qxb_H)&G0rBi5 zrXzg~tM1O)1vCO`?93>P#!W~@EGZ*4--8{r{ZlP&K>HE5q?A<8^t36@yh!>D0NkKg zd|zD#hw&2~-RhPkurc)5U~%5L3cTYLdlub1+P8@b5LFGDuE0MejwyQLC~-g$0*W5c z87+rC?uITtSA0}coWjB``BEhwr@w}U4|MeX1wUL{Kd6#y3`>dJ!A@n6F_Iy zMKGMqqPF^hmR}`Z@=3b>9Us7LS!8l6eLF+pk^M0=#z#!*@xt&3Ai!Qnx^Rl`e^t1d z;4k&(rhWW#@koQcjQ~+nai*H}R>Zs0%y`bMee>Lr7*I^c(sXHw%fb#5c|Zo4JW*#q z@_K8wm5-qdRLy&}H>m{S|5TL|md>FO#046&;ytU525(ud>4Y$k?mj!VnA-|mIc_Eu z=!L_+%JXaF_N8x2*6JeFfj#q0xAdzu%BgnS_JSXNlIWDm(=;<2h7Fnpk= zfN>qa)UD7@(rf9#RE<^q@NxeWq3E-4S{dNz+1#lV@MqQKYpn9^62{2P&uOI7?}85E%0Uu%WQtFjQouGK=*asZn*pWxkZ6 zK^CRn=fsdCMp)UUCypR)@Q*7W4_Hc?N8K^~7mKu@pNfxZVsnG%Zp4M<1ctMglX;vI z*YFxwaKkPDh|Nv6uO<#dHTc(mlSk>jvUw=jy}{~Vdys$Uo%i1GhE%vNJeZ?rq*ypA zaG~9d&3tz-HcOt<&2%R{zH5x}S?6PpjUBmjZrv$2x$c&|thtK&IZO^4VJHkjxhH2c zBSK+&#XR&92mve*kS*|JAW@#&rLv(!8g%-v z=F=rhDSEy7wG-0tUhH2FaWEJ?rCnML@a&J@r*j^^vJ{wv#y3POG_&G*n50B!CuGc( z+c6Hvsbxp)COeE|Ttq*~z;9t~1EP{7 z5)0*?YcL=UwXdQa3~5PxT$=T1;z>)nF%g5+ui(`V_r+A;QR(bPXao*I`W2^~f5cNq+fs{0t^yfZ6%qh=sdj|Ul@@w&NtB|aJ@)e2L~ zAt*vA9gpbg*!cc_gly+be2I7dyHR^zZa_f0_51T=sOGaX%G!AJSbLRsKq~Y z(T@pq_4c%9{=2kFhf^(;g$k3VH!FaH@_)kFI`{sG`z!QO)PaxupCxqjqZ>C13oj+O z;?=XIQa}fb=Xx$Me2ngMPxM=M-Iu>Q^emsy;%U1dy+5Qae-jHwPw-Q(XVa93AN-ln zZCfe!QZ7$fI;K=bpG~1+NgwZKG6;EfHDl^VR6d{S8cm)IIw^dxD}A!F-lE3UH7 z115Q$%PQxHrq#8B5-Mi5YoU#H#PS+iwl=S<97|{#>9ZTxp^9--jcwgsC%a=64>RGV zh)Q1GuVRXu5*rQTec#n*$utM6;?5c$P)yt2Es^c6jdbc@lKm8f!6x&Dp80IWLacof ze6Jv3YWazoAN&bxmhMSz<|qCRMvqv!$^d zRyAf>77r)6T{uv_`zfnk-4dhJ-2&9ChGpy!!TK8J*xuq}oV90Q(}Ix(-(NIa-p0g8 zxFs$|T#{ISY4$*4U|>M!<<9Odv!bG++l!d9>|B9gYhVM?Q&Mt}b^-RixYY}E2Wr9K zAcPqb41IV$+i+{Py@bO9lpbsFA~jAltKSi34xoqRE|A%3xQ{z=i&hko6u;>!IofY= z8uikSb0=9V<-Y7)H8NN(Qd8Us_?gpbJ`gQNC;cM*ftV2RN{4*g)=f@aQ&G(N(qo@B z0~&sh=sJ8~i-~|%RD)x>AZF`<7w{Pa@xbAQ)qbk#CxLJv_-j!HZS`#+8qe(|0U8>U zEm1N9n>Gx!y*>AI1uR7_dmbMQ?@haL7>!@=s3eC0XmjNOT~yks=9&*2nN`>*3}V&~ zI(Gu@hZ;{OIjvuQHcFw4?^}afzBXztxb|DI!+NN3PfR9)A`p8jOf7`~(HI6lCI#+7 z7ih&*k)A?o$+>ehX|;DY>F#i@p7~NW>X>kenODDWB;I*3x%PSu#YnZMYB8l=BaEE0 zwO5I+Fm$+IWCaghlRJd~H}XSCu(5EU8NK&5fe$XgD*Lf;HI3TSB^9%&tjl8jK~6)uOfvOU z=vPi9!Ze7%Htb~ihIS$?w#}FM2jO_2>0(`-I1z5U=lnfT;RgO+biv=DqVtOZ&M?Gq zqc8zN6^O0rSYT{tD}{0eHG)|Cc316fitv#V zO?KS@$(&Y31_lN(8UJ5`(vDqMCh|NsY-sN8ZwFwvS_|(Y68Al!_5XWm`M0Te6-@L) zc%3&+Tb|4)uDca;8g6BwAGEV^ucx5*^^%qE@%>#|UZ<0HSe@|XO?dMDF+b${yH;r*bOvP4y3k`A!DPZpPjuQTy@q2asgdYB0}0VcHxp zI6eCK<-rU7k@GYjrU}n1MyGfjmvuo?WBt_HZ{lz9#KZ10osb4Vq5ZSqjHMV-&0&F( z7&q}XhQbAkAW>jjXa{bFT$ONCGcf<*Lj>)&JYul1|Eu`=q(jgEWZAtsVW?y;q5IJw zzCQq@Jq~Lh&;CdCWY4PiJ^d$1$mi_!fAQ~)pK5tXRAY`GrdBg6u15Rs_ewA2_KGqTE6CpT^b3E$B6|jQ`fq*nh0%-6sD^g1#hXiU$7a#_jKsCdBmh}$C zWNN_LP(omBA#nTBdY*CX&$xt_MzJHwD77c6;EPl5v%qZbvGxVVfocU167@i~^w&JH z7!&LM=XD>8H=%8{+u65Cr!;~mP!fSu0bP{D8Dh$Rgo*zNYqFm_aR1Q#S^rZf=!Olo8ZXz0Z;@{72 zmVJB=11GLt$||7wlDN=m$q0vGc*H+VORUF!_?iNFop>i?Hi~2$c~U~-{sN6ekli*Q zqGMp~Q*RQbq{St}R9$@FQGlvTl|^6^=dE8kpp7J7_S z#^N7Qu@?!;3d0`;+IFlLQ!QWy?3=$==IPbF;dJp5;q421Gbcz zvhE1EK70COr6Mt z-~Qn|I=D^P(iDvC6#1nb z`kp{D;P_iXDV;mZu1yV0_yC&#yI|^ZcDO!*4nzo>dh7K2m|hBjQ6k(}Dg|eM;192% zv`RAc5WpUzx$6&Z;f_7}`8yx%EmsJ*rc`cwVqQ?3Ul$x6*V+;bG%Rh`m{TRyA_88T zlZhwzkC5}fQ3?p0FnTvtE$}w~#$8!qkTA<^xbNS+qojpR!3hgsClSa5#EzFKR~YJ= zCoAmY50I$RPzY=Th2^UdXAW`j-69#lhuv9x{SLg#nC7SA?|9YKo_TrG5}a!ruYhat zJt)VX+!6R5IQsN8<6kOl3*vIXVyo?~ph(fiCG-%%noykB!FQa-Z7RuUZLbrT8{+?; zCn@{s55~ID%=0zu-+y7mh}02(T(GWv(88cXORIg=)OfI?!SYLk(KKfG2;~nrfbMz* zj52~Y3gBjX*-w%n8a>f85Q(Dz<`y#6K3|1oD8tUY75X;Djo!k||9eU8=kKR--B7kL z)M$KoQni_F!gi&YTBGBmYAHJ z97Y!tkyhxY?2qL=B|T|U;?I!w4C%E=eK9%=(qNxKjb!)SX9R7wdEw2U>+8y3t~!Az z$1A{fD0y5h7{~#p;2^7F_@G}=x6$r6YeWc{W_3_hufyT?Bj%rfGTuqSz^S_+u%xPd zDo(j0;1mw`vAuWQ+}IXmlR6yWIF3k3DYDyLSONvQ{hG|hl$AhjUc>nvrdSb7Ip_V=_8u4Lv z7bQvh&Z%FScFk>LW8~KH4?*UU`-y`@>Rq^1ZXq3BfO>W81_aT$T6DNbhWYYQ7Hihz1a z{D%Iv?^Ywm0AlfTayCM2S0)T5iBRDktA3yHk4lmlBB)W%rGXdR!3s{3>v4fM00g6V zBgq832_P7moMZC?ox{o*78E!48j$S>!<;KTEBA^Kz9!Vf>-n{K4 z#P4#uv8+zcrsXC?Fh?S$@896_zey3m_BbhpE4jb$opdqBd^o>jUn#f-H15^eP(qHh zj~WC5nOZMaL%dPA5Q?J~IZ=@IUfF9OD>1ycxub6CrG0UBU7rtT)0>Pqpnt%%T8=Rw zf27svzDaN!iMEdR8+O8i2$C?Uqy`R`hebd9#DWXe14CQGP&^8*|_Y|hugGf-vyIpW4+JSnF8fy0>IZiTfE7*Fv z!?dA_dN~=y9oQew)la)#`9s`mPjOXjvvcS{sJ|Vi=6(|J*^CEMh!M@1L2uzEieaUt z7Qh;_!C(X1dN689C-0Va15zhqvaYE@V~nTpUDjc|H+{l3undYet9OJYNd+@8J0?y~ zP_6GP??{1*)#Yqn0ll&gNM@ekd619@B%QYsV%VkseXS^h2y(nhWpl*|5W6eqxTfBMRYeqh2WdF0F6ZiWw&2FcZ_ZJ(WFzR93`d zz+OA5YPUNXBT(pCtnDXEDI3~IQH`b7%$^Dt2g)R(mBEugevLOJ(sbJW*0HlCd^2KL zVQ7;RVp=((dnmTt!|lbe)KkZi+Hke$F(+_Ku+Z}kN-l%TJiECSB>?%(+L5>ym`Nfko=w2%a;#)e0_&e z>q$$2{jGr4J*4Y6d-&-AW=SOUz@}RkB0xxm!Pm=0Afub2Dz-@v@e#xT?~@<0f$k|G z#(?~p%@Sjwi;`m$fao$~I1WLSSvbgBlRThE_y86ZjJ)iX3e|YX$WK5Nw0H@Up0e)lYFd^=GKX8 zSk~$f{;&4iIoVYiHHC#qWH*iR^`;WqFN%fiM~7qVN$nS33u~YBz#+^$#%-xa;$tqF zkL~wX=Eq{uwb9W;=bnF{#-^sD$vunqeJi){CYG-4#u%F=-%BcZ*+If&RE$6bJP4J<9f`A2*BNPgW;{h8C*P z-y$STdY06|`faGwxaU@0zwPXaGrxgHdD0SwQ3ASBYB1lgPd9nCaPbPdJ~2dZ1ziZyb8 zN%nBfOn~e1U;r~>fv~Bi^L;q#q#|yNwJddMLG{NsLg|%H+PS3tPowCi0v;Q7Sk*R=a-8V$xbY+hKRIV^i@4MR9J>KfhklIdjTNmJ>P5a=0iB=;rtL1{!P}o%M9br({+5JyB^; zTCUjT{_}{qgm>>&T*$n)W(or1F4Zjp&6Bwd%D8eDi%_3&d>t!$a-?o-{_r;nkg`4S zFsX4se6GDsge6pdN4By3wo|5k{AzbXlE_6>(#x6j4B#4nuWy+8?C|iguq;Kzp3iC+ zU1?=o`>eR_tcNov>t^p}W@p{{aZQPi_-xznAaL8*(!?kdTp_qMo3bio_ahANCansV z+!nY3G|X>6<&6G(ukp9SvN{FKIJw-g{jPdWnKHKZy4&=)y3X8tlRCU*REnweU{8*4 zSxQPgSWIjFdgnPt85s+ofRjBcp$Yti8inry{7-c@UGWiRv(#!gaoZv>Y=%@?I}@J_ zU^6azHVq*#8vrsNL0}rk1-ClBfoDemti3j0UOeUlKW{Mq9C-$6UR{s}z$iPz%sL<) zPKI7egEmIqG;xm%s`fJe-u&$UQ$Ox(vKgC+E>9?rnI-e>1e~UFjgRI5(aJRJKVzc`qa%l`;ZoFyP1=4hqL_pQY4x1X*>fPd40*NF1~#Ahr0k3qkP58w7y)|Gki6QK@)rG2rbgBSHi@6E znIewzR)Gi(`Jsn6uSR-EGv-f!6C!X<_lKSoN>nq!=9*6#>YQdD`zrb5beT5#5tN%Y z>%2*YhG`%~GJBJGDy0nX3J_78WQaVU;?3ROGk0vddzVYA)`-BQ^?-Qu7;04gva~iq zCbm$-shyRNPqWPQU7}ypd=R9A^^40)gTlP`bMA?9p$l`#v`E_oJ#X_YO9Z=%v`L#A zPIy?D)+n2&(%DEhpsT}Q+G}=cn8B5E>FEbc?H9$Tq!CZ~`MXjaMfxD)m8SCTgXzy1 zVR6Uy9Gmm?rhTm+;7=ziCX&^2A-!qfR``?XgE_r>kGh4(ePW2Pqf{}1EYOvysY`@& zhN-!LR&gPiFAc)ACJ5I=ayAQdzt-q*pDBZV0)6-k)4i_&`$Pw{ayU7RfS%Ka7bfE2 zUNAsqwoHGsxH#ug4;J4iJ_+u7n{KhbzhDA5qSSaXaZ|L z(FNc=&oC?OmCj2$JF}|5;bZ#_KJ1c}LCEP3j;qO9?UC%fR~YPnlYuTUSlSbAP?BPb zMm1GN!wSh-r>+38sJ?<2?|NRkHaj`MuW5WXWA2c-Fy9F|uCe=8EwA1AlT0}Wr^MvK z7tOFSe|W>k%&>cD^(Z|+cSOoF93^1g+c&Z{L&2M_-j~K3<3^<#drC}~rkpbaMp$)r zzShWYWh?I540O&XXpc+i3ZxdyF{z7#J{@2k=>>l7;!FXHPE*P>7nLuMvl(`n#_aMf*O2*@J>9M8`)!ViUO?tb2L!=={X4A=6YB zu%h05#{c#zGTOsAV~Y)3T+}(Q2%23+AiqLpkP766Ndw~vY_~xdwDCT?0LhfcFSJVX zj#4K`0PleokCXFgOPa8ywiis~paD&q0nntuah56~7S9FEaGuw2s?*t~7Yop06@-fK zXPuqCY=pZotNLDMA%~OOK8p2t4>)g1Ur_b)CC3O~;BIe5ix$u>kSsY#$Y1EFh^<*} z=ke5h$z3>CRVt9As8^{IF19E7|N68vgk{A^iZZ~WobY*S9SAF zyLvI(yii(k<2!v`Cy!%chjApLMyOyVKJ;X$s_-%?UM#yBRw}T!)MMpvp>BSh#iZ#r z#oAXqbMjB6$T+K~UTh}DU|T9^-n6&35U!ZKlbxMye^HR4*YZ;N`0T(ba42j(U_6I3 z8_ZPMmfe^utmJUt;_Js6YW* zXE(_z^glw(~UUn3REj?1D)d5O~u!uIi7P)}V*M44@k)h$QX6Kntc9ymGF6oDtfH~-dd1sYHs&x;F^#|_i)7tN6_IuuMd{?T=Z@UP&7@AVWY&geh=q)6sq(h^>6LhXmj^-Er~ z%|kiPP>B0>aAC5tp4(Kl4~{xQa?Wm|SS794ntQyDcq5G~$0CQ62I4+*q+Gq!xHWS* z;~M0)(yLBPKT|l)Lrq0jsr9Q8%w$scaWjV`^_98%c(PvC6@8dY%EGRZql~c;_^#&e z^)+b2-kUXU1woZ>Q%h!nLHep18UxjP57UIGmrFQ5ap#IRIVx}O7rDh{k;yD2dT z$Bdb3sv&c|%4E-J^^MsqAG2j|xP3{z*E$!MA<`^a`NauK8m{R0#guP)bz~wNkTkN# z)0TKF+2SF*z6`V_++PzB8^J`wGW>z z)o)e}N2>$V5;x5GHa@cEVdr)zFblbwzQE4ie9|Hzwp_|C{dZM0SL2qzlrP-k{&k{K zvj2Ae{!@G>(tuuGk5gCG6HLqpj_F#Ma0<7Db}!t?R5<_iP`LEX4$x1ah%Rlnd4Cp_ zorng>Jm;Hk_VDJZ^6+Mk%;WG1_9zJ}3JM|QfG|D7(xF&WB~%hs^5%P9GkcojF8YJg za&i{YcsSsGe&p)CGDkY^-g!Ci!w|6A;lmnsG}$tFblkOlQ-u4SPVYwYdT8V%0nBS_ zM4dnxNet_iExakxTb3s9+_J+}GU3e&y|E~kjWIpej{UayCiqT4Dd z_!N_nJZ`kzYJp^aCs@UJQlo~r{XI>YyHt1r{iTC#oR*SUvo{1z`2w$9-uKk+_9N>i zQ%sHcAcx%fC~At7J-ANUjcOy`F1mKTmi6cOqQp{78o9tFiDGKy&|bpwpzl)G@9^2= z>z0hVrlgicz{bI{BERis_ol^W*7rQd&#TW-8xH_n*7SfxmYYNMlq)f{)e zO*UHfV4*zQE4qr-8Ge1)sp(GRW4M^CAv%wsx(MN}t1;}@VIO5z*AFN+Yc|m+v8fvT zo-s!6tWWsG5Le)usD%jnNV%(m{4uk+e(^u-=6U|Dh+8|ADq`h zJ{Ma~M_+2>c1*jp#f%YVxV2U8Zw1SUZfoV7zU)-|@gYFn#Db{(1g}4%{;`}Kw%68= zknr7A2rsV&t^{-Pi`59yl7fl8N^1gG??rre%iG#rop{~`ugy1T_vVA_zw0gGk+HGz zg(u%{4JeE6(cCAK_~`OEY==3;SBD!W0AG*)^yyQHlVh7E7U5eZ*|cC(ntV9QP=^b4 z0Al;;yFcCNoh@DM4kV@XH;b;-o3OIA#ZUQ0)!?C~wwz>1T;JpQIc^n>4{KsN7@3ch zyeLQFAZDfLc1$4N)}QgRTSF-Cj*Kqody#R&Y`kY*-=Yl(_P@cA0{tyi9>LRo8LPwe zg0mghVYtdOwXn}HpcOmzTNS%z8GQ1iJ`MC@f!iAY`$iOVue@od=vfru0)F~qZBP9+ zHk`cpX0S20HmKSv$65^iRBuLZ zG+`#9(vwEC(C_#S6}WHx#_ex6&hc!;4kXTN;)!6rz7&3SH~TZ|Ln^n;wSQH=eY<5J z&KgbeGt)X+D_@TF{p<(jsrbN}B*mq6 z>(pDeS<7D9RKPj6Pv<`dYQNQbipr8Epb>qqPtU{KHlcYdu)_G9Svp&gSv3>w?=zp$ zm-ZK}YMydfL(?t!(vku1AkeTibB}=8DqKySm*$3ga0%g>G+gZG^yyzB^$Qu=m8L|J z=id_C4(w-T2w`(~g4O7aohv+_wv#FGeUfE6#JSFqXNXmQ?=j=(XLA0uONBB1*c$?1 zBTayfbQ{EzE_AnBtMhcNPcbpzwa275 z2*m^1kayA1ByI0aM2|HWK0Y7E?rSqEJ2Pv2$g`|@BE1DJVf3CJSS>twQLcCA(97&$ zM<)#)ji4gqsJveH8B?*`inun!U4|RB;+%gh^xshM&#DXJ--p}dd3Y&<_#n%QZJzTx z4pFnhRhXd9HSf2{$_h_EcJuJ)sCEeqsrSCM%;SUGDEUTm9|Q!yHeXG(Y-z>Pt)l~) z*5uxl^~#e1rB5T)^W0dSs1&w|%aeP(Der=a?hX8^Gknth*X;Cm_D;{t^gao_s zABxAu2DN9uR`+`cGeyr|_mFnkAiC0`Q@OwMF7HoQ{=VT{4Z( zdR>e8dV!ejZJuWB1|{vYqpyU1JCn4_QuZ|`Y4h5pZsd>U<@4+()-7QN1H`E|-75i;0+ zaz?T%L^PV( zNvr=8|NnE;Kivc$HUlf$Tn8itt*D^)*kX%|jcYTkVn!TaBc{I%PvoLSWh97LVp#?R($209tu_*-dR5hYIw z!@mA@kuGE7jOR*wI5MV6?|m_t!`xfh?7jIZ@+r>9T&Bn(smJC)2uW7*MD}$3U%v@2 z`|UmkgUB}j4$9jM;z1V-E!hW8N_DLNPUo7Y%v;+XEZ=M9y7X{!>+GDrj0m|-#Ce-1 zV_f~+_;Ic5ijDTCe7oU=BgftCbfKqeuU+ky(@^9Bn{-)Ex7RYB9$j2WR-1AE?s3&& z)c+@YFz%8I-w==jp}+)Bz~znXO4m#*h^>UUl%TE4^a3CJtc`1CVZ@7#*kXb=%Hs;O z4|_1yM3j)ex~FmxKXkFsjeZHjOR`iUQsLHhf#uvEQXky;%(BekjBOnb!@q`yml;~7 z?-jm|>()9KIQM%URrmz&V6)OMYT3LU>E@@t;kmUI_<`14exKg=!yMzWmCbcu*NStU>s;5}*@(1Tz5B2?mVy&){6{?}nyD}YY3J`GAee7r zku( zXb@=VT*H{YaR^*rFDARyvA)F2Sp75fb@xvRkR~;SCHZOQ@R-Jwuy9RPjo9-p{ z_4)g~u{$ui8a*%IZ!i(lmeM(8yTmGnGw-F0_1erp!)(zY%RM#(x|Vq!A}V6{Z@*@++aZwD`$+WfyXFw%yZE5&d?( ziVHVs3)1-X;Jghj#uSH8Y-=#4KqnA)iQ0vRPHd~4G|5mor0eBqA$p`=K+%FP@nBx5 zp)BD^dN*zouWT;2+_U)0Q;%w-_eXC3xJgeJ^or19jyZ)P~sE(Evg z&EaWI|2o@ZQFj*OR7+ounsbm>iZU)Oq_*i{zLOKvS^l}ugOJkl`T0G>CL{`(%-D7` zP53;VBI07C^xYJOf2AFD8i$o(it!W+gUrJ#>k`WJ9gMzelu~UqTwK)MFh0Df!nv9p}fop=?wGD zUb1YZ?2T6b5Gh|noBa@TN9fjX`%mI9N_Z*9lO}A+J4!h9*gK48))6Cnnzd$zx4RO^ zQZeahp3HNizh=EfF3?hAV(CDFMVchOWyLgt zPr!@D+K;;cW|0qxQ$bn}2v?8*iQn@Z{sr7_oT5sS-p4Tj!Skn3D)dy@!{ke`EB@Du5$~gyo(Vyavedkai87<*2HIhov1481K zVmJB8nI&&zu-pjGRS8s=%&(?pL`SF|o20?VKT7qDl zHEl}^gYss0M1)fJgJMn`}umU;XewuF2+;`GyG6q#7d*anDoTS=gh* z7Ms7pM&iZ5APw>KGWC-W-MAqG74GhyBhV8_KSnNiLJG<#L@pTZL~D0tK9DXwh?g!+ zrW4cO|2owus0KeBVRBnD9+#ebYV?rVNCvVf9W_QScLll7NszpL9mkOSAs=3nNgc$_ zqYimKG@t2}fIHO(G1WCk3j%OrS~?u!S6K8X3|Wi|2O@&HmW#%=72oi_P*(y1(sXZX zyq@v=9p%u=v$M0)=8Dy4GHZXVej_p7UG+G)qN2i0PA%BraT!@W z_Dj-U$oge^1Ul{E=E|0i4f3*b}B?P*bC#@YcD&_B~Ud5qs@crF-fTRWtE!pUjQ z!FhCWg1SOE(Mb?S5Y(93qEgZ%o3XPmtFB%dd))B2nnPT#Mn?J^snJtx zeOx}8EI=Tr-uPp$$U1KFl&Ikwt|iPhb9^xxS`1xUZ0n{@${o#KltRQfsf3;c*)Fp}*SQFY`W%jLH zkH~tKCd-qHGGQuwD&sTS_GQnPa%`(EY|wmEzCvgMtuv*A*eWGPO-NvDqL7&tjO{}M z0{pWhg8Zo4_8}U#%}*TiH#_u<#$kS#LPVPTn4?qceilcmwo$yypTBZ4(%pSF@WikC zvfw;_ni=+l#Wc#GUJZo`PnE+t>c@sgpZ3iztMH5e-*H<|FOiJD18_AW0*u*rMI0%YG{Jb_O;u2 zBgK-}uiJcNOOpDgd*|C2-C4~PQVXQ@RD5<3Noh3)9K5hY}Eat|Oh+4mzHT_`5P}Q}h&j-syHJYiLl! z#lySu7bLO2ux>#JKHNVSaFLuIc%$59j2ofY`R^pt+CrDH;mr7kW-KoK*{Q)>e48?K z$mI&whjO*b{g9G%`k2OR&8T7$A6#54bhs-dpmFom(A$>jfGM6HkBQu={urbrEOjA+)wctXi&Tcq7JH+mF11YQo3Egtu&*$+gB^Y>ReWRU#BP@ zPsC0$IXO9fU)tdGpZrdQn%A`G<(U#!VKKHS`9qHZL)*X01F&wAGqO64PAu(~wfBF_ z{kQwm0bP)DUuBBwgi!S2fgMVF6d|RH6vvj7RyksZ7#41RR6O7jn$;OyR}`)Y6wn9Q zzYHLk#)Usi;}-Ucgy{SG;fqbu26Yue_!k0VWY8s~i!??BQFhmLccmfdRKyOm{qzVw zfgb;q`0F}i6#auW3Lr9G-is1UFcU*3X&r0@z)C|PQM?V77W|hnM}vRH)C8Yop#l_87av+4%kYNf*GBs^k&N`8`)CgFnLV)Ap}U+* z>({RuVti}TPrdb$;o|3@R_bxu!EA=JR|H3BiSDk{M4eKn$iC6wa*p;~W#BWsq)zZ~ zgPAXGOs%mmG?a!81JC`*!_D;kYstz9J~rchx=ktNWqHSl?D{*KF3HPxHU5z_wHwW_ zJEop`h^^4EnG~%HJMGTjw#b`)8=F^rBwbp+!A#vAhXDISq+PACA%{BxBwfm}#eChQ zNp|LRcQu0|;Y-|9|K=oCDj5wlLttgc54qqnoeStaO%D4z+jlN1U&jqismUDS&XX>{ zGrK|CbSOXM;y7}#yC)bg3#p0kt8ki5On~maJmjQHwsc|*+l9nVI-I&}hQiT8Qg=kr zNiq71;wK5>cjnjNf;!PLdF0fI=XjrmtUqB~%1xSm1?wR{Ing76GH4k+e6h7$L9~n- zzL*WIF*|JGHN62 z2CK)f{AYs&!Kfc|ci!c*viRkefbGDxyK6d!WeFq@U_ylSkCdR>;`Zm%=nnxMjn|Jd`*^3c zme2B|Dyd*z9${=;0CAq_AdUY_O>Swd)%Y0ep*MTMkYy@H=5y*wB!Oaqe zAzdPQ@nJ8|<0ah~mu2}kD9M6@+>_wIb}N2)UEnB|R{9+7B1em1{wkFS4tSts z@RGdCyhlh0Hm?DEtNnyB1>)%$U{8NOeiS`mBY8M~?f#&yBNej`qvIqOIngo(%|Ttc zTW{Z$B%fV9^20FvLdr@k3~B;)Crr;)4Q zt0?6Be!eTYq>2!xy|N$1Tq|@zkWh45)Q*`;_FwtcN*Ip6o4eQl1X^HnV9RCVX5DGE z-@u=EjM4y9Y$zsR*N%)`4Pra0 zW4}$*l0=;%!zg^h(RtOzyU(C(O=n_!ze|@ z`<9>ToA!}YaH}BP`(?~b-LI8x{iV46lv{0P(K!G)eJO;z=j;_d+V6F15r7Hj_k5Xw z#kyPY`TAh3jQ4~jbC(Z1)953l9mnpGJHhlf@_?vr57Zumen(SF>lvSyvn3qwTteFS zg8WSy2k<`{<0Z{P@52ouF0Rkr zi$Tkz=iqg%d=shwm993H<4eUH@hIW;4VUvz z!^~Fl7^bwl=%fNVoueIR z#%mO!NBR{EEZ%zW(_fIAm#gKVfkr5dj#`FW!2|p|0k4UKE$gnkT-e*3 zSL$7rKj+k;ftl@WFndcJ5ijIF^QoYq;6p{fJK$aR=sGO}jGV{0{h%(kaSQFA33PJZ zuKKw~B*HyC(swz%yW+hDfcdJ4;ObmkgS_Yws@S#wY4Y}b>3VTRQ&XbX!Rf+5uFn0& zlKaFGZ6TbF$1cI9yx0I1&D6lXD$|p6f+&C4Loo~NlaPIZjPCCUY=N!qJJsCSXfeEC zCnR^37q~jZs-u;RpKq=M2#99FNHmcapCXkr2eZgx-k<=pcn)T<08x#b%F`X}-v7l4 z(oPhzhsXQ6L?hoj#x-E{TcJsaK-`5|o1lOVhzsF~P8p&yMXKF2;f71{f z=m>OzxZa*dUCzFHugz9`0~I@an(gv_<(iJgx4t@YPEO9)v{PQ*(^>P1yzZ4{W$HdW z9HKZ_+C^$2KtRd#_@EAN@4e+p+L}Xg0Hr78&58B1J;}1cl%d~;<_5iKF}3`-Nkim4 zO=dw|G7ue*_+pgMN&`are077g!-*sQDnS}c0koGd|5#l9ZK)>E!q$z*YZcX<`iiZ~ z6-4+^^(ogl+~=bGtC-S(ZHM08BYNt3iDGi!r!Td|e=ZtF7Crstvq)fYvqRt!#; zyxHb(YpBFa0s}95avBo}EjH5yobF(YynsW_Wzq}Nt#5U!e(aCPIehqj6|sD5X44VvbGT-(C6^H&(k5Q*1oTGEwi^Y1Nr>`a&skB;)c z(DLrKEdN72J|JcLC?HIezv(IyZJj@tlaXupPM&s6CZ+G%q-tKzEschC?>?LEN4KUe zDvIG&se0tXvYM@SUk`m4K*~IQACwFvf+k56%|8-BpeBJBkr)^01I{%4);0XoGd9%J z^y#`dnh_`NQb2+_i)Nyw#aC2REV%l3_I04jDQs7Lrj4kI4qb8oF`uElQ%F|{q#A}6H|q}g$Jw?4QoV>VYw+s+0V@ctHmVt zp`qmWD_0jKs(;)V$}P}Ki5-fK&br?Hv!eQ$YWr#KlEYphbQ~AaV@6JXYc`Ejavgyg zWC0!L=K4gNOKkTIUKiaqe|vpyYMR%eJaMyzOt!;n{-bk(^?1>@=`UX%((Fg^TWgH0 zep{;x`RsXHpdp%7;Y_dM&{c0?UTNaTpCxqtC;0ij;)RX*)py+wFeP3)-JTy8c5ff= zlpOa3l}{cYdC+vk@r9XY9Bz+a;4eCUdk-&HKPUJ5-cpS-0&xx@v^$dTs_R>`%l!I6 zrsv@^#}$lshg#}kC`DsofT#VrxE1G#b)x+I{B_NS9Ty~{<3=twZqjXja+JSWjs$7M z;axpw`zO(fRaDhU+x^p7-eH|(oxJhuZ{RC|jZuUQkCif!lK6L+Fv|vQOl#$LbTf-u zkqg>8CA?>GlW<7<6Pdbz^4;chei8TqzCq%Gs4Qg1u0N+f?zsaZp}p?Rj-0FSEoa3D z0y-Cts$yjgcKmfF3*i>UuAc9I44ifG+42@&i5&Bgt(ruTeN`mZ(a~9Vye6e?vzfix zbVxM&>8mcG>|2jT`luA?)a{8tg~M~cedo-o?of|getj~Zv=;9l!9&h$voj&j6txsT zaMqSi&08PRTeG`qz%lb{^*DofiC0G@R58tHvbCX&oZx}U!&kKi6}LV9+3kDNRCdF;lG z4YgCKReCzHq1HElqzW{Ayb^u%A0i>}hkW=3;P8q=|^6WqY2h~YJPa61z zCJqDH=&yrlb-ul-}|0)^nQ&NI9@6XQTx$j;ark^=E;=|kjM`*Tu!YHOniF2MMd;-j7LY&)Iq!<9 zCdEtY7l^$qN(6;dP!~HB=F<}WY}E;%`5WGy0#>sBK0})BZ~Wt+2cY}0FiRMSeu%$_ zqm2#qFgKq7H9e>0U-gyUe(*7R53{Knq!9p2REBX|YY)`WD8K;KG?0$!NM9LXBB52w zC1C*ZKkxyW?t5H z(I6>yfG6#aZJ|Tbk%e(xsdtPW^thHLCe)~OEH;fcC3`EhY6d2H*s>^7wEeXvQ{^TO zh9{akzCmYqopN2($jB>xTH;2Zw)d^iJu8fIH?lXkM!2%9ZES)AcGgtVF0%8^8r3@_ zZCdmWS-fl2{}z|_P0}fy{HR}W85#B%hsnQuP4V?1AGT}L=`l%e)T*W#nr zg-i=K1vd+k@2iit7({qQqN!BNb^?y^-nX`9-0i>Dp|faG_YpU#rjX<2_)G7sG_40l zMen8ikEO=S!(Z!+O;BWApDhs+Y(_NLddf2#KALXV-=hFX=$y8j=o}h1}~*(!`|NJI}x8 zoM-_WiE)KffRgYu=GaOnM)mXqzcH)!5SdvW6~f81yv%j0wi{JrMgs?BE6 zvCp~P$c1;+TOUfy!`cYNY=^Z&Iaii%s;u|Hi?>N;*1YDW*Rfpl{gCr#exlY3OsYxg z12*VLz38ZVN0`bRJSQ0nWZ!hJPqff1#!mXw{^aa2|Eo}XX=eHU%VV~V?VqnH6$|(L z>23^t*J)igZ{R`g>KU|>cN!%}{X96}&u6*i z>OD`rd%GdOy@0zpQ7o2;i77|#X4k5IbIpap<8n!LM49r&>EWMklf{*#2G5>a|K%OI zbJR>!a2sZpB2qx*dy3U$}66V06H!{3glvt;v^T&(HK} z-1^csKPf<`pj$-bPZ`VqY|_60mqEnxy(P0GN5Ihmh6NKFcg|Kt!~3Rp*|rcBZ@t46 zc`=M+H-YSr|AX4YwfiG=D-*f z8sdkpo?jEhzCD?@(T)nz=wG|L{a4UgaJ%-Ei#ViT^c!DeyZ5mdms6A;j>#GVzB&t) zsSx0+(@Y^UL#qyV+kFih2nBqY%`99Q>t%}^+}I}c^Io%#%ir22<4#UY`If+L(42L- zKrpDw($E=M!LRSS*I`>Ln;z}<-s@-HtvpG!9~w$QU7zfwjy41olErkqyV~1H+IHA< z{BMIS#qH)^nb~4=iVnZYPl=oeEYNC;7-AR@RZ>!Va)F2`R?c+^AC$(0!+d#;nTl$1 z6^}1+g-rz#$6r=fMlrr?3fOLH9_La==!RaKcl{>zUB+q`@hMN2a;@P<;c5SZp<0g9 zr)g4c`EzTe&i}U*z5)ftWqh$-ARgTYh{TkDOQ~x5VT;i9_?(KD@sFxl<4>^dN9iNv zCtQa&H0144bxJv)Uw~C*6jnf-Dj1{v@&USh-=M=PSAEGYJsT|(3_Xe;K~q+OhLB!5 z&3$^3aqls>e3b^_b|>d*kG1mhp&pQLSGeVMn%gb##a^l)berkK0=!ubDhI2|52#kx z-sZLo@ivDa-yRo=V%WLHFD>c#c{yi`u`i1~lu}LMzAQh#8i{O2=fD7+>Rom{|H9At zI8bGXm(PEh3gq&kXo5GGK@0P)Bsk^PjRIQ#i0Go`t&Y757!LVM)j+A*b( z8K=s*kVy_oc5Hkt*@o*_Z3i{3kcJ?U#mL*)^N4Vx11BBmq>%kiXG3>zP64 zY<$C*_m-v6^BJWJV|!brT}n`oe_9g z;W%kh#ZcWN-|MWxe(qGIYUu_=t>kB{=Z6Ghrzfkt@mMXtTzBCwFfG4N#!D|^Ah&Y( zT{WfCrUr{t3yyE$@n}9zzMDp7aNDecO`l)iz#@i@-}ZIK_o3vkWqmI{pQ>{C%K5h8 zBiBlSHD1_ttH~oZ#?rMZ|6R}HiSiv3aLlUW297%bQ81jyq}6 zey8gu{e@O`K5@O*wRG4r^LfSgSlBYANtX#3X9)HB#`+6siwpBl+Y*b6O3g?TJHCZX z$h#iRgpj%O>%JvBny9*x^D*h(50LyO%LfQI`V`22I8??bBaeOYhpV%wTm>-d+WPpZ7X58!{tBz{FFBr7&M+ptQLlFn89H#X^E zSh)C67P{skU9m{JjBGTM1V_DyBA_w0GQ1(3tbPua8-k=5Q7a0Fz|J<+0 z1yx|Mgm9A>xHv_3ewtt1Wj=#iA?HN%;RZ1zur&tPh2lAyBqk>}KM-Y~DKMPW4i(6g zv8eMW&+1JM&5Ou8ogrwJeGWAx_JfrC6wO*SN~YAeyCY4f#^BaGW^E+R?>H1W zXk34@x_t868wX;UH=jCtdMM8BuOO})52Isf}_bdj%n+L*5E-g`B+`V)DfF2YEL8-uYG|O6$Pdp&WZNc z!52$_&Z(h#&)t)(@jII&YJdyH=)jGeztjEZU*JM=_fg`s+DU;&cu9&8$jr2_d3moa z7eVn#RP*=}!RHQQpwPa;$u4s>O&ehu!uYqF$x;O0MbHKuTdUMisVhTR%XwX^eZGNJ z7zolW2@?+8P*Mo577X#rVUzXD&n6y-84a%;Ql7gxg+AM(#HOQg2NJbxm8FcD8R4nC zfxIW%kqKF6?;h6alJMHq&(+ldxxAO=A9amejo&#;j_hKy!PVHbd2!Wa`B(TNwl2B` zPvtzPYd2HL+*ijdO}%^jetgcH6urF}W<2q9C+&il8A;H@RvnQsj`(58?D*SAUscHU1d=TDTk@Dsf?w#i}qL)YLqc4$E; zzSRp+-r_(u zELGUd??yq3;l~om4D9x`lcQIYRvaMf7LFqA0I%8|vIkb{K+V#B3J~%=_iYduBwlWO zJ$n`+5>7ghz=Q@T9JmQAducH{lY9 zdc0G07|B-|)fp?jJ_py&7Q1XDtTPM<&R&a3kKg&RJb?$;r{^5M@fG);a^o+4EN=8F9L_pPt$ z7J+j=n%Q07nYedWDA9ZQy(<~J)M+SDqT~2XUJ);S$_*Bht>llB6}Q|x^qnc%_oozN z@k~9cKQl2<;xd6tOQSC{@3G%=E0R%>bg?JRFxRhsWZxr_p{YA2OY24N6eS`!?`x5G zm=<4Z-Gr}-9@}9rCePv7f>We3Ui6a6`qZQovH45rMM4@a3kOgMRhS9{emkXNh7ZTzvcaSWGqKV@w%#NpglwThYzCa*`kMKZa1f? zr$=rH_pZhq^6+pgeE8Gd-fzO6(kAq*VM}aVoIQop!pM}ynD*n6f@z(y>}(1jR!T$j z^TRdOQG)EonbNs3i*4t@8J`Ae(5#W&h0e1CYAWUj)!O?J7E7(*sP)sPzR5 zn|j8Nts2)a^0UsDQGNsQQYajr=x|^)ZW31qZSb2in%nQsUTE zpXS9TKmE0zD2na^2cIOZ^tmysybso*4@m;_xFw_C+WlLYpa&hR%%y~fc+ge;Wd(>B z>?53}?aRVurWC*AzOx{LF#;#d9Yoq)qRJ$Q9$M^~$>&WMg?%|+X~iN8YK&Vr3EO4X zEBe%~J22uA4NNh6!uBNsRoMdu`bPv(72c@oIO13+V{%LV?HAWBPJNIau~46IV8Tsh zOJy8$MpFdG;ceAzP*fs|_?6;q_}mQKzuylE|v7kGHJ!r!h z!&63x#|LSQFRN-oR{WpH(w6`a@Y6)A=XbBsiUbbS0zR6MU0&abXwr1-Z{JB3nT z^k-fm?8NRv7vkI7Vt3M4Se4BFFI85c`@T%^1}Hr|s4&U;nSXT14$s^%!l$43WEZ00 zbXNA$&yqK#<30XRthE7`^37f(YwJS5a^&gvu|uyr6Z+~rwSZ?^D3=+KUzE?~uD!t! zcHH!wcyFV$X(K7`(n8fsh)Ct+83=!_yUo)~- zW+G)t9_!K$ro=iv@;tO^C)RynDP;tQ$IgX{31{JF#MUc=)D+Xq|=5B0`ljL?I8 zUo(XGACFv1cr3$%UWaEy<%zF?y~#lUSnZ|wCs{^1hlSN+q?_I+kEJ1mRzUB4Wbm|J zoFem49U^NcCMCU}mX?+i)_TN?3^F7BB8DERju-z~?y749gHza7jyz?I%(5+~;rYw}?Z8N5$WMZRLvKc@pcL?t} z_h{m$RTq`AHcx9eR^bkWo>vX}$xZDtCwbq{LSoohInW#C3)Sf^${RB5!oy^N=ERe$ z*yCi?zhnPpfSCQn**Bk_IMaV^r;G%@XZCjI)T8GDB z&;G^Zo2v!wIbLlKBXQb%OVXgWRfIzeLGVtZ0DA9YJEz0c!hIqrM#4Y?@c%^wq=}cL z3DCGuaAbGjsLFTpd)xTyNs%igmB?hjQFSuZ()a%Nj*cd<@~a~3L?9fIyVzJgt}#rT zeZOk|EOm+c=b*0M4tix0A7&PB#?T^Xr?S#l<`>WE9sg9ZZPDxynUK?AB-a*6w;S{O6DaH z)Iq@3OJ^H=h=;& zA>RVfl1+?aBPD5;@&q{7U;pq_EyIp>Wq*z%q}HS$jROBl>D6QsJ*H3iA!iaU_O<&E zA1ov{UGCE7*jkwh=^JY%Z+dhkk&VUC<>o>m`YWh0FBD(0>yczn`zN7sM+ED>j_VQ+ z7>HFA@_d;VQmEJ?9v1&GZt8OXB*Qo;fwA1mr%}BUWDnYoE#nq97ex^1AZNK~&y~RA z@(|j4LjG^ZPyXCP1(Km?+$4i54?DlBl(!ScbVktwj|7!~9M$P?=QTNut!MT+3ncC&HIICnx zF2_+*0P(T?GnhlSj1zfqzjAPxfhBxx^+x$6yDOf0rt7t(gKcLIAFnevT{iZVRD)R| zJ>W?|4#?!Ypnw~nEGn(x4)-8bI9x3M;ig&zsvLg}g!rF=q)$G$+Ra{-FHH{8C=}Pz#(5r=iu(+IN2R8BFAkZ18%D?s+H)TthCcmzK0PfHm!$DL{WU>Y>qJ^w6*TT(a?; z+I8`T#T&Lo6`Ww)xP8e>)A94`>tlGkLe~rtTl1U*eJ=uuGGd;tTWh~++9~!k%LV7x4ch9j*n`9^jH=ZA>K?9_5 zgADFA2S1}rrBG7rU*lkEHVqaZJ1n`vAp&(Md}_nDZALT6!wrq2-}-XL8%rbL~% ztNw@ZSVVhj=#y17wPJ#q<$e<_aukf!a|M+dlg@z>vx_BtgBn6C4TRWC2tni!9}@I= z$)uPCmPvgdrukMdVeaJW{Smi#M`yd|$%g>WCI3X8ZEB(`LA9r|cm45bZ<*szitIM8 zb?Op6KM$!*bsE>JFr8?oCA$^>G9wE!=pY6(tz`cdj5aM0N(gb(g?DvqpoOR>W99xe zK!I43wg0bn4nc%PJ%2oo)<)vt{-i_|ZnP0t#<3c&UZB-q$=$-Zk^3U0l{>M`V7I|% z;;#c=lSo&jl74L5wmnolZ-qI`Hkaj8Xq;R!zmimTytpu^6_0I#CXdFj6F`!i0@RC|bkv9`?@4;j0iU_oO zL)=OtNHzty6=ECGa9iYBo8^0;S zf?2j3xIf8I2H+Cg?Vx4**}}f4&wyd!9oDk2?5BJp#vHl^AUG(wl)3bVkqG#n-&qdp5=O<~4)nFV$rt|K zYUE2;%8fhI(l<%vRFGLg8fQT@W|*k}Jl_B?aCk!;**v&O(~qnZX(hs+$HJ(85PSi@ z5k3W0>=Yj8EMVf}rC%2T`~oBN#9X|b`kzOYYs zom{Q{WiOCgrEpGc#RRKpcM@pbxQ6h->a{8hRv!fMK`+D!B2Ep&*kqVnyQMjyf}@Kq z?bL2|t~<)N z!pc}q?MnG_EB}_HGL8_jo>!T0xJQ2E`nRCzZ) zVo*b>{Wv&h_D>ALiXE^DR+*#yodM~w1W1UGbe5Couej73eQ`xTRwcPs7zi|*uD9tR zuZHc2;XEhm^5FmKQKa7_6F<+Wc!D(;fOH8WB+%TFkQpBU>NqYNy_ZF7b0mBz$)pxL zgIMj_9@ORMH^|9x!6Kr6Dv=Lu6XaIsr=8(+UU`C|Xsa7TKaI@>rap^d2MO_; zim!lSG>#(>+lR@dJkaKH!8YSUpxWbgVT{M>tzWPG(UXSzlg6*7HUphCO!xfJKB!uvX7RkAZG zVGj_({P4oLZuznGyBlDSdZ51sn{FQpWc}9@U>?JQt3S+^ojgGz79qN4muZnQT4FoC zk^p4>>JHLipvIIJ@kKSB0;WmzOhDWS+yS(%2T&$W?L9N>$753IisU~&XLz8gyqK&% zD}1_%(53%jrZ0oNo=hO2E#7Hk)4_z$R<%Mqw0>v&{9lpkpJpULzBgx--ql&5z2xnz zJaMXJJerdEW*f+2dDsfQioC3CHTqQ$;=@RUIR6ETCTks;)PURU-#5K~g)dj@zeW|i ziY>7dX5Bt&%C{HWv6lh-Z$6n*2B4Ijy}@+yVHdWZmH9CuMG$!wygzeP0JZJGitk)w z!ijF@>U{jBVnmD}6@E-^B z?D;7we@R{IU9i=$Q+A(^3z#%{{3l+J$W_hAU=SS=bYPED#EYv#iq_LER{%YN=_c?~ z<2m-R%Opk-0x0d)pTBjo`@b{cCk|NTg~6bgCmbkZAH3CWGTieTQvH{g(5S|HY5?6C z4#Q-TOF)AE86{ZM!qr*v{mQhF2bKU{O-Q7971%=hg&XZ?PjFzwSAA*W=RVG^WgtKd zp^g__>vkP-+qKna{!%L)u4{h;cfTbi+Nn^Ty=$T$=8F4@U@GJF?#0uIf3 znxx@Dej2FH%e(wKjsL0Y8^u;;%-`PYoS4@-G}km%2}!@`!vAUVovz(4kiOQVP>`ii zhzD>7NFSQvvQwlekPCDzt8FL%j&;J-?1qduP{4cY4pD1621yW_!wm3A3Cb)3HKywt^QdX2QREQq z+yy~sIcw+M$;$q=4-**O&{fZCDLMHV0ZCy_Aw5um092wkfl#2hl7p7<@cZMahSg?p zppymTYl$!B1UOso+Mfz!EVl`4IqB?C|Nw@vC$ww%zGlaf6Y$p57FD)E8Tb1FIz%0V=e2sm&#te9t z@-Op?bHAP887<@31YSYjqG9XN$Ag;UGSASumrkM8_yhz^y}ep7TeInWRyo+bZZ*%& zjL`tb3jy?KF?Ik+3(JV)DA!^c^z1<0Qvj!U@RAJSpj@9pfd{rNa1A#p&+o8=>zs0o zz_r`}F4`~JSD5xwr69}Bak}+YpU%Ee&O|E7`?>>)6iBx5r!fZy*0i_V>>27J4dB<{D-iZ)4dQM*n?tcFu zghNtJFw1;ySH_v)Y$UI_hPQt`45OnE;%)K1=zo@dfin0eGLdr61I~!CPFqku z>E*W!eew7Bc_T}+P1=8=00OJ&7^B5<39B#|Cs%qPKZKLbhnw`_iVh<^+;sB#Bp8n7s$aMC9-K<FUWe+?ZfT^mFh z+*nb|87(-}5*8G55|;ipx=k~1V!5-n|EZc7u};B-SLRKccm;VJ)J2Z7yJirXNTtsMhC59zVad@yK6=K|Q1F#tfAr2lvFu*}u2|KpUoIUi z#(A@(eOG)iN&NBK;A}0gm3I2-vak#P*QhC0De7Wq#rR-X4^qcjFw2NbFI~BXIXZV| zXiiTvpz0A73;=#mpuYIeR>L2?^0B+ka`KS_cFeV)fU!+IX!#dQ4!vixZ^^K72_X3j zD&am8n6niT0Cgp4l2X~5Yqc-}@IMwC$b=nmEP^E8<^Um#65^2~#G|z}g~o=a7r$CE zm26Sj8@EJW2OTdgE3YT*%Q#1BU4z-F#|ibsruIJEk$g%pt`7xA=X`H8$^26RlrXeF zfZV>}66T6IS?DjH59B_DB184SR8rVF#!Y>K3hrq91y7*vhJSDML|XZTEs+1l1q!8l z2rU)RXah-Dn<#oOKe;vy$TX?4M!BREitruGsB;-hD*evmfhAauGhXoX>p<^c z%pgBM>aJQ2x>`pMQ=0?RE|VT#Av1e;p{l)i6nwIfgjjxs1NNYfbk6w#;awOW6rUq} zcO+#}MkjV^)MPeq6TE^B+7_13wvah8QQQu#h+(~*FaO9iAi4jSS)o<1O43iseV4rt z2lJI4Rx{gaw*xA<1|_?W8p7S%NTR0|$e7#zjJzPV`oDPvu6^_AZa8J?^Gi(HNb;+H z#NGr8Bqzbnhd?o{l_QAWgMP}O9&QrcucnknN1?w6$G7AgBqI+saiDJhhhm|TzaUFM zg~8iRD0XUOWUAARATI7;y9bYj_`|}JdAEak6-0M|1qpu2+c0r=PviB~xlck@)Ac-^ zW54R3BB6GzlDxZP^D9Y;68UHpX{#{}d0LA~vofdIMsAQiT0cc9_4%Xsz&!w0vUq=k zt10P>mSLNB-TPsuy9wV%{S#e9&^vrZ0QFvWDO1H6S2Oi*ulk=Raw#8{gQJ6nth-x? z#(6?9T>+r5HgB$8o4AZagOx<%qOcur@5%c<*C(G30FJve9T)c%||-6M#{vH_p@tStVKE8RuYLdClmK5%e6j0l(5 zyK`#fv$a9XN3{k;C^SSNdDjyz|0@H*Ww_v3kJ-{*pD@-e*p#o7;&-ia7xw}=>H;W~ zvofS?Y!I3gk&^XuH21uG5#ofixM7L^=Y|uo$S2UrP~HmangO5i2A}v^urGZk7nVQf zR54T=<$HIq>gSg0*x~+ti#P0xDnSxBQq;(gDy-6$HXCm~Inu{Tv7kX!8H4NpI{2l;r!CdJU3UIUl;A{jcG;r$JqxfxIB@ z2EgX%9P$4cd+)fWvh97?i69_Kk)|RLWe`*Z0Rd?y4x^|bV4+v3BE3tE5fv3F7MfH= zLFq+$RS_bDqDU`6klv(AOMdGFoMG<0^S<9dW&ieXG2J3c7QU9O4*YxAwF5VCRlZFN@ zCL$$QH#nle3k8(4KuF=i1DyUZ`gi0t@Yl{hjS2jZ97K=+Bbj~pc;~OrjSs*F7ijA2 zgp5s)N-|2rt@578Cl2u>$T~?^fcxTUWrk{=*W{y->DFygH$JuVz-41p*v&|Vqn-?A zVcGfby0U3Q&2?SIcvWwox#sz)Ycv$Q#9;eWMqk@$i|-0A&O0Yju;$%mEPY#HN5bbm zE{=eTx>lCC)?C4&+n9pjmz94$=`3t(>kT+;9_rf)*5&(uwk|)}0vN37`Bpd?9mHWA z$9^nm1JB4G{YA#_wY1LB*e)LhyW24Mu^0l(1pNugJ->Bcy71`d52imTyy@-RBhB|! zUVLv3dC=FjiA(UqTZ8?V>l5A+gB;Q{cVBJwb1<2qyv=!Y;?j2c1nisiX7$AU;F+(1 zpS)PP=Dzn6K1{Bl&Yf#$Q=YVU&(3>yD;eTHNGS`UyzNTJh6CvTzyk-7D}rygjX&5h zG`u`3VKw8(2O`A%4Nib30qeEo z!rud-?b_vvH`5MnVRm;b8;j}JtRpP8Mh?Jt-N0kM)p?!ZNu1ao=_Fk!DST(9U-uCA z*kqn^!SdQgTRZWfXDBt6OvlVq-8u%wMua_At9g6L4=Ayt9D`m{Zx(m=Z&L#HOk5yj zNzY8!O=+6oWO^d!ug(q?1l&YbA!pRJvw?-)fDNVyg(R$#r~KP2HH=+>=Cb$zVP;SH zw!ZIyf?CF63%ktVs2vb0^8gcoFQnU3?3D+NbTgm^h&JeHV1=6W}hpYpUl~#JP zul&c^3+YOOr?j4RGt`GN9ukdPzCp(ui;EBNaNNaymg99t(*Esvhci|^Ex(EVX|Tih zfU5o#_7{q=-oaTe6Tm4K=+0hEHxI^IknlryL&@n`ob*9q1 ziTzjtVpI}9n$y5VUR@^R&rqAo(FT!_^3TWGLal;sXBN|Urh>$ogU41Z#|6%I8+DZg z(8O) zq#$wG-)S5#4la3je$RQo`F5=nJznJJYBBy;e(g`iLE0cI`wK{8XT%vbdH07#8ngx6qYx- zQcU{asGY|XZ4ZSkCBNs@A>SkiPNyXCK1o|n{JMX(Qvm**QNy5r4Ev(j3dH$^)uEt* z0XC!ipXDyMC8vBkQ2Y?fL@O2Jc_n&2FX@aL(Ea zU$7HazpJ2UMKAdi%RldTuDh=gvOXP{0{mg@5IUqVwg|Wz>ZhsxH?f1BuRRaq7Z_cz zXlJj{koKNQv^yqy_2UR(#uM!sQ#p zbQGOf>6N3~szmFF?gLFc5T93da3 z6{lQ6=h)^RJ4W4{_1Vy99)RiWl3YYK2qrYa&O)$BD$8O>jl;rKfWhSyY{|mo1c_X3 z^6%w%;(b`@d0De`(&T~}N(qe)@u1Nb5x~Z)qqYWL;1O5zy7aZmF4zD^u6gf9@K%Rj zvGc)@rFVQ};j(;7qvxZIM6+O@(Y5~XTne&9QZAO^!Q{BO$_8?^w28ay`&F#HnnbX} zPJA9?SAR)U|J)EJSuB`cq^y6D!taJ#t4|!v#kqHknby%tM|t+L8eU;GYY7&fx_~E& zzC1QKbVb7K5oKi4sRL2Y##mc#bQUwff}p_wlq(qc^(9UZjW9dP-4eu8%nmScT2QRmXfT zq}ML)A4!2~m6nU&!C`K_j`nq|tkhP)&1)!k1WonutyFicOjTUq>b|q?Y}5&|Xe<7P zCrVb%2_f!?#>NZ4M2=pSqQ{3ZK9vaZ@Ei^Cuu4$0NZ%UyC`gzzNtg+n^4z*h`wuL- zDG$D$irRW8q%eyHPn4ir>9ZBIud8wCPs0T0Erew#4z4QP2tHE(fK3D=Q8eUQ)wTHK z(eAa@PLuB|?x*K5Qx85Vu$gz~wP>L634Bf_U9<1$D#e)Ptn6A=?DpK3!%_6aF4~fv zWnFu*;5OaA01+)$0C%3g{yfMr__|fq{)73UYHzySAvZ_-K&u|Jzw9ww6~+Hb0x47gol!9 zlDC5g>kzUdkN<|cK)*wNFx;fSwBejm7%38Nq4@}gD=!C%C2=-_xBY0y(uc=xglMBL zljNQgQalvz)zi!m0~dFf=;bbU74b7#29abq`#Tpae;Sx(O{FVb?8LNJ);pXth(E$} zA%-ltcK%{XWX4$e>Cupgo`>nnBhw>+3czH(te>iX7KCfb{4%!FBO|2wPn}kEHRgIQ_~NL zew5hDQx6Jfr+jzu8?Bzp363eYYgm}L7^PjrKfsEyxg-5`YoxTokCR!ilH|x@uopPg4ha8s&|3p&5c|M>%x0}Js@bJVTJI|}~FQ&xA zLdl*J3*nv7H1yxGK+e;hK1Pe8X*q4&D^?zXiX5u?+U77$p4F@J8b5 z_ReOBn>yd^4&HG8G4_@QV7nV#nEL2KG=pUQZQe2GXN;H@KFQhH@t$RzO61Pt7Whw9x$SJ(Kg<+# zrMdH>88j^vkKYPycL*T+5sU14OHP*X_Nja$c9o8w$;o+CsVW;wqFt=7|=JHA; zt()8H#gRMg%=6C*ob5R)_pQw|Xuka-?^2zrRuZV(#3W@TP665diB?_tf1<-Irk+2oS2TvnAbLV3)Q=;vSJ1xVd-YbIB>Ml!4Mh?7nau>;!oc$Xqh6&(`8hWthxV zgFen_8Rouh`#HImMPYHam&p3Yu#vow7?+t2A#SW@?Ar$BkfkRwn;H7f<_%9Y?RVyh zP$~-T zA6w394-9$~Xj;fURTuL>q0=MVad<&LrFOg{(jq*k!K&-{ip9cHKS5hdCCAq4NRPVX z1*teKj7hQB^@Z+|rb5f9xRI|iD|3-vIR|g&#L!y?^~YKdL>9@_`^4}xDacI{S7u4I zL9=$mG~Y^hsen1d{*|iv_UZ2Vj3J7!+%E5LKC>B-WAe`op0r?`acgUSM$)kga&C$a zW$#K(i)vFIet)6*u>I3O&c`Sjluus&wSG&9##z}%Zu2kOo8|N^%B9QfyyMd2mWr$u z6TGgu8>wBHEEPED_OKc+w{Tq6vZdHuRn@$Fs@z9SWye%Z+DtNzl%KQrN&gbPcI(#2 zDY><;Cmj3l{?vt6o4DhN8m+BcsZekuo;RKc>(ji>9k7wD7~#iU^|>9WB{m^*^sHmj zV)dAa?LMo>YW~^`(%db0S%%GavzANfS@We%4vRnIw}O4jWe$g_#4FM)^UXdOE?&G0 zxUCqzF>q%hWa;$^gDriiZmvB4_2y-G0A$I{dt`x7qIp7t#z0 zoO4e=qRr@;`dXkxy8AO9K;Tw9vH5XP+~29^H`GxMKu3r2->uI9FUfM_4v4fTYfFOv8=Sv1(p7AHTuMP#9cHXeuCO$ScHQBw}ubNk{qWfA64b%4TZzKlC zQ%CVc_pYg@C(<&c%RGz^`?@cFiIJOX%aXgE)2*(j|JAhK_tX{D@)IWFuA*x-N5c1Y zKN>hH^5EO1g(n1JCEy|jTk)zh{>~DXZ2PI$k49Dx@KDZ}{rmtj&r`NsbmAGxJmP$z zvSzADv%8E+75#~vPb*li(%m@vOAA25bOcbK_5m&yw7NPTuT&0`YJh)~pTra?dc?+` zSZ$kLnbDO4tzkVt8%q9=O*`+7oETl69`K2h;&8Ei=9aYmYvMsuQhm(Ds0aejDRBFi zmDpX2X>(Qif{A_ZZVYCF>1PlAxt?{XzK%CXN(tr-RC5hn_H;_b(ynW&@lWx@>O}rp zBaD~XQrzUd3{ue??yPmtwRx@XQbmh?!pz9X2$<2xDBTYl6piLlK)=`jU`AunNyw(? zY&VOIlQo+>%Oh^2+lC$NmtL$ECC$E8SxO^O9J@T?o#o8xN!Ja!yR)8W>zjk0++RQM4#$iY)BH96bH^G_WgR zzMV!}B{r~lkO~$(ODNI55HEy+H`??-iZiOUf}V)1Ss7Ty3vW$g&UcurfN16b>##Ab zHk1!O0epnjLYUG36fJcm%Ec~MG_HHTqqMHb%PS$j95WU@avCj)nh%P2(%)amWKyr& zyfreTc=6M8JU(#R4=lYBRIneKvm&CCbMI)QbB>O06IeG0#AM>p@I=}}Ppx*XkJ1@_ zl-i1S+KvFoa)_KG>qVSLcj8bIe=Q$Z(@2Jvee3?5XuhKNj_di)M$j%gb4iVF1V~5)txw}ibZy%R);(BZOd49{_ zmF+662ggnkecGo^dmuwUIbrBHXl&FaE5pIZZLs_jaK(!&U*$Jtf#KswR!b?Er;Zul z2au7o{H`X}_z--~IUev)DU8u9Z%a1|O^`Y)IsH3*)tlI>5J8r{3>TAVFLr7L8sL^6 zLzU@UABMlNq>yJeX%9A$0;SJ2<`%za^R44kM?BBg+dWH9^GSL?ViEk+ZlNeTlE+Qf zz`!}&rEbNO>@&OAXtPs19~A{yDnoYOaJun%+0SXSqjtRA`M-x^2d}z^Fm7^6bR#E> zE-#b&=|(iXQ?Uvcv`gCu?DX-wI6^Avz2AIY@~*$Xme>P529|5N)B^1sB;aF^fY+ed z#C>XiG|;;96%$Yo;(Dd+fl9_QaBOMCZwo$q`%@rro+fPTdnG6Z7i>e`b{`GVX*p_b zK+|zho!P9c@9UGkM~b08t-wp0_RE^}rsk0P7p#QPqnbqymJ1?_$et+snI? zQ&%dB=vnT)rV}@EsyR2^b|JJ4Jj3?~3lEgo6P%kc4*mDbfEMFi#g43h*xLw3>qZAg z3*FuLbf|&gnkKvk{FJ_{aRR`lCNcuZ^^B&T-oKy0%)WTPO@!#C7}jVMoZ*- z)mPH9YsB*syuW=~d?;u$87!A{eVY8}6~#CXYjN?2P0yy%>!|_6(s7QwlhhHYpTukF zJ6wrg40&gBHAq<0$S3W!Gwpd0$j$j2nXa-NhQmFb9W@O53V}^{6jca2WdV zmxa6+Ak^K@x|dOQ{nJt)wLo0RxLu*JX^1RBZ!4Z08Ty#xpI+1Q%4DxLcN*<& z8W9ym(R4sYXg9_KImh&Nc(f{%Ir<9O(=zdOe&k*+Q4@Qz`*rx zVP&X`NnATTeK$#37Rtsj=YCxdd@d&oLErjf13wlbAl=r;1R#&zzg`U8M+ymVm&61I zqeYLoYuG-Vs~py z+m?-S?1dPUF7~>bm2jU5r1SX6OPK1;8U=-BZn4kO(sVrHow`hZY}%KgwyvVq*03~J z!PzdV1P51L!vis`Rvn5t%A;q9TlGf2X`477%%IFMQE@N>G6rSKF4-BP1`6PKYYgg)y?Hk~kO5P<0ISW>Q1n52I)v2p;?KgR81)B?*Lv24c&CqC$|( zTccfEtT|t`w(ew7Q8L4-T(X%=th&9edLF%4|I6B+(XdvOxqos7k zeL6iYpr|_(;(-G+*wV4K$$g$8grHW^FbzF0Y?Kdid_MC(RNukd>FkH^lZr^wd%jYN*3y5z z4|+7OIBSNYk-cR6!b`E_7_E5R+gF&$XUQK|&MX`qIhO5ZG|ppx8L8BQx}rEY*hmB% zVUY}7CsVl2aj_5(&-J~2^&m~lB?KKQfg{>K8wrVo1(b}64F}GnFf|AjXq>7@MIeLtXAb*TAfwIE2y>ov~`l{Tb+G(8fC1%$_3 ze$L=jJO|7*OESwbtJDcM~;ej!=W98fo{bqkf7&;ja1IqIxP6o=Doj^F^M%Xy=vM7h&WX z0P>~q^oe_cpOXdCbREtT+f^ZkL*zCz|Q&_2~!pq-@`7u_`yQ zO54XLCWG^%-Sp*ur!B`F6XS?$lPr7rVNziQ?&Mpu73&x!%;XjPf&oa(fn)#~H$fHR zK6P~aV61Ps>7QPX2T}LRmA(rN@&{AeGS+k?$s?HXlh@NV1ULvbp>G}OQ}rP%47g4H zjzyDD&UoThFNoI|qhSDQ<%PS-y&DoFelV~7$on}NTe?(5-A{pIc~_5}bR@BvSlg?u z){;N{&~BZKSC@sLU}3w$P%cMjkCv;hmLj?qgG<`c|999VY~Y$vUu z@4JhRWW{Yc9{P?s{I#8iERYq>pkBeTUP#&`c{akTG1P{nF0k*YAYq(|=KI#+kis*1 z?WXjp&;f9E^_@J3MVF&O{nxy&@cx*KIGHI8-_;t1H;u$j{`@{7Xx0|Ton95UV~QYJ z63L2I7s8LErw@;H?u#oRO}Cd|au%`PR;0?u)&wQAvlHTdet(&hA@V@B>h$OhB1ZbGVVxICPq{r{Szp7z9*4F1Zk$ zjL$ohc)61n7ppd`RktNuhYPAq&eyK4)m!sz0$WKbpYJT1jug!3HDwJbmsVZUc5aP* z6)a&iW!1o|!^;L#hwa4Drl7>G26lTxQo@uPlp04+qUF8AU*UxYrj7e^n%w>7!_UR9 z;)xi*f4Gng{#uaE%&}&NWrKZ%y?Weo>Sl!rz8!0!G9K^<<7@X^&a9=?ZQe1euf2MQ zdF|=|BuTHt>km}HBsCaS+~zA^3GU+x=PN$s)xzyQet)a~jb!X#a-qWCH4fP87}8=8 zN##Ai{%L9gU>w;#&*ONh?N7x+mhJ(R(6a~@<|5eiFNhz<_aU~Pq-k;fX2m0hxwy5i zVXs~ZQ%@(OhrUHW@kIX}HV^aToK)`q7?I1bHtNZpC1CX-{NV*?m|Sch2A}Nxe&V{K zdspnOo^mOtVa!*-5G%%CJBMU$bR2l?Qfh$C#)tl#5qyM_8UFm!4OP!y&)FNoNkrYi zZ{Myyq@ia&i+C8QeFk&(Ql66)A&KCeTKCT`!FsFf_Gz zp)xMf^b_;^E`q*fJ{=Oqe+5rt1F)giJI#vgAPDaYzOS#OAAGR!3{uSWs;SMNQJJd? zbQx%L?w<}7v>=rOVJ1i`uBT3`$f9isaD!<-Lgk10pOijq`Bly=2ukx-E;2NyV(R6t zqYa(5h)(J@A$c;%5h*yty^qL#Xy{Ses6oJ=t7X% z+iMn#{_UPEvk4S(_)A=Q7h98&&%k5n-AGsnp0KZ7-LbLP)QRBTkeqj!)V6M?fLtNR zycpy~EpZ_%&m#zzQO;e!lSokbc1VoN!?fyC3OU$@+41M0MtS2-i0u)Jl-;r zTUu zfh^~fT9-!s2G^0z%|>c^{|qrU!0^46V7Z#Hi525Qt^4l zFgtqG9pIycRomjg(QdVYTJEK-LZwlrW1r8Ce3-Ent+wu{YD=*Z8RtS0$Z~2K-t-_OHZ6*NwQoQ3S};smtrfMgTLn1?sEju)54_$7}hYGGYc%_dctI zrYH{D)EW8)C-g-hU2D&uKQ?Heq&~=e`9u>^6Dc$7Ytp*U)irke29{DaUQH>%iIa!g z$cdR}F70-3Q4d>!UsnvG>)XS9e&n(duL@v~1C{ zE5Nsd@76*A)v+I81LB=5p#1Bty+rMuXNWYzS$=D`iRq~RNIklo{KPMB2I9(7_QsLQ zBoA?(OD*5;dBg1|s8}^UO*2JIUS1_+3m(OQuwuF}{P9SpNSPgGhL50|d=&~Wq}OnN zH55(!#~lnZAI zZ-c=y${RbN>${6&cni&&y2Q&f?GK#HU&J=m#zrT9bZ|`_8EftT15cb+pI6ybRMi~F zJP{&Ol)JZE0*AJD3(TFP@N;u>ToY2ROY@`7mL1_MhB=PoP|A!*R?dX<)d`GZVuMEi z5fZ7jWm)uO_UeP@?1a?gK}fE)w%Va;3<#~sV!fD!QeBJLOjYe8fzME*1KK0=a?Y8e zV^4J`J`1@R*PNA>w%9pqdvEK-*l}%Vpb2V3)kh|Sa-?=vJ_(jN%zLa6li%w}>RM(U zFj7_u<@;p4Qm^1>>@<4TPG{DdR=hR(>(vp9GRxS6kF|6GY@diyW ztBBNyC0PF`XcL;vdaVT+o#zpcnyUHYDEIXi!`rhk+tZDAAu$f1LM1Zb?=oQZp-o|^ zvy2@S{*fT10qZZMIyF@qwWPK%5zH4HTph$t?21L{bP6(=8BMW&wOJw`N8_96U0y{= zySbk>+HSazXtb4Es?sX-e6&;}*W$VIIDMU;OBsB}$<5REf7bjo>xwNh;Qe%jxm#>( zmV+SwIJq!vQ#4X#V1fj7Y`NWcBSw(bVU833-oNn zI_<^MRH``6E$dmlym(6NdU)nV zn-rPKBuaZd3=DRXJ~l;RR*Fp5_B%I3EWMca?GL??bIO7gxku_tzhzHUp{zlKL6kwy z?v-9iiPn~>$Vg|OugeXVLlVwP3q(ItV!fF~(8yiCMbg?*`|N0xxy5)@hecW3p4V9d zgXPl2Cc$+WHcS(>6xtEBd2_<@bhZd8^-?_N-m${D!v@vmGSb&ycUEvVV}~+TD(Q3 zEknSZJRU9F&^J*_Gga0bmncv;yi3U*Kne#3GmoSzJ+f3Š&x{*ISzKh)2j!Iu8 z*nZA&6gs>X#U=b&H?8W&4+lpst3euBb)+u$kJY@N-{1y~N%ZW@bL;*g3!rTFyAtH% z6)os|=Y(bKA#{4A+*^VkrzU{8mspEsNuYIt+|>PvOTJNbN5qb2imCQA@>tH<-J_dx ztIj$UUHB@=D=k97e+zye!}z)9wR~zVeMyIm*Pggk{>*1ios5{yDy1`Njh)s{RYyy3 znIB`=6f~R;qeCK_-bZk*mq`w1fohBL1FEfN4?$iMim)a)74`ujaj?u-h{sYR@T4Ag zQsvS%fHLO7p^%wCYUhmd&kQWULP1qgy0aUC!)Gz2Fi}ng&&#+uQQ5K^ilc;lNgn4C z$vYDH3oni4O@o^P14ZuB$%%>lEFym})4|z0N`GA9*~1;f%$-x9XIWLq6fD8RWhqN< z5yNR&bfVr(Ouua;^YbHT-^&$CruDgZqFX(keTUwA($y%IalReXztQYe#~L*%dE=g= zrQD4cCB4)78+3F5P?5Q&pUwIg5_nfgOuFxZ$GDKt^v*#OU=+GXpQTq%^ z4ZnK!S>yb#emr7aF8F92%l;m}kM=I`7@xO23@(Wp-`}~`xzWWG+F9`AqzQAmE5(pF zT;1w(x`l@Zj~BmaZ;1|9pQ% zIBeMxd>v$Wl;%RfvOeM4&BJmhp+cw_ zr3JNK-SWkOTys=y3f}-BHgi68NQts0dOrdw2s{QJO9xYV=T*7EN1uwGZ3=Y%pRfzC z^Prql_kL&cqk%&qG833E*LtP;^RtLGw$?;|U8QggE5jSMghTd##d%aiN71$Gcq3QT zHfHjv$mV6}*#gu5JxyXTb>psxJGcrkV@ z%gg>GrLn6e#~1v(h;*cLq5|BwLx{~-Dii~L15w4sasVH_Z|X*Hi84`r^Qa-Ps2#_ zXb_nNRNwp7J{(DqGGHU*5VG;VP-S~_uAQ->A(#O;A$sRo`17YeVP{mQ84sZk@(3zHgATtQY zFm`Y3GY$P)jrf^(Ao^1QwZ#>QCt9N-YdKyP7ax&waaVekAuYAAU{+p2&mt6zRk$ew zz;cC2r3ycn5>~X0You8PE=G^tDppo|XvgW~l)_Dn7{~>IS?wQQM=3Y4V_;)?mbSm6 z(%2EjAwQTp=6eC8bc-YT#aZZjI}Asu>Xfq?T6cA_-v*qp9N>xp(le1 z1{7?j&e`YXIYQ(s5>_$>5X18EA-eJtRWd{OL9g#-^TB8>Nq8yBkQkAcQb3+W;Rd!OXdA$NPj{{UYAs4Yp& zwg;>VXxROUmn_}_#vXOi38Y-7*%5yIAP_$;1Ywi?b&(Kl&w(*X{WWj+L&bC2(K_|f z3l~Q-m;<|567*6&cQ=*x-d*O?JoH9;>BC}Q3<^Irxb(U$( z4A4pVWwf&qqs3Kv6ipZ)*0&h&ixlj@L(4M*&l|vCXOvni=inY{9cx=C%bps+Qmjhm z{jq5&G(|Gu3{IvmBu+HE>6~JDpbmITcb-$tfIUURjyHBk@mHk5Rzz`qLP@GK2 zg_Y#s9!^lDAaUGy&w3mW$U6=M)Mpgjdl?%o3&J%U%{K3C0PW#eW6n}(;qnn!vHS$- z=O5V!eqhMF$;M1TCi++OvKexf3Sy+Z=F%I=jwdcm0!zqzt>JfYJ4TuyT%X*F#oIXt z4px~gr)20lRjzq4RsKw$<|J0Jtoy3umZCvJkc$zq78(g@h|bjK=4@oZ3|gI$&!Ya2~O}by7qS7^P74R>}TSw6$SG2 z$rOuO9!g7+2}v3w5TX+?8Yu(`jdOeS&!^0PHngl%%?06te+EZ|e}`KrtT)As;VUo< z)wB{E)}1(`oj;jEpdl^Zc13FQQ&p)*cdb>})k1 z=d*uUs_;tZ*&SGrcvG69FXyKmN2dPN8W@f!TT^BwQTzm2MMB!e^xprmDI;qC{-ctd zRB7&~WjRG&ChQc;hN@qon=w7P`JkzdO9anG4o7oA3@sG$JIA8!46~CIEM3_OYw%Hk9Q~i>9*C1SA3;qZUO8NKurD zQNQ%IJ@M`xj*5E*_xf(}{>`y1UU$}cG28X9;@ z$1;rgirv>76z)z_xesk6{CUc>BT*pk+QT1fBsBwZ%GFPwA)sZ^^KR~!rbCc(HsF22 zzn&t(Sde}IEJHB_b2ii~79>+k!+3GwV@Sh9dHP)Tz4wTusO&Z;c)U2OTT!rbP#F_z zkTr!l$2J!bhtZgoy+Lri~>kZI3#{?uVZVF8;+CWVP zo>B-}_d;!V*brAisV(?C@TR<*KGTl|8upbOsGlfDb1$XI8S;2RWBS(N-M1=cU=!Ww z0Y-7PxsbgQhT7;VzY>D`f<#Nw$7^#D@ySzF<1xSV`(!$Uur%vsKAf1zb<$&Nkir{` z9KH8FQgypcy!XH z5U!O3nl1xGE02p}E1n@D2$?r@yU-yL_?kTp4{H?TqUuKL%RMfr1d)HYlsL|V%vxKu z_qMa$y`9yutXV595#*|!{v}t?O(zfh%F$r&ml1k1ccx{1qaJ{yM5n7GQU*F|NcAZL zbQwlUZ?PJJb^sEzk3gYpnTT*B%tC+XubUOi40AR`mNrG-6WX^Fm#>Yq%}-Eref>Pd zk!ixz)ZC4te@0Vc6`Yro;(`n2gPE3AOZit!Oh}c_f~Gc`FpJPFh>fhtWW8ujYuMy|b3R-H$=GzDEto2N0Vk~Cs9ZBpg>ZOpeyfGSN2Cd%nnr{s zL^H#Vn3eiAhxd_U3X-hu-jf0s z$u6Fz+!5E9C;rp`yfGSdFc`l_>I0dL;;0se*1?D9&>)>xQ!FgKr!fn8xt>jzOIg`` zoSknB_Ld-d$~G65B)rlIDye43_iQ3HzG%=cLU;c~k@- z+y@3A$nZ7zXa=8=AuiB+f-P%E$!PrLfZh>Ufd~AJ%{+@YmT~td1EWklhuja4*Zllr zR)!}Ig^X+xnQp-|LC0{s;)Nd7=2?UaDr)O7heb{}AJhBT%-79nP)b!78f&a05XQ1g zO@fU&)btLj6MF)@k^wX{ba0?F;{skq>5f}Vb^Y~OA&9}%$q{T2g9RG9%O#}@ep-JH z4SE-o-rSd7?xU#kkbJH5?krWKr2V`ikag3U0`_P}NN(!0|=<>GwqCE#TK71wO^q&WZdJf-L5Web_}*1#^X>l=Sa^r~_kD#P$-oMaJmMJH0`6govLJASY8-|P(D1jaLn2@<_OX>A-!aZq+}(faTvmp z^W|Q1M?)&c&@$pGwl40F#rUzIS@wrmfg-!{4Qh=U=R4O;d2F+kdq1mf31=TPEk{Ya zERz}qPHoH8cI*Z$$=8$@i*0lk&XMGLd!-$e%a>>OmUfrxNzo1**t9I?4*~hG^gKqo za#*Z+cyh!rvt?aEu3YFFuo1f-2tuQwz0~pYoW@;F;g{5ej`KZa=vr6s1ol-=-3NNs zXzp7Thv6qJhG91l5FJ(bXf(elGxn@da-7@~S2a21Et@E~$l+;l5X3?F7YuWx{?Cqc z{6?GxK2hA4DI-Reb7^sQ*Z0tUxj3)_iP`Y)t%EMxe`2+gxz&WeH6&L}!WGAQ34%iUk9#S@-3!zOFiF$FqhI8fG3^H>>{J-4E2C7KIl;Y(e6tykQu zC#QU6t9*YHUdrg~16vKD!>11i9ktZw^Y;yn!T1!~`FB@BSF)l-`*oXjF=o6C*q3?A>v@)I^oX=F3aAQNrLayI%U`ewTY1-% zj|E5@Uhc{1OqrmL*l%s+6JuGFg$zrjNHy0-)P$0|Yq;CnX-DkB)7@vwi=?E;>@L^U z_BD}K*6zubcg!8jeWN?h%WJ*t$+d~1z{WpBo}Zd5Ne!cTC&=Mp#buhUg(w~tLKnnK zU~j&GV%kXdXY`43idB1b&qW`f@#MffSKn=dSo9z0CK05#JO%#87ey=K6(no>oAN}( zWJK3OV8q@vE0xL8BZ*%!K9znDlR3GoX^WnS!!hotvYN7y^SD>%U0zY@wqL@PJ8G;6 z23lJfwoA4bJGUNBw_o*MSYDP4lpZZ_kjG6HwbM!YN;&tBZ;=R=`>hi!alh8qxJ%^+>o8H1@0ZM_8}$0S9$P9{__k=b^tnur=ZwytsB9P_ ziCgDX-e_uwALp{bDQ=8?>hYD6&6&PFZte^H%i1}uQX+9)7H+ovEA5u9%~LU6<&L<1otz_> zpFVk&?Qso3(sIFbK0fKrvk@L=)>aB7%|0~9dsz_MrJ>BLXR?^X0wnIx#PVv?=cgSX=QRI)qy@ zqFe;;m7vy-lOqQIr2TGIbki<36bLP=dR(b&$q5^ZO#e7nxu3j+*e9>O@G?@GIjT?J zW%hByvzU(ed?IBoQif6(mx9$7VLYjhW6%F^Q%6w4t=}8{UB_stj)X#}uK8aqiE4XPw>bLwGbGkd|$}VV?}hfv(vs+t1C# zhn5d3GIHuriIW0-#{9h~0ji_~zu2`~THjS)vxu}BwF)|Nj$_?p4{((yQ`G!7D~R$!m?U0pu)rcpCG76;K>Qgrlz>5cRJ0*BY8@@>4PZk)-JJ6$_8Hf^-q-Z+s0*Y@XnSb5sTg0>!TTQ1>S58?fl`)`I*aE zb^ap-G7Z-jA_l6C&IY;Gm)R19R@#ZJv%%(eC8UCk>CSKI8SXvA`Y^-3<@O<>kXf}_ z!;WK}tPTr=(e?rJn5~vWrJSwOEyt?!dzS(onN+QOb2(crTCV2FjlGL~Lzj|&BUm_< z{7#05+3hpUq*Lx_d0s}Z_jJ_cWPd%$IgtNd_^Po~kN)bO7=;%nT(;e+i&tSaLL{BGS>$p^f@BsT78htB+$aD@#~j zZqwkleJ8vF#BolrPYY0Y(u8pp=n1jyM$+?Jjoyl~`)$(M8EMYPPHfKNGr#|M39N+k zAaJMl5AC{Hkvcq4JLN)E+iQNz>=kL}b)$(92FLx>oWCGW)z<4F80UMc;@~S#ZD1`T zF`6x!f5LDNXx2qj&wbdBK9&h7GWSFr0_#P4TdZ@;-er^X%z*eivY{w~V|_3i6gi@i z-%A)*hVubY8p3cX37oCmcWs|ex}t>)Mq5(@(Ova56Cc7Og0X7$YCHCI)E!a9K8Z zE6wi&GVhUw0tvuXDu~mZ=kLbCEG!x3G%w{7*@<)1Ox8mGHSv0u`%qcLvxw_;H_vQh zj1f={e6{AWrVYNj@6`|whnj-*u_x>K-JOa(2yni5H!p7@XxZ@aeLeNmk8rgaxZ^G8 z0>}Y_c?I@a;}{Ko0DuUUvrScr?-9$%F5JZ}wU9dg+az@$=Cm|owg{v97b$gI@UO@e zfb;oYDwge9-L2~J24PpO#6Oq0s6~xafQyl{Wj*g>)#4SXV7fQfXSytszZN&kDA&(O z>gwd}j=V@K-dSVsfVu$oC-w0=g0}Wuiccv%vVwE4AMR}YDG+a!505tfh@xA#Q2G6* znF?>j!;y};2XXypHjl~$SbGaWjZWS53Q-28TzgR|1)Zt=7e$uWLRx-*cC}7=@onx5 zR6zsMC-8~zy(kkWRxp$x?Reg=spS?pOds9T-n-)dZxWMQ#f0*Lf<@ltW#7(axwbm- zW<*P?m9@v=o?ruI<=eQ#Slp{+(vj?jr==v93;LU);uic8;wf9#4Nx69j`c!==*@6k zkP2Yo&|~?KOvq9dct`zU@&HKaTY$@T?!Kn5Ni@FMmFQE80cjVpac@LkZBzJ_lH2A_ z{5o)nH0N&g>P&yd2jn~=Y515vM2`Awzl+W+fl`X+kG~`K-^DCE;4fl<`mn#SV>nXR z(sFRF)6uDLX2Uu3rrml)vdI=UjKUTQEF1o^=hU^|g6DwEOutumfyPM`>0+!+Wr^99 zEEnvcV1(e_DjRY?jXkT?95Z5d#Y2@JeMvmfk+sOa^?Z_wU$U)glVa+e7 zc8GmLYv|N-(eay(U;Ew+a$DZ;WH-A{=yO`@bgB|b|2ka&zq%Cs6V59xj{d{|F#Gpl z_QgP`%klgNbM!wSD3o5oc4Vl^T(Q-R@#p-b#VSGz57H|zK9$>H_An6MR+C?2vCa$p zb)ForgNHllaB^^2z*vbZVV??*_zE|iPAiq56;E>Ocm$DB2PRoZdrbZxJNuVsv1s3c zJwE)SYePKx_B4DQIgFS&3C1+0x-ScK)*qn}sV+@}=ZDUNytt^=WU<69(Vx z9o*RXGB{t7W=~PA$hvv+*HV1c^u`KKgm`?ekm!4lKZBly11N>S5pAyS|L3p% zFO$SC;fdDJwiMwJmvcR$?f!`dsaw`~x%=0&_`*X+^MR7gGe7EIu?%EkdT>h8W^liG zNi^x@vz%1*rCe;KzGeiMNT11@yf+y;Nvqhpei-Ay$nK3kD%wFCjOW8HIE}WS7A|I3 z#eoH7KxgUu;BhPHUBb$}%FFt-82@2G6&=XAy0oOEUvW?r;vl)|47!ntN`!!2WLSaO z`=E24!EM4Cofo~}jK(n#t~a?M^!ooYj*lGB-tsmYg&W=diG5*B#Pu+zL@x|4-4+Iu zUWbA$h6ohY_MZxBW8u`TeJ>f7{{4C}#dv93WG406m3@7ovYb(n;&U)<}C*I7RtSuKa%u9vA>Eu;hYV31@1^ zhN>JD8KdhlCQ^)0tBa74ap+d1u!bo(@20cB968US2;blBDz3aa#BUm3=2L_o`m3b` zU%tj6VFZV_K)L7P2}c|-)$nShSN%0(<)ax!X=O6WvSw2GdIqPBd0_CZtgQ*_q3XXz zTOo@uxDuJw8*XKdoOBp`$$J*M1#kj~T+gM{CrT+-u>EN0ZB~f2(5t=bfKrD2?%4ew zR`6>Z;|ow2Eg3-(z9K2TiVOTx0Wo^{O73clw`iNGR;S-}`kBo7IMfd#K`yk(gq{e_ zn`bNm|J%~eLZgY?xO5(y|8K4?g~-cUNsa3xsCWQ5O{;S7AgYiHxo7Hj&kag$wdK$9 z*^i&0gPWRm2dwu<`8$T=NRN>HNx;9DF;)bY%2|i=$p*6#1{~&F1vqm9t4-@_0EK$k z>z2Iye{@RzYdxu}@c*;>JmMJj2!xk3r@#$XVleuEi-I}8KK@$5fBZoimZpPieX7{c zG=?)z6Z+og(B)VeZ7PYv)_chX*Ob93c#a}`s364txCS^M%*7 ze3<$9$00B{2|m|jjQ?hE|J8>J0OlP|H%tiQ;jX9vBsXV@xOk1X{?Y61|(C zL01Ac%j34O$iL-JnO#2%YYH7fLDv4zZm);Ycvq1^kyjBHF;g?@Vb(>SM5ilKmpAGw zq{jU`kpFWR6)MZ&q<7(#?7cd4-VQT~Q zc_a3uf#0@!{yhdTFx zLNbT8>-bDrTcN9$%c6^@wmS8kmaGcL|3oH_w~0%G0zSC5C8C-sQf&exil^`@e2OTK zT`UCRWl7?l|LJW2$Nyq@sk6LRUJ($NEfDMG)_-rt8sp|Ao9zws#Dr+T9v1Cf*vn)F zX3EWCSHgHX^v2^NyI(5~ep}Pud{A-I?*1LpwfXRO@I-Df;9?hoKHqhf|@*T+_Oz&!?V$(+Hz7{GsF z3kbMKTRYqUQJYX^-1(=uC$jk~?7;c|%#Igu1? zxD^cQhmUZ92{&-Rojf{*^=jc79OuDN)Ca_M{>?Sv{-`EsYEy&hgM&bzy?qcViXTJ@ zAZOiXjQ}~blNxAejaa*bnY;+xd_MXwSR5NK34fpFD7Agv?laxsM{CQGb0GeMKyvGP z7o661gd+f{HfC@QgZdUlmTPdKS`NeS;eYSYzeKo=RwzbPWVxeP<=yAQDLalDzeW)Mc$|@}t-ZE=7D8#4EKZkBKOYNf zI6P}awmVMlBUN?izCz#%0F4!HOFc$2hyT_FZ8rb^M7I_1v4hZ@>iQkRWYoJNWdS6i zO#MIV-Z~(vwR;1VQb45ykp}5jP`U)A8wOBHrIePG97k*#Bt}x{AqDBQXhB+9Noi@R z;l3M&^PS_7bHDigaqmAWBYV%@@4NC@&ss0ogh>E>72f83RO1PSo{v#hhlQTqP#wFr zmjfd!eL!?_;!?mNOW}KF3=FZ5hNeil?@EDLPq4?$5_V$FOd$$DJSFr##vW$Ie{FQG z@sH1E}Do40N7F41dLa0j#R+vxX~wTGv0z zK4TP6nNl8qB}|IYv^S&+3|!~{puus3HY6>H0Zm5*Ao8e=82I4?NaO*$zd$xGFUphW6)SrKooJWzCfL@B@c3ZY53QX5|^)6dxJbd;v$*_!EDBQFpx$3 ziIx4gji|u}Sq9DheRcem&-!N6bF?Q{S_VI=U6v5Ww!0*7^^+MsK}=*1^bt4e8F7J#>X+Y4YfV6WXT?4HvH z)mlFATQl#b_uIn$65;MY>%pW-jE#K++1MvjTDVSoHufeEkbf^V;2|=f7qJ%c^z=I2 zoDPMPZQq1i+A+Dp5riMOuNySY2$HzJ4~F@((Ejm|iGkP}-{DS1=kFQ|`9bCyfN4CB z4$z+iNDc9BFB_Y_Q+cOjwa)6}&r1Hl+61^6NI*#c-2~(`t^lAVI{SmkQ9RENl;vLo zm_Rj_7!(Uvy}`(>nQD%Bsh_j93WFufbay5@>Hc8oVpzGq4GI3BVMB}l7nlyR@SyEE zVVo~y;|=HqQ`dXBKIiRqLSwMksL%-T|H~j7PLqA?u<*bY;44P%H*qjaXag|r(%M9N z1x9v=SnPY71wBgx;+M*wVBW^&B;fakVk3d37s?!E4}la4=l3GbsA+_#TbCBip{?LE ztoa1M5PONc>~+J^^ucsB_y)_=8%jBop_<0vwtsx~G=XfIAd71C5rs zlOT4yB?Vl-*K||+w+aM^NYKcr)Mz8j^szC;uU97NDJUgf&c(F3R=?&=6}H`rovHNp zW9POkwTDL#@4@2GtKT~5TLqE3C#VxWaS<1xSu|#v!G9(@{MqaBLUA!u(Mya%T?F~2 z(J6UirVw$6WT*l8NMJ+eg<=Ru_vQ}7XPVg`^3c~kfDsXY@EaonEEF-&!h}yC6P!$8 zZc31HHU~`t!=&!&gKhuw#sX}P;{(Y1fHVT?2!E4208lSsow$@p02Yxg#ON^N?ZgE! z3%<3{nAJso`#v>y^;|z@I9(a`K`zhoIqi3fJ0Rs#C4cMq`|UmcYO%h-}1lNTbTl2ojxg- zVrYT&AkDTk;krSO+pV`J+yIpG0F#O4^cF8*j|1uAareo_{O(`kOK{^x-XA~F>>nfi zdaV4ne|!&oZPw(tva-fw;Icp7V*F8_*uKIg{!ttiISaXoT^o=CYg9|QUFNXySzOU| z_yD?w%%B~Pm%4j(Z6}aFaV!8u}y^o>!8rSjv=nnq9K`z180K>X+qXA1F4I}`-a{h+unCzYo z;&YH%6xBmCDBDYI5XY4pPoTK)zd>&J#U|5BzTfccUCQ14Srk2#$11dTlIQDQ5H2y0 zak*P9F$C-xFGma%E1tY`Jp%lciR&W%x4qpL#al^WOKBEQV(6$@P_}o)*8XgW*PhNx zr3%~o4lPol;X6yWwx@bPAdkNvyvpc+8>^i!{S$-pFJCdH{gogBxaiNTy#rDbV4#fA z>4s#CWx)fNg7Ihnsm}vm?t?IxnG7jT-dO}?95k;bow-T>!6X~D=-veFYQX)w z=#9~Wk)2}x;99FHq3&+k|27;47$ZF(QbO-k2JZ3ig<2ql`Yj3zsohh6ncuU;$Ib*w zXvCV>e+d38Ljyw8{wEHgLjV%i>sPRsagaT`wMEhMfIRVxaqu#u6|`p@^@BJ_$`69a za_i;MH7)LSb2|T>LLUI}kaTfXfO?JkF5Y4msFgv3(uAM_+FKG(><6iq++jxgS1=JO zG%W(8*^dYrS4NptZnP(4Y5%K101|xq`K?msCNP2I-}9+}1n|4=U8s7Y4{r8X7T#~) z?z23iPCx#PK9Qtw%-c^%3&C@S^8xWg@pyv!%>*TZ1s5@VdY`| z@y@yU!$)Ge#+(xLXmQ=jqfd*w1?~(#v?4apb?_;IWKD7sau>W=?)!?NL}!hY(^u}{ z=REsj+|+m4mi!W~1uO^8QU9X}DR(0F+E9p;jEo{10qkZSbvh|q-B~=t@r&&*qaahF1YRz~45AMa`(t;!Cg~2?ZRZ$5uFy|@otIPyW z`9fs&6~oz;mOMRNT26p4h1NBulE@sv!u{PJuP!r+glyacC$-T~2qcZo_OfB)Gu}Ib z?M89N3Rhr@tp3f+;%j?cB2E%KglaKqJs90h!C}l)prTAnWw3mv?b%;>U>bu6IeNut|Bo{saS(ng*AY zS@i3hg}BU5YcmPn-wn!p!$HazLdAOQlMv})Yx2vgIlegpIK~Y8G5$B9r=<0LNFhLA z{=yMk6(KW@jVr({{0i^zR}SSOA+K-tm2vCtW4l9e=TZ|dAK&we*eu0C>>1hpO+j#+ z!ardi^r9U0Y_x;*e1?3;yByn~->$AX;hOmkG;@2!m(7ca>lc-L{=8uNhofFoncq5S4j4S*2@ z)I(?a3 z^@8>V@C_lDMb{l}HLOkvEh#}1k-3}t6d$E0x4C)~y4V(wpWktUlL9EfI*pyYbodHa zf%l#Ba?7IK+egGLpfOb0?5$OCeBk*XoZ>rGuPTI%%!uc1f@JUrkU`M%C?F^Eir|nZ z1+PHL1-3($_>l$E{`=H00eM(*V*IKK33M#?f1q}^q6W11)ag?6&xvng^=jF~d|>^6 zmz`cxqPgUh&tt@Tppi!aml=GA(0}tCzp6IAxt@QZI{xK~JvA7ySc~4I-tDEZ_pngQ zNjY|ju|wOJO@WaGybII$HvHenKSs@-kmD1XOWo3~9{`6^K9S%&{SdReQi#{a0?ETy zGd6p)mW!0{7?rWGb>U<871~6ZTWEcYDL#rNP5{aGoBu$*fnXkAL{eiO2L)zp63A z-xLbg8gvh+o>B*O8-jWuV$tCD-{U5WA1-32f&9NANyxw$)kM(cDvR^ zx-RKP|? zE(wZaGl6|N@${+u@3j^Z|I5i>d7em|{$uwkz^PDUt1>l6@W^T+`amNX1@W+NfEPM( zDrElf8yRo_jg<9HmB)yeH9^2!EYr@l)ak0ENxO(wB`%Q5zR+PLJu+H7>y{v8%D3}6;Q{Ryn6Y=?i}<#d^TU^10}$t-(Z!03`ot$o~8%ZXch}eBz9Lq?MyZ>BG9WotV`k0dp;zNkVSjzjqQ?ofnR` zQgD!QVdYJUonVDK3exH=xxlCQ#d~HCxB!Gesy~8d@sRsnRJ8wDUM^U0BCz1MDiM#J z>Ca&!`&pm`m)l$LaEoEJd?$=LI)XMbRRucsm`gSMke!Y~{12LACT^uz9hp(K@ZG~O zg@ezSEZiD5u+XN5uc2|olq2Kxxj2$M#Tr1tim>(q1bN`syRHt^>R104pt9b6;6qbWko0=9a8!ZU_(qHQ_Ve5#!QYsfg7Zk zQjtGAwy3cMB4Oz-$beDd2izp!j1n{5dY)ui%aY_31;(>`4)%lvmwBp7)TN93-GUme z@n>U>3%~fkakZ!Z`{;#{1Dwa9#Uv=SzsBQkMvNm~xu~}F%KwYlEk7fasj0v1NpqL&>9ZvY)8^C{=3CK2QJ2t66wi*Bb z!Zx>@Fz*)1;c3mv)!-4pK@OU0eo|T4OtsPo{q&F~Zo}<0H?A#^;|}@9AGHsS>`6FS zKeJ`{olv34mW~TwPPA?P!UYB8+0Xosv+}ba7e81zAhfk^jUm3-+N;-UCCXrgW_yA8 z=e_~^;u52rCkFifAV>ry8}mmK7nYWpnIGo>AE0R zNV$CBu;hhAhVdrYRQcJqymOeh5dlN`R83Ce#zNWP183I%K1={FW&OI10P$om$R&*c zL9Xf)o1cxzE35cW$tyw>_7`qYs3MMFQvf$SwsZJ1)>L8Jg|$T707n!Zofwng=oc(f zHj*{^{Ahn8nyO;VF*zdRR}L_HwJ;gp^ukjE8C;fpkGqM^waS*wbI;PR0iP{nNr?Ln zWHMB2jDv@7eV%4wHfenY2x%U&*Bm$wO&GX2l{}*$%)QCmC6lyXHR?k$^`-YEgZ6hy zjbL;y*6zv!AKe6ahzO=jFmfiy(v+<;Q&x zt3nCg|8H-CKs28Zwu^Wdy%$2gVJPnB<%?=6@-qL1e>rI{GL75!ufOqd|4P|N3cYF)@hQ?qD$|Owr93(w5KRga`JFIcc|Kw4_0w3(AK6tG|Lt-0J(!7aa8txJo8l( zgc?MW21OLB;QiI^;x+2k&vNyi$p7)tDy5XviDxIvuw4Do z3d6N*&57ihoUqrYYL!)0RX^w9;o-Gc*B$Atvh#{4_MDzdYYac05Hj|BOu)yXWK-T_ zcW^yZ!ct!T5s$%k@^<#raN~;4`X~4CZW{aWkrBDa+NVyPve<}9Q1te$cq2A$yL-lZ zLElt5qdD4ZeLjN8=kYTe|I9|46r98J8g-Ie;VwDA6D1W3)Rp9Wi|a>3RCToH5{ zAVQW>MKHpf?GPgLIerjwJmy%mJ7@Dm>j*@oLQ21+hm^96aG8_Uy9^Ao2$8e=7-;ez zAJft3POz|R4Ks$%g(c0<@wx`1GNsFRyUKgBU{Z=s-PUURD!HM%R`z=gCvwy*7o*jtANw@bZb0gxuZ!;hcDZ2pp06V z#tuSMb*1lfm{e3ysK>YTncvyLCgIkrp|EIymFql+IebKtUy?8i0Cbv{{?0o+l z2j<|N;iR%1-kxEug^IV@Up9gP=povO!_TNgT2))x9r=Sx(EytVXuPMpZ8DqEqr zJ&^o*d*!``z|9|u@M@;_kLr2dw{;eF7Z-U_$XtyfKvP1R`$ z_u1Dkl9P}%{Pw)p>;gz_FMR6+_z}SBNSPD4#8HI7AFq6DUu$+NYfN51u8$er?s*x9 zUY+ls57jsEW=(eOQO)K|$l5S?Oth6CEFYB64bLa)I>%O@j`#L zsb+!#WpjAZWKmbb;N4ZV{MkVZi(1>>vXm-WW630bdgfvHa^(fPZe5eR?{&0RP)%$N zjT(BJTds3$Fw2&>m+;-Ws9~1~P5OiA?eBs4E44&5Cokp@WJd9)i19YJ%~{I*$jl4E zEhbA}TjO$_0vsdc=Nmuc!7*4e=J@^i-amS`w9D1)t`=Aas-BT-tG1`O;0=x)U}a;I zhZk8apPuTegez{9ZI}u-u`=^VzI!JtT5NI5xJ_Gfn(#-ll&6k<{)*&a|N3YBWc{`D zym5t0sm@C+-~1lUG{#g}y&b`G(#t%J9%i>R;medZH0}-A+$xs#G^D20F+C;$``odv zTHQ4UH_=Hkjf%ryw`cCyCdgc{&^0XFA zPP}NE1(>0ex3m8N60YF{(h%nqHjA^j4v6m%DlTdDNj(Wbx~T+{#$tfe4$M;CdgBsR zua3nj{m2+cLe(3QHI&lXp(Q0EQ=Mf6V`a{(Z@9L9qSKl#8(Zb%aOzX=cXi}k@#-yh zH%(FTvYX0uG729ZdvC$e=&EnB;EmLw0iKS5+r6c;r|Ww-|g1n)xu zWYlAQ^H(kqaSI?9Ku--$#uq z+Idy zZFHS--HI_o4wos4FnU@`-;dwdBa}$pcWbq{tUa}iZ2R$oZ-|zhg1%TPY9s^Yfx2ft z)6vp42dj5#FjN`)GD>|r*osnu8+8pRu~>%1=V)d@h5FTEBYsv^R;PxV8=HhqtLe(| zRD}X#^M(tN`jHhVX`Po^6!fsx=413>ucIuc8$B1Bt1iSPRlv9?Vcx6>N!>Nu_FR2JN9$GOw;FXX>Qp9J>mkW#kF%= z^efx+uLyR^q!N0dLd=KlcP<-`4<_Eg@i6P1DI=SlZtbc6aQ@Ve{=>)A^((N!SkIoy zr4eU-Wo@Uhilr9r&9XZbvAWL29-kthh=}Q!04!SjA(wF0Fe6TDwdTS`j@Lri@uS3_ znVPuyD%;O-hHYrH_6&nW2)!OLIhL%W9%c$h!;T4bC811wH##UctqL^?hr=}_ub!^@ zY5N&%>O09QiheK(LbIA-oXB5a{*RFFI!GW@mp>s%F$v^5V4bMq87fJi=wg9$IBlpX z1nNLVOWRbed)x@I#ZYG2ve2R9w$R5r*ykGcD3H2wrpW|M$A=eAaF@D_-L2d}9TliX zuW}FO)|F09J$s=NRh^l63H8-HSH05p={#h29&^f_H23|vaZEeYjkl7muxQFTRb@SX z(8bYd<%*dL{_>iaeJ&WSHNC>wo(5;Qy3wFqI-Rf7CyPv<1hGZb)w(suo&&;en6;3t|;+XcS*p__wuy5sCemGk8@ddf;kg4P5ZlY*f#~brr%So;;hZgr^=9X#ubsC6 zPta15QPL|REtg+^j?2p%(JXB0rD8cGtpmEeT$PlRLO;b6DeltmxUPd}q5k=8o#c`d zgKKe4MezD2cD3hE_0^u=zmGjNQ0Bi|wq7HXib@w9e+yR`KE64P?lJa=^WJ{T?s^$qk zTH-n6y{cBalM3J1%GsQErbE;AEu7sLU6~c9V?=-kAecdEp*{B|5Qg| zF0F{8%sL!hxT{nU{-R;T>U7haj1F$PrZ(Z)WL%dnTN z{SGS+6uVsK6MVKZs@`o+*w{y=I8^KZhXw~!Y`twW$v-61^gg7%6r(R}Rc4g){m6|d ze38pFFA>dm0d&8)`Q&u2OH)`^X*a$8l#Hd5K2@xkYVK|MHQip_lDB=U=f$xfD41Fcws^OLXVm);p!*jjuM%pxgioKvx)yy5cE zDk4a9qqZST)K^ur9B-MjJ{B4LQ#wY}{gDfZlY-M~VH!zhG*i|urm4hjW4)KVgfE$S zZ-i@UUEu59MG^)Pi7a6Iz)C&)+->=t6YgF%EgmWu-4L5?@cY9k{c5dbE&!M(Ahp9X zcV8q$bGg?JHvuAZI6?ki(B%&dhDmVbG#JEIvC>F23w`S z2<43=Qzx251ugy9?)A(%?nNB73eU-P8Cc$0A$PSaUufuyXT|X}`C5%KhUMvcDXFP+ zbxFb^G**q^O{--~lL_!`PQNW8PQliGhDzR(L5mNXVc(Z(8-yFS7OEB;CXe5@@2$A9 z>AG$d*z%t&0eD%#mQZ6x&1(=sYi9kiiCMRP%ub<(4ACW>)vkXlbFw{jbUgE-=|;~T zd4IvNsa>g*Tn7EF^RS3!&G_BQP1D;TMjBk%Nnxlz8E*f>T}53f(t>+9{KZ9^MrPtq z5$p_J0?(N&W-X9Tt0(nmibQ)w+lvjQ;UCpjd!alwGTX3mA}}Up*CXEMi=2md7mvTc z|9Cs;s2|EWDDIqIPL*$1`oht*GEE`7FUj0+K4WwaQ7mevW7u;iTcD%a($-oqZ&=@0wB z$bb#kjGzs+^UnHE_pu4&l`gD`!-6hfG)q@=3|DgX&-8f1tCpO1DhbV`(9Q6%mFfgO zD6uK%*m#w*Oyq6dmBR}1VQ!ip2VisWCobsuSQ$OE&zc;kG>P1ruNvOnk;Zib{*{d~#8W^u`Ofc6v8mXU22s;7?H{8CC6d(~{a&6pJjT9U z>oH@iWTs!$i^263k?O}1*NqHw)^e+MHy$Ur;&WD7g0Vb6%o@^~ zhW3})F;xcG?n}13N{XsPeOdi;r=yz2Rgbtmye9`a%sY9w0-rQ3gYe1DNO_hRId_=v zc8yo1WZWC!?HNSn4)X1|NLQDu#_S{#*{x0W=@*q19le-goK{rvV{^Hz&thsaXAl@0m4S5nodh@cbzi{UfcWJ#ZK(@ad%PKA0UUELTm)=txscK>N6m z=wuhVz*?GeN}AL2Jdi}Mj!JE<&qZbO#ju!Wq2KK;+NhXPz^Gh0KesIb-%GzlP9uDq zXV=5Bs?$MJIz13YzWFUbcx*E>Cpb~~Udo{m8{_qy8d1Q%d0(j?DSgxEYE>Y2()Qh)NAzbRr1!SbF$=_{ub{B~joq+( zyI^}@W~=eiha`=9D{d)qb1xX34s6nUxv-e1H`Quk+1z|W(U?k5m|sKB`;8HO{P{H5 zh$_mJF8#D9BC|~~x{e=bN_XP>1D?gGC8wurqR*}EI*gVrwntp5Q$NF9cfpo%eaO{R zG0pMg7Q6|cBIklucD;Hqh_BDBD+;*{oZ*Pj&>!#)kz z1s8BC!GIw-CrYX?F{4%q!7Y>C`iODMSZwFRr33Q#BD$bVij^|op?T$rh5^?M&3>XdA@<<|)%SHEOM8PY4y2}gf#mi>ef4-R(#Kcl2 zjVyA}!R?jV===VyBbRV$yqquF`i1veqYg=kO) z+$IwN*}27)2ipUhFK%Z`7yNVOMdTWgyrkf$gRM|Rw9yHU-7nBt9jeu0>Ik)JPJIQq zjHy(UCXi2jlnnXA<|=)m(>cOs6wOe55xx{OIw(;)L`k1NozB2@Qj*wW}~{M(3eb!nG1N~lEhNyHLxBRB+) zVc#Gyk{CI=F-f=EX?B3f1Lc!EHv!Sb&%0J~iTX zxNM!(Pjqz>XATk7;}4Os9E(52ec)OAu#?2jAey_4uC|CH?sb4n^~If67*Tx(rgc-D zW{CTTYAz70)Rb-21Cm=82`~XBV(^&R;D(R~AI1_x_bT%l`B09(9A9o^Sugf)1Q ztfSOGTEL_cRY9Vs`<_U~0NnTe$Uo_7BveFzSONR+R3bIFA`>A`iEF#()8x+n2g~#p z(M&a>+|L3$yG8fd&|JPt+#f=Y{}WfOH{9U_G1_09YA^k&nM_%S;e5hm<~& zN$oH-UwbT50<8)~vh?8=teYSY+4l&_|AB(t$3Y4P5+Z3>r8ujaUksERN9KedZ1NE-2#y}Y z`#)6$5rL52bhiqL*sG??{MSO6`Li1e);Iu92t+LS4}dTU;=8?{QMp8EBEZQ z;{RZ$fyq31p^Wi57{rLQq}4{sSpF#>H7FShfSm*3FBA=i_v{y^erp4_2yu@JOinbD z>-Wh&)p*8Vz_e~3TGiK{}YCRSuD9JvHNz}WXf(Y z+ZL-F6kN&gMXOrh%Bd@W852N&4KEu{xmX&BHS=^oTK(_#9)#_p@XXoZj4O=c>v&kl z_AD(4DEmTT>c3-YWoD9#1kT#Un!F!~MFOM5fiX&I4>?tcpB-od#CQ#l!UFVB$dViV zXZIHZO|{yUU~eMn@ecSlGEcAp0ca6$8+~-^PiO^M;$JR;wy@>#e_)YgK{JPfCk}Es zfDma27*|ss=R`4Dp$l3m3Y?g)F~Q@TZ`>551WY<@l~i;WB#OE^X_KkE?W& zaRB|~b@A5qp*sQ6lFqmRNm7E~_?w?~Ki~Z{+4;5uE=wKzx^Uhz8-?)H_o>N2L~*v2?LtvNLf7uy)TJFG+h)^QDwW-gs^#q*so?YI#ekU|)pdQJ zPWlS?W*@m%e+GTk`Bj6V#mcSrQP2MGuXUw|W2akhIxq}Z)ULDEPR1ABt<$z!Iddic zb--{$>)Qo?B6L>WN}mVk&-X@%=r6dT56qt`DV|67^?Zh(Ug+igxFOzbjDG-69e7z0 z6R5!~gtUI3CSp8D+EwVu-v8XI#FKZa54n`Bv&vSxTbCZfS;)e4Ui6lZeX*etUsR=V z<230La5@Aq5h7sgpCfS)dBF5M`lw)qOY-D27W0oYrp2WnlDnfsMiahtdXh!8UA`$8 zwEWA{%LBjW=xonMx%SRms*$SE-9_=y2{ds43pJSQ;r zj|fCM;rcj->e)RVynyR^vXvby^WSw?(cg7eq|3rmPSR_z%CFwVwnGz!RXux-<_a4U zD%(u5A1AJ$%hJn`bsaii@lD9sr(J(eyOoS2b~$ZIH?M^iz4O~H(H$&N z$>3b=$+wNM^qv}UI81#(Azp6??((@s@DaUE+MERUj|*A|35wX|2R~dsYV1%EV|Npf zPdY^1Uv0A3-PA}HiGug{l!gD{{r6*#ns_MQ@UYL??~*~>0`WA}r?l3gxII9jE6qY8T=Y zV63vPR|+>fmV?WzukB7bj8^9K4OiLHXmq{(dLCzTDPSSvQN4~UBGECm#Rv5n6vIt+ zMl#~l(QR`p6!TTBofM0;N!&c1DE>(MQGyW9x}~GCW;b!_R(-5=^*WW>?iG3Zj`nS~ z&vk82PkWjs>gKi@zHAeJgx|Teb7NlE`O!Q~iwO&9xO6U|8}Hi6`+aLS$5$XQWGds5vb+yR2K{ zwGz9M$jhV;J>u`BFW=~1&$sF_t1X=9M_l=(Vw?y?E)isH2OpnR1(C}GI{ccgr<{L z{^nauo*9#yME7im`CiQpQpI!H0|Zx4Tvk6$MYS1dw@~vg%F7r@vTiwBv`%|y=UIHZ zfsDHJ%R0t#gM}%zYHHd4+z|ylT3S5M)-yNA$W>tdEusQg$)c-z$XMhkD>^+~qWoMA z^-%emaf9hPVzw0=_#5}y1(zhxujVDnGBsAT5&x;_*NtG-QR%3qp-Qc1`5TnIvyQ1* z2mFEkZ_QKwItyI7fL(07uSttsKC7MI2lkIqSA)EYn^3F*{0G523Cp>WffH0N>L|4B zHoT}&Dq{~;v)jw5x7R66=x}FQAPTJfhBSf?T~e2{%Lkdy z6L5Ok%qPT08I3YPVpgM!h$agiyBTUQs^Y$JN-U((Ra zc_3@Wm!ge4z*)yZ$TRj4Y8``mMFhCarD)qA+O61f?y2&8fF7%gC(zp{96_K6Kcses zy%?O2EO{eeHZy-QxIX?Q1I+bIAM_OpmlIt$1Pf>4$V_)nNa~~6*Od@6P0RxPerNxh zynZnRG2IksgU}dnbn;5z$ixu9H=uy2DS*3a-N~YKnK+J49t`|Z6%0b|Rns8&=^z=t zE{N!~cUSVR>{vw&4)cc%n3@*#5*hFTnAe!G_RDo^)vOO^c27lhYg)U&Wmx#Mh-|O1 zdg-YPun@y;fneNG)0bBdN=6ESLqB$hv){}cM@N;&Ul?g7%IYY*8KU=g5=2#@{ z&E}rR;g*V?6c(pS!%yuyZ+jkKR4o= z2Q3{HV7LgVAfQo3@^Py=2H}Kogcy3-Ciz6NJq zIu(x~ZjmV7@{I44@Om|5z1E|li0*TLb)$b4D7!6RqAU`nZE0QX#ZontadrzG76ubm zo)41XD% z-Qilb2bpO>Jo!YK`Bu5UVHrIeB#WrC;OnW>%9I10b2S#@PDAL@4)+mEtXKr$%H_;vZ!vvrspn`&_j@pDJ-`+z3`J7`rM-q2d1R#=r@q_n z|7GW+L~j8a$A)3Ouq??c?8%pZ;#bIurTC)>~&+HKmzLw*3Gs!r0z)u=S7W zdHOMU`CIHuh~~QDhM}+%du71a`(?oEctwxy?V)maQvWU+N3j>P1y~EON>{dL=LSWN z+?Qm^6%*n#4x5g@xzZ33_70~uVdLz1`35zu-7^+5D+%Z0gF9Q}87hW<_GRRH&k?O@ zNqcM_4H%zWpy}!VARbIzD{NUKQ6*Ki5P*=JlNeN1&TT8k-5nSb8j`&0={dRRlUhgc zQ^K)z(`>=}($32KihEhEwb^s-uIi2M>AA_BPMb5|N5oNISJOjPk_~R^Zs=4$wIXVb zMa-x;ED%Eq6A}~j z$)g-b64bGb;;RzH-tz4EMm*>-(Z(d&rO^77roZ^;uyW-$k)7A>K{cy)rI)iz1NB=f zE+u$$-tU`&-R-`6?nt`t;+y5MO>As-UtZ<%c0Sa<9>!Glh9FvGdNqme(I; z*fGvROMWjfSlxQNfZe~bH6;{(XC(p4Y(t8Bu_eN&7&+!}mDS7FYw)flF>S*s0XtiY z`mBD>d=~m)E%RMI&W-J(y8{o8J!9GBXXg2p|MK_7nlos_6Ez2xDId!j*o60bz}U{(wR-NHF6&q3yJ*Ciy}>;3xkm%YN5Ik`WmLWM zJFSNdwS(<==W{1K-&aNQPUfj*VIvFGXSq3f>!uf#^#(ce7x;I-7#aH-L{ouq6JyMv z2rw@jXnH?A-SK@t$!Lw29zs>9&{|6eO;ZTKVfz~}OUf7GqAjf?%B_7Cp?)Gbi9WrAjE9Se_8iAs;f+V&rT;I&iyi!0;;Hhm&dXLPl=8n>n+CXrCvN zw?LQ`%I0_}S+A zu#rv&QK3sCa98 zBhL?(mo5qN+&Uek?x*bK>*6;*6THu-^ z*1KwBxeh5~k9#d1xjD2(gxySvWg|Yw4ffYoMi;6wqDCzX_E%Lz7R2JrL7{4ln({S^ zh-NGOlJSU(fEy`^P_@}X(jiD7^yc2>Q$Q(G?vMzW0wEA@%Wb`WK@7Q-Ew%?TsKf)p))PUWiH=EQ)7t<0U-o`D~_t} zq0*xRE&#VYBRPmQUUEF_PX$tJ2Bg@?Ihx+pbB(;$$e?IMw?wC%0mM1~>Z9JmXAzp> zxY(!GeZ0kY>smwWux`r79((t2TNAf5^0_9?j$oj!9Jd4RSzy=2O14Lf>n-*07TBJA zY<3gQSkOdAHvIKO=&K#={E=q@atlp^{9DUw3_+Y!zkuI0;BX}YI~M~U3XF+^#uAy} z9$tSS(z}zzG;!qQ-6JbXS zsg;JLifx;E&j$0vTuUjOH7Yc9^Yu+s_PG@x^XB-654FlWr=t{Yz4OPied@Ytt7I&f zt|G&{wWUMD$T&B~+6BD0__!hmvQRr#aoINvB>pNe_ds;p;D4Z)Zl}(4OBp|Uqtww9 z|Kq1nuTI!rg3!O8Aj}qB?Dm(@g+>aE{`?!BEQ5QTC2n9C-<-OKf<|M_pP9uJrFU^Y zolj@1H7cMcoYb3Z=K*y+ZM&Gxi*E5NCfg&N8)jRrp3y{~TEm-(!pG3U4r_2dDrQ7; zVTmIzpp>_eSft*#f^EvAmo`V;tGqJWT|ox<{K--L=cJm5<|Oq6eu9iZmi3+} zJ6Mn`ZO zj5+<$56X|h25^#|B*}wFBwg$^+rTj<uTAL;4G^qr+!W5`clUUSD_|99z|q4) z?NL8>F&qA@s;Z)b@I{I^>~y`vRC0Lo)dI^)gF~J(yqtVF63@HRG#H*<%yAnkxs%kH zsjm?h9=+ZhOEx?=!>bxiMb~GY^|Z)Uan=j zeC4?Pxy;oj!*qC=-#cS+G*~)vVBpzqO0ILOq`q}ePImv~VxV5t7l1G?9EgH zMb0EUZ6@b+VC3GMf79`b0vn(9Jd|?eE ze|IXOPexmVii>8rG-aS0EE()!bAOc4o%&vC^9x~2*@CVVpBm#qQ#DsWsd)q0)2E!} zrJ&cLw;Eo(jow-ixbY6Rx4kTzA9 z-f_8F?v@=uFL@1~h8=s7M(8=OVbK#pkH~d%OUp(I{ky96Wm9Y$-;;vxzfg-6X_Jm8 zd_qJc)V#X`?!-xH?4ngVit>pZs_vhQ45AaajtSS0Diyf7vje_2Stm_B;wTZUeT_E7_F`Cc z^mhiiRh_r$t9&STp-y%_sY}xrX4sTg)hXABTOaoEp6%bjLGl7?qXF^UMA^NYeO(HN*#z%tTgUgv@_06}=W~g~J)TX#cHl0#Js8Tqs;QiD+ zke^vNZJTO}GL$ zJ;{Bs?n53UP9A7tJZrV}LH7i>Mp~@XGg_aOHngaaU0*WyeUuxDEA_=ppH1#bLUWYk z%V`}kp7g#X^+uB;q8UwP2;&spC-L>JFURS9bTHt zu(fm<%ehnHO3LrM!&A!E55% zs`&*>cq+04!HNWcHRV+Tc%(^!IM{4Z4H@g|-`G09C*vLyP@q9HOET%#t7dhmY6s0Q z#z=8gds=`)XJB_V@V<3+6gvzj+ElHOR^&mPd>=j&Uxmhs9 zWmT3USqFCN6d9Qd4a`m(kGSj9nJnFJk`yCeiytX>-j0k(l?DTbf{bnaX{vJCK0Z#es4<}a6?cCM7*CLEPwB51C!B& ztpx-J_k4p<5b5ftWuCibZHLwlh}q8vXDc3I6lE+ zg39A7;+RVeNYWlsns8L_ti_;>jL+x3OI{y_SHH3A*MqMCZEva%WnOLNqNOspeL-B@ zutj>;yP>IRxiz~*mFBTLu{7Y^I#r39?9h;oXyPl+YPa|Uu^1Vv)*Vs#@3-~_0PyXGQ4ZmJlljk-ikZkwD1RuD^RzKh#OCa~i*YKk-Y#Ng7efn^uhz!D$iY@8!TDDZT4hw>6t| zu<~zL>Wl?vC2*4y+Afd0NVE9pun^H-^@_U*49S_cwx;mq-ogEUD0}aCs{i+Y{FRkN zNGkhCQHUHXnWd7f!XaBZ$QIf2R5Yw(uTT-$+1ax)4zl;C?46nYyH4@`yu3f(@Ar25 z{nHGsxspz9l$^Jmn>yW>E5CKx;_z?YyVTkh^Y!!RNwPT3+zr}t}Lr&GIhTaa5~qHF#sk~0kNxlZxjyDP ztPhJX!r(|Qp37Q&nQi!a#>T<%gVb0W_0iF&8?p7zP)<>uk~gjhNGio@?pPNNaFU_z zXM0i1P9xL<^AMsnOYUl`-&GADQv{__m)M-)msL{giX$djAUH*Jnt+^~Ut;I?&(<dashojR7jzCSJ*AYuZmdjC&#RuhZnyGynC8<>S|Rh!w8)(z(=!H_I$#FX*?Ci_Dn1vL-se ztnHA=sk*@_4sVjvnr$ezU3jG+EiDb{hWfZzJYUupmx@i`tv!9(A4SXSX5mVx?Y7c^ zeDve`wwbLH=|?j>k^V$Cs(I-k?=e4M-XMK;V#L>{9hnN$l4%vE^^lqh%&#Qi&Uj zcit)s`p;jnrA_S5GI-7`rz4sHTLEafP(z~);c_rprf`YK{XY-Mz zqo=}Lh@JF@DxiJa&a(egR{y%|INj;m*GR)xA5!Z(_+5Wnudnu5tu+7q;uqW!FEc$A zR5m@xTfSve%7VAp9kk0SKTOQc(=x84xUcGb&k$=DT$#G7J4Npp7rddZW0H9-u`G2K zm8Z1wVeK06osRD3DQNoBwcNb&DPN9|H;s*ry&{`%2S>B9u_*1Q)pH-ZgR0xk&9?iX z*QOS$n?n7lFARlKpy!~Tq#jl*Mi3cjW14m_Q@^A%%nhi+X-FQ|MRE)cdat}xTHKm{ zOuzyRH7B13?EB~sREFewlN!DW0R>v_$^VrCjd(&F6txl*qV{uz%vKjk5P1Vdite;x zJt7lxmIu`M2L%I(WnKy`QcJ*+OI%Wf-+wIKugCiBSUOWCpn|a$)Yd+ z;+n$Ib6C35$I~b5P~UG0uD!h$gmIfMo|mAzRPjlus6C$3i&F+wdKblYaT~6V($27u zOgKZkP}u>+!}%gP7KEV4MmJrUkFSL#cct-tlb#osTUX^_5+q7r9d#RJn<^92@%vY7 zIa??(k}F$fXtuvl<+)^o3#6DSrsEy*a*XEo9^@pBX8%Hm*Sb6 zaw-LpKz2Rlk|8t)?mlbJ8!B~PSyWFXCr7K<`(iK(9crj7bI^-9wIbyE6x_WeMW*eT zdCfT`$?bNQT(0>POTFL9D)DTxgb2~7++3+He^qkN?JsP@}N9d5`q;M)oD;}sB?Gh zKCg~7MsG`t{~mtYT41HOy@`)|rM=&?KgV$4lpl3bIJN85MZ=P0C}ZQFv&=ts_IH&tsr;1Lm%w zXn8tLkBZ|n%JPvBw2p-e>Jh3#6!oUdp|NzM?8Ap!66+(uZ@xXcagq}o>5RJ&^k~Yu zC$DIWGc`2EHo=ue<&1Ltt+VexKa{=FLrQpRF7!A+fAzmU9&CfDumKMl#&YQBe!+CAHG#|n=62o;pqGD>xMg_4{*W%@&A;TZkyH@R@0(3^hrlS6WckyeoI z((xPl?#v}8#U7`9fzPJxZmEi=EGDKnPPniuM4g>_Wib>_;59X6L3?RMr&8SD3%SNe z{i~6-r01|s)fB>z1g4DNL0zEyYW6xLB;n~R(-;X+T5i-KxuLvad_Y@%W%R}=oe@d} zlBV4NkF9E!%j9Y7U@S{kd(G^K?+(SAcc6x8I27Ail6Q%36x+`(H-r1I^Pb}F5d66` z4r4L6=3~WOUZptq=9;K%Yv?2Rzg=E%-bjh?qOaw)l1K5Wc&TR=&t38OtcF@ap)RD) zv_L?@A@^mH4MHD7t}wMu$)GY0ES+pprRJUn{^j*xY5@wTb26@awXc}?(d;Fx|96u2 znR|%jWC&q<2DuvaU{0gg+rvnjfGanY>GMx^Ez&8g-n(NI4qa5DyzMzZ@35Rmr6I;rX=9T%pi$fAgHOx90FdZ_roFG#3<>D)@ zjE|v2E2ie=xwQPnMOB26eU`=P?HwIA1lq{3noKPs`P$O1iXRuig6Dphp7lsg&wuqv zsn26$GHF#Jy*v49C}a#?`F?6|ANx1hTeh0|RX?Yk|0Ub{?TwmT`>(1@G!YW7n>`PF zE+&+f4U*6aZk={F!KxB|)ck&z*CI2NZ>9BTji7aMxJqR9&ngyx8}39X2fW+`p|S{G zkQ$Tah&jvRwhSwP7v9X=f6l}%xxK7%9ic)PUF6{G#ZtWU`IKJwt8gLZz3h(5Sv#dZ}XuPDbeK5BkXrP|)v5NWv89G)UmI;Qi zHMsOUl^x`*wkjdSu`r%9LbW6|S&e*!{{Ha9kBkT*epT4k2p;28Rt zt`gaod3HIYfivliF;B5ssO0bnSk8i}P34<3fMo!Y0cY#o2Xg*cYu0x>!v_ zm~mh=bak0ii0H}^E%JN5sCmygnsnSM{aVQE{`-E9U6;;mUq+Q5ShNszU8m0^LM!)H z2#;Mxylc2e82O!+!)0^An6L0&tl*ELKi|bs8 z5{0qpa9d&f+WT-_GGe}%=3-E${_=+uU23cbrt40%*s4x zw0VJx7S8;7p<8O~5>0LY58><$$pRTs9rb)I71m&>L@wbMvU}44_9!;8P=$#cq0ry2 zK)%p`BgUcoJ*94gs>s&}*^#2>!pg%L?>hQ2t*_QIpdZPZoH43|cC~L$A@*U0RSOF# zQcY-h96MF*a=CR-yMX!)JyzRqXD>wLW^%6&e+eN&4?2y}ofhfPYr>J7 zk}~x;PA#oueJpx*+}U*ee!c5$V;EexgV$zdZv8ZI;ZP z>AdP=qPOhq#;4}4%mJ=q5xu?Ir*x86moX~ITaW|X96)kG1NMFC4R)z72b03R83n0Q z-j-E9J=_4WkF-qo^co&cbzSLD7vC_UmDPzJ%v5(ARt|VnKAYb+^J^+HGIG@=Jq+OK zpgVC8FFl_r-`!c=4v^e=`1FJG*bNU113v!hzZr{;Dl0|{DP$B)ak`|cp~S}`4AKI0oyFEc8aOrYqIlC& zQVh~(>+86Js@~EV4xi+xOWEzu&mYU!k$@$*{jj$J3GqKe!gh5A1-)5xLgmo#)XF81 z17`Fe%nsD=d&*;%_vwqjPF*%idLZJwd0h0Hi4r$IG<)7*<=>g{^_1!-7GtS(?PS#0 zdDr024L*2nJn9hDf5hbTDwO%V7ZuKI|euNE>OATm%s&=HB%GI zDMs@t1utA6;g?$q26jn5>+RgPQLOx7Qbvy7ECHJh59Ly~@6`}LxlzxRnH%?fV?~k#8ih$g&oyQ(YxPAe5{YIkeA);j$|^3~=AE-`FR+t#wKI8v9(ddjX* zu&cI3hQ&fJ?$H-Iq*-U0VnM3aZ@%xEg|?qx(dNg@1!9yu85 zBpfvlElz)Z&-GQzVVN)vH_?baT_(K_4FUXQ&=7`w0uGWU3&y_6KSLTIzHvY>PszfyNHM4EEtsPcC(c=1S}NYIHl7+PBv|42?doA!4GoQgZL!5#Hl$_$ z<-(OtEepHb<57GD-W10NA&Fds2@iSV&X4r$RN~D_6h$t}ZM4^5JLs0cnaZdsL-zdE3txyUfQ*dNrJZ`&@v> z<*((++u~dE2$Iz@+6}5!=v+2u3uf;%iP>2R*3gxGRb+vR!6^zu@aF~g0|Po6+!ObT z6gg(5ay!J^$f9~>)SFG!-AoZVj<}P`pPI^)*FUqhm;>@hRr`3h^Ag_y^{l{mjO%1k z$P?_<_a9J2z}f;uNFK-^2;4vj0zk|DAkG=uoUQ!1^+H}~T!MPuGQLmlD*zBBoLE@! zKwJr2gJi4*gR~dUH;s`lyCF3Dciz(b|lTo5JAn*_-9Z4$=ID(F~Oge6cP?@L8f4=@)Mt3(xpcD02QxU${F&#`( z33{@tfdDuGmraC!Q4C0>ly95e<_(oHx^2Z0e6Sq;1DIj_b2a4qOoeS|MahY~I(h6+ z_#Y2>(;Dq`CWMXEvm`PckHbm=j;kU<+hi;?j&>;@Vl+WhO!OYVag!rw{$B~ zb>F4@#k-MBLyM8mloU^EK1#5D<0<;vm*;X?a!=bYZXw=>pCCh9K6)}@>G%QqiXU>K zNeIT7Kmrq&)%cwboa`HQI2V`CUljI=B-ra|RINIEVgsQ+1XkEn^Fq3{lLE%`- z!P^Ol{(8h4^tJ83p3iK!XsoOojCC*a!pxpIXp0~^Ix=#q?!y32aIaIQoXY3sBg~~9 z&tVP1zk-y%Z{diiEOgn2to#+1VK=y(!65^+2z(0}P1gMX(e*W*RbjQ=l=8x*ge!&j zdWZ5cX=JR8`t>N@PGscj7}{2tQgh`>Z}fZ6ENR*0(H1^tykO_;W+5R^ms~M^m2tCe z@Ps-2R#kt}TDJq8*#>#pk$&?{t*4AFRu4V(rHxC5$KMuE>pW}Za-FaGa*zL)e>B6x zkiftWJDN?qHws+_hYueyD=;Ejx<6s&L;ahR&Go@p-pa&+##q!N3yxK@Ji9C8gQr#{ zED5P{92PW=4GjspOq8_p5okU9 zdUTcLx1h$-jHqAl?EKZ}?WTMaD}G7Ba^BT7X}xLVN*Dgu^Nr(}W_eLKfv$q|i+-)9 zbGRm^^Iit|Atgb9%D>jxVv-`C#GS~G*o~_R9KG<#R{mhG!wcxN#{FjCC)k(QOuW3V zBnT7r11+1MTJ$RXQ}2tBio@&r%YbO0mV74oj*%}vg6>>CgH3K|V93i`&+!`}e|^4D zaI_Mq=Xm+jX;J>lyb3Ok6Q{}RCj0C;-i}>wCwN<`Kf?QF0!=8LsEGKs-uf~}WLsts zP3T4~TPRprtk`$r7m9MWv#4CLA|uKBesJpr62dgIpv3z_&#TfEJt|M@I!5qT)vXUs zvYqD3-M;s`mdgD6`P4PKUHt{#OPX&27O=BX0fO*MdhZSEUXnR7FG>qa`?nYgY1S`y zw)mEHhEp#|Gh~zdkCHQAW!%zLHzs^p=_J~$-hJgs&e3S;^QrXtor2T;{gwWKa^r5f z&Gk_g$!@gdcD=d;EJOt9_R#{`rpr&>DsL8UbMp^BjE-ne&wr#lJ+NB3f(pJN2HQWr=MWP1%e1F|;{E2TU3? zir_mexNhw4HL>=oXlL><>^*kQ{z{T$mb_^n$*p`|;Rnv{<$Cq?_5Dc0F);jpQIq6m z1-PV0>@lhr1#pdyN84c5!&y0maVs;xB|Y|zyK=_26n?&nfO3=BoG*S`!Q&GjF}Owr zge@CQtvNpi*8`;B+XtfALqr6iuTIDJeu%&qrW1Sp`Sgh1(JZ(kmLfG!i>>2=EhaUo zwD8QjR$hW_Jk@gO{3I-P(`Lu=KXSOx{hd*iYqtSL`v8gCP^;!K>^vdCKsQ=21OkJj z1FE&Yhe8wg%=lkF?kNKgaz?Xh>`|ah{3js(W;h_<$(i5PD^D##0JMAVE{hO%A*61u(c# zc&(74oiWQLsF=I$x%iD9409IjPbn`P$z zTfs%($BZS8m*tqwLnT+fhS?zvD+`J<1&SjNf7#&2J3a!^1gun3&49cY&UV&!n>P-a zh7It)zU}a#pg;NqDJ43;KPmv~3^J-zIfbM;KRSD1ZFvWRKZVhetbeqMaQIH0THh zp-wWnEpFs>;89Xm#AgU2*Psb)=>xV$OMY&D^v^R=`M$T;1wxWfK|=HF^;N1{FFe;^ z)<){cdtTGyPkLq%Oq}RBOHMR1vsm_4e*LteY{R>erhpb|DJfVgNQLn9R42A!2ZEv~ z2^YHT0Vldsg|#i!rLl=R@Z8I^$Yu!XZ2Y;`ri^lU zh+3r}1X_<~;V5Ka;$hT?C1Gefez2BwnkfGg2B!yw{eX@6U@s7ss{#8$iY14)uDfF_ zPxJ$ZDe&)nITM55>mW}gYJi~ffj7LD`w$c?`Rp*iOxUR_GGXPW1d(=daVEPFTm+=o z$(|iXzR$bcD=8K)_wGwCyUBuZ#q$HP7Xo{eKx@PtQiP;lTG$~O?`NF+_p%c3O^qi8 z#S;CcC<$W8(Tb;|E;__ss^aO3p+$;hzaF|x)DJ4yW+7VT3az>2M6NXU5bQ2lIP9o5 z@zEl~m05GjttX+k>o^Y;jP!yipsn~dAqMx%ih}T9|Dr62N#ycH{e5-{73^}sovwW7 zFZGJlksm99gW?HWCugm-2mC-I}j|T`z3Ur3f+CvwY?^G#{RwjVuAf;YB0{lfYrS zvUM?qQgcdBxMZg6T-f6)_?FhX0jiraZ}4rLv9PKTk9+-&d9R-Y_GqKS_I*(XjF!+H zFz@t|qQ|EOPZf+_9+ZDxP~_F){(bw_&ID8`_-1njX$?e2M%qqKV;soQW00SG7uXz4 z5ABlEXn1!W_k<6Q8860S%n)FrFt2}!!s}VhE~e;-HxnVl0e0IHIrt;==194N0IV}? zdCCd5?%xM_WNE+{#F}uT)l^vdO7XxrGB0yqPlei^ZF4$2)3Z&9<$oX$&irVHfIcmJK!NE)4V|@B(7*9 zETNr{F57DyH)vS=SN`7oo%8S?Aq4qjB8)srHvWpYxl6V}uQD*sWcl7l)xUbEeUXZ~ z*0mM(K#Q_y=&Gx8ynp{bL-%m7^gozef6Vf+r8=fcwuS+^+WxOZ$fVwwPkBL7?ByY( zpJ0epB7;3f1p5EPh+NsR8m9rChR7Ne>^Z+180iN@1Q^^TJJyK^gR8;vlkH32AJ2eA z;_aVNYQ*`y9}~fyEuKdVE5HG~?Cv@y6E+{H1lD&3tS>kGu0hMYi(q|&Jgxfu;cvc; z$=(GnKyt1F4$`kHV6aD$|Et+&LQ&u6b^2)6xul*oU$46+V^0u~vn?Z)1!8ML;vt!q3WWtKwyCM*OzjX2~VLth{{a6B^N+owxrUsh`m7oc0e3>NSu zG`>WhH~BAmv$7I=!PG1r|KEv5hymh6OT9B~_MG|T#u6Gl9qEMU`obA1mH*1sq~hld z>RT87h!w?B-R#$5VQiuCj)cv_@2Z<``jsE0b6e;HDN|Ae->C3`8!!Eong*LYRT0Mc zOZY*A^f2Q@hbglL%Yc7Z#;@Y4w`8LEZxrF9Q&Z<+bWq#O<$(41@O4HFW(Ql6{W5de z5k_b``btC?X&fPCM1jGTVQhp6c&PCq&;MZGbky%UDBA=mn>jqkVCfyKnojWdwDL{H7Mgv$HpXxY za@te3U8dyYBJnn!8h*u@&y4pn;}ny?A9?U0@C^GY&I?!@ExpAoj0#D{n@oqUgooKN5{T^4YWR36c6 z*MKdz(T`Q}vtO*yBIR#MKf&OwMA21@2B`WjUe!H}InmJKZM4hZ#s=XyY|k}%@`jFN z4>J7w=Wktw1HJIcWG_3z2;klB809|=YiW3JZJK<#^ z#=0*`c)MgnEY#d{+g-(`D5l21ofFOOAbgr>?=9cqcg^@6x1hQu{^#a%6lKD8uN}K6 zR`2gB_c<>+*G~3-nIQ1NnRDFJ*C06lA8WqsN(8fb|NY=^=@nyz-~;3l!7}^RVrBex zw5b_d{u_vs@Vu;tEBO~OxWW2IECfeDP$Dmxl3c?>5x>8fTX3Rvjbzf@mmYu;!b!6` zQl36`h-d?EUv@QGX%0MVSn!WwMV2pc{2E=qaR|I2lvLKaxF>DP(nP3RhWaq{p=F52L&lc(|7ls+Y zRumHxL<(BzoOPF!2}>Hei8O&eIs)R0V3iXYHJX0@>*(FT(kH+&XPjyu z-5-#L>vv;-!AZ}R&I$GvA8euP<&Vy8ulm-TQ{Vg#uErF}cg*dX+-4YxnPS1RbmNT{ z-qd!{#j+JJ3FCM+UaoN|AaaBX1OA~!22VFn{7)SNs*q&AZ(6~oSY69;-R-e+a6C>B zOb3b9B|zwp&n6PJ$7WQDpRr==mf&#yb@d5x6-I?xb-q8^W~*4%hIl1y(M}uUM0-VN z%n6#yriTG#4wN!_Wx>#PLq8o1N7wCkN(yH(w3;rLoL1O!HR3VY3^$O@o>Ss;Fj+?U zC_125`IUWnm15S$MW77O)IMHv=MyHPn)q|T`#n>8k}u_eH%3DHI{xq676d*L{$OYk`0U+b5?YSp0fTIw4EItvL+_U&(#{0sTRuc zkSZHMs%--<=yl!o%{o>unck%7v3j!vSg5n+(RS}Geiv+!yAM7-SXM^3w4Vgw3SFI> zDu9;^3WOlG;v9URPByjtf917rK{-!ZlBw(ykeTrzlqWufYCeo)@hDf;-OUy%Ebe-H zZA_OKloJH5FuDrv9YXk#m*5jK;npo#y9zHblnfr3WoEE6_Y)&fv$NjmLDk;$Q{}M|ug^ci+FVx`~ zd+8v82Tt*4)$JtGvpRSiUQY2UbTwUBJym zl8){!$;vxY3Zv6)4>KQr@w2CB@r|UDX1Zq)ZTQ4Dl0+*mw8D(WQea-8ri+A;zwvOB z!-j<1(Bbm7)hOc5xDBEyhgIX7M#IcWdTv${&Gs9}dBRzOZLgttgUrIN+@noj{olG7 zO&K>a63p9WG`(+L3`#ty(RzBTt)0`BAu1vJT>W+ciHNKPRJ@MF-anW}pP=d%bC3i3 zOfISdIDUmU-;KSvh6++9B2q_{ig=8C+!6FK%B@p8ke`nQH>6Na7=!8GCco_fDHT1& z90Hp2_gHf_Vj7_G^7ZsP(+rK956}EmSXdms>Xp6eNzf&q@tH^{T3%np!_=@TO#emB zXV*^CCw?0e3poQ@gdF&ccr|J1x^O|gS$z8xk7)?zBpKOV?%H2D= zBavMq8@(ZyaSHMJvFdRS1(|Zy`Sf4>NXMgO`zkV$O_RU(ouqk8LFDihqZ{1Y@zD~| zT|B1CQOmF))*euMN9Ce@$a)N2XfWGTTi2L-WtnC{Yx0+E)lj8IS!fQRc_m{-I7Xq&%c9Hu{20%x?ssbn*cmpO^IF~C&f7IM{@~BM zu<1OKr)J-7Z4^skMsh7$g2FtCDruW;r}vq#oAXHSHja_a;x_Nbj8a=C^L?hvnwrvY zdsZi=hVQnm)=pNeX{NU@`!I<)_o~^-KdtxE%**LW(@AwP^}3V3O7~%h?(zeP1&!fi zK?_0)f)42z7lNxd`vzSnR2e9isXuU=ZgwK#P1;O#yEzjo-Cy5MSS{A?ZpqJ^RS@ly zxRg{;s%Y0%A!Z)hHmn`*qm&nDYsCyl{^>Cuj`~@*QadVspCfjk3m~k9s%zbF zwmo5|6(=2GIpiR&*vH(+WWQCwT$%n^Y=vKZOSFxdiTUymt@4jDuMRgc>e;$F1{|dz zB938eoV`0<8Q)Ae)NR{BDD$SzpjA4K#Q!>Fe%C_05GhlRQj5{+q>qRo0?74H6L0N9ku;UI$kS8{X<7PR6srzluwpM^!hE@to9n|>6o`9EpVB_u z)oMcs^Jd)YW^@+4gTRU?*d#Gp-2NC*~3h?%M_>)5E zYSWOCyM|+eo14mKRCZb@_NtBWixz4sh^AE_gV3b~X2H&&YVDS8uTDv~tdm5c(~mo% z)lPO4Hf_y5+G1LX-cnOXC#c6f?iu^~HaF(`6rw9{Ykd1Q)9Yn|$f;1R#pTc<`=Bxq zT>KgoPN&#Qet&xDUkP{-4VV9^1uBw%W272c#2M^*2*6H;p6E>*wwtM`slm_%e7Vun z5(cd?|4CP1iGtN99&90037PM&1xp!;F`I2%N8kr1W<@`OVbKZRQmY>?DCe%_*=GyR z>zv!^7%GIB4jsQ)k?#>-o7RkIzPvWO7O72&pwh$Ceg14S`7F>LYc)kby3yM4i|Hd} zDNXGRA#=e&onpopHGWYTIsJWANBqKo!@{BGSoMj-=xVjCo+YOVxP2PX7bZcj)eY$# zJ4S-E5&%3LsF!*-iGuJvl1Z%!5PgIqK~FV=_L=PvCqDF7*y&iPxI3De{sHU3twqN{ zTXf?ej6cCCC3>#uQ)7Jr9>N~)xlJD%hsr}dQ+yzn{D)xRhjbubmoco)0FPl*4z;##O*z;GF(6Zl01n2-~- z^!b4&=G{tTilYI`7~LH4J|aCUwyRrqTUT##kS$nc@v43+i8713dioS;%*CPX_Rl@>!)SqW`$`OuS2vW^3@M3mkok zH6|x|2dYLVNJ{}C`k5#jvf1+|Ah83*`4UQtH1<7>*ree6Sahm6k~cM4OIbc@@(gx^ zK$L7pZQnjlJ>|b;^sWrM#PUwjV;#)Jk=_Xxn!yKI1wMagy2|Slt;@2ZsG4kmi!lm0A z!0M+l_ZwZh0H5p1fIBJNA-#aZh3syajbd7}b$#;l^U_xaeSLlN^6PxxHEN2!Jw$K; zCS;Ad%zp_!$ICBmBrMP%DgWUvudo-=0@3!2Z%O{VN)61(0MsJu>wk`JFD`mS)6H!R zF3HAwcJ~pW7GEi%{P+CPn?GD1hI34;!<>I|M7ILv!L7Jre{RZ5tkWOcl-G}Y7vS&|Dh<~z_O4|Hrl97aIaA|)hBlw&$C#heK4JCaD8bTRMhb(I zQ3yk6mEebOly}iRacAf&bK@e_n>H&PD%ZyD8I3b<50W4iP*N0DrneM4Oj$POg;Gt* z+Jy4;XwFi&j{DL)JhfFmoRp|zjry*kWRb*it?$LdOC0p3sXw>PT4&lC|#EP2$`bn~c?wM3R=WBFwB9j@tYql_yzU0j~;_$e&J-)Xbo=Du9U zB>HvOl`nX9Ov0qt82$BL=_;pg4tYO1Hb*rN{x!-1FDBhNn zQ!&xN(PDD(M&*Uf8x=1cA^551eSt@Sx=47M5R(V>4(($6_#1>E_;IMDZW2KS*NPLJ zVWa1TllDGQ|ET&l_X4rx7I(+RL?T_^E_N?sq==+UKI1*^CDW;d7RKi~D{HO)V{7%_`euYo;sN79F!ndGT2_4m?am9_d) zEl0Ra3lyo4%U7nN5-UC93{H`o+v6-UoLI=iqgKCLoT*L-95U%rTo9nT?8m6W@B2ND z*ft&Ga&75IJ}HTU^sIDco0KQ=o!h4G@kqYe$e2n20zCp=ZQp$if7Gyr@L~+ z?Oy+k%EzFddsvO1qAsF1I_>Rr<*M%2#<~Yr1~>S*xKtLivuFFKdNoH&QK;-(zB`df zx~{Bv@47*0lH0*fRJ+w38rgvgavUJ>dwM&+zr5Cd!eIG4!AR5gS@(=v3X$+3sESw)1hq`On6_d&f6`@Q!Bb-}!eCD}^`* z&NQ(`h);I!$D}kbNYN4iAPa&22baeCr=raXF3l)nAWmi|Jw$l7VC+L_f;n&_6F%~v zC&+@l*!PA{J`_@J6KF_x31e^!vms^@p9YDL+=0ql?4N@r~S zupjZ6VSH?9Im9{!B#KhdkL=hJvo67GkEi(5u4jUM`vFV&W@RLL`87TK;rbxv!O-1$Az| zu*9?0}!__)06Rf2gPj#4}Md^g-}Ad+Cxj@(BF@bg+OF- za@O#X3HR`})R-thwp~z0DjAjnfb7y{_rN`%-1&Lz-YfC}c`bU#9|7g>J_K!{!# zu5fJXFioNE?Ch)u`u$l-$*qsvnz`o_MZTTJ>>RHZL|sVoV__4#n7;T3W#?hXU@N&7 z+BU4^tt@(qyz4h6z*}u31MeRs2R{9uL+Ze^e%xVy ziEi)bFRl%fLVEuQ(jTuA3RJf)9#Vq&LyeCJpOTC`A7O)}@e;N$6N1YVkj_*RA=RO& zCC}X~BAo-o-PuM<;{*ZeX*{qh$kLD437vy>EIHY-*Zj_J22vY5G!YF9(FVN*)iUIv zR*ih)^SnBPKi%S77hj^$Y01k;tn%YPm3#Hc0a`v5n?&bpVZ>CAVO&zIbIR+-t+Gf! zHAQ~a&=^GV`cY5diP2vHeaLf?kQ55l3$}|9bk8-{P(JT7#W1=-ESF&Y`^AgowAC&- zY2WhH?YxtaGMaCOdBN*dIE?_BrPSa`F)=ngHt_)n%n~?yl8=1Nl|y(bEM{%yUK0Zm zU7;}@=r|%tR1kHC1JUo_QOO%o_!KdQy(0m>+II}j7DDbPQczxEh4PZzpAb@r7CB_! z69{ui*DbDBxPkKRdwxUV)?z!Yg%|k zp81`n+|ha_?(DDHMT46Z!EWB)i_rn48vTKv{eY>$;`f88 z7{o=K+xu}El$`3?JUxX$KG`4Wxqv|SGHMKVx_Kg~+YHEwsQxEIuca>m8oHB@j&384 z0c;nqHj35O1C(93k}PuET~cXE{u@`=^ziqmhWB-zmSiQA^z}VBg0`PQwwE7uCadG$aLTr*C~dF=6?#d&00xjr)y^yA8qbr+y);Zp6O>#&b=D}$KP%4E%@H`@)5?QQ_lYQ<`)x~smPKQd9(S9+zmuBoMdo)^Dt!gGMKchKvU9#@qVJy zH%%B-=nWAY zWIUzY(tjq7oewKgO@wp+=$2NY(dKi>4IL6>gSuKYSyUD(cQ)W61<=%h`)86U3fg-A zHp@Y6RVTt*YDlse2_kiSv^)RS?L1|O{k!w;`S+c(4q}uEb9o%Bp{9wau+`)P8}EO2 zZFRn}16G!rXmziKFj)QZ43G&ZONiL2!VK770Y}k!M?62O;hZBpu{4noDZuj&r$f<%x;~7k5N}`zilgLRyBSL!T)`P z{9tV@0cKp_LV7saU+pDwcs79;8PruE_dK%-O*8+SA(4GpDd?SEzmf687pbwPbL%#9 z6Bv8<@ZH=yVZuV66P#*Zyj|3>OD`#YtWmJG;^3KGzUgC9x!v!WS-Khoi@5J(W|l18 zmJIk-FqbGFdB)ki#J2IZNEhg;m(_Mv;Ro-ob}uqWG-;uwfVU}l$e#`^ zS!6nQ?Sk2hi&znh_B-pj**A^C9d_fAHbkX*qIZP4^$FLP;&!<;#%@hPqqeT)r|;f8 z!r$@3SV~I7*4yHC&ceJpe)7ru;=|02Qu#yfF2zj? zcI{nVee2pzqoJ+sCmfHp8+?0Hu|(~jmzVc)XVOs|n(-EgpHkkGLnOty7n$dEs4ae# z+_@_-Q9L*a%Ou(<(N%^5ozEVmj!gd#ZXUU@2Yf9 zUhZeqa4!KD&)<;n&g2g;7?$Qisj8_tWk}NL?KzI;Y~n&0k|^?`R~AHRp{5+(?>Bu1 zdY+AJ3ZAx5PXM=wy&3oqjwpoLx3fS60P4_8G@$+b>cq(XSZAxNkt@c*^KB5~!p2J#Kd^DGmBZ-_ApjfnPB1eT-tu*r8M{ zL;J#WCi@6gRn>0yf&qK2&B7*&rAFcKnHlrVvi$tc{0=i*1mC;2ckQ;j%6Dix76tFE z!wg9|Bcnuo^D{KOE;G;fL38>DhzzCItrd@d9*v#s@VqNfkF*tW|8Xzb(jqi~D_H%= za;x2!x{)Vh>lulPbGoX7hKQW(A{e0rodj9w|Gg~q78YM6WR2AN{q*;uYs}3x^^kK9 zZ<6mv+oa1tFA3%#I%Gu#9-P}A&AVeq~6U| z(xI*GFS(@7!*Yt0cJTMonf1a9R`wjd047$ej1So6u)|NBbaYCO+*uWPIk=qE!4+_2 z>U`fU%nmh3<+8VPTOSSou|&M{PAXu!a~dY+g|;b*HkP@=NsX?R@0L=qO})Q*Q{1TJ z)2HsT-MQj<^K%Ukc{#Aj_wSC|<*r?s9d!Ij(elmccODGC@bSJ`ok^o4c9*AcRwKBytx-0m;59sMRvIV%vl)Fi5eZ~EU{pLbsqW%%Gb%6Z{J zV6gaJ?`&-qPH!8J49hY7CAP;JwzG?FGHaKVG)NiQS;VV$eLnfdzw>R9y(Vjpetk<&`J_OfFI&T=bg0C? z%pSlvR(Ph}7l~{jE#m>iR#|+7#UH48vR=5yz3!b;_y0tP+CXsn-%z31@bwFWyY}FD zdO)x6UNq#1cA=>&_?_vk&x`RQXGFrLL$cULKSNep&ZTDOqGd%8BHs8`c-y3V{uzzp z$ALkZrLYL24je>k!01^9EOyETa99b39v^aB)1ecwN!T`r_HRm**W)YS*h=%J5>-TO zV9MT!@*x)5c$%tqgR+(LzwYreX;p_dwft<_R@bo$-P)e_2$-0|x7eE(O(w49u=!tp z*OoO#AJ%SAo%bM77h<)7hoemka$L$1(6zi8pVKU%HR!Rs9g&!Js6Hbl*mM*|PL?K3 z!=ykmV!asq`O>x6*DzOts+Zv-is>m^)kSf;nm@N*LF3Q*JVI zu|dbF0lwq(fQRvbbKJJN9k3SxQ0X1wM1ScDAEdq&h9}&_+l)|tCC^Emlg!>C)9C5l zrjD+2zI6H&<}sdkW+~d_Onr+5Pa;bPcJ9kmPP8R9j;%}K^#8}!dk0e8zyITRvZY8O zieqO)9V>e@5K)Be%0V(Cbj*xs7{_)(Dk0f>j}`|9MfS`%vWt+c-*v+KbGv`ve~Ws( zUeD)sU61Q=UDxBfB{|kYranX8kY{Wa%Fg3sTCQAeP*&d8=g#nA#`<8@q*jI;T-1)x#teKz#K=m_(Q3 zOSYjC%>a|xJ!a07foN%R8PBU`kgat15bZ9vwZ8arDgoqOBIR6V*WJN!Sd4spyv&s~ zlHMUJW6Dyx-jU9A24z8}sqLJ--FtTd5Q4U9ZM-l33ok~hxf$|;v0A@c`e4ax0L5MoF{S=B z4Yon!m_Ws6G$`7H8v>}on~Zl90C1$tQKPaWCnDo{4;C#}SbaOZS}t9zNI)}OY+`sC z+mO(~I52mQXbN%?Rg)rMaUdi2G?1a9yqp?!=YlG&K(CzGzRR?v-k|!qFrlzz@a);M zKfeODz%LcOd+$)adhxl(oK#;|1dsZ8g)SSgl_K-oBJxzIVRl2yQdwxabRXZ_ZTN{WwNdKKU3nEYABm?ydJ%ml| zeSZ02O&J9!uGLRiHrYjzY$2NWr&uhQ`Pga1)QESGvKtm&BV=dKELUffM3Iq^6&sF@ ze0rKJKiGHd1z?otP)txbY819&FZxba?)`dEmuVzD7w5UVpn2pU0?Is5>cVB`LD7sU zGEoBPLz{}L=OVjIJ?zelW*tu7r;&BK?DiKju6eVeGIM8F z7n(%Qt&D+WVBkp*pxt=neeZ;!wf4%$R7OrrPW7L+^^+gDK!gVC#w6X*@Lk$dKB=&< z5CII#}?NSA?%FVfnWXdZ{0x0s1o z{d-V!oXv?1yeLVE)Iw?`3clCo5H-*`G`hEJ*+BFyvK|+A%ff@iIrT(VHx3}RpbwKM z6yiXshx7by2Ymu{CcgL$>Vpycfdb2sWJKzN6i=UzR-D=YO|-mDCq{T+H5bkGPZ-Ge zk|O7+VWF16HQ^+^PkM|$Ua6UDSTv{P=jLDPEtg8|qq=e@u4R5DNZ_n=*m)b9j4avo zo2s-&?v&=HWk~vJWGPQxOY{TPn;#Lny2Cy*I(frL+rs zQ`xNKt=nFIUSYZOb?TW_!reex+KV0!!_rieGd>Z;a5^+5+Frb7qaFMix1_>`<~~wg zNmSSY#gvHTP-%f9{p%2c>>SUmx49fRhWx14@s+DtyuTC_+b?8}J{76P5H-O2rjj-o zabLZ@HpaTA$FrFYcDPKXr!|6nja5zC=hQ$+@#AZQ9`ik|dYRWbJZAD#3diJ%3!rh= zJf$qlWHb7sBH^44@6%TNco8Gx!uv}Q4)V+H?d?oO(7E~YOT{920HSy}zyOJdK(2j(0!Q z_q)zlE{67_tzP8cuAeTS&MxRc#K*^ zjNSW7^;kO8<;0J?)pvC*-bn9|6Ms{Br{gVK#VH}7BU#1igXO$cVl!`4{M}q!m~das zKZ1ziug||*s#xB4{7Bn8Q1glwv{>4JQ3~jMJxy(vRxST6fZ@FVYxfO+0)o7u z#-sJep4ntieo-d!Y+Ox7!4~->*gvJR5G{F7#wOIl;Kw*M2$6?T#-+cVgP! z>Sfh2$V8lfKL?g^NH`m_N&^$=Tg|r~@yIlwx~SA&+5s9sC&&cnk~JoS3>uAiHxe`+eP(OvBi zvF@lM2F0)Q;q@X^Lyl}6C6=rmtk2x z2qixE*+iFp3uKiZNON|F+{I$J)_1uA0JBbvh?(%#`h>#l&td4KDkgaoD7w^U{%&iz zq^74!6R|k7wdtl|^F=XT?}>5W(%R6L>E_QcpKePQrxOykaYV(Vm!EI{-Y`6NZ6fpL z#j4P=Ba~QCE6p^HavIdsristS(yM(&SySn{LN2W_!X^SB$?TKX_!9U#BB(Ajyj^bt zsIO30OeWA!rdVfdu~lKndmW;au0#)t!6Tuv*GBwGRpFnv3<0w(m-l1aH4r)(Ro-#0 zsj*U6?80!}bT7ZWS+(|{#Nx^0@~_&XB3W?#(7+(cgDEQ>Quxod_%=`wuq>ZFJG~vP z5KCkS`--n?cBgz49_zOvRx%NbE61xJJ>2Okn-Ylub0jWZVaV%|yN0WLIpSo{Q;wuB zfa)3DcNjb44TFr8m|@nQ<(Ee|%DT=50Ri@tnB^xsU#ehLT*+L6^m(!k%F-s_s=wTvBu+`fyb zgCr&fV^x$yR_^n8&XJCPQ! zTl?`g@|(@$`tb3A5EszmZ}6pHyB*Y3X5HOZMt*=9VK{p&%&m+1Wx1x8#2=>~MMA)t zHsNE)3eG=6537TFehw-x%Ai{>PIrfG72Yeu|LRhE_xWaG;PsnOBjd|Z<^^ehey2Y> zP2)QNLY50G&JwB^J+5+4UBcQ~aBO4i`^0S>X(h3rQu2t%+8la}(tT^hJb%nyLa)U4 zj@jQ$QzX2D;?TL71Rzn}Y+%|1=012^L5tw;5nX4%RrU$zEStH(*znd}Fh)*>2cEY! z6ql+LL`*p5v!BR+j)})|OvL@@o!wx@&HO&D@k~rj?8cjKYP3>!K3&}4qxW#04DaYo zGG&oo{}#l~S$@|q_RmYU3xnO=w`+WMvGP)nRnjR?HuX;XX4R5lz5lhlbzC8kJ#YD? zeeoc19OxHhQ*rn63niq-vMsA#2lcBd25-{JL3Xz81ZkJIw;wG$=6jAg;oAMqHAltG z=2L5E7bK0`)7h+VTE6#p1ScCf3qIfUzW( zq(IVWAPV5L_`LnE2Urnn7nXtsFe-764kvU>kcR?3gA6b+L)id}-z@Yj?N_nhs##!M z=xqGHANvq%;MDk=-f6`T$)A%QuBU^}%TNzX?M$vshV`AT6srD#?nlZPQ2kyj1E1zs z`Z$W(Ua?JNb%7Q!hX}||-4=kqCPx&xr?DkwD}4ej%P-zJ(GtY+)iLoqQC?e+={zN; z?Q0J2`eF={Y!3my^!*HL2)QX5B-Bq&LdTh+GFmDRUgzUHnP zV4dnpuR2Zm@$l2*zCN^ma1|JsjFgm5Z0hoscxKioU)3`#*=mee&?Tjr+P9qz8C#4Nac|9cLY(oHg+YbLr^McVin|D+q(mY5 z{LxUE-nn}%uoprv)`XZ0zj|p_C0zcU6Fpnh^(s+0b~g1gv!DU*8(C);nCfSbjOFUm zJP2vBkcog{g{q#&S0s2tZB`K&%O%Fx zrnjBZ*rSjpeYRF`@dRaScHevOZ^ zFf^@fIa@Y4aeW_P~*zKL&!BtW2+Gi(eG^yhs_bry3S)^hH zxe95zG?`RaV0!)CBw(eH=mnIAPz4)>>D8+@&&9IL+!L^y`Z*aL?K_onNbVQryD=bR zIS+?=ftZ#!s0pUgo}6+|)k+dJRMO6Y#U+D!9YO*EPvQpGR~N^3bE3X0>8%q5(PHAY z=mwtH0D<6ayF?SOoKT|nw4A+3nDG2}Z&3X2u4+SDzbLHmIwt2{DEsGova3R?^t4c4 zwMdtkGpdX{I+78W5SPTKpDoiO{Edylbu&A!r^8nR>ynSwq(Uu^V@FN**hQ@%1oEo< z$Q`YA-(OI2!^(R!UuswX>$;#m)I|{{>}v!?4q{1VOL?0mFo zNwXQJb9^}!6gn7@my0^jo1G9O>OuTEc$#h3jQ`%VVN+nB<_1_Tcc=YLh!f}y#KuKp zH+*ySbQs$mw;A6O!LcfbsfY@Xte&>P1g2;EiQVugKrxCadW9DLJCgu+s@G?TXOm|u zqWFMY)^g91%B5_nSF0h>j0+_T-2y>L3U>=-i{BU%^mWs&A=*u3YHjW6yoqSiT+NLk+c)8wmw&@}+A1a^ByD9u1o480sPCNYzl&_!F-t0TlL{&jfeLrCZ zk4(RPjN8DV`jG_)Aj9~Y_1jY+tDKllV*AM;=oHRZ2xC@>B4Q%5{s2s@H`eM$Ot>L9 zU5I~o4LaA&$nu}4Kuf_&ue{BcbIETepYP?0gvjYIjIwk8qD+RsxQM!W#&K_ORSU5T zjL5WCPe4>oUg}jIw32o8dI$y+p z>de685L7)a4=3`qT^kZwie7r0gy7nnI#6;G;bz_a^r0)EVZ=m$83fc_r{ecfW z$e@Qf0hCKjnKCixEhD%|S$zViKr*DhnQ%t$tqjuf!TQHo4oo>5kdE7YoD}qJ2!RCe zrAr5^TP2)q5Q|@yF5>=)RP^w1NmfN&xN1FIYFB&Eb`WPbw@y67F2d7bb#hg-$G*IEhKz+AQ z3iOzlM)6}iaetfV0qqTqh8_(~eyP6D)oV*17IfaNj5IyXJe@KGUC4)}MaXxAUiR%y zVnbz{*pXgKiX3t_KtR3vgwED?mqfVVyqL-6Az{5};>tXoI~8$4B$OW!e-qqRIqjnR z#nZ4;T?}1%prs|EhtV5t*^tky$LF;E{o8W2mVV~c8O$-AG_i|_$0YTaS@p%e=cxe*3K)%YdMYb)akCm8a1p z39{2cK@7N|psr1M_}ttOko<4*VPQB1Rk`r&8~+ zF_G{K{|LG)iP3s{XRP4u7%6h)xa^fs))Q|Y!5S+Cb+3!5P5U9(V4p=<20i6!(phKn zo&4XbuD`}r1-*bhG-CEUvJ$?pi7BdpfLdoBV)t_inB+NzzHk9_;8qxpw1|OabAj(|8mjztw)A4wL z8vT-RmlR(`SIa=-@=b2EvqegjcnP=NCyE2CLMoxmx9Sx(`pVj#gLa;EJcy?3jq7Kq zK*M??45#&Q=rMFNq#yFRV4$%9OG|fx&ZAhsPJiXA8i!8{C;Y0{xz(EyGg|# zWcmwbOHNl`Xw!y?65d0Ajv-0OxLtaLef@=r>3|AAG0qiTT%|?Z6>Qveyn0*U6mlHj&8t`O1GyE7E&SAhioT^Z;RJ59$^@hg9-iaXTj#Z9^;Ubgo2rO5rRDn8?|G-S6{ zTa&Yz&K}^CoU>m}W`(TUL6W^VKD5`?V?#gCD`%)kO2Pj`$>d6}#M#hL_TTu)`ZB&B z*kYQcZ~bXWeO)cg@6ariiT;T}-VOwdd6z#_p`&4a@H8CI8yrzT(qX zuEr*gxmBW)R#{5VF_DY%Q%MIMnIuuqtWu{lg5uvV7pCd$FDO7w@4Jv+2yGhzW*l5k zpT2tT)Xk;;!C+mI>e5B&xIIA0Eu|9_VIcV-x#!iPgJs-}(690|AG#N*AT+QodHt zq@dpq?`L|1?oC~eUasOTW%|<@Al)VV(l=I`kJjUkM4lWc>D!_17jMXwT<|v#*XA1v zH>TbGX!^fuS@|REXohetP0gYOka2A*ZmF-!b>_zKS90yd;dGM=r)zuj4lS0=3Z91H zNR~}$x?3Gv1^e{Yq#d}DY_h!ldbma>&*Q!UVg*EZ}i}`?yXgO zbv6)&Na(-+$oN}>nvO)Oknb&b(5Z&jMkO?lMMV_M4r_q|kCTM&{|4`P;r^Yu`-Ryz z>aSL2gjc6XJwRnLJ2{c0fz^@ zZYDG7z0avllzJDKXLH`3^93P|g9E9mn*A;hOx9OHKC?CGfv$%(%ueHt8E^-H?^=N+ z9IIX?PLes|M!oTi%FbtVhv`-?KwcuAs%*(aM34$FPf6@uGygk1h7)4u-q8Ks6Bc*x;m*yWB7%21OL8T|H=<%$AiKdFsP(<1LJ?#j(A^3Z z%2EAYCyF2nqX8P;Rv37#j95fM*W`Ory=?GtC&NQf$AGXQO4G1GVBWHtuiiiUrsZKsjbV|lNkeKkc|U91 zK{dqdD+l6C&o$6e4MgA4(V)U$FeGLtsRB&xY};u;ot%pM>t_wo8@a)!%nf1+-|CsD ztyRfX6zke%%+4iX(I44YOs_X5tR@;%hmC!c+Y+C_EpX+BMSdutLas`1-iY`|DOIh4 zxcde1oTPf@ojYoEpp)k^EplS!%E_Uo#iprL%he?(Km7eUg)Ze6IV4tdrB&-M5N2Da z`Z0Ku;s``R&I3=jJtwJHE3wZ{qwjm!?g-*9od+QB?6}TC5=c{u#Pyr-0Va>fp!=S( zpuBr-%u5uesGS`fDh=ck$H@vEMQy%apiZ~XDRlGd2SJ+vL}V;nm41QGXK=RbLuM)E zzlYkM-|B2P70bL*oiraCK{#5rJgsYaDzpPJe8$&V4A*bwkIyGyjF*-O{`e)@Q`$yD zsHX=QkajmGcJ%Jqik(U zKt7rl8CE#Ap3zvwg3{wLXY2>srkGO^(=ZLb(Vp?UEXQIFaDiwg0{$i0Lb75^rj2!Y zMhz$K-gE`dS?b*IdSW2XZ9h6+Z~vr?7)JB5R_u&j@oeG!HGezL2$?hmcIA8cxH=@gKWF-P)nLdGiWsSXWW5>p`I8y5qc#n~gto$N!hkmR zGRFFcn_mk0+5<#;GHa_j7eH&X7&Zg%{y?s#`LBpYv%1T;glr{(FT6~E;rJ7aq5C)V z@1G~dGsa1HzL|+n60{M+RkqZ^qPWei$TnR2(32-7T}dg-#?&ia6wxl3}{=ghss zr-}&Bvc%ry8~59Je#{N{e5CuG(WJJA9W5|r^^Y{lmOt7Fwe^YN);mp`{SFakZZ;7JXw6t(%_Gu zxwhQc6g^UBSyuh#egOk=dMZ98`=wNi+uXo-IR$pY2Gi3!8%u@sm}p4blV9zVq@qKW zTT7ykZo`&J4#ye!vW2JYWSK#U8>(2+bFdKZ+2G_iRu-1m(8$D!kmUjKFh?KI_$SAj zNpx43n813LOMECc7Mc9@^2Vl=)T-XWrMqs>N$jU#3e)e78H$(mUXq4Zbh%dsu884` ztxYlLmgQBa>o-Hc78W=1m?1gZv*tNl#}D{Ey?7vUV8LlDzK*x-w$6TX1Y8|wygYASrZ=(vIX{HCKD zDVR-U*S6Q;$9Znqr*GC(Qen4B?5dB;oK<<&_W`-MIBq{c{hVf>3MKwTRdR4sOGImz zB(7Poiw-4ytLr-V9v10=;`tZO7<7qe^kUiTwf2f{U-hE@*=3X{nK=|O)*mHuDM>*a zA9KvDt=Tx&2!r+`$EsXsuPk0b(jsjl@~G#)&lu4oaAQjlF-xd_-&3~S45Y%&4<#!R zn(6>N_ZFj_-VYm7J^X<5;#W#F8oKbj=@^NA$e`LqtF>_*TBL)h7!DtQ-|zRzZ-XPh zmKJ&X2YYEtQqFLPbVzJHMYnW2>23SJ9T-4adhy0Y@Br%0CRyjA>@{`F(`boWwmqX{Esj(Rb2N~IS2Cr*$0p-pQ*52b-bv-1?7~=JUn5G zGusA(O;)lzs+77`ttlHG32rvA(jyc6d@=9vA_cgdp+Bnrd`rwq9B{>$k6GPEYG#i4~6IOb<4j14ogR7!ha1-SkIN6Kfa1KM{ygZ(w-DN6+$ykKxbvg?0v1buZ zRHSsLwGlj`W+Z&FH?p$6d5QYtN8!`S9Ytw&P+{$)`6Jmu(@bUfPaYR4PT|~OMtWq0 zek=<+DsaoAS`}*hvuLAI5WD?XB7P$V0D{5VyIonm7gq3pJrDU!N}_qh(F!BgCeoE~ zy1O?lehIfANeiwpE`dQDShuYCXD`UHH~lpDywTSSD!?iSijrh$Nhoa(e`iKXRQn`d z^I43z%YY0!7A2_ACoIk3TsLu{t!=R7DCdI*mq{dp**W^GP&gSD)L_X&M8T`KriO-n zwgxx5h=*g>LvFv@JHP$3%>19FaFr@yLS_P!o4@RBva$ruIBf_~@A#%lKF45)eZ0^G z?J$bI)%6#KKyWd$r$lZ+5Y!J@wnxQMVO4A}QdmU$pxn1P%6mjhi~ehAuTg}_06axj zz0LZtDXf7V3?ElH*cfAG%aq%B7XBGtKaG;=P}$i1q?@O`U)x583p?m`H14&L=)3*Eog+;{vPiLAdZxTZv*Hcc$yT7| zltoF0T5tz>WFs>2?m0|415!T@?%|L3wo)Ezw=w81Oc%6=>H^?d!enDtNhCFy zdHmbj$6RQU?5@g~)p9n2K^W8^)EH#a?E!46mGGaAgp}>yIr@+KU@=lwgVO1@|5`Rf z^>!FMTP;br1039yeX-lGO{TTgtM-Kv;GJd6wL@6eHO_H ze|+Gf`Pg30ML+yGk{+kc&+ug*gF_<4+IyWq3sX?`7cVk5s4X?r_;=*ruv@kC$1l8f zr|S77*L<5soehqAko!MkYTRbvMpg;^^gB;T&g+ODlyV}3(PTcwW6gLOo5?hA$C>$S zLLPwHCbprQ95Cle=R>6A+<@;8^4>5Zap0(`S{D_TPY#up`|SfbO3!ztR9FhKd{pn} z?+Ui2#WSqw)Gi9%-8XK<1U|?hweLc-=RjP5KK1+QXeCQ`kLwHdZV4DE-7uj;E`9zn zbr>-{$?`i6_nH6gl89H02CiD*ZbWS-4ejC6Z&|;3?>3cEYP)OL5@)Uj@d9`!Vx+p= zrxfIJRAPMW7JcYdFb!^W`$oZ|hYWEZg^`zyBdThxUl5Bor%PDHahYdM2dx-EiHe>@k$o(P~{6~2deBgK04UyahLS%eS7#&`j0m|zUxLlxUGhY5508XYaR&t+7S^e-7 z@Jkios(juk5i+l1(4X`LQ(iqpwAboC=0Tqy4mGK}1B%)r(fSRM(~vae&&uu{MjNK~ zeGIVcDH%5GHfEJaDOGSeI_R(eSFCL&QJD_F7sO#E38x4>vT$>;!6EZVj!1;)vG4u+ zeX9YdE;m2bf)zNf1}leZz!enRl1lESFb*7vi<4LL z$3M-CrU#=^`kzsiQys4=fsjnVIhoQD<;vkfPw?P00+B04q||-uLmMm7hr%X-QQ#)jS3q`jvWGXYP*hE&49^(K3-l_ z`I6UI8J?*Wf{++3gfa$X(wV<8XVu}b;9iC$LIe_M&r(f3)L|5_4?`)4+x~rG*a3+s z&@%R9-d7JUo7X%8p6MlCj*c1gj}qa*@81>xE3PAWPN|ddsqmpBPNA>AjooSn`&=8d zY#f(4nBRHd>uTN+Nl0gg^`E4a84u5y)T_OfA6>MF&M(D(j>P$N==+`tj6~fT z=Cp~{z=?SlT;F{M*i($Hq})j}s##!!(h-C9Y|$F4%{-SSIrVnf)|#@bVsUmPoz4+H zYpTD*(-auWNg{=`p6C=3z`d;C8lo~>pJ?LN2cC4~zj~Rj)rt!O`5SMN6-|~jrBs}= z^od2O#0c!OaQ+_ukh2ak%-I^OPHm*;|&1$+31&1W0V>ck{TjAa7gcJU+utk!fLu1RBTEPa|!XWBS4k zXOiqgNCzM;d;-a^^#I5G<1h`9hxa9e4Tba`JPPwrcOl-iBNoTNK7PukuTB|^@}e{w zTcT`&;NlMcZZ28St!myvUOv82c7#Op@aK1NP7Xr2;N$viQpNo^V!+XK&$_-B0As}9 z9=^Wn%(e58A4NilNI;YwAPJ-bE^EEzyHMFkX}3@MRtW%J33iVj3uQ}iQFr9>E1z>U z(XJWh9v15QZj;M2;FZwnPlNUD5_+;N`C( z5mbM^R>=2=T*msKnt9fRQ=OA>t?}+CDS+Z42Qzj`kUL-T0DW9s^-~QRW7{l3c)7pPg$$lI8nUteU?H+vx+X2?g5{h|J`Xv03@5fQFWstx}inX+7 z%-GepjjR3QG2UoEaWPDY4>wk%SSv?7{jJ}|R|ZcZZHSoKqgqk+u?I1)D2SD%g4Q>B z)yrV>FPHe@AuTTQWkA+jrZmxV73X!{Z)!YjP+tAq4*qXeQf;`B19?> zheC(W*P{06gOi4A%h{X(Nrk-Zy>XqDgaCf^Spicf)KW$SF|U*?Ykwe|3l&Vf6_AkL z6yFK)G^`K6|E?x8ru7}9dTotC>kHvLfn2J7!+>mG_ihjfelDN;E$wRyLNtLBJsR3` zmP2PSPWYxDe$ei8(%wcwV_*;_7ibATx6j@2CAb?J$!Ha2MIu8u_`BrAxY15yiG zv=8N()@JxIO^1)4r|@K@&ozQHWbVZ9CSd%NzDJVCv1tG=B)r$(eDz!kE==K`vfrqf zQ-wIgOoQCgHs)mSLUI)NM64er+0UT5l7dUD2rd#{xMuyZ^7_>a7^&0R-mH6UT@ktn z7({s+3fG@z%E)U&dx_fX3B4T``&kPt&HMdN8%k#3;TD8*rY267SNhYZkBG&9ex339 zO~Bz6NNw;+&VKWtb#wd3rv z#0LSz9rn`*tIm=w9w0d;pS120d!`fl9O9B0#1bsVdL`S@=RYoV5G;0C?@8-!#O5ba znT-~-VrR~cah_ZUjYeV2HMx!KQLSxP8lR6M4xv}k0mZpmmFHcy9`~+ubn7adpiOsx zh9BOv66;Co%MI6r_gF$7;N1mMF`Q60GfMa~bgF}!nv28o`miw4BIk{(^yJ?dB+0VR zK^2dc3<=lu1YFlJfQhjuPIHK^{}BscjogIL~bD!BhFGHIHo6BOP%y;hXSj0V|@Ww=9);htx>%bO@Z7Is0|+ z$I$b`qf4#ng)et(=c7q+@6oA)&k6($&r#H1Rrxib57hr5jRje|=cMa^HJ7^s@b&6V z0Q4oi!9p#yDjLnU3t_v3o=PyA$;2vx+BTMRd`iS}$V5z8C>7Se$ME@wQ6gtlBU2~h z92RmJCx*n$+()fm08YL6-JALvQdxNtdT>aC`vDMTJ=pJu=Qx(`)c1Wh^Hk|dpZ2O5 z5T`anDs1@MzM)D4a~r|2=ojh0g`YC;*nFSQjT8G5ee3SOLf1#BsJ$-YE3RBN4A&y*k?;q7D+%`J_aCUCAH6asc?3TXX3PTw5HSY-aS8s?Xj- z%I5y9>=233VW12K0NQs^fB#tFr^8mlmNTgX5F-W6fGlZJjjRa{1sYmG`PHTt^GqILLnGm>1J9&63LyP9fn<8Ft`S5PYOFJ9_n47taBV=a3Cex* zQ|G6Njsd=;HHGltnP7X#j4S~)JW1)U?kD223Ye6<-_N_G$2o@^5sMz?8&0cdzEEK= zl4GTS=A}nTkIB48%0UqW>QRI<^gmuHUV6f2uo<0M$tYIOyV;EpFwnC5#}KaYP0DxLeyvG%gB(R1jiyREwYaiIqTzbeV3}<#!okD z6ekdi-n2*sURbFu9|Zs#>DvX@;r)K8A$UIV`RYh&;EZ1b=#46lk~iV}#?JOyiIA9wSo|h#vEZ(I z`TcwYEfoJM6pJAkIom1|I{olPj75hJ_Ho6rY0~>?c+8aTjrTXo!Cy|weEhSELoUjTpdnJN3T>Tq1Uizd|$br?4k@N&ejV23Em{)(gE(fac;53=84R3 zu^O{{>f|lkqHjU46!W|BE{U~!N$rWaEO|_M=PF~keUq2*(FKR7ue(+J`U1{L0Q2?h zFHN^Y50$mAU5k3nc$XDY+aO{dyisS_U_nlSS}BRJN2Iw8-|YeE`vv z;$yuC!l|+1$1llh+j7xvF(QAzAc$rlw9A77`h*zO8ABsE< zhX1_h0ubqShKa;wedYSL_0`X_4*iV+5*XA<;;Gd}W@BTBoU%A%N#ICa<%~ z`s7Q*0$=An^ZA)&X7-QwF59&e=HL7Sg~NNJ*Cn#-qzK%!^?_To$QtW>x7OY^?&Av%#^>r0kwE_ru*`+lk`q5G+4g5mcSoTwJrTpQ zp#F&Aj^AkA*um1<9;OOh8!wz(ol`RIF_>A*V zDC;f$!>A{8sNSuI3--{#f?HU%X&NhffmVrOfIr;0LAK{mAAp7pHg)d6^e((S1&(CF z9x<#5?h!R((}fV#4-;Aek|2q-Qt{b`fv|4%y8KcYJ+dV_bUSe9l2F^nl>MSg-&{X4 z3dBMi75304UX*-sv9c+ZUKv`(-BZF3&-VE6=Dr+qEZREVsp;dFnE7?EfvkMPHX?>Q z{Liz0bHjTKMq{liuOL!>>nuEV&3t;vgFNP*M8m`A=;N*#*jJQNnDiSw*1G&ao! z5zuFkBhguQM}7dm75_}2WbQaH$sLGAT|W)hA!YkrdG?)e{aN4lCkv|O5jcryHcZN9 z7$tJ;32tJi&xEKW1Z_A3OK97z-B2QkDy`nI&}mbY^hg#4FxrV&qyV?=l!)nhAE4o} z5>&zU0)C;A9HgBseQDuUMZC1%%A29U72%_fpiv}Bgg`e86?WN&wTgvkP-r6|obeU# ztl8jG)`l+X?U@n)XKdvAbCLx`4&e+6!WnfFJJ+vP)0b-*AMSieAUDPlQlr^^>bVd_ zW3qmBlrTIMYr7x5T^vWO9-tqRVy=T)OtJw$X@-KO1_n_>=}(?rIujms4FdgZ zHUoQ84E7}ha)Nk0^0JjTuL9Agfh$~@9v?uoL#o3}vDj6Hz%dmG|-i3q)3bFYfZpRl^F^&C+CUo1B77vVfsDSc0`-R%^4} z4IuY)EPIdL{X6TbBE44?! z*H+ZZ(RIHCxF7=jaj5~qu~Av=XA0o||w?;^@`s0Bfxx8$zTLNYDG$7M$vnKP0H4-t$^7pp+2wi!hlnN}v`f9s& z(N|y@=o~gEcY6VP%^P1qn(@g(30)nGAbuu?*HDhtNYWyf4<2e^tmkEL1AAKAV6Fr* z;vP3q@7k`yOJunFel+y&o{VMLajtp#UC#O(cm*wUEBrX7mWDjq19FM$Z0uT zaGd;68e|e=^*-jxsi10g=y&_rgK&RT$xC#;POXS6#L9C1jlG|-f@HLvuQ9mxIL!_3fsOpHTX`sy z)xG`cSpq+W4{PlfKrT`NvEC(4dpJp?sGa59OUw~Q#$!eHMB>YciOA$A0sJ@yz)P}~ zbe!u0FY5U#CBh1Do+*$}Ky#C)7JaS>gq`J6H}*k-ujuO+$@J*8h3Xw%dw{lvirE$UM<0=j|M6!m)AwJOLb1(R;{BrK<`{cAD^GVxy zpu1fqA0?S|ep{CASU1paTG zbMw0D=Bg|w7OH!=8cg<{*a}r}JHpu#Ou2Aw-zt8K9-0M;v3%RnyH=M(2mJNo!6%zm zKVn5rGWcoe+ld?+y-B=l3ZJ1P0oq-xX_5L^*sM2!a0b#mi_M!1eQ!^0d-28a802~Q zs8o@o>PuFOAqS95w=vkaP$Ckm^NitY3ZX?FVm7$_Fs=gVu%BtE=`QBB1{qsxnq=OB zoil$H-^W@wEj=|m#%}2j|IBCbF2qKl$8FTBDi@;Tj-l96ln4f2x}G9L&ukr{(BE5S zIerpygxbsI4cq?ZzA+IFU-8FZtc2>WTumSA&XJUS$H!&${%CQW1{5z^ zfJGfEr$(nIAljRJL`Hh{o>3YVvD*inTZ#tmUhmQTomnthJ}5FI0Mv%|lZnB7Y~6`O z;w}dYm+Y*N9`cm|l1x@25PifWSY5FSjQDXL_!w_yZ{38BxGwm&})=Bb#>DBOgt|ta43$ytuB1L zVb#)+X|Gw@f_E!e3F_G8(cOGCl~UOZOnW~DXbdut_WzAhK@0_BBV6PLYm2N5VM6fT z*1&CQ(;|%^9sFT3a_l&fj{8B2TBRgbbAaYt1mAlPtduMfw^FD{SX>BGV?b8a#W`eW zMu;Bu{+dQtFlu@+RN80kmz)HfmHnNl$sUAG^7jhfkfP$5^tKnkty%Yjs0-F~vx2L2 z*E?+ABwLdko`23`>Eq139#LT{Pwm97VN!S%zL~=|=U>bd@rC5{n!`QVa1hlG{Xpw4 zT~34w&CBrB_$qP&ZeV!XC=MmBBgCTsDm6yT=V#_MFH1rI9z7bQ8mKwpaTUVX6EG1h zMoMe6fj08Yyn99Wv*4cC^tkx7gXcM0ty+8aIqzDIO$0w=Z=x}a!7jMubt+-fl~TPA zaShe~nz8*!K`lMo+WW+iYWnph8E>Eru1q}NdD@-UOi_52#5}Fc-TpEODvcg4l@^(^ zf0Ev{S}618kdtK76O-~R1|&_^^25I{YF$QPO87>|2hJwB+yt&6l8ED>c z>meK?$gzL{q0vh>5Lk{!YzEKM+gCXmRyiYAE7#2%1Mt>shhlMOM#Ga-gV9UsO(Vsp z!cQ(1O|BV4BDs7geBG+KK6MO)C5HCVuHEMVq@OOGvOK3YDwKtL-HZEZ2y9EWtmpB) znC}1I4m2z zsKEx#&9v_>6i*zej@-uZ>p{_o92=$@e^EbmLsr(?^LIn8@EhkjjECZ73-B?7A zLKJQ*I3ObYhSQ74GZod&6v0AK6Zf<&$M}#OqDcPsD0X-Q`GE%>t|8>u*6%An=7IDv z4~xjGYRT_B=53y;YP1sfw>ymdLUn3o-_B&`?%O#Q0RD=1i?!OG>Z(m7(SgR4FhqM| ze3K5^kXW^Afx7n@H)TS4nF17MR63u!seOVd)+f7hc;N?S9CWW*zZcF0HDc8$#o^Z~ zaNUZ(C=t$qcYs#a&FxkI&Z|d4OS7o}va*R?6jpF79Cw-VpKpp6%s70@ZS7~|*srQU zgRa5p7|CF4#3b1Ig|x4OGS-bB;1D8~Fzh#)d)T33y9M{@bh%XSS&53W(koKWky%RV=9>51~})DK_3 zc|!>+-H4?~OQb}`smt#k5Z{t6M1nZS%u;@@Fe-F+BxvFijzRV4_JIGwF{RWX*Cdtg*jbAO z3ux(=)C*D6BGSY@nJ|dJ3^7+9T)GYs?!;)LADnZd}2TO{TFqV-d8n`vkADaTTi<*JNn4$AQoCphL6(@$PfLc z<>yqeefhWl)1yWlUc5WW0PS(+1Aq(o$NG2or;-C6kWy6iKC$l{G4GU5S0dagfd1lB zD-%Gl*1GdhB55})bA?)gw{W*_Lc@9-9=fxW9BOK<(F6-0h&oDK&`Jww09ctBloh#g zM}RxS-NUPLuM!#sq?X^UFl?Gk-nU)t5IGfDF(|D0Th620H`X8T0rct<5;@3Aok_8B zRRZfSdxGFU`~1NT)Ak;S*;QPsIvkg;5}M%Vc<}U|yfP zw;?w!6M8K3R8aAoyw_&YepyNc@M4&6WCnW7$Edg?e-?~1`g0$)9Q@r&y*iq4p`mnK zZ~ogP!ny6bnwnbPExc-!^$2j4i5P6vN>3+S;1EhVb=Hje=w2>>8Q_&Q?qV)*hktG4 zdlA?{PWo>INhq;N9X%}EzlpJKzU?qSeCpBw=4(Z>c;2F{=p(H?qs0pdr4{ka9yj%8;J#p0T)pzfK> zfb_caqh#TQY(-0%lBJD${8x%;JD=F=d&p8KJ}kf)L|Qc`?j&CbSXhnyd3Q{JGLCon z4`Q*L4@x*CfhP7E~qU*(y zzAn9JZX30Jirr|?{kHa7#RP6O2sR((P{BG+;+MpLH8aLztZ!k^?sFnz9-EN7Q3K!P z^8>P$Whk=sPPan3hR7rFWnhbn!s7z)OaOQ(UZ3L0TbXX{kc7><#9WpawLHNJ;+19U zVM1C^Pu|L|k5)*okC9oz!EDO!DhA{K(4kLiOMg)zMI9d(^{Y@J6Z7pd8MYr(3&<~b z_cio=CYn-FTmqB}ZbFk#4&-*~v{2Y_p98Mbd&qFe)=z`Ur|P~KAF<|OT|(>%_@#?* ze7_&aCiSP}Son5c?YiDlCz5TBjaZ96^1oVq2wbGf13SGfN`YFq z^>iqv*uxKhVw|X0{Qubc?s%;C_y3cFWM*WKJ4q$n61ruT zXjo;-PI2Qdm5@zVWs_`v*IS(5sn7S1^EjPOKve#BIRu&az<;6vRj}oDSt( zAWFfS4Mg3c#9gh{?EOl+}se%2_fX&zdX}j2FP^BJ%liw>%%i` zyoJyg5dw^6K2B{+o)+aT#-j$#Wf;m)6(aY_d;H_w2T8ByD(-I=*+0{AW!Hb_Bj*-% z!^IL3T*(K|-EQ39oK~$bpqJs&o1{B7230orZ!1b*+!2A>3?=`O_evF zZ#z3WP{(2RqQrSYI|0CmbLk;G7vS?Hg+_jg8c@$PVD{0|CCtR1h6???`yR-u*|S*M zO8V8UMvSx(=(mY)0qByD|Nin{OHP?7QYb&Q?2u)?ZD8>7$1>A4mchTJI>tdXjjVim zHW@BL>q!}i-ZPn_w-`=bhY!PVR1S{J`}_>hjUWnSh~0|HV-En7dR>W3)y)@uOs+P6E z`I?I1W?bk*7$KWSJW*PQaI|3E!Ox+k8n^cSP{Ns6+qbA;?dJ45UVc^2jk&D~-vib01Wb_Q z=DNVGj`zH-`jZzZL@aIe;3(mNd(+G;-u&A*ur2nVf@2O8dZhqGnL1J*xI%p(tAIZS z{;c2_N?hJD)f|H>2yk94`tw{+F)P4cVzrShum)frzIgN!pH+0RdkUv`+xe(*kwr zTC3ilZ(I)^0@?xIgx$vYJ`%bfpc~S-;C5SRS|Qo9L;*&zV@6>FM|}#EW{gDsAl_ps zFvWMTFe1eGEtx_H_<7(3^ciV}5h|h}JZ+WnaiFsp&_C>j#PESGtHA{iZp64Qm#=2p zc>wE18Ne(}j;jGur3b!S>2tVU&g~sNYBZNxkjs2v>ii`a$GBCSpx6D3Qh(~Myf&$| zh%|c*+MTF7RV305^0ig!*=p{j`VSyj#<3BB81KuA&%sLTBu({Il^ouXrrhA{oGq*@ zgdGx`bP);(g}(k`q}S~Q024n(D6`)Ytu*$*K_}Poj3vYIaB!oI0R^2ELU-sUb1j*8 zXkc-Kro_46o3w3;l&E3JitqmaZSl~?;^Z&o{q?Xg)DuaLkdN`8x|obz+j&d|#3~tK2gKEX?4oEP%2Mz;}j$1 zRQTE+^UAD`k@Dv*_Su+QbU#-9ve7DRg;o5IvlhYUUw{X6Ogy&quc;34V3|Y@Xw(7` z2QsZeBKQbXeex#tus9mOX^d(<9J~O%x8x8-F+`Y)(|7MByF9jgTl086Ofl*h96rys zNKI_{s5Cotw``Gl^?eyCh*L3C&N(j~A}Q;po@F46X7##{JqeHPbM3Fk(P!Kjr>rkU zVQDYvGXyCqZYL$pBU81^-jctINIgt|Aq0fYNT?rS) za}5sA_|HvrMt7aO;jm%{Ehs+wIMLjB+6ie6N@<&3{V;ZbooZDg#s`2k74w zz`X-`pHOi<4{9qi9q?+u$bs$v9AUV0*IVGj8Kft2XjLv}L5>7ReFQIYWCA~LJ(40E zU>B@yUJoP;R-k3&6u%AhBxO-n)N(+R_!&6o{i4;AE}4FBYchX?)o>_)TIJa`jXd-N zV6C6l=s3TcmTsg;j5Wi}Uva5g&n!ER^6(IpQK@N*nmSfcxd!cSz=6VMkcVF887iOu z2ydXi=`wv|Mt3-3zXObOi7|yDe)}c8V97?JRDond`eQn!5T*bBper^HZHvJxKxoZy za-gFjMuOu{##A!0BSDc`{(ZI}z856|4qoe$cb3!7KPonTbFK+AH<2#Q<;Uw*%K!B+ z3^x;NFG0Y34FNL}O4a+kGFC;FyEV^VK!G@3Q>n<%cSyp0G8ro{zTeX3qt%7M>x8uN z6zKqmY4G+a6!eZQrS%BB*cR-db-Pyr8$z%?g74KgH?9a9qv$q-F)LUY)rO7Y>I@w~TbiN)s!!OS&4eR-o}ZbUx|b{`P7Rd;%?9i+F?zJ~&rD{5 zcm-`a{V0CNwPOe||7>dPg3^J(PhgPQT=)Y*%&zSmKqUB7G@e`)9{D z9gYF}JN&S0(TM;>*f3PG;}e`C;3$?20K>EW*CotfCzImm`Sf8#QlG5gsR0bLy+4}R z7Hrwe1Jw(VZ*1g*RQDh}@I2z;yH-u%?o{SYA=hzQDk-VNfzzZJ6 zC%4bM8)nZfk^RFH0E`>##^w%F~0 zxnxM7!z2hO{4G2?62$>Oq>sfNc5}Usm=4*|`dx-G5-K9**w*u42iAF)g!QxEH0qMM z$m0n61jSW))}Z{RmsUMgBi-uLg=cCwau#NTfSIS6oS}nw`$HfNmq6;}g9F3@>`-hZ zmVAR4-a^YT0&9TW4q&%*QP||keZ#jWwr<55!BpAnA*x2b%%X1&- zuLHEGM7hIFJjOY)VC1QNS`Yoat^UT>2z%TV*!~QhmI9E8EKQeg27V2(Mit1sQnGeA zcgraiN50!I@c+#K7TY}6V{ljtgDO`*I$H4h1@D3cWG#C5LJGYSo-iKdD!&a>Pg#sT zwfqqI)reNKL2Qvbt_~&|uzB(TfoBm$NCZP*GOyufA^qsJ9)?>Y0*6Ll3ksr~<~{{m zZ$Z>*nrbvC2oA}&=*NEj(U5DEJv=VZn4tZdu(^q(_q?SV9{`LXvYJ5{nc2^XwgNln z#49CUs4Hv619!!r-}}rxF3afjt``7$^|CCk-W}hmaTOsk^mjR>ezqW*rblc_g@hbR zoWrPIoDymYs)v)1lx<^>2IxOT@b!!>a0EpFj^2WQR5%roTy1tnGA1!W_;mfc&I4sW z&+g6o(Ho*n68O5#s!sx!8ZWlcS1#;_5EgK(b6C@s2l$9wqb(Jmp_>;90<5BQoSp9u zu(|}R+iRYyDk>^j+!7*Q*0VN!yntB2_qfkz?*Q4~hYET%wV+;NYlsHpjg>Ik9vZ36 zaT4l(hloLSP#wn}d90K?JRMm5S>J%;cgY)W&?>+OvndnFaODuEY^J(1V-lL=?DztF zUbMuHIspGz0fq}`MN$J(L_aV-JEIT~mLW=QOpF#aa6|?lcxnCD-O+`n780DTKens$ zR$@@f)AHgOegrb72j5RZW40%~95}ejZ7$`Q$OAfLD54mm_fd%?_IEB!%;m{lU`Igi=gsv(0h9z!$ zsG$j!gldFm(E&E({i1yUYEZ#9(W_@iGUvtoJkDzp9U;^deTP1ZG$HZ4WB6-#xPrJ9 zh=QC{K!niXN2G@b+R^enczU%l)t~-L6*4#IzG?}d4;NoXue@4Rkz4Yt#jE>G=LF@}c>NLMLXKq7^YE{Yj5j60u$$?Lb6~|6 zJ$3rvyn9ps(lKg*byhH)ZsrdDX=V-mKP1$CNsBB4siMs{?JAJ!($K?t>H?MlBc^at31u>NwuHejoQW+GA3VSl#f-p_&Pq5>G^+fsI zb=_w;d4*}|pH6K{aeX&N%$Otv;v~uEnQ*@BxIp$5BJ=i=q9i4J{; zV6d2O3-IG!0iQ4kBJ1o00S&1fXplr74p1kIszHFJcRd<&Cp3a&J_Z^<79vhwYUkV= zxMVB(R(wMWI}1_kj%h+h zMrZ&m33&!106N)jwuNhU-*&x36gJGD?7;CmtW0Be38EJiLUYk{S-*f0a zTo~m*=Lz7w)UoV-nh+cg5PClup#8_9^7C%$++i;#hj>wQe|%E@_%CUEoChr`{{UY1 z*#E-m2dd+gxCLllkKvVZePy|O5$Rq&_^K4=@@|E0Y~%Z|lEah{>zp%QV7x{QIA8jC zO^mIQ@36SjZ(j_+8)pLAS+4}Rs^JP%v4QfpcwWzsZyxT&1uiA)HwNlILHn;fx!lTh zN2Q>0c#}pNf46OkL+Htrf)W2#z{ogYXXESa3fxK{gj>P4o4eaP@BO~_O2CSmS~bby zKv_x!0mwoDz);oDeB(BuVo?0~YCw8Ng6uQ;4q@&)e}}<+0tb(}c59;Zff#_e4_NRj^Tt3>WfWb)n%UU^P&g!@hUobFWl(}`Eh_rdD7ndVjgGjm z`~X2d3-Agtbm+5fth|^S)ef7_M12-ZlwNDtw(&7-@w=1%NnBuH&FOj%C;aALLK~s3 zR@x+*UCv_xMirbzY3zyxf$uB53!d`_8~Uv-3VGqMetGa^E@QhGT(Q~L0E;Jz)?8Oj zhTl0%(>w}H&Nph=LEmb^5)H-}5228TX1AV5T$x)EPo(SKlsJtJUtM zfI|*6J^I1NM0k(nx_C4tii3YuvPt?+nwa8%h0Q&%jfwzfIRs`~MhJQV)MY$7CE`!0 zuL@&qz+p1^gSvh1Ntg0LM~%|>rZDQq z)wy5?dxT%+HSDi8eJxqsm$S{xn7T#s$^Ge7gMl&duH8D)+aK^aBTZH z(5w&vbAno9Y@wrWGxP7frvatJ{(>_SI|K-cEEQn+5JXi6EKi4Ed01(A*g*@l(A)%) z^CeR(P6f2ZffTsmY>wqCUoUX!-xE?s6o9SwBm$%kvY_%_Y7~#OWMZQDbET?SF0<;< zDPg?sy2FYlISH;I5hmf(*1vDUtzwH4mW_!>EGH*zL6>SA1)Mdnzkr;x3IB_zl0(^4-DSm~}LhBble0%87K;$mb zkiFJ*6qLELGBDy?FP6L!_;KqZu%ENTunK4}x)LI2{h&H+QucrWtCVQ0S!80v#%kLy z9w|9poXvTkS?~Ne8>_L@P;g%_ZqtnEaecv6*vIQg9jSYMb z@$t8`33+Is?0C!nu-i4wd7CA#l5`sRb0#1N)9_B+!|!)psp(rp5xUK>>=7)cY|s?3 zsW|@t5#FI|{sJvZ{M}Kw*aOk1+p6hv8tY+SbN2^w@83gDF#_e%b2a;xA6qBed*s+* zgUhuGFU3THp$8_3)KH+_-clQzy(XbxV|2lb=g6w=8+t^mQnX$$g??;s%)lc0k>GBT zkN*klpwXQPdXzW?|NRIDK%^F;OzPpqqLG5Y4+?^TN0r}(yyso)obH-c^ydAx_^9{+ zcJ0*!veGR-&f3_@_J8!pO3^KYFhcC!)n6fJR}%cT<-n!4&=aZCJks9GA?KzY(>eyo zDIoBLd>}+7x|>RtUoS-+is=*qJVc3V^8}_(dbQP|^{HJIfyNayKb9>KxA=xV@^Q83_;0M?j(Q>+4z4V@4Y6!>J=t%+d6i}Sp6 zd6-Q_1&4q$10;2GH7{X8V_$(t)4C!5}1P`Cfu^*@9W7l~FD{5}6Lp@vnP1b3^gld$bh zUK^98IADg5x|DGA9RRlgLT9_Yt%(*xA(%8GIerxp)c{!ZQzJY@Z3C|-qItD}%^q4g z`&l5snHB19TAZ8MZt#*X2y8hHwxDWd;!Wfd0lcV2NpYSG%+h%A9ilc{WRcfafYxu{ z3i)Im>CWT)W>CPNEC2y4xym+kC+9J+AV6rrx12eDJ9RJ_{8k_EfEU!@4Vu2>?BKq` zN7A67ViFmE184DEG;zUu`(3OH))rTlFyq!NL^u=++$t* z&T0}{N9wVP3~j1o)BKbW-{+z}wt9p0S+3iubz51_h%-FjmIi&r<3E5 zPC}rbRfb+0lj80Q-1%z+M@%HzcJ;tBYWQM6XiW8SO-HLDqXp%Dv%mpg^zO=@fQYvM zIdVOtXqDjK?efWRH2M%Qdus3pg1XKG*!@YScfmIShfOwmBP z)iAFH#YqRw4u-CKUHZA^3zP~U6hKXoCJH-FU>)as-gN)*aWErP(3t}RGFPP3;6mrn zid~a44=G*hJxLjQ@uJ{~Bw?|~WqF~LxS+!$!xZ;Lc3I%jAPDN9kqcD^z-s(=00$tH zb*+<J~FpZ@YoOIFv12^3|n|j)d>03Lo!h>-j=g9;Pt;QaGcQ#gy82?})zw zejUD>L&G&fOJb0~gv>@CurIRVkDup#Oqe=F8Oa#*M&4j{cpPkhB9ATl5Q-IDtA6z|Lnl}lI!coTXE z;#IK15%!Opax+ScQ^R=;uk#j~KmFD2*xH-W_N?e0Ui?+KqcxFUW*~ms!+RP$yy;JDpY1$2z>P2=yOx}K zAZ*?R5DNXaXM&y_fTp(raP1{8V##pl>|rQwYRF4n{1?s3-Pxls*tKe9Z0<9~KIrOp z{Bq+37j#l*L)a{Y6eLHWM!^^G(~-be1}vKU<=Y2YrVTiQwbXEd5a4lb1*c?f5+7&(($OW`d42|IwdvLMza6)^p4v;MaaDYOs~0#X4Fe1FO7 znFajQ5oa*qWEEB)$m!sOjokmmA$9Mbe5w)d)qs(Xe+TveBi7)_oFF12%<%z1; z;0H#wWMr4Lz;Yo&7K#mw@Xucn&8?hO>^sIxb@I%aGajsO&I4U61y6P5!sHOYi{oCp z6}jL`hA@E-JlsMTNs+n9|4ohDtK`s@hW7yH#SrehN83{u80cUK!b|OST~P0rIKPkb zdJe2x;$)9O7F$~sdv>A~O024UfxkNB7`|nyKH)74t`5ZNgM03%^6r3DS-?l#B&{xt zCte^)8x()flna2IN$gvef2L%{iNy_?B)15BPz3g`UtvxZ@?%zQ7WAz^w?Ivt zahh4{A#gtRGee=SedU(Kvs^hR%tk)r`Pw#l zJqyqw4oQpL*9TGsKAr8GO4)Xnq$_>A^xFEg>t7YZ3p1ob$lyR%gOXAyz8jm1fENAO zQ~#CWTPb1>h6-Xq;@)@qd#B9wENU=c=OZCc;xGy*sh~$j#pjyxvq2S>YOo~v3)l&5 z!Ky-ku@q!RvSA@~H2m8K;&aJ4r;)Z-WEo0KRr1ixN4*pn1iQOpbQG^C0K|TXg^`5d zGka28tT#(E@boK^W4k+ehkain(SlksQVwxl{OsqfW!jm*dJIs~_!PUiR=ONQEE;r4 zTkH2Bt}JLVOSzynMnj8ggzk;8jS(5-CL*}Q9nSg?YL{S;^Y(s8 z7J{ztzyfvScGjCf_fpskl~7v2*y|j;feBWpRs7o^H;Ci zq1jgfR8T%BpaupQ`}wFc8qcA+L-s88fuu3aa?c|##6LQ$rMVAf}VxbA^H82WP(*jdr8zvqd9 zdR)(T%fY=GcG1ETRv4aMl6pjcGxxEJ%o$Lkj5+r0jQFB2;2zY1sRsObX0X!2C3hZJ z1wLU5DNY!w13gFaqBqEKGXzG*yy;)Bi%N=42EFL-XS)TG^?w}{6bH`PTnCV^2nUR5 zF{YXP`^*V@ef!cQU_?CNeZKeKY3E;HaK6wC88Q~c4$FS)kiZ%Hk;ZSlh3CTvr;zkl z>?`&JaSppQ!pEWbscB<~U3p1{t3hUPPp|Uav93Z|J9I}Z`XR_cyG7;D+*S_Q@vkVD zp?p3^v;NQ<$cc@A=6E+Yu7|SgDKeXEZi~nrnl}C;`qe%p68Hq|6c9i*m?oeN5qPa{ z#s$v5f6*~S53Gc7e|eDB9e$;fdzT`x$Pg-YnBb#d;g)i*6L4ze?*N^50XlA!jlrGf zOy9g1|1sp?2-qC{ZIumGwI!7$!#P2@GXagm)lbN9CIBP`SaTENqx5c(9$E(nlIs>3 zY!$A!6hV_{Aa3RIEd?}{i6N@T39ePNX?*dzX12Q=2V&wlZn9!1Ui2+2So?D;HS6`CQ!i)w3*DTBGi(n&I)O>rk z_ltAcCEG->mzfUqTlTf6jXjm9u~f1bj{M#cFF0Q;-42xx%vbh{TA}%)2pCkrFghai z@3{_78NN2po>tX$2Yphsi)BEZyR!_t`T}-Pe&3Yh%7p=fMns zj4d1d-(4sp-1D5YC?8o_{JOqXmgOrAfJ5!`=jL4ub!^pWYWzjq0vubU4hF_gTUnX+ z9X;vv^y-p^>(FiOc{j`-+p`XmQC3^HmDeXo}8(UdwhD$y`a7 zvphMaE>XSzUX=8E!|<*kf}9k%HwO}Qm2jC81}^7L&a*Y{-_=(z?*M(wnl>duW2hVCxK8N4-OkLn21WNmQ@u{-^X|pw)wmmh<6W2Wl3>q z;QE`$Y~KoNh~$;ULRljQ2WL$mkA2#c7Ywdck2nz!@8 zNP@R6l*1o`)RxBG$8k+Jzv|I3I5z)5M=vyC*{$eyc8+@zjMwyRUsXT(am%uLc&Chf zqQo(wS=)v*oVG$k_a$JbjiqXyz3TqI0w8x_)nk{^$f7*J`6^?iFiq8=DZCy!rrWJ^ z?|MrD?cz&cCIr^JeF-?x&KPj~he%q9>%b^#IoCk4-KK}%Yg-!(54W}yx(nx22Y`QE z8+-eN(fu}Z+$1KLk9ay`PwdI*O42B5;3R$Ln@-Whw3!) zLsc`9eRzpT*8I$!pH!tL>a$oGD(~lOK5d^HNh*%MeBqot8I@)EKg2i_S5psqS?z=e z#JHFIScOCk;qHbnDd}_7Pz*s#bxZ*M*a%9JpUDDnQD0c{Qx(SiI#qigMm$$64?fv< zo#yM?kJQf0=`hFQa)93jD{4>Pg{g(a*@%-_1$jlgUVt79&~H~%uRfwRb}eCayy6(G zHex8c`@lPo33VRrF^-Ftv&^Gi6NV~p^R3nfr)FGa5=O2^(y{aKoZ5N6e@Jsk_u)rU z(?gX>z1V?mf{V+ujq!on;IX{yHTk291SJf28p@pEi-VavS1&AkQCYIu@WxeOh?qYV zs;Wve;&ViaaUr)<$DH4t!%wn|L|pI=yC=Ah=L*Nka=J|)IVCr;_fbTG6rX43-&|vj zx|iL*Ax%{?uGYqaV#kjpWc_Ecw|{sp6r(#$`g`^NAx+k+MPU^Jf+XHQzFuqNUWn5= ze*Ai&Ues`As1Efv8LVF<1-c|ZOJedMEg4FiT<m&o{+}A7RO=20MeVe>y^pi{~RK|F!t?PvEb7U+&6v z)Qypt_vsMpG3d@!-gL|2{@OM}-gzx_S*2$ct$y)I8Pt3&V z?h!GIMAVL|j#=|#pH)%ee6BBFJTaweXMZs|MJwrJ-PW`*-NkR&zol3`O3tU037-cE~OMT|~WW>&X$22qB z@D`%HyW~i@gwxwp?Xgd>j(K0_Klj9*IKebNsZd}>ifSY=IDRq4{$^8TL!~bnYJd6R zKv`0wJ!GhIHrU!q)UdS$VQY(vp}FB3m?bF|RK`%C>E6?$mDiR;(PIkB1ARX$+2!S^ z?(s5w8^Xw$ClTX#tnM^mEOW_Gjl^A)vW3m>Wcekfq9*kI-Jv^&QR={HdF%>%@M1T$ zTZkJc26nR4xD1^CncjTZ33(|6(H3sTMn?e5?rp${9ERgU>+ z-$dn@Ok=#B&y)D|mTv3MD-Sloc9b5I4V zu>S4jO{TkD@L=SW%N6Cr?~KP(#~fl0Eh}h8VhE{U@$<3G`}Ec{d1WG5Q2UF{FPrW@ z?#{a;?H!CAO){sWyRo}J&Qf?)bhBm5fO4H&tZYnz(tyAi&MEycv;($x&TWDEz~58`xvSHG$FTiv!Dm-T)h`PEH{gX;W3<4ny^ z#Z*shO8jVnRI+b7l`p*TJiHZKqV4QOS#h-S6xFQbU#Cyxv=!{p7V*Zl-5uk8FVv3L zv*an(?*@E_V&*_8QZXadB@E#q?7qk4s$vot1$5 zVPChX)Q+V_9%`cVq;kXywCump`gf-M@ItjrTi_0T>gCOWqGxGev7O4kYXLoXSLBINR*)uQiKzggHeIjq~K*xH-4Gj}b*cYi6J3nWsXDMKtsBqEe zS(Q_W65yA6s6a0EXQlY2tYL(&i1BA_y~CYrDNT%Hd!Ht~SjFOfp>0fZb~YpC>!_KG`12O3 z3E=~WnFlu3se60-UQV|eys&wnOf}Kdb<~52IJm;w)9wprhV4t4mSA2Pl&qOiu{U8- zo#Upe{aS2uz1~_Qu^FW-aTAN$r=qgMjWk$;U97P4%8>No*nVfYstjR$8(d(-8EoKY z=viNJ(!<*+0UIBC;{69xUKvvoloFa(210oa@_Uauy~CZYWg#u%#&cPU zGX$w`#9koOdp7Eqf89IuVW9Ee!NJ>dY!|1rc|^%lQ&ZhNJtLkZ3Qx~;(#NPQ9 zcW(b)roA6379{cS-buzMrls-NOPYqJT@8wHv33z_S7HhJ=wR(~BS&3SJTSP@UQg4< zdV2FYDVgo)8c+J@kxr2yXVVJfxQ8D-3|?@_RX^at_cF6Y>^CdFiUdM4I#WnSe}#~E zF^1`nr;YH*_L~DsIasr29h1qs?|+*Sl8r4_7d2^-5E82g^VG^_ggnD_CE-TgTdMZN zjQGlXoVQ4C(V#C+Y1GY?WkFPhy_-qiRq2%SY;Cu2bjmfsd~8PSeb3 z-~M>>WutyYa{+VGxEfqF3@NG>79UUJ@*$oIr z7}bZWV>e8bPtsxP+*ev9KJy(ve%z?;(lQ0r>GVe=2o$p$SQe?1yAGlg`u<5F)Wu;&bax*=-hW}=RWff zrHAj96wvNJ_)o~XtL)YGlC!XxkMnw3cpWQo7`s%dE(G83m4SlWUmK+ZIpPNJF59a! z=nVgPwCDDfN@kIiP-S9VAEfW76?&sI22d|AL8HkW(+czVy)^doiq{bqa%WlymR`xVIIG#W2%%wF)m_Cfp$J*7hVefM>1y{O#h zWQAM#8O@BNZiKWLgZ_~GFOA&F!Rme?AHwKG_)c`m&h(O+EzY%y96{0S)Jkj1cZK>NkINht`E1x;!bL zEPs{8KpFL7@NV_j)!5dU@MF^!#=nd#jO~S3YYG^w1LsfHIR$TS?o)I`y;}Ma{(%luPPi>=AF})ZjdD~wvo{WoMKff!b-{^#SvDC( zM92KWj(33)4y-mU`Z8SSxjg8|4_>L*25Qs$2OBXht=dpjJ%{t#OAUD|m6YgB>?k+v z(+o&njt8+Tx_vf3DdshkDbV^JA63Vy1wzEM9r7&;NMPz0}eo?Fa290><~t zdv*uDSz98f6MNWFSy`#x=r*(LuPCIlb?gQWPqag0lu6$H_0uX`N**K`!n(D?21>b= zvL4?UxRyuR9*hSU4e1nJ?lbp0Pb;Q;)Jvp6_rB?D^2o@6$61g0&<)~PGXRZlPT4ZRJdFH28TZMc%%?}I1OSkE>6P7%= z_Hx`#S^FhkN1*F05_6M#RX!uhi2n)s*zF?I3k9Vf*KmT)OHn)%#!S0tkPJB$_vSAF z5P3-yDD)T1aiIc?_s)Ch=`KhRF-J-wI;wAms%aQq0PjjG+6gMvU-{3<>|Y=cC$(t! zw#P8qpsrLJQqp}2v=!iglYRKl@i~{*aaL!gqpKMJt#l`X`Jfm@#_v^z>*4 zhm3%V5-f|TU615*eKImKQR^0g7H#?f4z|rT`dj=zMe6U=rv}m0rv>Qyh16Cp4UWtW zKQ*aQE(xr$@YA~?Yv2y zQ6nCmpdSb_dA3)qFu2nyM2WR>CF`t`(fe|raf^E^=e)Admr9jv%?c3XR$l0sAHk$O zP`vs^(8iF17{^jI@a2C1r%^O)+xX#TtKACk=`l>6BovT}?^sadH>q%2LJ>EaKJ+?s z?~Ao2$(YxAohqt|xs99%&zk`1e1gLXjquAq6Dn^X77wsC#t`P}+TbV1XwV7g@A{lh z{{-|x&SCSbx_hWDsj5z32;)CUGd$C!`3pS`4v(7VK+OocR2e=(}>ncbW%k&QYgu<>2?ytJ?Yv8qZjRhHMZJ>|*iGHfl>Xz+< z@nM&Kq8jcmF+*Q{Jz6?mdOB1tPG27Vws0Xv=|(*{{a}A}(4mRZm76h9nln-<@h_g( z1&quI9}NCsG%Dh4CfHVx+f%Y%FX;$VW6bYdIoq*+sW;3ozbY?qtAjItxawTuKwN&4 z>Qfq>=F?-{G0JD7?ef26k)a9;3qE{*pn zQRLDw$ITN;h;Z9SU@v|hw7S5TG%as+;CnRhh1^hp?vjQIgmllAtKpDYDXqt_KL6(0 zv!rb7N?;X(7uCuA8apNH| z`4_J%)&s%!SLR#BLR5mE@%$c%6r^Ev1t+VGjrJ@Z7e)iFkp%#j*m@otzM*R9A zWy%T2I;p|IveAjQhFFJUdY$m|d)P?jzU|rim2odscg^~rg0C+A@3zT@T%yzlsom(i z%Ldk(k)RJTn=xya&;sn_Gsb%*WDd*k>`N(eSiTl1CE+~JJ?F_#5wNmpPz+vd;g3zt z&85OIU2{mU)|QtVNo~x&#S$_C7phA<(Z-xYVDMSfE>YN-j7V)P93Jr~szz?}9sW(F z;rNk9#>Mrg#nGES(_C6~`yUR$DJvaO9=;Du|D7%)AFRonlU0W8>PO>O{ z{O0)2$q&^ZTHJC>F|JAhLn(G{7e?<2lFsZ`4u16ci^^p0t+@=Xgw@qgR(MtW3(riB z^UA=XTRL!H*z*iun=7x3J_%}piabnbA}F(yg$m7m{~vTimsgYOSiIOm@Ly2xy)bY% zUU`m&jgeMY`-9N4fH8SqfuIW0EuDr{0l9@>nrYr-h;5y(AjsmZ84M7n6+X&*b zYSy7mo;OoTkIG>{10*!>uX2qBSq`>Cj-7O9?&Z4Wz!V=!MTo!E$o!>Ftj0oFxtt_b&A6z`ondi6DRTUMPF zujk~5sIM2EA+XY(mQ~X7w0jK)URVE=`sK@Fft6K^<{4TKzgt(j?-_6zxN%M=kzY|f zTjFr$D`Q%8^P!)Y2J(!SzO6hW<;R+7z&iucR}8$I-!lcdzt-i|UJ6e(7L>+kDjfWR z%U2ZGfB%9|ebQIwry@T3To);PP{_xMi^w`xmL+qLiu|)B z1$@w|oLV+ecC^nk;?vloGwlW!L$*AdSPUUZ^J7KpEVe;b|xX4wXuAvj*)UUt6C-ldW}F!u2hbn6jI45F}=OL*OuJAceCj9`*phVdJYaY z#=jWDR0SOJz%!99O?HR;Q^&{m<<%7dd%e^V?4k)V&cmv-ueXWs;)hQfSw!fjmnRg%MqW%juMNnOj6liH=gDFa?SsH9%^iOt(xpX6< z^P0S#G{m^fg0Gs)?n1~3O@lH@v0Zfx#fT@^!{7i}!NyZ?yDh{{3UB2&po+!zY)QpI z36)EMPTk9b5_STtq(hsX5uVSssjJucz(LB0B{D0ua0Z_?yEmS%Gvt@(Smfn+I~S9) ze1^)|1GSh(r^dKOZe9FTvpm8?v+tNG`?VZa(QK{fF2gvO0JDZojx4%CV zvPp_mT@@Gt`RY>R&&08>lQim(Jhv%Q@FAt{p z%tGExjDPZG;sMmK-aRGaYKCMejGrXOqmo3nU&2De!_1N}$y)&n*!=Juetz$gy!37` z+pV>z5HjYqm}m4(5)Ptdra}jcilK#Gs%KRj-!Hs!4mL`*?P#tTTAvCR{%U&hiWQ{R z6c+eN(q$T|dm^=}_P35#!XM~vi$t(-x#t)m<=jqSWqVsm(JYoMc z3}G=XNQfw<(0O_WU}a@>VEO#&V8rUsw^#w$PUrq|>c#r{_|sVrDinhiy(kP+jz0b1 z4dvzStalbRGpT8_y@m!X{%+lo(rP!PXvxAn*8O@COj!K4rq^Z~lf(0Q=f9Hn_GM_- z1>~BSHfVEJ8&z-3t)1T|XM6nNS}OBEOki-%e0Ri5b)=kiP$ofHun*qg!o%`+oR6YQ z+2{b&@vxlXlR2u)Qr=K`_mcSN27=ea31`Nt+3`8d7q9+*>0~=a)UqS&e#5z87?-_W z_vcC4K=pox1Z5zD{oc)at*|p{`;0~cjXz?7=Q;o*^*?vVjzUl{AVEQ~?y9Vve3K4< z;O9Di4=T`{Vu?1-3*Dl^P1)$mN0p_-9X8=xC~i2yI6Z~YXnJPqE%iyzq~H+|4n+{v zNa@Huj3Gej(}*3ar*=)5?JZokGI~?wjM^tkd>7@u@|}EUIBI3#<9PL&rp>(H=R6A& z%8MMD>22ppj)r_GXX5P0JNNoQL2>n_f8gxfqoe(;Dx3TA-v>QQpJ*zyA9|=wCOY%> zxV8p&-}KOTjO`>@qUeNN*yi1lB;zf)eL#P(UsuehKW#kE z2uJjjDfCl^6AB^o9_#GBk}OGjSPU|*7Tb;bN5JMEN09Sdy~~gC63KrFX4)?Lb<&`x zH-;%Hg8~n_tjh-qJU^XK?6T@g{+d(v4R#OxFn*?{r`MGoUuk`vqcu&*$ulZZ{*iwt zCTwQqy(C8Wj|F2NOh*<~t`r16CxZ8ZC+iCv(LgT9P&7#kr3qIZZ;jfTJYaLP#op{Ce zk=upZrkMJt8DYCx!%51C237lKC9Kl$Hh%yQj2JV;!lh8QYfr=t)=@5!bpD$}png1H zJRn>)Mk#r&j5&~b_jhC>3eLULm3N5rw@I}&DDxsX@Rl66ax5FUGEH8v-G)ga7+vAD zO82s(K$sXdMz%ZyVs>^0b;bzq9MiiT!dT<*hG_GAwIN}w3;o(orAU2Rn4)(zq(y~`oo7qwxT>8TA3X!tF-hi#l_5~ z*G3)CcJ|#>?^}8}4U}bw!fw!D^7HdO-XU4w;%kyOZyQAFKAH4eUYqDCs?&BdzPNas zg>(bIgpPlw{kE!uMSk?qcgV)qkF8b)o8I?`;hLyqmzk@nuQ5Jlr|WGq-{sO>QeX2# zU)0lmQMS;L`0(sv!we8ZNf=#|0lH+B-L=_?Z%-I07ASxgWN-Fm$9pB&4Xf?~ILQyi znLG`>?2q=%;yn`ksgf(-lX!99nPKqeOuj^WZ6;f6ij&7AqJjyNw`%Q=@t02wAagrV zJ^AJ3+;@N_{2+435p9bcN3hS}!Z8!s>~IG9D{s8jQOeZ}nd6xs+IvS{j#NMLu(j9H z!qwjeqE@zDPVx%+n~a=XDc=2A9`6x(9Q(W1A5UL**h;*6+lQ(6JYQQ;2oaXWA>;l7 zm*eJ^No3v%2mS&N%ugjSuUSwk03br_!wJo=?Q3>xDx;f#npj@r^+nPZwt?v)mDbEe zG9Pv&p91~9vo~unRAlfrk_5g!_k7RnzJJfwd!|A5jy(<6Ll{d916WW4E>@iFy?rla zlqsF0wJP4fcF$t|@U*rlYv|JCM3{i6qp#wjzUkP}LzIsAref=;;({kET>ZqG`?W-4 zEq*Mc+m}zdnj>X z-P7JzWS6WZY+n!O1w{$%RZp!Mih5C^Db<#dJj(6*UDYFWy;eu z{79$tdF3gppJh|B%j6`?ksqI4VKSnodGqU?^-#<}uz;l~N!DRXZ9^5FbzD;PIey>o zqGAut<;YMvdzy6qIExUu(oZ2;*I8HPJ3D0;h678gGNa2-O_OOkJ>hy+Kw*=oL>Q`Niye(qO)HK zn8~PrCzt5x#s2lu;(Iwu>#P9F#ji~eNOeh2Fc`jybWH0p} z*zSFKP)FT$<2l=Gvo;`c^w*TIPxC|rwy8T4QUBz*h`(NZ~B-ewk z=o;ZI8>n!-jJsR+Uq1K%Q8*FqS=w-VXY1^*r4sfakJp;QIL3&RyP2e)^i|PM7Wn#N zZGqogTJ}b3_<(4- zH(;FNYIQ_#bQdJrEUo;fbv7ElBh)F@AB@6vea^5i7@pxXELr?Wxh!<_*Qu=L0N8X? z4EH~jDd){E)z1}qNknzph7+b|XJ&IyhHaaas>aFhay$#8PDJWt|3iBfWYFCg`i&Ca zL%hf;%wcZ)_cb7)2`v$k{uD*j_nQ>xRZ;O@vk%y?55@=IiWjJlIf4fRqf4Go$78T( zq4l=f#v#8k^yq~4ni4`dXVM^{u8-m=hHwll5bdVCZ9VTo=`HRPXXKb3vWpYpx>^ z6Oep{kcUnzUN!gYlYdy=BR$KT^`*Jkg@kYbZ}{d_@=pH*%t#ZIY~>zHqL3 zUx3L|R0mtlo%-*OZT8W)%3h4QdDH#&iaQn#uNh(+h%F_}FmVd8yGAcree+mc)5{4L zZ}dvhhw`W2jde&+TR=gZa4E`ylFED<5Z8znlmI^^218opfw4D>V?jCjzPf1EW=^$L z!FKVbin3a(PF?w#T2T@$xtxfJ=PSdyT0&Nl?f&7qz$4olUV*>(4~X(yHQgOq_x$iSg)N(tdx>%SvkF5D=T&Xy2~Gcxt+$MeG7Z~@mqr>TL|PUp0U5eML==#a zlCB}7C8PuyX%HBs1xe{rxaixR{uvD=IC?0cx`6Tq+AdmrBG5Ea(aRpo$nMT6SVHk~13WEOmH0eHQJCeMJ9W z^6EHL3H3A1OfxLu_m7@~g#-~*+dmlFW@grADN2l|=-leR3WLvVHL{*Z#ure#D*2&z zvp*=2)-St3&{X~Ye%;MP0%b|b#N3v9pBY7mSKw^epr0Ud{g*_(4u3;fZqVu>t)Tgg zKNr*Vn=iP5;tPO*SlAOwM_7X$t0VTiSOBs47HRZE4>nLa%BJD-Pf8!$>hHJOgM5QC@c?Wi$+d#(? zruOI&<|g>(S#AQ*zrW<6xgj8)-9WqsWG9g!HIWbc2|9g&7ya<08*O*8aOjz*q!i`v zQ@y#<=zd>}dg5Ij6hM@kx-ev{w?TY=YRz2z%m(v$)Q5BqPo)6#Zq^;=7qrf}MF9%h zqw&jn(AL^sKP|kh2jWL#>;WERZtt&Uw6hPRMK9y>>tqCGZBFH`>NgXN3Ag zhxjH=trL?8{j`pKLvT;V>rFUnsp(k1s1O^R;rHzqv(D=lNy*}mZD4FVrwdU?;Y_g-c$e0Lnpd<(=_}x?2Ikn0JrmF)m2d_Q+xCe0e*5nNz zbRAL@fAotsZRK@2_uiws`)RFrj&Pu%DUgTR(MvVGr68@2DVla*wRmL!@Yy#1#OUD#3D%p_Rs5=GfQ~i1rni`XkFE^< z-A^D-jU?$I!FmbLV37at9&}eXvPV%K0%I7h0mxAoXz-ckXN99{s|Ca*l2>SH-q~sO@MK z7B5SW;~v$kW7HejV4aHqf`AEl3M)G_Tsr*QXR0hN=?1q7yDyOBT^4QzwosU2*L@jd0*L8`z62*LL*B+{hSJPNmF0uSknFO8&sQ zj%7_QsOvM`RW`vTz!s#22L<5{%g!O$X8h1k37}KJMK~`QLef*O5-DjK@1yJtPn#9o zoe+>0a=CuROW-H)nhm80H@ro8TbkbW)_wzaG7);>l)d}qxz2>d1qm>B=U!UA|g`EGX@q9w@CMLd9&Y$_Qm!{N4!W1bdv6Cu@ zP|*un49`7~%Hp5{2(bC!1sP~Rq3id$J{mPw9CY}z+*O*HJ;RQEbE_D2Sm52UV90?d zE#BffYUB`m{M}|Xlnhw4t%r$&rT>P%Fcfb^!N_Rx`zZ{tJrq8#|i z7i3z6a*qXIA(M9KN`ES) z87O)z4C$U|@(Kb2?cnH5$11Wfzw`FKYe2e!g5koQXKrrovTfY;gOQ8icx^}#imx}N z%s;#&{;*p*Kl}uT2`=}ovnhWJXh*$O>FEaOqb!s(xkRe2NCG4!^l)l@)KG_KWZ2X= zZ|NrR0iZ88fz}~A7cXIcJuuyif0ue5+i2x$sY7Si5(JnE5ygsO_C32|()VKV50=t# zp&sLxvoYpCfSiO0Z5at#41VwuBt~E6lmF8rWGOpyoAN*1>5Vtr5*zeRD-!|StZp9>lZBo2^89yWBKrQ zDf7^G`oLpay=JHo_v;t)j3lB>A||aLu0}Zw*h)|JVBT zf~97qmP9}e1TY4}8?4*cVJo!{%g$~qaMv}EwP!YRF{Zl59b9(`PW^6lpZ;qW)gu1zIo zEgJ7+%dxb&?88|LOEg!^;CYJDXm5E>u^PcUO~Vf4VkALs{Q|GvW_9sm^isuMbbih2 z;qK5mq&BJ2pi(1Bj|`B+?<&qY%ez4=?CNev(aqTYtF%fo@8=@u7wrOj++K>%ZCs@~ z?kd+F86kO1V5?5{Py^#C~J#9<`j)vaY;>(2)uNCZA&P$Ls)V`^g} zg(u!q;-;Ji3v|(mZn*)fwHAQIz_7cO5I*0!y3Fr~7lJzjU!cID2cnVx8HJ>p(GNg9 zAB=^XtQgpN{>t+D?iYZtbwUeBwqv%JY(tvc{Xj2S(a1tiN-E6@x~X7HRP6`qcg{DF zoR`qIso3C)4!F>z^RSqwVkHxhzu7QC(*kN`Ngz*7ZfDL6KV+2SkGH&_+J9uroa)wI z_Sl_c#DRLD98wo=EwBFleMzgS?pL%YR0{-r&M-+Gjx?pwyU#i!Lq9)^DBF>j>^J=J1L4!P?vRc8&SmC&}9AlK5WKrkNgUm&>XgFh%fvzGqZC0yFME#6CaD z7CCz8@ay{Qu1{Fy9;%LRX$`$jxj%iHy6%qi89{-Qs4cy&S@4*5c_3- ztXo*c7kofU{eoYe7xV62Idz1hiN7Kcmox{v5HiKg7zeCY-F#R^1RWbcvLfl-J9eUK zLJG)|t4Bt|xB{Z$8tX zJ6&yAsY7;jbkxnHiG)Vfqu`x)bO|-;D90#v)*pZfvH`2(18Oq?TcEK0tjRw?dB>+f z>=t%P6=qMJ-toeyX4X)}135WRZ4%%Y`yNUUk^n?zAFw*ZbB+T4IX>t6pim5_j8ps5 zq^_ugxt@~}06e}Uhq%=ACB^37SmA?H0V!GoqNA&sNr8#BG3zmLyd!du!mL&g1$}jr zWD?MSjMxjmN!p4HNBhx-3B)r$H#JJsyUeB!2u)+;NyHQn+|uqE`DZi z17o9|@6LXnTJk$s^UOw8a%ol=w_oT22osN-95RXi>i!vbfxN-^F81G{R|pUB^TgXxt^`GFGkj1JGy z8V|u6-2%msCk)vQYj7(v_;Octb^1k8dxvzn9v$z-XWg*oA(&5NE%j7gO)ezr+1KFX z-kF!Knjn1{eHH$9#OqHnB7#B%E$};5|2UkU6zBk*GIHPvw+R4bZ4N#FM9P)=jqSOV zBno6~aByW6;Xjhi0`o&3w5 zSV*!)+=m@66Or?m*%7p&q zgMgFa{l@0IGO?UNh9_xT7q3wSB+ha`L-=2nR>z`e%5_~*SwWCXn|;Rnw*HFl1=TE8 zjPf)moDocw!%!EbPJmoXqpZ&^cSj+A+oafoBC*pMEbHdnrL$1a5{P0bye@*+R& zfyjlm7xH*e9nEg%MbPsFjAqJFIHn75)Gzu<94Fr&2O78C$ez zBBt5NDwe%IfOqDD0?5&9s4R!@t)SqWIC#LIYWt3Wd2?s<=2+;DQ8ln6$#sz6n{T-_ ztMc1f#lPPVqHl(`q`{Dt;8g0yYCAUBy-gYbVwR z->qPSDy5oT=T`$N-nN4^F7PNL@r=bLp5{&)UjxA_gp8+I_Q&Sy5 zQv}MYo5qjbSam|Ju&$sBMq{Hd+~VKw@SCeA5Ys-scEB7rgR-*-o=YcVMiJr9_EdVUqTM>e^xWy*RIY)7rn;ee)Rm=h&gxftaR8m)kB^w|-jk zg~-QC8ut)On$FjR)ueE_1hu0}o6oePjYZeI>~TG<73$PBk?YKVLGG)&RN&pegP^NcE(RJGB=hizemW zD`b8H?j`nHQiK>_41ivKim7w`&f}2z@AafFbyQVy`y9V2Yqvch+rnih zL#XGwfLI+JBVq>U#b9B;_-v(y5hv>}KM2osNmUP*mf-CxtDDI=oI_85rI$p4$EdE2 z;j_*5kQ5fC`r7;Tct4`?%W|9e2vaz7PxlgOrBZni&3z!CV@9`P;N=!q0;5HWV0Nl_ z@1P}=uuJZ5`(TCEHXb&4hJGW6Mldlw803k^N`9$AX^VkjM3z#&%%s#zMgoL5lC@&t zgwWU0Qf)jPRe(y^x-QiJV5L%M|9`W)hUy5hZoGu<3O^cdtc~9y)YYjq%jp4}RnP~; zV*_pg@I)!N&`SUpZG%~&BD@4tsoW|J$jy&(aI@_1!_>=7+G3V19cGGRdqDW z)j9NaG@GJLzij9d!t-MI7xx!$FWw$d$vuc4V94H((`=6JlF{QnDUvCl_0e?y*W#*LyIkV_BM@0l}0O>E1c8y5k8(N zLqF-(|55fA0zfJEfPC)w+RVOC82Kx1T_g3uNAVocEVD)99Y;O z5xm@ad1k6GMgG4N0u}#GJPg8%X~*UNr5ccm%`v!^6r1*x{{dSHXWNV|p4O7l%hc}9 zDeJxD`~BLOR3aRMJQ>eY81R?zvJ9Rx^k)j(VfiPB_+y@r0gzYC76(#HZj4;L8_hQE zp~~#EpDE;)@Zum|HvwIP`N7>fE;~?^(;dyNUXiR*{^hFNbC;ezB?*SSFNX!G4Z%yu zi23^Up}EE;iNy8%@pTM81O)rQ<(*f4*P)vXHEu5Y4*m4Es=lv2E&X9uu{lOU9MHuA zdq{?5N>Yj`1fCV zP@2+E#&ZF@oB;ZG{Jr3Buyx?(@;CfzgGYfos8|YWIB=X6oWi&MWE{}L+iZp2a810j z*;st`N+^=#chPqWioT+U-`$@}QKE`IB{1ha9*mcen{W@Xmn+Bq5Ray4r|R#>^PjCd zF8j?X|0sW6%^dZF8#2+p{~ysi^#kS`kglfo5RPFuki}p01*ATK*6M11Uq0z-`A~ZG z&B#%ayg^=v=(Pe`7w*8Xy%q%a0m;^U=KIw!giz8EdjkZ_r7-d0++d?3O2h%=P6jxE zKY8KLYgy`~7Rh-j;w5Lk-_0*O7+F4HLUE!$l9Cugt9OnP`Re0oX#P2XCRt28EJ!2J zB7osMedwz2vroS<=Ea6J%kdT*HXvHKb*BI>+<2Ne$7%yOrE`5uh}O!RQ1awt7f`ot zyv|!qRiIKIg4PofGDZk!B^Hcaz1?V?yK6P42VtSJc?f z9h0u&Y*9Wr3~X_J^P1=8k2*2iIY)I+(8DOa8*UG!a=jCuh@r9xdfG&%8ZkLzekN#N zn0*`guA*w|kZPd{!+t6#$-jZ|TpfIgxc?Mjv6yQf0|3q#?SKO>?(1;4|F0J_g94SNi4;Lm1f&zp>%oy0W4MU|*P=x^&IV@BQG0>X*BqIvAKn8xZG0FuTe0)l= zAk4jfUr5RbA84(GB0E}_rLkum9j{vFWYdXUWtP6J4{& z4`Z1lWDCMy967;Eej&;9f9c4N=q`Ygar9xaGRTR;Vd&3OXQPx#FJnV6 zGNlqwjeU~GTbGG}7q#RNN_9h!(j|mG9Ec8mu6pf{gluXW=>1QGU`3~?c=Lf9e=Thm z@==S8_w#*n$fAi`E!BfOy9XlbwQt_+3Et&9G*d5-@inTMVogfg!UF2a`HHn~D>OG> zJQ!ByYBg!>{fju|Lj-%ApzvvxqcAqmY&U8MOaCWYETZOH^la*auWthf&)H@v^v01N zI}^w+I9!j9GcYMX2<# zl^BM~q*+R5`F^|Wj6CMK9kA7bx-8xWy_+$otlK+(IKiy%*tkrM#DZElanwdntk6a6d# zGqL71IbhK!Uc#6@XZXMTJR3?GgN6!zol;pkjB2%@!+p494-$bj7G!e9_f9~=&SMNO z?{q#${{18wfHp4_gEcC@V@+d)G7#R@f69B9wV3Dc?l}{z1FIUEuKj6}+>U5TnY+D@ zD6rX0p;;W(!=cMSetL{ni1PkNw!_c;KviasIylBFm_DzFM3$RT-rs$OaM2765ghe~A(3ldm4f z@S>vF32u`=n2NLqhztE_;I6?Qds{>V)4u_e7aho%AA0DBbf0@>egE+pfL&ms<*O3- z-a~zR<*l|jSHeA+GoSC@6g#cC&6XLsdoW!Eo0^SCV)!RpihZQdO+Q@4Gh8;>?1_%r z7{=KLC4D@Wt+OEAQQzW6oI&m9tTT(xrv{2+O^8DwP*RtuwN7TycF)>rd+l~tv2OTq^D|7g)+vDy&pz4m4ly28?b1G0 z?}OJ)GVs7!{Sja7>SG>W97?B7t=YZjHX(cWagv&hB#1#zM6oQ+KdKI)SMHy9J5bA*zN_ zR1Ma|=X_9ypXUN1B);`Gp8wt4k^Mw%Akonw3`f!OC?A0J;l2QxiZ|qeLB~d_Dbnh+ zU#&o1&0Gy12LJ1w-)!?K2ET(Tll|WS(u%qR(3R)&oNmEyFXJvarj)&PnRH>zsGm~d zN9WWne^h_!GP}H8EcQT9kTR0;?rz)mTlKEL_%5T-A_$u(Q@qi%M?<>~Fh3d&(xliN z-v&BYtf=X$PH&szbA^rb*A~^%Z|qUg1OiX^n;l9d8=h0NyiurW`Ip!uDn)IaFBO5* zR-wh#!S3ybW-baDIUim|OPW4n;8b~&!rBm5%%MRPW91vysL64gLY*O+{4dTt7IwqX z;en7~EDe&F_0J27@}VaOMC1m7nWp7L7MJ=R3QK6LreAXoEsK7*pNOo7gr77&Kjk`4 z*0Jg}c&4~7pRYlQUs$V=+5E8fyNSV&XJ(0OgxQ5`xqOZp|Ic^3WcQQ)=F}_itsyqM z)YMQglg!KYxL9P*G^sc9?>Z0E*3{IXC{%Ij`%W&i=xW8U>GE~ptn1)O*Spvr^{uZj zj84j{ahDgZ^4GTD+laMdW0PW*ggv+=ADid1%ft88A=w1ROKj4}eJzrvGCkKq8jYfG z0CB73Xem7{o7E1#z*3b zB1p-V)W(^oEn3-?B3%FJ=S@})Q?`};KW!DL;;1P`G5#v2FS;a=^u96;KGHFqx%ZGM zqfI=}8{_nwWD`wGnVq}4yU?4J2LXh11~yj_gkA(PfrQ^mT06gZZw5djTK57x>FX#f z54Zduhf%Z5CR}x21jZ<6&Gkrj7)E}P?W9QW(ecD$3NhE9r9OrSOpFEdnz@~zK5??pF3M;%CFyQk*&pcGVP{n41N_0!_ zaq{N_0>%iT4LV*_VuWC%W?kzId`^cP0%$4eyYP0+6ZDr^OhIiG9dAieX86!c)(rB8 z3P~ub19k1I3rAi>Bs{=Y7CWfw;xDn9|Mir2=ODJYlW&`Aveu|QPf($5`8kwqYs1?j zau^E>Yc|lgHs*+UL)^zA;63YCWlzeg+S>VpN&}h7zic%nMf_kAOx z%oR&Svoh`L{Q2{T$V8{GLMc*@^eZ_U)C}XzoouDb|2lWu!KtdQHf~>6*qs{RCLd3s z>G8|G#eng3$ad0VeP^w17#@`oHgC~c4i{;BN@vI=li-B|mPZ;HeX}VoEsZhC(rfO& zO5%!nD9ymjLB(T8*emO=DEx}5qkwLKm|Iz!B??H8b1cy~19%o`Fq*-Q&;r#xn9*5r zvG{jo!JpWeq>+kRX#n<7fQs=4+|{@z;a&3?jPE}v01Gv^;VQooP05c1RDO8R1UeLXaKfo!68 zQ|WVdcAU=TMfvvZDRr^d_f)kX&sx(k0`Vr-H|N6+X~*YxzBLP6O!Xa5_-PW8w^?VAg;Tq2i10m;Q6*0jr?ZwQuN|(NyiH(na9~1soCJxKr(kb_L zcw&j$FkPwOF3iKIO2b{Rup2cfW(I#=v9;;Rz{Zw~;MqQ#HaI>$ooN`~ZmTX`j$Q{d z%}R*BUb^`{ApPKlZZKugvF^Clmzr~r!?a=l+qnE~wL|9o;E#{U`xs5c`qU~?-kwvL zCcD#>h_EHT##*>@=vkG5Yax-UE>dnY?NyJlE}uk$ zDn_L}XBKd?Td~o%(tYm!TQ(xW(A6pc4d{SCY5G-eA(&_#x>bCS7*hIJUQDLSi|kZKr+S#_D+29>U^!}Y3z}keR)7^n4vT| zCg2r2ApOb1W#?dP^EG!ATC;oUQp|vV*BQutBS&op%nMb^f#SEtC-jUJDiT{GXFFRW zXG^+12~$!_T$K!5y!~?Mg(9EiQ-8%$i&9RoG{=h`zRAYqG~;h>@H!pcRGZ>BgBMQn zZ$>62hFaTKQP6u|!Y0=h@LVq)qzc|Tz;6yv^FTlMrHnO04r`X!+k%2qKo{uY6OX64gS@sAZ6aU)kdZ!2Z8&rhWs84pBd z$kz*9qFuUemmaBAq=57C=?WX4E z^QE?8#{7@TBJOw>Ti#Eq4Z5%959k?%gl?t zdYK!yoMUjc8kf>E+(St`E&A6Uu8qL*P0QXAEV?_#B&WgiNX~JIU8=Je8C@Z^2L=8=wyH!g}n9d6ahl9C5NbdKA?no znkD|^M^6#tLjF^>7@omtUKk81zxcYN+oJmu42RC+FVTikSg`56(N8jGN}FHTE@A{U z=&XaJ7P9OGzfVsaR`)<5X;<=bld#bnF(}aVqy*}E7Gl*&pH$FCYhS!AX%Alc=lG@Fr#ZduLO;m6xwI@}+d{nFtqz(*JT$f1`=q=W`Z zx1nRYnv<0;ySPd&c+c}y`F~vs3IM4C4i;{R5q^DFu#y|7njS!@q<~lukTQ6N7WNxk z&$lPk8*ZZ30c8WI{kDKaQE2@y33=_p-a=L3=DanjEb2Ei*!Bnq6SK08t!YOjvpCRI zcDyk5I;b}3a&)fCWC{^o^V|)QT^TB+_Le-CB=Cafpflw2a8VvrY>yBL3k!Gj4mUJ3 zyf_$QFVL&Wd-Qkt-OM_b0BPdQEAnR_1scNE5R69viRvhh`zTw` z3gMyJ!mnp@A zPW$o1Xij_yRl6)`rulgPhMG9h6Tm7&bDI#-=IKELf8?-r0SQde6&upJj4<$5B*tWH z`bpPd8Lr+h{kiE4!516Y3c=fEm)DXo;h={=M6;Jnz>R&Uris2Vrr1n@msVP=B4(|B zJq#O{XM!D_S|SKiC`|{!pR_1`>waEydOk;IGU{6QlB2|-XoP3fGZy6*W~L0K>I&<9 zlwM_9GGz@#E?;5D?ZY>rAIq)S(b|WX8;jh;A;+YO@rUpB4n7RW%}wEKNoU*(yUvfn zSzR9mn`;UUS%=$G(+J#jDqH*>F@HW@|JIq}>Pf3hccq^!m1UN?4|JI`kNi%Y%8Yu^ ze>JSXW^NLAz3`&0dhgkyi?;rA&4l~8wwGHReu4yTv%Z151E$Ixajt6{KZEv`dn2jq|dL%vB{TOUS3X#%&1(=Ys>YYq~dH$as2kYeO z%F#pA!?x<*%f#~PKF7E;9GSHuRZZn)FB^`?3B1RbHsg;**_h$0^5l?D_6I^HzsW|J z@h8>7`TdSX;B-3tC|2=*Mo+0L6sr9;OjzchKlYhI%{Y&TI7*N`KrO2s1;BhWC}P3F z->h#^OVs?DA@EdcZy@H71aq6#AdgFG9zPVpS?MLDr@IqilLxy1g?FB4*}HR z=IqnahrKur0TfS~4H3L%tc*%jzwWOFIV%r5c9Ee+7!Fdr)Ui`DRxA9)CKE{|lnXwE z@s%e3fSBsUo4<^cjJ2Gypsay=#39i!g&^9Ts+%KCT{zCNpT++>0POeLJe~rEaR1Zd zc2LH9tr5KXpjOnx1f!Fu{t!m&8Bm{V%qSGuBdVM^f_RG>Kpha&gYun zEw}%iUscO~bv|-qfH*&pdTb)Kj`F${c?qV{N@!T@MvYZeNW6urbaUUitL0a8=+@h9 z2M@BR;P-%vEQ_fCE8zOZuXHs%P<*08Ei8 zcH;0tbN_{11NrW&-PSum><(OCbD_+x1aCRn@a=Ph*ujC2yeXE5#J3x1-w;Sv8X@kN z^t)cmByiXa(95$j8jW7MZlK>Q>UsRyBcv0or>5a(RRzkHMbt(XF{`@&(o&aLR<*<5 zqT!S=!FEs2ZZ^7Y1)y{oEm61bE^a5U(fjdU?|}td_`uRa?_eP*yl4f~0FLm5Rk}+R zrAd?%&l?x@Y9sbv_cCx4g_qdFN;vZxo?}8M99XR-C7$x&;Ob|RyF#l8sD=axWJ6X- z-UmRL)nC#g%9cN4lX5o4Le4G8+M@GgIL$^-T>8y|XtYkCcaro-qkt&3$)@hJzZ!AJ zSoG**>KR;)F}I2BiA1|qqr^uIO+YG>P1It4uM*SRZ`bc;{fh^=n4khC$+BYr1V?k)fvX>|2NBT?J^HPhs+%^X=QG z!Ai``*AUD#eqRL#WfoW2ND})W5SIlN(4maNgm^D*psL?bHZ4JeaWsu9Ltt>S;GOij z6RUL!Q1d6xw`ut^u@-^$>47|;q0=5wDU}sbycB2Fjw}h!Y0&O-i9I3*6K8B82I zX_ZGbKKSbD>hSubsk<^*P+a+#lw$M}yfUdHq-Xb2`zK@3S&pU1?$n7IezYb3tu~k4b$D3gU1c5 zr_L~JOjOEfM4!8Du*CD21?Wndjql|;W#z~x9ZmL%P4g5Bz^O>7(!RGtKJ$335s00> zc)!im_kDl>=d8ZG00}2e--W1mQ zqnO@#4I3}UCnbjzYVfoHHYO0rGRG^U_p^O&K7cYfp(aaoFBS*+YThSo9_T^^MU6|kEbe6ex1wDr#P zth$3h+E0xg9ImtFm{k{qyX)Il+;=tGK6s-vaUw+ii=!hAXlqZZwZ6QZyq7JrG0`Yf zzB?4YzucW+ny-|nQ7vXQSd=*y-}%KPzgAbKyNxz*Xh=+0SX-kAx&0Fe=pMj;^%;Uo}q$!f#!DYQo?woKrB&_i?wqgXdzrjIislqVrA*+CE;#KGRddy+AGfpm!4%ZiapVy3 z5~ez^<7|ct&|s6y?XUh*6yH_=Vbye#MeEN*`3@Fr+#0~JEZ7h)q*ll8HaX>rr;x56;CAQAEilNEsM*s4!cxtq2;gN<6 zY84W3fdsF!m^90Xhyw{^Iy4t79#QWr>fPT-xx0l29jg@MW`%3de0F;`iv=B&)4td} z$xd#I(5(>G-+qtP-}^;X<{*LKtp4=e8bHt)n-ku?r?dWAfdE~h7LN9GivnauMWH?bjMrTuz0u->RK6m(4D+V8#7 zsWTJgfSxX?HEH~ZB|~r+(IfOC%WjLJS2733EGV>6C)M>nn*6)+Ko58-_I~(rLl)O~^#uz76<>>hpN)H?Rj0gPK!C}` zM?yE-oP)Y|M1^yo3805>t0al&gcclv3lMDi{Er{Y&dtg8mYg4+>&9y3>R@pQ7P12Q z_mo@523ti4tfaNdroM<)r`GZ0V8r!@$rjQbi&NRlyZM=*(P`bwHJ6Qq7ZcM3h0QLy zu2()gI}YSE(X$Hf1XLoJ5#r*w0Kup_i}kc&?BbaGa>g{d^JCmTN3DnqF>$#r;1^4z zu^+dN@IvGz;cMOZA;_s{$R_OmB);4y;{M?hYvBknlct>E)pl6X&ZS>QFu!yaI#WYy z-2Mb~v=U%Q^Qv%x0PLvXz#YMX0Jf5%;{Njf|5?%f5cr)0_I37iO9a_(s=_ph8%yuj z1E8t?<*!JPkXQLzou{MQeEFdQ!|7%L8l9o=#AwMx%i=VuOxvpSr@xA^6avlUsT>pjMpi%tJ$6k|rztGBJq- zjwh?1l^xbMEANVP(%NoYXXio3=#6KM-M+N>9=i+|A79LDS42SJ`+@qp1H*fzV5gGZ znPLFHTsU1Cdf48JavSo;bs~`IdUi#IQng_vTs)%h--YpMf7CWi9mLl4AaZ!i4cP`~k_doA{ ztx*f=ESK>ixAjRu4Ws?z-uacjL+QBhsa((CEbfY_4_m>~iB#fKv9WOh9IC@le8xA; z6+Z>T6HiegPYM%aN`?3}BC-1e3{`t#e$N9KkE_n_&rQ&&h5zRYn{d&|&pAw9ELfJ4 zX)`+2UYW-?Bi&=cB9+G@wncwN5se7Yz%Ip+#bwf47Pf}TXFGZ{D6Pw_#B&FGNNv=(hzoVHYXR+yfVeJp$!C3Y9|99)(xM$b`Zu8R%-S$j?5l;y zcz94%l~6RdA>9(m`rE1xvqce-$3ny_@w=u!)6_h($?ul)nBnfNG|Fit+G)R33!qspn5OOp}g=%s?3bVG#If5!|FMNio7wJ&# z@w#{6`x>gi)X!wRE1af@$oI~lsuR=NXo;&QAFY^P?4ENBopeeqC-7PfoGyqgM%K>d zRM3a5PiKLba0E#^+O&OWtE9D-#&bKl9?{+LgMZingK8p5?)meZHRapkyxA^0zW7D= zlb40abM!JH9*66zBrVY_T)Jg?{yb)_n(me`MNPzlFVJh>mIhA7v~hR%e{025nl8}8 zVMu16SOZk=5wFvu>zZYP)j_wAq;9JH&UY}B6842A1f7lo<&M#y(0t#`4m}ONJ=rD< zmOUv=hF1soi=X30Z){F#Fsk9xcO1?@3gXY;u&3_DWSxd5ng!8m-6U$XF5wgfW%MkK zQdydl&o#eCqba&u4vLf?m3{5MFBcgc>b?|b=&!gbVykyjZWGDX_EYDx^`MYhtFpGR znkbM6j#`XTZ&x@hqO0c{5Kf97s>G1)i$d{tjqU5h!-;itt*rwI*trbr&@%!e96eUc zs;4u0yTW#sXC-%^#3d6gBk&TZyUrQy}h;)B3we7PXF! zlv+;L$uum-aTpSr1L zc-PTYrRgX7A!n!7JU2#6>@ZAzy)R#TZNyeXnpNB=eERNH7DF`9?`~ zaDR(z5PLm-A@F>dn{~9ii7x>Sndx!iv?c&HP1ty@_qxY6bxo2Z27UyWBOl%gUreYj zV4(7WAeyL1D-@lM#imMB>*@W8aQXS4r^#E`{@BNdcEF*`{rx7~U2vF+yI*=*O%GKk z8Tr;go>RwJ62>Zq)EE%y^gn|$jlztoDnaJJ_7Lu@ZsJ zKgQ=O{Jgsv)_WYTt6J$Tu3@~plh!+n)y?5ShY`}gnBiz7FO`}_O%2~#@$%Cuqj?keXWs5{!4!lz1# zhV`8jjmFjwxs>neXVfW$yR_-M&iqKUZ$UGDwK4JvtkGoafj7$$HsfTpQPk+Wo!~8M zFlb;y^@T;8w;0%yVr5cC=(RV0DU+g$yUoBk;`V50@yaYGY4qvWLTVEyHy_l}SK6pa zBhMS;Wb6P7>;d{d2L)kffcoKr9*_d|8G2MrXnUPe*Xe;n868zv2U0>>kU zeKFlwYMan%8hUb6*(weS2oLZd^v%8G3j>_O7n|q_s4G-eV%TQ^J4nFZp#Ip!5-hjR zxiL8gC)u38EU(1beM3iM2j1ixcJ!DT^^Gz%heHso81GfHh^l;^RmjI3E_dd|nX3`D zXlpLzI2jG1E|sxz?jG317hu@%G4DuHAUq zPRCL!)GAm7BQYS1{8{ef1=h1z--drU3fuu8Q6x!X&bo_(KP z)f@al=ybemst*e$0RWyrhPLjMGDm%{pkK=$`Ij1l#QV#Kn+M$k^x%QBSPmymkDSZR zs@v|Zvk2E9_$QiXY z5lH#wQQ3O1?N-G@3~b@}ndoE6;8X?n-*ofJVnYrptdoeZ5AvT!hs^=8cn{M?NHV+TaRy~g#P_u++G{u8&K!Nq6Jh)e%dRq4T4=501 zIdXnmai1G#jV^;?kk|G+b_ z?>SJ)eD9{s{y3)7$YM9|*k|t6l$+d~HF_8<*A$75{S7_}7}6M6>QI(bxdfxphEx{F zg>@hoVuMgT@5Bz>dNK;YveGwm()|<(wGYidEDHW@6roH-Hf++B6M(B`J-(Ar6{JRC zeLOtbw&^+*U~u6%KSj|6cVI&+OstUBvHDnR-;CNchIgDK)!IS+)n@WJCKi_Q$=qT* zzpcP!$jN#h?L)hbuo(|x^n_Jl@5X^clcdd)lb9I-M;wU4&X9y_{v0l}ew@m4U@ULy>kJbOP zqD}PswVHxe1rGejsm@aS5=S?d^3jhTwi)u@552BUSI&+-2S}EN)Kc)(I56nnc>`(( zuoxgJ@Mskb5mf5ahap!=dRI8t!o9q_rZ^OvW{heZE{i|DMCr%01GvtctR{9D{ zo6kz_E`6^K{o;0Mk|gQcfSBKZ`1>4Lg~7clbboXOWkHA`*eNzAxI}yX5Pv+tEd$kT zRaqzT{`2Hbm0AiG1pvkEgjA-ykXR85}DZ@nYJ|Bqq@Q$ z_L{^Xa_wLlQe`}@a5gUIxKCY0-ONfKcp5i07;DLPYXi;|-1kkDI6u;}V;^J3XR*VD129K0v4ahef3G6;_&5vxYjjRHlGQm}K6z6O2nk;}{mb7S-8% z80^Bo)UR^3VouB{1I;|Cib3xas5E&;ip&JjtLE@D7o&t@{2pN&l2I8My?BVR`5-=m zoHxVln;$2GZ>eG5)vuZ1*e7}kj3_EpUDs4XV{}`sHT&(e-lM!ChKrV?+WPXeFXo>; zCn{m^vUZQtck1Rh#wlW|W_YY|Dvcm={ycyXcfVI$K!2=+*gYYzdo1|Jz>;_Zlp{Xq z$nOt$AZGK#vDJwmiwCQ~vtO|?(Vmi%{trckNrtlb!NK5Kl0mLy-2uA^7Cpx=?F4* zOoZ*68m^uJy!TfKXS~^bz$ybQ1Dgmh0qST>ylx|Z8wmcf2A=NdEqfuLD%+THKJRXl z`_5~QlV&+E-(z_-nVg`G?#~V?b)+C!&Z1?aTSooqjltFi%G-6CzmS;MZ~m+lpr z>Fs{1^lnboOI-LPf&PN0mK=8-cd!P@+gG~2`5AY)WTGV2`blDHYiKbCgvxE_-(l%U z#IU0pr5ZV_Uz+{rjz1s*z_Y2nP8qy$N>eKw!b(IuE-Y$H;9pm34uKQhmM{(f3RKo2 zA)IL)2i@2k#AvxglPo7J>9G#SYD+IEsKgt+mp>D>qt#o`|8aBv#tmB9eNU_~gh*4vjo!vB04LUg zq|zIA+352pa%f+8l(s0t$0L#{7Z z446Oac&Pb>9bYy2{3o+PqT~`d)Rz*yMH>1O(gSlAqb ztaD-0xOx)1#?Ld^XSOp3+3pq4?G(jZhqUn6{Kh#FTIX(Wh<;iB$PMl%1X6=8iHYp-q>TO0Bb_z6~^=jb!M%qiG zlDYXc#A^3YEul-kv94~{69YDM@*FAD?6U>ZL@_5;ILI9BimFsX2Nj!!-sPQbeRqj; z*2r3$rW7?iFVp^_(&tX}G8D=45AA&HS0SAPw9j<-@Sc~hp{`;u&M!V$|ffHG$Q+7991?lI`7UIz@VJA9!7<7 z?+{(&n{K`EEFHfWTn&?w@duk9NY%_D9&1n3^WW_+k;udu%zs`JHo$_=@|<247=;cn zBE?J8vro<%qBH>73Nb>8$Q8gV`yc?_gn*F_WO#i*(rf3?d;YPPxKkJ&ZJ=oDzG@oz z@=y`ssQB+*H*VI?ZyDs6vX_Ze%5JxWu=?apx5PQ6@8gq^ofq~H_EA1?+LaXFbH?h; z?w7ioKWT=XfH_4GY(16xt?M?X%2}gtCfeY`Fra4GzJ5*nFHf?{>y>vjee2q~df{?U z^OM{ji|cLLGXl6_6OylYn1p7(o1?ACnS^2O`H97ed>XERd|(;P2t@n%C>X& zo%F`9=_QITof9G3_1A0O*BFd6Nam66bTnbhqUVh7P)N(p1x0)50pO#y&-zSfi!IefL%Q@HOw z93&Pa@g-V4>sxK&Yv;KHEt^}PhWl`yu9RZ}SLa^1Z)-;rVkh_s+CEfoAnysu7Fe-# z{ti1?h*NR&F5769GMrkgKle+Kag4M{4Jgv&Ko(Sy(>N7r6v;(O02vimB2lgqB9%3r zW2}^mi7@u_qbASD>)%plyGbAHl-|~fB)PR(lL_E(bIOn3+f%`~#Hz%i$P;j@@FD4C z{=-*qwcENv=@;^)WUt?kO}u=MUyqcdmwk}BVBVC9td2>y43m9~E=V?14EM9tUbH}R zMQYe(&A{|S_b=;WRikazBi3f6v$hZ0`h{#ixt!T|F^XvpewLvh`ZX0Doqf9bPVF7X zm9IPB^PXZ47Glpb)y>AZd-;>FU}_3(OWxofE^#>4Al>Yyy8lp}W%lr}xa*eo0UGzP z*H`3Ptg?U%h&Xn8`$`}L0uIcc`AA#57E~N>QvOZJ{;U%WAAyf!{zlssPvPcU46?O{ zp=6zhv$Gd|PEP?+oob0h-Jfa@kwT3tf_aXPQhGmhnmt9S_O_H<0aHAR-}=rF^m!1o zd*7#dO4j{B{(6UU##zO^!i)g8)#|sS9z8(P{HE{|7(Qgh!ROLcw?wc_3q{k1mF8PX z8Qp-|>!&Nwr(4Y^K9vn5d5Iewa(nv9ROA<{AgsVkx0BbCM$%ML>{)pODmJHm7vLp{LsZ-5wYrgC#4%c8 zejRZ6i{QoiVg!>Bu2fAW$_xfxt?So&I#T~YA1-#hFoH(v2a2}*@?FRGBt2%#<)dfb z>8JBHUgu{dKcD-WMv!wP=zrZ0j7P`oUl@gSS5&3D9j>5jRsO3h-Ie znFFXaeFf`s8*+lqUaW9(*F>`ooBq&9DB8`$I4 z6L55mGb;-HLI(EM7a5XBN%@K8Ed}HzXg_T2>@ho>U)^+J%^d5#ZSe=q(8Tna?DaM zyQ|KBOlKog{y;!j=<~_nI8pAzn<9!uudd}sAUlrzX zA8|nm;w+Y% z_9fQ0JvU*hivs%vg|qFlp{(-zmWD`KvZGvPmu<&xK+Oh|eZ!?XhdlKqb5tQ^UqcJ) z0litm+ruHK2X!xZZdN5BB@pxK4X(k9OqZ}PwJCd|=aWo$h#o2aOq^doV4EDd2bWL7-ln_fV@DJ7kP6%Y)tjr&XU+Zj-%%F$ zCnpaHU_`EZsTzM;dl>d?>qs#mc^$bI2}8urirXouyI32M#`QTKH9=?#BUKN|96n6@RAaYEu5$fr zW#KTh0sV4&rz;RAU~FFTZEF)B?uZ~nHs7)krS?J@B&OGmNljYU(<$EeAzA$@l0HP| z&qn?GwUujxg4sqw)K0korF=$YMZYaPdD|ilTmJE5&Kg*=rxYg7pmRLXS`LW;FW{Ma zi>2b;*bw)?3?K#Y*?921=OFWF-F+~&lw!4zI}luPIsIMOCu9*Um1`iDH((Ct)kI@IRIBd0NGyg zuW~6Ioq11gKN806#})k2{rE7tywd584Fg@>JSbjs%_1<(PV{gmK%1*O)oPEI?jE2s zMV3E$$sq~I&4UHE#(m04pCY^hdBWrE)|J)zWKGA>YdpHhb$*F|i+c`SuwW0dA*6FJ zu1JC(+C=Q+Rfm^0r=7^KIwwxu3BnwGwrlHxoCFF@n+NWef2+VmOk?-XVM>a(9IpFcery?Q8zZF4d;D1ZTo2m;*I zm_H6Gihtxv@Axjld#aHD87T0~JIR?+o_}0O7G4X-=|&@Ok66ZR%IDJR@(mxLzV8CpzB^5JpqRGrOYr%hsASQ$_D#HqyX0-YWq{F6 z#6#m`?j*Y+a7U61tI*do)h&Jd-8nsD!m70y@=ik$i-NLhVu*Q`Dwl%azLg$x-n9SH z`c?Dc%2BW94~`&Ve+uE{?}J3Vl*oIS6Wr<}VQwX#E@0C9jyiu6q)xDzFae(uK$`kQ ze>%zjeOqM1LC2m15)r>@kHH0yMlBn?EfM_ZGEAayYZ3+!;DyR#QD*uPGPhoj@`FC0 z-4dcO$+Igbm;VVt6H_+KV zD=p&EQ8HKAe~}uLT{s^)EP)!aht6KOJw?C! z1AR7jumY%iI~Kx_Sk?}YWu9IY%LnkkDSmLoMX!)V3N_hR(><-V&+ja9@nT;GoNx-W&5mt>mBw`<`*E;}>Hx?Fa*P-{^_npR@| zJ%vwgE06N86rz(q8OM;n)1{mui$RSlPVgxAKp$IUAc%ft+~T}X4E=ri+5(F^EVD`~ za%&%Y*bD9F6+gYV$5U38g<6mx?UI{QHq(=elnN)hjz}oP4-`8;dq!8ZGMvN`&9BSS z5J;w2;Pp>!jRH}Zn*2824ITe?vB9VB1e|#%F+=tzj(&MHf&^CU^v0k3=(&S+e?N>6 znjz(}K`CTqShPLz&z*PzcS83Pb8CFhJD{T^M$M|cVbN-Xk*37bTy2`b6={rVSEU{Z z&A&TCW6J$|NBMO|kXKtAhXP z+ys^KA5e)q@n}C_j*;EEb%vzIysTt$I&-TVR{c|dAhXN`3p#JttV;KWt|Rr46-*D- z-&z&#-~l{w5zVRbB+JL}FmKTxD;hm#f2twVrwabRDX`*?l{kGk&rURJk_UUW78GsT zy}0(!WmUid?h)HVv>M1tDziH?m2d*a*}i1mIob;Tll7t1|N;*DZh1Bi5QD zq#uGks23>>q2a4R85ZAvZMP~~++mB3 z-iJcEmdl-=0|9x=vBp2Ol77+%8q9}_se3(Yg!$&pBvQj#;7gx%z(#U|H|O*og3a@a zHzKW6vVd6!kWsCqxv51#{MB4V(PX=W`fZH`j-YZ$vUdBs{uI?}7WbcfO@0wmCJ2gOmeYFpOHJhKm z&B*-u4F*BU{AG@ZLZq1r8*HfI82$1r-YA~%lO#+)PZ8dR+q^QDao0fkcpY+?hk`EY z@5B5=k_s7OvagiFDz%ge=1O3&V<#U0I9f70;$k^hd~a?rUh_Xss+GkEYH%N9scit? zevTv(WJn^Rc83Zw@Sr9mC@tTlBtBicQxo$Y9&{@I?@=i}59~W(K)6N$G#e}m-bnP6 zJqaq@;x1mhcbIehjA2CCb!0;|1}XI^e~XXQM6V#&3Usb~jKvtN6H zYhGjtW2}++OzU1DWrnXU0?A%ux(N7kBzMGuvmD}}6Fre6B|K|0+zy;u#cwkZ-SG7j zO8^WLU{>o5XW^=9{@90BiY*JbCeP zp=8r@Jt6MA9@QnQ(2%&J{`$BJW8R7v+>eX|gm$f9qWom9GtPzmvFkN7vcQt5-72G+ zdI)TS&6_q>M61+i8%1Uw0fXXxbPv#N@C5PI{?PMJt(n&qq>f5=YTd@nz{Wcd23l1S zS)PVoU+Aac|!nC3Zb2&xRhn2$%&;Sc4DUuZc69nb#Wx?{vH_~5w1XYHIFVA+& zkHt{bm+3%nCf4pd5z9(gQwa5(K%i6H5QbUp4>G-XTkf2m4mtyPPJgnGUuA3VotOnkvO?Dzt30|O;f(Zowq$P7mp3F7Tzbuj zjVm!@>)?O~6-(;O5`R%+Ic1>q#i#+>hPC*{RD=Xra|@x5K@~q-`(vRMHCV9~1Q>R4 zX(#>{UH3n3{LgbZgI<)ZWO;3=RE^t-9d*jP*z#fh>xhTU+OiCVTxmYGo&s#P&$Ju> zP+e|#?4ofsJ%Hpn6+W+k8sYbR5zAqTbET;6t0M&a(gHTf;8)0iM8Bk-$5?pp~GB0|E+VeIK&^kcdwkK~qi@yoq~ z)pRI0N4KklDz0YVfVP)od+{hf1EdwS7{dWQPfsku5;!cezE$H)W7Yk!6bp$dH!_I1zBsLWhp2BsXS~2sQEt z&@Lf~SA_(;boL;-#77jO5~MpG%44Ty;WYXRM?U^LXMB|l!IP6sCM?Hr7~%L{wT9z+ z6G0_*z_x$P2;TDmiWs|FArrC`+0$t3VKmHjp&zzf*}*DOAhj^>r(@8W@1;X{E^AP_ zfN3SWLAW@l7zjHGraKcg$hP>YBGu?iGbeLM{_BA%WT}3zUbc8pnSHaG#R;8jKhqn5 z3)udF3r0#GwSPKwCHLT%8Ko>u>CkDNK)RpK>4kzL1|jUdsu7?z$*-zRsT!k#9dx*c zz6rX8N$%UvIbcnPShcFEuD5Z|LeUhm-Isv#Ga{_V*aT$R=#57Hy3c>Cs;2{Tpw;*5 z|BeJX19gRDPm~6vcE2&-LTARMy)#O`tK}3q>%hWzCKP8;a!ekcMG+_{=&)EA9UVa& z@YVJr_IJf{ms!X9noT2vI(VtlY0tXH73uu@6GhMrDV8Dqn72 zy!{aX=707rT_iyhA!2$tLw&}T;q;fQ7+w)+n7Vq!dB$lmS+5~4xgIIOfAeModFWSO zz$AE4FfQmp=42rJ3liyEC_O7!Lj@O53+{Do_!3(xSSVaBFJ%0M-_sL-3$p83lAQ;} z_K$Oi{ZUVd9Ohm>pnUcUw$R}J-a?5Qwv&pyW^3rQMzMe7X<4}#mUlDraK_k86p3r+ zy&0)*Ll%D==9kOZ?&8k9#HfcMSD#K`k;cpX^ivQe{Of}wzyt8XimtQ4^8_H;?Qb2z zOyd6^Hiqhlrd(4%H-p{`Ws`V`CDtYX`VeX-+`p>_HkRB34Q@Sv1sP39K>!~q2s8vg zrX!y6fk9k0k?knq@+fKJA-->o)5C7Ge}$s))t~kw5TZ3fPJT1y{K*#9+VN3Mg`PEj zJsY-p&sZVvZCGm|SYQlbL3NFhw@v@c8q>vjE_$_fft^&ZD_>>*>#)a!kn4ulndd63 z8d{DQc3ry08?iiy1Pnd~yWplrqr7Xk|8{~ClQl8AMdpO|m z8ZPDF=`}FV`x5~>u5w(B0v!jTTGeuYY(1^j|M8Mi_r1=++sa7*;?c~Q+iby%6t?1N z)U;lk+efR++yw_rId~JAXyt z&2SE}dG6Tg{Bn2T8b*OHVYkbIiBt5J&0e_x^WgG;&du>vqLMhosfnC!_35tH{M*-g zJ?sJc2szSkVgdaoSSNjV?fD@DL|R}UL7$SNipqQ9SOBr=`DH=H80;}_Yh=LKMR7lJ zesf^lpVMH6QgPB0?mo4%^-;Y%8t`@{K#ps`YN3vPYkf17 z!SeAarVay8QnO~xMcQRL+`+94V57gb5M?22HY}v@O z{_t%Y6YJpc<(c8L%F|)TQeXMMjlfU(Bmk(FU z`}XizEb`Tx3|`659PBkFA1uRgiYjRR;rgq0=4r=6v2P(>ZSUUAxczJQ9K&EwM+!Az z>iVDGAY8yWm|3-A`$9JKBdLMFZiQ4$1j3Gugb^TK6BgADzM<2Uiy8V(Z#+LaQtNzl zes~G8JpPKEU)Wtfk|h#t?u9nGWu zKt9DJEKBwI<-YEkZi}kMIy~AkSF_B4!do7D0(u4paeEZZ!I6=_)(fjFVGeRtPOI8= zbXP^H5_|p^L!Stn)PQjr-hivuQlopphRPTXJ=WQh%AAQJ;PIWKG?avc08I1>F%j%s z10!vDHYc**;!SN0shi?!jM#?kdEJX$Mr1q@;WP{>EsxW$jm^{Q);2&Z#O;x2>j$S6 z>rcipM2$4Wg;iih9RAE3qR6^(%6;&fAhd*Kx_NcK0}^A`fh*xCG_;8A*cO&uZC)sO z*VVQnVGpguXdv|w9w}n*gX!0!{)N3g;#=NP`wmn$ZlHm{!Ot=$#%u9$-Nf43iEo30 zeREcC$z>{_Pq%~-nsH{*`z+&a){KfCZO;v02p``buz%)%wi09FfOl4&VVJEJfI?g6 zoahAfsWBA0;qo zpcto4QDyjwFIu)6_MUc z2XQCsf+P3RJY9Q<4lC6~%e7JkLFvLvVVbQy{aZA}mE9`uW;2A6{Yx_wOVg&KZ1Q?% z)Q+Gx@;bwT+H za&OGdIwam;CfPie7l(sCmF{jsy(@BThD=oyUFCv1-Gtw}KvN=A6OLf7V5jeAfdS zE3T@JexmG+1(NMtPhs)1PPdY}*Kx%!2Ro$VzqNv zsu%@)3=QZ>!QP@<(*v*7iXfs^PcW%y@-2mNVvDCSlz$L>jH175f9bYAPGjbHVrQ%^ zeR7vL34K$3ob}l8J6U`>8L!;9=UQbnAF&rhQ4D;3E@~*H&B` z0GZ8>jM-;PiN0@QLd-r6TPsmy>rWiUWs<_M$FRTdHSF4 zg8kfH8@>AZ2%2ni->9LT+N?h-U5tHy_W=M|n8s>A5o>Qf`!^QDKw`18A@^iNFi+g8 zOBNPN-KdD%Zi z+~kU?_B@v9vSMH!ZngLCN(3i=4HZ>N;{`{=!B?Ia=aYc_XhWW=OkqM4 z=o_)cA_gMNIBy)EE*&1!kwGZ-6tAO}cs5pE&lco6Fn`?jh#Iu51$l_bKxP<~yYei6 zUH?liP<%l)>SD4auf^wKa0CYhle9Pdw&&Ud$<52oHj6bosU(!kP|GUhnD*sTm{)Dx z>gtEB1()Zmw7F;6Vm-! zuUvM8c;CF0M;p>oe3aV0*P+vIGMQT^Ljmn18&RZ|{rSM#R)^AUtV_Q_)5_K2Q=_ZMmJBn8X!H~l4c~XL>_dQ3<)Ov z&6^hXbzL^IhtTSKfR01aG~~=fMp!SLBjElM0#jhWbj;p)CvSJk1wdn;g|jcILDXbA zT7fDNC1CfU{f^{?FC45m(z872!A=(bE^FKS@lrSA0>1Lh&(Ax?jlSo}S@Hb3-%+{A zgdxCo#!$B-?rGQl#*nH)jar^TuJ1FY?+eSlCHNj^zo~LIZe$DiFvvehljGEZGLDH+!`aXA zxlcIW4|~&Y!^#_^&5GOjs*wDO(EeVHSb)RlHnl{%O{65lZ_?aMU7c!M zG1T7gUBc}fwpkI}HC?~Ir7`)t_)egOhwa?Z*{>tc6yVdGX7Y5Ju`2i%1QQZ3$A3%A zf1^*ek#^Mq;fl|x)eNGBAN4Dr%T0)rOw4I5acC}y2KJT(Tdm`7E%>5_nYro81*#BEh(b?9pwdWY@qyV$cm*`R9Q^X z9%-*pFO!wrz{z>brJ1RT!GHc5RcC<}M^kK~ebcQOpO`m_XCIMa2;{7A-%xv8v-H$l zwuc@9-c^y-Kwo}J!}6IfR$;FSiL2b29#5iIdVoey4|Ia$k(Gfe@}s?dO4oyWQHBrU z`@uG4@tsi%OJP3M0V9VlseRTgjX@MXF}wZ?X+3Faqtk2iyXP4`DtE`n0tHGaYq$&} z@$2KsgVGJ9GD~_1Y|SV3Tq*@dugjN>o+l*SD5xrblh=vM983>DRz239gvCh4-mcar zW>JS~krDNQu&wc)RuCqe&L(+LVQWj0a@-sJEt9l#b9;NtmC)CdR z-y^B%q01%mMm$kdF4MSD>7bk>;@NI7ST=cYd5|?S1DD%!-$SZ0BDK;~g9A|MJl+ z;*lc_>FfCI&XpidCcTy7a6FQtoSwwz0h%s3&qj2%_@Lu>Q>D}jy)AAlU2U-o6>~EC zV|6#@kMVD8*F(YurUZ^1raWG1uYR(DD&wcjiThy4t|6KQ9YDcJBSB|3!PFa1O`DeP zF})B(AtBz7A)Ct+6)KH(UIS3@XDE37e)*a4*UhNngX+h3^j1<{T~*n`1|2n6z306Q*c*(v?2A8tIG2ex(3i3|^E+j~WaY zZKZgdv-F)ZYX%&P0=8K3W^amr?J(lEJ$5yQ8aZv5d;x~X)?VM0G+lT0dEKGDbs=Kw zZWaH*puQw^lYm3p4CnM=w zVGQOf|E8jSyIN$1UsrU}iv=&mhOclwU{W+_Hr(I7!{Vl!w-{l@$U`LQ83?o%1jAJ+ zBDKUtXSYbWz-)n~_t01Pd!=eVQws)0N~wi^wXYGaPH8Fpvj{Z4kf6KC>z&30j?xr| znenq$H(|hLJjv)SFpx3KqNmDOe{i9(ZwOGav23;cCrBGb>Zja0QR!S&Cp+-~rlU4> z!`Kzr2!Tp|9!;GVCH##IN_Z<8923!h@G9KA3@cpK6>&@rln8nzRjgkbdcI z5$kAyJBNmQ?`0J`n&7?G+86>Nq8kj_+cIX&g}UP{=qd8$3ei~MF1qgWcSM~)3Hv%{ z4;v2sC@Y1^Wq^EsR@w1KyG@i{bK4<-qkxgAQpuoFVD1G-&vWAmyO1<_d{f+_VVm|% zUecXq$H6`os*Ta(eG)XUcl zqV@FK(w#6InbEUud@sDKT)+wf8$yR|5bH_);8ddT%oBLW+-g@T8u_1&n1Ae$9MSMn8$@w-$3lSc$|D|Tzc27Ro{*{|sA`fcXg0J?%Mhx_Mpk(n(h zw!Cw`RlywG4=LTj#*XlwP&a!)vE#REaw$r8&?zFg%#+gea9ypbq5(Fu8_wJ!PyZg1 zuRD@gnj%{q2)+F2dM#f=L}oy!i+UxBKbY5LjR^uOJVN2$II^^og~KxGDazj+l1;Nm zWaYdC*87gJ_mU@%N<~eY!7$lE6`c2W=a*lgHie{+jKcC;l(uCjBA*U7N8qCW@_*$41laQ-S7h zxyd?a7aV#rk}T)8i7R8vtM~$nymyBuvJ;2`_GhanDkvJkaJ;CAC`^lYesoJB(NJgZ znD>~PsZs=X?EkY73>;-guX@dhtbU{h5ur^fk8*ANIu2yLT__FMdVcqlOqE%JzQH_Z z8*k`b?8VLSr`Fey+lUCcMO@zHzP`yJHFj7SI*s%Vh(wjye;Hf}lF=3Vo_Ag1zyYPB z;ue~B^yP$+^1a`x>y@Jm%;{8vjzLZ~IG4VuX0&&qgp;sp)VURNJ2;!cl1Ww{5bYE_ zdj-&?)~2t6Y2T5vV-Oaf#E}lWPDkArQ?BcDyVegLJ5A77RWGSJOsRg$7rAY97yR=n zKU%7KY5zh5w|Q+phvAxs$1$bOk#Fsb?3=O58%a(m;h(xdl;;p*>nnCPuDq`B&mzX7 z!`V?+)bLNE8AkaJ#!nC)KKJrA;J+%hs(j&({vB1@^n!pRx7-XAeLci}>P7-6-{XK}+uH|CXlpp3v~*l;BwY0AuK zxg`nw?@-aK=m%Uzpbv;@_s2~;y^74&<67v=j<9$s-Vd!d{rzla%RA3(ZLUw#cxUA4 z7`YR(E1Ii(9!OX@(&vtzGt7(*-4E8~EG<7j(;n#$jVEP!uG#!Pe+$TTFGMUe70#6| z(c3*3vIcBi9n(Xo#qj7`%L}bXG$wX!d&wO-hrEaFh4`v9vPft4WOnxJrkXQX#9Hfo zJvLQoV0v=4V>9C?~bsdGn@Mo3CQ3p{Q)z$S^=+e6!X>szfSh0JV!y-X^p({;TFsOW&`hafGv+DV z`4yd=Yl_KwFXFBA+udK29c~U5kDCvVF!aV6qdhk+e3&|DtrEH@5WJ`T z%{t}M70(T_aL1(%k1T`!3Yc3J?D82MID-ofu!XGgxF z%T19$)vk8FLnWK8W;FWv;PL2174(+W_sKdFqA{tm`unE+4^^+OR~n5zy;tyn`27HaX|sN?g?bVPO{2TC{TgVfAMfpVrBh z>mKp@sDh?3CSKxu4NwCj{caO$EXEQ9`aL=ezv$^yvochQD=b_iw_LPVH@p$Zq1$A? zca55w`e%s^s@|$hyIoVPq3L9E%SZMcWoVtYQ(rN6TW$O-jHObh=njG*ist0B0E?B- zjWK(*T_Q+a)vISWmd}@rs-M|-uwVP>vDXn#R3z4(H(yipyZ&qX6CLE+YwYjETtoIF zuPE*nZRz^&+W76>GibN8R@xfi3KqED_xVDEP2S<`I-f9SX=LuwvY~L6-S5EbnpMg6 zm5~XgtbJvs?+YVB>1U(unVe|NDB9Pu_NLYjti`dMacs<8>bq{^MP%}+?k}t}?#({f zdW~VV_aQRhMu=p#U+5z1FA2izr3U$kUnO|G{3erX(M3Je>pcUwQ<13+Z?idtx2hsV z17o(QnmMP2ddn_3Mb*C$&rK@$WqQMpvTUu}N}ZlVqq^u***%$m!?OYQZv)Ph|$ zHr58xY3obA6^rtVx>d7JsphK%lAApYL3&}6h-T$q@O< znhw^SLXD+Y+Zhk75gX_R#{fM2vBSwIXI{B)9jYkd{M%-V+JeeUG76PUbKg-SBYMrg zw02bL@T;5DGLHtEwaUuMN`JnKPW<>oBM8U&Sx%*=Sp%c;NOa}%5~^8`Dtn~kybQ_$ zcZy-T1V6U}m26eE{LaC~YK)`vn3gKfNq4y?Ek+7{O2sI27U0V;pmplU_qeP(y6g@D z%%FUy_1n%yZcN~V2>Z<3mA*sLpC($-8&%QUoJg0_R#nDxr-dnc;HQVAxzh&$4_(Sj zR+(l4w93{-Qg-A$yM-XTc)uZRJBI)6{d+5y_k$4NCZrh(bsmfT8m{cK*M!V(N&kEI zQLuJhr|zf%wftUKA8oxF3JQu;)m>gY52v<|e1w!9t5$CXH{BusbRMN{2aaUPWiP7E zyowK*`g@ac`lYz;TJ_D(HL@I~AyWv3dbLbUfB46jv)C*w;)oNmKUy|&3 zUab9+b)G=m@0i+iy637Aw{FeAHXDRx?5Jwlv23u-c6WBCcX^WZa={bF87vY$nW?Ca z={oJI#b&a*`!<0bLqmOKd1v?3WxGH5p{pB~Mn017YIUnpf2iQLfdAr~acXlqz1`^n9E4t}maA%?GCHobF5{x1ij&<{T0} zlitxVDW&s{@xWY|R;g{;AEPhTsxMJb%PeoJW7-*8pFMbfJ9F0a)F=HZq~K8FFOzt6 zN>6sHaNW#qz^LxIH;($huu@vUN*Po_cj(fSYC@-@ht7{gpez&L zQlsMdKKi1xLtf!Ax%-nZiV=Pa%FUT=_ROt|7@Re-;~nYa$+WKil}6=5&gm1Rrd267 zmCM`h98G@GF=h0Gll~=Ubpsaq^y*AD%p+8qSw`xeVI^| zxOIp-yxR4uv8LwWxEUGW!S9Xi&O{dyL_KvS&>0UpOl^5)OT(h;wU8N2oKp8*EnaIjKDWvuSyI4mO7vb z%btEs^xa=1XSX@;H-Y}G92FXI9%mGK-kzx^&hGIheInCiR97B%d~rCRS~M6V6cZb< zJ&mImx+x2y5&ugWS;h6TtY!x;ug23*FY%S19PJ2k8z?1XizpWWBwYe^5yM3mtrdC` z+R`CWaq)m`S*t^$Rfe;Z=H0^O9pvvr3VK|s^(wb3Lk$-B}}GL zjW^WOBjTY{lnBoJ+7Tt_P%pb;F^cgtg8QD)I2ax`$aKrUNxb6XcUZiUrsaqAAkHr- z?Kyp#F&92{yPL~)>Q-@CHH~pkm4tj}015TC3nturcERt1?)wUt}a!_#zNkn)%X$m05FulP#3IZK(1^ z?*v|*TWDAlfE=z8aHO)n_wjIgeqV$xFd+zitbTur{rD~TF~Kv1n`rd?{f^ssv%=kP zM-wzNmC-E@+|gd!o3+>#i%9sQuwdN|2&}6~>tzTJFI6ch=c$vA>a9|{QKpbnBxAWFhc*0IDwZqA!>NTuvylhF{Yrx34l*- zkQzF=H8v?rFc}krUVD3LaOt+l#j5@c=%=~EJ=VNx*drwVWEaw5k7-#k*d-C56;YU? zAQR|`B7k?nVO~!NZr}(d{C!rs=iC|LUlkt%=o=+VOsN@lgjD0%8xHq89yJvN1(ph+ zNhWw^p|yPcHpiM)rGekEaZ`G)Fd>Lb|N5HL0}!_^EYVAt#d;Yn;F6k<{9)D|kO)_7 zovTx!UoGuf{cHtWDgO%T7J;cw+}C_5)&ASXv;+@0d(jfr=SgQIKOW&J)DQL>1V zCI0Wel;J)-_w?*{n)FZyXVG&9UEN}lQaqh|15WWbVZS|uV$FtX3k2!IcrkR6vUWhHJ9M@5`7!Kvp~iGh|jOwgjSgCUfmT_*0HDC+tor4Lk;0+M`I7 zZ~us@p*u%mYJYdv>A7 z9NR>_|IY#=LZPEwT|NKac>%hy^Ikt-xvz_*?y3un(zp$g5PJ!QWO}s`0Do8pdb7f> z&5@GN_Q%HSQf)93Gzmoeyav9HyR{=EE&pR~qmi2LhD#054F9pRQ27Ac{~LREOOGrW z6))INHGV zJVoAth+7NlK^uW^srhj9Mii5XqOZ!G~%U_eNSeY*Z&vR*$ zXbqn8f7YUk9)Cs=W97c`G5@!u51dLCD(E&J3%#Qb-&&5}X1a8AE6YNNMve0y8z!QO zav=>v*A~yD^IZpMz4gslazVN3>^)3&Md(QxozJ>E^9HOLexbfBVO5=1ftzBkTLs87 zSt1mx<#$s&fSzAPf1YK=q7tfleDJw3bh@(jWxT8{UEY2CJk7TAFZ2>i+8o(9iL?9C zyzt~+wjB%x22t=|Vpb^-adze#aaj?}P$_H~zZ$|I|K%&5Z~&LtK&%?CiJgd3lcj-* z%H@g4NrHIJv6ViT9d_od7+e%0;6)fU=PH!8!AA=Hs=kwxSc5pvC9|}~= zFv+B^0`j{iff62Vu8QdTN)ia4_RsxUtg#3bZTE42B|obiBz-76?ig`9^HBbm%avnP z`UtEWo4C(opQlh^DV<^TyTH#NRIZcg?MY-5r-kaWGeCX`G+giJQYqYz+Z_2pc=6)9 zitzs75^D0F7sR%I^{n-nWt3?>54T3_am##}l!7v}vA*heu8O znKBy9vFE79V$OJpA6Jx+pGABAq-MdZZU1u5yX7_MJi%;{S6PGOic}o1f2!PJ&0>o* z`=E{FgGb4tsAlytL!(l~ykf24p1Ia!!yEk?&$B-YO%%HZhVq@0+@*YO+gMxQ;Nu%e zUVFY+aBENm`~It*U~*Ni5Hnt$q!M z3jMFp*cnwnt`UfwIg5t>=RaO!M84@sU=z^Ty=`_raw2bk2IVuorJAff^#+#V%Qoe- zyE7dHOnBeCYtqbUk;M?#vvbn*WDMT($I@dd40@I8e#!+RteoFY!YznSsE&M(e<32NSWArkk>!|6m?s&)<16Q+0Uu`ZkVUOG~cIhr+~eHLRWr z4hKcISWYdv3ex|q2J(~0IX&xhf0l>pCz=4G-o+-IqG8>tb03(Ix6g<#t8fqF2;O@M zZ)uz>GPA}I?353y@h&a66zKTw9&YvvKg3=Ik+HmeOF$DnTxb)Pv2PglYot)M_o!SV zlv#OZ=jSpeOX-15s&aa0#nynTjHR!oXsKq6cPJrMuu&zNnVm|nAFkU~Y0qLKLt z=h^VxciYoV3mIEy`-aDS^|NS4&F;k%-sq9c@9hJ>#NOpF|tQ=&A zknL2`s1uG9FuzrAj^-yba*&*$TDJ+AA1-LLy~J?gaN zV-xxMnIquRiBXc8t(9hEd+X+T1fD8o{N1mu|NC1&DyBVeTGY`ciUg8 z6bS_RUQl&;Ts_|$w?N8rdYp^<*1pu4$;B@xXOdg_({@#I!rY&8Y>1l`Y~|&V#$vD) zLF~gQdH%JCs@56-s#db+&PG+4}q0H+$>C46iQdt*~-D z&;CB|(|6gCaVHfAp?dCn)PlEF=|;He(u>C6`BN@VMVH>gaMWD;rH)uRt-x0+X_oZ% ziVPUKr-^KQVETXGe+MG!Ane7&%ypMP9~w~#KnXM=sJt0JiR0K)5qJ+7;YuGkJ9)-p zIL|P!dmGY<&UcAc6_ZWYrTwS~?Nm+BI89>$5+eATJ=HrqcIyj`Vx)~U~A z?*-)h>oj1a7gdD*+FL!X)~ zg&e)2C^nV(eTSt|2wVD|ox660liL;RelDTW=t4|W7)qmY%3Diz=5$7?Q1n#R<(c_- zX;+ambi@pY=3geVAvaD{xHCHVynj*6cp=`9F?Giwc2{r>B`dacv6P zm4u5%pE-3<*SXSO*NK=rN&bH5ql)9>x`vIP@1DLI%d1wTR;=TWdtIICnhKX@EUbX^ zq^`C%GS>G-!o>+sO)YjgADmQj{H(8dxyjk={t>dOoADy`D*fn+IkoQV#j!H8sBoF2 z<8#&X!Rm3N8x7RC&0uoqirS~aI}ljbhc`c8&?i(ks`D=GnxaMKe@7_H=@ z8@7!lz81nso6sV6iEt9C*Cw+pM+u=;T<=4;#FKm$R5I>46Hhe~rt<2{d_t^$=KF1~ zEo_k6)ySk)eqP?>pPzlYOXd0aE)3oIw#RcKHF`tF{#862iiKuj1$ozzda8*}1u4DW z5U@sJeEUwCuHApr@Q$71QKwa={vCHlk*F=-dI?@RLZnmH7pj%+oAv9Z=`8HAXTdJQqISc zgZvn6p4!yjZ|CJZ7<|w+tK1blU$HCXa zpIJLGYrZcBvBXHloCss5@*Lv0>}`ATyc%+B#%<}X*Yn8r6s=7^!{?kaOC9PH?p~76 z|5HvygUn)yGvo9rVMR#T|Aew(PrywXhA{q8Bd#OPSGx!Ajo8gCEJFM({t#=5mhVRoro&sUvO zEqMQ8jwbY^i*r`+6H!Kn&8{DLv-#un^>C}*1t*&$ED?UYa**C|us%N8& z>718Yojw-Cjbm!2IC;+O@KJ;*_q^Kj}ME5QU8CeZIn z7P=u-_g+dyM)g67?Ttiy28?E5z^simw*JpY{`wns|8Y?1=OOS(Px#u<1tg} z$9X1$JN?dxQGoC2zn`!eH`EInsGo7HYW!jfnhL8U`|&5&u9I`K@~TuHJmVB-;5x*! zoxQ3oRy~TCxN}1pU1M7!cV^SZRV%L4;iXNHz{1kqckjqky>&^M%@sy|rV}-);k5fo6Fe$oUNLRW#0bL z!0gf@S{B3A9xvTVvu9~(u~VxhE3eizQ^Fw6Y>?)F+dGw&rPuUagmUL^KFG!07*79< z`Q$9kHSc$C-x5L;w{E@(pA{AqRF?6WHL*=s2^VNejW)AY$Q{qVm$7E%d&Z{YBB?#e zeBqkBt88b=U43V?zPW_~VsdziTUVSngh08V%Pv7<65}5e9L& z-75B&8+w5pXq9RQ(|20{GD~3k)KJ+#a|=ozUiDF)(9ApVWRwl@@8JKj8R)aCy#uIdP}@ z>_Dxq*GlyWE^BMH*GYpvLtJrN=h7Z_huH)L*UCj5(N_PTv-I5uH;z4exREzD{&}!H zbhM`FtKV#2%UV-xx7{ew%({7hyMp6+#^|M4yEhT^=8^-qYjz(#MHq0so~Iymdt#&I z=c7)}s3Eo`v8@)r_VKg1!#DeKtL`z#m`Gorykj%)vf!c&Z>x#>?57jLejDgSpT(xH z%5Fbgi47^K?&oK8$UjvAk@Ul|7YmV_y9DnO=1;idVJz7uO}-z^v?$BRuj-E!y3rNw zk6Dr8Iy23Ah7K)DZk@3XI^XIQk|ZxGPtXArpw zVOZ?YZ$L@y$@AuZt4faLU+6w!l{qxKUY|4Fqht6{?&m^wc80KZqW5ft0=pL-(#`F% zDSyZCRQb2yaPUNRT^7-%?s$l1ito63BhUJ8E*Tav4O(s9->-RmNxd^o!*ZzFll0AU z(6xy_nlRcF-YUN~xMfy}$dJ4+C@?rEHsq@A!R^}cU{A*@tt6ei&YZUO~t14=7o#K`p9D@Jd5mgfebC{5<^n@5R=uqXxuRO?PY+lJ)W^H$Cg}kb`zqFFtDej~d;0V= zkFM`T)D(xTyU3E*=6WfZlet*!&l{`Y?w*LsId#~Qi8n<^X-V@&x+tl>Uv#z?m;@c7}F3vf3cb6DWBkt^~OeAtH?nCXf z>N*Lu4w?Dr{M9X{4|2^s7Qvv#^f@76xYb;ABakQtQ1#?^he2>;a(2hCi2l_p$MIFG zbo~A+N$dZn$k!kdU?)~J4*dQwg9gCW7Zr2aeOtd`Sa61z_~6io>48S!!qFTjwe3{f zNT)32mW6QMs>|Eu#;peu)%?$cKQdgseRngk$Sn56pyr%al=BT^>;Cq8c}JXTKHfjF zWL`e?II?mfl}TcLAMKR!c^4u)y1eBP(+-yh;@`e~PawQzZmt%O?@k;r+%{foslU!lsPyk`V)e~E z&DBHIYBs(cCOcbe8hh4BNKtHC`ykPnTefrtH#Y3&G>cyNMoCQ5cDgfFdgo^>W{8`L z>e8dyb=s$<9tf|uWGbfDPtN$zNL-p9(G*c+H7$S57P*&1k?(F^( z><|LC?7uO1{>-c-ZMKVC@pme0Mc0pxJc$~k>gP3kimIToXCtTst7Lv#pRn=$mAdD; ztX+x7+)D&r5~jGdTgmaLc*0~t`HB!li3?uw-3@YSS^A{$F+7*xF@e~6Ox3qOR>Kn= zTuDg3%gLYe zhVY_sKi+OTJ<01D9DQBA&2|1!)R~1J*-hIbHY?WEs!1KfVvz;moXBr(3d^JWlDt=Q zqV;8$_Kzh<4u#r;bBb;a1gy`6_0vfSXKxLkk!+f)+cLAAO(L#eH7d5}8P3}ADmScY zEDq?g;rQ}hU^=?o$?w=9S@5-5uo1%H9STrZ?M5G6tf}D&+aZ6C%WZzcS$)!a!0Za_ z!F)>EDihJVeEDP~hyNCO(`&~1M~)no7BrioK@)jZJLuq2>bTptXOgj8QwBpxzRPIm zpY6W;+`2Du_?VQ~M(*a2(bLh@-IRF=)XD|{hG{0%cM87S;uE85J%($23mpe#_TL^Tvev?PW@MwRqQy*~j=cu=ryHc{ zcBbRrc;3DE@p#wZUeqh|BVQ{$UDi{^mN>kRO`#?xBgWX9~pZL>KY@hk#(SFL*Cy!=K zXf+w<)tP=h3+q<4zcS8Nlir-ZOvJ-~t5MMp$FLOLWoYj5Y@>*j^tCZfJxOGIMS7TK zr`PQXv_d_e?sGSAHO92a91s~T z#%jB0H5k!(e5gza3)QVuy^dbco{Zyh?8T~c!LV8LEVrNHXU~?t#Z_j$$o-TqtlbuK zs$sx2JxdO&ZfdhI-^k^W>-ypO*OAn5@4iw8XzhXXs%YdJA7RE-t!4! zl#6q>`lcs`knebc2WGM>LxHQysx_9i>_jgs=U`4-oTLZc!eVMejLdOq`%n2g4n1ye zY8)I^HI5YqGX@ z^DgbKr=ew8&`%s~?pN_$C~j?mALn`eQ-Z8VtZnjIoI~(pY$gIP?$pn>&KTk&;yJ7F}cw{sPV9 z@5?E(YC*zogbv?|-aEGfiFtMA7^Cni@tUD~;>s@@?q4c-#N_3&Du4p1zu@fo9Tax^ zre7uGl1>6iXB)k+#N2r%&*!1!-m(`{9x9Ux!*wqNDlhG+C~@{>_lse~w=1k?@7w|+ z(yjiAxlDcfg@-_t@cWteBn=naglAlaY|SaE?=}a?XQ|sz$uN4L(DKRROn>jIdmkxI zLE1H~!Z1hy@b#EZd%~Tsj~42-H`{$o%J}?$yryqCYMiHJ7+?K8`3dIj!@VR0`IU*z zS8=P5YW3ciO-W8xefokr#G*0y%sJwNJx5{<#@0IKy7f=`)=YM1S!bG7inj};T)%#u z)UdW9WLo7eKaG>=@_f&3P2dZW)A5;u6kZHqxbV{S3j}^`i&Ne!Mkp$=cc{iYm6EM_ z&uzum!3m+&O=4e39bed5pNk8~sJ(qiKPgVUZlmL;_m-cQ|5iaGCpklY{WKh7zkbIi zdG(V&^Yh2bUua&8QJ1ew^;~cOFLV7JDlHR-|L_b#TWPfN-)h3|5NEvWZ6=Cz(U6-w zkn-^x&IxOB~!hsxlPk^NHV^4#}J=;`u44dyfJw(lqiU zGZV(Ebhk%)+2;Jr*s~RLN&hc?pI0+!*B(53*C{nMV1{&Dkb3k?7#*l)sOdtFT5P4K zM-H+|GCRuFjyAs2DT*peo%$livAdf}TWlCI(KXUrQ*goY2m>fvq4k9h^?hO|9Idz> zJ>9e{j`Q>mUqddQWJS7t$TQ3{OIt|IeJEw!7QZhpct#$x;>L&jyv((?^)Gwq6Pv;X;|_jN=5ULsFgIVb zsGJ;y$TBrwTzqaL%DQJQKvLJO9A}i32*ffXA z+S}mXgtIqGrAr-MK_E-dw$b9JcuFBE+1Z^{;xuE-3d zN<~6o>hC9sw|oA{=1|8OA$faeYW;^ZqA7zf9~n}#3PGU}%TR0xY9g0O^`q*xFFdGT zshJZM7oLf^1EXD}3$skvJib7<;PB87*nN%DuMGQ&cW3EGrwT_sWMVyflyFpPnrgyd z&3|=0?@ULYQ{C57Y<^|+dc7OYt09Hgh7hbb)3t@BGq%6_Z}u%Mv^+M?zC$A-3!OSq zgNFqk013){1&Q+vu|?MwAui>V^JqSN77?nkj~HNab~cIwJ)ywNnc^o}oip(TdP|EB zISrH->^^j|UeCR&`y_L&OZtTeRUUI^Uti|9vAAU0nf44g;{Jgx0J1Hth9=sR+8kHa z0Y1G@;b7^~7wj){5}&JCNv!Z_jXfhU@_nY`OAD}p_#G1}f(fIY#ZdcN+fV4KYyUXY zTJkJ$D&tk6(NVoFuFfxwKqld(Db>o{>IK!#K9e%3-sr8($A0ho#~^`Wu@7S6P#x3( zR8|uxy41o9GkjMlMdYjBS<)Q^{a^O(hV$-1W|AJsBze93wo3M?&UBPXNr18%P=sQF zxCv&im4C|z3^Z2&Nbi{U{8OW3h){!nSA4p|K-IGAlNb(dNQ+Ezg}9{)_y6S_B-~C% zS=oQ5LkfQtzR}ZC^s?WkttT1_B7ZIkliZ3eTV4LF-VE!eXf;wy!0QWq@0-Vye9Wrf zhFT~S^fzgyxP z!Y-4i#J_vKFl-ZOjU^~WFNdxSZ`HqgoWfcl=zi!PDviTE^b8c0(TKgGz@O_5inio{ ztb=R+35!@6YWz3JnJ7_wEj=>DPR|faq(goUId($s;+@tc6zO%a3`<7c>+|&dWe)vT zZ#>2-7V}mWH-6m9IFNBKs#3|rYt7$I{>%OS>PqUqo^)s3*5{J^w?6yq4`Mno$@uh$ zq@&0wTGMV_L$j_qDZNkgBc9+lm&lcOQ^cd0RBItACmA^LTpXnH1B#kN_R4|0{519* z6arK+n3pyjxzrgl*CstD&P;mSrW-7dW#A@S2IS{HcIymM^%f%Vm0{_LMYYv~)lQ>WF@s*oFrAWIeu_k6zAn~f@_S;iAL_I|VEYUKG8I!46^x0VT%G* zF=6Td=1ZSY0jRV+XG8fZg=p}%90ao>;6`%5}j!+ebg`Xd5U-Vf}saL0oS1IX*gk$ne0N)vDW=Q|kN8=`5{O8**CV_pCfi zLd^vq%blz1444NSdw1-hGTwFZG;DJ&@Rl`DT4z$rS&8}1z}_qJk!aJACSS-S(K^2R zE*(Y6(Ky`vP_b7JZY&#b`g!YHNw1l3igL(V569tJ(>CeG)n{x#cbsv^bNitcB$ijV z<+ZxGGWExbg~F@xm%_IwxO&59cA%mo8!bV$7_{=;+E`5; zlC*3-Q1SEYlh#JJv3A+H>dxYM_p&F$Wll-K;hh10wE!6c71r&Xu3GJh@|IuUK1%M7 znwsi&s*9AJEl=qxPvq%P@LeMS%<(bGDvP_l>yC#o84OD1Y9@8snoFJ5_KMA`1gotK zz&Z0DDkontz2%%Zvs!+3VKP|0P%DrzYwfX)xvmzMYlP>F;OF(RxB+UjSJx7vV2EMX z+S4Bje<1E}D!D!r5{{fo2_j^izpzU4K5kso=RZ~Ko;>u0#EQ=#u9<0e>t6^k=L8%A z8K)5-n2E(kjOmslRgzi0Mm-0N^i}4#ySM`5bv9N6YgvB+>|;Y>C!FHj@S{c1(bfJhrQK+$~Vu^hBp`MSqmF6{gu#k{MUGwb9~}=@!?MoaK^u zyRb-UqMqs=rYV_!YvKO%CS;24Q)np!4-d=G#_2~BYXNAx$#`$eq<09sva%APp)~bkVS?>$Mt(dRMfgcGo zfv9N)8C5Hvw6t_uNoAQ@nRl;4>r!fe>=fhkO4T$b+ex9MwT^S`PoF|roC1vW4G!u0 z*P7S)A#J;kyG}Vba*VfhwNy6_Lvl|&anf#kYtwSPZM#-_{IbB=txr7*v$>cisVmEP zg|K<%CHt3sDd@(Mvt>SMFuFPIyp^T4gxEj1bO4HWR|EqFg7<2-0-N%HzyHvPpQ%-! zrvCNJ$-13|ccWWw{lO#GsIl(P_%I#%Zmp_`spr%7xJU4Fj~vK{`^gPr-tjN!$yUE9C$fMT9c z&@Rkm{pf}h=@FCu_o-Uh*=S3(sK`TE(9*iFWj%+#^)5G|3bPfzn&vWQW1VQFkaq6? z$g4x?o*gEX=JaD)(nMXhO_?tbZOMUTIq6_r{XIYTdQp#-wGv20tKz*1WV-JkVXigvUDEg5m~X7vI-Ki2{G#EZmngmYu>W?A z+|QAFh2ATUb<8$3UQ5KHN~EQML6l8XtwkeKr;G{xi9tgsT(4Gd`995c`JArJ_mP~S z;Om8lV*L9fW0P5VQ4tXbbeD9^Wg;l`)n-a!Gg&e0x2{3Q%;`h8mcsO6QZ=FSOk)5Q z^@dsAIJK9E{PyT5#`F7&pz6}~4>OFvAqK3=uEeSD@hO4sq-XZ`$5-jgxO!i- zHHBz|mH#Z?NAA7e7M%uB~99g*F zfZM9UR^^oWX&Pp9ZPWCp-oy9R`;L)FhpELvzbKbQRGgRyI|{(gtwdZL=uTJ22SKuW zROKIkz5~m>_aW4DR6u+5H9ilMn9c}=vU`}77=hns{>6zAcEZc^RyPx=3>>s5wZbEi zlB$D4hwOEO0JTD0j#n*b3M6AX7xmWoAP&oTCuXafMdqH)5LS&^vF*ry^!@BNOVdgt zofo!-1&SWqJm${j&WjC|I#y+!l`7G>rkKXknL^c)L*^$vur`*td5*8#BBPW`BF^{= zHZ><1MBPbpwDbEM8Qrw2$P6c6wG#0&J~74d(a;ME@9qvcCH;jfj2%nl@Rrci|4?tQp_d{S z_Q4^>)AM7yg;Jr~w)eRgYwuqX2hmtOx0BMpdJcw%kbni`lXd>Ay%YlIBISU_6o#u; z>)o-$OC`31PRTPTN1gm%A@GXmEK5&ARzh_jKzpP^ti2Q}P<@xb@5vGt2)69!<63q0 zGMvLQuo9k@-r_FO#>B`Cb$kxKPU^v|ingx6OkdJ#0}V^{4lk9@hVGG4@}FXI7^RrJPo&{b z7J*9Lc{If+O6zus$gA^Ksi!1PBJ{;5f|GB3*B83ByCrc>zHwq)dHE>)h`T3GG<(EI zyTJ}*nNWmIfy8HegzSY2?Ys8=0CFkZ6-%k}KfKwaL5rlv^QZZG)`9r1Ri`C~%j`m; zOlBg!v#3AJ(lXN@?wAJS8ugcK&YkwP%+0#q@L=KV6Y*vuUV>6CjWSXUKR0p>OO+Gb z)Q(@r#APLW>F<(voz~t5nnn?w?o)MF^pQ2D0BXDp?{NJa(CWXyD{^W+Z2!Xn26V%} zjU1F?m=Uae*XmGKcPS!@-I%Sp{@tsXz!FeLy2b-F)El=dAF7}aMO8zhCXx}sa5NM) zn(ynk>ohF+8a5sM{rSOXV;OslEp;Ez`VEiw5-ZrL<`88i zH+i%4>hHLkT{DVm*Tbp@LFxuDza7+R>i?9`fakx+oo1A+t{Q*cs!D2H7%vD~5rx98 zX^BpERc-C-xa`L^e>N&0fmXFx#5_Vw(c#fbRk+_4 zE_#$0%Z!;K@_6z3LiNQlzZ-kw6a!5byvnsfX%YyEY8ft`)`tP}RnQetqg7Z`w!UyR za!^+`yHc*VZ*|WZ@hljG?MH{?vg=o+%Rvjug28-FoKJ3My;HpTap84aO`)jbNi6YI zu(WEjonCY*{NSpmFr~EyuXE_R;>IJ}E~R~ydnDqnERwH=PK&0VeVPCK3ev;)x$*fi zPS#7x{~o6wEPy$k|7shq?WbrP%1)a44XAQUd|Jk>@{VXwPL%-IOE^gDokUu2TK=V| z)MKDC9^{Z8ZT{qECC;f8#~a7QLKs!sPbCZ@<>EJDC+R^CA%gvpX3C$oeoexs&!oFh zuHOhojDhb|0+&~kaAIM`Y*-j`Hux#db*d{Wx@`6sG{Mt9bk5RyuA=vHpsV_kT#0ks z+e|XY!>M`qoMU3y4@AKFLvjug?9&nW!JQboul7GQ|8c_g&4^RoH{fhEwjRj9*^DLJ zaQqWGN1$NZg#LrB&uZ+B7F_FST?)K{K)Di^#6_^y}z4dxZyd!v$xV zhT**-j@Nn?dU8*rs~aiKFU`1B>LWCUscS~IN>^CL+v*(a?%vKbYhBekvs7?+a@%vO zx^gXMeZ0+EF3H(XQ*r!gKh+*dd}7w+pxgNb1M?Fqg?l^<33r_oZ0?*o+oDiX3%Kc3i3870q1|hsDzCL}LXn!_ zaNKe&zlokDM<0{?mmn%-1HJCLs1^3N6@JnL9$}_5f|lnR4M;(<_X~s!k7VaBu65jA zoo0i;n&Q;WDt30d^7tw>;SaO}Quy~njyJTWqqUglRA*zB$3w%$zcT3>bIOB3f!<{vYHFDdn z1ajinq^d-1yo_OeJL{}#;C4KZe0xBGYj@j^q&25-yNx;Wn)17EaatL1CKgo<4`w|k z9;V7-(uc2awX+^R{qZ8%zwJsgnSH!^DW+RbsEhs8?K*S+Hg==MpZRvAS!=hex;35m zHB2qy#<%-ba?O*E4w`O48M5=>)zPC^qh&{MR##9XgBC=wc33pL6RIV&YlJX9q zBy=R*=M4y;r9{VT`(qFY2EAC+o$%a!u6@@e{QBfr3B*DJZe9BBA!qpFPYGgVk2wY2 zT^vtOzfkTS%jHJ*JWpHTXG1U?*rhI0SYE8ZmxM*HJE`xiHjU0$ni~zOdN47!4F%2 zSBylZIn~Rllv3JC;IW}X;`-3@xbG0EX+cM$t!}UI)~tsRBVW$8re4R~-+(f((>}uD=VwR$SyU<-gfNO*B7duz;}3S)V7u9W z9Hc5!vGhsiF=C4L&sJnE>*(k_x^Zl)?vWr1>bVf5PG}EO&=AOI@*tx*3MZ-kc07Od zJD@T{(&R<@nIatX3?u0SJa_^EK>HvdNJT|6Ey6OSM~keIrN-O1(nIy9XMMBL*x^Ww zL1z&x1pv$I2huuN@Ct*B@PzDkcUx*Hxohn6=sk@w?ZQ0$qsR*siK7{}59FLT+-+Kc*m zVy?hw?T0!;KbOD(BZP&KWF(0xXd}{`TikNg%Tx|a{2;SG`{2K;Oot5vUx(CEU{&_P zWMo*U&FG0LQj;|vydEJO{bNhdCn-QX;f&MyKgOZ2c%E}+d^e`H_?QN1%QgoD9qF#4 zVKKt38)>P*(KEFDnJ#snaGWA|AVUbILoj?oQ?$W}j2J7lIBpfd+In7KTkD## zPV{yc>K70x!L~x8DMt&9Xp!c{K5(@|CJw#k-lvU+DwJ_^!EPA5t)y4Pdl`doZ=)5XkFt(w>S88CetmkZ^d z?0R~$`=XJua?@cz2Z^Y(cOFkB{-X;jrv;dN@PCa)!H$P`baR~#CV2a4S8n9<4^8b0 z3k%Z=oJ+oD%t=<_#{4>Y08&CAEf)7p5Oei!XWSrp6^n>N)8`REStfhtjg1&81jC2I zcnL6y(t`}ZGaq_Fk2Jr6CB}kFp;YzxaW+$A!q;r^lhu~{ZT9cy--fj=vV^PMURtSb zVebZr2xNX~3j5$&?&P2Bw%LIuGf2@T`6mp{dcLU^qJz^*K z`82aB^^m%sC7|W6DuJO1j}^4Uf@=qePMM4tfSxw(c_Id^x4~@x2lwuTivheQ%7t2e zgfe_tu6W6t%$8mo^ulrvhhKKE@m|#PWZDO%_96}z$(A{c7`Q$O{jvJ#@2c|uwe4I{ zfkzYG8Fl@yaduG3&Eh~04D0d~b!4+2!e$=GcjG1pD%l{nneD)LJ(kfDd+ZDiV=sdv zO=)SEG8gK}Vl;mU;vH17yJ#+Olkq)E$4&tzhU}&c_IOpQu#}tSP*-xn(IZDhr@&6E zaCFEsu4}g_zis(GAB)@0R{2z8}ngHYcljV z62^JDcdd2^rsaJeYsz45n!TH#U-hke4;4){813k_U;atXIO)^sJ| z#zz>3%!@uY0AR9Cxm;jI~+KDmpX^-Ljy#X)8AReri0E&|y5?0aC30r#* zmV9OW#wG*Jvw#@{e&(=J^UJKMm_2tKuV;${YA4%{qn=cVVx zlxJ=PbKY+XgpestXqO=xtVVN@*5&$Qs+FKX>eEp9K-h&h7wZ`*r!;>T5yG#K+H(w` z23UoHLNonYXD)CImjH>?KqOP=E*c1ydx%nE7y#!Y2w~5Fl@PDVUBr8to%)|}fO^hI zlbi`Vc(=%MwZnv!AOck#qsMa1_DHd&|0ru0vWu)BWIqWCd_#4>0<`Uac;o~&y*Z%c_5hS$|M zLuv(H${jxus7ELsk3N{ic$Sijlv)tksAx8TzlERss)`!l08ybvF~qQ`COoz`v`72P zg0Vp`ao{p{k?IG}od`>Yfq|FU+gYrFO@T_8nRP4vNxZnG`9BqfzvnJL76n-^FF1*_ ztjL^F72@9*q6*y4D2n^qFK%1*^s@+OLn-4ZML5A~kV$lPpK^;-_kE_tej+2VX;}`P z&4}d&fXR+I^8PmT)rwPkuvatBTaoDM65+-gF2}^Z|K$-UMbNvPa+)^}0yOS}t$#7$aB!B zR!;&n03Y?;wm=_5FdV}Ec%K00HO#I=X3Q3f8oPn5uNvDvv615=z!j;)iWS@*xs7(j$bmpNs?4>D`&){^?l_oV4%5c z3Q;|Oj+?B!19H-c-54faxY4&ngbQqFMx9$inHC8*d_KCwjYDi6=?<6JXRBJ7iIdKK z%80kYOBaeuDsp!o!?CltoBa*|e-Xr0GvG1C${z0g6T$1xfnS&2$M8v)f*pce`Nm$< z!mZf=wVu6$BgNvI5r4!NE3NTO=Yg6L4_4jV&!!;r8fEkCW#9Y2=5t|xT!MJUKFf&j zfm_Y(qK-FSR3@0OyNt~*=@AyK{VUk8j}MmDUYDN;y{d}@GZw)TACoNQ{w&j922*w4 zakv{5#xv%!{uNL4J5nAs7UigjWWXTedTHG&z zr$w^S(>Eq+tTxU?5MjVVL1jC^(D9VF0M2n7V6Fvpu_U0zfMFpY{Sk^FrWpr_xoEbxwer?wHnRR@#n_;Ykxrkl00-M0(Y^C}~K58TGG-x`IP z>K#kbUG_AU5pB6JaWUWEpLP9prj8=d%%70>?39jUKN|O5^m@xy5%~lu;(jcK2_{Ye6LESaL7xva?_Zv2hQ&y5o^H|DZjNO|DobkMm`;U; z0k{i+SqzaWO){cFxAYriTpVvWG-I_SC%5`g%X@xh{l{d%kguNB+BQ<~Qcq9b^C)bPeJ>cX4F%;>l1WWl+PfN* zjJ^Oe1i0nob!ia9Mkhom6GmZK>9Nmt9^{1P*+Q6Q7k$Ff1mx912Fya_qX2#iL3iUw z3=I%;VW_JO`yr@Du*+`>KcPd$ftoLy2{Q}8wKekC>wF-?p45*m?N9X>q-ipQi)8`e zupwvv8$JU9Qj8+hHGDdV_aR&V#6lr&-!K6V8g##ELn1ggMQ9No} z&QavTJ{WwW3@iXWuv_AfD$aXdO0XkI3VGr%Y?ibw=flZ{dsA!Au828EJ2n9xyZZfX$~9ylfxxk&egrH3OWwoH5jcv%nTeaS(`r1B5U}j`w1& zT;6Gt4UeC7C9RgOqfqYUa^kyx^YYgs;G{MLtP6-d&~n({^ta`3Cpa6Pf>seE4W+GB z4v@4sXiZ-EMez#vjM4ZR%LB>stiq`6p$i>S`Pi^{h0?(o^N~PcgQzIP)eq5Yut--P zA-)JfQSB(9*s5g#=2(1IqD4y1w1)?6^W)Hu8nG|-N@b&xDtEfr_>R}^$A zZBhMAa^>gMYcKJEW305o0(72JC@TE$%c>)Kw2{-i)@PzKk_1{FFJV{J-t1Fu;=_4* z63@7J>4}pkzBH{gZSn3RiZ8aw3txIp$rG4pf8_~qB?=%yw(i1sR9b=-uidVLScOa( zQfj7ZS}hE9X~{jM^-p-+0Sg)b7sWFC54jIh3|6j0BVzZ=x7`>`;4+d#*$CAJv`FvR zRp_go!MU&@^dUDW5{mGo2RV!?cl9}C*yyL8zH8_8c_e0rQ5vbl6&;>V7vneg&tDyR zQ&}=rxaRh>{u(GyKRlrYn)+uz{_TIBraqZs_LZm9|4)~A;AW~2Mqx4+S8>d=cJR>L z(hwBDPY5mav@@DOtVyQi|E81*0L<5ieksYT&k?E0fkfdO>rFPnoFtLmYPE(7kC%<- zO->5ZoQD#a6~RGz*Cp)=ty>Cq$_&i;5*SdZa7tR0$- zV7(F!pYC!KmAF6Q0=LA=V45fY>O$_G2j4DXSRx|6c9oI~k`nQyy0nL@eb=vF5eZlM zW6%N5z?=8olt42gI4MZQT~r3Dk6#>J70&Zu>?T=-^CJ`~tNZ=P_`W0)L(5-yozHiNcgz_B=Lk zL$0)}Py@o759WUawnIzwF9iDBgyN|U0o7RQ5k#W-n0c<9p*li`Oo8;H)H(6Aciu+f zYXs|Yc|f4--U+uo;%!Khr&k@D#GA|d@YfU=?!N?e0dBzk;4>6~;eJNcSiw8ca-%6F zWx`SAgNJDlkB_0XvNoyD22AQ~F>s>eb4 zFau2Qb9)LLsRByro(ZtneqkbYj>QHo3&Iw;(X-mtF&yk+a;TDRvVqeBz9%~n`ar%G zWxn$Safn_j1&SPp@_&Yq`CMle^su~rtHGf6sNNH1RHcGk3kKJaAu2qQ75`79ltRM6 zP$o5Y{_*rzmMDOh9a6;jUX@>1DOxcrZ;hRN2`Wp!;$&yvrKb8_@uDqUTT*DheoPL` zWiF7sEZI0=<#%B@6P4CW7f@@@u>uT-5{2QotnnV0f~=i1P{t^=MbF}%0ibzX5|@36 z;KRaj0t>=~u&l#Ub$lN8fh1m82$GYoSPhHC?`L6CZfFbp{Qz{Z7SKK zhLX2oqoEj90sXktqmKWa?H$+vhKmmY_j&eJ!`7lo1ET*PjU=T4KyFTmum`fP1}TK;vn)e{_xgYM z>1$jRB>xT~ZR6L6AtEL9#Nvd^F+qPt>!bv0{@ExxEDl{V+@cC;;Vci#(8_ndCuiP+l>iPc9Af=RLv#t$x= zkaaj|_xsq@KS1Pw7g7ci*W46ZKaT*l*x+EL!gHKb7!I*W85<(U1L1RsFbz1;6m&B5 z%R`)Zm4o^Du2H5B^bD|B1wykBAB#a9aQwk%?pcZyTR~KSw<`qDeL_-;)2u4v#=*AZ z5cb8eW)SP!Sqa5HfkgB7PcUBF!%uH* zsWy;Uj5~jHX|DiE{1fwXb7oEttd02cHtc;Io(rok>u*y~`Y+P}rgaLA`S6yU8UG5C z4KQ^DAZ4S8i{`#{2%EUGWVG^=Ck`ASwJ!Y#w$ zxP21&N?&nJq5F$ufSO9#=(29Udap)nVDRm(eQ0eVjkL(|s4q&qbo*!$HatH&Y9xOu zhjwYog~?_vpVsih3zfs zXrJlG{Bw! zPx6~tmd7|0#!r%Rl{z>g3&H6Zu_I-ES2S0c|+e^EVgkMF^P z!H4^bF-+KWv;ZaG@S~aNPkqF`v(~R4jftz|`hW5J;9a!NAdFMG zZj?7`@Gp$|%@%OI!anJ*rH}1!2<4wbV7I&HTkWM~YkJ@ij|{LY3~bPtrABSRR_SV{Re zv(-+?9Q-N-DH7jiTVB-kmSE1 zj{o&k&~1NA_ir+OTF~qm1z^uRr0u@ad`N#ap1OBKKtILEsLf;j3iJ=8I93b@v9U>I zJYH-Ft04kNbf+#E?>_e)kr3UR@Nu$AqiNkA|PJnKeI0EF_Xd46H0o;1nvn&G6l47em z2;u+tEA*VccLPpCj>Deo&I~*T;2b@D7fc`4oJR6pU%7GSV1Gsm9p&D-jZQiHKHdYi zAMJla%?BF*7=q!qRNt#Up;lG$(6ELFkJj!jY{3wX&?zX)8?ir}!d&QKyebS^>~X9p zx-eMM)UCWA%j2z;M9FnxRD242;Dij5%?Gd@pGQp;ORRAGt;5cJ1RG9dmfrHuYtR-R z7^-GfniZ{+!$i%B-`TRFcTlA804;1*BxyPr*Kui?5zrK1O}A$~-`}Fbz6zis-xL18 zG=MTj;7A9De>EIyanQ;NRiIs|wuT9v5xI(wGA(M-34u3Nia3lEo9tVUVHcl5&i6-BJe;N=ppT>aFAM)8yiV1-UR4>4z*7;!iSc@J6xmfG?Jb_5I*~+lif2E&^OgLYO9El zH0|zR;m2Y7&02^>nv=-$#K9JHzRB5S%Vncer3MWtThT?Jc6WqK{yyGFc=(v%-;@OB z8@C$#2bT^Gl`rin;4lz1LU!Pa@C>xtn%~M-6S{Ffkf7Bb6T{`L#JDM8 zwsf#r3&KLq*8W{T;AuRRi~*U(B+yO(ZmPi`-v20c$&fh~4})X8(MShnSSLk$8|f4b zyDn<&Eu4Um7z*mfd|g_;d1`YS*9t%<8&b!w9>m1o@!>VYsT01<-&9D)-^R%Ig@&_) z_gE9ewJha#+=kx7(NAH69KYlBo!HA+)1fbK+%c7z7Q#g-xn+Bl)5%l~#GG^7RzNC@ zFI2kB5N7{p)TD(}g>&!|z@z}dU|k=>ja~H{_s{#|-$>-)5N$Q=UL)|du_EISiE^^! z^9Vz|47`uBP2EAY=NpFo;S5F}n6hwulp;hJPWK=uyaLZhg6OXDtjif>Oj}a{VX=N2ssOn)!gx3JiXA&?nMLVzA}Why#61)ByM=HYBm zU8GBzYTZc*Ql-@Q<-Wsu*z47lOWqnXW?atw=+7TSdWDoHk?bgE+ZzKomqbz} zQ>G&0-4g|^(67A)3!`fNt`JvM=@;n9w(Qm~e`pRRM)f=kfA#7z&%lP=PjQ8d9Bf6= zhc(E4!OXp{3Q&YNR&7TwsYgs#rrUtX$fr5vu$equ6C7DY;(@l%*{k{udomxuo~B{{ zNeoXNOd$O6ZZ_-}(y|d8>dW8p?R9C2Is>P0;Yqc2@Y5f(Xn#sxW|JpkYGfIQ)YIhLscsvJ%!h?;@fp`W^C!E`Cwg#CU++e=G@(6$^4w8}8fJnlG6q&3hY1Td5QS zWFlfQ%u?@H!V+p;&do&b_xoG^pHL^9SIHNjogy@*ndqDW20rE%-o$T5e zK5h}!W9&0%honc*ol%*5zKXVV&G|&VZ&wDQ@Ele3@(rnVDq8K$Zm0pv$OB>)sAtYs z#xnrSyWAA0@OM)c2@^vF9rq{?ea6`okcj>m#5jOoM>4kL;%Q_dO+hpy*)=F8JaZPp ztS@R2qK4r-)St#=_B*r=oWc|Kh3UXsMB_A}LJ6Lfjt*uYp-dF>&3!)ykm^&@yOe?T z3a0sM*l1$dsNe*(<6@L8n(r03b}GY8Rtp+KyR$3h&(rK{MXEQ+KCQk5`^AycV&nTF z4jGSm@xkOg^CP#b;bB>EaGf z&m0)FNC$}DrEY|Kjy^a%=%b@6tI54c8-5_m(vO)|iYloJrX_Wy8cIKV_6*fFFJ?by zvdbtUQa*T-a_I}6&~`-uBQtYd&zl^fnnR20iz9Q--BG`Oix%#!jKV4zOXD ztIlS6-)pMUz(}<*rp>duPor-29a~C?%#YBicLGl2RIOdTCl_|OjI#TzpRT=UxeE0N zSl@I9iiO2hj>??* zh&l6PdoMM1cK_ICj}4RU`xHJG)aoGYL|HZFKJ%tvpudgfE9^9bp&*oqmY18B_5BKal>uh!^R%`En`E-d55GIWr!^*CL_rfNwQs~Oo z>5Df_m0vu0@@XeU!Lf7V6^p)kL}O1T*?>_4ms2Uc+z+* zRTbKFzVC8COdUr_jEa z=G6QDiZPrM+}AIMmO+b5L5jJ&lYQyxpQt6Om#FnNA;{WDM=sH%%q-!UmMs_73e-PP z?23TQ!UkR$|B)tU_FRV&*G9SecZV_5Vp-LsuuA4}-xcf`m(0!#5sThf;z>+cTeM=p zlnBOHt(b(Hn|pJ&WMpExKH*|y@00rsZ(W;AxA-i*ZZUMSw1l!}S4bTvqNJT@j3(v$ z(Kp*V8Fnh+_KLf$tz)@zypRI1F}0Y7MqTg)mb`a&O~!wnR?l*~Qkg!rq9(!Z?!1dy z5n0=`-n}7JE5&4>>AHAgm1VbQBT@mh1O;%j%Z9))X~J4Iia=evrp zRRvypZQ?nK0TjYNs)sA?6g09V|9n zF+_%~>(s1yzPdNSE4M+~e)dP+Lvzvots9h=XRUWPHim~krSuGK659?|UbVd`Zu;vi zdVdL9j02u?@&3g7h1KgRTpzbI#S3j5Et`&dwaR14u34mRshMry<>i%c*MOa- zT^)Zx$nhGr&H9s;1&{aABGW_FC0_f|Dl}n9a(f2*mY(hk+p2R++L{q=JH9>kiwTdk zMqbhUxX@*r%du^b_G)`iWx2*bL6LnUBW1JOMQLrV?WMR9bI7Z^EBa+HSRpD`Bajag zg{lnhuc_d051TL&{#m#<&AU#c8&&?^#C62|XT$mDGe6BHzX^$$bbb&F@VLz^;TBm~ zDX#0iu{OqkE=3VCI5wI{XtCnVVY7Mwg}%m?If^diaAD==KAedx$Lk7O48Pw7d>L0v z1rF9x{1~p#O=$3og=jFd!rKwCiaZv8PryT&CnnWsoXQQU2?{a8aFz^lG$=IK_qMoD z;II^x-Xk$-3I@xz=ExB4vJwc3l{=Zwvb_r`108hm4p@>dFY z@0PpFMolHSzQ*uLSm`o>)5lit@eLXdBhNeddgN8QCDxork8ku=N6_eYvsnhCMP>J2 zk`r}Hz1h_6)i#QvD6dN0*K%n00Bre)FX1r)T;A{=qR3Bt)n|#!<+Je2PhD4ChlYO) z{2!O2CfwbwbPPNdd2gSr<-4-r6-CfNxN#xcMrq^RcPkPMNavqC!Z7}yF!TFIiio~k zLx1qFK0khn^#UfgoDST{Gv0LTfEoCi2E((req0G$WM;Ta1oaaOCnRw;h&xnPEm49#e9q)47i(|Gl z64tSUo(n_As(aIK4108Q@;?{%>VL2{Yd}InkrQxcCBxWa;k<}R(6GJe{`*|EiO2w-I_i_a^hKopt6&EJsd+w5W?(>Q_U zg~QuT{n?zI3l&ZrvSI!bn(PFw;{=Qk5$&7?*n*zgcZTOl1JtVyaY9ddeSKusvABWd^ zd5pQ_bgD*Km`C-UWbqNbeV11#Q`FDu)|{7VMVG3lirq~Ha`e`|+!@nbc;WZUkEAzx ze}|!kIF^p)jP~{3Aq{>J2@F+fo%#Q!(yvGZ;Msu z(zPmIdMwRNsSj6Ie3}h>Aw<*s;`Es8kCF1dXXl?)WY1(6Xl^f2T+5*DUwkZk%xg2N zdwYGBeI(~rvIL*&B%}EQZRy=!T_%;exc2ThCadmACVTaSiZ9ua#ULiNgDcp0K+eMp z|4fZ*pdA-u0_Lu_PrL{72+jH~sjyc>bq%!+&cYtt1SOm_iv~f;BX>9VXAE3j!8a!O z3+=RqnBvGom+$JDPWu&i2VTU5v*%5P8RV<%Y1&3Sc|28qa+aFSRRK4vmEqg9H%gQB za5>grTtN2eMRFR-^Fk^#9+q3jb;35#zi^|u`O$BGg{PBhXInBiq#phbNjg~F3%EGV z7jM6pG<_xVaN?;R2!lktAE>u7Q-b-#MyLSbZ@h50v-a#Ae1xEVUB2b3Y9KuAD?9i8 z^@rzfmPy|f9RijlF4c#qJDi;MGvqtomVS5;M&{k|CI#Q0M9)>+*L z>V&G3+F|;6&i>alv+g?3t_;vrw;v4}64?lSKEtn=)n7DTkRuUkKhZe-p}{#sf^!#l zExJCzt$9+?bi~(I{?)qm>ePT}zn0O8_6T?6%OZ=PbV}B{AO~aN6OVuGz3>rKn=@MS zk*REMKhz10ETXlrG%|3~4Rl#G2m{2|R>M0svZ}VWSf0mm6qq%0*)fMs=g~-z2iJHL z{DPkI>LzHosu-S{dGW`7UF?6M-aDeU&Y0X7A&tXp(3kI_mLsdqcUh8H)&fhxOy7H> zT(0o;WNMLj6XuGykTGWe0+`cn?c+)Ka$>zrZ37u>f7FSy%XR14ozVx2mm+lwuQMCtB4Sv1XYWIe%+;E;X%cl8;TE0h1 ziTaiI=_nJEH1bK#wW#k$1Bf_4IP>*~OY(#?=R~<}Rk&BqMl_c6arqhkkQoQ>vF@t; zpXHkNP1XW>CsD&rZE?JJws3ZbwT;{~dvf{`_jN53vWsr?X2057FfFUN>RBnATD)iE zy`>p%IdH??!2uuD|3J3vB$gT?Mn zNG&C)?d-x~IdqscswLYcCuQL@-UO~b0ev{(?n8y}FQ>z`>2A{^?E+$E!x=?@=7xU@ zJ%WkIlXL7&9y1Nou{U`+<~fg29ZPvwlT0{{%Ns&1&PFxh)bS`>*U~<#|atJ89uHxklVOcdDRQ!6A*2WZ582uXc`;>f3N`=9dJq*U2B0)hl&uMz(HQ!ad_mJUrL;*9-(kI2E2MY~>U! zSZ$U}XZyB74hJ58 zwqcp>yyhL{tlf?NZp(=xZ9{InV6WZUUbr*t3gsn7KM&#k0+NwF+b^${QROTXZAZO- zcJs4qq|!pY+)>!>8TKOnwZy*eh@smN4Z<|>j@kByE_=D=k=L%tV*EMli*n3IIf4mgwJ~Ukl)+A&c@D zj)R|O^*#3u`^}*4{0eP(iL?pr0Lc_r zap}yrp^|gLMQc5M{yBt4A0~Je$rlY(=@U_jzSV9ioakTfG+iRj^?O;AVV7Yux1o!t zPAF~BD^@bZzI17+%1Q3&f=AvA zVaHl`w#@v@raiaL#@PFZIh^|WlIM1ej&8a&^e(TzdbFA&U_GocoFJ&UU&J3!>Tq9X zIB)Zv3V0k}Uo4u_D{g9vdrz*>?(r)xzy!1S0d93?C^2++wPy8XmMvG3A-V3}26U8ZHdV@S^~Lq6CKP=dYiy5on1 z73pBzV=eW%;x~mnM+CXeG zbym#C21_Obu5^^UCqS{z+1+cSm$bb)-!519Gq(SVSHEC4c&Y1Dn?9=8>d5$9r<4C( zDb1jyc+V;8O=?d^#p2ex=9ly?m){$#&kb?UQCn(%7cGM>M^r6Qp4MTgJnX?1OD!FQ z!4jsom}UkI%v+N(%aGK1ZK&d>`;TIN9M%>GD7p#B;`(w_-s#RYvyv3s2qxErXWn+3 zcNY|&Nu&vzP$t$IqO}^N4?it4#17Mbm7a$+)z~S7C~&CGxJ`P2QuWxw;cRbVuJhomaY@Z+Ctr>=d&n&y90K zL-N&GY9RvS0g)1CMAdV=#M%M!|Mg4$opT(jjcY(kwtu^D!=hKM+*_UVixDfy1%t9Z zk#=2Q+o3|u99i?3qWita)2`<|eETk0DX?xsNy;(YSFII!)6#nH zxyAGOxiL;|Cl8%s>tQXc)E)k*et}^ceqC~p{KV1teS>`obiwUn>g5aKC_j(l#POb= z#o7MbK(UKr&jT&2R}!YdKE*yj5^gg2jdbz@cdcS-sDghp?}hW_;_BeN=JE2=#F>4i zbgQ+ZuMYcKMOKwG72DO6=*hr(c8X*tdMc;0p4)eR!n_KKMt`bZlS+a5Q~vl{75I)F;7? zU4w4L38c4=0s5xjjtL5)`R>K?n3Cc8!oNdrQLr-(iibe)+cx| zlCf!of@@*f_GI1XekTFjK4oh6pZ8s7o|iDLYgoOw)N5nJKu1Sszuv54K9Fv3wY#CM zS|_twue=`$!@KLB&%Dae>bBpGqLTUeqF-fmrgt(Y>;Bq?#Lu>M$}f8T#kLtacg95+ zOxi2d)^c3DvtBvE^`ffrf=tAN+mbJ?-`h(p8FVga{`KJTo?e#I`yMHS^1_}en$#T2 zNP(g&m#Z_5%{6W!1}K_X379RCF2~ZnO2$W8mZhyx{HIPs~Tg zOIQR#tm*#R|Lb({6W-h3_0;#9s7|(R`U;(FAjsAVsQ)Wc*l_^dn1Y40fSmgEc-^&{ zdE{I;m$F}@u4*U2c-ZvgD<}#;8R+ukNZP!fQt;G;=o|MR%~idI@l|cYdy#Ac3w?}$ zQg*(3qxq<7k3rt6ySX_?xol;!{Mxq5w~RfqwKc`){z~F2p7O!eLU6w|-;@`vz>t0T z-j%F;l&W*^p6Z;}oW;i1&UBNFs=G}_CB|7exVU;*j+@sr0#HBjlz4=-HC-E<%)Jy^lST{QvB+~FIy-0tXinBXPU9mL>ael;J?pFt&H5d$T1EU5C%US0vTnXI zuBvaZm0K(R*?+Fka=MX8J;RyP)ppTNr^0SYro{G(`=jypdYX&*UUPAqbKl$@T{ZbL zhem(SnR$S=C)LOHnrGSrBQM$&Dv%49)wVdoZHGFVP{EKSFct*IUmo0v6{2H90Vsx^ zYU#gq5_ECF-5e4xL@ujpVwyqckg?(S_x-&v^-B(D&mf2hmGDqeL3LCICu>yQ_vdK< z@d~2$sU>W~2~gCDQYlITejiTfhWkvzJu*X7^u$BA2jM1?*T|J&FYW2&fDeT-Dz5cX z&ZQV1EvMxbTM8vqGKQW{#AQ9U&}$L@sR)I(RoxYf?ocp1|B+SxYOr0S(4EkzzgI4Z ziff~&H0NtUThTPD#6li5mu}@IE`A7Jw6Ev!MyLrX+_l_C7V{R!{CHMuzw|#0p}eF; zY+?9d%`NGj==M&5+o_dr+te4eBGogNH$Rso%yf$r8tw0_g^2F{;tPw4(psE2X2cb` zrLE7ram9ieQa8nrf`o)byKZ!e`A7;z%#Eql(6;esWX4Hn0+=YnJFAd*k9NfXn6L)< z&dw>`JVTST?^6t~zK5H%-uV5Ii{!dG*->EPkpgYX5vwa7H6%Ro^?Z9wP@Db183D@)LS!s$Ik#Pk{F2To*U}EUbSmc7Axc_3s==} zyH%5;y4cK_S(uDgsk72e?%hi*^!Vjf88(@hR3CUuirb^~?sXXjC6)4ffp$hlMo%*@ zq_y!~gnq1lw;)zLtH=9lO@Uj>Pq$+&3<1Gk3!8LH3jwRKpP4JcXd7{a`}yH0D5&O5 z>(~I*+eU^U0*vqqh>8@Mj2_b_dnr#VMOLtnzL(8B87_5dF%a+@g z^86)(>SzKq|BL$ow*Bt(OK$-X7AWBJ?X+DevhU)cMfZh3Z}u)eG~$FYCOGg0?%qh^t*5A_s2)`)d zwi+>tpWtNFRJxw-+Y>N!17ekIu~6hX*Z-MjZioAn0Pe#GBA(n*`~!&k1l@HpP*g5R zHrY#C9S@hR3C5lzL?M$qGk`4&s0q=fq3ZyIKD||ZZCfiksV~69ai`pQQ1SmTrMD>T z0$@I!D}(+;)o{M*G2ST>upUhblxU8JD`NRLt_f>oWG-O)DpSzNKK{4i)2RWKbA22! z%BJZnqtPT6$^Pi_=XkYe5*J-vkN?`1ex+Ua{NN>SYx!EhB>fA?6rGZ2C)eEHr+6f( zpU6o2>PUxK%7y5{X3<_-+u)pWlg*ix2MkuB*S0mn8Q}LkmQ0!1czmD@9L2(xfvY^> z%zsTdQS#Fqm~hZymhp4ln4}UhDcuxukh+gS%M0eym$9T1U`*m4} zB*F0e?t1CBpQ*I?OB<1Xt5%zHs1ENcUOF+Qe(s$<>RQ89DjZ%yTwcW5_Pe)2OC=qdzp9FbCUMdguS^61Lj1n6$oXBRu;$V zmk+ccHI&%mr`MQ%RDIjJt}qh-S&Q22gkJh3Q-D=oL)--8o>(>7PCA%|<$IS8Q5t&b%N*n(#eW>{kvjevbGekN&22A5*ZN z!whDElRa1^{xUFr_-9cc6hnF5HtelsYly%lMjF1&*5RbnR?MoGQUI9JZUZmTZ^-9KCCG($!kQ{%@m4UF==FJ1Ff zEE1v9&5hCPhS$8-RI$zC8+ z@!l;4r59-C>mRN-|AR-BBes`>4F65Au)uVQBR#(~-RL#s8;S_vM^5f%B$5`#IqLHk zJcnTB{q=gr1m2R)Pof6jl%?|>JumLVS+Qj#egO`AX+vi7yIgPhvM z0BnaTgy8PrxRrKTJ7uu<_%1OH`tGUOV@ZF5n4q)-t)Dade_Wz5-nD@3#-wyAOMB|>0`5g0Q%<#osGIhb95k!w>*j?g~Pa%RBReVtit zqW>`2i4}aZ{`_U5^1g52W(&qk&Ls>1?49LiMuswM58Rs?3-I%Q;Q&5fj2PQC$X&iW zMUTJbAl)GFay7UPb~4`-JE{sG5*R$~d@ItD|2J{rfPdyB$|j84o<$G) zCOs~wdX|Z{&IpvQ1$Q9qMNzp6cVo>M5;SLgjgRfsT zdt?QBlSH3)qu;L^DT3EH4pl}$oYw_I(Qs_>kAnk51KADr;U=Xjv2a=?Rdu>>klISz zL^g<-%Gly{*l1zmUuzuF!tN%YB;ag{E1(E^c=)`3*6_Np@6rpJAH-H_BSb}|?+iZ521Kei>p<7Cu$=yVigURI{XoYp z4AD|$dB4X)2~VlTxr2P@T^rzJc3d**S(mBc!~=eC=I=x2+X3u2M;zGG{Xy@2ECG;w z-;>aO+Aac#wg#{K6~i;wei*6+NpO{ErI!g3th`y^)Sz>?{nZ_2PA__!P=zYsFNk=u zop^EtyXTm$c$fO)=U&?TleI0>FQ77!M1n?)Yz>QY5r?gfxlX**7s<(o?CH-!qA~fM zOZl^B5O%po0=S~MmHLj#({vr#7ABs#zV{)2*(_ZHhUkAem=VYX1G&?}u-*1c>holhz|Q=zSzF!plaH z1i{F5O%{&F$DiqvDapJp9gn|-J+O%WHdzg}I2+(|5?xo`o@$;_nni$yhyt>uqyK@5Z_`nmnc^bUn z(KeXd`HLrs1}}q^FnrfT<*nciTH$7GW-)CUn)@G87C6jmT+xCw=iz2kOu92KfT>M5dNkxa7zupw#mscl* z-;9Gr3`5S--+sIE*<&T)@>WLfe}o#dO)V~bK^4+5)Mwm7hBqG(?)<@1+Q2wIs+E;bRV&?jLB?>C6q@EIyLU+N zSP?o4nfWO2v3+2W_O-c`v&mBvnxAx&GG|VxKqGN@Pmbj4X9NkAb!)PDOtb5b=D$jR zm{!Ef?LkIlWwFskRW%tVVT!}cjsB8Cfp}dH#KK)=poCU?XHuqOGx$gG_+Jbfb@RRd zg71^kZUKX50Y|F=Ef(G0XXeN=-s(j=%}%?h|8(6CDkL3a;1VjEO_6;6SK*Mq3A9we zbazSa*b#x>I3f@^!&$hzD^SgsUMfxkR1!u@D~lv2y~vQ__Y(gT9T>w2M|=n;$rn%N z0M)uM6R4~!p-*D$LTT|~0?ZY{VTsh#;=?t~;FGKppqqq;-)ev0NZU##AB-JX*WImn zuDe|lq`%V36bBml=uc)VwHq>i4L3Cz*0x79IGgzH>DUxd{hJy}wMIuIC&~ZRZ$$$i z4ne-_4<#MJr^}f!wBhR28Y}FSlQ4%uW94rD5Q`o4I0Q;Bo=paa1Z9;AX2mO?+)ml) zVX>j!&-Glo4};fNYrwzf(TNL~)s6M25bm5eIjC<91^HXeLg%$ihV{N@TbleJK=)od z*3chq+bK{J6`Bk-Ob^lPsbLDRi>9h{P^qGnnhG?TITkwc3Q$GV@PYIC|2*V1OppL7 zP*R462VeEf6QVUJUst^4Wc`&{8u`v(2a_Qn?$qubd$UK94X{Vvoj40!nYf}DZXrx_^Gc&ZFPki;Z9;r--xnA=;!8VxMNVW80O$6JTVZJX}h23Qjb?F_1XNXW-;FO`gcjLoP;LGkZ zwka<8b%bC@Axxh5ou{ENd<+VFn8s(J6#6|#$|7hSf_UdyflSl&V zNbgia;hj>(_JrOM@3J!bKbke65uw1Y41BNlX}#Tk9r!Yx{I^*?BDUr1 zqW4~#e13C*=HW{?+U@Bmi>#I+@~LS1)0m1gVgm`4)#{}%Br4^d2yrJ~rOAF^sg(2| z9a%E`)dr1iqX&z2UD21`x0$nH+4BS}rUGUT@2q-Fp>K20tiHLxwBMyK4u2TBrt)vb z$!}a_HpNybHfitYUz)7vI3+0w17moQB%6_3_jr2~hQlJ)IAc6_3a!K`Y$xYf?_0~- z>SS}?J|NLaItnx~_K)^#EwyX=@8oBWsce0+ zPG#llUAlSXQjy(_P%>Jdn$O3As4+nh;4VUMSr8l-#R;;P=lXOvMa*?SD`hPwJMX&j zD#RQ7Dlo(n?=Go{v2v=CnzV#D9kU51^JyKD zXbs0UZflK!gcOsqIjzCJ$Fm>2gu8UeFsmKdXgwg_seP5zM2=*FNgh(B3y?m6>9dP~ zrCIgHaA7kMB3K%PSX($v0AskCK3jr}0h01WnE8v^EbxdCOdhBDP6TzsGpHNh@gO#e zrSdgUsVM@$vFSm(^2j(ZUySR6jC$SK9x67Jg?g>7J{_d}f+N619e{`PRu7R!d zdp4_v-!~NmWV7=A$^(VKuWcYpv+_LP<3vwW(0R-S>Pv>$71$HK%?T*2?;0CI7n{#u zg+qkDym`Dp6h~CQh9$EY=L$_0JEQekx~K1)&nYs3tqTjBpH{(h>>}UsQRgb9O!u(h z^Xc-e+>O=}bLe_mJx5a4Rfm-5A@h%*w@ZTFZXLo?mH|ZERzseDQi|j>PMu8iDUb)V zp`wDHLzVaE(PglKY7d0MKk^b;W-F-fWtW#T*9z?0KT(1M^xjP*6jTw*VK~=zn6B_? z_p1rr37TvBqY&g`pl60T5ucr~GC5NgRld5N7_ef&14kC9O=EPRh~smul~)ifs=eNn zrQ51q*PHdW&Ah+;W6`w=PhcyvEb%&7)z$SbfeLIv#E{J9i>VFZ8MeCaG<0)QsHX_Z9{yE z!|{-Uf`=UF=7#f7rM%6LIs~&pNW{%sdlBO-oUdvu_@}7juRN_n$EYOHbrmU#} zt~s@%kX*#x+Yd=##u_ID^uF_qxxL7F;{xn~#s=Yyddr0N_-G_+x~JB7kvbvp7l9zP%Hyb2mfM zf5s4}v!VN3T|1`q)4S`3NOv4 z=Ej}C)BuulCHZ!;@zmD$9ZQqw;SAx0KbNrwaEn>nC>wge6HirmK7NU!J2X+fozRJBecu5Sm ze^+t1qUSCObY0}ePZR1euTv1YWbobck1oc$;l~rWY;ZaQ8$AH0s8-42QV0llDiK#8 zr7&=X@i~3$8MuGIatxfj(z1o+wQR$wMC-8nnlxYHV&CsTks9iH|2`Zhq30oBPP+Tz zTUc6u!fLWf+5ft+kgF|>K# zu8^FJ!I*zf+UtwVQ<-FLvHwWU2h)UK=^@sWGtC43aSr^9bVzJ*@pEx5Amf+YQdqwE0) zcz76d10nyG^DL7bz7^sk!E%-F1hy(Uk^$%H=_mSiCnmrieDe)-R>6TWbcTk8`FzG1 z5b&1G%>+S&j>I!4kefM1sdSYd>IH$>a>a)SoJ~0d9Nf0OCwiv@c1G`SvZEo?p2cKR zo})cE<2SvX>Mu@pAC9V@#gdD-&K32SGJXm#2~g|R^0a(HS8kHr?1 zxwX#fmnD`@wjRxecDpjh$~!jfoc(t&!3o<~^PRA5cbe+9yC5`sHZ@nF|A_*+PSHAJp)-y$lyph2j^HDyURDkM$jpuQ@tWESSvCon}h|s{q>8ttnuD{?{zXBYTY3 zvrD3!x47Y*kOM^0zraOkWV|47vjghqihGs_s~(ApLbt#=pdA|xL(ZG8q2d~2koe+a z@4jWK6T0)l*g3KU(62NkH@*zQgt4tOS+!WSXaubIWM zA?qg(B;zLZhjEV(`<%mW{P&NX5qTAbtl=T9s|ubd(~S2XU#)3Cqz*)`^y=B!hK6@Z z9mXeg>e54}Cz7$zr=jKS2~x>toi=8%6{w|yf*fAmp8rqtkrV1FE#p0{C#F2|@U=Hp zWUaXdGGnkyir@y`>SCk@3g-d>6ajMI1P|!{^_igSMsj)?__z_W{l|+0AOlTjIk{zP zl96Yt0tjXwSkreT_HSpbi~+6rtXC(i+A9FUYgwI$ou^6y2_H^Njv68H=lE|}s{JTh z07~!#z-g|sg}MewLfg;1?E4!hON)P+4H!0ESSlNe2&8EL|3dOZP&7;>t+oS}#OMfL z4gdF(ZKIgV@^yuT$PzdWrp{)Vl!g3yvhIy%(HpgTa@l-YpT+8uG$ag8X#cE#+t=7> zVN8&Twz2!V{e17c8RRQ2kZ=KZ{sH== zDud=jSE+-XofujZgGu{oJLX}c4e}ziw7)XZ;h@=By~KPFO9QYwt8&*FFXDI7xud2T zcD#LJ{4FracXK6Ea-wsBf@9KcJ11AymUWgZc&#Wy-~}0ATL?=nNvq4I7jwL7<{Uj%oFKEX9 zZP<6pE+0ue;F_}e6vyuu#jC6KcQeN)Q6jFUCk~lDyfYL)s_Iv8%0w*?7B-$i$|tx} z5uW4~UJOqtC2$ZE6EL3T%%@M=2^`hCA9BVH{lc3ZCRML4kfuEK*@P(Z(mOoT^6LuGJrs1X&)1yWg+$>Z~ z2!1ar7P<*zU;NM>3X)+iSS(7W9Lx|<`}>hT4Hl-aIOrh{5|Cs~B6gCdzp~L<+kDVm z{u9ZRtN+IfSQ0^*Td}bx&mg%;3|L44_~({>@#-(kEzYLhipB;g1lPg~FM4Kis2bjG zz4~DWk?2Adv|~}%7cbu;%!CH zv)H$`+p-{E0c%Svacr30LNYJn0`;fMG8x+@vCSnwyFA8`FG-J*G&O?B2Y{^UIGb8L z>gFo>K^EbhPR-=vcf0`|t4~RuU>YfKkx4pC-GDTH{ZEc8XbyySOMI{5?;UPuiF|-c zPi5*q*)Rlw#qR61J`}r#kZ8rg=xC}2$G1djOI!juS4DJnP*6-NP1Z?s%kjVne`@>Y zTg=#X0Lq*1h~0&&1g<+HNR0}_kdN@u7l`m9vNfewkF9Txg?=(Ijq=Q6e$W9XTPl)c zg-j2i+}ix9IllhoHa1#Sf;h9J%e{U?8h8Agn;yXx$z z!=_CF6OQ+9dzS&Y{Hg|J{VsOY}B<+IG!6l?{cEJ!zGGFRF|1?PL(pk zLPdY7uZ1Sj4q-kP;O{O+NC5W9L`D-6O8u_9PSA82ds@4e*W>b9f&d0ub-h*ssKEc@ z1&|+|Rl4o?>5L{_r<${wRkVyyf;>V8<1_!MQ1h5utqvO&hGT5UfKwubtTqJ@Ls`Rw6Gvj?QJ#fu=kNo4X^q7mizTV-b1`d6!Gob*xJoPP{x3Z$>kB2XJlnru#-!M zgqcC2!;c39bTH6oCH;#LD>h}^m#-T>$uHzsfRNMhTa{QbX6D3*Z058Znl?mftSr!; zzW}^r$sG0IFb4ejz`h-LJLfTjud&fIq!^Bq)Ii?-eo3EBh)%+Bu~?_=o*{H)QbHPs z6WeCPhfba4Em31l%!$=>+69?g{r=f1+gGDfJSHPlOi$sQV$}iqut9bZT;%52k=A=9 zm!Km}F_&o2c>k(G%b)ss-hEV=#{r(NN}o^B<^)j~DFk9DDDYJ;EB(P+4p(1PZqyU` z!cdBY=Sh=;BtG`J*}>HmrD^a<1cn4to=g5tiove$^SiQVS>SpmQ(I|VUTyf~cZpbG zp{~KkyvqO391?~!4gh;r@VZoOxV+_a+j1RZ6((mmo2ZsAv34tg!w`g&XZE5Z+QVw{ z1s2f}VRQ;PU&e+nKOdLH4s>0s9hfkkCK z(EQH_9i7H5KF&*gL68>a{o`9dZ=JR~kAN8UFvwa2{g3xu0Q{=*;GUkG9F zA?EBRI*k-I4%cH?u}zWCuuf$fZ~MvfPzwOUonjxTI5=yMCQF-uwOKacjNm;JHNmxq zaf6@``Lf;K)9#oM6tPJFmH)cT`}Z(`kEA)|&nVeI_d}Sg8~eqFD&Db8wyn$JBk}Yj zd(`)w6ahl6ycrY%&=?X9daIsw1+7L_tC=V!9DAqq?ptd4AJq6^#iNP1#r7@M45$Vy zK`lcvRf!h?rr)M%4G&;J2jw9syoaD*m~g)_rJcn4ZpLfV{o4@fvuGia~3ZrKMTMmHOraC~oWZ-4z z_V{siPJ$mzM^(73de!C0wA)&E4-(-|BOY{&3i83le*nmsofoac*x9ENWuLEScniLH zC~D9^f|&)Q#`s}-UyzN3ynBbs>)!P&YX6vKXf2%g(m