From 4feb3514fde757f869c1da06d85ed4a898c47df2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Taneli=20Lepp=C3=A4?= Date: Tue, 4 Oct 2022 13:39:10 +0200 Subject: [PATCH] Added an example of a Nginx reverse proxy cluster using RMIGs. --- .../nginx-reverse-proxy-cluster/Dockerfile | 28 ++ .../nginx-reverse-proxy-cluster/README.md | 45 ++ .../nginx-reverse-proxy-cluster/main.tf | 403 ++++++++++++++++++ .../nginx-reverse-proxy-cluster/outputs.tf | 20 + .../reverse-proxy.png | Bin 0 -> 107701 bytes .../nginx-reverse-proxy-cluster/variables.tf | 130 ++++++ .../nginx-reverse-proxy-cluster/versions.tf | 29 ++ .../cos-generic-metadata/README.md | 3 +- .../cos-generic-metadata/cloud-config.yaml | 2 +- .../cos-generic-metadata/main.tf | 1 + .../cos-generic-metadata/variables.tf | 6 + .../nginx-tls/README.md | 4 + .../nginx-tls/files/customize.sh | 1 + .../cloud-config-container/nginx-tls/main.tf | 42 +- .../nginx-tls/variables.tf | 34 ++ .../cloud-config-container/nginx/README.md | 3 + .../nginx/cloud-config.yaml | 14 +- modules/cloud-config-container/nginx/main.tf | 5 +- .../cloud-config-container/nginx/variables.tf | 22 + 19 files changed, 774 insertions(+), 18 deletions(-) create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/Dockerfile create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/README.md create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/main.tf create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/outputs.tf create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/reverse-proxy.png create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/variables.tf create mode 100644 blueprints/networking/nginx-reverse-proxy-cluster/versions.tf diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/Dockerfile b/blueprints/networking/nginx-reverse-proxy-cluster/Dockerfile new file mode 100644 index 00000000..748a64a2 --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/Dockerfile @@ -0,0 +1,28 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +FROM marketplace.gcr.io/google/debian11 + +RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y curl gnupg2 +RUN curl -sSO https://dl.google.com/cloudagents/add-google-cloud-ops-agent-repo.sh +RUN bash add-google-cloud-ops-agent-repo.sh --also-install +RUN rm -f add-google-cloud-ops-agent-repo.sh + +RUN echo '#!/bin/bash' > /entrypoint.sh +RUN echo 'cd /tmp' >> /entrypoint.sh +RUN echo '/opt/google-cloud-ops-agent/libexec/google_cloud_ops_agent_engine -service=otel -in /etc/google-cloud-ops-agent/config.yaml' >> /entrypoint.sh +RUN echo '/opt/google-cloud-ops-agent/subagents/opentelemetry-collector/otelopscol --config=/tmp/otel.yaml --feature-gates=exporter.googlecloud.OTLPDirect' >> /entrypoint.sh +RUN chmod +x /entrypoint.sh + +ENTRYPOINT /entrypoint.sh +CMD [] \ No newline at end of file diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/README.md b/blueprints/networking/nginx-reverse-proxy-cluster/README.md new file mode 100644 index 00000000..9cacb4b0 --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/README.md @@ -0,0 +1,45 @@ +# Nginx-based reverse proxy cluster + +This blueprint shows how to deploy an autoscaling reverse proxy cluster using Nginx, based on regional +Managed Instance Groups. + +![High-level diagram](reverse-proxy.png "High-level diagram") + +The autoscaling is driven by Nginx current connections metric, sent by Cloud Ops Agent. + +The example is for Nginx, but it could be easily adapted to any other reverse proxy software (eg. +Squid, Varnish, etc). + +## Ops Agent image + +There is a simple [`Dockerfile`](Dockerfile) available for building Ops Agent to be run +inside the ContainerOS instance. Build the container, push it to your Container/Artifact +Repository and set the `ops_agent_image` to point to the image you built. + + +## Variables + +| name | description | type | required | default | +|---|---|:---:|:---:|:---:| +| [autoscaling_metric](variables.tf#L31) | | object({…} | ✓ | | +| [project_name](variables.tf#L106) | Name of an existing project or of the new project | string | ✓ | | +| [autoscaling](variables.tf#L17) | Autoscaling configuration for the instance group. | object({…}) | | {…} | +| [backends](variables.tf#L49) | Nginx locations configurations to proxy traffic to. | string | | "<<-EOT…EOT" | +| [cidrs](variables.tf#L59) | Subnet IP CIDR ranges. | map(string) | | {…} | +| [network](variables.tf#L67) | Network name. | string | | "reverse-proxy-vpc" | +| [network_create](variables.tf#L73) | Create network or use existing one. | bool | | true | +| [nginx_image](variables.tf#L79) | Nginx container image to use. | string | | "gcr.io/cloud-marketplace/google/nginx1:latest" | +| [ops_agent_image](variables.tf#L85) | Google Cloud Ops Agent container image to use. | string | | "gcr.io/sfans-hub-project-d647/ops-agent:latest" | +| [prefix](variables.tf#L91) | Prefix used for resources that need unique names. | string | | "" | +| [project_create](variables.tf#L97) | Parameters for the creation of the new project | object({…}) | | null | +| [region](variables.tf#L111) | Default region for resources. | string | | "europe-west4" | +| [subnetwork](variables.tf#L117) | Subnetwork name. | string | | "gce" | +| [tls](variables.tf#L123) | Also offer reverse proxying with TLS (self-signed certificate). | bool | | false | + +## Outputs + +| name | description | sensitive | +|---|---|:---:| +| [load_balancer_url](outputs.tf#L17) | Load balancer for the reverse proxy instance group. | | + + diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/main.tf b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf new file mode 100644 index 00000000..db5b6247 --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/main.tf @@ -0,0 +1,403 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +locals { + monitoring_agent_unit = <<-EOT + [Unit] + Description=Start monitoring agent container + After=gcr-online.target docker.socket + Wants=gcr-online.target docker.socket docker-events-collector.service + + [Service] + Environment="HOME=/home/opsagent" + ExecStartPre=/usr/bin/docker-credential-gcr configure-docker + ExecStart=/usr/bin/docker run --rm --name=monitoring-agent \ + --log-driver=gcplogs \ + --network host \ + -v /etc/google-cloud-ops-agent/config.yaml:/etc/google-cloud-ops-agent/config.yaml \ + ${var.ops_agent_image} + ExecStop=/usr/bin/docker stop monitoring-agent + EOT + monitoring_agent_config = <<-EOT + logging: + service: + pipelines: + default_pipeline: + receivers: [] + metrics: + receivers: + hostmetrics: + type: hostmetrics + nginx: + type: nginx + collection_interval: 10s + stub_status_url: http://localhost/healthz + service: + pipelines: + default_pipeline: + receivers: + - hostmetrics + - nginx + EOT + nginx_config = <<-EOT + server { + listen 80; + server_name HOSTNAME localhost; + %{if var.tls} + listen 443 ssl; + ssl_certificate /etc/ssl/self-signed.crt; + ssl_certificate_key /etc/ssl/self-signed.key; + %{endif} + + keepalive_timeout 650s; + keepalive_requests 10000; + + proxy_connect_timeout 60s; + proxy_read_timeout 5m; + proxy_send_timeout 5m; + + error_log stderr; + access_log /dev/stdout combined; + + set_real_ip_from ${module.xlb.ip_address}/32; + set_real_ip_from 35.191.0.0/16; + set_real_ip_from 130.211.0.0/22; + real_ip_header X-Forwarded-For; + real_ip_recursive off; + + location /healthz { + stub_status on; + access_log off; + allow 127.0.0.1; + allow 35.191.0.0/16; + allow 130.211.0.0/22; + deny all; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + ${var.backends} + } + EOT + nginx_files = { + "/etc/systemd/system/monitoring-agent.service" = { + content = local.monitoring_agent_unit + owner = "root" + permissions = "0644" + } + "/etc/nginx/conf.d/default.conf" = { + content = local.nginx_config + owner = "root" + permissions = "0644" + } + "/etc/google-cloud-ops-agent/config.yaml" = { + content = local.monitoring_agent_config + owner = "root" + permissions = "0644" + } + } + users = [ + { + username = "opsagent" + uid = 2001 + } + ] +} + +module "project" { + source = "../../../modules/project" + billing_account = (var.project_create != null + ? var.project_create.billing_account_id + : null + ) + name = var.project_name + parent = (var.project_create != null + ? var.project_create.parent + : null + ) + + services = [ + "cloudresourcemanager.googleapis.com", + "compute.googleapis.com", + "iam.googleapis.com", + "logging.googleapis.com", + "monitoring.googleapis.com", + ] + + project_create = var.project_create != null +} + +module "vpc" { + source = "../../../modules/net-vpc" + project_id = module.project.project_id + name = var.network + subnets = [ + { + name = var.subnetwork + ip_cidr_range = var.cidrs[var.subnetwork] + region = var.region + secondary_ip_range = null + }, + ] + + vpc_create = var.network_create +} + +module "firewall" { + source = "../../../modules/net-vpc-firewall" + project_id = module.project.project_id + network = module.vpc.name + custom_rules = { + format("%sallow-http-to-proxy-cluster", var.prefix) = { + description = "Allow Nginx HTTP(S) ingress traffic" + direction = "INGRESS" + action = "allow" + sources = [] + ranges = [var.cidrs[var.subnetwork], "35.191.0.0/16", "130.211.0.0/22"] + targets = [module.service-account-proxy.email] + use_service_accounts = true + rules = [{ protocol = "tcp", ports = [80, 443] }] + extra_attributes = {} + } + format("%sallow-iap-ssh", var.prefix) = { + description = "Allow Nginx SSH traffic from IAP" + direction = "INGRESS" + action = "allow" + sources = [] + ranges = ["35.235.240.0/20"] + targets = [module.service-account-proxy.email] + use_service_accounts = true + rules = [{ protocol = "tcp", ports = [22] }] + extra_attributes = {} + } + } +} + +module "nat" { + source = "../../../modules/net-cloudnat" + project_id = module.project.project_id + region = var.region + name = format("%snat", var.prefix) + router_network = module.vpc.name + config_source_subnets = "LIST_OF_SUBNETWORKS" + + logging_filter = "ALL" + + config_min_ports_per_vm = 4000 + subnetworks = [ + { + self_link = module.vpc.subnet_self_links[format("%s/%s", var.region, var.subnetwork)] + config_source_ranges = ["ALL_IP_RANGES"] + secondary_ranges = null + } + ] +} + +############################################################################### +# Proxy resources # +############################################################################### + +module "service-account-proxy" { + source = "../../../modules/iam-service-account" + project_id = module.project.project_id + name = format("%sreverse-proxy", var.prefix) + iam_project_roles = { + (module.project.project_id) = [ + "roles/logging.logWriter", + "roles/monitoring.metricWriter", + "roles/storage.objectViewer", // For pulling the Ops Agent image + ] + } +} + +module "cos-nginx" { + count = !var.tls ? 1 : 0 + source = "../../../modules/cloud-config-container/nginx" + + image = var.nginx_image + files = local.nginx_files + users = local.users + + runcmd_pre = ["sed -i \"s/HOSTNAME/$${HOSTNAME}/\" /etc/nginx/conf.d/default.conf"] + runcmd_post = ["systemctl start monitoring-agent"] +} + +module "cos-nginx-tls" { + count = var.tls ? 1 : 0 + source = "../../../modules/cloud-config-container/nginx-tls" + + nginx_image = var.nginx_image + files = local.nginx_files + users = local.users + + runcmd_post = ["systemctl start monitoring-agent"] +} + +module "mig-proxy" { + source = "../../../modules/compute-mig" + project_id = module.project.project_id + + location = var.region + regional = true + + name = format("%sproxy-cluster", var.prefix) + + named_ports = { + http = "80" + https = "443" + } + + autoscaler_config = var.autoscaling == null ? null : { + min_replicas = var.autoscaling.min_replicas + max_replicas = var.autoscaling.max_replicas + cooldown_period = var.autoscaling.cooldown_period + cpu_utilization_target = null + load_balancing_utilization_target = null + metric = var.autoscaling_metric + } + + update_policy = { + type = "PROACTIVE" + minimal_action = "REPLACE" + min_ready_sec = 60 + max_surge_type = "fixed" + max_surge = 3 + max_unavailable_type = null + max_unavailable = null + } + + default_version = { + instance_template = module.proxy-vm.template.self_link + name = "proxy-vm" + } + + health_check_config = { + type = "http" + check = { + port = 80 + request_path = "/healthz" + } + config = { + check_interval_sec = 10 + healthy_threshold = 1 + unhealthy_threshold = 1 + timeout_sec = 10 + } + logging = true + } + auto_healing_policies = { + health_check = module.mig-proxy.health_check.self_link + initial_delay_sec = 60 + } +} + +module "proxy-vm" { + source = "../../../modules/compute-vm" + + project_id = module.project.project_id + + zone = format("%s-c", var.region) + name = "nginx-test-vm" + + instance_type = "e2-standard-2" + + tags = ["proxy-cluster"] + network_interfaces = [{ + network = module.vpc.self_link + subnetwork = module.vpc.subnet_self_links[format("%s/%s", var.region, var.subnetwork)] + nat = false + addresses = null + }] + + boot_disk = { + image = "projects/cos-cloud/global/images/family/cos-stable" + type = "pd-ssd" + size = 10 + } + + create_template = true + metadata = { + user-data = !var.tls ? module.cos-nginx.0.cloud_config : module.cos-nginx-tls.0.cloud_config + } + + service_account = module.service-account-proxy.email + service_account_create = false +} + +module "xlb" { + source = "../../../modules/net-glb" + name = format("%sreverse-proxy-xlb", var.prefix) + project_id = module.project.project_id + + reserve_ip_address = true + + health_checks_config = { + format("%sreverse-proxy-hc", var.prefix) = { + type = "http" + logging = false + options = { + check_interval_sec = 10 + healthy_threshold = 1 + unhealthy_threshold = 1 + timeout_sec = 10 + } + check = { + port_specification = "USE_NAMED_PORT" + port_name = "http" + request_path = "/healthz" + } + } + } + + backend_services_config = { + format("%sreverse-proxy-backend", var.prefix) = { + bucket_config = null + enable_cdn = false + cdn_config = null + + group_config = { + backends = [ + { + group = module.mig-proxy.group_manager.instance_group + options = null + } + ] + + health_checks = [format("%sreverse-proxy-hc", var.prefix)] + log_config = null + options = { + affinity_cookie_ttl_sec = null + custom_request_headers = null + custom_response_headers = null + connection_draining_timeout_sec = null + load_balancing_scheme = null + locality_lb_policy = null + port_name = !var.tls ? "http" : "https" + protocol = !var.tls ? "HTTP" : "HTTPS" + security_policy = null + session_affinity = null + timeout_sec = null + circuits_breakers = null + consistent_hash = null + iap = null + } + } + } + } +} diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/outputs.tf b/blueprints/networking/nginx-reverse-proxy-cluster/outputs.tf new file mode 100644 index 00000000..ee529a3d --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/outputs.tf @@ -0,0 +1,20 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +output "load_balancer_url" { + description = "Load balancer for the reverse proxy instance group." + value = !var.tls ? format("http://%s/", module.xlb.ip_address) : format("https://%s/", module.xlb.ip_address) +} diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/reverse-proxy.png b/blueprints/networking/nginx-reverse-proxy-cluster/reverse-proxy.png new file mode 100644 index 0000000000000000000000000000000000000000..dd0c8e622362823ba34fa415a24a798cc7105f22 GIT binary patch literal 107701 zcmd42bzEFcvM@Zj1qK2Ef(;Drmf-HeB>{rF1a}$SU4n)n0YZr25Zv7*!EJB|HVlv% zoR?>J@4fr&=K23S)92SU)m2^6efo4)_leb1SH#Dqzy$yR_%D>?v;hE&2M|>N8}lIp znlTOm0Jzomva*^lWMyeJ-Cb<#9jyTXrPz!ttd}|qq)`)Xf_V|7Qc}u$YANaf*1~A8 z5*8&L4qZB-j7%+iIK2?*OS!6|Vp`lJWomX(jz_q07F{@eEG(O5(l0q+sPSu~hOoBZ z2!rcOIU;2zSrUI6VYyJcEMj@&ix z^jC6r;Vdf5*@AsACLy=Cyb(jWgRU;=-vP8KuQ`Z-fErecQtMhjJ8E~p@GL5UX^1=5 z@bRx-PpQ)1YYNDFM6hT~mof+GMI#$>Vrz0ZNHzL(An%@q0VP$k`-iV3lQ)A6{d27R z@hzu^hKfR5J*VX+%9x+iEA@x@O1E_N6tczP`QL8qBsI-%*?>*eRQi z`S6a)<+Tw5PS)>hvIFKNi2tn5^)|n?N8eB?N=;j>&DAb0Isfxo3+pzwMu~QQ zVXc~g!g-bYOdd|v%n7x#tiIYBdMl5r}#wiX!Pzf#@jzS|Kw(`in8>EU~G1AmNX<5BKrGv>(RT`- z2zEJ5;?tn8k^{KAuzi93blBapBr&-5Qq3tuRwxTHo`cknp~XS z9*h&F#zz$q$zAv-@)u0Y_$upJCoHIh!gBaivK&Mr8;KEMxYA>=j4oJSiB&sx8qBFg z>5i2O?io~kL?GKY$&*R0rwU-g?di9&(6tb-80LMIjX7#PO05dAK|gz<()Grivx-Zf zNq}^uXU7b$x@5j*-v984qo6n7nkKsE%etzodLzJyiVLIRQ3Fu}mR@vA$U*P#O$E4b zE9NRHEDG3Hdtwnl7esbPekazBCmC`tl|sMw*byfv!Z$3WDpONgNLfg64=l!Q?D zL5|FVB~^Bm-kFI8Tu@cM(UdvdP>PJT(-Bi&bM>7NeAKE zx+57wc_}SSbIi!pGF1U)NE%rxZ=vZeRAsi`dc_*7qzk=_={W>A=&M ze(Zjq#1w-v0wM##1F~+|F^a-cQDx0zW!h!FbhAbp;`YSJ$y>_1$Y*XS_u=;0^j*gl zE5Bry5P%HU>2>JWWJnR!3_siK&s$fS_q^V&<* zm)UHrY<+A4uS8xdyv%rY^s4xk$1C=i6JM2Q2%lR%|74J}X!AYo4RTsy>_>iIc3<9i zbKRq|ir1F=wKL)~P5biuUi&Ni1<&j#+9|$J7(Sav)*XK|Wui^RY&X ze{6m!4P_oUtJ?L5dP*PZmH;0fSyb721$(}8w9(dm9R}Rkgz0SkT>o}RxovoS-Kzmj z-qqU_+<>ihjNZ!t1ZY{z96AF(38amc*(9NhU{qkYQppj-VY31KDI94yaGh~NWl?48 zBgOJvo|*D=@RCIE$u>kHqTWSVN8L698fYD*`@(G31=dG;mcXBhROpiwT9eP?mZ>gT zhMy@vo}nlwY-4E_@#pAg{=}d_Au8xCe>f&ICKP0(BPJmsa_4%pCj*TXB_-f+*MHf# zw`!5r*A!pLJ!SN^e(O*>vZSn}^l=pqFODLyM6Jy0jIt>?n~mdMqIy9H^EKl@T5TSG zuh(X#YXNf;V+I5M>9X&Vuj~-bP{~kFfJ>0@y_d4oaC>_7^yD=C7w8X*ANxOWe&PHY zL$#Lvy5=6GuHdXtIw_;il5W#%bv#H#gb_<%EB!jYHm8^Ev(%fcY~`SobL$pcJ*(is z*m2>EZ|UrVP80kSODRY(DEIxYb++}Pb@|Be%*xlR4Pn(AoyvCB8^g1&Fu&pI;+G*z zjlW0LF?o%-IF!$2mIXF&*%+&YdUx%I-GOd`KeMKDlRQ~9g*693le0mWlHQJ0OH~d% zb71wUM2mxs9~%>t3zRN5R%bd38c+d7r~UcEMn4$oGHF*P#8A9mH-jZ(E9=|^Z(+77 zufEOhx`kTB$B6qo_ew)rolcF80jbe!-H7X4rg6bY+DHp~E8D)e!_jIL#1Uw#F=sN- z_WimJ`2==dSJ2V18*(2SrMx-(BfK$u0jq#IPGTCtf4jTilM@{e3>F3pfy;3#n~jcM z8V9~S*xR9KRM6)4beyVQ8VF1hoH3ZC`K?d2Nxk)gaXkyd9IjrUUsUi_+{x45 zNBn#HXOuUC4&?T#&glYu&%Fe&1RCla>!>=Xi_GY_@v-Oj;;W8tS&QUOyOmAGq8=;T{%81CiT&@B1SuD( z7Y~9xF3Q_`s*Be%f0ln*8gDQZ+4aglINfXZ9oQY8X&G%1Y}xhkS&eU=^9Y^_vBSo*p$o)(*;e+K&a#!Gk(q$H_wYTNq9OU|Cu5n$rM2A_#8m&Zr{NS zP+-wvvS3m4N1Y#6-}y=5t6iy)P5QOOQ7cqt|7fP10_DDnmGj;hdQa6Q_X=_{0XKCJ z!p!=(q#E-uht0Ise_^Ah24H)Du>lw;j{#^85X!?3fI{()$?gLLP)4ErUsxN3Su1c>x002_PziyNl+6*TT6YzQam-?RiYN{fZE>2wL zRxTFST)s}Of7JsJ^A&jjovc00X?>j>ojpW+#lioe5P5+ALUV&@|3TvEAP&}7)1;Mk zakr)w;Ns!p0ZZW0($b2#TiJ+c%PIVe{o$WD*v`|_RfL<{$H#}uho8&E-IkkISXh{w zhmV_&kMn_o)5Fi%)7+QS*@OO{mHbaVa@HP}?)I*p_Abt}f7NSl;o{{f4hH`v=zp(& z>S^t3|9_I4J^p3ZgMr+Cm2mTN@o@i%&C}lIZ`l4S`6t^y?E0rTvA-%4(X{uqcGQ=% zcY1L3gK83dy!_9^{vqeTivCa2f3m*vuy&VqaeCnNl=#2K`WN%R7yc*XKV-iCKbgYM z{y!rBt>oW0|FS_u+uFm$(d#cCzH+wrl;9KN{uBB?xnBPtn*{G)vi`yJ@7Vw3(ElUH zzhnQCL&M$v!4KwtsV2euFA4vS`xm_!_g`)QZ++pP9qk|3hn^;ZE5`l5y;cJE%MBtH z0FVN_kduDti*ne8m7Uk;hq%wJRr6vz`ie}#Ma5yDlN)%Z32XBy*ZooNafcMQ1=*jwdw>5H%aaYC~8-gA4H>pk;^_T7fyO%P$oYdbWTEY~-=U7@)@ZY5J z>=5)$U9rafoWGT#1em5GL?QZf3e{DWLN#NjG4fLT8x5q;831nx{?3FLDRw4Wl&UAd zie{$2Rq`?5Io97=_~8k03Sd4COV612@03Kr3CThGI}d;-<8YJ!j(y?ZD*oQp=u%^U zTRD+k--C(yJK=^YeC*vUC9Y1Kv4Q3VKgvIAlv_I*=tw@BF!*Wr^R z+(?^ZC$q*q&t&1KUe=0xZUde!Nle!MXc6r5>RtIl*7yD9%>#|%Jn=|wVWyeydph#7 z2;GJxi9DHrH(z7Xg(e6r^2_^tY(cvV@Egm?UV&Gte`pGIJ=Dn3ZA5$<+ERGZ z2tw_*4*xOx&12D~qM}xfaBLpAgV;?M4or^{5_q+z)1l6K-P;sd?+xjwK(vQfWp&L90%y2f0Avxi{P%(Fn#GrmiNl8Ep-Pr1B9xZ~#)p~$J~S`p8yeZJEYjRn ztI^rx$H%IgvwYo2BO_UGycw*pumT2K6%&p; zkuv`pYBJD!O4rMKg)zSOLFjP|6Kl;Ai!a()2J z5^wRKwHzx&6R8lBXL3r-lILl6&ux~T{vdU##e>gN@g=-($`N`(;AV0OwORp;75pH;;>!!FibD`mt@0m&Slg^yuE)yy zL=YSFjcBH)4MWrt*qxXmWCoC&R54>mEA{{0mmf}u%5r|<@&s{MY&YFt%vBJi)A%`3 zs>vpJd_ux^ptYDWb0KQ4-*_I%V+=KUdb4H{LxL$bMRMIi86EBF=fta!4VDp&VP9GL zNDv!llJDJQx_E^qWQYFF3Gjsiv!&bHzFXiRg$}9z(Fs{h;*{PaAUuFdIpV%>itt}e zxcJuTzAwAEslL@z^k#4Fae|8Cd?`x{%_#OasvtKP1*WTsaBXi*Y=!XG7c~7?mddMj z#Qiu&1f4a`xME51UQMm(LdthiQL> zZv)EqLKD|XCH1W=9jf(1d|f^2UP55(Dawqig4J(r)#p?R2hE1;}5 zV2%HN7xgmDPYiV7f(1pQ3yv2UEc-|=QST2h&BaN`|M%qKgFX6*N6j|F-K32{wA!r- z-11(AW2(*BtKY=X#CBUBciHUgJ-iLSX!SzEz9m2|^!IUYP54EZq@}#^=leX$cqd}? zbm(}IjI{u&wKp3*V<_4H#`|-4eU_UmZCvj$FX_Yv;D*P7#S*jNTgLOxSTdTQt>fTe)*{~fB<@k*6ar*qLh>vQYqk7)9wEAgIh&~@ zLVB&)-Z#`ZJn&3J>hogMUeT|U!2P&K=>o*rQ9GPE$}19%1|fM8uc8 z=SM7e8!WYf+Gn_9KXrBzYeP0Qlemra?a-{Az!*F5R& zXGHty{gm7rmR`Sd61aLL0`aCJUvE>?{(%sPVI?DAsZv?@(V()b0R{S+n{bj(1FhOt zwjyso0Ol|(uiDt-o%rX)n?B6m`MX!+_e!L2x0zZ_aE_s`dy7WAbC{aLi!Q3v6mB>g zo6mjz6k`6un9#mSZ)=W=t;WPy8_}6yU>FTAr0o%4u}Xryua_Lie;ZGzcC{5IauB0_ z7&&1o>A>KL}GV>510Bx_EM-&z$2Wi>{qe%N}CZj^o zati>!xaUVa!1kb^Lj0cg=srSMHcdo%i5CL(js*+>SC$iwj1L4{^`y$rHavnz$h`>J*6NHywolqx%x-v+Nu5UL$f1y7R6)t**=!Uh3LbPC#CSVwfAT)^J6cCU0C1z&s)DYO1_( z&AA6#*PL>{#$IE9Ix{Rd<4=PhB@CRdBqy>}`8n_-NLH&sBon~SjsqSjGyaQBXx=k$ zLTx?zkvOI^mN{|dQ8G7IO>jT5nY&$9wV*rOG}s&EDiKC>m&hi2F9eO_jarA|kBSEE z&K(Ud)|Gr0AVaW}H8m(szh zV?mkhOD=EWN9=betR#j@NZ?Oxi*wAC#7LR%$`(ovu0L)*BIIzUd2LqEQYMs(IsDV^ zX`+{4MEp?CfunB$>QWWGrDU{HuiXcl7#=DN_*ZgpXPXD@4s9hKc#!E4cO8m&t$>@p zIiY~J^yj^Z8)-t{sILAFvDelRx-Ca(iJo^%MFB)NS1q>R=vY2F3Pwb^sIt_ZMUyNp zXMC?mNtGz^i=YNcU3GiXN2GPN;fAeswuXvxUi=7FNW8@@Vw9J{r6XZ)kL^)m>XeK_ z7iHtqU2W9VB?fZ-6u#g>9$T_IUryOJGW z2f2FbfE*gfw~&w{o!NIo<Qca=dg-m2_^ zrF7}DU~VVVj!)<^_P85lML2YT-&mDXETSI_6K_xR4CL~5z>D6SE4$d7CmfVIuQtDnGA#+%LS*z#Zh!Y`y zx)>)sDuMqiuRfA6r=gGoG^M_lHXHrBWxQ zK*;^A@^{YO4$8phPjHw_==YJPNH?yKys|bd-c+b8ZvQQvOfWv!$uxZ>`m%GoH=JjV zN!q9t_L~AiRP?<-Xxy*wg$SVRYA!y`(7QBTvMsfe;XhYs4{NqDx=tvJlj#y>g3Aq! z-t*#(h$+0F3t}!xXvc%w^F-uZ?E!-?bVByyKN*J6c(`BE zcK0a>$I+{jbZ391qtIk<6A#^x@xgw&3^^$PiQ734Y3W8;`ehK`E=7=S988y^y%zgqPRc>6_XzSA!iwO(3qYN8y0qos=_(t2kA{ zN-mjaKaPaf&lTjH$Cgs6O9(9yQqvbAMFgyOT;ZK*L{iQm179usET{I%CvcHy^>QY3^^+v-Xv0{20-_l@biN#bB@ z{vNYaK3eE6UF;x9|5_$FK73eCjfVPgY;bbBj#DM=Mk4C4JRzP-OQVTaf+*FBjuAr= zExL@5J@B4<;ddGtZH0{fN+^qhoiE}=og&-?2TT}@i()Mp(S1k0%Prg5;!8sRycWSO zm)4drD1iv13Q(mhimPX3z~2i=E1^r$G7Io}o#)2NPhZy_aVZ6N85WIsCbvaVJWxTE zd3Ig<@OIt_uLq$rA5}RkCP-p@zYqMfSTF0ked?xgutHEza{nnv(-H`Fk3Vx_=*_K^ zL2veUOm%t~!gh)1`m1djHk`;c6tGv(s$C@d(>A7^h&?vFMddbw19%&j^Rz77ia@Gf zd&KmXtVOpoEr#J+L8L*V9v|q>fYGI^}|HQMr47EqS@Jxd(s0mter| zM;Qz;}9vgaVjpr`jeVH;3954tkhfUQPe8N^w(ORnCTAkCu(o&vpmFpdHh9##L<#YIFwT*QDuv$bfDX~!7ZClUX9t<$0Q0JiMW=|-H(#w+APtm$FiW)Wm_bPDJEeRkn-Ha zCJKY3dG*Fq4(y&=#0B$DA;DV{18;v8&^O1UuJ~dnqnRaNe>N6v?o^&^n5*_gwzya> zaQ9mZ`!>3rV?X!}HM_urd61_6QRen!Tn5c&t>d1H{#Y=3E zzY^0ljYbsZB71SIx7a15iGJsEvh!FK*CvaW!cB08;MS^+ezymiUtXg)sdqJit%B=f zHFD0=D~bDRlGll?f9D1E_VvMAz~SoShsr`fe(wU9=RdpXSmr%j5m8FYlfs zR^ELV0EYeYzgQ&;Y^4B$26lrrk+0;$-X56%uA;v@M|ACraI~pm=`QhBglpaj?$KxM zB=;asEMg2A%p8U0cGj*DLUQA)Bo!a_+M?m+IoMHHlWz4>Pdps4!FFyAwPx>84ckb` zhJR=zk-alPfhV^H;lg3~a&x=^$y$x~m>uMKf~aA~nlTd@FM$WwWC?5G2=S51JFa$2 zF4sqD2Bti=If*fS!BJ*7dQQZP>+YwFg#4G1WX+bBza?BhoQyEesNT@H4?Uw~ET*Jm zAW#4e9g9}Z=;QaNZh8RQeQul^A~k&(+Xuu#bC3A<(|-kxMi;CFd$;OI!r)JUw}Wjn zrGJRpK1-B}CjqchoOFgF1+0(cv0tecD0u1^#=M-Vb`J^2+}5~|CJf4M)Oal^C-yy5 zC_`q}PHx_H0jzTz9o*=25?=rHgua6m6%DBSf&Awa1bKDOOY|0_eU+{vD%1&f!hl9* zBkmZwdryxSgz`2P6P31^R#jPK5onF~muGl~1=YKAP;=pf1~?L^|5lVBHFmudC=gQz z7|F$wl`C9(nb1-DLC&>Ov|f41DP^GTmd3AR{B8@*_WnE01~s`?lwJ2;4GN(nIbFX5 zA2`KZfIi2b>`tWTc#b>FESzr{nRs_kWwB{0Ze-10rAHwj9i-o`zsl=GNoT~_sl7;3 zWtbSim0^;=GMGq6$(j@yP7a7v(R^o9929&Z&0B>{p$FnwXl5P|C9&J;iFPL|+GkNu zjQG$WPU-7AqLjc)FHJ^&5 zHc3j~&a!_T0gziy`sG99=TFcJs@Xo>WCcwxHqd;j*{zzR$?D83rjD~F@rH(dmM41h zt+skg%;{UT3+SCkYa#z)V@Lep`rKgQkrxPX^8{qqXk9JhdE6%UX||>Gr!YEBaqZ5! z&}RSOqUWhp@MOvozo*!6v7MH!rac_%4KPEeM7mQ&Nw{>+=SByTw#a%K6M%%ha|a|4 zj?uS$ac>T=Bw4;Xhjn!Do>o^SmRAYka4@w5eo=3hN$ei-M4}>a`%+;o2pQ zoI<7!Ji}gYiYQ>k|3u=n>o~Y5Ja3qC7H3FBWt-*R|C{x{W^S(iM4cMLneSN6;Vomrts864ytvs7Y({Fvbj`=0S7f=W)-8KIF$@5bMnfw)p`jHjngZm}EkBQ7H-I z{>r1k^6+qAm*8=UF9yQD#mZAl|BVnx<&CX$V{R?cNVMA;hJ1dPHAW#!Y;=>%N4D>q z#(CC}`#UaT?I%WTsyqbQuHHj9?On-MFlMZMnBfs;=$g#TIe!=()AbKMCrPP zaMRJtp4`b-Mt&EVFuxiXveDCqsRD-ycHHaRj8TOMYD^b$IbDS}WAe}FfgeA(h|}`$ z2L2ufU%QhIKYqLP`*Yc<9pyZb5s?VC&(>+wK4FyyJuST2X4erQ8c83pe9DTf*fOUl zkuR+riI9~NN>-@hCTHfNyenu)vKoQE32*0d6LxdX-_8dLhfq$?v5(uD?o&i4w?a`< zGh@RzF*Gx67v97yh|+y>3cb>b6%uyJR8fM3x}h=S+irN_usU zS|nPDX8Xz1>=zq7sKuOM3dCoUkmg1vdqNSuJ#Q2w`J@OsN2|#{W*Q$Z1E{CkAYVF{ zGySFLck7d_lGPM#O6t^Nx^>Uh`xEV?0D^qdGc_3T{>^DdXn;5m2{&it$!hH^lcgVA z(3u5?D3hHwPFpjG`kp@&l?_9w{>im!$Hk~*kRU{=*Yb)aQwbUtNaUf>2lg(_Ik%#wv5_lG5amhx1o}_dU zdbFW-Lw_5?=X(O$9=h4`Aa%kN^<&$z_(m}IA(^DYR}-BW<7qxvc__RH69~8jaeT3s zD}t!iit&1pM-U@w3*|r;IUD5n-gH+77KbH>=(!AZ0T}p)DUH6aNr$GrZf)r++q(3Rrciq)@`^1puoEn7+pg_kx;C*W`6CcUHPPmqK35$t-?-ax0_!Hfn z{UYN);UpFj5G-2X<44vm>iKkgL*j?e_>)hQ&WEa8*C~^I%^Z}Ct}>gSa=r?>!1eHX zlNR#zCBplmrfI~0i74MC{Aef5-fiS&dB)QNOn8#aVKgz&a>#4=HhH89w|GlLngbt- zckz}zuyLAbLQ!mMxOWUQYVgzGJsJmhes$~k_<)ZC3s`PoeYk^td^`enEP`D^1*6w) z3tZgl5MQ=Ujg{e`mwh+jGg{JN)zkLekIii@DWDyAhO5W;hn-d-8dOeQfK}^l`1 zsDd03(4f)VC^c~1;^uMX{fyB)rC5yS61=#@fmx2t+};YaqcPkBg_0!6D0dSGXJVXo zTN*n34G*S!Z}3BeW8g+7S8S9qWU1=>J22BMh-M_?9z@{3_V}SO7Q#OF(!P=FZ%n8& ziN|f4VUbEr#xGrGzBY+!=XvWSet4Qb#n#%26YW_=1suJ=KrnJJ6Qsi;YYK95zfCx6 zyRO|?8@XqPCU^8oSoXnYB0tyR%(EX8P&vEOBiN0Sw=YbIP{W2#h^OUSOtji`~675dwdXtV#6_3yhK{k)( z%5pWZU9BqpNKX3H(vuVzwC=wDPJdstPOsYdnUK@bK1Oc?-J$0ftg%3%r$qB8^~ZrN zi#GHkW>bpZhlR--A-ByN~&pjejI+E$m5 ztRYqLNBm4n8VyF1+vG*Z%;b@Ii($qvvZRK=dzQtl7{q3d_=H;JYOWGx!cvr-+! zKJK7VIcmlFkkGIWdPjC5nTmKNg;^bXx;C_9f|otqe)WqOM*4N5@xN`KqEwjGKC~{% z&csY#(;FO0yd;R(xiNA5C7w6-yQm$&HDv2mXSnkN*Nfo0G=$#f|b9qkR|UG!I;Zd)>R99$~BJVSEC;x!gFhFIJA zTdhd%qscJWVV1sTix@7F8*=%rU>drusB2lF#(ISKmifL;prUK8;aOIA)dM)q$*DI;47Yp$htve``sRR*jR9Ck> z6ZO^H8|bS9A;a4rolcHfsTkla1j}X=i7_hm--)!$ms={?!H+AYtzJ{7_et1Ady(5K zX;t7IFC^=q<0?D`MUn%?ovy~4`efY~Eghqz9W6m~=2T1OsJ;<~MtKOoA27D6?Vt#; z>|(N=F_Tft#iEtp**?VkNOhyow74d@jC#JtRh+J58ED{qJgjNqxw&aSx76V(fnlzP zYF#ak${d+=<55V{m2j(V!D@74e;f6J0^gKN5+kyVq10JlU6g9%lOG#bmT2ubCe_EY ztT~be@dEB@lw}Q~TlE^5DOre@w$N_E7IWazAT0S_v=b9PFw)?{Q6Jn`G9R^eJ%_)k zMC47}e}E-4Xvuu@biS?gY8|4G%8kfNt#nLAEL7rOtn#b%`XpVexl6d2c=ctR6+PM< zgC)KFLto8(gnE;>Xz@5Wh5vE}*2E3cSPmp)KGr7W=uh_4AYo?t&>Fg3Wn|$uH7IjU zrT%#ZQ_GS$B4>#3P2+OLFKn%k?L;OwKElxJg5AhCEn_Z7$%&LCF0DZTDV7wEIKFg5 zDTZWh4ELuc+5pY$La81(IOCnAsAISu)A2WNVma0;RcK{2c2CJi)t^Ltvncy07>{Wb zy0?4hq^y>s@3a#(fAyHQqbj34rvJ#|J9!+0%`fhDf_0?YE8%!RTjUsdR7f}-CADQ~ zvGrKKa3*Fvr|A)7w{VEtL^r~^j!=fS(^1inrV~ClN46yBmhytyaq|!t66j`3UixjE zweI~oQdcf?3h97Z0z4ujqZmBXf^N%h9zN2a&f=N~38^!4GLF%{M!QHubwJu;N91eq?=ZgRZzA+UAdQm!`N;#|NDROp+R6j2L}9;t4T{akbbnUae6Ksat!$}U$q6_akc z@zw;_5YlDCrXFT(A-C{)p4}a7(OS+B#rOW#t3E_e29RMep&cGd`|H>%=1blsoJAYbdG2S$G za(1>iVO{Kj6(DviZLD9@LUDG?zlj@e)<}M>D1nuFhI1Yrou%5l8ZDUj%8as_j6v8# z`{&$(5Ouaaxtv12k*Ztfl-CUb1970$*5>Jo4QvhY_!#CZNKnqIAUUr%UcNLyGJh$= z`Ytu}plS|G|4TnPmQ2Bc?=-cP$|E3p6A~=Vo!*zb+j>cj-A!Me^_ls~AoS88M#NV7 za~sa>&Wj~S2kweAHvlehq7c@?6U`Fg{zbCjUGpX&=Xo~TsAY#q*NZ_CZf0}I!ODlN z7tX4l%PPuyXXEgn!S}xr0^Y*y%s1^<$h7-RmOq?k>WrlgDQGAS4l^MP8s%?}`-0u^ z6W(%_!b6tXBl9skj-}|#ZR2=b-(;xw)F^2Ye`5kQ7kn*7z|v?hlNv}3*;d93fXpNBEMv0UEW|Pc>SRw?lEXnNy=CH!1g5+w!v=h9cOnk~ezi zVvTi#ZpkDFD!#)B+1oMQwoOgH^5#|&5g=S4tu+%QoJOO|v5b|$-a0R07>eeH82dQR zW{V8o*NYGr_4!^MJUhQna_;lyC!om2)(W>!l$7I!yJD=KyM}w;h{=yHbF+)<)3u+Xs6dky~HpP1NB)_Tf^%D;f1l zne+90NP_Nrl)}W38c9sLqxUC}Cq;dONh%-wPI+{A^}9-dB|NKxzhl_=tWN`GciwJ5 zrA}_?FZ@vCKGm-M6uB7r%tzDMUE>mtPYh$_@CvDfaa8t6)6RPkOo+)hiJuD9TaAem z?aI(X0u;RFx#1&(s};gz5SB0pkX!~l-I8l_74trRjp~T+Z9*v!f-6IO*xJG9pfO&C z6D<*de|FSd{q$Q1#T;>}gP2leDT!n}iwYO74aw4GBMi9iA_kVdCj!%Jtc{ILpmOL5 zyvOKhk`w+AQhE6}Qu;XfVLSs5QY5eCdEb{|(N34@~@$p0$37?H)QpIUI&(@xfCngedEies$ zG*@nx> zC_$DaN=m8lGan@+vAi$Hrqz~&Rz5mBMsDN9_ie&%W!jgj1IcH4Rm^j8a??j)QgHC` z(~OyNYJ@|N`+7zdk}Cp?4%b)2rthKihBH8)e&eIl9tdQQ2Jqx)dCt?rem@a%MAh<{ z1J@)Kbq8LocVKBLkPNXQ&v^`kL)0d{iZ-;cEN`lwUIh3JlDU&$u0fD~0POtNxNCDW;Br{>y zl<(=b#6l!iC7By0r~}P=XDQbTLQi@F$yiym8MfESG-P6^!|lFh5H^ut&Jaml31MQ| z#S1Lb1uus@%M`Lb;>>M~TgTtP9>|e!!fI$(17_X-km%z&-t6y@2#O1*B#%|79&*yr zTn0w%nj6i17!4;(6OlHuG*snKly>fKE-McwoW}{%1Ipq4@aDvALu0zXb5C?qoF>nb z_h{loo-f5)8km~qr14G3wNZ~s#(Y@niW-GT@2#`er!(z-;6|F^{IW?ff1j&M9g+WK zPlfY_p1Wq-1VZvXKjh@9_SbjwFD%!ZFy|BD1iW_2?UUc`ayw340rxJ4+`^B}K61BX zaZH5E2ZbVb%$z+jfk9b=Fh@DCuGDgXtsheYCx$a_7|FQMY-N!~B+F8UCH{R=CG;`J zySqMz83FvW4)zG1V-H`vqRqiQc@FB}Al9W2U(D-x+Wp@lrfrj1k0Q*2?k~i*kRe!= zM#+N>TrueoTxP$@exERojrPcgQ1W>^G}eAiuCOA(gEWX&+l|ig{vzXzVO)=)?0Gl$=+-(s~FB-A)1dk?OO-56?z`XQLE4AA-6+SPK8Z#kCdWT9OD?Fh@a;E2gt;%>aisH3W$8nG`~YEw*E38b5ILXq?uj#)(3OLVJskvW|{ z924SzZ)=)*7erv3)FII6jkE^HTqFjgtbki<*_>fLh`dz4ffB(tcz_FSx_=5>T`RvRdpgDh^>Y29|pH(7R*VjWA@)(j^;)qq0tIacsCE`*Cl{Y*(NHO@)l1V}VvdOIPj&>#oEC4}3*ELGpUSy6TYojAhFS zJ-Q&EzE?z+;d%s0Q?;zbA>&T8rV~SO+qqmwIN&WrcHx489JRXCuG0#=#vL`~N=&|1>A1a? zMo24RP%8ZH>N^SC?U1hP`}v6#{kRvI4Uvcn{o^1gR)csSCZj)}(0$s}c zZ4r8K%9&!#y{5W%zGUWQ&->U7+~AbW4qCBgj8qpouq(~LoefD@BhbJH8#_4uc7~kO z3tIQ)eb`Tfmi1`A3-|=+IJUkqAw$4kRDIR?CaL|0EwX0>BDqm>$K{vkqTAJh>bDTNTH3*Yz6k)DpRXN$kX15IDLkI8wzz-{+fnBsiTlUw=(C-!1i) z^N3kTwzbV@^zB_0K3S}tq$#cd91IfWhCQ+m-=?r|e`Y8Vbe@>7tS%dfJca8&>&l4nQ>Dwz!2?{qRiTd2hb8gdnf-#JXfjjuS-;@+& zNxVlj#+iNFnj%(s?^XqFRqrUJDOJ_1-?Eo${2|OWr~!a;b27uR1dAaQDgo5@b~`|4 z1p+?p80P*{K=_NE{caOuCn6L9g6k}|Uo6ND2!;wx%e3Mh!;$a%YNv_K=cbpmQCsi^ z)?3%5>O|LMGFIG2b?*lR4w}|ND}v`M#k>d>uCp02*kGd2=jll{X}>K*>nN{jmc(;7D;0GWDFqkBi^TGiZ3?_Lwl>N3;V5Xc zDfpm)#-M=UUi}{3(XAMF$MDEA2AGB~1|_Jc-S@VoZvmt(v} ztWmt?GZiagJ@$>r6={ydz_r9T@8fR~!-Q@JVI~z;KP8hJlE;qpbe8bElPy}m)aR(n zKAiIU!zuny((mX(!DKm^BT5Cg`ay#o(uB0W-K;;EsB)?(upWCxoRGnM=AM0HV?+gs zqu{<+Hm#B*$p6xPW0EX)*b)h(7hD8 zI!P$M0)T-hE`&tER|o*yFe};{z?QDq(~(n`DoQ3*3hA;TxfdD`F4dUpl{N7FjIB|& z6H0B4bNFk&?B-8nfv(Jl8E%xMfuSr!^WK0Di8_N!Z@MS+F^=ZEvtDq~=`RkeGr4UN z^|m!1Eoe)o(9f;f{|Z4!sW7-I;Dks>ktng;u*OO`fY(rwzm`kairWK9&j^PE|Lds; z)l~|ywPX9kV(x#=k=JRXJ_Z>6>ilZ>hqDy_{N_aJf#NyvkAC_K`TvVgXmIgZP;B5? zUtx?e@jkyG80_ubLlian?Ctg?RYx)`&6*OjYyCQEXzBNLieEagl9KG~&VR|I|7c*Y zF+VH$Y~wn>`(pK=54Pz)1mOnFC64sM#3fDh=XRf)7EpZM6u4c~6rR|f(OFLFK>8$# zx8PS!h_p^*Evugn*Ib@1E6BpKCrBE|vVQyIli_aCUyj}c_?fI$n(Wx=al;=-{FV%q25i>UH?-Iu@qAht3x?mGG8;?KG!;>zmc1Er|M}%ihA08zl$X z?)EpbtPCbYFv<1EZop;!05ZQdf9dSzLKqt8 z$Zk)6$px*QGlyIrGM}XdJ-6Wx8t`{yckXe5?_ZiQBSuF2-UV#Go68PtAewVxnOK55 z7;%~225e^!Y~99;Tm;srR`jP9D6${GlFPiZZTSi&hC~v@Ro^hnQ(|Hs~Yhr_vb zal<5p5G@Fz6VYpA5IrQK6M~7}38VK>qKhbrE?Ptoy^lJG8a>g?V3g=(^uZ|KB7#Ot^>8I8s_ z_T8mui4x7d1CpDDP@CROU0ZcTEqi`KyYyQ9V#)F7gN7a#XMZ_&bMYQ<+0fZ3x~&B7 zL%u~Q`6*rPtUrLsIh7L z8*Cr5E`9t#90-KSp--`gUMweLaF{(HA*(6@9o2U%S*CIV>xG`|;ck~_G%ZQRC_EcSat9Z1`4P4k_&Z6Kpt5T(yBA?qWeV&L>my>lNeqc-XiiN+{ z=KUHqIY`{a{V~kYn;l<>_joM&R6vg}Y%Fhc(N656Er0<>Mag}hAf;5_!`r=fkx*aD z+r8%EXT(cj#2b?CG=!f1$?Q^J-%4=uzMa8cW1}-EZ^ZOo&nf$UYO}XeOa^*OH|aGJ zYNS<0G-lbH|Gnii(U|E;UXxvMRBdXRiV*+Fw8l(WulGq;Y4jLqbEX1j0nLL&_jRI9 zU@?ep)JZSkK0kyU(S1nU8`~$mbm3M-j^1oOx$obN_B}b-i#vR`=PN9JFKHug4jzL5h6AI27?>u`-sMzr4zI-;LOlh@_Bs@G!}IK zu$ehcbwE8yS!yKK*Lxe$-0-0L)y8^vcY=p4_@=a)dI zhkEvO>KR&N+q)3gro-6qZ)+MT735_Bb#R{0pe~>BY{8D$)MImh;Uhj3rijromMe^OyYYXO@E#|d)uimu(ilA#mVb&9+g z%jm9x0}assg;(kBVP|3&|I?A+zaITn=||yc?$siPe|-uT=8jQ`e=eQHxOV@mp2hyN zdKR+q`Psz3`X@41-Y@@0#lKxtoBi;AcIOKJUFA&J8m_-Pr9VG;E{G`*F7a|2yZ@W_ z_0#>v6j6))R=)e6754vzB5IAvNOWFl#x)$F)F{g;pmOfh&$P2E%Dd>}Ow03BRL|)J zpF?|JCo-kmx(taj>e|>@=LFt$$PpAbLiB-w%Z;l1i{2M>6T6i?Maj`+MqT^Io1Bm} z@22GXi3IAf9<=$jJ z9Fsg`Ey72e?5eMrMaxY-@d^nwEKBoE=11(uxu4KY40#R-4fY|uL7(gmy866Z;{A90 zn!iKN4V#b7>C23y_^2?`Lb3Xo1S5oHe2w*3BTNrw+AK(p*{4_fDw zV=2C@7n6oXKYIZbXZa550*?AHp492Azrh6Z-0v*C|263T0UxldZ+D&3q1`VM(dlh8 zzI7_T+>J6qU?gg}U{`6dmoZ`8oG&_rJU851KiXTm$6t!H+&6^UpACY#04d!Us<wBBH||wt&?8uFFeRZdix%M$5ALn zeWSa4hy-vgdGeu$Sz7=8O4zy=)B;#LV0Si{C3jaU?kF{@%)$JysR@2iG+|2H19qI) z2X^l-oEo8QkYQF`qe z@VD^u4@<|Gd1PQ`XQz(dq#ICO`KA7Dh{nHS&T}g4SOI&rvO8FS@TA^~@QX~8f__neFSwdD9ZQ{}9CgiI?xiFx?LR zCzQWy>VHD{2lD=(Q2yU8l=tOgq0e-1p7RFU0|F+V7Mz{*{xgmR-g=0^A3_?AdheU~ zb*srr`h}#%p>B7M<_#fy=1B#8_j#Ci?%a5(@{dTFPJn?XbzI9DXCJcnJIRBu{5cKo z;gRTVZPO=}6b7y8rh#=0%y8)+=r#Ct&w(Mg9x`>dz9)P9aDHvqGLsj8IH5p_yPyg>_M zGw*ut+!C1NFfm(6Gl~E3y?m>VxcaEzKftDqCC*deN1btY_Z49l4J|G6GiAR~WgD>p z!uOumFG_rRt`wyo#nGo6g;Vu~I^aqYg%C%SKbtHBd z$G6Qz^x&@D`h|XYedD7~m9_sN%lIQG&{BJk|5-J3da(GF;uRBe*@DRmGErU}nTUX> z)4t6ab8uFM8Jh8=!jg-d`SdVsRoDKp^BYY+;O5E7t97FWEV5uxj>b}AvpEmtv292k zH?oqib_UdWjwdtOpZ=7roVnzJl}a}wwe(l?|AUY6Loj5d6$FeHPHa`+!+JU$%#u0P zFy(Q+DZSb1il}vK>1%&#QdDI7LL`VfMU_h5XTx4x^t+PXzBQt%Sq|KWb96(ZC;KJe z86^dU$;LzcxL4YEfkN>;uaa+GC3iaD_y={Cy!p|ENc0nLy)t6~)|W3WZ7fAI&7B_S ztC!Em4y<{`%u|4>&-m7dJ`456wmrX{T_xLJ6pL@6Z9+Qk#NtGdU6UHD15B?`@VSWR z-Msg$`S8^hS}`UNyVli@$1BWG@X>aSp|~gWUitW(=1wyx4WOfAWJM3FC1Js=v?QJ@ z!=9)tKhNEf@O29VD3K9#t1bhR{0m>&gT`(IB%oGrK6NNfAN2Q6h#H0b%D~m~KZtkX zQ;k`cv=H{2UcBTTGyay0%l)h3JKqCLg>`7#qvL3U6UM+$vn@mb*RUA;YAtZN>WV{UiiVB-kKoAzYfXGu# z+nNDZfi8j`K};9#7L}F~KV<9EINpHgCuaoA>d}gL6uWO5+{S5Z&#)Ks+(bsDR@v_^ zu<1N~YENY>Jau}wVOLW#?YR5hzV1mF12FY<>Bm(sz0p1yoWVzW44lNbT6Hs-22Ong z8txvw3dnEF%IB6oVf$5Q`P_la1TR$)ygP1N6=ydCuiq*)&a9Arm*O3e;rT0at78!~T5WtdwmT(rZ z*BokVpi)uCNY`?0A)#a@wNhcWAEsL-!W|g%*?R76i<{IigRxapM1QY&^_XPT5mVu0N2+v1;MLp_V)PlbF;cf6vloB zQ=8iu7ff~W<5S*OSRHp5PBo!cq0gia$d!reCxy_Y_jL_h0vM9d9zId7<*p_+J_Xwa zOu6e!LKXPT-n_N?gmCB=ErRaq6s3x{1Eh}LNE$fh4{&7J7&2dAD!pOZ?(Ny1`S}GK zo#e;)s8biP+q+A!8U)xV22eQ-g3^p@hu0<{JD_rMh4z7B_$OQRcfj897gumJIX+O zcQ#&-m79c4l$3?oIO8ac*Qm08++i}v)r6WX1@c0kKFNLE=KS=ax+nfFj8fOYD)<^P z{s*4W8eJprvF(!+KM!^D#W`yk<)nh>O$&vVxRneBvcP z>a_%rEHPjCaw+^*^NVPGi*ZO9dgRng0n}dkyOOE&Kibr;?d+aQE=#(>nk(8QD z{jv*eM9e!i-ZbLYPJxtJFCEE4X(C02B+yN&-eAYrk$cvbm&-s7651Y8yeT^+^p>OlUR426YB-NK66U;fp!b(vlG| z2i}?IJc4aF2Ad{k+_#VLJ9`%k95RwDF@!_BTJGT&RjmwGSsQyzNu|_&-EP?TpapM> zeI|QM3~@x$0`CQ5=;@w$`p_Grhud>|Mv?a#^YyzGQTon9 z*&5%Sz9`U#w)iOW80=Im;vEOSskN-kMV}SqHW-IiZfTVI^YY_}tcQ+`xsSJid!_D) zfi90Nx_q+nJEbGJZxk2G@65poE3;L|I%N4stf0$xB88(=;KcKLuktf%_V_aFQJDnj zwv4O_W&UP-Jn*O<=uT68ioEQb@Suc*gvp5cb|)5Rki#qMtI>_r-|>tsG+Q7Sq=cA! zcHxBiciN3gWYp;XSRV zHS@Lm+)4rU+oZ)IX@2}*swNaR&bYE%{WSQ70P}Z6W?K5i%1wi; z3Jbd8Nr2X{?$PUje)VS8{pdtzKKs{)u4D<}-C-BPbA@RW&;A}SVM59Gi9h=G_2M1( zuQ9L@e{$xedsE>bnG2b@zUzpugL>$eecbI9!V$g~%K9dpw7KwE5^&d6`PoH$F5ZQd zHk4RH#jCPN_x&d`fP+nM*O8EZ4gKff<7JJe!qAh3YH(q&DBy*fS)7kEh`%aLa8%K;Lg#_+=v5}8do7FLh^_c4V9Q+Jo zhl;q z$fPpAdgvu5dX!gWij7L0xEU;OIgKYI>9u1LQMw7QRo}@t|Hw#`JE^`cSVtaSD^TW# z_88BW3l~tEO@i;R%~TI~_Q+?6I&k7gMm@2t7p=H75Q4f+lxnoF!sge$(p2|B_Q|7p zSB-vGM9mLHz!Z*E))_989owV`?Ij2hSG(#yakR$X>g=q%U^RW#9cLCiCG0qGR@_jd<1X-Nw4ANvj95Ly$ig3`_FAZ93rdg zEC}{FdTPo#79waJOQ39PZrTTzaGHBRka>?P02z8!nWKqF4s77kXY+`!$nu@AZO~z> zEDvzAJB7cZ<%ge$LS%)XA1}jCiD<6|XYY8Q9q-%UNs?XJm$cnDCs~HC*KB}>JNAQ* z6{Lfocy!S9jJaI1_=3i48qxZyGjchtZ{yj7gGvmb*Cgyp)R9JW!mut=mHJp#kPnM) zrvEgf#E|65ChKI?%vDlm;{Z<&QcykKJjMr!O(9oK;;TwU4pxS~PQnRxYe}xlP&08mmu1E`@Ys zf^r?eTeL?son&0Li4pi6hH!u1lWh5n=nqC^e3SVk*e0QM`R)@4n_R{#c*u;*8dGQ` zz*`tcQuwWc?rAv)Ut!G+n+47V8d)BY#ajQGZ5SbuBap)XY!hyM--ZcaOB0)4RWS0c zd$)>hSub4usPP&4TV*ozlVNrD-2_1^nbQ}>3THWS94i8DL98$leaEKID& z9CMO8Un%gtHiCCLmNkgX76`!ZuryN0W0Pi5QQM zv&!=3+P_L7VedGU5-N#fSIn6%$_dzKCzGY_DS+qL2}-ddcbi;`H=aih}a2)SD*hrJRG!j z8m)sNt>ZK?v?O?^!g|XSSx5OTBcm<*?rhS;$nW4e*Z(8>?Z1uGf$8&{hoK|cLLwUuyfL$*sf?;4e%8cb#7=Gm)k>`y z)W8xqIdp=Ck(W|nH_p)>rcK-fG&#b0ADH!631JD^mR+Q>kSC|PyyDfejxgVPPDjZ zR88mg#wZtqmkoGdCuX5OCYNoP;@1?Zj^Re-Z;^QK>}M;-{CE4%<-$I}i5@nNP^YK- ztV`6YPsF3H`R>ej&pBd;w9-o7nfylFDRx@z*GVXf16ydSQSU+FU_`DfhCvM2~>CXaf%L0@-rz)(0#;G7k?TTIPJ}(y?Z3 zYpXyjX)i-f4pDIS94{907#i9pijs0(tnt`=6yNURka=Uk8N8Re!i?`haBfNePxhYt z!`?kN^%aIV?J1Z}%Uqzj9vAf63No^?!U*PF650dHTWRi1GfyR3BA8m6@gKo0r$Dio zD5xcyt~a0KLXvP7$(3MfVC<)DA|F9!KjwA6*s<5jkEZV>mE~6biPct)BWX>82fpx` z$?K_fOPWS2iP6VYw5*rH_`(l`*-%WOPSO@Eh${etQJo z53djJQF1e1gPJT^8WvNV!I6IRYP6Cs?#O?9D8D&2^@xhECJO;JjsTd8JsxnL<=VYjBJ_~tdB5vXqbGv$C<|bEe89gZMPinFO9B$0=45XS?b?@wsO_KHa{UF3bEK7M}+J4cgTlcLaFM9pps z8qRZ^XNb8%20oiIpQDc;W&XRKpwUlc;T==V!FX~v=6HNc?JQOMM~c5Q^nLP(@2|(FRS!$t$y+}&HZF%egW?+on+5rubEJJNw>9QX zit<1cDid9VgXP{&65C}8*b&Np)-vyNI6B(zadhljzzYit znJy{@^&(z)YWu8 z1Acbxy$tqkTs=Jv>LVz4Y0P$Rc-H4Vv~l~4M}DXjLWpN1u;(a9tU49j4wyt9($>P7 za0wq;7(Sh5WqC{^bn^{(L2z$dUcU3&wXMC@*wiX3JlX9q+R_?Kn&4X3Y}Px>+1G_L z@vMf*-B|Np&x2Pi z^SQ|eA%dxnuFRqfk8+X@pZ>07_aAOpLwD^VDyHGuSO(O!AZ>nDZo6Dcq>82}fWKn& zC8FE3MUv?ngJ?giq1oDOR;9`shjMa^EU?$DoIHw-?-t^l1j*T_&hbD!&)w(J9{3S zbkPiwy^quH^U&Q9Bmoa&u$dMwVDlx?Jt@@2gMm2leM)!3baG4q0cvT<5@6cq{bR>J z8!2Ai0jRY`+)lsHx0o>UlGVGV637$k(;-7ELFRcyz7sfE7UO?M>(&dq+ii0?bW)Xs z%ATB)s`BC#J4R_o*VYFD%alR%@-oEmj_c;_F4jk^Vv*HDUqlIFb49f+X^5vMUtfKs zCQks$HkNpAG4RfPJV!xO0x45`qIf>8|rCUBU zJzfcipqibGmo z>6x%xMHw|B(-n_$GJfAl$==WTIcEo&p7hcS|4TO2A!Zv`Ec``VpW1M++n66?1Aq}l$UzI zlo9Q5dv1MC0&R4{)}kqUgecF}#c{7rrp?P7v!np$Ghz^rnNtnEsVoc00FSrZa!WloL%EK0aAaeyFeL+7(GlMd z>(osZcwW!eG+sgTE)zS8eK5(yTj~1jX_(Pm+m{KwxwJx12t{uz0wsFrv<8 zSBjg!@IL!`oRozWg~-lB?;#ZDr!?OopU_oK z?qqD1W*>ik`*pjzk(YPjK#CYQ&s+K+xd$9>cT?|dxG3_1e4iK;qcXm|r9h=S8%Q^^ zQ$Z#mL|wS-(u;y3lIORnN?TT%1MI~`5?x$heqj9Ugp|oF?U&QvV~ZhT%Y*1b3(WM9*u9$(%VOd9{IYoGr%*Je1PiI)JVIhaCjZ zRX84Ej@?aTV@HJI*0(b+G!V^bRWAtXK3;PUXqt)OSj?ts@pFoVMzWPrEOP{TyJWux z<2=3bq5PojHUFZ#@g^z^9BF|8)EnU{H&$cY?=k^+4IynhWkA{wSe%1z@yaNs0QS=s zgtvH!S#$ytkfZfg?y~aq%tBmFJ#m)VJfTA4i;TGZ1ilh$$@w@Vv3r#++;WV)jR~QW zMAk!oB$bSno_C70m}b>2J*KM^ z6gtR-K(67%ZH7rdlErs_+{3*^#3;p+{Y2`VB2z@J~AsUmqK_Oo(?=2q~z8O=TL@e{ljW^{ju6zyPFda z=-RGzRM_kD>{~9JPQNKf7=N~@l9a~eV{N})G7-z-n17tyy_?w=h{dPhGPB9H3d&$U z+I>lSm*C;pS0^7+WQzyBRPlsGTVsx&Ms+s6sOi}WCOex|t*Q@Uepgy@en!;-!DH~5 z1emlmTHxGH?k)v34sM^1`H8+otvN*~Q0{q|@snVi%FkNxyqzH-yS@zS%~1~-@#B1< zDYKA>-js|yyS=HYtEp*AmE(&iKPK2vT3qZ(nu(!yRUW9Hv|HfeaW@1Z-!YFTdKUa} z%p_qY4zX7$l+Gi;ET7M-59!V9eAPlh098G5?dtb**7%Z!37TvpOq46;bia| ze*`KGj|m1MIG@i9H6YkBSmodNI)S|G4wzEkJ^_+qpJWDEJSkWH7NZ%l5=%=fU%O)L z+v%}6NrR(7;A)>nmKb#gKCGDlU6pUsWDN^H#}cFOdDjZlzIK5aZ& zHCKmW6xDZrz;WQWRb+gF{rstl1*16YJI9e_Rnjtu%v=%vH+$b&67W^Nmok_@K6cS0 zDpA%66CB7#$b2N#dH$Th_$gp(U~QcE3T5agC?zkN&-NWU{bA@Ae_MLl_pObG~+hsapmGCO(!uR6V zEvZ<^3g}?~FRU@~JWZjEZP(~+a3j`?B_yR3H9OW2x9(qMs&ii3Kf`?;Z4X%#pkQdz z#L=uE-uO&Y(2YNEnFZa)dQ<%A$Ws+ImG1fyXaaP(_9{+Zn?hS&Rz`!u^++;H%60G} zi|ncuBNvBM6^AU&onU1vpq>XX2^X;P>T>@XYOSOmE@=z)@v#c1fx9A0oC>!+8@bcL zh3kbahIT_A0qOgNy7D>+uLdMi;-Z4e2gWxRy+7kx&J93<_tpJ9QcD6w@486uMYO9p zi?a4!I~b^)H63#IJ}ZrZi28b_5Hz=X&|Gwul}6ZcEQpK@)0q({QN+3YzGQ>5uolI; zz>@BrR59zeFFMHs1MiwB3Bie&N28`Bt7FBuNA2sTtKIeo;)!@*a)tu}THE#nE%oTD z^V?zf9*%qg=22A3f4dXevAx;U1<0B7jpz{_m#me3UVWcdyltjWC4>{z^^T26%b##? zQ1i-%Gr7PC{qTqQMfdWc&1aU@A@!=NnzFT4YYn1)2kUkN@5sdEUWZq{;VCzOn-J7Z zfd_9`x9s(oBmB{iLzDWhZTu1r zFCOL-y&N-b3vo`8s@0iOWM^Qc)Ru19B+$A72t!=X^Fw+%Yn-nVj3cjFW&m}Y&w0y8 z@ECn%c*K`r?h}R!ZZl;8`;AHd%5?)2UbP5Y0@0!%HN9YsR88H zj3+dR?wKsch&0c)?UW!5ZbM+pR2-cS&@E!ExUtU4if`9%1v&bhpO{{rA8{6*y>8nJ z;6S*>ijM<`Xc!YM1nLnUMvp5*Qlp>R7j8X>M^$ePzm7||f1oC|=9T7g7AN4^bzoC5 zY1MdEY5)a1KNGX&xohk>Uq7#(Y;e1@emg60Cc#rAlw;gW1#0A=6|8x!`J!eeT#iIc zG>QBX8*K|6c$93OB;cZvQ@f1Fa~8_f|L#6(F#vbvP-N!Tpy*aY9cLe+tWhv;9`K}F z?dwp=;j&`@Dt~9>@;ni!J!`X+cFR+>c`GI$9J+!ei;>ui*xBF?U?di{Q(d8J5ot~O z{cS#zw)kJJIOThfUUkjk;EDvACzc84eUZV|lOC3bJ$PB5~E7|n0O3OUyibBVnahW9PtU0k(9T1XNP#u4|j(~m?fZtd8l{HV*=>9 zB}P>HVH^>&fs;HwJDs*&Z{{rUQjDBJNuZsexQD_vJhjs1w7LLNl^UN9@4JU_G4f@*3Tpx4j<@DrxP47bTU{yxTNws|KqumD{z<|k%b?r1I9~hxJ zQ5m49nr0;b@e<>j28CwW3B+MGbKm3M#%Cg2Lb2~T0^+N!=c;S&Mxv7zp5INqGVfXU zN6hm=G;wuo^#>}6Q#qyv!H3-Ke6Cgs+_HI}Gwlf=uOR+&!|a*mq9Cgik@f^{H0)gj z`G?^fgpgno2__fQWb@(!ji)iUCAl`O#^b2c1Jp!MzLPKbgnj=;E@C&XqV=4C+Da|U z>YI3*PdqvS)LhvnrMIYhk56U8Z@}9+TuV)CDvu#HmOyE?yqv)#+&NRk5mi^pgo=^_ zdbeVuJFQ=aF0?5y5WY^9AQM@e90Ksl%6d&#C{WD~Yv=&%r|im3oS*OSQL2YqX8~z$ zr5-XP0ttr#o{63xjHoczkLMkYFJroD)6_ifWKn{1YTbQgIZxh~6s~Yf@|Nc_spT*2 z?RH!BDyb4vfCL~}7PEIbO;q~t8^Uw!U-b!FZ_~a!vagmno?0co_7aPhY{wZ_@sc92 zOaN9#l@!{_@! z@5JRBE3_}tjaAO>nB7*n@JTyu?EC(1=d2|4fegx$aX>y|*CY zB4LlPM`ZV{4ps#Q5`tMlr<~4yFh@YVHZiS_sMq#+9cq~poOgTj*y+9Rv3cbH z5f#MD<3X#9T~idM6s~%8mRW+9tn_=D;~3|szxZIh)6L#ZsJ5V|`1&Pv^Zt33{G$bh z3$*mrUgf;GICioMl>;P^e{rC~$)tsOV#%v+HzOW4>*f6GS~+pT+-bfp-eVq53%$iED*HiSO<`uP73q0S-@QLadaXehiT+m(mO+9swlx-7VU*zTzS6ZV+41n7%%G!D9_i!TY8g|#0 zsCw}FN32aw&dv>TYzivil13Jedm4W3ThQQF`y?Pq0E@k$w{4wEALqO^EqjQq)y&un z#skk>dIA~vnE6b-hu0%*nZ%ez-Vobn$dsd=WmPzP?DhE;qvy2CLsl!(46i5e7I)C} zvd}5f-U{n&wyO9&sR`0@LWN}ePXE6$+Fi7yiq)S7B2z9w6ZCy{QW?9Hm z!`^9$=Jgi)YD~TuI?oPgAbt%Bj-i6?oM_6XR;ff4zNSzLeCZB$m3xwX60B z3-pGwA}sY0%qWYvcDB~~xW7Gs2pyuDUE&bJx#nW*ejwhN5eoMSEGD5oRL^B?@aIsw zoOuB(1zn$?12Q-5;?|g=Xzp89oGJH3T)_*k%%92|vC7~Mue_MDOKu+pYN6c;j>^?C zdvNFL&j$Jhou`^!X*rGu>0Tak=~p4UA%cny)-&o;V8@LZ4kC{0=K}!>{NS9il zA&;TaN8;aSE`A-G6U#FW59&Id2UM)74S}3qpMQToOUIYtC0}Q?TQk3HO%-x~U?`=x z&jYuMqUcjqiLV`1Sj<3v_;dYke(Pl&;SZdlJcWLbVP)1s1y@<-we&{&|8-Nn_Oqdi^}c1kXLvk zkrgHq3p;XzBVaH~3%m1aTmG~Qnx%~2wr-+1Z-bCM_xFqtwJ(k^uGfxamF%;HUR7+h zib=O;7pa_xhUG)kDHwZu{66Zvp^DRB9?!CtH(pb`}0L<<0ZZ4w&j-0`2Oo&U7qU$SKh1@rqv3Eix{85 zoX%Wh6R+55NE%Y={FZGrd4K)DgP@$^<<;|!Ft3ZNIavL&kLI_YZ%+6!&y_jIzD<6M4;=7&B6X_IP*i*UsMR-h?wuFC%=j31{F^shjlVZ9)KZ|sY)L(w}-t<@S|aBp!h8vNE%3R^HYh5QSbld z9gXkXa6V!c3piQ+qn!ST1rzUJev8ePoBy}NDL;SllK{q6xNjIt{cA0n4BPc5*m{bv zUgduhz#oVExm08bS_!V|di-vSe|@5%h|!u(9AxkJRK#C}4}k>a7&WxDCT9Fb%s)%F zwBuem6%c5^3I! zi`FC7WmS8X6H~`i8^ZoRnbFBco|I)p<=T&ZGV>INMntFf?VC1hy4BA|TuD|^PSN#@ zBVLk{NL84ygHI-}uKM0x$x;zSw?X7!0F(~;HaU7j=z;Qf{{!0P30v4f`p#xe{@OrA zN|c#DFjewZysFk_L%xg8ZT>X8wdq~MCrck!I(F;CPcwGU&Q@LO2YUyTK94wU+Uaqz zf{m1{9M7vNMw%(BL%|w`d zF16y@c&T5=vyJTDW=rIM?CE`ru$yFpJ{Tp-;G zzP?!7X)}LYucM~MxFUB%+WqQ`o*06STwBpCpdE$_!?DotUDST^=SY>vsm~r?B;L(C`vnXN6EPq$c50!`_qWIV zcX<`ZRSf3!VQI4b^40(I@B8OJFt0@Y@zTHJl@KWguWpdCJ^an&{w#Qs!TH}%eoEs1 zNcR7GQVBd2`tk<<=VA)HiSyvW1G6Wps;aN3#T*xMoh1z4aj<`|6YEeP$rI87KKP~g z&ZIZ~6YRQu3A>qsKUR7x7U`$5GQv+-a5zkPIVP^Ov>8yXpFoV(($}}^ZQaVrQMRw$ zDXtWV2AbP$^fzZ6(BCbCLRs_PvIyjUbp1JwKlppH{>QUjB^_r<{NTP`&sIdrAWJX(#qn+ z6@pQ8_aD61w%_=u(cwdyYpOcgWNWV1;^A&H+rV~%QBWu)yAxUi~>!4HlDL=yRmj1oj13|Z`=jKh#hh4#gC&;$M*?+;Bc~Lr-7d8ho8HEUQBLnU zx4TqR?2|%Dz6CjM6w_!UO>*If!%=;jm z@<}_pEqtxKA>qCj#rYn#*vFO`Wu4s(FKeu(YEP#q0ZX1WocqgRU0tSmSpAOI%rFHW zDg^O)YB$L9Rql)3Ys*A$F%k!C7i4EU%j+Gq27R5Lrkfx(xae5eNdaDD3rr*5v=1mb z#Q|@|kW_ih+^6%O<^*(l`RO(71loY~WO07=Lf=|2a zTy=;XiA)9X{NnkR?_)68X~lcILF*4CV|+@Pp{{1ed-h5W`$+?)OC#z_%3n<*TN}!q z&ri$ErWTz~k)H(3Rk2h0FQWy4XZ#mPZI`^W%56s4fa-THPK&2C&V^2kJM)^?biy2L zpR}Emhy$JzSJFJuz5v$!l0s@7{IUKsR)8C7f5sVHDp->GV0{H@$BkpvR6+LA!|*n~ zT64#8`k<`q8xzIV1r3ex!DhW{%akuyS5&;e++{k1Ja;sdgQ^}bH31~h2YWlC>8wk zTHf~sPi(>C*!Lob1-xOSVpbtmHR1P}MnX`NEAMRtzg%O6h&gFryBS7l z!bz1+2sc;=3Nh(s04Nk&uN->b=F*D8dP%hBQD>R zpQcipR&5Q67uli~9^KDHd{)RHy{npL+bijT1_@Xi`%U*G1DovkH0?I9Vg#0$Zw2ZD z9D74ktBaXU(m3(-K_YKW+ix$z0z2;|l>JQw5v>|*@9$%Uug8!1{W*DUqMZA<(O6hA zSc>wp+SokE+hJo<4y}!83&?`<^(jiz&Uoea4$gZZzg9)(2Tu8ZVk)0?we-nv-=>w5 zlgr2jMWuyR!zJb+I%$J_cbSr29-ghM3W~ls(1TMRPnEm(jenx(KuF8zIl+nMm+dYr z8n26VJMj?wnp^W=z{F$Q5<|~D|E%{AkipRyPaWh_NtNP`x-Bln(}dznBWS`Ldp*LB zZl_hnrq*4Bm%7mdJgE&03;XX4Fup$NtUI0<8w<;mMBVRP*xUK2N>l3i=~eH;;;Xc@ zQ?_0py@u7#0uI9za1INLYPy31xFrY4-{^}pkXcbi>t*b*PhImrj@?Z^2;BX?&LXt z(RS)?*M8M==4Q#oyQ9fQ*qcuhzfcq<3nm~AmEorS6CX0tu*Q8>53Kqf2uNTKt*ZMd z67z1=FTl$s-qUo_jYH5>HS>GnX$M*9*aYdD;fL5HlFJ`=T3Z|mQ8UgtoaYWPcIWpU zr|7!W-`&b|9kvC`cs);-iW=7V8K3-R3nnWp8s=AT^5RsxO72I_f?o4V3@Kb4j5O1= z!VFMc2J3J#>8PQ+K(cnei#P(t$LY@83q7=(2$^qJ2$^S9&`%#65O4;7rcE|ZK*TxS zF;$pV)ydfkzpgA<%xTSTl6TXwGWrpq)R^jBt;2QJfd!{1RWS!TDG9F2hAIw~N9zWE z^HM!Lt{jXij6z`fyd!puUP44f5JeNep{-Mly&PKuJ}NWe&b{$(Y7isC*wCpKHogFb zZ;d-7Fq{UpG=2eRVBNsHcje3WXGwqcZnQ-Fz`K`g9<5)P7@-kUnN_}j1AzD3SL772 zCtaVJ>dI5x{YlA~EDp!PbN$H!*8CehNuQuIvjVU@X6RE`>K@6&i$V6LQEM&;N(C|H17gknzL&n_T|;9us^_?!yUR z+F<70-|^$WM*0N%6Y{_Q{W13c`nzF@86)w0c#-~}9tHI}&V$Hl6V8^77FIEZhx4#= zvD13%w?^zMf+dDj7G7tYf{Im!8aKxk)fSAO#G{lKb5{h7D%@~BUU+P;DbW*F4!eDG z)rWBa7#Wr<7V{>0>Q~mhk82qBrzj-dBICb&zjzSZ*+xnB_9L@@+3+1(LW$kJfT!M? z4!5QCDb$luLtXp{+==rm{wgE4#A1z7>x{;I4<1etPOK?PfwFlN^&m}(8uQg!4W+$r ziMXG9$#9E{zrNv?+S`+vKap{BsrhOsnij=(bc?Je!g})Go8tcm8)i?Q- z|4Fs2UJZo7U>aH@;UP+YdWr&bI54=lN-f9I+)HVE%0Cq3@$?5yek3uf<^5yn3LN7X z8`ts)*H(W|c$wSvrjsJ1bKzzg`vqTY-I~~OrI19rfI)$4JMh&K%k=bg9v1fBK0&+d zG^0_=DT!~5Tw|2`(!*9Bx&~-nZq|3ZimlyWneyG)uUjJvNbeppbdTBaXNW!6mM|P2 zDuYfl#JXj+VBX_=u)6kCdeBf!kcQ!Lll{eUZfVNd=+KZd{o5r||3N|hQeoox?VWCK zF<0G;OOHfA8eihdNoE3*oblqn|XhD=IXVS`!)v|MF`dWBi=R zY@Nq{S-@A3EBCFACSb7Jx28SJQ|_B9eJU#AzrnQVb&uZdmYDV2+H87=59%Zv z$=FjSiF^n<_$UuFqq*lo&@)`QNaNVSx)OWx5Ih?S9>Am8&f3@{YG_iC;^U6|k_>Ki zOXx8d4jXl(|IFFX?6Qliry3} zn|VGeNA+d)P~np&xX%7V1w2%5l3x{5w>ZVc8j!{{@_m=}CEQ2Hq7)6zwzTRT)g8Ni zotXPa$Yt~l4Gr~bJychz0e3e8c0Om<*Uv26+P?Yi=Ru0ENQ}#~>Dkfy6J9)`u-ZEy z5Qu<#@5i0=b`rRtsnVZIS;P4X#*ZNunK_r~+zD;IDoRGKn`M#@VcR zhsS3bU|XzxZ@K(5xRQP#j|G1DGUG-qKt!Zb*8FZ5-(Q*a_d-8%(l@M^eg}=*5>UGSBU%WIB;7e}$b;kwJgZ}&;U@pfKEIHD8Zg-S{dn`wdB~gKW770a_>w9! zk$*$J|3*OzOx7la?StLly^No!Zp^P!Kg6lNHb?4{(m?t5dji+lTJzNGZ^S(q_lzD? z!{2kiI-~y+J2>!uve+l+T1Eok?3mr$gR869{iTN)Ap1FxhUg^t6{zhtk>|e*n8IGpxhMeXC@jN&!Hj)PB!{E0K*-ZFZdu#z6g6iXp+KU&$^2$@Ie^U8-37pY} zgz%h?|E;$l*D{J%q&6mEZ94}2#U7d7F8zPFdds+|y0(2-K@gA-=^T{{89JoffDuqa zP=@Z3?q)!wV^F$FN``J2I)-lP8iwv>=y$lD=YD?o|NX?rJ*>UgI*&Tf^&h2UN(Czk z3!eQb_CFnnfk3~Vr%qQCg;PbNHj*_q-et^1Rw7sMJ_P%#_Uw)S-<*hHsr$tT6#x29 zU$cLjv{H;SPGRh`pHCJ7qTfJeg#Pox|7S)0Bc+>x55&Ak!`=iL=@V$HQcDnhycIJl zzKq-pSJF9$)yppWEj-mP_)}D^k|UP%2T9};D<)VII7~TN`LXeTkrX5;iBqb z@379EI*g+6HZYNJ6Du_&@_!zYgO}f|8ybEsqi;?&oRD*uW{Y{^Y0KrlpPYj`-uUF? zteODPo4$9dpK-AtijG)YTl;6`v!Nc4Eio|uMTP#|MIt5zf()uPc|x05jV#;hScqRU zFICqcLu&+ruF}n)WC#BJ;jAUvrU0d;Bu>zxn)!67Zn?>*IYa5=sGvYSPu)hT`f4x< zOs4BRS2}FYcl7%EW3)|dQ>?5bpFSe!?urLVLikfJ4sxVQjacW z9@d%;Bn@MVr(A2>QU!Z}f;tkTV}r%h0Ar;KDd)_Md51mn|%& z=(~^H`dj$U(a|w}v4>$u?%DecQ9R{IenG)NUZXBGke^!Un>Q^tby9VK>jg<%Nlg>XtoP%hj0CMvagTdI>agQmiwK>WLA2%7T1kv(Wu$p5J%j2VD{k50Y zW6W!+8~=HsFCv-K-92)u#1^uGF{egL)T^hlkX-|GFsZ>@?cux2uaA$`dUGE*bxyt> z5+}21Je?@*<7(&#^?YtyoOB#GS!&SUmJOApjg-9H;Bh}P*80$B$!sC8IHb=?*V~K< zSNzbjsblU>e9giK;4o1ak;y1|gkF$3>>xvywi7>ze)VZ)59gEKD%BQ(sIRBgZrhsB78Dqi5VOJ`Tkt;{z%Mmk+9q6$ zDo*ki46buBNQefgt`W*T!;I4vvYrIWSjnaA@leJhH*XRsmT!Gd4t4}?*QgpjXO~t@ zVmSciKQ%a%+Cnd=j+tz@bw>D@`NZd-kL)A+TwZ3GeJ+YY|V zQJ*x|uKA;=8x~yNuEVmkO_NRZBvagkjh{-nu5j!NGqjX2`S-&LSN7YFON`T|uRfJ{ zYNn-iy>lt6?Ytg!_`NAyLMb`Tx21_OZXx)kRy_-tc@0TPNtZ%Qav1F(pA9QnP-ymY zbmGdm|MTyXuU`Tfegv>KU`4SOE!0`oJVsQ_ojpn+f{oYBrzz!lm0#a9Y!CfIq%<^k z6nk_o%oT09;^B3E4j1=P2PrAgOL05*_p-*O=P8+(j^$1=E<&fB3Lr^?Lk$Gn6mh3R zx(z#N^c5C2qMl9~jfdy8Y1KlA;!%$TKtptLm%@(P$gf z<@beEBTW%g&ipb#z8)F#Fh9FG58pE;>&($(YRZ~ihwsxV~ zJ1q#{_}KxXn%LPE@}<8yL65B_Z+*V!&`!$3U6>LT6%ij19oWDDjV5BEkH5@YuNxjj z?oGxU@lJE)74kr%C2}p~Q}ZlFg$tzCEfUhNc!`v5v}Jjl(|$NJ3$aIAY9DbN6G&}` zPMefo@kzYP(q~92)joMxUkh2ckJ;Gvi8!YPD+KeDb4w`?cpCi}zmM)# zLhSls{Sh|>%O{lm^#^dlF@I`$p8fm~G^g!8jiR&|Z6sKvX9nde6uM=c96MW^`l3m4 zY~(c?A zzXF9jm#L2Xdf8oeH?I@ASWpXpRjrrsF z5#xG7Rr`n9JsfxB6)~>i(TA}ZQH*zC{~0nk#v^rZM4NV5hw(Ng@VDh{zM6(?!)nY5 zji&KV3b9J9a$=tU2RQlpyja>dRxh?CfzAdp0ylUT^vsey=mkmy^%2l4+k~Q1*L_rx zJ*RZ>rdA}K4q0TP9@Q4d=R(#8lQw&JPbh1Wvbd)L0WV;DG%R3YOPpn)w#txm$py-i z#Ap5W-;YfvW{X>H94u$?ota0MJHy(q7VmEJQ#8ws<`NN<>Z#9(Y~9|W&uW?(l-DxdZkDNngz*!14#{ULv z|3)dEMPU6$7GilGrM_l8_pI&hY?*6<^>}N&&uK1x3U6!NDbFK#l#D@*lZmGq?&bI| zWW1j~PfOZo7jMt(x@gSaTfUBQh}U+IoBL-gD~yXk58X!9))7J`#+s`9_0WEu($Z%a zME-408>8TJUCY%>>Uwq(wTRE5%#NRn(;-%w5JPf$99*{&KYL7#V+z=7JWjW$uW$At zQYqeN(<%l@5lS>k$;s`mO~SrEec{cV&0EnHOXfDe}te zz#l-E4T44?b<@<21V9W>`q2NL6ePp&H+5?Y9_JvdrI%6 zxO1sboH`8Tch;ruF1}ky9iA`>ZSPMOT%V-a#Ut%+>JvUL*Gf&e7snh|PBW>-&EKqY zL-1Kr?A})HI7-F*j9JH&8KUOvRqpl_5yxeIGm>@TZ{zv-;8O=j?MibMwcAD%!#*D1 z4vlC>AEKVfMT&0aoBymElDzr>^*PB7IHG*{|D=yHK#!_VS3Jmde*PaJ!F}xq`#eyR zm>Y)Fd`uv%+AFilFu6JKilBA8p~3OQt($km{*wDpg>e}%ZkSR+M9s~15_Gy@w?hp5 zY=_498>9iubMvl?^9AIHl0rDQ_ol+b zfXy^aw$44Onfm`aO$zYt8ZhlXhz`d_3`I{yBHdIrV%UxKD@P71zO(*jqt=Ax6@xY;gu&a5VE z!3{Y~#jA+EEv`i)8N9NMV=a%S9@^Aa}xYtw$b`+pZD>ISn!Xu51q6g^={b2HRdfEJV&KQNvbzqSX%Gx1XROyu=FI6`^o zO)e*Dnkb5!Z!cTaOeRJZ=2Kl4Xp}|k1sKQ7($C@Roj};4>wv&yha>qfuGgOy=S4#0 zMhDU)#CqR83|=16kibNzk>2~Bdgu|T4|yE79;44S3P82T9s9|PJ~{M$Ta%cjxtsb@ z3{r&nknDR*Hneq8>CsbU{Sf0G{D15Ok9#>N&HgjT|5gU-lSj&R+MY_5=v43ANPbI! zii3BgH9Zr1V)`!DQ?`?H<6yxZY6JikKFP)jj+T#-6?Q__yLjnMe?&Mm zEVm!dRJjL{y1-lGk{ZskkSY(U1^mr%u3CxcOf?l9H^;w{8(Fy={!wrIlVN^|kh&#} zg-G3ODzz)<9{tJ(!cmc8ZTNyXl$N4`CoP#)?=BFu?j>%W?1u1wCserPVBvI+aICO` zB3Q$EC{K((@J{mRC-g@Re3f%VG)mxH@+6a_leH9<9Q2n_o;Okp| zl0S)TSjRqQ^^lf&SDNs=tGxzpwmab1W61-*{Cw>?2NShn70I^5$Q_g5fSqM%Jm5*s zdDD3#a=_NdafQ!juJ$|Df!^JvdQ6L^kJUz*&&?&*KS|}2E|jvZAuppD{O4P{DZFik_&;T&k*URsUgZBuaO#g1ykrM4Pba+S0dwm=-nmm|fxByA&0{dAs*N4<{S3_WIXtBrT)q|$irGe&i?wdwWWAp-VAErVr!uB!yxR$pQR$@CmRXA<6Ul5D}yVxg1kLB4WPe zp6YsR<{)vn-QK)ml@*5_PFX!#kF!o8OD`z3kwE1BBb-~u*O*XHzw=>-(uYxzo`Z<> zaj494BsK5Lwe~d{@L1+Q9R}9j-kECer$2~uoaHrbUkXKw*3~(<)Azzo0R+-%MCGM~9p9hguz&=~dK6i>UMczfcjfKG zk2%K-@DN}5zj4aS%#WrDTsw20D(_7b&ed`)nu;ZUyVY0^l^#Q^qyQ>NJv~z8lp>XE zxA2sTwoB)O9LId=tR;^GEJfQunx1Tx=ZD&F0>99wkC!dbt6G{3rqDDdj)opZ6f{}c zywQ||Z3i6@FjE0?i7Wi@RCQGr>I|P0iq!CbJVw%s02`D$%CLERC0!WLFkfH8PPxK8 zaKNJc-rWIZ>U~p_fJ*X82<`XqO%pnAd93i3JaxstbDpzi?%DBFslhw(vlFP+N~Z4| zW?`~AU!Hr-*&{kVjU(QZ`vPCs?^N$t$gd)i(?lPdZgy>{(gxt}$5?SOKspWer#1zA zRWVi+ru))?YCmR2(PY>a*|zVYt*)JemASy z?kE0$>*vKoLClQFF7!^rZ&X48NBd(xg13<1!u{yG>JKHjpr|+Hn;}Z=k@(P_5CBpl%ynNWy(Sv zer>jkEh|6x+*H$aT4ev{bzHEOWSg39uQNu_l07V5+F|3))idG@{!a2lioCEkzH!II ze(UwuusQ6Vd4~#icY^=c>41uu!);mn|2~^{kq_9aREe#F({~0W>i$T~9euDg=U0Fm z+7z;G7B`eI^Cz1y_BMWZ?9{sr{%)7Rxq7y7bjIW9W$iZ2TRoVD=wW#&A&*e09$cE$ zlg#SdY)U<1Gp;vcDdsT(Y2@}SPg$WF7H@3ktiEqHf|HP5-qNsR-Ros4&??=gitOQ= zp3Wq%rU?d0ms&NA*fc~-KY)7(qh6?f0MTBnR7za!RM;22nb>YeLce6@DRjCg9vBH3 z#y}P^FpFR;{;+xLPhnP-VcE%#^YOCC7m))B`aK>2R?2NoM)Y4pa*pgEZ+nz{ zp1EGhJj5HjI9^API8btGc4YpBQRhqj_omW$HcacQv#gSVr$+U#Yj|(e@qA3>9=X*s z`F@Yo@e%1do^!DGi;()#vRw-g3WP~;EGj?C z$``u_C`q1Rq;t;o(Uk);wW{ml#h`1~z&o(xQ;0e(Un4q5>e@iRMn^sJCl!(rv1U&ixrVhNd;5-`xsxFemaw1TfO2FDZ(w#<-nGS-8(}OJqGTj$anA zoOrY-{d@eznT0*J@LzFegY#h$!%W)e0VUc66Z(}CLC4Pf1cD#IeKHU$DmDNwCQMpX zSZSz_SHe!JO|1L<3lW-(3eo7e?-+XPNW_ls&j`lvQNGD3anpVMSE+B9(52*1^Zjh!E---%yd zY5Hl`_ERe_L)mXfy{0J=`7nLY*Pv^CqD|t?d@as;z0X5C zbGz1yq#z5;_`>XaG`0hLn3Ost822+s<7TsTaWo3a&K}}xP+BD=y+0FRQxF5(%A&ntF&9T+a2$d1O+e-aw12? z)9$X13tnD!U#{tn$Y%66bS{?T%^3DRvjD@gPg7+~RseLYxUp-Qy%* zLYEnti&Lq)V<|tK0DGI(z?TOYQW-qqU)=w4@E*J;FeZK!lC=;1LQf#(Lgo@Au)Obc z-tb-g-0TmJU{> zR@r$aKAvH4y&ERJj6V_Z@3KF5I8hs+pq)UNR4i-R4rZTZ@OGM!qldU_2zdP994qCN zpVCKmw1){-8nn~>!dqkcH)Vw_hdBuSewV<5{&|R7OlTNiVncGyY5jVe64(1e>y*(C zFh5&Nb1i9ns9r2oNJAIyy81zp#bhvM#_l#G!v2P%yhZQdRD?WfMjCp|niH8DP-Flr zYMwNuAUXXKMg%rh`a^^vu;ZhjLln@e&2>lnCArsHW}c?ug6$Q;6*cd3-qVKf3r_2A zzHXkOpO{r_8TUjBP1zS%D_)Jn3j}7LSqJ+RQ*)^N(DlqVH&i8YDeufwUiN<*#@Y2kiA8ppD1yaz7!MWWz9~UOyR7F(lcL z;pRjGBuWh2X&^RgL^tkxb8ACxPF4Iu{w_V1LboRD|5evx$P-j`BTumP7)x#opwa~c zmEZ;a=@=f((rfwcTj+~}w%!AVeK%0$g4j-JdsZ|1dsb9IUYaJ5<#wmOKe9On2Q>Y& z{p6e5uRtOdaP!l`-t?OtGZlj#a`S)T;RZJrq^Xg44sB;iZDx(y8el*&2l4-iCixb8 z;~3)wi@r)Ntj4XNf?BVwlvN>@Rq5KPRk4=AvM3=T!5|!knKtw2vM%EkZ>M*{4kfo1 zh|4hl6^tuLXnh|v*j+Ddpp(WT%y%d2o&ihHD8D|?vDh{(;(3zv%i^i=4Iv$O0B7~{ zJ8GBRe=^k|*y!J}Rd|G4SXOIggSfBYX8J8{EvAJQ+inHJTA))^<=g2ci^koBS#yan z^MOfhgK^z$p`cQa?4F)x4jNM&EmP-AnxC=rby#)^bSiTC= zQzqi0d{+0Xuf4A8h$vtx(JYNdO2zl);+_{Mc?W5cYk?^!9YOT=@0X(2es*PtgJ0$j z_Cfy|ZUO1edru6x^MbN510F84!f@qL zqKbMGaFb%DWDj@eq|u{m_j6&fL>J7qt0%%V7f zL?Dhg*c1yY_mrl^OHSr)Mz7AjB&^R8J`D*(X6MQ1Zp~pRNSo@#@8gIs!b82ERyY53 z|9anKOw4p$qRXoLFDEb9Y?93jkIauZD#q?|IR}~`dE8J)xKYHG3tzQd;RekqyEOsg z=GVIZh{LM7=Go2bd%acPpwQX7bD;6Tmx}*A1R3m?;+hY2oFp>OrR;<+=9Q zD)PbQWlS7>khtW2Ix7OZiOZ}!KF?>+#RihV&`uT@*ljC5&GQDMk$ArEdy`8E@Z2d= zp$V>Hq%($J&F@EUqYkgmu7Cb?M%O_+(z>=In%8AKq?DjsH8CGahH{l|Bsd*Z*Kg-9 z+-u{*oOG!i(qgv{o$p03zjD%yJBqv2*)qdVh6~)26BHp)Zlrmda~KTFzzDfMJith! zUCfli#k!56lqJpE>bgHhaLZF(I-X<}6bB8(UB;vRW z#ZN6K@Jwlb<)wN2$vQ`_!ZB!Z*(wMG@UG0dK=hyF4L#cN_B<77Qd5)VN0F|?uzr5?3vSh4ea$6Y?5%>yhfOWT%qtwo^ib2ixA3qy&4;xxvF2zMPAnIw5&du zrg2z^m}NOJWms39#g%_ppBd?e0(T?7qTj6d`Fz+~gZuGXEzN_mqf${Cy!F+8wI)m% zCZqZb5csAxazy<8B4&N~xv$3>PId7JujeG_Nr13qnG~44^ieCHRzu8jF}*)6$Ir>6 zESpv%YXe6|MH=C@3GpOR$sc)>86ATP2S#5rC>|O4{;UoeK@8F^xX+XZ@Cvwh{nOW> zEt?k;t41+-qJ$&H18KF%m&seJfTH`c~cj#h=U}_0?cC zam;Jsdz#T0x*L9jTy%+a;Xr-5&a#j0z~ojWl=H$fRhqn)$pj!xrW-lMnbUWWUtckh_|BSIg(US>m3G`uei@{#(ny;xfGbQ$~o^AaQa02I1xol#v8_K*AS z36&=NskBj7+vSk=o}-bt5`cS$WU|)KzsYKjdgRt=b>Bb|hoqBf@Mi3I*0x!~>%3u+ z=)Ml29!N%zk(t~+-75yWOTdH<#g!Ih%Pm?k3MPX%SZmFR4voQz56U?6p@ z@~_Y3r6dcE7u~k<{?{z^V_pgs-P-u7)t*(<*cCb3yMnCLqVAoXV(F?tTabaoJ%YHh znalpT(#-z;de%?zen)ahv+$&cYS#4YiT89tn)A2K^eY8V`S>$~#>&o1c;~XaSLAO4 zPE9@RNt553b5L}F)MV{mn`4;+WULl#yh=K#*=Qx+S=*Fw%%5X?+OcTz`$!?@Sorsg zNJJkkv$09J5BDG{&*55J!W2as7rS{_VL#^PrPMv!ryiQ!H(FMYr2Zd^-e_9mluDWtJ^P7)|65;rh05oT2Y|MA3uo%kcko2_Srv+A05$6%~;U^IvGNC zg`(dVm-&b&a1gyh*iJ+4rX5_>0mi6pj0uYg_hdluhW8|n)U>8r0>Kj#!{Z5xK>E5M zRsnMoYxi2pu*#*w3G<>z6Y;P6k9WT*JOgV_)LU1&?6sOyA4W&y{xrKYx^jKQ$Kf+a zI6PD1dBivTSdl@U&Qz(qg+Ocu;8H7fxsmhO=>WI(t@!wG#DbJ=8hV9@`g)Ho zxz*1$kh+702sIx;I2g>DXfby}pC}o}jtS9~6c>g`e_?%a)7Q!Wc0u`|+E<7ixPWQU zzL54B>5k^p59zLy?e%*Wwb=v4$`U>(SD!?EvAACb^!fb&fzaH=dtni!sh&pHOfq+m z7pJDpF^I7FMeal6)Vn70U=dfDl=U}W9N$$&54#2#ntL!ogpNT1`3nA9%rzg&`!TGI z9~)2uEJz)ZmD3It*{uh?@0;LqokPdxOyzKT@FNw-??Kd0TaSJIKTa_#?=zb5V%(4n zk6+JUe{B0@Hq-7*QoWXYGeeyV_VTf4FLFIhxcM#U%*!6&R&_Sp`Yq}qg@3W1-8JRS z`3A^m%-dP)S9OW|*Oxl#&i|ax0nP`GTTX*^N4>J>dp&Ua92}eg*cbFo&SLrl-?`?2W@`}4*^rK}__qidAnAWDCcR324sN4lNdAXzK z_kE})C51Jtw8HbWqb=j340O-rUST zT?>+)1{S8^#k|zt^`@U%yNwBrrF&1crCg{WN40(V?39fGe?fL_)_?T-mB`9o!#**l zFD{_K=K3poSb5|r#xENpfswpPv3lGR7Fe~EetVL4&_Sluu{d$>>gb+iQ3VvJ=26lX z+#5LtYyF93BeIg^X&4$*>x1aiJu6R;^0{VAjO-7>bzk&8CxY3(ZC9vws1@6*WfI(Q z3ReEW=+OP*P_m!|{w5FEDUZ%gwh3L8zCc{E-TQAag=fR0iY2R}&OrtH46z zVClFA&EFwXqqJYAGICznR!P%u(Z5y;maqNXOb)w?OjM^Lw*9kR?(>!rYta%rJ;cZ{ zbz&p_8oB;~p?aF{rkzOZ-3(18hn1Sca2k;ThFD+iCJBr8?OeNlm`9#Q10-Pm8kjp@ zME2VsKaYjuLl|TGRoyXUfshkxdJnLRzf0d+D{DC^?C?oE#%C`$$XU;+^34z1vB$Fe z28mSa-EtdgTq@@mHsYe9kHk3Y5Ir z*zVv1`Z_}7;wPxhKIY6!e6v_PLEA@`##*ry5iV?=I5) zB3KfvPvUCe%!A^WD=bnpU`YI`m)jetmep9wbd=?Exd{^ED~FmGa6({!&1SRIMX4LN zmCOUD92SE1Aq=A^vxTQLTD4LsG%5Y*-t_Xsg)pG4i4fD)-OH(cd_XEZs!4$F1 z{t^wC?hg^Xm>vXa8j3!MILiu>d}vFxNpHoAT{`d)(dSCzphIRjT2)H?Bh}{HCf=CU z`k=g+Exk&0=3F-EQRJiM$9JE2{`%H{7l5_R@$rkowg_|mf1Nv70tJbM%MrJ+2ZyG= zu9ag9EaF9v@(w{G>yfzUEK(P8F#;G#TpEGfd?K`M@9B8rnTvf?Wb4h|#JM^!i!nyp zxG`vQsx<@qEkozcDE<-=L)dv%_wSU&tA+EIbbAz(@BkUg)%9I=g7*vKnegB3(rFGa zhXIdlJb!a)mt`=26k^Aj5Xq99Hs3ENp3M=Y=bt3Ek>Tqk37AiFyqvPmxa<|i6&v^p z^}d>kvm4rq$jSX74*9YkznOl}eo`qkQ z&0lI(+B(%K?~UNbj&;VL;#KlRff$I2>#kpKIu^%e@N9K4dEq3t zJH;Mv@d*c)3Vl|$j9-{hsBo{89{aOqsMiY9$g^L^hN~@l#iIBpWh{Di$;c<2@uZ*N zB*pCUo?I+PW}1v9QDlBL_$xD!JT_{drp&&2?^&k{T%NF+tM6=&Z+44n3Q0{p6SUgI zE3`&l|E(rlAMuB6dkQ@8GAM(x{&A5hCgYF`C! zr+IvoglV@Iuh)b|_#$z8=C$eGV`Ni61QEGyq8)#r1~a3xfAb3_;?xHVk(o|nt1+qv z1YokP_wN%EI6>jV{!%gVaJQ>Ytwpf+gZq zrQ+{9Bde{?dy|RLeM$ni+6CIe>rv2_)@@89iV>GHm!xwVB8=tYgfZygg3Nj*c3{tp z({e>LcW)*fB@RvxMwmwlIe6M!8@4BXlbHu~9bo3tt6j zB~CJQ>9}i=pyHZmC^Js<*Ofx zVKPUkmZuj#+`SbT(`=J!)}uN7^*m`gBuZgRolm#9JZt-oELZB%`_7D%mff@&Fj)u8 zG%Z``gv}0K4Y$?2B2reEdnWrdT_*!=^o`5=e2Q!DIqpjKic#ocuXCL>*8@ux&sE=J&lSk%wK5n14zZD8nPvR1A1qCnj3@B-+!5g_ zqqiGuBEci{GbV3PIrhUbqI|f|_bA*23J1>KT|w?jh5>nACsp?!3PQtMJ8y87G{%4> zQHDPBQ@Y^5kums%pnyOp(Hn2TgUh28MBh95L%S7ZuM|4nzKcd>I`qwha_`ra%Z96X zPi#xB@gC=jzn;Z6VIu(3pYIF>T0)0TjKjH=z3PvkJh``g3oW!qYst2eC~BC1L1&l} zK*|2@9%;TrQ3v=ueO;Uo(uwXZ;&C_aem@doALAH?f10<2uhxh)jDJZLmYwbih5&9r ztFdN~b(RbNWM2{umYKI`GLV+#V#KT=C65%^QLENc!!yCcVozs`bm8{nAWn z#Qt~O{K7>Xdo+2N|Jw-J=s|2^jq7R)C- zH_zw|IA^;KjCV85if6^&hh#o0H;|{J^gX+(l(($Vc%Vq%7sb5pb@2TZYtSbtHL|X7 z;ZCL}UbK+0?HL_CXO#!E0CRg$sqh_tSj*kaVY+qF7vvm7i(?aMd7S|>d(dhdM}@x= ziq0hQ25QnNBQR-joHs7NP93K^WFLVl}v-0q>h%UB`w|XNf~zuZSPb z^|qi)kK3CQ(h+&Y?{K+!N(qrTk?}vB2;X0e7VRH8-odVS1l--VrTAnB*=_XHCvFA6xMR_|K?cslTggEblguns^%{6Rkj|4tTNm0lE9)Nj^#P6pr`IS@#-nNDB& zjP0(1MHslZ)nV38KK?dNoqZf%9ROIIqkWYS)QEzvf{hdmcBJYA>Fbod4LEge9s9me z?tAjB#x(JID_$1fJ1>=l?McL)bf-eS&&j{TrQbf3Z3uow7yyW@6xM~Kl3bwz4f*%Ctkb{K|BEzUt~OJpLzhIu}7nnZ*vCC2z~-0 z1)r`H6jge`H`q<4{JnZ3Vj1Oy)PaV(=snkFF}6$decc-t}yN!R(8}=LM$Hg zgQFKu5-X!CGs8Vgn=p~)ez`WE*EALxlHHCYQuz)N>KfJMXFrtoEbpv`jQnpoD8oPZ(ZSlh z*ObhG@&cdvrJdfw{eF)v5i!~VRBA_r^K3iHkLp}5y4&A&uz2L!F#X~fy689=;SkBH;AQ7DSWp-xBLVVW-P|;O z?Iz8I&2^O7l~EFI(}2-oh4HkR|N2R((a8tA<*dG1a?fP&#hX;s=Fe zOhhY|`vL1(t)6a|vifrV6J(o&yUyN`2w(m`lB-!TAf>@akG8SPI;U+3sY@3VyuSYG0Ud=jCwHKxD4txZGY*-m)L|n%`P7wBG z*KTg#H)d}DS%{g}>2X)k8?@KwwxGn94!6SWB)cU#s!au)0tUVLKh(*8DXDc~pK?sN zE-b$1=N?GJ?dKB&?ke+-G@-+(IEG4(jy8)e?DHG!r&npYhog2*y0mQdcKLQ`F00r z6=@v_3AF8(l+V!S>ofgkh)`acr5Bh4%#!<8 zF=x4gQQon1&;cs3NN6>9g3kV3vjCqrU30Xt5e|EKSY@18dn0p|e6M=}2EI7t+$=rV*2eJ)7 z(Ow=~qm}Cg#!V0YcNRbzU^P?4>7v^qaYbPr7dHihqFcoK1A>HSl|@v|Zv31?1Qt?kvEmAda8Af<-iSVQ@8iWicH&=&jd%_(a%6-&2`n_fc%sxC~_VmZcIR2JjZLv1v%!Kd++U--ERWs}7uqYKx zU56fKUXrcE^x34}gq1+-Q|fbv``n_=T`gzP< zjSady@6ID)CO+lgMwg`taxa2|pr@z73XC!90wwOB)XG&P_l-cvGejTqqM;d3ao9NE zq#%9N>Yl7CA9;2BGSs5WD&`?muY7}2!)4kzoJHID?-!NK(2siTP;ra)GQ*R@Pf6U| zD|R*_@tlr?l~Q}qs^@gc!+RsuuZfaQDUhhu6Mp*nU&9D0i-pP?;a;eb&ie@pmZXp_Q{)hj8n1 zc`m7Uadwgpu`Dgg?{Z1p{MRCImb3dIpL%nhj6)kiMJY z52MP*)!~tpxBR~r%zs4+g#lk|gxl{DGiR@F`iK(iVu{ZTn4Y=}F>xM(ZT+JRCJqrq zYV)fXmm`nOfh$0b>nQ;4D=dA&Pz-{?{0Z=-uP;=Db`&XpM+ce zWG7Dwm{Uq{Ale0Sywy6d#2W}aKS&WXq7l_qMFb>3rv&0L8N`p!<<&$c=`fXQ5p^dv>$}QWa|OkUIys< zmWJ3sw3!L&KHo9yiZwoeG88X9O}PiDWM-?S?eFzWxNvVAEc<2iV*n=Zq3bPdbzX1R zVN)H}=p9*l+`c2s_obeKmAqkGs-c>x7^&c9leoU24WPgyDXPQkBeeS3g0FG?v4_Q zL98D0f*hWHMEPKxkK2`!RvU86vaRRwL|~&e?d(p0K;}p|KWuP716LE(oAIR>g75aO z{XzJfg`9X@TB_XDT}C3j2*x-nLh1FvRJtec{NG^j5s^lSZChS%sW*rAN|O5syA&-C z&|r%}wpU)Afd__>`ZKiK3B$a0?u7qngh2y>%0B*XeaRU1^vbC$;muE}?hM`>`&@gY zr@QALoJ1M;6JVdZy?JX*<>~Cpw%$$m_%a~8TYZURh01}K=5F4!&ksw*-%{GXou)~+ zP89TwCAIz1_~KRZ+!C|?jie_E&^B2zN8dHAFuA_B`1CAI3t*~LNYYN@H5J_A^wOR) zL;kN$OhNSV!$bxxn7G$DO@1xbFzQ)^ryK*f8Mxk;X91Y?-l~WF*&!2QPI`kHuKW1p zaNl21(YX zZ>SsgG^@zxU943W%Q=&JO_XTV>9{c9S(8pA-u(JxP*`Qb*ToW%6O~GEYdno z`SLbLg~c2cB|bGL-2Tz}K6X}mMt7qwn3(~HIBsI!rL@>cH?$w}$^AX5y!@e-^%CVE%ul&zDkdsa^!wtp{6*`F`nt5?Y6#cR__ECel)$qYjBtgM#i zIf3})>i9I=D_d`O%z-s%5;>jCo<|*hkQH(kBACdFB`>99~sF3-2(ByJv0Vq-@ z$CE$83@zQ^g=&LBdZ%k|#xh2KQ zs7RKdk@_;=W&O! zZslECH*(+~`c;f@P)q>$XCeKy< z^Bb14Yxu`;Vx5R4m=btKaV@@1el`^ZYMLYm*eNFF`?F|hSQDyK&%v~9zfON$e-=~@ zt*VN9RUVerX{Ox4zbqg)-_tasf{R@wXEeniP6g#(dpfwD^q$j#D zu3G$n0g|3vP^5 zIv%ORgt{WhGK$PgWerIRarZ0cZSI^PmQ&W>tK4(ZqEmu3vqq6cH{ufuI{>0HpK z5GSKm&=y}Aa+LggH@Q{30Tj%eHsW%cT{NtTry^x?zqDpO((cDrBxD0k``X`;I?=yH zqr7*K>Q7)V$|5opryB(6#ktLBglC)-KMFaT=(Ckb4W)u?kMb)Vup&KCjAdzu56h~O zzih)ZjUEJ<5Jq6Xy5+~>_(u$5#0UdVWFuSoi0Yf|v&xKyKVZumb)RVB_I-4BG)Y<% zw@}_XG!4Z~la2S|8#_^kA-jW|__aGw)^tRGL$7(_WfdD&A4R5aC*IrwTFis`|(XWc}?Mjx3Zn@9d6`b@MCi`9rhv7 zk<)kA=?))YFKN!qYb55aSC@UlE^Ncfb~(y<-`1f7@0wCtMG4B8bo!Bk6#pMpZygm? z*!6#dAfOT=AcLfWgd(X73_O-uzf4*NbH3^L#yM#7&)EqCV)z3djwG3$?vJM$(&{beC zPjWDL+&cZX!y(?&dhWNCY`nxkE~nwMSGwOj+cQnAmqMEtm~tmW<14E=hAs*!my9>4 z?id$dg_#QHUmqq7Eb*UI`CEK8IZ9Ccid*dq4BXhWv|QD^?8h!L?pfSQJ8fS76UZ=A zR3&*v=`l!neEktyz-6S6OE!6Gs{R(a1%Pq#f zlKt6rn7)_OgmI#oOJg^6k=0$FC}6s{`1$J25Ze*EL~@-&_lf)TS`>-qAh}uvA-Tc_ zSuGN!**v6TyA$7yOT`wSC*J+*^xMYgVh5oZWz7fKR;{&a5HCKKe&!$^|d`h zw!DtSS-((J^IB1@)ctD0q}&~cb-0Nw%Sc^k6npG@EHLU9qjKFY6_Q{Q{h=wNY3@Jh z4>Za$pzIPylDkyByn4ko3e^LbLj{(H0}KfkRS}JQGLmr?qZ8ay z+*E4rh{qcBu_6y{((F>Qx@b5YE;j&sy?ZT`cSq&@2tRUI>HR`E-?NaXdd0%*Wd6)< zLdCXsuocf97U>&z_^v&iuz5Qq(He9>vUX?}l=m>XY}Vxd)hsEwAV<26gSAx*qzn4z zu=H!6?~9Y=@q|5P&(xbI{g;B2uQWGI+2AIn#saYWtIFCz88`W9O4~RnDHCm5AKew{ zHio`Q)iACjBt39*=JsPi3TOxK6EH2cK!VYSZ}*iq#_*lzgdThsr{=_y41y=p*Z`B3 zkP0G(ji2SS%nvymt8h8Cy1aKHwhcRr52Pu>DR216&pI+XE{CbKQeBy^;@0^Rm8JjtVyiQG(@xcmM7YVW&UO&uPdL%GpW<`r zkgzJdG0yY94>9L_kMp9Ndl*gQ-Z)x4Su%&3gFqF-lZS7a4d=~=*$$2=0;R&@Sw%qvbm+B_zD_u;ol`QRYRiLAshRYclv6VWpRgT8hv)cUw zhzLVn&rWA<9r+uBnBDb>KS1_xaF%M8D0ya@F^s-8@03YzBj$wVdE?6NhRLb-C4A%zjZIS-G~|~ z#;kvR`GGR`MFxN#AY%R;<9QX3vLGIQO0E@ztUW(B;DGgBKkRRxlNz9sDt7z2d~gvI zOLSHI5?jNEEU67N8eF>z3uIYi^dr(ssEK7Ww5TmNWoMF7ziZ#$bzr%ADu$k2+Az&v zB5#?c@)`6nlJUK$DCA4a>XW^1sc4tRLw{kHGlG11N&VHEHCWub0B-$yXx@!L zOKtSTM{nxJ&WOj{&FtGDv`@boz#ksp3)9UK{2BE4=S3LBi!Y-I`N6@Zk4v9Ahcyy> z3!+7j&=!2qF_?LJyG=YvFU9MF^K3ydTt(?@mgeatm-k~rIO)Nke<``tcVywL8yE=`B$D(;`f z8CUcRm792R|6HEyf7AZ;NOkY9#G>eN0{_I57GT8oZoeXBG9M>u*u?~TNkd7C!ZBKXfS9S$kT z4VJ+l)LJ4pyg($|tt1^2l+1xl_T8}Iid&7V@R3)L6K09(nEsFY==`*lAf#Qh`gvcK zLD18ghibplvCG1bqLtAfCGEb8fuZuTL#o-O;Tg$}M(Jx}x!!R+X#*d9)+!g0h^+{c za}L{{1*V;LZyIP-Lgt@zP<&zTO4a-|6cZBGTjs~^wEo!@EcK|S74y*gS2*PxZ}05L zHapSh&gElv`g%Jf|1VQdAn=Fgu$=Km!6ou zQ5^0(5_WNIy8eBHu88jO-rC4Vl zSBf%MUZ4y*Ub5%6C-Vvzt=jaVDLT2A*GcJdq2<7)xlhx$6&>>u^iE01n4VYjs5|q9 z2<^@BgCoIAQ=KTMEVeZ^^>}pvKSCRE&)-riPiFPyMR>)eYk?m&7=j*mGW!L*xcq_P zua^uuC}P8S)1nVH&6dwE_lL%FBGRh(Bn?qEO0^Qnm zU(owzo%=q&ULOvb@`i7#QQjBY?51SycuL{JOU*1+^te{@8uPyWD98e*K=H%}j(~mc zeU|mW7RvpXVM7rD?|K~iFsw3sRAqd>9u1a=>dJ`c(Gn^f7DOI=POUzF@USJx1x8^U z8ABcbg>A-8+{f4#;_MZ)U5$rmby#$s|B8AJv&kn9x0J2_n0lf0ITIN(Fc|V6D&O5W z=2J~{v5jYJ*T-if;;r3e{9==jg!LGHRKste@_T zY@d%XFGX}vyonz|7xj@?>-?Zck~xuw&sk|O+CLAhnLw*PD61LY@X#|^DXX&ACg&(J z74$wRsor zogwz=g2Ok=nGjaQg*ZFxsCzsonqjIDk|eyAGN?s_U^=Tw^=TegC}>ocbAt;rgzvYo@b##QJn zPil92!hZ8fpZSki$r0K($>kmQBwq^OawqSu;=OjSz7b0)v1GM9M>DOVyOs627%m4! z^B>kBmR~AXSHV42K`Y26QP}TYx=@^mlL1H1&F{lclkC~EV2!XC3?x?|qMbkL%o zw|K(~n$Np%kH}Ko2F!7-bnO;1Iqm2UqVo~2WBnNC8OnljKe`OGeW8<+wc~TpR95() z>u&D+zpQ9!Mmw*i1qSAJDHxK!yohn;UY}3wcc!kdO{X&PD3UwF3>5amY2E(K4XMzZsiyP{P>7JTqy<&m0X z({%&+Bxml`{=H_epWu0TiRv9T>G_P|jMEN*Sw+Xuu&7p-4*1UnHyz0SI`)wtcFu^H zU`-!;9)%6H9M3KCuH$2F6dG3wv7AV)?>KVA?uCXfC@yirVs`SSkY}nKcS~})-FNO) z*`cH4+^^nn_So=NoQ0oK*k2oE6NH8URS(ud_5`3mNbWPjr_iF8(WB9HgF<|psZ@;; zl>?&iHALe(hV+^PWoqpojy@1N98teUdug-LWvNS=qiD&aR0?b7`9ivsm$&RA7rWB zJ*ZIgV>r{t`WGQ}+S;8YRsW2o?@bClisUg;ApI>%Gm3kcl{2kXZlZZ>JlSaK*0@dQ zzgt`yLKItq5pD|S88VQaq!tC5#rpGFRJB~%S*NbuGm|IshjdX*hrjBN-)igq`Lg4o zHL3tEc=Y9UE8p2Bc#r91@Y!qlVf;S zo4Q=h_2TRdt|1NQ-u*K+Jz43(Hn-jK47K@F!~HR=4Ia||*VPgM(RmOL>kV*)Q4>Bh z9d1etQ++=esIY3f%GxCbyON=%v5#rwgE7y8`b@1Dtn(y61p6U`Y}%dD1jwn%I}gND zNlH|&>yx&GB8ulQ+n$PLIRM^T4{92-7GsDRM~{G`PCuwK#D#M`;v$a|UA#5mQs+_Ku_IksWma2Z&BbkfcU8=0<=E(#To zD!!DM+st2mIa}&o{Y5l|HES1w)z?y79PDC-tLoC0!waRI+p3#&!a(SLtaga&>%L-yuV=kUJ9-)Ba^beNnn_m!Is?6B0BvIiW?tJUEb6T}KF#JRD+ zO8^z(aId$EZ_h95_lUAysguG}EtZt+`jP_STVYAMF-|F%nCH`(^;%1Z1g%8Udf;Gj z&TuRz7jt%4@aNJGrzNb4@XIzFtyiumkRr%NNkQ#rAufpiG3)|A*#+(mhxfSt?N@N-BWZd{sh0FxR7|TJaaqb!ZaDX zBJUHev=&8<2~pK!W>?+*Yj--y1OsWZxnWkawGSYiigw@aqQ>b1nk(6fERMPjIO5x$ zMFn3y-gv2Vu2#hIcK>{K3wrx2X$of;NTAlaRPP>DP<2OLu51TRj%(gh1%g?Wu}GVv z?NH`;xffh^jEl5HmtYgo>7VQkCFznC^)H&hU8$TVN>yS|?IQa<>a2 z0?r&9^>a7Qjz)v2w+m> zVMe&(YR!4{eqVxq4vyJ&K}qLdQYTgM=i;YsBeYC7I7mJWJ~NHl^H9hu-#txy^fK+V7FiN*IfxO! zf=|xQjUIGw)$b{orMSF>Z2nxE*qb>6RpI_gp6kCWD3~*$V1fpKNTsZ|t?-P-M*(pY(Gi!oQ&#b9k zBG1;1>ZWlCL@kOAz~SSjW%O+6{l0~S`<^z7OLm8=ezO#UilaDFKG*;wUNp)NQQBU?eKW18hs*^xc@p-OVr z1j6$(wF8rN`E~yI;x0iM9|2>T7-O3OWK}q|N2|KhZ z7-6;|mMd!XCx*rh5$?GPDsTm6gw`y^r=hov*DXpdA7v3(uoe%J_62Y9&qSyIyzOe| zcU?`l`iTjfJZ5a@EM<^5XA29nJELlXP^;}{6M4+b-U85BuY#1|aR<&l#!4lRC|gJ#pc4(+;b2`tpnqD`tL!)8K|K5W15$ z2m3kE7#6A(UZQ(^{Mg^(YEQq|T!#S?i?wC^vq~3?VlQ~Xb(N0md3qS>7bet|O+?a` z^FcB$fAaDqf#@8Sao**pF`M9K&?y=xPW_N^NMM)IZ4esfBkHupT^NztdEAFXv6RA= zUBkiYpsP*9D&^}@m+D<3j?UwijZOirxH}02(JUpoF3J<_b91U%g3(@ojkab0EMp{V zre?>S4eHjWcn{bQd~gvCVTc1aR-9#grGH+iTfyfYlZ5jy>JVzso+usPj}D~3&a-Ua zD88M=x?Ld2Ms6zGd1I5bn2hM%#qpu^`?(?-P8cBe$s2Zn3v9=%v0etRoX%+!##2z<2F-K(G007Xe2hw$zgbIUGC z@*X49Y|EkSj1?NOSRfXm|C+HhestGZ(^F=DJ%};Hg01}_Qo`dq7%)ucs?!z}zV}MX zS!H&A)5Y@hol7m;wq<6Tx5MmVO*PBilUU@OiweY~S;nGs&#!cel;}~7dY1&8ng5j* z$|UJjp=!CGZMsp~2lq2c_FfXaQV;yxGM936w+wXVA_Kbqt3FR6aO2S-5_D^_vgsjF z+V1j{K}pKb{iJ~x3G*7o!JfVJO5b-yIN6jKkv5{sl0q~m_vXq!zdi|=7O(hw3kV*f z1%f$&e{_3azbMMn*(be5sIIPVA~-2gfc zzCh(yD=Wr3+FyWeV)=cv9!#WvFSCtlhgjAqr9eNFxAJd6IDf7MYp02O>SAD@_a=Bb zp^V{-v|z4r8wh|ba*+K-Dhjg}2t!aaMnc;eRyhZ`+5dxCXHG|T+n;oax76UEw-!D6(mjT@ z7p)}E&T?d+#7iO&;q=Fqw{QF9! z0L;-}I%ri}`V`2ofjgtddGyYJQ`99Q`5=ZpocnF9p$0t~Une+Y`7M)L|*N?}X=BY%(` zV!XaLS<%Oi21=gMO@w9twqbhPK>Jj8oDSVzXh6I;{i(<~2B;Bg-0S07auvzHlUJDN zSXaDN7gX|Rot)30O-*1 zD#m(w`bnbDydjOi*LkiM383h3R%$oa3u1P0MA$UzgD#I}JOp;{@uR2SL^3EN>=7pm zE5{CbS)Ha*+STlF!#xx8o}@N>{`Ahx4fdkCUNk80ET5j3)!DF|=!KCt)%P#GN{^Se zKnal)9*SFCxA$0o_gj(IWi>Vf%!d)vc-=T)IJB-|d@F?RDP~;`yX3WNEddWg;mI@5 zmW)})kms;%R`<;ei?!ZZR4>AQ(md3RO@zH%_-o=L0W)%6_sK4G*WC0`cb*6^X6
=tC%G74DcCN-JM>Q%P zGtVEb3~AVV>VvxxNAw~c59!ez@kensjg@b>gfz`E_&35Tgi2sERfjN1jB?%zNsw_P z*SNn?@BI|gTHr#w-RxX!4C;ap#6L*(yf_0<_br^hIec4v!8sRV`GcpAr@hxtzYC1! zHf0teq+WD!pUvPskZW=68E!`Emzv%7kFO8HJ`Yp!bd8XhS#=+?i<2+cbepX_(ZiM13J>cgI0 zvNQi!!VF@ULcPV42b(?HVOF*+26d*OyR6>W%!&#vGxf8)cC(Hne7{PAH?L(;+1VH{ ze0bErFfN>WfM{6%GBq^zLeuUD7#FJZc^h8$B>c~^_?j#UI8`UHnJ?+NbH16^ls$)+ zyo0<;wa_~;M?-E2V15a6NMSili5w+gPUIUHJkiR{FAfCeXUdv#yn7<`){%q%e(PU8 zfnRl!7&<}9O!d&bmmdO7b0IMpN`8eK5^#c1dR_K!pB++ej2RkwfBIZ9X6MzvoxW46 zs_)*jLf@%aR+-C+THRFm_ZRRb863R>Uhk9<%c(b-W(j>jvu^#cc+c^!tlpZj`rkip zol53e7I*GT4W@io`%)_)2ysZ1(VI6Y4r{R0Xq)N(+vq6xxWlOLlUW{}c%#pmm%XZq znK-%ccfmMT+ZMtp0X$pnA$?G?&CiWw2cob8jB{!JIPXsLB0sL$%PRK*%(AEV;Kv${-kl+I!E@a4{Q6D9VW1Q| zG8Y9nr($zmhVDUN?}HHf4D8 ze7N~p-lcfOdn|pW@Fm#9lxPE)s zviL^c{m(;pJZIa18Eb5~O9T7({QSeXg)>yumo@gx1`(GK+0T#ccW*ptbP}6e?S;gg zZBASRC~8G2w{B^B=bj#ZQ~66p!&Hk&=$7V?yV~A)9|5=K6#J^Y3m3^R>4CSH?88Eg zy3dh%Em>zDe59l<#=A&=El!9s>E+M^f)~@_toOV8@ffn*g6~P^6=+$v!vV0F^i8Cw zx5;hz9^_dC=4F%2EUjSp9GzwGAJnsx@hO3e)>L?lQ#GO@cSlBM@+=;ljNB2ARFg4V z8BE}`?WAZ&WAA9gr3+5VG{~;?&a1rb)#pIteYUfU6EYj-C(P$43~1Q(kX06?X7~oW z|0`p&0%0OeSRb&au z^mP~O8%4UGX(mi?UgCTxz| zF3*UQRL2Jb{_Ru3WX_z|Rd7aJ-ZjJ>eT z^$xw`m#=MsPvJTL{w4-}LVjiu-E%5;Yi@6;vP9JBetXq37yEf@j-3{c|4T&_MIAG(pU6boxk@qWQS>P8sOd+C;gBF(+_0-y)E zzl-ahC_l|z=ojQ4V+eCW=ftmHNqU($XU8u^d1Gbhbz_{TOye(%u7Sq?{v#8Hbh@W% z6*CG`c!Euww3?}~`vJK5Oc4T*%*wpUePRN|5Br4=?O%KB)tX5L5Dxu|*Y|cCRKC#j z*o{R&E;E?MA9L}CJ3rM~H#BGiTtgg^7>-)_7kl5j0%mMslp_;z%a&PuFEzF7?67 zM$oiRgg}=ru0HCy?TmTdzv(E)F1q&GCKrq|JmRb4P^_PwKC9w}o<#CYrpJX+sjonq zR56QEXcpgM%3bD7oy%bPM!tCz=G>bvz+sh{awhjy6J%vg=IO<3yzPciY$P~<_9X@(oQ_vS{myzKhI)$Rg@@h?Ey6`?=qmX#E0JR5)yl625FEZ%gp zjsR!?*KZx~YP7#6X}Z1`x>mqbC`W+d`)M7P6h=feKAAZTt0^qsvRNQzOD}P#cYyQa zgB$n=DBt?)7iy!aEDAfB1Mv?f8fJOeDP$uQ#a*jr-pg$9`We*k4F@>8`fYZ+Hs0Mx zl#$TNoNU-{bA?UXSiL8T_6HG)f-b$r;B}B4p$mg-Qa^wzTtsz>F-@)SOx|YKYQCLGjs@&Ee>7n3{4N++B6Q~yY$Kx zFwS4~mpYQYVq7?dvE1Y)N}tZ$AWyxSdR&p06DYA`SSzJ0rbsD?=xtZ|jPBS&2oK6_ zq`2tW2$u&43>soPCVR}~!+Yc#U8@Wph!EX!Wzi}%lJVyI%1ZJQk%>oU2uI_|^R=SW z-*~NC@7^}X9+DsKm`RDVvdig_JZbR+VCzExuRp)J?9{)IfdDwv>5V!ozxF%vFO@+A zXVeF+b}GxrHXB>0?P2;5l^O8IQ;*8uFrR%@VZE;`0WeR>oYEjGj)M98_saDS+&+E{ z<8LmX5f~?4Qe=Tc&W?@JO;TPr^?JI_)TkmlRx*6t5Ec3?^)!8kyu8f%4>8dZaFp7x zpvHaG;NeF7209&DW+Eo$Th0%S!K-%%FbA>yS(l<+){JW%FE38%-5(XrW%LxFt^<`i z)PYI;3ld5{QLwxX#PNY#w8y42>rYvn;rkV94ts^PwUah;37dX<9L2$mQPe4(?XH=s zbOYi>^VXZ(R){lm1&CyO$#s`^vc5?yDKztSOPj>DD>*cNE8xDPfbg5}0bB5_t+bK* ze*OGWvDJliKw17Z09ZNJ;RGAaliNqjuqrtXl3p4ACp7;zK*fo*=GLL->%p>oym7r1hl?{5cdIV`oiUSmkrWD6di1jS0 ziw&Qvjj2c&Yl4dDzUPMcp#ezbs@)Kgxj#_INdBeUFdGLf#UJwk#$g@kRh+yn&0tq( zE!&)EAOB1{?tFB}WBzbN@_Z+n6z6$;zMy=4wSS!&!LSyv_wDAeB)9wNUQg8u%_njSsD=)2v+tSHud%f|+#>px zPeWs-srZ5@E|d*27P!IaDPZnvMw+T>zC8gD5UR-SK}JhYWX13d zhSW-IHkSm?guiL{6*}#TM`H68Rd0DrB*1F-`6+omHIxf(Ita4>0N;H>68cw|cwzZT z0kRu$in|{*kLfAD_L2*VQ*88U_&ju*To3Ey_dWZG(hA&~vx9L5SpDH4C#p)R2-ckh~Mq zTEMhSXOq+4uW!Tcb2;IY0@s)Yok8iCBrmsGacs{2yA}Q?-WsJ}dM)p+JjT5R)Q2sKJ*<4d2t{>yJG{Xl!ZB{6 zb~%8gRWWG!F_aaz%6sN8MCXTIl*nos*xW1`iSLZ`&)R>Q=lut_&tzO^G-nAr==oP= zzt)RQ-hgs3#t3{d#Af*@N+l8sVtedBD*`Wv;btaDy{rCEOIMT+QiakGp#kc!#SSP# z4?3_wN-7ZXtDPVy%SJKW^=Q9C*Sm!8qFKZx~h?q&Badd4Np_&R%%XI1R<9x*q zL0kmX^m2H}fo$k$w#6triT3HrqEZSFtXKRcX@dw}i4zmTYt6sJpT`LD`5)=)tpDwc zghBOnnmP*keP8HHtxid511kPI9f5@Sp$Ii6_Au7$`P==@y1L%*yWCbTN!72D3JjV~ zX0bI(y`>B!U=i4e-O5^S|J^fueFptq!{>Vve>06uc*C=ubyroSyQjj~TEGCKG`U^c zS-;tIv&0&Fi(~U7m>j*89dpndF?1AE4Zn!vk%!bu+9?{1J_^6Ut&&{}64E5l5JMVm z6KG;x9s}Zm`%i+)8xliUM;ZF}Yne%PQK70a`jIG~&VTU(h6h}X+qd7Y+D~gRefgq$ zG{Tat-YKJBnv?g*=4mYbWsXehYF$wh%$Lw z7$FuSHh0?}Jy2=NmHX^CTT@N!xv2tsQ3E|qE)=&3suZw^iWiNQPPL&FliX|z_w`u` z1Fs7Sela5J%!syV$EC#aW~V*ZJ1yrS9lGr2ctn{Zgnig2n6>?!;45ZWR(w?LvrH>( zdp_npspx^iLvOKCoS&pbHJdDRw=7fFE2e;tlHfT|q$Br=q6UcZ_OCE5ZR1;OsQ?*u;iT2L#7AAcal%Be>uuKXrNV^Zn=p((|5StHOnyxq@ESW4DK=$6n}u1E9n z5uXi1DTi{#lV#ADte#lhDNoop=y)*|1GXsQ=vv@n>0P2)fB)rLjtD>6H1e0ck-#0; zlcxIbf=uWf@2QgY)L=tJ_VF4YBgBtr-ew})2{xK8Q2!+UXy>JOj|vHih!v5k*b`|< z(|ojisZ2cy^{j}lYN1r`9kuSh zF~-`{$ECSOlbgDUoa}LnQ92a{Nvk&ZU96UC*AVyiO@7Wx2UgDe!sRt{#wYFZNvw)z z?9)53R@{*|p(Ev^crub(mo;=|3&iWfgx*9KETe>xuad#KypHFQflv;{>r>{#S5=Pm zI<~EI&;88`T$@fY*cvZ<*!$q zwXJrS%x{*muRWb^ZUia={!v_K$1&$Fi-6qOo_!A@ahWQX+ASqY`dqPmRpb6#*Nz#+ zrFYe}?o;}C;i~>Du<&Wm3tNhgFYlU_1ybY&Zzle>s0|rWr4u=ffkKvY@vu!@yolFH4>FI3 zqOk)dr7oqj_MQt?rb3naEGRGB6yoL@j2xZ*&}_2W7t|BfW`CD(O}RrQ97cg5SB?7= zF#L%%-j3Y-TLEmRz`MI!L$)TGCQGQ1mx_pg2+(I=Yws!;KyQ?PA^5me2`V#pwyczJPDk2EqSp-WmXF)wCj|l;+hA!5!7O$SR->3MZ6LT>YVc!pM7y$g3Ef!jv@$eWx2MQbC(EY#Fih7fR|0WvjQp{QLsPo!?#&3n2Za1JBlZn2!5?UN-Y<+<0;9#;O zY>~N)o#_nQSu}I}p3-LOiXt$U!<R#hWUO6IuKB7o!pkZ(INpC{NYgAO z7CiqKH?awK*W0_#uX~{;@Nc-eONE|k=_iO|e(}=bFW`0o}YH9~15v z@*@KWN|A*{x9^%S?V1HMWe=LB$0#c_>wtQzG z)~(QConOt{UvAJmPEVp#H4)4g{0P)lZ5)SOyM!@vVz8rM(w=}9%Z9}zZ{2TTl56^W zh4s2dqCYK3Wa68>tbqvevP-9p)=pt3Sp!mH&(7^#>DDVqog=$Cl>H1ZtsI9%43Yqt zLI)7e)wm1txWsGM5(ON@$BMUAWSL{e{P2nM*BzbgjNArb6W3DZt*_+ zv;NPgU+TslRsVp)w9rB&!Z&oqSJ#6+Fp9rl+r{#)!JC8NR-Z7GYx{c4eVO?}_BN)K zu7>ee-V3iqBGv@`bbMiakiP|ej=6UUtVESMOz%@v4_Df3>RZ28Auk%F04tugL;-9O zy1x8a1n{PKFDLBEpf9dC_iV-O{!6u?v(rse2XcgGgH@jL)!C4bWJv*%cBQ2PKBkiXoR&|X4xv6Ur1H>!;On;|ub~?PZ5ZGf;q2YS4VXJjafTRQ_;cP?EgL4P?1%v zhdRQ^glM9kRKT)9<{?-`F8t~RcFq|6M z=PEM)vZQw@M{3(qIFt-&4klqWpylloT~9E^X!*dswzW|-z=Ca1<#*SZ-@sSPM9ed3 z{22TQ1v-}AF^fIAde0TdWlTRe()||7elmFzM8xJ7zxYWU5%u$%LL%ZnF+{eE=?$|0w<_|L~nsmlU&nv80;YF}{K1|32#=Lfl_tuZ?isO~J%)^sq@z zEISz;nDNc%Nheu%At?8_tb?LlLqK$C6BT!{DLcdd7Y{`wnI5HWW_bGe0oQ5gTk^lR&8FjiS88VS-Gi4!p?x z2K9zzx~Z4yRiUT&icRe^-U%7)UeDf$5)r()8yYB$n$`2=kQpnM9E z*Smd-{V_Yg;G!XcX$SjJ>p_DG ziMxQNgUym}x2$du_Uli!lra>R`J?ZqNpv|X*xg1wWJ?w&p=L`ydh09dj~r>UL`G#R z-CRnp4&pxi0k4}gf%E2gGVpDW(du`_E*)T^^!g%PcvF6;=E)(Q>cV%E{%?-~cA9?0 z8`#7thMG!4Qm?H{BBki%$RmO&5{_fC9(yPG^6*n(p$Dom?IoW^F-hAAl7+Z((9hnK zUvxkPybJ+D1yyKK62&0i_lD{-wg*Y)>E$~hjENbA?QB7nt6TPtIuRAWj~)i9L`T8x zX{1d^L`)!6$rvYyn&+JJ@~1fR5YuGL z6qpcyEB3$MQivje-zu#v&F9x8mh7N@yOGWu-%kB@I-$?)^-BnC1glp7uYBHDTS*q0 z$cEnj%mc1?aZc&lsW9|##$^F@`k}%9Z`u0X!pd&AtML9q4z`50Z@9A42Zk>9BxS46p?w@p$zB6RR+eWS4^&4iIOfGMlyvn&PPcNB-wJ_5eZ&cOAU*vdg z!R!Ym!`0qDz5FXb9Ti=eNb2#2YPXeFn=-rk(1W952+Os{bk`oS&+kcPRnrP=t$T zE%|LSMWAy@%dLE{u+!(i3+jJ(d!8Vu>hIm3AH>5r3|u02ko7T7(?8Ps3aNM|C*R+XG5-I`N)m%RCAQ8`0eJr4(h3tE)Dwp0&c-;=apDf*`42au1f4R@G!*eGj#^$Ia)O8>ubBZ<6`CsoN3W9cfD>oaY2I3D-3m6 zV>OZIlmFS1(q+<4$4jax-q5at3rD6vG_uiz>^3|ZdU&T2`zY2+S$BS8ijA8o1V^ZvDfJbx$~e} zJ3mN>qrzllbCw+PJB1sw(0?v+GQk(J%7`3n&eHSwyQ$V}W05jA`Vr$eQh9e}d%@q0 zuLIuN_Qhcj7J-T{rtp4|aWG(ch{=mAdjpfrHz(@}ptnB#+7;~5EeUUxaxSIbTYf5peGXL?p|GW_$ zCv;urBr@dt0fs&bfTh;Si54(^#SuCU{Cp9-5S;SA8BIdV>|+C>#aRiL;@bayMSH9J zH1K-H{ zyo4x=XUL~(v*bkS8eVX6`7PiXtrdVGnuqrx4UNTgHynh)6|OP-*Y;q#O7HNTL%>?r zYTA9fXl5hE6&v9>SV z-*MP{ecp`1to6+VXsm5#%bF^}Y@oXM_N4z^O9o%?lU5JF8~^i=fOt$GCB~acVy~|j zuH_N75a5KcKb~nnt(2${9{FfL?V=|wd&qNLc$Y`AyEpwI^Qlmf+{7ExNLFR#Jjdk- z(dD3u&imT=lRK);c~Hh%;miuz#Uo&bxd#O&-?^XQGTN4gg}u##W{gWxy#-Ot{KN>&22{JM3|=NwUriHv7>H4Y0@2L($#@^p#vXVrZz02Z(9m)YdL|K1Hsn#hc0JXzPKQxz!u1IdsV+U8kXjSB$Kvo@Iov9JuP zsxcfO%?lXe4T6BvrrQ)UK?b5kLXrFDkssgk>N}!dJTTkJRueF~$Rc;Msa=cvo{U-g z&Agdo)!V8L9N&2=e#AzQAFS3M4vK@HsGqGy%R)X40^-(wT;OxZUy}GTHH%_bX>Y93 z*_zgSyy50O^4^-xQ2M;b@^Nwvx>R;_@LcNO2tP^)H;~9jSZ-u_jZ!pzFNog?HiErv zi+2DTp>iATuLM7gDJcZOA>bc*yA`+m9@KTHnEq?50bKa-n*4o+w~mz?(jd`2_oY33w#QJykDOAR;2tBt9KoZhs}4Bt zATCvO1(krkKdtvDT_VDLG;1Wn=VFC7N9YRBzr^say>ft8=Eh;g7Oy zCL%;Rh7-F2d^t`o&Hz$xQtV%9!Oa;aKh!?Drf{&$m$~ zyaFyf0oYqk)^Ik}bI!r;c6$5`|Jro!cXf~gHS=1pH!Wm)fU~QFgQll`FXS$aWJTT0 zMoIE))v=RK-D-3kNCN56c%4eJIYv=efOiY}9~A)a0w(OUMLgp%x2=cn7ar<&S{XXq zNJ~=^UHXmmRlHG%g_pmEYxpGps_8@A))1Lg?)O8l8Rr>m z2QPuYt&5T;waV^;4yn=2W}a#PDL7nuHit_bPhO;O-tdaobGLBsk=OeH*emB7A~Cj)q2+6#m-PAJ~fxDXF|eW*=12e9Tn5(;x$oRsP>j z6%C|RHE&Oor~dm*F?HlaVj>ojrgOj$91ZZB`v&mdnPvR!Bw3xH$3dmz=YI~K|m$3N^cAL)+*aYf$%8-SkEXI;2di8uhlhh z5RXJ>yx_B48e+>jZpH7Fg-blpD6pDZv zI8<)9g-_i-x64T~ZIG>`BGN&|iCbZ%@fXQ1Si^*NP$2a-pln*M+Z}Y$n=y~xlzv(# zFRN?Le+Kj}nQ@TEZD#R-d`yX5_KJv9zzORAYe$0UzB4OhtUI zC{uvPh;F6wwyguKDP}~V>>hwsHV3);DCr7Y7Yy+S?{rX1WxWm^p+wYs!Uc~HQleX_ zITa!#0Z1_rFKi!Jfvhf2>a0gO7yo7&3K+P)T)0-m^QRq9!;0t6AKmrigTw(M){2Fc zYB9s(ZkPMADHex#6?%O*VRZxiO({hmc2h`;rhS3IEICRHkBA&C7ZW)`6!8+&tprFTP-ds!MOD24^yHQuOCY-dJs8O{ zNHAz=6$l$$78TjqtMmOdfk6Wuqfti7bHjgPSEnm)2agOoK#btKvR;DDJ(1r8N!zJO zitz_Bu_1s$mMH5h_$^}CSK;VQD%BaouKz<)c8)Hdh@SHU=qJ{5aPI^gw9iV`kY`pz}kzWaI~16Uejni4HV*iI3Y~R@1d^9WHemgfu7Y zkXRcT5%M<(j`&9f5@j4;%pWPh&O1UgHkw^m=kNNsQEcU{PZHHICCm~ADRp0r`dq}NQEj287S-<&TQgNTGRW(d#>!z5y#@{eGbXB^ldx2~bE z{HtI4r8D~O-RfL>BB27}9$F!SFt-l0uhrTp2pH?O_y+i)`3DXe1Avg+sSxJ7ZcR5} zoWpG0kx#?cGvs_s%I`_wOZ0GBV020`Ve%4<0~yU`OmL&47En3O*R?XA(<&cX$U8$i zs$mtAf)+-0?6i@%$9qJ`9RPRG8VOa>J*sH^7!VUBu>~5TLZCYJ2zzk80ExzO;w%zG zaHkS2`vcqglcNn}+}6}4^~8;1L(ZLuu;T%beXN4S^gNx$$KIzf^W?k@`o-uzS`(0F z8&V*3!u~E$*T%7$fDE}2=mWF>&0Yn#u{qElqj$L_AB92FeM4}!4|TJ zxiNbC#^Yf-PN~JV*d6CBgXhASfMUIXzfTfAxvp+A}d1BWZRL2T2zCNn0o%qk-50HYfAh`boc zKudQ>)ZI@aGGZAJ0+@+a3`9cAT$PL#FsW8u*WL%OD47<-1-DYU4oNeb_>&LEYK6;7 zFvihmlE5HHM%)yc)#+zTjHZjE5@ZsbpM<;e9{%_g-YNz6y9=fw70v4pBZ_J_>)- zson**OBZ8~6UFg&5>*~IfMVOw7~Q>YcT1A3ss_D;suDA&R5LK%__Q>5^R8D_oc_8= z8sTlyhTsCuF4y~=+=f%{%#Y3%>MRY`w=dnqI}`)a^aoaduEV18&Uk21~iMRJM zRFTITI1i%DXsvu|N&J%1Tx2-mn4-jnd~=su+1$j6BDADN(!muFimEa zP-`G%)}KY^dC{C#1na40<>;dXY6N5CmOJLUob>uwoSTS31|y@q@)yda(P*x( z@Z^$mcQO|T^Y}=vPJ}u-=gNtWFEg>&N#G|+q8g8YT-8%CAAC>I=Dvt6gAoBocCfr*|XWsIfHSGrN1>jl|B_~Qq3rNUA7gf8iH9n+MNpszf>Z*+*8ao3T*BlzB(*8c}yJkGUJyKb!b$kG6?#@#YyM6wG)O zAq1q^^xabL8=XC$o~7r}YtEyv5V5xi9;)FSQ8jFEg=A$G5y^8-aeaz;BgJ5qUfp#{@^Oh6)=(P_E$W5|K!Ea`=}BWy}1R?OpN|7#czY!#X2`axGLA1g_#B}#~9+k3?IG6hvlIX9NR0Kmf zKvpUZSclzT53c8Cq)Wa7k!977ID`4eYFps3Ro!7IsI}93HiA0VgjF3h~UTu8k z&)byKQ8UH-foQrm=5L?M)GVjJn)*Ry*8jWcrIse@!l_4hdqUe|&j&sWrU;_o$Utw4 z1k>rE0H*YTdF1)slzz6f(aMANH_qBv1$Bc)GT{P}pQmal9_oVE>IU~za`S`pg|a{G zy~_?RWMWG6lM~9?wR?5r0JEtAnoieb(oi=hw{OzO_^pm9Zh_dSw@b9f(wO4_x_|2@ zq+(BbYa_f*x>IpeYX>&8)KjOm5F$p9q!NJ_CUb_GQ^A}6vpla zamg;tlB0zv5Mw(-icjntvqjz;4KXZy{ETVZHSTOX#2IxcC$3RdCXj7^*@2^0xep{$ z+3|2O7v}Yu=rT@c%Msf|voE5JujUj`)_hEn7`NA5S*?yq`K0TmXL%0RHy)rZd?+~_ z^w{#lSA8h7OSiI0j(vZ0UO8gW2P`8|ai%N$DweM2_AXbEmFsj4;5d@W&G33E01q*O zwc3FPEu-9hzPg%EPd#4mAWEvk`6jZXSVC%sf`wW=f^|1?$$Kn9aO*o2r>7FpR{)hD ztlzHxjlz7x-sw=ywdR7z_C7{dQN2cI$lWMJc9Mi3Bp5qQ~ZqIM!8&7{a-x`Xw8i*fCZi z8M={mpP2YER?%H5Kh3zNB3Nk1PrtHsOd|(hU3mS4UU&2Qql{xYiu2CxUdTh^B|2J6 ztr!K&4WL+KNK#0^z5>(U!d8oY!M-9Q$I(9(4lPmJRP}f%L9Cb8 z?}tq2|8vL>&(V9=kgxeGigw8PcfEBbFP8DNRsK)AeOhEhQ+}GvUS`y z;0nv!?JVr(X+tSPnwfjivJWTC&R%7&$T6E>foRBDj-8C zPAo+ab0Hc;jj<~3CLT(m@uw?s1v*7-TdxIUwvJxSAQ7_&hHgZHDF#J9=Qj0M^gQW;i2>H~&AsP|GtJugsj4OR#9OQxE=gKWVfS>ohc~u+#SKl{4ag6en2rI=6OkJ?z zz`_0NHe@K_L?%VzU74r-ZNveVydMPv6)mNN$eSY--Mbp!)E@n|?m7Il5I*^W1=soO zFIS=V9qbQk%zNud@%t@)fl}`(wkDrhefef}E&hF#-~0P7hA#k#fiXu{8+!e1*RL@W z5KsL4Ub}q#?)B^cf4!q=4#g}psyit6iU6i+)Y8-Gbh zECNR)P%+FGsaTZq>enK3h@im-Atk3+@Vi+T-gjp*C{0HT0b5*C3KhUJt$UliS(*GR znhU1_cHMI~t6Jv2wS0kR@Rc&CakB`h&e{0BPa}lGnI?&XU8tV{{806i-2|#fx~Pwj zKFPf0mQv9ZpCaAnZd@WVGP$bn4zjul)~Kmu{IXY(VmU_O-MKM2&i}=UnlNz;rgrA$ zL{QtA=29wpSDVz6r`BIfG-^vN;eF=*{M!pZIN-@$e!@nAbkxcgR+Su4MmVEyR`} zbQSu|_B-uX!zqOdYx|^}feTuyPwz(g7EkyPwqT8?fS_qp_SK3Yg4?Dj+o0an&zqH3 zBmc^RA|}?lSeaW~EP{oFl^qo|FQhh+5(EkVit<^?chE=fy#8=y9^Q*Fp5?qZ{p4__ zM_JsRVV5=i{{1J9P=#Q&ud224e_7#8ZGaP%k5eK3zi^MA79+>|;7*QIj@knDi+P4v z(=nZuJFHG92``_-K5TrHOTmGq1kH`5dELld{`yIX zq4F*DFr&-1O{;%6ZMxY2-~1*qd^4fApG3gc@lhxWtHrg0_!c0XHTKuPT?7a(-7Cg- zz23zQHV@9vKFybN^Po(cn#;_J*m`Mywiy}rx^;) z^WcPNJJZVs*xX|B5<#)hP|_pFvJ%-bp}K%~VM4WygADtDw4@4&y+gE^54pPTR!o(S zmq2&EH%#sJu?bk^W%5$;g3OaFUUHU#zzmZeE~YilEGG(ClPo zT`+twu#YXj*y9N zE=NrqgZ}cUd6y4rf5!0GLzU2^(QbR@E%w#d9DH<|UvmaUq#m)xLSMlU;P zlE;UO=9eUA2ft|FtOoDWDRi3Dv_M(Xj+`l$i%s}!KIy1|d(gwwoQ!JS|>wpdQ3R(mS>a*XSf z*ciFbt<2jVqi-_T851IMtnYW0>l2b}aG=;c;z(|Aw2=|qCKB{-Q+0{XR;htT$0_KN zGZghb!c9`vU{VxPus?E0gEE=CW&5VQX+A`KJ`IZ(kacfiZX79e=z()(z@5WXJl16^ zN7&ApYvojk8eOvMhBm6pekcbo#NE|*@2Tc0sKLoC0e8oBIujAcz2`oL>YrxyEZ6Os z8XIhu@A!GrsoM{H6z!hi{g3M8sR5asGvKKA-wLjAq7ZrL0K$o)kww9gl zIQc^0q=eplP}I`HlWo=Lw=ROvXhLy!$1Ly{jhU|Bl&5Q2Yw+V(c?n)VNxTqDz8B2- zwt9;5)IONai1w{)@UXlOk;0909;7h{_?i|IgII54Gp(_|3{B2J29*PjCDFehQ7bV# znShjUr_F_>X!8WC2k537uE5 zpU;oYJH3*-Gzp+=y)^vNNO0q9>ftRk2H`eqQk8)IH|9zZI7^ikOvO6VCvWV*V&I}$ zmh1{n@m<>ccXL^McvEkc5=hki$;LoPh$VD4{I}hY9I>x2qBNd?%+A1onE<%)`TA#1 ztQB1EiTztfs;5 zPy`14zb|LPY4UZQcw)HM$Qc}EYfq-Vk4sy{C=lP>|RyQX~dgDOJZcn;TJ?G z|GX{-5f9I^cYJt#tV}qXq@mk47%`h6UM*qa&{|d;fJsB7VQa^sI z4=+NmCDNQRyleK^uZ^?0w%}hM0s}BjXq3G==!vGNi4}Z2j-^}U@~kEs-OnE-E;Lv7alr%M!QX$K~%k3vTCp z*3pjX>xL!>B*XA>-HuJtxmYI$2OC@{vLBth)}2MSvzzqTF{uPG(mYB(Gj@(WVIWO6 z(*l0o!h?}I~&WJZFeQCVNsI1O53^+V(xH{{z9BVd) zq!n|I81&@JY%9x_?6zJt;C+r-)tgOH2A@rN~~Ob zoEF4K2nPNWQ*X+-ht7F)S!QHs=DrCY%*%gE<#Y2SZVM`sd#rtu` zJzTO+Oww~4vc%kFGRhU)RnuV!-buMCV76BKLKUvH7s(4yqd-RGc$jQ1v~W?HeX*u{ z+}uQOV@&lHS9RGob8*CQDZJdlrl5*77l4{2QuIkvbngM*k*$=LFgNicqzDPaMvWTd z6hw+-Scug-$=;3zfVyRm8E$1mT8`w))}mG11=RV;SXdiVAVaamLPY@VY*gJwzR~f} z`x;q=y=WG%?s$8s29VjQoH6zCG#Y@iG|^lSV~4kJco{F<;tm4hjN;KG9tDK%OB?N7+p^2 z43Nzgz{xFFupd%^J`My%Q#=$KX%wdcb;4j#EEMY;$}L-pOo&K@7Mg6j8TU8gKo((|_56$+|Kr@>gue>*YvO9{0GdtE5KkrA%=SR%=H>*?X9rNB0DZ zOg0wFQooQ?BHIPtY)%JQqLI&b;k+xlne-w;Sz*s&piPhBl3slX@D)ky3k1`03nHV82}NiE9_ZRd(DFRW!e6D4k88!0DC0$d^A#?Dzplb29jC7+ zjsN-gFLq9b!h;lXqpSOWnfM>^%8`ID!4vw^H-EWy{$HP4MA#r?q6$3M=9=h^;$?zM zN*;@jeSMm8fq-45@_t3=`iq9847lGwaz+?i^#lGDa*@E(!<|FP*9XlYZNLrjIzRU^ zUpD|${_HmUXllFY8rJLM8;}DQ=hefAe^d_;3gn2CM8Uj@{A36LJvIKFY)mBbA_cUe zZu{GGEWrV$TaD9SbKR};Sf}f=*==a7nfoXxg0t;r^ME<@7 znA(7fdYO=W(O2qGTl06S92$t7*XWDgyh7smwaWXkzPB%Whw(RG{gIb&Okn3cS5&KM z{{HsQj$B=EoFft}y>rHXJ5&D8C!ZiFB%PnIDCF<7Y(rsJ}y~~sV$wf_3S9LwEUC*q^9SH0?W)K>Ui(34#xrHnpRuNPaKBvKY+kV zBl=%}(TcSah78~@IFCR_t+;w+X07%tV?Nh80E5gsTkh}Tfo!HIG4zOx=C)kLCr91P zC3U}7zNwB%G}2Lt=&-?k#qQ*UJ!qIm2OcaP|$CO~5HSNOa1J za~>=>7Lh~yb5pUOuX(3%wf%ncn?Fi>;ysk`du(9|Irux2^12S%pG@hm(+Nf#($0;$ z`jZ(m@VNKoi%n)E*f>NdM~&PPN1O*gzgtT1eI53>|1&aYXGSy{dwdd(_D0=4G^L#<2zTQ7{RZGwepCiG-ZkF3 zzLF_{NVG>mMv}ASmFu#1g{wuTs|9#Y%+}uEx%O}5?rn!38KZERP&MnFsYkdKy z#*48jADQw$JQ(0F9Q1%(Qb136^oJz^d_yi!H2oIYEm59BJ_eo}U!13d$bARLDepCX zYkA-{>vcN3EeOx1w!Ppa{MvU7Zi5uD+O%ZCe+Uw|03fs_47GQZII-O9t>Dc;ln(xb zg7w~BGMyAt8Mll+aR}c0cKy>;0tR!$=WU{2^O)z%VDYZR{t7G&k87f()TM=h(zu9Zh<9`J14>6z7-*jK=XCv*zM24RPE?UsCb~!M{D` zIWcIB6f~S}e9XD9llbIxNVxXUba9T%Dn9?(p?D${34HZIvDz&)R+8zY z9LumlzcGhpsVuOUes2Da2zPDTXZ7;f72^-30nvA0T`4USjQ5qNrnFd!ge8d;j-CRw#bW@?Dz+{|$eDVPG7TeW4TtWUagenJA}o>DhPT z6dMIvYPHLnZpk)`&=R+=SI5)qod_OBH%n$X*+EoNp&PLeCsUa&q!f+?v&Z*LF3P?t zD<p%hq36C(!S))7^~46o}2KhH1`+#%7-l&fY*mW+2w0f- zOsxbBmOE7W37r%-7CT?WNiN5p4d`@iR>vxNkG_vpB5M5F%BfI;9?lQa&C>uKvxUAQ z&X$&R*G(9tqjewE=!9j9IVYqp&}*DTvn|FJ1I66g!WFfL^u=xwfSOOJPrQ z`9)k3gV1U=ogz}nx9j%%%8k3DHOoa-V3UZW2~VWSd7bAHJmx3AQK1CCF_haLI#~;&PelAt@mRPTh z%oY4Gdqy9w8akGj@+Qm*Wdb&z!iSR2${>LCV=Yj$2rWy2DyKrDW~CMLiZNvs*T>iG zWq2HzWiKQ`N1p=z65RYq!FDy~{r4~^y9r?WJGB5g2Sv*rg6U>}4Vbo|_Hg|mn7bWt zZjABHa2_vNOma1_D()RQrvoNsf;$vEZ5*2$tEA~216fd2VA2Va{UQL-Wz(TdaIeXZ zb8xQCOI6Mp)1gqL)7?;Z`*hr;zY^CV&=3Pz8f70W^}1R?Ta<;JE2XiC8)rbrTwHPW?}ax*PwKbQJXS`#g>_9)-18eH!P%_A==MG7XwS{8XZ%2#_%NvU@0=2E3U)R z4FdH-=~C5sKk`;AKSjb_hw_~M3vExMyP+Dm3M*VUaIOnD4nKZGEhWF#iLU!!%KP(# zus&n!Z!CbTn`;Wdp`@C6@ABKgupm~e}VlK82>)OFo2LL)5m%*(i>*DyIheTb0M_g7H zuZhP$lfSx1M7SwahjaVm{%U4_RJ5xLziouo($|^yf1NN#F2Xv_Rm@=&&^`qzbN{b)T2m^*WsoZDRrE)T|6^MHzHnmX zn0PYzcQz?0O>1jr50$<3_4OBw#ywH_B*EYakDc$;64z%;iYSor3lzJ$_gNgtGhs`I z?TCxPUX}D5TAswG#`7xM>Z`w)&t)5f^u#VN{;c@sl?Hfpxs`UiPWSm_$7;@Z0yJd2 zXN=VFd)jNyvof7Z18AsFWJ>)sahSZJ!B`j%UJ_*8@#fBZFa1_878|`jFdb*;^X%E` ziWVbdZHi}1ZI$r;=~lYqs~LCG6`#KC`qfF-zN<|y=RwBsEtDU*xS}O(Injk#h?WxE z!hY*SgNmY9V;}zR<~HW*q1v4W(sUp%Z5PT?Oh;`2)N5eVN=YHT)au~ zg3;j}XZX{?qMmq1XCM?GXk9tUz*;e)ylmE_?fmj85#jd^Tgx}080g@;dS0!K2};k)=R({%9J~<@8dP$^>eyanlX(4`w4uY1i-BgULVd49?XEV zs`vbhWL@~+@kxk@!qj2n&gK(Ml`+bc#Ax?j$IYK${$tW&;P zZ6>Ri{^__)!rLU%BM!{Nc=u_fqbQsn<(=|&hF6=&5CFwWOyLC|EP*oTcX3;fs_QAb z1CS*Dp0p`n-Mn&Ocx??)+7wFV?JW-z??tRPG7;Z!!N#b{W z#oS3TTh}FNWh_e`AOmKhq@;`coW^agJjq*ml)Vk$qNZB8rwF+_z>2|@FeM(SO9>-q zy7_QU_Wi@7tcRiYoWgi6kis>5oejk_fybkpvyDCr;^ZAY?gkLLlL$qan?0mo*y|*V z(@@OosQAlDvPt~0CQz^uK1n=~#q#2M<~dI zRObJ157!MGtd#hVOn#oyP1)~GRugfF#tvP0{5P_+53^1Px(b87eH+= zW7Jj|2YZ3*_jy5$pZsy+l9-e53;<(P98P{?I<&&l%61 zrI-eCpq=$RP~Rm>L+QN~z9x*S%Gngb)JUgEwL91cuoE(#N#mGuF90et#^4C3?`28_ zz>Unw&>~5#N}l53Qv#Tvba!TaF3-E~uKJZiNO>R1PcnqP9rr%ny1!ljbH;d)_a8xR zW{DDkWM#QvbCp-}t{0u^`(F6{XytHIqVX?PA$J1RgiY;MOC(UzW(PDL&oZk-RD>6lc96^m-q(|Q{e3w> zpF$6)pSA;dOfaI}6jWF-c1QN%7h{XX>;%0#EJf9Z+96B83f{SK8ygd#S@hZ;WwLw# zAoq}y2`0TdO&Pg;8}59vWs&q^HE^JBppZ9ceP1g0+$S^Wc|`RI_v!Y2#wFMy|0t+G zQsjc~3@FXS3b8tRUIzxYz75J6qwkIY`7Mevz^41=wRPqB`&L)iP`MoXC3EH7( z(}zIyZ5jvw0mcH#>tDiLf&C9clu^q2OVo)4h?@xkcrPs$`GxTTP0jwdbJs+kAK|J= zz2@~2g#*yTd z!X%Q4GU>fhBDE%D^JM$ZHJzF8QlrisH0}>8Qh0D8^u7H|> znYxXd!y;@KsN*6n0wBxn4kt|+o1+e;fSPdoYWR?>it#J}?VlV_CNu1^9PCY15Vc0D z6uO%3X%i-%bxC*9&OM8$E1U<)R=x3_Y31GD+XE1DwKo#PpSB5|1W_SMQ&3Odaka^- zAJ9{8v(>D9Fwce*ZL%R)J);kQfUdtTwFAySaK~Fr=x61 zOz+Y7LD@oN81vyr*z$3yIMc@5UFvYD#!gC~Iw3ZzNQJc#3bgTTOQzmZ=|fi1B1&JI9vj^Bg^YtG%b z-zlt`kul6|lRXG^h)#Tzo!He1)c*dIJ{#uu?`6tOjc(Jdm{lF#`IlCFfFoKUVpMgd z4h%q12}Z}eo)vJmuv$u=O_TQ{N)R2vKSF@jyApk{^t$z!S`Q(2MU@r zwk;iW-C8O8mtsT?6dSk|4rC2e19+aS?wE?4YFR`&Y?L&0(?)E3A^^-K=*t;?@_! z^!h+ScpvW}V_T#2UX)eqt)FPOZN?MZMD76ngzNilM;YZZl&1G zUcFDDMK6UnXjMOh_~92*?ISlCh(vg#su4ZNilH+pR~FL>O@FdMk*H28l7mSC zW#*y_UNX30FYsgGNlSt-;qxXfmDU@JuY%gYX`#l7W}(&I*9UVxF^T}|g(%1^dI21H z*m1{A@8v@znb>ETVonQ3K;5gXlC@~(ZCn@D@1=thq}lg*Si#NkSzKC)thIUzMk(u3 zQ8eifq}E;lbQ1`^HptY%!7dvV$Qx=O_`^wxay5>5as(DCGOA?~rxxw0zEF72FV|je z^L7L55azY9rrFP841L_sL^n^0Y`@SJip&|!G#RERcgy>FdJl)60REb<;?qz2AzN2= z%R3c3AQ3j}$gGCYNOd+{>1=a0m%2c(PJ{2{kyk4$`~Zzo?%~ZGRK?JRS>Fb%c}u}V zbg_F|xH+9njR_IyBrc6s7JQ3SO!McVpP$Wk1eMqlAoCJUJsP#_H${=*qYSv>nUIqUIuNe3X76Yn63`yiLZAC1+&M z!`gzgvuAO%@e!0F4P?k4UBZl>Hs!~uMmnOfyM6ZHJWx%jdoLCopW&)$l^O4oaNS{? z*z_954t4JJfaA-n^T9*i#I2t`K3?UDc4|A!$V$-O*sYQzFohEz{(3H|_7GiTR`Bun zlaa3_XCJWUL()i9vStg2G+p)zRaz)_k|?ls-%~?~@6(nRrQ=0R=IRqwzYv>X7bdkk zu~unS;f%I3AixTxvf2!=3z+K|nE~qPJK=+Iw#6Z)UVf* z{NkW-3E|PulmuUfd91;$58)4Gq9TMG?TYIUW%^OXo4x}|(Xb;DuD-PP)=xnA$>K(* z-Z(3fk}f>tb_vi@C#B$bFizI%ZJ|xQk@NENokuJ;9OabLoaX*jm_E`1Mxb+m<@gnk zE)?@MucuVNo@dF}NJAB2fLt8M=YgQ*%10Zfr$NZ}Bs&cmVNt&RIl+YSYq;?`G{QI7 zr*Mv4$3$|2M?X9`vWHOUTD-^Ej_ALzJZof{C-pqQ3U3P(#r|HYSWOk?+uy*?!a7tX zZDy6G$2*IGg1;~Xj6Fqt^ZCd(=kb?4*ohPns%$ma$Jy`!vAbBnWVHdc@(HxkG{egU zFENCqjgbcbH35bT710WiaZ)5jlK{gx3xNx+z4LDYinJ(f08MyzUC~ECKE>oFNL*U| zNbLlu_`$&zKALj~NP)3fhmsV~xkX8q8x{t<`GD&zB0INZwy5g))0GB4z+8*0k&)EhVIP(YY z;Fr2DfM*tR>DzbOEa?2h_oXY4(r1>Y;b@aw!-F2#hgw5{EIb|}C!V%v^~F7uFAi<@ zcF0;o{&o_H%|-v$5;IIumZGmc@b9h*hLp9CwYYn`P5o(+@)#mD78Y|F1--#PF(tRh zcv(qlk@ub2(^Oh*ZBp(9b+kXrF^%$)!}m5ZWctzIQf$|j?$z4D3EMe$1A9XV$bKp? zVXi%LrNp6{y`&3!qs021TUhdKW2*g8VLII%T-?t61Du~Yh4Gq(q3_m&Ce6axSPsfe zPMBO+iJtK*1(s!gUV5~ApEEqKK2}5KXi>|VrLbHX#z+ayXuP~QHP_}m2z@}8N494< zlqJ1>>>@tJq@*DHjPZPU78SORf3Ox#bEq0wXf>hCTSX1vR=xFJI$lx=QVbB=_$05c z^$N;vl-Ge2FSP%bZGokMPT1QqXlNpAvxD@x{c8q zd{h084^xOygf=SXPp%wH6u;8=%1*KB{V7hZ zr+?EW!0SXBdYq?!Oa$|a>+i3uIQy#jt>{;HZaNJxwzs`+x}7l$JV7g0MM{07`@xd~ z_TWF&o64_x#d?Eqrw(T}sre^p zu}WZeI815iCwoZro-m@TqDdWxgX8k<3-oP07`A5NC)f*;Pj@PLgnDjfR zKBY%g6vh`jR90A7R3x0fyR2K1)v@B{*~(}ASy=Zy_s~&rS?(>5B+f0C*?KkfEshJ+#-_H^ z_IX9Tx;j_9{xw7~0E_6`>#}cGe$$WA2Jer^8k+JYYPQ~+&qJz{carU&-fgQD>V+(j zRcMgm(AF(fe#t+^L$6jQK<=-%^)Q3bEFcRWVx6BJh7^B4O+7s-o*w4k^12@M`=w)T zA>3)68OT*v-c%e4FB=ax>$8FZqD$swCC?u}!&JOx->87ueGDWt>Fn$4)L7C;str~Dm21x@YZ*^ka;8&X2^-+r~p(g0)6&mEmL zdcT?Wgt3Re9PzlPXPJS2`j18i@C$NauXKVl>#zKxtVqZ?2Yn$ll=&C1WZGWrcCmmI zjh1rFjP=?lI`6*4ZT8zF@OZYJ3@`ZKGTkj{7RZU9E9p(-q%A7{?ugx7OtC<@1>acq zk=$_8nymQ8ACG$3xfOopJbO2dwx;EAV-fyMP?$N;IBY-xi^XytInoB5jRJG*Vt*#oo|R%rfg@*}5i4onbt?^lV0 z&&6pjLs)gW9`2Slhdogtm;+bKdxzW+0__ErbPVK(q#UDAvu&9^_H3&_X!i(LE(pLp zy9?khSv-IGV?LM?Tk*+(s-{(GJIbJ=dvr-o-9jmBa>e9F48i<35M3w%uw8=a<27lP z_YaR2BZGm^B0ZV&h!QC3`Msq4h7H4%(-qCU2?Zk~qhGFGpgQMa46Jf3(+vVj*MPrt zS^90PU!7qNWJ#nGlB;Vo5tOhp9Xer8+i`jHX`K={hyW+U-P9qG*qKxP?!|*UuPqA( z9zmvx`pK01F~(%PENI_hk#IkNZ++th8UkcWBgKAXc)tmB8Bs8iWv_Q4knxPYDd<6$ zQs>%!5(n*KnZjNE8ORQ%=DnK%hDlS&C_U5B`*;Fnq0s2jcbgAv1w>!|f`drcgOj;x zzK-tpEXAw@RaHT4m7672Mvf;UC+s|$pyFpXF89$0H*?@ zLMjpB=iF?ryK~L+fJ+mTy&kS?a0x6wHbR}409;l*TL3NZ&%Y0*xU*BYub^p>m#ths z-x{27v$kr+gXKHIs|B>L#G1GOyfzBM-ndBYfNzbv*KIjYBVyG`y?Q0t66F-0Apmhj zIKL3xm!Lh*n*b-B$b9o{O3WAr`8$9gL+@QLr%^`$;M8KKie9N)?(_HqaQ5qv)=>Mo z2`>F+xLdMFAZu?uxzpvqBgu{X8u&I45$l5pcI#8P4OG_U^A1#o;mR0LHBy zlqr`E7rQjd8-XA&50D4T&q#YtuOlD@Kz3^}5=|oK$?*LEF+7wx+DM^jaftv48eE{i z*D;3&e9f-;=6zIDxi`f3%4KJm^9%40(H?{&Ef`RBsnHXUR46C^$D6$^*MtiMEq{3a zK+xAfH@eXI5M+0xn)p3u7`R}hhhWZhHZktQrRMR^7^35GoYu=*9S7VVuow+YjJh z9w;=v>w5$HLAaaH&ReN^FyS1K@kcKbOzxt2Jn1Wrln!98%>($(hN2~4z%LqO*9D(P z1cN5`T>u`HYYv4mmX=t}{mVesa!{+ue>;Ty6rLl^N5HoOl#j;uKex03-i%YdMBRFDOXr*U&TB-D&&NP^Tl zmIg_SKs?m^Gb^+iuJe3@sbvch#Hy>D@z^w0$f5{kY66h>6g+IGI>o0;Ti7wcR2SyB zxS`%?p>$_>ZxR^6G#~S@O;{yb95HZNr7aQypO}TOH_)9?YjV{SQ&VTufFPf#?pc;9l z(0-(uV0xZp%Pplh=C!RsSQzY$XAV$FgT*)u8v;1Q@gwe8*a!Vjs*6~IQ4KJmr+8b@ zAzXADyNJj`XSwvuGYmFWVFf|8nG$-X$N+skJk-ue%8V(s@^@3u(TuG~D0PmdBF_Ge zQclPE(jwKahyE-l<|f6^`VQExesMmb zs7w6r;&3(D5$mD}`ewNXy2SPBp~__2!5IAJ;=D^X+=0P;unQP}j3J z`4dl;AJHeeghIZa@Ba`vc`t0C17EzJs0k=_Hh}ZarRvf49zrV@<)sycXV4%Co(zzZ zlJ+bRhTCu~|D3Wcmha!CrFjwMiKg>~4TaK>3?rB-+8h_sN#V&_h+Wrwi!|$fzMOa4 z4Idyv`LIg9p^bZTfC42$To|TheFOw?WLZuf3S2G^ihZ)Z&E}&FeM;4sD|?)lEY4Mg zUo-wc#hqtVQ(y3|QBgrfAkviHq&G#1KmZB7Nk^)J2na!`5)4&@Pz33nAXPeuAWeF2 z5do=+)KCRNO=$PT_SfINu64iMb^X8sJR~Rk>^*zt-OtRRplFDh`x={Cw z6fB0XA33%9Zc;<%Iqc|*y6ER<{rwm+#nbxVhOQIN`G~ZK(Mz;Xvq%~Un%lv~cVjRI$NP586Uw@gGR+7?nCcGhGgf}Ta#??mqJThFv}y=HJH zlUkY?VP)0KoUP$Di+%mo4_<_OCagUrOwDh)`ID$3ZR)?ce2cvoRC&XGq@)Ds@|x3n zjjWWc3}G`f>J8aj+>h4txdXR+apRLxgwMz|zE~yc>{gcf4Z8Ozpx`CmokE_v7y$=j zXn_#to8iySl3wH$yOoq|Kt<6Q1_zz@{2=WwhHIp-S^{}?EY%fsb(fthWxVlF*T^&8 z%hn#UGUeUibE14Jb)PYdAsN7&w9P|!7}`HbM)Qv;5mb`-qtF(`Sys&u=$OeiMXB33d~_`tu}bB z)h)PvO1D>{<2r&wKF=ZD!TVeFVeUD(B~7;PVyH)T<%wF>p?ScfGqjSiO{a`#II|T8*sQ z+S<*%nj;20Gu%~y%16D(x&l4+EPoqME08M#w2m|H~#PYQ4LuM!3h7z=hr{u zo`X0UOUoH=(%Sz`t0+`U!!!pNRgu^HC-nd8Q8VJ_OJI%hzwtm3X5dEE1#8IvJzxGm zy~u(gp-PtaS3Mq}UVgs5V}9(79O=TbyF6kUC}`(v%4&P+pJwd)776$^ryCqRrlstE zIB4J0(_Xz|UeAkWyRfs+FLHeKgIVE`?vkZq2k_^uuf@LfamG`%-+X=f@A#-?{E?_bW0!$4B`+$>L?-pmQWlbuJ2x!i;i`^=6h2H6tp-+WOph zH{NpYFnctY$4`#74M*VYw8~jiNOoKC*km<7U^z{9Cp_-|vepp$cQ0TS#ZToeq2wu zRkH}nx?Z~rig83&jNHz~)LwL3XQdqPSPiy%BY;y2dr(igylm(?ijS8s0W0WN3XfXop9;Z%T3R>3Kkw>=TMsj=Mj5R>r zxEpkCBlk`;2D2f@=C>ndA7ofoyg_XS@4xAMxA`W)pb9?c)-|AS*#R9ffYlW~U}bzW zmrTYCAJQ{m55R$$mMBvXWYR?5>X||}E27(DD+bLRSf#mjQqt86Er&Yay)hWS`ANTm z&Q5xgYICT*)~j4-&TB;AQ|no+Pu@WL)Mfy~vC`7J{r<-)eSO~7%yr{o&hOdH$C5_7 zQmZW#PTL`=*$y)^Lwa`UnoZ23in~{x81ph}Ros>o9Wp$jJfjqz=tC_jXvlVqxvlY5 zh`O2dWRBVntZqjyASDv>RocCf2+{a&9= z`5VAU1A}LUty`LhzCohxjsaCf^#Pte8QWPIy$*$Sd&XX$30tCqI_yU*>KTcQQsI-|(KAHuS<%%7xHB=utpw>Spzg1a?@k%k;MFi)`^_(?+l#cC|QgfAT~Y6 zYawb$B77Sb$O@`E_ai8tKfyDgYrw3`Rr6k^xfG!jN{+nAc;&49RJcHDtI{~|$saG# zqNA>*`;i%uoyPZg`hXWEXCqZ(FN646${V&n<{K0XU(K#E0|c{NF!aI|;n$K^xA|^> zCI_imzTG`{cIg9k5p#@AxQ)O89_9)Iw zfVk!dqsL!2RE#g?P6CK`-XlP_5*=zhBk02Sk@~=y;cF@28pfd5UB$!KaRBTW(Pc|r zWO2^Ct4d#tn&`!P<^e!VsSID6Age$G&p9_(F9PHxiCo}CK4+gBJ9q(hsb1_2B~M$s z*y8!=%Sc+VC3pJ{ka0qaZy{0%*h1~PBK5AX?bd#qZP$f>U>(zdwg3v=YYNy`f-C3u zRy0#3#W#+C{@DpdjAN|1Qbm*a;2^~qcjgo>V~yG#ThJ7D)NqNGkjwPaUbZxRXYb2b zk5`_!7Hb(Oxor?*AMJ&WQ<@<33)HFM3tlwTt0XjnOhPIOWs~bs-cKI)QrAm3JzdRb zd|bc%$#~#KL%i!nnsGpAjW#R*7_r4oh$-0Gq--n3&d=Jz=_0kMOaJV%&DLFkVT$1^ z=mo#?{7N(JsV%!Co?f#Nie1P7U9w4_A$Qo8XykJI^0`TP++%1zhuGt=t;=ZVmhz7H z6sk}Ht$Mftbusqz=F%A68ht1wS{F?^CQeLBd^Bnj{=+@O@0d0sCmc+aCkno6s%-te zhsQvxc7LEr18Wd*7oOdWaS+2kL%o>AceN-1SR3|NKD5pbAFD?7Z}9@nBSWNWH26bt^k;}^4nKMxGX-=4eMk_1w&v;4XA^?@NmK7`2_21TDZdl zWrQ;kVq%bmZWWNfrhv8@4%M(&l9Mc6M}RiUQG@c@DVw6M-;=M-)qmP~2R;+;!RUS9 zCeFut4lCqX@OG{ydjLX(%|F`W7M;&|zy4Ng^W?s> z(^rTm5vLKLWW^TeJ`$F*O=pRHXWtHJoQLf7AEjuy%(%B8$dzRp&MpETgSwX7V`eSJ zS7*G5=(m#G$lPB?IaBH^H4q#T(VN(nSemag8LsmxwLPaHd4@;)Y`geH5K;g(xu)$M zL?!nDf7su2hSvV&5*+|IO#!v_Rl9QN{lP_|OTmnisGG|LgW3EkqAS$I_lEDiqh=Iu8CJ;kQ=5+fPJ-b3E{^`bNG{Sj_C$E_9QOMimAG3W?W zCB=1gvDmreM*CZbJxrBs0~pi6I)GjT=wRhuOaflXW~^I(F5pl9WJ1W3ihOAp=$m;z zoP3q}VRN{17y6k{+40W!qqs*DWGj0GPF`dRSb)nxOKT#nmmVKp1GfmI6DSk;5S5#- zvW-n&ksq16nTEvoZyDGn@w*lT9x!Loe*&}#xql4wQxquxw9Uo#koy#qWD*-dG>y&# zZ+do+k|9dpMwvI~HS42&Hs50BlX5mY#lLz0LhEYRK#aKJS-QtESlG+KtVe=qMGDaH z`NP@kJ-f`4#3nNUz6hUg-u(nnrUqsuN?K2ekVG|b4e@#a$lN89e%NpXC>*No>r*x1 zEjJXTz`F-bjk^yG+>5NQBv1YT0B$n)?zMMz5-uq)9a-uH*T=?AON)3V_!j%}yOFdk zL}}M*@wcAcjoT}b=w%ruE-SID%^&9L)c(PGvc^ViQ; zCxs%}>Dv)$vvKce$YU_mFYLNPB6JtUzD&eIXE}l|bFBfpw}yxo0jIgB7KJKoa<5HP z+q)}f=AtEwye#J^OEs7fCXYh?T{LyZnl{5D3v&6_(HzLfp?)S7yq2a>7WAy;Dq8+rg>SmJ zvp5gfugCZEBk4hta#|NuVOo{SFq0=E3)h_h4m*2>vnRTkJf(et^iUj-+f?6nmy}kpiZorNq05mV`JKZl$cjIkumns17@d)o~Dp)u^xSjub^I)n;aZOA&om z0(7kDn4%#2hT`-@bl_@71gol+jlkkQTks6Pl}8g^hkx&X)ox-;r+6aYgd;c-7*jQ5 z3g=Sx&02Zp8>8!^9Q|jpLz5@A6YL^eb~Px#s#?kF+nqCsA?a3J=a%WRof%tev?+!^ z3O&;DSF4*Ly~3qw$wPZzBKZ_pRO>FU<6(r@S$qmg5Q;8njUU(bffkU-rjo9n^j zo!Rc5S!(s=@dT62@Zt5#JMR%|&2WJwyR>|>Q@EtT2?1qAg0}j~pD{KN(h*Y7LnsVu zxzzgQww^BrKwgl&k{71uI!9=$3em3>QYXI&AqE}FHBs+CWQDA*X+pk|y>AhgjAS7S zS_)y&3MOE|@qD?D9_reMoFLbd(~STP+`u=8%IRouA4tq51jWeDUeHoklN}V6N&l<_ zX^SX%#e38onLe9d8O7q<0;Cd)hHU_%sC7;Sf|r$?yi-hhk4cCmoQRjEgOpqX5RC0D zo|9cWw!`br0TVd4cFkPlmjuvQIb)^scmB!K7T6Ny;`OBR+j;sl{7(VCxo3 zyAs4O;;woNrR&{Rm=6y+#7!)$$v9ZdB9RHE#&`hC`NSnfSzf64G0ftEnpA-EfwiEz zM1b`6*Bo#NW&iDhlZSv4Bs6N#EPS7(jE3VVD3+C+PqF?r?di(FW6n?69lCwYP<$gO zr2%lMH7>JF9TE+4Rfa@FtSh_dQDAOSJOWvodaFG$wJR*wrl7A-3-Z4dVZHGHye$w6 zn~JMHunM-wc(j$}9wuxCz05%@A;dfuo@qxRo&2;&yeNe;F-ypqfx9%+PdnIZ#NSGP-|L_^>h7 zW&}t85pcXmR{-y^pjQj$NRK!YWJtHUS1=SCbYXD2+nW8HdG1B1?UlT`>m52E#kw3N zoMaS=LcdL8u%PbLf;3W zDT8YRI#@}gNE&nbdjC6kafD4qyo;$#zEhoXyqhL{A2qTN-we&uAeXVgNPYSWdXwSw zd(3v;>-%k}Cw_JB?kY#KL^K4y)U9u+8lm3q{3RI}-Ujp+>gcrPpCVDiNwTl=kx6=~ zfzOGW)Op+0VE1v1P3Hz$JLK4cwUm`BErJ=_jiKdw4^y1X5O6id``rA>qWRUGY6%-8 zrGblHYVz`TW$bgK$=KJsNd$E;(H*QLv?9Ff>hdn>B>owIa4+>D(AGumIh&To$E`aK zeah9N^3g8^BhQ_CM0A3PkSz#uC22|MFgnQ-Cwn|gTN-HV21;FjwKK}Gco|M4B$UUm zt}_AjxzkA)n>mAIs|Q%8euix_SbS5v?rlQxzE&V-CcY=WO(~r|+om~yT1PP9r~plP zHDg5`>gf5BtR9o;)W>YWn64apM)lT3=sYSuBX#A*YIGg9R-3C&WqUlCa21$Lg-gej zxQ{3vK}95n;Ab0s{JDhSEL}9)rmJhOmS&wr3vHk>omKa?(q(k&V(p$4H`l&J+EE+P zjl4|Miz3UEWx(Ne|HObkk9-p$mIHR~xxTi*XhB2l`vTw}5qIEEUeeUG6>oIx%4*F< zG9`x2B#nJ=tQ*=!ct^%Bl;t^f1t%|FZ(`!5p&n=!FCMhIDeeb8MC0;@&ca#WMwIBK z3#c`N0TNyNQ!V^%<`Fftm6#T%g2Z0D%G}_T((Gf~%a+Qg*G1ypY`dfS!4)<|bB2Pvn2kCT2?yUnY8hPctnd>$VZln)X3SDLPdl?*Y zch=FFTUJ#xW=vb-V<{DmY5F;Wc{{5!uQM#k+~G01Pi|`R`>f+`$I28XL`Ez!V59v6mOAn`I8p0!=0-mIZ~sPqx#D=a6x^RQg?+U z2uasn|1=1T#S81%R@-M>PDIR+XaNlGO|12WD^K!()+gDP(3o%{*+FXZgc7v)eRH7q zStL`CQmE$p*ZCe8oe6D?7GwUe9SZ1V@bo3)xlRGBJP?N5Zw6Z|1aYLsLk4Ou7#B@V z=x>)^VhrM(jd0q}P8Oe>lS9XA&vk+(Lj%zr5$^gd?GK|Q!}N+dm$XtjmdJzR&VS&J zBc(6noA1|mGyxIl2^2q*3R)v2RM?L3TE7+lsjBmEnpL`QcSyte-I83NT2mbS1H&ZG z!$6{biHrrcXr9R@5M2;Sh?3G}u(LO2;3Kq81xoEnG2Y1kuJ!CKk$&&T3KP-hBcNXO z>9Ma@_&#OvqGm=qf9hRJ>HsjXebxT>r&9Al?Ic8>ytR2yE&T*gn0=Z8a#83;xDr=- zjS?huW8H&cR&zQahB`t}?U5BukeE4Gw{{d#z&fTlu#UKB;o-2+W^n671Ro*_!y%E) z3W5cs`Q2?&7bJ&{uzD!b^~Wxjva#TlFmm2bKu4OG{wLWSDla2a((NNN_S({kBwdiS z&Pxw_3QnHqX*shkx0=u2Z_fr1fQV;<$`U!1U1v4Nb!jH=HW|Kq!Nbk^5#)<+5Sg=> zs)oHk6-hbMl|kf>@K#fuxO%P#GAR^m!mIoAO48WJEnWF@+~&sF%}$L&W{@TpSmt?_)`ag$x@X3X)8ubEVy;9Z?-%v zfv8#pD*4m1FsN-^kV*%^L@x6J$!4eHW7Wi0wv%tB+P0M~ZY2v4id873g9r#HCzK(w zx`gK$>9`UQr7`P7ZWP$EIxYQLLbduaxztzU^L?jx_HOMR0-Yq|^sid2 zJcfi$C)=r%wuBD8+G}%B&X!m@5VDHiU_PluT92>-9Uv}Pc4ejJw;L|7-lF75cj7Hg zp!9&XUG{txYTLM#u<@Ah@t2UpS74T?B1T-UC-j~iaywLH&N8IlB08yyeQbS2GIc0t zLAkAH*&GdVeLEzcLBbx>i1ZiiM2Fj`r=|pHratR%z2(_Qixe-NpV%mnX<;Pfv@fx; zPrRCE&4PiwBz!W0}syEuSqVm5poJZrJX*F0Gt6 zAJWiW#V&L;J5rTmaO-j5>*UY}^|{iR<}yCmCnigDEz4IS{UQ>1TdGm#0b4RtQ!&b~1DL*`l)!q{9$Xdf%)d7!bAfD8+2e@WPf|_kttRLxRObQQ z@=8Tp!8Jl}P(CA%wg~@DBum=1<>|wj%{Y!B)aD4foiVbg`G0a8Y~%r#!k9eU^yk*m za6tAo;3cgwgn)re^W*jYkvN++ihB^sAXpm(_=9+53?vvLxc&bJ{RQE9TOQ45fbS_>Y3unFSEZwBt1?~jz1GZV!IsD=;%SBm zW69==v0DkRIs8?KDfhzjA7AZ{RN|tdkzt!@1u981D5rZuDEdyVmeQQ^JE1JP0CIAX zLtQ^ae3R>tv1f`5qP}$kb+7q}NsLI4;1<$32%*e4tx__V>xa03c!Q85id>iD%q(gl z3lau3lQ|(WqUh*TF&Mji>a!G9oUqqV}2YX#ow7;kBVv_2@mk%E1 zwqP4RgGQ9*GrrNHFXt;&o!c{Dj0t=RnU;(sJEoD=sv2SWf=STHq!UpykbgN_9e90s zK&YKA3a2Pe9z_(R)<0j%deI3AVpfV~P+nc0$nMz-ATX%isZ_wURCWv)l6@3=M^tUH zZ$dh&jF?Td$m8p83VpF0Ekv%ICof6{f?ebqW&|JLOhz!~)ufb>?5 zZPU53MP~KvwFz0yOfW@G1ujR~(FMSfkENE{FVyku9q4;ZMXi-Qv(UXh=^5(leBu;X zk&T592IiWXk_cIl4|15!Z9l!>EHBm86HZ=T;gSOC4SlUqgD5Ux$0VSLSCmY6K%aFK z-~-s9s_Caw!1l=>E2BA(1navM(9j?cOAq3KcTcVS+9L`lW#u7w7iAJ!en^i_Y z;+r*slJw0G5}0N~Em4*6*@Zhar<%@t>bsD+cA~S9Lj84Z znHBdsXvpSi&U#MKF@qWjm;++&l1m%1J=+Yg3>sl!6lA}3ZZg;mu-Vn20Bk-T-oXyq z?m&y}%8iGHQ2Q~`iE)UZEmB_k$S^aNj37lP*#+6D4xe0Y^x3fF5g`H>z*T5N&-cf< zg`necCIg|yD;+wXD~lPRVRAIN@7bb)%C3ivM73Kf%ZYW&wT{r2an6@c*^`A;we2N0 z-mbk&I)irZbhkNcwjNC~OndmXx{m49>AG++UVQSc5jMOVq zY>V6t7itQ0Yo)#S;%IjG85NBda*=cEJal-EL@+IX9J%NjaxqXX>V#jkjOxv1zn>)P3KzKMs`4USG*5(!e0EWNs>uU zbhAH7IC+r+`dIy=CoW>b1JE0R^f>Udx!xzw|2f(OM;?=XXQ5nHe7iJ}TjzdEyhAXV>@2mP zY?iLQsz}$cKDL$5?>xDRq(P`nsbp?ZMNAh)a))QME8FN!DsnCVOYOnD+t3cVKX87c z&u*w!Rv4@4&ooU{5RKTGK3JbnB>XI?N2}_fV_Pr2oi{p*#d>|wC_k9U{^XT~i@~f% zpwatP-g9E4_>bm=b(nI!&(m&Zb0gHy z;C9R%AlU<3!CnEAS_3lUPLzl+#sQv+3&}}7N`fQ?_x>Ag-?VcaJL6|Z0sc}7HUK~eYSG+Bpx z-v}U@(HSxkY=mdlQ7m&yKaw*Uq^=M&Fim%H&t}xY7|O?0xVw!=?M_6sNRQ5~K9m;F zNyVk@3{pdLGo1TIDuM=Tl#@?^wz;vK^HYkjyg0fR(QVZ^`_6nlMG*`$64U6|zgCOk zrWhKMemm!|}%o7}2d%VR=?L8D=&pniH6&0=w z?&v=32&kRNUZAeAFxwE@g$*k&) z_PGM%PfSi$o8@gkmMzYB=#?@FBNjVZvY9HeI{_>XETPer6E*;nVhjqkz?AbKyGF*@dneCB8cu#aIpu5xoS|ymO3ON# zmP7C)^3t-yFDLiORiCe+B|2)e!>r}5Pq8$@eI76P9_5#a}uTI2g^5*N|i@{)m1tBY)J4Qd|NUx)VQT~FcL{arLFO^SHS2G#bt;_oDYUsa6o zlU2r(*pQ$=!2Ic-B-ft=41nyg1C!l!qsH+U+VLkY_5J(T0sv{TJ!kiKQvdJ!#2rwYHzf)!(7WAG-g~uW5C_+kA>E ze*Y&H_M0&K{&{Oa03cMf_qp<)V=@>gQ;e&A_v8l#Q>2lm%YE964O)YXm-^Ap1)p>j zrVP+AuPohq-s2HE0BZtnK1I_f2|tX!eHv-jsMJ?a*1p)%9OcxMA=P((J;j^Sz5pAQ zG>%23E8@pxjPRg$WDK(Uy*5epWnbb;SN-2jdP(4uLV6N!*oF185`ic=?+H$}-)`Ro za?MgQ8o9xxTsyMR`R&eb=%~QhqT%?2!uFh{naCSUW3@aWOSgU{8s%t~ePEFqW*4Iq zV9G~37L~Fy8ab#i&_Ce@tAfu$=k_sL6Z6}%ny@!~3{e7;E7a}raatPOW5RPH?@`_0 zcUIO3ZVmD-a(+Q@Yah&?RXoB#&59RjC1UK% zU7e4I>`Qt*muQ}{V>`pk&ASCe^70Fp^thv5R8*-unz!2zo!!2(y~*bm6S?%7w>T;; zLX&%b(QppKI# ziq;uPMYb<&#=-uOfu z8c_$6v0>>|jNw6Gy$^DhQj_hGc`LenuX3nEvsYGTb@bf+ zo8HY41MZ#Y2M^~kuL|KEb+H05lt77$vDTu6VnfBbJmbQPbKLoZbq5{Uky5ZK(+xwb z*{H#b`_Xglvy?jh3P*WEJY(pihcR<*V+O`_`R{>;$%Wd@Z7yA!Yj1^jMRUh+X^yK@ zv|bz41z13=SAXoa$hO!=od%yLG_dy0`{{*UqmjC1w#Zr*MNBltEjsSeoUw7&h(VVp zk7h+{VOLU_p6Td(`wCC)G2QS|$V$k#O5Lo^(ftf~xn574=NAQs3^>Ngn4TIMQ|vLu zEj^j1<{9lh`r4%3K7^}SE+K3*&hwizsyTq|xO`{x+9&Cw<3H}2sT}hvytc%dTVLhLj-2gH7QYTa4V+tRlhTKR3HuS!kMJuxO#(=dHqTa< z?sjSKf7;{9A?S(QYUuWMUk)21iI=G%{~%0zEN=Tw=WD=k1MuL|2hX#&(vC$ptbk$? zA7Y5fLSH>Coev!#_vw9gpZ3QR&Lbql{!x1+jg|Z**+>L#w(h$@c#1a&sarpcq|1qu zM`vr!CqqaZ|29Kus+Sh}vlP*df7K@V%aV%XiNz#y0*1POm=>AuZi5}t97y*5%WVBN zWNAs4fSc(RARzr^FaCR7njQX%a#XS6{{}Sv6481Ai@q{X?GyMnLi_W-@kXZ{f5jMj zIOAXBurP+dVs&%5|6c>*;ta&uHQ3W%r~YM(U7+|YcCgzE|NWG| z2BcaX4?iEATwnkF#Q$??HNIe->HdL-%l~}7zxS2T$#|~O>xBE>zpgOF`?*D)UQ##z zvBUW~XaL*1Xgz@>{9jiT;S+9$!SxJ(R)qe4H9dSPXuRa)kWVlKZ@ z4`~!B07#RCP}RdvZ&2MBPu$Jo8KW7lPlXSRdy9;`*roYO3w7)D8S0cdfX(WRGMW^N$hKfw1 zVa;oZM?(kt-3C%XGI_97>&yhI7ETGIXve^#6phHvw7MlaC-1UPKGOJXBvK9^;*LTA z0gM4maZG=S5ysYMZI-(B?i0;m>{$09)i@6W8ZfBNtFNQRADSCuc^S~y6;X7x0X;My zs|%}x20=?1+Iv^coyQX5)XmJG(rcEgyUs}1=ZDy;7eJ(<-xcLq2*nq-v%@ADB)}gU zzb%e6f18Ayna4R4nSKex=0*)aT0S&7EY$n-(W@`KSj811xoS5)0WKe`OPu_KiP|ro zFRQ}J*GxNp(a$5z(|Fz2FeE^@7g7~`u|Fvp=PeS}RY3K3w z^|WSQ;J+r|-IG9y(`~lee1BZ+llo| m52gRZF#IqW{}+RC#AtE5L-gsiau5OVPg!0AQgrLC-~R$M6yO#B literal 0 HcmV?d00001 diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf new file mode 100644 index 00000000..e4409424 --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/variables.tf @@ -0,0 +1,130 @@ +/** + * Copyright 2022 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +variable "autoscaling" { + description = "Autoscaling configuration for the instance group." + type = object({ + min_replicas = number + max_replicas = number + cooldown_period = number + }) + default = { + min_replicas = 1 + max_replicas = 10 + cooldown_period = 30 + } +} + +variable "autoscaling_metric" { + type = object({ + name = string + single_instance_assignment = number + target = number + type = string # GAUGE, DELTA_PER_SECOND, DELTA_PER_MINUTE + filter = string + }) + + default = { + name = "workload.googleapis.com/nginx.connections_current" + single_instance_assignment = null + target = 10 # Target 10 connections per instance, just for demonstration purposes + type = "GAUGE" + filter = null + } +} + +variable "backends" { + description = "Nginx locations configurations to proxy traffic to." + type = string + default = <<-EOT + location / { + proxy_pass http://10.0.16.58:80; + proxy_http_version 1.1; + proxy_set_header Connection ""; + } + EOT +} + +variable "cidrs" { + description = "Subnet IP CIDR ranges." + type = map(string) + default = { + gce = "10.0.16.0/24" + } +} + +variable "network" { + description = "Network name." + type = string + default = "reverse-proxy-vpc" +} + +variable "network_create" { + description = "Create network or use existing one." + type = bool + default = true +} + +variable "nginx_image" { + description = "Nginx container image to use." + type = string + default = "gcr.io/cloud-marketplace/google/nginx1:latest" +} + +variable "ops_agent_image" { + description = "Google Cloud Ops Agent container image to use." + type = string + default = "gcr.io/sfans-hub-project-d647/ops-agent:latest" +} + +variable "prefix" { + description = "Prefix used for resources that need unique names." + type = string + default = "" +} + +variable "project_create" { + description = "Parameters for the creation of the new project" + type = object({ + billing_account_id = string + parent = string + }) + default = null +} + +variable "project_name" { + description = "Name of an existing project or of the new project" + type = string +} + +variable "region" { + description = "Default region for resources." + type = string + default = "europe-west4" +} + +variable "subnetwork" { + description = "Subnetwork name." + type = string + default = "gce" +} + +variable "tls" { + description = "Also offer reverse proxying with TLS (self-signed certificate)." + type = bool + default = false +} + diff --git a/blueprints/networking/nginx-reverse-proxy-cluster/versions.tf b/blueprints/networking/nginx-reverse-proxy-cluster/versions.tf new file mode 100644 index 00000000..8abac788 --- /dev/null +++ b/blueprints/networking/nginx-reverse-proxy-cluster/versions.tf @@ -0,0 +1,29 @@ +# Copyright 2022 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# https://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +terraform { + required_version = ">= 1.3.0" + required_providers { + google = { + source = "hashicorp/google" + version = ">= 4.32.0" # tftest + } + google-beta = { + source = "hashicorp/google-beta" + version = ">= 4.32.0" # tftest + } + } +} + + diff --git a/modules/cloud-config-container/cos-generic-metadata/README.md b/modules/cloud-config-container/cos-generic-metadata/README.md index 9cbaad20..69e16235 100644 --- a/modules/cloud-config-container/cos-generic-metadata/README.md +++ b/modules/cloud-config-container/cos-generic-metadata/README.md @@ -64,7 +64,7 @@ module "cos-envoy" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [container_image](variables.tf#L42) | Container image. | string | ✓ | | -| [authenticate_gcr](variables.tf#L118) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | +| [authenticate_gcr](variables.tf#L124) | Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined. | bool | | false | | [boot_commands](variables.tf#L17) | List of cloud-init `bootcmd`s. | list(string) | | [] | | [cloud_config](variables.tf#L23) | Cloud config template path. If provided, takes precedence over all other arguments. | string | | null | | [config_variables](variables.tf#L29) | Additional variables used to render the template passed via `cloud_config`. | map(any) | | {} | @@ -76,6 +76,7 @@ module "cos-envoy" { | [file_defaults](variables.tf#L74) | Default owner and permissions for files. | object({…}) | | {…} | | [files](variables.tf#L86) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | | [gcp_logging](variables.tf#L96) | Should container logs be sent to Google Cloud Logging. | bool | | true | +| [run_as_first_user](variables.tf#L118) | Run as the first user if users are specified. | bool | | true | | [run_commands](variables.tf#L102) | List of cloud-init `runcmd`s. | list(string) | | [] | | [users](variables.tf#L108) | List of usernames to be created. If provided, first user will be used to run the container. | list(object({…})) | | […] | diff --git a/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml b/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml index cb3f76ff..9f15f84f 100644 --- a/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml +++ b/modules/cloud-config-container/cos-generic-metadata/cloud-config.yaml @@ -49,7 +49,7 @@ write_files: ExecStartPre=/usr/bin/docker-credential-gcr configure-docker %{~ endif ~} ExecStart=/usr/bin/docker run --rm --name=${container_name} \ - %{~ if length(users) > 0 ~} + %{~ if length(users) > 0 && run_as_first_user ~} --user=${users[0].uid} \ %{~ endif ~} %{~ if docker_logging ~} diff --git a/modules/cloud-config-container/cos-generic-metadata/main.tf b/modules/cloud-config-container/cos-generic-metadata/main.tf index 835183f3..ff02f325 100644 --- a/modules/cloud-config-container/cos-generic-metadata/main.tf +++ b/modules/cloud-config-container/cos-generic-metadata/main.tf @@ -28,6 +28,7 @@ locals { run_commands = var.run_commands users = var.users authenticate_gcr = var.authenticate_gcr + run_as_first_user = var.run_as_first_user })) files = { for path, attrs in var.files : path => { diff --git a/modules/cloud-config-container/cos-generic-metadata/variables.tf b/modules/cloud-config-container/cos-generic-metadata/variables.tf index b84842f5..934c0520 100644 --- a/modules/cloud-config-container/cos-generic-metadata/variables.tf +++ b/modules/cloud-config-container/cos-generic-metadata/variables.tf @@ -115,6 +115,12 @@ variable "users" { ] } +variable "run_as_first_user" { + description = "Run as the first user if users are specified." + type = bool + default = true +} + variable "authenticate_gcr" { description = "Setup docker to pull images from private GCR. Requires at least one user since the token is stored in the home of the first user defined." type = bool diff --git a/modules/cloud-config-container/nginx-tls/README.md b/modules/cloud-config-container/nginx-tls/README.md index 44807d5d..45cf1196 100644 --- a/modules/cloud-config-container/nginx-tls/README.md +++ b/modules/cloud-config-container/nginx-tls/README.md @@ -50,7 +50,11 @@ module "vm-nginx-tls" { | name | description | type | required | default | |---|---|:---:|:---:|:---:| | [docker_logging](variables.tf#L23) | Log via the Docker gcplogs driver. Disable if you use the legacy Logging Agent instead. | bool | | true | +| [files](variables.tf#L41) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | null | | [nginx_image](variables.tf#L17) | Nginx container image to use. | string | | "nginx:1.23.1" | +| [runcmd_post](variables.tf#L35) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L29) | Extra commands to run before starting nginx. | list(string) | | [] | +| [users](variables.tf#L51) | Additional list of usernames to be created. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/nginx-tls/files/customize.sh b/modules/cloud-config-container/nginx-tls/files/customize.sh index 0d773771..afbf56db 100644 --- a/modules/cloud-config-container/nginx-tls/files/customize.sh +++ b/modules/cloud-config-container/nginx-tls/files/customize.sh @@ -16,4 +16,5 @@ FQDN=$(curl -s -H "Metadata-Flavor: Google" http://metadata/computeMetadata/v1/instance/hostname) HOSTNAME=$(echo $FQDN | cut -d"." -f1) openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj /CN=$HOSTNAME/ -addext "subjectAltName = DNS:$FQDN" -keyout /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt +chgrp nginx /etc/ssl/self-signed.key -out /etc/ssl/self-signed.crt sed -i "s/HOSTNAME/${HOSTNAME}/" /etc/nginx/conf.d/default.conf \ No newline at end of file diff --git a/modules/cloud-config-container/nginx-tls/main.tf b/modules/cloud-config-container/nginx-tls/main.tf index ae668cc7..6a4e4ea6 100644 --- a/modules/cloud-config-container/nginx-tls/main.tf +++ b/modules/cloud-config-container/nginx-tls/main.tf @@ -14,9 +14,34 @@ * limitations under the License. */ +locals { + default_files = { + "/var/run/nginx/customize.sh" = { + content = file("${path.module}/files/customize.sh") + owner = "root" + permissions = "0744" + } + "/etc/nginx/conf.d/default.conf" = { + content = file("${path.module}/files/default.conf") + owner = "root" + permissions = "0644" + } + } + files = var.files != null ? merge(local.default_files, var.files) : local.default_files +} + module "cos-envoy-td" { source = "../cos-generic-metadata" + authenticate_gcr = true + users = concat([ + { + username = "nginx" + uid = 2000 + } + ], var.users) + run_as_first_user = false + boot_commands = [ "systemctl start node-problem-detector", ] @@ -32,27 +57,16 @@ module "cos-envoy-td" { docker_args = "--network host --pid host" - files = { - "/var/run/nginx/customize.sh" = { - content = file("${path.module}/files/customize.sh") - owner = "root" - permissions = "0744" - } - "/etc/nginx/conf.d/default.conf" = { - content = file("${path.module}/files/default.conf") - owner = "root" - permissions = "0644" - } - } + files = local.files gcp_logging = var.docker_logging - run_commands = [ + run_commands = concat(var.runcmd_pre, [ "iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT", "iptables -I INPUT 1 -p tcp -m tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT", "/var/run/nginx/customize.sh", "systemctl daemon-reload", "systemctl start nginx", - ] + ], var.runcmd_post) } diff --git a/modules/cloud-config-container/nginx-tls/variables.tf b/modules/cloud-config-container/nginx-tls/variables.tf index 246e6d07..dc2295f8 100644 --- a/modules/cloud-config-container/nginx-tls/variables.tf +++ b/modules/cloud-config-container/nginx-tls/variables.tf @@ -25,3 +25,37 @@ variable "docker_logging" { type = bool default = true } + +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] +} + +variable "runcmd_post" { + description = "Extra commands to run after starting nginx." + type = list(string) + default = [] +} + +variable "files" { + description = "Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null." + type = map(object({ + content = string + owner = string + permissions = string + })) + default = null +} + +variable "users" { + description = "Additional list of usernames to be created." + type = list(object({ + username = string, + uid = number, + })) + default = [ + ] +} + + diff --git a/modules/cloud-config-container/nginx/README.md b/modules/cloud-config-container/nginx/README.md index 6ae4f63c..104255c4 100644 --- a/modules/cloud-config-container/nginx/README.md +++ b/modules/cloud-config-container/nginx/README.md @@ -64,8 +64,11 @@ module "cos-nginx" { | [files](variables.tf#L59) | Map of extra files to create on the instance, path as key. Owner and permissions will use defaults if null. | map(object({…})) | | {} | | [image](variables.tf#L35) | Nginx container image. | string | | "nginxdemos/hello:plain-text" | | [nginx_config](variables.tf#L41) | Nginx configuration path, if null container default will be used. | string | | null | +| [runcmd_post](variables.tf#L75) | Extra commands to run after starting nginx. | list(string) | | [] | +| [runcmd_pre](variables.tf#L69) | Extra commands to run before starting nginx. | list(string) | | [] | | [test_instance](variables-instance.tf#L17) | Test/development instance attributes, leave null to skip creation. | object({…}) | | null | | [test_instance_defaults](variables-instance.tf#L30) | Test/development instance defaults used for optional configuration. If image is null, COS stable will be used. | object({…}) | | {…} | +| [users](variables.tf#L81) | List of additional usernames to be created. | list(object({…})) | | […] | ## Outputs diff --git a/modules/cloud-config-container/nginx/cloud-config.yaml b/modules/cloud-config-container/nginx/cloud-config.yaml index f7be84df..af3116a3 100644 --- a/modules/cloud-config-container/nginx/cloud-config.yaml +++ b/modules/cloud-config-container/nginx/cloud-config.yaml @@ -20,6 +20,10 @@ users: - name: nginx uid: 2000 + %{ for user in users } + - name: ${user.username} + uid: ${user.uid} + %{ endfor } write_files: - path: /var/lib/docker/daemon.json @@ -52,6 +56,8 @@ write_files: After=gcr-online.target docker.socket Wants=gcr-online.target docker.socket docker-events-collector.service [Service] + Environment="HOME=/home/nginx" + ExecStartPre=/usr/bin/docker-credential-gcr configure-docker ExecStart=/usr/bin/docker run --rm --name=nginx \ %{~ if docker_logging ~} --log-driver=gcplogs \ @@ -68,13 +74,19 @@ write_files: owner: ${lookup(data, "owner", "root")} permissions: ${lookup(data, "permissions", "0644")} content: | - ${indent(4, data.content)} + ${indent(6, data.content)} %{ endfor } bootcmd: - systemctl start node-problem-detector runcmd: +%{ for cmd in runcmd_pre ~} + - ${cmd} +%{ endfor ~} - iptables -I INPUT 1 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT - systemctl daemon-reload - systemctl start nginx +%{ for cmd in runcmd_post ~} + - ${cmd} +%{ endfor ~} diff --git a/modules/cloud-config-container/nginx/main.tf b/modules/cloud-config-container/nginx/main.tf index 688545d7..608e7fa2 100644 --- a/modules/cloud-config-container/nginx/main.tf +++ b/modules/cloud-config-container/nginx/main.tf @@ -21,13 +21,16 @@ locals { var.nginx_config != null || length([ for name in keys(var.files) : name if substr(name, 0, 18) == "/etc/nginx/conf.d/" - ]) > 1 + ]) > 0 ) files = local.files + users = var.users image = var.image nginx_config = (var.nginx_config == null ? null : templatefile( var.nginx_config, var.config_variables )) + runcmd_pre = var.runcmd_pre + runcmd_post = var.runcmd_post })) files = { for path, attrs in var.files : path => { diff --git a/modules/cloud-config-container/nginx/variables.tf b/modules/cloud-config-container/nginx/variables.tf index c0ad3f6e..ab77d774 100644 --- a/modules/cloud-config-container/nginx/variables.tf +++ b/modules/cloud-config-container/nginx/variables.tf @@ -65,3 +65,25 @@ variable "files" { })) default = {} } + +variable "runcmd_pre" { + description = "Extra commands to run before starting nginx." + type = list(string) + default = [] +} + +variable "runcmd_post" { + description = "Extra commands to run after starting nginx." + type = list(string) + default = [] +} + +variable "users" { + description = "List of additional usernames to be created." + type = list(object({ + username = string, + uid = number, + })) + default = [ + ] +}